Android Netd分析

1.文章介绍

Netd模块是Android中专门负责网络管理和控制的后台守护进程,本篇文章主要分析Netd的工作流程,对Netd有一个在框架层次上的理解。

2.干货

1.Netd模块源码位置

源码位置根目录/system/netd/

2.入口函数

/system/netd/main.cpp

int main() {

    CommandListener *cl;
    NetlinkManager *nm;
    DnsProxyListener *dpl;
    MDnsSdListener *mdnsl;
    blockSigpipe();
    if (!(nm = NetlinkManager::Instance())) {
        ALOGE("Unable to create NetlinkManager");
        exit(1);
    };
    UidMarkMap *rangeMap = new UidMarkMap();
    cl = new CommandListener(rangeMap);
    nm->setBroadcaster((SocketListener *) cl);

    if (nm->start()) {
        ALOGE("Unable to start NetlinkManager (%s)", strerror(errno));
        exit(1);
    }
    setenv("ANDROID_DNS_MODE", "local", 1);
    dpl = new DnsProxyListener(rangeMap);
    if (dpl->startListener()) {
        ALOGE("Unable to start DnsProxyListener (%s)", strerror(errno));
        exit(1);
    }

    mdnsl = new MDnsSdListener();
    if (mdnsl->startListener()) {
        ALOGE("Unable to start MDnsSdListener (%s)", strerror(errno));
        exit(1);
    }
    /*
     * Now that we're up, we can respond to commands
     */
    if (cl->startListener()) {
        ALOGE("Unable to start CommandListener (%s)", strerror(errno));
        exit(1);
    }

    // Eventually we'll become the monitoring thread
    while(1) {
        sleep(1000);
    }

    ALOGI("Netd exiting");
    exit(0);
}

可以看出以下类的重要性:

    NetlinkManager *nm;
    CommandListener *cl;

DnsProxyListener、MDnsSdListener涉及到Android DNS模块的处理,本文暂不作分析。

1.NetlinkManager分析

首先了解下NetLink是什么,在linux下NetLink是一个异步通信机制的socket,区别于系统调用和ioctl的同步调用机制。
可以看到/system/netd/NetlinkManager .cpp这种懒汉单实例模式:

NetlinkManager *NetlinkManager::sInstance = NULL;
NetlinkManager *NetlinkManager::Instance() {
    if (!sInstance)
        sInstance = new NetlinkManager();
    return sInstance;
}

NetlinkHandler *NetlinkManager::setupSocket(int *sock, int netlinkFamily,
    int groups, int format) {

    struct sockaddr_nl nladdr;
    int sz = 64 * 1024;
    int on = 1;

    memset(&nladdr, 0, sizeof(nladdr));
    nladdr.nl_family = AF_NETLINK;
    nladdr.nl_pid = getpid();
    nladdr.nl_groups = groups;

    if ((*sock = socket(PF_NETLINK, SOCK_DGRAM, netlinkFamily)) < 0) {
        ALOGE("Unable to create netlink socket: %s", strerror(errno));
        return NULL;
    }
    if (setsockopt(*sock, SOL_SOCKET, SO_RCVBUFFORCE, &sz, sizeof(sz)) < 0) {
        ALOGE("Unable to set uevent socket SO_RCVBUFFORCE option: %s", strerror(errno));
        close(*sock);
        return NULL;
    }

    if (setsockopt(*sock, SOL_SOCKET, SO_PASSCRED, &on, sizeof(on)) < 0) {
        SLOGE("Unable to set uevent socket SO_PASSCRED option: %s", strerror(errno));
        close(*sock);
        return NULL;
    }

    if (bind(*sock, (struct sockaddr *) &nladdr, sizeof(nladdr)) < 0) {
        ALOGE("Unable to bind netlink socket: %s", strerror(errno));
        close(*sock);
        return NULL;
    }

    NetlinkHandler *handler = new NetlinkHandler(this, *sock, format);
    if (handler->start()) {
        ALOGE("Unable to start NetlinkHandler: %s", strerror(errno));
        close(*sock);
        return NULL;
    }

    return handler;
}

int NetlinkManager::start() {
    if ((mUeventHandler = setupSocket(&mUeventSock, NETLINK_KOBJECT_UEVENT,
         0xffffffff, NetlinkListener::NETLINK_FORMAT_ASCII)) == NULL) {
        return -1;
    }

    if ((mRouteHandler = setupSocket(&mRouteSock, NETLINK_ROUTE,
                                     RTMGRP_LINK |
                                     RTMGRP_IPV4_IFADDR |
                                     RTMGRP_IPV6_IFADDR,
         NetlinkListener::NETLINK_FORMAT_BINARY)) == NULL) {
        return -1;
    }

    if ((mQuotaHandler = setupSocket(&mQuotaSock, NETLINK_NFLOG,
        NFLOG_QUOTA_GROUP, NetlinkListener::NETLINK_FORMAT_BINARY)) == NULL) {
        ALOGE("Unable to open quota2 logging socket");
        // TODO: return -1 once the emulator gets a new kernel.
    }

    return 0;
}

NetlinkManager主要是向kernel注册三个用于接收UEvent事件的socket
1.NETLINK_KOBJECT_UEVENT
一般是/sys/class/net模块下的加载和卸载消息
2.RTMGRP_LINK、RTMGRP_IPV4_IFADDR、RTMGRP_IPV6_IFADDR
一般是网络链路接通或断开时的消息
3.NETLINK_NFLOG
一般和带宽控制有关
从上面源码中可以看到三个UEvent事件分别对应了mUeventHandler 、mRouteHandler 、mQuotaHandler,而这三个事件在Netd模块都声明为NetlinkHandler。

void NetlinkHandler::onEvent(NetlinkEvent *evt) {
    const char *subsys = evt->getSubsystem();
    if (!subsys) {
        ALOGW("No subsystem found in netlink event");
        return;
    }
    if (!strcmp(subsys, "net")) {
        int action = evt->getAction();
        const char *iface = evt->findParam("INTERFACE");

        if (action == evt->NlActionAdd) {
            notifyInterfaceAdded(iface);
        }
        ...
    }
}

NetlinkHandler收到的socket消息就是通过onEvent回调处理的。
例如:

void NetlinkHandler::notifyInterfaceAdded(const char *name) {
    char msg[255];
    snprintf(msg, sizeof(msg), "Iface added %s", name);

    mNm->getBroadcaster()->sendBroadcast(ResponseCode::InterfaceChange,
            msg, false);
}

这里间接调用了SocketListener发送一个消息。
源码位置:\system\core\libsysutils\src:

img

void SocketListener::init(const char *socketName, int socketFd, bool listen, bool useCmdNum) {
    mListen = listen;
    mSocketName = socketName;
    mSock = socketFd;
    mUseCmdNum = useCmdNum;
    pthread_mutex_init(&mClientsLock, NULL);
    mClients = new SocketClientCollection();
}

int SocketListener::startListener() {
    ...
    if (pthread_create(&mThread, NULL, SocketListener::threadStart, this)) {
        SLOGE("pthread_create (%s)", strerror(errno));
        return -1;
    }
    return 0;
}

void *SocketListener::threadStart(void *obj) {
    SocketListener *me = reinterpret_cast<SocketListener *>(obj);

    me->runListener();
    pthread_exit(NULL);
    return NULL;
}

void SocketListener::sendBroadcast(int code, const char *msg, bool addErrno) {
    pthread_mutex_lock(&mClientsLock);
    SocketClientCollection::iterator i;

    for (i = mClients->begin(); i != mClients->end(); ++i) {
        // broadcasts are unsolicited and should not include a cmd number
        if ((*i)->sendMsg(code, msg, addErrno, false)) {
            SLOGW("Error sending broadcast (%s)", strerror(errno));
        }
    }
    pthread_mutex_unlock(&mClientsLock);
}

...

每一个SockectListener都会单独创建一个线程用于接收socket消息。当Kernel发送UEvent消息后,就可以通过子类onDataAvailable函数回调回去处理。

void SocketListener::runListener() {

    SocketClientCollection *pendingList = new SocketClientCollection();

    while(1) {
        SocketClientCollection::iterator it;
        fd_set read_fds;
        int rc = 0;
        int max = -1;

        FD_ZERO(&read_fds);

        if (mListen) {
            max = mSock;
            FD_SET(mSock, &read_fds);
        }
        ...
        if ((rc = select(max + 1, &read_fds, NULL, NULL, NULL)) < 0) {
        ...
        }
        if (!onDataAvailable(c) && mListen) {
            ...
        }
}

比如NetlinkListener是SocketListener的派生,在接收到Kernel的Uevent消息后,先通过NetlinkEvent解析消息,然后通过onEvent接口回调处理,在NetlinkHandler中最终江通过Broadcaster转发出去。

NetlinkListener::NetlinkListener(int socket) :
                            SocketListener(socket, false) {
    mFormat = NETLINK_FORMAT_ASCII;
}
bool NetlinkListener::onDataAvailable(SocketClient *cli)
{
    int socket = cli->getSocket();
    ssize_t count;
    uid_t uid = -1;
    count = TEMP_FAILURE_RETRY(uevent_kernel_multicast_uid_recv(
                                       socket, mBuffer, sizeof(mBuffer), &uid));
    if (count < 0) {
        if (uid > 0)
            LOG_EVENT_INT(65537, uid);
        SLOGE("recvmsg failed (%s)", strerror(errno));
        return false;
    }

    NetlinkEvent *evt = new NetlinkEvent();
    if (!evt->decode(mBuffer, count, mFormat)) {
        SLOGE("Error decoding NetlinkEvent");
    } else {
        onEvent(evt);
    }

    delete evt;
    return true;
}

从SocketListener::sendBroadcast方法中可以看到,消息是通过FrameworkClient转发的:

FrameworkClient::FrameworkClient(int socket) {
    mSocket = socket;
    pthread_mutex_init(&mWriteMutex, NULL);
}

int FrameworkClient::sendMsg(const char *msg) {
    int ret;
    if (mSocket < 0) {
        errno = EHOSTUNREACH;
        return -1;
    }

    pthread_mutex_lock(&mWriteMutex);
    ret = TEMP_FAILURE_RETRY(write(mSocket, msg, strlen(msg) +1));
    if (ret < 0) {
        SLOGW("Unable to send msg '%s' (%s)", msg, strerror(errno));
    }
    pthread_mutex_unlock(&mWriteMutex);
    return 0;
}

int FrameworkClient::sendMsg(const char *msg, const char *data) {
    size_t bufflen = strlen(msg) + strlen(data) + 1;
    char *buffer = (char *) alloca(bufflen);
    if (!buffer) {
        errno = -ENOMEM;
        return -1;
    }
    snprintf(buffer, bufflen, "%s%s", msg, data);
    return sendMsg(buffer);
}

而在Android Framework层的NetworkManagementService实现中,可以看到通过NativeDaemonConnector对netd的sockect监听,当FrameworkClient转发消息到socket时,NativeDaemonConnector就会取出消息然后通过java层的Observer转发出去,进而实现底层消息的上报:

    private static final String NETD_SOCKET_NAME = "netd";
    public static NetworkManagementService create(Context context) throws InterruptedException {
        return create(context, NETD_SOCKET_NAME);
    }

    static NetworkManagementService create(Context context,
            String socket) throws InterruptedException {
        final NetworkManagementService service = new NetworkManagementService(context, socket);
        final CountDownLatch connectedSignal = service.mConnectedSignal;
        if (DBG) Slog.d(TAG, "Creating NetworkManagementService");
        service.mThread.start();
        if (DBG) Slog.d(TAG, "Awaiting socket connection");
        connectedSignal.await();
        if (DBG) Slog.d(TAG, "Connected");
        return service;
    }

    private NetworkManagementService(Context context, String socket) {
        mContext = context;

        if ("simulator".equals(SystemProperties.get("ro.product.device"))) {
            return;
        }

        mConnector = new NativeDaemonConnector(
                new NetdCallbackReceiver(), socket, 10, NETD_TAG, 160);
        mThread = new Thread(mConnector, NETD_TAG);

        // Add ourself to the Watchdog monitors.
        Watchdog.getInstance().addMonitor(this);
    }

    private class NetdCallbackReceiver implements INativeDaemonConnectorCallbacks {
        ...
        @Override
        public boolean onEvent(int code, String raw, String[] cooked) {
             switch (code) {
             case NetdResponseCode.InterfaceChange:
                ...
             case NetdResponseCode.InterfaceClassActivity:
                    /*
                     * An network interface class state changed (active/idle)
                     * Format: "NNN IfaceClass <active/idle> <label>"
                     */
                    if (cooked.length < 4 || !cooked[1].equals("IfaceClass")) {
                        throw new IllegalStateException(
                                String.format("Invalid event from daemon (%s)", raw));
                    }
                    boolean isActive = cooked[2].equals("active");
                    notifyInterfaceClassActivity(cooked[3], isActive);
                    return true;
                ...
            }
        }
    }

    /**
     * Notify our observers of a change in the data activity state of the interface
     */
    private void notifyInterfaceClassActivity(String label, boolean active) {
        final int length = mObservers.beginBroadcast();
        for (int i = 0; i < length; i++) {
            try {
                mObservers.getBroadcastItem(i).interfaceClassDataActivityChanged(label, active);
            } catch (RemoteException e) {
            } catch (RuntimeException e) {
            }
        }
        mObservers.finishBroadcast();
    }
final class NativeDaemonConnector implements Runnable, Handler.Callback, Watchdog.Monitor {
    NativeDaemonConnector(INativeDaemonConnectorCallbacks callbacks, String socket,
            int responseQueueSize, String logTag, int maxLogSize) {
        mCallbacks = callbacks;
        mSocket = socket;
        mResponseQueue = new ResponseQueue(responseQueueSize);
        mSequenceNumber = new AtomicInteger(0);
        TAG = logTag != null ? logTag : "NativeDaemonConnector";
        mLocalLog = new LocalLog(maxLogSize);
    }

    @Override
    public void run() {
        mCallbackHandler = new Handler(FgThread.get().getLooper(), this);

        while (true) {
            try {
                listenToSocket();
            } catch (Exception e) {
                loge("Error in NativeDaemonConnector: " + e);
                SystemClock.sleep(5000);
            }
        }
    }

    private void listenToSocket() throws IOException {
        LocalSocket socket = null;
        try {
            socket = new LocalSocket();
            LocalSocketAddress address = determineSocketAddress();

            socket.connect(address);
            InputStream inputStream = socket.getInputStream();
            synchronized (mDaemonLock) {
                mOutputStream = socket.getOutputStream();
            }

            mCallbacks.onDaemonConnected();

            byte[] buffer = new byte[BUFFER_SIZE];
            int start = 0;

            while (true) {
              ...
              mCallbackHandler.sendMessage(mCallbackHandler.obtainMessage(
                                        event.getCode(), event.getRawEvent()));
              ...
           }
    }

Android Framework层核心类ConnectivityService中,事件的广播:

 public ConnectivityService(Context context, INetworkManagementService netManager,
            INetworkStatsService statsService, INetworkPolicyManager policyManager,
            NetworkFactory netFactory) {
       ...
       try {
            mNetd.registerObserver(mTethering);
            mNetd.registerObserver(mDataActivityObserver);
            mNetd.registerObserver(mClat);
        } catch (RemoteException e) {
            loge("Error registering observer :" + e);
        }
  }

   private INetworkManagementEventObserver mDataActivityObserver = new BaseNetworkObserver() {
        @Override
        public void interfaceClassDataActivityChanged(String label, boolean active) {
            int deviceType = Integer.parseInt(label);
            sendDataActivityBroadcast(deviceType, active);
        }
    };

    private void sendDataActivityBroadcast(int deviceType, boolean active) {
        Intent intent = new Intent(ConnectivityManager.ACTION_DATA_ACTIVITY_CHANGE);
        intent.putExtra(ConnectivityManager.EXTRA_DEVICE_TYPE, deviceType);
        intent.putExtra(ConnectivityManager.EXTRA_IS_ACTIVE, active);
        final long ident = Binder.clearCallingIdentity();
        try {
            mContext.sendOrderedBroadcastAsUser(intent, UserHandle.ALL,
                    RECEIVE_DATA_ACTIVITY_CHANGE, null, null, 0, null, null);
        } finally {
            Binder.restoreCallingIdentity(ident);
        }
    }
public class BaseNetworkObserver extends INetworkManagementEventObserver.Stub {
    @Override
    public void interfaceStatusChanged(String iface, boolean up) {
        // default no-op
    }

    @Override
    public void interfaceRemoved(String iface) {
        // default no-op
    }

    @Override
    public void addressUpdated(String address, String iface, int flags, int scope) {
        // default no-op
    }
    @Override
    public void addressRemoved(String address, String iface, int flags, int scope) {
        // default no-op
    }

    @Override
    public void interfaceLinkStateChanged(String iface, boolean up) {
        // default no-op
    }

    @Override
    public void interfaceAdded(String iface) {
        // default no-op
    }

    @Override
    public void interfaceClassDataActivityChanged(String label, boolean active) {
        // default no-op
    }

    @Override
    public void limitReached(String limitName, String iface) {
        // default no-op
    }
}

分析到这一步,已经可以看到sendOrderedBroadcastAsUser这个接口,同学你应该很开心了吧!其他如interfaceAdded、interfaceRemoved、interfaceStatusChanged、interfaceLinkStateChanged等接口的事件上报亦可以按以上思路在源码中找到对应的实现。

以下是参考了深入理解Andoriod卷画的NetLinkManager工作流程图:

img

2.CommandListener

主要作用是把从Framework层NetworkManageService接收的指令转交到对应的指令对象去处理。

CommandListener::CommandListener(UidMarkMap *map) :
                 FrameworkListener("netd", true) {
    registerCmd(new InterfaceCmd());
    registerCmd(new IpFwdCmd());
    registerCmd(new TetherCmd());
    registerCmd(new NatCmd());
    registerCmd(new ListTtysCmd());
    registerCmd(new PppdCmd());
    registerCmd(new SoftapCmd());
    registerCmd(new BandwidthControlCmd());
    registerCmd(new IdletimerControlCmd());
    registerCmd(new ResolverCmd());
    registerCmd(new FirewallCmd());
    registerCmd(new ClatdCmd());
    registerCmd(new SambaControlCmd());
    registerCmd(new TraceRouteControlCmd());
    registerCmd(new BridgeControlCmd());
    if (!sSecondaryTableCtrl)
        sSecondaryTableCtrl = new SecondaryTableController(map);
    if (!sTetherCtrl)
        sTetherCtrl = new TetherController();
    if (!sNatCtrl)
        sNatCtrl = new NatController(sSecondaryTableCtrl);
    if (!sPppCtrl)
        sPppCtrl = new PppController();
    if (!sSoftapCtrl)
        sSoftapCtrl = new SoftapController();
    if (!sBandwidthCtrl)
        sBandwidthCtrl = new BandwidthController();
    if (!sIdletimerCtrl)
        sIdletimerCtrl = new IdletimerController();
    if (!sResolverCtrl)
        sResolverCtrl = new ResolverController();
    if (!sFirewallCtrl)
        sFirewallCtrl = new FirewallController();
    if (!sInterfaceCtrl)
        sInterfaceCtrl = new InterfaceController();
    if (!sClatdCtrl)
        sClatdCtrl = new ClatdController();
    if (!sSambaCtrl)
        sSambaCtrl = new SambaController();
    if (!sTraceRouteCtrl)
        sTraceRouteCtrl = new TraceRouteController();
    if (!sBridgeCtrl)
        sBridgeCtrl = new BridgeController();
    // Create chains for children modules
    createChildChains(V4V6, "filter", "INPUT", FILTER_INPUT);
    createChildChains(V4V6, "filter", "FORWARD", FILTER_FORWARD);
    createChildChains(V4V6, "filter", "OUTPUT", FILTER_OUTPUT);
    createChildChains(V4V6, "raw", "PREROUTING", RAW_PREROUTING);
    createChildChains(V4V6, "mangle", "POSTROUTING", MANGLE_POSTROUTING);
    createChildChains(V4V6, "mangle", "OUTPUT", MANGLE_OUTPUT);
    createChildChains(V4, "nat", "PREROUTING", NAT_PREROUTING);
    createChildChains(V4, "nat", "POSTROUTING", NAT_POSTROUTING);

    // Let each module setup their child chains
    setupOemIptablesHook();
    sFirewallCtrl->setupIptablesHooks();

    /* Does DROPs in FORWARD by default */
    sNatCtrl->setupIptablesHooks();
    /*
     * Does REJECT in INPUT, OUTPUT. Does counting also.
     * No DROP/REJECT allowed later in netfilter-flow hook order.
     */
    sBandwidthCtrl->setupIptablesHooks();
    /*
     * Counts in nat: PREROUTING, POSTROUTING.
     * No DROP/REJECT allowed later in netfilter-flow hook order.
     */
    sIdletimerCtrl->setupIptablesHooks();

    sBandwidthCtrl->enableBandwidthControl(false);

    sSecondaryTableCtrl->setupIptablesHooks();
}

CommandListener是从FrameworkListener派生,在FrameworkListener内部有一个数组mCommands来存储注册到FrameworkListener中的命令处理对象。

FrameworkListener从SocketListener派生,在第一节分析SocketListener时就已经说过每一个SocketListener就是一个单独的线程用于接收sockect消息,当接收到sockect端消息时,就会回调onDataAvailable接口:

FrameworkListener::FrameworkListener(const char *socketName, bool withSeq) :
                            SocketListener(socketName, true, withSeq) {
    init(socketName, withSeq);
}

void FrameworkListener::registerCmd(FrameworkCommand *cmd) {
    mCommands->push_back(cmd);
}

bool FrameworkListener::onDataAvailable(SocketClient *c) {
    ...
    dispatchCommand(c, buffer + offset);
    ...
}

void FrameworkListener::dispatchCommand(SocketClient *cli, char *data) {
    ...
        FrameworkCommand *c = *i;
        if (!strcmp(argv[0], c->getCommand())) {
            if (c->runCommand(cli, argc, argv)) {
                SLOGW("Handler '%s' error (%s)", c->getCommand(), strerror(errno));
            }
            goto out;
        }
    ...
}

从CommandListener源码中可以看到类似InterfaceCmd、IpFwdCmd等和网络相关的Command类,这些类都是从NetdCommand派生的:

CommandListener::InterfaceCmd::InterfaceCmd() :
                 NetdCommand("interface") {
}

int CommandListener::InterfaceCmd::runCommand(SocketClient *cli,
                                                      int argc, char **argv) {
    if (argc < 2) {
        cli->sendMsg(ResponseCode::CommandSyntaxError, "Missing argument", false);
        return 0;
    }

    if (!strcmp(argv[1], "list")) {
    ...
}

CommandListener::IpFwdCmd::IpFwdCmd() :
                 NetdCommand("ipfwd") {
}

int CommandListener::IpFwdCmd::runCommand(SocketClient *cli,
                                                      int argc, char **argv) {
    int rc = 0;
    char value[PROPERTY_VALUE_MAX];

    if (argc < 2) {
        cli->sendMsg(ResponseCode::CommandSyntaxError, "Missing argument", false);
        return 0;
    }

    if (!strcmp(argv[1], "status")) {
    ...
}
...

而NetdCommand又是从FrameworkCommand派生的:

NetdCommand::NetdCommand(const char *cmd) :
              FrameworkCommand(cmd)  {
}
class FrameworkCommand { 
private:
    const char *mCommand;

public:

    FrameworkCommand(const char *cmd);
    virtual ~FrameworkCommand() { }

    virtual int runCommand(SocketClient *c, int argc, char **argv) = 0;

    const char *getCommand() { return mCommand; }
};
#include <sysutils/FrameworkCommand.h>

FrameworkCommand::FrameworkCommand(const char *cmd) {
    mCommand = cmd;
}

int FrameworkCommand::runCommand(SocketClient *c, int argc, char **argv) {
    SLOGW("Command %s has no run handler!", getCommand());
    errno = ENOSYS;
    return -1;
}

因此,当Framework中有类似interface、ipfwd、softap等sockect指令时,在netd模块中就会通过sockect的select查选到(可以看之前对SockectListener的分析),进而回调到FrameworkListener的OnDataAvialable接口,由于是派生的NetdCommand类,进而调用对应的runCommand接口,实现对指令的特殊处理。

img

Command指令

例如通过Android的系统设置打开AP热点(打开AP在Framework层的流程和源码本文暂不做分析),SoftapController.cpp:

#include <stdlib.h>
#include <errno.h>
#include <fcntl.h>
#include <string.h>

#include <sys/socket.h>
#include <sys/stat.h>
#include <sys/ioctl.h>
#include <sys/types.h>
#include <sys/wait.h>

#include <netinet/in.h>
#include <arpa/inet.h>

#include <linux/wireless.h>

#include <openssl/evp.h>
#include <openssl/sha.h>

#define LOG_TAG "SoftapController"
#include <cutils/log.h>
#include <netutils/ifc.h>
#include <private/android_filesystem_config.h>
#include "wifi.h"
#include "ResponseCode.h"

#include "SoftapController.h"
static const char HOSTAPD_CONF_FILE[]    = "/data/misc/wifi/hostapd.conf";
static const char HOSTAPD_BIN_FILE[]    = "/system/bin/hostapd";
SoftapController::SoftapController() {
    mPid = 0;
    mSock = socket(AF_INET, SOCK_DGRAM, 0);
    if (mSock < 0)
        ALOGE("Failed to open socket");
    memset(mIface, 0, sizeof(mIface));
}

SoftapController::~SoftapController() {
}

int SoftapController::startSoftap() {
    pid_t pid = 1;

    int wifi_device = wifi_get_device_id();
    if (WIFI_RALINK_RT3070 == wifi_device || WIFI_RALINK_RT5370 == wifi_device
      || WIFI_RALINK_RT5372 == wifi_device || WIFI_RALINK_RT5572 == wifi_device
      || WIFI_RALINK_MT7601U == wifi_device)
        return 0;
    if (mPid) {
        ALOGE("SoftAP is already running");
        return ResponseCode::SoftapStatusResult;
    }

    if ((pid = fork()) < 0) {
        ALOGE("fork failed (%s)", strerror(errno));
        return ResponseCode::ServiceStartFailed;
    }
    if (!pid) {
        ensure_entropy_file_exists();
        if (execl(HOSTAPD_BIN_FILE, HOSTAPD_BIN_FILE,
                  "-e", WIFI_ENTROPY_FILE,
                  HOSTAPD_CONF_FILE, (char *) NULL)) {
            ALOGE("execl failed (%s)", strerror(errno));
        }
        ALOGE("SoftAP failed to start");
        return ResponseCode::ServiceStartFailed;
    } else {
        mPid = pid;
        ALOGD("SoftAP started successfully");
        usleep(AP_BSS_START_DELAY);
    }
    return ResponseCode::SoftapStatusResult;
}

int SoftapController::stopSoftap() {

    int wifi_device = wifi_get_device_id();
    if (WIFI_RALINK_RT3070 == wifi_device || WIFI_RALINK_RT5370 == wifi_device
      || WIFI_RALINK_RT5372 == wifi_device || WIFI_RALINK_RT5572 == wifi_device
      || WIFI_RALINK_MT7601U == wifi_device) {
        struct ifreq ifr;
        int  s;
        /* configure WiFi interface down */
        memset(&ifr, 0, sizeof(struct ifreq));
        strcpy(ifr.ifr_name, mIface);

        if((s = socket(AF_INET, SOCK_DGRAM, 0)) >= 0) {
            if(ioctl(s, SIOCGIFFLAGS, &ifr) >= 0) {
                ifr.ifr_flags = (ifr.ifr_flags & (~IFF_UP));
                ioctl(s, SIOCSIFFLAGS, &ifr);
            }
            close(s);
        }
        usleep(200000);
        return 0;
    }

    if (mPid == 0) {
        ALOGE("SoftAP is not running");
        return ResponseCode::SoftapStatusResult;
    }

    ALOGD("Stopping the SoftAP service...");
    kill(mPid, SIGTERM);
    waitpid(mPid, NULL, 0);

    mPid = 0;
    ALOGD("SoftAP stopped successfully");
    usleep(AP_BSS_STOP_DELAY);
    return ResponseCode::SoftapStatusResult;
}

bool SoftapController::isSoftapStarted() {
    return (mPid != 0);
}

/* configure softap by sending private ioctls to driver directly */
int SoftapController::ap_config_with_iwpriv_cmd(int s, char *ifname, char **argv)
{
    char tBuf[4096];
    struct iwreq wrq;
    struct iw_priv_args *priv_ptr;
    int i, j;
    int cmd = 0, sub_cmd = 0;
    int device_id;
    char mBuf[256];
    int hidden_ssid = 0;

    device_id = wifi_get_device_id();

    /* get all private commands that driver supported */
    strncpy(wrq.ifr_name, ifname, sizeof(wrq.ifr_name));
    wrq.u.data.pointer = tBuf;
    wrq.u.data.length = sizeof(tBuf) / sizeof(struct iw_priv_args);
    wrq.u.data.flags = 0;
    if (ioctl(s, SIOCGIWPRIV, &wrq) < 0) {
        return -1;
    }

    /* if driver don't support 'set' command, return failure */
    priv_ptr = (struct iw_priv_args *)wrq.u.data.pointer;
    for(i = 0; i < wrq.u.data.length; i++) {
        if (strcmp(priv_ptr[i].name, "set") == 0) {
            cmd = priv_ptr[i].cmd;
            break;
        }
    }
    if (i == wrq.u.data.length) {
        return -1;
    }

    /* get the 'set' command's ID */
    if (cmd < SIOCDEVPRIVATE) {
        for(j = 0; j < i; j++) {
            if ((priv_ptr[j].set_args == priv_ptr[i].set_args)
                && (priv_ptr[j].get_args == priv_ptr[i].get_args)
                && (priv_ptr[j].name[0] == '\0'))
                break;
        }
        if (j == i) {
            return -1;
        }
        sub_cmd = cmd;
        cmd = priv_ptr[j].cmd;
    }

    /* configure AP, order should be as follow
     *   1. Channel
     *   2. AuthMode
     *   3. EncrypType
     * for WPAPSK/WPA2PSK:
     *   4.Hidden/Broadcast SSID
     *   5. SSID (must after AuthMode and before Password)
     *   6. Password
     */
    strncpy(wrq.ifr_name, ifname, sizeof(wrq.ifr_name));
    wrq.u.data.pointer = mBuf;
    wrq.u.data.flags = sub_cmd;

    /* configure Channel */
    sprintf(mBuf, "Channel=%s", argv[2]);
    wrq.u.data.length = strlen(mBuf) + 1;
    if(ioctl(s, cmd, &wrq) < 0)
        return -1;

    /* configure AuthMode */
    if(!strcmp(argv[3], "wpa-psk"))
        sprintf(mBuf, "AuthMode=WPAPSK");
    else if (!strcmp(argv[3], "wpa2-psk"))
        sprintf(mBuf, "AuthMode=WPA2PSK");
    else
        sprintf(mBuf, "AuthMode=OPEN");
    wrq.u.data.length = strlen(mBuf) + 1;
    if(ioctl(s, cmd, &wrq) < 0)
        return -1;

    /* configure EncrypType */
    if (!strcmp(argv[3], "wpa-psk"))
        sprintf(mBuf, "EncrypType=AES");
    else if (!strcmp(argv[3], "wpa2-psk"))
        sprintf(mBuf, "EncrypType=AES");
    else
        sprintf(mBuf, "EncrypType=NONE");
    wrq.u.data.length = strlen(mBuf) + 1;
    if(ioctl(s, cmd, &wrq) < 0)
        return -1;

    /* configure hide SSID */
    if (!strcmp(argv[1], "hidden"))
        hidden_ssid = 1;
    sprintf(mBuf, "HideSSID=%d", hidden_ssid);
    wrq.u.data.length = strlen(mBuf) + 1;
    if(ioctl(s, cmd, &wrq) < 0)
        return -1;

    /* configure SSID */
    sprintf(mBuf, "SSID=%s", argv[0]);
    wrq.u.data.length = strlen(mBuf) + 1;
    if(ioctl(s, cmd, &wrq) < 0)
        return -1;

    /* configure password of WPAPSK/WPA2PSK */
    if (strcmp(argv[3], "open")) {
        sprintf(mBuf, "WPAPSK=%s", argv[4]);
        wrq.u.data.length = strlen(mBuf) + 1;
        if(ioctl(s, cmd, &wrq) < 0)
            return -1;

        if (device_id == WIFI_RALINK_MT7601U) {
            /* for MT7601U, configure SSID again */
            sprintf(mBuf, "SSID=%s", argv[0]);
            wrq.u.data.length = strlen(mBuf) + 1;
            if(ioctl(s, cmd, &wrq) < 0)
                return -1;
        }
    }

    return 0;
}

/*
 * Arguments:
 *  argv[2] - wlan interface
 *  argv[3] - SSID
 *  argv[4] - Broadcast/Hidden
 *  argv[5] - Channel
 *  argv[6] - Security
 *  argv[7] - Key
 */
int SoftapController::setSoftap(int argc, char *argv[]) {
    char psk_str[2*SHA256_DIGEST_LENGTH+1];
    int ret = ResponseCode::SoftapStatusResult;
    int i = 0;
    int fd;
    int hidden = 0;
    int channel = AP_CHANNEL_DEFAULT;
    int wifi_device;
    char hw_mode;
    char ht40_capab[32];
    char *wbuf = NULL;
    char *fbuf = NULL;

    if (argc < 5) {
        ALOGE("Softap set is missing arguments. Please use:");
        ALOGE("softap <wlan iface> <SSID> <hidden/broadcast> <channel> <wpa2?-psk|open> <passphrase>");
        return ResponseCode::CommandSyntaxError;
    }
        wifi_device = wifi_get_device_id();

    if (!strcasecmp(argv[4], "hidden")) {
        if (WIFI_ATHEROS_QCA1021X == wifi_device || WIFI_ATHEROS_QCA1021G == wifi_device
            || WIFI_ATHEROS_AR9374 == wifi_device)
            hidden = 2;
        else
            hidden = 1;
    }

    if (argc >= 5) {
        channel = atoi(argv[5]);
        if (channel <= 0)
            channel = AP_CHANNEL_DEFAULT;
    }
    memset(ht40_capab, 0, sizeof(ht40_capab));
    if (channel >= 36) {
        int ht40plus[] = {36, 44, 52, 60, 100, 108, 116, 124,
                             132, 149, 157};
        int ht40minus[] = {40, 48, 56, 64, 104, 112, 120, 128,
                              136, 153, 161};

        hw_mode = 'a';

        for (i = 0; i < sizeof(ht40plus)/sizeof(ht40plus[0]); i++)
            if (channel == ht40plus[i]) {
                strcpy(ht40_capab, "[SHORT-GI-40][HT40+]");
                break;
            }

        for (i = 0; i < sizeof(ht40minus)/sizeof(ht40minus[0]); i++)
            if (channel == ht40minus[i]) {
                strcpy(ht40_capab, "[SHORT-GI-40][HT40-]");
                break;
            }
    } else {
        hw_mode = 'g';

        if (channel > 7)
            strcpy(ht40_capab, "[SHORT-GI-40][HT40-]");
        else
            strcpy(ht40_capab, "[SHORT-GI-40][HT40+]");
    }

    char *ssid, *iface;

    if (mSock < 0) {
        ALOGE("Softap set - failed to open socket");
        return -1;
    }

    strncpy(mIface, argv[2], sizeof(mIface));
    iface = argv[2];
    if (WIFI_RALINK_RT3070 == wifi_device || WIFI_RALINK_RT5370 == wifi_device
       || WIFI_RALINK_RT5372 == wifi_device || WIFI_RALINK_RT5572 == wifi_device
       || WIFI_RALINK_MT7601U == wifi_device) {
        struct ifreq ifr;
        int s;

        /* RT3070/5370/5372/MT7601U don't use hostapd, driver reads RT2870AP.dat
         * and configures WiFi to AP mode while intialize. After initialization
         * complete, configure WiFi interface up will startup AP. Then
         * reconfigure AP by private commands.
         */
        memset(&ifr, 0, sizeof(struct ifreq));
        strcpy(ifr.ifr_name, iface);
        if((s = socket(AF_INET, SOCK_DGRAM, 0)) >= 0) {
            if(ioctl(s, SIOCGIFFLAGS, &ifr) >= 0) {
                ifr.ifr_flags = (ifr.ifr_flags | IFF_UP);
                if (ioctl(s, SIOCSIFFLAGS, &ifr) >= 0) {
                    ret = ap_config_with_iwpriv_cmd(s, iface, argv + 3);
                }
            }
            close(s);
        }
        return 0;
    }

    if (argc < 4) {
        ALOGE("Softap set - missing arguments");
        return -1;
    }

    if (argc > 3) {
        ssid = argv[3];
    } else {
        ssid = (char *)"AndroidAP";
    }
    asprintf(&wbuf, "interface=%s\ndriver=nl80211\nctrl_interface="
            "/data/misc/wifi/hostapd\nssid=%s\nchannel=%d\nieee80211n=1\n"
            "hw_mode=%c\nht_capab=[SHORT-GI-20]%s\nignore_broadcast_ssid=%d\n",
            argv[2], argv[3], channel, hw_mode, ht40_capab, hidden);

    if (argc > 7) {
        if (!strcmp(argv[6], "wpa-psk")) {
            generatePsk(argv[3], argv[7], psk_str);
            asprintf(&fbuf, "%swpa=1\nwpa_pairwise=TKIP CCMP\nwpa_psk=%s\n", wbuf, psk_str);
        } else if (!strcmp(argv[6], "wpa2-psk")) {
            generatePsk(argv[3], argv[7], psk_str);
            asprintf(&fbuf, "%swpa=2\nrsn_pairwise=CCMP\nwpa_psk=%s\n", wbuf, psk_str);
        } else if (!strcmp(argv[6], "open")) {
            asprintf(&fbuf, "%s", wbuf);
        }
    } else if (argc > 6) {
        if (!strcmp(argv[6], "open")) {
            asprintf(&fbuf, "%s", wbuf);
        }
    } else {
        asprintf(&fbuf, "%s", wbuf);
    }
    fd = open(HOSTAPD_CONF_FILE, O_CREAT | O_TRUNC | O_WRONLY | O_NOFOLLOW, 0660);
    if (fd < 0) {
        ALOGE("Cannot update \"%s\": %s", HOSTAPD_CONF_FILE, strerror(errno));
        free(wbuf);
        free(fbuf);
        return ResponseCode::OperationFailed;
    }
    if (write(fd, fbuf, strlen(fbuf)) < 0) {
        ALOGE("Cannot write to \"%s\": %s", HOSTAPD_CONF_FILE, strerror(errno));
        ret = ResponseCode::OperationFailed;
    }
    free(wbuf);
    free(fbuf);
    /* Note: apparently open can fail to set permissions correctly at times */
    if (fchmod(fd, 0660) < 0) {
        ALOGE("Error changing permissions of %s to 0660: %s",
                HOSTAPD_CONF_FILE, strerror(errno));
        close(fd);
        unlink(HOSTAPD_CONF_FILE);
        return ResponseCode::OperationFailed;
    }

    if (fchown(fd, AID_SYSTEM, AID_WIFI) < 0) {
        ALOGE("Error changing group ownership of %s to %d: %s",
                HOSTAPD_CONF_FILE, AID_WIFI, strerror(errno));
        close(fd);
        unlink(HOSTAPD_CONF_FILE);
        return ResponseCode::OperationFailed;
    }

    close(fd);
    return ret;
}

void SoftapController::generatePsk(char *ssid, char *passphrase, char *psk_str) {
    unsigned char psk[SHA256_DIGEST_LENGTH];
    int j;
    // Use the PKCS#5 PBKDF2 with 4096 iterations
    PKCS5_PBKDF2_HMAC_SHA1(passphrase, strlen(passphrase),
            reinterpret_cast<const unsigned char *>(ssid), strlen(ssid),
            4096, SHA256_DIGEST_LENGTH, psk);
    for (j=0; j < SHA256_DIGEST_LENGTH; j++) {
        sprintf(&psk_str[j*2], "%02x", psk[j]);
    }
}

首先可以看看SoftapController的startSoftap、stopSoftap、setSoftap接口,然后就可以联想到CommandListener源码中对Softap的处理,当接收到Framework层的set指令时调用的SoftapController的setSoftap,配置好AP参数后,Framework层再调用startap指令,就可以成功开启AP热点了。

int CommandListener::SoftapCmd::runCommand(SocketClient *cli,
                                        int argc, char **argv) {
    int rc = ResponseCode::SoftapStatusResult;
    int flag = 0;
    char *retbuf = NULL;

    if (sSoftapCtrl == NULL) {
      cli->sendMsg(ResponseCode::ServiceStartFailed, "SoftAP is not available", false);
      return -1;
    }
    if (argc < 2) {
        cli->sendMsg(ResponseCode::CommandSyntaxError,
                     "Missing argument in a SoftAP command", false);
        return 0;
    }
    if (!strcmp(argv[1], "startap")) {
        rc = sSoftapCtrl->startSoftap();
    } else if (!strcmp(argv[1], "stopap")) {
        rc = sSoftapCtrl->stopSoftap();
    } else if (!strcmp(argv[1], "fwreload")) {
        rc = sSoftapCtrl->fwReloadSoftap(argc, argv);
    } else if (!strcmp(argv[1], "status")) {
        asprintf(&retbuf, "Softap service %s running",
                 (sSoftapCtrl->isSoftapStarted() ? "is" : "is not"));
        cli->sendMsg(rc, retbuf, false);
        free(retbuf);
        return 0;
    } else if (!strcmp(argv[1], "set")) {
        rc = sSoftapCtrl->setSoftap(argc, argv);
    } else {
        cli->sendMsg(ResponseCode::CommandSyntaxError, "Unrecognized SoftAP command", false);
        return 0;
    }

    if (rc >= 400 && rc < 600)
      cli->sendMsg(rc, "SoftAP command has failed", false);
    else
      cli->sendMsg(rc, "Ok", false);

    return 0;
}

源码中在setSoftap时分为
1.使用ioctls接口配置驱动( RT3070/5370/5372/MT7601U don't use hostapd, driver reads RT2870AP.dat)
2.通过hostapd方式配置AP,即把AP配置写入/data/misc/wifi/hostapd.conf,在执行/system/bin/hostapd时读取配置
以下是参考了深入理解Andoriod卷画的CommandListener工作流程图:

img

CommandListener工作流程图

3.结束语

Netd进程本身的代码不多,但是涉及的面比较广。
链接:https://www.jianshu.com/p/f752b2019c97

posted @ 2021-08-02 18:45  鲸小鱼-  阅读(650)  评论(0编辑  收藏  举报