git.ipfire.org Git - thirdparty/iptables.git/commit

author	Phil Sutter <phil@nwl.cc>
	Tue, 15 Jan 2019 22:23:05 +0000 (23:23 +0100)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Mon, 28 Jan 2019 10:26:59 +0000 (11:26 +0100)
commit	7ea0b7d809229973d950ed99845bdd0b2eb4cbb7
tree	27407b3768fbfd8724aec85306ea83f485a2556f	tree \| snapshot
parent	032dc4a18ab86173847b6016baf0819ccd7641c5	commit \| diff

xtables: Fix for inserting rule at wrong position

iptables-restore allows to insert rules at a certain position which is
problematic for iptables-nft to realize since rule position is not
determined by number but handle of previous or following rule and in
case the rules surrounding the new one are new as well, they don't have
a handle to refer to yet.

Fix this by making use of NFTNL_RULE_POSITION_ID attribute: When
inserting before a rule which does not have a handle, refer to it using
its NFTNL_RULE_ID value. If the latter doesn't exist either, assign a
new one to it.

The last used rule ID value is tracked in a new field of struct
nft_handle which is incremented before each use.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

iptables/nft.c		diff \| blob \| blame \| history
iptables/nft.h		diff \| blob \| blame \| history
iptables/tests/shell/testcases/ipt-restore/0003-restore-ordering_0	[new file with mode: 0755]	blob
iptables/tests/shell/testcases/iptables/0005-rule-replace_0	[new file with mode: 0755]	blob