Pass all ARP requests when there is no IPv4 address and no CLAT
Modified ARP filter logic to allow all ARP requests when not using CLAT
and lacking an IPv4 address, preventing potential race conditions with
DHCP.
Test: TH
Change-Id: I9444b363710350132451d752c8ad1663a49bac15
diff --git a/src/android/net/apf/ApfFilter.java b/src/android/net/apf/ApfFilter.java
index a040eb3..0e22cbe 100644
--- a/src/android/net/apf/ApfFilter.java
+++ b/src/android/net/apf/ApfFilter.java
@@ -1539,9 +1539,8 @@
// Drop if ARP REQUEST and we do not have an IPv4 address
gen.addCountAndDrop(Counter.DROPPED_ARP_REQUEST_NO_ADDRESS);
}
- gen.addLoad32(R0, ARP_TARGET_IP_ADDRESS_OFFSET);
- gen.addCountAndDropIfR0Equals(IPV4_ANY_HOST_ADDRESS,
- Counter.DROPPED_ARP_REQUEST_ANYHOST);
+ // If we're not clat, and we don't have an ipv4 address, allow all ARP request to avoid
+ // racing against DHCP.
} else {
// When there is an IPv4 address, drop unicast/broadcast requests with a different
// target IPv4 address.
diff --git a/tests/unit/src/android/net/apf/ApfTest.java b/tests/unit/src/android/net/apf/ApfTest.java
index 3ba0c76..2169496 100644
--- a/tests/unit/src/android/net/apf/ApfTest.java
+++ b/tests/unit/src/android/net/apf/ApfTest.java
@@ -1999,7 +1999,7 @@
// Verify ARP request packet
assertPass(program, arpRequestBroadcast(MOCK_IPV4_ADDR));
assertVerdict(filterResult, program, arpRequestBroadcast(ANOTHER_IPV4_ADDR));
- assertDrop(program, arpRequestBroadcast(IPV4_ANY_HOST_ADDR));
+ assertVerdict(filterResult, program, arpRequestBroadcast(IPV4_ANY_HOST_ADDR));
// Verify ARP reply packets from different source ip
assertDrop(program, arpReply(IPV4_ANY_HOST_ADDR, IPV4_ANY_HOST_ADDR));
