58a09b524593cc56d258f8c89528b7ac0720da6e |
|
12-May-2018 |
Chenbo Feng <fengc@google.com> |
Use a separate map to store per app stats To avoid iterating through the eBPF map to get the total stats of a specific uid. A new bpf map called appUidStatsMap is added to the trafficController so that TrafficStats API can directly read that map for per uid total stats regardless of tag, counterSet and iface information. This could make this call more efficient and solve the possible racing problem. Bug: 79171384 Test: netd_unit_test, libbpf_test, netd_integration_test Change-Id: I47a4ac3466caa729c5730a498a2de226303d6b77 Merged-In: I47a4ac3466caa729c5730a498a2de226303d6b77 (cherry picked from aosp commit bc4a15f91f97fbfcbfdc9dc19d73226f380bc977)
/system/netd/server/TrafficController.h
|
2c67f26519d6cfc2c071d35be46cd4b301f376ab |
|
26-Apr-2018 |
Chenbo Feng <fengc@google.com> |
refactor bpf maps into class Use a class object to wrap up the bpf map file descriptor and provide some base function to look up, write and delete the map content. The map class also have a nested iterator class to iterate over the map and two helper function to simplify the iterating process. Removed the mDeleteStatsMutex since it cannot prevent framework side to read the stats while we are deleting the stats and all the other netd operation on the stats related map doesn't need to iterate through the map anyway. Bug: 78250686 Test: netd_unit_test libbpf_test Change-Id: I358ba65f7022fd03f8ca573550055734052b6fd2 Merged-In: I358ba65f7022fd03f8ca573550055734052b6fd2 (cherry picked from aosp commit 4f6c237759e8bdc3ace937ad0eaaf9be893702da)
/system/netd/server/TrafficController.h
|
0cef0cdcbefe31fea8a169dfd9aa1089a7bbd652 |
|
14-Apr-2018 |
Chenbo Feng <fengc@google.com> |
Remove the deleted stats from map The xt_qtaguid module removes per uid stats when an app get uninstalled. So eBPF map should not store the uninstalled stats either. This change help fix the unknown iface problem as well. Bug: 77987430 Test: android.app.usage.cts.NetworkUsageStatsTest Change-Id: Ieb08833ecc35f76d27769042f197d889470faf7f Merged-In: Ieb08833ecc35f76d27769042f197d889470faf7f (cherry picked from aosp commit ef1cab3a984a21e807d3a28987e6d5793b04a039)
/system/netd/server/TrafficController.h
|
132065d2694ec9e0ac9b857a76a22b1f1f251c44 |
|
26-Mar-2018 |
Chenbo Feng <fengc@google.com> |
Add dump function for trafficController Add a dumpsys helper function in trafficController to dump out the information of the trafficController that is running on device. If trafficController is running bpf programs, dump out all the program location status and all the map content to dumpsys. Test: dumpsys netd should trafficController information. bug: 74411823 Merged-In: Ica83c11b6d1debb59f9c3a703d5b5cfc264844c4 Change-Id: Ica83c11b6d1debb59f9c3a703d5b5cfc264844c4 (cherry picked from aosp commit ef297179bb1611b011d6e0f55e5cb7366a76824a)
/system/netd/server/TrafficController.h
|
64af7047b44c4802a300be0843501b56747d49f8 |
|
21-Mar-2018 |
Chenbo Feng <fengc@google.com> |
Add xt_owner module support in trafficController Add bpf maps for recording rules about socket owner uid filtering. Modified the bpf program so that packets with uid listed in the the uidOwnerMap will get handled according to userspace settings Test: bpf program can be loaded and attached when boot Bug: 72381727 30950746 Merged-In: I39497334fcb5e200dbf07a0046b85c227d59e2d7 Change-Id: I39497334fcb5e200dbf07a0046b85c227d59e2d7 (cherry picked from aosp commit 89c12f13e3fb31f1a46f3ea5aeef331b0c9eda45)
/system/netd/server/TrafficController.h
|
d425ec8aea272a132f79493bdb36e793bcd05a85 |
|
14-Mar-2018 |
Chenbo Feng <fengc@google.com> |
Use xt_bpf module to record the iface stats To make interface packet accounting more accurately and persistent, the xt_bpf module is implemented to record the total packets and bytes tx/rx through each interface. The netd will load the bpf program and set up iptable rules for the xt_bpf module at boot time and the framework service will use them to get per interface networks stats on supported devices. Add logcat support to bpfloader program. Test: iface stats show up in maps. Iptable rules show up after boot. Bug: 72111305 Change-Id: Ib33d2b165b64e130999931302dd67891c35a12e9 (cherry picked from aosp commit 5ed179914f300427819e7e92a61abbd57c7c7925)
/system/netd/server/TrafficController.h
|
8cc480c991d6f57c3f71b13d4a6a4484c929cb90 |
|
01-Mar-2018 |
Chenbo Feng <fengc@google.com> |
Add a eBPF map to store iface name and index Since the kernel bpf program can only get the iface index instead of iface name, we need a seperate map to store the iface index and name pair in userspace so the kernel program can know what iface each received packet is and account against the correct name. Test: run cts -m TrafficStatsTest Bug: 30950746 Bug: 73137611 Change-Id: I6638dc4b03db6fd18b6b38b4524ec89e25a55bc0 (cherry picked from aosp commit 7e97405ea17a9134bb1b63c41d1d32de003d6bbf)
/system/netd/server/TrafficController.h
|
eac6c476e252ad9943b4854acf0163a861cb8aec |
|
06-Feb-2018 |
Chenbo Feng <fengc@google.com> |
Simplify the traffic stats entry struct Since the framework API no longer support traffic stats detail such as rxTcpPacket number or rxTcpBytes, The eBPF program and the native helper functions no longer need to store those information as well. Removing them from the struct StatsValue can save some space per stats entry and reduce the total size of stats map. Bug: 30950746 Test: run cts -m CtsNetTestCases -t android.net.cts.TrafficStatsTest Change-Id: I70c24b762ecc9d58fc4a3ac48a7944416eff7c81
/system/netd/server/TrafficController.h
|
05393d8d36429a81466725b429ab976ea977fd07 |
|
10-Jan-2018 |
Chenbo Feng <fengc@google.com> |
Use a isolated process to load bpf program For the security reason of the bpf program loading process, the program loading and running operation is moved to a seperate process out of netd traffic controller. This can help we isolate the program loading process into a seperate sandbox and apply more strict selinux and seccomp security policy on it. This action can help providing additional security fence on CVE-2017-5753. Test: bpf program pinned at sys/fs/bpf after device boot. Bug: 30950746 Change-Id: Id194017692343d1f55ec7f44254ff4918e95e2d3
/system/netd/server/TrafficController.h
|
07d43fe9114880acb501e60dc6b537ae0e893064 |
|
21-Dec-2017 |
Chenbo Feng <fengc@google.com> |
Add a binder interface checking bpf status The system server need to know if the bpf traffic stats accounting system is running at run time before read network stats from it. Instead of checking the kernel version. A safe way to implement it is adding a binder call to check the service inside netd. If netd successfully setup the system and it can be sure the stats will be avalaible for system server. Test: run cts -m CtsNetTestCases -t android.net.cts.TrafficStatsTest Bug: 30950746 Change-Id: Ieef41dd94bc957864108f2f5590d9855ae985244
/system/netd/server/TrafficController.h
|
f43bf817e0d304bea7e8c993aa4649e0557c864a |
|
16-Dec-2017 |
Chenbo Feng <fengc@google.com> |
Add BPF helper function for system server Add the map iterate and stats reading helper function used by system server into libbpf. The methods are used by both NetworkStatsService and NetworkStatsFactory JNI library. Delete the function that scan through cookieTagMap and delete the stats entry that belongs to a not existing tag. This function is handed over to system server since system server can hold a lock to prevent processes to access bpf maps when deleting the map entries. Bug: 30950746 Test: run cts -m CtsNetTestCases -t android.net.cts.TrafficStatsTest Change-Id: Ie08c817d709f0ea32405989816bd6a016ebc6bf1
/system/netd/server/TrafficController.h
|
ed37fea35e16dc35d7519808a90cc64b07267883 |
|
14-Dec-2017 |
Chenbo Feng <fengc@google.com> |
Add unit test cases for TrafficController The unit test cases use fake eBPF map to verify the behavior of TrafficController API such as tag/untag socket and set counter set. It use four temperary bpf maps to store the result of TrafficController. Bug: 30950746 Test: run netd_unit_test Change-Id: I71ad301475034986ca403a87b81b0cbfc354ae18
/system/netd/server/TrafficController.h
|
116d05553da82c68ae76144a9f6472ae6f8a3c1a |
|
05-Dec-2017 |
Chenbo Feng <fengc@google.com> |
Use netlink listener to track destroyed socket Add a netlink SkDestroyListener in TrafficController to listen to the broadcast from kernel when a inet socket get destroyed. The broadcast message contains the socket cookie of the destroyed socket and TrafficController uses it to remove the tag/uid information stored inside cookieTagMap if the process that create and tag the socket forget to untag it before closing the socket. Bug: 30950746 Test: Rewrite NativeQtaguidTest.cpp to support eBPF module. Change-Id: I46d5067c38bc3ecd6cd96db364c3897db25b4e10
/system/netd/server/TrafficController.h
|
c10a8a4537a472d37ecceaa9293bf918af88ebb5 |
|
15-Dec-2017 |
Chenbo Feng <fengc@google.com> |
Rework bpf part of traffic controller Refine the implementaion of Traffic Controller eBPF module. Fixed several typos and code style. Use unique_fd to replace all the fd involved. Move the bpf helper function to a seperate library so system server can also use it from jni code. Change the map file permission so system_server can also read it. Rework the delete tag data helper function to make it work properly. Pin the bpf program as file so netd can check if cgroup program is attached or not when restart. Test: -m CtsNetTestCases -t android.net.cts.TrafficStatsTest Bug: 30950746 Change-Id: I50fd6a091faab261880afa8e27ebb316871eb4aa
/system/netd/server/TrafficController.h
|
33cc1036b755544b825c484f2cfdfb183ecf8177 |
|
24-Oct-2017 |
Chenbo Feng <fengc@google.com> |
Add qtaguid support into TrafficController Redirect the qtaguid related request to netd TrafficController through Fwmark server. The TrafficController will handle the request differently depend on the kernel version. For now the eBPF implementation is temperarily turned of since the kernel and selinux support is not ready yet. The actaul qtaguid userspace implementation is moved to libqtaguid and TrafficController will use that library to intereact with xt_qtaguid kernel module. Test: Cts test for TrafficStats should pass Bug: 30950746 Change-Id: I6dd97da49168a4724e76537a270d10ff26991808
/system/netd/server/TrafficController.h
|
f275968b1b3499a6095d64648d16fe0dc5168c80 |
|
11-Oct-2017 |
Chenbo Feng <fengc@google.com> |
Prototype of traffic controller This is the prototype of the traffic controller service in netd module. It start when netd controller service start and load eBPF maps and programs to the kernel. Then it will attach the eBPF program to corresponding cgroup to account the data usage information. During run time, it is responsible for update socket tagging information with the kernel, read the stats data for userspace usage, and garbage collect the redundent map entries. Test: bpf program attached to cgroup Bug: 30950746 Change-Id: Ia7916a99a457fcff910725994a93a889ec6dd6be
/system/netd/server/TrafficController.h
|