1 /* 2 * Copyright (C) 2011 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #define LOG_NDEBUG 0 18 19 #define LOG_TAG "VpnJni" 20 21 #include <arpa/inet.h> 22 #include <errno.h> 23 #include <fcntl.h> 24 #include <linux/if.h> 25 #include <linux/if_tun.h> 26 #include <linux/route.h> 27 #include <linux/ipv6_route.h> 28 #include <netinet/in.h> 29 #include <stdio.h> 30 #include <string.h> 31 #include <sys/ioctl.h> 32 #include <sys/socket.h> 33 #include <sys/stat.h> 34 #include <sys/types.h> 35 36 #include <log/log.h> 37 38 #include "netutils/ifc.h" 39 40 #include "jni.h" 41 #include <nativehelper/JNIHelp.h> 42 43 namespace android 44 { 45 46 static int inet4 = -1; 47 static int inet6 = -1; 48 49 static inline in_addr_t *as_in_addr(sockaddr *sa) { 50 return &((sockaddr_in *)sa)->sin_addr.s_addr; 51 } 52 53 //------------------------------------------------------------------------------ 54 55 #define SYSTEM_ERROR (-1) 56 #define BAD_ARGUMENT (-2) 57 58 static int create_interface(int mtu) 59 { 60 int tun = open("/dev/tun", O_RDWR | O_NONBLOCK); 61 62 ifreq ifr4; 63 memset(&ifr4, 0, sizeof(ifr4)); 64 65 // Allocate interface. 66 ifr4.ifr_flags = IFF_TUN | IFF_NO_PI; 67 if (ioctl(tun, TUNSETIFF, &ifr4)) { 68 ALOGE("Cannot allocate TUN: %s", strerror(errno)); 69 goto error; 70 } 71 72 // Activate interface. 73 ifr4.ifr_flags = IFF_UP; 74 if (ioctl(inet4, SIOCSIFFLAGS, &ifr4)) { 75 ALOGE("Cannot activate %s: %s", ifr4.ifr_name, strerror(errno)); 76 goto error; 77 } 78 79 // Set MTU if it is specified. 80 ifr4.ifr_mtu = mtu; 81 if (mtu > 0 && ioctl(inet4, SIOCSIFMTU, &ifr4)) { 82 ALOGE("Cannot set MTU on %s: %s", ifr4.ifr_name, strerror(errno)); 83 goto error; 84 } 85 86 return tun; 87 88 error: 89 close(tun); 90 return SYSTEM_ERROR; 91 } 92 93 static int get_interface_name(char *name, int tun) 94 { 95 ifreq ifr4; 96 if (ioctl(tun, TUNGETIFF, &ifr4)) { 97 ALOGE("Cannot get interface name: %s", strerror(errno)); 98 return SYSTEM_ERROR; 99 } 100 strncpy(name, ifr4.ifr_name, IFNAMSIZ); 101 return 0; 102 } 103 104 static int get_interface_index(const char *name) 105 { 106 ifreq ifr4; 107 strncpy(ifr4.ifr_name, name, IFNAMSIZ); 108 if (ioctl(inet4, SIOGIFINDEX, &ifr4)) { 109 ALOGE("Cannot get index of %s: %s", name, strerror(errno)); 110 return SYSTEM_ERROR; 111 } 112 return ifr4.ifr_ifindex; 113 } 114 115 static int set_addresses(const char *name, const char *addresses) 116 { 117 int index = get_interface_index(name); 118 if (index < 0) { 119 return index; 120 } 121 122 ifreq ifr4; 123 memset(&ifr4, 0, sizeof(ifr4)); 124 strncpy(ifr4.ifr_name, name, IFNAMSIZ); 125 ifr4.ifr_addr.sa_family = AF_INET; 126 ifr4.ifr_netmask.sa_family = AF_INET; 127 128 in6_ifreq ifr6; 129 memset(&ifr6, 0, sizeof(ifr6)); 130 ifr6.ifr6_ifindex = index; 131 132 char address[65]; 133 int prefix; 134 int chars; 135 int count = 0; 136 137 while (sscanf(addresses, " %64[^/]/%d %n", address, &prefix, &chars) == 2) { 138 addresses += chars; 139 140 if (strchr(address, ':')) { 141 // Add an IPv6 address. 142 if (inet_pton(AF_INET6, address, &ifr6.ifr6_addr) != 1 || 143 prefix < 0 || prefix > 128) { 144 count = BAD_ARGUMENT; 145 break; 146 } 147 148 ifr6.ifr6_prefixlen = prefix; 149 if (ioctl(inet6, SIOCSIFADDR, &ifr6)) { 150 count = (errno == EINVAL) ? BAD_ARGUMENT : SYSTEM_ERROR; 151 break; 152 } 153 } else { 154 // Add an IPv4 address. 155 if (inet_pton(AF_INET, address, as_in_addr(&ifr4.ifr_addr)) != 1 || 156 prefix < 0 || prefix > 32) { 157 count = BAD_ARGUMENT; 158 break; 159 } 160 161 if (count) { 162 snprintf(ifr4.ifr_name, sizeof(ifr4.ifr_name), "%s:%d", name, count); 163 } 164 if (ioctl(inet4, SIOCSIFADDR, &ifr4)) { 165 count = (errno == EINVAL) ? BAD_ARGUMENT : SYSTEM_ERROR; 166 break; 167 } 168 169 in_addr_t mask = prefix ? (~0 << (32 - prefix)) : 0; 170 *as_in_addr(&ifr4.ifr_netmask) = htonl(mask); 171 if (ioctl(inet4, SIOCSIFNETMASK, &ifr4)) { 172 count = (errno == EINVAL) ? BAD_ARGUMENT : SYSTEM_ERROR; 173 break; 174 } 175 } 176 ALOGD("Address added on %s: %s/%d", name, address, prefix); 177 ++count; 178 } 179 180 if (count == BAD_ARGUMENT) { 181 ALOGE("Invalid address: %s/%d", address, prefix); 182 } else if (count == SYSTEM_ERROR) { 183 ALOGE("Cannot add address: %s/%d: %s", address, prefix, strerror(errno)); 184 } else if (*addresses) { 185 ALOGE("Invalid address: %s", addresses); 186 count = BAD_ARGUMENT; 187 } 188 189 return count; 190 } 191 192 static int reset_interface(const char *name) 193 { 194 ifreq ifr4; 195 strncpy(ifr4.ifr_name, name, IFNAMSIZ); 196 ifr4.ifr_flags = 0; 197 198 if (ioctl(inet4, SIOCSIFFLAGS, &ifr4) && errno != ENODEV) { 199 ALOGE("Cannot reset %s: %s", name, strerror(errno)); 200 return SYSTEM_ERROR; 201 } 202 return 0; 203 } 204 205 static int check_interface(const char *name) 206 { 207 ifreq ifr4; 208 strncpy(ifr4.ifr_name, name, IFNAMSIZ); 209 ifr4.ifr_flags = 0; 210 211 if (ioctl(inet4, SIOCGIFFLAGS, &ifr4) && errno != ENODEV) { 212 ALOGE("Cannot check %s: %s", name, strerror(errno)); 213 } 214 return ifr4.ifr_flags; 215 } 216 217 static bool modifyAddress(JNIEnv *env, jobject thiz, jstring jName, jstring jAddress, 218 jint jPrefixLength, bool add) 219 { 220 int error = SYSTEM_ERROR; 221 const char *name = jName ? env->GetStringUTFChars(jName, NULL) : NULL; 222 const char *address = jAddress ? env->GetStringUTFChars(jAddress, NULL) : NULL; 223 224 if (!name) { 225 jniThrowNullPointerException(env, "name"); 226 } else if (!address) { 227 jniThrowNullPointerException(env, "address"); 228 } else { 229 if (add) { 230 if ((error = ifc_add_address(name, address, jPrefixLength)) != 0) { 231 ALOGE("Cannot add address %s/%d on interface %s (%s)", address, jPrefixLength, name, 232 strerror(-error)); 233 } 234 } else { 235 if ((error = ifc_del_address(name, address, jPrefixLength)) != 0) { 236 ALOGE("Cannot del address %s/%d on interface %s (%s)", address, jPrefixLength, name, 237 strerror(-error)); 238 } 239 } 240 } 241 242 if (name) { 243 env->ReleaseStringUTFChars(jName, name); 244 } 245 if (address) { 246 env->ReleaseStringUTFChars(jAddress, address); 247 } 248 return !error; 249 } 250 251 //------------------------------------------------------------------------------ 252 253 static void throwException(JNIEnv *env, int error, const char *message) 254 { 255 if (error == SYSTEM_ERROR) { 256 jniThrowException(env, "java/lang/IllegalStateException", message); 257 } else { 258 jniThrowException(env, "java/lang/IllegalArgumentException", message); 259 } 260 } 261 262 static jint create(JNIEnv *env, jobject /* thiz */, jint mtu) 263 { 264 int tun = create_interface(mtu); 265 if (tun < 0) { 266 throwException(env, tun, "Cannot create interface"); 267 return -1; 268 } 269 return tun; 270 } 271 272 static jstring getName(JNIEnv *env, jobject /* thiz */, jint tun) 273 { 274 char name[IFNAMSIZ]; 275 if (get_interface_name(name, tun) < 0) { 276 throwException(env, SYSTEM_ERROR, "Cannot get interface name"); 277 return NULL; 278 } 279 return env->NewStringUTF(name); 280 } 281 282 static jint setAddresses(JNIEnv *env, jobject /* thiz */, jstring jName, 283 jstring jAddresses) 284 { 285 const char *name = NULL; 286 const char *addresses = NULL; 287 int count = -1; 288 289 name = jName ? env->GetStringUTFChars(jName, NULL) : NULL; 290 if (!name) { 291 jniThrowNullPointerException(env, "name"); 292 goto error; 293 } 294 addresses = jAddresses ? env->GetStringUTFChars(jAddresses, NULL) : NULL; 295 if (!addresses) { 296 jniThrowNullPointerException(env, "addresses"); 297 goto error; 298 } 299 count = set_addresses(name, addresses); 300 if (count < 0) { 301 throwException(env, count, "Cannot set address"); 302 count = -1; 303 } 304 305 error: 306 if (name) { 307 env->ReleaseStringUTFChars(jName, name); 308 } 309 if (addresses) { 310 env->ReleaseStringUTFChars(jAddresses, addresses); 311 } 312 return count; 313 } 314 315 static void reset(JNIEnv *env, jobject /* thiz */, jstring jName) 316 { 317 const char *name = jName ? env->GetStringUTFChars(jName, NULL) : NULL; 318 if (!name) { 319 jniThrowNullPointerException(env, "name"); 320 return; 321 } 322 if (reset_interface(name) < 0) { 323 throwException(env, SYSTEM_ERROR, "Cannot reset interface"); 324 } 325 env->ReleaseStringUTFChars(jName, name); 326 } 327 328 static jint check(JNIEnv *env, jobject /* thiz */, jstring jName) 329 { 330 const char *name = jName ? env->GetStringUTFChars(jName, NULL) : NULL; 331 if (!name) { 332 jniThrowNullPointerException(env, "name"); 333 return 0; 334 } 335 int flags = check_interface(name); 336 env->ReleaseStringUTFChars(jName, name); 337 return flags; 338 } 339 340 static bool addAddress(JNIEnv *env, jobject thiz, jstring jName, jstring jAddress, 341 jint jPrefixLength) 342 { 343 return modifyAddress(env, thiz, jName, jAddress, jPrefixLength, true); 344 } 345 346 static bool delAddress(JNIEnv *env, jobject thiz, jstring jName, jstring jAddress, 347 jint jPrefixLength) 348 { 349 return modifyAddress(env, thiz, jName, jAddress, jPrefixLength, false); 350 } 351 352 //------------------------------------------------------------------------------ 353 354 static const JNINativeMethod gMethods[] = { 355 {"jniCreate", "(I)I", (void *)create}, 356 {"jniGetName", "(I)Ljava/lang/String;", (void *)getName}, 357 {"jniSetAddresses", "(Ljava/lang/String;Ljava/lang/String;)I", (void *)setAddresses}, 358 {"jniReset", "(Ljava/lang/String;)V", (void *)reset}, 359 {"jniCheck", "(Ljava/lang/String;)I", (void *)check}, 360 {"jniAddAddress", "(Ljava/lang/String;Ljava/lang/String;I)Z", (void *)addAddress}, 361 {"jniDelAddress", "(Ljava/lang/String;Ljava/lang/String;I)Z", (void *)delAddress}, 362 }; 363 364 int register_android_server_connectivity_Vpn(JNIEnv *env) 365 { 366 if (inet4 == -1) { 367 inet4 = socket(AF_INET, SOCK_DGRAM, 0); 368 } 369 if (inet6 == -1) { 370 inet6 = socket(AF_INET6, SOCK_DGRAM, 0); 371 } 372 return jniRegisterNativeMethods(env, "com/android/server/connectivity/Vpn", 373 gMethods, NELEM(gMethods)); 374 } 375 376 }; 377