Snap for 9088299 from b7a6099aff35e8b2f7a88272e67a7feeb2b9f0c0 to tm-d3-releaseandroid-13.0.0_r57android13-d3-s1-release

Change-Id: Ia806d34c205d33e093a5398fe2e9581472fb3dd2

3 files changed, 45 insertions, 11 deletions

diff --git a/server/RouteController.cpp b/server/RouteController.cpp
index d2af9a37..86b23b6d 100644
--- a/server/RouteController.cpp
+++ b/server/RouteController.cpp
@@ -64,7 +64,7 @@ const char* const ROUTE_TABLE_NAME_MAIN  = "main";
 
 const char* const RouteController::LOCAL_MANGLE_INPUT = "routectrl_mangle_INPUT";
 
-const IPPrefix V4_LOCAL_ADDR[] = {
+const IPPrefix V4_LOCAL_PREFIXES[] = {
         IPPrefix::forString("169.254.0.0/16"),  // Link Local
         IPPrefix::forString("100.64.0.0/10"),   // CGNAT
         IPPrefix::forString("10.0.0.0/8"),      // RFC1918
@@ -667,6 +667,19 @@ int RouteController::modifyVpnLocalExclusionRule(bool add, const char* physicalI
                         INVALID_UID);
 }
 
+int RouteController::addFixedLocalRoutes(const char* interface) {
+    for (size_t i = 0; i < ARRAY_SIZE(V4_FIXED_LOCAL_PREFIXES); ++i) {
+        if (int ret = modifyRoute(RTM_NEWROUTE, NETLINK_ROUTE_CREATE_FLAGS, interface,
+                                  V4_FIXED_LOCAL_PREFIXES[i], nullptr /* nexthop */,
+                                  RouteController::INTERFACE, 0 /* mtu */, 0 /* priority */,
+                                  true /* isLocal */)) {
+            return ret;
+        }
+    }
+
+    return 0;
+}
+
 // A rule to enable split tunnel VPNs.
 //
 // If a packet with a VPN's netId doesn't find a route in the VPN's routing table, it's allowed to
@@ -1297,6 +1310,11 @@ int RouteController::addInterfaceToPhysicalNetwork(unsigned netId, const char* i
 
     maybeModifyQdiscClsact(interface, ACTION_ADD);
     updateTableNamesFile();
+
+    if (int ret = addFixedLocalRoutes(interface)) {
+        return ret;
+    }
+
     return 0;
 }
 
@@ -1392,8 +1410,8 @@ int RouteController::removeInterfaceFromDefaultNetwork(const char* interface,
     return modifyDefaultNetwork(RTM_DELRULE, interface, permission);
 }
 
-bool RouteController::isTargetV4LocalRange(const char* dst) {
-    for (IPPrefix addr : V4_LOCAL_ADDR) {
+bool RouteController::isWithinIpv4LocalPrefix(const char* dst) {
+    for (IPPrefix addr : V4_LOCAL_PREFIXES) {
         if (addr.contains(IPPrefix::forString(dst))) {
             return true;
         }
@@ -1401,14 +1419,14 @@ bool RouteController::isTargetV4LocalRange(const char* dst) {
     return false;
 }
 
-bool RouteController::isLocalAddress(TableType tableType, const char* destination,
-                                     const char* nexthop) {
+bool RouteController::isLocalRoute(TableType tableType, const char* destination,
+                                   const char* nexthop) {
     IPPrefix prefix = IPPrefix::forString(destination);
     return nexthop == nullptr && tableType == RouteController::INTERFACE &&
            // Skip default route to prevent network being modeled as point-to-point interfaces.
            ((prefix.family() == AF_INET6 && prefix != IPPrefix::forString("::/0")) ||
             // Skip adding non-target local network range.
-            (prefix.family() == AF_INET && isTargetV4LocalRange(destination)));
+            (prefix.family() == AF_INET && isWithinIpv4LocalPrefix(destination)));
 }
 
 int RouteController::addRoute(const char* interface, const char* destination, const char* nexthop,
@@ -1418,7 +1436,7 @@ int RouteController::addRoute(const char* interface, const char* destination, co
         return ret;
     }
 
-    if (isLocalAddress(tableType, destination, nexthop)) {
+    if (isLocalRoute(tableType, destination, nexthop)) {
         return modifyRoute(RTM_NEWROUTE, NETLINK_ROUTE_CREATE_FLAGS, interface, destination,
                            nexthop, tableType, mtu, priority, true /* isLocal */);
     }
@@ -1433,7 +1451,7 @@ int RouteController::removeRoute(const char* interface, const char* destination,
         return ret;
     }
 
-    if (isLocalAddress(tableType, destination, nexthop)) {
+    if (isLocalRoute(tableType, destination, nexthop)) {
         return modifyRoute(RTM_DELROUTE, NETLINK_REQUEST_FLAGS, interface, destination, nexthop,
                            tableType, 0 /* mtu */, priority, true /* isLocal */);
     }
@@ -1447,7 +1465,7 @@ int RouteController::updateRoute(const char* interface, const char* destination,
         return ret;
     }
 
-    if (isLocalAddress(tableType, destination, nexthop)) {
+    if (isLocalRoute(tableType, destination, nexthop)) {
         return modifyRoute(RTM_NEWROUTE, NETLINK_ROUTE_REPLACE_FLAGS, interface, destination,
                            nexthop, tableType, mtu, 0 /* priority */, true /* isLocal */);
     }
diff --git a/server/RouteController.h b/server/RouteController.h
index ff41678d..1b3a093a 100644
--- a/server/RouteController.h
+++ b/server/RouteController.h
@@ -85,6 +85,13 @@ constexpr int32_t RULE_PRIORITY_DEFAULT_NETWORK                   = 31000;
 constexpr int32_t RULE_PRIORITY_UNREACHABLE                       = 32000;
 // clang-format on
 
+static const char* V4_FIXED_LOCAL_PREFIXES[] = {
+        // The multicast range is 224.0.0.0/4 but only limit it to 224.0.0.0/24 since the IPv4
+        // definitions are not as precise as for IPv6, it is the only range that the standards
+        // (RFC 2365 and RFC 5771) specify is link-local and must not be forwarded.
+        "224.0.0.0/24"  // Link-local multicast; non-internet routable
+};
+
 class UidRanges;
 
 class RouteController {
@@ -230,8 +237,9 @@ public:
 
     static int modifyUidLocalNetworkRule(const char* interface, uid_t uidStart, uid_t uidEnd,
                                          bool add);
-    static bool isLocalAddress(TableType tableType, const char* destination, const char* nexthop);
-    static bool isTargetV4LocalRange(const char* addrstr);
+    static bool isLocalRoute(TableType tableType, const char* destination, const char* nexthop);
+    static bool isWithinIpv4LocalPrefix(const char* addrstr);
+    static int addFixedLocalRoutes(const char* interface);
 };
 
 // Public because they are called by by RouteControllerTest.cpp.
diff --git a/tests/binder_test.cpp b/tests/binder_test.cpp
index d9d7cecc..02a750d2 100644
--- a/tests/binder_test.cpp
+++ b/tests/binder_test.cpp
@@ -136,6 +136,7 @@ using android::net::TetherStatsParcel;
 using android::net::TunInterface;
 using android::net::UidRangeParcel;
 using android::net::UidRanges;
+using android::net::V4_FIXED_LOCAL_PREFIXES;
 using android::net::mdns::aidl::DiscoveryInfo;
 using android::net::mdns::aidl::GetAddressInfo;
 using android::net::mdns::aidl::IMDns;
@@ -1700,6 +1701,13 @@ TEST_F(NetdBinderTest, NetworkAddRemoveRouteToLocalExcludeTable) {
     EXPECT_TRUE(mNetd->networkSetDefault(TEST_NETID1).isOk());
 
     std::string localTableName = std::string(sTun.name() + "_local");
+
+    // Verify the fixed routes exist in the local table.
+    for (size_t i = 0; i < std::size(V4_FIXED_LOCAL_PREFIXES); i++) {
+        expectNetworkRouteExists(IP_RULE_V4, sTun.name(), V4_FIXED_LOCAL_PREFIXES[i], "",
+                                 localTableName.c_str());
+    }
+
     // Set up link-local routes for connectivity to the "gateway"
     for (size_t i = 0; i < std::size(kDirectlyConnectedRoutes); i++) {
         const auto& td = kDirectlyConnectedRoutes[i];