OSDN Git Service
Lorenzo Colitti [Fri, 18 Mar 2016 03:36:03 +0000 (12:36 +0900)]
Slightly restructure the data saver iptables rules.
1. Make bw_costly_shared jump to bw_happy_box after
bw_penalty_box. This allows the framework to manipulate
whitelists and blacklists independently.
2. Make bw_happy box always whitelist system apps. Because
bw_penalty_box is consulted before bw_happy_box, the
framework can always blacklist certain system apps (e.g.,
the media server) by putting them in the blacklist.
3. Add a method to add/remove a reject at the end of
bw_costly_shared. This will allow the framework to
enable/disable data saver by changing only one rule.
Bug:
26685616
Bug:
27506285
Change-Id: I67bff7c3c9ff5eb3f84fb84550cdf49f153e1b68
Lorenzo Colitti [Fri, 18 Mar 2016 03:05:19 +0000 (12:05 +0900)]
Remove the ability to enable/disable the happy box.
This code is unused, and the plan is to have the happy box
enabled at all times.
Bug:
26685616
Bug:
27506285
Change-Id: Ie15b0775d535df7ca94547a7d8b8a5ed536e6dbd
Lorenzo Colitti [Fri, 18 Mar 2016 02:55:56 +0000 (11:55 +0900)]
Don't keep naughty/nice app state in BandwidthController.
Copies of this state are already kept in NetworkManagementService,
NetworkPolicyManagerService, and iptables rules. A third copy of
this state is not necessary.
Bug:
26685616
Bug:
27506285
Change-Id: I8dd9fc60a28804ec95660092b13a2895f7480f56
Lorenzo Colitti [Thu, 17 Mar 2016 04:23:28 +0000 (13:23 +0900)]
Start NetdNativeService before CommandListener.
Starting CommandListener tells NetworkManagementService that netd
is ready to accept commands. Ensure that the binder service is
started (i.e., we have called startThreadPool) before we do this.
Bug:
27239233
Change-Id: Ica89e72f51eb4752cb5cea2e4096c6a9dc5776d7
Felipe Leme [Mon, 7 Mar 2016 17:25:50 +0000 (09:25 -0800)]
Whitelist system apps when using bw_happy_box.
BUG:
27506285
BUG:
26685616
Change-Id: I8352ebbab1778c85e0a1da79a0acede5aea144a1
Pierre Imai [Fri, 11 Mar 2016 08:54:48 +0000 (17:54 +0900)]
Fix netd tests for use with APCT
Change-Id: Ica37a812c37036ffecd45b8f078d8ed9928d01fc
Erik Kline [Wed, 9 Mar 2016 05:56:00 +0000 (14:56 +0900)]
More correctly set app_mark in getNetworkContext.
Specifically: set explicitlySelected, protectedFromVpn and permissions.
Bug:
26256264
Change-Id: I1ebd2c1878fb7166ac63c061c8731e66b0050a30
Lorenzo Colitti [Wed, 2 Mar 2016 13:30:41 +0000 (13:30 +0000)]
Merge changes I2dc1a074,Ic83d8160,I246696c4 into nyc-dev
* changes:
Move SockDiagTest into system/netd/server.
Add an RPC to replace a UID firewall rule.
Allow finer-grained locking, and use it in FirewallCmd.
Lorenzo Colitti [Wed, 2 Mar 2016 05:09:38 +0000 (14:09 +0900)]
Move SockDiagTest into system/netd/server.
My recollection is that we decided to put unit tests next to
the corresponding code and integration tests into tests/.
Change-Id: I2dc1a074ba8d323253d9be3b2052d6b287bacc15
Lorenzo Colitti [Fri, 26 Feb 2016 02:38:47 +0000 (11:38 +0900)]
Add an RPC to replace a UID firewall rule.
Also add a binder_test that exercises binder RPCs to the real
netd service running on the device
Bug:
21725996
Bug:
27239233
Change-Id: Ic83d81605021a0578d6cd32f889290be61d76125
Erik Kline [Wed, 2 Mar 2016 04:52:36 +0000 (04:52 +0000)]
Remove unused costName variable
am:
87732125ef
* commit '
87732125ef05808bf958530c8319026e7a1efbce':
Remove unused costName variable
Erik Kline [Wed, 2 Mar 2016 04:18:06 +0000 (13:18 +0900)]
Remove unused costName variable
Bug:
27432583
Change-Id: Ica6f8714eb6c40a4b6a94ac5e40144d0e781155e
Felipe Leme [Tue, 1 Mar 2016 01:31:44 +0000 (01:31 +0000)]
Merge "Created a firewall chain for power save mode." into nyc-dev
Lorenzo Colitti [Fri, 26 Feb 2016 02:30:59 +0000 (11:30 +0900)]
Allow finer-grained locking, and use it in FirewallCmd.
FirewallController is stateless and FirewallCmd does not access
any other controllers, so it is safe not to take the big netd
lock.
Bug:
27239233
Change-Id: I246696c4b17fa005c7d6b38ecd627747aa608831
Lorenzo Colitti [Tue, 23 Feb 2016 07:59:21 +0000 (16:59 +0900)]
Don't use a manually-sized buffer for the PID.
Change-Id: Ibdda590b828c61caa488e959f3e596dc981a2c65
Pierre Imai [Thu, 25 Feb 2016 07:34:29 +0000 (16:34 +0900)]
Minor improvements for netd_test
Change-Id: Icd89045c7099949ea66bd88b2ce5551301366640
Pierre Imai [Wed, 24 Feb 2016 09:00:03 +0000 (18:00 +0900)]
Wrap netd's controller to make them usable from other classes
Change-Id: Icb76b43e89c5a9e5806b95002d3653dd99912494
Lorenzo Colitti [Tue, 23 Feb 2016 13:25:11 +0000 (22:25 +0900)]
Rename the netd service from "android.net.INetd" to "netd".
Bug:
27239233
Change-Id: I34a5554604e6d8b8a50838c6911c28503cbf4540
Lorenzo Colitti [Tue, 2 Feb 2016 08:19:04 +0000 (17:19 +0900)]
Initial netd binder interface.
In this change:
1. AIDL files for a new, android.net.INetd service, and
corresponding implementation using generated code. For now the
interface is just a prototype: it only has one trivial method.
2. Permission checking code to check for CONNECTIVITY_INTERNAL.
3. Add a Big Netd Lock and provide a wrapper that makes it easy
to ensure that it is taken by every CommandListener command.
Bug:
27239233
Change-Id: I448d0ac233edd0e351a7fe7f13901fb6871683a2
Pierre Imai [Thu, 18 Feb 2016 04:13:12 +0000 (13:13 +0900)]
Add test for DNS resolver code in netd.
Change-Id: I92466868ae32ee67fb5d17c7758a7841f614e827
Lorenzo Colitti [Wed, 17 Feb 2016 03:06:57 +0000 (03:06 +0000)]
Merge "Use SOCK_DESTROY in netd." into nyc-dev
Lorenzo Colitti [Sun, 14 Feb 2016 16:09:14 +0000 (01:09 +0900)]
Use SOCK_DESTROY in netd.
Bug:
26976388
Change-Id: I1965ece8ae65d78323b5a49eeebefe29677be63f
Erik Kline [Tue, 16 Feb 2016 23:56:16 +0000 (23:56 +0000)]
Switch to ifc_add_address() for setcfg
am:
397fbc056c
* commit '
397fbc056c1ae1478f0311feab3a8a44cc6a4685':
Switch to ifc_add_address() for setcfg
Erik Kline [Fri, 5 Feb 2016 09:06:15 +0000 (18:06 +0900)]
Switch to ifc_add_address() for setcfg
This avoids the issue where, for example, 10.0.0.1/8 is added first,
then 10.0.0.1/8 is deleted, and 10.0.0.1/24 is added. Netlink changes
observed at the wrong time would make it seem as though IPv4 had
been lost when in fact everthing was fine.
Bug:
26991160
(cherry picked from commit
397fbc056c1ae1478f0311feab3a8a44cc6a4685)
Change-Id: Ia5a5fcdd01e0950ac099c2054d74f0c52aa20b9c
Lorenzo Colitti [Thu, 4 Feb 2016 15:57:26 +0000 (00:57 +0900)]
Support killing sockets using SOCK_DESTROY.
This gives netd the ability to close sockets on a particular
source IP address using SOCK_DESTROY. It does not yet enable
this behaviour.
The microbenchmark is able to close 500 IPv6 sockets in ~30ms on
my angler. Specifically:
- Scanning 500 socketpairs: ~5ms
- Scanning 500 socketpairs and killing one half of each: ~30ms
- Scanning 500 socketpairs and killing both halves of each: ~40ms
This is about ~2.5x-3.5x slower than SIOCKILLADDR:
- For 500 sockets, it's 9.5ms vs. 22.9ms.
- For 4000 sockets, it's ~40ms vs ~135ms.
A large part of that is due to sending RST packets, which
SIOCKILLADDR does not do. If the kernel is modified so that
SOCK_DESTROY does not send RSTs, the time taken to kill 4000
sockets goes down to ~70ms
Batching the destroy operations does not help much. It saves
5-10%, but it complicates error handling.
Bug:
26976388
Change-Id: I2e1ac30af5dbcdb98dbb7c6e4d4d67c55b9fd00f
Felipe Leme [Thu, 11 Feb 2016 02:12:39 +0000 (18:12 -0800)]
Created a firewall chain for power save mode.
When power-save mode was first implemented, there were no firewall rules
on netd, so the solution was to make all network interface metered and
re-use the bw_penalty_box chain.
This change removes that workaround by creating a explicit fw_powersave
chain, whose behavior is similar to fw_dozable (in fact, it reuses some
of its code); such change not only makes network restrictions on
power-save mode simpler, but it also allows to optimze how the restrict
network rules are changed.
BUG:
27127112
Change-Id: I52aee49d80386594e3a52fea9667d580d2d944a1
Erik Kline [Fri, 5 Feb 2016 09:06:15 +0000 (18:06 +0900)]
Switch to ifc_add_address() for setcfg
This avoids the issue where, for example, 10.0.0.1/8 is added first,
then 10.0.0.1/8 is deleted, and 10.0.0.1/24 is added. Netlink changes
observed at the wrong time would make it seem as though IPv4 had
been lost when in fact everthing was fine.
Bug:
26991160
Change-Id: If0dad2993f818686ef8a99618e779813e9c7af90
Erik Kline [Tue, 5 Jan 2016 05:14:40 +0000 (05:14 +0000)]
Merge "Revert "Tell dnsmasq not to start wildcard sockets""
Erik Kline [Tue, 5 Jan 2016 03:52:07 +0000 (03:52 +0000)]
Revert "Tell dnsmasq not to start wildcard sockets"
This reverts commit
f1dfabed0a9b6ee9c37b64db3bbcb656281d4771.
The 3.4 kernel does not have SO_REUSEPORT functionality but the
headers #define it, so dnsmasq tries to use it and setsockopt
duly fails.
This is not a problem on 3.10 and later kernels, but reverting anyway.
Bug:
9580643
Bug:
26301652
Change-Id: I2322a80caa76ee4b7bb290f1665081b17d86fd43
Sreeram Ramachandran [Thu, 24 Dec 2015 02:15:25 +0000 (18:15 -0800)]
Don\'t use framework permission strings for netd permissions. am:
5c8c42e90f am:
3b61825abc am:
a8c4601961 am:
296f2ef5c1
am:
dccd7e51e3
* commit '
dccd7e51e369cea69d0200eda6e49615a6318d8d':
Erik Kline [Thu, 17 Dec 2015 06:48:18 +0000 (06:48 +0000)]
Merge "Tell dnsmasq not to start wildcard sockets"
Elliott Hughes [Sat, 5 Dec 2015 00:55:50 +0000 (00:55 +0000)]
Merge "Track rename from base/ to android-base/." am:
c4f60ec960
am:
569ec05819
* commit '
569ec05819d63f57e680a01f54119ea2df462192':
Track rename from base/ to android-base/.
Elliott Hughes [Fri, 4 Dec 2015 23:57:31 +0000 (23:57 +0000)]
Merge "Track rename from base/ to android-base/."
am:
c4f60ec960
* commit '
c4f60ec960885154863824dc2f9eb1e4b84f4b9d':
Track rename from base/ to android-base/.
Elliott Hughes [Fri, 4 Dec 2015 23:45:39 +0000 (23:45 +0000)]
Merge "Track rename from base/ to android-base/."
Elliott Hughes [Fri, 4 Dec 2015 23:45:10 +0000 (15:45 -0800)]
Track rename from base/ to android-base/.
Change-Id: Ice6d43c0f9b16b8fb441158a0f7344dfbf969dea
Lorenzo Colitti [Wed, 25 Nov 2015 13:13:57 +0000 (22:13 +0900)]
Support scoped addresses as tethered DNS servers.
Bug:
9580643
Change-Id: Id086ff9194097fc1e0ab8e2e58e6ff843303f051
Sreeram Ramachandran [Fri, 20 Nov 2015 04:28:36 +0000 (04:28 +0000)]
Don\'t use framework permission strings for netd permissions. am:
5c8c42e90f am:
3b61825abc am:
a8c4601961 am:
296f2ef5c1
am:
b338d7c705
* commit '
b338d7c705e81fefd8a2b8d2613ce05986c2809e':
Don't use framework permission strings for netd permissions.
Sreeram Ramachandran [Fri, 20 Nov 2015 04:21:09 +0000 (04:21 +0000)]
Don\'t use framework permission strings for netd permissions. am:
5c8c42e90f am:
3b61825abc am:
a8c4601961
am:
296f2ef5c1
* commit '
296f2ef5c1fc8b7d865cbad7c071d5d9dc7a4698':
Don't use framework permission strings for netd permissions.
Sreeram Ramachandran [Thu, 19 Nov 2015 16:39:59 +0000 (16:39 +0000)]
Don\'t use framework permission strings for netd permissions. am:
5c8c42e90f am:
3b61825abc am:
a8c4601961
am:
296f2ef5c1
* commit '
296f2ef5c1fc8b7d865cbad7c071d5d9dc7a4698':
Don't use framework permission strings for netd permissions.
Sreeram Ramachandran [Thu, 19 Nov 2015 16:19:47 +0000 (16:19 +0000)]
Don\'t use framework permission strings for netd permissions. am:
5c8c42e90f am:
3b61825abc
am:
a8c4601961
* commit '
a8c4601961ee82d9e5a1646cda5e6dec491b98f6':
Don't use framework permission strings for netd permissions.
Sreeram Ramachandran [Thu, 19 Nov 2015 16:14:41 +0000 (16:14 +0000)]
Don\'t use framework permission strings for netd permissions. am:
5c8c42e90f
am:
3b61825abc
* commit '
3b61825abc108135f992f7fe1ffbe8d99f5fd85d':
Don't use framework permission strings for netd permissions.
Sreeram Ramachandran [Thu, 19 Nov 2015 16:04:24 +0000 (16:04 +0000)]
Don\'t use framework permission strings for netd permissions.
am:
5c8c42e90f
* commit '
5c8c42e90f7c5ad609c477f54dc9a62ddea7875a':
Don't use framework permission strings for netd permissions.
Sreeram Ramachandran [Tue, 4 Nov 2014 18:18:25 +0000 (10:18 -0800)]
Don't use framework permission strings for netd permissions.
These framework permission strings were being used as arbitrary labels
that mapped to netd permissions that have completely different meaning.
This leads to confusion, so use different strings.
This is being cherry picked from lmp-mr1-dev to lmp-dev to fix failures
when creating restricted networks due to prior back-port
a120442.
Bug:
21900139
Bug:
18194858
Change-Id: Ib3ec377ab26ce904d3d4678f04edec6cb1260517
(cherry picked from commit
584dbee59ceb7750e22c48371342635aa6a98517)
Erik Kline [Fri, 13 Nov 2015 11:30:22 +0000 (20:30 +0900)]
Tell dnsmasq not to start wildcard sockets
Bug:
9580643
Change-Id: I8c95c15970d6ed72dc44cec42c4eb78e18ed46ba
Erik Kline [Fri, 13 Nov 2015 07:26:27 +0000 (16:26 +0900)]
Pass both IPv4 and IPv6 nameservers to dnsmasq
Additionally, store and return a list of strings for
DNS forwarders, since that's what is most useful. These
strings are guaranteed to be valid IP string literals by
virtue of validation on input.
Bug:
9580643
Change-Id: I4fbaf19835055b12e38d585c0bfba0d2b18b9717
Erik Kline [Thu, 12 Nov 2015 08:49:23 +0000 (17:49 +0900)]
Change dnsmasq input command argument separator
Heretofore netd issued commands to dnsmasq over a stdin channel
using ":" as an argument separator. This make it very complicated
to issue commands that involve IPv6 addresses.
This changes the separator from ":" to "|".
Additionally:
- Pass DHCP range string literals through to startTethering(),
still performing string literal to IPv4 address validation.
Bug:
9580643
Change-Id: I210daf311a4c3d84dae3ed054b92c9fa399a791f
Kenny Root [Thu, 5 Nov 2015 19:56:13 +0000 (19:56 +0000)]
Merge "system/netd: check return value of PKCS5_PBKDF2_HMAC_SHA1."
am:
b407c9b318
* commit '
b407c9b318b07c0f659444d0295380e7fd48ed77':
system/netd: check return value of PKCS5_PBKDF2_HMAC_SHA1.
Kenny Root [Thu, 5 Nov 2015 19:29:20 +0000 (19:29 +0000)]
Merge "system/netd: check return value of PKCS5_PBKDF2_HMAC_SHA1."
Adam Langley [Wed, 4 Nov 2015 22:35:25 +0000 (14:35 -0800)]
system/netd: check return value of PKCS5_PBKDF2_HMAC_SHA1.
The function PKCS5_PBKDF2_HMAC_SHA1 can fail for a number of reasons and
thus its return value should be checked and handled.
Change-Id: I63bd1378e78926372309072c3fa821666cac1b01
Gaurav Shah [Mon, 2 Nov 2015 06:02:30 +0000 (06:02 +0000)]
Merge "netd: Add NOTICE and MODULE_LICENSE_* files" am:
04c820c5f1
am:
8a55a1b087
* commit '
8a55a1b087de5882808495e1a85e5ca52ef470a1':
netd: Add NOTICE and MODULE_LICENSE_* files
Gaurav Shah [Mon, 2 Nov 2015 02:35:03 +0000 (02:35 +0000)]
Merge "netd: Add NOTICE and MODULE_LICENSE_* files"
am:
04c820c5f1
* commit '
04c820c5f1591e1afd287519efd1a4df162d2551':
netd: Add NOTICE and MODULE_LICENSE_* files
Gaurav Shah [Mon, 2 Nov 2015 02:33:15 +0000 (02:33 +0000)]
Merge "netd: Add NOTICE and MODULE_LICENSE_* files"
Gaurav Shah [Fri, 2 Oct 2015 22:47:47 +0000 (15:47 -0700)]
netd: Add NOTICE and MODULE_LICENSE_* files
BUG:
24605215
Change-Id: Ice2df1dcaca7af089e6228c4bbf5b5b285b51622
Erik Kline [Fri, 2 Oct 2015 08:52:37 +0000 (17:52 +0900)]
Always add costly interfaces to the bw_FORWARD chain
This adds a jump to bw_costly_<ifname> for traffic forwarded out
interface <ifname> to the bw_FORWARD chain, regardless of tethering
state (as having it safely in place is harmless).
Bug:
24497044
Change-Id: I165724c319051ddf29a2833912eb286368b0570d
Lorenzo Colitti [Thu, 3 Sep 2015 17:35:36 +0000 (17:35 +0000)]
am
4485c500: am
c8683d7e: Don\'t break IPv6 connectivity when in doze mode.
* commit '
4485c500f838726ded5a910364469eace225db28':
Don't break IPv6 connectivity when in doze mode.
Lorenzo Colitti [Thu, 3 Sep 2015 06:21:38 +0000 (06:21 +0000)]
am
c8683d7e: Don\'t break IPv6 connectivity when in doze mode.
* commit '
c8683d7eb9bb95de2090431e8daaa45d92b45e38':
Don't break IPv6 connectivity when in doze mode.
Lorenzo Colitti [Tue, 1 Sep 2015 07:53:35 +0000 (16:53 +0900)]
Don't break IPv6 connectivity when in doze mode.
Working IPv6 connectivity relies on the kernel being able to
receive certain ICMPv6 packets (router advertisements, neighbour
solicitations, neighbour advertisements) at all times. Allow
these packets when in doze mode.
This is not necessary for IPv4 because in IPv4 these functions
use ARP, which is invisible to iptables.
Bug:
23158230
Change-Id: I29ed77561db9688486cf58cd14ac3bce7fce4b40
Tom Cherry [Thu, 27 Aug 2015 20:21:55 +0000 (20:21 +0000)]
am
88d94fd9: am
f228899a: (-s ours) am
8246d45e: Merge "bundle init.rc contents with its service"
* commit '
88d94fd9f69942b0a0789af26d32d4046c715855':
Yusuke Sato [Thu, 27 Aug 2015 20:21:54 +0000 (20:21 +0000)]
am
916188db: am
56cc45f1: (-s ours) am
f2fed764: Make iptables -L and -S calls wait for xtables lock
* commit '
916188db012f458aeab7c6857db2dc1618a98a26':
Yusuke Sato [Thu, 27 Aug 2015 20:21:54 +0000 (20:21 +0000)]
am
d9c0c36a: am
c132be49: (-s ours) am
93e6f6a7: Merge "Make iptables -L and -S calls wait for xtables lock"
* commit '
d9c0c36ad3141d23a8621ce0325bf727c035b5cf':
Tom Cherry [Thu, 27 Aug 2015 11:28:08 +0000 (11:28 +0000)]
am
f228899a: (-s ours) am
8246d45e: Merge "bundle init.rc contents with its service"
* commit '
f228899aef79c5bad319aa88e1861da225b18fc0':
Yusuke Sato [Thu, 27 Aug 2015 11:28:07 +0000 (11:28 +0000)]
am
56cc45f1: (-s ours) am
f2fed764: Make iptables -L and -S calls wait for xtables lock
* commit '
56cc45f112c1bb21784e1763a4bf748351063f5a':
Yusuke Sato [Thu, 27 Aug 2015 11:28:06 +0000 (11:28 +0000)]
am
c132be49: (-s ours) am
93e6f6a7: Merge "Make iptables -L and -S calls wait for xtables lock"
* commit '
c132be495ffeae7c393175c66943195dee84479e':
Tom Cherry [Fri, 21 Aug 2015 18:31:28 +0000 (18:31 +0000)]
am
4e9e23c5: am
8246d45e: Merge "bundle init.rc contents with its service"
* commit '
4e9e23c50a080719f55e54db783f0c2cb130c95b':
bundle init.rc contents with its service
Tom Cherry [Fri, 21 Aug 2015 18:24:15 +0000 (18:24 +0000)]
am
8246d45e: Merge "bundle init.rc contents with its service"
* commit '
8246d45e94bfb0ce878f41a01602b7b8d78c40ad':
bundle init.rc contents with its service
Tom Cherry [Fri, 21 Aug 2015 18:20:20 +0000 (18:20 +0000)]
am
8246d45e: Merge "bundle init.rc contents with its service"
* commit '
8246d45e94bfb0ce878f41a01602b7b8d78c40ad':
bundle init.rc contents with its service
Tom Cherry [Fri, 21 Aug 2015 17:42:33 +0000 (17:42 +0000)]
Merge "bundle init.rc contents with its service"
Yusuke Sato [Fri, 21 Aug 2015 03:05:28 +0000 (03:05 +0000)]
am
fc794e75: am
f2fed764: Make iptables -L and -S calls wait for xtables lock
* commit '
fc794e75599c1de7bab68fda54b7fdcb191834f9':
Make iptables -L and -S calls wait for xtables lock
Yusuke Sato [Fri, 21 Aug 2015 02:59:13 +0000 (02:59 +0000)]
am
f2fed764: Make iptables -L and -S calls wait for xtables lock
* commit '
f2fed7647ede2ae39a76d50cf4abc9e57b49d40d':
Make iptables -L and -S calls wait for xtables lock
Yusuke Sato [Fri, 21 Aug 2015 01:49:23 +0000 (01:49 +0000)]
am
f2fed764: Make iptables -L and -S calls wait for xtables lock
* commit '
f2fed7647ede2ae39a76d50cf4abc9e57b49d40d':
Make iptables -L and -S calls wait for xtables lock
Yusuke Sato [Thu, 20 Aug 2015 19:31:51 +0000 (19:31 +0000)]
am
93e6f6a7: Merge "Make iptables -L and -S calls wait for xtables lock"
* commit '
93e6f6a70c83b700aacaa16396449c3d9946b94c':
Make iptables -L and -S calls wait for xtables lock
Tom Cherry [Fri, 14 Aug 2015 20:06:31 +0000 (13:06 -0700)]
bundle init.rc contents with its service
Bug:
23186545
Change-Id: Iab00111d55494def6009c7b6c0da56ecd4b6aa9f
Yusuke Sato [Wed, 19 Aug 2015 20:47:30 +0000 (13:47 -0700)]
Make iptables -L and -S calls wait for xtables lock
(cherry picked from commit
99b40503edccae74d0917b9d1e17a5939ac7193b)
Bug:
22802665
Change-Id: Ief59212ab976af940887508fab706b5be07005c6
Yusuke Sato [Thu, 20 Aug 2015 04:10:33 +0000 (04:10 +0000)]
am
7e5323d7: am
93e6f6a7: Merge "Make iptables -L and -S calls wait for xtables lock"
* commit '
7e5323d7663710208036e08a6fd43929739939cd':
Make iptables -L and -S calls wait for xtables lock
Yusuke Sato [Thu, 20 Aug 2015 04:04:04 +0000 (04:04 +0000)]
am
93e6f6a7: Merge "Make iptables -L and -S calls wait for xtables lock"
* commit '
93e6f6a70c83b700aacaa16396449c3d9946b94c':
Make iptables -L and -S calls wait for xtables lock
Yusuke Sato [Thu, 20 Aug 2015 03:49:15 +0000 (03:49 +0000)]
Merge "Make iptables -L and -S calls wait for xtables lock"
Yusuke Sato [Wed, 19 Aug 2015 20:47:30 +0000 (13:47 -0700)]
Make iptables -L and -S calls wait for xtables lock
Bug:
22802665
Change-Id: I95b83ec0a926208e20659ad4b5355cf8500821f5
Stephen Hines [Tue, 18 Aug 2015 00:16:59 +0000 (17:16 -0700)]
Remove unnecessary __attribute__((optnone)).
Bug:
23239997
Now that the underlying bug has been fixed, we no longer need to
suppress optimizations to work around it.
Change-Id: I9d450636598f62f4b890e09861b89853193b0a29
Stephen Hines [Tue, 18 Aug 2015 16:19:27 +0000 (16:19 +0000)]
am
f86df558: Move local union such that it doesn\'t escape (and get optimized out).
* commit '
f86df5580e86c2405c71c708408eeee57b38c0d3':
Move local union such that it doesn't escape (and get optimized out).
Stephen Hines [Tue, 18 Aug 2015 00:16:59 +0000 (17:16 -0700)]
Move local union such that it doesn't escape (and get optimized out).
Bug:
23239997
The Clang update exposed a latent bug in the code here, where a pointer
to a local variable escaped the encapsulating block. Clang noticed the
end of this object's lifetime, and removed assignments to its original
storage (because they are now dead assignments). By moving the union out
of the block, it will survive until the sendmsg() call, and the expected
writes will be restored.
Change-Id: If2106d2f53d761ddca6dd26ab2648244d737dcd9
Stephen Hines [Sun, 16 Aug 2015 19:45:13 +0000 (12:45 -0700)]
WAR: Set optnone for FwmarkClient::send to work around LLVM update bug.
Bug:
23239997
Without this attribute, we constantly see SocketClient unable to write
because of a broken pipe. Skipping optimizations on this function allows
things to work properly again.
Change-Id: I6b5a16a0bae86f4a12f59842b5563e0b815fcd9d
Erik Kline [Thu, 30 Jul 2015 03:35:36 +0000 (12:35 +0900)]
Pass through AI_ADDRCONFIG
In combination with the use of the use_oif_addrs_only sysctl, the bionic
getaddrinfo behaviour on non-default networks is now the same as it has
been for default networks.
Bug:
20733156
Change-Id: I37e764f1bc1c8efb0c1b47da35558717d2aa5756
Paul Jensen [Tue, 4 Aug 2015 18:37:33 +0000 (18:37 +0000)]
am
451ca998: Merge "Make netd calls to iptables wait for xtables lock" into mnc-dev
* commit '
451ca998f1eed36d5fefb5593ed43605c4d6c0bd':
Make netd calls to iptables wait for xtables lock
Paul Jensen [Tue, 4 Aug 2015 17:56:55 +0000 (17:56 +0000)]
Merge "Make netd calls to iptables wait for xtables lock" into mnc-dev
Paul Jensen [Tue, 4 Aug 2015 14:35:05 +0000 (10:35 -0400)]
Make netd calls to iptables wait for xtables lock
Without this wait iptables commands can fail with various unpleasant
consequences like Log.wtf() or missing iptables rules. The most
critical calls to iptables in NetdConstants.cpp already wait for the
lock.
Bug:
22802665
Change-Id: I7d542c3d4f0e005618e368da674159b90d652c8a
Erik Kline [Thu, 30 Jul 2015 03:16:30 +0000 (03:16 +0000)]
am
7adf8d71: Enable use_oif_addrs_only in netd.
* commit '
7adf8d71b80a729354c358d7a0110651750db5f2':
Enable use_oif_addrs_only in netd.
Erik Kline [Tue, 28 Jul 2015 09:51:01 +0000 (18:51 +0900)]
Enable use_oif_addrs_only in netd.
Bug:
19470192
Bug:
21832279
Bug:
22464419
Change-Id: I53a9e592a03fd16c124dcae2a47c6ac2e9049c48
Erik Kline [Mon, 6 Jul 2015 16:03:02 +0000 (16:03 +0000)]
am
cea2d345: Use struct android_net_context when interfacing with bionic
* commit '
cea2d3455eb7c0d9ad1430607cbe98cc09251c1f':
Use struct android_net_context when interfacing with bionic
Erik Kline [Thu, 25 Jun 2015 09:24:46 +0000 (18:24 +0900)]
Use struct android_net_context when interfacing with bionic
Add a new NetworkController::getNetworkContext() that builds the
contents of a struct net_context out of getNetworkForConnect()
and getNetworkForDns().
Bug:
19470192
Bug:
20733156
Bug:
21832279
Change-Id: I5a69b0413a83d33be28b78c0a99359b109517a8f
Xiaohui Chen [Fri, 26 Jun 2015 17:33:14 +0000 (17:33 +0000)]
am
feb2b61d: netd: add default fw white list for system uids
* commit '
feb2b61d3010d52e530357116c3b22c6d77da3cf':
netd: add default fw white list for system uids
Xiaohui Chen [Fri, 26 Jun 2015 04:19:38 +0000 (21:19 -0700)]
netd: add default fw white list for system uids
In uid firewall white list, we white list the system uid range
by default to make sure system processes will always have network
access.
BUG:
22094135
Change-Id: I8f472a98a9fd93591a2887982cec1458d7683613
Xiaohui Chen [Thu, 18 Jun 2015 00:22:38 +0000 (00:22 +0000)]
am
1cdfa9ad: netd: add two child chains to firewall
* commit '
1cdfa9adfa584029cb6d9ac13a2896786001b3a1':
netd: add two child chains to firewall
Xiaohui Chen [Mon, 8 Jun 2015 23:28:12 +0000 (16:28 -0700)]
netd: add two child chains to firewall
This is an attempt to speed up getting out of device idle. It groups
uid firewall rules in these child chains so we can attach/detach a whole
chain instead of individual uid rules.
BUG:
21446713
Change-Id: I61dc7d14110e633c5994e466481b9cac633a7a4f
Erik Kline [Wed, 3 Jun 2015 19:22:43 +0000 (19:22 +0000)]
am
3f95777d: Fix boolean to integer return value conversion.
* commit '
3f95777d2aafa6c0ac4671d55557cad0d04a223f':
Fix boolean to integer return value conversion.
Erik Kline [Wed, 3 Jun 2015 08:44:24 +0000 (17:44 +0900)]
Fix boolean to integer return value conversion.
Change-Id: Ie996c9b4f84f9cd8395abb592ecf0c04cfdc4023
Erik Kline [Wed, 13 May 2015 07:42:00 +0000 (07:42 +0000)]
am
fef7e149: Merge "InterfaceController::setBaseReachableTimeMs()" into mnc-dev
* commit '
fef7e149224681ba49bc39856c25610bb04c3735':
InterfaceController::setBaseReachableTimeMs()
Erik Kline [Wed, 13 May 2015 07:41:59 +0000 (07:41 +0000)]
am
660064bc: Merge "Partial refactoring and Android-type style changes." into mnc-dev
* commit '
660064bc50ce27913594399dece629254b00ad49':
Partial refactoring and Android-type style changes.
Erik Kline [Wed, 13 May 2015 07:20:22 +0000 (07:20 +0000)]
Merge "InterfaceController::setBaseReachableTimeMs()" into mnc-dev
Erik Kline [Wed, 13 May 2015 07:16:56 +0000 (07:16 +0000)]
Merge "Partial refactoring and Android-type style changes." into mnc-dev
Erik Kline [Tue, 12 May 2015 06:58:49 +0000 (15:58 +0900)]
InterfaceController::setBaseReachableTimeMs()
Add an InterfaceController::setBaseReachableTimeMs() method to set
the ARP/ND default reachable time, as configured in:
/proc/sys/net/ipv4/{interface}/base_reachable_time_ms
/proc/sys/net/ipv6/{interface}/base_reachable_time_ms
Bug:
18581716
Change-Id: Idc652e81396d81efe0f08bb1d6dc38bc8e554a56