Direct access to Netd from the bluetooth process is disallowed by
SELinux policy. This change reverts to the old behavior where IpManager
interacts with NetdService indirectly via NetworkManagementService.
Bug: 36492299
This partially reverts commit af39244a34f4449c12a5f925222c9bc8d8049320.
Change-Id: Icf20b1e24abf7dd3123760f8637928bde7afe06b
Rename the class and ensure that all code related to bad wifi
avoidance has names that reflect its purpose. This will allow us
to reuse most of the the code for other purposes in future CLs.
Test: runtest frameworks-net passes
Bug: 34630278
Change-Id: Ida190e5a79e7a12f4eec07e1a3e4d9d138e83bcd
testApfFilterRa is failing with probabiliy 1/10 ~ 1/15 on the following
assert: assertDrop(program, packet, lifetime/6), for lifetime values
that are multiple of 6, where 6 is the hardcoded fraction of RA lifetime
to filter in ApfFilter.java.
When the lifetime is not a multiple of 6, the remainder of 1 to 5
seconds gives enough margin so that when the APF program is simulated
the faked lifetime of the program is less than lifetime/6 away and the
packet is dropped.
However for lifetimes which are exact multiples of 6, this margin is
always 0s and that result in nondeterminism in the result. This is
consistent with the obervation that the only failed assert was for a
lifetime of 300s, the only multiple of 6.
This can be observed by detecting the age limit at which the filter
stops dropping packet oscillating between lifetime/6 and lifetime/6 + 1
for lifetimes which are multiple of 6.
This patch fixes the flakyness by freezing the flow of time in tests so
that the expected filter age threshold is consistent and stable.
Test: no failure observed in 1000 runs.
Bug: 32561414
Change-Id: I5251d047039f34b82ce8a5d20ae46563e1e0cce8
Test: as follows
- built
- flashed
- booted
- runtest frameworks-wifi passes (though no test covers this code yet)
Bug: 34210527
Change-Id: I2d44445982dfb3221f7b6394daf0479c1fa8a6e1
During IpManager startup, anything sending messages to the state machine
must not begin doing so until after the state machine has been started.
Reorder the constructor accordingly.
During shutdown, AvoidBadWifiTracker needs to unregister the registered
BroadcastReceiver and might as well also unregister the ContentObserver.
Test: backport from internal
Bug: 33388922
Change-Id: I58e07f7ccddaab160c153bcfb69fd45f50bb8710
Per https://tools.ietf.org/html/rfc7844#section-3.7
When using the anonymity profile, DHCP clients SHOULD NOT send the
Host Name option.
Once the net.hostname property is removed and ensured unset via CTS
this option will no longer be sent.
Test: as follows
- build, flashed
- connected to v4-only and dualstack networks, verified v4 works
- android.net.dhcp.DhcpPacketTest passes
- setprop net.hostname "" and verified no hostname option
Bug: 30979015
Change-Id: Ieab3f04ea38e176d9147bb788742a5397762c2e4
Test: new unit test + $ runtest franeworks-net
Bug: 32833400
(cherry picked from commit f98182ef5e80ede5de7f2c2a5f40fc92a46c9704)
Change-Id: Ifaf6e778c811c7d865c790a293b1fce3f43cad1c
This patch replaces System.currentTimeMillis() with
SystemClock.elapsedRealTime() to make RA lifetime computation more
resilient to various external events inducing jumps in
currentTimeMillis().
Test: ApfTest passes.
(cherry picked from commit 305af8e98a4fce712c1a93daf3b050dac2e8b91a)
Change-Id: If19011fc0c905948f2e42b975cfcc5f8672a95fb
This patch removes the synchronization around the private variable
mRunning inside of IpReachabilityMonitor and instead qualifeis the field
as volatile.
Synchronization is not needed for reads/writes on native fields or
object references because they are already guaranteed to be atomic.
Synchronization here was used for enforcing memory visibility across
concurrent threads indirectly through monitor acquire/release.
The volatile keyword achieves this in a more explicit way.
Also, this patch changes the way that probeAll() copies the
IpReachabilityMonitor's mIpWatchList by temporary holding mIpWatchList
keys into an ArrayList instead of a more expensive HashSet. Since Java
HashSet are just degenerated HashMaps, and that key iteration order is
based on key hash, the iteration order over this temporary collection
will be consistent for the same mIpWatchList.
Test: refactoring CL. Existing unit tests still pass.
(cherry picked from commit b0f1186c034c4df9eb54ed29944d16ce6d7ade56)
Change-Id: I48d2b4d837a459150cd431b400ec01b87b48c014
This patch adds a getUint8 getter for ByteBuffers and changes ApfFilter
to make uses of getUint8/16/32 everywhere.
The return types of getUint16 is also changed from long to int, which
will expand gracefully to long as an unsigned int as it is guaranteed to
be positive after getUint16.
Test: ApfTest passes
(cherry picked from commit 995dd94673005b43d32456e2de5fda0090b23576)
Change-Id: I606ebc5aedfcacde400d27cc6bc37145769b122c
If construction of a new IpReachabilityMonitor throws an IAE then
log it and immediately call onProvisioningFailure().
Test: runtest frameworks-wifi
passes, except for selectQualifiedNetworkDoesNotChooseDeletedEphemeral()
which fails with an NPE for unrelated reasons.
Bug: 31038971
Bug: 31742703
Change-Id: Ie91b8bdd509d06ad54d062bf446e74c092eb096c
(cherry picked from commit e4526604664cb66ecdcbeca4d8f64e8c94750c31)
This patch adds an explicit check in the DHCP packet parser for
rejecting packets without a magic cookie, instead of relying on the
top-level try-catch-all in the parser.
This allows to add to DHCP error metrics this specific error.
It also allows to add two poor man's fuzzing tests that tries to find
additional gaps in the DHCP packet parser by
- trying to parse all subslices of a valid offer packet.
- trying to parse random byte arrays.
Test: covered by previously introduced malformed DHCP packet unit tests
+ additional fuzzing tests.
Bug: 31850211
Change-Id: If53c9ba9df78d7604ec018c9d67c237ae59c4833
This patch adds a try catch all to DHCP packet parsing so that
DhcpClient does not choke on malformed packets, brinding down with it
the whole framework.
Test: added new unit tests catching the issue fixed in this patch.
Bug: 31850211
Change-Id: I3c50a149fed6b2cbc4f40bb4f0e5bb2b56859b44
Additionally, add this utility class to IpManager for compatibility
verification. A follow-on CL will make use of IpManager's local
AvoidBadWifiTracker.
Bug: 31827713
Change-Id: If8c56c3f8076d6a5157ea180e361bbdadc2bc1dd
When IPv4 is provisioned on an interface with Apf capabilities,
ApfFilter will only keep track of the raw ipv4 address, with no
information about the subnet or prefix length.
This patch adds the missing prefix length information to ApfFilter. This
allows to calculate the subnet broadcast ipv4 address for more
precise ipv4 broadcast filtering when the multicast lock is not held.
Bug: 30231088
Change-Id: Iebaec040703647c4ced30bb585be173e97a1fae5
This patch refines the Apf IPv4 filter for interfaces with Apf
capabilities to drop packets when:
- the multicast lock is not held
- the packet is an IPv4 packet
- the packet is not a DHCP packet addressed to us
- the packet is L2 broadcast, or IPv4 multicast, or IPv4 broadcast
- caveat: subnet broadcast address is not checked.
This allows to drop IPv4 broadcast packets whose MAC destination
address is not the L2 broadcast address but the current address of the
interface. Such packets can be received on network that rewrite L2
addresses and can put significant pressure on battery by waking up the
phone unnecessarily.
Bug: 30231088
Change-Id: I8b1785fc5ceadaa1f2881765983e502135dcbc46
This patch improves the test coverage of ApfFilter for IPv4 broadcast and
multicast traffic.
Bug: 30231088
Change-Id: I2e1d5d5a7cbae17f3d5978a4cf5f10666b5c6104
[ IPv6TetheringCoordinator ]
- Send CMD_IPV6_TETHER_UPDATE to all TetherInterfaceStateMachines.
This results in some spurious noop messages, but currently
the coordinator does not maintain state about which downstream interaces
are serving IPv6 and which are not. Until it does maintain such state
it does not know to notify only the affected interfaces about a loss of
IPv6 upstream
[ IPv6TetheringInterfaceServices ]
- De-dup incoming IPv6-only LinkProperties to avoid spurious updates
to the RA daemon.
- Keep track of new prefixes/dns and newly deprecated prefixes/dns
on each update.
- Set and remove local_network routes based on new and newly
deprecated prefixes.
- Set and remove local DNS server IP addresses based on new
and newly deprecated DNS servers. Update dnsmasq via netd
accordingly.
- Pass newly deprecated and new information to the RA daemon.
[ RouterAdvertisementDaemon ]
- Receive newly deprecated prefixes/DNS and update local tracking
data structures accordingly.
- Properly send urgent final deprecation RAs, and then cease all
transmissions.
Bug: 30298058
Change-Id: Idc821603fa93bff1a821d1180d4135bc70e4a08d
Split StartedState into StartedState and RunningState, and ensure
known good state before proceeding from the former to the latter.
Bug: 30290336
Change-Id: I0a93f8fe53c65a0b90c28c3cf708792146a92aab
There is a chance a packet can slip by before we install the filter
on our socket listening for RAs, so add some basic sanity checking
to make sure we've recieved an RA.
Change-Id: I14cf84a0814896a41e00f50af376dfc4988d36cb
Fixes: 29586253
This patch adds APF filtering of ARP replies for interfaces with APF.
- when the interface has no IPv4 address, broadcast ARP replies with a
0.0.0.0 target ip are dropped (GARP), ARP requests with a 0.0.0.0
target ip are dropped.
- when the interface has an IPv4 address, broadcast ARP replies to a
different ip are dropped (including GARPs to 0.0.0.0), ARP requests to
a different ip are dropped.
Bug: 29404209
Bug: 30080487
Change-Id: I82613eb865c7f38b6260997fe2caf2aff382ad78
This patch adds in IpReachabilityMonitor a timestamp variable set
everytime that probeAll() send NUD probe requests to RTNETLINK.
This allows to distinguish between:
1) NUD_FAILED events resulting from such a forced NUD probe
2) "organic" NUD_FAILED notifications from the kernel
This distinction is added to IpReachabilityEvent as a one-bit flag.
This patch also changes the formatting of ApfProgramEvent flags to use
'|' as a joining character, similarly to other flags formatting.
Bug: 21859053
Change-Id: I24c64a3f17fa283eace5bd0a05c21a90a2305359
This patch adds lifetime durations of DhcpClient states to
DhcpClientEvents.
To record the duration of a state, the event is now recorded when the
DhcpClient state machine exits that state.
In addition this patch removes event logging of StoppedState,
DhcpState and DhcpHaveLeaseState.
Change-Id: Ibd37b5e3070f35113b6b45942b1e1ff19c27a90b
