| e8164ddc8204b626c1144a0a504754bf6622c6fd |
|
02-Oct-2014 |
Lorenzo Colitti <lorenzo@google.com> |
Fix MSS clamping.
http://ag/553410 added an iptables chain and rule to do MSS
clamping for tethered clients, but did not add the chain to any
other chains, so the rule had no effect.
Fix this by adding the chain to the proper forwarding chains.
Also rename some of the new variables and constants so they are
more consistent with the previous code.
Bug: 17552732
Bug: 17727533
Change-Id: I9fcae31de5c0283d7d9f1dac989de84f77c5e53c
/system/netd/server/CommandListener.cpp
|
| 4c95a125e0930c112555437589f7620575482095 |
|
18-Sep-2014 |
Lorenzo Colitti <lorenzo@google.com> |
Support manipulating throw routes.
We already supported unreachable routes. Throw routes are
necessary so we can exempt the VPN endpoint from being routed
through the VPN in legacy VPN modes that do not pass traffic
through a tun or ppp interface but just directly appply IPsec
transformations to outgoing packets.
Bug: 17462989
Change-Id: I8635472ca3e96ec2866af2de48e6260ab2da13fb
/system/netd/server/CommandListener.cpp
|
| bbdde9909b7b4fd31c5857156ceb00049bf4992d |
|
06-Sep-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Reserve NetIds 1..50 for OEM use.
Also reserve 51..100 for our use.
Bug: 17303534
Change-Id: Id082368b493dc3c5b5c479e51d273458d80ec6aa
/system/netd/server/CommandListener.cpp
|
| 667c477133318e4779819d34364194c8e5eaf19c |
|
26-Aug-2014 |
Lorenzo Colitti <lorenzo@google.com> |
Add a socket mark parameter to tethering DNS commands.
This allows the framework to pass down to dnsmasq the socket mark
to use for DNS queries.
Bug: 16357676
Change-Id: I8933b6de198a92c2aaf0291931ace8966ddba275
/system/netd/server/CommandListener.cpp
|
| 6a46f3384b3f48e6ef77a83a5e058a47a2939a0d |
|
06-Aug-2014 |
Paul Jensen <pauljensen@google.com> |
Revert DNS cache flush command deletion from "Cleanup: Delete dead code."
This reverts part of commit 1604e18615f824adb2d54c36320069ba6fcb4796.
The DNS cache flushing code needs to be called when routes change.
Change-Id: I20d39eabfa088deeeeeff0c3292b1910fd948b0d
bug:16549455
/system/netd/server/CommandListener.cpp
|
| de5d5df753dd35d852ac47a6174b06eacd0d5523 |
|
27-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Prohibit address families by default unless a VPN explicitly allows them.
Bug: 15972465
Change-Id: I3278d94536fefacc86390c1ba4231680f7be8589
/system/netd/server/CommandListener.cpp
|
| 95684ba176a9fe5ea59207d7202e47fa12bbfdbe |
|
23-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Implement support for bypassable VPNs.
Bypassable VPNs grab all traffic by default (just like secure VPNs), but:
+ They allow all apps to choose other networks using the multinetwork APIs.
If these other networks are insecure ("untrusted"), they will enforce that the
app holds the necessary permissions, such as CHANGE_NETWORK_STATE.
+ They support consistent routing. If an app has an existing connection over
some other network when the bypassable VPN comes up, it's not interrupted.
Bug: 15347374
Change-Id: Iaee9c6f6fa8103215738570d2b65d3fcf10343f3
/system/netd/server/CommandListener.cpp
|
| 1604e18615f824adb2d54c36320069ba6fcb4796 |
|
20-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Cleanup: Delete dead code.
Bug: 15413389
Change-Id: I315468832ef18ffc84174e54774ab63b86d284dc
/system/netd/server/CommandListener.cpp
|
| 87475a1471373b72ffc9f81f17dfd7884723fa86 |
|
16-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Fix WiFi-Direct and Tethering.
A LocalNetwork object now always exists in the NetworkController, with a fixed
NetId that's guaranteed not to collide with NetIds created by the framework.
When routes are added on an interface tracked by the LocalNetwork, they are
added to a fixed "local_network" table.
When NAT is enabled, we add a special "iif -> oif" tethering rule.
Bug: 15413694
Bug: 15413741
Change-Id: I36effc438d5ac193a77174493bf196cb68a5b97a
/system/netd/server/CommandListener.cpp
|
| 6a773534e7f8541f221f27fb8063af079b1a5936 |
|
11-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Fix tethering in the case of a regular upstream connection.
Fixes tethering via Ethernet, Bluetooth and WiFi (hotspot).
Tethering when the upstream has a DUN-specific APN is likely still broken
(untested).
For now, assign a fixed NetId (a hack) until we can change the framework to
create a valid NetworkAgent and all that jazz.
Bug: 15968336
Bug: 14988803
Change-Id: Idcf4d492d9329a9c87913e27be6dd835a792bea2
/system/netd/server/CommandListener.cpp
|
| e09b20aee85f1dfd8c18c3d8581ac875d939ba70 |
|
06-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Add full support for UIDs in VPNs.
Major:
+ Implement the functions mentioned in http://go/android-multinetwork-routing
correctly, including handling accept(), connect(), setNetworkForSocket()
and protect() and supporting functions like canUserSelectNetwork().
+ Eliminate the old code path of getting/setting UID ranges through
SecondaryTableController (which is currently unused) and mUidMap.
Minor:
+ Rename some methods/variables for clarity and consistency.
+ Moved some methods in .cpp files to match declaration order in the .h files.
Bug: 15409918
Change-Id: Ic6ce3646c58cf645db0d9a53cbeefdd7ffafff93
/system/netd/server/CommandListener.cpp
|
| ed4bd1f7d219f9f5f56763ea02cf4947e78397f6 |
|
05-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Fix permissions handling.
+ Rename the permissions as per: http://go/android-multinetwork-routing
+ Make the SYSTEM permission explicitly include NETWORK.
+ Grant the SYSTEM permission to system UIDs by default, but allow the framework
to override them if necessary.
+ Move the "string to permission" parsing to CommandListener.cpp, thus allowing
us to get rid of Permission.cpp.
+ There's no need to support multiple permissions string arguments, so tighten
that up.
Change-Id: I73d51b5e2f44a97e6d5ab5943ff198cebfbcc0c4
/system/netd/server/CommandListener.cpp
|
| 89dad013e4dd98434b0409a84567f38782894029 |
|
02-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Keep track of users allowed to call protect() explicitly.
This is an API change between ConnectivityService and Netd.
The ownerUid was meant for this purpose, but it's insufficient, as apps need to
call protect() _before_ they create a VPN.
Bug: 15409918
Change-Id: If804aa106002e96d5ffb623d32db35fd76928367
/system/netd/server/CommandListener.cpp
|
| b1425cc09f8a29350520db0d4f489331df5a689b |
|
24-Jun-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Add UID range support to VPNs.
This adds the necessary routing rules.
Future CLs will add the ability to select the right netId for connect(),
setNetworkForSocket(), DNS resolutions, etc.
Bug: 15409918
Change-Id: I88a67660d49cecda834dd72ab947fbfed250f09d
/system/netd/server/CommandListener.cpp
|
| 4043f01f8e25f24246efadc710ad7440aab75529 |
|
23-Jun-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Introduce VPN support.
This change sets up the basic routing rules for VPNs. It doesn't yet handle UID
ranges (that are meant to apply to the VPN) correctly. That's forthcoming in
other CLs.
Bug: 15409918
Change-Id: I284de04f176dcf6ba702361de6a614266256d04e
/system/netd/server/CommandListener.cpp
|
| f4f6c8de3f091be4b91a5a9d7f14e8882ec6d502 |
|
23-Jun-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Refactor: Encapsulate permissions and interfaces into a Network class.
Currently, there's a lot of logic in NetworkController surrounding events such
as interface addition/removal, network creation/destruction and default network
change, because these events are interwined. For example, adding an interface
means also adding a corresponding default network rule if the interface is being
added to the current default network.
When we introduce VPNs into this mix, things will get hairy real quick for all
this logic in NetworkController.
In this refactor, we introduce an abstract base class Network which supports
adding and removing interfaces. The main concrete implementation of this is
PhysicalNetwork, which allows setting permissions and "default network" state.
Since we've moved network permissions into the above class, and user permissions
into NetworkController, PermissionsController is unused and has been removed.
Also fix a few bugs in RouteController:
+ Use uidEnd correctly.
+ Check for all error cases in inet_pton.
+ Check the return value of android_fork_execvp() correctly.
+ The "return cmd1() && cmd2()" pattern is wrong. Rewrite that code.
Also (non-functional changes):
+ Remove instantiations of RouteController. It has static methods only.
+ Reorder some blocks in CommandListener so that the most frequent commands are
checked first.
+ Remove unused paramError() and clearNetworkPreference().
+ Change all return codes to int (negative errno) wherever applicable.
+ Add WARN_UNUSED_RESULT everywhere.
+ Cleanup some style in RouteController and NetworkController.
+ Use uid_t instead of unsigned for user IDs.
+ Add clearer log messages at the source of failures.
+ Add a check for when fwmark bits are set without corresponding mask bits.
Bug: 15409918
Change-Id: Ibba78b0850160f9f3d17d476f16331a6db0025d1
/system/netd/server/CommandListener.cpp
|
| 96f261e8b28048b8cb48f5a4e81822c73bb813f4 |
|
23-Jun-2014 |
Lorenzo Colitti <lorenzo@google.com> |
Pass rule modification errors back to CommandListener.
Change-Id: If01334dccad8b6230648713a57fd58be180ac66b
/system/netd/server/CommandListener.cpp
|
| f7fc8eccb0a6a4fbca4cafdf53f5c167c8f1d755 |
|
17-Jun-2014 |
Lorenzo Colitti <lorenzo@google.com> |
Pass route add/delete errors back to CommandListener.
Change-Id: Id1d6d578963080e141f71bc1303801fc53bce40a
/system/netd/server/CommandListener.cpp
|
| 84c1d035fdef996602ab8878d952c4fcb1f6963d |
|
30-May-2014 |
Paul Jensen <pauljensen@google.com> |
Pass NetID to clatd as a command line argument.
Change-Id: I77a47b24e68c7786f790974f05787a40a4934af5
/system/netd/server/CommandListener.cpp
|
| 56afacf838d24cf8e54d2cf0d8ab9182ab704125 |
|
29-May-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Turn on C++11 and make all warnings into errors.
As a consequence:
+ Comment out the names of all unused parameters.
+ Remove all unused variables and functions.
In server/Android.mk, there are a couple of non-trivial changes:
+ Use libcxx instead of stlport. This is needed to fix a bunch of errors due to
specifying -std=c++11.
+ LOCAL_SHARED_LIBRARIES is sorted. Technically, the order in which libraries
are listed has an effect on linking, but nobody should be doing such brittle
things anyway.
Change-Id: I0aff5b745e04609da23144d0e8be4c5694321b8b
/system/netd/server/CommandListener.cpp
|
| 38b7af1f2cb9579895465fabc37865f5dadcac25 |
|
22-May-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Support legacy routes added by apps via ensureRouteToHost().
This adds the routes to two fixed tables:
+ LEGACY, which has higher priority than other non-explicit lookup tables
(per-network and default network).
+ PRIVILEGED_LEGACY, available only to system apps and has higher priority than
VPNs (system apps are those with the CONNECTIVITY_INTERNAL permission).
This will be changed to per-UID tables once the kernel supports UID-based
routing, so that these legacy routes are scoped to each app and not global.
Also, fix a TODO: The framework (as of http://ag/471599) will not set the
gateway argument if it's actually a direct-connected route.
Change-Id: I0ee1ca89fdc859d75a89021ca8c1902811b1e4a9
/system/netd/server/CommandListener.cpp
|
| 72604075e74af459fb4637404fbf030422c6b6b6 |
|
21-May-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Rework the determination of a "valid network".
+ isNetIdValid() doesn't make much sense. What we want is whether the netId has
actually been created (via createNetwork()).
+ It isn't an error to call deleteNetwork() or setDefaultNetwork() even when
there are no interfaces assigned to the network.
+ Secure all accesses to the maps in PermissionsController with locks; they are
called from many threads (CommandListener, DnsProxyListener and FwmarkServer).
+ Remove the redundant mIfaceNetidMap.
+ Minor cosmetic changes to things such as #includes and log messages.
Change-Id: Ieb154589b24f00ba8067eaaec4def3534aec4923
/system/netd/server/CommandListener.cpp
|
| f4cfad361175a7f9ccf4d41e76a9b289c3c3da22 |
|
21-May-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Move netd_client into netd.
Change-Id: Ie4b6b303225c93f2448a503d6ea9cebb552cbad5
/system/netd/server/CommandListener.cpp
|