summary |
shortlog | log |
commit |
commitdiff |
tree
first ⋅ prev ⋅ next
Mateusz Majewski [Thu, 14 Jan 2021 14:08:38 +0000 (15:08 +0100)]
Implement mark matching
Change-Id: Ib947ef47cc684c1a7e9e0aaa985ae0ed7400bf26
Mateusz Majewski [Thu, 24 Dec 2020 10:48:46 +0000 (11:48 +0100)]
Add NFQUEUE target
Change-Id: I07e5aa19230de4736c380a1953bd5ed656ef5197
Mateusz Majewski [Thu, 24 Dec 2020 10:48:29 +0000 (11:48 +0100)]
Add TCP flag matching
Change-Id: Ie085073134b9b7a1d6a4329dee84f37b2e1a243e
Mateusz Majewski [Thu, 24 Dec 2020 10:46:57 +0000 (11:46 +0100)]
Add revision support in __add_target
Change-Id: I7f0c9fa93b783d8de63a633eb6771a11897181d1
Mateusz Majewski [Wed, 13 Jan 2021 13:41:28 +0000 (14:41 +0100)]
Make insert method use the insert function in IPv6
Change-Id: I1c5c6d3f2a591ea844cdef4c050f28c78b88b6c3
Mateusz Majewski [Thu, 24 Dec 2020 10:47:44 +0000 (11:47 +0100)]
Fix mask calculation
The iptc library requires a mask in order to compare entries, which is
done in stc-iptables in order to detect duplicate entries and not insert
them. stc-iptables used to calculate the mask in an invalid way; it
marked the contiguous part of the entry that had the length of some
parts of the entry. In particular, in some cases, some parts which
weren't meant to be marked were marked, and some parts which were meant
to be marked weren't. For instance, the following two entries, which are
clearly different, were erronously determined to be the same, and the
second wasn't inserted:
-A DOZE -m cgroup --cgroup 13 -j NFQUEUE --queue-num 1 --queue-bypass
-A DOZE -m cgroup --cgroup 15 -j NFQUEUE --queue-num 1 --queue-bypass
This commit instead marks the whole entry. While iptables seems to be
using a more elaborate method of mask calculation, doing it the simple
way was correct in my (admittedly limited) tests.
Change-Id: I71d404907d6f6d94e2944ed6194fbf238265e933
Mateusz Majewski [Tue, 12 Jan 2021 14:08:35 +0000 (15:08 +0100)]
Fix handling of no port setting in IPv6
IPv4 implementation contains exact same fix, but somebody forgot to copy
it into IPv6.
Change-Id: I7f21a7273096b96bb0769b6deb9cb351da443178
Mateusz Majewski [Thu, 14 Jan 2021 09:58:08 +0000 (10:58 +0100)]
Fix IPv6 protocol matching
In ip6tables, there is a new requirement that needs to be fullfilled in
order to match on the protocol: we need to enable the IP6T_F_PROTO flag.
Since the requirement wasn't there in IPv4 iptables, it isn't surprising
that IPv6 stc-iptables doesn't set the flag correctly. This commit fixes
this.
Change-Id: I37969a06d463b500c989d2b9a10d4e9ee3b21951
INSUN PYO [Tue, 22 Dec 2020 07:47:51 +0000 (16:47 +0900)]
Call sd_notify(0, "STOPPING=1") when exiting
When well-known name disappears,
systemd sends SIGTERM to the service associated with the well-known name.
To prevent this, call sd_notify(0, "STOPPING=1") before unowing the name.
Journal log
===================================================================================================
sh-3.2# systemctl status stc-iptables.service
● stc-iptables.service - Smart Traffic Control Iptables
Loaded: loaded (/usr/lib/systemd/system/stc-iptables.service; disabled; vendor preset: enabled)
Active: inactive (dead) since Thu 2015-01-01 09:35:58 KST; 6s ago
Process: 367 ExecStart=/usr/bin/stc-iptables (code=killed, signal=TERM)
Main PID: 367 (code=killed, signal=TERM)
Jan 01 09:35:36 localhost systemd[1]: Starting Smart Traffic Control Iptables...
Jan 01 09:35:38 localhost systemd[1]: Started Smart Traffic Control Iptables.
Jan 01 09:35:58 localhost systemd[1]: stc-iptables.service: Succeeded.
===================================================================================================
Change-Id: I43434c79d8b3474917c9d96b6bd6ef0fa7b8571a
hyunuk.tak [Tue, 3 Nov 2020 07:20:11 +0000 (16:20 +0900)]
Modify init value for logging mode
Change-Id: I084a48cb6c72eba20ce771add57218442f5b6bb2
hyunuk.tak [Thu, 22 Oct 2020 02:22:50 +0000 (11:22 +0900)]
Annotate debugging log
Change-Id: I117eb84694850978fa2767a72c8e1ad40c76d49e
Jaehyun Kim [Wed, 24 Jun 2020 06:43:13 +0000 (15:43 +0900)]
Change the service file path for 64bit build
Change-Id: I4146281a3649925c0736f362ea828929331316c4
Signed-off-by: Jaehyun Kim <jeik01.kim@samsung.com>
hyunuk tak [Tue, 16 Jun 2020 23:47:34 +0000 (23:47 +0000)]
Merge "Add to add/remove rule list" into tizen
hyunuk.tak [Thu, 21 May 2020 07:29:38 +0000 (16:29 +0900)]
Add to add/remove rule list
Change-Id: I2a2aa9339215d95d84fda7086355f274e7e1f978
Signed-off-by: hyunuk.tak <hyunuk.tak@samsung.com>
sanghyeok.oh [Tue, 21 Apr 2020 12:59:18 +0000 (21:59 +0900)]
[fix] Rename dbus auto-activation service file
Naming rule for dbus auto-activation service file : well-known name + ".service"
https://bugs.freedesktop.org/show_bug.cgi?id=99874
Change-Id: Ibf176a444efae32a1c00330c76c73e94629c2906
Nishant Chaprana [Wed, 20 May 2020 04:40:02 +0000 (10:10 +0530)]
Use thread safe localtime_r() instead of localtime()
Change-Id: I21375288846a67bdb6db1d128ca2373a89269615
Signed-off-by: Nishant Chaprana <n.chaprana@samsung.com>
hyunuk.tak [Mon, 27 Apr 2020 08:39:09 +0000 (17:39 +0900)]
Enable logging by default
Change-Id: Iedcdd47d199514ee3aa3c84147aa96ed38a52298
Signed-off-by: hyunuk.tak <hyunuk.tak@samsung.com>
hyunuk.tak [Fri, 24 Apr 2020 08:29:30 +0000 (17:29 +0900)]
Add requires for security-config
Change-Id: Ia5812b42eed4644dec60fef9b68d6046ca4f0fc4
Signed-off-by: hyunuk.tak <hyunuk.tak@samsung.com>
hyunuk.tak [Wed, 19 Feb 2020 07:24:28 +0000 (16:24 +0900)]
Free memory for menu
Change-Id: I89c5b87c4d0f915d3bde9e7c9c89817705eeca97
Signed-off-by: hyunuk.tak <hyunuk.tak@samsung.com>
INSUN PYO [Wed, 7 Aug 2019 03:20:55 +0000 (12:20 +0900)]
Remove duplicate dependency with implicit dependencies at "Type=dbus"
Refs: https://www.freedesktop.org/software/systemd/man/systemd.service.html
- Services with Type=dbus set automatically acquire dependencies of type Requires= and After= on dbus.socket.
Change-Id: I011e11ca3809b1580696d5906c6fc5ccaea718ee
Jaehyun Kim [Fri, 26 Jul 2019 06:02:37 +0000 (06:02 +0000)]
Merge "Delete meaningless configuration" into tizen
Jaehyun Kim [Fri, 26 Jul 2019 06:01:10 +0000 (06:01 +0000)]
Merge "Add Gtests for iprange extention" into tizen
INSUN PYO [Mon, 8 Jul 2019 11:09:03 +0000 (20:09 +0900)]
Delete meaningless configuration
Change-Id: Id4a549a3b022ef8d75961e45147b9f8cc85bab8e
hyunuktak [Tue, 19 Mar 2019 07:19:29 +0000 (16:19 +0900)]
Change to operate in on-demand mode
Change-Id: I4005e4e7c98d234413659dfbebd8ab6077e7d296
Signed-off-by: hyunuktak <hyunuk.tak@samsung.com>
Milind Murhekar [Fri, 14 Sep 2018 12:50:09 +0000 (18:20 +0530)]
Add Gtests for iprange extention
This patch adds the Global testcases to
to test iprange extention of stc-iptables.
Change-Id: Idecbb0dbec9ca30f63acacea93c91c3822adb2dc
Signed-off-by: Milind Murhekar <m.murhekar@samsung.com>
hyunuktak [Wed, 5 Sep 2018 08:24:53 +0000 (17:24 +0900)]
Add config and check log mode with inotify
Change-Id: Ie3d856c5c1ff6870b9d73fb6533b07f218cb7914
hyunuktak [Wed, 5 Sep 2018 04:30:23 +0000 (13:30 +0900)]
Removed fsync
Change-Id: Ic40d8d2d0d823b385264c62faf237302fd779aab
Signed-off-by: hyunuktak <hyunuk.tak@samsung.com>
hyunuktak [Fri, 31 Aug 2018 01:33:02 +0000 (10:33 +0900)]
Fix module circular dependency
Change-Id: I3adf1aa62e2ad88a415766e3913843d20ec18b8a
Signed-off-by: hyunuktak <hyunuk.tak@samsung.com>
hyunuktak [Thu, 30 Aug 2018 05:55:48 +0000 (14:55 +0900)]
Fixed build warning for mismatch
Change-Id: Iddb5257b1619c4725a427d40028c1f3c5acb3ed3
Signed-off-by: hyunuktak <hyunuk.tak@samsung.com>
hyunuktak [Thu, 30 Aug 2018 05:02:06 +0000 (14:02 +0900)]
Fixed memory leak for gvariant
Change-Id: Ie8d798d00044862237da5d79d9f4b627dc7a934c
Signed-off-by: hyunuktak <hyunuk.tak@samsung.com>
Jaehyun Kim [Tue, 28 Aug 2018 06:25:52 +0000 (06:25 +0000)]
Merge "Change owner and group of /etc/dbus-1/system.d/stc-iptables.conf" into tizen
Jaehyun Kim [Tue, 28 Aug 2018 06:24:31 +0000 (06:24 +0000)]
Merge "Removed redundant NULL check" into tizen
Jaehyun Kim [Tue, 28 Aug 2018 06:03:48 +0000 (06:03 +0000)]
Merge "Add to insert rule function" into tizen
INSUN PYO [Tue, 28 Aug 2018 05:44:37 +0000 (14:44 +0900)]
Change owner and group of /etc/dbus-1/system.d/stc-iptables.conf
Signed-off-by: INSUN PYO <insun.pyo@samsung.com>
Change-Id: I05531cb6edc463dcb29d6b34ca1e2b6f92001cdd
hyunuktak [Thu, 23 Aug 2018 05:45:44 +0000 (14:45 +0900)]
Add to insert rule function
Change-Id: I933ca377bb7750df1b77d02381e780edb85c76de
Signed-off-by: hyunuktak <hyunuk.tak@samsung.com>
hyunuktak [Wed, 22 Aug 2018 09:25:16 +0000 (18:25 +0900)]
Removed flag for TIZEN_DEBUG_ENABLE
Change-Id: I6ea69ca3584dfabb93c0380385f31189a574ea06
Signed-off-by: hyunuktak <hyunuk.tak@samsung.com>
Nishant Chaprana [Thu, 2 Aug 2018 07:20:29 +0000 (12:50 +0530)]
Removed redundant NULL check
Change-Id: I014223000cf92801856d46a00c15f2b8d306bd9f
Signed-off-by: Nishant Chaprana <n.chaprana@samsung.com>
hyunuktak [Fri, 27 Jul 2018 05:59:16 +0000 (14:59 +0900)]
Added revision while adding entry match
Change-Id: Ifac57182e3c61c3fed7798953bc4587cc4ba3617
Signed-off-by: hyunuktak <hyunuk.tak@samsung.com>
hyunuktak [Wed, 18 Jul 2018 08:16:33 +0000 (17:16 +0900)]
Added log and nflog for firewall
Change-Id: I0b0140777c31249c5dd75459a63a096674498c00
Signed-off-by: hyunuktak <hyunuk.tak@samsung.com>
hyunuktak [Thu, 7 Jun 2018 02:06:15 +0000 (11:06 +0900)]
Modify license name in spec file
Change-Id: I4f99e69fedfc01867ae7e69cabdd7f1b22e5df18
Signed-off-by: hyunuktak <hyunuk.tak@samsung.com>
hyunuktak [Fri, 4 May 2018 05:09:30 +0000 (14:09 +0900)]
Modify stc_ipt_test logic for ip and port
Change-Id: I98e7ddabf5674c9184af17770bfb985cb2c4ef1c
Signed-off-by: hyunuktak <hyunuk.tak@samsung.com>
Jaehyun Kim [Thu, 19 Apr 2018 05:47:55 +0000 (05:47 +0000)]
Merge "Fixed a coverity issue for copy-paste error" into tizen
hyunuktak [Thu, 19 Apr 2018 02:29:30 +0000 (11:29 +0900)]
Fixed a coverity issue for copy-paste error
Change-Id: Id7cd33559fa11420425f55f5502289a559dfd47c
Signed-off-by: hyunuktak <hyunuk.tak@samsung.com>
hyunuktak [Wed, 18 Apr 2018 05:41:06 +0000 (14:41 +0900)]
Fixed build warning for ignoring return value
Change-Id: I449b9e501ac7cc8b8d2a7876be75a442f5d69bcc
Signed-off-by: hyunuktak <hyunuk.tak@samsung.com>
hyunuktak [Wed, 18 Apr 2018 05:37:10 +0000 (14:37 +0900)]
Fixed dbus/cynara policy
Change-Id: I1d7b3ada82cff09149317ce9902d873b8a63e239
Signed-off-by: hyunuktak <hyunuk.tak@samsung.com>
hyunuktak [Tue, 17 Apr 2018 04:39:22 +0000 (13:39 +0900)]
Notify licenses to spec file
Change-Id: I1eab07695455e41eb979fa77df175b66348b9e96
Signed-off-by: hyunuktak <hyunuk.tak@samsung.com>
hyunuktak [Tue, 17 Apr 2018 01:02:23 +0000 (10:02 +0900)]
Migrate root daemon to non-root
Change-Id: I3e3e6169c7f1020dff572682ac261a065f44f862
Signed-off-by: hyunuktak <hyunuk.tak@samsung.com>
taesub kim [Mon, 16 Apr 2018 08:58:20 +0000 (08:58 +0000)]
Merge "Added firewall features" into tizen
taesub kim [Mon, 2 Apr 2018 08:59:02 +0000 (17:59 +0900)]
Added dbus/cynara policy
Change-Id: Idd95731b034721fadf851b085f8d0c95a45b8f4d
Signed-off-by: Taesub Kim <taesub.kim@samsung.com>
hyunuktak [Mon, 26 Feb 2018 04:34:38 +0000 (13:34 +0900)]
Added firewall features
It's supported some rules using iptables and extension.
Specific IP(and IP range), Protocol, Port.
Change-Id: If4a79d86e771bac586de7fad02a4f27d5a1284cd
Signed-off-by: hyunuktak <hyunuk.tak@samsung.com>
hyunuktak [Thu, 8 Feb 2018 05:19:41 +0000 (14:19 +0900)]
Modified return error to right value
Change-Id: I99d2cbef1632e7b5ae3bf4fec4bc17e71dce6df6
Signed-off-by: hyunuktak <hyunuk.tak@samsung.com>
hyunuktak [Mon, 5 Feb 2018 05:11:06 +0000 (14:11 +0900)]
Fixed some svace issues
WGID : 304870, 304871, 304872, 304873,
304882, 304888, 304889, 304936,304939, 304940
Change-Id: I0be8a2756b7387925543aacc43a71b9226eb4f72
Signed-off-by: hyunuktak <hyunuk.tak@samsung.com>
hyunuktak [Wed, 24 Jan 2018 00:53:30 +0000 (09:53 +0900)]
Add initial source codes for gtest
Change-Id: Ic71f106ab0e96bf52cf45f40ded9f2faf0147a95
Signed-off-by: hyunuktak <hyunuk.tak@samsung.com>
hyunuktak [Fri, 15 Dec 2017 08:31:43 +0000 (17:31 +0900)]
Updated correct return error and target name
Change-Id: I562edf8699c41b1c83d14997a84fb7d5524375fb
Signed-off-by: hyunuktak <hyunuk.tak@samsung.com>
hyunuktak [Fri, 15 Dec 2017 07:48:20 +0000 (16:48 +0900)]
Removed "RETURN" target name
Change-Id: Ia3a5ab904042cc654cdc406445398b715943ea97
Signed-off-by: hyunuktak <hyunuk.tak@samsung.com>
hyunuktak [Thu, 14 Dec 2017 01:03:35 +0000 (10:03 +0900)]
Added fluch chain for test
Change-Id: I10eaf996c70dc90264d55da6fc2e74107e10c709
Signed-off-by: hyunuktak <hyunuk.tak@samsung.com>
hyunuktak [Wed, 13 Dec 2017 09:48:19 +0000 (18:48 +0900)]
Replaced to single rule from rule list
Change-Id: Ie71dedbfd421149cdb3d9ee27f18b8f986ada7cc
Signed-off-by: hyunuktak <hyunuk.tak@samsung.com>
Nishant Chaprana [Fri, 8 Dec 2017 10:21:51 +0000 (15:51 +0530)]
Allow creation of rule when no interface information present
Change-Id: Ia5f136da4eb2a9503dd4e7eea914a094027a3d8e
Signed-off-by: Nishant Chaprana <n.chaprana@samsung.com>
Nishant Chaprana [Fri, 8 Dec 2017 08:57:24 +0000 (14:27 +0530)]
Updated __create_entry_data() logic to create rule when nfacct and cgroup details are not present.
Change-Id: I05779d4fb7612abb06178df6f67b3c7fc02f6287
Signed-off-by: Nishant Chaprana <n.chaprana@samsung.com>
Nishant Chaprana [Fri, 8 Dec 2017 08:55:30 +0000 (14:25 +0530)]
Corrected comments in helper-ip6tables.h
Change-Id: Ib6c7d6d86f395c3fb8fd5abbbcbcc3acb000fa10
Signed-off-by: Nishant Chaprana <n.chaprana@samsung.com>
Nishant Chaprana [Fri, 8 Dec 2017 08:49:36 +0000 (14:19 +0530)]
Added dbus methods to flush existing chains.
Below methods are added on dbus interface.
i) IptFlushChain
ii) Ip6tFlushChain
Change-Id: I29361263c8d1badb8785524b6b55ba4c5c28f4a7
Signed-off-by: Nishant Chaprana <n.chaprana@samsung.com>
Nishant Chaprana [Fri, 8 Dec 2017 08:44:15 +0000 (14:14 +0530)]
Using correct signal name while registering method handle_ip6tables_remove_chain().
Change-Id: I35acd8246017b72cb1378233691a1b4184bde356
Signed-off-by: Nishant Chaprana <n.chaprana@samsung.com>
Nishant Chaprana [Thu, 7 Dec 2017 12:53:27 +0000 (18:23 +0530)]
Accepting only single rule entry instead of list
Change-Id: Ibce3d4db3d0dd9d240effe3c08a4830db43f6f2b
Signed-off-by: Nishant Chaprana <n.chaprana@samsung.com>
Jaehyun Kim [Thu, 7 Dec 2017 05:59:55 +0000 (14:59 +0900)]
Initialize smart traffic control iptables package
Change-Id: I675ed04338b2d59000dbb71b432cc1a02a2f6386
Signed-off-by: Jaehyun Kim <jeik01.kim@samsung.com>
Tizen Infrastructure [Wed, 6 Dec 2017 10:19:06 +0000 (10:19 +0000)]
Initial empty repository
projects / platform / core / connectivity / stc-iptables.git / log