merge in jb-release history after reset to jb-dev
diff --git a/BandwidthController.cpp b/BandwidthController.cpp
index 7f1aaf5..31cdcab 100644
--- a/BandwidthController.cpp
+++ b/BandwidthController.cpp
@@ -62,33 +62,32 @@
* Some comments about the rules:
* * Ordering
* - when an interface is marked as costly it should be INSERTED into the INPUT/OUTPUT chains.
- * E.g. "-I INPUT -i rmnet0 --jump costly"
+ * E.g. "-I bw_INPUT -i rmnet0 --jump costly"
* - quota'd rules in the costly chain should be before penalty_box lookups.
+ * - the qtaguid counting is done at the end of the bw_INPUT/bw_OUTPUT user chains.
*
* * global quota vs per interface quota
* - global quota for all costly interfaces uses a single costly chain:
* . initial rules
* iptables -N costly_shared
- * iptables -I INPUT -i iface0 --jump costly_shared
- * iptables -I OUTPUT -o iface0 --jump costly_shared
+ * iptables -I bw_INPUT -i iface0 --jump costly_shared
+ * iptables -I bw_OUTPUT -o iface0 --jump costly_shared
* iptables -I costly_shared -m quota \! --quota 500000 \
* --jump REJECT --reject-with icmp-net-prohibited
* iptables -A costly_shared --jump penalty_box
- * iptables -A costly_shared -m owner --socket-exists
*
* . adding a new iface to this, E.g.:
- * iptables -I INPUT -i iface1 --jump costly_shared
- * iptables -I OUTPUT -o iface1 --jump costly_shared
+ * iptables -I bw_INPUT -i iface1 --jump costly_shared
+ * iptables -I bw_OUTPUT -o iface1 --jump costly_shared
*
* - quota per interface. This is achieve by having "costly" chains per quota.
* E.g. adding a new costly interface iface0 with its own quota:
* iptables -N costly_iface0
- * iptables -I INPUT -i iface0 --jump costly_iface0
- * iptables -I OUTPUT -o iface0 --jump costly_iface0
+ * iptables -I bw_INPUT -i iface0 --jump costly_iface0
+ * iptables -I bw_OUTPUT -o iface0 --jump costly_iface0
* iptables -A costly_iface0 -m quota \! --quota 500000 \
* --jump REJECT --reject-with icmp-net-prohibited
* iptables -A costly_iface0 --jump penalty_box
- * iptables -A costly_iface0 -m owner --socket-exists
*
* * penalty_box handling:
* - only one penalty_box for all interfaces
@@ -107,6 +106,9 @@
"-F bw_FORWARD",
"-F penalty_box",
"-F costly_shared",
+
+ "-t raw -F bw_raw_PREROUTING",
+ "-t mangle -F bw_mangle_POSTROUTING",
};
/* The cleanup commands assume flushing has been done. */
@@ -115,11 +117,18 @@
"-D INPUT -j bw_INPUT",
"-D OUTPUT -j bw_OUTPUT",
"-D FORWARD -j bw_FORWARD",
+
+ "-t raw -D bw_raw_PREROUTING",
+ "-t mangle -D bw_mangle_POSTROUTING",
+
"-X bw_INPUT",
"-X bw_OUTPUT",
"-X bw_FORWARD",
"-X penalty_box",
"-X costly_shared",
+
+ "-t raw -X bw_raw_PREROUTING",
+ "-t mangle -X bw_mangle_POSTROUTING",
};
const char *BandwidthController::IPT_SETUP_COMMANDS[] = {
@@ -135,6 +144,11 @@
"-N costly_shared",
"-N penalty_box",
+
+ "-t raw -N bw_raw_PREROUTING",
+ "-t raw -A PREROUTING -j bw_raw_PREROUTING",
+ "-t mangle -N bw_mangle_POSTROUTING",
+ "-t mangle -A POSTROUTING -j bw_mangle_POSTROUTING",
};
const char *BandwidthController::IPT_BASIC_ACCOUNTING_COMMANDS[] = {
@@ -145,7 +159,9 @@
"-A bw_OUTPUT -m owner --socket-exists", /* This is a tracking rule. */
"-A costly_shared --jump penalty_box",
- "-A costly_shared -m owner --socket-exists", /* This is a tracking rule. */
+
+ "-t raw -A bw_raw_PREROUTING ! -i lo+ -m owner --socket-exists", /* This is a tracking rule. */
+ "-t mangle -A bw_mangle_POSTROUTING ! -o lo+ -m owner --socket-exists", /* This is a tracking rule. */
};
BandwidthController::BandwidthController(void) {
@@ -328,6 +344,7 @@
IptOp op;
int appUids[numUids];
std::string naughtyCmd;
+ std::list<int /*uid*/>::iterator it;
switch (appOp) {
case NaughtyAppOpAdd:
@@ -352,9 +369,30 @@
}
for (uidNum = 0; uidNum < numUids; uidNum++) {
- naughtyCmd = makeIptablesNaughtyCmd(op, appUids[uidNum]);
+ int uid = appUids[uidNum];
+ for (it = naughtyAppUids.begin(); it != naughtyAppUids.end(); it++) {
+ if (*it == uid)
+ break;
+ }
+ bool found = (it != naughtyAppUids.end());
+
+ if (appOp == NaughtyAppOpRemove) {
+ if (!found) {
+ ALOGE("No such appUid %d to remove", uid);
+ return -1;
+ }
+ naughtyAppUids.erase(it);
+ } else {
+ if (found) {
+ ALOGE("appUid %d exists already", uid);
+ return -1;
+ }
+ naughtyAppUids.push_front(uid);
+ }
+
+ naughtyCmd = makeIptablesNaughtyCmd(op, uid);
if (runIpxtablesCmd(naughtyCmd.c_str(), IptRejectAdd)) {
- ALOGE(failLogTemplate, appUids[uidNum]);
+ ALOGE(failLogTemplate, uid);
goto fail_with_uidNum;
}
}
@@ -422,8 +460,6 @@
snprintf(cmd, sizeof(cmd), "-A %s -j penalty_box", costCString);
res |= runIpxtablesCmd(cmd, IptRejectNoAdd);
- snprintf(cmd, sizeof(cmd), "-A %s -m owner --socket-exists", costCString);
- res |= runIpxtablesCmd(cmd, IptRejectNoAdd);
break;
case QuotaShared:
costCString = "costly_shared";
diff --git a/NetlinkHandler.cpp b/NetlinkHandler.cpp
index 9a0a844..94e9240 100644
--- a/NetlinkHandler.cpp
+++ b/NetlinkHandler.cpp
@@ -52,8 +52,6 @@
return;
}
- ALOGV("subsystem %s", subsys);
-
if (!strcmp(subsys, "net")) {
int action = evt->getAction();
const char *iface = evt->findParam("INTERFACE");
@@ -83,6 +81,11 @@
if (state)
notifyInterfaceActivity(iface, !strcmp("active", state));
+#if !LOG_NDEBUG
+ } else if (strcmp(subsys, "platform") && strcmp(subsys, "backlight")) {
+ /* It is not a VSYNC or a backlight event */
+ ALOGV("unexpected event from subsystem %s", subsys);
+#endif
}
}
