projects / platform / core / connectivity / stc-iptables.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: bfde176)
Added revision while adding entry match 61/185261/1 accepted/tizen/unified/20180801.144901 submit/tizen/20180727.073401 submit/tizen/20180731.041744
authorhyunuktak <hyunuk.tak@samsung.com>
Fri, 27 Jul 2018 05:59:16 +0000 (14:59 +0900)
committerhyunuktak <hyunuk.tak@samsung.com>
Fri, 27 Jul 2018 05:59:26 +0000 (14:59 +0900)
Change-Id: Ifac57182e3c61c3fed7798953bc4587cc4ba3617
Signed-off-by: hyunuktak <hyunuk.tak@samsung.com>
packaging/stc-iptables.spec patch | blob | history
src/helper/helper-ip6tables.c patch | blob | history
src/helper/helper-iptables.c patch | blob | history

diff --git a/packaging/stc-iptables.spec b/packaging/stc-iptables.spec
index 3077763..16c1f2e 100644 (file)
--- a/packaging/stc-iptables.spec
+++ b/packaging/stc-iptables.spec
@@ -1,6 +1,6 @@
 Name:       stc-iptables
 Summary:    STC(Smart Traffic Control) iptables
-Version:    0.0.17
+Version:    0.0.18
 Release:    0
 Group:      Network & Connectivity/Other
 License:    GPL-2.0 and Apache-2.0
diff --git a/src/helper/helper-ip6tables.c b/src/helper/helper-ip6tables.c
index 638c427..d458783 100755 (executable)
--- a/src/helper/helper-ip6tables.c
+++ b/src/helper/helper-ip6tables.c
@@ -21,9 +21,10 @@
 #include <arpa/inet.h>
 #include <xtables.h>
 
+#include <linux/netfilter.h>
 #include <linux/netfilter/xt_cgroup.h>
 #include <linux/netfilter/xt_nfacct.h>
-//#include <linux/netfilter/xt_iprange.h>
+#include <linux/netfilter/xt_iprange.h>
 #include <linux/netfilter/xt_NFLOG.h>
 #include <linux/netfilter_ipv6/ip6t_LOG.h>
 
@@ -66,16 +67,16 @@ typedef struct xt_nflog_info         ip6t_nflog_info_t;
 #define SIZE_UDP_MATCH IP6T_ALIGN(sizeof(ip6t_entry_match_t)) + IP6T_ALIGN(sizeof(ip6t_udp_info_t))
 #define SIZE_CGROUP_MATCH IP6T_ALIGN(sizeof(ip6t_entry_match_t)) + IP6T_ALIGN(sizeof(ip6t_cgroup_info_t))
 #define SIZE_NFACCT_MATCH IP6T_ALIGN(sizeof(ip6t_entry_match_t)) + IP6T_ALIGN(sizeof(ip6t_nfacct_info_t))
-//#define SIZE_IPRANGE_MATCH IP6T_ALIGN(sizeof(ip6t_entry_match_t)) + IP6T_ALIGN(sizeof(ip6t_iprange_info_t))
+#define SIZE_IPRANGE_MATCH IP6T_ALIGN(sizeof(ip6t_entry_match_t)) + IP6T_ALIGN(sizeof(ip6t_iprange_info_t))
 #define SIZE_TARGET IP6T_ALIGN(sizeof(ip6t_entry_target_t)) + IP6T_ALIGN(sizeof(int))
 #define SIZE_TARGET_LOG IP6T_ALIGN(sizeof(ip6t_log_info_t))
 #define SIZE_TARGET_NFLOG IP6T_ALIGN(sizeof(ip6t_nflog_info_t))
 #define SIZE_TOTAL SIZE_ENTRY + SIZE_TCP_MATCH + SIZE_UDP_MATCH + SIZE_CGROUP_MATCH \
-                                       + SIZE_NFACCT_MATCH + SIZE_TARGET \
+                                       + SIZE_NFACCT_MATCH + SIZE_IPRANGE_MATCH + SIZE_TARGET \
                                        + SIZE_TARGET_LOG + SIZE_TARGET_NFLOG
-//                                     + SIZE_NFACCT_MATCH + SIZE_IPRANGE_MATCH + SIZE_TARGET
 
-static unsigned int __add_match(const char *name, ip6t_entry_match_t *start, size_t size, void *data)
+static unsigned int __add_match(const char *name, ip6t_entry_match_t *start,
+                                                                               int revision, size_t size, void *data)
 {
        ip6t_entry_match_t *match = start;
 
@@ -83,6 +84,7 @@ static unsigned int __add_match(const char *name, ip6t_entry_match_t *start, siz
 
        g_strlcpy(match->u.user.name, name, XT_EXTENSION_MAXNAMELEN);
        memcpy(match->data, data, size);
+       match->u.user.revision = revision;
 
        return match->u.match_size;
 }
@@ -99,6 +101,45 @@ static unsigned int __add_target(const char *name, ip6t_entry_target_t *start, s
        return target->u.target_size;
 }
 
+static unsigned int __add_iprange_match(ip6tables_ip_type_e sip_type,
+               struct in6_addr sip1, struct in6_addr sip2, ip6tables_ip_type_e dip_type,
+               struct in6_addr dip1, struct in6_addr dip2, ip6t_entry_match_t *start)
+{
+       ip6t_iprange_info_t iprange;
+       memset(&iprange, 0, sizeof(ip6t_iprange_info_t));
+
+       /* iprange => "--src-range " */
+       if (sip_type == IP6TABLES_IP_RANGE) {
+               memcpy(&(iprange.src_min.in6), &sip1, sizeof(struct in6_addr));
+               memcpy(&(iprange.src_max.in6), &sip2, sizeof(struct in6_addr));
+               iprange.flags |= IPRANGE_SRC;
+       }
+
+       /* iprange => "--dst-range " */
+       if (dip_type == IP6TABLES_IP_RANGE) {
+               memcpy(&(iprange.dst_min.in6), &dip1, sizeof(struct in6_addr));
+               memcpy(&(iprange.dst_max.in6), &dip2, sizeof(struct in6_addr));
+               iprange.flags |= IPRANGE_DST;
+       }
+
+       /* match_iprange => "-m iprange" */
+       return __add_match(IP6TC_IPRANGE, start, 1, sizeof(ip6t_iprange_info_t), &iprange);
+}
+
+static void __add_iprange(unsigned char *entry, unsigned int *size_mask,
+               unsigned int *size_match, ip6tables_rule_s *rule)
+{
+       ip6t_entry_t *e = (ip6t_entry_t *)(entry);
+
+       (*size_match) += __add_iprange_match(rule->s_ip_type,
+               rule->s_ip1, rule->s_ip2, rule->d_ip_type, rule->d_ip1,
+               rule->d_ip2, (ip6t_entry_match_t *)(e->elems + (*size_match)));
+
+       (*size_mask) += sizeof(ip6t_entry_match_t);
+       e->target_offset += SIZE_IPRANGE_MATCH;
+       e->next_offset += SIZE_IPRANGE_MATCH;
+}
+
 static unsigned int __add_port_match(ip6tables_protocol_type_e prot_type,
                ip6tables_port_type_e sport_type, unsigned short sport1, unsigned short sport2,
                ip6tables_port_type_e dport_type, unsigned short dport1, unsigned short dport2,
@@ -137,7 +178,7 @@ static unsigned int __add_port_match(ip6tables_protocol_type_e prot_type,
                        default:
                                break;
                        }
-                       return __add_match(IP6TC_TCP, start, sizeof(ip6t_tcp_info_t), &tcp);
+                       return __add_match(IP6TC_TCP, start, 0, sizeof(ip6t_tcp_info_t), &tcp);
                }
        case IP6TABLES_PROTOCOL_UDP:
                {
@@ -171,7 +212,7 @@ static unsigned int __add_port_match(ip6tables_protocol_type_e prot_type,
                        default:
                                break;
                        }
-                       return __add_match(IP6TC_UDP, start, sizeof(ip6t_udp_info_t), &udp);
+                       return __add_match(IP6TC_UDP, start, 0, sizeof(ip6t_udp_info_t), &udp);
                }
        default:
                break;
@@ -208,7 +249,7 @@ static unsigned int __add_cgroup_match(unsigned int classid, ip6t_entry_match_t
        memset(&cgroup, 0, sizeof(ip6t_cgroup_info_t));
        cgroup.id = classid;
        /* match_cgroup => "-m cgroup" */
-       return __add_match(IP6TC_CGROUP, start, sizeof(ip6t_cgroup_info_t), &cgroup);
+       return __add_match(IP6TC_CGROUP, start, 0, sizeof(ip6t_cgroup_info_t), &cgroup);
 }
 
 static unsigned int __add_nfacct_match(const char *nfacct_name, ip6t_entry_match_t *start)
@@ -218,7 +259,7 @@ static unsigned int __add_nfacct_match(const char *nfacct_name, ip6t_entry_match
        memset(&nfacct, 0, sizeof(ip6t_nfacct_info_t));
        g_strlcpy(nfacct.name, nfacct_name, NFACCT_NAME_MAX);
        /* match_nfacct => "-m nfacct" */
-       return __add_match(IP6TC_NFACCT, start, sizeof(ip6t_nfacct_info_t), &nfacct);
+       return __add_match(IP6TC_NFACCT, start, 0, sizeof(ip6t_nfacct_info_t), &nfacct);
 }
 
 static unsigned int __add_log_target(unsigned char level, const char *prefix,
@@ -333,6 +374,10 @@ static int __create_entry_data(unsigned char *entry, unsigned char *mask,
                break;
        }
 
+       if (rule->s_ip_type == IP6TABLES_IP_RANGE ||
+               rule->d_ip_type == IP6TABLES_IP_RANGE)
+               __add_iprange(entry, &size_mask, &size_match, rule);
+
        /* -p tcp */
        switch (rule->protocol) {
        case IP6TABLES_PROTOCOL_TCP:
diff --git a/src/helper/helper-iptables.c b/src/helper/helper-iptables.c
index 5e43327..2f564dc 100755 (executable)
--- a/src/helper/helper-iptables.c
+++ b/src/helper/helper-iptables.c
@@ -74,7 +74,8 @@ typedef struct xt_nflog_info         ipt_nflog_info_t;
                                        + SIZE_NFACCT_MATCH + SIZE_IPRANGE_MATCH + SIZE_TARGET \
                                        + SIZE_TARGET_LOG + SIZE_TARGET_NFLOG
 
-static unsigned int __add_match(const char *name, ipt_entry_match_t *start, size_t size, void *data)
+static unsigned int __add_match(const char *name, ipt_entry_match_t *start,
+                                                                               int revision, size_t size, void *data)
 {
        ipt_entry_match_t *match = start;
 
@@ -82,6 +83,7 @@ static unsigned int __add_match(const char *name, ipt_entry_match_t *start, size
 
        g_strlcpy(match->u.user.name, name, XT_EXTENSION_MAXNAMELEN);
        memcpy(match->data, data, size);
+       match->u.user.revision = revision;
 
        return match->u.match_size;
 }
@@ -107,20 +109,20 @@ static unsigned int __add_iprange_match(iptables_ip_type_e sip_type,
 
        /* iprange => "--src-range " */
        if (sip_type == IPTABLES_IP_RANGE) {
-               iprange.src_min.in.s_addr = sip1.s_addr;
-               iprange.src_max.in.s_addr = sip2.s_addr;
+               memcpy(&(iprange.src_min.in), &sip1, sizeof(struct in_addr));
+               memcpy(&(iprange.src_max.in), &sip2, sizeof(struct in_addr));
                iprange.flags |= IPRANGE_SRC;
        }
 
        /* iprange => "--dst-range " */
        if (dip_type == IPTABLES_IP_RANGE) {
-               iprange.dst_min.in.s_addr = dip1.s_addr;
-               iprange.dst_max.in.s_addr = dip2.s_addr;
+               memcpy(&(iprange.dst_min.in), &dip1, sizeof(struct in_addr));
+               memcpy(&(iprange.dst_max.in), &dip2, sizeof(struct in_addr));
                iprange.flags |= IPRANGE_DST;
        }
 
        /* match_iprange => "-m iprange" */
-       return __add_match(IPTC_IPRANGE, start, sizeof(ipt_iprange_info_t), &iprange);
+       return __add_match(IPTC_IPRANGE, start, 1, sizeof(ipt_iprange_info_t), &iprange);
 }
 
 static void __add_iprange(unsigned char *entry, unsigned int *size_mask,
@@ -175,7 +177,7 @@ static unsigned int __add_port_match(iptables_protocol_type_e prot_type,
                        default:
                                break;
                        }
-                       return __add_match(IPTC_TCP, start, sizeof(ipt_tcp_info_t), &tcp);
+                       return __add_match(IPTC_TCP, start, 0, sizeof(ipt_tcp_info_t), &tcp);
                }
        case IPTABLES_PROTOCOL_UDP:
                {
@@ -209,7 +211,7 @@ static unsigned int __add_port_match(iptables_protocol_type_e prot_type,
                        default:
                                break;
                        }
-                       return __add_match(IPTC_UDP, start, sizeof(ipt_udp_info_t), &udp);
+                       return __add_match(IPTC_UDP, start, 0, sizeof(ipt_udp_info_t), &udp);
                }
        default:
                break;
@@ -246,7 +248,7 @@ static unsigned int __add_cgroup_match(unsigned int classid, ipt_entry_match_t *
        memset(&cgroup, 0, sizeof(ipt_cgroup_info_t));
        cgroup.id = classid;
        /* match_cgroup => "-m cgroup" */
-       return __add_match(IPTC_CGROUP, start, sizeof(ipt_cgroup_info_t), &cgroup);
+       return __add_match(IPTC_CGROUP, start, 0, sizeof(ipt_cgroup_info_t), &cgroup);
 }
 
 static unsigned int __add_nfacct_match(const char *nfacct_name, ipt_entry_match_t *start)
@@ -256,7 +258,7 @@ static unsigned int __add_nfacct_match(const char *nfacct_name, ipt_entry_match_
        memset(&nfacct, 0, sizeof(ipt_nfacct_info_t));
        g_strlcpy(nfacct.name, nfacct_name, NFACCT_NAME_MAX);
        /* match_nfacct => "-m nfacct" */
-       return __add_match(IPTC_NFACCT, start, sizeof(ipt_nfacct_info_t), &nfacct);
+       return __add_match(IPTC_NFACCT, start, 0, sizeof(ipt_nfacct_info_t), &nfacct);
 }
 
 static unsigned int __add_log_target(unsigned char level, const char *prefix,
Domain: Network & Connectivity / Data Network;