// nat disable intface extface
//  0    1       2       3       4            5
// nat enable intface extface addrcnt nated-ipaddr/prelength
int NatController::disableNat(const int argc, char **argv) {
    int i;
    int addrCount = atoi(argv[4]);
    const char *intIface = argv[2];
    const char *extIface = argv[3];
    int tableNumber;

    if (!checkInterface(intIface) || !checkInterface(extIface)) {
        ALOGE("Invalid interface specified");
        errno = ENODEV;
        return -1;
    }

    if (argc < 5 + addrCount) {
        ALOGE("Missing Argument");
        errno = EINVAL;
        return -1;
    }

    setForwardRules(false, intIface, extIface);
    routesOp(false, intIface, extIface, argv, addrCount);
    if (--natCount <= 0) {
        // handle decrement to 0 case (do reset to defaults) and erroneous dec below 0
        setDefaults();
    }
    return 0;
}
示例#2
0
// nat disable intface extface
//  0    1       2       3       4            5
// nat enable intface extface addrcnt nated-ipaddr/prelength
int NatController::disableNat(const int argc, char **argv) {
    char cmd[255];
    int i;
    int addrCount = atoi(argv[4]);
    const char *intIface = argv[2];
    const char *extIface = argv[3];
    int tableNumber;

    if (!checkInterface(intIface) || !checkInterface(extIface)) {
        LOGE("Invalid interface specified");
        errno = ENODEV;
        return -1;
    }

    if (argc < 5 + addrCount) {
        LOGE("Missing Argument");
        errno = EINVAL;
        return -1;
    }

    setForwardRules(false, intIface, extIface);

    tableNumber = secondaryTableCtrl->findTableNumber(extIface);
    if (tableNumber != -1) {
        for (i = 0; i < addrCount; i++) {
            snprintf(cmd, sizeof(cmd), "route del %s dev %s table %d", argv[5+i], intIface,
                    tableNumber + BASE_TABLE_NUMBER);
            // if the interface has gone down these will be gone already and give errors
            // ignore them.
            runCmd(IP_PATH, cmd);

            snprintf(cmd, sizeof(cmd), "%s rule del from %s table %d", getVersion(argv[5+i]),
                    argv[5+i], tableNumber + BASE_TABLE_NUMBER);
            runCmd(IP_PATH, cmd);
        }

        runCmd(IP_PATH, "route flush cache");
    }

    if (--natCount <= 0) {
        // handle decrement to 0 case (do reset to defaults) and erroneous dec below 0
        setDefaults();
    }
    return 0;
}
示例#3
0
// nat disable intface extface
//  0    1       2       3       4            5
// nat enable intface extface addrcnt nated-ipaddr/prelength
int NatController::disableNat(const int argc, char **argv) {
    char cmd[255];
    int i;
    int addrCount = atoi(argv[4]);
    const char *intIface = argv[2];
    const char *extIface = argv[3];
    int tableNumber;

    if (!checkInterface(intIface) || !checkInterface(extIface)) {
        ALOGE("Invalid interface specified");
        errno = ENODEV;
        return -1;
    }

    if (argc < 5 + addrCount) {
        ALOGE("Missing Argument");
        errno = EINVAL;
        return -1;
    }

    setForwardRules(false, intIface, extIface);

    tableNumber = secondaryTableCtrl->findTableNumber(extIface);
    if (tableNumber != -1) {
        for (i = 0; i < addrCount; i++) {
            secondaryTableCtrl->modifyLocalRoute(tableNumber, DEL, intIface, argv[5+i]);

            secondaryTableCtrl->modifyFromRule(tableNumber, DEL, argv[5+i]);
        }

        runCmd(IP_PATH, "route flush cache");
    }

    if (--natCount <= 0) {
        // handle decrement to 0 case (do reset to defaults) and erroneous dec below 0
        setDefaults();
    }
	ALOGI("disableNat: natCount = %d", natCount);
    return 0;
}
//  0    1       2       3       4            5
// nat enable intface extface addrcnt nated-ipaddr/prelength
int NatController::enableNat(const int argc, char **argv) {
    int i;
    int addrCount = atoi(argv[4]);
    const char *intIface = argv[2];
    const char *extIface = argv[3];
    int tableNumber;

    ALOGV("enableNat(intIface=<%s>, extIface=<%s>)",intIface, extIface);

    if (!checkInterface(intIface) || !checkInterface(extIface)) {
        ALOGE("Invalid interface specified");
        errno = ENODEV;
        return -1;
    }

    /* Bug: b/9565268. "enableNat wlan0 wlan0". For now we fail until java-land is fixed */
    if (!strcmp(intIface, extIface)) {
        ALOGE("Duplicate interface specified: %s %s", intIface, extIface);
        errno = EINVAL;
        return -1;
    }

    if (argc < 5 + addrCount) {
        ALOGE("Missing Argument");
        errno = EINVAL;
        return -1;
    }
    if (routesOp(true, intIface, extIface, argv, addrCount)) {
        ALOGE("Error setting route rules");
        routesOp(false, intIface, extIface, argv, addrCount);
        errno = ENODEV;
        return -1;
    }

    // add this if we are the first added nat
    if (natCount == 0) {
        const char *cmd[] = {
                IPTABLES_PATH,
                "-t",
                "nat",
                "-A",
                LOCAL_NAT_POSTROUTING,
                "-o",
                extIface,
                "-j",
                "MASQUERADE"
        };
        if (runCmd(ARRAY_SIZE(cmd), cmd)) {
            ALOGE("Error seting postroute rule: iface=%s", extIface);
            // unwind what's been done, but don't care about success - what more could we do?
            routesOp(false, intIface, extIface, argv, addrCount);
            setDefaults();
            return -1;
        }
    }


    if (setForwardRules(true, intIface, extIface) != 0) {
        ALOGE("Error setting forward rules");
        routesOp(false, intIface, extIface, argv, addrCount);
        if (natCount == 0) {
            setDefaults();
        }
        errno = ENODEV;
        return -1;
    }

    /* Always make sure the drop rule is at the end */
    const char *cmd1[] = {
            IPTABLES_PATH,
            "-D",
            LOCAL_FORWARD,
            "-j",
            "DROP"
    };
    runCmd(ARRAY_SIZE(cmd1), cmd1);
    const char *cmd2[] = {
            IPTABLES_PATH,
            "-A",
            LOCAL_FORWARD,
            "-j",
            "DROP"
    };
    runCmd(ARRAY_SIZE(cmd2), cmd2);

    natCount++;
    return 0;
}
示例#5
0
//  0    1       2       3       4            5
// nat enable intface extface addrcnt nated-ipaddr/prelength
int NatController::enableNat(const int argc, char **argv) {
    char cmd[255];
    int i;
    int addrCount = atoi(argv[4]);
    int ret = 0;
    const char *intIface = argv[2];
    const char *extIface = argv[3];
    int tableNumber;

    if (!checkInterface(intIface) || !checkInterface(extIface)) {
        LOGE("Invalid interface specified");
        errno = ENODEV;
        return -1;
    }

    if (argc < 5 + addrCount) {
        LOGE("Missing Argument");
        errno = EINVAL;
        return -1;
    }

    tableNumber = secondaryTableCtrl->findTableNumber(extIface);
    if (tableNumber != -1) {
        for(i = 0; i < addrCount && ret == 0; i++) {
            snprintf(cmd, sizeof(cmd), "%s rule add from %s table %d", getVersion(argv[5+i]),
                    argv[5+i], tableNumber + BASE_TABLE_NUMBER);
            ret |= runCmd(IP_PATH, cmd);
            if (ret) LOGE("IP rule %s got %d", cmd, ret);

            snprintf(cmd, sizeof(cmd), "route add %s dev %s table %d", argv[5+i], intIface,
                    tableNumber + BASE_TABLE_NUMBER);
            ret |= runCmd(IP_PATH, cmd);
            if (ret) LOGE("IP route %s got %d", cmd, ret);
        }
        runCmd(IP_PATH, "route flush cache");
    }

    if (ret != 0 || setForwardRules(true, intIface, extIface) != 0) {
        if (tableNumber != -1) {
            for (i = 0; i < addrCount; i++) {
                snprintf(cmd, sizeof(cmd), "route del %s dev %s table %d", argv[5+i], intIface,
                        tableNumber + BASE_TABLE_NUMBER);
                runCmd(IP_PATH, cmd);

                snprintf(cmd, sizeof(cmd), "%s rule del from %s table %d", getVersion(argv[5+i]),
                        argv[5+i], tableNumber + BASE_TABLE_NUMBER);
                runCmd(IP_PATH, cmd);
            }
            runCmd(IP_PATH, "route flush cache");
        }
        LOGE("Error setting forward rules");
        errno = ENODEV;
        return -1;
    }

    natCount++;
    // add this if we are the first added nat
    if (natCount == 1) {
        snprintf(cmd, sizeof(cmd), "-t nat -A POSTROUTING -o %s -j MASQUERADE", extIface);
        if (runCmd(IPTABLES_PATH, cmd)) {
            LOGE("Error seting postroute rule: %s", cmd);
            // unwind what's been done, but don't care about success - what more could we do?
            for (i = 0; i < addrCount; i++) {
                snprintf(cmd, sizeof(cmd), "route del %s dev %s table %d", argv[5+i], intIface,
                        tableNumber + BASE_TABLE_NUMBER);
                runCmd(IP_PATH, cmd);
            }
            setDefaults();
            return -1;
        }

        if (runCmd(IPTABLES_PATH, "-t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu"))
            LOGW("Unable to set TCPMSS rule (may not be supported by kernel).");
    }

    return 0;
}
示例#6
0
//  0    1       2       3       4            5
// nat enable intface extface addrcnt nated-ipaddr/prelength
int NatController::enableNat(const int argc, char **argv) {
    char cmd[255];
    int i;
    int addrCount = atoi(argv[4]);
    int ret = 0;
    const char *intIface = argv[2];
    const char *extIface = argv[3];
    int tableNumber;

    if (!checkInterface(intIface) || !checkInterface(extIface)) {
        ALOGE("Invalid interface specified");
        errno = ENODEV;
        return -1;
    }

    if (argc < 5 + addrCount) {
        ALOGE("Missing Argument");
        errno = EINVAL;
        return -1;
    }

    tableNumber = secondaryTableCtrl->findTableNumber(extIface);
    if (tableNumber != -1) {
        for(i = 0; i < addrCount; i++) {
            ret |= secondaryTableCtrl->modifyFromRule(tableNumber, ADD, argv[5+i]);
            //ALPS00338128
            //ignore the result to protect the tether class from stoping the tethering 
            secondaryTableCtrl->modifyLocalRoute(tableNumber, ADD, intIface, argv[5+i]);
        }
        runCmd(IP_PATH, "route flush cache");
    }

    if (ret != 0 || setForwardRules(true, intIface, extIface) != 0) {
        if (tableNumber != -1) {
            for (i = 0; i < addrCount; i++) {
                secondaryTableCtrl->modifyLocalRoute(tableNumber, DEL, intIface, argv[5+i]);

                secondaryTableCtrl->modifyFromRule(tableNumber, DEL, argv[5+i]);
            }
            runCmd(IP_PATH, "route flush cache");
        }
        ALOGE("Error setting forward rules");
        errno = ENODEV;
        return -1;
    }

    /* Always make sure the drop rule is at the end */
    snprintf(cmd, sizeof(cmd), "-D natctrl_FORWARD -j DROP");
    runCmd(IPTABLES_PATH, cmd);
    snprintf(cmd, sizeof(cmd), "-A natctrl_FORWARD -j DROP");
    runCmd(IPTABLES_PATH, cmd);


    natCount++;
	ALOGI("enablenat: natCount = %d", natCount);
    // add this if we are the first added nat
    if (natCount == 1) {
        snprintf(cmd, sizeof(cmd), "-t nat -A natctrl_nat_POSTROUTING -o %s -j MASQUERADE", extIface);
        if (runCmd(IPTABLES_PATH, cmd)) {
            ALOGE("Error seting postroute rule: %s", cmd);
            // unwind what's been done, but don't care about success - what more could we do?
            for (i = 0; i < addrCount; i++) {
                secondaryTableCtrl->modifyLocalRoute(tableNumber, DEL, intIface, argv[5+i]);

                secondaryTableCtrl->modifyFromRule(tableNumber, DEL, argv[5+i]);
            }
            setDefaults();
            return -1;
        }
    }

    return 0;
}