#include "vpnsvc-internal.h"
#include "log.h"
+#include "util.h"
+#define BUF_SIZE_FOR_CMD 1024
#define BUF_SIZE_FOR_ERR 100
#define CONNMAN_SERVICE "net.connman"
static char iptables_filter_out[] = "OUTPUT";
static char iptables_filter_in[] = "INPUT";
static char iptables_filter_interface_wlan[] = "wlan0";
-/* static char iptables_register_fmt[] = "%s -N %s%s -w;" "%s -F %s%s -w;" "%s -A %s%s -j RETURN -w;" "%s -I %s -j %s%s -w;"; */
-static char iptables_register_fmt[] = "%s -N %s%s -w;" "%s -F %s%s -w;" "%s -A %s%s -j DROP -w;" "%s -A %s%s -j RETURN -w;" "%s -I %s -j %s%s -w;";
-static char iptables_unregister_fmt[] = "%s -D %s -j %s%s -w;" "%s -F %s%s -w;" "%s -X %s%s -w;";
-static char iptables_rule_fmt[] = "%s -%c %s%s -%c %s/%d -j ACCEPT -w;";
-static char iptables_rule_with_interface_fmt[] = "%s -%c %s%s -%c %s -%c %s/%d -j ACCEPT -w;";
+static char iptables_nat_chain_name[] = "CAPI_VPN_SERVICE_NAT_OUTPUT";
+
+#define IPTABLES_FMT_CREATE_CHAIN "%s -N %s%s -w"
+#define IPTABLES_FMT_APPEND_DROP_RULE "%s -A %s%s -j DROP -w"
+#define IPTABLES_FMT_APPEND_RETURN_RULE "%s -A %s%s -j RETURN -w"
+#define IPTABLES_FMT_INSERT_RULE "%s -I %s -j %s%s -w"
+#define IPTABLES_FMT_DEL_RULE "%s -D %s -j %s%s -w"
+#define IPTABLES_FMT_FLUSH_CHAIN "%s -F %s%s -w"
+#define IPTABLES_FMT_DEL_CHAIN "%s -X %s%s -w"
+#define IPTABLES_FMT_APPEND_ACCEPT_RULE "%s -%c %s%s -%c %s/%d -j ACCEPT -w"
+#define IPTABLES_FMT_APPEND_ACCEPT_RULE_WITH_INTF "%s -%c %s%s -%c %s -%c %s/%d -j ACCEPT -w"
+#define IPTABLES_FMT_DEL_RULE_FROM_NAT "%s -t nat -D %s -j %s -w"
+#define IPTABLES_FMT_FLUSH_CHAIN_FROM_NAT "%s -t nat -F %s -w"
+#define IPTABLES_FMT_DEL_CHAIN_FROM_NAT "%s -t nat -X %s -w"
+
/*static char iptables_usage_fmt[] = "%s -L %s%s -n -v -w;";*/
/* iptables -t nat -A CAPI_VPN_SERVICE_OUTPUT -p udp -d <vpn dns address> --dport 53 -j DNAT --to <vpn defice address:53> */
-static char iptables_nat_chain_name[] = "CAPI_VPN_SERVICE_NAT_OUTPUT";
-#if 0
-static char iptables_nat_register_init_fmt[] = "%s -t nat -N %s -w;" "%s -t nat -F %s -w;" "%s -t nat -I %s -j %s -w;";
-static char iptables_nat_register_rule_fmt[] = "%s -t nat -A %s -p udp -d %s --dport 53 -j DNAT --to %s:53 -w;";
-#endif
-static char iptables_nat_unregister_fmt[] = "%s -t nat -D %s -j %s -w;" "%s -t nat -F %s -w;" "%s -t nat -X %s -w;";
typedef unsigned long int ipv4; /* Declare variable type for ipv4 net address. */
if (message) {
g_variant_get(message, "(a(oa{sv}))", &iter);
- while (g_variant_iter_loop(iter, "(oa{sv})", &key, &value)) {
+ if (g_variant_iter_loop(iter, "(oa{sv})", &key, &value))
profile = strdup(key);
- break;
- }
if (value)
g_variant_iter_free(value);
return VPNSVC_ERROR_NONE;
}
-
-static void iptables_exec(char *cmdline)
-{
- FILE *fp = NULL;
-
- fp = popen(cmdline, "r");
-
- if (fp != NULL)
- pclose(fp);
-}
-
#if 0
static void dns_nat_register(char **vpn_dns_address, size_t nr_dns, char *vpn_device_address)
{
static void dns_nat_unregister(void)
{
- int size = 0;
- char buf[8192];
+ char buf[BUF_SIZE_FOR_CMD];
- snprintf(buf + size, sizeof(buf) - size, iptables_nat_unregister_fmt,
- iptables_cmd, iptables_filter_out, iptables_nat_chain_name,
- iptables_cmd, iptables_nat_chain_name,
+ snprintf(buf, sizeof(buf), IPTABLES_FMT_DEL_RULE_FROM_NAT,
+ iptables_cmd, iptables_filter_out, iptables_nat_chain_name);
+ if (netconfig_execute_cmd(buf))
+ ERR("Failed to execute command: %s", buf);
+
+ memset(buf, '0', sizeof(buf));
+ snprintf(buf, sizeof(buf), IPTABLES_FMT_FLUSH_CHAIN_FROM_NAT,
iptables_cmd, iptables_nat_chain_name);
- size = strlen(buf);
- DBG("iptable dns nat unreg cmd : %s", buf);
- iptables_exec(buf);
+ if (netconfig_execute_cmd(buf))
+ ERR("Failed to execute command: %s", buf);
+
+ memset(buf, '0', sizeof(buf));
+ snprintf(buf, sizeof(buf), IPTABLES_FMT_DEL_CHAIN_FROM_NAT,
+ iptables_cmd, iptables_nat_chain_name);
+ if (netconfig_execute_cmd(buf))
+ ERR("Failed to execute command: %s", buf);
}
static void iptables_register(void)
{
- int size = 0;
- char buf[8192], *filter;
+ char buf[BUF_SIZE_FOR_CMD] = {0, };
+ char *filter;
filter = iptables_filter_out;
- snprintf(buf + size, sizeof(buf) - size, iptables_register_fmt,
- iptables_cmd, iptables_filter_prefix, filter,
- iptables_cmd, iptables_filter_prefix, filter,
- iptables_cmd, iptables_filter_prefix, filter,
- iptables_cmd, iptables_filter_prefix, filter,
- iptables_cmd, filter, iptables_filter_prefix, filter);
- size = strlen(buf);
+
+ snprintf(buf, sizeof(buf), IPTABLES_FMT_CREATE_CHAIN,
+ iptables_cmd, iptables_filter_prefix, filter);
+ if (netconfig_execute_cmd(buf))
+ ERR("Failed to execute command: %s", buf);
+
+ memset(buf, '0', sizeof(buf));
+ snprintf(buf, sizeof(buf), IPTABLES_FMT_FLUSH_CHAIN,
+ iptables_cmd, iptables_filter_prefix, filter);
+ if (netconfig_execute_cmd(buf))
+ ERR("Failed to execute command: %s", buf);
+
+ memset(buf, '0', sizeof(buf));
+ snprintf(buf, sizeof(buf), IPTABLES_FMT_APPEND_DROP_RULE,
+ iptables_cmd, iptables_filter_prefix, filter);
+ if (netconfig_execute_cmd(buf))
+ ERR("Failed to execute command: %s", buf);
+
+ memset(buf, '0', sizeof(buf));
+ snprintf(buf, sizeof(buf), IPTABLES_FMT_APPEND_RETURN_RULE,
+ iptables_cmd, iptables_filter_prefix, filter);
+ if (netconfig_execute_cmd(buf))
+ ERR("Failed to execute command: %s", buf);
+
+ memset(buf, '0', sizeof(buf));
+ snprintf(buf, sizeof(buf), IPTABLES_FMT_INSERT_RULE,
+ iptables_cmd, filter, iptables_filter_prefix, filter);
+
filter = iptables_filter_in;
- snprintf(buf + size, sizeof(buf) - size, iptables_register_fmt,
- iptables_cmd, iptables_filter_prefix, filter,
- iptables_cmd, iptables_filter_prefix, filter,
- iptables_cmd, iptables_filter_prefix, filter,
- iptables_cmd, iptables_filter_prefix, filter,
- iptables_cmd, filter, iptables_filter_prefix, filter);
- DBG("iptable reg cmd : %s", buf);
- iptables_exec(buf);
+
+ memset(buf, '0', sizeof(buf));
+ snprintf(buf, sizeof(buf), IPTABLES_FMT_CREATE_CHAIN,
+ iptables_cmd, iptables_filter_prefix, filter);
+ if (netconfig_execute_cmd(buf))
+ ERR("Failed to execute command: %s", buf);
+
+ memset(buf, '0', sizeof(buf));
+ snprintf(buf, sizeof(buf), IPTABLES_FMT_FLUSH_CHAIN,
+ iptables_cmd, iptables_filter_prefix, filter);
+ if (netconfig_execute_cmd(buf))
+ ERR("Failed to execute command: %s", buf);
+
+ memset(buf, '0', sizeof(buf));
+ snprintf(buf, sizeof(buf), IPTABLES_FMT_APPEND_DROP_RULE,
+ iptables_cmd, iptables_filter_prefix, filter);
+ if (netconfig_execute_cmd(buf))
+ ERR("Failed to execute command: %s", buf);
+
+ memset(buf, '0', sizeof(buf));
+ snprintf(buf, sizeof(buf), IPTABLES_FMT_APPEND_RETURN_RULE,
+ iptables_cmd, iptables_filter_prefix, filter);
+ if (netconfig_execute_cmd(buf))
+ ERR("Failed to execute command: %s", buf);
+
+ memset(buf, '0', sizeof(buf));
+ snprintf(buf, sizeof(buf), IPTABLES_FMT_INSERT_RULE,
+ iptables_cmd, filter, iptables_filter_prefix, filter);
}
static void iptables_unregister(void)
{
- int size = 0;
- char buf[8192], *filter;
+ char buf[BUF_SIZE_FOR_CMD] = {0, };
+ char *filter;
filter = iptables_filter_out;
- snprintf(buf + size, sizeof(buf) - size, iptables_unregister_fmt,
- iptables_cmd, filter, iptables_filter_prefix, filter,
- iptables_cmd, iptables_filter_prefix, filter,
- iptables_cmd, iptables_filter_prefix, filter);
- size = strlen(buf);
+
+ snprintf(buf, sizeof(buf), IPTABLES_FMT_DEL_RULE,
+ iptables_cmd, filter, iptables_filter_prefix, filter);
+ if (netconfig_execute_cmd(buf))
+ ERR("Failed to execute command: %s", buf);
+
+ memset(buf, '0', sizeof(buf));
+ snprintf(buf, sizeof(buf), IPTABLES_FMT_FLUSH_CHAIN,
+ iptables_cmd, iptables_filter_prefix, filter);
+ if (netconfig_execute_cmd(buf))
+ ERR("Failed to execute command: %s", buf);
+
+ memset(buf, '0', sizeof(buf));
+ snprintf(buf, sizeof(buf), IPTABLES_FMT_DEL_CHAIN,
+ iptables_cmd, iptables_filter_prefix, filter);
+ if (netconfig_execute_cmd(buf))
+ ERR("Failed to execute command: %s", buf);
+
filter = iptables_filter_in;
- snprintf(buf + size, sizeof(buf) - size, iptables_unregister_fmt,
- iptables_cmd, filter, iptables_filter_prefix, filter,
- iptables_cmd, iptables_filter_prefix, filter,
- iptables_cmd, iptables_filter_prefix, filter);
- DBG("iptable unreg cmd : %s", buf);
- iptables_exec(buf);
+
+ memset(buf, '0', sizeof(buf));
+ snprintf(buf, sizeof(buf), IPTABLES_FMT_DEL_RULE,
+ iptables_cmd, filter, iptables_filter_prefix, filter);
+ if (netconfig_execute_cmd(buf))
+ ERR("Failed to execute command: %s", buf);
+
+ memset(buf, '0', sizeof(buf));
+ snprintf(buf, sizeof(buf), IPTABLES_FMT_FLUSH_CHAIN,
+ iptables_cmd, iptables_filter_prefix, filter);
+ if (netconfig_execute_cmd(buf))
+ ERR("Failed to execute command: %s", buf);
+
+ memset(buf, '0', sizeof(buf));
+ snprintf(buf, sizeof(buf), IPTABLES_FMT_DEL_CHAIN,
+ iptables_cmd, iptables_filter_prefix, filter);
+ if (netconfig_execute_cmd(buf))
+ ERR("Failed to execute command: %s", buf);
}
static void iptables_rule(const char c, const char *addr, const int mask)
{
- int size = 0;
- char buf[4096];
-
- snprintf(buf + size, sizeof(buf) - size, iptables_rule_fmt, iptables_cmd, c,
- iptables_filter_prefix, iptables_filter_out, 'd', addr, mask);
- size = strlen(buf);
- snprintf(buf + size, sizeof(buf) - size, iptables_rule_fmt, iptables_cmd, c,
- iptables_filter_prefix, iptables_filter_in, 's', addr, mask);
- DBG("iptable cmd : %s", buf);
- iptables_exec(buf);
+ char buf[BUF_SIZE_FOR_CMD];
+
+ snprintf(buf, sizeof(buf), IPTABLES_FMT_APPEND_ACCEPT_RULE,
+ iptables_cmd, c, iptables_filter_prefix,
+ iptables_filter_out, 'd', addr, mask);
+ if (netconfig_execute_cmd(buf))
+ ERR("Failed to execute command: %s", buf);
+
+ memset(buf, '0', sizeof(buf));
+ snprintf(buf, sizeof(buf), IPTABLES_FMT_APPEND_ACCEPT_RULE,
+ iptables_cmd, c, iptables_filter_prefix,
+ iptables_filter_in, 's', addr, mask);
+ if (netconfig_execute_cmd(buf))
+ ERR("Failed to execute command: %s", buf);
}
static void iptables_rule_interface(const char c, const char *addr, const int mask, const char *interface)
{
- int size = 0;
- char buf[4096];
+ char buf[BUF_SIZE_FOR_CMD];
- snprintf(buf + size, sizeof(buf) - size,
- iptables_rule_with_interface_fmt, iptables_cmd,
- c, iptables_filter_prefix, iptables_filter_out,
+ snprintf(buf, sizeof(buf), IPTABLES_FMT_APPEND_ACCEPT_RULE_WITH_INTF,
+ iptables_cmd, c, iptables_filter_prefix, iptables_filter_out,
'o', interface, 'd', addr, mask);
- size = strlen(buf);
- snprintf(buf + size, sizeof(buf) - size,
- iptables_rule_with_interface_fmt, iptables_cmd,
- c, iptables_filter_prefix, iptables_filter_in,
+ if (netconfig_execute_cmd(buf))
+ ERR("Failed to execute command: %s", buf);
+
+ memset(buf, '0', sizeof(buf));
+ snprintf(buf, sizeof(buf), IPTABLES_FMT_APPEND_ACCEPT_RULE_WITH_INTF,
+ iptables_cmd, c, iptables_filter_prefix, iptables_filter_in,
'i', interface, 's', addr, mask);
- DBG("iptable cmd : %s", buf);
- iptables_exec(buf);
+ if (netconfig_execute_cmd(buf))
+ ERR("Failed to execute command: %s", buf);
}
void iptables_add_orig(const char *addr, const int mask)
memset(&ifr, 0, sizeof(ifr));
if (*iface_name)
- strncpy(ifr.ifr_name, iface_name, strlen(iface_name));
+ strncpy(ifr.ifr_name, iface_name, IFNAMSIZ);
/* get an interface name by ifindex */
if (ioctl(sk, SIOCGIFINDEX, &ifr) < 0) {
int vpn_service_init(const char* iface_name, size_t iface_name_len, int fd, vpnsvc_tun_s *handle_s)
{
struct ifreq ifr;
- size_t len = 0;
char buf[BUF_SIZE_FOR_ERR] = { 0 };
DBG("enter vpn_daemon_init, iface_name : %s, iface_name_len : %d, fd : %d\n", iface_name, iface_name_len, fd);
if (*iface_name)
strncpy(ifr.ifr_name, iface_name, iface_name_len);
+ ifr.ifr_name[iface_name_len] = '\0';
DBG("before init, ifindex : %d", ifr.ifr_ifindex);
handle_s->fd = 0; /* server fd does not meaning */
handle_s->index = get_interface_index(iface_name);
- len = strlen(ifr.ifr_name);
- strncpy(handle_s->name, ifr.ifr_name, len);
- handle_s->name[len] = '\0';
+ g_strlcpy(handle_s->name, ifr.ifr_name, VPNSVC_VPN_IFACE_NAME_LEN);
return VPNSVC_ERROR_NONE;
}
int vpn_service_deinit(const char* dev_name)
{
char buf[100];
- FILE *fp = NULL;
snprintf(buf, sizeof(buf), "/usr/sbin/ip link del %s", dev_name);
- DBG("link delete cmd : %s", buf);
- fp = popen(buf, "r");
- if (fp != NULL) {
- pclose(fp);
- return VPNSVC_ERROR_NONE;
- } else {
+ if (netconfig_execute_cmd(buf)) {
+ ERR("Failed to execute command: %s", buf);
return VPNSVC_ERROR_IO_ERROR;
}
+
+ return VPNSVC_ERROR_NONE;
}
int vpn_service_protect(int socket_fd, const char* dev_name)