const gchar *chain,
void *user_data);
+gboolean handle_iptables_add_list(StcRule *object,
+ GDBusMethodInvocation *invocation,
+ GVariant *rule_list,
+ void *user_data);
+
+gboolean handle_iptables_remove_list(StcRule *object,
+ GDBusMethodInvocation *invocation,
+ GVariant *rule_list,
+ void *user_data);
+
/* ip6tables */
gboolean handle_ip6tables_add_rule(StcRule *object,
GDBusMethodInvocation *invocation,
const gchar *chain,
void *user_data);
+gboolean handle_ip6tables_add_list(StcRule *object,
+ GDBusMethodInvocation *invocation,
+ GVariant *rule_list,
+ void *user_data);
+
+gboolean handle_ip6tables_remove_list(StcRule *object,
+ GDBusMethodInvocation *invocation,
+ GVariant *rule_list,
+ void *user_data);
+
#endif /* __STC_IPTABLES_UTIL_H__ */
</method>
</interface>
<interface name="net.stc.iptables.rule">
+ <method name='IptAddList'>
+ <arg type='aa{sv}' name='rule_list' direction='in'/>
+ <arg type='i' name='error_code' direction='out'/>
+ </method>
+ <method name='Ip6tAddList'>
+ <arg type='aa{sv}' name='rule_list' direction='in'/>
+ <arg type='i' name='error_code' direction='out'/>
+ </method>
<method name='IptAddRule'>
<arg type='a{sv}' name='rules' direction='in'/>
<arg type='i' name='error_code' direction='out'/>
<arg type='a{sv}' name='rules' direction='in'/>
<arg type='i' name='error_code' direction='out'/>
</method>
+ <method name='IptRemoveList'>
+ <arg type='aa{sv}' name='rule_list' direction='in'/>
+ <arg type='i' name='error_code' direction='out'/>
+ </method>
+ <method name='Ip6tRemoveList'>
+ <arg type='aa{sv}' name='rule_list' direction='in'/>
+ <arg type='i' name='error_code' direction='out'/>
+ </method>
<method name='Ip6tAddRule'>
<arg type='a{sv}' name='rules' direction='in'/>
<arg type='i' name='error_code' direction='out'/>
return STC_ERROR_NONE;
}
+int ip6tables_add_rule_list(GSList *rule_list)
+{
+ GSList *list;
+ ip6t_handle_t *handle;
+
+ handle = ip6tc_init(IP6TC_TABLE);
+ if (handle == NULL) {
+ STC_LOGE("ip6tc_init failed [%s]", ip6tc_strerror(errno));
+ return STC_ERROR_OPERATION_FAILED;
+ }
+
+ for (list = rule_list; list; list = list->next) {
+ ip6tables_rule_s *rule = list->data;
+ const char *chain = rule->chain;
+ unsigned char entry[SIZE_TOTAL] = {0, };
+ unsigned char mask[SIZE_TOTAL] = {0, };
+
+ if (!ip6tc_is_chain(chain, handle)) {
+ STC_LOGE("chain not present [%s]", ip6tc_strerror(errno));
+ continue;
+ }
+
+ if (__create_entry_data(entry, mask, rule) != 0) {
+ STC_LOGE("Failed to create entry");
+ continue;
+ }
+
+ if (ip6tc_check_entry(chain, (const ip6t_entry_t *)entry, mask, handle)) {
+ STC_LOGD("Entry already present");
+ continue;
+ }
+
+ if (!ip6tc_append_entry(chain, (const ip6t_entry_t *)entry, handle)) {
+ STC_LOGE("ip6tc_append_entry failed [%s]", ip6tc_strerror(errno));
+ continue;
+ }
+
+ STC_LOGD("Append entry [%s : %s]", rule->chain, rule->nfacct_name);
+ }
+
+ if (!ip6tc_commit(handle)) {
+ STC_LOGE("Failed to ip6tc_commit [%s]", ip6tc_strerror(errno));
+ ip6tc_free(handle);
+ return STC_ERROR_OPERATION_FAILED;
+ }
+
+ STC_LOGI("Successed to add rule list");
+ ip6tc_free(handle);
+ return STC_ERROR_NONE;
+}
+
+
int ip6tables_insert_rule(ip6tables_rule_s *rule)
{
ip6t_handle_t *handle;
return STC_ERROR_NONE;
}
+int ip6tables_remove_rule_list(GSList *rule_list)
+{
+ GSList *list;
+ ip6t_handle_t *handle;
+
+ handle = ip6tc_init(IP6TC_TABLE);
+ if (handle == NULL) {
+ STC_LOGE("ip6tc_init failed [%s]", ip6tc_strerror(errno));
+ return STC_ERROR_OPERATION_FAILED;
+ }
+
+ for (list = rule_list; list; list = list->next) {
+ ip6tables_rule_s *rule = list->data;
+ const char *chain = rule->chain;
+ unsigned char entry[SIZE_TOTAL] = {0, };
+ unsigned char mask[SIZE_TOTAL] = {0, };
+
+ if (!ip6tc_is_chain(chain, handle)) {
+ STC_LOGE("chain not present [%s]", ip6tc_strerror(errno));
+ continue;
+ }
+
+ if (__create_entry_data(entry, mask, rule) != 0) {
+ STC_LOGE("Failed to create entry");
+ continue;
+ }
+
+ if (!ip6tc_delete_entry(chain, (const ip6t_entry_t *)entry, mask, handle)) {
+ STC_LOGE("ip6tc_append_entry failed [%s]", ip6tc_strerror(errno));
+ continue;
+ }
+
+ STC_LOGD("Append entry [%s : %s]", rule->chain, rule->nfacct_name);
+ }
+
+ if (!ip6tc_commit(handle)) {
+ STC_LOGE("Failed to ip6tc_commit [%s]", ip6tc_strerror(errno));
+ ip6tc_free(handle);
+ return STC_ERROR_OPERATION_FAILED;
+ }
+
+ STC_LOGI("Successed to remove rule list");
+ ip6tc_free(handle);
+ return STC_ERROR_NONE;
+}
+
int ip6tables_add_chain(const char *chain)
{
ip6t_handle_t *handle;
* @return 0 on success and negative value if error.
*/
int ip6tables_add_rule(ip6tables_rule_s *rule);
+int ip6tables_add_rule_list(GSList *rule_list);;
/**
* @desc This function inserts a new ip6tables rule.
* @return 0 on success and negative value if error.
*/
int ip6tables_remove_rule(ip6tables_rule_s *rule);
+int ip6tables_remove_rule_list(GSList *rule_list);
/**
* @desc This function adds a new ip6tables chain.
return STC_ERROR_NONE;
}
+int iptables_add_rule_list(GSList *rule_list)
+{
+ GSList *list;
+ ipt_handle_t *handle;
+
+ handle = iptc_init(IPTC_TABLE);
+ if (handle == NULL) {
+ STC_LOGE("iptc_init failed [%s]", iptc_strerror(errno));
+ return STC_ERROR_OPERATION_FAILED;
+ }
+
+ for (list = rule_list; list; list = list->next) {
+ iptables_rule_s *rule = list->data;
+ const char *chain = rule->chain;
+ unsigned char entry[SIZE_TOTAL] = {0, };
+ unsigned char mask[SIZE_TOTAL] = {0, };
+
+ if (!iptc_is_chain(chain, handle)) {
+ STC_LOGE("chain not present [%s]", iptc_strerror(errno));
+ continue;
+ }
+
+ if (__create_entry_data(entry, mask, rule) != 0) {
+ STC_LOGE("Failed to create entry");
+ continue;
+ }
+
+ if (iptc_check_entry(chain, (const ipt_entry_t *)entry, mask, handle)) {
+ STC_LOGD("Entry already present");
+ continue;
+ }
+
+ if (!iptc_append_entry(chain, (const ipt_entry_t *)entry, handle)) {
+ STC_LOGE("iptc_append_entry failed [%s]", iptc_strerror(errno));
+ continue;
+ }
+
+ STC_LOGD("Append entry [%s : %s]", rule->chain, rule->nfacct_name);
+ }
+
+ if (!iptc_commit(handle)) {
+ STC_LOGE("Failed to iptc_commit [%s]", iptc_strerror(errno));
+ iptc_free(handle);
+ return STC_ERROR_OPERATION_FAILED;
+ }
+
+ STC_LOGI("Successed to add rule list");
+ iptc_free(handle);
+ return STC_ERROR_NONE;
+}
+
int iptables_insert_rule(iptables_rule_s *rule)
{
ipt_handle_t *handle;
return STC_ERROR_NONE;
}
+int iptables_remove_rule_list(GSList *rule_list)
+{
+ GSList *list;
+ ipt_handle_t *handle;
+
+ handle = iptc_init(IPTC_TABLE);
+ if (handle == NULL) {
+ STC_LOGE("iptc_init failed [%s]", iptc_strerror(errno));
+ return STC_ERROR_OPERATION_FAILED;
+ }
+
+ for (list = rule_list; list; list = list->next) {
+ iptables_rule_s *rule = list->data;
+ const char *chain = rule->chain;
+ unsigned char entry[SIZE_TOTAL] = {0, };
+ unsigned char mask[SIZE_TOTAL] = {0, };
+
+ if (!iptc_is_chain(chain, handle)) {
+ STC_LOGE("chain not present [%s]", iptc_strerror(errno));
+ continue;
+ }
+
+ if (__create_entry_data(entry, mask, rule) != 0) {
+ STC_LOGE("Failed to create entry");
+ continue;
+ }
+
+ if (!iptc_delete_entry(chain, (const ipt_entry_t *)entry, mask, handle)) {
+ STC_LOGE("iptc_delete_entry failed [%s]", iptc_strerror(errno));
+ continue;
+ }
+
+ STC_LOGD("Delete entry [%s : %s]", rule->chain, rule->nfacct_name);
+ }
+
+ if (!iptc_commit(handle)) {
+ STC_LOGE("Failed to iptc_commit [%s]", iptc_strerror(errno));
+ iptc_free(handle);
+ return STC_ERROR_OPERATION_FAILED;
+ }
+
+ STC_LOGI("Successed to remove rule list");
+ iptc_free(handle);
+ return STC_ERROR_NONE;
+}
+
int iptables_add_chain(const char *chain)
{
ipt_handle_t *handle;
* @return 0 on success and negative value if error.
*/
int iptables_add_rule(iptables_rule_s *rule);
+int iptables_add_rule_list(GSList *rule_list);
/**
* @desc This function inserts a new iptables rule.
* @return 0 on success and negative value if error.
*/
int iptables_remove_rule(iptables_rule_s *rule);
+int iptables_remove_rule_list(GSList *rule_list);
/**
* @desc This function adds a new iptables chain.
G_CALLBACK(handle_iptables_remove_rule),
stc_iptables);
+ g_signal_connect(rule, "handle-ipt-add-list",
+ G_CALLBACK(handle_iptables_add_list),
+ stc_iptables);
+
+ g_signal_connect(rule, "handle-ipt-remove-list",
+ G_CALLBACK(handle_iptables_remove_list),
+ stc_iptables);
+
g_signal_connect(rule, "handle-ip6t-add-rule",
G_CALLBACK(handle_ip6tables_add_rule),
stc_iptables);
G_CALLBACK(handle_ip6tables_remove_rule),
stc_iptables);
+ g_signal_connect(rule, "handle-ip6t-add-list",
+ G_CALLBACK(handle_ip6tables_add_list),
+ stc_iptables);
+
+ g_signal_connect(rule, "handle-ip6t-remove-list",
+ G_CALLBACK(handle_ip6tables_remove_list),
+ stc_iptables);
+
g_dbus_object_manager_server_export(stc_iptables->obj_mgr,
G_DBUS_OBJECT_SKELETON(object));
g_object_unref(object);
}
}
-static void __free_rule(iptables_rule_s *rule)
+static void __free_rule(gpointer data)
{
+ iptables_rule_s *rule = (iptables_rule_s *)data;
+
FREE(rule->chain);
FREE(rule->ifname);
FREE(rule->nfacct_name);
FREE(rule);
}
-static void __free_6_rule(ip6tables_rule_s *rule)
+static void __free_6_rule(gpointer data)
{
+ ip6tables_rule_s *rule = (ip6tables_rule_s *)data;
+
FREE(rule->chain);
FREE(rule->ifname);
FREE(rule->nfacct_name);
return TRUE;
}
+gboolean handle_iptables_add_list(StcRule *object,
+ GDBusMethodInvocation *invocation,
+ GVariant *rule_list,
+ void *user_data)
+{
+ __LOG_FUNC_ENTER__;
+ GVariantIter *iter = NULL;
+ GVariantIter *iter_row = NULL;
+ stc_error_e ret = STC_ERROR_NONE;
+ GSList *iptables_list = NULL;
+ GVariant *return_parameters = NULL;
+ struct timespec start, end;
+ time_t sec;
+ long int nsec;
+
+ stc_set_keep_alive(TRUE);
+
+ clock_gettime(CLOCK_MONOTONIC, &start);
+
+ g_variant_get(rule_list, "aa{sv}", &iter);
+ while (g_variant_iter_next(iter, "a{sv}", &iter_row)) {
+ iptables_rule_s *rule = MALLOC0(iptables_rule_s, 1);
+ if (rule != NULL) {
+ stc_iptables_gdbus_dict_foreach(iter_row,
+ __stc_extract_rule,
+ rule);
+
+ iptables_list = g_slist_append(iptables_list, rule);
+ }
+ g_variant_iter_free(iter_row);
+ }
+ g_variant_iter_free(iter);
+
+ ret = iptables_add_rule_list(iptables_list);
+
+ g_slist_free_full(iptables_list, __free_rule);
+
+ clock_gettime(CLOCK_MONOTONIC, &end);
+
+ sec = end.tv_sec - start.tv_sec;
+ nsec = end.tv_nsec - start.tv_nsec;
+ if (nsec < 0)
+ nsec += 1000000000;
+
+ STC_LOGD("%s to add list [%3ld.%09ld]s",
+ ret == STC_ERROR_NONE ? "Successed" : "Failed", sec, nsec);
+
+ return_parameters = g_variant_new("(i)", ret);
+
+ STC_DEBUG_GDBUS_VARIANT("Return parameters: ", return_parameters);
+ STC_IPTABLES_DBUS_REPLY(invocation, return_parameters);
+
+ __LOG_FUNC_EXIT__;
+ return TRUE;
+}
+
+gboolean handle_iptables_remove_list(StcRule *object,
+ GDBusMethodInvocation *invocation,
+ GVariant *rule_list,
+ void *user_data)
+{
+ __LOG_FUNC_ENTER__;
+ GVariantIter *iter = NULL;
+ GVariantIter *iter_row = NULL;
+ stc_error_e ret = STC_ERROR_NONE;
+ GSList *iptables_list = NULL;
+ GVariant *return_parameters = NULL;
+ struct timespec start, end;
+ time_t sec;
+ long int nsec;
+
+ stc_set_keep_alive(TRUE);
+
+ clock_gettime(CLOCK_MONOTONIC, &start);
+
+ return_parameters = g_variant_new("(i)", STC_ERROR_NONE);
+
+ g_variant_get(rule_list, "aa{sv}", &iter);
+ while (g_variant_iter_next(iter, "a{sv}", &iter_row)) {
+ iptables_rule_s *rule = MALLOC0(iptables_rule_s, 1);
+ if (rule != NULL) {
+ stc_iptables_gdbus_dict_foreach(iter_row,
+ __stc_extract_rule,
+ rule);
+
+ iptables_list = g_slist_append(iptables_list, rule);
+ }
+ g_variant_iter_free(iter_row);
+ }
+ g_variant_iter_free(iter);
+
+ ret = iptables_remove_rule_list(iptables_list);
+
+ g_slist_free_full(iptables_list, __free_rule);
+
+ clock_gettime(CLOCK_MONOTONIC, &end);
+
+ sec = end.tv_sec - start.tv_sec;
+ nsec = end.tv_nsec - start.tv_nsec;
+ if (nsec < 0)
+ nsec += 1000000000;
+
+ STC_LOGD("%s to remove list [%3ld.%09ld]s",
+ ret == STC_ERROR_NONE ? "Successed" : "Failed", sec, nsec);
+
+ return_parameters = g_variant_new("(i)", ret);
+
+ STC_DEBUG_GDBUS_VARIANT("Return parameters: ", return_parameters);
+ STC_IPTABLES_DBUS_REPLY(invocation, return_parameters);
+
+ __LOG_FUNC_EXIT__;
+ return TRUE;
+}
+
gboolean handle_ip6tables_add_rule(StcRule *object,
GDBusMethodInvocation *invocation,
GVariant *rules,
__LOG_FUNC_EXIT__;
return TRUE;
}
+
+gboolean handle_ip6tables_add_list(StcRule *object,
+ GDBusMethodInvocation *invocation,
+ GVariant *rule_list,
+ void *user_data)
+{
+ __LOG_FUNC_ENTER__;
+ GVariantIter *iter = NULL;
+ GVariantIter *iter_row = NULL;
+ stc_error_e ret = STC_ERROR_NONE;
+ GSList *iptables_list = NULL;
+ GVariant *return_parameters = NULL;
+ struct timespec start, end;
+ time_t sec;
+ long int nsec;
+
+ stc_set_keep_alive(TRUE);
+
+ clock_gettime(CLOCK_MONOTONIC, &start);
+
+ g_variant_get(rule_list, "aa{sv}", &iter);
+ while (g_variant_iter_next(iter, "a{sv}", &iter_row)) {
+ ip6tables_rule_s *rule = MALLOC0(ip6tables_rule_s, 1);
+ if (rule != NULL) {
+ stc_iptables_gdbus_dict_foreach(iter_row,
+ __stc_extract_6_rule,
+ rule);
+
+ iptables_list = g_slist_append(iptables_list, rule);
+ }
+ g_variant_iter_free(iter_row);
+ }
+ g_variant_iter_free(iter);
+
+ clock_gettime(CLOCK_MONOTONIC, &end);
+
+ ret = ip6tables_add_rule_list(iptables_list);
+
+ g_slist_free_full(iptables_list, __free_6_rule);
+
+ sec = end.tv_sec - start.tv_sec;
+ nsec = end.tv_nsec - start.tv_nsec;
+ if (nsec < 0)
+ nsec += 1000000000;
+
+ STC_LOGD("%s to add list [%3ld.%09ld]s",
+ ret == STC_ERROR_NONE ? "Successed" : "Failed", sec, nsec);
+
+ return_parameters = g_variant_new("(i)", ret);
+
+ STC_DEBUG_GDBUS_VARIANT("Return parameters: ", return_parameters);
+ STC_IPTABLES_DBUS_REPLY(invocation, return_parameters);
+
+ __LOG_FUNC_EXIT__;
+ return TRUE;
+}
+
+gboolean handle_ip6tables_remove_list(StcRule *object,
+ GDBusMethodInvocation *invocation,
+ GVariant *rule_list,
+ void *user_data)
+{
+ __LOG_FUNC_ENTER__;
+ GVariantIter *iter = NULL;
+ GVariantIter *iter_row = NULL;
+ stc_error_e ret = STC_ERROR_NONE;
+ GSList *iptables_list = NULL;
+ GVariant *return_parameters = NULL;
+ struct timespec start, end;
+ time_t sec;
+ long int nsec;
+
+ stc_set_keep_alive(TRUE);
+
+ clock_gettime(CLOCK_MONOTONIC, &start);
+
+ g_variant_get(rule_list, "aa{sv}", &iter);
+ while (g_variant_iter_next(iter, "a{sv}", &iter_row)) {
+ ip6tables_rule_s *rule = MALLOC0(ip6tables_rule_s, 1);
+ if (rule != NULL) {
+ stc_iptables_gdbus_dict_foreach(iter_row,
+ __stc_extract_6_rule,
+ rule);
+
+ iptables_list = g_slist_append(iptables_list, rule);
+ }
+ g_variant_iter_free(iter_row);
+ }
+ g_variant_iter_free(iter);
+
+ ret = ip6tables_remove_rule_list(iptables_list);
+
+ g_slist_free_full(iptables_list, __free_6_rule);
+
+ clock_gettime(CLOCK_MONOTONIC, &end);
+
+ sec = end.tv_sec - start.tv_sec;
+ nsec = end.tv_nsec - start.tv_nsec;
+ if (nsec < 0)
+ nsec += 1000000000;
+
+ STC_LOGD("%s to add list [%3ld.%09ld]s",
+ ret == STC_ERROR_NONE ? "Successed" : "Failed", sec, nsec);
+
+ return_parameters = g_variant_new("(i)", STC_ERROR_NONE);
+
+ STC_DEBUG_GDBUS_VARIANT("Return parameters: ", return_parameters);
+ STC_IPTABLES_DBUS_REPLY(invocation, return_parameters);
+
+ __LOG_FUNC_EXIT__;
+ return TRUE;
+}