diff options
| author | Tomasz Wiszkowski <ender@google.com> | 2017-10-18 11:51:30 -0700 |
|---|---|---|
| committer | Tomasz Wiszkowski <ender@google.com> | 2017-10-18 15:08:36 -0700 |
| commit | 721b075c99229747ef85cc53d5883a9138ebd42f (patch) | |
| tree | 417cf4297da6ecb34bea9a5583ddd9c12ded1eef | |
| parent | e9d90b18fc33499e950730f17f3696e722fe21f9 (diff) | |
| download | platform_external_openssh-721b075c99229747ef85cc53d5883a9138ebd42f.tar.gz platform_external_openssh-721b075c99229747ef85cc53d5883a9138ebd42f.tar.bz2 platform_external_openssh-721b075c99229747ef85cc53d5883a9138ebd42f.zip | |
Allow SSH to function with more strict android network stack.
This change relocates SSH listening port to external network namespace,
that is not under direct android supervision. SSH is functional even when
ssh_key_fetcher is not.
Test: manual
BUG=67899876
Change-Id: Ia729103d7bf0ec84abb5969d8b4edf733e525702
| -rw-r--r-- | Android.mk | 3 | ||||
| -rw-r--r-- | sshd.c | 35 |
2 files changed, 38 insertions, 0 deletions
@@ -258,6 +258,9 @@ LOCAL_SRC_FILES := \ LOCAL_MODULE := sshd LOCAL_CFLAGS += -Wno-unused-parameter +ifneq ($(filter gce_x86 calypso, $(TARGET_DEVICE)),) +LOCAL_CFLAGS += -DANDROID_GCE $(GCE_VERSION_CFLAGS) +endif LOCAL_C_INCLUDES := \ external/zlib \ @@ -1034,9 +1034,44 @@ server_listen(void) ssh_gai_strerror(ret)); continue; } + +#if defined(ANDROID_GCE) && defined(GCE_PLATFORM_SDK_VERSION) && GCE_PLATFORM_SDK_VERSION >= 28 + /* + * Android GCE specific, bug 67899876 + * Open socket in external namespace, making it possible to serve SSH + * connections regardless of internal interface states. + */ + int outerfd = open("/var/run/netns/outer.net", O_RDONLY); + int androidfd = open("/var/run/netns/android.net", O_RDONLY); + if (outerfd > 0 && androidfd > 0) { + if (setns(outerfd, 0) != 0) { + fprintf(stderr, "Could not set netns: %s\n", + strerror(errno)); + exit(1); + } + } +#endif + /* Create socket for listening. */ listen_sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); + +#if defined(ANDROID_GCE) && defined(GCE_PLATFORM_SDK_VERSION) && GCE_PLATFORM_SDK_VERSION >= 28 + if (androidfd > 0) { + if (setns(androidfd, 0) != 0) { + fprintf(stderr, "Could not set netns: %s\n", + strerror(errno)); + exit(1); + } + } + if (outerfd > 0) { + close(outerfd); + } + if (androidfd > 0) { + close(androidfd); + } +#endif + if (listen_sock < 0) { /* kernel may not support ipv6 */ verbose("socket: %.100s", strerror(errno)); |