• Jussi Laakkonen's avatar
    [connman] Dynamic firewall rules for tethering. JB#43927 JB#43928 · b938908e
    Jussi Laakkonen authored
    This commit adds use of dynamic rules for tethering. When tethering is
    enabled notifier calls tethering_changed which firewall.c reacts by
    enabling firewall rules to allow from the tethering interface:
     - Wifi: existing rules set for the group "tethering", all if none set
     - All others (e.g., usb tethering uses gadget type): All traffic
    
    Added a configuration group "tethering" which is identical to any other
    device in the configuration, same rules apply. These rules are enabled
    only for WiFi hotspot and used alone if they have been set. Empty
    "tethering" group rules results in the default rules (all traffic). The
    chain used does not matter, if there is at least only one rule, only
    that one is applied.
    
    If tethering ident is not set, plain "tethering_default" is used as
    identifier to save the firewall context into the dynamic rules.
    
    If tethering firewall cannot be created or enabled tethering is set off
    by calling connman_technology_tethering_notify() that generates a proper
    notification for UI to catch.
    
    Changed to use plain interface name (ifname) when cloning or setting
    interface info instead of struct connman_service. This way same
    functions can be used with other than service state changing notifier
    function. The ifname has to be passed as char* even though it is
    duplicated for each rule that is affected because of glib list traversal
    functions.
    b938908e
firewall.c 55.1 KB