Pass dnsmasq the socket mark to use for listen sockets.

This allows us to configure dnsmasq to reply to DHCP requests and DNS queries when a VPN is up. Bug: 37778642 Test: bullhead builds and boots Test: succesfully tethered when a VPN was connected Change-Id: I7d5899f80fae856a52a2019550b155bccee2888a
Citrus-CAF · May 10, 2017 · 3c57e25 · 3c57e25
1 parent 2b6ea76
commit 3c57e25
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 2 deletions.
diff --git a/server/TetherController.cpp b/server/TetherController.cpp
@@ -36,6 +36,7 @@
 #include "NetdConstants.h"
 #include "Permission.h"
 #include "InterfaceController.h"
+#include "NetworkController.h"
 #include "TetherController.h"
 
 namespace {
@@ -86,6 +87,9 @@ bool inBpToolsMode() {
 
 }  // namespace
 
+namespace android {
+namespace net {
+
 TetherController::TetherController() {
     mDnsNetId = 0;
     mDaemonFd = -1;
@@ -129,7 +133,7 @@ size_t TetherController::forwardingRequestCount() {
     return mForwardingRequests.size();
 }
 
-#define TETHER_START_CONST_ARG        8
+#define TETHER_START_CONST_ARG        10
 
 int TetherController::startTethering(int num_addrs, char **dhcp_ranges) {
     if (mDaemonPid != 0) {
@@ -169,6 +173,14 @@ int TetherController::startTethering(int num_addrs, char **dhcp_ranges) {
             close(pipefd[0]);
         }
 
+        Fwmark fwmark;
+        fwmark.netId = NetworkController::LOCAL_NET_ID;
+        fwmark.explicitlySelected = true;
+        fwmark.protectedFromVpn = true;
+        fwmark.permission = PERMISSION_SYSTEM;
+        char markStr[UINT32_HEX_STRLEN];
+        snprintf(markStr, sizeof(markStr), "0x%x", fwmark.intValue);
+
         int num_processed_args = TETHER_START_CONST_ARG + (num_addrs/2) + 1;
         char **args = (char **)malloc(sizeof(char *) * num_processed_args);
         args[num_processed_args - 1] = NULL;
@@ -180,7 +192,9 @@ int TetherController::startTethering(int num_addrs, char **dhcp_ranges) {
         // TODO: pipe through metered status from ConnService
         args[5] = (char *)"--dhcp-option-force=43,ANDROID_METERED";
         args[6] = (char *)"--pid-file";
-        args[7] = (char *)"";
+        args[7] = (char *)"--listen-mark";
+        args[8] = (char *)markStr;
+        args[9] = (char *)"";
 
         int nextArg = TETHER_START_CONST_ARG;
         for (int addrIndex = 0; addrIndex < num_addrs; addrIndex += 2) {
@@ -356,3 +370,6 @@ int TetherController::untetherInterface(const char *interface) {
 const std::list<std::string> &TetherController::getTetheredInterfaceList() const {
     return mInterfaces;
 }
+
+}  // namespace net
+}  // namespace android
diff --git a/server/TetherController.h b/server/TetherController.h
@@ -23,6 +23,8 @@
 #include <set>
 #include <string>
 
+namespace android {
+namespace net {
 
 class TetherController {
 private:
@@ -60,4 +62,7 @@ class TetherController {
     bool setIpFwdEnabled();
 };
 
+}  // namespace net
+}  // namespace android
+
 #endif