| 58a09b524593cc56d258f8c89528b7ac0720da6e |
|
12-May-2018 |
Chenbo Feng <fengc@google.com> |
Use a separate map to store per app stats
To avoid iterating through the eBPF map to get the total stats of a
specific uid. A new bpf map called appUidStatsMap is added to the
trafficController so that TrafficStats API can directly read that map
for per uid total stats regardless of tag, counterSet and iface
information. This could make this call more efficient and solve the
possible racing problem.
Bug: 79171384
Test: netd_unit_test, libbpf_test, netd_integration_test
Change-Id: I47a4ac3466caa729c5730a498a2de226303d6b77
Merged-In: I47a4ac3466caa729c5730a498a2de226303d6b77
(cherry picked from aosp commit bc4a15f91f97fbfcbfdc9dc19d73226f380bc977)
/system/netd/server/TrafficController.h
|
| 2c67f26519d6cfc2c071d35be46cd4b301f376ab |
|
26-Apr-2018 |
Chenbo Feng <fengc@google.com> |
refactor bpf maps into class
Use a class object to wrap up the bpf map file descriptor and provide
some base function to look up, write and delete the map content. The map
class also have a nested iterator class to iterate over the map and two
helper function to simplify the iterating process. Removed the
mDeleteStatsMutex since it cannot prevent framework side to read the
stats while we are deleting the stats and all the other netd operation
on the stats related map doesn't need to iterate through the map anyway.
Bug: 78250686
Test: netd_unit_test libbpf_test
Change-Id: I358ba65f7022fd03f8ca573550055734052b6fd2
Merged-In: I358ba65f7022fd03f8ca573550055734052b6fd2
(cherry picked from aosp commit 4f6c237759e8bdc3ace937ad0eaaf9be893702da)
/system/netd/server/TrafficController.h
|
| 0cef0cdcbefe31fea8a169dfd9aa1089a7bbd652 |
|
14-Apr-2018 |
Chenbo Feng <fengc@google.com> |
Remove the deleted stats from map
The xt_qtaguid module removes per uid stats when an app get uninstalled.
So eBPF map should not store the uninstalled stats either. This change
help fix the unknown iface problem as well.
Bug: 77987430
Test: android.app.usage.cts.NetworkUsageStatsTest
Change-Id: Ieb08833ecc35f76d27769042f197d889470faf7f
Merged-In: Ieb08833ecc35f76d27769042f197d889470faf7f
(cherry picked from aosp commit ef1cab3a984a21e807d3a28987e6d5793b04a039)
/system/netd/server/TrafficController.h
|
| 132065d2694ec9e0ac9b857a76a22b1f1f251c44 |
|
26-Mar-2018 |
Chenbo Feng <fengc@google.com> |
Add dump function for trafficController
Add a dumpsys helper function in trafficController to dump out the
information of the trafficController that is running on device. If
trafficController is running bpf programs, dump out all the program
location status and all the map content to dumpsys.
Test: dumpsys netd should trafficController information.
bug: 74411823
Merged-In: Ica83c11b6d1debb59f9c3a703d5b5cfc264844c4
Change-Id: Ica83c11b6d1debb59f9c3a703d5b5cfc264844c4
(cherry picked from aosp commit ef297179bb1611b011d6e0f55e5cb7366a76824a)
/system/netd/server/TrafficController.h
|
| 64af7047b44c4802a300be0843501b56747d49f8 |
|
21-Mar-2018 |
Chenbo Feng <fengc@google.com> |
Add xt_owner module support in trafficController
Add bpf maps for recording rules about socket owner uid filtering.
Modified the bpf program so that packets with uid listed in the
the uidOwnerMap will get handled according to userspace settings
Test: bpf program can be loaded and attached when boot
Bug: 72381727 30950746
Merged-In: I39497334fcb5e200dbf07a0046b85c227d59e2d7
Change-Id: I39497334fcb5e200dbf07a0046b85c227d59e2d7
(cherry picked from aosp commit 89c12f13e3fb31f1a46f3ea5aeef331b0c9eda45)
/system/netd/server/TrafficController.h
|
| d425ec8aea272a132f79493bdb36e793bcd05a85 |
|
14-Mar-2018 |
Chenbo Feng <fengc@google.com> |
Use xt_bpf module to record the iface stats
To make interface packet accounting more accurately and persistent, the
xt_bpf module is implemented to record the total packets and bytes
tx/rx through each interface. The netd will load the bpf program and
set up iptable rules for the xt_bpf module at boot time and the
framework service will use them to get per interface networks stats on
supported devices. Add logcat support to bpfloader program.
Test: iface stats show up in maps. Iptable rules show up after boot.
Bug: 72111305
Change-Id: Ib33d2b165b64e130999931302dd67891c35a12e9
(cherry picked from aosp commit 5ed179914f300427819e7e92a61abbd57c7c7925)
/system/netd/server/TrafficController.h
|
| 8cc480c991d6f57c3f71b13d4a6a4484c929cb90 |
|
01-Mar-2018 |
Chenbo Feng <fengc@google.com> |
Add a eBPF map to store iface name and index
Since the kernel bpf program can only get the iface index instead of
iface name, we need a seperate map to store the iface index and name
pair in userspace so the kernel program can know what iface each
received packet is and account against the correct name.
Test: run cts -m TrafficStatsTest
Bug: 30950746
Bug: 73137611
Change-Id: I6638dc4b03db6fd18b6b38b4524ec89e25a55bc0
(cherry picked from aosp commit 7e97405ea17a9134bb1b63c41d1d32de003d6bbf)
/system/netd/server/TrafficController.h
|
| eac6c476e252ad9943b4854acf0163a861cb8aec |
|
06-Feb-2018 |
Chenbo Feng <fengc@google.com> |
Simplify the traffic stats entry struct
Since the framework API no longer support traffic stats detail such as
rxTcpPacket number or rxTcpBytes, The eBPF program and the native helper
functions no longer need to store those information as well. Removing
them from the struct StatsValue can save some space per stats entry and
reduce the total size of stats map.
Bug: 30950746
Test: run cts -m CtsNetTestCases -t android.net.cts.TrafficStatsTest
Change-Id: I70c24b762ecc9d58fc4a3ac48a7944416eff7c81
/system/netd/server/TrafficController.h
|
| 05393d8d36429a81466725b429ab976ea977fd07 |
|
10-Jan-2018 |
Chenbo Feng <fengc@google.com> |
Use a isolated process to load bpf program
For the security reason of the bpf program loading process, the
program loading and running operation is moved to a seperate process out
of netd traffic controller. This can help we isolate the program loading
process into a seperate sandbox and apply more strict selinux and
seccomp security policy on it. This action can help providing additional
security fence on CVE-2017-5753.
Test: bpf program pinned at sys/fs/bpf after device boot.
Bug: 30950746
Change-Id: Id194017692343d1f55ec7f44254ff4918e95e2d3
/system/netd/server/TrafficController.h
|
| 07d43fe9114880acb501e60dc6b537ae0e893064 |
|
21-Dec-2017 |
Chenbo Feng <fengc@google.com> |
Add a binder interface checking bpf status
The system server need to know if the bpf traffic stats accounting
system is running at run time before read network stats from it. Instead
of checking the kernel version. A safe way to implement it is adding a
binder call to check the service inside netd. If netd successfully setup
the system and it can be sure the stats will be avalaible for system
server.
Test: run cts -m CtsNetTestCases -t android.net.cts.TrafficStatsTest
Bug: 30950746
Change-Id: Ieef41dd94bc957864108f2f5590d9855ae985244
/system/netd/server/TrafficController.h
|
| f43bf817e0d304bea7e8c993aa4649e0557c864a |
|
16-Dec-2017 |
Chenbo Feng <fengc@google.com> |
Add BPF helper function for system server
Add the map iterate and stats reading helper function used by system
server into libbpf. The methods are used by both NetworkStatsService and
NetworkStatsFactory JNI library.
Delete the function that scan through cookieTagMap and delete the stats
entry that belongs to a not existing tag. This function is handed over
to system server since system server can hold a lock to prevent
processes to access bpf maps when deleting the map entries.
Bug: 30950746
Test: run cts -m CtsNetTestCases -t android.net.cts.TrafficStatsTest
Change-Id: Ie08c817d709f0ea32405989816bd6a016ebc6bf1
/system/netd/server/TrafficController.h
|
| ed37fea35e16dc35d7519808a90cc64b07267883 |
|
14-Dec-2017 |
Chenbo Feng <fengc@google.com> |
Add unit test cases for TrafficController
The unit test cases use fake eBPF map to verify the behavior of
TrafficController API such as tag/untag socket and set counter set.
It use four temperary bpf maps to store the result of
TrafficController.
Bug: 30950746
Test: run netd_unit_test
Change-Id: I71ad301475034986ca403a87b81b0cbfc354ae18
/system/netd/server/TrafficController.h
|
| 116d05553da82c68ae76144a9f6472ae6f8a3c1a |
|
05-Dec-2017 |
Chenbo Feng <fengc@google.com> |
Use netlink listener to track destroyed socket
Add a netlink SkDestroyListener in TrafficController to listen to the
broadcast from kernel when a inet socket get destroyed. The broadcast
message contains the socket cookie of the destroyed socket and
TrafficController uses it to remove the tag/uid information stored
inside cookieTagMap if the process that create and tag the socket forget
to untag it before closing the socket.
Bug: 30950746
Test: Rewrite NativeQtaguidTest.cpp to support eBPF module.
Change-Id: I46d5067c38bc3ecd6cd96db364c3897db25b4e10
/system/netd/server/TrafficController.h
|
| c10a8a4537a472d37ecceaa9293bf918af88ebb5 |
|
15-Dec-2017 |
Chenbo Feng <fengc@google.com> |
Rework bpf part of traffic controller
Refine the implementaion of Traffic Controller eBPF module. Fixed
several typos and code style. Use unique_fd to replace all the fd
involved. Move the bpf helper function to a seperate library so
system server can also use it from jni code. Change the map file
permission so system_server can also read it. Rework the delete tag
data helper function to make it work properly. Pin the bpf program as
file so netd can check if cgroup program is attached or not when
restart.
Test: -m CtsNetTestCases -t android.net.cts.TrafficStatsTest
Bug: 30950746
Change-Id: I50fd6a091faab261880afa8e27ebb316871eb4aa
/system/netd/server/TrafficController.h
|
| 33cc1036b755544b825c484f2cfdfb183ecf8177 |
|
24-Oct-2017 |
Chenbo Feng <fengc@google.com> |
Add qtaguid support into TrafficController
Redirect the qtaguid related request to netd TrafficController through
Fwmark server. The TrafficController will handle the request differently
depend on the kernel version. For now the eBPF implementation is
temperarily turned of since the kernel and selinux support is not ready
yet. The actaul qtaguid userspace implementation is moved to libqtaguid
and TrafficController will use that library to intereact with xt_qtaguid
kernel module.
Test: Cts test for TrafficStats should pass
Bug: 30950746
Change-Id: I6dd97da49168a4724e76537a270d10ff26991808
/system/netd/server/TrafficController.h
|
| f275968b1b3499a6095d64648d16fe0dc5168c80 |
|
11-Oct-2017 |
Chenbo Feng <fengc@google.com> |
Prototype of traffic controller
This is the prototype of the traffic controller service in netd module.
It start when netd controller service start and load eBPF maps and
programs to the kernel. Then it will attach the eBPF program to
corresponding cgroup to account the data usage information. During run
time, it is responsible for update socket tagging information with the
kernel, read the stats data for userspace usage, and garbage collect the
redundent map entries.
Test: bpf program attached to cgroup
Bug: 30950746
Change-Id: Ia7916a99a457fcff910725994a93a889ec6dd6be
/system/netd/server/TrafficController.h
|