Avoid recording negative data by doing integer-based
math as much as possible, but switch to double-based
math if we detect that we'd end up causing an overflow.
Test :
- Builds, Boots
- High data throughput scenarios
- NetworkStatsHistoryTest, NetworkStatsCollectionTest,
NetworkStatsTest
Bug: 119527458
Change-Id: I55d4aa649bea3ae201ad513074ff2b71cb918dad
This reverts commit b04880e7ca.
Reason for revert: Revert and wait for the design is settled down.
Change-Id: I10fdfc37d6456678de1886698cd6ad08bf8aa810
Add Dependencies class in PermissionMonitor for injection
in tests easily.
Bug: 132784544
Test: atests FrameworksNetTests
Change-Id: Ibb84d548908f7a955fa0ff206794486733259978
This reverts commit 3cb7ccd0cd.
Reason for revert: Breaks the build b/160390899
Merged-In: Icd141a992c46290c74929785e261a1cd57bc001b
Change-Id: Ie10e66f61393602f17fbb61bf17230b176bf1f44
The classes should not be picked up from frameworks/base, as they are
part of several mainline modules.
Also refine comments in DhcpResults following feedback in previous
change.
(cherry-pick from internal branch skipping wifi classes; no other
conflict)
Bug: 151052811
Test: m; manual: flashed, wifi and telephony working
Test: atest NetworkStackCoverageTests
Merged-In: I7074651c6a2a7a6b11bcf13cc4bb03833d7d655f
Change-Id: I7074651c6a2a7a6b11bcf13cc4bb03833d7d655f
Revert "Add new network quirk parcelable in the NetworkAttributes."
Revert submission 1323251-ipv6_prov_loss_quirk_parcelable
Reason for revert: Breaks CtsStrictJavaPackagesTestCases
Reverted Changes:
I18e05c09f:Add new network quirk parcelable in the NetworkAtt...
I8dbff2377:Test IPv6ProvisioningLossParcelable in the Network...
Change-Id: Ie906919b344131cd768fbed787248d3caac2f74d
This is a Client-only solution.
- Add to NetdClient a per-process std::atomic_boolean
similar to netIdForProcess and netIdForResolv.
- The boolean says whether the process should be
allowed Internet connectivity.
- Add an @hide method to NetUtils.java to set the boolean;
call it from the initialization code of the new
process just after forking from zygote.
- Make netdClientSocket and dnsOpenProxy check the
boolean. If the boolean is false, return EPERM from
socket calls.
Bug: 150028556
Test: atest NetworkUtilsTest
Test: atest CtsAppSecurityHostTestCases:UseProcessTest
(cherry-pick from internal branch, ag/11881939)
Merged-In: If002280fbad493dfc2db3d9d505c0257d49a9056
Change-Id: If002280fbad493dfc2db3d9d505c0257d49a9056
There are two methods to handle package added/removed from
two differnt listeners. It can use one of listener to handle the
changes. Thus, keep PackageManagerInternal#PackageListObserver
but remove the listening from ConnectivityService.
Bug: 132784544
Test: atests FrameworksNetTests
Change-Id: Ib2db85e4108f9fda731bf6667d0af0610fc79fea
Check one more parameter enforceDnsUid in ResolverOptionsParcel in
DnsManagerTest.
Bug: 159587277
Test: atest
com.android.server.connectivity.DnsManagerTest#testSendDnsConfiguration
Change-Id: Ic53f42b968626294c851dac252a70769846ba427
Merged-In: Ic53f42b968626294c851dac252a70769846ba427
Probe DNS servers to see they support DNS-over-TLS. Use system
CAs to verify whether the certificates sent by DNS servers are
trusted or not. An error is thrown to cause the probe failed if
DNS servers send untrusted certificates.
Unlike the DnsResolver which doesn't verify the certificates
in opportunistic mode, all of the DoT probes from NetworkDiagnostics
check certificates.
DoT probes apply to the DNS servers gotten from LinkProperties
and the DoT servers gotten from PrivateDnsConfig whatever private
DNS mode is.
A common example in DNS strict mode:
. DNS TLS dst{8.8.8.8} hostname{dns.google} src{192.168.43.2:48436} qtype{1} qname{815149-android-ds.metric.gstatic.com}: SUCCEEDED: 1/1 NOERROR (432ms)
F DNS TLS dst{192.168.43.144} hostname{}: FAILED: java.net.ConnectException: failed to connect to /192.168.43.144 (port 853) from /192.168.43.2 (port 41770) after 2500ms: isConnected failed: ECONNREFUSED (Connection refused) (172ms)
. DNS TLS dst{8.8.4.4} hostname{dns.google} src{192.168.43.2:37598} qtype{1} qname{759312-android-ds.metric.gstatic.com}: SUCCEEDED: 1/1 NOERROR (427ms)
An example when the CA is not trusted:
F DNS TLS dst{8.8.8.8} hostname{dns.google}: FAILED: javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. (16ms)
An example when TCP/TLS handshake timeout:
F DNS TLS dst{8.8.8.8} hostname{dns.google}: FAILED: java.net.SocketTimeoutException: failed to connect to /8.8.8.8 (port 853) from /192.168.2.108 (port 45680) after 2500ms (2514ms)
Bug: 132925257
Bug: 118369977
Test: atest FrameworksNetTests
Change-Id: I1b54abed0e931ca4b8a97149459cde54da1c3d6f
This patch addresses the followings,
- Pass Looper to NetworkStatsSubscriptionsMonitor constructor
- Replace Looper with TestLooper in unit test
- Assert fail if result of condition check is not expected.
Bug: 154080205
Test: atest FrameworksNetTests:com.android.server.net.NetworkStatsServiceTest
atest FrameworksNetTests:com.android.server.net.NetworkStatsSubscriptionsMonitorTest
Change-Id: Ibcaba2b38af80cc0ec9a4e428a3b3a1538bc4325
On Android different interfaces usually use different routing tables.
As a result, a change in interface should not be treated as route
update, but rather a remove and an add.
This change fixes a bug in VPN seamless handover where routes
failed to be updated when a new tunnel interface replaces the existing
one within the same network.
Bug: 158696878
Test: atest com.android.cts.net.HostsideVpnTests
Test: atest NetworkStackTests
Test: atest CtsNetTestCases
Test: atest FrameworksNetTests
Change-Id: I57987233d42a0253eaee2e1ca5f28728c2354620
Add ContentObserver to observe the status of
NETSTATS_COMBINE_SUBTYPE_ENABLED to determine that
NetworkStatsSubscriptionsMonitor start or stop
monitoring data usage per RAT type changes.
Bug: 154080515
Test: atest NetworkStatsServiceTest#testDynamicWatchForNetworkRatTypeChanges
Change-Id: I272d589633c9186b45753228b05aa0b40b7c7b89
Bug: 154080205
Test: atest FrameworksNetTests:com.android.server.net.NetworkStatsSubscriptionsMonitorTest
(copy from ag/11788484 but getActiveAndHiddenSubscriptionIdList() since it's renamed
in internal)
Change-Id: Ia162f36efe96d90b2f6f70190d9fa855bba34484
Merged-In: I4ef3f1ab2e5ea1322133edd80db3ccd0022e9c91
Test extra info sent to NetworkMonitor correctly if network
agent is created through new NetworkAgent constructor without
legacy network info taken as parameter.
Bug: 156173829
Test: atest FrameworkNetTests
Change-Id: I4f827664c528bea30cc957a0a617dd37693f4460
The extra info is taken into NetworkMonitor from while creating
it. The NetworkMonitor is created when a new agent is registered
but the extra info is not available at that time. Make sure the
field is set in the NetworkInfo when registering.
Bug: 156173829
Test: adb shell dumpsys network and check the apn in the extra
info shown correctly
Test: atest FrameworkNetTests
Change-Id: Ieaad8cbf1a28af3b97c7f98f74358e417fcad661
This should no longer be needed after all the cleanups.
Test: atest NetworkStatsTest NetworkStatsFactoryTest
Bug: 150738490
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I289d935f84b616ed857ef4c5a7427d57c282d00c
No clat app uid 0 rx stats on base iface due to ip6tables raw prerouting drop
(so just copy over the rx stats from the before file)
Test: atest NetworkStatsTest NetworkStatsFactoryTest
Bug: 150738490
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ie73ba0586dafde67bc2726db26e07f7268c18be3
No clat app uid 0 rx stats on base iface due to ip6tables raw prerouting drop
Test: atest NetworkStatsFactoryTest
Bug: 150738490
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I4393afcbe8e1bb886ecf4f5c1573f6ac8a0e29f5
No clat app uid 0 rx stats on base iface due to ip6tables raw prerouting drop
Test: atest NetworkStatsFactoryTest
Bug: 150738490
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ifebd946e06b5fa2eeb7ff4fc0b1c423097021692
This change adds the @RequiresFeature annotation to Ikev2VpnProfile
Builder methods, and checks before provisioning VPN profiles.
Bug: 156681625
Test: New tests added, passing.
Change-Id: I125d8fbe5d67fb877ad7d0636c007cb3e1a9f59b
This is only necessary when learning the NAT64 prefix from the
RA, because if the NAT64 prefix is learned from DNS, the DNS
resolver already knows the prefix and automatically enables
DNS64 synthesis.
The DNS resolver needs to be informed of the prefix any time
clat is running on a prefix learned from an RA. This is simple to
implement: just set the prefix when starting clat if prefix
discovery is not running, and clear the prefix when stopping clat
if prefix discovery was not running. This ensures that the prefix
is cleared iff it was set.
Bug: 156914456
Test: new unit test coverage
Change-Id: If8ad2d30712a6df3e207c8d3e8a129705242191e
This is not particularly likely to happen unless the pref64 RA is
sent by a different router than the main RA. But more tests are
always good, and this additional coverage will be more useful
in an upcoming change.
Bug: 150648313
Test: test-only change
Change-Id: I3316d49d42100800740afadc4edf0a13a4d8377c
This saves dozens of warnings every time FrameworkNetTests is
compiled. There is nothing we can do about those warnings because
LegacyTypeTracker's reason for existence is to power deprecated
APIs.
Test: m FrameworksNetTests
Change-Id: I4d65b0aade493e12b56a94247efbf9d1ad7bb4b9
Add a test to verify the ConnectivityService / NetworkMonitor
integration around the captive portal API.
Test: atest ConnectivityServiceIntegrationTest
Bug: 156062304
Change-Id: I4eed02e09fc4943c011d871c58ba97ec572c7763
(partial cherry-pick of internal change:
I4457ff2bd466a4c56fed2570e110f251031c2385)
With b/150232615, we will need an explicit value set for the exported
flag when intent filters are present, as the default behavior is
changing for S+. This change adds the value reflecting the previous
default to the manifest.
These changes were made using an automated tool, the xml file may be
reformatted slightly creating a larger diff. The only "real" change is
the addition of "android:exported" to activities, services, and
receivers that have one or more intent-filters.
Bug: 150232615
Test: TH
Merged-In: I4457ff2bd466a4c56fed2570e110f251031c2385
Change-Id: I65a1ca1678048bbf09edc9a0485b673644c8109d
This change adds the ability for IKEv2/IPsec VPN profiles to run on Test
Networks. If enabled, the IKEv2/IPsec VPN profiles will request ONLY
test networks.
Bug: 148582947
Test: FrameworksNetTests passing
Test: Added for testing
Change-Id: I2511b39b27a1e29ae97907cdb12728d13fb1628f
