e8164ddc8204b626c1144a0a504754bf6622c6fd |
|
02-Oct-2014 |
Lorenzo Colitti <lorenzo@google.com> |
Fix MSS clamping. http://ag/553410 added an iptables chain and rule to do MSS clamping for tethered clients, but did not add the chain to any other chains, so the rule had no effect. Fix this by adding the chain to the proper forwarding chains. Also rename some of the new variables and constants so they are more consistent with the previous code. Bug: 17552732 Bug: 17727533 Change-Id: I9fcae31de5c0283d7d9f1dac989de84f77c5e53c
/system/netd/server/CommandListener.cpp
|
4c95a125e0930c112555437589f7620575482095 |
|
18-Sep-2014 |
Lorenzo Colitti <lorenzo@google.com> |
Support manipulating throw routes. We already supported unreachable routes. Throw routes are necessary so we can exempt the VPN endpoint from being routed through the VPN in legacy VPN modes that do not pass traffic through a tun or ppp interface but just directly appply IPsec transformations to outgoing packets. Bug: 17462989 Change-Id: I8635472ca3e96ec2866af2de48e6260ab2da13fb
/system/netd/server/CommandListener.cpp
|
bbdde9909b7b4fd31c5857156ceb00049bf4992d |
|
06-Sep-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Reserve NetIds 1..50 for OEM use. Also reserve 51..100 for our use. Bug: 17303534 Change-Id: Id082368b493dc3c5b5c479e51d273458d80ec6aa
/system/netd/server/CommandListener.cpp
|
667c477133318e4779819d34364194c8e5eaf19c |
|
26-Aug-2014 |
Lorenzo Colitti <lorenzo@google.com> |
Add a socket mark parameter to tethering DNS commands. This allows the framework to pass down to dnsmasq the socket mark to use for DNS queries. Bug: 16357676 Change-Id: I8933b6de198a92c2aaf0291931ace8966ddba275
/system/netd/server/CommandListener.cpp
|
6a46f3384b3f48e6ef77a83a5e058a47a2939a0d |
|
06-Aug-2014 |
Paul Jensen <pauljensen@google.com> |
Revert DNS cache flush command deletion from "Cleanup: Delete dead code." This reverts part of commit 1604e18615f824adb2d54c36320069ba6fcb4796. The DNS cache flushing code needs to be called when routes change. Change-Id: I20d39eabfa088deeeeeff0c3292b1910fd948b0d bug:16549455
/system/netd/server/CommandListener.cpp
|
de5d5df753dd35d852ac47a6174b06eacd0d5523 |
|
27-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Prohibit address families by default unless a VPN explicitly allows them. Bug: 15972465 Change-Id: I3278d94536fefacc86390c1ba4231680f7be8589
/system/netd/server/CommandListener.cpp
|
95684ba176a9fe5ea59207d7202e47fa12bbfdbe |
|
23-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Implement support for bypassable VPNs. Bypassable VPNs grab all traffic by default (just like secure VPNs), but: + They allow all apps to choose other networks using the multinetwork APIs. If these other networks are insecure ("untrusted"), they will enforce that the app holds the necessary permissions, such as CHANGE_NETWORK_STATE. + They support consistent routing. If an app has an existing connection over some other network when the bypassable VPN comes up, it's not interrupted. Bug: 15347374 Change-Id: Iaee9c6f6fa8103215738570d2b65d3fcf10343f3
/system/netd/server/CommandListener.cpp
|
1604e18615f824adb2d54c36320069ba6fcb4796 |
|
20-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Cleanup: Delete dead code. Bug: 15413389 Change-Id: I315468832ef18ffc84174e54774ab63b86d284dc
/system/netd/server/CommandListener.cpp
|
87475a1471373b72ffc9f81f17dfd7884723fa86 |
|
16-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Fix WiFi-Direct and Tethering. A LocalNetwork object now always exists in the NetworkController, with a fixed NetId that's guaranteed not to collide with NetIds created by the framework. When routes are added on an interface tracked by the LocalNetwork, they are added to a fixed "local_network" table. When NAT is enabled, we add a special "iif -> oif" tethering rule. Bug: 15413694 Bug: 15413741 Change-Id: I36effc438d5ac193a77174493bf196cb68a5b97a
/system/netd/server/CommandListener.cpp
|
6a773534e7f8541f221f27fb8063af079b1a5936 |
|
11-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Fix tethering in the case of a regular upstream connection. Fixes tethering via Ethernet, Bluetooth and WiFi (hotspot). Tethering when the upstream has a DUN-specific APN is likely still broken (untested). For now, assign a fixed NetId (a hack) until we can change the framework to create a valid NetworkAgent and all that jazz. Bug: 15968336 Bug: 14988803 Change-Id: Idcf4d492d9329a9c87913e27be6dd835a792bea2
/system/netd/server/CommandListener.cpp
|
e09b20aee85f1dfd8c18c3d8581ac875d939ba70 |
|
06-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Add full support for UIDs in VPNs. Major: + Implement the functions mentioned in http://go/android-multinetwork-routing correctly, including handling accept(), connect(), setNetworkForSocket() and protect() and supporting functions like canUserSelectNetwork(). + Eliminate the old code path of getting/setting UID ranges through SecondaryTableController (which is currently unused) and mUidMap. Minor: + Rename some methods/variables for clarity and consistency. + Moved some methods in .cpp files to match declaration order in the .h files. Bug: 15409918 Change-Id: Ic6ce3646c58cf645db0d9a53cbeefdd7ffafff93
/system/netd/server/CommandListener.cpp
|
ed4bd1f7d219f9f5f56763ea02cf4947e78397f6 |
|
05-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Fix permissions handling. + Rename the permissions as per: http://go/android-multinetwork-routing + Make the SYSTEM permission explicitly include NETWORK. + Grant the SYSTEM permission to system UIDs by default, but allow the framework to override them if necessary. + Move the "string to permission" parsing to CommandListener.cpp, thus allowing us to get rid of Permission.cpp. + There's no need to support multiple permissions string arguments, so tighten that up. Change-Id: I73d51b5e2f44a97e6d5ab5943ff198cebfbcc0c4
/system/netd/server/CommandListener.cpp
|
89dad013e4dd98434b0409a84567f38782894029 |
|
02-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Keep track of users allowed to call protect() explicitly. This is an API change between ConnectivityService and Netd. The ownerUid was meant for this purpose, but it's insufficient, as apps need to call protect() _before_ they create a VPN. Bug: 15409918 Change-Id: If804aa106002e96d5ffb623d32db35fd76928367
/system/netd/server/CommandListener.cpp
|
b1425cc09f8a29350520db0d4f489331df5a689b |
|
24-Jun-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Add UID range support to VPNs. This adds the necessary routing rules. Future CLs will add the ability to select the right netId for connect(), setNetworkForSocket(), DNS resolutions, etc. Bug: 15409918 Change-Id: I88a67660d49cecda834dd72ab947fbfed250f09d
/system/netd/server/CommandListener.cpp
|
4043f01f8e25f24246efadc710ad7440aab75529 |
|
23-Jun-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Introduce VPN support. This change sets up the basic routing rules for VPNs. It doesn't yet handle UID ranges (that are meant to apply to the VPN) correctly. That's forthcoming in other CLs. Bug: 15409918 Change-Id: I284de04f176dcf6ba702361de6a614266256d04e
/system/netd/server/CommandListener.cpp
|
f4f6c8de3f091be4b91a5a9d7f14e8882ec6d502 |
|
23-Jun-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Refactor: Encapsulate permissions and interfaces into a Network class. Currently, there's a lot of logic in NetworkController surrounding events such as interface addition/removal, network creation/destruction and default network change, because these events are interwined. For example, adding an interface means also adding a corresponding default network rule if the interface is being added to the current default network. When we introduce VPNs into this mix, things will get hairy real quick for all this logic in NetworkController. In this refactor, we introduce an abstract base class Network which supports adding and removing interfaces. The main concrete implementation of this is PhysicalNetwork, which allows setting permissions and "default network" state. Since we've moved network permissions into the above class, and user permissions into NetworkController, PermissionsController is unused and has been removed. Also fix a few bugs in RouteController: + Use uidEnd correctly. + Check for all error cases in inet_pton. + Check the return value of android_fork_execvp() correctly. + The "return cmd1() && cmd2()" pattern is wrong. Rewrite that code. Also (non-functional changes): + Remove instantiations of RouteController. It has static methods only. + Reorder some blocks in CommandListener so that the most frequent commands are checked first. + Remove unused paramError() and clearNetworkPreference(). + Change all return codes to int (negative errno) wherever applicable. + Add WARN_UNUSED_RESULT everywhere. + Cleanup some style in RouteController and NetworkController. + Use uid_t instead of unsigned for user IDs. + Add clearer log messages at the source of failures. + Add a check for when fwmark bits are set without corresponding mask bits. Bug: 15409918 Change-Id: Ibba78b0850160f9f3d17d476f16331a6db0025d1
/system/netd/server/CommandListener.cpp
|
96f261e8b28048b8cb48f5a4e81822c73bb813f4 |
|
23-Jun-2014 |
Lorenzo Colitti <lorenzo@google.com> |
Pass rule modification errors back to CommandListener. Change-Id: If01334dccad8b6230648713a57fd58be180ac66b
/system/netd/server/CommandListener.cpp
|
f7fc8eccb0a6a4fbca4cafdf53f5c167c8f1d755 |
|
17-Jun-2014 |
Lorenzo Colitti <lorenzo@google.com> |
Pass route add/delete errors back to CommandListener. Change-Id: Id1d6d578963080e141f71bc1303801fc53bce40a
/system/netd/server/CommandListener.cpp
|
84c1d035fdef996602ab8878d952c4fcb1f6963d |
|
30-May-2014 |
Paul Jensen <pauljensen@google.com> |
Pass NetID to clatd as a command line argument. Change-Id: I77a47b24e68c7786f790974f05787a40a4934af5
/system/netd/server/CommandListener.cpp
|
56afacf838d24cf8e54d2cf0d8ab9182ab704125 |
|
29-May-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Turn on C++11 and make all warnings into errors. As a consequence: + Comment out the names of all unused parameters. + Remove all unused variables and functions. In server/Android.mk, there are a couple of non-trivial changes: + Use libcxx instead of stlport. This is needed to fix a bunch of errors due to specifying -std=c++11. + LOCAL_SHARED_LIBRARIES is sorted. Technically, the order in which libraries are listed has an effect on linking, but nobody should be doing such brittle things anyway. Change-Id: I0aff5b745e04609da23144d0e8be4c5694321b8b
/system/netd/server/CommandListener.cpp
|
38b7af1f2cb9579895465fabc37865f5dadcac25 |
|
22-May-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Support legacy routes added by apps via ensureRouteToHost(). This adds the routes to two fixed tables: + LEGACY, which has higher priority than other non-explicit lookup tables (per-network and default network). + PRIVILEGED_LEGACY, available only to system apps and has higher priority than VPNs (system apps are those with the CONNECTIVITY_INTERNAL permission). This will be changed to per-UID tables once the kernel supports UID-based routing, so that these legacy routes are scoped to each app and not global. Also, fix a TODO: The framework (as of http://ag/471599) will not set the gateway argument if it's actually a direct-connected route. Change-Id: I0ee1ca89fdc859d75a89021ca8c1902811b1e4a9
/system/netd/server/CommandListener.cpp
|
72604075e74af459fb4637404fbf030422c6b6b6 |
|
21-May-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Rework the determination of a "valid network". + isNetIdValid() doesn't make much sense. What we want is whether the netId has actually been created (via createNetwork()). + It isn't an error to call deleteNetwork() or setDefaultNetwork() even when there are no interfaces assigned to the network. + Secure all accesses to the maps in PermissionsController with locks; they are called from many threads (CommandListener, DnsProxyListener and FwmarkServer). + Remove the redundant mIfaceNetidMap. + Minor cosmetic changes to things such as #includes and log messages. Change-Id: Ieb154589b24f00ba8067eaaec4def3534aec4923
/system/netd/server/CommandListener.cpp
|
f4cfad361175a7f9ccf4d41e76a9b289c3c3da22 |
|
21-May-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Move netd_client into netd. Change-Id: Ie4b6b303225c93f2448a503d6ea9cebb552cbad5
/system/netd/server/CommandListener.cpp
|