diff options
author | Daniel Wagner <daniel.wagner@bmw-carit.de> | 2013-03-19 13:46:26 +0100 |
---|---|---|
committer | Patrik Flykt <patrik.flykt@linux.intel.com> | 2013-03-25 13:17:57 +0200 |
commit | 9c4ddd222b39cb688301ef94f25eae1a1db574d1 (patch) | |
tree | 3a2cf1fa3bc58ad66995f1a478ab5b9f01ac6060 /src/iptables.c | |
parent | 1cebb9d0088ad62c84743188f20b0e6a856dc9c3 (diff) | |
download | connman-9c4ddd222b39cb688301ef94f25eae1a1db574d1.tar.gz connman-9c4ddd222b39cb688301ef94f25eae1a1db574d1.tar.bz2 connman-9c4ddd222b39cb688301ef94f25eae1a1db574d1.zip |
iptables: Add __connman_iptables_insert()
This was wrongly removed with commit 161efbae
Diffstat (limited to 'src/iptables.c')
-rw-r--r-- | src/iptables.c | 74 |
1 files changed, 74 insertions, 0 deletions
diff --git a/src/iptables.c b/src/iptables.c index 0273ac76..51831546 100644 --- a/src/iptables.c +++ b/src/iptables.c @@ -833,6 +833,37 @@ static int iptables_append_rule(struct connman_iptables *table, return ret; } +static int iptables_insert_rule(struct connman_iptables *table, + struct ipt_ip *ip, const char *chain_name, + const char *target_name, + struct xtables_target *xt_t, + struct xtables_rule_match *xt_rm) +{ + struct ipt_entry *new_entry; + int builtin = -1, ret; + GList *chain_head; + + DBG("table %s chain %s", table->name, chain_name); + + chain_head = find_chain_head(table, chain_name); + if (chain_head == NULL) + return -EINVAL; + + new_entry = prepare_rule_inclusion(table, ip, chain_name, + target_name, xt_t, &builtin, xt_rm, TRUE); + if (new_entry == NULL) + return -EINVAL; + + if (builtin == -1) + chain_head = chain_head->next; + + ret = iptables_add_entry(table, new_entry, chain_head, builtin); + if (ret < 0) + g_free(new_entry); + + return ret; +} + static gboolean is_same_ipt_entry(struct ipt_entry *i_e1, struct ipt_entry *i_e2) { @@ -2151,6 +2182,49 @@ out: return err; } +int __connman_iptables_insert(const char *table_name, + const char *chain, + const char *rule_spec) +{ + struct connman_iptables *table; + struct parse_context *ctx; + const char *target_name; + int err; + + ctx = g_try_new0(struct parse_context, 1); + if (ctx == NULL) + return -ENOMEM; + + DBG("-t %s -I %s %s", table_name, chain, rule_spec); + + err = prepare_getopt_args(rule_spec, ctx); + if (err < 0) + goto out; + + table = get_table(table_name); + if (table == NULL) { + err = -EINVAL; + goto out; + } + + err = parse_rule_spec(table, ctx); + if (err < 0) + goto out; + + if (ctx->xt_t == NULL) + target_name = NULL; + else + target_name = ctx->xt_t->name; + + err = iptables_insert_rule(table, ctx->ip, chain, + target_name, ctx->xt_t, ctx->xt_rm); +out: + cleanup_parse_context(ctx); + reset_xtables(); + + return err; +} + int __connman_iptables_delete(const char *table_name, const char *chain, const char *rule_spec) |