1/*
2 * Copyright (C) 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 *      http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#ifndef NETD_SERVER_ROUTE_CONTROLLER_H
18#define NETD_SERVER_ROUTE_CONTROLLER_H
19
20#include "NetdConstants.h"
21#include "Permission.h"
22
23#include <sys/types.h>
24#include <linux/netlink.h>
25
26namespace android {
27namespace net {
28
29class UidRanges;
30
31class RouteController {
32public:
33    // How the routing table number is determined for route modification requests.
34    enum TableType {
35        INTERFACE,       // Compute the table number based on the interface index.
36        LOCAL_NETWORK,   // A fixed table used for routes to directly-connected clients/peers.
37        LEGACY_NETWORK,  // Use a fixed table that's used to override the default network.
38        LEGACY_SYSTEM,   // A fixed table, only modifiable by system apps; overrides VPNs too.
39    };
40
41    static const int ROUTE_TABLE_OFFSET_FROM_INDEX = 1000;
42
43    static const char* const LOCAL_MANGLE_INPUT;
44
45    static int Init(unsigned localNetId) WARN_UNUSED_RESULT;
46
47    static int addInterfaceToLocalNetwork(unsigned netId, const char* interface) WARN_UNUSED_RESULT;
48    static int removeInterfaceFromLocalNetwork(unsigned netId,
49                                               const char* interface) WARN_UNUSED_RESULT;
50
51    static int addInterfaceToPhysicalNetwork(unsigned netId, const char* interface,
52                                             Permission permission) WARN_UNUSED_RESULT;
53    static int removeInterfaceFromPhysicalNetwork(unsigned netId, const char* interface,
54                                                  Permission permission) WARN_UNUSED_RESULT;
55
56    static int addInterfaceToVirtualNetwork(unsigned netId, const char* interface, bool secure,
57                                            const UidRanges& uidRanges) WARN_UNUSED_RESULT;
58    static int removeInterfaceFromVirtualNetwork(unsigned netId, const char* interface, bool secure,
59                                                 const UidRanges& uidRanges) WARN_UNUSED_RESULT;
60
61    static int modifyPhysicalNetworkPermission(unsigned netId, const char* interface,
62                                               Permission oldPermission,
63                                               Permission newPermission) WARN_UNUSED_RESULT;
64
65    static int addUsersToVirtualNetwork(unsigned netId, const char* interface, bool secure,
66                                        const UidRanges& uidRanges) WARN_UNUSED_RESULT;
67    static int removeUsersFromVirtualNetwork(unsigned netId, const char* interface, bool secure,
68                                             const UidRanges& uidRanges) WARN_UNUSED_RESULT;
69
70    static int addUsersToRejectNonSecureNetworkRule(const UidRanges& uidRanges)
71                                                    WARN_UNUSED_RESULT;
72    static int removeUsersFromRejectNonSecureNetworkRule(const UidRanges& uidRanges)
73                                                         WARN_UNUSED_RESULT;
74
75    static int addInterfaceToDefaultNetwork(const char* interface,
76                                            Permission permission) WARN_UNUSED_RESULT;
77    static int removeInterfaceFromDefaultNetwork(const char* interface,
78                                                 Permission permission) WARN_UNUSED_RESULT;
79
80    // |nexthop| can be NULL (to indicate a directly-connected route), "unreachable" (to indicate a
81    // route that's blocked), "throw" (to indicate the lack of a match), or a regular IP address.
82    static int addRoute(const char* interface, const char* destination, const char* nexthop,
83                        TableType tableType) WARN_UNUSED_RESULT;
84    static int removeRoute(const char* interface, const char* destination, const char* nexthop,
85                           TableType tableType) WARN_UNUSED_RESULT;
86
87    static int enableTethering(const char* inputInterface,
88                               const char* outputInterface) WARN_UNUSED_RESULT;
89    static int disableTethering(const char* inputInterface,
90                                const char* outputInterface) WARN_UNUSED_RESULT;
91
92    static int addVirtualNetworkFallthrough(unsigned vpnNetId, const char* physicalInterface,
93                                            Permission permission) WARN_UNUSED_RESULT;
94    static int removeVirtualNetworkFallthrough(unsigned vpnNetId, const char* physicalInterface,
95                                               Permission permission) WARN_UNUSED_RESULT;
96
97    // For testing.
98    static int (*iptablesRestoreCommandFunction)(IptablesTarget, const std::string&,
99                                                 const std::string&, std::string *);
100};
101
102// Public because they are called by by RouteControllerTest.cpp.
103// TODO: come up with a scheme of unit testing this code that does not rely on making all its
104// functions public.
105int modifyIpRoute(uint16_t action, uint32_t table, const char* interface, const char* destination,
106                  const char* nexthop) WARN_UNUSED_RESULT;
107int flushRoutes(uint32_t table) WARN_UNUSED_RESULT;
108uint32_t getRulePriority(const nlmsghdr *nlh);
109WARN_UNUSED_RESULT int modifyIncomingPacketMark(unsigned netId, const char* interface,
110                                                Permission permission, bool add);
111
112}  // namespace net
113}  // namespace android
114
115#endif  // NETD_SERVER_ROUTE_CONTROLLER_H
116