nm_firewall_manager_remove_from_zone() is called from nm_device_deactivate()
Also fix nm_firewall_manager_add_to_zone() to the latest FirewallD1.zone.addInterface signature. --- src/firewall-manager/nm-firewall-manager.c | 78 +++++++++++++++++++++++----- src/firewall-manager/nm-firewall-manager.h | 5 ++- src/nm-device.c | 10 +++- 3 files changed, 77 insertions(+), 16 deletions(-) diff --git a/src/firewall-manager/nm-firewall-manager.c b/src/firewall-manager/nm-firewall-manager.c index f20227e..b2fd1ce 100644 --- a/src/firewall-manager/nm-firewall-manager.c +++ b/src/firewall-manager/nm-firewall-manager.c @@ -25,7 +25,6 @@ #include "nm-firewall-manager.h" #include "nm-dbus-manager.h" #include "nm-logging.h" -#include "nm-dbus-glib-types.h" #define NM_FIREWALL_MANAGER_GET_PRIVATE(o) (G_TYPE_INSTANCE_GET_PRIVATE ((o), \ NM_TYPE_FIREWALL_MANAGER, \ @@ -55,10 +54,10 @@ typedef struct { FwAddToZoneFunc callback; gpointer user_data1; gpointer user_data2; -} AddInfo; +} CBInfo; static void -add_info_free (AddInfo *info) +cb_info_free (CBInfo *info) { g_return_if_fail (info != NULL); g_free (info->iface); @@ -68,16 +67,21 @@ add_info_free (AddInfo *info) static void add_cb (DBusGProxy *proxy, DBusGProxyCall *call_id, gpointer user_data) { - AddInfo *info = user_data; + CBInfo *info = user_data; GError *error = NULL; + char * zone = NULL; - if (!dbus_g_proxy_end_call (proxy, call_id, &error, G_TYPE_INVALID)) { + if (!dbus_g_proxy_end_call (proxy, call_id, &error, + G_TYPE_STRING, &zone, + G_TYPE_INVALID)) { g_assert (error); - nm_log_warn (LOGD_FIREWALL, "(%s) firewall zone change failed: (%d) %s", + nm_log_warn (LOGD_FIREWALL, "(%s) firewall zone add failed: (%d) %s", info->iface, error->code, error->message); } info->callback (error, info->user_data1, info->user_data2); + + g_free (zone); g_clear_error (&error); } @@ -90,10 +94,10 @@ nm_firewall_manager_add_to_zone (NMFirewallManager *self, gpointer user_data2) { NMFirewallManagerPrivate *priv = NM_FIREWALL_MANAGER_GET_PRIVATE (self); - AddInfo *info; + CBInfo *info; if (priv->running == FALSE) { - nm_log_dbg (LOGD_FIREWALL, "(%s) firewall zone change skipped (not running)", iface); + nm_log_dbg (LOGD_FIREWALL, "(%s) firewall zone add skipped (not running)", iface); callback (NULL, user_data1, user_data2); return NULL; } @@ -104,20 +108,66 @@ nm_firewall_manager_add_to_zone (NMFirewallManager *self, info->user_data1 = user_data1; info->user_data2 = user_data2; - nm_log_dbg (LOGD_FIREWALL, "(%s) firewall zone change -> %s", iface, zone ); + nm_log_dbg (LOGD_FIREWALL, "(%s) firewall zone add -> %s", iface, zone ); return dbus_g_proxy_begin_call_with_timeout (priv->proxy, - "AddInterface", + "addInterface", add_cb, info, - (GDestroyNotify) add_info_free, + (GDestroyNotify) cb_info_free, 10000, /* timeout */ + G_TYPE_STRING, zone ? zone : "", G_TYPE_STRING, iface, + G_TYPE_INVALID); +} + +static void +remove_cb (DBusGProxy *proxy, DBusGProxyCall *call_id, gpointer user_data) +{ + CBInfo *info = user_data; + GError *error = NULL; + char * zone = NULL; + + if (!dbus_g_proxy_end_call (proxy, call_id, &error, + G_TYPE_STRING, &zone, + G_TYPE_INVALID)) { + g_assert (error); + nm_log_warn (LOGD_FIREWALL, "(%s) firewall zone remove failed: (%d) %s", + info->iface, error->code, error->message); + } + + g_free (zone); + g_clear_error (&error); +} + +gpointer +nm_firewall_manager_remove_from_zone (NMFirewallManager *self, + const char *iface, + const char *zone) +{ + NMFirewallManagerPrivate *priv = NM_FIREWALL_MANAGER_GET_PRIVATE (self); + CBInfo *info; + + if (priv->running == FALSE) { + nm_log_dbg (LOGD_FIREWALL, "(%s) firewall zone remove skipped (not running)", iface); + return NULL; + } + + info = g_malloc0 (sizeof (*info)); + info->iface = g_strdup (iface); + + nm_log_dbg (LOGD_FIREWALL, "(%s) firewall zone remove -> %s", iface, zone ); + return dbus_g_proxy_begin_call_with_timeout (priv->proxy, + "removeInterface", + remove_cb, + info, + (GDestroyNotify) cb_info_free, + 10000, /* timeout */ G_TYPE_STRING, zone ? zone : "", - DBUS_TYPE_G_MAP_OF_VARIANT, NULL, /* a{sv}:options */ + G_TYPE_STRING, iface, G_TYPE_INVALID); } -void nm_firewall_manager_cancel_add (NMFirewallManager *self, gpointer call) +void nm_firewall_manager_cancel_call (NMFirewallManager *self, gpointer call) { g_return_if_fail (self != NULL); g_return_if_fail (NM_IS_FIREWALL_MANAGER (self)); @@ -188,7 +238,7 @@ nm_firewall_manager_init (NMFirewallManager * self) G_CALLBACK (name_owner_changed), self); priv->running = nm_dbus_manager_name_has_owner (priv->dbus_mgr, FIREWALL_DBUS_SERVICE); - nm_log_dbg (LOGD_FIREWALL, "firewall is %s running", priv->running ? "" : "not" ); + nm_log_dbg (LOGD_FIREWALL, "firewall %s running", priv->running ? "is" : "is not" ); bus = nm_dbus_manager_get_connection (priv->dbus_mgr); priv->proxy = dbus_g_proxy_new_for_name (bus, diff --git a/src/firewall-manager/nm-firewall-manager.h b/src/firewall-manager/nm-firewall-manager.h index cfcca01..ac20941 100644 --- a/src/firewall-manager/nm-firewall-manager.h +++ b/src/firewall-manager/nm-firewall-manager.h @@ -63,7 +63,10 @@ gpointer nm_firewall_manager_add_to_zone (NMFirewallManager *mgr, FwAddToZoneFunc callback, gpointer user_data1, gpointer user_data2); +gpointer nm_firewall_manager_remove_from_zone (NMFirewallManager *mgr, + const char *iface, + const char *zone); -void nm_firewall_manager_cancel_add (NMFirewallManager *mgr, gpointer fw_call); +void nm_firewall_manager_cancel_call (NMFirewallManager *mgr, gpointer fw_call); #endif /* NM_FIREWALL_MANAGER_H */ diff --git a/src/nm-device.c b/src/nm-device.c index 8042fb0..8413058 100644 --- a/src/nm-device.c +++ b/src/nm-device.c @@ -3012,6 +3012,8 @@ nm_device_deactivate (NMDevice *self, NMDeviceStateReason reason) NMDevicePrivate *priv; NMDeviceStateReason ignored = NM_DEVICE_STATE_REASON_NONE; NMDevice *master; + NMConnection *connection = NULL; + NMSettingConnection *s_con = NULL; gboolean tried_ipv6 = FALSE; int ifindex, family; @@ -3028,9 +3030,15 @@ nm_device_deactivate (NMDevice *self, NMDeviceStateReason reason) /* Clean up when device was deactivated during call to firewall */ if (priv->fw_call) { - nm_firewall_manager_cancel_add (priv->fw_manager, priv->fw_call); + nm_firewall_manager_cancel_call (priv->fw_manager, priv->fw_call); priv->fw_call = NULL; } + connection = nm_device_get_connection (self); + g_assert (connection); + s_con = nm_connection_get_setting_connection (connection); + nm_firewall_manager_remove_from_zone (priv->fw_manager, + nm_device_get_ip_iface (self), + nm_setting_connection_get_zone (s_con)); /* Break the activation chain */ activation_source_clear (self, TRUE, AF_INET); -- 1.7.7.6 _______________________________________________ networkmanager-list mailing list networkmanager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list