This is a back-pocket solution only, to ensure that VpnManager
privileged clients can temporarily rely on IPv6 UDP encap if on
certain carriers IPv4 UDP and IPv6 ESP cannot provide acceptable
performance and battery life.
For these reasons IPv6 UDP encap is not a public or system API
and is triggered by passing a port greater than 65535 to the
existing openUdpEncapsulationSocket API.
Bug: 259001350
Test: new CTS tests
Change-Id: I02e0566ba910a300dda6a589cd265a3360add40c
This commit adds methods to support migrating tunnel mode
IpSecTransform to new source/destination addresses.
Bug: 169171001
Test: atest FrameworksNetTests (new tests added)
Change-Id: Ic177015fba5b62d3f73009633118109d3631086f
Fix the policy leak by deleting forwarding policies when deleting
the IPsec tunnel interface.
Bug: 254566085
Test: atest IpSecServiceParameterizedTest (new tests added)
Change-Id: I29dd4810abb978fe886776b2fbacdfc74325436d
Improve the setUnderlyingNetwork method by throwing IAE
when Network's LinkProperties is null. Also update the
API doc to give caller more guidance in using this API
Bug: 232309601
Test: UT: IpSecServiceParameterizedTest, IpSecServiceTest,
IpSecServiceRefcountedResourceTest, IpSecManagerTest, VpnTest
Test: CTS: IpSecManagerTest, IpSecManagerTunnelTest, Ikev2VpnTest
Test: make doc-comment-check-docs
Change-Id: Idab4706b0db42ed2222fb48b168589ed005d2f2f
IpSec service is going to be a part of Connectivity mainline module
and ParcelFileDescriptor(FileDescriptor) is a hidden API that cannot
be used by mainline module.
Therefore, use ParcelFileDescriptor.dup(FileDescriptor) to get a
ParcelFileDescriptor instead.
Bug: 204153604
Test: FrameworksNetTests
Change-Id: I0ccabdfc5060f4b635e9a7009a67fbd5d32002fd
IpSecService is going to be moved into ConnectivityService
module. So, NetdService won't be visible to IpSecService
since it is a hidden class.
NetdService.get(timeout) is a method that blocks for specified time
until INetd instance is available. In SystemServer IpSecService is
created after NetworkManagementService and NMS uses NetdService.get()
to get INetd instance which is a method that blocks until an INetd
instance is available. Thus, connectNativeNetdService can be removed
because NMS already waits for INetd instance is available so IpSecService
should be able to get INetd instance immediately.
Bug: 204153604
Test: FrameworksNetTest
Change-Id: I007cb28de63783d60084f93dddb4de78faa0e868
IpSecService is going to be moved into ConnectivityService module,
so the hidden API usage should be removed.
NetdService.getNetdInstance is a hidden API, therefore the alternative
is to get the instance by Context.getSystemService.
Bug: 204153604
Test: FrameworksNetTests
Change-Id: I1bd8efc03c37654d12a8eadd3e78ed45e10b5691
IpSecService is going to be moved into Connectivity mainline module.
Move all ipsec associated files to packages/ConnectivityT so that
it can be easily migrate these files to connectivity module after
clearing the hidden API usages.
Bug: 204153604
Test: build pass
FrameworksNetTests
CtsNetTestCases
Change-Id: I562b47f18e345988a2638cf886f86818f9144b91
