ip-up-vpn.c revision 1591aa004557859742fb89190ce76cbbf3a1ef12
1/* 2 * Copyright (C) 2011 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17#include <stdio.h> 18#include <stdlib.h> 19#include <string.h> 20#include <errno.h> 21 22#include <arpa/inet.h> 23#include <netinet/in.h> 24#include <sys/stat.h> 25#include <sys/types.h> 26#include <sys/socket.h> 27#include <sys/ioctl.h> 28#include <linux/if.h> 29#include <linux/route.h> 30 31#define LOG_TAG "ip-up-vpn" 32#include <cutils/log.h> 33 34#define DIR "/data/misc/vpn/" 35 36static const char *env(const char *name) { 37 const char *value = getenv(name); 38 return value ? value : ""; 39} 40 41static int set_address(struct sockaddr *sa, const char *address) { 42 sa->sa_family = AF_INET; 43 return inet_pton(AF_INET, address, &((struct sockaddr_in *)sa)->sin_addr); 44} 45 46/* 47 * The primary goal is to create a file with VPN parameters. Currently they 48 * are interface, addresses, routes, DNS servers, and search domains. Each 49 * parameter occupies one line in the file, and it can be an empty string or 50 * space-separated values. The order and the format must be consistent with 51 * com.android.server.connectivity.Vpn. Here is an example. 52 * 53 * ppp0 54 * 192.168.1.100/24 55 * 0.0.0.0/0 56 * 192.168.1.1 192.168.1.2 57 * example.org 58 * 59 * The secondary goal is to unify the outcome of VPN. The current baseline 60 * is to have an interface configured with the given address and netmask 61 * and maybe add a host route to protect the tunnel. PPP-based VPN already 62 * does this, but others might not. Routes, DNS servers, and search domains 63 * are handled by the framework since they can be overridden by the users. 64 */ 65int main(int argc, char **argv) 66{ 67 FILE *state = fopen(DIR ".tmp", "wb"); 68 if (!state) { 69 LOGE("Cannot create state: %s", strerror(errno)); 70 return 1; 71 } 72 73 if (argc >= 6) { 74 /* Invoked by pppd. */ 75 fprintf(state, "%s\n", argv[1]); 76 fprintf(state, "%s/32\n", argv[4]); 77 fprintf(state, "0.0.0.0/0\n"); 78 fprintf(state, "%s %s\n", env("DNS1"), env("DNS2")); 79 fprintf(state, "\n"); 80 } else if (argc == 2) { 81 /* Invoked by racoon. */ 82 const char *interface = env("INTERFACE"); 83 const char *address = env("INTERNAL_ADDR4"); 84 const char *routes = env("SPLIT_INCLUDE_CIDR"); 85 86 int s = socket(AF_INET, SOCK_DGRAM, 0); 87 struct rtentry rt; 88 struct ifreq ifr; 89 90 memset(&rt, 0, sizeof(rt)); 91 memset(&ifr, 0, sizeof(ifr)); 92 93 /* Remove the old host route. There could be more than one. */ 94 rt.rt_flags |= RTF_UP | RTF_HOST; 95 if (set_address(&rt.rt_dst, env("REMOTE_ADDR"))) { 96 while (!ioctl(s, SIOCDELRT, &rt)); 97 } 98 if (errno != ESRCH) { 99 LOGE("Cannot remove host route: %s", strerror(errno)); 100 return 1; 101 } 102 103 /* Create a new host route. */ 104 rt.rt_flags |= RTF_GATEWAY; 105 if (!set_address(&rt.rt_gateway, argv[1]) || 106 (ioctl(s, SIOCADDRT, &rt) && errno != EEXIST)) { 107 LOGE("Cannot create host route: %s", strerror(errno)); 108 return 1; 109 } 110 111 /* Bring up the interface. */ 112 ifr.ifr_flags = IFF_UP; 113 strncpy(ifr.ifr_name, interface, IFNAMSIZ); 114 if (ioctl(s, SIOCSIFFLAGS, &ifr)) { 115 LOGE("Cannot bring up %s: %s", interface, strerror(errno)); 116 return 1; 117 } 118 119 /* Set the address. */ 120 if (!set_address(&ifr.ifr_addr, address) || 121 ioctl(s, SIOCSIFADDR, &ifr)) { 122 LOGE("Cannot set address: %s", strerror(errno)); 123 return 1; 124 } 125 126 /* Set the netmask. */ 127 if (!set_address(&ifr.ifr_netmask, env("INTERNAL_NETMASK4")) || 128 ioctl(s, SIOCSIFNETMASK, &ifr)) { 129 LOGE("Cannot set netmask: %s", strerror(errno)); 130 return 1; 131 } 132 133 /* TODO: Send few packets to trigger phase 2? */ 134 135 fprintf(state, "%s\n", interface); 136 fprintf(state, "%s/%s\n", address, env("INTERNAL_CIDR4")); 137 fprintf(state, "%s\n", routes[0] ? routes : "0.0.0.0/0"); 138 fprintf(state, "%s\n", env("INTERNAL_DNS4_LIST")); 139 fprintf(state, "%s\n", env("DEFAULT_DOMAIN")); 140 } else { 141 LOGE("Cannot parse parameters"); 142 return 1; 143 } 144 145 fclose(state); 146 if (chmod(DIR ".tmp", 0444) || rename(DIR ".tmp", DIR "state")) { 147 LOGE("Cannot write state: %s", strerror(errno)); 148 return 1; 149 } 150 return 0; 151} 152