From: hyunuktak Date: Tue, 19 Mar 2019 07:19:29 +0000 (+0900) Subject: Change to operate in on-demand mode X-Git-Tag: submit/tizen/20190509.073354^0 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=bc6d0af014e33bb1ef35eb60ee20e1c478521f50;p=platform%2Fcore%2Fconnectivity%2Fstc-iptables.git Change to operate in on-demand mode Change-Id: I4005e4e7c98d234413659dfbebd8ab6077e7d296 Signed-off-by: hyunuktak --- diff --git a/include/stc-iptables.h b/include/stc-iptables.h index b2ce018..8bc2e16 100755 --- a/include/stc-iptables.h +++ b/include/stc-iptables.h @@ -25,6 +25,8 @@ typedef struct { GMainLoop *main_loop; + guint timer; + gboolean keep_alive; gpointer manager_obj; gpointer rule_obj; @@ -37,5 +39,6 @@ typedef struct { stc_iptables_s *stc_get_iptables(void); void stc_stop_iptables(void); +void stc_set_keep_alive(gboolean keep_alive); #endif /* __STC_IPTABLES_H__ */ diff --git a/packaging/stc-iptables.spec b/packaging/stc-iptables.spec index eff0815..85cb17f 100644 --- a/packaging/stc-iptables.spec +++ b/packaging/stc-iptables.spec @@ -62,6 +62,9 @@ ln -s ../stc-iptables.service %{buildroot}%{_libdir}/systemd/system/multi-user.t mkdir -p %{buildroot}%{_sysconfdir}/dbus-1/system.d cp resources/dbus/stc-iptables.conf %{buildroot}%{_sysconfdir}/dbus-1/system.d/stc-iptables.conf +mkdir -p %{buildroot}%{_datadir}/dbus-1/system-services/ +cp resources/dbus/net.stc-iptables.service %{buildroot}%{_datadir}/dbus-1/system-services/net.stc-iptables.service + %post #Logs mkdir -p /opt/usr/data/network @@ -83,6 +86,8 @@ chown network_fw:network_fw /opt/usr/data/network #DBus DAC %attr(644,root,root) %{_sysconfdir}/dbus-1/system.d/stc-iptables.conf +%attr(644,root,root) %{_datadir}/dbus-1/system-services/net.stc-iptables.service + #Test %{_bindir}/stc_ipt_test %attr(755,root,root) %{_bindir}/stc_ipt_test diff --git a/resources/dbus/net.stc-iptables.service b/resources/dbus/net.stc-iptables.service new file mode 100755 index 0000000..c5e1b46 --- /dev/null +++ b/resources/dbus/net.stc-iptables.service @@ -0,0 +1,6 @@ +[D-BUS Service] +Name=net.stc.iptables +Exec=/bin/false +User=network_fw +Group=network_fw +SystemdService=stc-iptables.service diff --git a/resources/dbus/stc-iptables.conf b/resources/dbus/stc-iptables.conf index fc035a0..bfaf82c 100755 --- a/resources/dbus/stc-iptables.conf +++ b/resources/dbus/stc-iptables.conf @@ -4,10 +4,12 @@ + + diff --git a/resources/systemd/stc-iptables.service b/resources/systemd/stc-iptables.service index 44046d9..6507ce0 100755 --- a/resources/systemd/stc-iptables.service +++ b/resources/systemd/stc-iptables.service @@ -5,14 +5,14 @@ Before=stc-manager.service After=dbus.socket [Service] -Type=forking +Type=dbus +BusName=net.stc.iptables User=network_fw Group=network_fw SmackProcessLabel=System ExecStart=/usr/bin/stc-iptables Capabilities=cap_net_bind_service,cap_net_raw,cap_net_admin=i SecureBits=keep-caps -Restart=always [Install] WantedBy=multi-user.target diff --git a/src/stc-iptables-util.c b/src/stc-iptables-util.c index 8d57f4b..7bb99e2 100755 --- a/src/stc-iptables-util.c +++ b/src/stc-iptables-util.c @@ -436,6 +436,7 @@ gboolean handle_iptables_stop(StcManager *object, GVariant *return_parameters = NULL; STC_LOGI("stc manager stop"); + stc_set_keep_alive(TRUE); return_parameters = g_variant_new("(i)", STC_ERROR_NONE); @@ -457,6 +458,8 @@ gboolean handle_iptables_add_rule(StcRule *object, stc_error_e ret = STC_ERROR_NONE; GVariant *return_parameters = NULL; + stc_set_keep_alive(TRUE); + if (rules != NULL) { GVariantIter *iter = NULL; @@ -515,6 +518,8 @@ gboolean handle_iptables_insert_rule(StcRule *object, stc_error_e ret = STC_ERROR_NONE; GVariant *return_parameters = NULL; + stc_set_keep_alive(TRUE); + if (rules != NULL) { GVariantIter *iter = NULL; @@ -573,6 +578,8 @@ gboolean handle_iptables_remove_rule(StcRule *object, stc_error_e ret = STC_ERROR_NONE; GVariant *return_parameters = NULL; + stc_set_keep_alive(TRUE); + if (rules != NULL) { GVariantIter *iter = NULL; g_variant_get(rules, "a{sv}", &iter); @@ -630,6 +637,8 @@ gboolean handle_iptables_add_chain(StcChain *object, stc_error_e ret = STC_ERROR_NONE; GVariant *return_parameters = NULL; + stc_set_keep_alive(TRUE); + ret = iptables_add_chain(chain); if (ret < STC_ERROR_NONE) { STC_IPTABLES_DBUS_REPLY_ERROR(invocation, ret); //LCOV_EXCL_LINE @@ -655,6 +664,8 @@ gboolean handle_iptables_remove_chain(StcChain *object, stc_error_e ret = STC_ERROR_NONE; GVariant *return_parameters = NULL; + stc_set_keep_alive(TRUE); + ret = iptables_remove_chain(chain); if (ret < STC_ERROR_NONE) { STC_IPTABLES_DBUS_REPLY_ERROR(invocation, ret); //LCOV_EXCL_LINE @@ -680,6 +691,8 @@ gboolean handle_iptables_flush_chain(StcChain *object, stc_error_e ret = STC_ERROR_NONE; GVariant *return_parameters = NULL; + stc_set_keep_alive(TRUE); + ret = iptables_flush_chain(chain); if (ret < STC_ERROR_NONE) { STC_IPTABLES_DBUS_REPLY_ERROR(invocation, ret); //LCOV_EXCL_LINE @@ -705,6 +718,8 @@ gboolean handle_ip6tables_add_rule(StcRule *object, stc_error_e ret = STC_ERROR_NONE; GVariant *return_parameters = NULL; + stc_set_keep_alive(TRUE); + if (rules != NULL) { GVariantIter *iter = NULL; @@ -763,6 +778,8 @@ gboolean handle_ip6tables_insert_rule(StcRule *object, stc_error_e ret = STC_ERROR_NONE; GVariant *return_parameters = NULL; + stc_set_keep_alive(TRUE); + if (rules != NULL) { GVariantIter *iter = NULL; @@ -821,6 +838,8 @@ gboolean handle_ip6tables_remove_rule(StcRule *object, stc_error_e ret = STC_ERROR_NONE; GVariant *return_parameters = NULL; + stc_set_keep_alive(TRUE); + if (rules != NULL) { GVariantIter *iter = NULL; g_variant_get(rules, "a{sv}", &iter); @@ -878,6 +897,8 @@ gboolean handle_ip6tables_add_chain(StcChain *object, stc_error_e ret = STC_ERROR_NONE; GVariant *return_parameters = NULL; + stc_set_keep_alive(TRUE); + ret = ip6tables_add_chain(chain); if (ret < STC_ERROR_NONE) { STC_IPTABLES_DBUS_REPLY_ERROR(invocation, ret); //LCOV_EXCL_LINE @@ -903,6 +924,8 @@ gboolean handle_ip6tables_remove_chain(StcChain *object, stc_error_e ret = STC_ERROR_NONE; GVariant *return_parameters = NULL; + stc_set_keep_alive(TRUE); + ret = ip6tables_remove_chain(chain); if (ret < STC_ERROR_NONE) { STC_IPTABLES_DBUS_REPLY_ERROR(invocation, ret); //LCOV_EXCL_LINE @@ -928,6 +951,8 @@ gboolean handle_ip6tables_flush_chain(StcChain *object, stc_error_e ret = STC_ERROR_NONE; GVariant *return_parameters = NULL; + stc_set_keep_alive(TRUE); + ret = ip6tables_flush_chain(chain); if (ret < STC_ERROR_NONE) { STC_IPTABLES_DBUS_REPLY_ERROR(invocation, ret); //LCOV_EXCL_LINE diff --git a/src/stc-iptables.c b/src/stc-iptables.c index 96f26fc..cffa1e9 100755 --- a/src/stc-iptables.c +++ b/src/stc-iptables.c @@ -95,6 +95,18 @@ static void __stc_inotify_handler(struct inotify_event *event, } } +static gboolean __stc_timer_expired(gpointer data) +{ + if (g_stc_iptables->keep_alive) { + g_stc_iptables->keep_alive = FALSE; + return TRUE; + } + + g_main_loop_quit(g_stc_iptables->main_loop); + + return FALSE; +} + gint32 main(gint32 argc, gchar *argv[]) { GMainLoop *main_loop = NULL; @@ -106,8 +118,10 @@ gint32 main(gint32 argc, gchar *argv[]) setenv("GCOV_PREFIX", "/tmp/daemon", 1); #endif +/* if (daemon(0, 0) != 0) STC_LOGE("Can't start daemon"); //LCOV_EXCL_LINE +*/ /* Initialize required subsystems */ #if !GLIB_CHECK_VERSION(2, 35, 0) @@ -127,6 +141,9 @@ gint32 main(gint32 argc, gchar *argv[]) goto fail; g_stc_iptables->main_loop = main_loop; + g_stc_iptables->timer = g_timeout_add_seconds(10, __stc_timer_expired, NULL); + g_stc_iptables->keep_alive = FALSE; + /* Run the main loop */ g_main_loop_run(main_loop); @@ -150,10 +167,15 @@ stc_iptables_s *stc_get_iptables(void) { return g_stc_iptables; } -//LCOV_EXCL_STOP void stc_stop_iptables(void) { if (g_stc_iptables && g_stc_iptables->main_loop) g_main_loop_quit(g_stc_iptables->main_loop); } + +void stc_set_keep_alive(gboolean keep_alive) +{ + g_stc_iptables->keep_alive = keep_alive; +} +//LCOV_EXCL_STOP