2 * Copyright (c) 2016 Samsung Electronics Co., Ltd.
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 #include "stc-manager-gdbus.h"
18 #include "helper-iptables.h"
20 #define STC_IPTABLES_DBUS_SERVICE "net.stc.iptables"
21 #define STC_IPTABLES_DBUS_RULE_INTERFACE STC_IPTABLES_DBUS_SERVICE ".rule"
22 #define STC_IPTABLES_DBUS_CHAIN_INTERFACE STC_IPTABLES_DBUS_SERVICE ".chain"
23 #define STC_IPTABLES_DBUS_RULE_PATH "/net/stc/iptables/rule"
24 #define STC_IPTABLES_DBUS_CHAIN_PATH "/net/stc/iptables/chain"
25 #define STC_IPTABLES_DBUS_METHOD_IPT_ADD_CHAIN "IptAddChain"
26 #define STC_IPTABLES_DBUS_METHOD_IPT_REMOVE_CHAIN "IptRemoveChain"
27 #define STC_IPTABLES_DBUS_METHOD_IPT_FLUSH_CHAIN "IptFlushChain"
28 #define STC_IPTABLES_DBUS_METHOD_IP6T_ADD_CHAIN "Ip6tAddChain"
29 #define STC_IPTABLES_DBUS_METHOD_IP6T_REMOVE_CHAIN "Ip6tRemoveChain"
30 #define STC_IPTABLES_DBUS_METHOD_IP6T_FLUSH_CHAIN "Ip6tFlushChain"
31 #define STC_IPTABLES_DBUS_METHOD_IPT_ADD_RULE "IptAddRule"
32 #define STC_IPTABLES_DBUS_METHOD_IPT_REMOVE_RULE "IptRemoveRule"
33 #define STC_IPTABLES_DBUS_METHOD_IP6T_ADD_RULE "Ip6tAddRule"
34 #define STC_IPTABLES_DBUS_METHOD_IP6T_REMOVE_RULE "Ip6tRemoveRule"
36 #define RULE_CHAIN "chain"
37 #define RULE_DIRECTION "direction"
38 #define RULE_IFNAME "ifname"
39 #define RULE_CGROUP "cgroup"
40 #define RULE_NFACCT "nfacct"
41 #define RULE_TARGET "target"
42 #define RULE_SIPTYPE "s_ip_type"
43 #define RULE_SIP1 "s_ip1"
44 #define RULE_SIP2 "s_ip2"
45 #define RULE_DIPTYPE "d_ip_type"
46 #define RULE_DIP1 "d_ip1"
47 #define RULE_DIP2 "d_ip2"
49 static void __add_rule_info_to_builder(GVariantBuilder *builder,
50 iptables_rule_s *rule)
52 if (builder == NULL || rule == NULL)
53 return; //LCOV_EXCL_LINE
55 g_variant_builder_add(builder, "{sv}", RULE_CHAIN,
56 g_variant_new_string(rule->chain));
58 g_variant_builder_add(builder, "{sv}", RULE_DIRECTION,
59 g_variant_new_uint16(rule->direction));
62 g_variant_builder_add(builder, "{sv}", RULE_IFNAME,
63 g_variant_new_string(rule->ifname));
65 if (rule->classid > 0)
66 g_variant_builder_add(builder, "{sv}", RULE_CGROUP,
67 g_variant_new_uint32(rule->classid));
69 if (rule->nfacct_name)
70 g_variant_builder_add(builder, "{sv}", RULE_NFACCT,
71 g_variant_new_string(rule->nfacct_name));
74 g_variant_builder_add(builder, "{sv}", RULE_TARGET,
75 g_variant_new_string(rule->target));
77 g_variant_builder_add(builder, "{sv}", RULE_SIPTYPE,
78 g_variant_new_uint16(rule->s_iprange_type));
80 g_variant_builder_add(builder, "{sv}", RULE_DIPTYPE,
81 g_variant_new_uint16(rule->d_iprange_type));
83 if (rule->s_ip1.s_addr)
84 g_variant_builder_add(builder, "{sv}", RULE_SIP1,
85 g_variant_new_uint32(rule->s_ip1.s_addr));
87 if (rule->s_ip2.s_addr)
88 g_variant_builder_add(builder, "{sv}", RULE_SIP2,
89 g_variant_new_uint32(rule->s_ip2.s_addr));
91 if (rule->d_ip1.s_addr)
92 g_variant_builder_add(builder, "{sv}", RULE_DIP1,
93 g_variant_new_uint32(rule->d_ip1.s_addr));
95 if (rule->d_ip2.s_addr)
96 g_variant_builder_add(builder, "{sv}", RULE_DIP2,
97 g_variant_new_uint32(rule->d_ip2.s_addr));
100 static int __iptables_rule_add(GDBusConnection *connection,
101 iptables_rule_s *rule)
104 GVariantBuilder *builder = NULL;
105 GVariant *params = NULL;
106 GVariant *message = NULL;
108 builder = g_variant_builder_new(G_VARIANT_TYPE("a{sv}"));
109 __add_rule_info_to_builder(builder, rule);
110 params = g_variant_new("(a{sv})", builder);
111 g_variant_builder_unref(builder);
113 message = stc_manager_gdbus_call_sync(connection,
114 STC_IPTABLES_DBUS_SERVICE,
115 STC_IPTABLES_DBUS_RULE_PATH,
116 STC_IPTABLES_DBUS_RULE_INTERFACE,
117 STC_IPTABLES_DBUS_METHOD_IPT_ADD_RULE,
120 if (message == NULL) {
121 STC_LOGE("Failed to invoke dbus method"); //LCOV_EXCL_LINE
122 return STC_ERROR_FAIL; //LCOV_EXCL_LINE
125 g_variant_get(message, "(i)", &result);
127 STC_LOGD("Successfully Add Rule [%d:%s]", result, rule->nfacct_name);
128 g_variant_unref(message);
130 return STC_ERROR_NONE;
133 static int __iptables_rule_remove(GDBusConnection *connection,
134 iptables_rule_s *rule)
137 GVariantBuilder *builder = NULL;
138 GVariant *params = NULL;
139 GVariant *message = NULL;
141 builder = g_variant_builder_new(G_VARIANT_TYPE("a{sv}"));
142 __add_rule_info_to_builder(builder, rule);
143 params = g_variant_new("(a{sv})", builder);
144 g_variant_builder_unref(builder);
146 message = stc_manager_gdbus_call_sync(connection,
147 STC_IPTABLES_DBUS_SERVICE,
148 STC_IPTABLES_DBUS_RULE_PATH,
149 STC_IPTABLES_DBUS_RULE_INTERFACE,
150 STC_IPTABLES_DBUS_METHOD_IPT_REMOVE_RULE,
153 if (message == NULL) {
154 STC_LOGE("Failed to invoke dbus method"); //LCOV_EXCL_LINE
155 return STC_ERROR_FAIL; //LCOV_EXCL_LINE
158 g_variant_get(message, "(i)", &result);
160 STC_LOGD("Successfully Remove Rule [%d:%s]", result, rule->nfacct_name);
161 g_variant_unref(message);
163 return STC_ERROR_NONE;
166 static int __ip6tables_rule_add(GDBusConnection *connection,
167 iptables_rule_s *rule)
170 GVariantBuilder *builder = NULL;
171 GVariant *params = NULL;
172 GVariant *message = NULL;
174 builder = g_variant_builder_new(G_VARIANT_TYPE("a{sv}"));
175 __add_rule_info_to_builder(builder, rule);
176 params = g_variant_new("(a{sv})", builder);
177 g_variant_builder_unref(builder);
179 message = stc_manager_gdbus_call_sync(connection,
180 STC_IPTABLES_DBUS_SERVICE,
181 STC_IPTABLES_DBUS_RULE_PATH,
182 STC_IPTABLES_DBUS_RULE_INTERFACE,
183 STC_IPTABLES_DBUS_METHOD_IP6T_ADD_RULE,
186 if (message == NULL) {
187 STC_LOGE("Failed to invoke dbus method"); //LCOV_EXCL_LINE
188 return STC_ERROR_FAIL; //LCOV_EXCL_LINE
191 g_variant_get(message, "(i)", &result);
193 STC_LOGD("Successfully Add 6 Rule [%d:%s]", result, rule->nfacct_name);
194 g_variant_unref(message);
196 return STC_ERROR_NONE;
199 static int __ip6tables_rule_remove(GDBusConnection *connection,
200 iptables_rule_s *rule)
203 GVariantBuilder *builder = NULL;
204 GVariant *params = NULL;
205 GVariant *message = NULL;
207 builder = g_variant_builder_new(G_VARIANT_TYPE("a{sv}"));
208 __add_rule_info_to_builder(builder, rule);
209 params = g_variant_new("(a{sv})", builder);
210 g_variant_builder_unref(builder);
212 message = stc_manager_gdbus_call_sync(connection,
213 STC_IPTABLES_DBUS_SERVICE,
214 STC_IPTABLES_DBUS_RULE_PATH,
215 STC_IPTABLES_DBUS_RULE_INTERFACE,
216 STC_IPTABLES_DBUS_METHOD_IP6T_REMOVE_RULE,
219 if (message == NULL) {
220 STC_LOGE("Failed to invoke dbus method"); //LCOV_EXCL_LINE
221 return STC_ERROR_FAIL; //LCOV_EXCL_LINE
224 g_variant_get(message, "(i)", &result);
226 STC_LOGD("Successfully Remove 6 Rule [%d:%s]", result, rule->nfacct_name);
227 g_variant_unref(message);
229 return STC_ERROR_NONE;
232 static int __iptables_add_chain(GDBusConnection *connection,
236 GVariant *message = NULL;
238 message = stc_manager_gdbus_call_sync(connection,
239 STC_IPTABLES_DBUS_SERVICE,
240 STC_IPTABLES_DBUS_CHAIN_PATH,
241 STC_IPTABLES_DBUS_CHAIN_INTERFACE,
242 STC_IPTABLES_DBUS_METHOD_IPT_ADD_CHAIN,
243 g_variant_new("(s)", chain));
245 if (message == NULL) {
246 STC_LOGE("Failed to invoke dbus method"); //LCOV_EXCL_LINE
247 return STC_ERROR_FAIL; //LCOV_EXCL_LINE
250 g_variant_get(message, "(i)", &result);
251 STC_LOGD("Successfully added ipv4 chain [%d:%s]", result, chain);
252 g_variant_unref(message);
254 return STC_ERROR_NONE;
257 static int __ip6tables_add_chain(GDBusConnection *connection,
261 GVariant *message = NULL;
263 message = stc_manager_gdbus_call_sync(connection,
264 STC_IPTABLES_DBUS_SERVICE,
265 STC_IPTABLES_DBUS_CHAIN_PATH,
266 STC_IPTABLES_DBUS_CHAIN_INTERFACE,
267 STC_IPTABLES_DBUS_METHOD_IP6T_ADD_CHAIN,
268 g_variant_new("(s)", chain));
270 if (message == NULL) {
271 STC_LOGE("Failed to invoke dbus method"); //LCOV_EXCL_LINE
272 return STC_ERROR_FAIL; //LCOV_EXCL_LINE
275 g_variant_get(message, "(i)", &result);
276 STC_LOGD("Successfully added ipv6 chain [%d:%s]", result, chain);
277 g_variant_unref(message);
279 return STC_ERROR_NONE;
282 static int __iptables_remove_chain(GDBusConnection *connection,
286 GVariant *message = NULL;
288 message = stc_manager_gdbus_call_sync(connection,
289 STC_IPTABLES_DBUS_SERVICE,
290 STC_IPTABLES_DBUS_CHAIN_PATH,
291 STC_IPTABLES_DBUS_CHAIN_INTERFACE,
292 STC_IPTABLES_DBUS_METHOD_IPT_REMOVE_CHAIN,
293 g_variant_new("(s)", chain));
295 if (message == NULL) {
296 STC_LOGE("Failed to invoke dbus method"); //LCOV_EXCL_LINE
297 return STC_ERROR_FAIL; //LCOV_EXCL_LINE
300 g_variant_get(message, "(i)", &result);
301 STC_LOGD("Successfully removed ipv4 chain [%d:%s]", result, chain);
302 g_variant_unref(message);
304 return STC_ERROR_NONE;
307 static int __ip6tables_remove_chain(GDBusConnection *connection,
311 GVariant *message = NULL;
313 message = stc_manager_gdbus_call_sync(connection,
314 STC_IPTABLES_DBUS_SERVICE,
315 STC_IPTABLES_DBUS_CHAIN_PATH,
316 STC_IPTABLES_DBUS_CHAIN_INTERFACE,
317 STC_IPTABLES_DBUS_METHOD_IP6T_REMOVE_CHAIN,
318 g_variant_new("(s)", chain));
320 if (message == NULL) {
321 STC_LOGE("Failed to invoke dbus method"); //LCOV_EXCL_LINE
322 return STC_ERROR_FAIL; //LCOV_EXCL_LINE
325 g_variant_get(message, "(i)", &result);
326 STC_LOGD("Successfully removed ipv6 chain [%d:%s]", result, chain);
327 g_variant_unref(message);
329 return STC_ERROR_NONE;
332 static int __iptables_flush_chain(GDBusConnection *connection,
336 GVariant *message = NULL;
338 message = stc_manager_gdbus_call_sync(connection,
339 STC_IPTABLES_DBUS_SERVICE,
340 STC_IPTABLES_DBUS_CHAIN_PATH,
341 STC_IPTABLES_DBUS_CHAIN_INTERFACE,
342 STC_IPTABLES_DBUS_METHOD_IPT_FLUSH_CHAIN,
343 g_variant_new("(s)", chain));
345 if (message == NULL) {
346 STC_LOGE("Failed to invoke dbus method"); //LCOV_EXCL_LINE
347 return STC_ERROR_FAIL; //LCOV_EXCL_LINE
350 g_variant_get(message, "(i)", &result);
351 STC_LOGD("Successfully flushed ipv4 chain [%d:%s]", result, chain);
352 g_variant_unref(message);
354 return STC_ERROR_NONE;
357 static int __ip6tables_flush_chain(GDBusConnection *connection,
361 GVariant *message = NULL;
363 message = stc_manager_gdbus_call_sync(connection,
364 STC_IPTABLES_DBUS_SERVICE,
365 STC_IPTABLES_DBUS_CHAIN_PATH,
366 STC_IPTABLES_DBUS_CHAIN_INTERFACE,
367 STC_IPTABLES_DBUS_METHOD_IP6T_FLUSH_CHAIN,
368 g_variant_new("(s)", chain));
370 if (message == NULL) {
371 STC_LOGE("Failed to invoke dbus method"); //LCOV_EXCL_LINE
372 return STC_ERROR_FAIL; //LCOV_EXCL_LINE
375 g_variant_get(message, "(i)", &result);
376 STC_LOGD("Successfully flushed ipv6 chain [%d:%s]", result, chain);
377 g_variant_unref(message);
379 return STC_ERROR_NONE;
382 static int __iptables_add_chain_jump_rule(const char *chain,
385 stc_error_e ret = STC_ERROR_NONE;
386 iptables_rule_s iptables_rule;
387 memset(&iptables_rule, 0, sizeof(iptables_rule_s));
389 iptables_rule.target = g_strdup(target);
390 iptables_rule.chain = g_strdup(chain);
392 ret = iptables_add(&iptables_rule, IP_TYPE_IPV4_IPV6);
394 g_free(iptables_rule.target);
395 g_free(iptables_rule.chain);
400 static stc_error_e _iptables_add_in_chain(stc_s *stc)
402 stc_error_e ret = STC_ERROR_NONE;
404 ret = __iptables_add_chain(stc->connection, STC_IN_CHAIN);
405 if (ret != STC_ERROR_NONE)
406 goto done; //LCOV_EXCL_LINE
408 ret = __iptables_add_chain(stc->connection, STC_IN_DROP_CHAIN);
409 if (ret != STC_ERROR_NONE)
410 goto done; //LCOV_EXCL_LINE
412 ret = __iptables_add_chain(stc->connection, STC_IN_FG_CHAIN);
413 if (ret != STC_ERROR_NONE)
414 goto done; //LCOV_EXCL_LINE
416 ret = __iptables_add_chain(stc->connection, STC_IN_ACCEPT_CHAIN);
417 if (ret != STC_ERROR_NONE)
418 goto done; //LCOV_EXCL_LINE
420 ret = __iptables_add_chain(stc->connection, STC_IN_BG_DROP_CHAIN);
421 if (ret != STC_ERROR_NONE)
422 goto done; //LCOV_EXCL_LINE
424 ret = __iptables_add_chain(stc->connection, STC_IN_BG_CHAIN);
425 if (ret != STC_ERROR_NONE)
426 goto done; //LCOV_EXCL_LINE
432 static stc_error_e _iptables_add_out_chain(stc_s *stc)
434 stc_error_e ret = STC_ERROR_NONE;
436 ret = __iptables_add_chain(stc->connection, STC_OUT_CHAIN);
437 if (ret != STC_ERROR_NONE)
438 goto done; //LCOV_EXCL_LINE
440 ret = __iptables_add_chain(stc->connection, STC_OUT_DROP_CHAIN);
441 if (ret != STC_ERROR_NONE)
442 goto done; //LCOV_EXCL_LINE
444 ret = __iptables_add_chain(stc->connection, STC_OUT_FG_CHAIN);
445 if (ret != STC_ERROR_NONE)
446 goto done; //LCOV_EXCL_LINE
448 ret = __iptables_add_chain(stc->connection, STC_OUT_ACCEPT_CHAIN);
449 if (ret != STC_ERROR_NONE)
450 goto done; //LCOV_EXCL_LINE
452 ret = __iptables_add_chain(stc->connection, STC_OUT_BG_DROP_CHAIN);
453 if (ret != STC_ERROR_NONE)
454 goto done; //LCOV_EXCL_LINE
456 ret = __iptables_add_chain(stc->connection, STC_OUT_BG_CHAIN);
457 if (ret != STC_ERROR_NONE)
458 goto done; //LCOV_EXCL_LINE
464 static stc_error_e _ip6tables_add_in_chain(stc_s *stc)
466 stc_error_e ret = STC_ERROR_NONE;
468 ret = __ip6tables_add_chain(stc->connection, STC_IN_CHAIN);
469 if (ret != STC_ERROR_NONE)
470 goto done; //LCOV_EXCL_LINE
472 ret = __ip6tables_add_chain(stc->connection, STC_IN_DROP_CHAIN);
473 if (ret != STC_ERROR_NONE)
474 goto done; //LCOV_EXCL_LINE
476 ret = __ip6tables_add_chain(stc->connection, STC_IN_FG_CHAIN);
477 if (ret != STC_ERROR_NONE)
478 goto done; //LCOV_EXCL_LINE
480 ret = __ip6tables_add_chain(stc->connection, STC_IN_ACCEPT_CHAIN);
481 if (ret != STC_ERROR_NONE)
482 goto done; //LCOV_EXCL_LINE
484 ret = __ip6tables_add_chain(stc->connection, STC_IN_BG_DROP_CHAIN);
485 if (ret != STC_ERROR_NONE)
486 goto done; //LCOV_EXCL_LINE
488 ret = __ip6tables_add_chain(stc->connection, STC_IN_BG_CHAIN);
489 if (ret != STC_ERROR_NONE)
490 goto done; //LCOV_EXCL_LINE
496 static stc_error_e _ip6tables_add_out_chain(stc_s *stc)
498 stc_error_e ret = STC_ERROR_NONE;
500 ret = __ip6tables_add_chain(stc->connection, STC_OUT_CHAIN);
501 if (ret != STC_ERROR_NONE)
502 goto done; //LCOV_EXCL_LINE
504 ret = __ip6tables_add_chain(stc->connection, STC_OUT_DROP_CHAIN);
505 if (ret != STC_ERROR_NONE)
506 goto done; //LCOV_EXCL_LINE
508 ret = __ip6tables_add_chain(stc->connection, STC_OUT_FG_CHAIN);
509 if (ret != STC_ERROR_NONE)
510 goto done; //LCOV_EXCL_LINE
512 ret = __ip6tables_add_chain(stc->connection, STC_OUT_ACCEPT_CHAIN);
513 if (ret != STC_ERROR_NONE)
514 goto done; //LCOV_EXCL_LINE
516 ret = __ip6tables_add_chain(stc->connection, STC_OUT_BG_DROP_CHAIN);
517 if (ret != STC_ERROR_NONE)
518 goto done; //LCOV_EXCL_LINE
520 ret = __ip6tables_add_chain(stc->connection, STC_OUT_BG_CHAIN);
521 if (ret != STC_ERROR_NONE)
522 goto done; //LCOV_EXCL_LINE
528 static stc_error_e _iptables_add_in_chain_jump_rule(void)
530 stc_error_e ret = STC_ERROR_NONE;
532 ret = __iptables_add_chain_jump_rule("INPUT", STC_IN_CHAIN);
533 if (ret != STC_ERROR_NONE)
534 goto done; //LCOV_EXCL_LINE
536 ret = __iptables_add_chain_jump_rule("INPUT", STC_IN_DROP_CHAIN);
537 if (ret != STC_ERROR_NONE)
538 goto done; //LCOV_EXCL_LINE
540 ret = __iptables_add_chain_jump_rule("INPUT", STC_IN_FG_CHAIN);
541 if (ret != STC_ERROR_NONE)
542 goto done; //LCOV_EXCL_LINE
544 ret = __iptables_add_chain_jump_rule("INPUT", STC_IN_ACCEPT_CHAIN);
545 if (ret != STC_ERROR_NONE)
546 goto done; //LCOV_EXCL_LINE
548 ret = __iptables_add_chain_jump_rule("INPUT", STC_IN_BG_DROP_CHAIN);
549 if (ret != STC_ERROR_NONE)
550 goto done; //LCOV_EXCL_LINE
552 ret = __iptables_add_chain_jump_rule("INPUT", STC_IN_BG_CHAIN);
553 if (ret != STC_ERROR_NONE)
554 goto done; //LCOV_EXCL_LINE
560 static stc_error_e _iptables_add_out_chain_jump_rule(void)
562 stc_error_e ret = STC_ERROR_NONE;
564 ret = __iptables_add_chain_jump_rule("OUTPUT", STC_OUT_CHAIN);
565 if (ret != STC_ERROR_NONE)
566 goto done; //LCOV_EXCL_LINE
568 ret = __iptables_add_chain_jump_rule("OUTPUT", STC_OUT_DROP_CHAIN);
569 if (ret != STC_ERROR_NONE)
570 goto done; //LCOV_EXCL_LINE
572 ret = __iptables_add_chain_jump_rule("OUTPUT", STC_OUT_FG_CHAIN);
573 if (ret != STC_ERROR_NONE)
574 goto done; //LCOV_EXCL_LINE
576 ret = __iptables_add_chain_jump_rule("OUTPUT", STC_OUT_ACCEPT_CHAIN);
577 if (ret != STC_ERROR_NONE)
578 goto done; //LCOV_EXCL_LINE
580 ret = __iptables_add_chain_jump_rule("OUTPUT", STC_OUT_BG_DROP_CHAIN);
581 if (ret != STC_ERROR_NONE)
582 goto done; //LCOV_EXCL_LINE
584 ret = __iptables_add_chain_jump_rule("OUTPUT", STC_OUT_BG_CHAIN);
585 if (ret != STC_ERROR_NONE)
586 goto done; //LCOV_EXCL_LINE
592 static stc_error_e _iptables_remove_in_chain(stc_s *stc)
594 stc_error_e ret = STC_ERROR_NONE;
596 ret = __iptables_remove_chain(stc->connection, STC_IN_DROP_CHAIN);
597 if (ret != STC_ERROR_NONE)
598 goto done; //LCOV_EXCL_LINE
600 ret = __iptables_remove_chain(stc->connection, STC_IN_FG_CHAIN);
601 if (ret != STC_ERROR_NONE)
602 goto done; //LCOV_EXCL_LINE
604 ret = __iptables_remove_chain(stc->connection, STC_IN_ACCEPT_CHAIN);
605 if (ret != STC_ERROR_NONE)
606 goto done; //LCOV_EXCL_LINE
608 ret = __iptables_remove_chain(stc->connection, STC_IN_BG_DROP_CHAIN);
609 if (ret != STC_ERROR_NONE)
610 goto done; //LCOV_EXCL_LINE
612 ret = __iptables_remove_chain(stc->connection, STC_IN_BG_CHAIN);
613 if (ret != STC_ERROR_NONE)
614 goto done; //LCOV_EXCL_LINE
616 ret = __iptables_remove_chain(stc->connection, STC_IN_CHAIN);
617 if (ret != STC_ERROR_NONE)
618 goto done; //LCOV_EXCL_LINE
624 static stc_error_e _iptables_remove_out_chain(stc_s *stc)
626 stc_error_e ret = STC_ERROR_NONE;
628 ret = __iptables_remove_chain(stc->connection, STC_OUT_DROP_CHAIN);
629 if (ret != STC_ERROR_NONE)
630 goto done; //LCOV_EXCL_LINE
632 ret = __iptables_remove_chain(stc->connection, STC_OUT_FG_CHAIN);
633 if (ret != STC_ERROR_NONE)
634 goto done; //LCOV_EXCL_LINE
636 ret = __iptables_remove_chain(stc->connection, STC_OUT_ACCEPT_CHAIN);
637 if (ret != STC_ERROR_NONE)
638 goto done; //LCOV_EXCL_LINE
640 ret = __iptables_remove_chain(stc->connection, STC_OUT_BG_DROP_CHAIN);
641 if (ret != STC_ERROR_NONE)
642 goto done; //LCOV_EXCL_LINE
644 ret = __iptables_remove_chain(stc->connection, STC_OUT_BG_CHAIN);
645 if (ret != STC_ERROR_NONE)
646 goto done; //LCOV_EXCL_LINE
648 ret = __iptables_remove_chain(stc->connection, STC_OUT_CHAIN);
649 if (ret != STC_ERROR_NONE)
650 goto done; //LCOV_EXCL_LINE
656 static stc_error_e _ip6tables_remove_in_chain(stc_s *stc)
658 stc_error_e ret = STC_ERROR_NONE;
660 ret = __ip6tables_remove_chain(stc->connection, STC_IN_DROP_CHAIN);
661 if (ret != STC_ERROR_NONE)
662 goto done; //LCOV_EXCL_LINE
664 ret = __ip6tables_remove_chain(stc->connection, STC_IN_FG_CHAIN);
665 if (ret != STC_ERROR_NONE)
666 goto done; //LCOV_EXCL_LINE
668 ret = __ip6tables_remove_chain(stc->connection, STC_IN_ACCEPT_CHAIN);
669 if (ret != STC_ERROR_NONE)
670 goto done; //LCOV_EXCL_LINE
672 ret = __ip6tables_remove_chain(stc->connection, STC_IN_BG_DROP_CHAIN);
673 if (ret != STC_ERROR_NONE)
674 goto done; //LCOV_EXCL_LINE
676 ret = __ip6tables_remove_chain(stc->connection, STC_IN_BG_CHAIN);
677 if (ret != STC_ERROR_NONE)
678 goto done; //LCOV_EXCL_LINE
680 ret = __ip6tables_remove_chain(stc->connection, STC_IN_CHAIN);
681 if (ret != STC_ERROR_NONE)
682 goto done; //LCOV_EXCL_LINE
688 static stc_error_e _ip6tables_remove_out_chain(stc_s *stc)
690 stc_error_e ret = STC_ERROR_NONE;
692 ret = __ip6tables_remove_chain(stc->connection, STC_OUT_DROP_CHAIN);
693 if (ret != STC_ERROR_NONE)
694 goto done; //LCOV_EXCL_LINE
696 ret = __ip6tables_remove_chain(stc->connection, STC_OUT_FG_CHAIN);
697 if (ret != STC_ERROR_NONE)
698 goto done; //LCOV_EXCL_LINE
700 ret = __ip6tables_remove_chain(stc->connection, STC_OUT_ACCEPT_CHAIN);
701 if (ret != STC_ERROR_NONE)
702 goto done; //LCOV_EXCL_LINE
704 ret = __ip6tables_remove_chain(stc->connection, STC_OUT_BG_DROP_CHAIN);
705 if (ret != STC_ERROR_NONE)
706 goto done; //LCOV_EXCL_LINE
708 ret = __ip6tables_remove_chain(stc->connection, STC_OUT_BG_CHAIN);
709 if (ret != STC_ERROR_NONE)
710 goto done; //LCOV_EXCL_LINE
712 ret = __ip6tables_remove_chain(stc->connection, STC_OUT_CHAIN);
713 if (ret != STC_ERROR_NONE)
714 goto done; //LCOV_EXCL_LINE
720 static stc_error_e _iptables_flush_in_chain(stc_s *stc)
722 stc_error_e ret = STC_ERROR_NONE;
724 ret = __iptables_flush_chain(stc->connection, STC_IN_DROP_CHAIN);
725 if (ret != STC_ERROR_NONE)
726 goto done; //LCOV_EXCL_LINE
728 ret = __iptables_flush_chain(stc->connection, STC_IN_FG_CHAIN);
729 if (ret != STC_ERROR_NONE)
730 goto done; //LCOV_EXCL_LINE
732 ret = __iptables_flush_chain(stc->connection, STC_IN_ACCEPT_CHAIN);
733 if (ret != STC_ERROR_NONE)
734 goto done; //LCOV_EXCL_LINE
736 ret = __iptables_flush_chain(stc->connection, STC_IN_BG_DROP_CHAIN);
737 if (ret != STC_ERROR_NONE)
738 goto done; //LCOV_EXCL_LINE
740 ret = __iptables_flush_chain(stc->connection, STC_IN_BG_CHAIN);
741 if (ret != STC_ERROR_NONE)
742 goto done; //LCOV_EXCL_LINE
744 ret = __iptables_flush_chain(stc->connection, STC_IN_CHAIN);
745 if (ret != STC_ERROR_NONE)
746 goto done; //LCOV_EXCL_LINE
752 static stc_error_e _iptables_flush_out_chain(stc_s *stc)
754 stc_error_e ret = STC_ERROR_NONE;
756 ret = __iptables_flush_chain(stc->connection, STC_OUT_DROP_CHAIN);
757 if (ret != STC_ERROR_NONE)
758 goto done; //LCOV_EXCL_LINE
760 ret = __iptables_flush_chain(stc->connection, STC_OUT_FG_CHAIN);
761 if (ret != STC_ERROR_NONE)
762 goto done; //LCOV_EXCL_LINE
764 ret = __iptables_flush_chain(stc->connection, STC_OUT_ACCEPT_CHAIN);
765 if (ret != STC_ERROR_NONE)
766 goto done; //LCOV_EXCL_LINE
768 ret = __iptables_flush_chain(stc->connection, STC_OUT_BG_DROP_CHAIN);
769 if (ret != STC_ERROR_NONE)
770 goto done; //LCOV_EXCL_LINE
772 ret = __iptables_flush_chain(stc->connection, STC_OUT_BG_CHAIN);
773 if (ret != STC_ERROR_NONE)
774 goto done; //LCOV_EXCL_LINE
776 ret = __iptables_flush_chain(stc->connection, STC_OUT_CHAIN);
777 if (ret != STC_ERROR_NONE)
778 goto done; //LCOV_EXCL_LINE
784 static stc_error_e _ip6tables_flush_in_chain(stc_s *stc)
786 stc_error_e ret = STC_ERROR_NONE;
788 ret = __ip6tables_flush_chain(stc->connection, STC_IN_DROP_CHAIN);
789 if (ret != STC_ERROR_NONE)
790 goto done; //LCOV_EXCL_LINE
792 ret = __ip6tables_flush_chain(stc->connection, STC_IN_FG_CHAIN);
793 if (ret != STC_ERROR_NONE)
794 goto done; //LCOV_EXCL_LINE
796 ret = __ip6tables_flush_chain(stc->connection, STC_IN_ACCEPT_CHAIN);
797 if (ret != STC_ERROR_NONE)
798 goto done; //LCOV_EXCL_LINE
800 ret = __ip6tables_flush_chain(stc->connection, STC_IN_BG_DROP_CHAIN);
801 if (ret != STC_ERROR_NONE)
802 goto done; //LCOV_EXCL_LINE
804 ret = __ip6tables_flush_chain(stc->connection, STC_IN_BG_CHAIN);
805 if (ret != STC_ERROR_NONE)
806 goto done; //LCOV_EXCL_LINE
808 ret = __ip6tables_flush_chain(stc->connection, STC_IN_CHAIN);
809 if (ret != STC_ERROR_NONE)
810 goto done; //LCOV_EXCL_LINE
816 static stc_error_e _ip6tables_flush_out_chain(stc_s *stc)
818 stc_error_e ret = STC_ERROR_NONE;
820 ret = __ip6tables_flush_chain(stc->connection, STC_OUT_DROP_CHAIN);
821 if (ret != STC_ERROR_NONE)
822 goto done; //LCOV_EXCL_LINE
824 ret = __ip6tables_flush_chain(stc->connection, STC_OUT_FG_CHAIN);
825 if (ret != STC_ERROR_NONE)
826 goto done; //LCOV_EXCL_LINE
828 ret = __ip6tables_flush_chain(stc->connection, STC_OUT_ACCEPT_CHAIN);
829 if (ret != STC_ERROR_NONE)
830 goto done; //LCOV_EXCL_LINE
832 ret = __ip6tables_flush_chain(stc->connection, STC_OUT_BG_DROP_CHAIN);
833 if (ret != STC_ERROR_NONE)
834 goto done; //LCOV_EXCL_LINE
836 ret = __ip6tables_flush_chain(stc->connection, STC_OUT_BG_CHAIN);
837 if (ret != STC_ERROR_NONE)
838 goto done; //LCOV_EXCL_LINE
840 ret = __ip6tables_flush_chain(stc->connection, STC_OUT_CHAIN);
841 if (ret != STC_ERROR_NONE)
842 goto done; //LCOV_EXCL_LINE
848 stc_error_e iptables_add(iptables_rule_s *rule, iptables_ip_type_e iptype)
850 stc_error_e ret = STC_ERROR_NONE;
851 stc_s *stc = stc_get_manager();
853 if (!stc || !stc->connection)
854 return STC_ERROR_INVALID_PARAMETER; //LCOV_EXCL_LINE
856 if (iptype == IP_TYPE_IPV4 ||
857 iptype == IP_TYPE_IPV4_IPV6) {
858 ret = __iptables_rule_add(stc->connection, rule);
859 if (ret != STC_ERROR_NONE)
860 goto done; //LCOV_EXCL_LINE
863 if (iptype == IP_TYPE_IPV6 ||
864 iptype == IP_TYPE_IPV4_IPV6)
865 ret = __ip6tables_rule_add(stc->connection, rule);
871 stc_error_e iptables_remove(iptables_rule_s *rule, iptables_ip_type_e iptype)
873 stc_error_e ret = STC_ERROR_NONE;
874 stc_s *stc = stc_get_manager();
876 if (!stc || !stc->connection)
877 return STC_ERROR_INVALID_PARAMETER; //LCOV_EXCL_LINE
879 if (iptype == IP_TYPE_IPV4 ||
880 iptype == IP_TYPE_IPV4_IPV6) {
881 ret = __iptables_rule_remove(stc->connection, rule);
882 if (ret != STC_ERROR_NONE)
883 goto done; //LCOV_EXCL_LINE
886 if (iptype == IP_TYPE_IPV6 ||
887 iptype == IP_TYPE_IPV4_IPV6)
888 ret = __ip6tables_rule_remove(stc->connection, rule);
894 API stc_error_e iptables_flush_chains(void)
896 stc_error_e ret = STC_ERROR_NONE;
897 stc_s *stc = stc_get_manager();
899 if (!stc || !stc->connection)
900 return STC_ERROR_INVALID_PARAMETER; //LCOV_EXCL_LINE
902 ret = _iptables_flush_in_chain(stc);
903 if (ret != STC_ERROR_NONE)
904 goto done; //LCOV_EXCL_LINE
906 ret = _iptables_flush_out_chain(stc);
907 if (ret != STC_ERROR_NONE)
908 goto done; //LCOV_EXCL_LINE
910 ret = __iptables_flush_chain(stc->connection, STC_FRWD_CHAIN);
911 if (ret != STC_ERROR_NONE)
912 goto done; //LCOV_EXCL_LINE
914 ret = __iptables_flush_chain(stc->connection, STC_TETHER_CHAIN);
915 if (ret != STC_ERROR_NONE)
916 goto done; //LCOV_EXCL_LINE
918 ret = _ip6tables_flush_in_chain(stc);
919 if (ret != STC_ERROR_NONE)
920 goto done; //LCOV_EXCL_LINE
922 ret = _ip6tables_flush_out_chain(stc);
923 if (ret != STC_ERROR_NONE)
924 goto done; //LCOV_EXCL_LINE
926 ret = __ip6tables_flush_chain(stc->connection, STC_FRWD_CHAIN);
931 stc_error_e iptables_init(void)
933 __STC_LOG_FUNC_ENTER__;
935 stc_error_e ret = STC_ERROR_NONE;
936 stc_s *stc = stc_get_manager();
938 if (!stc || !stc->connection) {
939 __STC_LOG_FUNC_EXIT__; //LCOV_EXCL_LINE
940 return STC_ERROR_INVALID_PARAMETER; //LCOV_EXCL_LINE
943 ret = _iptables_add_in_chain(stc);
944 if (ret != STC_ERROR_NONE) {
945 __STC_LOG_FUNC_EXIT__; //LCOV_EXCL_LINE
946 goto done; //LCOV_EXCL_LINE
949 ret = _iptables_add_out_chain(stc);
950 if (ret != STC_ERROR_NONE) {
951 __STC_LOG_FUNC_EXIT__; //LCOV_EXCL_LINE
952 goto done; //LCOV_EXCL_LINE
955 ret = __iptables_add_chain(stc->connection, STC_FRWD_CHAIN);
956 if (ret != STC_ERROR_NONE) {
957 __STC_LOG_FUNC_EXIT__; //LCOV_EXCL_LINE
958 goto done; //LCOV_EXCL_LINE
961 ret = __iptables_add_chain(stc->connection, STC_TETHER_CHAIN);
962 if (ret != STC_ERROR_NONE) {
963 __STC_LOG_FUNC_EXIT__; //LCOV_EXCL_LINE
964 goto done; //LCOV_EXCL_LINE
967 ret = _ip6tables_add_in_chain(stc);
968 if (ret != STC_ERROR_NONE) {
969 __STC_LOG_FUNC_EXIT__; //LCOV_EXCL_LINE
970 goto done; //LCOV_EXCL_LINE
973 ret = _ip6tables_add_out_chain(stc);
974 if (ret != STC_ERROR_NONE) {
975 __STC_LOG_FUNC_EXIT__; //LCOV_EXCL_LINE
976 goto done; //LCOV_EXCL_LINE
979 ret = __ip6tables_add_chain(stc->connection, STC_FRWD_CHAIN);
980 if (ret != STC_ERROR_NONE) {
981 __STC_LOG_FUNC_EXIT__; //LCOV_EXCL_LINE
982 goto done; //LCOV_EXCL_LINE
985 ret = __ip6tables_add_chain(stc->connection, STC_TETHER_CHAIN);
986 if (ret != STC_ERROR_NONE) {
987 __STC_LOG_FUNC_EXIT__; //LCOV_EXCL_LINE
988 goto done; //LCOV_EXCL_LINE
991 ret = _iptables_add_in_chain_jump_rule();
992 if (ret != STC_ERROR_NONE) {
993 __STC_LOG_FUNC_EXIT__; //LCOV_EXCL_LINE
994 goto done; //LCOV_EXCL_LINE
997 ret = _iptables_add_out_chain_jump_rule();
998 if (ret != STC_ERROR_NONE) {
999 __STC_LOG_FUNC_EXIT__; //LCOV_EXCL_LINE
1000 goto done; //LCOV_EXCL_LINE
1003 ret = __iptables_add_chain_jump_rule("FORWARD", STC_FRWD_CHAIN);
1004 if (ret != STC_ERROR_NONE) {
1005 __STC_LOG_FUNC_EXIT__; //LCOV_EXCL_LINE
1006 goto done; //LCOV_EXCL_LINE
1009 ret = __iptables_add_chain_jump_rule("FORWARD", STC_TETHER_CHAIN);
1010 if (ret != STC_ERROR_NONE) {
1011 __STC_LOG_FUNC_EXIT__;
1016 __STC_LOG_FUNC_ENTER__;
1020 stc_error_e iptables_deinit(void)
1022 __STC_LOG_FUNC_ENTER__;
1024 stc_error_e ret = STC_ERROR_NONE;
1025 stc_s *stc = stc_get_manager();
1027 if (!stc || !stc->connection) {
1028 __STC_LOG_FUNC_EXIT__; //LCOV_EXCL_LINE
1029 return STC_ERROR_INVALID_PARAMETER; //LCOV_EXCL_LINE
1032 ret = _iptables_remove_in_chain(stc);
1033 if (ret != STC_ERROR_NONE) {
1034 __STC_LOG_FUNC_EXIT__; //LCOV_EXCL_LINE
1035 goto done; //LCOV_EXCL_LINE
1038 ret = _iptables_remove_out_chain(stc);
1039 if (ret != STC_ERROR_NONE) {
1040 __STC_LOG_FUNC_EXIT__; //LCOV_EXCL_LINE
1041 goto done; //LCOV_EXCL_LINE
1044 ret = __iptables_remove_chain(stc->connection, STC_TETHER_CHAIN);
1045 if (ret != STC_ERROR_NONE) {
1046 __STC_LOG_FUNC_EXIT__; //LCOV_EXCL_LINE
1047 goto done; //LCOV_EXCL_LINE
1050 ret = __iptables_remove_chain(stc->connection, STC_FRWD_CHAIN);
1051 if (ret != STC_ERROR_NONE) {
1052 __STC_LOG_FUNC_EXIT__; //LCOV_EXCL_LINE
1053 goto done; //LCOV_EXCL_LINE
1056 ret = _ip6tables_remove_in_chain(stc);
1057 if (ret != STC_ERROR_NONE) {
1058 __STC_LOG_FUNC_EXIT__; //LCOV_EXCL_LINE
1059 goto done; //LCOV_EXCL_LINE
1062 ret = _ip6tables_remove_out_chain(stc);
1063 if (ret != STC_ERROR_NONE) {
1064 __STC_LOG_FUNC_EXIT__; //LCOV_EXCL_LINE
1065 goto done; //LCOV_EXCL_LINE
1068 ret = __ip6tables_remove_chain(stc->connection, STC_FRWD_CHAIN);
1069 if (ret != STC_ERROR_NONE) {
1070 __STC_LOG_FUNC_EXIT__; //LCOV_EXCL_LINE
1071 goto done; //LCOV_EXCL_LINE
1075 __STC_LOG_FUNC_ENTER__;