use of android.net.RouteInfo in project android_frameworks_base by DirtyUnicorns.
the class VpnConfig method addLegacyRoutes.
public void addLegacyRoutes(String routesStr) {
if (routesStr.trim().equals("")) {
return;
}
String[] routes = routesStr.trim().split(" ");
for (String route : routes) {
//each route is ip/prefix
RouteInfo info = new RouteInfo(new IpPrefix(route), null);
this.routes.add(info);
updateAllowedFamilies(info.getDestination().getAddress());
}
}
use of android.net.RouteInfo in project android_frameworks_base by DirtyUnicorns.
the class Vpn method startLegacyVpnPrivileged.
/**
* Like {@link #startLegacyVpn(VpnProfile, KeyStore, LinkProperties)}, but does not check
* permissions under the assumption that the caller is the system.
*
* Callers are responsible for checking permissions if needed.
*/
public void startLegacyVpnPrivileged(VpnProfile profile, KeyStore keyStore, LinkProperties egress) {
UserManager mgr = UserManager.get(mContext);
UserInfo user = mgr.getUserInfo(mUserHandle);
if (user.isRestricted() || mgr.hasUserRestriction(UserManager.DISALLOW_CONFIG_VPN, new UserHandle(mUserHandle))) {
throw new SecurityException("Restricted users cannot establish VPNs");
}
final RouteInfo ipv4DefaultRoute = findIPv4DefaultRoute(egress);
final String gateway = ipv4DefaultRoute.getGateway().getHostAddress();
final String iface = ipv4DefaultRoute.getInterface();
// Load certificates.
String privateKey = "";
String userCert = "";
String caCert = "";
String serverCert = "";
if (!profile.ipsecUserCert.isEmpty()) {
privateKey = Credentials.USER_PRIVATE_KEY + profile.ipsecUserCert;
byte[] value = keyStore.get(Credentials.USER_CERTIFICATE + profile.ipsecUserCert);
userCert = (value == null) ? null : new String(value, StandardCharsets.UTF_8);
}
if (!profile.ipsecCaCert.isEmpty()) {
byte[] value = keyStore.get(Credentials.CA_CERTIFICATE + profile.ipsecCaCert);
caCert = (value == null) ? null : new String(value, StandardCharsets.UTF_8);
}
if (!profile.ipsecServerCert.isEmpty()) {
byte[] value = keyStore.get(Credentials.USER_CERTIFICATE + profile.ipsecServerCert);
serverCert = (value == null) ? null : new String(value, StandardCharsets.UTF_8);
}
if (privateKey == null || userCert == null || caCert == null || serverCert == null) {
throw new IllegalStateException("Cannot load credentials");
}
// Prepare arguments for racoon.
String[] racoon = null;
switch(profile.type) {
case VpnProfile.TYPE_L2TP_IPSEC_PSK:
racoon = new String[] { iface, profile.server, "udppsk", profile.ipsecIdentifier, profile.ipsecSecret, "1701" };
break;
case VpnProfile.TYPE_L2TP_IPSEC_RSA:
racoon = new String[] { iface, profile.server, "udprsa", privateKey, userCert, caCert, serverCert, "1701" };
break;
case VpnProfile.TYPE_IPSEC_XAUTH_PSK:
racoon = new String[] { iface, profile.server, "xauthpsk", profile.ipsecIdentifier, profile.ipsecSecret, profile.username, profile.password, "", gateway };
break;
case VpnProfile.TYPE_IPSEC_XAUTH_RSA:
racoon = new String[] { iface, profile.server, "xauthrsa", privateKey, userCert, caCert, serverCert, profile.username, profile.password, "", gateway };
break;
case VpnProfile.TYPE_IPSEC_HYBRID_RSA:
racoon = new String[] { iface, profile.server, "hybridrsa", caCert, serverCert, profile.username, profile.password, "", gateway };
break;
}
// Prepare arguments for mtpd.
String[] mtpd = null;
switch(profile.type) {
case VpnProfile.TYPE_PPTP:
mtpd = new String[] { iface, "pptp", profile.server, "1723", "name", profile.username, "password", profile.password, "linkname", "vpn", "refuse-eap", "nodefaultroute", "usepeerdns", "idle", "1800", "mtu", "1400", "mru", "1400", (profile.mppe ? "+mppe" : "nomppe") };
break;
case VpnProfile.TYPE_L2TP_IPSEC_PSK:
case VpnProfile.TYPE_L2TP_IPSEC_RSA:
mtpd = new String[] { iface, "l2tp", profile.server, "1701", profile.l2tpSecret, "name", profile.username, "password", profile.password, "linkname", "vpn", "refuse-eap", "nodefaultroute", "usepeerdns", "idle", "1800", "mtu", "1400", "mru", "1400" };
break;
}
VpnConfig config = new VpnConfig();
config.legacy = true;
config.user = profile.key;
config.interfaze = iface;
config.session = profile.name;
config.addLegacyRoutes(profile.routes);
if (!profile.dnsServers.isEmpty()) {
config.dnsServers = Arrays.asList(profile.dnsServers.split(" +"));
}
if (!profile.searchDomains.isEmpty()) {
config.searchDomains = Arrays.asList(profile.searchDomains.split(" +"));
}
startLegacyVpn(config, racoon, mtpd);
}
use of android.net.RouteInfo in project android_frameworks_base by DirtyUnicorns.
the class Nat464Xlat method makeLinkProperties.
private LinkProperties makeLinkProperties(LinkAddress clatAddress) {
LinkProperties stacked = new LinkProperties();
stacked.setInterfaceName(mIface);
// Although the clat interface is a point-to-point tunnel, we don't
// point the route directly at the interface because some apps don't
// understand routes without gateways (see, e.g., http://b/9597256
// http://b/9597516). Instead, set the next hop of the route to the
// clat IPv4 address itself (for those apps, it doesn't matter what
// the IP of the gateway is, only that there is one).
RouteInfo ipv4Default = new RouteInfo(new LinkAddress(Inet4Address.ANY, 0), clatAddress.getAddress(), mIface);
stacked.addRoute(ipv4Default);
stacked.addLinkAddress(clatAddress);
return stacked;
}
use of android.net.RouteInfo in project android_frameworks_base by DirtyUnicorns.
the class IpConfigStore method readIpAndProxyConfigurations.
public SparseArray<IpConfiguration> readIpAndProxyConfigurations(String filePath) {
SparseArray<IpConfiguration> networks = new SparseArray<IpConfiguration>();
DataInputStream in = null;
try {
in = new DataInputStream(new BufferedInputStream(new FileInputStream(filePath)));
int version = in.readInt();
if (version != 2 && version != 1) {
loge("Bad version on IP configuration file, ignore read");
return null;
}
while (true) {
int id = -1;
// Default is DHCP with no proxy
IpAssignment ipAssignment = IpAssignment.DHCP;
ProxySettings proxySettings = ProxySettings.NONE;
StaticIpConfiguration staticIpConfiguration = new StaticIpConfiguration();
String proxyHost = null;
String pacFileUrl = null;
int proxyPort = -1;
String exclusionList = null;
String key;
do {
key = in.readUTF();
try {
if (key.equals(ID_KEY)) {
id = in.readInt();
} else if (key.equals(IP_ASSIGNMENT_KEY)) {
ipAssignment = IpAssignment.valueOf(in.readUTF());
} else if (key.equals(LINK_ADDRESS_KEY)) {
LinkAddress linkAddr = new LinkAddress(NetworkUtils.numericToInetAddress(in.readUTF()), in.readInt());
if (linkAddr.getAddress() instanceof Inet4Address && staticIpConfiguration.ipAddress == null) {
staticIpConfiguration.ipAddress = linkAddr;
} else {
loge("Non-IPv4 or duplicate address: " + linkAddr);
}
} else if (key.equals(GATEWAY_KEY)) {
LinkAddress dest = null;
InetAddress gateway = null;
if (version == 1) {
// only supported default gateways - leave the dest/prefix empty
gateway = NetworkUtils.numericToInetAddress(in.readUTF());
if (staticIpConfiguration.gateway == null) {
staticIpConfiguration.gateway = gateway;
} else {
loge("Duplicate gateway: " + gateway.getHostAddress());
}
} else {
if (in.readInt() == 1) {
dest = new LinkAddress(NetworkUtils.numericToInetAddress(in.readUTF()), in.readInt());
}
if (in.readInt() == 1) {
gateway = NetworkUtils.numericToInetAddress(in.readUTF());
}
RouteInfo route = new RouteInfo(dest, gateway);
if (route.isIPv4Default() && staticIpConfiguration.gateway == null) {
staticIpConfiguration.gateway = gateway;
} else {
loge("Non-IPv4 default or duplicate route: " + route);
}
}
} else if (key.equals(DNS_KEY)) {
staticIpConfiguration.dnsServers.add(NetworkUtils.numericToInetAddress(in.readUTF()));
} else if (key.equals(PROXY_SETTINGS_KEY)) {
proxySettings = ProxySettings.valueOf(in.readUTF());
} else if (key.equals(PROXY_HOST_KEY)) {
proxyHost = in.readUTF();
} else if (key.equals(PROXY_PORT_KEY)) {
proxyPort = in.readInt();
} else if (key.equals(PROXY_PAC_FILE)) {
pacFileUrl = in.readUTF();
} else if (key.equals(EXCLUSION_LIST_KEY)) {
exclusionList = in.readUTF();
} else if (key.equals(EOS)) {
break;
} else {
loge("Ignore unknown key " + key + "while reading");
}
} catch (IllegalArgumentException e) {
loge("Ignore invalid address while reading" + e);
}
} while (true);
if (id != -1) {
IpConfiguration config = new IpConfiguration();
networks.put(id, config);
switch(ipAssignment) {
case STATIC:
config.staticIpConfiguration = staticIpConfiguration;
config.ipAssignment = ipAssignment;
break;
case DHCP:
config.ipAssignment = ipAssignment;
break;
case UNASSIGNED:
loge("BUG: Found UNASSIGNED IP on file, use DHCP");
config.ipAssignment = IpAssignment.DHCP;
break;
default:
loge("Ignore invalid ip assignment while reading.");
config.ipAssignment = IpAssignment.UNASSIGNED;
break;
}
switch(proxySettings) {
case STATIC:
ProxyInfo proxyInfo = new ProxyInfo(proxyHost, proxyPort, exclusionList);
config.proxySettings = proxySettings;
config.httpProxy = proxyInfo;
break;
case PAC:
ProxyInfo proxyPacProperties = new ProxyInfo(pacFileUrl);
config.proxySettings = proxySettings;
config.httpProxy = proxyPacProperties;
break;
case NONE:
config.proxySettings = proxySettings;
break;
case UNASSIGNED:
loge("BUG: Found UNASSIGNED proxy on file, use NONE");
config.proxySettings = ProxySettings.NONE;
break;
default:
loge("Ignore invalid proxy settings while reading");
config.proxySettings = ProxySettings.UNASSIGNED;
break;
}
} else {
if (DBG)
log("Missing id while parsing configuration");
}
}
} catch (EOFException ignore) {
} catch (IOException e) {
loge("Error parsing configuration: " + e);
} finally {
if (in != null) {
try {
in.close();
} catch (Exception e) {
}
}
}
return networks;
}
use of android.net.RouteInfo in project android_frameworks_base by AOSPA.
the class StaticIpConfigurationTest method testToLinkProperties.
@SmallTest
public void testToLinkProperties() {
LinkProperties expected = new LinkProperties();
expected.setInterfaceName(IFACE);
StaticIpConfiguration s = new StaticIpConfiguration();
assertEquals(expected, s.toLinkProperties(IFACE));
final RouteInfo connectedRoute = new RouteInfo(new IpPrefix(ADDRSTR), null, IFACE);
s.ipAddress = ADDR;
expected.addLinkAddress(ADDR);
expected.addRoute(connectedRoute);
assertEquals(expected, s.toLinkProperties(IFACE));
s.gateway = GATEWAY;
RouteInfo defaultRoute = new RouteInfo(new IpPrefix("0.0.0.0/0"), GATEWAY, IFACE);
expected.addRoute(defaultRoute);
assertEquals(expected, s.toLinkProperties(IFACE));
s.gateway = OFFLINKGATEWAY;
expected.removeRoute(defaultRoute);
defaultRoute = new RouteInfo(new IpPrefix("0.0.0.0/0"), OFFLINKGATEWAY, IFACE);
expected.addRoute(defaultRoute);
RouteInfo gatewayRoute = new RouteInfo(new IpPrefix("192.0.2.129/32"), null, IFACE);
expected.addRoute(gatewayRoute);
assertEquals(expected, s.toLinkProperties(IFACE));
s.dnsServers.add(DNS1);
expected.addDnsServer(DNS1);
assertEquals(expected, s.toLinkProperties(IFACE));
s.dnsServers.add(DNS2);
s.dnsServers.add(DNS3);
expected.addDnsServer(DNS2);
expected.addDnsServer(DNS3);
assertEquals(expected, s.toLinkProperties(IFACE));
s.domains = "google.com";
expected.setDomains("google.com");
assertEquals(expected, s.toLinkProperties(IFACE));
s.gateway = null;
expected.removeRoute(defaultRoute);
expected.removeRoute(gatewayRoute);
assertEquals(expected, s.toLinkProperties(IFACE));
// Without knowing the IP address, we don't have a directly-connected route, so we can't
// tell if the gateway is off-link or not and we don't add a host route. This isn't a real
// configuration, but we should at least not crash.
s.gateway = OFFLINKGATEWAY;
s.ipAddress = null;
expected.removeLinkAddress(ADDR);
expected.removeRoute(connectedRoute);
expected.addRoute(defaultRoute);
assertEquals(expected, s.toLinkProperties(IFACE));
}
Aggregations