2 * Copyright (C) 2008 The Android Open Source Project
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 // #define LOG_NDEBUG 0
20 #include <sys/socket.h>
21 #include <sys/types.h>
22 #include <netinet/in.h>
23 #include <arpa/inet.h>
28 #include <resolv_netid.h>
30 #define __STDC_FORMAT_MACROS 1
33 #define LOG_TAG "CommandListener"
35 #include <cutils/log.h>
36 #include <netutils/ifc.h>
37 #include <sysutils/SocketClient.h>
39 #include "CommandListener.h"
40 #include "ResponseCode.h"
41 #include "BandwidthController.h"
42 #include "IdletimerController.h"
43 #include "oem_iptables_hook.h"
44 #include "NetdConstants.h"
45 #include "FirewallController.h"
46 #include "RouteController.h"
47 #include "UidRanges.h"
54 const unsigned NUM_OEM_IDS = NetworkController::MAX_OEM_ID - NetworkController::MIN_OEM_ID + 1;
56 Permission stringToPermission(const char* arg) {
57 if (!strcmp(arg, "android.permission.CHANGE_NETWORK_STATE")) {
58 return PERMISSION_NETWORK;
60 if (!strcmp(arg, "android.permission.CONNECTIVITY_INTERNAL")) {
61 return PERMISSION_SYSTEM;
63 return PERMISSION_NONE;
66 unsigned stringToNetId(const char* arg) {
67 if (!strcmp(arg, "local")) {
68 return NetworkController::LOCAL_NET_ID;
70 // OEM NetIds are "oem1", "oem2", .., "oem50".
71 if (!strncmp(arg, "oem", 3)) {
72 unsigned n = strtoul(arg + 3, NULL, 0);
73 if (1 <= n && n <= NUM_OEM_IDS) {
74 return NetworkController::MIN_OEM_ID + n;
78 // strtoul() returns 0 on errors, which is fine because 0 is an invalid netId.
79 return strtoul(arg, NULL, 0);
84 NetworkController *CommandListener::sNetCtrl = NULL;
85 TetherController *CommandListener::sTetherCtrl = NULL;
86 NatController *CommandListener::sNatCtrl = NULL;
87 PppController *CommandListener::sPppCtrl = NULL;
88 SoftapController *CommandListener::sSoftapCtrl = NULL;
89 BandwidthController * CommandListener::sBandwidthCtrl = NULL;
90 IdletimerController * CommandListener::sIdletimerCtrl = NULL;
91 InterfaceController *CommandListener::sInterfaceCtrl = NULL;
92 ResolverController *CommandListener::sResolverCtrl = NULL;
93 FirewallController *CommandListener::sFirewallCtrl = NULL;
94 ClatdController *CommandListener::sClatdCtrl = NULL;
97 * List of module chains to be created, along with explicit ordering. ORDERING
98 * IS CRITICAL, AND SHOULD BE TRIPLE-CHECKED WITH EACH CHANGE.
100 static const char* FILTER_INPUT[] = {
101 // Bandwidth should always be early in input chain, to make sure we
102 // correctly count incoming traffic against data plan.
103 BandwidthController::LOCAL_INPUT,
104 FirewallController::LOCAL_INPUT,
108 static const char* FILTER_FORWARD[] = {
109 OEM_IPTABLES_FILTER_FORWARD,
110 FirewallController::LOCAL_FORWARD,
111 BandwidthController::LOCAL_FORWARD,
112 NatController::LOCAL_FORWARD,
116 static const char* FILTER_OUTPUT[] = {
117 OEM_IPTABLES_FILTER_OUTPUT,
118 FirewallController::LOCAL_OUTPUT,
119 BandwidthController::LOCAL_OUTPUT,
123 static const char* RAW_PREROUTING[] = {
124 BandwidthController::LOCAL_RAW_PREROUTING,
125 IdletimerController::LOCAL_RAW_PREROUTING,
129 static const char* MANGLE_POSTROUTING[] = {
130 BandwidthController::LOCAL_MANGLE_POSTROUTING,
131 IdletimerController::LOCAL_MANGLE_POSTROUTING,
135 static const char* MANGLE_FORWARD[] = {
136 NatController::LOCAL_MANGLE_FORWARD,
140 static const char* NAT_PREROUTING[] = {
141 OEM_IPTABLES_NAT_PREROUTING,
145 static const char* NAT_POSTROUTING[] = {
146 NatController::LOCAL_NAT_POSTROUTING,
150 static void createChildChains(IptablesTarget target, const char* table, const char* parentChain,
151 const char** childChains) {
152 const char** childChain = childChains;
154 // Order is important:
155 // -D to delete any pre-existing jump rule (removes references
156 // that would prevent -X from working)
157 // -F to flush any existing chain
158 // -X to delete any existing chain
159 // -N to create the chain
160 // -A to append the chain to parent
162 execIptablesSilently(target, "-t", table, "-D", parentChain, "-j", *childChain, NULL);
163 execIptablesSilently(target, "-t", table, "-F", *childChain, NULL);
164 execIptablesSilently(target, "-t", table, "-X", *childChain, NULL);
165 execIptables(target, "-t", table, "-N", *childChain, NULL);
166 execIptables(target, "-t", table, "-A", parentChain, "-j", *childChain, NULL);
167 } while (*(++childChain) != NULL);
170 CommandListener::CommandListener() :
171 FrameworkListener("netd", true) {
172 registerCmd(new InterfaceCmd());
173 registerCmd(new IpFwdCmd());
174 registerCmd(new TetherCmd());
175 registerCmd(new NatCmd());
176 registerCmd(new ListTtysCmd());
177 registerCmd(new PppdCmd());
178 registerCmd(new SoftapCmd());
179 registerCmd(new BandwidthControlCmd());
180 registerCmd(new IdletimerControlCmd());
181 registerCmd(new ResolverCmd());
182 registerCmd(new FirewallCmd());
183 registerCmd(new ClatdCmd());
184 registerCmd(new NetworkCommand());
187 sNetCtrl = new NetworkController();
189 sTetherCtrl = new TetherController();
191 sNatCtrl = new NatController();
193 sPppCtrl = new PppController();
195 sSoftapCtrl = new SoftapController();
197 sBandwidthCtrl = new BandwidthController();
199 sIdletimerCtrl = new IdletimerController();
201 sResolverCtrl = new ResolverController();
203 sFirewallCtrl = new FirewallController();
205 sInterfaceCtrl = new InterfaceController();
207 sClatdCtrl = new ClatdController(sNetCtrl);
210 * This is the only time we touch top-level chains in iptables; controllers
211 * should only mutate rules inside of their children chains, as created by
212 * the constants above.
214 * Modules should never ACCEPT packets (except in well-justified cases);
215 * they should instead defer to any remaining modules using RETURN, or
216 * otherwise DROP/REJECT.
219 // Create chains for children modules
220 createChildChains(V4V6, "filter", "INPUT", FILTER_INPUT);
221 createChildChains(V4V6, "filter", "FORWARD", FILTER_FORWARD);
222 createChildChains(V4V6, "filter", "OUTPUT", FILTER_OUTPUT);
223 createChildChains(V4V6, "raw", "PREROUTING", RAW_PREROUTING);
224 createChildChains(V4V6, "mangle", "POSTROUTING", MANGLE_POSTROUTING);
225 createChildChains(V4, "mangle", "FORWARD", MANGLE_FORWARD);
226 createChildChains(V4, "nat", "PREROUTING", NAT_PREROUTING);
227 createChildChains(V4, "nat", "POSTROUTING", NAT_POSTROUTING);
229 // Let each module setup their child chains
230 setupOemIptablesHook();
232 /* When enabled, DROPs all packets except those matching rules. */
233 sFirewallCtrl->setupIptablesHooks();
235 /* Does DROPs in FORWARD by default */
236 sNatCtrl->setupIptablesHooks();
238 * Does REJECT in INPUT, OUTPUT. Does counting also.
239 * No DROP/REJECT allowed later in netfilter-flow hook order.
241 sBandwidthCtrl->setupIptablesHooks();
243 * Counts in nat: PREROUTING, POSTROUTING.
244 * No DROP/REJECT allowed later in netfilter-flow hook order.
246 sIdletimerCtrl->setupIptablesHooks();
248 sBandwidthCtrl->enableBandwidthControl(false);
250 if (int ret = RouteController::Init(NetworkController::LOCAL_NET_ID)) {
251 ALOGE("failed to initialize RouteController (%s)", strerror(-ret));
255 CommandListener::InterfaceCmd::InterfaceCmd() :
256 NetdCommand("interface") {
259 int CommandListener::InterfaceCmd::runCommand(SocketClient *cli,
260 int argc, char **argv) {
262 cli->sendMsg(ResponseCode::CommandSyntaxError, "Missing argument", false);
266 if (!strcmp(argv[1], "list")) {
270 if (!(d = opendir("/sys/class/net"))) {
271 cli->sendMsg(ResponseCode::OperationFailed, "Failed to open sysfs dir", true);
275 while((de = readdir(d))) {
276 if (de->d_name[0] == '.')
278 cli->sendMsg(ResponseCode::InterfaceListResult, de->d_name, false);
281 cli->sendMsg(ResponseCode::CommandOkay, "Interface list completed", false);
285 * These commands take a minimum of 3 arguments
288 cli->sendMsg(ResponseCode::CommandSyntaxError, "Missing argument", false);
292 if (!strcmp(argv[1], "getcfg")) {
295 unsigned char hwaddr[6];
299 memset(hwaddr, 0, sizeof(hwaddr));
301 if (ifc_get_info(argv[2], &addr.s_addr, &prefixLength, &flags)) {
302 cli->sendMsg(ResponseCode::OperationFailed, "Interface not found", true);
307 if (ifc_get_hwaddr(argv[2], (void *) hwaddr)) {
308 ALOGW("Failed to retrieve HW addr for %s (%s)", argv[2], strerror(errno));
311 char *addr_s = strdup(inet_ntoa(addr));
312 const char *updown, *brdcst, *loopbk, *ppp, *running, *multi;
314 updown = (flags & IFF_UP) ? "up" : "down";
315 brdcst = (flags & IFF_BROADCAST) ? " broadcast" : "";
316 loopbk = (flags & IFF_LOOPBACK) ? " loopback" : "";
317 ppp = (flags & IFF_POINTOPOINT) ? " point-to-point" : "";
318 running = (flags & IFF_RUNNING) ? " running" : "";
319 multi = (flags & IFF_MULTICAST) ? " multicast" : "";
323 asprintf(&flag_s, "%s%s%s%s%s%s", updown, brdcst, loopbk, ppp, running, multi);
326 asprintf(&msg, "%.2x:%.2x:%.2x:%.2x:%.2x:%.2x %s %d %s",
327 hwaddr[0], hwaddr[1], hwaddr[2], hwaddr[3], hwaddr[4], hwaddr[5],
328 addr_s, prefixLength, flag_s);
330 cli->sendMsg(ResponseCode::InterfaceGetCfgResult, msg, false);
338 } else if (!strcmp(argv[1], "setcfg")) {
339 // arglist: iface [addr prefixLength] flags
341 cli->sendMsg(ResponseCode::CommandSyntaxError, "Missing argument", false);
344 ALOGD("Setting iface cfg");
351 if (!inet_aton(argv[3], &addr)) {
352 // Handle flags only case
355 if (ifc_set_addr(argv[2], addr.s_addr)) {
356 cli->sendMsg(ResponseCode::OperationFailed, "Failed to set address", true);
361 // Set prefix length on a non zero address
362 if (addr.s_addr != 0 && ifc_set_prefixLength(argv[2], atoi(argv[4]))) {
363 cli->sendMsg(ResponseCode::OperationFailed, "Failed to set prefixLength", true);
370 for (int i = index; i < argc; i++) {
371 char *flag = argv[i];
372 if (!strcmp(flag, "up")) {
373 ALOGD("Trying to bring up %s", argv[2]);
374 if (ifc_up(argv[2])) {
375 ALOGE("Error upping interface");
376 cli->sendMsg(ResponseCode::OperationFailed, "Failed to up interface", true);
380 } else if (!strcmp(flag, "down")) {
381 ALOGD("Trying to bring down %s", argv[2]);
382 if (ifc_down(argv[2])) {
383 ALOGE("Error downing interface");
384 cli->sendMsg(ResponseCode::OperationFailed, "Failed to down interface", true);
388 } else if (!strcmp(flag, "broadcast")) {
390 } else if (!strcmp(flag, "multicast")) {
392 } else if (!strcmp(flag, "running")) {
394 } else if (!strcmp(flag, "loopback")) {
396 } else if (!strcmp(flag, "point-to-point")) {
399 cli->sendMsg(ResponseCode::CommandParameterError, "Flag unsupported", false);
405 cli->sendMsg(ResponseCode::CommandOkay, "Interface configuration set", false);
408 } else if (!strcmp(argv[1], "clearaddrs")) {
410 ALOGD("Clearing all IP addresses on %s", argv[2]);
412 ifc_clear_addresses(argv[2]);
414 cli->sendMsg(ResponseCode::CommandOkay, "Interface IP addresses cleared", false);
416 } else if (!strcmp(argv[1], "ipv6privacyextensions")) {
418 cli->sendMsg(ResponseCode::CommandSyntaxError,
419 "Usage: interface ipv6privacyextensions <interface> <enable|disable>",
423 int enable = !strncmp(argv[3], "enable", 7);
424 if (sInterfaceCtrl->setIPv6PrivacyExtensions(argv[2], enable) == 0) {
425 cli->sendMsg(ResponseCode::CommandOkay, "IPv6 privacy extensions changed", false);
427 cli->sendMsg(ResponseCode::OperationFailed,
428 "Failed to set ipv6 privacy extensions", true);
431 } else if (!strcmp(argv[1], "ipv6")) {
433 cli->sendMsg(ResponseCode::CommandSyntaxError,
434 "Usage: interface ipv6 <interface> <enable|disable>",
439 int enable = !strncmp(argv[3], "enable", 7);
440 if (sInterfaceCtrl->setEnableIPv6(argv[2], enable) == 0) {
441 cli->sendMsg(ResponseCode::CommandOkay, "IPv6 state changed", false);
443 cli->sendMsg(ResponseCode::OperationFailed,
444 "Failed to change IPv6 state", true);
447 } else if (!strcmp(argv[1], "setmtu")) {
449 cli->sendMsg(ResponseCode::CommandSyntaxError,
450 "Usage: interface setmtu <interface> <val>", false);
453 if (sInterfaceCtrl->setMtu(argv[2], argv[3]) == 0) {
454 cli->sendMsg(ResponseCode::CommandOkay, "MTU changed", false);
456 cli->sendMsg(ResponseCode::OperationFailed,
457 "Failed to get MTU", true);
461 cli->sendMsg(ResponseCode::CommandSyntaxError, "Unknown interface cmd", false);
469 CommandListener::ListTtysCmd::ListTtysCmd() :
470 NetdCommand("list_ttys") {
473 int CommandListener::ListTtysCmd::runCommand(SocketClient *cli,
474 int /* argc */, char ** /* argv */) {
475 TtyCollection *tlist = sPppCtrl->getTtyList();
476 TtyCollection::iterator it;
478 for (it = tlist->begin(); it != tlist->end(); ++it) {
479 cli->sendMsg(ResponseCode::TtyListResult, *it, false);
482 cli->sendMsg(ResponseCode::CommandOkay, "Ttys listed.", false);
486 CommandListener::IpFwdCmd::IpFwdCmd() :
487 NetdCommand("ipfwd") {
490 int CommandListener::IpFwdCmd::runCommand(SocketClient *cli,
491 int argc, char **argv) {
495 cli->sendMsg(ResponseCode::CommandSyntaxError, "Missing argument", false);
499 if (!strcmp(argv[1], "status")) {
502 asprintf(&tmp, "Forwarding %s", (sTetherCtrl->getIpFwdEnabled() ? "enabled" : "disabled"));
503 cli->sendMsg(ResponseCode::IpFwdStatusResult, tmp, false);
506 } else if (!strcmp(argv[1], "enable")) {
507 rc = sTetherCtrl->setIpFwdEnabled(true);
508 } else if (!strcmp(argv[1], "disable")) {
509 rc = sTetherCtrl->setIpFwdEnabled(false);
511 cli->sendMsg(ResponseCode::CommandSyntaxError, "Unknown ipfwd cmd", false);
516 cli->sendMsg(ResponseCode::CommandOkay, "ipfwd operation succeeded", false);
518 cli->sendMsg(ResponseCode::OperationFailed, "ipfwd operation failed", true);
524 CommandListener::TetherCmd::TetherCmd() :
525 NetdCommand("tether") {
528 int CommandListener::TetherCmd::runCommand(SocketClient *cli,
529 int argc, char **argv) {
533 cli->sendMsg(ResponseCode::CommandSyntaxError, "Missing argument", false);
537 if (!strcmp(argv[1], "stop")) {
538 rc = sTetherCtrl->stopTethering();
539 } else if (!strcmp(argv[1], "status")) {
542 asprintf(&tmp, "Tethering services %s",
543 (sTetherCtrl->isTetheringStarted() ? "started" : "stopped"));
544 cli->sendMsg(ResponseCode::TetherStatusResult, tmp, false);
547 } else if (argc == 3) {
548 if (!strcmp(argv[1], "interface") && !strcmp(argv[2], "list")) {
549 InterfaceCollection *ilist = sTetherCtrl->getTetheredInterfaceList();
550 InterfaceCollection::iterator it;
551 for (it = ilist->begin(); it != ilist->end(); ++it) {
552 cli->sendMsg(ResponseCode::TetherInterfaceListResult, *it, false);
554 } else if (!strcmp(argv[1], "dns") && !strcmp(argv[2], "list")) {
555 char netIdStr[UINT32_STRLEN];
556 snprintf(netIdStr, sizeof(netIdStr), "%u", sTetherCtrl->getDnsNetId());
557 cli->sendMsg(ResponseCode::TetherDnsFwdNetIdResult, netIdStr, false);
559 NetAddressCollection *dlist = sTetherCtrl->getDnsForwarders();
560 NetAddressCollection::iterator it;
562 for (it = dlist->begin(); it != dlist->end(); ++it) {
563 cli->sendMsg(ResponseCode::TetherDnsFwdTgtListResult, inet_ntoa(*it), false);
568 * These commands take a minimum of 4 arguments
571 cli->sendMsg(ResponseCode::CommandSyntaxError, "Missing argument", false);
575 if (!strcmp(argv[1], "start")) {
577 cli->sendMsg(ResponseCode::CommandSyntaxError, "Bad number of arguments", false);
581 int num_addrs = argc - 2;
584 in_addr *addrs = (in_addr *)malloc(sizeof(in_addr) * num_addrs);
585 while (array_index < num_addrs) {
586 if (!inet_aton(argv[arg_index++], &(addrs[array_index++]))) {
587 cli->sendMsg(ResponseCode::CommandParameterError, "Invalid address", false);
592 rc = sTetherCtrl->startTethering(num_addrs, addrs);
594 } else if (!strcmp(argv[1], "interface")) {
595 if (!strcmp(argv[2], "add")) {
596 rc = sTetherCtrl->tetherInterface(argv[3]);
597 } else if (!strcmp(argv[2], "remove")) {
598 rc = sTetherCtrl->untetherInterface(argv[3]);
599 /* else if (!strcmp(argv[2], "list")) handled above */
601 cli->sendMsg(ResponseCode::CommandParameterError,
602 "Unknown tether interface operation", false);
605 } else if (!strcmp(argv[1], "dns")) {
606 if (!strcmp(argv[2], "set")) {
608 cli->sendMsg(ResponseCode::CommandSyntaxError, "Missing argument", false);
611 unsigned netId = stringToNetId(argv[3]);
612 rc = sTetherCtrl->setDnsForwarders(netId, &argv[4], argc - 4);
613 /* else if (!strcmp(argv[2], "list")) handled above */
615 cli->sendMsg(ResponseCode::CommandParameterError,
616 "Unknown tether interface operation", false);
620 cli->sendMsg(ResponseCode::CommandSyntaxError, "Unknown tether cmd", false);
626 cli->sendMsg(ResponseCode::CommandOkay, "Tether operation succeeded", false);
628 cli->sendMsg(ResponseCode::OperationFailed, "Tether operation failed", true);
634 CommandListener::NatCmd::NatCmd() :
638 int CommandListener::NatCmd::runCommand(SocketClient *cli,
639 int argc, char **argv) {
643 cli->sendMsg(ResponseCode::CommandSyntaxError, "Missing argument", false);
648 // nat enable intiface extiface
649 // nat disable intiface extiface
650 if (!strcmp(argv[1], "enable") && argc >= 4) {
651 rc = sNatCtrl->enableNat(argv[2], argv[3]);
653 /* Ignore ifaces for now. */
654 rc = sBandwidthCtrl->setGlobalAlertInForwardChain();
656 } else if (!strcmp(argv[1], "disable") && argc >= 4) {
657 /* Ignore ifaces for now. */
658 rc = sBandwidthCtrl->removeGlobalAlertInForwardChain();
659 rc |= sNatCtrl->disableNat(argv[2], argv[3]);
661 cli->sendMsg(ResponseCode::CommandSyntaxError, "Unknown nat cmd", false);
666 cli->sendMsg(ResponseCode::CommandOkay, "Nat operation succeeded", false);
668 cli->sendMsg(ResponseCode::OperationFailed, "Nat operation failed", true);
674 CommandListener::PppdCmd::PppdCmd() :
675 NetdCommand("pppd") {
678 int CommandListener::PppdCmd::runCommand(SocketClient *cli,
679 int argc, char **argv) {
683 cli->sendMsg(ResponseCode::CommandSyntaxError, "Missing argument", false);
687 if (!strcmp(argv[1], "attach")) {
688 struct in_addr l, r, dns1, dns2;
690 memset(&dns1, 0, sizeof(struct in_addr));
691 memset(&dns2, 0, sizeof(struct in_addr));
693 if (!inet_aton(argv[3], &l)) {
694 cli->sendMsg(ResponseCode::CommandParameterError, "Invalid local address", false);
697 if (!inet_aton(argv[4], &r)) {
698 cli->sendMsg(ResponseCode::CommandParameterError, "Invalid remote address", false);
701 if ((argc > 3) && (!inet_aton(argv[5], &dns1))) {
702 cli->sendMsg(ResponseCode::CommandParameterError, "Invalid dns1 address", false);
705 if ((argc > 4) && (!inet_aton(argv[6], &dns2))) {
706 cli->sendMsg(ResponseCode::CommandParameterError, "Invalid dns2 address", false);
709 rc = sPppCtrl->attachPppd(argv[2], l, r, dns1, dns2);
710 } else if (!strcmp(argv[1], "detach")) {
711 rc = sPppCtrl->detachPppd(argv[2]);
713 cli->sendMsg(ResponseCode::CommandSyntaxError, "Unknown pppd cmd", false);
718 cli->sendMsg(ResponseCode::CommandOkay, "Pppd operation succeeded", false);
720 cli->sendMsg(ResponseCode::OperationFailed, "Pppd operation failed", true);
726 CommandListener::SoftapCmd::SoftapCmd() :
727 NetdCommand("softap") {
730 int CommandListener::SoftapCmd::runCommand(SocketClient *cli,
731 int argc, char **argv) {
732 int rc = ResponseCode::SoftapStatusResult;
735 if (sSoftapCtrl == NULL) {
736 cli->sendMsg(ResponseCode::ServiceStartFailed, "SoftAP is not available", false);
740 cli->sendMsg(ResponseCode::CommandSyntaxError,
741 "Missing argument in a SoftAP command", false);
745 if (!strcmp(argv[1], "startap")) {
746 rc = sSoftapCtrl->startSoftap();
747 } else if (!strcmp(argv[1], "stopap")) {
748 rc = sSoftapCtrl->stopSoftap();
749 } else if (!strcmp(argv[1], "fwreload")) {
750 rc = sSoftapCtrl->fwReloadSoftap(argc, argv);
751 } else if (!strcmp(argv[1], "status")) {
752 asprintf(&retbuf, "Softap service %s running",
753 (sSoftapCtrl->isSoftapStarted() ? "is" : "is not"));
754 cli->sendMsg(rc, retbuf, false);
757 } else if (!strcmp(argv[1], "set")) {
758 rc = sSoftapCtrl->setSoftap(argc, argv);
760 cli->sendMsg(ResponseCode::CommandSyntaxError, "Unrecognized SoftAP command", false);
764 if (rc >= 400 && rc < 600)
765 cli->sendMsg(rc, "SoftAP command has failed", false);
767 cli->sendMsg(rc, "Ok", false);
772 CommandListener::ResolverCmd::ResolverCmd() :
773 NetdCommand("resolver") {
776 int CommandListener::ResolverCmd::runCommand(SocketClient *cli, int argc, char **margv) {
778 const char **argv = const_cast<const char **>(margv);
781 cli->sendMsg(ResponseCode::CommandSyntaxError, "Resolver missing arguments", false);
785 if (!strcmp(argv[1], "setnetdns")) {
786 // "resolver setnetdns <netId> <domains> <dns1> <dns2> ..."
788 rc = sResolverCtrl->setDnsServers(strtoul(argv[2], NULL, 0), argv[3], &argv[4], argc - 4);
790 cli->sendMsg(ResponseCode::CommandSyntaxError,
791 "Wrong number of arguments to resolver setnetdns", false);
794 } else if (!strcmp(argv[1], "flushnet")) { // "resolver flushnet <netId>"
796 rc = sResolverCtrl->flushDnsCache(strtoul(argv[2], NULL, 0));
798 cli->sendMsg(ResponseCode::CommandSyntaxError,
799 "Wrong number of arguments to resolver flushnet", false);
803 cli->sendMsg(ResponseCode::CommandSyntaxError,"Resolver unknown command", false);
808 cli->sendMsg(ResponseCode::CommandOkay, "Resolver command succeeded", false);
810 cli->sendMsg(ResponseCode::OperationFailed, "Resolver command failed", true);
816 CommandListener::BandwidthControlCmd::BandwidthControlCmd() :
817 NetdCommand("bandwidth") {
820 void CommandListener::BandwidthControlCmd::sendGenericSyntaxError(SocketClient *cli, const char *usageMsg) {
822 asprintf(&msg, "Usage: bandwidth %s", usageMsg);
823 cli->sendMsg(ResponseCode::CommandSyntaxError, msg, false);
827 void CommandListener::BandwidthControlCmd::sendGenericOkFail(SocketClient *cli, int cond) {
829 cli->sendMsg(ResponseCode::CommandOkay, "Bandwidth command succeeeded", false);
831 cli->sendMsg(ResponseCode::OperationFailed, "Bandwidth command failed", false);
835 void CommandListener::BandwidthControlCmd::sendGenericOpFailed(SocketClient *cli, const char *errMsg) {
836 cli->sendMsg(ResponseCode::OperationFailed, errMsg, false);
839 int CommandListener::BandwidthControlCmd::runCommand(SocketClient *cli, int argc, char **argv) {
841 sendGenericSyntaxError(cli, "<cmds> <args...>");
845 ALOGV("bwctrlcmd: argc=%d %s %s ...", argc, argv[0], argv[1]);
847 if (!strcmp(argv[1], "enable")) {
848 int rc = sBandwidthCtrl->enableBandwidthControl(true);
849 sendGenericOkFail(cli, rc);
853 if (!strcmp(argv[1], "disable")) {
854 int rc = sBandwidthCtrl->disableBandwidthControl();
855 sendGenericOkFail(cli, rc);
859 if (!strcmp(argv[1], "removequota") || !strcmp(argv[1], "rq")) {
861 sendGenericSyntaxError(cli, "removequota <interface>");
864 int rc = sBandwidthCtrl->removeInterfaceSharedQuota(argv[2]);
865 sendGenericOkFail(cli, rc);
869 if (!strcmp(argv[1], "getquota") || !strcmp(argv[1], "gq")) {
872 sendGenericSyntaxError(cli, "getquota");
875 int rc = sBandwidthCtrl->getInterfaceSharedQuota(&bytes);
877 sendGenericOpFailed(cli, "Failed to get quota");
882 asprintf(&msg, "%" PRId64, bytes);
883 cli->sendMsg(ResponseCode::QuotaCounterResult, msg, false);
888 if (!strcmp(argv[1], "getiquota") || !strcmp(argv[1], "giq")) {
891 sendGenericSyntaxError(cli, "getiquota <iface>");
895 int rc = sBandwidthCtrl->getInterfaceQuota(argv[2], &bytes);
897 sendGenericOpFailed(cli, "Failed to get quota");
901 asprintf(&msg, "%" PRId64, bytes);
902 cli->sendMsg(ResponseCode::QuotaCounterResult, msg, false);
907 if (!strcmp(argv[1], "setquota") || !strcmp(argv[1], "sq")) {
909 sendGenericSyntaxError(cli, "setquota <interface> <bytes>");
912 int rc = sBandwidthCtrl->setInterfaceSharedQuota(argv[2], atoll(argv[3]));
913 sendGenericOkFail(cli, rc);
916 if (!strcmp(argv[1], "setquotas") || !strcmp(argv[1], "sqs")) {
919 sendGenericSyntaxError(cli, "setquotas <bytes> <interface> ...");
923 for (int q = 3; argc >= 4; q++, argc--) {
924 rc = sBandwidthCtrl->setInterfaceSharedQuota(argv[q], atoll(argv[2]));
927 asprintf(&msg, "bandwidth setquotas %s %s failed", argv[2], argv[q]);
928 cli->sendMsg(ResponseCode::OperationFailed,
934 sendGenericOkFail(cli, rc);
938 if (!strcmp(argv[1], "removequotas") || !strcmp(argv[1], "rqs")) {
941 sendGenericSyntaxError(cli, "removequotas <interface> ...");
945 for (int q = 2; argc >= 3; q++, argc--) {
946 rc = sBandwidthCtrl->removeInterfaceSharedQuota(argv[q]);
949 asprintf(&msg, "bandwidth removequotas %s failed", argv[q]);
950 cli->sendMsg(ResponseCode::OperationFailed,
956 sendGenericOkFail(cli, rc);
960 if (!strcmp(argv[1], "removeiquota") || !strcmp(argv[1], "riq")) {
962 sendGenericSyntaxError(cli, "removeiquota <interface>");
965 int rc = sBandwidthCtrl->removeInterfaceQuota(argv[2]);
966 sendGenericOkFail(cli, rc);
970 if (!strcmp(argv[1], "setiquota") || !strcmp(argv[1], "siq")) {
972 sendGenericSyntaxError(cli, "setiquota <interface> <bytes>");
975 int rc = sBandwidthCtrl->setInterfaceQuota(argv[2], atoll(argv[3]));
976 sendGenericOkFail(cli, rc);
980 if (!strcmp(argv[1], "addnaughtyapps") || !strcmp(argv[1], "ana")) {
982 sendGenericSyntaxError(cli, "addnaughtyapps <appUid> ...");
985 int rc = sBandwidthCtrl->addNaughtyApps(argc - 2, argv + 2);
986 sendGenericOkFail(cli, rc);
991 if (!strcmp(argv[1], "removenaughtyapps") || !strcmp(argv[1], "rna")) {
993 sendGenericSyntaxError(cli, "removenaughtyapps <appUid> ...");
996 int rc = sBandwidthCtrl->removeNaughtyApps(argc - 2, argv + 2);
997 sendGenericOkFail(cli, rc);
1000 if (!strcmp(argv[1], "happybox")) {
1002 sendGenericSyntaxError(cli, "happybox (enable | disable)");
1005 if (!strcmp(argv[2], "enable")) {
1006 int rc = sBandwidthCtrl->enableHappyBox();
1007 sendGenericOkFail(cli, rc);
1011 if (!strcmp(argv[2], "disable")) {
1012 int rc = sBandwidthCtrl->disableHappyBox();
1013 sendGenericOkFail(cli, rc);
1016 sendGenericSyntaxError(cli, "happybox (enable | disable)");
1019 if (!strcmp(argv[1], "addniceapps") || !strcmp(argv[1], "aha")) {
1021 sendGenericSyntaxError(cli, "addniceapps <appUid> ...");
1024 int rc = sBandwidthCtrl->addNiceApps(argc - 2, argv + 2);
1025 sendGenericOkFail(cli, rc);
1028 if (!strcmp(argv[1], "removeniceapps") || !strcmp(argv[1], "rha")) {
1030 sendGenericSyntaxError(cli, "removeniceapps <appUid> ...");
1033 int rc = sBandwidthCtrl->removeNiceApps(argc - 2, argv + 2);
1034 sendGenericOkFail(cli, rc);
1037 if (!strcmp(argv[1], "setglobalalert") || !strcmp(argv[1], "sga")) {
1039 sendGenericSyntaxError(cli, "setglobalalert <bytes>");
1042 int rc = sBandwidthCtrl->setGlobalAlert(atoll(argv[2]));
1043 sendGenericOkFail(cli, rc);
1046 if (!strcmp(argv[1], "debugsettetherglobalalert") || !strcmp(argv[1], "dstga")) {
1048 sendGenericSyntaxError(cli, "debugsettetherglobalalert <interface0> <interface1>");
1051 /* We ignore the interfaces for now. */
1052 int rc = sBandwidthCtrl->setGlobalAlertInForwardChain();
1053 sendGenericOkFail(cli, rc);
1057 if (!strcmp(argv[1], "removeglobalalert") || !strcmp(argv[1], "rga")) {
1059 sendGenericSyntaxError(cli, "removeglobalalert");
1062 int rc = sBandwidthCtrl->removeGlobalAlert();
1063 sendGenericOkFail(cli, rc);
1067 if (!strcmp(argv[1], "debugremovetetherglobalalert") || !strcmp(argv[1], "drtga")) {
1069 sendGenericSyntaxError(cli, "debugremovetetherglobalalert <interface0> <interface1>");
1072 /* We ignore the interfaces for now. */
1073 int rc = sBandwidthCtrl->removeGlobalAlertInForwardChain();
1074 sendGenericOkFail(cli, rc);
1078 if (!strcmp(argv[1], "setsharedalert") || !strcmp(argv[1], "ssa")) {
1080 sendGenericSyntaxError(cli, "setsharedalert <bytes>");
1083 int rc = sBandwidthCtrl->setSharedAlert(atoll(argv[2]));
1084 sendGenericOkFail(cli, rc);
1088 if (!strcmp(argv[1], "removesharedalert") || !strcmp(argv[1], "rsa")) {
1090 sendGenericSyntaxError(cli, "removesharedalert");
1093 int rc = sBandwidthCtrl->removeSharedAlert();
1094 sendGenericOkFail(cli, rc);
1098 if (!strcmp(argv[1], "setinterfacealert") || !strcmp(argv[1], "sia")) {
1100 sendGenericSyntaxError(cli, "setinterfacealert <interface> <bytes>");
1103 int rc = sBandwidthCtrl->setInterfaceAlert(argv[2], atoll(argv[3]));
1104 sendGenericOkFail(cli, rc);
1108 if (!strcmp(argv[1], "removeinterfacealert") || !strcmp(argv[1], "ria")) {
1110 sendGenericSyntaxError(cli, "removeinterfacealert <interface>");
1113 int rc = sBandwidthCtrl->removeInterfaceAlert(argv[2]);
1114 sendGenericOkFail(cli, rc);
1118 if (!strcmp(argv[1], "gettetherstats") || !strcmp(argv[1], "gts")) {
1119 BandwidthController::TetherStats tetherStats;
1120 std::string extraProcessingInfo = "";
1121 if (argc < 2 || argc > 4) {
1122 sendGenericSyntaxError(cli, "gettetherstats [<intInterface> <extInterface>]");
1125 tetherStats.intIface = argc > 2 ? argv[2] : "";
1126 tetherStats.extIface = argc > 3 ? argv[3] : "";
1127 // No filtering requested and there are no interface pairs to lookup.
1128 if (argc <= 2 && sNatCtrl->ifacePairList.empty()) {
1129 cli->sendMsg(ResponseCode::CommandOkay, "Tethering stats list completed", false);
1132 int rc = sBandwidthCtrl->getTetherStats(cli, tetherStats, extraProcessingInfo);
1134 extraProcessingInfo.insert(0, "Failed to get tethering stats.\n");
1135 sendGenericOpFailed(cli, extraProcessingInfo.c_str());
1142 cli->sendMsg(ResponseCode::CommandSyntaxError, "Unknown bandwidth cmd", false);
1146 CommandListener::IdletimerControlCmd::IdletimerControlCmd() :
1147 NetdCommand("idletimer") {
1150 int CommandListener::IdletimerControlCmd::runCommand(SocketClient *cli, int argc, char **argv) {
1151 // TODO(ashish): Change the error statements
1153 cli->sendMsg(ResponseCode::CommandSyntaxError, "Missing argument", false);
1157 ALOGV("idletimerctrlcmd: argc=%d %s %s ...", argc, argv[0], argv[1]);
1159 if (!strcmp(argv[1], "enable")) {
1160 if (0 != sIdletimerCtrl->enableIdletimerControl()) {
1161 cli->sendMsg(ResponseCode::CommandSyntaxError, "Missing argument", false);
1163 cli->sendMsg(ResponseCode::CommandOkay, "Enable success", false);
1168 if (!strcmp(argv[1], "disable")) {
1169 if (0 != sIdletimerCtrl->disableIdletimerControl()) {
1170 cli->sendMsg(ResponseCode::CommandSyntaxError, "Missing argument", false);
1172 cli->sendMsg(ResponseCode::CommandOkay, "Disable success", false);
1176 if (!strcmp(argv[1], "add")) {
1178 cli->sendMsg(ResponseCode::CommandSyntaxError, "Missing argument", false);
1181 if(0 != sIdletimerCtrl->addInterfaceIdletimer(
1182 argv[2], atoi(argv[3]), argv[4])) {
1183 cli->sendMsg(ResponseCode::OperationFailed, "Failed to add interface", false);
1185 cli->sendMsg(ResponseCode::CommandOkay, "Add success", false);
1189 if (!strcmp(argv[1], "remove")) {
1191 cli->sendMsg(ResponseCode::CommandSyntaxError, "Missing argument", false);
1194 // ashish: fixme timeout
1195 if (0 != sIdletimerCtrl->removeInterfaceIdletimer(
1196 argv[2], atoi(argv[3]), argv[4])) {
1197 cli->sendMsg(ResponseCode::OperationFailed, "Failed to remove interface", false);
1199 cli->sendMsg(ResponseCode::CommandOkay, "Remove success", false);
1204 cli->sendMsg(ResponseCode::CommandSyntaxError, "Unknown idletimer cmd", false);
1208 CommandListener::FirewallCmd::FirewallCmd() :
1209 NetdCommand("firewall") {
1212 int CommandListener::FirewallCmd::sendGenericOkFail(SocketClient *cli, int cond) {
1214 cli->sendMsg(ResponseCode::CommandOkay, "Firewall command succeeded", false);
1216 cli->sendMsg(ResponseCode::OperationFailed, "Firewall command failed", false);
1221 FirewallRule CommandListener::FirewallCmd::parseRule(const char* arg) {
1222 if (!strcmp(arg, "allow")) {
1229 int CommandListener::FirewallCmd::runCommand(SocketClient *cli, int argc,
1232 cli->sendMsg(ResponseCode::CommandSyntaxError, "Missing command", false);
1236 if (!strcmp(argv[1], "enable")) {
1237 int res = sFirewallCtrl->enableFirewall();
1238 return sendGenericOkFail(cli, res);
1240 if (!strcmp(argv[1], "disable")) {
1241 int res = sFirewallCtrl->disableFirewall();
1242 return sendGenericOkFail(cli, res);
1244 if (!strcmp(argv[1], "is_enabled")) {
1245 int res = sFirewallCtrl->isFirewallEnabled();
1246 return sendGenericOkFail(cli, res);
1249 if (!strcmp(argv[1], "set_interface_rule")) {
1251 cli->sendMsg(ResponseCode::CommandSyntaxError,
1252 "Usage: firewall set_interface_rule <rmnet0> <allow|deny>", false);
1256 const char* iface = argv[2];
1257 FirewallRule rule = parseRule(argv[3]);
1259 int res = sFirewallCtrl->setInterfaceRule(iface, rule);
1260 return sendGenericOkFail(cli, res);
1263 if (!strcmp(argv[1], "set_egress_source_rule")) {
1265 cli->sendMsg(ResponseCode::CommandSyntaxError,
1266 "Usage: firewall set_egress_source_rule <192.168.0.1> <allow|deny>",
1271 const char* addr = argv[2];
1272 FirewallRule rule = parseRule(argv[3]);
1274 int res = sFirewallCtrl->setEgressSourceRule(addr, rule);
1275 return sendGenericOkFail(cli, res);
1278 if (!strcmp(argv[1], "set_egress_dest_rule")) {
1280 cli->sendMsg(ResponseCode::CommandSyntaxError,
1281 "Usage: firewall set_egress_dest_rule <192.168.0.1> <80> <allow|deny>",
1286 const char* addr = argv[2];
1287 int port = atoi(argv[3]);
1288 FirewallRule rule = parseRule(argv[4]);
1291 res |= sFirewallCtrl->setEgressDestRule(addr, PROTOCOL_TCP, port, rule);
1292 res |= sFirewallCtrl->setEgressDestRule(addr, PROTOCOL_UDP, port, rule);
1293 return sendGenericOkFail(cli, res);
1296 if (!strcmp(argv[1], "set_uid_rule")) {
1298 cli->sendMsg(ResponseCode::CommandSyntaxError,
1299 "Usage: firewall set_uid_rule <1000> <allow|deny>",
1304 int uid = atoi(argv[2]);
1305 FirewallRule rule = parseRule(argv[3]);
1307 int res = sFirewallCtrl->setUidRule(uid, rule);
1308 return sendGenericOkFail(cli, res);
1311 cli->sendMsg(ResponseCode::CommandSyntaxError, "Unknown command", false);
1315 CommandListener::ClatdCmd::ClatdCmd() : NetdCommand("clatd") {
1318 int CommandListener::ClatdCmd::runCommand(SocketClient *cli, int argc,
1322 cli->sendMsg(ResponseCode::CommandSyntaxError, "Missing argument", false);
1326 if (!strcmp(argv[1], "stop")) {
1327 rc = sClatdCtrl->stopClatd(argv[2]);
1328 } else if (!strcmp(argv[1], "status")) {
1330 asprintf(&tmp, "Clatd status: %s", (sClatdCtrl->isClatdStarted(argv[2]) ?
1331 "started" : "stopped"));
1332 cli->sendMsg(ResponseCode::ClatdStatusResult, tmp, false);
1335 } else if (!strcmp(argv[1], "start")) {
1336 rc = sClatdCtrl->startClatd(argv[2]);
1338 cli->sendMsg(ResponseCode::CommandSyntaxError, "Unknown clatd cmd", false);
1343 cli->sendMsg(ResponseCode::CommandOkay, "Clatd operation succeeded", false);
1345 cli->sendMsg(ResponseCode::OperationFailed, "Clatd operation failed", false);
1351 CommandListener::NetworkCommand::NetworkCommand() : NetdCommand("network") {
1354 int CommandListener::NetworkCommand::syntaxError(SocketClient* client, const char* message) {
1355 client->sendMsg(ResponseCode::CommandSyntaxError, message, false);
1359 int CommandListener::NetworkCommand::operationError(SocketClient* client, const char* message,
1362 client->sendMsg(ResponseCode::OperationFailed, message, true);
1366 int CommandListener::NetworkCommand::success(SocketClient* client) {
1367 client->sendMsg(ResponseCode::CommandOkay, "success", false);
1371 int CommandListener::NetworkCommand::runCommand(SocketClient* client, int argc, char** argv) {
1373 return syntaxError(client, "Missing argument");
1376 // 0 1 2 3 4 5 6 7 8
1377 // network route [legacy <uid>] add <netId> <interface> <destination> [nexthop]
1378 // network route [legacy <uid>] remove <netId> <interface> <destination> [nexthop]
1380 // nexthop may be either an IPv4/IPv6 address or one of "unreachable" or "throw".
1381 if (!strcmp(argv[1], "route")) {
1382 if (argc < 6 || argc > 9) {
1383 return syntaxError(client, "Incorrect number of arguments");
1387 bool legacy = false;
1389 if (!strcmp(argv[nextArg], "legacy")) {
1392 uid = strtoul(argv[nextArg++], NULL, 0);
1396 if (!strcmp(argv[nextArg], "add")) {
1398 } else if (strcmp(argv[nextArg], "remove")) {
1399 return syntaxError(client, "Unknown argument");
1403 if (argc < nextArg + 3 || argc > nextArg + 4) {
1404 return syntaxError(client, "Incorrect number of arguments");
1407 unsigned netId = stringToNetId(argv[nextArg++]);
1408 const char* interface = argv[nextArg++];
1409 const char* destination = argv[nextArg++];
1410 const char* nexthop = argc > nextArg ? argv[nextArg] : NULL;
1414 ret = sNetCtrl->addRoute(netId, interface, destination, nexthop, legacy, uid);
1416 ret = sNetCtrl->removeRoute(netId, interface, destination, nexthop, legacy, uid);
1419 return operationError(client, add ? "addRoute() failed" : "removeRoute() failed", ret);
1422 return success(client);
1426 // network interface add <netId> <interface>
1427 // network interface remove <netId> <interface>
1428 if (!strcmp(argv[1], "interface")) {
1430 return syntaxError(client, "Missing argument");
1432 unsigned netId = stringToNetId(argv[3]);
1433 if (!strcmp(argv[2], "add")) {
1434 if (int ret = sNetCtrl->addInterfaceToNetwork(netId, argv[4])) {
1435 return operationError(client, "addInterfaceToNetwork() failed", ret);
1437 } else if (!strcmp(argv[2], "remove")) {
1438 if (int ret = sNetCtrl->removeInterfaceFromNetwork(netId, argv[4])) {
1439 return operationError(client, "removeInterfaceFromNetwork() failed", ret);
1442 return syntaxError(client, "Unknown argument");
1444 return success(client);
1448 // network create <netId> [permission]
1451 // network create <netId> vpn <hasDns> <secure>
1452 if (!strcmp(argv[1], "create")) {
1454 return syntaxError(client, "Missing argument");
1456 unsigned netId = stringToNetId(argv[2]);
1457 if (argc == 6 && !strcmp(argv[3], "vpn")) {
1458 bool hasDns = atoi(argv[4]);
1459 bool secure = atoi(argv[5]);
1460 if (int ret = sNetCtrl->createVirtualNetwork(netId, hasDns, secure)) {
1461 return operationError(client, "createVirtualNetwork() failed", ret);
1463 } else if (argc > 4) {
1464 return syntaxError(client, "Unknown trailing argument(s)");
1466 Permission permission = PERMISSION_NONE;
1468 permission = stringToPermission(argv[3]);
1469 if (permission == PERMISSION_NONE) {
1470 return syntaxError(client, "Unknown permission");
1473 if (int ret = sNetCtrl->createPhysicalNetwork(netId, permission)) {
1474 return operationError(client, "createPhysicalNetwork() failed", ret);
1477 return success(client);
1481 // network destroy <netId>
1482 if (!strcmp(argv[1], "destroy")) {
1484 return syntaxError(client, "Incorrect number of arguments");
1486 unsigned netId = stringToNetId(argv[2]);
1487 if (int ret = sNetCtrl->destroyNetwork(netId)) {
1488 return operationError(client, "destroyNetwork() failed", ret);
1490 return success(client);
1494 // network default set <netId>
1495 // network default clear
1496 if (!strcmp(argv[1], "default")) {
1498 return syntaxError(client, "Missing argument");
1500 unsigned netId = NETID_UNSET;
1501 if (!strcmp(argv[2], "set")) {
1503 return syntaxError(client, "Missing netId");
1505 netId = stringToNetId(argv[3]);
1506 } else if (strcmp(argv[2], "clear")) {
1507 return syntaxError(client, "Unknown argument");
1509 if (int ret = sNetCtrl->setDefaultNetwork(netId)) {
1510 return operationError(client, "setDefaultNetwork() failed", ret);
1512 return success(client);
1516 // network permission user set <permission> <uid> ...
1517 // network permission user clear <uid> ...
1518 // network permission network set <permission> <netId> ...
1519 // network permission network clear <netId> ...
1520 if (!strcmp(argv[1], "permission")) {
1522 return syntaxError(client, "Missing argument");
1525 Permission permission = PERMISSION_NONE;
1526 if (!strcmp(argv[3], "set")) {
1527 permission = stringToPermission(argv[4]);
1528 if (permission == PERMISSION_NONE) {
1529 return syntaxError(client, "Unknown permission");
1532 } else if (strcmp(argv[3], "clear")) {
1533 return syntaxError(client, "Unknown argument");
1535 if (nextArg == argc) {
1536 return syntaxError(client, "Missing id");
1538 std::vector<unsigned> ids;
1539 for (; nextArg < argc; ++nextArg) {
1541 unsigned id = strtoul(argv[nextArg], &endPtr, 0);
1542 if (!*argv[nextArg] || *endPtr) {
1543 return syntaxError(client, "Invalid id");
1547 if (!strcmp(argv[2], "user")) {
1548 sNetCtrl->setPermissionForUsers(permission, ids);
1549 } else if (!strcmp(argv[2], "network")) {
1550 if (int ret = sNetCtrl->setPermissionForNetworks(permission, ids)) {
1551 return operationError(client, "setPermissionForNetworks() failed", ret);
1554 return syntaxError(client, "Unknown argument");
1556 return success(client);
1560 // network users add <netId> [<uid>[-<uid>]] ...
1561 // network users remove <netId> [<uid>[-<uid>]] ...
1562 if (!strcmp(argv[1], "users")) {
1564 return syntaxError(client, "Missing argument");
1566 unsigned netId = stringToNetId(argv[3]);
1567 UidRanges uidRanges;
1568 if (!uidRanges.parseFrom(argc - 4, argv + 4)) {
1569 return syntaxError(client, "Invalid UIDs");
1571 if (!strcmp(argv[2], "add")) {
1572 if (int ret = sNetCtrl->addUsersToNetwork(netId, uidRanges)) {
1573 return operationError(client, "addUsersToNetwork() failed", ret);
1575 } else if (!strcmp(argv[2], "remove")) {
1576 if (int ret = sNetCtrl->removeUsersFromNetwork(netId, uidRanges)) {
1577 return operationError(client, "removeUsersFromNetwork() failed", ret);
1580 return syntaxError(client, "Unknown argument");
1582 return success(client);
1586 // network protect allow <uid> ...
1587 // network protect deny <uid> ...
1588 if (!strcmp(argv[1], "protect")) {
1590 return syntaxError(client, "Missing argument");
1592 std::vector<uid_t> uids;
1593 for (int i = 3; i < argc; ++i) {
1594 uids.push_back(strtoul(argv[i], NULL, 0));
1596 if (!strcmp(argv[2], "allow")) {
1597 sNetCtrl->allowProtect(uids);
1598 } else if (!strcmp(argv[2], "deny")) {
1599 sNetCtrl->denyProtect(uids);
1601 return syntaxError(client, "Unknown argument");
1603 return success(client);
1606 return syntaxError(client, "Unknown argument");