[PATCH 2/2] firewall-manager: changing the zone an interface belongs to
- From: Jiri Popelka <jpopelka redhat com>
- To: networkmanager-list gnome org
- Subject: [PATCH 2/2] firewall-manager: changing the zone an interface belongs to
- Date: Thu, 1 Mar 2012 18:54:23 +0100
When we want to change the zone an interface belongs to
we can't use firewalld's addInterface() because this one
doesn't allow to add interface to zone when it already
has been part of some other/same zone.
We need to use changeZone() method instead - hopefuly
this is the final name of this method.
---
src/firewall-manager/nm-firewall-manager.c | 25 ++++++++++----------
src/firewall-manager/nm-firewall-manager.h | 13 +++++-----
src/nm-device.c | 3 +-
src/nm-policy.c | 34 +++++++++++++++------------
4 files changed, 41 insertions(+), 34 deletions(-)
diff --git a/src/firewall-manager/nm-firewall-manager.c b/src/firewall-manager/nm-firewall-manager.c
index d9122af..303c8cd 100644
--- a/src/firewall-manager/nm-firewall-manager.c
+++ b/src/firewall-manager/nm-firewall-manager.c
@@ -73,7 +73,7 @@ cb_info_free (CBInfo *info)
}
static void
-add_cb (DBusGProxy *proxy, DBusGProxyCall *call_id, gpointer user_data)
+add_or_change_cb (DBusGProxy *proxy, DBusGProxyCall *call_id, gpointer user_data)
{
CBInfo *info = user_data;
GError *error = NULL;
@@ -83,7 +83,7 @@ add_cb (DBusGProxy *proxy, DBusGProxyCall *call_id, gpointer user_data)
G_TYPE_STRING, &zone,
G_TYPE_INVALID)) {
g_assert (error);
- nm_log_warn (LOGD_FIREWALL, "(%s) firewall zone add failed: (%d) %s",
+ nm_log_warn (LOGD_FIREWALL, "(%s) firewall zone add/change failed: (%d) %s",
info->iface, error->code, error->message);
}
@@ -94,18 +94,19 @@ add_cb (DBusGProxy *proxy, DBusGProxyCall *call_id, gpointer user_data)
}
gpointer
-nm_firewall_manager_add_to_zone (NMFirewallManager *self,
- const char *iface,
- const char *zone,
- FwAddToZoneFunc callback,
- gpointer user_data1,
- gpointer user_data2)
+nm_firewall_manager_add_or_change_zone (NMFirewallManager *self,
+ const char *iface,
+ const char *zone,
+ gboolean add, /* TRUE == add, FALSE == change */
+ FwAddToZoneFunc callback,
+ gpointer user_data1,
+ gpointer user_data2)
{
NMFirewallManagerPrivate *priv = NM_FIREWALL_MANAGER_GET_PRIVATE (self);
CBInfo *info;
if (priv->running == FALSE) {
- nm_log_dbg (LOGD_FIREWALL, "(%s) firewall zone add skipped (not running)", iface);
+ nm_log_dbg (LOGD_FIREWALL, "(%s) firewall zone add/change skipped (not running)", iface);
callback (NULL, user_data1, user_data2);
return NULL;
}
@@ -116,10 +117,10 @@ nm_firewall_manager_add_to_zone (NMFirewallManager *self,
info->user_data1 = user_data1;
info->user_data2 = user_data2;
- nm_log_dbg (LOGD_FIREWALL, "(%s) firewall zone add -> %s", iface, zone );
+ nm_log_dbg (LOGD_FIREWALL, "(%s) firewall zone %s -> %s", iface, add ? "add" : "change", zone);
return dbus_g_proxy_begin_call_with_timeout (priv->proxy,
- "addInterface",
- add_cb,
+ add ? "addInterface" : "changeZone",
+ add_or_change_cb,
info,
(GDestroyNotify) cb_info_free,
10000, /* timeout */
diff --git a/src/firewall-manager/nm-firewall-manager.h b/src/firewall-manager/nm-firewall-manager.h
index ffc6a30..113b78e 100644
--- a/src/firewall-manager/nm-firewall-manager.h
+++ b/src/firewall-manager/nm-firewall-manager.h
@@ -60,12 +60,13 @@ typedef void (*FwAddToZoneFunc) (GError *error,
gpointer user_data1,
gpointer user_data2);
-gpointer nm_firewall_manager_add_to_zone (NMFirewallManager *mgr,
- const char *iface,
- const char *zone,
- FwAddToZoneFunc callback,
- gpointer user_data1,
- gpointer user_data2);
+gpointer nm_firewall_manager_add_or_change_zone (NMFirewallManager *mgr,
+ const char *iface,
+ const char *zone,
+ gboolean add,
+ FwAddToZoneFunc callback,
+ gpointer user_data1,
+ gpointer user_data2);
gpointer nm_firewall_manager_remove_from_zone (NMFirewallManager *mgr,
const char *iface,
const char *zone);
diff --git a/src/nm-device.c b/src/nm-device.c
index 814a144..648d016 100644
--- a/src/nm-device.c
+++ b/src/nm-device.c
@@ -2777,9 +2777,10 @@ fw_add_to_zone (NMDevice *self, int family)
connection = nm_device_get_connection (self);
g_assert (connection);
s_con = nm_connection_get_setting_connection (connection);
- priv->fw_call = nm_firewall_manager_add_to_zone (priv->fw_manager,
+ priv->fw_call = nm_firewall_manager_add_or_change_zone (priv->fw_manager,
nm_device_get_ip_iface (self),
nm_setting_connection_get_zone (s_con),
+ TRUE,
fw_add_to_zone_cb,
self,
GINT_TO_POINTER (family));
diff --git a/src/nm-policy.c b/src/nm-policy.c
index c13506e..e729562 100644
--- a/src/nm-policy.c
+++ b/src/nm-policy.c
@@ -1291,7 +1291,7 @@ connections_loaded (NMSettings *settings, gpointer user_data)
}
static void
-add_to_zone_cb (GError *error,
+add_or_change_zone_cb (GError *error,
gpointer user_data1,
gpointer user_data2)
{
@@ -1305,23 +1305,25 @@ add_to_zone_cb (GError *error,
}
static void
-inform_firewall_about_zone (NMPolicy *policy, NMConnection *connection)
+firewall_update_zone (NMPolicy *policy, NMConnection *connection)
{
NMSettingConnection *s_con = nm_connection_get_setting_connection (connection);
GSList *iter, *devices;
devices = nm_manager_get_devices (policy->manager);
+ /* find dev with passed connection and change zone its interface belongs to */
for (iter = devices; iter; iter = g_slist_next (iter)) {
NMDevice *dev = NM_DEVICE (iter->data);
if ( (get_device_connection (dev) == connection)
&& (nm_device_get_state (dev) == NM_DEVICE_STATE_ACTIVATED)) {
- nm_firewall_manager_add_to_zone (policy->fw_manager,
- nm_device_get_ip_iface (dev),
- nm_setting_connection_get_zone (s_con),
- add_to_zone_cb,
- g_object_ref (dev),
- NULL);
+ nm_firewall_manager_add_or_change_zone (policy->fw_manager,
+ nm_device_get_ip_iface (dev),
+ nm_setting_connection_get_zone (s_con),
+ FALSE, /* change zone */
+ add_or_change_zone_cb,
+ g_object_ref (dev),
+ NULL);
}
}
}
@@ -1336,18 +1338,20 @@ firewall_started (NMFirewallManager *manager,
GSList *iter, *devices;
devices = nm_manager_get_devices (policy->manager);
+ /* add interface of each device to correct zone */
for (iter = devices; iter; iter = g_slist_next (iter)) {
NMDevice *dev = NM_DEVICE (iter->data);
connection = get_device_connection (dev);
s_con = nm_connection_get_setting_connection (connection);
if (nm_device_get_state (dev) == NM_DEVICE_STATE_ACTIVATED) {
- nm_firewall_manager_add_to_zone (policy->fw_manager,
- nm_device_get_ip_iface (dev),
- nm_setting_connection_get_zone (s_con),
- add_to_zone_cb,
- g_object_ref (dev),
- NULL);
+ nm_firewall_manager_add_or_change_zone (policy->fw_manager,
+ nm_device_get_ip_iface (dev),
+ nm_setting_connection_get_zone (s_con),
+ TRUE, /* add zone */
+ add_or_change_zone_cb,
+ g_object_ref (dev),
+ NULL);
}
}
}
@@ -1359,7 +1363,7 @@ connection_updated (NMSettings *settings,
{
NMPolicy *policy = (NMPolicy *) user_data;
- inform_firewall_about_zone (policy, connection);
+ firewall_update_zone (policy, connection);
/* Reset auto retries back to default since connection was updated */
set_connection_auto_retries (connection, RETRIES_DEFAULT);
--
1.7.7.6
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
