| Mike Lockwood | 94afecf | 2012-10-24 10:45:23 -0700 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (C) 2011 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
| 17 | #include <stdio.h> |
| 18 | #include <stdlib.h> |
| 19 | #include <string.h> |
| 20 | #include <errno.h> |
| 21 | |
| 22 | #include <arpa/inet.h> |
| 23 | #include <netinet/in.h> |
| 24 | #include <sys/stat.h> |
| 25 | #include <sys/types.h> |
| 26 | #include <sys/socket.h> |
| 27 | #include <sys/ioctl.h> |
| 28 | #include <linux/if.h> |
| 29 | #include <linux/route.h> |
| 30 | |
| 31 | #define LOG_TAG "ip-up-vpn" |
| 32 | #include <cutils/log.h> |
| 33 | |
| 34 | #define DIR "/data/misc/vpn/" |
| 35 | |
| 36 | static const char *env(const char *name) { |
| 37 | const char *value = getenv(name); |
| 38 | return value ? value : ""; |
| 39 | } |
| 40 | |
| 41 | static int set_address(struct sockaddr *sa, const char *address) { |
| 42 | sa->sa_family = AF_INET; |
| 43 | errno = EINVAL; |
| 44 | return inet_pton(AF_INET, address, &((struct sockaddr_in *)sa)->sin_addr); |
| 45 | } |
| 46 | |
| 47 | /* |
| 48 | * The primary goal is to create a file with VPN parameters. Currently they |
| Lorenzo Colitti | a9e8374 | 2014-09-19 01:00:08 +0900 | [diff] [blame] | 49 | * are interface, addresses, routes, DNS servers, and search domains and VPN |
| 50 | * server address. Each parameter occupies one line in the file, and it can be |
| 51 | * an empty string or space-separated values. The order and the format must be |
| 52 | * consistent with com.android.server.connectivity.Vpn. Here is an example. |
| Mike Lockwood | 94afecf | 2012-10-24 10:45:23 -0700 | [diff] [blame] | 53 | * |
| 54 | * ppp0 |
| 55 | * 192.168.1.100/24 |
| 56 | * 0.0.0.0/0 |
| 57 | * 192.168.1.1 192.168.1.2 |
| 58 | * example.org |
| Lorenzo Colitti | a9e8374 | 2014-09-19 01:00:08 +0900 | [diff] [blame] | 59 | * 192.0.2.1 |
| Mike Lockwood | 94afecf | 2012-10-24 10:45:23 -0700 | [diff] [blame] | 60 | * |
| 61 | * The secondary goal is to unify the outcome of VPN. The current baseline |
| 62 | * is to have an interface configured with the given address and netmask |
| 63 | * and maybe add a host route to protect the tunnel. PPP-based VPN already |
| 64 | * does this, but others might not. Routes, DNS servers, and search domains |
| 65 | * are handled by the framework since they can be overridden by the users. |
| 66 | */ |
| 67 | int main(int argc, char **argv) |
| 68 | { |
| 69 | FILE *state = fopen(DIR ".tmp", "wb"); |
| 70 | if (!state) { |
| 71 | ALOGE("Cannot create state: %s", strerror(errno)); |
| 72 | return 1; |
| 73 | } |
| 74 | |
| 75 | if (argc >= 6) { |
| 76 | /* Invoked by pppd. */ |
| 77 | fprintf(state, "%s\n", argv[1]); |
| 78 | fprintf(state, "%s/32\n", argv[4]); |
| 79 | fprintf(state, "0.0.0.0/0\n"); |
| 80 | fprintf(state, "%s %s\n", env("DNS1"), env("DNS2")); |
| 81 | fprintf(state, "\n"); |
| Lorenzo Colitti | a9e8374 | 2014-09-19 01:00:08 +0900 | [diff] [blame] | 82 | fprintf(state, "\n"); |
| Mike Lockwood | 94afecf | 2012-10-24 10:45:23 -0700 | [diff] [blame] | 83 | } else if (argc == 2) { |
| 84 | /* Invoked by racoon. */ |
| 85 | const char *interface = env("INTERFACE"); |
| 86 | const char *address = env("INTERNAL_ADDR4"); |
| 87 | const char *routes = env("SPLIT_INCLUDE_CIDR"); |
| 88 | |
| 89 | int s = socket(AF_INET, SOCK_DGRAM, 0); |
| Mike Lockwood | 94afecf | 2012-10-24 10:45:23 -0700 | [diff] [blame] | 90 | struct ifreq ifr; |
| Mike Lockwood | 94afecf | 2012-10-24 10:45:23 -0700 | [diff] [blame] | 91 | memset(&ifr, 0, sizeof(ifr)); |
| 92 | |
| Mike Lockwood | 94afecf | 2012-10-24 10:45:23 -0700 | [diff] [blame] | 93 | /* Bring up the interface. */ |
| 94 | ifr.ifr_flags = IFF_UP; |
| 95 | strncpy(ifr.ifr_name, interface, IFNAMSIZ); |
| 96 | if (ioctl(s, SIOCSIFFLAGS, &ifr)) { |
| 97 | ALOGE("Cannot bring up %s: %s", interface, strerror(errno)); |
| 98 | return 1; |
| 99 | } |
| 100 | |
| 101 | /* Set the address. */ |
| 102 | if (!set_address(&ifr.ifr_addr, address) || |
| 103 | ioctl(s, SIOCSIFADDR, &ifr)) { |
| 104 | ALOGE("Cannot set address: %s", strerror(errno)); |
| 105 | return 1; |
| 106 | } |
| 107 | |
| 108 | /* Set the netmask. */ |
| 109 | if (set_address(&ifr.ifr_netmask, env("INTERNAL_NETMASK4"))) { |
| 110 | if (ioctl(s, SIOCSIFNETMASK, &ifr)) { |
| 111 | ALOGE("Cannot set netmask: %s", strerror(errno)); |
| 112 | return 1; |
| 113 | } |
| 114 | } |
| 115 | |
| 116 | /* TODO: Send few packets to trigger phase 2? */ |
| 117 | |
| 118 | fprintf(state, "%s\n", interface); |
| 119 | fprintf(state, "%s/%s\n", address, env("INTERNAL_CIDR4")); |
| 120 | fprintf(state, "%s\n", routes[0] ? routes : "0.0.0.0/0"); |
| 121 | fprintf(state, "%s\n", env("INTERNAL_DNS4_LIST")); |
| 122 | fprintf(state, "%s\n", env("DEFAULT_DOMAIN")); |
| Lorenzo Colitti | a9e8374 | 2014-09-19 01:00:08 +0900 | [diff] [blame] | 123 | fprintf(state, "%s\n", env("REMOTE_ADDR")); |
| Mike Lockwood | 94afecf | 2012-10-24 10:45:23 -0700 | [diff] [blame] | 124 | } else { |
| 125 | ALOGE("Cannot parse parameters"); |
| 126 | return 1; |
| 127 | } |
| 128 | |
| 129 | fclose(state); |
| 130 | if (chmod(DIR ".tmp", 0444) || rename(DIR ".tmp", DIR "state")) { |
| 131 | ALOGE("Cannot write state: %s", strerror(errno)); |
| 132 | return 1; |
| 133 | } |
| 134 | return 0; |
| 135 | } |