From 04d73e40a56c8ef4fe21d234980b6ed167d8d56e Mon Sep 17 00:00:00 2001 From: taesubkim Date: Mon, 11 Apr 2016 16:27:53 +0900 Subject: [PATCH] Redirect the DNS queries to VPN interface Change-Id: Ibc3674df828c186d29160dab831667cf17fbda55 Signed-off-by: Taesub Kim --- daemon/src/vpn_service_daemon.c | 46 +++++++++++++++++++++++++++++++++++++++++ packaging/capi-vpn-service.spec | 2 +- 2 files changed, 47 insertions(+), 1 deletion(-) diff --git a/daemon/src/vpn_service_daemon.c b/daemon/src/vpn_service_daemon.c index 58d43e7..00ea4e2 100755 --- a/daemon/src/vpn_service_daemon.c +++ b/daemon/src/vpn_service_daemon.c @@ -55,6 +55,11 @@ static char iptables_unregister_fmt[] = "%s -D %s -j %s%s -w;" "%s -F %s%s -w;" static char iptables_rule_fmt[] = "%s -%c %s%s -%c %s/%d -j ACCEPT -w;"; static char iptables_rule_with_interface_fmt[] = "%s -%c %s%s -%c %s -%c %s/%d -j ACCEPT -w;"; /*static char iptables_usage_fmt[] = "%s -L %s%s -n -v -w;";*/ +/* iptables -t nat -A CAPI_VPN_SERVICE_OUTPUT -p udp -d --dport 53 -j DNAT --to */ +static char iptables_nat_chain_name[] = "CAPI_VPN_SERVICE_NAT_OUTPUT"; +static char iptables_nat_register_init_fmt[] = "%s -t nat -N %s -w;" "%s -t nat -F %s -w;" "%s -t nat -I %s -j %s -w;"; +static char iptables_nat_register_rule_fmt[] = "%s -t nat -A %s -p udp -d %s --dport 53 -j DNAT --to %s:53 -w;"; +static char iptables_nat_unregister_fmt[] = "%s -t nat -D %s -j %s -w;" "%s -t nat -F %s -w;" "%s -t nat -X %s -w;"; typedef unsigned long int ipv4; /* Declare variable type for ipv4 net address. */ @@ -517,6 +522,40 @@ static void iptables_exec(char *cmdline) pclose(fp); } +static void dns_nat_register(char **vpn_dns_address, size_t nr_dns, char *vpn_device_address) +{ + int size = 0, i; + char buf[8192]; + + snprintf(buf + size, sizeof(buf) - size, iptables_nat_register_init_fmt, + iptables_cmd, iptables_nat_chain_name, + iptables_cmd, iptables_nat_chain_name, + iptables_cmd, iptables_filter_out, iptables_nat_chain_name); + size = strlen(buf); + + for (i = 0 ; i < nr_dns ; i++) { + snprintf(buf + size, sizeof(buf) - size, iptables_nat_register_rule_fmt, + iptables_cmd, iptables_nat_chain_name, vpn_dns_address[i], vpn_device_address); + size = strlen(buf); + } + LOGD("iptable dns nat reg cmd : %s", buf); + iptables_exec(buf); +} + +static void dns_nat_unregister(void) +{ + int size = 0; + char buf[8192]; + + snprintf(buf + size, sizeof(buf) - size, iptables_nat_unregister_fmt, + iptables_cmd, iptables_filter_out, iptables_nat_chain_name, + iptables_cmd, iptables_nat_chain_name, + iptables_cmd, iptables_nat_chain_name); + size = strlen(buf); + LOGD("iptable dns nat unreg cmd : %s", buf); + iptables_exec(buf); +} + static void iptables_register(void) { int size = 0; @@ -850,6 +889,10 @@ int vpn_daemon_up(int iface_index, const char* local_ip, const char* remote_ip, } } + if (nr_dns > 0) { + dns_nat_register(dns_servers, nr_dns, local_ip); + } + return ret; } @@ -910,6 +953,9 @@ int vpn_daemon_down(int iface_index) /* remove dns suffix */ del_dns_suffix(); + /* remove dns filter */ + dns_nat_unregister(); + return VPNSVC_ERROR_NONE; } diff --git a/packaging/capi-vpn-service.spec b/packaging/capi-vpn-service.spec index cc5b58c..f44eacc 100755 --- a/packaging/capi-vpn-service.spec +++ b/packaging/capi-vpn-service.spec @@ -1,6 +1,6 @@ Name: vpnsvc-pkg Summary: VPN service library in TIZEN C API -Version: 1.0.9 +Version: 1.0.10 Release: 1 Group: System/Network License: Apache-2.0 -- 2.7.4