2 * Copyright (c) 2016 Samsung Electronics Co., Ltd.
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License version 2 as
6 * published by the Free Software Foundation.
8 * This program is distributed in the hope that it will be useful,
9 * but WITHOUT ANY WARRANTY; without even the implied warranty of
10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 * GNU General Public License for more details.
13 * You should have received a copy of the GNU General Public License
14 * along with this program; if not, write to the Free Software
15 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
20 #include "stc-iptables.h"
21 #include "stc-iptables-util.h"
22 #include "helper-iptables.h"
23 #include "helper-ip6tables.h"
24 #include "helper-log.h"
26 #define BUF_SIZE_FOR_IP 64
28 #define RULE_CHAIN "chain"
29 #define RULE_DIRECTION "direction"
30 #define RULE_IFNAME "ifname"
31 #define RULE_CGROUP "cgroup"
32 #define RULE_NFACCT "nfacct"
33 #define RULE_PROTOCOL "protocol"
34 #define RULE_TARGET "target"
35 #define RULE_TARGETTYPE "target_type"
37 #define RULE_FAMILY "family"
38 #define RULE_SIPTYPE "s_ip_type"
39 #define RULE_SIP1 "s_ip1"
40 #define RULE_SIP2 "s_ip2"
41 #define RULE_DIPTYPE "d_ip_type"
42 #define RULE_DIP1 "d_ip1"
43 #define RULE_DIP2 "d_ip2"
44 #define RULE_SPORTTYPE "s_port_type"
45 #define RULE_SPORT1 "s_port1"
46 #define RULE_SPORT2 "s_port2"
47 #define RULE_DPORTTYPE "d_port_type"
48 #define RULE_DPORT1 "d_port1"
49 #define RULE_DPORT2 "d_port2"
51 #define RULE_LOG_LEVEL "log_level"
52 #define RULE_LOG_PREFIX "log_prefix"
53 #define RULE_NFLOG_GROUP "nflog_group"
54 #define RULE_NFLOG_PREFIX "nflog_prefix"
55 #define RULE_NFLOG_RANGE "nflog_range"
56 #define RULE_NFLOG_THRESHOLD "nflog_threshold"
58 #define STC_IPTABLES_DBUS_ERROR_NAME "net.stc.iptables.Error.Failed"
60 #define STC_IPTABLES_DBUS_REPLY(invocation, parameters) \
61 g_dbus_method_invocation_return_value((invocation), parameters);
63 #define STC_IPTABLES_DBUS_REPLY_ERROR(invocation, err_num) \
64 g_dbus_method_invocation_return_dbus_error((invocation), \
65 STC_IPTABLES_DBUS_ERROR_NAME, \
66 stc_iptables_err_strs[-(err_num)])
68 static const gchar *stc_iptables_err_strs[] = {
78 void __stc_extract_rule(const char *key, GVariant *value,
81 iptables_rule_s *rule = (iptables_rule_s *)user_data;
85 if (!g_strcmp0(key, RULE_CHAIN)) {
87 rule->chain = g_variant_dup_string(value, &len);
88 STC_LOGD("%s: [%s]", RULE_CHAIN, rule->chain);
90 } else if (!g_strcmp0(key, RULE_DIRECTION)) {
91 rule->direction = g_variant_get_uint16(value);
92 STC_LOGD("%s: [%u]", RULE_DIRECTION, rule->direction);
94 } else if (!g_strcmp0(key, RULE_SIPTYPE)) {
95 rule->s_ip_type = g_variant_get_uint16(value);
96 STC_LOGD("%s: [%u]", RULE_SIPTYPE, rule->s_ip_type);
98 } else if (!g_strcmp0(key, RULE_DIPTYPE)) {
99 rule->d_ip_type = g_variant_get_uint16(value);
100 STC_LOGD("%s: [%u]", RULE_DIPTYPE, rule->d_ip_type);
102 } else if (!g_strcmp0(key, RULE_SPORTTYPE)) {
103 rule->s_port_type = g_variant_get_uint16(value);
104 STC_LOGD("%s: [%u]", RULE_SPORTTYPE, rule->s_port_type);
106 } else if (!g_strcmp0(key, RULE_DPORTTYPE)) {
107 rule->d_port_type = g_variant_get_uint16(value);
108 STC_LOGD("%s: [%u]", RULE_DPORTTYPE, rule->d_port_type);
110 } else if (!g_strcmp0(key, RULE_SIP1)) {
111 if (rule->s_ip_type != IPTABLES_IP_NONE) {
112 rule->s_ip1.s_addr = g_variant_get_uint32(value);
113 STC_LOGD("%s: [%08x]", RULE_SIP1, rule->s_ip1.s_addr);
116 } else if (!g_strcmp0(key, RULE_SIP2)) {
117 if (rule->s_ip_type != IPTABLES_IP_NONE) {
118 rule->s_ip2.s_addr = g_variant_get_uint32(value);
119 STC_LOGD("%s: [%08x]", RULE_SIP2, rule->s_ip2.s_addr);
122 } else if (!g_strcmp0(key, RULE_DIP1)) {
123 if (rule->d_ip_type != IPTABLES_IP_NONE) {
124 rule->d_ip1.s_addr = g_variant_get_uint32(value);
125 STC_LOGD("%s: [%08x]", RULE_DIP1, rule->d_ip1.s_addr);
128 } else if (!g_strcmp0(key, RULE_DIP2)) {
129 if (rule->d_ip_type != IPTABLES_IP_NONE) {
130 rule->d_ip2.s_addr = g_variant_get_uint32(value);
131 STC_LOGD("%s: [%08x]", RULE_DIP2, rule->d_ip2.s_addr);
134 } else if (!g_strcmp0(key, RULE_SPORT1)) {
135 if (rule->s_port_type != IPTABLES_PORT_NONE) {
136 rule->s_port1 = g_variant_get_uint32(value);
137 STC_LOGD("%s: [%04x]", RULE_SPORT1, rule->s_port1);
140 } else if (!g_strcmp0(key, RULE_SPORT2)) {
141 if (rule->s_port_type != IPTABLES_PORT_NONE) {
142 rule->s_port2 = g_variant_get_uint32(value);
143 STC_LOGD("%s: [%04x]", RULE_SPORT2, rule->s_port2);
146 } else if (!g_strcmp0(key, RULE_DPORT1)) {
147 if (rule->d_port_type != IPTABLES_PORT_NONE) {
148 rule->d_port1 = g_variant_get_uint32(value);
149 STC_LOGD("%s: [%04x]", RULE_DPORT1, rule->d_port1);
152 } else if (!g_strcmp0(key, RULE_DPORT2)) {
153 if (rule->d_port_type != IPTABLES_PORT_NONE) {
154 rule->d_port2 = g_variant_get_uint32(value);
155 STC_LOGD("%s: [%04x]", RULE_DPORT2, rule->d_port2);
158 } else if (!g_strcmp0(key, RULE_IFNAME)) {
159 if (rule->direction != IPTABLES_DIRECTION_NONE) {
161 rule->ifname = g_variant_dup_string(value, &len);
162 STC_LOGD("%s: [%s]", RULE_IFNAME, rule->ifname);
165 } else if (!g_strcmp0(key, RULE_CGROUP)) {
166 rule->classid = g_variant_get_uint32(value);
167 STC_LOGD("%s: [%u]", RULE_CGROUP, rule->classid);
169 } else if (!g_strcmp0(key, RULE_NFACCT)) {
171 rule->nfacct_name = g_variant_dup_string(value, &len);
172 STC_LOGD("%s: [%s]", RULE_NFACCT, rule->nfacct_name);
174 } else if (!g_strcmp0(key, RULE_PROTOCOL)) {
175 rule->protocol = g_variant_get_uint16(value);
176 STC_LOGD("%s: [%u]", RULE_PROTOCOL, rule->protocol);
178 } else if (!g_strcmp0(key, RULE_TARGET)) {
180 rule->target = g_variant_dup_string(value, &len);
181 STC_LOGD("%s: [%s]", RULE_TARGET, rule->target);
183 } else if (!g_strcmp0(key, RULE_TARGETTYPE)) {
184 rule->target_type = g_variant_get_uint16(value);
185 STC_LOGD("%s: [%u]", RULE_TARGETTYPE, rule->target_type);
187 } else if (!g_strcmp0(key, RULE_LOG_LEVEL)) {
188 if (rule->target_type == IPTABLES_ACTION_LOG) {
189 rule->log_level = g_variant_get_uint16(value);
190 STC_LOGD("%s: [%u]", RULE_LOG_LEVEL, rule->log_level);
193 } else if (!g_strcmp0(key, RULE_LOG_PREFIX)) {
194 if (rule->target_type == IPTABLES_ACTION_LOG) {
196 rule->log_prefix = g_variant_dup_string(value, &len);
197 STC_LOGD("%s: [%s]", RULE_LOG_PREFIX, rule->log_prefix);
200 } else if (!g_strcmp0(key, RULE_NFLOG_GROUP)) {
201 if (rule->target_type == IPTABLES_ACTION_NFLOG) {
202 rule->nflog_group = g_variant_get_uint16(value);
203 STC_LOGD("%s: [%u]", RULE_NFLOG_GROUP, rule->nflog_group);
206 } else if (!g_strcmp0(key, RULE_NFLOG_PREFIX)) {
207 if (rule->target_type == IPTABLES_ACTION_NFLOG) {
209 rule->nflog_prefix = g_variant_dup_string(value, &len);
210 STC_LOGD("%s: [%s]", RULE_NFLOG_PREFIX, rule->nflog_prefix);
213 } else if (!g_strcmp0(key, RULE_NFLOG_RANGE)) {
214 if (rule->target_type == IPTABLES_ACTION_NFLOG) {
215 rule->nflog_range = g_variant_get_uint16(value);
216 STC_LOGD("%s: [%u]", RULE_NFLOG_RANGE, rule->nflog_range);
219 } else if (!g_strcmp0(key, RULE_NFLOG_THRESHOLD)) {
220 if (rule->target_type == IPTABLES_ACTION_NFLOG) {
221 rule->nflog_threshold = g_variant_get_uint16(value);
222 STC_LOGD("%s: [%u]", RULE_NFLOG_THRESHOLD, rule->nflog_threshold);
226 STC_LOGD("Unknown rule [%s]", key); //LCOV_EXCL_LINE
230 void __stc_extract_6_rule(const char *key, GVariant *value,
233 ip6tables_rule_s *rule = (ip6tables_rule_s *)user_data;
237 if (!g_strcmp0(key, RULE_CHAIN)) {
239 rule->chain = g_variant_dup_string(value, &len);
240 STC_LOGD("%s: [%s]", RULE_CHAIN, rule->chain);
242 } else if (!g_strcmp0(key, RULE_DIRECTION)) {
243 rule->direction = g_variant_get_uint16(value);
244 STC_LOGD("%s: [%u]", RULE_DIRECTION, rule->direction);
246 } else if (!g_strcmp0(key, RULE_SIPTYPE)) {
247 rule->s_ip_type = g_variant_get_uint16(value);
248 STC_LOGD("%s: [%u]", RULE_SIPTYPE, rule->s_ip_type);
250 } else if (!g_strcmp0(key, RULE_DIPTYPE)) {
251 rule->d_ip_type = g_variant_get_uint16(value);
252 STC_LOGD("%s: [%u]", RULE_DIPTYPE, rule->d_ip_type);
254 } else if (!g_strcmp0(key, RULE_SPORTTYPE)) {
255 rule->s_port_type = g_variant_get_uint16(value);
256 STC_LOGD("%s: [%u]", RULE_SPORTTYPE, rule->s_port_type);
258 } else if (!g_strcmp0(key, RULE_DPORTTYPE)) {
259 rule->d_port_type = g_variant_get_uint16(value);
260 STC_LOGD("%s: [%u]", RULE_DPORTTYPE, rule->d_port_type);
262 } else if (!g_strcmp0(key, RULE_SIP1)) {
263 if (rule->s_ip_type != IP6TABLES_IP_NONE) {
265 char *str = g_variant_dup_string(value, &len);
266 sscanf(str, "%08x:%08x:%08x:%08x",
267 &(rule->s_ip1.s6_addr32[0]), &(rule->s_ip1.s6_addr32[1]),
268 &(rule->s_ip1.s6_addr32[2]), &(rule->s_ip1.s6_addr32[3]));
269 STC_LOGD("%s: [%08x:%08x:%08x:%08x]", RULE_SIP1,
270 rule->s_ip1.s6_addr32[0], rule->s_ip1.s6_addr32[1],
271 rule->s_ip1.s6_addr32[2], rule->s_ip1.s6_addr32[3]);
275 } else if (!g_strcmp0(key, RULE_SIP2)) {
276 if (rule->s_ip_type != IP6TABLES_IP_NONE) {
278 char *str = g_variant_dup_string(value, &len);
279 sscanf(str, "%08x:%08x:%08x:%08x",
280 &(rule->s_ip2.s6_addr32[0]), &(rule->s_ip2.s6_addr32[1]),
281 &(rule->s_ip2.s6_addr32[2]), &(rule->s_ip2.s6_addr32[3]));
282 STC_LOGD("%s: [%08x:%08x:%08x:%08x]", RULE_SIP2,
283 rule->s_ip2.s6_addr32[0], rule->s_ip2.s6_addr32[1],
284 rule->s_ip2.s6_addr32[2], rule->s_ip2.s6_addr32[3]);
288 } else if (!g_strcmp0(key, RULE_DIP1)) {
289 if (rule->d_ip_type != IP6TABLES_IP_NONE) {
291 char *str = g_variant_dup_string(value, &len);
292 sscanf(str, "%08x:%08x:%08x:%08x",
293 &(rule->d_ip1.s6_addr32[0]), &(rule->d_ip1.s6_addr32[1]),
294 &(rule->d_ip1.s6_addr32[2]), &(rule->d_ip1.s6_addr32[3]));
295 STC_LOGD("%s: [%08x:%08x:%08x:%08x]", RULE_DIP1,
296 rule->d_ip1.s6_addr32[0], rule->d_ip1.s6_addr32[1],
297 rule->d_ip1.s6_addr32[2], rule->d_ip1.s6_addr32[3]);
301 } else if (!g_strcmp0(key, RULE_DIP2)) {
302 if (rule->d_ip_type != IP6TABLES_IP_NONE) {
304 char *str = g_variant_dup_string(value, &len);
305 sscanf(str, "%08x:%08x:%08x:%08x",
306 &(rule->d_ip2.s6_addr32[0]), &(rule->d_ip2.s6_addr32[1]),
307 &(rule->d_ip2.s6_addr32[2]), &(rule->d_ip2.s6_addr32[3]));
308 STC_LOGD("%s: [%08x:%08x:%08x:%08x]", RULE_DIP2,
309 rule->d_ip2.s6_addr32[0], rule->d_ip2.s6_addr32[1],
310 rule->d_ip2.s6_addr32[2], rule->d_ip2.s6_addr32[3]);
314 } else if (!g_strcmp0(key, RULE_SPORT1)) {
315 if (rule->s_port_type != IP6TABLES_PORT_NONE) {
316 rule->s_port1 = g_variant_get_uint32(value);
317 STC_LOGD("%s: [%04x]", RULE_SPORT1, rule->s_port1);
320 } else if (!g_strcmp0(key, RULE_SPORT2)) {
321 if (rule->s_port_type != IP6TABLES_PORT_NONE) {
322 rule->s_port2 = g_variant_get_uint32(value);
323 STC_LOGD("%s: [%04x]", RULE_SPORT2, rule->s_port2);
326 } else if (!g_strcmp0(key, RULE_DPORT1)) {
327 if (rule->d_port_type != IP6TABLES_PORT_NONE) {
328 rule->d_port1 = g_variant_get_uint32(value);
329 STC_LOGD("%s: [%04x]", RULE_DPORT1, rule->d_port1);
332 } else if (!g_strcmp0(key, RULE_DPORT2)) {
333 if (rule->d_port_type != IP6TABLES_PORT_NONE) {
334 rule->d_port2 = g_variant_get_uint32(value);
335 STC_LOGD("%s: [%04x]", RULE_DPORT2, rule->d_port2);
338 } else if (!g_strcmp0(key, RULE_IFNAME)) {
339 if (rule->direction != IP6TABLES_DIRECTION_NONE) {
341 rule->ifname = g_variant_dup_string(value, &len);
342 STC_LOGD("%s: [%s]", RULE_IFNAME, rule->ifname);
345 } else if (!g_strcmp0(key, RULE_CGROUP)) {
346 rule->classid = g_variant_get_uint32(value);
347 STC_LOGD("%s: [%u]", RULE_CGROUP, rule->classid);
349 } else if (!g_strcmp0(key, RULE_NFACCT)) {
351 rule->nfacct_name = g_variant_dup_string(value, &len);
352 STC_LOGD("%s: [%s]", RULE_NFACCT, rule->nfacct_name);
354 } else if (!g_strcmp0(key, RULE_PROTOCOL)) {
355 rule->protocol = g_variant_get_uint16(value);
356 STC_LOGD("%s: [%u]", RULE_PROTOCOL, rule->protocol);
358 } else if (!g_strcmp0(key, RULE_TARGET)) {
360 rule->target = g_variant_dup_string(value, &len);
361 STC_LOGD("%s: [%s]", RULE_TARGET, rule->target);
363 } else if (!g_strcmp0(key, RULE_TARGETTYPE)) {
364 rule->target_type = g_variant_get_uint16(value);
365 STC_LOGD("%s: [%u]", RULE_TARGETTYPE, rule->target_type);
367 } else if (!g_strcmp0(key, RULE_LOG_LEVEL)) {
368 if (rule->target_type == IP6TABLES_ACTION_LOG) {
369 rule->log_level = g_variant_get_uint16(value);
370 STC_LOGD("%s: [%u]", RULE_LOG_LEVEL, rule->log_level);
373 } else if (!g_strcmp0(key, RULE_LOG_PREFIX)) {
374 if (rule->target_type == IP6TABLES_ACTION_LOG) {
376 rule->log_prefix = g_variant_dup_string(value, &len);
377 STC_LOGD("%s: [%s]", RULE_LOG_PREFIX, rule->log_prefix);
380 } else if (!g_strcmp0(key, RULE_NFLOG_GROUP)) {
381 if (rule->target_type == IP6TABLES_ACTION_NFLOG) {
382 rule->nflog_group = g_variant_get_uint16(value);
383 STC_LOGD("%s: [%u]", RULE_NFLOG_GROUP, rule->nflog_group);
386 } else if (!g_strcmp0(key, RULE_NFLOG_PREFIX)) {
387 if (rule->target_type == IP6TABLES_ACTION_NFLOG) {
389 rule->nflog_prefix = g_variant_dup_string(value, &len);
390 STC_LOGD("%s: [%s]", RULE_NFLOG_PREFIX, rule->nflog_prefix);
393 } else if (!g_strcmp0(key, RULE_NFLOG_RANGE)) {
394 if (rule->target_type == IP6TABLES_ACTION_NFLOG) {
395 rule->nflog_range = g_variant_get_uint16(value);
396 STC_LOGD("%s: [%u]", RULE_NFLOG_RANGE, rule->nflog_range);
399 } else if (!g_strcmp0(key, RULE_NFLOG_THRESHOLD)) {
400 if (rule->target_type == IP6TABLES_ACTION_NFLOG) {
401 rule->nflog_threshold = g_variant_get_uint16(value);
402 STC_LOGD("%s: [%u]", RULE_NFLOG_THRESHOLD, rule->nflog_threshold);
406 STC_LOGD("Unknown rule [%s]", key); //LCOV_EXCL_LINE
410 static void __free_rule(gpointer data)
412 iptables_rule_s *rule = (iptables_rule_s *)data;
416 FREE(rule->nfacct_name);
418 FREE(rule->log_prefix);
419 FREE(rule->nflog_prefix);
423 static void __free_6_rule(gpointer data)
425 ip6tables_rule_s *rule = (ip6tables_rule_s *)data;
429 FREE(rule->nfacct_name);
431 FREE(rule->log_prefix);
432 FREE(rule->nflog_prefix);
436 gboolean handle_iptables_stop(StcManager *object,
437 GDBusMethodInvocation *invocation)
440 GVariant *return_parameters = NULL;
442 STC_LOGI("stc manager stop");
443 stc_set_keep_alive(TRUE);
445 return_parameters = g_variant_new("(i)", STC_ERROR_NONE);
447 STC_DEBUG_GDBUS_VARIANT("Return parameters: ", return_parameters);
448 STC_IPTABLES_DBUS_REPLY(invocation, return_parameters);
456 gboolean handle_iptables_add_rule(StcRule *object,
457 GDBusMethodInvocation *invocation,
462 stc_error_e ret = STC_ERROR_NONE;
463 GVariant *return_parameters = NULL;
465 stc_set_keep_alive(TRUE);
468 GVariantIter *iter = NULL;
470 g_variant_get(rules, "a{sv}", &iter);
472 iptables_rule_s *rule = MALLOC0(iptables_rule_s, 1);
474 memset(rule, 0, sizeof(iptables_rule_s));
476 stc_iptables_gdbus_dict_foreach(iter,
480 ret = iptables_add_rule(rule);
481 if (ret != STC_ERROR_NONE) {
483 STC_LOGE("Failed add rule [%s:%d:%s:%d:%s:%s]", rule->chain,
484 rule->direction, rule->ifname, rule->classid,
485 rule->nfacct_name, rule->target);
488 g_variant_iter_free(iter);
490 STC_IPTABLES_DBUS_REPLY_ERROR(invocation, ret);
499 g_variant_iter_free(iter);
501 STC_IPTABLES_DBUS_REPLY_ERROR(invocation, //LCOV_EXCL_LINE
502 STC_ERROR_INVALID_PARAMETER);
503 __LOG_FUNC_EXIT__; //LCOV_EXCL_LINE
504 return TRUE; //LCOV_EXCL_LINE
507 return_parameters = g_variant_new("(i)", STC_ERROR_NONE);
509 STC_DEBUG_GDBUS_VARIANT("Return parameters: ", return_parameters);
510 STC_IPTABLES_DBUS_REPLY(invocation, return_parameters);
516 gboolean handle_iptables_insert_rule(StcRule *object,
517 GDBusMethodInvocation *invocation,
522 stc_error_e ret = STC_ERROR_NONE;
523 GVariant *return_parameters = NULL;
525 stc_set_keep_alive(TRUE);
528 GVariantIter *iter = NULL;
530 g_variant_get(rules, "a{sv}", &iter);
532 iptables_rule_s *rule = MALLOC0(iptables_rule_s, 1);
534 memset(rule, 0, sizeof(iptables_rule_s));
536 stc_iptables_gdbus_dict_foreach(iter,
540 ret = iptables_insert_rule(rule);
541 if (ret != STC_ERROR_NONE) {
543 STC_LOGE("Failed insert rule [%s:%d:%s:%d:%s:%s]", rule->chain,
544 rule->direction, rule->ifname, rule->classid,
545 rule->nfacct_name, rule->target);
548 g_variant_iter_free(iter);
550 STC_IPTABLES_DBUS_REPLY_ERROR(invocation, ret);
559 g_variant_iter_free(iter);
561 STC_IPTABLES_DBUS_REPLY_ERROR(invocation, //LCOV_EXCL_LINE
562 STC_ERROR_INVALID_PARAMETER);
563 __LOG_FUNC_EXIT__; //LCOV_EXCL_LINE
564 return TRUE; //LCOV_EXCL_LINE
567 return_parameters = g_variant_new("(i)", STC_ERROR_NONE);
569 STC_DEBUG_GDBUS_VARIANT("Return parameters: ", return_parameters);
570 STC_IPTABLES_DBUS_REPLY(invocation, return_parameters);
576 gboolean handle_iptables_remove_rule(StcRule *object,
577 GDBusMethodInvocation *invocation,
582 stc_error_e ret = STC_ERROR_NONE;
583 GVariant *return_parameters = NULL;
585 stc_set_keep_alive(TRUE);
588 GVariantIter *iter = NULL;
589 g_variant_get(rules, "a{sv}", &iter);
591 iptables_rule_s *rule = MALLOC0(iptables_rule_s, 1);
593 memset(rule, 0, sizeof(iptables_rule_s));
595 stc_iptables_gdbus_dict_foreach(iter,
599 ret = iptables_remove_rule(rule);
600 if (ret != STC_ERROR_NONE) {
602 STC_LOGE("Failed remove rule [%s:%d:%s:%d:%s:%s]", rule->chain,
603 rule->direction, rule->ifname, rule->classid,
604 rule->nfacct_name, rule->target);
607 g_variant_iter_free(iter);
609 STC_IPTABLES_DBUS_REPLY_ERROR(invocation, ret);
618 g_variant_iter_free(iter);
620 STC_IPTABLES_DBUS_REPLY_ERROR(invocation, //LCOV_EXCL_LINE
621 STC_ERROR_INVALID_PARAMETER);
622 __LOG_FUNC_EXIT__; //LCOV_EXCL_LINE
623 return TRUE; //LCOV_EXCL_LINE
626 return_parameters = g_variant_new("(i)", STC_ERROR_NONE);
628 STC_DEBUG_GDBUS_VARIANT("Return parameters: ", return_parameters);
629 STC_IPTABLES_DBUS_REPLY(invocation, return_parameters);
635 gboolean handle_iptables_add_chain(StcChain *object,
636 GDBusMethodInvocation *invocation,
641 stc_error_e ret = STC_ERROR_NONE;
642 GVariant *return_parameters = NULL;
644 stc_set_keep_alive(TRUE);
646 ret = iptables_add_chain(chain);
647 if (ret < STC_ERROR_NONE) {
648 STC_IPTABLES_DBUS_REPLY_ERROR(invocation, ret); //LCOV_EXCL_LINE
649 __LOG_FUNC_EXIT__; //LCOV_EXCL_LINE
650 return TRUE; //LCOV_EXCL_LINE
653 return_parameters = g_variant_new("(i)", STC_ERROR_NONE);
655 STC_DEBUG_GDBUS_VARIANT("Return parameters: ", return_parameters);
656 STC_IPTABLES_DBUS_REPLY(invocation, return_parameters);
662 gboolean handle_iptables_remove_chain(StcChain *object,
663 GDBusMethodInvocation *invocation,
668 stc_error_e ret = STC_ERROR_NONE;
669 GVariant *return_parameters = NULL;
671 stc_set_keep_alive(TRUE);
673 ret = iptables_remove_chain(chain);
674 if (ret < STC_ERROR_NONE) {
675 STC_IPTABLES_DBUS_REPLY_ERROR(invocation, ret); //LCOV_EXCL_LINE
676 __LOG_FUNC_EXIT__; //LCOV_EXCL_LINE
677 return TRUE; //LCOV_EXCL_LINE
680 return_parameters = g_variant_new("(i)", STC_ERROR_NONE);
682 STC_DEBUG_GDBUS_VARIANT("Return parameters: ", return_parameters);
683 STC_IPTABLES_DBUS_REPLY(invocation, return_parameters);
689 gboolean handle_iptables_flush_chain(StcChain *object,
690 GDBusMethodInvocation *invocation,
695 stc_error_e ret = STC_ERROR_NONE;
696 GVariant *return_parameters = NULL;
698 stc_set_keep_alive(TRUE);
700 ret = iptables_flush_chain(chain);
701 if (ret < STC_ERROR_NONE) {
702 STC_IPTABLES_DBUS_REPLY_ERROR(invocation, ret); //LCOV_EXCL_LINE
703 __LOG_FUNC_EXIT__; //LCOV_EXCL_LINE
704 return TRUE; //LCOV_EXCL_LINE
707 return_parameters = g_variant_new("(i)", STC_ERROR_NONE);
709 STC_DEBUG_GDBUS_VARIANT("Return parameters: ", return_parameters);
710 STC_IPTABLES_DBUS_REPLY(invocation, return_parameters);
716 gboolean handle_iptables_add_list(StcRule *object,
717 GDBusMethodInvocation *invocation,
722 GVariantIter *iter = NULL;
723 GVariantIter *iter_row = NULL;
724 stc_error_e ret = STC_ERROR_NONE;
725 GSList *iptables_list = NULL;
726 GVariant *return_parameters = NULL;
727 struct timespec start, end;
731 stc_set_keep_alive(TRUE);
733 clock_gettime(CLOCK_MONOTONIC, &start);
735 g_variant_get(rule_list, "aa{sv}", &iter);
736 while (g_variant_iter_next(iter, "a{sv}", &iter_row)) {
737 iptables_rule_s *rule = MALLOC0(iptables_rule_s, 1);
739 stc_iptables_gdbus_dict_foreach(iter_row,
743 iptables_list = g_slist_append(iptables_list, rule);
745 g_variant_iter_free(iter_row);
747 g_variant_iter_free(iter);
749 ret = iptables_add_rule_list(iptables_list);
751 g_slist_free_full(iptables_list, __free_rule);
753 clock_gettime(CLOCK_MONOTONIC, &end);
755 sec = end.tv_sec - start.tv_sec;
756 nsec = end.tv_nsec - start.tv_nsec;
760 STC_LOGD("%s to add list [%3ld.%09ld]s",
761 ret == STC_ERROR_NONE ? "Successed" : "Failed", sec, nsec);
763 return_parameters = g_variant_new("(i)", ret);
765 STC_DEBUG_GDBUS_VARIANT("Return parameters: ", return_parameters);
766 STC_IPTABLES_DBUS_REPLY(invocation, return_parameters);
772 gboolean handle_iptables_remove_list(StcRule *object,
773 GDBusMethodInvocation *invocation,
778 GVariantIter *iter = NULL;
779 GVariantIter *iter_row = NULL;
780 stc_error_e ret = STC_ERROR_NONE;
781 GSList *iptables_list = NULL;
782 GVariant *return_parameters = NULL;
783 struct timespec start, end;
787 stc_set_keep_alive(TRUE);
789 clock_gettime(CLOCK_MONOTONIC, &start);
791 return_parameters = g_variant_new("(i)", STC_ERROR_NONE);
793 g_variant_get(rule_list, "aa{sv}", &iter);
794 while (g_variant_iter_next(iter, "a{sv}", &iter_row)) {
795 iptables_rule_s *rule = MALLOC0(iptables_rule_s, 1);
797 stc_iptables_gdbus_dict_foreach(iter_row,
801 iptables_list = g_slist_append(iptables_list, rule);
803 g_variant_iter_free(iter_row);
805 g_variant_iter_free(iter);
807 ret = iptables_remove_rule_list(iptables_list);
809 g_slist_free_full(iptables_list, __free_rule);
811 clock_gettime(CLOCK_MONOTONIC, &end);
813 sec = end.tv_sec - start.tv_sec;
814 nsec = end.tv_nsec - start.tv_nsec;
818 STC_LOGD("%s to remove list [%3ld.%09ld]s",
819 ret == STC_ERROR_NONE ? "Successed" : "Failed", sec, nsec);
821 return_parameters = g_variant_new("(i)", ret);
823 STC_DEBUG_GDBUS_VARIANT("Return parameters: ", return_parameters);
824 STC_IPTABLES_DBUS_REPLY(invocation, return_parameters);
830 gboolean handle_ip6tables_add_rule(StcRule *object,
831 GDBusMethodInvocation *invocation,
836 stc_error_e ret = STC_ERROR_NONE;
837 GVariant *return_parameters = NULL;
839 stc_set_keep_alive(TRUE);
842 GVariantIter *iter = NULL;
844 g_variant_get(rules, "a{sv}", &iter);
846 ip6tables_rule_s *rule = MALLOC0(ip6tables_rule_s, 1);
848 memset(rule, 0, sizeof(ip6tables_rule_s));
850 stc_iptables_gdbus_dict_foreach(iter,
851 __stc_extract_6_rule,
854 ret = ip6tables_add_rule(rule);
855 if (ret != STC_ERROR_NONE) {
857 STC_LOGE("Failed add rule [%s:%d:%s:%d:%s:%s]", rule->chain,
858 rule->direction, rule->ifname, rule->classid,
859 rule->nfacct_name, rule->target);
862 g_variant_iter_free(iter);
864 STC_IPTABLES_DBUS_REPLY_ERROR(invocation, ret);
873 g_variant_iter_free(iter);
875 STC_IPTABLES_DBUS_REPLY_ERROR(invocation, //LCOV_EXCL_LINE
876 STC_ERROR_INVALID_PARAMETER);
877 __LOG_FUNC_EXIT__; //LCOV_EXCL_LINE
878 return TRUE; //LCOV_EXCL_LINE
881 return_parameters = g_variant_new("(i)", STC_ERROR_NONE);
883 STC_DEBUG_GDBUS_VARIANT("Return parameters: ", return_parameters);
884 STC_IPTABLES_DBUS_REPLY(invocation, return_parameters);
890 gboolean handle_ip6tables_insert_rule(StcRule *object,
891 GDBusMethodInvocation *invocation,
896 stc_error_e ret = STC_ERROR_NONE;
897 GVariant *return_parameters = NULL;
899 stc_set_keep_alive(TRUE);
902 GVariantIter *iter = NULL;
904 g_variant_get(rules, "a{sv}", &iter);
906 ip6tables_rule_s *rule = MALLOC0(ip6tables_rule_s, 1);
908 memset(rule, 0, sizeof(ip6tables_rule_s));
910 stc_iptables_gdbus_dict_foreach(iter,
911 __stc_extract_6_rule,
914 ret = ip6tables_insert_rule(rule);
915 if (ret != STC_ERROR_NONE) {
917 STC_LOGE("Failed insert rule [%s:%d:%s:%d:%s:%s]", rule->chain,
918 rule->direction, rule->ifname, rule->classid,
919 rule->nfacct_name, rule->target);
922 g_variant_iter_free(iter);
924 STC_IPTABLES_DBUS_REPLY_ERROR(invocation, ret);
933 g_variant_iter_free(iter);
935 STC_IPTABLES_DBUS_REPLY_ERROR(invocation, //LCOV_EXCL_LINE
936 STC_ERROR_INVALID_PARAMETER);
937 __LOG_FUNC_EXIT__; //LCOV_EXCL_LINE
938 return TRUE; //LCOV_EXCL_LINE
941 return_parameters = g_variant_new("(i)", STC_ERROR_NONE);
943 STC_DEBUG_GDBUS_VARIANT("Return parameters: ", return_parameters);
944 STC_IPTABLES_DBUS_REPLY(invocation, return_parameters);
950 gboolean handle_ip6tables_remove_rule(StcRule *object,
951 GDBusMethodInvocation *invocation,
956 stc_error_e ret = STC_ERROR_NONE;
957 GVariant *return_parameters = NULL;
959 stc_set_keep_alive(TRUE);
962 GVariantIter *iter = NULL;
963 g_variant_get(rules, "a{sv}", &iter);
965 ip6tables_rule_s *rule = MALLOC0(ip6tables_rule_s, 1);
967 memset(rule, 0, sizeof(ip6tables_rule_s));
969 stc_iptables_gdbus_dict_foreach(iter,
970 __stc_extract_6_rule,
973 ret = ip6tables_remove_rule(rule);
974 if (ret != STC_ERROR_NONE) {
976 STC_LOGE("Failed remove rule [%s:%d:%s:%d:%s:%s]", rule->chain,
977 rule->direction, rule->ifname, rule->classid,
978 rule->nfacct_name, rule->target);
981 g_variant_iter_free(iter);
983 STC_IPTABLES_DBUS_REPLY_ERROR(invocation, ret);
992 g_variant_iter_free(iter);
994 STC_IPTABLES_DBUS_REPLY_ERROR(invocation, //LCOV_EXCL_LINE
995 STC_ERROR_INVALID_PARAMETER);
996 __LOG_FUNC_EXIT__; //LCOV_EXCL_LINE
997 return TRUE; //LCOV_EXCL_LINE
1000 return_parameters = g_variant_new("(i)", STC_ERROR_NONE);
1002 STC_DEBUG_GDBUS_VARIANT("Return parameters: ", return_parameters);
1003 STC_IPTABLES_DBUS_REPLY(invocation, return_parameters);
1009 gboolean handle_ip6tables_add_chain(StcChain *object,
1010 GDBusMethodInvocation *invocation,
1015 stc_error_e ret = STC_ERROR_NONE;
1016 GVariant *return_parameters = NULL;
1018 stc_set_keep_alive(TRUE);
1020 ret = ip6tables_add_chain(chain);
1021 if (ret < STC_ERROR_NONE) {
1022 STC_IPTABLES_DBUS_REPLY_ERROR(invocation, ret); //LCOV_EXCL_LINE
1023 __LOG_FUNC_EXIT__; //LCOV_EXCL_LINE
1024 return TRUE; //LCOV_EXCL_LINE
1027 return_parameters = g_variant_new("(i)", STC_ERROR_NONE);
1029 STC_DEBUG_GDBUS_VARIANT("Return parameters: ", return_parameters);
1030 STC_IPTABLES_DBUS_REPLY(invocation, return_parameters);
1036 gboolean handle_ip6tables_remove_chain(StcChain *object,
1037 GDBusMethodInvocation *invocation,
1042 stc_error_e ret = STC_ERROR_NONE;
1043 GVariant *return_parameters = NULL;
1045 stc_set_keep_alive(TRUE);
1047 ret = ip6tables_remove_chain(chain);
1048 if (ret < STC_ERROR_NONE) {
1049 STC_IPTABLES_DBUS_REPLY_ERROR(invocation, ret); //LCOV_EXCL_LINE
1050 __LOG_FUNC_EXIT__; //LCOV_EXCL_LINE
1051 return TRUE; //LCOV_EXCL_LINE
1054 return_parameters = g_variant_new("(i)", STC_ERROR_NONE);
1056 STC_DEBUG_GDBUS_VARIANT("Return parameters: ", return_parameters);
1057 STC_IPTABLES_DBUS_REPLY(invocation, return_parameters);
1063 gboolean handle_ip6tables_flush_chain(StcChain *object,
1064 GDBusMethodInvocation *invocation,
1069 stc_error_e ret = STC_ERROR_NONE;
1070 GVariant *return_parameters = NULL;
1072 stc_set_keep_alive(TRUE);
1074 ret = ip6tables_flush_chain(chain);
1075 if (ret < STC_ERROR_NONE) {
1076 STC_IPTABLES_DBUS_REPLY_ERROR(invocation, ret); //LCOV_EXCL_LINE
1077 __LOG_FUNC_EXIT__; //LCOV_EXCL_LINE
1078 return TRUE; //LCOV_EXCL_LINE
1081 return_parameters = g_variant_new("(i)", STC_ERROR_NONE);
1083 STC_DEBUG_GDBUS_VARIANT("Return parameters: ", return_parameters);
1084 STC_IPTABLES_DBUS_REPLY(invocation, return_parameters);
1090 gboolean handle_ip6tables_add_list(StcRule *object,
1091 GDBusMethodInvocation *invocation,
1092 GVariant *rule_list,
1096 GVariantIter *iter = NULL;
1097 GVariantIter *iter_row = NULL;
1098 stc_error_e ret = STC_ERROR_NONE;
1099 GSList *iptables_list = NULL;
1100 GVariant *return_parameters = NULL;
1101 struct timespec start, end;
1105 stc_set_keep_alive(TRUE);
1107 clock_gettime(CLOCK_MONOTONIC, &start);
1109 g_variant_get(rule_list, "aa{sv}", &iter);
1110 while (g_variant_iter_next(iter, "a{sv}", &iter_row)) {
1111 ip6tables_rule_s *rule = MALLOC0(ip6tables_rule_s, 1);
1113 stc_iptables_gdbus_dict_foreach(iter_row,
1114 __stc_extract_6_rule,
1117 iptables_list = g_slist_append(iptables_list, rule);
1119 g_variant_iter_free(iter_row);
1121 g_variant_iter_free(iter);
1123 clock_gettime(CLOCK_MONOTONIC, &end);
1125 ret = ip6tables_add_rule_list(iptables_list);
1127 g_slist_free_full(iptables_list, __free_6_rule);
1129 sec = end.tv_sec - start.tv_sec;
1130 nsec = end.tv_nsec - start.tv_nsec;
1134 STC_LOGD("%s to add list [%3ld.%09ld]s",
1135 ret == STC_ERROR_NONE ? "Successed" : "Failed", sec, nsec);
1137 return_parameters = g_variant_new("(i)", ret);
1139 STC_DEBUG_GDBUS_VARIANT("Return parameters: ", return_parameters);
1140 STC_IPTABLES_DBUS_REPLY(invocation, return_parameters);
1146 gboolean handle_ip6tables_remove_list(StcRule *object,
1147 GDBusMethodInvocation *invocation,
1148 GVariant *rule_list,
1152 GVariantIter *iter = NULL;
1153 GVariantIter *iter_row = NULL;
1154 stc_error_e ret = STC_ERROR_NONE;
1155 GSList *iptables_list = NULL;
1156 GVariant *return_parameters = NULL;
1157 struct timespec start, end;
1161 stc_set_keep_alive(TRUE);
1163 clock_gettime(CLOCK_MONOTONIC, &start);
1165 g_variant_get(rule_list, "aa{sv}", &iter);
1166 while (g_variant_iter_next(iter, "a{sv}", &iter_row)) {
1167 ip6tables_rule_s *rule = MALLOC0(ip6tables_rule_s, 1);
1169 stc_iptables_gdbus_dict_foreach(iter_row,
1170 __stc_extract_6_rule,
1173 iptables_list = g_slist_append(iptables_list, rule);
1175 g_variant_iter_free(iter_row);
1177 g_variant_iter_free(iter);
1179 ret = ip6tables_remove_rule_list(iptables_list);
1181 g_slist_free_full(iptables_list, __free_6_rule);
1183 clock_gettime(CLOCK_MONOTONIC, &end);
1185 sec = end.tv_sec - start.tv_sec;
1186 nsec = end.tv_nsec - start.tv_nsec;
1190 STC_LOGD("%s to add list [%3ld.%09ld]s",
1191 ret == STC_ERROR_NONE ? "Successed" : "Failed", sec, nsec);
1193 return_parameters = g_variant_new("(i)", STC_ERROR_NONE);
1195 STC_DEBUG_GDBUS_VARIANT("Return parameters: ", return_parameters);
1196 STC_IPTABLES_DBUS_REPLY(invocation, return_parameters);
projects / platform / core / connectivity / stc-iptables.git / blob