baeccc455b293c2c83dbe6463f56b741177bd612 |
|
25-Jun-2013 |
JP Abgrall <jpa@google.com> |
netd: tethering stats: persistent + list-all support * Persistent stats Previously we would parse the iptables counters out of the FORWARD rules used for tethering. Those rules could come an go before they were parsed, which would cause us to incorrectly count traffic. Now we have separate counting rules (and quota2 counters) which persist beyond tethering. * Rename the iface0/iface1 Match NatControllers notions for tethering ifaces during enable. Detect weird call from userspace (until b/9565268 gets fixed), or else it leaves an ugly iptables state. * The commands affected: - ndc bandwidth gettetheringstats intIface extIface . no change from before: return a single stats line - ndc bandwidth gettetheringstats . return a list of results showing all tethered stats - ndc bandwidth gettetheringstats "" extIface - ndc bandwidth gettetheringstats intIface . return a list of results matching the tethering on the given interface. Bug: 9565268 Bug: 5868832 Change-Id: I8559d9a184abcffaf65998fb3cc8c9c50d46bf06
/system/netd/NatController.cpp
|
659692a56cca02822a43b792baba2632d39eb739 |
|
15-Mar-2013 |
JP Abgrall <jpa@google.com> |
NAT: Disable FORWARD by default and set postroute before FORWARD. [Adaptation from https://android-review.googlesource.com/#/c/50223 ] For NAT table, only the first packet of data flow hits the rules in this table. If forward is enabled before postrouting in NAT, packet may be forwarded without hit rules in NAT table. Phone will not get responses for such packets because source IP address is not translated. How to reproduce: 1) Enable usb tethering; 2) Start ping test on PC; 3) Disable data on Phone; 4) NAT is disabled since data service is lost; 5) Enable data on Phone; 6) Ping can not recover on PC; 7) Capture tcpdump data on phone, source IP Address is not translated for ICMP packets. Test result: Run steps 1-5 in "How to reproduce", Ping session on PC can be recovered after data is enabled. CQ00027191 Change-Id: I1c3bcbb3d69eb7e2f61d720fa17086ee0da22fa0
/system/netd/NatController.cpp
|
4ae80dea9cbf1fe1b33037aeb5feb04daeba8ee0 |
|
15-Mar-2013 |
JP Abgrall <jpa@google.com> |
NatController: refactor some code wrt sequences of commands This will help when adding/removing commands. Change-Id: I154fb3d7064acddc3e067d60f225ecab6ea57ddb
/system/netd/NatController.cpp
|
001f0a436e9fe0353dccd98ee34b91095d9ed1a1 |
|
31-Jan-2013 |
Rom Lemarchand <romlem@google.com> |
Replace system_nosh call with android_fork_execvp Replace the system_nosh call with the android_fork_execvp from liblogwrap. Change-Id: Idfbc6bcf0bef16d4ee90d6af6bd4b07bc79913bb
/system/netd/NatController.cpp
|
8e188ed5c989ddcc07f0f5e9839493c22d17e7b6 |
|
13-Jul-2012 |
Jeff Sharkey <jsharkey@android.com> |
Consolidate iptables chain management. Move creation and management of module iptables chains up into CommandListener, which gives better visibility into ordering. Change-Id: If0c94187c6e59a20840b035d7241057f45a0f74b
/system/netd/NatController.cpp
|
458f318280c3b98d84958c63899c949c71612b1a |
|
25-Apr-2012 |
JP Abgrall <jpa@google.com> |
netd: NatController: don't setup iptables hooks in constructor. iptables top-level chain updates should happen within CommandListener() when it invokes the various modules' setupIptablesHooks(). And remove the extra DROP rule. Change-Id: I33d2cfbd5444516f855ff85152c472352944cc77
/system/netd/NatController.cpp
|
0031cead820149e2fe3ccb3cc2fe05758a3cb5c2 |
|
18-Apr-2012 |
JP Abgrall <jpa@google.com> |
netd: Idletimer vs Nat vs Bandwidth controllers * modified iptables users to work in controller specific custom chains. - each controller only works withing his own custom chains and not the top level ones (INPUT, OUTPUT, FORWARD, POSTROUTING,...) - CommandListener now invokes setupIptablesHooks() for each controller once. That is the only time they are allowed to access the top-level chains. * Added idletimer controller. From https://android-git.corp.google.com/g/#/c/180769/2 - supported commands . ndc idletimer enable . ndc idletimer add <iface> <timeout> . ndc idletimer remove <iface> <timeout_used_during_add> There is a framework change elsewhere that receives netlink messages. Signed-off-by: Ashish Sharma <ashishsharma@google.com> Signed-off-by: JP Abgrall <jpa@google.com> Change-Id: Ia57450c09166ce20f21d1e3b49047ef1e98f2a3d
/system/netd/NatController.cpp
|
d14fd4f83ffeea4ad1cd559a41f775f6814565cc |
|
12-Jan-2012 |
Jaime A Lopez-Sollano <jaimel@quicinc.com> |
Increase the valid name of the iface to IFNAMSIZ Define MAX_IFACE_LENGTH as IFNAMSIZ instead of 10, to prevent netd from treating an interface name 'rmnet_sdio0' as invalid. Also fix an off-by-one error. Change-Id: If6b2b27d2da6eb72f01c090cbe4f7dc2b9c296ae
/system/netd/NatController.cpp
|
c462177bd58e3bf0ac4f618934dae060569e3e0b |
|
31-Jan-2012 |
Robert Greenwalt <rgreenwalt@google.com> |
Keep better tabs on secondary tables. We had some places (NatController) where routes were being set but not accounted for in the number-of-routes talley so we could end up thinking the table was empty and not clean up after ourselves properly. Also consolidated constants. bug:5917475 Change-Id: I98a41d433e1d4b4ca6692fb2328e2c9afc828145
/system/netd/NatController.cpp
|
053a99cef7b6d87a52216df7845b225703c74462 |
|
19-Jan-2012 |
Kazuhiro Ondo <kazuhiro.ondo@motorola.com> |
am b210b180: am 4ab46857: Add back hook for inserting OEM specific iptables rules. * commit 'b210b1806c740bf66eb04eb8e8d8ee75c01652dd': Add back hook for inserting OEM specific iptables rules.
|
4ab468577647d1ee73810b89d2287eaa5546fecb |
|
12-Jan-2012 |
Kazuhiro Ondo <kazuhiro.ondo@motorola.com> |
Add back hook for inserting OEM specific iptables rules. The functionality was lost during merge in ICS branch. This patch is adding back OEM iptables hook in netd. Bug:5862460 Change-Id: I9444b8c53e8b84fea2002c2c1d9ba42e45ae5f0c
/system/netd/NatController.cpp
|
5ea0c05a1e7d8e664b808aa1bb1efd08fdb2fb13 |
|
06-Jan-2012 |
Steve Block <steveblock@google.com> |
Rename (IF_)LOGE(_IF) to (IF_)ALOGE(_IF) DO NOT MERGE See https://android-git.corp.google.com/g/#/c/157220 Bug: 5449033 Change-Id: I8ab66debe4d0c3857a4b80f6f7b6925a352cda87
/system/netd/NatController.cpp
|
9e5e0ce62e88ddf9a09798eda51b0c270d354c8e |
|
15-Dec-2011 |
JP Abgrall <jpa@google.com> |
netd: fix argument interpretation bug While working around the logwrap() issue, it was replaced with system() which could lead to various commands getting misinterpreted. We now use a system() equivalent that doesn't use "sh -c". Bug:5758556 Change-Id: I2599b526ac34bcfca18d05261286d902d547efda
/system/netd/NatController.cpp
|
063af322b48ab1bb0c3e09eb0b64915ba568275b |
|
19-Nov-2011 |
Robert Greenwalt <rgreenwalt@google.com> |
Fix some syntax issues with IP command. Was not building secondary tables properly. Also IPv6 host routes were failing. bug:5615697 Change-Id: I0d5ad2ed7d13e4d5bd8c2f8ce15fc0ccb36a4690
/system/netd/NatController.cpp
|
fc97b82e02979f246d56a4bfd60e4aab8686d3f6 |
|
03-Nov-2011 |
Robert Greenwalt <rgreenwalt@google.com> |
Start using IP tool for advanced routing. bug:5495862 bug:5396842 Change-Id: I51f21060947f57e63b18c4d35e9d49fac488d48a
/system/netd/NatController.cpp
|
f7bf29c8a37d65e132a4dceb7c5a4200ed5c3d79 |
|
02-Nov-2011 |
Robert Greenwalt <rgreenwalt@google.com> |
When un-natting try to do all we can Regardless of errors we should try to do as much as possible. Sometimes some steps may fail if interfaces are taken down before we can un-nat them. bug:5536516 Change-Id: I9c9b0123198dba890565e0a6e4e15add16b369c2
/system/netd/NatController.cpp
|
11b4e9b26fe7b878992162afb39f5a8acfd143ed |
|
12-Aug-2011 |
JP Abgrall <jpa@google.com> |
netd: all: use system() instead of logwrap() for now. The logwrapper uses a blocking read() which does not always correctly detect when the child process at the other end is gone. This is a quick workaround for http://b/5144246 A cleaner logwrapper parent() will follow. Add support for BandwidthController() to use either system() or logwrap(). It looks at "persist.bandwidth.uselogwrap" to be 0 or 1. Change-Id: I2d17732214f1a7fef6838eee05d827695b707ab0 Signed-off-by: JP Abgrall <jpa@google.com>
/system/netd/NatController.cpp
|
6ccebd085f8df439447ffe6060206a0a5af8d448 |
|
04-Aug-2011 |
Robert Greenwalt <rgreenwalt@google.com> |
am e98a5816: am 6e4d5db1: Fix two error-case unwinders. * commit 'e98a581641a233fd048bf76f68650b627ef546e5': Fix two error-case unwinders.
|
6e4d5db1b11f808bb4bdcc8dd45a7158c6c88515 |
|
04-Aug-2011 |
Robert Greenwalt <rgreenwalt@google.com> |
Fix two error-case unwinders. Noticed by moto, I missed to calls to actually do the unwinding. Change-Id: Ie4da4979a3ad0eedcb6d468fecdff6614b1819bd
/system/netd/NatController.cpp
|
49012139e14e5f9cc4e452716e8164c3e7cfd9de |
|
02-Aug-2011 |
Robert Greenwalt <rgreenwalt@google.com> |
am 69a5b777: am ddb9f6eb: Add DROP rule for INVALID packets. * commit '69a5b7777f67f6d5ad9dbd33758332c7b0104613': Add DROP rule for INVALID packets.
|
ddb9f6eb8d8c35f46c1e3da68f375b85903e85c9 |
|
02-Aug-2011 |
Robert Greenwalt <rgreenwalt@google.com> |
Add DROP rule for INVALID packets. bug:5094583 Change-Id: Ib942c557e7f2694b6ee18cc6562df597165894ce
/system/netd/NatController.cpp
|
4309f87d5baa54a2741f35e0cb09959c55ff1ab6 |
|
30-Jul-2011 |
Wink Saville <wink@google.com> |
DO NOT MERGE: Update OEM iptable hooks and ip fwd This is a squash of two changes from partner repo: Clean up OEM iptables hooks Id: Ife7a1c08ca88beba2dede776d2e4dd6097dad05a And Add hooks for OEM iptables rules and IP fwd - Useful for integrating peripherals that use IP for control and diagnostics. - Add hooks for specifying static iptables rules at startup. - Add system prop to keep IP forwarding enabled all the time. - Remove the ro.bootmode=bp-tools hacks. Id: Ic70d4c88179c530414505976193bf616037500a6 Bug: 5045218 Change-Id: I4229d3576426880b68ac448f9fbb67f2f8f304a0
/system/netd/NatController.cpp
|
d80e94ca116224bf52925a1503ced6f257cb88d6 |
|
23-Jun-2011 |
JP Abgrall <jpa@google.com> |
DO NOT MERGE: NatController: remove flushing the INPUT/OUTPUT tables. DO NOT MERGE: cherry-pick from master, as oem's will be updating this file in HC. It doesn't use them, so it should not have to flush them. This is a minimalistic attempt to cooperate with the BandwidthController. Change-Id: Ia175a86403adf034ac6f44d7ebc4ebe941881368
/system/netd/NatController.cpp
|
2ad297402daa97238e3fb099fe547e2c0b2cdc4b |
|
23-Jun-2011 |
JP Abgrall <jpa@google.com> |
NatController: remove flushing the INPUT/OUTPUT tables. It doesn't use them, so it should not have to flush them. This is a minimalistic attempt to cooperate with the BandwidthController. Change-Id: Ia175a86403adf034ac6f44d7ebc4ebe941881368
/system/netd/NatController.cpp
|
ac208608c9e10ef199fdd11c38a31675ee9290c0 |
|
28-May-2011 |
John Michelau <john.michelau@motorola.com> |
Do not wipe all netd iptables rules in test mode The NatController fail-safe which flushes the iptables when the ref count reaches zero unintentionally wipes out all static rules setup by init in bp-tools test mode. Doing this flush is not necessary. Change-Id: I37890e79cd701aa2e970958a246dfe7514a65c47
/system/netd/NatController.cpp
|
ff2c0d8c13457e43f0d4bf06d3177271aac104c1 |
|
17-Nov-2010 |
Olivier Bailly <olivier@google.com> |
Add missing include headers for compilation on x86 targets. Change-Id: I99f7b79bfb5b6305a0772f418a54ace50cac1bbe
/system/netd/NatController.cpp
|
b5ff9b277f256df84caf3d798ccc83b4740a1d31 |
|
13-Oct-2010 |
Paul Eastham <eastham@google.com> |
Remove STOPSHIP comment Change-Id: I2d42d6ddb16f88929b5edeeeb653feca8348e804
/system/netd/NatController.cpp
|
210b97745e14830cdb1f29ee1109e6e516f4e6f6 |
|
25-Mar-2010 |
Robert Greenwalt <robdroid@android.com> |
Fix bug in NATing code. Silly errors in refcount logic did the wrong thing. Change-Id: I2cfc208615258397501450717cfcb7eb0386c9d4
/system/netd/NatController.cpp
|
1caafe66a6b927fa5d8eb4c59ec9eb48b0b1b075 |
|
24-Mar-2010 |
Robert Greenwalt <robdroid@android.com> |
Make NATing add/remove iptable rules as needed It was flushing on every unNAT, but really you want to remove just those rules. We'll Flush when we get to 0 NATs. bug: 2542176 Change-Id: Ia70580191b1aed754689864044de122234346011
/system/netd/NatController.cpp
|
9ff78fb7da7158f5bd7c86d89a842691820259cf |
|
19-Jan-2010 |
San Mehat <san@google.com> |
netd: Add primitive NAT control Update: Add stub function to validate interface existance Signed-off-by: San Mehat <san@google.com>
/system/netd/NatController.cpp
|