* changes:
Add one more test for VPN usage stats.
Addressing comments for http://ag/7700679.
NetworkStatsService: Fix getDetailedUidStats to take VPNs into account.
Take all VPN underlying networks into account when migrating traffic for VPN uid.
(cherry picked from commit 2af0b66aba)
This API is similar to one provided by NetworkStatsFactory with the
difference that NSS also migrates traffic from VPN UID to other apps.
Since traffic can only be migrated over NetworkStats delta, NSS
therefore maintains NetworkStats snapshot across all UIDs/ifaces/tags.
This snapshot gets updated whenever NSS records a new snapshot
(based on various hooks such as VPN updating its underlying networks,
network getting lost, etc.), or getDetailedUidStats API is invoked by
one of its callers.
Bug: 113122541
Bug: 120145746
Test: atest FrameworksNetTests
Test: manually verified that battery stats are migrating traffic off of
TUN (after patching above CL where we point BatteryStats to use this
API).
Change-Id: I4b8d7c5b6905a4a12c1806dfd35c2c4c63610404
VPN uid.
(cherry picked from commit 612520f544)
Bug: 113122541
Bug: 120145746
Test: atest FrameworksNetTests
Test: Manually verified on device that stats from VPN UID are moved
appropriately based on its declared underlying network set.
Test: vogar --mode app_process --benchmark NetworkStatsBenchmark.java
Change-Id: I7f368c5970b2dcb969fe0daf5ef44edb1f51d09d
This is the most common test library for Connectivity tests. It is
meant to be usable in framework tests, network stack tests, CTS,
GTS. To achieve that, it can only depend on framework classes.
Bug: none
Test: NetworkMonitorTest
Test: NsdManagerTest
Test: ConnectivityServiceTest
Test: OffloadControllerTest
Test: NetworkStatsObserversTest
Test: NetworkStatsServiceTest
(all the touched classes)
Change-Id: Ic47cbe7ba0e407145fa6bc49bb2adb3c5937dbc4
This test is conitnuely fail in cuttlefish.
Lack of ipv6 default route in cuttlefish caused the test failed.
The reason is that the result of rfc6724Sort depends on on the route in system.
It is not good to expect any route should exists, so remove it.
Bug: 133649648
Test: atest DnsUtilsTest
Merged-In: Idc6db433585de067e45088b43665c8e37b310397
(cherry picked from commit 91b35f88429d77ddce0e3f539690e6370b89915b)
Change-Id: Idb6f4c094d3466772e3bfc98a57505bf38f381ef
This test is conitnuely fail in cuttlefish.
Lack of ipv6 default route in cuttlefish caused the test failed.
The reason is that the result of rfc6724Sort depends on on the route in system.
It is not good to expect any route should exists, so remove it.
Bug: 133649648
Test: atest DnsUtilsTest
Change-Id: I91f89782b9b989fa1a49e666bb5ce2df3a0dbbf7
1. pass default network explicitly to fix potential
mis-sync network problem in DnsResolver#query
2. Add rfc6724 sort and related test
3. DnsResolver do rfc6724 sort before response InetAddress answers
4. move haveIpv* function from DnsResolver to DnsUtils
Bug: 129530368
Test: atest DnsResolverTest DnsUtilsTest
Merged-In: I0323f5c7f32fc3fa589b9e87f8e7c9caf744dbd4
(cherry picked from commit d352f4ca85ff8418a5a58d32fb03b85d7e0b843b)
Change-Id: I98455045fa43cc5a5902a08232251c1734feaac3
1. pass default network explicitly to fix potential
mis-sync network problem in DnsResolver#query
2. Add rfc6724 sort and related test
3. DnsResolver do rfc6724 sort before response InetAddress answers
4. move haveIpv* function from DnsResolver to DnsUtils
Bug: 129530368
Test: atest DnsResolverTest DnsUtilsTest
Change-Id: I4efa599c0605f6a9e4ef2dd1a36572c69b3c433f
This change specifies the required minimum supported keepalives
in SDK, and allows OEMs to customize supported keepalive count
per network through resource overlay.
Bug: 129371366
Test: 1. m -j doc-comment-check-docs
2. atest FrameworksNetTests
Clean cherry-pick of aosp/946359
Change-Id: I06840834d0ee8121358bf4829fe47ecf9964d395
Merged-In: I0218f3674628c13ead63fc9a873895ba7f113033
Merged-In: Ia667386c1a8949839871a6949d79552d9c8b88f0
This change specifies the required minimum supported keepalives
in SDK, and allows OEMs to customize supported keepalive count
per network through resource overlay.
Bug: 129371366
Test: 1. m -j doc-comment-check-docs
2. atest FrameworksNetTests
Change-Id: I0218f3674628c13ead63fc9a873895ba7f113033
The tests are run both in unit and CTS tests.
Test: atest FrameworksNetTests NetworkStackTestCases
Bug: 129200175
Change-Id: I78d78dd421cc3ffea774ff5eaa6aa758debc9cf2
Merged-In: I9b65a2eef94567d2b79a9955619938e64906080d
Merged-In: I78d78dd421cc3ffea774ff5eaa6aa758debc9cf2
(cherry picked from commit 9e046d509a37c6f37b4757f1681846cee60cfd5c)
This adds the moved tests to CTS as well.
The moved unit tests are appropriate for CTS as they test data holder
classes that need to function properly for apps to work.
Test: atest FrameworksNetTests
Test: atest CtsNetTestCases: added tests pass
Bug: 129199900
Change-Id: I895d2b57da658d5bed28ebe128611d5d15835742
Merged-In: I9f708a252ab606b782f5f828dce8c1690c3703bf
Merged-In: I895d2b57da658d5bed28ebe128611d5d15835742
(cherry picked from commit cc21fbd483138771dae04f4d86ab411e2e88e575)
When a fully-routed VPN is running, we want to prevent normal apps
under the VPN from receiving packets originating from any local non-VPN
interfaces. This is achieved by using eBPF to create a per-UID input
interface whitelist and populate the whitelist such that all
non-bypassable apps under a VPN can only receive packets from the VPN's
TUN interface (and loopback implicitly)
This is the framework part of the change that build the whitelist.
The whitelist needs to be updated in the following cases:
* When a VPN is connected and disconnected
This will cover the change to allowBypass bit, since that can't be
changed without reconnecting.
* When a VPN's NetworkCapabilites is changed (whitelist/blacklist app changes)
* When a new app is installed
* When an existing app is removed
* When a VPN becomes fully-routed or is no longer fully-routed
New user/profile creation will automatically result in a whitelist app change
transition so it doesn't need to be handled specially here.
Due to the limitation of the kernel IPSec interacting with eBPF (sk_buf->ifindex
does not point to the virtual tunnel interface for kernel IPSec), the whitelist
will only apply to app VPNs but not legacy VPN connections, to prevent breaking
connectivity with kernel IPSec entirely.
Test: atest PermissionMonitorTest
Test: atest android.net.RouteInfoTest
Test: atest com.android.server.ConnectivityServiceTest
Test: atest HostsideVpnTests
Bug: 114231106
Merged-In: I5af81bc80dadd086261ba4b1eb706cc873bb7cfa
Change-Id: I5af81bc80dadd086261ba4b1eb706cc873bb7cfa
(cherry picked from commit 65968ea16bf49f678d4a43c220e1d67393170459)
The tests are run both in unit and CTS tests.
Test: atest FrameworksNetTests NetworkStackTestCases
Bug: 129200175
Change-Id: I52976bbbaca26fb317836e8461e372c25df02a22
This reverts commit bc571c7cc8.
Reason for revert: Rolling forward, will fix tests in same CL stack.
Bug: 114231106
Bug: 130397860
Test: FrameworksNetTests
Change-Id: Ia8a0c99b4e1fd5dff26c881715cd876618ca4321
This reverts commit 4773027064.
This change does not have any topic: not reverting the other 2 commits in the original topic.
Reason for revert: broke FrameworksNetTests presubmit: b/130397860
Change-Id: Iff41d9fe97fafea44680c8d67d1ce19277548cc0
This adds the moved tests to CTS as well.
The moved unit tests are appropriate for CTS as they test data holder
classes that need to function properly for apps to work.
Test: atest FrameworksNetTests
Test: atest CtsNetTestCases: added tests pass
Bug: 129199900
Change-Id: I4c3d31ed595024af84093ca9110ed43633c383f4
When a fully-routed VPN is running, we want to prevent normal apps
under the VPN from receiving packets originating from any local non-VPN
interfaces. This is achieved by using eBPF to create a per-UID input
interface whitelist and populate the whitelist such that all
non-bypassable apps under a VPN can only receive packets from the VPN's
TUN interface (and loopback implicitly)
This is the framework part of the change that build the whitelist.
The whitelist needs to be updated in the following cases:
* When a VPN is connected and disconnected
This will cover the change to allowBypass bit, since that can't be
changed without reconnecting.
* When a VPN's NetworkCapabilites is changed (whitelist/blacklist app changes)
* When a new app is installed
* When an existing app is removed
* When a VPN becomes fully-routed or is no longer fully-routed
New user/profile creation will automatically result in a whitelist app change
transition so it doesn't need to be handled specially here.
Due to the limitation of the kernel IPSec interacting with eBPF (sk_buf->ifindex
does not point to the virtual tunnel interface for kernel IPSec), the whitelist
will only apply to app VPNs but not legacy VPN connections, to prevent breaking
connectivity with kernel IPSec entirely.
Test: atest PermissionMonitorTest
Test: atest android.net.RouteInfoTest
Test: atest com.android.server.ConnectivityServiceTest
Test: atest HostsideVpnTests
Bug: 114231106
Change-Id: I143b03d60e46cb1b04732b4a4034f5847b4d1b1a
The common package covers tests that should be included both in CTS and
unit tests.
Test: atest FrameworksBaseTests
Bug: 129199908
Change-Id: Ic78ff947250871fa773252c924f1dee9395c6074
(cherry picked from commit 054e3e0f5ebfffe5d9fdd0095abac309552ae0cd)
The common package covers tests that should be included both in CTS and
unit tests.
Test: atest FrameworksBaseTests
Bug: 129199908
Change-Id: I9c138d49ce010edde095e4bd3c47e36ca301634a
The argument of IpPreFix#contains() has been marked as @NonNull.
So the IpPrefixTest#testContainsInetAddress should not test
contains() method wiht null object.
Bug: None
Test: atest FrameworksNetTests
atest IpPrefixTest#testContainsInetAddress
Change-Id: I2f6bee19514dc47702f64d2a2bbf02d8b7b1b407
