1 /* 2 * Copyright (C) 2021-2022 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 #ifndef INCLUDE_ROUTE_MANAGER_H 17 #define INCLUDE_ROUTE_MANAGER_H 18 19 #include <linux/netlink.h> 20 #include <map> 21 #include <netinet/in.h> 22 #include <cstdint> 23 24 #include "netlink_msg.h" 25 #include "network_permission.h" 26 #include "uid_range.h" 27 28 namespace OHOS { 29 namespace nmd { 30 constexpr uid_t INVALID_UID = static_cast<uid_t>(-1); 31 typedef struct RuleInfo { 32 uint32_t ruleTable; 33 uint32_t rulePriority; 34 uint32_t ruleFwmark; 35 uint32_t ruleMask; 36 std::string ruleIif; 37 std::string ruleOif; 38 std::string ruleSrcIp; 39 std::string ruleDstIp; 40 } RuleInfo; 41 42 typedef struct RouteInfo { 43 uint32_t routeTable; 44 std::string routeInterfaceName; 45 std::string routeDestinationName; 46 std::string routeNextHop; 47 } RouteInfo; 48 49 typedef struct InetAddr { 50 int32_t family; 51 int32_t bitlen; 52 int32_t prefixlen; 53 uint8_t data[sizeof(struct in6_addr)]; 54 } InetAddr; 55 56 class RouteManager { 57 public: 58 RouteManager(); 59 ~RouteManager() = default; 60 61 /** 62 * Route table type 63 * 64 */ 65 enum TableType { 66 INTERFACE, 67 VPN_NETWORK, 68 LOCAL_NETWORK, 69 INTERNAL_DEFAULT, 70 }; 71 72 /** 73 * The interface is add route table 74 * 75 * @param tableType Route table type.Must be one of INTERFACE/VPN_NETWORK/LOCAL_NETWORK. 76 * @param interfaceName Output network device name of the route item 77 * @param destinationName Destination address of route item 78 * @param nextHop Gateway address of the route item 79 * @return Returns 0, add route table successfully, otherwise it will fail 80 */ 81 static int32_t AddRoute(TableType tableType, const std::string &interfaceName, const std::string &destinationName, 82 const std::string &nextHop, bool& routeRepeat); 83 84 /** 85 * The interface is remove route table 86 * 87 * @param tableType Route table type.Must be one of INTERFACE/VPN_NETWORK/LOCAL_NETWORK. 88 * @param interfaceName Output network device name of the route item 89 * @param destinationName Destination address of route item 90 * @param nextHop Gateway address of the route item 91 * @return Returns 0, remove route table successfully, otherwise it will fail 92 */ 93 static int32_t RemoveRoute(TableType tableType, const std::string &interfaceName, 94 const std::string &destinationName, const std::string &nextHop); 95 96 /** 97 * The interface is update route table 98 * 99 * @param tableType Route table type.Must be one of INTERFACE/VPN_NETWORK/LOCAL_NETWORK. 100 * @param interfaceName Output network device name of the route item 101 * @param destinationName Destination address of route item 102 * @param nextHop Gateway address of the route item 103 * @return Returns 0, update route table successfully, otherwise it will fail 104 */ 105 static int32_t UpdateRoute(TableType tableType, const std::string &interfaceName, 106 const std::string &destinationName, const std::string &nextHop); 107 108 /** 109 * Add interface to default network 110 * 111 * @param interfaceName Output network device name of the route item 112 * @param permission Network permission. Must be one of 113 * PERMISSION_NONE/PERMISSION_NETWORK/PERMISSION_SYSTEM. 114 * @return Returns 0, add interface to default network successfully, otherwise it will fail 115 */ 116 static int32_t AddInterfaceToDefaultNetwork(const std::string &interfaceName, NetworkPermission permission); 117 118 /** 119 * Remove interface from default network 120 * 121 * @param interfaceName Output network device name of the route item 122 * @param permission Network permission. Must be one of 123 * PERMISSION_NONE/PERMISSION_NETWORK/PERMISSION_SYSTEM. 124 * @return Returns 0, remove interface from default network successfully, otherwise it will fail 125 */ 126 static int32_t RemoveInterfaceFromDefaultNetwork(const std::string &interfaceName, NetworkPermission permission); 127 128 /** 129 * Add interface to physical network 130 * 131 * @param netId Network number 132 * @param interfaceName Output network device name of the route item 133 * @param permission Network permission. Must be one of 134 * PERMISSION_NONE/PERMISSION_NETWORK/PERMISSION_SYSTEM. 135 * @return Returns 0, add interface to physical network successfully, otherwise it will fail 136 */ 137 static int32_t AddInterfaceToPhysicalNetwork(uint16_t netId, const std::string &interfaceName, 138 NetworkPermission permission); 139 140 /** 141 * Remove interface from physical network 142 * 143 * @param netId Network number 144 * @param interfaceName Output network device name of the route item 145 * @param permission Network permission. Must be one of 146 * PERMISSION_NONE/PERMISSION_NETWORK/PERMISSION_SYSTEM. 147 * @return Returns 0, remove interface from physical network successfully, otherwise it will fail 148 */ 149 static int32_t RemoveInterfaceFromPhysicalNetwork(uint16_t netId, const std::string &interfaceName, 150 NetworkPermission permission); 151 152 /** 153 * Modify physical network permission 154 * 155 * @param netId Network number 156 * @param interfaceName Output network device name of the route item 157 * @param oldPermission Old network permission. Must be one of 158 * PERMISSION_NONE/PERMISSION_NETWORK/PERMISSION_SYSTEM. 159 * @param newPermission New network permission. Must be one of 160 * PERMISSION_NONE/PERMISSION_NETWORK/PERMISSION_SYSTEM. 161 * @return Returns 0, modify physical network permission successfully, otherwise it will fail 162 */ 163 static int32_t ModifyPhysicalNetworkPermission(uint16_t netId, const std::string &interfaceName, 164 NetworkPermission oldPermission, NetworkPermission newPermission); 165 166 /** 167 * Add interface to virtual network 168 * 169 * @param netId Network number 170 * @param interfaceName Output network device name of the route item 171 * @return Returns 0, add interface to virtual network successfully, otherwise it will fail 172 */ 173 static int32_t AddInterfaceToVirtualNetwork(int32_t netId, const std::string &interfaceName); 174 175 /** 176 * Remove interface from virtual network 177 * 178 * @param netId Network number 179 * @param interfaceName Output network device name of the route item 180 * @return Returns 0, remove interface from virtual network successfully, otherwise it will fail 181 */ 182 static int32_t RemoveInterfaceFromVirtualNetwork(int32_t netId, const std::string &interfaceName); 183 184 static int32_t AddUsersToVirtualNetwork(int32_t netId, const std::string &interfaceName, 185 const std::vector<NetManagerStandard::UidRange> &uidRanges); 186 187 static int32_t RemoveUsersFromVirtualNetwork(int32_t netId, const std::string &interfaceName, 188 const std::vector<NetManagerStandard::UidRange> &uidRanges); 189 190 /** 191 * Add interface to local network 192 * 193 * @param netId Network number 194 * @param interfaceName Output network device name of the route item 195 * @return Returns 0, add interface to local network successfully, otherwise it will fail 196 */ 197 static int32_t AddInterfaceToLocalNetwork(uint16_t netId, const std::string &interfaceName); 198 199 /** 200 * Remove interface from local network 201 * 202 * @param netId Network number 203 * @param interfaceName Output network device name of the route item 204 * @return Returns 0, remove interface from local network successfully, otherwise it will fail 205 */ 206 static int32_t RemoveInterfaceFromLocalNetwork(uint16_t netId, const std::string &interfaceName); 207 208 /** 209 * Enable sharing network 210 * 211 * @param inputInterface Input network device name of the route item 212 * @param outputInterface Output network device name of the route item 213 * @return Returns 0, enable sharing network successfully, otherwise it will fail 214 */ 215 static int32_t EnableSharing(const std::string &inputInterface, const std::string &outputInterface); 216 217 /** 218 * Disable sharing network 219 * 220 * @param inputInterface Input network device name of the route item 221 * @param outputInterface Output network device name of the route item 222 * @return Returns 0, disable sharing network successfully, otherwise it will fail 223 */ 224 static int32_t DisableSharing(const std::string &inputInterface, const std::string &outputInterface); 225 226 /** 227 * Parse destination address 228 * 229 * @param addr Address to be parse 230 * @param res Parse result 231 * @return Returns 0, parse destination address successfully, otherwise it will fail 232 */ 233 static int32_t ReadAddr(const std::string &addr, InetAddr *res); 234 235 /** 236 * Parse gateway address 237 * 238 * @param addr Address to be parse 239 * @param res Parse result 240 * @return Returns 0, parse gateway address successfully, otherwise it will fail 241 */ 242 static int32_t ReadAddrGw(const std::string &addr, InetAddr *res); 243 244 /** 245 * Add rules for clat tun interface 246 * 247 * @param interfaceName Output network device name of the route item 248 * @param permission Network permission. Must be one of 249 * PERMISSION_NONE/PERMISSION_NETWORK/PERMISSION_SYSTEM. 250 * @return Returns 0, add rules successfully, otherwise it will fail 251 */ 252 static int32_t AddClatTunInterface(const std::string &interfaceName, const std::string &dstAddr, 253 const std::string &nxtHop); 254 255 /** 256 * Remove rules for clat tun interface 257 * 258 * @param interfaceName Output network device name of the route item 259 * @param permission Network permission. Must be one of 260 * PERMISSION_NONE/PERMISSION_NETWORK/PERMISSION_SYSTEM. 261 * @return Returns 0, remove rules successfully, otherwise it will fail 262 */ 263 static int32_t RemoveClatTunInterface(const std::string &interfaceName); 264 265 /** 266 * Update route for vnic interface 267 * 268 * @param interfaceName Output network device name of the route item 269 * @param destinationName Destination address of route item 270 * @param nextHop Gateway address of the route item 271 * @param add add or delete route 272 * @return Returns 0, Update route successfully, otherwise it will fail 273 */ 274 static int32_t UpdateVnicRoute(const std::string &interfaceName, const std::string &destinationName, 275 const std::string &nextHop, bool add); 276 277 /** 278 * Update uid ranges for vnic interface 279 * 280 * @param uidRanges uidRanges to update 281 * @param add add or delete uid ranges 282 * @return Returns 0, update UidRangesRules successfully, otherwise it will fail 283 */ 284 static int32_t UpdateVnicUidRangesRule(const std::vector<NetManagerStandard::UidRange> &uidRanges, bool add); 285 286 /** 287 * Enable distribute client net: create virnic and config route 288 * 289 * @param virNicAddr virnic addr 290 * @param iif iif name to config route 291 * @return Returns 0, enable successfully, otherwise it will fail 292 */ 293 static int32_t EnableDistributedClientNet(const std::string &virNicAddr, const std::string &iif); 294 295 /** 296 * Enable distribute client net: config route 297 * 298 * @param iif iif to config route 299 * @param devIface dev Iface name to config route 300 * @param dstAddr dstAddr to config route 301 * @return Returns 0, enable successfully, otherwise it will fail 302 */ 303 static int32_t EnableDistributedServerNet(const std::string &iif, const std::string &devIface, 304 const std::string &dstAddr); 305 306 /** 307 * Disable distribute net: del route 308 * 309 * @param isServer true:server, false:client 310 * @return Returns 0, disable successfully, otherwise it will fail 311 */ 312 static int32_t DisableDistributedNet(bool isServer); 313 314 private: 315 static std::mutex interfaceToTableLock_; 316 static std::map<std::string, uint32_t> interfaceToTable_; 317 static int32_t Init(); 318 static int32_t ClearRules(); 319 static int32_t ClearRoutes(const std::string &interfaceName, int32_t netId = 0); 320 static int32_t AddLocalNetworkRules(); 321 static int32_t UpdatePhysicalNetwork(uint16_t netId, const std::string &interfaceName, NetworkPermission permission, 322 bool add); 323 static int32_t UpdateVirtualNetwork(int32_t netId, const std::string &interfaceName, 324 const std::vector<NetManagerStandard::UidRange> &uidRanges, bool add); 325 static int32_t ModifyVirtualNetBasedRules(int32_t netId, const std::string &ifaceName, bool add); 326 327 static int32_t UpdateLocalNetwork(uint16_t netId, const std::string &interfaceName, bool add); 328 static int32_t UpdateIncomingPacketMark(uint16_t netId, const std::string &interfaceName, 329 NetworkPermission permission, bool add); 330 static int32_t UpdateExplicitNetworkRule(uint16_t netId, uint32_t table, NetworkPermission permission, bool add); 331 static int32_t UpdateOutputInterfaceRules(const std::string &interfaceName, uint32_t table, 332 NetworkPermission permission, bool add); 333 static int32_t UpdateSharingNetwork(uint16_t action, const std::string &inputInterface, 334 const std::string &outputInterface); 335 static int32_t UpdateVpnOutputToLocalRule(const std::string &interfaceName, bool add); 336 static int32_t UpdateVpnSystemPermissionRule(int32_t netId, uint32_t table, bool add); 337 338 static int32_t UpdateVpnUidRangeRule(uint32_t table, uid_t uidStart, uid_t uidEnd, bool add); 339 static int32_t UpdateExplicitNetworkRuleWithUid(int32_t netId, uint32_t table, NetworkPermission permission, 340 uid_t uidStart, uid_t uidEnd, bool add); 341 static int32_t UpdateOutputInterfaceRulesWithUid(const std::string &interface, uint32_t table, 342 NetworkPermission permission, uid_t uidStart, uid_t uidEnd, 343 bool add); 344 static int32_t ClearSharingRules(const std::string &inputInterface); 345 static int32_t UpdateRuleInfo(uint32_t action, uint8_t ruleType, RuleInfo ruleInfo, uid_t uidStart = INVALID_UID, 346 uid_t uidEnd = INVALID_UID); 347 static int32_t UpdateDistributedRule(uint32_t action, uint8_t ruleType, RuleInfo ruleInfo, 348 uid_t uidStart, uid_t uidEnd); 349 static int32_t SendRuleToKernel(uint32_t action, uint8_t family, uint8_t ruleType, RuleInfo ruleInfo, 350 uid_t uidStart, uid_t uidEnd); 351 static int32_t SendRuleToKernelEx(uint32_t action, uint8_t family, uint8_t ruleType, RuleInfo ruleInfo, 352 uid_t uidStart, uid_t uidEnd); 353 static int32_t UpdateRouteRule(uint16_t action, uint16_t flags, RouteInfo routeInfo); 354 static int32_t SendRouteToKernel(uint16_t action, uint16_t routeFlag, rtmsg msg, RouteInfo routeInfo, 355 uint32_t index); 356 static uint32_t FindTableByInterfacename(const std::string &interfaceName, int32_t netId = 0); 357 static uint32_t GetRouteTableFromType(TableType tableType, const std::string &interfaceName); 358 static int32_t SetRouteInfo(TableType tableType, const std::string &interfaceName, 359 const std::string &destinationName, const std::string &nextHop, 360 RouteInfo &routeInfo); 361 static int32_t UpdateClatTunInterface(const std::string &interfaceName, 362 NetworkPermission permission, bool add); 363 static int32_t AddServerUplinkRoute(const std::string &UplinkIif, const std::string &devIface); 364 static int32_t AddServerDownlinkRoute(const std::string &UplinkIif, const std::string &dstAddr); 365 }; 366 } // namespace nmd 367 } // namespace OHOS 368 #endif // INCLUDE_ROUTE_MANAGER_H 369