Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / system / netd / a561e121c724e9163b2e256e15eef660e3a326da / . / server / NatController.cpp
blob: 8391ad7ad04f28b1df30d70a4ed22a9228f9a23e [file] [log] [blame]
San Mehat9ff78fb2010-01-19 12:59:15 -0800[diff] [blame]1/*
2 * Copyright (C) 2008 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
JP Abgrallbaeccc42013-06-25 09:44:10 -0700[diff] [blame]17#define LOG_NDEBUG 0
JP Abgrall0031cea2012-04-17 16:38:23 -0700[diff] [blame]18
San Mehat9ff78fb2010-01-19 12:59:15 -0800[diff] [blame]19#include <stdlib.h>
20#include <errno.h>
21#include <sys/socket.h>
22#include <sys/stat.h>
Rom Lemarchand001f0a42013-01-31 12:41:03 -0800[diff] [blame]23#include <sys/wait.h>
San Mehat9ff78fb2010-01-19 12:59:15 -0800[diff] [blame]24#include <fcntl.h>
25#include <netinet/in.h>
26#include <arpa/inet.h>
Olivier Baillyff2c0d82010-11-17 11:45:07 -0800[diff] [blame]27#include <string.h>
John Michelauac208602011-05-27 22:07:20 -0500[diff] [blame]28#include <cutils/properties.h>
San Mehat9ff78fb2010-01-19 12:59:15 -0800[diff] [blame]29
30#define LOG_TAG "NatController"
31#include <cutils/log.h>
Rom Lemarchand001f0a42013-01-31 12:41:03 -0800[diff] [blame]32#include <logwrap/logwrap.h>
San Mehat9ff78fb2010-01-19 12:59:15 -0800[diff] [blame]33
34#include "NatController.h"
Szymon Jakubczaka0efaec2014-02-14 17:09:43 -0500[diff] [blame]35#include "NetworkController.h"
Robert Greenwaltfc97b822011-11-02 16:48:36 -0700[diff] [blame]36#include "SecondaryTableController.h"
Robert Greenwaltc4621772012-01-31 12:46:45 -0800[diff] [blame]37#include "NetdConstants.h"
San Mehat9ff78fb2010-01-19 12:59:15 -0800[diff] [blame]38
Jeff Sharkey8e188ed2012-07-12 18:32:03 -0700[diff] [blame]39const char* NatController::LOCAL_FORWARD = "natctrl_FORWARD";
40const char* NatController::LOCAL_NAT_POSTROUTING = "natctrl_nat_POSTROUTING";
JP Abgrallbaeccc42013-06-25 09:44:10 -0700[diff] [blame]41const char* NatController::LOCAL_TETHER_COUNTERS_CHAIN = "natctrl_tether_counters";
Jeff Sharkey8e188ed2012-07-12 18:32:03 -0700[diff] [blame]42
Szymon Jakubczaka0efaec2014-02-14 17:09:43 -0500[diff] [blame]43NatController::NatController(SecondaryTableController *table_ctrl, NetworkController* net_ctrl) :
44 mSecondaryTableCtrl(table_ctrl), mNetCtrl(net_ctrl) {
San Mehat9ff78fb2010-01-19 12:59:15 -0800[diff] [blame]45}
46
47NatController::~NatController() {
48}
49
JP Abgrall4ae80de2013-03-14 20:06:20 -0700[diff] [blame]50struct CommandsAndArgs {
51 /* The array size doesn't really matter as the compiler will barf if too many initializers are specified. */
52 const char *cmd[32];
53 bool checkRes;
54};
55
Rom Lemarchand001f0a42013-01-31 12:41:03 -0800[diff] [blame]56int NatController::runCmd(int argc, const char **argv) {
JP Abgrall11b4e9b2011-08-11 15:34:49 -0700[diff] [blame]57 int res;
San Mehat9ff78fb2010-01-19 12:59:15 -0800[diff] [blame]58
Rom Lemarchand001f0a42013-01-31 12:41:03 -0800[diff] [blame]59 res = android_fork_execvp(argc, (char **)argv, NULL, false, false);
JP Abgrallbaeccc42013-06-25 09:44:10 -0700[diff] [blame]60
61#if !LOG_NDEBUG
62 std::string full_cmd = argv[0];
63 argc--; argv++;
64 /*
65 * HACK: Sometimes runCmd() is called with a ridcously large value (32)
66 * and it works because the argv[] contains a NULL after the last
67 * true argv. So here we use the NULL argv[] to terminate when the argc
68 * is horribly wrong, and argc for the normal cases.
69 */
70 for (; argc && argv[0]; argc--, argv++) {
71 full_cmd += " ";
72 full_cmd += argv[0];
73 }
74 ALOGV("runCmd(%s) res=%d", full_cmd.c_str(), res);
75#endif
JP Abgrall11b4e9b2011-08-11 15:34:49 -0700[diff] [blame]76 return res;
San Mehat9ff78fb2010-01-19 12:59:15 -0800[diff] [blame]77}
78
JP Abgrall0031cea2012-04-17 16:38:23 -0700[diff] [blame]79int NatController::setupIptablesHooks() {
JP Abgrallbaeccc42013-06-25 09:44:10 -0700[diff] [blame]80 int res;
81 res = setDefaults();
82 if (res < 0) {
83 return res;
84 }
85
86 struct CommandsAndArgs defaultCommands[] = {
87 /*
88 * Chain for tethering counters.
89 * This chain is reached via --goto, and then RETURNS.
90 */
91 {{IPTABLES_PATH, "-F", LOCAL_TETHER_COUNTERS_CHAIN,}, 0},
92 {{IPTABLES_PATH, "-X", LOCAL_TETHER_COUNTERS_CHAIN,}, 0},
93 {{IPTABLES_PATH, "-N", LOCAL_TETHER_COUNTERS_CHAIN,}, 1},
94 };
95 for (unsigned int cmdNum = 0; cmdNum < ARRAY_SIZE(defaultCommands); cmdNum++) {
96 if (runCmd(ARRAY_SIZE(defaultCommands[cmdNum].cmd), defaultCommands[cmdNum].cmd) &&
97 defaultCommands[cmdNum].checkRes) {
98 return -1;
99 }
100 }
JP Abgrallf3cc83f2013-09-11 20:01:59 -0700[diff] [blame]101 ifacePairList.clear();
JP Abgrallbaeccc42013-06-25 09:44:10 -0700[diff] [blame]102
JP Abgrall0031cea2012-04-17 16:38:23 -0700[diff] [blame]103 return 0;
104}
105
106int NatController::setDefaults() {
JP Abgrallbaeccc42013-06-25 09:44:10 -0700[diff] [blame]107 /*
108 * The following only works because:
109 * - the defaultsCommands[].cmd array is padded with NULL, and
110 * - the 1st argc of runCmd() will just be the max for the CommandsAndArgs[].cmd, and
111 * - internally it will be memcopied to an array and terminated with a NULL.
112 */
JP Abgrall4ae80de2013-03-14 20:06:20 -0700[diff] [blame]113 struct CommandsAndArgs defaultCommands[] = {
JP Abgrallbaeccc42013-06-25 09:44:10 -0700[diff] [blame]114 {{IPTABLES_PATH, "-F", LOCAL_FORWARD,}, 1},
115 {{IPTABLES_PATH, "-A", LOCAL_FORWARD, "-j", "DROP"}, 1},
116 {{IPTABLES_PATH, "-t", "nat", "-F", LOCAL_NAT_POSTROUTING}, 1},
JP Abgrall4ae80de2013-03-14 20:06:20 -0700[diff] [blame]117 {{IP_PATH, "rule", "flush"}, 0},
118 {{IP_PATH, "-6", "rule", "flush"}, 0},
119 {{IP_PATH, "rule", "add", "from", "all", "lookup", "default", "prio", "32767"}, 0},
120 {{IP_PATH, "rule", "add", "from", "all", "lookup", "main", "prio", "32766"}, 0},
121 {{IP_PATH, "-6", "rule", "add", "from", "all", "lookup", "default", "prio", "32767"}, 0},
122 {{IP_PATH, "-6", "rule", "add", "from", "all", "lookup", "main", "prio", "32766"}, 0},
123 {{IP_PATH, "route", "flush", "cache"}, 0},
Rom Lemarchand001f0a42013-01-31 12:41:03 -0800[diff] [blame]124 };
JP Abgrall4ae80de2013-03-14 20:06:20 -0700[diff] [blame]125 for (unsigned int cmdNum = 0; cmdNum < ARRAY_SIZE(defaultCommands); cmdNum++) {
126 if (runCmd(ARRAY_SIZE(defaultCommands[cmdNum].cmd), defaultCommands[cmdNum].cmd) &&
127 defaultCommands[cmdNum].checkRes) {
128 return -1;
129 }
130 }
Robert Greenwaltfc97b822011-11-02 16:48:36 -0700[diff] [blame]131
132 natCount = 0;
Kazuhiro Ondo4ab46852012-01-12 16:15:06 -0600[diff] [blame]133
San Mehat9ff78fb2010-01-19 12:59:15 -0800[diff] [blame]134 return 0;
135}
136
Robert Greenwaltfc97b822011-11-02 16:48:36 -0700[diff] [blame]137bool NatController::checkInterface(const char *iface) {
Jaime A Lopez-Sollanod14fd4f2012-01-11 16:29:28 -0800[diff] [blame]138 if (strlen(iface) > IFNAMSIZ) return false;
San Mehat9ff78fb2010-01-19 12:59:15 -0800[diff] [blame]139 return true;
140}
141
JP Abgrall4ae80de2013-03-14 20:06:20 -0700[diff] [blame]142int NatController::routesOp(bool add, const char *intIface, const char *extIface, char **argv, int addrCount) {
Szymon Jakubczaka0efaec2014-02-14 17:09:43 -0500[diff] [blame]143 unsigned netId = mNetCtrl->getNetworkId(extIface);
JP Abgrall4ae80de2013-03-14 20:06:20 -0700[diff] [blame]144 int ret = 0;
145
Szymon Jakubczaka0efaec2014-02-14 17:09:43 -0500[diff] [blame]146 for (int i = 0; i < addrCount; i++) {
147 if (add) {
148 ret |= mSecondaryTableCtrl->modifyFromRule(netId, ADD, argv[5+i]);
149 ret |= mSecondaryTableCtrl->modifyLocalRoute(netId, ADD, intIface, argv[5+i]);
150 } else {
151 ret |= mSecondaryTableCtrl->modifyLocalRoute(netId, DEL, intIface, argv[5+i]);
152 ret |= mSecondaryTableCtrl->modifyFromRule(netId, DEL, argv[5+i]);
JP Abgrall4ae80de2013-03-14 20:06:20 -0700[diff] [blame]153 }
JP Abgrall4ae80de2013-03-14 20:06:20 -0700[diff] [blame]154 }
Szymon Jakubczaka0efaec2014-02-14 17:09:43 -0500[diff] [blame]155 const char *cmd[] = {
156 IP_PATH,
157 "route",
158 "flush",
159 "cache"
160 };
161 runCmd(ARRAY_SIZE(cmd), cmd);
JP Abgrall4ae80de2013-03-14 20:06:20 -0700[diff] [blame]162 return ret;
163}
164
Robert Greenwaltfc97b822011-11-02 16:48:36 -0700[diff] [blame]165// 0 1 2 3 4 5
166// nat enable intface extface addrcnt nated-ipaddr/prelength
167int NatController::enableNat(const int argc, char **argv) {
Robert Greenwaltfc97b822011-11-02 16:48:36 -0700[diff] [blame]168 int addrCount = atoi(argv[4]);
Robert Greenwaltfc97b822011-11-02 16:48:36 -0700[diff] [blame]169 const char *intIface = argv[2];
170 const char *extIface = argv[3];
San Mehat9ff78fb2010-01-19 12:59:15 -0800[diff] [blame]171
JP Abgrallbaeccc42013-06-25 09:44:10 -0700[diff] [blame]172 ALOGV("enableNat(intIface=<%s>, extIface=<%s>)",intIface, extIface);
173
Robert Greenwaltfc97b822011-11-02 16:48:36 -0700[diff] [blame]174 if (!checkInterface(intIface) || !checkInterface(extIface)) {
Steve Block5ea0c052012-01-06 19:18:11 +0000[diff] [blame]175 ALOGE("Invalid interface specified");
San Mehat9ff78fb2010-01-19 12:59:15 -0800[diff] [blame]176 errno = ENODEV;
177 return -1;
178 }
179
JP Abgrallbaeccc42013-06-25 09:44:10 -0700[diff] [blame]180 /* Bug: b/9565268. "enableNat wlan0 wlan0". For now we fail until java-land is fixed */
181 if (!strcmp(intIface, extIface)) {
182 ALOGE("Duplicate interface specified: %s %s", intIface, extIface);
183 errno = EINVAL;
184 return -1;
185 }
186
Robert Greenwaltfc97b822011-11-02 16:48:36 -0700[diff] [blame]187 if (argc < 5 + addrCount) {
Steve Block5ea0c052012-01-06 19:18:11 +0000[diff] [blame]188 ALOGE("Missing Argument");
Robert Greenwaltfc97b822011-11-02 16:48:36 -0700[diff] [blame]189 errno = EINVAL;
190 return -1;
191 }
JP Abgrall659692a2013-03-14 20:07:17 -0700[diff] [blame]192 if (routesOp(true, intIface, extIface, argv, addrCount)) {
193 ALOGE("Error setting route rules");
194 routesOp(false, intIface, extIface, argv, addrCount);
195 errno = ENODEV;
196 return -1;
197 }
198
199 // add this if we are the first added nat
200 if (natCount == 0) {
201 const char *cmd[] = {
202 IPTABLES_PATH,
203 "-t",
204 "nat",
205 "-A",
JP Abgrallbaeccc42013-06-25 09:44:10 -0700[diff] [blame]206 LOCAL_NAT_POSTROUTING,
JP Abgrall659692a2013-03-14 20:07:17 -0700[diff] [blame]207 "-o",
208 extIface,
209 "-j",
210 "MASQUERADE"
211 };
212 if (runCmd(ARRAY_SIZE(cmd), cmd)) {
213 ALOGE("Error seting postroute rule: iface=%s", extIface);
214 // unwind what's been done, but don't care about success - what more could we do?
215 routesOp(false, intIface, extIface, argv, addrCount);
216 setDefaults();
217 return -1;
218 }
219 }
220
221
222 if (setForwardRules(true, intIface, extIface) != 0) {
Steve Block5ea0c052012-01-06 19:18:11 +0000[diff] [blame]223 ALOGE("Error setting forward rules");
JP Abgrall4ae80de2013-03-14 20:06:20 -0700[diff] [blame]224 routesOp(false, intIface, extIface, argv, addrCount);
JP Abgrall659692a2013-03-14 20:07:17 -0700[diff] [blame]225 if (natCount == 0) {
226 setDefaults();
227 }
Robert Greenwaltfc97b822011-11-02 16:48:36 -0700[diff] [blame]228 errno = ENODEV;
229 return -1;
230 }
231
JP Abgrall0031cea2012-04-17 16:38:23 -0700[diff] [blame]232 /* Always make sure the drop rule is at the end */
Rom Lemarchand001f0a42013-01-31 12:41:03 -0800[diff] [blame]233 const char *cmd1[] = {
234 IPTABLES_PATH,
235 "-D",
JP Abgrallbaeccc42013-06-25 09:44:10 -0700[diff] [blame]236 LOCAL_FORWARD,
Rom Lemarchand001f0a42013-01-31 12:41:03 -0800[diff] [blame]237 "-j",
238 "DROP"
239 };
240 runCmd(ARRAY_SIZE(cmd1), cmd1);
241 const char *cmd2[] = {
242 IPTABLES_PATH,
243 "-A",
JP Abgrallbaeccc42013-06-25 09:44:10 -0700[diff] [blame]244 LOCAL_FORWARD,
Rom Lemarchand001f0a42013-01-31 12:41:03 -0800[diff] [blame]245 "-j",
246 "DROP"
247 };
248 runCmd(ARRAY_SIZE(cmd2), cmd2);
JP Abgrall0031cea2012-04-17 16:38:23 -0700[diff] [blame]249
Robert Greenwaltfc97b822011-11-02 16:48:36 -0700[diff] [blame]250 natCount++;
Robert Greenwaltfc97b822011-11-02 16:48:36 -0700[diff] [blame]251 return 0;
252}
253
JP Abgrallf3cc83f2013-09-11 20:01:59 -0700[diff] [blame]254bool NatController::checkTetherCountingRuleExist(const char *pair_name) {
255 std::list<std::string>::iterator it;
256
257 for (it = ifacePairList.begin(); it != ifacePairList.end(); it++) {
258 if (*it == pair_name) {
259 /* We already have this counter */
260 return true;
261 }
262 }
263 return false;
264}
265
JP Abgrallbaeccc42013-06-25 09:44:10 -0700[diff] [blame]266int NatController::setTetherCountingRules(bool add, const char *intIface, const char *extIface) {
267
268 /* We only ever add tethering quota rules so that they stick. */
269 if (!add) {
270 return 0;
271 }
Sreeram Ramachandran56afacf2014-05-28 15:07:00 -0700[diff] [blame]272 char *pair_name;
JP Abgrallf3cc83f2013-09-11 20:01:59 -0700[diff] [blame]273 asprintf(&pair_name, "%s_%s", intIface, extIface);
JP Abgrallbaeccc42013-06-25 09:44:10 -0700[diff] [blame]274
JP Abgrallf3cc83f2013-09-11 20:01:59 -0700[diff] [blame]275 if (checkTetherCountingRuleExist(pair_name)) {
276 free(pair_name);
JP Abgrallbaeccc42013-06-25 09:44:10 -0700[diff] [blame]277 return 0;
278 }
JP Abgrallbaeccc42013-06-25 09:44:10 -0700[diff] [blame]279 const char *cmd2b[] = {
280 IPTABLES_PATH,
281 "-A",
282 LOCAL_TETHER_COUNTERS_CHAIN,
283 "-i",
284 intIface,
285 "-o",
286 extIface,
JP Abgrallbaeccc42013-06-25 09:44:10 -0700[diff] [blame]287 "-j",
288 "RETURN"
289 };
290
291 if (runCmd(ARRAY_SIZE(cmd2b), cmd2b) && add) {
JP Abgrallf3cc83f2013-09-11 20:01:59 -0700[diff] [blame]292 free(pair_name);
JP Abgrallbaeccc42013-06-25 09:44:10 -0700[diff] [blame]293 return -1;
294 }
JP Abgrallf3cc83f2013-09-11 20:01:59 -0700[diff] [blame]295 ifacePairList.push_front(pair_name);
296 free(pair_name);
JP Abgrallbaeccc42013-06-25 09:44:10 -0700[diff] [blame]297
JP Abgrallf3cc83f2013-09-11 20:01:59 -0700[diff] [blame]298 asprintf(&pair_name, "%s_%s", extIface, intIface);
299 if (checkTetherCountingRuleExist(pair_name)) {
300 free(pair_name);
JP Abgrallbaeccc42013-06-25 09:44:10 -0700[diff] [blame]301 return 0;
302 }
JP Abgrallbaeccc42013-06-25 09:44:10 -0700[diff] [blame]303
304 const char *cmd3b[] = {
305 IPTABLES_PATH,
306 "-A",
307 LOCAL_TETHER_COUNTERS_CHAIN,
308 "-i",
309 extIface,
310 "-o",
311 intIface,
JP Abgrallbaeccc42013-06-25 09:44:10 -0700[diff] [blame]312 "-j",
313 "RETURN"
314 };
315
316 if (runCmd(ARRAY_SIZE(cmd3b), cmd3b) && add) {
317 // unwind what's been done, but don't care about success - what more could we do?
JP Abgrallf3cc83f2013-09-11 20:01:59 -0700[diff] [blame]318 free(pair_name);
JP Abgrallbaeccc42013-06-25 09:44:10 -0700[diff] [blame]319 return -1;
320 }
JP Abgrallf3cc83f2013-09-11 20:01:59 -0700[diff] [blame]321 ifacePairList.push_front(pair_name);
322 free(pair_name);
JP Abgrallbaeccc42013-06-25 09:44:10 -0700[diff] [blame]323 return 0;
324}
325
326int NatController::setForwardRules(bool add, const char *intIface, const char *extIface) {
Rom Lemarchand001f0a42013-01-31 12:41:03 -0800[diff] [blame]327 const char *cmd1[] = {
328 IPTABLES_PATH,
329 add ? "-A" : "-D",
JP Abgrallbaeccc42013-06-25 09:44:10 -0700[diff] [blame]330 LOCAL_FORWARD,
Rom Lemarchand001f0a42013-01-31 12:41:03 -0800[diff] [blame]331 "-i",
332 extIface,
333 "-o",
334 intIface,
335 "-m",
336 "state",
337 "--state",
338 "ESTABLISHED,RELATED",
JP Abgrallbaeccc42013-06-25 09:44:10 -0700[diff] [blame]339 "-g",
340 LOCAL_TETHER_COUNTERS_CHAIN
Rom Lemarchand001f0a42013-01-31 12:41:03 -0800[diff] [blame]341 };
342 int rc = 0;
Robert Greenwaltfc97b822011-11-02 16:48:36 -0700[diff] [blame]343
Rom Lemarchand001f0a42013-01-31 12:41:03 -0800[diff] [blame]344 if (runCmd(ARRAY_SIZE(cmd1), cmd1) && add) {
San Mehat9ff78fb2010-01-19 12:59:15 -0800[diff] [blame]345 return -1;
346 }
347
Rom Lemarchand001f0a42013-01-31 12:41:03 -0800[diff] [blame]348 const char *cmd2[] = {
349 IPTABLES_PATH,
350 add ? "-A" : "-D",
JP Abgrallbaeccc42013-06-25 09:44:10 -0700[diff] [blame]351 LOCAL_FORWARD,
Rom Lemarchand001f0a42013-01-31 12:41:03 -0800[diff] [blame]352 "-i",
353 intIface,
354 "-o",
355 extIface,
356 "-m",
357 "state",
358 "--state",
359 "INVALID",
360 "-j",
361 "DROP"
362 };
363
364 const char *cmd3[] = {
365 IPTABLES_PATH,
366 add ? "-A" : "-D",
JP Abgrallbaeccc42013-06-25 09:44:10 -0700[diff] [blame]367 LOCAL_FORWARD,
Rom Lemarchand001f0a42013-01-31 12:41:03 -0800[diff] [blame]368 "-i",
369 intIface,
370 "-o",
371 extIface,
JP Abgrallbaeccc42013-06-25 09:44:10 -0700[diff] [blame]372 "-g",
373 LOCAL_TETHER_COUNTERS_CHAIN
Rom Lemarchand001f0a42013-01-31 12:41:03 -0800[diff] [blame]374 };
375
376 if (runCmd(ARRAY_SIZE(cmd2), cmd2) && add) {
Robert Greenwaltf7bf29c2011-11-01 22:07:28 -0700[diff] [blame]377 // bail on error, but only if adding
Rom Lemarchand001f0a42013-01-31 12:41:03 -0800[diff] [blame]378 rc = -1;
379 goto err_invalid_drop;
Robert Greenwaltddb9f6e2011-08-02 13:00:11 -0700[diff] [blame]380 }
381
Rom Lemarchand001f0a42013-01-31 12:41:03 -0800[diff] [blame]382 if (runCmd(ARRAY_SIZE(cmd3), cmd3) && add) {
Robert Greenwalt210b9772010-03-25 14:54:45 -0700[diff] [blame]383 // unwind what's been done, but don't care about success - what more could we do?
Rom Lemarchand001f0a42013-01-31 12:41:03 -0800[diff] [blame]384 rc = -1;
385 goto err_return;
San Mehat9ff78fb2010-01-19 12:59:15 -0800[diff] [blame]386 }
JP Abgrall0031cea2012-04-17 16:38:23 -0700[diff] [blame]387
JP Abgrallbaeccc42013-06-25 09:44:10 -0700[diff] [blame]388 if (setTetherCountingRules(add, intIface, extIface) && add) {
389 rc = -1;
390 goto err_return;
391 }
392
San Mehat9ff78fb2010-01-19 12:59:15 -0800[diff] [blame]393 return 0;
Rom Lemarchand001f0a42013-01-31 12:41:03 -0800[diff] [blame]394
395err_return:
396 cmd2[1] = "-D";
397 runCmd(ARRAY_SIZE(cmd2), cmd2);
398err_invalid_drop:
399 cmd1[1] = "-D";
400 runCmd(ARRAY_SIZE(cmd1), cmd1);
401 return rc;
San Mehat9ff78fb2010-01-19 12:59:15 -0800[diff] [blame]402}
403
Robert Greenwaltfc97b822011-11-02 16:48:36 -0700[diff] [blame]404// nat disable intface extface
405// 0 1 2 3 4 5
406// nat enable intface extface addrcnt nated-ipaddr/prelength
407int NatController::disableNat(const int argc, char **argv) {
Robert Greenwaltfc97b822011-11-02 16:48:36 -0700[diff] [blame]408 int addrCount = atoi(argv[4]);
409 const char *intIface = argv[2];
410 const char *extIface = argv[3];
Robert Greenwalt1caafe62010-03-24 15:43:00 -0700[diff] [blame]411
Robert Greenwaltfc97b822011-11-02 16:48:36 -0700[diff] [blame]412 if (!checkInterface(intIface) || !checkInterface(extIface)) {
Steve Block5ea0c052012-01-06 19:18:11 +0000[diff] [blame]413 ALOGE("Invalid interface specified");
Robert Greenwaltfc97b822011-11-02 16:48:36 -0700[diff] [blame]414 errno = ENODEV;
415 return -1;
416 }
417
418 if (argc < 5 + addrCount) {
Steve Block5ea0c052012-01-06 19:18:11 +0000[diff] [blame]419 ALOGE("Missing Argument");
Robert Greenwaltfc97b822011-11-02 16:48:36 -0700[diff] [blame]420 errno = EINVAL;
421 return -1;
422 }
423
424 setForwardRules(false, intIface, extIface);
JP Abgrall4ae80de2013-03-14 20:06:20 -0700[diff] [blame]425 routesOp(false, intIface, extIface, argv, addrCount);
Robert Greenwaltfc97b822011-11-02 16:48:36 -0700[diff] [blame]426 if (--natCount <= 0) {
Kazuhiro Ondo4ab46852012-01-12 16:15:06 -0600[diff] [blame]427 // handle decrement to 0 case (do reset to defaults) and erroneous dec below 0
428 setDefaults();
Robert Greenwaltfc97b822011-11-02 16:48:36 -0700[diff] [blame]429 }
430 return 0;
San Mehat9ff78fb2010-01-19 12:59:15 -0800[diff] [blame]431}