diff options
author | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2022-09-21 23:29:46 +0000 |
---|---|---|
committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2022-09-21 23:29:46 +0000 |
commit | 7311000b776ea7959572918fd9ff2f4eda328c36 (patch) | |
tree | c4cf801c637d63ff48569fd3a3997ecf571522f5 | |
parent | 61a27c73301d95432f389c9aa50dd01a1d9ef369 (diff) | |
parent | b7a6099aff35e8b2f7a88272e67a7feeb2b9f0c0 (diff) | |
download | netd-android13-d3-s1-release.tar.gz |
Snap for 9088299 from b7a6099aff35e8b2f7a88272e67a7feeb2b9f0c0 to tm-d3-releaseandroid-13.0.0_r57android13-d3-s1-release
Change-Id: Ia806d34c205d33e093a5398fe2e9581472fb3dd2
-rw-r--r-- | server/RouteController.cpp | 36 | ||||
-rw-r--r-- | server/RouteController.h | 12 | ||||
-rw-r--r-- | tests/binder_test.cpp | 8 |
3 files changed, 45 insertions, 11 deletions
diff --git a/server/RouteController.cpp b/server/RouteController.cpp index d2af9a37..86b23b6d 100644 --- a/server/RouteController.cpp +++ b/server/RouteController.cpp @@ -64,7 +64,7 @@ const char* const ROUTE_TABLE_NAME_MAIN = "main"; const char* const RouteController::LOCAL_MANGLE_INPUT = "routectrl_mangle_INPUT"; -const IPPrefix V4_LOCAL_ADDR[] = { +const IPPrefix V4_LOCAL_PREFIXES[] = { IPPrefix::forString("169.254.0.0/16"), // Link Local IPPrefix::forString("100.64.0.0/10"), // CGNAT IPPrefix::forString("10.0.0.0/8"), // RFC1918 @@ -667,6 +667,19 @@ int RouteController::modifyVpnLocalExclusionRule(bool add, const char* physicalI INVALID_UID); } +int RouteController::addFixedLocalRoutes(const char* interface) { + for (size_t i = 0; i < ARRAY_SIZE(V4_FIXED_LOCAL_PREFIXES); ++i) { + if (int ret = modifyRoute(RTM_NEWROUTE, NETLINK_ROUTE_CREATE_FLAGS, interface, + V4_FIXED_LOCAL_PREFIXES[i], nullptr /* nexthop */, + RouteController::INTERFACE, 0 /* mtu */, 0 /* priority */, + true /* isLocal */)) { + return ret; + } + } + + return 0; +} + // A rule to enable split tunnel VPNs. // // If a packet with a VPN's netId doesn't find a route in the VPN's routing table, it's allowed to @@ -1297,6 +1310,11 @@ int RouteController::addInterfaceToPhysicalNetwork(unsigned netId, const char* i maybeModifyQdiscClsact(interface, ACTION_ADD); updateTableNamesFile(); + + if (int ret = addFixedLocalRoutes(interface)) { + return ret; + } + return 0; } @@ -1392,8 +1410,8 @@ int RouteController::removeInterfaceFromDefaultNetwork(const char* interface, return modifyDefaultNetwork(RTM_DELRULE, interface, permission); } -bool RouteController::isTargetV4LocalRange(const char* dst) { - for (IPPrefix addr : V4_LOCAL_ADDR) { +bool RouteController::isWithinIpv4LocalPrefix(const char* dst) { + for (IPPrefix addr : V4_LOCAL_PREFIXES) { if (addr.contains(IPPrefix::forString(dst))) { return true; } @@ -1401,14 +1419,14 @@ bool RouteController::isTargetV4LocalRange(const char* dst) { return false; } -bool RouteController::isLocalAddress(TableType tableType, const char* destination, - const char* nexthop) { +bool RouteController::isLocalRoute(TableType tableType, const char* destination, + const char* nexthop) { IPPrefix prefix = IPPrefix::forString(destination); return nexthop == nullptr && tableType == RouteController::INTERFACE && // Skip default route to prevent network being modeled as point-to-point interfaces. ((prefix.family() == AF_INET6 && prefix != IPPrefix::forString("::/0")) || // Skip adding non-target local network range. - (prefix.family() == AF_INET && isTargetV4LocalRange(destination))); + (prefix.family() == AF_INET && isWithinIpv4LocalPrefix(destination))); } int RouteController::addRoute(const char* interface, const char* destination, const char* nexthop, @@ -1418,7 +1436,7 @@ int RouteController::addRoute(const char* interface, const char* destination, co return ret; } - if (isLocalAddress(tableType, destination, nexthop)) { + if (isLocalRoute(tableType, destination, nexthop)) { return modifyRoute(RTM_NEWROUTE, NETLINK_ROUTE_CREATE_FLAGS, interface, destination, nexthop, tableType, mtu, priority, true /* isLocal */); } @@ -1433,7 +1451,7 @@ int RouteController::removeRoute(const char* interface, const char* destination, return ret; } - if (isLocalAddress(tableType, destination, nexthop)) { + if (isLocalRoute(tableType, destination, nexthop)) { return modifyRoute(RTM_DELROUTE, NETLINK_REQUEST_FLAGS, interface, destination, nexthop, tableType, 0 /* mtu */, priority, true /* isLocal */); } @@ -1447,7 +1465,7 @@ int RouteController::updateRoute(const char* interface, const char* destination, return ret; } - if (isLocalAddress(tableType, destination, nexthop)) { + if (isLocalRoute(tableType, destination, nexthop)) { return modifyRoute(RTM_NEWROUTE, NETLINK_ROUTE_REPLACE_FLAGS, interface, destination, nexthop, tableType, mtu, 0 /* priority */, true /* isLocal */); } diff --git a/server/RouteController.h b/server/RouteController.h index ff41678d..1b3a093a 100644 --- a/server/RouteController.h +++ b/server/RouteController.h @@ -85,6 +85,13 @@ constexpr int32_t RULE_PRIORITY_DEFAULT_NETWORK = 31000; constexpr int32_t RULE_PRIORITY_UNREACHABLE = 32000; // clang-format on +static const char* V4_FIXED_LOCAL_PREFIXES[] = { + // The multicast range is 224.0.0.0/4 but only limit it to 224.0.0.0/24 since the IPv4 + // definitions are not as precise as for IPv6, it is the only range that the standards + // (RFC 2365 and RFC 5771) specify is link-local and must not be forwarded. + "224.0.0.0/24" // Link-local multicast; non-internet routable +}; + class UidRanges; class RouteController { @@ -230,8 +237,9 @@ public: static int modifyUidLocalNetworkRule(const char* interface, uid_t uidStart, uid_t uidEnd, bool add); - static bool isLocalAddress(TableType tableType, const char* destination, const char* nexthop); - static bool isTargetV4LocalRange(const char* addrstr); + static bool isLocalRoute(TableType tableType, const char* destination, const char* nexthop); + static bool isWithinIpv4LocalPrefix(const char* addrstr); + static int addFixedLocalRoutes(const char* interface); }; // Public because they are called by by RouteControllerTest.cpp. diff --git a/tests/binder_test.cpp b/tests/binder_test.cpp index d9d7cecc..02a750d2 100644 --- a/tests/binder_test.cpp +++ b/tests/binder_test.cpp @@ -136,6 +136,7 @@ using android::net::TetherStatsParcel; using android::net::TunInterface; using android::net::UidRangeParcel; using android::net::UidRanges; +using android::net::V4_FIXED_LOCAL_PREFIXES; using android::net::mdns::aidl::DiscoveryInfo; using android::net::mdns::aidl::GetAddressInfo; using android::net::mdns::aidl::IMDns; @@ -1700,6 +1701,13 @@ TEST_F(NetdBinderTest, NetworkAddRemoveRouteToLocalExcludeTable) { EXPECT_TRUE(mNetd->networkSetDefault(TEST_NETID1).isOk()); std::string localTableName = std::string(sTun.name() + "_local"); + + // Verify the fixed routes exist in the local table. + for (size_t i = 0; i < std::size(V4_FIXED_LOCAL_PREFIXES); i++) { + expectNetworkRouteExists(IP_RULE_V4, sTun.name(), V4_FIXED_LOCAL_PREFIXES[i], "", + localTableName.c_str()); + } + // Set up link-local routes for connectivity to the "gateway" for (size_t i = 0; i < std::size(kDirectlyConnectedRoutes); i++) { const auto& td = kDirectlyConnectedRoutes[i]; |