projects / platform / core / connectivity / stc-manager.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3c75251)
Add exclusion rule logic 48/171048/2 accepted/tizen/unified/20180305.152640 submit/tizen/20180305.084154
authorNishant Chaprana <n.chaprana@samsung.com>
Mon, 26 Feb 2018 07:32:54 +0000 (13:02 +0530)
committerNishant Chaprana <n.chaprana@samsung.com>
Mon, 26 Feb 2018 07:38:49 +0000 (13:08 +0530)
Description:
This patch adds implementation below features for exclusion rule
1) add exclusion rule
2) delete exclusion rule
3) update exclusion rule

Change-Id: I30a0e2602a53c6d76d501717a8428a2e077b0ea4
Signed-off-by: Nishant Chaprana <n.chaprana@samsung.com>
include/stc-manager.h patch | blob | history
packaging/stc-manager.spec patch | blob | history
src/database/tables/table-restrictions.c patch | blob | history
src/helper/helper-nfacct-rule.c patch | blob | history
src/helper/helper-nfacct-rule.h patch | blob | history
src/monitor/stc-monitor.c patch | blob | history

diff --git a/include/stc-manager.h b/include/stc-manager.h
index bb23514..1a84f69 100755 (executable)
--- a/include/stc-manager.h
+++ b/include/stc-manager.h
@@ -77,9 +77,8 @@ typedef enum {
  */
 typedef enum {
        STC_RESTRICTION_UNKNOWN,
  */
 typedef enum {
        STC_RESTRICTION_UNKNOWN,
-       STC_RESTRICTION_ACTIVATED,  /** < restriction has been activated */
-       STC_RESTRICTION_REMOVED,    /** < restriction has been removed */
-       STC_RESTRICTION_EXCLUDED,   /** < restriction has been excluded */
+       STC_RESTRICTION_ACTIVATED,  /**< restriction has been activated */
+       STC_RESTRICTION_DEACTIVATED,  /**< restriction has been deactivated */
        STC_RESTRICTION_LAST_ELEM
 } stc_restriction_state_e;
 
        STC_RESTRICTION_LAST_ELEM
 } stc_restriction_state_e;
 
diff --git a/packaging/stc-manager.spec b/packaging/stc-manager.spec
index 7762b06..7b9b87e 100644 (file)
--- a/packaging/stc-manager.spec
+++ b/packaging/stc-manager.spec
@@ -1,6 +1,6 @@
 Name:       stc-manager
 Summary:    STC(Smart Traffic Control) manager
 Name:       stc-manager
 Summary:    STC(Smart Traffic Control) manager
-Version:    0.0.53
+Version:    0.0.54
 Release:    0
 Group:      Network & Connectivity/Other
 License:    Apache-2.0
 Release:    0
 Group:      Network & Connectivity/Other
 License:    Apache-2.0
diff --git a/src/database/tables/table-restrictions.c b/src/database/tables/table-restrictions.c
index 2d64f9c..8452926 100755 (executable)
--- a/src/database/tables/table-restrictions.c
+++ b/src/database/tables/table-restrictions.c
@@ -49,7 +49,7 @@
 
 #define SELECT_RESTRICTION_ID "SELECT restriction_id FROM restrictions " \
        " WHERE binpath = ? AND iftype = ? AND subscriber_id = ? AND " \
 
 #define SELECT_RESTRICTION_ID "SELECT restriction_id FROM restrictions " \
        " WHERE binpath = ? AND iftype = ? AND subscriber_id = ? AND " \
-       " rst_type = ? AND roaming = ? AND ifname = ?"
+       " roaming = ? AND ifname = ?"
 
 /* UPDATE statement */
 #define UPDATE_NET_RESTRICTIONS "UPDATE restrictions " \
 
 /* UPDATE statement */
 #define UPDATE_NET_RESTRICTIONS "UPDATE restrictions " \
@@ -475,9 +475,8 @@ stc_error_e __get_restriction_id(table_restrictions_info *info)
        DB_ACTION(sqlite3_bind_int(stmt, 2, info->iftype));
        DB_ACTION(sqlite3_bind_text(stmt, 3, info->subscriber_id ? info->subscriber_id : "",
                                    -1, SQLITE_TRANSIENT));
        DB_ACTION(sqlite3_bind_int(stmt, 2, info->iftype));
        DB_ACTION(sqlite3_bind_text(stmt, 3, info->subscriber_id ? info->subscriber_id : "",
                                    -1, SQLITE_TRANSIENT));
-       DB_ACTION(sqlite3_bind_int(stmt, 4, info->rst_type));
-       DB_ACTION(sqlite3_bind_int(stmt, 5, info->roaming));
-       DB_ACTION(sqlite3_bind_text(stmt, 6, info->ifname ? info->ifname : "",
+       DB_ACTION(sqlite3_bind_int(stmt, 4, info->roaming));
+       DB_ACTION(sqlite3_bind_text(stmt, 5, info->ifname ? info->ifname : "",
                                    -1, SQLITE_TRANSIENT));
 
        rc = sqlite3_step(stmt);
                                    -1, SQLITE_TRANSIENT));
 
        rc = sqlite3_step(stmt);
diff --git a/src/helper/helper-nfacct-rule.c b/src/helper/helper-nfacct-rule.c
index 87d2270..4c12965 100755 (executable)
--- a/src/helper/helper-nfacct-rule.c
+++ b/src/helper/helper-nfacct-rule.c
@@ -279,6 +279,9 @@ bool recreate_counter_by_name(char *cnt_name, nfacct_rule_s *cnt)
        case 'r':
                cnt->intend  = NFACCT_BLOCK;
                break;
        case 'r':
                cnt->intend  = NFACCT_BLOCK;
                break;
+       case 'a':
+               cnt->intend  = NFACCT_ALLOW;
+               break;
        case 't':
                cnt->intend  = NFACCT_TETH_COUNTER; //LCOV_EXCL_LINE
                break; //LCOV_EXCL_LINE
        case 't':
                cnt->intend  = NFACCT_TETH_COUNTER; //LCOV_EXCL_LINE
                break; //LCOV_EXCL_LINE
@@ -756,6 +759,8 @@ void generate_counter_name(nfacct_rule_s *counter)
                warn_symbol = 'w';
        else if (counter->intend  == NFACCT_BLOCK)
                warn_symbol = 'r';
                warn_symbol = 'w';
        else if (counter->intend  == NFACCT_BLOCK)
                warn_symbol = 'r';
+       else if (counter->intend  == NFACCT_ALLOW)
+               warn_symbol = 'a';
        snprintf(counter->name, NFACCT_NAME_MAX, "%c%d_%d_%d_%s",
                 warn_symbol, counter->iotype, counter->iftype,
                 counter->classid, counter->ifname);
        snprintf(counter->name, NFACCT_NAME_MAX, "%c%d_%d_%d_%s",
                 warn_symbol, counter->iotype, counter->iftype,
                 counter->classid, counter->ifname);
diff --git a/src/helper/helper-nfacct-rule.h b/src/helper/helper-nfacct-rule.h
index 472cf29..c305246 100755 (executable)
--- a/src/helper/helper-nfacct-rule.h
+++ b/src/helper/helper-nfacct-rule.h
@@ -54,6 +54,7 @@ typedef enum {
        NFACCT_COUNTER,
        NFACCT_WARN,
        NFACCT_BLOCK,
        NFACCT_COUNTER,
        NFACCT_WARN,
        NFACCT_BLOCK,
+       NFACCT_ALLOW,
        NFACCT_TETH_COUNTER,
        NFACCT_RULE_LAST_ELEM,
 } nfacct_rule_intend;
        NFACCT_TETH_COUNTER,
        NFACCT_RULE_LAST_ELEM,
 } nfacct_rule_intend;
diff --git a/src/monitor/stc-monitor.c b/src/monitor/stc-monitor.c
index 50a917f..83d64d0 100755 (executable)
--- a/src/monitor/stc-monitor.c
+++ b/src/monitor/stc-monitor.c
@@ -54,6 +54,8 @@ static nfacct_rule_jump __get_jump_by_intend(struct nfacct_rule *counter)
                return NFACCT_JUMP_ACCEPT;
        else if (counter->intend == NFACCT_BLOCK)
                return NFACCT_JUMP_REJECT;
                return NFACCT_JUMP_ACCEPT;
        else if (counter->intend == NFACCT_BLOCK)
                return NFACCT_JUMP_REJECT;
+       else if (counter->intend == NFACCT_ALLOW)
+               return NFACCT_JUMP_ACCEPT;
 
        return NFACCT_JUMP_UNKNOWN;
 }
 
        return NFACCT_JUMP_UNKNOWN;
 }
@@ -460,20 +462,94 @@ static void __print_rstn(stc_rstn_key_s *rstn_key, stc_rstn_value_s *rstn_value)
 {
        STC_LOGI("rstn info => rstn_id [%llu], "
                 "app_id [%s], classid [%lu], ifname [%s], "
 {
        STC_LOGI("rstn info => rstn_id [%llu], "
                 "app_id [%s], classid [%lu], ifname [%s], "
-                "iftype [%d], rst_state [%d], "
+                "iftype [%d], rst_state [%d], rst_type [%d], "
                 "limit [ (%lld) bytes], "
                 "warn_limit [ (%lld) bytes], "
                 "counter [ (%lld) bytes], "
                 "roaming [%d], subscriber_id [%s]",
                 rstn_value->restriction_id,
                 rstn_key->app_id, rstn_value->classid , rstn_key->ifname,
                 "limit [ (%lld) bytes], "
                 "warn_limit [ (%lld) bytes], "
                 "counter [ (%lld) bytes], "
                 "roaming [%d], subscriber_id [%s]",
                 rstn_value->restriction_id,
                 rstn_key->app_id, rstn_value->classid , rstn_key->ifname,
-                rstn_key->iftype, rstn_value->rst_state,
+                rstn_key->iftype, rstn_value->rst_state, rstn_value->rst_type,
                 rstn_value->data_limit,
                 rstn_value->data_warn_limit,
                 rstn_value->data_counter,
                 rstn_key->roaming, rstn_key->subscriber_id);
 }
 
                 rstn_value->data_limit,
                 rstn_value->data_warn_limit,
                 rstn_value->data_counter,
                 rstn_key->roaming, rstn_key->subscriber_id);
 }
 
+static void __add_iptables_rule(int64_t classid, nfacct_rule_intend intend,
+                               stc_iface_type_e iftype)
+{
+       char *default_ifname = stc_default_connection_get_ifname();
+       struct nfacct_rule counter;
+       stc_s *stc = stc_get_manager();
+       if (!stc) {
+               g_free(default_ifname); //LCOV_EXCL_LINE
+               return; //LCOV_EXCL_LINE
+       }
+
+       if (!stc->carg) {
+               stc->carg = MALLOC0(counter_arg_s, 1); //LCOV_EXCL_LINE
+               if (stc->carg == NULL) { //LCOV_EXCL_LINE
+                       g_free(default_ifname); //LCOV_EXCL_LINE
+                       return; //LCOV_EXCL_LINE
+               }
+
+               stc->carg->sock = stc_monitor_get_counter_socket(); //LCOV_EXCL_LINE
+       }
+
+       counter.carg = stc->carg;
+       counter.classid = classid;
+       counter.intend = intend;
+       counter.iftype = iftype;
+       g_strlcpy(counter.ifname, default_ifname, MAX_IFACE_LENGTH);
+       g_free(default_ifname);
+
+       /* iptables rule */
+       __add_iptables_in(&counter);
+       __add_iptables_out(&counter);
+
+       /* ip6tables rule */
+       __add_ip6tables_in(&counter);
+       __add_ip6tables_out(&counter);
+}
+
+static void __del_iptables_rule(int64_t classid, nfacct_rule_intend intend,
+                               stc_iface_type_e iftype)
+{
+       char *default_ifname = stc_default_connection_get_ifname();
+       struct nfacct_rule counter;
+       stc_s *stc = stc_get_manager();
+       if (!stc) {
+               g_free(default_ifname); //LCOV_EXCL_LINE
+               return; //LCOV_EXCL_LINE
+       }
+
+       if (!stc->carg) {
+               stc->carg = MALLOC0(counter_arg_s, 1); //LCOV_EXCL_LINE
+               if (stc->carg == NULL) { //LCOV_EXCL_LINE
+                       g_free(default_ifname); //LCOV_EXCL_LINE
+                       return; //LCOV_EXCL_LINE
+               }
+
+               stc->carg->sock = stc_monitor_get_counter_socket(); //LCOV_EXCL_LINE
+       }
+
+       counter.carg = stc->carg;
+       counter.classid = classid;
+       counter.intend = intend;
+       counter.iftype = iftype;
+       g_strlcpy(counter.ifname, default_ifname, MAX_IFACE_LENGTH);
+       g_free(default_ifname);
+
+       /* iptables rule */
+       __del_iptables_in(&counter);
+       __del_iptables_out(&counter);
+
+       /* ip6tables rule */
+       __del_ip6tables_in(&counter);
+       __del_ip6tables_out(&counter);
+}
+
 static void __process_restriction(enum traffic_restriction_type rst_type,
                                  stc_rstn_key_s *rstn_key,
                                  stc_rstn_value_s *rstn_value, void *data)
 static void __process_restriction(enum traffic_restriction_type rst_type,
                                  stc_rstn_key_s *rstn_key,
                                  stc_rstn_value_s *rstn_value, void *data)
@@ -531,87 +607,26 @@ static void __process_restriction(enum traffic_restriction_type rst_type,
 
        switch (rst_type) {
        case RST_SET:
 
        switch (rst_type) {
        case RST_SET:
-               if (effective_data_limit <= 0) {
-                       char *default_ifname = stc_default_connection_get_ifname();
-                       struct nfacct_rule counter;
-                       stc_s *stc = stc_get_manager();
-                       if (!stc) {
-                               g_free(default_ifname); //LCOV_EXCL_LINE
-                               return; //LCOV_EXCL_LINE
-                       }
-
-                       if (!stc->carg) {
-                               stc->carg = MALLOC0(counter_arg_s, 1); //LCOV_EXCL_LINE
-                               if (stc->carg == NULL) { //LCOV_EXCL_LINE
-                                       g_free(default_ifname); //LCOV_EXCL_LINE
-                                       return; //LCOV_EXCL_LINE
-                               }
-
-                               stc->carg->sock = stc_monitor_get_counter_socket(); //LCOV_EXCL_LINE
-                       }
-
-                       counter.carg = stc->carg;
-                       counter.classid = rstn_value->classid;
-                       counter.intend = NFACCT_BLOCK;
-                       counter.iftype = rstn_key->iftype;
-                       g_strlcpy(counter.ifname, default_ifname,
-                                 MAX_IFACE_LENGTH);
-                       g_free(default_ifname);
-
-                       /* iptables rule */
-                       __add_iptables_in(&counter);
-                       __add_iptables_out(&counter);
-
-                       /* ip6tables rule */
-                       __add_ip6tables_in(&counter);
-                       __add_ip6tables_out(&counter);
-               }
+               if (effective_data_limit <= 0)
+                       __add_iptables_rule(rstn_value->classid, NFACCT_BLOCK,
+                                           rstn_key->iftype);
 
                rstn_value->rst_state = STC_RESTRICTION_ACTIVATED;
                rstn_value->data_limit_reached = FALSE;
                break;
        case RST_EXCLUDE:
 
                rstn_value->rst_state = STC_RESTRICTION_ACTIVATED;
                rstn_value->data_limit_reached = FALSE;
                break;
        case RST_EXCLUDE:
-               ;//Do Nothing
+               __add_iptables_rule(rstn_value->classid, NFACCT_ALLOW,
+                                   rstn_key->iftype);
+
+               rstn_value->rst_state = STC_RESTRICTION_ACTIVATED;
+               rstn_value->data_limit_reached = TRUE;
                break;
        case RST_UNSET:
                break;
        case RST_UNSET:
-               {
-                       char *default_ifname = stc_default_connection_get_ifname();
-                       struct nfacct_rule counter;
-                       stc_s *stc = stc_get_manager();
-                       if (!stc) {
-                               g_free(default_ifname); //LCOV_EXCL_LINE
-                               return; //LCOV_EXCL_LINE
-                       }
-
-                       if (!stc->carg) {
-                               stc->carg = MALLOC0(counter_arg_s, 1); //LCOV_EXCL_LINE
-                               if (stc->carg == NULL) { //LCOV_EXCL_LINE
-                                       g_free(default_ifname); //LCOV_EXCL_LINE
-                                       return; //LCOV_EXCL_LINE
-                               }
-
-                               stc->carg->sock = stc_monitor_get_counter_socket(); //LCOV_EXCL_LINE
-                       }
-
-                       counter.carg = stc->carg;
-                       counter.classid = rstn_value->classid;
-                       counter.intend = NFACCT_BLOCK;
-                       counter.iftype = rstn_key->iftype;
-                       g_strlcpy(counter.ifname, default_ifname,
-                                 MAX_IFACE_LENGTH);
-                       g_free(default_ifname);
-
-                       /* iptables rule */
-                       __del_iptables_in(&counter);
-                       __del_iptables_out(&counter);
-
-                       /* ip6tables rule */
-                       __del_ip6tables_in(&counter);
-                       __del_ip6tables_out(&counter);
-
-                       rstn_value->rst_state = STC_RESTRICTION_REMOVED;
-                       rstn_value->data_limit_reached = FALSE;
-               }
+               __del_iptables_rule(rstn_value->classid, rstn_value->rst_type,
+                                   rstn_key->iftype);
+
+               rstn_value->rst_state = STC_RESTRICTION_DEACTIVATED;
+               rstn_value->data_limit_reached = FALSE;
                break;
        default:
                ;//Do Nothing
                break;
        default:
                ;//Do Nothing
@@ -636,7 +651,7 @@ static gboolean __remove_rstns_foreach_application(gpointer key,
                goto out;
 
        /* rstn rule is already removed */
                goto out;
 
        /* rstn rule is already removed */
-       if (rstn_value->rst_state == STC_RESTRICTION_REMOVED)
+       if (rstn_value->rst_state == STC_RESTRICTION_DEACTIVATED)
                goto out;
 
        /* remove restriction from system */
                goto out;
 
        /* remove restriction from system */
@@ -1263,7 +1278,7 @@ static gboolean __add_restriction_debug(gpointer key, gpointer value,
        if (rstn_value->rst_state == STC_RESTRICTION_ACTIVATED)
                return FALSE;
 
        if (rstn_value->rst_state == STC_RESTRICTION_ACTIVATED)
                return FALSE;
 
-       if (rstn_value->rst_state == STC_RESTRICTION_EXCLUDED)
+       if (rstn_value->rst_type == STC_RSTN_TYPE_EXCLUDED)
                __process_restriction(RST_EXCLUDE, rstn_key, rstn_value, data);
        else
                __process_restriction(RST_SET, rstn_key, rstn_value, data);
                __process_restriction(RST_EXCLUDE, rstn_key, rstn_value, data);
        else
                __process_restriction(RST_SET, rstn_key, rstn_value, data);
@@ -1283,7 +1298,7 @@ static gboolean __add_restriction(gpointer key, gpointer value, gpointer data)
        if (rstn_value->rst_state == STC_RESTRICTION_ACTIVATED)
                return FALSE;
 
        if (rstn_value->rst_state == STC_RESTRICTION_ACTIVATED)
                return FALSE;
 
-       if (rstn_value->rst_state == STC_RESTRICTION_EXCLUDED)
+       if (rstn_value->rst_type == STC_RSTN_TYPE_EXCLUDED)
                __process_restriction(RST_EXCLUDE, rstn_key, rstn_value, data);
        else
                __process_restriction(RST_SET, rstn_key, rstn_value, data);
                __process_restriction(RST_EXCLUDE, rstn_key, rstn_value, data);
        else
                __process_restriction(RST_SET, rstn_key, rstn_value, data);
@@ -1320,34 +1335,36 @@ static stc_error_e __rstn_tree_remove(stc_rstn_key_s *key)
 static stc_error_e __rstn_tree_add(stc_rstn_key_s *key,
                                   stc_rstn_value_s *value, gboolean debug)
 {
 static stc_error_e __rstn_tree_add(stc_rstn_key_s *key,
                                   stc_rstn_value_s *value, gboolean debug)
 {
+       stc_rstn_key_s *rstn_key;
        stc_rstn_value_s *rstn_value;
 
        ret_value_msg_if(g_system == NULL, STC_ERROR_FAIL, "stc monitor not initialized!");
 
        rstn_value = __rstn_lookup(g_system->rstns, key);
        stc_rstn_value_s *rstn_value;
 
        ret_value_msg_if(g_system == NULL, STC_ERROR_FAIL, "stc monitor not initialized!");
 
        rstn_value = __rstn_lookup(g_system->rstns, key);
-       if (!rstn_value) {
-               stc_rstn_key_s *rstn_key = MALLOC0(stc_rstn_key_s, 1);
-               if (!rstn_key) {
-                       STC_LOGE("rstn_key allocation failed"); //LCOV_EXCL_LINE
-                       return STC_ERROR_OUT_OF_MEMORY; //LCOV_EXCL_LINE
-               }
-
-               rstn_value = MALLOC0(stc_rstn_value_s, 1);
-               if (!rstn_value) {
-                       STC_LOGE("rstn_value allocation failed"); //LCOV_EXCL_LINE
-                       FREE(rstn_key); //LCOV_EXCL_LINE
-                       return STC_ERROR_OUT_OF_MEMORY; //LCOV_EXCL_LINE
-               }
+       if (rstn_value)
+               __rstn_tree_remove(key);
 
 
-               rstn_key->app_id = g_strdup(key->app_id);
-               rstn_key->ifname = g_strdup(key->ifname);
-               rstn_key->subscriber_id = g_strdup(key->subscriber_id);
-               rstn_key->iftype = key->iftype;
-               rstn_key->roaming = key->roaming;
+       rstn_key = MALLOC0(stc_rstn_key_s, 1);
+       if (!rstn_key) {
+               STC_LOGE("rstn_key allocation failed"); //LCOV_EXCL_LINE
+               return STC_ERROR_OUT_OF_MEMORY; //LCOV_EXCL_LINE
+       }
 
 
-               g_tree_insert(g_system->rstns, rstn_key, rstn_value);
+       rstn_value = MALLOC0(stc_rstn_value_s, 1);
+       if (!rstn_value) {
+               STC_LOGE("rstn_value allocation failed"); //LCOV_EXCL_LINE
+               FREE(rstn_key); //LCOV_EXCL_LINE
+               return STC_ERROR_OUT_OF_MEMORY; //LCOV_EXCL_LINE
        }
 
        }
 
+       rstn_key->app_id = g_strdup(key->app_id);
+       rstn_key->ifname = g_strdup(key->ifname);
+       rstn_key->subscriber_id = g_strdup(key->subscriber_id);
+       rstn_key->iftype = key->iftype;
+       rstn_key->roaming = key->roaming;
+
+       g_tree_insert(g_system->rstns, rstn_key, rstn_value);
+
        rstn_value->restriction_id = value->restriction_id;
        rstn_value->rst_state = value->rst_state;
        rstn_value->rst_type = value->rst_type;
        rstn_value->restriction_id = value->restriction_id;
        rstn_value->rst_state = value->rst_state;
        rstn_value->rst_type = value->rst_type;
@@ -1434,7 +1451,7 @@ static gboolean __add_rstn_foreach_application(gpointer key,
                goto out;
 
        /* add restriction to system */
                goto out;
 
        /* add restriction to system */
-       if (rstn_value->rst_state == STC_RESTRICTION_EXCLUDED)
+       if (rstn_value->rst_type == STC_RSTN_TYPE_EXCLUDED)
                __process_restriction(RST_EXCLUDE, rstn_key, rstn_value, NULL);
        else
                __process_restriction(RST_SET, rstn_key, rstn_value, NULL);
                __process_restriction(RST_EXCLUDE, rstn_key, rstn_value, NULL);
        else
                __process_restriction(RST_SET, rstn_key, rstn_value, NULL);
Domain: Network & Connectivity / Data Network; Licenses: Apache-2.0;