diff options
author | Daniel Wagner <daniel.wagner@bmw-carit.de> | 2013-02-12 10:19:44 +0100 |
---|---|---|
committer | Patrik Flykt <patrik.flykt@linux.intel.com> | 2013-02-12 12:33:54 +0200 |
commit | f06ac83e93f9012bc94d7b70a3dd04d8fbd2a3a9 (patch) | |
tree | dcd26f9a2839f90b40aa853c1260a24eefdd60be /src/iptables.c | |
parent | 142d8fef7d5531653aa8767e7ce32b683b9e128b (diff) | |
download | connman-f06ac83e93f9012bc94d7b70a3dd04d8fbd2a3a9.tar.gz connman-f06ac83e93f9012bc94d7b70a3dd04d8fbd2a3a9.tar.bz2 connman-f06ac83e93f9012bc94d7b70a3dd04d8fbd2a3a9.zip |
iptables: Flush 'filter' 'mangle' and 'nat' table
The implementation is ugly but there is not much we can do about it, the
iptables API is being just plain stupid here.
Diffstat (limited to 'src/iptables.c')
-rw-r--r-- | src/iptables.c | 61 |
1 files changed, 60 insertions, 1 deletions
diff --git a/src/iptables.c b/src/iptables.c index 3e3c6832..d435519f 100644 --- a/src/iptables.c +++ b/src/iptables.c @@ -2123,6 +2123,64 @@ static void remove_table(gpointer user_data) table_cleanup(table); } +static int flush_table_cb(struct ipt_entry *entry, int builtin, + unsigned int hook, size_t size, + unsigned int offset, void *user_data) +{ + GSList **chains = user_data; + struct xt_entry_target *target; + char *name; + + if (offset + entry->next_offset == size) + return 0; + + target = ipt_get_target(entry); + + if (!strcmp(target->u.user.name, IPT_ERROR_TARGET)) + name = g_strdup((const char*)target->data); + else if (builtin >= 0) + name = g_strdup(hooknames[builtin]); + else + return 0; + + *chains = g_slist_prepend(*chains, name); + + return 0; +} + +static void flush_table(const char *name) +{ + GSList *chains = NULL, *list; + struct connman_iptables *table; + + table = pre_load_table(name, NULL); + if (table == NULL) + return; + + iterate_entries(table->blob_entries->entrytable, + table->info->valid_hooks, + table->info->hook_entry, + table->blob_entries->size, + flush_table_cb, &chains); + + for (list = chains; list != NULL; list = list->next) { + char *chain = list->data; + + DBG("chain %s", chain); + iptables_flush_chain(table, chain); + } + + __connman_iptables_commit(name); + g_slist_free_full(chains, g_free); +} + +static void flush_all_chains(void) +{ + flush_table("filter"); + flush_table("mangle"); + flush_table("nat"); +} + int __connman_iptables_init(void) { DBG(""); @@ -2135,8 +2193,9 @@ int __connman_iptables_init(void) xtables_init_all(&iptables_globals, NFPROTO_IPV4); - return 0; + flush_all_chains(); + return 0; } void __connman_iptables_cleanup(void) |