static int insert_managed_chain(const char *table_name, int id)
{
char *rule, *managed_chain;
int err;
managed_chain = g_strdup_printf("%s%s", CHAIN_PREFIX,
builtin_chains[id]);
err = __connman_iptables_new_chain(table_name, managed_chain);
if (err < 0)
goto out;
rule = g_strdup_printf("-j %s", managed_chain);
err = __connman_iptables_insert(table_name, builtin_chains[id], rule);
g_free(rule);
if (err < 0) {
__connman_iptables_delete_chain(table_name, managed_chain);
goto out;
}
out:
g_free(managed_chain);
return err;
}
static void test_iptables_chain3(void)
{
int err;
err = __connman_iptables_new_chain("filter", "user-chain-0");
g_assert(err == 0);
err = __connman_iptables_commit("filter");
g_assert(err == 0);
assert_rule_exists("filter", ":user-chain-0 - [0:0]");
err = __connman_iptables_new_chain("filter", "user-chain-1");
g_assert(err == 0);
err = __connman_iptables_commit("filter");
g_assert(err == 0);
assert_rule_exists("filter", ":user-chain-0 - [0:0]");
assert_rule_exists("filter", ":user-chain-1 - [0:0]");
err = __connman_iptables_delete_chain("filter", "user-chain-1");
g_assert(err == 0);
err = __connman_iptables_commit("filter");
g_assert(err == 0);
assert_rule_exists("filter", ":user-chain-0 - [0:0]");
assert_rule_not_exists("filter", ":user-chain-1 - [0:0]");
err = __connman_iptables_delete_chain("filter", "user-chain-0");
g_assert(err == 0);
err = __connman_iptables_commit("filter");
g_assert(err == 0);
assert_rule_not_exists("filter", ":user-chain-0 - [0:0]");
}
static void test_iptables_chain0(void)
{
int err;
err = __connman_iptables_new_chain("filter", "foo");
g_assert(err == 0);
err = __connman_iptables_commit("filter");
g_assert(err == 0);
assert_rule_exists("filter", ":foo - [0:0]");
err = __connman_iptables_delete_chain("filter", "foo");
g_assert(err == 0);
err = __connman_iptables_commit("filter");
g_assert(err == 0);
assert_rule_not_exists("filter", ":foo - [0:0]");
}
static void test_iptables_chain1(void)
{
int err;
err = __connman_iptables_new_chain("filter", "foo");
g_assert(err == 0);
err = __connman_iptables_commit("filter");
g_assert(err == 0);
err = __connman_iptables_flush_chain("filter", "foo");
g_assert(err == 0);
err = __connman_iptables_commit("filter");
g_assert(err == 0);
err = __connman_iptables_delete_chain("filter", "foo");
g_assert(err == 0);
err = __connman_iptables_commit("filter");
g_assert(err == 0);
}
int main(int argc, char *argv[])
{
enum iptables_command cmd = IPTABLES_COMMAND_UNKNOWN;
char *table = NULL, *chain = NULL, *rule = NULL, *tmp;
int err, c, i;
opterr = 0;
while ((c = getopt_long(argc, argv,
"-A:I:D:P:N:X:F:Lt:", NULL, NULL)) != -1) {
switch (c) {
case 'A':
chain = optarg;
cmd = IPTABLES_COMMAND_APPEND;
break;
case 'I':
chain = optarg;
cmd = IPTABLES_COMMAND_INSERT;
break;
case 'D':
chain = optarg;
cmd = IPTABLES_COMMAND_DELETE;
break;
case 'P':
chain = optarg;
/* The policy will be stored in rule. */
cmd = IPTABLES_COMMAND_POLICY;
break;
case 'N':
chain = optarg;
cmd = IPTABLES_COMMAND_CHAIN_INSERT;
break;
case 'X':
chain = optarg;
cmd = IPTABLES_COMMAND_CHAIN_DELETE;
break;
case 'F':
chain = optarg;
cmd = IPTABLES_COMMAND_CHAIN_FLUSH;
break;
case 'L':
cmd = IPTABLES_COMMAND_DUMP;
break;
case 't':
table = optarg;
break;
default:
goto out;
}
}
out:
if (table == NULL)
table = "filter";
for (i = optind - 1; i < argc; i++) {
if (rule != NULL) {
tmp = rule;
rule = g_strdup_printf("%s %s", rule, argv[i]);
g_free(tmp);
} else
rule = g_strdup(argv[i]);
}
__connman_iptables_init();
switch (cmd) {
case IPTABLES_COMMAND_APPEND:
err = __connman_iptables_append(table, chain, rule);
break;
case IPTABLES_COMMAND_INSERT:
err = __connman_iptables_insert(table, chain, rule);
break;
case IPTABLES_COMMAND_DELETE:
err = __connman_iptables_delete(table, chain, rule);
break;
case IPTABLES_COMMAND_POLICY:
err = __connman_iptables_change_policy(table, chain, rule);
break;
case IPTABLES_COMMAND_CHAIN_INSERT:
err = __connman_iptables_new_chain(table, chain);
break;
case IPTABLES_COMMAND_CHAIN_DELETE:
err = __connman_iptables_delete_chain(table, chain);
break;
case IPTABLES_COMMAND_CHAIN_FLUSH:
err = __connman_iptables_flush_chain(table, chain);
break;
case IPTABLES_COMMAND_DUMP:
__connman_log_init(argv[0], "*", FALSE, FALSE,
"iptables-test", "1");
err = __connman_iptables_dump(table);
break;
case IPTABLES_COMMAND_UNKNOWN:
printf("Missing command\n");
printf("usage: iptables-test [-t table] {-A|-I|-D} chain rule\n");
printf(" iptables-test [-t table] {-N|-X|-F} chain\n");
printf(" iptables-test [-t table] -L\n");
printf(" iptables-test [-t table] -P chain target\n");
exit(-EINVAL);
}
if (err < 0) {
printf("Error: %s\n", strerror(-err));
exit(err);
}
err = __connman_iptables_commit(table);
if (err < 0) {
printf("Failed to commit changes: %s\n", strerror(-err));
exit(err);
}
g_free(rule);
__connman_iptables_cleanup();
return 0;
}
