libiptc: fix wrong maptype of base chain counters on restore

When a ruleset that does not reset any chain policies/counters, such as

	*filter
	COMMIT

is sourced by iptables-restore, the previous policy and counters
(i.e. the ones read from the kernel) are reused. The counter skew
offsetting is wrong however, causing the read value to be readded to
the kernel value. This manifests itself in practice by the counter
value almost doubling everytime iptables-restore is called.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

diff --git a/libiptc/libiptc.c b/libiptc/libiptc.c
index 670acf537ed4b19705617d524536020016b561b9..7a9c74281a9795497941f8521b1fb52d0cb28608 100644 (file)
--- a/libiptc/libiptc.c
+++ b/libiptc/libiptc.c
@@ -829,7 +829,7 @@ static int __iptcc_p_del_policy(struct xtc_handle *h, unsigned int num)
 
                /* save counter and counter_map information */
                h->chain_iterator_cur->counter_map.maptype =
-                                               COUNTER_MAP_NORMAL_MAP;
+                                               COUNTER_MAP_ZEROED;
                h->chain_iterator_cur->counter_map.mappos = num-1;
                memcpy(&h->chain_iterator_cur->counters, &pr->entry->counters,
                        sizeof(h->chain_iterator_cur->counters));