Fix and update serviceclass

  * XML-RPC server correctly parsing the class-of-service parameter.
  * Update firewall script to fix the rules of service class support
    do not work as expect.
  * Fix serviceclass task which segfault on stop session.

src/rh-task-serviceclass.c

@@ -182,6 +182,13 @@ static int startsess (struct vserver *vs, struct task_req *req)
                          idtoip(vs->v_map, req->id),
                          req->serviceclass_name);
 
+  if (member->serviceclass_name != NULL &&
+        member->serviceclass_name != termstring) {
+    free (member->serviceclass_name);
+    member->serviceclass_name    = NULL;
+    member->serviceclass_slot_id = 0;
+  }
+
   return 0;
 }
 
@@ -196,15 +203,15 @@ static int stopsess  (struct vserver *vs, struct task_req *req)
   GList *member_node = NULL;
   struct rahunas_member *member = NULL;
 
-  if (req->serviceclass_name == NULL)
-    return 0;
-
   member_node = member_get_node_by_id(vs, req->id);
   if (member_node == NULL)
     return (-1);
 
   member = (struct rahunas_member *) member_node->data;
 
+  if (member->serviceclass_name == NULL)
+    return 0;
+
   sc = serviceclass_exists(vs->main_server->serviceclass_list, -1,
                            member->serviceclass_name);
 

src/rh-xmlrpc-server.c

@@ -103,6 +103,9 @@ int do_startsession(GNetXmlRpcServer *server,
   else
     req.bandwidth_max_up = 0;
 
+  req.serviceclass_name    = serviceclass_name;
+  req.serviceclass_slot_id = 0;
+
   rh_task_startsess(vs, &req);
   member_node = member_get_node_by_id(vs, id);
 

tools/rahunas-firewall.in

@@ -18,6 +18,7 @@ RUN=@localstatedir@/run/rahunas-firewall
 RUNDIR=@localstatedir@/run/rahunas-set
 VSERVER_LIST=@localstatedir@/run/rahunas-vserver
 MAIN_EXT_IFACE_LIST=@localstatedir@/run/rahunas_ext_iface_list
+SERVICECLASS_STATE=@localstatedir@/run/rahunas-serviceclass
 
 RUN_DAEMON=no
 
@@ -263,19 +264,42 @@ navigation_rules () {
     action="-D"
   fi
 
-  # INPUT from external
+  # INPUT from external (External Firewall) and Service Class
   if [ "$opt" = "start" ]; then
     for dev in $DEV_EXTERNAL_LIST; do
       # Filter duplicated external interfaces
       if ! cat $MAIN_EXT_IFACE_LIST | grep $dev > /dev/null; then
         echo "$dev" >> $MAIN_EXT_IFACE_LIST
 
         $IPTABLES $action INPUT $DEV_IN_PARAM $dev -j ${NAME}_ext_fw
+
+        if [ "$MAIN_SERVICECLASS" = "yes" ]; then
+          # RAW - Service class
+          $IPTABLES -t raw $action PREROUTING -i $dev \
+            -m set --set rahunas_serviceclass dst \
+            -j RAHURAWDNAT --bind-set rahunas_serviceclass
+
+          $IPTABLES -t rawpost $action POSTROUTING -o $dev\
+            -m set --set rahunas_serviceclass src \
+            -j RAHURAWSNAT --bind-set rahunas_serviceclass
+        fi
       fi
     done
   else #stop
     for dev in `cat $MAIN_EXT_IFACE_LIST`; do
       $IPTABLES $action INPUT $DEV_IN_PARAM $dev -j ${NAME}_ext_fw
+
+      if [ -f $SERVICECLASS_STATE ]; then
+        # RAW - Service class
+        $IPTABLES -t raw $action PREROUTING -i $dev \
+          -m set --set rahunas_serviceclass dst \
+          -j RAHURAWDNAT --bind-set rahunas_serviceclass
+
+        $IPTABLES -t rawpost $action POSTROUTING -o $dev\
+          -m set --set rahunas_serviceclass src \
+          -j RAHURAWSNAT --bind-set rahunas_serviceclass
+      fi
+
       sed -i "/$dev/d" $MAIN_EXT_IFACE_LIST
     done
   fi
@@ -631,6 +655,20 @@ rules () {
   ##
   $IPTABLES -A $CHAIN_FORWARD_AUTH -j ACCEPT
 
+  ##
+  # Bypass the service class clients (do not do conntrack NAT)
+  ##
+  if [ "$MAIN_SERVICECLASS" = "yes" ]; then
+    $IPTABLES -t nat -A $CHAIN_NAT_PREROUTING \
+      -m set --set rahunas_serviceclass src -j ACCEPT
+    $IPTABLES -t nat -A $CHAIN_NAT_PREROUTING \
+      -m set --set rahunas_serviceclass dst -j ACCEPT
+    $IPTABLES -t nat -A $CHAIN_NAT_POSTROUTING \
+      -m set --set rahunas_serviceclass src -j ACCEPT
+    $IPTABLES -t nat -A $CHAIN_NAT_POSTROUTING \
+      -m set --set rahunas_serviceclass dst -j ACCEPT
+  fi
+
   ##
   # SQUID Cache-Proxy
   ##
@@ -647,11 +685,6 @@ rules () {
       fi
     fi
 
-    if [ "$MAIN_SERVICECLASS" = "yes" ]; then
-      $IPTABLES -t nat -A $CHAIN_NAT_PREROUTING \
-        -m set --set rahunas_serviceclass src -j ACCEPT
-    fi
-
     if [ "$PROXY" = "transparent" ]; then
       if [ "$PROXY_HOST" = "localhost" ] || [ "$PROXY_HOST" = "127.0.0.1" ]
       then
@@ -724,29 +757,6 @@ serviceclass_set () {
   fi
 }
 
-##
-# Service class rules
-##
-serviceclass_rules () {
-  opt=$1
-  if [ "$opt" = "start" ]; then
-    action="-I"
-  elif [ "$opt" = "stop" ]; then
-    action="-D"
-  fi
-
-  if [ "$MAIN_SERVICECLASS" = "yes" -o "$opt" = "stop" ]; then
-    # RAW - Service class
-    $IPTABLES -t raw $action PREROUTING \
-      -m set --set rahunas_serviceclass src \
-      -j RAHURAWDNAT --bind-set rahunas_serviceclass
-
-    $IPTABLES -t rawpost $action POSTROUTING \
-      -m set --set rahunas_serviceclass dst \
-      -j RAHURAWSNAT --bind-set rahunas_serviceclass
-  fi
-}
-
 do_get_config () {
   file=$1
   opt=$2
@@ -781,8 +791,8 @@ start () {
   policy 
 
   if [ "$MAIN_SERVICECLASS" = "yes" ]; then
+    touch $SERVICECLASS_STATE
     serviceclass_set start
-    serviceclass_rules start
   fi
 
   touch $RUN
@@ -791,8 +801,10 @@ start () {
 stop () {
   test -f $RUN || return 0
 
-  serviceclass_rules stop
-  serviceclass_set cleanup
+  if [ -f $SERVICECLASS_STATE ]; then
+    serviceclass_set cleanup
+    rm -f $SERVICECLASS_STATE
+  fi
 
   cleanup_policy