1 /* 2 * Copyright (C) 2014 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #ifndef NETD_INCLUDE_FWMARK_COMMAND_H 18 #define NETD_INCLUDE_FWMARK_COMMAND_H 19 20 #include <arpa/inet.h> 21 #include <sys/socket.h> 22 #include <sys/types.h> 23 24 // Additional information sent with ON_CONNECT_COMPLETE command 25 struct FwmarkConnectInfo { 26 int error; 27 unsigned latencyMs; 28 union { 29 sockaddr s; 30 sockaddr_in sin; 31 sockaddr_in6 sin6; 32 } addr; 33 FwmarkConnectInfoFwmarkConnectInfo34 FwmarkConnectInfo() {} 35 FwmarkConnectInfoFwmarkConnectInfo36 FwmarkConnectInfo(const int connectErrno, const unsigned latency, const sockaddr* saddr) { 37 error = connectErrno; 38 latencyMs = latency; 39 if (saddr->sa_family == AF_INET) { 40 addr.sin = *((struct sockaddr_in*) saddr); 41 } else if (saddr->sa_family == AF_INET6) { 42 addr.sin6 = *((struct sockaddr_in6*) saddr); 43 } else { 44 // Cannot happen because we only call this if shouldSetFwmark returns true, and thus 45 // the address family is one we understand. 46 addr.s.sa_family = AF_UNSPEC; 47 } 48 } 49 }; 50 51 // Commands sent from clients to the fwmark server to mark sockets (i.e., set their SO_MARK). 52 // ON_CONNECT_COMPLETE command should be accompanied by FwmarkConnectInfo which should contain 53 // info about that connect attempt 54 // TODO: rework this struct into a more flexible data structure such as union or 55 // a hierarchy class. 56 struct FwmarkCommand { 57 enum { 58 ON_ACCEPT, 59 ON_CONNECT, 60 SELECT_NETWORK, 61 PROTECT_FROM_VPN, 62 SELECT_FOR_USER, 63 QUERY_USER_ACCESS, 64 ON_CONNECT_COMPLETE, 65 TAG_SOCKET, 66 UNTAG_SOCKET, 67 // TODO: use binder to pass the following two request in future after we 68 // completely get rid of qtaguid module, since these are privileged 69 // command. 70 SET_COUNTERSET, 71 DELETE_TAGDATA, 72 } cmdId; 73 unsigned netId; // used only in the SELECT_NETWORK command; ignored otherwise. 74 uid_t uid; // used in the SELECT_FOR_USER, QUERY_USER_ACCESS, TAG_SOCKET, 75 // SET_COUNTERSET, and DELETE_TAGDATA command; ignored otherwise. 76 uint32_t trafficCtrlInfo; // used in TAG_SOCKET, SET_COUNTERSET and SET_PACIFIER command; 77 // ignored otherwise. Depend on the case, it can be a tag, a 78 // counterSet or a pacifier signal. 79 isSupportedFamilyFwmarkCommand80 static bool isSupportedFamily(int socketFamily) { 81 return socketFamily == AF_INET || socketFamily == AF_INET6; 82 } 83 }; 84 85 #endif // NETD_INCLUDE_FWMARK_COMMAND_H 86