diff options
| author | Daniel Wagner <daniel.wagner@bmw-carit.de> | 2013-03-06 16:08:52 +0100 |
|---|---|---|
| committer | Patrik Flykt <patrik.flykt@linux.intel.com> | 2013-03-07 10:07:10 +0200 |
| commit | cc660f84f8cceca1586daf84f99b2ad39f87523d (patch) | |
| tree | 457eeeeb4a90f70a50dbb263031e580824b632bf /src/iptables.c | |
| parent | a235ce6ae6276cf69932b4f5f9994617f08baa1f (diff) | |
| download | connman-cc660f84f8cceca1586daf84f99b2ad39f87523d.tar.gz connman-cc660f84f8cceca1586daf84f99b2ad39f87523d.tar.bz2 connman-cc660f84f8cceca1586daf84f99b2ad39f87523d.zip | |
iptables: Always update options table
The linked list is tracking all loading modules. Since we do not
unload once they are loaded (xtables does not support this), we
might up leaving prepare_matches() before we update the
option table. Since we carefully reset the global xtable state
after executing one rule, this check is wrong, e.g. if we add
to similar rules (same matches (mark, nfacct)). In this case
the second rule would not be parsed correctly. Nasty nasty iptables parser!
Diffstat (limited to 'src/iptables.c')
| -rw-r--r-- | src/iptables.c | 4 |
1 files changed, 0 insertions, 4 deletions
diff --git a/src/iptables.c b/src/iptables.c index 3ae84178..6dd944ef 100644 --- a/src/iptables.c +++ b/src/iptables.c @@ -1600,9 +1600,6 @@ static struct xtables_match *prepare_matches(struct connman_iptables *table, if (xt_m->init != NULL) xt_m->init(xt_m->m); - if (xt_m == xt_m->next) - goto done; - #if XTABLES_VERSION_CODE > 5 if (xt_m->x6_options != NULL) iptables_globals.opts = @@ -1627,7 +1624,6 @@ static struct xtables_match *prepare_matches(struct connman_iptables *table, xt_m = NULL; } -done: return xt_m; } |