In aosp/951200, the clean up function delete the item in the
hash map that holds the record while iterating it, where the
list used to iterate the records is backed by the hash map,
so changes to the map are reflected in the list and caused
the concurrent modification exception.
Bug: 132341736
Test: 1. atest com.android.server.ConnectivityServiceTest \
#testNattSocketKeepalives --generate-new-metrics 300
2. atest FrameworksNetTests --generate-new-metrics 10
(Clean cherry-pick of aosp/959599)
Change-Id: I9cdfe6f6d11c5400c856cc30a33ff4a44ba9d811
Merged-In: I0481a469ee23231e5f0ab738a06b5e09f6cdb680
In general, keepalive slots are released after result of
stopping has returned. However, for network disconnect case,
the service side cannot communicate with network agent since
the async channel is broken.
Clean up keepalive slots right after stop in this case.
Bug: 132341736
Test: 1. atest com.android.server.ConnectivityServiceTest \
#testNattSocketKeepalives --generate-new-metrics 100
2. atest FrameworksNetTests --generate-new-metrics 10
Change-Id: Id3e4e159713c0ed7e03f45169e87b73ae6408e4f
(cherry picked from commit a5f6bd16062fba89bcf900aca93aa3514d93f662)
Merged-In: Id3e4e159713c0ed7e03f45169e87b73ae6408e4f
Merged-In: Icb5a1b5bb10617aa5a7b35db6cf48db3dc53b7fd
Currntly, keepalive slot is released when stop() is called. Next
starting keepalive can use the same slot number while previous
keepalive is still stopping. When the previous keepalive is
stopped, the incoming as will be processed by the new keepalive.
This change release keepalive slot after the result of stopping
has returned. Thus, newly created keepalive cannot allocate the
same slot number while lower layer is still processing stop event.
This change also disable flaky assertions that are caused by
test port has been occupied by other process.
Bug: 129512753
Test: 1. atest com.android.server.ConnectivityServiceTest \
#testNattSocketKeepalives --generate-new-metrics 100
2. atest FrameworksNetTests --generate-new-metrics 10
3. simulate the fail case manually.
Change-Id: I790f6bbc5efc3f088034ac45ec379da5f781d0ca
Merged-In: I1991627545519ee5cb408a3df3a006f710f4af7b
(cherry picked from commit 3523a3d02a1f88a3990ab9cc4948c705ecc713c8)
am: b05b4d609f -s ours
am skip reason: change_id Ibcb91105e46f7e898b8aa7c2babc3344ef2c6257 with SHA1 0586a60292 is in history
Change-Id: I64a66b8c08963428d409908f93c1d557fd9e4ff6
Public APIs for creating unprivileged NATT socket keepalive
might allow users to exhaust resource if malicious apps try
to create keepalives with fd which is not created by
IpSecService through binder call. Thus, this change add
customizable limitation per uid to prevent resource exhaustion
attack.
Bug: 129371366
Bug: 132307230
Test: atest FrameworksNetTests
Clean cherry-pick of aosp/954040
Merged-In: Ibcb91105e46f7e898b8aa7c2babc3344ef2c6257
Merged-In: Ia667386c1a8949839871a6949d79552d9c8b88f0
Change-Id: I92f6d977b6dfde4e1bf74df6b60c9a0b9e8eec40
This change specifies the required minimum supported keepalives
in SDK, and allows OEMs to customize supported keepalive count
per network through resource overlay.
Bug: 129371366
Test: 1. m -j doc-comment-check-docs
2. atest FrameworksNetTests
Clean cherry-pick of aosp/946359
Change-Id: I06840834d0ee8121358bf4829fe47ecf9964d395
Merged-In: I0218f3674628c13ead63fc9a873895ba7f113033
Merged-In: Ia667386c1a8949839871a6949d79552d9c8b88f0
In aosp/951200, the clean up function delete the item in the
hash map that holds the record while iterating it, where the
list used to iterate the records is backed by the hash map,
so changes to the map are reflected in the list and caused
the concurrent modification exception.
Bug: 132341736
Test: 1. atest com.android.server.ConnectivityServiceTest \
#testNattSocketKeepalives --generate-new-metrics 300
2. atest FrameworksNetTests --generate-new-metrics 10
Change-Id: I0481a469ee23231e5f0ab738a06b5e09f6cdb680
am: 1140cb3dbb -s ours
am skip reason: change_id Id3f0d1c19a76c7987b69e449203fc50423f5e531 with SHA1 e6a0ed54d3 is in history
Change-Id: I0dc150eb7a4c72f381df12919de8e7ccfb341ba0
am: 4506469d8e -s ours
am skip reason: change_id Icfd80943212430b2a0e6a4b55f53270cbc3d1693 with SHA1 3f11892c07 is in history
Change-Id: I759c399eedf0e111de92b5d4538409b0a14759bb
am: 3d8ee7e355 -s ours
am skip reason: change_id I8d36177cbf4f39da602331e091a60a40f6eaea33 with SHA1 612724480f is in history
Change-Id: Icc484c8d0c483e3306a892f2ed0300109d1328e3
am: e3dc775c7f -s ours
am skip reason: change_id I85891485157ed86e069039dfe3092028ff703dd5 with SHA1 ecbcb7fbfc is in history
Change-Id: If9c8aa41c4e96a79b71c88f199a4f3b0483e31cd
am: 6e0c162246 -s ours
am skip reason: change_id I85891485157ed86e069039dfe3092028ff703dd5 with SHA1 ecbcb7fbfc is in history
Change-Id: Iec27ecd2f0c0636b066fa0fe83c049fff656343f
Bug: 132435820
Bug: 132437254
Original CL description:
Add FrameworksNetTests dependency on libcgrouprc
The tests are currently broken without this dependency.
Bug: 129902619
Test: atest FrameworksNetTests
Merged-In: I85891485157ed86e069039dfe3092028ff703dd5
Change-Id: I7daf6bdf8a9f8836d17746e1e352f8f75cd34adc
am: 5c31d4ff79 -s ours
am skip reason: change_id Iaa78a7edcf23755c89d7b354edbc28d37d74d891 with SHA1 2fca7e3cb3 is in history
Change-Id: I83461198c27a7252d5328283ae37cd52f3902863
Currently, strict mode private DNS does not work on VPNs because
NetworkMonitor does not validate VPNs. When a VPN connects, it
immediately transitions to ValidatedState, skipping private DNS
hostname resolution.
This change makes NetworkMonitor perform private DNS hostname
resolution and evaluation even on VPNs.
In order to ensure that the system always immediately switches to
the VPN as soon as it connects, remove the unvalidated penalty
for VPN networks. This ensures that the VPN score is always 101
and the VPN always outscores other networks as soon as it
connects. Previously, it would only outscore other networks
when no-op validation completed.
Bug: 122652057
Test: atest FrameworksNetTests NetworkStackTests
Test: manually ran a VPN with private DNS in strict mode
atest android.net.cts.ConnectivityManagerTest com.android.cts.net.HostsideVpnTests
Change-Id: Iaa78a7edcf23755c89d7b354edbc28d37d74d891
Merged-In: Iaa78a7edcf23755c89d7b354edbc28d37d74d891
(cherry picked from commit 414b8c8b1ce8ae2ad6ef95c1ffba19062077d3e6)
am: 29510ea4d8 -s ours
am skip reason: change_id I7de4f23370bdf9c9df5e74ed074c794080d93d95 with SHA1 afc8845452 is in history
Change-Id: I82ccab369a264ac6e7629a83d0ed9b1dbca67725
Currently, strict mode private DNS does not work on VPNs because
NetworkMonitor does not validate VPNs. When a VPN connects, it
immediately transitions to ValidatedState, skipping private DNS
hostname resolution.
This change makes NetworkMonitor perform private DNS hostname
resolution and evaluation even on VPNs.
In order to ensure that the system always immediately switches to
the VPN as soon as it connects, remove the unvalidated penalty
for VPN networks. This ensures that the VPN score is always 101
and the VPN always outscores other networks as soon as it
connects. Previously, it would only outscore other networks
when no-op validation completed.
Bug: 122652057
Test: atest FrameworksNetTests NetworkStackTests
Test: manually ran a VPN with private DNS in strict mode
atest android.net.cts.ConnectivityManagerTest com.android.cts.net.HostsideVpnTests
Change-Id: Iaa78a7edcf23755c89d7b354edbc28d37d74d891
