| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit allows local multicast traffic to be sent locally
instead of being sent through VPN when using a VPN automatic
bypass for local traffic.
Currently, the local network that is considered in VPN local
exclusion mode is the same subnet of the network assigned
address. If apps try to make some traffic to multicast range,
it may be routed to VPN and block the traffic. E.g. If app
connect a UDP socket to multicast range(224.0.0.x) and sends
from the socket, or app send to 224.0.0.x from an unconnected
socket. The traffic will send from VPN network. This traffic
may not be well-routed in VPN network. So the case should be
also considered to make the function work in the VPN bypass
mode because it usually won't be the network assigned subnet
range. Add the multicast range as a fixed range in the local
exclusion table.
The multicast range is 224.0.0.0/4 but only limit it to
224.0.0.0/24 since the IPv4 definitions are not as precise as
for IPv6, it is the only range that the standards (RFC 2365
and RFC 5771) specify is link-local and must not be forwarded.
Bug: 243200566
Test: cd system/netd ; atest
Test: connect to Wifi or cellular network and check the routing
Test: manually test with chromecast with local routes exclusion
enabled
Change-Id: I79fe499fb02a88ec687fadf3fad461c204fe3e47
(cherry picked from commit 5308c041c712b8cd2ecee04335c10d0aeb97d610)
Merged-In: I79fe499fb02a88ec687fadf3fad461c204fe3e47
|
| |
|
|
|
|
|
|
|
|
|
| |
Update some methods naming to better reflect what the methods
do as a clean up to address comments in previous commit.
Bug: 184750836
Test: m
Change-Id: I11861841b6099c82a5137c0ab045246fc15b859a
(cherry picked from commit 2efd0ce2116a6f42474013b6271afb7852821592)
Merged-In: I11861841b6099c82a5137c0ab045246fc15b859a
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the network assigns a range that is not a defined local
network range, it should not be considered as a local network
range. Thus, intersect the network assigned range with RFC1918/
CGNAT/LINK LOCAL ranges to ensure it's an accepted local network
range.
Bug: 184750836
Test: cd system/netd ; atest
Change-Id: I3ac6bba439986b72dbddec99c6aca3394c6d3235
(cherry picked from commit cff5e88c75a4d23d472544b7008a4e51af1381c4)
Merged-In: I3ac6bba439986b72dbddec99c6aca3394c6d3235
|
| |
|
|
|
|
|
|
|
|
|
|
| |
When the local routes are updated to netd, also update them to
the local table for VPN local exclusion. This is specified by
verifying nexthop available in the specific route.
Bug: 184750836
Test: cd system/netd ; atest
Change-Id: I793dd2e5dbe9fca0c0772814f5114ec98536fb4f
(cherry picked from commit f9e81ac2e0629754a03d331a2a6e339b814204a0)
Merged-In: I793dd2e5dbe9fca0c0772814f5114ec98536fb4f
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add an app default local rule prior to the VPN local route rule
to route the per app default local traffic.
If the routes setting for system default and app default are
overlapped with each other, the traffic may be routed
unexpectedly becuase the VPN local rules do not contain the
uid range information. The rule will match first before app
default rule. Thus, add an default local rule piror to the
VPN local route rule to address the issue.
Sample rule after applying the change:
- App UID(99999)
- Default(iface0), app default(iface1), vpn(tun0)
25000: ... 0x0/0x10000 iif lo uidrange 99998-99999 lookup iface1_local
26000: ... 0x0/0x10000 iif lo lookup iface0_local
27000: ... 0x0/0x30000 iif lo uidrange 99997-99998 lookup tun0
28000: ... 0xffdf/0xffff lookup iface0
29000: ... 0x0/0xffff iif lo uidrange 99998-99999 lookup iface1
30000: ... 0x0/0xffff iif lo lookup iface0
Bug: 184750836
Test: cd system/netd ; atest
Change-Id: Ic092398a0d89b0104afcee8e1f22dfa93fa408ae
(cherry picked from commit 0d5ae9805b1dcad074dd171dca62d5e3893d6a72)
Merged-In: Ic092398a0d89b0104afcee8e1f22dfa93fa408ae
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The existing flow would add local rules for each physical
interface. The order of the rules in the routing table is
depending on the order that interfaces were added. It may
cause non-deterministic routing depending on the racing of
registering networks. The rule should only be needed for
default network, so update the flow to update rules with
fall through rules updates while switching the default network.
Bug: 184750836
Test: cd system/netd ; atest
Change-Id: I632f249ead6b418df40fa9639104043a66726d23
(cherry picked from commit 2271c127ad8e8e99c675b38b1414ffa092726d25)
Merged-In: I632f249ead6b418df40fa9639104043a66726d23
|
| |
|
|
|
|
|
|
|
|
|
| |
The local routes should be configured in the right tables
depending on whether it's a "local" route or not based on
the assigned ip ranges. This is a leading commit to remove
the hardcoded ones on first for the following change.
Bug: 184750836
Test: cd system/netd ; atest
Change-Id: Ieead7f15f8d62166d2c101e5432ccc8b25555f55
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The v6 local exclude routes were added in every physical
interface assigned to the network. For the clat interface, the
v6 support is disabled, so setting a v6 route on the clat
interface will cause a permission denial. A v6 route should not
be set on those interfaces that disable v6 support.
The permission denial causes no failure since the error was
temporarily skipped, so remove the temporary workaround
accordingly.
Sample error log:
E netd : Error adding route fe80::/10 -> (null) v4-wlan0 to table 1000000024: Permission denied
Bug: 184750836
Test: cd system/netd ; atest
Test: manually connect to v6 only wifi and check the log
Change-Id: Id41fdad2593d80953f3202d91524e9742b5c2d4e
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In an IPv6 only network with clatd started, clatd will be stopped
first before destroying the network. The clat interface will
be removed from kernel while clatd stops, but the clat interface
was added with the network in the netd. Destroy the network will
iterate the adding interfaces and try to remove all of them. The
VPN local exclusion routes are added/removed with the existence
of the interfaces. It will cause an ENODEV error while trying to
find the interface index of the clat interface since the clat
interface was removed. The failure was considered as an error
and stop destroying the network. The routing will not be cleared
as expected and cause the left over rules.
Because stopping clat is always before destroying the network, it
is expected to get such error since the clat interface exists in
ConnectivityService if the network destroys with clat started.
Thus, stop considering this failure an error to finish all works
necessary for clearing interfaces in the network.
Sample issue rule:
16000: from all fwmark 0x10063/0x1ffff iif lo lookup local_network
16000: from all fwmark 0x10064/0x1ffff iif lo lookup wlan0
16000: from all fwmark 0x10065/0x1ffff iif lo lookup wlan0
16000: from all fwmark 0x10066/0x1ffff iif lo lookup wlan0
17000: from all iif lo oif dummy0 lookup dummy0
17000: from all iif lo oif wlan0 lookup wlan0
17000: from all iif lo oif wlan0 lookup wlan0
17000: from all iif lo oif wlan0 lookup wlan0
18000: from all fwmark 0x0/0x10000 lookup legacy_system
19000: from all fwmark 0x0/0x10000 lookup legacy_network
20000: from all fwmark 0x0/0x10000 lookup local_network
23000: from all fwmark 0x64/0x1ffff iif lo lookup wlan0
23000: from all fwmark 0x65/0x1ffff iif lo lookup wlan0
23000: from all fwmark 0x66/0x1ffff iif lo lookup wlan0
Bug: 184750836
Bug: 220997151
Test: cd system/netd ; atest
Test: Manually connect/disconnect IPv6 only WiFi and observe the
routing is removed as expected
Change-Id: Ia981535a61dcc18aa25e7f35133c0fd822239b67
|
| |
|
|
|
|
|
|
| |
They are already under the same namespace.
Test: presubmit
Bug: 219872355
Change-Id: I05f95ca05b164b193be4f58053fe670eebb8df19
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The local table will match the locally connected routes. Add
those rules when the VPN network is created. The local connected
rules are the link-local address for v6 and the link-local
(169.254.0.0/16) for v4. These rules are hardcoded but it should
depend on what actual subnet the network is which will be
addressed in the following patches.
Sample rule output:
24000: from all fwmark 0xc0066/0xcffff lookup ipsec1
25000: from all fwmark 0x0/0x10000 iif lo lookup wlan0_local
27000: from all fwmark 0x66/0xffff lookup wlan0
$ adb shell ip ro sh table wlan0_local
adb shell ip ro sh table wlan0_local
169.254.0.0/16 dev wlan0 proto static scope link
$ adb shell ip -6 ro sh table wlan0_local
fd00::/10 dev wlan0 proto static metric 1024 pref medium
Bug: 184750836
Test: cd system/netd ; atest
Test: atest HostsideVpnTests
Change-Id: Idb2188b05c2568c72c155a39d3c9f1cb6e3fa150
|
| |\| |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Install/Remove the local routes rules with the life time of the
interfaces. The default networks will break into two tables:
the original one and the one for placing the local rules.
The local routing table is still unfunctional since it's empty
and no routes matched.
Sample routings(VPN connected with default network on WiFi):
20000: from all fwmark 0x0/0x10000 lookup local_network
23000: from all fwmark 0x64/0x1ffff iif lo lookup wlan0
24000: from all fwmark 0x0/0x30000 iif lo uidrange 0-99999 lookup ipsec8
24000: from all fwmark 0xc0066/0xcffff lookup ipsec8
25000: from all fwmark 0x0/0x10000 lookup iif lo wlan0_local
27000: from all fwmark 0x66/0xffff lookup wlan0
Bug: 184750836
Test: cd system/netd ; atest
Change-Id: Ia67ec04e8c133e832dd39c10977f542d9c5b9cda
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This CL changes the valid subPriority range from 0-999 to 0-998 and uses
999 as a special value that does not set the network as the default for
the given uids.
We have evaluated adding a boolean to the UidRangesParcel, but that
would require us to keep track of it in mUidRangeMap and separating
Network::appliesToUser into two functions (isUsersDefaultNetwork and
doesUserHaveAccess). In addition, per uid deny rules are not supported,
so there is really no benefit to the use of multiple subPriorities in
explicit and implicit rules.
Test: atest PerAppNetworkPermissionsTest
Change-Id: I7522de13e36f2bdc3d192264d78b96423d76c607
|
| |/
|
|
|
|
|
|
| |
Rename DEFAULT_SUB_PRIORITY to SUB_PRIORITY_HIGHEST and
LOWEST_SUB_PRIORITY to SUB_PRIORITY_LOWEST.
Test: builds
Change-Id: Ic62ad37d8bb2fafa488589e2e25f8c890c5dd649
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The new local exclusion rules for the VPN networks will be in
the new set of rules above BYPASSABLE_VPN_LOCAL_EXCLUSION for
the local exclusion VPN network. The rules for the local IP
rules will need to be in new tables separated from the existing
interfaces tables. Create <iface>_local table based on the
existing interfaces.
The new routing table will only be written in the rt_tables
instead of open a new device in /dev since it's only required
for supporting routing, such as legacy_network or legacy_system
tables. The new <iface>_local tables share the same life time
of the specific interface tables which means these new tables
will also be removed when the specific interfaces tables are
gone.
These new tables are unfunctional now but only created in the
rt_tables for the mapping between interface name and the index.
Sample content in rt_table before the patch:
255 local
254 main
97 local_network
98 legacy_network
99 legacy_system
1003 dummy0
1010 rmnet_data0
Sample content in the rt_table after the patch:
255 local
254 main
97 local_network
98 legacy_network
99 legacy_system
1003 dummy0
1000000003 dummy0_local
1010 rmnet_data0
1000000010 rmnet_data0_local
Bug: 184750836
Test: cd system/netd ; atest
Change-Id: I13e1efa73a7145c22970880d8b72cbbd7366276c
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Split RULE_PRIORITY_BYPASSABLE_VPN into two depending on whether
the VPN excludes local routes:
RULE_PRIORITY_BYPASSABLE_VPN_NO_LOCAL_EXCLUSION (24000) and
RULE_PRIORITY_BYPASSABLE_VPN_LOCAL_EXCLUSION (26000).
Only one of them will exist at any given time determined by
whether the VPN excludes local routes. Local exclusion will not
work until the new priority rules for local routes are added.
The new sets of rules have priority above VPN_FALLTHROUGH, so
update the rule priority of VPN_FALLTHROUGH and rules after it.
Bug: 184750836
Test: cd system/netd ; atest
Change-Id: I23caa68c61276c5e59dc4a85a60be054f1ccc15a
|
| |
|
|
|
|
|
|
|
| |
Signed integer gives us flexibility to use negative number (like -1)
for special purposes in the future.
Bug: N/A
Test: atest
Change-Id: I1e930459c9ed9d3834613473430c9570dc1a302a
|
| |\
| |
| |
| |
| |
| | |
* changes:
Add "throw" and "unreachable" routes to NetdBinderTest
Use route priority only for route cache invalidation
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
For routes cache invalidation we add and remove default throw routes
with low priority. Initial implementation set low priority for all
default throw routes, which didn't matter at the time, since throw
routes were not commonly used.
Now, throw routes are going to become more common (e.g. used in VPN
routing tables). This CL makes sure we only set low priority on
default throw routes if they are used for route cache invalidation.
Bug: 186082280
Test: atest NetdBinderTest
Change-Id: I4d457152c4177528ca9766a7909bc3ee51319a33
|
| |/
|
|
|
| |
Test: m
Change-Id: I40082f7d56f4d3ba088ebcab9417b4d2da0d6ba2
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Network preference per-profile and OEM network preferences can't be set
at the same time, because it is unclear what should happen if both
preferences are active for one given UID. Therefore, it needs a
parameter for ConnectivityService to specify which preference is prior
to others.
In this commit:
1. Adds a pair of methods with parcelable parameter, which currently
includes netId, UID range array and subsidiary priority.
2. The subsidiary priority will be used to adjust the original IP rule
priority. UID ranges can applies to different network with different
subsidiary priority. But a single UID should not apply to multiple
networks with the same subsidiary priority.
3. The possible value of subsidiary priority for physical and
unreachable networks is 0-999. 0 is the highest priority. 0 is also
the default value. Virtual network supports only the default value.
4. Netd and its tests reference to latest AIDL version (unstable).
Bug: 182460808
Test: m; flash; cd system/netd/; atest
Test: atest FrameworksNetTests
Test: atest HostsideVpnTests
Change-Id: I94e8830d0a21ffcca17757fe4783a4be9438c8b4
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Framework provides several preferences in PANS feature. To meet those
preferences, Netd needs to support two operations for framework:
(1) Set OEM-paid network as default network for apps.
(2) Prohibit apps to use default network if it is not explicitly
selected.
The #1 is supported by previous commit already. This commit implements
the #2, which adds a new IP rule priority for unconnected socket, reuses
existing IP rule priorities in explicit and implicit network selection.
Rules are looks like:
15000: from all fwmark 0x10034/0x1ffff iif lo uidrange x-y unreachable
...
22000: from all fwmark 0x34/0x1ffff iif lo uidrange x-y unreachable
...
27000: from all fwmark 0x0/0xffff iif lo uidrange x-y unreachable
An UNREACHABLE network (netId 52) is created for framework to specify
that the default network is unavailable for designated apps.
Bug: 181579204
Test: atest
Change-Id: I21530928a85870df673e2d1387fde130fe5a0104
|
| |
|
|
|
|
|
|
|
| |
There are only slight differences between the implementations of
modifyUidExplicitNetworkRule and modifyUidImplicitNetworkRule. Unity
them into one function. No functionality changes.
Test: atest netd_integration_test
Change-Id: I552e870b32459ada24c84fb908fea188f47c510c
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Extend networkAddUidRanges and networkRemoveUidRanges from
virtual-network-only to physical network. With this change, the
ConnectivityService can replace the default physical network for
specified applications without changing applications' code.
Bug: 176507580
Test: cd system/netd; atest
Test: atest HostsideVpnTests
Test: atest FrameworksNetTests
Change-Id: I556043f4401746bcf844a0c15a7d92aec12faad3
|
| |/
|
|
|
|
|
| |
Test: builds, atest, TreeHugger
Bug: 167500195
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ia1a45de523bb20d451df2041a9cc3fe9930f6686
|
| |
|
|
|
|
|
| |
Make constants visible for tests, rather than have copies.
Test: atest
Change-Id: Ibb70ae5c719e174ace4278d617564dfd48d1455d
|
| |
|
|
|
|
|
|
|
|
| |
This is required for TC-BPF offload of upstream traffic.
Bug: 176857251
Test: new tests in netd_integration_test
Test: enabled wifi-to-wifi tethering
Test: adb shell tc qdisc show 2>&1 | grep clsact
Change-Id: I091d183682170d1ddf19ab9f04aa88413769de79
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
RouteController tracks in the sInterfaceToTable map the the
interface indices of every interface used in physical and virtual
networks. This ensures that when an interface is removed from a
network (by passing in the interface name), the rules (which
specify interface indices) are correctly deleted even if the
interface has been deleted or has been deleted and re-added with
a new interface index.
Currently this does not happen for interfaces added to the local
network. That means that when those interfaces are deleted, the
rules might not be deleted. It also results in spurious messages
logged by NetworkController such as:
03-24 00:38:47.553 16612 16635 E Netd : getIfIndex: cannot find interface testtap1
03-24 00:38:47.553 16612 16635 E Netd : inconceivable! added interface testtap1 with no index
Note that since P this map is read by RouteController::getIfIndex
and used by code that assumes this will always return an
interface index. In the case of an interface in the local
network, this is not possible because the map stores mappings
between ifindex and routing table. In the case of the local
network, the routing table is always ROUTE_TABLE_LOCAL_NETWORK,
so there is no way to get the interface index. Fix these callers
so they do not attempt do to this.
Bug: 150644681
Test: TetheringIntegrationTests:EthernetTetheringTest
Change-Id: I8042e5b91bcb3175d9ad540526df396a139976f0
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The clsact attaching and detaching control plane is moved to:
RouteController::addInterfaceToPhysicalNetwork - add clsact
RouteController::removeInterfaceFromPhysicalNetwork - del clsact
The above change implies that the clsact lifetime for each interface
has been extended from clat enabled time to interface lifetime.
The only exception is that attaching clsact to v4- tun interface
still lives in ClatdController. The reason is that clat is started
before the v4- tun interface is added to the network and clat has
already needed to add the bpf filters.
After all, keep attaching and detaching clat {in, e}gress bpf
filters in ClatdController.
Test: manual clatd test
1. Connect to IPv6-Only WiFi hotspot
2. Browse 172.217.0.46 (google.com) successfully
3. Disconnect from WiFi
Repeat the above steps three times.
Change-Id: I971e105484c7678ac304788e5ffff7cc709c400d
|
| |
|
|
|
|
|
|
|
|
| |
Use the more correct RTA_SPACE macro instead of manually
calculating the size, and the more appropriate size_t type
instead of int.
Bug: 142892223
Test: covered by existing unit tests
Change-Id: I74dd5c912e2a13721e1bd6c90df4a579e826805f
|
| |
|
|
|
|
|
|
|
|
| |
- Route may include optional MTU parameter
- Change route is added so routes don't need to be deleted then re-added
- Add/Del/Change functions to pass route info as parcel
Bug: 142892223
Test: new unit tests
Change-Id: Idc32ecb0520b1f4136b3fe0e3f7b6800fb3005a6
|
| |
|
|
|
|
|
|
|
|
| |
C++20 will require members in a designated initializer to be in order
unlike C99.
Bug: 139945549
Test: mm
Change-Id: I4b856942f5c323898cf572dc60622d62c6ffed94
Signed-off-by: Nick Desaulniers <ndesaulniers@google.com>
|
| |
|
|
|
|
|
| |
No functionality change. Also remove some header guards along the way.
Test: m
Change-Id: I1afdcaea95a3dd56f392c4e61d7670f43615792a
|
| |
|
|
|
|
|
| |
Nothing seems to be calling into it, so it can probably go.
Test: rebuild everything, then run atest
Change-Id: I6e446f98decd708f59e5994fa10f77be4476d02f
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, netd use explicitlySelected bit to ensure that
the VPN fallthrough rule does not match if a non-zero NetId was
explicitly specified. This is inconsistent with the normal case
of an application that is subject to the VPN, because in that case,
the fallthrough rule does match.
This commit removes the explicitlySelected bit and relax the guarantee.
This ensure that the behaviour of an app that selects the VPN network
is the same as the behaviour of an app that specifies no network but
is subject to the VPN.
VPN traffic will fallthrough default network if no route is hit in VPN
route table.
Assume vpn netId is 102, default network interface is wlan0 with no
permisiion. Below is the result of route rule before/after this commit.
Before:
21000: from all fwmark 0x10066/0x1ffff lookup wlan0
After:
21000: from all fwmark 0x66/0xffff lookup wlan0
Bug: 119216095
Test: built, flashed, booted
system/netd/tests/runtests.sh
Change-Id: I03411644dc82cabcaf1f3274a17f36ec4e173c2e
|
| |
|
|
|
|
|
|
|
|
|
| |
when network was switched quickly between wifi and cellular,
netd should always use old ifindex to delete ip rule/route,
and new ifindex to add ip rule/route.
BUG: 128805131
Test: built, booted, datausage, Phone call, Internet under
wifi and cellular data
Change-Id: I2d88709a00d50e318b02362ffac543a1e7e40a81
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Allowing creating multiple link-local routes in the same table, so we can make IPv6
work on all interfaces in the local_network table.
Bug: 126063997
Test: * enable hotspot & usb tethering
* use ping6 to verify link local in both side of hotspot/usb
tethering
Change-Id: Ibe897004bd72bc88744c4bbac44ca512c0482f3b
|
| |
|
|
|
|
|
|
|
| |
Use stable aidl generated structure instead of UidRange
Test: built, flashed, booted
system/netd/tests/runtests.sh passes
Change-Id: I136afcff167eac7d3c4774b9e60f607e086488bf
|
| |
|
|
|
|
|
|
|
|
| |
Additionally rename functions and structs to eliminate those ugly
underscores from the public API (with the notable exception of
__res_params, which will come in its own separate change to keep this
one from growing too large).
Test: build, flash, then 'atest netd_integration_test'
Change-Id: I7e9b0ee6cdbec889e9c35b5a17b5daa65533686e
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
No functional change, this is a cleanup.
With C++17, it's no longer necessary to specify the teplate argument
when it can be deduced from the types of constructor arguments. This
allows de-cluttering our locking statements.
To avoid typos, this patch was mechanically generated:
perl -p -i -e 's/std::lock_guard<std::mutex>/std::lock_guard/g' \
$(find . -name '*.cpp' -o -name '*.h')
Change-Id: Ibb15d9a6c5b1c861d81353e47d25474eb1d4c2df
|
| |
|
|
|
|
|
|
| |
Fixes -Wzero-as-null-pointer-constant warning.
Test: m
Bug: 68236239
Change-Id: I226a0599db4f7c3557e55cade7869d00bd314949
|
| |
|
|
|
|
|
| |
Test: built, flashed, booted
system/netd/tests/runtests.sh passes
Change-Id: I855e044a2b7c9aae795edbcee717d61f58a7a21d
|
| |
|
|
|
|
| |
Test: built, flashed, booted
system/netd/tests/runtests.sh passes
Change-Id: I42b52d815b6ba0ba6f93dc27e83a900d2abec715
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Normally when an IP address is removed, all sockets associated with the
addresses are destroyed. This patchset changes this behavior such that
if the address in question is still being used by another interface that
belongs to the same underlying virtual network, the destroy operation is
skipped. This change is needed to support VPN seamless handover where the
VPN app will establish a second TUN interface (with different config)
before tearing down the existing interface. The intention is that during
this handover existing socket connections should not be disturbed. There
is a companion change in the framework side to make sure during such
handover, the VPN netId remains unchanged so routing still works.
Bug: 64692591
Test: cts-tradefed run commandAndExit cts-dev -m CtsHostsideNetworkTests -t com.android.cts.net.HostsideVpnTests
Test: system/netd/tests/runtests.sh
Change-Id: I02c6b0db5f15cd1aef3e3fa6f0c36e86b4f427fd
Merged-In: I02c6b0db5f15cd1aef3e3fa6f0c36e86b4f427fd
(cherry picked from commit acbb6b7bbea17c5653929ee5224bd4f8e16c0f69)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This ensures that these rules are not mistakenly used by
forwarded traffic. Forwarded traffic should only use rules that
specify an explicit iif.
The rules change as follows:
0: from all lookup local
10000: from all fwmark 0xc0000/0xd0000 lookup legacy_system
10500: from all {+iif lo+} oif dummy0 uidrange 0-0 lookup dummy0
10500: from all {+iif lo+} oif wlan0 uidrange 0-0 lookup wlan0
10500: from all {+iif lo+} oif v4-wlan0 uidrange 0-0 lookup v4-wlan0
10500: from all {+iif lo+} oif rmnet_data0 uidrange 0-0 lookup rmnet_data0
13000: from all fwmark 0x10063/0x1ffff {+iif lo+} lookup local_network
13000: from all fwmark 0x10065/0x1ffff {+iif lo+} lookup wlan0
13000: from all fwmark 0x10065/0x1ffff {+iif lo+} lookup v4-wlan0
13000: from all fwmark 0x50064/0x5ffff {+iif lo+} lookup rmnet_data0
14000: from all {+iif lo+} oif dummy0 lookup dummy0
14000: from all {+iif lo+} oif wlan0 lookup wlan0
14000: from all {+iif lo+} oif v4-wlan0 lookup v4-wlan0
14000: from all fwmark 0x40000/0x40000 {+iif lo+} oif rmnet_data0 lookup rmnet_data0
15000: from all fwmark 0x0/0x10000 lookup legacy_system
16000: from all fwmark 0x0/0x10000 lookup legacy_network
17000: from all fwmark 0x0/0x10000 lookup local_network
19000: from all fwmark 0x65/0x1ffff {+iif lo+} lookup wlan0
19000: from all fwmark 0x65/0x1ffff {+iif lo+} lookup v4-wlan0
22000: from all fwmark 0x0/0xffff {+iif lo+} lookup v4-wlan0
22000: from all fwmark 0x0/0xffff {+iif lo+} lookup wlan0
32000: from all unreachable
Bug: 64976379
Bug: 73642792
Bug: 73032258
Test: marlin builds, boots, networking works
Test: IPv4/v6 USB tethering works concurrently with httpurl --nethandle <foo>
Test: USB tethering correctly able to use non-default-network upstream
Test: T-Mobile wifi calling works on walleye internal build
Change-Id: I9383a7ea54c60b0f33db8de8c6331e2f820539e1
|
| |\
| |
| |
| |
| |
| |
| | |
* changes:
Tighten up locking in NetworkController.
Add locking to RouteController.
Change RouteController from free functions/members to class functions.
|
| | |
| |
| |
| |
| | |
Test: netd_{unit,integration}_test passes
Change-Id: I12899e0304d266b25b0b021ae28f9073c8b42604
|
