2 * Copyright (c) 2016 Samsung Electronics Co., Ltd.
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * This file implements restrictions entity handler methods.
20 * @file table-restrictions.c
24 #include "db-internal.h"
25 #include "table-firewall.h"
27 #define BUF_SIZE_FOR_IP 64
29 /* DELETE statements */
30 #define DELETE_FIREWALL_CHAIN "DELETE FROM fw_chains " \
33 #define DELETE_FIREWALL_RULE "DELETE FROM fw_rules " \
36 #define DELETE_FIREWALL_RULE_PER_CHAIN "DELETE FROM fw_rules " \
39 /* SELECT statements */
40 #define SELECT_FIREWALL_LOCK "SELECT state FROM fw_lock " \
43 #define SELECT_FIREWALL_CHAIN "SELECT chain, " \
44 "target, priority FROM fw_chains"
46 #define SELECT_FIREWALL_RULE "SELECT key, " \
47 "chain, direction, s_ip_type, d_ip_type, s_port_type, " \
48 "d_port_type, protocol, family, s_ip1, s_ip2, d_ip1, d_ip2, " \
49 "s_port1, s_port2, d_port1, d_port2, ifname, target, " \
50 "log_level, log_prefix, " \
51 "nflog_group, nflog_prefix, nflog_range, nflog_threshold, " \
55 #define SELECT_FIREWALL_RULE_PER_CHAIN "SELECT key, " \
56 "chain, direction, s_ip_type, d_ip_type, s_port_type, " \
57 "d_port_type, protocol, family, s_ip1, s_ip2, d_ip1, d_ip2, " \
58 "s_port1, s_port2, d_port1, d_port2, ifname, target, " \
59 "log_level, log_prefix, " \
60 "nflog_group, nflog_prefix, nflog_range, nflog_threshold, " \
62 "FROM fw_rules INDEXED BY rules_index " \
65 /* UPDATE statement */
66 #define UPDATE_FIREWALL_LOCK "UPDATE fw_lock " \
67 "SET state = ? WHERE name = ?"
69 #define UPDATE_FIREWALL_CHAIN "UPDATE fw_chains " \
70 "SET target = ?, priority = ? " \
73 #define UPDATE_FIREWALL_RULE "UPDATE fw_rules " \
74 "SET chain = ?, direction = ?, s_ip_type = ?, d_ip_type = ?, " \
75 "s_port_type = ?, d_port_type = ?, protocol = ?, family = ?, " \
76 "s_ip1 = ?, s_ip2 = ?, d_ip1 = ?, d_ip2 = ?, s_port1 = ?, " \
77 "s_port2 = ?, d_port1 = ?, d_port2 = ?, ifname = ?, target = ?, " \
78 "log_level = ?, log_prefix = ?, " \
79 "nflog_group = ?, nflog_prefix = ?, nflog_range = ?, nflog_threshold = ?, " \
80 "identifier = ?, key = ? " \
83 /* INSERT statement */
84 #define INSERT_FIREWALL_LOCK "INSERT INTO fw_lock " \
85 "(name, state) VALUES (?, ?)"
87 #define INSERT_FIREWALL_CHAIN "INSERT INTO fw_chains " \
88 "(chain, target, priority) " \
91 #define INSERT_FIREWALL_RULE "INSERT INTO fw_rules " \
92 "(key, chain, direction, s_ip_type, d_ip_type, s_port_type, " \
93 "d_port_type, protocol, family, s_ip1, s_ip2, d_ip1, d_ip2, " \
94 "s_port1, s_port2, d_port1, d_port2, ifname, target, " \
95 "log_level, log_prefix, " \
96 "nflog_group, nflog_prefix, nflog_range, nflog_threshold, " \
98 "VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, " \
99 "?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"
101 static void __finalize_delete(void);
103 #define PREPARE_DELETE(stm, query) do { \
104 rc = sqlite3_prepare_v2(db, query, -1, &stm, NULL); \
105 if (rc != SQLITE_OK) { \
107 __finalize_delete(); \
108 STC_LOGE("Failed to prepare \"%s\" query" \
114 static void __finalize_select(void);
116 #define PREPARE_SELECT(stm, query) do { \
117 rc = sqlite3_prepare_v2(db, query, -1, &stm, NULL); \
118 if (rc != SQLITE_OK) { \
120 __finalize_select(); \
121 STC_LOGE("Failed to prepare \"%s\" query" \
127 static void __finalize_update(void);
129 #define PREPARE_UPDATE(stm, query) do { \
130 rc = sqlite3_prepare_v2(db, query, -1, &stm, NULL); \
131 if (rc != SQLITE_OK) { \
133 __finalize_update(); \
134 STC_LOGE("Failed to prepare \"%s\" query" \
140 static void __finalize_insert(void);
142 #define PREPARE_INSERT(stm, query) do { \
143 rc = sqlite3_prepare_v2(db, query, -1, &stm, NULL); \
144 if (rc != SQLITE_OK) { \
146 __finalize_insert(); \
147 STC_LOGE("Failed to prepare \"%s\" query" \
153 #define FINALIZE(stm) do { \
155 sqlite3_finalize(stm); \
160 /* DELETE statements */
161 static sqlite3_stmt *delete_fw_chain;
162 static sqlite3_stmt *delete_fw_rule;
163 static sqlite3_stmt *delete_fw_rule_per_chain;
165 /* SELECT statements */
166 static sqlite3_stmt *select_fw_lock;
167 static sqlite3_stmt *select_fw_chain;
168 static sqlite3_stmt *select_fw_rule;
169 static sqlite3_stmt *select_fw_rule_per_chain;
171 /* UPDATE statements */
172 static sqlite3_stmt *update_fw_lock;
173 static sqlite3_stmt *update_fw_chain;
174 static sqlite3_stmt *update_fw_rule;
176 /* INSERT statements */
177 static sqlite3_stmt *insert_fw_lock;
178 static sqlite3_stmt *insert_fw_chain;
179 static sqlite3_stmt *insert_fw_rule;
181 static int __prepare_delete(sqlite3 *db)
183 __STC_LOG_FUNC_ENTER__;
185 static int initialized;
188 __STC_LOG_FUNC_EXIT__;
192 PREPARE_DELETE(delete_fw_chain, DELETE_FIREWALL_CHAIN);
193 PREPARE_DELETE(delete_fw_rule, DELETE_FIREWALL_RULE);
194 PREPARE_DELETE(delete_fw_rule_per_chain, DELETE_FIREWALL_RULE_PER_CHAIN);
197 __STC_LOG_FUNC_EXIT__;
201 static void __finalize_delete(void)
203 __STC_LOG_FUNC_ENTER__;
205 FINALIZE(delete_fw_chain);
206 FINALIZE(delete_fw_rule);
207 FINALIZE(delete_fw_rule_per_chain);
209 __STC_LOG_FUNC_EXIT__;
212 static int __prepare_select(sqlite3 *db)
214 __STC_LOG_FUNC_ENTER__;
216 static int initialized;
219 __STC_LOG_FUNC_EXIT__;
223 PREPARE_SELECT(select_fw_lock, SELECT_FIREWALL_LOCK);
224 PREPARE_SELECT(select_fw_chain, SELECT_FIREWALL_CHAIN);
225 PREPARE_SELECT(select_fw_rule, SELECT_FIREWALL_RULE);
226 PREPARE_SELECT(select_fw_rule_per_chain, SELECT_FIREWALL_RULE_PER_CHAIN);
229 __STC_LOG_FUNC_EXIT__;
233 static void __finalize_select(void)
235 __STC_LOG_FUNC_ENTER__;
237 FINALIZE(select_fw_lock);
238 FINALIZE(select_fw_chain);
239 FINALIZE(select_fw_rule);
240 FINALIZE(select_fw_rule_per_chain);
242 __STC_LOG_FUNC_EXIT__;
245 static int __prepare_update(sqlite3 *db)
247 __STC_LOG_FUNC_ENTER__;
249 static int initialized;
252 __STC_LOG_FUNC_EXIT__;
256 PREPARE_UPDATE(update_fw_lock, UPDATE_FIREWALL_LOCK);
257 PREPARE_UPDATE(update_fw_chain, UPDATE_FIREWALL_CHAIN);
258 PREPARE_UPDATE(update_fw_rule, UPDATE_FIREWALL_RULE);
261 __STC_LOG_FUNC_EXIT__;
265 static void __finalize_update(void)
267 __STC_LOG_FUNC_ENTER__;
269 FINALIZE(update_fw_lock);
270 FINALIZE(update_fw_chain);
271 FINALIZE(update_fw_rule);
273 __STC_LOG_FUNC_EXIT__;
276 static int __prepare_insert(sqlite3 *db)
278 __STC_LOG_FUNC_ENTER__;
280 static int initialized;
283 __STC_LOG_FUNC_EXIT__;
287 PREPARE_INSERT(insert_fw_lock, INSERT_FIREWALL_LOCK);
288 PREPARE_INSERT(insert_fw_chain, INSERT_FIREWALL_CHAIN);
289 PREPARE_INSERT(insert_fw_rule, INSERT_FIREWALL_RULE);
292 __STC_LOG_FUNC_EXIT__;
296 static void __finalize_insert(void)
298 __STC_LOG_FUNC_ENTER__;
300 FINALIZE(insert_fw_lock);
301 FINALIZE(insert_fw_chain);
302 FINALIZE(insert_fw_rule);
304 __STC_LOG_FUNC_EXIT__;
307 API stc_error_e table_firewall_insert_lock(char *name, int state)
309 stc_error_e error_code = STC_ERROR_NONE;
310 sqlite3_stmt *stmt = insert_fw_lock;
312 DB_ACTION(sqlite3_bind_text(stmt, 1, name ? name : "",
313 -1, SQLITE_TRANSIENT));
314 DB_ACTION(sqlite3_bind_int(stmt, 2, state));
316 if (sqlite3_step(stmt) != SQLITE_DONE) {
317 STC_LOGE("Failed to insert firewall lock state: %s\n",
318 sqlite3_errmsg(stc_db_get_database()));
320 error_code = STC_ERROR_DB_FAILED;
324 STC_LOGD("Firewall lock state inserted [%d]", state);
331 API stc_error_e table_firewall_update_lock(char *name, int state)
333 stc_error_e error_code = STC_ERROR_NONE;
334 sqlite3_stmt *stmt = update_fw_lock;
336 DB_ACTION(sqlite3_bind_int(stmt, 1, state));
337 DB_ACTION(sqlite3_bind_text(stmt, 2, name ? name : "",
338 -1, SQLITE_TRANSIENT));
340 if (sqlite3_step(stmt) != SQLITE_DONE) {
341 STC_LOGE("Failed to update firewall lock state: %s\n",
342 sqlite3_errmsg(stc_db_get_database()));
344 error_code = STC_ERROR_DB_FAILED;
348 STC_LOGD("Firewall lock state updated [%d]", state);
355 API stc_error_e table_firewall_get_lock(char *name, int *state)
358 stc_error_e error_code = STC_ERROR_NONE;
359 sqlite3_stmt *stmt = select_fw_lock;
362 return STC_ERROR_DB_FAILED;
364 DB_ACTION(sqlite3_bind_text(stmt, 1, name,
365 -1, SQLITE_TRANSIENT));
367 rc = sqlite3_step(stmt);
371 STC_LOGD("There is no lock state [%s]", name);
372 error_code = STC_ERROR_NO_DATA;
375 *state = sqlite3_column_int(stmt, 0);
379 STC_LOGE("Failed to get firewall lock state: %s\n",
380 sqlite3_errmsg(stc_db_get_database()));
382 error_code = STC_ERROR_DB_FAILED;
386 STC_LOGD("Firewall lock state [%d]", *state);
393 API stc_error_e table_firewall_insert_chain(firewall_chain_s *info)
395 stc_error_e error_code = STC_ERROR_NONE;
396 sqlite3_stmt *stmt = insert_fw_chain;
399 error_code = STC_ERROR_INVALID_PARAMETER;
403 DB_ACTION(sqlite3_bind_text(stmt, 1, info->chain ? info->chain : "",
404 -1, SQLITE_TRANSIENT));
405 DB_ACTION(sqlite3_bind_int(stmt, 2, info->target));
406 DB_ACTION(sqlite3_bind_int(stmt, 3, info->priority));
408 if (sqlite3_step(stmt) != SQLITE_DONE) {
409 STC_LOGE("Failed to insert firewall chain: %s\n",
410 sqlite3_errmsg(stc_db_get_database()));
411 error_code = STC_ERROR_DB_FAILED;
415 STC_LOGD("Firewall chain inserted [%s]", info->chain);
422 API stc_error_e table_firewall_delete_chain(firewall_chain_s *info)
424 stc_error_e error_code = STC_ERROR_NONE;
425 sqlite3_stmt *stmt = delete_fw_chain;
428 error_code = STC_ERROR_INVALID_PARAMETER;
432 DB_ACTION(sqlite3_bind_text(stmt, 1, info->chain ? info->chain : "",
433 -1, SQLITE_TRANSIENT));
435 if (sqlite3_step(stmt) != SQLITE_DONE) {
436 STC_LOGE("Failed to delete firewall chain %s\n",
437 sqlite3_errmsg(stc_db_get_database()));
438 error_code = STC_ERROR_DB_FAILED;
442 STC_LOGD("Firewall chain deleted [%s]", info->chain);
450 API stc_error_e table_firewall_flush_chain(firewall_chain_s *info)
452 stc_error_e error_code = STC_ERROR_NONE;
453 sqlite3_stmt *stmt = delete_fw_rule_per_chain;
456 error_code = STC_ERROR_INVALID_PARAMETER;
460 DB_ACTION(sqlite3_bind_text(stmt, 1, info->chain ? info->chain : "",
461 -1, SQLITE_TRANSIENT));
463 if (sqlite3_step(stmt) != SQLITE_DONE) {
464 STC_LOGE("Failed to flush firewall chain %s\n",
465 sqlite3_errmsg(stc_db_get_database()));
466 error_code = STC_ERROR_DB_FAILED;
470 STC_LOGD("Firewall chain flushed [%s]", info->chain);
478 API stc_error_e table_firewall_update_chain(firewall_chain_s *info)
480 stc_error_e error_code = STC_ERROR_NONE;
481 sqlite3_stmt *stmt = update_fw_chain;
484 error_code = STC_ERROR_INVALID_PARAMETER;
488 DB_ACTION(sqlite3_bind_int(stmt, 1, info->target));
489 DB_ACTION(sqlite3_bind_int(stmt, 2, info->priority));
490 DB_ACTION(sqlite3_bind_text(stmt, 3, info->chain ? info->chain : "",
491 -1, SQLITE_TRANSIENT));
493 if (sqlite3_step(stmt) != SQLITE_DONE) {
494 STC_LOGE("Failed to update firewall chain: %s\n",
495 sqlite3_errmsg(stc_db_get_database()));
496 error_code = STC_ERROR_DB_FAILED;
500 STC_LOGD("Firewall chain updated [%s]", info->chain);
507 API stc_error_e table_firewall_foreach_chain(firewall_chain_cb info_cb,
510 firewall_chain_s info;
512 stc_error_e error_code = STC_ERROR_NONE;
513 sqlite3_stmt *stmt = select_fw_chain;
516 rc = sqlite3_step(stmt);
518 memset(&info, 0, sizeof(info));
524 info.chain = (char *)sqlite3_column_text(stmt, 0);
525 info.target = sqlite3_column_int(stmt, 1);
526 info.priority = sqlite3_column_int(stmt, 2);
528 if (info_cb(&info, user_data) == STC_CANCEL)
533 STC_LOGE("Failed to enumerate firewall chains: %s\n",
534 sqlite3_errmsg(stc_db_get_database()));
536 error_code = STC_ERROR_DB_FAILED;
538 } while (rc == SQLITE_ROW);
544 API stc_error_e table_firewall_insert_rule(firewall_rule_s *info)
546 stc_error_e error_code = STC_ERROR_NONE;
547 char buf[BUF_SIZE_FOR_IP];
548 sqlite3_stmt *stmt = insert_fw_rule;
551 error_code = STC_ERROR_INVALID_PARAMETER;
555 DB_ACTION(sqlite3_bind_int64(stmt, 1, info->key));
556 DB_ACTION(sqlite3_bind_text(stmt, 2, info->chain ? info->chain : "",
557 -1, SQLITE_TRANSIENT));
558 DB_ACTION(sqlite3_bind_int(stmt, 3, info->direction));
559 DB_ACTION(sqlite3_bind_int(stmt, 4, info->s_ip_type));
560 DB_ACTION(sqlite3_bind_int(stmt, 5, info->d_ip_type));
561 DB_ACTION(sqlite3_bind_int(stmt, 6, info->s_port_type));
562 DB_ACTION(sqlite3_bind_int(stmt, 7, info->d_port_type));
563 DB_ACTION(sqlite3_bind_int(stmt, 8, info->protocol));
564 DB_ACTION(sqlite3_bind_int(stmt, 9, info->family));
565 if (info->family == STC_FW_FAMILY_V4) {
566 memset(buf, 0, sizeof(buf));
567 snprintf(buf, sizeof(buf), "%08x", info->s_ip1.Ipv4.s_addr);
568 DB_ACTION(sqlite3_bind_text(stmt, 10, buf, -1, SQLITE_TRANSIENT));
570 memset(buf, 0, sizeof(buf));
571 snprintf(buf, sizeof(buf), "%08x", info->s_ip2.Ipv4.s_addr);
572 DB_ACTION(sqlite3_bind_text(stmt, 11, buf, -1, SQLITE_TRANSIENT));
574 memset(buf, 0, sizeof(buf));
575 snprintf(buf, sizeof(buf), "%08x", info->d_ip1.Ipv4.s_addr);
576 DB_ACTION(sqlite3_bind_text(stmt, 12, buf, -1, SQLITE_TRANSIENT));
578 memset(buf, 0, sizeof(buf));
579 snprintf(buf, sizeof(buf), "%08x", info->d_ip2.Ipv4.s_addr);
580 DB_ACTION(sqlite3_bind_text(stmt, 13, buf, -1, SQLITE_TRANSIENT));
581 } else if (info->family == STC_FW_FAMILY_V6) {
582 memset(buf, 0, sizeof(buf));
583 snprintf(buf, sizeof(buf), "%08x:%08x:%08x:%08x",
584 info->s_ip1.Ipv6.s6_addr32[0], info->s_ip1.Ipv6.s6_addr32[1],
585 info->s_ip1.Ipv6.s6_addr32[2], info->s_ip1.Ipv6.s6_addr32[3]);
586 DB_ACTION(sqlite3_bind_text(stmt, 10, buf, -1, SQLITE_TRANSIENT));
588 memset(buf, 0, sizeof(buf));
589 snprintf(buf, sizeof(buf), "%08x:%08x:%08x:%08x",
590 info->s_ip2.Ipv6.s6_addr32[0], info->s_ip2.Ipv6.s6_addr32[1],
591 info->s_ip2.Ipv6.s6_addr32[2], info->s_ip2.Ipv6.s6_addr32[3]);
592 DB_ACTION(sqlite3_bind_text(stmt, 11, buf, -1, SQLITE_TRANSIENT));
594 memset(buf, 0, sizeof(buf));
595 snprintf(buf, sizeof(buf), "%08x:%08x:%08x:%08x",
596 info->d_ip1.Ipv6.s6_addr32[0], info->d_ip1.Ipv6.s6_addr32[1],
597 info->d_ip1.Ipv6.s6_addr32[2], info->d_ip1.Ipv6.s6_addr32[3]);
598 DB_ACTION(sqlite3_bind_text(stmt, 12, buf, -1, SQLITE_TRANSIENT));
600 memset(buf, 0, sizeof(buf));
601 snprintf(buf, sizeof(buf), "%08x:%08x:%08x:%08x",
602 info->d_ip2.Ipv6.s6_addr32[0], info->d_ip2.Ipv6.s6_addr32[1],
603 info->d_ip2.Ipv6.s6_addr32[2], info->d_ip2.Ipv6.s6_addr32[3]);
604 DB_ACTION(sqlite3_bind_text(stmt, 13, buf, -1, SQLITE_TRANSIENT));
606 DB_ACTION(sqlite3_bind_text(stmt, 10, "", -1, SQLITE_TRANSIENT));
607 DB_ACTION(sqlite3_bind_text(stmt, 11, "", -1, SQLITE_TRANSIENT));
608 DB_ACTION(sqlite3_bind_text(stmt, 12, "", -1, SQLITE_TRANSIENT));
609 DB_ACTION(sqlite3_bind_text(stmt, 13, "", -1, SQLITE_TRANSIENT));
611 DB_ACTION(sqlite3_bind_int(stmt, 14, info->s_port1));
612 DB_ACTION(sqlite3_bind_int(stmt, 15, info->s_port2));
613 DB_ACTION(sqlite3_bind_int(stmt, 16, info->d_port1));
614 DB_ACTION(sqlite3_bind_int(stmt, 17, info->d_port2));
615 DB_ACTION(sqlite3_bind_text(stmt, 18, info->ifname ? info->ifname : "",
616 -1, SQLITE_TRANSIENT));
617 DB_ACTION(sqlite3_bind_int(stmt, 19, info->target));
618 DB_ACTION(sqlite3_bind_int(stmt, 20, info->log_level));
619 DB_ACTION(sqlite3_bind_text(stmt, 21, info->log_prefix ? info->log_prefix : "",
620 -1, SQLITE_TRANSIENT));
621 DB_ACTION(sqlite3_bind_int(stmt, 22, info->nflog_group));
622 DB_ACTION(sqlite3_bind_text(stmt, 23, info->nflog_prefix ? info->nflog_prefix : "",
623 -1, SQLITE_TRANSIENT));
624 DB_ACTION(sqlite3_bind_int(stmt, 24, info->nflog_range));
625 DB_ACTION(sqlite3_bind_int(stmt, 25, info->nflog_threshold));
626 DB_ACTION(sqlite3_bind_text(stmt, 26, info->identifier ? info->identifier : "",
627 -1, SQLITE_TRANSIENT));
629 if (sqlite3_step(stmt) != SQLITE_DONE) {
630 STC_LOGE("Failed to insert firewall rule: %s\n",
631 sqlite3_errmsg(stc_db_get_database()));
632 error_code = STC_ERROR_DB_FAILED;
636 STC_LOGD("Firewall rule inserted [%s]", info->chain);
643 API stc_error_e table_firewall_delete_rule(firewall_rule_s *info)
645 stc_error_e error_code = STC_ERROR_NONE;
646 sqlite3_stmt *stmt = delete_fw_rule;
649 error_code = STC_ERROR_INVALID_PARAMETER;
653 DB_ACTION(sqlite3_bind_int64(stmt, 1, info->key));
655 if (sqlite3_step(stmt) != SQLITE_DONE) {
656 STC_LOGE("Failed to delete firewall rule %s\n",
657 sqlite3_errmsg(stc_db_get_database()));
658 error_code = STC_ERROR_DB_FAILED;
662 STC_LOGD("Firewall rule deleted [%s]", info->chain);
670 API stc_error_e table_firewall_update_rule(firewall_rule_s *info, guint key)
672 stc_error_e error_code = STC_ERROR_NONE;
673 char buf[BUF_SIZE_FOR_IP];
674 sqlite3_stmt *stmt = update_fw_rule;
677 error_code = STC_ERROR_INVALID_PARAMETER;
681 DB_ACTION(sqlite3_bind_text(stmt, 1, info->chain ? info->chain : "",
682 -1, SQLITE_TRANSIENT));
683 DB_ACTION(sqlite3_bind_int(stmt, 2, info->direction));
684 DB_ACTION(sqlite3_bind_int(stmt, 3, info->s_ip_type));
685 DB_ACTION(sqlite3_bind_int(stmt, 4, info->d_ip_type));
686 DB_ACTION(sqlite3_bind_int(stmt, 5, info->s_port_type));
687 DB_ACTION(sqlite3_bind_int(stmt, 6, info->d_port_type));
688 DB_ACTION(sqlite3_bind_int(stmt, 7, info->protocol));
689 DB_ACTION(sqlite3_bind_int(stmt, 8, info->family));
690 if (info->family == STC_FW_FAMILY_V4) {
691 memset(buf, 0, sizeof(buf));
692 snprintf(buf, sizeof(buf), "%08x", info->s_ip1.Ipv4.s_addr);
693 DB_ACTION(sqlite3_bind_text(stmt, 9, buf, -1, SQLITE_TRANSIENT));
695 memset(buf, 0, sizeof(buf));
696 snprintf(buf, sizeof(buf), "%08x", info->s_ip2.Ipv4.s_addr);
697 DB_ACTION(sqlite3_bind_text(stmt, 10, buf, -1, SQLITE_TRANSIENT));
699 memset(buf, 0, sizeof(buf));
700 snprintf(buf, sizeof(buf), "%08x", info->d_ip1.Ipv4.s_addr);
701 DB_ACTION(sqlite3_bind_text(stmt, 11, buf, -1, SQLITE_TRANSIENT));
703 memset(buf, 0, sizeof(buf));
704 snprintf(buf, sizeof(buf), "%08x", info->d_ip2.Ipv4.s_addr);
705 DB_ACTION(sqlite3_bind_text(stmt, 12, buf, -1, SQLITE_TRANSIENT));
706 } else if (info->family == STC_FW_FAMILY_V6) {
707 memset(buf, 0, sizeof(buf));
708 snprintf(buf, sizeof(buf), "%08x:%08x:%08x:%08x",
709 info->s_ip1.Ipv6.s6_addr32[0], info->s_ip1.Ipv6.s6_addr32[1],
710 info->s_ip1.Ipv6.s6_addr32[2], info->s_ip1.Ipv6.s6_addr32[3]);
711 DB_ACTION(sqlite3_bind_text(stmt, 9, buf, -1, SQLITE_TRANSIENT));
713 memset(buf, 0, sizeof(buf));
714 snprintf(buf, sizeof(buf), "%08x:%08x:%08x:%08x",
715 info->s_ip2.Ipv6.s6_addr32[0], info->s_ip2.Ipv6.s6_addr32[1],
716 info->s_ip2.Ipv6.s6_addr32[2], info->s_ip2.Ipv6.s6_addr32[3]);
717 DB_ACTION(sqlite3_bind_text(stmt, 10, buf, -1, SQLITE_TRANSIENT));
719 memset(buf, 0, sizeof(buf));
720 snprintf(buf, sizeof(buf), "%08x:%08x:%08x:%08x",
721 info->d_ip1.Ipv6.s6_addr32[0], info->d_ip1.Ipv6.s6_addr32[1],
722 info->d_ip1.Ipv6.s6_addr32[2], info->d_ip1.Ipv6.s6_addr32[3]);
723 DB_ACTION(sqlite3_bind_text(stmt, 11, buf, -1, SQLITE_TRANSIENT));
725 memset(buf, 0, sizeof(buf));
726 snprintf(buf, sizeof(buf), "%08x:%08x:%08x:%08x",
727 info->d_ip2.Ipv6.s6_addr32[0], info->d_ip2.Ipv6.s6_addr32[1],
728 info->d_ip2.Ipv6.s6_addr32[2], info->d_ip2.Ipv6.s6_addr32[3]);
729 DB_ACTION(sqlite3_bind_text(stmt, 12, buf, -1, SQLITE_TRANSIENT));
731 DB_ACTION(sqlite3_bind_text(stmt, 9, "", -1, SQLITE_TRANSIENT));
732 DB_ACTION(sqlite3_bind_text(stmt, 10, "", -1, SQLITE_TRANSIENT));
733 DB_ACTION(sqlite3_bind_text(stmt, 11, "", -1, SQLITE_TRANSIENT));
734 DB_ACTION(sqlite3_bind_text(stmt, 12, "", -1, SQLITE_TRANSIENT));
736 DB_ACTION(sqlite3_bind_int(stmt, 13, info->s_port1));
737 DB_ACTION(sqlite3_bind_int(stmt, 14, info->s_port2));
738 DB_ACTION(sqlite3_bind_int(stmt, 15, info->d_port1));
739 DB_ACTION(sqlite3_bind_int(stmt, 16, info->d_port2));
740 DB_ACTION(sqlite3_bind_text(stmt, 17, info->ifname ? info->ifname : "",
741 -1, SQLITE_TRANSIENT));
742 DB_ACTION(sqlite3_bind_int(stmt, 18, info->target));
743 DB_ACTION(sqlite3_bind_int(stmt, 19, info->log_level));
744 DB_ACTION(sqlite3_bind_text(stmt, 20, info->log_prefix ? info->log_prefix : "",
745 -1, SQLITE_TRANSIENT));
746 DB_ACTION(sqlite3_bind_int(stmt, 21, info->nflog_group));
747 DB_ACTION(sqlite3_bind_text(stmt, 22, info->nflog_prefix ? info->nflog_prefix : "",
748 -1, SQLITE_TRANSIENT));
749 DB_ACTION(sqlite3_bind_int(stmt, 23, info->nflog_range));
750 DB_ACTION(sqlite3_bind_int(stmt, 24, info->nflog_threshold));
751 DB_ACTION(sqlite3_bind_text(stmt, 25, info->identifier ? info->identifier : "",
752 -1, SQLITE_TRANSIENT));
753 DB_ACTION(sqlite3_bind_int64(stmt, 26, info->key));
754 DB_ACTION(sqlite3_bind_int64(stmt, 27, key));
756 if (sqlite3_step(stmt) != SQLITE_DONE) {
757 STC_LOGE("Failed to update firewall rule %s\n",
758 sqlite3_errmsg(stc_db_get_database()));
759 error_code = STC_ERROR_DB_FAILED;
763 STC_LOGD("Firewall rule updated [%s]", info->chain);
771 API stc_error_e table_firewall_foreach_rule(firewall_rule_cb info_cb,
774 firewall_rule_s info;
776 stc_error_e error_code = STC_ERROR_NONE;
777 sqlite3_stmt *stmt = select_fw_rule;
780 rc = sqlite3_step(stmt);
782 memset(&info, 0, sizeof(info));
788 info.key = sqlite3_column_int64(stmt, 0);
789 info.chain = (char *)sqlite3_column_text(stmt, 1);
790 info.direction = sqlite3_column_int(stmt, 2);
791 info.s_ip_type = sqlite3_column_int(stmt, 3);
792 info.d_ip_type = sqlite3_column_int(stmt, 4);
793 info.s_port_type = sqlite3_column_int(stmt, 5);
794 info.d_port_type = sqlite3_column_int(stmt, 6);
795 info.protocol = sqlite3_column_int(stmt, 7);
796 info.family = sqlite3_column_int(stmt, 8);
797 if (info.family == STC_FW_FAMILY_V4) {
798 sscanf((char *)sqlite3_column_text(stmt, 9), "%08x",
799 &(info.s_ip1.Ipv4.s_addr));
800 sscanf((char *)sqlite3_column_text(stmt, 10), "%08x",
801 &(info.s_ip2.Ipv4.s_addr));
802 sscanf((char *)sqlite3_column_text(stmt, 11), "%08x",
803 &(info.d_ip1.Ipv4.s_addr));
804 sscanf((char *)sqlite3_column_text(stmt, 12), "%08x",
805 &(info.d_ip2.Ipv4.s_addr));
806 } else if (info.family == STC_FW_FAMILY_V6) {
807 sscanf((char *)sqlite3_column_text(stmt, 9), "%08x:%08x:%08x:%08x",
808 &(info.s_ip1.Ipv6.s6_addr32[0]), &(info.s_ip1.Ipv6.s6_addr32[1]),
809 &(info.s_ip1.Ipv6.s6_addr32[2]), &(info.s_ip1.Ipv6.s6_addr32[3]));
810 sscanf((char *)sqlite3_column_text(stmt, 10), "%08x:%08x:%08x:%08x",
811 &(info.s_ip2.Ipv6.s6_addr32[0]), &(info.s_ip2.Ipv6.s6_addr32[1]),
812 &(info.s_ip2.Ipv6.s6_addr32[2]), &(info.s_ip2.Ipv6.s6_addr32[3]));
813 sscanf((char *)sqlite3_column_text(stmt, 11), "%08x:%08x:%08x:%08x",
814 &(info.d_ip1.Ipv6.s6_addr32[0]), &(info.d_ip1.Ipv6.s6_addr32[1]),
815 &(info.d_ip1.Ipv6.s6_addr32[2]), &(info.d_ip1.Ipv6.s6_addr32[3]));
816 sscanf((char *)sqlite3_column_text(stmt, 12), "%08x:%08x:%08x:%08x",
817 &(info.d_ip2.Ipv6.s6_addr32[0]), &(info.d_ip2.Ipv6.s6_addr32[1]),
818 &(info.d_ip2.Ipv6.s6_addr32[2]), &(info.d_ip2.Ipv6.s6_addr32[3]));
820 info.s_port1 = sqlite3_column_int(stmt, 13);
821 info.s_port2 = sqlite3_column_int(stmt, 14);
822 info.d_port1 = sqlite3_column_int(stmt, 15);
823 info.d_port2 = sqlite3_column_int(stmt, 16);
824 info.ifname = (char *)sqlite3_column_text(stmt, 17);
825 info.target = sqlite3_column_int(stmt, 18);
826 info.log_level = sqlite3_column_int(stmt, 19);
827 info.log_prefix = (char *)sqlite3_column_text(stmt, 20);
828 info.nflog_group = sqlite3_column_int(stmt, 21);
829 info.nflog_prefix = (char *)sqlite3_column_text(stmt, 22);
830 info.nflog_range = sqlite3_column_int(stmt, 23);
831 info.nflog_threshold = sqlite3_column_int(stmt, 24);
832 info.identifier = (char *)sqlite3_column_text(stmt, 25);
834 if (info_cb(&info, user_data) == STC_CANCEL)
839 STC_LOGE("Failed to enumerate firewall rules: %s\n",
840 sqlite3_errmsg(stc_db_get_database()));
842 error_code = STC_ERROR_DB_FAILED;
844 } while (rc == SQLITE_ROW);
850 stc_error_e table_firewall_prepare(sqlite3 *db)
852 __STC_LOG_FUNC_ENTER__;
854 stc_error_e error_code = STC_ERROR_NONE;
857 __STC_LOG_FUNC_EXIT__;
858 return STC_ERROR_FAIL;
861 DB_ACTION(__prepare_delete(db));
862 DB_ACTION(__prepare_select(db));
863 DB_ACTION(__prepare_update(db));
864 DB_ACTION(__prepare_insert(db));
868 __STC_LOG_FUNC_EXIT__;
872 void table_firewall_finalize(void)
874 __STC_LOG_FUNC_ENTER__;
879 __STC_LOG_FUNC_EXIT__;