1. 23 Nov, 2018 1 commit
    • Jussi Laakkonen's avatar
      [connman] Iptables restore, commit rules one by one. Fixes JB#43925 · f5447bd5
      Jussi Laakkonen authored
      Change to commit individual rules one by one to reduce the probability
      of crashes. Policies are set with iptc library functions so they are not
      to be committed with __connman_iptables_commit().
      
      This way each read rule is instantly restored to iptables instead of
      adding all of them in a row and committing after last. Crash may occur
      if something else is called via glib main that alters iptables between
      each call to iptables_parse_rule().
      f5447bd5
  2. 22 Nov, 2018 3 commits
  3. 12 Nov, 2018 1 commit
  4. 13 Jun, 2018 1 commit
  5. 11 May, 2018 2 commits
    • Jussi Laakkonen's avatar
      [connman] Fix memory leak in iptables extension. Fixes JB#40973 · d576a8f4
      Jussi Laakkonen authored
      Free the match returned by xtables_find_match() if the struct
      xt_entry_match* is set for the match (match->m). In this case
      xtables_find_match() has allocated a clone. When match->m is NULL an
      entry from internal list is returned that must not be free'd.
      d576a8f4
    • Jussi Laakkonen's avatar
      [connman] Improve handling of iptables rule comments. JB#41797 · 6ca22638
      Jussi Laakkonen authored
      Improved handling of comments when loading iptables rules from file at
      bootup. This fixes also iptables.c to properly handle the rules and to
      deal with multi word comments that are quoted according to iptables rule
      format (thank you goes to Simo Piiroinen).
      
      Rules with modifier comment (-m comment) should have --comment
      defined with content. Otherwise rule is invalid and it is ignored. This
      will then remove the rule after one restart cycle of connman.
      
      Also added missing close() for duplicated stdout file descriptor that
      caused the descriptor to be left open and as a result iptables rule
      matches were incomplete. Changed to initialize fd's as -1 and improved
      handling of error cases in stdout reading.
      
      Cleaned up code in iptables extension and added more debugging.
      
      Changed to use get_iptc_handle() for checking the names first, then
      resort to reading of the iptables table names file.
      
      Improved unit test for iptables extension (thanks also to Slava Monich
      for some fixes).
      6ca22638
  6. 29 Mar, 2018 1 commit
    • Jussi Laakkonen's avatar
      [connman] Sailfish iptables API support. Contributes to JB#39338 · 113f670c
      Jussi Laakkonen authored
      Adds support for managing iptables content via ConnMan. The header to
      include: iptables_ext.h, which is installed as part of devel package.
      
      Functionalities implemented for plugins to use:
       - Chain management (new, delete, flush, find)
       - Iptables rule management (insert, append, delete)
       - Commit iptables changes
       - Change iptables policy
       - Save, load and clear iptables
          - Each table is saved to STORAREDIR/iptables/{tablename}.v4
          - Saving is done by connman at startup/shutdown.
          - Saving of iptables feature is adapted from iptables source.
       - Get iptables content
      
      These functionalities do not restrict use of specific iptables table.
      Except use of chains or targets with "connman-" in name is prevented.
      
      Upgrade iptables' xtables library build requirement to >= 1.6.1.
      
      Upgrade iptables install requirement to >= 1.6.1.
      113f670c