1 /* 2 * Copyright (C) 2024 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 package android.net.apf; 17 18 import static android.system.OsConstants.IPPROTO_ICMPV6; 19 20 import static com.android.net.module.util.NetworkStackConstants.ETHER_HEADER_LEN; 21 import static com.android.net.module.util.NetworkStackConstants.IPV4_HEADER_MIN_LEN; 22 import static com.android.net.module.util.NetworkStackConstants.IPV4_IGMP_TYPE_V1_REPORT; 23 import static com.android.net.module.util.NetworkStackConstants.IPV4_IGMP_TYPE_V2_JOIN_REPORT; 24 import static com.android.net.module.util.NetworkStackConstants.IPV4_IGMP_TYPE_V2_LEAVE_REPORT; 25 import static com.android.net.module.util.NetworkStackConstants.IPV4_IGMP_TYPE_V3_REPORT; 26 import static com.android.net.module.util.NetworkStackConstants.IPV4_OPTION_LEN_ROUTER_ALERT; 27 import static com.android.net.module.util.NetworkStackConstants.IPV4_OPTION_TYPE_ROUTER_ALERT; 28 29 import android.net.InetAddresses; 30 31 import java.nio.ByteBuffer; 32 import java.nio.ByteOrder; 33 import java.util.Set; 34 35 /** 36 * The class which declares constants used in ApfFilter and unit tests. 37 */ 38 public final class ApfConstants { 39 ApfConstants()40 private ApfConstants() {} 41 public static final int ETH_HEADER_LEN = 14; 42 public static final int ETH_DEST_ADDR_OFFSET = 0; 43 public static final int ETH_ETHERTYPE_OFFSET = 12; 44 public static final int ETH_TYPE_MIN = 0x0600; 45 public static final int ETH_TYPE_MAX = 0xFFFF; 46 // TODO: Make these offsets relative to end of link-layer header; don't include ETH_HEADER_LEN. 47 public static final int IPV4_TOTAL_LENGTH_OFFSET = ETH_HEADER_LEN + 2; 48 public static final int IPV4_FRAGMENT_OFFSET_OFFSET = ETH_HEADER_LEN + 6; 49 // Endianness is not an issue for this constant because the APF interpreter always operates in 50 // network byte order. 51 public static final int IPV4_FRAGMENT_OFFSET_MASK = 0x1fff; 52 public static final int IPV4_FRAGMENT_MORE_FRAGS_MASK = 0x2000; 53 public static final int IPV4_PROTOCOL_OFFSET = ETH_HEADER_LEN + 9; 54 public static final int IPV4_SRC_ADDR_OFFSET = ETH_HEADER_LEN + 12; 55 public static final int IPV4_DEST_ADDR_OFFSET = ETH_HEADER_LEN + 16; 56 public static final int IPV4_ANY_HOST_ADDRESS = 0; 57 public static final int IPV4_BROADCAST_ADDRESS = -1; // 255.255.255.255 58 // The IPv4 all hosts destination 224.0.0.1 59 public static final byte[] IPV4_ALL_HOSTS_ADDRESS = 60 InetAddresses.parseNumericAddress("224.0.0.1").getAddress(); 61 // The IPv4 all multicast routers destination 224.0.0.22 62 public static final byte[] IPV4_ALL_IGMPV3_MULTICAST_ROUTERS_ADDRESS = 63 InetAddresses.parseNumericAddress("224.0.0.22").getAddress(); 64 public static long IPV4_ALL_HOSTS_ADDRESS_IN_LONG = 0xe0000001L; // 224.0.0.1 65 public static final int IPV4_IGMP_TYPE_QUERY = 0x11; 66 public static final Set<Long> IGMP_TYPE_REPORTS = Set.of( 67 (long) IPV4_IGMP_TYPE_V1_REPORT, 68 (long) IPV4_IGMP_TYPE_V2_JOIN_REPORT, 69 (long) IPV4_IGMP_TYPE_V2_LEAVE_REPORT, 70 (long) IPV4_IGMP_TYPE_V3_REPORT); 71 public static final byte[] IPV4_ROUTER_ALERT_OPTION = { 72 (byte) IPV4_OPTION_TYPE_ROUTER_ALERT, // option type 73 (byte) IPV4_OPTION_LEN_ROUTER_ALERT, // option length 74 0, 0 // option value 75 }; 76 public static final int IPV4_ROUTER_ALERT_OPTION_LEN = 4; 77 public static final int IGMP_CHECKSUM_WITH_ROUTER_ALERT_OFFSET = 78 ETHER_HEADER_LEN + IPV4_HEADER_MIN_LEN + IPV4_ROUTER_ALERT_OPTION_LEN + 2; 79 public static final byte[] IGMPV2_REPORT_FROM_IPV4_OPTION_TO_IGMP_CHECKSUM = { 80 // option type 81 (byte) IPV4_OPTION_TYPE_ROUTER_ALERT, 82 // option length 83 (byte) IPV4_OPTION_LEN_ROUTER_ALERT, 84 // option value 85 0, 0, 86 // IGMP type 87 // Indicating an IGMPv2 Membership Report (Join Group) 88 (byte) IPV4_IGMP_TYPE_V2_JOIN_REPORT, 89 // max response time 90 // Typically used in IGMP queries,but is not significant in IGMPv2 reports. 91 0, 92 // checksum, calculate later 93 0, 0 94 }; 95 96 // IGMPv3 group record types 97 // From include/uapi/linux/igmp.h 98 public static final int IGMPV3_MODE_IS_EXCLUDE = 2; 99 100 // MLDv2 group record types 101 // From include/uapi/linux/icmpv6.h 102 public static final int MLD2_MODE_IS_EXCLUDE = 2; 103 104 // Traffic class and Flow label are not byte aligned. Luckily we 105 // don't care about either value so we'll consider bytes 1-3 of the 106 // IPv6 header as don't care. 107 public static final int IPV6_FLOW_LABEL_OFFSET = ETH_HEADER_LEN + 1; 108 public static final int IPV6_FLOW_LABEL_LEN = 3; 109 public static final int IPV6_PAYLOAD_LEN_OFFSET = ETH_HEADER_LEN + 4; 110 public static final int IPV6_NEXT_HEADER_OFFSET = ETH_HEADER_LEN + 6; 111 public static final int IPV6_HOP_LIMIT_OFFSET = ETH_HEADER_LEN + 7; 112 public static final int IPV6_SRC_ADDR_OFFSET = ETH_HEADER_LEN + 8; 113 public static final int IPV6_DEST_ADDR_OFFSET = ETH_HEADER_LEN + 24; 114 public static final int IPV6_HEADER_LEN = 40; 115 // The IPv6 all nodes address ff02::1 116 public static final byte[] IPV6_ALL_NODES_ADDRESS = 117 { (byte) 0xff, 2, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1 }; 118 // The IPv6 unspecified address :: 119 public static final byte[] IPV6_UNSPECIFIED_ADDRESS = 120 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; 121 // The IPv6 solicited nodes multicast address prefix ff02::1:ffXX:X/104 122 public static final byte[] IPV6_SOLICITED_NODES_PREFIX = 123 { (byte) 0xff, 2, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, (byte) 0xff}; 124 public static final byte[] IPV6_MLD_V2_ALL_ROUTERS_MULTICAST_ADDRESS = 125 { (byte) 0xff, 2, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, (byte) 0x16 }; 126 127 /** 128 * IPv6 Router Alert Option constants. 129 * 130 * See also: 131 * - https://tools.ietf.org/html/rfc2711 132 */ 133 public static final int IPV6_HBH_ROUTER_ALERT_OPTION_TYPE = 5; 134 public static final int IPV6_HBH_ROUTER_ALERT_OPTION_LEN = 2; 135 136 public static final int IPV6_HBH_PADN_OPTION_TYPE = 1; 137 138 /** 139 * IPv6 MLD constants. 140 * 141 * See also: 142 * - https://tools.ietf.org/html/rfc2710 143 * - https://tools.ietf.org/html/rfc3810 144 */ 145 public static final int IPV6_MLD_MESSAGE_MIN_SIZE = 8; 146 public static final int IPV6_MLD_MIN_SIZE = 24; // including icmp header 147 public static final int IPV6_MLD_TYPE_QUERY = 130; 148 public static final int IPV6_MLD_TYPE_V1_REPORT = 131; 149 public static final int IPV6_MLD_TYPE_V1_DONE = 132; 150 public static final int IPV6_MLD_TYPE_V2_REPORT = 143; 151 public static final int IPV6_MLD_V1_MESSAGE_SIZE = 24; 152 public static final int IPV6_MLD_V2_MULTICAST_ADDRESS_RECORD_SIZE = 20; 153 // kernel reference: net/ipv6/mcast.c#igmp6_send() 154 public static final byte[] IPV6_MLD_HOPOPTS = { 155 (byte) IPPROTO_ICMPV6, // next header type 156 0, // next header length 157 (byte) IPV6_HBH_ROUTER_ALERT_OPTION_TYPE, // Router Alert option type 158 (byte) IPV6_HBH_ROUTER_ALERT_OPTION_LEN, // Router Alert option length 159 0, 0, // Router Alert option value 160 (byte) IPV6_HBH_PADN_OPTION_TYPE, (byte) 0x00 // PadN type and length 161 }; 162 163 public static final Set<Long> IPV6_MLD_TYPE_REPORTS = Set.of( 164 (long) IPV6_MLD_TYPE_V1_REPORT, 165 (long) IPV6_MLD_TYPE_V1_DONE, 166 (long) IPV6_MLD_TYPE_V2_REPORT 167 ); 168 public static final int IPV6_EXT_HEADER_OFFSET = ETH_HEADER_LEN + IPV6_HEADER_LEN; 169 public static final int IPV6_MLD_CHECKSUM_OFFSET = 170 ETHER_HEADER_LEN + IPV6_HEADER_LEN + IPV6_MLD_HOPOPTS.length + 2; 171 public static final int IPV6_MLD_TYPE_OFFSET = 172 IPV6_EXT_HEADER_OFFSET + IPV6_MLD_HOPOPTS.length; 173 public static final int IPV6_MLD_MULTICAST_ADDR_OFFSET = 174 IPV6_EXT_HEADER_OFFSET + IPV6_MLD_HOPOPTS.length + 8; 175 176 public static final int ICMP4_TYPE_NO_OPTIONS_OFFSET = ETH_HEADER_LEN + IPV4_HEADER_MIN_LEN; 177 public static final int ICMP4_CHECKSUM_NO_OPTIONS_OFFSET = 178 ETH_HEADER_LEN + IPV4_HEADER_MIN_LEN + 2; 179 public static final int ICMP4_CONTENT_NO_OPTIONS_OFFSET = 180 ETH_HEADER_LEN + IPV4_HEADER_MIN_LEN + 4; 181 182 public static final int ICMP6_ECHO_REQUEST_HEADER_LEN = 8; 183 public static final int ICMP6_TYPE_OFFSET = ETH_HEADER_LEN + IPV6_HEADER_LEN; 184 public static final int ICMP6_CODE_OFFSET = ETH_HEADER_LEN + IPV6_HEADER_LEN + 1; 185 public static final int ICMP6_CHECKSUM_OFFSET = ETH_HEADER_LEN + IPV6_HEADER_LEN + 2; 186 public static final int ICMP6_CONTENT_OFFSET = ETH_HEADER_LEN + IPV6_HEADER_LEN + 4; 187 public static final int ICMP6_NS_TARGET_IP_OFFSET = ICMP6_TYPE_OFFSET + 8; 188 public static final int ICMP6_NS_OPTION_TYPE_OFFSET = ICMP6_NS_TARGET_IP_OFFSET + 16; 189 // From RFC4861: 190 public static final int ICMP6_RA_HEADER_LEN = 16; 191 public static final int ICMP6_RA_CHECKSUM_OFFSET = 192 ETH_HEADER_LEN + IPV6_HEADER_LEN + 2; 193 public static final int ICMP6_RA_CHECKSUM_LEN = 2; 194 public static final int ICMP6_RA_OPTION_OFFSET = 195 ETH_HEADER_LEN + IPV6_HEADER_LEN + ICMP6_RA_HEADER_LEN; 196 public static final int ICMP6_RA_ROUTER_LIFETIME_OFFSET = 197 ETH_HEADER_LEN + IPV6_HEADER_LEN + 6; 198 public static final int ICMP6_RA_ROUTER_LIFETIME_LEN = 2; 199 // Prefix information option. 200 public static final int ICMP6_PREFIX_OPTION_TYPE = 3; 201 public static final int ICMP6_PREFIX_OPTION_VALID_LIFETIME_OFFSET = 4; 202 public static final int ICMP6_PREFIX_OPTION_VALID_LIFETIME_LEN = 4; 203 public static final int ICMP6_PREFIX_OPTION_PREFERRED_LIFETIME_LEN = 4; 204 205 // From RFC4861: source link-layer address 206 public static final int ICMP6_SOURCE_LL_ADDRESS_OPTION_TYPE = 1; 207 // From RFC4861: mtu size option 208 public static final int ICMP6_MTU_OPTION_TYPE = 5; 209 // From RFC6106: Recursive DNS Server option 210 public static final int ICMP6_RDNSS_OPTION_TYPE = 25; 211 // From RFC5175: RA Flags Extension option 212 public static final int ICMP6_RA_FLAGS_EXTENSION_OPTION_TYPE = 26; 213 // From RFC6106: DNS Search List option 214 public static final int ICMP6_DNSSL_OPTION_TYPE = 31; 215 // From RFC8910: Captive-Portal option 216 public static final int ICMP6_CAPTIVE_PORTAL_OPTION_TYPE = 37; 217 // From RFC8781: PREF64 option 218 public static final int ICMP6_PREF64_OPTION_TYPE = 38; 219 220 // From RFC4191: Route Information option 221 public static final int ICMP6_ROUTE_INFO_OPTION_TYPE = 24; 222 // Above three options all have the same format: 223 public static final int ICMP6_4_BYTE_LIFETIME_OFFSET = 4; 224 public static final int ICMP6_4_BYTE_LIFETIME_LEN = 4; 225 public static final int IPPROTO_HOPOPTS = 0; 226 227 // NOTE: this must be added to the IPv4 header length in MemorySlot.IPV4_HEADER_SIZE 228 public static final int TCP_UDP_SOURCE_PORT_OFFSET = ETH_HEADER_LEN; 229 public static final int TCP_UDP_DESTINATION_PORT_OFFSET = ETH_HEADER_LEN + 2; 230 public static final int IGMP_MAX_RESP_TIME_OFFSET = ETHER_HEADER_LEN + 1; 231 public static final int IGMP_MULTICAST_ADDRESS_OFFSET = ETH_HEADER_LEN + 4; 232 public static final int UDP_HEADER_LEN = 8; 233 234 public static final int TCP_HEADER_SIZE_OFFSET = 12; 235 236 public static final int DHCP_SERVER_PORT = 67; 237 public static final int DHCP_CLIENT_PORT = 68; 238 239 public static final int DNS_HEADER_LEN = 12; 240 public static final int IPV4_UDP_DESTINATION_PORT_NO_OPTIONS_OFFSET = 241 ETH_HEADER_LEN + IPV4_HEADER_MIN_LEN + 2; 242 public static final int IPV4_UDP_DESTINATION_CHECKSUM_NO_OPTIONS_OFFSET = 243 ETH_HEADER_LEN + IPV4_HEADER_MIN_LEN + 6; 244 public static final int IPV4_UDP_PAYLOAD_NO_OPTIONS_OFFSET = 245 ETH_HEADER_LEN + IPV4_HEADER_MIN_LEN + UDP_HEADER_LEN; 246 public static final int IPV4_DNS_QDCOUNT_NO_OPTIONS_OFFSET = 247 ETH_HEADER_LEN + IPV4_HEADER_MIN_LEN + UDP_HEADER_LEN + 4; 248 public static final int IPV6_UDP_DESTINATION_PORT_OFFSET = 249 ETH_HEADER_LEN + IPV6_HEADER_LEN + 2; 250 public static final int IPV6_UDP_DESTINATION_CHECKSUM_OFFSET = 251 ETH_HEADER_LEN + IPV6_HEADER_LEN + 6; 252 public static final int IPv6_UDP_PAYLOAD_OFFSET = 253 ETH_HEADER_LEN + IPV6_HEADER_LEN + UDP_HEADER_LEN; 254 public static final int IPV6_DNS_QDCOUNT_OFFSET = 255 ETH_HEADER_LEN + IPV6_HEADER_LEN + UDP_HEADER_LEN + 4; 256 257 public static final int ARP_HEADER_OFFSET = ETH_HEADER_LEN; 258 public static final byte[] ARP_IPV4_HEADER = { 259 0, 1, // Hardware type: Ethernet (1) 260 8, 0, // Protocol type: IP (0x0800) 261 6, // Hardware size: 6 262 4, // Protocol size: 4 263 }; 264 public static final int ARP_OPCODE_OFFSET = ARP_HEADER_OFFSET + 6; 265 // Opcode: ARP request (0x0001), ARP reply (0x0002) 266 public static final short ARP_OPCODE_REQUEST = 1; 267 public static final short ARP_OPCODE_REPLY = 2; 268 public static final int ARP_SOURCE_IP_ADDRESS_OFFSET = ARP_HEADER_OFFSET + 14; 269 public static final int ARP_TARGET_IP_ADDRESS_OFFSET = ARP_HEADER_OFFSET + 24; 270 // Limit on the Black List size to cap on program usage for this 271 // TODO: Select a proper max length 272 public static final int APF_MAX_ETH_TYPE_BLACK_LIST_LEN = 20; 273 274 // The ethernet solicited nodes multicast address prefix 33:33:FF:xx:xx:xx 275 public static final byte[] ETH_SOLICITED_NODES_PREFIX = 276 {(byte) 0x33, (byte) 0x33, (byte) 0xff}; 277 public static final byte[] ETH_MULTICAST_IPV6_ALL_NODES_MAC_ADDRESS = 278 { (byte) 0x33, (byte) 0x33, 0, 0, 0, 1}; 279 public static final byte[] ETH_MULTICAST_MDNS_V4_MAC_ADDRESS = 280 {(byte) 0x01, (byte) 0x00, (byte) 0x5e, (byte) 0x00, (byte) 0x00, (byte) 0xfb}; 281 public static final byte[] ETH_MULTICAST_MDNS_V6_MAC_ADDRESS = 282 {(byte) 0x33, (byte) 0x33, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0xfb}; 283 public static final byte[] ETH_MULTICAST_IGMP_V3_ALL_MULTICAST_ROUTERS_ADDRESS = 284 { (byte) 0x01, 0, (byte) 0x5e, 0, 0, (byte) 0x16}; 285 public static final byte[] ETH_MULTICAST_MLD_V2_ALL_MULTICAST_ROUTERS_ADDRESS = 286 { (byte) 0x33, (byte) 0x33, 0, 0, 0, (byte) 0x16}; 287 public static final int MDNS_PORT = 5353; 288 public static final byte[] MDNS_PORT_IN_BYTES = ByteBuffer.allocate(2).order( 289 ByteOrder.BIG_ENDIAN).putShort((short) MDNS_PORT).array(); 290 291 public static final long MDNS_IPV4_ADDR_IN_LONG = 0xE00000FBL; // 224.0.0.251 292 public static final byte[] MDNS_IPV4_ADDR = InetAddresses.parseNumericAddress( 293 "224.0.0.251").getAddress(); 294 public static final byte[] MDNS_IPV6_ADDR = InetAddresses.parseNumericAddress( 295 "FF02::FB").getAddress(); 296 public static final int ECHO_PORT = 7; 297 // NOTE: this must be added to the IPv4 header length in MemorySlot.IPV4_HEADER_SIZE, or the 298 // IPv6 header length. 299 public static final int DHCP_CLIENT_MAC_OFFSET = ETH_HEADER_LEN + UDP_HEADER_LEN + 28; 300 301 /** 302 * Fixed byte sequence representing the following part of the ARP reply header: 303 * EtherType + HTYPE + PTYPE + HLEN + PLEN + ops reply (0x0002) 304 */ 305 public static final byte[] FIXED_ARP_REPLY_HEADER = 306 new byte[]{0x08, 0x06, 0x00, 0x01, 0x08, 0x00, 0x06, 0x04, 0x00, 0x02}; 307 } 308