BandwidthController: reject with port-unreachable to prevent TCP retries.

Currently the bandwidth controller will cut off traffic via an ICMP
destination unreachable message with code "administratively prohibited".
TCP's RFC1122 does not explicitly say what to do with it, but it does say
to abort the transmission when "port-unreachable" is seen.

Some servers keep on retrying with the "prohibited" ICMP message which
keeps the radio longer awake as more packets come in.

Bug: 9150002
Change-Id: I6eb1c3ae41c3890f26581a4b7464821b7ffb85f4

diff --git a/BandwidthController.cpp b/BandwidthController.cpp
index f720e0c..277f320 100644 (file)
--- a/BandwidthController.cpp
+++ b/BandwidthController.cpp
@@ -168,15 +168,12 @@ int BandwidthController::runIptablesCmd(const char *cmd, IptRejectOp rejectHandl
     std::string fullCmd = cmd;
 
     if (rejectHandling == IptRejectAdd) {
-        fullCmd += " --jump REJECT --reject-with";
-        switch (iptVer) {
-        case IptIpV4:
-            fullCmd += " icmp-net-prohibited";
-            break;
-        case IptIpV6:
-            fullCmd += " icmp6-adm-prohibited";
-            break;
-        }
+        /*
+         * Must be carefull what one rejects with, as uper layer protocols will just
+         * keep on hammering the device until the number of retries are done.
+         * For port-unreachable (default), TCP should consider as an abort (RFC1122).
+         */
+        fullCmd += " --jump REJECT";
     }
 
     fullCmd.insert(0, " ");