Add documentation for TCP interactions with transforms

Updates API documentation to mention that TCP sockets where transforms are deactivated will not send FIN packets. Bug: 74851550 Test: API updates only Change-Id: I8169f221c8c747538a8bddfbf02dcc73c9337189
author: Benedict Wong <benedictwong@google.com> 2018-03-14 19:01:14 -0700
committer: Benedict Wong <benedictwong@google.com> 2018-03-26 11:33:05 -0700
commit: 7d31a2f3579eff80c3cef07feadf77dbfcbfcd17 (patch)
tree: 383ee24235d76e20ae26427844c573a0abaa9061
parent: 21954067bac06bd37851ee9d37d2400d079d3bec (diff)
1 files changed, 26 insertions, 0 deletions
diff --git a/core/java/android/net/IpSecManager.java b/core/java/android/net/IpSecManager.java
index b60984771a2d..246d1e1860a5 100644
--- a/core/java/android/net/IpSecManager.java
+++ b/core/java/android/net/IpSecManager.java
@@ -299,6 +299,19 @@ public final class IpSecManager {
      * will throw IOException if the user deactivates the transform (by calling {@link
      * IpSecTransform#close()}) without calling {@link #removeTransportModeTransforms}.
      *
+     * <p>Note that when applied to TCP sockets, calling {@link IpSecTransform#close()} on an
+     * applied transform before completion of graceful shutdown may result in the shutdown sequence
+     * failing to complete. As such, applications requiring graceful shutdown MUST close the socket
+     * prior to deactivating the applied transform. Socket closure may be performed asynchronously
+     * (in batches), so the returning of a close function does not guarantee shutdown of a socket.
+     * Setting an SO_LINGER timeout results in socket closure being performed synchronously, and is
+     * sufficient to ensure shutdown.
+     *
+     * Specifically, if the transform is deactivated (by calling {@link IpSecTransform#close()}),
+     * prior to the socket being closed, the standard [FIN - FIN/ACK - ACK], or the reset [RST]
+     * packets are dropped due to the lack of a valid Transform. Similarly, if a socket without the
+     * SO_LINGER option set is closed, the delayed/batched FIN packets may be dropped.
+     *
      * <h4>Rekey Procedure</h4>
      *
      * <p>When applying a new tranform to a socket, the previous transform will be removed. However,
@@ -364,6 +377,19 @@ public final class IpSecManager {
      * will throw IOException if the user deactivates the transform (by calling {@link
      * IpSecTransform#close()}) without calling {@link #removeTransportModeTransforms}.
      *
+     * <p>Note that when applied to TCP sockets, calling {@link IpSecTransform#close()} on an
+     * applied transform before completion of graceful shutdown may result in the shutdown sequence
+     * failing to complete. As such, applications requiring graceful shutdown MUST close the socket
+     * prior to deactivating the applied transform. Socket closure may be performed asynchronously
+     * (in batches), so the returning of a close function does not guarantee shutdown of a socket.
+     * Setting an SO_LINGER timeout results in socket closure being performed synchronously, and is
+     * sufficient to ensure shutdown.
+     *
+     * Specifically, if the transform is deactivated (by calling {@link IpSecTransform#close()}),
+     * prior to the socket being closed, the standard [FIN - FIN/ACK - ACK], or the reset [RST]
+     * packets are dropped due to the lack of a valid Transform. Similarly, if a socket without the
+     * SO_LINGER option set is closed, the delayed/batched FIN packets may be dropped.
+     *
      * <h4>Rekey Procedure</h4>
      *
      * <p>When applying a new tranform to a socket, the previous transform will be removed. However,
author	Benedict Wong <benedictwong@google.com>	2018-03-14 19:01:14 -0700
committer	Benedict Wong <benedictwong@google.com>	2018-03-26 11:33:05 -0700
commit	7d31a2f3579eff80c3cef07feadf77dbfcbfcd17 (patch)
tree	383ee24235d76e20ae26427844c573a0abaa9061
parent	21954067bac06bd37851ee9d37d2400d079d3bec (diff)