Search in sources :

Example 16 with ApfFilter

use of android.net.apf.ApfFilter in project android_frameworks_base by ResurrectionRemix.

the class ApfTest method testApfFilterIPv4.

@LargeTest
public void testApfFilterIPv4() throws Exception {
    MockIpManagerCallback ipManagerCallback = new MockIpManagerCallback();
    LinkAddress link = new LinkAddress(InetAddress.getByAddress(MOCK_IPV4_ADDR), 19);
    LinkProperties lp = new LinkProperties();
    lp.addLinkAddress(link);
    ApfFilter apfFilter = new TestApfFilter(ipManagerCallback, DROP_MULTICAST, mLog);
    apfFilter.setLinkProperties(lp);
    byte[] program = ipManagerCallback.getApfProgram();
    // Verify empty packet of 100 zero bytes is passed
    ByteBuffer packet = ByteBuffer.wrap(new byte[100]);
    assertPass(program, packet.array());
    // Verify unicast IPv4 packet is passed
    put(packet, ETH_DEST_ADDR_OFFSET, TestApfFilter.MOCK_MAC_ADDR);
    packet.putShort(ETH_ETHERTYPE_OFFSET, (short) ETH_P_IP);
    put(packet, IPV4_DEST_ADDR_OFFSET, MOCK_IPV4_ADDR);
    assertPass(program, packet.array());
    // Verify L2 unicast to IPv4 broadcast addresses is dropped (b/30231088)
    put(packet, IPV4_DEST_ADDR_OFFSET, IPV4_BROADCAST_ADDRESS);
    assertDrop(program, packet.array());
    put(packet, IPV4_DEST_ADDR_OFFSET, MOCK_BROADCAST_IPV4_ADDR);
    assertDrop(program, packet.array());
    // Verify multicast/broadcast IPv4, not DHCP to us, is dropped
    put(packet, ETH_DEST_ADDR_OFFSET, ETH_BROADCAST_MAC_ADDRESS);
    assertDrop(program, packet.array());
    packet.put(IPV4_VERSION_IHL_OFFSET, (byte) 0x45);
    assertDrop(program, packet.array());
    packet.put(IPV4_PROTOCOL_OFFSET, (byte) IPPROTO_UDP);
    assertDrop(program, packet.array());
    packet.putShort(UDP_DESTINATION_PORT_OFFSET, (short) DHCP_CLIENT_PORT);
    assertDrop(program, packet.array());
    put(packet, IPV4_DEST_ADDR_OFFSET, MOCK_MULTICAST_IPV4_ADDR);
    assertDrop(program, packet.array());
    put(packet, IPV4_DEST_ADDR_OFFSET, MOCK_BROADCAST_IPV4_ADDR);
    assertDrop(program, packet.array());
    put(packet, IPV4_DEST_ADDR_OFFSET, IPV4_BROADCAST_ADDRESS);
    assertDrop(program, packet.array());
    // Verify broadcast IPv4 DHCP to us is passed
    put(packet, DHCP_CLIENT_MAC_OFFSET, TestApfFilter.MOCK_MAC_ADDR);
    assertPass(program, packet.array());
    // Verify unicast IPv4 DHCP to us is passed
    put(packet, ETH_DEST_ADDR_OFFSET, TestApfFilter.MOCK_MAC_ADDR);
    assertPass(program, packet.array());
    apfFilter.shutdown();
}
Also used : LinkAddress(android.net.LinkAddress) ApfFilter(android.net.apf.ApfFilter) LinkProperties(android.net.LinkProperties) ByteBuffer(java.nio.ByteBuffer) LargeTest(android.test.suitebuilder.annotation.LargeTest)

Example 17 with ApfFilter

use of android.net.apf.ApfFilter in project android_frameworks_base by crdroidandroid.

the class IpManager method dump.

public void dump(FileDescriptor fd, PrintWriter writer, String[] args) {
    if (args != null && args.length > 0 && DUMP_ARG_CONFIRM.equals(args[0])) {
        // Execute confirmConfiguration() and take no further action.
        confirmConfiguration();
        return;
    }
    IndentingPrintWriter pw = new IndentingPrintWriter(writer, "  ");
    pw.println(mTag + " APF dump:");
    pw.increaseIndent();
    // Thread-unsafe access to mApfFilter but just used for debugging.
    ApfFilter apfFilter = mApfFilter;
    if (apfFilter != null) {
        apfFilter.dump(pw);
    } else {
        pw.println("No apf support");
    }
    pw.decreaseIndent();
    pw.println();
    pw.println(mTag + " StateMachine dump:");
    pw.increaseIndent();
    mLocalLog.readOnlyLocalLog().dump(fd, pw, args);
    pw.decreaseIndent();
    pw.println();
    pw.println(mTag + " connectivity packet log:");
    pw.increaseIndent();
    mConnectivityPacketLog.readOnlyLocalLog().dump(fd, pw, args);
    pw.decreaseIndent();
}
Also used : ApfFilter(android.net.apf.ApfFilter) IndentingPrintWriter(com.android.internal.util.IndentingPrintWriter)

Example 18 with ApfFilter

use of android.net.apf.ApfFilter in project android_frameworks_base by crdroidandroid.

the class ApfTest method testApfFilterIPv4.

@LargeTest
public void testApfFilterIPv4() throws Exception {
    MockIpManagerCallback ipManagerCallback = new MockIpManagerCallback();
    LinkAddress link = new LinkAddress(InetAddress.getByAddress(MOCK_IPV4_ADDR), 19);
    LinkProperties lp = new LinkProperties();
    lp.addLinkAddress(link);
    ApfFilter apfFilter = new TestApfFilter(ipManagerCallback, DROP_MULTICAST, mLog);
    apfFilter.setLinkProperties(lp);
    byte[] program = ipManagerCallback.getApfProgram();
    // Verify empty packet of 100 zero bytes is passed
    ByteBuffer packet = ByteBuffer.wrap(new byte[100]);
    assertPass(program, packet.array());
    // Verify unicast IPv4 packet is passed
    put(packet, ETH_DEST_ADDR_OFFSET, TestApfFilter.MOCK_MAC_ADDR);
    packet.putShort(ETH_ETHERTYPE_OFFSET, (short) ETH_P_IP);
    put(packet, IPV4_DEST_ADDR_OFFSET, MOCK_IPV4_ADDR);
    assertPass(program, packet.array());
    // Verify L2 unicast to IPv4 broadcast addresses is dropped (b/30231088)
    put(packet, IPV4_DEST_ADDR_OFFSET, IPV4_BROADCAST_ADDRESS);
    assertDrop(program, packet.array());
    put(packet, IPV4_DEST_ADDR_OFFSET, MOCK_BROADCAST_IPV4_ADDR);
    assertDrop(program, packet.array());
    // Verify multicast/broadcast IPv4, not DHCP to us, is dropped
    put(packet, ETH_DEST_ADDR_OFFSET, ETH_BROADCAST_MAC_ADDRESS);
    assertDrop(program, packet.array());
    packet.put(IPV4_VERSION_IHL_OFFSET, (byte) 0x45);
    assertDrop(program, packet.array());
    packet.put(IPV4_PROTOCOL_OFFSET, (byte) IPPROTO_UDP);
    assertDrop(program, packet.array());
    packet.putShort(UDP_DESTINATION_PORT_OFFSET, (short) DHCP_CLIENT_PORT);
    assertDrop(program, packet.array());
    put(packet, IPV4_DEST_ADDR_OFFSET, MOCK_MULTICAST_IPV4_ADDR);
    assertDrop(program, packet.array());
    put(packet, IPV4_DEST_ADDR_OFFSET, MOCK_BROADCAST_IPV4_ADDR);
    assertDrop(program, packet.array());
    put(packet, IPV4_DEST_ADDR_OFFSET, IPV4_BROADCAST_ADDRESS);
    assertDrop(program, packet.array());
    // Verify broadcast IPv4 DHCP to us is passed
    put(packet, DHCP_CLIENT_MAC_OFFSET, TestApfFilter.MOCK_MAC_ADDR);
    assertPass(program, packet.array());
    // Verify unicast IPv4 DHCP to us is passed
    put(packet, ETH_DEST_ADDR_OFFSET, TestApfFilter.MOCK_MAC_ADDR);
    assertPass(program, packet.array());
    apfFilter.shutdown();
}
Also used : LinkAddress(android.net.LinkAddress) ApfFilter(android.net.apf.ApfFilter) LinkProperties(android.net.LinkProperties) ByteBuffer(java.nio.ByteBuffer) LargeTest(android.test.suitebuilder.annotation.LargeTest)

Example 19 with ApfFilter

use of android.net.apf.ApfFilter in project android_frameworks_base by crdroidandroid.

the class ApfTest method testApfFilterMulticast.

@LargeTest
public void testApfFilterMulticast() throws Exception {
    final byte[] unicastIpv4Addr = { (byte) 192, 0, 2, 63 };
    final byte[] broadcastIpv4Addr = { (byte) 192, 0, 2, (byte) 255 };
    final byte[] multicastIpv4Addr = { (byte) 224, 0, 0, 1 };
    final byte[] multicastIpv6Addr = { (byte) 0xff, 2, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, (byte) 0xfb };
    MockIpManagerCallback ipManagerCallback = new MockIpManagerCallback();
    LinkAddress link = new LinkAddress(InetAddress.getByAddress(unicastIpv4Addr), 24);
    LinkProperties lp = new LinkProperties();
    lp.addLinkAddress(link);
    ApfFilter apfFilter = new TestApfFilter(ipManagerCallback, ALLOW_MULTICAST, mLog);
    apfFilter.setLinkProperties(lp);
    byte[] program = ipManagerCallback.getApfProgram();
    // Construct IPv4 and IPv6 multicast packets.
    ByteBuffer mcastv4packet = ByteBuffer.wrap(new byte[100]);
    mcastv4packet.putShort(ETH_ETHERTYPE_OFFSET, (short) ETH_P_IP);
    put(mcastv4packet, IPV4_DEST_ADDR_OFFSET, multicastIpv4Addr);
    ByteBuffer mcastv6packet = ByteBuffer.wrap(new byte[100]);
    mcastv6packet.putShort(ETH_ETHERTYPE_OFFSET, (short) ETH_P_IPV6);
    mcastv6packet.put(IPV6_NEXT_HEADER_OFFSET, (byte) IPPROTO_UDP);
    put(mcastv6packet, IPV6_DEST_ADDR_OFFSET, multicastIpv6Addr);
    // Construct IPv4 broadcast packet.
    ByteBuffer bcastv4packet1 = ByteBuffer.wrap(new byte[100]);
    bcastv4packet1.put(ETH_BROADCAST_MAC_ADDRESS);
    bcastv4packet1.putShort(ETH_ETHERTYPE_OFFSET, (short) ETH_P_IP);
    put(bcastv4packet1, IPV4_DEST_ADDR_OFFSET, multicastIpv4Addr);
    ByteBuffer bcastv4packet2 = ByteBuffer.wrap(new byte[100]);
    bcastv4packet2.put(ETH_BROADCAST_MAC_ADDRESS);
    bcastv4packet2.putShort(ETH_ETHERTYPE_OFFSET, (short) ETH_P_IP);
    put(bcastv4packet2, IPV4_DEST_ADDR_OFFSET, IPV4_BROADCAST_ADDRESS);
    // Construct IPv4 broadcast with L2 unicast address packet (b/30231088).
    ByteBuffer bcastv4unicastl2packet = ByteBuffer.wrap(new byte[100]);
    bcastv4unicastl2packet.put(TestApfFilter.MOCK_MAC_ADDR);
    bcastv4unicastl2packet.putShort(ETH_ETHERTYPE_OFFSET, (short) ETH_P_IP);
    put(bcastv4unicastl2packet, IPV4_DEST_ADDR_OFFSET, broadcastIpv4Addr);
    // Verify initially disabled multicast filter is off
    assertPass(program, mcastv4packet.array());
    assertPass(program, mcastv6packet.array());
    assertPass(program, bcastv4packet1.array());
    assertPass(program, bcastv4packet2.array());
    assertPass(program, bcastv4unicastl2packet.array());
    // Turn on multicast filter and verify it works
    ipManagerCallback.resetApfProgramWait();
    apfFilter.setMulticastFilter(true);
    program = ipManagerCallback.getApfProgram();
    assertDrop(program, mcastv4packet.array());
    assertDrop(program, mcastv6packet.array());
    assertDrop(program, bcastv4packet1.array());
    assertDrop(program, bcastv4packet2.array());
    assertDrop(program, bcastv4unicastl2packet.array());
    // Turn off multicast filter and verify it's off
    ipManagerCallback.resetApfProgramWait();
    apfFilter.setMulticastFilter(false);
    program = ipManagerCallback.getApfProgram();
    assertPass(program, mcastv4packet.array());
    assertPass(program, mcastv6packet.array());
    assertPass(program, bcastv4packet1.array());
    assertPass(program, bcastv4packet2.array());
    assertPass(program, bcastv4unicastl2packet.array());
    // Verify it can be initialized to on
    ipManagerCallback.resetApfProgramWait();
    apfFilter.shutdown();
    apfFilter = new TestApfFilter(ipManagerCallback, DROP_MULTICAST, mLog);
    apfFilter.setLinkProperties(lp);
    program = ipManagerCallback.getApfProgram();
    assertDrop(program, mcastv4packet.array());
    assertDrop(program, mcastv6packet.array());
    assertDrop(program, bcastv4packet1.array());
    assertDrop(program, bcastv4unicastl2packet.array());
    // Verify that ICMPv6 multicast is not dropped.
    mcastv6packet.put(IPV6_NEXT_HEADER_OFFSET, (byte) IPPROTO_ICMPV6);
    assertPass(program, mcastv6packet.array());
    apfFilter.shutdown();
}
Also used : LinkAddress(android.net.LinkAddress) ApfFilter(android.net.apf.ApfFilter) LinkProperties(android.net.LinkProperties) ByteBuffer(java.nio.ByteBuffer) LargeTest(android.test.suitebuilder.annotation.LargeTest)

Example 20 with ApfFilter

use of android.net.apf.ApfFilter in project android_frameworks_base by crdroidandroid.

the class ApfTest method testApfFilterIPv6.

@LargeTest
public void testApfFilterIPv6() throws Exception {
    MockIpManagerCallback ipManagerCallback = new MockIpManagerCallback();
    ApfFilter apfFilter = new TestApfFilter(ipManagerCallback, ALLOW_MULTICAST, mLog);
    byte[] program = ipManagerCallback.getApfProgram();
    // Verify empty IPv6 packet is passed
    ByteBuffer packet = ByteBuffer.wrap(new byte[100]);
    packet.putShort(ETH_ETHERTYPE_OFFSET, (short) ETH_P_IPV6);
    assertPass(program, packet.array());
    // Verify empty ICMPv6 packet is passed
    packet.put(IPV6_NEXT_HEADER_OFFSET, (byte) IPPROTO_ICMPV6);
    assertPass(program, packet.array());
    // Verify empty ICMPv6 NA packet is passed
    packet.put(ICMP6_TYPE_OFFSET, (byte) ICMP6_NEIGHBOR_ANNOUNCEMENT);
    assertPass(program, packet.array());
    // Verify ICMPv6 NA to ff02::1 is dropped
    put(packet, IPV6_DEST_ADDR_OFFSET, IPV6_ALL_NODES_ADDRESS);
    assertDrop(program, packet.array());
    // Verify ICMPv6 RS to any is dropped
    packet.put(ICMP6_TYPE_OFFSET, (byte) ICMP6_ROUTER_SOLICITATION);
    assertDrop(program, packet.array());
    put(packet, IPV6_DEST_ADDR_OFFSET, IPV6_ALL_ROUTERS_ADDRESS);
    assertDrop(program, packet.array());
    apfFilter.shutdown();
}
Also used : ApfFilter(android.net.apf.ApfFilter) ByteBuffer(java.nio.ByteBuffer) LargeTest(android.test.suitebuilder.annotation.LargeTest)

Aggregations

ApfFilter (android.net.apf.ApfFilter)21 LinkAddress (android.net.LinkAddress)12 LinkProperties (android.net.LinkProperties)12 LargeTest (android.test.suitebuilder.annotation.LargeTest)12 ByteBuffer (java.nio.ByteBuffer)12 SmallTest (android.test.suitebuilder.annotation.SmallTest)5 IndentingPrintWriter (com.android.internal.util.IndentingPrintWriter)4 IllegalInstructionException (android.net.apf.ApfGenerator.IllegalInstructionException)1 ErrnoException (android.system.ErrnoException)1 IOException (java.io.IOException)1 Random (java.util.Random)1