iptables: Introduce IPv6 iptables management.

This commit adds iptables management for IPv6 addresses. Existing src/iptables.c is used as base and the functionality to support IPv6 iptables is included into existing code for the most part. Managing iptables using IPv6 addresses does not differ much from IPv4 use, only new structures of setting/getting rules have to be adapted into use. For each existing __connman_iptables_*() a type variable (int) has been added to indicate which address family (AF_INET/AF_INET6) is to be used. Functionality remains the same as with iptables.c, only the function parse_ipv6_and_mask() is rewritten comply with IPv6 address structures. Functions is_same_ipt_entry() and iptables_blob() are copied to use ip6t_* type structures. The internal structures connman_iptables_entry and connman_iptables were amended to include the iptables IPv6 structures and the address family type. In order to avoid copying of large amounts of existing code and to be able to use both IPv4 and IPv6 structures many existing functions are changed from using struct ipt_entry/ipt_ip/ipt_replace into using structures that contain pointers to both IPv4 and IPv6 structures. Two new structures are introduced to act as containers for the IPv4 and IPv6 types of iptables structures: - struct iptables_ip contains ipt_ip and ip6t_ip + type - struct iptables_replace contains ipt_replace and ip6t_replace + type - struct connman_iptables_entry is used as container for ipt_entry and ip6t_entry Helper functions for getting content from struct connman_iptables were added to keep the code cleaner. Similarly for the struct iptables_replace helper functions were added. Helper functions were also added for getting content out of connman_iptables_entry struct. In order to operate both IPv4 and IPv6 iptables the initialization has to be done before each operation is executed if the IP type changes. For this setup_xtables() function was added to change the iptables type and to keep track of the current IP type to avoid unnecessary changes.

iptables: Introduce IPv6 iptables management.
This commit adds iptables management for IPv6 addresses. Existing src/iptables.c is used as base and the functionality to support IPv6 iptables is included into existing code for the most part. Managing iptables using IPv6 addresses does not differ much from IPv4 use, only new structures of setting/getting rules have to be adapted into use. For each existing __connman_iptables_*() a type variable (int) has been added to indicate which address family (AF_INET/AF_INET6) is to be used. Functionality remains the same as with iptables.c, only the function parse_ipv6_and_mask() is rewritten comply with IPv6 address structures. Functions is_same_ipt_entry() and iptables_blob() are copied to use ip6t_* type structures. The internal structures connman_iptables_entry and connman_iptables were amended to include the iptables IPv6 structures and the address family type. In order to avoid copying of large amounts of existing code and to be able to use both IPv4 and IPv6 structures many existing functions are changed from using struct ipt_entry/ipt_ip/ipt_replace into using structures that contain pointers to both IPv4 and IPv6 structures. Two new structures are introduced to act as containers for the IPv4 and IPv6 types of iptables structures: - struct iptables_ip contains ipt_ip and ip6t_ip + type - struct iptables_replace contains ipt_replace and ip6t_replace + type - struct connman_iptables_entry is used as container for ipt_entry and ip6t_entry Helper functions for getting content from struct connman_iptables were added to keep the code cleaner. Similarly for the struct iptables_replace helper functions were added. Helper functions were also added for getting content out of connman_iptables_entry struct. In order to operate both IPv4 and IPv6 iptables the initialization has to be done before each operation is executed if the IP type changes. For this setup_xtables() function was added to change the iptables type and to keep track of the current IP type to avoid unnecessary changes.
01d9e260 · Jussi Laakkonen · a460850c · 01d9e260 · 01d9e260
Commit 01d9e260 authored Oct 24, 2018 by Jussi Laakkonen
Expand all Hide whitespace changes
Inline Side-by-side

Showing with 1804 additions and 417 deletions

connman/src/connman.h connman/src/connman.h +33 -24

connman/src/iptables.c connman/src/iptables.c +1771 -393

No files found.
--- a/connman/src/connman.h
+++ b/connman/src/connman.h
@@ -947,40 +947,49 @@ void __connman_stats_rebase(struct connman_stats *stats,
 void __connman_stats_get(struct connman_stats *stats,
 				struct connman_stats_data *data);

-int __connman_iptables_dump(const char *table_name);
-int __connman_iptables_new_chain(const char *table_name,
-					const char *chain);
-int __connman_iptables_delete_chain(const char *table_name,
-					const char *chain);
-int __connman_iptables_flush_chain(const char *table_name,
-					const char *chain);
-int __connman_iptables_find_chain(const char *table_name,
-					const char *chain);
-int __connman_iptables_change_policy(const char *table_name,
-					const char *chain,
-					const char *policy);
-int __connman_iptables_append(const char *table_name,
-			const char *chain,
-			const char *rule_spec);
-int __connman_iptables_insert(const char *table_name,
-			const char *chain,
-			const char *rule_spec);
-int __connman_iptables_delete(const char *table_name,
-			const char *chain,
-			const char *rule_spec);
+int __connman_iptables_dump(int type,
+				const char *table_name);
+int __connman_iptables_new_chain(int type,
+				const char *table_name,
+				const char *chain);
+int __connman_iptables_delete_chain(int type,
+				const char *table_name,
+				const char *chain);
+int __connman_iptables_flush_chain(int type,
+				const char *table_name,
+				const char *chain);
+int __connman_iptables_find_chain(int type,
+				const char *table_name,
+				const char *chain);
+int __connman_iptables_change_policy(int type,
+				const char *table_name,
+				const char *chain,
+				const char *policy);
+int __connman_iptables_append(int type,
+				const char *table_name,
+				const char *chain,
+				const char *rule_spec);
+int __connman_iptables_insert(int type,
+				const char *table_name,
+				const char *chain,
+				const char *rule_spec);
+int __connman_iptables_delete(int type,
+				const char *table_name,
+				const char *chain,
+				const char *rule_spec);
 int __connman_iptables_restore_all();
 int __connman_iptables_save_all();

-
 typedef void (*connman_iptables_iterate_chains_cb_t) (const char *chain_name,
 							void *user_data);
-int __connman_iptables_iterate_chains(const char *table_name,
+int __connman_iptables_iterate_chains(int type,
+				const char *table_name,
 				connman_iptables_iterate_chains_cb_t cb,
 				void *user_data);

 int __connman_iptables_init(void);
 void __connman_iptables_cleanup(void);
-int __connman_iptables_commit(const char *table_name);
+int __connman_iptables_commit(int type, const char *table_name);

 int __connman_dnsproxy_init(void);
 void __connman_dnsproxy_cleanup(void);

--- a/connman/src/iptables.c
+++ b/connman/src/iptables.c