Skip to content

GitLab

Switch branch/tag
  1. 15 Apr, 2016 2 commits
    • Lorenzo Colitti's avatar
      Netd metrics logging for DNS queries · 6c97716e
      Lorenzo Colitti authored 
      This CL defines a new IDnsEventListener interface and instruments
DnsProxyListener to send log events to it after every DNS query.

Bug: 28204408
Change-Id: I7ef09d8fac2a583fb3dc8e392c4fff5649258b28
      6c97716e
    • Lorenzo Colitti's avatar
      Move the Stopwatch class to NetdConstants. · 699aa99d
      Lorenzo Colitti authored 
      Also implement TimedOperation by subclassing Stopwatch, since
it essentially does the same thing.

Change-Id: I68febcf1caa8a00b548790f9e3ccc10836877639
      699aa99d
  3. 14 Apr, 2016 2 commits
    • TreeHugger Robot's avatar
      Merge "Kill sockets when a VPN comes up." into nyc-dev · 3b37a478
      TreeHugger Robot authored
      3b37a478
    • Lorenzo Colitti's avatar
      Kill sockets when a VPN comes up. · fff4bd31
      Lorenzo Colitti authored 
      1. Change the SockDiag callback function to be a filter that
   returns a bool instead of a function that optionally kills a
   socket. All existing callbacks basically only existed to kill
   sockets under certain conditions, and making them return a
   boolean allows reusing the same callback function signature
   to filter sockets as well.
2. Add a new SockDiag method to kill sockets based on a UidRanges
   object (which contains a number of UID ranges) and a list of
   users to skip.
3. Add a new UIDRANGE mode to SockDiagTest to test the above.
4. When UID ranges are added or removed from the VPN, kill
   sockets in those UID ranges unless the socket UIDs are in
   mProtectableUsers and thus their creator might have set the
   protect bit on their mark.  Short of actually being
   able to see the socket mark on each socket and basing our
   decision on that, this is the best we can do.

Bug: 26976388
Change-Id: I53a30df3feb63254a6451a29fa6041c9b679f9bb
      fff4bd31
  5. 12 Apr, 2016 1 commit
  7. 11 Apr, 2016 1 commit
  9. 08 Apr, 2016 2 commits
  11. 07 Apr, 2016 1 commit
  13. 06 Apr, 2016 3 commits
  15. 31 Mar, 2016 3 commits
  17. 30 Mar, 2016 2 commits
  19. 28 Mar, 2016 2 commits
    • Lorenzo Colitti's avatar
      Move iptables test code to a new IptablesBaseTest class. · 0f15055b
      Lorenzo Colitti authored 
      Bug: 25691379
Bug: 21725996
Change-Id: Ia0598e60ad24714d53470e05849929831ba9dbf6
      0f15055b
    • Lorenzo Colitti's avatar
      Use iptables-restore in BandwidthController startup. · 13debb89
      Lorenzo Colitti authored 
      This saves approximately 800ms on boot.

From the perspective of the rules, this change is a no-op. As the
unit test shows, the commands are the same, though some are in a
slightly different order because iptables-restore requires that
COMMIT be called between different tables (e.g., filter and
mangle).

For simplicity, enableBandwidthControl runs two iptables-restore
commands instead of one. This is not semantically different from
the previous code because the previous code just ran iptables
commands one by one, which provides no atomicity. Running two
commands is a bit slower than running one, but it's still much
faster than using iptables.

Using iptables-restore allows us to do things like ":<chain> -",
which both creates the chain (if it does not already exist) and
flushes it. This allows us to remove IPT_CLEANUP_COMMANDS and
IPT_SETUP_COMMANDS. Those two sets of commands, which basically
just did "-X bw_<foo>" and "-N bw_<foo>" were only necessary
because the preceding "-F bw_<foo>" command would not create
bw_<foo> if it did not already exist (e.g. in setupIptablesHooks,
which runs on netd startup).

Bug: 21725996
Change-Id: I6656aed4287dfcb2311c94800f430c143fb0b1a5
      13debb89
  21. 27 Mar, 2016 2 commits
    • Lorenzo Colitti's avatar
      Add more test coverage for BandwidthController. · a0dc8a54
      Lorenzo Colitti authored 
      Bug: 25691379
Bug: 21725996
Change-Id: I196f568221b3bad98ba2d60e019c2b24c59a9cbc
      a0dc8a54
    • Lorenzo Colitti's avatar
      Attempt to make data saver mode work for real. · 464eabec
      Lorenzo Colitti authored 
      The data saver refactoring change was incorrect in >= two ways:

1. It relied on the bw_costly_shared chain, which is currently
   unused. NetworkManagementService just has a "TODO: support
   quota shared across interfaces" comment about it. What
   actually happens when setting quota is that each costly
   interface chain (e.g., bw_costly_rmnet_data0) directly hooks
   in the bw_penalty box chain.

2. Implementing app whitelisting using "RETURN" inside
   bw_happy_box was pointless because if data saver was enabled,
   there was a REJECT at the end of the bw_costly_shared chain
   that it was returning to.

Instead, go back to the previous approach which hooked
bw_happy_box at the end of bw_penalty_box. Also, add an
additional bw_data_saver rule at the end of bw_happy_box.
bw_data_saver only contains one rule: RETURN if data saver is
enabled or REJECT if data saver is disabled.

That way:

1. If the app is blacklisted, bw_penalty_box REJECTs. If not:
2. If the app is whitelisted (system apps are always whitelisted)
   bw_happy_box RETURNs to bw_costly_rmnet_data0, skipping
   bw_data_saver.
3. If an app is neither blacklisted nor whitelisted, bw_happy_box
   jumps to bw_data_saver. If data saver is enabled, it REJECTs
   the packet, and if not, it RETURNs to bw_costly_rmnet_data0.
4. When we RETURN to bw_costly_rmnet_data0, either because the
   app is whitelisted, or because data saver is off,
   bw_costly_rmnet_data0 applies mobile data usage limits,
   and then RETURNs to bw_OUTPUT, which calls xt_qtaguid, etc.

Bug: 26685616
Bug: 27506285
Change-Id: If15397afde6862d95827a1fdd30f60efd7fab66a
      464eabec
  23. 25 Mar, 2016 1 commit
  25. 24 Mar, 2016 1 commit
  27. 23 Mar, 2016 1 commit
  29. 22 Mar, 2016 5 commits
    • Lorenzo Colitti's avatar
      Merge changes I149ccda5,I4457abd4,I67bff7c3,Ie15b0775,I8dd9fc60 into nyc-dev · 7fa41f33
      Lorenzo Colitti authored 
      * changes:
  Stop using SIOCKILLADDR in netd.
  Add a rudimentary unit test for BandwidthController.
  Slightly restructure the data saver iptables rules.
  Remove the ability to enable/disable the happy box.
  Don't keep naughty/nice app state in BandwidthController.
      7fa41f33
    • Lorenzo Colitti's avatar
      Stop using SIOCKILLADDR in netd. · 29ca4e04
      Lorenzo Colitti authored 
      SOCK_DESTROY is now supported in all N device kernels.

Bug: 26976388
Change-Id: I149ccda56edacac28602daddb01b5fd0222d5fb0
      29ca4e04
    • Lorenzo Colitti's avatar
      Add a rudimentary unit test for BandwidthController. · 86a47982
      Lorenzo Colitti authored 
      Bug: 26685616
Bug: 27506285
Change-Id: I4457abd43697a0425f167b81c1432d743800abb8
      86a47982
    • Lorenzo Colitti's avatar
      Slightly restructure the data saver iptables rules. · 7618ccb3
      Lorenzo Colitti authored 
      1. Make bw_costly_shared jump to bw_happy_box after
   bw_penalty_box. This allows the framework to manipulate
   whitelists and blacklists independently.
2. Make bw_happy box always whitelist system apps. Because
   bw_penalty_box is consulted before bw_happy_box, the
   framework can always blacklist certain system apps (e.g.,
   the media server) by putting them in the blacklist.
3. Add a method to add/remove a reject at the end of
   bw_costly_shared. This will allow the framework to
   enable/disable data saver by changing only one rule.

Bug: 26685616
Bug: 27506285
Change-Id: I67bff7c3c9ff5eb3f84fb84550cdf49f153e1b68
      7618ccb3
    • Erik Kline's avatar
      Add initial dump() method to NetdNativeService · 2d3a1634
      Erik Kline authored 
      This is called by "dumpsys netd".

Bug: 27239233
Change-Id: I27fb308f8067243ff241a6f8fd6a83f406087d2a
      2d3a1634
  31. 21 Mar, 2016 1 commit
  33. 18 Mar, 2016 2 commits
  35. 17 Mar, 2016 1 commit
    • Lorenzo Colitti's avatar
      Start NetdNativeService before CommandListener. · e4851ded
      Lorenzo Colitti authored 
      Starting CommandListener tells NetworkManagementService that netd
is ready to accept commands. Ensure that the binder service is
started (i.e., we have called startThreadPool) before we do this.

Bug: 27239233
Change-Id: Ica89e72f51eb4752cb5cea2e4096c6a9dc5776d7
      e4851ded
  37. 14 Mar, 2016 2 commits
  39. 09 Mar, 2016 1 commit
  41. 02 Mar, 2016 4 commits