Gitiles
Code Review Sign In
192.168.1.100 / T800 / refs/heads/GENVICT / . / src / connectivity / libipsecims / setkey_fileio.c
blob: 5bc8d14f80a3e12714f539395bf6dece03952899 [file] [log] [blame]
xjb04a4022021-11-25 15:01:52 +0800[diff] [blame]1
2#include <stdio.h>
3#include <stdlib.h>
4#include <string.h>
5#include <ctype.h>
6#include <unistd.h>
7#include <errno.h>
8#include <netdb.h>
9#include <fcntl.h>
10#include <dirent.h>
11#include <time.h>
12#include <linux/capability.h>
13#include <sys/capability.h>
14#include <cutils/properties.h>
15#include "setkey_fileio.h"
16#if 0
17#include "../setkey/log_setky.h"
18#endif
19#define LOG_TAG "setkey"
20#include <log/log.h>
21#include <cutils/log.h>
22
23#if 0
24extern void plog_android(int level, char *format, ...);
25extern int setkey_main(int argc, char ** argv);
26
27#define POLICY_LEN 640
28#define POLICY_MODE 320
29#define FILE_MODE (S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH)
30#define BUFF_SIZE 128
31#define RM_FILE_LEN 64
32
33char setkey_conf[]="/data/misc/setkey/setkey.conf";
34char setkey_conf_bak[]="/data/misc/setkey/setkey_bak.conf";
35char setkey_conf_latest[]="/data/misc/setkey/setkey_latest.conf";
36
37
38static int RemoveString(char * src,char * dst,char * ipsec_type,char * spi_src)
39{
40 FILE *fpSrc = NULL;
41 FILE *fpDst = NULL;
42
43 char achBuf[POLICY_LEN] = {0};
44 fpSrc = fopen(setkey_conf, "rt");
45 if (NULL == fpSrc)
46 {
47 plog_android(LLV_WARNING, "RemoveString:can't open %s,errno:%d",setkey_conf,errno);
48 return -1;
49 }
50 chown(setkey_conf,0,1000);
51 fpDst = fopen(setkey_conf_bak, "wt");
52 if (NULL== fpDst)
53 {
54 plog_android(LLV_WARNING,"RemoveString:Create source file: %s failed,errno:%d\n", setkey_conf_bak,errno);
55 fclose(fpSrc);
56 return -1;
57 }
58 chown(setkey_conf_bak,0,1000);
59 while (!feof(fpSrc))
60 {
61 memset(achBuf, 0, sizeof(achBuf));
62 fgets(achBuf, sizeof(achBuf), fpSrc);
63 /* include below parameter is right*/
64 if ((strstr(achBuf, "add")!=NULL)&&(strstr(achBuf, "spdadd")==NULL)&&(strstr(achBuf, dst)!=NULL)&&(strstr(achBuf,ipsec_type)!=NULL)&&(strstr(achBuf, spi_src)!=NULL))
65 {
66 /*to make sure sequence,first src,then dst*/
67 if(strstr(achBuf, src)<strstr(achBuf, dst))
68 plog_android(LLV_WARNING,"Has found SA,%s,remove it\n",achBuf);
69 else
70 fputs(achBuf, fpDst);
71 } else {
72 fputs(achBuf, fpDst);
73 }
74
75 }
76 fclose(fpSrc);
77 fclose(fpDst);
78
79 return 0;
80}
81
82
83static int RemoveString_SP(char * src,char * dst,int protocol,char * src_port,char * dst_port,char * direction)
84{
85 FILE *fpSrc = NULL;
86 FILE *fpDst = NULL;
87
88 char protocol_str[16]={0};
89 char achBuf[POLICY_LEN] = {0};
90 sprintf(protocol_str,"%d",protocol);
91
92 fpSrc = fopen(setkey_conf, "rt");
93 if (NULL == fpSrc)
94 {
95 plog_android(LLV_WARNING, "RemoveString_SP:can't open %s,errno:%d",setkey_conf,errno);
96 return -1;
97 }
98 chown(setkey_conf,0,1000);
99 fpDst = fopen(setkey_conf_bak, "wt");
100 if (NULL== fpDst)
101 {
102 plog_android(LLV_WARNING,"RemoveString_SP:Create source file: %s failed,errno:%d\n", setkey_conf_bak,errno);
103 fclose(fpSrc);
104 return -1;
105 }
106 chown(setkey_conf_bak,0,1000);
107 while (!feof(fpSrc))
108 {
109 memset(achBuf, 0, sizeof(achBuf));
110 fgets(achBuf, sizeof(achBuf), fpSrc);
111 if ((strstr(achBuf, "spdadd")!=NULL)&&(strstr(achBuf, dst)!=NULL)&&(strstr(achBuf, src)!=NULL)&&(strstr(achBuf, src_port)!=NULL)
112 &&(strstr(achBuf, dst_port)!=NULL)&&(strstr(achBuf, protocol_str)!=NULL)&&(strstr(achBuf, direction)!=NULL))
113 {
114 if((strstr(achBuf, src)<strstr(achBuf, dst))&&(strstr(achBuf, src_port)<strstr(achBuf, dst_port)))
115 plog_android(LLV_WARNING,"Has found SP policy,%s,remove it\n",achBuf);
116 else
117 fputs(achBuf, fpDst);
118 }
119 else
120 {
121 fputs(achBuf, fpDst);
122 }
123 }
124 fclose(fpSrc);
125 fclose(fpDst);
126
127 return 0;
128}
129
130
131/* 1: some error; 0: process successfully */
132int shell(char * cmd)
133{
134 FILE * fp = NULL,* fp_exit_code =NULL;
135 int bufflen;
136 char * buffer = (char *)malloc((BUFF_SIZE));
137 if(buffer == NULL)
138 {
139 plog_android(LLV_WARNING, "run shell command buffer is null");
140 return -1;
141 }
142 char * buffer_retcode = NULL;
143 char * cmd_exit_code = (char *)malloc((BUFF_SIZE));
144 int ret_code = 0;
145 if(cmd_exit_code == NULL)
146 {
147 plog_android(LLV_WARNING, "alloc cmd_exit_code failed ");
148 goto ret_sec;
149 }
150 if(cmd == NULL)
151 {
152 plog_android(LLV_WARNING, "run shell command is null");
153 goto ret_fir;
154 }
155 buffer[0] = 0;
156 strcpy(cmd_exit_code,cmd);
157 strcat(cmd_exit_code,";echo ret_code:$?");
158 fp = popen(cmd_exit_code,"r");
159 if(fp == NULL)
160 {
161 plog_android(LLV_WARNING, "can't run shell command");
162 goto ret_fir;
163 }
164 //plog_android(LLV_WARNING, "run shell command:%s ...",cmd);
165 while(fgets(buffer,BUFF_SIZE,fp)!=NULL)
166 {
167 plog_android(LLV_WARNING, "%s",buffer);
168 }
169 buffer_retcode = strstr(buffer,"ret_code:");
170 if(buffer_retcode)
171 {
172 ret_code = atoi(buffer_retcode+strlen("ret_code:"));
173 plog_android(LLV_WARNING, "processing cmd:%s return code:%d",cmd,ret_code);
174 }
175 pclose(fp);
176
177
178ret_fir:
179 if(cmd_exit_code)
180 free(cmd_exit_code);
181ret_sec:
182 if(buffer)
183 free(buffer);
184 return ret_code;
185}
186
187/*rm setkey.conf file*/
188int shell_rm(void)
189{
190 char rm_file[RM_FILE_LEN];
191 int ret = 1;
192 memset(rm_file,0,RM_FILE_LEN);
193 snprintf(rm_file,sizeof(rm_file),"rm %s",setkey_conf);
194 if(access(setkey_conf,0) == 0)
195 {
196 ret = shell(rm_file);
197 if(ret != 0)
198 {
199 plog_android(LLV_WARNING,"shell %s failed,errno:%d",rm_file,errno);
200 return -1;
201 }
202 }
203 return 0;
204
205}
206
207/*setkey -f setkey.conf */
208int function_setkey(char * file_conf)
209{
210 char * argv[4];
211
212 argv[0] = "setkey";
213 argv[1] = "-f";
214 argv[2] = file_conf;
215 argv[3] = NULL;
216 int ret = setkey_main(3,(char **)argv);
217 if(ret != 0)
218 {
219 plog_android(LLV_WARNING," setkey -f %s failed,errno:%d",file_conf,errno);
220 return ret;
221 }
222 return 0;
223
224}
225#endif
226/*flush all SA*/
227int setkey_flushSAD(void)
228{
229#if 0
230 char * argv[3];
231
232 argv[0] = "setkey";
233 argv[1] = "-F";
234 argv[2] = NULL;
235 if(shell_rm() == -1)
236 {
237 return -1;
238 }
239
240 int ret = setkey_main(2,(char **)argv);
241 if(ret != 0)
242 {
243 plog_android(LLV_WARNING,"setkey -F failed,errno:%d",errno);
244 return ret;
245 }
246 return 0;
247#endif
248 int ret = setkey_flushSAD_xfrm("esp");
249 return ret;
250}
251
252/*flush all SP*/
253int setkey_flushSPD(void)
254{
255#if 0
256 char * argv[4];
257
258 argv[0] = "setkey";
259 argv[1] = "-F";
260 argv[2] = "-P";
261 argv[3] = NULL;
262 if(shell_rm() == -1)
263 {
264 return -1;
265 }
266 int ret = setkey_main(3,(char **)argv);
267 if(ret != 0)
268 {
269 plog_android(LLV_WARNING,"setkey -FP failed,errno:%d",errno);
270 return ret;
271 }
272 return 0;
273#endif
274 int ret = setkey_flushSPD_xfrm();
275 return ret;
276}
277
278/*delete one SA entry*/
279int setkey_deleteSA(char * src,char * dst,char * ipsec_type,char * spi_src)
280{
281#if 0
282 char delSA[POLICY_LEN];
283 FILE * fd_config = NULL;
284
285
286
287 memset(delSA,0,sizeof(delSA));
288
289 snprintf(delSA,sizeof(delSA),"delete %s %s %s %s;\n",src,dst,ipsec_type,spi_src);
290 fd_config = fopen(setkey_conf_latest, "w+");
291 if(fd_config == NULL)
292 {
293 plog_android(LLV_WARNING,"open %s failed,errno:%d",setkey_conf,errno);
294 return -1;
295
296 }
297 chown(setkey_conf_latest,0,1000);
298 fwrite( delSA, strlen(delSA),1,fd_config);
299 plog_android(LLV_WARNING,"setkey_deleteSA:%s",delSA);
300 fclose(fd_config);
301 if(function_setkey(setkey_conf_latest)== -1)
302 return -1;
303 else
304 {
305 /*update setkey.conf to record how many pairs of SA have been established*/
306
307 if(RemoveString(src,dst,ipsec_type,spi_src) == 0)
308 {
309 if(shell_rm() == -1)
310 {
311 return -1;
312 }
313 if(rename(setkey_conf_bak,setkey_conf)<0)
314 {
315 plog_android(LLV_WARNING,"rename setkey.conf failed,errno:%d",errno);
316 return -1;
317 }
318 }
319 else
320 {
321 plog_android(LLV_WARNING,"RemoveString failed");
322 return -1;
323 }
324 }
325 return 0;
326#endif
327 int ret = setkey_deleteSA_xfrm(src,dst,ipsec_type,spi_src);
328 return ret;
329}
330
331/*delete one SP entry*/
332int setkey_deleteSP(char * src,char * dst,enum PROTOCOL_TYPE protocol,char * src_port,char * dst_port,char * direction)
333{
334#if 0
335 char delSP[POLICY_LEN];
336
337 FILE * fd_config = NULL;
338
339
340
341 memset(delSP,0,sizeof(delSP));
342
343 snprintf(delSP,sizeof(delSP),"spddelete %s[%s] %s[%s] %d -P %s;\n",src,src_port,dst,dst_port,protocol,direction);
344 fd_config = fopen(setkey_conf_latest, "w+");
345 if(fd_config == NULL)
346 {
347 plog_android(LLV_WARNING,"open %s failed,errno:%d",setkey_conf,errno);
348 return -1;
349
350 }
351 chown(setkey_conf_latest,0,1000);
352 fwrite( delSP, strlen(delSP),1,fd_config);
353 plog_android(LLV_WARNING,"setkey_deleteSP:%s",delSP);
354 fclose(fd_config);
355 if(function_setkey(setkey_conf_latest)==-1)
356 return -1;
357 else
358 {
359 /*update setkey.conf to record how many pairs of SP policy have been established*/
360
361 if(RemoveString_SP( src, dst, protocol, src_port, dst_port, direction) == 0)
362 {
363 if(shell_rm() == -1)
364 {
365 return -1;
366 }
367 if(rename(setkey_conf_bak,setkey_conf)<0)
368 {
369 plog_android(LLV_WARNING,"rename setkey.conf failed,errno:%d",errno);
370 return -1;
371 }
372 }
373 else
374 {
375 plog_android(LLV_WARNING,"RemoveString---%s failed",delSP);
376 return -1;
377 }
378 }
379 return 0;
380#endif
381 int ret = setkey_deleteSP_xfrm(src,dst,protocol,src_port,dst_port,direction);
382 return ret;
383}
384
385/*dump SA */
386int dump_setkeySA(void)
387{
388/*To do*/
389#if 0
390 char * argv[3];
391
392 argv[0] = "setkey";
393 argv[1] = "-D";
394 argv[2] = NULL;
395 int ret = setkey_main(2,(char **)argv);
396 if(ret != 0)
397 {
398 plog_android(LLV_WARNING," setkey -D failed,errno:%d",errno);
399 return -1;
400 }
401#endif
402 return 0;
403
404}
405
406/*dump SP */
407int dump_setkeySP(void)
408{
409/*To do*/
410#if 0
411 char * argv[4];
412
413 argv[0] = "setkey";
414 argv[1] = "-D";
415 argv[2] = "-P";
416 argv[3] = NULL;
417 int ret = setkey_main(3,(char **)argv);
418 if(ret != 0)
419 {
420 plog_android(LLV_WARNING,"setkey -DP failed,errno:%d",errno);
421 return ret;
422 }
423#endif
424 return 0;
425
426}
427#if 0
428void setkey_get_aid_and_cap() {
429
430 plog_android(LLV_WARNING,"Warning: gid:%d,uid:%d,pid:%d !\n",getgid(),getuid(),getpid());
431 struct __user_cap_header_struct header;
432 struct __user_cap_data_struct cap;
433 header.version = _LINUX_CAPABILITY_VERSION;
434 header.pid = getpid();
435 capget(&header, &cap);
436 plog_android(LLV_WARNING, "Warning: permitted:%x,cap.effective:%x !\n",cap.permitted,cap.effective);
437}
438#endif
439/*set one SA*/
440/*ipsec_type:ah esp
441 mode:transport tunnel
442 encrp_algo_src:encryption algorithm,des-cbc,3des-cbc...
443 encrp_algo_src:key of encryption algorithm
444 intergrity_algo_src:authentication algorithm ,hmac-md5,hmac-sha1
445 intergrity_key_src:key of authentication algorithm
446*/
447int setkey_setSA(char * ip_src,char * ip_dst,char * ipsec_type,char * spi_src,char * mode,
448 char * encrp_algo_src,char * encrp_key_src,char * intergrity_algo_src,char * intergrity_key_src,int u_id)
449{
450#if 0
451 char sad_policy[POLICY_LEN];
452
453 FILE * fd_config = NULL;
454 FILE * fd_config_tmp = NULL;
455
456 memset(sad_policy,0,sizeof(sad_policy));
457
458 setkey_get_aid_and_cap();
459
460 fd_config_tmp = fopen(setkey_conf_latest, "w+" );
461 if(fd_config_tmp == NULL)
462 {
463 plog_android(LLV_WARNING,"open %s failed,errno:%d",setkey_conf_latest,errno);
464 return -1;
465 }
466 chown(setkey_conf_latest,0,1000);
467 if(strcmp(encrp_algo_src,"null")==0)
468 {
469 if(u_id ==0 )
470 snprintf(sad_policy,sizeof(sad_policy),"add %s %s %s %s -m %s -E null -A %s %s;\n",ip_src,ip_dst,ipsec_type,spi_src,mode,
471 intergrity_algo_src,intergrity_key_src);
472 else
473 snprintf(sad_policy,sizeof(sad_policy),"add %s %s %s %s -u %d -m %s -E null -A %s %s;\n",ip_src,ip_dst,ipsec_type,spi_src,u_id,mode,
474 intergrity_algo_src,intergrity_key_src);
475 }
476 else
477 {
478 if(u_id ==0 )
479 snprintf(sad_policy,sizeof(sad_policy),"add %s %s %s %s -m %s -E %s %s -A %s %s;\n",ip_src,ip_dst,ipsec_type,spi_src,mode,
480 encrp_algo_src,encrp_key_src,intergrity_algo_src,intergrity_key_src);
481 else
482 snprintf(sad_policy,sizeof(sad_policy),"add %s %s %s %s -u %d -m %s -E %s %s -A %s %s;\n",ip_src,ip_dst,ipsec_type,spi_src,u_id,mode,
483 encrp_algo_src,encrp_key_src,intergrity_algo_src,intergrity_key_src);
484 }
485 fwrite( sad_policy, strlen(sad_policy),1,fd_config_tmp );
486 plog_android(LLV_WARNING,"setkey_SA:%s",sad_policy);
487 fclose(fd_config_tmp);
488
489 if(function_setkey(setkey_conf_latest)==0)
490 {
491 fd_config = fopen(setkey_conf, "a+" );
492 if(fd_config == NULL)
493 {
494 plog_android(LLV_WARNING,"open %s failed,errno:%d",setkey_conf,errno);
495 return -1;
496 }
497 chown(setkey_conf,0,1000);
498 fwrite( sad_policy, strlen(sad_policy),1,fd_config );
499 fclose(fd_config);
500 }
501 else
502 return -1;
503
504 return 0;
505#endif
506 int ret = setkey_setSA_xfrm(XFRM_MSG_NEWSA,ip_src,ip_dst,ipsec_type,spi_src,mode,
507 encrp_algo_src,encrp_key_src,intergrity_algo_src,intergrity_key_src,u_id);
508 return ret;
509}
510int setkey_setSA_update(char * ip_src,char * ip_dst,char * ipsec_type,char * spi_src,char * mode,
511 char * encrp_algo_src,char * encrp_key_src,char * intergrity_algo_src,char * intergrity_key_src,int u_id)
512{
513 int ret = setkey_setSA_xfrm(XFRM_MSG_UPDSA,ip_src,ip_dst,ipsec_type,spi_src,mode,
514 encrp_algo_src,encrp_key_src,intergrity_algo_src,intergrity_key_src,u_id);
515 return ret;
516}
517/*set one SP of one direction, just for transport mode*/
518/*protocol:tcp icmp udp icmp6 ip4 gre
519 direction:src->dst */
520int setkey_SP(char * src_range,char * dst_range,enum PROTOCOL_TYPE protocol,char * port_src,char * port_dst,char * ipsec_type,char * mode, char * direction,int u_id)
521{
522#if 0
523 char spd_policy[POLICY_LEN];
524 FILE * fd_config = NULL;
525 FILE * fd_config_tmp = NULL;
526 memset(spd_policy,0,sizeof(spd_policy));
527
528
529 fd_config_tmp = fopen(setkey_conf_latest, "w+" );
530 if(fd_config_tmp == NULL)
531 {
532 plog_android(LLV_WARNING,"open %s failed,errno:%d",setkey_conf_latest,errno);
533 return -1;
534 }
535 chown(setkey_conf_latest,0,1000);
536 if(u_id ==0)
537 snprintf(spd_policy,sizeof(spd_policy),"spdadd %s[%s] %s[%s] %d -P %s ipsec %s/%s//require;\n",src_range,port_src,dst_range,port_dst,protocol,direction,ipsec_type,mode);
538 else
539 snprintf(spd_policy,sizeof(spd_policy),"spdadd %s[%s] %s[%s] %d -P %s ipsec %s/%s//unique:%d;\n",src_range,port_src,dst_range,port_dst,protocol,direction,ipsec_type,mode,u_id);
540 fwrite( spd_policy, strlen(spd_policy),1,fd_config_tmp );
541 plog_android(LLV_WARNING,"setkey_SP:%s",spd_policy);
542 fclose(fd_config_tmp);
543
544 if(function_setkey(setkey_conf_latest) == 0)
545 {
546 fd_config = fopen(setkey_conf, "a+" );
547 if(fd_config == NULL)
548 {
549 plog_android(LLV_WARNING,"open %s failed,errno:%d",setkey_conf,errno);
550 return -1;
551 }
552 chown(setkey_conf,0,1000);
553 fwrite( spd_policy, strlen(spd_policy),1,fd_config );
554 fclose(fd_config);
555 }
556 else
557 return -1;
558 return 0;
559#endif
560 mode = "transport";
561 int ret = setkey_SP_xfrm(XFRM_MSG_NEWPOLICY,src_range,dst_range,protocol,port_src,port_dst,NULL,NULL,ipsec_type,mode,direction,u_id);
562 return ret;
563}
564
565/*set one SP of one direction, just for tunnel mode*/
566/*protocol:tcp icmp udp icmp6 ip4 gre
567 direction:src->dst
568src_tunnel,dst_tunnel: tunnel src ip tunnel dst ip */
569int setkey_SP_tunnel(char * src_range,char * dst_range,enum PROTOCOL_TYPE protocol,char * port_src,char * port_dst,char * src_tunnel,char * dst_tunnel,char * ipsec_type,char * mode, char * direction,int u_id)
570{
571#if 0
572 char spd_policy[POLICY_LEN];
573 FILE * fd_config = NULL;
574 FILE * fd_config_tmp = NULL;
575 memset(spd_policy,0,sizeof(spd_policy));
576
577
578 fd_config_tmp = fopen(setkey_conf_latest, "w+" );
579 if(fd_config_tmp == NULL)
580 {
581 plog_android(LLV_WARNING,"open %s failed,errno:%d",setkey_conf_latest,errno);
582 return -1;
583 }
584 chown(setkey_conf_latest,0,1000);
585 if(u_id ==0)
586 snprintf(spd_policy,sizeof(spd_policy),"spdadd %s[%s] %s[%s] %d -P %s ipsec %s/%s/%s-%s/require;\n",src_range,port_src,dst_range,port_dst,protocol,direction,ipsec_type,mode,src_tunnel, dst_tunnel);
587 else
588 snprintf(spd_policy,sizeof(spd_policy),"spdadd %s[%s] %s[%s] %d -P %s ipsec %s/%s/%s-%s/unique:%d;\n",src_range,port_src,dst_range,port_dst,protocol,direction,ipsec_type,mode,src_tunnel, dst_tunnel,u_id);
589 fwrite( spd_policy, strlen(spd_policy),1,fd_config_tmp );
590 plog_android(LLV_WARNING,"setkey_SP_tunnel:%s",spd_policy);
591 fclose(fd_config_tmp);
592
593 if(function_setkey(setkey_conf_latest) == 0)
594 {
595 fd_config = fopen(setkey_conf, "a+" );
596 if(fd_config == NULL)
597 {
598 plog_android(LLV_WARNING,"open %s failed,errno:%d",setkey_conf,errno);
599 return -1;
600 }
601 chown(setkey_conf,0,1000);
602 fwrite( spd_policy, strlen(spd_policy),1,fd_config );
603 fclose(fd_config);
604 }
605 else
606 return -1;
607 return 0;
608#endif
609 mode = "tunnel";
610 int ret = setkey_SP_xfrm(XFRM_MSG_NEWPOLICY,src_range,dst_range,protocol,port_src,port_dst,src_tunnel,dst_tunnel,ipsec_type,mode,direction,u_id);
611 return ret;
612}
613
614/*set one SP of one direction, for 2 layers' ipsec--tunnel mode+transport mode or transport mode+tunnel mode*/
615/*protocol:tcp icmp udp icmp6 ip4 gre
616 direction:src->dst
617src_tunnel,dst_tunnel: tunnel src ip tunnel dst ip */
618int setkey_SP_tunnel_transport(char * src_range,char * dst_range,enum PROTOCOL_TYPE protocol,char * port_src,char * port_dst,char * src_tunnel,char * dst_tunnel,char * ipsec_type1,char * mode1, char * ipsec_type2,char * mode2,char * direction,int u_id1,int u_id2)
619{
620
621 char version[128] = {0};
622 int ret_mapping = 0;
623 property_get("net.ims.ipsec.version",version,"");
624 //plog_android(LLV_WARNING,"getproperty-- net.ims.ipsec.version :%s\n",version);
625 if(strcmp(version,"2.0")==0)
626 {
627 ret_mapping = setkey_SP(src_range,dst_range,protocol,port_src,port_dst,ipsec_type1,mode1, direction,u_id1);
628 return ret_mapping;
629 }
630
631#if 0
632 char spd_policy[POLICY_LEN]={0};
633 char * spd_policy_mode1= (char *)malloc(POLICY_MODE);
634
635 FILE * fd_config = NULL;
636 FILE * fd_config_tmp = NULL;
637
638
639 if(spd_policy_mode1==NULL)
640 {
641 plog_android(LLV_WARNING,"malloc spd_policy_mode1 failed,errno:%d",errno);
642 return -1;
643 }
644 memset(spd_policy_mode1,0,POLICY_MODE);
645
646 char * spd_policy_mode2= (char *)malloc(POLICY_MODE);
647 if(spd_policy_mode2==NULL)
648 {
649 plog_android(LLV_WARNING,"malloc spd_policy_mode2 failed,errno:%d",errno);
650 if(spd_policy_mode1)
651 free(spd_policy_mode1);
652 return -1;
653 }
654 memset(spd_policy_mode2,0,POLICY_MODE);
655
656 fd_config_tmp = fopen(setkey_conf_latest, "w+" );
657 if(fd_config_tmp == NULL)
658 {
659 plog_android(LLV_WARNING,"open %s failed,errno:%d",setkey_conf_latest,errno);
660 if(spd_policy_mode1)
661 free(spd_policy_mode1);
662 if(spd_policy_mode2)
663 free(spd_policy_mode2);
664 return -1;
665 }
666 chown(setkey_conf_latest,0,1000);
667 if(u_id1 ==0)
668 if(strcmp(mode1,"transport")==0)
669 snprintf(spd_policy_mode1,POLICY_MODE,"%s/%s//require",ipsec_type1,mode1);
670 else
671 snprintf(spd_policy_mode1,POLICY_MODE,"%s/%s/%s-%s/require",ipsec_type1,mode1,src_tunnel,dst_tunnel);
672 else
673 if(strcmp(mode1,"transport")==0)
674 snprintf(spd_policy_mode1,POLICY_MODE,"%s/%s//unique:%d",ipsec_type1,mode1,u_id1);
675 else
676 snprintf(spd_policy_mode1,POLICY_MODE,"%s/%s/%s-%s/unique:%d",ipsec_type1,mode1,src_tunnel,dst_tunnel,u_id1);
677 if(u_id2 ==0)
678 if(strcmp(mode2,"transport")==0)
679 snprintf(spd_policy_mode2,POLICY_MODE,"%s/%s//require;\n",ipsec_type2,mode2);
680 else
681 snprintf(spd_policy_mode2,POLICY_MODE,"%s/%s/%s-%s/require;\n",ipsec_type2,mode2,src_tunnel,dst_tunnel);
682 else
683 if(strcmp(mode2,"transport")==0)
684 snprintf(spd_policy_mode2,POLICY_MODE,"%s/%s//unique:%d;\n",ipsec_type2,mode2,u_id2);
685 else
686 snprintf(spd_policy_mode2,POLICY_MODE,"%s/%s/%s-%s/unique:%d;\n",ipsec_type2,mode2,src_tunnel,dst_tunnel,u_id2);
687
688 snprintf(spd_policy,sizeof(spd_policy),"spdadd %s[%s] %s[%s] %d -P %s prio 2147482648 ipsec %s %s",src_range,port_src,dst_range,port_dst,protocol,direction,spd_policy_mode1,spd_policy_mode2);
689 fwrite( spd_policy, strlen(spd_policy),1,fd_config_tmp );
690 plog_android(LLV_WARNING,"setkey_SP_tunnel_transport:%s",spd_policy);
691 fclose(fd_config_tmp);
692 if(spd_policy_mode1)
693 free(spd_policy_mode1);
694 if(spd_policy_mode2)
695 free(spd_policy_mode2);
696 if(function_setkey(setkey_conf_latest) == 0)
697 {
698 fd_config = fopen(setkey_conf, "a+" );
699 if(fd_config == NULL)
700 {
701 plog_android(LLV_WARNING,"open %s failed,errno:%d",setkey_conf,errno);
702 return -1;
703 }
704 chown(setkey_conf,0,1000);
705 fwrite( spd_policy, strlen(spd_policy),1,fd_config );
706 fclose(fd_config);
707 }
708 else
709 return -1;
710 return 0;
711#endif
712 int ret = setkey_SP_2layer_xfrm(XFRM_MSG_UPDPOLICY,src_range,dst_range,protocol,port_src,port_dst,src_tunnel,dst_tunnel,ipsec_type1,mode1,ipsec_type2,mode2,direction,u_id1,u_id2);
713 return ret;
714}
715
716
717/*update one SP of one direction, just for transport mode*/
718/*protocol:tcp icmp udp icmp6 ip4 gre
719 direction:src->dst*/
720int setkey_SP_update_transport(char * src_range,char * dst_range,enum PROTOCOL_TYPE protocol,char * port_src,char * port_dst,char * ipsec_type, char * direction,int u_id)
721{
722#if 0
723 char spd_policy[POLICY_LEN];
724 FILE * fd_config = NULL;
725 FILE * fd_config_tmp = NULL;
726 memset(spd_policy,0,sizeof(spd_policy));
727
728
729 fd_config_tmp = fopen(setkey_conf_latest, "w+" );
730 if(fd_config_tmp == NULL)
731 {
732 plog_android(LLV_WARNING,"open %s failed,errno:%d",setkey_conf_latest,errno);
733 return -1;
734 }
735 chown(setkey_conf_latest,0,1000);
736 if(u_id ==0)
737 snprintf(spd_policy,sizeof(spd_policy),"spdupdate %s[%s] %s[%s] %d -P %s ipsec %s/transport//require;\n",src_range,port_src,dst_range,port_dst,protocol,direction,ipsec_type);
738 else
739 snprintf(spd_policy,sizeof(spd_policy),"spdupdate %s[%s] %s[%s] %d -P %s ipsec %s/transport//unique:%d;\n",src_range,port_src,dst_range,port_dst,protocol,direction,ipsec_type,u_id);
740 fwrite( spd_policy, strlen(spd_policy),1,fd_config_tmp );
741 plog_android(LLV_WARNING,"setkey_SP_update_transport:%s",spd_policy);
742 fclose(fd_config_tmp);
743
744 if(function_setkey(setkey_conf_latest) == 0)
745 {
746 fd_config = fopen(setkey_conf, "a+" );
747 if(fd_config == NULL)
748 {
749 plog_android(LLV_WARNING,"open %s failed,errno:%d",setkey_conf,errno);
750 return -1;
751 }
752 chown(setkey_conf,0,1000);
753 fwrite( spd_policy, strlen(spd_policy),1,fd_config );
754 fclose(fd_config);
755 }
756 else
757 return -1;
758 return 0;
759#endif
760 int ret = setkey_SP_xfrm(XFRM_MSG_UPDPOLICY,src_range,dst_range,protocol,port_src,port_dst,NULL,NULL,ipsec_type,"transport",direction,u_id);
761 return ret;
762}
763
764/*update one SP of one direction, for 2 layers' ipsec--tunnel mode+transport mode or transport mode+tunnel mode*/
765/*protocol:tcp icmp udp icmp6 ip4 gre
766 direction:src->dst
767src_tunnel,dst_tunnel: tunnel src ip tunnel dst ip */
768int setkey_SP_update_tunnel_transport(char * src_range,char * dst_range,enum PROTOCOL_TYPE protocol,char * port_src,char * port_dst,char * src_tunnel,char * dst_tunnel,char * ipsec_type1,char * mode1, char * ipsec_type2,char * mode2,char * direction,int u_id1,int u_id2)
769{
770#if 0
771 char spd_policy[POLICY_LEN]={0};
772 char * spd_policy_mode1= (char *)malloc(POLICY_MODE);
773 FILE * fd_config = NULL;
774 FILE * fd_config_tmp = NULL;
775
776
777 if(spd_policy_mode1==NULL)
778 {
779 plog_android(LLV_WARNING,"malloc spd_policy_mode1 failed,errno:%d",errno);
780 return -1;
781 }
782 memset(spd_policy_mode1,0,POLICY_MODE);
783 char * spd_policy_mode2= (char *)malloc(POLICY_MODE);
784 if(spd_policy_mode2==NULL)
785 {
786 plog_android(LLV_WARNING,"malloc spd_policy_mode2 failed,errno:%d",errno);
787 if(spd_policy_mode1)
788 free(spd_policy_mode1);
789 return -1;
790 }
791 memset(spd_policy_mode2,0,POLICY_MODE);
792
793 fd_config_tmp = fopen(setkey_conf_latest, "w+" );
794 if(fd_config_tmp == NULL)
795 {
796 plog_android(LLV_WARNING,"open %s failed,errno:%d",setkey_conf_latest,errno);
797 if(spd_policy_mode1)
798 free(spd_policy_mode1);
799 if(spd_policy_mode2)
800 free(spd_policy_mode2);
801 return -1;
802 }
803 chown(setkey_conf_latest,0,1000);
804 if(u_id1 ==0)
805 if(strcmp(mode1,"transport")==0)
806 snprintf(spd_policy_mode1,POLICY_MODE,"%s/%s//require",ipsec_type1,mode1);
807 else
808 snprintf(spd_policy_mode1,POLICY_MODE,"%s/%s/%s-%s/require",ipsec_type1,mode1,src_tunnel,dst_tunnel);
809 else
810 if(strcmp(mode1,"transport")==0)
811 snprintf(spd_policy_mode1,POLICY_MODE,"%s/%s//unique:%d",ipsec_type1,mode1,u_id1);
812 else
813 snprintf(spd_policy_mode1,POLICY_MODE,"%s/%s/%s-%s/unique:%d",ipsec_type1,mode1,src_tunnel,dst_tunnel,u_id1);
814 if(u_id2 ==0)
815 if(strcmp(mode2,"transport")==0)
816 snprintf(spd_policy_mode2,POLICY_MODE,"%s/%s//require;\n",ipsec_type2,mode2);
817 else
818 snprintf(spd_policy_mode2,POLICY_MODE,"%s/%s/%s-%s/require;\n",ipsec_type2,mode2,src_tunnel,dst_tunnel);
819 else
820 if(strcmp(mode2,"transport")==0)
821 snprintf(spd_policy_mode2,POLICY_MODE,"%s/%s//unique:%d;\n",ipsec_type2,mode2,u_id2);
822 else
823 snprintf(spd_policy_mode2,POLICY_MODE,"%s/%s/%s-%s/unique:%d;\n",ipsec_type2,mode2,src_tunnel,dst_tunnel,u_id2);
824
825 snprintf(spd_policy,sizeof(spd_policy),"spdupdate %s[%s] %s[%s] %d -P %s prio 2147482648 ipsec %s %s",src_range,port_src,dst_range,port_dst,protocol,direction,spd_policy_mode1,spd_policy_mode2);
826 fwrite( spd_policy, strlen(spd_policy),1,fd_config_tmp );
827 plog_android(LLV_WARNING,"setkey_SP_update_tunnel_transport:%s",spd_policy);
828 fclose(fd_config_tmp);
829 if(spd_policy_mode1)
830 free(spd_policy_mode1);
831 if(spd_policy_mode2)
832 free(spd_policy_mode2);
833 if(function_setkey(setkey_conf_latest) == 0)
834 {
835 fd_config = fopen(setkey_conf, "a+" );
836 if(fd_config == NULL)
837 {
838 plog_android(LLV_WARNING,"open %s failed,errno:%d",setkey_conf,errno);
839 return -1;
840 }
841 chown(setkey_conf,0,1000);
842 fwrite( spd_policy, strlen(spd_policy),1,fd_config );
843 fclose(fd_config);
844 }
845 else
846 return -1;
847 return 0;
848#endif
849 int ret = setkey_SP_2layer_xfrm(XFRM_MSG_UPDPOLICY,src_range,dst_range,protocol,port_src,port_dst,src_tunnel,dst_tunnel,ipsec_type1,mode1,ipsec_type2,mode2,direction,u_id1,u_id2);
850 return ret;
851}
852
853
854/*flush SA\SP from setkey.conf*/
855int flush_SA_SP_exist()
856{
857#if 0
858 FILE *fpSrc = NULL;
859 FILE *fpDst = NULL;
860 char * p_add = NULL;
861 char * p_spdadd = NULL;
862 char * p = NULL;
863 char * sp = NULL;
864 char * sp_ipsec = NULL;
865 char * sp_prio = NULL;
866#if 0
867 char * sp_tmp = NULL;
868 char * sp_src_tmp = NULL;
869 char * sp_dst_tmp = NULL;
870 char * sp_dst = NULL;
871#endif
872 if(access(setkey_conf,0) != 0)
873 {
874 plog_android(LLV_WARNING,"There is no SA before\n");
875 return 0;
876 }
877
878
879 char * achBuf = (char *)malloc(POLICY_LEN);
880 if(achBuf == NULL)
881 {
882 plog_android(LLV_WARNING,"malloc achBuf failed\n");
883 return -1;
884 }
885 char * achBuf_deletmp = (char *)malloc(POLICY_LEN);
886 if(achBuf_deletmp == NULL)
887 {
888 plog_android(LLV_WARNING,"malloc achBuf_deletmp failed\n");
889 if(achBuf)
890 free(achBuf);
891
892 return -1;
893 }
894 char * achBuf_delet = (char *)malloc(POLICY_LEN);
895 if(achBuf_delet == NULL)
896 {
897 plog_android(LLV_WARNING,"malloc achBuf_delet failed\n");
898 if(achBuf)
899 free(achBuf);
900 if(achBuf_deletmp)
901 free(achBuf_deletmp);
902 return -1;
903 }
904
905
906 fpSrc = fopen(setkey_conf, "rt");
907 if (NULL == fpSrc)
908 {
909 plog_android(LLV_WARNING, "can't open %s,errno:%d",setkey_conf,errno);
910 if(achBuf)
911 free(achBuf);
912 if(achBuf_deletmp)
913 free(achBuf_deletmp);
914 if(achBuf_delet)
915 free(achBuf_delet);
916 return -1;
917 }
918 chown(setkey_conf,0,1000);
919 fpDst = fopen(setkey_conf_latest, "w+");
920 if (NULL== fpDst)
921 {
922 if(achBuf)
923 free(achBuf);
924 if(achBuf_deletmp)
925 free(achBuf_deletmp);
926 if(achBuf_delet)
927 free(achBuf_delet);
928 plog_android(LLV_WARNING,"Create source file: %s failed,errno:%d\n", setkey_conf_bak,errno);
929 if(fpSrc)
930 fclose(fpSrc);
931 return -1;
932 }
933 chown(setkey_conf_latest,0,1000);
934 fseek(fpSrc,0L,SEEK_SET);
935 while (!feof(fpSrc))
936 {
937 memset(achBuf, 0, POLICY_LEN);
938 memset(achBuf_deletmp, 0, POLICY_LEN);
939 memset(achBuf_delet, 0, POLICY_LEN);
940 fgets(achBuf, POLICY_LEN, fpSrc);
941
942 if (((p_add = strstr(achBuf, "add")) != NULL)&&(strstr(achBuf, "spdadd") == NULL) )
943 {
944
945 p = strstr(p_add,"-m");
946 if(p!= NULL)
947 {
948 memcpy(achBuf_deletmp,p_add + strlen("add"),p-p_add-strlen("add"));
949 snprintf(achBuf_delet,POLICY_LEN-1,"delete %s;\n",achBuf_deletmp) ;
950 plog_android(LLV_WARNING,"delete SA:%s\n", achBuf_delet);
951 fputs(achBuf_delet, fpDst);
952 }
953 else
954 {
955 plog_android(LLV_WARNING,"There are some cmd error in %s,then flush all SAs and SPs\n", setkey_conf);
956 setkey_flushSAD();
957 setkey_flushSPD();
958 if(achBuf)
959 free(achBuf);
960 if(achBuf_deletmp)
961 free(achBuf_deletmp);
962 if(achBuf_delet)
963 free(achBuf_delet);
964 if(fpSrc)
965 fclose(fpSrc);
966 if(fpDst)
967 fclose(fpDst);
968 return -1;
969 }
970 }
971
972 if((p_spdadd = strstr(achBuf, "spdadd")) != NULL)
973 {
974 sp = p_spdadd+strlen("spdadd");
975 if((sp_prio =strstr(sp,"prio"))!=NULL)
976 {
977 memset(achBuf_deletmp, 0, POLICY_LEN);
978 memset(achBuf_delet, 0, POLICY_LEN);
979 strncpy(achBuf_deletmp,sp,sp_prio-sp);
980 snprintf(achBuf_delet,POLICY_LEN-1,"spddelete %s",achBuf_deletmp);
981 strcat(achBuf_delet,";\n");
982 fputs(achBuf_delet, fpDst);
983 plog_android(LLV_WARNING,"delete policy: %s\n", achBuf_delet);
984 }
985 else if((sp_ipsec =strstr(sp,"ipsec"))!=NULL)
986 {
987 memset(achBuf_deletmp, 0, POLICY_LEN);
988 memset(achBuf_delet, 0, POLICY_LEN);
989 strncpy(achBuf_deletmp,sp,sp_ipsec-sp);
990 snprintf(achBuf_delet,POLICY_LEN-1,"spddelete %s",achBuf_deletmp);
991 strcat(achBuf_delet,";\n");
992 fputs(achBuf_delet, fpDst);
993 plog_android(LLV_WARNING,"delete policy: %s\n", achBuf_delet);
994 }
995 else
996 {
997 plog_android(LLV_WARNING,"There are some cmd error in %s,no ,then flush all SAs and SPs\n", setkey_conf);
998 setkey_flushSAD();
999 setkey_flushSPD();
1000 if(achBuf)
1001 free(achBuf);
1002 if(achBuf_deletmp)
1003 free(achBuf_deletmp);
1004 if(achBuf_delet)
1005 free(achBuf_delet);
1006 if(fpSrc)
1007 fclose(fpSrc);
1008 if(fpDst)
1009 fclose(fpDst);
1010 return -1;
1011 }
1012#if 0
1013 if((sp_tmp =strchr(sp,'['))!=NULL)
1014 {
1015 memset(achBuf_deletmp, 0, POLICY_LEN);
1016 memset(achBuf_delet, 0, POLICY_LEN);
1017 strncpy(achBuf_deletmp,sp,sp_tmp-sp);
1018 snprintf(achBuf_delet,POLICY_LEN-1,"spddelete %s",achBuf_deletmp);
1019 plog_android(LLV_WARNING,"src[ achBuf_delet: %s,sp_tmp:%s\n", achBuf_deletmp,sp_tmp);
1020 if((sp_src_tmp =strchr(sp_tmp,']'))!=NULL)
1021 {
1022
1023 if((sp_dst_tmp =strchr(sp_src_tmp,'['))!=NULL)
1024 {
1025 memset(achBuf_deletmp, 0, POLICY_LEN);
1026 strncpy(achBuf_deletmp,sp_src_tmp+strlen("]"),sp_dst_tmp-sp_src_tmp-strlen("]"));
1027 strcat(achBuf_delet,achBuf_deletmp);
1028 plog_android(LLV_WARNING,"src]_achBuf_delet: %s,achBuf:%s,sp_dst_tmp:%s\n", achBuf_deletmp,achBuf,sp_dst_tmp);
1029 if((sp_dst =strchr(sp_dst_tmp,']'))!=NULL)
1030 {
1031 if((sp_ipsec =strstr(sp_dst,"ipsec"))!=NULL)
1032 {
1033 memset(achBuf_deletmp, 0, POLICY_LEN);
1034 strncpy(achBuf_deletmp,sp_dst+strlen("]"),sp_ipsec-sp_dst-strlen("]"));
1035 strcat(achBuf_delet,achBuf_deletmp);
1036 strcat(achBuf_delet,";\n");
1037 fputs(achBuf_delet, fpDst);
1038 plog_android(LLV_WARNING,"spdadd :%s\n",achBuf_delet);
1039 }
1040 else
1041 {
1042 plog_android(LLV_WARNING,"There are some cmd error in %s,before ipsec,then flush all SAs and SPs\n", setkey_conf);
1043 setkey_flushSAD();
1044 setkey_flushSPD();
1045 return -1;
1046 }
1047 }
1048 else
1049 {
1050 plog_android(LLV_WARNING,"There are some cmd error in %s,no dst],then flush all SAs and SPs\n", setkey_conf);
1051 setkey_flushSAD();
1052 setkey_flushSPD();
1053 return -1;
1054 }
1055 }
1056 else
1057 {
1058 plog_android(LLV_WARNING,"There are some cmd error in %s,no dst[,then flush all SAs and SPs\n", setkey_conf);
1059 setkey_flushSAD();
1060 setkey_flushSPD();
1061 return -1;
1062 }
1063 }
1064 else
1065 {
1066 plog_android(LLV_WARNING,"There are some cmd error in %s,no ],then flush all SAs and SPs\n", setkey_conf);
1067 setkey_flushSAD();
1068 setkey_flushSPD();
1069 return -1;
1070 }
1071
1072 }
1073 else
1074 {
1075 plog_android(LLV_WARNING,"There are some cmd error in %s,no [,then flush all SAs and SPs\n", setkey_conf);
1076 setkey_flushSAD();
1077 setkey_flushSPD();
1078 return -1;
1079 }
1080#endif
1081 }
1082
1083
1084 }
1085 fclose(fpSrc);
1086 fclose(fpDst);
1087 if(achBuf)
1088 free(achBuf);
1089 if(achBuf_deletmp)
1090 free(achBuf_deletmp);
1091 if(achBuf_delet)
1092 free(achBuf_delet);
1093 if(function_setkey(setkey_conf_latest) == -1)
1094 {
1095 return -1;
1096 }
1097 else
1098 {
1099 if(shell_rm() == -1)
1100 {
1101 return -1;
1102 }
1103 }
1104 return 0;
1105#endif
1106 int ret = flush_SA_SP_exist_xfrm();
1107 return ret;
1108}
1109
1110
1111
1112