NatController.cpp revision d14fd4f83ffeea4ad1cd559a41f775f6814565cc
19ff78fb7da7158f5bd7c86d89a842691820259cfSan Mehat/* 29ff78fb7da7158f5bd7c86d89a842691820259cfSan Mehat * Copyright (C) 2008 The Android Open Source Project 39ff78fb7da7158f5bd7c86d89a842691820259cfSan Mehat * 49ff78fb7da7158f5bd7c86d89a842691820259cfSan Mehat * Licensed under the Apache License, Version 2.0 (the "License"); 59ff78fb7da7158f5bd7c86d89a842691820259cfSan Mehat * you may not use this file except in compliance with the License. 69ff78fb7da7158f5bd7c86d89a842691820259cfSan Mehat * You may obtain a copy of the License at 79ff78fb7da7158f5bd7c86d89a842691820259cfSan Mehat * 89ff78fb7da7158f5bd7c86d89a842691820259cfSan Mehat * http://www.apache.org/licenses/LICENSE-2.0 99ff78fb7da7158f5bd7c86d89a842691820259cfSan Mehat * 109ff78fb7da7158f5bd7c86d89a842691820259cfSan Mehat * Unless required by applicable law or agreed to in writing, software 119ff78fb7da7158f5bd7c86d89a842691820259cfSan Mehat * distributed under the License is distributed on an "AS IS" BASIS, 129ff78fb7da7158f5bd7c86d89a842691820259cfSan Mehat * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 139ff78fb7da7158f5bd7c86d89a842691820259cfSan Mehat * See the License for the specific language governing permissions and 149ff78fb7da7158f5bd7c86d89a842691820259cfSan Mehat * limitations under the License. 159ff78fb7da7158f5bd7c86d89a842691820259cfSan Mehat */ 169ff78fb7da7158f5bd7c86d89a842691820259cfSan Mehat 179ff78fb7da7158f5bd7c86d89a842691820259cfSan Mehat#include <stdlib.h> 189ff78fb7da7158f5bd7c86d89a842691820259cfSan Mehat#include <errno.h> 199ff78fb7da7158f5bd7c86d89a842691820259cfSan Mehat#include <sys/socket.h> 209ff78fb7da7158f5bd7c86d89a842691820259cfSan Mehat#include <sys/stat.h> 219ff78fb7da7158f5bd7c86d89a842691820259cfSan Mehat#include <fcntl.h> 229ff78fb7da7158f5bd7c86d89a842691820259cfSan Mehat#include <netinet/in.h> 239ff78fb7da7158f5bd7c86d89a842691820259cfSan Mehat#include <arpa/inet.h> 24ff2c0d8c13457e43f0d4bf06d3177271aac104c1Olivier Bailly#include <string.h> 25ac208608c9e10ef199fdd11c38a31675ee9290c0John Michelau#include <cutils/properties.h> 269ff78fb7da7158f5bd7c86d89a842691820259cfSan Mehat 279ff78fb7da7158f5bd7c86d89a842691820259cfSan Mehat#define LOG_TAG "NatController" 289ff78fb7da7158f5bd7c86d89a842691820259cfSan Mehat#include <cutils/log.h> 299ff78fb7da7158f5bd7c86d89a842691820259cfSan Mehat 309ff78fb7da7158f5bd7c86d89a842691820259cfSan Mehat#include "NatController.h" 31fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt#include "SecondaryTableController.h" 324ab468577647d1ee73810b89d2287eaa5546fecbKazuhiro Ondo#include "oem_iptables_hook.h" 33c462177bd58e3bf0ac4f618934dae060569e3e0bRobert Greenwalt#include "NetdConstants.h" 349ff78fb7da7158f5bd7c86d89a842691820259cfSan Mehat 359e5e0ce62e88ddf9a09798eda51b0c270d354c8eJP Abgrallextern "C" int system_nosh(const char *command); 369ff78fb7da7158f5bd7c86d89a842691820259cfSan Mehat 37fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert GreenwaltNatController::NatController(SecondaryTableController *ctrl) { 38fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt secondaryTableCtrl = ctrl; 39fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt setDefaults(); 409ff78fb7da7158f5bd7c86d89a842691820259cfSan Mehat} 419ff78fb7da7158f5bd7c86d89a842691820259cfSan Mehat 429ff78fb7da7158f5bd7c86d89a842691820259cfSan MehatNatController::~NatController() { 439ff78fb7da7158f5bd7c86d89a842691820259cfSan Mehat} 449ff78fb7da7158f5bd7c86d89a842691820259cfSan Mehat 45fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwaltint NatController::runCmd(const char *path, const char *cmd) { 4611b4e9b26fe7b878992162afb39f5a8acfd143edJP Abgrall char *buffer; 4711b4e9b26fe7b878992162afb39f5a8acfd143edJP Abgrall size_t len = strnlen(cmd, 255); 4811b4e9b26fe7b878992162afb39f5a8acfd143edJP Abgrall int res; 499ff78fb7da7158f5bd7c86d89a842691820259cfSan Mehat 5011b4e9b26fe7b878992162afb39f5a8acfd143edJP Abgrall if (len == 255) { 515ea0c05a1e7d8e664b808aa1bb1efd08fdb2fb13Steve Block ALOGE("command too long"); 5211b4e9b26fe7b878992162afb39f5a8acfd143edJP Abgrall errno = E2BIG; 5311b4e9b26fe7b878992162afb39f5a8acfd143edJP Abgrall return -1; 549ff78fb7da7158f5bd7c86d89a842691820259cfSan Mehat } 559ff78fb7da7158f5bd7c86d89a842691820259cfSan Mehat 56fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt asprintf(&buffer, "%s %s", path, cmd); 579e5e0ce62e88ddf9a09798eda51b0c270d354c8eJP Abgrall res = system_nosh(buffer); 5811b4e9b26fe7b878992162afb39f5a8acfd143edJP Abgrall free(buffer); 5911b4e9b26fe7b878992162afb39f5a8acfd143edJP Abgrall return res; 609ff78fb7da7158f5bd7c86d89a842691820259cfSan Mehat} 619ff78fb7da7158f5bd7c86d89a842691820259cfSan Mehat 629ff78fb7da7158f5bd7c86d89a842691820259cfSan Mehatint NatController::setDefaults() { 639ff78fb7da7158f5bd7c86d89a842691820259cfSan Mehat 64fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt if (runCmd(IPTABLES_PATH, "-P INPUT ACCEPT")) 659ff78fb7da7158f5bd7c86d89a842691820259cfSan Mehat return -1; 66fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt if (runCmd(IPTABLES_PATH, "-P OUTPUT ACCEPT")) 679ff78fb7da7158f5bd7c86d89a842691820259cfSan Mehat return -1; 68fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt if (runCmd(IPTABLES_PATH, "-P FORWARD DROP")) 699ff78fb7da7158f5bd7c86d89a842691820259cfSan Mehat return -1; 70fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt if (runCmd(IPTABLES_PATH, "-F FORWARD")) 719ff78fb7da7158f5bd7c86d89a842691820259cfSan Mehat return -1; 72fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt if (runCmd(IPTABLES_PATH, "-t nat -F")) 739ff78fb7da7158f5bd7c86d89a842691820259cfSan Mehat return -1; 74fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt 75fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt runCmd(IP_PATH, "rule flush"); 76063af322b48ab1bb0c3e09eb0b64915ba568275bRobert Greenwalt runCmd(IP_PATH, "-6 rule flush"); 77fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt runCmd(IP_PATH, "rule add from all lookup default prio 32767"); 78fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt runCmd(IP_PATH, "rule add from all lookup main prio 32766"); 79063af322b48ab1bb0c3e09eb0b64915ba568275bRobert Greenwalt runCmd(IP_PATH, "-6 rule add from all lookup default prio 32767"); 80063af322b48ab1bb0c3e09eb0b64915ba568275bRobert Greenwalt runCmd(IP_PATH, "-6 rule add from all lookup main prio 32766"); 81063af322b48ab1bb0c3e09eb0b64915ba568275bRobert Greenwalt runCmd(IP_PATH, "route flush cache"); 82fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt 83fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt natCount = 0; 844ab468577647d1ee73810b89d2287eaa5546fecbKazuhiro Ondo 854ab468577647d1ee73810b89d2287eaa5546fecbKazuhiro Ondo setupOemIptablesHook(); 869ff78fb7da7158f5bd7c86d89a842691820259cfSan Mehat return 0; 879ff78fb7da7158f5bd7c86d89a842691820259cfSan Mehat} 889ff78fb7da7158f5bd7c86d89a842691820259cfSan Mehat 89fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwaltbool NatController::checkInterface(const char *iface) { 90d14fd4f83ffeea4ad1cd559a41f775f6814565ccJaime A Lopez-Sollano if (strlen(iface) > IFNAMSIZ) return false; 919ff78fb7da7158f5bd7c86d89a842691820259cfSan Mehat return true; 929ff78fb7da7158f5bd7c86d89a842691820259cfSan Mehat} 939ff78fb7da7158f5bd7c86d89a842691820259cfSan Mehat 94fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt// 0 1 2 3 4 5 95fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt// nat enable intface extface addrcnt nated-ipaddr/prelength 96fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwaltint NatController::enableNat(const int argc, char **argv) { 979ff78fb7da7158f5bd7c86d89a842691820259cfSan Mehat char cmd[255]; 98fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt int i; 99fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt int addrCount = atoi(argv[4]); 100fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt int ret = 0; 101fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt const char *intIface = argv[2]; 102fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt const char *extIface = argv[3]; 103fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt int tableNumber; 104fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt 105fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt if (!checkInterface(intIface) || !checkInterface(extIface)) { 1065ea0c05a1e7d8e664b808aa1bb1efd08fdb2fb13Steve Block ALOGE("Invalid interface specified"); 107fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt errno = ENODEV; 108fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt return -1; 109fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt } 1109ff78fb7da7158f5bd7c86d89a842691820259cfSan Mehat 111fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt if (argc < 5 + addrCount) { 1125ea0c05a1e7d8e664b808aa1bb1efd08fdb2fb13Steve Block ALOGE("Missing Argument"); 113fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt errno = EINVAL; 114fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt return -1; 115fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt } 116fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt 117fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt tableNumber = secondaryTableCtrl->findTableNumber(extIface); 118fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt if (tableNumber != -1) { 119c462177bd58e3bf0ac4f618934dae060569e3e0bRobert Greenwalt for(i = 0; i < addrCount; i++) { 120c462177bd58e3bf0ac4f618934dae060569e3e0bRobert Greenwalt ret |= secondaryTableCtrl->modifyFromRule(tableNumber, ADD, argv[5+i]); 121c462177bd58e3bf0ac4f618934dae060569e3e0bRobert Greenwalt 122c462177bd58e3bf0ac4f618934dae060569e3e0bRobert Greenwalt ret |= secondaryTableCtrl->modifyLocalRoute(tableNumber, ADD, intIface, argv[5+i]); 123210b97745e14830cdb1f29ee1109e6e516f4e6f6Robert Greenwalt } 124063af322b48ab1bb0c3e09eb0b64915ba568275bRobert Greenwalt runCmd(IP_PATH, "route flush cache"); 125210b97745e14830cdb1f29ee1109e6e516f4e6f6Robert Greenwalt } 126210b97745e14830cdb1f29ee1109e6e516f4e6f6Robert Greenwalt 127fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt if (ret != 0 || setForwardRules(true, intIface, extIface) != 0) { 128fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt if (tableNumber != -1) { 129fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt for (i = 0; i < addrCount; i++) { 130c462177bd58e3bf0ac4f618934dae060569e3e0bRobert Greenwalt secondaryTableCtrl->modifyLocalRoute(tableNumber, DEL, intIface, argv[5+i]); 131fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt 132c462177bd58e3bf0ac4f618934dae060569e3e0bRobert Greenwalt secondaryTableCtrl->modifyFromRule(tableNumber, DEL, argv[5+i]); 133fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt } 134063af322b48ab1bb0c3e09eb0b64915ba568275bRobert Greenwalt runCmd(IP_PATH, "route flush cache"); 135fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt } 1365ea0c05a1e7d8e664b808aa1bb1efd08fdb2fb13Steve Block ALOGE("Error setting forward rules"); 1379ff78fb7da7158f5bd7c86d89a842691820259cfSan Mehat errno = ENODEV; 1389ff78fb7da7158f5bd7c86d89a842691820259cfSan Mehat return -1; 1399ff78fb7da7158f5bd7c86d89a842691820259cfSan Mehat } 1409ff78fb7da7158f5bd7c86d89a842691820259cfSan Mehat 141fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt natCount++; 142fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt // add this if we are the first added nat 143fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt if (natCount == 1) { 144fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt snprintf(cmd, sizeof(cmd), "-t nat -A POSTROUTING -o %s -j MASQUERADE", extIface); 145fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt if (runCmd(IPTABLES_PATH, cmd)) { 1465ea0c05a1e7d8e664b808aa1bb1efd08fdb2fb13Steve Block ALOGE("Error seting postroute rule: %s", cmd); 147fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt // unwind what's been done, but don't care about success - what more could we do? 148fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt for (i = 0; i < addrCount; i++) { 149c462177bd58e3bf0ac4f618934dae060569e3e0bRobert Greenwalt secondaryTableCtrl->modifyLocalRoute(tableNumber, DEL, intIface, argv[5+i]); 150c462177bd58e3bf0ac4f618934dae060569e3e0bRobert Greenwalt 151c462177bd58e3bf0ac4f618934dae060569e3e0bRobert Greenwalt secondaryTableCtrl->modifyFromRule(tableNumber, DEL, argv[5+i]); 152fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt } 153fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt setDefaults(); 154fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt return -1; 155fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt } 156fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt } 157fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt 158fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt return 0; 159fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt} 160fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt 161fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwaltint NatController::setForwardRules(bool add, const char *intIface, const char * extIface) { 162fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt char cmd[255]; 163fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt 1649ff78fb7da7158f5bd7c86d89a842691820259cfSan Mehat snprintf(cmd, sizeof(cmd), 1651caafe66a6b927fa5d8eb4c59ec9eb48b0b1b075Robert Greenwalt "-%s FORWARD -i %s -o %s -m state --state ESTABLISHED,RELATED -j ACCEPT", 1661caafe66a6b927fa5d8eb4c59ec9eb48b0b1b075Robert Greenwalt (add ? "A" : "D"), 1679ff78fb7da7158f5bd7c86d89a842691820259cfSan Mehat extIface, intIface); 168fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt if (runCmd(IPTABLES_PATH, cmd) && add) { 1699ff78fb7da7158f5bd7c86d89a842691820259cfSan Mehat return -1; 1709ff78fb7da7158f5bd7c86d89a842691820259cfSan Mehat } 1719ff78fb7da7158f5bd7c86d89a842691820259cfSan Mehat 172ddb9f6eb8d8c35f46c1e3da68f375b85903e85c9Robert Greenwalt snprintf(cmd, sizeof(cmd), 173ddb9f6eb8d8c35f46c1e3da68f375b85903e85c9Robert Greenwalt "-%s FORWARD -i %s -o %s -m state --state INVALID -j DROP", 174ddb9f6eb8d8c35f46c1e3da68f375b85903e85c9Robert Greenwalt (add ? "A" : "D"), 175ddb9f6eb8d8c35f46c1e3da68f375b85903e85c9Robert Greenwalt intIface, extIface); 176fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt if (runCmd(IPTABLES_PATH, cmd) && add) { 177f7bf29c8a37d65e132a4dceb7c5a4200ed5c3d79Robert Greenwalt // bail on error, but only if adding 178ddb9f6eb8d8c35f46c1e3da68f375b85903e85c9Robert Greenwalt snprintf(cmd, sizeof(cmd), 179ddb9f6eb8d8c35f46c1e3da68f375b85903e85c9Robert Greenwalt "-%s FORWARD -i %s -o %s -m state --state ESTABLISHED,RELATED -j ACCEPT", 180ddb9f6eb8d8c35f46c1e3da68f375b85903e85c9Robert Greenwalt (!add ? "A" : "D"), 181ddb9f6eb8d8c35f46c1e3da68f375b85903e85c9Robert Greenwalt extIface, intIface); 182fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt runCmd(IPTABLES_PATH, cmd); 183ddb9f6eb8d8c35f46c1e3da68f375b85903e85c9Robert Greenwalt return -1; 184ddb9f6eb8d8c35f46c1e3da68f375b85903e85c9Robert Greenwalt } 185ddb9f6eb8d8c35f46c1e3da68f375b85903e85c9Robert Greenwalt 1861caafe66a6b927fa5d8eb4c59ec9eb48b0b1b075Robert Greenwalt snprintf(cmd, sizeof(cmd), "-%s FORWARD -i %s -o %s -j ACCEPT", (add ? "A" : "D"), 1871caafe66a6b927fa5d8eb4c59ec9eb48b0b1b075Robert Greenwalt intIface, extIface); 188fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt if (runCmd(IPTABLES_PATH, cmd) && add) { 189210b97745e14830cdb1f29ee1109e6e516f4e6f6Robert Greenwalt // unwind what's been done, but don't care about success - what more could we do? 190210b97745e14830cdb1f29ee1109e6e516f4e6f6Robert Greenwalt snprintf(cmd, sizeof(cmd), 191ddb9f6eb8d8c35f46c1e3da68f375b85903e85c9Robert Greenwalt "-%s FORWARD -i %s -o %s -m state --state INVALID -j DROP", 192ddb9f6eb8d8c35f46c1e3da68f375b85903e85c9Robert Greenwalt (!add ? "A" : "D"), 193ddb9f6eb8d8c35f46c1e3da68f375b85903e85c9Robert Greenwalt intIface, extIface); 194fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt runCmd(IPTABLES_PATH, cmd); 195ddb9f6eb8d8c35f46c1e3da68f375b85903e85c9Robert Greenwalt 196ddb9f6eb8d8c35f46c1e3da68f375b85903e85c9Robert Greenwalt snprintf(cmd, sizeof(cmd), 197210b97745e14830cdb1f29ee1109e6e516f4e6f6Robert Greenwalt "-%s FORWARD -i %s -o %s -m state --state ESTABLISHED,RELATED -j ACCEPT", 198210b97745e14830cdb1f29ee1109e6e516f4e6f6Robert Greenwalt (!add ? "A" : "D"), 199210b97745e14830cdb1f29ee1109e6e516f4e6f6Robert Greenwalt extIface, intIface); 200fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt runCmd(IPTABLES_PATH, cmd); 2019ff78fb7da7158f5bd7c86d89a842691820259cfSan Mehat return -1; 2029ff78fb7da7158f5bd7c86d89a842691820259cfSan Mehat } 203fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt return 0; 204fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt} 2059ff78fb7da7158f5bd7c86d89a842691820259cfSan Mehat 206fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt// nat disable intface extface 207fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt// 0 1 2 3 4 5 208fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt// nat enable intface extface addrcnt nated-ipaddr/prelength 209fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwaltint NatController::disableNat(const int argc, char **argv) { 210fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt char cmd[255]; 211fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt int i; 212fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt int addrCount = atoi(argv[4]); 213fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt const char *intIface = argv[2]; 214fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt const char *extIface = argv[3]; 215fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt int tableNumber; 216fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt 217fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt if (!checkInterface(intIface) || !checkInterface(extIface)) { 2185ea0c05a1e7d8e664b808aa1bb1efd08fdb2fb13Steve Block ALOGE("Invalid interface specified"); 219fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt errno = ENODEV; 220fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt return -1; 2219ff78fb7da7158f5bd7c86d89a842691820259cfSan Mehat } 2229ff78fb7da7158f5bd7c86d89a842691820259cfSan Mehat 223fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt if (argc < 5 + addrCount) { 2245ea0c05a1e7d8e664b808aa1bb1efd08fdb2fb13Steve Block ALOGE("Missing Argument"); 225fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt errno = EINVAL; 226fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt return -1; 227210b97745e14830cdb1f29ee1109e6e516f4e6f6Robert Greenwalt } 2289ff78fb7da7158f5bd7c86d89a842691820259cfSan Mehat 229fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt setForwardRules(false, intIface, extIface); 2301caafe66a6b927fa5d8eb4c59ec9eb48b0b1b075Robert Greenwalt 231fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt tableNumber = secondaryTableCtrl->findTableNumber(extIface); 232fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt if (tableNumber != -1) { 233fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt for (i = 0; i < addrCount; i++) { 234c462177bd58e3bf0ac4f618934dae060569e3e0bRobert Greenwalt secondaryTableCtrl->modifyLocalRoute(tableNumber, DEL, intIface, argv[5+i]); 235c462177bd58e3bf0ac4f618934dae060569e3e0bRobert Greenwalt 236c462177bd58e3bf0ac4f618934dae060569e3e0bRobert Greenwalt secondaryTableCtrl->modifyFromRule(tableNumber, DEL, argv[5+i]); 237fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt } 238063af322b48ab1bb0c3e09eb0b64915ba568275bRobert Greenwalt 239063af322b48ab1bb0c3e09eb0b64915ba568275bRobert Greenwalt runCmd(IP_PATH, "route flush cache"); 240fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt } 241fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt 242fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt if (--natCount <= 0) { 2434ab468577647d1ee73810b89d2287eaa5546fecbKazuhiro Ondo // handle decrement to 0 case (do reset to defaults) and erroneous dec below 0 2444ab468577647d1ee73810b89d2287eaa5546fecbKazuhiro Ondo setDefaults(); 245fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt } 246fc97b82e02979f246d56a4bfd60e4aab8686d3f6Robert Greenwalt return 0; 2479ff78fb7da7158f5bd7c86d89a842691820259cfSan Mehat} 248