- Add New class PrivateAddressCoordinator to coordinate the private
address conflict problem.
- Downstream prefix would be random in 192.168.0.0/24 ~
192.168.255.0/24.
- If new upstream prefix is conflict with existing downstream prefix,
downstream would be kicked out and it would request a new one.
- The last conflict upstream prefixes would be blacklist. Avoid to
select downstream prefix which is conflict with prefixes in blacklist.
Bug: 130879722
Test: -build, flash, boot
-atest TetheringTests
Merged-In: Ib45b87bcd9eeb5da03fb7ec90b1af9ca53998cf5
Change-Id: Ib45b87bcd9eeb5da03fb7ec90b1af9ca53998cf5
This effectively reverts:
commit da0fb1bca8
Author: Maciej Żenczykowski <maze@google.com>
Date: Wed Feb 19 01:24:39 2020 -0800
Reduce advertised ipv6 mtu by 16 to fit ethernet header
This is a temporary hack to workaround the inability of current
kernel's ebpf bpf_skb_change_mode() function to prefix a 14-byte
ethernet header on to a packet without going over the upstream
(source, rawip) interface's mtu *before* we bpf_redirect() to
the downstream (destination, ethernet) interface.
Test: build, atest, atest TetheringTests
Bug: 149816401
Test: flashed a flame with new kernel and it works at 1500 mtu
Bug: 149816401
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I76a75a16fa27b47d78816b2f9379ef4bb68beb00
This is a preparation for moving adding/removing forwarding rules from
IpServer to BpfCoordinator.
Bug: 150736748
Test: atest IpServerTest
Change-Id: I85316ef09ff3c9389ded11dcc384493d699da48e
Verify that the coordinator could fetch tether stats from BPF maps and
report the network stats to the service.
Bug: 150736748
Test: atest BpfCoordinatorTest
Change-Id: Ib1756159a2047c5db7d31359b0f288f840bd1bb1
Make BPF tethering offload coordinator, BpfCoordinator,
registers a network stats provider, BpfTetherStatsProvider, and
provide the tethering stats from the BPF map.
Bug: 150736748
Test: new test BpfCoordinatorTest
Change-Id: I22e71f87b67668f7e733e4f215d93bf5b2c9380d
Used to record offload transmitted/received forwarded bytes/packets.
Bug: 150736748
Test: new test BpfTetheringCoordinatorTest
Change-Id: Ie8725f95c3ddd5fb3811d479de32d2c1f7dcb493
Shell has TETHER_PRIVILEGED permission. To avoid any service to adopt
shell identity by lunching service with Shell process, gate
exemptFromEentitlementCheck by NETWORK_STACK.
Bug: 157702014
Test: atest TetheringCoverageTests
Change-Id: I6ddfda23d36ea9981e3e1eb5a87767f452a65852
1. Call maybeRemoveDeprecatedUpstreams from Tethering rather than inside
PrivateAddressCoordinator because the building logic of this method based
on implementation details of Tethering.
2. Fix typo
Bug: 130879722
Test: -build, flash, boot
-atest TetheringTests
Change-Id: I7584253b728bc17fc648fc19e492ca9f7ad2ff46
- Add New class PrivateAddressCoordinator to coordinate the private
address conflict problem.
- Downstream prefix would be random in 192.168.0.0/24 ~
192.168.255.0/24.
- If new upstream prefix is conflict with existing downstream prefix,
downstream would be kicked out and it would request a new one.
- The last conflict upstream prefixes would be blacklist. Avoid to
select downstream prefix which is conflict with prefixes in blacklist.
Bug: 130879722
Test: -build, flash, boot
-atest TetheringTests
Change-Id: Ib45b87bcd9eeb5da03fb7ec90b1af9ca53998cf5
If upstream is cellular, set the TTL in Router Advertisements to
"network-set TTL - 1" for carrier requirement. For other non-cellular
upstream, set TTL as "network-set TTL + 1" to preventing arbitrary
distinction between tethered and untethered traffic.
Bug: 154776299
Test: atest TetheringTests
Merged-In: I7f2696a642f96c6aafb5613b980bf5bcdd08bbda
Change-Id: I7f2696a642f96c6aafb5613b980bf5bcdd08bbda
Bug: 154869719
Test: atest TetheringTests
Original-Change: https://android-review.googlesource.com/1288503
Fix TetheringServiceTest test WRITE_SETTINGS permission failure
AdoptShellPermissionIdentity can not pass permission check by
Settings#checkAndNoteWriteSettingsOperation. It would compare the caller
uid and its package name. See error below:
1. java.lang.SecurityException:
Specified package com.android.shell under uid 10239 but it is really 2000
2. java.lang.SecurityException:
uid 10245 does not have android.permission.UPDATE_APP_OPS_STATS.
Override the method and test if caller hold WRITE_SETTINGS directly.
Bug: 154869719
Test: TetheringTests, TetheringCoverageTests, NetworkStackNextTests,
NetworkStackCoverageTests
Original-Change: https://android-review.googlesource.com/1313806
Change-Id: I7beea3f011d930e433443ed62d772a3f8cce5d78
Merged-In: I7beea3f011d930e433443ed62d772a3f8cce5d78
If upstream is cellular, set the TTL in Router Advertisements to
"network-set TTL - 1" for carrier requirement. For other non-cellular
upstream, set TTL as "network-set TTL + 1" to preventing arbitrary
distinction between tethered and untethered traffic.
Bug: 154776299
Test: atest TetheringTests
Change-Id: I7f2696a642f96c6aafb5613b980bf5bcdd08bbda
Send netlink request over fd for offload config before
completing init sequence. Provides existing conntrack
entries to IPA. Resolves issue where there are NAT
misses in IPA due to IPA only having the conntrack
entries added after tethering starts.
Bug: 149109043
Test: OffloadHardwareInterfaceTest
Change-Id: Iaf3e847e92f205b55f10fa85c17b9f3995d52099
AdoptShellPermissionIdentity can not pass permission check by
Settings#checkAndNoteWriteSettingsOperation. It would compare the caller
uid and its package name. See error below:
1. java.lang.SecurityException:
Specified package com.android.shell under uid 10239 but it is really 2000
2. java.lang.SecurityException:
uid 10245 does not have android.permission.UPDATE_APP_OPS_STATS.
Override the method and test if caller hold WRITE_SETTINGS directly.
Bug: 154869719
Test: TetheringTests, TetheringCoverageTests, NetworkStackNextTests,
NetworkStackCoverageTests
Change-Id: I2a60c4d66ef30028f9663159f85464ea815248e2
Add the specific implementation of onNewPrefixRequest callback
on IpServer side, also refactor some common code.
Bug: 130741856
Test: atest TetheringTests
Merged-In: If2871bf899cb5890bbfee18063a194c92b6f474e
Change-Id: If2871bf899cb5890bbfee18063a194c92b6f474e
1. Move isTetheringSupport logic from TetheringService to Tethering.
2. Small readability improvement in TetheringTest. Also change
config_tether_upstream_automatic from false to true in TetheringTest.
So TetheringTests would default run automatic select upstream flow
instead of selecting by legacy perferred network type list.
Bug: 153609486
Test: atest TetheringTest
Change-Id: I5a82a6347f62d3a7031db5c56e8e0c8530dafd8f
Merged-In: I5a82a6347f62d3a7031db5c56e8e0c8530dafd8f
(cherry picked from commit 569870320a)
Add the specific implementation of onNewPrefixRequest callback
on IpServer side, also refactor some common code.
Bug: 130741856
Test: atest TetheringTests
Change-Id: If2871bf899cb5890bbfee18063a194c92b6f474e
1. Move isTetheringSupport logic from TetheringService to Tethering.
2. Small readability improvement in TetheringTest. Also change
config_tether_upstream_automatic from false to true in TetheringTest.
So TetheringTests would default run automatic select upstream flow
instead of selecting by legacy perferred network type list.
Bug: 153609486
Test: atest TetheringTest
Change-Id: I5a82a6347f62d3a7031db5c56e8e0c8530dafd8f
Merged-In: I5a82a6347f62d3a7031db5c56e8e0c8530dafd8f
1. Move isTetheringSupport logic from TetheringService to Tethering.
2. Small readability improvement in TetheringTest. Also change
config_tether_upstream_automatic from false to true in TetheringTest.
So TetheringTests would default run automatic select upstream flow
instead of selecting by legacy perferred network type list.
Bug: 153609486
Test: atest TetheringTest
Change-Id: I5a82a6347f62d3a7031db5c56e8e0c8530dafd8f
Merged-In: I5a82a6347f62d3a7031db5c56e8e0c8530dafd8f
- Correct description and spelling in the code and xml files.
- Add a TODO for refactoring the IpServer constructor.
- Refine the if-statement for starting IP neighbor monitor.
Bug: 149997301
Test: atest IpServerTest
Original-Change: https://android-review.googlesource.com/1309273
Merged-In: If9c8bc6f785fa80575db56de4e223292e9807ace
Change-Id: If9c8bc6f785fa80575db56de4e223292e9807ace
The tether bpf offload can be enabled by resource config and
device config. The device config has higher priority and it
could override this config which is set by resource config.
Bug: 149997301
Test: -build, flash, boot
-atest TetheringConfigurationTest
Original-Change: https://android-review.googlesource.com/1276007
Use device option to control BPF offload features
If BPF offload device config is not enabled:
- Does not add/remove offload forwarding rules through disabling IP
neighbor monitor.
- Does not apply the RA MTU reduction.
Bug: 149997301
Test: atest IpServerTest
Original-Change: https://android-review.googlesource.com/1284578
Merged-In: I2d6f80f0229f580c4b16243a064e889a6c37f77a
Change-Id: I2d6f80f0229f580c4b16243a064e889a6c37f77a
- Correct description and spelling in the code and xml files.
- Add a TODO for refactoring the IpServer constructor.
- Refine the if-statement for starting IP neighbor monitor.
Test: atest IpServerTest
Change-Id: If9c8bc6f785fa80575db56de4e223292e9807ace
To exempt from entitlement check, caller need to hold TETHER_PRIVILEGED
permission.
Bug: 141256482
Test: atest TetheringTests
Change-Id: I2eb37f5e92f5f5150a7fb7c25b945e28704d27a0
Merged-In: I2eb37f5e92f5f5150a7fb7c25b945e28704d27a0
