1 /* 2 * Copyright (C) 2021-2022 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 #ifndef INCLUDE_ROUTE_MANAGER_H 17 #define INCLUDE_ROUTE_MANAGER_H 18 19 #include <linux/netlink.h> 20 #include <map> 21 #include <netinet/in.h> 22 #include <cstdint> 23 24 #include "netlink_msg.h" 25 #include "network_permission.h" 26 #include "uid_range.h" 27 28 namespace OHOS { 29 namespace nmd { 30 constexpr uid_t INVALID_UID = static_cast<uid_t>(-1); 31 typedef struct RuleInfo { 32 uint32_t ruleTable; 33 uint32_t rulePriority; 34 uint32_t ruleFwmark; 35 uint32_t ruleMask; 36 std::string ruleIif; 37 std::string ruleOif; 38 } RuleInfo; 39 40 typedef struct RouteInfo { 41 uint32_t routeTable; 42 std::string routeInterfaceName; 43 std::string routeDestinationName; 44 std::string routeNextHop; 45 } RouteInfo; 46 47 typedef struct InetAddr { 48 int32_t family; 49 int32_t bitlen; 50 int32_t prefixlen; 51 uint8_t data[sizeof(struct in6_addr)]; 52 } InetAddr; 53 54 class RouteManager { 55 public: 56 RouteManager(); 57 ~RouteManager() = default; 58 59 /** 60 * Route table type 61 * 62 */ 63 enum TableType { 64 INTERFACE, 65 VPN_NETWORK, 66 LOCAL_NETWORK, 67 INTERNAL_DEFAULT, 68 }; 69 70 /** 71 * The interface is add route table 72 * 73 * @param tableType Route table type.Must be one of INTERFACE/VPN_NETWORK/LOCAL_NETWORK. 74 * @param interfaceName Output network device name of the route item 75 * @param destinationName Destination address of route item 76 * @param nextHop Gateway address of the route item 77 * @return Returns 0, add route table successfully, otherwise it will fail 78 */ 79 static int32_t AddRoute(TableType tableType, const std::string &interfaceName, const std::string &destinationName, 80 const std::string &nextHop); 81 82 /** 83 * The interface is remove route table 84 * 85 * @param tableType Route table type.Must be one of INTERFACE/VPN_NETWORK/LOCAL_NETWORK. 86 * @param interfaceName Output network device name of the route item 87 * @param destinationName Destination address of route item 88 * @param nextHop Gateway address of the route item 89 * @return Returns 0, remove route table successfully, otherwise it will fail 90 */ 91 static int32_t RemoveRoute(TableType tableType, const std::string &interfaceName, 92 const std::string &destinationName, const std::string &nextHop); 93 94 /** 95 * The interface is update route table 96 * 97 * @param tableType Route table type.Must be one of INTERFACE/VPN_NETWORK/LOCAL_NETWORK. 98 * @param interfaceName Output network device name of the route item 99 * @param destinationName Destination address of route item 100 * @param nextHop Gateway address of the route item 101 * @return Returns 0, update route table successfully, otherwise it will fail 102 */ 103 static int32_t UpdateRoute(TableType tableType, const std::string &interfaceName, 104 const std::string &destinationName, const std::string &nextHop); 105 106 /** 107 * Add interface to default network 108 * 109 * @param interfaceName Output network device name of the route item 110 * @param permission Network permission. Must be one of 111 * PERMISSION_NONE/PERMISSION_NETWORK/PERMISSION_SYSTEM. 112 * @return Returns 0, add interface to default network successfully, otherwise it will fail 113 */ 114 static int32_t AddInterfaceToDefaultNetwork(const std::string &interfaceName, NetworkPermission permission); 115 116 /** 117 * Remove interface from default network 118 * 119 * @param interfaceName Output network device name of the route item 120 * @param permission Network permission. Must be one of 121 * PERMISSION_NONE/PERMISSION_NETWORK/PERMISSION_SYSTEM. 122 * @return Returns 0, remove interface from default network successfully, otherwise it will fail 123 */ 124 static int32_t RemoveInterfaceFromDefaultNetwork(const std::string &interfaceName, NetworkPermission permission); 125 126 /** 127 * Add interface to physical network 128 * 129 * @param netId Network number 130 * @param interfaceName Output network device name of the route item 131 * @param permission Network permission. Must be one of 132 * PERMISSION_NONE/PERMISSION_NETWORK/PERMISSION_SYSTEM. 133 * @return Returns 0, add interface to physical network successfully, otherwise it will fail 134 */ 135 static int32_t AddInterfaceToPhysicalNetwork(uint16_t netId, const std::string &interfaceName, 136 NetworkPermission permission); 137 138 /** 139 * Remove interface from physical network 140 * 141 * @param netId Network number 142 * @param interfaceName Output network device name of the route item 143 * @param permission Network permission. Must be one of 144 * PERMISSION_NONE/PERMISSION_NETWORK/PERMISSION_SYSTEM. 145 * @return Returns 0, remove interface from physical network successfully, otherwise it will fail 146 */ 147 static int32_t RemoveInterfaceFromPhysicalNetwork(uint16_t netId, const std::string &interfaceName, 148 NetworkPermission permission); 149 150 /** 151 * Modify physical network permission 152 * 153 * @param netId Network number 154 * @param interfaceName Output network device name of the route item 155 * @param oldPermission Old network permission. Must be one of 156 * PERMISSION_NONE/PERMISSION_NETWORK/PERMISSION_SYSTEM. 157 * @param newPermission New network permission. Must be one of 158 * PERMISSION_NONE/PERMISSION_NETWORK/PERMISSION_SYSTEM. 159 * @return Returns 0, modify physical network permission successfully, otherwise it will fail 160 */ 161 static int32_t ModifyPhysicalNetworkPermission(uint16_t netId, const std::string &interfaceName, 162 NetworkPermission oldPermission, NetworkPermission newPermission); 163 164 /** 165 * Add interface to virtual network 166 * 167 * @param netId Network number 168 * @param interfaceName Output network device name of the route item 169 * @return Returns 0, add interface to virtual network successfully, otherwise it will fail 170 */ 171 static int32_t AddInterfaceToVirtualNetwork(int32_t netId, const std::string &interfaceName); 172 173 /** 174 * Remove interface from virtual network 175 * 176 * @param netId Network number 177 * @param interfaceName Output network device name of the route item 178 * @return Returns 0, remove interface from virtual network successfully, otherwise it will fail 179 */ 180 static int32_t RemoveInterfaceFromVirtualNetwork(int32_t netId, const std::string &interfaceName); 181 182 static int32_t AddUsersToVirtualNetwork(int32_t netId, const std::string &interfaceName, 183 const std::vector<NetManagerStandard::UidRange> &uidRanges); 184 185 static int32_t RemoveUsersFromVirtualNetwork(int32_t netId, const std::string &interfaceName, 186 const std::vector<NetManagerStandard::UidRange> &uidRanges); 187 188 /** 189 * Add interface to local network 190 * 191 * @param netId Network number 192 * @param interfaceName Output network device name of the route item 193 * @return Returns 0, add interface to local network successfully, otherwise it will fail 194 */ 195 static int32_t AddInterfaceToLocalNetwork(uint16_t netId, const std::string &interfaceName); 196 197 /** 198 * Remove interface from local network 199 * 200 * @param netId Network number 201 * @param interfaceName Output network device name of the route item 202 * @return Returns 0, remove interface from local network successfully, otherwise it will fail 203 */ 204 static int32_t RemoveInterfaceFromLocalNetwork(uint16_t netId, const std::string &interfaceName); 205 206 /** 207 * Enable sharing network 208 * 209 * @param inputInterface Input network device name of the route item 210 * @param outputInterface Output network device name of the route item 211 * @return Returns 0, enable sharing network successfully, otherwise it will fail 212 */ 213 static int32_t EnableSharing(const std::string &inputInterface, const std::string &outputInterface); 214 215 /** 216 * Disable sharing network 217 * 218 * @param inputInterface Input network device name of the route item 219 * @param outputInterface Output network device name of the route item 220 * @return Returns 0, disable sharing network successfully, otherwise it will fail 221 */ 222 static int32_t DisableSharing(const std::string &inputInterface, const std::string &outputInterface); 223 224 /** 225 * Parse destination address 226 * 227 * @param addr Address to be parse 228 * @param res Parse result 229 * @return Returns 0, parse destination address successfully, otherwise it will fail 230 */ 231 static int32_t ReadAddr(const std::string &addr, InetAddr *res); 232 233 /** 234 * Parse gateway address 235 * 236 * @param addr Address to be parse 237 * @param res Parse result 238 * @return Returns 0, parse gateway address successfully, otherwise it will fail 239 */ 240 static int32_t ReadAddrGw(const std::string &addr, InetAddr *res); 241 242 /** 243 * Add rules for clat tun interface 244 * 245 * @param interfaceName Output network device name of the route item 246 * @param permission Network permission. Must be one of 247 * PERMISSION_NONE/PERMISSION_NETWORK/PERMISSION_SYSTEM. 248 * @return Returns 0, add rules successfully, otherwise it will fail 249 */ 250 static int32_t AddClatTunInterface(const std::string &interfaceName, const std::string &dstAddr, 251 const std::string &nxtHop); 252 253 /** 254 * Remove rules for clat tun interface 255 * 256 * @param interfaceName Output network device name of the route item 257 * @param permission Network permission. Must be one of 258 * PERMISSION_NONE/PERMISSION_NETWORK/PERMISSION_SYSTEM. 259 * @return Returns 0, remove rules successfully, otherwise it will fail 260 */ 261 static int32_t RemoveClatTunInterface(const std::string &interfaceName); 262 263 /** 264 * Update route for vnic interface 265 * 266 * @param interfaceName Output network device name of the route item 267 * @param destinationName Destination address of route item 268 * @param nextHop Gateway address of the route item 269 * @param add add or delete route 270 * @return Returns 0, Update route successfully, otherwise it will fail 271 */ 272 static int32_t UpdateVnicRoute(const std::string &interfaceName, const std::string &destinationName, 273 const std::string &nextHop, bool add); 274 275 /** 276 * Update uid ranges for vnic interface 277 * 278 * @param uidRanges uidRanges to update 279 * @param add add or delete uid ranges 280 * @return Returns 0, update UidRangesRules successfully, otherwise it will fail 281 */ 282 static int32_t UpdateVnicUidRangesRule(const std::vector<NetManagerStandard::UidRange> &uidRanges, bool add); 283 284 private: 285 static std::mutex interfaceToTableLock_; 286 static std::map<std::string, uint32_t> interfaceToTable_; 287 static int32_t Init(); 288 static int32_t ClearRules(); 289 static int32_t ClearRoutes(const std::string &interfaceName, int32_t netId = 0); 290 static int32_t AddLocalNetworkRules(); 291 static int32_t UpdatePhysicalNetwork(uint16_t netId, const std::string &interfaceName, NetworkPermission permission, 292 bool add); 293 static int32_t UpdateVirtualNetwork(int32_t netId, const std::string &interfaceName, 294 const std::vector<NetManagerStandard::UidRange> &uidRanges, bool add); 295 static int32_t ModifyVirtualNetBasedRules(int32_t netId, const std::string &ifaceName, bool add); 296 297 static int32_t UpdateLocalNetwork(uint16_t netId, const std::string &interfaceName, bool add); 298 static int32_t UpdateIncomingPacketMark(uint16_t netId, const std::string &interfaceName, 299 NetworkPermission permission, bool add); 300 static int32_t UpdateExplicitNetworkRule(uint16_t netId, uint32_t table, NetworkPermission permission, bool add); 301 static int32_t UpdateOutputInterfaceRules(const std::string &interfaceName, uint32_t table, 302 NetworkPermission permission, bool add); 303 static int32_t UpdateSharingNetwork(uint16_t action, const std::string &inputInterface, 304 const std::string &outputInterface); 305 static int32_t UpdateVpnOutputToLocalRule(const std::string &interfaceName, bool add); 306 static int32_t UpdateVpnSystemPermissionRule(int32_t netId, uint32_t table, bool add); 307 308 static int32_t UpdateVpnUidRangeRule(uint32_t table, uid_t uidStart, uid_t uidEnd, bool add); 309 static int32_t UpdateExplicitNetworkRuleWithUid(int32_t netId, uint32_t table, NetworkPermission permission, 310 uid_t uidStart, uid_t uidEnd, bool add); 311 static int32_t UpdateOutputInterfaceRulesWithUid(const std::string &interface, uint32_t table, 312 NetworkPermission permission, uid_t uidStart, uid_t uidEnd, 313 bool add); 314 static int32_t ClearSharingRules(const std::string &inputInterface); 315 static int32_t UpdateRuleInfo(uint32_t action, uint8_t ruleType, RuleInfo ruleInfo, uid_t uidStart = INVALID_UID, 316 uid_t uidEnd = INVALID_UID); 317 static int32_t SendRuleToKernel(uint32_t action, uint8_t family, uint8_t ruleType, RuleInfo ruleInfo, 318 uid_t uidStart, uid_t uidEnd); 319 static int32_t UpdateRouteRule(uint16_t action, uint16_t flags, RouteInfo routeInfo); 320 static int32_t SendRouteToKernel(uint16_t action, uint16_t routeFlag, rtmsg msg, RouteInfo routeInfo, 321 uint32_t index); 322 static uint32_t FindTableByInterfacename(const std::string &interfaceName, int32_t netId = 0); 323 static uint32_t GetRouteTableFromType(TableType tableType, const std::string &interfaceName); 324 static int32_t SetRouteInfo(TableType tableType, const std::string &interfaceName, 325 const std::string &destinationName, const std::string &nextHop, 326 RouteInfo &routeInfo); 327 static int32_t UpdateClatTunInterface(const std::string &interfaceName, 328 NetworkPermission permission, bool add); 329 }; 330 } // namespace nmd 331 } // namespace OHOS 332 #endif // INCLUDE_ROUTE_MANAGER_H 333