| cda022e61c37cc6e6bd863c5a6525108e3789ca8 |
|
02-Feb-2017 |
Lorenzo Colitti <lorenzo@google.com> |
Further speed up creating child chains.
Currently createChildChain creates and adds child chains by using
-F -X -N and -A iptables commands. This guarantees that the child
chains are emtpy. are guaranteed to be empty. Therefore, it is
safe to create all the child chains with a single
iptables-restore command that flushes all the child chains and
appends them to the parent chain.
This makes it possible to create chains quickly even if the
parent chain is touched by vendor code and thus cannot be safely
flushed.
This substantially speeds up netd startup. Before:
02-03 12:52:47.786 492 492 I Netd : Creating child chains: 1543.5ms
02-03 12:52:48.103 492 492 I Netd : Netd started in 1929ms
After:
02-03 12:51:46.831 511 511 I Netd : Creating child chains: 672.5ms
02-03 12:51:47.244 511 511 I Netd : Netd started in 1115ms
Test: builds, boots
Test: before/after comparison shows no expected rule changes
Bug: 34873832
Change-Id: I88f4e539d727e3b542cf6f8acd61728cadda972f
/system/netd/server/Controllers.cpp
|
| 173da327b61528ab0d6585581967c928e9e62277 |
|
04-Feb-2017 |
Lorenzo Colitti <lorenzo@google.com> |
More robust handling of iptables-restore process termination
Bug: 32323979
Test: unit tests pass
Test: bullhead builds and boots
Change-Id: Ib3ea4221b1b2025a0a236f2607db29e1cd30ffa9
/system/netd/server/Controllers.cpp
|
| 05306fb80d3b08775a6899384700ecaa8d644b62 |
|
08-Feb-2017 |
Lorenzo Colitti <lorenzo@google.com> |
Revert "Revert "Move createChildChains to iptables-restore.""
This reverts commit f81cda0e5c1ba6e1e4e7d7829959238ff097adac.
Reason for revert: it should be safe to roll forward again
because the next CL in this change stack removes the root cause
of the boot failure.
Test: bullhead builts, boots
Test: netd_{unit,integration}_test pass
Bug: 32323979
Change-Id: Idb462d691d66e00b6ce806aa69582ecdbc930faf
/system/netd/server/Controllers.cpp
|
| f81cda0e5c1ba6e1e4e7d7829959238ff097adac |
|
07-Feb-2017 |
Lorenzo Colitti <lorenzo@google.com> |
Revert "Move createChildChains to iptables-restore."
This reverts commit 81ff64ecb3c90cbc2a95c7653420597df604af5d.
Reason for revert: botloops ryu. Incomplete error handling code
in IptablesRestoreController interacts badly with an iptables
error early on caused by ryu not having the iptables "nat" table.
Test: builds, boots bullhead
Test: fixes ryu bootloop
Fix: 35027505
Change-Id: I209c74e46cfcdb80ca2c3e0e6ce9c28f389017ec
/system/netd/server/Controllers.cpp
|
| 81ff64ecb3c90cbc2a95c7653420597df604af5d |
|
01-Feb-2017 |
Lorenzo Colitti <lorenzo@google.com> |
Move createChildChains to iptables-restore.
This reduces netd startup time by about 2x.
Before:
02-02 14:01:20.075 485 485 I Netd : Creating child chains: 2983.5ms
02-02 14:01:20.398 485 485 I Netd : Netd started in 3325ms
After:
02-02 15:23:51.872 480 480 I Netd : Creating child chains: 1572.3ms
02-02 15:23:52.200 480 480 I Netd : Netd started in 1943ms
We cannot switch all chains to iptables-restore because vendor
code manipulates those chains directly. If we did, we would save
an additional ~1 second.
Add an oem_mangle_post chain linked from mangle POSTROUTING so
that said vendor code can modify that instead of POSTROUTING
directly. (There is already an oem_out chain, so no changes are
needed for vendor code to move off of OUTPUT.)
Bug: 34873832
Test: builds, boots, unit and integration tests pass
Test: iptables-save output before and after CL sees no unexpected rule changes
Change-Id: I64cc32e7e14d9966bf6bc9bcc604af8c5d19eae8
/system/netd/server/Controllers.cpp
|
| 19ee8a8dd675ecf788a5a527b843b59fbbe3255f |
|
01-Feb-2017 |
Lorenzo Colitti <lorenzo@google.com> |
Add finer-grained logging of netd startup times.
Example output:
02-02 12:57:30.481 10703 10703 I Netd : Netd 1.0 starting
02-02 12:57:32.593 10703 10703 I Netd : Creating child chains: 2105.7ms
02-02 12:57:32.594 10703 10703 I Netd : Setting up OEM hooks: 1.0ms
02-02 12:57:32.703 10703 10703 I Netd : Setting up FirewallController hooks: 109.5ms
02-02 12:57:32.859 10703 10703 I Netd : Setting up NatController hooks: 156.0ms
02-02 12:57:32.867 10703 10703 I Netd : Setting up BandwidthController hooks: 7.7ms
02-02 12:57:32.867 10703 10703 I Netd : Setting up IdletimerController hooks: 0.1ms
02-02 12:57:32.876 10703 10703 I Netd : Disabling bandwidth control: 8.9ms
02-02 12:57:32.920 10703 10703 E Netd : netlink response contains error (File exists)
02-02 12:57:32.920 10703 10703 E Netd : Can't add IPv4 default route to dummy0: File exists
02-02 12:57:32.921 10703 10703 I Netd : Initializing RouteController: 44.7ms
02-02 12:57:32.935 10703 10703 I Netd : Netd started in 2455ms
Test: builds, boots, log messages appear
Bug: 32323979
Change-Id: I54f167b5e9291b888dc72e03714c4f2718b23a8c
/system/netd/server/Controllers.cpp
|
| 1ed96e2d3fa89ca4848750a6b3bbbcf677946d27 |
|
01-Feb-2017 |
Lorenzo Colitti <lorenzo@google.com> |
Move some code out of CommandListener.
1. Move lots of initialization code to Controllers.cpp.
2. Move stringToPermission to Permission.h, which seems like a
better place for it.
Bug: 34873832
Test: builds, boots
Change-Id: I01ba8e1d062d298eab71a1b90899df042fdc2360
/system/netd/server/Controllers.cpp
|
| a5ace89be511d5a9f76d2d987fe8f61c0a8102f5 |
|
06-Jan-2017 |
Narayan Kamath <narayan@google.com> |
netd: Use a persistent iptables[6]-restore process
iptables-restore and ip[6]tables-restore are forked on demand
whenever we need them, and their stdin/out/err are replaced by
pipes to the parent process. All commands are sent via the stdin
pipe. We also add SIGCHLD handling so that we can detect error
conditions and restart the process whenever required.
Bug: 32323979
Test: Manual
Test: netd_unit_test, netd_integration_test
Change-Id: Ia12ee01f8b45e5b8a699c27eea1b6b55d40f16b5
/system/netd/server/Controllers.cpp
|
| 2c5aaa1876db659556c2e9605beccc670e6b7c0d |
|
08-Jun-2016 |
Erik Kline <ek@google.com> |
Setup interfaces for IPv6 tethering
Including:
- set the interface for router mode (accept_ra = 0)
- reset the interface for client mode (accept_ra = 1)
- InterfaceController::setAcceptIPv6Ra()
- InterfaceController::setAcceptIPv6Dad()
- make InterfaceController static
- refactor for more modern C++ usage here and there
- sporadic style guide fixes
Bug: 9580643
Change-Id: Ia557c8770e18c58b12ad16d982c63b6ebd525516
/system/netd/server/Controllers.cpp
|
| 1cfa54374f5ba63d69d6fcca767c4f6647cb6de2 |
|
24-Feb-2016 |
Pierre Imai <imaipi@google.com> |
Wrap netd's controller to make them usable from other classes
Change-Id: Icb76b43e89c5a9e5806b95002d3653dd99912494
/system/netd/server/Controllers.cpp
|