This patch is an improvment of r7098 (made by me).
Assuring compatibility between 1.4.0 and older versions,
regarding chain sorting.
Chains from kernel are already sorted, as they are inserted
sorted. But there exists an issue when shifting to 1.4.0
from an older version, as old versions allow last created
chain to be unsorted. This unsorted chain would survive in
1.4.0, as chains are now only sorted on creation.
This patch verifies that chains are sorted, if not it fixes the sorting.
Signed-off-by: Jesper Dangaard Brouer <hawk@xxxxxxx>
diff --git a/libiptc/libiptc.c b/libiptc/libiptc.c
index 0598505..29f671e 100644
--- a/libiptc/libiptc.c
+++ b/libiptc/libiptc.c
@@ -415,12 +415,28 @@ static inline void iptc_insert_chain(TC_HANDLE_T h, struct chain_head *c)
static void __iptcc_p_add_chain(TC_HANDLE_T h, struct chain_head *c,
unsigned int offset, unsigned int *num)
{
+ struct list_head *tail = h->chains.prev;
+ struct chain_head *ctail;
+
__iptcc_p_del_policy(h, *num);
c->head_offset = offset;
c->index = *num;
- list_add_tail(&c->list, &h->chains); /* Its already sorted */
+ /* Chains from kernel are already sorted, as they are inserted
+ * sorted. But there exists an issue when shifting to 1.4.0
+ * from an older version, as old versions allow last created
+ * chain to be unsorted.
+ */
+ if (iptcc_is_builtin(c)) /* Only user defined chains are sorted*/
+ list_add_tail(&c->list, &h->chains);
+ else {
+ ctail = list_entry(tail, struct chain_head, list);
+ if (strcmp(c->name, ctail->name) > 0)
+ list_add_tail(&c->list, &h->chains);/* Already sorted*/
+ else
+ iptc_insert_chain(h, c);/* Was not sorted */
+ }
h->chain_iterator_cur = c;
}
-
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
