From patchwork Fri Feb 24 18:15:19 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dan Williams X-Patchwork-Id: 732229 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3vVK5l1y57z9s7M for ; Sat, 25 Feb 2017 05:15:23 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751304AbdBXSPW (ORCPT ); Fri, 24 Feb 2017 13:15:22 -0500 Received: from mx1.redhat.com ([209.132.183.28]:59674 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750995AbdBXSPW (ORCPT ); Fri, 24 Feb 2017 13:15:22 -0500 Received: from int-mx10.intmail.prod.int.phx2.redhat.com (int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 5B4004E4CF for ; Fri, 24 Feb 2017 18:15:22 +0000 (UTC) Received: from ovpn-112-32.phx2.redhat.com (ovpn-112-32.phx2.redhat.com [10.3.112.32]) by int-mx10.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id v1OIFK72030033 for ; Fri, 24 Feb 2017 13:15:21 -0500 Message-ID: <1487960119.27698.11.camel@redhat.com> Subject: [PATCH] libiptc: don't set_changed() when checking rules with module jumps From: Dan Williams To: netfilter-devel@vger.kernel.org Date: Fri, 24 Feb 2017 12:15:19 -0600 Mime-Version: 1.0 X-Scanned-By: MIMEDefang 2.68 on 10.5.11.23 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.38]); Fri, 24 Feb 2017 18:15:22 +0000 (UTC) Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org --- libiptc/libiptc.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/libiptc/libiptc.c b/libiptc/libiptc.c index 2c66d04..a6e7057 100644 --- a/libiptc/libiptc.c +++ b/libiptc/libiptc.c @@ -1686,7 +1686,8 @@ iptcc_standard_map(struct rule_head *r, int verdict) static int iptcc_map_target(struct xtc_handle *const handle, - struct rule_head *r) + struct rule_head *r, + bool dry_run) { STRUCT_ENTRY *e = r->entry; STRUCT_ENTRY_TARGET *t = GET_TARGET(e); @@ -1731,7 +1732,8 @@ iptcc_map_target(struct xtc_handle *const handle, 0, FUNCTION_MAXNAMELEN - 1 - strlen(t->u.user.name)); r->type = IPTCC_R_MODULE; - set_changed(handle); + if (!dry_run) + set_changed(handle); return 1; } @@ -1781,7 +1783,7 @@ TC_INSERT_ENTRY(const IPT_CHAINLABEL chain, memcpy(r->entry, e, e->next_offset); r->counter_map.maptype = COUNTER_MAP_SET; - if (!iptcc_map_target(handle, r)) { + if (!iptcc_map_target(handle, r, false)) { free(r); return 0; } @@ -1831,7 +1833,7 @@ TC_REPLACE_ENTRY(const IPT_CHAINLABEL chain, memcpy(r->entry, e, e->next_offset); r->counter_map.maptype = COUNTER_MAP_SET; - if (!iptcc_map_target(handle, r)) { + if (!iptcc_map_target(handle, r, false)) { free(r); return 0; } @@ -1870,7 +1872,7 @@ TC_APPEND_ENTRY(const IPT_CHAINLABEL chain, memcpy(r->entry, e, e->next_offset); r->counter_map.maptype = COUNTER_MAP_SET; - if (!iptcc_map_target(handle, r)) { + if (!iptcc_map_target(handle, r, false)) { DEBUGP("unable to map target of rule for chain `%s'\n", chain); free(r); return 0; @@ -1976,7 +1978,7 @@ static int delete_entry(const IPT_CHAINLABEL chain, const STRUCT_ENTRY *origfw, memcpy(r->entry, origfw, origfw->next_offset); r->counter_map.maptype = COUNTER_MAP_NOMAP; - if (!iptcc_map_target(handle, r)) { + if (!iptcc_map_target(handle, r, dry_run)) { DEBUGP("unable to map target of rule for chain `%s'\n", chain); free(r); return 0;