This changes the firewall loading by setting first the rules for general
firewall and to enable default chain policies only if it succeeds. This
will prevent the device becoming a brick in sense of no networking in or
even out (as the DNS will be prevented) if a single rule in the configs
is wrong.

This commit blacklists following iptables matches defined with -m:
 - IPv4: iprange, recent, owner
 - IPv6: iprange, recent, owner, ttl

These will cause crash or errors that are not recoverable. The match -m
owner can be supported but requires more checks. It requires at least
one of --uid-owner, --gid-owner or --socket-exists additional switches.
There may be more to investigate on that -m owner.

Re-enabled IPv6 multiport which seems to work ok.

Improved parsing of iptables rules to check that the protocols defined
with -p and -m match, there is no -m protocol -m multiport used and -m
protocol does not exist without -p protocol.

Otherwise by defining these iptables either reports error or crashes
ConnMan.

This commit adds a failsafe mechanism to set policies of all chains to
ACCEPT in case the setup of dynamic rules fails due to iptables error.
It will cleanup and initialize iptables.c before setting the policies.

Also added a pre-cleanup for firewall. It sets the policies to defaults
before the iptables content is saved. This would prevent network
blocking in case of downgrading to version where the rules are not set.
The saved filter.v4 table then has not got DROP as default INPUT chain
policy.

Changed firewall rule enabling to report the last error and not to stop
when one error is encountered while enabling all rules.

This commit disables IPv6 match multiport as it does not seem to work
(iptables calls exit() on ConnMan).

Allowing to use two (2) matches (-m) in a rule which seems to be usual
maximum of the matches.

This commit adds use of dynamic rules for tethering. When tethering is
enabled notifier calls tethering_changed which firewall.c reacts by
enabling firewall rules to allow from the tethering interface:
 - Wifi: existing rules set for the group "tethering", all if none set
 - All others (e.g., usb tethering uses gadget type): All traffic

Added a configuration group "tethering" which is identical to any other
device in the configuration, same rules apply. These rules are enabled
only for WiFi hotspot and used alone if they have been set. Empty
"tethering" group rules results in the default rules (all traffic). The
chain used does not matter, if there is at least only one rule, only
that one is applied.

If tethering ident is not set, plain "tethering_default" is used as
identifier to save the firewall context into the dynamic rules.

If tethering firewall cannot be created or enabled tethering is set off
by calling connman_technology_tethering_notify() that generates a proper
notification for UI to catch.

Changed to use plain interface name (ifname) when cloning or setting
interface info instead of struct connman_service. This way same
functions can be used with other than service state changing notifier
function. The ifname has to be passed as char* even though it is
duplicated for each rule that is affected because of glib list traversal
functions.

This commit introduces checking of the iptables table name from the
iptables table names file before flushing. It works for IPv4 and IPv6.
If table does not exist in the file, it is not flushed.

The files to check are "/proc/net/ip_tables_names" for IPv4 and
"/proc/net/ip6_tables_names" for IPv6. The tables that are flushed are
kept as the same.

This commit changes the service type based dynamic rules to be service
identifier specific. Each service can have own ruleset, that is based on
the iptables rules set for the service type in firewall.conf.

All services of the same type have identical rules from the configuration.
The main reason of this is to accommodate the requirement of having two
simultaneous connections of same type to be online at the same time.

When a service is being connected for the first time a deep clone of the
firewall rule set for the service type is created. This firewall rule
set is removed from the internal current_dynamic_rules only when the
service is removed. When the service is disconnected the rules are
only removed from iptables, they remain in the firewall context of the
service for later use. The firewall rule id will be kept the same if the
firewall rule set is reused. Only thing that can change is the interface
to be used with the rule.

For an easier (and faster) check of whether the firewall is enabled a
new bool value is added to struct firewall_context. This is enabled when
firewall rules are added without error and id FW_ALL_RULES is given. It
is faster to check from this instead of going through all the rules
without any change to them if they are already enabled/disabled.

Added checks if the rules is valid UTF8 (if not, ignore). If the rule
starts with # character the rule is interpreted as commented out and is
not added. Rule must add with a '-' character as required by iptables,
otherwise the rule is ignored.

This commit introduces a support for general and dynamic firewall rules.
The rules are read from CONFDIR/firewall.conf. Additional configurations
are also supported, which must be put into CONFIGDIR/firewall.d/ and each
has to have "firewall.conf" suffix, e.g., 10-devmode-firewall.conf.

The rules in the configuration files are added to the specified
technology type rules or to general rules. The last config in the
directory can override the "General" section default policies for INPUT,
OUTPUT and FORWARD chains of filter table.

Managed chains are used so changes to content of filter table chains
INPUT, FORWARD, OUTPUT (neither for IPv4 or IPv6) are not done, except
for the policy. The format of the rules is the same as with iptables
rules, with exceptions detailed later in this message. The chain name
and policy name can be omitted in the config file.

Rules can be defined for IPv4 chains using INPUT, OUTPUT and FORWARD
keys in key config file. Rules for IPv6 chains can be set using
INPUT_IPv6, OUTPUT_IPv6 and FORWARD_IPv6. Default filter table policies
can be set only in General section and follow similar naming. IPv4
iptables default policies are set with keys that have a suffix "_POLICY"
added to the chain name. With IPv6 ip6tables policies the suffix is
"_POLICY_IPv6".

There can be general rules that are added to managed chains using
firewall.c functionality at firewall initialization and cleared at
firewall cleanup. General rules include defining policies for the default
filter table chains. The general rules section format (rules are
separated with semicolon ";" because comma "," is a separator for ports
in iptables rules):

INPUT = -p tcp -m tcp --dport 22 -j ACCEPT; -p udp -m udp -j ACCEPT
INPUT_IPv6 = -p tcp -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
FORWARD =
OUTPUT = -p tcp -m multiport --sports 1024:65000 -j ACCEPT
INPUT_POLICY = DROP
OUTPUT_POLICY = ACCEPT
FORWARD_POLICY = ACCEPT
INPUT_POLICY_IPv6 = ACCEPT

After ConnMan is shut down the policies on each default chain in filter
table are being set to ACCEPT. By adding the rules via firewall.c the
managed tables are also cleared at shutdown.

Each technology connman supports can have own dynamic rules set in the
same firewall.conf file. These rules are enabled and disabled when a
service comes up (READY, CONNETED) or goes down (DISCONNECT, FAILURE,
IDLE) and the interface the service is using is applied into the rule.
The format for the dynamic rules is same, for example cellular:

INPUT = -p tcp -m multiport --dports 1:1024 -j DROP
OUTPUT = -p udp -m udp --dport 23 -j DROP; -p tcp -j ACCEPT
INPUT_IPv6 = -p tcp -m ssh -j ACCEPT; -p udp -m udp -j DROP

In chain INPUT -i <interface> is added, in chain FORWARD -o <interface>
is added and in chain OUTPUT -o <interface> is added. For this
particular reason -i and -o switches are forbidden in the rules.

The following switches (and their longer equivalents) are not allowed in
rules (rules having one of these are ignored):
 - Chain management switches (-A, -D, -X, -F, -I, -P, -E, -R, -Z)
 - Interface definitions (-i, -o), expcept for group General
 - IP address switches (-s, -d, --to-destination, --from-destination)
 - State modifiers -m comment and -m state (and -m conntrack with IPv6)

All regular targets (ACCEPT, DROP, REJECT, LOG, QUEUE) are allowed. In
these rules adding chains is not allowed so additional targets cannot be
used, hence the managed tables.

The protocols defined in iptables manual pages are allowed: tcp, udp,
udplite, icmp, icmpv6, ipv6-icmp, esp, ah, sctp, mh and the special
keyword all.

If -m multiport switch is used it has to have some of the default port
switches. If a port switch is used port numbers can be used or service
names. Ports have to be separated with commas (set) or semicolons
(range) as iptables rules format defines.

This commit adds IPv6 support to firewall.c. Two new functions are added
to connman.h which allow to add and remove rules using IPv6
functionality that was added to iptables.c. This commit does not change
functionality of firewall.c, new functions are:
 - __connman_firewall_add_ipv6_rule()
 - __connman_firewall_remove_ipv6_rule()

The firewall functions operate on higher level than the iptables.c
functions so a clear separation of rule adding and removal is decided to
be implemented for IPv4 and IPv6. This abstracts the use of iptables and
for internal functionality this kind of separation of concerns here is
clarifying things instead of having to give a specific type for each
firewall function call.

g_list_previous was accessing the pointer deallocated by g_list_remove:

==2161== Invalid read of size 4
==2161==    at 0xC6F6C: __connman_firewall_remove_rule (firewall.c:356)
==2161==    by 0xC720F: __connman_firewall_disable (firewall.c:442)
==2161==    by 0xAA8A3: cleanup_firewall (session.c:239)
==2161==    by 0xAE483: __connman_session_cleanup (session.c:1814)
==2161==    by 0x52427: main (main.c:902)
==2161==  Address 0x5321000 is 8 bytes inside a block of size 12 free'd
==2161==    at 0x4840B28: free (vg_replace_malloc.c:530)
==2161==    by 0x4C9FBB3: g_list_remove (glist.c:521)
==2161==    by 0xC6F33: __connman_firewall_remove_rule (firewall.c:360)
==2161==    by 0xC720F: __connman_firewall_disable (firewall.c:442)
==2161==    by 0xAA8A3: cleanup_firewall (session.c:239)
==2161==    by 0xAE483: __connman_session_cleanup (session.c:1814)
==2161==    by 0x52427: main (main.c:902)
==2161==  Block was alloc'd at
==2161==    at 0x483F3EC: malloc (vg_replace_malloc.c:299)
==2161==    by 0x4CA90DF: g_malloc (gmem.c:94)
==2161==    by 0x4CBEF51: g_slice_alloc (gslice.c:1025)
==2161==    by 0x4CA0077: g_list_append (glist.c:261)
==2161==    by 0xC6E97: __connman_firewall_add_rule (firewall.c:345)
==2161==    by 0xAA807: init_firewall (session.c:215)
==2161==    by 0xAE403: __connman_session_init (session.c:1799)
==2161==    by 0x522D7: main (main.c:864)

When a new service becomes ready or online, it is checked if its
technology is more preferred than the one used by the currrent default
gateway. If so, this new service becomes the new default gateway.

When the tethering is enabled, a NAT rule is created to forward traffic
between the interface playing the AP role and the interface connected
to current default gateway. The problem comes out when the default
gateway changes, because the NAT rule is disabled but not removed from
the firewall rules list. Therefore, when the new rule is installed also
the old rule is installed because it is still in the list. If it
changes again, then three rules will be installed, and so on. They are
never removed.

This patch adds a deletion of all the rules from the firewall list
exactly after they are disabled to avoid the described problem.

We like to add and remove rules while the firewall is up and running.
For example we need to insert per Session rule in the global NAT table.
That could also be implemented destroying the whole table and recreate
it when need but that is quite an overhead.

Instead of taking down the whole table down we add an API to add and
remove new rules during runtime.

97c3189 Release 1.22
86373b4 dnsproxy: Check split routing when creating a server
27dba28 gdbus: Add g_dbus_client_set_ready_watch()
8bc2a4e dnsproxy: Destroy list using g_list_free_full
a33522d AUTHORS: Mention Maneesh's contributions
5ecc2a1 doc: Add API documentation about WiFi P2P Peer
48d43a8 test: Add method related to P2P services
73f8579 gsupplicant: Fix WPS sync-up error with wpa_supplicant
e5c6a34 session: Set state to disconnected when deactivating a session
ee485f6 service: Use connect reason from the failed service
90334bf session: Don't sent disconnects to sessions when updating
9d727fd session: Disconnect on configuration or session change
dd3492f session: Allow Session Connect and Disconnect be called multiple times
3b6f9c2 client: Allow Session Connect and Disconnect be called multiple times
e377722 session: Remove session, not service, from session list
2dba966 session: Do not remove non existing policy routing tables
aae5825 session: Do no create two instances of struct connman_service_info
76cb209 session: Update active sessions only on Session Connect and Disconnect
ddf176a nfacct: Remove support for NFACCT
fa4176b session: Remove unused NFACCT rules
32e260c session_policy_local: Do not use NULL as key to do a hash table lookup
404c4a4 stats: Use bool type instead integer
47b56b8 session: Update session state only after activation has been tried
3cf2e18 session: Expand '*' to all bearer types
027cbb0 AUTHORS: Mention Andrew's contributions
844286e doc: Update connection managment algorithm
4990bf7 test: Add a script to test P2P through wpa_supplicant DBus if
a1d11b7 test: Remove useless supplicant's old DBus interface test script
095a8f7 gdhcp: Refactor renew/rebind method
cd2c5c5 gdbus: Replace g_timeout_add with g_idle_add
c42a5f9 gdbus: Fix incorrect DBusConnection reference counting
72cc087 gdbus: Fix memory leak
12aad90 ntp: Exponential backoff when timeouting a sent message
eef5afa ntp: Support Kiss-of-Death packet
aed46d8 service: Check session policy before autoconnect is run.
0f76471 session: Add session policy autoconnect support
0e8b339 session: Make session policy global
1f7f926 session: Assign a service to sessions
d4cadd8 service: Disconnect on when last session is deactivated
5280685 service: Add connect reason to debug out in auto connnect
1a24280 service: Add connect reason to __connman_serice_auto_connect()
afd8f2d service: Add connect reason to __connman_service_connect()
88b837e session: Mark session active or inactive
470013d session: Remove service selection implementation
ec09003 Add Gadget session and weighting support.
1a831b6 AUTHORS: Mention Glenn's and Jonathan's contributions
996cbf1 src: Let systemd unmount remote filesystems before stopping connman
a587af9 src: Add D-Bus autostart configuration file
6ad4048 plugins: Add networking support to gadget plugin.
c09371c src: Introduce define for CONNMAN_NETWORK_TYPE_GADGET.
9abdf5f plugins: Refactor Gadget into separate plugin and file.
1e4e965 AUTHORS: Mention Hannu's contributions
30e16a1 ntp: Only accept NTP packets from the defined time server
a29da8c wispr: Handle wispr redirect properly
23fdeed inet: Eliminate misleading error logging
cb88f96 AUTHORS: Mention Philippe's contributions
089e52f README: Update recommended wpa_supplicant version and web page info
3bb94d4 gdhcp: Factor out DHCP Request sending
bd37ce0 Add REBOOTING state support for dhcp client
289c7fc gsupplicant: Rely on wpa_supplicant retry mechanism
9e59cc8 AUTHORS: Mention Alban's contributions
82ad017 config: add ifb in NetworkInterfaceBlacklist default
63aeaf6 src: Add Eduroam network .config file
0d7ad08 doc: Fix formatting
2ca6fb4 dnsproxy: Enable added DNS servers only for the default service
4f04f75 service: Add helper function for detecting a default service index
7b415b9 test: Add script for setting timezone
fefd145 client: Add initial completion for config and session commands
bd03493 client: Add support for monitor command completion
12c6a7a client: Add completion for tether command
f27040c client: Add on/off completion support for agent modes
95d42a7 client: Complete only one service or technology where appropriate
bee4ba8 client: Add helper function for ending readline completion
27088b9 client: Remove extra string duplication when completing commands
0f1dee2 client: Export command line word count function

git-subtree-dir: connman
git-subtree-split: 97c31890592867cc047154bc385d97620c3bb2f0

075e1bb Release 1.21
8e5b064 device: Security should be provided when scanning for a hidden SSID
9768e63 AUTHORS: Mention Sjoerd's contributions
bdd3f1c gweb: Handle proxies as addresses and hostnames
b601ede .mailmap: Capitalize Zhengguang's name
7b7343b wifi: Remove WiFi.AgentPassphrase from the wifi plugin
d087ff2 network: Remove WiFi.AgentPassphrase from network
fb2d1c5 service: Remove duplicate EAP AgentPassphrase information
2ea3cb6 network: Return error code instead of boolean
68f0816 dnsproxy: Check if socket is valid before using it
6228f41 gsupplicant: Remove useless NULL pointer checks
557f99d tools: Ignore errors about deprecated g_test_trap_fork
8465f78 AUTHORS: Mention Jaehyun's and Zhengguang's contributions
df66c9c bluetooth: Fix failure when enabling Bluez 5.x adapter
3bba8c7 build: Remove gtk-doc infrastructure
08b9ffe gweb: Add checks to validate DNS buffer
91913c4 gsupplicant: A network ssid of length 0 is valid, it's an hidden one
8047f3d Release 1.20
03a7957 AUTHORS: Mention Bastien's, Michael's and Mateusz' contributions
cc63e68 service: Call disconnect notifier when leaving 'ready' or 'online' states.
0e2ee70 bluetooth_legacy: Handle network removal in the middle of enabling
363393c gsupplicant: Fix empty string test
3412d72 gsupplicant: Remove useless NULL pointer check
92472e8 gdhcp: Return proper error values
8ae0c48 session: Warn if nfacct support is missing
11f302a service: Call disconnect notifier only when connected
984b911 service: Update nameservers after IP state check
e174b78 service: Use only nameservers whose IP type is enabled
8df91a1 gsupplicant: Fix invalid memory access when network interface is removed
a05682b gsupplicant: Support function to call any pending callbacks
cd27afe build: Undefine _FORTIFY_SOURCE before redefining it
4e9355a network: Do not access pointer after testing its valitiy
373e56a nat: Free all resources in error case
8f48beb hh2serial-gps: Check error returns when during init()
ed11856 l2tp: Close file descriptors after use
377da67 iptables: Remove dead code
af4419c ipconfig: Remove dead code
155863b gdhcp: Remove dead code
284c964 client: strerror expects positive error codes
1987d61 6to4: Return error code when tunnel_create() fails
9dfd3fc dnsproxy: Check return value of get_req_udp_socket()
080bc05 provider: __connman_error_failed() expects positive error codes
9f245e1 vpn-manager: __connman_error_failed() expects positive error codes
e5cdf25 nfacct: Don't setup nfacct until it's relevant to do so
14cd5fd firewall: Don't do anything with iptables until really necessary
9774fa2 service: Return fallback nameservers when no other available
4a08c3b ntp: Support NTPv3 protocol version
f05ee18 dnsproxy-test: Close socket in error path
e6c7b22 tap-test: Set device name with null termination
f066853 wifi: Do not access unitialized timestamp
e6390f5 ipv4ll: Initialize socket variable
0457297 log: Do not access array out of bounds
17a300a timezone: Null terminate pathname
bd27133 rtnl: Do not access variables out of scope
0390d2b inet: Initialize flags to 0
b99a849 core: Set device name with null termination
cf09d7c inet: Close socket when leaving function early
2f00994 dbus: Initialize uid for error path
b39dfae service: Enable split routing
4da8143 bluetooth-legacy: Do not turn off hci device when ConnMan stops
62f62af bluetooth: Do not turn off hci device when ConnMan stops
496f513 device: Disable had too strict checks which can prevent disconnect
e08c88a dnsproxy: name variable should be initialized
7e2d1ec network: Remove adhoc check as it is not needed
e08e8f5 wifi: Ignore adhoc networks
4905dc1 wifi: Reset device retry count on failure
70388d1 wifi: Remove redundant initialization of zero'd wifi_data
e2703e2 dhcp: Add useful IPv4 ll debug information
32c1abe dhcp: Stop IPv4 ll state machine properly
a710cd3 gdbus: Fix trying to remove already removed sources
a44997b session: Remove policy_probe()
386f340 AUTHORS: Mention Chengyi's and Tysen's contributions
0465d8a iptables: iptables_replace returns the wrong error code
9f4185b ipconfig: Do not remember interface name
bcb7f23 rtnl: Do not remember interface name
8c7e5d0 technology: Do not use interface name when adding interface
168b6d8 technology: Do not use interface name when removing interface
1c81ca7 vpn: Removed unused interface name variable
d06050d rtnl: Set service type to unknown if interface can not be found
da0f632 network: Stop DHCP for a failed network
39b0822 gweb: Fix memory leak in session address
51fb2c8 scripts: Function prototype fixes when function has no parameters
8fc31fe plugins: Function prototype fixes when function has no parameters
5c7a37b vpn: Function prototype fixes when function has no parameters
671c905 tools: Function prototype fixes when function has no parameters
ded0e13 src: Function prototype fixes when function has no parameters
278e0ce dnsproxy: Fix crash because cache is NULL
489127f gdbus: Remove not needed check for NULL DBusPendingCall
575de63 gdbus: Check for NULL DBusPendingCall in g_dbus_send_message_with_reply
4f9d0f6 Release 1.19
af6d530 main.conf: Update FallbackNameservers description
56ca4ac service: Add fallback nameservers to the Nameservers property
10fe61d resolver: Use fallback nameservers when none are otherwise supplied
87919ec config: Set the list separator to be comma
86c6980 wispr: Get the proper proxy address from the result
38b75ab gweb: Properly proceed a request through a proxy when one is set
aaafe0b service: Proxy should be reset when disconnecting
3ddbe85 pacrunner: Let ConnMan autostart PACrunner when doing proxy lookup
eb768d3 session: Remove struct service_entry
4833fcf session: Remove connect reason from struct service_entry
536367c service: Remove state argument from service_iterator_cb()
5edc149 session: Use service state getter
89ae11a service: Add getter for service state
8ecefc4 session: Move service_entry to struct connman_session
6715a43 session: Use a hash table to lookup sessions by service_entry
3de0402 service: Remove service name in service_iterate_cb()
8314cd2 session: Do not cache service name, type or bearer
8bd49d8 service: Run autoconnect on service disconnects
64fd6a0 device: Remove unused reconnect setting functions
7963aad service: Remove reconnect functions
98d2b81 service: Log only on service add and remove from network
a632fc3 service: Reduce logging when appending properties
1b87cd7 device: Do not cleanup already provisioned interfaces
39a68b3 inet: Add function to return interface IPv4 address and netmask
fd9f99e config: Add function to check if IP address is provisioned
0e46b1c TODO: Fix formatting
ee65cb1 TODO: Add VPNC and OpenVPN VPN Agent task
f9e2b0f service: Load and save VPN autoconnect state
49e739a service: Add VPN autoconnect
e85f2f2 service: Update service list sorting
909990b client: Add a no-op input handler
b2199d0 client: Fix unintended Manager monitor messages
3a92f7e vpn: Update error_code() signature change
fb92c17 openconnect: Unset Cookie on login failed
c4a0275 vpn: Add provider struct to error code function
2cce14a service: Check for immutable VPN service properties
f0455e2 provider: Add a provider-specific immutable flag
3d3b374 service: Take ordering into account when comparing connected services
664e9c0 service: Fix VPN and service list order
b80cddd core: Make stats hash table static
eba9a6e service: Simplify return code in connman_service_get_timeservers()
8133c32 dhcp: Store host and domain name in service struct
ba9ec13 service: Set host and domain names when default service changes
94804e1 service: Add functions to set/get a host name per service
aa5b7d3 gdbus/client: Use g_dbus_add_properties_watch to track properties
b2e7c61 gdbus/client: Use g_dbus_add_signal_watch to track signals
5350bac gdbus/client: Use g_dbus_add_service_watch to track services
807509e gdbus/watch: Fix crash when disconnecting from D-Bus
8996db2 gdbus/watch: Fix aborting when removing D-Bus filter
b169ad9 gdbus/watch: Fix crash when g_dbus_remove_watch is called from connect callback
a5238e7 TODO: Mark Session API implementation done
ea838d8 notifier: Use MAX_CONNMAN_SERVICE_TYPES instead of MAX_TECHNOLOGIES
ce9fcdb session: Remove pending functions
0db0d38 service: Remove session reference counting functions
ac73850 session: Remove service reference counting
0d69def doc: Update SessionMode description
34e6ffb manager: Remove implementation around SessionMode
f863575 session: Only add and remove connected services
ebe52c5 service: Add helper function for fetching the name of a service
3ae61c3 session: Remove calls to service connect and disconnect
0a9606e service: Use session information when autoconnecting
fdcda5a session: Update autoconnect with active session service types
3526fbf service: Add function counting number of sessions using a service type
98473aa service: Reorganize service autoconnect function
75ec8d2 service: Simplify autoconnect code
c0a1d90 tools: Update session unit tests
c71bd85 tools: Fix already exists test
4121dbe TODO: Mark multiple agents task done
ba87b99 agent: Make sure there is an agent before asking user
6352c3f vpn: Make sure there is an agent before asking user
c53b88e agent: Add multi agent support
1b986e1 agent: API changes required for multi agent support
b7b0d64 vpn: Unregister agent driver before removing provider
1b0629f service: Unregister agent driver before removing service
bfaa23f agent: Check that message exists before calling dbus
cb25395 agent: Change the name of the agent struct
3ca00a8 gdbus: Fix emitting PropertiesChanged twice
0d86c21 gdbus: Avoid calling dbus_connection_send*
31764f9 gdbus: Add g_dbus_send_message_with_reply
202b74f gdbus: Fix sending ObjectManager/Properties signals out of order
5619eb9 config: Allow omitting gateway from IPv4 and IPv6 setting
7cc0b72 service: Change default service before updating service order
2be7d77 service: Do not change default service if new default is not connected
1ffe8aa service: Re-doing wispr check needs to increment service ref count
b1741a0 service: Clear default service pointer when service is removed
c9d8a0a service: More debug prints when default service is changed
110abe3 ipconfig: Fix possible memory leak in ipconfig loading
55ec085 ipconfig: Make sure IPv4 method is set before saving it
21cace4 vpn-provider: ProtocolFamily is an int32
d40329b ofono: Remove unused variable
4dc3410 bluetooth: Leading whitespace fix
d1665b4 bluetooth: Use dbus_bool_t when accessing a D-Bus boolean
dda5546 dundee: 32bits boolean should be used due to dbus in relevant places
1281e8b vpn: 32bits boolean should be used due to dbus in relevant places
1997f45 ofono: 32bits boolean should be used due to dbus in relevant places
13fe78c service: 32bits boolean should be used due to dbus in relevant places
479c973 technology: 32bits boolean should be used due to dbus in relevant places
cf064e9 Release 1.18
a5d3817 TODO: Update command line client task
33ebe58 service: Debug print caused segfault
377c594 doc: Improve plugin documentation
4215992 log: Replace timebased ratelimit function with one that prints once
1ef0b07 service: Do not clear 802.1x credentials when connecting
167dc80 loopback: Fix spelling of loopback
719dcfb config: Return success after reading ethernet service section
316cfc4 AUTHORS: Mention Luca's and Peter's contributions
92cf003 vpn: Document that values in vpn-config-format.txt do not comprise whitespace
4c66d75 vpn: Use function to trim trailing whitespace
2d61b56 vpn: Add functions trimming trailing whitespace when reading config values
a9c7ad1 doc: Document that values in config-format.txt do not comprise whitespace
eb9da48 config: Use function to trim trailing whitespace when reading config files
a380bb1 config: Add functions trimming trailing whitespace when reading config values
24ed0b2 ipconfig: Accept correct spelling of preferred
db95cff client: Display correct spelling of preferred in connmanctl usage text
b33b5c2 doc: Fix typo of preferred
8d2d14c doc: Fix typos in advanced-configuration.txt
a996d84 client: Fix setting session state to disconnected
0350fc3 wifi: Fix a memory leak when trying to connect a disconnecting network
b872618 rtnl: Print out warning when WEXT newlink messages are seen
95cde6f log: Add rate limiting warn message
8e4b5d7 gsupplicant: Use uint32 instead of string for wep_tx_keyidx
26ada06 client: Add Session configuration support
0b0dfaf client: Add support functions for Session Update message creation
b8c8540 client: Add Session notification printing and Release handling
6150b8a client: Initial session support
ed2d980 client: Add helper function for adding a D-Bus dict
52ec323 client: Add append function to D-Bus method call helper
c43d3a5 main: Use gboolean type in GOptionEntry
115cb9c readme: Document kernel options needed by session
ba4d4ed nfacct: Make sure nfacct is there before accessing it
d482e18 iptables: Alignment fixes
b5d9c25 client: Remove unnecessary printout
2d1f9cd client: Rename command completion callback function
892b803 client: Implement autocompletion for offline mode
5a3c477 client: Fix service and technology completion while monitoring
55f6589 client: Add completion for technologies
0ef9b74 client: Add completion for services
477173f Release 1.17
8378438 tethering: Check failure if NAT cannot be enabled
024c06d inet: Clarify the code by not casting the function pointer
1dc0844 dhcpv6: Timeout timer was not cleared after receiving a reply
eadec4e todo: Mark DHCPv6 DECLINE message support done
e51c91f dhcpv6: Check if we need to do DAD
c7fcf8f dhcpv6: Add DECLINE message support
61be283 dhcpv6: Use different callback than DHCPv4
ebd29dc gdhcp: Add DHCPv6 DECLINE message checks
1da88d5 gdhcp: Add function that adds addresses to IA_NA or IA_TA options
ca32a30 gdhcp: Add function to remove DHCPv6 options that should not be sent to server
508526d dhcpv6: Added duplicate address detection calls
06c892f service: Do not try to save if service is NULL
7351d73 inet: Add function for IPv6 Duplicate Address Detection
fd2c1d4 main: Ensure the end of service type list is set properly
9857cd6 session: Use D-Bus owner to create unique paths for sessions
d146379 session: Error function expects positive values
d811fdb tools: Fix compilation warning on possible uninitialization
65f1ff1 service: Do not send state changed signal if we are already in idle state
6b64387 service: Newline cleanup
38c1662 dhcpv6: Expire time was incorrectly calculated
60ee35f ippool: IP address collision fix
d2b3f4e ippool: Removed inclusion of getopt.h as it is not needed
6185fd6 wifi: Postpone an hidden discovery if a scan is already running
5786830 device: Let the scan function to decide on current status
419c4c7 gsupplicant: Make sure it's possible to scan again when a scan is done
600f186 openvpn: Don't set additional VPN network properties
c96f0cc pptp: Don't set additional VPN network properties
c871ca6 l2tp: Don't set additional VPN network properties
312270a doc: Update Service API doc with provisioned and hidden WiFi
444e084 doc: Change coding style for NULL pointer checks
8e0b538 tools: Fix whitespace issue
aa1e9fb shared: Fix whitespace issue
7cc0e05 core: Fix overlong line
0f418b4 gweb: Fix overlong line
90cdfca gdhcp: Fix overlong line
747f6ca client: Remove unnecessary braches
72f711b client: Fix whitespace issues
6764183 core: Do not compare expression against NULL
313d102 vpn: Do not compare expression against NULL
a0a24ba unit: Do not compare expression against NULL
c879c4f tools: Do not compare expression against NULL
bd99aaa core: Do not compare expression against NULL
bc16b1a scripts: Do not compare expression against NULL
9c779a4 plugins: Do not compare expression against NULL
98cd55e gweb: Do not compare expression against NULL
555a166 gsupplicant: Do not compare expression against NULL
fae59f2 gdhcp: Do not compare expression against NULL
b8311f9 client: Do not compare expression against NULL
37472f1 ofono: Use dbus_bool_t for D-Bus functions
68445cb dnsproxy: Possible socket leak if running out of memory
d6a3a39 bluetooth: Check pointer for null before passing to strcmp()
72fc5cf bluetooth: Address pointer might be null when creating nap
c27e223 client: Avoid possible uninitialized memory access
242bb5a dhcpv6: Check that prefix is in valid range
5a46026 gdhcp: Remove obsolete dhcpv6 support functions
4f3a601 gdhcp: Remove function to set the dhcpv6 expire time
584fecd dhcpv6: Fix rebind when doing prefix delegation
e513e25 dhcpv6: Start solicitation if addresses expired
038c6fd dhcpv6: Fixing the renew and rebind logic
f07141b dhcpv6: REBIND IA option was missing IP addresses
f281d25 dhcpv6: REBIND was sent too late
884babd dhcpv6: Do REBIND after T2
305b607 client: Don't pretty-print hidden WiFi network as '<hidden>'
6fd9e3f service: Always notify pending D-Bus clients of disconnect
862159c doc: Document that unplugging Ethernet will remove the service
e67f44e README: Add info how to create traces with timestamps
8c99c24 dhcp: Add interface index to DHCP debug label
a063238 gdhcp: Use REQUEST_TIMEOUT for renew request
8bf42fc dhcp: Add a separate DHCP client for IPv4LL
6feedae gdhcp: Report no lease found instead of starting IPv4LL
0508254 AUTHORS: Mention Terry's contributions
c562954 gdhcp: Fix byte order for send_discover()
7a2d00e technology: Do not send any rfkill to kernel after receiving one
10ce0a8 technology: Check hardblock when returning from offline mode
7044545 gsupplicant: Only add interface when wpa_supplicant is in ready state
507c98f dhcp: Pass in stdbool type values to the DHCP callback
fd9e5c6 ofono: Fix bool type for D-Bus message
40aa7a2 technology: Fix style issue caused by earlier coccinelle patch
7026821 session-utils: Use g_test_add_vtable directly
d4d6f5d vpnc: Use stdbool defines for true and false
d4fa1ce main: Use stdbool defines for true and false
fbf9f8d config: Use stdbool defines for true and false
543dbfd connection: Use bool type instead of int
d052eb3 TODO: Mark bool cleanup done
86d2592 build: Remove unsued types.h header
15d8db8 vpn: Whitespace cleanup
817053d unit: Whitespace cleanup
c75d61f tools: Whitespace cleanup
8847596 core: Whitespace cleanup
e1eedf1 scripts: Whitespace cleanup
7918142 gsupplicant: Whitespace cleanup
2f4c06d gdhcp: Whitespace cleanup
571fdfd client: Whitespace cleanup
ad7abb5 plugins: Whitespace cleanup
b89fa6d vpn: Convert to stdbool with coccinelle
0f3df75 unit: Convert to stdbool with coccinelle
47e034b tools: Convert to stdbool with coccinelle
a56c9f7 core: Convert to stdbool with coccinelle
bf61588 scripts: Convert to stdbool with coccinelle
304dfa9 plugins: Convert to stdbool with coccinelle
30773ab include: Convert to stdbool with coccinelle
8c2ca22 gweb: Convert to stdbool with coccinelle
165eec0 gsupplicant: Convert to stdbool with coccinelle
11ee4af gdhcp: Convert to stdbool with coccinelle
df2ae22 client: Convert to stdbool with coccinelle
0ca492b core: Included stdbool.h
5d56021 plugins: Included stdbool.h
5b87a18 tools: fix include
5b4bbff gdhcp: Included stdbool.h
1a8e8a3 gweb: Included stdbool.h
e25fc73 vpn: Included stdbool.h
22afaa9 include: Included stdbool.h
a77455e vpn: Use dbus_bool_t with D-Bus functions
14b4bba tools Use dbus_bool_t with D-Bus functions
5d92b1e plugins: Use dbus_bool_t with D-Bus functions
647ecc0 core: Use dbus_bool_t with D-Bus functions
1f63c00 dnsproxy: Use boolean variables correctly
c190e46 session-test: Pass in struct test_fix into tests
adce56f session: Use GLib typedef for callback
1daa424 timeserver: Fix ts_recheck() signature
3cf33b7 readme: USB gadget tethering kernel options added
be294f9 ethernet: Create USB gadget device driver
ad79c1a technology: Return error if no devices can be found for a technology
339f05f technology: Technology must have a name when saving its data
9d1fbfe technology: USB gadget technology type had no name
f020c1e wifi: Make sure we ref the network before using it in callback
677b2d4 session: Do not delete invalid policy routing entry
ae6afc2 build: Build a simpler version of libgdbus-internal
42cf3ab build-sys: Use libgdbus-internal.la
70e7b0d doc: Add information how Technologies can be controlled
48dbff3 technology: Follow external rfkill events and act accordingly
c3c35b8 technology: Checking offline mode separately when rfkill device is added
f2a958c technology: Do not activate technology if returning from hardblock while in offline mode
5378ab9 technology: Print information when technogy is switched on
54f0d5c Release 1.16
831028d AUTHORS: Mention Constantin's contributions
8b1f599 inet: Check parameters before trying to clear IP address
46bbe4e wifi: Memory leak when creating a supplicant scan request
8b952da plugin: Remove NEED_THREADS
5bd3965 service: Send state changed signal after downgrading state
ea030b9 nat: Use managed iptables API for MASQUERADE rule
db4dc1a dhcpv6: Update service DNS search domain list
edcb7fa service: Add function to update the DNS search domain list
bb06c47 gdhcp: Domain search list DHCPv6 option is checked
df37290 dhcpv6: Do not send DNS options in CONFIRM message
b3a7700 readme: Add bug reporting information
31005cf build: Remove unused --enable-threads configure switch
ffe6305 wifi: Interface creation callback might arise when it is not ready yet
f62d6d6 nfacct: Use unsigned int for error codes
c7e1574 shared/nfacct: Use unsigned int for error codes
d534dc6 shared/netlink: Use unsigned int for error codes
a727163 shared/util: Move cb_data_new() helpers to util header
f3775eb readme: Clarify how the wpa_supplicant D-Bus autostart behaves
a0786d8 client: Support openconnect Agent API fields
2052499 openconnect: Add support for final VPN server
0a99d79 openconnect: Use VPN string OpenConnect.ServerCert
67df5dc openconnect: Use OpenConnect.ServerCert from the RequestInput reply
45d6b58 openconnect: The --cafile argument is not needed for openconnect
daadd1b openconnect: Drop cookie argument from run_connect()
e4ce120 openconnect: Use oc_private_data instead of request_input_reply
90dffd5 openconnect: Move code earlier in the file
d758a7b openconnect: Request missing openconnect information
70880bb doc: Document openconnect certificate and server options
f101bba dhcpv6: Set addresses after we have checked the status code
d79565c dhcpv6: Set addresses from CONFIRM reply if status is ok
06b4396 dhcpv6: Most of the reply error handling was missing
1f5c57d dhcpv6: Enable checking of reply error codes
aa5413f tethering: Cleanup tethering when connman is shutting down
30c0dbc inet: Remove unused gateway setting functions
10a3beb connection: Use netlink functions to set default gateway
8aae35a tethering: Use the prefix length from ippool instead of hard coded value
f7b865e tethering: Add debug print so we notice restarts
3ddffce nfacct: Do not fail in nfacct_flush_cb() when NFACCT is not supported
17badd6 netlink-test: Use assertion to verify results
a5f3d04 nfacct: netlink uses positive error codes
83bb349 ipv6pd: Change PD status according to uplink IPv6 status
416a2d6 ipv6pd: Check IPv6 support
6b43ca3 ipconfig: Add support function to return ipconfig IPv6 status
1243114 network: Set service disconnect state correctly
3b98cf0 network: Function name was missing a proper prefix
55f5273 tethering: Activate IPv6 prefix delegation support when tethering
905c0e9 ipv6pd: IPv6 prefix delegation implementation logic
55b7b2d dhcpv6: Add prefix delegation release support
50c44d5 dhcpv6: Add prefix delegation renew support
68bc0b7 dhcpv6: Initial IPv6 prefix delegation support
73f1b79 ipconfig: Save and load delegated IPv6 prefixes
24fc3de inet: Add functions to receive ICMPv6 router solicitation messages
4b6daf1 inet: Add function to send ICMPv6 router advertisement message
1744fd5 gdhcp: Print more error information if DHCPv6 message send failed
a25b411 gdhcp: Get server DUID if we do not know it yet
f59d373 gdhcp: Read only sub-option amount of data
c88cd2e gdhcp: IPv6 prefix delegation support
707f011 gdhcp: Pretty print DUID to the debug log
9fe12b7 gdhcp: Ignore server DUID missing error
3051ef6 gdhcp: Print debug information about sent requests
d9a852d inet: Enhance debug print usefullness
9d99f58 inet: Return errors correctly when setting multicast options
932e1b9 inet: Add function to get the link local address attached to an interface
3aa5313 inet: Fix IPCMv6 checksum calculation
6520dc9 doc: Update Session overview
462d368 netlink-test: Use open coded message creation instead of struct
333f863 netlink-test: Fix printf format string for uint64_t
be21997 nfacct: Fix DBG() format string for uint64_t
41f3712 README: Add kernel config options for full Session support
bd8cd2c session: Add routing and accounting iptables rules
45c3bbd session: Add global firewall rules
f48f9b9 session: Add policy routing table
009171b session: Add NFACCT rules per session
cd8a209 session: Flush all NFACCT rules on bootup
36e2dcc session: Store creation related data into a struct
21aa00b nfacct: Add helper function for managing several rules
755217a nfacct: Add __connman_nfacct_flush()
19ca578 netlink-test: Add NFACCT low level test
41c54f5 nfacct: Add NFACCT
fd71731 shared: Add a copy of the nfnetlink_acct.h kernel header
030f578 netlink-test: Add test program for netlink
d25b22c netlink: process_multi() should call handler on done
d765b15 netlink: Port ELL's version of netlink
32baa22 inet: Add function to remove default route from a routing table
a4d3e1b inet: Add function to setup default route to a routing table
cba24db inet: Add functions to setup fwmark to routing table
1d64996 session_policy_local: Don't look up hash tables using NULL key
e8344a9 session_policy_local: Add support for UID/GID only
49671af session_policy_local: Call failed_create() with the real user pointer
aeaeb4b gdbus: Remove proxies when client disconnects
260608b wifi: Memory leak when tethering
9286090 ippool: Memory leak
fbe905a client: Fix passphrase handling
cbc629f client: Implement VPN Agent API RequestInput method call
66dcdec client: Add vpnagent command to register and unregister VPN Agent
1ac8610 client: Implement support for queueing Agent messages
01fe75b client: Add VPN Agent support for Release, Cancel and ReportError
2e43802 client: Create agent data structure and pass it in function callbacks
ba7f46b client: Don't handle Agent messages in monitor code
ab78ab7 client: Fix DBUS_TYPE_UINT16 pretty-printing
475a695 dhcpv6: Send domain list option to server
05a3f47 unit: Multiple collisions with different pools
e51fdfd unit: Test ippool collision differently
35ccdc8 ippool: Clear allocated block pointer at cleanup
5f5910b ippool: Private address check was incorrect
58ec105 service: Send proxy properties when connected or disconnected
b4f0e90 technology: Offlinemode could not be disabled if no technology was powered
4c50210 TODO: Mark GSequence removal done
02d4740 service: Use GList instead of GSequence for service list
afa245f session: Use GList instead of GSequence for service list
9342269 session: Use service iterator instead of match/creation callbacks
2386b67 service: Initialize tech_data
2476ce7 client: Avoid printing extra prompt on RequestInput
db6ec6b client: Read D-Bus string type only if argument is 'Type'
a6aa682 client: Pretty-print D-Bus signed integers
9a048c1 client: Add VPN monitoring support
ab7294a client: Add support for displaying VPN connections
667f355 client: Add VPN connection helper function
5186846 client: Add parameter to specify D-Bus service for method call
032adc9 client: Add missing header file boilerplate
77ade69 dhcpv6: Make sure release message is sent
0515b22 build: Add session policy format document
df1a4cb doc: Document session policy file format
7eca790 session-test: Add tests for session_policy_local
b553c5a session_policy_local: Set session identification method
2ffa1d6 session: Add session identification method to config
9c5cb53 session_policy_local: Retrieve UID/GID from session user
42679c8 session_policy_local: Remove struct create_data
f71ccc8 session_policy_local: Rework policy file handling
f75c792 session_policy_local: Add some more debug information
61ed5e2 session_policy_local: Update session before unref policy
99249a4 session_policy_local: Refactor SELinux context parser
3fb5619 session_policy_local: Do not handle small allocation
d6f82bb session: Do not access stale entry pointers
e329cc8 session: Add session argument to create_service_entry_cb
32a8cf5 TODO: Support other time sources
3b70a3d timeserver: Periodically wake up to recheck timeservers
bac356f iptables: Fix memory leak when invoking xtables_find_match

git-subtree-dir: connman
git-subtree-split: 075e1bbdda5b2ba2bba6fc75e458684365e5c6e9