diff options
| author | Thomas Haller <thaller@redhat.com> | 2021-08-02 09:14:10 +0200 |
|---|---|---|
| committer | Thomas Haller <thaller@redhat.com> | 2021-08-06 14:35:35 +0200 |
| commit | 0f100abd851bf36769adaded9b079a925b97a7c6 (patch) | |
| tree | e445d7d400d2e81d3edbe07e149fed54618ba7fb | |
| parent | b2ed02dda984801160ad3fe1d0a1f7973e93c9cc (diff) | |
| download | NetworkManager-0f100abd851bf36769adaded9b079a925b97a7c6.tar.gz | |
firewalld: listen to Reloaded signal and reconfigure firewall zones
During reload, firewalld drops the current runtime configuration.
NetworkManager should listen to that, and reconfigure the zones
that it cares about.
| -rw-r--r-- | src/core/nm-firewalld-manager.c | 48 | ||||
| -rw-r--r-- | src/core/nm-firewalld-manager.h | 6 | ||||
| -rw-r--r-- | src/core/nm-policy.c | 13 |
3 files changed, 55 insertions, 12 deletions
diff --git a/src/core/nm-firewalld-manager.c b/src/core/nm-firewalld-manager.c index ec6fcca5b2..43ab278ad8 100644 --- a/src/core/nm-firewalld-manager.c +++ b/src/core/nm-firewalld-manager.c @@ -15,6 +15,7 @@ #define FIREWALL_DBUS_SERVICE "org.fedoraproject.FirewallD1" #define FIREWALL_DBUS_PATH "/org/fedoraproject/FirewallD1" +#define FIREWALL_DBUS_INTERFACE "org.fedoraproject.FirewallD1" #define FIREWALL_DBUS_INTERFACE_ZONE "org.fedoraproject.FirewallD1.zone" /*****************************************************************************/ @@ -32,6 +33,7 @@ typedef struct { char *name_owner; + guint reloaded_id; guint name_owner_changed_id; bool dbus_inited : 1; @@ -148,9 +150,9 @@ _ops_type_to_string(OpsType ops_type) /*****************************************************************************/ static void -_signal_emit_state_changed(NMFirewalldManager *self, gboolean initialized_now) +_signal_emit_state_changed(NMFirewalldManager *self, NMFirewalldManagerStateChangedType signal_type) { - g_signal_emit(self, signals[STATE_CHANGED], 0, initialized_now); + g_signal_emit(self, signals[STATE_CHANGED], 0, (int) signal_type); } /*****************************************************************************/ @@ -521,8 +523,30 @@ name_owner_changed(NMFirewalldManager *self, const char *owner) } } - if (was_running != now_running || name_owner_changed) - _signal_emit_state_changed(self, just_initied); + if (just_initied) + _signal_emit_state_changed(self, NM_FIREWALLD_MANAGER_STATE_CHANGED_TYPE_INITIALIZED); + else if (was_running != now_running || name_owner_changed) + _signal_emit_state_changed(self, + NM_FIREWALLD_MANAGER_STATE_CHANGED_TYPE_NAME_OWNER_CHANGED); +} + +static void +reloaded_cb(GDBusConnection *connection, + const char * sender_name, + const char * object_path, + const char * interface_name, + const char * signal_name, + GVariant * parameters, + gpointer user_data) +{ + NMFirewalldManager * self = user_data; + NMFirewalldManagerPrivate *priv = NM_FIREWALLD_MANAGER_GET_PRIVATE(self); + + if (!nm_streq0(sender_name, priv->name_owner)) + return; + + _LOGT(NULL, "reloaded signal received"); + _signal_emit_state_changed(self, NM_FIREWALLD_MANAGER_STATE_CHANGED_TYPE_RELOADED); } static void @@ -578,6 +602,17 @@ nm_firewalld_manager_init(NMFirewalldManager *self) return; } + priv->reloaded_id = g_dbus_connection_signal_subscribe(priv->dbus_connection, + FIREWALL_DBUS_SERVICE, + FIREWALL_DBUS_INTERFACE, + "Reloaded", + FIREWALL_DBUS_PATH, + NULL, + G_DBUS_SIGNAL_FLAGS_NONE, + reloaded_cb, + self, + NULL); + priv->name_owner_changed_id = nm_dbus_connection_signal_subscribe_name_owner_changed(priv->dbus_connection, FIREWALL_DBUS_SERVICE, @@ -604,6 +639,7 @@ dispose(GObject *object) * we don't expect pending operations at this point. */ nm_assert(c_list_is_empty(&priv->pending_calls)); + nm_clear_g_dbus_connection_signal(priv->dbus_connection, &priv->reloaded_id); nm_clear_g_dbus_connection_signal(priv->dbus_connection, &priv->name_owner_changed_id); nm_clear_g_cancellable(&priv->get_name_owner_cancellable); @@ -626,8 +662,8 @@ nm_firewalld_manager_class_init(NMFirewalldManagerClass *klass) 0, NULL, NULL, - g_cclosure_marshal_VOID__BOOLEAN, + g_cclosure_marshal_VOID__INT, G_TYPE_NONE, 1, - G_TYPE_BOOLEAN /* initialized_now */); + G_TYPE_INT /* signal-type */); } diff --git a/src/core/nm-firewalld-manager.h b/src/core/nm-firewalld-manager.h index febb9bac48..1f76bebaa4 100644 --- a/src/core/nm-firewalld-manager.h +++ b/src/core/nm-firewalld-manager.h @@ -19,6 +19,12 @@ #define NM_FIREWALLD_MANAGER_STATE_CHANGED "state-changed" +typedef enum { + NM_FIREWALLD_MANAGER_STATE_CHANGED_TYPE_INITIALIZED, + NM_FIREWALLD_MANAGER_STATE_CHANGED_TYPE_NAME_OWNER_CHANGED, + NM_FIREWALLD_MANAGER_STATE_CHANGED_TYPE_RELOADED, +} NMFirewalldManagerStateChangedType; + typedef struct _NMFirewalldManagerCallId NMFirewalldManagerCallId; typedef struct _NMFirewalldManager NMFirewalldManager; diff --git a/src/core/nm-policy.c b/src/core/nm-policy.c index bf7c4ef01a..d62a9ed07c 100644 --- a/src/core/nm-policy.c +++ b/src/core/nm-policy.c @@ -2521,14 +2521,15 @@ connection_added(NMSettings *settings, NMSettingsConnection *connection, gpointe } static void -firewall_state_changed(NMFirewalldManager *manager, gboolean initialized_now, gpointer user_data) +firewall_state_changed(NMFirewalldManager *manager, int signal_type_i, gpointer user_data) { - NMPolicy * self = (NMPolicy *) user_data; - NMPolicyPrivate *priv = NM_POLICY_GET_PRIVATE(self); - const CList * tmp_lst; - NMDevice * device; + const NMFirewalldManagerStateChangedType signal_type = signal_type_i; + NMPolicy * self = user_data; + NMPolicyPrivate * priv = NM_POLICY_GET_PRIVATE(self); + const CList * tmp_lst; + NMDevice * device; - if (initialized_now) { + if (signal_type == NM_FIREWALLD_MANAGER_STATE_CHANGED_TYPE_INITIALIZED) { /* the firewall manager was initializing, but all requests * so fare were queued and are already sent. No need to * re-update the firewall zone of the devices. */ |