424 // An iptables rule to mark incoming packets on a network with the netId of the network.
431 WARN_UNUSED_RESULT int modifyIncomingPacketMark(unsigned netId, const char* interface,
435     fwmark.netId = netId;
463 // Notice that this rule doesn't use the netId. I.e., no matter what netId the user's socket may
494 WARN_UNUSED_RESULT int modifyVpnSystemPermissionRule(unsigned netId, uint32_t table, bool secure,
499     fwmark.netId = netId;
500     mask.netId = FWMARK_NET_ID_MASK;
515 // Even though we check permissions at the time we set a netId into the fwmark of a socket, we need
518 WARN_UNUSED_RESULT int modifyExplicitNetworkRule(unsigned netId, uint32_t table,
524     fwmark.netId = netId;
525     mask.netId = FWMARK_NET_ID_MASK;
569 WARN_UNUSED_RESULT int modifyImplicitNetworkRule(unsigned netId, uint32_t table, bool add) {
573     fwmark.netId = netId;
574     mask.netId = FWMARK_NET_ID_MASK;
588 // If a packet with a VPN's netId doesn't find a route in the VPN's routing table, it's allowed to
602     fwmark.netId = vpnNetId;
603     mask.netId = FWMARK_NET_ID_MASK;
700     fwmark.netId = NETID_UNSET;
701     mask.netId = FWMARK_NET_ID_MASK;
716 WARN_UNUSED_RESULT int modifyLocalNetwork(unsigned netId, const char* interface, bool add) {
717     if (int ret = modifyIncomingPacketMark(netId, interface, PERMISSION_NONE, add)) {
724 WARN_UNUSED_RESULT int modifyPhysicalNetwork(unsigned netId, const char* interface,
731     if (int ret = modifyIncomingPacketMark(netId, interface, permission, add)) {
734     if (int ret = modifyExplicitNetworkRule(netId, table, permission, INVALID_UID, INVALID_UID,
764         return modifyImplicitNetworkRule(netId, table, add);
787 WARN_UNUSED_RESULT int modifyVirtualNetwork(unsigned netId, const char* interface,
800         if (int ret = modifyExplicitNetworkRule(netId, table, PERMISSION_NONE, range.getStart(),
811         if (int ret = modifyIncomingPacketMark(netId, interface, PERMISSION_NONE, add)) {
817         if (int ret = modifyVpnSystemPermissionRule(netId, table, secure, add)) {
820         return modifyExplicitNetworkRule(netId, table, PERMISSION_NONE, UID_ROOT, UID_ROOT, add);
836     fwmark.netId = NETID_UNSET;
837     mask.netId = FWMARK_NET_ID_MASK;
973 int RouteController::addInterfaceToLocalNetwork(unsigned netId, const char* interface) {
974     return modifyLocalNetwork(netId, interface, ACTION_ADD);
977 int RouteController::removeInterfaceFromLocalNetwork(unsigned netId, const char* interface) {
978     return modifyLocalNetwork(netId, interface, ACTION_DEL);
981 int RouteController::addInterfaceToPhysicalNetwork(unsigned netId, const char* interface,
983     if (int ret = modifyPhysicalNetwork(netId, interface, permission, ACTION_ADD)) {
990 int RouteController::removeInterfaceFromPhysicalNetwork(unsigned netId, const char* interface,
992     if (int ret = modifyPhysicalNetwork(netId, interface, permission, ACTION_DEL)) {
1005 int RouteController::addInterfaceToVirtualNetwork(unsigned netId, const char* interface,
1007     if (int ret = modifyVirtualNetwork(netId, interface, uidRanges, secure, ACTION_ADD,
1015 int RouteController::removeInterfaceFromVirtualNetwork(unsigned netId, const char* interface,
1017     if (int ret = modifyVirtualNetwork(netId, interface, uidRanges, secure, ACTION_DEL,
1028 int RouteController::modifyPhysicalNetworkPermission(unsigned netId, const char* interface,
1032     if (int ret = modifyPhysicalNetwork(netId, interface, newPermission, ACTION_ADD)) {
1035     return modifyPhysicalNetwork(netId, interface, oldPermission, ACTION_DEL);
1046 int RouteController::addUsersToVirtualNetwork(unsigned netId, const char* interface, bool secure,
1048     return modifyVirtualNetwork(netId, interface, uidRanges, secure, ACTION_ADD,
1052 int RouteController::removeUsersFromVirtualNetwork(unsigned netId, const char* interface,
1054     return modifyVirtualNetwork(netId, interface, uidRanges, secure, ACTION_DEL,

Indexes created Tue Jun 19 19:05:46 CEST 2018