2 * Copyright (C) 2008 The Android Open Source Project
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 // #define LOG_NDEBUG 0
20 #include <sys/socket.h>
21 #include <sys/types.h>
22 #include <netinet/in.h>
23 #include <arpa/inet.h>
28 #include <resolv_netid.h>
30 #define __STDC_FORMAT_MACROS 1
33 #define LOG_TAG "CommandListener"
35 #include <cutils/log.h>
36 #include <netutils/ifc.h>
37 #include <sysutils/SocketClient.h>
39 #include "CommandListener.h"
40 #include "ResponseCode.h"
41 #include "BandwidthController.h"
42 #include "IdletimerController.h"
43 #include "oem_iptables_hook.h"
44 #include "NetdConstants.h"
45 #include "FirewallController.h"
46 #include "RouteController.h"
47 #include "UidRanges.h"
54 const unsigned NUM_OEM_IDS = NetworkController::MAX_OEM_ID - NetworkController::MIN_OEM_ID + 1;
56 Permission stringToPermission(const char* arg) {
57 if (!strcmp(arg, "NETWORK")) {
58 return PERMISSION_NETWORK;
60 if (!strcmp(arg, "SYSTEM")) {
61 return PERMISSION_SYSTEM;
63 return PERMISSION_NONE;
66 unsigned stringToNetId(const char* arg) {
67 if (!strcmp(arg, "local")) {
68 return NetworkController::LOCAL_NET_ID;
70 // OEM NetIds are "oem1", "oem2", .., "oem50".
71 if (!strncmp(arg, "oem", 3)) {
72 unsigned n = strtoul(arg + 3, NULL, 0);
73 if (1 <= n && n <= NUM_OEM_IDS) {
74 return NetworkController::MIN_OEM_ID + n;
78 // strtoul() returns 0 on errors, which is fine because 0 is an invalid netId.
79 return strtoul(arg, NULL, 0);
84 NetworkController *CommandListener::sNetCtrl = NULL;
85 TetherController *CommandListener::sTetherCtrl = NULL;
86 NatController *CommandListener::sNatCtrl = NULL;
87 PppController *CommandListener::sPppCtrl = NULL;
88 SoftapController *CommandListener::sSoftapCtrl = NULL;
89 BandwidthController * CommandListener::sBandwidthCtrl = NULL;
90 IdletimerController * CommandListener::sIdletimerCtrl = NULL;
91 InterfaceController *CommandListener::sInterfaceCtrl = NULL;
92 ResolverController *CommandListener::sResolverCtrl = NULL;
93 FirewallController *CommandListener::sFirewallCtrl = NULL;
94 ClatdController *CommandListener::sClatdCtrl = NULL;
95 StrictController *CommandListener::sStrictCtrl = NULL;
98 * List of module chains to be created, along with explicit ordering. ORDERING
99 * IS CRITICAL, AND SHOULD BE TRIPLE-CHECKED WITH EACH CHANGE.
101 static const char* FILTER_INPUT[] = {
102 // Bandwidth should always be early in input chain, to make sure we
103 // correctly count incoming traffic against data plan.
104 BandwidthController::LOCAL_INPUT,
105 FirewallController::LOCAL_INPUT,
109 static const char* FILTER_FORWARD[] = {
110 OEM_IPTABLES_FILTER_FORWARD,
111 FirewallController::LOCAL_FORWARD,
112 BandwidthController::LOCAL_FORWARD,
113 NatController::LOCAL_FORWARD,
117 static const char* FILTER_OUTPUT[] = {
118 OEM_IPTABLES_FILTER_OUTPUT,
119 FirewallController::LOCAL_OUTPUT,
120 StrictController::LOCAL_OUTPUT,
121 BandwidthController::LOCAL_OUTPUT,
125 static const char* RAW_PREROUTING[] = {
126 BandwidthController::LOCAL_RAW_PREROUTING,
127 IdletimerController::LOCAL_RAW_PREROUTING,
131 static const char* MANGLE_POSTROUTING[] = {
132 BandwidthController::LOCAL_MANGLE_POSTROUTING,
133 IdletimerController::LOCAL_MANGLE_POSTROUTING,
137 static const char* MANGLE_FORWARD[] = {
138 NatController::LOCAL_MANGLE_FORWARD,
142 static const char* NAT_PREROUTING[] = {
143 OEM_IPTABLES_NAT_PREROUTING,
147 static const char* NAT_POSTROUTING[] = {
148 NatController::LOCAL_NAT_POSTROUTING,
152 static void createChildChains(IptablesTarget target, const char* table, const char* parentChain,
153 const char** childChains) {
154 const char** childChain = childChains;
156 // Order is important:
157 // -D to delete any pre-existing jump rule (removes references
158 // that would prevent -X from working)
159 // -F to flush any existing chain
160 // -X to delete any existing chain
161 // -N to create the chain
162 // -A to append the chain to parent
164 execIptablesSilently(target, "-t", table, "-D", parentChain, "-j", *childChain, NULL);
165 execIptablesSilently(target, "-t", table, "-F", *childChain, NULL);
166 execIptablesSilently(target, "-t", table, "-X", *childChain, NULL);
167 execIptables(target, "-t", table, "-N", *childChain, NULL);
168 execIptables(target, "-t", table, "-A", parentChain, "-j", *childChain, NULL);
169 } while (*(++childChain) != NULL);
172 CommandListener::CommandListener() :
173 FrameworkListener("netd", true) {
174 registerLockingCmd(new InterfaceCmd());
175 registerLockingCmd(new IpFwdCmd());
176 registerLockingCmd(new TetherCmd());
177 registerLockingCmd(new NatCmd());
178 registerLockingCmd(new ListTtysCmd());
179 registerLockingCmd(new PppdCmd());
180 registerLockingCmd(new SoftapCmd());
181 registerLockingCmd(new BandwidthControlCmd());
182 registerLockingCmd(new IdletimerControlCmd());
183 registerLockingCmd(new ResolverCmd());
184 registerLockingCmd(new FirewallCmd());
185 registerLockingCmd(new ClatdCmd());
186 registerLockingCmd(new NetworkCommand());
187 registerLockingCmd(new StrictCmd());
190 sNetCtrl = new NetworkController();
192 sTetherCtrl = new TetherController();
194 sNatCtrl = new NatController();
196 sPppCtrl = new PppController();
198 sSoftapCtrl = new SoftapController();
200 sBandwidthCtrl = new BandwidthController();
202 sIdletimerCtrl = new IdletimerController();
204 sResolverCtrl = new ResolverController();
206 sFirewallCtrl = new FirewallController();
208 sInterfaceCtrl = new InterfaceController();
210 sClatdCtrl = new ClatdController(sNetCtrl);
212 sStrictCtrl = new StrictController();
215 * This is the only time we touch top-level chains in iptables; controllers
216 * should only mutate rules inside of their children chains, as created by
217 * the constants above.
219 * Modules should never ACCEPT packets (except in well-justified cases);
220 * they should instead defer to any remaining modules using RETURN, or
221 * otherwise DROP/REJECT.
224 // Create chains for children modules
225 createChildChains(V4V6, "filter", "INPUT", FILTER_INPUT);
226 createChildChains(V4V6, "filter", "FORWARD", FILTER_FORWARD);
227 createChildChains(V4V6, "filter", "OUTPUT", FILTER_OUTPUT);
228 createChildChains(V4V6, "raw", "PREROUTING", RAW_PREROUTING);
229 createChildChains(V4V6, "mangle", "POSTROUTING", MANGLE_POSTROUTING);
230 createChildChains(V4, "mangle", "FORWARD", MANGLE_FORWARD);
231 createChildChains(V4, "nat", "PREROUTING", NAT_PREROUTING);
232 createChildChains(V4, "nat", "POSTROUTING", NAT_POSTROUTING);
234 // Let each module setup their child chains
235 setupOemIptablesHook();
237 /* When enabled, DROPs all packets except those matching rules. */
238 sFirewallCtrl->setupIptablesHooks();
240 /* Does DROPs in FORWARD by default */
241 sNatCtrl->setupIptablesHooks();
243 * Does REJECT in INPUT, OUTPUT. Does counting also.
244 * No DROP/REJECT allowed later in netfilter-flow hook order.
246 sBandwidthCtrl->setupIptablesHooks();
248 * Counts in nat: PREROUTING, POSTROUTING.
249 * No DROP/REJECT allowed later in netfilter-flow hook order.
251 sIdletimerCtrl->setupIptablesHooks();
253 sBandwidthCtrl->enableBandwidthControl(false);
255 if (int ret = RouteController::Init(NetworkController::LOCAL_NET_ID)) {
256 ALOGE("failed to initialize RouteController (%s)", strerror(-ret));
260 CommandListener::InterfaceCmd::InterfaceCmd() :
261 NetdCommand("interface") {
264 int CommandListener::InterfaceCmd::runCommand(SocketClient *cli,
265 int argc, char **argv) {
267 cli->sendMsg(ResponseCode::CommandSyntaxError, "Missing argument", false);
271 if (!strcmp(argv[1], "list")) {
275 if (!(d = opendir("/sys/class/net"))) {
276 cli->sendMsg(ResponseCode::OperationFailed, "Failed to open sysfs dir", true);
280 while((de = readdir(d))) {
281 if (de->d_name[0] == '.')
283 cli->sendMsg(ResponseCode::InterfaceListResult, de->d_name, false);
286 cli->sendMsg(ResponseCode::CommandOkay, "Interface list completed", false);
290 * These commands take a minimum of 3 arguments
293 cli->sendMsg(ResponseCode::CommandSyntaxError, "Missing argument", false);
297 if (!strcmp(argv[1], "getcfg")) {
300 unsigned char hwaddr[6];
304 memset(hwaddr, 0, sizeof(hwaddr));
306 if (ifc_get_info(argv[2], &addr.s_addr, &prefixLength, &flags)) {
307 cli->sendMsg(ResponseCode::OperationFailed, "Interface not found", true);
312 if (ifc_get_hwaddr(argv[2], (void *) hwaddr)) {
313 ALOGW("Failed to retrieve HW addr for %s (%s)", argv[2], strerror(errno));
316 char *addr_s = strdup(inet_ntoa(addr));
317 const char *updown, *brdcst, *loopbk, *ppp, *running, *multi;
319 updown = (flags & IFF_UP) ? "up" : "down";
320 brdcst = (flags & IFF_BROADCAST) ? " broadcast" : "";
321 loopbk = (flags & IFF_LOOPBACK) ? " loopback" : "";
322 ppp = (flags & IFF_POINTOPOINT) ? " point-to-point" : "";
323 running = (flags & IFF_RUNNING) ? " running" : "";
324 multi = (flags & IFF_MULTICAST) ? " multicast" : "";
328 asprintf(&flag_s, "%s%s%s%s%s%s", updown, brdcst, loopbk, ppp, running, multi);
331 asprintf(&msg, "%.2x:%.2x:%.2x:%.2x:%.2x:%.2x %s %d %s",
332 hwaddr[0], hwaddr[1], hwaddr[2], hwaddr[3], hwaddr[4], hwaddr[5],
333 addr_s, prefixLength, flag_s);
335 cli->sendMsg(ResponseCode::InterfaceGetCfgResult, msg, false);
343 } else if (!strcmp(argv[1], "setcfg")) {
344 // arglist: iface [addr prefixLength] flags
346 cli->sendMsg(ResponseCode::CommandSyntaxError, "Missing argument", false);
349 ALOGD("Setting iface cfg");
356 if (!inet_aton(argv[3], &addr)) {
357 // Handle flags only case
360 if (ifc_set_addr(argv[2], 0)) {
361 cli->sendMsg(ResponseCode::OperationFailed, "Failed to clear address", true);
365 if (addr.s_addr != 0) {
366 if (ifc_add_address(argv[2], argv[3], atoi(argv[4]))) {
367 cli->sendMsg(ResponseCode::OperationFailed, "Failed to set address", true);
375 for (int i = index; i < argc; i++) {
376 char *flag = argv[i];
377 if (!strcmp(flag, "up")) {
378 ALOGD("Trying to bring up %s", argv[2]);
379 if (ifc_up(argv[2])) {
380 ALOGE("Error upping interface");
381 cli->sendMsg(ResponseCode::OperationFailed, "Failed to up interface", true);
385 } else if (!strcmp(flag, "down")) {
386 ALOGD("Trying to bring down %s", argv[2]);
387 if (ifc_down(argv[2])) {
388 ALOGE("Error downing interface");
389 cli->sendMsg(ResponseCode::OperationFailed, "Failed to down interface", true);
393 } else if (!strcmp(flag, "broadcast")) {
395 } else if (!strcmp(flag, "multicast")) {
397 } else if (!strcmp(flag, "running")) {
399 } else if (!strcmp(flag, "loopback")) {
401 } else if (!strcmp(flag, "point-to-point")) {
404 cli->sendMsg(ResponseCode::CommandParameterError, "Flag unsupported", false);
410 cli->sendMsg(ResponseCode::CommandOkay, "Interface configuration set", false);
413 } else if (!strcmp(argv[1], "clearaddrs")) {
415 ALOGD("Clearing all IP addresses on %s", argv[2]);
417 ifc_clear_addresses(argv[2]);
419 cli->sendMsg(ResponseCode::CommandOkay, "Interface IP addresses cleared", false);
421 } else if (!strcmp(argv[1], "ipv6privacyextensions")) {
423 cli->sendMsg(ResponseCode::CommandSyntaxError,
424 "Usage: interface ipv6privacyextensions <interface> <enable|disable>",
428 int enable = !strncmp(argv[3], "enable", 7);
429 if (sInterfaceCtrl->setIPv6PrivacyExtensions(argv[2], enable) == 0) {
430 cli->sendMsg(ResponseCode::CommandOkay, "IPv6 privacy extensions changed", false);
432 cli->sendMsg(ResponseCode::OperationFailed,
433 "Failed to set ipv6 privacy extensions", true);
436 } else if (!strcmp(argv[1], "ipv6")) {
438 cli->sendMsg(ResponseCode::CommandSyntaxError,
439 "Usage: interface ipv6 <interface> <enable|disable>",
444 int enable = !strncmp(argv[3], "enable", 7);
445 if (sInterfaceCtrl->setEnableIPv6(argv[2], enable) == 0) {
446 cli->sendMsg(ResponseCode::CommandOkay, "IPv6 state changed", false);
448 cli->sendMsg(ResponseCode::OperationFailed,
449 "Failed to change IPv6 state", true);
452 } else if (!strcmp(argv[1], "ipv6ndoffload")) {
454 cli->sendMsg(ResponseCode::CommandSyntaxError,
455 "Usage: interface ipv6ndoffload <interface> <enable|disable>",
459 int enable = !strncmp(argv[3], "enable", 7);
460 if (sInterfaceCtrl->setIPv6NdOffload(argv[2], enable) == 0) {
461 cli->sendMsg(ResponseCode::CommandOkay, "IPv6 ND offload changed", false);
463 cli->sendMsg(ResponseCode::OperationFailed,
464 "Failed to change IPv6 ND offload state", true);
467 } else if (!strcmp(argv[1], "setmtu")) {
469 cli->sendMsg(ResponseCode::CommandSyntaxError,
470 "Usage: interface setmtu <interface> <val>", false);
473 if (sInterfaceCtrl->setMtu(argv[2], argv[3]) == 0) {
474 cli->sendMsg(ResponseCode::CommandOkay, "MTU changed", false);
476 cli->sendMsg(ResponseCode::OperationFailed,
477 "Failed to set MTU", true);
481 cli->sendMsg(ResponseCode::CommandSyntaxError, "Unknown interface cmd", false);
489 CommandListener::ListTtysCmd::ListTtysCmd() :
490 NetdCommand("list_ttys") {
493 int CommandListener::ListTtysCmd::runCommand(SocketClient *cli,
494 int /* argc */, char ** /* argv */) {
495 TtyCollection *tlist = sPppCtrl->getTtyList();
496 TtyCollection::iterator it;
498 for (it = tlist->begin(); it != tlist->end(); ++it) {
499 cli->sendMsg(ResponseCode::TtyListResult, *it, false);
502 cli->sendMsg(ResponseCode::CommandOkay, "Ttys listed.", false);
506 CommandListener::IpFwdCmd::IpFwdCmd() :
507 NetdCommand("ipfwd") {
510 int CommandListener::IpFwdCmd::runCommand(SocketClient *cli, int argc, char **argv) {
511 bool matched = false;
517 if (!strcmp(argv[1], "status")) {
520 asprintf(&tmp, "Forwarding %s",
521 ((sTetherCtrl->forwardingRequestCount() > 0) ? "enabled" : "disabled"));
522 cli->sendMsg(ResponseCode::IpFwdStatusResult, tmp, false);
526 } else if (argc == 3) {
528 // ipfwd enable <requester>
529 // ipfwd disable <requester>
530 if (!strcmp(argv[1], "enable")) {
532 success = sTetherCtrl->enableForwarding(argv[2]);
533 } else if (!strcmp(argv[1], "disable")) {
535 success = sTetherCtrl->disableForwarding(argv[2]);
537 } else if (argc == 4) {
539 // ipfwd add wlan0 dummy0
540 // ipfwd remove wlan0 dummy0
542 if (!strcmp(argv[1], "add")) {
544 ret = RouteController::enableTethering(argv[2], argv[3]);
545 } else if (!strcmp(argv[1], "remove")) {
547 ret = RouteController::disableTethering(argv[2], argv[3]);
549 success = (ret == 0);
554 cli->sendMsg(ResponseCode::CommandSyntaxError, "Unknown ipfwd cmd", false);
559 cli->sendMsg(ResponseCode::CommandOkay, "ipfwd operation succeeded", false);
561 cli->sendMsg(ResponseCode::OperationFailed, "ipfwd operation failed", true);
566 CommandListener::TetherCmd::TetherCmd() :
567 NetdCommand("tether") {
570 int CommandListener::TetherCmd::runCommand(SocketClient *cli,
571 int argc, char **argv) {
575 cli->sendMsg(ResponseCode::CommandSyntaxError, "Missing argument", false);
579 if (!strcmp(argv[1], "stop")) {
580 rc = sTetherCtrl->stopTethering();
581 } else if (!strcmp(argv[1], "status")) {
584 asprintf(&tmp, "Tethering services %s",
585 (sTetherCtrl->isTetheringStarted() ? "started" : "stopped"));
586 cli->sendMsg(ResponseCode::TetherStatusResult, tmp, false);
589 } else if (argc == 3) {
590 if (!strcmp(argv[1], "interface") && !strcmp(argv[2], "list")) {
591 InterfaceCollection *ilist = sTetherCtrl->getTetheredInterfaceList();
592 InterfaceCollection::iterator it;
593 for (it = ilist->begin(); it != ilist->end(); ++it) {
594 cli->sendMsg(ResponseCode::TetherInterfaceListResult, *it, false);
596 } else if (!strcmp(argv[1], "dns") && !strcmp(argv[2], "list")) {
597 char netIdStr[UINT32_STRLEN];
598 snprintf(netIdStr, sizeof(netIdStr), "%u", sTetherCtrl->getDnsNetId());
599 cli->sendMsg(ResponseCode::TetherDnsFwdNetIdResult, netIdStr, false);
601 for (const auto &fwdr : *(sTetherCtrl->getDnsForwarders())) {
602 cli->sendMsg(ResponseCode::TetherDnsFwdTgtListResult, fwdr.c_str(), false);
607 * These commands take a minimum of 4 arguments
610 cli->sendMsg(ResponseCode::CommandSyntaxError, "Missing argument", false);
614 if (!strcmp(argv[1], "start")) {
616 cli->sendMsg(ResponseCode::CommandSyntaxError, "Bad number of arguments", false);
620 const int num_addrs = argc - 2;
621 // TODO: consider moving this validation into TetherController.
622 struct in_addr tmp_addr;
623 for (int arg_index = 2; arg_index < argc; arg_index++) {
624 if (!inet_aton(argv[arg_index], &tmp_addr)) {
625 cli->sendMsg(ResponseCode::CommandParameterError, "Invalid address", false);
630 rc = sTetherCtrl->startTethering(num_addrs, &(argv[2]));
631 } else if (!strcmp(argv[1], "interface")) {
632 if (!strcmp(argv[2], "add")) {
633 rc = sTetherCtrl->tetherInterface(argv[3]);
634 } else if (!strcmp(argv[2], "remove")) {
635 rc = sTetherCtrl->untetherInterface(argv[3]);
636 /* else if (!strcmp(argv[2], "list")) handled above */
638 cli->sendMsg(ResponseCode::CommandParameterError,
639 "Unknown tether interface operation", false);
642 } else if (!strcmp(argv[1], "dns")) {
643 if (!strcmp(argv[2], "set")) {
645 cli->sendMsg(ResponseCode::CommandSyntaxError, "Missing argument", false);
648 unsigned netId = stringToNetId(argv[3]);
649 rc = sTetherCtrl->setDnsForwarders(netId, &argv[4], argc - 4);
650 /* else if (!strcmp(argv[2], "list")) handled above */
652 cli->sendMsg(ResponseCode::CommandParameterError,
653 "Unknown tether interface operation", false);
657 cli->sendMsg(ResponseCode::CommandSyntaxError, "Unknown tether cmd", false);
663 cli->sendMsg(ResponseCode::CommandOkay, "Tether operation succeeded", false);
665 cli->sendMsg(ResponseCode::OperationFailed, "Tether operation failed", true);
671 CommandListener::NatCmd::NatCmd() :
675 int CommandListener::NatCmd::runCommand(SocketClient *cli,
676 int argc, char **argv) {
680 cli->sendMsg(ResponseCode::CommandSyntaxError, "Missing argument", false);
685 // nat enable intiface extiface
686 // nat disable intiface extiface
687 if (!strcmp(argv[1], "enable") && argc >= 4) {
688 rc = sNatCtrl->enableNat(argv[2], argv[3]);
690 /* Ignore ifaces for now. */
691 rc = sBandwidthCtrl->setGlobalAlertInForwardChain();
693 } else if (!strcmp(argv[1], "disable") && argc >= 4) {
694 /* Ignore ifaces for now. */
695 rc = sBandwidthCtrl->removeGlobalAlertInForwardChain();
696 rc |= sNatCtrl->disableNat(argv[2], argv[3]);
698 cli->sendMsg(ResponseCode::CommandSyntaxError, "Unknown nat cmd", false);
703 cli->sendMsg(ResponseCode::CommandOkay, "Nat operation succeeded", false);
705 cli->sendMsg(ResponseCode::OperationFailed, "Nat operation failed", true);
711 CommandListener::PppdCmd::PppdCmd() :
712 NetdCommand("pppd") {
715 int CommandListener::PppdCmd::runCommand(SocketClient *cli,
716 int argc, char **argv) {
720 cli->sendMsg(ResponseCode::CommandSyntaxError, "Missing argument", false);
724 if (!strcmp(argv[1], "attach")) {
725 struct in_addr l, r, dns1, dns2;
727 memset(&dns1, 0, sizeof(struct in_addr));
728 memset(&dns2, 0, sizeof(struct in_addr));
730 if (!inet_aton(argv[3], &l)) {
731 cli->sendMsg(ResponseCode::CommandParameterError, "Invalid local address", false);
734 if (!inet_aton(argv[4], &r)) {
735 cli->sendMsg(ResponseCode::CommandParameterError, "Invalid remote address", false);
738 if ((argc > 3) && (!inet_aton(argv[5], &dns1))) {
739 cli->sendMsg(ResponseCode::CommandParameterError, "Invalid dns1 address", false);
742 if ((argc > 4) && (!inet_aton(argv[6], &dns2))) {
743 cli->sendMsg(ResponseCode::CommandParameterError, "Invalid dns2 address", false);
746 rc = sPppCtrl->attachPppd(argv[2], l, r, dns1, dns2);
747 } else if (!strcmp(argv[1], "detach")) {
748 rc = sPppCtrl->detachPppd(argv[2]);
750 cli->sendMsg(ResponseCode::CommandSyntaxError, "Unknown pppd cmd", false);
755 cli->sendMsg(ResponseCode::CommandOkay, "Pppd operation succeeded", false);
757 cli->sendMsg(ResponseCode::OperationFailed, "Pppd operation failed", true);
763 CommandListener::SoftapCmd::SoftapCmd() :
764 NetdCommand("softap") {
767 int CommandListener::SoftapCmd::runCommand(SocketClient *cli,
768 int argc, char **argv) {
769 int rc = ResponseCode::SoftapStatusResult;
772 if (sSoftapCtrl == NULL) {
773 cli->sendMsg(ResponseCode::ServiceStartFailed, "SoftAP is not available", false);
777 cli->sendMsg(ResponseCode::CommandSyntaxError,
778 "Missing argument in a SoftAP command", false);
782 if (!strcmp(argv[1], "startap")) {
783 rc = sSoftapCtrl->startSoftap();
784 } else if (!strcmp(argv[1], "stopap")) {
785 rc = sSoftapCtrl->stopSoftap();
786 } else if (!strcmp(argv[1], "fwreload")) {
787 rc = sSoftapCtrl->fwReloadSoftap(argc, argv);
788 } else if (!strcmp(argv[1], "status")) {
789 asprintf(&retbuf, "Softap service %s running",
790 (sSoftapCtrl->isSoftapStarted() ? "is" : "is not"));
791 cli->sendMsg(rc, retbuf, false);
794 } else if (!strcmp(argv[1], "set")) {
795 rc = sSoftapCtrl->setSoftap(argc, argv);
797 cli->sendMsg(ResponseCode::CommandSyntaxError, "Unrecognized SoftAP command", false);
801 if (rc >= 400 && rc < 600)
802 cli->sendMsg(rc, "SoftAP command has failed", false);
804 cli->sendMsg(rc, "Ok", false);
809 CommandListener::ResolverCmd::ResolverCmd() :
810 NetdCommand("resolver") {
813 int CommandListener::ResolverCmd::runCommand(SocketClient *cli, int argc, char **margv) {
815 const char **argv = const_cast<const char **>(margv);
818 cli->sendMsg(ResponseCode::CommandSyntaxError, "Resolver missing arguments", false);
822 unsigned netId = stringToNetId(argv[2]);
823 // TODO: Consider making NetworkController.isValidNetwork() public
824 // and making that check here.
826 if (!strcmp(argv[1], "setnetdns")) {
827 // "resolver setnetdns <netId> <domains> <dns1> <dns2> ..."
829 rc = sResolverCtrl->setDnsServers(netId, argv[3], &argv[4], argc - 4);
831 cli->sendMsg(ResponseCode::CommandSyntaxError,
832 "Wrong number of arguments to resolver setnetdns", false);
835 } else if (!strcmp(argv[1], "clearnetdns")) { // "resolver clearnetdns <netId>"
837 rc = sResolverCtrl->clearDnsServers(netId);
839 cli->sendMsg(ResponseCode::CommandSyntaxError,
840 "Wrong number of arguments to resolver clearnetdns", false);
843 } else if (!strcmp(argv[1], "flushnet")) { // "resolver flushnet <netId>"
845 rc = sResolverCtrl->flushDnsCache(netId);
847 cli->sendMsg(ResponseCode::CommandSyntaxError,
848 "Wrong number of arguments to resolver flushnet", false);
852 cli->sendMsg(ResponseCode::CommandSyntaxError,"Resolver unknown command", false);
857 cli->sendMsg(ResponseCode::CommandOkay, "Resolver command succeeded", false);
859 cli->sendMsg(ResponseCode::OperationFailed, "Resolver command failed", true);
865 CommandListener::BandwidthControlCmd::BandwidthControlCmd() :
866 NetdCommand("bandwidth") {
869 void CommandListener::BandwidthControlCmd::sendGenericSyntaxError(SocketClient *cli, const char *usageMsg) {
871 asprintf(&msg, "Usage: bandwidth %s", usageMsg);
872 cli->sendMsg(ResponseCode::CommandSyntaxError, msg, false);
876 void CommandListener::BandwidthControlCmd::sendGenericOkFail(SocketClient *cli, int cond) {
878 cli->sendMsg(ResponseCode::CommandOkay, "Bandwidth command succeeeded", false);
880 cli->sendMsg(ResponseCode::OperationFailed, "Bandwidth command failed", false);
884 void CommandListener::BandwidthControlCmd::sendGenericOpFailed(SocketClient *cli, const char *errMsg) {
885 cli->sendMsg(ResponseCode::OperationFailed, errMsg, false);
888 int CommandListener::BandwidthControlCmd::runCommand(SocketClient *cli, int argc, char **argv) {
890 sendGenericSyntaxError(cli, "<cmds> <args...>");
894 ALOGV("bwctrlcmd: argc=%d %s %s ...", argc, argv[0], argv[1]);
896 if (!strcmp(argv[1], "enable")) {
897 int rc = sBandwidthCtrl->enableBandwidthControl(true);
898 sendGenericOkFail(cli, rc);
902 if (!strcmp(argv[1], "disable")) {
903 int rc = sBandwidthCtrl->disableBandwidthControl();
904 sendGenericOkFail(cli, rc);
908 if (!strcmp(argv[1], "removequota") || !strcmp(argv[1], "rq")) {
910 sendGenericSyntaxError(cli, "removequota <interface>");
913 int rc = sBandwidthCtrl->removeInterfaceSharedQuota(argv[2]);
914 sendGenericOkFail(cli, rc);
918 if (!strcmp(argv[1], "getquota") || !strcmp(argv[1], "gq")) {
921 sendGenericSyntaxError(cli, "getquota");
924 int rc = sBandwidthCtrl->getInterfaceSharedQuota(&bytes);
926 sendGenericOpFailed(cli, "Failed to get quota");
931 asprintf(&msg, "%" PRId64, bytes);
932 cli->sendMsg(ResponseCode::QuotaCounterResult, msg, false);
937 if (!strcmp(argv[1], "getiquota") || !strcmp(argv[1], "giq")) {
940 sendGenericSyntaxError(cli, "getiquota <iface>");
944 int rc = sBandwidthCtrl->getInterfaceQuota(argv[2], &bytes);
946 sendGenericOpFailed(cli, "Failed to get quota");
950 asprintf(&msg, "%" PRId64, bytes);
951 cli->sendMsg(ResponseCode::QuotaCounterResult, msg, false);
956 if (!strcmp(argv[1], "setquota") || !strcmp(argv[1], "sq")) {
958 sendGenericSyntaxError(cli, "setquota <interface> <bytes>");
961 int rc = sBandwidthCtrl->setInterfaceSharedQuota(argv[2], atoll(argv[3]));
962 sendGenericOkFail(cli, rc);
965 if (!strcmp(argv[1], "setquotas") || !strcmp(argv[1], "sqs")) {
968 sendGenericSyntaxError(cli, "setquotas <bytes> <interface> ...");
972 for (int q = 3; argc >= 4; q++, argc--) {
973 rc = sBandwidthCtrl->setInterfaceSharedQuota(argv[q], atoll(argv[2]));
976 asprintf(&msg, "bandwidth setquotas %s %s failed", argv[2], argv[q]);
977 cli->sendMsg(ResponseCode::OperationFailed,
983 sendGenericOkFail(cli, rc);
987 if (!strcmp(argv[1], "removequotas") || !strcmp(argv[1], "rqs")) {
990 sendGenericSyntaxError(cli, "removequotas <interface> ...");
994 for (int q = 2; argc >= 3; q++, argc--) {
995 rc = sBandwidthCtrl->removeInterfaceSharedQuota(argv[q]);
998 asprintf(&msg, "bandwidth removequotas %s failed", argv[q]);
999 cli->sendMsg(ResponseCode::OperationFailed,
1005 sendGenericOkFail(cli, rc);
1009 if (!strcmp(argv[1], "removeiquota") || !strcmp(argv[1], "riq")) {
1011 sendGenericSyntaxError(cli, "removeiquota <interface>");
1014 int rc = sBandwidthCtrl->removeInterfaceQuota(argv[2]);
1015 sendGenericOkFail(cli, rc);
1019 if (!strcmp(argv[1], "setiquota") || !strcmp(argv[1], "siq")) {
1021 sendGenericSyntaxError(cli, "setiquota <interface> <bytes>");
1024 int rc = sBandwidthCtrl->setInterfaceQuota(argv[2], atoll(argv[3]));
1025 sendGenericOkFail(cli, rc);
1029 if (!strcmp(argv[1], "addnaughtyapps") || !strcmp(argv[1], "ana")) {
1031 sendGenericSyntaxError(cli, "addnaughtyapps <appUid> ...");
1034 int rc = sBandwidthCtrl->addNaughtyApps(argc - 2, argv + 2);
1035 sendGenericOkFail(cli, rc);
1040 if (!strcmp(argv[1], "removenaughtyapps") || !strcmp(argv[1], "rna")) {
1042 sendGenericSyntaxError(cli, "removenaughtyapps <appUid> ...");
1045 int rc = sBandwidthCtrl->removeNaughtyApps(argc - 2, argv + 2);
1046 sendGenericOkFail(cli, rc);
1049 if (!strcmp(argv[1], "happybox")) {
1051 sendGenericSyntaxError(cli, "happybox (enable | disable)");
1054 if (!strcmp(argv[2], "enable")) {
1055 int rc = sBandwidthCtrl->enableHappyBox();
1056 sendGenericOkFail(cli, rc);
1060 if (!strcmp(argv[2], "disable")) {
1061 int rc = sBandwidthCtrl->disableHappyBox();
1062 sendGenericOkFail(cli, rc);
1065 sendGenericSyntaxError(cli, "happybox (enable | disable)");
1068 if (!strcmp(argv[1], "addniceapps") || !strcmp(argv[1], "aha")) {
1070 sendGenericSyntaxError(cli, "addniceapps <appUid> ...");
1073 int rc = sBandwidthCtrl->addNiceApps(argc - 2, argv + 2);
1074 sendGenericOkFail(cli, rc);
1077 if (!strcmp(argv[1], "removeniceapps") || !strcmp(argv[1], "rha")) {
1079 sendGenericSyntaxError(cli, "removeniceapps <appUid> ...");
1082 int rc = sBandwidthCtrl->removeNiceApps(argc - 2, argv + 2);
1083 sendGenericOkFail(cli, rc);
1086 if (!strcmp(argv[1], "setglobalalert") || !strcmp(argv[1], "sga")) {
1088 sendGenericSyntaxError(cli, "setglobalalert <bytes>");
1091 int rc = sBandwidthCtrl->setGlobalAlert(atoll(argv[2]));
1092 sendGenericOkFail(cli, rc);
1095 if (!strcmp(argv[1], "debugsettetherglobalalert") || !strcmp(argv[1], "dstga")) {
1097 sendGenericSyntaxError(cli, "debugsettetherglobalalert <interface0> <interface1>");
1100 /* We ignore the interfaces for now. */
1101 int rc = sBandwidthCtrl->setGlobalAlertInForwardChain();
1102 sendGenericOkFail(cli, rc);
1106 if (!strcmp(argv[1], "removeglobalalert") || !strcmp(argv[1], "rga")) {
1108 sendGenericSyntaxError(cli, "removeglobalalert");
1111 int rc = sBandwidthCtrl->removeGlobalAlert();
1112 sendGenericOkFail(cli, rc);
1116 if (!strcmp(argv[1], "debugremovetetherglobalalert") || !strcmp(argv[1], "drtga")) {
1118 sendGenericSyntaxError(cli, "debugremovetetherglobalalert <interface0> <interface1>");
1121 /* We ignore the interfaces for now. */
1122 int rc = sBandwidthCtrl->removeGlobalAlertInForwardChain();
1123 sendGenericOkFail(cli, rc);
1127 if (!strcmp(argv[1], "setsharedalert") || !strcmp(argv[1], "ssa")) {
1129 sendGenericSyntaxError(cli, "setsharedalert <bytes>");
1132 int rc = sBandwidthCtrl->setSharedAlert(atoll(argv[2]));
1133 sendGenericOkFail(cli, rc);
1137 if (!strcmp(argv[1], "removesharedalert") || !strcmp(argv[1], "rsa")) {
1139 sendGenericSyntaxError(cli, "removesharedalert");
1142 int rc = sBandwidthCtrl->removeSharedAlert();
1143 sendGenericOkFail(cli, rc);
1147 if (!strcmp(argv[1], "setinterfacealert") || !strcmp(argv[1], "sia")) {
1149 sendGenericSyntaxError(cli, "setinterfacealert <interface> <bytes>");
1152 int rc = sBandwidthCtrl->setInterfaceAlert(argv[2], atoll(argv[3]));
1153 sendGenericOkFail(cli, rc);
1157 if (!strcmp(argv[1], "removeinterfacealert") || !strcmp(argv[1], "ria")) {
1159 sendGenericSyntaxError(cli, "removeinterfacealert <interface>");
1162 int rc = sBandwidthCtrl->removeInterfaceAlert(argv[2]);
1163 sendGenericOkFail(cli, rc);
1167 if (!strcmp(argv[1], "gettetherstats") || !strcmp(argv[1], "gts")) {
1168 BandwidthController::TetherStats tetherStats;
1169 std::string extraProcessingInfo = "";
1170 if (argc < 2 || argc > 4) {
1171 sendGenericSyntaxError(cli, "gettetherstats [<intInterface> <extInterface>]");
1174 tetherStats.intIface = argc > 2 ? argv[2] : "";
1175 tetherStats.extIface = argc > 3 ? argv[3] : "";
1176 // No filtering requested and there are no interface pairs to lookup.
1177 if (argc <= 2 && sNatCtrl->ifacePairList.empty()) {
1178 cli->sendMsg(ResponseCode::CommandOkay, "Tethering stats list completed", false);
1181 int rc = sBandwidthCtrl->getTetherStats(cli, tetherStats, extraProcessingInfo);
1183 extraProcessingInfo.insert(0, "Failed to get tethering stats.\n");
1184 sendGenericOpFailed(cli, extraProcessingInfo.c_str());
1191 cli->sendMsg(ResponseCode::CommandSyntaxError, "Unknown bandwidth cmd", false);
1195 CommandListener::IdletimerControlCmd::IdletimerControlCmd() :
1196 NetdCommand("idletimer") {
1199 int CommandListener::IdletimerControlCmd::runCommand(SocketClient *cli, int argc, char **argv) {
1200 // TODO(ashish): Change the error statements
1202 cli->sendMsg(ResponseCode::CommandSyntaxError, "Missing argument", false);
1206 ALOGV("idletimerctrlcmd: argc=%d %s %s ...", argc, argv[0], argv[1]);
1208 if (!strcmp(argv[1], "enable")) {
1209 if (0 != sIdletimerCtrl->enableIdletimerControl()) {
1210 cli->sendMsg(ResponseCode::CommandSyntaxError, "Missing argument", false);
1212 cli->sendMsg(ResponseCode::CommandOkay, "Enable success", false);
1217 if (!strcmp(argv[1], "disable")) {
1218 if (0 != sIdletimerCtrl->disableIdletimerControl()) {
1219 cli->sendMsg(ResponseCode::CommandSyntaxError, "Missing argument", false);
1221 cli->sendMsg(ResponseCode::CommandOkay, "Disable success", false);
1225 if (!strcmp(argv[1], "add")) {
1227 cli->sendMsg(ResponseCode::CommandSyntaxError, "Missing argument", false);
1230 if(0 != sIdletimerCtrl->addInterfaceIdletimer(
1231 argv[2], atoi(argv[3]), argv[4])) {
1232 cli->sendMsg(ResponseCode::OperationFailed, "Failed to add interface", false);
1234 cli->sendMsg(ResponseCode::CommandOkay, "Add success", false);
1238 if (!strcmp(argv[1], "remove")) {
1240 cli->sendMsg(ResponseCode::CommandSyntaxError, "Missing argument", false);
1243 // ashish: fixme timeout
1244 if (0 != sIdletimerCtrl->removeInterfaceIdletimer(
1245 argv[2], atoi(argv[3]), argv[4])) {
1246 cli->sendMsg(ResponseCode::OperationFailed, "Failed to remove interface", false);
1248 cli->sendMsg(ResponseCode::CommandOkay, "Remove success", false);
1253 cli->sendMsg(ResponseCode::CommandSyntaxError, "Unknown idletimer cmd", false);
1257 CommandListener::FirewallCmd::FirewallCmd() :
1258 NetdCommand("firewall") {
1261 int CommandListener::FirewallCmd::sendGenericOkFail(SocketClient *cli, int cond) {
1263 cli->sendMsg(ResponseCode::CommandOkay, "Firewall command succeeded", false);
1265 cli->sendMsg(ResponseCode::OperationFailed, "Firewall command failed", false);
1270 FirewallRule CommandListener::FirewallCmd::parseRule(const char* arg) {
1271 if (!strcmp(arg, "allow")) {
1273 } else if (!strcmp(arg, "deny")) {
1276 ALOGE("failed to parse uid rule (%s)", arg);
1281 FirewallType CommandListener::FirewallCmd::parseFirewallType(const char* arg) {
1282 if (!strcmp(arg, "whitelist")) {
1284 } else if (!strcmp(arg, "blacklist")) {
1287 ALOGE("failed to parse firewall type (%s)", arg);
1292 ChildChain CommandListener::FirewallCmd::parseChildChain(const char* arg) {
1293 if (!strcmp(arg, "dozable")) {
1295 } else if (!strcmp(arg, "standby")) {
1297 } else if (!strcmp(arg, "none")) {
1300 ALOGE("failed to parse child firewall chain (%s)", arg);
1301 return INVALID_CHAIN;
1305 int CommandListener::FirewallCmd::runCommand(SocketClient *cli, int argc,
1308 cli->sendMsg(ResponseCode::CommandSyntaxError, "Missing command", false);
1312 if (!strcmp(argv[1], "enable")) {
1314 cli->sendMsg(ResponseCode::CommandSyntaxError,
1315 "Usage: firewall enable <whitelist|blacklist>", false);
1318 FirewallType firewallType = parseFirewallType(argv[2]);
1320 int res = sFirewallCtrl->enableFirewall(firewallType);
1321 return sendGenericOkFail(cli, res);
1323 if (!strcmp(argv[1], "disable")) {
1324 int res = sFirewallCtrl->disableFirewall();
1325 return sendGenericOkFail(cli, res);
1327 if (!strcmp(argv[1], "is_enabled")) {
1328 int res = sFirewallCtrl->isFirewallEnabled();
1329 return sendGenericOkFail(cli, res);
1332 if (!strcmp(argv[1], "set_interface_rule")) {
1334 cli->sendMsg(ResponseCode::CommandSyntaxError,
1335 "Usage: firewall set_interface_rule <rmnet0> <allow|deny>", false);
1339 const char* iface = argv[2];
1340 FirewallRule rule = parseRule(argv[3]);
1342 int res = sFirewallCtrl->setInterfaceRule(iface, rule);
1343 return sendGenericOkFail(cli, res);
1346 if (!strcmp(argv[1], "set_egress_source_rule")) {
1348 cli->sendMsg(ResponseCode::CommandSyntaxError,
1349 "Usage: firewall set_egress_source_rule <192.168.0.1> <allow|deny>",
1354 const char* addr = argv[2];
1355 FirewallRule rule = parseRule(argv[3]);
1357 int res = sFirewallCtrl->setEgressSourceRule(addr, rule);
1358 return sendGenericOkFail(cli, res);
1361 if (!strcmp(argv[1], "set_egress_dest_rule")) {
1363 cli->sendMsg(ResponseCode::CommandSyntaxError,
1364 "Usage: firewall set_egress_dest_rule <192.168.0.1> <80> <allow|deny>",
1369 const char* addr = argv[2];
1370 int port = atoi(argv[3]);
1371 FirewallRule rule = parseRule(argv[4]);
1374 res |= sFirewallCtrl->setEgressDestRule(addr, PROTOCOL_TCP, port, rule);
1375 res |= sFirewallCtrl->setEgressDestRule(addr, PROTOCOL_UDP, port, rule);
1376 return sendGenericOkFail(cli, res);
1379 if (!strcmp(argv[1], "set_uid_rule")) {
1381 cli->sendMsg(ResponseCode::CommandSyntaxError,
1382 "Usage: firewall set_uid_rule <dozable|standby|none> <1000> <allow|deny>",
1387 ChildChain childChain = parseChildChain(argv[2]);
1388 if (childChain == INVALID_CHAIN) {
1389 cli->sendMsg(ResponseCode::CommandSyntaxError,
1390 "Invalid chain name. Valid names are: <dozable|standby|none>",
1394 int uid = atoi(argv[3]);
1395 FirewallRule rule = parseRule(argv[4]);
1396 int res = sFirewallCtrl->setUidRule(childChain, uid, rule);
1397 return sendGenericOkFail(cli, res);
1400 if (!strcmp(argv[1], "enable_chain")) {
1402 cli->sendMsg(ResponseCode::CommandSyntaxError,
1403 "Usage: firewall enable_chain <dozable|standby>",
1408 ChildChain childChain = parseChildChain(argv[2]);
1409 int res = sFirewallCtrl->enableChildChains(childChain, true);
1410 return sendGenericOkFail(cli, res);
1413 if (!strcmp(argv[1], "disable_chain")) {
1415 cli->sendMsg(ResponseCode::CommandSyntaxError,
1416 "Usage: firewall disable_chain <dozable|standby>",
1421 ChildChain childChain = parseChildChain(argv[2]);
1422 int res = sFirewallCtrl->enableChildChains(childChain, false);
1423 return sendGenericOkFail(cli, res);
1426 cli->sendMsg(ResponseCode::CommandSyntaxError, "Unknown command", false);
1430 CommandListener::ClatdCmd::ClatdCmd() : NetdCommand("clatd") {
1433 int CommandListener::ClatdCmd::runCommand(SocketClient *cli, int argc,
1437 cli->sendMsg(ResponseCode::CommandSyntaxError, "Missing argument", false);
1441 if (!strcmp(argv[1], "stop")) {
1442 rc = sClatdCtrl->stopClatd(argv[2]);
1443 } else if (!strcmp(argv[1], "status")) {
1445 asprintf(&tmp, "Clatd status: %s", (sClatdCtrl->isClatdStarted(argv[2]) ?
1446 "started" : "stopped"));
1447 cli->sendMsg(ResponseCode::ClatdStatusResult, tmp, false);
1450 } else if (!strcmp(argv[1], "start")) {
1451 rc = sClatdCtrl->startClatd(argv[2]);
1453 cli->sendMsg(ResponseCode::CommandSyntaxError, "Unknown clatd cmd", false);
1458 cli->sendMsg(ResponseCode::CommandOkay, "Clatd operation succeeded", false);
1460 cli->sendMsg(ResponseCode::OperationFailed, "Clatd operation failed", false);
1466 CommandListener::StrictCmd::StrictCmd() :
1467 NetdCommand("strict") {
1470 int CommandListener::StrictCmd::sendGenericOkFail(SocketClient *cli, int cond) {
1472 cli->sendMsg(ResponseCode::CommandOkay, "Strict command succeeded", false);
1474 cli->sendMsg(ResponseCode::OperationFailed, "Strict command failed", false);
1479 StrictPenalty CommandListener::StrictCmd::parsePenalty(const char* arg) {
1480 if (!strcmp(arg, "reject")) {
1482 } else if (!strcmp(arg, "log")) {
1484 } else if (!strcmp(arg, "accept")) {
1491 int CommandListener::StrictCmd::runCommand(SocketClient *cli, int argc,
1494 cli->sendMsg(ResponseCode::CommandSyntaxError, "Missing command", false);
1498 if (!strcmp(argv[1], "enable")) {
1499 int res = sStrictCtrl->enableStrict();
1500 return sendGenericOkFail(cli, res);
1502 if (!strcmp(argv[1], "disable")) {
1503 int res = sStrictCtrl->disableStrict();
1504 return sendGenericOkFail(cli, res);
1507 if (!strcmp(argv[1], "set_uid_cleartext_policy")) {
1509 cli->sendMsg(ResponseCode::CommandSyntaxError,
1510 "Usage: strict set_uid_cleartext_policy <uid> <accept|log|reject>",
1516 unsigned long int uid = strtoul(argv[2], NULL, 0);
1517 if (errno || uid > UID_MAX) {
1518 cli->sendMsg(ResponseCode::CommandSyntaxError, "Invalid UID", false);
1522 StrictPenalty penalty = parsePenalty(argv[3]);
1523 if (penalty == INVALID) {
1524 cli->sendMsg(ResponseCode::CommandSyntaxError, "Invalid penalty argument", false);
1528 int res = sStrictCtrl->setUidCleartextPenalty((uid_t) uid, penalty);
1529 return sendGenericOkFail(cli, res);
1532 cli->sendMsg(ResponseCode::CommandSyntaxError, "Unknown command", false);
1536 CommandListener::NetworkCommand::NetworkCommand() : NetdCommand("network") {
1539 int CommandListener::NetworkCommand::syntaxError(SocketClient* client, const char* message) {
1540 client->sendMsg(ResponseCode::CommandSyntaxError, message, false);
1544 int CommandListener::NetworkCommand::operationError(SocketClient* client, const char* message,
1547 client->sendMsg(ResponseCode::OperationFailed, message, true);
1551 int CommandListener::NetworkCommand::success(SocketClient* client) {
1552 client->sendMsg(ResponseCode::CommandOkay, "success", false);
1556 int CommandListener::NetworkCommand::runCommand(SocketClient* client, int argc, char** argv) {
1558 return syntaxError(client, "Missing argument");
1561 // 0 1 2 3 4 5 6 7 8
1562 // network route [legacy <uid>] add <netId> <interface> <destination> [nexthop]
1563 // network route [legacy <uid>] remove <netId> <interface> <destination> [nexthop]
1565 // nexthop may be either an IPv4/IPv6 address or one of "unreachable" or "throw".
1566 if (!strcmp(argv[1], "route")) {
1567 if (argc < 6 || argc > 9) {
1568 return syntaxError(client, "Incorrect number of arguments");
1572 bool legacy = false;
1574 if (!strcmp(argv[nextArg], "legacy")) {
1577 uid = strtoul(argv[nextArg++], NULL, 0);
1581 if (!strcmp(argv[nextArg], "add")) {
1583 } else if (strcmp(argv[nextArg], "remove")) {
1584 return syntaxError(client, "Unknown argument");
1588 if (argc < nextArg + 3 || argc > nextArg + 4) {
1589 return syntaxError(client, "Incorrect number of arguments");
1592 unsigned netId = stringToNetId(argv[nextArg++]);
1593 const char* interface = argv[nextArg++];
1594 const char* destination = argv[nextArg++];
1595 const char* nexthop = argc > nextArg ? argv[nextArg] : NULL;
1599 ret = sNetCtrl->addRoute(netId, interface, destination, nexthop, legacy, uid);
1601 ret = sNetCtrl->removeRoute(netId, interface, destination, nexthop, legacy, uid);
1604 return operationError(client, add ? "addRoute() failed" : "removeRoute() failed", ret);
1607 return success(client);
1611 // network interface add <netId> <interface>
1612 // network interface remove <netId> <interface>
1613 if (!strcmp(argv[1], "interface")) {
1615 return syntaxError(client, "Missing argument");
1617 unsigned netId = stringToNetId(argv[3]);
1618 if (!strcmp(argv[2], "add")) {
1619 if (int ret = sNetCtrl->addInterfaceToNetwork(netId, argv[4])) {
1620 return operationError(client, "addInterfaceToNetwork() failed", ret);
1622 } else if (!strcmp(argv[2], "remove")) {
1623 if (int ret = sNetCtrl->removeInterfaceFromNetwork(netId, argv[4])) {
1624 return operationError(client, "removeInterfaceFromNetwork() failed", ret);
1627 return syntaxError(client, "Unknown argument");
1629 return success(client);
1633 // network create <netId> [permission]
1636 // network create <netId> vpn <hasDns> <secure>
1637 if (!strcmp(argv[1], "create")) {
1639 return syntaxError(client, "Missing argument");
1641 unsigned netId = stringToNetId(argv[2]);
1642 if (argc == 6 && !strcmp(argv[3], "vpn")) {
1643 bool hasDns = atoi(argv[4]);
1644 bool secure = atoi(argv[5]);
1645 if (int ret = sNetCtrl->createVirtualNetwork(netId, hasDns, secure)) {
1646 return operationError(client, "createVirtualNetwork() failed", ret);
1648 } else if (argc > 4) {
1649 return syntaxError(client, "Unknown trailing argument(s)");
1651 Permission permission = PERMISSION_NONE;
1653 permission = stringToPermission(argv[3]);
1654 if (permission == PERMISSION_NONE) {
1655 return syntaxError(client, "Unknown permission");
1658 if (int ret = sNetCtrl->createPhysicalNetwork(netId, permission)) {
1659 return operationError(client, "createPhysicalNetwork() failed", ret);
1662 return success(client);
1666 // network destroy <netId>
1667 if (!strcmp(argv[1], "destroy")) {
1669 return syntaxError(client, "Incorrect number of arguments");
1671 unsigned netId = stringToNetId(argv[2]);
1672 if (int ret = sNetCtrl->destroyNetwork(netId)) {
1673 return operationError(client, "destroyNetwork() failed", ret);
1675 return success(client);
1679 // network default set <netId>
1680 // network default clear
1681 if (!strcmp(argv[1], "default")) {
1683 return syntaxError(client, "Missing argument");
1685 unsigned netId = NETID_UNSET;
1686 if (!strcmp(argv[2], "set")) {
1688 return syntaxError(client, "Missing netId");
1690 netId = stringToNetId(argv[3]);
1691 } else if (strcmp(argv[2], "clear")) {
1692 return syntaxError(client, "Unknown argument");
1694 if (int ret = sNetCtrl->setDefaultNetwork(netId)) {
1695 return operationError(client, "setDefaultNetwork() failed", ret);
1697 return success(client);
1701 // network permission user set <permission> <uid> ...
1702 // network permission user clear <uid> ...
1703 // network permission network set <permission> <netId> ...
1704 // network permission network clear <netId> ...
1705 if (!strcmp(argv[1], "permission")) {
1707 return syntaxError(client, "Missing argument");
1710 Permission permission = PERMISSION_NONE;
1711 if (!strcmp(argv[3], "set")) {
1712 permission = stringToPermission(argv[4]);
1713 if (permission == PERMISSION_NONE) {
1714 return syntaxError(client, "Unknown permission");
1717 } else if (strcmp(argv[3], "clear")) {
1718 return syntaxError(client, "Unknown argument");
1720 if (nextArg == argc) {
1721 return syntaxError(client, "Missing id");
1724 bool userPermissions = !strcmp(argv[2], "user");
1725 bool networkPermissions = !strcmp(argv[2], "network");
1726 if (!userPermissions && !networkPermissions) {
1727 return syntaxError(client, "Unknown argument");
1730 std::vector<unsigned> ids;
1731 for (; nextArg < argc; ++nextArg) {
1732 if (userPermissions) {
1734 unsigned id = strtoul(argv[nextArg], &endPtr, 0);
1735 if (!*argv[nextArg] || *endPtr) {
1736 return syntaxError(client, "Invalid id");
1740 // networkPermissions
1741 ids.push_back(stringToNetId(argv[nextArg]));
1744 if (userPermissions) {
1745 sNetCtrl->setPermissionForUsers(permission, ids);
1747 // networkPermissions
1748 if (int ret = sNetCtrl->setPermissionForNetworks(permission, ids)) {
1749 return operationError(client, "setPermissionForNetworks() failed", ret);
1753 return success(client);
1757 // network users add <netId> [<uid>[-<uid>]] ...
1758 // network users remove <netId> [<uid>[-<uid>]] ...
1759 if (!strcmp(argv[1], "users")) {
1761 return syntaxError(client, "Missing argument");
1763 unsigned netId = stringToNetId(argv[3]);
1764 UidRanges uidRanges;
1765 if (!uidRanges.parseFrom(argc - 4, argv + 4)) {
1766 return syntaxError(client, "Invalid UIDs");
1768 if (!strcmp(argv[2], "add")) {
1769 if (int ret = sNetCtrl->addUsersToNetwork(netId, uidRanges)) {
1770 return operationError(client, "addUsersToNetwork() failed", ret);
1772 } else if (!strcmp(argv[2], "remove")) {
1773 if (int ret = sNetCtrl->removeUsersFromNetwork(netId, uidRanges)) {
1774 return operationError(client, "removeUsersFromNetwork() failed", ret);
1777 return syntaxError(client, "Unknown argument");
1779 return success(client);
1783 // network protect allow <uid> ...
1784 // network protect deny <uid> ...
1785 if (!strcmp(argv[1], "protect")) {
1787 return syntaxError(client, "Missing argument");
1789 std::vector<uid_t> uids;
1790 for (int i = 3; i < argc; ++i) {
1791 uids.push_back(strtoul(argv[i], NULL, 0));
1793 if (!strcmp(argv[2], "allow")) {
1794 sNetCtrl->allowProtect(uids);
1795 } else if (!strcmp(argv[2], "deny")) {
1796 sNetCtrl->denyProtect(uids);
1798 return syntaxError(client, "Unknown argument");
1800 return success(client);
1803 return syntaxError(client, "Unknown argument");