diff --git a/services/netmanagernative/include/netsys/netlink_socket_diag.h b/services/netmanagernative/include/netsys/netlink_socket_diag.h index 5e73ac1839367c0b4acee32afb2b8f09978d5b56..ebcb723896bc9810e97f3678c56ebf31d73e0317 100644 --- a/services/netmanagernative/include/netsys/netlink_socket_diag.h +++ b/services/netmanagernative/include/netsys/netlink_socket_diag.h @@ -55,6 +55,7 @@ public: */ int32_t SetSocketDestroyType(const std::string &netCapabilities); void DestroyLiveSocketsWithUid(const std::string &ipAddr, uint32_t uid); + void DestroyLiveSocketsWithUid(uint32_t uid); private: static bool InLookBack(uint32_t a); diff --git a/services/netmanagernative/src/manager/vnic_manager.cpp b/services/netmanagernative/src/manager/vnic_manager.cpp index 2a276925ff033c1ead5aacac33f592ca7cdef7eb..f16e323120dcbcfd9565f99d517e4b4164cff83e 100644 --- a/services/netmanagernative/src/manager/vnic_manager.cpp +++ b/services/netmanagernative/src/manager/vnic_manager.cpp @@ -30,6 +30,7 @@ #include "init_socket.h" #include "net_manager_constants.h" +#include "netlink_socket_diag.h" #include "netmanager_base_common_utils.h" #include "netnative_log_wrapper.h" #include "route_manager.h" @@ -325,15 +326,26 @@ int32_t VnicManager::CreateVnic(uint16_t mtu, const std::string &tunAddr, int32_ return NETMANAGER_ERROR; } + nmd::NetLinkSocketDiag socketDiag; + for (auto const &uid : uidRanges) { + NETNATIVE_LOG_D("CreateVnic uid %{public}d", (uint32_t)uid.begin_); + socketDiag.DestroyLiveSocketsWithUid((uint32_t)uid.begin_); + } + return NETMANAGER_SUCCESS; } int32_t VnicManager::DestroyVnic() { + nmd::NetLinkSocketDiag socketDiag; nmd::RouteManager::UpdateVnicUidRangesRule(uidRanges, false); - uidRanges.clear(); DelDefaultRoute(); DestroyVnicInterface(); + for (auto const &uid : uidRanges) { + NETNATIVE_LOG_D("DestroyVnic uid %{public}d", (uint32_t)uid.begin_); + socketDiag.DestroyLiveSocketsWithUid((uint32_t)uid.begin_); + } + uidRanges.clear(); return NETMANAGER_SUCCESS; } diff --git a/services/netmanagernative/src/netsys/netlink_socket_diag.cpp b/services/netmanagernative/src/netsys/netlink_socket_diag.cpp index 69fe019ee32849cb6675a9391ee4dd2b86d681fe..1ee80e9aeb74fa23bd056ca609f355cf86d04fd9 100644 --- a/services/netmanagernative/src/netsys/netlink_socket_diag.cpp +++ b/services/netmanagernative/src/netsys/netlink_socket_diag.cpp @@ -375,5 +375,33 @@ void NetLinkSocketDiag::DestroyLiveSocketsWithUid(const std::string &ipAddr, uin NETNATIVE_LOG_D("TCP-RST Destroyed %{public}d sockets", socketsDestroyed_); } + +void NetLinkSocketDiag::DestroyLiveSocketsWithUid(uint32_t uid) +{ + NETNATIVE_LOG_D("TCP-RST DestroyLiveSocketsWithUid, uid:%{public}d", uid); + if (!CreateNetlinkSocket()) { + NETNATIVE_LOGE("Create netlink diag socket failed."); + return; + } + auto needDestroy = [&] (const inet_diag_msg *msg) -> bool { + return msg != nullptr && uid == msg->idiag_uid && !IsLoopbackSocket(msg); + }; + const int32_t proto = IPPROTO_TCP; + const uint32_t states = (1 << TCP_ESTABLISHED) | (1 << TCP_SYN_SENT) | (1 << TCP_SYN_RECV); + for (const int family : {AF_INET, AF_INET6}) { + int32_t ret = SendSockDiagDumpRequest(proto, family, states); + if (ret != NETMANAGER_SUCCESS) { + NETNATIVE_LOGE("Failed to dump %{public}s sockets", family == AF_INET ? "IPv4" : "IPv6"); + break; + } + ret = ProcessSockDiagUidDumpResponse(proto, needDestroy); + if (ret != NETMANAGER_SUCCESS) { + NETNATIVE_LOGE("Failed to destroy %{public}s sockets", family == AF_INET ? "IPv4" : "IPv6"); + break; + } + } + + NETNATIVE_LOG_D("TCP-RST Destroyed %{public}d sockets", socketsDestroyed_); +} } // namespace nmd } // namespace OHOS \ No newline at end of file