[PATCH v1 0/4] Session: per application routing

Mon, 27 Jul 2015 23:58:44 -0700 

Changelog:

v1
 - Typo fixed in commit messages
 - Refactored the firewall patch a bit more. All redudent
   list iterations are gone.

v0
 - initial version

Original cover letter:

Gianfranco reported that Session per application routing doesn't
work. As it turns out this never really worked. I wounder how I tested
this :)

Anyway. the fix is pretty simple. We need to add an additional
iptables rule. Obviously, this is not so simple as one might think
with iptables:

PATCH 01/04: session_policy_local: Set defaults when using policy file

      This is just something I run into when setting the tests up.
      With setting defaults it is less likely people invest time
      to figure out what is not correct.

PATCH 02/04: iptables: Add basic --protocol parser support

      The SNAT module parser crashes if we don't pass in a valid
      ipt_entry to derefernce. It wants to know which protocol
      we are going to use.

PATCH 03/04: firewall: Add support for single rule add/remove operations

      This makes a bit simpler in the session code. Up to now we installed
      all rules at session creation and we didn't need to touch them
      till we destroyed the session. Though with SNAT we need to update
      them during runtime. With this API we simplify the code in session.c

PATCH 04/04: session: Add SNAT rules per session

      Here is the magic which fixes the problem. Install a SNAT rule
      and update it whenever we change something in the session, e.g.
      changing the bearer.

This stuff works now on my system. Please give it a try and report
back any problems you find.

cheers,
daniel

Cc: Gianfranco Casanova <gianfranco.casan...@gmail.com>

Daniel Wagner (4):
  session_policy_local: Set defaults when using policy file
  iptables: Add basic --protocol parser support
  firewall: Add support for single rule add/remove operations
  session: Add SNAT rules per session

 plugins/session_policy_local.c |   2 +-
 src/connman.h                  |   3 +
 src/firewall.c                 | 152 +++++++++++++++++++++++++++++++----------
 src/iptables.c                 |  14 +++-
 src/session.c                  |  65 ++++++++++++++++++
 tools/iptables-unit.c          |  39 +++++++++--
 6 files changed, 230 insertions(+), 45 deletions(-)

-- 
2.4.3

_______________________________________________
connman mailing list
connman@connman.net
https://lists.connman.net/mailman/listinfo/connman

Reply via email to