Convert the IpSecTransform from being a bi-directional
pair of SAs to a unidirectional single SA. This CL
also removes the concept of "direction from SAs meaning
that a IpSecTransform may now be applied to a socket
in either direction.
-Make transforms unidirectional
-Add Convert allocateSpi() to use destination rather
than direction and remote address
-Remove directionality from builders for IpSecTransform
-Change applyTransportModeTransform() to take a
direction in which to apply the transform object.
-Additional minor naming updates
-Restrict IpSecConfig to only print keys on eng builds
-Move DIRECTION constants to IpSecManager
-Add sourceAddress parameter to IpSecTransform to provide
additional guarantees about the source address of data;
(explicit failure rather than implicit failure).
-Move SPI to the build() method of IpSecTransform
Bug: 71717213
Test: runtest frameworks-net, CTS - IpSecManagerTest
Change-Id: I0824b37f443f4b8c62536d9801238c63ed8f2a1c
This patch adds to the MacAddress class:
- getAddressType() method which replaces addressType(), for naming
consistency
- @NonNull annotations on all input and output reference values for
all public methods (@hide and public).
TYPE_UNKNOWN, which currently cannot be observed with a non @hide
method, is also removed from the public api.
Bug: 71866627
Test: $ runtest frameworks-net
Change-Id: I2af70408d46f431b7b32183e6b48ddae9a261a2c
NetworkInterface throws Exceptions every time you look at it askance.
Try to make something we instantiate fully, once, and pass it around.
Partial MacAddress-ification as well, for good measure.
Test: as follows
- built
- flashed
- booted
- runtest frameworks-net passes
- basic IPv6 tethering works
Bug: 32163131
Bug: 62476366
Change-Id: I16c145fddb4e76387370338d792a438eed886d7f
1) toSafeString() is renamed to toOuiString()
2) toOuiString() returns a String that only contains the first 3 bytes
of the mac address.
Bug: 70336442
Test: runtest frameworks-net
Change-Id: I798d8fec32dbff5687a682028e5d90eb941f81c1
Merged-In: I798d8fec32dbff5687a682028e5d90eb941f81c1
(cherry pick from commit a0ecf38d30)
1) toSafeString() is renamed to toOuiString()
2) toOuiString() returns a String that only contains the first 3 bytes
of the mac address.
Bug: 70336442
Test: runtest frameworks-net
Change-Id: I798d8fec32dbff5687a682028e5d90eb941f81c1
This reverts commit 94209ab768.
Reason for revert: should not have auto-submitted prior to more extensive wifi team testing.
Change-Id: Ie81b10473caf34971226948038bc20dc4fa6a1ae
Additionally, no longer try to transition from within a State's
enter() method (this can encounter Log.wtf()s). Introduce some
CMD_JUMP_* commands and use deferMessage().
Test: as follows
- built
- flashed
- booted
- runtest frameworks-net passes (except for IpConnectivityMetricsTest failures)
- manual changing from DHCP to static configurations works:
2017-12-11T19:06:19.082 - INVOKE onLinkPropertiesChange({{InterfaceName: wlan0 LinkAddresses: [] Routes: [] DnsAddresses: [] Domains: null MTU: 0}})
Bug: 69800563
Bug: 70394432
Change-Id: Ice249a48b66806c0270ec3f11dd2e8e387d4e29b
Throughout the IPsec code (API, system server, netd) we use "reserve"
SPI and "allocate" SPI interchangeably. This renames to use "allocate"
everywhere for self-consistency and consistency with the kernel
(ALLOCSPI).
In javadoc, I am leaving the word "reserve" in several places because it
is still an accurate description of how the method behaves.
Bug: 69128142
Test: TreeHugger should be enough
Change-Id: I8ea603b4612303b0393beef04032671fa53d2106
IpReachabilityMonitor (and IpNeighborMonitor) are only accessed from
the IpManager StateMachine's thread. Consequently lots of locking can
now be removed.
Additionally:
- rename BlockingSocketReader to PacketReader
- incorporate IpReachabilityMonitor output in dump()
Test: as follows
- runtest frameworks-net passes
- "adb shell ip neigh change <address> dev wlan0 nud failed"
triggers wifi to disconnect
Bug: 62476366
Bug: 67013397
Change-Id: I18aca29ae0019a72a7e559c2832e0d9b0e33d81e
Improve the Validation of IpSecAlgorithm by
explicitly checking the length in addition to
the truncation length (previously an oversight).
In addition, we now check the lengths during
un-parceling, which will catch someone maliciously
manually building a parcel and passing it, bypassing
the checks in the constructor.
Bug: 68780091
Test: runtest -x IpSecAlgorithmTest.java
Change-Id: I8172762617264d34f47d5144336464510f07a701
This patch does some light refactoring in MacAddress to prepare for
exposing MacAddress in the public api:
- documention is improved
- some method names are renamed
- a toSafeString method is added
- a padding bug in the conversion methods outputting strings for
mac addresses is fixed
Bug: 69390696
Test: runtest frameworks-net
Change-Id: I399a97dabc2dfa8df9c5518c8b12484e43ca05c9
This patch introduces a helper ApfConfiguration class for passing filter
parameters to the constructor of ApfFilter. The benefits are:
- less parameter boilerplate across IpManager, ApfFilter, ApfTest
- easier to add more parameters in the future (useful for hardware
counters options and further gservices configurable options)
There is no functional changes otherwise.
Test: runtest frameworks-net
Change-Id: I47231c21df80bc36b6d4e15369748017b50b8da1
