991693e023ddbf9f9da25e1fbb06c0fef71915a9 |
|
11-Sep-2013 |
Jeff Sharkey <jsharkey@android.com> |
Missing tethering stats isn't an error. When a device first boots, there won't be any tethering stats, which isn't an error. Continue checking for partial results. Bug: 5868832 Change-Id: Ic432f5f159320da9886d85c2525fa2cde8c67750
/system/netd/BandwidthController.cpp
|
0e540ec038dfdbcf5cba3d5b9b2765e1dcec062b |
|
27-Aug-2013 |
JP Abgrall <jpa@google.com> |
BandwidthController: fix bad flushing for bw_costly_* tables. Some of the bw_costly_<iface> rules would not get correctly flushed and cleared on netd re-start, which would cause a failure when trying to setup the bw_penalty_box as bw_costly_<iface> would reference it. The resulting symptom would be that bandwidth could not be re-enabled. Bug: 10183445 Change-Id: I79a8a73ae52e18b3bff8a58e47ac1aea2454ae63
/system/netd/BandwidthController.cpp
|
7e51cde19af016456fff750f745db8132f3124a5 |
|
03-Jul-2013 |
JP Abgrall <jpa@google.com> |
BandwidthController: prefix chains with bw_ Just a cleanup. Change-Id: Ic5afd7bd194fdcad604d533ba95e4c23b10b3e24
/system/netd/BandwidthController.cpp
|
af476f7b659beff8315a83f094ce697c5179dae6 |
|
03-Jul-2013 |
JP Abgrall <jpa@google.com> |
BandwidthController: allow UID 0 as a "special uid" The happy box needs to be able to let UID 0 (dhcp, ...) pass through. Bug: 6212480 Change-Id: I9867b7db4e5ad71cfb1170659d2d6a14ca9590be
/system/netd/BandwidthController.cpp
|
e478873947f995e44e8c559342462c177a420ae0 |
|
03-Jul-2013 |
JP Abgrall <jpa@google.com> |
BandwidthController: add support for "nice apps" and the "happy box" * ndc bandwidth happybox (enable | disable) - enable . creates a an empty happy_box chain which rejects all traffic from all UIDs by default. . Uses the penalty_box as a hook. Any costly_interface automatically gets the happy_box as it has a penalty_box. . any app UID not in the happy_box will be treated as if it was in the penalty_box (i.e. addnaughtyapps) . penalty_box (addnaughtyapps) still applies. - disable . removes the happy box. * ndc bandwidth addniceapps <appUid> ... - similar to addnaughtyapps, but for the happy_box * ndc bandwidth removeniceapps <appUid> ... - similar to removenaughtyapps, but for the happy_box Bug: 6212480 Change-Id: I1f10e8c6fa1b230c7b3bb070d88508e437589705
/system/netd/BandwidthController.cpp
|
a9ba4cba3369e07aae05607f82424cc0075c9c34 |
|
03-Jul-2013 |
JP Abgrall <jpa@google.com> |
BandwidthController: switch to generic handling for naughty apps. Rename some stuff in preparation for nice apps and the "happy box". Bug: 6212480 Change-Id: I637c4283695ac619533999beab4f88968580d2e4
/system/netd/BandwidthController.cpp
|
340d5ccf04d4d441d8dd1788a7925d0313038b7c |
|
29-Jun-2013 |
JP Abgrall <jpa@google.com> |
BandwidthController: reject with port-unreachable to prevent TCP retries. Currently the bandwidth controller will cut off traffic via an ICMP destination unreachable message with code "administratively prohibited". TCP's RFC1122 does not explicitly say what to do with it, but it does say to abort the transmission when "port-unreachable" is seen. Some servers keep on retrying with the "prohibited" ICMP message which keeps the radio longer awake as more packets come in. Bug: 9150002 Change-Id: I6eb1c3ae41c3890f26581a4b7464821b7ffb85f4
/system/netd/BandwidthController.cpp
|
baeccc455b293c2c83dbe6463f56b741177bd612 |
|
25-Jun-2013 |
JP Abgrall <jpa@google.com> |
netd: tethering stats: persistent + list-all support * Persistent stats Previously we would parse the iptables counters out of the FORWARD rules used for tethering. Those rules could come an go before they were parsed, which would cause us to incorrectly count traffic. Now we have separate counting rules (and quota2 counters) which persist beyond tethering. * Rename the iface0/iface1 Match NatControllers notions for tethering ifaces during enable. Detect weird call from userspace (until b/9565268 gets fixed), or else it leaves an ugly iptables state. * The commands affected: - ndc bandwidth gettetheringstats intIface extIface . no change from before: return a single stats line - ndc bandwidth gettetheringstats . return a list of results showing all tethered stats - ndc bandwidth gettetheringstats "" extIface - ndc bandwidth gettetheringstats intIface . return a list of results matching the tethering on the given interface. Bug: 9565268 Bug: 5868832 Change-Id: I8559d9a184abcffaf65998fb3cc8c9c50d46bf06
/system/netd/BandwidthController.cpp
|
109899bc63139c5260cb9a7dc409f92efaf2c4b7 |
|
13-Feb-2013 |
JP Abgrall <jpa@google.com> |
BandwidthController: fixup insertion pos in costly chain handling * Long time ago, setting an alert in a costly_<iface> chain required adding it just before the ACCEPT rule that was at the end. But since then the ACCEPT rule has been removed. This would cause the insert to pick the last position no matter what. Now we just append. * A naughty app in the penalty box could waste up quota on packets that would get dropped in the later penalty_box rule. Now we check the penalty_box before feeding it to the quota. Change-Id: Id4b6a7c020583f1cccc7dccde34c4b85d0fd9642
/system/netd/BandwidthController.cpp
|
c8dc63b14f5bcef34a23061c17d3bbe66df51429 |
|
14-Feb-2013 |
JP Abgrall <jpa@google.com> |
BandwidthController: correctly handle the iptables command exit code The return code from android_fork_execvp() needed to be massaged because a status ptr was passed in. Bug: 8185095 Change-Id: I205884f09b563dd729423a74f22fd5b8c2d59c64
/system/netd/BandwidthController.cpp
|
92009c8effc75c2d70a6c9a1ac33ba2c60b78820 |
|
07-Feb-2013 |
JP Abgrall <jpa@google.com> |
netd: BandwidthController: Allow tracking loopback interfaces In the past, loopback interfaces were of no use for bandwidth/datausage. We now don't treat loopback interfaces any differently. This will helps with CTS tests that checking the kernel's qtaguid functionality and the matching user-space handling. Change-Id: If307ceebc10f89269d1b051f666ec666e5e38d41
/system/netd/BandwidthController.cpp
|
14150215fcd9060c25a25930e85057df5904f6f6 |
|
24-Jan-2013 |
Rom Lemarchand <romlem@google.com> |
Replace custom logwrapper implementation with liblogwrap Use liblogwrap to provide logwrapper functionality instead of using netd's own implementation. Change-Id: I10e69aa95989f77c63b5b36825ee7c77fba48c88
/system/netd/BandwidthController.cpp
|
8e188ed5c989ddcc07f0f5e9839493c22d17e7b6 |
|
13-Jul-2012 |
Jeff Sharkey <jsharkey@android.com> |
Consolidate iptables chain management. Move creation and management of module iptables chains up into CommandListener, which gives better visibility into ordering. Change-Id: If0c94187c6e59a20840b035d7241057f45a0f74b
/system/netd/BandwidthController.cpp
|
29e8de22ad806bdcaa971ffeeb360c9f908aa346 |
|
03-May-2012 |
JP Abgrall <jpa@google.com> |
BandwidthController: Fix double counting Only have qtaguid only count in the bw_INPUT/bw_OUTPUT chains and not in the costly_* subchains. We don't use --goto anymore. Change-Id: I2eded2e0fa12b46843d32e74406cfeda85f242d1
/system/netd/BandwidthController.cpp
|
b1d24094c2c5d48bbb3dfad4a0551ff0bf77ce6c |
|
27-Apr-2012 |
JP Abgrall <jpa@google.com> |
BandwidthController: Avoid setting a uid multiple times in NaughtyApps Use the naughtyAppUids list before inserting a new app. Bug: 6292513 Change-Id: I6726b7d589569a6198b8a0ff32c32c0e40ed5319
/system/netd/BandwidthController.cpp
|
f66d6e9db6be3e94b80c59fab99e237d2e2968c5 |
|
27-Apr-2012 |
JP Abgrall <jpa@google.com> |
BandwidthController: hookup qtaguid for tracking closest to devices. Before, qtaguid would rely on netdev (up/down) callbacks to read out the dev rx/tx stats. Now it uses (raw) PREROUTING and (mangle) POSTROUTING iptable hooks. We use mangle on the out path because nat is not available in ipv6. The NatController only masquerades in nat POSTROUTING so we don't count traffic that might get dropped. Bug: 5444089 Change-Id: I997b8b3c81264a545f1f575baaf0445c0afc8f72
/system/netd/BandwidthController.cpp
|
ad729ac11e080b1f1bdd9cd32807d9ae74ce2a63 |
|
25-Apr-2012 |
JP Abgrall <jpa@google.com> |
bandwidthcontroller: hide iptables errors when they don't matter Some commands are run to be able to recover after failures. Those cleanup commands are generally allowed to fail. But the lower level system commands would log an error. Now that error is hidden if nobody will care about the result. A "#define LOG_NDEBUG 0" will show those failing commands. Removed leftover LOG_NDEBUG in CommandListener. Bug: 6377175 Change-Id: I1205fb077f7d0496969bd2a0b5da42025bc5a8dc
/system/netd/BandwidthController.cpp
|
0031cead820149e2fe3ccb3cc2fe05758a3cb5c2 |
|
18-Apr-2012 |
JP Abgrall <jpa@google.com> |
netd: Idletimer vs Nat vs Bandwidth controllers * modified iptables users to work in controller specific custom chains. - each controller only works withing his own custom chains and not the top level ones (INPUT, OUTPUT, FORWARD, POSTROUTING,...) - CommandListener now invokes setupIptablesHooks() for each controller once. That is the only time they are allowed to access the top-level chains. * Added idletimer controller. From https://android-git.corp.google.com/g/#/c/180769/2 - supported commands . ndc idletimer enable . ndc idletimer add <iface> <timeout> . ndc idletimer remove <iface> <timeout_used_during_add> There is a framework change elsewhere that receives netlink messages. Signed-off-by: Ashish Sharma <ashishsharma@google.com> Signed-off-by: JP Abgrall <jpa@google.com> Change-Id: Ia57450c09166ce20f21d1e3b49047ef1e98f2a3d
/system/netd/BandwidthController.cpp
|
c4bbfa247dbe4dda17e28694d49afd3ec0b06bad |
|
06-Mar-2012 |
Glenn Kasten <gkasten@google.com> |
Remove reference to hard-coded cpuctl path for bg As part of scheduling policy cleanup, remove/isolate references to the scheduling policy files and APIs. In this case, logwrap is not used currently due to bug 5144246, and even if it were the "background" parameter was 0. Change-Id: Ibf7fa2617a0e485c9868b22b378636728d16622a
/system/netd/BandwidthController.cpp
|
c2b26cb83d9bf3f91e986625efcc40fc8eb79a13 |
|
23-Feb-2012 |
Nick Kralevich <nnk@google.com> |
BandwidthController: fix format string bugs In 876666947664c718a8d0cae9bbddb06cc91f912c, a new %s was added to ALERT_IPT_TEMPLATE. Not all users of this string were updated. This change modifies ALERT_IPT_TEMPLATE to be a #define, which allows gcc's format string detection work. Add -Werror=format to error out on any string format warning. Testing: Code compiles. I don't know how to test this change properly. Bug: 5948299 Change-Id: I0ec307972e6bf50abd8ba099166c22069a6c6580
/system/netd/BandwidthController.cpp
|
053a99cef7b6d87a52216df7845b225703c74462 |
|
19-Jan-2012 |
Kazuhiro Ondo <kazuhiro.ondo@motorola.com> |
am b210b180: am 4ab46857: Add back hook for inserting OEM specific iptables rules. * commit 'b210b1806c740bf66eb04eb8e8d8ee75c01652dd': Add back hook for inserting OEM specific iptables rules.
|
4ab468577647d1ee73810b89d2287eaa5546fecb |
|
12-Jan-2012 |
Kazuhiro Ondo <kazuhiro.ondo@motorola.com> |
Add back hook for inserting OEM specific iptables rules. The functionality was lost during merge in ICS branch. This patch is adding back OEM iptables hook in netd. Bug:5862460 Change-Id: I9444b8c53e8b84fea2002c2c1d9ba42e45ae5f0c
/system/netd/BandwidthController.cpp
|
5ea0c05a1e7d8e664b808aa1bb1efd08fdb2fb13 |
|
06-Jan-2012 |
Steve Block <steveblock@google.com> |
Rename (IF_)LOGE(_IF) to (IF_)ALOGE(_IF) DO NOT MERGE See https://android-git.corp.google.com/g/#/c/157220 Bug: 5449033 Change-Id: I8ab66debe4d0c3857a4b80f6f7b6925a352cda87
/system/netd/BandwidthController.cpp
|
447dacddaccf9f4b723ca53346349bf2039527f5 |
|
15-Dec-2011 |
JP Abgrall <jpa@google.com> |
am 9e5e0ce6: netd: fix argument interpretation bug * commit '9e5e0ce62e88ddf9a09798eda51b0c270d354c8e': netd: fix argument interpretation bug
|
9e5e0ce62e88ddf9a09798eda51b0c270d354c8e |
|
15-Dec-2011 |
JP Abgrall <jpa@google.com> |
netd: fix argument interpretation bug While working around the logwrap() issue, it was replaced with system() which could lead to various commands getting misinterpreted. We now use a system() equivalent that doesn't use "sh -c". Bug:5758556 Change-Id: I2599b526ac34bcfca18d05261286d902d547efda
/system/netd/BandwidthController.cpp
|
a2a64f004f1677daf16b0b03d589d6572ec547c2 |
|
12-Nov-2011 |
JP Abgrall <jpa@google.com> |
netd: BandwidthController: return extra info on gettetherstats failure Use the error message string to report the raw parsed data in case of failure. Bug:5543131 Change-Id: If9f3bcea09fd3ab8a506955d8153b3430bfd239c
/system/netd/BandwidthController.cpp
|
3fb42e026ffebab2c8f282e42501040121e32d83 |
|
20-Oct-2011 |
Steve Block <steveblock@google.com> |
Rename LOGV(_IF) to ALOGV(_IF) DO NOT MERGE See https://android-git.corp.google.com/g/#/c/143865 Bug: 5449033 Change-Id: Iaf07eecf106fda89c464723661976f4570638558
/system/netd/BandwidthController.cpp
|
c6c673496184bed6d62cf92a6fc7ed43fd94acd5 |
|
08-Oct-2011 |
JP Abgrall <jpa@google.com> |
netd: bandwidth: tethering global alert support Now, when nat is enabled/disabled it will let the bandwidthcontroller know that it might need to add/remove the matching global alert into the tethering rules in the FORWARD chain of iptables. Bug: 5336638 Change-Id: I1843f3f6601f371537f754a31db792e054b36a1d
/system/netd/BandwidthController.cpp
|
db7da58e8d2aa021060098057f944ef754be06e3 |
|
18-Sep-2011 |
JP Abgrall <jpa@google.com> |
netd: BandwidthController: support reading out tethering stats * Add ndc bandwidth gettetherstats <ifaceIn> <ifaceOut> which returns 221 ifaceIn ifaceOut rx_bytes rx_packets tx_bytes tx_packets If the iface pair is not found it will fail. 221 is the new response code for TetheringStatsResult. It gets the stats by looking at the iptables FORWARD chain's counters. * Fixed return handling after some of the responses. - no need for errorno - after ResponseCode >= 200, don't return another. * Correctly initialize the alert values on "bandwidth enable" Bug: 5244846,5230066 Change-Id: I81c941441525fa4055ae270d5cad05e6c42b8f72
/system/netd/BandwidthController.cpp
|
876666947664c718a8d0cae9bbddb06cc91f912c |
|
08-Sep-2011 |
JP Abgrall <jpa@google.com> |
netd: BandwidthController: exclude loopback in all alert rules. Have the alerts explicitly request "not loopback". Change-Id: I7a569292e630c2b8ec76489643741f53ab85b84e
/system/netd/BandwidthController.cpp
|
11b4e9b26fe7b878992162afb39f5a8acfd143ed |
|
12-Aug-2011 |
JP Abgrall <jpa@google.com> |
netd: all: use system() instead of logwrap() for now. The logwrapper uses a blocking read() which does not always correctly detect when the child process at the other end is gone. This is a quick workaround for http://b/5144246 A cleaner logwrapper parent() will follow. Add support for BandwidthController() to use either system() or logwrap(). It looks at "persist.bandwidth.uselogwrap" to be 0 or 1. Change-Id: I2d17732214f1a7fef6838eee05d827695b707ab0 Signed-off-by: JP Abgrall <jpa@google.com>
/system/netd/BandwidthController.cpp
|
8a93272255f1b7e3083a97e1e28ddf675c0c7fb0 |
|
14-Jul-2011 |
JP Abgrall <jpa@google.com> |
netd: bandwidthcontroler: add support for alerts via iptables' quota2 log messages * Fix quota2 updating. The old insert-new/delete-old scheme doesn't work as the kernel keeps the old counter assigned to the new rule. * Add support for setting dummy quotas used only for alerts. This needs: - new kernel with quota2 changes that support logging via NETLINK's NETLINK_NFLOG family. - NetlinkManager support for receiving the events. - java land handler for these new events. * new commands - add/remove a dummy quota to generate an alert after <bytes> are seen including loopback. alerts are only triggered once. . ndc bandwidth setglobalalert <bytes> calling it multiple times, just re-arms the alert for the specified number of bytes. Use "ndc bandwidth getiquota singleAlert" to get what is left. . ndc bandwidth removeglobalalert - add/remove alert on a shared quota (similar accounting as shared quota) . ndc bandwidth setsharedalert <bytes> Requires that a shared quota already exist. . ndc bandwidth removesharedalert Removing the last of the shared quotas will remove the matching alert. - add/remove alert on an interface (similar accounting as interface quota) . ndc bandwidth setinterfacealert <iface> <bytes> Requires that a interface quota already exist. . ndc bandwidth removeinterfacealert <iface> Removing the interface quota will remove the matching alert. - get the quotas and alert leftovers . ndc bandwidth getquota shared quota leftover . ndc bandwidth getiquota <quota_name_or_iface> iface specific quota leftover Can be used to read-out alerts. E.g. setglobalalert 12345 -> getiquota globalAlert setsharedalert 12345 -> getiquota sharedAlert setinterfacealert iface0 12345 -> getiquota iface0Alert Change-Id: Iea9698b9d20e713281755dac32b4772a6cf0e84e
/system/netd/BandwidthController.cpp
|
bfa7466b328101a8b04807f26e85c84526c9a774 |
|
30-Jun-2011 |
JP Abgrall <jpa@google.com> |
netd: bandwidthcontroller: use named quotas (via quota2) Replace using the "quota" with "quota2". Quota2 is SMP-safe, and allows sharing a quota between protocols. Bug: 4646092 Change-Id: I69b1dd6d2c5c3b39cf0df175369ae5a28843d489 Signed-off-by: JP Abgrall <jpa@google.com>
/system/netd/BandwidthController.cpp
|
39f8f24246a5dac21be5cc5e32c0f395ee803766 |
|
30-Jun-2011 |
JP Abgrall <jpa@google.com> |
bandwidthcontroller: brute-force cleanup to catch costly_<iface> chains. To help with development, where re-enable is used as a cleanup mechanism we no remove ALL user chains. Normally we only expect costly, penalty_box, and costly_<iface>. If in the future we have more chains outside of those, this will need revisiting. Change-Id: I45e504bc1fe4ad973c00308967a474c73e959666
/system/netd/BandwidthController.cpp
|
a9f802c23f4c2c53fa1065b75f712ce46f384c3a |
|
30-Jun-2011 |
JP Abgrall <jpa@google.com> |
netd: bandwidthcontroller: fix removeiquota. remove excessive LOGD. When doing ndc bandwidth setiquota rmnet0 1235 ndc bandwidth removeiquota rmnet0 the remove would not cleanup the costly_rmnet0 chain. Bug: 4975613 Change-Id: Ie2a593de78613dcf6833165c45fef75adf57ee23 Signed-off-by: JP Abgrall <jpa@google.com>
/system/netd/BandwidthController.cpp
|
26e0d49fa743d7881104196a9eda733bd2aac92f |
|
25-Jun-2011 |
JP Abgrall <jpa@google.com> |
netd: bandwidthcontroller: cleanup bool usage for readability. replace stuff like: f(buff, true, false) -> f(buff, ActionA, CaseD) Change-Id: I8ff1d84f077d8f57263ecb7937b3f2caca86284b
/system/netd/BandwidthController.cpp
|
0dad7c2f1f6994fbe5e85b9e1fc72d29d6453211 |
|
24-Jun-2011 |
JP Abgrall <jpa@google.com> |
BandwidthController: cleanup ipv4/v6, set/remove multiple quotas. Regroup the ipv4/ipv6 choice deeper down to avoid copypasted code. Shared quota accross ifaces. Single quota per ifaces. Nothing preventing an iface from have a single and shared quota. Might be close to having a working combination. Added commands: - shared quota ndc bandwidth setquotas <quotaBytes> <iface> ... ndc bandwidth setquota <iface> <quotaBytes> ndc bandwidth removequota <iface> ndc bandwidth removequotas <iface> ... - quota per iface ndc bandwidth setiquota <iface> <quotaBytes> ndc bandwidth removeiquota <iface> Change-Id: I370d223da3c8b6e16e8d0a455309ae9e0756a721
/system/netd/BandwidthController.cpp
|
fa6f46d3370ae5475fc3bc8273bbe04ee7348d60 |
|
18-Jun-2011 |
JP Abgrall <jpa@google.com> |
netd:bandwidth: initial pass at app-rules, and some ipv6. Adds initial per-app penalty box rules, and prepares for handling per iface quota. The following commands work: * penalty box ndc bandwidth addnaughtyapps <uid> ... ndc bandwidth removenaughtyapps <uid> ... * Shared quota - add (updates the bytes, if they differ from last time) ndc bandwidth setquota <iface> <bytes> ndc bandwidth setquota <iface1> <bytes> ndc bandwidth setquota <iface2> <bytes> - remove ndc bandwidth removequota <iface> [ oldschool: ndc bandwidth setquota <iface> -1 ] Change-Id: Ibefc16e81c7713feb47577a9687dcd032dedf06e
/system/netd/BandwidthController.cpp
|
4a5f5ca3c9e07fc3e6feca2afde07f41a8a64f11 |
|
16-Jun-2011 |
JP Abgrall <jpa@google.com> |
system/netd: bandwidth management initial support (uid+tag stats) This is a minimalistic version to get accounting of data going through tagged socket per uid. When netd starts up the BandwidthController, it will look at the properties for persist.bandwidth.enable=1 and enabled it. It needs the kernel with the xt_qtaguid + iptables/netfilter goodness. stlport is ok to use. The "owner" netfilter module used is actually our xt_qtaguid that acts as it (just until we get around to talking directly the to kernel). Once "ndc bandwidth enable" is invoked all traffic is counted against the UIDs receiving/sending it. This allows BlockGuard.java to "tag" sockets and see stats for the tags. Data shows up in /proc/net/xt_qtaguid/stats /proc/net/xt_qtaguid/iface_stat/<iface>/ rx_packets_tcp rx_bytes_tcp ... There is no <uid>/... Supported commands: - "ndc bandwidth enable" will setup the needed iptable entries to track tag/uid. - "ndc bandwidth disable" will remove the iptable entries. - "ndc bandwidth setquota <iface> <value>" will set a quota on the iface. Once quota is reached, packets are rejected. With the correct kernel, rejects are turned in socket errors. TODO ---- * make bandwidth controller cooperate with tethering. - they both manipulate the iptables. Change-Id: Ieb9e7c60ef8c974e99828f7833065d59b2922bf3
/system/netd/BandwidthController.cpp
|