From: Nishant Chaprana Date: Fri, 8 Dec 2017 08:49:36 +0000 (+0530) Subject: Added dbus methods to flush existing chains. X-Git-Tag: submit/tizen/20171211.072253~3 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=ce7163b581d07ca3ba87f1d4910a8f9fba4fc3ab;p=platform%2Fcore%2Fconnectivity%2Fstc-iptables.git Added dbus methods to flush existing chains. Below methods are added on dbus interface. i) IptFlushChain ii) Ip6tFlushChain Change-Id: I29361263c8d1badb8785524b6b55ba4c5c28f4a7 Signed-off-by: Nishant Chaprana --- diff --git a/include/stc-iptables-util.h b/include/stc-iptables-util.h index 55de31d..0f3d919 100755 --- a/include/stc-iptables-util.h +++ b/include/stc-iptables-util.h @@ -83,6 +83,11 @@ gboolean handle_iptables_remove_chain(StcChain *object, const gchar *chain, void *user_data); +gboolean handle_iptables_flush_chain(StcChain *object, + GDBusMethodInvocation *invocation, + const gchar *chain, + void *user_data); + /* ip6tables */ gboolean handle_ip6tables_add_rule(StcRule *object, GDBusMethodInvocation *invocation, @@ -104,4 +109,9 @@ gboolean handle_ip6tables_remove_chain(StcChain *object, const gchar *chain, void *user_data); +gboolean handle_ip6tables_flush_chain(StcChain *object, + GDBusMethodInvocation *invocation, + const gchar *chain, + void *user_data); + #endif /* __STC_IPTABLES_UTIL_H__ */ diff --git a/interfaces/stc-iptables-iface.xml b/interfaces/stc-iptables-iface.xml index 7996cea..9f07458 100755 --- a/interfaces/stc-iptables-iface.xml +++ b/interfaces/stc-iptables-iface.xml @@ -30,6 +30,10 @@ + + + + @@ -38,5 +42,9 @@ + + + + diff --git a/packaging/stc-iptables.spec b/packaging/stc-iptables.spec index 2a00b7c..c1df6d8 100644 --- a/packaging/stc-iptables.spec +++ b/packaging/stc-iptables.spec @@ -1,6 +1,6 @@ Name: stc-iptables Summary: STC(Smart Traffic Control) iptables -Version: 0.0.3 +Version: 0.0.4 Release: 0 Group: Network & Connectivity/Other License: GPL-2.0+ diff --git a/src/helper/helper-ip6tables.c b/src/helper/helper-ip6tables.c index 128787f..d5fb408 100755 --- a/src/helper/helper-ip6tables.c +++ b/src/helper/helper-ip6tables.c @@ -292,3 +292,37 @@ int ip6tables_remove_chain(const char *chain) STC_LOGI("Success removing chain"); return STC_ERROR_NONE; } + +int ip6tables_flush_chain(const char *chain) +{ + ip6t_handle_t *handle; + + handle = ip6tc_init(IP6TC_TABLE); + if (handle == NULL) { + STC_LOGE("ip6tc_init failed [%s]", ip6tc_strerror(errno)); + return STC_ERROR_OPERATION_FAILED; + } + + if (!ip6tc_is_chain(chain, handle)) { + STC_LOGW("chain not present"); + ip6tc_free(handle); + return STC_ERROR_NONE; + } + + if(!ip6tc_flush_entries(chain, handle)) { + STC_LOGE("Failed to flush chain [%s]", ip6tc_strerror(errno)); + ip6tc_free(handle); + return STC_ERROR_OPERATION_FAILED; + } + + if (!ip6tc_commit(handle)) { + STC_LOGE("Failed to ip6tc_commit [%s]", ip6tc_strerror(errno)); + ip6tc_free(handle); + return STC_ERROR_OPERATION_FAILED; + } + + ip6tc_free(handle); + + STC_LOGI("Success removing chain"); + return STC_ERROR_NONE; +} diff --git a/src/helper/helper-ip6tables.h b/src/helper/helper-ip6tables.h index 4ca0438..ff9e873 100755 --- a/src/helper/helper-ip6tables.h +++ b/src/helper/helper-ip6tables.h @@ -73,4 +73,10 @@ int ip6tables_add_chain(const char *chain); */ int ip6tables_remove_chain(const char *chain); +/** + * @desc This function flushes all ip6tables rules in chain. + * @return 0 on success and negative value if error. + */ +int ip6tables_flush_chain(const char *chain); + #endif /*__STC_HELPER_IP6TABLES_H__*/ diff --git a/src/helper/helper-iptables.c b/src/helper/helper-iptables.c index 1c3cc00..9d45d70 100755 --- a/src/helper/helper-iptables.c +++ b/src/helper/helper-iptables.c @@ -292,3 +292,37 @@ int iptables_remove_chain(const char *chain) STC_LOGI("Success removing chain"); return STC_ERROR_NONE; } + +int iptables_flush_chain(const char *chain) +{ + ipt_handle_t *handle; + + handle = iptc_init(IPTC_TABLE); + if (handle == NULL) { + STC_LOGE("iptc_init failed [%s]", iptc_strerror(errno)); + return STC_ERROR_OPERATION_FAILED; + } + + if (!iptc_is_chain(chain, handle)) { + STC_LOGW("chain not present"); + iptc_free(handle); + return STC_ERROR_NONE; + } + + if (!iptc_flush_entries(chain, handle)) { + STC_LOGE("Failed to flush chain [%s]", iptc_strerror(errno)); + iptc_free(handle); + return STC_ERROR_OPERATION_FAILED; + } + + if (!iptc_commit(handle)) { + STC_LOGE("Failed to iptc_commit [%s]", iptc_strerror(errno)); + iptc_free(handle); + return STC_ERROR_OPERATION_FAILED; + } + + iptc_free(handle); + + STC_LOGI("Success flushing chain"); + return STC_ERROR_NONE; +} diff --git a/src/helper/helper-iptables.h b/src/helper/helper-iptables.h index a306b9f..c74ecb3 100755 --- a/src/helper/helper-iptables.h +++ b/src/helper/helper-iptables.h @@ -73,4 +73,10 @@ int iptables_add_chain(const char *chain); */ int iptables_remove_chain(const char *chain); +/** + * @desc This function flushes all iptables rules in chain. + * @return 0 on success and negative value if error. + */ +int iptables_flush_chain(const char *chain); + #endif /*__STC_HELPER_IPTABLES_H__*/ diff --git a/src/stc-iptables-gdbus.c b/src/stc-iptables-gdbus.c index 525262a..9b7b2d8 100755 --- a/src/stc-iptables-gdbus.c +++ b/src/stc-iptables-gdbus.c @@ -44,6 +44,10 @@ static gboolean __stc_iptables_gdbus_chain_init(stc_iptables_s *stc_iptables) G_CALLBACK(handle_iptables_remove_chain), stc_iptables); + g_signal_connect(chain, "handle-ipt-flush-chain", + G_CALLBACK(handle_iptables_flush_chain), + stc_iptables); + g_signal_connect(chain, "handle-ip6t-add-chain", G_CALLBACK(handle_ip6tables_add_chain), stc_iptables); @@ -52,6 +56,10 @@ static gboolean __stc_iptables_gdbus_chain_init(stc_iptables_s *stc_iptables) G_CALLBACK(handle_ip6tables_remove_chain), stc_iptables); + g_signal_connect(chain, "handle-ip6t-flush-chain", + G_CALLBACK(handle_ip6tables_flush_chain), + stc_iptables); + g_dbus_object_manager_server_export(stc_iptables->obj_mgr, G_DBUS_OBJECT_SKELETON(object)); g_object_unref(object); diff --git a/src/stc-iptables-util.c b/src/stc-iptables-util.c index 82cfefd..7dd1638 100755 --- a/src/stc-iptables-util.c +++ b/src/stc-iptables-util.c @@ -275,6 +275,31 @@ gboolean handle_iptables_remove_chain(StcChain *object, return TRUE; } +gboolean handle_iptables_flush_chain(StcChain *object, + GDBusMethodInvocation *invocation, + const gchar *chain, + void *user_data) +{ + __STC_LOG_FUNC_ENTER__; + stc_error_e ret = STC_ERROR_NONE; + GVariant *return_parameters = NULL; + + ret = iptables_flush_chain(chain); + if (ret < STC_ERROR_NONE) { + STC_IPTABLES_DBUS_REPLY_ERROR(invocation, ret); + __STC_LOG_FUNC_EXIT__; + return TRUE; + } + + return_parameters = g_variant_new("(i)", STC_ERROR_NONE); + + STC_DEBUG_GDBUS_VARIANT("Return parameters: ", return_parameters); + STC_IPTABLES_DBUS_REPLY(invocation, return_parameters); + + __STC_LOG_FUNC_EXIT__; + return TRUE; +} + gboolean handle_ip6tables_add_rule(StcRule *object, GDBusMethodInvocation *invocation, GVariant *rules, @@ -427,3 +452,28 @@ gboolean handle_ip6tables_remove_chain(StcChain *object, __STC_LOG_FUNC_EXIT__; return TRUE; } + +gboolean handle_ip6tables_flush_chain(StcChain *object, + GDBusMethodInvocation *invocation, + const gchar *chain, + void *user_data) +{ + __STC_LOG_FUNC_ENTER__; + stc_error_e ret = STC_ERROR_NONE; + GVariant *return_parameters = NULL; + + ret = ip6tables_flush_chain(chain); + if (ret < STC_ERROR_NONE) { + STC_IPTABLES_DBUS_REPLY_ERROR(invocation, ret); + __STC_LOG_FUNC_EXIT__; + return TRUE; + } + + return_parameters = g_variant_new("(i)", STC_ERROR_NONE); + + STC_DEBUG_GDBUS_VARIANT("Return parameters: ", return_parameters); + STC_IPTABLES_DBUS_REPLY(invocation, return_parameters); + + __STC_LOG_FUNC_EXIT__; + return TRUE; +}