[PATCH 00/17] iptables-test tool improvments

Fri, 02 Sep 2011 04:26:52 -0700 

Hello,

As an introduction to connman's core iptables API, I started to improve 
iptables-test tool first.
I added some features which adds the capability to play atomically against 
netfilter rules. 
This was the result of previous discussion about Personnal Firewall feature we 
had. 
(see http://lists.connman.net/pipermail/connman/2011-July/005429.html )

So, this patch-set adds capability to:

- insert a rule.
- delete selectively a rule.
- load necessary kernel modules when it's ran 

It has generated some refactorization and so on, to get clearer code and 
reusable parts.

According to my manual tests, it seems to run fine.
Please, note that unlike the real iptables tool, iptables-test tool does not no 
sanity check 
for you while you delete a rule or flush a chain: if there were references 
against those, it 
will result in a corrupted table. This tool is only for testing purpose as 
usual ;)

I am already preparing src/iptables.c patch-set based on that one. Though I 
would prefer 
getting this one reviewed first so I won't do same mistakes, if any, in next 
one.

Please review, 

Tomasz Bursztyka (17):
  tools: find_chain_head/find_chain_tail code factorization in
    iptables-test
  tools: added helper function to remove table entry in iptables-test
  tools: iptables-test delete a chain if only it is already flushed.
  tools: small indentation fix in iptables-test
  tools: in, out, source and destination support in iptables-test
  tools: fix memory leak in iptables-test.c
  tools: code factorization for rule inclusion in iptables-test
  tools: adding capability to insert a rule in iptables-test
  tools: renaming add into append into iptables-test
  tools: fixing target reference update in iptables-test
  tools: refactoring how jumps are handled in iptables-test
  tools: factorization of target reference update in iptables-test
  tools: rule deletion capability added to iptables-test
  tools: adding capability to load necessary modules into iptables-test
  tools: tiny indentation fix in iptables-test
  tools: copyright year update in iptables-test
  todo: added details to personnal firewall task

 TODO                  |    6 +-
 tools/iptables-test.c |  642 ++++++++++++++++++++++++++++++++++++++-----------
 2 files changed, 500 insertions(+), 148 deletions(-)

-- 
1.7.3.4

_______________________________________________
connman mailing list
[email protected]
http://lists.connman.net/listinfo/connman

Reply via email to