src/database/tables/table-firewall.c

   1 /*
   2  * Copyright (c) 2016 Samsung Electronics Co., Ltd.
   3  *
   4  * Licensed under the Apache License, Version 2.0 (the "License");
   5  * you may not use this file except in compliance with the License.
   6  * You may obtain a copy of the License at
   7  *
   8  * http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  * Unless required by applicable law or agreed to in writing, software
  11  * distributed under the License is distributed on an "AS IS" BASIS,
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  * See the License for the specific language governing permissions and
  14  * limitations under the License.
  15  */
  16
  17 /**
  18  * This file implements restrictions entity handler methods.
  19  *
  20  * @file        table-restrictions.c
  21  */
  22
  23 #include "stc-db.h"
  24 #include "db-internal.h"
  25 #include "table-firewall.h"
  26
  27 #define BUF_SIZE_FOR_IP   64
  28
  29 /* DELETE statements */
  30 #define DELETE_FIREWALL_CHAIN "DELETE FROM fw_chains " \
  31         "WHERE chain = ?"
  32
  33 #define DELETE_FIREWALL_RULE "DELETE FROM fw_rules " \
  34         "WHERE key = ?"
  35
  36 #define DELETE_FIREWALL_RULE_PER_CHAIN "DELETE FROM fw_rules " \
  37         "WHERE chain = ?"
  38
  39 /* SELECT statements */
  40 #define SELECT_FIREWALL_LOCK "SELECT state FROM fw_lock " \
  41         "WHERE name = ?"
  42
  43 #define SELECT_FIREWALL_CHAIN "SELECT chain, " \
  44         "target, priority FROM fw_chains"
  45
  46 #define SELECT_FIREWALL_RULE "SELECT key, " \
  47         "chain, direction, s_ip_type, d_ip_type, s_port_type, " \
  48         "d_port_type, protocol, family, s_ip1, s_ip2, d_ip1, d_ip2, " \
  49         "s_port1, s_port2, d_port1, d_port2, ifname, target, identifier " \
  50         "FROM fw_rules"
  51
  52 #define SELECT_FIREWALL_RULE_PER_CHAIN "SELECT key, " \
  53         "chain, direction, s_ip_type, d_ip_type, s_port_type, " \
  54         "d_port_type, protocol, family, s_ip1, s_ip2, d_ip1, d_ip2, " \
  55         "s_port1, s_port2, d_port1, d_port2, ifname, target, identifier " \
  56         "FROM fw_rules INDEXED BY rules_index " \
  57         "WHERE chain = ?"
  58
  59 /* UPDATE statement */
  60 #define UPDATE_FIREWALL_LOCK "UPDATE fw_lock " \
  61         "SET state = ? WHERE name = ?"
  62
  63 #define UPDATE_FIREWALL_CHAIN "UPDATE fw_chains " \
  64         "SET target = ?, priority = ? " \
  65         "WHERE chain = ?"
  66
  67 #define UPDATE_FIREWALL_RULE "UPDATE fw_rules " \
  68         "SET chain = ?, direction = ?, s_ip_type = ?, d_ip_type = ?, " \
  69         "s_port_type = ?, d_port_type = ?, protocol = ?, family = ?, " \
  70         "s_ip1 = ?, s_ip2 = ?, d_ip1 = ?, d_ip2 = ?, s_port1 = ?, " \
  71         "s_port2 = ?, d_port1 = ?, d_port2 = ?, ifname = ?, " \
  72         "target = ?, identifier = ? " \
  73         "WHERE key = ?"
  74
  75 /* INSERT statement */
  76 #define INSERT_FIREWALL_LOCK "INSERT INTO fw_lock " \
  77         "(name, state) VALUES (?, ?)"
  78
  79 #define INSERT_FIREWALL_CHAIN "INSERT INTO fw_chains " \
  80         "(chain, target, priority) " \
  81         "VALUES (?, ?, ?)"
  82
  83 #define INSERT_FIREWALL_RULE "INSERT INTO fw_rules " \
  84         "(key, chain, direction, s_ip_type, d_ip_type, s_port_type, " \
  85         "d_port_type, protocol, family, s_ip1, s_ip2, d_ip1, d_ip2, " \
  86         "s_port1, s_port2, d_port1, d_port2, ifname, target, identifier) " \
  87         "VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"
  88
  89 static void __finalize_delete(void);
  90
  91 #define PREPARE_DELETE(stm, query) do { \
  92         rc = sqlite3_prepare_v2(db, query, -1, &stm, NULL); \
  93         if (rc != SQLITE_OK) { \
  94                 stm = NULL; \
  95                 __finalize_delete(); \
  96                 STC_LOGE("Failed to prepare \"%s\" query" \
  97                          , query); \
  98                 return rc; \
  99         } \
 100 } while (0)
 101
 102 static void __finalize_select(void);
 103
 104 #define PREPARE_SELECT(stm, query) do { \
 105         rc = sqlite3_prepare_v2(db, query, -1, &stm, NULL); \
 106         if (rc != SQLITE_OK) { \
 107                 stm = NULL; \
 108                 __finalize_select(); \
 109                 STC_LOGE("Failed to prepare \"%s\" query" \
 110                          , query); \
 111                 return rc; \
 112         } \
 113 } while (0)
 114
 115 static void __finalize_update(void);
 116
 117 #define PREPARE_UPDATE(stm, query) do { \
 118         rc = sqlite3_prepare_v2(db, query, -1, &stm, NULL); \
 119         if (rc != SQLITE_OK) { \
 120                 stm = NULL; \
 121                 __finalize_update(); \
 122                 STC_LOGE("Failed to prepare \"%s\" query" \
 123                          , query); \
 124                 return rc; \
 125         } \
 126 } while (0)
 127
 128 static void __finalize_insert(void);
 129
 130 #define PREPARE_INSERT(stm, query) do { \
 131         rc = sqlite3_prepare_v2(db, query, -1, &stm, NULL); \
 132         if (rc != SQLITE_OK) { \
 133                 stm = NULL; \
 134                 __finalize_insert(); \
 135                 STC_LOGE("Failed to prepare \"%s\" query" \
 136                          , query); \
 137                 return rc; \
 138         } \
 139 } while (0)
 140
 141 #define FINALIZE(stm) do { \
 142         if (stm) { \
 143                 sqlite3_finalize(stm); \
 144                 stm = NULL; \
 145         } \
 146 } while (0)
 147
 148 /* DELETE statements */
 149 static sqlite3_stmt *delete_fw_chain;
 150 static sqlite3_stmt *delete_fw_rule;
 151 static sqlite3_stmt *delete_fw_rule_per_chain;
 152
 153 /* SELECT statements */
 154 static sqlite3_stmt *select_fw_lock;
 155 static sqlite3_stmt *select_fw_chain;
 156 static sqlite3_stmt *select_fw_rule;
 157 static sqlite3_stmt *select_fw_rule_per_chain;
 158
 159 /* UPDATE statements */
 160 static sqlite3_stmt *update_fw_lock;
 161 static sqlite3_stmt *update_fw_chain;
 162 static sqlite3_stmt *update_fw_rule;
 163
 164 /* INSERT statements */
 165 static sqlite3_stmt *insert_fw_lock;
 166 static sqlite3_stmt *insert_fw_chain;
 167 static sqlite3_stmt *insert_fw_rule;
 168
 169 static int __prepare_delete(sqlite3 *db)
 170 {
 171         __STC_LOG_FUNC_ENTER__;
 172         int rc;
 173         static int initialized;
 174
 175         if (initialized) {
 176                 __STC_LOG_FUNC_EXIT__;
 177                 return SQLITE_OK;
 178         }
 179
 180         PREPARE_DELETE(delete_fw_chain, DELETE_FIREWALL_CHAIN);
 181         PREPARE_DELETE(delete_fw_rule, DELETE_FIREWALL_RULE);
 182         PREPARE_DELETE(delete_fw_rule_per_chain, DELETE_FIREWALL_RULE_PER_CHAIN);
 183
 184         initialized = 1;
 185         __STC_LOG_FUNC_EXIT__;
 186         return rc;
 187 }
 188
 189 static void __finalize_delete(void)
 190 {
 191         __STC_LOG_FUNC_ENTER__;
 192
 193         FINALIZE(delete_fw_chain);
 194         FINALIZE(delete_fw_rule);
 195         FINALIZE(delete_fw_rule_per_chain);
 196
 197         __STC_LOG_FUNC_EXIT__;
 198 }
 199
 200 static int __prepare_select(sqlite3 *db)
 201 {
 202         __STC_LOG_FUNC_ENTER__;
 203         int rc;
 204         static int initialized;
 205
 206         if (initialized) {
 207                 __STC_LOG_FUNC_EXIT__;
 208                 return SQLITE_OK;
 209         }
 210
 211         PREPARE_SELECT(select_fw_lock, SELECT_FIREWALL_LOCK);
 212         PREPARE_SELECT(select_fw_chain, SELECT_FIREWALL_CHAIN);
 213         PREPARE_SELECT(select_fw_rule, SELECT_FIREWALL_RULE);
 214         PREPARE_SELECT(select_fw_rule_per_chain, SELECT_FIREWALL_RULE_PER_CHAIN);
 215
 216         initialized = 1;
 217         __STC_LOG_FUNC_EXIT__;
 218         return rc;
 219 }
 220
 221 static void __finalize_select(void)
 222 {
 223         __STC_LOG_FUNC_ENTER__;
 224
 225         FINALIZE(select_fw_lock);
 226         FINALIZE(select_fw_chain);
 227         FINALIZE(select_fw_rule);
 228         FINALIZE(select_fw_rule_per_chain);
 229
 230         __STC_LOG_FUNC_EXIT__;
 231 }
 232
 233 static int __prepare_update(sqlite3 *db)
 234 {
 235         __STC_LOG_FUNC_ENTER__;
 236         int rc;
 237         static int initialized;
 238
 239         if (initialized) {
 240                 __STC_LOG_FUNC_EXIT__;
 241                 return SQLITE_OK;
 242         }
 243
 244         PREPARE_UPDATE(update_fw_lock, UPDATE_FIREWALL_LOCK);
 245         PREPARE_UPDATE(update_fw_chain, UPDATE_FIREWALL_CHAIN);
 246         PREPARE_UPDATE(update_fw_rule, UPDATE_FIREWALL_RULE);
 247
 248         initialized = 1;
 249         __STC_LOG_FUNC_EXIT__;
 250         return rc;
 251 }
 252
 253 static void __finalize_update(void)
 254 {
 255         __STC_LOG_FUNC_ENTER__;
 256
 257         FINALIZE(update_fw_lock);
 258         FINALIZE(update_fw_chain);
 259         FINALIZE(update_fw_rule);
 260
 261         __STC_LOG_FUNC_EXIT__;
 262 }
 263
 264 static int __prepare_insert(sqlite3 *db)
 265 {
 266         __STC_LOG_FUNC_ENTER__;
 267         int rc;
 268         static int initialized;
 269
 270         if (initialized) {
 271                 __STC_LOG_FUNC_EXIT__;
 272                 return SQLITE_OK;
 273         }
 274
 275         PREPARE_INSERT(insert_fw_lock, INSERT_FIREWALL_LOCK);
 276         PREPARE_INSERT(insert_fw_chain, INSERT_FIREWALL_CHAIN);
 277         PREPARE_INSERT(insert_fw_rule, INSERT_FIREWALL_RULE);
 278
 279         initialized = 1;
 280         __STC_LOG_FUNC_EXIT__;
 281         return rc;
 282 }
 283
 284 static void __finalize_insert(void)
 285 {
 286         __STC_LOG_FUNC_ENTER__;
 287
 288         FINALIZE(insert_fw_lock);
 289         FINALIZE(insert_fw_chain);
 290         FINALIZE(insert_fw_rule);
 291
 292         __STC_LOG_FUNC_EXIT__;
 293 }
 294
 295 stc_error_e table_firewall_insert_lock(char *name, int state)
 296 {
 297         stc_error_e error_code = STC_ERROR_NONE;
 298         sqlite3_stmt *stmt = insert_fw_lock;
 299
 300         DB_ACTION(sqlite3_bind_text(stmt, 1, name ? name : "",
 301                                         -1, SQLITE_TRANSIENT));
 302         DB_ACTION(sqlite3_bind_int(stmt, 2, state));
 303
 304         if (sqlite3_step(stmt) != SQLITE_DONE) {
 305                 STC_LOGE("Failed to insert firewall lock state: %s\n",
 306                          sqlite3_errmsg(stc_db_get_database()));
 307
 308                 error_code = STC_ERROR_DB_FAILED;
 309                 goto handle_error;
 310         }
 311
 312         STC_LOGD("Firewall lock state inserted [%d]", state);
 313
 314 handle_error:
 315         sqlite3_reset(stmt);
 316         return error_code;
 317 }
 318
 319 stc_error_e table_firewall_update_lock(char *name, int state)
 320 {
 321         stc_error_e error_code = STC_ERROR_NONE;
 322         sqlite3_stmt *stmt = update_fw_lock;
 323
 324         DB_ACTION(sqlite3_bind_int(stmt, 1, state));
 325         DB_ACTION(sqlite3_bind_text(stmt, 2, name ? name : "",
 326                                         -1, SQLITE_TRANSIENT));
 327
 328         if (sqlite3_step(stmt) != SQLITE_DONE) {
 329                 STC_LOGE("Failed to update firewall lock state: %s\n",
 330                          sqlite3_errmsg(stc_db_get_database()));
 331
 332                 error_code = STC_ERROR_DB_FAILED;
 333                 goto handle_error;
 334         }
 335
 336         STC_LOGD("Firewall lock state updated [%d]", state);
 337
 338 handle_error:
 339         sqlite3_reset(stmt);
 340         return error_code;
 341 }
 342
 343 stc_error_e table_firewall_get_lock(char *name, int *state)
 344 {
 345         int rc;
 346         stc_error_e error_code = STC_ERROR_NONE;
 347         sqlite3_stmt *stmt = select_fw_lock;
 348
 349         if (!name)
 350                 return STC_ERROR_DB_FAILED;
 351
 352         DB_ACTION(sqlite3_bind_text(stmt, 1, name,
 353                                         -1, SQLITE_TRANSIENT));
 354
 355         rc = sqlite3_step(stmt);
 356
 357         switch (rc) {
 358         case SQLITE_DONE:
 359                 break;
 360         case SQLITE_ROW:
 361                 *state = sqlite3_column_int(stmt, 0);
 362                 break;
 363         case SQLITE_ERROR:
 364         default:
 365                 STC_LOGE("Failed to get firewall lock state: %s\n",
 366                          sqlite3_errmsg(stc_db_get_database()));
 367
 368                 error_code = STC_ERROR_DB_FAILED;
 369                 goto handle_error;
 370         }
 371
 372         STC_LOGD("Firewall lock state [%d]", *state);
 373
 374 handle_error:
 375         sqlite3_reset(stmt);
 376         return error_code;
 377 }
 378
 379 stc_error_e table_firewall_insert_chain(firewall_chain_s *info)
 380 {
 381         stc_error_e error_code = STC_ERROR_NONE;
 382         sqlite3_stmt *stmt = insert_fw_chain;
 383
 384         if (!info) {
 385                 error_code = STC_ERROR_INVALID_PARAMETER;
 386                 goto handle_error;
 387         }
 388
 389         DB_ACTION(sqlite3_bind_text(stmt, 1, info->chain ? info->chain : "",
 390                                         -1, SQLITE_TRANSIENT));
 391         DB_ACTION(sqlite3_bind_int(stmt, 2, info->target));
 392         DB_ACTION(sqlite3_bind_int(stmt, 3, info->priority));
 393
 394         if (sqlite3_step(stmt) != SQLITE_DONE) {
 395                 STC_LOGE("Failed to insert firewall chain: %s\n",
 396                          sqlite3_errmsg(stc_db_get_database()));
 397                 error_code = STC_ERROR_DB_FAILED;
 398                 goto handle_error;
 399         }
 400
 401         STC_LOGD("Firewall chain inserted [%s]", info->chain);
 402
 403 handle_error:
 404         sqlite3_reset(stmt);
 405         return error_code;
 406 }
 407
 408 stc_error_e table_firewall_delete_chain(firewall_chain_s *info)
 409 {
 410         stc_error_e error_code = STC_ERROR_NONE;
 411         sqlite3_stmt *stmt = delete_fw_chain;
 412
 413         if (!info) {
 414                 error_code = STC_ERROR_INVALID_PARAMETER;
 415                 goto handle_error;
 416         }
 417
 418         DB_ACTION(sqlite3_bind_text(stmt, 1, info->chain ? info->chain : "",
 419                                     -1, SQLITE_TRANSIENT));
 420
 421         if (sqlite3_step(stmt) != SQLITE_DONE) {
 422                 STC_LOGE("Failed to delete firewall chain %s\n",
 423                          sqlite3_errmsg(stc_db_get_database()));
 424                 error_code = STC_ERROR_DB_FAILED;
 425                 goto handle_error;
 426         }
 427
 428         STC_LOGD("Firewall chain deleted [%s]", info->chain);
 429
 430 handle_error:
 431
 432         sqlite3_reset(stmt);
 433         return error_code;
 434 }
 435
 436 stc_error_e table_firewall_flush_chain(firewall_chain_s *info)
 437 {
 438         stc_error_e error_code = STC_ERROR_NONE;
 439         sqlite3_stmt *stmt = delete_fw_rule_per_chain;
 440
 441         if (!info) {
 442                 error_code = STC_ERROR_INVALID_PARAMETER;
 443                 goto handle_error;
 444         }
 445
 446         DB_ACTION(sqlite3_bind_text(stmt, 1, info->chain ? info->chain : "",
 447                                     -1, SQLITE_TRANSIENT));
 448
 449         if (sqlite3_step(stmt) != SQLITE_DONE) {
 450                 STC_LOGE("Failed to flush firewall chain %s\n",
 451                          sqlite3_errmsg(stc_db_get_database()));
 452                 error_code = STC_ERROR_DB_FAILED;
 453                 goto handle_error;
 454         }
 455
 456         STC_LOGD("Firewall chain flushed [%s]", info->chain);
 457
 458 handle_error:
 459
 460         sqlite3_reset(stmt);
 461         return error_code;
 462 }
 463
 464 stc_error_e table_firewall_update_chain(firewall_chain_s *info)
 465 {
 466         stc_error_e error_code = STC_ERROR_NONE;
 467         sqlite3_stmt *stmt = update_fw_chain;
 468
 469         if (!info) {
 470                 error_code = STC_ERROR_INVALID_PARAMETER;
 471                 goto handle_error;
 472         }
 473
 474         DB_ACTION(sqlite3_bind_int(stmt, 1, info->target));
 475         DB_ACTION(sqlite3_bind_int(stmt, 2, info->priority));
 476         DB_ACTION(sqlite3_bind_text(stmt, 3, info->chain ? info->chain : "",
 477                                         -1, SQLITE_TRANSIENT));
 478
 479         if (sqlite3_step(stmt) != SQLITE_DONE) {
 480                 STC_LOGE("Failed to update firewall chain: %s\n",
 481                          sqlite3_errmsg(stc_db_get_database()));
 482                 error_code = STC_ERROR_DB_FAILED;
 483                 goto handle_error;
 484         }
 485
 486         STC_LOGD("Firewall chain updated [%s]", info->chain);
 487
 488 handle_error:
 489         sqlite3_reset(stmt);
 490         return error_code;
 491 }
 492
 493 stc_error_e table_firewall_foreach_chain(firewall_chain_cb info_cb,
 494                                        void *user_data)
 495 {
 496         firewall_chain_s info;
 497         int rc;
 498         stc_error_e error_code = STC_ERROR_NONE;
 499         sqlite3_stmt *stmt = select_fw_chain;
 500
 501         do {
 502                 rc = sqlite3_step(stmt);
 503
 504                 memset(&info, 0, sizeof(info));
 505
 506                 switch (rc) {
 507                 case SQLITE_DONE:
 508                         break;
 509                 case SQLITE_ROW:
 510                         info.chain = (char *)sqlite3_column_text(stmt, 0);
 511                         info.target = sqlite3_column_int(stmt, 1);
 512                         info.priority = sqlite3_column_int(stmt, 2);
 513
 514                         if (info_cb(&info, user_data) == STC_CANCEL)
 515                                 rc = SQLITE_DONE;
 516                         break;
 517                 case SQLITE_ERROR:
 518                 default:
 519                         STC_LOGE("Failed to enumerate firewall chains: %s\n",
 520                                  sqlite3_errmsg(stc_db_get_database()));
 521
 522                         error_code = STC_ERROR_DB_FAILED;
 523                 }
 524         } while (rc == SQLITE_ROW);
 525
 526         sqlite3_reset(stmt);
 527         return error_code;
 528 }
 529
 530 stc_error_e table_firewall_insert_rule(firewall_rule_s *info)
 531 {
 532         stc_error_e error_code = STC_ERROR_NONE;
 533         char buf[BUF_SIZE_FOR_IP];
 534         sqlite3_stmt *stmt = insert_fw_rule;
 535
 536         if (!info) {
 537                 error_code = STC_ERROR_INVALID_PARAMETER;
 538                 goto handle_error;
 539         }
 540
 541         DB_ACTION(sqlite3_bind_int64(stmt, 1, info->key));
 542         DB_ACTION(sqlite3_bind_text(stmt, 2, info->chain ? info->chain : "",
 543                                         -1, SQLITE_TRANSIENT));
 544         DB_ACTION(sqlite3_bind_int(stmt, 3, info->direction));
 545         DB_ACTION(sqlite3_bind_int(stmt, 4, info->s_ip_type));
 546         DB_ACTION(sqlite3_bind_int(stmt, 5, info->d_ip_type));
 547         DB_ACTION(sqlite3_bind_int(stmt, 6, info->s_port_type));
 548         DB_ACTION(sqlite3_bind_int(stmt, 7, info->d_port_type));
 549         DB_ACTION(sqlite3_bind_int(stmt, 8, info->protocol));
 550         DB_ACTION(sqlite3_bind_int(stmt, 9, info->family));
 551         if (info->family == STC_FW_FAMILY_V4) {
 552                 memset(buf, 0, sizeof(buf));
 553                 snprintf(buf, sizeof(buf), "%08x", info->s_ip1.Ipv4.s_addr);
 554                 DB_ACTION(sqlite3_bind_text(stmt, 10, buf, -1, SQLITE_TRANSIENT));
 555
 556                 memset(buf, 0, sizeof(buf));
 557                 snprintf(buf, sizeof(buf), "%08x", info->s_ip2.Ipv4.s_addr);
 558                 DB_ACTION(sqlite3_bind_text(stmt, 11, buf, -1, SQLITE_TRANSIENT));
 559
 560                 memset(buf, 0, sizeof(buf));
 561                 snprintf(buf, sizeof(buf), "%08x", info->d_ip1.Ipv4.s_addr);
 562                 DB_ACTION(sqlite3_bind_text(stmt, 12, buf, -1, SQLITE_TRANSIENT));
 563
 564                 memset(buf, 0, sizeof(buf));
 565                 snprintf(buf, sizeof(buf), "%08x", info->d_ip2.Ipv4.s_addr);
 566                 DB_ACTION(sqlite3_bind_text(stmt, 13, buf, -1, SQLITE_TRANSIENT));
 567         } else if (info->family == STC_FW_FAMILY_V6) {
 568                 memset(buf, 0, sizeof(buf));
 569                 snprintf(buf, sizeof(buf), "%08x:%08x:%08x:%08x",
 570                         info->s_ip1.Ipv6.s6_addr32[0], info->s_ip1.Ipv6.s6_addr32[1],
 571                         info->s_ip1.Ipv6.s6_addr32[2], info->s_ip1.Ipv6.s6_addr32[3]);
 572                 DB_ACTION(sqlite3_bind_text(stmt, 10, buf, -1, SQLITE_TRANSIENT));
 573
 574                 memset(buf, 0, sizeof(buf));
 575                 snprintf(buf, sizeof(buf), "%08x:%08x:%08x:%08x",
 576                         info->s_ip2.Ipv6.s6_addr32[0], info->s_ip2.Ipv6.s6_addr32[1],
 577                         info->s_ip2.Ipv6.s6_addr32[2], info->s_ip2.Ipv6.s6_addr32[3]);
 578                 DB_ACTION(sqlite3_bind_text(stmt, 11, buf, -1, SQLITE_TRANSIENT));
 579
 580                 memset(buf, 0, sizeof(buf));
 581                 snprintf(buf, sizeof(buf), "%08x:%08x:%08x:%08x",
 582                         info->d_ip1.Ipv6.s6_addr32[0], info->d_ip1.Ipv6.s6_addr32[1],
 583                         info->d_ip1.Ipv6.s6_addr32[2], info->d_ip1.Ipv6.s6_addr32[3]);
 584                 DB_ACTION(sqlite3_bind_text(stmt, 12, buf, -1, SQLITE_TRANSIENT));
 585
 586                 memset(buf, 0, sizeof(buf));
 587                 snprintf(buf, sizeof(buf), "%08x:%08x:%08x:%08x",
 588                         info->d_ip2.Ipv6.s6_addr32[0], info->d_ip2.Ipv6.s6_addr32[1],
 589                         info->d_ip2.Ipv6.s6_addr32[2], info->d_ip2.Ipv6.s6_addr32[3]);
 590                 DB_ACTION(sqlite3_bind_text(stmt, 13, buf, -1, SQLITE_TRANSIENT));
 591         } else {
 592                 DB_ACTION(sqlite3_bind_text(stmt, 10, "", -1, SQLITE_TRANSIENT));
 593                 DB_ACTION(sqlite3_bind_text(stmt, 11, "", -1, SQLITE_TRANSIENT));
 594                 DB_ACTION(sqlite3_bind_text(stmt, 12, "", -1, SQLITE_TRANSIENT));
 595                 DB_ACTION(sqlite3_bind_text(stmt, 13, "", -1, SQLITE_TRANSIENT));
 596         }
 597         DB_ACTION(sqlite3_bind_int(stmt, 14, info->s_port1));
 598         DB_ACTION(sqlite3_bind_int(stmt, 15, info->s_port2));
 599         DB_ACTION(sqlite3_bind_int(stmt, 16, info->d_port1));
 600         DB_ACTION(sqlite3_bind_int(stmt, 17, info->d_port2));
 601         DB_ACTION(sqlite3_bind_text(stmt, 18, info->ifname ? info->ifname : "",
 602                                         -1, SQLITE_TRANSIENT));
 603         DB_ACTION(sqlite3_bind_int(stmt, 19, info->target));
 604         DB_ACTION(sqlite3_bind_text(stmt, 20, info->identifier ? info->identifier : "",
 605                                         -1, SQLITE_TRANSIENT));
 606
 607         if (sqlite3_step(stmt) != SQLITE_DONE) {
 608                 STC_LOGE("Failed to insert firewall rule: %s\n",
 609                          sqlite3_errmsg(stc_db_get_database()));
 610                 error_code = STC_ERROR_DB_FAILED;
 611                 goto handle_error;
 612         }
 613
 614         STC_LOGD("Firewall rule inserted [%s]", info->chain);
 615
 616 handle_error:
 617         sqlite3_reset(stmt);
 618         return error_code;
 619 }
 620
 621 stc_error_e table_firewall_delete_rule(firewall_rule_s *info)
 622 {
 623         stc_error_e error_code = STC_ERROR_NONE;
 624         sqlite3_stmt *stmt = delete_fw_rule;
 625
 626         if (!info) {
 627                 error_code = STC_ERROR_INVALID_PARAMETER;
 628                 goto handle_error;
 629         }
 630
 631         DB_ACTION(sqlite3_bind_int64(stmt, 1, info->key));
 632
 633         if (sqlite3_step(stmt) != SQLITE_DONE) {
 634                 STC_LOGE("Failed to delete firewall rule %s\n",
 635                          sqlite3_errmsg(stc_db_get_database()));
 636                 error_code = STC_ERROR_DB_FAILED;
 637                 goto handle_error;
 638         }
 639
 640         STC_LOGD("Firewall rule deleted [%s]", info->chain);
 641
 642 handle_error:
 643
 644         sqlite3_reset(stmt);
 645         return error_code;
 646 }
 647
 648 stc_error_e table_firewall_update_rule(firewall_rule_s *info)
 649 {
 650         stc_error_e error_code = STC_ERROR_NONE;
 651         char buf[BUF_SIZE_FOR_IP];
 652         sqlite3_stmt *stmt = update_fw_rule;
 653
 654         if (!info) {
 655                 error_code = STC_ERROR_INVALID_PARAMETER;
 656                 goto handle_error;
 657         }
 658
 659         DB_ACTION(sqlite3_bind_text(stmt, 1, info->chain ? info->chain : "",
 660                                         -1, SQLITE_TRANSIENT));
 661         DB_ACTION(sqlite3_bind_int(stmt, 2, info->direction));
 662         DB_ACTION(sqlite3_bind_int(stmt, 3, info->s_ip_type));
 663         DB_ACTION(sqlite3_bind_int(stmt, 4, info->d_ip_type));
 664         DB_ACTION(sqlite3_bind_int(stmt, 5, info->s_port_type));
 665         DB_ACTION(sqlite3_bind_int(stmt, 6, info->d_port_type));
 666         DB_ACTION(sqlite3_bind_int(stmt, 7, info->protocol));
 667         DB_ACTION(sqlite3_bind_int(stmt, 8, info->family));
 668         if (info->family == STC_FW_FAMILY_V4) {
 669                 memset(buf, 0, sizeof(buf));
 670                 snprintf(buf, sizeof(buf), "%08x", info->s_ip1.Ipv4.s_addr);
 671                 DB_ACTION(sqlite3_bind_text(stmt, 9, buf, -1, SQLITE_TRANSIENT));
 672
 673                 memset(buf, 0, sizeof(buf));
 674                 snprintf(buf, sizeof(buf), "%08x", info->s_ip2.Ipv4.s_addr);
 675                 DB_ACTION(sqlite3_bind_text(stmt, 10, buf, -1, SQLITE_TRANSIENT));
 676
 677                 memset(buf, 0, sizeof(buf));
 678                 snprintf(buf, sizeof(buf), "%08x", info->d_ip1.Ipv4.s_addr);
 679                 DB_ACTION(sqlite3_bind_text(stmt, 11, buf, -1, SQLITE_TRANSIENT));
 680
 681                 memset(buf, 0, sizeof(buf));
 682                 snprintf(buf, sizeof(buf), "%08x", info->d_ip2.Ipv4.s_addr);
 683                 DB_ACTION(sqlite3_bind_text(stmt, 12, buf, -1, SQLITE_TRANSIENT));
 684         } else if (info->family == STC_FW_FAMILY_V6) {
 685                 memset(buf, 0, sizeof(buf));
 686                 snprintf(buf, sizeof(buf), "%08x:%08x:%08x:%08x",
 687                         info->s_ip1.Ipv6.s6_addr32[0], info->s_ip1.Ipv6.s6_addr32[1],
 688                         info->s_ip1.Ipv6.s6_addr32[2], info->s_ip1.Ipv6.s6_addr32[3]);
 689                 DB_ACTION(sqlite3_bind_text(stmt, 9, buf, -1, SQLITE_TRANSIENT));
 690
 691                 memset(buf, 0, sizeof(buf));
 692                 snprintf(buf, sizeof(buf), "%08x:%08x:%08x:%08x",
 693                         info->s_ip2.Ipv6.s6_addr32[0], info->s_ip2.Ipv6.s6_addr32[1],
 694                         info->s_ip2.Ipv6.s6_addr32[2], info->s_ip2.Ipv6.s6_addr32[3]);
 695                 DB_ACTION(sqlite3_bind_text(stmt, 10, buf, -1, SQLITE_TRANSIENT));
 696
 697                 memset(buf, 0, sizeof(buf));
 698                 snprintf(buf, sizeof(buf), "%08x:%08x:%08x:%08x",
 699                         info->d_ip1.Ipv6.s6_addr32[0], info->d_ip1.Ipv6.s6_addr32[1],
 700                         info->d_ip1.Ipv6.s6_addr32[2], info->d_ip1.Ipv6.s6_addr32[3]);
 701                 DB_ACTION(sqlite3_bind_text(stmt, 11, buf, -1, SQLITE_TRANSIENT));
 702
 703                 memset(buf, 0, sizeof(buf));
 704                 snprintf(buf, sizeof(buf), "%08x:%08x:%08x:%08x",
 705                         info->d_ip2.Ipv6.s6_addr32[0], info->d_ip2.Ipv6.s6_addr32[1],
 706                         info->d_ip2.Ipv6.s6_addr32[2], info->d_ip2.Ipv6.s6_addr32[3]);
 707                 DB_ACTION(sqlite3_bind_text(stmt, 12, buf, -1, SQLITE_TRANSIENT));
 708         } else {
 709                 DB_ACTION(sqlite3_bind_text(stmt, 9, "", -1, SQLITE_TRANSIENT));
 710                 DB_ACTION(sqlite3_bind_text(stmt, 10, "", -1, SQLITE_TRANSIENT));
 711                 DB_ACTION(sqlite3_bind_text(stmt, 11, "", -1, SQLITE_TRANSIENT));
 712                 DB_ACTION(sqlite3_bind_text(stmt, 12, "", -1, SQLITE_TRANSIENT));
 713         }
 714         DB_ACTION(sqlite3_bind_int(stmt, 13, info->s_port1));
 715         DB_ACTION(sqlite3_bind_int(stmt, 14, info->s_port2));
 716         DB_ACTION(sqlite3_bind_int(stmt, 15, info->d_port1));
 717         DB_ACTION(sqlite3_bind_int(stmt, 16, info->d_port2));
 718         DB_ACTION(sqlite3_bind_text(stmt, 17, info->ifname ? info->ifname : "",
 719                                         -1, SQLITE_TRANSIENT));
 720         DB_ACTION(sqlite3_bind_int(stmt, 18, info->target));
 721         DB_ACTION(sqlite3_bind_text(stmt, 19, info->identifier ? info->identifier : "",
 722                                         -1, SQLITE_TRANSIENT));
 723         DB_ACTION(sqlite3_bind_int64(stmt, 20, info->key));
 724
 725         if (sqlite3_step(stmt) != SQLITE_DONE) {
 726                 STC_LOGE("Failed to update firewall rule %s\n",
 727                          sqlite3_errmsg(stc_db_get_database()));
 728                 error_code = STC_ERROR_DB_FAILED;
 729                 goto handle_error;
 730         }
 731
 732         STC_LOGD("Firewall rule updated [%s]", info->chain);
 733
 734 handle_error:
 735
 736         sqlite3_reset(stmt);
 737         return error_code;
 738 }
 739
 740 stc_error_e table_firewall_foreach_rule(firewall_rule_cb info_cb,
 741                                        void *user_data)
 742 {
 743         firewall_rule_s info;
 744         int rc;
 745         stc_error_e error_code = STC_ERROR_NONE;
 746         sqlite3_stmt *stmt = select_fw_rule;
 747
 748         do {
 749                 rc = sqlite3_step(stmt);
 750
 751                 memset(&info, 0, sizeof(info));
 752
 753                 switch (rc) {
 754                 case SQLITE_DONE:
 755                         break;
 756                 case SQLITE_ROW:
 757                         info.key = sqlite3_column_int64(stmt, 0);
 758                         info.chain = (char *)sqlite3_column_text(stmt, 1);
 759                         info.direction = sqlite3_column_int(stmt, 2);
 760                         info.s_ip_type = sqlite3_column_int(stmt, 3);
 761                         info.d_ip_type = sqlite3_column_int(stmt, 4);
 762                         info.s_port_type = sqlite3_column_int(stmt, 5);
 763                         info.d_port_type = sqlite3_column_int(stmt, 6);
 764                         info.protocol = sqlite3_column_int(stmt, 7);
 765                         info.family = sqlite3_column_int(stmt, 8);
 766                         if (info.family == STC_FW_FAMILY_V4) {
 767                                 sscanf((char *)sqlite3_column_text(stmt, 9), "%08x",
 768                                                                 &(info.s_ip1.Ipv4.s_addr));
 769                                 sscanf((char *)sqlite3_column_text(stmt, 10), "%08x",
 770                                                                 &(info.s_ip2.Ipv4.s_addr));
 771                                 sscanf((char *)sqlite3_column_text(stmt, 11), "%08x",
 772                                                                 &(info.d_ip1.Ipv4.s_addr));
 773                                 sscanf((char *)sqlite3_column_text(stmt, 12), "%08x",
 774                                                                 &(info.d_ip2.Ipv4.s_addr));
 775                         } else if (info.family == STC_FW_FAMILY_V6) {
 776                                 sscanf((char *)sqlite3_column_text(stmt, 9), "%08x:%08x:%08x:%08x",
 777                                         &(info.s_ip1.Ipv6.s6_addr32[0]), &(info.s_ip1.Ipv6.s6_addr32[1]),
 778                                         &(info.s_ip1.Ipv6.s6_addr32[2]), &(info.s_ip1.Ipv6.s6_addr32[3]));
 779                                 sscanf((char *)sqlite3_column_text(stmt, 10), "%08x:%08x:%08x:%08x",
 780                                         &(info.s_ip2.Ipv6.s6_addr32[0]), &(info.s_ip2.Ipv6.s6_addr32[1]),
 781                                         &(info.s_ip2.Ipv6.s6_addr32[2]), &(info.s_ip2.Ipv6.s6_addr32[3]));
 782                                 sscanf((char *)sqlite3_column_text(stmt, 11), "%08x:%08x:%08x:%08x",
 783                                         &(info.d_ip1.Ipv6.s6_addr32[0]), &(info.d_ip1.Ipv6.s6_addr32[1]),
 784                                         &(info.d_ip1.Ipv6.s6_addr32[2]), &(info.d_ip1.Ipv6.s6_addr32[3]));
 785                                 sscanf((char *)sqlite3_column_text(stmt, 12), "%08x:%08x:%08x:%08x",
 786                                         &(info.d_ip2.Ipv6.s6_addr32[0]), &(info.d_ip2.Ipv6.s6_addr32[1]),
 787                                         &(info.d_ip2.Ipv6.s6_addr32[2]), &(info.d_ip2.Ipv6.s6_addr32[3]));
 788                         }
 789                         info.s_port1 = sqlite3_column_int(stmt, 13);
 790                         info.s_port2 = sqlite3_column_int(stmt, 14);
 791                         info.d_port1 = sqlite3_column_int(stmt, 15);
 792                         info.d_port2 = sqlite3_column_int(stmt, 16);
 793                         info.ifname = (char *)sqlite3_column_text(stmt, 17);
 794                         info.target = sqlite3_column_int(stmt, 18);
 795                         info.identifier = (char *)sqlite3_column_text(stmt, 19);
 796
 797                         if (info_cb(&info, user_data) == STC_CANCEL)
 798                                 rc = SQLITE_DONE;
 799                         break;
 800                 case SQLITE_ERROR:
 801                 default:
 802                         STC_LOGE("Failed to enumerate firewall rules: %s\n",
 803                                  sqlite3_errmsg(stc_db_get_database()));
 804
 805                         error_code = STC_ERROR_DB_FAILED;
 806                 }
 807         } while (rc == SQLITE_ROW);
 808
 809         sqlite3_reset(stmt);
 810         return error_code;
 811 }
 812
 813 stc_error_e table_firewall_prepare(sqlite3 *db)
 814 {
 815         __STC_LOG_FUNC_ENTER__;
 816
 817         stc_error_e error_code = STC_ERROR_NONE;
 818
 819         if (db == NULL) {
 820                 __STC_LOG_FUNC_EXIT__;
 821                 return STC_ERROR_FAIL;
 822         }
 823
 824         DB_ACTION(__prepare_delete(db));
 825         DB_ACTION(__prepare_select(db));
 826         DB_ACTION(__prepare_update(db));
 827         DB_ACTION(__prepare_insert(db));
 828
 829 handle_error:
 830
 831         __STC_LOG_FUNC_EXIT__;
 832         return error_code;
 833 }
 834
 835 void table_firewall_finalize(void)
 836 {
 837         __STC_LOG_FUNC_ENTER__;
 838         __finalize_delete();
 839         __finalize_select();
 840         __finalize_update();
 841         __finalize_insert();
 842         __STC_LOG_FUNC_EXIT__;
 843 }