From ccc68744ede3f8eeca6d438b335b9c525b2de6d2 Mon Sep 17 00:00:00 2001 From: hyunuktak Date: Wed, 18 Jul 2018 17:14:28 +0900 Subject: [PATCH 01/16] Added log and nflog rule for firewall Change-Id: I7361422a530040610eb45328073ebc75f906cfe1 Signed-off-by: hyunuktak --- data/firewall_db.sql | 6 + include/stc-manager.h | 5 +- packaging/stc-manager.spec | 2 +- src/database/tables/table-firewall.c | 56 ++++-- src/helper/helper-firewall.c | 198 +++++++++++--------- src/helper/helper-firewall.h | 35 ++++ src/stc-firewall.c | 342 +++++++++++++++++++++++++---------- 7 files changed, 446 insertions(+), 198 deletions(-) mode change 100644 => 100755 src/helper/helper-firewall.c mode change 100644 => 100755 src/helper/helper-firewall.h diff --git a/data/firewall_db.sql b/data/firewall_db.sql index 9a0bfdb..a985623 100644 --- a/data/firewall_db.sql +++ b/data/firewall_db.sql @@ -29,6 +29,12 @@ CREATE TABLE IF NOT EXISTS fw_rules ( d_port2 INT, ifname TEXT NOT NULL, target INT, + log_level INT, + log_prefix TEXT NOT NULL, + nflog_group INT, + nflog_prefix TEXT NOT NULL, + nflog_range INT, + nflog_threshold INT, identifier TEXT NOT NULL ); diff --git a/include/stc-manager.h b/include/stc-manager.h index 14d5cc6..898e7ae 100644 --- a/include/stc-manager.h +++ b/include/stc-manager.h @@ -94,7 +94,8 @@ typedef enum { typedef enum { STC_FW_CHAIN_TARGET_NONE, STC_FW_CHAIN_TARGET_INPUT, - STC_FW_CHAIN_TARGET_OUTPUT + STC_FW_CHAIN_TARGET_OUTPUT, + STC_FW_CHAIN_TARGET_MAX } stc_fw_chain_target_e; typedef enum { @@ -102,6 +103,8 @@ typedef enum { STC_FW_RULE_TARGET_ACCEPT, STC_FW_RULE_TARGET_DROP, STC_FW_RULE_TARGET_LOG, + STC_FW_RULE_TARGET_NFLOG, + STC_FW_RULE_TARGET_MAX } stc_fw_rule_target_e; /** diff --git a/packaging/stc-manager.spec b/packaging/stc-manager.spec index 6b837c0..b379e73 100644 --- a/packaging/stc-manager.spec +++ b/packaging/stc-manager.spec @@ -1,6 +1,6 @@ Name: stc-manager Summary: STC(Smart Traffic Control) manager -Version: 0.0.71 +Version: 0.0.72 Release: 0 Group: Network & Connectivity/Other License: Apache-2.0 diff --git a/src/database/tables/table-firewall.c b/src/database/tables/table-firewall.c index d74acfc..3eac6cf 100755 --- a/src/database/tables/table-firewall.c +++ b/src/database/tables/table-firewall.c @@ -46,13 +46,19 @@ #define SELECT_FIREWALL_RULE "SELECT key, " \ "chain, direction, s_ip_type, d_ip_type, s_port_type, " \ "d_port_type, protocol, family, s_ip1, s_ip2, d_ip1, d_ip2, " \ - "s_port1, s_port2, d_port1, d_port2, ifname, target, identifier " \ + "s_port1, s_port2, d_port1, d_port2, ifname, target, " \ + "log_level, log_prefix, " \ + "nflog_group, nflog_prefix, nflog_range, nflog_threshold, " \ + "identifier " \ "FROM fw_rules" #define SELECT_FIREWALL_RULE_PER_CHAIN "SELECT key, " \ "chain, direction, s_ip_type, d_ip_type, s_port_type, " \ "d_port_type, protocol, family, s_ip1, s_ip2, d_ip1, d_ip2, " \ - "s_port1, s_port2, d_port1, d_port2, ifname, target, identifier " \ + "s_port1, s_port2, d_port1, d_port2, ifname, target, " \ + "log_level, log_prefix, " \ + "nflog_group, nflog_prefix, nflog_range, nflog_threshold, " \ + "identifier " \ "FROM fw_rules INDEXED BY rules_index " \ "WHERE chain = ?" @@ -68,8 +74,10 @@ "SET chain = ?, direction = ?, s_ip_type = ?, d_ip_type = ?, " \ "s_port_type = ?, d_port_type = ?, protocol = ?, family = ?, " \ "s_ip1 = ?, s_ip2 = ?, d_ip1 = ?, d_ip2 = ?, s_port1 = ?, " \ - "s_port2 = ?, d_port1 = ?, d_port2 = ?, ifname = ?, " \ - "target = ?, identifier = ?, key = ? " \ + "s_port2 = ?, d_port1 = ?, d_port2 = ?, ifname = ?, target = ?, " \ + "log_level = ?, log_prefix = ?, " \ + "nflog_group = ?, nflog_prefix = ?, nflog_range = ?, nflog_threshold = ?, " \ + "identifier = ?, key = ? " \ "WHERE key = ?" /* INSERT statement */ @@ -83,8 +91,12 @@ #define INSERT_FIREWALL_RULE "INSERT INTO fw_rules " \ "(key, chain, direction, s_ip_type, d_ip_type, s_port_type, " \ "d_port_type, protocol, family, s_ip1, s_ip2, d_ip1, d_ip2, " \ - "s_port1, s_port2, d_port1, d_port2, ifname, target, identifier) " \ - "VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)" + "s_port1, s_port2, d_port1, d_port2, ifname, target, " \ + "log_level, log_prefix, " \ + "nflog_group, nflog_prefix, nflog_range, nflog_threshold, " \ + "identifier) " \ + "VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, " \ + "?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)" static void __finalize_delete(void); @@ -601,7 +613,15 @@ stc_error_e table_firewall_insert_rule(firewall_rule_s *info) DB_ACTION(sqlite3_bind_text(stmt, 18, info->ifname ? info->ifname : "", -1, SQLITE_TRANSIENT)); DB_ACTION(sqlite3_bind_int(stmt, 19, info->target)); - DB_ACTION(sqlite3_bind_text(stmt, 20, info->identifier ? info->identifier : "", + DB_ACTION(sqlite3_bind_int(stmt, 20, info->log_level)); + DB_ACTION(sqlite3_bind_text(stmt, 21, info->log_prefix ? info->log_prefix : "", + -1, SQLITE_TRANSIENT)); + DB_ACTION(sqlite3_bind_int(stmt, 22, info->nflog_group)); + DB_ACTION(sqlite3_bind_text(stmt, 23, info->nflog_prefix ? info->nflog_prefix : "", + -1, SQLITE_TRANSIENT)); + DB_ACTION(sqlite3_bind_int(stmt, 24, info->nflog_range)); + DB_ACTION(sqlite3_bind_int(stmt, 25, info->nflog_threshold)); + DB_ACTION(sqlite3_bind_text(stmt, 26, info->identifier ? info->identifier : "", -1, SQLITE_TRANSIENT)); if (sqlite3_step(stmt) != SQLITE_DONE) { @@ -718,10 +738,18 @@ stc_error_e table_firewall_update_rule(firewall_rule_s *info, guint key) DB_ACTION(sqlite3_bind_text(stmt, 17, info->ifname ? info->ifname : "", -1, SQLITE_TRANSIENT)); DB_ACTION(sqlite3_bind_int(stmt, 18, info->target)); - DB_ACTION(sqlite3_bind_text(stmt, 19, info->identifier ? info->identifier : "", + DB_ACTION(sqlite3_bind_int(stmt, 19, info->log_level)); + DB_ACTION(sqlite3_bind_text(stmt, 20, info->log_prefix ? info->log_prefix : "", + -1, SQLITE_TRANSIENT)); + DB_ACTION(sqlite3_bind_int(stmt, 21, info->nflog_group)); + DB_ACTION(sqlite3_bind_text(stmt, 22, info->nflog_prefix ? info->nflog_prefix : "", + -1, SQLITE_TRANSIENT)); + DB_ACTION(sqlite3_bind_int(stmt, 23, info->nflog_range)); + DB_ACTION(sqlite3_bind_int(stmt, 24, info->nflog_threshold)); + DB_ACTION(sqlite3_bind_text(stmt, 25, info->identifier ? info->identifier : "", -1, SQLITE_TRANSIENT)); - DB_ACTION(sqlite3_bind_int64(stmt, 20, info->key)); - DB_ACTION(sqlite3_bind_int64(stmt, 21, key)); + DB_ACTION(sqlite3_bind_int64(stmt, 26, info->key)); + DB_ACTION(sqlite3_bind_int64(stmt, 27, key)); if (sqlite3_step(stmt) != SQLITE_DONE) { STC_LOGE("Failed to update firewall rule %s\n", @@ -793,7 +821,13 @@ stc_error_e table_firewall_foreach_rule(firewall_rule_cb info_cb, info.d_port2 = sqlite3_column_int(stmt, 16); info.ifname = (char *)sqlite3_column_text(stmt, 17); info.target = sqlite3_column_int(stmt, 18); - info.identifier = (char *)sqlite3_column_text(stmt, 19); + info.log_level = sqlite3_column_int(stmt, 19); + info.log_prefix = (char *)sqlite3_column_text(stmt, 20); + info.nflog_group = sqlite3_column_int(stmt, 21); + info.nflog_prefix = (char *)sqlite3_column_text(stmt, 22); + info.nflog_range = sqlite3_column_int(stmt, 23); + info.nflog_threshold = sqlite3_column_int(stmt, 24); + info.identifier = (char *)sqlite3_column_text(stmt, 25); if (info_cb(&info, user_data) == STC_CANCEL) rc = SQLITE_DONE; diff --git a/src/helper/helper-firewall.c b/src/helper/helper-firewall.c old mode 100644 new mode 100755 index 1df9621..14dff41 --- a/src/helper/helper-firewall.c +++ b/src/helper/helper-firewall.c @@ -37,26 +37,6 @@ #define BUF_SIZE_FOR_IP 64 -#define RULE_CHAIN "chain" -#define RULE_DIRECTION "direction" -#define RULE_IFNAME "ifname" -#define RULE_PROTOCOL "protocol" -#define RULE_TARGET "target" - -#define RULE_FAMILY "family" -#define RULE_SIPTYPE "s_ip_type" -#define RULE_SIP1 "s_ip1" -#define RULE_SIP2 "s_ip2" -#define RULE_DIPTYPE "d_ip_type" -#define RULE_DIP1 "d_ip1" -#define RULE_DIP2 "d_ip2" -#define RULE_SPORTTYPE "s_port_type" -#define RULE_SPORT1 "s_port1" -#define RULE_SPORT2 "s_port2" -#define RULE_DPORTTYPE "d_port_type" -#define RULE_DPORT1 "d_port1" -#define RULE_DPORT2 "d_port2" - static void __fw_add_rule_info_to_builder(GVariantBuilder *builder, firewall_rule_s *rule) { @@ -92,95 +72,141 @@ static void __fw_add_rule_info_to_builder(GVariantBuilder *builder, switch (rule->family) { case STC_FW_FAMILY_V4: - if (rule->s_ip1.Ipv4.s_addr) - g_variant_builder_add(builder, "{sv}", RULE_SIP1, - g_variant_new_uint32(rule->s_ip1.Ipv4.s_addr)); + if (rule->s_ip_type != STC_FW_IP_NONE) { + if (rule->s_ip1.Ipv4.s_addr) + g_variant_builder_add(builder, "{sv}", RULE_SIP1, + g_variant_new_uint32(rule->s_ip1.Ipv4.s_addr)); - if (rule->s_ip2.Ipv4.s_addr) - g_variant_builder_add(builder, "{sv}", RULE_SIP2, - g_variant_new_uint32(rule->s_ip2.Ipv4.s_addr)); + if (rule->s_ip2.Ipv4.s_addr) + g_variant_builder_add(builder, "{sv}", RULE_SIP2, + g_variant_new_uint32(rule->s_ip2.Ipv4.s_addr)); + } - if (rule->d_ip1.Ipv4.s_addr) - g_variant_builder_add(builder, "{sv}", RULE_DIP1, - g_variant_new_uint32(rule->d_ip1.Ipv4.s_addr)); + if (rule->d_ip_type != STC_FW_IP_NONE) { + if (rule->d_ip1.Ipv4.s_addr) + g_variant_builder_add(builder, "{sv}", RULE_DIP1, + g_variant_new_uint32(rule->d_ip1.Ipv4.s_addr)); - if (rule->d_ip2.Ipv4.s_addr) - g_variant_builder_add(builder, "{sv}", RULE_DIP2, - g_variant_new_uint32(rule->d_ip2.Ipv4.s_addr)); + if (rule->d_ip2.Ipv4.s_addr) + g_variant_builder_add(builder, "{sv}", RULE_DIP2, + g_variant_new_uint32(rule->d_ip2.Ipv4.s_addr)); + } break; case STC_FW_FAMILY_V6: { char buf[BUF_SIZE_FOR_IP]; - if (rule->s_ip1.Ipv6.s6_addr32[0] || rule->s_ip1.Ipv6.s6_addr32[1] || - rule->s_ip1.Ipv6.s6_addr32[2] || rule->s_ip1.Ipv6.s6_addr32[3]) { - memset(buf, 0, sizeof(buf)); - snprintf(buf, sizeof(buf), "%08x:%08x:%08x:%08x", - rule->s_ip1.Ipv6.s6_addr32[0], rule->s_ip1.Ipv6.s6_addr32[1], - rule->s_ip1.Ipv6.s6_addr32[2], rule->s_ip1.Ipv6.s6_addr32[3]); - g_variant_builder_add(builder, "{sv}", RULE_SIP1, - g_variant_new_string(buf)); + if (rule->s_ip_type != STC_FW_IP_NONE) { + if (rule->s_ip1.Ipv6.s6_addr32[0] || rule->s_ip1.Ipv6.s6_addr32[1] || + rule->s_ip1.Ipv6.s6_addr32[2] || rule->s_ip1.Ipv6.s6_addr32[3]) { + memset(buf, 0, sizeof(buf)); + snprintf(buf, sizeof(buf), "%08x:%08x:%08x:%08x", + rule->s_ip1.Ipv6.s6_addr32[0], rule->s_ip1.Ipv6.s6_addr32[1], + rule->s_ip1.Ipv6.s6_addr32[2], rule->s_ip1.Ipv6.s6_addr32[3]); + g_variant_builder_add(builder, "{sv}", RULE_SIP1, + g_variant_new_string(buf)); + } + + if (rule->s_ip2.Ipv6.s6_addr32[0] || rule->s_ip2.Ipv6.s6_addr32[1] || + rule->s_ip2.Ipv6.s6_addr32[2] || rule->s_ip2.Ipv6.s6_addr32[3]) { + memset(buf, 0, sizeof(buf)); + snprintf(buf, sizeof(buf), "%08x:%08x:%08x:%08x", + rule->s_ip2.Ipv6.s6_addr32[0], rule->s_ip2.Ipv6.s6_addr32[1], + rule->s_ip2.Ipv6.s6_addr32[2], rule->s_ip2.Ipv6.s6_addr32[3]); + g_variant_builder_add(builder, "{sv}", RULE_SIP2, + g_variant_new_string(buf)); + } } - if (rule->s_ip2.Ipv6.s6_addr32[0] || rule->s_ip2.Ipv6.s6_addr32[1] || - rule->s_ip2.Ipv6.s6_addr32[2] || rule->s_ip2.Ipv6.s6_addr32[3]) { - memset(buf, 0, sizeof(buf)); - snprintf(buf, sizeof(buf), "%08x:%08x:%08x:%08x", - rule->s_ip2.Ipv6.s6_addr32[0], rule->s_ip2.Ipv6.s6_addr32[1], - rule->s_ip2.Ipv6.s6_addr32[2], rule->s_ip2.Ipv6.s6_addr32[3]); - g_variant_builder_add(builder, "{sv}", RULE_SIP2, - g_variant_new_string(buf)); + if (rule->d_ip_type != STC_FW_IP_NONE) { + if (rule->d_ip1.Ipv6.s6_addr32[0] || rule->d_ip1.Ipv6.s6_addr32[1] || + rule->d_ip1.Ipv6.s6_addr32[2] || rule->d_ip1.Ipv6.s6_addr32[3]) { + memset(buf, 0, sizeof(buf)); + snprintf(buf, sizeof(buf), "%08x:%08x:%08x:%08x", + rule->d_ip1.Ipv6.s6_addr32[0], rule->d_ip1.Ipv6.s6_addr32[1], + rule->d_ip1.Ipv6.s6_addr32[2], rule->d_ip1.Ipv6.s6_addr32[3]); + g_variant_builder_add(builder, "{sv}", RULE_DIP1, + g_variant_new_string(buf)); + } + + if (rule->d_ip2.Ipv6.s6_addr32[0] || rule->d_ip2.Ipv6.s6_addr32[1] || + rule->d_ip2.Ipv6.s6_addr32[2] || rule->d_ip2.Ipv6.s6_addr32[3]) { + memset(buf, 0, sizeof(buf)); + snprintf(buf, sizeof(buf), "%08x:%08x:%08x:%08x", + rule->d_ip2.Ipv6.s6_addr32[0], rule->d_ip2.Ipv6.s6_addr32[1], + rule->d_ip2.Ipv6.s6_addr32[2], rule->d_ip2.Ipv6.s6_addr32[3]); + g_variant_builder_add(builder, "{sv}", RULE_DIP2, + g_variant_new_string(buf)); + } } - if (rule->d_ip1.Ipv6.s6_addr32[0] || rule->d_ip1.Ipv6.s6_addr32[1] || - rule->d_ip1.Ipv6.s6_addr32[2] || rule->d_ip1.Ipv6.s6_addr32[3]) { - memset(buf, 0, sizeof(buf)); - snprintf(buf, sizeof(buf), "%08x:%08x:%08x:%08x", - rule->d_ip1.Ipv6.s6_addr32[0], rule->d_ip1.Ipv6.s6_addr32[1], - rule->d_ip1.Ipv6.s6_addr32[2], rule->d_ip1.Ipv6.s6_addr32[3]); - g_variant_builder_add(builder, "{sv}", RULE_DIP1, - g_variant_new_string(buf)); - } - - if (rule->d_ip2.Ipv6.s6_addr32[0] || rule->d_ip2.Ipv6.s6_addr32[1] || - rule->d_ip2.Ipv6.s6_addr32[2] || rule->d_ip2.Ipv6.s6_addr32[3]) { - memset(buf, 0, sizeof(buf)); - snprintf(buf, sizeof(buf), "%08x:%08x:%08x:%08x", - rule->d_ip2.Ipv6.s6_addr32[0], rule->d_ip2.Ipv6.s6_addr32[1], - rule->d_ip2.Ipv6.s6_addr32[2], rule->d_ip2.Ipv6.s6_addr32[3]); - g_variant_builder_add(builder, "{sv}", RULE_DIP2, - g_variant_new_string(buf)); - } } break; default: break; } - if (rule->s_port1) - g_variant_builder_add(builder, "{sv}", RULE_SPORT1, - g_variant_new_uint32(rule->s_port1)); + if (rule->s_port_type != STC_FW_PORT_NONE) { + if (rule->s_port1) + g_variant_builder_add(builder, "{sv}", RULE_SPORT1, + g_variant_new_uint32(rule->s_port1)); - if (rule->s_port2) - g_variant_builder_add(builder, "{sv}", RULE_SPORT2, - g_variant_new_uint32(rule->s_port2)); + if (rule->s_port2) + g_variant_builder_add(builder, "{sv}", RULE_SPORT2, + g_variant_new_uint32(rule->s_port2)); + } - if (rule->d_port1) - g_variant_builder_add(builder, "{sv}", RULE_DPORT1, - g_variant_new_uint32(rule->d_port1)); + if (rule->s_port_type != STC_FW_PORT_NONE) { + if (rule->d_port1) + g_variant_builder_add(builder, "{sv}", RULE_DPORT1, + g_variant_new_uint32(rule->d_port1)); - if (rule->d_port2) - g_variant_builder_add(builder, "{sv}", RULE_DPORT2, - g_variant_new_uint32(rule->d_port2)); + if (rule->d_port2) + g_variant_builder_add(builder, "{sv}", RULE_DPORT2, + g_variant_new_uint32(rule->d_port2)); + } - if (rule->ifname) - g_variant_builder_add(builder, "{sv}", RULE_IFNAME, - g_variant_new_string(rule->ifname)); + if (rule->direction != STC_FW_DIRECTION_NONE) { + if (rule->ifname && rule->ifname[0] != '\0') + g_variant_builder_add(builder, "{sv}", RULE_IFNAME, + g_variant_new_string(rule->ifname)); + } - if (rule->target_str) + if (rule->target_str && rule->target_str[0] != '\0') g_variant_builder_add(builder, "{sv}", RULE_TARGET, g_variant_new_string(rule->target_str)); + + if (rule->target != STC_FW_RULE_TARGET_NONE) + g_variant_builder_add(builder, "{sv}", RULE_TARGETTYPE, + g_variant_new_uint16(rule->target)); + + switch (rule->target) { + case STC_FW_RULE_TARGET_LOG: + g_variant_builder_add(builder, "{sv}", RULE_LOG_LEVEL, + g_variant_new_uint16(rule->log_level)); + + if (rule->log_prefix && rule->log_prefix[0] != '\0') + g_variant_builder_add(builder, "{sv}", RULE_LOG_PREFIX, + g_variant_new_string(rule->log_prefix)); + break; + case STC_FW_RULE_TARGET_NFLOG: + g_variant_builder_add(builder, "{sv}", RULE_NFLOG_GROUP, + g_variant_new_uint16(rule->nflog_group)); + + if (rule->nflog_prefix && rule->nflog_prefix[0] != '\0') + g_variant_builder_add(builder, "{sv}", RULE_NFLOG_PREFIX, + g_variant_new_string(rule->nflog_prefix)); + + g_variant_builder_add(builder, "{sv}", RULE_NFLOG_RANGE, + g_variant_new_uint16(rule->nflog_range)); + + g_variant_builder_add(builder, "{sv}", RULE_NFLOG_THRESHOLD, + g_variant_new_uint16(rule->nflog_threshold)); + break; + default: + break; + } } static int __fw_add_chain(GDBusConnection *connection, @@ -625,8 +651,6 @@ stc_error_e firewall_chain_unset(firewall_chain_s *chain) stc_error_e firewall_rule_add(firewall_rule_s *rule) { - __STC_LOG_FUNC_ENTER__; - stc_error_e ret = STC_ERROR_NONE; stc_s *stc = stc_get_manager(); @@ -665,14 +689,11 @@ stc_error_e firewall_rule_add(firewall_rule_s *rule) break; } - __STC_LOG_FUNC_EXIT__; return ret; } stc_error_e firewall_rule_remove(firewall_rule_s *rule) { - __STC_LOG_FUNC_ENTER__; - stc_error_e ret = STC_ERROR_NONE; stc_s *stc = stc_get_manager(); @@ -711,6 +732,5 @@ stc_error_e firewall_rule_remove(firewall_rule_s *rule) break; } - __STC_LOG_FUNC_EXIT__; return ret; } diff --git a/src/helper/helper-firewall.h b/src/helper/helper-firewall.h old mode 100644 new mode 100755 index 8a1dbea..2c779bb --- a/src/helper/helper-firewall.h +++ b/src/helper/helper-firewall.h @@ -28,6 +28,35 @@ #define FIREWALL_RULE_TARGET_ACCEPT "ACCEPT" #define FIREWALL_RULE_TARGET_DROP "DROP" #define FIREWALL_RULE_TARGET_LOG "LOG" +#define FIREWALL_RULE_TARGET_NFLOG "NFLOG" + +#define RULE_CHAIN "chain" +#define RULE_DIRECTION "direction" +#define RULE_IFNAME "ifname" +#define RULE_PROTOCOL "protocol" +#define RULE_TARGET "target" +#define RULE_TARGETTYPE "target_type" + +#define RULE_FAMILY "family" +#define RULE_SIPTYPE "s_ip_type" +#define RULE_SIP1 "s_ip1" +#define RULE_SIP2 "s_ip2" +#define RULE_DIPTYPE "d_ip_type" +#define RULE_DIP1 "d_ip1" +#define RULE_DIP2 "d_ip2" +#define RULE_SPORTTYPE "s_port_type" +#define RULE_SPORT1 "s_port1" +#define RULE_SPORT2 "s_port2" +#define RULE_DPORTTYPE "d_port_type" +#define RULE_DPORT1 "d_port1" +#define RULE_DPORT2 "d_port2" + +#define RULE_LOG_LEVEL "log_level" +#define RULE_LOG_PREFIX "log_prefix" +#define RULE_NFLOG_GROUP "nflog_group" +#define RULE_NFLOG_PREFIX "nflog_prefix" +#define RULE_NFLOG_RANGE "nflog_range" +#define RULE_NFLOG_THRESHOLD "nflog_threshold" typedef enum { FIREWALL_UNKONWN, @@ -67,6 +96,12 @@ typedef struct { char *ifname; stc_fw_rule_target_e target; char *target_str; + guchar log_level; + char *log_prefix; + guint nflog_group; + char *nflog_prefix; + guint nflog_range; + guint nflog_threshold; char *identifier; } firewall_rule_s; diff --git a/src/stc-firewall.c b/src/stc-firewall.c index ff4bc02..c18f5da 100755 --- a/src/stc-firewall.c +++ b/src/stc-firewall.c @@ -28,31 +28,9 @@ #define CHAIN_TARGET "target" #define CHAIN_PRIORITY "priority" -#define RULE_CHAIN "chain" -#define RULE_DIRECTION "direction" -#define RULE_SIPTYPE "s_ip_type" -#define RULE_DIPTYPE "d_ip_type" -#define RULE_SPORTTYPE "s_port_type" -#define RULE_DPORTTYPE "d_port_type" -#define RULE_PROTOCOL "protocol" -#define RULE_FAMILY "family" -#define RULE_SIP1 "s_ip1" -#define RULE_SIP2 "s_ip2" -#define RULE_DIP1 "d_ip1" -#define RULE_DIP2 "d_ip2" -#define RULE_SPORT1 "s_port1" -#define RULE_SPORT2 "s_port2" -#define RULE_DPORT1 "d_port1" -#define RULE_DPORT2 "d_port2" -#define RULE_IFNAME "ifname" -#define RULE_TARGET "target" #define RULE_IDENTIFIER "identifier" #define RULE_KEY "key" -#define RULE_TARGET_ACCEPT "ACCEPT" -#define RULE_TARGET_DROP "DROP" -#define RULE_TARGET_LOG "LOG" - #define FIREWALL_DBUS_ERROR_NAME "net.stc.firewall.Error.Failed" #define STC_FIREWALL_DBUS_REPLY_ERROR(invocation, err_num) \ @@ -125,6 +103,22 @@ static void __fw_rule_copy(firewall_rule_s *rule, rule->target_str = g_strdup(info->target_str); } + rule->log_level = info->log_level; + + if (info->log_prefix) { + FREE(rule->log_prefix); + rule->log_prefix = g_strdup(info->log_prefix); + } + + rule->nflog_group = info->nflog_group; + rule->nflog_range = info->nflog_range; + rule->nflog_threshold = info->nflog_threshold; + + if (info->nflog_prefix) { + FREE(rule->nflog_prefix); + rule->nflog_prefix = g_strdup(info->nflog_prefix); + } + if (info->identifier) { FREE(rule->identifier); rule->identifier = g_strdup(info->identifier); @@ -190,6 +184,21 @@ static void __fw_rule_make_key(firewall_rule_s *rule, g_string_append_printf(str, "_%s", (rule->ifname) ? rule->ifname : ""); g_string_append_printf(str, "_%u", rule->target); + switch (rule->target) { + case STC_FW_RULE_TARGET_LOG: + g_string_append_printf(str, "_%u", rule->log_level); + g_string_append_printf(str, "_%s", rule->log_prefix); + break; + case STC_FW_RULE_TARGET_NFLOG: + g_string_append_printf(str, "_%u", rule->nflog_group); + g_string_append_printf(str, "_%s", rule->nflog_prefix); + g_string_append_printf(str, "_%u", rule->nflog_range); + g_string_append_printf(str, "_%u", rule->nflog_threshold); + break; + default: + break; + } + FREE(rule->identifier); rule->identifier = g_string_free(str, FALSE); rule->key = g_str_hash(rule->identifier); @@ -208,6 +217,9 @@ static void __fw_rule_free(void *data) FREE(rule->chain); FREE(rule->ifname); + FREE(rule->target_str); + FREE(rule->log_prefix); + FREE(rule->nflog_prefix); FREE(rule->identifier); FREE(rule); } @@ -552,6 +564,33 @@ static void __fw_rule_make_params(gpointer data, gpointer user_data) g_variant_builder_add(&sub_builder, "{sv}", RULE_TARGET, g_variant_new_uint16(rule->target)); + switch (rule->target) { + case STC_FW_RULE_TARGET_LOG: + g_variant_builder_add(&sub_builder, "{sv}", RULE_LOG_LEVEL, + g_variant_new_uint16(rule->log_level)); + + if (rule->log_prefix) + g_variant_builder_add(&sub_builder, "{sv}", RULE_LOG_PREFIX, + g_variant_new_string(rule->log_prefix)); + break; + case STC_FW_RULE_TARGET_NFLOG: + g_variant_builder_add(&sub_builder, "{sv}", RULE_NFLOG_GROUP, + g_variant_new_uint16(rule->nflog_group)); + + if (rule->nflog_prefix) + g_variant_builder_add(&sub_builder, "{sv}", RULE_NFLOG_PREFIX, + g_variant_new_string(rule->nflog_prefix)); + + g_variant_builder_add(&sub_builder, "{sv}", RULE_NFLOG_RANGE, + g_variant_new_uint16(rule->nflog_range)); + + g_variant_builder_add(&sub_builder, "{sv}", RULE_NFLOG_THRESHOLD, + g_variant_new_uint16(rule->nflog_threshold)); + break; + default: + break; + } + g_variant_builder_add(&sub_builder, "{sv}", RULE_IDENTIFIER, g_variant_new_string(rule->identifier)); @@ -563,36 +602,79 @@ static void __fw_rule_make_params(gpointer data, gpointer user_data) static void __fw_rule_set_to_chain(gpointer data, gpointer user_data) { - firewall_rule_s *info = (firewall_rule_s *)data; + firewall_rule_s *rule = (firewall_rule_s *)data; char *chain = (char *)user_data; - firewall_rule_s rule; - if (chain && (g_strcmp0(info->chain, chain) != 0)) + if (chain && (g_strcmp0(rule->chain, chain) != 0)) return; - memset(&rule, 0, sizeof(firewall_rule_s)); - memcpy(&rule, info, sizeof(firewall_rule_s)); - rule.chain = g_strdup(info->chain); - rule.ifname = g_strdup(info->ifname); - switch (rule.target) { + switch (rule->target) { case STC_FW_RULE_TARGET_ACCEPT: - rule.target_str = g_strdup(FIREWALL_RULE_TARGET_ACCEPT); + FREE(rule->target_str); + rule->target_str = g_strdup(FIREWALL_RULE_TARGET_ACCEPT); break; case STC_FW_RULE_TARGET_DROP: - rule.target_str = g_strdup(FIREWALL_RULE_TARGET_DROP); + FREE(rule->target_str); + rule->target_str = g_strdup(FIREWALL_RULE_TARGET_DROP); break; case STC_FW_RULE_TARGET_LOG: - rule.target_str = g_strdup(FIREWALL_RULE_TARGET_LOG); + FREE(rule->target_str); + rule->target_str = g_strdup(FIREWALL_RULE_TARGET_LOG); + break; + case STC_FW_RULE_TARGET_NFLOG: + FREE(rule->target_str); + rule->target_str = g_strdup(FIREWALL_RULE_TARGET_NFLOG); + break; + default: + break; + } + + firewall_rule_add(rule); +} + +static void __fw_rule_print_rules(gpointer data, gpointer user_data) +{ + firewall_rule_s *rule = (firewall_rule_s *)data; + + STC_LOGD("[%s][%d][%s][%d][%d][%04x][%04x]" + "[%d][%04x][%04x][%d][%s][%d][%s][%d][%d]", + rule->chain, rule->direction, rule->ifname, + rule->protocol, + rule->s_port_type, rule->s_port1, rule->s_port2, + rule->d_port_type, rule->d_port1, rule->d_port2, + rule->target, rule->target_str, + rule->nflog_group, rule->nflog_prefix, + rule->nflog_range, rule->nflog_threshold); + + switch (rule->family) { + case STC_FW_FAMILY_V4: + STC_LOGD("[%d][%d][%08x][%08x][%d][%08x][%08x]", + rule->family, + rule->s_ip_type, rule->s_ip1.Ipv4.s_addr, rule->s_ip2.Ipv4.s_addr, + rule->d_ip_type, rule->d_ip1.Ipv4.s_addr, rule->d_ip2.Ipv4.s_addr); + break; + case STC_FW_FAMILY_V6: + STC_LOGD("[%d][%d][%08x:%08x:%08x:%08x][%08x:%08x:%08x:%08x]" + "[%d][%08x:%08x:%08x:%08x][%08x:%08x:%08x:%08x]", + rule->family, + rule->s_ip_type, + rule->s_ip1.Ipv6.s6_addr32[0], rule->s_ip1.Ipv6.s6_addr32[1], + rule->s_ip1.Ipv6.s6_addr32[2], rule->s_ip1.Ipv6.s6_addr32[3], + rule->d_ip_type, + rule->d_ip1.Ipv6.s6_addr32[0], rule->d_ip1.Ipv6.s6_addr32[1], + rule->d_ip1.Ipv6.s6_addr32[2], rule->d_ip1.Ipv6.s6_addr32[3]); break; default: break; } +} - firewall_rule_add(&rule); +static void __fw_foreach_to_print_rule(gpointer key, gpointer value, + gpointer user_data) +{ + stc_fw_data_s *data = (stc_fw_data_s *)value; - FREE(rule.chain); - FREE(rule.ifname); - FREE(rule.target_str); + g_slist_foreach(data->rules, __fw_rule_print_rules, user_data); } static void __fw_foreach_to_make_rule_param(gpointer key, gpointer value, @@ -775,7 +857,7 @@ static stc_error_e __fw_rule_remove(const firewall_rule_s *info) return STC_ERROR_NONE; } -static stc_error_e __fw_rule_update(const firewall_rule_s *info) +static stc_error_e __fw_rule_update(firewall_rule_s *info) { stc_fw_data_s *lookup; GSList *rule_list; @@ -835,8 +917,6 @@ static stc_error_e __fw_rule_update(const firewall_rule_s *info) static void __fw_rule_extract(const char *key, GVariant *value, void *user_data) { - __STC_LOG_FUNC_ENTER__; - firewall_rule_s *rule = (firewall_rule_s *)user_data; if (rule == NULL) { __STC_LOG_FUNC_EXIT__; @@ -878,83 +958,141 @@ static void __fw_rule_extract(const char *key, GVariant *value, STC_LOGD("%s: [%u]", RULE_FAMILY, rule->family); } else if (g_strcmp0(key, RULE_SIP1) == 0) { - guint str_length; - const gchar *str = g_variant_get_string(value, &str_length); - if (rule->family == STC_FW_FAMILY_V4) { - inet_pton(AF_INET, str, &(rule->s_ip1.Ipv4)); - STC_LOGD("%s: [%08x]", RULE_SIP1, rule->s_ip1.Ipv4.s_addr); - } else if (rule->family == STC_FW_FAMILY_V6) { - inet_pton(AF_INET6, str, &(rule->s_ip1.Ipv6)); - STC_LOGD("%s: [%08x:%08x:%08x:%08x]", RULE_SIP1, - rule->s_ip1.Ipv6.s6_addr32[0], rule->s_ip1.Ipv6.s6_addr32[1], - rule->s_ip1.Ipv6.s6_addr32[2], rule->s_ip1.Ipv6.s6_addr32[3]); + if (rule->s_ip_type != STC_FW_IP_NONE) { + guint str_length; + const gchar *str = g_variant_get_string(value, &str_length); + if (rule->family == STC_FW_FAMILY_V4) { + inet_pton(AF_INET, str, &(rule->s_ip1.Ipv4)); + STC_LOGD("%s: [%08x]", RULE_SIP1, rule->s_ip1.Ipv4.s_addr); + } else if (rule->family == STC_FW_FAMILY_V6) { + inet_pton(AF_INET6, str, &(rule->s_ip1.Ipv6)); + STC_LOGD("%s: [%08x:%08x:%08x:%08x]", RULE_SIP1, + rule->s_ip1.Ipv6.s6_addr32[0], rule->s_ip1.Ipv6.s6_addr32[1], + rule->s_ip1.Ipv6.s6_addr32[2], rule->s_ip1.Ipv6.s6_addr32[3]); + } } } else if (g_strcmp0(key, RULE_SIP2) == 0) { - guint str_length; - const gchar *str = g_variant_get_string(value, &str_length); - if (rule->family == STC_FW_FAMILY_V4) { - inet_pton(AF_INET, str, &(rule->s_ip2.Ipv4)); - STC_LOGD("%s: [%08x]", RULE_SIP2, rule->s_ip2.Ipv4.s_addr); - } else if (rule->family == STC_FW_FAMILY_V6) { - inet_pton(AF_INET6, str, &(rule->s_ip2.Ipv6)); - STC_LOGD("%s: [%08x:%08x:%08x:%08x]", RULE_SIP2, - rule->s_ip2.Ipv6.s6_addr32[0], rule->s_ip2.Ipv6.s6_addr32[1], - rule->s_ip2.Ipv6.s6_addr32[2], rule->s_ip2.Ipv6.s6_addr32[3]); + if (rule->s_ip_type != STC_FW_IP_NONE) { + guint str_length; + const gchar *str = g_variant_get_string(value, &str_length); + if (rule->family == STC_FW_FAMILY_V4) { + inet_pton(AF_INET, str, &(rule->s_ip2.Ipv4)); + STC_LOGD("%s: [%08x]", RULE_SIP2, rule->s_ip2.Ipv4.s_addr); + } else if (rule->family == STC_FW_FAMILY_V6) { + inet_pton(AF_INET6, str, &(rule->s_ip2.Ipv6)); + STC_LOGD("%s: [%08x:%08x:%08x:%08x]", RULE_SIP2, + rule->s_ip2.Ipv6.s6_addr32[0], rule->s_ip2.Ipv6.s6_addr32[1], + rule->s_ip2.Ipv6.s6_addr32[2], rule->s_ip2.Ipv6.s6_addr32[3]); + } } } else if (g_strcmp0(key, RULE_DIP1) == 0) { - guint str_length; - const gchar *str = g_variant_get_string(value, &str_length); - if (rule->family == STC_FW_FAMILY_V4) { - inet_pton(AF_INET, str, &(rule->d_ip1.Ipv4)); - STC_LOGD("%s: [%08x]", RULE_DIP1, rule->d_ip1.Ipv4.s_addr); - } else if (rule->family == STC_FW_FAMILY_V6) { - inet_pton(AF_INET6, str, &(rule->d_ip1.Ipv6)); - STC_LOGD("%s: [%08x:%08x:%08x:%08x]", RULE_DIP1, - rule->d_ip1.Ipv6.s6_addr32[0], rule->d_ip1.Ipv6.s6_addr32[1], - rule->d_ip1.Ipv6.s6_addr32[2], rule->d_ip1.Ipv6.s6_addr32[3]); + if (rule->d_ip_type != STC_FW_IP_NONE) { + guint str_length; + const gchar *str = g_variant_get_string(value, &str_length); + if (rule->family == STC_FW_FAMILY_V4) { + inet_pton(AF_INET, str, &(rule->d_ip1.Ipv4)); + STC_LOGD("%s: [%08x]", RULE_DIP1, rule->d_ip1.Ipv4.s_addr); + } else if (rule->family == STC_FW_FAMILY_V6) { + inet_pton(AF_INET6, str, &(rule->d_ip1.Ipv6)); + STC_LOGD("%s: [%08x:%08x:%08x:%08x]", RULE_DIP1, + rule->d_ip1.Ipv6.s6_addr32[0], rule->d_ip1.Ipv6.s6_addr32[1], + rule->d_ip1.Ipv6.s6_addr32[2], rule->d_ip1.Ipv6.s6_addr32[3]); + } } } else if (g_strcmp0(key, RULE_DIP2) == 0) { - guint str_length; - const gchar *str = g_variant_get_string(value, &str_length); - if (rule->family == STC_FW_FAMILY_V4) { - inet_pton(AF_INET, str, &(rule->d_ip2.Ipv4)); - STC_LOGD("%s: [%08x]", RULE_DIP2, rule->d_ip2.Ipv4.s_addr); - } else if (rule->family == STC_FW_FAMILY_V6) { - inet_pton(AF_INET6, str, &(rule->d_ip2.Ipv6)); - STC_LOGD("%s: [%08x:%08x:%08x:%08x]", RULE_DIP2, - rule->d_ip2.Ipv6.s6_addr32[0], rule->d_ip2.Ipv6.s6_addr32[1], - rule->d_ip2.Ipv6.s6_addr32[2], rule->d_ip2.Ipv6.s6_addr32[3]); + if (rule->d_ip_type != STC_FW_IP_NONE) { + guint str_length; + const gchar *str = g_variant_get_string(value, &str_length); + if (rule->family == STC_FW_FAMILY_V4) { + inet_pton(AF_INET, str, &(rule->d_ip2.Ipv4)); + STC_LOGD("%s: [%08x]", RULE_DIP2, rule->d_ip2.Ipv4.s_addr); + } else if (rule->family == STC_FW_FAMILY_V6) { + inet_pton(AF_INET6, str, &(rule->d_ip2.Ipv6)); + STC_LOGD("%s: [%08x:%08x:%08x:%08x]", RULE_DIP2, + rule->d_ip2.Ipv6.s6_addr32[0], rule->d_ip2.Ipv6.s6_addr32[1], + rule->d_ip2.Ipv6.s6_addr32[2], rule->d_ip2.Ipv6.s6_addr32[3]); + } } } else if (g_strcmp0(key, RULE_SPORT1) == 0) { - rule->s_port1 = g_variant_get_uint32(value); - STC_LOGD("%s: [%04x]", RULE_SPORT1, rule->s_port1); + if (rule->s_port_type != STC_FW_PORT_NONE) { + rule->s_port1 = g_variant_get_uint32(value); + STC_LOGD("%s: [%04x]", RULE_SPORT1, rule->s_port1); + } } else if (g_strcmp0(key, RULE_SPORT2) == 0) { - rule->s_port2 = g_variant_get_uint32(value); - STC_LOGD("%s: [%04x]", RULE_SPORT2, rule->s_port2); + if (rule->s_port_type != STC_FW_PORT_NONE) { + rule->s_port2 = g_variant_get_uint32(value); + STC_LOGD("%s: [%04x]", RULE_SPORT2, rule->s_port2); + } } else if (g_strcmp0(key, RULE_DPORT1) == 0) { - rule->d_port1 = g_variant_get_uint32(value); - STC_LOGD("%s: [%04x]", RULE_DPORT1, rule->d_port1); + if (rule->s_port_type != STC_FW_PORT_NONE) { + rule->d_port1 = g_variant_get_uint32(value); + STC_LOGD("%s: [%04x]", RULE_DPORT1, rule->d_port1); + } } else if (g_strcmp0(key, RULE_DPORT2) == 0) { - rule->d_port2 = g_variant_get_uint32(value); - STC_LOGD("%s: [%04x]", RULE_DPORT2, rule->d_port2); + if (rule->d_port_type != STC_FW_PORT_NONE) { + rule->d_port2 = g_variant_get_uint32(value); + STC_LOGD("%s: [%04x]", RULE_DPORT2, rule->d_port2); + } } else if (g_strcmp0(key, RULE_IFNAME) == 0) { - guint str_length; - const gchar *str = g_variant_get_string(value, &str_length); - rule->ifname = g_strdup(str); - STC_LOGD("%s: [%s]", RULE_IFNAME, rule->ifname); + if (rule->direction != STC_FW_DIRECTION_NONE) { + guint str_length; + const gchar *str = g_variant_get_string(value, &str_length); + rule->ifname = g_strdup(str); + STC_LOGD("%s: [%s]", RULE_IFNAME, rule->ifname); + } } else if (g_strcmp0(key, RULE_TARGET) == 0) { rule->target = g_variant_get_uint16(value); STC_LOGD("%s: [%u]", RULE_TARGET, rule->target); + } else if (g_strcmp0(key, RULE_LOG_LEVEL) == 0) { + if (rule->target == STC_FW_RULE_TARGET_LOG) { + rule->log_level = g_variant_get_uint16(value); + STC_LOGD("%s: [%u]", RULE_LOG_LEVEL, rule->log_level); + } + + } else if (g_strcmp0(key, RULE_LOG_PREFIX) == 0) { + if (rule->target == STC_FW_RULE_TARGET_LOG) { + guint str_length; + const gchar *str = g_variant_get_string(value, &str_length); + rule->log_prefix = g_strdup(str); + STC_LOGD("%s: [%s]", RULE_LOG_PREFIX, rule->log_prefix); + } + + } else if (g_strcmp0(key, RULE_NFLOG_GROUP) == 0) { + if (rule->target == STC_FW_RULE_TARGET_NFLOG) { + rule->nflog_group = g_variant_get_uint16(value); + STC_LOGD("%s: [%u]", RULE_NFLOG_GROUP, rule->nflog_group); + } + + } else if (g_strcmp0(key, RULE_NFLOG_PREFIX) == 0) { + if (rule->target == STC_FW_RULE_TARGET_NFLOG) { + guint str_length; + const gchar *str = g_variant_get_string(value, &str_length); + rule->nflog_prefix = g_strdup(str); + STC_LOGD("%s: [%s]", RULE_NFLOG_PREFIX, rule->nflog_prefix); + } + + } else if (g_strcmp0(key, RULE_NFLOG_RANGE) == 0) { + if (rule->target == STC_FW_RULE_TARGET_NFLOG) { + rule->nflog_range = g_variant_get_uint16(value); + STC_LOGD("%s: [%u]", RULE_NFLOG_RANGE, rule->nflog_range); + } + + } else if (g_strcmp0(key, RULE_NFLOG_THRESHOLD) == 0) { + if (rule->target == STC_FW_RULE_TARGET_NFLOG) { + rule->nflog_threshold = g_variant_get_uint16(value); + STC_LOGD("%s: [%u]", RULE_NFLOG_THRESHOLD, rule->nflog_threshold); + } + } else if (g_strcmp0(key, RULE_IDENTIFIER) == 0) { guint str_length; const gchar *str = g_variant_get_string(value, &str_length); @@ -968,8 +1106,6 @@ static void __fw_rule_extract(const char *key, GVariant *value, } else { STC_LOGD("Unknown rule [%s]", key); } - - __STC_LOG_FUNC_EXIT__; } gboolean __validate_fw_rule(firewall_rule_s *rule) @@ -1021,6 +1157,20 @@ gboolean __validate_fw_rule(firewall_rule_s *rule) return FALSE; } + if (rule->target == STC_FW_RULE_TARGET_LOG && + (rule->log_prefix == NULL || + rule->log_prefix[0] == '\0')) { + __STC_LOG_FUNC_EXIT__; + return FALSE; + } + + if (rule->target == STC_FW_RULE_TARGET_NFLOG && + (rule->nflog_prefix == NULL || + rule->nflog_prefix[0] == '\0')) { + __STC_LOG_FUNC_EXIT__; + return FALSE; + } + __STC_LOG_FUNC_EXIT__; return TRUE; } @@ -1261,7 +1411,7 @@ gboolean handle_firewall_set_chain(StcFirewall *object, STC_FIREWALL_CHECK_LOCK_STATE(invocation); if (chain == NULL || - target > STC_FW_CHAIN_TARGET_OUTPUT) { + target >= STC_FW_CHAIN_TARGET_MAX) { STC_FIREWALL_DBUS_REPLY_ERROR(invocation, STC_ERROR_INVALID_PARAMETER); __STC_LOG_FUNC_EXIT__; @@ -1297,7 +1447,6 @@ gboolean handle_firewall_set_chain(StcFirewall *object, } __fw_chain_foreach(__fw_foreach_to_set_rule_to_chain, chain); - ret = firewall_chain_set(&info); if (ret != STC_ERROR_NONE) { STC_FIREWALL_DBUS_REPLY_ERROR(invocation, ret); @@ -1570,6 +1719,7 @@ gboolean handle_firewall_get_all_rule(StcFirewall *object, builder = g_variant_builder_new(G_VARIANT_TYPE("aa{sv}")); __fw_chain_foreach(__fw_foreach_to_make_rule_param, builder); + __fw_chain_foreach(__fw_foreach_to_print_rule, NULL); return_parameters = g_variant_new("(aa{sv})", builder); g_variant_builder_unref(builder); -- 2.7.4 From bafd064cd4e4530782b5e4fd8e3f8cd6fb4a4284 Mon Sep 17 00:00:00 2001 From: Taesoo Jun Date: Thu, 19 Jul 2018 10:40:40 +0900 Subject: [PATCH 02/16] Fix local variable initialization and handle a invalid parameter Change-Id: Idc99e6b41528f0429882d2bf91e4bbe0c997b05d Signed-off-by: Taesoo Jun --- src/monitor/stc-monitor.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/src/monitor/stc-monitor.c b/src/monitor/stc-monitor.c index 5885fc9..3abebef 100755 --- a/src/monitor/stc-monitor.c +++ b/src/monitor/stc-monitor.c @@ -891,11 +891,11 @@ static void __action_when_rstn_limit_exceeded(stc_rstn_limit_type_e limit_type, classid_bytes_context_s *context) { gboolean rv; - char iftype[MAX_INT_LENGTH]; - char byte[MAX_INT_LENGTH]; - const char *signal_name; - const char *net_popup_content; - const char *net_popup_type; + char iftype[MAX_INT_LENGTH] = { 0, }; + char byte[MAX_INT_LENGTH] = { 0, }; + const char *signal_name = NULL; + const char *net_popup_content = NULL; + const char *net_popup_type = NULL; stc_s *stc = (stc_s *)stc_get_manager(); if (stc == NULL) { @@ -940,6 +940,11 @@ static void __action_when_rstn_limit_exceeded(stc_rstn_limit_type_e limit_type, break; } + if (signal_name == NULL) { + STC_LOGE("Invalid parameter: limit_type"); + return; + } + /* emit signal */ rv = stc_manager_dbus_emit_signal(stc->connection, STC_DBUS_SERVICE_RESTRICTION_PATH, -- 2.7.4 From 30c910c6469eca1fc6a1cc8db64e51df9f09dbee Mon Sep 17 00:00:00 2001 From: Taesoo Jun Date: Thu, 19 Jul 2018 10:44:58 +0900 Subject: [PATCH 03/16] Change file mode into 644 Change-Id: Ibc02513b4cca3207d3137ce88b7ffd9735439eeb Signed-off-by: Taesoo Jun --- include/stc-manager-plugin-appstatus.h | 0 include/stc-manager-plugin-procfs.h | 0 plugin/appstatus/include/stc-plugin-appstatus.h | 0 plugin/appstatus/stc-plugin-appstatus.c | 0 plugin/procfs/include/stc-plugin-procfs.h | 0 plugin/procfs/stc-plugin-procfs.c | 0 src/database/include/table-firewall.h | 0 src/database/tables/table-firewall.c | 0 src/database/tables/table-restrictions.c | 0 src/database/tables/table-statistics.c | 0 src/helper/helper-cgroup.c | 0 src/helper/helper-file.c | 0 src/helper/helper-inotify.c | 0 src/helper/helper-inotify.h | 0 src/helper/helper-net-cls.c | 0 src/helper/helper-nfacct-rule.c | 0 src/monitor/stc-monitor.c | 0 src/stc-firewall.c | 0 src/stc-manager-plugin-appstatus.c | 0 src/stc-manager-plugin-procfs.c | 0 src/stc-manager.c | 0 unittest/gdbus.cpp | 0 unittest/manager.cpp | 0 unittest/restriction.cpp | 0 unittest/statistics.cpp | 0 unittest/stcmgr.cpp | 0 unittest/unittest.cpp | 0 27 files changed, 0 insertions(+), 0 deletions(-) mode change 100755 => 100644 include/stc-manager-plugin-appstatus.h mode change 100755 => 100644 include/stc-manager-plugin-procfs.h mode change 100755 => 100644 plugin/appstatus/include/stc-plugin-appstatus.h mode change 100755 => 100644 plugin/appstatus/stc-plugin-appstatus.c mode change 100755 => 100644 plugin/procfs/include/stc-plugin-procfs.h mode change 100755 => 100644 plugin/procfs/stc-plugin-procfs.c mode change 100755 => 100644 src/database/include/table-firewall.h mode change 100755 => 100644 src/database/tables/table-firewall.c mode change 100755 => 100644 src/database/tables/table-restrictions.c mode change 100755 => 100644 src/database/tables/table-statistics.c mode change 100755 => 100644 src/helper/helper-cgroup.c mode change 100755 => 100644 src/helper/helper-file.c mode change 100755 => 100644 src/helper/helper-inotify.c mode change 100755 => 100644 src/helper/helper-inotify.h mode change 100755 => 100644 src/helper/helper-net-cls.c mode change 100755 => 100644 src/helper/helper-nfacct-rule.c mode change 100755 => 100644 src/monitor/stc-monitor.c mode change 100755 => 100644 src/stc-firewall.c mode change 100755 => 100644 src/stc-manager-plugin-appstatus.c mode change 100755 => 100644 src/stc-manager-plugin-procfs.c mode change 100755 => 100644 src/stc-manager.c mode change 100755 => 100644 unittest/gdbus.cpp mode change 100755 => 100644 unittest/manager.cpp mode change 100755 => 100644 unittest/restriction.cpp mode change 100755 => 100644 unittest/statistics.cpp mode change 100755 => 100644 unittest/stcmgr.cpp mode change 100755 => 100644 unittest/unittest.cpp diff --git a/include/stc-manager-plugin-appstatus.h b/include/stc-manager-plugin-appstatus.h old mode 100755 new mode 100644 diff --git a/include/stc-manager-plugin-procfs.h b/include/stc-manager-plugin-procfs.h old mode 100755 new mode 100644 diff --git a/plugin/appstatus/include/stc-plugin-appstatus.h b/plugin/appstatus/include/stc-plugin-appstatus.h old mode 100755 new mode 100644 diff --git a/plugin/appstatus/stc-plugin-appstatus.c b/plugin/appstatus/stc-plugin-appstatus.c old mode 100755 new mode 100644 diff --git a/plugin/procfs/include/stc-plugin-procfs.h b/plugin/procfs/include/stc-plugin-procfs.h old mode 100755 new mode 100644 diff --git a/plugin/procfs/stc-plugin-procfs.c b/plugin/procfs/stc-plugin-procfs.c old mode 100755 new mode 100644 diff --git a/src/database/include/table-firewall.h b/src/database/include/table-firewall.h old mode 100755 new mode 100644 diff --git a/src/database/tables/table-firewall.c b/src/database/tables/table-firewall.c old mode 100755 new mode 100644 diff --git a/src/database/tables/table-restrictions.c b/src/database/tables/table-restrictions.c old mode 100755 new mode 100644 diff --git a/src/database/tables/table-statistics.c b/src/database/tables/table-statistics.c old mode 100755 new mode 100644 diff --git a/src/helper/helper-cgroup.c b/src/helper/helper-cgroup.c old mode 100755 new mode 100644 diff --git a/src/helper/helper-file.c b/src/helper/helper-file.c old mode 100755 new mode 100644 diff --git a/src/helper/helper-inotify.c b/src/helper/helper-inotify.c old mode 100755 new mode 100644 diff --git a/src/helper/helper-inotify.h b/src/helper/helper-inotify.h old mode 100755 new mode 100644 diff --git a/src/helper/helper-net-cls.c b/src/helper/helper-net-cls.c old mode 100755 new mode 100644 diff --git a/src/helper/helper-nfacct-rule.c b/src/helper/helper-nfacct-rule.c old mode 100755 new mode 100644 diff --git a/src/monitor/stc-monitor.c b/src/monitor/stc-monitor.c old mode 100755 new mode 100644 diff --git a/src/stc-firewall.c b/src/stc-firewall.c old mode 100755 new mode 100644 diff --git a/src/stc-manager-plugin-appstatus.c b/src/stc-manager-plugin-appstatus.c old mode 100755 new mode 100644 diff --git a/src/stc-manager-plugin-procfs.c b/src/stc-manager-plugin-procfs.c old mode 100755 new mode 100644 diff --git a/src/stc-manager.c b/src/stc-manager.c old mode 100755 new mode 100644 diff --git a/unittest/gdbus.cpp b/unittest/gdbus.cpp old mode 100755 new mode 100644 diff --git a/unittest/manager.cpp b/unittest/manager.cpp old mode 100755 new mode 100644 diff --git a/unittest/restriction.cpp b/unittest/restriction.cpp old mode 100755 new mode 100644 diff --git a/unittest/statistics.cpp b/unittest/statistics.cpp old mode 100755 new mode 100644 diff --git a/unittest/stcmgr.cpp b/unittest/stcmgr.cpp old mode 100755 new mode 100644 diff --git a/unittest/unittest.cpp b/unittest/unittest.cpp old mode 100755 new mode 100644 -- 2.7.4 From 38f685b0bb11a77f2e485c28b6ad25b0f4c36f66 Mon Sep 17 00:00:00 2001 From: yhji Date: Tue, 24 Jul 2018 18:53:44 +0900 Subject: [PATCH 04/16] Fix Wformat build error Change-Id: I042b7e02b72dcd5b4e6e2a0d07fed3393aaad6db Signed-off-by: yhji --- src/stc-firewall.c | 4 ++-- src/stc-manager.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/stc-firewall.c b/src/stc-firewall.c index c18f5da..bec6c27 100644 --- a/src/stc-firewall.c +++ b/src/stc-firewall.c @@ -654,8 +654,8 @@ static void __fw_rule_print_rules(gpointer data, gpointer user_data) rule->d_ip_type, rule->d_ip1.Ipv4.s_addr, rule->d_ip2.Ipv4.s_addr); break; case STC_FW_FAMILY_V6: - STC_LOGD("[%d][%d][%08x:%08x:%08x:%08x][%08x:%08x:%08x:%08x]" - "[%d][%08x:%08x:%08x:%08x][%08x:%08x:%08x:%08x]", + STC_LOGD("[%d][%d][%08x:%08x:%08x:%08x]" + "[%d][%08x:%08x:%08x:%08x]", rule->family, rule->s_ip_type, rule->s_ip1.Ipv6.s6_addr32[0], rule->s_ip1.Ipv6.s6_addr32[1], diff --git a/src/stc-manager.c b/src/stc-manager.c index d83f079..f0d7e57 100644 --- a/src/stc-manager.c +++ b/src/stc-manager.c @@ -176,7 +176,7 @@ int stc_commit_iptables(char *cmd, int *err_num, char **err_str) if (pid == 0) { errno = 0; if (execv(args[0], args) == -1) { - STC_LOGE("Failed to execute [%s]", err_str); + STC_LOGE("Failed to execute [%s]", *err_str); g_strfreev(args); exit(-1); } -- 2.7.4 From 51cbe71376f0087b2fbe5049d27be1a235f08b46 Mon Sep 17 00:00:00 2001 From: hyunuktak Date: Fri, 27 Jul 2018 15:26:35 +0900 Subject: [PATCH 05/16] Checked file stat before realpath Change-Id: Iae4a7b7f97b90389a5c35ccf6144e42b3b525d02 Signed-off-by: hyunuktak --- packaging/stc-manager.spec | 2 +- src/helper/helper-file.c | 11 +++++++---- src/helper/helper-file.h | 1 + 3 files changed, 9 insertions(+), 5 deletions(-) mode change 100644 => 100755 src/helper/helper-file.c mode change 100644 => 100755 src/helper/helper-file.h diff --git a/packaging/stc-manager.spec b/packaging/stc-manager.spec index b379e73..7e20304 100644 --- a/packaging/stc-manager.spec +++ b/packaging/stc-manager.spec @@ -1,6 +1,6 @@ Name: stc-manager Summary: STC(Smart Traffic Control) manager -Version: 0.0.72 +Version: 0.0.73 Release: 0 Group: Network & Connectivity/Other License: Apache-2.0 diff --git a/src/helper/helper-file.c b/src/helper/helper-file.c old mode 100644 new mode 100755 index 636ef5d..73b93bd --- a/src/helper/helper-file.c +++ b/src/helper/helper-file.c @@ -24,14 +24,17 @@ int fwrite_str(const char *path, const char *str) _cleanup_fclose_ FILE *f = NULL; int ret; char * t; + struct stat stat_buf; assert(path); assert(str); - t = realpath(path, NULL); - ret_value_errno_msg_if(!t, -errno, - "Fail to get realpath %s", path); - free(t); + if (stat(path, &stat_buf) == 0) { + t = realpath(path, NULL); + ret_value_errno_msg_if(!t, -errno, + "Fail to get realpath %s", path); + free(t); + } f = fopen(path, "w"); ret_value_errno_msg_if(!f, -errno, diff --git a/src/helper/helper-file.h b/src/helper/helper-file.h old mode 100644 new mode 100755 index c5ff1b8..b45a668 --- a/src/helper/helper-file.h +++ b/src/helper/helper-file.h @@ -21,6 +21,7 @@ #include #include #include +#include #include "stc-manager.h" -- 2.7.4 From 9c9f59bedb5545a376b2ff86c34919095e62dd62 Mon Sep 17 00:00:00 2001 From: Taesoo Jun Date: Wed, 1 Aug 2018 18:54:47 +0900 Subject: [PATCH 06/16] Fix week_start_ts into day_start_ts Change-Id: I1906bf6fba572bec7d1a1f5c29206c4b0ee64114 Signed-off-by: Taesoo Jun --- src/monitor/stc-monitor.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/monitor/stc-monitor.c b/src/monitor/stc-monitor.c index 3abebef..2a42682 100644 --- a/src/monitor/stc-monitor.c +++ b/src/monitor/stc-monitor.c @@ -689,7 +689,7 @@ static void __process_restriction(enum traffic_restriction_type rstn_type, memset(&stat, 0, sizeof(cumulative_data_s)); stat.month_start_ts = rstn_value->month_start_ts; stat.week_start_ts = g_system->last_week_ts; - stat.week_start_ts = g_system->last_day_ts; + stat.day_start_ts = g_system->last_day_ts; memset(&rule, 0, sizeof(table_statistics_select_rule)); rule.from = rstn_value->month_start_ts; -- 2.7.4 From 5b158c5dc9ad4538d48b9571d7954b990079d7da Mon Sep 17 00:00:00 2001 From: hyunuktak Date: Fri, 17 Aug 2018 17:03:56 +0900 Subject: [PATCH 07/16] Removed emulator state check Change-Id: I829ee400b71f86ff10a8d264b5b75aae4457ceb5 Signed-off-by: hyunuktak --- packaging/stc-manager.spec | 2 +- src/monitor/include/stc-emulator.h | 25 ----------------- src/monitor/stc-emulator.c | 57 -------------------------------------- src/stc-manager.c | 16 ++++------- 4 files changed, 7 insertions(+), 93 deletions(-) delete mode 100644 src/monitor/include/stc-emulator.h delete mode 100644 src/monitor/stc-emulator.c diff --git a/packaging/stc-manager.spec b/packaging/stc-manager.spec index 7e20304..b227159 100644 --- a/packaging/stc-manager.spec +++ b/packaging/stc-manager.spec @@ -1,6 +1,6 @@ Name: stc-manager Summary: STC(Smart Traffic Control) manager -Version: 0.0.73 +Version: 0.0.74 Release: 0 Group: Network & Connectivity/Other License: Apache-2.0 diff --git a/src/monitor/include/stc-emulator.h b/src/monitor/include/stc-emulator.h deleted file mode 100644 index 8e06f7c..0000000 --- a/src/monitor/include/stc-emulator.h +++ /dev/null @@ -1,25 +0,0 @@ -/* - * Copyright (c) 2016 Samsung Electronics Co., Ltd. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef __STC_EMULATOR_H__ -#define __STC_EMULATOR_H__ - -#include - -gboolean stc_emulator_is_emulated(void); -void stc_emulator_check_environment(void); - -#endif /* __STC_EMULATOR_H__ */ diff --git a/src/monitor/stc-emulator.c b/src/monitor/stc-emulator.c deleted file mode 100644 index 6ccbe4f..0000000 --- a/src/monitor/stc-emulator.c +++ /dev/null @@ -1,57 +0,0 @@ -/* - * Copyright (c) 2016 Samsung Electronics Co., Ltd. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include -#include - -#include "stc-emulator.h" -#include "stc-manager-util.h" - -static gboolean stc_is_emulated = FALSE; - -static gboolean __stc_emulator_check_env(void) -{ - int ret; - char *model = NULL; - - ret = system_info_get_platform_string("tizen.org/system/model_name", &model); - if (ret != SYSTEM_INFO_ERROR_NONE) { - STC_LOGE("Failed to get system information(%d)", ret); //LCOV_EXCL_LINE - return FALSE; //LCOV_EXCL_LINE - } - - if (model && strncmp(model, "Emulator", strlen("Emulator")) == 0) { - g_free(model); //LCOV_EXCL_LINE - return TRUE; //LCOV_EXCL_LINE - } - - g_free(model); //LCOV_EXCL_LINE - return FALSE; //LCOV_EXCL_LINE -} - -gboolean stc_emulator_is_emulated(void) -{ - return stc_is_emulated; -} - -void stc_emulator_check_environment(void) -{ - stc_is_emulated = __stc_emulator_check_env(); - - STC_LOGD("Emulation environment : %s", - stc_is_emulated ? "It's emulated" : "Not emulated"); -} - diff --git a/src/stc-manager.c b/src/stc-manager.c index f0d7e57..436ee29 100644 --- a/src/stc-manager.c +++ b/src/stc-manager.c @@ -18,7 +18,6 @@ #include #include #include "stc-manager.h" -#include "stc-emulator.h" #include "stc-manager-gdbus.h" #include "stc-db.h" #include "counter.h" @@ -236,13 +235,11 @@ gint32 main(gint32 argc, gchar *argv[]) /* Crate the GLIB main loop */ main_loop = g_main_loop_new(NULL, FALSE); - stc_emulator_check_environment(); - if (stc_emulator_is_emulated() == FALSE) { - g_stc = __stc_manager_init(); - if (!g_stc) - goto fail; - g_stc->main_loop = main_loop; - } + g_stc = __stc_manager_init(); + if (!g_stc) + goto fail; + + g_stc->main_loop = main_loop; /* Run the main loop */ g_main_loop_run(main_loop); @@ -250,8 +247,7 @@ gint32 main(gint32 argc, gchar *argv[]) ret = 0; fail: - if (stc_emulator_is_emulated() == FALSE) - __stc_manager_deinit(); + __stc_manager_deinit(); if (main_loop) g_main_loop_unref(main_loop); -- 2.7.4 From ec67a82d1fd89d965b109b06554f5d162e67f60c Mon Sep 17 00:00:00 2001 From: Nishant Chaprana Date: Thu, 2 Aug 2018 12:58:01 +0530 Subject: [PATCH 08/16] Removed redundant NULL check Change-Id: Id29b2b3473715d454496c860b46f13ef3070ce0e Signed-off-by: Nishant Chaprana --- src/stc-manager-gdbus.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/stc-manager-gdbus.c b/src/stc-manager-gdbus.c index 672909b..2e5803c 100644 --- a/src/stc-manager-gdbus.c +++ b/src/stc-manager-gdbus.c @@ -458,7 +458,7 @@ void stc_manager_gdbus_dict_foreach(GVariantIter *iter, dbus_dict_cb cb, while (g_variant_iter_loop(iter, "{sv}", &key, &value)) { /* DEBUG_GDBUS_KEY_VALUE(key, value); */ - if (key && cb) + if (key) cb(key, value, user_data); } -- 2.7.4 From ea8a61cd93110141438e5165fc3b07eb5d61b13c Mon Sep 17 00:00:00 2001 From: Milind Murhekar Date: Wed, 8 Aug 2018 17:55:21 +0530 Subject: [PATCH 09/16] [Add] tether plugin This change adds a plugin called "tether" to support data usage for tethering client stations. Change-Id: I823c832f42613f0b607b96e0d863e532fe892e63 Signed-off-by: Milind Murhekar --- include/stc-manager-plugin-tether.h | 29 +++++ packaging/stc-manager.spec | 10 ++ plugin/CMakeLists.txt | 1 + plugin/tether/CMakeLists.txt | 36 ++++++ plugin/tether/include/stc-plugin-tether.h | 46 +++++++ plugin/tether/stc-plugin-tether.c | 197 ++++++++++++++++++++++++++++++ src/CMakeLists.txt | 2 + src/stc-manager-plugin-tether.c | 67 ++++++++++ src/stc-manager.c | 3 + 9 files changed, 391 insertions(+) create mode 100644 include/stc-manager-plugin-tether.h create mode 100644 plugin/tether/CMakeLists.txt create mode 100644 plugin/tether/include/stc-plugin-tether.h create mode 100644 plugin/tether/stc-plugin-tether.c create mode 100644 src/stc-manager-plugin-tether.c diff --git a/include/stc-manager-plugin-tether.h b/include/stc-manager-plugin-tether.h new file mode 100644 index 0000000..bdee306 --- /dev/null +++ b/include/stc-manager-plugin-tether.h @@ -0,0 +1,29 @@ +/* + * Copyright (c) 2016 Samsung Electronics Co., Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef __STC_MANAGER_PLUGIN_TETHER_H__ +#define __STC_MANAGER_PLUGIN_TETHER_H__ + +#define STC_PLUGIN_TETHER_FILEPATH "/usr/lib/stc-plugin-tether.so" + +#include "stc-plugin-tether.h" + +int stc_plugin_tether_init(void); +int stc_plugin_tether_deinit(void); +stc_error_e stc_plugin_tether_load(void); +stc_error_e stc_plugin_tether_status_changed(void); + +#endif /* __STC_MANAGER_PLUGIN_TETHER_H__ */ diff --git a/packaging/stc-manager.spec b/packaging/stc-manager.spec index b227159..6b0b965 100644 --- a/packaging/stc-manager.spec +++ b/packaging/stc-manager.spec @@ -57,6 +57,12 @@ Summary: STC manager exception proc file system plugin %description plugin-procfs A smart traffic control manager extension for proc file system plugin +%package plugin-tether +Summary: Tethering plugin for data usage of tethering clients + +%description plugin-tether +A smart traffic control manager extension for tethering client data usage plugin + %prep %setup -q chmod 644 %{SOURCE0} @@ -144,3 +150,7 @@ cp resources/dbus/stc-manager.conf %{buildroot}%{_sysconfdir}/dbus-1/system.d/st %files plugin-procfs %manifest %{name}.manifest %attr(500,root,root) %{_libdir}/stc-plugin-procfs.so + +%files plugin-tether +%manifest %{name}.manifest +%attr(500,root,root) %{_libdir}/stc-plugin-tether.so diff --git a/plugin/CMakeLists.txt b/plugin/CMakeLists.txt index ce92a27..e591d7a 100644 --- a/plugin/CMakeLists.txt +++ b/plugin/CMakeLists.txt @@ -18,3 +18,4 @@ INCLUDE_DIRECTORIES(${MONITOR_SOURCE_DIR}/include) ADD_SUBDIRECTORY(appstatus) ADD_SUBDIRECTORY(exception) ADD_SUBDIRECTORY(procfs) +ADD_SUBDIRECTORY(tether) diff --git a/plugin/tether/CMakeLists.txt b/plugin/tether/CMakeLists.txt new file mode 100644 index 0000000..889f44a --- /dev/null +++ b/plugin/tether/CMakeLists.txt @@ -0,0 +1,36 @@ +CMAKE_MINIMUM_REQUIRED(VERSION 2.6) +PROJECT(stc-plugin-tether C) + +# Set required packages +INCLUDE(FindPkgConfig) +PKG_CHECK_MODULES(tether_plugin REQUIRED + dlog + gio-2.0 + gio-unix-2.0 + glib-2.0 + ) + +FOREACH(flag ${tether_plugin_CFLAGS}) + SET(EXTRA_CFLAGS "${EXTRA_CFLAGS} ${flag}") +ENDFOREACH(flag) + +INCLUDE_DIRECTORIES(${CMAKE_CURRENT_SOURCE_DIR}/include) + +SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${EXTRA_CFLAGS} -g -Werror -fvisibility=hidden") +SET(CMAKE_C_FLAGS_DEBUG "-O0 -g") +SET(CMAKE_C_FLAGS_RELEASE "-O2") + +ADD_DEFINITIONS("-DUSE_DLOG") + +SET(SRCS_PLUGIN + stc-plugin-tether.c + ) + +# library build +ADD_LIBRARY(${PROJECT_NAME} SHARED ${SRCS_PLUGIN}) +ADD_DEPENDENCIES(${PROJECT_NAME} GENERATED_DBUS_CODE) +TARGET_LINK_LIBRARIES(${PROJECT_NAME} ${tether_plugin_LDFLAGS}) +SET_TARGET_PROPERTIES(${PROJECT_NAME} PROPERTIES PREFIX "" OUTPUT_NAME ${PROJECT_NAME}) + +# install +INSTALL(TARGETS ${PROJECT_NAME} LIBRARY DESTINATION ${LIBDIR}) diff --git a/plugin/tether/include/stc-plugin-tether.h b/plugin/tether/include/stc-plugin-tether.h new file mode 100644 index 0000000..b3d4439 --- /dev/null +++ b/plugin/tether/include/stc-plugin-tether.h @@ -0,0 +1,46 @@ +/* + * Copyright (c) 2016 Samsung Electronics Co., Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef __STC_PLUGIN_TETHER_H__ +#define __STC_PLUGIN_TETHER_H__ + +#include +#include "stc-error.h" +#include "stc-manager.h" + +#define TETHERING_SERVICE_INTERFACE "org.tizen.tethering" +#define SIGNAL_NAME_DHCP_STATUS "dhcp_status" +#define STATION_STR_INFO_LEN 54 +#define STATION_STR_HOSTNAME_LEN 33 + +typedef struct { + gchar *station_id; + gchar name[STATION_STR_HOSTNAME_LEN + 1]; + gchar ip[STATION_STR_INFO_LEN + 1]; + gchar mac[STATION_STR_INFO_LEN + 1]; +} tether_sta_info_s; + +typedef struct { + int (*init) (void); + void (*deinit) (void); + int (*status_changed) (void); +} stc_plugin_tether_s; + +int tether_init(void); +void tether_deinit(void); +stc_error_e tether_plugin_status_changed(void); + +#endif /* __STC_PLUGIN_TETHER_H__ */ diff --git a/plugin/tether/stc-plugin-tether.c b/plugin/tether/stc-plugin-tether.c new file mode 100644 index 0000000..ed3ccd4 --- /dev/null +++ b/plugin/tether/stc-plugin-tether.c @@ -0,0 +1,197 @@ +/* + * Copyright (c) 2016 Samsung Electronics Co., Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include +#include +#include +#include +#include +#include +#include + +#include "stc-monitor.h" +#include "stc-plugin-tether.h" + +static GSList *station_list = NULL; +static GDBusConnection *connection = NULL; +static GCancellable *cancellable = NULL; +static int g_mobileap_signal_sub_id = 0; + +static int _compare_sta_by_mac_func(gconstpointer a, + gconstpointer b) +{ + tether_sta_info_s *si = (tether_sta_info_s *)a; + return g_ascii_strcasecmp(si->mac, (const char *)b); +} + +static int _get_station_info(gconstpointer data, GCompareFunc func, + tether_sta_info_s **si) +{ + GSList *list = station_list; + tether_sta_info_s *info = NULL; + + if (func == NULL || si == NULL) + return -1; + + if (!list) + return -1; + + list = g_slist_find_custom(list, data, func); + if (list == NULL) + return -1; + + info = list->data; + *si = info; + return 0; +} + +static void _remove_station_info(gconstpointer data, GCompareFunc func) +{ + GSList *list = station_list; + tether_sta_info_s *info = NULL; + if (func == NULL) + return; + + if (!list) + return; + + list = g_slist_find_custom(list, data, func); + if (list == NULL) + return; + + info = (tether_sta_info_s *)list->data; + STC_LOGI("STA-REMOVED: (%s) (%s) (%s)", info->ip, info->mac, info->name); + g_free(info->station_id); + g_free(info); + + station_list = g_slist_delete_link(station_list, list); +} + +static void _add_station_info(tether_sta_info_s *info) +{ + tether_sta_info_s *tmp = NULL; + if (info == NULL) { + STC_LOGE("info is NULL"); + return; + } + + if (_get_station_info(info->mac, _compare_sta_by_mac_func, &tmp) == 0) { + if (!g_strcmp0(tmp->name, info->name) && !g_strcmp0(tmp->ip, info->ip)) + return; + + //Remove the station if dhcp info changed. + _remove_station_info(info->mac, _compare_sta_by_mac_func); + } + + station_list = g_slist_prepend(station_list, info); + STC_LOGI("STA-ADDED: (%s) (%s) (%s)", info->ip, info->mac, info->name); + info->station_id = g_strdup_printf("%s_%s", info->mac, info->name); +} + +static void _mobileap_signal_cb(GDBusConnection *conn, + const gchar *name, const gchar *path, + const gchar *interface, const gchar *sig, + GVariant *param, gpointer user_data) +{ + int type; + int tm; + char *ip = NULL; + char *mac = NULL; + char *hostname = NULL; + char *state = NULL; + tether_sta_info_s *sta = NULL; + + ret_msg_if(sig == NULL, "signal name NULL"); + ret_msg_if(param == NULL, "param NULL"); + + STC_LOGI("%s interface(%s)", sig, interface); + + sta = (tether_sta_info_s *)g_malloc0(sizeof(tether_sta_info_s)); + if (sta == NULL) { + STC_LOGE("g_malloc0 failed"); + return; + } + + g_variant_get(param, "(susssu)", &state, &type, &ip, &mac, &hostname, &tm); + STC_LOGI("%s: ip(%s) mac(%s) name(%s) tm(%d)", state, ip, mac, hostname, tm); + + if (!g_strcmp0(state, "DhcpConnected")) { + g_strlcpy(sta->ip, ip, STATION_STR_INFO_LEN); + g_strlcpy(sta->mac, mac, STATION_STR_INFO_LEN); + g_strlcpy(sta->name, hostname, STATION_STR_HOSTNAME_LEN); + _add_station_info(sta); + } else if (!g_strcmp0(state, "DhcpLeaseDeleted")) { + _remove_station_info(mac, _compare_sta_by_mac_func); + } + + g_free(state); + g_free(ip); + g_free(mac); + g_free(hostname); +} + +stc_error_e tether_plugin_status_changed(void) +{ + return STC_ERROR_NONE; +} + +int tether_plugin_init(void) +{ + GError *error = NULL; + + if (connection) + return 0; + + connection = g_bus_get_sync(G_BUS_TYPE_SYSTEM, NULL, &error); + if (!connection) { + g_error_free(error); + return -1; + } + + cancellable = g_cancellable_new(); + + g_mobileap_signal_sub_id = g_dbus_connection_signal_subscribe(connection, + NULL, + TETHERING_SERVICE_INTERFACE, + SIGNAL_NAME_DHCP_STATUS, + NULL, NULL, + G_DBUS_SIGNAL_FLAGS_NONE, + _mobileap_signal_cb, + NULL, NULL); + + STC_LOGI("tether plugin initialised"); + return 0; +} + +void tether_plugin_deinit(void) +{ + if (!connection) + return; + + g_object_unref(connection); + g_object_unref(cancellable); + connection = NULL; + cancellable = NULL; + STC_LOGI("tether plugin deinitialised"); +} + +/* Tether Plugin APIs */ +API stc_plugin_tether_s tether_plugin = { + .init = tether_plugin_init, + .deinit = tether_plugin_deinit, + .status_changed = tether_plugin_status_changed +}; diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 809897a..c845dd0 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -31,6 +31,7 @@ SET(PLUGIN_DIR ${CMAKE_SOURCE_DIR}/plugin) SET(APPSTATUS_SOURCE_DIR ${PLUGIN_DIR}/appstatus) SET(EXCEPTION_SOURCE_DIR ${PLUGIN_DIR}/exception) SET(PROCFS_SOURCE_DIR ${PLUGIN_DIR}/procfs) +SET(TETHER_SOURCE_DIR ${PLUGIN_DIR}/tether) INCLUDE_DIRECTORIES(${CMAKE_SOURCE_DIR}/include) INCLUDE_DIRECTORIES(${CMAKE_SOURCE_DIR}/interfaces) @@ -53,6 +54,7 @@ INCLUDE_DIRECTORIES(${LIMITATION_SOURCE_DIR}/include) INCLUDE_DIRECTORIES(${APPSTATUS_SOURCE_DIR}/include) INCLUDE_DIRECTORIES(${EXCEPTION_SOURCE_DIR}/include) INCLUDE_DIRECTORIES(${PROCFS_SOURCE_DIR}/include) +INCLUDE_DIRECTORIES(${TETHER_SOURCE_DIR}/include) FILE(GLOB SOURCE_SRCS ${SOURCE_DIR}/*.c) FILE(GLOB HELPER_SRCS ${HELPER_SOURCE_DIR}/*.c) diff --git a/src/stc-manager-plugin-tether.c b/src/stc-manager-plugin-tether.c new file mode 100644 index 0000000..1813e40 --- /dev/null +++ b/src/stc-manager-plugin-tether.c @@ -0,0 +1,67 @@ +/* + * Copyright (c) 2016 Samsung Electronics Co., Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include + +#include "stc-manager.h" +#include "stc-manager-plugin-tether.h" + +static gboolean stc_tether_plugin_enabled = FALSE; +static void *tether_plugin_handle; +static stc_plugin_tether_s *plugin; + +int stc_plugin_tether_init(void) +{ + __STC_LOG_FUNC_ENTER__; + + tether_plugin_handle = dlopen(STC_PLUGIN_TETHER_FILEPATH, RTLD_NOW); + if (!tether_plugin_handle) { + STC_LOGE("Can't load %s: %s", STC_PLUGIN_TETHER_FILEPATH, dlerror()); + __STC_LOG_FUNC_EXIT__; + return STC_ERROR_UNINITIALIZED; + } + + plugin = dlsym(tether_plugin_handle, "tether_plugin"); + if (!plugin) { + STC_LOGE("Can't load symbol: %s", dlerror()); + dlclose(tether_plugin_handle); + __STC_LOG_FUNC_EXIT__; + return STC_ERROR_UNINITIALIZED; + } + + plugin->init(); + stc_tether_plugin_enabled = TRUE; + + __STC_LOG_FUNC_EXIT__; + return STC_ERROR_NONE; +} + +int stc_plugin_tether_deinit(void) +{ + __STC_LOG_FUNC_ENTER__; + + if (!stc_tether_plugin_enabled) { + __STC_LOG_FUNC_EXIT__; + return STC_ERROR_UNINITIALIZED; + } + + plugin->deinit(); + stc_tether_plugin_enabled = FALSE; + dlclose(tether_plugin_handle); + + __STC_LOG_FUNC_EXIT__; + return STC_ERROR_NONE; +} diff --git a/src/stc-manager.c b/src/stc-manager.c index 436ee29..58f6531 100644 --- a/src/stc-manager.c +++ b/src/stc-manager.c @@ -31,6 +31,7 @@ #include "stc-manager-plugin-appstatus.h" #include "stc-manager-plugin-exception.h" #include "stc-manager-plugin-procfs.h" +#include "stc-manager-plugin-tether.h" #define BUF_SIZE_FOR_ERR 100 @@ -89,6 +90,7 @@ static void __stc_manager_deinit(void) stc_plugin_appstatus_deinit(); stc_plugin_exception_deinit(); stc_plugin_procfs_deinit(); + stc_plugin_tether_deinit(); inotify_deregister(INFO_STORAGE_DIR); inotify_deinitialize(); @@ -123,6 +125,7 @@ static stc_s *__stc_manager_init(void) stc_plugin_appstatus_init(); stc_plugin_exception_init(); stc_plugin_procfs_init(); + stc_plugin_tether_init(); stc_firewall_init(); -- 2.7.4 From a721485553d709539ffd205bbb16142d43765bf7 Mon Sep 17 00:00:00 2001 From: Nishant Chaprana Date: Wed, 22 Aug 2018 09:51:42 +0530 Subject: [PATCH 10/16] Add 'ps', 'awk' and 'pgrep' to exception list Change-Id: I965daf32489804429b316455071bca3d9a55f40b Signed-off-by: Nishant Chaprana --- data/exceptions | 3 +++ packaging/stc-manager.spec | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/data/exceptions b/data/exceptions index 2ce70b0..178bd7e 100644 --- a/data/exceptions +++ b/data/exceptions @@ -15,6 +15,7 @@ rpm:inst sh:inst sleep:inst grep:inst +pgrep:inst killall:inst systemctl:inst xargs:inst @@ -22,6 +23,8 @@ modprobe:inst pkgcmd:inst mount:inst chmod:inst +awk:inst +ps:inst wlan.sh:script wpa_supp.sh:script stc-manager:sys diff --git a/packaging/stc-manager.spec b/packaging/stc-manager.spec index b227159..bb2f8ed 100644 --- a/packaging/stc-manager.spec +++ b/packaging/stc-manager.spec @@ -1,6 +1,6 @@ Name: stc-manager Summary: STC(Smart Traffic Control) manager -Version: 0.0.74 +Version: 0.0.75 Release: 0 Group: Network & Connectivity/Other License: Apache-2.0 -- 2.7.4 From 5cbfb23b9a29e26b618f72f9f81b1e16faffb783 Mon Sep 17 00:00:00 2001 From: hyunuktak Date: Wed, 22 Aug 2018 14:07:57 +0900 Subject: [PATCH 11/16] Added new vconf key for VCONFKEY_SETAPPL_DATA_RESTRICTION_INT Change-Id: I1d869718893ada6c6b2b6ff979b1460672b34524 Signed-off-by: hyunuktak --- src/monitor/include/stc-monitor.h | 5 +++ src/monitor/stc-monitor.c | 82 ++++++++++++++++++++++++++------------- 2 files changed, 60 insertions(+), 27 deletions(-) mode change 100644 => 100755 src/monitor/include/stc-monitor.h mode change 100644 => 100755 src/monitor/stc-monitor.c diff --git a/src/monitor/include/stc-monitor.h b/src/monitor/include/stc-monitor.h old mode 100644 new mode 100755 index 3414c06..0977eba --- a/src/monitor/include/stc-monitor.h +++ b/src/monitor/include/stc-monitor.h @@ -40,6 +40,11 @@ typedef enum { STC_RSTN_LIMIT_TYPE_MAX } stc_rstn_limit_type_e; +typedef enum { + STC_RSTN_STATE_INIT = -1, + STC_RSTN_STATE_UNSET, + STC_RSTN_STATE_SET, +} stc_rstn_noti_state_e; /** * @brief key for processes tree diff --git a/src/monitor/stc-monitor.c b/src/monitor/stc-monitor.c old mode 100644 new mode 100755 index 2a42682..694bf5c --- a/src/monitor/stc-monitor.c +++ b/src/monitor/stc-monitor.c @@ -34,7 +34,14 @@ #define GRANULARITY 10 #define MAX_INT_LENGTH 128 + +#ifndef VCONFKEY_STC_BACKGROUND_STATE #define VCONFKEY_STC_BACKGROUND_STATE "db/stc/background_state" +#endif + +#ifndef VCONFKEY_SETAPPL_DATA_RESTRICTION_INT +#define VCONFKEY_SETAPPL_DATA_RESTRICTION_INT "db/setting/data_restriction" +#endif typedef struct { time_t now; @@ -58,6 +65,34 @@ typedef struct { static stc_system_s *g_system = NULL; +//LCOV_EXCL_START +static int __vconf_get_int(const char *key, int *value) +{ + int ret = 0; + + ret = vconf_get_int(key, value); + if (ret != VCONF_OK) { + STC_LOGE("Failed to get vconfkey [%s] value", key); //LCOV_EXCL_LINE + return -1; //LCOV_EXCL_LINE + } + + return 0; +} + +static int __vconf_set_int(const char *key, int value) +{ + int ret = 0; + + ret = vconf_set_int(key, value); + if (ret != VCONF_OK) { + STC_LOGE("Failed to set vconfkey [%s] value", key); //LCOV_EXCL_LINE + return -1; //LCOV_EXCL_LINE + } + + return 0; +} +//LCOV_EXCL_STOP + static nfacct_rule_jump __get_jump_by_intend(struct nfacct_rule *counter) { if (counter->intend == NFACCT_WARN) @@ -608,6 +643,22 @@ static void __del_iptables_rule(int64_t classid, nfacct_rule_intend intend, __del_ip6tables_out(&counter); } +static void __set_rstn_noti_state(int value) +{ + int state = STC_RSTN_STATE_INIT; + + if (__vconf_get_int(VCONFKEY_SETAPPL_DATA_RESTRICTION_INT, &state)) + return; + + if (state == value) { + STC_LOGI("No need to change a restriction status: %d", state); + return; + } + + vconf_set_int(VCONFKEY_SETAPPL_DATA_RESTRICTION_INT, value); + return; +} + typedef struct { time_t month_start_ts; time_t week_start_ts; @@ -753,6 +804,8 @@ static void __process_restriction(enum traffic_restriction_type rstn_type, for (i = 0; i < STC_RSTN_LIMIT_TYPE_MAX; i++) if (rstn_value->limit[i] >= 0) rstn_value->counter[i] = 0; + + __set_rstn_noti_state(STC_RSTN_STATE_UNSET); } break; default: @@ -934,6 +987,8 @@ static void __action_when_rstn_limit_exceeded(stc_rstn_limit_type_e limit_type, context->counter->intend = NFACCT_COUNTER; rstn_value->limit_exceeded |= (1 << limit_type); + + __set_rstn_noti_state(STC_RSTN_STATE_SET); } break; default: @@ -1864,33 +1919,6 @@ static void __add_application_by_interface(const char *app_id) FREE(app_key.app_id); } -static int __vconf_get_int(const char *key, int *value) -{ - int ret = 0; - - ret = vconf_get_int(key, value); - if (ret != VCONF_OK) { - STC_LOGE("Failed to get vconfkey [%s] value", key); //LCOV_EXCL_LINE - return -1; //LCOV_EXCL_LINE - } - - return 0; -} - -//LCOV_EXCL_START -static int __vconf_set_int(const char *key, int value) -{ - int ret = 0; - - ret = vconf_set_int(key, value); - if (ret != VCONF_OK) { - STC_LOGE("Failed to set vconfkey [%s] value", key); //LCOV_EXCL_LINE - return -1; //LCOV_EXCL_LINE - } - - return 0; -} - static guint __get_background_state(void) { return g_system->background_state;; -- 2.7.4 From 6b6c8c8d2a7e95589fd3e2731ff0dd5d58bccf6a Mon Sep 17 00:00:00 2001 From: hyunuktak Date: Wed, 22 Aug 2018 18:26:19 +0900 Subject: [PATCH 12/16] Removed flag for TIZEN_DEBUG_ENABLE Change-Id: I5589bc07ded2abe496bf8fdfdc10bcc82145e0a1 Signed-off-by: hyunuktak --- packaging/stc-manager.spec | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/packaging/stc-manager.spec b/packaging/stc-manager.spec index b227159..295754d 100644 --- a/packaging/stc-manager.spec +++ b/packaging/stc-manager.spec @@ -63,9 +63,8 @@ chmod 644 %{SOURCE0} %build -export CFLAGS="$CFLAGS -DTIZEN_DEBUG_ENABLE -D_GNU_SOURCE" -export CXXFLAGS="$CXXFLAGS -DTIZEN_DEBUG_ENABLE -D_GNU_SOURCE" -export FFLAGS="$FFLAGS -DTIZEN_DEBUG_ENABLE" +export CFLAGS="$CFLAGS -D_GNU_SOURCE" +export CXXFLAGS="$CXXFLAGS -D_GNU_SOURCE" %cmake . -DCMAKE_INSTALL_PREFIX=%{_prefix} \ -DBIN_DIR=%{_bindir} \ -- 2.7.4 From 4774bacda3da28d4b0e08c7d15a04e83fd336014 Mon Sep 17 00:00:00 2001 From: hyunuktak Date: Thu, 23 Aug 2018 14:44:38 +0900 Subject: [PATCH 13/16] Add to insert firewall rule Change-Id: I873350bb260bc1ef111b2a1e3f551019c9676273 Signed-off-by: hyunuktak --- packaging/stc-manager.spec | 2 +- src/database/tables/table-firewall.c | 4 +- src/helper/helper-firewall.c | 209 +++++++++++++++++++++++++++-------- src/helper/helper-firewall.h | 7 +- src/stc-firewall.c | 4 +- 5 files changed, 171 insertions(+), 55 deletions(-) mode change 100644 => 100755 src/database/tables/table-firewall.c mode change 100644 => 100755 src/stc-firewall.c diff --git a/packaging/stc-manager.spec b/packaging/stc-manager.spec index 295754d..38eb499 100644 --- a/packaging/stc-manager.spec +++ b/packaging/stc-manager.spec @@ -1,6 +1,6 @@ Name: stc-manager Summary: STC(Smart Traffic Control) manager -Version: 0.0.74 +Version: 0.0.75 Release: 0 Group: Network & Connectivity/Other License: Apache-2.0 diff --git a/src/database/tables/table-firewall.c b/src/database/tables/table-firewall.c old mode 100644 new mode 100755 index 3eac6cf..3df1f52 --- a/src/database/tables/table-firewall.c +++ b/src/database/tables/table-firewall.c @@ -368,7 +368,9 @@ stc_error_e table_firewall_get_lock(char *name, int *state) switch (rc) { case SQLITE_DONE: - break; + STC_LOGD("There is no lock state [%s]", name); + error_code = STC_ERROR_NO_DATA; + goto handle_error; case SQLITE_ROW: *state = sqlite3_column_int(stmt, 0); break; diff --git a/src/helper/helper-firewall.c b/src/helper/helper-firewall.c index 14dff41..644ab75 100755 --- a/src/helper/helper-firewall.c +++ b/src/helper/helper-firewall.c @@ -31,8 +31,10 @@ #define STC_FIREWALL6_DBUS_METHOD_FLUSH_CHAIN "Ip6tFlushChain" #define STC_FIREWALL_DBUS_METHOD_ADD_RULE "IptAddRule" +#define STC_FIREWALL_DBUS_METHOD_INSERT_RULE "IptInsertRule" #define STC_FIREWALL_DBUS_METHOD_REMOVE_RULE "IptRemoveRule" #define STC_FIREWALL6_DBUS_METHOD_ADD_RULE "Ip6tAddRule" +#define STC_FIREWALL6_DBUS_METHOD_INSERT_RULE "Ip6tInsertRule" #define STC_FIREWALL6_DBUS_METHOD_REMOVE_RULE "Ip6tRemoveRule" #define BUF_SIZE_FOR_IP 64 @@ -46,33 +48,21 @@ static void __fw_add_rule_info_to_builder(GVariantBuilder *builder, g_variant_builder_add(builder, "{sv}", RULE_CHAIN, g_variant_new_string(rule->chain)); - if (rule->direction != STC_FW_DIRECTION_NONE) + if (rule->direction != STC_FW_DIRECTION_NONE) { g_variant_builder_add(builder, "{sv}", RULE_DIRECTION, g_variant_new_uint16(rule->direction)); - if (rule->s_ip_type != STC_FW_IP_NONE) - g_variant_builder_add(builder, "{sv}", RULE_SIPTYPE, - g_variant_new_uint16(rule->s_ip_type)); - - if (rule->d_ip_type != STC_FW_IP_NONE) - g_variant_builder_add(builder, "{sv}", RULE_DIPTYPE, - g_variant_new_uint16(rule->d_ip_type)); - - if (rule->s_port_type != STC_FW_PORT_NONE) - g_variant_builder_add(builder, "{sv}", RULE_SPORTTYPE, - g_variant_new_uint16(rule->s_port_type)); - - if (rule->d_port_type != STC_FW_PORT_NONE) - g_variant_builder_add(builder, "{sv}", RULE_DPORTTYPE, - g_variant_new_uint16(rule->d_port_type)); - - if (rule->protocol != STC_FW_PROTOCOL_NONE) - g_variant_builder_add(builder, "{sv}", RULE_PROTOCOL, - g_variant_new_uint16(rule->protocol)); + if (rule->ifname && rule->ifname[0] != '\0') + g_variant_builder_add(builder, "{sv}", RULE_IFNAME, + g_variant_new_string(rule->ifname)); + } switch (rule->family) { case STC_FW_FAMILY_V4: if (rule->s_ip_type != STC_FW_IP_NONE) { + g_variant_builder_add(builder, "{sv}", RULE_SIPTYPE, + g_variant_new_uint16(rule->s_ip_type)); + if (rule->s_ip1.Ipv4.s_addr) g_variant_builder_add(builder, "{sv}", RULE_SIP1, g_variant_new_uint32(rule->s_ip1.Ipv4.s_addr)); @@ -83,6 +73,9 @@ static void __fw_add_rule_info_to_builder(GVariantBuilder *builder, } if (rule->d_ip_type != STC_FW_IP_NONE) { + g_variant_builder_add(builder, "{sv}", RULE_DIPTYPE, + g_variant_new_uint16(rule->d_ip_type)); + if (rule->d_ip1.Ipv4.s_addr) g_variant_builder_add(builder, "{sv}", RULE_DIP1, g_variant_new_uint32(rule->d_ip1.Ipv4.s_addr)); @@ -98,6 +91,9 @@ static void __fw_add_rule_info_to_builder(GVariantBuilder *builder, char buf[BUF_SIZE_FOR_IP]; if (rule->s_ip_type != STC_FW_IP_NONE) { + g_variant_builder_add(builder, "{sv}", RULE_SIPTYPE, + g_variant_new_uint16(rule->s_ip_type)); + if (rule->s_ip1.Ipv6.s6_addr32[0] || rule->s_ip1.Ipv6.s6_addr32[1] || rule->s_ip1.Ipv6.s6_addr32[2] || rule->s_ip1.Ipv6.s6_addr32[3]) { memset(buf, 0, sizeof(buf)); @@ -120,6 +116,9 @@ static void __fw_add_rule_info_to_builder(GVariantBuilder *builder, } if (rule->d_ip_type != STC_FW_IP_NONE) { + g_variant_builder_add(builder, "{sv}", RULE_DIPTYPE, + g_variant_new_uint16(rule->d_ip_type)); + if (rule->d_ip1.Ipv6.s6_addr32[0] || rule->d_ip1.Ipv6.s6_addr32[1] || rule->d_ip1.Ipv6.s6_addr32[2] || rule->d_ip1.Ipv6.s6_addr32[3]) { memset(buf, 0, sizeof(buf)); @@ -147,30 +146,35 @@ static void __fw_add_rule_info_to_builder(GVariantBuilder *builder, break; } - if (rule->s_port_type != STC_FW_PORT_NONE) { - if (rule->s_port1) - g_variant_builder_add(builder, "{sv}", RULE_SPORT1, - g_variant_new_uint32(rule->s_port1)); + if (rule->protocol != STC_FW_PROTOCOL_NONE) { + g_variant_builder_add(builder, "{sv}", RULE_PROTOCOL, + g_variant_new_uint16(rule->protocol)); - if (rule->s_port2) - g_variant_builder_add(builder, "{sv}", RULE_SPORT2, - g_variant_new_uint32(rule->s_port2)); - } + if (rule->s_port_type != STC_FW_PORT_NONE) { + g_variant_builder_add(builder, "{sv}", RULE_SPORTTYPE, + g_variant_new_uint16(rule->s_port_type)); - if (rule->s_port_type != STC_FW_PORT_NONE) { - if (rule->d_port1) - g_variant_builder_add(builder, "{sv}", RULE_DPORT1, - g_variant_new_uint32(rule->d_port1)); + if (rule->s_port1) + g_variant_builder_add(builder, "{sv}", RULE_SPORT1, + g_variant_new_uint32(rule->s_port1)); - if (rule->d_port2) - g_variant_builder_add(builder, "{sv}", RULE_DPORT2, - g_variant_new_uint32(rule->d_port2)); - } + if (rule->s_port2) + g_variant_builder_add(builder, "{sv}", RULE_SPORT2, + g_variant_new_uint32(rule->s_port2)); + } - if (rule->direction != STC_FW_DIRECTION_NONE) { - if (rule->ifname && rule->ifname[0] != '\0') - g_variant_builder_add(builder, "{sv}", RULE_IFNAME, - g_variant_new_string(rule->ifname)); + if (rule->d_port_type != STC_FW_PORT_NONE) { + g_variant_builder_add(builder, "{sv}", RULE_DPORTTYPE, + g_variant_new_uint16(rule->d_port_type)); + + if (rule->d_port1) + g_variant_builder_add(builder, "{sv}", RULE_DPORT1, + g_variant_new_uint32(rule->d_port1)); + + if (rule->d_port2) + g_variant_builder_add(builder, "{sv}", RULE_DPORT2, + g_variant_new_uint32(rule->d_port2)); + } } if (rule->target_str && rule->target_str[0] != '\0') @@ -377,7 +381,7 @@ static int __fw_set_chain(firewall_chain_s *chain) } rule.target_str = g_strdup(chain->chain); - ret = firewall_rule_add(&rule); + ret = firewall_rule_insert(&rule); g_free(rule.chain); g_free(rule.target_str); @@ -411,7 +415,7 @@ static int __fw_unset_chain(firewall_chain_s *chain) return ret; } -static int __fw_add_rule(GDBusConnection *connection, +static int __fw_append_rule(GDBusConnection *connection, firewall_rule_s *rule) { int result = 0; @@ -444,7 +448,40 @@ static int __fw_add_rule(GDBusConnection *connection, return STC_ERROR_NONE; } -static int __fw6_add_rule(GDBusConnection *connection, +static int __fw_insert_rule(GDBusConnection *connection, + firewall_rule_s *rule) +{ + int result = 0; + GVariantBuilder *builder = NULL; + GVariant *params = NULL; + GVariant *message = NULL; + + builder = g_variant_builder_new(G_VARIANT_TYPE("a{sv}")); + __fw_add_rule_info_to_builder(builder, rule); + params = g_variant_new("(a{sv})", builder); + g_variant_builder_unref(builder); + + message = stc_manager_gdbus_call_sync(connection, + STC_FIREWALL_DBUS_SERVICE, + STC_FIREWALL_DBUS_RULE_PATH, + STC_FIREWALL_DBUS_RULE_INTERFACE, + STC_FIREWALL_DBUS_METHOD_INSERT_RULE, + params); + + if (message == NULL) { + STC_LOGE("Failed to invoke dbus method"); + return STC_ERROR_FAIL; + } + + g_variant_get(message, "(i)", &result); + STC_LOGD("Successfully inserted firewall rule [%d:%s]", + result, rule->chain); + g_variant_unref(message); + + return STC_ERROR_NONE; +} + +static int __fw6_append_rule(GDBusConnection *connection, firewall_rule_s *rule) { int result = 0; @@ -477,6 +514,39 @@ static int __fw6_add_rule(GDBusConnection *connection, return STC_ERROR_NONE; } +static int __fw6_insert_rule(GDBusConnection *connection, + firewall_rule_s *rule) +{ + int result = 0; + GVariantBuilder *builder = NULL; + GVariant *params = NULL; + GVariant *message = NULL; + + builder = g_variant_builder_new(G_VARIANT_TYPE("a{sv}")); + __fw_add_rule_info_to_builder(builder, rule); + params = g_variant_new("(a{sv})", builder); + g_variant_builder_unref(builder); + + message = stc_manager_gdbus_call_sync(connection, + STC_FIREWALL_DBUS_SERVICE, + STC_FIREWALL_DBUS_RULE_PATH, + STC_FIREWALL_DBUS_RULE_INTERFACE, + STC_FIREWALL6_DBUS_METHOD_INSERT_RULE, + params); + + if (message == NULL) { + STC_LOGE("Failed to invoke dbus method"); + return STC_ERROR_FAIL; + } + + g_variant_get(message, "(i)", &result); + STC_LOGD("Successfully inserted firewall6 rule [%d:%s]", + result, rule->chain); + g_variant_unref(message); + + return STC_ERROR_NONE; +} + static int __fw_remove_rule(GDBusConnection *connection, firewall_rule_s *rule) { @@ -649,7 +719,50 @@ stc_error_e firewall_chain_unset(firewall_chain_s *chain) return ret; } -stc_error_e firewall_rule_add(firewall_rule_s *rule) +stc_error_e firewall_rule_append(firewall_rule_s *rule) +{ + stc_error_e ret = STC_ERROR_NONE; + stc_s *stc = stc_get_manager(); + + if (!stc || !stc->connection) { + __STC_LOG_FUNC_EXIT__; + return STC_ERROR_UNINITIALIZED; + } + + switch (rule->family) { + case STC_FW_FAMILY_V4: + ret = __fw_append_rule(stc->connection, rule); + if (ret != STC_ERROR_NONE) { + __STC_LOG_FUNC_EXIT__; + return ret; + } + break; + case STC_FW_FAMILY_V6: + ret = __fw6_append_rule(stc->connection, rule); + if (ret != STC_ERROR_NONE) { + __STC_LOG_FUNC_EXIT__; + return ret; + } + break; + default: + ret = __fw_append_rule(stc->connection, rule); + if (ret != STC_ERROR_NONE) { + __STC_LOG_FUNC_EXIT__; + return ret; + } + + ret = __fw6_append_rule(stc->connection, rule); + if (ret != STC_ERROR_NONE) { + __STC_LOG_FUNC_EXIT__; + return ret; + } + break; + } + + return ret; +} + +stc_error_e firewall_rule_insert(firewall_rule_s *rule) { stc_error_e ret = STC_ERROR_NONE; stc_s *stc = stc_get_manager(); @@ -661,27 +774,27 @@ stc_error_e firewall_rule_add(firewall_rule_s *rule) switch (rule->family) { case STC_FW_FAMILY_V4: - ret = __fw_add_rule(stc->connection, rule); + ret = __fw_insert_rule(stc->connection, rule); if (ret != STC_ERROR_NONE) { __STC_LOG_FUNC_EXIT__; return ret; } break; case STC_FW_FAMILY_V6: - ret = __fw6_add_rule(stc->connection, rule); + ret = __fw6_insert_rule(stc->connection, rule); if (ret != STC_ERROR_NONE) { __STC_LOG_FUNC_EXIT__; return ret; } break; default: - ret = __fw_add_rule(stc->connection, rule); + ret = __fw_insert_rule(stc->connection, rule); if (ret != STC_ERROR_NONE) { __STC_LOG_FUNC_EXIT__; return ret; } - ret = __fw6_add_rule(stc->connection, rule); + ret = __fw6_insert_rule(stc->connection, rule); if (ret != STC_ERROR_NONE) { __STC_LOG_FUNC_EXIT__; return ret; diff --git a/src/helper/helper-firewall.h b/src/helper/helper-firewall.h index 2c779bb..4966769 100755 --- a/src/helper/helper-firewall.h +++ b/src/helper/helper-firewall.h @@ -22,8 +22,8 @@ #include "stc-manager.h" #include "stc-error.h" -#define FIREWALL_CHAIN_TARGET_IN "STC_IN" -#define FIREWALL_CHAIN_TARGET_OUT "STC_OUT" +#define FIREWALL_CHAIN_TARGET_IN "INPUT" +#define FIREWALL_CHAIN_TARGET_OUT "OUTPUT" #define FIREWALL_RULE_TARGET_ACCEPT "ACCEPT" #define FIREWALL_RULE_TARGET_DROP "DROP" @@ -111,7 +111,8 @@ stc_error_e firewall_chain_flush(firewall_chain_s *chain); stc_error_e firewall_chain_set(firewall_chain_s *chain); stc_error_e firewall_chain_unset(firewall_chain_s *chain); -stc_error_e firewall_rule_add(firewall_rule_s *rule); +stc_error_e firewall_rule_append(firewall_rule_s *rule); +stc_error_e firewall_rule_insert(firewall_rule_s *rule); stc_error_e firewall_rule_remove(firewall_rule_s *rule); #endif /*__STC_HELPER_FIREWALL_H__*/ diff --git a/src/stc-firewall.c b/src/stc-firewall.c old mode 100644 new mode 100755 index bec6c27..ec1f674 --- a/src/stc-firewall.c +++ b/src/stc-firewall.c @@ -629,7 +629,7 @@ static void __fw_rule_set_to_chain(gpointer data, gpointer user_data) break; } - firewall_rule_add(rule); + firewall_rule_append(rule); } static void __fw_rule_print_rules(gpointer data, gpointer user_data) @@ -1030,7 +1030,7 @@ static void __fw_rule_extract(const char *key, GVariant *value, } } else if (g_strcmp0(key, RULE_DPORT1) == 0) { - if (rule->s_port_type != STC_FW_PORT_NONE) { + if (rule->d_port_type != STC_FW_PORT_NONE) { rule->d_port1 = g_variant_get_uint32(value); STC_LOGD("%s: [%04x]", RULE_DPORT1, rule->d_port1); } -- 2.7.4 From 754bc0adb95b0efb54f2c7dd8e3105ff41ccc14d Mon Sep 17 00:00:00 2001 From: Milind Murhekar Date: Mon, 20 Aug 2018 17:15:05 +0530 Subject: [PATCH 14/16] [Add] tethering client monitoring This change adds the feature to monitor the data usage of connected tethering clients and saves the stats to the table counters. Change-Id: I50df631b27ad9fe483f6790877e92308b8ea760a Signed-off-by: Milind Murhekar --- include/stc-manager.h | 2 + packaging/stc-manager.spec | 2 +- plugin/tether/stc-plugin-tether.c | 53 ++++++++- src/helper/helper-cgroup.c | 4 + src/helper/helper-cgroup.h | 2 + src/helper/helper-iptables.c | 54 +++++++++ src/helper/helper-iptables.h | 15 +++ src/helper/helper-net-cls.c | 4 + src/helper/helper-nfacct-rule.c | 47 +++++++- src/helper/helper-nfacct-rule.h | 13 +++ src/monitor/include/stc-monitor.h | 7 ++ src/monitor/stc-monitor.c | 233 +++++++++++++++++++++++++++++++++++++- 12 files changed, 429 insertions(+), 7 deletions(-) diff --git a/include/stc-manager.h b/include/stc-manager.h index 898e7ae..94c57a1 100644 --- a/include/stc-manager.h +++ b/include/stc-manager.h @@ -24,6 +24,7 @@ #define NET_CLS_SUBSYS "net_cls" #define STC_BACKGROUND_APP_SUFFIX "_BACKGROUND" +#define STC_TETHERING_APP_SUFFIX "_TETHERING" #define STC_BACKGROUND_APP_ID "BACKGROUND" #define STC_TOTAL_DATACALL "TOTAL_DATACALL" #define STC_TOTAL_WIFI "TOTAL_WIFI" @@ -118,6 +119,7 @@ typedef enum { STC_APP_TYPE_GROUP, STC_APP_TYPE_WATCH, STC_APP_TYPE_WIDGET, + STC_APP_TYPE_TETHERING, STC_APP_TYPE_MAX, } stc_app_type_e; diff --git a/packaging/stc-manager.spec b/packaging/stc-manager.spec index 6b0b965..81d341a 100644 --- a/packaging/stc-manager.spec +++ b/packaging/stc-manager.spec @@ -1,6 +1,6 @@ Name: stc-manager Summary: STC(Smart Traffic Control) manager -Version: 0.0.74 +Version: 0.0.75 Release: 0 Group: Network & Connectivity/Other License: Apache-2.0 diff --git a/plugin/tether/stc-plugin-tether.c b/plugin/tether/stc-plugin-tether.c index ed3ccd4..629abbf 100644 --- a/plugin/tether/stc-plugin-tether.c +++ b/plugin/tether/stc-plugin-tether.c @@ -31,6 +31,51 @@ static GDBusConnection *connection = NULL; static GCancellable *cancellable = NULL; static int g_mobileap_signal_sub_id = 0; +static stc_error_e add_station_monitor(gchar *pkg_id, gchar *app_id, const char *ip) +{ + int ret; + stc_app_key_s app_key; + stc_app_value_s app_value; + + if (pkg_id == NULL || app_id == NULL || ip == NULL) { + STC_LOGE("invalid station station info"); + return STC_ERROR_INVALID_PARAMETER; + } + + memset(&app_key, 0, sizeof(stc_app_key_s)); + memset(&app_value, 0, sizeof(stc_app_value_s)); + app_key.pkg_id = g_strdup(pkg_id); + app_key.app_id = g_strconcat(app_id, STC_TETHERING_APP_SUFFIX, NULL); + app_value.type = STC_APP_TYPE_TETHERING; + app_value.processes = NULL; + g_strlcpy(app_value.ipaddr, ip, IPV4_IPADDRESS_LEN); + + ret = stc_monitor_application_add(app_key, app_value); + FREE(app_key.pkg_id); + FREE(app_key.app_id); + return ret; +} + +static stc_error_e remove_station_monitor(gchar *pkg_id, gchar *app_id) +{ + int ret; + stc_app_key_s app_key; + + if (pkg_id == NULL || app_id == NULL) { + STC_LOGE("invalid station station info"); + return STC_ERROR_INVALID_PARAMETER; + } + + memset(&app_key, 0, sizeof(stc_app_key_s)); + app_key.pkg_id = g_strdup(pkg_id); + app_key.app_id = g_strconcat(app_id, STC_TETHERING_APP_SUFFIX, NULL); + + ret = stc_monitor_application_remove(app_key); + FREE(app_key.pkg_id); + FREE(app_key.app_id); + return ret; +} + static int _compare_sta_by_mac_func(gconstpointer a, gconstpointer b) { @@ -75,6 +120,10 @@ static void _remove_station_info(gconstpointer data, GCompareFunc func) info = (tether_sta_info_s *)list->data; STC_LOGI("STA-REMOVED: (%s) (%s) (%s)", info->ip, info->mac, info->name); + + /* remove tethering client from monitoring */ + remove_station_monitor(info->mac, info->station_id); + g_free(info->station_id); g_free(info); @@ -99,7 +148,10 @@ static void _add_station_info(tether_sta_info_s *info) station_list = g_slist_prepend(station_list, info); STC_LOGI("STA-ADDED: (%s) (%s) (%s)", info->ip, info->mac, info->name); + + /* add tethering client for monitoring data usage */ info->station_id = g_strdup_printf("%s_%s", info->mac, info->name); + add_station_monitor(info->mac, info->station_id, info->ip); } static void _mobileap_signal_cb(GDBusConnection *conn, @@ -189,7 +241,6 @@ void tether_plugin_deinit(void) STC_LOGI("tether plugin deinitialised"); } -/* Tether Plugin APIs */ API stc_plugin_tether_s tether_plugin = { .init = tether_plugin_init, .deinit = tether_plugin_deinit, diff --git a/src/helper/helper-cgroup.c b/src/helper/helper-cgroup.c index 1f195ba..fa54c12 100644 --- a/src/helper/helper-cgroup.c +++ b/src/helper/helper-cgroup.c @@ -237,4 +237,8 @@ void cgroup_init(void) /* create foreground cgroup directory */ cgroup_make_subdir(STC_CGROUP_NETWORK, STC_FOREGROUND_CGROUP_NAME, NULL); + + /* create tethering cgroup directory */ + cgroup_make_subdir(STC_CGROUP_NETWORK, STC_TETHERING_CGROUP_NAME, + NULL); } diff --git a/src/helper/helper-cgroup.h b/src/helper/helper-cgroup.h index 725cad4..73abd40 100644 --- a/src/helper/helper-cgroup.h +++ b/src/helper/helper-cgroup.h @@ -33,10 +33,12 @@ #define STC_CGROUP_NETWORK CGROUP_NETWORK "/stc" #define BACKGROUND_CGROUP_NETWORK STC_CGROUP_NETWORK "/BACKGROUND" #define FOREGROUND_CGROUP_NETWORK STC_CGROUP_NETWORK "/FOREGROUND" +#define TETHERING_CGROUP_NETWORK STC_CGROUP_NETWORK "/TETHERING" #define PROC_TASK_CHILDREN "/proc/%d/task/%d/children" #define STC_CGROUP_NAME "stc" #define STC_BACKGROUND_CGROUP_NAME "BACKGROUND" #define STC_FOREGROUND_CGROUP_NAME "FOREGROUND" +#define STC_TETHERING_CGROUP_NAME "TETHERING" /** * @desc Get one unsigned int32 value from cgroup diff --git a/src/helper/helper-iptables.c b/src/helper/helper-iptables.c index 6ca96af..0914100 100644 --- a/src/helper/helper-iptables.c +++ b/src/helper/helper-iptables.c @@ -39,6 +39,13 @@ #define RULE_CGROUP "cgroup" #define RULE_NFACCT "nfacct" #define RULE_TARGET "target" +#define RULE_PROTOCOL "protocol" +#define RULE_SIPTYPE "s_ip_type" +#define RULE_SIP1 "s_ip1" +#define RULE_SIP2 "s_ip2" +#define RULE_DIPTYPE "d_ip_type" +#define RULE_DIP1 "d_ip1" +#define RULE_DIP2 "d_ip2" static void __add_rule_info_to_builder(GVariantBuilder *builder, iptables_rule_s *rule) @@ -68,6 +75,27 @@ static void __add_rule_info_to_builder(GVariantBuilder *builder, g_variant_builder_add(builder, "{sv}", RULE_TARGET, g_variant_new_string(rule->target)); + g_variant_builder_add(builder, "{sv}", RULE_SIPTYPE, + g_variant_new_uint16(rule->s_iprange_type)); + + g_variant_builder_add(builder, "{sv}", RULE_DIPTYPE, + g_variant_new_uint16(rule->d_iprange_type)); + + if (rule->s_ip1.s_addr) + g_variant_builder_add(builder, "{sv}", RULE_SIP1, + g_variant_new_uint32(rule->s_ip1.s_addr)); + + if (rule->s_ip2.s_addr) + g_variant_builder_add(builder, "{sv}", RULE_SIP2, + g_variant_new_uint32(rule->s_ip2.s_addr)); + + if (rule->d_ip1.s_addr) + g_variant_builder_add(builder, "{sv}", RULE_DIP1, + g_variant_new_uint32(rule->d_ip1.s_addr)); + + if (rule->d_ip2.s_addr) + g_variant_builder_add(builder, "{sv}", RULE_DIP2, + g_variant_new_uint32(rule->d_ip2.s_addr)); } static int __iptables_rule_add(GDBusConnection *connection, @@ -436,6 +464,10 @@ stc_error_e iptables_flush_chains(void) if (ret != STC_ERROR_NONE) goto done; //LCOV_EXCL_LINE + ret = __iptables_flush_chain(stc->connection, STC_TETHER_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + ret = __ip6tables_flush_chain(stc->connection, STC_IN_CHAIN); if (ret != STC_ERROR_NONE) goto done; //LCOV_EXCL_LINE @@ -479,6 +511,12 @@ stc_error_e iptables_init(void) goto done; //LCOV_EXCL_LINE } + ret = __iptables_add_chain(stc->connection, STC_TETHER_CHAIN); + if (ret != STC_ERROR_NONE) { + __STC_LOG_FUNC_EXIT__; //LCOV_EXCL_LINE + goto done; //LCOV_EXCL_LINE + } + ret = __ip6tables_add_chain(stc->connection, STC_IN_CHAIN); if (ret != STC_ERROR_NONE) { __STC_LOG_FUNC_EXIT__; //LCOV_EXCL_LINE @@ -510,6 +548,16 @@ stc_error_e iptables_init(void) } ret = __iptables_add_chain_jump_rule("FORWARD", STC_FRWD_CHAIN); + if (ret != STC_ERROR_NONE) { + __STC_LOG_FUNC_EXIT__; //LCOV_EXCL_LINE + goto done; //LCOV_EXCL_LINE + } + + ret = __iptables_add_chain_jump_rule("FORWARD", STC_TETHER_CHAIN); + if (ret != STC_ERROR_NONE) { + __STC_LOG_FUNC_EXIT__; + goto done; + } done: return ret; } @@ -538,6 +586,12 @@ stc_error_e iptables_deinit(void) goto done; //LCOV_EXCL_LINE } + ret = __iptables_remove_chain(stc->connection, STC_TETHER_CHAIN); + if (ret != STC_ERROR_NONE) { + __STC_LOG_FUNC_EXIT__; //LCOV_EXCL_LINE + goto done; //LCOV_EXCL_LINE + } + ret = __iptables_remove_chain(stc->connection, STC_FRWD_CHAIN); if (ret != STC_ERROR_NONE) { __STC_LOG_FUNC_EXIT__; //LCOV_EXCL_LINE diff --git a/src/helper/helper-iptables.h b/src/helper/helper-iptables.h index 13db25b..71b057b 100644 --- a/src/helper/helper-iptables.h +++ b/src/helper/helper-iptables.h @@ -17,12 +17,14 @@ #ifndef __STC_HELPER_IPTABLES_H__ #define __STC_HELPER_IPTABLES_H__ +#include #include "stc-manager.h" #include "stc-error.h" #define STC_IN_CHAIN "STC_IN" #define STC_OUT_CHAIN "STC_OUT" #define STC_FRWD_CHAIN "STC_FRWD" +#define STC_TETHER_CHAIN "STC_TETHER" typedef enum { IPTABLES_DIRECTION_NONE, @@ -38,11 +40,24 @@ typedef enum { IP_TYPE_LAST_ELEM } iptables_ip_type_e; +typedef enum { + IPTABLES_IP_NONE, + IPTABLES_IP_SINGLE, + IPTABLES_IP_MASK, + IPTABLES_IP_RANGE +} iptables_iprange_type_e; + typedef struct { char *chain; char *ifname; char *nfacct_name; char *target; + iptables_iprange_type_e s_iprange_type; + iptables_iprange_type_e d_iprange_type; + struct in_addr s_ip1; + struct in_addr s_ip2; + struct in_addr d_ip1; + struct in_addr d_ip2; iptables_rule_direction_e direction; uint32_t classid; } iptables_rule_s; diff --git a/src/helper/helper-net-cls.c b/src/helper/helper-net-cls.c index 748f95f..238b7de 100644 --- a/src/helper/helper-net-cls.c +++ b/src/helper/helper-net-cls.c @@ -137,6 +137,8 @@ uint32_t get_classid_by_app_id(const char *app_id, int create) if (strstr(app_id, STC_BACKGROUND_APP_SUFFIX)) path_to_net_cgroup_dir = BACKGROUND_CGROUP_NETWORK; + else if (strstr(app_id, STC_TETHERING_APP_SUFFIX)) + path_to_net_cgroup_dir = TETHERING_CGROUP_NETWORK; else path_to_net_cgroup_dir = FOREGROUND_CGROUP_NETWORK; @@ -186,6 +188,8 @@ stc_error_e place_pids_to_net_cgroup(const int pid, const char *app_id) path_to_net_cgroup_dir = STC_CGROUP_NETWORK; else if (strstr(app_id, STC_BACKGROUND_APP_SUFFIX)) path_to_net_cgroup_dir = BACKGROUND_CGROUP_NETWORK; + else if (strstr(app_id, STC_TETHERING_APP_SUFFIX)) + path_to_net_cgroup_dir = TETHERING_CGROUP_NETWORK; else path_to_net_cgroup_dir = FOREGROUND_CGROUP_NETWORK; //LCOV_EXCL_LINE diff --git a/src/helper/helper-nfacct-rule.c b/src/helper/helper-nfacct-rule.c index 90364d3..70b29a5 100644 --- a/src/helper/helper-nfacct-rule.c +++ b/src/helper/helper-nfacct-rule.c @@ -448,12 +448,32 @@ static stc_error_e exec_iptables_cmd(nfacct_rule_s *rule) iptables_rule.nfacct_name = g_strdup(rule->name); iptables_rule.ifname = g_strdup(rule->ifname); iptables_rule.target = g_strdup(get_iptables_jump(rule->jump)); - iptables_rule.chain = g_strdup(get_iptables_chain(rule->iotype)); + + /* In case of tehering use chain 'STC_TETHER' */ + if (rule->intend == NFACCT_TETH_COUNTER) + iptables_rule.chain = g_strdup(STC_TETHER_CHAIN); + else + iptables_rule.chain = g_strdup(get_iptables_chain(rule->iotype)); + iptables_rule.classid = rule->classid; iptables_rule.direction = (rule->iotype & NFACCT_COUNTER_IN) ? IPTABLES_DIRECTION_IN : IPTABLES_DIRECTION_OUT; iptype = (iptables_ip_type_e)rule->iptype; + /* specify the ip range type for source and destination */ + iptables_rule.s_iprange_type = rule->src_iprange_type; + iptables_rule.d_iprange_type = rule->dst_iprange_type; + + /* specify source and destination ip address if any */ + if (rule->src_ip1) + inet_aton(rule->src_ip1, &iptables_rule.s_ip1); + if (rule->src_ip2) + inet_aton(rule->src_ip2, &iptables_rule.s_ip2); + if (rule->dst_ip1) + inet_aton(rule->dst_ip1, &iptables_rule.d_ip1); + if (rule->dst_ip2) + inet_aton(rule->dst_ip2, &iptables_rule.d_ip2); + if (rule->action == NFACCT_ACTION_DELETE) { /* delete interface rule */ ret = iptables_remove(&iptables_rule, iptype); @@ -480,6 +500,7 @@ static stc_error_e produce_app_rule(nfacct_rule_s *rule) char nfacct_buf[sizeof(NFACCT_NAME_MOD) + 3*MAX_DEC_SIZE(int) + 4 + 1]; stc_error_e ret = STC_ERROR_NONE; + uint32_t classid = rule->classid; /* income part */ if (rule->iotype & NFACCT_COUNTER_IN) { @@ -508,7 +529,19 @@ static stc_error_e produce_app_rule(nfacct_rule_s *rule) ret_value_msg_if(ret > sizeof(nfacct_buf) || ret < 0, STC_ERROR_FAIL, "Not enought buffer"); + /* cgroup extention on FORWARD chain are not allowed + * remove classid info in case of tethering rules */ + if (rule->intend == NFACCT_TETH_COUNTER) { + classid = rule->classid; + rule->classid = 0; + } + ret = exec_iptables_cmd(rule); + + /* restore the classid info in case of tethering rule */ + if (rule->intend == NFACCT_TETH_COUNTER) + rule->classid = classid; + ret_value_msg_if(ret != STC_ERROR_NONE, STC_ERROR_FAIL, "Can't set conditional block for ingress" " traffic, for classid %u, cmd %s, j %s", @@ -551,7 +584,19 @@ static stc_error_e produce_app_rule(nfacct_rule_s *rule) ret_value_msg_if(ret > sizeof(nfacct_buf) || ret < 0, STC_ERROR_FAIL, "Not enought buffer"); + /* cgroup extention on FORWARD chain are not allowed + * remove classid info in case of tethering rules */ + if (rule->intend == NFACCT_TETH_COUNTER) { + classid = rule->classid; + rule->classid = 0; + } + ret = exec_iptables_cmd(rule); + + /* restore the classid info in case of tethering rule */ + if (rule->intend == NFACCT_TETH_COUNTER) + rule->classid = classid; + ret_value_msg_if(ret != STC_ERROR_NONE, STC_ERROR_FAIL, "Can't set conditional block for engress" " traffic, for classid %u, cmd %s, j %s", diff --git a/src/helper/helper-nfacct-rule.h b/src/helper/helper-nfacct-rule.h index 9d80afb..52ef8f4 100644 --- a/src/helper/helper-nfacct-rule.h +++ b/src/helper/helper-nfacct-rule.h @@ -67,6 +67,13 @@ typedef enum { NFACCT_TYPE_LAST_ELEM } nfacct_rule_iptype; +typedef enum { + NFACCT_IPRANGE_TYPE_NONE, + NFACCT_IPRANGE_TYPE_SINGLE, + NFACCT_IPRANGE_TYPE_MASK, + NFACCT_IPRANGE_TYPE_RANGE, +} nfacct_rule_iprange_type; + enum nfnl_acct_flags { NFACCT_F_QUOTA_PKTS = (1 << 0), NFACCT_F_QUOTA_BYTES = (1 << 1), @@ -97,6 +104,12 @@ struct nfacct_rule { nfacct_rule_jump jump; /* in most cases jump is evalutation based on intend, but not always */ stc_rstn_state_e rstn_state; nfacct_rule_iptype iptype; + nfacct_rule_iprange_type src_iprange_type; + nfacct_rule_iprange_type dst_iprange_type; + char *src_ip1; + char *src_ip2; + char *dst_ip1; + char *dst_ip2; struct counter_arg *carg; stc_error_e(*iptables_rule)(struct nfacct_rule *counter); diff --git a/src/monitor/include/stc-monitor.h b/src/monitor/include/stc-monitor.h index 3414c06..4b5375c 100644 --- a/src/monitor/include/stc-monitor.h +++ b/src/monitor/include/stc-monitor.h @@ -27,6 +27,7 @@ /* 1 seconds */ #define CONTR_TIMER_INTERVAL 1 +#define IPV4_IPADDRESS_LEN 16 /** * @brief enumeration for data limit types @@ -72,6 +73,7 @@ typedef struct { stc_data_counter_s data_usage; stc_data_counter_s counter; GTree *processes; /**< applications instances */ + char ipaddr[IPV4_IPADDRESS_LEN+1]; /**< application ip address */ } stc_app_value_s; /** @@ -139,6 +141,11 @@ stc_error_e stc_monitor_application_add(const stc_app_key_s app_key, const stc_app_value_s app_value); /** + * @brief deletes an application entry + */ +stc_error_e stc_monitor_application_remove(const stc_app_key_s app_key); + +/** * @brief associates process to an application */ stc_error_e stc_monitor_process_add(const stc_app_key_s app_key, diff --git a/src/monitor/stc-monitor.c b/src/monitor/stc-monitor.c index 2a42682..fbed5e3 100644 --- a/src/monitor/stc-monitor.c +++ b/src/monitor/stc-monitor.c @@ -70,6 +70,102 @@ static nfacct_rule_jump __get_jump_by_intend(struct nfacct_rule *counter) return NFACCT_JUMP_UNKNOWN; } +static stc_error_e __add_iptables_tether_in(struct nfacct_rule *counter, + const gchar *ipaddr) +{ + int ret; + + if (counter == NULL || ipaddr == NULL) + return STC_ERROR_INVALID_PARAMETER; + + counter->action = NFACCT_ACTION_INSERT; + counter->iotype = NFACCT_COUNTER_IN; + counter->jump = __get_jump_by_intend(counter); + counter->iptype = NFACCT_TYPE_IPV4; + counter->send_limit = 0; + counter->rcv_limit = 0; + counter->src_iprange_type = NFACCT_IPRANGE_TYPE_SINGLE; + counter->src_ip1 = g_strdup(ipaddr); + + ret = produce_net_rule(counter); + + g_free(counter->src_ip1); + counter->src_iprange_type = NFACCT_IPRANGE_TYPE_NONE; + return ret; +} + +static stc_error_e __add_iptables_tether_out(struct nfacct_rule *counter, + const gchar *ipaddr) +{ + int ret; + + if (counter == NULL || ipaddr == NULL) + return STC_ERROR_INVALID_PARAMETER; + + counter->action = NFACCT_ACTION_INSERT; + counter->iotype = NFACCT_COUNTER_OUT; + counter->jump = __get_jump_by_intend(counter); + counter->iptype = NFACCT_TYPE_IPV4; + counter->send_limit = 0; + counter->rcv_limit = 0; + counter->dst_iprange_type = NFACCT_IPRANGE_TYPE_SINGLE; + counter->dst_ip1 = g_strdup(ipaddr); + + ret = produce_net_rule(counter); + + g_free(counter->dst_ip1); + counter->dst_iprange_type = NFACCT_IPRANGE_TYPE_NONE; + return ret; +} + +static stc_error_e __del_iptables_tether_in(struct nfacct_rule *counter, + const gchar *ipaddr) +{ + int ret; + + if (counter == NULL || ipaddr == NULL) + return STC_ERROR_INVALID_PARAMETER; + + counter->action = NFACCT_ACTION_DELETE; + counter->iotype = NFACCT_COUNTER_IN; + counter->jump = __get_jump_by_intend(counter); + counter->iptype = NFACCT_TYPE_IPV4; + counter->send_limit = 0; + counter->rcv_limit = 0; + counter->src_iprange_type = NFACCT_IPRANGE_TYPE_SINGLE; + counter->src_ip1 = g_strdup(ipaddr); + + ret = produce_net_rule(counter); + + g_free(counter->src_ip1); + counter->src_iprange_type = NFACCT_IPRANGE_TYPE_NONE; + return ret; +} + +static stc_error_e __del_iptables_tether_out(struct nfacct_rule *counter, + const gchar *ipaddr) +{ + int ret; + + if (counter == NULL || ipaddr == NULL) + return STC_ERROR_INVALID_PARAMETER; + + counter->action = NFACCT_ACTION_DELETE; + counter->iotype = NFACCT_COUNTER_OUT; + counter->jump = __get_jump_by_intend(counter); + counter->iptype = NFACCT_TYPE_IPV4; + counter->send_limit = 0; + counter->rcv_limit = 0; + counter->dst_iprange_type = NFACCT_IPRANGE_TYPE_SINGLE; + counter->dst_ip1 = g_strdup(ipaddr); + + ret = produce_net_rule(counter); + + g_free(counter->dst_ip1); + counter->dst_iprange_type = NFACCT_IPRANGE_TYPE_NONE; + return ret; +} + static stc_error_e __add_iptables_in(struct nfacct_rule *counter) { if (counter == NULL) @@ -384,10 +480,93 @@ static gboolean __processes_tree_check_empty(gpointer key, gpointer value, } //LCOV_EXCL_STOP +static gboolean __add_application_monitor_for_tethering(gpointer key, gpointer value, + gpointer data) +{ + stc_app_value_s *app_value = (stc_app_value_s *)value; + stc_app_key_s *app_key = (stc_app_key_s *)key; + default_connection_s *connection = (default_connection_s *)data; + stc_s *stc = stc_get_manager(); + struct nfacct_rule counter; + + STC_LOGI("add tether app (%s)", app_key->app_id); + + if (stc == NULL || connection == NULL) + return FALSE; + + if (!stc->carg) { + stc->carg = MALLOC0(counter_arg_s, 1); + if (stc->carg == NULL) + return FALSE; + + stc->carg->sock = stc_monitor_get_counter_socket(); + } + + memset(&counter, 0, sizeof(struct nfacct_rule)); + + counter.carg = stc->carg; + counter.classid = app_value->classid; + counter.intend = NFACCT_TETH_COUNTER; + + if (connection->tether_state != TRUE || + connection->tether_iface.ifname == NULL) + return FALSE; + + counter.iftype = connection->tether_iface.type; + g_strlcpy(counter.ifname, connection->tether_iface.ifname, MAX_IFACE_LENGTH); + + __add_iptables_tether_in(&counter, app_value->ipaddr); + __add_iptables_tether_out(&counter, app_value->ipaddr); + + return FALSE; +} + +static gboolean __remove_application_monitor_for_tethering(gpointer key, gpointer value, + gpointer data) +{ + stc_app_value_s *app_value = (stc_app_value_s *)value; + stc_app_key_s *app_key = (stc_app_key_s *)key; + default_connection_s *connection = (default_connection_s *)data; + stc_s *stc = stc_get_manager(); + struct nfacct_rule counter; + + STC_LOGI("remove tether app (%s)", app_key->app_id); + + if (stc == NULL || connection == NULL) + return FALSE; + + if (!stc->carg) { + stc->carg = MALLOC0(counter_arg_s, 1); + if (stc->carg == NULL) + return FALSE; + + stc->carg->sock = stc_monitor_get_counter_socket(); + } + + memset(&counter, 0, sizeof(struct nfacct_rule)); + + counter.carg = stc->carg; + counter.classid = app_value->classid; + counter.intend = NFACCT_TETH_COUNTER; + + if (connection->tether_state != TRUE || + connection->tether_iface.ifname == NULL) + return FALSE; + + counter.iftype = connection->tether_iface.type; + g_strlcpy(counter.ifname, connection->tether_iface.ifname, MAX_IFACE_LENGTH); + + __del_iptables_tether_in(&counter, app_value->ipaddr); + __del_iptables_tether_out(&counter, app_value->ipaddr); + + return FALSE; +} + static gboolean __add_application_monitor(gpointer key, gpointer value, gpointer data) { stc_app_value_s *app_value = (stc_app_value_s *)value; + stc_app_key_s *app_key = (stc_app_key_s *)key; default_connection_s *connection = (default_connection_s *)data; stc_s *stc = stc_get_manager(); @@ -423,7 +602,10 @@ static gboolean __add_application_monitor(gpointer key, gpointer value, g_strlcpy(counter.ifname, connection->ifname, MAX_IFACE_LENGTH); } - if (app_value->classid == STC_TOTAL_IPV4_CLASSID) { + if (g_str_has_suffix(app_key->app_id, STC_TETHERING_APP_SUFFIX) && + app_value->classid != STC_TETHERING_APP_CLASSID) { + __add_application_monitor_for_tethering(key, value, data); + } else if (app_value->classid == STC_TOTAL_IPV4_CLASSID) { __add_iptables_in(&counter); __add_iptables_out(&counter); } else if (app_value->classid == STC_TOTAL_IPV6_CLASSID) { @@ -444,6 +626,7 @@ static gboolean __remove_application_monitor(gpointer key, gpointer value, gpointer data) { stc_app_value_s *app_value = (stc_app_value_s *)value; + stc_app_key_s *app_key = (stc_app_key_s *)key; default_connection_s *connection = (default_connection_s *)data; stc_s *stc = stc_get_manager(); @@ -464,7 +647,11 @@ static gboolean __remove_application_monitor(gpointer key, gpointer value, counter.classid = app_value->classid; counter.intend = NFACCT_COUNTER; - if (connection->tether_state == FALSE && + if (g_str_has_suffix(app_key->app_id, STC_TETHERING_APP_SUFFIX) && + app_value->classid != STC_TETHERING_APP_CLASSID) { + __remove_application_monitor_for_tethering(key, value, data); + return FALSE; + } else if (connection->tether_state == FALSE && connection->tether_iface.ifname != NULL && app_value->classid == STC_TETHERING_APP_CLASSID) { counter.iftype = connection->tether_iface.type; @@ -1049,7 +1236,8 @@ static gboolean __rstn_counter_update_foreach_classid(gpointer key, classid_bytes_context_s *context = (classid_bytes_context_s *)data; uint32_t classid; - if (context->counter->intend != NFACCT_COUNTER) + if (context->counter->intend != NFACCT_COUNTER && + context->counter->intend != NFACCT_TETH_COUNTER) goto try_next_callback; if (rstn_value->limit_exceeded == TRUE) { @@ -1103,6 +1291,8 @@ static gboolean __update_app_statistics(gpointer key, gpointer value, if (app_value->classid == STC_TETHERING_APP_CLASSID && default_connection->tether_state == TRUE) stat_key.iftype = default_connection->tether_iface.type; + else if (g_str_has_suffix(app_key->app_id, STC_TETHERING_APP_SUFFIX)) + stat_key.iftype = default_connection->tether_iface.type; else stat_key.iftype = default_connection->type; @@ -1115,6 +1305,9 @@ static gboolean __update_app_statistics(gpointer key, gpointer value, default_connection->tether_state == TRUE) g_strlcpy(stat_key.ifname, default_connection->tether_iface.ifname, MAX_IFACE_LENGTH); + else if (g_str_has_suffix(app_key->app_id, STC_TETHERING_APP_SUFFIX)) + g_strlcpy(stat_key.ifname, default_connection->tether_iface.ifname, + MAX_IFACE_LENGTH); else g_strlcpy(stat_key.ifname, default_connection->ifname, MAX_IFACE_LENGTH); @@ -1266,7 +1459,8 @@ static gboolean __apps_counter_update_foreach_classid(gpointer key, stc_app_value_s *app_value = (stc_app_value_s *)value; classid_bytes_context_s *context = (classid_bytes_context_s *)data; - if (context->counter->intend != NFACCT_COUNTER) + if (context->counter->intend != NFACCT_COUNTER && + context->counter->intend != NFACCT_TETH_COUNTER) goto try_next_callback; __interface_counter_update(app_key, app_value, context); @@ -2071,6 +2265,7 @@ API stc_error_e stc_monitor_application_add(const stc_app_key_s app_key, value->type = app_value.type; value->data_usage.in_bytes = app_value.data_usage.in_bytes; value->data_usage.out_bytes = app_value.data_usage.out_bytes; + g_strlcpy(value->ipaddr, app_value.ipaddr, IPV4_IPADDRESS_LEN); value->processes = g_tree_new_full(__processes_tree_key_compare, NULL, __processes_tree_key_free, @@ -2088,6 +2283,36 @@ API stc_error_e stc_monitor_application_add(const stc_app_key_s app_key, return ret; } +API stc_error_e stc_monitor_application_remove(const stc_app_key_s app_key) +{ + stc_error_e ret = STC_ERROR_NONE; + stc_app_value_s *app_lookup; + + ret_value_msg_if(g_system == NULL, STC_ERROR_FAIL, "stc monitor not initialized!"); + + app_lookup = __application_lookup(g_system->apps, &app_key); + if (!app_lookup) { + if (STC_DEBUG_LOG) + STC_LOGD("app_key not found"); //LCOV_EXCL_LINE + return STC_ERROR_FAIL; //LCOV_EXCL_LINE + } + + /* remove nfacct rule for this classid */ + __remove_application_monitor((gpointer) &app_key, app_lookup, + stc_get_default_connection()); + + /* remove ristrictions if any */ + __remove_rstns_for_application(app_key.app_id); + + /* remove app_key from the stc-manager */ + if (!g_tree_remove(g_system->apps, &app_key)) { + ret = STC_ERROR_NO_DATA; + STC_LOGE("key not found"); + } + + return ret; +} + API stc_error_e stc_monitor_process_add(const stc_app_key_s app_key, const stc_process_key_s proc_key, const stc_process_value_s proc_value) -- 2.7.4 From c8f94ac3feda779ad5ae0cdc47ebee417db6d643 Mon Sep 17 00:00:00 2001 From: hyunuktak Date: Mon, 3 Sep 2018 14:01:06 +0900 Subject: [PATCH 15/16] Fix a bug for using heap after free Change-Id: I7bb7fa02324f919bd7d6aee99a2ceb0f8090a4bc Signed-off-by: hyunuktak --- packaging/stc-manager.spec | 2 +- src/stc-manager.c | 17 +++++++++-------- 2 files changed, 10 insertions(+), 9 deletions(-) mode change 100644 => 100755 src/stc-manager.c diff --git a/packaging/stc-manager.spec b/packaging/stc-manager.spec index b57a246..d84c351 100644 --- a/packaging/stc-manager.spec +++ b/packaging/stc-manager.spec @@ -1,6 +1,6 @@ Name: stc-manager Summary: STC(Smart Traffic Control) manager -Version: 0.0.75 +Version: 0.0.76 Release: 0 Group: Network & Connectivity/Other License: Apache-2.0 diff --git a/src/stc-manager.c b/src/stc-manager.c old mode 100644 new mode 100755 index 58f6531..7b4876a --- a/src/stc-manager.c +++ b/src/stc-manager.c @@ -120,7 +120,11 @@ static stc_s *__stc_manager_init(void) cgroup_set_release_agent(NET_CLS_SUBSYS, NET_RELEASE_AGENT); - EXEC(STC_ERROR_NONE, stc_db_initialize()); + err = stc_db_initialize(); + if (err != STC_ERROR_NONE) { + STC_LOGD("Failed to initialize stc db"); //LCOV_EXCL_LINE + return NULL; //LCOV_EXCL_LINE + } stc_plugin_appstatus_init(); stc_plugin_exception_init(); @@ -130,8 +134,10 @@ static stc_s *__stc_manager_init(void) stc_firewall_init(); err = stc_monitor_init(); - if (err != STC_ERROR_NONE) - goto handle_error; + if (err != STC_ERROR_NONE) { + STC_LOGD("Failed to initialize stc manager"); //LCOV_EXCL_LINE + return NULL; //LCOV_EXCL_LINE + } stc_plugin_procfs_load_pid(); stc_manager_gdbus_init((gpointer)stc); @@ -139,11 +145,6 @@ static stc_s *__stc_manager_init(void) STC_LOGI("stc manager initialized"); __STC_LOG_FUNC_EXIT__; return stc; - -handle_error: - STC_LOGD("Failed to initialize stc manager"); //LCOV_EXCL_LINE - __stc_manager_deinit(); //LCOV_EXCL_LINE - return NULL; //LCOV_EXCL_LINE } stc_s *stc_get_manager(void) -- 2.7.4 From 6bd0d8efb2ad6978205f4f76832cc83ae7761a30 Mon Sep 17 00:00:00 2001 From: hyunuktak Date: Mon, 3 Sep 2018 18:26:09 +0900 Subject: [PATCH 16/16] Initialize memory for nfacct rule Change-Id: Iadc6d5a531bc14e450970f6af57672b6f2b9fe66 Signed-off-by: hyunuktak --- packaging/stc-manager.spec | 2 +- src/monitor/stc-monitor.c | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/packaging/stc-manager.spec b/packaging/stc-manager.spec index d84c351..b75fff7 100644 --- a/packaging/stc-manager.spec +++ b/packaging/stc-manager.spec @@ -1,6 +1,6 @@ Name: stc-manager Summary: STC(Smart Traffic Control) manager -Version: 0.0.76 +Version: 0.0.77 Release: 0 Group: Network & Connectivity/Other License: Apache-2.0 diff --git a/src/monitor/stc-monitor.c b/src/monitor/stc-monitor.c index 7f28d9c..ebf15a5 100755 --- a/src/monitor/stc-monitor.c +++ b/src/monitor/stc-monitor.c @@ -760,6 +760,8 @@ static void __add_iptables_rule(int64_t classid, nfacct_rule_intend intend, stc->carg->sock = stc_monitor_get_counter_socket(); //LCOV_EXCL_LINE } + memset(&counter, 0, sizeof(struct nfacct_rule)); + counter.carg = stc->carg; counter.classid = classid; counter.intend = intend; @@ -806,6 +808,8 @@ static void __del_iptables_rule(int64_t classid, nfacct_rule_intend intend, stc->carg->sock = stc_monitor_get_counter_socket(); //LCOV_EXCL_LINE } + memset(&counter, 0, sizeof(struct nfacct_rule)); + counter.carg = stc->carg; counter.classid = classid; counter.intend = intend; @@ -1602,6 +1606,8 @@ static gboolean __reset_time_counter_foreach_rstn(gpointer key, stc_monitor_get_counter_socket(); } + memset(&counter, 0, sizeof(struct nfacct_rule)); + counter.carg = stc->carg; counter.classid = rstn_value->classid; counter.intend = NFACCT_BLOCK; -- 2.7.4