summaryrefslogtreecommitdiff
path: root/server/InterfaceController.cpp
Commit message (Collapse)AuthorAgeFilesLines
* Remove redundant "using" statementsYi Kong2022-02-181-2/+0
| | | | | | | | They are already under the same namespace. Test: presubmit Bug: 219872355 Change-Id: I05f95ca05b164b193be4f58053fe670eebb8df19
* [NETD-TC#9] Clean up dependency between InterfaceController andwaynema2021-12-081-31/+0
| | | | | | | | | TrafficController. Test: m; flash; boot Test: atest InterfaceControllerTest TrafficControllerTest Test: atest XfrmControllerTest netd_integration_test Change-Id: I0dd7e2a94743ac03235db35f4e40338c19fd5403
* Fix error return propagation in InterfaceController::setCfg()Maciej Żenczykowski2019-10-181-9/+3
| | | | | | | | | ifc_add_address return -errno on error Test: builds, atest Bug: 142764715 Signed-off-by: Maciej Żenczykowski <maze@google.com> Change-Id: I6b46e74226538d309ad65ed4ae93817e94bcfb27
* Document return value of InterfaceController::{add,del}AddressMaciej Żenczykowski2019-10-171-0/+2
| | | | | | | Test: N/A Bug: 142764715 Signed-off-by: Maciej Żenczykowski <maze@google.com> Change-Id: I5b7ec514bd29d90815fefc75b216573dbb11df0c
* fix InterfaceController::setIPv6AddrGenMode(INetd::IPV6_ADDR_GEN_MODE_EUI64)Maciej Żenczykowski2019-08-101-2/+2
| | | | | | | | | | | to actually do something... writing an empty string is a no-op by definition, furthermore the way to switch to EUI64 mode is via 'addr_gen_mode' file, not via the stable_secret file. Test: builds and TreeHugger Bug: 138428295 Signed-off-by: Maciej Żenczykowski <maze@google.com> Change-Id: I77515cfec315136e0d8641fa1457917cc1efe70d
* Remove unused deps on liblogwrapBernie Innocenti2019-06-051-1/+0
| | | | | | | Nothing seems to be calling into it, so it can probably go. Test: rebuild everything, then run atest Change-Id: I6e446f98decd708f59e5994fa10f77be4476d02f
* netd: ignore non-directories/symlinks when getting interfaces from ↵Maciej Żenczykowski2019-04-161-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | /sys/class/net This prevents /sys/class/net/bonding_masters file (which is present if kernel is bonding device capable) from being detected as a network interface and triggering attempts to load netdev-bonding_masters module. This should eliminate selinux policy violations: type=1400 audit(:3): avc: denied { module_request } for comm="netd" kmod="netdev-bonding_masters" scontext=u:r:netd:s0 tcontext=u:r:kernel:s0 tclass=system type=1400 audit(:3): avc: denied { module_request } for comm="netd" kmod="netdev-bonding_masters" scontext=u:r:netd:s0 tcontext=u:r:kernel:s0 tclass=system type=1400 audit(:4): avc: denied { sys_module } for comm="netd" capability=16 scontext=u:r:netd:s0 tcontext=u:r:netd:s0 tclass=capability type=1400 audit(:4): avc: denied { sys_module } for comm="netd" capability=16 scontext=u:r:netd:s0 tcontext=u:r:netd:s0 tclass=capability type=1400 audit(:3): avc: denied { module_request } for kmod="netdev-bonding_masters" scontext=u:r:netd:s0 tcontext=u:r:kernel:s0 tclass=system type=1400 audit(:4): avc: denied { sys_module } for capability=16 scontext=u:r:netd:s0 tcontext=u:r:netd:s0 tclass=capability ie. netd kernel:system module_request; netd self:capability sys_module; Test: build and a_test libbpf_android_test libnetdbpf_test netd_integration_test netd_unit_test netdutils_test resolv_integration_test resolv_unit_test Bug: 129670638 Signed-off-by: Maciej Żenczykowski <maze@google.com> Change-Id: Ibe10c33b2c6ebe5661d5665f3fde89e540248f72
* Interface-related commands portingLuke Huang2018-11-011-5/+128
| | | | | | | Test: built, flashed, booted system/netd/tests/runtests.sh passes Change-Id: Ief3b2a0a55b74db0a794f3f9ca58298a2fcb57dd
* Firewall-related commands portingLuke Huang2018-10-241-1/+0
| | | | | | | Test: built, flashed, booted system/netd/tests/runtests.sh passes Change-Id: I0fcf6ac4e5d96cbf63d6752bee7202cdef940e82
* Wrap InterfaceController into the android::net namespaceBernie Innocenti2018-09-121-0/+6
| | | | | | | No functionality changes, this is a cleanup. Test: m netd_unit_test Change-Id: I5c6667051b7b4b17171e6dcc6883f17db08eaa23
* Implement INetd.aidl getProcSysNet().Erik Kline2018-09-111-4/+10
| | | | | | | | | | Also: a few "tidy-inspired" changes. Test: as follows - built, flashed, booted - system/netd/tests/runtest.sh passes Bug: 32163131 Change-Id: Icaa164af3c3d0d03af1ec083dfcbe856ac51529f
* netd: Enable clang-tidy and fix all warningsBernie Innocenti2018-06-071-3/+6
| | | | | | Bug: 65246407 Test: m netd && system/netd/tests/runtests.sh Change-Id: I1d22b2bc317fe7218ccde78859ed0623d6a1f8df
* Ensure icmp redirects are always ignoredHugo Benichi2018-05-231-2/+14
| | | | | | | | | | | | | | | | | A side effect of disabling the ip forwarding sysconf on all interfaces is to re-enable the ICMP redirects sysconf on all interfaces. This patch ensures that ICMP redirects stays turned off when disabling ip forwarding in TetherController. Accepting ICMP redirects can allow an attacker to inject malicious routes into a host and it is therefore desirable to always reject them. Bug: 62387578 Bug: 77541904 Test: manual Change-Id: I1f9a950eebf2f65d047f33145feee40d3ab34bd9
* Factor getIfaceNames() from getIfaceList()Nathan Harold2018-04-261-6/+18
| | | | | | | | | | | | | | | | | | | | | getIfaceList first walks the list of interfaces from the sysfs, then it calls individually for each of those interfaces to get the ifindex for them. Because each of the calls to retrieve the ifindex means a netlink call, this could possibly cause performance problems (unconfirmed) on the netlink interface. Since the names are independently useful and are quick to fetch, this function is now factored in to 2 parts: one which fetches the names and a separate function which performs the original operation of fetching the names and mapping them to if_indices. Bug: 74560705 Test: netd_integration_test - GetIfaceListTest Merged-In: I1f888c31e992c8f7d51f3c67434ffef6d75b065d Change-Id: I1f888c31e992c8f7d51f3c67434ffef6d75b065d (cherry picked from commit dfe2a6f43de4aba2780c861c750db8e4f1fb22e3)
* Rename <cutils/log.h> to <log/log.h>Logan Chien2018-04-231-1/+1
| | | | | | Bug: 78370064 Test: lunch aosp_walleye-userdebug && cd system/netd && mma Change-Id: I495f7cdc3f2aab26947f10041fc559700367f2ea
* Add a eBPF map to store iface name and indexChenbo Feng2018-03-131-0/+20
| | | | | | | | | | | | Since the kernel bpf program can only get the iface index instead of iface name, we need a seperate map to store the iface index and name pair in userspace so the kernel program can know what iface each received packet is and account against the correct name. Test: run cts -m TrafficStatsTest Bug: 30950746 Bug: 73137611 Change-Id: I6638dc4b03db6fd18b6b38b4524ec89e25a55bc0
* Delete the legacy netd code for manipulating ND offload.Lorenzo Colitti2017-09-271-25/+0
| | | | | | | | This only worked on broadcom devices, and was superseded in M by a wifi HAL call made by IpManager. Test: bullhead builds, boots Change-Id: Ic42580d4ea1d49a4f1ab79ab287ec46db4554c65
* Always return a meaningful error from setIpv6AddrGenMode.Lorenzo Colitti2017-07-101-4/+3
| | | | | | | | | | | | SetProperty does not always set errno to a meaningful value. This is confusing, particularly in the case where the errno happens to be set to EOPNOTSUPP: in that case IpManager will interpret the error as being "kernel does not support stable privacy addresses" and continue, instead of failing as it should. Bug: 17613910 Test: bullhead builds, boots, connects to wifi Change-Id: I058f5fe2dd1085036d669d89a4cac0b3b0c0949c
* Enable RFC 7217 stable privacy addressesJoel Scherpelz2017-06-151-2/+110
| | | | | | | | | | | | | | | | | | | | | | | | | | | ... on kernels that support this feature. Android property server is used in combination with SELinux policy to limit access to the necessary stable secret. This change also makes some small improvements and fixes to libnetdutils. ip -6 addr indicates stable_privacy addresses with "flags 800" wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 3000 inet6 fdd5:6241:900d:0:d547:442:33d7:1982/64 scope global temporary dynamic inet6 fdd5:6241:900d:0:9dbe:3875:1cab:eaf2/64 scope global mngtmpaddr dynamic flags 800 inet6 2401:fa00:4:ca0:d547:442:33d7:1982/64 scope global temporary dynamic inet6 2401:fa00:4:ca0:6281:68a2:7124:6848/64 scope global mngtmpaddr dynamic flags 800 inet6 fe80::d5a7:18ed:4ea7:50d8/64 scope link flags 800 Test: as follows - built - flashed - booted - "runtest -x .../netd_unit_test.cpp" passes Bug: 17613910 Change-Id: I0e0b6bbd15cb9d46368bed8aef5dac2f6183d32a
* Accept RIOs with prefix length in the closed interval [48, 64]Joel Scherpelz2017-03-271-11/+46
| | | | | | | | | | | | | | | | | | | | This change adds the appropriate initialization code and constants to accept what is believed to be a reasonable range of RIOs. Prior to this change, only RIOs with prefix length of zero were accepted. RIO bounds are set in such a way that we fail closed, that is, we only start accepting RIOs if we've successfully applied the limits [48, 64]. Bug: 33333670 Test: as follows - built (angler) - flashed - booted - runtest -x netd_integration_test.cpp passed - runtest.py frameworks-net passed - runtest.py frameworks-wifi passed Change-Id: I35497f5d2c0a23069bf7b000ccbdd7aad5709ef3
* Put most of netd into the android::net namespace.Lorenzo Colitti2017-02-141-0/+1
| | | | | | | Test: netd_{unit,integration}_test pass Test: bullhead builds, boots Bug: 34873832 Change-Id: I0a252328041b342f9c03cd08c11a69d452b045b3
* Add general /proc/sys/net/ipv[46]/{conf,neigh}/ interfaceErik Kline2016-09-021-6/+52
| | | | | | Bug: 21859053 Bug: 28135208 Change-Id: Ia3232706a697fd149ed87f74586efe3d434261f8
* Disable DAD for downstream interfaces when tetheringErik Kline2016-08-091-0/+8
| | | | | Bug: 30298058 Change-Id: If4cd1f2e2b782ff08d667eb065138c06559b3394
* Support adding/removing IPv4 and IPv6 addresses on interfacesErik Kline2016-08-021-0/+12
| | | | | Bug: 30298058 Change-Id: Ic25cd165476d1a781595460b7d764e8df4707c65
* Setup interfaces for IPv6 tetheringErik Kline2016-06-291-18/+35
| | | | | | | | | | | | | | Including: - set the interface for router mode (accept_ra = 0) - reset the interface for client mode (accept_ra = 1) - InterfaceController::setAcceptIPv6Ra() - InterfaceController::setAcceptIPv6Dad() - make InterfaceController static - refactor for more modern C++ usage here and there - sporadic style guide fixes Bug: 9580643 Change-Id: Ia557c8770e18c58b12ad16d982c63b6ebd525516
* Update wlutil pathErik Kline2016-05-261-1/+1
| | | | | | | The path to wlutil changed to /system/vendor/xbin with ag/893600 . Bug: 28850734 Change-Id: I101517e7d849c288cbe9877e874b8d7914fbc1e9
* Track rename from base/ to android-base/.Elliott Hughes2015-12-041-2/+2
| | | | Change-Id: Ice6d43c0f9b16b8fb441158a0f7344dfbf969dea
* Enable use_oif_addrs_only in netd.Erik Kline2015-07-281-0/+8
| | | | | | | Bug: 19470192 Bug: 21832279 Bug: 22464419 Change-Id: I53a9e592a03fd16c124dcae2a47c6ac2e9049c48
* Fix boolean to integer return value conversion.Erik Kline2015-06-031-1/+1
| | | | Change-Id: Ie996c9b4f84f9cd8395abb592ecf0c04cfdc4023
* InterfaceController::setBaseReachableTimeMs()Erik Kline2015-05-131-0/+13
| | | | | | | | | | | Add an InterfaceController::setBaseReachableTimeMs() method to set the ARP/ND default reachable time, as configured in: /proc/sys/net/ipv4/{interface}/base_reachable_time_ms /proc/sys/net/ipv6/{interface}/base_reachable_time_ms Bug: 18581716 Change-Id: Idc652e81396d81efe0f08bb1d6dc38bc8e554a56
* Partial refactoring and Android-type style changes.Erik Kline2015-05-131-54/+64
| | | | | Bug: 18581716 Change-Id: I85aec575a318861468ea4707b70ed747c27293c7
* Revert "Revert "Update for libbase.""Dan Albert2015-03-161-7/+10
| | | | | | | | This reverts commit 4a0ab5ff4a87cfc4a987da99546b01e44875a2e5. (cherry picked from commit 3e87c785434fdfed2fb00496cb391c411a426bdd) Change-Id: I042f485f3cc84206766298853491ddd26dbba13f
* Revert "Update for libbase."Nicolas Geoffray2015-03-161-11/+7
| | | | | | | | Breaks internal master. This reverts commit b67219a71d1d896bcb34c4a7a797824b88515b2c. Change-Id: I43145f0724ad2d669b65d20b6fd6ccc44b8f0a4f
* Update for libbase.Dan Albert2015-03-141-7/+11
| | | | | | StringPrintf and the string based file I/O are being moved to libbase. Change-Id: I765d9e53f65a76d318d9d0d9503403fc092254d5
* am 50c6639a: Merge "Use StringPrintf."Elliott Hughes2015-02-031-14/+7
|\ | | | | | | | | * commit '50c6639a55b3208b64adc691b181a90e1e6de223': Use StringPrintf.
| * Use StringPrintf.Elliott Hughes2015-02-031-14/+7
| | | | | | | | | | | | | | This doesn't replace every asprintf in netd, but it replaces the ones in code I touched. Change-Id: I2de5c7772523372bb36145e66e885aa8132ad58e
* | resolved conflicts for merge of c9692899 to lmp-mr1-dev-plus-aospElliott Hughes2015-02-031-2/+3
|\| | | | | | | Change-Id: I8f4c9ae0d13d30e69b7a197eafdfcb9b2b9050c0
| * Switch netd over to <utils/file.h>.Elliott Hughes2015-02-031-2/+3
| | | | | | | | Change-Id: Id79961cc4feee1c307dad06d64e3f4ffe060c4da
* | am 883d129b: Merge "Add missing <malloc.h> include."Elliott Hughes2015-01-281-0/+1
|\| | | | | | | | | * commit '883d129ba24bfc599b65b09fd0b5aaa0946d1958': Add missing <malloc.h> include.
| * Add missing <malloc.h> include.Elliott Hughes2015-01-281-0/+1
| | | | | | | | Change-Id: I0259da35f2dc8ff87c928eb5bd378f39cbfc9f9c
* | am 1a3c689b: Merge "Fix missing errno.h includes after libc cleanup."Dan Albert2015-01-061-0/+1
|\| | | | | | | | | * commit '1a3c689be29bfbe0c7f3eb3134e9b2a2208f839c': Fix missing errno.h includes after libc cleanup.
| * Fix missing errno.h includes after libc cleanup.Dan Albert2015-01-061-0/+1
| | | | | | | | | | | | | | These issues hadn't been found yet because a libc++ header was unconditionally pulling in errno.h. I've fixed the libc++ header now. Change-Id: Ib096634cdd231fc75bf7548e4b99babc7442dc53
* | Re-add netd support for enabling IPv6 optimistic mode.Erik Kline2014-12-081-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Enables optimistic_dad and use_optimistic on all interfaces by default. --- This functionality was originally submitted in ag/569594. Owing to issues with bind()ing to optimistic addresses (see b/18609055) this was reverted in ag/598690. This reverts the revert. :-) Bug: 17769720 Change-Id: I156e5636341a846f41fb9a15c84cf06878b239d8
* | Revert "Merge "Add netd support for configuring IPv6 optimistic mode." into ↵Erik Kline2014-12-051-8/+0
| | | | | | | | | | | | | | | | | | | | | | | | lmp-mr1-dev" This is to undo ag/569594. This reverts commit 828f8b88c78e7d7c31b098768df403e4596a91d4, reversing changes made to ac7fefcf3d90cf856b0f1664207d056ed1dd4725. Bug: 18609055 Bug: 17769720 Change-Id: I120745d9d01d731174f477dff9b463dede8523d7
* | Merge "Add a netd interface command to disable ND offload." into lmp-mr1-devLorenzo Colitti2014-10-301-0/+26
|\ \
| * | Add a netd interface command to disable ND offload.Lorenzo Colitti2014-10-301-0/+26
| |/ | | | | | | | | | | | | This will be used to support 464xlat on wifi and IPv6 tethering. Bug: 12111730 Change-Id: I3b97f4dfb787b2c5d5021811c6da51850bdc70d1
* / Add netd support for configuring IPv6 optimistic mode.Erik Kline2014-10-201-0/+8
|/ | | | | | | | Enables optimistic_dad and use_optimistic on all interfaces by default. Bug: 17769720 Change-Id: Ide492e18aa94064b890fef30d31c3a14cfdf4052
* Cleanup: Delete dead code.Sreeram Ramachandran2014-07-221-96/+1
| | | | | Bug: 15413389 Change-Id: I315468832ef18ffc84174e54774ab63b86d284dc
* Netd: Interface controller: Demote a log message severity from warning to ↵Sasha Levitskiy2014-06-231-1/+1
| | | | | | | verbose. Change-Id: Ia8b2e6a0b039c2bda418a5f7138c0aac6b6c643b Signed-off-by: Sasha Levitskiy <sanek@google.com>
* server: check interface names in RPC arguments for validityJP Abgrall2014-06-191-1/+13
| | | | | | | | | | | | | | | | This patch introduces a method isIfaceName that checks interface names from various RPCs for validity before e.g. using them as part of iptables arguments or in filenames. All of these RPC calls can only be called from applications with at least the CONNECTIVITY_INTERNAL permission in recent Android versions, so the impact of the missing checks luckily isn't very high. Orig-Author: Jann Horn <jann@thejh.net> Change-Id: I80df8d745a3de99ad02d6649f0d10562c81f6b98 Signed-off-by: JP Abgrall <jpa@google.com>
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-21 00:37:11 +0000