From d56633f1127e88f7744282e9feaf247d580cf31a Mon Sep 17 00:00:00 2001 From: hyunuktak Date: Fri, 15 Jun 2018 13:33:54 +0900 Subject: [PATCH 01/16] Fix a build warning for initialization from incompatible pointer type Change-Id: I780bcde31ee66a14e1b9d18521b8c1ef8d6350b8 Signed-off-by: hyunuktak --- packaging/stc-manager.spec | 2 +- src/helper/helper-inotify.c | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/packaging/stc-manager.spec b/packaging/stc-manager.spec index 52b858d..857db2c 100644 --- a/packaging/stc-manager.spec +++ b/packaging/stc-manager.spec @@ -1,6 +1,6 @@ Name: stc-manager Summary: STC(Smart Traffic Control) manager -Version: 0.0.67 +Version: 0.0.68 Release: 0 Group: Network & Connectivity/Other License: Apache-2.0 diff --git a/src/helper/helper-inotify.c b/src/helper/helper-inotify.c index 05d10db..1283cc6 100755 --- a/src/helper/helper-inotify.c +++ b/src/helper/helper-inotify.c @@ -75,7 +75,8 @@ static gboolean __inotify_data(GIOChannel *channel, } while (bytes_read > 0) { - struct inotify_event *event = next_event; + struct inotify_event *event = + (struct inotify_event *)next_event; gchar *ident = NULL; gsize len = 0; -- 2.7.4 From f1241cfe85a7d99d8cf188b86f018e130cb376fd Mon Sep 17 00:00:00 2001 From: hyunuktak Date: Mon, 25 Jun 2018 16:58:38 +0900 Subject: [PATCH 02/16] Fix some security issues Change-Id: I2b31052aa20c028f0a4b496ec50b54641cce8bd9 Signed-off-by: hyunuktak --- packaging/stc-manager.spec | 2 +- src/helper/helper-cgroup.c | 2 +- src/helper/helper-file.c | 6 ++++++ src/helper/helper-net-cls.c | 2 +- src/helper/helper-nfacct-rule.c | 4 ++-- 5 files changed, 11 insertions(+), 5 deletions(-) mode change 100644 => 100755 src/helper/helper-cgroup.c mode change 100644 => 100755 src/helper/helper-file.c diff --git a/packaging/stc-manager.spec b/packaging/stc-manager.spec index 857db2c..9fe0c3c 100644 --- a/packaging/stc-manager.spec +++ b/packaging/stc-manager.spec @@ -1,6 +1,6 @@ Name: stc-manager Summary: STC(Smart Traffic Control) manager -Version: 0.0.68 +Version: 0.0.69 Release: 0 Group: Network & Connectivity/Other License: Apache-2.0 diff --git a/src/helper/helper-cgroup.c b/src/helper/helper-cgroup.c old mode 100644 new mode 100755 index dc51231..1f195ba --- a/src/helper/helper-cgroup.c +++ b/src/helper/helper-cgroup.c @@ -76,7 +76,7 @@ stc_error_e cgroup_write_pidtree(const char *cgroup_subsystem, char buf[MAX_PATH_LENGTH]; /*/proc/%d/task/%d/children */ - char child_buf[21 + MAX_DEC_SIZE(int) + MAX_DEC_SIZE(int)]; + char child_buf[21 + MAX_DEC_SIZE(int) + MAX_DEC_SIZE(int) + 1]; char pidbuf[MAX_DEC_SIZE(int)]; stc_error_e ret; diff --git a/src/helper/helper-file.c b/src/helper/helper-file.c old mode 100644 new mode 100755 index 63ad2bd..636ef5d --- a/src/helper/helper-file.c +++ b/src/helper/helper-file.c @@ -23,10 +23,16 @@ int fwrite_str(const char *path, const char *str) { _cleanup_fclose_ FILE *f = NULL; int ret; + char * t; assert(path); assert(str); + t = realpath(path, NULL); + ret_value_errno_msg_if(!t, -errno, + "Fail to get realpath %s", path); + free(t); + f = fopen(path, "w"); ret_value_errno_msg_if(!f, -errno, "Fail to open file %s", path); diff --git a/src/helper/helper-net-cls.c b/src/helper/helper-net-cls.c index f3a2ef5..748f95f 100755 --- a/src/helper/helper-net-cls.c +++ b/src/helper/helper-net-cls.c @@ -172,7 +172,7 @@ handle_error: stc_error_e place_pids_to_net_cgroup(const int pid, const char *app_id) { - char child_buf[21 + MAX_DEC_SIZE(int) + MAX_DEC_SIZE(int)]; + char child_buf[21 + MAX_DEC_SIZE(int) + MAX_DEC_SIZE(int) + 1]; const char *path_to_net_cgroup_dir = NULL; snprintf(child_buf, sizeof(child_buf), PROC_TASK_CHILDREN, pid, pid); diff --git a/src/helper/helper-nfacct-rule.c b/src/helper/helper-nfacct-rule.c index caf1174..1a2d188 100755 --- a/src/helper/helper-nfacct-rule.c +++ b/src/helper/helper-nfacct-rule.c @@ -478,7 +478,7 @@ static stc_error_e produce_app_rule(nfacct_rule_s *rule) char *set_cmd = get_iptables_cmd(rule->action); char *jump_cmd = get_iptables_jump(rule->jump); char nfacct_buf[sizeof(NFACCT_NAME_MOD) + - 3*MAX_DEC_SIZE(int) + 4]; + 3*MAX_DEC_SIZE(int) + 4 + 1]; stc_error_e ret = STC_ERROR_NONE; /* income part */ @@ -581,7 +581,7 @@ static stc_error_e produce_iface_rule(nfacct_rule_s *rule) char *set_cmd = get_iptables_cmd(rule->action); char *jump_cmd = get_iptables_jump(rule->jump); char nfacct_buf[sizeof(NFACCT_NAME_MOD) + - 3*MAX_DEC_SIZE(int) + 4]; + 3*MAX_DEC_SIZE(int) + 4 + 1]; uint32_t classid = rule->classid; stc_error_e ret; -- 2.7.4 From 146aa9755afe0e2a9fd85e63d9390e66122f0a73 Mon Sep 17 00:00:00 2001 From: hyunuktak Date: Wed, 4 Jul 2018 15:13:27 +0900 Subject: [PATCH 03/16] Sync current time Change-Id: I0b741ffd37d3848a6ce01c260908e3acd8b80cf2 Signed-off-by: hyunuktak --- src/monitor/stc-monitor.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/monitor/stc-monitor.c b/src/monitor/stc-monitor.c index 8ee3533..9db1cfb 100755 --- a/src/monitor/stc-monitor.c +++ b/src/monitor/stc-monitor.c @@ -1013,7 +1013,8 @@ static gboolean __update_app_statistics(gpointer key, gpointer value, static gboolean __flush_apps_stats_to_database(gpointer user_data) { - time_t current_time = time(0); + time_t current_time = 0; + time(¤t_time); if (g_system->apps_tree_updated == FALSE) return G_SOURCE_REMOVE; @@ -1109,7 +1110,7 @@ static void __interface_counter_update(stc_app_key_s *app_key, context->counter->iftype == STC_IFACE_USB) || (app_value->classid == STC_TETHERING_APP_CLASSID && context->counter->iftype == STC_IFACE_P2P)) - __app_counter_update(app_key, app_value, context); + __app_counter_update(app_key, app_value, context); } -- 2.7.4 From 1b21d2dd6e6a51192bad23b595cebdbd810bffd2 Mon Sep 17 00:00:00 2001 From: hyunuktak Date: Wed, 11 Jul 2018 18:11:42 +0900 Subject: [PATCH 04/16] Added data limits monitoring for daily, weekly and monthly Change-Id: Ibc94757d36210c9167ebe4ddb7c36053d13f60fd Signed-off-by: hyunuktak --- data/traffic_db.sql | 14 +- packaging/stc-manager.spec | 2 +- src/database/include/table-counters.h | 13 +- src/database/include/table-restrictions.h | 4 + src/database/tables/table-counters.c | 214 +++++++++++- src/database/tables/table-restrictions.c | 32 +- src/database/tables/table-statistics.c | 3 +- src/helper/helper-nfacct-rule.c | 2 +- src/monitor/include/stc-monitor.h | 31 +- src/monitor/include/stc-time.h | 24 ++ src/monitor/stc-monitor.c | 533 +++++++++++++++++++++++------- src/monitor/stc-time.c | 104 ++++++ src/stc-manager-gdbus.c | 2 +- src/stc-restriction.c | 41 ++- 14 files changed, 867 insertions(+), 152 deletions(-) create mode 100644 src/monitor/include/stc-time.h create mode 100644 src/monitor/stc-time.c diff --git a/data/traffic_db.sql b/data/traffic_db.sql index 1444598..cd06f8d 100644 --- a/data/traffic_db.sql +++ b/data/traffic_db.sql @@ -24,7 +24,11 @@ CREATE TABLE IF NOT EXISTS restrictions ( roaming INT, subscriber_id TEXT NOT NULL, data_limit BIGINT, - data_warn_limit BIGINT + data_warn_limit BIGINT, + monthly_limit BIGINT, + weekly_limit BIGINT, + daily_limit BIGINT, + month_start_date INT ); CREATE INDEX IF NOT EXISTS restrictions_index ON restrictions (binpath, iftype, ifname); @@ -32,5 +36,13 @@ CREATE INDEX IF NOT EXISTS restrictions_index ON restrictions (binpath, iftype, CREATE TABLE IF NOT EXISTS counters ( restriction_id INTEGER NOT NULL, data_counter BIGINT, + warn_counter BIGINT, + monthly_counter BIGINT, + weekly_counter BIGINT, + daily_counter BIGINT, + month_start_date INT, + month_start_ts BIGINT, + week_start_ts BIGINT, + day_start_ts BIGINT, PRIMARY KEY (restriction_id) ); diff --git a/packaging/stc-manager.spec b/packaging/stc-manager.spec index 9fe0c3c..bcad233 100644 --- a/packaging/stc-manager.spec +++ b/packaging/stc-manager.spec @@ -1,6 +1,6 @@ Name: stc-manager Summary: STC(Smart Traffic Control) manager -Version: 0.0.69 +Version: 0.0.70 Release: 0 Group: Network & Connectivity/Other License: Apache-2.0 diff --git a/src/database/include/table-counters.h b/src/database/include/table-counters.h index a0ef60d..5faff83 100644 --- a/src/database/include/table-counters.h +++ b/src/database/include/table-counters.h @@ -20,6 +20,14 @@ typedef struct { uint64_t restriction_id; int64_t data_counter; + int64_t warn_counter; + int64_t monthly_counter; + int64_t weekly_counter; + int64_t daily_counter; + int32_t month_start_date; + int64_t month_start_ts; + int64_t week_start_ts; + int64_t day_start_ts; } table_counters_info; typedef stc_cb_ret_e(*table_counters_info_cb)(const table_counters_info *info, @@ -30,7 +38,10 @@ stc_error_e table_counters_get(uint64_t restriction_id, stc_error_e table_counters_update_counters(const table_counters_info *info); -stc_error_e table_counters_insert(const table_counters_info *info); +stc_error_e table_counters_get_timestamps(uint64_t restriction_id, + table_counters_info *info); + +stc_error_e table_counters_update_timestamps(const table_counters_info *info); stc_error_e table_counters_delete(uint64_t restriction_id); diff --git a/src/database/include/table-restrictions.h b/src/database/include/table-restrictions.h index 77793d1..ea36988 100644 --- a/src/database/include/table-restrictions.h +++ b/src/database/include/table-restrictions.h @@ -26,6 +26,10 @@ typedef struct { stc_roaming_type_e roaming; int64_t data_limit; int64_t data_warn_limit; + int64_t monthly_limit; + int64_t weekly_limit; + int64_t daily_limit; + int month_start_date; uint64_t restriction_id; } table_restrictions_info; diff --git a/src/database/tables/table-counters.c b/src/database/tables/table-counters.c index 11c99a4..9aec545 100644 --- a/src/database/tables/table-counters.c +++ b/src/database/tables/table-counters.c @@ -26,13 +26,30 @@ #define DELETE_COUNTER "DELETE FROM counters WHERE restriction_id=?" -#define SELECT_COUNTER "SELECT data_counter FROM counters WHERE restriction_id=?" +#define SELECT_RESTRICTION_ID "SELECT restriction_id FROM counters " \ + " WHERE restriction_id = ?" -#define INSERT_COUNTER "INSERT INTO counters (restriction_id, data_counter) " \ - " VALUES (?, ?)" +#define SELECT_COUNTER "SELECT data_counter, warn_counter, monthly_counter, weekly_counter, daily_counter " \ + " FROM counters WHERE restriction_id = ?" -#define UPDATE_COUNTER "REPLACE INTO counters (restriction_id, data_counter) " \ - " VALUES (?, ?)" +#define UPDATE_COUNTER "UPDATE counters " \ + " SET data_counter = ?, warn_counter = ?, monthly_counter = ?, weekly_counter = ?, daily_counter = ? " \ + " WHERE restriction_id = ?" + +#define INSERT_COUNTER "INSERT INTO counters " \ + " (restriction_id, data_counter, warn_counter, monthly_counter, weekly_counter, daily_counter) " \ + " VALUES (?, ?, ?, ?, ?, ?)" + +#define SELECT_TIMESTAMP "SELECT month_start_date, month_start_ts, week_start_ts, day_start_ts " \ + " FROM counters WHERE restriction_id = ?" + +#define UPDATE_TIMESTAMP "UPDATE counters " \ + " SET month_start_date = ?, month_start_ts = ?, week_start_ts = ?, day_start_ts = ? " \ + " WHERE restriction_id = ?" + +#define INSERT_TIMESTAMP "INSERT INTO counters " \ + " (restriction_id, month_start_date, month_start_ts, week_start_ts, day_start_ts) " \ + " VALUES (?, ?, ?, ?, ?)" static void __finalize_delete(void); @@ -73,6 +90,21 @@ static void __finalize_update(void); } \ } while (0) +static void __finalize_insert(void); + +#define PREPARE_INSERT(stm, query) do { \ + rc = sqlite3_prepare_v2(db, query, -1, &stm, NULL); \ + if (rc != SQLITE_OK) { \ + stm = NULL; \ + __finalize_insert(); \ + STC_LOGE("Failed to prepare \"%s\"query" \ + , query); \ + return rc; \ + } \ + } while (0) + + + #define FINALIZE(stm) do { \ if (stm) { \ sqlite3_finalize(stm); \ @@ -81,8 +113,13 @@ static void __finalize_update(void); } while (0) static sqlite3_stmt *delete_counter; +static sqlite3_stmt *select_restriction_id; static sqlite3_stmt *select_counter; static sqlite3_stmt *update_counter; +static sqlite3_stmt *insert_counter; +static sqlite3_stmt *select_timestamp; +static sqlite3_stmt *update_timestamp; +static sqlite3_stmt *insert_timestamp; static int __prepare_delete(sqlite3 *db) { @@ -123,6 +160,8 @@ static int __prepare_select(sqlite3 *db) } PREPARE_SELECT(select_counter, SELECT_COUNTER); + PREPARE_SELECT(select_timestamp, SELECT_TIMESTAMP); + PREPARE_SELECT(select_restriction_id, SELECT_RESTRICTION_ID); initialized = 1; __STC_LOG_FUNC_EXIT__; @@ -134,6 +173,8 @@ static void __finalize_select(void) __STC_LOG_FUNC_ENTER__; FINALIZE(select_counter); + FINALIZE(select_timestamp); + FINALIZE(select_restriction_id); __STC_LOG_FUNC_EXIT__; } @@ -150,6 +191,7 @@ static int __prepare_update(sqlite3 *db) } PREPARE_UPDATE(update_counter, UPDATE_COUNTER); + PREPARE_UPDATE(update_timestamp, UPDATE_TIMESTAMP); initialized = 1; __STC_LOG_FUNC_EXIT__; @@ -161,10 +203,74 @@ static void __finalize_update(void) __STC_LOG_FUNC_ENTER__; FINALIZE(update_counter); + FINALIZE(update_timestamp); + + __STC_LOG_FUNC_EXIT__; +} + +static int __prepare_insert(sqlite3 *db) +{ + __STC_LOG_FUNC_ENTER__; + int rc; + static int initialized; + + if (initialized) { + __STC_LOG_FUNC_EXIT__; //LCOV_EXCL_LINE + return SQLITE_OK; //LCOV_EXCL_LINE + } + + PREPARE_INSERT(insert_counter, INSERT_COUNTER); + PREPARE_INSERT(insert_timestamp, INSERT_TIMESTAMP); + + initialized = 1; + __STC_LOG_FUNC_EXIT__; + return rc; +} + +static void __finalize_insert(void) +{ + __STC_LOG_FUNC_ENTER__; + + FINALIZE(insert_counter); + FINALIZE(insert_timestamp); __STC_LOG_FUNC_EXIT__; } +static bool __table_counters_is_entry_present(uint64_t restriction_id) +{ + bool ret = FALSE; + int rc; + uint64_t l_restriction_id = -1; + sqlite3_stmt *stmt = select_restriction_id; + + if (sqlite3_bind_int(stmt, 1, restriction_id) != SQLITE_OK) { + ret = FALSE; + __STC_LOG_FUNC_EXIT__; + goto handle_error; + } + + rc = sqlite3_step(stmt); + + switch (rc) { + case SQLITE_DONE: + break; + case SQLITE_ROW: + l_restriction_id = sqlite3_column_int64(stmt, 0); + STC_LOGD("restriction id [%llu]", l_restriction_id); + ret = TRUE; + break; + case SQLITE_ERROR: + default: + STC_LOGE("Failed to get restriction id : %s", + sqlite3_errmsg(stc_db_get_database())); + } + +handle_error: + sqlite3_reset(stmt); + return ret; +} + stc_error_e table_counters_get(uint64_t restriction_id, table_counters_info *info) { @@ -188,6 +294,10 @@ stc_error_e table_counters_get(uint64_t restriction_id, break; case SQLITE_ROW: info->data_counter = sqlite3_column_int64(stmt, 0); + info->warn_counter = sqlite3_column_int64(stmt, 1); + info->monthly_counter = sqlite3_column_int64(stmt, 2); + info->weekly_counter = sqlite3_column_int64(stmt, 3); + info->daily_counter = sqlite3_column_int64(stmt, 4); STC_LOGD("rstn_id [%llu] data_counters [%lld] bytes", restriction_id, info->data_counter); @@ -198,6 +308,7 @@ stc_error_e table_counters_get(uint64_t restriction_id, sqlite3_errmsg(stc_db_get_database())); error_code = STC_ERROR_DB_FAILED; + __STC_LOG_FUNC_EXIT__; } //LCOV_EXCL_STOP } while (rc == SQLITE_ROW); @@ -218,8 +329,15 @@ stc_error_e table_counters_update_counters(const table_counters_info *info) goto handle_error; } + if (__table_counters_is_entry_present(info->restriction_id) == FALSE) + stmt = insert_counter; + DB_ACTION(sqlite3_bind_int64(stmt, 1, info->restriction_id)); DB_ACTION(sqlite3_bind_int64(stmt, 2, info->data_counter)); + DB_ACTION(sqlite3_bind_int64(stmt, 3, info->warn_counter)); + DB_ACTION(sqlite3_bind_int64(stmt, 4, info->monthly_counter)); + DB_ACTION(sqlite3_bind_int64(stmt, 5, info->weekly_counter)); + DB_ACTION(sqlite3_bind_int64(stmt, 6, info->daily_counter)); if (sqlite3_step(stmt) != SQLITE_DONE) { STC_LOGE("Failed to update counter: %s\n", @@ -238,6 +356,90 @@ handle_error: } //LCOV_EXCL_STOP +stc_error_e table_counters_get_timestamps(uint64_t restriction_id, + table_counters_info *info) +{ + stc_error_e error_code = STC_ERROR_NONE; + sqlite3_stmt *stmt = select_timestamp; + int rc; + + if (info == NULL) { + __STC_LOG_FUNC_EXIT__; + goto handle_error; + } + + info->restriction_id = restriction_id; + + DB_ACTION(sqlite3_bind_int64(stmt, 1, restriction_id)); + + do { + rc = sqlite3_step(stmt); + + //LCOV_EXCL_START + switch (rc) { + case SQLITE_DONE: + break; + case SQLITE_ROW: + info->month_start_date = sqlite3_column_int(stmt, 0); + info->month_start_ts = sqlite3_column_int64(stmt, 1); + info->week_start_ts = sqlite3_column_int64(stmt, 2); + info->day_start_ts = sqlite3_column_int64(stmt, 3); + + STC_LOGD("rstn_id [%llu] month_start_date [%d], " + "month_start_ts [%lld], week_start_ts [%lld], " + "day_start_ts [%lld]", restriction_id, + info->month_start_date, info->month_start_ts, + info->week_start_ts, info->day_start_ts); + break; + case SQLITE_ERROR: + default: + STC_LOGE("Failed to enumerate counters: %s\n", + sqlite3_errmsg(stc_db_get_database())); + + error_code = STC_ERROR_DB_FAILED; + __STC_LOG_FUNC_EXIT__; + } + //LCOV_EXCL_STOP + } while (rc == SQLITE_ROW); + +handle_error: + sqlite3_reset(stmt); + return error_code; +} + +//LCOV_EXCL_START +stc_error_e table_counters_update_timestamps(const table_counters_info *info) +{ + stc_error_e error_code = STC_ERROR_NONE; + sqlite3_stmt *stmt = update_timestamp; + + if (__table_counters_is_entry_present(info->restriction_id) == FALSE) + stmt = insert_timestamp; + + DB_ACTION(sqlite3_bind_int64(stmt, 1, info->restriction_id)); + DB_ACTION(sqlite3_bind_int(stmt, 2, info->month_start_date)); + DB_ACTION(sqlite3_bind_int64(stmt, 3, info->month_start_ts)); + DB_ACTION(sqlite3_bind_int64(stmt, 4, info->week_start_ts)); + DB_ACTION(sqlite3_bind_int64(stmt, 5, info->day_start_ts)); + + if (sqlite3_step(stmt) != SQLITE_DONE) { + STC_LOGE("Failed to update timestamps: %s\n", + sqlite3_errmsg(stc_db_get_database())); + error_code = STC_ERROR_DB_FAILED; + __STC_LOG_FUNC_EXIT__; + goto handle_error; + } + + STC_LOGD("Timestamps updated for restriction_id [%llu]", + info->restriction_id); + +handle_error: + sqlite3_reset(stmt); + return error_code; +} +//LCOV_EXCL_STOP + + stc_error_e table_counters_delete(uint64_t restriction_id) { stc_error_e error_code = STC_ERROR_NONE; @@ -273,6 +475,7 @@ stc_error_e table_counters_prepare(sqlite3 *db) DB_ACTION(__prepare_delete(db)); DB_ACTION(__prepare_select(db)); DB_ACTION(__prepare_update(db)); + DB_ACTION(__prepare_insert(db)); handle_error: __STC_LOG_FUNC_EXIT__; @@ -285,5 +488,6 @@ void table_counters_finalize(void) __finalize_delete(); __finalize_select(); __finalize_update(); + __finalize_insert(); __STC_LOG_FUNC_EXIT__; } diff --git a/src/database/tables/table-restrictions.c b/src/database/tables/table-restrictions.c index 12fa67d..bbbede0 100755 --- a/src/database/tables/table-restrictions.c +++ b/src/database/tables/table-restrictions.c @@ -31,11 +31,13 @@ /* SELECT statements */ #define SELECT_RESTRICTIONS "SELECT binpath, data_limit, " \ " iftype, rstn_type, roaming, ifname, subscriber_id, " \ - " data_warn_limit, restriction_id FROM restrictions" + " data_warn_limit, monthly_limit, weekly_limit, daily_limit, month_start_date, " \ + " restriction_id FROM restrictions" #define SELECT_RESTRICTIONS_PER_APP "SELECT binpath, data_limit, " \ " iftype, rstn_type, roaming, ifname, subscriber_id, " \ - " data_warn_limit, restriction_id " \ + " data_warn_limit, monthly_limit, weekly_limit, daily_limit, month_start_date, " \ + " restriction_id " \ " FROM restrictions INDEXED BY restrictions_index " \ " WHERE binpath = ?" @@ -54,14 +56,16 @@ /* UPDATE statement */ #define UPDATE_NET_RESTRICTIONS "UPDATE restrictions " \ " SET binpath = ?, data_limit = ?, iftype = ?, rstn_type = ?, " \ - " roaming = ?, ifname = ?, subscriber_id = ?, data_warn_limit = ? " \ + " roaming = ?, ifname = ?, subscriber_id = ?, data_warn_limit = ?, " \ + " monthly_limit = ?, weekly_limit = ?, daily_limit = ? " \ " WHERE restriction_id = ?" /* INSERT statement */ #define INSERT_NET_RESTRICTIONS "INSERT INTO restrictions " \ " (binpath, data_limit, iftype, rstn_type, " \ - " roaming, ifname, subscriber_id, data_warn_limit) " \ - " VALUES (?, ?, ?, ?, ?, ?, ?, ?)" + " roaming, ifname, subscriber_id, data_warn_limit, " \ + " monthly_limit, weekly_limit, daily_limit, month_start_date) " \ + " VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)" static void __finalize_delete(void); @@ -291,7 +295,10 @@ stc_error_e table_restrictions_per_app(const gchar* app_id, data.ifname = (char *)sqlite3_column_text(stmt, 5); data.subscriber_id = (char *)sqlite3_column_text(stmt, 6); data.data_warn_limit = sqlite3_column_int64(stmt, 7); - data.restriction_id = sqlite3_column_int64(stmt, 8); + data.monthly_limit = sqlite3_column_int64(stmt, 8); + data.weekly_limit = sqlite3_column_int64(stmt, 9); + data.daily_limit = sqlite3_column_int64(stmt, 10); + data.restriction_id = sqlite3_column_int64(stmt, 11); if (restriction_cb(&data, user_data) == STC_CANCEL) rc = SQLITE_DONE; //LCOV_EXCL_LINE @@ -339,7 +346,11 @@ stc_error_e table_restrictions_foreach(const table_restrictions_info_cb restrict data.ifname = (char *)sqlite3_column_text(stmt, 5); data.subscriber_id = (char *)sqlite3_column_text(stmt, 6); data.data_warn_limit = sqlite3_column_int64(stmt, 7); - data.restriction_id = sqlite3_column_int64(stmt, 8); + data.monthly_limit = sqlite3_column_int64(stmt, 8); + data.weekly_limit = sqlite3_column_int64(stmt, 9); + data.daily_limit = sqlite3_column_int64(stmt, 10); + data.month_start_date = sqlite3_column_int(stmt, 11); + data.restriction_id = sqlite3_column_int64(stmt, 12); if (restriction_cb(&data, user_data) == STC_CANCEL) rc = SQLITE_DONE; //LCOV_EXCL_LINE @@ -524,9 +535,14 @@ stc_error_e table_restrictions_update(table_restrictions_info *info) DB_ACTION(sqlite3_bind_text(stmt, 7, info->subscriber_id ? info->subscriber_id : "", -1, SQLITE_TRANSIENT)); DB_ACTION(sqlite3_bind_int64(stmt, 8, info->data_warn_limit)); + DB_ACTION(sqlite3_bind_int64(stmt, 9, info->monthly_limit)); + DB_ACTION(sqlite3_bind_int64(stmt, 10, info->weekly_limit)); + DB_ACTION(sqlite3_bind_int64(stmt, 11, info->daily_limit)); if (info->restriction_id) - DB_ACTION(sqlite3_bind_int64(stmt, 9, info->restriction_id)); + DB_ACTION(sqlite3_bind_int64(stmt, 12, info->restriction_id)); + else + DB_ACTION(sqlite3_bind_int64(stmt, 12, info->month_start_date)); if (sqlite3_step(stmt) != SQLITE_DONE) { STC_LOGE("Failed to set network restriction: %s\n", //LCOV_EXCL_LINE diff --git a/src/database/tables/table-statistics.c b/src/database/tables/table-statistics.c index 436c55d..6355f60 100755 --- a/src/database/tables/table-statistics.c +++ b/src/database/tables/table-statistics.c @@ -605,8 +605,7 @@ stc_error_e table_statistics_insert(stc_db_classid_iftype_key *stat_key, SQLITE_STATIC)); DB_ACTION(sqlite3_bind_int(stmt, 2, stat->rcv_count)); DB_ACTION(sqlite3_bind_int(stmt, 3, stat->snd_count)); - DB_ACTION(sqlite3_bind_int64(stmt, 4, - (sqlite3_int64)(last_touch_time))); + DB_ACTION(sqlite3_bind_int64(stmt, 4, (sqlite3_int64)last_touch_time)); DB_ACTION(sqlite3_bind_int(stmt, 5, (int)(stat_key->iftype))); DB_ACTION(sqlite3_bind_int(stmt, 6, (int)(stat->is_roaming))); DB_ACTION(sqlite3_bind_int(stmt, 7, (int)hw_net_protocol_type)); diff --git a/src/helper/helper-nfacct-rule.c b/src/helper/helper-nfacct-rule.c index 1a2d188..90364d3 100755 --- a/src/helper/helper-nfacct-rule.c +++ b/src/helper/helper-nfacct-rule.c @@ -249,7 +249,7 @@ static nfacct_rule_direction convert_to_iotype(int type) static stc_iface_type_e convert_to_iftype(int type) { return (type < STC_IFACE_LAST_ELEM && - type > STC_IFACE_UNKNOWN) ? type : STC_IFACE_UNKNOWN; + type > STC_IFACE_UNKNOWN) ? type : STC_IFACE_UNKNOWN; } bool recreate_counter_by_name(char *cnt_name, nfacct_rule_s *cnt) diff --git a/src/monitor/include/stc-monitor.h b/src/monitor/include/stc-monitor.h index a102ea3..3414c06 100644 --- a/src/monitor/include/stc-monitor.h +++ b/src/monitor/include/stc-monitor.h @@ -29,6 +29,19 @@ #define CONTR_TIMER_INTERVAL 1 /** + * @brief enumeration for data limit types + */ +typedef enum { + STC_RSTN_LIMIT_TYPE_DATA_WARN, + STC_RSTN_LIMIT_TYPE_DATA, + STC_RSTN_LIMIT_TYPE_MONTHLY, + STC_RSTN_LIMIT_TYPE_WEEKLY, + STC_RSTN_LIMIT_TYPE_DAILY, + STC_RSTN_LIMIT_TYPE_MAX +} stc_rstn_limit_type_e; + + +/** * @brief key for processes tree */ typedef struct { @@ -80,12 +93,14 @@ typedef struct { uint32_t classid; stc_rstn_state_e rstn_state; stc_rstn_type_e rstn_type; - int64_t data_limit; - int64_t data_warn_limit; - int64_t data_counter; - gboolean data_limit_reached; - gboolean warn_limit_crossed_notified; - gboolean rstn_limit_crossed_notified; + + int64_t counter[STC_RSTN_LIMIT_TYPE_MAX]; + int64_t limit[STC_RSTN_LIMIT_TYPE_MAX]; + int32_t limit_exceeded; + int32_t limit_notified; + + int month_start_date; + time_t month_start_ts; } stc_rstn_value_s; /** @@ -101,6 +116,10 @@ typedef struct { GTree *apps; /**< monitored applications */ gboolean apps_tree_updated; guint background_state; + time_t last_month_ts; + time_t last_week_ts; + time_t last_day_ts; + int month_start_date; } stc_system_s; /** diff --git a/src/monitor/include/stc-time.h b/src/monitor/include/stc-time.h new file mode 100644 index 0000000..d331bce --- /dev/null +++ b/src/monitor/include/stc-time.h @@ -0,0 +1,24 @@ +/* + * Copyright (c) 2017 Samsung Electronics Co., Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef __STC_MANAGER_TIME_H__ +#define __STC_MANAGER_TIME_H__ + +time_t stc_time_get_day_start(time_t now); +time_t stc_time_get_week_start(time_t now); +time_t stc_time_get_month_start(time_t now, int month_start_date); + +#endif /* __STC_MANAGER_TIME_H__ */ diff --git a/src/monitor/stc-monitor.c b/src/monitor/stc-monitor.c index 9db1cfb..4210441 100755 --- a/src/monitor/stc-monitor.c +++ b/src/monitor/stc-monitor.c @@ -28,13 +28,23 @@ #include "table-statistics.h" #include "table-counters.h" #include "stc-monitor.h" +#include "stc-time.h" #include "stc-manager-plugin-appstatus.h" #include "stc-manager-plugin-exception.h" +#define GRANULARITY 10 #define MAX_INT_LENGTH 128 #define VCONFKEY_STC_BACKGROUND_STATE "db/stc/background_state" typedef struct { + time_t now; + time_t month_start_ts; + time_t week_start_ts; + time_t day_start_ts; + int is_updated; +} reset_time_limits_context_s; + +typedef struct { stc_app_key_s *app_key; stc_process_key_s *proc_key; gboolean entry_removed; @@ -43,7 +53,7 @@ typedef struct { typedef struct { struct nfacct_rule *counter; int64_t bytes; - gboolean data_limit_reached; + gboolean data_limit_exceeded; } classid_bytes_context_s; static stc_system_s *g_system = NULL; @@ -478,16 +488,31 @@ static void __print_rstn(stc_rstn_key_s *rstn_key, stc_rstn_value_s *rstn_value) STC_LOGI("rstn info => rstn_id [%llu], " "app_id [%s], classid [%u], ifname [%s], " "iftype [%d], rstn_state [%d], rstn_type [%d], " - "limit [ (%lld) bytes], " + "month_start_date [%d], limit [ (%lld) bytes], " "warn_limit [ (%lld) bytes], " - "counter [ (%lld) bytes], " + "monthly_limit [ (%lld) bytes], " + "weekly_limit [ (%lld) bytes], " + "daily_limit [ (%lld) bytes], " + "data_counter [ (%lld) bytes], " + "warn_counter [ (%lld) bytes], " + "monthly_counter [ (%lld) bytes], " + "weekly_counter [ (%lld) bytes], " + "daily_counter [ (%lld) bytes], " "roaming [%d], subscriber_id [%s]", rstn_value->restriction_id, rstn_key->app_id, rstn_value->classid , rstn_key->ifname, rstn_key->iftype, rstn_value->rstn_state, rstn_value->rstn_type, - rstn_value->data_limit, - rstn_value->data_warn_limit, - rstn_value->data_counter, + rstn_value->month_start_date, + rstn_value->limit[STC_RSTN_LIMIT_TYPE_DATA], + rstn_value->limit[STC_RSTN_LIMIT_TYPE_DATA_WARN], + rstn_value->limit[STC_RSTN_LIMIT_TYPE_MONTHLY], + rstn_value->limit[STC_RSTN_LIMIT_TYPE_WEEKLY], + rstn_value->limit[STC_RSTN_LIMIT_TYPE_DAILY], + rstn_value->counter[STC_RSTN_LIMIT_TYPE_DATA], + rstn_value->counter[STC_RSTN_LIMIT_TYPE_DATA_WARN], + rstn_value->counter[STC_RSTN_LIMIT_TYPE_MONTHLY], + rstn_value->counter[STC_RSTN_LIMIT_TYPE_WEEKLY], + rstn_value->counter[STC_RSTN_LIMIT_TYPE_DAILY], rstn_key->roaming, rstn_key->subscriber_id); } @@ -583,11 +608,36 @@ static void __del_iptables_rule(int64_t classid, nfacct_rule_intend intend, __del_ip6tables_out(&counter); } +typedef struct { + time_t month_start_ts; + time_t week_start_ts; + time_t day_start_ts; + int64_t monthly_stat; + int64_t weekly_stat; + int64_t daily_stat; +} cumulative_data_s; + +static stc_cb_ret_e __statistics_info_cb(const table_statistics_info *info, + void *user_data) +{ + cumulative_data_s *stat = (cumulative_data_s *)user_data; + int64_t counters = 0; + + counters = info->cnt.in_bytes + info->cnt.out_bytes; + + stat->monthly_stat += counters; + if (stat->week_start_ts <= info->interval->from) + stat->weekly_stat += counters; + if (stat->day_start_ts <= info->interval->from) + stat->daily_stat += counters; + + return STC_CONTINUE; +} + static void __process_restriction(enum traffic_restriction_type rstn_type, stc_rstn_key_s *rstn_key, stc_rstn_value_s *rstn_value, void *data) { - int64_t effective_data_limit, effective_data_warn_limit; default_connection_s *old_connection = (default_connection_s *)data; default_connection_s *connection = NULL; @@ -610,52 +660,85 @@ static void __process_restriction(enum traffic_restriction_type rstn_type, if (rstn_value->classid <= STC_UNKNOWN_CLASSID) return; - effective_data_limit = rstn_value->data_limit; - effective_data_warn_limit = rstn_value->data_warn_limit; - - if (rstn_type == RST_SET) { - /* TODO: Change this to runtime memory */ + switch (rstn_type) { + case RST_SET: + { + int i; table_counters_info info; + int64_t effective_limit[STC_RSTN_LIMIT_TYPE_MAX] = { 0, }; memset(&info, 0, sizeof(table_counters_info)); - table_counters_get(rstn_value->restriction_id, &info); - - effective_data_limit -= info.data_counter; - effective_data_warn_limit -= info.data_counter; - - if (effective_data_limit < 0) { - effective_data_limit = 0; //LCOV_EXCL_LINE - rstn_value->data_limit_reached = TRUE; //LCOV_EXCL_LINE + rstn_value->limit_exceeded = 0; + + if ((rstn_value->counter[STC_RSTN_LIMIT_TYPE_DATA] == 0 && + rstn_value->limit[STC_RSTN_LIMIT_TYPE_DATA] >= 0) || + (rstn_value->counter[STC_RSTN_LIMIT_TYPE_DATA_WARN] == 0 && + rstn_value->limit[STC_RSTN_LIMIT_TYPE_DATA_WARN] >= 0) || + (rstn_value->counter[STC_RSTN_LIMIT_TYPE_MONTHLY] == 0 && + rstn_value->limit[STC_RSTN_LIMIT_TYPE_MONTHLY] >= 0) || + (rstn_value->counter[STC_RSTN_LIMIT_TYPE_WEEKLY] == 0 && + rstn_value->limit[STC_RSTN_LIMIT_TYPE_WEEKLY] >= 0) || + (rstn_value->counter[STC_RSTN_LIMIT_TYPE_DAILY] == 0 && + rstn_value->limit[STC_RSTN_LIMIT_TYPE_DAILY] >= 0)) { + table_counters_get(rstn_value->restriction_id, &info); + + time_t current_time = 0; + cumulative_data_s stat; + table_statistics_select_rule rule; + + memset(&stat, 0, sizeof(cumulative_data_s)); + stat.month_start_ts = rstn_value->month_start_ts; + stat.week_start_ts = g_system->last_week_ts; + stat.week_start_ts = g_system->last_day_ts; + + memset(&rule, 0, sizeof(table_statistics_select_rule)); + rule.from = rstn_value->month_start_ts; + time(¤t_time); + rule.to = current_time; + rule.iftype = rstn_key->iftype; + rule.granularity = GRANULARITY; + + table_statistics_per_app(rstn_key->app_id, &rule, __statistics_info_cb, &stat); + + rstn_value->counter[STC_RSTN_LIMIT_TYPE_DATA] = info.data_counter; + rstn_value->counter[STC_RSTN_LIMIT_TYPE_DATA_WARN] = info.warn_counter; + rstn_value->counter[STC_RSTN_LIMIT_TYPE_MONTHLY] = info.monthly_counter + stat.monthly_stat; + rstn_value->counter[STC_RSTN_LIMIT_TYPE_WEEKLY] = info.weekly_counter + stat.weekly_stat; + rstn_value->counter[STC_RSTN_LIMIT_TYPE_DAILY] = info.daily_counter + stat.daily_stat; } - if (effective_data_warn_limit < 0) - effective_data_warn_limit = 0; //LCOV_EXCL_LINE + for (i = 0; i < STC_RSTN_LIMIT_TYPE_MAX; i++) { + if (rstn_value->limit[i] >= 0) { + effective_limit[i] = rstn_value->limit[i] - rstn_value->counter[i]; - STC_LOGD("datausage [%lld] bytes", info.data_counter); - } + if (effective_limit[i] < 0) + rstn_value->limit_exceeded |= (1 << i); + } + } - STC_LOGD("rstn_id [%llu], effective_data_limit [%lld] bytes, " - "effective_data_warn_limit [%lld] bytes", - rstn_value->restriction_id, effective_data_limit, - effective_data_warn_limit); + STC_LOGD("rstn_id [%llu], datausage [%llu] bytes", + rstn_value->restriction_id, info.data_counter); - switch (rstn_type) { - case RST_SET: - if (effective_data_limit <= 0) - __add_iptables_rule(rstn_value->classid, NFACCT_BLOCK, - rstn_key->iftype); + if (rstn_value->limit_exceeded != 0 && + rstn_value->limit_exceeded != (1 << STC_RSTN_LIMIT_TYPE_DATA_WARN)) { + __add_iptables_rule(rstn_value->classid, NFACCT_BLOCK, rstn_key->iftype); + } rstn_value->rstn_state = STC_RSTN_STATE_ACTIVATED; - rstn_value->data_limit_reached = FALSE; - break; + } + break; case RST_EXCLUDE: __add_iptables_rule(rstn_value->classid, NFACCT_ALLOW, rstn_key->iftype); rstn_value->rstn_state = STC_RSTN_STATE_ACTIVATED; - rstn_value->data_limit_reached = TRUE; + rstn_value->limit_exceeded = 0; + rstn_value->limit_notified = 0; break; case RST_UNSET: + { + int i; + if (rstn_value->classid == STC_TETHERING_APP_CLASSID) __del_iptables_rule(rstn_value->classid, NFACCT_BLOCK, rstn_key->iftype); @@ -664,8 +747,14 @@ static void __process_restriction(enum traffic_restriction_type rstn_type, rstn_key->iftype); rstn_value->rstn_state = STC_RSTN_STATE_DEACTIVATED; - rstn_value->data_limit_reached = FALSE; - break; + rstn_value->limit_exceeded = 0; + rstn_value->limit_notified = 0; + + for (i = 0; i < STC_RSTN_LIMIT_TYPE_MAX; i++) + if (rstn_value->limit[i] >= 0) + rstn_value->counter[i] = 0; + } + break; default: ;//Do Nothing } @@ -796,79 +885,121 @@ static stc_error_e __close_and_reopen_contr_sock(stc_system_s *system) return STC_ERROR_NONE; } +static void __action_when_rstn_limit_exceeded(stc_rstn_limit_type_e limit_type, + stc_rstn_key_s *rstn_key, + stc_rstn_value_s *rstn_value, + classid_bytes_context_s *context) +{ + gboolean rv; + char iftype[MAX_INT_LENGTH]; + char byte[MAX_INT_LENGTH]; + const char *signal_name; + stc_s *stc = (stc_s *)stc_get_manager(); + + if (stc == NULL) { + STC_LOGE("Failed to get stc data"); + return; + } + + switch (limit_type) { + case STC_RSTN_LIMIT_TYPE_DATA_WARN: + { + signal_name = "WarnThresholdCrossed"; + + snprintf(iftype, MAX_INT_LENGTH, "%d", rstn_key->iftype); + snprintf(byte, MAX_INT_LENGTH, "%lld", rstn_value->limit[limit_type]); + stc_plugin_appstatus_send_warn_message("warn threshold crossed", + "warning_noti", + rstn_key->app_id, + iftype, byte); + } + break; + case STC_RSTN_LIMIT_TYPE_DATA: + case STC_RSTN_LIMIT_TYPE_MONTHLY: + case STC_RSTN_LIMIT_TYPE_WEEKLY: + case STC_RSTN_LIMIT_TYPE_DAILY: + { + signal_name = "RestrictionThresholdCrossed"; + + /* block immediately */ + context->counter->intend = NFACCT_BLOCK; + __del_iptables_in(context->counter); + __del_iptables_out(context->counter); + __add_iptables_in(context->counter); + __add_iptables_out(context->counter); + + __del_ip6tables_in(context->counter); + __del_ip6tables_out(context->counter); + __add_ip6tables_in(context->counter); + __add_ip6tables_out(context->counter); + context->counter->intend = NFACCT_COUNTER; + + rstn_value->limit_exceeded |= (1 << limit_type); + + snprintf(iftype, MAX_INT_LENGTH, "%d", rstn_key->iftype); + snprintf(byte, MAX_INT_LENGTH, "%lld", rstn_value->limit[limit_type]); + stc_plugin_appstatus_send_restriction_message("restriction threshold crossed", + "restriction_noti", + rstn_key->app_id, + iftype, byte); + } + break; + default: + break; + } + + /* emit signal */ + rv = stc_manager_dbus_emit_signal(stc->connection, + STC_DBUS_SERVICE_RESTRICTION_PATH, + STC_DBUS_INTERFACE_RESTRICTION, + signal_name, + g_variant_new("(si)", + rstn_key->app_id, + rstn_key->iftype)); + + if (rv == TRUE) + rstn_value->limit_notified |= (1 << limit_type); +} + static gboolean __rstn_counter_update(stc_rstn_key_s *rstn_key, stc_rstn_value_s *rstn_value, classid_bytes_context_s *context) { + int i; switch (context->counter->iotype) { case NFACCT_COUNTER_IN: case NFACCT_COUNTER_OUT: - rstn_value->data_counter += context->bytes; - - if (rstn_value->data_counter >= rstn_value->data_warn_limit && - rstn_value->warn_limit_crossed_notified == FALSE) { - - gboolean rv; - char iftype[MAX_INT_LENGTH]; - char byte[MAX_INT_LENGTH]; - stc_s *stc = (stc_s *)stc_get_manager(); - ret_value_msg_if(stc == NULL, FALSE, "failed to get stc data"); - - /* emit signal */ - rv = stc_manager_dbus_emit_signal(stc->connection, - STC_DBUS_SERVICE_RESTRICTION_PATH, - STC_DBUS_INTERFACE_RESTRICTION, - "WarnThresholdCrossed", - g_variant_new("(si)", rstn_key->app_id, rstn_key->iftype)); - if (rv == TRUE) - rstn_value->warn_limit_crossed_notified = TRUE; - - snprintf(iftype, MAX_INT_LENGTH, "%d", rstn_key->iftype); - snprintf(byte, MAX_INT_LENGTH, "%lld", rstn_value->data_warn_limit); - stc_plugin_appstatus_send_warn_message("warn threshold crossed", - "warning_noti", - rstn_key->app_id, - iftype, byte); + if ((rstn_value->counter[STC_RSTN_LIMIT_TYPE_DATA] == 0 && + rstn_value->limit[STC_RSTN_LIMIT_TYPE_DATA] >= 0) || + (rstn_value->counter[STC_RSTN_LIMIT_TYPE_DATA_WARN] == 0 && + rstn_value->limit[STC_RSTN_LIMIT_TYPE_DATA_WARN] >= 0) || + (rstn_value->counter[STC_RSTN_LIMIT_TYPE_MONTHLY] == 0 && + rstn_value->limit[STC_RSTN_LIMIT_TYPE_MONTHLY] >= 0) || + (rstn_value->counter[STC_RSTN_LIMIT_TYPE_WEEKLY] == 0 && + rstn_value->limit[STC_RSTN_LIMIT_TYPE_WEEKLY] >= 0) || + (rstn_value->counter[STC_RSTN_LIMIT_TYPE_DAILY] == 0 && + rstn_value->limit[STC_RSTN_LIMIT_TYPE_DAILY] >= 0)) { + table_counters_info info; + memset(&info, 0, sizeof(table_counters_info)); + table_counters_get(rstn_value->restriction_id, &info); + + rstn_value->counter[STC_RSTN_LIMIT_TYPE_DATA] = info.data_counter; + rstn_value->counter[STC_RSTN_LIMIT_TYPE_DATA_WARN] = info.warn_counter; + rstn_value->counter[STC_RSTN_LIMIT_TYPE_MONTHLY] = info.monthly_counter; + rstn_value->counter[STC_RSTN_LIMIT_TYPE_WEEKLY] = info.weekly_counter; + rstn_value->counter[STC_RSTN_LIMIT_TYPE_DAILY] = info.daily_counter; } - if (rstn_value->data_counter >= rstn_value->data_limit && - rstn_value->rstn_limit_crossed_notified == FALSE) { - - gboolean rv; - char iftype[MAX_INT_LENGTH]; - char byte[MAX_INT_LENGTH]; - stc_s *stc = (stc_s *)stc_get_manager(); - ret_value_msg_if(stc == NULL, FALSE, "failed to get stc data"); - - /* block immediately */ - context->counter->intend = NFACCT_BLOCK; - __del_iptables_in(context->counter); - __del_iptables_out(context->counter); - __add_iptables_in(context->counter); - __add_iptables_out(context->counter); - - __del_ip6tables_in(context->counter); - __del_ip6tables_out(context->counter); - __add_ip6tables_in(context->counter); - __add_ip6tables_out(context->counter); - context->counter->intend = NFACCT_COUNTER; - - rstn_value->data_limit_reached = TRUE; - - /* emit signal */ - rv = stc_manager_dbus_emit_signal(stc->connection, - STC_DBUS_SERVICE_RESTRICTION_PATH, - STC_DBUS_INTERFACE_RESTRICTION, - "RestrictionThresholdCrossed", - g_variant_new("(si)", rstn_key->app_id, rstn_key->iftype)); - if (rv == TRUE) - rstn_value->rstn_limit_crossed_notified = TRUE; - - snprintf(iftype, MAX_INT_LENGTH, "%d", rstn_key->iftype); - snprintf(byte, MAX_INT_LENGTH, "%lld", rstn_value->data_limit); - stc_plugin_appstatus_send_restriction_message("restriction threshold crossed", - "restriction_noti", rstn_key->app_id, - iftype, byte); + for (i = 0; i < STC_RSTN_LIMIT_TYPE_MAX; i++) { + if (rstn_value->limit[i] >= 0 && + !(rstn_value->limit_notified & (1 << i))) { + rstn_value->counter[i] += context->bytes; + if (rstn_value->limit[i] <= rstn_value->counter[i]) + __action_when_rstn_limit_exceeded(i, + rstn_key, + rstn_value, + context); + } } g_system->rstns_tree_updated = TRUE; @@ -919,8 +1050,8 @@ static gboolean __rstn_counter_update_foreach_classid(gpointer key, if (context->counter->intend != NFACCT_COUNTER) goto try_next_callback; - if (rstn_value->data_limit_reached == TRUE) { - context->data_limit_reached = TRUE; //LCOV_EXCL_LINE + if (rstn_value->limit_exceeded == TRUE) { + context->data_limit_exceeded = TRUE; //LCOV_EXCL_LINE goto try_next_callback; //LCOV_EXCL_LINE } @@ -1014,7 +1145,10 @@ static gboolean __update_app_statistics(gpointer key, gpointer value, static gboolean __flush_apps_stats_to_database(gpointer user_data) { time_t current_time = 0; - time(¤t_time); + stc_s *stc = stc_get_manager(); + + if (stc && stc->carg) + current_time = stc->carg->last_run_time; if (g_system->apps_tree_updated == FALSE) return G_SOURCE_REMOVE; @@ -1037,7 +1171,11 @@ static gboolean __update_counter_statistics(gpointer key, gpointer value, stc_rstn_value_s *rstn_value = (stc_rstn_value_s *)value; table_counters_info info = { .restriction_id = rstn_value->restriction_id, - .data_counter = rstn_value->data_counter + .data_counter = rstn_value->counter[STC_RSTN_LIMIT_TYPE_DATA], + .warn_counter = rstn_value->counter[STC_RSTN_LIMIT_TYPE_DATA_WARN], + .monthly_counter = rstn_value->counter[STC_RSTN_LIMIT_TYPE_MONTHLY], + .weekly_counter = rstn_value->counter[STC_RSTN_LIMIT_TYPE_WEEKLY], + .daily_counter = rstn_value->counter[STC_RSTN_LIMIT_TYPE_DAILY] }; table_counters_update_counters(&info); @@ -1047,7 +1185,11 @@ static gboolean __update_counter_statistics(gpointer key, gpointer value, static gboolean __flush_rstns_counter_to_database(gpointer user_data) { - time_t current_time = time(0); + time_t current_time = 0; + stc_s *stc = stc_get_manager(); + + if (stc && stc->carg) + current_time = stc->carg->last_run_time; if (g_system->rstns_tree_updated == FALSE) return G_SOURCE_REMOVE; @@ -1136,9 +1278,146 @@ try_next_callback: return FALSE; } +static gboolean __reset_time_counter_foreach_rstn(gpointer key, + gpointer value, + gpointer data) +{ + stc_rstn_key_s *rstn_key = (stc_rstn_key_s *)key; + stc_rstn_value_s *rstn_value = (stc_rstn_value_s *)value; + reset_time_limits_context_s *context = (reset_time_limits_context_s *)data; + int i; + time_t now_month_start_ts; + + if (rstn_value->month_start_date == 0) { + table_counters_info info; + memset(&info, 0, sizeof(table_counters_info)); + table_counters_get_timestamps(rstn_value->restriction_id, &info); + + if (info.month_start_date == 0) + rstn_value->month_start_date = 1; + else + rstn_value->month_start_date = info.month_start_date; + rstn_value->month_start_ts = info.month_start_ts; + } + + now_month_start_ts = + stc_time_get_month_start(context->now, + rstn_value->month_start_date); + + if (rstn_value->month_start_ts != now_month_start_ts) { + rstn_value->month_start_ts = now_month_start_ts; + context->month_start_ts = now_month_start_ts; + context->is_updated |= (1 << STC_RSTN_LIMIT_TYPE_MONTHLY); + } + + if (context->is_updated) { + table_counters_info info; + memset(&info, 0, sizeof(table_counters_info)); + + info.restriction_id = rstn_value->restriction_id; + info.month_start_date = rstn_value->month_start_date; + info.month_start_ts = rstn_value->month_start_ts; + info.week_start_ts = context->week_start_ts; + info.day_start_ts = context->day_start_ts; + + table_counters_update_timestamps(&info); + } + + for (i = STC_RSTN_LIMIT_TYPE_MONTHLY; i < STC_RSTN_LIMIT_TYPE_MAX; i++) { + + if ((context->is_updated) & (1 << i)) { + /* reset limit */ + rstn_value->counter[i] = 0; + + if (rstn_value->limit_exceeded & (1 << i)) { + /* remove iptables rule */ + char *default_ifname = stc_default_connection_get_ifname(); + struct nfacct_rule counter; + stc_s *stc = stc_get_manager(); + if (stc == NULL) { + STC_LOGE("Can't get stc data"); + g_free(default_ifname); + goto try_next_callback; + } + + if (!stc->carg) { + stc->carg = MALLOC0(counter_arg_s, 1); + if (stc->carg == NULL) { + g_free(default_ifname); + goto try_next_callback; + } + + stc->carg->sock = + stc_monitor_get_counter_socket(); + } + + counter.carg = stc->carg; + counter.classid = rstn_value->classid; + counter.intend = NFACCT_BLOCK; + counter.iftype = rstn_key->iftype; + g_strlcpy(counter.ifname, default_ifname, + MAX_IFACE_LENGTH); + + g_free(default_ifname); + + /* iptables rule */ + __del_iptables_in(&counter); + __del_iptables_out(&counter); + + /* ip6tables rule */ + __del_ip6tables_in(&counter); + __del_ip6tables_out(&counter); + + rstn_value->rstn_state = STC_RSTN_STATE_DEACTIVATED; + rstn_value->limit_exceeded &= ~(1 << i); + rstn_value->limit_notified &= ~(1 << i); + } + } + } + +try_next_callback: + return FALSE; +} + +static void __reset_time_counters_if_required(void) +{ + reset_time_limits_context_s context; + + if (g_system == NULL) { + STC_LOGE("stc monitor not initialized!"); + return; + } + + context.now = time(NULL); + context.week_start_ts = stc_time_get_week_start(context.now); + context.day_start_ts = stc_time_get_day_start(context.now); + context.is_updated = 0; + + if (g_system->last_week_ts != context.week_start_ts) { + g_system->last_week_ts = context.week_start_ts; + context.is_updated |= (1 << STC_RSTN_LIMIT_TYPE_WEEKLY); + } + + if (g_system->last_day_ts != context.day_start_ts) { + g_system->last_day_ts = context.day_start_ts; + context.is_updated |= (1 << STC_RSTN_LIMIT_TYPE_DAILY); + } + + if (g_system->rstns) { + g_tree_foreach(g_system->rstns, + __reset_time_counter_foreach_rstn, + &context); + if (context.is_updated) + STC_LOGD("Counter reset completed month_start [%ld], week_start [%ld], day_start [%ld]", + context.month_start_ts, g_system->last_week_ts, g_system->last_day_ts); + } +} + static void __fill_nfacct_result(char *cnt_name, int64_t bytes, struct counter_arg *carg) { + __reset_time_counters_if_required(); + struct nfacct_rule counter = { .carg = carg, .name = {0}, @@ -1149,7 +1428,7 @@ static void __fill_nfacct_result(char *cnt_name, int64_t bytes, classid_bytes_context_s context = { .counter = &counter, .bytes = bytes, - .data_limit_reached = FALSE, + .data_limit_exceeded = FALSE, }; if (!recreate_counter_by_name(cnt_name, &counter)) { @@ -1272,6 +1551,8 @@ static gboolean __process_contr_reply(GIOChannel *source, goto out; stc->carg->ans_len = ret; + stc->carg->last_run_time = time(NULL); + __process_network_counter(ans, stc->carg); g_idle_add(__flush_apps_stats_to_database, NULL); @@ -1400,10 +1681,9 @@ static stc_error_e __rstn_tree_remove(stc_rstn_key_s *key) return STC_ERROR_NO_DATA; //LCOV_EXCL_LINE } - __remove_restriction(key, lookup_value, NULL); - /* remove counter also */ table_counters_delete(lookup_value->restriction_id); + __remove_restriction(key, lookup_value, NULL); if (!g_tree_remove(g_system->rstns, key)) { STC_LOGD("key not found"); //LCOV_EXCL_LINE @@ -1450,11 +1730,17 @@ static stc_error_e __rstn_tree_add(stc_rstn_key_s *key, rstn_value->rstn_state = value->rstn_state; rstn_value->rstn_type = value->rstn_type; rstn_value->classid = value->classid; - rstn_value->data_limit = value->data_limit; - rstn_value->data_warn_limit = value->data_warn_limit; - rstn_value->data_counter = 0; - rstn_value->warn_limit_crossed_notified = FALSE; - rstn_value->rstn_limit_crossed_notified = FALSE; + + int i; + for (i = 0; i < STC_RSTN_LIMIT_TYPE_MAX; i++) { + rstn_value->limit[i] = value->limit[i]; + rstn_value->counter[i] = 0; + } + + rstn_value->limit_exceeded = 0; + rstn_value->limit_notified = 0; + rstn_value->month_start_date = value->month_start_date; + rstn_value->month_start_ts = value->month_start_ts; if (debug == TRUE) __add_restriction_debug(key, rstn_value, NULL); @@ -1491,8 +1777,11 @@ static stc_cb_ret_e __insert_restriction_cb(const table_restrictions_info *info, else value.classid = STC_UNKNOWN_CLASSID; - value.data_limit = info->data_limit; - value.data_warn_limit = info->data_warn_limit; + value.limit[STC_RSTN_LIMIT_TYPE_DATA] = info->data_limit; + value.limit[STC_RSTN_LIMIT_TYPE_DATA_WARN] = info->data_warn_limit; + value.limit[STC_RSTN_LIMIT_TYPE_MONTHLY] = info->monthly_limit; + value.limit[STC_RSTN_LIMIT_TYPE_WEEKLY] = info->weekly_limit; + value.limit[STC_RSTN_LIMIT_TYPE_DAILY] = info->daily_limit; if (__rstn_tree_add(&key, &value, FALSE) != STC_ERROR_NONE) ret = STC_CANCEL; @@ -1992,8 +2281,14 @@ stc_error_e stc_monitor_rstns_tree_add(const table_restrictions_info *info) __process_update_background(); //LCOV_EXCL_LINE } - value.data_limit = info->data_limit; - value.data_warn_limit = info->data_warn_limit; + value.limit[STC_RSTN_LIMIT_TYPE_DATA] = info->data_limit; + value.limit[STC_RSTN_LIMIT_TYPE_DATA_WARN] = info->data_warn_limit; + value.limit[STC_RSTN_LIMIT_TYPE_MONTHLY] = info->monthly_limit; + value.limit[STC_RSTN_LIMIT_TYPE_WEEKLY] = info->weekly_limit; + value.limit[STC_RSTN_LIMIT_TYPE_DAILY] = info->daily_limit; + value.month_start_date = info->month_start_date; + value.month_start_ts = stc_time_get_month_start(time(NULL), + info->month_start_date); ret = __rstn_tree_add(&key, &value, TRUE); diff --git a/src/monitor/stc-time.c b/src/monitor/stc-time.c new file mode 100644 index 0000000..750b43d --- /dev/null +++ b/src/monitor/stc-time.c @@ -0,0 +1,104 @@ +/* + * Copyright (c) 2016 Samsung Electronics Co., Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include + +#define SEC_IN_DAY 24 * 60 * 60 +#define SEC_IN_WEEK 7 * SEC_IN_DAY + +time_t stc_time_get_day_start(time_t now) +{ + struct tm *curr; + + curr = localtime(&now); + + curr->tm_sec = 0; + curr->tm_min = 0; + curr->tm_hour = 0; + + return mktime(curr); +} + +time_t stc_time_get_week_start(time_t now) +{ + struct tm *curr; + int days; + + curr = localtime(&now); + + curr->tm_sec = 0; + curr->tm_min = 0; + curr->tm_hour = 0; + + if (curr->tm_wday > 1) + days = curr->tm_wday - 1; + else + days = 1 - curr->tm_wday; + + return (mktime(curr) - (days * SEC_IN_DAY)); +} + +time_t stc_time_get_month_start(time_t now, int month_start_date) +{ + struct tm *curr; + bool is_leap_year; + + curr = localtime(&now); + + curr->tm_sec = 0; + curr->tm_min = 0; + curr->tm_hour = 0; + + if (curr->tm_mday < month_start_date) { + curr->tm_mon--; + if (curr->tm_mon < 0) { + curr->tm_mon = 11; + curr->tm_year--; + } + } + + is_leap_year = ((curr->tm_year + 1900) % 4 ? 0 : 1); + curr->tm_mday = month_start_date; + + switch (month_start_date) { + case 29: + case 30: + if (curr->tm_mon == 1 && !is_leap_year) + curr->tm_mday = 28; + + else if (curr->tm_mon == 1 && is_leap_year) + curr->tm_mday = 29; + + break; + case 31: + if (curr->tm_mon == 1 && !is_leap_year) + curr->tm_mday = 28; + + else if (curr->tm_mon == 1 && is_leap_year) + curr->tm_mday = 29; + + else if (curr->tm_mon == 3 || curr->tm_mon == 5 || + curr->tm_mon == 8 || curr->tm_mon == 10) + curr->tm_mday = 30; + + break; + default: + ;//Do Nothing + }; + + return mktime(curr); +} diff --git a/src/stc-manager-gdbus.c b/src/stc-manager-gdbus.c index ddad1ef..672909b 100644 --- a/src/stc-manager-gdbus.c +++ b/src/stc-manager-gdbus.c @@ -457,7 +457,7 @@ void stc_manager_gdbus_dict_foreach(GVariantIter *iter, dbus_dict_cb cb, } while (g_variant_iter_loop(iter, "{sv}", &key, &value)) { - DEBUG_GDBUS_KEY_VALUE(key, value); + /* DEBUG_GDBUS_KEY_VALUE(key, value); */ if (key && cb) cb(key, value, user_data); } diff --git a/src/stc-restriction.c b/src/stc-restriction.c index d4353ea..2f44459 100644 --- a/src/stc-restriction.c +++ b/src/stc-restriction.c @@ -46,8 +46,11 @@ void __initialize_rstn_rule(table_restrictions_info *rule) rule->ifname = NULL; rule->iftype = STC_IFACE_ALL; rule->rstn_type = STC_RSTN_TYPE_UNKNOWN; - rule->data_limit = 0; - rule->data_warn_limit = 0; + rule->data_limit = -1; + rule->data_warn_limit = -1; + rule->monthly_limit = -1; + rule->weekly_limit = -1; + rule->daily_limit = -1; rule->roaming = STC_ROAMING_DISABLE; rule->subscriber_id = NULL; } @@ -114,6 +117,18 @@ void __stc_restriction_app_info_builder_add(GVariantBuilder *builder, g_variant_builder_add(builder, "{sv}", "data_warn_limit", g_variant_new_int64(info->data_warn_limit)); + g_variant_builder_add(builder, "{sv}", "month_start_date", + g_variant_new_int32(info->month_start_date)); + + g_variant_builder_add(builder, "{sv}", "monthly_limit", + g_variant_new_int64(info->monthly_limit)); + + g_variant_builder_add(builder, "{sv}", "weekly_limit", + g_variant_new_int64(info->weekly_limit)); + + g_variant_builder_add(builder, "{sv}", "daily_limit", + g_variant_new_int64(info->daily_limit)); + g_variant_builder_add(builder, "{sv}", "roaming", g_variant_new_uint16(info->roaming)); @@ -165,8 +180,6 @@ stc_cb_ret_e __table_restrictions_per_app_cb(const table_restrictions_info *info static void __stc_extract_restriction_rule(const char *key, GVariant *value, void *user_data) { - __STC_LOG_FUNC_ENTER__; - table_restrictions_info *rule = (table_restrictions_info *) user_data; if (rule == NULL) { @@ -198,6 +211,22 @@ static void __stc_extract_restriction_rule(const char *key, GVariant *value, rule->data_warn_limit = g_variant_get_int64(value); STC_LOGD("data_warn_limit: [%lld]", rule->data_warn_limit); + } else if (!g_strcmp0(key, "month_start_date")) { + rule->month_start_date = g_variant_get_int32(value); + STC_LOGD("month_start_date: [%d]", rule->month_start_date); + + } else if (!g_strcmp0(key, "monthly_limit")) { + rule->monthly_limit = g_variant_get_int64(value); + STC_LOGD("monthly_limit: [%lld]", rule->monthly_limit); + + } else if (!g_strcmp0(key, "weekly_limit")) { + rule->weekly_limit = g_variant_get_int64(value); + STC_LOGD("weekly_limit: [%lld]", rule->weekly_limit); + + } else if (!g_strcmp0(key, "daily_limit")) { + rule->daily_limit = g_variant_get_int64(value); + STC_LOGD("daily_limit: [%lld]", rule->daily_limit); + } else if (!g_strcmp0(key, "roaming")) { rule->roaming = g_variant_get_uint16(value); STC_LOGD("roaming: [%u]", rule->roaming); @@ -208,15 +237,13 @@ static void __stc_extract_restriction_rule(const char *key, GVariant *value, rule->subscriber_id = g_strdup(str); STC_LOGD("subscriber_id: [%s]", rule->subscriber_id); - } else if (!g_strcmp0(key, "type")) { + } else if (!g_strcmp0(key, "rstn_type")) { rule->rstn_type = g_variant_get_uint16(value); STC_LOGD("type: [%u]", (unsigned int) rule->rstn_type); } else { STC_LOGD("Unknown select rule"); //LCOV_EXCL_LINE } - - __STC_LOG_FUNC_EXIT__; } gboolean handle_restriction_set(StcRestriction *object, -- 2.7.4 From 5aa578ed04c81e50cb42743ce41825b3d4050162 Mon Sep 17 00:00:00 2001 From: hyunuktak Date: Thu, 12 Jul 2018 14:38:00 +0900 Subject: [PATCH 05/16] Modified to send message to net popup Change-Id: I0ffbc76a3fc0ecee7eb9ba295a32f32f6f8391c4 Signed-off-by: hyunuktak --- include/stc-manager-plugin-appstatus.h | 4 +-- packaging/stc-manager.spec | 2 +- plugin/appstatus/include/stc-plugin-appstatus.h | 10 ++---- plugin/appstatus/stc-plugin-appstatus.c | 44 ++++++++----------------- src/monitor/stc-monitor.c | 25 +++++++------- src/stc-manager-plugin-appstatus.c | 28 ++-------------- 6 files changed, 32 insertions(+), 81 deletions(-) mode change 100644 => 100755 include/stc-manager-plugin-appstatus.h mode change 100644 => 100755 plugin/appstatus/include/stc-plugin-appstatus.h mode change 100644 => 100755 plugin/appstatus/stc-plugin-appstatus.c mode change 100644 => 100755 src/stc-manager-plugin-appstatus.c diff --git a/include/stc-manager-plugin-appstatus.h b/include/stc-manager-plugin-appstatus.h old mode 100644 new mode 100755 index b177bd7..1140199 --- a/include/stc-manager-plugin-appstatus.h +++ b/include/stc-manager-plugin-appstatus.h @@ -24,9 +24,7 @@ int stc_plugin_appstatus_init(void); int stc_plugin_appstatus_deinit(void); -int stc_plugin_appstatus_send_warn_message(const char *content, - const char *type, const char *app_id, const char *iftype, const char *warn); -int stc_plugin_appstatus_send_restriction_message(const char *content, +int stc_plugin_appstatus_send_message(const char *content, const char *type, const char *app_id, const char *iftype, const char *limit); int stc_plugin_appstatus_register_state_changed_cb(stc_s *stc, diff --git a/packaging/stc-manager.spec b/packaging/stc-manager.spec index bcad233..6b837c0 100644 --- a/packaging/stc-manager.spec +++ b/packaging/stc-manager.spec @@ -1,6 +1,6 @@ Name: stc-manager Summary: STC(Smart Traffic Control) manager -Version: 0.0.70 +Version: 0.0.71 Release: 0 Group: Network & Connectivity/Other License: Apache-2.0 diff --git a/plugin/appstatus/include/stc-plugin-appstatus.h b/plugin/appstatus/include/stc-plugin-appstatus.h old mode 100644 new mode 100755 index ed4a7b4..45025be --- a/plugin/appstatus/include/stc-plugin-appstatus.h +++ b/plugin/appstatus/include/stc-plugin-appstatus.h @@ -29,19 +29,15 @@ typedef stc_error_e (*stc_plugin_app_state_changed_cb)(stc_cmd_type_e cmd, typedef struct { /* popup */ - int (*send_restriction_message_to_net_popup) (const char *, - const char *, const char *, const char *, const char *); - int (*send_warn_message_to_net_popup) (const char *, - const char *, const char *, const char *, const char *); + int (*send_message_to_net_popup) (const char *, const char *, + const char *, const char *, const char *); /* app status */ int (*register_state_changed_cb) (stc_s *stc, stc_plugin_app_state_changed_cb cb, void *data); int (*deregister_state_changed_cb) (stc_s *stc); } stc_plugin_appstatus_s; -int stc_plugin_popup_send_restriction_message(const char *content, - const char *type, const char *app_id, const char *iftype, const char *limit); -int stc_plugin_popup_send_restriction_message(const char *content, +int stc_plugin_popup_send_message(const char *content, const char *type, const char *app_id, const char *iftype, const char *limit); int stc_plugin_appstatus_register_changed_cb(stc_s *stc, diff --git a/plugin/appstatus/stc-plugin-appstatus.c b/plugin/appstatus/stc-plugin-appstatus.c old mode 100644 new mode 100755 index d9764b4..672eb8c --- a/plugin/appstatus/stc-plugin-appstatus.c +++ b/plugin/appstatus/stc-plugin-appstatus.c @@ -183,42 +183,26 @@ int stc_plugin_appstatus_deregister_changed_cb(stc_s *stc) return 0; } -int stc_plugin_popup_send_warn_message(const char *content, - const char *type, const char *app_id, const char *iftype, const char *warn) -{ - int ret = 0; - bundle *b = bundle_create(); - - STC_LOGD("Warn message : content[%s] type[%s] app_id[%s] warn[%s]", - content, type, app_id, warn); - - bundle_add(b, "_SYSPOPUP_CONTENT_", content); - bundle_add(b, "_SYSPOPUP_TYPE_", type); - bundle_add(b, "_APP_ID_", app_id); - bundle_add(b, "_IF_TYPE_", iftype); - bundle_add(b, "_WARN_LIMIT_", warn); - - ret = syspopup_launch("net-popup", b); - - bundle_free(b); - - return ret; -} - -int stc_plugin_popup_send_restriction_message(const char *content, +int stc_plugin_popup_send_message(const char *content, const char *type, const char *app_id, const char *iftype, const char *limit) { int ret = 0; bundle *b = bundle_create(); - STC_LOGD("Restriction message : content[%s] type[%s] app_id[%s] limit[%s]", - content, type, app_id, limit); - bundle_add(b, "_SYSPOPUP_CONTENT_", content); bundle_add(b, "_SYSPOPUP_TYPE_", type); bundle_add(b, "_APP_ID_", app_id); bundle_add(b, "_IF_TYPE_", iftype); - bundle_add(b, "_RESTRICTION_LIMIT_", limit); + + if (g_strcmp0(type, "warning_noti") == 0) { + bundle_add(b, "_WARN_LIMIT_", limit); + STC_LOGD("Warn message : content[%s] type[%s] app_id[%s] limit[%s]", + content, type, app_id, limit); + } else { + bundle_add(b, "_RESTRICTION_LIMIT_", limit); + STC_LOGD("Restriction message : content[%s] type[%s] app_id[%s] limit[%s]", + content, type, app_id, limit); + } ret = syspopup_launch("net-popup", b); @@ -228,10 +212,8 @@ int stc_plugin_popup_send_restriction_message(const char *content, } API stc_plugin_appstatus_s stc_plugin_appstatus = { - .send_warn_message_to_net_popup = - stc_plugin_popup_send_warn_message, - .send_restriction_message_to_net_popup = - stc_plugin_popup_send_restriction_message, + .send_message_to_net_popup = + stc_plugin_popup_send_message, .register_state_changed_cb = stc_plugin_appstatus_register_changed_cb, .deregister_state_changed_cb = diff --git a/src/monitor/stc-monitor.c b/src/monitor/stc-monitor.c index 4210441..5885fc9 100755 --- a/src/monitor/stc-monitor.c +++ b/src/monitor/stc-monitor.c @@ -894,6 +894,8 @@ static void __action_when_rstn_limit_exceeded(stc_rstn_limit_type_e limit_type, char iftype[MAX_INT_LENGTH]; char byte[MAX_INT_LENGTH]; const char *signal_name; + const char *net_popup_content; + const char *net_popup_type; stc_s *stc = (stc_s *)stc_get_manager(); if (stc == NULL) { @@ -905,13 +907,8 @@ static void __action_when_rstn_limit_exceeded(stc_rstn_limit_type_e limit_type, case STC_RSTN_LIMIT_TYPE_DATA_WARN: { signal_name = "WarnThresholdCrossed"; - - snprintf(iftype, MAX_INT_LENGTH, "%d", rstn_key->iftype); - snprintf(byte, MAX_INT_LENGTH, "%lld", rstn_value->limit[limit_type]); - stc_plugin_appstatus_send_warn_message("warn threshold crossed", - "warning_noti", - rstn_key->app_id, - iftype, byte); + net_popup_content = "warn threshold crossed"; + net_popup_type = "warning_noti"; } break; case STC_RSTN_LIMIT_TYPE_DATA: @@ -920,6 +917,8 @@ static void __action_when_rstn_limit_exceeded(stc_rstn_limit_type_e limit_type, case STC_RSTN_LIMIT_TYPE_DAILY: { signal_name = "RestrictionThresholdCrossed"; + net_popup_content = "restriction threshold crossed"; + net_popup_type = "restriction_noti"; /* block immediately */ context->counter->intend = NFACCT_BLOCK; @@ -935,13 +934,6 @@ static void __action_when_rstn_limit_exceeded(stc_rstn_limit_type_e limit_type, context->counter->intend = NFACCT_COUNTER; rstn_value->limit_exceeded |= (1 << limit_type); - - snprintf(iftype, MAX_INT_LENGTH, "%d", rstn_key->iftype); - snprintf(byte, MAX_INT_LENGTH, "%lld", rstn_value->limit[limit_type]); - stc_plugin_appstatus_send_restriction_message("restriction threshold crossed", - "restriction_noti", - rstn_key->app_id, - iftype, byte); } break; default: @@ -959,6 +951,11 @@ static void __action_when_rstn_limit_exceeded(stc_rstn_limit_type_e limit_type, if (rv == TRUE) rstn_value->limit_notified |= (1 << limit_type); + + snprintf(iftype, MAX_INT_LENGTH, "%d", rstn_key->iftype); + snprintf(byte, MAX_INT_LENGTH, "%lld", rstn_value->limit[limit_type]); + stc_plugin_appstatus_send_message(net_popup_content, + net_popup_type, rstn_key->app_id, iftype, byte); } static gboolean __rstn_counter_update(stc_rstn_key_s *rstn_key, diff --git a/src/stc-manager-plugin-appstatus.c b/src/stc-manager-plugin-appstatus.c old mode 100644 new mode 100755 index 8bc067b..cab52ad --- a/src/stc-manager-plugin-appstatus.c +++ b/src/stc-manager-plugin-appstatus.c @@ -64,29 +64,7 @@ int stc_plugin_appstatus_deinit(void) return STC_ERROR_NONE; } -int stc_plugin_appstatus_send_warn_message(const char *content, - const char *type, const char *app_id, const char *iftype, const char *warn) -{ - __STC_LOG_FUNC_ENTER__; - - if (!stc_plugin_enabled) { - STC_LOGE("Plugin wasn't enabled"); - __STC_LOG_FUNC_EXIT__; - return STC_ERROR_UNINITIALIZED; - } - - if (!stc_plugin) { - STC_LOGE("Plugin wasn't loaded"); - __STC_LOG_FUNC_EXIT__; - return STC_ERROR_UNINITIALIZED; - } - - __STC_LOG_FUNC_EXIT__; - return stc_plugin->send_warn_message_to_net_popup(content, - type, app_id, iftype, warn); -} - -int stc_plugin_appstatus_send_restriction_message(const char *content, +int stc_plugin_appstatus_send_message(const char *content, const char *type, const char *app_id, const char *iftype, const char *limit) { __STC_LOG_FUNC_ENTER__; @@ -104,8 +82,8 @@ int stc_plugin_appstatus_send_restriction_message(const char *content, } __STC_LOG_FUNC_EXIT__; - return stc_plugin->send_restriction_message_to_net_popup(content, - type, app_id, iftype, limit); + return stc_plugin->send_message_to_net_popup(content, + type, app_id, iftype, limit); } int stc_plugin_appstatus_register_state_changed_cb(stc_s *stc, -- 2.7.4 From cfae93c9d029930ed96e3d0c412527c8d1affc8b Mon Sep 17 00:00:00 2001 From: hyunuktak Date: Fri, 13 Jul 2018 15:46:36 +0900 Subject: [PATCH 06/16] Modified to update firewall rule Change-Id: I0a452c3e7eea1a33f93f7a39df182d9e77c01ced Signed-off-by: hyunuktak --- src/database/include/table-firewall.h | 2 +- src/database/tables/table-firewall.c | 5 +++-- src/stc-firewall.c | 35 +++++++++++++++++++++++++++++++---- 3 files changed, 35 insertions(+), 7 deletions(-) mode change 100644 => 100755 src/database/include/table-firewall.h mode change 100644 => 100755 src/database/tables/table-firewall.c mode change 100644 => 100755 src/stc-firewall.c diff --git a/src/database/include/table-firewall.h b/src/database/include/table-firewall.h old mode 100644 new mode 100755 index e15668f..70adca4 --- a/src/database/include/table-firewall.h +++ b/src/database/include/table-firewall.h @@ -39,7 +39,7 @@ stc_error_e table_firewall_foreach_chain(firewall_chain_cb info_cb, stc_error_e table_firewall_insert_rule(firewall_rule_s *info); stc_error_e table_firewall_delete_rule(firewall_rule_s *info); -stc_error_e table_firewall_update_rule(firewall_rule_s *info); +stc_error_e table_firewall_update_rule(firewall_rule_s *info, guint key); stc_error_e table_firewall_foreach_rule(firewall_rule_cb info_cb, void *user_data); diff --git a/src/database/tables/table-firewall.c b/src/database/tables/table-firewall.c old mode 100644 new mode 100755 index 3c811c7..d74acfc --- a/src/database/tables/table-firewall.c +++ b/src/database/tables/table-firewall.c @@ -69,7 +69,7 @@ "s_port_type = ?, d_port_type = ?, protocol = ?, family = ?, " \ "s_ip1 = ?, s_ip2 = ?, d_ip1 = ?, d_ip2 = ?, s_port1 = ?, " \ "s_port2 = ?, d_port1 = ?, d_port2 = ?, ifname = ?, " \ - "target = ?, identifier = ? " \ + "target = ?, identifier = ?, key = ? " \ "WHERE key = ?" /* INSERT statement */ @@ -645,7 +645,7 @@ handle_error: return error_code; } -stc_error_e table_firewall_update_rule(firewall_rule_s *info) +stc_error_e table_firewall_update_rule(firewall_rule_s *info, guint key) { stc_error_e error_code = STC_ERROR_NONE; char buf[BUF_SIZE_FOR_IP]; @@ -721,6 +721,7 @@ stc_error_e table_firewall_update_rule(firewall_rule_s *info) DB_ACTION(sqlite3_bind_text(stmt, 19, info->identifier ? info->identifier : "", -1, SQLITE_TRANSIENT)); DB_ACTION(sqlite3_bind_int64(stmt, 20, info->key)); + DB_ACTION(sqlite3_bind_int64(stmt, 21, key)); if (sqlite3_step(stmt) != SQLITE_DONE) { STC_LOGE("Failed to update firewall rule %s\n", diff --git a/src/stc-firewall.c b/src/stc-firewall.c old mode 100644 new mode 100755 index 236169b..ff4bc02 --- a/src/stc-firewall.c +++ b/src/stc-firewall.c @@ -190,9 +190,11 @@ static void __fw_rule_make_key(firewall_rule_s *rule, g_string_append_printf(str, "_%s", (rule->ifname) ? rule->ifname : ""); g_string_append_printf(str, "_%u", rule->target); + FREE(rule->identifier); rule->identifier = g_string_free(str, FALSE); rule->key = g_str_hash(rule->identifier); + FREE(info->identifier); info->identifier = g_strdup(rule->identifier); info->key = rule->key; @@ -728,6 +730,7 @@ static stc_error_e __fw_rule_add(firewall_rule_s *info) comp = g_slist_find_custom(lookup->rules, rule, __fw_rule_comp); if (comp) { STC_LOGD("rule already present"); + __fw_rule_free(rule); return STC_ERROR_ALREADY_DATA; } @@ -777,7 +780,8 @@ static stc_error_e __fw_rule_update(const firewall_rule_s *info) stc_fw_data_s *lookup; GSList *rule_list; GSList *comp; - firewall_rule_s *rule; + firewall_rule_s *origin_rule; + firewall_rule_s *update_rule; ret_value_msg_if(g_firewalls == NULL, STC_ERROR_FAIL, @@ -801,8 +805,29 @@ static stc_error_e __fw_rule_update(const firewall_rule_s *info) return STC_ERROR_NO_DATA; } - rule = comp->data; - __fw_rule_copy(rule, info); + origin_rule = comp->data; + + update_rule = MALLOC0(firewall_rule_s, 1); + if (!update_rule) { + STC_LOGE("rule allocation failed"); + return STC_ERROR_OUT_OF_MEMORY; + } + + memset(update_rule, 0, sizeof(firewall_rule_s)); + __fw_rule_copy(update_rule, info); + __fw_rule_make_key(update_rule, info); + + comp = g_slist_find_custom(lookup->rules, update_rule, __fw_rule_comp); + if (comp) { + STC_LOGD("rule already present"); + __fw_rule_free(update_rule); + return STC_ERROR_ALREADY_DATA; + } + + lookup->rules = g_slist_remove(lookup->rules, origin_rule); + __fw_rule_free(origin_rule); + + lookup->rules = g_slist_append(lookup->rules, update_rule); return STC_ERROR_NONE; } @@ -1486,6 +1511,7 @@ gboolean handle_firewall_update_rule(StcFirewall *object, __STC_LOG_FUNC_ENTER__; GVariantIter *iter = NULL; firewall_rule_s *rule; + guint key; int ret = STC_ERROR_NONE; STC_FIREWALL_CHECK_LOCK_STATE(invocation); @@ -1514,9 +1540,10 @@ gboolean handle_firewall_update_rule(StcFirewall *object, return TRUE; } + key = rule->key; ret = __fw_rule_update(rule); if (ret == STC_ERROR_NONE) { - table_firewall_update_rule(rule); + table_firewall_update_rule(rule, key); } else { __fw_rule_free(rule); STC_FIREWALL_DBUS_REPLY_ERROR(invocation, ret); -- 2.7.4 From ccc68744ede3f8eeca6d438b335b9c525b2de6d2 Mon Sep 17 00:00:00 2001 From: hyunuktak Date: Wed, 18 Jul 2018 17:14:28 +0900 Subject: [PATCH 07/16] Added log and nflog rule for firewall Change-Id: I7361422a530040610eb45328073ebc75f906cfe1 Signed-off-by: hyunuktak --- data/firewall_db.sql | 6 + include/stc-manager.h | 5 +- packaging/stc-manager.spec | 2 +- src/database/tables/table-firewall.c | 56 ++++-- src/helper/helper-firewall.c | 198 +++++++++++--------- src/helper/helper-firewall.h | 35 ++++ src/stc-firewall.c | 342 +++++++++++++++++++++++++---------- 7 files changed, 446 insertions(+), 198 deletions(-) mode change 100644 => 100755 src/helper/helper-firewall.c mode change 100644 => 100755 src/helper/helper-firewall.h diff --git a/data/firewall_db.sql b/data/firewall_db.sql index 9a0bfdb..a985623 100644 --- a/data/firewall_db.sql +++ b/data/firewall_db.sql @@ -29,6 +29,12 @@ CREATE TABLE IF NOT EXISTS fw_rules ( d_port2 INT, ifname TEXT NOT NULL, target INT, + log_level INT, + log_prefix TEXT NOT NULL, + nflog_group INT, + nflog_prefix TEXT NOT NULL, + nflog_range INT, + nflog_threshold INT, identifier TEXT NOT NULL ); diff --git a/include/stc-manager.h b/include/stc-manager.h index 14d5cc6..898e7ae 100644 --- a/include/stc-manager.h +++ b/include/stc-manager.h @@ -94,7 +94,8 @@ typedef enum { typedef enum { STC_FW_CHAIN_TARGET_NONE, STC_FW_CHAIN_TARGET_INPUT, - STC_FW_CHAIN_TARGET_OUTPUT + STC_FW_CHAIN_TARGET_OUTPUT, + STC_FW_CHAIN_TARGET_MAX } stc_fw_chain_target_e; typedef enum { @@ -102,6 +103,8 @@ typedef enum { STC_FW_RULE_TARGET_ACCEPT, STC_FW_RULE_TARGET_DROP, STC_FW_RULE_TARGET_LOG, + STC_FW_RULE_TARGET_NFLOG, + STC_FW_RULE_TARGET_MAX } stc_fw_rule_target_e; /** diff --git a/packaging/stc-manager.spec b/packaging/stc-manager.spec index 6b837c0..b379e73 100644 --- a/packaging/stc-manager.spec +++ b/packaging/stc-manager.spec @@ -1,6 +1,6 @@ Name: stc-manager Summary: STC(Smart Traffic Control) manager -Version: 0.0.71 +Version: 0.0.72 Release: 0 Group: Network & Connectivity/Other License: Apache-2.0 diff --git a/src/database/tables/table-firewall.c b/src/database/tables/table-firewall.c index d74acfc..3eac6cf 100755 --- a/src/database/tables/table-firewall.c +++ b/src/database/tables/table-firewall.c @@ -46,13 +46,19 @@ #define SELECT_FIREWALL_RULE "SELECT key, " \ "chain, direction, s_ip_type, d_ip_type, s_port_type, " \ "d_port_type, protocol, family, s_ip1, s_ip2, d_ip1, d_ip2, " \ - "s_port1, s_port2, d_port1, d_port2, ifname, target, identifier " \ + "s_port1, s_port2, d_port1, d_port2, ifname, target, " \ + "log_level, log_prefix, " \ + "nflog_group, nflog_prefix, nflog_range, nflog_threshold, " \ + "identifier " \ "FROM fw_rules" #define SELECT_FIREWALL_RULE_PER_CHAIN "SELECT key, " \ "chain, direction, s_ip_type, d_ip_type, s_port_type, " \ "d_port_type, protocol, family, s_ip1, s_ip2, d_ip1, d_ip2, " \ - "s_port1, s_port2, d_port1, d_port2, ifname, target, identifier " \ + "s_port1, s_port2, d_port1, d_port2, ifname, target, " \ + "log_level, log_prefix, " \ + "nflog_group, nflog_prefix, nflog_range, nflog_threshold, " \ + "identifier " \ "FROM fw_rules INDEXED BY rules_index " \ "WHERE chain = ?" @@ -68,8 +74,10 @@ "SET chain = ?, direction = ?, s_ip_type = ?, d_ip_type = ?, " \ "s_port_type = ?, d_port_type = ?, protocol = ?, family = ?, " \ "s_ip1 = ?, s_ip2 = ?, d_ip1 = ?, d_ip2 = ?, s_port1 = ?, " \ - "s_port2 = ?, d_port1 = ?, d_port2 = ?, ifname = ?, " \ - "target = ?, identifier = ?, key = ? " \ + "s_port2 = ?, d_port1 = ?, d_port2 = ?, ifname = ?, target = ?, " \ + "log_level = ?, log_prefix = ?, " \ + "nflog_group = ?, nflog_prefix = ?, nflog_range = ?, nflog_threshold = ?, " \ + "identifier = ?, key = ? " \ "WHERE key = ?" /* INSERT statement */ @@ -83,8 +91,12 @@ #define INSERT_FIREWALL_RULE "INSERT INTO fw_rules " \ "(key, chain, direction, s_ip_type, d_ip_type, s_port_type, " \ "d_port_type, protocol, family, s_ip1, s_ip2, d_ip1, d_ip2, " \ - "s_port1, s_port2, d_port1, d_port2, ifname, target, identifier) " \ - "VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)" + "s_port1, s_port2, d_port1, d_port2, ifname, target, " \ + "log_level, log_prefix, " \ + "nflog_group, nflog_prefix, nflog_range, nflog_threshold, " \ + "identifier) " \ + "VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, " \ + "?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)" static void __finalize_delete(void); @@ -601,7 +613,15 @@ stc_error_e table_firewall_insert_rule(firewall_rule_s *info) DB_ACTION(sqlite3_bind_text(stmt, 18, info->ifname ? info->ifname : "", -1, SQLITE_TRANSIENT)); DB_ACTION(sqlite3_bind_int(stmt, 19, info->target)); - DB_ACTION(sqlite3_bind_text(stmt, 20, info->identifier ? info->identifier : "", + DB_ACTION(sqlite3_bind_int(stmt, 20, info->log_level)); + DB_ACTION(sqlite3_bind_text(stmt, 21, info->log_prefix ? info->log_prefix : "", + -1, SQLITE_TRANSIENT)); + DB_ACTION(sqlite3_bind_int(stmt, 22, info->nflog_group)); + DB_ACTION(sqlite3_bind_text(stmt, 23, info->nflog_prefix ? info->nflog_prefix : "", + -1, SQLITE_TRANSIENT)); + DB_ACTION(sqlite3_bind_int(stmt, 24, info->nflog_range)); + DB_ACTION(sqlite3_bind_int(stmt, 25, info->nflog_threshold)); + DB_ACTION(sqlite3_bind_text(stmt, 26, info->identifier ? info->identifier : "", -1, SQLITE_TRANSIENT)); if (sqlite3_step(stmt) != SQLITE_DONE) { @@ -718,10 +738,18 @@ stc_error_e table_firewall_update_rule(firewall_rule_s *info, guint key) DB_ACTION(sqlite3_bind_text(stmt, 17, info->ifname ? info->ifname : "", -1, SQLITE_TRANSIENT)); DB_ACTION(sqlite3_bind_int(stmt, 18, info->target)); - DB_ACTION(sqlite3_bind_text(stmt, 19, info->identifier ? info->identifier : "", + DB_ACTION(sqlite3_bind_int(stmt, 19, info->log_level)); + DB_ACTION(sqlite3_bind_text(stmt, 20, info->log_prefix ? info->log_prefix : "", + -1, SQLITE_TRANSIENT)); + DB_ACTION(sqlite3_bind_int(stmt, 21, info->nflog_group)); + DB_ACTION(sqlite3_bind_text(stmt, 22, info->nflog_prefix ? info->nflog_prefix : "", + -1, SQLITE_TRANSIENT)); + DB_ACTION(sqlite3_bind_int(stmt, 23, info->nflog_range)); + DB_ACTION(sqlite3_bind_int(stmt, 24, info->nflog_threshold)); + DB_ACTION(sqlite3_bind_text(stmt, 25, info->identifier ? info->identifier : "", -1, SQLITE_TRANSIENT)); - DB_ACTION(sqlite3_bind_int64(stmt, 20, info->key)); - DB_ACTION(sqlite3_bind_int64(stmt, 21, key)); + DB_ACTION(sqlite3_bind_int64(stmt, 26, info->key)); + DB_ACTION(sqlite3_bind_int64(stmt, 27, key)); if (sqlite3_step(stmt) != SQLITE_DONE) { STC_LOGE("Failed to update firewall rule %s\n", @@ -793,7 +821,13 @@ stc_error_e table_firewall_foreach_rule(firewall_rule_cb info_cb, info.d_port2 = sqlite3_column_int(stmt, 16); info.ifname = (char *)sqlite3_column_text(stmt, 17); info.target = sqlite3_column_int(stmt, 18); - info.identifier = (char *)sqlite3_column_text(stmt, 19); + info.log_level = sqlite3_column_int(stmt, 19); + info.log_prefix = (char *)sqlite3_column_text(stmt, 20); + info.nflog_group = sqlite3_column_int(stmt, 21); + info.nflog_prefix = (char *)sqlite3_column_text(stmt, 22); + info.nflog_range = sqlite3_column_int(stmt, 23); + info.nflog_threshold = sqlite3_column_int(stmt, 24); + info.identifier = (char *)sqlite3_column_text(stmt, 25); if (info_cb(&info, user_data) == STC_CANCEL) rc = SQLITE_DONE; diff --git a/src/helper/helper-firewall.c b/src/helper/helper-firewall.c old mode 100644 new mode 100755 index 1df9621..14dff41 --- a/src/helper/helper-firewall.c +++ b/src/helper/helper-firewall.c @@ -37,26 +37,6 @@ #define BUF_SIZE_FOR_IP 64 -#define RULE_CHAIN "chain" -#define RULE_DIRECTION "direction" -#define RULE_IFNAME "ifname" -#define RULE_PROTOCOL "protocol" -#define RULE_TARGET "target" - -#define RULE_FAMILY "family" -#define RULE_SIPTYPE "s_ip_type" -#define RULE_SIP1 "s_ip1" -#define RULE_SIP2 "s_ip2" -#define RULE_DIPTYPE "d_ip_type" -#define RULE_DIP1 "d_ip1" -#define RULE_DIP2 "d_ip2" -#define RULE_SPORTTYPE "s_port_type" -#define RULE_SPORT1 "s_port1" -#define RULE_SPORT2 "s_port2" -#define RULE_DPORTTYPE "d_port_type" -#define RULE_DPORT1 "d_port1" -#define RULE_DPORT2 "d_port2" - static void __fw_add_rule_info_to_builder(GVariantBuilder *builder, firewall_rule_s *rule) { @@ -92,95 +72,141 @@ static void __fw_add_rule_info_to_builder(GVariantBuilder *builder, switch (rule->family) { case STC_FW_FAMILY_V4: - if (rule->s_ip1.Ipv4.s_addr) - g_variant_builder_add(builder, "{sv}", RULE_SIP1, - g_variant_new_uint32(rule->s_ip1.Ipv4.s_addr)); + if (rule->s_ip_type != STC_FW_IP_NONE) { + if (rule->s_ip1.Ipv4.s_addr) + g_variant_builder_add(builder, "{sv}", RULE_SIP1, + g_variant_new_uint32(rule->s_ip1.Ipv4.s_addr)); - if (rule->s_ip2.Ipv4.s_addr) - g_variant_builder_add(builder, "{sv}", RULE_SIP2, - g_variant_new_uint32(rule->s_ip2.Ipv4.s_addr)); + if (rule->s_ip2.Ipv4.s_addr) + g_variant_builder_add(builder, "{sv}", RULE_SIP2, + g_variant_new_uint32(rule->s_ip2.Ipv4.s_addr)); + } - if (rule->d_ip1.Ipv4.s_addr) - g_variant_builder_add(builder, "{sv}", RULE_DIP1, - g_variant_new_uint32(rule->d_ip1.Ipv4.s_addr)); + if (rule->d_ip_type != STC_FW_IP_NONE) { + if (rule->d_ip1.Ipv4.s_addr) + g_variant_builder_add(builder, "{sv}", RULE_DIP1, + g_variant_new_uint32(rule->d_ip1.Ipv4.s_addr)); - if (rule->d_ip2.Ipv4.s_addr) - g_variant_builder_add(builder, "{sv}", RULE_DIP2, - g_variant_new_uint32(rule->d_ip2.Ipv4.s_addr)); + if (rule->d_ip2.Ipv4.s_addr) + g_variant_builder_add(builder, "{sv}", RULE_DIP2, + g_variant_new_uint32(rule->d_ip2.Ipv4.s_addr)); + } break; case STC_FW_FAMILY_V6: { char buf[BUF_SIZE_FOR_IP]; - if (rule->s_ip1.Ipv6.s6_addr32[0] || rule->s_ip1.Ipv6.s6_addr32[1] || - rule->s_ip1.Ipv6.s6_addr32[2] || rule->s_ip1.Ipv6.s6_addr32[3]) { - memset(buf, 0, sizeof(buf)); - snprintf(buf, sizeof(buf), "%08x:%08x:%08x:%08x", - rule->s_ip1.Ipv6.s6_addr32[0], rule->s_ip1.Ipv6.s6_addr32[1], - rule->s_ip1.Ipv6.s6_addr32[2], rule->s_ip1.Ipv6.s6_addr32[3]); - g_variant_builder_add(builder, "{sv}", RULE_SIP1, - g_variant_new_string(buf)); + if (rule->s_ip_type != STC_FW_IP_NONE) { + if (rule->s_ip1.Ipv6.s6_addr32[0] || rule->s_ip1.Ipv6.s6_addr32[1] || + rule->s_ip1.Ipv6.s6_addr32[2] || rule->s_ip1.Ipv6.s6_addr32[3]) { + memset(buf, 0, sizeof(buf)); + snprintf(buf, sizeof(buf), "%08x:%08x:%08x:%08x", + rule->s_ip1.Ipv6.s6_addr32[0], rule->s_ip1.Ipv6.s6_addr32[1], + rule->s_ip1.Ipv6.s6_addr32[2], rule->s_ip1.Ipv6.s6_addr32[3]); + g_variant_builder_add(builder, "{sv}", RULE_SIP1, + g_variant_new_string(buf)); + } + + if (rule->s_ip2.Ipv6.s6_addr32[0] || rule->s_ip2.Ipv6.s6_addr32[1] || + rule->s_ip2.Ipv6.s6_addr32[2] || rule->s_ip2.Ipv6.s6_addr32[3]) { + memset(buf, 0, sizeof(buf)); + snprintf(buf, sizeof(buf), "%08x:%08x:%08x:%08x", + rule->s_ip2.Ipv6.s6_addr32[0], rule->s_ip2.Ipv6.s6_addr32[1], + rule->s_ip2.Ipv6.s6_addr32[2], rule->s_ip2.Ipv6.s6_addr32[3]); + g_variant_builder_add(builder, "{sv}", RULE_SIP2, + g_variant_new_string(buf)); + } } - if (rule->s_ip2.Ipv6.s6_addr32[0] || rule->s_ip2.Ipv6.s6_addr32[1] || - rule->s_ip2.Ipv6.s6_addr32[2] || rule->s_ip2.Ipv6.s6_addr32[3]) { - memset(buf, 0, sizeof(buf)); - snprintf(buf, sizeof(buf), "%08x:%08x:%08x:%08x", - rule->s_ip2.Ipv6.s6_addr32[0], rule->s_ip2.Ipv6.s6_addr32[1], - rule->s_ip2.Ipv6.s6_addr32[2], rule->s_ip2.Ipv6.s6_addr32[3]); - g_variant_builder_add(builder, "{sv}", RULE_SIP2, - g_variant_new_string(buf)); + if (rule->d_ip_type != STC_FW_IP_NONE) { + if (rule->d_ip1.Ipv6.s6_addr32[0] || rule->d_ip1.Ipv6.s6_addr32[1] || + rule->d_ip1.Ipv6.s6_addr32[2] || rule->d_ip1.Ipv6.s6_addr32[3]) { + memset(buf, 0, sizeof(buf)); + snprintf(buf, sizeof(buf), "%08x:%08x:%08x:%08x", + rule->d_ip1.Ipv6.s6_addr32[0], rule->d_ip1.Ipv6.s6_addr32[1], + rule->d_ip1.Ipv6.s6_addr32[2], rule->d_ip1.Ipv6.s6_addr32[3]); + g_variant_builder_add(builder, "{sv}", RULE_DIP1, + g_variant_new_string(buf)); + } + + if (rule->d_ip2.Ipv6.s6_addr32[0] || rule->d_ip2.Ipv6.s6_addr32[1] || + rule->d_ip2.Ipv6.s6_addr32[2] || rule->d_ip2.Ipv6.s6_addr32[3]) { + memset(buf, 0, sizeof(buf)); + snprintf(buf, sizeof(buf), "%08x:%08x:%08x:%08x", + rule->d_ip2.Ipv6.s6_addr32[0], rule->d_ip2.Ipv6.s6_addr32[1], + rule->d_ip2.Ipv6.s6_addr32[2], rule->d_ip2.Ipv6.s6_addr32[3]); + g_variant_builder_add(builder, "{sv}", RULE_DIP2, + g_variant_new_string(buf)); + } } - if (rule->d_ip1.Ipv6.s6_addr32[0] || rule->d_ip1.Ipv6.s6_addr32[1] || - rule->d_ip1.Ipv6.s6_addr32[2] || rule->d_ip1.Ipv6.s6_addr32[3]) { - memset(buf, 0, sizeof(buf)); - snprintf(buf, sizeof(buf), "%08x:%08x:%08x:%08x", - rule->d_ip1.Ipv6.s6_addr32[0], rule->d_ip1.Ipv6.s6_addr32[1], - rule->d_ip1.Ipv6.s6_addr32[2], rule->d_ip1.Ipv6.s6_addr32[3]); - g_variant_builder_add(builder, "{sv}", RULE_DIP1, - g_variant_new_string(buf)); - } - - if (rule->d_ip2.Ipv6.s6_addr32[0] || rule->d_ip2.Ipv6.s6_addr32[1] || - rule->d_ip2.Ipv6.s6_addr32[2] || rule->d_ip2.Ipv6.s6_addr32[3]) { - memset(buf, 0, sizeof(buf)); - snprintf(buf, sizeof(buf), "%08x:%08x:%08x:%08x", - rule->d_ip2.Ipv6.s6_addr32[0], rule->d_ip2.Ipv6.s6_addr32[1], - rule->d_ip2.Ipv6.s6_addr32[2], rule->d_ip2.Ipv6.s6_addr32[3]); - g_variant_builder_add(builder, "{sv}", RULE_DIP2, - g_variant_new_string(buf)); - } } break; default: break; } - if (rule->s_port1) - g_variant_builder_add(builder, "{sv}", RULE_SPORT1, - g_variant_new_uint32(rule->s_port1)); + if (rule->s_port_type != STC_FW_PORT_NONE) { + if (rule->s_port1) + g_variant_builder_add(builder, "{sv}", RULE_SPORT1, + g_variant_new_uint32(rule->s_port1)); - if (rule->s_port2) - g_variant_builder_add(builder, "{sv}", RULE_SPORT2, - g_variant_new_uint32(rule->s_port2)); + if (rule->s_port2) + g_variant_builder_add(builder, "{sv}", RULE_SPORT2, + g_variant_new_uint32(rule->s_port2)); + } - if (rule->d_port1) - g_variant_builder_add(builder, "{sv}", RULE_DPORT1, - g_variant_new_uint32(rule->d_port1)); + if (rule->s_port_type != STC_FW_PORT_NONE) { + if (rule->d_port1) + g_variant_builder_add(builder, "{sv}", RULE_DPORT1, + g_variant_new_uint32(rule->d_port1)); - if (rule->d_port2) - g_variant_builder_add(builder, "{sv}", RULE_DPORT2, - g_variant_new_uint32(rule->d_port2)); + if (rule->d_port2) + g_variant_builder_add(builder, "{sv}", RULE_DPORT2, + g_variant_new_uint32(rule->d_port2)); + } - if (rule->ifname) - g_variant_builder_add(builder, "{sv}", RULE_IFNAME, - g_variant_new_string(rule->ifname)); + if (rule->direction != STC_FW_DIRECTION_NONE) { + if (rule->ifname && rule->ifname[0] != '\0') + g_variant_builder_add(builder, "{sv}", RULE_IFNAME, + g_variant_new_string(rule->ifname)); + } - if (rule->target_str) + if (rule->target_str && rule->target_str[0] != '\0') g_variant_builder_add(builder, "{sv}", RULE_TARGET, g_variant_new_string(rule->target_str)); + + if (rule->target != STC_FW_RULE_TARGET_NONE) + g_variant_builder_add(builder, "{sv}", RULE_TARGETTYPE, + g_variant_new_uint16(rule->target)); + + switch (rule->target) { + case STC_FW_RULE_TARGET_LOG: + g_variant_builder_add(builder, "{sv}", RULE_LOG_LEVEL, + g_variant_new_uint16(rule->log_level)); + + if (rule->log_prefix && rule->log_prefix[0] != '\0') + g_variant_builder_add(builder, "{sv}", RULE_LOG_PREFIX, + g_variant_new_string(rule->log_prefix)); + break; + case STC_FW_RULE_TARGET_NFLOG: + g_variant_builder_add(builder, "{sv}", RULE_NFLOG_GROUP, + g_variant_new_uint16(rule->nflog_group)); + + if (rule->nflog_prefix && rule->nflog_prefix[0] != '\0') + g_variant_builder_add(builder, "{sv}", RULE_NFLOG_PREFIX, + g_variant_new_string(rule->nflog_prefix)); + + g_variant_builder_add(builder, "{sv}", RULE_NFLOG_RANGE, + g_variant_new_uint16(rule->nflog_range)); + + g_variant_builder_add(builder, "{sv}", RULE_NFLOG_THRESHOLD, + g_variant_new_uint16(rule->nflog_threshold)); + break; + default: + break; + } } static int __fw_add_chain(GDBusConnection *connection, @@ -625,8 +651,6 @@ stc_error_e firewall_chain_unset(firewall_chain_s *chain) stc_error_e firewall_rule_add(firewall_rule_s *rule) { - __STC_LOG_FUNC_ENTER__; - stc_error_e ret = STC_ERROR_NONE; stc_s *stc = stc_get_manager(); @@ -665,14 +689,11 @@ stc_error_e firewall_rule_add(firewall_rule_s *rule) break; } - __STC_LOG_FUNC_EXIT__; return ret; } stc_error_e firewall_rule_remove(firewall_rule_s *rule) { - __STC_LOG_FUNC_ENTER__; - stc_error_e ret = STC_ERROR_NONE; stc_s *stc = stc_get_manager(); @@ -711,6 +732,5 @@ stc_error_e firewall_rule_remove(firewall_rule_s *rule) break; } - __STC_LOG_FUNC_EXIT__; return ret; } diff --git a/src/helper/helper-firewall.h b/src/helper/helper-firewall.h old mode 100644 new mode 100755 index 8a1dbea..2c779bb --- a/src/helper/helper-firewall.h +++ b/src/helper/helper-firewall.h @@ -28,6 +28,35 @@ #define FIREWALL_RULE_TARGET_ACCEPT "ACCEPT" #define FIREWALL_RULE_TARGET_DROP "DROP" #define FIREWALL_RULE_TARGET_LOG "LOG" +#define FIREWALL_RULE_TARGET_NFLOG "NFLOG" + +#define RULE_CHAIN "chain" +#define RULE_DIRECTION "direction" +#define RULE_IFNAME "ifname" +#define RULE_PROTOCOL "protocol" +#define RULE_TARGET "target" +#define RULE_TARGETTYPE "target_type" + +#define RULE_FAMILY "family" +#define RULE_SIPTYPE "s_ip_type" +#define RULE_SIP1 "s_ip1" +#define RULE_SIP2 "s_ip2" +#define RULE_DIPTYPE "d_ip_type" +#define RULE_DIP1 "d_ip1" +#define RULE_DIP2 "d_ip2" +#define RULE_SPORTTYPE "s_port_type" +#define RULE_SPORT1 "s_port1" +#define RULE_SPORT2 "s_port2" +#define RULE_DPORTTYPE "d_port_type" +#define RULE_DPORT1 "d_port1" +#define RULE_DPORT2 "d_port2" + +#define RULE_LOG_LEVEL "log_level" +#define RULE_LOG_PREFIX "log_prefix" +#define RULE_NFLOG_GROUP "nflog_group" +#define RULE_NFLOG_PREFIX "nflog_prefix" +#define RULE_NFLOG_RANGE "nflog_range" +#define RULE_NFLOG_THRESHOLD "nflog_threshold" typedef enum { FIREWALL_UNKONWN, @@ -67,6 +96,12 @@ typedef struct { char *ifname; stc_fw_rule_target_e target; char *target_str; + guchar log_level; + char *log_prefix; + guint nflog_group; + char *nflog_prefix; + guint nflog_range; + guint nflog_threshold; char *identifier; } firewall_rule_s; diff --git a/src/stc-firewall.c b/src/stc-firewall.c index ff4bc02..c18f5da 100755 --- a/src/stc-firewall.c +++ b/src/stc-firewall.c @@ -28,31 +28,9 @@ #define CHAIN_TARGET "target" #define CHAIN_PRIORITY "priority" -#define RULE_CHAIN "chain" -#define RULE_DIRECTION "direction" -#define RULE_SIPTYPE "s_ip_type" -#define RULE_DIPTYPE "d_ip_type" -#define RULE_SPORTTYPE "s_port_type" -#define RULE_DPORTTYPE "d_port_type" -#define RULE_PROTOCOL "protocol" -#define RULE_FAMILY "family" -#define RULE_SIP1 "s_ip1" -#define RULE_SIP2 "s_ip2" -#define RULE_DIP1 "d_ip1" -#define RULE_DIP2 "d_ip2" -#define RULE_SPORT1 "s_port1" -#define RULE_SPORT2 "s_port2" -#define RULE_DPORT1 "d_port1" -#define RULE_DPORT2 "d_port2" -#define RULE_IFNAME "ifname" -#define RULE_TARGET "target" #define RULE_IDENTIFIER "identifier" #define RULE_KEY "key" -#define RULE_TARGET_ACCEPT "ACCEPT" -#define RULE_TARGET_DROP "DROP" -#define RULE_TARGET_LOG "LOG" - #define FIREWALL_DBUS_ERROR_NAME "net.stc.firewall.Error.Failed" #define STC_FIREWALL_DBUS_REPLY_ERROR(invocation, err_num) \ @@ -125,6 +103,22 @@ static void __fw_rule_copy(firewall_rule_s *rule, rule->target_str = g_strdup(info->target_str); } + rule->log_level = info->log_level; + + if (info->log_prefix) { + FREE(rule->log_prefix); + rule->log_prefix = g_strdup(info->log_prefix); + } + + rule->nflog_group = info->nflog_group; + rule->nflog_range = info->nflog_range; + rule->nflog_threshold = info->nflog_threshold; + + if (info->nflog_prefix) { + FREE(rule->nflog_prefix); + rule->nflog_prefix = g_strdup(info->nflog_prefix); + } + if (info->identifier) { FREE(rule->identifier); rule->identifier = g_strdup(info->identifier); @@ -190,6 +184,21 @@ static void __fw_rule_make_key(firewall_rule_s *rule, g_string_append_printf(str, "_%s", (rule->ifname) ? rule->ifname : ""); g_string_append_printf(str, "_%u", rule->target); + switch (rule->target) { + case STC_FW_RULE_TARGET_LOG: + g_string_append_printf(str, "_%u", rule->log_level); + g_string_append_printf(str, "_%s", rule->log_prefix); + break; + case STC_FW_RULE_TARGET_NFLOG: + g_string_append_printf(str, "_%u", rule->nflog_group); + g_string_append_printf(str, "_%s", rule->nflog_prefix); + g_string_append_printf(str, "_%u", rule->nflog_range); + g_string_append_printf(str, "_%u", rule->nflog_threshold); + break; + default: + break; + } + FREE(rule->identifier); rule->identifier = g_string_free(str, FALSE); rule->key = g_str_hash(rule->identifier); @@ -208,6 +217,9 @@ static void __fw_rule_free(void *data) FREE(rule->chain); FREE(rule->ifname); + FREE(rule->target_str); + FREE(rule->log_prefix); + FREE(rule->nflog_prefix); FREE(rule->identifier); FREE(rule); } @@ -552,6 +564,33 @@ static void __fw_rule_make_params(gpointer data, gpointer user_data) g_variant_builder_add(&sub_builder, "{sv}", RULE_TARGET, g_variant_new_uint16(rule->target)); + switch (rule->target) { + case STC_FW_RULE_TARGET_LOG: + g_variant_builder_add(&sub_builder, "{sv}", RULE_LOG_LEVEL, + g_variant_new_uint16(rule->log_level)); + + if (rule->log_prefix) + g_variant_builder_add(&sub_builder, "{sv}", RULE_LOG_PREFIX, + g_variant_new_string(rule->log_prefix)); + break; + case STC_FW_RULE_TARGET_NFLOG: + g_variant_builder_add(&sub_builder, "{sv}", RULE_NFLOG_GROUP, + g_variant_new_uint16(rule->nflog_group)); + + if (rule->nflog_prefix) + g_variant_builder_add(&sub_builder, "{sv}", RULE_NFLOG_PREFIX, + g_variant_new_string(rule->nflog_prefix)); + + g_variant_builder_add(&sub_builder, "{sv}", RULE_NFLOG_RANGE, + g_variant_new_uint16(rule->nflog_range)); + + g_variant_builder_add(&sub_builder, "{sv}", RULE_NFLOG_THRESHOLD, + g_variant_new_uint16(rule->nflog_threshold)); + break; + default: + break; + } + g_variant_builder_add(&sub_builder, "{sv}", RULE_IDENTIFIER, g_variant_new_string(rule->identifier)); @@ -563,36 +602,79 @@ static void __fw_rule_make_params(gpointer data, gpointer user_data) static void __fw_rule_set_to_chain(gpointer data, gpointer user_data) { - firewall_rule_s *info = (firewall_rule_s *)data; + firewall_rule_s *rule = (firewall_rule_s *)data; char *chain = (char *)user_data; - firewall_rule_s rule; - if (chain && (g_strcmp0(info->chain, chain) != 0)) + if (chain && (g_strcmp0(rule->chain, chain) != 0)) return; - memset(&rule, 0, sizeof(firewall_rule_s)); - memcpy(&rule, info, sizeof(firewall_rule_s)); - rule.chain = g_strdup(info->chain); - rule.ifname = g_strdup(info->ifname); - switch (rule.target) { + switch (rule->target) { case STC_FW_RULE_TARGET_ACCEPT: - rule.target_str = g_strdup(FIREWALL_RULE_TARGET_ACCEPT); + FREE(rule->target_str); + rule->target_str = g_strdup(FIREWALL_RULE_TARGET_ACCEPT); break; case STC_FW_RULE_TARGET_DROP: - rule.target_str = g_strdup(FIREWALL_RULE_TARGET_DROP); + FREE(rule->target_str); + rule->target_str = g_strdup(FIREWALL_RULE_TARGET_DROP); break; case STC_FW_RULE_TARGET_LOG: - rule.target_str = g_strdup(FIREWALL_RULE_TARGET_LOG); + FREE(rule->target_str); + rule->target_str = g_strdup(FIREWALL_RULE_TARGET_LOG); + break; + case STC_FW_RULE_TARGET_NFLOG: + FREE(rule->target_str); + rule->target_str = g_strdup(FIREWALL_RULE_TARGET_NFLOG); + break; + default: + break; + } + + firewall_rule_add(rule); +} + +static void __fw_rule_print_rules(gpointer data, gpointer user_data) +{ + firewall_rule_s *rule = (firewall_rule_s *)data; + + STC_LOGD("[%s][%d][%s][%d][%d][%04x][%04x]" + "[%d][%04x][%04x][%d][%s][%d][%s][%d][%d]", + rule->chain, rule->direction, rule->ifname, + rule->protocol, + rule->s_port_type, rule->s_port1, rule->s_port2, + rule->d_port_type, rule->d_port1, rule->d_port2, + rule->target, rule->target_str, + rule->nflog_group, rule->nflog_prefix, + rule->nflog_range, rule->nflog_threshold); + + switch (rule->family) { + case STC_FW_FAMILY_V4: + STC_LOGD("[%d][%d][%08x][%08x][%d][%08x][%08x]", + rule->family, + rule->s_ip_type, rule->s_ip1.Ipv4.s_addr, rule->s_ip2.Ipv4.s_addr, + rule->d_ip_type, rule->d_ip1.Ipv4.s_addr, rule->d_ip2.Ipv4.s_addr); + break; + case STC_FW_FAMILY_V6: + STC_LOGD("[%d][%d][%08x:%08x:%08x:%08x][%08x:%08x:%08x:%08x]" + "[%d][%08x:%08x:%08x:%08x][%08x:%08x:%08x:%08x]", + rule->family, + rule->s_ip_type, + rule->s_ip1.Ipv6.s6_addr32[0], rule->s_ip1.Ipv6.s6_addr32[1], + rule->s_ip1.Ipv6.s6_addr32[2], rule->s_ip1.Ipv6.s6_addr32[3], + rule->d_ip_type, + rule->d_ip1.Ipv6.s6_addr32[0], rule->d_ip1.Ipv6.s6_addr32[1], + rule->d_ip1.Ipv6.s6_addr32[2], rule->d_ip1.Ipv6.s6_addr32[3]); break; default: break; } +} - firewall_rule_add(&rule); +static void __fw_foreach_to_print_rule(gpointer key, gpointer value, + gpointer user_data) +{ + stc_fw_data_s *data = (stc_fw_data_s *)value; - FREE(rule.chain); - FREE(rule.ifname); - FREE(rule.target_str); + g_slist_foreach(data->rules, __fw_rule_print_rules, user_data); } static void __fw_foreach_to_make_rule_param(gpointer key, gpointer value, @@ -775,7 +857,7 @@ static stc_error_e __fw_rule_remove(const firewall_rule_s *info) return STC_ERROR_NONE; } -static stc_error_e __fw_rule_update(const firewall_rule_s *info) +static stc_error_e __fw_rule_update(firewall_rule_s *info) { stc_fw_data_s *lookup; GSList *rule_list; @@ -835,8 +917,6 @@ static stc_error_e __fw_rule_update(const firewall_rule_s *info) static void __fw_rule_extract(const char *key, GVariant *value, void *user_data) { - __STC_LOG_FUNC_ENTER__; - firewall_rule_s *rule = (firewall_rule_s *)user_data; if (rule == NULL) { __STC_LOG_FUNC_EXIT__; @@ -878,83 +958,141 @@ static void __fw_rule_extract(const char *key, GVariant *value, STC_LOGD("%s: [%u]", RULE_FAMILY, rule->family); } else if (g_strcmp0(key, RULE_SIP1) == 0) { - guint str_length; - const gchar *str = g_variant_get_string(value, &str_length); - if (rule->family == STC_FW_FAMILY_V4) { - inet_pton(AF_INET, str, &(rule->s_ip1.Ipv4)); - STC_LOGD("%s: [%08x]", RULE_SIP1, rule->s_ip1.Ipv4.s_addr); - } else if (rule->family == STC_FW_FAMILY_V6) { - inet_pton(AF_INET6, str, &(rule->s_ip1.Ipv6)); - STC_LOGD("%s: [%08x:%08x:%08x:%08x]", RULE_SIP1, - rule->s_ip1.Ipv6.s6_addr32[0], rule->s_ip1.Ipv6.s6_addr32[1], - rule->s_ip1.Ipv6.s6_addr32[2], rule->s_ip1.Ipv6.s6_addr32[3]); + if (rule->s_ip_type != STC_FW_IP_NONE) { + guint str_length; + const gchar *str = g_variant_get_string(value, &str_length); + if (rule->family == STC_FW_FAMILY_V4) { + inet_pton(AF_INET, str, &(rule->s_ip1.Ipv4)); + STC_LOGD("%s: [%08x]", RULE_SIP1, rule->s_ip1.Ipv4.s_addr); + } else if (rule->family == STC_FW_FAMILY_V6) { + inet_pton(AF_INET6, str, &(rule->s_ip1.Ipv6)); + STC_LOGD("%s: [%08x:%08x:%08x:%08x]", RULE_SIP1, + rule->s_ip1.Ipv6.s6_addr32[0], rule->s_ip1.Ipv6.s6_addr32[1], + rule->s_ip1.Ipv6.s6_addr32[2], rule->s_ip1.Ipv6.s6_addr32[3]); + } } } else if (g_strcmp0(key, RULE_SIP2) == 0) { - guint str_length; - const gchar *str = g_variant_get_string(value, &str_length); - if (rule->family == STC_FW_FAMILY_V4) { - inet_pton(AF_INET, str, &(rule->s_ip2.Ipv4)); - STC_LOGD("%s: [%08x]", RULE_SIP2, rule->s_ip2.Ipv4.s_addr); - } else if (rule->family == STC_FW_FAMILY_V6) { - inet_pton(AF_INET6, str, &(rule->s_ip2.Ipv6)); - STC_LOGD("%s: [%08x:%08x:%08x:%08x]", RULE_SIP2, - rule->s_ip2.Ipv6.s6_addr32[0], rule->s_ip2.Ipv6.s6_addr32[1], - rule->s_ip2.Ipv6.s6_addr32[2], rule->s_ip2.Ipv6.s6_addr32[3]); + if (rule->s_ip_type != STC_FW_IP_NONE) { + guint str_length; + const gchar *str = g_variant_get_string(value, &str_length); + if (rule->family == STC_FW_FAMILY_V4) { + inet_pton(AF_INET, str, &(rule->s_ip2.Ipv4)); + STC_LOGD("%s: [%08x]", RULE_SIP2, rule->s_ip2.Ipv4.s_addr); + } else if (rule->family == STC_FW_FAMILY_V6) { + inet_pton(AF_INET6, str, &(rule->s_ip2.Ipv6)); + STC_LOGD("%s: [%08x:%08x:%08x:%08x]", RULE_SIP2, + rule->s_ip2.Ipv6.s6_addr32[0], rule->s_ip2.Ipv6.s6_addr32[1], + rule->s_ip2.Ipv6.s6_addr32[2], rule->s_ip2.Ipv6.s6_addr32[3]); + } } } else if (g_strcmp0(key, RULE_DIP1) == 0) { - guint str_length; - const gchar *str = g_variant_get_string(value, &str_length); - if (rule->family == STC_FW_FAMILY_V4) { - inet_pton(AF_INET, str, &(rule->d_ip1.Ipv4)); - STC_LOGD("%s: [%08x]", RULE_DIP1, rule->d_ip1.Ipv4.s_addr); - } else if (rule->family == STC_FW_FAMILY_V6) { - inet_pton(AF_INET6, str, &(rule->d_ip1.Ipv6)); - STC_LOGD("%s: [%08x:%08x:%08x:%08x]", RULE_DIP1, - rule->d_ip1.Ipv6.s6_addr32[0], rule->d_ip1.Ipv6.s6_addr32[1], - rule->d_ip1.Ipv6.s6_addr32[2], rule->d_ip1.Ipv6.s6_addr32[3]); + if (rule->d_ip_type != STC_FW_IP_NONE) { + guint str_length; + const gchar *str = g_variant_get_string(value, &str_length); + if (rule->family == STC_FW_FAMILY_V4) { + inet_pton(AF_INET, str, &(rule->d_ip1.Ipv4)); + STC_LOGD("%s: [%08x]", RULE_DIP1, rule->d_ip1.Ipv4.s_addr); + } else if (rule->family == STC_FW_FAMILY_V6) { + inet_pton(AF_INET6, str, &(rule->d_ip1.Ipv6)); + STC_LOGD("%s: [%08x:%08x:%08x:%08x]", RULE_DIP1, + rule->d_ip1.Ipv6.s6_addr32[0], rule->d_ip1.Ipv6.s6_addr32[1], + rule->d_ip1.Ipv6.s6_addr32[2], rule->d_ip1.Ipv6.s6_addr32[3]); + } } } else if (g_strcmp0(key, RULE_DIP2) == 0) { - guint str_length; - const gchar *str = g_variant_get_string(value, &str_length); - if (rule->family == STC_FW_FAMILY_V4) { - inet_pton(AF_INET, str, &(rule->d_ip2.Ipv4)); - STC_LOGD("%s: [%08x]", RULE_DIP2, rule->d_ip2.Ipv4.s_addr); - } else if (rule->family == STC_FW_FAMILY_V6) { - inet_pton(AF_INET6, str, &(rule->d_ip2.Ipv6)); - STC_LOGD("%s: [%08x:%08x:%08x:%08x]", RULE_DIP2, - rule->d_ip2.Ipv6.s6_addr32[0], rule->d_ip2.Ipv6.s6_addr32[1], - rule->d_ip2.Ipv6.s6_addr32[2], rule->d_ip2.Ipv6.s6_addr32[3]); + if (rule->d_ip_type != STC_FW_IP_NONE) { + guint str_length; + const gchar *str = g_variant_get_string(value, &str_length); + if (rule->family == STC_FW_FAMILY_V4) { + inet_pton(AF_INET, str, &(rule->d_ip2.Ipv4)); + STC_LOGD("%s: [%08x]", RULE_DIP2, rule->d_ip2.Ipv4.s_addr); + } else if (rule->family == STC_FW_FAMILY_V6) { + inet_pton(AF_INET6, str, &(rule->d_ip2.Ipv6)); + STC_LOGD("%s: [%08x:%08x:%08x:%08x]", RULE_DIP2, + rule->d_ip2.Ipv6.s6_addr32[0], rule->d_ip2.Ipv6.s6_addr32[1], + rule->d_ip2.Ipv6.s6_addr32[2], rule->d_ip2.Ipv6.s6_addr32[3]); + } } } else if (g_strcmp0(key, RULE_SPORT1) == 0) { - rule->s_port1 = g_variant_get_uint32(value); - STC_LOGD("%s: [%04x]", RULE_SPORT1, rule->s_port1); + if (rule->s_port_type != STC_FW_PORT_NONE) { + rule->s_port1 = g_variant_get_uint32(value); + STC_LOGD("%s: [%04x]", RULE_SPORT1, rule->s_port1); + } } else if (g_strcmp0(key, RULE_SPORT2) == 0) { - rule->s_port2 = g_variant_get_uint32(value); - STC_LOGD("%s: [%04x]", RULE_SPORT2, rule->s_port2); + if (rule->s_port_type != STC_FW_PORT_NONE) { + rule->s_port2 = g_variant_get_uint32(value); + STC_LOGD("%s: [%04x]", RULE_SPORT2, rule->s_port2); + } } else if (g_strcmp0(key, RULE_DPORT1) == 0) { - rule->d_port1 = g_variant_get_uint32(value); - STC_LOGD("%s: [%04x]", RULE_DPORT1, rule->d_port1); + if (rule->s_port_type != STC_FW_PORT_NONE) { + rule->d_port1 = g_variant_get_uint32(value); + STC_LOGD("%s: [%04x]", RULE_DPORT1, rule->d_port1); + } } else if (g_strcmp0(key, RULE_DPORT2) == 0) { - rule->d_port2 = g_variant_get_uint32(value); - STC_LOGD("%s: [%04x]", RULE_DPORT2, rule->d_port2); + if (rule->d_port_type != STC_FW_PORT_NONE) { + rule->d_port2 = g_variant_get_uint32(value); + STC_LOGD("%s: [%04x]", RULE_DPORT2, rule->d_port2); + } } else if (g_strcmp0(key, RULE_IFNAME) == 0) { - guint str_length; - const gchar *str = g_variant_get_string(value, &str_length); - rule->ifname = g_strdup(str); - STC_LOGD("%s: [%s]", RULE_IFNAME, rule->ifname); + if (rule->direction != STC_FW_DIRECTION_NONE) { + guint str_length; + const gchar *str = g_variant_get_string(value, &str_length); + rule->ifname = g_strdup(str); + STC_LOGD("%s: [%s]", RULE_IFNAME, rule->ifname); + } } else if (g_strcmp0(key, RULE_TARGET) == 0) { rule->target = g_variant_get_uint16(value); STC_LOGD("%s: [%u]", RULE_TARGET, rule->target); + } else if (g_strcmp0(key, RULE_LOG_LEVEL) == 0) { + if (rule->target == STC_FW_RULE_TARGET_LOG) { + rule->log_level = g_variant_get_uint16(value); + STC_LOGD("%s: [%u]", RULE_LOG_LEVEL, rule->log_level); + } + + } else if (g_strcmp0(key, RULE_LOG_PREFIX) == 0) { + if (rule->target == STC_FW_RULE_TARGET_LOG) { + guint str_length; + const gchar *str = g_variant_get_string(value, &str_length); + rule->log_prefix = g_strdup(str); + STC_LOGD("%s: [%s]", RULE_LOG_PREFIX, rule->log_prefix); + } + + } else if (g_strcmp0(key, RULE_NFLOG_GROUP) == 0) { + if (rule->target == STC_FW_RULE_TARGET_NFLOG) { + rule->nflog_group = g_variant_get_uint16(value); + STC_LOGD("%s: [%u]", RULE_NFLOG_GROUP, rule->nflog_group); + } + + } else if (g_strcmp0(key, RULE_NFLOG_PREFIX) == 0) { + if (rule->target == STC_FW_RULE_TARGET_NFLOG) { + guint str_length; + const gchar *str = g_variant_get_string(value, &str_length); + rule->nflog_prefix = g_strdup(str); + STC_LOGD("%s: [%s]", RULE_NFLOG_PREFIX, rule->nflog_prefix); + } + + } else if (g_strcmp0(key, RULE_NFLOG_RANGE) == 0) { + if (rule->target == STC_FW_RULE_TARGET_NFLOG) { + rule->nflog_range = g_variant_get_uint16(value); + STC_LOGD("%s: [%u]", RULE_NFLOG_RANGE, rule->nflog_range); + } + + } else if (g_strcmp0(key, RULE_NFLOG_THRESHOLD) == 0) { + if (rule->target == STC_FW_RULE_TARGET_NFLOG) { + rule->nflog_threshold = g_variant_get_uint16(value); + STC_LOGD("%s: [%u]", RULE_NFLOG_THRESHOLD, rule->nflog_threshold); + } + } else if (g_strcmp0(key, RULE_IDENTIFIER) == 0) { guint str_length; const gchar *str = g_variant_get_string(value, &str_length); @@ -968,8 +1106,6 @@ static void __fw_rule_extract(const char *key, GVariant *value, } else { STC_LOGD("Unknown rule [%s]", key); } - - __STC_LOG_FUNC_EXIT__; } gboolean __validate_fw_rule(firewall_rule_s *rule) @@ -1021,6 +1157,20 @@ gboolean __validate_fw_rule(firewall_rule_s *rule) return FALSE; } + if (rule->target == STC_FW_RULE_TARGET_LOG && + (rule->log_prefix == NULL || + rule->log_prefix[0] == '\0')) { + __STC_LOG_FUNC_EXIT__; + return FALSE; + } + + if (rule->target == STC_FW_RULE_TARGET_NFLOG && + (rule->nflog_prefix == NULL || + rule->nflog_prefix[0] == '\0')) { + __STC_LOG_FUNC_EXIT__; + return FALSE; + } + __STC_LOG_FUNC_EXIT__; return TRUE; } @@ -1261,7 +1411,7 @@ gboolean handle_firewall_set_chain(StcFirewall *object, STC_FIREWALL_CHECK_LOCK_STATE(invocation); if (chain == NULL || - target > STC_FW_CHAIN_TARGET_OUTPUT) { + target >= STC_FW_CHAIN_TARGET_MAX) { STC_FIREWALL_DBUS_REPLY_ERROR(invocation, STC_ERROR_INVALID_PARAMETER); __STC_LOG_FUNC_EXIT__; @@ -1297,7 +1447,6 @@ gboolean handle_firewall_set_chain(StcFirewall *object, } __fw_chain_foreach(__fw_foreach_to_set_rule_to_chain, chain); - ret = firewall_chain_set(&info); if (ret != STC_ERROR_NONE) { STC_FIREWALL_DBUS_REPLY_ERROR(invocation, ret); @@ -1570,6 +1719,7 @@ gboolean handle_firewall_get_all_rule(StcFirewall *object, builder = g_variant_builder_new(G_VARIANT_TYPE("aa{sv}")); __fw_chain_foreach(__fw_foreach_to_make_rule_param, builder); + __fw_chain_foreach(__fw_foreach_to_print_rule, NULL); return_parameters = g_variant_new("(aa{sv})", builder); g_variant_builder_unref(builder); -- 2.7.4 From bafd064cd4e4530782b5e4fd8e3f8cd6fb4a4284 Mon Sep 17 00:00:00 2001 From: Taesoo Jun Date: Thu, 19 Jul 2018 10:40:40 +0900 Subject: [PATCH 08/16] Fix local variable initialization and handle a invalid parameter Change-Id: Idc99e6b41528f0429882d2bf91e4bbe0c997b05d Signed-off-by: Taesoo Jun --- src/monitor/stc-monitor.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/src/monitor/stc-monitor.c b/src/monitor/stc-monitor.c index 5885fc9..3abebef 100755 --- a/src/monitor/stc-monitor.c +++ b/src/monitor/stc-monitor.c @@ -891,11 +891,11 @@ static void __action_when_rstn_limit_exceeded(stc_rstn_limit_type_e limit_type, classid_bytes_context_s *context) { gboolean rv; - char iftype[MAX_INT_LENGTH]; - char byte[MAX_INT_LENGTH]; - const char *signal_name; - const char *net_popup_content; - const char *net_popup_type; + char iftype[MAX_INT_LENGTH] = { 0, }; + char byte[MAX_INT_LENGTH] = { 0, }; + const char *signal_name = NULL; + const char *net_popup_content = NULL; + const char *net_popup_type = NULL; stc_s *stc = (stc_s *)stc_get_manager(); if (stc == NULL) { @@ -940,6 +940,11 @@ static void __action_when_rstn_limit_exceeded(stc_rstn_limit_type_e limit_type, break; } + if (signal_name == NULL) { + STC_LOGE("Invalid parameter: limit_type"); + return; + } + /* emit signal */ rv = stc_manager_dbus_emit_signal(stc->connection, STC_DBUS_SERVICE_RESTRICTION_PATH, -- 2.7.4 From 30c910c6469eca1fc6a1cc8db64e51df9f09dbee Mon Sep 17 00:00:00 2001 From: Taesoo Jun Date: Thu, 19 Jul 2018 10:44:58 +0900 Subject: [PATCH 09/16] Change file mode into 644 Change-Id: Ibc02513b4cca3207d3137ce88b7ffd9735439eeb Signed-off-by: Taesoo Jun --- include/stc-manager-plugin-appstatus.h | 0 include/stc-manager-plugin-procfs.h | 0 plugin/appstatus/include/stc-plugin-appstatus.h | 0 plugin/appstatus/stc-plugin-appstatus.c | 0 plugin/procfs/include/stc-plugin-procfs.h | 0 plugin/procfs/stc-plugin-procfs.c | 0 src/database/include/table-firewall.h | 0 src/database/tables/table-firewall.c | 0 src/database/tables/table-restrictions.c | 0 src/database/tables/table-statistics.c | 0 src/helper/helper-cgroup.c | 0 src/helper/helper-file.c | 0 src/helper/helper-inotify.c | 0 src/helper/helper-inotify.h | 0 src/helper/helper-net-cls.c | 0 src/helper/helper-nfacct-rule.c | 0 src/monitor/stc-monitor.c | 0 src/stc-firewall.c | 0 src/stc-manager-plugin-appstatus.c | 0 src/stc-manager-plugin-procfs.c | 0 src/stc-manager.c | 0 unittest/gdbus.cpp | 0 unittest/manager.cpp | 0 unittest/restriction.cpp | 0 unittest/statistics.cpp | 0 unittest/stcmgr.cpp | 0 unittest/unittest.cpp | 0 27 files changed, 0 insertions(+), 0 deletions(-) mode change 100755 => 100644 include/stc-manager-plugin-appstatus.h mode change 100755 => 100644 include/stc-manager-plugin-procfs.h mode change 100755 => 100644 plugin/appstatus/include/stc-plugin-appstatus.h mode change 100755 => 100644 plugin/appstatus/stc-plugin-appstatus.c mode change 100755 => 100644 plugin/procfs/include/stc-plugin-procfs.h mode change 100755 => 100644 plugin/procfs/stc-plugin-procfs.c mode change 100755 => 100644 src/database/include/table-firewall.h mode change 100755 => 100644 src/database/tables/table-firewall.c mode change 100755 => 100644 src/database/tables/table-restrictions.c mode change 100755 => 100644 src/database/tables/table-statistics.c mode change 100755 => 100644 src/helper/helper-cgroup.c mode change 100755 => 100644 src/helper/helper-file.c mode change 100755 => 100644 src/helper/helper-inotify.c mode change 100755 => 100644 src/helper/helper-inotify.h mode change 100755 => 100644 src/helper/helper-net-cls.c mode change 100755 => 100644 src/helper/helper-nfacct-rule.c mode change 100755 => 100644 src/monitor/stc-monitor.c mode change 100755 => 100644 src/stc-firewall.c mode change 100755 => 100644 src/stc-manager-plugin-appstatus.c mode change 100755 => 100644 src/stc-manager-plugin-procfs.c mode change 100755 => 100644 src/stc-manager.c mode change 100755 => 100644 unittest/gdbus.cpp mode change 100755 => 100644 unittest/manager.cpp mode change 100755 => 100644 unittest/restriction.cpp mode change 100755 => 100644 unittest/statistics.cpp mode change 100755 => 100644 unittest/stcmgr.cpp mode change 100755 => 100644 unittest/unittest.cpp diff --git a/include/stc-manager-plugin-appstatus.h b/include/stc-manager-plugin-appstatus.h old mode 100755 new mode 100644 diff --git a/include/stc-manager-plugin-procfs.h b/include/stc-manager-plugin-procfs.h old mode 100755 new mode 100644 diff --git a/plugin/appstatus/include/stc-plugin-appstatus.h b/plugin/appstatus/include/stc-plugin-appstatus.h old mode 100755 new mode 100644 diff --git a/plugin/appstatus/stc-plugin-appstatus.c b/plugin/appstatus/stc-plugin-appstatus.c old mode 100755 new mode 100644 diff --git a/plugin/procfs/include/stc-plugin-procfs.h b/plugin/procfs/include/stc-plugin-procfs.h old mode 100755 new mode 100644 diff --git a/plugin/procfs/stc-plugin-procfs.c b/plugin/procfs/stc-plugin-procfs.c old mode 100755 new mode 100644 diff --git a/src/database/include/table-firewall.h b/src/database/include/table-firewall.h old mode 100755 new mode 100644 diff --git a/src/database/tables/table-firewall.c b/src/database/tables/table-firewall.c old mode 100755 new mode 100644 diff --git a/src/database/tables/table-restrictions.c b/src/database/tables/table-restrictions.c old mode 100755 new mode 100644 diff --git a/src/database/tables/table-statistics.c b/src/database/tables/table-statistics.c old mode 100755 new mode 100644 diff --git a/src/helper/helper-cgroup.c b/src/helper/helper-cgroup.c old mode 100755 new mode 100644 diff --git a/src/helper/helper-file.c b/src/helper/helper-file.c old mode 100755 new mode 100644 diff --git a/src/helper/helper-inotify.c b/src/helper/helper-inotify.c old mode 100755 new mode 100644 diff --git a/src/helper/helper-inotify.h b/src/helper/helper-inotify.h old mode 100755 new mode 100644 diff --git a/src/helper/helper-net-cls.c b/src/helper/helper-net-cls.c old mode 100755 new mode 100644 diff --git a/src/helper/helper-nfacct-rule.c b/src/helper/helper-nfacct-rule.c old mode 100755 new mode 100644 diff --git a/src/monitor/stc-monitor.c b/src/monitor/stc-monitor.c old mode 100755 new mode 100644 diff --git a/src/stc-firewall.c b/src/stc-firewall.c old mode 100755 new mode 100644 diff --git a/src/stc-manager-plugin-appstatus.c b/src/stc-manager-plugin-appstatus.c old mode 100755 new mode 100644 diff --git a/src/stc-manager-plugin-procfs.c b/src/stc-manager-plugin-procfs.c old mode 100755 new mode 100644 diff --git a/src/stc-manager.c b/src/stc-manager.c old mode 100755 new mode 100644 diff --git a/unittest/gdbus.cpp b/unittest/gdbus.cpp old mode 100755 new mode 100644 diff --git a/unittest/manager.cpp b/unittest/manager.cpp old mode 100755 new mode 100644 diff --git a/unittest/restriction.cpp b/unittest/restriction.cpp old mode 100755 new mode 100644 diff --git a/unittest/statistics.cpp b/unittest/statistics.cpp old mode 100755 new mode 100644 diff --git a/unittest/stcmgr.cpp b/unittest/stcmgr.cpp old mode 100755 new mode 100644 diff --git a/unittest/unittest.cpp b/unittest/unittest.cpp old mode 100755 new mode 100644 -- 2.7.4 From 38f685b0bb11a77f2e485c28b6ad25b0f4c36f66 Mon Sep 17 00:00:00 2001 From: yhji Date: Tue, 24 Jul 2018 18:53:44 +0900 Subject: [PATCH 10/16] Fix Wformat build error Change-Id: I042b7e02b72dcd5b4e6e2a0d07fed3393aaad6db Signed-off-by: yhji --- src/stc-firewall.c | 4 ++-- src/stc-manager.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/stc-firewall.c b/src/stc-firewall.c index c18f5da..bec6c27 100644 --- a/src/stc-firewall.c +++ b/src/stc-firewall.c @@ -654,8 +654,8 @@ static void __fw_rule_print_rules(gpointer data, gpointer user_data) rule->d_ip_type, rule->d_ip1.Ipv4.s_addr, rule->d_ip2.Ipv4.s_addr); break; case STC_FW_FAMILY_V6: - STC_LOGD("[%d][%d][%08x:%08x:%08x:%08x][%08x:%08x:%08x:%08x]" - "[%d][%08x:%08x:%08x:%08x][%08x:%08x:%08x:%08x]", + STC_LOGD("[%d][%d][%08x:%08x:%08x:%08x]" + "[%d][%08x:%08x:%08x:%08x]", rule->family, rule->s_ip_type, rule->s_ip1.Ipv6.s6_addr32[0], rule->s_ip1.Ipv6.s6_addr32[1], diff --git a/src/stc-manager.c b/src/stc-manager.c index d83f079..f0d7e57 100644 --- a/src/stc-manager.c +++ b/src/stc-manager.c @@ -176,7 +176,7 @@ int stc_commit_iptables(char *cmd, int *err_num, char **err_str) if (pid == 0) { errno = 0; if (execv(args[0], args) == -1) { - STC_LOGE("Failed to execute [%s]", err_str); + STC_LOGE("Failed to execute [%s]", *err_str); g_strfreev(args); exit(-1); } -- 2.7.4 From 51cbe71376f0087b2fbe5049d27be1a235f08b46 Mon Sep 17 00:00:00 2001 From: hyunuktak Date: Fri, 27 Jul 2018 15:26:35 +0900 Subject: [PATCH 11/16] Checked file stat before realpath Change-Id: Iae4a7b7f97b90389a5c35ccf6144e42b3b525d02 Signed-off-by: hyunuktak --- packaging/stc-manager.spec | 2 +- src/helper/helper-file.c | 11 +++++++---- src/helper/helper-file.h | 1 + 3 files changed, 9 insertions(+), 5 deletions(-) mode change 100644 => 100755 src/helper/helper-file.c mode change 100644 => 100755 src/helper/helper-file.h diff --git a/packaging/stc-manager.spec b/packaging/stc-manager.spec index b379e73..7e20304 100644 --- a/packaging/stc-manager.spec +++ b/packaging/stc-manager.spec @@ -1,6 +1,6 @@ Name: stc-manager Summary: STC(Smart Traffic Control) manager -Version: 0.0.72 +Version: 0.0.73 Release: 0 Group: Network & Connectivity/Other License: Apache-2.0 diff --git a/src/helper/helper-file.c b/src/helper/helper-file.c old mode 100644 new mode 100755 index 636ef5d..73b93bd --- a/src/helper/helper-file.c +++ b/src/helper/helper-file.c @@ -24,14 +24,17 @@ int fwrite_str(const char *path, const char *str) _cleanup_fclose_ FILE *f = NULL; int ret; char * t; + struct stat stat_buf; assert(path); assert(str); - t = realpath(path, NULL); - ret_value_errno_msg_if(!t, -errno, - "Fail to get realpath %s", path); - free(t); + if (stat(path, &stat_buf) == 0) { + t = realpath(path, NULL); + ret_value_errno_msg_if(!t, -errno, + "Fail to get realpath %s", path); + free(t); + } f = fopen(path, "w"); ret_value_errno_msg_if(!f, -errno, diff --git a/src/helper/helper-file.h b/src/helper/helper-file.h old mode 100644 new mode 100755 index c5ff1b8..b45a668 --- a/src/helper/helper-file.h +++ b/src/helper/helper-file.h @@ -21,6 +21,7 @@ #include #include #include +#include #include "stc-manager.h" -- 2.7.4 From 9c9f59bedb5545a376b2ff86c34919095e62dd62 Mon Sep 17 00:00:00 2001 From: Taesoo Jun Date: Wed, 1 Aug 2018 18:54:47 +0900 Subject: [PATCH 12/16] Fix week_start_ts into day_start_ts Change-Id: I1906bf6fba572bec7d1a1f5c29206c4b0ee64114 Signed-off-by: Taesoo Jun --- src/monitor/stc-monitor.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/monitor/stc-monitor.c b/src/monitor/stc-monitor.c index 3abebef..2a42682 100644 --- a/src/monitor/stc-monitor.c +++ b/src/monitor/stc-monitor.c @@ -689,7 +689,7 @@ static void __process_restriction(enum traffic_restriction_type rstn_type, memset(&stat, 0, sizeof(cumulative_data_s)); stat.month_start_ts = rstn_value->month_start_ts; stat.week_start_ts = g_system->last_week_ts; - stat.week_start_ts = g_system->last_day_ts; + stat.day_start_ts = g_system->last_day_ts; memset(&rule, 0, sizeof(table_statistics_select_rule)); rule.from = rstn_value->month_start_ts; -- 2.7.4 From 5b158c5dc9ad4538d48b9571d7954b990079d7da Mon Sep 17 00:00:00 2001 From: hyunuktak Date: Fri, 17 Aug 2018 17:03:56 +0900 Subject: [PATCH 13/16] Removed emulator state check Change-Id: I829ee400b71f86ff10a8d264b5b75aae4457ceb5 Signed-off-by: hyunuktak --- packaging/stc-manager.spec | 2 +- src/monitor/include/stc-emulator.h | 25 ----------------- src/monitor/stc-emulator.c | 57 -------------------------------------- src/stc-manager.c | 16 ++++------- 4 files changed, 7 insertions(+), 93 deletions(-) delete mode 100644 src/monitor/include/stc-emulator.h delete mode 100644 src/monitor/stc-emulator.c diff --git a/packaging/stc-manager.spec b/packaging/stc-manager.spec index 7e20304..b227159 100644 --- a/packaging/stc-manager.spec +++ b/packaging/stc-manager.spec @@ -1,6 +1,6 @@ Name: stc-manager Summary: STC(Smart Traffic Control) manager -Version: 0.0.73 +Version: 0.0.74 Release: 0 Group: Network & Connectivity/Other License: Apache-2.0 diff --git a/src/monitor/include/stc-emulator.h b/src/monitor/include/stc-emulator.h deleted file mode 100644 index 8e06f7c..0000000 --- a/src/monitor/include/stc-emulator.h +++ /dev/null @@ -1,25 +0,0 @@ -/* - * Copyright (c) 2016 Samsung Electronics Co., Ltd. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef __STC_EMULATOR_H__ -#define __STC_EMULATOR_H__ - -#include - -gboolean stc_emulator_is_emulated(void); -void stc_emulator_check_environment(void); - -#endif /* __STC_EMULATOR_H__ */ diff --git a/src/monitor/stc-emulator.c b/src/monitor/stc-emulator.c deleted file mode 100644 index 6ccbe4f..0000000 --- a/src/monitor/stc-emulator.c +++ /dev/null @@ -1,57 +0,0 @@ -/* - * Copyright (c) 2016 Samsung Electronics Co., Ltd. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include -#include - -#include "stc-emulator.h" -#include "stc-manager-util.h" - -static gboolean stc_is_emulated = FALSE; - -static gboolean __stc_emulator_check_env(void) -{ - int ret; - char *model = NULL; - - ret = system_info_get_platform_string("tizen.org/system/model_name", &model); - if (ret != SYSTEM_INFO_ERROR_NONE) { - STC_LOGE("Failed to get system information(%d)", ret); //LCOV_EXCL_LINE - return FALSE; //LCOV_EXCL_LINE - } - - if (model && strncmp(model, "Emulator", strlen("Emulator")) == 0) { - g_free(model); //LCOV_EXCL_LINE - return TRUE; //LCOV_EXCL_LINE - } - - g_free(model); //LCOV_EXCL_LINE - return FALSE; //LCOV_EXCL_LINE -} - -gboolean stc_emulator_is_emulated(void) -{ - return stc_is_emulated; -} - -void stc_emulator_check_environment(void) -{ - stc_is_emulated = __stc_emulator_check_env(); - - STC_LOGD("Emulation environment : %s", - stc_is_emulated ? "It's emulated" : "Not emulated"); -} - diff --git a/src/stc-manager.c b/src/stc-manager.c index f0d7e57..436ee29 100644 --- a/src/stc-manager.c +++ b/src/stc-manager.c @@ -18,7 +18,6 @@ #include #include #include "stc-manager.h" -#include "stc-emulator.h" #include "stc-manager-gdbus.h" #include "stc-db.h" #include "counter.h" @@ -236,13 +235,11 @@ gint32 main(gint32 argc, gchar *argv[]) /* Crate the GLIB main loop */ main_loop = g_main_loop_new(NULL, FALSE); - stc_emulator_check_environment(); - if (stc_emulator_is_emulated() == FALSE) { - g_stc = __stc_manager_init(); - if (!g_stc) - goto fail; - g_stc->main_loop = main_loop; - } + g_stc = __stc_manager_init(); + if (!g_stc) + goto fail; + + g_stc->main_loop = main_loop; /* Run the main loop */ g_main_loop_run(main_loop); @@ -250,8 +247,7 @@ gint32 main(gint32 argc, gchar *argv[]) ret = 0; fail: - if (stc_emulator_is_emulated() == FALSE) - __stc_manager_deinit(); + __stc_manager_deinit(); if (main_loop) g_main_loop_unref(main_loop); -- 2.7.4 From ec67a82d1fd89d965b109b06554f5d162e67f60c Mon Sep 17 00:00:00 2001 From: Nishant Chaprana Date: Thu, 2 Aug 2018 12:58:01 +0530 Subject: [PATCH 14/16] Removed redundant NULL check Change-Id: Id29b2b3473715d454496c860b46f13ef3070ce0e Signed-off-by: Nishant Chaprana --- src/stc-manager-gdbus.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/stc-manager-gdbus.c b/src/stc-manager-gdbus.c index 672909b..2e5803c 100644 --- a/src/stc-manager-gdbus.c +++ b/src/stc-manager-gdbus.c @@ -458,7 +458,7 @@ void stc_manager_gdbus_dict_foreach(GVariantIter *iter, dbus_dict_cb cb, while (g_variant_iter_loop(iter, "{sv}", &key, &value)) { /* DEBUG_GDBUS_KEY_VALUE(key, value); */ - if (key && cb) + if (key) cb(key, value, user_data); } -- 2.7.4 From 5cbfb23b9a29e26b618f72f9f81b1e16faffb783 Mon Sep 17 00:00:00 2001 From: hyunuktak Date: Wed, 22 Aug 2018 14:07:57 +0900 Subject: [PATCH 15/16] Added new vconf key for VCONFKEY_SETAPPL_DATA_RESTRICTION_INT Change-Id: I1d869718893ada6c6b2b6ff979b1460672b34524 Signed-off-by: hyunuktak --- src/monitor/include/stc-monitor.h | 5 +++ src/monitor/stc-monitor.c | 82 ++++++++++++++++++++++++++------------- 2 files changed, 60 insertions(+), 27 deletions(-) mode change 100644 => 100755 src/monitor/include/stc-monitor.h mode change 100644 => 100755 src/monitor/stc-monitor.c diff --git a/src/monitor/include/stc-monitor.h b/src/monitor/include/stc-monitor.h old mode 100644 new mode 100755 index 3414c06..0977eba --- a/src/monitor/include/stc-monitor.h +++ b/src/monitor/include/stc-monitor.h @@ -40,6 +40,11 @@ typedef enum { STC_RSTN_LIMIT_TYPE_MAX } stc_rstn_limit_type_e; +typedef enum { + STC_RSTN_STATE_INIT = -1, + STC_RSTN_STATE_UNSET, + STC_RSTN_STATE_SET, +} stc_rstn_noti_state_e; /** * @brief key for processes tree diff --git a/src/monitor/stc-monitor.c b/src/monitor/stc-monitor.c old mode 100644 new mode 100755 index 2a42682..694bf5c --- a/src/monitor/stc-monitor.c +++ b/src/monitor/stc-monitor.c @@ -34,7 +34,14 @@ #define GRANULARITY 10 #define MAX_INT_LENGTH 128 + +#ifndef VCONFKEY_STC_BACKGROUND_STATE #define VCONFKEY_STC_BACKGROUND_STATE "db/stc/background_state" +#endif + +#ifndef VCONFKEY_SETAPPL_DATA_RESTRICTION_INT +#define VCONFKEY_SETAPPL_DATA_RESTRICTION_INT "db/setting/data_restriction" +#endif typedef struct { time_t now; @@ -58,6 +65,34 @@ typedef struct { static stc_system_s *g_system = NULL; +//LCOV_EXCL_START +static int __vconf_get_int(const char *key, int *value) +{ + int ret = 0; + + ret = vconf_get_int(key, value); + if (ret != VCONF_OK) { + STC_LOGE("Failed to get vconfkey [%s] value", key); //LCOV_EXCL_LINE + return -1; //LCOV_EXCL_LINE + } + + return 0; +} + +static int __vconf_set_int(const char *key, int value) +{ + int ret = 0; + + ret = vconf_set_int(key, value); + if (ret != VCONF_OK) { + STC_LOGE("Failed to set vconfkey [%s] value", key); //LCOV_EXCL_LINE + return -1; //LCOV_EXCL_LINE + } + + return 0; +} +//LCOV_EXCL_STOP + static nfacct_rule_jump __get_jump_by_intend(struct nfacct_rule *counter) { if (counter->intend == NFACCT_WARN) @@ -608,6 +643,22 @@ static void __del_iptables_rule(int64_t classid, nfacct_rule_intend intend, __del_ip6tables_out(&counter); } +static void __set_rstn_noti_state(int value) +{ + int state = STC_RSTN_STATE_INIT; + + if (__vconf_get_int(VCONFKEY_SETAPPL_DATA_RESTRICTION_INT, &state)) + return; + + if (state == value) { + STC_LOGI("No need to change a restriction status: %d", state); + return; + } + + vconf_set_int(VCONFKEY_SETAPPL_DATA_RESTRICTION_INT, value); + return; +} + typedef struct { time_t month_start_ts; time_t week_start_ts; @@ -753,6 +804,8 @@ static void __process_restriction(enum traffic_restriction_type rstn_type, for (i = 0; i < STC_RSTN_LIMIT_TYPE_MAX; i++) if (rstn_value->limit[i] >= 0) rstn_value->counter[i] = 0; + + __set_rstn_noti_state(STC_RSTN_STATE_UNSET); } break; default: @@ -934,6 +987,8 @@ static void __action_when_rstn_limit_exceeded(stc_rstn_limit_type_e limit_type, context->counter->intend = NFACCT_COUNTER; rstn_value->limit_exceeded |= (1 << limit_type); + + __set_rstn_noti_state(STC_RSTN_STATE_SET); } break; default: @@ -1864,33 +1919,6 @@ static void __add_application_by_interface(const char *app_id) FREE(app_key.app_id); } -static int __vconf_get_int(const char *key, int *value) -{ - int ret = 0; - - ret = vconf_get_int(key, value); - if (ret != VCONF_OK) { - STC_LOGE("Failed to get vconfkey [%s] value", key); //LCOV_EXCL_LINE - return -1; //LCOV_EXCL_LINE - } - - return 0; -} - -//LCOV_EXCL_START -static int __vconf_set_int(const char *key, int value) -{ - int ret = 0; - - ret = vconf_set_int(key, value); - if (ret != VCONF_OK) { - STC_LOGE("Failed to set vconfkey [%s] value", key); //LCOV_EXCL_LINE - return -1; //LCOV_EXCL_LINE - } - - return 0; -} - static guint __get_background_state(void) { return g_system->background_state;; -- 2.7.4 From 6b6c8c8d2a7e95589fd3e2731ff0dd5d58bccf6a Mon Sep 17 00:00:00 2001 From: hyunuktak Date: Wed, 22 Aug 2018 18:26:19 +0900 Subject: [PATCH 16/16] Removed flag for TIZEN_DEBUG_ENABLE Change-Id: I5589bc07ded2abe496bf8fdfdc10bcc82145e0a1 Signed-off-by: hyunuktak --- packaging/stc-manager.spec | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/packaging/stc-manager.spec b/packaging/stc-manager.spec index b227159..295754d 100644 --- a/packaging/stc-manager.spec +++ b/packaging/stc-manager.spec @@ -63,9 +63,8 @@ chmod 644 %{SOURCE0} %build -export CFLAGS="$CFLAGS -DTIZEN_DEBUG_ENABLE -D_GNU_SOURCE" -export CXXFLAGS="$CXXFLAGS -DTIZEN_DEBUG_ENABLE -D_GNU_SOURCE" -export FFLAGS="$FFLAGS -DTIZEN_DEBUG_ENABLE" +export CFLAGS="$CFLAGS -D_GNU_SOURCE" +export CXXFLAGS="$CXXFLAGS -D_GNU_SOURCE" %cmake . -DCMAKE_INSTALL_PREFIX=%{_prefix} \ -DBIN_DIR=%{_bindir} \ -- 2.7.4