| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
| |
Some of this code comes from clatd and will be deleted from there
once this topic is merged.
Bug: 65674744
Test: builds, boots
Test: system/netd/tests/runtests.sh
Change-Id: Ifa30652a853401a401d0b74d259d4d27d322e758
|
| |
|
|
|
|
|
|
|
|
|
| |
We have used function pointer to report the event to the binder
netd_listener for a while. Now make it talk to the binder service
directly.
Test: built, flashed, booted
system/netd/tests/runtests.sh passed
settings UI showed correct private DNS status
Change-Id: I20580efebb3113dfd87e8c368ac383ad85e009af
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- register the log callback generated from AIDL
- remove previous gLog methods
The log sample captured from "adb shell dumpsys netd" shown as below:
'''
02-11 20:00:24.516 isAlive() -> (true) <0ms>
02-11 20:00:24.527 firewallReplaceUidChain(fw_standby, false) -> (true) <0ms>
02-11 20:00:40.256 setResolverConfiguration(100, 64, 2001:4860:4860::8888, null) <0ms>
02-11 20:00:40.285 networkAddRoute(2401:fa00:4:fd00::/64, wlan0, 100, null) <0ms>
'''
Test: system/netd/tests/runtests.sh
Change-Id: Ic10f8cfd8b15b739a4af4eb9f5b6ed9c5e3a201e
|
| |
|
|
|
|
|
|
|
|
|
| |
The signature permission held by the NetworkStack is equivalent to all
of CONNECTIVITY_INTERNAL, NETWORK_STACK, USE_RESTRICTED_NETWORKS and
NETWORK_BYPASS_PRIVATE_DNS.
Test: Boots, WiFi working with NetworkStack not having platform
signature perms
Change-Id: Ibd2be7eae9bbe851467be9be12177ca685a1bf23
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Instead of return boolean, bpf support check now returns a integer
represent the current bpf level on device. This level is used to decide
if the device support some advanced bpf feature such as map_in_map and
bpf cgroup socket filter. Delete the binder call for bpf status check
since no one is using it.
Bug: 111441138
Test: libnetdbpf_test, netd_integration_test
Change-Id: Ib70c07647ffe491d493b4582b4b4b0eba7caf3a9
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change comprises:
1. replace pthread_mutex with std::mutex to realize RAII.
2. have a single condition variable to prevent race condition between
threads.
3. add 'predicate' to avoid spurious awakenings.
4. add a parameter in GetResolverInfo API which enabling test cases to
know if timeout happened among concurrent DNS queries. Also, dump it in
bugreport.
5. verify if test case GetAddrInfoV6_concurrent,
GetAddrInfoStressTest_Binder_100 and
GetAddrInfoStressTest_Binder_100000 pass because of timeout on
concurrent DNS queries.
Bug: 120794954
Test: runtests.sh pass
Test: run ResolverTest.GetAddrInfoV6_concurrent 100 times
Test: run ResolverTest.GetAddrInfoStressTest_Binder_100 100 times
Test: run ResolverTest.GetAddrInfoStressTest_Binder_100000 100 times
The test script:
----------------------------
for i in $(seq 1 100)
do
adb shell resolv_integration_test --gtest_filter=ResolverTest.GetAddrInfoV6_concurrent
adb shell resolv_integration_test --gtest_filter=ResolverTest.GetAddrInfoStressTest_Binder_100
adb shell resolv_integration_test --gtest_filter=ResolverTest.GetAddrInfoStressTest_Binder_100000
done
exit 0
Change-Id: I4bdc394ba7ded7a6b7239f2d35b559a4262cb7b9
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Memory leaks in resolver cache when network is being destroyed.
We clear DNS servers before deleting the cache to make sure the
cache will not be created again.
Bug: 122940321
Test: built, flashed, booted
system/netd/tests/runtests.sh passed
Change-Id: I6aacc13ade3ce020b906f8a8a0f870f0741a5a47
|
| |
|
|
|
|
|
|
|
| |
Rather than store the listener in a map keyed by the pid of thecaller,
we simply store them in a set keyed by the unique address of the binder
interface itself.
Test: system/netd/tests/runtests.sh
Change-Id: I811ff356653334df9fb4afa8501cd9375f1bdd68
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In newer kernels, we can use cgroup socket filter to control inet socket
creation at run time instead of paranoid network kernel check. To
achieve that, we need to get the permission information from system
server when device boots or new packages are installed. This patch
provides a binder interface to do that and stores the information in a
bpf map. It also records the uids that have permission
UPDATE_DEVICE_STATS so netd no longer needs to query that from the
system server.
Bug: 111560570
Bug: 111560739
Test: netd_unit_test, netd_integration_test
Change-Id: I0c5919d85136feec44c4406ee0bd0028b131b942
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Use another buffer to log unsolicited event.
Test: built, flashed, booted
Test: 1. manual test datacall/wifi work
2. manual test tethering work
3. run cts StrictModeTest pass
4. manual test data alert work
5. manual idletimer work
Change-Id: I1e4ed360b0c9d60c14bc7f0ffdf578fc557d3643
|
| |
|
|
|
|
|
|
|
|
| |
Reporting level was used only by microbenchmarks, but CI go/apct-net
doesn't show a significant timing difference between test runs with and
without reporting enabled.
Test: atest resolv_integration_test
Test: m netd_benchmark && adb sync data && adb shell /data/benchmarktest64/netd_benchmark/netd_benchmark
Change-Id: I0db0522e1cf229649c2516973d8942549ccd5476
|
| |
|
|
|
|
|
|
| |
Change permission from CONNECTIVITY_INTERNAL to NETWORK_STACK
Test: runtests.sh pass
Test: connect vpn, browse website pass
Change-Id: I9a7d08e08593dda64e901a369bc6431c977f4904
|
| |
|
|
|
|
|
|
|
|
| |
getHasDns() and VirtualNetwork.mHasDns are no more useful after commit
aops/658122.
Bug: 116539103
Test: system/netd/tests/runtests.sh pass
Change-Id: Ica04984a954a9e89a5eb38a9b262775d686f8ed4
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Synthesize DNS64 prefix with IPv4 dns query result in the following
conditions:
1. If specify address family to IPv6 and no IPv6 addresses result is
obtained, then if IPv4 addresses result could be obtained
2. If address family is unspecified and query results are all IPv4
addresses
Test: built, flashed, booted
system/netd/tests/runtests.sh passes
Bug: 78545619
Change-Id: Ia7c5963c054772f8c95b95849282e9d9d5761515
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The system server is controlling the tcp buffer now by writing to
/sys/kernel/ipv4/tcp_{rmem,wmem}_{min,def,max}. Those files are
basically the same as /proc/sys/net/ipv4/tcp_{rmem,wmem} except those
latter ones contain all three values in one file. Netd can directly write
to those files instead of depending on the android specific implementation.
Test: netd_integration_test
Bug: 118572798
Change-Id: I588b48be29ecf61fd5bbf94f97f63738be4eae25
|
| |
|
|
|
|
|
|
|
|
|
| |
Stable aidl won't support FileDescriptor but ParcelFileDescriptor.
In order to migrate to stable aidl, replace all FileDescriptor in
INdetd.aidl.
Test: built, flashed, booted
system/netd/tests/runtests.sh passes
Change-Id: I331626346959f127b4c1cb2ece33db37cb8dc550
|
| |
|
|
|
|
|
|
|
|
|
| |
Add the test coverage for resolver stats. Also check and prune the
parameters in setResolverConfiguration() if they exceed the maximum
number predefined in params.h, and delete commented code.
Bug: 119694273
Test: system/netd/tests/runtests.sh passed
Change-Id: I265a2f03edd4fbc6df97270a782be5e639dfc5f8
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds fallback logic, checking for XFRM-I kernel support, and
switching to use XFRM-I if supported. Fallbacks to VTIs are provided for
backward compatibility with 4.4 kernels. Parameters for VTI versus
XFRM-I are selected based on the kernel support for XFRM interfaces.
This is part of a patch set to enable XFRM-I support, with automatic
fallbacks to VTI in XfrmController (3/3)
Bug: 77856928
Test: Binder tests updated, passing. CTS & unit tests also passing
Change-Id: Idf90adeec0d499fe4d566e4203f0eabb2b94fffa
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This patch adds support for creating and managing XFRM interfaces,
adding xfrm_if_id parameters to all relevant netlink calls.
This is part of a patch set to enable XFRM-I support, with automatic
fallbacks to VTI in XfrmController (2/3)
Bug: 77856928
Test: Xfrm, Binder tests updated, passing
Change-Id: I09869e6a0000384c9c4d0aef1de4d5434c33374a
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change adds logic to create XFRM interfaces.
AddVirtualTunnelInterface and RemoveVirtualTunnelInterface also have
been renamed to the more standard ipSec* naming scheme, as well as
returning a Status instead of integers as part of extracting common
code.
This patch should change no functionality.
This is part of a patch set to enable XFRM-I support, with automatic
fallbacks to VTI in XfrmController (1/3)
Bug: 77856928
Test: Binder, unit tests passing on devices with, and without XFRM-I
Change-Id: I403b01f7817715117faa270277db67ba40bbf6dd
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We need this to ensure that the tethering IPCs don't need to grab the
lock in two different controllers
The idea is that always having a global_alert rule in bw_global_alert
chain.
TetherController will enable/disable the reference of bw_global_alert
chain.
[childchain order of filter FORWARD chain]
Chain FORWARD
nm_mdmprxy_iface_pkt_fwder
oem_fwd
fw_FORWARD
bw_FORWARD
tetherctrl_FORWARD
--Simple rule comparison--
[Before]
Chain bw_FORWARD
Alert rule
... other rules
Chain tetherctrl_FORWARD
... other rules
[After]
Chain bw_FORWARD
No Alert rule
... other rules
Chain tetherctrl_FORWARD
Jump to bw_global_alert
... other rules
Chain bw_global_alert
Alert rule
The exact rule comparison is shown in the bug.
Bug:119735985
Test: built, flashed, booted
system/netd/tests/runtests.sh passes
Change-Id: Ibf752d0c8de9170689fc74c89c0424d2642853ec
|
| |
|
|
|
|
|
| |
Test: built, flashed, booted
system/netd/tests/runtests.sh passes
Change-Id: I14e80377bc1b7c08993c3cf8fbf2b6fd0f99f4ba
|
| |
|
|
|
|
|
| |
Test: built, flashed, booted
system/netd/tests/runtests.sh passes
Change-Id: Ief3b2a0a55b74db0a794f3f9ca58298a2fcb57dd
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
libnetddns is the library for DNS-over-TLS and is statically
linked to netd. Deprecate it and move them to libnetd_resolv
as a more general DNS library for netd.
This change comprises:
[1] Clean up netd/server/dns/*. Move all DnsTls* files to
netd/resolv/ to parts of libnetd_resolv library.
[2] Export DnsTls* classes being visible for netd. It will only
be temporary for a while.
[3] Remove the libssl dependency in netd. The relevant stuff is
moved to libnetd_resolv.
Note that DnsTls* classes are still required for DnsProxyListener
and ResolverController to manipulate private DNS servers even after
this change.
Bug: 113628807
Test: as follows
- built, flashed, booted
- system/netd/tests/runtests.sh
- DNS-over-TLS in live network passed
Change-Id: Ieac5889b4ebe737f876b3dcbe1a8da2b2b1b629d
|
| |
|
|
|
|
|
|
|
| |
Use stable aidl generated structure instead of UidRange
Test: built, flashed, booted
system/netd/tests/runtests.sh passes
Change-Id: I136afcff167eac7d3c4774b9e60f607e086488bf
|
| |
|
|
|
|
|
| |
Test: built, flashed, booted
system/netd/tests/runtests.sh passes
Change-Id: I0fcf6ac4e5d96cbf63d6752bee7202cdef940e82
|
| |
|
|
|
|
|
|
|
| |
Turns out asBinderStatus() is presently used only in NetdNativeService,
so we can just move it there. This lets us drop the dependency on
libbinder.
Test: atest libnetdutils netd_unit_test
Change-Id: If24a14b881326ec74880ea411973d0acc6ef5ff1
|
| |
|
|
|
|
|
|
|
|
| |
Additionally rename functions and structs to eliminate those ugly
underscores from the public API (with the notable exception of
__res_params, which will come in its own separate change to keep this
one from growing too large).
Test: build, flash, then 'atest netd_integration_test'
Change-Id: I7e9b0ee6cdbec889e9c35b5a17b5daa65533686e
|
| |
|
|
|
|
|
| |
Test: built, flashed, booted
system/netd/tests/runtests.sh passes
Change-Id: I14160f81050c2782301d27e622461e66b10fd070
|
| |
|
|
|
|
|
|
|
| |
Use stable aidl structure instead of persistbundle
Test: built, flashed, booted
system/netd/tests/runtests.sh passes
Change-Id: Id48cea4da4f9f4406ceb3d2281a5cfaaea8ce24f
|
| |
|
|
|
|
| |
Test: built, flashed, booted
Change-Id: Ib921da8369bdfb5bc2dad6d597b9e7e6d5798c1d
|
| |
|
|
|
|
|
| |
Test: built, flashed, booted
system/netd/tests/runtests.sh passes
Change-Id: I5f0888f6e44d383bc52af01888d095e62a670d70
|
| |
|
|
|
|
|
| |
Test: built, flashed, booted
system/netd/tests/runtests.sh passes
Change-Id: I7db81136dfaa581d4257a05aad64059dc0cd7976
|
| |
|
|
|
|
|
|
|
|
| |
Also: a few "tidy-inspired" changes.
Test: as follows
- built, flashed, booted
- system/netd/tests/runtest.sh passes
Bug: 32163131
Change-Id: Icaa164af3c3d0d03af1ec083dfcbe856ac51529f
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This patch allows Security Policy selectors and templates to have
different address families, allowing for wildcard selectors, but
specified templates. This is required for IPsec tunnel mode to work
properly, as selectors match inner addresses (and thus must be dual
IPv4/IPv6), while templates match outer addresses.
Bug: 79384676
Test: CTS tests passing, ip xfrm monitor shows correct results
Change-Id: I60214e17f50f91deb1ffdc71158131d237d1e642
|
| |
|
|
|
|
|
|
|
|
| |
Update tunnel mode addresses to more correctly reflect their usage.
These addresses are used for matching SAs, which should be denoted as
source/destination pairs instead of local or remote.
Bug: 79384676
Test: Tests passing (integration + unit tests)
Change-Id: I2bbc3bb5add11155d83475c61a9dcea7be26bf0b
|
| |
|
|
|
|
|
| |
Test: built, flashed, booted
system/netd/tests/runtests.sh passes
Change-Id: Ib166dcc85bb63fd5557fd0a22b666e1dadeaf90b
|
| |
|
|
|
|
|
| |
Test: built, flashed, booted
system/netd/tests/runtests.sh passes
Change-Id: Ia05bc3c9e7c9a2c5b3d59789aa829552f6961a2a
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| | |
Test: built, flashed, booted
system/netd/tests/runtests.sh passes
Change-Id: Ibff8b050915c65e44cd37bb835943b8582fc003a
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
No functional change, this is a cleanup.
With C++17, it's no longer necessary to specify the teplate argument
when it can be deduced from the types of constructor arguments. This
allows de-cluttering our locking statements.
To avoid typos, this patch was mechanically generated:
perl -p -i -e 's/std::lock_guard<std::mutex>/std::lock_guard/g' \
$(find . -name '*.cpp' -o -name '*.h')
Change-Id: Ibb15d9a6c5b1c861d81353e47d25474eb1d4c2df
|
| |
|
|
|
|
|
| |
Test: built, flashed, booted
system/netd/tests/runtests.sh passes
Change-Id: I10eec44acca8e4d5a7c8de64b89590e3cccda597
|
| |
|
|
|
|
|
|
| |
Fixes -Wzero-as-null-pointer-constant warning.
Test: m
Bug: 68236239
Change-Id: I226a0599db4f7c3557e55cade7869d00bd314949
|
| |
|
|
|
|
| |
Test: built, flashed, booted
system/netd/tests/runtests.sh passes
Change-Id: I42b52d815b6ba0ba6f93dc27e83a900d2abec715
|
| |
|
|
|
|
|
|
| |
Test: as follows
- built, flashed, booted
- "adb shell dumpsys netd" shows logs
- tests/runtests.sh passes
Change-Id: I0e44da7f9a9cc53074ffc396b958e9e2dbcd2603
|
| |
|
|
|
|
|
| |
Test: as follows
- built, flashed, booted
- adb shell dumpsys netd shows new output
Change-Id: Ib78dbdc982f5db747bff445db21b8408c9c407cc
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
-Add ipSecFlushState() which flushes the kernel's
SA DB and Policy DB.
-Add ipSecFlushInterfaces() which seeks and removes
any interfaces that have the prefix 'ipsec'
-Automatically call these functions when netd restarts
-Make XfrmController's methods static
-Add integration tests to verify flushing of policy
states, and interfaces
-Convert XfrmController functions to static for easier
test-ability
Bug: 74560705
Test: runtest ...netd_integration_test.cpp
Merged-In: Id60e7c29ff9aeee7f5ccd505b86c94cce858745f
Change-Id: Id60e7c29ff9aeee7f5ccd505b86c94cce858745f
(cherry picked from commit f5646cde551de44ba10b61c2d5cecb414847d454)
|
| |
|
|
|
|
| |
Bug: 78370064
Test: lunch aosp_walleye-userdebug && cd system/netd && mma
Change-Id: I495f7cdc3f2aab26947f10041fc559700367f2ea
|
| |
|
|
|
|
|
|
|
|
|
| |
Add a dumpsys helper function in trafficController to dump out the
information of the trafficController that is running on device. If
trafficController is running bpf programs, dump out all the program
location status and all the map content to dumpsys.
Test: dumpsys netd should trafficController information.
bug: 74411823
Change-Id: Ica83c11b6d1debb59f9c3a703d5b5cfc264844c4
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Note that as of this change we still only program bionic with one
set of servers (TLS if available, locally assigned otherwise). This
will be remedied in a future change.
Test: ./system/netd/tests/runtests.sh
Test: manual testing of opportunistic and strictm mode works
Bug: 34953048
Bug: 64133961
Bug: 72345192
Change-Id: I6a0ec6672ce88e61118b34ed03818bbf53158103
|
