The in-process NetworkStack runs in the system process, so it does not
need to be marked persistent.
Doing so causes a spurious com.android.networkstack.inprocess process to
be running, wasting memory.
Bug: 131046856
Test: Flashed sailfish, networking works, no extra process started
Test: Flashed walleye, networking still works
Test: aapt dump xmltree NetworkStack.apk AndroidManifest.xml unchanged
Change-Id: I0eb896c825ffe2581950c0bdd2b31ebd7eae0982
Remove IPv6 related codes since we don't support IPv6 NAT-T keepalive
as the kernel doesn't support IPv6 UDP encapsulation.
Renaming keepaliveAck to keepaliveResponce since NAT-T keeaplive
response is not an ack. Also, add generateV4NattKeepaliveFilters()
if multicast filter is disabled.
Verify incoming packet contains 1 byte payload but it is not 0xff will
pass NAT-T keepalive filter.
Bug: 33530442
Test: atest FrameworksNetTests
atest NetworkStackTests
Change-Id: I6d3eb9e6271a0f51dec4a55d68a69b4280175d86
Merged-In: I6d3eb9e6271a0f51dec4a55d68a69b4280175d86
Merged-In: If01bc6a71cf26e13edc049d969d23088fa8242e4
(cherry picked from commit 4ee521b022)
Add PlatformCaptivePortalLogin and PlatformNetworkPermissionConfig build
targets to override CaptivePortalLogin and NetworkPermissionConfig with
platform-key-signed packages easily. The added packages are unused by
default but can simplify setup for OEMs that use InProcessNetworkStack.
Bug: 132635211
Test: Added the new packages to sailfish build, built image: device has
the proper packages signed with the right keys, networking and
captive portal working fine.
Change-Id: I09656deb6ba928f56b478adebb60268fa6f484b0
So that the /system version of NetworkStack.apk can be re-installed on
/data without causing problems. This is useful for testing and necessary
for supporting rollback to the system version of NetworkStack.apk.
Bug: 131703417
Bug: 132195177
Test: Confirm NetworkStack.apk now includes .so files.
Test: adb install --staged NetworkStack.apk
adb reboot
Device reboots without problems.
Change-Id: I7c9a1702a2c18e0333b5e409f04b7658fe685f97
Merged-In: I7c9a1702a2c18e0333b5e409f04b7658fe685f97
(cherry picked from commit 103dbe38b4)
Remove IPv6 related codes since we don't support IPv6 NAT-T keepalive
as the kernel doesn't support IPv6 UDP encapsulation.
Renaming keepaliveAck to keepaliveResponce since NAT-T keeaplive
response is not an ack. Also, add generateV4NattKeepaliveFilters()
if multicast filter is disabled.
Verify incoming packet contains 1 byte payload but it is not 0xff will
pass NAT-T keepalive filter.
Bug: 33530442
Test: atest FrameworksNetTests
atest NetworkStackTests
Change-Id: Ifb9e088c0c8d71c763ebd9ad122103d0f97ca278
This avoids shipping both APKs on Go devices, as would be previously
done with the default Go configuration that still included NetworkStack.
Test: Flashed, booted walleye with svelte config. Verified that
NetworkStack is not on the device and InProcessNetworkStack is
used. WiFi working.
Bug: 132666298
Change-Id: If4a7a003128a555e512c88469653c3fb2ad864d5
So that the /system version of NetworkStack.apk can be re-installed on
/data without causing problems. This is useful for testing and necessary
for supporting rollback to the system version of NetworkStack.apk.
Bug: 131703417
Bug: 132195177
Test: Confirm NetworkStack.apk now includes .so files.
Test: adb install --staged NetworkStack.apk
adb reboot
Device reboots without problems.
Change-Id: I7c9a1702a2c18e0333b5e409f04b7658fe685f97
Remove definition of TYPE_NATT and TYPE_TCP since the type
can be identified by checking message.obj is an instance of
NattKeepalivePacketData or TcpKeepalivePacketData.
It's more simple and won't have dependency on KeepaliveInfo.
Bug: 33530442
Test: atest FrameworksNetTests
atest NetworkStackTests
(Clean cherry-pick of aosp/955419)
Change-Id: Ic97ffe9ff5781778efd264460809f5059f0f4230
Merged-In: Ic97ffe9ff5781778efd264460809f5059f0f4230
Add NAT Traversal keepalive filter to APF program to
drop NAT-T keepalive packets when NAT-T keepalive
offload is starting.
Bug: 33530442
Test: - atest NetworkStackTests
- atest FrameworksNetTests
Change-Id: I1c537485e11b31e5a6e0d8b7b6a1f396f9441746
Currently, it looks like private DNS server resolution uses
OneAddressPerFamilyNetwork and only returns one server address.
It should return all addresses. Use async dns api for this.
Bug: 123435238
Test: atest NetworkStacktests
Change-Id: I2b7e184d9b9800a83b55dceb73af69085668748c
(cherry picked from commit 40c5295cee)
Merged-In: I2b7e184d9b9800a83b55dceb73af69085668748c
Merged-In: I9f50da3c8c2e3b12b29bc8844291e4bf1559cd1f
Currently, strict mode private DNS does not work on VPNs because
NetworkMonitor does not validate VPNs. When a VPN connects, it
immediately transitions to ValidatedState, skipping private DNS
hostname resolution.
This change makes NetworkMonitor perform private DNS hostname
resolution and evaluation even on VPNs.
In order to ensure that the system always immediately switches to
the VPN as soon as it connects, remove the unvalidated penalty
for VPN networks. This ensures that the VPN score is always 101
and the VPN always outscores other networks as soon as it
connects. Previously, it would only outscore other networks
when no-op validation completed.
Bug: 122652057
Test: atest FrameworksNetTests NetworkStackTests
Test: manually ran a VPN with private DNS in strict mode
atest android.net.cts.ConnectivityManagerTest com.android.cts.net.HostsideVpnTests
Change-Id: Iaa78a7edcf23755c89d7b354edbc28d37d74d891
Merged-In: Iaa78a7edcf23755c89d7b354edbc28d37d74d891
(cherry picked from commit 414b8c8b1c)
Currently, strict mode private DNS does not work on VPNs because
NetworkMonitor does not validate VPNs. When a VPN connects, it
immediately transitions to ValidatedState, skipping private DNS
hostname resolution.
This change makes NetworkMonitor perform private DNS hostname
resolution and evaluation even on VPNs.
In order to ensure that the system always immediately switches to
the VPN as soon as it connects, remove the unvalidated penalty
for VPN networks. This ensures that the VPN score is always 101
and the VPN always outscores other networks as soon as it
connects. Previously, it would only outscore other networks
when no-op validation completed.
Bug: 122652057
Test: atest FrameworksNetTests NetworkStackTests
Test: manually ran a VPN with private DNS in strict mode
atest android.net.cts.ConnectivityManagerTest com.android.cts.net.HostsideVpnTests
Change-Id: Iaa78a7edcf23755c89d7b354edbc28d37d74d891
Currently, it looks like private DNS server resolution uses
OneAddressPerFamilyNetwork and only returns one server address.
It should return all addresses. Use async dns api for this.
Bug: 123435238
Test: atest NetworkStacktests
Change-Id: I9f50da3c8c2e3b12b29bc8844291e4bf1559cd1f
"mNonPrivateDnsBypassNetwork" is not very easy to understand.
Bug: 122652057
Test: atest FrameworksNetTests NetworkStackTests
Change-Id: If5801c81c6ef222b46f631bd6570dcd0fea465bd
Merged-In: If5801c81c6ef222b46f631bd6570dcd0fea465bd
(cherry picked from commit 669dc6cea7)
Test successful and failed validation, and updating the config.
In order to do this, add a FakeDns class so we can change DNS
responses dynamically while the test is running.
Also a couple of minor fixes:
1. Make sure the DNS timeout is set. Before this CL, it was
always 0. Not sure why. It does seem to be set to the default
value (12500) when actually running on device. We didn't
catch this because the only tests that use the timeout set it
explicitly.
2. Make runNetworkTest a bit more realistic: always send
NetworkCapabilities *before* calling notifyNetworkConnected.
This is what ConnectivityService does.
Bug: 122652057
Test: atest FrameworksNetTests NetworkStackTests
Test: atest --generate-new-metrics 50 NetworkStackTests:com.android.server.connectivity.NetworkMonitorTest
Change-Id: Ifd6694262501874f3261c864a049cb35c6afb9c8
Merged-In: Ifd6694262501874f3261c864a049cb35c6afb9c8
(cherry picked from commit 89909befd2)
"mNonPrivateDnsBypassNetwork" is not very easy to understand.
Bug: 122652057
Test: atest FrameworksNetTests NetworkStackTests
Change-Id: If5801c81c6ef222b46f631bd6570dcd0fea465bd
Test successful and failed validation, and updating the config.
In order to do this, add a FakeDns class so we can change DNS
responses dynamically while the test is running.
Also a couple of minor fixes:
1. Make sure the DNS timeout is set. Before this CL, it was
always 0. Not sure why. It does seem to be set to the default
value (12500) when actually running on device. We didn't
catch this because the only tests that use the timeout set it
explicitly.
2. Make runNetworkTest a bit more realistic: always send
NetworkCapabilities *before* calling notifyNetworkConnected.
This is what ConnectivityService does.
Bug: 122652057
Test: atest FrameworksNetTests NetworkStackTests
Test: atest --generate-new-metrics 50 NetworkStackTests:com.android.server.connectivity.NetworkMonitorTest
Change-Id: Ifd6694262501874f3261c864a049cb35c6afb9c8
Remove definition of TYPE_NATT and TYPE_TCP since the type
can be identified by checking message.obj is an instance of
NattKeepalivePacketData or TcpKeepalivePacketData.
It's more simple and won't have dependency on KeepaliveInfo.
Bug: 33530442
Test: atest FrameworksNetTests
atest NetworkStackTests
Change-Id: Ic97ffe9ff5781778efd264460809f5059f0f4230
