• Jussi Laakkonen's avatar
    [connman] Enable and parse address options in firewall. JB#43924 JB#43926 · c616257b
    Jussi Laakkonen authored
    This commit adds parsing for addresses (IP and hostname) when used with
    source or destination options in iptables rules. IP address and hostname
    checks from inet.c are utilized. The IP addresses can have CIDR format
    or IP address format netmask and can be separeted with commas. Checks
    are different for IPV4 and IPv6. Hostname check in inet.c does not
    include DNS checking but checks only the format.
    
    Also the conntrack match options for setting source/destination
    origin/destinations are enabled. It is left for the iptables error
    parser to handle errors caused by duplicate use of conntrack switches.
    This is left as TODO.
    
    Tests are updated as well. A new test for the address options was
    required. Both IPv4 and IPv6 addresses are tested.
    c616257b
iptables-validate.c 49.7 KB