1 /* 2 * Copyright (C) 2021-2022 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 #ifndef INCLUDE_ROUTE_MANAGER_H 17 #define INCLUDE_ROUTE_MANAGER_H 18 19 #include <linux/netlink.h> 20 #include <map> 21 #include <netinet/in.h> 22 23 #include "netlink_msg.h" 24 #include "network_permission.h" 25 #include "uid_range.h" 26 27 namespace OHOS { 28 namespace nmd { 29 constexpr uid_t INVALID_UID = static_cast<uid_t>(-1); 30 typedef struct RuleInfo { 31 uint32_t ruleTable; 32 uint32_t rulePriority; 33 uint32_t ruleFwmark; 34 uint32_t ruleMask; 35 std::string ruleIif; 36 std::string ruleOif; 37 } RuleInfo; 38 39 typedef struct RouteInfo { 40 uint32_t routeTable; 41 std::string routeInterfaceName; 42 std::string routeDestinationName; 43 std::string routeNextHop; 44 } RouteInfo; 45 46 typedef struct InetAddr { 47 int32_t family; 48 int32_t bitlen; 49 int32_t prefixlen; 50 uint8_t data[sizeof(struct in6_addr)]; 51 } InetAddr; 52 53 class RouteManager { 54 public: 55 RouteManager(); 56 ~RouteManager() = default; 57 58 /** 59 * Route table type 60 * 61 */ 62 enum TableType { 63 INTERFACE, 64 VPN_NETWORK, 65 LOCAL_NETWORK, 66 }; 67 68 /** 69 * The interface is add route table 70 * 71 * @param tableType Route table type.Must be one of INTERFACE/VPN_NETWORK/LOCAL_NETWORK. 72 * @param interfaceName Output network device name of the route item 73 * @param destinationName Destination address of route item 74 * @param nextHop Gateway address of the route item 75 * @return Returns 0, add route table successfully, otherwise it will fail 76 */ 77 static int32_t AddRoute(TableType tableType, const std::string &interfaceName, const std::string &destinationName, 78 const std::string &nextHop); 79 80 /** 81 * The interface is remove route table 82 * 83 * @param tableType Route table type.Must be one of INTERFACE/VPN_NETWORK/LOCAL_NETWORK. 84 * @param interfaceName Output network device name of the route item 85 * @param destinationName Destination address of route item 86 * @param nextHop Gateway address of the route item 87 * @return Returns 0, remove route table successfully, otherwise it will fail 88 */ 89 static int32_t RemoveRoute(TableType tableType, const std::string &interfaceName, 90 const std::string &destinationName, const std::string &nextHop); 91 92 /** 93 * The interface is update route table 94 * 95 * @param tableType Route table type.Must be one of INTERFACE/VPN_NETWORK/LOCAL_NETWORK. 96 * @param interfaceName Output network device name of the route item 97 * @param destinationName Destination address of route item 98 * @param nextHop Gateway address of the route item 99 * @return Returns 0, update route table successfully, otherwise it will fail 100 */ 101 static int32_t UpdateRoute(TableType tableType, const std::string &interfaceName, 102 const std::string &destinationName, const std::string &nextHop); 103 104 /** 105 * Add interface to default network 106 * 107 * @param interfaceName Output network device name of the route item 108 * @param permission Network permission. Must be one of 109 * PERMISSION_NONE/PERMISSION_NETWORK/PERMISSION_SYSTEM. 110 * @return Returns 0, add interface to default network successfully, otherwise it will fail 111 */ 112 static int32_t AddInterfaceToDefaultNetwork(const std::string &interfaceName, NetworkPermission permission); 113 114 /** 115 * Remove interface from default network 116 * 117 * @param interfaceName Output network device name of the route item 118 * @param permission Network permission. Must be one of 119 * PERMISSION_NONE/PERMISSION_NETWORK/PERMISSION_SYSTEM. 120 * @return Returns 0, remove interface from default network successfully, otherwise it will fail 121 */ 122 static int32_t RemoveInterfaceFromDefaultNetwork(const std::string &interfaceName, NetworkPermission permission); 123 124 /** 125 * Add interface to physical network 126 * 127 * @param netId Network number 128 * @param interfaceName Output network device name of the route item 129 * @param permission Network permission. Must be one of 130 * PERMISSION_NONE/PERMISSION_NETWORK/PERMISSION_SYSTEM. 131 * @return Returns 0, add interface to physical network successfully, otherwise it will fail 132 */ 133 static int32_t AddInterfaceToPhysicalNetwork(uint16_t netId, const std::string &interfaceName, 134 NetworkPermission permission); 135 136 /** 137 * Remove interface from physical network 138 * 139 * @param netId Network number 140 * @param interfaceName Output network device name of the route item 141 * @param permission Network permission. Must be one of 142 * PERMISSION_NONE/PERMISSION_NETWORK/PERMISSION_SYSTEM. 143 * @return Returns 0, remove interface from physical network successfully, otherwise it will fail 144 */ 145 static int32_t RemoveInterfaceFromPhysicalNetwork(uint16_t netId, const std::string &interfaceName, 146 NetworkPermission permission); 147 148 /** 149 * Modify physical network permission 150 * 151 * @param netId Network number 152 * @param interfaceName Output network device name of the route item 153 * @param oldPermission Old network permission. Must be one of 154 * PERMISSION_NONE/PERMISSION_NETWORK/PERMISSION_SYSTEM. 155 * @param newPermission New network permission. Must be one of 156 * PERMISSION_NONE/PERMISSION_NETWORK/PERMISSION_SYSTEM. 157 * @return Returns 0, modify physical network permission successfully, otherwise it will fail 158 */ 159 static int32_t ModifyPhysicalNetworkPermission(uint16_t netId, const std::string &interfaceName, 160 NetworkPermission oldPermission, NetworkPermission newPermission); 161 162 /** 163 * Add interface to virtual network 164 * 165 * @param netId Network number 166 * @param interfaceName Output network device name of the route item 167 * @return Returns 0, add interface to virtual network successfully, otherwise it will fail 168 */ 169 static int32_t AddInterfaceToVirtualNetwork(int32_t netId, const std::string &interfaceName); 170 171 /** 172 * Remove interface from virtual network 173 * 174 * @param netId Network number 175 * @param interfaceName Output network device name of the route item 176 * @return Returns 0, remove interface from virtual network successfully, otherwise it will fail 177 */ 178 static int32_t RemoveInterfaceFromVirtualNetwork(int32_t netId, const std::string &interfaceName); 179 180 static int32_t AddUsersToVirtualNetwork(int32_t netId, const std::string &interfaceName, 181 const std::vector<NetManagerStandard::UidRange> &uidRanges); 182 183 static int32_t RemoveUsersFromVirtualNetwork(int32_t netId, const std::string &interfaceName, 184 const std::vector<NetManagerStandard::UidRange> &uidRanges); 185 186 /** 187 * Add interface to local network 188 * 189 * @param netId Network number 190 * @param interfaceName Output network device name of the route item 191 * @return Returns 0, add interface to local network successfully, otherwise it will fail 192 */ 193 static int32_t AddInterfaceToLocalNetwork(uint16_t netId, const std::string &interfaceName); 194 195 /** 196 * Remove interface from local network 197 * 198 * @param netId Network number 199 * @param interfaceName Output network device name of the route item 200 * @return Returns 0, remove interface from local network successfully, otherwise it will fail 201 */ 202 static int32_t RemoveInterfaceFromLocalNetwork(uint16_t netId, const std::string &interfaceName); 203 204 /** 205 * Enable sharing network 206 * 207 * @param inputInterface Input network device name of the route item 208 * @param outputInterface Output network device name of the route item 209 * @return Returns 0, enable sharing network successfully, otherwise it will fail 210 */ 211 static int32_t EnableSharing(const std::string &inputInterface, const std::string &outputInterface); 212 213 /** 214 * Disable sharing network 215 * 216 * @param inputInterface Input network device name of the route item 217 * @param outputInterface Output network device name of the route item 218 * @return Returns 0, disable sharing network successfully, otherwise it will fail 219 */ 220 static int32_t DisableSharing(const std::string &inputInterface, const std::string &outputInterface); 221 222 /** 223 * Parse destination address 224 * 225 * @param addr Address to be parse 226 * @param res Parse result 227 * @return Returns 0, parse destination address successfully, otherwise it will fail 228 */ 229 static int32_t ReadAddr(const std::string &addr, InetAddr *res); 230 231 /** 232 * Parse gateway address 233 * 234 * @param addr Address to be parse 235 * @param res Parse result 236 * @return Returns 0, parse gateway address successfully, otherwise it will fail 237 */ 238 static int32_t ReadAddrGw(const std::string &addr, InetAddr *res); 239 240 private: 241 static std::mutex interfaceToTableLock_; 242 static std::map<std::string, uint32_t> interfaceToTable_; 243 static int32_t Init(); 244 static int32_t ClearRules(); 245 static int32_t ClearRoutes(const std::string &interfaceName); 246 static int32_t AddLocalNetworkRules(); 247 static int32_t UpdatePhysicalNetwork(uint16_t netId, const std::string &interfaceName, NetworkPermission permission, 248 bool add); 249 static int32_t UpdateVirtualNetwork(int32_t netId, const std::string &interfaceName, 250 const std::vector<NetManagerStandard::UidRange> &uidRanges, bool add); 251 static int32_t ModifyVirtualNetBasedRules(int32_t netId, const std::string &ifaceName, bool add); 252 253 static int32_t UpdateLocalNetwork(uint16_t netId, const std::string &interfaceName, bool add); 254 static int32_t UpdateIncomingPacketMark(uint16_t netId, const std::string &interfaceName, 255 NetworkPermission permission, bool add); 256 static int32_t UpdateExplicitNetworkRule(uint16_t netId, uint32_t table, NetworkPermission permission, bool add); 257 static int32_t UpdateOutputInterfaceRules(const std::string &interfaceName, uint32_t table, 258 NetworkPermission permission, bool add); 259 static int32_t UpdateSharingNetwork(uint16_t action, const std::string &inputInterface, 260 const std::string &outputInterface); 261 static int32_t UpdateVpnOutputToLocalRule(const std::string &interfaceName, bool add); 262 static int32_t UpdateVpnSystemPermissionRule(int32_t netId, uint32_t table, bool add); 263 264 static int32_t UpdateVpnUidRangeRule(uint32_t table, uid_t uidStart, uid_t uidEnd, bool add); 265 static int32_t UpdateExplicitNetworkRuleWithUid(int32_t netId, uint32_t table, NetworkPermission permission, 266 uid_t uidStart, uid_t uidEnd, bool add); 267 static int32_t UpdateOutputInterfaceRulesWithUid(const std::string &interface, uint32_t table, 268 NetworkPermission permission, uid_t uidStart, uid_t uidEnd, 269 bool add); 270 static int32_t ClearSharingRules(const std::string &inputInterface); 271 static int32_t UpdateRuleInfo(uint32_t action, uint8_t ruleType, RuleInfo ruleInfo, uid_t uidStart = INVALID_UID, 272 uid_t uidEnd = INVALID_UID); 273 static int32_t SendRuleToKernel(uint32_t action, uint8_t family, uint8_t ruleType, RuleInfo ruleInfo, 274 uid_t uidStart, uid_t uidEnd); 275 static int32_t UpdateRouteRule(uint16_t action, uint16_t flags, RouteInfo routeInfo); 276 static int32_t SendRouteToKernel(uint16_t action, uint16_t routeFlag, rtmsg msg, RouteInfo routeInfo, 277 uint32_t index); 278 static uint32_t FindTableByInterfacename(const std::string &interfaceName); 279 static uint32_t GetRouteTableFromType(TableType tableType, const std::string &interfaceName); 280 static int32_t SetRouteInfo(TableType tableType, const std::string &interfaceName, 281 const std::string &destinationName, const std::string &nextHop, 282 RouteInfo &routeInfo); 283 }; 284 } // namespace nmd 285 } // namespace OHOS 286 #endif // INCLUDE_ROUTE_MANAGER_H 287