OSDN Git Service
Robert Greenwalt [Fri, 4 Oct 2013 18:59:23 +0000 (11:59 -0700)]
am
2dae2f87: Don\'t vpn dns if the vpn didn\'t provide servers
* commit '
2dae2f8729c3254d5f805ce3df535458db193c12':
Don't vpn dns if the vpn didn't provide servers
Robert Greenwalt [Tue, 24 Sep 2013 23:44:22 +0000 (16:44 -0700)]
Don't vpn dns if the vpn didn't provide servers
A split-tunnel vpn shouldn't snarf all dns queries if it's not
going to provide dns servers to service them.
bug:
10115444
Change-Id: I4f8de66b75a04ca0e274edb92ace7acee762bca2
JP Abgrall [Thu, 12 Sep 2013 03:01:59 +0000 (20:01 -0700)]
NatController: Fix tethering-counting iptables rules handling
Fix duplicate tethering-pair detection. It was broken because the
underlying mechanism used quota2 which has a 15char limit and
the two combined interface names were longer than that.
Fix parsing or tether-counting rules when no interfaces are available
vs when parsing is broken.
Now the parser is not invoked if no tether-counting rules were created.
Bug:
10710027
Change-Id: I37899d113a37cd84255d439efa6e2ed3ce712ec0
Lorenzo Colitti [Thu, 12 Sep 2013 15:56:23 +0000 (00:56 +0900)]
Don't log "Unexpected netlink message" on NDUSEROPT
When opening the netlink socket, NetlinkManager specifies it's
interested in ND_USEROPT messages, but we since we don't have
code to parse them yet, we end up logging an error message for
packets that contain them. Get rid of the logspam by not asking
the kernel to receive them.
Bug:
10718651
Change-Id: Ib1b7748448a983cfa7bb7725e48e238d85152ea2
Jeff Sharkey [Wed, 11 Sep 2013 03:53:58 +0000 (20:53 -0700)]
Missing tethering stats isn't an error.
When a device first boots, there won't be any tethering stats, which
isn't an error. Continue checking for partial results.
Bug:
5868832
Change-Id: Ic432f5f159320da9886d85c2525fa2cde8c67750
Lorenzo Colitti [Mon, 2 Sep 2013 15:26:23 +0000 (00:26 +0900)]
Unbreak interface add/delete notifications.
The change to enable address tracking via netlink incorrectly
changed the subsystem of rtnetlink events from "net" to
"interface". This broke interface add/delete notifications,
which come from the kernel with subsystem "net".
Switch back to "net" and deal with address tracking via new
action codes instead of a new subsystem.
Bug:
10433320
Change-Id: I59a50e9c7cb49f46e680c7d84ac8e196a861ca4b
JP Abgrall [Mon, 26 Aug 2013 22:13:10 +0000 (15:13 -0700)]
BandwidthController: fix bad flushing for bw_costly_* tables.
Some of the bw_costly_<iface> rules would not get correctly flushed and
cleared on netd re-start, which would cause a failure when trying to
setup the bw_penalty_box as bw_costly_<iface> would reference it.
The resulting symptom would be that bandwidth could not be re-enabled.
Bug:
10183445
Change-Id: I79a8a73ae52e18b3bff8a58e47ac1aea2454ae63
Lorenzo Colitti [Thu, 1 Aug 2013 20:57:47 +0000 (05:57 +0900)]
Make netd track and notify IP address changes.
Subscribe netd's netlink socket to listen to IPv4 and IPv6
address changes (and ND opts, which we'll need for IPv6 DNS
later), and make NetlinkHandler notify the system of address
changes.
Bug:
10232006
Change-Id: Ib9dfd58635dce389980d8ee9529a17661a02320a
Robert Greenwalt [Thu, 1 Aug 2013 15:26:03 +0000 (08:26 -0700)]
am
bca84afd: Merge "Incorrect memset parameters"
* commit '
bca84afd429667bf25f2288f254f6e854bcb0f04':
Incorrect memset parameters
Robert Greenwalt [Thu, 1 Aug 2013 15:17:47 +0000 (15:17 +0000)]
Merge "Incorrect memset parameters"
Edward Savage-Jones [Fri, 19 Jul 2013 20:09:44 +0000 (22:09 +0200)]
Incorrect memset parameters
Memset parameters swapped
Change-Id: I528c1f6de344447d3c43d89c1dd4cd87e1c5c5a7
Geremy Condra [Tue, 23 Jul 2013 17:57:33 +0000 (17:57 +0000)]
Merge "Host exemption now handles premarked sockets"
Chad Brubaker [Mon, 15 Jul 2013 22:28:59 +0000 (15:28 -0700)]
Host exemption now handles premarked sockets
Host exemption now properly handles routing for sockets that were
already marked
Change-Id: I55d5c00754036a5ef49379170c37607d3e71a1e8
Robert Greenwalt [Thu, 18 Jul 2013 16:12:51 +0000 (09:12 -0700)]
am
8ab6df2e: am
08ff0e40: Merge "Fix memset call"
* commit '
8ab6df2e2a4df8eb2c6bcd3325c8ac7a5b01c63e':
Fix memset call
Robert Greenwalt [Thu, 18 Jul 2013 16:08:46 +0000 (09:08 -0700)]
am
08ff0e40: Merge "Fix memset call"
* commit '
08ff0e408976d541dae0fc36527c15195cc86cda':
Fix memset call
Robert Greenwalt [Thu, 18 Jul 2013 16:07:19 +0000 (16:07 +0000)]
Merge "Fix memset call"
Wang Liyong [Thu, 18 Jul 2013 14:37:07 +0000 (16:37 +0200)]
Fix memset call
Parameters was passed in the wrong order.
Change-Id: I1d4d68f1ba729bf54da84cbcb5f631938ac697f2
Geremy Condra [Fri, 12 Jul 2013 22:28:00 +0000 (22:28 +0000)]
Merge "Add netd commands to get marks for routing"
Geremy Condra [Thu, 11 Jul 2013 22:57:03 +0000 (22:57 +0000)]
Merge "Add destination host exemption to VPN routing"
Geremy Condra [Thu, 11 Jul 2013 22:56:55 +0000 (22:56 +0000)]
Merge "Add support for fwmark split tunneling"
Chad Brubaker [Thu, 11 Jul 2013 19:05:39 +0000 (12:05 -0700)]
Add netd commands to get marks for routing
Add commands for fetching the mark associated with routing a uid and for
fetching the mark associated with avoiding the fwmark routing rules
Change-Id: I4accd1a9aecd91f6f0630eb1a5466a81e309eeac
Geremy Condra [Thu, 11 Jul 2013 22:10:37 +0000 (22:10 +0000)]
Merge "Add netd support for uid based routing for DNS"
Chad Brubaker [Wed, 10 Jul 2013 19:08:08 +0000 (12:08 -0700)]
Add destination host exemption to VPN routing
requestRouteToHost requires the ability to punch holes in the VPN for
certain addresses, this adds support for this under mark based VPNs.
Change-Id: I9d890829048624d43c0f1efaec54563a860e850f
Chad Brubaker [Fri, 28 Jun 2013 00:20:39 +0000 (17:20 -0700)]
Add support for fwmark split tunneling
Packets are now only marked for fwmark if their destination is in one of
the routes for the target interface.
Change-Id: Ided4ad992c4cf957d77ae11fa62ac4843a8592c7
JP Abgrall [Wed, 3 Jul 2013 20:33:05 +0000 (13:33 -0700)]
BandwidthController: prefix chains with bw_
Just a cleanup.
Change-Id: Ic5afd7bd194fdcad604d533ba95e4c23b10b3e24
JP Abgrall [Wed, 3 Jul 2013 19:23:55 +0000 (12:23 -0700)]
BandwidthController: allow UID 0 as a "special uid"
The happy box needs to be able to let UID 0 (dhcp, ...) pass through.
Bug:
6212480
Change-Id: I9867b7db4e5ad71cfb1170659d2d6a14ca9590be
JP Abgrall [Wed, 3 Jul 2013 03:28:45 +0000 (20:28 -0700)]
BandwidthController: add support for "nice apps" and the "happy box"
* ndc bandwidth happybox (enable | disable)
- enable
. creates a an empty happy_box chain which rejects all traffic from all UIDs by default.
. Uses the penalty_box as a hook. Any costly_interface automatically gets the happy_box as it has a penalty_box.
. any app UID not in the happy_box will be treated as if it was in the penalty_box (i.e. addnaughtyapps)
. penalty_box (addnaughtyapps) still applies.
- disable
. removes the happy box.
* ndc bandwidth addniceapps <appUid> ...
- similar to addnaughtyapps, but for the happy_box
* ndc bandwidth removeniceapps <appUid> ...
- similar to removenaughtyapps, but for the happy_box
Bug:
6212480
Change-Id: I1f10e8c6fa1b230c7b3bb070d88508e437589705
JP Abgrall [Wed, 3 Jul 2013 02:08:48 +0000 (19:08 -0700)]
BandwidthController: switch to generic handling for naughty apps.
Rename some stuff in preparation for nice apps and the "happy box".
Bug:
6212480
Change-Id: I637c4283695ac619533999beab4f88968580d2e4
JP Abgrall [Sat, 29 Jun 2013 00:06:00 +0000 (17:06 -0700)]
BandwidthController: reject with port-unreachable to prevent TCP retries.
Currently the bandwidth controller will cut off traffic via an ICMP
destination unreachable message with code "administratively prohibited".
TCP's RFC1122 does not explicitly say what to do with it, but it does say
to abort the transmission when "port-unreachable" is seen.
Some servers keep on retrying with the "prohibited" ICMP message which
keeps the radio longer awake as more packets come in.
Bug:
9150002
Change-Id: I6eb1c3ae41c3890f26581a4b7464821b7ffb85f4
Chad Brubaker [Fri, 21 Jun 2013 22:26:35 +0000 (15:26 -0700)]
Add netd support for uid based routing for DNS
DNSProxyListener now supports bionic changes for marking DNS requests
for routing DNS requests with the uid routing rules
Change-Id: Iac9aa1bb14834be6da5e512405f23c6a72dc71ed
JP Abgrall [Tue, 25 Jun 2013 16:44:10 +0000 (09:44 -0700)]
netd: tethering stats: persistent + list-all support
* Persistent stats
Previously we would parse the iptables counters out of the FORWARD
rules used for tethering. Those rules could come an go before they
were parsed, which would cause us to incorrectly count traffic.
Now we have separate counting rules (and quota2 counters) which
persist beyond tethering.
* Rename the iface0/iface1
Match NatControllers notions for tethering ifaces during enable.
Detect weird call from userspace (until b/
9565268 gets fixed),
or else it leaves an ugly iptables state.
* The commands affected:
- ndc bandwidth gettetheringstats intIface extIface
. no change from before: return a single stats line
- ndc bandwidth gettetheringstats
. return a list of results showing all tethered stats
- ndc bandwidth gettetheringstats "" extIface
- ndc bandwidth gettetheringstats intIface
. return a list of results matching the tethering on
the given interface.
Bug:
9565268
Bug:
5868832
Change-Id: I8559d9a184abcffaf65998fb3cc8c9c50d46bf06
Nick Kralevich [Thu, 20 Jun 2013 22:11:55 +0000 (15:11 -0700)]
am
5ff04590: am
4ea5bd05: Merge "Revert "netd: reduce privileges""
* commit '
5ff04590386a08712d83c4f8add6d78870fe3bce':
Revert "netd: reduce privileges"
Nick Kralevich [Thu, 20 Jun 2013 22:07:04 +0000 (15:07 -0700)]
am
4ea5bd05: Merge "Revert "netd: reduce privileges""
* commit '
4ea5bd0540bf3b4b6767815b5c9e41a7146f749c':
Revert "netd: reduce privileges"
Nick Kralevich [Thu, 20 Jun 2013 22:04:07 +0000 (22:04 +0000)]
Merge "Revert "netd: reduce privileges""
Nick Kralevich [Thu, 20 Jun 2013 21:54:15 +0000 (21:54 +0000)]
Revert "netd: reduce privileges"
jpa reports that tethering is broken.
This reverts commit
ab3df62f7b5584af6dee4f5ec069b70dd4f4cee6.
Change-Id: I0736f0fd83ea7cada9fdaee7e8d39123d2a3b5c2
Nick Kralevich [Thu, 20 Jun 2013 19:57:18 +0000 (12:57 -0700)]
am
4dbd276e: am
30583ec3: Merge "netd: reduce privileges"
* commit '
4dbd276e59f4d04028effd8510bb3a1e5cb31823':
netd: reduce privileges
Nick Kralevich [Thu, 20 Jun 2013 19:54:11 +0000 (12:54 -0700)]
am
30583ec3: Merge "netd: reduce privileges"
* commit '
30583ec326fb85f5f2638a6582d6f573fd57b42c':
netd: reduce privileges
Nick Kralevich [Thu, 20 Jun 2013 19:52:42 +0000 (19:52 +0000)]
Merge "netd: reduce privileges"
JP Abgrall [Thu, 20 Jun 2013 18:18:07 +0000 (11:18 -0700)]
ndc: re-instate the command sequence num
Some prior change removed the ability to use a command sequence number.
This would cause conflicts with java-land sending commands, and results
don't get routed appropriatly: ndc would catch results destined for java.
Also, cleanup the bad errno handling: don't use errno after any library
call.
Bug:
5886205
Change-Id: I72cafb7d8f8328a6879971e6dd5401f8c20a21f9
Nick Kralevich [Thu, 20 Jun 2013 00:20:24 +0000 (17:20 -0700)]
netd: reduce privileges
netd doesn't need full root capabilities. Rather, it only needs
CAP_NET_ADMIN and CAP_NET_RAW. Reduce the capabilities to that
set.
netd continues to run with UID=0, which allows applications spawned
by netd to continue to have CAP_NET_ADMIN and CAP_NET_RAW. It also
allows netd to access /proc and /sys files as UID=0.
Change-Id: I439d22150109697213c0cc83276ddb668007b978
Geremy Condra [Wed, 12 Jun 2013 19:26:47 +0000 (19:26 +0000)]
Merge "Make uid marking rule's API consistent"
Chad Brubaker [Wed, 12 Jun 2013 17:51:55 +0000 (10:51 -0700)]
Make uid marking rule's API consistent
Make the netd binds for adding uid iptables mark rules consistent with
the other per uid range binds.
Change-Id: I97d1576f4ac11368bf6ede866229e456a2ed24da
Dmitry Shmidt [Tue, 11 Jun 2013 23:18:06 +0000 (16:18 -0700)]
Add getmtu and setmtu interface commands
Bug:
9372485
Change-Id: I0dfa6b1f973426d67f976a9c79be8de90e3d9c19
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Dmitry Shmidt [Tue, 11 Jun 2013 18:00:13 +0000 (18:00 +0000)]
Merge "softap: Add channel configuration parameter"
Geremy Condra [Mon, 10 Jun 2013 21:46:09 +0000 (21:46 +0000)]
Merge "Add netd support for marked packet forwarding"
Geremy Condra [Mon, 10 Jun 2013 21:46:01 +0000 (21:46 +0000)]
Merge "Add netd binds for UID based routing"
Dmitry Shmidt [Mon, 10 Jun 2013 21:35:43 +0000 (14:35 -0700)]
softap: Add channel configuration parameter
Bug:
9372353
Change-Id: Id85a8a41f644195519f1635e4ab73806b5e1738e
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Chad Brubaker [Fri, 7 Jun 2013 22:17:45 +0000 (15:17 -0700)]
Add netd binds for clearing DNS interface maps
Add resolver clearifacemapping to clear both the uidrange => interface DNS map
and the pid => interface DNS map
Change-Id: I144f4d092780b532633d8a956f68a6888d46797a
Chad Brubaker [Thu, 30 May 2013 23:12:55 +0000 (16:12 -0700)]
Add netd binds for setting per uid dns interfaces
Change-Id: I1029232adbd754246c75fbd97c6d720e7e60ced8
Chad Brubaker [Fri, 7 Jun 2013 04:42:53 +0000 (21:42 -0700)]
Add netd support for marked packet forwarding
Add binds in netd for setting up fwmark rules to be used with the per
uid marking to do per uid routing.
Change-Id: Id4f315dd1aec73f074e233c2e3f70eb24b4c537a
Chad Brubaker [Sat, 1 Jun 2013 03:51:46 +0000 (20:51 -0700)]
Add netd binds for UID based routing
Add methods for add per uid mark rules to push all traffic from specific
uids to specific interfaces.
Allows for per uid routing for per uid VPNs.
Change-Id: I8492c668e2c96010b0f74ea7e367f0b4471238ad
Chad Brubaker [Thu, 30 May 2013 22:45:01 +0000 (15:45 -0700)]
Update DnsProxy to use resolv's uid->interface map
If a proccess does not have an interface associated with its pid it will
check if there is one associated with its uid before falling back to
using the default interface.
Change-Id: Ife732aa5ae6c3f79ea9ec1e3a63ef8877ad3d494
Dmitry Shmidt [Wed, 17 Apr 2013 15:58:17 +0000 (08:58 -0700)]
softap: Fix open network creation in case of obsolete parameter
Change-Id: If4ddb6b2e14e6b20fe4fa378d0dfba4e733a58a4
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Dmitry Shmidt [Tue, 16 Apr 2013 20:16:05 +0000 (13:16 -0700)]
softap: Add option for hidden SSID
Change-Id: I7bcc43b47e3bcc208f9da81970b9ecb6ce08d778
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Jeff Johnson [Sun, 14 Apr 2013 19:11:50 +0000 (12:11 -0700)]
am
d5b19ca2: Enable 802.11g hardware mode in hostapd.conf
* commit '
d5b19ca2060d66027dd97610c1d0934e90081c64':
Enable 802.11g hardware mode in hostapd.conf
Jeff Johnson [Thu, 11 Apr 2013 22:11:27 +0000 (15:11 -0700)]
Enable 802.11g hardware mode in hostapd.conf
The current hostapd.conf generated by SoftapController does not
contain a hw_mode setting. As a result hostapd defaults to 802.11b
mode. This mode is inconsistent with the setting "ieee80211n=1" and
prevents hostapd from using 802.11g/n rates. Add "hw_mode=g" to the
generated hostapd.conf to allow 802.11g/n rates to be advertised and
used.
Change-Id: Ifd66da3f3ffdfffb7c28e751d20bc432e070b2c3
Lorenzo Colitti [Fri, 12 Apr 2013 03:08:10 +0000 (20:08 -0700)]
am
37f2e371: Set accept_ra to 2 on all interfaces
* commit '
37f2e371c43588ca3661584a79b6544de345189a':
Set accept_ra to 2 on all interfaces
Lorenzo Colitti [Thu, 11 Apr 2013 15:44:06 +0000 (00:44 +0900)]
Set accept_ra to 2 on all interfaces
Currently, we set accept_ra to 2 (accept RAs even if forwarding
is on) only on wifi and ethernet, but not on other interfaces
like mobile. This breaks IPv6 over mobile on Nexus 7 3G and
all other devices where the IPv6 default route is configured via
RA, because as soon as we start 464xlat (which enables
forwarding) their default route goes away.
Rather than require all manufacturers to update their RILs to
set the flag themselves, set it ourselves at netd startup time.
Bug:
8276725
Change-Id: If066bb1aa3ff211da0a0bbe8d58d5a7f35298580
Ying Wang [Wed, 10 Apr 2013 06:25:14 +0000 (23:25 -0700)]
Ying Wang [Wed, 10 Apr 2013 05:04:55 +0000 (22:04 -0700)]
Add liblog
Bug:
8580410
Change-Id: Icc2632b33153b01c0d9a15245b3f7e8c89b816ec
Robert Greenwalt [Thu, 28 Mar 2013 16:50:48 +0000 (09:50 -0700)]
am
855a369c: Merge "Remove Broadcom hack for BT reverse Tether" into jb-mr2-dev
* commit '
855a369cb048973bc8b973232ff56d9273b9dc8b':
Remove Broadcom hack for BT reverse Tether
Robert Greenwalt [Thu, 28 Mar 2013 16:47:17 +0000 (16:47 +0000)]
Merge "Remove Broadcom hack for BT reverse Tether" into jb-mr2-dev
Robert Greenwalt [Sat, 18 Aug 2012 00:13:48 +0000 (17:13 -0700)]
Remove Broadcom hack for BT reverse Tether
Plumb it in through binder calls between the external BT stack and
the BluetoothTetheringDataTracker.
bug:
8445208
Change-Id: Ice7dfb0b50c9481d359aed14a51372878185171c
JP Abgrall [Mon, 18 Mar 2013 21:51:42 +0000 (21:51 +0000)]
am
36971a68: TetherController: fix "tether blabla list" commands handling
* commit '
36971a687bf3a6edc2bf5af8a8b2a3176e7d4691':
TetherController: fix "tether blabla list" commands handling
JP Abgrall [Mon, 18 Mar 2013 20:04:17 +0000 (13:04 -0700)]
TetherController: fix "tether blabla list" commands handling
And "interface list" doesn't accept the extra args anymore.
Bug:
5327568
Change-Id: I3d2cb5d790b74a013edfc10dfe7a544e9e39f0ff
JP Abgrall [Sun, 17 Mar 2013 16:28:11 +0000 (16:28 +0000)]
am
20f95ed9: TetherController: fix "tether interface list" command handling
* commit '
20f95ed9db048261c18bbeb152d3204d9cbb58f1':
TetherController: fix "tether interface list" command handling
JP Abgrall [Sat, 16 Mar 2013 03:11:56 +0000 (20:11 -0700)]
TetherController: fix "tether interface list" command handling
It still silently accepts the extra argument.
Bug:
5327568
Change-Id: I4ac1bdb0e2d33133b3d5dbe11f6f94d503a28d11
JP Abgrall [Fri, 15 Mar 2013 18:22:26 +0000 (18:22 +0000)]
am
659692a5: NAT: Disable FORWARD by default and set postroute before FORWARD.
* commit '
659692a56cca02822a43b792baba2632d39eb739':
NAT: Disable FORWARD by default and set postroute before FORWARD.
JP Abgrall [Fri, 15 Mar 2013 04:43:43 +0000 (04:43 +0000)]
am
4ae80dea: NatController: refactor some code wrt sequences of commands
* commit '
4ae80dea9cbf1fe1b33037aeb5feb04daeba8ee0':
NatController: refactor some code wrt sequences of commands
JP Abgrall [Fri, 15 Mar 2013 03:07:17 +0000 (20:07 -0700)]
NAT: Disable FORWARD by default and set postroute before FORWARD.
[Adaptation from https://android-review.googlesource.com/#/c/50223 ]
For NAT table, only the first packet of data flow
hits the rules in this table. If forward is
enabled before postrouting in NAT, packet may be
forwarded without hit rules in NAT table. Phone
will not get responses for such packets because
source IP address is not translated.
How to reproduce:
1) Enable usb tethering;
2) Start ping test on PC;
3) Disable data on Phone;
4) NAT is disabled since data service is lost;
5) Enable data on Phone;
6) Ping can not recover on PC;
7) Capture tcpdump data on phone, source IP
Address is not translated for ICMP packets.
Test result:
Run steps 1-5 in "How to reproduce", Ping session
on PC can be recovered after data is enabled.
CQ00027191
Change-Id: I1c3bcbb3d69eb7e2f61d720fa17086ee0da22fa0
JP Abgrall [Fri, 15 Mar 2013 03:06:20 +0000 (20:06 -0700)]
NatController: refactor some code wrt sequences of commands
This will help when adding/removing commands.
Change-Id: I154fb3d7064acddc3e067d60f225ecab6ea57ddb
Jean-Baptiste Queru [Mon, 11 Mar 2013 20:56:23 +0000 (20:56 +0000)]
am
9a0ae9b7: (-s ours) am
484bdcab: am
63790dce: am
42b4c508: (-s ours) am
11ff695d: (-s ours) Reconcile with jb-mr1-release - do not merge
* commit '
9a0ae9b77dd8d886faa93b7360277e09417ba11c':
Jean-Baptiste Queru [Mon, 11 Mar 2013 20:44:45 +0000 (13:44 -0700)]
am
484bdcab: am
63790dce: am
42b4c508: (-s ours) am
11ff695d: (-s ours) Reconcile with jb-mr1-release - do not merge
* commit '
484bdcab1e7e64c2ad6ee36b9d216dbc94e82608':
Jean-Baptiste Queru [Mon, 11 Mar 2013 20:13:53 +0000 (13:13 -0700)]
am
63790dce: am
42b4c508: (-s ours) am
11ff695d: (-s ours) Reconcile with jb-mr1-release - do not merge
* commit '
63790dce7a791ef575ea80d69776324e15ecf701':
Jean-Baptiste Queru [Mon, 11 Mar 2013 19:47:28 +0000 (12:47 -0700)]
am
42b4c508: (-s ours) am
11ff695d: (-s ours) Reconcile with jb-mr1-release - do not merge
* commit '
42b4c5083b168c6780b95e5c60b49655b049d56f':
Jean-Baptiste Queru [Mon, 11 Mar 2013 19:28:12 +0000 (12:28 -0700)]
am
11ff695d: (-s ours) Reconcile with jb-mr1-release - do not merge
* commit '
11ff695d526735306e1868b596212aac9f3239f4':
Jean-Baptiste Queru [Mon, 11 Mar 2013 19:23:34 +0000 (12:23 -0700)]
Reconcile with jb-mr1-release - do not merge
Lorenzo Colitti [Tue, 5 Mar 2013 21:07:48 +0000 (21:07 +0000)]
am
cfd1a582: Set accept_ra to 2 when enabling IPv6.
* commit '
cfd1a58237c5fe84ddd30c9a73dd361697060aed':
Set accept_ra to 2 when enabling IPv6.
Lorenzo Colitti [Tue, 5 Mar 2013 21:07:48 +0000 (21:07 +0000)]
am
70afde6a: Move IPv6 code to InterfaceController.
* commit '
70afde6ad9b5fce63cca594ac9b230d2fc9b21ee':
Move IPv6 code to InterfaceController.
Lorenzo Colitti [Tue, 5 Mar 2013 01:04:00 +0000 (10:04 +0900)]
Set accept_ra to 2 when enabling IPv6.
The default value of accept_ra causes the kernel to accept
Router Advertisements only if forwarding is off. This causes
problems with clatd, which uses IPv6 forwarding on a tun
interface, and it may cause problems with IPv6 tethering when
we implement it.
Fix this by setting accept_ra to 2, which accepts RAs regardless
of whether forwarding is on.
Bug:
8276725
Change-Id: Ifee0ceaa68ce438a845fa2d7f3b76c60857114a0
Lorenzo Colitti [Mon, 4 Mar 2013 08:58:40 +0000 (17:58 +0900)]
Move IPv6 code to InterfaceController.
Bug:
8276725
Change-Id: Ia04fb64d3660eb08d8b32209bf689c5c5e6dd9ac
Sasha Levitskiy [Thu, 28 Feb 2013 00:29:43 +0000 (16:29 -0800)]
Stricter signatures to match the new bionic/libc/netbsd/resolv ones.
Change-Id: I690858b85303addc030540bce8512ec9a1e18b4a
Sasha Levitskiy [Sat, 23 Feb 2013 00:07:42 +0000 (16:07 -0800)]
Netd: Remove an obsolete API: interface get[rt]xcounter
Change-Id: I6b113294b46e5988ad606144c3eef3c846ac28d1
Nick Kralevich [Fri, 22 Feb 2013 05:24:30 +0000 (21:24 -0800)]
Don't use client passed PID
Don't assume the client is telling the truth about their PID.
Always take their PID directly from the socket, which is
guaranteed by the kernel to be accurate.
Change-Id: Id3374306fd7043da22065921bd49aced60df32f5
JP Abgrall [Wed, 13 Feb 2013 03:20:13 +0000 (19:20 -0800)]
BandwidthController: fixup insertion pos in costly chain handling
* Long time ago, setting an alert in a costly_<iface> chain required adding
it just before the ACCEPT rule that was at the end.
But since then the ACCEPT rule has been removed.
This would cause the insert to pick the last position no matter what.
Now we just append.
* A naughty app in the penalty box could waste up quota on packets that would
get dropped in the later penalty_box rule.
Now we check the penalty_box before feeding it to the quota.
Change-Id: Id4b6a7c020583f1cccc7dccde34c4b85d0fd9642
JP Abgrall [Thu, 14 Feb 2013 00:30:00 +0000 (16:30 -0800)]
BandwidthController: correctly handle the iptables command exit code
The return code from android_fork_execvp() needed to be massaged because
a status ptr was passed in.
Bug:
8185095
Change-Id: I205884f09b563dd729423a74f22fd5b8c2d59c64
Rom Lemarchand [Thu, 31 Jan 2013 20:41:03 +0000 (12:41 -0800)]
Replace system_nosh call with android_fork_execvp
Replace the system_nosh call with the android_fork_execvp from
liblogwrap.
Change-Id: Idfbc6bcf0bef16d4ee90d6af6bd4b07bc79913bb
Rom Lemarchand [Thu, 24 Jan 2013 23:14:41 +0000 (15:14 -0800)]
Replacing fork_and_execve with liblogwrap call
Using the android_fork_exec call from liblogwrap rather than a
custom fork_and_execve.
Change-Id: If8f9a5442e5e3cfc887010268c360e55e733aef0
JP Abgrall [Thu, 7 Feb 2013 19:17:15 +0000 (19:17 +0000)]
Merge "netd: BandwidthController: Allow tracking loopback interfaces"
Robert Greenwalt [Thu, 7 Feb 2013 19:02:32 +0000 (19:02 +0000)]
Merge "dns cache per interface iteration 2"
Mattias Falk [Tue, 23 Aug 2011 12:21:38 +0000 (14:21 +0200)]
dns cache per interface iteration 2
support for attach/detach a process (pid) to a
dns cache.
lookup associated dns cache based on the pid
handle pid and interface argument for getaddrinfo
and gethostbyaddress
bug:
5465296
Change-Id: I4832c792d22aceabb0481c548003a1fd879c12e4
JP Abgrall [Thu, 7 Feb 2013 02:01:24 +0000 (18:01 -0800)]
netd: BandwidthController: Allow tracking loopback interfaces
In the past, loopback interfaces were of no use for bandwidth/datausage.
We now don't treat loopback interfaces any differently.
This will helps with CTS tests that checking the kernel's qtaguid functionality
and the matching user-space handling.
Change-Id: If307ceebc10f89269d1b051f666ec666e5e38d41
Rom Lemarchand [Thu, 31 Jan 2013 20:31:23 +0000 (20:31 +0000)]
Merge "Replace custom logwrapper implementation with liblogwrap"
Rom Lemarchand [Thu, 24 Jan 2013 18:01:04 +0000 (10:01 -0800)]
Replace custom logwrapper implementation with liblogwrap
Use liblogwrap to provide logwrapper functionality instead of
using netd's own implementation.
Change-Id: I10e69aa95989f77c63b5b36825ee7c77fba48c88
Robert Greenwalt [Sat, 19 Jan 2013 00:39:43 +0000 (00:39 +0000)]
Merge "Revert "dns cache per interface iteration 2""
Robert Greenwalt [Sat, 19 Jan 2013 00:39:26 +0000 (00:39 +0000)]
Revert "dns cache per interface iteration 2"
This reverts commit
1c0a243bc22d69d32b758fd3da09ccc902c26225
Change-Id: I63d563df01b4bdc69a11037b1d72fdb4de5437db
Robert Greenwalt [Thu, 17 Jan 2013 16:15:11 +0000 (16:15 +0000)]
Merge "dns cache per interface iteration 2"
Sasha Levitskiy [Tue, 15 Jan 2013 00:28:54 +0000 (16:28 -0800)]
Removed Throttle Controller as obsolete
Change-Id: I1a3c0e1a8690d0d5a8fb1411c49bc6db52ce5ccb
Robert Greenwalt [Mon, 14 Jan 2013 20:00:37 +0000 (12:00 -0800)]
am
3911886e: am
d67cc366: resolved conflicts for merge of
b40c2385 to jb-mr1.1-dev
* commit '
3911886e854d31058e7d3a6e310e8eafd06c02e0':
Fix a TOCTOU and symlink attack in netd.
Robert Greenwalt [Mon, 14 Jan 2013 19:58:20 +0000 (11:58 -0800)]
am
d67cc366: resolved conflicts for merge of
b40c2385 to jb-mr1.1-dev
* commit '
d67cc366f769a84f56755b12d2c943113ec46f8c':
Fix a TOCTOU and symlink attack in netd.