[connman] Add service specific dynamic iptables rules. JB#42675
This commit changes the service type based dynamic rules to be service identifier specific. Each service can have own ruleset, that is based on the iptables rules set for the service type in firewall.conf. All services of the same type have identical rules from the configuration. The main reason of this is to accommodate the requirement of having two simultaneous connections of same type to be online at the same time. When a service is being connected for the first time a deep clone of the firewall rule set for the service type is created. This firewall rule set is removed from the internal current_dynamic_rules only when the service is removed. When the service is disconnected the rules are only removed from iptables, they remain in the firewall context of the service for later use. The firewall rule id will be kept the same if the firewall rule set is reused. Only thing that can change is the interface to be used with the rule. For an easier (and faster) check of whether the firewall is enabled a new bool value is added to struct firewall_context. This is enabled when firewall rules are added without error and id FW_ALL_RULES is given. It is faster to check from this instead of going through all the rules without any change to them if they are already enabled/disabled. Added checks if the rules is valid UTF8 (if not, ignore). If the rule starts with # character the rule is interpreted as commented out and is not added. Rule must add with a '-' character as required by iptables, otherwise the rule is ignored.
Showing with 275 additions and 102 deletions