2 * Copyright (c) 2016 Samsung Electronics Co., Ltd.
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * This file implements restrictions entity handler methods.
20 * @file table-restrictions.c
24 #include "db-internal.h"
25 #include "table-firewall.h"
27 #define BUF_SIZE_FOR_IP 64
29 /* DELETE statements */
30 #define DELETE_FIREWALL_CHAIN "DELETE FROM fw_chains " \
33 #define DELETE_FIREWALL_RULE "DELETE FROM fw_rules " \
36 #define DELETE_FIREWALL_RULE_PER_CHAIN "DELETE FROM fw_rules " \
39 /* SELECT statements */
40 #define SELECT_FIREWALL_LOCK "SELECT state FROM fw_lock " \
43 #define SELECT_FIREWALL_CHAIN "SELECT chain, " \
44 "target, priority FROM fw_chains"
46 #define SELECT_FIREWALL_RULE "SELECT key, " \
47 "chain, direction, s_ip_type, d_ip_type, s_port_type, " \
48 "d_port_type, protocol, family, s_ip1, s_ip2, d_ip1, d_ip2, " \
49 "s_port1, s_port2, d_port1, d_port2, ifname, target, " \
50 "log_level, log_prefix, " \
51 "nflog_group, nflog_prefix, nflog_range, nflog_threshold, " \
55 #define SELECT_FIREWALL_RULE_PER_CHAIN "SELECT key, " \
56 "chain, direction, s_ip_type, d_ip_type, s_port_type, " \
57 "d_port_type, protocol, family, s_ip1, s_ip2, d_ip1, d_ip2, " \
58 "s_port1, s_port2, d_port1, d_port2, ifname, target, " \
59 "log_level, log_prefix, " \
60 "nflog_group, nflog_prefix, nflog_range, nflog_threshold, " \
62 "FROM fw_rules INDEXED BY rules_index " \
65 /* UPDATE statement */
66 #define UPDATE_FIREWALL_LOCK "UPDATE fw_lock " \
67 "SET state = ? WHERE name = ?"
69 #define UPDATE_FIREWALL_CHAIN "UPDATE fw_chains " \
70 "SET target = ?, priority = ? " \
73 #define UPDATE_FIREWALL_RULE "UPDATE fw_rules " \
74 "SET chain = ?, direction = ?, s_ip_type = ?, d_ip_type = ?, " \
75 "s_port_type = ?, d_port_type = ?, protocol = ?, family = ?, " \
76 "s_ip1 = ?, s_ip2 = ?, d_ip1 = ?, d_ip2 = ?, s_port1 = ?, " \
77 "s_port2 = ?, d_port1 = ?, d_port2 = ?, ifname = ?, target = ?, " \
78 "log_level = ?, log_prefix = ?, " \
79 "nflog_group = ?, nflog_prefix = ?, nflog_range = ?, nflog_threshold = ?, " \
80 "identifier = ?, key = ? " \
83 /* INSERT statement */
84 #define INSERT_FIREWALL_LOCK "INSERT INTO fw_lock " \
85 "(name, state) VALUES (?, ?)"
87 #define INSERT_FIREWALL_CHAIN "INSERT INTO fw_chains " \
88 "(chain, target, priority) " \
91 #define INSERT_FIREWALL_RULE "INSERT INTO fw_rules " \
92 "(key, chain, direction, s_ip_type, d_ip_type, s_port_type, " \
93 "d_port_type, protocol, family, s_ip1, s_ip2, d_ip1, d_ip2, " \
94 "s_port1, s_port2, d_port1, d_port2, ifname, target, " \
95 "log_level, log_prefix, " \
96 "nflog_group, nflog_prefix, nflog_range, nflog_threshold, " \
98 "VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, " \
99 "?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"
101 static void __finalize_delete(void);
103 #define PREPARE_DELETE(stm, query) do { \
104 rc = sqlite3_prepare_v2(db, query, -1, &stm, NULL); \
105 if (rc != SQLITE_OK) { \
107 __finalize_delete(); \
108 STC_LOGE("Failed to prepare \"%s\" query" \
114 static void __finalize_select(void);
116 #define PREPARE_SELECT(stm, query) do { \
117 rc = sqlite3_prepare_v2(db, query, -1, &stm, NULL); \
118 if (rc != SQLITE_OK) { \
120 __finalize_select(); \
121 STC_LOGE("Failed to prepare \"%s\" query" \
127 static void __finalize_update(void);
129 #define PREPARE_UPDATE(stm, query) do { \
130 rc = sqlite3_prepare_v2(db, query, -1, &stm, NULL); \
131 if (rc != SQLITE_OK) { \
133 __finalize_update(); \
134 STC_LOGE("Failed to prepare \"%s\" query" \
140 static void __finalize_insert(void);
142 #define PREPARE_INSERT(stm, query) do { \
143 rc = sqlite3_prepare_v2(db, query, -1, &stm, NULL); \
144 if (rc != SQLITE_OK) { \
146 __finalize_insert(); \
147 STC_LOGE("Failed to prepare \"%s\" query" \
153 #define FINALIZE(stm) do { \
155 sqlite3_finalize(stm); \
160 /* DELETE statements */
161 static sqlite3_stmt *delete_fw_chain;
162 static sqlite3_stmt *delete_fw_rule;
163 static sqlite3_stmt *delete_fw_rule_per_chain;
165 /* SELECT statements */
166 static sqlite3_stmt *select_fw_lock;
167 static sqlite3_stmt *select_fw_chain;
168 static sqlite3_stmt *select_fw_rule;
169 static sqlite3_stmt *select_fw_rule_per_chain;
171 /* UPDATE statements */
172 static sqlite3_stmt *update_fw_lock;
173 static sqlite3_stmt *update_fw_chain;
174 static sqlite3_stmt *update_fw_rule;
176 /* INSERT statements */
177 static sqlite3_stmt *insert_fw_lock;
178 static sqlite3_stmt *insert_fw_chain;
179 static sqlite3_stmt *insert_fw_rule;
181 static int __prepare_delete(sqlite3 *db)
183 __STC_LOG_FUNC_ENTER__;
185 static int initialized;
188 __STC_LOG_FUNC_EXIT__;
192 PREPARE_DELETE(delete_fw_chain, DELETE_FIREWALL_CHAIN);
193 PREPARE_DELETE(delete_fw_rule, DELETE_FIREWALL_RULE);
194 PREPARE_DELETE(delete_fw_rule_per_chain, DELETE_FIREWALL_RULE_PER_CHAIN);
197 __STC_LOG_FUNC_EXIT__;
201 static void __finalize_delete(void)
203 __STC_LOG_FUNC_ENTER__;
205 FINALIZE(delete_fw_chain);
206 FINALIZE(delete_fw_rule);
207 FINALIZE(delete_fw_rule_per_chain);
209 __STC_LOG_FUNC_EXIT__;
212 static int __prepare_select(sqlite3 *db)
214 __STC_LOG_FUNC_ENTER__;
216 static int initialized;
219 __STC_LOG_FUNC_EXIT__;
223 PREPARE_SELECT(select_fw_lock, SELECT_FIREWALL_LOCK);
224 PREPARE_SELECT(select_fw_chain, SELECT_FIREWALL_CHAIN);
225 PREPARE_SELECT(select_fw_rule, SELECT_FIREWALL_RULE);
226 PREPARE_SELECT(select_fw_rule_per_chain, SELECT_FIREWALL_RULE_PER_CHAIN);
229 __STC_LOG_FUNC_EXIT__;
233 static void __finalize_select(void)
235 __STC_LOG_FUNC_ENTER__;
237 FINALIZE(select_fw_lock);
238 FINALIZE(select_fw_chain);
239 FINALIZE(select_fw_rule);
240 FINALIZE(select_fw_rule_per_chain);
242 __STC_LOG_FUNC_EXIT__;
245 static int __prepare_update(sqlite3 *db)
247 __STC_LOG_FUNC_ENTER__;
249 static int initialized;
252 __STC_LOG_FUNC_EXIT__;
256 PREPARE_UPDATE(update_fw_lock, UPDATE_FIREWALL_LOCK);
257 PREPARE_UPDATE(update_fw_chain, UPDATE_FIREWALL_CHAIN);
258 PREPARE_UPDATE(update_fw_rule, UPDATE_FIREWALL_RULE);
261 __STC_LOG_FUNC_EXIT__;
265 static void __finalize_update(void)
267 __STC_LOG_FUNC_ENTER__;
269 FINALIZE(update_fw_lock);
270 FINALIZE(update_fw_chain);
271 FINALIZE(update_fw_rule);
273 __STC_LOG_FUNC_EXIT__;
276 static int __prepare_insert(sqlite3 *db)
278 __STC_LOG_FUNC_ENTER__;
280 static int initialized;
283 __STC_LOG_FUNC_EXIT__;
287 PREPARE_INSERT(insert_fw_lock, INSERT_FIREWALL_LOCK);
288 PREPARE_INSERT(insert_fw_chain, INSERT_FIREWALL_CHAIN);
289 PREPARE_INSERT(insert_fw_rule, INSERT_FIREWALL_RULE);
292 __STC_LOG_FUNC_EXIT__;
296 static void __finalize_insert(void)
298 __STC_LOG_FUNC_ENTER__;
300 FINALIZE(insert_fw_lock);
301 FINALIZE(insert_fw_chain);
302 FINALIZE(insert_fw_rule);
304 __STC_LOG_FUNC_EXIT__;
307 API stc_error_e table_firewall_insert_lock(char *name, int state)
309 stc_error_e error_code = STC_ERROR_NONE;
310 sqlite3_stmt *stmt = insert_fw_lock;
312 DB_ACTION(sqlite3_bind_text(stmt, 1, name ? name : "",
313 -1, SQLITE_TRANSIENT));
314 DB_ACTION(sqlite3_bind_int(stmt, 2, state));
316 if (sqlite3_step(stmt) != SQLITE_DONE) {
317 STC_LOGE("Failed to insert firewall lock state: %s\n",
318 sqlite3_errmsg(stc_db_get_database()));
320 error_code = STC_ERROR_DB_FAILED;
324 STC_LOGD("Firewall lock state inserted [%d]", state);
327 if (sqlite3_reset(stmt) != SQLITE_OK)
328 error_code = STC_ERROR_DB_FAILED;
333 API stc_error_e table_firewall_update_lock(char *name, int state)
335 stc_error_e error_code = STC_ERROR_NONE;
336 sqlite3_stmt *stmt = update_fw_lock;
338 DB_ACTION(sqlite3_bind_int(stmt, 1, state));
339 DB_ACTION(sqlite3_bind_text(stmt, 2, name ? name : "",
340 -1, SQLITE_TRANSIENT));
342 if (sqlite3_step(stmt) != SQLITE_DONE) {
343 STC_LOGE("Failed to update firewall lock state: %s\n",
344 sqlite3_errmsg(stc_db_get_database()));
346 error_code = STC_ERROR_DB_FAILED;
350 STC_LOGD("Firewall lock state updated [%d]", state);
353 if (sqlite3_reset(stmt) != SQLITE_OK)
354 error_code = STC_ERROR_DB_FAILED;
359 API stc_error_e table_firewall_get_lock(char *name, int *state)
362 stc_error_e error_code = STC_ERROR_NONE;
363 sqlite3_stmt *stmt = select_fw_lock;
366 return STC_ERROR_DB_FAILED;
368 DB_ACTION(sqlite3_bind_text(stmt, 1, name,
369 -1, SQLITE_TRANSIENT));
371 rc = sqlite3_step(stmt);
375 STC_LOGD("There is no lock state [%s]", name);
376 error_code = STC_ERROR_NO_DATA;
379 *state = sqlite3_column_int(stmt, 0);
383 STC_LOGE("Failed to get firewall lock state: %s\n",
384 sqlite3_errmsg(stc_db_get_database()));
386 error_code = STC_ERROR_DB_FAILED;
390 STC_LOGD("Firewall lock state [%d]", *state);
393 if (sqlite3_reset(stmt) != SQLITE_OK)
394 error_code = STC_ERROR_DB_FAILED;
399 API stc_error_e table_firewall_insert_chain(firewall_chain_s *info)
401 stc_error_e error_code = STC_ERROR_NONE;
402 sqlite3_stmt *stmt = insert_fw_chain;
405 error_code = STC_ERROR_INVALID_PARAMETER;
409 DB_ACTION(sqlite3_bind_text(stmt, 1, info->chain ? info->chain : "",
410 -1, SQLITE_TRANSIENT));
411 DB_ACTION(sqlite3_bind_int(stmt, 2, info->target));
412 DB_ACTION(sqlite3_bind_int(stmt, 3, info->priority));
414 if (sqlite3_step(stmt) != SQLITE_DONE) {
415 STC_LOGE("Failed to insert firewall chain: %s\n",
416 sqlite3_errmsg(stc_db_get_database()));
417 error_code = STC_ERROR_DB_FAILED;
421 STC_LOGD("Firewall chain inserted [%s]", info->chain);
424 if (sqlite3_reset(stmt) != SQLITE_OK)
425 error_code = STC_ERROR_DB_FAILED;
430 API stc_error_e table_firewall_delete_chain(firewall_chain_s *info)
432 stc_error_e error_code = STC_ERROR_NONE;
433 sqlite3_stmt *stmt = delete_fw_chain;
436 error_code = STC_ERROR_INVALID_PARAMETER;
440 DB_ACTION(sqlite3_bind_text(stmt, 1, info->chain ? info->chain : "",
441 -1, SQLITE_TRANSIENT));
443 if (sqlite3_step(stmt) != SQLITE_DONE) {
444 STC_LOGE("Failed to delete firewall chain %s\n",
445 sqlite3_errmsg(stc_db_get_database()));
446 error_code = STC_ERROR_DB_FAILED;
450 STC_LOGD("Firewall chain deleted [%s]", info->chain);
453 if (sqlite3_reset(stmt) != SQLITE_OK)
454 error_code = STC_ERROR_DB_FAILED;
459 API stc_error_e table_firewall_flush_chain(firewall_chain_s *info)
461 stc_error_e error_code = STC_ERROR_NONE;
462 sqlite3_stmt *stmt = delete_fw_rule_per_chain;
465 error_code = STC_ERROR_INVALID_PARAMETER;
469 DB_ACTION(sqlite3_bind_text(stmt, 1, info->chain ? info->chain : "",
470 -1, SQLITE_TRANSIENT));
472 if (sqlite3_step(stmt) != SQLITE_DONE) {
473 STC_LOGE("Failed to flush firewall chain %s\n",
474 sqlite3_errmsg(stc_db_get_database()));
475 error_code = STC_ERROR_DB_FAILED;
479 STC_LOGD("Firewall chain flushed [%s]", info->chain);
482 if (sqlite3_reset(stmt) != SQLITE_OK)
483 error_code = STC_ERROR_DB_FAILED;
488 API stc_error_e table_firewall_update_chain(firewall_chain_s *info)
490 stc_error_e error_code = STC_ERROR_NONE;
491 sqlite3_stmt *stmt = update_fw_chain;
494 error_code = STC_ERROR_INVALID_PARAMETER;
498 DB_ACTION(sqlite3_bind_int(stmt, 1, info->target));
499 DB_ACTION(sqlite3_bind_int(stmt, 2, info->priority));
500 DB_ACTION(sqlite3_bind_text(stmt, 3, info->chain ? info->chain : "",
501 -1, SQLITE_TRANSIENT));
503 if (sqlite3_step(stmt) != SQLITE_DONE) {
504 STC_LOGE("Failed to update firewall chain: %s\n",
505 sqlite3_errmsg(stc_db_get_database()));
506 error_code = STC_ERROR_DB_FAILED;
510 STC_LOGD("Firewall chain updated [%s]", info->chain);
513 if (sqlite3_reset(stmt) != SQLITE_OK)
514 error_code = STC_ERROR_DB_FAILED;
519 API stc_error_e table_firewall_foreach_chain(firewall_chain_cb info_cb,
522 firewall_chain_s info;
524 stc_error_e error_code = STC_ERROR_NONE;
525 sqlite3_stmt *stmt = select_fw_chain;
528 rc = sqlite3_step(stmt);
530 memset(&info, 0, sizeof(info));
536 info.chain = (char *)sqlite3_column_text(stmt, 0);
537 info.target = sqlite3_column_int(stmt, 1);
538 info.priority = sqlite3_column_int(stmt, 2);
540 if (info_cb(&info, user_data) == STC_CANCEL)
545 STC_LOGE("Failed to enumerate firewall chains: %s\n",
546 sqlite3_errmsg(stc_db_get_database()));
548 error_code = STC_ERROR_DB_FAILED;
550 } while (rc == SQLITE_ROW);
552 if (sqlite3_reset(stmt) != SQLITE_OK)
553 error_code = STC_ERROR_DB_FAILED;
558 API stc_error_e table_firewall_insert_rule(firewall_rule_s *info)
560 stc_error_e error_code = STC_ERROR_NONE;
561 char buf[BUF_SIZE_FOR_IP];
562 sqlite3_stmt *stmt = insert_fw_rule;
565 error_code = STC_ERROR_INVALID_PARAMETER;
569 DB_ACTION(sqlite3_bind_int64(stmt, 1, info->key));
570 DB_ACTION(sqlite3_bind_text(stmt, 2, info->chain ? info->chain : "",
571 -1, SQLITE_TRANSIENT));
572 DB_ACTION(sqlite3_bind_int(stmt, 3, info->direction));
573 DB_ACTION(sqlite3_bind_int(stmt, 4, info->s_ip_type));
574 DB_ACTION(sqlite3_bind_int(stmt, 5, info->d_ip_type));
575 DB_ACTION(sqlite3_bind_int(stmt, 6, info->s_port_type));
576 DB_ACTION(sqlite3_bind_int(stmt, 7, info->d_port_type));
577 DB_ACTION(sqlite3_bind_int(stmt, 8, info->protocol));
578 DB_ACTION(sqlite3_bind_int(stmt, 9, info->family));
579 if (info->family == STC_FW_FAMILY_V4) {
580 memset(buf, 0, sizeof(buf));
581 snprintf(buf, sizeof(buf), "%08x", info->s_ip1.Ipv4.s_addr);
582 DB_ACTION(sqlite3_bind_text(stmt, 10, buf, -1, SQLITE_TRANSIENT));
584 memset(buf, 0, sizeof(buf));
585 snprintf(buf, sizeof(buf), "%08x", info->s_ip2.Ipv4.s_addr);
586 DB_ACTION(sqlite3_bind_text(stmt, 11, buf, -1, SQLITE_TRANSIENT));
588 memset(buf, 0, sizeof(buf));
589 snprintf(buf, sizeof(buf), "%08x", info->d_ip1.Ipv4.s_addr);
590 DB_ACTION(sqlite3_bind_text(stmt, 12, buf, -1, SQLITE_TRANSIENT));
592 memset(buf, 0, sizeof(buf));
593 snprintf(buf, sizeof(buf), "%08x", info->d_ip2.Ipv4.s_addr);
594 DB_ACTION(sqlite3_bind_text(stmt, 13, buf, -1, SQLITE_TRANSIENT));
595 } else if (info->family == STC_FW_FAMILY_V6) {
596 memset(buf, 0, sizeof(buf));
597 snprintf(buf, sizeof(buf), "%08x:%08x:%08x:%08x",
598 info->s_ip1.Ipv6.s6_addr32[0], info->s_ip1.Ipv6.s6_addr32[1],
599 info->s_ip1.Ipv6.s6_addr32[2], info->s_ip1.Ipv6.s6_addr32[3]);
600 DB_ACTION(sqlite3_bind_text(stmt, 10, buf, -1, SQLITE_TRANSIENT));
602 memset(buf, 0, sizeof(buf));
603 snprintf(buf, sizeof(buf), "%08x:%08x:%08x:%08x",
604 info->s_ip2.Ipv6.s6_addr32[0], info->s_ip2.Ipv6.s6_addr32[1],
605 info->s_ip2.Ipv6.s6_addr32[2], info->s_ip2.Ipv6.s6_addr32[3]);
606 DB_ACTION(sqlite3_bind_text(stmt, 11, buf, -1, SQLITE_TRANSIENT));
608 memset(buf, 0, sizeof(buf));
609 snprintf(buf, sizeof(buf), "%08x:%08x:%08x:%08x",
610 info->d_ip1.Ipv6.s6_addr32[0], info->d_ip1.Ipv6.s6_addr32[1],
611 info->d_ip1.Ipv6.s6_addr32[2], info->d_ip1.Ipv6.s6_addr32[3]);
612 DB_ACTION(sqlite3_bind_text(stmt, 12, buf, -1, SQLITE_TRANSIENT));
614 memset(buf, 0, sizeof(buf));
615 snprintf(buf, sizeof(buf), "%08x:%08x:%08x:%08x",
616 info->d_ip2.Ipv6.s6_addr32[0], info->d_ip2.Ipv6.s6_addr32[1],
617 info->d_ip2.Ipv6.s6_addr32[2], info->d_ip2.Ipv6.s6_addr32[3]);
618 DB_ACTION(sqlite3_bind_text(stmt, 13, buf, -1, SQLITE_TRANSIENT));
620 DB_ACTION(sqlite3_bind_text(stmt, 10, "", -1, SQLITE_TRANSIENT));
621 DB_ACTION(sqlite3_bind_text(stmt, 11, "", -1, SQLITE_TRANSIENT));
622 DB_ACTION(sqlite3_bind_text(stmt, 12, "", -1, SQLITE_TRANSIENT));
623 DB_ACTION(sqlite3_bind_text(stmt, 13, "", -1, SQLITE_TRANSIENT));
625 DB_ACTION(sqlite3_bind_int(stmt, 14, info->s_port1));
626 DB_ACTION(sqlite3_bind_int(stmt, 15, info->s_port2));
627 DB_ACTION(sqlite3_bind_int(stmt, 16, info->d_port1));
628 DB_ACTION(sqlite3_bind_int(stmt, 17, info->d_port2));
629 DB_ACTION(sqlite3_bind_text(stmt, 18, info->ifname ? info->ifname : "",
630 -1, SQLITE_TRANSIENT));
631 DB_ACTION(sqlite3_bind_int(stmt, 19, info->target));
632 DB_ACTION(sqlite3_bind_int(stmt, 20, info->log_level));
633 DB_ACTION(sqlite3_bind_text(stmt, 21, info->log_prefix ? info->log_prefix : "",
634 -1, SQLITE_TRANSIENT));
635 DB_ACTION(sqlite3_bind_int(stmt, 22, info->nflog_group));
636 DB_ACTION(sqlite3_bind_text(stmt, 23, info->nflog_prefix ? info->nflog_prefix : "",
637 -1, SQLITE_TRANSIENT));
638 DB_ACTION(sqlite3_bind_int(stmt, 24, info->nflog_range));
639 DB_ACTION(sqlite3_bind_int(stmt, 25, info->nflog_threshold));
640 DB_ACTION(sqlite3_bind_text(stmt, 26, info->identifier ? info->identifier : "",
641 -1, SQLITE_TRANSIENT));
643 if (sqlite3_step(stmt) != SQLITE_DONE) {
644 STC_LOGE("Failed to insert firewall rule: %s\n",
645 sqlite3_errmsg(stc_db_get_database()));
646 error_code = STC_ERROR_DB_FAILED;
650 STC_LOGD("Firewall rule inserted [%s]", info->chain);
653 if (sqlite3_reset(stmt) != SQLITE_OK)
654 error_code = STC_ERROR_DB_FAILED;
659 API stc_error_e table_firewall_delete_rule(firewall_rule_s *info)
661 stc_error_e error_code = STC_ERROR_NONE;
662 sqlite3_stmt *stmt = delete_fw_rule;
665 error_code = STC_ERROR_INVALID_PARAMETER;
669 DB_ACTION(sqlite3_bind_int64(stmt, 1, info->key));
671 if (sqlite3_step(stmt) != SQLITE_DONE) {
672 STC_LOGE("Failed to delete firewall rule %s\n",
673 sqlite3_errmsg(stc_db_get_database()));
674 error_code = STC_ERROR_DB_FAILED;
678 STC_LOGD("Firewall rule deleted [%s]", info->chain);
681 if (sqlite3_reset(stmt) != SQLITE_OK)
682 error_code = STC_ERROR_DB_FAILED;
687 API stc_error_e table_firewall_update_rule(firewall_rule_s *info, guint key)
689 stc_error_e error_code = STC_ERROR_NONE;
690 char buf[BUF_SIZE_FOR_IP];
691 sqlite3_stmt *stmt = update_fw_rule;
694 error_code = STC_ERROR_INVALID_PARAMETER;
698 DB_ACTION(sqlite3_bind_text(stmt, 1, info->chain ? info->chain : "",
699 -1, SQLITE_TRANSIENT));
700 DB_ACTION(sqlite3_bind_int(stmt, 2, info->direction));
701 DB_ACTION(sqlite3_bind_int(stmt, 3, info->s_ip_type));
702 DB_ACTION(sqlite3_bind_int(stmt, 4, info->d_ip_type));
703 DB_ACTION(sqlite3_bind_int(stmt, 5, info->s_port_type));
704 DB_ACTION(sqlite3_bind_int(stmt, 6, info->d_port_type));
705 DB_ACTION(sqlite3_bind_int(stmt, 7, info->protocol));
706 DB_ACTION(sqlite3_bind_int(stmt, 8, info->family));
707 if (info->family == STC_FW_FAMILY_V4) {
708 memset(buf, 0, sizeof(buf));
709 snprintf(buf, sizeof(buf), "%08x", info->s_ip1.Ipv4.s_addr);
710 DB_ACTION(sqlite3_bind_text(stmt, 9, buf, -1, SQLITE_TRANSIENT));
712 memset(buf, 0, sizeof(buf));
713 snprintf(buf, sizeof(buf), "%08x", info->s_ip2.Ipv4.s_addr);
714 DB_ACTION(sqlite3_bind_text(stmt, 10, buf, -1, SQLITE_TRANSIENT));
716 memset(buf, 0, sizeof(buf));
717 snprintf(buf, sizeof(buf), "%08x", info->d_ip1.Ipv4.s_addr);
718 DB_ACTION(sqlite3_bind_text(stmt, 11, buf, -1, SQLITE_TRANSIENT));
720 memset(buf, 0, sizeof(buf));
721 snprintf(buf, sizeof(buf), "%08x", info->d_ip2.Ipv4.s_addr);
722 DB_ACTION(sqlite3_bind_text(stmt, 12, buf, -1, SQLITE_TRANSIENT));
723 } else if (info->family == STC_FW_FAMILY_V6) {
724 memset(buf, 0, sizeof(buf));
725 snprintf(buf, sizeof(buf), "%08x:%08x:%08x:%08x",
726 info->s_ip1.Ipv6.s6_addr32[0], info->s_ip1.Ipv6.s6_addr32[1],
727 info->s_ip1.Ipv6.s6_addr32[2], info->s_ip1.Ipv6.s6_addr32[3]);
728 DB_ACTION(sqlite3_bind_text(stmt, 9, buf, -1, SQLITE_TRANSIENT));
730 memset(buf, 0, sizeof(buf));
731 snprintf(buf, sizeof(buf), "%08x:%08x:%08x:%08x",
732 info->s_ip2.Ipv6.s6_addr32[0], info->s_ip2.Ipv6.s6_addr32[1],
733 info->s_ip2.Ipv6.s6_addr32[2], info->s_ip2.Ipv6.s6_addr32[3]);
734 DB_ACTION(sqlite3_bind_text(stmt, 10, buf, -1, SQLITE_TRANSIENT));
736 memset(buf, 0, sizeof(buf));
737 snprintf(buf, sizeof(buf), "%08x:%08x:%08x:%08x",
738 info->d_ip1.Ipv6.s6_addr32[0], info->d_ip1.Ipv6.s6_addr32[1],
739 info->d_ip1.Ipv6.s6_addr32[2], info->d_ip1.Ipv6.s6_addr32[3]);
740 DB_ACTION(sqlite3_bind_text(stmt, 11, buf, -1, SQLITE_TRANSIENT));
742 memset(buf, 0, sizeof(buf));
743 snprintf(buf, sizeof(buf), "%08x:%08x:%08x:%08x",
744 info->d_ip2.Ipv6.s6_addr32[0], info->d_ip2.Ipv6.s6_addr32[1],
745 info->d_ip2.Ipv6.s6_addr32[2], info->d_ip2.Ipv6.s6_addr32[3]);
746 DB_ACTION(sqlite3_bind_text(stmt, 12, buf, -1, SQLITE_TRANSIENT));
748 DB_ACTION(sqlite3_bind_text(stmt, 9, "", -1, SQLITE_TRANSIENT));
749 DB_ACTION(sqlite3_bind_text(stmt, 10, "", -1, SQLITE_TRANSIENT));
750 DB_ACTION(sqlite3_bind_text(stmt, 11, "", -1, SQLITE_TRANSIENT));
751 DB_ACTION(sqlite3_bind_text(stmt, 12, "", -1, SQLITE_TRANSIENT));
753 DB_ACTION(sqlite3_bind_int(stmt, 13, info->s_port1));
754 DB_ACTION(sqlite3_bind_int(stmt, 14, info->s_port2));
755 DB_ACTION(sqlite3_bind_int(stmt, 15, info->d_port1));
756 DB_ACTION(sqlite3_bind_int(stmt, 16, info->d_port2));
757 DB_ACTION(sqlite3_bind_text(stmt, 17, info->ifname ? info->ifname : "",
758 -1, SQLITE_TRANSIENT));
759 DB_ACTION(sqlite3_bind_int(stmt, 18, info->target));
760 DB_ACTION(sqlite3_bind_int(stmt, 19, info->log_level));
761 DB_ACTION(sqlite3_bind_text(stmt, 20, info->log_prefix ? info->log_prefix : "",
762 -1, SQLITE_TRANSIENT));
763 DB_ACTION(sqlite3_bind_int(stmt, 21, info->nflog_group));
764 DB_ACTION(sqlite3_bind_text(stmt, 22, info->nflog_prefix ? info->nflog_prefix : "",
765 -1, SQLITE_TRANSIENT));
766 DB_ACTION(sqlite3_bind_int(stmt, 23, info->nflog_range));
767 DB_ACTION(sqlite3_bind_int(stmt, 24, info->nflog_threshold));
768 DB_ACTION(sqlite3_bind_text(stmt, 25, info->identifier ? info->identifier : "",
769 -1, SQLITE_TRANSIENT));
770 DB_ACTION(sqlite3_bind_int64(stmt, 26, info->key));
771 DB_ACTION(sqlite3_bind_int64(stmt, 27, key));
773 if (sqlite3_step(stmt) != SQLITE_DONE) {
774 STC_LOGE("Failed to update firewall rule %s\n",
775 sqlite3_errmsg(stc_db_get_database()));
776 error_code = STC_ERROR_DB_FAILED;
780 STC_LOGD("Firewall rule updated [%s]", info->chain);
783 if (sqlite3_reset(stmt) != SQLITE_OK)
784 error_code = STC_ERROR_DB_FAILED;
789 API stc_error_e table_firewall_foreach_rule(firewall_rule_cb info_cb,
792 firewall_rule_s info;
794 stc_error_e error_code = STC_ERROR_NONE;
795 sqlite3_stmt *stmt = select_fw_rule;
798 rc = sqlite3_step(stmt);
800 memset(&info, 0, sizeof(info));
806 info.key = sqlite3_column_int64(stmt, 0);
807 info.chain = (char *)sqlite3_column_text(stmt, 1);
808 info.direction = sqlite3_column_int(stmt, 2);
809 info.s_ip_type = sqlite3_column_int(stmt, 3);
810 info.d_ip_type = sqlite3_column_int(stmt, 4);
811 info.s_port_type = sqlite3_column_int(stmt, 5);
812 info.d_port_type = sqlite3_column_int(stmt, 6);
813 info.protocol = sqlite3_column_int(stmt, 7);
814 info.family = sqlite3_column_int(stmt, 8);
815 if (info.family == STC_FW_FAMILY_V4) {
816 sscanf((char *)sqlite3_column_text(stmt, 9), "%08x",
817 &(info.s_ip1.Ipv4.s_addr));
818 sscanf((char *)sqlite3_column_text(stmt, 10), "%08x",
819 &(info.s_ip2.Ipv4.s_addr));
820 sscanf((char *)sqlite3_column_text(stmt, 11), "%08x",
821 &(info.d_ip1.Ipv4.s_addr));
822 sscanf((char *)sqlite3_column_text(stmt, 12), "%08x",
823 &(info.d_ip2.Ipv4.s_addr));
824 } else if (info.family == STC_FW_FAMILY_V6) {
825 sscanf((char *)sqlite3_column_text(stmt, 9), "%08x:%08x:%08x:%08x",
826 &(info.s_ip1.Ipv6.s6_addr32[0]), &(info.s_ip1.Ipv6.s6_addr32[1]),
827 &(info.s_ip1.Ipv6.s6_addr32[2]), &(info.s_ip1.Ipv6.s6_addr32[3]));
828 sscanf((char *)sqlite3_column_text(stmt, 10), "%08x:%08x:%08x:%08x",
829 &(info.s_ip2.Ipv6.s6_addr32[0]), &(info.s_ip2.Ipv6.s6_addr32[1]),
830 &(info.s_ip2.Ipv6.s6_addr32[2]), &(info.s_ip2.Ipv6.s6_addr32[3]));
831 sscanf((char *)sqlite3_column_text(stmt, 11), "%08x:%08x:%08x:%08x",
832 &(info.d_ip1.Ipv6.s6_addr32[0]), &(info.d_ip1.Ipv6.s6_addr32[1]),
833 &(info.d_ip1.Ipv6.s6_addr32[2]), &(info.d_ip1.Ipv6.s6_addr32[3]));
834 sscanf((char *)sqlite3_column_text(stmt, 12), "%08x:%08x:%08x:%08x",
835 &(info.d_ip2.Ipv6.s6_addr32[0]), &(info.d_ip2.Ipv6.s6_addr32[1]),
836 &(info.d_ip2.Ipv6.s6_addr32[2]), &(info.d_ip2.Ipv6.s6_addr32[3]));
838 info.s_port1 = sqlite3_column_int(stmt, 13);
839 info.s_port2 = sqlite3_column_int(stmt, 14);
840 info.d_port1 = sqlite3_column_int(stmt, 15);
841 info.d_port2 = sqlite3_column_int(stmt, 16);
842 info.ifname = (char *)sqlite3_column_text(stmt, 17);
843 info.target = sqlite3_column_int(stmt, 18);
844 info.log_level = sqlite3_column_int(stmt, 19);
845 info.log_prefix = (char *)sqlite3_column_text(stmt, 20);
846 info.nflog_group = sqlite3_column_int(stmt, 21);
847 info.nflog_prefix = (char *)sqlite3_column_text(stmt, 22);
848 info.nflog_range = sqlite3_column_int(stmt, 23);
849 info.nflog_threshold = sqlite3_column_int(stmt, 24);
850 info.identifier = (char *)sqlite3_column_text(stmt, 25);
852 if (info_cb(&info, user_data) == STC_CANCEL)
857 STC_LOGE("Failed to enumerate firewall rules: %s\n",
858 sqlite3_errmsg(stc_db_get_database()));
860 error_code = STC_ERROR_DB_FAILED;
862 } while (rc == SQLITE_ROW);
864 if (sqlite3_reset(stmt) != SQLITE_OK)
865 error_code = STC_ERROR_DB_FAILED;
870 stc_error_e table_firewall_prepare(sqlite3 *db)
872 __STC_LOG_FUNC_ENTER__;
874 stc_error_e error_code = STC_ERROR_NONE;
877 __STC_LOG_FUNC_EXIT__;
878 return STC_ERROR_FAIL;
881 DB_ACTION(__prepare_delete(db));
882 DB_ACTION(__prepare_select(db));
883 DB_ACTION(__prepare_update(db));
884 DB_ACTION(__prepare_insert(db));
888 __STC_LOG_FUNC_EXIT__;
892 void table_firewall_finalize(void)
894 __STC_LOG_FUNC_ENTER__;
899 __STC_LOG_FUNC_EXIT__;