Daniel Wagner [Thu, 18 Apr 2013 07:07:27 +0000 (09:07 +0200)]
dbus: Add connman_dbus_get_connnection_unix_user()
The UID is fetched via org.freedesktop.DBus.GetConnectionUnixUser D-Bus
method call.
Daniel Wagner [Thu, 18 Apr 2013 07:07:26 +0000 (09:07 +0200)]
dbus: Refactor callback helper struct
The helper struct will be used by a new dbus function which uses
a different callback signature. Therefore, we need to use a
void pointer for storing the callback.
Daniel Wagner [Thu, 18 Apr 2013 07:07:25 +0000 (09:07 +0200)]
session: Do not fail when creating default policy configuration
Do not handle the small alloc failures because glib will abort
when memory is tight anyway.
Daniel Wagner [Thu, 18 Apr 2013 07:07:24 +0000 (09:07 +0200)]
session: Change to "func_t" postfix to callback typedef
Streamline the callback typedefs with the rest of the code.
Daniel Wagner [Thu, 18 Apr 2013 07:07:23 +0000 (09:07 +0200)]
session_policy_local: Use callback helpers
Use the generic callback helpers to encapsulate struct create_data.
In a later patch we will add some more data elemets to struct
create_data. That is the reason why it is not remove here.
Daniel Wagner [Tue, 9 Apr 2013 16:13:13 +0000 (18:13 +0200)]
session_policy_local: Load policy when a new file is added
When a file is added (not modified) we need to parse it as well
Daniel Wagner [Tue, 9 Apr 2013 16:13:12 +0000 (18:13 +0200)]
session_policy_local: Do not free policy on load error
We should not unref the policy on parsing errors becase the policy
lifetime is attached to the lifetime of the file. When the file
is removed we remove it from the hash table.
Daniel Wagner [Tue, 9 Apr 2013 16:13:11 +0000 (18:13 +0200)]
session_policy_local: Empty policy list indicated no match all
Match all is expressed via CONNMAN_SERVICE_TYPE_UNKNOWN. An empty
list means no match.
Daniel Wagner [Tue, 9 Apr 2013 16:13:10 +0000 (18:13 +0200)]
session_policy_local: Set default policy using common code
Use connman_sessoin_set_default_config() instead of open coded
version.
This prepars the next fix.
Daniel Wagner [Tue, 9 Apr 2013 16:13:09 +0000 (18:13 +0200)]
session: Empty policy list indicated no match all
Match all is expressed via CONNMAN_SERVICE_TYPE_UNKNOWN. An empty
list means no match.
Daniel Wagner [Tue, 9 Apr 2013 16:13:08 +0000 (18:13 +0200)]
session: Do not try to access already removed hash
Make sure we never try to cleanup when the hash table has
been destroyed. In this case all resources have been
freed already.
Daniel Wagner [Tue, 9 Apr 2013 16:13:07 +0000 (18:13 +0200)]
session: Reorder shutdown sequence
By calling __connman_session_cleanup() before __connman_plugin_cleanup()
we make sure all resources allocated can released in the correct order.
The code assumes after an successful allocation, free will always work
and therefore we double free allocated memory.
Grant Erickson [Fri, 12 Apr 2013 19:06:06 +0000 (12:06 -0700)]
wifi: improve fix to avoid device double release on disable
Per MEEGO-25999 <https://bugs.meego.com/show_bug.cgi?id=25999>, there
exists a race between scan_callback and wifi_disable such that a care-
fully-timed deassertion of the technology Powered property between
throw_wifi_scan and scan_callback will lead to a device reference
count underflow. A second Powered property false -> true -> false
transition will then deallocate the device and Wi-Fi will no longer
function until connman or the system is restarted.
This patch improves upon and revises the prior patch to address this
issue by recognizing that hidden networks involve a slightly different
code path and timing and that both this and the prior case can be
addressed by tracking the device scanning state and only releasing the
device when the state is asserted.
Jukka Rissanen [Wed, 10 Apr 2013 07:32:38 +0000 (10:32 +0300)]
tools: Rename dnsproxy-unit to dnsproxy-test
Rename the dnsproxy file as it is more of a test tool than a unit test.
Jukka Rissanen [Wed, 10 Apr 2013 07:32:37 +0000 (10:32 +0300)]
tools: Make message buffers static
Jukka Rissanen [Wed, 10 Apr 2013 08:01:47 +0000 (11:01 +0300)]
service: Set state properly after disconnecting the associating service
This is related to fix
d7d8f8bdb7c1ddae098893e10608fcb42034a9ff
We did not set the state to idle after disconnecting the
associating service.
Fixes BMC#25981
Grant Erickson [Thu, 11 Apr 2013 07:28:11 +0000 (00:28 -0700)]
wifi: avoid device double release on disable
Per MEEGO-25999 <https://bugs.meego.com/show_bug.cgi?id=25999>, there
exists a race between scan_callback and wifi_disable such that a care-
fully-timed deassertion of the technology Powered property between
throw_wifi_scan and scan_callback will lead to a device reference
count underflow. A second Powered property false -> true -> false
transition will then deallocate the device and Wi-Fi will no longer
function until connman or the system is restarted.
This patch addresses that race by tracking and observing the disabling
state such that scan_callback ad wifi_disable can effectively negotiate
which has performed the device release, thereby avoiding the double
release and resulting underflow.
Marcel Holtmann [Tue, 9 Apr 2013 03:59:40 +0000 (20:59 -0700)]
Release 1.13
Marcel Holtmann [Tue, 9 Apr 2013 03:54:08 +0000 (20:54 -0700)]
build: Add dnsproxy-unit to .gitignore
Luiz Augusto von Dentz [Wed, 27 Feb 2013 12:00:23 +0000 (14:00 +0200)]
gdbus: Fix not calling property_changed callback
In case a property did not appear by the time proxy_added was called
property_changed has to be called if it appear latter otherwise the
application will be unaware of it.
Lucas De Marchi [Mon, 8 Apr 2013 20:56:18 +0000 (17:56 -0300)]
gdbus: Use gcc builtin instead of g_atomic
g_atomic_* end up using G_STATIC_ASSERT, causing gcc 4.8 to yell due to
-Wunused-local-typedefs.
gdbus/client.c: In function ‘g_dbus_client_ref’:
/usr/include/glib-2.0/glib/gmacros.h:162:53: error: typedef ‘_GStaticAssertCompileTimeAssertion_2’ locally defined but not used [-Werror=unused-local-typedefs]
#define G_STATIC_ASSERT(expr) typedef char G_PASTE (_GStaticAssertCompileTimeAssertion_, __COUNTER__)[(expr) ? 1 : -1]
Jukka Rissanen [Sun, 7 Apr 2013 14:53:49 +0000 (17:53 +0300)]
vpn: Host IP address was not freed
The host ip address field is only used if user has given vpn
server as a host name instead of host ip address.
Jukka Rissanen [Sun, 7 Apr 2013 14:54:23 +0000 (17:54 +0300)]
vpn: Free ip address before allocating a new one
Possible memory leak here as we might have ip address allocated
already.
Jukka Rissanen [Sun, 7 Apr 2013 14:52:37 +0000 (17:52 +0300)]
dnsproxy: Fix cached message length correctly
We must copy the response buffer before fixing the packet length.
Otherwise the packet length will go wrong if the request contained
EDNS0 data.
Patrik Flykt [Sat, 6 Apr 2013 20:10:18 +0000 (23:10 +0300)]
client: Add --help, -h options
Jukka Rissanen [Fri, 5 Apr 2013 09:33:09 +0000 (12:33 +0300)]
tools: Add unit test for dnsproxy
Jukka Rissanen [Fri, 5 Apr 2013 09:33:08 +0000 (12:33 +0300)]
dnsproxy: Handle partial TCP messages from client
We were not handling client sent partial TCP messages correctly.
This meant that ConnMan would block if the client using TCP would
not send full DNS request.
When a new TCP client connects in tcp_listener_event(), a new
TCP channel is created to handle a partial client message if
all of the message is not already available. The partial TCP
message is patched together in tcp_client_event(). When all of
the TCP message has been received, the message is processed in
read_tcp_data(). The client has to send the DNS request within two
seconds before the connection is closed by ConnMan.
Daniel Wagner [Thu, 4 Apr 2013 15:09:04 +0000 (17:09 +0200)]
service: Drop unused argument in preferred_tech_list_get()
Patrik Flykt [Fri, 5 Apr 2013 09:28:44 +0000 (12:28 +0300)]
client: Fix help text, IPv4 setting uses netmask
Jukka Rissanen [Thu, 4 Apr 2013 11:44:56 +0000 (14:44 +0300)]
dnsproxy: Create cache if it is missing when doing lookup
Jukka Rissanen [Thu, 4 Apr 2013 11:44:55 +0000 (14:44 +0300)]
dnsproxy: Fix memory leak when request timeouts
Jukka Rissanen [Thu, 4 Apr 2013 11:44:54 +0000 (14:44 +0300)]
dnsproxy: Avoid null pointer access
Jukka Rissanen [Thu, 4 Apr 2013 11:44:53 +0000 (14:44 +0300)]
dnsproxy: Do not add or remove ::1 server
Jukka Rissanen [Thu, 4 Apr 2013 11:44:52 +0000 (14:44 +0300)]
dnsproxy: Use ::1 when refreshing because of the address family
Jukka Rissanen [Thu, 4 Apr 2013 11:44:51 +0000 (14:44 +0300)]
dnsproxy: Add or remove ::1 to/from resolv.conf when necessary
We add IPv6 loopback address to resolv.conf if we have created
an IPv6 listening socket to port 53. Also remove ::1 from resolv.conf
when deleting the proxy.
Jukka Rissanen [Thu, 4 Apr 2013 11:44:50 +0000 (14:44 +0300)]
dnsproxy: Listen only on needed addresses
Do not bind to ANY address so that other DNS server applications
can be used on the same host for interfaces that are not managed
by ConnMan. This means that we only create DNS listeners on loopback
and tethering interfaces.
Jukka Rissanen [Thu, 4 Apr 2013 11:44:49 +0000 (14:44 +0300)]
inet: Get an address from a given interface and address family
The returned address is used when we need to have a listening
socket tied to specific interface and address, and do not want to
bind to any address.
Patrik Flykt [Wed, 27 Mar 2013 11:54:09 +0000 (13:54 +0200)]
client: Move boolean parsing helper function to commands file
The helper function is not used elsewhere, thus move it.
Patrik Flykt [Wed, 27 Mar 2013 11:54:08 +0000 (13:54 +0200)]
client: Remove now obsolete functions and files
Remove now obsolete files from services. Remove data_manager, dbus and
technology .h and .c files. Update Makefile.am accordingly.
Patrik Flykt [Wed, 27 Mar 2013 11:54:07 +0000 (13:54 +0200)]
client: Remove now obsolete function
Patrik Flykt [Wed, 27 Mar 2013 11:54:06 +0000 (13:54 +0200)]
client: Use D-Bus helper functions when setting proxy
Append proxy server and exclude information in the callback functions.
Patrik Flykt [Wed, 27 Mar 2013 11:54:05 +0000 (13:54 +0200)]
client: Use helper functions for setting domains, nameservers and timeservers
Patrik Flykt [Wed, 27 Mar 2013 11:54:04 +0000 (13:54 +0200)]
client: Use helper functions for IP, autoconnect and removal
Use D-Bus helper functions for service remove, autoconnect and IP
configuration.
Create a common callback for all configuration properties. Count also
the number of appended items and add it to the current index when done.
Patrik Flykt [Wed, 27 Mar 2013 11:54:03 +0000 (13:54 +0200)]
client: Use D-Bus helper function to implement services command
Fixes BMC#25953 BMC#25974
Patrik Flykt [Wed, 27 Mar 2013 11:54:02 +0000 (13:54 +0200)]
client: Use D-Bus helper functions for Technology enabling/disabling
Patrik Flykt [Wed, 27 Mar 2013 11:54:01 +0000 (13:54 +0200)]
client: Add support functions for setting properties
Add support functions for setting basic, dictionary and array properties.
Patrik Flykt [Wed, 27 Mar 2013 11:54:00 +0000 (13:54 +0200)]
client: Use D-Bus helpers for Technology Scan method call
Patrik Flykt [Wed, 27 Mar 2013 11:53:59 +0000 (13:53 +0200)]
client: Use D-Bus helpers for Technology GetTechnologies method call
Patrik Flykt [Wed, 27 Mar 2013 11:53:58 +0000 (13:53 +0200)]
client: Use D-Bus helper functions for service connect and disconnect
Patrik Flykt [Wed, 27 Mar 2013 11:53:57 +0000 (13:53 +0200)]
client: Use D-Bus helper functions for state method call
Patrik Flykt [Wed, 27 Mar 2013 11:53:56 +0000 (13:53 +0200)]
client: Print out help header if non-interactive
Patrik Flykt [Wed, 27 Mar 2013 11:53:55 +0000 (13:53 +0200)]
client: Add calls to save and redraw input prompt
Patrik Flykt [Wed, 27 Mar 2013 11:53:54 +0000 (13:53 +0200)]
client: Remove now obsolete client/interactive.[hc] files
Patrik Flykt [Wed, 27 Mar 2013 11:53:53 +0000 (13:53 +0200)]
client: Remove readline handling from main.c
Patrik Flykt [Wed, 27 Mar 2013 11:53:52 +0000 (13:53 +0200)]
client: Handle exit and inprogress values
When exiting, return 1, when D-Bus method call is in progress return
-EINPROGRESS. When exiting successfully return 0, when an error is
encountered return the error value.
Patrik Flykt [Wed, 27 Mar 2013 11:53:51 +0000 (13:53 +0200)]
client: Delete the now obsolete monitor.[hc] files
Patrik Flykt [Wed, 27 Mar 2013 11:53:50 +0000 (13:53 +0200)]
client: Reimplement monitor command
Use generic D-Bus printing function to print the signals
Patrik Flykt [Wed, 27 Mar 2013 11:53:49 +0000 (13:53 +0200)]
client: Add input handling
Set up readline command line input handling. Add helper functions to
save and redraw the command line when output needs to be printed to the
screen.
Patrik Flykt [Wed, 27 Mar 2013 11:53:48 +0000 (13:53 +0200)]
client: Add pretty-printing for ServicesChanged signal
Create a set of helper functions for pretty-printing both the added and
the removed services dictionaries in the ServicesChanged signal.
Patrik Flykt [Wed, 27 Mar 2013 11:53:47 +0000 (13:53 +0200)]
client: Add connmanctl D-Bus helper functions
Add helper functions for pretty-printing D-Bus messages and making a
method call.
Jukka Rissanen [Thu, 28 Mar 2013 12:55:09 +0000 (14:55 +0200)]
vpn-provider: Send domain name to connman when connection is ready
Fixes BMC#25994
Jukka Rissanen [Thu, 28 Mar 2013 12:55:08 +0000 (14:55 +0200)]
openvpn: Update domain name if received from OpenVPN server
Jukka Rissanen [Thu, 28 Mar 2013 12:55:07 +0000 (14:55 +0200)]
vpn: Update domain name when received from vpnd
Forest Bond [Fri, 29 Mar 2013 16:23:55 +0000 (12:23 -0400)]
ofono: Add the CDMA network when the device is created
There is a race that causes the network not to be added if we get the
CDMA netreg changed signal before the CDMA connection manager added
signal. In that case the network is not added because the device has
not been created yet. So we fix this by trying to add the network
whenever the device is created.
Forest Bond [Thu, 28 Mar 2013 13:46:29 +0000 (09:46 -0400)]
ofono: Add CDMA network when modem is registered
Connecting the network requires powering the CDMA connection manager,
which fails with an error if network registration is not complete. So
we only add the network when registration is complete and remove it when
the modem is no longer registered.
Jukka Rissanen [Thu, 28 Mar 2013 13:18:06 +0000 (15:18 +0200)]
doc: Removed comments about profiles as they are long gone
Patrik Flykt [Thu, 28 Mar 2013 10:59:03 +0000 (12:59 +0200)]
doc: Ethernet properties 'Speed' and 'Duplex' are not provided
Ethernet properties 'Speed' and 'Duplex' have never been implemented
and are not supported for WiFi. Thus mark them deprecated.
Fixes BMC#25992
Jukka Rissanen [Mon, 25 Mar 2013 14:58:58 +0000 (16:58 +0200)]
vpn-provider: Nameservers were not sent to connmand vpn plugin
We got some nameservers from VPN server but we never sent the
nameserver list to connmand vpn plugin.
Fixes BMC#25966
Jukka Rissanen [Mon, 25 Mar 2013 14:58:57 +0000 (16:58 +0200)]
openvpn: Set the nameservers in correct order
The nameservers that we get from OpenVPN server can be received
in any order. Make sure that we sort them in correct order before
sending them to connmand.
Jukka Rissanen [Mon, 25 Mar 2013 14:58:56 +0000 (16:58 +0200)]
provider: Set nameservers if we receive them from vpnd
If we receive nameservers from vpnd we must set them in provider.
The connman_provider_set_nameservers() function needs changes
because we get the nameservers as an array, it makes no sense to
convert the array to string and then back to array.
Grant Erickson [Mon, 25 Mar 2013 16:20:38 +0000 (09:20 -0700)]
wifi: terminate autoscan stop if autoscan is not active
This terminates the body of stop_autoscan if autoscan is
not active. Per MEEGO-25987 <http://bugs.meego.com/show_bug.cgi?id=25987>,
running stop_autoscan when changing connected services can prematurely and
incorrectly terminate a new, in-flight service connection and result in a
failure of that connection with "net.connman.Error.OperationAborted:
Operation aborted".
When a scan is started, all networks are marked unavailable. Should the check
added in this patch not be present, device scanning is set to false and all
not yet found networks are removed. Thus the service will not be able to
connect if its network wasn't already found.
Jukka Rissanen [Mon, 25 Mar 2013 11:45:25 +0000 (13:45 +0200)]
service: Disconnect the connecting service when needed
If we are trying to connect a service and there is another
service connecting, then we disconnect the pending service
and connect the new one.
Fixes BMC#25981
Jukka Rissanen [Mon, 25 Mar 2013 14:38:44 +0000 (16:38 +0200)]
vpn-provider: Fix uninitialized memory read
The immutable field might be left uninitialized without this.
Yann E. MORIN [Fri, 22 Mar 2013 17:09:03 +0000 (18:09 +0100)]
tethering: Fix build with kernel headers 3.8+
Highly inspired by:
https://git.kernel.org/cgit/linux/kernel/git/shemminger/bridge-utils.git/commit/?id=
5eebb7f9288b7881ffb929b1fd494fe3ac3be27d
As Russel puts it in his commit message for bridge-utils:
Linux 3.8 has a header, include/uapi/linux/if_bridge.h that uses a
struct in6_addr but doesn't define it. The trivial seeming fix of
including the header that does define it causes more problems. The
problem was discussed on mailing lists in January 2013. The final
suggestion I found was here:
http://www.redhat.com/archives/libvir-list/2013-January/msg01253.html
This is intended to implement that suggestion.
This changeset transplants this trivial fix to connman.
Jukka Rissanen [Mon, 25 Mar 2013 10:32:43 +0000 (12:32 +0200)]
service: Send IP config changed signal in disconnect
We did not send the IP config changed signal during disconnect.
This can confuse the dbus signal listeners.
Fixes BMC#25989
Jukka Rissanen [Mon, 25 Mar 2013 10:32:42 +0000 (12:32 +0200)]
service: Only send correct ipconfig changed signal
If we are changing IPv4 config, then send only IPv4 changed signal
and not the IPv6 one. Same is done for IPv6 config when it changes.
Jukka Rissanen [Mon, 25 Mar 2013 09:58:32 +0000 (11:58 +0200)]
config: Allow user to specify how IP address is used
If IPv4 address is missing then DHCPv4 is used. If IPv6 address is missing,
then SLAAC or DHCPv6 is used. This was specified in doc/config-format.txt
but implementation was missing.
We also allow the IP address to contain "off", "dhcp" or "auto" string,
so user can specify how the IP address can be set for the interface.
Fixes BMC#25985
Daniel Wagner [Tue, 19 Mar 2013 12:46:34 +0000 (13:46 +0100)]
iptables-unit: Add firewall API tests
Daniel Wagner [Tue, 19 Mar 2013 12:46:33 +0000 (13:46 +0100)]
firewall: Maintain iptables rules in dedicated ConnMan chains
Instead appending ConnMan iptables rules into the builtin chains
we append them into chains managed by ConnMan.
If a rule needs to be inserted into a bultin chain, ConnMan
will create a 'connman-' prefixed builtin chain name and appends
the user rules there. Then ConnMan will insert a unconditional jump
rule in the builtin chain.
Basically,
iptables -t filter -A INPUT -m mark --mark 1 -j LOG
will be translated to this:
iptables -t filter -N connman-INPUT
iptables -t filter -A connman-INPUT -m mark --mark 1 -j LOG
iptables -t filter -I INPUT -j connman-INPUT
When the last rule in a managed chain is removed, the managed
chain will also be removed.
Daniel Wagner [Tue, 19 Mar 2013 12:46:32 +0000 (13:46 +0100)]
firewall: Add firewall API
The main idea behind this API is to collect several iptables rules
together and enable or disable in one go.
For this a context is created via __connman_firewall_create() and
the rules added to this context via __connman_firewall_add_rule().
In order to append all rules __connman_firewall_enable() has
to be called. To remove all rules associated with one context
__connman_firewall_disable() has to be used.
If something goes awry the code tries to get back to the initial
state.
Daniel Wagner [Tue, 19 Mar 2013 12:46:31 +0000 (13:46 +0100)]
firewall: Flush managed chains
ConnMan maintains its own chain per builtin chain. The managed
chain have a prefix 'connman-' and one rule in the corresponding
builtin chain which jumps uncoditional to the managed chain.
In case ConnMan crashed we need to cleanup first.
Daniel Wagner [Tue, 19 Mar 2013 12:46:30 +0000 (13:46 +0100)]
firewall: Add firewall file
Daniel Wagner [Tue, 19 Mar 2013 12:46:29 +0000 (13:46 +0100)]
iptables: Add chain iterator
We will implement the ConnMan iptables specific part in a different
file and leave the iptables.c file as small as possible.
Therefore, we move the flushing part out, but we need a way to
find our chains on bootup (left over from a crash). Let's add an
interater which walks over all chains which allows a higher level
to find the chains it is looking for (e.g. connman-INPUT)
Daniel Wagner [Tue, 19 Mar 2013 12:46:28 +0000 (13:46 +0100)]
session: Add callback helpers
There is a common pattern when writing a callback function. Let's
add a few helper for this.
It is added to session.h because apart from the core also
the session_policy_local.c will make use of it.
This is shamelessly stolen from oFono.
Daniel Wagner [Tue, 19 Mar 2013 12:46:27 +0000 (13:46 +0100)]
iptables-test: Add insert support
Daniel Wagner [Tue, 19 Mar 2013 12:46:26 +0000 (13:46 +0100)]
iptables: Add __connman_iptables_insert()
This was wrongly removed with commit
161efbae
Daniel Wagner [Tue, 19 Mar 2013 12:46:25 +0000 (13:46 +0100)]
iptables: Prepare rule to be inserted or appended
Add a boolean helper to distinguish between insert and append operations.
When chain_head == chain_tail->prev, the builtin chain is empty which makes
an intended append operation equivalent to an insert operation.
Jukka Rissanen [Fri, 22 Mar 2013 14:15:19 +0000 (16:15 +0200)]
dnsproxy: Make sure we are not accessing null hash
If dnsproxy is not in use, like when connman has been started
with -r option, then the listener_table will be NULL which can
cause crash in hash table lookup call.
Daniel Wagner [Mon, 18 Mar 2013 15:18:12 +0000 (16:18 +0100)]
iptables-unit: Check if rules are inserted/removed
Optionally use iptables-save to check if the rules are installed or
removed on the system instead of relying only on the returned iptables
error code.
Do notice that running tools/iptables-unit will modify and delete existing
iptables firewall rules on your system. Use iptables-unit with caution!
Daniel Wagner [Tue, 19 Mar 2013 12:33:36 +0000 (14:33 +0200)]
build: Run ippool test during make distcheck
test-ippool is a pure unit test can therefore be part of the
distcheck target.
Daniel Wagner [Tue, 19 Mar 2013 12:33:23 +0000 (14:33 +0200)]
test-ippool: Update unit test printouts
Tomasz Bursztyka [Fri, 15 Mar 2013 07:04:19 +0000 (09:04 +0200)]
neard: RequestOOB() method sends empty dictionary
Reported by Ravikumar Veeramally
Daniel Wagner [Tue, 12 Mar 2013 17:16:47 +0000 (18:16 +0100)]
iptables: Allocated memory blocks are already zerod out
entry_head and entry_return are allocated via g_try_malloc0().
Daniel Wagner [Tue, 12 Mar 2013 17:16:46 +0000 (18:16 +0100)]
iptables: Factor out duplicated update hook code
After removing one or more rules the builtin hooks need to be updated
accordingly. iptables_flush_chain() and iptables_delete_rule()
share a common code part.
Daniel Wagner [Tue, 12 Mar 2013 17:16:45 +0000 (18:16 +0100)]
iptables: Fix invalid access to list after removing first rule
The list pointer is invalid after remove_table_entry(). Since
we entering the 'if' body only for the first rule in a builtin
chain we can safely update list to point to the next element.
Daniel Wagner [Tue, 12 Mar 2013 17:16:44 +0000 (18:16 +0100)]
iptables: Rename pre_load_table() to get_table()
The second argument is not used anymore, let's remove it. The funciton
name doesn't really match to its implementation, so it's also time
to rename it.
Daniel Wagner [Tue, 12 Mar 2013 17:16:43 +0000 (18:16 +0100)]
iptables: Improve debug log output
We need to see a bit more in detail what happens when
CONNMAN_IPTABLES_DEBUG is not set, for example the removing/flushing
during bootup.
Also remove the DBG() from parse_rule_spec() because all callers
already have a DBG(). So not much additional information here.
Daniel Wagner [Tue, 12 Mar 2013 17:16:42 +0000 (18:16 +0100)]
iptables: Lookup in table hash before module loading
pre_load_table() is called always with table == NULL, we end up
keep trying to load the kernel modules even though the table
is already loaded. Therefore, move the lookup one level up.
Daniel Wagner [Tue, 12 Mar 2013 17:16:41 +0000 (18:16 +0100)]
iptables: Use glib function for string operations
Streamline this file with the rest of ConnMan's code base.
Daniel Wagner [Tue, 12 Mar 2013 17:16:40 +0000 (18:16 +0100)]
iptables: Drop support for xtables < 1.4.11
The API changed between 1.4.10 (version code 5) and 1.4.11 (version code 6)
and we needed to workaround with a bunch of ugly ifdefs. 1.4.11 was
released on 26.05.2011 and even Debian testing ships 1.4.14 these days.