Jukka Rissanen [Mon, 25 Mar 2013 10:32:43 +0000 (12:32 +0200)]
service: Send IP config changed signal in disconnect
We did not send the IP config changed signal during disconnect.
This can confuse the dbus signal listeners.
Fixes BMC#25989
Jukka Rissanen [Mon, 25 Mar 2013 10:32:42 +0000 (12:32 +0200)]
service: Only send correct ipconfig changed signal
If we are changing IPv4 config, then send only IPv4 changed signal
and not the IPv6 one. Same is done for IPv6 config when it changes.
Jukka Rissanen [Mon, 25 Mar 2013 09:58:32 +0000 (11:58 +0200)]
config: Allow user to specify how IP address is used
If IPv4 address is missing then DHCPv4 is used. If IPv6 address is missing,
then SLAAC or DHCPv6 is used. This was specified in doc/config-format.txt
but implementation was missing.
We also allow the IP address to contain "off", "dhcp" or "auto" string,
so user can specify how the IP address can be set for the interface.
Fixes BMC#25985
Daniel Wagner [Tue, 19 Mar 2013 12:46:34 +0000 (13:46 +0100)]
iptables-unit: Add firewall API tests
Daniel Wagner [Tue, 19 Mar 2013 12:46:33 +0000 (13:46 +0100)]
firewall: Maintain iptables rules in dedicated ConnMan chains
Instead appending ConnMan iptables rules into the builtin chains
we append them into chains managed by ConnMan.
If a rule needs to be inserted into a bultin chain, ConnMan
will create a 'connman-' prefixed builtin chain name and appends
the user rules there. Then ConnMan will insert a unconditional jump
rule in the builtin chain.
Basically,
iptables -t filter -A INPUT -m mark --mark 1 -j LOG
will be translated to this:
iptables -t filter -N connman-INPUT
iptables -t filter -A connman-INPUT -m mark --mark 1 -j LOG
iptables -t filter -I INPUT -j connman-INPUT
When the last rule in a managed chain is removed, the managed
chain will also be removed.
Daniel Wagner [Tue, 19 Mar 2013 12:46:32 +0000 (13:46 +0100)]
firewall: Add firewall API
The main idea behind this API is to collect several iptables rules
together and enable or disable in one go.
For this a context is created via __connman_firewall_create() and
the rules added to this context via __connman_firewall_add_rule().
In order to append all rules __connman_firewall_enable() has
to be called. To remove all rules associated with one context
__connman_firewall_disable() has to be used.
If something goes awry the code tries to get back to the initial
state.
Daniel Wagner [Tue, 19 Mar 2013 12:46:31 +0000 (13:46 +0100)]
firewall: Flush managed chains
ConnMan maintains its own chain per builtin chain. The managed
chain have a prefix 'connman-' and one rule in the corresponding
builtin chain which jumps uncoditional to the managed chain.
In case ConnMan crashed we need to cleanup first.
Daniel Wagner [Tue, 19 Mar 2013 12:46:30 +0000 (13:46 +0100)]
firewall: Add firewall file
Daniel Wagner [Tue, 19 Mar 2013 12:46:29 +0000 (13:46 +0100)]
iptables: Add chain iterator
We will implement the ConnMan iptables specific part in a different
file and leave the iptables.c file as small as possible.
Therefore, we move the flushing part out, but we need a way to
find our chains on bootup (left over from a crash). Let's add an
interater which walks over all chains which allows a higher level
to find the chains it is looking for (e.g. connman-INPUT)
Daniel Wagner [Tue, 19 Mar 2013 12:46:28 +0000 (13:46 +0100)]
session: Add callback helpers
There is a common pattern when writing a callback function. Let's
add a few helper for this.
It is added to session.h because apart from the core also
the session_policy_local.c will make use of it.
This is shamelessly stolen from oFono.
Daniel Wagner [Tue, 19 Mar 2013 12:46:27 +0000 (13:46 +0100)]
iptables-test: Add insert support
Daniel Wagner [Tue, 19 Mar 2013 12:46:26 +0000 (13:46 +0100)]
iptables: Add __connman_iptables_insert()
This was wrongly removed with commit
161efbae
Daniel Wagner [Tue, 19 Mar 2013 12:46:25 +0000 (13:46 +0100)]
iptables: Prepare rule to be inserted or appended
Add a boolean helper to distinguish between insert and append operations.
When chain_head == chain_tail->prev, the builtin chain is empty which makes
an intended append operation equivalent to an insert operation.
Jukka Rissanen [Fri, 22 Mar 2013 14:15:19 +0000 (16:15 +0200)]
dnsproxy: Make sure we are not accessing null hash
If dnsproxy is not in use, like when connman has been started
with -r option, then the listener_table will be NULL which can
cause crash in hash table lookup call.
Daniel Wagner [Mon, 18 Mar 2013 15:18:12 +0000 (16:18 +0100)]
iptables-unit: Check if rules are inserted/removed
Optionally use iptables-save to check if the rules are installed or
removed on the system instead of relying only on the returned iptables
error code.
Do notice that running tools/iptables-unit will modify and delete existing
iptables firewall rules on your system. Use iptables-unit with caution!
Daniel Wagner [Tue, 19 Mar 2013 12:33:36 +0000 (14:33 +0200)]
build: Run ippool test during make distcheck
test-ippool is a pure unit test can therefore be part of the
distcheck target.
Daniel Wagner [Tue, 19 Mar 2013 12:33:23 +0000 (14:33 +0200)]
test-ippool: Update unit test printouts
Tomasz Bursztyka [Fri, 15 Mar 2013 07:04:19 +0000 (09:04 +0200)]
neard: RequestOOB() method sends empty dictionary
Reported by Ravikumar Veeramally
Daniel Wagner [Tue, 12 Mar 2013 17:16:47 +0000 (18:16 +0100)]
iptables: Allocated memory blocks are already zerod out
entry_head and entry_return are allocated via g_try_malloc0().
Daniel Wagner [Tue, 12 Mar 2013 17:16:46 +0000 (18:16 +0100)]
iptables: Factor out duplicated update hook code
After removing one or more rules the builtin hooks need to be updated
accordingly. iptables_flush_chain() and iptables_delete_rule()
share a common code part.
Daniel Wagner [Tue, 12 Mar 2013 17:16:45 +0000 (18:16 +0100)]
iptables: Fix invalid access to list after removing first rule
The list pointer is invalid after remove_table_entry(). Since
we entering the 'if' body only for the first rule in a builtin
chain we can safely update list to point to the next element.
Daniel Wagner [Tue, 12 Mar 2013 17:16:44 +0000 (18:16 +0100)]
iptables: Rename pre_load_table() to get_table()
The second argument is not used anymore, let's remove it. The funciton
name doesn't really match to its implementation, so it's also time
to rename it.
Daniel Wagner [Tue, 12 Mar 2013 17:16:43 +0000 (18:16 +0100)]
iptables: Improve debug log output
We need to see a bit more in detail what happens when
CONNMAN_IPTABLES_DEBUG is not set, for example the removing/flushing
during bootup.
Also remove the DBG() from parse_rule_spec() because all callers
already have a DBG(). So not much additional information here.
Daniel Wagner [Tue, 12 Mar 2013 17:16:42 +0000 (18:16 +0100)]
iptables: Lookup in table hash before module loading
pre_load_table() is called always with table == NULL, we end up
keep trying to load the kernel modules even though the table
is already loaded. Therefore, move the lookup one level up.
Daniel Wagner [Tue, 12 Mar 2013 17:16:41 +0000 (18:16 +0100)]
iptables: Use glib function for string operations
Streamline this file with the rest of ConnMan's code base.
Daniel Wagner [Tue, 12 Mar 2013 17:16:40 +0000 (18:16 +0100)]
iptables: Drop support for xtables < 1.4.11
The API changed between 1.4.10 (version code 5) and 1.4.11 (version code 6)
and we needed to workaround with a bunch of ugly ifdefs. 1.4.11 was
released on 26.05.2011 and even Debian testing ships 1.4.14 these days.
Daniel Wagner [Tue, 12 Mar 2013 17:16:38 +0000 (18:16 +0100)]
iptables-unit: Add debug option
It is impossible to see the normal unit test output with all
DBG() enabled by default.
Daniel Wagner [Tue, 12 Mar 2013 17:16:37 +0000 (18:16 +0100)]
iptables-test: Use iptables implementation from core
With the recent changes to iptables.c and the new API iptables-test.c
and iptables.c started to diverge and it is not really possible to
keep those two files in sync. Instead we start using the new API.
Unfortunatly, we need to partially parse argv and concatinate the rest
again together. This is ugly but not much we can do about it.
Daniel Wagner [Tue, 12 Mar 2013 17:16:36 +0000 (18:16 +0100)]
iptables: Add __connman_iptables_dump()
In order to allow our test tool iptables-tests to dump a table
we need an dump function. The only user will be this tool. That allows
the linker to remove this code, so no additional code size.
Daniel Wagner [Tue, 12 Mar 2013 17:16:35 +0000 (18:16 +0100)]
build: Ignore iptables-unit and session-test in tools directory
Daniel Wagner [Tue, 12 Mar 2013 17:16:33 +0000 (18:16 +0100)]
test-session: Move file to tools and rename it to session-test
These tests depens on ConnMan running and therefore not really a
unit tests. Let's move it to tools.
Daniel Wagner [Tue, 12 Mar 2013 17:16:32 +0000 (18:16 +0100)]
test-iptables: Move file to tools and rename it to iptables-unit
Unit tests are suppessed to be run during 'make distcheck' but
iptables-unit needs to be run with root rights.
Jukka Rissanen [Wed, 13 Mar 2013 08:33:27 +0000 (10:33 +0200)]
doc: Information about activating debugging in ConnMan
Jukka Rissanen [Tue, 12 Mar 2013 14:41:59 +0000 (16:41 +0200)]
service: User cannot modify immutable service
If the service is provisioned via .config file, then user is only
able to set the AutoConnect status of the service. All the other
settings must be set from the .config file.
Fixes BMC#25984
Jukka Rissanen [Thu, 7 Mar 2013 16:13:45 +0000 (18:13 +0200)]
vpn: Make sure vpn connection really exists before removing it
Jukka Rissanen [Thu, 7 Mar 2013 16:13:44 +0000 (18:13 +0200)]
vpn: Check whether we have already removed the provider
The dbus messages from vpnd might come in different order so make
sure we are not trying to access already removed provider.
Jukka Rissanen [Thu, 7 Mar 2013 16:13:43 +0000 (18:13 +0200)]
vpn: Add debug information when vpn state changes
Jukka Rissanen [Thu, 7 Mar 2013 16:13:42 +0000 (18:13 +0200)]
vpn: Remove VPN provider from service list when destroying it
When provider is destroyed in vpnd, we get a notification about
that. We must then remove the provider which will also unref it
so the provider data will get removed properly.
Old code just unreffed the provider but it was left hanging in
service list.
Jukka Rissanen [Thu, 7 Mar 2013 16:13:41 +0000 (18:13 +0200)]
provider: New provider removal function callable from vpn plugin
Jukka Rissanen [Thu, 7 Mar 2013 16:13:40 +0000 (18:13 +0200)]
provider: Change the name of provider remove function
Following patch will introduce provider remove function that can
be used from vpn plugin so rename the current removal function to
reflect better its usage.
Jukka Rissanen [Thu, 7 Mar 2013 16:13:39 +0000 (18:13 +0200)]
vpn-config: Ignore IN_CREATE as IN_MODIFY is called anyway
Inotify will send modify event after create event when user has
copied the config file into config directory. Because of this
it is useless to act on create event. As a bonus we avoid
create/modify/create loop that was earlier done in the modify event
handling code.
Jukka Rissanen [Thu, 7 Mar 2013 16:13:38 +0000 (18:13 +0200)]
vpn: Clear the data pointer from provider when destroying
If the data pointer is left around, then vpn plugin might
accidentally use it if dbus messages are received after
we have cleared the vpn connection.
Jukka Rissanen [Tue, 5 Mar 2013 14:06:23 +0000 (16:06 +0200)]
vpn-provider: Do not save or load provisioned VPN connections
The vpnd will not read or save provider data from disk. Only
way to provision VPN is by setting necessary data in VPN .config
file.
Jukka Rissanen [Tue, 5 Mar 2013 14:06:22 +0000 (16:06 +0200)]
vpn-provider: SetProperty and ClearProperty do not work if immutable
Immutable VPN connection settings cannot be changed by SetProperty or
ClearProperty dbus API.
Jukka Rissanen [Tue, 5 Mar 2013 14:06:21 +0000 (16:06 +0200)]
vpn-provider: Introduce immutable flag to provider data
Jukka Rissanen [Tue, 5 Mar 2013 14:06:20 +0000 (16:06 +0200)]
vpn-provider: Do not allow changes to settings that are immutable
The immutable settings are those that are read from .config file.
Jukka Rissanen [Tue, 5 Mar 2013 14:06:19 +0000 (16:06 +0200)]
service: Send signal only if immutable flag value changes
Jukka Rissanen [Tue, 5 Mar 2013 14:06:18 +0000 (16:06 +0200)]
vpn: Set immutable flag of the VPN service
Jukka Rissanen [Tue, 5 Mar 2013 14:06:17 +0000 (16:06 +0200)]
provider: Function to set the immutable flag
Jukka Rissanen [Tue, 5 Mar 2013 14:06:16 +0000 (16:06 +0200)]
vpn: Remember the immutable flag from vpnd
Jukka Rissanen [Tue, 5 Mar 2013 14:06:15 +0000 (16:06 +0200)]
test: Pretty print the error when trying to set/unset VPN property
Jukka Rissanen [Tue, 5 Mar 2013 14:06:14 +0000 (16:06 +0200)]
doc: Describe immutable flag for VPN connection
The immutable flag is set if the VPN connection is provisioned
via a .config file. The VPN connection can be removed only by
removing the .config file from /var/lib/connman-vpn directory.
Jukka Rissanen [Thu, 7 Mar 2013 10:34:42 +0000 (12:34 +0200)]
vpn-provider: Do not quit vpnd if there are no VPN configurations
Because we now support provisioning of VPN services via .config file,
we need to keep vpnd running so that it can monitor the connman-vpn
directory for new config files.
Jukka Rissanen [Thu, 7 Mar 2013 08:56:51 +0000 (10:56 +0200)]
doc: Typo fixes in the documentation
Fixes BMC#25978
Jukka Rissanen [Thu, 7 Mar 2013 08:24:37 +0000 (10:24 +0200)]
device: Check positive device filter correctly
The -i or --device command line option contains the device names
that we should use. Unfortunately the check fails if there are
multiple interfaces in that list and we ignore the interfaces instead.
Fixes BMC#25979
Daniel Wagner [Wed, 6 Mar 2013 15:08:55 +0000 (16:08 +0100)]
iptables: Fix rule appending
Commit
ba052f1f "iptables: Add split out iptables commands"
introduced a bug. __connman_iptables_append() should
call iptables_append_rule() instead of iptables_insert_rule().
Daniel Wagner [Wed, 6 Mar 2013 15:08:54 +0000 (16:08 +0100)]
iptables: Valid policies are only ACCEPT and DROP
Daniel Wagner [Wed, 6 Mar 2013 15:08:53 +0000 (16:08 +0100)]
iptables: Fix setting policy
The policy is kept at the end of the chain not at the beginning.
Currently, the code assumes that the builtin chain is empty.
Daniel Wagner [Wed, 6 Mar 2013 15:08:52 +0000 (16:08 +0100)]
iptables: Always update options table
The linked list is tracking all loading modules. Since we do not
unload once they are loaded (xtables does not support this), we
might up leaving prepare_matches() before we update the
option table. Since we carefully reset the global xtable state
after executing one rule, this check is wrong, e.g. if we add
to similar rules (same matches (mark, nfacct)). In this case
the second rule would not be parsed correctly. Nasty nasty iptables parser!
Daniel Wagner [Wed, 6 Mar 2013 15:08:51 +0000 (16:08 +0100)]
iptables: Do not flush in the wrong order
Daniel Wagner [Wed, 6 Mar 2013 15:08:50 +0000 (16:08 +0100)]
iptables: Fix and refactor iterate_entries()
Updating the builtin and hook index is more complex then one
would expect. In order to be able to update them correctly
we need also to pass in the underflow table to the iterate
function. To improve the readability the valid_hook magic
has been moved into next_hook_entry_index() which does exactly
as the name says.
Daniel Wagner [Wed, 6 Mar 2013 15:08:49 +0000 (16:08 +0100)]
iptables: Fix is_fallthrough() check
A fallthrough rule is one which has the default target name,
does not have a verdict and is not a jump rule.
is_fallthrough() is called excluslive from the insert path,
thus the value of verdict will be 0 for a fallthrough rule.
Jukka Rissanen [Wed, 6 Mar 2013 08:39:59 +0000 (10:39 +0200)]
build: vpn-property test script was missing from build
Forest Bond [Wed, 5 Dec 2012 21:44:27 +0000 (16:44 -0500)]
service: Restart wispr on nameserver change
This is needed to make a service go online in the case where it was
already connected and then manual IPv4 & nameservers settings are
applied. In that case, wispr is restarted with the new IP settings, but
the nameservers have not been set yet, so the wispr test fails and the
service remains in ready state.
Tomasz Bursztyka [Fri, 1 Mar 2013 11:17:58 +0000 (13:17 +0200)]
wifi: Preliminary fix for autoscanning known hidden SSIDs
Currently, it relies on max_ssids to know how many SSIDs it can provide as
paremeters. However, patch
6af0579c434058536fb40480f40f5e9895cfe863, which
fixes an issue about fast scanning, affects such feature.
Therefore, as a default, it will fallback to 1 if given max_ssids is 0.
There is still the issue that it will autoscan only max_ssid (1 or more)
known hidden SSIDs. This need to be fixed.
Reported by Sameer Naik
Jukka Rissanen [Thu, 28 Feb 2013 09:00:02 +0000 (11:00 +0200)]
vpn-provider: Parse user networks correctly
Check NULL string before passing it to g_strsplit()
Tomasz Bursztyka [Wed, 27 Feb 2013 09:17:40 +0000 (11:17 +0200)]
neard: Use a timeout instead of DBUS_TIMEOUT_USE_DEFAULT for compatibility
DBUS_TIMEOUT_USE_DEFAULT appeared in dbus-1.4.12, but earlier dbus versions
are still in use in some distributions like Fedora 17.
Marcel Holtmann [Tue, 26 Feb 2013 13:01:53 +0000 (05:01 -0800)]
Release 1.12
Jukka Rissanen [Mon, 25 Feb 2013 08:09:00 +0000 (10:09 +0200)]
doc: Fix the path to VPN config files
The correct default path is /var/lib/connman-vpn
Tomasz Bursztyka [Tue, 26 Feb 2013 10:53:38 +0000 (12:53 +0200)]
doc: Update overview-api.txt
- Introduce the user to per SSID/Security Wifi networks grouping
- Agent is no longer a future feature and user should be aware of how
required information can be provided when connecting to a service.
Patrik Flykt [Tue, 26 Feb 2013 10:54:08 +0000 (12:54 +0200)]
dundee: Increase timeout to 60 seconds
D-Bus method calls to may trigger pairing and/or pop up a dialog
in the remote Bluetooth device to which the user needs to react.
Patrik Flykt [Tue, 26 Feb 2013 10:52:55 +0000 (12:52 +0200)]
bluetooth_legacy: Increase Bluez 4 plugin timeout to 60 seconds
D-Bus method calls to Bluez 4 may trigger pairing and/or pop up a
dialog in the remote device to which the user needs to react.
Patrik Flykt [Tue, 26 Feb 2013 10:18:54 +0000 (12:18 +0200)]
gsupplicant: Increase D-Bus timeout to 30 seconds
Tomasz Bursztyka [Mon, 25 Feb 2013 12:11:10 +0000 (14:11 +0200)]
neard: Add partial support for wifi provisionning via NFC
PushOOB() method implementation. Currently only basic open/psk based
provisioning is supported.
Tomasz Bursztyka [Mon, 25 Feb 2013 15:49:50 +0000 (17:49 +0200)]
config: Add a function to provision mutable service
The point here is to create a virtual configuration, which does not come
from a real file. This is a handy way for plugins to be able to provision
services without creating any file on the FS.
In case of a wifi configuration type and if connect is requested, it will
trigger a scan, thus leading to a possible service being provisioned by
such virtual configuration. If so and if connect was requested: the service
will be asked to connect.
Tomasz Bursztyka [Mon, 25 Feb 2013 12:11:08 +0000 (14:11 +0200)]
config: Make load service from each keyfile group as a function
Tomasz Bursztyka [Mon, 25 Feb 2013 12:11:07 +0000 (14:11 +0200)]
config: Remove superfluous error code
It simplifies the code removing uselesse variable, moreover such variable
has the same name as an existing label in the same function.
Tomasz Bursztyka [Mon, 25 Feb 2013 12:11:06 +0000 (14:11 +0200)]
neard: Add neard plugin with tethering info sharing support
Implement also RequestOOB() neard Agent method.
Tomasz Bursztyka [Mon, 25 Feb 2013 12:11:05 +0000 (14:11 +0200)]
technology: Provide a function to get WiFi tethering information
Marcel Holtmann [Mon, 25 Feb 2013 14:18:02 +0000 (15:18 +0100)]
gsupplicant: Remove pointless timeout constant
Tomasz Bursztyka [Fri, 8 Feb 2013 13:58:10 +0000 (15:58 +0200)]
gdbus: Always unreference the message in g_dbus_send_message()
A quick fix on g_dbus_send_message(), if check_signal() fails it returns
FALSE without unreferencing the message as it should. This patch fixes
it.
Jukka Rissanen [Fri, 22 Feb 2013 11:47:57 +0000 (13:47 +0200)]
config: Run service autoconnect after provisioning the wifi service
We trigger autoconnect request in service after the wifi service
has been provisioned. This is useful in headless systems where
there is no user to trigger the connect to provisioned service,
and it might take some time before system autoconnect is run.
Jukka Rissanen [Fri, 22 Feb 2013 11:47:56 +0000 (13:47 +0200)]
config: Add ethernet provisioning support
Jukka Rissanen [Fri, 22 Feb 2013 11:47:55 +0000 (13:47 +0200)]
config: Support static IP address for wifi service
Jukka Rissanen [Fri, 22 Feb 2013 11:47:54 +0000 (13:47 +0200)]
service: Refactor ipconfig setter
Done so that the function can be called also from config.c
The idea is that if ethernet .config file is removed,
we are able to clear the interface properly.
Jukka Rissanen [Fri, 22 Feb 2013 11:47:53 +0000 (13:47 +0200)]
ipconfig: Add function to set the IPv6 privacy option
Jukka Rissanen [Fri, 22 Feb 2013 11:47:52 +0000 (13:47 +0200)]
service: Add function to set timeservers
Jukka Rissanen [Fri, 22 Feb 2013 11:47:51 +0000 (13:47 +0200)]
service: Add function to manipulate DNS search domains
Jukka Rissanen [Fri, 22 Feb 2013 11:47:50 +0000 (13:47 +0200)]
service: Add function to manipulate ignore flag
Jukka Rissanen [Fri, 22 Feb 2013 11:47:49 +0000 (13:47 +0200)]
doc: Ethernet provisioning support
Julien Massot [Thu, 21 Feb 2013 17:23:07 +0000 (18:23 +0100)]
gsupplicant: Set the scan callback in g_supplicant_interface_scan
The callback is required to properly handle scanning errors reported
by wpa_supplicant through the scan_done signal.
Steps to reproduce:
1. Set a country code to the WiFi card which have more frequencies
allowed than the world roaming allow.
2. Connect to a WiFi network not available in the world roaming setup.
3. Stop connman.
4. Change the country code to 00, be sure the frequencies use in step 2.
is no longer allowed. Take care of cfg80211 authorize frequencies when
beacons are received, I prefer using mac80211_hwsim from here to avoid
side effects about beacon reception.
5. Start connman again.
Now ConnMan is stuck in scanning state as the scan_fast method of
plugins/wifi.c is called with a forbidden frequency.
wpa_supplicant returns an error received in "gsupplicant/supplicant.c:
signal_scan_done", where the code enters 'if (success == FALSE)' but
unfortunately scan_callback is NULL at this point as the scan_callback is
normally set in interface_scan_result().
Daniel Wagner [Thu, 21 Feb 2013 16:42:33 +0000 (17:42 +0100)]
iptables: Merge clear_tables_flags() and reset_xtables()
Both function reset the xtables library. So let's do this
at the same place.
Daniel Wagner [Thu, 21 Feb 2013 16:42:32 +0000 (17:42 +0100)]
iptables: Free table pointer
And also use g_strv_length() to count the number of entries.
Thanks Tomasz!
Daniel Wagner [Thu, 21 Feb 2013 16:42:31 +0000 (17:42 +0100)]
iptables: Free match rules
We forgot to free the match rules.
Daniel Wagner [Thu, 21 Feb 2013 16:42:30 +0000 (17:42 +0100)]
iptables: Reset pointer after freeing
The match or the target might be reused in the next invocation
of iptables and then xtables operates on this invalid pointer.
xt_t->t and xt_m->m are keept alive via the global variables
xtables_targets and xtables_matches.
Daniel Wagner [Thu, 21 Feb 2013 16:42:29 +0000 (17:42 +0100)]
iptables: Reinitialize global parser table
xtables modifies the global parse table and allocates additional
memory. If that happens we need to free it afterwards.
Daniel Wagner [Thu, 21 Feb 2013 16:42:28 +0000 (17:42 +0100)]
iptables: Free xtables entry when removing one entry from the table
Daniel Wagner [Thu, 21 Feb 2013 16:42:27 +0000 (17:42 +0100)]
test-iptables: Fix memory leak
Daniel Wagner [Thu, 21 Feb 2013 16:42:26 +0000 (17:42 +0100)]
test-iptables: Delete all rules in target0
Patrik Flykt [Wed, 20 Feb 2013 11:53:36 +0000 (13:53 +0200)]
client: Remove the now obsolete command parsing functions