[PATCH 4/5] Firewall manager

From: Jiri Popelka <jpopelka redhat com>
To: networkmanager-list gnome org
Subject: [PATCH 4/5] Firewall manager
Date: Fri, 7 Oct 2011 15:58:08 +0200
src/firewall-manager tracks whether firewall is on the bus or not.
In nm-device.c at stage5 (ip-config-commit) before we actually
apply the IP configuration to the interface, we send the
IP interface name and zone to firewall and asynchronously wait
for a D-Bus reply.  Then after we get the reply
(or if the firewall isn't running) we proceed with
applying the IP configuration to the interface.
---
 configure.ac                               |    1 +
 src/Makefile.am                            |    3 +
 src/firewall-manager/Makefile.am           |   26 +++
 src/firewall-manager/nm-firewall-manager.c |  233 ++++++++++++++++++++++++++++
 src/firewall-manager/nm-firewall-manager.h |   63 ++++++++
 src/firewall-manager/nm-firewall-types.h   |   26 +++
 src/main.c                                 |   12 ++
 src/nm-device.c                            |   75 +++++++++-
 8 files changed, 434 insertions(+), 5 deletions(-)
 create mode 100644 src/firewall-manager/Makefile.am
 create mode 100644 src/firewall-manager/nm-firewall-manager.c
 create mode 100644 src/firewall-manager/nm-firewall-manager.h
 create mode 100644 src/firewall-manager/nm-firewall-types.h

diff --git a/configure.ac b/configure.ac
index ac6da48..03fd712 100644
--- a/configure.ac
+++ b/configure.ac
@@ -656,6 +656,7 @@ src/ppp-manager/Makefile
 src/dnsmasq-manager/Makefile
 src/modem-manager/Makefile
 src/bluez-manager/Makefile
+src/firewall-manager/Makefile
 src/settings/Makefile
 src/settings/plugins/Makefile
 src/settings/plugins/ifupdown/Makefile
diff --git a/src/Makefile.am b/src/Makefile.am
index cbcfdc6..e160b08 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -10,6 +10,7 @@ SUBDIRS= \
 	dnsmasq-manager \
 	modem-manager \
 	bluez-manager \
+	firewall-manager \
 	settings
 
 if WITH_WIMAX
@@ -30,6 +31,7 @@ INCLUDES = -I${top_srcdir} \
            -I${top_srcdir}/src/dnsmasq-manager \
            -I${top_srcdir}/src/modem-manager \
            -I$(top_srcdir)/src/bluez-manager \
+           -I$(top_srcdir)/src/firewall-manager \
            -I$(top_srcdir)/src/settings \
            -I${top_srcdir}/libnm-util \
            -I${top_srcdir}/callouts
@@ -269,6 +271,7 @@ NetworkManager_LDADD = \
 	./ppp-manager/libppp-manager.la \
 	./modem-manager/libmodem-manager.la \
 	./bluez-manager/libbluez-manager.la \
+	./firewall-manager/libfirewall-manager.la \
 	./settings/libsettings.la \
 	$(WIMAX_LIBS) \
 	./backends/libnmbackend.la \
diff --git a/src/firewall-manager/Makefile.am b/src/firewall-manager/Makefile.am
new file mode 100644
index 0000000..f190bb7
--- /dev/null
+++ b/src/firewall-manager/Makefile.am
@@ -0,0 +1,26 @@
+INCLUDES = \
+	-I${top_srcdir}/src \
+	-I${top_srcdir}/src/logging \
+	-I${top_srcdir}/include \
+	-I${top_srcdir}/libnm-util \
+	-I${top_builddir}/marshallers
+
+noinst_LTLIBRARIES = libfirewall-manager.la
+
+libfirewall_manager_la_SOURCES = \
+	nm-firewall-types.h \
+	nm-firewall-manager.h \
+	nm-firewall-manager.c
+
+libfirewall_manager_la_CPPFLAGS = \
+	$(DBUS_CFLAGS) \
+	$(GLIB_CFLAGS) \
+	-DNM_PKGDATADIR=\"$(pkgdatadir)\" \
+	-DNM_LOCALSTATEDIR=\"$(localstatedir)\"
+
+libfirewall_manager_la_LIBADD = \
+	$(top_builddir)/marshallers/libmarshallers.la \
+	$(top_builddir)/src/logging/libnm-logging.la \
+	$(DBUS_LIBS) \
+	$(GLIB_LIBS)
+
diff --git a/src/firewall-manager/nm-firewall-manager.c b/src/firewall-manager/nm-firewall-manager.c
new file mode 100644
index 0000000..b3908e3
--- /dev/null
+++ b/src/firewall-manager/nm-firewall-manager.c
@@ -0,0 +1,233 @@
+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: t; c-basic-offset: 4 -*- */
+/* NetworkManager -- Network link manager
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Copyright (C) 2011 Red Hat, Inc.
+ */
+
+#include <string.h>
+#include <glib.h>
+#include <dbus/dbus.h>
+
+#include "nm-firewall-manager.h"
+#include "nm-dbus-manager.h"
+#include "nm-logging.h"
+
+#define DBUS_TYPE_G_STRING_VALUE_HASHTABLE (dbus_g_type_get_map ("GHashTable", G_TYPE_STRING, G_TYPE_VALUE))
+
+#define NM_FIREWALL_MANAGER_GET_PRIVATE(o) (G_TYPE_INSTANCE_GET_PRIVATE ((o), \
+                                              NM_TYPE_FIREWALL_MANAGER, \
+                                              NMFirewallManagerPrivate))
+
+G_DEFINE_TYPE (NMFirewallManager, nm_firewall_manager, G_TYPE_OBJECT)
+
+/* Properties */
+enum {
+	PROP_0 = 0,
+	PROP_AVAILABLE,
+	LAST_PROP
+};
+
+typedef struct {
+	NMDBusManager * dbus_mgr;
+	guint           name_owner_id;
+	DBusGProxy *    proxy;
+	gboolean        running;
+	gboolean        disposed;
+} NMFirewallManagerPrivate;
+
+/********************************************************************/
+
+DBusGProxyCall *
+nm_firewall_manager_add_to_zone (NMFirewallManager *self,
+                                 const char *ip_iface,
+                                 const char *zone,
+                                 DBusGProxyCallNotify callback,
+                                 gpointer callback_data)
+{
+	NMFirewallManagerPrivate *priv = NM_FIREWALL_MANAGER_GET_PRIVATE (self);
+	DBusGProxyCall * call = NULL;
+
+	if (nm_firewall_manager_available (self)) {
+		nm_log_dbg (LOGD_DEVICE, "telling firewall to add ip_iface: %s to zone: %s", ip_iface, zone );
+		call = dbus_g_proxy_begin_call_with_timeout(priv->proxy,
+		                                            "AddInterface",
+		                                            callback,
+		                                            callback_data, /* NMDevice */
+		                                            NULL, /* destroy callback_data */
+		                                            10000,      /* timeout */
+		                                            G_TYPE_STRING, ip_iface,
+		                                            G_TYPE_STRING, zone,
+		                                            DBUS_TYPE_G_STRING_VALUE_HASHTABLE, NULL, /* a{sv}:options */
+		                                            G_TYPE_INVALID);
+	}
+	else {
+		nm_log_dbg (LOGD_DEVICE, "firewall isn't running.");
+		callback(NULL, NULL, callback_data);
+	}
+
+	return call;
+}
+
+void nm_firewall_manager_cancel_add (NMFirewallManager *self, DBusGProxyCall * fw_call)
+{
+	NMFirewallManagerPrivate *priv = NM_FIREWALL_MANAGER_GET_PRIVATE (self);
+
+	dbus_g_proxy_cancel_call(priv->proxy, fw_call);
+}
+
+gboolean
+nm_firewall_manager_available (NMFirewallManager *self)
+{
+	g_return_val_if_fail (self != NULL, FALSE);
+	g_return_val_if_fail (NM_IS_FIREWALL_MANAGER (self), FALSE);
+
+	return NM_FIREWALL_MANAGER_GET_PRIVATE (self)->running;
+}
+
+static void
+set_running (NMFirewallManager *self, gboolean now_running)
+{
+	NMFirewallManagerPrivate *priv = NM_FIREWALL_MANAGER_GET_PRIVATE (self);
+	gboolean old_available = nm_firewall_manager_available (self);
+
+	priv->running = now_running;
+	if (old_available != nm_firewall_manager_available (self))
+		g_object_notify (G_OBJECT (self), NM_FIREWALL_MANAGER_AVAILABLE);
+}
+
+static void
+name_owner_changed (NMDBusManager *dbus_mgr,
+                    const char *name,
+                    const char *old_owner,
+                    const char *new_owner,
+                    gpointer user_data)
+{
+	NMFirewallManager *self = NM_FIREWALL_MANAGER (user_data);
+	gboolean old_owner_good = (old_owner && strlen (old_owner));
+	gboolean new_owner_good = (new_owner && strlen (new_owner));
+
+	/* We only care about the firewall here */
+	if (strcmp (FIREWALL_DBUS_SERVICE, name) != 0)
+		return;
+
+	if (!old_owner_good && new_owner_good) {
+		nm_log_info (LOGD_DEVICE, "firewall started");
+		set_running (self, TRUE);
+	} else if (old_owner_good && !new_owner_good) {
+		nm_log_info (LOGD_DEVICE, "firewall stopped");
+		set_running (self, FALSE);
+	}
+}
+
+/*******************************************************************/
+
+NMFirewallManager *
+nm_firewall_manager_get (void)
+{
+	static NMFirewallManager *singleton = NULL;
+
+	if (!singleton)
+		singleton = NM_FIREWALL_MANAGER (g_object_new (NM_TYPE_FIREWALL_MANAGER, NULL));
+	else
+		g_object_ref (singleton);
+
+	g_assert (singleton);
+	return singleton;
+}
+
+static void
+nm_firewall_manager_init (NMFirewallManager * self)
+{
+	NMFirewallManagerPrivate *priv = NM_FIREWALL_MANAGER_GET_PRIVATE (self);
+	DBusGConnection *bus;
+
+	priv->dbus_mgr = nm_dbus_manager_get ();
+	priv->name_owner_id = g_signal_connect (priv->dbus_mgr,
+	                                        NM_DBUS_MANAGER_NAME_OWNER_CHANGED,
+	                                        G_CALLBACK (name_owner_changed),
+	                                        self);
+	priv->running = nm_dbus_manager_name_has_owner (priv->dbus_mgr, FIREWALL_DBUS_SERVICE);
+	nm_log_dbg (LOGD_DEVICE, "firewall is %s running", priv->running ? "" : "not" );
+
+	bus = nm_dbus_manager_get_connection (priv->dbus_mgr);
+	priv->proxy = dbus_g_proxy_new_for_name (bus,
+	                                         FIREWALL_DBUS_SERVICE,
+	                                         FIREWALL_DBUS_PATH,
+	                                         FIREWALL_DBUS_INTERFACE);
+}
+
+static void
+set_property (GObject *object, guint prop_id, const GValue *value, GParamSpec *pspec)
+{
+	G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
+}
+
+static void
+get_property (GObject *object, guint prop_id, GValue *value, GParamSpec *pspec)
+{
+	switch (prop_id) {
+	case PROP_AVAILABLE:
+		g_value_set_boolean (value, nm_firewall_manager_available (NM_FIREWALL_MANAGER (object)));
+		break;
+	default:
+		G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
+		break;
+	}
+}
+
+static void
+dispose (GObject *object)
+{
+	NMFirewallManagerPrivate *priv = NM_FIREWALL_MANAGER_GET_PRIVATE (object);
+
+	if (priv->disposed)
+		goto out;
+	priv->disposed = TRUE;
+
+	if (priv->dbus_mgr) {
+		if (priv->name_owner_id)
+			g_signal_handler_disconnect (priv->dbus_mgr, priv->name_owner_id);
+		g_object_unref (G_OBJECT (priv->dbus_mgr));
+	}
+
+	if (priv->proxy)
+		g_object_unref (priv->proxy);
+
+out:
+	/* Chain up to the parent class */
+	G_OBJECT_CLASS (nm_firewall_manager_parent_class)->dispose (object);
+}
+
+static void
+nm_firewall_manager_class_init (NMFirewallManagerClass *klass)
+{
+	GObjectClass *object_class = G_OBJECT_CLASS (klass);
+
+	g_type_class_add_private (object_class, sizeof (NMFirewallManagerPrivate));
+
+	object_class->get_property = get_property;
+	object_class->set_property = set_property;
+	object_class->dispose = dispose;
+
+	g_object_class_install_property (object_class, PROP_AVAILABLE,
+		g_param_spec_boolean (NM_FIREWALL_MANAGER_AVAILABLE,
+		                      "Available",
+		                      "Available",
+		                      FALSE,
+		                      G_PARAM_READABLE));
+}
+
diff --git a/src/firewall-manager/nm-firewall-manager.h b/src/firewall-manager/nm-firewall-manager.h
new file mode 100644
index 0000000..bd827c9
--- /dev/null
+++ b/src/firewall-manager/nm-firewall-manager.h
@@ -0,0 +1,63 @@
+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: t; c-basic-offset: 4 -*- */
+/* NetworkManager -- Network link manager
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Copyright (C) 2011 Red Hat, Inc.
+ */
+
+#ifndef NM_FIREWALL_MANAGER_H
+#define NM_FIREWALL_MANAGER_H
+
+#include <glib-object.h>
+#include <dbus/dbus-glib.h>
+#include "nm-firewall-types.h"
+
+#define FIREWALL_DBUS_SERVICE	"org.fedoraproject.FirewallD"
+#define FIREWALL_DBUS_PATH		"/org/fedoraproject/FirewallD"
+#define FIREWALL_DBUS_INTERFACE	"org.fedoraproject.FirewallD"
+
+
+G_BEGIN_DECLS
+
+#define NM_TYPE_FIREWALL_MANAGER				(nm_firewall_manager_get_type ())
+#define NM_FIREWALL_MANAGER(obj)				(G_TYPE_CHECK_INSTANCE_CAST ((obj), NM_TYPE_FIREWALL_MANAGER, NMFirewallManager))
+#define NM_FIREWALL_MANAGER_CLASS(klass)		(G_TYPE_CHECK_CLASS_CAST ((klass),  NM_TYPE_FIREWALL_MANAGER, NMFirewallManagerClass))
+#define NM_IS_FIREWALL_MANAGER(obj)				(G_TYPE_CHECK_INSTANCE_TYPE ((obj), NM_TYPE_FIREWALL_MANAGER))
+#define NM_IS_FIREWALL_MANAGER_CLASS(klass)		(G_TYPE_CHECK_CLASS_TYPE ((klass),  NM_TYPE_FIREWALL_MANAGER))
+#define NM_FIREWALL_MANAGER_GET_CLASS(obj)		(G_TYPE_INSTANCE_GET_CLASS ((obj),  NM_TYPE_FIREWALL_MANAGER, NMFirewallManagerClass))
+
+#define NM_FIREWALL_MANAGER_AVAILABLE "available"
+
+struct _NMFirewallManager
+{
+	GObject parent;
+};
+
+typedef struct
+{
+	GObjectClass parent;
+} NMFirewallManagerClass;
+
+GType nm_firewall_manager_get_type (void);
+
+NMFirewallManager *nm_firewall_manager_get (void);
+
+gboolean nm_firewall_manager_available (NMFirewallManager *mgr);
+
+DBusGProxyCall *nm_firewall_manager_add_to_zone(NMFirewallManager *mgr, const char *ip_iface, const char *zone, DBusGProxyCallNotify callback, gpointer callback_data);
+void nm_firewall_manager_cancel_add (NMFirewallManager *mgr, DBusGProxyCall * fw_call);
+
+#endif /* NM_FIREWALL_MANAGER_H */
diff --git a/src/firewall-manager/nm-firewall-types.h b/src/firewall-manager/nm-firewall-types.h
new file mode 100644
index 0000000..5d0b456
--- /dev/null
+++ b/src/firewall-manager/nm-firewall-types.h
@@ -0,0 +1,26 @@
+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: t; c-basic-offset: 4 -*- */
+/* NetworkManager -- Network link manager
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Copyright (C) 2011 Red Hat, Inc.
+ */
+
+#ifndef NM_FIREWALL_TYPES_H
+#define NM_FIREWALL_TYPES_H
+
+typedef struct _NMFirewallManager NMFirewallManager;
+
+#endif  /* NM_FIREWALL_TYPES_H */
diff --git a/src/main.c b/src/main.c
index b7c0fd5..f727587 100644
--- a/src/main.c
+++ b/src/main.c
@@ -45,6 +45,7 @@
 #include "nm-dbus-manager.h"
 #include "nm-supplicant-manager.h"
 #include "nm-dhcp-manager.h"
+#include "nm-firewall-manager.h"
 #include "nm-hostname-provider.h"
 #include "nm-netlink-monitor.h"
 #include "nm-vpn-manager.h"
@@ -427,6 +428,7 @@ main (int argc, char *argv[])
 	NMDBusManager *dbus_mgr = NULL;
 	NMSupplicantManager *sup_mgr = NULL;
 	NMDHCPManager *dhcp_mgr = NULL;
+	NMFirewallManager *fw_mgr = NULL;
 	NMSettings *settings = NULL;
 	NMConfig *config;
 	GError *error = NULL;
@@ -655,6 +657,13 @@ main (int argc, char *argv[])
 
 	nm_dhcp_manager_set_hostname_provider (dhcp_mgr, NM_HOSTNAME_PROVIDER (manager));
 
+	/* Initialize Firewall manager */
+	fw_mgr = nm_firewall_manager_get ();
+	if (!fw_mgr) {
+		nm_log_err (LOGD_CORE, "failed to start the Firewall manager: %s.", error->message);
+		goto done;
+	}
+
 	/* Start our DBus service */
 	if (!nm_dbus_manager_start_service (dbus_mgr)) {
 		nm_log_err (LOGD_CORE, "failed to start the dbus service.");
@@ -699,6 +708,9 @@ done:
 	if (sup_mgr)
 		g_object_unref (sup_mgr);
 
+	if (fw_mgr)
+		g_object_unref (fw_mgr);
+
 	if (dbus_mgr)
 		g_object_unref (dbus_mgr);
 
diff --git a/src/nm-device.c b/src/nm-device.c
index 559606c..dabf998 100644
--- a/src/nm-device.c
+++ b/src/nm-device.c
@@ -57,6 +57,7 @@
 #include "nm-ip6-manager.h"
 #include "nm-marshal.h"
 #include "nm-rfkill.h"
+#include "nm-firewall-manager.h"
 
 #define NM_ACT_REQUEST_IP4_CONFIG "nm-act-request-ip4-config"
 #define NM_ACT_REQUEST_IP6_CONFIG "nm-act-request-ip6-config"
@@ -126,6 +127,10 @@ typedef struct {
 	NMDnsMasqManager *dnsmasq_manager;
 	gulong            dnsmasq_state_id;
 
+	/* Firewall Manager */
+	NMFirewallManager *fw_manager;
+	DBusGProxyCall    *fw_call;
+
 	/* avahi-autoipd stuff */
 	GPid    aipd_pid;
 	guint   aipd_watch;
@@ -298,6 +303,8 @@ constructor (GType type,
 
 	priv->dhcp_manager = nm_dhcp_manager_get ();
 
+	priv->fw_manager = nm_firewall_manager_get ();
+
 	update_accept_ra_save (dev);
 
 	priv->initialized = TRUE;
@@ -2646,6 +2653,41 @@ out:
 	return FALSE;
 }
 
+static void
+add_to_zone_cb (DBusGProxy       *proxy,
+                DBusGProxyCall   *call_id,
+                void             *user_data)
+{
+	NMDevice *self = NM_DEVICE (user_data);
+	NMDevicePrivate *priv = NM_DEVICE_GET_PRIVATE (self);
+	GError *error = NULL;
+
+	priv->fw_call = NULL;
+
+	if (proxy && call_id) {
+		if (!dbus_g_proxy_end_call (proxy, call_id, &error, G_TYPE_INVALID)) {
+			nm_log_warn (LOGD_DEVICE, "adding iface to zone failed: (%d) %s",
+					     error ? error->code : -1,
+					     error && error->message ? error->message : "(unknown)");
+			g_clear_error (&error);
+
+			/*
+			 * TODO: do we need to do anything else here ?
+			 */
+		} else {
+			/* ip_iface was correctly added to zone by firewall */
+		}
+	} else {
+		/* firewall isn't running or we couldn't determine zone */
+	}
+
+	activation_source_schedule (self, nm_device_activate_stage5_ip_config_commit, 0);
+
+	nm_log_info (LOGD_DEVICE,
+	             "Activation (%s) Stage 5 of 5 (IP Configure Commit) scheduled...",
+	             nm_device_get_iface (self));
+
+}
 
 /*
  * nm_device_activate_schedule_stage5_ip_config_commit
@@ -2656,6 +2698,10 @@ static void
 nm_device_activate_schedule_stage5_ip_config_commit (NMDevice *self, int family)
 {
 	NMDevicePrivate *priv;
+	NMActRequest *req = NULL;
+	NMConnection *connection = NULL;
+	NMSettingConnection *s_con = NULL;
+	const char *zone = NULL;
 
 	g_return_if_fail (NM_IS_DEVICE (self));
 
@@ -2675,11 +2721,21 @@ nm_device_activate_schedule_stage5_ip_config_commit (NMDevice *self, int family)
 	if (!priv->ip4_ready || !priv->ip6_ready)
 		return;
 
-	activation_source_schedule (self, nm_device_activate_stage5_ip_config_commit, 0);
-
-	nm_log_info (LOGD_DEVICE,
-	             "Activation (%s) Stage 5 of 5 (IP Configure Commit) scheduled...",
-	             nm_device_get_iface (self));
+	req = nm_device_get_act_request (self);
+	connection = nm_act_request_get_connection (req);
+	s_con= nm_connection_get_setting_connection(connection);
+	zone = nm_setting_connection_get_zone(s_con);
+	if (!zone) {
+		nm_log_warn (LOGD_DEVICE, "couldn't determine Zone. Skipping firewall bits.");
+		add_to_zone_cb (NULL, NULL, (void *) self);
+	} else {
+		priv->fw_call = (DBusGProxyCall *)
+						nm_firewall_manager_add_to_zone (priv->fw_manager,
+						                                 nm_device_get_ip_iface(self),
+						                                 zone,
+						                                 add_to_zone_cb,
+						                                 (gpointer) self);
+	}
 }
 
 
@@ -2837,6 +2893,12 @@ nm_device_deactivate (NMDeviceInterface *device, NMDeviceStateReason reason)
 	if (NM_DEVICE_GET_PRIVATE (self)->ip6_manager)
 		tried_ipv6 = TRUE;
 
+	/* Clean up when device was deactivated during call to firewall */
+	if (priv->fw_call) {
+		nm_firewall_manager_cancel_add (priv->fw_manager, priv->fw_call);
+		priv->fw_call = NULL;
+	}
+
 	/* Break the activation chain */
 	activation_source_clear (self, TRUE, AF_INET);
 	activation_source_clear (self, TRUE, AF_INET6);
@@ -3380,6 +3442,9 @@ finalize (GObject *object)
 	if (priv->dhcp_manager)
 		g_object_unref (priv->dhcp_manager);
 
+	if (priv->fw_manager)
+		g_object_unref (priv->fw_manager);
+
 	g_free (priv->udi);
 	g_free (priv->iface);
 	g_free (priv->ip_iface);
-- 
1.7.6.4
References:
- [PATCH 0/5] Second round of Network Zones support
  - From: Jiri Popelka
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]