From: Daniel Wagner <[email protected]> Hi,
This series is based on "[PATCH v3 00/20] Add UID support to session policies" I have rebased and cleanup slightly this series. It is still a bit rough but overall they quite stable already. Anyway, let me go through the series inet: Add functions to setup fwmark to routing table inet: Add function to setup default route to a routing table These patches are from Jukka, therefore I didn't want to change them. inet: Use table id instead of interface index This patch does the necessary changes on the previous patches. Tomasz, that was the reason why there was some adding/deleting dance in the series :) netfilter: Add netlink basic infrastructure This patch just introduces some infrastructure in order to be able to have NFACCT working. This patch should be replaced with Marcel's genl.[ch] implementation. netfilter: Add ACCT functions This one here adds the NFACCT specific netfilter code. nfacct: Add __connman_nfacct_flush() Because we want a clean sleeve when booting we want to flush all NFACCT rules. We propably also don't want to flush all NFACCT rules, only 'connman-session-' prefixed ones. nfacct: Add helper function for managing several rules This is comparable with the firewall.c API. iptables-unit: Add unit tests for netfiltet and nfacct And obviously adding some tests to iptables-unit. session: Rename config create callback session: Store creation related data into a struct As usual some more refactoring. session: Store security context in config session_policy_local: Store context in session config Let the policy plugin set the 'ident'. session.c uses this information to pick the right set of iptables rules. session: Setup iptables routing and statistics And this brings us to the final patch. It implements the 'per app routing and statistic' feature. I have not started to split it up. Too many patches still in the queue to be reviewed :) Have a nice weekend, daniel Daniel Wagner (11): inet: Use table id instead of interface index netfilter: Add netlink basic infrastructure netfilter: Add ACCT functions nfacct: Add __connman_nfacct_flush() nfacct: Add helper function for managing several rules iptables-unit: Add unit tests for netfiltet and nfacct session: Rename config create callback session: Store creation related data into a struct session: Store security context in config session_policy_local: Store context in session config session: Setup iptables routing and statistics Jukka Rissanen (2): inet: Add functions to setup fwmark to routing table inet: Add function to setup default route to a routing table Makefile.am | 6 +- include/session.h | 9 + plugins/session_policy_local.c | 25 ++ src/connman.h | 67 +++++ src/inet.c | 124 +++++++++ src/main.c | 2 + src/netfilter.c | 618 +++++++++++++++++++++++++++++++++++++++++ src/nfacct.c | 348 +++++++++++++++++++++++ src/session.c | 456 +++++++++++++++++++++++++++--- tools/iptables-unit.c | 160 +++++++++++ 10 files changed, 1767 insertions(+), 48 deletions(-) create mode 100644 src/netfilter.c create mode 100644 src/nfacct.c -- 1.8.2.rc3.16.gce432ca _______________________________________________ connman mailing list [email protected] http://lists.connman.net/listinfo/connman
