summaryrefslogtreecommitdiff
path: root/server/NetdNativeService.cpp
Commit message (Collapse)AuthorAgeFilesLines
...
* Merge "Convert from toBinderStatus() to asBinderStatus()"nharold2018-03-201-11/+4
|\
| * Convert from toBinderStatus() to asBinderStatus()Nathan Harold2018-03-161-11/+4
| | | | | | | | | | | | | | | | | | | | There is already an asBinderStatus in netdutils::Status. It seems that toBinderStatus is identical save that the Status object is byval. Bug: 8675309 Test: compilation Change-Id: Ib7f4a267a12eca16538c3239b7a878c244aa35c6
* | Migrate INetd String16 method to std::stringErik Kline2018-03-181-3/+2
|/ | | | | | | | | Test: as follows - built - flashed - booted - system/netd/tests/runtests.sh passes Change-Id: I7fe0e14a23b3c6f82dbfa17c7a44d221720976a0
* Add VTI Netlink Interface in NetDmanojboopathi2018-01-241-0/+55
| | | | | | | | | Includes the logic to add / update / remove Virtual Tunnel Inteface in RouteController. Bug: 63589711 Test: Ran runtest -x "system/netd/tests/netd_integration_test.cpp" Change-Id: I49a86f2eceecaf34fbb1e5dc05a888447437bef0
* Add output mark to XfrmControllerBenedict Wong2018-01-241-2/+2
| | | | | | | | | | | Adds the ability for XfrmController to set output marks, to allow support for VTIs. This change uses the underlying networkId field (renamed from underlyingNetwork), for which the System Server currently passes the netid of the underlying Network. Bug: 72392543 Test: All tests (CTS + unit tests) passing Change-Id: I76fe052ecf0fc193f07713a2ea31a4ad58fc9ff9
* Add global policy methods to aidlBenedict Wong2018-01-241-0/+61
| | | | | | | | | | | Exposes global policy add/remove methods to aidl, allowing java system services to use it. This will be used for tunnel mode, where security policies must be added/updated/deleted, and logic should preferably be in IpSecService. Bug: 63588681 Test: Compiles Change-Id: Ie6e99ba18ac5930273c91e81e320a2987fa17815
* Merge changes from topic "xfrmmark"Benedict Wong2018-01-241-3/+9
|\ | | | | | | | | | | * changes: Adding XFRM mark support for xfrm global policy Add function to create and delete XFRM policy in XfrmController
| * Adding XFRM mark support for xfrm global policyDi Lu2018-01-231-3/+9
| | | | | | | | | | | | | | | | | | The xfrm mark will be sent to kernel in XFRMA_MARK netlink attribute. Bug: 63589600 Test: runtest -x server/netd_unit_test.cpp Change-Id: If2d2fdda2d0b3959ed79a3b948b033d76e4236aa
* | Add a binder interface checking bpf statusChenbo Feng2018-01-231-0/+6
|/ | | | | | | | | | | | | The system server need to know if the bpf traffic stats accounting system is running at run time before read network stats from it. Instead of checking the kernel version. A safe way to implement it is adding a binder call to check the service inside netd. If netd successfully setup the system and it can be sure the stats will be avalaible for system server. Test: run cts -m CtsNetTestCases -t android.net.cts.TrafficStatsTest Bug: 30950746 Change-Id: Ieef41dd94bc957864108f2f5590d9855ae985244
* Merge changes Id9ec716b,Iad68cc14,I3ad1726bHugo Benichi2018-01-181-1/+10
|\ | | | | | | | | | | | | * changes: Add Fwmark to TCP socket dumps interface Define TcpSocketMonitor with a single dump method TCP socket monitoring: minimum SockDiag primitives
| * Define TcpSocketMonitor with a single dump methodHugo Benichi2018-01-171-1/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch adds a TcpSocketMonitor registered in Controllers and implementing a single dump method for pretty printing socket info dumped with SockDiag for all sockets on the system. The dump method can be called with $ adb shell dumpsys netd tcp_socket_info Example of output is: TcpSocketMonitor uid=1021 saddr=192.168.2.29 daddr=192.168.2.228 sport=49766 dport=80 state=ESTABLISHED(1) rqueue=0 wqueue=339 rtt=0ms var_rtt=67373.1ms rcv_rtt=1.11372e+06ms unacked=1792 snd_cwnd=0 uid=0 saddr=192.168.2.29 daddr=8.8.4.4 sport=37050 dport=853 state=SYN-SENT(2) rqueue=0 wqueue=1 rtt=0ms var_rtt=134744ms rcv_rtt=1.11372e+06ms unacked=2816 snd_cwnd=0 uid=0 saddr=192.168.2.29 daddr=8.8.8.8 sport=38674 dport=853 state=SYN-SENT(2) rqueue=0 wqueue=1 rtt=1.9084e+06ms var_rtt=0.121ms rcv_rtt=1.90841e+06ms unacked=2816 snd_cwnd=0 uid=0 saddr=2001::0db8:4:fd00:51eb:5323:2a88:7e5a daddr=2001::0db8:4860::8844 sport=42521 dport=853 state=SYN-SENT(2) rqueue=0 wqueue=1 rtt=1.51824e+06ms var_rtt=1.61533e+06ms rcv_rtt=1.34365e+06ms unacked=2816 snd_cwnd=0 uid=0 saddr=2001::0db8:4:fd00:51eb:5323:2a88:7e5a daddr=2001::0db8:4860::8888 sport=44725 dport=853 state=SYN-SENT(2) rqueue=0 wqueue=1 rtt=0ms var_rtt=134744ms rcv_rtt=1.11372e+06ms unacked=2816 snd_cwnd=0 Bug: 64147860 Test: manual tests with newly introduced commands Change-Id: Iad68cc141bc517f38c2c0ec3937269cb11fa8aa4
* | Merge "Make Transforms Unidirectional"nharold2018-01-171-20/+15
|\ \ | |/ |/|
| * Make Transforms UnidirectionalNathan Harold2018-01-161-20/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Convert the IpSecTransform from being a bi-directional pair of SAs to a unidirectional single SA. This CL also removes the concept of "direction from SAs meaning that a IpSecTransform may now be applied to a socket in either direction. -Remove direction parameter from SAs and SPIs. -Convert to using source and destination rather than local and remote addresses. Bug: 71717213 Test: CTS - IpSecManagerTest Change-Id: I7150c2b03057e18a7d9d3edff302baf10e1ee729
* | Also clear DNS state when calling destroy networkErik Kline2018-01-151-2/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Implemented for both binder and CommandListener versions. If there are not callers of ndc, then we can in a future change delete CommandListener::ResolverCmd. Also: require NETWORK_STACK instead of CONNECTIVITY_INTERNAL. Bug: 34953048 Bug: 64133961 Test: as follows - built - flashed - booted - runtest -x system/netd/tests/netd_integration_test.cpp Change-Id: I232645c5a2f5196523ee42745de3c82349cd9e57
* | Add binder calls to manage networks, interfaces, and UID ranges.Lorenzo Colitti2018-01-121-5/+56
|/ | | | | | | | | | This allows us to remove some code from the DNS test. Bug: 30944031 Test: netd_integration_test passes Test: netd_unit_test shows no new failures Test: system boots, networking works Change-Id: Ic55761a360cdccf6c4843f42716e20bcc467d25a
* [ipsec-doze] Add fchown capabilities, and fw rulesBenedict Wong2017-12-181-0/+10
| | | | | | | | | | | Add some firewall rules to allow doze mode packets to be sent/received on ESP & no-socket packets. No-socket packets are no security risk because they are either forwarded, going to be forwarded, or will be dropped at routing tables (unless they are ESP). Bug: 62994731 Test: New tests added, run Change-Id: I2d8704498b564403d94123e4938091dee8fb98c1
* Add support for AES-GCM-ESP as an IPSec algorithmBenedict Wong2017-10-121-0/+2
| | | | | | | | | Allows native AES-GCM-ESP to be used as an IPSec transport/tunnel mode algorithm with kernel support Bug: 63589918 Test: IPsecService tests added, existing ones pass Change-Id: I9f742027730f6affabb0667300f6d0d65983410c
* Switch to a new way of activating DNS-over-TLSBen Schwartz2017-10-021-45/+39
| | | | | | | | | | This change removes the global database of potential DNS-over-TLS servers from Netd, and makes pinned or named servers mandatory-TLS, not opportunistic. Bug: 64753847 Change-Id: I226ffec3f59593bc40cd9019095c5261aae55fa0 Test: Tests pass. Normal browsing continues to work normally.
* Merge "Add support for hostname validation to a CA"Treehugger Robot2017-09-111-2/+4
|\
| * Add support for hostname validation to a CABen Schwartz2017-08-251-2/+4
| | | | | | | | | | | | | | | | This introduces a breaking change in the Netd Binder interface. Test: Integration test added to verify failure case (but not success). Change-Id: If40cb5dffa0cfcf5bf49241c17489b7f3dfbd037 Bug: 64753847
* | Merge changes from topic "tetherstats_binder"Treehugger Robot2017-09-051-1/+38
|\ \ | | | | | | | | | | | | | | | | | | * changes: Swap TX and RX in addForwardChainStats for clarity. Remove the gettetherstats command. Add a binder RPC for tethering stats.
| * | Swap TX and RX in addForwardChainStats for clarity.Lorenzo Colitti2017-09-051-18/+4
| | | | | | | | | | | | | | | | | | | | | | | | Bug: 32163131 Bug: 64995262 Test: netd_{unit,integration}_test pass Test: tethering data usage UI reflects actual data usage Change-Id: Icf5b66972d91e9e45e40d7b4989a15f970a78461
| * | Remove the gettetherstats command.Lorenzo Colitti2017-09-051-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | Bug: 32163131 Bug: 64995262 Test: netd_{unit,integration}_test pass Test: tethering data usage UI reflects actual data usage Change-Id: I1722f64cf775e73d71df997f6bae4820133e67bf
| * | Add a binder RPC for tethering stats.Lorenzo Colitti2017-09-051-1/+53
| |/ | | | | | | | | | | | | Bug: 32163131 Bug: 64995262 Test: netd_{unit,integration}_test pass Change-Id: I9c7dfdaf6b823840b1691761930b53c30a4dcbc3
* / Convert return error code in XfrmController to Statusludi2017-08-311-15/+5
|/ | | | | | Bug: 62056515 Test: runtest -x tests/netd_integration_test.cpp Change-Id: I70022ba00f76776c3de05b7df33ce2be840d75ce
* Merge "Remove the return value of ipSecAddSecurityAssociation"Di Lu2017-07-121-4/+2
|\
| * Remove the return value of ipSecAddSecurityAssociationludi2017-05-231-4/+2
| | | | | | | | | | | | | | | | Bug:38350493 Test: runtest -x tests/netd_integration_test.cpp Change-Id: I48f8462d94e8c4e95d6766c1ce7f24b8a596b743
* | Support RFC 7858 DNS over TLSBen Schwartz2017-07-061-0/+43
| | | | | | | | | | | | | | | | | | | | | | | | | | This change adds the core capability for DNS over TLS, and creates private APIs for activating it, but does not provide any way to activate the functionality in a development environment or on a real device. Based on https://android-review.googlesource.com/#/c/373776/ Test: Complete unit+integration tests. Manual tests look good. Bug: 34953048 Change-Id: Ib99ac1f631fd2c2c8fbf53bdb05f67f8be7713ac
* | Enable RFC 7217 stable privacy addressesJoel Scherpelz2017-06-151-1/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ... on kernels that support this feature. Android property server is used in combination with SELinux policy to limit access to the necessary stable secret. This change also makes some small improvements and fixes to libnetdutils. ip -6 addr indicates stable_privacy addresses with "flags 800" wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 3000 inet6 fdd5:6241:900d:0:d547:442:33d7:1982/64 scope global temporary dynamic inet6 fdd5:6241:900d:0:9dbe:3875:1cab:eaf2/64 scope global mngtmpaddr dynamic flags 800 inet6 2401:fa00:4:ca0:d547:442:33d7:1982/64 scope global temporary dynamic inet6 2401:fa00:4:ca0:6281:68a2:7124:6848/64 scope global mngtmpaddr dynamic flags 800 inet6 fe80::d5a7:18ed:4ea7:50d8/64 scope link flags 800 Test: as follows - built - flashed - booted - "runtest -x .../netd_unit_test.cpp" passes Bug: 17613910 Change-Id: I0e0b6bbd15cb9d46368bed8aef5dac2f6183d32a
* | Add WakeupController and NFLogListenerJoel Scherpelz2017-05-251-0/+22
|/ | | | | | | | | | | | | These classes work together to parse and dispatch NFLOG messages in response to inbound packets annotated by the WiFi driver. Test: as follows - built - flashed - booted - netd_unit_test passes Change-Id: Id26d62858bf4bc4186ae66850f08077adf6fc2ac
* Add XfrmController to NetdNativeServiceNathan Harold2017-04-011-0/+101
| | | | | | | | | | | | | Add a new controller to Netd that can handle IPSec XFRM commands from the framework. -Add new XfrmController controller -Connect XfrmController to Controllers -Add APIs in XfrmController for creating Transport IpSec Assocs Bug: 34811756 Test: 34812052 Change-Id: If518a53a83fa76ea4c866992055a741ae064c30d
* Adding EventReporter classMichal Karpinski2016-10-271-5/+5
| | | | | | | | | | | This class stores the reporting level and can be used to get the event listener service. Bug: 29748723 (cherry picked from commit be581e228bd1a97efd179edcdd3e744622fb99b8) Change-Id: I98bfa97cb502f4d19ccf8c79f32d347e7e168492
* Benchmarks for network metrics reportingRobin Lee2016-10-271-0/+34
| | | | | | | | | Bug: 29748723 Test: this is an APCT test. (cherry picked from commit 484dac1d071c7476895c4a3184e8dbdd7b63e524) Change-Id: I482a7d5c15210906069e0fe7ef55ab3f21bfc127
* Add general /proc/sys/net/ipv[46]/{conf,neigh}/ interfaceErik Kline2016-10-251-0/+40
| | | | | | | | | Bug: 21859053 Bug: 28135208 (cherry picked from commit b218a87e0777d3d2c93231e03ef7315d783e3279) Change-Id: Ie32c86511b97358d208a4c84a1c69a75c703bf3b
* Support adding/removing IPv4 and IPv6 addresses on interfacesErik Kline2016-10-251-0/+26
| | | | | | | | Bug: 30298058 (cherry picked from commit c296f098b63a986265ded8adf13118ba512a0fa7) Change-Id: I4e40f4c0fe82696dc580d30e50e8c5b9fe17be88
* Don't close loopback sockets when a VPN connects or entering doze.Lorenzo Colitti2016-10-251-1/+2
| | | | | | | | Bug: 30186506 (cherry picked from commit 0726fec82842883a2332318aa675f7f04670db51) Change-Id: I269d9d9dc2f036b7b65e14577c5525d9cab426ba
* Add tetherApplyDnsInterfaces() binder interface.Erik Kline2016-10-251-0/+7
| | | | | | | | Bug: 9580643 (cherry picked from commit 212c405c296ed869eda927e683734aff80248872) Change-Id: I0f636266bbaa8c39847ea1e0ffbfdea789b3de53
* Add two Netd binder calls to set/get resolver config.Pierre Imai2016-04-281-0/+28
| | | | | | | | | | | | setResolverConfiguration() sets the name servers, search domains, and resolver parameters. getResolverInfo() returns the configured information and also the statistics for each server. Also includes tests for the new functionality. BUG: 25731675 Change-Id: Idde486f36bb731f9edd240d62dc1795f8e621fe6
* Add a binder IPC to close socket connections.Lorenzo Colitti2016-04-261-3/+24
| | | | | | Bug: 27824851 Bug: 27867653 Change-Id: I2e63ccfb268db763ec732594a73c2908838468b8
* Server API to only allow networking by VPN appsRobin Lee2016-04-191-0/+28
| | | | | | | | | | | | | Secure virtual networks already create rules to route all traffic into theirselves. This depends on the secure network already existing. API creates an ip rule at a priority level below SECURE_VPN which can catch traffic before VPN comes up, if it is a requirement that no traffic ever leaves without first going through VPN. Bug: 26694104 Bug: 26354134 Change-Id: If23df0760c6eb0ad137fc26c5124e48edf23b722
* Add a binder RPC to enable/disable data saver.Lorenzo Colitti2016-03-231-0/+8
| | | | | | Bug: 26685616 Bug: 27506285 Change-Id: Id11ee717cfc1c79070b6bbec397986c25947646c
* Add initial dump() method to NetdNativeServiceErik Kline2016-03-221-0/+20
| | | | | | | This is called by "dumpsys netd". Bug: 27239233 Change-Id: I27fb308f8067243ff241a6f8fd6a83f406087d2a
* Start NetdNativeService before CommandListener.Lorenzo Colitti2016-03-171-0/+12
| | | | | | | | | Starting CommandListener tells NetworkManagementService that netd is ready to accept commands. Ensure that the binder service is started (i.e., we have called startThreadPool) before we do this. Bug: 27239233 Change-Id: Ica89e72f51eb4752cb5cea2e4096c6a9dc5776d7
* Add an RPC to replace a UID firewall rule.Lorenzo Colitti2016-03-021-4/+19
| | | | | | | | | Also add a binder_test that exercises binder RPCs to the real netd service running on the device Bug: 21725996 Bug: 27239233 Change-Id: Ic83d81605021a0578d6cd32f889290be61d76125
* Initial netd binder interface.Lorenzo Colitti2016-02-231-0/+73
In this change: 1. AIDL files for a new, android.net.INetd service, and corresponding implementation using generated code. For now the interface is just a prototype: it only has one trivial method. 2. Permission checking code to check for CONNECTIVITY_INTERNAL. 3. Add a Big Netd Lock and provide a wrapper that makes it easy to ensure that it is taken by every CommandListener command. Bug: 27239233 Change-Id: I448d0ac233edd0e351a7fe7f13901fb6871683a2
generated by cgit v1.2.3 (git 2.25.1) at 2026-01-15 15:00:40 +0000