From 5e923e305876af331e5fc3c2884079f54b97da83 Mon Sep 17 00:00:00 2001 From: gandalf Date: Wed, 22 Sep 2004 21:04:07 +0000 Subject: Insertion of rules with -I was broken. It checked if a rule existed on the position we were inserting to. Thus inserting into an empty chain didn't work. And it didn't care about the fact that the first rule in the chain has index 1 the rulenumer we get starts at 0... --- libiptc/libiptc.c | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) (limited to 'libiptc') diff --git a/libiptc/libiptc.c b/libiptc/libiptc.c index 74f56f4..a71ecad 100644 --- a/libiptc/libiptc.c +++ b/libiptc/libiptc.c @@ -1,4 +1,4 @@ -/* Library which manipulates firewall rules. Version $Revision: 1.51 $ */ +/* Library which manipulates firewall rules. Version $Revision: 1.52 $ */ /* Architecture of firewall rules is as follows: * @@ -1245,7 +1245,8 @@ TC_INSERT_ENTRY(const IPT_CHAINLABEL chain, TC_HANDLE_T *handle) { struct chain_head *c; - struct rule_head *r, *prev; + struct rule_head *r; + struct list_head *prev; iptc_fn = TC_INSERT_ENTRY; @@ -1254,12 +1255,21 @@ TC_INSERT_ENTRY(const IPT_CHAINLABEL chain, return 0; } - prev = iptcc_get_rule_num(c, rulenum); - if (!prev) { + /* first rulenum index = 0 + first c->num_rules index = 1 */ + if (rulenum > c->num_rules) { errno = E2BIG; return 0; } + /* Try to get the rule we want to insert after. + In case of no rules, insert after chain head. */ + r = iptcc_get_rule_num(c, rulenum + 1); + if (r) + prev = &r->list; + else + prev = &c->rules; + if (!(r = iptcc_alloc_rule(c, e->next_offset))) { errno = ENOMEM; return 0; @@ -1273,7 +1283,7 @@ TC_INSERT_ENTRY(const IPT_CHAINLABEL chain, return 0; } - list_add_tail(&r->list, &prev->list); + list_add_tail(&r->list, prev); c->num_rules++; set_changed(*handle); -- cgit v1.2.3