Currently we support exactly one NAT64 prefix. This matches what
other components in the system (Dns64Configuration, clatd, etc.)
support.
Test: atest FrameworksNetTests
Change-Id: I45a11cebe43a5e1c60d50eca7889cb317565b598
This implements a minimal contract for the IP Memory Store
feature.
Test: Created new tests for parcelable code. For the rest, created
empty tests, but there is no logic, it's boilerplate day
Bug: 116512211
Change-Id: I15dc6275b370d671385ddfdb058a8b8d39952d6e
Introduce a stable AIDL parcel class, DhcpServingParamsParcel, and
methods to convert to and from that class to DhcpServingParams.
This will be used to move DhcpServer to the NetworkStack app.
Test: atest FrameworksNetTests
Bug: b/112869080
Change-Id: I276b7affccb938059769c90a53f0f6beb26e6ede
The current code only uses InterfaceParams#name, and InterfaceParams is
defined in services/net which DhcpServer cannot depend on once moved to
a separate app.
Test: atest FrameworksNetTests
Bug: b/112869080
Change-Id: I94c7dce33200c111666a9dddde82ac2e66a6794f
Some network re-writing packet from broadcast MACs to unicast,
result in this kind of packets cannot be dropped by APF filter.
Thus, drop ARP reply if source IP is 0.0.0.0.
Note: Linux kernel always ignores such replies in the function arp_process().
Bug: 118044271
Test: runtest frameworks-net -c android.net.apf.ApfTest
Change-Id: Id293bf231913d9b483ce7d8dd909e05fa927ccd7
Read a pcap file and runs it through APF filter, then checks whether all
packets in the file are dropped.
Test: runtest frameworks-net -c android.net.apf.ApfTest
Change-Id: I7fc59864608762cd2bc84131817183846b0bf5b5
Currently, 464xlat counts its ipv6 tx traffic into root uid.
When user is making ipv4 upload over ipv6-only network, ipv4
tx traffic may sometimes be counted faster then ipv6 tx
traffic.
Thus, NetworkStatsService may detect non-monotonic values due
to 464xlat adjustment.
So the solution is that: for clatd, make ipv6 tx traffic counts
into clat uid, and then ignore it in the framework side.
Bug: 118602783
Test: 1. manually verify clatd traffic on clat uid.
2. runtest frameworks-net
Change-Id: Ifb478b79e3e281918c70e16d1f90682c78f33db1
Add a generic transport-specific information container interface and
access methods. These can be used by a network factory to pass transport
(bearer)-specific network parameters to the app.
Bug: 117605977
Test: atest frameworks/base/tests/net/java/android/net (+new unit tests)
Change-Id: Ib7c83b677e1c02a2212265719813e648b0c9cc1b
In follow-up commits, current API would create new NetworkStats
every time when 464xlatAdjustment wants to filtered out some
uids.
This commit refactors it to delete stats in-place to get better
performance.
Bug: 118602783
Test: atest FrameworksNetTests
Change-Id: I858f95d1fa7733111786243b4e261ce8a70a068d
Some applications or services are needed PCSCF address to register IMS server but there is no way to get it on Android Framework.
We have added PCSCF address to LinkProperties like attached diff files.
Test: get Linkproperties and check Pcscf addresses.
atest FrameworksNetTests
Change-Id: Ic2341a4ce2ed88d560325721766fc21f85f7ff86
Signed-off-by: Hongshik <hshik.kim@samsung.com>
This change adds support for XFRM-I to all IpSecService netd calls.
Fallback logic is in netd, and thus both VTI and XFRM-I parameters are
always passed down to IpSecService.
Bug: 78589502
Test: All java, CTS tests passing
Change-Id: Ie4186f0ad7e50763b21831f6fa411b5ee436de78
Add a utility method to convert an EUI-48 to an IPv6 link-local
address based on RFC 4291 (EUI-64 generation) followed by RFC 4862.
Bug: 117605977
Test: atest MacAddressTest
Merged-In: I80b683e69da6beff3b37fc345fc15aa9610d09b7
Change-Id: I80b683e69da6beff3b37fc345fc15aa9610d09b7
When using xt_qtaguid to count per uid stats,
NetworkStatsService needs to adjust the 464xlat traffic since
iptables module would double count for ipv4 and ipv6 packet.
But for eBPF, the per uid stats is collected in a different
hook, so the adjustment on root uid would only be needed in tx
direction.
Bug: 112226716
Test: 1. Make ipv4 traffic in ipv6-only network and check data
usage.
2. Make ipv4 traffic in a client which connect to
ipv6-only hotspot.
3. runtest frameworks-net
4. cts-tradefed run cts -m CtsNetTestCases -t \
android.net.cts.TrafficStatsTest
5. cts-tradefed run cts -m CtsUsageStatsTestCases
Change-Id: Ic9a84f5446eddc943c255d5f3b89dad171f53cac
Use stable aidl generated structure instead of UidRange
Test: runtest frameworks-net passes
Test: manual testing of UidRange related function works
Change-Id: Iaf1c10777dc1e71df2be2a57533a10257b12626b
onBlockedStatusChanged is intruduced for network blocked status.
The changes in this patch are:
- Test onBlockedStatusChanged which tells apps whether the
network is blocked.
- Fixed the tests which is affected by the order changed in
onAvailable.
Test: as follows
- runtest frameworks-net
- runtest -x NetworkPolicyManagerServiceTest.java
Bug: 74575553
Change-Id: I383c037ed895ef69c478dc3cff69fb1e27c42845
The hostname option is only sent when requested in the requested
parameters option. This matches current behavior.
Test: with aosp/763982, regression tests now all pass
atest FrameworksNetTest
Bug: b/109584964
Change-Id: I793173fa893750ddbe72be09f4c2d70e5b285837
Some DhcpServer error code paths could cause a NPE, when the logError
callback was called without an exception. Allowing SharedLog#e to be
called with a null Throwable is less error-prone.
Bug: b/109584964
Test: atest FrameworksNetTests
Change-Id: Idbcdd330a9d1951b27aaf525aaf12e52e102872c
Allow VPN apps to lookup the UID owner of a network connection.
Requires specifying the:
- IP address and port for both the source and destination of a TCP
connection.
- IP address and port for either source and destination or just
source for a UDP connection.
Only TCP and UDP protocols are supported. Only connections for UIDs
that apply to the calling VPN app will be resolved. This is intended
to replace direct app access to /proc/net/{tcp,tcp6,udp,udp6}.
The implementation uses netlink inet_diag sockets[1] to perform
the lookup on TCP sockets as well as UDP sockets when supported
(kernel has CONFIG_INET_UDP_DIAG=y).
[1] http://man7.org/linux/man-pages/man7/sock_diag.7.html
Bug: 9496886
Bug: 109758967
Test: atest HostsideVpnTests
Test: atest InetDiagSocketTest on Taimen with CONFIG_INET_UDP_DIAG
and on Sailfish without CONFIG_INET_UDP_DIAG.
Change-Id: I2bbc7072dd091e2e653dadf6dc05024c04180f34
Rename TetherInterfaceStateMachine to IpServer. IControlsTethering
is folded into IpServer.Callback and some of the dependencies in
TetheringDependencies are moved into IpServer.Dependencies.
Several things still need fixing, including:
- convert message passing into method calls
- the calls that enable forwarding should be moved up out of
IpServer into the Tethering layer above it
Test: as follows
- built, flashed, booted
- runtest frameworks-net passes
Change-Id: I015f800ed23c8aa5c8c81a74d7b508abfcaab659
This matches previous behavior, and there could be situations where
another server on the network would be configured to reply to such
requests, so not replying is better than sending NAKs as done now.
Also refactoring requests in DhcpLeaseRepositoryTest and replacing some
INETADDR_UNSPEC usages for giaddr with INET4_ANY (giaddr is a BOOTP
field and can't be unspecified, only empty).
Test: Following DhcpServerTest.py regression tests pass:
test_request_selecting_giaddr_outside_subnet
test_discover_requestaddress_giaddr_outside_subnet
test_discover_knownaddress_giaddr_outside_subnet
test_discover_giaddr_outside_subnet
Also: atest FrameworksNetTests passes
Change-Id: I4decffccfc64d5e0e29c9ce1cf1446644fcf8190
Add Android metered option, rebinding time option (T2), and match
current order of options. Current DHCP server uses subnet_mask,
broadcast_address, router, name_server in this order.
Test: DhcpServerTest.py:test_discover_paramrequestlist passes
atest FrameworksNetTests passes
Bug: b/109584964
Change-Id: I58f904d5fac306f704c16234fd69c2440fe0803d
This differs from previous behavior where dnsmasq would reply to port 68
if the client had no configured address (ciaddr empty in request), or
send replies to the client port if the request ciaddr matched the
assigned lease.
Not all DHCP servers preserve this behavior, and there is no good known
use-case for it. Not replying to such packets is less error-prone and
closer to the standard.
Bug: b/109584964
Test: Added test in DhcpServerTest.py passes
Change-Id: I88d467336cc4f4e4c9498c3787ec22fdef5e1cdd
This first version can serve discover/request/release, although there
are some small behavior changes with current implementation which will
be addressed later.
Also removes final modifiers on start() and stop() in FdEventsReader, to
allow mocking the methods in tests with the current mockito lib.
Test: Added tests pass, manual: flashed a device using the server
Change-Id: I025366ff7d51c4ba31152af50f3dd2b5e280a54d
In common use-cases, only one gateway or DNS server may be set, so the
added methods make it easier for clients to build the parameters.
Bug: b/109584964
Test: runtest --no-hidden-api-checks frameworks-net
Change-Id: Ib54bc60a54ad4ef0605baea62d87b9f14caf8aa7
Those parameters will be used to start DhcpServer or update its
configuration.
Test: runtest DhcpServingParamsTest.java
Bug: b/109584964
Change-Id: Id8d3dcf62d66dcb02accffa8d8500e30f07af452
The current utilities map the higher-order bytes of ints to the
lower-order bytes of IPv4 addresses, which makes applying masks and
generating series of addresses confusing.
For example, the current utilities would convert 1.2.3.4 to 0x04030201,
or generate 0x0080ffff for a /17 subnet mask. The utilities in this CL
convert 1.2.3.4 to 0x01020304, and a /17 subnet mask is represented as
0xffff8000.
Includes tests for all the above methods and migration of
NetworkUtilsTest to JUnit4.
Test: added tests pass
Change-Id: I5f5aa2e6e3b054b66b9dc507dab64f41be9139b1
apct runs have become significantly slower, which makes some of these
tests flaky. Increase the timeout as a first measure to avoid flakes.
Bug: b/111819270
Test: runtest -x IpClientTest.java
Change-Id: Ifb0091377f311b67ba3a4f9324ce1e8cfb421ea3
The used constant overflows. This is irrelevant to the test, so
decrease test constant.
Bug: 110155920
Test: m javac-check RUN_ERROR_PRONE=true
Change-Id: Idfc7e987ba9c36389a20c7fc01b1161ef89483d8
* changes:
Disable the AppOp Restriction for IpSec Tunnels
Rework Exception Handling for IpSecManager
Update IpSecManager to use InetAddress and prefixLen
Add AppOps Checks for MANAGE_IPSEC_TUNNELS
Add MANAGE_IPSEC_TUNNELS Permission
