2 * Copyright (c) 2016 Samsung Electronics Co., Ltd.
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * This file implements restrictions entity handler methods.
20 * @file table-restrictions.c
24 #include "db-internal.h"
25 #include "table-firewall.h"
27 #define BUF_SIZE_FOR_IP 64
29 /* DELETE statements */
30 #define DELETE_FIREWALL_CHAIN "DELETE FROM fw_chains " \
33 #define DELETE_FIREWALL_RULE "DELETE FROM fw_rules " \
36 #define DELETE_FIREWALL_RULE_PER_CHAIN "DELETE FROM fw_rules " \
39 /* SELECT statements */
40 #define SELECT_FIREWALL_LOCK "SELECT state FROM fw_lock " \
43 #define SELECT_FIREWALL_CHAIN "SELECT chain, " \
44 "target, priority FROM fw_chains"
46 #define SELECT_FIREWALL_RULE "SELECT key, " \
47 "chain, direction, s_ip_type, d_ip_type, s_port_type, " \
48 "d_port_type, protocol, family, s_ip1, s_ip2, d_ip1, d_ip2, " \
49 "s_port1, s_port2, d_port1, d_port2, ifname, target, " \
50 "log_level, log_prefix, " \
51 "nflog_group, nflog_prefix, nflog_range, nflog_threshold, " \
55 #define SELECT_FIREWALL_RULE_PER_CHAIN "SELECT key, " \
56 "chain, direction, s_ip_type, d_ip_type, s_port_type, " \
57 "d_port_type, protocol, family, s_ip1, s_ip2, d_ip1, d_ip2, " \
58 "s_port1, s_port2, d_port1, d_port2, ifname, target, " \
59 "log_level, log_prefix, " \
60 "nflog_group, nflog_prefix, nflog_range, nflog_threshold, " \
62 "FROM fw_rules INDEXED BY rules_index " \
65 /* UPDATE statement */
66 #define UPDATE_FIREWALL_LOCK "UPDATE fw_lock " \
67 "SET state = ? WHERE name = ?"
69 #define UPDATE_FIREWALL_CHAIN "UPDATE fw_chains " \
70 "SET target = ?, priority = ? " \
73 #define UPDATE_FIREWALL_RULE "UPDATE fw_rules " \
74 "SET chain = ?, direction = ?, s_ip_type = ?, d_ip_type = ?, " \
75 "s_port_type = ?, d_port_type = ?, protocol = ?, family = ?, " \
76 "s_ip1 = ?, s_ip2 = ?, d_ip1 = ?, d_ip2 = ?, s_port1 = ?, " \
77 "s_port2 = ?, d_port1 = ?, d_port2 = ?, ifname = ?, target = ?, " \
78 "log_level = ?, log_prefix = ?, " \
79 "nflog_group = ?, nflog_prefix = ?, nflog_range = ?, nflog_threshold = ?, " \
80 "identifier = ?, key = ? " \
83 /* INSERT statement */
84 #define INSERT_FIREWALL_LOCK "INSERT INTO fw_lock " \
85 "(name, state) VALUES (?, ?)"
87 #define INSERT_FIREWALL_CHAIN "INSERT INTO fw_chains " \
88 "(chain, target, priority) " \
91 #define INSERT_FIREWALL_RULE "INSERT INTO fw_rules " \
92 "(key, chain, direction, s_ip_type, d_ip_type, s_port_type, " \
93 "d_port_type, protocol, family, s_ip1, s_ip2, d_ip1, d_ip2, " \
94 "s_port1, s_port2, d_port1, d_port2, ifname, target, " \
95 "log_level, log_prefix, " \
96 "nflog_group, nflog_prefix, nflog_range, nflog_threshold, " \
98 "VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, " \
99 "?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"
101 static void __finalize_delete(void);
103 #define PREPARE_DELETE(stm, query) do { \
104 rc = sqlite3_prepare_v2(db, query, -1, &stm, NULL); \
105 if (rc != SQLITE_OK) { \
107 __finalize_delete(); \
108 STC_LOGE("Failed to prepare \"%s\" query" \
114 static void __finalize_select(void);
116 #define PREPARE_SELECT(stm, query) do { \
117 rc = sqlite3_prepare_v2(db, query, -1, &stm, NULL); \
118 if (rc != SQLITE_OK) { \
120 __finalize_select(); \
121 STC_LOGE("Failed to prepare \"%s\" query" \
127 static void __finalize_update(void);
129 #define PREPARE_UPDATE(stm, query) do { \
130 rc = sqlite3_prepare_v2(db, query, -1, &stm, NULL); \
131 if (rc != SQLITE_OK) { \
133 __finalize_update(); \
134 STC_LOGE("Failed to prepare \"%s\" query" \
140 static void __finalize_insert(void);
142 #define PREPARE_INSERT(stm, query) do { \
143 rc = sqlite3_prepare_v2(db, query, -1, &stm, NULL); \
144 if (rc != SQLITE_OK) { \
146 __finalize_insert(); \
147 STC_LOGE("Failed to prepare \"%s\" query" \
153 #define FINALIZE(stm) do { \
155 sqlite3_finalize(stm); \
160 /* DELETE statements */
161 static sqlite3_stmt *delete_fw_chain;
162 static sqlite3_stmt *delete_fw_rule;
163 static sqlite3_stmt *delete_fw_rule_per_chain;
165 /* SELECT statements */
166 static sqlite3_stmt *select_fw_lock;
167 static sqlite3_stmt *select_fw_chain;
168 static sqlite3_stmt *select_fw_rule;
169 static sqlite3_stmt *select_fw_rule_per_chain;
171 /* UPDATE statements */
172 static sqlite3_stmt *update_fw_lock;
173 static sqlite3_stmt *update_fw_chain;
174 static sqlite3_stmt *update_fw_rule;
176 /* INSERT statements */
177 static sqlite3_stmt *insert_fw_lock;
178 static sqlite3_stmt *insert_fw_chain;
179 static sqlite3_stmt *insert_fw_rule;
181 static int __prepare_delete(sqlite3 *db)
183 __STC_LOG_FUNC_ENTER__;
185 static int initialized;
188 __STC_LOG_FUNC_EXIT__;
192 PREPARE_DELETE(delete_fw_chain, DELETE_FIREWALL_CHAIN);
193 PREPARE_DELETE(delete_fw_rule, DELETE_FIREWALL_RULE);
194 PREPARE_DELETE(delete_fw_rule_per_chain, DELETE_FIREWALL_RULE_PER_CHAIN);
197 __STC_LOG_FUNC_EXIT__;
201 static void __finalize_delete(void)
203 __STC_LOG_FUNC_ENTER__;
205 FINALIZE(delete_fw_chain);
206 FINALIZE(delete_fw_rule);
207 FINALIZE(delete_fw_rule_per_chain);
209 __STC_LOG_FUNC_EXIT__;
212 static int __prepare_select(sqlite3 *db)
214 __STC_LOG_FUNC_ENTER__;
216 static int initialized;
219 __STC_LOG_FUNC_EXIT__;
223 PREPARE_SELECT(select_fw_lock, SELECT_FIREWALL_LOCK);
224 PREPARE_SELECT(select_fw_chain, SELECT_FIREWALL_CHAIN);
225 PREPARE_SELECT(select_fw_rule, SELECT_FIREWALL_RULE);
226 PREPARE_SELECT(select_fw_rule_per_chain, SELECT_FIREWALL_RULE_PER_CHAIN);
229 __STC_LOG_FUNC_EXIT__;
233 static void __finalize_select(void)
235 __STC_LOG_FUNC_ENTER__;
237 FINALIZE(select_fw_lock);
238 FINALIZE(select_fw_chain);
239 FINALIZE(select_fw_rule);
240 FINALIZE(select_fw_rule_per_chain);
242 __STC_LOG_FUNC_EXIT__;
245 static int __prepare_update(sqlite3 *db)
247 __STC_LOG_FUNC_ENTER__;
249 static int initialized;
252 __STC_LOG_FUNC_EXIT__;
256 PREPARE_UPDATE(update_fw_lock, UPDATE_FIREWALL_LOCK);
257 PREPARE_UPDATE(update_fw_chain, UPDATE_FIREWALL_CHAIN);
258 PREPARE_UPDATE(update_fw_rule, UPDATE_FIREWALL_RULE);
261 __STC_LOG_FUNC_EXIT__;
265 static void __finalize_update(void)
267 __STC_LOG_FUNC_ENTER__;
269 FINALIZE(update_fw_lock);
270 FINALIZE(update_fw_chain);
271 FINALIZE(update_fw_rule);
273 __STC_LOG_FUNC_EXIT__;
276 static int __prepare_insert(sqlite3 *db)
278 __STC_LOG_FUNC_ENTER__;
280 static int initialized;
283 __STC_LOG_FUNC_EXIT__;
287 PREPARE_INSERT(insert_fw_lock, INSERT_FIREWALL_LOCK);
288 PREPARE_INSERT(insert_fw_chain, INSERT_FIREWALL_CHAIN);
289 PREPARE_INSERT(insert_fw_rule, INSERT_FIREWALL_RULE);
292 __STC_LOG_FUNC_EXIT__;
296 static void __finalize_insert(void)
298 __STC_LOG_FUNC_ENTER__;
300 FINALIZE(insert_fw_lock);
301 FINALIZE(insert_fw_chain);
302 FINALIZE(insert_fw_rule);
304 __STC_LOG_FUNC_EXIT__;
307 stc_error_e table_firewall_insert_lock(char *name, int state)
309 stc_error_e error_code = STC_ERROR_NONE;
310 sqlite3_stmt *stmt = insert_fw_lock;
312 DB_ACTION(sqlite3_bind_text(stmt, 1, name ? name : "",
313 -1, SQLITE_TRANSIENT));
314 DB_ACTION(sqlite3_bind_int(stmt, 2, state));
316 if (sqlite3_step(stmt) != SQLITE_DONE) {
317 STC_LOGE("Failed to insert firewall lock state: %s\n",
318 sqlite3_errmsg(stc_db_get_database()));
320 error_code = STC_ERROR_DB_FAILED;
324 STC_LOGD("Firewall lock state inserted [%d]", state);
331 stc_error_e table_firewall_update_lock(char *name, int state)
333 stc_error_e error_code = STC_ERROR_NONE;
334 sqlite3_stmt *stmt = update_fw_lock;
336 DB_ACTION(sqlite3_bind_int(stmt, 1, state));
337 DB_ACTION(sqlite3_bind_text(stmt, 2, name ? name : "",
338 -1, SQLITE_TRANSIENT));
340 if (sqlite3_step(stmt) != SQLITE_DONE) {
341 STC_LOGE("Failed to update firewall lock state: %s\n",
342 sqlite3_errmsg(stc_db_get_database()));
344 error_code = STC_ERROR_DB_FAILED;
348 STC_LOGD("Firewall lock state updated [%d]", state);
355 stc_error_e table_firewall_get_lock(char *name, int *state)
358 stc_error_e error_code = STC_ERROR_NONE;
359 sqlite3_stmt *stmt = select_fw_lock;
362 return STC_ERROR_DB_FAILED;
364 DB_ACTION(sqlite3_bind_text(stmt, 1, name,
365 -1, SQLITE_TRANSIENT));
367 rc = sqlite3_step(stmt);
373 *state = sqlite3_column_int(stmt, 0);
377 STC_LOGE("Failed to get firewall lock state: %s\n",
378 sqlite3_errmsg(stc_db_get_database()));
380 error_code = STC_ERROR_DB_FAILED;
384 STC_LOGD("Firewall lock state [%d]", *state);
391 stc_error_e table_firewall_insert_chain(firewall_chain_s *info)
393 stc_error_e error_code = STC_ERROR_NONE;
394 sqlite3_stmt *stmt = insert_fw_chain;
397 error_code = STC_ERROR_INVALID_PARAMETER;
401 DB_ACTION(sqlite3_bind_text(stmt, 1, info->chain ? info->chain : "",
402 -1, SQLITE_TRANSIENT));
403 DB_ACTION(sqlite3_bind_int(stmt, 2, info->target));
404 DB_ACTION(sqlite3_bind_int(stmt, 3, info->priority));
406 if (sqlite3_step(stmt) != SQLITE_DONE) {
407 STC_LOGE("Failed to insert firewall chain: %s\n",
408 sqlite3_errmsg(stc_db_get_database()));
409 error_code = STC_ERROR_DB_FAILED;
413 STC_LOGD("Firewall chain inserted [%s]", info->chain);
420 stc_error_e table_firewall_delete_chain(firewall_chain_s *info)
422 stc_error_e error_code = STC_ERROR_NONE;
423 sqlite3_stmt *stmt = delete_fw_chain;
426 error_code = STC_ERROR_INVALID_PARAMETER;
430 DB_ACTION(sqlite3_bind_text(stmt, 1, info->chain ? info->chain : "",
431 -1, SQLITE_TRANSIENT));
433 if (sqlite3_step(stmt) != SQLITE_DONE) {
434 STC_LOGE("Failed to delete firewall chain %s\n",
435 sqlite3_errmsg(stc_db_get_database()));
436 error_code = STC_ERROR_DB_FAILED;
440 STC_LOGD("Firewall chain deleted [%s]", info->chain);
448 stc_error_e table_firewall_flush_chain(firewall_chain_s *info)
450 stc_error_e error_code = STC_ERROR_NONE;
451 sqlite3_stmt *stmt = delete_fw_rule_per_chain;
454 error_code = STC_ERROR_INVALID_PARAMETER;
458 DB_ACTION(sqlite3_bind_text(stmt, 1, info->chain ? info->chain : "",
459 -1, SQLITE_TRANSIENT));
461 if (sqlite3_step(stmt) != SQLITE_DONE) {
462 STC_LOGE("Failed to flush firewall chain %s\n",
463 sqlite3_errmsg(stc_db_get_database()));
464 error_code = STC_ERROR_DB_FAILED;
468 STC_LOGD("Firewall chain flushed [%s]", info->chain);
476 stc_error_e table_firewall_update_chain(firewall_chain_s *info)
478 stc_error_e error_code = STC_ERROR_NONE;
479 sqlite3_stmt *stmt = update_fw_chain;
482 error_code = STC_ERROR_INVALID_PARAMETER;
486 DB_ACTION(sqlite3_bind_int(stmt, 1, info->target));
487 DB_ACTION(sqlite3_bind_int(stmt, 2, info->priority));
488 DB_ACTION(sqlite3_bind_text(stmt, 3, info->chain ? info->chain : "",
489 -1, SQLITE_TRANSIENT));
491 if (sqlite3_step(stmt) != SQLITE_DONE) {
492 STC_LOGE("Failed to update firewall chain: %s\n",
493 sqlite3_errmsg(stc_db_get_database()));
494 error_code = STC_ERROR_DB_FAILED;
498 STC_LOGD("Firewall chain updated [%s]", info->chain);
505 stc_error_e table_firewall_foreach_chain(firewall_chain_cb info_cb,
508 firewall_chain_s info;
510 stc_error_e error_code = STC_ERROR_NONE;
511 sqlite3_stmt *stmt = select_fw_chain;
514 rc = sqlite3_step(stmt);
516 memset(&info, 0, sizeof(info));
522 info.chain = (char *)sqlite3_column_text(stmt, 0);
523 info.target = sqlite3_column_int(stmt, 1);
524 info.priority = sqlite3_column_int(stmt, 2);
526 if (info_cb(&info, user_data) == STC_CANCEL)
531 STC_LOGE("Failed to enumerate firewall chains: %s\n",
532 sqlite3_errmsg(stc_db_get_database()));
534 error_code = STC_ERROR_DB_FAILED;
536 } while (rc == SQLITE_ROW);
542 stc_error_e table_firewall_insert_rule(firewall_rule_s *info)
544 stc_error_e error_code = STC_ERROR_NONE;
545 char buf[BUF_SIZE_FOR_IP];
546 sqlite3_stmt *stmt = insert_fw_rule;
549 error_code = STC_ERROR_INVALID_PARAMETER;
553 DB_ACTION(sqlite3_bind_int64(stmt, 1, info->key));
554 DB_ACTION(sqlite3_bind_text(stmt, 2, info->chain ? info->chain : "",
555 -1, SQLITE_TRANSIENT));
556 DB_ACTION(sqlite3_bind_int(stmt, 3, info->direction));
557 DB_ACTION(sqlite3_bind_int(stmt, 4, info->s_ip_type));
558 DB_ACTION(sqlite3_bind_int(stmt, 5, info->d_ip_type));
559 DB_ACTION(sqlite3_bind_int(stmt, 6, info->s_port_type));
560 DB_ACTION(sqlite3_bind_int(stmt, 7, info->d_port_type));
561 DB_ACTION(sqlite3_bind_int(stmt, 8, info->protocol));
562 DB_ACTION(sqlite3_bind_int(stmt, 9, info->family));
563 if (info->family == STC_FW_FAMILY_V4) {
564 memset(buf, 0, sizeof(buf));
565 snprintf(buf, sizeof(buf), "%08x", info->s_ip1.Ipv4.s_addr);
566 DB_ACTION(sqlite3_bind_text(stmt, 10, buf, -1, SQLITE_TRANSIENT));
568 memset(buf, 0, sizeof(buf));
569 snprintf(buf, sizeof(buf), "%08x", info->s_ip2.Ipv4.s_addr);
570 DB_ACTION(sqlite3_bind_text(stmt, 11, buf, -1, SQLITE_TRANSIENT));
572 memset(buf, 0, sizeof(buf));
573 snprintf(buf, sizeof(buf), "%08x", info->d_ip1.Ipv4.s_addr);
574 DB_ACTION(sqlite3_bind_text(stmt, 12, buf, -1, SQLITE_TRANSIENT));
576 memset(buf, 0, sizeof(buf));
577 snprintf(buf, sizeof(buf), "%08x", info->d_ip2.Ipv4.s_addr);
578 DB_ACTION(sqlite3_bind_text(stmt, 13, buf, -1, SQLITE_TRANSIENT));
579 } else if (info->family == STC_FW_FAMILY_V6) {
580 memset(buf, 0, sizeof(buf));
581 snprintf(buf, sizeof(buf), "%08x:%08x:%08x:%08x",
582 info->s_ip1.Ipv6.s6_addr32[0], info->s_ip1.Ipv6.s6_addr32[1],
583 info->s_ip1.Ipv6.s6_addr32[2], info->s_ip1.Ipv6.s6_addr32[3]);
584 DB_ACTION(sqlite3_bind_text(stmt, 10, buf, -1, SQLITE_TRANSIENT));
586 memset(buf, 0, sizeof(buf));
587 snprintf(buf, sizeof(buf), "%08x:%08x:%08x:%08x",
588 info->s_ip2.Ipv6.s6_addr32[0], info->s_ip2.Ipv6.s6_addr32[1],
589 info->s_ip2.Ipv6.s6_addr32[2], info->s_ip2.Ipv6.s6_addr32[3]);
590 DB_ACTION(sqlite3_bind_text(stmt, 11, buf, -1, SQLITE_TRANSIENT));
592 memset(buf, 0, sizeof(buf));
593 snprintf(buf, sizeof(buf), "%08x:%08x:%08x:%08x",
594 info->d_ip1.Ipv6.s6_addr32[0], info->d_ip1.Ipv6.s6_addr32[1],
595 info->d_ip1.Ipv6.s6_addr32[2], info->d_ip1.Ipv6.s6_addr32[3]);
596 DB_ACTION(sqlite3_bind_text(stmt, 12, buf, -1, SQLITE_TRANSIENT));
598 memset(buf, 0, sizeof(buf));
599 snprintf(buf, sizeof(buf), "%08x:%08x:%08x:%08x",
600 info->d_ip2.Ipv6.s6_addr32[0], info->d_ip2.Ipv6.s6_addr32[1],
601 info->d_ip2.Ipv6.s6_addr32[2], info->d_ip2.Ipv6.s6_addr32[3]);
602 DB_ACTION(sqlite3_bind_text(stmt, 13, buf, -1, SQLITE_TRANSIENT));
604 DB_ACTION(sqlite3_bind_text(stmt, 10, "", -1, SQLITE_TRANSIENT));
605 DB_ACTION(sqlite3_bind_text(stmt, 11, "", -1, SQLITE_TRANSIENT));
606 DB_ACTION(sqlite3_bind_text(stmt, 12, "", -1, SQLITE_TRANSIENT));
607 DB_ACTION(sqlite3_bind_text(stmt, 13, "", -1, SQLITE_TRANSIENT));
609 DB_ACTION(sqlite3_bind_int(stmt, 14, info->s_port1));
610 DB_ACTION(sqlite3_bind_int(stmt, 15, info->s_port2));
611 DB_ACTION(sqlite3_bind_int(stmt, 16, info->d_port1));
612 DB_ACTION(sqlite3_bind_int(stmt, 17, info->d_port2));
613 DB_ACTION(sqlite3_bind_text(stmt, 18, info->ifname ? info->ifname : "",
614 -1, SQLITE_TRANSIENT));
615 DB_ACTION(sqlite3_bind_int(stmt, 19, info->target));
616 DB_ACTION(sqlite3_bind_int(stmt, 20, info->log_level));
617 DB_ACTION(sqlite3_bind_text(stmt, 21, info->log_prefix ? info->log_prefix : "",
618 -1, SQLITE_TRANSIENT));
619 DB_ACTION(sqlite3_bind_int(stmt, 22, info->nflog_group));
620 DB_ACTION(sqlite3_bind_text(stmt, 23, info->nflog_prefix ? info->nflog_prefix : "",
621 -1, SQLITE_TRANSIENT));
622 DB_ACTION(sqlite3_bind_int(stmt, 24, info->nflog_range));
623 DB_ACTION(sqlite3_bind_int(stmt, 25, info->nflog_threshold));
624 DB_ACTION(sqlite3_bind_text(stmt, 26, info->identifier ? info->identifier : "",
625 -1, SQLITE_TRANSIENT));
627 if (sqlite3_step(stmt) != SQLITE_DONE) {
628 STC_LOGE("Failed to insert firewall rule: %s\n",
629 sqlite3_errmsg(stc_db_get_database()));
630 error_code = STC_ERROR_DB_FAILED;
634 STC_LOGD("Firewall rule inserted [%s]", info->chain);
641 stc_error_e table_firewall_delete_rule(firewall_rule_s *info)
643 stc_error_e error_code = STC_ERROR_NONE;
644 sqlite3_stmt *stmt = delete_fw_rule;
647 error_code = STC_ERROR_INVALID_PARAMETER;
651 DB_ACTION(sqlite3_bind_int64(stmt, 1, info->key));
653 if (sqlite3_step(stmt) != SQLITE_DONE) {
654 STC_LOGE("Failed to delete firewall rule %s\n",
655 sqlite3_errmsg(stc_db_get_database()));
656 error_code = STC_ERROR_DB_FAILED;
660 STC_LOGD("Firewall rule deleted [%s]", info->chain);
668 stc_error_e table_firewall_update_rule(firewall_rule_s *info, guint key)
670 stc_error_e error_code = STC_ERROR_NONE;
671 char buf[BUF_SIZE_FOR_IP];
672 sqlite3_stmt *stmt = update_fw_rule;
675 error_code = STC_ERROR_INVALID_PARAMETER;
679 DB_ACTION(sqlite3_bind_text(stmt, 1, info->chain ? info->chain : "",
680 -1, SQLITE_TRANSIENT));
681 DB_ACTION(sqlite3_bind_int(stmt, 2, info->direction));
682 DB_ACTION(sqlite3_bind_int(stmt, 3, info->s_ip_type));
683 DB_ACTION(sqlite3_bind_int(stmt, 4, info->d_ip_type));
684 DB_ACTION(sqlite3_bind_int(stmt, 5, info->s_port_type));
685 DB_ACTION(sqlite3_bind_int(stmt, 6, info->d_port_type));
686 DB_ACTION(sqlite3_bind_int(stmt, 7, info->protocol));
687 DB_ACTION(sqlite3_bind_int(stmt, 8, info->family));
688 if (info->family == STC_FW_FAMILY_V4) {
689 memset(buf, 0, sizeof(buf));
690 snprintf(buf, sizeof(buf), "%08x", info->s_ip1.Ipv4.s_addr);
691 DB_ACTION(sqlite3_bind_text(stmt, 9, buf, -1, SQLITE_TRANSIENT));
693 memset(buf, 0, sizeof(buf));
694 snprintf(buf, sizeof(buf), "%08x", info->s_ip2.Ipv4.s_addr);
695 DB_ACTION(sqlite3_bind_text(stmt, 10, buf, -1, SQLITE_TRANSIENT));
697 memset(buf, 0, sizeof(buf));
698 snprintf(buf, sizeof(buf), "%08x", info->d_ip1.Ipv4.s_addr);
699 DB_ACTION(sqlite3_bind_text(stmt, 11, buf, -1, SQLITE_TRANSIENT));
701 memset(buf, 0, sizeof(buf));
702 snprintf(buf, sizeof(buf), "%08x", info->d_ip2.Ipv4.s_addr);
703 DB_ACTION(sqlite3_bind_text(stmt, 12, buf, -1, SQLITE_TRANSIENT));
704 } else if (info->family == STC_FW_FAMILY_V6) {
705 memset(buf, 0, sizeof(buf));
706 snprintf(buf, sizeof(buf), "%08x:%08x:%08x:%08x",
707 info->s_ip1.Ipv6.s6_addr32[0], info->s_ip1.Ipv6.s6_addr32[1],
708 info->s_ip1.Ipv6.s6_addr32[2], info->s_ip1.Ipv6.s6_addr32[3]);
709 DB_ACTION(sqlite3_bind_text(stmt, 9, buf, -1, SQLITE_TRANSIENT));
711 memset(buf, 0, sizeof(buf));
712 snprintf(buf, sizeof(buf), "%08x:%08x:%08x:%08x",
713 info->s_ip2.Ipv6.s6_addr32[0], info->s_ip2.Ipv6.s6_addr32[1],
714 info->s_ip2.Ipv6.s6_addr32[2], info->s_ip2.Ipv6.s6_addr32[3]);
715 DB_ACTION(sqlite3_bind_text(stmt, 10, buf, -1, SQLITE_TRANSIENT));
717 memset(buf, 0, sizeof(buf));
718 snprintf(buf, sizeof(buf), "%08x:%08x:%08x:%08x",
719 info->d_ip1.Ipv6.s6_addr32[0], info->d_ip1.Ipv6.s6_addr32[1],
720 info->d_ip1.Ipv6.s6_addr32[2], info->d_ip1.Ipv6.s6_addr32[3]);
721 DB_ACTION(sqlite3_bind_text(stmt, 11, buf, -1, SQLITE_TRANSIENT));
723 memset(buf, 0, sizeof(buf));
724 snprintf(buf, sizeof(buf), "%08x:%08x:%08x:%08x",
725 info->d_ip2.Ipv6.s6_addr32[0], info->d_ip2.Ipv6.s6_addr32[1],
726 info->d_ip2.Ipv6.s6_addr32[2], info->d_ip2.Ipv6.s6_addr32[3]);
727 DB_ACTION(sqlite3_bind_text(stmt, 12, buf, -1, SQLITE_TRANSIENT));
729 DB_ACTION(sqlite3_bind_text(stmt, 9, "", -1, SQLITE_TRANSIENT));
730 DB_ACTION(sqlite3_bind_text(stmt, 10, "", -1, SQLITE_TRANSIENT));
731 DB_ACTION(sqlite3_bind_text(stmt, 11, "", -1, SQLITE_TRANSIENT));
732 DB_ACTION(sqlite3_bind_text(stmt, 12, "", -1, SQLITE_TRANSIENT));
734 DB_ACTION(sqlite3_bind_int(stmt, 13, info->s_port1));
735 DB_ACTION(sqlite3_bind_int(stmt, 14, info->s_port2));
736 DB_ACTION(sqlite3_bind_int(stmt, 15, info->d_port1));
737 DB_ACTION(sqlite3_bind_int(stmt, 16, info->d_port2));
738 DB_ACTION(sqlite3_bind_text(stmt, 17, info->ifname ? info->ifname : "",
739 -1, SQLITE_TRANSIENT));
740 DB_ACTION(sqlite3_bind_int(stmt, 18, info->target));
741 DB_ACTION(sqlite3_bind_int(stmt, 19, info->log_level));
742 DB_ACTION(sqlite3_bind_text(stmt, 20, info->log_prefix ? info->log_prefix : "",
743 -1, SQLITE_TRANSIENT));
744 DB_ACTION(sqlite3_bind_int(stmt, 21, info->nflog_group));
745 DB_ACTION(sqlite3_bind_text(stmt, 22, info->nflog_prefix ? info->nflog_prefix : "",
746 -1, SQLITE_TRANSIENT));
747 DB_ACTION(sqlite3_bind_int(stmt, 23, info->nflog_range));
748 DB_ACTION(sqlite3_bind_int(stmt, 24, info->nflog_threshold));
749 DB_ACTION(sqlite3_bind_text(stmt, 25, info->identifier ? info->identifier : "",
750 -1, SQLITE_TRANSIENT));
751 DB_ACTION(sqlite3_bind_int64(stmt, 26, info->key));
752 DB_ACTION(sqlite3_bind_int64(stmt, 27, key));
754 if (sqlite3_step(stmt) != SQLITE_DONE) {
755 STC_LOGE("Failed to update firewall rule %s\n",
756 sqlite3_errmsg(stc_db_get_database()));
757 error_code = STC_ERROR_DB_FAILED;
761 STC_LOGD("Firewall rule updated [%s]", info->chain);
769 stc_error_e table_firewall_foreach_rule(firewall_rule_cb info_cb,
772 firewall_rule_s info;
774 stc_error_e error_code = STC_ERROR_NONE;
775 sqlite3_stmt *stmt = select_fw_rule;
778 rc = sqlite3_step(stmt);
780 memset(&info, 0, sizeof(info));
786 info.key = sqlite3_column_int64(stmt, 0);
787 info.chain = (char *)sqlite3_column_text(stmt, 1);
788 info.direction = sqlite3_column_int(stmt, 2);
789 info.s_ip_type = sqlite3_column_int(stmt, 3);
790 info.d_ip_type = sqlite3_column_int(stmt, 4);
791 info.s_port_type = sqlite3_column_int(stmt, 5);
792 info.d_port_type = sqlite3_column_int(stmt, 6);
793 info.protocol = sqlite3_column_int(stmt, 7);
794 info.family = sqlite3_column_int(stmt, 8);
795 if (info.family == STC_FW_FAMILY_V4) {
796 sscanf((char *)sqlite3_column_text(stmt, 9), "%08x",
797 &(info.s_ip1.Ipv4.s_addr));
798 sscanf((char *)sqlite3_column_text(stmt, 10), "%08x",
799 &(info.s_ip2.Ipv4.s_addr));
800 sscanf((char *)sqlite3_column_text(stmt, 11), "%08x",
801 &(info.d_ip1.Ipv4.s_addr));
802 sscanf((char *)sqlite3_column_text(stmt, 12), "%08x",
803 &(info.d_ip2.Ipv4.s_addr));
804 } else if (info.family == STC_FW_FAMILY_V6) {
805 sscanf((char *)sqlite3_column_text(stmt, 9), "%08x:%08x:%08x:%08x",
806 &(info.s_ip1.Ipv6.s6_addr32[0]), &(info.s_ip1.Ipv6.s6_addr32[1]),
807 &(info.s_ip1.Ipv6.s6_addr32[2]), &(info.s_ip1.Ipv6.s6_addr32[3]));
808 sscanf((char *)sqlite3_column_text(stmt, 10), "%08x:%08x:%08x:%08x",
809 &(info.s_ip2.Ipv6.s6_addr32[0]), &(info.s_ip2.Ipv6.s6_addr32[1]),
810 &(info.s_ip2.Ipv6.s6_addr32[2]), &(info.s_ip2.Ipv6.s6_addr32[3]));
811 sscanf((char *)sqlite3_column_text(stmt, 11), "%08x:%08x:%08x:%08x",
812 &(info.d_ip1.Ipv6.s6_addr32[0]), &(info.d_ip1.Ipv6.s6_addr32[1]),
813 &(info.d_ip1.Ipv6.s6_addr32[2]), &(info.d_ip1.Ipv6.s6_addr32[3]));
814 sscanf((char *)sqlite3_column_text(stmt, 12), "%08x:%08x:%08x:%08x",
815 &(info.d_ip2.Ipv6.s6_addr32[0]), &(info.d_ip2.Ipv6.s6_addr32[1]),
816 &(info.d_ip2.Ipv6.s6_addr32[2]), &(info.d_ip2.Ipv6.s6_addr32[3]));
818 info.s_port1 = sqlite3_column_int(stmt, 13);
819 info.s_port2 = sqlite3_column_int(stmt, 14);
820 info.d_port1 = sqlite3_column_int(stmt, 15);
821 info.d_port2 = sqlite3_column_int(stmt, 16);
822 info.ifname = (char *)sqlite3_column_text(stmt, 17);
823 info.target = sqlite3_column_int(stmt, 18);
824 info.log_level = sqlite3_column_int(stmt, 19);
825 info.log_prefix = (char *)sqlite3_column_text(stmt, 20);
826 info.nflog_group = sqlite3_column_int(stmt, 21);
827 info.nflog_prefix = (char *)sqlite3_column_text(stmt, 22);
828 info.nflog_range = sqlite3_column_int(stmt, 23);
829 info.nflog_threshold = sqlite3_column_int(stmt, 24);
830 info.identifier = (char *)sqlite3_column_text(stmt, 25);
832 if (info_cb(&info, user_data) == STC_CANCEL)
837 STC_LOGE("Failed to enumerate firewall rules: %s\n",
838 sqlite3_errmsg(stc_db_get_database()));
840 error_code = STC_ERROR_DB_FAILED;
842 } while (rc == SQLITE_ROW);
848 stc_error_e table_firewall_prepare(sqlite3 *db)
850 __STC_LOG_FUNC_ENTER__;
852 stc_error_e error_code = STC_ERROR_NONE;
855 __STC_LOG_FUNC_EXIT__;
856 return STC_ERROR_FAIL;
859 DB_ACTION(__prepare_delete(db));
860 DB_ACTION(__prepare_select(db));
861 DB_ACTION(__prepare_update(db));
862 DB_ACTION(__prepare_insert(db));
866 __STC_LOG_FUNC_EXIT__;
870 void table_firewall_finalize(void)
872 __STC_LOG_FUNC_ENTER__;
877 __STC_LOG_FUNC_EXIT__;