The changes required are:
- Change all usages of when(mCm.method()).thenReturn(...) to
doReturn(...).when(mCm).method() because spies must use the
latter syntax.
- In setDataSaverEnabled, set the mocked return value before
sending the broadcast. Otherwise, the first time the method is
called, the spy will attempt to send the broadcast, and will
crash because it does not have permission to do so.
This does not do anything useful yet, but it will be used in
future CLs.
Bug: 173068192
Test: atest TetheringTests
Change-Id: I968bfa76ead25b2d45ed1c0e8ede32df81401579
TetheringTest is only able to build UpstreamNetworkState objects
for mobile Internet networks. Support building wifi and dun
versions as well.
Bug: 173068192
Test: atest TetheringTests
Change-Id: Id46f1e5b65dbe04e84a5f56343821af260e2539e
This allows future tests that want to exercise the interactions
between Tethering and UNM to do so.
Also verify what happens when UNM is initialized, and in setUp,
capture the NetworkCallback it files to track the default
network, so tests can send it NetworkCallbacks. (This callback
is only ever filed once.)
Test: test-only change
Change-Id: Iff9b62120cced41cc61263bfd4fa34f575d0ac00
Currently, this class is a static inner class of
UpstreamNetworkMonitorTest. Extract it to its own top-level class
so it can be used by other tests.
Bug: 173068192
Test: atest TetheringTests
Change-Id: I6bdb090a99781ac2530b3924ac5c4cf78de315b0
The system API are moved to the connectivity module: add dependency on
the stubs from framework-tethering.
This only allows tethering to depend on system API defined by the
connectivity classes, not on any private code, even if they are
eventually bundled in the same APEX.
Bug: 171540887
Test: m
Merged-In: Iebfb3e01c5d2480e84edcfc76cf489520bd60237
Merged-In: Ic2491f04880ff66abc3b2d3aaee6168e18f6d68a
(clean cherry-pick from internal branch)
Change-Id: Iebfb3e01c5d2480e84edcfc76cf489520bd60237
For ipv6 we need 1 entry per client, so 64 seems like plenty,
while for ipv4 we need 1 entry per flow, so even 1024 seems
like it might not be enough, but it's much better than 64.
Nucca says:
# cat proc/sys/net/netfilter/nf_conntrack_buckets
65536
# cat proc/sys/net/netfilter/nf_conntrack_max
262144
per https://www.kernel.org/doc/Documentation/networking/nf_conntrack-sysctl.txt
the default “nf_conntrack_max” is “nf_conntrack_buckets * 4”.
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ib7d1d8c19bc688c442d842cf5c9f45cdf1241754
A caller can mostly already do this via forEach(), but having a
specific method is faster (since the code does not need to read
the value) and easier to use.
The semantics of this method (e.g., ignore ENOENT while deleting
a key, but throw on any other error) match those of the native
BpfMap::clear method.
Test: new unit tests
Change-Id: I5cd32efd0f87c823cd2d0a2fa3a95a83093fb6f9
The flag allows overriding the value of config_tether_upstream_automatic
on released R devices, as issues have been found on devices where an
overlay was used to set it to false.
The flag is only usable on R devices, as S devices can either not set
the setting to false, or fix the underlying issues.
Bug: 173068192
Test: atest TetheringCoverageTests
Change-Id: Id99638916e08e596fab21cedd7bfe39906ce2fe5
because it is not appropriate for use in XDP programs
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ibd5dac9676bae7aa5f10fbcfd777291f72bec819
and more importantly unconditionally. This requires less effort
on the part of the in-kernel bpf verifier.
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ibaa94bf096fc81c4d984dfabf515131b1c81ef09
Currently, this is the default so this is a no-op,
But the default is changing to true.
Bug: 180375550
Test: Treehugger
Change-Id: Ib841e474ab2b2ff2b54c160bb06c3bbbeea92675
We've backported the necessary support to all 4.14+ ACK kernels,
but we can't actually enforce that these changes will be picked
up by all devices. Thus we can only make the full featured
implementations optional on [4.14..5.8) kernels, with a tcp-only
version for those 4.14+ devices where the full featured version
fails to load.
Note: there's still a fair bit of implementation work left
in the do_forward4() function itself. This is really just
the skeleton.
Test: atest, TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: If78123e00d55a77f2ecd7da1547581797e23f9b2
This will facilitate providing a tcp-only version of the programs
which due to TCP's very long timeouts will not need to use the
Linux 5.8+ bpf_ktime_get_boot_ns() helpers.
Test: atest, TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I1e49b6758d3754782ac6f8820e0c15aa20e4c61d
As this is the actual version that is required,
ie. the version that supports bpf_ktime_get_boot_ns() helper.
Test: atest, TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I2ea4830597a0bed53950a5d0c483a47208959f35
The tethering module uses JNI in various classes, but only calls
System.loadLibrary in TetheringService#makeTethering. This means
that:
1. Any test that uses a class that uses JNI must load the
library itself.
2. Any code that runs before TetheringService#makeTethering could
potentially crash if it uses JNI. We may never have such code
though.
Instead, make every class that has a native method load the JNI
library itself at static initialization time. This guarantees
that the class will have the JNI code available in any context
(production, test, etc.)
System.loadLibrary is documented not to do anything if called
more than once with the same library name:
https://docs.oracle.com/javase/7/docs/api/java/lang/Runtime.html#loadLibrary(java.lang.String)
and the implementation has a lock so it is safe to call from
multiple threads concurrently.
Test: builds, boots, tethering starts
Test: atest TetheringCoverageTests
Change-Id: I9c0147ae9a28877f416aaff387b426d304ae552d
This CL adds the counters collected by the tethering programs to
the output of "dumpsys tethering bpf". The counter names are
fetched by JNI code at startup and then read by the debugging
code on demand.
Example from my device:
Forwarding errors:
TCP_CONTROL_PACKET: 67
NON_GLOBAL_SRC: 13
NON_GLOBAL_DST: 17
LOCAL_SRC_DST: 7
Test: manual (debug-only code)
Change-Id: I7ec7992612556a4bca5f1b6bb52c655d6d870201
Currently, the dump methods open BpfMap objects and never close
them. This leaks filedescriptors, and if dump is called often
enough, will crash the networkstack process.
Fix this by using try-with-resources statements that
automatically close the map when exiting the try block.
Change the signature of BpfMap#close from "throws Exception" to
"throws ErrnoException" since it does not throw any other type
of checked exceptions.
Test: "lsof | grep network_st" while running "dumpsys tethering bpf" in a loop
Change-Id: I66c407454c2715bf41bf3a2e81bd582f9ea5a905
Currently, debugging the tethering programs is not easy because
in case of any failure they simply return TC_ACT_OK. This CL adds
a number of counters that the program can increment in the case
of interesting events such as malformed packets.
At the moment the counters are stored in a global tethering error
map, which is an ARRAY map of 32-bit counters. This should not
take up much space because there are only a dozen of these.
We might not need all of these counters. In future CLs we can
reduce the number of counters, or perhaps move them to a map of
maps so as to have separate counters on a per-interface basis.
Test: manual
Change-Id: I3fcd7eb8d318700092949ff2f39987bf4ba3656c
This provides a place to store common definitions that can be
used by both the programs and by JNI code in the tethering
module.
Over time much of the tethering-specific code in bpf_shared.h
could move here.
Test: m
Bug: 177884581
Change-Id: I4bf2c762d61cd5db003d59880e6bf7d107ff1a07
Add NetdStaticLibTestsLib into Tethering MTS , so that the tests
under client-libs can also be run when running tethering MTS.
Bug: 170598012
Test: atest TetheringCoverageTests
Change-Id: Idd47becaa4254ab80b74ad5f3ddcdd4b017a5e69
Add code to BpfCoordinator to dump upstream IPv4 and IPv6 rules.
For IPv4, currently only the upstream map is printed, because the
downstream map is expected to be symmetrical.
Example output:
=============
21(21) -> 12(rmnet_data2) 86dd 00:00:00:00:00:00 00:00:00:00:00:00
[wlan1]: iif(iface) oif(iface) v6addr srcmac dstmac
12(rmnet_data2) 21(wlan1) /2001:240:2425:b5dc:21a9:995d:bc57:bc37 b2:b5:e0:24:21:c2 ca:06:8d:54:99:ad
[IPv4]: iif(iface) oif(iface) src nat dst
21(21) 12(rmnet_data2) 192.168.16.247:41544 -> 100.101.80.108:41544 -> 216.239.36.135:443
21(21) 12(rmnet_data2) 192.168.16.247:42028 -> 100.101.80.108:42028 -> 8.8.4.4:853
21(21) 12(rmnet_data2) 192.168.16.247:42032 -> 100.101.80.108:42032 -> 8.8.4.4:853
21(21) 12(rmnet_data2) 192.168.16.247:42042 -> 100.101.80.108:42042 -> 8.8.4.4:853
21(21) 12(rmnet_data2) 192.168.16.247:41816 -> 100.101.80.108:41816 -> 8.8.8.8:853
21(21) 12(rmnet_data2) 192.168.16.247:42040 -> 100.101.80.108:42040 -> 8.8.4.4:853
=============
Also make it possible to do "dumpsys tethering bpf" and get only
the BPF dump.
Test: manual
Change-Id: I2aaa2fdda7d724994090c26feff585f24cd3283b
