Support faking out the DNS lookups used by NetworkMonitor to
resolve strict mode DNS, and add more test coverage.
These tests were partly adapted from tests we have in Q but
also contain new coverage. This is because in Q the interface
between ConnectivityService and NetworkMonitor changed
substantially, and it is impractical to backport
NetworkMonitorTest.
Bug: 122652057
Test: atest FrameworksNetTests
Change-Id: I6497b7efa539267576d38d3036eef0af0df4e9cb
Merged-In: Iaa78a7edcf23755c89d7b354edbc28d37d74d891
This reverts commit 6a050c7c50.
Reason for revert: Retargeted for June monthly release
Bug: 119129310
Change-Id: I9d543415c5707859cfa2a14a1a8ce5909aae7d11
Merged-In: Id0abc4d304bb096e92479a118168690ccce634ed
This reverts commit ad8805a6c2.
Bug: 126245192
Reason for revert: This change can lead to a deadlock that was fixed in http://ag/6580635. However, platform PMs think that fixing this is risky enough as this is not a recent problem and has been in the field for 3/4 of the year.
Note: The merged-in tag is used to avoid this change from getting merged into pi-dev-plus-aosp. This is to avoid merge conflicts since we mostly work in aosp/master which merges into pi-dev-plus-aosp.
Change-Id: I3814bcec87efb059f50f00617406501aaeac3b4d
Merged-In: Id0abc4d304bb096e92479a118168690ccce634ed
NSS needed it for getting VpnInfo[], NetworkState[] and
activeLinkProperties which it used to query via ConnectivityManager.
For VpnInfo[], this was racy as NSS may ignore intermediate changes to a
VPN's underlying networks. See http://b/123961098 for more context.
It may also lead to deadlocks b/w ConnectivityService and
NetworkStatsService. See http://b/126245192 for more info.
This change will ensure that NSS is never contending on any of
ConnectivityService locks.
This change also is cherry-picking cleanup made to NSS in
http://aosp/628368.
Bug: 123961098
Bug: 126245192
Bug: 120145746
Test: atest FrameworksNetTests
Change-Id: Ia687845888434c8ddd24bdf44b4c70dfe80e03f5
Merged-In: I57e117bb4e9efe491b19d6b5a479f2d58d1c58e6
Previously, they were only updated when underlying network set was
non-null.
This change also ensures that all the calls b/w ConnectivityService and
Vpn that leads to updating capabilities are on ConnectivityService
handler thread.
Additionally, it also ensures that capabilities are propagated after VPN
enters connected state.
This change also updates VPN capabilities inline from
ConnectivityService handler thread. Previously, there was an additional
loop where Vpn would update capabilities via NetworkAgent thru
AsyncChannel which posts back to CS handler thread, which could
potentially lead to delays in updating VPN capabilities.
Bug: 119129310
Bug: 118856062
Bug: 124268198
Test: atest FrameworksNetTests
Test: manual - verified VPNs capabilities are getting updated and
DownloadManager is working correctly.
(cherry picked from commit 4fa80e8a2f)
Change-Id: Iae5f2024b19df04c31938815b52687781d016cde
Merged-In: Id0abc4d304bb096e92479a118168690ccce634ed
In handleUpdateLinkProperties(), it will always assign newLp
to nai first. Then, the copied newLp would add some configurations
ex: private dns/clatd. This updated newLp wouldn't be assigned back to
nai when linkproperties is not changed.
Bug: 113637648
Test: - build, flash, booted
- atest FrameworksNetTests
- run CtsNetTestCases
Change-Id: I9e25e46718e076d4afa784ee5e1d3abbe0f11911
When using xt_qtaguid to count per uid stats,
NetworkStatsService needs to adjust the 464xlat traffic since
iptables module would double count for ipv4 and ipv6 packet.
But for eBPF, the per uid stats is collected in a different
hook, so the adjustment on root uid would only be needed in tx
direction.
Bug: 112226716
Test: 1. Make ipv4 traffic in ipv6-only network and check data
usage.
2. Make ipv4 traffic in a client which connect to
ipv6-only hotspot.
3. runtest frameworks-net
4. cts-tradefed run cts -m CtsNetTestCases -t \
android.net.cts.TrafficStatsTest
5. cts-tradefed run cts -m CtsUsageStatsTestCases
Change-Id: Ic9a84f5446eddc943c255d5f3b89dad171f53cac
Merged-In: Ic9a84f5446eddc943c255d5f3b89dad171f53cac
(cherry picked from commit c33ac0d43b)
Rather than use the crufty config.xml list of upstream transport types,
use ConnectivityService's notion of the default network for the upstream.
In cases where a DUN network is required and the default network is
currently a mobile network, look for a DUN network (code in Tethering
is currently responsible for requesting one).
Test: as follows
- built, flashed, booted
- runtest frameworks-net
- tethered via mobile, joined captive portal network, maintained
laptop access via mobile until captive passed (then used wifi)
- disabled client mode wifi, disabled mobile data, plugged in
ethernet adapter, observed connectivity via ethernet
Bug: 32163131
Bug: 62648872
Bug: 63282480
Bug: 109786760
Bug: 110118584
Bug: 110260419
Change-Id: I925b75994e31df8046f3ef9916a2457b4210485e
Test: as follows
- built
- flashed
- booted
- runtest frameworks-net passes
- wlan0 in STA mode, wlan1 up/down in AP mode
no lingering IPv4 mode
- USB tethering up/down works
- bluetooth tethering yields:
05-18 17:50:49.726 719 756 D TetherController: untetherInterface(bt-pan)
05-18 17:50:49.729 1194 1230 E Tethering: [bt-pan] ERROR Failed to clear IPv4 address on interface bt-pan: java.lang.IllegalStateException: command '224 interface setcfg bt-pan 0.0.0.0 0' failed with '400 224 Failed to clear address (No such device)'
which is acceptable (no actual crash, just a log message)
Bug: 79905644
Change-Id: Iaf29788a6692d810f3160e3f21d06b7452ecbaa6
The probes allow testing for a configurable status code and location
header (regexes). They are disabled by default, so this CL is a
no-op unless the probe configurations are pushed.
Bug: b/79499239
Test: tests in CL pass, manual: captive portal login works
Change-Id: I785723aaed06054b9aa8ebff77803f23d7836db9
Before this change, VPNs having no underlying networks would be
marked as metered as the safe option, but VPNs having only
disconnected underlying networks would be marked as unmetered.
Fix this discrepancy.
Bug: 79748782
Test: runtest frameworks-net
Change-Id: I51c3badde29f43f692f383553bd98327d2da8dd1
Fixes come later. This is complex enough as it is.
Bug: 79748782
Test: new test passes, old tests still pass
Change-Id: I30009f88e68a534c332ca88bae517cacc39a60bb
This is necessary to resolve visibility issues for the next change.
Bug: b/79499239
Test: runtest frameworks-net
Change-Id: I50bc96afe6ae88c8f58a693f0a4e821f1f9b3299
P introduced setSSID, UIDs and unwanted capabilities.
None of these exhibit commutative behavior through combineCapabilities
because their semantics don't allow it. Therefore
NetworkRequest.setCapabilities() is badly broken around any of
these. Look at the comments in the new tests to realize the
extent of the damage.
Bug: 79748782
Test: new tests written, old tests pass
Change-Id: Ie46581bdaf9ecc2f14aab44788bbdb27a3fec8c1
With the new xt_bpf support for iface stats. We no longer need to parse
the per interface stats from /proc/net/dev. And since the old xt_qtaguid
code path also not depend on it, we can completly remove that helper
function since no caller is depending on it now.
Bug: 72111305
Test: runtest frameworks-net -c com.android.internal.net.NetworkStatsFactoryTest
Change-Id: Icb7eaeef0eeb9fdffd32a90316c76ee05bafffbe
Merged-In: Icb7eaeef0eeb9fdffd32a90316c76ee05bafffbe
(cherry picked from aosp commit b815c978b8)
This tests that ApfGenerator knows how to optimally encode positive and
negative immediates of various sizes.
Equivalent tests will follow for LDDW and STDW.
Change-Id: Ia904aecb155c78569e3cf32a2431570281570481
Bug: 73804303
Test: runtest tests/net/java/android/net/apf/ApfTest.java
(cherry picked from commit 18050000d7)
Bug: 77737389
Test: runtest framework-net
new test don't pass without the main code change, but they
do with it
Change-Id: I0cd83a935ab0b349aa47e065b830e5a43ab9a091
Per email feedback, we should be using "noteOp" instead of "checkOp"
when testing if caller holds OP_GET_USAGE_STATS, so that we record
that caller used the operation.
Bug: 77662908
Test: builds, boots
Exempt-From-Owner-Approval: keep tests passing
Change-Id: I3a60345d590534fdbc2c1248e0d30dc85a5d6772
Relies on events sent from netd in aosp/578162.
Test: Added tests to ConnectivityServiceTest. Added a new test
class DnsManagerTest. Built a simple app that appears to
receive onLinkProperties events correctly upon manual changes
to the private DNS settings on a Pixel.
Bug: 71828272
Merged-In: I1e6c54ba016f6a165a302bd135a29d9332aaa235
Merged-In: I7705412803fb9aa707a18ae5a1c50292e084d851
Change-Id: I3223c1285a73d5d531c5051ce70007857caa57e3
(cherry picked from commit 7301aa4140)
Registering for carrier config changes can deliver a sticky broadcast
and can cause Tethering to think something has changed and reevaluate
provisioning status, even though this has been checked before it
entered tethering mode alive state.
Additionally, move the provisioning_app{,no_ui} resources into the
TetheringConfiguration, if for no other reason than now we can log
it in .toString().
Test: as follows
- built
- flashed
- booted
- runtest frameworks-net passes
- manual USB tethering toward WiFi works
Bug: 69565814
Change-Id: Ib8b2620ce44c55e5eb0afd3f00f3f5aa4fc8a593
(cherry picked from commit 8067d78c32)
This required advancing the IpManager to IpClient refactoring
(Bluetooth used IpManager and friends). Most importantly, the
Bluetooth code used WaitForProvisioningCallback, so this is
moved into IpClient proper now. Also: some more renaming
cleanup.
Test: as follows
- built
- flashed
- booted
- runtest frameworks-net passes
Bug: 62476366
Bug: 72663849
Merged-In: I5e5b2c59ad3ea9ad574e8e683bcab3b09cfe0791
Merged-In: I89b45310181d952129fb2294db63654da9b4057f
Change-Id: I9eee2a9d5c31cdd48a054a7edc3403584efb1864
(cherry picked from commit 8d1fe54be1)
Moves this out of ConnectivityService and into each NetworkMonitor
(where it's more self-contained).
Test: as follows
- builds, flashes, boots
- runtest frameworks-net passes
- manual testing with working and non-working hostnames behaves
somewhat (but not entirely) as expected, and not always quickly
Bug: 64133961
Bug: 72345192
Bug: 73872000
Bug: 77140445
Merged-In: I5dc90ecfe6f6f10967b7501645ad8e030cb38982
Merged-In: Ida4967d22f0781524f0f269e30e653b8ec867258
Change-Id: Ic4322af3cb49149f2d975cb31f54b2ac7927f907
(cherry picked from commit 736353a584)
LinkAddress constructors are currently @hide; this change updates
IpSecManager to use InetAddress and prefixLen, and then construct a
LinkAddress internally. LinkAddress is used over the binder interface to
IpSecService to ensure validity.
Bug: 77528639
Test: CTS, Java unit tests ran on walleye
Change-Id: I19e124adef6d9f4992d8293db3190bcf74c95848
This change forces Socket and DatagramSocket to populate the
SocketImpl, ensuring that the socket file descriptor can be
retrieved when applying Transport mode Transforms
This is done by calling getSoLinger(), triggering a getImpl(), which
triggers setImpl() if needed.
Bug: 77491294
Test: Added tests in IpSecManagerTest, ran on walleye
Merged-In: I40da08b031357710eb794e0f866aec5660c79594
Change-Id: I40da08b031357710eb794e0f866aec5660c79594
(cherry picked from commit d175a3d3a0)
Adds support for a new AppOp to permit services to
use IpSec tunnel mode. The IpSecService now needs
a context so change the service mode to a cached
service rather than a static service.
Bug: 66955045
Test: runtest frameworks-net
Change-Id: I17a4a286225b432c3e15ea1587d946189931b4f4
