Cross Reference: /system/netd/server/Controllers.cpp

History log of /system/netd/server/Controllers.cpp
Revision	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
93f4999ab3c593d2821bc34df489597adbf57e89	08-Aug-2017	Lorenzo Colitti <lorenzo@google.com>	Move all init code to iptables-restore. This gets rid of one of the last few uses of iptables, and also reduces startup time from ~750ms to ~150ms. Bug: 28362720 Test: bullhead builds,boots Test: netd_{unit,integration}_test pass Test: rules after "killall netd" look identical Change-Id: Idf4d8dbc1292cb0017d4546976ad645a4ac7fa08 Merged-In: Ifc7b7045f00f7803b31a22d96a04e208917af5a5 /system/netd/server/Controllers.cpp
09d8c762645a18f359ab80558a8aad9003d86461	08-Aug-2017	Lorenzo Colitti <lorenzo@google.com>	Add test coverage for setting up initial iptables rules. Bug: 28362720 Test: bullhead builds, boots Test: netd_{unit,integration}_test pass Change-Id: I2ab9269d9bca3a7b8b168b801360d3fdb6119f05 Merged-In: Ifc7b7045f00f7803b31a22d96a04e208917af5a5 /system/netd/server/Controllers.cpp
08b84cd0d223ae3059ce7d4d55b389fdea187580	22-May-2017	Joel Scherpelz <jscherpelz@google.com>	Add WakeupController and NFLogListener These classes work together to parse and dispatch NFLOG messages in response to inbound packets annotated by the WiFi driver. Test: as follows - built - flashed - booted - netd_unit_test passes Change-Id: Id26d62858bf4bc4186ae66850f08077adf6fc2ac /system/netd/server/Controllers.cpp
d78843eb11fdde1611598fd27d347912070c0555	26-Mar-2017	Lorenzo Colitti <lorenzo@google.com>	Clear incoming packet mark rules on netd startup. Currently, we put the incoming packet mark rules directly into the INPUT chain of the mangle table, which is not cleared on netd start. Move these rules to their own chain. This makes them consistent with all the other iptables rules and makes it easy to clear them on startup using the existing mechanisms. Bug: 28362720 Test: bullhead builds, boots Test: netd_{unit,integration}_test pass Test: watch -n1 "adb shell iptables -v -n -t mangle -L INPUT" while switching networks Test: rules are cleared on netd restart Change-Id: I9130f997a96dcfdfdfdd950520a76f8473b5f603 /system/netd/server/Controllers.cpp
cda022e61c37cc6e6bd863c5a6525108e3789ca8	02-Feb-2017	Lorenzo Colitti <lorenzo@google.com>	Further speed up creating child chains. Currently createChildChain creates and adds child chains by using -F -X -N and -A iptables commands. This guarantees that the child chains are emtpy. are guaranteed to be empty. Therefore, it is safe to create all the child chains with a single iptables-restore command that flushes all the child chains and appends them to the parent chain. This makes it possible to create chains quickly even if the parent chain is touched by vendor code and thus cannot be safely flushed. This substantially speeds up netd startup. Before: 02-03 12:52:47.786 492 492 I Netd : Creating child chains: 1543.5ms 02-03 12:52:48.103 492 492 I Netd : Netd started in 1929ms After: 02-03 12:51:46.831 511 511 I Netd : Creating child chains: 672.5ms 02-03 12:51:47.244 511 511 I Netd : Netd started in 1115ms Test: builds, boots Test: before/after comparison shows no expected rule changes Bug: 34873832 Change-Id: I88f4e539d727e3b542cf6f8acd61728cadda972f /system/netd/server/Controllers.cpp
173da327b61528ab0d6585581967c928e9e62277	04-Feb-2017	Lorenzo Colitti <lorenzo@google.com>	More robust handling of iptables-restore process termination Bug: 32323979 Test: unit tests pass Test: bullhead builds and boots Change-Id: Ib3ea4221b1b2025a0a236f2607db29e1cd30ffa9 /system/netd/server/Controllers.cpp
05306fb80d3b08775a6899384700ecaa8d644b62	08-Feb-2017	Lorenzo Colitti <lorenzo@google.com>	Revert "Revert "Move createChildChains to iptables-restore."" This reverts commit f81cda0e5c1ba6e1e4e7d7829959238ff097adac. Reason for revert: it should be safe to roll forward again because the next CL in this change stack removes the root cause of the boot failure. Test: bullhead builts, boots Test: netd_{unit,integration}_test pass Bug: 32323979 Change-Id: Idb462d691d66e00b6ce806aa69582ecdbc930faf /system/netd/server/Controllers.cpp
f81cda0e5c1ba6e1e4e7d7829959238ff097adac	07-Feb-2017	Lorenzo Colitti <lorenzo@google.com>	Revert "Move createChildChains to iptables-restore." This reverts commit 81ff64ecb3c90cbc2a95c7653420597df604af5d. Reason for revert: botloops ryu. Incomplete error handling code in IptablesRestoreController interacts badly with an iptables error early on caused by ryu not having the iptables "nat" table. Test: builds, boots bullhead Test: fixes ryu bootloop Fix: 35027505 Change-Id: I209c74e46cfcdb80ca2c3e0e6ce9c28f389017ec /system/netd/server/Controllers.cpp
81ff64ecb3c90cbc2a95c7653420597df604af5d	01-Feb-2017	Lorenzo Colitti <lorenzo@google.com>	Move createChildChains to iptables-restore. This reduces netd startup time by about 2x. Before: 02-02 14:01:20.075 485 485 I Netd : Creating child chains: 2983.5ms 02-02 14:01:20.398 485 485 I Netd : Netd started in 3325ms After: 02-02 15:23:51.872 480 480 I Netd : Creating child chains: 1572.3ms 02-02 15:23:52.200 480 480 I Netd : Netd started in 1943ms We cannot switch all chains to iptables-restore because vendor code manipulates those chains directly. If we did, we would save an additional ~1 second. Add an oem_mangle_post chain linked from mangle POSTROUTING so that said vendor code can modify that instead of POSTROUTING directly. (There is already an oem_out chain, so no changes are needed for vendor code to move off of OUTPUT.) Bug: 34873832 Test: builds, boots, unit and integration tests pass Test: iptables-save output before and after CL sees no unexpected rule changes Change-Id: I64cc32e7e14d9966bf6bc9bcc604af8c5d19eae8 /system/netd/server/Controllers.cpp
19ee8a8dd675ecf788a5a527b843b59fbbe3255f	01-Feb-2017	Lorenzo Colitti <lorenzo@google.com>	Add finer-grained logging of netd startup times. Example output: 02-02 12:57:30.481 10703 10703 I Netd : Netd 1.0 starting 02-02 12:57:32.593 10703 10703 I Netd : Creating child chains: 2105.7ms 02-02 12:57:32.594 10703 10703 I Netd : Setting up OEM hooks: 1.0ms 02-02 12:57:32.703 10703 10703 I Netd : Setting up FirewallController hooks: 109.5ms 02-02 12:57:32.859 10703 10703 I Netd : Setting up NatController hooks: 156.0ms 02-02 12:57:32.867 10703 10703 I Netd : Setting up BandwidthController hooks: 7.7ms 02-02 12:57:32.867 10703 10703 I Netd : Setting up IdletimerController hooks: 0.1ms 02-02 12:57:32.876 10703 10703 I Netd : Disabling bandwidth control: 8.9ms 02-02 12:57:32.920 10703 10703 E Netd : netlink response contains error (File exists) 02-02 12:57:32.920 10703 10703 E Netd : Can't add IPv4 default route to dummy0: File exists 02-02 12:57:32.921 10703 10703 I Netd : Initializing RouteController: 44.7ms 02-02 12:57:32.935 10703 10703 I Netd : Netd started in 2455ms Test: builds, boots, log messages appear Bug: 32323979 Change-Id: I54f167b5e9291b888dc72e03714c4f2718b23a8c /system/netd/server/Controllers.cpp
1ed96e2d3fa89ca4848750a6b3bbbcf677946d27	01-Feb-2017	Lorenzo Colitti <lorenzo@google.com>	Move some code out of CommandListener. 1. Move lots of initialization code to Controllers.cpp. 2. Move stringToPermission to Permission.h, which seems like a better place for it. Bug: 34873832 Test: builds, boots Change-Id: I01ba8e1d062d298eab71a1b90899df042fdc2360 /system/netd/server/Controllers.cpp
a5ace89be511d5a9f76d2d987fe8f61c0a8102f5	06-Jan-2017	Narayan Kamath <narayan@google.com>	netd: Use a persistent iptables[6]-restore process iptables-restore and ip[6]tables-restore are forked on demand whenever we need them, and their stdin/out/err are replaced by pipes to the parent process. All commands are sent via the stdin pipe. We also add SIGCHLD handling so that we can detect error conditions and restart the process whenever required. Bug: 32323979 Test: Manual Test: netd_unit_test, netd_integration_test Change-Id: Ia12ee01f8b45e5b8a699c27eea1b6b55d40f16b5 /system/netd/server/Controllers.cpp
2c5aaa1876db659556c2e9605beccc670e6b7c0d	08-Jun-2016	Erik Kline <ek@google.com>	Setup interfaces for IPv6 tethering Including: - set the interface for router mode (accept_ra = 0) - reset the interface for client mode (accept_ra = 1) - InterfaceController::setAcceptIPv6Ra() - InterfaceController::setAcceptIPv6Dad() - make InterfaceController static - refactor for more modern C++ usage here and there - sporadic style guide fixes Bug: 9580643 Change-Id: Ia557c8770e18c58b12ad16d982c63b6ebd525516 /system/netd/server/Controllers.cpp
1cfa54374f5ba63d69d6fcca767c4f6647cb6de2	24-Feb-2016	Pierre Imai <imaipi@google.com>	Wrap netd's controller to make them usable from other classes Change-Id: Icb76b43e89c5a9e5806b95002d3653dd99912494 /system/netd/server/Controllers.cpp