Cross Reference: /frameworks/base/services/net/java/android/net/apf/ApfFilter.java

History log of /frameworks/base/services/net/java/android/net/apf/ApfFilter.java
Revision	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
22d9b2d430c9a4fe17b54811bb77289b821e32db	22-Feb-2017	Hugo Benichi <hugobenichi@google.com>	IP connectivity metrics: add new APF counters. This patch adds a few missing counters to APF events: - an actual lifetime duration to ApfProgramEvent. - counters for total number of updates to ApfStatistics. ApfProgramEvents are now recorded at program removal in order to populate the actual lifetime of the program. ApfProgramEvents whose actual lifetime was less than 1 second are filtered out. Finally, instance fields of ApfProgramEvent and ApfStats classes are made mutable to allow for simple record-like creation. This was not possible when these classes were tagged @SystemApi. Test: - manually verified output of $ dumpsys connmetrics list - unit tests updated. Bug: 34901696 Change-Id: I02694ebb9421ce1c2aa757fa6aa209d19a654dcd /frameworks/base/services/net/java/android/net/apf/ApfFilter.java
4456f33a958a7f09e608399da83c4d12b2e7d191	19-Dec-2016	Hugo Benichi <hugobenichi@google.com>	ApfTest: fix flaky testApfFilterRa. testApfFilterRa is failing with probabiliy 1/10 ~ 1/15 on the following assert: assertDrop(program, packet, lifetime/6), for lifetime values that are multiple of 6, where 6 is the hardcoded fraction of RA lifetime to filter in ApfFilter.java. When the lifetime is not a multiple of 6, the remainder of 1 to 5 seconds gives enough margin so that when the APF program is simulated the faked lifetime of the program is less than lifetime/6 away and the packet is dropped. However for lifetimes which are exact multiples of 6, this margin is always 0s and that result in nondeterminism in the result. This is consistent with the obervation that the only failed assert was for a lifetime of 300s, the only multiple of 6. This can be observed by detecting the age limit at which the filter stops dropping packet oscillating between lifetime/6 and lifetime/6 + 1 for lifetimes which are multiple of 6. This patch fixes the flakyness by freezing the flow of time in tests so that the expected filter age threshold is consistent and stable. Test: no failure observed in 1000 runs. Bug: 32561414 Change-Id: I5251d047039f34b82ce8a5d20ae46563e1e0cce8 /frameworks/base/services/net/java/android/net/apf/ApfFilter.java
02428988ad90a2bd294b9ce752c2fced5b649519	02-Dec-2016	Hugo Benichi <hugobenichi@google.com>	DO NOT MERGE: APF: also drop any ICMPv6 RSs Test: new unit test + $ runtest franeworks-net Bug: 32833400 (cherry picked from commit f98182ef5e80ede5de7f2c2a5f40fc92a46c9704) Change-Id: Ifaf6e778c811c7d865c790a293b1fce3f43cad1c /frameworks/base/services/net/java/android/net/apf/ApfFilter.java
dafc44ea11972b3152e67dc305a98d658f1465ba	17-Oct-2016	Hugo Benichi <hugobenichi@google.com>	DO NOT MERGE: ApfFilter: use elapsedRealTime for RA lifetime This patch replaces System.currentTimeMillis() with SystemClock.elapsedRealTime() to make RA lifetime computation more resilient to various external events inducing jumps in currentTimeMillis(). Test: ApfTest passes. (cherry picked from commit 305af8e98a4fce712c1a93daf3b050dac2e8b91a) Change-Id: If19011fc0c905948f2e42b975cfcc5f8672a95fb /frameworks/base/services/net/java/android/net/apf/ApfFilter.java
4104ff922040540b73f79f0f89dab3ae42b50462	13-Oct-2016	Hugo Benichi <hugobenichi@google.com>	DO NOT MERGE: ApfFilter: systematically use u8, u16, u32 getters This patch adds a getUint8 getter for ByteBuffers and changes ApfFilter to make uses of getUint8/16/32 everywhere. The return types of getUint16 is also changed from long to int, which will expand gracefully to long as an unsigned int as it is guaranteed to be positive after getUint16. Test: ApfTest passes (cherry picked from commit 995dd94673005b43d32456e2de5fda0090b23576) Change-Id: I606ebc5aedfcacde400d27cc6bc37145769b122c /frameworks/base/services/net/java/android/net/apf/ApfFilter.java
0668a61d82a424fb3714b6222f0e4213c18fc7b1	06-Oct-2016	Hugo Benichi <hugobenichi@google.com>	DO NOT MERGE: Add fuzzing tests to ApfFilter RA processing Test: added new unit tests (cherry picked from commit 8acea76a2b7555b3bd5ca1170cca9d09e979fafc) Change-Id: I847d7e4895766042043c0bba1c9b9a698a705d87 /frameworks/base/services/net/java/android/net/apf/ApfFilter.java
7d21eaedade0e01bed665dd2e4ba15e0c217237c	02-Sep-2016	Hugo Benichi <hugobenichi@google.com>	ApfFilter: take into account IPv4 subnet prefix When IPv4 is provisioned on an interface with Apf capabilities, ApfFilter will only keep track of the raw ipv4 address, with no information about the subnet or prefix length. This patch adds the missing prefix length information to ApfFilter. This allows to calculate the subnet broadcast ipv4 address for more precise ipv4 broadcast filtering when the multicast lock is not held. Bug: 30231088 Change-Id: Iebaec040703647c4ced30bb585be173e97a1fae5 /frameworks/base/services/net/java/android/net/apf/ApfFilter.java
0dc1d314709d579ccdc3fc59a5f66557f6cd319d	01-Sep-2016	Hugo Benichi <hugobenichi@google.com>	ApfFilter: more precise IPv4 broadcast filter This patch refines the Apf IPv4 filter for interfaces with Apf capabilities to drop packets when: - the multicast lock is not held - the packet is an IPv4 packet - the packet is not a DHCP packet addressed to us - the packet is L2 broadcast, or IPv4 multicast, or IPv4 broadcast - caveat: subnet broadcast address is not checked. This allows to drop IPv4 broadcast packets whose MAC destination address is not the L2 broadcast address but the current address of the interface. Such packets can be received on network that rewrite L2 addresses and can put significant pressure on battery by waking up the phone unnecessarily. Bug: 30231088 Change-Id: I8b1785fc5ceadaa1f2881765983e502135dcbc46 /frameworks/base/services/net/java/android/net/apf/ApfFilter.java
961ca49fd67b39d8076ea49d12d2fda73f581399	02-Sep-2016	Hugo Benichi <hugobenichi@google.com>	Better IPv4 multicast coverage in ApfTest This patch improves the test coverage of ApfFilter for IPv4 broadcast and multicast traffic. Bug: 30231088 Change-Id: I2e1d5d5a7cbae17f3d5978a4cf5f10666b5c6104 /frameworks/base/services/net/java/android/net/apf/ApfFilter.java
4b545b04f6533b5e0377f2d2dec219ad816e47ed	20-Jul-2016	Paul Jensen <pauljensen@google.com>	Sanity check ICMP6 router advertisement packets There is a chance a packet can slip by before we install the filter on our socket listening for RAs, so add some basic sanity checking to make sure we've recieved an RA. Change-Id: I14cf84a0814896a41e00f50af376dfc4988d36cb Fixes: 29586253 /frameworks/base/services/net/java/android/net/apf/ApfFilter.java
38db976514ff2ad12d207a927219762eab179882	12-Jul-2016	Hugo Benichi <hugobenichi@google.com>	APF: filter unwanted ARP replies This patch adds APF filtering of ARP replies for interfaces with APF. - when the interface has no IPv4 address, broadcast ARP replies with a 0.0.0.0 target ip are dropped (GARP), ARP requests with a 0.0.0.0 target ip are dropped. - when the interface has an IPv4 address, broadcast ARP replies to a different ip are dropped (including GARPs to 0.0.0.0), ARP requests to a different ip are dropped. Bug: 29404209 Bug: 30080487 Change-Id: I82613eb865c7f38b6260997fe2caf2aff382ad78 /frameworks/base/services/net/java/android/net/apf/ApfFilter.java
6ccd51a338fed39217cb3a5c0f229ed547918634	04-Jul-2016	Hugo Benichi <hugobenichi@google.com>	IpConn metrics: correctly read RA lifetimes This patch - adds a Builder class for RaEvent. - uses this Builder class for correctly recording the minimum lifetime seen for every ICMP6 options tracked, instead of recording the last lifetime seen. - adds unit test coverage for RaEvent logging. Change-Id: I6443932f5cf7a613a5c695c65a60eab01e60602a /frameworks/base/services/net/java/android/net/apf/ApfFilter.java
cfbf7414a14cf91d1b5c83154aab54c32d6be76a	23-Jun-2016	Hugo Benichi <hugobenichi@google.com>	Record events for RA option lifetimes This patch defines a new android.net.metrics.RaEvent class carrying lifetime values contained in RA packets. RaEvent are recorded when ApfFilter processes a new RA for which there is no match. Example: ConnectivityMetricsEvent(15:39:39.808, 0, 0): RaEvent(lifetimes: router=3600s, prefix_valid=2592000s, prefix_preferred=604800s, route_info=-1s, dnssl=-1s, rdnss=3600s) Change-Id: Ia28652e03ed442d5f2a686ef5b3fafbcb77c503a /frameworks/base/services/net/java/android/net/apf/ApfFilter.java
647c86d70a0f2162dcc95854e9dccb925c16ecf3	07-Jun-2016	Hugo Benichi <hugobenichi@google.com>	Log RA listening statistics This patch adds a new ApfStats event class that counts RA packet reception statistics on the RA listener thread of ApfFilter and reports the maximum program size advertised by hardware. Statistics are gathered for the lifetime of a network with APF capabilities and uploaded at network teardown when the listener thread exits. Example event: ConnectivityMetricsEvent(15:44:23.741, 0, 0): ApfStats(284945ms 2048B RA: 2 received, 0 matching, 0 ignored, 0 expired, 0 parse errors, 2 program updates) Bug: 28204408 Change-Id: Id2eaafdca97f61152a4b66d06061c971bc0aba4c /frameworks/base/services/net/java/android/net/apf/ApfFilter.java
4fc3ee5be223122792ebc0ee8a05c93d93e26a52	02-Jun-2016	Hugo Benichi <hugobenichi@google.com>	Log events at APF program generation Example: ConnectivityMetricsEvent(15:24:52.018, 0, 0): ApfProgramEvent(0/0 RAs 121B forever FLAG_MULTICAST_FILTER_ON) ConnectivityMetricsEvent(15:24:53.036, 0, 0): ApfProgramEvent(1/1 RAs 334B 600s) ConnectivityMetricsEvent(15:24:53.590, 0, 0): ApfProgramEvent(1/1 RAs 360B 600s FLAG_MULTICAST_FILTER_ON, FLAG_HAS_IPV4_ADDRESS) ConnectivityMetricsEvent(15:24:58.157, 0, 0): ApfProgramEvent(1/1 RAs 294B 599s FLAG_HAS_IPV4_ADDRESS) Bug: 28204408 Change-Id: I9c4c82861cf42eb2c7e7bf5471f05e8ff2fc560c /frameworks/base/services/net/java/android/net/apf/ApfFilter.java
8995d85b9432387520c9f04a69251536754b996b	23-Jun-2016	Lorenzo Colitti <lorenzo@google.com>	Don't loop forever on 0-length options. A malformed RA could cause the Ra constructor in ApfFilter to enter an infinite loop while holding the class lock. This blocks IpManager until reboot and drains the battery. Bug: 29586253 Change-Id: Idaa46b3bc50371db076630881883807c2fa21674 /frameworks/base/services/net/java/android/net/apf/ApfFilter.java
f8a01e84317fcb9d27a294e95603b846143c7fcb	26-May-2016	Paul Jensen <pauljensen@google.com>	Don't drop IPv4 broadcast packets when WiFi multicast lock is held IPv4 broadcast packets can be very common (e.g. every 2s) so they need to be dropped in the general case. They also may be critical for certain discovery protocols, so allow them through with APF when the WiFi multicast lock is held. Bug: 26238573 Change-Id: I03e09a2b9c779da5da775e78b95e9e0339720eaf /frameworks/base/services/net/java/android/net/apf/ApfFilter.java
11e13e2175674389ed18c2b1e1af69c5ad931e8f	19-May-2016	Lorenzo Colitti <lorenzo@google.com>	Support IPv6 multicast filtering in APF. For now this just drops all non-ICMPv6 packets to ff00::/8 when mMulticastFilter is true. Multicast ICMPv6 is already mostly dealt with by other filters - the L2 multicast filter, the RA filter, the multicast NA filter, and ND offload. Bug: 28393601 Change-Id: Ia7b0d4f00fac6710093befe6a726b46677a5f20b /frameworks/base/services/net/java/android/net/apf/ApfFilter.java
90ba8cf3799fa60138d212e092cc7f0a5e79374f	13-May-2016	Paul Jensen <pauljensen@google.com>	Merge "Use APF program to drop non-IP non-ARP broadcasts" into nyc-dev
9132f34976f16a626c2ec1d3d90624d71e054346	13-Apr-2016	Paul Jensen <pauljensen@google.com>	ApfFilter unit test Bug: 26238573 Change-Id: I5171038228782bd54e91f5bcc663cc529d2c1150 /frameworks/base/services/net/java/android/net/apf/ApfFilter.java
dd7bee87725795d0d71c5f6a309dda78df957d8a	06-May-2016	Paul Jensen <pauljensen@google.com>	Use APF program to drop non-IP non-ARP broadcasts This used to be done by some WiFi firmwares but should now be done by APF for consistency across the board. Bug: 28304368 Change-Id: Ic75f408affc1f56e1ecf4d347d0c287aa72250bf /frameworks/base/services/net/java/android/net/apf/ApfFilter.java
91723d7f7ecc07e9bfa84c445213acf1dec0664f	14-Apr-2016	Paul Jensen <pauljensen@google.com>	Avoid APF JNEBS instruction with R1 as it doesn't work APF version 2 and prior versions fail to execute JNEBS with R1 argument. The APF interpreter tries to use R1's value as the number of bytes to compare, as well as the offset within the packet to compare at. This change makes ApfFilter avoid using this and makes the APF generator throw if this is used. This was limiting the IPv4 filter, causing it to only drop multicast (when multicast filtering was enabled), rather than a wider range of broadcast packets. Bug: 28206777 Change-Id: I8d116e024e8bd641b21053c6b1defc734d744467 /frameworks/base/services/net/java/android/net/apf/ApfFilter.java
059e2bb376418aeb16551866c384dd1be032db62	08-Apr-2016	Lorenzo Colitti <lorenzo@google.com>	More APF debuggability. 1. Decode RDNSS options. 2. Keep track of how many times the program was updated. 3. Remove the leading / from the IPv4 address. Change-Id: Ida0518a94ea7d952c82c8181b09044eff907b714 /frameworks/base/services/net/java/android/net/apf/ApfFilter.java
cd404a2fc34a967f0763fb3b6b43f56a5d8014e8	05-Apr-2016	Lorenzo Colitti <lorenzo@google.com>	Merge "Add APF code to drop ARP IPv4 requests not for us" into nyc-dev
a8458c0363851c7324a8e64efe9f73d0bb6ef0b4	25-Mar-2016	Paul Jensen <pauljensen@google.com>	Add APF code to drop ARP IPv4 requests not for us The WiFi chipset's ARP offload may handle this when the AP is asleep, but when the AP is awake and the chipset is in wake-on-wifi mode use APF to filter these packets. Bug: 27477163 Change-Id: I180c08bd7301a1af9c3f728ff3cba06ca4e1022d /frameworks/base/services/net/java/android/net/apf/ApfFilter.java
10d70bff61af5b9c88ce2a3124b2ffbc3a3424fb	05-Apr-2016	Paul Jensen <pauljensen@google.com>	Merge "Fix potential ApfFilter bugs by careful ByteBuffer use" into nyc-dev
2e074db972355a77f91378b5b1daceb500dde019	25-Mar-2016	Paul Jensen <pauljensen@google.com>	Plumb WiFi multicast filter through to ApfFilter Use APF to implement WifiManager.MulticastLock, if APF isn't available fallback to the present behavior of using DRIVER RXFILTER. Since we don't know whether APF is supported until we're connected, postpone enabling/disabling the multicast filter until then; this should be fine as there isn't much need to filter packets if there aren't any packets going by since we're not connected. Bug: 26238573 Change-Id: I862c053f1c8c3a41de50c2951cf14b3ca6923a2a /frameworks/base/services/net/java/android/net/apf/ApfFilter.java
1c71cb3e728c5f7b3bc76daf581e108ed5c0fa3c	25-Mar-2016	Paul Jensen <pauljensen@google.com>	Fix potential ApfFilter bugs by careful ByteBuffer use Avoid adjusting ApfFilter.Ra.mPacket's postion() and limit() in matches(). This avoids potential bugs in other parts of the code that previously relied on limit() being reset. Also for good measure change some limit() calls to capacity() as it's more final. Change-Id: I466e87ce6838f68654b24f2c9543a6cd547d3f87 /frameworks/base/services/net/java/android/net/apf/ApfFilter.java
f21b4dc1d6e9cc3fc164828e9eba33445c0801d0	18-Mar-2016	Paul Jensen <pauljensen@google.com>	Move ApfFilter from ConnectivityService to IpManager There's a few advantages to having ApfFilter in IpManager: 1. If things go wrong, crashing a particular transport is less bad then crashing ConnectivityService. We also don't want to use ConnectivityService as a dumping ground for transport-specific logic. 2. This makes implementing WifiManager.MulticastLock a lot simpler and safer because enabling/disabling it doesn't have to go through the NetworkAgent, which could risk various races (e.g. installing a filter into the wrong WiFi network). 3. IpManager is the ultimate source for LinkProperties for a particular transport and since ApfFilter uses the LinkProperties it's better to have it closely paired with the IpManager. Likewise, ApfFilter needs to know the APF capabilities of the transport, so having it in the transport avoids having to parcel this information through the NetworkAgent. Bug: 26238573 Change-Id: I99b85f2b64972f0e7572170ec5d1926081aa3429 /frameworks/base/services/net/java/android/net/apf/ApfFilter.java