| 54bfc7cc850fb10f65cff6195252e90c6f5315fe |
|
23-Jan-2018 |
Hugo Benichi <hugobenichi@google.com> |
Add the number of struct tcp_info bytes read from Netlink
This patch adds to the SockDiag TcpInfoReader callback the number of
bytes read from Netlink when parsing a struct tcp_info attribute with
attribute id INET_DIAG_INFO.
On different kernels, struct tcp_info will have different fields and
different sizes when serialized. A generic sock_diag struct tcp_info
handler can use the attribute byte size to distinguish between different
fields and safely read data inside struct tcp_info.
Bug: 64147860
Test: tested manually on sailfish with 3.18 kernel,
using $ adb shell dumpsys netd tcp_socket_info
Change-Id: I45da9ed787dc7f0c4873ce1132b5f8094bcffd0a
/system/netd/server/SockDiag.h
|
| cbaa36b325a363bed6de3a8f4623d59908273ea1 |
|
16-Jan-2018 |
Hugo Benichi <hugobenichi@google.com> |
Add Fwmark to TCP socket dumps interface
This allows TcpSocketMonitor to prints netid and mark values for all
sockets dumped.
Bug: 64147860
Test: manual tests with newly introduced commands
Change-Id: Id9ec716be5933615b2532dffb10267770e9ae101
/system/netd/server/SockDiag.h
|
| dee9481c70b8203ba8836dd53b947b65b526d3e4 |
|
12-Jan-2018 |
Hugo Benichi <hugobenichi@google.com> |
TCP socket monitoring: minimum SockDiag primitives
This patch adds a getSocketsInfo() method on the SockDiag class for
dumping the struct tcp_info of all IPv4 and IPv6 sockets on the system,
using the sock_diag netlink interface.
Bug: 64147860
Test: - manual tests usint dumpsys command from follow-up patch
- TODO: netd unit tests
Change-Id: I3ad1726b4fde005c7b9506af96ed7bd79f527316
/system/netd/server/SockDiag.h
|
| 0b733e4407db9d198b75743727c5827daa65490e |
|
13-Feb-2017 |
Lorenzo Colitti <lorenzo@google.com> |
Add a generic netlink dump function and use it in SockDiag.
Test: bullhead builds, boots
Test: unit tests pass
Bug: 34873832
Change-Id: I8479a8c24277855b54a11a327618426678c8d360
/system/netd/server/SockDiag.h
|
| 7035f228d17e925116b1b64a7c917b3196ab8818 |
|
13-Feb-2017 |
Lorenzo Colitti <lorenzo@google.com> |
Put most of netd into the android::net namespace.
Test: netd_{unit,integration}_test pass
Test: bullhead builds, boots
Bug: 34873832
Change-Id: I0a252328041b342f9c03cd08c11a69d452b045b3
/system/netd/server/SockDiag.h
|
| 2cf561722c2661cc0d4db502a44a3021609f307e |
|
13-Sep-2016 |
Robin Lee <rgl@google.com> |
Benchmarks for network metrics reporting
Bug: 29748723
Test: this is an APCT test.
(cherry picked from commit 484dac1d071c7476895c4a3184e8dbdd7b63e524)
Change-Id: I482a7d5c15210906069e0fe7ef55ab3f21bfc127
/system/netd/server/SockDiag.h
|
| fbe76b984233d0d8a84f5eafeaa01da7151c64ad |
|
13-Sep-2016 |
Lorenzo Colitti <lorenzo@google.com> |
Close sockets when changing network permissions.
Bug: 23113288
(cherry picked from commit c6201c3754710e235f16118761b23760ff4136ad)
Change-Id: I1407644e06e960e453a31b298e46ef866f0eebd2
/system/netd/server/SockDiag.h
|
| e5c3c9971a5d1525380c18fff65c2816eb79923e |
|
26-Jul-2016 |
Lorenzo Colitti <lorenzo@google.com> |
Don't close loopback sockets when a VPN connects or entering doze.
Bug: 30186506
(cherry picked from commit 0726fec82842883a2332318aa675f7f04670db51)
Change-Id: I269d9d9dc2f036b7b65e14577c5525d9cab426ba
/system/netd/server/SockDiag.h
|
| 195688c127a50d0a1890e5ce55129d75705b0ac0 |
|
05-Aug-2016 |
Chih-Hung Hsieh <chh@google.com> |
Merge "Fix clang-tidy performance warnings in SockDiag."
am: fbf8d65341
Change-Id: I45bbf581ea9e37dfa3a61adaa721e23e08de3f23
|
| b22e4d24b7f5468d7596dea66010ec159a8be6b1 |
|
28-Jul-2016 |
Chih-Hung Hsieh <chh@google.com> |
Fix clang-tidy performance warnings in SockDiag.
* Use const reference type for parameters to avoid unnecessary copy.
Bug: 30407689
Change-Id: I77d26f64b86aa03cf877b2d4475bbe1348400316
Test: build with WITH_TIDY=1
/system/netd/server/SockDiag.h
|
| fff4bd31ff2bad0acfd8f2439eccf7df70e9695f |
|
13-Apr-2016 |
Lorenzo Colitti <lorenzo@google.com> |
Kill sockets when a VPN comes up.
1. Change the SockDiag callback function to be a filter that
returns a bool instead of a function that optionally kills a
socket. All existing callbacks basically only existed to kill
sockets under certain conditions, and making them return a
boolean allows reusing the same callback function signature
to filter sockets as well.
2. Add a new SockDiag method to kill sockets based on a UidRanges
object (which contains a number of UID ranges) and a list of
users to skip.
3. Add a new UIDRANGE mode to SockDiagTest to test the above.
4. When UID ranges are added or removed from the VPN, kill
sockets in those UID ranges unless the socket UIDs are in
mProtectableUsers and thus their creator might have set the
protect bit on their mark. Short of actually being
able to see the socket mark on each socket and basing our
decision on that, this is the best we can do.
Bug: 26976388
Change-Id: I53a30df3feb63254a6451a29fa6041c9b679f9bb
/system/netd/server/SockDiag.h
|
| 94a7b43ecb13094313d5f1bdc2515be760a0b6be |
|
24-Mar-2016 |
Lorenzo Colitti <lorenzo@google.com> |
Support destroying sockets for UIDs.
Bug: 27824851
Change-Id: Iab5ebfd1c3d463d60d3dbd3a271737c8bc824298
/system/netd/server/SockDiag.h
|
| 8554248cff7e94194bddc6539d13587abcd1e0e0 |
|
14-Feb-2016 |
Lorenzo Colitti <lorenzo@google.com> |
Use SOCK_DESTROY in netd.
Bug: 26976388
(cherry picked from commit f32fc598b01ba8d59873b0a1085716fd84678b54)
Change-Id: I2e4d0018fdcee7106fc083a522d81dba87a4db40
/system/netd/server/SockDiag.h
|
| dcce00131ef210f79585ee82889744a0ebbd30a9 |
|
04-Feb-2016 |
Lorenzo Colitti <lorenzo@google.com> |
Support killing sockets using SOCK_DESTROY.
This gives netd the ability to close sockets on a particular
source IP address using SOCK_DESTROY. It does not yet enable
this behaviour.
The microbenchmark is able to close 500 IPv6 sockets in ~30ms on
my angler. Specifically:
- Scanning 500 socketpairs: ~5ms
- Scanning 500 socketpairs and killing one half of each: ~30ms
- Scanning 500 socketpairs and killing both halves of each: ~40ms
This is about ~2.5x-3.5x slower than SIOCKILLADDR:
- For 500 sockets, it's 9.5ms vs. 22.9ms.
- For 4000 sockets, it's ~40ms vs ~135ms.
A large part of that is due to sending RST packets, which
SIOCKILLADDR does not do. If the kernel is modified so that
SOCK_DESTROY does not send RSTs, the time taken to kill 4000
sockets goes down to ~70ms
Batching the destroy operations does not help much. It saves
5-10%, but it complicates error handling.
Bug: 26976388
(cherry picked from commit 8464e1ed13a30ca91ae44dd2e334f63de7ade0f3)
Change-Id: Ib85d573ee2af6f6ffc4ce50a31cfbb6e9a720ca1
/system/netd/server/SockDiag.h
|
| f32fc598b01ba8d59873b0a1085716fd84678b54 |
|
14-Feb-2016 |
Lorenzo Colitti <lorenzo@google.com> |
Use SOCK_DESTROY in netd.
Bug: 26976388
Change-Id: I1965ece8ae65d78323b5a49eeebefe29677be63f
/system/netd/server/SockDiag.h
|
| 8464e1ed13a30ca91ae44dd2e334f63de7ade0f3 |
|
04-Feb-2016 |
Lorenzo Colitti <lorenzo@google.com> |
Support killing sockets using SOCK_DESTROY.
This gives netd the ability to close sockets on a particular
source IP address using SOCK_DESTROY. It does not yet enable
this behaviour.
The microbenchmark is able to close 500 IPv6 sockets in ~30ms on
my angler. Specifically:
- Scanning 500 socketpairs: ~5ms
- Scanning 500 socketpairs and killing one half of each: ~30ms
- Scanning 500 socketpairs and killing both halves of each: ~40ms
This is about ~2.5x-3.5x slower than SIOCKILLADDR:
- For 500 sockets, it's 9.5ms vs. 22.9ms.
- For 4000 sockets, it's ~40ms vs ~135ms.
A large part of that is due to sending RST packets, which
SIOCKILLADDR does not do. If the kernel is modified so that
SOCK_DESTROY does not send RSTs, the time taken to kill 4000
sockets goes down to ~70ms
Batching the destroy operations does not help much. It saves
5-10%, but it complicates error handling.
Bug: 26976388
Change-Id: I2e1ac30af5dbcdb98dbb7c6e4d4d67c55b9fd00f
/system/netd/server/SockDiag.h
|