diff options
| author | Sreeram Ramachandran <sreeram@google.com> | 2014-07-28 18:53:50 +0000 |
|---|---|---|
| committer | Android (Google) Code Review <android-gerrit@google.com> | 2014-07-27 22:35:46 +0000 |
| commit | 060d855a00cb94e8903fd1551c9bf040f42b57d1 (patch) | |
| tree | fbc4f9dea7c4432490627b77974be889ad2ea94e /server/RouteController.cpp | |
| parent | 507e7c5bbfcd1d68f67477866497adb1748c5fd5 (diff) | |
| parent | de5d5df753dd35d852ac47a6174b06eacd0d5523 (diff) | |
Merge "Prohibit address families by default unless a VPN explicitly allows them." into lmp-dev
Diffstat (limited to 'server/RouteController.cpp')
| -rw-r--r-- | server/RouteController.cpp | 37 |
1 files changed, 24 insertions, 13 deletions
diff --git a/server/RouteController.cpp b/server/RouteController.cpp index 92b4a947..355326d4 100644 --- a/server/RouteController.cpp +++ b/server/RouteController.cpp @@ -354,27 +354,38 @@ WARN_UNUSED_RESULT int modifyIpRoute(uint16_t action, uint32_t table, const char return -ENOBUFS; // Cannot happen; parsePrefix only supports IPv4 and IPv6. } - // If an interface was specified, find the ifindex. + uint8_t type = RTN_UNICAST; uint32_t ifindex; - if (interface != OIF_NONE) { - ifindex = if_nametoindex(interface); - if (!ifindex) { - ALOGE("cannot find interface %s", interface); - return -ENODEV; + uint8_t rawNexthop[sizeof(in6_addr)]; + + if (nexthop && !strcmp(nexthop, "unreachable")) { + type = RTN_UNREACHABLE; + // 'interface' is likely non-NULL, as the caller (modifyRoute()) likely used it to lookup + // the table number. But it's an error to specify an interface ("dev ...") or a nexthop for + // unreachable routes, so nuke them. (IPv6 allows them to be specified; IPv4 doesn't.) + interface = OIF_NONE; + nexthop = NULL; + } else { + // If an interface was specified, find the ifindex. + if (interface != OIF_NONE) { + ifindex = if_nametoindex(interface); + if (!ifindex) { + ALOGE("cannot find interface %s", interface); + return -ENODEV; + } } - } - // If a nexthop was specified, parse it as the same family as the prefix. - uint8_t rawNexthop[sizeof(in6_addr)]; - if (nexthop && inet_pton(family, nexthop, rawNexthop) <= 0) { - ALOGE("inet_pton failed for nexthop %s", nexthop); - return -EINVAL; + // If a nexthop was specified, parse it as the same family as the prefix. + if (nexthop && inet_pton(family, nexthop, rawNexthop) <= 0) { + ALOGE("inet_pton failed for nexthop %s", nexthop); + return -EINVAL; + } } // Assemble a rtmsg and put it in an array of iovec structures. rtmsg route = { .rtm_protocol = RTPROT_STATIC, - .rtm_type = RTN_UNICAST, + .rtm_type = type, .rtm_family = family, .rtm_dst_len = prefixLength, }; |