Bpf offload do not support VCN network yet, don't start bpf offload
if the interface is ipsec*.
Bug: 191178945
Test: atest TetheringTests
Change-Id: I1ad8cededddec42f45b08aaa31d583c548d105f0
This is fixing post-FIN state (by disabling offload post-FIN).
Once the tcp state enters half-closing tcp state (fin wait,
close wait), delete the offload rules.
From this commit, we have done the short term solution for conntrack
tcp timeout issue. Here is what we have done so far.
- Stop updating tcp timeout to avoid updating wrong tcp state
timeout.
- Update the ESTABLISHED timeout
nf_conntrack_tcp_timeout_established (432000) after adding
bidirectional rules.
- Delete the tcp rules when the tcp state has left
"established".
Here is the long term solution and need to be addressed in follow up
commits.
- Parse the tcp state from netlink conntrack event.
- Build a mapping to trace the tcp state of the tcp conntrack event.
- Update tcp state timeout for {ESTABLISHED (432000), FIN_WAIT (120),
CLOSE_WAIT (60)}.
Bug: 190783768
Bug: 192804833
Test: atest TetheringCoverageTests
Manual test:
1. Browse on tethered device
2. Check conntrack tcp state is established.
$ cat /proc/net/nf_conntrack
ipv4 2 tcp 6 431995 ESTABLISHED src=192.168.207.9
dst=140.112.8.116 sport=50697 dport=443 ..
3. Check offload rules are added via dumpsys.
Upstream:
tcp .. 192.168.207.9:50697 -> 14(rmnet0) 10.224.1.247:50697
-> 140.112.8.116:443 ..
Downstream:
tcp .. 140.112.8.116:443 -> 30(30) 10.224.1.247:50697
-> 192.168.207.9:50697 ..
4. Stop browsing for a few seconds.
5. Check conntrack tcp state is half-closed.
$ cat /proc/net/nf_conntrack
ipv4 2 tcp 6 116 TIME_WAIT src=192.168.207.9
dst=140.112.8.116 sport=50697 dport=443 ..
5. Check offload rules are removed via dumpsys.
Upstream:
(not found)
Downstream:
(not found)
Change-Id: I07e27230bf8952acd7828d1f605167758b3bc490
Needed because a payload data packet may have gone through
non-offload path, before we added offload rules, and that this
may result in in-kernel conntrack state being in ESTABLISHED
but pending ACK (ie. UNACKED) state. But the in-kernel conntrack
might never see the ACK because we just added offload rules.
As such after adding the rules we need to force the timeout back
to the normal ESTABLISHED timeout of 5 days.
Issue: the timeout is set to unacknowledged 300s (countdwon to 298s)
$ adb shell cat /proc/net/nf_conntrack
ipv4 2 tcp 6 298 ESTABLISHED src=192.168.244.128
dst=140.112.8.116 sport=45694 dport=443 ..
Test: atest TetheringCoverageTests
Manual check:
$ adb shell cat /proc/net/nf_conntrack
ipv4 2 tcp 6 431988 ESTABLISHED src=192.168.40.162
dst=140.112.8.116 sport=40774 dport=443 ..
Bug: 190783768
Bug: 192804833
Change-Id: I8c34e85e26c9d976e5e2b85473db75ff46d8abd4
This is a preparation for only update the tcp timeout while
adding rules. Also add slack time for updating UDP timeout
interval.
Bug: 190783768
Bug: 192804833
Test: atest TetheringCoverageTests
Change-Id: I3151b531e6581e257f3cfa39ad2fcf1650358b3d
- Remove ipv4MappedAddressBytesToIpv4Address because it can be covered
by parseIPv4Address.
- Remove IllegalArgumentException from parseIPv4Address because it has
never happened
- Reverse the order of upstream and downstream timeout refreshing in
refreshAllConntrackTimeouts for readability because both source and
destination of the downstream are opposite direction to the
upstream.
Bug: 190783768
Bug: 192804833
Test: atest TetheringCoverageTests
Change-Id: I6a1e44777a4357dd3847c2e2bb1fc6c3cf01617c
registerSystemDefaultNetworkCallback no longer throws
UnsupportedApiLevelException as it has compatibility behavior down to Q,
so remove the catch clause for the checked exception.
The exception would previously not be thrown since the Tethering module
is only running on R+.
Bug: 182961265
Test: atest TetheringTests
Change-Id: I3c58235f3a59294995e5f32502fec6ccd17a3cf0
If config_tether_ncm_regexs is configured, load it to
tetherableUsbRegexs if ncm is used for TETHERING_USB. Load it to
tetherableNcmRegexs if ncm is used for TETHERING_NCM.
Bug: 185649441
Test: atest TetheringTests
Change-Id: I0c542560bd04e8c0a6a78d632da5a00a34d9a3fa
Before this change, usb IpServer would be created if corresponding
interface is available even there is no enable tethering attempt. And
usb IpServer only be disabled when interface is removed. Usb tethering
could not be stopped if interface is always avaialbe.
After this change, usb IpServer would be enabled and disabled according
to ACTION_USB_STATE.
Bug: 185649441
Test: atest TetheringCoverageTests
atest MtsTetheringTestLatestSdk
atest CtsTetheringTest
Change-Id: I8375e3f998d677dc658370b2553facaec0d5ff7c
Apply their respective jarjar rules on tethering and general
connectivity tests, then merge both into the coverage tests suite.
This is necessary to ensure that classes covered by tests have names
matching classes used in code.
Also fix IpConnectivityLogTest to use the module utility instead of the
hidden BitUtils, as the test would fail after internal utils are
jarjared.
Bug: 187935317
Test: atest ConnectivityCoverageTests TetheringCoverageTests
Change-Id: Ib95b58dab93f7adebc445b662a6d15db1ce0e7c2
Previously, the hidden API encoding of the tethering boot dex jars,
i.e. those dex jars that tethering contributes to the bootclasspath
were done as part of the monolithic hidden API processing. This change
causes the encoding to be done by the tethering's
bootclasspath_fragment.
This change involves the following:
* Addition of the fragments property to the tethering's
bootclasspath_fragment module to list all the other
bootclasspath_fragment modules on which this depends.
* Addition of the additional_stubs property to add stubs for APIs that
are not provided by another bootclasspath_fragment.
The build automatically checks that the hidden API flags which are
computed by tethering and encoded into its boot dex jars match those
that are generated by the monolithic processing so this is guaranteed
to be safe.
Bug: 179354495
Test: m com.android.tethering
- ensure that the generated APEX is byte-for-byte identical
before and after these changes.
m out/soong/hiddenapi/hiddenapi-flags.csv
- make sure that they are not changed by this.
(cherry picked from b28cb44e4b)
Merged-In: I4d9621325c7fcea5043cbca4c577ba2ac6125c0c
Change-Id: I4d9621325c7fcea5043cbca4c577ba2ac6125c0c
Print a dash for the unused "lastUsed" of the rule.
The age should not equal the bootime if the rule has never been
updated the "lastUsed" field.
Format:
[inDstMac] iif(iface) src -> nat -> dst [outDstMac] age
[00:00:00:00:00:00] 14(rmnet0) 140.112.8.116:443
-> 30(30) 10.170.56.233:43720
-> 192.168.45.236:43720 [be:34:40:28:33:5f] -
Test: dumpsys tethering
Change-Id: Ie771becd2f72518cf02a86e5ae228315785752a5
Allow stop TETHERING_NCM no matter ncm is used for TETHERING_USB or
TETHERING_NCM.
Add a test:
1. NCM is started for TETHERING_NCM
2. The config changes to use NCM for TETHERING_USB.
3. Then the config changes to use RNDIS for TETHERING_USB.
Also let some logs not only print in dumpsys, but also in logcat to
easiler debug unit test.
Bug: 185649441
Test: atest TetheringTests
Change-Id: Ia8d76a29646f36941cbb16cd68ae6887100ec8ec
The test can't have TetheringManager as an argument to methods or a
field, otherwise the test runner will crash when scanning the class for
tests because TetheringManager did not exist in Q. Although
testFactoryReset is already skipped on Q, the test runner would fail
at initialization time, before starting the run.
Use CtsTetheringUtils instead. This ensures that TetheringManager does
not have method signatures or members that reference classes that do not
exist on Q, so the test runner can scan the class successfully before
starting the run.
Bug: 188851796
Test: atest ConnectivityManagerTest on Q
Change-Id: I87488d0f23628a1ef2d7af0242513fcc5401d598
Data warning is not supported on R, and the notifyWarningOrLimitReached
callback also only exists in S.
Bug: 182962001
Test: atest OffloadControllerTest
Change-Id: I4914240967bba341f16e505acd29b80b90ab8569
This is supported by:
1. Utilize the new API from both NetworkStatsProvider
and IOffloadControl to send data warning quota to hardware.
And pass the warning reached notification back to NPMS.
2. Disable software solution introduced in R release for
V1.1+ hardware, since now we can fully offload data warning
and limit notification to hardware.
Test: atest TetheringTests
Fix: 149467454
Merged-In: Ie49461694d77ab7f25a549433b01b5b0167bd489
Change-Id: Ie49461694d77ab7f25a549433b01b5b0167bd489
(cherry-picked from ag/13981692)
This is a no-op change that just adapt new API from
NetworkStatsProvider to get warning and limit bytes at the same
time. This change also stores them locally for subsequent
patches to set warning bytes to hardware.
Test: Will be included in the subsequent patch.
Bug: 149467454
Merged-In: Iec01cb01fd1ce481ce0bd736762baddde1e38084
Change-Id: Iec01cb01fd1ce481ce0bd736762baddde1e38084
(cherry-picked from ag/13981691)
This is a no-op change that redirect both V1.0 and V1.1 callback
events to the same handling function. Since the V1.1 callback
is extended from V1.0 callback, we can safely use V1.1
callback for both V1.0 and V1.1 control.
The change also provides interface for subsequent
OffloadController changes to set warning and limit at the
same time.
Test: atest TetheringTests
Bug: 149467454
Merged-In: I6505a04de8c57357dd1fa9ce898c13395e497816
Change-Id: I6505a04de8c57357dd1fa9ce898c13395e497816
(cherry-picked from ag/13973147)
Remove NetworkCallbackInfo to use Handler directly, and separate
registerSystemDefaultNetworkCallback from requestNetwork.
Also verify that requestNetwork is only used with a default-like network
request on R, as S should be using registerSystemDefaultNetworkCallback.
Test: atest TetheringTests
Bug: 189581241
Change-Id: If6b9124b2d795b9db1e85256c694d0120c852542
The stable connectivity shims are updated to now contain S API, so
tethering tests that assumed that compatibility R behavior was used need
to be updated.
To avoid such failures Tethering tests should have a test target using
updated shims (TetheringNextTests), but this was not done in S
timeframe.
Bug: 189581241
Test: atest TetheringTests
Merged-In: Ibc04e64a1e9d82b67aff10d1a6d77f9e6b1bbdfb
Change-Id: Ibc04e64a1e9d82b67aff10d1a6d77f9e6b1bbdfb
Needed because the BPF maps offloads IPv4 traffic. The kernel can't
trace the offloaded traffic to keep the conntrack entry.
Bug: 190783768
Test: atest TetheringCoverageTests
Change-Id: Idbcf686c9b2124b192944156ac5111be741744fb
The condition for deleting IPv4 forwarding rules.
1. When the tethering client has gone, deletes the client and its
rules.
2. When the upstream has gone, deletes all rules.
3. When the upstream has changed, deletes all rules.
Test: atest TetheringCoverageTests and check IPv4 offload rules
via dumpsys tethering in the following test cases.
Bug: 190783768
Test cases:
a. Loss upstream interface while tethering
1. Enable WIFI tethering
2. Disable upstream interface
3. Check the rules are removed.
b. Loss downstream interfaces while tethering
1. Enable WIFI tethering
2. Enable BT tethering
3. Disable BT tethering
4. Check the BT tether rules are removed.
5. Disable WIFI tethering
6. Check the WIFI tether rules are removed.
c. Switch upstream interface while tethering
1. Enable WIFI tethering
2. Enable BT tethering
3. Switch upstream interface from cellular to wifi.
4. Check all rules are removed.
d. Enable NAT failure (manual)
Log:
The rule deletion in each case.
- IpServer#stopIPv4: case b and case d.
- BpfCoordinator#updateUpstreamNetworkState: case a and case c.
Test case a
06-23 09:58:59.245 [...] Tethering: [BpfCoordinator]
updateUpstreamNetworkState tetherOffloadRule4Clear wlan2
Test case b
06-07 22:17:51.886 [..] Tethering: [bt-pan] cleanupUpstream bt-pan
06-07 22:17:51.888 [..] Tethering: [bt-pan] stopIPv4 bt-pan
06-07 22:18:23.769 [..] Tethering: [wlan2] cleanupUpstream wlan2
06-07 22:18:23.772 [..] Tethering: [wlan2] stopIPv4 wlan2
Test case c
06-08 11:11:48.277 [..] Tethering: [BpfCoordinator]
updateUpstreamNetworkState tetherOffloadRule4Clear bt-pan
06-08 11:11:48.396 [..] Tethering: [BpfCoordinator]
updateUpstreamNetworkState tetherOffloadRule4Clear wlan2
06-08 11:11:48.579 [..] Tethering: [wlan2] cleanupUpstreamInterface
wlan2
06-08 11:11:48.808 [..] Tethering: [bt-pan] cleanupUpstreamInterface
bt-pan
Enabling NAT failure
06-08 13:04:18.117 [..] Tethering: [wlan2] Exception enabling NAT [..]
06-08 13:04:18.234 [..] Tethering: [wlan2] cleanupUpstream wlan2
06-08 13:04:18.246 [..] Tethering: [wlan2] stopIPv4 wlan2
Change-Id: Id505a3deb277bbe0f44403234d8ca8bbf01eec80
