/*
|
* Copyright (C) 2012 The Android Open Source Project
|
*
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
* you may not use this file except in compliance with the License.
|
* You may obtain a copy of the License at
|
*
|
* http://www.apache.org/licenses/LICENSE-2.0
|
*
|
* Unless required by applicable law or agreed to in writing, software
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
* See the License for the specific language governing permissions and
|
* limitations under the License.
|
*/
|
|
package com.android.server.connectivity;
|
|
import android.net.ConnectivityManager;
|
import android.net.IDnsResolver;
|
import android.net.INetd;
|
import android.net.InetAddresses;
|
import android.net.InterfaceConfiguration;
|
import android.net.IpPrefix;
|
import android.net.LinkAddress;
|
import android.net.LinkProperties;
|
import android.net.NetworkInfo;
|
import android.net.RouteInfo;
|
import android.os.INetworkManagementService;
|
import android.os.RemoteException;
|
import android.os.ServiceSpecificException;
|
import android.util.Slog;
|
|
import com.android.internal.annotations.VisibleForTesting;
|
import com.android.internal.util.ArrayUtils;
|
import com.android.server.net.BaseNetworkObserver;
|
|
import java.net.Inet4Address;
|
import java.net.Inet6Address;
|
import java.util.Objects;
|
|
/**
|
* Class to manage a 464xlat CLAT daemon. Nat464Xlat is not thread safe and should be manipulated
|
* from a consistent and unique thread context. It is the responsibility of ConnectivityService to
|
* call into this class from its own Handler thread.
|
*
|
* @hide
|
*/
|
public class Nat464Xlat extends BaseNetworkObserver {
|
private static final String TAG = Nat464Xlat.class.getSimpleName();
|
|
// This must match the interface prefix in clatd.c.
|
private static final String CLAT_PREFIX = "v4-";
|
|
// The network types on which we will start clatd,
|
// allowing clat only on networks for which we can support IPv6-only.
|
private static final int[] NETWORK_TYPES = {
|
ConnectivityManager.TYPE_MOBILE,
|
ConnectivityManager.TYPE_WIFI,
|
ConnectivityManager.TYPE_ETHERNET,
|
};
|
|
// The network states in which running clatd is supported.
|
private static final NetworkInfo.State[] NETWORK_STATES = {
|
NetworkInfo.State.CONNECTED,
|
NetworkInfo.State.SUSPENDED,
|
};
|
|
private final IDnsResolver mDnsResolver;
|
private final INetd mNetd;
|
private final INetworkManagementService mNMService;
|
|
// The network we're running on, and its type.
|
private final NetworkAgentInfo mNetwork;
|
|
private enum State {
|
IDLE, // start() not called. Base iface and stacked iface names are null.
|
DISCOVERING, // same as IDLE, except prefix discovery in progress.
|
STARTING, // start() called. Base iface and stacked iface names are known.
|
RUNNING, // start() called, and the stacked iface is known to be up.
|
}
|
|
private IpPrefix mNat64Prefix;
|
private String mBaseIface;
|
private String mIface;
|
private Inet6Address mIPv6Address;
|
private State mState = State.IDLE;
|
|
public Nat464Xlat(NetworkAgentInfo nai, INetd netd, IDnsResolver dnsResolver,
|
INetworkManagementService nmService) {
|
mDnsResolver = dnsResolver;
|
mNetd = netd;
|
mNMService = nmService;
|
mNetwork = nai;
|
}
|
|
/**
|
* Whether to attempt 464xlat on this network. This is true for an IPv6-only network that is
|
* currently connected and where the NetworkAgent has not disabled 464xlat. It is the signal to
|
* enable NAT64 prefix discovery.
|
*
|
* @param network the NetworkAgentInfo corresponding to the network.
|
* @return true if the network requires clat, false otherwise.
|
*/
|
@VisibleForTesting
|
protected static boolean requiresClat(NetworkAgentInfo nai) {
|
// TODO: migrate to NetworkCapabilities.TRANSPORT_*.
|
final boolean supported = ArrayUtils.contains(NETWORK_TYPES, nai.networkInfo.getType());
|
final boolean connected = ArrayUtils.contains(NETWORK_STATES, nai.networkInfo.getState());
|
|
// Only run clat on networks that have a global IPv6 address and don't have a native IPv4
|
// address.
|
LinkProperties lp = nai.linkProperties;
|
final boolean isIpv6OnlyNetwork = (lp != null) && lp.hasGlobalIpv6Address()
|
&& !lp.hasIpv4Address();
|
|
// If the network tells us it doesn't use clat, respect that.
|
final boolean skip464xlat = (nai.netMisc() != null) && nai.netMisc().skip464xlat;
|
|
return supported && connected && isIpv6OnlyNetwork && !skip464xlat;
|
}
|
|
/**
|
* Whether the clat demon should be started on this network now. This is true if requiresClat is
|
* true and a NAT64 prefix has been discovered.
|
*
|
* @param nai the NetworkAgentInfo corresponding to the network.
|
* @return true if the network should start clat, false otherwise.
|
*/
|
@VisibleForTesting
|
protected static boolean shouldStartClat(NetworkAgentInfo nai) {
|
LinkProperties lp = nai.linkProperties;
|
return requiresClat(nai) && lp != null && lp.getNat64Prefix() != null;
|
}
|
|
/**
|
* @return true if we have started prefix discovery and not yet stopped it (regardless of
|
* whether it is still running or has succeeded).
|
* A true result corresponds to internal states DISCOVERING, STARTING and RUNNING.
|
*/
|
public boolean isPrefixDiscoveryStarted() {
|
return mState == State.DISCOVERING || isStarted();
|
}
|
|
/**
|
* @return true if clatd has been started and has not yet stopped.
|
* A true result corresponds to internal states STARTING and RUNNING.
|
*/
|
public boolean isStarted() {
|
return (mState == State.STARTING || mState == State.RUNNING);
|
}
|
|
/**
|
* @return true if clatd has been started but the stacked interface is not yet up.
|
*/
|
public boolean isStarting() {
|
return mState == State.STARTING;
|
}
|
|
/**
|
* @return true if clatd has been started and the stacked interface is up.
|
*/
|
public boolean isRunning() {
|
return mState == State.RUNNING;
|
}
|
|
/**
|
* Start clatd, register this Nat464Xlat as a network observer for the stacked interface,
|
* and set internal state.
|
*/
|
private void enterStartingState(String baseIface) {
|
try {
|
mNMService.registerObserver(this);
|
} catch (RemoteException e) {
|
Slog.e(TAG, "Can't register interface observer for clat on " + mNetwork.name());
|
return;
|
}
|
|
String addrStr = null;
|
try {
|
addrStr = mNetd.clatdStart(baseIface, mNat64Prefix.toString());
|
} catch (RemoteException | ServiceSpecificException e) {
|
Slog.e(TAG, "Error starting clatd on " + baseIface + ": " + e);
|
}
|
mIface = CLAT_PREFIX + baseIface;
|
mBaseIface = baseIface;
|
mState = State.STARTING;
|
try {
|
mIPv6Address = (Inet6Address) InetAddresses.parseNumericAddress(addrStr);
|
} catch (ClassCastException | IllegalArgumentException | NullPointerException e) {
|
Slog.e(TAG, "Invalid IPv6 address " + addrStr);
|
}
|
}
|
|
/**
|
* Enter running state just after getting confirmation that the stacked interface is up, and
|
* turn ND offload off if on WiFi.
|
*/
|
private void enterRunningState() {
|
mState = State.RUNNING;
|
}
|
|
/**
|
* Unregister as a base observer for the stacked interface, and clear internal state.
|
*/
|
private void leaveStartedState() {
|
try {
|
mNMService.unregisterObserver(this);
|
} catch (RemoteException | IllegalStateException e) {
|
Slog.e(TAG, "Error unregistering clatd observer on " + mBaseIface + ": " + e);
|
}
|
mIface = null;
|
mBaseIface = null;
|
mState = State.IDLE;
|
if (requiresClat(mNetwork)) {
|
mState = State.DISCOVERING;
|
} else {
|
stopPrefixDiscovery();
|
mState = State.IDLE;
|
}
|
}
|
|
@VisibleForTesting
|
protected void start() {
|
if (isStarted()) {
|
Slog.e(TAG, "startClat: already started");
|
return;
|
}
|
|
if (mNetwork.linkProperties == null) {
|
Slog.e(TAG, "startClat: Can't start clat with null LinkProperties");
|
return;
|
}
|
|
String baseIface = mNetwork.linkProperties.getInterfaceName();
|
if (baseIface == null) {
|
Slog.e(TAG, "startClat: Can't start clat on null interface");
|
return;
|
}
|
// TODO: should we only do this if mNetd.clatdStart() succeeds?
|
Slog.i(TAG, "Starting clatd on " + baseIface);
|
enterStartingState(baseIface);
|
}
|
|
@VisibleForTesting
|
protected void stop() {
|
if (!isStarted()) {
|
Slog.e(TAG, "stopClat: already stopped");
|
return;
|
}
|
|
Slog.i(TAG, "Stopping clatd on " + mBaseIface);
|
try {
|
mNetd.clatdStop(mBaseIface);
|
} catch (RemoteException | ServiceSpecificException e) {
|
Slog.e(TAG, "Error stopping clatd on " + mBaseIface + ": " + e);
|
}
|
|
String iface = mIface;
|
boolean wasRunning = isRunning();
|
|
// Change state before updating LinkProperties. handleUpdateLinkProperties ends up calling
|
// fixupLinkProperties, and if at that time the state is still RUNNING, fixupLinkProperties
|
// would wrongly inform ConnectivityService that there is still a stacked interface.
|
leaveStartedState();
|
|
if (wasRunning) {
|
LinkProperties lp = new LinkProperties(mNetwork.linkProperties);
|
lp.removeStackedLink(iface);
|
mNetwork.connService().handleUpdateLinkProperties(mNetwork, lp);
|
}
|
}
|
|
private void startPrefixDiscovery() {
|
try {
|
mDnsResolver.startPrefix64Discovery(getNetId());
|
mState = State.DISCOVERING;
|
} catch (RemoteException | ServiceSpecificException e) {
|
Slog.e(TAG, "Error starting prefix discovery on netId " + getNetId() + ": " + e);
|
}
|
}
|
|
private void stopPrefixDiscovery() {
|
try {
|
mDnsResolver.stopPrefix64Discovery(getNetId());
|
} catch (RemoteException | ServiceSpecificException e) {
|
Slog.e(TAG, "Error stopping prefix discovery on netId " + getNetId() + ": " + e);
|
}
|
}
|
|
/**
|
* Starts/stops NAT64 prefix discovery and clatd as necessary.
|
*/
|
public void update() {
|
// TODO: turn this class into a proper StateMachine. // http://b/126113090
|
if (requiresClat(mNetwork)) {
|
if (!isPrefixDiscoveryStarted()) {
|
startPrefixDiscovery();
|
} else if (shouldStartClat(mNetwork)) {
|
// NAT64 prefix detected. Start clatd.
|
// TODO: support the NAT64 prefix changing after it's been discovered. There is no
|
// need to support this at the moment because it cannot happen without changes to
|
// the Dns64Configuration code in netd.
|
start();
|
} else {
|
// NAT64 prefix removed. Stop clatd and go back into DISCOVERING state.
|
stop();
|
}
|
} else {
|
// Network no longer requires clat. Stop clat and prefix discovery.
|
if (isStarted()) {
|
stop();
|
} else if (isPrefixDiscoveryStarted()) {
|
leaveStartedState();
|
}
|
}
|
}
|
|
public void setNat64Prefix(IpPrefix nat64Prefix) {
|
mNat64Prefix = nat64Prefix;
|
}
|
|
/**
|
* Copies the stacked clat link in oldLp, if any, to the passed LinkProperties.
|
* This is necessary because the LinkProperties in mNetwork come from the transport layer, which
|
* has no idea that 464xlat is running on top of it.
|
*/
|
public void fixupLinkProperties(LinkProperties oldLp, LinkProperties lp) {
|
lp.setNat64Prefix(mNat64Prefix);
|
|
if (!isRunning()) {
|
return;
|
}
|
if (lp == null || lp.getAllInterfaceNames().contains(mIface)) {
|
return;
|
}
|
|
Slog.d(TAG, "clatd running, updating NAI for " + mIface);
|
for (LinkProperties stacked: oldLp.getStackedLinks()) {
|
if (Objects.equals(mIface, stacked.getInterfaceName())) {
|
lp.addStackedLink(stacked);
|
return;
|
}
|
}
|
}
|
|
private LinkProperties makeLinkProperties(LinkAddress clatAddress) {
|
LinkProperties stacked = new LinkProperties();
|
stacked.setInterfaceName(mIface);
|
|
// Although the clat interface is a point-to-point tunnel, we don't
|
// point the route directly at the interface because some apps don't
|
// understand routes without gateways (see, e.g., http://b/9597256
|
// http://b/9597516). Instead, set the next hop of the route to the
|
// clat IPv4 address itself (for those apps, it doesn't matter what
|
// the IP of the gateway is, only that there is one).
|
RouteInfo ipv4Default = new RouteInfo(
|
new LinkAddress(Inet4Address.ANY, 0),
|
clatAddress.getAddress(), mIface);
|
stacked.addRoute(ipv4Default);
|
stacked.addLinkAddress(clatAddress);
|
return stacked;
|
}
|
|
private LinkAddress getLinkAddress(String iface) {
|
try {
|
InterfaceConfiguration config = mNMService.getInterfaceConfig(iface);
|
return config.getLinkAddress();
|
} catch (RemoteException | IllegalStateException e) {
|
Slog.e(TAG, "Error getting link properties: " + e);
|
return null;
|
}
|
}
|
|
/**
|
* Adds stacked link on base link and transitions to RUNNING state.
|
*/
|
private void handleInterfaceLinkStateChanged(String iface, boolean up) {
|
// TODO: if we call start(), then stop(), then start() again, and the
|
// interfaceLinkStateChanged notification for the first start is delayed past the first
|
// stop, then the code becomes out of sync with system state and will behave incorrectly.
|
//
|
// This is not trivial to fix because:
|
// 1. It is not guaranteed that start() will eventually result in the interface coming up,
|
// because there could be an error starting clat (e.g., if the interface goes down before
|
// the packet socket can be bound).
|
// 2. If start is called multiple times, there is nothing in the interfaceLinkStateChanged
|
// notification that says which start() call the interface was created by.
|
//
|
// Once this code is converted to StateMachine, it will be possible to use deferMessage to
|
// ensure it stays in STARTING state until the interfaceLinkStateChanged notification fires,
|
// and possibly use a timeout (or provide some guarantees at the lower layer) to address #1.
|
if (!isStarting() || !up || !Objects.equals(mIface, iface)) {
|
return;
|
}
|
|
LinkAddress clatAddress = getLinkAddress(iface);
|
if (clatAddress == null) {
|
Slog.e(TAG, "clatAddress was null for stacked iface " + iface);
|
return;
|
}
|
|
Slog.i(TAG, String.format("interface %s is up, adding stacked link %s on top of %s",
|
mIface, mIface, mBaseIface));
|
enterRunningState();
|
LinkProperties lp = new LinkProperties(mNetwork.linkProperties);
|
lp.addStackedLink(makeLinkProperties(clatAddress));
|
mNetwork.connService().handleUpdateLinkProperties(mNetwork, lp);
|
}
|
|
/**
|
* Removes stacked link on base link and transitions to IDLE state.
|
*/
|
private void handleInterfaceRemoved(String iface) {
|
if (!Objects.equals(mIface, iface)) {
|
return;
|
}
|
if (!isRunning()) {
|
return;
|
}
|
|
Slog.i(TAG, "interface " + iface + " removed");
|
// If we're running, and the interface was removed, then we didn't call stop(), and it's
|
// likely that clatd crashed. Ensure we call stop() so we can start clatd again. Calling
|
// stop() will also update LinkProperties, and if clatd crashed, the LinkProperties update
|
// will cause ConnectivityService to call start() again.
|
stop();
|
}
|
|
@Override
|
public void interfaceLinkStateChanged(String iface, boolean up) {
|
mNetwork.handler().post(() -> { handleInterfaceLinkStateChanged(iface, up); });
|
}
|
|
@Override
|
public void interfaceRemoved(String iface) {
|
mNetwork.handler().post(() -> { handleInterfaceRemoved(iface); });
|
}
|
|
@Override
|
public String toString() {
|
return "mBaseIface: " + mBaseIface + ", mIface: " + mIface + ", mState: " + mState;
|
}
|
|
@VisibleForTesting
|
protected int getNetId() {
|
return mNetwork.network.netId;
|
}
|
}
|
