OSDN Git Service
Robert Greenwalt [Fri, 18 Nov 2011 23:32:13 +0000 (15:32 -0800)]
Fix some syntax issues with IP command.
Was not building secondary tables properly. Also IPv6 host routes
were failing.
bug:
5615697
Change-Id: I0d5ad2ed7d13e4d5bd8c2f8ce15fc0ccb36a4690
Robert Greenwalt [Wed, 2 Nov 2011 23:48:36 +0000 (16:48 -0700)]
Start using IP tool for advanced routing.
bug:
5495862
bug:
5396842
Change-Id: I51f21060947f57e63b18c4d35e9d49fac488d48a
Robert Greenwalt [Wed, 2 Nov 2011 05:07:28 +0000 (22:07 -0700)]
When un-natting try to do all we can
Regardless of errors we should try to do as much as possible. Sometimes
some steps may fail if interfaces are taken down before we can un-nat them.
bug:
5536516
Change-Id: I9c9b0123198dba890565e0a6e4e15add16b369c2
Irfan Sheriff [Wed, 26 Oct 2011 03:37:18 +0000 (20:37 -0700)]
Use CCMP for WPA2 mode
TKIP+CCMP for WPA and the secure CCMP for WPA2
Bug:
5515097
Change-Id: I877d1f4075c3df83149aca23b59c285d2fe093e1
JP Abgrall [Fri, 7 Oct 2011 23:28:54 +0000 (16:28 -0700)]
netd: bandwidth: tethering global alert support
Now, when nat is enabled/disabled it will let the bandwidthcontroller
know that it might need to add/remove the matching global alert into
the tethering rules in the FORWARD chain of iptables.
Bug:
5336638
Change-Id: I1843f3f6601f371537f754a31db792e054b36a1d
repo sync [Thu, 29 Sep 2011 23:10:42 +0000 (16:10 -0700)]
Add support to disable/enable ipv6
Bug:
5388757
Change-Id: I0506254948477cbff05603faed625cc73d94d777
Lorenzo Colitti [Tue, 27 Sep 2011 18:10:46 +0000 (11:10 -0700)]
Move the code to delete IP addresses to ifc_utils.
Change-Id: I04c8de503229d1dce6bd08c286b7017eaea11039
JP Abgrall [Sun, 18 Sep 2011 19:57:32 +0000 (12:57 -0700)]
netd: BandwidthController: support reading out tethering stats
* Add
ndc bandwidth gettetherstats <ifaceIn> <ifaceOut>
which returns
221 ifaceIn ifaceOut rx_bytes rx_packets tx_bytes tx_packets
If the iface pair is not found it will fail.
221 is the new response code for TetheringStatsResult.
It gets the stats by looking at the iptables FORWARD chain's counters.
* Fixed return handling after some of the responses.
- no need for errorno
- after ResponseCode >= 200, don't return another.
* Correctly initialize the alert values on "bandwidth enable"
Bug:
5244846,
5230066
Change-Id: I81c941441525fa4055ae270d5cad05e6c42b8f72
Irfan Sheriff [Wed, 14 Sep 2011 22:03:21 +0000 (15:03 -0700)]
Merge "Netd comand to change IPv6 privacy extensions"
Irfan Sheriff [Wed, 14 Sep 2011 19:32:47 +0000 (12:32 -0700)]
Netd comand to change IPv6 privacy extensions
Bug:
3360737
Change-Id: Ifa13c425c6168acdd01600d49c1fb52288c60d3c
JP Abgrall [Thu, 8 Sep 2011 20:44:10 +0000 (13:44 -0700)]
netd: BandwidthController: exclude loopback in all alert rules.
Have the alerts explicitly request "not loopback".
Change-Id: I7a569292e630c2b8ec76489643741f53ab85b84e
Irfan Sheriff [Sat, 3 Sep 2011 00:34:12 +0000 (17:34 -0700)]
Avoid setting prefix length for 0.0.0.0 address
The ioctl to set netmask fails when the interface address is 0.0.0.0.
The kernel always keeps the netmask as 0 when the address is 0.0.0.0.
Avoid making a call to prefix length when address is 0.0.0.0
Bug:
5255172
Change-Id: Id32f7823b2230fb9ac7cd45b0df1951f11338112
JP Abgrall [Thu, 11 Aug 2011 22:34:49 +0000 (15:34 -0700)]
netd: all: use system() instead of logwrap() for now.
The logwrapper uses a blocking read() which does not always
correctly detect when the child process at the other end is gone.
This is a quick workaround for http://b/
5144246
A cleaner logwrapper parent() will follow.
Add support for BandwidthController() to use either system() or
logwrap(). It looks at "persist.bandwidth.uselogwrap" to be 0 or 1.
Change-Id: I2d17732214f1a7fef6838eee05d827695b707ab0
Signed-off-by: JP Abgrall <jpa@google.com>
Robert Greenwalt [Thu, 4 Aug 2011 01:16:41 +0000 (18:16 -0700)]
am
e98a5816: am
6e4d5db1: Fix two error-case unwinders.
* commit '
e98a581641a233fd048bf76f68650b627ef546e5':
Fix two error-case unwinders.
Robert Greenwalt [Thu, 4 Aug 2011 00:14:40 +0000 (17:14 -0700)]
am
6e4d5db1: Fix two error-case unwinders.
* commit '
6e4d5db1b11f808bb4bdcc8dd45a7158c6c88515':
Fix two error-case unwinders.
Robert Greenwalt [Wed, 3 Aug 2011 23:51:30 +0000 (16:51 -0700)]
Fix two error-case unwinders.
Noticed by moto, I missed to calls to actually do the unwinding.
Change-Id: Ie4da4979a3ad0eedcb6d468fecdff6614b1819bd
Robert Greenwalt [Tue, 2 Aug 2011 20:28:54 +0000 (13:28 -0700)]
am
69a5b777: am
ddb9f6eb: Add DROP rule for INVALID packets.
* commit '
69a5b7777f67f6d5ad9dbd33758332c7b0104613':
Add DROP rule for INVALID packets.
Robert Greenwalt [Tue, 2 Aug 2011 20:08:17 +0000 (13:08 -0700)]
am
ddb9f6eb: Add DROP rule for INVALID packets.
* commit '
ddb9f6eb8d8c35f46c1e3da68f375b85903e85c9':
Add DROP rule for INVALID packets.
Robert Greenwalt [Tue, 2 Aug 2011 20:00:11 +0000 (13:00 -0700)]
Add DROP rule for INVALID packets.
bug:
5094583
Change-Id: Ib942c557e7f2694b6ee18cc6562df597165894ce
Dmitry Shmidt [Mon, 1 Aug 2011 23:03:11 +0000 (16:03 -0700)]
Merge "softap: Increase delay after driver start to 800 ms (from 400)"
Dmitry Shmidt [Mon, 1 Aug 2011 22:33:18 +0000 (15:33 -0700)]
softap: Increase delay after driver start to 800 ms (from 400)
Workaround to avoid __nl80211_set_channel() to fail
Change-Id: I710f18c66cff66413f7133d65b2adcf53d67a8e7
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Wink Saville [Fri, 29 Jul 2011 23:56:18 +0000 (16:56 -0700)]
am
51c1ce04: (-s ours) am
4309f87d: DO NOT MERGE: Update OEM iptable hooks and ip fwd
* commit '
51c1ce04e8b16f29aa8d9727e65263d8f590c543':
DO NOT MERGE: Update OEM iptable hooks and ip fwd
Wink Saville [Fri, 29 Jul 2011 23:54:53 +0000 (16:54 -0700)]
am
4309f87d: DO NOT MERGE: Update OEM iptable hooks and ip fwd
* commit '
4309f87d5baa54a2741f35e0cb09959c55ff1ab6':
DO NOT MERGE: Update OEM iptable hooks and ip fwd
Wink Saville [Fri, 29 Jul 2011 22:25:24 +0000 (15:25 -0700)]
DO NOT MERGE: Update OEM iptable hooks and ip fwd
This is a squash of two changes from partner repo:
Clean up OEM iptables hooks
Id: Ife7a1c08ca88beba2dede776d2e4dd6097dad05a
And
Add hooks for OEM iptables rules and IP fwd
- Useful for integrating peripherals that use IP for control and
diagnostics.
- Add hooks for specifying static iptables rules at startup.
- Add system prop to keep IP forwarding enabled all the time.
- Remove the ro.bootmode=bp-tools hacks.
Id: Ic70d4c88179c530414505976193bf616037500a6
Bug:
5045218
Change-Id: I4229d3576426880b68ac448f9fbb67f2f8f304a0
JP Abgrall [Thu, 28 Jul 2011 22:03:32 +0000 (15:03 -0700)]
Merge "netd: NetlinkManager: don't fail if NETLINK_NFLOG socket is not there."
JP Abgrall [Wed, 27 Jul 2011 01:37:02 +0000 (18:37 -0700)]
am
59da4baf: (-s ours) am
b725a59f: Merge "DO NOT MERGE: NatController: remove flushing the INPUT/OUTPUT tables." into honeycomb-LTE
* commit '
59da4baf881d7f5e2ae82bead547766cbf2c9710':
DO NOT MERGE: NatController: remove flushing the INPUT/OUTPUT tables.
Robert Greenwalt [Wed, 27 Jul 2011 01:37:00 +0000 (18:37 -0700)]
am
7d8c2811: am
a45de8a8: Add dns proxy controls from opensource.
* commit '
7d8c2811e3604acfd6acfd2f7022919a633b394f':
Add dns proxy controls from opensource.
JP Abgrall [Wed, 27 Jul 2011 01:09:27 +0000 (18:09 -0700)]
am
b725a59f: Merge "DO NOT MERGE: NatController: remove flushing the INPUT/OUTPUT tables." into honeycomb-LTE
* commit '
b725a59f3e45de8fcd3c01c512c94ba665acb992':
DO NOT MERGE: NatController: remove flushing the INPUT/OUTPUT tables.
JP Abgrall [Wed, 27 Jul 2011 01:04:49 +0000 (18:04 -0700)]
Merge "DO NOT MERGE: NatController: remove flushing the INPUT/OUTPUT tables." into honeycomb-LTE
JP Abgrall [Tue, 26 Jul 2011 22:36:40 +0000 (15:36 -0700)]
netd: NetlinkManager: don't fail if NETLINK_NFLOG socket is not there.
Some kernels used with ICS do not have the needed modules (quota2
with NFLOG support).
For those, we just don't allow NFLOG which will cripple quota alerts.
This is a temp workaround until kernels are prebuilts.
Change-Id: I403ba894aefb67996d791bd06055b8fec97d1407
Signed-off-by: JP Abgrall <jpa@google.com>
Robert Greenwalt [Tue, 26 Jul 2011 20:24:45 +0000 (13:24 -0700)]
am
a45de8a8: Add dns proxy controls from opensource.
* commit '
a45de8a8d4def24fbcc21602400214b5ca7ffad1':
Add dns proxy controls from opensource.
JP Abgrall [Thu, 23 Jun 2011 01:50:04 +0000 (18:50 -0700)]
DO NOT MERGE: NatController: remove flushing the INPUT/OUTPUT tables.
DO NOT MERGE: cherry-pick from master, as oem's will be updating this
file in HC.
It doesn't use them, so it should not have to flush them.
This is a minimalistic attempt to cooperate with the BandwidthController.
Change-Id: Ia175a86403adf034ac6f44d7ebc4ebe941881368
Robert Greenwalt [Mon, 25 Jul 2011 23:53:52 +0000 (16:53 -0700)]
Add dns proxy controls from opensource.
Port of change 22099 from the opensource.
bug:
5060618
Change-Id: Ic99345881fcb30c6f1d5545a32401e6ada865d78
Dmitry Shmidt [Mon, 25 Jul 2011 17:51:56 +0000 (10:51 -0700)]
wifi: Ensure that entropy file exists
Change-Id: Ib5ea7a6767a4ab7c4244bfc27248ee04340018a7
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
JP Abgrall [Mon, 25 Jul 2011 17:15:46 +0000 (10:15 -0700)]
Merge "netd: NetlinkManager: add support receiving quota2 log messages"
JP Abgrall [Mon, 25 Jul 2011 17:15:24 +0000 (10:15 -0700)]
Merge "netd: bandwidthcontroler: add support for alerts via iptables' quota2 log messages"
Dmitry Shmidt [Mon, 25 Jul 2011 00:13:17 +0000 (17:13 -0700)]
Merge "softap: Add P2P option to fwreload command"
Dmitry Shmidt [Sun, 24 Jul 2011 23:46:13 +0000 (16:46 -0700)]
softap: Add P2P option to fwreload command
Change-Id: I6fced56a6baa71a1d1fefe35832a43879ed12501
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Irfan Sheriff [Fri, 22 Jul 2011 22:20:21 +0000 (15:20 -0700)]
Add config update support for hostapd
Additional fixes:
Fix putting hostapd in daemon mode which results in init taking it over
and failure to stop
Also fix security check
Bug:
5069108
Change-Id: Ie0e2f975516975d270e48c9081480d85e201251f
Dmitry Shmidt [Fri, 22 Jul 2011 18:12:58 +0000 (11:12 -0700)]
Merge "softap: Add hostapd support if BOARD_HOSTAPD_DRIVER is set"
JP Abgrall [Fri, 22 Jul 2011 00:21:49 +0000 (17:21 -0700)]
netd: NetlinkManager: add support receiving quota2 log messages
NetlinkManager, NetlinkHandler
. added support for netlink's NETLINK_NFLOG family used by the updated xt_quota2.
. it pushes the event all the wait to NetworkManagementService.java
"linit alert <alert_name> <iface_name>"
This needs:
- new kernel with quota2 changes that support logging via NETLINK's
NETLINK_NFLOG family.
- BandwidthController changes that setup the alerts.
- system core NetlinkEvent that recognizes the NFLOG messages.
- java land NetworkManagementService changes.
Change-Id: Id5b1026c6002803b5a1c0c7623cf7b1961de9802
Dmitry Shmidt [Thu, 21 Jul 2011 22:16:04 +0000 (15:16 -0700)]
softap: Add hostapd support if BOARD_HOSTAPD_DRIVER is set
Change-Id: Ic1d8e46edc351f8dd36f30abe957d536cf491164
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
JP Abgrall [Thu, 14 Jul 2011 02:17:35 +0000 (19:17 -0700)]
netd: bandwidthcontroler: add support for alerts via iptables' quota2 log messages
* Fix quota2 updating. The old insert-new/delete-old scheme doesn't work as the kernel
keeps the old counter assigned to the new rule.
* Add support for setting dummy quotas used only for alerts.
This needs:
- new kernel with quota2 changes that support logging via NETLINK's
NETLINK_NFLOG family.
- NetlinkManager support for receiving the events.
- java land handler for these new events.
* new commands
- add/remove a dummy quota to generate an alert after <bytes> are seen including loopback.
alerts are only triggered once.
. ndc bandwidth setglobalalert <bytes>
calling it multiple times, just re-arms the alert for the specified number of bytes.
Use "ndc bandwidth getiquota singleAlert" to get what is left.
. ndc bandwidth removeglobalalert
- add/remove alert on a shared quota (similar accounting as shared quota)
. ndc bandwidth setsharedalert <bytes>
Requires that a shared quota already exist.
. ndc bandwidth removesharedalert
Removing the last of the shared quotas will remove the matching alert.
- add/remove alert on an interface (similar accounting as interface quota)
. ndc bandwidth setinterfacealert <iface> <bytes>
Requires that a interface quota already exist.
. ndc bandwidth removeinterfacealert <iface>
Removing the interface quota will remove the matching alert.
- get the quotas and alert leftovers
. ndc bandwidth getquota
shared quota leftover
. ndc bandwidth getiquota <quota_name_or_iface>
iface specific quota leftover
Can be used to read-out alerts. E.g.
setglobalalert 12345 -> getiquota globalAlert
setsharedalert 12345 -> getiquota sharedAlert
setinterfacealert iface0 12345 -> getiquota iface0Alert
Change-Id: Iea9698b9d20e713281755dac32b4772a6cf0e84e
JP Abgrall [Thu, 30 Jun 2011 02:23:04 +0000 (19:23 -0700)]
netd: bandwidthcontroller: use named quotas (via quota2)
Replace using the "quota" with "quota2".
Quota2 is SMP-safe, and allows sharing a quota between protocols.
Bug:
4646092
Change-Id: I69b1dd6d2c5c3b39cf0df175369ae5a28843d489
Signed-off-by: JP Abgrall <jpa@google.com>
Dmitry Shmidt [Tue, 19 Jul 2011 20:55:25 +0000 (13:55 -0700)]
Softap: Use wifi_get_fw_path() instead of predefined path
Change-Id: I75d01f2d5a07298e53638aea2431030ca07fd458
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
The Android Open Source Project [Mon, 18 Jul 2011 15:10:22 +0000 (08:10 -0700)]
Reconcile with gingerbread-release
Change-Id: I7ecfd1052c530b417f300e91c7ee28d1920dce2b
Jeff Brown [Tue, 12 Jul 2011 05:12:35 +0000 (22:12 -0700)]
Remove the simulator target from all makefiles.
Bug:
5010576
Change-Id: I1ef5377c66e08b450a4a40195b8fe29a8037a8be
android-merger [Fri, 8 Jul 2011 19:28:16 +0000 (12:28 -0700)]
reset, and keep history
The Android Open Source Project [Thu, 7 Jul 2011 22:22:41 +0000 (15:22 -0700)]
Reconcile with gingerbread-release
Change-Id: I5a9cde4afd6b2bc4a02eda27c9d919ebfd322d1d
android-merger [Thu, 7 Jul 2011 21:53:06 +0000 (14:53 -0700)]
Revert "netd: Enable the SO_PASSCRED socket option"
This reverts commit
79b579c92afc08ab12c0a5788d61f2dd2934836f.
JP Abgrall [Thu, 30 Jun 2011 02:21:58 +0000 (19:21 -0700)]
bandwidthcontroller: brute-force cleanup to catch costly_<iface> chains.
To help with development, where re-enable is used as a cleanup mechanism
we no remove ALL user chains.
Normally we only expect
costly, penalty_box, and costly_<iface>.
If in the future we have more chains outside of those, this will need
revisiting.
Change-Id: I45e504bc1fe4ad973c00308967a474c73e959666
JP Abgrall [Wed, 29 Jun 2011 22:46:45 +0000 (15:46 -0700)]
netd: bandwidthcontroller: fix removeiquota. remove excessive LOGD.
When doing
ndc bandwidth setiquota rmnet0 1235
ndc bandwidth removeiquota rmnet0
the remove would not cleanup the costly_rmnet0 chain.
Bug:
4975613
Change-Id: Ie2a593de78613dcf6833165c45fef75adf57ee23
Signed-off-by: JP Abgrall <jpa@google.com>
Kazuhiro Ondo [Tue, 28 Jun 2011 00:59:20 +0000 (17:59 -0700)]
am
a0eece26: am
6b858eb3: Keep IP forwarding enabled in tools mode.
* commit '
a0eece268a7dbd837f73c80ad97cbea81abebf11':
Keep IP forwarding enabled in tools mode.
Kazuhiro Ondo [Tue, 28 Jun 2011 00:58:23 +0000 (17:58 -0700)]
am
6b858eb3: Keep IP forwarding enabled in tools mode.
* commit '
6b858eb3b9b94b19c5153311e10b6e832722fb8e':
Keep IP forwarding enabled in tools mode.
Kazuhiro Ondo [Sat, 25 Jun 2011 01:31:03 +0000 (20:31 -0500)]
Keep IP forwarding enabled in tools mode.
Do not disable IP forwarding after Tethering session is over
in tools mode so that modem logging tools are functional across
tethering sessions.
Change-Id: Id6eb91ded458c57822e6a96006778e11f4038d52
Robert Greenwalt [Mon, 27 Jun 2011 21:04:16 +0000 (14:04 -0700)]
Merge "resolved conflicts for merge of
80adaddf to master"
Robert Greenwalt [Mon, 27 Jun 2011 21:02:54 +0000 (14:02 -0700)]
resolved conflicts for merge of
80adaddf to master
Change-Id: I53c036b229352430c3faf57ce1d02fa889827690
Mike J. Chen [Mon, 27 Jun 2011 19:56:33 +0000 (12:56 -0700)]
Merge changes Ie9674ca0,I8c0625a9
* changes:
Change string notification for link state change.
Revert "Revert "Add NETLINK_ROUTE socket creation and event propagation""
JP Abgrall [Sat, 25 Jun 2011 02:21:51 +0000 (19:21 -0700)]
netd: bandwidthcontroller: cleanup bool usage for readability.
replace stuff like:
f(buff, true, false) -> f(buff, ActionA, CaseD)
Change-Id: I8ff1d84f077d8f57263ecb7937b3f2caca86284b
JP Abgrall [Fri, 24 Jun 2011 18:58:14 +0000 (11:58 -0700)]
BandwidthController: cleanup ipv4/v6, set/remove multiple quotas.
Regroup the ipv4/ipv6 choice deeper down to avoid copypasted code.
Shared quota accross ifaces.
Single quota per ifaces.
Nothing preventing an iface from have a single and shared quota.
Might be close to having a working combination.
Added commands:
- shared quota
ndc bandwidth setquotas <quotaBytes> <iface> ...
ndc bandwidth setquota <iface> <quotaBytes>
ndc bandwidth removequota <iface>
ndc bandwidth removequotas <iface> ...
- quota per iface
ndc bandwidth setiquota <iface> <quotaBytes>
ndc bandwidth removeiquota <iface>
Change-Id: I370d223da3c8b6e16e8d0a455309ae9e0756a721
Mike J. Chen [Thu, 23 Jun 2011 22:11:53 +0000 (15:11 -0700)]
Change string notification for link state change.
Changed from linkstatus to linkstate to be more like the
notification function name.
Change-Id: Ie9674ca04bf9a9bdff2583786c301452d02b19fc
Signed-off-by: Mike J. Chen <mjchen@google.com>
Mike J. Chen [Thu, 23 Jun 2011 22:07:35 +0000 (15:07 -0700)]
Revert "Revert "Add NETLINK_ROUTE socket creation and event propagation""
This reverts commit
19fb0c4e5ec6a10473666a2d45267fbc8305ba85.
Conflicts:
NetlinkManager.cpp
Brings back Stan Chesnutt's change related to adding NETLINK_ROUTE
socket creation and event propagation.
Change-Id: I8c0625a95b7996ef75b883ce764c3244dd553a47
Signed-off-by: Mike J. Chen <mjchen@google.com>
JP Abgrall [Sat, 18 Jun 2011 06:17:28 +0000 (23:17 -0700)]
netd:bandwidth: initial pass at app-rules, and some ipv6.
Adds initial per-app penalty box rules, and prepares for
handling per iface quota.
The following commands work:
* penalty box
ndc bandwidth addnaughtyapps <uid> ...
ndc bandwidth removenaughtyapps <uid> ...
* Shared quota
- add (updates the bytes, if they differ from last time)
ndc bandwidth setquota <iface> <bytes>
ndc bandwidth setquota <iface1> <bytes>
ndc bandwidth setquota <iface2> <bytes>
- remove
ndc bandwidth removequota <iface>
[ oldschool: ndc bandwidth setquota <iface> -1 ]
Change-Id: Ibefc16e81c7713feb47577a9687dcd032dedf06e
JP Abgrall [Thu, 23 Jun 2011 01:50:04 +0000 (18:50 -0700)]
NatController: remove flushing the INPUT/OUTPUT tables.
It doesn't use them, so it should not have to flush them.
This is a minimalistic attempt to cooperate with the BandwidthController.
Change-Id: Ia175a86403adf034ac6f44d7ebc4ebe941881368
Robert Greenwalt [Thu, 23 Jun 2011 18:12:17 +0000 (11:12 -0700)]
am
d41806cb: Merge "Add ResolverController class"
* commit '
d41806cb55874d0eaf82fe11ffc62cf50a227313':
Add ResolverController class
Robert Greenwalt [Thu, 23 Jun 2011 17:21:14 +0000 (10:21 -0700)]
Merge "Add ResolverController class"
Mike Lockwood [Tue, 31 May 2011 17:43:17 +0000 (13:43 -0400)]
Remove obsolete support for controlling RNDIS USB networking
Change-Id: I1a49dc2c96998e9a44729b4b0303dbe9eb8c6569
Signed-off-by: Mike Lockwood <lockwood@android.com>
Irfan Sheriff [Thu, 16 Jun 2011 17:28:47 +0000 (10:28 -0700)]
Add netd command to clean up IP addresses
Bug:
4676254
Change-Id: Ifb0b573750504f5daeb8db038d13dddd553797de
JP Abgrall [Thu, 16 Jun 2011 01:37:39 +0000 (18:37 -0700)]
system/netd: bandwidth management initial support (uid+tag stats)
This is a minimalistic version to get accounting of data going
through tagged socket per uid.
When netd starts up the BandwidthController, it will look at the
properties for
persist.bandwidth.enable=1
and enabled it.
It needs the kernel with the xt_qtaguid + iptables/netfilter goodness.
stlport is ok to use.
The "owner" netfilter module used is actually our xt_qtaguid that acts as it
(just until we get around to talking directly the to kernel).
Once
"ndc bandwidth enable"
is invoked all traffic is counted against the UIDs receiving/sending it.
This allows BlockGuard.java to "tag" sockets and see stats for the tags.
Data shows up in
/proc/net/xt_qtaguid/stats
/proc/net/xt_qtaguid/iface_stat/<iface>/
rx_packets_tcp
rx_bytes_tcp
...
There is no <uid>/...
Supported commands:
- "ndc bandwidth enable"
will setup the needed iptable entries to track tag/uid.
- "ndc bandwidth disable"
will remove the iptable entries.
- "ndc bandwidth setquota <iface> <value>"
will set a quota on the iface.
Once quota is reached, packets are rejected.
With the correct kernel, rejects are turned in socket errors.
TODO
----
* make bandwidth controller cooperate with tethering.
- they both manipulate the iptables.
Change-Id: Ieb9e7c60ef8c974e99828f7833065d59b2922bf3
John Michelau [Thu, 2 Jun 2011 23:51:56 +0000 (16:51 -0700)]
am
0b0383be: am
ac208608: Do not wipe all netd iptables rules in test mode
* commit '
0b0383befa6843ad32c3ff30da3e91a0c0a8f9c7':
Do not wipe all netd iptables rules in test mode
John Michelau [Sat, 28 May 2011 04:38:02 +0000 (21:38 -0700)]
am
ac208608: Do not wipe all netd iptables rules in test mode
* commit '
ac208608c9e10ef199fdd11c38a31675ee9290c0':
Do not wipe all netd iptables rules in test mode
John Michelau [Sat, 28 May 2011 03:07:20 +0000 (22:07 -0500)]
Do not wipe all netd iptables rules in test mode
The NatController fail-safe which flushes the iptables when the ref
count reaches zero unintentionally wipes out all static rules setup
by init in bp-tools test mode. Doing this flush is not necessary.
Change-Id: I37890e79cd701aa2e970958a246dfe7514a65c47
The Android Open Source Project [Fri, 20 May 2011 21:19:45 +0000 (14:19 -0700)]
Reconcile with gingerbread-release
Change-Id: Ibac35b4865cd0c39eff053ad84bddab50a2d6d6e
Robert Greenwalt [Thu, 19 May 2011 14:21:25 +0000 (07:21 -0700)]
am
442017ef: am
e019b659: Add v4/v6 route add/remove to netd.
* commit '
442017eff8f783a2ea86d73c2ee9d88aef175327':
Add v4/v6 route add/remove to netd.
Robert Greenwalt [Wed, 18 May 2011 23:30:12 +0000 (16:30 -0700)]
am
e019b659: Add v4/v6 route add/remove to netd.
* commit '
e019b65925217bcc3ad9b662aa3125f0593057af':
Add v4/v6 route add/remove to netd.
The Android Automerger [Fri, 13 May 2011 21:27:38 +0000 (14:27 -0700)]
merge in gingerbread-release history after reset to gingerbread
Robert Greenwalt [Tue, 10 May 2011 21:57:03 +0000 (14:57 -0700)]
Add v4/v6 route add/remove to netd.
Now we can move this out of the framework.
Also adds v6 support and explicit route removal (rather than the big hammer of "remove all").
Change-Id: Ia7f1b12b2175c566c4906064796131a2f7e81466
Brian Carlstrom [Tue, 3 May 2011 23:11:54 +0000 (16:11 -0700)]
am
38bfbace: resolved conflicts for merge of
d1aed628 to honeycomb-plus-aosp
* commit '
38bfbace16fa8dc7e69761e1f29586d0ef5ea90c':
DNS Proxy should not hang on addresses containing null bytes
Brian Carlstrom [Tue, 3 May 2011 22:11:19 +0000 (15:11 -0700)]
resolved conflicts for merge of
d1aed628 to honeycomb-plus-aosp
Change-Id: I6a1ffad61d29c6d361272bdd55522f4bd5f0e2c5
Brian Carlstrom [Tue, 3 May 2011 17:21:33 +0000 (10:21 -0700)]
Merge "DNS Proxy should not hang on addresses containing null bytes"
Brian Carlstrom [Mon, 2 May 2011 18:55:53 +0000 (11:55 -0700)]
am
1eef3e2f: (-s ours) am
1871a4f2: DNS Proxy should not hang on addresses containing null bytes DO NOT MERGE
* commit '
1eef3e2f220e264984e1c9a94f3782a1350a3ff9':
DNS Proxy should not hang on addresses containing null bytes DO NOT MERGE
Brian Carlstrom [Sat, 30 Apr 2011 03:49:44 +0000 (20:49 -0700)]
am
1871a4f2: DNS Proxy should not hang on addresses containing null bytes DO NOT MERGE
* commit '
1871a4f2b20f5d2e52d67b6d91da4f8734455cd6':
DNS Proxy should not hang on addresses containing null bytes DO NOT MERGE
Brian Carlstrom [Fri, 29 Apr 2011 23:49:41 +0000 (16:49 -0700)]
DNS Proxy should not hang on addresses containing null bytes
Two bugs here:
1.) The gethostbyaddr netd protocol was passing a binary address value
but the arguments are expected to be strings not containing
embedded nulls (or probably other special characters). This
happened reliably with IPv6 addresses which contained nulls. It
now expects an inet_ntop formatted address.
2.) Although the gethostbyaddr code detected something was wrong, it
wasn't doing any proper error handling, leaving clients hanging
waiting for a response. It now sends back an empty response so
that clients can continue.
A corresponding change will be necesssary in bionic for #1 for DNS
proxying to work, but given the fix for #2, the existing bionic code
will fall back to performing its own gethostbyaddr call.
Bug:
4344448
Change-Id: I2a55bb0cd0f1b0670f25c0c93554578bb20404e3
Brian Carlstrom [Wed, 27 Apr 2011 18:47:41 +0000 (11:47 -0700)]
DNS Proxy should not hang on addresses containing null bytes DO NOT MERGE
Two bugs here:
1.) The gethostbyaddr netd protocol was passing a binary address value
but the arguments are expected to be strings not containing
embedded nulls (or probably other special characters). This
happened reliably with IPv6 addresses which contained nulls. It
now expects an inet_ntop formatted address.
2.) Although the gethostbyaddr code detected something was wrong, it
wasn't doing any proper error handling, leaving clients hanging
waiting for a response. It now sends back an empty response so
that clients can continue.
A corresponding change will be necesssary in bionic for #1 for DNS
proxying to work, but given the fix for #2, the existing bionic code
will fall back to performing its own gethostbyaddr call.
Bug:
4344448
git cherry-pick -e
0475ae98cd8f45de815d67d1966edaf5997be9a9
Change-Id: I0b131032e06c16950b4e6810155529b57814c565
Mattias Falk [Fri, 29 Apr 2011 12:48:51 +0000 (14:48 +0200)]
Add ResolverController class
Added a ResolverController class that handles
the communication with the dns resolver in
netd.
Change-Id: I0f71bd516109fd942e68b3400666c7a859228372
Brian Carlstrom [Wed, 27 Apr 2011 18:47:41 +0000 (11:47 -0700)]
DNS Proxy should not hang on addresses containing null bytes
Two bugs here:
1.) The gethostbyaddr netd protocol was passing a binary address value
but the arguments are expected to be strings not containing
embedded nulls (or probably other special characters). This
happened reliably with IPv6 addresses which contained nulls. It
now expects an inet_ntop formatted address.
2.) Although the gethostbyaddr code detected something was wrong, it
wasn't doing any proper error handling, leaving clients hanging
waiting for a response. It now sends back an empty response so
that clients can continue.
A corresponding change will be necesssary in bionic for #1 for DNS
proxying to work, but given the fix for #2, the existing bionic code
will fall back to performing its own gethostbyaddr call.
Bug:
4344448
Change-Id: I2d03bfec0093c67e8052717c0f499f8871bcfb85
Conley Owens [Tue, 26 Apr 2011 23:04:01 +0000 (16:04 -0700)]
am
3a74e2f6: am
c7d5ce4a: Ignore change "Set SO_PASSCRED on the uevent socket." in favor of change in internal change.
* commit '
3a74e2f631209cf96c90b56e95c86d2bde1bb29e':
Set SO_PASSCRED on the uevent socket. (needed for change I393c21da)
Conley Owens [Tue, 26 Apr 2011 22:59:10 +0000 (15:59 -0700)]
am
c7d5ce4a: Ignore change "Set SO_PASSCRED on the uevent socket." in favor of change in internal change.
* commit '
c7d5ce4af83acc83c4d871ee57d118d7d9a81188':
Set SO_PASSCRED on the uevent socket. (needed for change I393c21da)
Conley Owens [Tue, 26 Apr 2011 22:27:59 +0000 (15:27 -0700)]
Ignore change "Set SO_PASSCRED on the uevent socket." in favor of change
in internal change.
Change-Id: I9f78c5e0e7c3cb4714ce8f908d1478dadf027d97
Conley Owens [Tue, 26 Apr 2011 19:51:02 +0000 (12:51 -0700)]
Merge "Set SO_PASSCRED on the uevent socket. (needed for change I393c21da)"
Vernon Tang [Mon, 25 Apr 2011 03:31:34 +0000 (13:31 +1000)]
Set SO_PASSCRED on the uevent socket. (needed for change I393c21da)
Change-Id: I11767da938f6e8fd9b3b604218c26c3c8b8da881
Nick Kralevich [Tue, 19 Apr 2011 22:47:13 +0000 (15:47 -0700)]
am
adb408dc: am
d5b10d36: netd: Enable the SO_PASSCRED socket option
* commit '
adb408dc79639b5377c58d306484bc388062d195':
netd: Enable the SO_PASSCRED socket option
Nick Kralevich [Tue, 19 Apr 2011 22:38:41 +0000 (15:38 -0700)]
am
d5b10d36: netd: Enable the SO_PASSCRED socket option
* commit '
d5b10d3633c6717b46763edf1a50d3e29a007592':
netd: Enable the SO_PASSCRED socket option
Nick Kralevich [Mon, 18 Apr 2011 22:54:13 +0000 (15:54 -0700)]
netd: Enable the SO_PASSCRED socket option
Ensure that sender credentials are available when we
receive a netlink message.
This is a manual cherry-pick of
79b579c92afc08ab12c0a5788d61f2dd2934836f
Change-Id: Ia7e742c2ab2fd4149454364a8c20ab0b719196b4
Nick Kralevich [Tue, 19 Apr 2011 17:38:24 +0000 (10:38 -0700)]
am
ea52906e: am
97f5eec2: am
79b579c9: netd: Enable the SO_PASSCRED socket option
* commit '
ea52906efcdcead1b2c7a12e0d5fa16374c9892c':
netd: Enable the SO_PASSCRED socket option
Nick Kralevich [Tue, 19 Apr 2011 17:26:04 +0000 (10:26 -0700)]
am
97f5eec2: am
79b579c9: netd: Enable the SO_PASSCRED socket option
* commit '
97f5eec2ac9e78b8388be52be1ea95b4462537ee':
netd: Enable the SO_PASSCRED socket option
Nick Kralevich [Mon, 18 Apr 2011 22:54:13 +0000 (15:54 -0700)]
netd: Enable the SO_PASSCRED socket option
Ensure that sender credentials are available when we
receive a netlink message.
Change-Id: I8a352573c7e49d99b4f2fdb2e4ce9abe58d4fc49
Nick Kralevich [Mon, 18 Apr 2011 23:31:23 +0000 (16:31 -0700)]
am
79b579c9: netd: Enable the SO_PASSCRED socket option
* commit '
79b579c92afc08ab12c0a5788d61f2dd2934836f':
netd: Enable the SO_PASSCRED socket option
Nick Kralevich [Mon, 18 Apr 2011 22:54:13 +0000 (15:54 -0700)]
netd: Enable the SO_PASSCRED socket option
Ensure that sender credentials are available when we
receive a netlink message.
Change-Id: I8a352573c7e49d99b4f2fdb2e4ce9abe58d4fc49
Brad Fitzpatrick [Thu, 17 Mar 2011 22:53:22 +0000 (15:53 -0700)]
Reference count SocketClients.
Avoids a netd crash when the client closes its connection while
a DNS request is in-flight.
Depends on Icd7f5f03 in system/core.
Bug:
3438459
Change-Id: Ie6953196623b97ad2b90df951186fbfce84f8e4e