Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 8ea92894 authored by Chia-chi Yeh's avatar Chia-chi Yeh
Browse files

VPN: do not use gateway in routing rules. 

The first release of this API only supports TUN interface, and
so far there is no plan for TAP. TUN works on IP frames which
makes gateway nearly useless. The only value to have a gateway
is that kernel may use it to select the source address. However
currently it does not work in IPv6, and even in IPv4 applications
can bind to any local address on the device. Remove it to keep
the API clear, and it can be added back at any time if needed.

Change-Id: If9086d20d885a3a7f7ab5f07afbcfeecb677bbea
parent 0991a7fb

services/jni/com_android_server_connectivity_Vpn.cpp

+7 −26
Original line number Diff line number Diff line
@@ -46,14 +46,6 @@ static inline in_addr_t *as_in_addr(sockaddr *sa) { 
    return &((sockaddr_in *)sa)->sin_addr.s_addr;

}



static inline in_addr_t *as_in_addr(sockaddr_storage *ss) {

    return &((sockaddr_in *)ss)->sin_addr.s_addr;

}



static inline in6_addr *as_in6_addr(sockaddr_storage *ss) {

    return &((sockaddr_in6 *)&ss)->sin6_addr;

}



//------------------------------------------------------------------------------



#define SYSTEM_ERROR -1
@@ -193,7 +185,6 @@ static int set_routes(const char *name, int index, const char *routes) 
    rt4.rt_flags = RTF_UP;

    rt4.rt_dst.sa_family = AF_INET;

    rt4.rt_genmask.sa_family = AF_INET;

    rt4.rt_gateway.sa_family = AF_INET;



    in6_rtmsg rt6;

    memset(&rt6, 0, sizeof(rt6));
@@ -202,36 +193,29 @@ static int set_routes(const char *name, int index, const char *routes) 


    char address[65];

    int prefix;

    char gateway[65];



    int chars;

    int count = 0;



    while (sscanf(routes, " %64[^/]/%d>%64[^ ] %n",

            address, &prefix, gateway, &chars) == 3) {

    while (sscanf(routes, " %64[^/]/%d %n", address, &prefix, &chars) == 2) {

        routes += chars;



        if (strchr(address, ':')) {

            // Add an IPv6 route.

            if (inet_pton(AF_INET6, gateway, &rt6.rtmsg_gateway) != 1 ||

                    inet_pton(AF_INET6, address, &rt6.rtmsg_dst) != 1 ||

            if (inet_pton(AF_INET6, address, &rt6.rtmsg_dst) != 1 ||

                    prefix < 0 || prefix > 128) {

                count = BAD_ARGUMENT;

                break;

            }



            rt6.rtmsg_dst_len = prefix;

            if (memcmp(&rt6.rtmsg_gateway, &in6addr_any, sizeof(in6addr_any))) {

                rt6.rtmsg_flags |= RTF_GATEWAY;

            }

            if (ioctl(inet6, SIOCADDRT, &rt6) && errno != EEXIST) {

                count = (errno == EINVAL) ? BAD_ARGUMENT : SYSTEM_ERROR;

                break;

            }

        } else {

            // Add an IPv4 route.

            if (inet_pton(AF_INET, gateway, as_in_addr(&rt4.rt_gateway)) != 1 ||

                    inet_pton(AF_INET, address, as_in_addr(&rt4.rt_dst)) != 1 ||

            if (inet_pton(AF_INET, address, as_in_addr(&rt4.rt_dst)) != 1 ||

                    prefix < 0 || prefix > 32) {

                count = BAD_ARGUMENT;

                break;
@@ -239,23 +223,20 @@ static int set_routes(const char *name, int index, const char *routes) 


            in_addr_t mask = prefix ? (~0 << (32 - prefix)) : 0;

            *as_in_addr(&rt4.rt_genmask) = htonl(mask);

            if (*as_in_addr(&rt4.rt_gateway)) {

                rt4.rt_flags |= RTF_GATEWAY;

            }

            if (ioctl(inet4, SIOCADDRT, &rt4) && errno != EEXIST) {

                count = (errno == EINVAL) ? BAD_ARGUMENT : SYSTEM_ERROR;

                break;

            }

        }

        LOGV("Route added on %s: %s/%d -> %s", name, address, prefix, gateway);

        LOGV("Route added on %s: %s/%d", name, address, prefix);

        ++count;

    }



    if (count == BAD_ARGUMENT) {

        LOGE("Invalid route: %s/%d -> %s", address, prefix, gateway);

        LOGE("Invalid route: %s/%d", address, prefix);

    } else if (count == SYSTEM_ERROR) {

        LOGE("Cannot add route: %s/%d -> %s: %s",

                address, prefix, gateway, strerror(errno));

        LOGE("Cannot add route: %s/%d: %s",

                address, prefix, strerror(errno));

    } else if (*routes) {

        LOGE("Invalid route: %s", routes);

        count = BAD_ARGUMENT;