[PATCH] neard: Use -1 instead of DBUS_TIMEOUT_USE_DEFAULT for compatibility reason

2013-02-27 Thread Tomasz Bursztyka
DBUS_TIMEOUT_USE_DEFAULT appeared only in dbus-1.4.12, but earlier version is still in use in some distribution like Fedora 17. --- plugins/neard.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/neard.c b/plugins/neard.c index 145ab9e..30ad49a 100644 --- a/plugins/nea

Re: [PATCH v2 0/6] Neard plugin

2013-02-27 Thread Patrik Flykt
On Wed, 2013-02-27 at 00:41 +, Zheng, Jeff wrote: > So how to test neard plugin? Ideally install neard using a recent enough kernel and a supported NFC hardware. Then touch a NFC enabled access point. When you learn which access points are working according to specifications, remember to tell

[PATCH v2] neard: Use a timeout instead of DBUS_TIMEOUT_USE_DEFAULT for compatibility reason

2013-02-27 Thread Tomasz Bursztyka
DBUS_TIMEOUT_USE_DEFAULT appeared only in dbus-1.4.12, but earlier version is still in use in some distribution like Fedora 17. --- plugins/neard.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/plugins/neard.c b/plugins/neard.c index 145ab9e..85cf06b 100644 --- a/plugins/

Re: [PATCH v2] neard: Use a timeout instead of DBUS_TIMEOUT_USE_DEFAULT for compatibility reason

2013-02-27 Thread Patrik Flykt
On Wed, 2013-02-27 at 11:17 +0200, Tomasz Bursztyka wrote: > DBUS_TIMEOUT_USE_DEFAULT appeared only in dbus-1.4.12, but earlier version is > still > in use in some distribution like Fedora 17. Applied, thanks! Patrik ___ connman mailing list c

[PATCH v0 01/16] iptables: Refactor pre_load_table()

2013-02-27 Thread Daniel Wagner
From: Daniel Wagner Rename pre_load_table() to get_table() which describes it a bit better. Let's use the hash table to lookup if the table is already loaded. Since this function creates and looksup the table we should also store the newly created table into the hash in this function. --- src/ip

[PATCH v0 00/16] Managed iptables API

2013-02-27 Thread Daniel Wagner
From: Daniel Wagner Hi, This series starts with a few fixes for pretty nasty bugs which are hiddin in the iptables code. The mrore interesting part is the managed iptables API. This API will insert custom rules for the builtin chains. So if you want to add something like this: iptables -t f

[PATCH v0 02/16] iptables: Pass in xtables data structures to test functions

2013-02-27 Thread Daniel Wagner
From: Daniel Wagner Do not pass in our own meta data structure because we need these function also when testing the plain table where we do not have our own meta data structure available. --- src/iptables.c | 21 + 1 file changed, 9 insertions(+), 12 deletions(-) diff --git

[PATCH v0 03/16] iptables: Add helper function to retrieve chain name

2013-02-27 Thread Daniel Wagner
From: Daniel Wagner --- src/iptables.c | 22 +- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/src/iptables.c b/src/iptables.c index dc0088c..dd06ba6 100644 --- a/src/iptables.c +++ b/src/iptables.c @@ -321,6 +321,21 @@ static gboolean is_chain(int builtin, st

[PATCH v0 04/16] iptables: Fix is_fallthrough() check

2013-02-27 Thread Daniel Wagner
From: Daniel Wagner A fallthrough rule is one which has the default target name, does not have a verdict and is not a jump rule. is_fallthrough() is called excluslive from the insert path, thus the value of verdict will be 0 for a fallthrough rule. --- src/iptables.c | 8 ++-- 1 file change

[PATCH v0 05/16] iptables: Fix and refactor iterate_entries()

2013-02-27 Thread Daniel Wagner
From: Daniel Wagner Updating the builtin and hook index is more complex then one would expect. In order to be able to update them correctly we need also to pass in the underflow table to the iterate function. To improve the readability the valid_hook magic has been moved into next_hook_entry_inde

[PATCH v0 06/16] iptables: Do not flush in the wrong order

2013-02-27 Thread Daniel Wagner
From: Daniel Wagner --- src/iptables.c | 8 1 file changed, 8 insertions(+) diff --git a/src/iptables.c b/src/iptables.c index df0a625..ace9798 100644 --- a/src/iptables.c +++ b/src/iptables.c @@ -2325,6 +2325,14 @@ void flush_table(const char *name) table->blob

[PATCH v0 07/16] iptables: Print xtables version code only once

2013-02-27 Thread Daniel Wagner
From: Daniel Wagner --- src/iptables.c | 28 +++- 1 file changed, 19 insertions(+), 9 deletions(-) diff --git a/src/iptables.c b/src/iptables.c index ace9798..68dfa3b 100644 --- a/src/iptables.c +++ b/src/iptables.c @@ -1744,8 +1744,6 @@ static int parse_xt_modules(int c

[PATCH v0 08/16] iptables: Improve debug log output

2013-02-27 Thread Daniel Wagner
From: Daniel Wagner We need to see a bit more in detail what happens when CONNMAN_IPTABLES_DEBUG is not set, for example the removing/flushing during bootup. --- src/iptables.c | 18 -- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/src/iptables.c b/src/iptables.c

[PATCH v0 09/16] iptables: Avoid inline ifdef by refactoring option table update

2013-02-27 Thread Daniel Wagner
From: Daniel Wagner --- src/iptables.c | 100 - 1 file changed, 64 insertions(+), 36 deletions(-) diff --git a/src/iptables.c b/src/iptables.c index 9ead090..2489552 100644 --- a/src/iptables.c +++ b/src/iptables.c @@ -1511,6 +1511,68 @@ s

[PATCH v0 10/16] iptables: Always update options table

2013-02-27 Thread Daniel Wagner
From: Daniel Wagner The linked list is tracking all loading modules. Since we do not unload once they are loaded (xtables does not support this), we might up leaving prepare_matches() before we update the option table. Since we carefully reset the global xtable state after executing one rule, thi

[PATCH v0 11/16] iptables: Add managed append/delete functions

2013-02-27 Thread Daniel Wagner
From: Daniel Wagner Instead directly modifying the builtin chains, we would like to have an indirection. So any append/delete operation on pre/in/fwd/out/post chain will be done on a ConnMan managed custom chain. For this we introduce here 'managed' operation which will do the additional custom c

[PATCH v0 12/16] test-iptables: Add tests for the managed API

2013-02-27 Thread Daniel Wagner
From: Daniel Wagner --- unit/test-iptables.c | 20 1 file changed, 20 insertions(+) diff --git a/unit/test-iptables.c b/unit/test-iptables.c index 52aa919..203e39a 100644 --- a/unit/test-iptables.c +++ b/unit/test-iptables.c @@ -221,6 +221,25 @@ static void test_iptables_ta

[PATCH v0 13/16] iptables: Flush connman chains

2013-02-27 Thread Daniel Wagner
From: Daniel Wagner Flush only ConnMan's own rules and chains. The chains naming pattern is "connman-[CHAIN NAME]". That makes it simple to find again. --- src/iptables.c | 97 +++--- 1 file changed, 92 insertions(+), 5 deletions(-) diff --git

[PATCH v0 14/16] iptables: Add managed infrastructure

2013-02-27 Thread Daniel Wagner
From: Daniel Wagner The idea is that each rule added or removed is tracked. For example if for the first time a rule is added to the table filter chain OUTPUT we track this. When we need to create a new chain then we need to create the connman-CHAIN chain. When removing we need to remove connman

[PATCH v0 15/16] iptables: Add managed chain

2013-02-27 Thread Daniel Wagner
From: Daniel Wagner --- src/iptables.c | 62 +- 1 file changed, 57 insertions(+), 5 deletions(-) diff --git a/src/iptables.c b/src/iptables.c index 5fdf697..ea6c690 100644 --- a/src/iptables.c +++ b/src/iptables.c @@ -2347,17 +2347,62 @@ o

[PATCH v0 16/16] nat: Use managed iptables API

2013-02-27 Thread Daniel Wagner
From: Daniel Wagner --- src/nat.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/nat.c b/src/nat.c index 5447eb7..e30101b 100644 --- a/src/nat.c +++ b/src/nat.c @@ -73,7 +73,7 @@ static int enable_nat(struct connman_nat *nat) n

[PATCH v2 00/20] Add UID support to session policies

2013-02-27 Thread Daniel Wagner
From: Daniel Wagner This version is more or less the same as v1. A few small bug fixes and GID support added. Rebased to '[PATCH v0 00/16] Managed iptables API' cheers, daniel original cover letter: here is the initial series to allow UID matching on policy files. The first part of the ser

[PATCH v2 01/20] session_policy_local: Refactor SELinux context parser

2013-02-27 Thread Daniel Wagner
From: Daniel Wagner selinux_context_reply() should handle the 'type' conversion of data it gets from D-Bus. --- plugins/session_policy_local.c | 30 +++--- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/plugins/session_policy_local.c b/plugins/session_pol

[PATCH v2 02/20] session: Do not fail when creating default policy configuration

2013-02-27 Thread Daniel Wagner
From: Daniel Wagner Do not handle the small alloc failures because glib will abort when memory is tight anyway. --- include/session.h | 2 +- plugins/session_policy_local.c | 13 + src/session.c | 16 +++- 3 files changed, 5 insertions(+), 2

[PATCH v2 03/20] session_policy_local: Do not handle small allocation

2013-02-27 Thread Daniel Wagner
From: Daniel Wagner Let's remove the small allocations error path because glib will abort on memory exhausting anyway. Basically we remove dead code. --- plugins/session_policy_local.c | 39 --- 1 file changed, 4 insertions(+), 35 deletions(-) diff --git a/pl

[PATCH v2 04/20] session_policy_local: Track policy data structure in a separate list

2013-02-27 Thread Daniel Wagner
From: Daniel Wagner We want to make the lifetime of the policy data structure independent of the policy_hash table. --- plugins/session_policy_local.c | 13 +++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/plugins/session_policy_local.c b/plugins/session_policy_local.

[PATCH v2 05/20] session_policy_local: Print warning if loading of policy fails

2013-02-27 Thread Daniel Wagner
From: Daniel Wagner Also continue reading the rest of the policy files when starting up. This makes the startup behavior consistent with the runtime behavior. --- plugins/session_policy_local.c | 25 +++-- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/plugin

[PATCH v2 06/20] session_policy_local: Use policy_hash only to track the policy files

2013-02-27 Thread Daniel Wagner
From: Daniel Wagner Let's move the owner ship to the policy_list. The policy_hash is only used to lookup the policy data structure. This patch removes the requirement that the 'ident' is key to lookup the policy data. Now we are able to define set of rules how we want associate the file with a s

[PATCH v2 07/20] session_policy_local: Load policy from file

2013-02-27 Thread Daniel Wagner
From: Daniel Wagner We forgot to load the configuration when a new file is added during runtime. --- plugins/session_policy_local.c | 8 1 file changed, 8 insertions(+) diff --git a/plugins/session_policy_local.c b/plugins/session_policy_local.c index acfff4f..5c5a790 100644 --- a/plug

[PATCH v2 08/20] session_policy_local: Rename policy_hash to file_hash

2013-02-27 Thread Daniel Wagner
From: Daniel Wagner Which reflects the new usage of the hash much better. --- plugins/session_policy_local.c | 20 ++-- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/plugins/session_policy_local.c b/plugins/session_policy_local.c index 5c5a790..d850a6a 100644 --

[PATCH v2 09/20] session_policy_local: Rename ident to filename

2013-02-27 Thread Daniel Wagner
From: Daniel Wagner ident is not shared anymore between the session policy and the file policy. Let's make this clear be renaming this member. --- plugins/session_policy_local.c | 44 +- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/plugi

[PATCH v2 10/20] session_policy_local: Split LSM context ident from filename

2013-02-27 Thread Daniel Wagner
From: Daniel Wagner Separate the id which associates the file and the session. find_policy_by_file() and find_policy_by_lsm() contain the logic which associates the configuration file with a session. --- plugins/session_policy_local.c | 66 -- 1 file chang

[PATCH v2 11/20] test-session: Add unit test for session_policy_local

2013-02-27 Thread Daniel Wagner
From: Daniel Wagner Use the UID as identification. --- unit/test-session.c | 156 1 file changed, 156 insertions(+) diff --git a/unit/test-session.c b/unit/test-session.c index d6da8d7..4041e88 100644 --- a/unit/test-session.c +++ b/unit/test

[PATCH v2 12/20] connman: Add callback helpers

2013-02-27 Thread Daniel Wagner
From: Daniel Wagner There is a common pattern when writing a callback function. Let's add a few helper for this. This is shamelessly stolen from oFono. --- include/types.h | 19 +++ 1 file changed, 19 insertions(+) diff --git a/include/types.h b/include/types.h index 0f671ec..0

[PATCH v2 13/20] session: Add "_t" postfix to callback typedef

2013-02-27 Thread Daniel Wagner
From: Daniel Wagner Be more consistent with the rest. Also shorten the a bit to verbose name of the callback function. --- include/session.h | 8 plugins/session_policy_local.c | 8 src/session.c | 10 +- 3 files changed, 13 insertions(+)

[PATCH v2 14/20] session_policy_local: Use callback helpers

2013-02-27 Thread Daniel Wagner
From: Daniel Wagner Use the generic callback helpers to encapsulate struct create_data. In a later patch we will add some more data elemets to struct create_data. That is the reason why it is not remove here. --- plugins/session_policy_local.c | 16 +--- 1 file changed, 9 insertions(

[PATCH v2 15/20] dbus: Use callback helpers

2013-02-27 Thread Daniel Wagner
From: Daniel Wagner Use the global callback helpers instead using the local version. --- include/dbus.h | 7 --- plugins/session_policy_local.c | 10 +- src/dbus.c | 30 +++--- 3 files changed, 16 insertions(+), 31 deletion

[PATCH v2 16/20] dbus: Add connman_dbus_get_connnection_unix_user()

2013-02-27 Thread Daniel Wagner
From: Daniel Wagner --- include/dbus.h | 9 +++ src/dbus.c | 83 ++ 2 files changed, 92 insertions(+) diff --git a/include/dbus.h b/include/dbus.h index 07b44ab..cb4d34c 100644 --- a/include/dbus.h +++ b/include/dbus.h @@ -171,6 +

[PATCH v2 17/20] session_policy_local: Retrieve UID/GID from session user

2013-02-27 Thread Daniel Wagner
From: Daniel Wagner When the session core ask to create a configuration, then we first ask the D-Bus server which UID/GID the session belongs to. If possible we also ask for the SELinux context. Then we try to figure out which file containts the configuration for SElinux, UID or GID identificatio

[PATCH v2 18/20] session_policy_local: Add some more debug infos

2013-02-27 Thread Daniel Wagner
From: Daniel Wagner --- plugins/session_policy_local.c | 24 ++-- 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/plugins/session_policy_local.c b/plugins/session_policy_local.c index 0279863..60c3625 100644 --- a/plugins/session_policy_local.c +++ b/plugins/se

[PATCH v2 20/20] session: Reorder shutdown sequence

2013-02-27 Thread Daniel Wagner
From: Daniel Wagner The core wants to call the destroy function from the plugin. Therefore we need to move __connman_session_cleanup() before the __connman_plugin_cleanup(). We also need to take care not to access the session_hash in remove_policy() function since that table has already been dest

[PATCH v2 19/20] session_policy_local: Do not free policy on load error

2013-02-27 Thread Daniel Wagner
From: Daniel Wagner When we open the policy file and try to parse we might run into an error. Instead of freeing the policy we just need to reset it to the defaults and then try to apply the new settings. We should reallyt not unref the policy on the error case because the policy lifetime is atta

[RFC v1 00/16] Session API: Per App Routing and Statistic

2013-02-27 Thread Daniel Wagner
From: Daniel Wagner Hi, This version contains only a few bug fixes. The last patch definitly needs to be splittet. But the very good news is, this really works! This version is onto of '[RFC v1 01/16] session: Handle empty policy correctly' cheers, daniel original cover letter: here is my

[RFC v1 01/16] session: Handle empty policy correctly

2013-02-27 Thread Daniel Wagner
From: Daniel Wagner If no there is no policy ('AllowedBearers=') then is means nothing should match. --- src/session.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/session.c b/src/session.c index ce7aa18..a9720f3 100644 --- a/src/session.c +++ b/src/session.c @@ -507,7

[RFC v1 02/16] iptctx: Add iptables context helper

2013-02-27 Thread Daniel Wagner
From: Daniel Wagner This helpers allow to add a bunch of iptables rules together into a set and then apply them in a 'atomic' way. Unfortunatly, it is not garanteed to be completely automic but way better then having several places trying to get this right. --- Makefile.am | 2 +- src/connma

[RFC v1 03/16] test-iptables: Add unit tests for iptctx.c

2013-02-27 Thread Daniel Wagner
From: Daniel Wagner --- Makefile.am | 2 +- unit/test-iptables.c | 96 2 files changed, 97 insertions(+), 1 deletion(-) diff --git a/Makefile.am b/Makefile.am index e9aa95a..a00f91a 100644 --- a/Makefile.am +++ b/Makefile.am @@ -312

[RFC v1 04/16] inet: Add functions to setup fwmark to routing table

2013-02-27 Thread Daniel Wagner
From: Jukka Rissanen --- src/connman.h | 2 ++ src/inet.c| 77 +++ 2 files changed, 79 insertions(+) diff --git a/src/connman.h b/src/connman.h index df24f1e..2617718 100644 --- a/src/connman.h +++ b/src/connman.h @@ -191,6 +191,8 @@

[RFC v1 05/16] inet: Add function to setup default route to a routing table

2013-02-27 Thread Daniel Wagner
From: Jukka Rissanen --- src/connman.h | 1 + src/inet.c| 63 +++ 2 files changed, 64 insertions(+) diff --git a/src/connman.h b/src/connman.h index 2617718..548f987 100644 --- a/src/connman.h +++ b/src/connman.h @@ -193,6 +193,7 @@ i

[RFC v1 06/16] inet: Use table id instead of interface index

2013-02-27 Thread Daniel Wagner
From: Daniel Wagner --- src/connman.h | 6 +++--- src/inet.c| 24 2 files changed, 7 insertions(+), 23 deletions(-) diff --git a/src/connman.h b/src/connman.h index 548f987..208678f 100644 --- a/src/connman.h +++ b/src/connman.h @@ -191,9 +191,9 @@ int __connman_in

[RFC v1 07/16] netfilter: Add netlink basic infrastructure

2013-02-27 Thread Daniel Wagner
From: Daniel Wagner Instead of factoring out common parts from rtnl.c we add a new implementation for handling the upcoming ACCT netfilter netlink messages. The main reason is not to disturb the working rtnl code (although it has several hidden bugs, which are not triggered by the ussage pattern

[RFC v1 08/16] netfilter: Add ACCT functions

2013-02-27 Thread Daniel Wagner
From: Daniel Wagner --- src/connman.h | 32 + src/netfilter.c | 358 2 files changed, 390 insertions(+) diff --git a/src/connman.h b/src/connman.h index 937d6f2..1ffecf9 100644 --- a/src/connman.h +++ b/src/connman.h @@ -891,5 +891

[RFC v1 09/16] nfacct: Add __connman_nfacct_flush()

2013-02-27 Thread Daniel Wagner
From: Daniel Wagner Add helper function for flushing all nfacct rules. --- Makefile.am | 2 +- src/connman.h | 5 +++ src/nfacct.c | 131 ++ 3 files changed, 137 insertions(+), 1 deletion(-) create mode 100644 src/nfacct.c diff --g

[RFC v1 10/16] nfacct: Add helper function for managing several rules

2013-02-27 Thread Daniel Wagner
From: Daniel Wagner --- src/connman.h | 24 +++ src/nfacct.c | 217 ++ 2 files changed, 241 insertions(+) diff --git a/src/connman.h b/src/connman.h index 9c8fbc6..89c0675 100644 --- a/src/connman.h +++ b/src/connman.h @@ -926,6 +926

[RFC v1 11/16] test-iptables: Add unit tests for netfiltet and nfacct

2013-02-27 Thread Daniel Wagner
From: Daniel Wagner We add them to the iptables file because we interacct with the iptables API too. --- Makefile.am | 3 +- unit/test-iptables.c | 160 +++ 2 files changed, 162 insertions(+), 1 deletion(-) diff --git a/Makefile.am b/Ma

[RFC v1 12/16] session: Rename config create callback

2013-02-27 Thread Daniel Wagner
From: Daniel Wagner --- src/session.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/session.c b/src/session.c index a9720f3..dd31e78 100644 --- a/src/session.c +++ b/src/session.c @@ -1619,7 +1619,7 @@ static const GDBusMethodTable session_methods[] = { { },

[RFC v1 13/16] session: Store creation related data into a struct

2013-02-27 Thread Daniel Wagner
From: Daniel Wagner During the creation period we need to keep track of data which is only needed during this period. Let's rename user_config to create_data and store all the necessary data there. This includes the session pointer so that we don't have to pass two void pointers around in the cal

[RFC v1 14/16] session: Store security context in config

2013-02-27 Thread Daniel Wagner
From: Daniel Wagner The session core needs to the security context in order to setup iptables to match on it. --- include/session.h | 8 1 file changed, 8 insertions(+) diff --git a/include/session.h b/include/session.h index 62c303c..24a03ac 100644 --- a/include/session.h +++ b/includ

[RFC v1 15/16] session_policy_local: Store context in session config

2013-02-27 Thread Daniel Wagner
From: Daniel Wagner --- plugins/session_policy_local.c | 21 + 1 file changed, 21 insertions(+) diff --git a/plugins/session_policy_local.c b/plugins/session_policy_local.c index 0e4d256..c0e7138 100644 --- a/plugins/session_policy_local.c +++ b/plugins/session_policy_local.

[RFC v1 16/16] session: Setup iptables routing and statistics

2013-02-27 Thread Daniel Wagner
From: Daniel Wagner --- src/session.c | 390 +++--- 1 file changed, 376 insertions(+), 14 deletions(-) diff --git a/src/session.c b/src/session.c index d171c7f..83c266c 100644 --- a/src/session.c +++ b/src/session.c @@ -37,6 +37,8 @@ static GH

Re: [PATCH v0 03/16] iptables: Add helper function to retrieve chain name

2013-02-27 Thread Tomasz Bursztyka
Hi Daniel, @@ -2261,11 +2276,8 @@ static int flush_table_cb(struct ipt_entry *entry, int builtin, target = ipt_get_target(entry); - if (!strcmp(target->u.user.name, IPT_ERROR_TARGET)) - name = g_strdup((const char*)target->data); - else if (builtin >= 0) -

Re: [PATCH v0 07/16] iptables: Print xtables version code only once

2013-02-27 Thread Tomasz Bursztyka
Hi Daniel, I am actually wondering if we should not just get rid of support of previous xtables (<= 5). Which distro is still using such old xtables version? Tomasz ___ connman mailing list connman@connman.net http://lists.connman.net/listinfo/connm

Re: [PATCH v0 09/16] iptables: Avoid inline ifdef by refactoring option table update

2013-02-27 Thread Tomasz Bursztyka
Hi Daniel, I don't see much point of this refactoring as well. Moreover we should verify if we can get rid of old xtables support. Tomasz ___ connman mailing list connman@connman.net http://lists.connman.net/listinfo/connman

Re: [PATCH v0 11/16] iptables: Add managed append/delete functions

2013-02-27 Thread Tomasz Bursztyka
Hi Daniel, +int __connman_iptables_managed_append(const char *table_name, + const char *chain, + const char *rule_spec) +{ + return __connman_iptables_append(table_name, chain, rule_spec); +} + +int __connman_ipt

Re: [PATCH v0 13/16] iptables: Flush connman chains

2013-02-27 Thread Tomasz Bursztyka
Le 27/02/2013 17:55, Daniel Wagner a écrit : From: Daniel Wagner Flush only ConnMan's own rules and chains. The chains naming pattern is "connman-[CHAIN NAME]". That makes it simple to find again. --- src/iptables.c | 97 +++--- 1 file chan

Re: [PATCH v0 14/16] iptables: Add managed infrastructure

2013-02-27 Thread Tomasz Bursztyka
Hi Daniel, +} + +static int chain_to_index(const char *chain_name) +{ + if (!strcmp(hooknames[NF_IP_PRE_ROUTING], chain_name)) + return 0; + if (!strcmp(hooknames[NF_IP_LOCAL_IN], chain_name)) + return 1; + if (!strcmp(hooknames[NF_IP_FORWARD], chain

Re: [PATCH v0 16/16] nat: Use managed iptables API

2013-02-27 Thread Tomasz Bursztyka
Hi Daniel, diff --git a/src/nat.c b/src/nat.c index 5447eb7..e30101b 100644 --- a/src/nat.c +++ b/src/nat.c @@ -73,7 +73,7 @@ static int enable_nat(struct connman_nat *nat) nat->address, nat->prefixlen,

Re: [PATCH v0 00/16] Managed iptables API

2013-02-27 Thread Tomasz Bursztyka
Hi Daniel, then what's happening isL iptables -t filter -N connman-OUTPUT iptables -t filter -A OUTPUT -j connman-OUTPUT iptables -t filter -A connman-OUTPUT -j LOG Obviously, the secound rule should not append but insert at first position in the builtin chain. Will fix this in the ne

Re: [PATCH v0 08/16] iptables: Improve debug log output

2013-02-27 Thread Tomasz Bursztyka
Hi Daniel, + table->name = g_strdup(table_name); + g_hash_table_insert(table_hash, g_strdup(table_name), table); Duplicate storage here. Change it so: g_hash_table_insert(table_hash, table->name, table); Of course initiate table_hash like: g_hash_table_new(g_str_hash, g_str_equ