Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / system / netd / 0aa3dd68126ccde324d82070cb15dea262c7edb5 / . / server / RouteController.h
blob: 656fc21db31534d760808954d5f15a16685edc51 [file] [log] [blame]
Sreeram Ramachandrand736d4b2014-03-26 18:33:47 -0700[diff] [blame]1/*
2 * Copyright (C) 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
Bernie Innocenti762dcf42019-06-14 19:52:49 +0900[diff] [blame]17#pragma once
Sreeram Ramachandrand736d4b2014-03-26 18:33:47 -0700[diff] [blame]18
Bernie Innocenti762dcf42019-06-14 19:52:49 +0900[diff] [blame]19#include "NetdConstants.h" // IptablesTarget
Sreeram Ramachandran5c181bf2014-04-07 14:10:04 -0700[diff] [blame]20#include "Permission.h"
21
Luke Huang534980c2018-07-06 17:50:11 +0800[diff] [blame]22#include <android-base/thread_annotations.h>
23
Lorenzo Colitti60367db2017-02-13 16:31:45 +0900[diff] [blame]24#include <linux/netlink.h>
Luke Huangd1ee4622018-06-29 13:49:58 +0800[diff] [blame]25#include <sys/types.h>
26#include <map>
Luke Huang534980c2018-07-06 17:50:11 +0800[diff] [blame]27#include <mutex>
Sreeram Ramachandranf4f6c8d2014-06-23 09:54:06 -0700[diff] [blame]28
Bernie Innocenti762dcf42019-06-14 19:52:49 +0900[diff] [blame]29namespace android::net {
Lorenzo Colitti7035f222017-02-13 18:29:00 +0900[diff] [blame]30
Sreeram Ramachandranb1425cc2014-06-23 18:54:27 -0700[diff] [blame]31class UidRanges;
32
Sreeram Ramachandran5c181bf2014-04-07 14:10:04 -0700[diff] [blame]33class RouteController {
34public:
Sreeram Ramachandran38b7af12014-05-22 14:21:49 -0700[diff] [blame]35 // How the routing table number is determined for route modification requests.
36 enum TableType {
Sreeram Ramachandran5009d5e2014-07-03 12:20:48 -0700[diff] [blame]37 INTERFACE, // Compute the table number based on the interface index.
Sreeram Ramachandran87475a12014-07-15 16:20:28 -0700[diff] [blame]38 LOCAL_NETWORK, // A fixed table used for routes to directly-connected clients/peers.
Sreeram Ramachandran5009d5e2014-07-03 12:20:48 -0700[diff] [blame]39 LEGACY_NETWORK, // Use a fixed table that's used to override the default network.
40 LEGACY_SYSTEM, // A fixed table, only modifiable by system apps; overrides VPNs too.
Sreeram Ramachandran38b7af12014-05-22 14:21:49 -0700[diff] [blame]41 };
42
Sreeram Ramachandrana4811802014-04-10 12:10:24 -0700[diff] [blame]43 static const int ROUTE_TABLE_OFFSET_FROM_INDEX = 1000;
44
Lorenzo Colittid78843e2017-03-27 05:52:31 +0900[diff] [blame]45 static const char* const LOCAL_MANGLE_INPUT;
46
Bernie Innocenti762dcf42019-06-14 19:52:49 +0900[diff] [blame]47 [[nodiscard]] static int Init(unsigned localNetId);
Sreeram Ramachandran8fe9c8e2014-04-16 12:08:05 -0700[diff] [blame]48
Rubin Xu6c00b612018-04-27 14:27:59 +0100[diff] [blame]49 // Returns an ifindex given the interface name, by looking up in sInterfaceToTable.
50 // This is currently only used by NetworkController::addInterfaceToNetwork
51 // and should probabaly be changed to passing the ifindex into RouteController instead.
52 // We do this instead of calling if_nametoindex because the same interface name can
53 // correspond to different interface indices over time. This way, even if the interface
54 // index has changed, we can still free any map entries indexed by the ifindex that was
55 // used to add them.
Luke Huang534980c2018-07-06 17:50:11 +0800[diff] [blame]56 static uint32_t getIfIndex(const char* interface) EXCLUDES(sInterfaceToTableLock);
Rubin Xu6c00b612018-04-27 14:27:59 +0100[diff] [blame]57
Bernie Innocenti762dcf42019-06-14 19:52:49 +0900[diff] [blame]58 [[nodiscard]] static int addInterfaceToLocalNetwork(unsigned netId, const char* interface);
59 [[nodiscard]] static int removeInterfaceFromLocalNetwork(unsigned netId, const char* interface);
Sreeram Ramachandran6a773532014-07-11 09:10:20 -0700[diff] [blame]60
Bernie Innocenti762dcf42019-06-14 19:52:49 +0900[diff] [blame]61 [[nodiscard]] static int addInterfaceToPhysicalNetwork(unsigned netId, const char* interface,
62 Permission permission);
63 [[nodiscard]] static int removeInterfaceFromPhysicalNetwork(unsigned netId,
64 const char* interface,
65 Permission permission);
Sreeram Ramachandran9c0d3132014-04-10 20:35:04 -0700[diff] [blame]66
Bernie Innocenti762dcf42019-06-14 19:52:49 +0900[diff] [blame]67 [[nodiscard]] static int addInterfaceToVirtualNetwork(unsigned netId, const char* interface,
68 bool secure, const UidRanges& uidRanges);
69 [[nodiscard]] static int removeInterfaceFromVirtualNetwork(unsigned netId,
70 const char* interface, bool secure,
71 const UidRanges& uidRanges);
Sreeram Ramachandran4043f012014-06-23 12:41:37 -0700[diff] [blame]72
Bernie Innocenti762dcf42019-06-14 19:52:49 +0900[diff] [blame]73 [[nodiscard]] static int modifyPhysicalNetworkPermission(unsigned netId, const char* interface,
74 Permission oldPermission,
75 Permission newPermission);
Sreeram Ramachandranf4f6c8d2014-06-23 09:54:06 -0700[diff] [blame]76
Bernie Innocenti762dcf42019-06-14 19:52:49 +0900[diff] [blame]77 [[nodiscard]] static int addUsersToVirtualNetwork(unsigned netId, const char* interface,
78 bool secure, const UidRanges& uidRanges);
79 [[nodiscard]] static int removeUsersFromVirtualNetwork(unsigned netId, const char* interface,
80 bool secure, const UidRanges& uidRanges);
Sreeram Ramachandran7619e1b2014-04-15 14:23:08 -0700[diff] [blame]81
Bernie Innocenti762dcf42019-06-14 19:52:49 +0900[diff] [blame]82 [[nodiscard]] static int addUsersToRejectNonSecureNetworkRule(const UidRanges& uidRanges);
83 [[nodiscard]] static int removeUsersFromRejectNonSecureNetworkRule(const UidRanges& uidRanges);
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]84
Bernie Innocenti762dcf42019-06-14 19:52:49 +0900[diff] [blame]85 [[nodiscard]] static int addInterfaceToDefaultNetwork(const char* interface,
86 Permission permission);
87 [[nodiscard]] static int removeInterfaceFromDefaultNetwork(const char* interface,
88 Permission permission);
Sreeram Ramachandranb1425cc2014-06-23 18:54:27 -0700[diff] [blame]89
Sreeram Ramachandrande5d5df2014-07-26 18:43:25 -0700[diff] [blame]90 // |nexthop| can be NULL (to indicate a directly-connected route), "unreachable" (to indicate a
Lorenzo Colitti4c95a122014-09-18 16:01:50 +0900[diff] [blame]91 // route that's blocked), "throw" (to indicate the lack of a match), or a regular IP address.
Bernie Innocenti762dcf42019-06-14 19:52:49 +0900[diff] [blame]92 [[nodiscard]] static int addRoute(const char* interface, const char* destination,
Tyler Wearfa94a272019-12-05 15:01:48 -0800[diff] [blame]93 const char* nexthop, TableType tableType, int mtu);
Bernie Innocenti762dcf42019-06-14 19:52:49 +0900[diff] [blame]94 [[nodiscard]] static int removeRoute(const char* interface, const char* destination,
95 const char* nexthop, TableType tableType);
Tyler Wearfa94a272019-12-05 15:01:48 -0800[diff] [blame]96 [[nodiscard]] static int updateRoute(const char* interface, const char* destination,
97 const char* nexthop, TableType tableType, int mtu);
Sreeram Ramachandran87475a12014-07-15 16:20:28 -0700[diff] [blame]98
Bernie Innocenti762dcf42019-06-14 19:52:49 +0900[diff] [blame]99 [[nodiscard]] static int enableTethering(const char* inputInterface,
100 const char* outputInterface);
101 [[nodiscard]] static int disableTethering(const char* inputInterface,
102 const char* outputInterface);
Sreeram Ramachandran48e19b02014-07-22 22:23:20 -0700[diff] [blame]103
Bernie Innocenti762dcf42019-06-14 19:52:49 +0900[diff] [blame]104 [[nodiscard]] static int addVirtualNetworkFallthrough(unsigned vpnNetId,
105 const char* physicalInterface,
106 Permission permission);
107 [[nodiscard]] static int removeVirtualNetworkFallthrough(unsigned vpnNetId,
108 const char* physicalInterface,
109 Permission permission);
Lorenzo Colittic1306ea2017-03-27 05:52:31 +0900[diff] [blame]110
111 // For testing.
112 static int (*iptablesRestoreCommandFunction)(IptablesTarget, const std::string&,
113 const std::string&, std::string *);
Lorenzo Colitti02cb80a2017-10-30 19:21:06 +0900[diff] [blame]114
115private:
116 friend class RouteControllerTest;
Luke Huang534980c2018-07-06 17:50:11 +0800[diff] [blame]117
118 static std::mutex sInterfaceToTableLock;
119 static std::map<std::string, uint32_t> sInterfaceToTable GUARDED_BY(sInterfaceToTableLock);
Lorenzo Colitti02cb80a2017-10-30 19:21:06 +0900[diff] [blame]120
121 static int configureDummyNetwork();
Bernie Innocenti762dcf42019-06-14 19:52:49 +0900[diff] [blame]122 [[nodiscard]] static int flushRoutes(const char* interface) EXCLUDES(sInterfaceToTableLock);
123 [[nodiscard]] static int flushRoutes(uint32_t table);
124 static uint32_t getRouteTableForInterfaceLocked(const char* interface)
Luke Huang534980c2018-07-06 17:50:11 +0800[diff] [blame]125 REQUIRES(sInterfaceToTableLock);
126 static uint32_t getRouteTableForInterface(const char *interface) EXCLUDES(sInterfaceToTableLock);
Lorenzo Colitti02cb80a2017-10-30 19:21:06 +0900[diff] [blame]127 static int modifyDefaultNetwork(uint16_t action, const char* interface, Permission permission);
128 static int modifyPhysicalNetwork(unsigned netId, const char* interface, Permission permission,
129 bool add);
Tyler Wearfa94a272019-12-05 15:01:48 -0800[diff] [blame]130 static int modifyRoute(uint16_t action, uint16_t flags, const char* interface,
131 const char* destination, const char* nexthop, TableType tableType,
132 int mtu);
Lorenzo Colitti02cb80a2017-10-30 19:21:06 +0900[diff] [blame]133 static int modifyTetheredNetwork(uint16_t action, const char* inputInterface,
134 const char* outputInterface);
135 static int modifyVpnFallthroughRule(uint16_t action, unsigned vpnNetId,
136 const char* physicalInterface, Permission permission);
137 static int modifyVirtualNetwork(unsigned netId, const char* interface,
138 const UidRanges& uidRanges, bool secure, bool add,
139 bool modifyNonUidBasedRules);
Luke Huang534980c2018-07-06 17:50:11 +0800[diff] [blame]140 static void updateTableNamesFile() EXCLUDES(sInterfaceToTableLock);
Sreeram Ramachandran5c181bf2014-04-07 14:10:04 -0700[diff] [blame]141};
142
Lorenzo Colitti60367db2017-02-13 16:31:45 +0900[diff] [blame]143// Public because they are called by by RouteControllerTest.cpp.
144// TODO: come up with a scheme of unit testing this code that does not rely on making all its
145// functions public.
Tyler Wearfa94a272019-12-05 15:01:48 -0800[diff] [blame]146[[nodiscard]] int modifyIpRoute(uint16_t action, uint16_t flags, uint32_t table,
147 const char* interface, const char* destination, const char* nexthop,
148 uint32_t mtu);
Lorenzo Colitti60367db2017-02-13 16:31:45 +0900[diff] [blame]149uint32_t getRulePriority(const nlmsghdr *nlh);
Bernie Innocenti762dcf42019-06-14 19:52:49 +0900[diff] [blame]150[[nodiscard]] int modifyIncomingPacketMark(unsigned netId, const char* interface,
151 Permission permission, bool add);
Lorenzo Colitti60367db2017-02-13 16:31:45 +0900[diff] [blame]152
Bernie Innocenti762dcf42019-06-14 19:52:49 +0900[diff] [blame]153} // namespace android::net