From: Daniel Wagner Date: Tue, 12 Feb 2013 09:19:50 +0000 (+0100) Subject: iptables: Remove unused __connman_iptables_command() X-Git-Tag: 1.12~112 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=161efbae1a4d554d244c206d5cfa1342fc4220cf;hp=4ef79dcb96b08830b03ffcc52120ea843a9f3685;p=platform%2Fupstream%2Fconnman.git iptables: Remove unused __connman_iptables_command() --- diff --git a/src/connman.h b/src/connman.h index 96c3ed6..484d1e0 100644 --- a/src/connman.h +++ b/src/connman.h @@ -796,8 +796,6 @@ int __connman_iptables_delete(const char *table_name, int __connman_iptables_init(void); void __connman_iptables_cleanup(void); -int __connman_iptables_command(const char *format, ...) - __attribute__((format(printf, 1, 2))); int __connman_iptables_commit(const char *table_name); int __connman_dnsproxy_init(void); diff --git a/src/iptables.c b/src/iptables.c index 0e1eefb..e395af7 100644 --- a/src/iptables.c +++ b/src/iptables.c @@ -752,33 +752,6 @@ static struct ipt_entry *prepare_rule_inclusion(struct connman_iptables *table, return new_entry; } -static int iptables_append_rule(struct connman_iptables *table, - struct ipt_ip *ip, char *chain_name, - char *target_name, struct xtables_target *xt_t, - struct xtables_rule_match *xt_rm) -{ - GList *chain_tail; - struct ipt_entry *new_entry; - int builtin = -1, ret; - - DBG(""); - - chain_tail = find_chain_tail(table, chain_name); - if (chain_tail == NULL) - return -EINVAL; - - new_entry = prepare_rule_inclusion(table, ip, chain_name, - target_name, xt_t, &builtin, xt_rm); - if (new_entry == NULL) - return -EINVAL; - - ret = iptables_add_entry(table, new_entry, chain_tail->prev, builtin); - if (ret < 0) - g_free(new_entry); - - return ret; -} - static int iptables_insert_rule(struct connman_iptables *table, struct ipt_ip *ip, const char *chain_name, const char *target_name, @@ -1009,29 +982,6 @@ static int iptables_delete_rule(struct connman_iptables *table, return 0; } -static int iptables_compare_rule(struct connman_iptables *table, - struct ipt_ip *ip, const char *chain_name, - const char *target_name, - struct xtables_target *xt_t, - struct xtables_match *xt_m, - struct xtables_rule_match *xt_rm) -{ - struct connman_iptables_entry *entry; - GList *found; - - found = find_existing_rule(table, ip, chain_name, target_name, - xt_t, xt_m, xt_rm); - if (found == NULL) - return -EINVAL; - - entry = found->data; - if (entry == NULL) - return -EINVAL; - - return 0; -} - - static int iptables_change_policy(struct connman_iptables *table, const char *chain_name, const char *policy) { @@ -1673,418 +1623,6 @@ static void clear_tables_flags(void) } } -static int iptables_command(int argc, char *argv[]) -{ - struct connman_iptables *table; - struct xtables_rule_match *xt_rm, *tmp_xt_rm; - struct xtables_match *xt_m, *xt_m_t; - struct xtables_target *xt_t; - struct ipt_ip ip; - char *table_name, *chain, *new_chain, *match_name, *target_name; - char *flush_chain, *delete_chain, *policy; - int c, ret, in_len, out_len; - gboolean dump, invert, insert, delete, compare; - - if (argc == 0) - return -EINVAL; - - dump = FALSE; - invert = FALSE; - insert = FALSE; - delete = FALSE; - compare = FALSE; - chain = new_chain = match_name = target_name = NULL; - flush_chain = delete_chain = policy = table_name = NULL; - memset(&ip, 0, sizeof(struct ipt_ip)); - table = NULL; - xt_rm = NULL; - xt_m = NULL; - xt_t = NULL; - /* Default code for options parsing */ - ret = -EINVAL; - - clear_tables_flags(); - - /* extension's options will generate false-positives errors */ - opterr = 0; - - optind = 0; - - while ((c = getopt_long(argc, argv, - "-A:C:D:F:I:L::N:P:X:d:j:i:m:o:s:t:", - iptables_globals.opts, NULL)) != -1) { - switch (c) { - case 'A': - /* It is either -A, -C, -D or -I at once */ - if (chain) - goto out; - - chain = optarg; - break; - - case 'C': - /* It is either -A, -C, -D or -I at once */ - if (chain) - goto out; - - chain = optarg; - compare = TRUE; - break; - - case 'D': - /* It is either -A, -C, -D or -I at once */ - if (chain) - goto out; - - chain = optarg; - delete = TRUE; - break; - - case 'F': - flush_chain = optarg; - break; - - case 'I': - /* It is either -A, -C, -D or -I at once */ - if (chain) - goto out; - - chain = optarg; - insert = TRUE; - break; - - case 'L': - dump = TRUE; - break; - - case 'N': - new_chain = optarg; - break; - - case 'P': - chain = optarg; - if (optind < argc) - policy = argv[optind++]; - else - goto out; - - break; - - case 'X': - delete_chain = optarg; - break; - - case 'd': - if (!parse_ip_and_mask(optarg, &ip.dst, &ip.dmsk)) - break; - - if (invert) - ip.invflags |= IPT_INV_DSTIP; - - break; - - case 'i': - in_len = strlen(optarg); - - if (in_len + 1 > IFNAMSIZ) - break; - - strcpy(ip.iniface, optarg); - memset(ip.iniface_mask, 0xff, in_len + 1); - - if (invert) - ip.invflags |= IPT_INV_VIA_IN; - - break; - - case 'j': - target_name = optarg; - - table = pre_load_table(table_name, table); - if (table == NULL) - goto out; - - xt_t = prepare_target(table, target_name); - if (xt_t == NULL) - goto out; - - break; - - case 'm': - match_name = optarg; - - table = pre_load_table(table_name, table); - if (table == NULL) - goto out; - - xt_m = prepare_matches(table, &xt_rm, match_name); - if (xt_m == NULL) - goto out; - - break; - - case 'o': - out_len = strlen(optarg); - - if (out_len + 1 > IFNAMSIZ) - break; - - strcpy(ip.outiface, optarg); - memset(ip.outiface_mask, 0xff, out_len + 1); - - if (invert) - ip.invflags |= IPT_INV_VIA_OUT; - - break; - - case 's': - if (!parse_ip_and_mask(optarg, &ip.src, &ip.smsk)) - break; - - if (invert) - ip.invflags |= IPT_INV_SRCIP; - - break; - - case 't': - table_name = optarg; - - table = pre_load_table(table_name, table); - if (table == NULL) - goto out; - - break; - - case 1: - if (optarg[0] == '!' && optarg[1] == '\0') { - invert = TRUE; - optarg[0] = '\0'; - continue; - } - - connman_error("Invalid option"); - - goto out; - - default: -#if XTABLES_VERSION_CODE > 5 - if (xt_t != NULL && (xt_t->x6_parse != NULL || - xt_t->parse != NULL) && - (c >= (int) xt_t->option_offset && - c < (int) xt_t->option_offset + - XT_OPTION_OFFSET_SCALE)) { - xtables_option_tpcall(c, argv, - invert, xt_t, NULL); - - break; - } - - for (tmp_xt_rm = xt_rm; tmp_xt_rm != NULL; - tmp_xt_rm = tmp_xt_rm->next) { - xt_m_t = tmp_xt_rm->match; - - if (tmp_xt_rm->completed || - (xt_m_t->x6_parse == NULL && - xt_m_t->parse == NULL)) - continue; - - if (c < (int) xt_m_t->option_offset || - c >= (int) xt_m_t->option_offset - + XT_OPTION_OFFSET_SCALE) - continue; - - xtables_option_mpcall(c, argv, - invert, xt_m_t, NULL); - - break; - } -#else - if (xt_t == NULL || xt_t->parse == NULL || - !xt_t->parse(c - xt_t->option_offset, - argv, invert, &xt_t->tflags, NULL, &xt_t->t)) { - - for (tmp_xt_rm = xt_rm; tmp_xt_rm != NULL; - tmp_xt_rm = tmp_xt_rm->next) { - xt_m_t = tmp_xt_rm->match; - - if (tmp_xt_rm->completed || - xt_m_t->parse == NULL) - continue; - - if (xt_m->parse(c - xt_m->option_offset, - argv, invert, &xt_m->mflags, - NULL, &xt_m->m)) - break; - } - } -#endif - break; - } - - invert = FALSE; - } - -#if XTABLES_VERSION_CODE > 5 - for (tmp_xt_rm = xt_rm; tmp_xt_rm != NULL; - tmp_xt_rm = tmp_xt_rm->next) - xtables_option_mfcall(tmp_xt_rm->match); - - if (xt_t != NULL) - xtables_option_tfcall(xt_t); -#else - for (tmp_xt_rm = xt_rm; tmp_xt_rm != NULL; - tmp_xt_rm = tmp_xt_rm->next) - if (tmp_xt_rm->match->final_check != NULL) - tmp_xt_rm->match->final_check( - tmp_xt_rm->match->mflags); - - if (xt_t != NULL && xt_t->final_check != NULL) - xt_t->final_check(xt_t->tflags); -#endif - - table = pre_load_table(table_name, table); - if (table == NULL) - goto out; - - /* Option parsing went fine, falling back to succes code */ - ret = 0; - - if (delete_chain != NULL) { - printf("Delete chain %s\n", delete_chain); - - iptables_delete_chain(table, delete_chain); - - goto out; - } - - if (dump) { - dump_table(table); - - goto out; - } - - if (flush_chain) { - DBG("Flush chain %s", flush_chain); - - iptables_flush_chain(table, flush_chain); - - goto out; - } - - if (chain && new_chain) { - ret = -EINVAL; - goto out; - } - - if (new_chain) { - DBG("New chain %s", new_chain); - - ret = iptables_add_chain(table, new_chain); - goto out; - } - - if (chain) { - if (policy != NULL) { - printf("Changing policy of %s to %s\n", chain, policy); - - iptables_change_policy(table, chain, policy); - - goto out; - } - - if (xt_t == NULL) - goto out; - - if (compare == TRUE) { - ret = iptables_compare_rule(table, &ip, chain, - target_name, xt_t, xt_m, xt_rm); - goto out; - } - - if (delete == TRUE) { - DBG("Deleting %s to %s (match %s)\n", - target_name, chain, match_name); - - ret = iptables_delete_rule(table, &ip, chain, - target_name, xt_t, xt_m, xt_rm); - - goto out; - } - - if (insert == TRUE) { - DBG("Inserting %s to %s (match %s)", - target_name, chain, match_name); - - ret = iptables_insert_rule(table, &ip, chain, - target_name, xt_t, xt_rm); - - goto out; - } else { - DBG("Adding %s to %s (match %s)", - target_name, chain, match_name); - - ret = iptables_append_rule(table, &ip, chain, - target_name, xt_t, xt_rm); - - goto out; - } - } - -out: - if (xt_t) - g_free(xt_t->t); - - if (xt_m) - g_free(xt_m->m); - - return ret; -} - -int __connman_iptables_command(const char *format, ...) -{ - char **argv, **arguments, *command; - int argc, i, ret; - va_list args; - - if (format == NULL) - return -EINVAL; - - va_start(args, format); - - command = g_strdup_vprintf(format, args); - - va_end(args); - - if (command == NULL) - return -ENOMEM; - - arguments = g_strsplit_set(command, " ", -1); - - for (argc = 0; arguments[argc]; argc++); - ++argc; - - DBG("command %s argc %d", command, argc); - - argv = g_try_malloc0(argc * sizeof(char *)); - if (argv == NULL) { - g_free(command); - g_strfreev(arguments); - return -ENOMEM; - } - - argv[0] = "iptables"; - for (i = 1; i < argc; i++) - argv[i] = arguments[i - 1]; - - ret = iptables_command(argc, argv); - - g_free(command); - g_strfreev(arguments); - g_free(argv); - - return ret; -} - struct parse_context { int argc; char **argv; diff --git a/unit/test-iptables.c b/unit/test-iptables.c index 1e94647..e378a90 100644 --- a/unit/test-iptables.c +++ b/unit/test-iptables.c @@ -27,79 +27,6 @@ #include "../src/connman.h" -static void test_iptables_basic0(void) -{ - int err; - - err = __connman_iptables_command("-t filter -A INPUT " - "-m mark --mark 1 -j LOG"); - g_assert(err == 0); - - err = __connman_iptables_commit("filter"); - g_assert(err == 0); - - err = __connman_iptables_command("-t filter -D INPUT " - "-m mark --mark 1 -j LOG"); - g_assert(err == 0); - - err = __connman_iptables_commit("filter"); - g_assert(err == 0); -} - -static void test_iptables_basic1(void) -{ - int err; - - /* Test if we can do NAT stuff */ - - err = __connman_iptables_command("-t nat -A POSTROUTING " - "-s 10.10.1.0/24 -o eth0 -j MASQUERADE"); - - err = __connman_iptables_commit("nat"); - g_assert(err == 0); - - err = __connman_iptables_command("-t nat -D POSTROUTING " - "-s 10.10.1.0/24 -o eth0 -j MASQUERADE"); - - err = __connman_iptables_commit("nat"); - g_assert(err == 0); -} - -static void test_iptables_basic2(void) -{ - int err; - - /* Test if the right rule is removed */ - - err = __connman_iptables_command("-t filter -A INPUT " - "-m mark --mark 1 -j LOG"); - g_assert(err == 0); - - err = __connman_iptables_commit("filter"); - g_assert(err == 0); - - err = __connman_iptables_command("-t filter -A INPUT " - "-m mark --mark 2 -j LOG"); - g_assert(err == 0); - - err = __connman_iptables_commit("filter"); - g_assert(err == 0); - - err = __connman_iptables_command("-t filter -D INPUT " - "-m mark --mark 2 -j LOG"); - g_assert(err == 0); - - err = __connman_iptables_commit("filter"); - g_assert(err == 0); - - err = __connman_iptables_command("-t filter -D INPUT " - "-m mark --mark 1 -j LOG"); - g_assert(err == 0); - - err = __connman_iptables_commit("filter"); - g_assert(err == 0); -} - static void test_iptables_chain0(void) { int err; @@ -317,9 +244,6 @@ int main(int argc, char *argv[]) __connman_iptables_init(); __connman_nat_init(); - g_test_add_func("/iptables/basic0", test_iptables_basic0); - g_test_add_func("/iptables/basic1", test_iptables_basic1); - g_test_add_func("/iptables/basic2", test_iptables_basic2); g_test_add_func("/iptables/chain0", test_iptables_chain0); g_test_add_func("/iptables/chain1", test_iptables_chain1); g_test_add_func("/iptables/chain2", test_iptables_chain2);