Age | Commit message (Collapse) | Author |
|
Enable conntrack helper for active FTP connections when
tethering is started.
Bug:69265432
CRs-fixed:2136660
Test: as follows
- Boot device - Pass
- Start tethering - Pass
- Start active FTP on tethered host (USB) - Pass
- Download file over FTP - Pass
- make -j64 netd_unit_test
adb shell /data/nativetest64/netd_unit_test/netd_unit_test - Pass
Change-Id: I5c812afe9602e80ea1c42d0cafba40fe6019a995
|
|
|
|
Convert from allowing logging of the XFRM
Netlink messages in all debuggable builds
to only logging them in engineering builds.
Bug: 109715719
Test: tested eng and userdebug with
netd_integration_test and checked logs.
Change-Id: Ic81e9737f4e0744faccb3aa1f132d64301aef5b0
Merged-In: Ic81e9737f4e0744faccb3aa1f132d64301aef5b0
|
|
Normally when an IP address is removed, all sockets associated with the
addresses are destroyed. This patchset changes this behavior such that
if the address in question is still being used by another interface that
belongs to the same underlying virtual network, the destroy operation is
skipped. This change is needed to support VPN seamless handover where the
VPN app will establish a second TUN interface (with different config)
before tearing down the existing interface. The intention is that during
this handover existing socket connections should not be disturbed. There
is a companion change in the framework side to make sure during such
handover, the VPN netId remains unchanged so routing still works.
Bug: 64692591
Test: cts-tradefed run commandAndExit cts-dev -m CtsHostsideNetworkTests -t com.android.cts.net.HostsideVpnTests
Test: system/netd/tests/runtests.sh
Change-Id: I02c6b0db5f15cd1aef3e3fa6f0c36e86b4f427fd
|
|
Generally, it is not safe to set the explicit bit on DNS queries
due to the presence of (split tunnel) VPNs. However, the vast
majority of DNS queries occur without a VPN, and in these cases
it is safe to set the explicit bit.
Setting the explicit bit on DNS queries allows us to use upstream
DNS servers even in the case that we have a route to them in the
local_network table. This is the case, for example, when
tethering an Android device to a hotspot created by another
Android device.
Bug: 70673901
Test: marlin builds, boots
Test: netd_{unit,integration}_test pass
Merged-In: Id44af164b86ccd15d43313cf3f56b301fb402de2
Merged-In: Icae675067c670548b2ffe7ca8a00ae656fa68c8f
Change-Id: Ic24e3df9ca47b54256f012aee0facfcd410ce541
(cherry picked from commit 95f1bcb0034ef9394d1ab0095177ed75ae7c7202)
|
|
|
|
* changes:
Use a separate map to store per app stats
refactor bpf maps into class
|
|
|
|
To avoid iterating through the eBPF map to get the total stats of a
specific uid. A new bpf map called appUidStatsMap is added to the
trafficController so that TrafficStats API can directly read that map
for per uid total stats regardless of tag, counterSet and iface
information. This could make this call more efficient and solve the
possible racing problem.
Bug: 79171384
Test: netd_unit_test, libbpf_test, netd_integration_test
Change-Id: I47a4ac3466caa729c5730a498a2de226303d6b77
Merged-In: I47a4ac3466caa729c5730a498a2de226303d6b77
(cherry picked from aosp commit bc4a15f91f97fbfcbfdc9dc19d73226f380bc977)
|
|
Use a class object to wrap up the bpf map file descriptor and provide
some base function to look up, write and delete the map content. The map
class also have a nested iterator class to iterate over the map and two
helper function to simplify the iterating process. Removed the
mDeleteStatsMutex since it cannot prevent framework side to read the
stats while we are deleting the stats and all the other netd operation
on the stats related map doesn't need to iterate through the map anyway.
Bug: 78250686
Test: netd_unit_test libbpf_test
Change-Id: I358ba65f7022fd03f8ca573550055734052b6fd2
Merged-In: I358ba65f7022fd03f8ca573550055734052b6fd2
(cherry picked from aosp commit 4f6c237759e8bdc3ace937ad0eaaf9be893702da)
|
|
With the newest kernel support from upstream. We can directly get the
first key of each map with a null pointer instead of using a nonexistent
key for each map. This patch replaced all related iteration process with
this new function and cleaned up all unecessary code.
Bug: 30950746
Test: ./libbpfTest ./netd_unit_test
Change-Id: Ie1fd617964d37d2a1c12b2f34457c1cc1d912571
Merged-In: Ie1fd617964d37d2a1c12b2f34457c1cc1d912571
(cherry picked from aosp commit c3bfd3eeb7f9b3f42078f018603c161092c5d4e7)
|
|
Test: make vts; vts tradefed > run cts-on-gsi
Bug: 77680167
Change-Id: Ia928aecf60ce9cf82493147528870959ad5aadf3
|
|
|
|
Change-Id: Ib6ef5867c5b8190c49194233d890056afbd48b09
Test: system/netd/tests/runtests.sh
Bug: 79838856
|
|
|
|
Test: system/netd/tests/runtests.sh
Test: run netdutils_test on marlin:
[----------] 3 tests from OperationLimiter
[ RUN ] OperationLimiter.limits
[ OK ] OperationLimiter.limits (0 ms)
[ RUN ] OperationLimiter.finishWithoutStart
[ OK ] OperationLimiter.finishWithoutStart (3 ms)
[ RUN ] OperationLimiter.destroyWithActiveOperations
[ OK ] OperationLimiter.destroyWithActiveOperations (1 ms)
[----------] 3 tests from OperationLimiter (6 ms total)
Bug: 79674503
Change-Id: I5f11f0ed6b6f2479921d90a919d17dfd7b7f5788
Merged-In: I5f11f0ed6b6f2479921d90a919d17dfd7b7f5788
|
|
Use bpf module type to compile bpf_kern.c into bpf_kern.o at build
time.
Bug: 72981744
Test: m
Change-Id: I2d5018541f31ef328e8c78fe2fc90b2d34d69511
Merged-In: I2d5018541f31ef328e8c78fe2fc90b2d34d69511
(cherry picked from commit 883a24655723f237029297ec527c1ef4da4f232b)
|
|
* changes:
Exempt Unsupported Devs from XfrmControllerInit
Fix Errno Sign For XfrmController
|
|
|
|
The api check will ensure the device is running 4.9 or above kernel and
is shipped originally with P release. Also add some test to make sure
eligible devices always have eBPF turned on.
Test: ./netd_integration_test
Bug: 79408692
Change-Id: Ief56a95aab892c92276a5b4ac74b03f9f32f5b54
Merged-In: Ief56a95aab892c92276a5b4ac74b03f9f32f5b54
(cherry picked from aosp commit 837ddfcbd7a72a7f74f7281024a4e9a86ed05a02)
|
|
For devices that do not support IPsec, or for those
devices which run a 64-bit kernel with 32-bit
userspace, IPsec features cannot be enabled. As other
tests ensure that for devices which support IPsec,
the feature is enabled in the kernel, allow them to
pass VTS tests without assuming they support IPsec.
Bug: 62778032
Test: TestXfrmControllerInit on AOSP/master - marlin
Change-Id: I18fad95646e2a9d7632ca13480d7d0ce13dafaa2
|
|
XfrmController functions and status all use
positive errno values; however in the instances
where -errno is returned, namely for calls to
sendNetlinkRequest(), the sign is incorrect,
which leads to errors not being properly processed.
Bug: 62778032
Test: TestXfrmControllerInit on AOSP/master - marlin
Change-Id: Ie5ac8f032af0021e1dc22b523dec801d9c62bf41
|
|
|
|
|
|
Test: as follows
- built
- flashed
- booted
- bpfloader builds
- system/net/tests/runtests.sh passes
- adb shell dumpsys netd trafficcontroller shows happy BPF
Bug: 78250686
Change-Id: Id1b9246bfa192683abbde466d28639cbe6f94483
|
|
Add a simple, if verbose, BackoffSequence class to encapsulate some
RFC 3315 section 14 style mechanics.
Test: as follows
- built
- flashed
- booted
- system/netd/tests/runtests.sh pass
- make netdutils_test && \
adb push .../data/nativetest64/netdutils_test/netdutils_test /data/nativetest64/netdutils_test && \
adb shell /data/nativetest64/netdutils_test passes
Bug: 64133961
Bug: 72344805
Merged-In: I8fa3dbe7686c52719aae7d6959dd36a30ae09549
Merged-In: I4fd4f39415418f029b596577aa1ec3320f4f4b8a
Change-Id: Ib15a9454e17529a735bca4d9a0e96de8baae84c3
(cherry picked from commit d739c21f0a6c7e5c5df7fed98d3d655d6a206418)
|
|
Declare the ipsec tunnel interface prefix
as a constant in the NETD AIDL. This allows
the constant to be, well, constant between
the Java and native sides of the binder. Since
it is shared information, this provides an
added level of safety.
Note, this is being done as a follow-up to a
CL which created this cross-process dependency
on the name.
Bug: 74560705
Test: atest netd_integration_test;
atest FrameworksNetTest
Change-Id: Ibc66b014692a978ebfcc7856dcc26524618668a8
|
|
It seems that pi-dev and AOSP compile flags might be different, as
no -Wsign-compare failures happened on AOSP.
Switching from for (int i = 0; ...) style to for (; !slice.empty(); ...)
in several places also provides a better example of how to use Slice.
Test: netdutils_test passes
Bug: 78250686
Change-Id: Ic41d3e77810e41f7ae8573ea1cadbdf4808fa461
|
|
A class to encapsulate self-deleting byte arrays while preserving access
to the underlying length (without the length being part of the type, e.g.
std::array<>). By design, the only interface to the underlying bytes is
via Slice, to encourage safer memory access usage.
Test: as follows
- built
- flashed
- booted
- make -j 128 netdutils_test && \
adb push out/target/product/<foo>/data/nativetest64/netdutils_test/netdutils_test /data/nativetest64/netdutils_test && \
adb shell /data/nativetest64/netdutils_test
passes
Bug: 78250686
Merged-In: I720b99888c4df560671327d118ea573653165b3d
Merged-In: Ibe47aeed269683f5f8997533768a341c6b94c502
Change-Id: Id3f3a2c8af7ae443ecb4d67bf0326b031626f53b
(cherry picked from aosp commit a41902ff875e06616886c5a8ed522d61f4db615a)
|
|
|
|
|
|
|
|
Change permission check from PERMISSION_SYSTEM to
NETWORK_BYPASS_PRIVATE_DNS or CONNECTIVITY_USE_RESTRICTED_NETWORKS.
Bug: b/78494660
Test: manual: captive portal login & MMS sending works
(cherry-picked from aosp I3f3b4d35eb1bd0a3c8f567055ba481dbb2ad3df7)
Merged-In: I32b6c91eeef55ce694f99018bc7ea4af352d28cc
Merged-In: Ice21316ff06261bf957d6eb720d49633eaf00486
Change-Id: Ib9bcf618bb674da6837408b3e7e5f885ffcda5c7
|
|
|
|
|
|
In the configuration of firewall controller and bandwidth controller, we
count inbound packets even if we later drop them, but we count outbound
packets only if we don't drop them. The eBPF program should be
consistent with that configuration. Also, we should always use the
socket uid to do the owner match.
Bug: 77990419
Bug: 30950746
Test: bpf program load when device boot
Change-Id: If5a6ca21fb76001d28190c5996a14391cbfff0a2
Merged-In: If5a6ca21fb76001d28190c5996a14391cbfff0a2
(cherry picked from aosp commit ec17ee7181ee2cc945b77f19fc8de14a745a8993)
|
|
The networkStatsFactory need to parse the detail traffic stats of each
interface instead of the total number. This change added a helper
function to return a vector of stats_line contain stats for each iface.
Bug: 72111305
Test: ./libbpf_test
Change-Id: I9a9cda7ab90cf533c2f2cc81b37b4d520d442ce2
Merged-In: I9a9cda7ab90cf533c2f2cc81b37b4d520d442ce2
(cherry picked from aosp commit f4b812d9dc603d329217becb9e5568b8159b49b3)
|
|
Multiple bpf program can be stored the same binary and we can extract
them one by one according to their function name elf header at run time.
Store them in one file can reduce the load time by only open one binary
file once. Rewrite the elf parser with Slice support.
Test: phone boot and eBPF program is loaded and pinned.
Bug: 78132446
Change-Id: I96dba91a69654fcac2c022100e954d8b0c4e0718
Merged-In: I96dba91a69654fcac2c022100e954d8b0c4e0718
(cherry picked from aosp commit dbbc000ae4e450b4b4ac9d545d0d1c3995949f89)
|
|
The xt_qtaguid module removes per uid stats when an app get uninstalled.
So eBPF map should not store the uninstalled stats either. This change
help fix the unknown iface problem as well.
Bug: 77987430
Test: android.app.usage.cts.NetworkUsageStatsTest
Change-Id: Ieb08833ecc35f76d27769042f197d889470faf7f
Merged-In: Ieb08833ecc35f76d27769042f197d889470faf7f
(cherry picked from aosp commit ef1cab3a984a21e807d3a28987e6d5793b04a039)
|
|
-Use a cleaner string comparison
-Add a check to the unit test
Bug: 74560705
Test: atest netd_integration_test
Change-Id: Ia1fe2b7691a904696baefb186a7233a681412263
|
|
* changes:
Add Functions to flush SADB, Policy DB, and Ifaces
Factor getIfaceNames() from getIfaceList()
Restart main when netd restarts
|
|
-Add ipSecFlushState() which flushes the kernel's
SA DB and Policy DB.
-Add ipSecFlushInterfaces() which seeks and removes
any interfaces that have the prefix 'ipsec'
-Automatically call these functions when netd restarts
-Make XfrmController's methods static
-Add integration tests to verify flushing of policy
states, and interfaces
-Convert XfrmController functions to static for easier
test-ability
Bug: 74560705
Test: runtest ...netd_integration_test.cpp
Change-Id: Id60e7c29ff9aeee7f5ccd505b86c94cce858745f
|
|
getIfaceList first walks the list of interfaces
from the sysfs, then it calls individually for
each of those interfaces to get the ifindex for
them. Because each of the calls to retrieve the
ifindex means a netlink call, this could possibly
cause performance problems (unconfirmed) on the
netlink interface. Since the names are independently
useful and are quick to fetch, this function is
now factored in to 2 parts: one which fetches the
names and a separate function which performs the
original operation of fetching the names and mapping
them to if_indices.
Bug: 74560705
Test: netd_integration_test - GetIfaceListTest
Change-Id: I1f888c31e992c8f7d51f3c67434ffef6d75b065d
|
|
Because netd crashes very rarely, and because it
maintains some state along with the system server,
and because upon restart netd starts first, vendors
who listen to netd restarts may begin recovery
procedures prior to the system server restarting if
it crashes, we need to ensure that if netd crashes
and restarts, the system server also restarts. This
means that now regardless of which goes down, the
restart is always the same (rather than asymmetrical
as it was before).
Bug: 74560705
Test: manual (crashed system server, crashed netd)
Change-Id: I27ecdc59a92f1fa0703e372e987e80482ad6f7f3
|
|
For new devices that is using bpf for socket tagging/untagging, it is
no longer necessary to keep a reference of tagged socket stats in
xt_qtaguid module as well since the API for these detail per socket
stats is ready and apps should not read the proc file for it.
Test: run vts -m vtsKernelQtaguidTest
Bug: 30950746
Merged-In: Ibbd060dca023c7a5d5a1eb955242aabda1014fd0
Change-Id: Ibbd060dca023c7a5d5a1eb955242aabda1014fd0
(cherry picked from aosp commit bc6d470fb89fcabdeac97bd9cc71e7a437cf0212)
|
|
The bpfloader loaded the cgroup bpf program in wrong place and caused
the per uid/tag stats stored in the wrong place. This patch fixed the
program loading problem and also refactored the kernel program to make
all stats record function use the same implementation. Cleaned up the
bpf instruction set that is no longer used.
Test: the per uid stats sum up is consistent with per iface stats
Bug: 30950746
Merged-In: I92c0511855f224ef98c7d75a01c99c432796d3bf
Change-Id: I92c0511855f224ef98c7d75a01c99c432796d3bf
(cherry picked from aosp commit a8317b4a79dae0f723166793516f6a043f3ba0ee)
|
|
Add a dumpsys helper function in trafficController to dump out the
information of the trafficController that is running on device. If
trafficController is running bpf programs, dump out all the program
location status and all the map content to dumpsys.
Test: dumpsys netd should trafficController information.
bug: 74411823
Merged-In: Ica83c11b6d1debb59f9c3a703d5b5cfc264844c4
Change-Id: Ica83c11b6d1debb59f9c3a703d5b5cfc264844c4
(cherry picked from aosp commit ef297179bb1611b011d6e0f55e5cb7366a76824a)
|
|
Add bpf maps for recording rules about socket owner uid filtering.
Modified the bpf program so that packets with uid listed in the
the uidOwnerMap will get handled according to userspace settings
Test: bpf program can be loaded and attached when boot
Bug: 72381727 30950746
Merged-In: I39497334fcb5e200dbf07a0046b85c227d59e2d7
Change-Id: I39497334fcb5e200dbf07a0046b85c227d59e2d7
(cherry picked from aosp commit 89c12f13e3fb31f1a46f3ea5aeef331b0c9eda45)
|
|
|
|
|