1. 26 Apr, 2012 1 commit
    • JP Abgrall's avatar
      bandwidthcontroller: hide iptables errors when they don't matter · ad729ac1
      JP Abgrall authored
      Some commands are run to be able to recover after failures.
      Those cleanup commands are generally allowed to fail.
      But the lower level system commands would log an error.
      Now that error is hidden if nobody will care about the result.
      A "#define LOG_NDEBUG 0" will show those failing commands.
      
      Removed leftover LOG_NDEBUG in CommandListener.
      
      Bug: 6377175
      Change-Id: I1205fb077f7d0496969bd2a0b5da42025bc5a8dc
      ad729ac1
  2. 25 Apr, 2012 1 commit
    • JP Abgrall's avatar
      bandwidthcontroller: hide iptables errors when they don't matter · 1fb02dfc
      JP Abgrall authored
      Some commands are run to be able to recover after failures.
      Those cleanup commands are generally allowed to fail.
      But the lower level system commands would log an error.
      Now that error is hidden if nobody will care about the result.
      A "#define LOG_NDEBUG 0" will show those failing commands.
      
      Removed leftover LOG_NDEBUG in CommandListener.
      
      Bug: 6377175
      Change-Id: I1205fb077f7d0496969bd2a0b5da42025bc5a8dc
      1fb02dfc
  3. 20 Apr, 2012 1 commit
    • JP Abgrall's avatar
      netd: Idletimer vs Nat vs Bandwidth controllers · 0031cead
      JP Abgrall authored
      * modified iptables users to work in controller specific custom chains.
       - each controller only works withing his own custom chains and not the
        top level ones (INPUT, OUTPUT, FORWARD, POSTROUTING,...)
       - CommandListener now invokes setupIptablesHooks() for each controller
         once. That is the only time they are allowed to access the top-level
         chains.
      
      * Added idletimer controller.
        From https://android-git.corp.google.com/g/#/c/180769/2
      
      
       - supported commands
         . ndc idletimer enable
         . ndc idletimer add <iface> <timeout>
         . ndc idletimer remove <iface> <timeout_used_during_add>
       There is a framework change elsewhere that receives netlink messages.
      Signed-off-by: default avatarAshish Sharma <ashishsharma@google.com>
      Signed-off-by: default avatarJP Abgrall <jpa@google.com>
      Change-Id: Ia57450c09166ce20f21d1e3b49047ef1e98f2a3d
      0031cead
  4. 01 Mar, 2012 1 commit
    • Robert Greenwalt's avatar
      Use the new command numbering scheme. · a8e59f8c
      Robert Greenwalt authored
      Support multiple commands on a single socket via command numbers.
      Native DaemonConnector has been changed, so we need to use it here
      too.
      
      bug:5864209
      Change-Id: I084a284db38b996e7965bb9dd18440636eff9801
      a8e59f8c
  5. 06 Jan, 2012 1 commit
  6. 05 Jan, 2012 1 commit
  7. 03 Jan, 2012 1 commit
  8. 01 Dec, 2011 1 commit
  9. 30 Nov, 2011 1 commit
  10. 17 Nov, 2011 1 commit
  11. 04 Nov, 2011 1 commit
  12. 02 Nov, 2011 1 commit
    • Robert Greenwalt's avatar
      When un-natting try to do all we can · f7bf29c8
      Robert Greenwalt authored
      Regardless of errors we should try to do as much as possible.  Sometimes
      some steps may fail if interfaces are taken down before we can un-nat them.
      
      bug:5536516
      Change-Id: I9c9b0123198dba890565e0a6e4e15add16b369c2
      f7bf29c8
  13. 25 Oct, 2011 1 commit
  14. 07 Oct, 2011 1 commit
    • JP Abgrall's avatar
      netd: bandwidth: tethering global alert support · c6c67349
      JP Abgrall authored
      Now, when nat is enabled/disabled it will let the bandwidthcontroller
      know that it might need to add/remove the matching global alert into
      the tethering rules in the FORWARD chain of iptables.
      
      Bug: 5336638
      Change-Id: I1843f3f6601f371537f754a31db792e054b36a1d
      c6c67349
  15. 29 Sep, 2011 1 commit
  16. 27 Sep, 2011 1 commit
  17. 18 Sep, 2011 1 commit
    • JP Abgrall's avatar
      netd: BandwidthController: support reading out tethering stats · db7da58e
      JP Abgrall authored
      * Add
        ndc bandwidth gettetherstats <ifaceIn> <ifaceOut>
      which returns
        221  ifaceIn ifaceOut rx_bytes rx_packets tx_bytes tx_packets
      If the iface pair is not found it will fail.
      
      221 is the new response code for TetheringStatsResult.
      It gets the stats by looking at the iptables FORWARD chain's counters.
      
      * Fixed return handling after some of the responses.
        - no need for errorno
        - after ResponseCode >= 200, don't return another.
      
      * Correctly initialize the alert values on "bandwidth enable"
      
      Bug: 5244846,5230066
      Change-Id: I81c941441525fa4055ae270d5cad05e6c42b8f72
      db7da58e
  18. 14 Sep, 2011 1 commit
  19. 03 Sep, 2011 1 commit
    • Irfan Sheriff's avatar
      Avoid setting prefix length for 0.0.0.0 address · ab374f42
      Irfan Sheriff authored
      The ioctl to set netmask fails when the interface address is 0.0.0.0.
      The kernel always keeps the netmask as 0 when the address is 0.0.0.0.
      Avoid making a call to prefix length when address is 0.0.0.0
      
      Bug: 5255172
      Change-Id: Id32f7823b2230fb9ac7cd45b0df1951f11338112
      ab374f42
  20. 25 Jul, 2011 1 commit
  21. 20 Jul, 2011 1 commit
    • JP Abgrall's avatar
      netd: bandwidthcontroler: add support for alerts via iptables' quota2 log messages · 8a932722
      JP Abgrall authored
      * Fix quota2 updating. The old insert-new/delete-old scheme doesn't work as the kernel
       keeps the old counter assigned to the new rule.
      
      * Add support for setting dummy quotas used only for alerts.
      
      This needs:
       - new kernel with quota2 changes that support logging via NETLINK's
         NETLINK_NFLOG family.
       - NetlinkManager support for receiving the events.
       - java land handler for these new events.
      
      * new commands
        - add/remove a dummy quota to generate an alert after <bytes> are seen including loopback.
          alerts are only triggered once.
          . ndc bandwidth setglobalalert <bytes>
             calling it multiple times, just re-arms the alert for the specified number of bytes.
              Use "ndc bandwidth getiquota singleAlert" to get what is left.
          . ndc bandwidth removeglobalalert
        - add/remove alert on a shared quota (similar accounting as shared quota)
          . ndc bandwidth setsharedalert <bytes>
              Requires that a shared quota already exist.
          . ndc bandwidth removesharedalert
              Removing the last of the shared quotas will remove the matching alert.
        - add/remove alert on an interface (similar accounting as interface quota)
          . ndc bandwidth setinterfacealert <iface> <bytes>
              Requires that a interface quota already exist.
          . ndc bandwidth removeinterfacealert <iface>
              Removing the interface quota will remove the matching alert.
        - get the quotas and alert leftovers
         . ndc bandwidth getquota
            shared quota leftover
         . ndc bandwidth getiquota <quota_name_or_iface>
            iface specific quota leftover
            Can be used to read-out alerts. E.g.
              setglobalalert 12345 -> getiquota globalAlert
              setsharedalert 12345 -> getiquota sharedAlert
              setinterfacealert iface0 12345 -> getiquota iface0Alert
      
      Change-Id: Iea9698b9d20e713281755dac32b4772a6cf0e84e
      8a932722
  22. 24 Jun, 2011 2 commits
    • JP Abgrall's avatar
      BandwidthController: cleanup ipv4/v6, set/remove multiple quotas. · 0dad7c2f
      JP Abgrall authored
      Regroup the ipv4/ipv6 choice deeper down to avoid copypasted code.
      Shared quota accross ifaces.
      Single quota per ifaces.
      
      Nothing preventing an iface from have a single and shared quota.
      Might be close to having a working combination.
      
      Added commands:
       - shared quota
        ndc bandwidth setquotas <quotaBytes> <iface> ...
        ndc bandwidth setquota <iface> <quotaBytes>
        ndc bandwidth removequota <iface>
        ndc bandwidth removequotas <iface> ...
      
       - quota per iface
        ndc bandwidth setiquota <iface> <quotaBytes>
        ndc bandwidth removeiquota <iface>
      
      Change-Id: I370d223da3c8b6e16e8d0a455309ae9e0756a721
      0dad7c2f
    • JP Abgrall's avatar
      netd:bandwidth: initial pass at app-rules, and some ipv6. · fa6f46d3
      JP Abgrall authored
      Adds initial per-app penalty box rules, and prepares for
      handling per iface quota.
      
      The following commands work:
      
      * penalty box
      
      ndc bandwidth addnaughtyapps <uid> ...
      ndc bandwidth removenaughtyapps <uid> ...
      
      * Shared quota
      
       - add (updates the bytes, if they differ from last time)
      
      ndc bandwidth setquota <iface> <bytes>
      ndc bandwidth setquota <iface1> <bytes>
      ndc bandwidth setquota <iface2> <bytes>
      
        - remove
      ndc bandwidth removequota <iface>
      [ oldschool: ndc bandwidth setquota <iface> -1 ]
      
      Change-Id: Ibefc16e81c7713feb47577a9687dcd032dedf06e
      fa6f46d3
  23. 18 Jun, 2011 1 commit
  24. 17 Jun, 2011 1 commit
  25. 16 Jun, 2011 1 commit
    • JP Abgrall's avatar
      system/netd: bandwidth management initial support (uid+tag stats) · 4a5f5ca3
      JP Abgrall authored
      This is a minimalistic version to get accounting of data going
      through tagged socket per uid.
      
      When netd starts up the BandwidthController, it will look at the
      properties for
         persist.bandwidth.enable=1
      and enabled it.
      
      It needs the kernel with the xt_qtaguid + iptables/netfilter goodness.
      stlport is ok to use.
      
      The "owner" netfilter module used is actually our xt_qtaguid that acts as it
      (just until we get around to talking directly the to kernel).
      
      Once
        "ndc bandwidth enable"
      is invoked all traffic is counted against the UIDs receiving/sending it.
      This allows BlockGuard.java to "tag" sockets and see stats for the tags.
      
      Data shows up in
        /proc/net/xt_qtaguid/stats
      
        /proc/net/xt_qtaguid/iface_stat/<iface>/
           rx_packets_tcp
           rx_bytes_tcp
           ...
      There is no <uid>/...
      
      Supported commands:
       - "ndc bandwidth enable"
         will setup the needed iptable entries to track tag/uid.
       - "ndc bandwidth disable"
         will remove the iptable entries.
       - "ndc bandwidth setquota <iface> <value>"
         will set a quota on the iface.
         Once quota is reached, packets are rejected.
         With the correct kernel, rejects are turned in socket errors.
      
      TODO
      ----
       * make bandwidth controller cooperate with tethering.
         - they both manipulate the iptables.
      
      Change-Id: Ieb9e7c60ef8c974e99828f7833065d59b2922bf3
      4a5f5ca3
  26. 12 May, 2011 1 commit
    • Robert Greenwalt's avatar
      Add v4/v6 route add/remove to netd. · e019b659
      Robert Greenwalt authored
      Now we can move this out of the framework.
      Also adds v6 support and explicit route removal (rather than the big hammer of "remove all").
      
      Change-Id: Ia7f1b12b2175c566c4906064796131a2f7e81466
      e019b659
  27. 29 Apr, 2011 1 commit
    • Mattias Falk's avatar
      Add ResolverController class · 89c1e975
      Mattias Falk authored
      Added a ResolverController class that handles
      the communication with the dns resolver in
      netd.
      
      Change-Id: I0f71bd516109fd942e68b3400666c7a859228372
      89c1e975
  28. 08 Mar, 2011 1 commit
  29. 01 Feb, 2011 1 commit
  30. 17 Nov, 2010 1 commit
  31. 23 Apr, 2010 1 commit
    • Robert Greenwalt's avatar
      Fix the reading of /proc/net/dev · 651417c7
      Robert Greenwalt authored
      When the bytes received counter gets too big it changes format from
      name:  10 ...
      name: 100 ...
      name:1000 ...
      
      The last one means sscanf can't parse a string and a long seperately - you
      just get a string.  Fixed by detecting a char after ':', splitting the name
      and reparsing the long.
      
      bug:2612082
      Change-Id: I84e41da1e38d24ea61f996ede9c87769abba5d22
      651417c7
  32. 14 Apr, 2010 1 commit
    • Robert Greenwalt's avatar
      Don't make such noise when ppp0 is unavailable. · 31c61c80
      Robert Greenwalt authored
      On sholes ppp0 comes and goes with wifi and net availability.  We don't want our traffic
      poller to have to care (and deal with race conditions) so just don't make so much noise
      if we try to read the traffic data for a non-existing iface.
      
      bug:2576057
      Change-Id: I8c1d721e7afc288b08cffb79f8f52f6cab55c88b
      31c61c80
  33. 07 Apr, 2010 1 commit
  34. 03 Apr, 2010 1 commit
  35. 01 Apr, 2010 1 commit
  36. 24 Mar, 2010 1 commit
  37. 12 Mar, 2010 2 commits
  38. 24 Feb, 2010 1 commit