[connman] Dynamic firewall rules for tethering. JB#43927 JB#43928
This commit adds use of dynamic rules for tethering. When tethering is enabled notifier calls tethering_changed which firewall.c reacts by enabling firewall rules to allow from the tethering interface: - Wifi: existing rules set for the group "tethering", all if none set - All others (e.g., usb tethering uses gadget type): All traffic Added a configuration group "tethering" which is identical to any other device in the configuration, same rules apply. These rules are enabled only for WiFi hotspot and used alone if they have been set. Empty "tethering" group rules results in the default rules (all traffic). The chain used does not matter, if there is at least only one rule, only that one is applied. If tethering ident is not set, plain "tethering_default" is used as identifier to save the firewall context into the dynamic rules. If tethering firewall cannot be created or enabled tethering is set off by calling connman_technology_tethering_notify() that generates a proper notification for UI to catch. Changed to use plain interface name (ifname) when cloning or setting interface info instead of struct connman_service. This way same functions can be used with other than service state changing notifier function. The ifname has to be passed as char* even though it is duplicated for each rule that is affected because of glib list traversal functions.
Showing with 309 additions and 18 deletions