1 /*
2 * Copyright (C) 2011 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #define LOG_NDEBUG 0
18
19 #define LOG_TAG "VpnJni"
20
21 #include <arpa/inet.h>
22 #include <errno.h>
23 #include <fcntl.h>
24 #include <linux/if.h>
25 #include <linux/if_tun.h>
26 #include <linux/route.h>
27 #include <linux/ipv6_route.h>
28 #include <netinet/in.h>
29 #include <stdio.h>
30 #include <string.h>
31 #include <sys/ioctl.h>
32 #include <sys/socket.h>
33 #include <sys/stat.h>
34 #include <sys/types.h>
35
36 #include <log/log.h>
37 #include <android/log.h>
38
39 #include "netutils/ifc.h"
40
41 #include "jni.h"
42 #include <nativehelper/JNIHelp.h>
43
44 namespace android
45 {
46
47 static int inet4 = -1;
48 static int inet6 = -1;
49
as_in_addr(sockaddr * sa)50 static inline in_addr_t *as_in_addr(sockaddr *sa) {
51 return &((sockaddr_in *)sa)->sin_addr.s_addr;
52 }
53
54 //------------------------------------------------------------------------------
55
56 #define SYSTEM_ERROR (-1)
57 #define BAD_ARGUMENT (-2)
58
create_interface(int mtu)59 static int create_interface(int mtu)
60 {
61 int tun = open("/dev/tun", O_RDWR | O_NONBLOCK | O_CLOEXEC);
62
63 ifreq ifr4;
64 memset(&ifr4, 0, sizeof(ifr4));
65
66 // Allocate interface.
67 ifr4.ifr_flags = IFF_TUN | IFF_NO_PI;
68 if (ioctl(tun, TUNSETIFF, &ifr4)) {
69 ALOGE("Cannot allocate TUN: %s", strerror(errno));
70 goto error;
71 }
72
73 // Activate interface.
74 ifr4.ifr_flags = IFF_UP;
75 if (ioctl(inet4, SIOCSIFFLAGS, &ifr4)) {
76 ALOGE("Cannot activate %s: %s", ifr4.ifr_name, strerror(errno));
77 goto error;
78 }
79
80 // Set MTU if it is specified.
81 ifr4.ifr_mtu = mtu;
82 if (mtu > 0 && ioctl(inet4, SIOCSIFMTU, &ifr4)) {
83 ALOGE("Cannot set MTU on %s: %s", ifr4.ifr_name, strerror(errno));
84 goto error;
85 }
86
87 return tun;
88
89 error:
90 close(tun);
91 return SYSTEM_ERROR;
92 }
93
get_interface_name(char * name,int tun)94 static int get_interface_name(char *name, int tun)
95 {
96 ifreq ifr4;
97 if (ioctl(tun, TUNGETIFF, &ifr4)) {
98 ALOGE("Cannot get interface name: %s", strerror(errno));
99 return SYSTEM_ERROR;
100 }
101 strncpy(name, ifr4.ifr_name, IFNAMSIZ);
102 return 0;
103 }
104
get_interface_index(const char * name)105 static int get_interface_index(const char *name)
106 {
107 ifreq ifr4;
108 strncpy(ifr4.ifr_name, name, IFNAMSIZ);
109 if (ioctl(inet4, SIOGIFINDEX, &ifr4)) {
110 ALOGE("Cannot get index of %s: %s", name, strerror(errno));
111 return SYSTEM_ERROR;
112 }
113 return ifr4.ifr_ifindex;
114 }
115
set_addresses(const char * name,const char * addresses)116 static int set_addresses(const char *name, const char *addresses)
117 {
118 int index = get_interface_index(name);
119 if (index < 0) {
120 return index;
121 }
122
123 ifreq ifr4;
124 memset(&ifr4, 0, sizeof(ifr4));
125 strncpy(ifr4.ifr_name, name, IFNAMSIZ);
126 ifr4.ifr_addr.sa_family = AF_INET;
127 ifr4.ifr_netmask.sa_family = AF_INET;
128
129 in6_ifreq ifr6;
130 memset(&ifr6, 0, sizeof(ifr6));
131 ifr6.ifr6_ifindex = index;
132
133 char address[65];
134 int prefix;
135 int chars;
136 int count = 0;
137
138 while (sscanf(addresses, " %64[^/]/%d %n", address, &prefix, &chars) == 2) {
139 addresses += chars;
140
141 if (strchr(address, ':')) {
142 // Add an IPv6 address.
143 if (inet_pton(AF_INET6, address, &ifr6.ifr6_addr) != 1 ||
144 prefix < 0 || prefix > 128) {
145 count = BAD_ARGUMENT;
146 break;
147 }
148
149 ifr6.ifr6_prefixlen = prefix;
150 if (ioctl(inet6, SIOCSIFADDR, &ifr6)) {
151 count = (errno == EINVAL) ? BAD_ARGUMENT : SYSTEM_ERROR;
152 break;
153 }
154 } else {
155 // Add an IPv4 address.
156 if (inet_pton(AF_INET, address, as_in_addr(&ifr4.ifr_addr)) != 1 ||
157 prefix < 0 || prefix > 32) {
158 count = BAD_ARGUMENT;
159 break;
160 }
161
162 if (count) {
163 snprintf(ifr4.ifr_name, sizeof(ifr4.ifr_name), "%s:%d", name, count);
164 }
165 if (ioctl(inet4, SIOCSIFADDR, &ifr4)) {
166 count = (errno == EINVAL) ? BAD_ARGUMENT : SYSTEM_ERROR;
167 break;
168 }
169
170 in_addr_t mask = prefix ? (~0 << (32 - prefix)) : 0;
171 *as_in_addr(&ifr4.ifr_netmask) = htonl(mask);
172 if (ioctl(inet4, SIOCSIFNETMASK, &ifr4)) {
173 count = (errno == EINVAL) ? BAD_ARGUMENT : SYSTEM_ERROR;
174 break;
175 }
176 }
177 ALOGD("Address added on %s: %s/%d", name, address, prefix);
178 ++count;
179 }
180
181 if (count == BAD_ARGUMENT) {
182 ALOGE("Invalid address: %s/%d", address, prefix);
183 } else if (count == SYSTEM_ERROR) {
184 ALOGE("Cannot add address: %s/%d: %s", address, prefix, strerror(errno));
185 } else if (*addresses) {
186 ALOGE("Invalid address: %s", addresses);
187 count = BAD_ARGUMENT;
188 }
189
190 return count;
191 }
192
reset_interface(const char * name)193 static int reset_interface(const char *name)
194 {
195 ifreq ifr4;
196 strncpy(ifr4.ifr_name, name, IFNAMSIZ);
197 ifr4.ifr_flags = 0;
198
199 if (ioctl(inet4, SIOCSIFFLAGS, &ifr4) && errno != ENODEV) {
200 ALOGE("Cannot reset %s: %s", name, strerror(errno));
201 return SYSTEM_ERROR;
202 }
203 return 0;
204 }
205
check_interface(const char * name)206 static int check_interface(const char *name)
207 {
208 ifreq ifr4;
209 strncpy(ifr4.ifr_name, name, IFNAMSIZ);
210 ifr4.ifr_flags = 0;
211
212 if (ioctl(inet4, SIOCGIFFLAGS, &ifr4) && errno != ENODEV) {
213 ALOGE("Cannot check %s: %s", name, strerror(errno));
214 }
215 return ifr4.ifr_flags;
216 }
217
modifyAddress(JNIEnv * env,jobject thiz,jstring jName,jstring jAddress,jint jPrefixLength,bool add)218 static bool modifyAddress(JNIEnv *env, jobject thiz, jstring jName, jstring jAddress,
219 jint jPrefixLength, bool add)
220 {
221 int error = SYSTEM_ERROR;
222 const char *name = jName ? env->GetStringUTFChars(jName, NULL) : NULL;
223 const char *address = jAddress ? env->GetStringUTFChars(jAddress, NULL) : NULL;
224
225 if (!name) {
226 jniThrowNullPointerException(env, "name");
227 } else if (!address) {
228 jniThrowNullPointerException(env, "address");
229 } else {
230 if (add) {
231 if ((error = ifc_add_address(name, address, jPrefixLength)) != 0) {
232 ALOGE("Cannot add address %s/%d on interface %s (%s)", address, jPrefixLength, name,
233 strerror(-error));
234 }
235 } else {
236 if ((error = ifc_del_address(name, address, jPrefixLength)) != 0) {
237 ALOGE("Cannot del address %s/%d on interface %s (%s)", address, jPrefixLength, name,
238 strerror(-error));
239 }
240 }
241 }
242
243 if (name) {
244 env->ReleaseStringUTFChars(jName, name);
245 }
246 if (address) {
247 env->ReleaseStringUTFChars(jAddress, address);
248 }
249 return !error;
250 }
251
252 //------------------------------------------------------------------------------
253
throwException(JNIEnv * env,int error,const char * message)254 static void throwException(JNIEnv *env, int error, const char *message)
255 {
256 if (error == SYSTEM_ERROR) {
257 jniThrowException(env, "java/lang/IllegalStateException", message);
258 } else {
259 jniThrowException(env, "java/lang/IllegalArgumentException", message);
260 }
261 }
262
create(JNIEnv * env,jobject,jint mtu)263 static jint create(JNIEnv *env, jobject /* thiz */, jint mtu)
264 {
265 int tun = create_interface(mtu);
266 if (tun < 0) {
267 throwException(env, tun, "Cannot create interface");
268 return -1;
269 }
270 return tun;
271 }
272
getName(JNIEnv * env,jobject,jint tun)273 static jstring getName(JNIEnv *env, jobject /* thiz */, jint tun)
274 {
275 char name[IFNAMSIZ];
276 if (get_interface_name(name, tun) < 0) {
277 throwException(env, SYSTEM_ERROR, "Cannot get interface name");
278 return NULL;
279 }
280 return env->NewStringUTF(name);
281 }
282
setAddresses(JNIEnv * env,jobject,jstring jName,jstring jAddresses)283 static jint setAddresses(JNIEnv *env, jobject /* thiz */, jstring jName,
284 jstring jAddresses)
285 {
286 const char *name = NULL;
287 const char *addresses = NULL;
288 int count = -1;
289
290 name = jName ? env->GetStringUTFChars(jName, NULL) : NULL;
291 if (!name) {
292 jniThrowNullPointerException(env, "name");
293 goto error;
294 }
295 addresses = jAddresses ? env->GetStringUTFChars(jAddresses, NULL) : NULL;
296 if (!addresses) {
297 jniThrowNullPointerException(env, "addresses");
298 goto error;
299 }
300 count = set_addresses(name, addresses);
301 if (count < 0) {
302 throwException(env, count, "Cannot set address");
303 count = -1;
304 }
305
306 error:
307 if (name) {
308 env->ReleaseStringUTFChars(jName, name);
309 }
310 if (addresses) {
311 env->ReleaseStringUTFChars(jAddresses, addresses);
312 }
313 return count;
314 }
315
reset(JNIEnv * env,jobject,jstring jName)316 static void reset(JNIEnv *env, jobject /* thiz */, jstring jName)
317 {
318 const char *name = jName ? env->GetStringUTFChars(jName, NULL) : NULL;
319 if (!name) {
320 jniThrowNullPointerException(env, "name");
321 return;
322 }
323 if (reset_interface(name) < 0) {
324 throwException(env, SYSTEM_ERROR, "Cannot reset interface");
325 }
326 env->ReleaseStringUTFChars(jName, name);
327 }
328
check(JNIEnv * env,jobject,jstring jName)329 static jint check(JNIEnv *env, jobject /* thiz */, jstring jName)
330 {
331 const char *name = jName ? env->GetStringUTFChars(jName, NULL) : NULL;
332 if (!name) {
333 jniThrowNullPointerException(env, "name");
334 return 0;
335 }
336 int flags = check_interface(name);
337 env->ReleaseStringUTFChars(jName, name);
338 return flags;
339 }
340
addAddress(JNIEnv * env,jobject thiz,jstring jName,jstring jAddress,jint jPrefixLength)341 static bool addAddress(JNIEnv *env, jobject thiz, jstring jName, jstring jAddress,
342 jint jPrefixLength)
343 {
344 return modifyAddress(env, thiz, jName, jAddress, jPrefixLength, true);
345 }
346
delAddress(JNIEnv * env,jobject thiz,jstring jName,jstring jAddress,jint jPrefixLength)347 static bool delAddress(JNIEnv *env, jobject thiz, jstring jName, jstring jAddress,
348 jint jPrefixLength)
349 {
350 return modifyAddress(env, thiz, jName, jAddress, jPrefixLength, false);
351 }
352
353 //------------------------------------------------------------------------------
354
355 static const JNINativeMethod gMethods[] = {
356 {"jniCreate", "(I)I", (void *)create},
357 {"jniGetName", "(I)Ljava/lang/String;", (void *)getName},
358 {"jniSetAddresses", "(Ljava/lang/String;Ljava/lang/String;)I", (void *)setAddresses},
359 {"jniReset", "(Ljava/lang/String;)V", (void *)reset},
360 {"jniCheck", "(Ljava/lang/String;)I", (void *)check},
361 {"jniAddAddress", "(Ljava/lang/String;Ljava/lang/String;I)Z", (void *)addAddress},
362 {"jniDelAddress", "(Ljava/lang/String;Ljava/lang/String;I)Z", (void *)delAddress},
363 };
364
register_android_server_connectivity_Vpn(JNIEnv * env)365 int register_android_server_connectivity_Vpn(JNIEnv *env)
366 {
367 if (inet4 == -1) {
368 inet4 = socket(AF_INET, SOCK_DGRAM, 0);
369 }
370 if (inet6 == -1) {
371 inet6 = socket(AF_INET6, SOCK_DGRAM, 0);
372 }
373 return jniRegisterNativeMethods(env, "com/android/server/connectivity/Vpn",
374 gMethods, NELEM(gMethods));
375 }
376
377 };
378