The tests are run both in unit and CTS tests.
Test: atest FrameworksNetTests NetworkStackTestCases
Bug: 129200175
Change-Id: I52976bbbaca26fb317836e8461e372c25df02a22
This adds the moved tests to CTS as well.
The moved unit tests are appropriate for CTS as they test data holder
classes that need to function properly for apps to work.
Test: atest FrameworksNetTests
Test: atest CtsNetTestCases: added tests pass
Bug: 129199900
Change-Id: I4c3d31ed595024af84093ca9110ed43633c383f4
When a fully-routed VPN is running, we want to prevent normal apps
under the VPN from receiving packets originating from any local non-VPN
interfaces. This is achieved by using eBPF to create a per-UID input
interface whitelist and populate the whitelist such that all
non-bypassable apps under a VPN can only receive packets from the VPN's
TUN interface (and loopback implicitly)
This is the framework part of the change that build the whitelist.
The whitelist needs to be updated in the following cases:
* When a VPN is connected and disconnected
This will cover the change to allowBypass bit, since that can't be
changed without reconnecting.
* When a VPN's NetworkCapabilites is changed (whitelist/blacklist app changes)
* When a new app is installed
* When an existing app is removed
* When a VPN becomes fully-routed or is no longer fully-routed
New user/profile creation will automatically result in a whitelist app change
transition so it doesn't need to be handled specially here.
Due to the limitation of the kernel IPSec interacting with eBPF (sk_buf->ifindex
does not point to the virtual tunnel interface for kernel IPSec), the whitelist
will only apply to app VPNs but not legacy VPN connections, to prevent breaking
connectivity with kernel IPSec entirely.
Test: atest PermissionMonitorTest
Test: atest android.net.RouteInfoTest
Test: atest com.android.server.ConnectivityServiceTest
Test: atest HostsideVpnTests
Bug: 114231106
Change-Id: I143b03d60e46cb1b04732b4a4034f5847b4d1b1a
The common package covers tests that should be included both in CTS and
unit tests.
Test: atest FrameworksBaseTests
Bug: 129199908
Change-Id: I9c138d49ce010edde095e4bd3c47e36ca301634a
The argument of IpPreFix#contains() has been marked as @NonNull.
So the IpPrefixTest#testContainsInetAddress should not test
contains() method wiht null object.
Bug: None
Test: atest FrameworksNetTests
atest IpPrefixTest#testContainsInetAddress
Change-Id: I2f6bee19514dc47702f64d2a2bbf02d8b7b1b407
* changes:
Move BatteryStats and StatsCompanionService to use NetworkStatsService.
NetworkStatsService: Fix getDetailedUidStats to take VPNs into account.
Take all VPN underlying networks into account when migrating traffic for VPN uid.
This API is similar to one provided by NetworkStatsFactory with the
difference that NSS also migrates traffic from VPN UID to other apps.
Since traffic can only be migrated over NetworkStats delta, NSS
therefore maintains NetworkStats snapshot across all UIDs/ifaces/tags.
This snapshot gets updated whenever NSS records a new snapshot
(based on various hooks such as VPN updating its underlying networks,
network getting lost, etc.), or getDetailedUidStats API is invoked by
one of its callers.
Bug: 113122541
Bug: 120145746
Test: atest FrameworksNetTests
Test: manually verified that battery stats are migrating traffic off of
TUN (after patching above CL where we point BatteryStats to use this
API).
Change-Id: Ib0f0c2d4d41ee1d7a027ea9da457baaf198d649e
VPN uid.
Bug: 113122541
Bug: 120145746
Test: atest FrameworksNetTests
Test: Manually verified on device that stats from VPN UID are moved
appropriately based on its declared underlying network set.
Test: vogar --mode app_process --benchmark NetworkStatsBenchmark.java
Change-Id: I9d8d0cc58d18002c1c96f8ddff780ef8dc452d21
Fill correct TOS/TTL value by fetching them from kernel with
getsockopt.
bug: 123967966
Test: -build, flash, boot
-atest FrameworksNetTests
Change-Id: I75b1be51040b4a381163958b4cddd27dbb22bac1
1. Some API's argument/return value must be marked either
@NonNull or @Nullable.
2. Change some system APIs to public APIs.
3. Modify the method name
Bug: 126700123
Bug: 126702339
Bug: 126699682
Bug: 118296575
Bug: 126699216
Bug: 126699675
Bug: 126699429
Bug: 126699193
Bug: 123586045
Test: atest FrameworksNetTests
Change-Id: Iaa2832cdcf83758ed0fec81b954a0c63bc5a7bf6
Replace TcpSocketInfo with TcpKeepalivePacketDataParcelable
because their structures are very similar.
bug: 128882321
Test: -build, flash, boot
-FrameworksNetTests
Change-Id: Iafb4031a64ba4775a495c156e2c997d890c6b261
This is necessary to allow usage of ApfCapabilities as-is in AIDL,
instead of relying on ApfCapabilitiesParcelable, assuming that stable
AIDL starts allowing usage of @SystemApi classes. The Parcelable
implementation would be convenient for clients in any case.
Bug: 126477266
Test: atest FrameworksNetTests
Change-Id: Id2ef3cad261832a2918ccb6bb6bc154d99d75746
In some networks, network validation may only get success
result for http probe but fail result for https probe.
For this kind of network, it may still work at some websites
or apps, but user didn't know about that. In order to fix this
issue, we will check if network has partial connectivity and
notify user to make a choice if they want to use this partial
connectivity or not.
Bug: 113450764
Test: 1. Build pass.
2. Fake partial connectivity case for testing.
3. atest FrameworksNetTests
4. atest NetworkStackTests
Change-Id: I69ed00ac4850904ff708c9fef22e148879a10e92
When offload is starting, socket will be switched to repair
mode. Read and write on the socket will not be allowed until
repair mode is turned off. If remote packet arrives, repair
mode will be turned off automatically and a callback will
be raised to indicate that socket is ready to read from.
Bug: 114151147
Test: -atest FrameworksNetTests
-manual
Change-Id: I0c335865912e183e7ad32a8ea12188f02ccde5fd
Currently we support exactly one NAT64 prefix. This matches what
other components in the system (Dns64Configuration, clatd, etc.)
support.
Test: atest FrameworksNetTests
Change-Id: I45a11cebe43a5e1c60d50eca7889cb317565b598
This implements a minimal contract for the IP Memory Store
feature.
Test: Created new tests for parcelable code. For the rest, created
empty tests, but there is no logic, it's boilerplate day
Bug: 116512211
Change-Id: I15dc6275b370d671385ddfdb058a8b8d39952d6e
Currently, 464xlat counts its ipv6 tx traffic into root uid.
When user is making ipv4 upload over ipv6-only network, ipv4
tx traffic may sometimes be counted faster then ipv6 tx
traffic.
Thus, NetworkStatsService may detect non-monotonic values due
to 464xlat adjustment.
So the solution is that: for clatd, make ipv6 tx traffic counts
into clat uid, and then ignore it in the framework side.
Bug: 118602783
Test: 1. manually verify clatd traffic on clat uid.
2. runtest frameworks-net
Change-Id: Ifb478b79e3e281918c70e16d1f90682c78f33db1
Add a generic transport-specific information container interface and
access methods. These can be used by a network factory to pass transport
(bearer)-specific network parameters to the app.
Bug: 117605977
Test: atest frameworks/base/tests/net/java/android/net (+new unit tests)
Change-Id: Ib7c83b677e1c02a2212265719813e648b0c9cc1b
In follow-up commits, current API would create new NetworkStats
every time when 464xlatAdjustment wants to filtered out some
uids.
This commit refactors it to delete stats in-place to get better
performance.
Bug: 118602783
Test: atest FrameworksNetTests
Change-Id: I858f95d1fa7733111786243b4e261ce8a70a068d
Some applications or services are needed PCSCF address to register IMS server but there is no way to get it on Android Framework.
We have added PCSCF address to LinkProperties like attached diff files.
Test: get Linkproperties and check Pcscf addresses.
atest FrameworksNetTests
Change-Id: Ic2341a4ce2ed88d560325721766fc21f85f7ff86
Signed-off-by: Hongshik <hshik.kim@samsung.com>
This change adds support for XFRM-I to all IpSecService netd calls.
Fallback logic is in netd, and thus both VTI and XFRM-I parameters are
always passed down to IpSecService.
Bug: 78589502
Test: All java, CTS tests passing
Change-Id: Ie4186f0ad7e50763b21831f6fa411b5ee436de78
Add a utility method to convert an EUI-48 to an IPv6 link-local
address based on RFC 4291 (EUI-64 generation) followed by RFC 4862.
Bug: 117605977
Test: atest MacAddressTest
Merged-In: I80b683e69da6beff3b37fc345fc15aa9610d09b7
Change-Id: I80b683e69da6beff3b37fc345fc15aa9610d09b7
When using xt_qtaguid to count per uid stats,
NetworkStatsService needs to adjust the 464xlat traffic since
iptables module would double count for ipv4 and ipv6 packet.
But for eBPF, the per uid stats is collected in a different
hook, so the adjustment on root uid would only be needed in tx
direction.
Bug: 112226716
Test: 1. Make ipv4 traffic in ipv6-only network and check data
usage.
2. Make ipv4 traffic in a client which connect to
ipv6-only hotspot.
3. runtest frameworks-net
4. cts-tradefed run cts -m CtsNetTestCases -t \
android.net.cts.TrafficStatsTest
5. cts-tradefed run cts -m CtsUsageStatsTestCases
Change-Id: Ic9a84f5446eddc943c255d5f3b89dad171f53cac
onBlockedStatusChanged is intruduced for network blocked status.
The changes in this patch are:
- Test onBlockedStatusChanged which tells apps whether the
network is blocked.
- Fixed the tests which is affected by the order changed in
onAvailable.
Test: as follows
- runtest frameworks-net
- runtest -x NetworkPolicyManagerServiceTest.java
Bug: 74575553
Change-Id: I383c037ed895ef69c478dc3cff69fb1e27c42845
Those parameters will be used to start DhcpServer or update its
configuration.
Test: runtest DhcpServingParamsTest.java
Bug: b/109584964
Change-Id: Id8d3dcf62d66dcb02accffa8d8500e30f07af452
The current utilities map the higher-order bytes of ints to the
lower-order bytes of IPv4 addresses, which makes applying masks and
generating series of addresses confusing.
For example, the current utilities would convert 1.2.3.4 to 0x04030201,
or generate 0x0080ffff for a /17 subnet mask. The utilities in this CL
convert 1.2.3.4 to 0x01020304, and a /17 subnet mask is represented as
0xffff8000.
Includes tests for all the above methods and migration of
NetworkUtilsTest to JUnit4.
Test: added tests pass
Change-Id: I5f5aa2e6e3b054b66b9dc507dab64f41be9139b1
* changes:
Disable the AppOp Restriction for IpSec Tunnels
Rework Exception Handling for IpSecManager
Update IpSecManager to use InetAddress and prefixLen
Add AppOps Checks for MANAGE_IPSEC_TUNNELS
Add MANAGE_IPSEC_TUNNELS Permission
LinkAddress constructors are currently @hide; this change updates
IpSecManager to use InetAddress and prefixLen, and then construct a
LinkAddress internally. LinkAddress is used over the binder interface to
IpSecService to ensure validity.
Bug: 77528639
Test: CTS, Java unit tests ran on walleye
Merged-In: I19e124adef6d9f4992d8293db3190bcf74c95848
Change-Id: I19e124adef6d9f4992d8293db3190bcf74c95848
(cherry picked from commit 2ea91aee42)
Adds support for a new AppOp to permit services to
use IpSec tunnel mode. The IpSecService now needs
a context so change the service mode to a cached
service rather than a static service.
Bug: 66955045
Test: runtest frameworks-net
Merged-In: I17a4a286225b432c3e15ea1587d946189931b4f4
Change-Id: I17a4a286225b432c3e15ea1587d946189931b4f4
(cherry picked from commit 68a7edf1cb)
P introduced setSSID, UIDs and unwanted capabilities.
None of these exhibit commutative behavior through combineCapabilities
because their semantics don't allow it. Therefore
NetworkRequest.setCapabilities() is badly broken around any of
these. Look at the comments in the new tests to realize the
extent of the damage.
Clean cherry-pick of ag/4083952
Bug: 79748782
Test: new tests written, old tests pass
Change-Id: Iafe074126132a82af37f4bf056c4a7b8d56bdc83
Merged-In: Ia5bebf8a233775367bbf1b788870528934ecbcfb
Merged-In: I13d7782a6c0c7b1f94137995bbb0d257a58d89c1
