useLogwrapCall = !strcmp(value, "1");
}
-int BandwidthController::runIpxtablesCmd(const char *cmd, IptRejectOp rejectHandling) {
+int BandwidthController::runIpxtablesCmd(const char *cmd, IptRejectOp rejectHandling,
+ IptFailureLog failureHandling) {
int res = 0;
ALOGV("runIpxtablesCmd(cmd=%s)", cmd);
- res |= runIptablesCmd(cmd, rejectHandling, IptIpV4);
- res |= runIptablesCmd(cmd, rejectHandling, IptIpV6);
+ res |= runIptablesCmd(cmd, rejectHandling, IptIpV4, failureHandling);
+ res |= runIptablesCmd(cmd, rejectHandling, IptIpV6, failureHandling);
return res;
}
}
int BandwidthController::runIptablesCmd(const char *cmd, IptRejectOp rejectHandling,
- IptIpVer iptVer) {
+ IptIpVer iptVer, IptFailureLog failureHandling) {
char buffer[MAX_CMD_LEN];
const char *argv[MAX_CMD_ARGS];
int argc = 0;
argv[argc] = NULL;
res = logwrap(argc, argv);
}
- if (res) {
+ if (res && failureHandling == IptFailShow) {
ALOGE("runIptablesCmd(): failed %s res=%d", fullCmd.c_str(), res);
}
return res;
int BandwidthController::runCommands(int numCommands, const char *commands[],
RunCmdErrHandling cmdErrHandling) {
int res = 0;
+ IptFailureLog failureLogging = IptFailShow;
+ if (cmdErrHandling == RunCmdFailureOk) {
+ failureLogging = IptFailHide;
+ }
ALOGV("runCommands(): %d commands", numCommands);
for (int cmdNum = 0; cmdNum < numCommands; cmdNum++) {
- res = runIpxtablesCmd(commands[cmdNum], IptRejectNoAdd);
+ res = runIpxtablesCmd(commands[cmdNum], IptRejectNoAdd, failureLogging);
if (res && cmdErrHandling != RunCmdFailureOk)
return res;
}
* This helps with netd restarts.
*/
snprintf(cmd, sizeof(cmd), "-F %s", costCString);
- res1 = runIpxtablesCmd(cmd, IptRejectNoAdd);
+ res1 = runIpxtablesCmd(cmd, IptRejectNoAdd, IptFailHide);
snprintf(cmd, sizeof(cmd), "-N %s", costCString);
- res2 = runIpxtablesCmd(cmd, IptRejectNoAdd);
+ res2 = runIpxtablesCmd(cmd, IptRejectNoAdd, IptFailHide);
res = (res1 && res2) || (!res1 && !res2);
snprintf(cmd, sizeof(cmd), "-A %s -j penalty_box", costCString);
}
snprintf(cmd, sizeof(cmd), "-D bw_INPUT -i %s --jump %s", ifn, costCString);
- runIpxtablesCmd(cmd, IptRejectNoAdd);
+ runIpxtablesCmd(cmd, IptRejectNoAdd, IptFailHide);
snprintf(cmd, sizeof(cmd), "-I bw_INPUT %d -i %s --jump %s", ruleInsertPos, ifn, costCString);
res |= runIpxtablesCmd(cmd, IptRejectNoAdd);
snprintf(cmd, sizeof(cmd), "-D bw_OUTPUT -o %s --jump %s", ifn, costCString);
- runIpxtablesCmd(cmd, IptRejectNoAdd);
+ runIpxtablesCmd(cmd, IptRejectNoAdd, IptFailHide);
snprintf(cmd, sizeof(cmd), "-I bw_OUTPUT %d -o %s --jump %s", ruleInsertPos, ifn, costCString);
res |= runIpxtablesCmd(cmd, IptRejectNoAdd);
enum NaughtyAppOp { NaughtyAppOpAdd, NaughtyAppOpRemove };
enum QuotaType { QuotaUnique, QuotaShared };
enum RunCmdErrHandling { RunCmdFailureBad, RunCmdFailureOk };
-
+#if LOG_NDEBUG
+ enum IptFailureLog { IptFailShow, IptFailHide };
+#else
+ enum IptFailureLog { IptFailShow, IptFailHide = IptFailShow };
+#endif
int maninpulateNaughtyApps(int numUids, char *appStrUids[], NaughtyAppOp appOp);
int prepCostlyIface(const char *ifn, QuotaType quotaType);
/* Runs for both ipv4 and ipv6 iptables */
int runCommands(int numCommands, const char *commands[], RunCmdErrHandling cmdErrHandling);
/* Runs for both ipv4 and ipv6 iptables, appends -j REJECT --reject-with ... */
- static int runIpxtablesCmd(const char *cmd, IptRejectOp rejectHandling);
- static int runIptablesCmd(const char *cmd, IptRejectOp rejectHandling, IptIpVer iptIpVer);
+ static int runIpxtablesCmd(const char *cmd, IptRejectOp rejectHandling,
+ IptFailureLog failureHandling = IptFailShow);
+ static int runIptablesCmd(const char *cmd, IptRejectOp rejectHandling, IptIpVer iptIpVer,
+ IptFailureLog failureHandling = IptFailShow);
+
// Provides strncpy() + check overflow.
static int StrncpyAndCheck(char *buffer, const char *src, size_t buffSize);