Merge "Implement clat ebpf receive offload support for GRE & ESP"
diff --git a/server/Android.bp b/server/Android.bp
index 0911841..92c5b5c 100644
--- a/server/Android.bp
+++ b/server/Android.bp
@@ -101,7 +101,7 @@
"libpcap",
"libqtaguid",
"libssl",
- "netd_aidl_interface-V2-cpp",
+ "netd_aidl_interface-cpp",
"netd_event_listener_interface-V1-cpp",
],
header_libs: [
@@ -143,7 +143,7 @@
"libselinux",
"libsysutils",
"libutils",
- "netd_aidl_interface-V2-cpp",
+ "netd_aidl_interface-cpp",
"netd_event_listener_interface-V1-cpp",
"oemnetd_aidl_interface-cpp",
],
diff --git a/server/DummyNetwork.h b/server/DummyNetwork.h
index 32584aa..5823ce5 100644
--- a/server/DummyNetwork.h
+++ b/server/DummyNetwork.h
@@ -14,27 +14,22 @@
* limitations under the License.
*/
-#ifndef NETD_SERVER_DUMMY_NETWORK_H
-#define NETD_SERVER_DUMMY_NETWORK_H
+#pragma once
#include "Network.h"
-namespace android {
-namespace net {
+namespace android::net {
class DummyNetwork : public Network {
-public:
+ public:
static const char* INTERFACE_NAME;
explicit DummyNetwork(unsigned netId);
virtual ~DummyNetwork();
-private:
+ private:
Type getType() const override;
- int addInterface(const std::string& interface) override WARN_UNUSED_RESULT;
- int removeInterface(const std::string& interface) override WARN_UNUSED_RESULT;
+ [[nodiscard]] int addInterface(const std::string& interface) override;
+ [[nodiscard]] int removeInterface(const std::string& interface) override;
};
-} // namespace net
-} // namespace android
-
-#endif // NETD_SERVER_DUMMY_NETWORK_H
+} // namespace android::net
diff --git a/server/LocalNetwork.h b/server/LocalNetwork.h
index 2aa7900..7a39a9d 100644
--- a/server/LocalNetwork.h
+++ b/server/LocalNetwork.h
@@ -14,13 +14,11 @@
* limitations under the License.
*/
-#ifndef NETD_SERVER_LOCAL_NETWORK_H
-#define NETD_SERVER_LOCAL_NETWORK_H
+#pragma once
#include "Network.h"
-namespace android {
-namespace net {
+namespace android::net {
class LocalNetwork : public Network {
public:
@@ -29,11 +27,8 @@
private:
Type getType() const override;
- int addInterface(const std::string& interface) override WARN_UNUSED_RESULT;
- int removeInterface(const std::string& interface) override WARN_UNUSED_RESULT;
+ [[nodiscard]] int addInterface(const std::string& interface) override;
+ [[nodiscard]] int removeInterface(const std::string& interface) override;
};
-} // namespace net
-} // namespace android
-
-#endif // NETD_SERVER_LOCAL_NETWORK_H
+} // namespace android::net
diff --git a/server/NetdConstants.h b/server/NetdConstants.h
index 86d4296..c273e1b 100644
--- a/server/NetdConstants.h
+++ b/server/NetdConstants.h
@@ -14,8 +14,7 @@
* limitations under the License.
*/
-#ifndef _NETD_CONSTANTS_H
-#define _NETD_CONSTANTS_H
+#pragma once
#include <ifaddrs.h>
#include <netdb.h>
@@ -50,8 +49,6 @@
#define UINT32_HEX_STRLEN sizeof("0x12345678")
#define IPSEC_IFACE_PREFIX "ipsec"
-#define WARN_UNUSED_RESULT __attribute__((__warn_unused_result__))
-
const uid_t INVALID_UID = static_cast<uid_t>(-1);
constexpr char TCP_RMEM_PROC_FILE[] = "/proc/sys/net/ipv4/tcp_rmem";
@@ -67,8 +64,7 @@
typedef std::unique_ptr<struct ifaddrs, struct IfaddrsDeleter> ScopedIfaddrs;
-namespace android {
-namespace net {
+namespace android::net {
/**
* This lock exists to make NetdNativeService RPCs (which come in on multiple Binder threads)
@@ -78,7 +74,4 @@
*/
extern std::mutex gBigNetdLock;
-} // namespace net
-} // namespace android
-
-#endif // _NETD_CONSTANTS_H
+} // namespace android::net
diff --git a/server/NetdNativeService.cpp b/server/NetdNativeService.cpp
index 31c62b9..9aec5e2 100644
--- a/server/NetdNativeService.cpp
+++ b/server/NetdNativeService.cpp
@@ -905,11 +905,16 @@
}
binder::Status NetdNativeService::tetherStart(const std::vector<std::string>& dhcpRanges) {
+ return tetherStartWithConfiguration(true, dhcpRanges);
+}
+
+binder::Status NetdNativeService::tetherStartWithConfiguration(
+ bool usingLegacyDnsProxy, const std::vector<std::string>& dhcpRanges) {
NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
if (dhcpRanges.size() % 2 == 1) {
return statusFromErrcode(-EINVAL);
}
- int res = gCtls->tetherCtrl.startTethering(dhcpRanges);
+ int res = gCtls->tetherCtrl.startTethering(usingLegacyDnsProxy, dhcpRanges);
return statusFromErrcode(res);
}
diff --git a/server/NetdNativeService.h b/server/NetdNativeService.h
index 68c9886..8f9c40f 100644
--- a/server/NetdNativeService.h
+++ b/server/NetdNativeService.h
@@ -121,6 +121,8 @@
binder::Status tetherGetStats(
std::vector<android::net::TetherStatsParcel>* tetherStatsVec) override;
binder::Status tetherStart(const std::vector<std::string>& dhcpRanges) override;
+ binder::Status tetherStartWithConfiguration(
+ bool usingLegacyDnsProxy, const std::vector<std::string>& dhcpRanges) override;
binder::Status tetherStop() override;
binder::Status tetherIsEnabled(bool* enabled) override;
binder::Status tetherInterfaceAdd(const std::string& ifName) override;
diff --git a/server/NetlinkCommands.cpp b/server/NetlinkCommands.cpp
index 7af33fe..acefa8e 100644
--- a/server/NetlinkCommands.cpp
+++ b/server/NetlinkCommands.cpp
@@ -65,17 +65,25 @@
return response.err.error; // Netlink errors are negative errno.
}
+// Disable optimizations in ASan build.
+// ASan reports an out-of-bounds 32-bit(!) access in the first loop of the function (over iov[]).
+// TODO: verify if this bug is still present.
+#ifdef __clang__
+#if __has_feature(address_sanitizer)
+#define OPTNONE [[clang::optnone]]
+#endif
+#endif
+
+#ifndef OPTNONE
+#define OPTNONE /* nop */
+#endif
+
// Sends a netlink request and possibly expects an ack.
// |iov| is an array of struct iovec that contains the netlink message payload.
// The netlink header is generated by this function based on |action| and |flags|.
// Returns -errno if there was an error or if the kernel reported an error.
-#ifdef __clang__
-#if __has_feature(address_sanitizer)
-__attribute__((optnone))
-#endif
-#endif
-WARN_UNUSED_RESULT int sendNetlinkRequest(uint16_t action, uint16_t flags, iovec* iov, int iovlen,
- const NetlinkDumpCallback *callback) {
+OPTNONE int sendNetlinkRequest(uint16_t action, uint16_t flags, iovec* iov, int iovlen,
+ const NetlinkDumpCallback* callback) {
nlmsghdr nlmsg = {
.nlmsg_type = action,
.nlmsg_flags = flags,
@@ -146,8 +154,8 @@
return 0;
}
-WARN_UNUSED_RESULT int rtNetlinkFlush(uint16_t getAction, uint16_t deleteAction,
- const char *what, const NetlinkDumpFilter& shouldDelete) {
+int rtNetlinkFlush(uint16_t getAction, uint16_t deleteAction, const char* what,
+ const NetlinkDumpFilter& shouldDelete) {
// RTM_GETxxx is always RTM_DELxxx + 1, see <linux/rtnetlink.h>.
if (getAction != deleteAction + 1) {
ALOGE("Unknown flush type getAction=%d deleteAction=%d", getAction, deleteAction);
@@ -201,7 +209,7 @@
return ret;
}
-uint32_t getRtmU32Attribute(const nlmsghdr *nlh, int attribute) {
+uint32_t getRtmU32Attribute(const nlmsghdr* nlh, int attribute) {
uint32_t rta_len = RTM_PAYLOAD(nlh);
rtmsg *msg = reinterpret_cast<rtmsg *>(NLMSG_DATA(nlh));
rtattr *rta = reinterpret_cast<rtattr *> RTM_RTA(msg);
diff --git a/server/NetlinkCommands.h b/server/NetlinkCommands.h
index ef1ff48..c07194d 100644
--- a/server/NetlinkCommands.h
+++ b/server/NetlinkCommands.h
@@ -14,8 +14,7 @@
* limitations under the License.
*/
-#ifndef NETD_SERVER_NETLINK_UTIL_H
-#define NETD_SERVER_NETLINK_UTIL_H
+#pragma once
#include <functional>
#include <linux/netlink.h>
@@ -23,8 +22,7 @@
#include "NetdConstants.h"
-namespace android {
-namespace net {
+namespace android::net {
const sockaddr_nl KERNEL_NLADDR = {AF_NETLINK, 0, 0, 0};
@@ -44,41 +42,29 @@
typedef std::function<bool(nlmsghdr *)> NetlinkDumpFilter;
// Opens an RTNetlink socket and connects it to the kernel.
-WARN_UNUSED_RESULT int openNetlinkSocket(int protocol);
+[[nodiscard]] int openNetlinkSocket(int protocol);
// Receives a netlink ACK. Returns 0 if the command succeeded or negative errno if the command
// failed or receiving the ACK failed.
-WARN_UNUSED_RESULT int recvNetlinkAck(int sock);
+[[nodiscard]] int recvNetlinkAck(int sock);
// Sends a netlink request and possibly expects an ACK. The first element of iov should be null and
// will be set to the netlink message headerheader. The subsequent elements are the contents of the
// request.
-
-// Disable optimizations in ASan build.
-// ASan reports an out-of-bounds 32-bit(!) access in the first loop of the
-// function (over iov[]).
-#ifdef __clang__
-#if __has_feature(address_sanitizer)
-__attribute__((optnone))
-#endif
-#endif
-WARN_UNUSED_RESULT int sendNetlinkRequest(uint16_t action, uint16_t flags, iovec* iov, int iovlen,
- const NetlinkDumpCallback *callback);
+[[nodiscard]] int sendNetlinkRequest(uint16_t action, uint16_t flags, iovec* iov, int iovlen,
+ const NetlinkDumpCallback* callback);
// Processes a netlink dump, passing every message to the specified |callback|.
-WARN_UNUSED_RESULT int processNetlinkDump(int sock, const NetlinkDumpCallback& callback);
+[[nodiscard]] int processNetlinkDump(int sock, const NetlinkDumpCallback& callback);
// Flushes netlink objects that take an rtmsg structure (FIB rules, routes...). |getAction| and
// |deleteAction| specify the netlink message types, e.g., RTM_GETRULE and RTM_DELRULE.
// |shouldDelete| specifies whether a given object should be deleted or not. |what| is a
// human-readable name for the objects being flushed, e.g. "rules".
-WARN_UNUSED_RESULT int rtNetlinkFlush(uint16_t getAction, uint16_t deleteAction,
- const char *what, const NetlinkDumpFilter& shouldDelete);
+[[nodiscard]] int rtNetlinkFlush(uint16_t getAction, uint16_t deleteAction, const char* what,
+ const NetlinkDumpFilter& shouldDelete);
// Returns the value of the specific __u32 attribute, or 0 if the attribute was not present.
uint32_t getRtmU32Attribute(const nlmsghdr *nlh, int attribute);
-} // namespace net
-} // namespace android
-
-#endif // NETD_SERVER_NETLINK_UTIL_H
+} // namespace android::net
diff --git a/server/Network.h b/server/Network.h
index 69af3ff..8417f34 100644
--- a/server/Network.h
+++ b/server/Network.h
@@ -14,16 +14,14 @@
* limitations under the License.
*/
-#ifndef NETD_SERVER_NETWORK_H
-#define NETD_SERVER_NETWORK_H
+#pragma once
#include "NetdConstants.h"
#include <set>
#include <string>
-namespace android {
-namespace net {
+namespace android::net {
// A Network represents a collection of interfaces participating as a single administrative unit.
class Network {
@@ -47,9 +45,9 @@
const std::set<std::string>& getInterfaces() const;
// These return 0 on success or negative errno on failure.
- virtual int addInterface(const std::string& interface) WARN_UNUSED_RESULT = 0;
- virtual int removeInterface(const std::string& interface) WARN_UNUSED_RESULT = 0;
- int clearInterfaces() WARN_UNUSED_RESULT;
+ [[nodiscard]] virtual int addInterface(const std::string& interface) = 0;
+ [[nodiscard]] virtual int removeInterface(const std::string& interface) = 0;
+ [[nodiscard]] int clearInterfaces();
std::string toString() const;
@@ -60,7 +58,4 @@
std::set<std::string> mInterfaces;
};
-} // namespace net
-} // namespace android
-
-#endif // NETD_SERVER_NETWORK_H
+} // namespace android::net
diff --git a/server/NetworkController.cpp b/server/NetworkController.cpp
index 1e4894f..e490a9f 100644
--- a/server/NetworkController.cpp
+++ b/server/NetworkController.cpp
@@ -47,8 +47,7 @@
using android::netdutils::DumpWriter;
-namespace android {
-namespace net {
+namespace android::net {
namespace {
@@ -67,21 +66,21 @@
// setPermissionForNetworks).
// TODO: use std::mutex and GUARDED_BY instead of manual inspection.
class NetworkController::DelegateImpl : public PhysicalNetwork::Delegate {
-public:
+ public:
explicit DelegateImpl(NetworkController* networkController);
virtual ~DelegateImpl();
- int modifyFallthrough(unsigned vpnNetId, const std::string& physicalInterface,
- Permission permission, bool add) WARN_UNUSED_RESULT;
+ [[nodiscard]] int modifyFallthrough(unsigned vpnNetId, const std::string& physicalInterface,
+ Permission permission, bool add);
-private:
- int addFallthrough(const std::string& physicalInterface,
- Permission permission) override WARN_UNUSED_RESULT;
- int removeFallthrough(const std::string& physicalInterface,
- Permission permission) override WARN_UNUSED_RESULT;
+ private:
+ [[nodiscard]] int addFallthrough(const std::string& physicalInterface,
+ Permission permission) override;
+ [[nodiscard]] int removeFallthrough(const std::string& physicalInterface,
+ Permission permission) override;
- int modifyFallthrough(const std::string& physicalInterface, Permission permission,
- bool add) WARN_UNUSED_RESULT;
+ [[nodiscard]] int modifyFallthrough(const std::string& physicalInterface, Permission permission,
+ bool add);
NetworkController* const mNetworkController;
};
@@ -236,11 +235,6 @@
return fwmark.intValue;
}
-uint32_t NetworkController::getNetworkForDns(unsigned* netId, uid_t uid) const {
- ScopedRLock lock(mRWLock);
- return getNetworkForDnsLocked(netId, uid);
-}
-
// Returns the NetId that a given UID would use if no network is explicitly selected. Specifically,
// the VPN that applies to the UID if any; otherwise, the default network.
unsigned NetworkController::getNetworkForUser(uid_t uid) const {
@@ -850,5 +844,4 @@
}
}
-} // namespace net
-} // namespace android
+} // namespace android::net
diff --git a/server/NetworkController.h b/server/NetworkController.h
index 4a363b3..e0abde0 100644
--- a/server/NetworkController.h
+++ b/server/NetworkController.h
@@ -14,8 +14,7 @@
* limitations under the License.
*/
-#ifndef NETD_SERVER_NETWORK_CONTROLLER_H
-#define NETD_SERVER_NETWORK_CONTROLLER_H
+#pragma once
#include <android-base/thread_annotations.h>
#include <android/multinetwork.h>
@@ -37,8 +36,7 @@
struct android_net_context;
-namespace android {
-namespace net {
+namespace android::net {
typedef std::shared_lock<std::shared_mutex> ScopedRLock;
typedef std::lock_guard<std::shared_mutex> ScopedWLock;
@@ -93,44 +91,40 @@
NetworkController();
unsigned getDefaultNetwork() const;
- int setDefaultNetwork(unsigned netId) WARN_UNUSED_RESULT;
+ [[nodiscard]] int setDefaultNetwork(unsigned netId);
- // Sets |*netId| to an appropriate NetId to use for DNS for the given user. Call with |*netId|
- // set to a non-NETID_UNSET value if the user already has indicated a preference. Returns the
- // fwmark value to set on the socket when performing the DNS request.
- uint32_t getNetworkForDns(unsigned* netId, uid_t uid) const;
unsigned getNetworkForUser(uid_t uid) const;
unsigned getNetworkForConnect(uid_t uid) const;
void getNetworkContext(unsigned netId, uid_t uid, struct android_net_context* netcontext) const;
unsigned getNetworkForInterface(const char* interface) const;
bool isVirtualNetwork(unsigned netId) const;
- int createPhysicalNetwork(unsigned netId, Permission permission) WARN_UNUSED_RESULT;
- int createPhysicalOemNetwork(Permission permission, unsigned *netId) WARN_UNUSED_RESULT;
- int createVirtualNetwork(unsigned netId, bool secure) WARN_UNUSED_RESULT;
- int destroyNetwork(unsigned netId) WARN_UNUSED_RESULT;
+ [[nodiscard]] int createPhysicalNetwork(unsigned netId, Permission permission);
+ [[nodiscard]] int createPhysicalOemNetwork(Permission permission, unsigned* netId);
+ [[nodiscard]] int createVirtualNetwork(unsigned netId, bool secure);
+ [[nodiscard]] int destroyNetwork(unsigned netId);
- int addInterfaceToNetwork(unsigned netId, const char* interface) WARN_UNUSED_RESULT;
- int removeInterfaceFromNetwork(unsigned netId, const char* interface) WARN_UNUSED_RESULT;
+ [[nodiscard]] int addInterfaceToNetwork(unsigned netId, const char* interface);
+ [[nodiscard]] int removeInterfaceFromNetwork(unsigned netId, const char* interface);
Permission getPermissionForUser(uid_t uid) const;
void setPermissionForUsers(Permission permission, const std::vector<uid_t>& uids);
int checkUserNetworkAccess(uid_t uid, unsigned netId) const;
- int setPermissionForNetworks(Permission permission,
- const std::vector<unsigned>& netIds) WARN_UNUSED_RESULT;
+ [[nodiscard]] int setPermissionForNetworks(Permission permission,
+ const std::vector<unsigned>& netIds);
- int addUsersToNetwork(unsigned netId, const UidRanges& uidRanges) WARN_UNUSED_RESULT;
- int removeUsersFromNetwork(unsigned netId, const UidRanges& uidRanges) WARN_UNUSED_RESULT;
+ [[nodiscard]] int addUsersToNetwork(unsigned netId, const UidRanges& uidRanges);
+ [[nodiscard]] int removeUsersFromNetwork(unsigned netId, const UidRanges& uidRanges);
// |nexthop| can be NULL (to indicate a directly-connected route), "unreachable" (to indicate a
// route that's blocked), "throw" (to indicate the lack of a match), or a regular IP address.
//
// Routes are added to tables determined by the interface, so only |interface| is actually used.
// |netId| is given only to sanity check that the interface has the correct netId.
- int addRoute(unsigned netId, const char* interface, const char* destination,
- const char* nexthop, bool legacy, uid_t uid) WARN_UNUSED_RESULT;
- int removeRoute(unsigned netId, const char* interface, const char* destination,
- const char* nexthop, bool legacy, uid_t uid) WARN_UNUSED_RESULT;
+ [[nodiscard]] int addRoute(unsigned netId, const char* interface, const char* destination,
+ const char* nexthop, bool legacy, uid_t uid);
+ [[nodiscard]] int removeRoute(unsigned netId, const char* interface, const char* destination,
+ const char* nexthop, bool legacy, uid_t uid);
// Notes that the specified address has appeared on the specified interface.
void addInterfaceAddress(unsigned ifIndex, const char* address);
@@ -147,7 +141,12 @@
private:
bool isValidNetworkLocked(unsigned netId) const;
Network* getNetworkLocked(unsigned netId) const;
+
+ // Sets |*netId| to an appropriate NetId to use for DNS for the given user. Call with |*netId|
+ // set to a non-NETID_UNSET value if the user already has indicated a preference. Returns the
+ // fwmark value to set on the socket when performing the DNS request.
uint32_t getNetworkForDnsLocked(unsigned* netId, uid_t uid) const;
+
unsigned getNetworkForUserLocked(uid_t uid) const;
unsigned getNetworkForConnectLocked(uid_t uid) const;
unsigned getNetworkForInterfaceLocked(const char* interface) const;
@@ -156,11 +155,11 @@
VirtualNetwork* getVirtualNetworkForUserLocked(uid_t uid) const;
Permission getPermissionForUserLocked(uid_t uid) const;
int checkUserNetworkAccessLocked(uid_t uid, unsigned netId) const;
- int createPhysicalNetworkLocked(unsigned netId, Permission permission) WARN_UNUSED_RESULT;
+ [[nodiscard]] int createPhysicalNetworkLocked(unsigned netId, Permission permission);
- int modifyRoute(unsigned netId, const char* interface, const char* destination,
- const char* nexthop, bool add, bool legacy, uid_t uid) WARN_UNUSED_RESULT;
- int modifyFallthroughLocked(unsigned vpnNetId, bool add) WARN_UNUSED_RESULT;
+ [[nodiscard]] int modifyRoute(unsigned netId, const char* interface, const char* destination,
+ const char* nexthop, bool add, bool legacy, uid_t uid);
+ [[nodiscard]] int modifyFallthroughLocked(unsigned vpnNetId, bool add);
void updateTcpSocketMonitorPolling();
class DelegateImpl;
@@ -189,7 +188,4 @@
};
-} // namespace net
-} // namespace android
-
-#endif // NETD_SERVER_NETWORK_CONTROLLER_H
+} // namespace android::net
diff --git a/server/PhysicalNetwork.cpp b/server/PhysicalNetwork.cpp
index 7a1f305..56f4ac3 100644
--- a/server/PhysicalNetwork.cpp
+++ b/server/PhysicalNetwork.cpp
@@ -23,13 +23,12 @@
#include "log/log.h"
-namespace android {
-namespace net {
+namespace android::net {
namespace {
-WARN_UNUSED_RESULT int addToDefault(unsigned netId, const std::string& interface,
- Permission permission, PhysicalNetwork::Delegate* delegate) {
+[[nodiscard]] int addToDefault(unsigned netId, const std::string& interface, Permission permission,
+ PhysicalNetwork::Delegate* delegate) {
if (int ret = RouteController::addInterfaceToDefaultNetwork(interface.c_str(), permission)) {
ALOGE("failed to add interface %s to default netId %u", interface.c_str(), netId);
return ret;
@@ -40,9 +39,8 @@
return 0;
}
-WARN_UNUSED_RESULT int removeFromDefault(unsigned netId, const std::string& interface,
- Permission permission,
- PhysicalNetwork::Delegate* delegate) {
+[[nodiscard]] int removeFromDefault(unsigned netId, const std::string& interface,
+ Permission permission, PhysicalNetwork::Delegate* delegate) {
if (int ret = RouteController::removeInterfaceFromDefaultNetwork(interface.c_str(),
permission)) {
ALOGE("failed to remove interface %s from default netId %u", interface.c_str(), netId);
@@ -56,15 +54,13 @@
} // namespace
-PhysicalNetwork::Delegate::~Delegate() {
-}
+PhysicalNetwork::Delegate::~Delegate() {}
PhysicalNetwork::PhysicalNetwork(unsigned netId, PhysicalNetwork::Delegate* delegate) :
Network(netId), mDelegate(delegate), mPermission(PERMISSION_NONE), mIsDefault(false) {
}
-PhysicalNetwork::~PhysicalNetwork() {
-}
+PhysicalNetwork::~PhysicalNetwork() {}
Permission PhysicalNetwork::getPermission() const {
return mPermission;
@@ -206,5 +202,4 @@
return 0;
}
-} // namespace net
-} // namespace android
+} // namespace android::net
diff --git a/server/PhysicalNetwork.h b/server/PhysicalNetwork.h
index 89c9443..0720824 100644
--- a/server/PhysicalNetwork.h
+++ b/server/PhysicalNetwork.h
@@ -14,25 +14,23 @@
* limitations under the License.
*/
-#ifndef NETD_SERVER_PHYSICAL_NETWORK_H
-#define NETD_SERVER_PHYSICAL_NETWORK_H
+#pragma once
#include "Network.h"
#include "Permission.h"
-namespace android {
-namespace net {
+namespace android::net {
class PhysicalNetwork : public Network {
-public:
+ public:
class Delegate {
- public:
+ public:
virtual ~Delegate();
- virtual int addFallthrough(const std::string& physicalInterface,
- Permission permission) WARN_UNUSED_RESULT = 0;
- virtual int removeFallthrough(const std::string& physicalInterface,
- Permission permission) WARN_UNUSED_RESULT = 0;
+ [[nodiscard]] virtual int addFallthrough(const std::string& physicalInterface,
+ Permission permission) = 0;
+ [[nodiscard]] virtual int removeFallthrough(const std::string& physicalInterface,
+ Permission permission) = 0;
};
PhysicalNetwork(unsigned netId, Delegate* delegate);
@@ -40,15 +38,15 @@
// These refer to permissions that apps must have in order to use this network.
Permission getPermission() const;
- int setPermission(Permission permission) WARN_UNUSED_RESULT;
+ [[nodiscard]] int setPermission(Permission permission);
- int addAsDefault() WARN_UNUSED_RESULT;
- int removeAsDefault() WARN_UNUSED_RESULT;
+ [[nodiscard]] int addAsDefault();
+ [[nodiscard]] int removeAsDefault();
-private:
+ private:
Type getType() const override;
- int addInterface(const std::string& interface) override WARN_UNUSED_RESULT;
- int removeInterface(const std::string& interface) override WARN_UNUSED_RESULT;
+ [[nodiscard]] int addInterface(const std::string& interface) override;
+ [[nodiscard]] int removeInterface(const std::string& interface) override;
int destroySocketsLackingPermission(Permission permission);
void invalidateRouteCache(const std::string& interface);
@@ -57,7 +55,4 @@
bool mIsDefault;
};
-} // namespace net
-} // namespace android
-
-#endif // NETD_SERVER_PHYSICAL_NETWORK_H
+} // namespace android::net
diff --git a/server/RouteController.cpp b/server/RouteController.cpp
index fbcd14a..1abca4b 100644
--- a/server/RouteController.cpp
+++ b/server/RouteController.cpp
@@ -45,8 +45,7 @@
using android::base::WriteStringToFile;
using android::net::UidRangeParcel;
-namespace android {
-namespace net {
+namespace android::net {
auto RouteController::iptablesRestoreCommandFunction = execIptablesRestoreCommand;
@@ -103,7 +102,7 @@
// Avoids "non-constant-expression cannot be narrowed from type 'unsigned int' to 'unsigned short'"
// warnings when using RTA_LENGTH(x) inside static initializers (even when x is already uint16_t).
-constexpr uint16_t U16_RTA_LENGTH(uint16_t x) {
+static constexpr uint16_t U16_RTA_LENGTH(uint16_t x) {
return RTA_LENGTH(x);
}
@@ -123,12 +122,12 @@
// END CONSTANTS ----------------------------------------------------------------------------------
-const char *actionName(uint16_t action) {
+static const char* actionName(uint16_t action) {
static const char *ops[4] = {"adding", "deleting", "getting", "???"};
return ops[action % 4];
}
-const char *familyName(uint8_t family) {
+static const char* familyName(uint8_t family) {
switch (family) {
case AF_INET: return "IPv4";
case AF_INET6: return "IPv6";
@@ -238,9 +237,10 @@
// range (inclusive). Otherwise, the rule matches packets from all UIDs.
//
// Returns 0 on success or negative errno on failure.
-WARN_UNUSED_RESULT int modifyIpRule(uint16_t action, uint32_t priority, uint8_t ruleType,
- uint32_t table, uint32_t fwmark, uint32_t mask, const char* iif,
- const char* oif, uid_t uidStart, uid_t uidEnd) {
+[[nodiscard]] static int modifyIpRule(uint16_t action, uint32_t priority, uint8_t ruleType,
+ uint32_t table, uint32_t fwmark, uint32_t mask,
+ const char* iif, const char* oif, uid_t uidStart,
+ uid_t uidEnd) {
// Ensure that if you set a bit in the fwmark, it's not being ignored by the mask.
if (fwmark & ~mask) {
ALOGE("mask 0x%x does not select all the bits set in fwmark 0x%x", mask, fwmark);
@@ -324,23 +324,23 @@
return 0;
}
-WARN_UNUSED_RESULT int modifyIpRule(uint16_t action, uint32_t priority, uint32_t table,
- uint32_t fwmark, uint32_t mask, const char* iif,
- const char* oif, uid_t uidStart, uid_t uidEnd) {
+[[nodiscard]] static int modifyIpRule(uint16_t action, uint32_t priority, uint32_t table,
+ uint32_t fwmark, uint32_t mask, const char* iif,
+ const char* oif, uid_t uidStart, uid_t uidEnd) {
return modifyIpRule(action, priority, FR_ACT_TO_TBL, table, fwmark, mask, iif, oif, uidStart,
uidEnd);
}
-WARN_UNUSED_RESULT int modifyIpRule(uint16_t action, uint32_t priority, uint32_t table,
- uint32_t fwmark, uint32_t mask) {
+[[nodiscard]] static int modifyIpRule(uint16_t action, uint32_t priority, uint32_t table,
+ uint32_t fwmark, uint32_t mask) {
return modifyIpRule(action, priority, table, fwmark, mask, IIF_NONE, OIF_NONE, INVALID_UID,
INVALID_UID);
}
// Adds or deletes an IPv4 or IPv6 route.
// Returns 0 on success or negative errno on failure.
-WARN_UNUSED_RESULT int modifyIpRoute(uint16_t action, uint32_t table, const char* interface,
- const char* destination, const char* nexthop) {
+int modifyIpRoute(uint16_t action, uint32_t table, const char* interface, const char* destination,
+ const char* nexthop) {
// At least the destination must be non-null.
if (!destination) {
ALOGE("null destination");
@@ -447,8 +447,8 @@
// replies, SYN-ACKs, etc).
// + Mark sockets that accept connections from this interface so that the connection stays on the
// same interface.
-WARN_UNUSED_RESULT int modifyIncomingPacketMark(unsigned netId, const char* interface,
- Permission permission, bool add) {
+int modifyIncomingPacketMark(unsigned netId, const char* interface, Permission permission,
+ bool add) {
Fwmark fwmark;
fwmark.netId = netId;
@@ -473,7 +473,7 @@
//
// When a VPN is in effect, packets from the local network to upstream networks are forwarded into
// the VPN's tunnel interface. When the VPN forwards the responses, they emerge out of the tunnel.
-WARN_UNUSED_RESULT int modifyVpnOutputToLocalRule(const char* vpnInterface, bool add) {
+[[nodiscard]] static int modifyVpnOutputToLocalRule(const char* vpnInterface, bool add) {
return modifyIpRule(add ? RTM_NEWRULE : RTM_DELRULE, RULE_PRIORITY_VPN_OUTPUT_TO_LOCAL,
ROUTE_TABLE_LOCAL_NETWORK, MARK_UNSET, MARK_UNSET, vpnInterface, OIF_NONE,
INVALID_UID, INVALID_UID);
@@ -484,8 +484,8 @@
// Notice that this rule doesn't use the netId. I.e., no matter what netId the user's socket may
// have, if they are subject to this VPN, their traffic has to go through it. Allows the traffic to
// bypass the VPN if the protectedFromVpn bit is set.
-WARN_UNUSED_RESULT int modifyVpnUidRangeRule(uint32_t table, uid_t uidStart, uid_t uidEnd,
- bool secure, bool add) {
+[[nodiscard]] static int modifyVpnUidRangeRule(uint32_t table, uid_t uidStart, uid_t uidEnd,
+ bool secure, bool add) {
Fwmark fwmark;
Fwmark mask;
@@ -512,8 +512,8 @@
//
// This is needed for DnsProxyListener to correctly resolve a request for a user who is in the
// target set, but where the DnsProxyListener itself is not.
-WARN_UNUSED_RESULT int modifyVpnSystemPermissionRule(unsigned netId, uint32_t table, bool secure,
- bool add) {
+[[nodiscard]] static int modifyVpnSystemPermissionRule(unsigned netId, uint32_t table, bool secure,
+ bool add) {
Fwmark fwmark;
Fwmark mask;
@@ -536,9 +536,9 @@
// Even though we check permissions at the time we set a netId into the fwmark of a socket, we need
// to check it again in the rules here, because a network's permissions may have been updated via
// modifyNetworkPermission().
-WARN_UNUSED_RESULT int modifyExplicitNetworkRule(unsigned netId, uint32_t table,
- Permission permission, uid_t uidStart,
- uid_t uidEnd, bool add) {
+[[nodiscard]] static int modifyExplicitNetworkRule(unsigned netId, uint32_t table,
+ Permission permission, uid_t uidStart,
+ uid_t uidEnd, bool add) {
Fwmark fwmark;
Fwmark mask;
@@ -559,9 +559,9 @@
//
// Supports apps that use SO_BINDTODEVICE or IP_PKTINFO options and the kernel that already knows
// the outgoing interface (typically for link-local communications).
-WARN_UNUSED_RESULT int modifyOutputInterfaceRules(const char* interface, uint32_t table,
- Permission permission, uid_t uidStart,
- uid_t uidEnd, bool add) {
+[[nodiscard]] static int modifyOutputInterfaceRules(const char* interface, uint32_t table,
+ Permission permission, uid_t uidStart,
+ uid_t uidEnd, bool add) {
Fwmark fwmark;
Fwmark mask;
@@ -588,7 +588,7 @@
// This is for sockets that have not explicitly requested a particular network, but have been
// bound to one when they called connect(). This ensures that sockets connected on a particular
// network stay on that network even if the default network changes.
-WARN_UNUSED_RESULT int modifyImplicitNetworkRule(unsigned netId, uint32_t table, bool add) {
+[[nodiscard]] static int modifyImplicitNetworkRule(unsigned netId, uint32_t table, bool add) {
Fwmark fwmark;
Fwmark mask;
@@ -610,9 +610,9 @@
//
// If a packet with a VPN's netId doesn't find a route in the VPN's routing table, it's allowed to
// go over the default network, provided it has the permissions required by the default network.
-WARN_UNUSED_RESULT int RouteController::modifyVpnFallthroughRule(uint16_t action, unsigned vpnNetId,
- const char* physicalInterface,
- Permission permission) {
+int RouteController::modifyVpnFallthroughRule(uint16_t action, unsigned vpnNetId,
+ const char* physicalInterface,
+ Permission permission) {
uint32_t table = getRouteTableForInterface(physicalInterface);
if (table == RT_TABLE_UNSPEC) {
return -ESRCH;
@@ -632,7 +632,7 @@
}
// Add rules to allow legacy routes added through the requestRouteToHost() API.
-WARN_UNUSED_RESULT int addLegacyRouteRules() {
+[[nodiscard]] static int addLegacyRouteRules() {
Fwmark fwmark;
Fwmark mask;
@@ -658,7 +658,7 @@
}
// Add rules to lookup the local network when specified explicitly or otherwise.
-WARN_UNUSED_RESULT int addLocalNetworkRules(unsigned localNetId) {
+[[nodiscard]] static int addLocalNetworkRules(unsigned localNetId) {
if (int ret = modifyExplicitNetworkRule(localNetId, ROUTE_TABLE_LOCAL_NETWORK, PERMISSION_NONE,
INVALID_UID, INVALID_UID, ACTION_ADD)) {
return ret;
@@ -712,12 +712,12 @@
// relying on the kernel-default "from all lookup main" rule at priority 32766 is not intended
// behaviour. We do flush the kernel-default rules at startup, but having an explicit unreachable
// rule will hopefully make things even clearer.
-WARN_UNUSED_RESULT int addUnreachableRule() {
+[[nodiscard]] static int addUnreachableRule() {
return modifyIpRule(RTM_NEWRULE, RULE_PRIORITY_UNREACHABLE, FR_ACT_UNREACHABLE, RT_TABLE_UNSPEC,
MARK_UNSET, MARK_UNSET, IIF_NONE, OIF_NONE, INVALID_UID, INVALID_UID);
}
-WARN_UNUSED_RESULT int modifyLocalNetwork(unsigned netId, const char* interface, bool add) {
+[[nodiscard]] static int modifyLocalNetwork(unsigned netId, const char* interface, bool add) {
if (int ret = modifyIncomingPacketMark(netId, interface, PERMISSION_NONE, add)) {
return ret;
}
@@ -726,8 +726,8 @@
}
/* static */
-WARN_UNUSED_RESULT int RouteController::modifyPhysicalNetwork(unsigned netId, const char* interface,
- Permission permission, bool add) {
+int RouteController::modifyPhysicalNetwork(unsigned netId, const char* interface,
+ Permission permission, bool add) {
uint32_t table = getRouteTableForInterface(interface);
if (table == RT_TABLE_UNSPEC) {
return -ESRCH;
@@ -771,7 +771,7 @@
return 0;
}
-WARN_UNUSED_RESULT int modifyRejectNonSecureNetworkRule(const UidRanges& uidRanges, bool add) {
+[[nodiscard]] static int modifyRejectNonSecureNetworkRule(const UidRanges& uidRanges, bool add) {
Fwmark fwmark;
Fwmark mask;
fwmark.protectedFromVpn = false;
@@ -788,10 +788,9 @@
return 0;
}
-WARN_UNUSED_RESULT int RouteController::modifyVirtualNetwork(unsigned netId, const char* interface,
- const UidRanges& uidRanges,
- bool secure, bool add,
- bool modifyNonUidBasedRules) {
+int RouteController::modifyVirtualNetwork(unsigned netId, const char* interface,
+ const UidRanges& uidRanges, bool secure, bool add,
+ bool modifyNonUidBasedRules) {
uint32_t table = getRouteTableForInterface(interface);
if (table == RT_TABLE_UNSPEC) {
return -ESRCH;
@@ -827,8 +826,8 @@
return 0;
}
-WARN_UNUSED_RESULT int RouteController::modifyDefaultNetwork(uint16_t action, const char* interface,
- Permission permission) {
+int RouteController::modifyDefaultNetwork(uint16_t action, const char* interface,
+ Permission permission) {
uint32_t table = getRouteTableForInterface(interface);
if (table == RT_TABLE_UNSPEC) {
return -ESRCH;
@@ -847,9 +846,8 @@
mask.intValue, IIF_LOOPBACK, OIF_NONE, INVALID_UID, INVALID_UID);
}
-WARN_UNUSED_RESULT int RouteController::modifyTetheredNetwork(uint16_t action,
- const char* inputInterface,
- const char* outputInterface) {
+int RouteController::modifyTetheredNetwork(uint16_t action, const char* inputInterface,
+ const char* outputInterface) {
uint32_t table = getRouteTableForInterface(outputInterface);
if (table == RT_TABLE_UNSPEC) {
return -ESRCH;
@@ -861,9 +859,8 @@
// Adds or removes an IPv4 or IPv6 route to the specified table.
// Returns 0 on success or negative errno on failure.
-WARN_UNUSED_RESULT int RouteController::modifyRoute(uint16_t action, const char* interface,
- const char* destination, const char* nexthop,
- TableType tableType) {
+int RouteController::modifyRoute(uint16_t action, const char* interface, const char* destination,
+ const char* nexthop, TableType tableType) {
uint32_t table;
switch (tableType) {
case RouteController::INTERFACE: {
@@ -896,7 +893,7 @@
return 0;
}
-WARN_UNUSED_RESULT int clearTetheringRules(const char* inputInterface) {
+[[nodiscard]] static int clearTetheringRules(const char* inputInterface) {
int ret = 0;
while (ret == 0) {
ret = modifyIpRule(RTM_DELRULE, RULE_PRIORITY_TETHERING, 0, MARK_UNSET, MARK_UNSET,
@@ -918,7 +915,7 @@
return getRtmU32Attribute(nlh, RTA_TABLE);
}
-WARN_UNUSED_RESULT int flushRules() {
+[[nodiscard]] static int flushRules() {
NetlinkDumpFilter shouldDelete = [] (nlmsghdr *nlh) {
// Don't touch rules at priority 0 because by default they are used for local input.
return getRulePriority(nlh) != 0;
@@ -926,7 +923,7 @@
return rtNetlinkFlush(RTM_GETRULE, RTM_DELRULE, "rules", shouldDelete);
}
-WARN_UNUSED_RESULT int RouteController::flushRoutes(uint32_t table) {
+int RouteController::flushRoutes(uint32_t table) {
NetlinkDumpFilter shouldDelete = [table] (nlmsghdr *nlh) {
return getRouteTable(nlh) == table;
};
@@ -935,7 +932,7 @@
}
// Returns 0 on success or negative errno on failure.
-WARN_UNUSED_RESULT int RouteController::flushRoutes(const char* interface) {
+int RouteController::flushRoutes(const char* interface) {
std::lock_guard lock(sInterfaceToTableLock);
uint32_t table = getRouteTableForInterfaceLocked(interface);
@@ -1101,6 +1098,4 @@
std::mutex RouteController::sInterfaceToTableLock;
std::map<std::string, uint32_t> RouteController::sInterfaceToTable;
-
-} // namespace net
-} // namespace android
+} // namespace android::net
diff --git a/server/RouteController.h b/server/RouteController.h
index d40288b..e36320f 100644
--- a/server/RouteController.h
+++ b/server/RouteController.h
@@ -14,10 +14,9 @@
* limitations under the License.
*/
-#ifndef NETD_SERVER_ROUTE_CONTROLLER_H
-#define NETD_SERVER_ROUTE_CONTROLLER_H
+#pragma once
-#include "NetdConstants.h"
+#include "NetdConstants.h" // IptablesTarget
#include "Permission.h"
#include <android-base/thread_annotations.h>
@@ -27,8 +26,7 @@
#include <map>
#include <mutex>
-namespace android {
-namespace net {
+namespace android::net {
class UidRanges;
@@ -46,7 +44,7 @@
static const char* const LOCAL_MANGLE_INPUT;
- static int Init(unsigned localNetId) WARN_UNUSED_RESULT;
+ [[nodiscard]] static int Init(unsigned localNetId);
// Returns an ifindex given the interface name, by looking up in sInterfaceToTable.
// This is currently only used by NetworkController::addInterfaceToNetwork
@@ -57,55 +55,56 @@
// used to add them.
static uint32_t getIfIndex(const char* interface) EXCLUDES(sInterfaceToTableLock);
- static int addInterfaceToLocalNetwork(unsigned netId, const char* interface) WARN_UNUSED_RESULT;
- static int removeInterfaceFromLocalNetwork(unsigned netId,
- const char* interface) WARN_UNUSED_RESULT;
+ [[nodiscard]] static int addInterfaceToLocalNetwork(unsigned netId, const char* interface);
+ [[nodiscard]] static int removeInterfaceFromLocalNetwork(unsigned netId, const char* interface);
- static int addInterfaceToPhysicalNetwork(unsigned netId, const char* interface,
- Permission permission) WARN_UNUSED_RESULT;
- static int removeInterfaceFromPhysicalNetwork(unsigned netId, const char* interface,
- Permission permission) WARN_UNUSED_RESULT;
+ [[nodiscard]] static int addInterfaceToPhysicalNetwork(unsigned netId, const char* interface,
+ Permission permission);
+ [[nodiscard]] static int removeInterfaceFromPhysicalNetwork(unsigned netId,
+ const char* interface,
+ Permission permission);
- static int addInterfaceToVirtualNetwork(unsigned netId, const char* interface, bool secure,
- const UidRanges& uidRanges) WARN_UNUSED_RESULT;
- static int removeInterfaceFromVirtualNetwork(unsigned netId, const char* interface, bool secure,
- const UidRanges& uidRanges) WARN_UNUSED_RESULT;
+ [[nodiscard]] static int addInterfaceToVirtualNetwork(unsigned netId, const char* interface,
+ bool secure, const UidRanges& uidRanges);
+ [[nodiscard]] static int removeInterfaceFromVirtualNetwork(unsigned netId,
+ const char* interface, bool secure,
+ const UidRanges& uidRanges);
- static int modifyPhysicalNetworkPermission(unsigned netId, const char* interface,
- Permission oldPermission,
- Permission newPermission) WARN_UNUSED_RESULT;
+ [[nodiscard]] static int modifyPhysicalNetworkPermission(unsigned netId, const char* interface,
+ Permission oldPermission,
+ Permission newPermission);
- static int addUsersToVirtualNetwork(unsigned netId, const char* interface, bool secure,
- const UidRanges& uidRanges) WARN_UNUSED_RESULT;
- static int removeUsersFromVirtualNetwork(unsigned netId, const char* interface, bool secure,
- const UidRanges& uidRanges) WARN_UNUSED_RESULT;
+ [[nodiscard]] static int addUsersToVirtualNetwork(unsigned netId, const char* interface,
+ bool secure, const UidRanges& uidRanges);
+ [[nodiscard]] static int removeUsersFromVirtualNetwork(unsigned netId, const char* interface,
+ bool secure, const UidRanges& uidRanges);
- static int addUsersToRejectNonSecureNetworkRule(const UidRanges& uidRanges)
- WARN_UNUSED_RESULT;
- static int removeUsersFromRejectNonSecureNetworkRule(const UidRanges& uidRanges)
- WARN_UNUSED_RESULT;
+ [[nodiscard]] static int addUsersToRejectNonSecureNetworkRule(const UidRanges& uidRanges);
+ [[nodiscard]] static int removeUsersFromRejectNonSecureNetworkRule(const UidRanges& uidRanges);
- static int addInterfaceToDefaultNetwork(const char* interface,
- Permission permission) WARN_UNUSED_RESULT;
- static int removeInterfaceFromDefaultNetwork(const char* interface,
- Permission permission) WARN_UNUSED_RESULT;
+ [[nodiscard]] static int addInterfaceToDefaultNetwork(const char* interface,
+ Permission permission);
+ [[nodiscard]] static int removeInterfaceFromDefaultNetwork(const char* interface,
+ Permission permission);
// |nexthop| can be NULL (to indicate a directly-connected route), "unreachable" (to indicate a
// route that's blocked), "throw" (to indicate the lack of a match), or a regular IP address.
- static int addRoute(const char* interface, const char* destination, const char* nexthop,
- TableType tableType) WARN_UNUSED_RESULT;
- static int removeRoute(const char* interface, const char* destination, const char* nexthop,
- TableType tableType) WARN_UNUSED_RESULT;
+ [[nodiscard]] static int addRoute(const char* interface, const char* destination,
+ const char* nexthop, TableType tableType);
+ [[nodiscard]] static int removeRoute(const char* interface, const char* destination,
+ const char* nexthop, TableType tableType);
- static int enableTethering(const char* inputInterface,
- const char* outputInterface) WARN_UNUSED_RESULT;
- static int disableTethering(const char* inputInterface,
- const char* outputInterface) WARN_UNUSED_RESULT;
+ [[nodiscard]] static int enableTethering(const char* inputInterface,
+ const char* outputInterface);
+ [[nodiscard]] static int disableTethering(const char* inputInterface,
+ const char* outputInterface);
- static int addVirtualNetworkFallthrough(unsigned vpnNetId, const char* physicalInterface,
- Permission permission) WARN_UNUSED_RESULT;
- static int removeVirtualNetworkFallthrough(unsigned vpnNetId, const char* physicalInterface,
- Permission permission) WARN_UNUSED_RESULT;
+ [[nodiscard]] static int addVirtualNetworkFallthrough(unsigned vpnNetId,
+ const char* physicalInterface,
+ Permission permission);
+ [[nodiscard]] static int removeVirtualNetworkFallthrough(unsigned vpnNetId,
+ const char* physicalInterface,
+ Permission permission);
// For testing.
static int (*iptablesRestoreCommandFunction)(IptablesTarget, const std::string&,
@@ -118,9 +117,9 @@
static std::map<std::string, uint32_t> sInterfaceToTable GUARDED_BY(sInterfaceToTableLock);
static int configureDummyNetwork();
- static int flushRoutes(const char* interface) EXCLUDES(sInterfaceToTableLock);
- static int flushRoutes(uint32_t table);
- static uint32_t getRouteTableForInterfaceLocked(const char *interface)
+ [[nodiscard]] static int flushRoutes(const char* interface) EXCLUDES(sInterfaceToTableLock);
+ [[nodiscard]] static int flushRoutes(uint32_t table);
+ static uint32_t getRouteTableForInterfaceLocked(const char* interface)
REQUIRES(sInterfaceToTableLock);
static uint32_t getRouteTableForInterface(const char *interface) EXCLUDES(sInterfaceToTableLock);
static int modifyDefaultNetwork(uint16_t action, const char* interface, Permission permission);
@@ -141,14 +140,10 @@
// Public because they are called by by RouteControllerTest.cpp.
// TODO: come up with a scheme of unit testing this code that does not rely on making all its
// functions public.
-int modifyIpRoute(uint16_t action, uint32_t table, const char* interface, const char* destination,
- const char* nexthop) WARN_UNUSED_RESULT;
-int flushRoutes(uint32_t table) WARN_UNUSED_RESULT;
+[[nodiscard]] int modifyIpRoute(uint16_t action, uint32_t table, const char* interface,
+ const char* destination, const char* nexthop);
uint32_t getRulePriority(const nlmsghdr *nlh);
-WARN_UNUSED_RESULT int modifyIncomingPacketMark(unsigned netId, const char* interface,
- Permission permission, bool add);
+[[nodiscard]] int modifyIncomingPacketMark(unsigned netId, const char* interface,
+ Permission permission, bool add);
-} // namespace net
-} // namespace android
-
-#endif // NETD_SERVER_ROUTE_CONTROLLER_H
+} // namespace android::net
diff --git a/server/TetherController.cpp b/server/TetherController.cpp
index 9d56b3e..c987d63 100644
--- a/server/TetherController.cpp
+++ b/server/TetherController.cpp
@@ -190,8 +190,15 @@
return mForwardingRequests;
}
-int TetherController::startTethering(int num_addrs, char **dhcp_ranges) {
- if (mDaemonPid != 0) {
+int TetherController::startTethering(bool usingLegacyDnsProxy, int num_addrs, char** dhcp_ranges) {
+ if (!usingLegacyDnsProxy && num_addrs == 0) {
+ // Both DHCP and DnsProxy are disabled, we don't need to start dnsmasq
+ configureForTethering(true);
+ mIsTetheringStarted = true;
+ return 0;
+ }
+
+ if (mIsTetheringStarted) {
ALOGE("Tethering already started");
errno = EBUSY;
return -errno;
@@ -230,8 +237,11 @@
kDnsmasqUsername,
};
- // DHCP server will be disabled if num_addrs == 0 and no --dhcp-range is
- // passed.
+ if (!usingLegacyDnsProxy) {
+ argVector.push_back("--port=0");
+ }
+
+ // DHCP server will be disabled if num_addrs == 0 and no --dhcp-range is passed.
for (int addrIndex = 0; addrIndex < num_addrs; addrIndex += 2) {
argVector.push_back(StringPrintf("--dhcp-range=%s,%s,1h", dhcp_ranges[addrIndex],
dhcp_ranges[addrIndex + 1]));
@@ -286,6 +296,7 @@
mDaemonPid = pid;
mDaemonFd = pipeWrite.release();
configureForTethering(true);
+ mIsTetheringStarted = true;
applyDnsInterfaces();
ALOGD("Tethering services running");
@@ -301,7 +312,8 @@
return addrsCstrVec;
}
-int TetherController::startTethering(const std::vector<std::string>& dhcpRanges) {
+int TetherController::startTethering(bool usingLegacyDnsProxy,
+ const std::vector<std::string>& dhcpRanges) {
struct in_addr v4_addr;
for (const auto& dhcpRange : dhcpRanges) {
if (!inet_aton(dhcpRange.c_str(), &v4_addr)) {
@@ -309,17 +321,23 @@
}
}
auto dhcp_ranges = toCstrVec(dhcpRanges);
- return startTethering(dhcp_ranges.size(), dhcp_ranges.data());
+ return startTethering(usingLegacyDnsProxy, dhcp_ranges.size(), dhcp_ranges.data());
}
int TetherController::stopTethering() {
configureForTethering(false);
- if (mDaemonPid == 0) {
+ if (!mIsTetheringStarted) {
ALOGE("Tethering already stopped");
return 0;
}
+ mIsTetheringStarted = false;
+ // dnsmasq is not started
+ if (mDaemonPid == 0) {
+ return 0;
+ }
+
ALOGD("Stopping tethering services");
kill(mDaemonPid, SIGTERM);
@@ -333,7 +351,7 @@
}
bool TetherController::isTetheringStarted() {
- return (mDaemonPid == 0 ? false : true);
+ return mIsTetheringStarted;
}
// dnsmasq can't parse commands larger than this due to the fixed-size buffer
diff --git a/server/TetherController.h b/server/TetherController.h
index 0a04874..7f8ba06 100644
--- a/server/TetherController.h
+++ b/server/TetherController.h
@@ -43,6 +43,8 @@
// some point since the controller was initialized.
std::multimap<std::string, ForwardingDownstream> mFwdIfaces;
+ bool mIsTetheringStarted = false;
+
// NetId to use for forwarded DNS queries. This may not be the default
// network, e.g., in the case where we are tethering to a DUN APN.
unsigned mDnsNetId = 0;
@@ -73,8 +75,9 @@
bool disableForwarding(const char* requester);
const std::set<std::string>& getIpfwdRequesterList() const;
- int startTethering(int num_addrs, char **dhcp_ranges);
- int startTethering(const std::vector<std::string>& dhcpRanges);
+ //TODO: Clean up the overload function
+ int startTethering(bool isLegacyDnsProxy, int num_addrs, char** dhcp_ranges);
+ int startTethering(bool isLegacyDnsProxy, const std::vector<std::string>& dhcpRanges);
int stopTethering();
bool isTetheringStarted();
diff --git a/server/VirtualNetwork.h b/server/VirtualNetwork.h
index 69b14d8..20c8dee 100644
--- a/server/VirtualNetwork.h
+++ b/server/VirtualNetwork.h
@@ -14,16 +14,14 @@
* limitations under the License.
*/
-#ifndef NETD_SERVER_VIRTUAL_NETWORK_H
-#define NETD_SERVER_VIRTUAL_NETWORK_H
+#pragma once
#include <set>
#include "Network.h"
#include "UidRanges.h"
-namespace android {
-namespace net {
+namespace android::net {
// A VirtualNetwork may be "secure" or not.
//
@@ -40,15 +38,14 @@
bool isSecure() const;
bool appliesToUser(uid_t uid) const;
- int addUsers(const UidRanges& uidRanges,
- const std::set<uid_t>& protectableUsers) WARN_UNUSED_RESULT;
- int removeUsers(const UidRanges& uidRanges,
- const std::set<uid_t>& protectableUsers) WARN_UNUSED_RESULT;
+ [[nodiscard]] int addUsers(const UidRanges& uidRanges, const std::set<uid_t>& protectableUsers);
+ [[nodiscard]] int removeUsers(const UidRanges& uidRanges,
+ const std::set<uid_t>& protectableUsers);
-private:
+ private:
Type getType() const override;
- int addInterface(const std::string& interface) override WARN_UNUSED_RESULT;
- int removeInterface(const std::string& interface) override WARN_UNUSED_RESULT;
+ [[nodiscard]] int addInterface(const std::string& interface) override;
+ [[nodiscard]] int removeInterface(const std::string& interface) override;
int maybeCloseSockets(bool add, const UidRanges& uidRanges,
const std::set<uid_t>& protectableUsers);
@@ -56,7 +53,4 @@
UidRanges mUidRanges;
};
-} // namespace net
-} // namespace android
-
-#endif // NETD_SERVER_VIRTUAL_NETWORK_H
+} // namespace android::net
diff --git a/server/binder/android/net/INetd.aidl b/server/binder/android/net/INetd.aidl
index ec9bbc3..fdea52e 100644
--- a/server/binder/android/net/INetd.aidl
+++ b/server/binder/android/net/INetd.aidl
@@ -1194,4 +1194,18 @@
* @return a IBinder object, it could be casted to oem specific interface.
*/
IBinder getOemNetd();
+
+ /**
+ * Start tethering with given configuration
+ *
+ * @param usingLegacyDnsProxy, whether to enable or disable legacy DNS proxy server.
+ * @param dhcpRanges dhcp ranges to set.
+ * dhcpRanges might contain many addresss {addr1, addr2, aadr3, addr4...}
+ * Netd splits them into ranges: addr1-addr2, addr3-addr4, etc.
+ * An odd number of addrs will fail.
+ * @throws ServiceSpecificException in case of failure, with an error code indicating the
+ * cause of the failure.
+ */
+ void tetherStartWithConfiguration(
+ boolean usingLegacyDnsProxy, in @utf8InCpp String[] dhcpRanges);
}
diff --git a/server/main.cpp b/server/main.cpp
index c697c3d..cbdc899 100644
--- a/server/main.cpp
+++ b/server/main.cpp
@@ -82,11 +82,16 @@
gLog.info(std::string(msg));
}
+int tagSocketCallback(int sockFd, uint32_t tag, uid_t uid) {
+ return gCtls->trafficCtrl.tagSocket(sockFd, tag, uid, geteuid());
+}
+
bool initDnsResolver() {
ResolverNetdCallbacks callbacks = {
.get_network_context = &getNetworkContextCallback,
.log = &logCallback,
.check_calling_permission = &checkCallingPermissionCallback,
+ .tagSocket = &tagSocketCallback,
};
return RESOLV_STUB.resolv_init(callbacks);
}
diff --git a/tests/binder_test.cpp b/tests/binder_test.cpp
index ad954c7..02e9eaf 100644
--- a/tests/binder_test.cpp
+++ b/tests/binder_test.cpp
@@ -1992,22 +1992,30 @@
std::vector<std::string> noDhcpRange = {};
static const char dnsdName[] = "dnsmasq";
- binder::Status status = mNetd->tetherStart(noDhcpRange);
- EXPECT_TRUE(status.isOk()) << status.exceptionMessage();
- expectProcessExists(dnsdName);
+ for (bool usingLegacyDnsProxy : {true, false}) {
+ binder::Status status =
+ mNetd->tetherStartWithConfiguration(usingLegacyDnsProxy, noDhcpRange);
+ EXPECT_TRUE(status.isOk()) << status.exceptionMessage();
+ SCOPED_TRACE(StringPrintf("usingLegacyDnsProxy: %d", usingLegacyDnsProxy));
+ if (usingLegacyDnsProxy == true) {
+ expectProcessExists(dnsdName);
+ } else {
+ expectProcessDoesNotExist(dnsdName);
+ }
- bool tetherEnabled;
- status = mNetd->tetherIsEnabled(&tetherEnabled);
- EXPECT_TRUE(status.isOk()) << status.exceptionMessage();
- EXPECT_TRUE(tetherEnabled);
+ bool tetherEnabled;
+ status = mNetd->tetherIsEnabled(&tetherEnabled);
+ EXPECT_TRUE(status.isOk()) << status.exceptionMessage();
+ EXPECT_TRUE(tetherEnabled);
- status = mNetd->tetherStop();
- EXPECT_TRUE(status.isOk()) << status.exceptionMessage();
- expectProcessDoesNotExist(dnsdName);
+ status = mNetd->tetherStop();
+ EXPECT_TRUE(status.isOk()) << status.exceptionMessage();
+ expectProcessDoesNotExist(dnsdName);
- status = mNetd->tetherIsEnabled(&tetherEnabled);
- EXPECT_TRUE(status.isOk()) << status.exceptionMessage();
- EXPECT_FALSE(tetherEnabled);
+ status = mNetd->tetherIsEnabled(&tetherEnabled);
+ EXPECT_TRUE(status.isOk()) << status.exceptionMessage();
+ EXPECT_FALSE(tetherEnabled);
+ }
}
TEST_F(BinderTest, TetherInterfaceAddRemoveList) {