ip-up-vpn.c revision 1591aa004557859742fb89190ce76cbbf3a1ef12 
1/*
2 * Copyright (C) 2011 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 *      http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#include <stdio.h>
18#include <stdlib.h>
19#include <string.h>
20#include <errno.h>
21
22#include <arpa/inet.h>
23#include <netinet/in.h>
24#include <sys/stat.h>
25#include <sys/types.h>
26#include <sys/socket.h>
27#include <sys/ioctl.h>
28#include <linux/if.h>
29#include <linux/route.h>
30
31#define LOG_TAG "ip-up-vpn"
32#include <cutils/log.h>
33
34#define DIR "/data/misc/vpn/"
35
36static const char *env(const char *name) {
37    const char *value = getenv(name);
38    return value ? value : "";
39}
40
41static int set_address(struct sockaddr *sa, const char *address) {
42    sa->sa_family = AF_INET;
43    return inet_pton(AF_INET, address, &((struct sockaddr_in *)sa)->sin_addr);
44}
45
46/*
47 * The primary goal is to create a file with VPN parameters. Currently they
48 * are interface, addresses, routes, DNS servers, and search domains. Each
49 * parameter occupies one line in the file, and it can be an empty string or
50 * space-separated values. The order and the format must be consistent with
51 * com.android.server.connectivity.Vpn. Here is an example.
52 *
53 *   ppp0
54 *   192.168.1.100/24
55 *   0.0.0.0/0
56 *   192.168.1.1 192.168.1.2
57 *   example.org
58 *
59 * The secondary goal is to unify the outcome of VPN. The current baseline
60 * is to have an interface configured with the given address and netmask
61 * and maybe add a host route to protect the tunnel. PPP-based VPN already
62 * does this, but others might not. Routes, DNS servers, and search domains
63 * are handled by the framework since they can be overridden by the users.
64 */
65int main(int argc, char **argv)
66{
67    FILE *state = fopen(DIR ".tmp", "wb");
68    if (!state) {
69        LOGE("Cannot create state: %s", strerror(errno));
70        return 1;
71    }
72
73    if (argc >= 6) {
74        /* Invoked by pppd. */
75        fprintf(state, "%s\n", argv[1]);
76        fprintf(state, "%s/32\n", argv[4]);
77        fprintf(state, "0.0.0.0/0\n");
78        fprintf(state, "%s %s\n", env("DNS1"), env("DNS2"));
79        fprintf(state, "\n");
80    } else if (argc == 2) {
81        /* Invoked by racoon. */
82        const char *interface = env("INTERFACE");
83        const char *address = env("INTERNAL_ADDR4");
84        const char *routes = env("SPLIT_INCLUDE_CIDR");
85
86        int s = socket(AF_INET, SOCK_DGRAM, 0);
87        struct rtentry rt;
88        struct ifreq ifr;
89
90        memset(&rt, 0, sizeof(rt));
91        memset(&ifr, 0, sizeof(ifr));
92
93        /* Remove the old host route. There could be more than one. */
94        rt.rt_flags |= RTF_UP | RTF_HOST;
95        if (set_address(&rt.rt_dst, env("REMOTE_ADDR"))) {
96            while (!ioctl(s, SIOCDELRT, &rt));
97        }
98        if (errno != ESRCH) {
99            LOGE("Cannot remove host route: %s", strerror(errno));
100            return 1;
101        }
102
103        /* Create a new host route. */
104        rt.rt_flags |= RTF_GATEWAY;
105        if (!set_address(&rt.rt_gateway, argv[1]) ||
106                (ioctl(s, SIOCADDRT, &rt) && errno != EEXIST)) {
107            LOGE("Cannot create host route: %s", strerror(errno));
108            return 1;
109        }
110
111        /* Bring up the interface. */
112        ifr.ifr_flags = IFF_UP;
113        strncpy(ifr.ifr_name, interface, IFNAMSIZ);
114        if (ioctl(s, SIOCSIFFLAGS, &ifr)) {
115            LOGE("Cannot bring up %s: %s", interface, strerror(errno));
116            return 1;
117        }
118
119        /* Set the address. */
120        if (!set_address(&ifr.ifr_addr, address) ||
121                ioctl(s, SIOCSIFADDR, &ifr)) {
122            LOGE("Cannot set address: %s", strerror(errno));
123            return 1;
124        }
125
126        /* Set the netmask. */
127        if (!set_address(&ifr.ifr_netmask, env("INTERNAL_NETMASK4")) ||
128                ioctl(s, SIOCSIFNETMASK, &ifr)) {
129            LOGE("Cannot set netmask: %s", strerror(errno));
130            return 1;
131        }
132
133        /* TODO: Send few packets to trigger phase 2? */
134
135        fprintf(state, "%s\n", interface);
136        fprintf(state, "%s/%s\n", address, env("INTERNAL_CIDR4"));
137        fprintf(state, "%s\n", routes[0] ? routes : "0.0.0.0/0");
138        fprintf(state, "%s\n", env("INTERNAL_DNS4_LIST"));
139        fprintf(state, "%s\n", env("DEFAULT_DOMAIN"));
140    } else {
141        LOGE("Cannot parse parameters");
142        return 1;
143    }
144
145    fclose(state);
146    if (chmod(DIR ".tmp", 0444) || rename(DIR ".tmp", DIR "state")) {
147        LOGE("Cannot write state: %s", strerror(errno));
148        return 1;
149    }
150    return 0;
151}
152