summaryrefslogtreecommitdiff
path: root/tools
diff options
context:
space:
mode:
authorTomasz Bursztyka <tomasz.bursztyka@linux.intel.com>2011-10-27 07:24:59 (GMT)
committerSamuel Ortiz <sameo@linux.intel.com>2011-10-28 19:26:13 (GMT)
commit45dc769c96c758d63401aeb8cb42cba87179020b (patch)
treee1d67641727671508a267f16787d5db48633040d /tools
parentd23175a9aff9a34813e604302dd42e842a0ff87d (diff)
downloadconnman-45dc769c96c758d63401aeb8cb42cba87179020b.zip
connman-45dc769c96c758d63401aeb8cb42cba87179020b.tar.gz
connman-45dc769c96c758d63401aeb8cb42cba87179020b.tar.bz2
tools: Add iptables_test builtin chain policy changes
Diffstat (limited to 'tools')
-rw-r--r--tools/iptables-test.c53
1 files changed, 50 insertions, 3 deletions
diff --git a/tools/iptables-test.c b/tools/iptables-test.c
index 7057723..fe90e0e 100644
--- a/tools/iptables-test.c
+++ b/tools/iptables-test.c
@@ -868,6 +868,35 @@ static int connman_iptables_delete_rule(struct connman_iptables *table,
return 0;
}
+static int connman_iptables_change_policy(struct connman_iptables *table,
+ char *chain_name, char *policy)
+{
+ GList *chain_head;
+ struct connman_iptables_entry *entry;
+ struct xt_entry_target *target;
+ struct xt_standard_target *t;
+ int verdict;
+
+ verdict = target_to_verdict(policy);
+ if (verdict == 0)
+ return -EINVAL;
+
+ chain_head = find_chain_head(table, chain_name);
+ if (chain_head == NULL)
+ return -EINVAL;
+
+ entry = chain_head->data;
+ if (entry->builtin < 0)
+ return -EINVAL;
+
+ target = ipt_get_target(entry->entry);
+
+ t = (struct xt_standard_target *)target;
+ t->verdict = verdict;
+
+ return 0;
+}
+
static struct ipt_replace *connman_iptables_blob(struct connman_iptables *table)
{
struct ipt_replace *r;
@@ -1214,6 +1243,7 @@ static struct option connman_iptables_opts[] = {
{.name = "insert", .has_arg = 1, .val = 'I'},
{.name = "list", .has_arg = 2, .val = 'L'},
{.name = "new-chain", .has_arg = 1, .val = 'N'},
+ {.name = "policy", .has_arg = 1, .val = 'P'},
{.name = "delete-chain", .has_arg = 1, .val = 'X'},
{.name = "destination", .has_arg = 1, .val = 'd'},
{.name = "in-interface", .has_arg = 1, .val = 'i'},
@@ -1382,7 +1412,7 @@ int main(int argc, char *argv[])
struct xtables_target *xt_t;
struct ipt_ip ip;
char *table_name, *chain, *new_chain, *match_name, *target_name;
- char *delete_chain, *flush_chain;
+ char *delete_chain, *flush_chain, *policy;
int c, in_len, out_len;
gboolean dump, invert, delete, insert, delete_rule;
struct in_addr src, dst;
@@ -1395,7 +1425,7 @@ int main(int argc, char *argv[])
insert = FALSE;
delete_rule = FALSE;
table_name = chain = new_chain = match_name = target_name = NULL;
- delete_chain = flush_chain = NULL;
+ delete_chain = flush_chain = policy = NULL;
memset(&ip, 0, sizeof(struct ipt_ip));
table = NULL;
xt_rm = NULL;
@@ -1405,7 +1435,7 @@ int main(int argc, char *argv[])
/* extension's options will generate false-positives errors */
opterr = 0;
- while ((c = getopt_long(argc, argv, "-A:D:F:I:L::N:X:d:i:j:m:o:s:t:",
+ while ((c = getopt_long(argc, argv, "-A:D:F:I:L::N:P:X:d:i:j:m:o:s:t:",
connman_iptables_globals.opts, NULL)) != -1) {
switch (c) {
case 'A':
@@ -1446,6 +1476,15 @@ int main(int argc, char *argv[])
new_chain = optarg;
break;
+ case 'P':
+ chain = optarg;
+ if (optind < argc)
+ policy = argv[optind++];
+ else
+ goto out;
+
+ break;
+
case 'X':
delete = true;
delete_chain = optarg;
@@ -1626,6 +1665,14 @@ int main(int argc, char *argv[])
}
if (chain) {
+ if (policy != NULL) {
+ printf("Changing policy of %s to %s\n", chain, policy);
+
+ connman_iptables_change_policy(table, chain, policy);
+
+ goto commit;
+ }
+
if (delete_rule == TRUE) {
printf("Deleting %s to %s (match %s)\n", target_name,
chain, match_name);