From a43ddc075a247096831dbe8569f5b87ff4f70acb Mon Sep 17 00:00:00 2001
From: Mark McLoughlin <markmc@redhat.com>
Date: Thu, 10 Jan 2008 13:51:55 +0000
Subject: [PATCH] Include the iptables command and chain name in the saved
 rules files

---
 ChangeLog      |  5 +++++
 src/iptables.c | 59 ++++++++++++++++++++++++++++++++------------------
 2 files changed, 43 insertions(+), 21 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 6b9294fefb..3add06a58e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+Thu Jan 10 13:51:00 GMT 2008 Mark McLoughlin <markmc@redhat.com>
+
+	* src/iptables.c: Include the iptables command and chain
+	name in the saved rules files
+
 Thu Jan 10 13:50:11 GMT 2008 Mark McLoughlin <markmc@redhat.com>
 
 	* src/iptables.c: Re-name the "flipflop" variable to "command_idx"
diff --git a/src/iptables.c b/src/iptables.c
index c2877bef52..e66bc6495a 100644
--- a/src/iptables.c
+++ b/src/iptables.c
@@ -335,37 +335,55 @@ iptablesAddRemoveChain(iptRules *rules, int action)
     return retval;
 }
 
+static char *
+argvToString(char **argv)
+{
+    int len, i;
+    char *ret, *p;
+
+    for (len = 1, i = 0; argv[i]; i++)
+        len += strlen(argv[i]) + 1;
+
+    if (!(p = ret = (char *)malloc(len)))
+        return NULL;
+
+    for (i = 0; argv[i]; i++) {
+        if (i != 0)
+            *(p++) = ' ';
+
+        strcpy(p, argv[i]);
+        p += strlen(argv[i]);
+    }
+
+    *p = '\0';
+
+    return ret;
+}
+
 static int
 iptablesAddRemoveRule(iptRules *rules, int action, const char *arg, ...)
 {
     va_list args;
     int retval = ENOMEM;
     char **argv;
-    char *rule = NULL, *p;
+    char *rule = NULL;
     const char *s;
-    int n, rulelen, command_idx;
+    int n, command_idx;
 
     n = 1 + /* /sbin/iptables  */
         2 + /*   --table foo   */
         2 + /*   --insert bar  */
         1;  /*   arg           */
 
-    rulelen = strlen(arg) + 1;
-
     va_start(args, arg);
-    while ((s = va_arg(args, const char *))) {
+    while ((s = va_arg(args, const char *)))
         n++;
-        rulelen += strlen(s) + 1;
-    }
 
     va_end(args);
 
     if (!(argv = calloc(n + 1, sizeof(*argv))))
         goto error;
 
-    if (!(rule = (char *)malloc(rulelen)))
-        goto error;
-
     n = 0;
 
     if (!(argv[n++] = strdup(IPTABLES_PATH)))
@@ -379,7 +397,7 @@ iptablesAddRemoveRule(iptRules *rules, int action, const char *arg, ...)
 
     command_idx = n;
 
-    if (!(argv[n++] = strdup(action == ADD ? "--insert" : "--delete")))
+    if (!(argv[n++] = strdup("--insert")))
         goto error;
 
     if (!(argv[n++] = strdup(rules->chain)))
@@ -388,23 +406,22 @@ iptablesAddRemoveRule(iptRules *rules, int action, const char *arg, ...)
     if (!(argv[n++] = strdup(arg)))
         goto error;
 
-    p = strcpy(rule, arg);
-    p += strlen(arg);
-
     va_start(args, arg);
 
-    while ((s = va_arg(args, const char *))) {
+    while ((s = va_arg(args, const char *)))
         if (!(argv[n++] = strdup(s)))
             goto error;
 
-        *(p++) = ' ';
-        strcpy(p, s);
-        p += strlen(s);
-    }
-
     va_end(args);
 
-    *p = '\0';
+    if (!(rule = argvToString(&argv[command_idx])))
+        goto error;
+
+    if (action == REMOVE) {
+        free(argv[command_idx]);
+        if (!(argv[command_idx] = strdup("--delete")))
+            goto error;
+    }
 
     if (action == ADD &&
         (retval = iptablesAddRemoveChain(rules, action)))