The library provides an init function and an API for DNS resolver to
query whether the application is allowed to send DNS query based on BPF
maps settings.
Bug: 288340533
Test: atest dns_helper_unit_test (with test CL)
Change-Id: Ibfb383bfb074da2104a25aa4f04ebc32b22d11da
When 'set-inactive' command is used, it is possible for the
test app to get into the NEVER bucket as it wouldn't be
recorded as used by the user in some cases.
Bug: 298816567
Test: atest tests/cts/hostside/src/com/android/cts/net/HostsideRestrictBackgroundNetworkTests.java
Change-Id: If2667a07629b38395d0fed99771488d0900caf18
This is needed for data stall detection mechanism in NetworkStack
to get the information about whether the network is blocked for
a given uid and conditions. Because the API will be called
frequently from NetworkStack to resolve all status for all uids
on the device, the API cannot call into the service which
creates IPC. Instead, the API need to directly access bpf maps
in the user process to retrieve the status. In this case the
user process is the network stack, the access control is provided
by linux file permission and selinux.
Test: atest FrameworksNetTests:android.net.connectivity.android.net.BpfNetMapsReaderTest
Test: atest FrameworksNetTests:android.net.connectivity.android.net.ConnectivityManagerTest
NO_IFTTT=Refactor only change for firewall chains definitions
Bug: 297836825
Change-Id: Iaf983b71ec98cbfe5152dcfade8a3120f938f135
Dns Resolver needs to know whether a network is metered when checking if
DNS requests will be blocked by Data Saver.
Bug: 288340533
Test: atest FrameworksNetTests
Change-Id: Ia5822dc522c766c7815680003c7ba275d15ccaff
* Update getRawOffloadPayload() with @NonNull annotation.
* Log the error object directly instead of logging the error message.
* Use Arrays.copyOfRange() instead of System.arraycopy().
* Remove the unnecessary escape of mPacketCreationBuffer member variable in MdnsReplySender.
Bug: 308079421
Test: TH
Change-Id: I8c805bfe1fc1ae1d9a8abfab498059bda05710ff
The information is needed by modules who want to know whether a
specific UID is blocked by Data Saver feature.
1. Add a one-element map data_saver_enabled_map.
2. Update current data saver setting to the map.
Bug: 288340533
Test: atest FrameworksNetTests:android.net.connectivity.com.android.serv
er.BpfNetMapsTest
Test: atest bpf_existence_test
Change-Id: I981da4b569247c33cba2d365cb6f2691f673474e
In particular, this fixes a bug where a non-validated destroyed
network can't get disconnected after it's replaced by another
non-validated network because CS thinks it should keep it in
case it validates and beats the replacement network.
Test: new test for this : CSDestroyedNetworkTests
Change-Id: I5d7e413624d6fca28b06484e5369cd17e4a599a4
1. At present, the transportTypes in NetworkCapabilities have been
passed into DnsManager::updateTransportsForNetwork() as a parameter. In
the following CL, we also need to pass the 'metered' (also in
NetworkCapabilities) as a parameter to the function. Instead of passing
the members of NetworkCapabilities one by one, it is better to pass the
entire NetworkCapabilities.
2. Rename updateTransportsForNetwork() to
updateCapabilitiesForNetwork().
Bug: 288340533
Test: presubmit
Change-Id: I0966124f87b12c1d5a2eaee681885c3d5c7f74dc
This reverts commit 55ccfe19e2.
Reason for revert: this must be introducing some sort of race
it appears to cause
atest EthernetTetheringTest 'NetdBinderTest#TetherForwardAddRemove'
to no longer reliably pass.
Change-Id: I5281ab3f42c5ce268d97a12db24a6768db3f4354
1. Move it to header file so that it can be reused by others.
2. Correct the return type from int to bool.
3. Replace __always_inline by inline to avoid -Werror,-Wunused-function.
Bug: 288340533
Test: build
Change-Id: I9062686d9c2f98c2d24e4673f82b1732b180ffc4
The code handling service registration, discovery, and resolution
in DefaultState is never executed because these messages are
always handled in EnabledState. Therefore, the active code in
DefaultState should be moved to EnabledState and DefaultState
should be removed.
Bug: 307209858
Test: atest FrameworksNetTests CtsNetTestCases
Change-Id: I38a255ddf72148c7ae13d3079dbd3c03f800b9c2
Make MockVpn stop extending Vpn in order to stop depending on
Vpn code. This includes:
1. Remove @Override and synchronized for all MockVpn methods.
2. Remove the constructor.
Bug: 230548427
Test: atest FrameworksNetTests
Change-Id: I9109cd9d3e17717cffa6c89c6a9e4330ed9af3cf
The following are removed:
1. mUnderlyingNetworkInfo and the related get and set.
2. Calls to setEnableTeardown() since this has no
interaction with ConnectivityService.
3. Calls to updateState().
4. Usage of mInterface.
5. Usage of mConfig.
6. Usage of mNetworkAgent.
Bug: 230548427
Test: atest FrameworksNetTests
Change-Id: Ie7cec6fed25f841de995059deba1c1df67377e70
This is no longer used out of this file, and should not be.
Test: Build
Change-Id: I531191b4afbda39a5fbaf1f483d13068f86d17f1
Merged-In: Ief0a79883bcc2c5493807c548cb71ef655abed23
Store the mNetworkCapabilities locally in MockVpn to stop
depending on the Vpn class.
Bug: 230548427
Test: atest FrameworksNetTests
Change-Id: I215e915dcafb6700950bc8a500bc16f839d0e13e
BPF needs upstream prefixes information to filter spoofing IPv6 source
addresses carried in downstream traffic.
We retrieve prefixes from upstream interface's LinkProperties and pass
it to the BpfCoordinator. Forwarding rules will also be updated when
upstream interface's IPv6 link addresses change.
Test: atest TetheringTests
Bug: 261923493
Change-Id: If8cfc3b191e520ca838654d1b5211ab9e9ec021d
testDumpDoesNotCrash does not dump enough objects to have full
coverage. e.g. In b/303348620, it did not detect the crash since
there is no NetworkAgentInfo stored in ConnectivityService.
This change ensures ConnectivityService is filled with more
objects that will be dumped:
1. NetworkProvider
2. NetworkAgentInfo
3. NetworkOffer
4. Network preferences
Bug: 303348620
Test: atest FrameworksNetTests
Change-Id: I7e2f1954c91409f3bf0daf01300e34ce73e311cb
As state transitions always occur after a message has been processed,
calling transitionTo only under processMessage makes the flow easier
to understand and less error-prone.
The risk of this change is very minimal since it is only about
handling the error, but tethering will stop regardless.
Test: atest TetheringTests
Change-Id: I56c6cf6cc989464ee84a8333ac131afc808a3d95
This can make it easier to adopt SM shim replacement in follow up change,
as both SyncSM and AsyncSM will process the same message without any
difference.
This change also fix a problem that bring up downstream before it's
IpServer completely disabled.
Previous:
CMD_NOTIFY_PREFIX_CONFLICT -> requestEnableTethering(false) ->
requestEnableTethering(true) -> IpServer stopped ->
reportTetherStateChanged(downstream inactive) -> IpServer started
-> reportTetherStateChanged(downstream active)
New:
CMD_NOTIFY_PREFIX_CONFLICT -> requestEnableTethering(false) ->
IpServer stopped -> reportTetherStateChanged(downstream inactive)
-> requestEnableTethering(true) -> IpServer started
-> reportTetherStateChanged(downstream active)
Test: atest MtsTetheringTestLatestSdk
Change-Id: Ibe22b300c56125359f4fa452bd01a0a2381fda23
When tethering restarts due to an IP conflict, it starts to
bring up downstream before its IpServer is completely disabled.
Test: atest TetheringTests
Change-Id: I0b0f0bf1bb9ac8421c05fe512d5082d095fa7180
