diff options
author | Nucca Chen <nuccachen@google.com> | 2021-12-13 09:24:38 +0000 |
---|---|---|
committer | Hungming Chen <nuccachen@google.com> | 2021-12-30 22:54:03 +0800 |
commit | 0714a18a36a20cc94ac6c9d8916bb9a3782e43ac (patch) | |
tree | 4d6deaf13fc2f711a298ed5da7decc3b6357345a | |
parent | 6bdb9960b1f42add186517dd0fa293c18912cf87 (diff) | |
download | android-clat-0714a18a36a20cc94ac6c9d8916bb9a3782e43ac.tar.gz |
Revert "Revert "[RFCLAT#1] Move the raw socket creation from cla..."
Revert submission 1919326-revert-1902610-clat_move_raw_socket-XKUYDBPMIO
Reason for revert: security patch (aosp/1903466) and clean up patch (aosp/1911234) have merged
Reverted Changes:
I849cf4150:Revert "[RFNETD#1] Move the raw socket creation fr...
Ic4fad13f5:Revert "[RFCLAT#1] Move the raw socket creation fr...
Bug: 212345928
Test: atest clatd_test
Change-Id: Ib3f35c293b160f57917bf6f52a533faecf2abf80
-rw-r--r-- | clatd.c | 14 | ||||
-rw-r--r-- | clatd.h | 2 | ||||
-rw-r--r-- | main.c | 19 |
3 files changed, 18 insertions, 17 deletions
@@ -182,19 +182,7 @@ void drop_root_and_caps() { * tunnel - tun device data * mark - the socket mark to use for the sending raw socket */ -void open_sockets(struct tun_data *tunnel, uint32_t mark) { - int rawsock = socket(AF_INET6, SOCK_RAW | SOCK_NONBLOCK | SOCK_CLOEXEC, IPPROTO_RAW); - if (rawsock < 0) { - logmsg(ANDROID_LOG_FATAL, "raw socket failed: %s", strerror(errno)); - exit(1); - } - - if (mark != MARK_UNSET && setsockopt(rawsock, SOL_SOCKET, SO_MARK, &mark, sizeof(mark)) < 0) { - logmsg(ANDROID_LOG_ERROR, "could not set mark on raw socket: %s", strerror(errno)); - } - - tunnel->write_fd6 = rawsock; - +void open_sockets(struct tun_data *tunnel) { // Will eventually be bound to htons(ETH_P_IPV6) protocol, // but only after appropriate bpf filter is attached. tunnel->read_fd6 = socket(AF_PACKET, SOCK_DGRAM | SOCK_CLOEXEC, 0); @@ -41,7 +41,7 @@ extern volatile sig_atomic_t running; void configure_tun_ip(const struct tun_data *tunnel, const char *v4_addr, int mtu); void set_capability(uint64_t target_cap); void drop_root_and_caps(); -void open_sockets(struct tun_data *tunnel, uint32_t mark); +void open_sockets(struct tun_data *tunnel); int ipv6_address_changed(const char *interface); int configure_clat_ipv6_address(const struct tun_data *tunnel, const char *interface, const char *src_addr); @@ -51,6 +51,7 @@ void print_help() { printf("-6 [IPv6 address]\n"); printf("-m [socket mark]\n"); printf("-t [tun file descriptor number]\n"); + printf("-w [write socket descriptor number]\n"); } /* function: main @@ -60,11 +61,11 @@ int main(int argc, char **argv) { struct tun_data tunnel; int opt; char *uplink_interface = NULL, *plat_prefix = NULL, *mark_str = NULL; - char *v4_addr = NULL, *v6_addr = NULL, *tunfd_str = NULL; + char *v4_addr = NULL, *v6_addr = NULL, *tunfd_str = NULL, *write_sock_str = NULL; uint32_t mark = MARK_UNSET; unsigned len; - while ((opt = getopt(argc, argv, "i:p:4:6:m:t:h")) != -1) { + while ((opt = getopt(argc, argv, "i:p:4:6:m:t:w:h")) != -1) { switch (opt) { case 'i': uplink_interface = optarg; @@ -84,6 +85,9 @@ int main(int argc, char **argv) { case 't': tunfd_str = optarg; break; + case 'w': + write_sock_str = optarg; + break; case 'h': print_help(); exit(0); @@ -112,6 +116,15 @@ int main(int argc, char **argv) { exit(1); } + if (write_sock_str != NULL && !parse_int(write_sock_str, &tunnel.write_fd6)) { + logmsg(ANDROID_LOG_FATAL, "invalid sock_write %s", write_sock_str); + exit(1); + } + if (!tunnel.write_fd6) { + logmsg(ANDROID_LOG_FATAL, "no write_fd6 specified on commandline."); + exit(1); + } + len = snprintf(tunnel.device4, sizeof(tunnel.device4), "%s%s", DEVICEPREFIX, uplink_interface); if (len >= sizeof(tunnel.device4)) { logmsg(ANDROID_LOG_FATAL, "interface name too long '%s'", tunnel.device4); @@ -124,7 +137,7 @@ int main(int argc, char **argv) { v6_addr ? v6_addr : "(none)"); // open our raw sockets before dropping privs - open_sockets(&tunnel, mark); + open_sockets(&tunnel); configure_interface(uplink_interface, plat_prefix, v4_addr, v6_addr, &tunnel, mark); |