DBUS_TIMEOUT_USE_DEFAULT appeared only in dbus-1.4.12, but earlier version is
still
in use in some distribution like Fedora 17.
---
plugins/neard.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/plugins/neard.c b/plugins/neard.c
index 145ab9e..30ad49a 100644
--- a/plugins/nea
On Wed, 2013-02-27 at 00:41 +, Zheng, Jeff wrote:
> So how to test neard plugin?
Ideally install neard using a recent enough kernel and a supported NFC
hardware. Then touch a NFC enabled access point. When you learn which
access points are working according to specifications, remember to tell
DBUS_TIMEOUT_USE_DEFAULT appeared only in dbus-1.4.12, but earlier version is
still
in use in some distribution like Fedora 17.
---
plugins/neard.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/plugins/neard.c b/plugins/neard.c
index 145ab9e..85cf06b 100644
--- a/plugins/
On Wed, 2013-02-27 at 11:17 +0200, Tomasz Bursztyka wrote:
> DBUS_TIMEOUT_USE_DEFAULT appeared only in dbus-1.4.12, but earlier version is
> still
> in use in some distribution like Fedora 17.
Applied, thanks!
Patrik
___
connman mailing list
c
From: Daniel Wagner
Rename pre_load_table() to get_table() which describes it a bit better.
Let's use the hash table to lookup if the table is already loaded.
Since this function creates and looksup the table we should also
store the newly created table into the hash in this function.
---
src/ip
From: Daniel Wagner
Hi,
This series starts with a few fixes for pretty nasty bugs which
are hiddin in the iptables code.
The mrore interesting part is the managed iptables API. This API
will insert custom rules for the builtin chains. So if you want
to add something like this:
iptables -t f
From: Daniel Wagner
Do not pass in our own meta data structure because we need these
function also when testing the plain table where we do not have
our own meta data structure available.
---
src/iptables.c | 21 +
1 file changed, 9 insertions(+), 12 deletions(-)
diff --git
From: Daniel Wagner
---
src/iptables.c | 22 +-
1 file changed, 17 insertions(+), 5 deletions(-)
diff --git a/src/iptables.c b/src/iptables.c
index dc0088c..dd06ba6 100644
--- a/src/iptables.c
+++ b/src/iptables.c
@@ -321,6 +321,21 @@ static gboolean is_chain(int builtin, st
From: Daniel Wagner
A fallthrough rule is one which has the default target name,
does not have a verdict and is not a jump rule.
is_fallthrough() is called excluslive from the insert path,
thus the value of verdict will be 0 for a fallthrough rule.
---
src/iptables.c | 8 ++--
1 file change
From: Daniel Wagner
Updating the builtin and hook index is more complex then one
would expect. In order to be able to update them correctly
we need also to pass in the underflow table to the iterate
function. To improve the readability the valid_hook magic
has been moved into next_hook_entry_inde
From: Daniel Wagner
---
src/iptables.c | 8
1 file changed, 8 insertions(+)
diff --git a/src/iptables.c b/src/iptables.c
index df0a625..ace9798 100644
--- a/src/iptables.c
+++ b/src/iptables.c
@@ -2325,6 +2325,14 @@ void flush_table(const char *name)
table->blob
From: Daniel Wagner
---
src/iptables.c | 28 +++-
1 file changed, 19 insertions(+), 9 deletions(-)
diff --git a/src/iptables.c b/src/iptables.c
index ace9798..68dfa3b 100644
--- a/src/iptables.c
+++ b/src/iptables.c
@@ -1744,8 +1744,6 @@ static int parse_xt_modules(int c
From: Daniel Wagner
We need to see a bit more in detail what happens when
CONNMAN_IPTABLES_DEBUG is not set, for example the removing/flushing
during bootup.
---
src/iptables.c | 18 --
1 file changed, 16 insertions(+), 2 deletions(-)
diff --git a/src/iptables.c b/src/iptables.c
From: Daniel Wagner
---
src/iptables.c | 100 -
1 file changed, 64 insertions(+), 36 deletions(-)
diff --git a/src/iptables.c b/src/iptables.c
index 9ead090..2489552 100644
--- a/src/iptables.c
+++ b/src/iptables.c
@@ -1511,6 +1511,68 @@ s
From: Daniel Wagner
The linked list is tracking all loading modules. Since we do not
unload once they are loaded (xtables does not support this), we
might up leaving prepare_matches() before we update the
option table. Since we carefully reset the global xtable state
after executing one rule, thi
From: Daniel Wagner
Instead directly modifying the builtin chains, we would like
to have an indirection. So any append/delete operation on
pre/in/fwd/out/post chain will be done on a ConnMan managed
custom chain. For this we introduce here 'managed' operation
which will do the additional custom c
From: Daniel Wagner
---
unit/test-iptables.c | 20
1 file changed, 20 insertions(+)
diff --git a/unit/test-iptables.c b/unit/test-iptables.c
index 52aa919..203e39a 100644
--- a/unit/test-iptables.c
+++ b/unit/test-iptables.c
@@ -221,6 +221,25 @@ static void test_iptables_ta
From: Daniel Wagner
Flush only ConnMan's own rules and chains. The chains naming pattern is
"connman-[CHAIN NAME]". That makes it simple to find again.
---
src/iptables.c | 97 +++---
1 file changed, 92 insertions(+), 5 deletions(-)
diff --git
From: Daniel Wagner
The idea is that each rule added or removed is tracked. For example
if for the first time a rule is added to the table filter chain OUTPUT
we track this.
When we need to create a new chain then we need to create the
connman-CHAIN chain. When removing we need to remove connman
From: Daniel Wagner
---
src/iptables.c | 62 +-
1 file changed, 57 insertions(+), 5 deletions(-)
diff --git a/src/iptables.c b/src/iptables.c
index 5fdf697..ea6c690 100644
--- a/src/iptables.c
+++ b/src/iptables.c
@@ -2347,17 +2347,62 @@ o
From: Daniel Wagner
---
src/nat.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/nat.c b/src/nat.c
index 5447eb7..e30101b 100644
--- a/src/nat.c
+++ b/src/nat.c
@@ -73,7 +73,7 @@ static int enable_nat(struct connman_nat *nat)
n
From: Daniel Wagner
This version is more or less the same as v1. A few small bug fixes
and GID support added.
Rebased to '[PATCH v0 00/16] Managed iptables API'
cheers,
daniel
original cover letter:
here is the initial series to allow UID matching on policy files.
The first part of the ser
From: Daniel Wagner
selinux_context_reply() should handle the 'type' conversion of
data it gets from D-Bus.
---
plugins/session_policy_local.c | 30 +++---
1 file changed, 15 insertions(+), 15 deletions(-)
diff --git a/plugins/session_policy_local.c b/plugins/session_pol
From: Daniel Wagner
Do not handle the small alloc failures because glib will abort
when memory is tight anyway.
---
include/session.h | 2 +-
plugins/session_policy_local.c | 13 +
src/session.c | 16 +++-
3 files changed, 5 insertions(+), 2
From: Daniel Wagner
Let's remove the small allocations error path because glib will
abort on memory exhausting anyway. Basically we remove dead code.
---
plugins/session_policy_local.c | 39 ---
1 file changed, 4 insertions(+), 35 deletions(-)
diff --git a/pl
From: Daniel Wagner
We want to make the lifetime of the policy data structure independent
of the policy_hash table.
---
plugins/session_policy_local.c | 13 +++--
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/plugins/session_policy_local.c b/plugins/session_policy_local.
From: Daniel Wagner
Also continue reading the rest of the policy files when starting up.
This makes the startup behavior consistent with the runtime
behavior.
---
plugins/session_policy_local.c | 25 +++--
1 file changed, 15 insertions(+), 10 deletions(-)
diff --git a/plugin
From: Daniel Wagner
Let's move the owner ship to the policy_list. The policy_hash is
only used to lookup the policy data structure.
This patch removes the requirement that the 'ident' is key to lookup
the policy data. Now we are able to define set of rules how we want
associate the file with a s
From: Daniel Wagner
We forgot to load the configuration when a new file is added
during runtime.
---
plugins/session_policy_local.c | 8
1 file changed, 8 insertions(+)
diff --git a/plugins/session_policy_local.c b/plugins/session_policy_local.c
index acfff4f..5c5a790 100644
--- a/plug
From: Daniel Wagner
Which reflects the new usage of the hash much better.
---
plugins/session_policy_local.c | 20 ++--
1 file changed, 10 insertions(+), 10 deletions(-)
diff --git a/plugins/session_policy_local.c b/plugins/session_policy_local.c
index 5c5a790..d850a6a 100644
--
From: Daniel Wagner
ident is not shared anymore between the session policy and
the file policy. Let's make this clear be renaming this member.
---
plugins/session_policy_local.c | 44 +-
1 file changed, 22 insertions(+), 22 deletions(-)
diff --git a/plugi
From: Daniel Wagner
Separate the id which associates the file and the session.
find_policy_by_file() and find_policy_by_lsm() contain the logic which
associates the configuration file with a session.
---
plugins/session_policy_local.c | 66 --
1 file chang
From: Daniel Wagner
Use the UID as identification.
---
unit/test-session.c | 156
1 file changed, 156 insertions(+)
diff --git a/unit/test-session.c b/unit/test-session.c
index d6da8d7..4041e88 100644
--- a/unit/test-session.c
+++ b/unit/test
From: Daniel Wagner
There is a common pattern when writing a callback function. Let's
add a few helper for this.
This is shamelessly stolen from oFono.
---
include/types.h | 19 +++
1 file changed, 19 insertions(+)
diff --git a/include/types.h b/include/types.h
index 0f671ec..0
From: Daniel Wagner
Be more consistent with the rest. Also shorten the a bit to verbose
name of the callback function.
---
include/session.h | 8
plugins/session_policy_local.c | 8
src/session.c | 10 +-
3 files changed, 13 insertions(+)
From: Daniel Wagner
Use the generic callback helpers to encapsulate struct create_data.
In a later patch we will add some more data elemets to struct
create_data. That is the reason why it is not remove here.
---
plugins/session_policy_local.c | 16 +---
1 file changed, 9 insertions(
From: Daniel Wagner
Use the global callback helpers instead using the local version.
---
include/dbus.h | 7 ---
plugins/session_policy_local.c | 10 +-
src/dbus.c | 30 +++---
3 files changed, 16 insertions(+), 31 deletion
From: Daniel Wagner
---
include/dbus.h | 9 +++
src/dbus.c | 83 ++
2 files changed, 92 insertions(+)
diff --git a/include/dbus.h b/include/dbus.h
index 07b44ab..cb4d34c 100644
--- a/include/dbus.h
+++ b/include/dbus.h
@@ -171,6 +
From: Daniel Wagner
When the session core ask to create a configuration, then we
first ask the D-Bus server which UID/GID the session belongs to.
If possible we also ask for the SELinux context. Then we try
to figure out which file containts the configuration for
SElinux, UID or GID identificatio
From: Daniel Wagner
---
plugins/session_policy_local.c | 24 ++--
1 file changed, 18 insertions(+), 6 deletions(-)
diff --git a/plugins/session_policy_local.c b/plugins/session_policy_local.c
index 0279863..60c3625 100644
--- a/plugins/session_policy_local.c
+++ b/plugins/se
From: Daniel Wagner
The core wants to call the destroy function from the plugin. Therefore
we need to move __connman_session_cleanup() before the
__connman_plugin_cleanup(). We also need to take care not to access
the session_hash in remove_policy() function since that table has
already been dest
From: Daniel Wagner
When we open the policy file and try to parse we might run
into an error. Instead of freeing the policy we just need
to reset it to the defaults and then try to apply the new settings.
We should reallyt not unref the policy on the error case because
the policy lifetime is atta
From: Daniel Wagner
Hi,
This version contains only a few bug fixes. The last patch definitly
needs to be splittet. But the very good news is, this really
works!
This version is onto of
'[RFC v1 01/16] session: Handle empty policy correctly'
cheers,
daniel
original cover letter:
here is my
From: Daniel Wagner
If no there is no policy ('AllowedBearers=') then is means
nothing should match.
---
src/session.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/session.c b/src/session.c
index ce7aa18..a9720f3 100644
--- a/src/session.c
+++ b/src/session.c
@@ -507,7
From: Daniel Wagner
This helpers allow to add a bunch of iptables rules together into
a set and then apply them in a 'atomic' way. Unfortunatly, it is
not garanteed to be completely automic but way better then having
several places trying to get this right.
---
Makefile.am | 2 +-
src/connma
From: Daniel Wagner
---
Makefile.am | 2 +-
unit/test-iptables.c | 96
2 files changed, 97 insertions(+), 1 deletion(-)
diff --git a/Makefile.am b/Makefile.am
index e9aa95a..a00f91a 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -312
From: Jukka Rissanen
---
src/connman.h | 2 ++
src/inet.c| 77 +++
2 files changed, 79 insertions(+)
diff --git a/src/connman.h b/src/connman.h
index df24f1e..2617718 100644
--- a/src/connman.h
+++ b/src/connman.h
@@ -191,6 +191,8 @@
From: Jukka Rissanen
---
src/connman.h | 1 +
src/inet.c| 63 +++
2 files changed, 64 insertions(+)
diff --git a/src/connman.h b/src/connman.h
index 2617718..548f987 100644
--- a/src/connman.h
+++ b/src/connman.h
@@ -193,6 +193,7 @@ i
From: Daniel Wagner
---
src/connman.h | 6 +++---
src/inet.c| 24
2 files changed, 7 insertions(+), 23 deletions(-)
diff --git a/src/connman.h b/src/connman.h
index 548f987..208678f 100644
--- a/src/connman.h
+++ b/src/connman.h
@@ -191,9 +191,9 @@ int __connman_in
From: Daniel Wagner
Instead of factoring out common parts from rtnl.c we add a
new implementation for handling the upcoming ACCT netfilter netlink
messages.
The main reason is not to disturb the working rtnl code (although
it has several hidden bugs, which are not triggered by the ussage
pattern
From: Daniel Wagner
---
src/connman.h | 32 +
src/netfilter.c | 358
2 files changed, 390 insertions(+)
diff --git a/src/connman.h b/src/connman.h
index 937d6f2..1ffecf9 100644
--- a/src/connman.h
+++ b/src/connman.h
@@ -891,5 +891
From: Daniel Wagner
Add helper function for flushing all nfacct rules.
---
Makefile.am | 2 +-
src/connman.h | 5 +++
src/nfacct.c | 131 ++
3 files changed, 137 insertions(+), 1 deletion(-)
create mode 100644 src/nfacct.c
diff --g
From: Daniel Wagner
---
src/connman.h | 24 +++
src/nfacct.c | 217 ++
2 files changed, 241 insertions(+)
diff --git a/src/connman.h b/src/connman.h
index 9c8fbc6..89c0675 100644
--- a/src/connman.h
+++ b/src/connman.h
@@ -926,6 +926
From: Daniel Wagner
We add them to the iptables file because we interacct with the
iptables API too.
---
Makefile.am | 3 +-
unit/test-iptables.c | 160 +++
2 files changed, 162 insertions(+), 1 deletion(-)
diff --git a/Makefile.am b/Ma
From: Daniel Wagner
---
src/session.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/session.c b/src/session.c
index a9720f3..dd31e78 100644
--- a/src/session.c
+++ b/src/session.c
@@ -1619,7 +1619,7 @@ static const GDBusMethodTable session_methods[] = {
{ },
From: Daniel Wagner
During the creation period we need to keep track of data
which is only needed during this period. Let's rename user_config
to create_data and store all the necessary data there. This includes
the session pointer so that we don't have to pass two void pointers
around in the cal
From: Daniel Wagner
The session core needs to the security context in order to setup
iptables to match on it.
---
include/session.h | 8
1 file changed, 8 insertions(+)
diff --git a/include/session.h b/include/session.h
index 62c303c..24a03ac 100644
--- a/include/session.h
+++ b/includ
From: Daniel Wagner
---
plugins/session_policy_local.c | 21 +
1 file changed, 21 insertions(+)
diff --git a/plugins/session_policy_local.c b/plugins/session_policy_local.c
index 0e4d256..c0e7138 100644
--- a/plugins/session_policy_local.c
+++ b/plugins/session_policy_local.
From: Daniel Wagner
---
src/session.c | 390 +++---
1 file changed, 376 insertions(+), 14 deletions(-)
diff --git a/src/session.c b/src/session.c
index d171c7f..83c266c 100644
--- a/src/session.c
+++ b/src/session.c
@@ -37,6 +37,8 @@ static GH
Hi Daniel,
@@ -2261,11 +2276,8 @@ static int flush_table_cb(struct ipt_entry *entry, int
builtin,
target = ipt_get_target(entry);
- if (!strcmp(target->u.user.name, IPT_ERROR_TARGET))
- name = g_strdup((const char*)target->data);
- else if (builtin >= 0)
-
Hi Daniel,
I am actually wondering if we should not just get rid of support of
previous xtables (<= 5).
Which distro is still using such old xtables version?
Tomasz
___
connman mailing list
connman@connman.net
http://lists.connman.net/listinfo/connm
Hi Daniel,
I don't see much point of this refactoring as well. Moreover we should
verify if we can get rid of old xtables support.
Tomasz
___
connman mailing list
connman@connman.net
http://lists.connman.net/listinfo/connman
Hi Daniel,
+int __connman_iptables_managed_append(const char *table_name,
+ const char *chain,
+ const char *rule_spec)
+{
+ return __connman_iptables_append(table_name, chain, rule_spec);
+}
+
+int __connman_ipt
Le 27/02/2013 17:55, Daniel Wagner a écrit :
From: Daniel Wagner
Flush only ConnMan's own rules and chains. The chains naming pattern is
"connman-[CHAIN NAME]". That makes it simple to find again.
---
src/iptables.c | 97 +++---
1 file chan
Hi Daniel,
+}
+
+static int chain_to_index(const char *chain_name)
+{
+ if (!strcmp(hooknames[NF_IP_PRE_ROUTING], chain_name))
+ return 0;
+ if (!strcmp(hooknames[NF_IP_LOCAL_IN], chain_name))
+ return 1;
+ if (!strcmp(hooknames[NF_IP_FORWARD], chain
Hi Daniel,
diff --git a/src/nat.c b/src/nat.c
index 5447eb7..e30101b 100644
--- a/src/nat.c
+++ b/src/nat.c
@@ -73,7 +73,7 @@ static int enable_nat(struct connman_nat *nat)
nat->address,
nat->prefixlen,
Hi Daniel,
then what's happening isL
iptables -t filter -N connman-OUTPUT
iptables -t filter -A OUTPUT -j connman-OUTPUT
iptables -t filter -A connman-OUTPUT -j LOG
Obviously, the secound rule should not append but insert
at first position in the builtin chain. Will fix this
in the ne
Hi Daniel,
+ table->name = g_strdup(table_name);
+
g_hash_table_insert(table_hash, g_strdup(table_name), table);
Duplicate storage here. Change it so: g_hash_table_insert(table_hash,
table->name, table);
Of course initiate table_hash like: g_hash_table_new(g_str_hash,
g_str_equ
68 matches
Mail list logo