Commit 6ca22638 authored by Jussi Laakkonen's avatar Jussi Laakkonen

[connman] Improve handling of iptables rule comments. JB#41797

Improved handling of comments when loading iptables rules from file at
bootup. This fixes also iptables.c to properly handle the rules and to
deal with multi word comments that are quoted according to iptables rule
format (thank you goes to Simo Piiroinen).

Rules with modifier comment (-m comment) should have --comment
defined with content. Otherwise rule is invalid and it is ignored. This
will then remove the rule after one restart cycle of connman.

Also added missing close() for duplicated stdout file descriptor that
caused the descriptor to be left open and as a result iptables rule
matches were incomplete. Changed to initialize fd's as -1 and improved
handling of error cases in stdout reading.

Cleaned up code in iptables extension and added more debugging.

Changed to use get_iptc_handle() for checking the names first, then
resort to reading of the iptables table names file.

Improved unit test for iptables extension (thanks also to Slava Monich
for some fixes).
parent f84a0e29
......@@ -325,7 +325,6 @@ unit_test_sailfish_iptables_ext_CFLAGS = $(COVERAGE_OPT) $(AM_CFLAGS) @DBUS_CFLA
unit_test_sailfish_iptables_ext_SOURCES = $(backtrace_sources) \
unit/test-sailfish_iptables_ext.c \
src/log.c src/storage.c src/inotify.c \
src/iptables.c src/firewall.c \
unit_test_sailfish_iptables_ext_LDADD = @GLIB_LIBS@ @XTABLES_LIBS@ \
......@@ -1778,21 +1778,24 @@ struct parse_context {
static int prepare_getopt_args(const char *str, struct parse_context *ctx)
char **tokens;
int ret = 0;
gint argc = 0;
gchar **argv = 0;
GError *error = 0;
int i;
tokens = g_strsplit_set(str, " ", -1);
i = g_strv_length(tokens);
/* Add space for the argv[0] value */
ctx->argc = i + 1;
if (!g_shell_parse_argv(str, &argc, &argv, &error)) {
ret = -EINVAL;
goto out;
/* Don't forget the last NULL entry */
/* Add space for the argv[0] value and terminating NULL entry */
ctx->argc = argc + 1;
ctx->argv = g_try_malloc0((ctx->argc + 1) * sizeof(char *));
if (!ctx->argv) {
return -ENOMEM;
ret = -ENOMEM;
goto out;
......@@ -1800,12 +1803,18 @@ static int prepare_getopt_args(const char *str, struct parse_context *ctx)
* random argv[0] entry.
ctx->argv[0] = g_strdup("argh");
/* Arguments are owned by ctx now */
for (i = 1; i < ctx->argc; i++)
ctx->argv[i] = tokens[i - 1];
ctx->argv[i] = argv[i - 1];
g_free(argv), argv = 0;
if (error)
return 0;
return ret;
static int parse_xt_modules(int c, bool invert,
This diff is collapsed.
This diff is collapsed.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment