1 /** 2 * Copyright (c) 2016, The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package android.net; 18 19 import android.net.UidRange; 20 import android.os.PersistableBundle; 21 22 /** {@hide} */ 23 interface INetd { 24 /** 25 * Returns true if the service is responding. 26 */ isAlive()27 boolean isAlive(); 28 29 /** 30 * Replaces the contents of the specified UID-based firewall chain. 31 * 32 * The chain may be a whitelist chain or a blacklist chain. A blacklist chain contains DROP 33 * rules for the specified UIDs and a RETURN rule at the end. A whitelist chain contains RETURN 34 * rules for the system UID range (0 to {@code UID_APP} - 1), RETURN rules for for the specified 35 * UIDs, and a DROP rule at the end. The chain will be created if it does not exist. 36 * 37 * @param chainName The name of the chain to replace. 38 * @param isWhitelist Whether this is a whitelist or blacklist chain. 39 * @param uids The list of UIDs to allow/deny. 40 * @return true if the chain was successfully replaced, false otherwise. 41 */ firewallReplaceUidChain(String chainName, boolean isWhitelist, in int[] uids)42 boolean firewallReplaceUidChain(String chainName, boolean isWhitelist, in int[] uids); 43 44 /** 45 * Enables or disables data saver mode on costly network interfaces. 46 * 47 * - When disabled, all packets to/from apps in the penalty box chain are rejected on costly 48 * interfaces. Traffic to/from other apps or on other network interfaces is allowed. 49 * - When enabled, only apps that are in the happy box chain and not in the penalty box chain 50 * are allowed network connectivity on costly interfaces. All other packets on these 51 * interfaces are rejected. The happy box chain always contains all system UIDs; to disallow 52 * traffic from system UIDs, place them in the penalty box chain. 53 * 54 * By default, data saver mode is disabled. This command has no effect but might still return an 55 * error) if {@code enable} is the same as the current value. 56 * 57 * @param enable whether to enable or disable data saver mode. 58 * @return true if the if the operation was successful, false otherwise. 59 */ bandwidthEnableDataSaver(boolean enable)60 boolean bandwidthEnableDataSaver(boolean enable); 61 62 // Network permission values. 63 const String PERMISSION_NETWORK = "NETWORK"; 64 const String PERMISSION_SYSTEM = "SYSTEM"; 65 66 /** 67 * Creates a physical network (i.e., one containing physical interfaces. 68 * 69 * @param netId the networkId to create. 70 * @param permission the permission necessary to use the network. Must be one of the 71 * PERMISSION_xxx values above. 72 * 73 * @throws ServiceSpecificException in case of failure, with an error code corresponding to the 74 * unix errno. 75 */ networkCreatePhysical(int netId, @utf8InCpp String permission)76 void networkCreatePhysical(int netId, @utf8InCpp String permission); 77 78 /** 79 * Creates a VPN network. 80 * 81 * @param netId the network to create. 82 * @param hasDns whether the VPN has DNS servers. 83 * @param secure whether unprivileged apps are allowed to bypass the VPN. 84 * 85 * @throws ServiceSpecificException in case of failure, with an error code corresponding to the 86 * unix errno. 87 */ networkCreateVpn(int netId, boolean hasDns, boolean secure)88 void networkCreateVpn(int netId, boolean hasDns, boolean secure); 89 90 /** 91 * Destroys a network. Any interfaces added to the network are removed, and the network ceases 92 * to be the default network. 93 * 94 * @param netId the network to destroy. 95 * 96 * @throws ServiceSpecificException in case of failure, with an error code corresponding to the 97 * unix errno. 98 */ networkDestroy(int netId)99 void networkDestroy(int netId); 100 101 /** 102 * Adds an interface to a network. The interface must not be assigned to any network, including 103 * the specified network. 104 * 105 * @param netId the network to add the interface to. 106 * @param interface the name of the interface to add. 107 * 108 * @throws ServiceSpecificException in case of failure, with an error code corresponding to the 109 * unix errno. 110 */ networkAddInterface(int netId, in @utf8InCpp String iface)111 void networkAddInterface(int netId, in @utf8InCpp String iface); 112 113 /** 114 * Adds an interface to a network. The interface must be assigned to the specified network. 115 * 116 * @param netId the network to remove the interface from. 117 * @param interface the name of the interface to remove. 118 * 119 * @throws ServiceSpecificException in case of failure, with an error code corresponding to the 120 * unix errno. 121 */ networkRemoveInterface(int netId, in @utf8InCpp String iface)122 void networkRemoveInterface(int netId, in @utf8InCpp String iface); 123 124 /** 125 * Adds the specified UID ranges to the specified network. The network must be a VPN. Traffic 126 * from the UID ranges will be routed through the VPN. 127 * 128 * @param netId the network ID of the network to add the ranges to. 129 * @param uidRanges a set of non-overlapping, contiguous ranges of UIDs to add. The ranges 130 * must not overlap with existing ranges routed to this network. 131 * 132 * @throws ServiceSpecificException in case of failure, with an error code corresponding to the 133 * unix errno. 134 */ networkAddUidRanges(int netId, in UidRange[] uidRanges)135 void networkAddUidRanges(int netId, in UidRange[] uidRanges); 136 137 /** 138 * Adds the specified UID ranges to the specified network. The network must be a VPN. Traffic 139 * from the UID ranges will no longer be routed through the VPN. 140 * 141 * @param netId the network ID of the network to remove the ranges from. 142 * @param uidRanges a set of non-overlapping, contiguous ranges of UIDs to add. The ranges 143 * must already be routed to this network. 144 * 145 * @throws ServiceSpecificException in case of failure, with an error code corresponding to the 146 * unix errno. 147 */ networkRemoveUidRanges(int netId, in UidRange[] uidRanges)148 void networkRemoveUidRanges(int netId, in UidRange[] uidRanges); 149 150 /** 151 * Adds or removes one rule for each supplied UID range to prohibit all network activity outside 152 * of secure VPN. 153 * 154 * When a UID is covered by one of these rules, traffic sent through any socket that is not 155 * protected or explicitly overriden by the system will be rejected. The kernel will respond 156 * with an ICMP prohibit message. 157 * 158 * Initially, there are no such rules. Any rules that are added will only last until the next 159 * restart of netd or the device. 160 * 161 * @param add {@code true} if the specified UID ranges should be denied access to any network 162 * which is not secure VPN by adding rules, {@code false} to remove existing rules. 163 * @param uidRanges a set of non-overlapping, contiguous ranges of UIDs to which to apply or 164 * remove this restriction. 165 * <p> Added rules should not overlap with existing rules. Likewise, removed rules should 166 * each correspond to an existing rule. 167 * 168 * @throws ServiceSpecificException in case of failure, with an error code corresponding to the 169 * unix errno. 170 */ networkRejectNonSecureVpn(boolean add, in UidRange[] uidRanges)171 void networkRejectNonSecureVpn(boolean add, in UidRange[] uidRanges); 172 173 /** 174 * Administratively closes sockets belonging to the specified UIDs. 175 */ socketDestroy(in UidRange[] uidRanges, in int[] exemptUids)176 void socketDestroy(in UidRange[] uidRanges, in int[] exemptUids); 177 178 // Array indices for resolver parameters. 179 const int RESOLVER_PARAMS_SAMPLE_VALIDITY = 0; 180 const int RESOLVER_PARAMS_SUCCESS_THRESHOLD = 1; 181 const int RESOLVER_PARAMS_MIN_SAMPLES = 2; 182 const int RESOLVER_PARAMS_MAX_SAMPLES = 3; 183 const int RESOLVER_PARAMS_COUNT = 4; 184 185 /** 186 * Sets the name servers, search domains and resolver params for the given network. Flushes the 187 * cache as needed (i.e. when the servers or the number of samples to store changes). 188 * 189 * @param netId the network ID of the network for which information should be configured. 190 * @param servers the DNS servers to configure for the network. 191 * @param domains the search domains to configure. 192 * @param params the params to set. This array contains RESOLVER_PARAMS_COUNT integers that 193 * encode the contents of Bionic's __res_params struct, i.e. sample_validity is stored at 194 * position RESOLVER_PARAMS_SAMPLE_VALIDITY, etc. 195 * @param tlsName The TLS subject name to require for all servers, or empty if there is none. 196 * @param tlsServers the DNS servers to configure for strict mode Private DNS. 197 * @param tlsFingerprints An array containing TLS public key fingerprints (pins) of which each 198 * server must match at least one, or empty if there are no pinned keys. 199 * @throws ServiceSpecificException in case of failure, with an error code corresponding to the 200 * unix errno. 201 */ setResolverConfiguration(int netId, in @utf8InCpp String[] servers, in @utf8InCpp String[] domains, in int[] params, in @utf8InCpp String tlsName, in @utf8InCpp String[] tlsServers, in @utf8InCpp String[] tlsFingerprints)202 void setResolverConfiguration(int netId, in @utf8InCpp String[] servers, 203 in @utf8InCpp String[] domains, in int[] params, 204 in @utf8InCpp String tlsName, in @utf8InCpp String[] tlsServers, 205 in @utf8InCpp String[] tlsFingerprints); 206 207 // Array indices for resolver stats. 208 const int RESOLVER_STATS_SUCCESSES = 0; 209 const int RESOLVER_STATS_ERRORS = 1; 210 const int RESOLVER_STATS_TIMEOUTS = 2; 211 const int RESOLVER_STATS_INTERNAL_ERRORS = 3; 212 const int RESOLVER_STATS_RTT_AVG = 4; 213 const int RESOLVER_STATS_LAST_SAMPLE_TIME = 5; 214 const int RESOLVER_STATS_USABLE = 6; 215 const int RESOLVER_STATS_COUNT = 7; 216 217 /** 218 * Retrieves the name servers, search domains and resolver stats associated with the given 219 * network ID. 220 * 221 * @param netId the network ID of the network for which information should be retrieved. 222 * @param servers the DNS servers that are currently configured for the network. 223 * @param domains the search domains currently configured. 224 * @param params the resolver parameters configured, i.e. the contents of __res_params in order. 225 * @param stats the stats for each server in the order specified by RESOLVER_STATS_XXX 226 * constants, serialized as an int array. The contents of this array are the number of 227 * <ul> 228 * <li> successes, 229 * <li> errors, 230 * <li> timeouts, 231 * <li> internal errors, 232 * <li> the RTT average, 233 * <li> the time of the last recorded sample, 234 * <li> and an integer indicating whether the server is usable (1) or broken (0). 235 * </ul> 236 * in this order. For example, the timeout counter for server N is stored at position 237 * RESOLVER_STATS_COUNT*N + RESOLVER_STATS_TIMEOUTS 238 * @throws ServiceSpecificException in case of failure, with an error code corresponding to the 239 * unix errno. 240 */ getResolverInfo(int netId, out @utf8InCpp String[] servers, out @utf8InCpp String[] domains, out int[] params, out int[] stats)241 void getResolverInfo(int netId, out @utf8InCpp String[] servers, 242 out @utf8InCpp String[] domains, out int[] params, out int[] stats); 243 244 /** 245 * Instruct the tethering DNS server to reevaluated serving interfaces. 246 * This is needed to for the DNS server to observe changes in the set 247 * of potential listening IP addresses. (Listening on wildcard addresses 248 * can turn the device into an open resolver; b/7530468) 249 * 250 * TODO: Return something richer than just a boolean. 251 */ tetherApplyDnsInterfaces()252 boolean tetherApplyDnsInterfaces(); 253 254 // Ordering of the elements in the arrays returned by tetherGetStats. 255 const int TETHER_STATS_RX_BYTES = 0; 256 const int TETHER_STATS_RX_PACKETS = 1; 257 const int TETHER_STATS_TX_BYTES = 2; 258 const int TETHER_STATS_TX_PACKETS = 3; 259 const int TETHER_STATS_ARRAY_SIZE = 4; 260 261 /** 262 * Return tethering statistics. 263 * 264 * @return a PersistableBundle, where each entry maps the upstream interface name to an array 265 * of longs representing stats. The array is TETHER_STATS_ARRAY_SIZE elements long and 266 * the order of the elements is specified by the TETHER_STATS_{RX,TX}_{PACKETS,BYTES} 267 * constants. 268 * @throws ServiceSpecificException in case of failure, with an error code indicating the 269 * cause of the the failure. 270 */ tetherGetStats()271 PersistableBundle tetherGetStats(); 272 273 /** 274 * Add/Remove and IP address from an interface. 275 * 276 * @param ifName the interface name 277 * @param addrString the IP address to add/remove as a string literal 278 * @param prefixLength the prefix length associated with this IP address 279 * 280 * @throws ServiceSpecificException in case of failure, with an error code corresponding to the 281 * unix errno. 282 */ interfaceAddAddress(in @tf8InCpp String ifName, in @utf8InCpp String addrString, int prefixLength)283 void interfaceAddAddress(in @utf8InCpp String ifName, in @utf8InCpp String addrString, 284 int prefixLength); interfaceDelAddress(in @tf8InCpp String ifName, in @utf8InCpp String addrString, int prefixLength)285 void interfaceDelAddress(in @utf8InCpp String ifName, in @utf8InCpp String addrString, 286 int prefixLength); 287 288 /** 289 * Set and get /proc/sys/net interface configuration parameters. 290 * 291 * @param family One of IPV4/IPV6 integers, indicating the desired address family directory. 292 * @param which One of CONF/NEIGH integers, indicating the desired parameter category directory. 293 * @param ifname The interface name portion of the path; may also be "all" or "default". 294 * @param parameter The parameter name portion of the path. 295 * @param value The value string to be written into the assembled path. 296 */ 297 298 const int IPV4 = 4; 299 const int IPV6 = 6; 300 const int CONF = 1; 301 const int NEIGH = 2; setProcSysNet(int family, int which, in @utf8InCpp String ifname, in @utf8InCpp String parameter, in @utf8InCpp String value)302 void setProcSysNet(int family, int which, in @utf8InCpp String ifname, 303 in @utf8InCpp String parameter, in @utf8InCpp String value); 304 // TODO: add corresponding getProcSysNet(). 305 306 /** 307 * Get/Set metrics reporting level. 308 * 309 * Reporting level is one of: 310 * 0 (NONE) 311 * 1 (METRICS) 312 * 2 (FULL) 313 */ getMetricsReportingLevel()314 int getMetricsReportingLevel(); setMetricsReportingLevel(int level)315 void setMetricsReportingLevel(int level); 316 317 /** 318 * Sets owner of socket FileDescriptor to the new UID, checking to ensure that the caller's 319 * uid is that of the old owner's, and that this is a UDP-encap socket 320 * 321 * @param FileDescriptor socket Socket file descriptor 322 * @param int newUid UID of the new socket fd owner 323 */ ipSecSetEncapSocketOwner(in FileDescriptor socket, int newUid)324 void ipSecSetEncapSocketOwner(in FileDescriptor socket, int newUid); 325 326 /** 327 * Reserve an SPI from the kernel 328 * 329 * @param transformId a unique identifier for allocated resources 330 * @param sourceAddress InetAddress as string for the sending endpoint 331 * @param destinationAddress InetAddress as string for the receiving endpoint 332 * @param spi a requested 32-bit unique ID or 0 to request random allocation 333 * @return the SPI that was allocated or 0 if failed 334 */ ipSecAllocateSpi( int transformId, in @utf8InCpp String sourceAddress, in @utf8InCpp String destinationAddress, int spi)335 int ipSecAllocateSpi( 336 int transformId, 337 in @utf8InCpp String sourceAddress, 338 in @utf8InCpp String destinationAddress, 339 int spi); 340 341 /** 342 * Create an IpSec Security Association describing how ip(v6) traffic will be encrypted 343 * or decrypted. 344 * 345 * @param transformId a unique identifier for allocated resources 346 * @param mode either Transport or Tunnel mode 347 * @param sourceAddress InetAddress as string for the sending endpoint 348 * @param destinationAddress InetAddress as string for the receiving endpoint 349 * @param underlyingNetId the netId of the network to which the SA is applied 350 * @param spi a 32-bit unique ID allocated to the user 351 * @param markValue a 32-bit unique ID chosen by the user 352 * @param markMask a 32-bit mask chosen by the user 353 * @param authAlgo a string identifying the authentication algorithm to be used 354 * @param authKey a byte array containing the authentication key 355 * @param authTruncBits the truncation length of the MAC produced by the authentication algorithm 356 * @param cryptAlgo a string identifying the encryption algorithm to be used 357 * @param cryptKey a byte arrray containing the encryption key 358 * @param cryptTruncBits unused parameter 359 * @param aeadAlgo a string identifying the authenticated encryption algorithm to be used 360 * @param aeadKey a byte arrray containing the key to be used in authenticated encryption 361 * @param aeadIcvBits the truncation length of the ICV produced by the authentication algorithm 362 * (similar to authTruncBits in function) 363 * @param encapType encapsulation type used (if any) for the udp encap socket 364 * @param encapLocalPort the port number on the host to be used in encap packets 365 * @param encapRemotePort the port number of the remote to be used for encap packets 366 */ ipSecAddSecurityAssociation( int transformId, int mode, in @utf8InCpp String sourceAddress, in @utf8InCpp String destinationAddress, int underlyingNetId, int spi, int markValue, int markMask, in @utf8InCpp String authAlgo, in byte[] authKey, in int authTruncBits, in @utf8InCpp String cryptAlgo, in byte[] cryptKey, in int cryptTruncBits, in @utf8InCpp String aeadAlgo, in byte[] aeadKey, in int aeadIcvBits, int encapType, int encapLocalPort, int encapRemotePort)367 void ipSecAddSecurityAssociation( 368 int transformId, 369 int mode, 370 in @utf8InCpp String sourceAddress, 371 in @utf8InCpp String destinationAddress, 372 int underlyingNetId, 373 int spi, 374 int markValue, 375 int markMask, 376 in @utf8InCpp String authAlgo, in byte[] authKey, in int authTruncBits, 377 in @utf8InCpp String cryptAlgo, in byte[] cryptKey, in int cryptTruncBits, 378 in @utf8InCpp String aeadAlgo, in byte[] aeadKey, in int aeadIcvBits, 379 int encapType, 380 int encapLocalPort, 381 int encapRemotePort); 382 383 /** 384 * Delete a previously created security association identified by the provided parameters 385 * 386 * @param transformId a unique identifier for allocated resources 387 * @param sourceAddress InetAddress as string for the sending endpoint 388 * @param destinationAddress InetAddress as string for the receiving endpoint 389 * @param spi a requested 32-bit unique ID allocated to the user 390 * @param markValue a 32-bit unique ID chosen by the user 391 * @param markMask a 32-bit mask chosen by the user 392 */ ipSecDeleteSecurityAssociation( int transformId, in @utf8InCpp String sourceAddress, in @utf8InCpp String destinationAddress, int spi, int markValue, int markMask)393 void ipSecDeleteSecurityAssociation( 394 int transformId, 395 in @utf8InCpp String sourceAddress, 396 in @utf8InCpp String destinationAddress, 397 int spi, 398 int markValue, 399 int markMask); 400 401 /** 402 * Apply a previously created SA to a specified socket, starting IPsec on that socket 403 * 404 * @param socket a user-provided socket that will have IPsec applied 405 * @param transformId a unique identifier for allocated resources 406 * @param direction DIRECTION_IN or DIRECTION_OUT 407 * @param sourceAddress InetAddress as string for the sending endpoint 408 * @param destinationAddress InetAddress as string for the receiving endpoint 409 * @param spi a 32-bit unique ID allocated to the user (socket owner) 410 */ ipSecApplyTransportModeTransform( in FileDescriptor socket, int transformId, int direction, in @utf8InCpp String sourceAddress, in @utf8InCpp String destinationAddress, int spi)411 void ipSecApplyTransportModeTransform( 412 in FileDescriptor socket, 413 int transformId, 414 int direction, 415 in @utf8InCpp String sourceAddress, 416 in @utf8InCpp String destinationAddress, 417 int spi); 418 419 /** 420 * Remove an IPsec SA from a given socket. This will allow unencrypted traffic to flow 421 * on that socket if a transform had been previously applied. 422 * 423 * @param socket a user-provided socket from which to remove any IPsec configuration 424 */ ipSecRemoveTransportModeTransform( in FileDescriptor socket)425 void ipSecRemoveTransportModeTransform( 426 in FileDescriptor socket); 427 428 /** 429 * Adds an IPsec global policy. 430 * 431 * @param transformId a unique identifier for allocated resources 432 * @param direction DIRECTION_IN or DIRECTION_OUT 433 * @param sourceAddress InetAddress as string for the sending endpoint 434 * @param destinationAddress InetAddress as string for the receiving endpoint 435 * @param spi a 32-bit unique ID allocated to the user 436 * @param markValue a 32-bit unique ID chosen by the user 437 * @param markMask a 32-bit mask chosen by the user 438 */ ipSecAddSecurityPolicy( int transformId, int direction, in @utf8InCpp String sourceAddress, in @utf8InCpp String destinationAddress, int spi, int markValue, int markMask)439 void ipSecAddSecurityPolicy( 440 int transformId, 441 int direction, 442 in @utf8InCpp String sourceAddress, 443 in @utf8InCpp String destinationAddress, 444 int spi, 445 int markValue, 446 int markMask); 447 448 /** 449 * Updates an IPsec global policy. 450 * 451 * @param transformId a unique identifier for allocated resources 452 * @param direction DIRECTION_IN or DIRECTION_OUT 453 * @param sourceAddress InetAddress as string for the sending endpoint 454 * @param destinationAddress InetAddress as string for the receiving endpoint 455 * @param spi a 32-bit unique ID allocated to the user 456 * @param markValue a 32-bit unique ID chosen by the user 457 * @param markMask a 32-bit mask chosen by the user 458 */ ipSecUpdateSecurityPolicy( int transformId, int direction, in @utf8InCpp String sourceAddress, in @utf8InCpp String destinationAddress, int spi, int markValue, int markMask)459 void ipSecUpdateSecurityPolicy( 460 int transformId, 461 int direction, 462 in @utf8InCpp String sourceAddress, 463 in @utf8InCpp String destinationAddress, 464 int spi, 465 int markValue, 466 int markMask); 467 468 /** 469 * Deletes an IPsec global policy. 470 * 471 * @param transformId a unique identifier for allocated resources 472 * @param direction DIRECTION_IN or DIRECTION_OUT 473 * @param sourceAddress InetAddress as string for the sending endpoint 474 * @param destinationAddress InetAddress as string for the receiving endpoint 475 * @param markValue a 32-bit unique ID chosen by the user 476 * @param markMask a 32-bit mask chosen by the user 477 */ ipSecDeleteSecurityPolicy( int transformId, int direction, in @utf8InCpp String sourceAddress, in @utf8InCpp String destinationAddress, int markValue, int markMask)478 void ipSecDeleteSecurityPolicy( 479 int transformId, 480 int direction, 481 in @utf8InCpp String sourceAddress, 482 in @utf8InCpp String destinationAddress, 483 int markValue, 484 int markMask); 485 486 // This could not be declared as @uft8InCpp; thus, when used in native code it must be 487 // converted from a UTF-16 string to an ASCII string. 488 const String IPSEC_INTERFACE_PREFIX = "ipsec"; 489 490 /** 491 * Add a Virtual Tunnel Interface. 492 * 493 * @param devName a unique identifier that represents the name of the device 494 * @param localAddress InetAddress as string for the local endpoint 495 * @param remoteAddress InetAddress as string for the remote endpoint 496 * @param iKey, to match Policies and SAs for input packets. 497 * @param oKey, to match Policies and SAs for output packets. 498 */ addVirtualTunnelInterface( in @tf8InCpp String deviceName, in @utf8InCpp String localAddress, in @utf8InCpp String remoteAddress, int iKey, int oKey)499 void addVirtualTunnelInterface( 500 in @utf8InCpp String deviceName, 501 in @utf8InCpp String localAddress, 502 in @utf8InCpp String remoteAddress, 503 int iKey, 504 int oKey); 505 506 /** 507 * Update a Virtual Tunnel Interface. 508 * 509 * @param devName a unique identifier that represents the name of the device 510 * @param localAddress InetAddress as string for the local endpoint 511 * @param remoteAddress InetAddress as string for the remote endpoint 512 * @param iKey, to match Policies and SAs for input packets. 513 * @param oKey, to match Policies and SAs for output packets. 514 */ updateVirtualTunnelInterface( in @tf8InCpp String deviceName, in @utf8InCpp String localAddress, in @utf8InCpp String remoteAddress, int iKey, int oKey)515 void updateVirtualTunnelInterface( 516 in @utf8InCpp String deviceName, 517 in @utf8InCpp String localAddress, 518 in @utf8InCpp String remoteAddress, 519 int iKey, 520 int oKey); 521 522 /** 523 * Removes a Virtual Tunnel Interface. 524 * 525 * @param devName a unique identifier that represents the name of the device 526 */ removeVirtualTunnelInterface(in @tf8InCpp String deviceName)527 void removeVirtualTunnelInterface(in @utf8InCpp String deviceName); 528 529 /** 530 * Request notification of wakeup packets arriving on an interface. Notifications will be 531 * delivered to INetdEventListener.onWakeupEvent(). 532 * 533 * @param ifName the interface 534 * @param prefix arbitrary string used to identify wakeup sources in onWakeupEvent 535 */ wakeupAddInterface(in @tf8InCpp String ifName, in @utf8InCpp String prefix, int mark, int mask)536 void wakeupAddInterface(in @utf8InCpp String ifName, in @utf8InCpp String prefix, int mark, int mask); 537 538 /** 539 * Stop notification of wakeup packets arriving on an interface. 540 * 541 * @param ifName the interface 542 * @param prefix arbitrary string used to identify wakeup sources in onWakeupEvent 543 */ wakeupDelInterface(in @tf8InCpp String ifName, in @utf8InCpp String prefix, int mark, int mask)544 void wakeupDelInterface(in @utf8InCpp String ifName, in @utf8InCpp String prefix, int mark, int mask); 545 546 const int IPV6_ADDR_GEN_MODE_EUI64 = 0; 547 const int IPV6_ADDR_GEN_MODE_NONE = 1; 548 const int IPV6_ADDR_GEN_MODE_STABLE_PRIVACY = 2; 549 const int IPV6_ADDR_GEN_MODE_RANDOM = 3; 550 551 const int IPV6_ADDR_GEN_MODE_DEFAULT = 0; 552 /** 553 * Set IPv6 address generation mode. IPv6 should be disabled before changing mode. 554 * 555 * @param mode SLAAC address generation mechanism to use 556 */ setIPv6AddrGenMode(in @tf8InCpp String ifName, int mode)557 void setIPv6AddrGenMode(in @utf8InCpp String ifName, int mode); 558 559 /** 560 * Query the netd service to know if the eBPF traffic stats accounting service is currently 561 * running on the device. 562 */ trafficCheckBpfStatsEnable()563 boolean trafficCheckBpfStatsEnable(); 564 } 565