From: Daniel Wagner <daniel.wag...@bmw-carit.de> Hi,
This version contains only a few bug fixes. The last patch definitly needs to be splittet. But the very good news is, this really works! This version is onto of '[RFC v1 01/16] session: Handle empty policy correctly' cheers, daniel original cover letter: here is my current set of patches which implement the per applciation routing via iptables and NFACCT. In order to get this working I have created a new iptables matcher called 'secmark' which matches on the security context of an application. Obviously we could get this also working via UIDs. That would mean each application need to have their own UID. I'd like to support this use case as well. This series is on top of the 'iptables improvements' series. Daniel Wagner (14): session: Handle empty policy correctly iptctx: Add iptables context helper test-iptables: Add unit tests for iptctx.c inet: Use table id instead of interface index netfilter: Add netlink basic infrastructure netfilter: Add ACCT functions nfacct: Add __connman_nfacct_flush() nfacct: Add helper function for managing several rules test-iptables: Add unit tests for netfiltet and nfacct session: Rename config create callback session: Store creation related data into a struct session: Store security context in config session_policy_local: Store context in session config session: Setup iptables routing and statistics Jukka Rissanen (2): inet: Add functions to setup fwmark to routing table inet: Add function to setup default route to a routing table Makefile.am | 5 +- include/session.h | 8 + plugins/session_policy_local.c | 21 ++ src/connman.h | 79 ++++++ src/inet.c | 124 +++++++++ src/iptctx.c | 191 +++++++++++++ src/main.c | 2 + src/netfilter.c | 618 +++++++++++++++++++++++++++++++++++++++++ src/nfacct.c | 348 +++++++++++++++++++++++ src/session.c | 458 ++++++++++++++++++++++++++---- unit/test-iptables.c | 256 +++++++++++++++++ 11 files changed, 2060 insertions(+), 50 deletions(-) create mode 100644 src/iptctx.c create mode 100644 src/netfilter.c create mode 100644 src/nfacct.c -- 1.8.1.3.566.gaa39828 _______________________________________________ connman mailing list connman@connman.net http://lists.connman.net/listinfo/connman
