Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / system / netd / e874b7f00ce5bd34a750ed1eb021f50679c6535d / . / server / WakeupController.cpp
blob: 07ab87abaa8bc389421f6ab95bdf5e1e773771d5 [file] [log] [blame]
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]1/*
2 * Copyright (C) 2017 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#define LOG_TAG "WakeupController"
18
Hugo Benichie874b7f2017-10-12 21:34:46 +0900[diff] [blame^]19#include <arpa/inet.h>
20#include <iostream>
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]21#include <linux/netfilter/nfnetlink.h>
22#include <linux/netfilter/nfnetlink_log.h>
Hugo Benichie874b7f2017-10-12 21:34:46 +0900[diff] [blame^]23#include <sys/socket.h>
24#include <netinet/if_ether.h>
25#include <netinet/in.h>
26#include <netinet/ip.h>
27#include <netinet/ip6.h>
28#include <netinet/tcp.h>
29#include <netinet/udp.h>
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]30
Hugo Benichie874b7f2017-10-12 21:34:46 +0900[diff] [blame^]31#include <android-base/strings.h>
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]32#include <android-base/stringprintf.h>
33#include <cutils/log.h>
34#include <netdutils/Netfilter.h>
35#include <netdutils/Netlink.h>
36
37#include "IptablesRestoreController.h"
38#include "NetlinkManager.h"
39#include "WakeupController.h"
40
41namespace android {
42namespace net {
43
44using base::StringPrintf;
45using netdutils::Slice;
46using netdutils::Status;
47
48const char WakeupController::LOCAL_MANGLE_INPUT[] = "wakeupctrl_mangle_INPUT";
49
Hugo Benichie874b7f2017-10-12 21:34:46 +0900[diff] [blame^]50const uint32_t WakeupController::kDefaultPacketCopyRange =
51 sizeof(struct tcphdr) + sizeof(struct ip6_hdr);
52
53static void extractIpPorts(WakeupController::ReportArgs& args, Slice payload) {
54 switch (args.ipNextHeader) {
55 case IPPROTO_TCP: {
56 struct tcphdr header;
57 if (extract(payload, header) < sizeof(struct tcphdr)) {
58 return;
59 }
60 args.srcPort = ntohs(header.th_sport);
61 args.dstPort = ntohs(header.th_dport);
62 break;
63 }
64 case IPPROTO_UDP: {
65 struct udphdr header;
66 if (extract(payload, header) < sizeof(struct udphdr)) {
67 return;
68 }
69 args.srcPort = ntohs(header.uh_sport);
70 args.dstPort = ntohs(header.uh_dport);
71 break;
72 }
73 default:
74 break;
75 }
76}
77
78static void extractIpHeader(WakeupController::ReportArgs& args, Slice payload) {
79 switch (args.ethertype) {
80 case ETH_P_IP: {
81 struct iphdr header;
82 if (extract(payload, header) < sizeof(struct iphdr)) {
83 return;
84 }
85 args.ipNextHeader = header.protocol;
86 char addr[INET_ADDRSTRLEN] = {};
87 inet_ntop(AF_INET, &header.saddr, addr, sizeof(addr));
88 args.srcIp = addr;
89 inet_ntop(AF_INET, &header.daddr, addr, sizeof(addr));
90 args.dstIp = addr;
91 extractIpPorts(args, drop(payload, header.ihl * 4)); // ipv4 IHL counts 32 bit words.
92 break;
93 }
94 case ETH_P_IPV6: {
95 struct ip6_hdr header;
96 if (extract(payload, header) < sizeof(struct ip6_hdr)) {
97 return;
98 }
99 args.ipNextHeader = header.ip6_nxt;
100 char addr[INET6_ADDRSTRLEN] = {};
101 inet_ntop(AF_INET6, &header.ip6_src, addr, sizeof(addr));
102 args.srcIp = addr;
103 inet_ntop(AF_INET6, &header.ip6_dst, addr, sizeof(addr));
104 args.dstIp = addr;
105 // TODO: also deal with extension headers
106 if (args.ipNextHeader == IPPROTO_TCP || args.ipNextHeader == IPPROTO_UDP) {
107 extractIpPorts(args, drop(payload, sizeof(header)));
108 }
109 break;
110 }
111 default:
112 break;
113 }
114}
115
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]116WakeupController::~WakeupController() {
117 expectOk(mListener->unsubscribe(NetlinkManager::NFLOG_WAKEUP_GROUP));
118}
119
120netdutils::Status WakeupController::init(NFLogListenerInterface* listener) {
121 mListener = listener;
122 const auto msgHandler = [this](const nlmsghdr&, const nfgenmsg&, const Slice msg) {
Hugo Benichie874b7f2017-10-12 21:34:46 +0900[diff] [blame^]123
124 struct WakeupController::ReportArgs args = {
125 .uid = -1,
126 .gid = -1,
127 .ethertype = -1,
128 .ipNextHeader = -1,
129 .srcPort = -1,
130 .dstPort = -1,
131 // and all other fields set to 0 as the default
132 };
133 bool parseAgain = false;
134
135 const auto attrHandler = [&args, &parseAgain](const nlattr attr, const Slice payload) {
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]136 switch (attr.nla_type) {
137 case NFULA_TIMESTAMP: {
Hugo Benichi5a73b942017-09-07 10:35:54 +0900[diff] [blame]138 timespec ts = {};
139 extract(payload, ts);
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]140 constexpr uint64_t kNsPerS = 1000000000ULL;
Hugo Benichie874b7f2017-10-12 21:34:46 +0900[diff] [blame^]141 args.timestampNs = ntohl(ts.tv_nsec) + (ntohl(ts.tv_sec) * kNsPerS);
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]142 break;
143 }
144 case NFULA_PREFIX:
145 // Strip trailing '\0'
Hugo Benichie874b7f2017-10-12 21:34:46 +0900[diff] [blame^]146 args.prefix = toString(take(payload, payload.size() - 1));
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]147 break;
148 case NFULA_UID:
Hugo Benichie874b7f2017-10-12 21:34:46 +0900[diff] [blame^]149 extract(payload, args.uid);
150 args.uid = ntohl(args.uid);
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]151 break;
152 case NFULA_GID:
Hugo Benichie874b7f2017-10-12 21:34:46 +0900[diff] [blame^]153 extract(payload, args.gid);
154 args.gid = ntohl(args.gid);
155 break;
156 case NFULA_HWADDR: {
157 struct nfulnl_msg_packet_hw hwaddr = {};
158 extract(payload, hwaddr);
159 size_t hwAddrLen = ntohs(hwaddr.hw_addrlen);
160 hwAddrLen = std::min(hwAddrLen, sizeof(hwaddr.hw_addr));
161 args.dstHw.assign(hwaddr.hw_addr, hwaddr.hw_addr + hwAddrLen);
162 break;
163 }
164 case NFULA_PACKET_HDR: {
165 struct nfulnl_msg_packet_hdr packetHdr = {};
166 extract(payload, packetHdr);
167 args.ethertype = ntohs(packetHdr.hw_protocol);
168 break;
169 }
170 case NFULA_PAYLOAD:
171 // The packet payload is expected to come last in the Netlink message.
172 // At that point NFULA_PACKET_HDR has already been parsed and processed.
173 // If this is not the case, set parseAgain to true.
174 parseAgain = (args.ethertype == -1);
175 extractIpHeader(args, payload);
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]176 break;
177 default:
178 break;
179 }
180 };
Hugo Benichie874b7f2017-10-12 21:34:46 +0900[diff] [blame^]181
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]182 forEachNetlinkAttribute(msg, attrHandler);
Hugo Benichie874b7f2017-10-12 21:34:46 +0900[diff] [blame^]183 if (parseAgain) {
184 // NFULA_PAYLOAD was parsed before NFULA_PACKET_HDR.
185 // Now that the ethertype is known, reparse msg for correctly extracting the payload.
186 forEachNetlinkAttribute(msg, attrHandler);
187 }
188 mReport(args);
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]189 };
Hugo Benichie874b7f2017-10-12 21:34:46 +0900[diff] [blame^]190 return mListener->subscribe(NetlinkManager::NFLOG_WAKEUP_GROUP,
191 WakeupController::kDefaultPacketCopyRange, msgHandler);
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]192}
193
194Status WakeupController::addInterface(const std::string& ifName, const std::string& prefix,
195 uint32_t mark, uint32_t mask) {
196 return execIptables("-A", ifName, prefix, mark, mask);
197}
198
199Status WakeupController::delInterface(const std::string& ifName, const std::string& prefix,
200 uint32_t mark, uint32_t mask) {
201 return execIptables("-D", ifName, prefix, mark, mask);
202}
203
204Status WakeupController::execIptables(const std::string& action, const std::string& ifName,
205 const std::string& prefix, uint32_t mark, uint32_t mask) {
206 // NFLOG messages to batch before releasing to userspace
207 constexpr int kBatch = 8;
208 // Max log message rate in packets/second
209 constexpr int kRateLimit = 10;
210 const char kFormat[] =
211 "*mangle\n%s %s -i %s -j NFLOG --nflog-prefix %s --nflog-group %d --nflog-threshold %d"
Hugo Benichie874b7f2017-10-12 21:34:46 +0900[diff] [blame^]212 " --nflog-range %d -m mark --mark 0x%08x/0x%08x -m limit --limit %d/s\nCOMMIT\n";
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]213 const auto cmd = StringPrintf(
Hugo Benichie874b7f2017-10-12 21:34:46 +0900[diff] [blame^]214 kFormat, action.c_str(), WakeupController::LOCAL_MANGLE_INPUT, ifName.c_str(),
215 prefix.c_str(), NetlinkManager::NFLOG_WAKEUP_GROUP, kBatch,
216 WakeupController::kDefaultPacketCopyRange, mark, mask, kRateLimit);
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]217
218 std::string out;
219 auto rv = mIptables->execute(V4V6, cmd, &out);
220 if (rv != 0) {
221 auto s = Status(rv, "Failed to execute iptables cmd: " + cmd + ", out: " + out);
222 ALOGE("%s", toString(s).c_str());
223 return s;
224 }
225 return netdutils::status::ok;
226}
227
228} // namespace net
229} // namespace android