Commits · 94b2ab92f6e886d24092781159714be75c9f3954 · halo / system_netd

04 Aug, 2015 1 commit

Make netd calls to iptables wait for xtables lock · 94b2ab92

Paul Jensen authored 9 years ago

Without this wait iptables commands can fail with various unpleasant
consequences like Log.wtf() or missing iptables rules.  The most
critical calls to iptables in NetdConstants.cpp already wait for the
lock.

Bug:22802665
Change-Id: I7d542c3d4f0e005618e368da674159b90d652c8a

94b2ab92

06 Jul, 2015 1 commit

Use struct android_net_context when interfacing with bionic · cea2d345

Erik Kline authored 9 years ago

Add a new NetworkController::getNetworkContext() that builds the
contents of a struct net_context out of getNetworkForConnect()
and getNetworkForDns().

Bug: 19470192
Bug: 20733156
Bug: 21832279
Change-Id: I5a69b0413a83d33be28b78c0a99359b109517a8f

cea2d345

26 Jun, 2015 1 commit

netd: add default fw white list for system uids · feb2b61d

Xiaohui Chen authored 9 years ago

In uid firewall white list, we white list the system uid range
by default to make sure system processes will always have network
access.

BUG:22094135
Change-Id: I8f472a98a9fd93591a2887982cec1458d7683613

feb2b61d

15 Jun, 2015 1 commit

netd: add two child chains to firewall · 1cdfa9ad

Xiaohui Chen authored 9 years ago

This is an attempt to speed up getting out of device idle.  It groups
uid firewall rules in these child chains so we can attach/detach a whole
chain instead of individual uid rules.

BUG:21446713
Change-Id: I61dc7d14110e633c5994e466481b9cac633a7a4f

1cdfa9ad

03 Jun, 2015 1 commit
- Fix boolean to integer return value conversion. · 3f95777d
  Erik Kline authored 9 years ago
```
Change-Id: Ie996c9b4f84f9cd8395abb592ecf0c04cfdc4023
```
  3f95777d
13 May, 2015 4 commits
- Merge "InterfaceController::setBaseReachableTimeMs()" into mnc-dev · fef7e149
  Erik Kline authored 10 years ago
  
  fef7e149
- Merge "Partial refactoring and Android-type style changes." into mnc-dev · 660064bc
  Erik Kline authored 10 years ago
  
  660064bc
- InterfaceController::setBaseReachableTimeMs() · 145fd255
  Erik Kline authored 10 years ago
```
Add an InterfaceController::setBaseReachableTimeMs() method to set
the ARP/ND default reachable time, as configured in:

     /proc/sys/net/ipv4/{interface}/base_reachable_time_ms
     /proc/sys/net/ipv6/{interface}/base_reachable_time_ms

Bug: 18581716
Change-Id: Idc652e81396d81efe0f08bb1d6dc38bc8e554a56
```
  145fd255
- Partial refactoring and Android-type style changes. · e1da484b
  Erik Kline authored 10 years ago
```
Bug: 18581716
Change-Id: I85aec575a318861468ea4707b70ed747c27293c7
```
  e1da484b
06 May, 2015 1 commit

Add FwmarkServer support for querying whether a UID can access a NetID · d1df5970

Paul Jensen authored 10 years ago

This new FwmarkServer API is only accessible from system apps.

Bug:20470604
Change-Id: Ie2376cdddc10f658fcc5802ef3e8dc9f1948d5c0

d1df5970

29 Apr, 2015 1 commit

Blacklist uids for network access · 390e4ea8

Amith Yamasani authored 10 years ago

FirewallController can now be in blacklist mode (aka disabled)
or whitelist mode (aka enabled).

Some of the methods don't do anything when in blacklist mode.

Uid rules updated to allow dropping packets to uids that
shouldn't get any network access, usually for idle apps.

Added a wait option to iptables calls to make sure it doesn't
fail if there's contention. Fixes a flakiness I was seeing in
removing rules.

Bug: 20066058
Change-Id: I815bcb45aa06d04020e902df8c67bb3894e98f40

390e4ea8

28 Apr, 2015 1 commit

netd: Adds support for uid in idletimer netlink notification. · 52e673f5

Ruchi Kandoi authored 10 years ago


Change-Id: Ib85b85fc12b20436e0d788d5c3ec66306c632b57
Signed-off-by: Ruchi Kandoi <kandoiruchi@google.com>
Bug: 20264396
(cherry picked from commit 05c39f0a)

52e673f5

01 Apr, 2015 1 commit
- Corrently log /set/ MTU error. · a59c9282
  Erik Kline authored 10 years ago
```
Change-Id: I90e2d4f64a5c3ec9f640fd7dc41438517110cf68
```
  a59c9282
27 Mar, 2015 1 commit
- Remove uses of libcxx.mk. · 42d41d5d
  Dan Albert authored 10 years ago
```
This is a no-op.

Change-Id: Ic9d3070b7c329d9744ed660e426c5f39704ffccc
```
  42d41d5d
16 Mar, 2015 11 commits
- am 200e0b53: (-s ours) Merge "Revert "Revert "Update for libbase.""" · 47146d0a
  Dan Albert authored 10 years ago
```
* commit '200e0b53':
  Revert "Revert "Update for libbase.""
```
  47146d0a
- Merge "Revert "Revert "Update for libbase.""" · bcf44398
  Dan Albert authored 10 years ago
  
  bcf44398
- Merge "Revert "Revert "Update for libbase.""" · 200e0b53
  Dan Albert authored 10 years ago
  
  200e0b53
- Revert "Revert "Update for libbase."" · 5407e14f
  Dan Albert authored 10 years ago
```
This reverts commit 4a0ab5ff.

(cherry picked from commit 3e87c785434fdfed2fb00496cb391c411a426bdd)

Change-Id: I042f485f3cc84206766298853491ddd26dbba13f
```
  5407e14f
- Revert "Revert "Update for libbase."" · f503e130
  Dan Albert authored 10 years ago
```
This reverts commit 4a0ab5ff.

Change-Id: Idd2947bbdaef267ffd68179b4d3fe267870b9de4
```
  f503e130
- Revert "Revert "Update for libbase."" · 0bad1be0
  Dan Albert authored 10 years ago
```
This reverts commit 4a0ab5ff.
```
  0bad1be0
- Forgot this in merge resolution. · afd4037d
  Nicolas Geoffray authored 10 years ago
```
Change-Id: Ieb26ec5fc333743b86d414ee558c978334647853
```
  afd4037d
- resolved conflicts for merge of 6066d418 to master · e298ded6
  Nicolas Geoffray authored 10 years ago
```
Change-Id: I2aa9721365e96c363648dd8e9e15718ed50e3c12
```
  e298ded6
- Merge "Revert "Update for libbase."" · 6066d418
  Nicolas Geoffray authored 10 years ago
  
  6066d418
- Revert "Update for libbase." · 4a0ab5ff
  Nicolas Geoffray authored 10 years ago
```
Breaks internal master.

This reverts commit b67219a7.

Change-Id: I43145f0724ad2d669b65d20b6fd6ccc44b8f0a4f
```
  4a0ab5ff
- Merge remote-tracking branch 'goog/mirror-m-wireless-internal-release' · a4614fe5
  Vinit Deshpande authored 10 years ago
```
Change-Id: I51337014e2851f47dd5e183c4bfdf39bafa59942
```
  a4614fe5
15 Mar, 2015 1 commit
- am e3734499: Merge "Update for libbase." · 6d631575
  Dan Albert authored 10 years ago
```
* commit 'e3734499':
  Update for libbase.
```
  6d631575
14 Mar, 2015 2 commits
- Merge "Update for libbase." · e3734499
  Dan Albert authored 10 years ago
  
  e3734499
- Update for libbase. · b67219a7
  Dan Albert authored 10 years ago
```
StringPrintf and the string based file I/O are being moved to libbase.

Change-Id: I765d9e53f65a76d318d9d0d9503403fc092254d5
```
  b67219a7
13 Mar, 2015 1 commit
- Follow NetlinkEvent refactoring. · 32fa9ba0
  Jeff Sharkey authored 10 years ago
```
Change-Id: Ibb6101c8741f862f4732fb200f646dfd329f4782
```
  32fa9ba0
10 Mar, 2015 3 commits
- am "Parse all netids with stringToNetId." · 8656c84d
  Vinit Deshpande authored 10 years ago
```
merged from partner/m-wireless-wifi-dev
6c65afdd Parse all netids with stringToNetId.
```
  8656c84d
- am "server: softap: Set hw_mode according to selected channel [DO NOT MERGE]" · 3d11f322
  Vinit Deshpande authored 10 years ago
```
merged from partner/m-wireless-wifi-dev
2f8e725e server: softap: Set hw_mode according to selected channel [DO NOT MERGE]
```
  3d11f322
- am "set softAP on a specified band, including both 2.4 and 5 GHz band" · 7592d7a7
  Vinit Deshpande authored 10 years ago
```
merged from partner/m-wireless-wifi-dev
1ecc6c93 set softAP on a specified band, including both 2.4 and 5 GHz band
```
  7592d7a7
05 Mar, 2015 1 commit
- Flush tethering rules on interface remove. · 6b6f25fa
  Lorenzo Colitti authored 10 years ago
```
Bug: 19500693
Change-Id: I25b7942784ec026d30c60273c9e13e34d082d25a
```
  6b6f25fa
27 Feb, 2015 3 commits

Add oif rules that allow UID 0 to bypass the VPN. · 57947f02

Lorenzo Colitti authored 10 years ago

This is needed for wifi calling so that the kernel (which does
not set marks) can tee packets towards the modem. It also fixes
things like not being able to reply to DHCP requests from
tethered clients when a VPN is up.

System apps can already bypass the VPN using explicit marks, so
allowing UID 0 to do so does not create additional bypass VPN
issues.

Bug: 19500693
Change-Id: Ie324026893637e9bd8e7aa65a37579569390e7b7

57947f02

Separate NAT from forwarding. · 32d76879
Lorenzo Colitti authored 10 years ago
```
Bug: 19500693

Change-Id: Ib3871106ea3c0d68327611e7568c0710210e4ff2
```
32d76879

Make the VPN rule only to originated, not forwarded, traffic. · 5ad4e98f

Lorenzo Colitti authored 10 years ago

Currently the VPN rule for the primary user will match every
forwarded packet on the system, because it specifies a UID range
that includes 0, and forwarded packets have UID 0.

Use "iif lo" to limit the rule match to locally-originated
traffic. This requires a kernel that sets the loopback ifindex.
when originating packets. Anything based on 3.10 is fine, but
devices using 3.4 will need a one-line change for IPv6.

Bug: 19500693
Change-Id: Iaab88bed62716dc1cea33b45c4e258f6b3bfc9d0

5ad4e98f

25 Feb, 2015 2 commits

Add a dummy network that discards all packets. · 3667936a
Lorenzo Colitti authored 10 years ago
```
Bug: 19500693
Change-Id: Ic25f2d8c481f1528e887e43ca3fa868189582110
```
3667936a

Changes to forwarding for wifi calling. · 799625cd

Lorenzo Colitti authored 10 years ago

1. Support multiple forwarding requests. Keep track of all
   requests inside TetherController, and enable system
   forwarding any time there is more than one active request.
2. Enable both IPv4 and IPv6 forwarding.

Bug: 19500693
Change-Id: Ic81bae7b399bc6ebf6a63de4bcd341885638dfa4

799625cd

12 Feb, 2015 2 commits
- am 909757cf: am 7a269cb3: Merge "Store MARK/CONNMARK flags in a central location." · 6b0ad646
  Alex Klyubin authored 10 years ago
```
* commit '909757cf':
  Store MARK/CONNMARK flags in a central location.
```
  6b0ad646
- resolved conflicts for merge of 64b816ba to master · 4674fae6
  Elliott Hughes authored 10 years ago
```
Change-Id: Ie6348e38e90e48ffe115e63e5fde16640e2c3d92
```
  4674fae6