This is fixing post-FIN state (by disabling offload post-FIN).
Once the tcp state enters half-closing tcp state (fin wait,
close wait), delete the offload rules.
From this commit, we have done the short term solution for conntrack
tcp timeout issue. Here is what we have done so far.
- Stop updating tcp timeout to avoid updating wrong tcp state
timeout.
- Update the ESTABLISHED timeout
nf_conntrack_tcp_timeout_established (432000) after adding
bidirectional rules.
- Delete the tcp rules when the tcp state has left
"established".
Here is the long term solution and need to be addressed in follow up
commits.
- Parse the tcp state from netlink conntrack event.
- Build a mapping to trace the tcp state of the tcp conntrack event.
- Update tcp state timeout for {ESTABLISHED (432000), FIN_WAIT (120),
CLOSE_WAIT (60)}.
Bug: 190783768
Bug: 192804833
Test: atest TetheringCoverageTests
Manual test:
1. Browse on tethered device
2. Check conntrack tcp state is established.
$ cat /proc/net/nf_conntrack
ipv4 2 tcp 6 431995 ESTABLISHED src=192.168.207.9
dst=140.112.8.116 sport=50697 dport=443 ..
3. Check offload rules are added via dumpsys.
Upstream:
tcp .. 192.168.207.9:50697 -> 14(rmnet0) 10.224.1.247:50697
-> 140.112.8.116:443 ..
Downstream:
tcp .. 140.112.8.116:443 -> 30(30) 10.224.1.247:50697
-> 192.168.207.9:50697 ..
4. Stop browsing for a few seconds.
5. Check conntrack tcp state is half-closed.
$ cat /proc/net/nf_conntrack
ipv4 2 tcp 6 116 TIME_WAIT src=192.168.207.9
dst=140.112.8.116 sport=50697 dport=443 ..
5. Check offload rules are removed via dumpsys.
Upstream:
(not found)
Downstream:
(not found)
Change-Id: I07e27230bf8952acd7828d1f605167758b3bc490
Needed because a payload data packet may have gone through
non-offload path, before we added offload rules, and that this
may result in in-kernel conntrack state being in ESTABLISHED
but pending ACK (ie. UNACKED) state. But the in-kernel conntrack
might never see the ACK because we just added offload rules.
As such after adding the rules we need to force the timeout back
to the normal ESTABLISHED timeout of 5 days.
Issue: the timeout is set to unacknowledged 300s (countdwon to 298s)
$ adb shell cat /proc/net/nf_conntrack
ipv4 2 tcp 6 298 ESTABLISHED src=192.168.244.128
dst=140.112.8.116 sport=45694 dport=443 ..
Test: atest TetheringCoverageTests
Manual check:
$ adb shell cat /proc/net/nf_conntrack
ipv4 2 tcp 6 431988 ESTABLISHED src=192.168.40.162
dst=140.112.8.116 sport=40774 dport=443 ..
Bug: 190783768
Bug: 192804833
Change-Id: I8c34e85e26c9d976e5e2b85473db75ff46d8abd4
This is a preparation for only update the tcp timeout while
adding rules. Also add slack time for updating UDP timeout
interval.
Bug: 190783768
Bug: 192804833
Test: atest TetheringCoverageTests
Change-Id: I3151b531e6581e257f3cfa39ad2fcf1650358b3d
- Remove ipv4MappedAddressBytesToIpv4Address because it can be covered
by parseIPv4Address.
- Remove IllegalArgumentException from parseIPv4Address because it has
never happened
- Reverse the order of upstream and downstream timeout refreshing in
refreshAllConntrackTimeouts for readability because both source and
destination of the downstream are opposite direction to the
upstream.
Bug: 190783768
Bug: 192804833
Test: atest TetheringCoverageTests
Change-Id: I6a1e44777a4357dd3847c2e2bb1fc6c3cf01617c
registerSystemDefaultNetworkCallback no longer throws
UnsupportedApiLevelException as it has compatibility behavior down to Q,
so remove the catch clause for the checked exception.
The exception would previously not be thrown since the Tethering module
is only running on R+.
Bug: 182961265
Test: atest TetheringTests
Change-Id: I3c58235f3a59294995e5f32502fec6ccd17a3cf0
If config_tether_ncm_regexs is configured, load it to
tetherableUsbRegexs if ncm is used for TETHERING_USB. Load it to
tetherableNcmRegexs if ncm is used for TETHERING_NCM.
Bug: 185649441
Test: atest TetheringTests
Change-Id: I0c542560bd04e8c0a6a78d632da5a00a34d9a3fa
Before this change, usb IpServer would be created if corresponding
interface is available even there is no enable tethering attempt. And
usb IpServer only be disabled when interface is removed. Usb tethering
could not be stopped if interface is always avaialbe.
After this change, usb IpServer would be enabled and disabled according
to ACTION_USB_STATE.
Bug: 185649441
Test: atest TetheringCoverageTests
atest MtsTetheringTestLatestSdk
atest CtsTetheringTest
Change-Id: I8375e3f998d677dc658370b2553facaec0d5ff7c
Apply their respective jarjar rules on tethering and general
connectivity tests, then merge both into the coverage tests suite.
This is necessary to ensure that classes covered by tests have names
matching classes used in code.
Also fix IpConnectivityLogTest to use the module utility instead of the
hidden BitUtils, as the test would fail after internal utils are
jarjared.
Bug: 187935317
Test: atest ConnectivityCoverageTests TetheringCoverageTests
Change-Id: Ib95b58dab93f7adebc445b662a6d15db1ce0e7c2
Previously, the hidden API encoding of the tethering boot dex jars,
i.e. those dex jars that tethering contributes to the bootclasspath
were done as part of the monolithic hidden API processing. This change
causes the encoding to be done by the tethering's
bootclasspath_fragment.
This change involves the following:
* Addition of the fragments property to the tethering's
bootclasspath_fragment module to list all the other
bootclasspath_fragment modules on which this depends.
* Addition of the additional_stubs property to add stubs for APIs that
are not provided by another bootclasspath_fragment.
The build automatically checks that the hidden API flags which are
computed by tethering and encoded into its boot dex jars match those
that are generated by the monolithic processing so this is guaranteed
to be safe.
Bug: 179354495
Test: m com.android.tethering
- ensure that the generated APEX is byte-for-byte identical
before and after these changes.
m out/soong/hiddenapi/hiddenapi-flags.csv
- make sure that they are not changed by this.
(cherry picked from b28cb44e4b)
Merged-In: I4d9621325c7fcea5043cbca4c577ba2ac6125c0c
Change-Id: I4d9621325c7fcea5043cbca4c577ba2ac6125c0c
Print a dash for the unused "lastUsed" of the rule.
The age should not equal the bootime if the rule has never been
updated the "lastUsed" field.
Format:
[inDstMac] iif(iface) src -> nat -> dst [outDstMac] age
[00:00:00:00:00:00] 14(rmnet0) 140.112.8.116:443
-> 30(30) 10.170.56.233:43720
-> 192.168.45.236:43720 [be:34:40:28:33:5f] -
Test: dumpsys tethering
Change-Id: Ie771becd2f72518cf02a86e5ae228315785752a5
Previously, the hidden API encoding of the tethering boot dex jars,
i.e. those dex jars that tethering contributes to the bootclasspath
were done as part of the monolithic hidden API processing. This change
causes the encoding to be done by the tethering's
bootclasspath_fragment.
This change involves the following:
* Addition of the fragments property to the tethering's
bootclasspath_fragment module to list all the other
bootclasspath_fragment modules on which this depends.
* Addition of the additional_stubs property to add stubs for APIs that
are not provided by another bootclasspath_fragment.
* Moving hidden API flag file entries related to tethering from the
flag files in frameworks/base/boot/hiddenapi directory into the
tethering directory with an appropriate OWNERS file to allow them to
be managed by the Soong and compat team.
* Addition of a PREUPLOAD.cfg hook script to ensure that the flag files
are sorted.
The build automatically checks that the hidden API flags which are
computed by tethering and encoded into its boot dex jars match those
that are generated by the monolithic processing so this is guaranteed
to be safe.
Bug: 179354495
Test: m com.android.tethering
- ensure that the generated APEX is byte-for-byte identical
before and after these changes.
m out/soong/hiddenapi/hiddenapi-flags.csv
- make sure that they are not changed by this.
Change-Id: I4d9621325c7fcea5043cbca4c577ba2ac6125c0c
Ignore-AOSP-First: merge conflicts
