summaryrefslogtreecommitdiff
path: root/src/iptables.c
diff options
context:
space:
mode:
authorDaniel Wagner <daniel.wagner@bmw-carit.de>2013-02-12 10:19:44 +0100
committerPatrik Flykt <patrik.flykt@linux.intel.com>2013-02-12 12:33:54 +0200
commitf06ac83e93f9012bc94d7b70a3dd04d8fbd2a3a9 (patch)
treedcd26f9a2839f90b40aa853c1260a24eefdd60be /src/iptables.c
parent142d8fef7d5531653aa8767e7ce32b683b9e128b (diff)
downloadconnman-f06ac83e93f9012bc94d7b70a3dd04d8fbd2a3a9.tar.gz
connman-f06ac83e93f9012bc94d7b70a3dd04d8fbd2a3a9.tar.bz2
connman-f06ac83e93f9012bc94d7b70a3dd04d8fbd2a3a9.zip
iptables: Flush 'filter' 'mangle' and 'nat' table
The implementation is ugly but there is not much we can do about it, the iptables API is being just plain stupid here.
Diffstat (limited to 'src/iptables.c')
-rw-r--r--src/iptables.c61
1 files changed, 60 insertions, 1 deletions
diff --git a/src/iptables.c b/src/iptables.c
index 3e3c6832..d435519f 100644
--- a/src/iptables.c
+++ b/src/iptables.c
@@ -2123,6 +2123,64 @@ static void remove_table(gpointer user_data)
table_cleanup(table);
}
+static int flush_table_cb(struct ipt_entry *entry, int builtin,
+ unsigned int hook, size_t size,
+ unsigned int offset, void *user_data)
+{
+ GSList **chains = user_data;
+ struct xt_entry_target *target;
+ char *name;
+
+ if (offset + entry->next_offset == size)
+ return 0;
+
+ target = ipt_get_target(entry);
+
+ if (!strcmp(target->u.user.name, IPT_ERROR_TARGET))
+ name = g_strdup((const char*)target->data);
+ else if (builtin >= 0)
+ name = g_strdup(hooknames[builtin]);
+ else
+ return 0;
+
+ *chains = g_slist_prepend(*chains, name);
+
+ return 0;
+}
+
+static void flush_table(const char *name)
+{
+ GSList *chains = NULL, *list;
+ struct connman_iptables *table;
+
+ table = pre_load_table(name, NULL);
+ if (table == NULL)
+ return;
+
+ iterate_entries(table->blob_entries->entrytable,
+ table->info->valid_hooks,
+ table->info->hook_entry,
+ table->blob_entries->size,
+ flush_table_cb, &chains);
+
+ for (list = chains; list != NULL; list = list->next) {
+ char *chain = list->data;
+
+ DBG("chain %s", chain);
+ iptables_flush_chain(table, chain);
+ }
+
+ __connman_iptables_commit(name);
+ g_slist_free_full(chains, g_free);
+}
+
+static void flush_all_chains(void)
+{
+ flush_table("filter");
+ flush_table("mangle");
+ flush_table("nat");
+}
+
int __connman_iptables_init(void)
{
DBG("");
@@ -2135,8 +2193,9 @@ int __connman_iptables_init(void)
xtables_init_all(&iptables_globals, NFPROTO_IPV4);
- return 0;
+ flush_all_chains();
+ return 0;
}
void __connman_iptables_cleanup(void)
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-05 18:39:48 +0000