History log of /system/netd/server/StrictController.cpp
Revision Date Author Comments (<<< Hide modified files) (Show modified files >>>)
fe9099834f313a0aa2b7cca9a322441e8152add4 02-Feb-2015 Alex Klyubin <klyubin@google.com> Store MARK/CONNMARK flags in a central location.

MARK/CONNMARK values/tags are shared accross all controllers because
of the way the firewall works. To avoid accidental clashes, it's best
to store the values used in a central place.

Change-Id: I76aaba38cba6554704a5635b1e7297a144e6e2ff
/system/netd/server/StrictController.cpp
fbe497fcd808e4317572ad48c42545105309a347 29-Oct-2014 Jeff Sharkey <jsharkey@android.com> Offer to detect non-SSL/TLS network traffic.

Introduces new module that provides network-related features for
the StrictMode developer API. The first feature offers to detect
sockets sending data not wrapped inside a layer of SSL/TLS
encryption.

This carefully only adds overhead to UIDs that have requested
detection, and it uses CONNMARK to quickly accept/reject packets
from streams that have already been inspected. Detection is done
by looking for a well-known TLS handshake header; it's not future
proof, but it's a good start. Handles both IPv4 and IPv6.

When requested, we also log the triggering packet through NFLOG and
back up to the framework to aid investigation.

Bug: 18335678
Change-Id: Ie8fab785139dfb55a71b6dc7a0f3c75a8408224b
/system/netd/server/StrictController.cpp