Add source-restricted routes

[project/netifd.git] / iprule.c

diff --git a/iprule.c b/iprule.c
index 7172f29..a31db99 100644 (file)
--- a/iprule.c
+++ b/iprule.c
@@ -29,6 +29,7 @@
 
 struct vlist_tree iprules;
 static bool iprules_flushed = false;
+static unsigned int iprules_counter[2];
 
 enum {
        RULE_INTERFACE_IN,
@@ -59,7 +60,7 @@ static const struct blobmsg_policy rule_attr[__RULE_MAX] = {
        [RULE_GOTO]   = { .name = "goto", .type = BLOBMSG_TYPE_INT32 },
 };
 
-const struct config_param_list rule_attr_list = {
+const struct uci_blob_param_list rule_attr_list = {
        .n_params = __RULE_MAX,
        .params = rule_attr,
 };
@@ -111,6 +112,7 @@ iprule_add(struct blob_attr *attr, bool v6)
                return;
 
        rule->flags = v6 ? IPRULE_INET6 : IPRULE_INET4;
+       rule->order = iprules_counter[rule->flags]++;
 
        if ((cur = tb[RULE_INVERT]) != NULL)
                rule->invert = blobmsg_get_bool(cur);
@@ -197,13 +199,6 @@ iprule_add(struct blob_attr *attr, bool v6)
                rule->flags |= IPRULE_GOTO;
        }
 
-       /* trigger flush of existing rules when adding first uci rule the first time */
-       if (!iprules_flushed)
-       {
-               system_flush_iprules();
-               iprules_flushed = true;
-       }
-
        vlist_add(&iprules, &rule->node, &rule->flags);
        return;
 
@@ -214,6 +209,13 @@ error:
 void
 iprule_update_start(void)
 {
+       if (!iprules_flushed) {
+               system_flush_iprules();
+               iprules_flushed = true;
+       }
+
+       iprules_counter[0] = 1;
+       iprules_counter[1] = 1;
        vlist_update(&iprules);
 }