#include "vpnsvc-internal.h"
#include "log.h"
+#include "util.h"
+#define BUF_SIZE_FOR_CMD 1024
#define BUF_SIZE_FOR_ERR 100
#define CONNMAN_SERVICE "net.connman"
static char iptables_filter_out[] = "OUTPUT";
static char iptables_filter_in[] = "INPUT";
static char iptables_filter_interface_wlan[] = "wlan0";
-/* static char iptables_register_fmt[] = "%s -N %s%s -w;" "%s -F %s%s -w;" "%s -A %s%s -j RETURN -w;" "%s -I %s -j %s%s -w;"; */
-static char iptables_register_fmt[] = "%s -N %s%s -w;" "%s -F %s%s -w;" "%s -A %s%s -j DROP -w;" "%s -A %s%s -j RETURN -w;" "%s -I %s -j %s%s -w;";
-static char iptables_unregister_fmt[] = "%s -D %s -j %s%s -w;" "%s -F %s%s -w;" "%s -X %s%s -w;";
-static char iptables_rule_fmt[] = "%s -%c %s%s -%c %s/%d -j ACCEPT -w;";
-static char iptables_rule_with_interface_fmt[] = "%s -%c %s%s -%c %s -%c %s/%d -j ACCEPT -w;";
+static char iptables_nat_chain_name[] = "CAPI_VPN_SERVICE_NAT_OUTPUT";
+
+#define IPTABLES_FMT_CREATE_CHAIN "%s -N %s%s -w"
+#define IPTABLES_FMT_APPEND_DROP_RULE "%s -A %s%s -j DROP -w"
+#define IPTABLES_FMT_APPEND_RETURN_RULE "%s -A %s%s -j RETURN -w"
+#define IPTABLES_FMT_INSERT_RULE "%s -I %s -j %s%s -w"
+#define IPTABLES_FMT_DEL_RULE "%s -D %s -j %s%s -w"
+#define IPTABLES_FMT_FLUSH_CHAIN "%s -F %s%s -w"
+#define IPTABLES_FMT_DEL_CHAIN "%s -X %s%s -w"
+#define IPTABLES_FMT_APPEND_ACCEPT_RULE "%s -%c %s%s -%c %s/%d -j ACCEPT -w"
+#define IPTABLES_FMT_APPEND_ACCEPT_RULE_WITH_INTF "%s -%c %s%s -%c %s -%c %s/%d -j ACCEPT -w"
+#define IPTABLES_FMT_DEL_RULE_FROM_NAT "%s -t nat -D %s -j %s -w"
+#define IPTABLES_FMT_FLUSH_CHAIN_FROM_NAT "%s -t nat -F %s -w"
+#define IPTABLES_FMT_DEL_CHAIN_FROM_NAT "%s -t nat -X %s -w"
+
/*static char iptables_usage_fmt[] = "%s -L %s%s -n -v -w;";*/
/* iptables -t nat -A CAPI_VPN_SERVICE_OUTPUT -p udp -d <vpn dns address> --dport 53 -j DNAT --to <vpn defice address:53> */
-static char iptables_nat_chain_name[] = "CAPI_VPN_SERVICE_NAT_OUTPUT";
-#if 0
-static char iptables_nat_register_init_fmt[] = "%s -t nat -N %s -w;" "%s -t nat -F %s -w;" "%s -t nat -I %s -j %s -w;";
-static char iptables_nat_register_rule_fmt[] = "%s -t nat -A %s -p udp -d %s --dport 53 -j DNAT --to %s:53 -w;";
-#endif
-static char iptables_nat_unregister_fmt[] = "%s -t nat -D %s -j %s -w;" "%s -t nat -F %s -w;" "%s -t nat -X %s -w;";
typedef unsigned long int ipv4; /* Declare variable type for ipv4 net address. */
return VPNSVC_ERROR_NONE;
}
-
-static void iptables_exec(char *cmdline)
+static int _check_config_str(void)
{
- FILE *fp = NULL;
+ char *buf = NULL;
+ size_t len;
- fp = popen(cmdline, "r");
+ len = confstr(_CS_PATH, NULL, 0);
+ if (len == 0)
+ return -1;
- if (fp != NULL)
- pclose(fp);
+ if ((buf = malloc(len)) == NULL)
+ return -1;
+
+ if (confstr(_CS_PATH, buf, len) == 0) {
+ free(buf);
+ return -1;
+ }
+
+ free(buf);
+
+ return 0;
}
#if 0
static void dns_nat_unregister(void)
{
- int size = 0;
- char buf[8192];
+ char buf[BUF_SIZE_FOR_CMD];
- snprintf(buf + size, sizeof(buf) - size, iptables_nat_unregister_fmt,
- iptables_cmd, iptables_filter_out, iptables_nat_chain_name,
- iptables_cmd, iptables_nat_chain_name,
+ snprintf(buf, sizeof(buf), IPTABLES_FMT_DEL_RULE_FROM_NAT,
+ iptables_cmd, iptables_filter_out, iptables_nat_chain_name);
+ if (netconfig_execute_cmd(buf))
+ ERR("Failed to execute command: %s", buf);
+
+ memset(buf, '0', sizeof(buf));
+ snprintf(buf, sizeof(buf), IPTABLES_FMT_FLUSH_CHAIN_FROM_NAT,
iptables_cmd, iptables_nat_chain_name);
- size = strlen(buf);
- DBG("iptable dns nat unreg cmd : %s", buf);
- iptables_exec(buf);
+ if (netconfig_execute_cmd(buf))
+ ERR("Failed to execute command: %s", buf);
+
+ memset(buf, '0', sizeof(buf));
+ snprintf(buf, sizeof(buf), IPTABLES_FMT_DEL_CHAIN_FROM_NAT,
+ iptables_cmd, iptables_nat_chain_name);
+ if (netconfig_execute_cmd(buf))
+ ERR("Failed to execute command: %s", buf);
}
static void iptables_register(void)
{
- int size = 0;
- char buf[8192], *filter;
+ char buf[BUF_SIZE_FOR_CMD] = {0, };
+ char *filter;
filter = iptables_filter_out;
- snprintf(buf + size, sizeof(buf) - size, iptables_register_fmt,
- iptables_cmd, iptables_filter_prefix, filter,
- iptables_cmd, iptables_filter_prefix, filter,
- iptables_cmd, iptables_filter_prefix, filter,
- iptables_cmd, iptables_filter_prefix, filter,
- iptables_cmd, filter, iptables_filter_prefix, filter);
- size = strlen(buf);
+
+ snprintf(buf, sizeof(buf), IPTABLES_FMT_CREATE_CHAIN,
+ iptables_cmd, iptables_filter_prefix, filter);
+ if (netconfig_execute_cmd(buf))
+ ERR("Failed to execute command: %s", buf);
+
+ memset(buf, '0', sizeof(buf));
+ snprintf(buf, sizeof(buf), IPTABLES_FMT_FLUSH_CHAIN,
+ iptables_cmd, iptables_filter_prefix, filter);
+ if (netconfig_execute_cmd(buf))
+ ERR("Failed to execute command: %s", buf);
+
+ memset(buf, '0', sizeof(buf));
+ snprintf(buf, sizeof(buf), IPTABLES_FMT_APPEND_DROP_RULE,
+ iptables_cmd, iptables_filter_prefix, filter);
+ if (netconfig_execute_cmd(buf))
+ ERR("Failed to execute command: %s", buf);
+
+ memset(buf, '0', sizeof(buf));
+ snprintf(buf, sizeof(buf), IPTABLES_FMT_APPEND_RETURN_RULE,
+ iptables_cmd, iptables_filter_prefix, filter);
+ if (netconfig_execute_cmd(buf))
+ ERR("Failed to execute command: %s", buf);
+
+ memset(buf, '0', sizeof(buf));
+ snprintf(buf, sizeof(buf), IPTABLES_FMT_INSERT_RULE,
+ iptables_cmd, filter, iptables_filter_prefix, filter);
+
filter = iptables_filter_in;
- snprintf(buf + size, sizeof(buf) - size, iptables_register_fmt,
- iptables_cmd, iptables_filter_prefix, filter,
- iptables_cmd, iptables_filter_prefix, filter,
- iptables_cmd, iptables_filter_prefix, filter,
- iptables_cmd, iptables_filter_prefix, filter,
- iptables_cmd, filter, iptables_filter_prefix, filter);
- DBG("iptable reg cmd : %s", buf);
- iptables_exec(buf);
+
+ memset(buf, '0', sizeof(buf));
+ snprintf(buf, sizeof(buf), IPTABLES_FMT_CREATE_CHAIN,
+ iptables_cmd, iptables_filter_prefix, filter);
+ if (netconfig_execute_cmd(buf))
+ ERR("Failed to execute command: %s", buf);
+
+ memset(buf, '0', sizeof(buf));
+ snprintf(buf, sizeof(buf), IPTABLES_FMT_FLUSH_CHAIN,
+ iptables_cmd, iptables_filter_prefix, filter);
+ if (netconfig_execute_cmd(buf))
+ ERR("Failed to execute command: %s", buf);
+
+ memset(buf, '0', sizeof(buf));
+ snprintf(buf, sizeof(buf), IPTABLES_FMT_APPEND_DROP_RULE,
+ iptables_cmd, iptables_filter_prefix, filter);
+ if (netconfig_execute_cmd(buf))
+ ERR("Failed to execute command: %s", buf);
+
+ memset(buf, '0', sizeof(buf));
+ snprintf(buf, sizeof(buf), IPTABLES_FMT_APPEND_RETURN_RULE,
+ iptables_cmd, iptables_filter_prefix, filter);
+ if (netconfig_execute_cmd(buf))
+ ERR("Failed to execute command: %s", buf);
+
+ memset(buf, '0', sizeof(buf));
+ snprintf(buf, sizeof(buf), IPTABLES_FMT_INSERT_RULE,
+ iptables_cmd, filter, iptables_filter_prefix, filter);
}
static void iptables_unregister(void)
{
- int size = 0;
- char buf[8192], *filter;
+ char buf[BUF_SIZE_FOR_CMD] = {0, };
+ char *filter;
filter = iptables_filter_out;
- snprintf(buf + size, sizeof(buf) - size, iptables_unregister_fmt,
- iptables_cmd, filter, iptables_filter_prefix, filter,
- iptables_cmd, iptables_filter_prefix, filter,
- iptables_cmd, iptables_filter_prefix, filter);
- size = strlen(buf);
+
+ snprintf(buf, sizeof(buf), IPTABLES_FMT_DEL_RULE,
+ iptables_cmd, filter, iptables_filter_prefix, filter);
+ if (netconfig_execute_cmd(buf))
+ ERR("Failed to execute command: %s", buf);
+
+ memset(buf, '0', sizeof(buf));
+ snprintf(buf, sizeof(buf), IPTABLES_FMT_FLUSH_CHAIN,
+ iptables_cmd, iptables_filter_prefix, filter);
+ if (netconfig_execute_cmd(buf))
+ ERR("Failed to execute command: %s", buf);
+
+ memset(buf, '0', sizeof(buf));
+ snprintf(buf, sizeof(buf), IPTABLES_FMT_DEL_CHAIN,
+ iptables_cmd, iptables_filter_prefix, filter);
+ if (netconfig_execute_cmd(buf))
+ ERR("Failed to execute command: %s", buf);
+
filter = iptables_filter_in;
- snprintf(buf + size, sizeof(buf) - size, iptables_unregister_fmt,
- iptables_cmd, filter, iptables_filter_prefix, filter,
- iptables_cmd, iptables_filter_prefix, filter,
- iptables_cmd, iptables_filter_prefix, filter);
- DBG("iptable unreg cmd : %s", buf);
- iptables_exec(buf);
+
+ memset(buf, '0', sizeof(buf));
+ snprintf(buf, sizeof(buf), IPTABLES_FMT_DEL_RULE,
+ iptables_cmd, filter, iptables_filter_prefix, filter);
+ if (netconfig_execute_cmd(buf))
+ ERR("Failed to execute command: %s", buf);
+
+ memset(buf, '0', sizeof(buf));
+ snprintf(buf, sizeof(buf), IPTABLES_FMT_FLUSH_CHAIN,
+ iptables_cmd, iptables_filter_prefix, filter);
+ if (netconfig_execute_cmd(buf))
+ ERR("Failed to execute command: %s", buf);
+
+ memset(buf, '0', sizeof(buf));
+ snprintf(buf, sizeof(buf), IPTABLES_FMT_DEL_CHAIN,
+ iptables_cmd, iptables_filter_prefix, filter);
+ if (netconfig_execute_cmd(buf))
+ ERR("Failed to execute command: %s", buf);
}
static void iptables_rule(const char c, const char *addr, const int mask)
{
- int size = 0;
- char buf[4096];
-
- snprintf(buf + size, sizeof(buf) - size, iptables_rule_fmt, iptables_cmd, c,
- iptables_filter_prefix, iptables_filter_out, 'd', addr, mask);
- size = strlen(buf);
- snprintf(buf + size, sizeof(buf) - size, iptables_rule_fmt, iptables_cmd, c,
- iptables_filter_prefix, iptables_filter_in, 's', addr, mask);
- DBG("iptable cmd : %s", buf);
- iptables_exec(buf);
+ char buf[BUF_SIZE_FOR_CMD];
+
+ snprintf(buf, sizeof(buf), IPTABLES_FMT_APPEND_ACCEPT_RULE,
+ iptables_cmd, c, iptables_filter_prefix,
+ iptables_filter_out, 'd', addr, mask);
+ if (netconfig_execute_cmd(buf))
+ ERR("Failed to execute command: %s", buf);
+
+ memset(buf, '0', sizeof(buf));
+ snprintf(buf, sizeof(buf), IPTABLES_FMT_APPEND_ACCEPT_RULE,
+ iptables_cmd, c, iptables_filter_prefix,
+ iptables_filter_in, 's', addr, mask);
+ if (netconfig_execute_cmd(buf))
+ ERR("Failed to execute command: %s", buf);
}
static void iptables_rule_interface(const char c, const char *addr, const int mask, const char *interface)
{
- int size = 0;
- char buf[4096];
+ char buf[BUF_SIZE_FOR_CMD];
- snprintf(buf + size, sizeof(buf) - size,
- iptables_rule_with_interface_fmt, iptables_cmd,
- c, iptables_filter_prefix, iptables_filter_out,
+ snprintf(buf, sizeof(buf), IPTABLES_FMT_APPEND_ACCEPT_RULE_WITH_INTF,
+ iptables_cmd, c, iptables_filter_prefix, iptables_filter_out,
'o', interface, 'd', addr, mask);
- size = strlen(buf);
- snprintf(buf + size, sizeof(buf) - size,
- iptables_rule_with_interface_fmt, iptables_cmd,
- c, iptables_filter_prefix, iptables_filter_in,
+ if (netconfig_execute_cmd(buf))
+ ERR("Failed to execute command: %s", buf);
+
+ memset(buf, '0', sizeof(buf));
+ snprintf(buf, sizeof(buf), IPTABLES_FMT_APPEND_ACCEPT_RULE_WITH_INTF,
+ iptables_cmd, c, iptables_filter_prefix, iptables_filter_in,
'i', interface, 's', addr, mask);
- DBG("iptable cmd : %s", buf);
- iptables_exec(buf);
+ if (netconfig_execute_cmd(buf))
+ ERR("Failed to execute command: %s", buf);
}
void iptables_add_orig(const char *addr, const int mask)
int vpn_service_deinit(const char* dev_name)
{
- char buf[100];
+ char buf[100], *cmd;
FILE *fp = NULL;
+ if (_check_config_str() != 0) {
+ ERR("Failed to get configuration string");
+ return VPNSVC_ERROR_IO_ERROR;
+ }
+
snprintf(buf, sizeof(buf), "/usr/sbin/ip link del %s", dev_name);
- DBG("link delete cmd : %s", buf);
- fp = popen(buf, "r");
+ cmd = g_try_malloc0(strlen(buf) + 1);
+ strncpy(cmd, buf, strlen(buf));
+
+ DBG("link delete cmd : %s", cmd);
+
+ fp = popen(cmd, "r");
+ g_free(cmd);
+
if (fp != NULL) {
pclose(fp);
return VPNSVC_ERROR_NONE;