e60c0a51957596788995ec57d33531cd103d8dd7 |
|
28-Mar-2016 |
Lorenzo Colitti <lorenzo@google.com> |
Use iptables-restore in StrictController startup. Bug: 21725996 Change-Id: I2c049a934189f3c87ee15f052abc07d35814f0c9
/system/netd/server/StrictController.cpp
|
9028d91fd86a2d517c7ce163c1d88b41de961ba8 |
|
27-Mar-2016 |
Lorenzo Colitti <lorenzo@google.com> |
Add a test for StrictController. Bug: 21725996 Bug: 25691379 Change-Id: I24b838161eaf98dede2ae897157ba42414fc926f
/system/netd/server/StrictController.cpp
|
fe9099834f313a0aa2b7cca9a322441e8152add4 |
|
02-Feb-2015 |
Alex Klyubin <klyubin@google.com> |
Store MARK/CONNMARK flags in a central location. MARK/CONNMARK values/tags are shared accross all controllers because of the way the firewall works. To avoid accidental clashes, it's best to store the values used in a central place. Change-Id: I76aaba38cba6554704a5635b1e7297a144e6e2ff
/system/netd/server/StrictController.cpp
|
fbe497fcd808e4317572ad48c42545105309a347 |
|
29-Oct-2014 |
Jeff Sharkey <jsharkey@android.com> |
Offer to detect non-SSL/TLS network traffic. Introduces new module that provides network-related features for the StrictMode developer API. The first feature offers to detect sockets sending data not wrapped inside a layer of SSL/TLS encryption. This carefully only adds overhead to UIDs that have requested detection, and it uses CONNMARK to quickly accept/reject packets from streams that have already been inspected. Detection is done by looking for a well-known TLS handshake header; it's not future proof, but it's a good start. Handles both IPv4 and IPv6. When requested, we also log the triggering packet through NFLOG and back up to the framework to aid investigation. Bug: 18335678 Change-Id: Ie8fab785139dfb55a71b6dc7a0f3c75a8408224b
/system/netd/server/StrictController.cpp
|