54bfc7cc850fb10f65cff6195252e90c6f5315fe |
|
23-Jan-2018 |
Hugo Benichi <hugobenichi@google.com> |
Add the number of struct tcp_info bytes read from Netlink This patch adds to the SockDiag TcpInfoReader callback the number of bytes read from Netlink when parsing a struct tcp_info attribute with attribute id INET_DIAG_INFO. On different kernels, struct tcp_info will have different fields and different sizes when serialized. A generic sock_diag struct tcp_info handler can use the attribute byte size to distinguish between different fields and safely read data inside struct tcp_info. Bug: 64147860 Test: tested manually on sailfish with 3.18 kernel, using $ adb shell dumpsys netd tcp_socket_info Change-Id: I45da9ed787dc7f0c4873ce1132b5f8094bcffd0a
/system/netd/server/SockDiag.h
|
cbaa36b325a363bed6de3a8f4623d59908273ea1 |
|
16-Jan-2018 |
Hugo Benichi <hugobenichi@google.com> |
Add Fwmark to TCP socket dumps interface This allows TcpSocketMonitor to prints netid and mark values for all sockets dumped. Bug: 64147860 Test: manual tests with newly introduced commands Change-Id: Id9ec716be5933615b2532dffb10267770e9ae101
/system/netd/server/SockDiag.h
|
dee9481c70b8203ba8836dd53b947b65b526d3e4 |
|
12-Jan-2018 |
Hugo Benichi <hugobenichi@google.com> |
TCP socket monitoring: minimum SockDiag primitives This patch adds a getSocketsInfo() method on the SockDiag class for dumping the struct tcp_info of all IPv4 and IPv6 sockets on the system, using the sock_diag netlink interface. Bug: 64147860 Test: - manual tests usint dumpsys command from follow-up patch - TODO: netd unit tests Change-Id: I3ad1726b4fde005c7b9506af96ed7bd79f527316
/system/netd/server/SockDiag.h
|
0b733e4407db9d198b75743727c5827daa65490e |
|
13-Feb-2017 |
Lorenzo Colitti <lorenzo@google.com> |
Add a generic netlink dump function and use it in SockDiag. Test: bullhead builds, boots Test: unit tests pass Bug: 34873832 Change-Id: I8479a8c24277855b54a11a327618426678c8d360
/system/netd/server/SockDiag.h
|
7035f228d17e925116b1b64a7c917b3196ab8818 |
|
13-Feb-2017 |
Lorenzo Colitti <lorenzo@google.com> |
Put most of netd into the android::net namespace. Test: netd_{unit,integration}_test pass Test: bullhead builds, boots Bug: 34873832 Change-Id: I0a252328041b342f9c03cd08c11a69d452b045b3
/system/netd/server/SockDiag.h
|
2cf561722c2661cc0d4db502a44a3021609f307e |
|
13-Sep-2016 |
Robin Lee <rgl@google.com> |
Benchmarks for network metrics reporting Bug: 29748723 Test: this is an APCT test. (cherry picked from commit 484dac1d071c7476895c4a3184e8dbdd7b63e524) Change-Id: I482a7d5c15210906069e0fe7ef55ab3f21bfc127
/system/netd/server/SockDiag.h
|
fbe76b984233d0d8a84f5eafeaa01da7151c64ad |
|
13-Sep-2016 |
Lorenzo Colitti <lorenzo@google.com> |
Close sockets when changing network permissions. Bug: 23113288 (cherry picked from commit c6201c3754710e235f16118761b23760ff4136ad) Change-Id: I1407644e06e960e453a31b298e46ef866f0eebd2
/system/netd/server/SockDiag.h
|
e5c3c9971a5d1525380c18fff65c2816eb79923e |
|
26-Jul-2016 |
Lorenzo Colitti <lorenzo@google.com> |
Don't close loopback sockets when a VPN connects or entering doze. Bug: 30186506 (cherry picked from commit 0726fec82842883a2332318aa675f7f04670db51) Change-Id: I269d9d9dc2f036b7b65e14577c5525d9cab426ba
/system/netd/server/SockDiag.h
|
195688c127a50d0a1890e5ce55129d75705b0ac0 |
|
05-Aug-2016 |
Chih-Hung Hsieh <chh@google.com> |
Merge "Fix clang-tidy performance warnings in SockDiag." am: fbf8d65341 Change-Id: I45bbf581ea9e37dfa3a61adaa721e23e08de3f23
|
b22e4d24b7f5468d7596dea66010ec159a8be6b1 |
|
28-Jul-2016 |
Chih-Hung Hsieh <chh@google.com> |
Fix clang-tidy performance warnings in SockDiag. * Use const reference type for parameters to avoid unnecessary copy. Bug: 30407689 Change-Id: I77d26f64b86aa03cf877b2d4475bbe1348400316 Test: build with WITH_TIDY=1
/system/netd/server/SockDiag.h
|
fff4bd31ff2bad0acfd8f2439eccf7df70e9695f |
|
13-Apr-2016 |
Lorenzo Colitti <lorenzo@google.com> |
Kill sockets when a VPN comes up. 1. Change the SockDiag callback function to be a filter that returns a bool instead of a function that optionally kills a socket. All existing callbacks basically only existed to kill sockets under certain conditions, and making them return a boolean allows reusing the same callback function signature to filter sockets as well. 2. Add a new SockDiag method to kill sockets based on a UidRanges object (which contains a number of UID ranges) and a list of users to skip. 3. Add a new UIDRANGE mode to SockDiagTest to test the above. 4. When UID ranges are added or removed from the VPN, kill sockets in those UID ranges unless the socket UIDs are in mProtectableUsers and thus their creator might have set the protect bit on their mark. Short of actually being able to see the socket mark on each socket and basing our decision on that, this is the best we can do. Bug: 26976388 Change-Id: I53a30df3feb63254a6451a29fa6041c9b679f9bb
/system/netd/server/SockDiag.h
|
94a7b43ecb13094313d5f1bdc2515be760a0b6be |
|
24-Mar-2016 |
Lorenzo Colitti <lorenzo@google.com> |
Support destroying sockets for UIDs. Bug: 27824851 Change-Id: Iab5ebfd1c3d463d60d3dbd3a271737c8bc824298
/system/netd/server/SockDiag.h
|
8554248cff7e94194bddc6539d13587abcd1e0e0 |
|
14-Feb-2016 |
Lorenzo Colitti <lorenzo@google.com> |
Use SOCK_DESTROY in netd. Bug: 26976388 (cherry picked from commit f32fc598b01ba8d59873b0a1085716fd84678b54) Change-Id: I2e4d0018fdcee7106fc083a522d81dba87a4db40
/system/netd/server/SockDiag.h
|
dcce00131ef210f79585ee82889744a0ebbd30a9 |
|
04-Feb-2016 |
Lorenzo Colitti <lorenzo@google.com> |
Support killing sockets using SOCK_DESTROY. This gives netd the ability to close sockets on a particular source IP address using SOCK_DESTROY. It does not yet enable this behaviour. The microbenchmark is able to close 500 IPv6 sockets in ~30ms on my angler. Specifically: - Scanning 500 socketpairs: ~5ms - Scanning 500 socketpairs and killing one half of each: ~30ms - Scanning 500 socketpairs and killing both halves of each: ~40ms This is about ~2.5x-3.5x slower than SIOCKILLADDR: - For 500 sockets, it's 9.5ms vs. 22.9ms. - For 4000 sockets, it's ~40ms vs ~135ms. A large part of that is due to sending RST packets, which SIOCKILLADDR does not do. If the kernel is modified so that SOCK_DESTROY does not send RSTs, the time taken to kill 4000 sockets goes down to ~70ms Batching the destroy operations does not help much. It saves 5-10%, but it complicates error handling. Bug: 26976388 (cherry picked from commit 8464e1ed13a30ca91ae44dd2e334f63de7ade0f3) Change-Id: Ib85d573ee2af6f6ffc4ce50a31cfbb6e9a720ca1
/system/netd/server/SockDiag.h
|
f32fc598b01ba8d59873b0a1085716fd84678b54 |
|
14-Feb-2016 |
Lorenzo Colitti <lorenzo@google.com> |
Use SOCK_DESTROY in netd. Bug: 26976388 Change-Id: I1965ece8ae65d78323b5a49eeebefe29677be63f
/system/netd/server/SockDiag.h
|
8464e1ed13a30ca91ae44dd2e334f63de7ade0f3 |
|
04-Feb-2016 |
Lorenzo Colitti <lorenzo@google.com> |
Support killing sockets using SOCK_DESTROY. This gives netd the ability to close sockets on a particular source IP address using SOCK_DESTROY. It does not yet enable this behaviour. The microbenchmark is able to close 500 IPv6 sockets in ~30ms on my angler. Specifically: - Scanning 500 socketpairs: ~5ms - Scanning 500 socketpairs and killing one half of each: ~30ms - Scanning 500 socketpairs and killing both halves of each: ~40ms This is about ~2.5x-3.5x slower than SIOCKILLADDR: - For 500 sockets, it's 9.5ms vs. 22.9ms. - For 4000 sockets, it's ~40ms vs ~135ms. A large part of that is due to sending RST packets, which SIOCKILLADDR does not do. If the kernel is modified so that SOCK_DESTROY does not send RSTs, the time taken to kill 4000 sockets goes down to ~70ms Batching the destroy operations does not help much. It saves 5-10%, but it complicates error handling. Bug: 26976388 Change-Id: I2e1ac30af5dbcdb98dbb7c6e4d4d67c55b9fd00f
/system/netd/server/SockDiag.h
|