Merge "Move VPN routing decisions from iptables to ip" into klp-dev
diff --git a/CommandListener.cpp b/CommandListener.cpp
index b9df842..d6a284f 100644
--- a/CommandListener.cpp
+++ b/CommandListener.cpp
@@ -1014,9 +1014,11 @@
"Wrong number of arguments to resolver setifaceforuid", false);
return 0;
}
- } else if (!strcmp(argv[1], "clearifaceforuidrange")) { // resolver clearifaceforuid <l> <h>
- if (argc == 4) {
- rc = sResolverCtrl->clearDnsInterfaceForUidRange(atoi(argv[2]), atoi(argv[3]));
+ } else if (!strcmp(argv[1], "clearifaceforuidrange")) {
+ // resolver clearifaceforuid <if> <l> <h>
+ if (argc == 5) {
+ rc = sResolverCtrl->clearDnsInterfaceForUidRange(argv[2], atoi(argv[3]),
+ atoi(argv[4]));
} else {
cli->sendMsg(ResponseCode::CommandSyntaxError,
"Wrong number of arguments to resolver clearifaceforuid", false);
diff --git a/DnsProxyListener.cpp b/DnsProxyListener.cpp
index eb02f01..6990f26 100644
--- a/DnsProxyListener.cpp
+++ b/DnsProxyListener.cpp
@@ -133,8 +133,7 @@
if (mIface == NULL) {
//fall back to the per uid interface if no per pid interface exists
if(!_resolv_get_pids_associated_interface(mPid, tmp, sizeof(tmp)))
- if(!_resolv_get_uids_associated_interface(mUid, tmp, sizeof(tmp)))
- mark = -1; // if we don't have a targeted iface don't use a mark
+ _resolv_get_uids_associated_interface(mUid, tmp, sizeof(tmp));
}
struct addrinfo* result = NULL;
@@ -473,8 +472,7 @@
if (mIface == NULL) {
//fall back to the per uid interface if no per pid interface exists
if(!_resolv_get_pids_associated_interface(mPid, tmp, sizeof(tmp)))
- if(!_resolv_get_uids_associated_interface(mUid, tmp, sizeof(tmp)))
- mark = -1;
+ _resolv_get_uids_associated_interface(mUid, tmp, sizeof(tmp));
}
struct hostent* hp;
diff --git a/NetdConstants.h b/NetdConstants.h
index d686968..2508ea2 100644
--- a/NetdConstants.h
+++ b/NetdConstants.h
@@ -21,6 +21,8 @@
#include <list>
#include <stdarg.h>
+const int PROTECT_MARK = 0x1;
+
extern const char * const IPTABLES_PATH;
extern const char * const IP6TABLES_PATH;
extern const char * const IP_PATH;
diff --git a/ResolverController.cpp b/ResolverController.cpp
index e61fae7..8a43916 100644
--- a/ResolverController.cpp
+++ b/ResolverController.cpp
@@ -105,12 +105,13 @@
return _resolv_set_iface_for_uid_range(iface, uid_start, uid_end);
}
-int ResolverController::clearDnsInterfaceForUidRange(int uid_start, int uid_end) {
+int ResolverController::clearDnsInterfaceForUidRange(const char* iface, int uid_start,
+ int uid_end) {
if (DBG) {
- ALOGD("clearDnsIfaceForUidRange range = [%d,%d]\n", uid_start, uid_end);
+ ALOGD("clearDnsIfaceForUidRange iface = %s range = [%d,%d]\n", iface, uid_start, uid_end);
}
- return _resolv_clear_iface_for_uid_range(uid_start, uid_end);
+ return _resolv_clear_iface_for_uid_range(iface, uid_start, uid_end);
}
int ResolverController::clearDnsInterfaceMappings()
diff --git a/ResolverController.h b/ResolverController.h
index e705c8f..c1d5580 100644
--- a/ResolverController.h
+++ b/ResolverController.h
@@ -34,7 +34,7 @@
int setDnsInterfaceForPid(const char* iface, int pid);
int clearDnsInterfaceForPid(int pid);
int setDnsInterfaceForUidRange(const char* iface, int uid_start, int uid_end);
- int clearDnsInterfaceForUidRange(int uid_start, int uid_end);
+ int clearDnsInterfaceForUidRange(const char* iface, int uid_start, int uid_end);
int clearDnsInterfaceMappings();
};
diff --git a/SecondaryTableController.h b/SecondaryTableController.h
index ded60a8..e286075 100644
--- a/SecondaryTableController.h
+++ b/SecondaryTableController.h
@@ -30,7 +30,6 @@
static const int INTERFACES_TRACKED = 10;
static const int BASE_TABLE_NUMBER = 60;
static int MAX_TABLE_NUMBER = BASE_TABLE_NUMBER + INTERFACES_TRACKED;
-static const int PROTECT_MARK = 0x1;
static const char *EXEMPT_PRIO = "99";
static const char *RULE_PRIO = "100";
diff --git a/UidMarkMap.cpp b/UidMarkMap.cpp
index d30ac53..13630d3 100644
--- a/UidMarkMap.cpp
+++ b/UidMarkMap.cpp
@@ -15,6 +15,7 @@
*/
#include "UidMarkMap.h"
+#include "NetdConstants.h"
UidMarkMap::UidMarkEntry::UidMarkEntry(int start, int end, int new_mark) :
uid_start(start),
@@ -27,16 +28,9 @@
if (uid_start > uid_end) {
return false;
}
- android::netd::List<UidMarkEntry*>::iterator it;
- for (it = mMap.begin(); it != mMap.end(); it++) {
- UidMarkEntry *entry = *it;
- if (entry->uid_start <= uid_end && uid_start <= entry->uid_end) {
- return false;
- }
- }
UidMarkEntry *e = new UidMarkEntry(uid_start, uid_end, mark);
- mMap.push_back(e);
+ mMap.push_front(e);
return true;
};
@@ -63,7 +57,9 @@
return entry->mark;
}
}
- return -1;
+ // If the uid has no mark specified then it should be protected from any VPN rules that might
+ // be affecting the service acting on its behalf.
+ return PROTECT_MARK;
};
bool UidMarkMap::anyRulesForMark(int mark) {
