From e84f131b5f992577119bd3679241f69ec394e0a7 Mon Sep 17 00:00:00 2001
From: Patrick McHardy <kaber@trash.net>
Date: Mon, 15 Nov 2010 11:39:55 +0100
Subject: Revert "libxtables: change option precedence order to be intuitive"

This reverts commit 600f38db82548a683775fd89b6e136673e924097.

The commit breaks option parsing:

iptables v1.4.9: host/network `port' not found
Try `iptables -h' or 'iptables --help' for more information.

Signed-off-by: Patrick McHardy <kaber@trash.net>
---
 include/xtables.h.in |  5 ++---
 ip6tables.c          |  7 ++++---
 iptables.c           | 13 ++++---------
 xtables.c            | 50 ++++++++++++++++++++++----------------------------
 4 files changed, 32 insertions(+), 43 deletions(-)

diff --git a/include/xtables.h.in b/include/xtables.h.in
index c3d34af5..9e47c2d2 100644
--- a/include/xtables.h.in
+++ b/include/xtables.h.in
@@ -219,9 +219,8 @@ extern int xtables_insmod(const char *, const char *, bool);
 extern int xtables_load_ko(const char *, bool);
 extern int xtables_set_params(struct xtables_globals *xtp);
 extern void xtables_free_opts(int reset_offset);
-extern struct option *xtables_merge_options(struct option *origopts,
-	struct option *oldopts, const struct option *newopts,
-	unsigned int *option_offset);
+extern struct option *xtables_merge_options(struct option *oldopts,
+	const struct option *newopts, unsigned int *option_offset);
 
 extern int xtables_init_all(struct xtables_globals *xtp, uint8_t nfproto);
 extern struct xtables_match *xtables_find_match(const char *name,
diff --git a/ip6tables.c b/ip6tables.c
index 150893d4..15067da2 100644
--- a/ip6tables.c
+++ b/ip6tables.c
@@ -147,6 +147,7 @@ void ip6tables_exit_error(enum xtables_exittype status, const char *msg, ...) __
 struct xtables_globals ip6tables_globals = {
 	.option_offset = 0,
 	.program_version = IPTABLES_VERSION,
+	.opts = original_opts,
 	.orig_opts = original_opts,
 	.exit_err = ip6tables_exit_error,
 };
@@ -1560,7 +1561,7 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
 				target->t->u.user.revision = target->revision;
 				if (target->init != NULL)
 					target->init(target->t);
-				opts = xtables_merge_options(ip6tables_globals.orig_opts, opts,
+				opts = xtables_merge_options(opts,
 						     target->extra_opts,
 						     &target->option_offset);
 				if (opts == NULL)
@@ -1614,7 +1615,7 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
 				m->init(m->m);
 			if (m != m->next)
 				/* Merge options for non-cloned matches */
-				opts = xtables_merge_options(ip6tables_globals.orig_opts, opts, m->extra_opts, &m->option_offset);
+				opts = xtables_merge_options(opts, m->extra_opts, &m->option_offset);
 		}
 		break;
 
@@ -1761,7 +1762,7 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
 					if (m->init != NULL)
 						m->init(m->m);
 
-					opts = xtables_merge_options(ip6tables_globals.orig_opts, opts,
+					opts = xtables_merge_options(opts,
 					    m->extra_opts, &m->option_offset);
 
 					optind--;
diff --git a/iptables.c b/iptables.c
index 4c8bd773..840dd3e5 100644
--- a/iptables.c
+++ b/iptables.c
@@ -147,6 +147,7 @@ void iptables_exit_error(enum xtables_exittype status, const char *msg, ...) __a
 struct xtables_globals iptables_globals = {
 	.option_offset = 0,
 	.program_version = IPTABLES_VERSION,
+	.opts = original_opts,
 	.orig_opts = original_opts,
 	.exit_err = iptables_exit_error,
 };
@@ -1575,9 +1576,7 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
 				target->t->u.user.revision = target->revision;
 				if (target->init != NULL)
 					target->init(target->t);
-				opts = xtables_merge_options(
-						     iptables_globals.orig_opts,
-						     opts,
+				opts = xtables_merge_options(opts,
 						     target->extra_opts,
 						     &target->option_offset);
 				if (opts == NULL)
@@ -1637,9 +1636,7 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
 				m->init(m->m);
 			if (m != m->next) {
 				/* Merge options for non-cloned matches */
-				opts = xtables_merge_options(
-						     iptables_globals.orig_opts,
-						     opts,
+				opts = xtables_merge_options(opts,
 						     m->extra_opts,
 						     &m->option_offset);
 				if (opts == NULL)
@@ -1793,9 +1790,7 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
 					if (m->init != NULL)
 						m->init(m->m);
 
-					opts = xtables_merge_options(
-							     iptables_globals.orig_opts,
-							     opts,
+					opts = xtables_merge_options(opts,
 							     m->extra_opts,
 							     &m->option_offset);
 					if (opts == NULL)
diff --git a/xtables.c b/xtables.c
index 7658038c..47a0d9cb 100644
--- a/xtables.c
+++ b/xtables.c
@@ -73,50 +73,44 @@ void basic_exit_err(enum xtables_exittype status, const char *msg, ...)
 	exit(status);
 }
 
-void xtables_free_opts(int unused)
+
+void xtables_free_opts(int reset_offset)
 {
-	free(xt_params->opts);
+	if (xt_params->opts != xt_params->orig_opts) {
+		free(xt_params->opts);
+		xt_params->opts = xt_params->orig_opts;
+		if (reset_offset)
+			xt_params->option_offset = 0;
+	}
 }
 
-struct option *xtables_merge_options(struct option *orig_opts,
-				     struct option *oldopts,
+struct option *xtables_merge_options(struct option *oldopts,
 				     const struct option *newopts,
 				     unsigned int *option_offset)
 {
-	unsigned int num_oold = 0, num_old = 0, num_new = 0, i;
-	struct option *merge, *mp;
+	unsigned int num_old, num_new, i;
+	struct option *merge;
 
 	if (newopts == NULL)
 		return oldopts;
 
-	for (num_oold = 0; orig_opts[num_oold].name; num_oold++) ;
-	if (oldopts != NULL)
-		for (num_old = 0; oldopts[num_old].name; num_old++) ;
+	for (num_old = 0; oldopts[num_old].name; num_old++) ;
 	for (num_new = 0; newopts[num_new].name; num_new++) ;
 
-	merge = malloc(sizeof(*mp) * (num_oold + num_old + num_new + 1));
-	if (merge == NULL)
-		return NULL;
-
-	/* Let the base options -[ADI...] have precedence over everything */
-	memcpy(merge, orig_opts, sizeof(*mp) * num_oold);
-	mp = merge + num_oold;
-
-	/* Second, the new options */
 	xt_params->option_offset += 256;
 	*option_offset = xt_params->option_offset;
-	memcpy(mp, newopts, sizeof(*mp) * num_new);
-
-	for (i = 0; i < num_new; ++i, ++mp)
-		mp->val += *option_offset;
 
-	/* Third, the old options */
-	memcpy(mp, oldopts, sizeof(*mp) * num_old);
-	mp += num_old;
-	xtables_free_opts(0);
+	merge = malloc(sizeof(struct option) * (num_new + num_old + 1));
+	if (merge == NULL)
+		return NULL;
+	memcpy(merge, oldopts, num_old * sizeof(struct option));
+	xtables_free_opts(0);	/* Release any old options merged  */
+	for (i = 0; i < num_new; i++) {
+		merge[num_old + i] = newopts[i];
+		merge[num_old + i].val += *option_offset;
+	}
+	memset(merge + num_old + num_new, 0, sizeof(struct option));
 
-	/* Clear trailing entry */
-	memset(mp, 0, sizeof(*mp));
 	return merge;
 }
 
-- 
cgit v1.2.3