| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
If dnsproxy is not in use, like when connman has been started
with -r option, then the listener_table will be NULL which can
cause crash in hash table lookup call.
|
|
Optionally use iptables-save to check if the rules are installed or
removed on the system instead of relying only on the returned iptables
error code.
Do notice that running tools/iptables-unit will modify and delete existing
iptables firewall rules on your system. Use iptables-unit with caution!
|
|
test-ippool is a pure unit test can therefore be part of the
distcheck target.
|
|
|
|
Reported by Ravikumar Veeramally
|
|
entry_head and entry_return are allocated via g_try_malloc0().
|
|
After removing one or more rules the builtin hooks need to be updated
accordingly. iptables_flush_chain() and iptables_delete_rule()
share a common code part.
|
|
The list pointer is invalid after remove_table_entry(). Since
we entering the 'if' body only for the first rule in a builtin
chain we can safely update list to point to the next element.
|
|
The second argument is not used anymore, let's remove it. The funciton
name doesn't really match to its implementation, so it's also time
to rename it.
|
|
We need to see a bit more in detail what happens when
CONNMAN_IPTABLES_DEBUG is not set, for example the removing/flushing
during bootup.
Also remove the DBG() from parse_rule_spec() because all callers
already have a DBG(). So not much additional information here.
|
|
pre_load_table() is called always with table == NULL, we end up
keep trying to load the kernel modules even though the table
is already loaded. Therefore, move the lookup one level up.
|
|
Streamline this file with the rest of ConnMan's code base.
|
|
The API changed between 1.4.10 (version code 5) and 1.4.11 (version code 6)
and we needed to workaround with a bunch of ugly ifdefs. 1.4.11 was
released on 26.05.2011 and even Debian testing ships 1.4.14 these days.
|
|
It is impossible to see the normal unit test output with all
DBG() enabled by default.
|
|
With the recent changes to iptables.c and the new API iptables-test.c
and iptables.c started to diverge and it is not really possible to
keep those two files in sync. Instead we start using the new API.
Unfortunatly, we need to partially parse argv and concatinate the rest
again together. This is ugly but not much we can do about it.
|
|
In order to allow our test tool iptables-tests to dump a table
we need an dump function. The only user will be this tool. That allows
the linker to remove this code, so no additional code size.
|
|
|
|
These tests depens on ConnMan running and therefore not really a
unit tests. Let's move it to tools.
|
|
Unit tests are suppessed to be run during 'make distcheck' but
iptables-unit needs to be run with root rights.
|
|
|
|
If the service is provisioned via .config file, then user is only
able to set the AutoConnect status of the service. All the other
settings must be set from the .config file.
Fixes BMC#25984
|
|
|
|
The dbus messages from vpnd might come in different order so make
sure we are not trying to access already removed provider.
|
|
|
|
When provider is destroyed in vpnd, we get a notification about
that. We must then remove the provider which will also unref it
so the provider data will get removed properly.
Old code just unreffed the provider but it was left hanging in
service list.
|
|
|
|
Following patch will introduce provider remove function that can
be used from vpn plugin so rename the current removal function to
reflect better its usage.
|
|
Inotify will send modify event after create event when user has
copied the config file into config directory. Because of this
it is useless to act on create event. As a bonus we avoid
create/modify/create loop that was earlier done in the modify event
handling code.
|
|
If the data pointer is left around, then vpn plugin might
accidentally use it if dbus messages are received after
we have cleared the vpn connection.
|
|
The vpnd will not read or save provider data from disk. Only
way to provision VPN is by setting necessary data in VPN .config
file.
|
|
Immutable VPN connection settings cannot be changed by SetProperty or
ClearProperty dbus API.
|
|
|
|
The immutable settings are those that are read from .config file.
|
|
|
|
|
|
|
|
|
|
|
|
The immutable flag is set if the VPN connection is provisioned
via a .config file. The VPN connection can be removed only by
removing the .config file from /var/lib/connman-vpn directory.
|
|
Because we now support provisioning of VPN services via .config file,
we need to keep vpnd running so that it can monitor the connman-vpn
directory for new config files.
|
|
Fixes BMC#25978
|
|
The -i or --device command line option contains the device names
that we should use. Unfortunately the check fails if there are
multiple interfaces in that list and we ignore the interfaces instead.
Fixes BMC#25979
|
|
Commit ba052f1f "iptables: Add split out iptables commands"
introduced a bug. __connman_iptables_append() should
call iptables_append_rule() instead of iptables_insert_rule().
|
|
|
|
The policy is kept at the end of the chain not at the beginning.
Currently, the code assumes that the builtin chain is empty.
|
|
The linked list is tracking all loading modules. Since we do not
unload once they are loaded (xtables does not support this), we
might up leaving prepare_matches() before we update the
option table. Since we carefully reset the global xtable state
after executing one rule, this check is wrong, e.g. if we add
to similar rules (same matches (mark, nfacct)). In this case
the second rule would not be parsed correctly. Nasty nasty iptables parser!
|
|
|
|
Updating the builtin and hook index is more complex then one
would expect. In order to be able to update them correctly
we need also to pass in the underflow table to the iterate
function. To improve the readability the valid_hook magic
has been moved into next_hook_entry_index() which does exactly
as the name says.
|
|
A fallthrough rule is one which has the default target name,
does not have a verdict and is not a jump rule.
is_fallthrough() is called excluslive from the insert path,
thus the value of verdict will be 0 for a fallthrough rule.
|
|
|
