Current upstream selection code suffers from a race where if the
CONNECTIVITY_ACTION broadcast for a given network switch is
received and processed before the NetworkCallbacks for that
network switch, upstream selection just re-selects the same
upstream it had before. The incorrect upstream persists until
another CONNECTIVITY_ACTION is received.
Fix this by defining a new EVENT_DEFAULT_SWITCHED message code
communicated from UpstreamNetworkMonitor to Tethering, and send
that whenever the default network switches.
The message is sent in onLinkPropertiesChanged, because the
tethering code stores all information about networks in an
UpstreamNetworkState structure that contains Network,
LinkProperties and NetworkCapabilities. When a network switch
occurs, onLinkPropertiesChanged always follows onAvailable and
onCapabilitiesChanged, and thus marks the first point in time
when all the information is available.
This CL tries not to change existing codepaths too much, but
it does move the update of mDefaultInternetNetwork from
onCapabilitiesChanged to onLinkPropertiesChanged. This should
not be a problem because the only thing that reads
mDefaultInternetNetwork is getCurrentPreferredUpstream, which,
in the case of a default network switch, will be run by the
onLinkPropertiesChanged which will immediately follow.
Bug: 173068192
Test: changes to existing unit tests show bug is fixed
Change-Id: Ic9196bc92892811b25bda463ffd839ee5c19d294
This is needed for forwarding to work, so it should be dumped.
New output:
Forwarding rules:
29(29) -> 14(rmnet2) 86dd 00:00:00:00:00:00 00:00:00:00:00:00
[ap_br_wlan2]: iif(iface) oif(iface) v6addr srcmac dstmac
14(rmnet2) 29(ap_br_wlan2) 2001:240:2423:13fa:3c21:e35a:6a59:ff8a da:17:fd:70:3d:14 26:5b:b2:ee:bc:ba
IPv4: [inDstMac] iif(iface) src -> nat -> dst
[da:17:fd:70:3d:14] 29(29) 192.168.222.151:39208 -> 14(rmnet2) 100.102.14.231:39208 -> 172.217.175.3:80
[da:17:fd:70:3d:14] 29(29) 192.168.222.151:47386 -> 14(rmnet2) 100.102.14.231:47386 -> 216.58.197.196:443
Also add a call to getHostAddress() to remove the / on IPv6
forwarding rules.
Test: manual
Change-Id: I347ea5a3fd88c51f1fae0c76c75dfa30c68a55ad
Add a unit test to verify that BPF coordinator access downstream4
and upstream4 map while the conntrack event was received.
Verify shim API for IPv4:
- tetherOffloadRuleAdd
- tetherOffloadRuleRemove
- tetherOffloadGetAndClearStats
- tetherOffloadSetInterfaceQuota
- isAnyIpv4RuleOnUpstream
Test: atest TetheringCoverageTests
Change-Id: Ia57f07990d8750fd6ff67d7f4a18aa610336024a
Required because XDP offload needs input interface mac address
to be a part of the key. The mac address is used for checking
packets which are received from exceped input interface.
Test: atest TetheringCoverageTests, TetheringPrivilegedTests
Change-Id: Ied159454b516c0d70efe0a85744d1bb606892f2d
Currently, BpfCoordinator only sets the data limit on a given
upstream whenever the first IPv6 rule is created on that
upstream, and clears it whenever the last rule is deleted on that
upstream. It never does this when adding or removing IPv4 rules.
This makes it impossible to offload traffic on IPv4-only
networks.
Fix this by setting the limit when IPv4 rules are created or
deleted as well.
Test: atest TetheringCoverageTests
Manual tests as the follows
Test {add, clear} limit with IPv6-only network [OK]
Test {add} limit with IPv4-only upstream [OK]
TODO:
Test {clear} limit with IPv4-only network. blocked by aosp/1579873
because the IPv4 rules have never deleted.
Change-Id: I5a29bdd18e564318759f617023163e23fb5a3ed0
Currently, Tethering files NetworkRequests even when
config_tether_upstream_automatic is enabled. This is incorrect:
when the automatic upstream selection is enabled, the tethering
upstream should always follow the default network and there is
no need to file any requests.
These requests are harmful when tethering is not using cellular
as its upstream, because:
- If the device does not use mobile data always on, the request
causes the cellular network to be brought up, causing power
draw.
- Even if the device does use mobile data always on, the request
causes the cellular network to come to the foreground, which
allows all apps to access it, causing potential data usage.
Amend the existing testGetCurrentPreferredUpstream to cover these
changes, by making that test case always set automatic upstream
mode. This does not result in any loss of meaningful test
coverage, because getCurrentPreferredUpstream is only ever called
when chooseUpstreamAutomatically is enabled.
Bug: 173068192
Test: atest TetheringTests
Change-Id: I068a5338699a3ed04f24f97f785ea89ff5890e50
UpstreamNetworkMonitor is the part of tethering that files
NetworkRequests for upstream netwoks, but it currently does not
know all the requirements for upstream selection. For example, it
does not know whether automatic upstream selection is in use.
This forces the upstream selection code to be split between
UpstreamNetworkMonitor and Tethering. This makes it difficult to
follow.
This CL ensures that all information about upstream requirements
(DUN required, automatic upstream selection, tryCell) is passed
to UpstreamNetworkMonitor so it can be aware of it.
This CL also removes the ability for UpstreamNetworkMonitor's
callers to call registerMobileNetworkRequest or
releaseMobileNetworkRequest. In a future CL, this will be
automatically done by UpstreamNetworkMonitor depending on the
upstream requirements.
This CL is a no-op refactoring with no behaviour changes.
Bug: 173068192
Test: atest TetheringTests
Change-Id: I174f765c616e0dbe2aa493c12613e6131cff0666
TrafficStatsConstants.TAG_SYSTEM_NEIGHBOR is moved to
NetworkStackConstants so update the import class name for it.
Bug: 182349970
Test: FrameworksNetTests
NetworkStackTests
TetheringTests
Change-Id: I8fcd2772ed873d318233d3029184e4352245d4cd
Merged-In: I8fcd2772ed873d318233d3029184e4352245d4cd
Starting conntrack event monitor on R devices is unnecessary because
no code uses them.
Bug: 177884581
Test: atest TetheringCoverageTests
Change-Id: I036cb8e29b32a4e220da9a52849b978a6ab821e4
Opening the maps on R devices is unnecessary (because no code
uses them) and unsafe (because the maps might actually be in a
different format than expected by the module).
Always return null when opening the maps, so the code will safely
fall back to using netd for anything.
This only affects dump(). The production code never opens the
maps except via the shim, and only the S shim opens the maps.
Also check isAtLeastS in dumpCounters, because it opens the map
directly.
Bug: 177884581
Test: builds, boots, "dumpsys tethering" shows expected output
Change-Id: I5884490a5cc40fc529a12100ae5baaeae6a18f30
Migrate Maze's BPF program attaching and detaching functions from
system/netd/server/OffloadUtils.{c, h} to tethering module.
Test: atest TetheringCoverageTests
Test case #1:
Enable WiFi hotspot and check tc filters are added or removed on both
wlan1 and rmnet_data#.
$ adb shell tc filter show dev wlan1 ingress
filter protocol ipv6 pref 1 bpf chain 0
filter protocol ipv6 pref 1 bpf chain 0 handle 0x1
prog_offload_schedcls_tether_upstream6_ether:[*fsobj] direct-action
not_in_hw id 2 tag 7cf020cc09a7c982
filter protocol ip pref 2 bpf chain 0
filter protocol ip pref 2 bpf chain 0 handle 0x1
prog_offload_schedcls_tether_upstream4_ether:[*fsobj] direct-action
not_in_hw id 7 tag 2f87d55b636c082c
$ adb shell tc filter show dev rmnet_data2 ingress;
filter protocol ipv6 pref 1 bpf chain 0
filter protocol ipv6 pref 1 bpf chain 0 handle 0x1
prog_offload_schedcls_tether_downstream6_rawip:[*fsobj] direct-action
not_in_hw id 3 tag 8b3885b75bd261de
filter protocol ip pref 2 bpf chain 0
filter protocol ip pref 2 bpf chain 0 handle 0x1
prog_offload_schedcls_tether_downstream4_rawip:[*fsobj] direct-action
not_in_hw id 6 tag b1c9478c91f8df9a
Test case #2:
Enable USB tethering and check tc filters are added or removed on both
rndis0 and rmnet_data#.
Test case #3:
Enable WiFi and USB tethering and check tc filter are added or removed
on rndis0, wlan1 and rmnet_data#.
Change-Id: I3f9a65043271bc8f5bf1b82ae505c471625ca9de
A caller can mostly already do this via forEach(), but having a
specific method is faster (since the code does not need to read
the value) and easier to use.
The semantics of this method (e.g., ignore ENOENT while deleting
a key, but throw on any other error) match those of the native
BpfMap::clear method.
Test: new unit tests
Change-Id: I5cd32efd0f87c823cd2d0a2fa3a95a83093fb6f9
The flag allows overriding the value of config_tether_upstream_automatic
on released R devices, as issues have been found on devices where an
overlay was used to set it to false.
The flag is only usable on R devices, as S devices can either not set
the setting to false, or fix the underlying issues.
Bug: 173068192
Test: atest TetheringCoverageTests
Change-Id: Id99638916e08e596fab21cedd7bfe39906ce2fe5
The tethering module uses JNI in various classes, but only calls
System.loadLibrary in TetheringService#makeTethering. This means
that:
1. Any test that uses a class that uses JNI must load the
library itself.
2. Any code that runs before TetheringService#makeTethering could
potentially crash if it uses JNI. We may never have such code
though.
Instead, make every class that has a native method load the JNI
library itself at static initialization time. This guarantees
that the class will have the JNI code available in any context
(production, test, etc.)
System.loadLibrary is documented not to do anything if called
more than once with the same library name:
https://docs.oracle.com/javase/7/docs/api/java/lang/Runtime.html#loadLibrary(java.lang.String)
and the implementation has a lock so it is safe to call from
multiple threads concurrently.
Test: builds, boots, tethering starts
Test: atest TetheringCoverageTests
Change-Id: I9c0147ae9a28877f416aaff387b426d304ae552d
This CL adds the counters collected by the tethering programs to
the output of "dumpsys tethering bpf". The counter names are
fetched by JNI code at startup and then read by the debugging
code on demand.
Example from my device:
Forwarding errors:
TCP_CONTROL_PACKET: 67
NON_GLOBAL_SRC: 13
NON_GLOBAL_DST: 17
LOCAL_SRC_DST: 7
Test: manual (debug-only code)
Change-Id: I7ec7992612556a4bca5f1b6bb52c655d6d870201
Currently, the dump methods open BpfMap objects and never close
them. This leaks filedescriptors, and if dump is called often
enough, will crash the networkstack process.
Fix this by using try-with-resources statements that
automatically close the map when exiting the try block.
Change the signature of BpfMap#close from "throws Exception" to
"throws ErrnoException" since it does not throw any other type
of checked exceptions.
Test: "lsof | grep network_st" while running "dumpsys tethering bpf" in a loop
Change-Id: I66c407454c2715bf41bf3a2e81bd582f9ea5a905
Add code to BpfCoordinator to dump upstream IPv4 and IPv6 rules.
For IPv4, currently only the upstream map is printed, because the
downstream map is expected to be symmetrical.
Example output:
=============
21(21) -> 12(rmnet_data2) 86dd 00:00:00:00:00:00 00:00:00:00:00:00
[wlan1]: iif(iface) oif(iface) v6addr srcmac dstmac
12(rmnet_data2) 21(wlan1) /2001:240:2425:b5dc:21a9:995d:bc57:bc37 b2:b5:e0:24:21:c2 ca:06:8d:54:99:ad
[IPv4]: iif(iface) oif(iface) src nat dst
21(21) 12(rmnet_data2) 192.168.16.247:41544 -> 100.101.80.108:41544 -> 216.239.36.135:443
21(21) 12(rmnet_data2) 192.168.16.247:42028 -> 100.101.80.108:42028 -> 8.8.4.4:853
21(21) 12(rmnet_data2) 192.168.16.247:42032 -> 100.101.80.108:42032 -> 8.8.4.4:853
21(21) 12(rmnet_data2) 192.168.16.247:42042 -> 100.101.80.108:42042 -> 8.8.4.4:853
21(21) 12(rmnet_data2) 192.168.16.247:41816 -> 100.101.80.108:41816 -> 8.8.8.8:853
21(21) 12(rmnet_data2) 192.168.16.247:42040 -> 100.101.80.108:42040 -> 8.8.4.4:853
=============
Also make it possible to do "dumpsys tethering bpf" and get only
the BPF dump.
Test: manual
Change-Id: I2aaa2fdda7d724994090c26feff585f24cd3283b
- Add methods to start and stop IPv6 forwarding upstream
- Populate the upstream IPv6 map when the first rule for any
upstream/downstream pair is created.
- Clear the upstream IPv6 map when the last rule for any
upstream/downstream pair is deleted.
Test: Added coverage to IpServerTest and BpfCoordinatorTest
Change-Id: Ib041081e95f5f449489ab63138de034222ffac8f
The two value types are identical so there is no need to have
separate classes for them.
Test: atest TetheringTests
Change-Id: Ia622b082d0a44373d21f51222f5e675e5bde08e0
These are read-only intents and should not be mutated by any
app receiving them.
Bug: 178324405
Bug: 178249531
Test: atest TetheringTests TetheringCoverageTests GtsTetheringTestCases
Change-Id: I5395e7c19e6453640ad790f2b9a9ba22bbcefa88
Access the IPv4 downstream and upstream BPF map with the built rules.
Test: atest TetheringCoverageTests
Change-Id: I8cd6e49b377c72250988019eea57f93cccd78309
Build the upstream and upstream rules when the conntrack event is
received.
Test: atest TetheringCoverageTests
Change-Id: Ibb52c7b75812bd586091d809e260bc9206c06262
Add upstream interface index and its IPv4 address mapping
Required for building IPv4 forwarding rule when a conntrack event is
received.
Test: atest TetheringCoverageTests
Change-Id: I73f304777704f09481b80d18751e0bab5bab2edc
Add and remove downstream client information to BpfCoordinator
Required for building IPv4 forwarding rule when a conntrack event is
received. The IpServer provides the following elements of a rule which
is not included in conntrack event:
- Downstream interface index
- Downstream Mac address
- Client IP address to Client Mac address
Test: atest TetheringCoverageTests
Change-Id: I84db13acc047ace5730d17f0d3dd99544f516084
A preparation for starting monitoring conntrack event which is required
by IPv4 tethering offload.
Test: atest TetheringCoverageTests
Change-Id: Ied46aeca193554f52a90889dfdf92827e94845d6
