root cause: getIfaceStats and getTotalStats is directly reading
iface_stat_fmt or eBPF, not include tether stats.
solution: add tether stats to getIfaceStats and getTotalStats.
Bug: 120039819
Test case1:
1. tether offload is enabled on phone, enable MHS on phone.
2. Use test app to check getMobileRxBytes->getIfaceStats
3. Download 10M file on MHS client
4. Use test app to check getMobileRxBytes->getIfaceStats again
result: getMobileRxBytes increased around 10M
Test case2:
1. tether offload is disabled on phone, enable MHS on phone.
repeat above step 2~4
result: getMobileRxBytes increased around 10M
Following CTS cases passed
run cts -m CtsNetTestCases --test android.net.cts.TrafficStatsTest
run cts -m CtsUsageStatsTestCases --test android.app.usage.cts.NetworkUsageStatsTest
Change-Id: I3d94acb71c142ec38b750e58822881ff383341cc
In Q, legacy way to get tcp packet count is not planned to be
supported. Users who use this unsupported API e.g., data stall
detection are also planned to be removed.
Thus, this change reverts 0b4a66a1c2 which is the short term
solution in P.
Bug: 110443385
Test: atest FrameworksNetTests
Change-Id: Ia09f908edbf194b9aa873a3bdd5aee7b6fcb16bc
With the new loader support added. The bpf map format is defined by bpf
kernel program as well. Change the netd bpf program to the new format.
Test: CtsUsageStatsTestCases
Bug: 112334572
Change-Id: I34e38e0a8cf0cca54dc52ec897771452f9d90525
The hasBpfSupport() check from BpfUtils is not used by the native helper
in framework. Remove them.
Bug: 111441138
Test: Build without failure.
Change-Id: Icdd01bf1a03efd7883e4939d0d730303ec1004e7
In follow-up commits, current API would create new NetworkStats
every time when 464xlatAdjustment wants to filtered out some
uids.
This commit refactors it to delete stats in-place to get better
performance.
Bug: 118602783
Test: atest FrameworksNetTests
Change-Id: I858f95d1fa7733111786243b4e261ce8a70a068d
Stable aidl won't support FileDescriptor but ParcelFileDescriptor.
In order to migrate to stable aidl, replace all FileDescriptor in
INdetd.aidl.
Test: runtest frameworks-net passes
Change-Id: Icdf37aed0e0cce0352070a437066e77c0f2fd85a
This commit cleans up and upates comments with regard to changes in
aosp/721999, clarifying the restrictions and potential pitfalls we would
see with regards to IPsec tunnel mode without updatable SAs.
Bug: 111854872
Test: Compiles, comment-only change
Change-Id: I07b0063987463c1a3cf42e112839a31739947c80
This change adds support for XFRM-I to all IpSecService netd calls.
Fallback logic is in netd, and thus both VTI and XFRM-I parameters are
always passed down to IpSecService.
Bug: 78589502
Test: All java, CTS tests passing
Change-Id: Ie4186f0ad7e50763b21831f6fa411b5ee436de78
SA marks are never updated during the UPDSA call. This change disables
the attempts to update the specified SAs, ensuring that the config
stored in IpSecService matches that of the allocated kernel resources.
Bug: 111854872
Test: Unit, CTS tests passing
Change-Id: Ic1fb862c8021ffa260c3e262ec698d8af0a826d9
When using xt_qtaguid to count per uid stats,
NetworkStatsService needs to adjust the 464xlat traffic since
iptables module would double count for ipv4 and ipv6 packet.
But for eBPF, the per uid stats is collected in a different
hook, so the adjustment on root uid would only be needed in tx
direction.
Bug: 112226716
Test: 1. Make ipv4 traffic in ipv6-only network and check data
usage.
2. Make ipv4 traffic in a client which connect to
ipv6-only hotspot.
3. runtest frameworks-net
4. cts-tradefed run cts -m CtsNetTestCases -t \
android.net.cts.TrafficStatsTest
5. cts-tradefed run cts -m CtsUsageStatsTestCases
Change-Id: Ic9a84f5446eddc943c255d5f3b89dad171f53cac
The bpf project now have a new project directory in system/bpf instead
of inside netd. The network related bpf library is renamed to
libnetdbpf. Fix the dependency issue in framework to make sure no
regression.
Test: -m CtsNetTestCases -t android.net.cts.TrafficStatsTest
Bug: 112334572
Change-Id: Ibd477bf17d18d516aa520fb1569f4a395ef9abf0
This commit checks if UDP-encapsulation is used
for unsupported address family and throws
IllegalArgumentException when it happens.
Bug: 74213459
Test: Tests added in testCreateTransportModeTransformWithEncap
and testCreateTunnelModeTransformWithEncap.
Command: runtest frameworks-net
Verified on taimen.
Change-Id: I10c01f2bad6aca23430849ea9ef6c1eb157ae131
By skipping updates if an alert is already scheduled, this avoids firing
the global alert too often on devices with high transfer speeds and high
quota.
Test: with tethering watching videos. Also runtest frameworks-net
Bug: 117243748
Change-Id: Idce6059832db7a0e4a7117bbb3e424ec62ae3b21
This patch ensures that creation and modification of IPsec tunnels
requires the MANAGE_IPSEC_TUNNELS appop.
Bug: 115685048
Test: IpSecManagerTunnelTest fails without appops set
Change-Id: I6c60a2573ca521717877f36e28a392b0d3b62754
This change makes all requestIDs use the UID of the creator, ensuring
that rekeys always use the same requestID. This also has the nice
property of separating app's resources from each other, and allowing for
identification of which app/UID allocated the resources from
command-line dumps (eg ip xfrm state show)
Bug: 111841561
Test: Updated tests & passing taimen
Change-Id: I4f1eadcdb795766ae4682b15e41727359c52fa38
This patch changes tunnel mode security policies to use the actual
tunnel's local and remote addresses to select the SA.
This prevents the kernel from calling xfrm_get_saddr(), which does a
route lookup, potentially resolving an incorrect saddr.
Bug: 79384676
Test: CTS, IpSecService* tests passing
Change-Id: I8223225e2363a79591a0bb0040aa8619cf84c184
LocalServices.addService in NetworkStatsService is currently failing
with IllegalStateException "Overriding service registration". Setting up
LocalServices in the test to avoid this issue might be possible, but
moving the registration to the only non-test caller of that constructor
as done here solves the issue and avoids side-effects from a constructor.
Test: atest FrameworksNetTests does not choke on this test
Bug: b/78487385
Bug: b/80082746
Change-Id: I5dba98fc79aec0800c8b71e6c7e23d1cfbcae852
Merged-In: I884a7a8bd7db3fcd220b785ba9914ac8c77720f0
(Clean cherry-pick of go/ag/4061255)
The current networkStats getIfaceStats implementation check if
bpf is enabled, and use bpf to get all traffic stats. However,
the bpf implementation did not contain tcp packet counts. So
data stall detection in DcTracker could not get the packet
count to trigger data stall. Hence the data stall never
triggers for device that enables bpf.
This solution is for short term solution that rollback the
design to use xt_qtaguid for bpf enabled device.
Bug: 110443385
Test: 1. fake data stall to trigger data stall recovery
2. enable debug log to make sure tcp packet count is
correct
3. runtest frameworks-net
4. run cts -m CtsUsageStatsTestCases
Change-Id: I1ce9e92fe194da2ea0a3eec014fd50bb50cdd44a
This CL temporarily removes the AppOp restriction
that disallows creation of IpSec tunnels due to
the lack of the appropriate AppOp in AOSP/master.
When the relevant framework merges out to master,
this CL should be reverted.
Manually merging this due to skipping a merge
conflict at ef9f2740a790feceaa47a24b1a179e93c4ffb5e6
Bug: none
Test: compilation
Change-Id: Ic06c193f85f6bcdd0ead4238825c1add78703cde
We've seen reports of negative values flowing through to attempt
being recorded, which will outright crash. This change does one
last-ditch check to see if we're about to work with negative values,
reporting any trouble and clamping them to zero so we don't crash.
This gives us the data we need to continue investigating without
triggering runtime restarts in the field.
Bug: 80057433
Test: atest android.net.NetworkStatsTest
Change-Id: I8174391c6cf5dadc2c2c10a8d841ee07e1f7d934
The current implementation check for bpf map existance whenever a
NetworkStats request comes in. The check is not efficient and may
require additional permission for threads. So a member variable is added
to NetworkStatsService to store the bpf configuration status and is
initialized when NetworkStatsService start.
Test: -m CtsNetTestCases -t android.net.cts.TrafficStatsTest
-m CtsUsageStatsTestCases -t android.app.usage.cts.NetworkUsageStatsTest
Bug: 79994577
Change-Id: I872ae18fb3e9631a4e6c4d773fefbba32e60a03b
Convert to using a constant in INetd to ensure
that there is a consistent tunnel prefix between
Java and native code.
Bug: 74560705
Test: atest FramworksNetTest; atest CtsNetTestCases
Change-Id: Ida233aac2e6c6b26567463964e0ebac9d52eff1e
In order to properly support EOPNOTSUPP this CL
applies a consistent approach to handling Exceptions.
Hereafter, all exceptions that aren't of a special
method-specific type (such as SpiUnavailableException)
will all be returned to the calling process unchanged.
At the API call site, the ServiceSpecificException,
which is really an Errno, will be inspected and either
converted to an unchecked exception for types we know,
or it will be converted to an IOException in cases where
that method can return a checked exception. In cases
where we do not expect an errno, we will simply throw
a generic RuntimeException. This means all API calls
will now properly throw UnsupportedOperationException
and may be CTS tested accordingly.
Bug: 72420898
Test: runtest frameworks-net
Change-Id: I4a00e221618896223fcdb4b4279fb14cd14e34d8
Collecting network statistics is pretty heavy, which is why we're
throttling callers. However, to keep CTS running fast, we provide a
way for tests to force a poll event, instead of making them wait for
the throttle timeout.
Bug: 77908520
Test: atest cts/tests/tests/app.usage/src/android/app/usage/cts/NetworkUsageStatsTest.java
Change-Id: Ia792f0cd495023366ff8c4839df54e7da2ae8331
We've seen devices where heavy communication between "system_server"
and the "phone" process can exhuast Binder threads, especially when
calling while holding locks. To mitigate this, we now interact with
the "phone" process before acquiring any locks.
Update our internal data structures either when we see a connectivity
change, or when SubscriptionManager tells us something changed.
Fix bug in resolveSubscriptionPlan() that always picked the 0'th
SubscriptionPlan instead of looking for the currently active plan;
we now use the same logic for both NSS and NPMS.
Bug: 77908520, 77154412
Test: atest com.android.server.NetworkPolicyManagerServiceTest
Test: atest com.android.server.net.NetworkStatsServiceTest
Change-Id: I177d3fa6cddc78d745b35a9ede12451d458b892c
These trace points surround areas of heavy lifting to help us debug
code that might be taking longer than expected. (For example, slow
getting data from eBPF, slow recording into data structures, slow
writing to disk, or slow evaluating policy.)
Typical timings on a taimen:
performPollLocked: 25.5ms
snapshotUid: 4.4ms
snapshotXt: 1.4ms
[persisting]: 13.4ms
updateNotifications: 3.3ms
Bug: 77908520, 77808546, 77853238, 77154412
Test: builds, boots
Change-Id: I072bfecffee01eeec7e4cbad439bd1cdc166febc
