1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
|
/*
* Copyright (C) 2023 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.android.server.vcn.routeselection;
import static com.android.server.vcn.util.PersistableBundleUtils.PersistableBundleWrapper;
import android.annotation.NonNull;
import android.annotation.Nullable;
import android.content.BroadcastReceiver;
import android.content.Context;
import android.content.Intent;
import android.content.IntentFilter;
import android.net.ConnectivityManager;
import android.net.IpSecTransformState;
import android.net.Network;
import android.net.vcn.Flags;
import android.net.vcn.VcnManager;
import android.os.Handler;
import android.os.HandlerExecutor;
import android.os.OutcomeReceiver;
import android.os.PowerManager;
import com.android.internal.annotations.VisibleForTesting;
import com.android.internal.annotations.VisibleForTesting.Visibility;
import com.android.server.vcn.VcnContext;
import java.util.BitSet;
import java.util.Objects;
import java.util.concurrent.TimeUnit;
/**
* IpSecPacketLossDetector is responsible for continuously monitoring IPsec packet loss
*
* <p>When the packet loss rate surpass the threshold, IpSecPacketLossDetector will report it to the
* caller
*
* <p>IpSecPacketLossDetector will start monitoring when the network being monitored is selected AND
* an inbound IpSecTransform has been applied to this network.
*
* <p>This class is flag gated by "network_metric_monitor" and "ipsec_tramsform_state"
*/
public class IpSecPacketLossDetector extends NetworkMetricMonitor {
private static final String TAG = IpSecPacketLossDetector.class.getSimpleName();
@VisibleForTesting(visibility = Visibility.PRIVATE)
static final int PACKET_LOSS_UNAVALAIBLE = -1;
// For VoIP, losses between 5% and 10% of the total packet stream will affect the quality
// significantly (as per "Computer Networking for LANS to WANS: Hardware, Software and
// Security"). For audio and video streaming, above 10-12% packet loss is unacceptable (as per
// "ICTP-SDU: About PingER"). Thus choose 12% as a conservative default threshold to declare a
// validation failure.
private static final int IPSEC_PACKET_LOSS_PERCENT_THRESHOLD_DEFAULT = 12;
private static final int POLL_IPSEC_STATE_INTERVAL_SECONDS_DEFAULT = 20;
private long mPollIpSecStateIntervalMs;
private final int mPacketLossRatePercentThreshold;
@NonNull private final Handler mHandler;
@NonNull private final PowerManager mPowerManager;
@NonNull private final ConnectivityManager mConnectivityManager;
@NonNull private final Object mCancellationToken = new Object();
@NonNull private final PacketLossCalculator mPacketLossCalculator;
@Nullable private IpSecTransformWrapper mInboundTransform;
@Nullable private IpSecTransformState mLastIpSecTransformState;
@VisibleForTesting(visibility = Visibility.PRIVATE)
public IpSecPacketLossDetector(
@NonNull VcnContext vcnContext,
@NonNull Network network,
@Nullable PersistableBundleWrapper carrierConfig,
@NonNull NetworkMetricMonitorCallback callback,
@NonNull Dependencies deps)
throws IllegalAccessException {
super(vcnContext, network, carrierConfig, callback);
Objects.requireNonNull(deps, "Missing deps");
if (!vcnContext.isFlagIpSecTransformStateEnabled()) {
// Caller error
logWtf("ipsecTransformState flag disabled");
throw new IllegalAccessException("ipsecTransformState flag disabled");
}
mHandler = new Handler(getVcnContext().getLooper());
mPowerManager = getVcnContext().getContext().getSystemService(PowerManager.class);
mConnectivityManager =
getVcnContext().getContext().getSystemService(ConnectivityManager.class);
mPacketLossCalculator = deps.getPacketLossCalculator();
mPollIpSecStateIntervalMs = getPollIpSecStateIntervalMs(carrierConfig);
mPacketLossRatePercentThreshold = getPacketLossRatePercentThreshold(carrierConfig);
// Register for system broadcasts to monitor idle mode change
final IntentFilter intentFilter = new IntentFilter();
intentFilter.addAction(PowerManager.ACTION_DEVICE_IDLE_MODE_CHANGED);
getVcnContext()
.getContext()
.registerReceiver(
new BroadcastReceiver() {
@Override
public void onReceive(Context context, Intent intent) {
if (PowerManager.ACTION_DEVICE_IDLE_MODE_CHANGED.equals(
intent.getAction())
&& mPowerManager.isDeviceIdleMode()) {
mLastIpSecTransformState = null;
}
}
},
intentFilter,
null /* broadcastPermission not required */,
mHandler);
}
public IpSecPacketLossDetector(
@NonNull VcnContext vcnContext,
@NonNull Network network,
@Nullable PersistableBundleWrapper carrierConfig,
@NonNull NetworkMetricMonitorCallback callback)
throws IllegalAccessException {
this(vcnContext, network, carrierConfig, callback, new Dependencies());
}
@VisibleForTesting(visibility = Visibility.PRIVATE)
public static class Dependencies {
public PacketLossCalculator getPacketLossCalculator() {
return new PacketLossCalculator();
}
}
private static long getPollIpSecStateIntervalMs(
@Nullable PersistableBundleWrapper carrierConfig) {
final int seconds;
if (carrierConfig != null) {
seconds =
carrierConfig.getInt(
VcnManager.VCN_NETWORK_SELECTION_POLL_IPSEC_STATE_INTERVAL_SECONDS_KEY,
POLL_IPSEC_STATE_INTERVAL_SECONDS_DEFAULT);
} else {
seconds = POLL_IPSEC_STATE_INTERVAL_SECONDS_DEFAULT;
}
return TimeUnit.SECONDS.toMillis(seconds);
}
private static int getPacketLossRatePercentThreshold(
@Nullable PersistableBundleWrapper carrierConfig) {
if (carrierConfig != null) {
return carrierConfig.getInt(
VcnManager.VCN_NETWORK_SELECTION_IPSEC_PACKET_LOSS_PERCENT_THRESHOLD_KEY,
IPSEC_PACKET_LOSS_PERCENT_THRESHOLD_DEFAULT);
}
return IPSEC_PACKET_LOSS_PERCENT_THRESHOLD_DEFAULT;
}
@Override
protected void onSelectedUnderlyingNetworkChanged() {
if (!isSelectedUnderlyingNetwork()) {
mInboundTransform = null;
stop();
}
// No action when the underlying network got selected. Wait for the inbound transform to
// start the monitor
}
@Override
public void setInboundTransformInternal(@NonNull IpSecTransformWrapper inboundTransform) {
Objects.requireNonNull(inboundTransform, "inboundTransform is null");
if (Objects.equals(inboundTransform, mInboundTransform)) {
return;
}
if (!isSelectedUnderlyingNetwork()) {
logWtf("setInboundTransform called but network not selected");
return;
}
// When multiple parallel inbound transforms are created, NetworkMetricMonitor will be
// enabled on the last one as a sample
mInboundTransform = inboundTransform;
start();
}
@Override
public void setCarrierConfig(@Nullable PersistableBundleWrapper carrierConfig) {
// The already scheduled event will not be affected. The followup events will be scheduled
// with the new interval
mPollIpSecStateIntervalMs = getPollIpSecStateIntervalMs(carrierConfig);
}
@Override
public void onLinkPropertiesOrCapabilitiesChanged() {
if (!isStarted()) return;
reschedulePolling();
}
private void reschedulePolling() {
mHandler.removeCallbacksAndEqualMessages(mCancellationToken);
mHandler.postDelayed(new PollIpSecStateRunnable(), mCancellationToken, 0L);
}
@Override
protected void start() {
super.start();
clearTransformStateAndPollingEvents();
mHandler.postDelayed(new PollIpSecStateRunnable(), mCancellationToken, 0L);
}
@Override
public void stop() {
super.stop();
clearTransformStateAndPollingEvents();
}
private void clearTransformStateAndPollingEvents() {
mHandler.removeCallbacksAndEqualMessages(mCancellationToken);
mLastIpSecTransformState = null;
}
@Override
public void close() {
super.close();
if (mInboundTransform != null) {
mInboundTransform.close();
}
}
@VisibleForTesting(visibility = Visibility.PRIVATE)
@Nullable
public IpSecTransformState getLastTransformState() {
return mLastIpSecTransformState;
}
@VisibleForTesting(visibility = Visibility.PROTECTED)
@Nullable
public IpSecTransformWrapper getInboundTransformInternal() {
return mInboundTransform;
}
private class PollIpSecStateRunnable implements Runnable {
@Override
public void run() {
if (!isStarted()) {
logWtf("Monitor stopped but PollIpSecStateRunnable not removed from Handler");
return;
}
getInboundTransformInternal()
.requestIpSecTransformState(
new HandlerExecutor(mHandler), new IpSecTransformStateReceiver());
// Schedule for next poll
mHandler.postDelayed(
new PollIpSecStateRunnable(), mCancellationToken, mPollIpSecStateIntervalMs);
}
}
private class IpSecTransformStateReceiver
implements OutcomeReceiver<IpSecTransformState, RuntimeException> {
@Override
public void onResult(@NonNull IpSecTransformState state) {
getVcnContext().ensureRunningOnLooperThread();
if (!isStarted()) {
return;
}
onIpSecTransformStateReceived(state);
}
@Override
public void onError(@NonNull RuntimeException error) {
getVcnContext().ensureRunningOnLooperThread();
// Nothing we can do here
logW("TransformStateReceiver#onError " + error.toString());
}
}
private void onIpSecTransformStateReceived(@NonNull IpSecTransformState state) {
if (mLastIpSecTransformState == null) {
// This is first time to poll the state
mLastIpSecTransformState = state;
return;
}
final int packetLossRate =
mPacketLossCalculator.getPacketLossRatePercentage(
mLastIpSecTransformState, state, getLogPrefix());
if (packetLossRate == PACKET_LOSS_UNAVALAIBLE) {
return;
}
final String logMsg =
"packetLossRate: "
+ packetLossRate
+ "% in the past "
+ (state.getTimestampMillis()
- mLastIpSecTransformState.getTimestampMillis())
+ "ms";
mLastIpSecTransformState = state;
if (packetLossRate < mPacketLossRatePercentThreshold) {
logV(logMsg);
onValidationResultReceivedInternal(false /* isFailed */);
} else {
logInfo(logMsg);
onValidationResultReceivedInternal(true /* isFailed */);
if (Flags.validateNetworkOnIpsecLoss()) {
// Trigger re-validation of the underlying network; if it fails, the VCN will
// attempt to migrate away.
mConnectivityManager.reportNetworkConnectivity(
getNetwork(), false /* hasConnectivity */);
}
}
}
@VisibleForTesting(visibility = Visibility.PRIVATE)
public static class PacketLossCalculator {
/** Calculate the packet loss rate between two timestamps */
public int getPacketLossRatePercentage(
@NonNull IpSecTransformState oldState,
@NonNull IpSecTransformState newState,
String logPrefix) {
logVIpSecTransform("oldState", oldState, logPrefix);
logVIpSecTransform("newState", newState, logPrefix);
final int replayWindowSize = oldState.getReplayBitmap().length * 8;
final long oldSeqHi = oldState.getRxHighestSequenceNumber();
final long oldSeqLow = Math.max(0L, oldSeqHi - replayWindowSize + 1);
final long newSeqHi = newState.getRxHighestSequenceNumber();
final long newSeqLow = Math.max(0L, newSeqHi - replayWindowSize + 1);
if (oldSeqHi == newSeqHi || newSeqHi < replayWindowSize) {
// The replay window did not proceed and all packets might have been delivered out
// of order
return PACKET_LOSS_UNAVALAIBLE;
}
// Get the expected packet count by assuming there is no packet loss. In this case, SA
// should receive all packets whose sequence numbers are smaller than the lower bound of
// the replay window AND the packets received within the window.
// When the lower bound is 0, it's not possible to tell whether packet with seqNo 0 is
// received or not. For simplicity just assume that packet is received.
final long newExpectedPktCnt = newSeqLow + getPacketCntInReplayWindow(newState);
final long oldExpectedPktCnt = oldSeqLow + getPacketCntInReplayWindow(oldState);
final long expectedPktCntDiff = newExpectedPktCnt - oldExpectedPktCnt;
final long actualPktCntDiff = newState.getPacketCount() - oldState.getPacketCount();
logV(
TAG,
logPrefix
+ " expectedPktCntDiff: "
+ expectedPktCntDiff
+ " actualPktCntDiff: "
+ actualPktCntDiff);
if (expectedPktCntDiff < 0
|| expectedPktCntDiff == 0
|| actualPktCntDiff < 0
|| actualPktCntDiff > expectedPktCntDiff) {
logWtf(TAG, "Impossible values for expectedPktCntDiff or" + " actualPktCntDiff");
return PACKET_LOSS_UNAVALAIBLE;
}
return 100 - (int) (actualPktCntDiff * 100 / expectedPktCntDiff);
}
}
private static void logVIpSecTransform(
String transformTag, IpSecTransformState state, String logPrefix) {
final String stateString =
" seqNo: "
+ state.getRxHighestSequenceNumber()
+ " | pktCnt: "
+ state.getPacketCount()
+ " | pktCntInWindow: "
+ getPacketCntInReplayWindow(state);
logV(TAG, logPrefix + " " + transformTag + stateString);
}
/** Get the number of received packets within the replay window */
private static long getPacketCntInReplayWindow(@NonNull IpSecTransformState state) {
return BitSet.valueOf(state.getReplayBitmap()).cardinality();
}
}
|
