Fix a coverity for unchecking return value

[platform/core/connectivity/stc-manager.git] / src / helper / helper-nfacct-rule.c

diff --git a/src/helper/helper-nfacct-rule.c b/src/helper/helper-nfacct-rule.c
old mode 100755 (executable)
new mode 100644 (file)
index 3923daf..a3e4647
--- a/src/helper/helper-nfacct-rule.c
+++ b/src/helper/helper-nfacct-rule.c
@@ -142,9 +142,6 @@ static stc_error_e nfacct_send_new(nfacct_rule_s *counter)
        prepare_netlink_msg(req, NFNL_MSG_ACCT_NEW, NLM_F_CREATE | NLM_F_ACK);
        add_string_attr(req, counter->name, NFACCT_NAME);
 
-       if (STC_DEBUG_LOG)
-               STC_LOGD("counter name %s", counter->name); //LCOV_EXCL_LINE
-
        /* padding */
        add_uint64_attr(req, 0, NFACCT_PKTS);
        add_uint64_attr(req, 0, NFACCT_BYTES);
@@ -172,9 +169,6 @@ stc_error_e nfacct_send_del(nfacct_rule_s *counter)
                return STC_ERROR_OUT_OF_MEMORY; //LCOV_EXCL_LINE
        }
 
-       if (STC_DEBUG_LOG)
-               STC_LOGD("send remove request for %s", counter->name); //LCOV_EXCL_LINE
-
        prepare_netlink_msg(req, NFNL_MSG_ACCT_DEL, NLM_F_ACK);
        add_string_attr(req, counter->name, NFACCT_NAME);
 
@@ -255,7 +249,7 @@ static nfacct_rule_direction convert_to_iotype(int type)
 static stc_iface_type_e convert_to_iftype(int type)
 {
        return (type < STC_IFACE_LAST_ELEM &&
-               type > STC_IFACE_UNKNOWN) ? type : STC_IFACE_UNKNOWN;
+                       type > STC_IFACE_UNKNOWN) ? type : STC_IFACE_UNKNOWN;
 }
 
 bool recreate_counter_by_name(char *cnt_name, nfacct_rule_s *cnt)
@@ -291,6 +285,14 @@ bool recreate_counter_by_name(char *cnt_name, nfacct_rule_s *cnt)
 
        STRING_SAVE_COPY(cnt->name, cnt_name);
 
+#if 0
+       /* ========================================================
+        * NOTE:-
+        * Below parsing for tethering case is not in use
+        * stc-manager needs to ignore this for NFACCT_TETH_COUNTER
+        * this is disbaled for future use.
+        * =======================================================*/
+
        //LCOV_EXCL_START
        if (cnt->intend == NFACCT_TETH_COUNTER) {
                char ifname_buf[MAX_IFACE_LENGTH];
@@ -328,6 +330,7 @@ bool recreate_counter_by_name(char *cnt_name, nfacct_rule_s *cnt)
                return true;
        }
        //LCOV_EXCL_STOP
+#endif
 
        io_part = strtok_r(name, "_", &save_ptr);
        if (io_part != NULL)
@@ -454,12 +457,42 @@ static stc_error_e exec_iptables_cmd(nfacct_rule_s *rule)
        iptables_rule.nfacct_name = g_strdup(rule->name);
        iptables_rule.ifname = g_strdup(rule->ifname);
        iptables_rule.target = g_strdup(get_iptables_jump(rule->jump));
-       iptables_rule.chain = g_strdup(get_iptables_chain(rule->iotype));
+
+       /* In case of tehering rules use chain 'STC_TETHER' */
+       if (rule->intend == NFACCT_TETH_COUNTER ||
+                       rule->intend == NFACCT_TETH_ALLOW ||
+                       rule->intend == NFACCT_TETH_BLOCK)
+               iptables_rule.chain = g_strdup(STC_TETHER_CHAIN);
+       else
+               iptables_rule.chain = g_strdup(get_iptables_chain(rule->iotype));
+
        iptables_rule.classid = rule->classid;
        iptables_rule.direction = (rule->iotype & NFACCT_COUNTER_IN) ?
                                        IPTABLES_DIRECTION_IN : IPTABLES_DIRECTION_OUT;
        iptype = (iptables_ip_type_e)rule->iptype;
 
+       /* specify the ip range type for source and destination */
+       iptables_rule.s_iprange_type = rule->src_iprange_type;
+       iptables_rule.d_iprange_type = rule->dst_iprange_type;
+
+       /* specify source and destination ip address if any */
+       if (rule->src_ip1) {
+               if (!inet_aton(rule->src_ip1, &iptables_rule.s_ip1))
+                       STC_LOGE("Failed to inet aton [%s]", rule->src_ip1);
+       }
+       if (rule->src_ip2) {
+               if (!inet_aton(rule->src_ip2, &iptables_rule.s_ip2))
+                       STC_LOGE("Failed to inet aton [%s]", rule->src_ip2);
+       }
+       if (rule->dst_ip1) {
+               if (!inet_aton(rule->dst_ip1, &iptables_rule.d_ip1))
+                       STC_LOGE("Failed to inet aton [%s]", rule->dst_ip1);
+       }
+       if (rule->dst_ip2) {
+               if (!inet_aton(rule->dst_ip2, &iptables_rule.d_ip2))
+                       STC_LOGE("Failed to inet aton [%s]", rule->dst_ip2);
+       }
+
        if (rule->action == NFACCT_ACTION_DELETE) {
                /* delete interface rule */
                ret = iptables_remove(&iptables_rule, iptype);
@@ -484,8 +517,9 @@ static stc_error_e produce_app_rule(nfacct_rule_s *rule)
        char *set_cmd = get_iptables_cmd(rule->action);
        char *jump_cmd = get_iptables_jump(rule->jump);
        char nfacct_buf[sizeof(NFACCT_NAME_MOD) +
-               3*MAX_DEC_SIZE(int) + 4];
+               3*MAX_DEC_SIZE(int) + 4 + 1];
        stc_error_e ret = STC_ERROR_NONE;
+       uint32_t classid = rule->classid;
 
        /* income part */
        if (rule->iotype & NFACCT_COUNTER_IN) {
@@ -514,7 +548,23 @@ static stc_error_e produce_app_rule(nfacct_rule_s *rule)
                ret_value_msg_if(ret > sizeof(nfacct_buf) || ret < 0,
                                 STC_ERROR_FAIL, "Not enought buffer");
 
+               /* cgroup extention on FORWARD chain are not allowed
+                * remove classid info in case of tethering rules */
+               if (rule->intend == NFACCT_TETH_COUNTER ||
+                               rule->intend == NFACCT_TETH_ALLOW ||
+                               rule->intend == NFACCT_TETH_BLOCK) {
+                       classid = rule->classid;
+                       rule->classid = 0;
+               }
+
                ret = exec_iptables_cmd(rule);
+
+               /* restore the classid info in case of tethering rule */
+               if (rule->intend == NFACCT_TETH_COUNTER ||
+                               rule->intend == NFACCT_TETH_ALLOW ||
+                               rule->intend == NFACCT_TETH_BLOCK)
+                       rule->classid = classid;
+
                ret_value_msg_if(ret != STC_ERROR_NONE, STC_ERROR_FAIL,
                                 "Can't set conditional block for ingress"
                                 " traffic, for classid %u, cmd %s, j %s",
@@ -557,7 +607,23 @@ static stc_error_e produce_app_rule(nfacct_rule_s *rule)
                ret_value_msg_if(ret > sizeof(nfacct_buf) || ret < 0,
                                 STC_ERROR_FAIL, "Not enought buffer");
 
+               /* cgroup extention on FORWARD chain are not allowed
+                * remove classid info in case of tethering rules */
+               if (rule->intend == NFACCT_TETH_COUNTER ||
+                               rule->intend == NFACCT_TETH_ALLOW ||
+                               rule->intend == NFACCT_TETH_BLOCK) {
+                       classid = rule->classid;
+                       rule->classid = 0;
+               }
+
                ret = exec_iptables_cmd(rule);
+
+               /* restore the classid info in case of tethering rule */
+               if (rule->intend == NFACCT_TETH_COUNTER ||
+                               rule->intend == NFACCT_TETH_ALLOW ||
+                               rule->intend == NFACCT_TETH_BLOCK)
+                       rule->classid = classid;
+
                ret_value_msg_if(ret != STC_ERROR_NONE, STC_ERROR_FAIL,
                                 "Can't set conditional block for engress"
                                 " traffic, for classid %u, cmd %s, j %s",
@@ -587,7 +653,7 @@ static stc_error_e produce_iface_rule(nfacct_rule_s *rule)
        char *set_cmd = get_iptables_cmd(rule->action);
        char *jump_cmd = get_iptables_jump(rule->jump);
        char nfacct_buf[sizeof(NFACCT_NAME_MOD) +
-               3*MAX_DEC_SIZE(int) + 4];
+               3*MAX_DEC_SIZE(int) + 4 + 1];
        uint32_t classid = rule->classid;
        stc_error_e ret;
 
@@ -756,12 +822,17 @@ void generate_counter_name(nfacct_rule_s *counter)
                STRING_SAVE_COPY(counter->ifname, iftype_name);
        }
 
-       if (counter->intend  == NFACCT_WARN)
+       if (counter->intend  == NFACCT_WARN ||
+                       counter->intend == NFACCT_TETH_WARN)
                warn_symbol = 'w';
-       else if (counter->intend  == NFACCT_BLOCK)
+       else if (counter->intend  == NFACCT_BLOCK ||
+                       counter->intend == NFACCT_TETH_BLOCK)
                warn_symbol = 'r';
-       else if (counter->intend  == NFACCT_ALLOW)
+       else if (counter->intend  == NFACCT_ALLOW ||
+                       counter->intend == NFACCT_TETH_ALLOW)
                warn_symbol = 'a';
+       else if (counter->intend == NFACCT_TETH_COUNTER)
+               warn_symbol = 't';
        snprintf(counter->name, NFACCT_NAME_MAX, "%c%d_%d_%d_%s",
                 warn_symbol, counter->iotype, counter->iftype,
                 counter->classid, counter->ifname);