• Jussi Laakkonen's avatar
    [connman] Improve handling of iptables rule comments. JB#41797 · 6ca22638
    Jussi Laakkonen authored
    Improved handling of comments when loading iptables rules from file at
    bootup. This fixes also iptables.c to properly handle the rules and to
    deal with multi word comments that are quoted according to iptables rule
    format (thank you goes to Simo Piiroinen).
    
    Rules with modifier comment (-m comment) should have --comment
    defined with content. Otherwise rule is invalid and it is ignored. This
    will then remove the rule after one restart cycle of connman.
    
    Also added missing close() for duplicated stdout file descriptor that
    caused the descriptor to be left open and as a result iptables rule
    matches were incomplete. Changed to initialize fd's as -1 and improved
    handling of error cases in stdout reading.
    
    Cleaned up code in iptables extension and added more debugging.
    
    Changed to use get_iptc_handle() for checking the names first, then
    resort to reading of the iptables table names file.
    
    Improved unit test for iptables extension (thanks also to Slava Monich
    for some fixes).
    6ca22638
sailfish_iptables_ext.c 36.1 KB