system/netd: bandwidth management initial support (uid+tag stats)
This is a minimalistic version to get accounting of data going
through tagged socket per uid.
When netd starts up the BandwidthController, it will look at the
properties for
persist.bandwidth.enable=1
and enabled it.
It needs the kernel with the xt_qtaguid + iptables/netfilter goodness.
stlport is ok to use.
The "owner" netfilter module used is actually our xt_qtaguid that acts as it
(just until we get around to talking directly the to kernel).
Once
"ndc bandwidth enable"
is invoked all traffic is counted against the UIDs receiving/sending it.
This allows BlockGuard.java to "tag" sockets and see stats for the tags.
Data shows up in
/proc/net/xt_qtaguid/stats
/proc/net/xt_qtaguid/iface_stat/<iface>/
rx_packets_tcp
rx_bytes_tcp
...
There is no <uid>/...
Supported commands:
- "ndc bandwidth enable"
will setup the needed iptable entries to track tag/uid.
- "ndc bandwidth disable"
will remove the iptable entries.
- "ndc bandwidth setquota <iface> <value>"
will set a quota on the iface.
Once quota is reached, packets are rejected.
With the correct kernel, rejects are turned in socket errors.
TODO
----
* make bandwidth controller cooperate with tethering.
- they both manipulate the iptables.
Change-Id: Ieb9e7c60ef8c974e99828f7833065d59b2922bf3
diff --git a/BandwidthController.h b/BandwidthController.h
new file mode 100644
index 0000000..db57208
--- /dev/null
+++ b/BandwidthController.h
@@ -0,0 +1,47 @@
+/*
+ * Copyright (C) 2011 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef _BANDWIDTH_CONTROLLER_H
+#define _BANDWIDTH_CONTROLLER_H
+
+#include <list>
+#include <string>
+
+class BandwidthController {
+public:
+ BandwidthController();
+ int enableBandwidthControl(void);
+ int disableBandwidthControl(void);
+ int setInterfaceQuota(const char *iface, int64_t bytes);
+
+protected:
+ int runCommands(const char *commands[], int numCommands,
+ bool allowFailure = false);
+ int removeQuota(const char *iface);
+ std::list<std::string /*ifaceName*/> ifaceRules;
+
+private:
+ static const char *cleanupCommands[];
+ static const char *setupCommands[];
+ static const char *basicAccountingCommands[];
+ static const int MAX_CMD_LEN;
+ static const int MAX_IFACENAME_LEN;
+ static const int MAX_CMD_ARGS;
+ static const char IPTABLES_PATH[];
+
+ static int runIptablesCmd(const char *cmd);
+};
+
+#endif