22d9b2d430c9a4fe17b54811bb77289b821e32db |
|
22-Feb-2017 |
Hugo Benichi <hugobenichi@google.com> |
IP connectivity metrics: add new APF counters. This patch adds a few missing counters to APF events: - an actual lifetime duration to ApfProgramEvent. - counters for total number of updates to ApfStatistics. ApfProgramEvents are now recorded at program removal in order to populate the actual lifetime of the program. ApfProgramEvents whose actual lifetime was less than 1 second are filtered out. Finally, instance fields of ApfProgramEvent and ApfStats classes are made mutable to allow for simple record-like creation. This was not possible when these classes were tagged @SystemApi. Test: - manually verified output of $ dumpsys connmetrics list - unit tests updated. Bug: 34901696 Change-Id: I02694ebb9421ce1c2aa757fa6aa209d19a654dcd
/frameworks/base/services/net/java/android/net/apf/ApfFilter.java
|
4456f33a958a7f09e608399da83c4d12b2e7d191 |
|
19-Dec-2016 |
Hugo Benichi <hugobenichi@google.com> |
ApfTest: fix flaky testApfFilterRa. testApfFilterRa is failing with probabiliy 1/10 ~ 1/15 on the following assert: assertDrop(program, packet, lifetime/6), for lifetime values that are multiple of 6, where 6 is the hardcoded fraction of RA lifetime to filter in ApfFilter.java. When the lifetime is not a multiple of 6, the remainder of 1 to 5 seconds gives enough margin so that when the APF program is simulated the faked lifetime of the program is less than lifetime/6 away and the packet is dropped. However for lifetimes which are exact multiples of 6, this margin is always 0s and that result in nondeterminism in the result. This is consistent with the obervation that the only failed assert was for a lifetime of 300s, the only multiple of 6. This can be observed by detecting the age limit at which the filter stops dropping packet oscillating between lifetime/6 and lifetime/6 + 1 for lifetimes which are multiple of 6. This patch fixes the flakyness by freezing the flow of time in tests so that the expected filter age threshold is consistent and stable. Test: no failure observed in 1000 runs. Bug: 32561414 Change-Id: I5251d047039f34b82ce8a5d20ae46563e1e0cce8
/frameworks/base/services/net/java/android/net/apf/ApfFilter.java
|
02428988ad90a2bd294b9ce752c2fced5b649519 |
|
02-Dec-2016 |
Hugo Benichi <hugobenichi@google.com> |
DO NOT MERGE: APF: also drop any ICMPv6 RSs Test: new unit test + $ runtest franeworks-net Bug: 32833400 (cherry picked from commit f98182ef5e80ede5de7f2c2a5f40fc92a46c9704) Change-Id: Ifaf6e778c811c7d865c790a293b1fce3f43cad1c
/frameworks/base/services/net/java/android/net/apf/ApfFilter.java
|
dafc44ea11972b3152e67dc305a98d658f1465ba |
|
17-Oct-2016 |
Hugo Benichi <hugobenichi@google.com> |
DO NOT MERGE: ApfFilter: use elapsedRealTime for RA lifetime This patch replaces System.currentTimeMillis() with SystemClock.elapsedRealTime() to make RA lifetime computation more resilient to various external events inducing jumps in currentTimeMillis(). Test: ApfTest passes. (cherry picked from commit 305af8e98a4fce712c1a93daf3b050dac2e8b91a) Change-Id: If19011fc0c905948f2e42b975cfcc5f8672a95fb
/frameworks/base/services/net/java/android/net/apf/ApfFilter.java
|
4104ff922040540b73f79f0f89dab3ae42b50462 |
|
13-Oct-2016 |
Hugo Benichi <hugobenichi@google.com> |
DO NOT MERGE: ApfFilter: systematically use u8, u16, u32 getters This patch adds a getUint8 getter for ByteBuffers and changes ApfFilter to make uses of getUint8/16/32 everywhere. The return types of getUint16 is also changed from long to int, which will expand gracefully to long as an unsigned int as it is guaranteed to be positive after getUint16. Test: ApfTest passes (cherry picked from commit 995dd94673005b43d32456e2de5fda0090b23576) Change-Id: I606ebc5aedfcacde400d27cc6bc37145769b122c
/frameworks/base/services/net/java/android/net/apf/ApfFilter.java
|
0668a61d82a424fb3714b6222f0e4213c18fc7b1 |
|
06-Oct-2016 |
Hugo Benichi <hugobenichi@google.com> |
DO NOT MERGE: Add fuzzing tests to ApfFilter RA processing Test: added new unit tests (cherry picked from commit 8acea76a2b7555b3bd5ca1170cca9d09e979fafc) Change-Id: I847d7e4895766042043c0bba1c9b9a698a705d87
/frameworks/base/services/net/java/android/net/apf/ApfFilter.java
|
7d21eaedade0e01bed665dd2e4ba15e0c217237c |
|
02-Sep-2016 |
Hugo Benichi <hugobenichi@google.com> |
ApfFilter: take into account IPv4 subnet prefix When IPv4 is provisioned on an interface with Apf capabilities, ApfFilter will only keep track of the raw ipv4 address, with no information about the subnet or prefix length. This patch adds the missing prefix length information to ApfFilter. This allows to calculate the subnet broadcast ipv4 address for more precise ipv4 broadcast filtering when the multicast lock is not held. Bug: 30231088 Change-Id: Iebaec040703647c4ced30bb585be173e97a1fae5
/frameworks/base/services/net/java/android/net/apf/ApfFilter.java
|
0dc1d314709d579ccdc3fc59a5f66557f6cd319d |
|
01-Sep-2016 |
Hugo Benichi <hugobenichi@google.com> |
ApfFilter: more precise IPv4 broadcast filter This patch refines the Apf IPv4 filter for interfaces with Apf capabilities to drop packets when: - the multicast lock is not held - the packet is an IPv4 packet - the packet is not a DHCP packet addressed to us - the packet is L2 broadcast, or IPv4 multicast, or IPv4 broadcast - caveat: subnet broadcast address is not checked. This allows to drop IPv4 broadcast packets whose MAC destination address is not the L2 broadcast address but the current address of the interface. Such packets can be received on network that rewrite L2 addresses and can put significant pressure on battery by waking up the phone unnecessarily. Bug: 30231088 Change-Id: I8b1785fc5ceadaa1f2881765983e502135dcbc46
/frameworks/base/services/net/java/android/net/apf/ApfFilter.java
|
961ca49fd67b39d8076ea49d12d2fda73f581399 |
|
02-Sep-2016 |
Hugo Benichi <hugobenichi@google.com> |
Better IPv4 multicast coverage in ApfTest This patch improves the test coverage of ApfFilter for IPv4 broadcast and multicast traffic. Bug: 30231088 Change-Id: I2e1d5d5a7cbae17f3d5978a4cf5f10666b5c6104
/frameworks/base/services/net/java/android/net/apf/ApfFilter.java
|
4b545b04f6533b5e0377f2d2dec219ad816e47ed |
|
20-Jul-2016 |
Paul Jensen <pauljensen@google.com> |
Sanity check ICMP6 router advertisement packets There is a chance a packet can slip by before we install the filter on our socket listening for RAs, so add some basic sanity checking to make sure we've recieved an RA. Change-Id: I14cf84a0814896a41e00f50af376dfc4988d36cb Fixes: 29586253
/frameworks/base/services/net/java/android/net/apf/ApfFilter.java
|
38db976514ff2ad12d207a927219762eab179882 |
|
12-Jul-2016 |
Hugo Benichi <hugobenichi@google.com> |
APF: filter unwanted ARP replies This patch adds APF filtering of ARP replies for interfaces with APF. - when the interface has no IPv4 address, broadcast ARP replies with a 0.0.0.0 target ip are dropped (GARP), ARP requests with a 0.0.0.0 target ip are dropped. - when the interface has an IPv4 address, broadcast ARP replies to a different ip are dropped (including GARPs to 0.0.0.0), ARP requests to a different ip are dropped. Bug: 29404209 Bug: 30080487 Change-Id: I82613eb865c7f38b6260997fe2caf2aff382ad78
/frameworks/base/services/net/java/android/net/apf/ApfFilter.java
|
6ccd51a338fed39217cb3a5c0f229ed547918634 |
|
04-Jul-2016 |
Hugo Benichi <hugobenichi@google.com> |
IpConn metrics: correctly read RA lifetimes This patch - adds a Builder class for RaEvent. - uses this Builder class for correctly recording the minimum lifetime seen for every ICMP6 options tracked, instead of recording the last lifetime seen. - adds unit test coverage for RaEvent logging. Change-Id: I6443932f5cf7a613a5c695c65a60eab01e60602a
/frameworks/base/services/net/java/android/net/apf/ApfFilter.java
|
cfbf7414a14cf91d1b5c83154aab54c32d6be76a |
|
23-Jun-2016 |
Hugo Benichi <hugobenichi@google.com> |
Record events for RA option lifetimes This patch defines a new android.net.metrics.RaEvent class carrying lifetime values contained in RA packets. RaEvent are recorded when ApfFilter processes a new RA for which there is no match. Example: ConnectivityMetricsEvent(15:39:39.808, 0, 0): RaEvent(lifetimes: router=3600s, prefix_valid=2592000s, prefix_preferred=604800s, route_info=-1s, dnssl=-1s, rdnss=3600s) Change-Id: Ia28652e03ed442d5f2a686ef5b3fafbcb77c503a
/frameworks/base/services/net/java/android/net/apf/ApfFilter.java
|
647c86d70a0f2162dcc95854e9dccb925c16ecf3 |
|
07-Jun-2016 |
Hugo Benichi <hugobenichi@google.com> |
Log RA listening statistics This patch adds a new ApfStats event class that counts RA packet reception statistics on the RA listener thread of ApfFilter and reports the maximum program size advertised by hardware. Statistics are gathered for the lifetime of a network with APF capabilities and uploaded at network teardown when the listener thread exits. Example event: ConnectivityMetricsEvent(15:44:23.741, 0, 0): ApfStats(284945ms 2048B RA: 2 received, 0 matching, 0 ignored, 0 expired, 0 parse errors, 2 program updates) Bug: 28204408 Change-Id: Id2eaafdca97f61152a4b66d06061c971bc0aba4c
/frameworks/base/services/net/java/android/net/apf/ApfFilter.java
|
4fc3ee5be223122792ebc0ee8a05c93d93e26a52 |
|
02-Jun-2016 |
Hugo Benichi <hugobenichi@google.com> |
Log events at APF program generation Example: ConnectivityMetricsEvent(15:24:52.018, 0, 0): ApfProgramEvent(0/0 RAs 121B forever FLAG_MULTICAST_FILTER_ON) ConnectivityMetricsEvent(15:24:53.036, 0, 0): ApfProgramEvent(1/1 RAs 334B 600s) ConnectivityMetricsEvent(15:24:53.590, 0, 0): ApfProgramEvent(1/1 RAs 360B 600s FLAG_MULTICAST_FILTER_ON, FLAG_HAS_IPV4_ADDRESS) ConnectivityMetricsEvent(15:24:58.157, 0, 0): ApfProgramEvent(1/1 RAs 294B 599s FLAG_HAS_IPV4_ADDRESS) Bug: 28204408 Change-Id: I9c4c82861cf42eb2c7e7bf5471f05e8ff2fc560c
/frameworks/base/services/net/java/android/net/apf/ApfFilter.java
|
8995d85b9432387520c9f04a69251536754b996b |
|
23-Jun-2016 |
Lorenzo Colitti <lorenzo@google.com> |
Don't loop forever on 0-length options. A malformed RA could cause the Ra constructor in ApfFilter to enter an infinite loop while holding the class lock. This blocks IpManager until reboot and drains the battery. Bug: 29586253 Change-Id: Idaa46b3bc50371db076630881883807c2fa21674
/frameworks/base/services/net/java/android/net/apf/ApfFilter.java
|
f8a01e84317fcb9d27a294e95603b846143c7fcb |
|
26-May-2016 |
Paul Jensen <pauljensen@google.com> |
Don't drop IPv4 broadcast packets when WiFi multicast lock is held IPv4 broadcast packets can be very common (e.g. every 2s) so they need to be dropped in the general case. They also may be critical for certain discovery protocols, so allow them through with APF when the WiFi multicast lock is held. Bug: 26238573 Change-Id: I03e09a2b9c779da5da775e78b95e9e0339720eaf
/frameworks/base/services/net/java/android/net/apf/ApfFilter.java
|
11e13e2175674389ed18c2b1e1af69c5ad931e8f |
|
19-May-2016 |
Lorenzo Colitti <lorenzo@google.com> |
Support IPv6 multicast filtering in APF. For now this just drops all non-ICMPv6 packets to ff00::/8 when mMulticastFilter is true. Multicast ICMPv6 is already mostly dealt with by other filters - the L2 multicast filter, the RA filter, the multicast NA filter, and ND offload. Bug: 28393601 Change-Id: Ia7b0d4f00fac6710093befe6a726b46677a5f20b
/frameworks/base/services/net/java/android/net/apf/ApfFilter.java
|
90ba8cf3799fa60138d212e092cc7f0a5e79374f |
|
13-May-2016 |
Paul Jensen <pauljensen@google.com> |
Merge "Use APF program to drop non-IP non-ARP broadcasts" into nyc-dev
|
9132f34976f16a626c2ec1d3d90624d71e054346 |
|
13-Apr-2016 |
Paul Jensen <pauljensen@google.com> |
ApfFilter unit test Bug: 26238573 Change-Id: I5171038228782bd54e91f5bcc663cc529d2c1150
/frameworks/base/services/net/java/android/net/apf/ApfFilter.java
|
dd7bee87725795d0d71c5f6a309dda78df957d8a |
|
06-May-2016 |
Paul Jensen <pauljensen@google.com> |
Use APF program to drop non-IP non-ARP broadcasts This used to be done by some WiFi firmwares but should now be done by APF for consistency across the board. Bug: 28304368 Change-Id: Ic75f408affc1f56e1ecf4d347d0c287aa72250bf
/frameworks/base/services/net/java/android/net/apf/ApfFilter.java
|
91723d7f7ecc07e9bfa84c445213acf1dec0664f |
|
14-Apr-2016 |
Paul Jensen <pauljensen@google.com> |
Avoid APF JNEBS instruction with R1 as it doesn't work APF version 2 and prior versions fail to execute JNEBS with R1 argument. The APF interpreter tries to use R1's value as the number of bytes to compare, as well as the offset within the packet to compare at. This change makes ApfFilter avoid using this and makes the APF generator throw if this is used. This was limiting the IPv4 filter, causing it to only drop multicast (when multicast filtering was enabled), rather than a wider range of broadcast packets. Bug: 28206777 Change-Id: I8d116e024e8bd641b21053c6b1defc734d744467
/frameworks/base/services/net/java/android/net/apf/ApfFilter.java
|
059e2bb376418aeb16551866c384dd1be032db62 |
|
08-Apr-2016 |
Lorenzo Colitti <lorenzo@google.com> |
More APF debuggability. 1. Decode RDNSS options. 2. Keep track of how many times the program was updated. 3. Remove the leading / from the IPv4 address. Change-Id: Ida0518a94ea7d952c82c8181b09044eff907b714
/frameworks/base/services/net/java/android/net/apf/ApfFilter.java
|
cd404a2fc34a967f0763fb3b6b43f56a5d8014e8 |
|
05-Apr-2016 |
Lorenzo Colitti <lorenzo@google.com> |
Merge "Add APF code to drop ARP IPv4 requests not for us" into nyc-dev
|
a8458c0363851c7324a8e64efe9f73d0bb6ef0b4 |
|
25-Mar-2016 |
Paul Jensen <pauljensen@google.com> |
Add APF code to drop ARP IPv4 requests not for us The WiFi chipset's ARP offload may handle this when the AP is asleep, but when the AP is awake and the chipset is in wake-on-wifi mode use APF to filter these packets. Bug: 27477163 Change-Id: I180c08bd7301a1af9c3f728ff3cba06ca4e1022d
/frameworks/base/services/net/java/android/net/apf/ApfFilter.java
|
10d70bff61af5b9c88ce2a3124b2ffbc3a3424fb |
|
05-Apr-2016 |
Paul Jensen <pauljensen@google.com> |
Merge "Fix potential ApfFilter bugs by careful ByteBuffer use" into nyc-dev
|
2e074db972355a77f91378b5b1daceb500dde019 |
|
25-Mar-2016 |
Paul Jensen <pauljensen@google.com> |
Plumb WiFi multicast filter through to ApfFilter Use APF to implement WifiManager.MulticastLock, if APF isn't available fallback to the present behavior of using DRIVER RXFILTER. Since we don't know whether APF is supported until we're connected, postpone enabling/disabling the multicast filter until then; this should be fine as there isn't much need to filter packets if there aren't any packets going by since we're not connected. Bug: 26238573 Change-Id: I862c053f1c8c3a41de50c2951cf14b3ca6923a2a
/frameworks/base/services/net/java/android/net/apf/ApfFilter.java
|
1c71cb3e728c5f7b3bc76daf581e108ed5c0fa3c |
|
25-Mar-2016 |
Paul Jensen <pauljensen@google.com> |
Fix potential ApfFilter bugs by careful ByteBuffer use Avoid adjusting ApfFilter.Ra.mPacket's postion() and limit() in matches(). This avoids potential bugs in other parts of the code that previously relied on limit() being reset. Also for good measure change some limit() calls to capacity() as it's more final. Change-Id: I466e87ce6838f68654b24f2c9543a6cd547d3f87
/frameworks/base/services/net/java/android/net/apf/ApfFilter.java
|
f21b4dc1d6e9cc3fc164828e9eba33445c0801d0 |
|
18-Mar-2016 |
Paul Jensen <pauljensen@google.com> |
Move ApfFilter from ConnectivityService to IpManager There's a few advantages to having ApfFilter in IpManager: 1. If things go wrong, crashing a particular transport is less bad then crashing ConnectivityService. We also don't want to use ConnectivityService as a dumping ground for transport-specific logic. 2. This makes implementing WifiManager.MulticastLock a lot simpler and safer because enabling/disabling it doesn't have to go through the NetworkAgent, which could risk various races (e.g. installing a filter into the wrong WiFi network). 3. IpManager is the ultimate source for LinkProperties for a particular transport and since ApfFilter uses the LinkProperties it's better to have it closely paired with the IpManager. Likewise, ApfFilter needs to know the APF capabilities of the transport, so having it in the transport avoids having to parcel this information through the NetworkAgent. Bug: 26238573 Change-Id: I99b85f2b64972f0e7572170ec5d1926081aa3429
/frameworks/base/services/net/java/android/net/apf/ApfFilter.java
|