f7635e290be7bf427736f3849981f12369dd5215 |
|
22-Mar-2014 |
Chad Brubaker <cbrubaker@google.com> |
Merge "Move VPN routing decisions from iptables to ip" into klp-dev
|
797ec7038c124b38a7559ab74b169b36ca4705ee |
|
06-Feb-2014 |
Chad Brubaker <cbrubaker@google.com> |
Move VPN routing decisions from iptables to ip Routes are now encoded by ip rules that send connections to the Vpn table if the connection is marked and the destination falls into a route. This differs from the previous design where a mark meant that the connection must go over the VPN, now a mark simply means that it may. Bug: 12549060 Change-Id: I9be7e27a0f46858f109d8bc5c5bced309b05201a
/system/netd/SecondaryTableController.h
|
2a390120a9e90ec414d347921039ff98724d0dda |
|
20-Feb-2014 |
Chad Brubaker <cbrubaker@google.com> |
Mark uids without rules with PROTECT_MARK The default result for a uid without a mark should be MARK_PROTECT because the service using the uid's mark may be covered by a VPN that should not cover the user it is acting for. Bug: 12608570 Change-Id: I2402cb86ddb2fe6e670d1793263ff6c2c31d32fe
/system/netd/SecondaryTableController.h
|
9440e7f994901ca123393844c95fe5caa6639a3b |
|
21-Nov-2013 |
JP Abgrall <jpa@google.com> |
SecondaryTableController: force the MSS to match pmtu on TCP SYN Without this change, the VPN sets up a tun/ppp that needs a small MTU, and during TCP SYN the MSS will end up matching the outgoing iface MTU which is potentially too big. This leads to connection flakiness. The wrong MSS is visible by tcpdump-ing on the tun/ppp device. With this change, the MSS now is correct. It requires the kernel to be configured with CONFIG_NETFILTER_XT_TARGET_TCPMSS=y If kernel is not configured, it silently fails. Bug: 11579326 Change-Id: I254d8c39435b92dff91931e461e1efb8b35f6b1e
/system/netd/SecondaryTableController.h
|
2349aa60771baae85b1f5fc96e653ac2ef95034b |
|
16-Jul-2013 |
Chad Brubaker <cbrubaker@google.com> |
Host exemption now handles premarked sockets Host exemption now properly handles routing for sockets that were already marked Change-Id: I55d5c00754036a5ef49379170c37607d3e71a1e8
/system/netd/SecondaryTableController.h
|
da7df7c8f009f014486343cfbbaaae2a766f3a2b |
|
11-Jul-2013 |
Chad Brubaker <cbrubaker@google.com> |
Add netd commands to get marks for routing Add commands for fetching the mark associated with routing a uid and for fetching the mark associated with avoiding the fwmark routing rules Change-Id: I4accd1a9aecd91f6f0630eb1a5466a81e309eeac
/system/netd/SecondaryTableController.h
|
4a946095dad15548ae399665be111be9cb1d9aa6 |
|
10-Jul-2013 |
Chad Brubaker <cbrubaker@google.com> |
Add destination host exemption to VPN routing requestRouteToHost requires the ability to punch holes in the VPN for certain addresses, this adds support for this under mark based VPNs. Change-Id: I9d890829048624d43c0f1efaec54563a860e850f
/system/netd/SecondaryTableController.h
|
2251c0fbcf24a9c8fd77b23851f60304087bab2b |
|
28-Jun-2013 |
Chad Brubaker <cbrubaker@google.com> |
Add support for fwmark split tunneling Packets are now only marked for fwmark if their destination is in one of the routes for the target interface. Change-Id: Ided4ad992c4cf957d77ae11fa62ac4843a8592c7
/system/netd/SecondaryTableController.h
|
d2617936acc15567fc5111bbdb4dde20845c3cba |
|
22-Jun-2013 |
Chad Brubaker <cbrubaker@google.com> |
Add netd support for uid based routing for DNS DNSProxyListener now supports bionic changes for marking DNS requests for routing DNS requests with the uid routing rules Change-Id: Iac9aa1bb14834be6da5e512405f23c6a72dc71ed
/system/netd/SecondaryTableController.h
|
8830b94cf4824e5a6c738d39d3015c8eec976352 |
|
12-Jun-2013 |
Chad Brubaker <cbrubaker@google.com> |
Make uid marking rule's API consistent Make the netd binds for adding uid iptables mark rules consistent with the other per uid range binds. Change-Id: I97d1576f4ac11368bf6ede866229e456a2ed24da
/system/netd/SecondaryTableController.h
|
7a6ce4bed8569745798bcc26f51d6f306ebdba94 |
|
07-Jun-2013 |
Chad Brubaker <cbrubaker@google.com> |
Add netd support for marked packet forwarding Add binds in netd for setting up fwmark rules to be used with the per uid marking to do per uid routing. Change-Id: Id4f315dd1aec73f074e233c2e3f70eb24b4c537a
/system/netd/SecondaryTableController.h
|
9a50889a22c1d93c9e1a14873cde8fc1508f66fd |
|
01-Jun-2013 |
Chad Brubaker <cbrubaker@google.com> |
Add netd binds for UID based routing Add methods for add per uid mark rules to push all traffic from specific uids to specific interfaces. Allows for per uid routing for per uid VPNs. Change-Id: I8492c668e2c96010b0f74ea7e367f0b4471238ad
/system/netd/SecondaryTableController.h
|
001f0a436e9fe0353dccd98ee34b91095d9ed1a1 |
|
31-Jan-2013 |
Rom Lemarchand <romlem@google.com> |
Replace system_nosh call with android_fork_execvp Replace the system_nosh call with the android_fork_execvp from liblogwrap. Change-Id: Idfbc6bcf0bef16d4ee90d6af6bd4b07bc79913bb
/system/netd/SecondaryTableController.h
|
970274a61800e047430d81269df977de9dbe45ef |
|
12-Sep-2012 |
Elliott Hughes <enh@google.com> |
Don't include <linux/...> header files directly. These change from kernel release to release, and no longer contain some of the stuff you need. Change-Id: I3fc7176cf2246aebfc0aa2a833dfa04ea8d931fc
/system/netd/SecondaryTableController.h
|
d14fd4f83ffeea4ad1cd559a41f775f6814565cc |
|
12-Jan-2012 |
Jaime A Lopez-Sollano <jaimel@quicinc.com> |
Increase the valid name of the iface to IFNAMSIZ Define MAX_IFACE_LENGTH as IFNAMSIZ instead of 10, to prevent netd from treating an interface name 'rmnet_sdio0' as invalid. Also fix an off-by-one error. Change-Id: If6b2b27d2da6eb72f01c090cbe4f7dc2b9c296ae
/system/netd/SecondaryTableController.h
|
c462177bd58e3bf0ac4f618934dae060569e3e0b |
|
31-Jan-2012 |
Robert Greenwalt <rgreenwalt@google.com> |
Keep better tabs on secondary tables. We had some places (NatController) where routes were being set but not accounted for in the number-of-routes talley so we could end up thinking the table was empty and not clean up after ourselves properly. Also consolidated constants. bug:5917475 Change-Id: I98a41d433e1d4b4ca6692fb2328e2c9afc828145
/system/netd/SecondaryTableController.h
|
063af322b48ab1bb0c3e09eb0b64915ba568275b |
|
19-Nov-2011 |
Robert Greenwalt <rgreenwalt@google.com> |
Fix some syntax issues with IP command. Was not building secondary tables properly. Also IPv6 host routes were failing. bug:5615697 Change-Id: I0d5ad2ed7d13e4d5bd8c2f8ce15fc0ccb36a4690
/system/netd/SecondaryTableController.h
|
fc97b82e02979f246d56a4bfd60e4aab8686d3f6 |
|
03-Nov-2011 |
Robert Greenwalt <rgreenwalt@google.com> |
Start using IP tool for advanced routing. bug:5495862 bug:5396842 Change-Id: I51f21060947f57e63b18c4d35e9d49fac488d48a
/system/netd/SecondaryTableController.h
|