acbb6b7bbea17c5653929ee5224bd4f8e16c0f69 |
|
27-Apr-2018 |
Rubin Xu <rubinxu@google.com> |
Do not destroy socket when VPN interface address is still in use Normally when an IP address is removed, all sockets associated with the addresses are destroyed. This patchset changes this behavior such that if the address in question is still being used by another interface that belongs to the same underlying virtual network, the destroy operation is skipped. This change is needed to support VPN seamless handover where the VPN app will establish a second TUN interface (with different config) before tearing down the existing interface. The intention is that during this handover existing socket connections should not be disturbed. There is a companion change in the framework side to make sure during such handover, the VPN netId remains unchanged so routing still works. Bug: 64692591 Test: cts-tradefed run commandAndExit cts-dev -m CtsHostsideNetworkTests -t com.android.cts.net.HostsideVpnTests Test: system/netd/tests/runtests.sh Change-Id: I02c6b0db5f15cd1aef3e3fa6f0c36e86b4f427fd
/system/netd/server/RouteController.cpp
|
dcb11893d76effcd0fdea1efc44610d64ea40f12 |
|
14-Mar-2018 |
Lorenzo Colitti <lorenzo@google.com> |
Add "iif lo" to all IP rules for originated traffic. This ensures that these rules are not mistakenly used by forwarded traffic. Forwarded traffic should only use rules that specify an explicit iif. The rules change as follows: 0: from all lookup local 10000: from all fwmark 0xc0000/0xd0000 lookup legacy_system 10500: from all {+iif lo+} oif dummy0 uidrange 0-0 lookup dummy0 10500: from all {+iif lo+} oif wlan0 uidrange 0-0 lookup wlan0 10500: from all {+iif lo+} oif v4-wlan0 uidrange 0-0 lookup v4-wlan0 10500: from all {+iif lo+} oif rmnet_data0 uidrange 0-0 lookup rmnet_data0 13000: from all fwmark 0x10063/0x1ffff {+iif lo+} lookup local_network 13000: from all fwmark 0x10065/0x1ffff {+iif lo+} lookup wlan0 13000: from all fwmark 0x10065/0x1ffff {+iif lo+} lookup v4-wlan0 13000: from all fwmark 0x50064/0x5ffff {+iif lo+} lookup rmnet_data0 14000: from all {+iif lo+} oif dummy0 lookup dummy0 14000: from all {+iif lo+} oif wlan0 lookup wlan0 14000: from all {+iif lo+} oif v4-wlan0 lookup v4-wlan0 14000: from all fwmark 0x40000/0x40000 {+iif lo+} oif rmnet_data0 lookup rmnet_data0 15000: from all fwmark 0x0/0x10000 lookup legacy_system 16000: from all fwmark 0x0/0x10000 lookup legacy_network 17000: from all fwmark 0x0/0x10000 lookup local_network 19000: from all fwmark 0x65/0x1ffff {+iif lo+} lookup wlan0 19000: from all fwmark 0x65/0x1ffff {+iif lo+} lookup v4-wlan0 22000: from all fwmark 0x0/0xffff {+iif lo+} lookup v4-wlan0 22000: from all fwmark 0x0/0xffff {+iif lo+} lookup wlan0 32000: from all unreachable Bug: 64976379 Bug: 73642792 Bug: 73032258 Test: marlin builds, boots, networking works Test: IPv4/v6 USB tethering works concurrently with httpurl --nethandle <foo> Test: USB tethering correctly able to use non-default-network upstream Test: T-Mobile wifi calling works on walleye internal build Change-Id: I9383a7ea54c60b0f33db8de8c6331e2f820539e1 Merged-In: I92a8eaf3b18c94f96b342f5eb3aa69735762aa6e
/system/netd/server/RouteController.cpp
|
d7dd1d3af4ebac422303370301f1d98c9a84a8ae |
|
10-Jan-2018 |
Lorenzo Colitti <lorenzo@google.com> |
Merge changes Icc35c917,I12899e03,Iff5a202c * changes: Tighten up locking in NetworkController. Add locking to RouteController. Change RouteController from free functions/members to class functions.
|
b9baf26777415ce2791fd86f4dd359ac7aab596c |
|
04-Dec-2017 |
Benedict Wong <benedictwong@google.com> |
[ipsec-qtaguid] Reserve mark, add ipsec bw exemptions This change reserves a mark denoting that a packet has already been accounted for, along with adding rules in BandwidthController to support IPSec packets being billed correctly. Bug: 62994731 Test: BandwidthControllerTest updated, passing. CTS tests also modified and passing Change-Id: I8b42975d1502a0d3b9e533bddc0892cfe1556bed
/system/netd/server/RouteController.cpp
|
5c43799a4bc53d0db6f06e6b0a93914956428ca6 |
|
27-Nov-2017 |
Lorenzo Colitti <lorenzo@google.com> |
Don't create rules with NLM_F_EXCL. Some operations, such as changing a network's permissions, rely on make-before-break, and in some cases create rules that are identical to the ones that already exist. Starting around 4.9, the kernel fails these operations with EEXIST. We can't just ignore the EEXISTs because if we get EEXIST it means that the rule was not created, but we'll think it was, and later on we'll trip up trying to delete it. It would be possible to refactor the code to ensure that these no-op operations are never performed, but we would probably have to pass a lot more state around to deal with only a few corner cases. Fix: 69607866 Test: builds Change-Id: I1b563243b615daa73a2d9f527f77608df1f56251
/system/netd/server/RouteController.cpp
|
107075a48973c18a087a5cb2ad2ad43e73f9909a |
|
30-Oct-2017 |
Lorenzo Colitti <lorenzo@google.com> |
Add locking to RouteController. Test: netd_{unit,integration}_test passes Change-Id: I12899e0304d266b25b0b021ae28f9073c8b42604
/system/netd/server/RouteController.cpp
|
02cb80a71afbbe89e3ced8b417b2abe7578dbc82 |
|
30-Oct-2017 |
Lorenzo Colitti <lorenzo@google.com> |
Change RouteController from free functions/members to class functions. In a future change, this will make it more explicit which bits of state (e.g., locks) are part of the class and which are not. Test: netd_{unit,integration}_test passes Change-Id: Iff5a202cdcb26a7b6039dd95655cc2c26592fc36
/system/netd/server/RouteController.cpp
|
92e8f96e43320efd5183d7452fb90883fd96415e |
|
26-Sep-2017 |
Lorenzo Colitti <lorenzo@google.com> |
Don't look up the main table any more. After https://android-review.googlesource.com/#/c/481397/ , directly-connected routes for all network types are added to the correct routing tables by ConnectivityService. So there should be no reason to look up the main table. Bug: 28825988 Test: bullhead builds, boots Test: netd_{unit,integration}_test pass Test: dual-stack wifi and IPv4-only mobile data work Change-Id: I64ba7dbf71478afcd9d2880440f93ef346116b6b
/system/netd/server/RouteController.cpp
|
3093f5676227bd84cc61051d035a9e8dfcfa15c1 |
|
25-Sep-2017 |
Lorenzo Colitti <lorenzo@google.com> |
Don't require permissions for high-priority oif rules. The intent of the high-priority oif rules added in ag/644462 was to ensure that the kernel can send packets and forward packets to a given interface by specifying only the oif. However, if a network requires permissions, the high-priority oif rules we create require those permission bits in the firewall mark, which means the kernel cannot use them. Therefore, remove the permissions check. Test: builds Test: netd_{unit,integration}_test pass Change-Id: I73d7eb349c4c20d0d5efe05219a89cff5015a330
/system/netd/server/RouteController.cpp
|
b5d19e9ca694af30226c83583005a583d441203e |
|
25-Sep-2017 |
Lorenzo Colitti <lorenzo@google.com> |
Minor fixes in RouteController. - Remove the definition of fib_rule_uid_range, since it's now in the UAPI headers. - Fix the comment on PRIO_THROW, which is inaccurate. Test: bullhead builds, boots Test: netd_{unit,integration}_test pass Change-Id: I52ced26c4ea21925140d6ed86991e50cff7bd46a
/system/netd/server/RouteController.cpp
|
5e03a893d999d04b7329ab8825782d75872d680f |
|
08-Sep-2017 |
Lorenzo Colitti <lorenzo@google.com> |
Invalidate dst caches when changing network permissions. (cherry picked from commit 4662e16686954dd3ca80938efe6650227877fe44) Bug: 64103722 Test: builds Test: connected socket UDP traffic switches to wifi when cell goes into background Change-Id: I502575d51781cacace96e0c2d1edb6a5183aab70
/system/netd/server/RouteController.cpp
|
be0c7c3c7aae8c76a55e77fcdc3576475d1cc10e |
|
06-Sep-2017 |
Lorenzo Colitti <lorenzo@google.com> |
Don't allow seamless handover to networks requiring permissions. Currently, implicitly-marked sockets continue to work when the network changes permission. This makes it so that UDP sockets connected on a foreground network will continue to work even if the network moves into the background (e.g., when the linger timer fires on cell data with mobile data always on). Instead, make it so that sockets implicitly marked to a network become unroutable when the network starts requiring permissions. Explicitly-marked sockets will continue to be routed on the network, as usual. This is consistent with what we do for TCP: when a network changes permissions, all implicitly-marked sockets on that network are closed using SOCK_DESTROY. This change should not affect any other behaviour because: - Netd only ever implicitly marks sockets to the default network or to a bypassable VPN that applies to the caller. - In both cases, at the time of marking, the network does not require permissions because: - VPNs don't support permissions. - The default network never requires any permissions: - ConnectivityService's mDefaultRequest specifies NOT_RESTRICTED. - The only case where a NOT_RESTRICTED network can require a permission is if it's a background network, and the default network is, by definition, never a background network. - VPNs can't change permissions. - If the network is still the default network, the lack of this implicit rule doesn't matter. Therefore, the only case where this rule can alter routing is if a socket is implicitly marked on the default network and that network, after ceasing to be the default, changes permissions. (cherry picked from commit 6bd4a48ed735c7fc5c1143bf0b2f06b8a2879e61) Bug: 64103722 Test: builds Test: manually observed IP rules while changing network permissions Change-Id: I944df3a97c8062e7c3af00f72e18e693bee0a3a6
/system/netd/server/RouteController.cpp
|
d78843eb11fdde1611598fd27d347912070c0555 |
|
26-Mar-2017 |
Lorenzo Colitti <lorenzo@google.com> |
Clear incoming packet mark rules on netd startup. Currently, we put the incoming packet mark rules directly into the INPUT chain of the mangle table, which is not cleared on netd start. Move these rules to their own chain. This makes them consistent with all the other iptables rules and makes it easy to clear them on startup using the existing mechanisms. Bug: 28362720 Test: bullhead builds, boots Test: netd_{unit,integration}_test pass Test: watch -n1 "adb shell iptables -v -n -t mangle -L INPUT" while switching networks Test: rules are cleared on netd restart Change-Id: I9130f997a96dcfdfdfdd950520a76f8473b5f603
/system/netd/server/RouteController.cpp
|
22c24ebd283d6e8fb782b34975417308839d4ad7 |
|
10-Jan-2017 |
Lorenzo Colitti <lorenzo@google.com> |
Use new-style UID routing. Kernel prebuilts for OC devices have been updated, so the legacy attributes are not being used. Use the new attributes only. This will ensure that devices aren't using the old code by mistake, as any such devices will fail the VPN CTS tests. (cherry picked from commit 882e467ff7b83de868fa0b9a9beb9036bf14aede) Cherry-picking this to AOSP now that most external kernels have been updated as well. Bug: 16355602 Test: bullhead builds, boots Test: netd_{unit,integration}_test pass Test: has been running in internal master for several weeks. Change-Id: I1c4e8c9281a843417a3a52294a1b7d3e6502bee6
/system/netd/server/RouteController.cpp
|
c1306ea230c95ef0268d4d20a213911799982671 |
|
26-Mar-2017 |
Lorenzo Colitti <lorenzo@google.com> |
Use iptables-restore to set the incoming packet mark rule. This speeds up network switching because one rule needs to be added/removed per interface. Bug: 28362720 Test: bullhead builds, boots Test: netd_{unit,integration}_test pass Test: watch -n1 "adb shell iptables -v -n -t mangle -L INPUT" while switching networks Change-Id: Ie536db6a50d018c88bb03c5f069965e99e0d162e
/system/netd/server/RouteController.cpp
|
60367db98fe9cca5b46210a5db8d8bfc638ce094 |
|
13-Feb-2017 |
Lorenzo Colitti <lorenzo@google.com> |
Add a test for RouteController. Test: netd_{unit,integration}_test pass. Change-Id: I19416fd8a79354303dabec042d090f7ae6962b1b
/system/netd/server/RouteController.cpp
|
f3e299a7c2a0136a84b58652b69e60a22bb0e708 |
|
14-Feb-2017 |
Lorenzo Colitti <lorenzo@google.com> |
Use our netlink code to flush routes as well. Most of the CL is refactoring the rule flush code to be more generic and move it and various callback definitions to NetlinkCommands. After that, flushing routes is very simple. Test: bullhead builds, boots Test: netd_{unit,integration}_test pass Bug: 34873832 Change-Id: I0613d525f043d0a8b234a89982281b909011c7e5
/system/netd/server/RouteController.cpp
|
220ca739ad863fcd40c9ca107f6e0f68f7a45d14 |
|
14-Feb-2017 |
Lorenzo Colitti <lorenzo@google.com> |
Don't complain when deleting non-existent tethering rules. clearTetheringRules ignores errors when deleting rules, because tethering rules don't exist unless tethering was enabled on the interface. sendNetlinkRequest shouldn't log an error in this case, since the caller is ignoring that error. Bug: 34873832 Test: bullhead builds, boots, spurious error messages gone Change-Id: Ib327e8a3aecd3a38d624baa8bf320da87e6c4f7c
/system/netd/server/RouteController.cpp
|
bbcd81d2e5103bbf465d69c6d0f958d3e740dd6e |
|
14-Feb-2017 |
Lorenzo Colitti <lorenzo@google.com> |
Don't call NetlinkCallbacks with nullptr on NLMSG_DONE. No real callback uses this, and even the test code doesn't seem to use it for anything useful. Bug: 34873832 Test: bullhead builds, boots, rules flushed on netd restart Test: netd_{unit,integration}_test pass Change-Id: I195dd388864e9e596af9f4d08aee7b8ade078fb5
/system/netd/server/RouteController.cpp
|
219f328b7c2f99ef27f89206bdbf1260fa7ad2e4 |
|
10-Feb-2017 |
Lorenzo Colitti <lorenzo@google.com> |
Use netlink code to flush rules. This removes two calls to /sbin/ip on netd startup, which saves about 70ms. In the future we will be able to use this to flush routes as well, which will provide similar time savings on every network destroy operation. Bug: 34873832 Test: bullhead builds, boots Test: rules flushed correctly when netd is killed Change-Id: I4875ac7fec1a92dc5fa2cb68f8fab2a903348c20
/system/netd/server/RouteController.cpp
|
1ef549de8a21612ab61861ff0035877a4b76184d |
|
13-Feb-2017 |
Lorenzo Colitti <lorenzo@google.com> |
Move the netlink command code to a new NetlinkCommands file. Test: bullhead builds, netd boots Test: netd_{unit,integration}_test pass Bug: 34873832 Change-Id: Ia6fcde63e1092a62cad1c5238bbb9a91a9f39080
/system/netd/server/RouteController.cpp
|
7035f228d17e925116b1b64a7c917b3196ab8818 |
|
13-Feb-2017 |
Lorenzo Colitti <lorenzo@google.com> |
Put most of netd into the android::net namespace. Test: netd_{unit,integration}_test pass Test: bullhead builds, boots Bug: 34873832 Change-Id: I0a252328041b342f9c03cd08c11a69d452b045b3
/system/netd/server/RouteController.cpp
|
0b073fbc366ca9f5e7eaa0ae8072445404da88eb |
|
09-Feb-2017 |
Lorenzo Colitti <lorenzo@google.com> |
Simplify and improve error logging in sendNetlinkRequest. Bug: 32323979 Test: bullhead builds, boots, new error messages appear Test: unit tests continue to pass Change-Id: Ie60ed3a71fbd26b7a8a1d2f7fb8083b1b6b9626a
/system/netd/server/RouteController.cpp
|
2b078678aafceeefea6a70e96ab8ddefe515d027 |
|
16-Dec-2016 |
Lorenzo Colitti <lorenzo@google.com> |
Set both legacy and new UID routing attributes. This should work on kernels that support either, as long as they are older than 4.8. Test: netd_integration_test passes with updated iproute and kernel Test: netd_integration_test passes with existing iproute and kernel Test: ConnectivityManagerTest and HostsideVpnTests pass on existing kernel Test: ConnectivityManagerTest and HostsideVpnTests pass on updated kernel Bug: 16355602 Change-Id: I9a2ef08ba2782587f43ea7d0609f5f07f6c3adb0
/system/netd/server/RouteController.cpp
|
dc0d578a69cc5a57167a508207e2198590142d51 |
|
20-Jul-2016 |
Robin Lee <rgl@google.com> |
UidRanges: use class instead of pair<uid_t, uid_t> Reuse the UidRange that was introduced in 7.0 (NYC) to ease transition from CommandListener to binder which supports this as a parcelable type. There is a small difference in behaviour: UidRange uses signed int32_t vs. uid_t being unsigned and potentially a different size. This should not be a problem as all of the java-side code is converting from int. Updating to use int64_t in future would be a large effort and involve changing the java-side UidRange class to use longs, and not fixing the native side would cause unit tests to fail, so it shouldn't be possible to overlook if that happens. Committing this early with an appropriately loud warning so that it can get soak time over the next year. Test: runtest -x netd_integration_test.cpp Change-Id: I6c217b347724ba5bfe2df28d6142a4343cb06353
/system/netd/server/RouteController.cpp
|
5bbe13bdc4470d0af2786fc62ad40a8ba8ff5830 |
|
17-May-2016 |
Robin Lee <rgl@google.com> |
Merge "Drop PROHIBIT_NON_VPN priority 11500 -> 12500" into nyc-dev
|
6c84ef62d953eae93c36ffa831e9b451560afba0 |
|
03-May-2016 |
Robin Lee <rgl@google.com> |
Drop PROHIBIT_NON_VPN priority 11500 -> 12500 So that the rule can be kept up 100% of the time instead of dropping it when VPN comes on. Bug: 26694104 Change-Id: I1df6b8f588e54d72e34dbcbd15492513e07fac3d
/system/netd/server/RouteController.cpp
|
c125fe43c194128167db7a2a82b736b1357945d8 |
|
02-May-2016 |
Robin Lee <rgl@google.com> |
Restore ACT_UNREACHABLE This got lost in between I7d9752e86fa1a4564c622152a5be6ce2c1eda150 and If23df0760c6eb0ad137fc26c5124e48edf23b722. Which broke creating the UNREACHABLE network, also breaking the dummy network which should be created after it. Fix: 28304838 Change-Id: I31c4ca9c3f53d6162b50e5bc46e27cfcd1b6a314
/system/netd/server/RouteController.cpp
|
b8087363143050d214d48e5620a330776ca95a69 |
|
30-Mar-2016 |
Robin Lee <rgl@google.com> |
Server API to only allow networking by VPN apps Secure virtual networks already create rules to route all traffic into theirselves. This depends on the secure network already existing. API creates an ip rule at a priority level below SECURE_VPN which can catch traffic before VPN comes up, if it is a requirement that no traffic ever leaves without first going through VPN. Bug: 26694104 Bug: 26354134 Change-Id: If23df0760c6eb0ad137fc26c5124e48edf23b722
/system/netd/server/RouteController.cpp
|
4ef94642636182e68495f606a65c00f8a830aad4 |
|
01-Apr-2016 |
Robin Lee <rgl@google.com> |
Have modifyIpRule take an explicit action Instead of inferring from the priority what the action should be. Bug: 26694104 Change-Id: I7d9752e86fa1a4564c622152a5be6ce2c1eda150
/system/netd/server/RouteController.cpp
|
f65122c81c824940ba93666d961c8d3fd76f3a9c |
|
12-Feb-2016 |
Evgenii Stepanov <eugenis@google.com> |
Workaround ASan false positive in RouteController. Bug: 27037723 Change-Id: I40e7f0d07652aeb6484de5f963a7698b6805d582 (cherry picked from commit dfde1d6c6c397e437adf937a1718784d9cb2c0cf)
/system/netd/server/RouteController.cpp
|
bbd5626b3d0994ff0ecbfceac75f6dc4abfb55c6 |
|
05-Dec-2015 |
Elliott Hughes <enh@google.com> |
Track rename from base/ to android-base/. Change-Id: Ice6d43c0f9b16b8fb441158a0f7344dfbf969dea
/system/netd/server/RouteController.cpp
|
5407e14fd3d81bb76f94221b4a359faa2806de65 |
|
16-Mar-2015 |
Dan Albert <danalbert@google.com> |
Revert "Revert "Update for libbase."" This reverts commit 4a0ab5ff4a87cfc4a987da99546b01e44875a2e5. (cherry picked from commit 3e87c785434fdfed2fb00496cb391c411a426bdd) Change-Id: I042f485f3cc84206766298853491ddd26dbba13f
/system/netd/server/RouteController.cpp
|
e298ded6ade9744f2a79cae045b5c324886262f4 |
|
16-Mar-2015 |
Nicolas Geoffray <ngeoffray@google.com> |
resolved conflicts for merge of 6066d418 to master Change-Id: I2aa9721365e96c363648dd8e9e15718ed50e3c12
|
4a0ab5ff4a87cfc4a987da99546b01e44875a2e5 |
|
16-Mar-2015 |
Nicolas Geoffray <ngeoffray@google.com> |
Revert "Update for libbase." Breaks internal master. This reverts commit b67219a71d1d896bcb34c4a7a797824b88515b2c. Change-Id: I43145f0724ad2d669b65d20b6fd6ccc44b8f0a4f
/system/netd/server/RouteController.cpp
|
a4614fe5bfaafd0ff6be60ddb6fd135f99f5a5a5 |
|
16-Mar-2015 |
Vinit Deshpande <vinitd@google.com> |
Merge remote-tracking branch 'goog/mirror-m-wireless-internal-release' Change-Id: I51337014e2851f47dd5e183c4bfdf39bafa59942
|
b67219a71d1d896bcb34c4a7a797824b88515b2c |
|
14-Mar-2015 |
Dan Albert <danalbert@google.com> |
Update for libbase. StringPrintf and the string based file I/O are being moved to libbase. Change-Id: I765d9e53f65a76d318d9d0d9503403fc092254d5
/system/netd/server/RouteController.cpp
|
6b6f25fa4c135d477bcaf0bb50305a5d9aee92e3 |
|
03-Mar-2015 |
Lorenzo Colitti <lorenzo@google.com> |
Flush tethering rules on interface remove. Bug: 19500693 Change-Id: I25b7942784ec026d30c60273c9e13e34d082d25a
/system/netd/server/RouteController.cpp
|
57947f02c00bb03651e3f9427c880211c689db7f |
|
27-Feb-2015 |
Lorenzo Colitti <lorenzo@google.com> |
Add oif rules that allow UID 0 to bypass the VPN. This is needed for wifi calling so that the kernel (which does not set marks) can tee packets towards the modem. It also fixes things like not being able to reply to DHCP requests from tethered clients when a VPN is up. System apps can already bypass the VPN using explicit marks, so allowing UID 0 to do so does not create additional bypass VPN issues. Bug: 19500693 Change-Id: Ie324026893637e9bd8e7aa65a37579569390e7b7
/system/netd/server/RouteController.cpp
|
5ad4e98f7b566ffde39491ee4e80d4a15507f053 |
|
26-Feb-2015 |
Lorenzo Colitti <lorenzo@google.com> |
Make the VPN rule only to originated, not forwarded, traffic. Currently the VPN rule for the primary user will match every forwarded packet on the system, because it specifies a UID range that includes 0, and forwarded packets have UID 0. Use "iif lo" to limit the rule match to locally-originated traffic. This requires a kernel that sets the loopback ifindex. when originating packets. Anything based on 3.10 is fine, but devices using 3.4 will need a one-line change for IPv6. Bug: 19500693 Change-Id: Iaab88bed62716dc1cea33b45c4e258f6b3bfc9d0
/system/netd/server/RouteController.cpp
|
3667936aadcabddc708797ac38ce1ffb2f992cb3 |
|
25-Feb-2015 |
Lorenzo Colitti <lorenzo@google.com> |
Add a dummy network that discards all packets. Bug: 19500693 Change-Id: Ic25f2d8c481f1528e887e43ca3fa868189582110
/system/netd/server/RouteController.cpp
|
bd37832f1843ed78f64604e5627cf952ac9614ba |
|
04-Feb-2015 |
Elliott Hughes <enh@google.com> |
Switch writing to <utils/file.h>. Change-Id: Idb2de24414f4dd8e926e625b62e4d12152dc4527
/system/netd/server/RouteController.cpp
|
53ea9cadf6cc5f8be1c16b5b6b660cd7366fd3f0 |
|
31-Jan-2015 |
Nick Kralevich <nnk@google.com> |
Avoid leaking file descriptors Add O_CLOEXEC on open() calls, and SOCK_CLOEXEC on socket calls. This avoids leaking file descriptors across execs. Addresses the following SELinux denial: audit(1422740213.283:8): avc: denied { read write } for pid=2597 comm="clatd" path="socket:[6709]" dev="sockfs" ino=6709 scontext=u:r:clatd:s0 tcontext=u:r:netd:s0 tclass=netlink_socket and allows the removal of some other SELinux rules which were inappropriately added because of leaking file descriptors. Change-Id: I9c180488ea1969d610e488f967a7276a672bb477
/system/netd/server/RouteController.cpp
|
0321315d4e94dacd5ef2e0de217059cbc72d803d |
|
30-Oct-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Don't fail when trying to add routes that already exist. Previously, we suppressed failures for the special case of requestRouteToHost() being called multiple times. Turns out that other parts of the system also try to add duplicate routes, so just suppress EEXIST errors in general (as far as adding routes is concerned). For example, this happens when the WiFi P2P DHCP client renews its lease and blindly requests to add a route that it had already added before. (cherry picked from commit 64166e7666e3cc7f4b9c715f2b4e19d28ae44c5a) Bug: 17205769 Change-Id: I11d50052f616cb48a912d647b8024ccef01b736d
/system/netd/server/RouteController.cpp
|
aa1be2b3d24d99f3ccb98ff4fbb2a81b63587eff |
|
06-Jan-2015 |
Dan Albert <danalbert@google.com> |
Fix missing errno.h includes after libc cleanup. These issues hadn't been found yet because a libc++ header was unconditionally pulling in errno.h. I've fixed the libc++ header now. Change-Id: Ib096634cdd231fc75bf7548e4b99babc7442dc53
/system/netd/server/RouteController.cpp
|
64166e7666e3cc7f4b9c715f2b4e19d28ae44c5a |
|
30-Oct-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Don't fail when trying to add routes that already exist. Previously, we suppressed failures for the special case of requestRouteToHost() being called multiple times. Turns out that other parts of the system also try to add duplicate routes, so just suppress EEXIST errors in general (as far as adding routes is concerned). For example, this happens when the WiFi P2P DHCP client renews its lease and blindly requests to add a route that it had already added before. Bug: 17205769 Change-Id: I3de557ddb82c95899623aa31b4b3ec7c955f5609
/system/netd/server/RouteController.cpp
|
4c95a125e0930c112555437589f7620575482095 |
|
18-Sep-2014 |
Lorenzo Colitti <lorenzo@google.com> |
Support manipulating throw routes. We already supported unreachable routes. Throw routes are necessary so we can exempt the VPN endpoint from being routed through the VPN in legacy VPN modes that do not pass traffic through a tun or ppp interface but just directly appply IPsec transformations to outgoing packets. Bug: 17462989 Change-Id: I8635472ca3e96ec2866af2de48e6260ab2da13fb
/system/netd/server/RouteController.cpp
|
99286fe1ef6fc325c28dd10b651b5adedd549495 |
|
12-Aug-2014 |
Lorenzo Colitti <lorenzo@google.com> |
Make destroying networks more robust. 1. Retry route flushes if they fail. 2. Make destroyNetwork ignore (but return) errors. Bug: 16944962 Change-Id: I26301613437d7cc373ff64955fd44d716e9982b9
/system/netd/server/RouteController.cpp
|
db74dba7ccfe9e9504e0acd440a23fed96682842 |
|
29-Jul-2014 |
Lorenzo Colitti <lorenzo@google.com> |
Stop copying directly-connected routes to the main table, #2. For a long time we have thought that copying directly-connected routes to the main table was necessary to add gatewayed routes to other routing tables. However, this is not necessary when the directly-connected routes are properly created with "scope link" as we do in http://ag/513100 . Delete the copying code, but don't delete the rule that looks up the main table or the code that dumps it. The main table is used for things like cell networking, because the RIL emulates cell networks, which are actually point-to-point, as directly connected broadcast subnets (e.g., a /30 or a /27) with a fake default gateway. The directly-connected route that covers the fake default gateway is implicitly created by adding the IP address, but it's in the main table, so we can't add the default route without looking up the main table. Change-Id: I93bd4764ac75fdcc98fa4206c601524100d53fc3
/system/netd/server/RouteController.cpp
|
a2c230520be5fdafce8bbc0b6ee52262f981f75a |
|
29-Jul-2014 |
Lorenzo Colitti <lorenzo@google.com> |
Revert "Stop copying directly-connected routes to the main table." This reverts commit 2f5ea0e99e9a436cd43901b1772b77a410a62f8d. Change-Id: I1fe1df0249714cb650a34fae56476236ac0108e3
/system/netd/server/RouteController.cpp
|
2f5ea0e99e9a436cd43901b1772b77a410a62f8d |
|
29-Jul-2014 |
Lorenzo Colitti <lorenzo@google.com> |
Stop copying directly-connected routes to the main table. For a long time we have thought that copying directly-connected routes to the main table was necessary to add gatewayed routes to other routing tables. However, this is not necessary when the directly-connected routes are properly created with "scope link" as we do in http://ag/513100 . Delete the copying code, but keep dumping the main table in bugreports, so we can see if third-party code such as RIL daemons is putting anything in it. Change-Id: Iddd531daaf9881ffd82f0a4b4f6cc857ce8788fd
/system/netd/server/RouteController.cpp
|
2bff72e0cf091f4d71af0c81cfc74e8ebd8c6644 |
|
18-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Add "scope link" when adding routes without a nexthop. This is consistent with what /sbin/ip does, and it makes recursive lookups on secondary tables work even when the main table is empty. This was originally proposed by Sreeram as http://ag/506456 to fix a VPN issue, but then abandoned because it did not fix that particular problem. Bug: 16628572 Change-Id: I85753389c683ae2127b21af722463a35a33b60eb
/system/netd/server/RouteController.cpp
|
060d855a00cb94e8903fd1551c9bf040f42b57d1 |
|
28-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Merge "Prohibit address families by default unless a VPN explicitly allows them." into lmp-dev
|
de5d5df753dd35d852ac47a6174b06eacd0d5523 |
|
27-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Prohibit address families by default unless a VPN explicitly allows them. Bug: 15972465 Change-Id: I3278d94536fefacc86390c1ba4231680f7be8589
/system/netd/server/RouteController.cpp
|
95684ba176a9fe5ea59207d7202e47fa12bbfdbe |
|
23-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Implement support for bypassable VPNs. Bypassable VPNs grab all traffic by default (just like secure VPNs), but: + They allow all apps to choose other networks using the multinetwork APIs. If these other networks are insecure ("untrusted"), they will enforce that the app holds the necessary permissions, such as CHANGE_NETWORK_STATE. + They support consistent routing. If an app has an existing connection over some other network when the bypassable VPN comes up, it's not interrupted. Bug: 15347374 Change-Id: Iaee9c6f6fa8103215738570d2b65d3fcf10343f3
/system/netd/server/RouteController.cpp
|
48e19b037e7e20674048ef76bf31ce65c741347c |
|
23-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Implement the fallthrough rule to support split tunnel VPNs. Change-Id: Ibc48caedb5954c6b12bfa553d978bab56c4b09aa
/system/netd/server/RouteController.cpp
|
111bec203e82bdc9fb2c27df7c232465dffeee5f |
|
23-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Implement the rule to forward traffic to local networks via VPNs. Change-Id: I4bffb2ce854a6fa7d4c0d35b97f123d91c6a84d6
/system/netd/server/RouteController.cpp
|
fa9f4dcd79dcfd24af276263159c5315abb06df6 |
|
23-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Cosmetic: Move some functions around to match rule priority order. Change-Id: I81af639b66ac66272e0fae2d53119de1bfa12e69
/system/netd/server/RouteController.cpp
|
182a26ff95515179b1a7e62a806f90279cdcd9b3 |
|
23-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Remove the oif=iface clause when tethering. The rule is meant to be "iif=inputIface => lookup <table_for_outputIface>", not "iif=foo oif=bar => lookup <table_for_bar>" (the latter would never match because packets coming in on the input interface will not have any output interface binding). Bug: 16242255 Change-Id: I98a2a8ab90765aee833134297b58d4f7a212036f
/system/netd/server/RouteController.cpp
|
b717e74df3571951890cf36ee8bd559501d7fdc4 |
|
19-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Flush routing rules and add an "unreachable" rule on Init(). Without the flush, rules accumulate duplicates when netd is restarted due to a runtime restart. Nothing functionally wrong with having duplicates; it just makes the output of "ip rule" look as though something went wrong in the system. Time to add the unreachable rule, to suss out issues with corner cases. With the flush, there's no more a naked "from main" rule that we need to protect by adding the unreachable rule. But it's a good idea to add the unreachable rule anyway, in case somebody comes along and adds a rule below it later. Change-Id: I975b2221868b7f5366bd7cf60937a82fb4b75913
/system/netd/server/RouteController.cpp
|
87475a1471373b72ffc9f81f17dfd7884723fa86 |
|
16-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Fix WiFi-Direct and Tethering. A LocalNetwork object now always exists in the NetworkController, with a fixed NetId that's guaranteed not to collide with NetIds created by the framework. When routes are added on an interface tracked by the LocalNetwork, they are added to a fixed "local_network" table. When NAT is enabled, we add a special "iif -> oif" tethering rule. Bug: 15413694 Bug: 15413741 Change-Id: I36effc438d5ac193a77174493bf196cb68a5b97a
/system/netd/server/RouteController.cpp
|
b31e085466c95e5e89de6e06ebc3547c85e98242 |
|
12-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Merge "Add default routing tables to rt_tables."
|
bb40d5198943df0e2a88514cbcd82a23a5b0cd97 |
|
11-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Add default routing tables to rt_tables. This is so that these tables also get dumped by bugreport / dumpstate. Change-Id: Ia5ed8a23911d7b34ba964934dec42849f4a73824
/system/netd/server/RouteController.cpp
|
6a773534e7f8541f221f27fb8063af079b1a5936 |
|
11-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Fix tethering in the case of a regular upstream connection. Fixes tethering via Ethernet, Bluetooth and WiFi (hotspot). Tethering when the upstream has a DUN-specific APN is likely still broken (untested). For now, assign a fixed NetId (a hack) until we can change the framework to create a valid NetworkAgent and all that jazz. Bug: 15968336 Bug: 14988803 Change-Id: Idcf4d492d9329a9c87913e27be6dd835a792bea2
/system/netd/server/RouteController.cpp
|
c7d804c1d22db40ac79fde46a032cd359e975f5b |
|
09-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Cosmetic: Move constants into file scope. Change-Id: Ic1398a5867693bb8f1e588e727869ec6a4574432
/system/netd/server/RouteController.cpp
|
4acd34a8e95b1191318216ebad409ec5e1b3d5f0 |
|
08-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Add symbolic table names for routing table numbers. This makes the output from "ip rule" much more readable. Companion changes are in AOSP. Change-Id: I69deb1a64d5d6647470823405bf0cc55b24b22de
/system/netd/server/RouteController.cpp
|
e09b20aee85f1dfd8c18c3d8581ac875d939ba70 |
|
06-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Add full support for UIDs in VPNs. Major: + Implement the functions mentioned in http://go/android-multinetwork-routing correctly, including handling accept(), connect(), setNetworkForSocket() and protect() and supporting functions like canUserSelectNetwork(). + Eliminate the old code path of getting/setting UID ranges through SecondaryTableController (which is currently unused) and mUidMap. Minor: + Rename some methods/variables for clarity and consistency. + Moved some methods in .cpp files to match declaration order in the .h files. Bug: 15409918 Change-Id: Ic6ce3646c58cf645db0d9a53cbeefdd7ffafff93
/system/netd/server/RouteController.cpp
|
5009d5ef3fbcdc69d772b528fd22184b7d605afa |
|
03-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Update routing rules. As per the latest changes to: http://go/android-multinetwork-routing Functional changes: + Add explicit=NO to the implicit network rules, though it's a no-op. + Remove most of the UID=0 (kernel access) rules since they are no longer needed, except in one case to allow access to a VPN. + Add the explicit, protect and permissions bits to the incoming packet mark. + VPNs now don't need an implicit network rule. + Modifying network permissions now modifies the incoming packet mark as well. Cosmetic changes: + Renamed the legacy tables to match their permissions (SYSTEM and NETWORK). + Renamed most functions and methods for clarity and consistency. + Renamed and adjusted some ule priorities. + Move most rule modifications into their own functions, to prevent brittle reliance on the previous state of the fwmark/mask variables. Change-Id: I958a7e158ee918d5254de606fcfa55fe23327438
/system/netd/server/RouteController.cpp
|
ed4bd1f7d219f9f5f56763ea02cf4947e78397f6 |
|
05-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Fix permissions handling. + Rename the permissions as per: http://go/android-multinetwork-routing + Make the SYSTEM permission explicitly include NETWORK. + Grant the SYSTEM permission to system UIDs by default, but allow the framework to override them if necessary. + Move the "string to permission" parsing to CommandListener.cpp, thus allowing us to get rid of Permission.cpp. + There's no need to support multiple permissions string arguments, so tighten that up. Change-Id: I73d51b5e2f44a97e6d5ab5943ff198cebfbcc0c4
/system/netd/server/RouteController.cpp
|
72999d6cfc1df23cd911b85730f1f532fb62bed4 |
|
03-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Fix regressions in flushRoutes(). http://ag/486276 left out a comma, causing the command to be "routeflush" (which is invalid), instead of the correct "route flush". http://ag/495068 changed the order, causing the interface to be removed from the interfaceToIndex map before we are done using it in modifyPerNetworkRules(). Change-Id: I65af0b5763b13e47b48e7e2b81d243dc19e1a03b
/system/netd/server/RouteController.cpp
|
eb27b7ec10faf47a93fbc2863092cc667b05e252 |
|
01-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Fix routing rules. Fix the rules in RouteController as per the latest iteration of the routing design: http://go/android-multinetwork-routing. Changes include: + The legacy tables have to be global. So remove the UID being passed in to modifyRoute() and remove the associated TODOs. + Add UID=0 rules to let the kernel access routes on privileged networks. + Add a UID=0 clause to the directly-connected hack, thus fixing the TODO. + Add the privileged_legacy table just above the legacy table, when overriding the default network. (The same table remains added at the top of the rule chain, to override VPNs, but only for CONNECTIVITY_INTERNAL-privileged apps). Other cosmetic changes: + Update the names and values of the rule priorities. + Move the legacy table IDs to the .h file in anticipation of using them from bugreport / dump commands. + Make 'action' the first parameter consistently. Change-Id: I6634a19ddc8062b2ef55d926c7892fff8c586106
/system/netd/server/RouteController.cpp
|
cf891383224e420d99996f7e63728a7cc902415e |
|
02-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Don't use %zu for uid_t. It's always unsigned int, so %u is correct. Change-Id: I5be1d479b524495037c2aedc8336c794d2698914
/system/netd/server/RouteController.cpp
|
1201e84ebda52d8d82e5385644e9de0923e61aa3 |
|
02-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Use %zu to printf size_t correctly on both 32-bit and 64-bit platforms. Change-Id: I5223e574084fca47606b844d74a99a642c7d66be
/system/netd/server/RouteController.cpp
|
b1425cc09f8a29350520db0d4f489331df5a689b |
|
24-Jun-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Add UID range support to VPNs. This adds the necessary routing rules. Future CLs will add the ability to select the right netId for connect(), setNetworkForSocket(), DNS resolutions, etc. Bug: 15409918 Change-Id: I88a67660d49cecda834dd72ab947fbfed250f09d
/system/netd/server/RouteController.cpp
|
4043f01f8e25f24246efadc710ad7440aab75529 |
|
23-Jun-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Introduce VPN support. This change sets up the basic routing rules for VPNs. It doesn't yet handle UID ranges (that are meant to apply to the VPN) correctly. That's forthcoming in other CLs. Bug: 15409918 Change-Id: I284de04f176dcf6ba702361de6a614266256d04e
/system/netd/server/RouteController.cpp
|
f4f6c8de3f091be4b91a5a9d7f14e8882ec6d502 |
|
23-Jun-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Refactor: Encapsulate permissions and interfaces into a Network class. Currently, there's a lot of logic in NetworkController surrounding events such as interface addition/removal, network creation/destruction and default network change, because these events are interwined. For example, adding an interface means also adding a corresponding default network rule if the interface is being added to the current default network. When we introduce VPNs into this mix, things will get hairy real quick for all this logic in NetworkController. In this refactor, we introduce an abstract base class Network which supports adding and removing interfaces. The main concrete implementation of this is PhysicalNetwork, which allows setting permissions and "default network" state. Since we've moved network permissions into the above class, and user permissions into NetworkController, PermissionsController is unused and has been removed. Also fix a few bugs in RouteController: + Use uidEnd correctly. + Check for all error cases in inet_pton. + Check the return value of android_fork_execvp() correctly. + The "return cmd1() && cmd2()" pattern is wrong. Rewrite that code. Also (non-functional changes): + Remove instantiations of RouteController. It has static methods only. + Reorder some blocks in CommandListener so that the most frequent commands are checked first. + Remove unused paramError() and clearNetworkPreference(). + Change all return codes to int (negative errno) wherever applicable. + Add WARN_UNUSED_RESULT everywhere. + Cleanup some style in RouteController and NetworkController. + Use uid_t instead of unsigned for user IDs. + Add clearer log messages at the source of failures. + Add a check for when fwmark bits are set without corresponding mask bits. Bug: 15409918 Change-Id: Ibba78b0850160f9f3d17d476f16331a6db0025d1
/system/netd/server/RouteController.cpp
|
1077d298655efa7755925e788d49a73e9db10afc |
|
27-Jun-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Don't fail when adding a duplicate legacy route. This only affects calls to requestRouteToHost() by apps. We still fail if the framework itself tries to add a non-legacy duplicate route, since the framework should know better (we can consider relaxing that too in the future). Bug: 15925532 Change-Id: I9ee434277e462d570f88e6fe63a096e5ae41eee9
/system/netd/server/RouteController.cpp
|
72723683be57b6d562dc96cde30cc33cc96b3e82 |
|
26-Jun-2014 |
Lorenzo Colitti <lorenzo@google.com> |
Convert rta_* and fra_* variable names to camelCase. Change-Id: I0ca539ac4c54bb71b033f288fb4229afd71b7989
/system/netd/server/RouteController.cpp
|
5965651602fb8373b75b6ae2d59c6a4d753f2f49 |
|
24-Jun-2014 |
Lorenzo Colitti <lorenzo@google.com> |
Support adding and removing UID rules via netlink. Change-Id: Idae13bceda869261689260759084b8d6ef1ff639
/system/netd/server/RouteController.cpp
|
96f261e8b28048b8cb48f5a4e81822c73bb813f4 |
|
23-Jun-2014 |
Lorenzo Colitti <lorenzo@google.com> |
Pass rule modification errors back to CommandListener. Change-Id: If01334dccad8b6230648713a57fd58be180ac66b
/system/netd/server/RouteController.cpp
|
4753afd79e130d5f1c888f549c36b4da92dbe680 |
|
20-Jun-2014 |
Lorenzo Colitti <lorenzo@google.com> |
Use netlink to add/delete rules as well as routes. Also change the indentation of the rtattrs used in modifyIpRoute to make it easier to see what attributes are being used and in what sequence. This change does not yet pass the errors back to CommandListener; that is done in the next change in the series. Change-Id: Ib2e174386c63cb0647d838d9c7d731cd6df39c4f
/system/netd/server/RouteController.cpp
|
7f972fb1cd3c26af76779a7a3220b9cf5fb63a0a |
|
25-Jun-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Unrevert the 'revert the "talk to netlink directly" change.' http://ag/486277 was reverted in http://ag/491263 and is being unreverted in this change. The bug in the original CL was a typo ("interface" instead of the desired "ifindex"), which is now fixed. Bug: 15840054 Change-Id: If66987c74cc86e9ba4f7a35d36f0a39afe939a68
/system/netd/server/RouteController.cpp
|
ab359feb1a4d3a1898e32a7da47dcde3da4c1ed6 |
|
25-Jun-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Temporarily revert the "talk to netlink directly" change. The change being reverted is http://ag/486277. Instead, use /sbin/ip again. The code to talk to netlink fails on volantis. I.e., instead of this: $ ip route show table 1006 default via 100.110.191.254 dev wlan0 100.110.128.0/18 dev wlan0 scope link we end up with this: $ ip route show table 1006 default dev wlan0 proto static 100.110.128.0/18 dev wlan0 proto static Notice the lack of the nexthop and the addition of "proto static". I think the netlink message is somehow not properly aligned on volantis, causing the kernel to misinterpret it. Bug: 15840054 Change-Id: Ief60473e337410f7cb35890de0a5a74a21723a41
/system/netd/server/RouteController.cpp
|
f7fc8eccb0a6a4fbca4cafdf53f5c167c8f1d755 |
|
17-Jun-2014 |
Lorenzo Colitti <lorenzo@google.com> |
Pass route add/delete errors back to CommandListener. Change-Id: Id1d6d578963080e141f71bc1303801fc53bce40a
/system/netd/server/RouteController.cpp
|
ba25df989b48f36b784ad39307a49a4fd9c3fd66 |
|
17-Jun-2014 |
Lorenzo Colitti <lorenzo@google.com> |
Use native netlink code instead of /sbin/ip to manipulate routes Shelling out to /sbin/ip is slow, and more importantly it does not preserve the error messages returned by the kernel when adding or deleting a route fails. Instead, use netlink directly. This change does not yet pass the errors back to CommandListener; that is done in the next change in the series. Change-Id: I5ad3c8583580857be6386a620ff5c4f3872d685b
/system/netd/server/RouteController.cpp
|
357e5629bb4c745296ab40340ec8679372337155 |
|
17-Jun-2014 |
Lorenzo Colitti <lorenzo@google.com> |
Flush both IPv4 and IPv6 routes. The current code unintentionally flushes only IPv4 routes because it reuses a function that is normally used to add and remove routes (where the IP version is implicitly specified by the route to add or remove). Instead of fixing the runIpRouteCommand function, add a new flushIpRoutes function because runIpRouteCommand will be replaced by a netlink implementation in an upcoming CL. Change-Id: Ie96ae4124baca3edb8e0d0841e7abadb6b3ee9ab
/system/netd/server/RouteController.cpp
|
a561e121c724e9163b2e256e15eef660e3a326da |
|
12-Jun-2014 |
Paul Jensen <pauljensen@google.com> |
Cache interface indices in case interfaces go away. Without caching them netd will fail to remove rules and routes, for example, when the Bluetooth reverse-tether interface ("bt-pan") goes away. bug:15407087 Change-Id: I99fcf00f9645a0b029455516a705b70110f62ff6
/system/netd/server/RouteController.cpp
|
ac19883dd50d5310d1fddf996ee227075a103ecb |
|
31-May-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Fix build. Change-Id: If170e46ff92c6a972bc1c2d838b1ac0eea6e23de
/system/netd/server/RouteController.cpp
|
9a4c1128b274ee2a6ffab3d50d08aaf0bc2fb2ff |
|
30-May-2014 |
Sreeram Ramachandran <sreeram@google.com> |
am 82eab785: Support legacy routes added by apps via ensureRouteToHost(). * commit '82eab785bd5cb2eff0a263f5b0dcde13e9139588': Support legacy routes added by apps via ensureRouteToHost().
|
82eab785bd5cb2eff0a263f5b0dcde13e9139588 |
|
22-May-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Support legacy routes added by apps via ensureRouteToHost(). This adds the routes to two fixed tables: + LEGACY, which has higher priority than other non-explicit lookup tables (per-network and default network). + PRIVILEGED_LEGACY, available only to system apps and has higher priority than VPNs (system apps are those with the CONNECTIVITY_INTERNAL permission). This will be changed to per-UID tables once the kernel supports UID-based routing, so that these legacy routes are scoped to each app and not global. Also, fix a TODO: The framework (as of http://ag/471599) will not set the gateway argument if it's actually a direct-connected route. Change-Id: I0ee1ca89fdc859d75a89021ca8c1902811b1e4a9 (cherry picked from commit 38b7af1f2cb9579895465fabc37865f5dadcac25)
/system/netd/server/RouteController.cpp
|
56afacf838d24cf8e54d2cf0d8ab9182ab704125 |
|
29-May-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Turn on C++11 and make all warnings into errors. As a consequence: + Comment out the names of all unused parameters. + Remove all unused variables and functions. In server/Android.mk, there are a couple of non-trivial changes: + Use libcxx instead of stlport. This is needed to fix a bunch of errors due to specifying -std=c++11. + LOCAL_SHARED_LIBRARIES is sorted. Technically, the order in which libraries are listed has an effect on linking, but nobody should be doing such brittle things anyway. Change-Id: I0aff5b745e04609da23144d0e8be4c5694321b8b
/system/netd/server/RouteController.cpp
|
38b7af1f2cb9579895465fabc37865f5dadcac25 |
|
22-May-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Support legacy routes added by apps via ensureRouteToHost(). This adds the routes to two fixed tables: + LEGACY, which has higher priority than other non-explicit lookup tables (per-network and default network). + PRIVILEGED_LEGACY, available only to system apps and has higher priority than VPNs (system apps are those with the CONNECTIVITY_INTERNAL permission). This will be changed to per-UID tables once the kernel supports UID-based routing, so that these legacy routes are scoped to each app and not global. Also, fix a TODO: The framework (as of http://ag/471599) will not set the gateway argument if it's actually a direct-connected route. Change-Id: I0ee1ca89fdc859d75a89021ca8c1902811b1e4a9
/system/netd/server/RouteController.cpp
|
72604075e74af459fb4637404fbf030422c6b6b6 |
|
21-May-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Rework the determination of a "valid network". + isNetIdValid() doesn't make much sense. What we want is whether the netId has actually been created (via createNetwork()). + It isn't an error to call deleteNetwork() or setDefaultNetwork() even when there are no interfaces assigned to the network. + Secure all accesses to the maps in PermissionsController with locks; they are called from many threads (CommandListener, DnsProxyListener and FwmarkServer). + Remove the redundant mIfaceNetidMap. + Minor cosmetic changes to things such as #includes and log messages. Change-Id: Ieb154589b24f00ba8067eaaec4def3534aec4923
/system/netd/server/RouteController.cpp
|
f4cfad361175a7f9ccf4d41e76a9b289c3c3da22 |
|
21-May-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Move netd_client into netd. Change-Id: Ie4b6b303225c93f2448a503d6ea9cebb552cbad5
/system/netd/server/RouteController.cpp
|