7d21eaedade0e01bed665dd2e4ba15e0c217237c |
|
02-Sep-2016 |
Hugo Benichi <hugobenichi@google.com> |
ApfFilter: take into account IPv4 subnet prefix When IPv4 is provisioned on an interface with Apf capabilities, ApfFilter will only keep track of the raw ipv4 address, with no information about the subnet or prefix length. This patch adds the missing prefix length information to ApfFilter. This allows to calculate the subnet broadcast ipv4 address for more precise ipv4 broadcast filtering when the multicast lock is not held. Bug: 30231088 Change-Id: Iebaec040703647c4ced30bb585be173e97a1fae5
/frameworks/base/services/net/java/android/net/apf/ApfFilter.java
|
0dc1d314709d579ccdc3fc59a5f66557f6cd319d |
|
01-Sep-2016 |
Hugo Benichi <hugobenichi@google.com> |
ApfFilter: more precise IPv4 broadcast filter This patch refines the Apf IPv4 filter for interfaces with Apf capabilities to drop packets when: - the multicast lock is not held - the packet is an IPv4 packet - the packet is not a DHCP packet addressed to us - the packet is L2 broadcast, or IPv4 multicast, or IPv4 broadcast - caveat: subnet broadcast address is not checked. This allows to drop IPv4 broadcast packets whose MAC destination address is not the L2 broadcast address but the current address of the interface. Such packets can be received on network that rewrite L2 addresses and can put significant pressure on battery by waking up the phone unnecessarily. Bug: 30231088 Change-Id: I8b1785fc5ceadaa1f2881765983e502135dcbc46
/frameworks/base/services/net/java/android/net/apf/ApfFilter.java
|
961ca49fd67b39d8076ea49d12d2fda73f581399 |
|
02-Sep-2016 |
Hugo Benichi <hugobenichi@google.com> |
Better IPv4 multicast coverage in ApfTest This patch improves the test coverage of ApfFilter for IPv4 broadcast and multicast traffic. Bug: 30231088 Change-Id: I2e1d5d5a7cbae17f3d5978a4cf5f10666b5c6104
/frameworks/base/services/net/java/android/net/apf/ApfFilter.java
|
4b545b04f6533b5e0377f2d2dec219ad816e47ed |
|
20-Jul-2016 |
Paul Jensen <pauljensen@google.com> |
Sanity check ICMP6 router advertisement packets There is a chance a packet can slip by before we install the filter on our socket listening for RAs, so add some basic sanity checking to make sure we've recieved an RA. Change-Id: I14cf84a0814896a41e00f50af376dfc4988d36cb Fixes: 29586253
/frameworks/base/services/net/java/android/net/apf/ApfFilter.java
|
38db976514ff2ad12d207a927219762eab179882 |
|
12-Jul-2016 |
Hugo Benichi <hugobenichi@google.com> |
APF: filter unwanted ARP replies This patch adds APF filtering of ARP replies for interfaces with APF. - when the interface has no IPv4 address, broadcast ARP replies with a 0.0.0.0 target ip are dropped (GARP), ARP requests with a 0.0.0.0 target ip are dropped. - when the interface has an IPv4 address, broadcast ARP replies to a different ip are dropped (including GARPs to 0.0.0.0), ARP requests to a different ip are dropped. Bug: 29404209 Bug: 30080487 Change-Id: I82613eb865c7f38b6260997fe2caf2aff382ad78
/frameworks/base/services/net/java/android/net/apf/ApfFilter.java
|
6ccd51a338fed39217cb3a5c0f229ed547918634 |
|
04-Jul-2016 |
Hugo Benichi <hugobenichi@google.com> |
IpConn metrics: correctly read RA lifetimes This patch - adds a Builder class for RaEvent. - uses this Builder class for correctly recording the minimum lifetime seen for every ICMP6 options tracked, instead of recording the last lifetime seen. - adds unit test coverage for RaEvent logging. Change-Id: I6443932f5cf7a613a5c695c65a60eab01e60602a
/frameworks/base/services/net/java/android/net/apf/ApfFilter.java
|
cfbf7414a14cf91d1b5c83154aab54c32d6be76a |
|
23-Jun-2016 |
Hugo Benichi <hugobenichi@google.com> |
Record events for RA option lifetimes This patch defines a new android.net.metrics.RaEvent class carrying lifetime values contained in RA packets. RaEvent are recorded when ApfFilter processes a new RA for which there is no match. Example: ConnectivityMetricsEvent(15:39:39.808, 0, 0): RaEvent(lifetimes: router=3600s, prefix_valid=2592000s, prefix_preferred=604800s, route_info=-1s, dnssl=-1s, rdnss=3600s) Change-Id: Ia28652e03ed442d5f2a686ef5b3fafbcb77c503a
/frameworks/base/services/net/java/android/net/apf/ApfFilter.java
|
647c86d70a0f2162dcc95854e9dccb925c16ecf3 |
|
07-Jun-2016 |
Hugo Benichi <hugobenichi@google.com> |
Log RA listening statistics This patch adds a new ApfStats event class that counts RA packet reception statistics on the RA listener thread of ApfFilter and reports the maximum program size advertised by hardware. Statistics are gathered for the lifetime of a network with APF capabilities and uploaded at network teardown when the listener thread exits. Example event: ConnectivityMetricsEvent(15:44:23.741, 0, 0): ApfStats(284945ms 2048B RA: 2 received, 0 matching, 0 ignored, 0 expired, 0 parse errors, 2 program updates) Bug: 28204408 Change-Id: Id2eaafdca97f61152a4b66d06061c971bc0aba4c
/frameworks/base/services/net/java/android/net/apf/ApfFilter.java
|
4fc3ee5be223122792ebc0ee8a05c93d93e26a52 |
|
02-Jun-2016 |
Hugo Benichi <hugobenichi@google.com> |
Log events at APF program generation Example: ConnectivityMetricsEvent(15:24:52.018, 0, 0): ApfProgramEvent(0/0 RAs 121B forever FLAG_MULTICAST_FILTER_ON) ConnectivityMetricsEvent(15:24:53.036, 0, 0): ApfProgramEvent(1/1 RAs 334B 600s) ConnectivityMetricsEvent(15:24:53.590, 0, 0): ApfProgramEvent(1/1 RAs 360B 600s FLAG_MULTICAST_FILTER_ON, FLAG_HAS_IPV4_ADDRESS) ConnectivityMetricsEvent(15:24:58.157, 0, 0): ApfProgramEvent(1/1 RAs 294B 599s FLAG_HAS_IPV4_ADDRESS) Bug: 28204408 Change-Id: I9c4c82861cf42eb2c7e7bf5471f05e8ff2fc560c
/frameworks/base/services/net/java/android/net/apf/ApfFilter.java
|
8995d85b9432387520c9f04a69251536754b996b |
|
23-Jun-2016 |
Lorenzo Colitti <lorenzo@google.com> |
Don't loop forever on 0-length options. A malformed RA could cause the Ra constructor in ApfFilter to enter an infinite loop while holding the class lock. This blocks IpManager until reboot and drains the battery. Bug: 29586253 Change-Id: Idaa46b3bc50371db076630881883807c2fa21674
/frameworks/base/services/net/java/android/net/apf/ApfFilter.java
|
f8a01e84317fcb9d27a294e95603b846143c7fcb |
|
26-May-2016 |
Paul Jensen <pauljensen@google.com> |
Don't drop IPv4 broadcast packets when WiFi multicast lock is held IPv4 broadcast packets can be very common (e.g. every 2s) so they need to be dropped in the general case. They also may be critical for certain discovery protocols, so allow them through with APF when the WiFi multicast lock is held. Bug: 26238573 Change-Id: I03e09a2b9c779da5da775e78b95e9e0339720eaf
/frameworks/base/services/net/java/android/net/apf/ApfFilter.java
|
11e13e2175674389ed18c2b1e1af69c5ad931e8f |
|
19-May-2016 |
Lorenzo Colitti <lorenzo@google.com> |
Support IPv6 multicast filtering in APF. For now this just drops all non-ICMPv6 packets to ff00::/8 when mMulticastFilter is true. Multicast ICMPv6 is already mostly dealt with by other filters - the L2 multicast filter, the RA filter, the multicast NA filter, and ND offload. Bug: 28393601 Change-Id: Ia7b0d4f00fac6710093befe6a726b46677a5f20b
/frameworks/base/services/net/java/android/net/apf/ApfFilter.java
|
90ba8cf3799fa60138d212e092cc7f0a5e79374f |
|
13-May-2016 |
Paul Jensen <pauljensen@google.com> |
Merge "Use APF program to drop non-IP non-ARP broadcasts" into nyc-dev
|
9132f34976f16a626c2ec1d3d90624d71e054346 |
|
13-Apr-2016 |
Paul Jensen <pauljensen@google.com> |
ApfFilter unit test Bug: 26238573 Change-Id: I5171038228782bd54e91f5bcc663cc529d2c1150
/frameworks/base/services/net/java/android/net/apf/ApfFilter.java
|
dd7bee87725795d0d71c5f6a309dda78df957d8a |
|
06-May-2016 |
Paul Jensen <pauljensen@google.com> |
Use APF program to drop non-IP non-ARP broadcasts This used to be done by some WiFi firmwares but should now be done by APF for consistency across the board. Bug: 28304368 Change-Id: Ic75f408affc1f56e1ecf4d347d0c287aa72250bf
/frameworks/base/services/net/java/android/net/apf/ApfFilter.java
|
91723d7f7ecc07e9bfa84c445213acf1dec0664f |
|
14-Apr-2016 |
Paul Jensen <pauljensen@google.com> |
Avoid APF JNEBS instruction with R1 as it doesn't work APF version 2 and prior versions fail to execute JNEBS with R1 argument. The APF interpreter tries to use R1's value as the number of bytes to compare, as well as the offset within the packet to compare at. This change makes ApfFilter avoid using this and makes the APF generator throw if this is used. This was limiting the IPv4 filter, causing it to only drop multicast (when multicast filtering was enabled), rather than a wider range of broadcast packets. Bug: 28206777 Change-Id: I8d116e024e8bd641b21053c6b1defc734d744467
/frameworks/base/services/net/java/android/net/apf/ApfFilter.java
|
059e2bb376418aeb16551866c384dd1be032db62 |
|
08-Apr-2016 |
Lorenzo Colitti <lorenzo@google.com> |
More APF debuggability. 1. Decode RDNSS options. 2. Keep track of how many times the program was updated. 3. Remove the leading / from the IPv4 address. Change-Id: Ida0518a94ea7d952c82c8181b09044eff907b714
/frameworks/base/services/net/java/android/net/apf/ApfFilter.java
|
cd404a2fc34a967f0763fb3b6b43f56a5d8014e8 |
|
05-Apr-2016 |
Lorenzo Colitti <lorenzo@google.com> |
Merge "Add APF code to drop ARP IPv4 requests not for us" into nyc-dev
|
a8458c0363851c7324a8e64efe9f73d0bb6ef0b4 |
|
25-Mar-2016 |
Paul Jensen <pauljensen@google.com> |
Add APF code to drop ARP IPv4 requests not for us The WiFi chipset's ARP offload may handle this when the AP is asleep, but when the AP is awake and the chipset is in wake-on-wifi mode use APF to filter these packets. Bug: 27477163 Change-Id: I180c08bd7301a1af9c3f728ff3cba06ca4e1022d
/frameworks/base/services/net/java/android/net/apf/ApfFilter.java
|
10d70bff61af5b9c88ce2a3124b2ffbc3a3424fb |
|
05-Apr-2016 |
Paul Jensen <pauljensen@google.com> |
Merge "Fix potential ApfFilter bugs by careful ByteBuffer use" into nyc-dev
|
2e074db972355a77f91378b5b1daceb500dde019 |
|
25-Mar-2016 |
Paul Jensen <pauljensen@google.com> |
Plumb WiFi multicast filter through to ApfFilter Use APF to implement WifiManager.MulticastLock, if APF isn't available fallback to the present behavior of using DRIVER RXFILTER. Since we don't know whether APF is supported until we're connected, postpone enabling/disabling the multicast filter until then; this should be fine as there isn't much need to filter packets if there aren't any packets going by since we're not connected. Bug: 26238573 Change-Id: I862c053f1c8c3a41de50c2951cf14b3ca6923a2a
/frameworks/base/services/net/java/android/net/apf/ApfFilter.java
|
1c71cb3e728c5f7b3bc76daf581e108ed5c0fa3c |
|
25-Mar-2016 |
Paul Jensen <pauljensen@google.com> |
Fix potential ApfFilter bugs by careful ByteBuffer use Avoid adjusting ApfFilter.Ra.mPacket's postion() and limit() in matches(). This avoids potential bugs in other parts of the code that previously relied on limit() being reset. Also for good measure change some limit() calls to capacity() as it's more final. Change-Id: I466e87ce6838f68654b24f2c9543a6cd547d3f87
/frameworks/base/services/net/java/android/net/apf/ApfFilter.java
|
f21b4dc1d6e9cc3fc164828e9eba33445c0801d0 |
|
18-Mar-2016 |
Paul Jensen <pauljensen@google.com> |
Move ApfFilter from ConnectivityService to IpManager There's a few advantages to having ApfFilter in IpManager: 1. If things go wrong, crashing a particular transport is less bad then crashing ConnectivityService. We also don't want to use ConnectivityService as a dumping ground for transport-specific logic. 2. This makes implementing WifiManager.MulticastLock a lot simpler and safer because enabling/disabling it doesn't have to go through the NetworkAgent, which could risk various races (e.g. installing a filter into the wrong WiFi network). 3. IpManager is the ultimate source for LinkProperties for a particular transport and since ApfFilter uses the LinkProperties it's better to have it closely paired with the IpManager. Likewise, ApfFilter needs to know the APF capabilities of the transport, so having it in the transport avoids having to parcel this information through the NetworkAgent. Bug: 26238573 Change-Id: I99b85f2b64972f0e7572170ec5d1926081aa3429
/frameworks/base/services/net/java/android/net/apf/ApfFilter.java
|