JP Abgrall | 4a5f5ca | 2011-06-15 18:37:39 -0700 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (C) 2011 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
| 17 | #include <stdlib.h> |
JP Abgrall | 4a5f5ca | 2011-06-15 18:37:39 -0700 | [diff] [blame] | 18 | #include <fcntl.h> |
| 19 | #include <string.h> |
| 20 | |
| 21 | #include <sys/socket.h> |
| 22 | #include <sys/stat.h> |
| 23 | #include <sys/types.h> |
| 24 | #include <sys/wait.h> |
| 25 | |
| 26 | #include <linux/netlink.h> |
| 27 | #include <linux/rtnetlink.h> |
| 28 | #include <linux/pkt_sched.h> |
| 29 | |
| 30 | #define LOG_TAG "BandwidthController" |
| 31 | #include <cutils/log.h> |
| 32 | #include <cutils/properties.h> |
| 33 | |
| 34 | extern "C" int logwrap(int argc, const char **argv, int background); |
| 35 | |
| 36 | #include "BandwidthController.h" |
| 37 | |
JP Abgrall | fa6f46d | 2011-06-17 23:17:28 -0700 | [diff] [blame] | 38 | const int BandwidthController::MAX_CMD_LEN = 1024; |
JP Abgrall | 4a5f5ca | 2011-06-15 18:37:39 -0700 | [diff] [blame] | 39 | const int BandwidthController::MAX_IFACENAME_LEN = 64; |
| 40 | const int BandwidthController::MAX_CMD_ARGS = 32; |
| 41 | const char BandwidthController::IPTABLES_PATH[] = "/system/bin/iptables"; |
JP Abgrall | fa6f46d | 2011-06-17 23:17:28 -0700 | [diff] [blame] | 42 | const char BandwidthController::IP6TABLES_PATH[] = "/system/bin/ip6tables"; |
JP Abgrall | 4a5f5ca | 2011-06-15 18:37:39 -0700 | [diff] [blame] | 43 | |
| 44 | /** |
| 45 | * Some comments about the rules: |
| 46 | * * Ordering |
| 47 | * - when an interface is marked as costly it should be INSERTED into the INPUT/OUTPUT chains. |
| 48 | * E.g. "-I INPUT -i rmnet0 --goto costly" |
| 49 | * - quota'd rules in the costly chain should be before penalty_box lookups. |
| 50 | * |
| 51 | * * global quota vs per interface quota |
| 52 | * - global quota for all costly interfaces uses a single costly chain: |
| 53 | * . initial rules |
| 54 | * iptables -N costly |
| 55 | * iptables -I INPUT -i iface0 --goto costly |
| 56 | * iptables -I OUTPUT -o iface0 --goto costly |
| 57 | * iptables -I costly -m quota \! --quota 500000 --jump REJECT --reject-with icmp-net-prohibited |
| 58 | * iptables -A costly --jump penalty_box |
| 59 | * iptables -A costly -m owner --socket-exists |
| 60 | * . adding a new iface to this, E.g.: |
| 61 | * iptables -I INPUT -i iface1 --goto costly |
| 62 | * iptables -I OUTPUT -o iface1 --goto costly |
| 63 | * |
| 64 | * - quota per interface. This is achieve by having "costly" chains per quota. |
| 65 | * E.g. adding a new costly interface iface0 with its own quota: |
| 66 | * iptables -N costly_iface0 |
| 67 | * iptables -I INPUT -i iface0 --goto costly_iface0 |
| 68 | * iptables -I OUTPUT -o iface0 --goto costly_iface0 |
| 69 | * iptables -A costly_iface0 -m quota \! --quota 500000 --jump REJECT --reject-with icmp-net-prohibited |
| 70 | * iptables -A costly_iface0 --jump penalty_box |
| 71 | * iptables -A costly_iface0 -m owner --socket-exists |
| 72 | * |
| 73 | * * penalty_box handling: |
| 74 | * - only one penalty_box for all interfaces |
| 75 | * E.g Adding an app: |
| 76 | * iptables -A penalty_box -m owner --uid-owner app_3 --jump REJECT --reject-with icmp-net-prohibited |
| 77 | */ |
| 78 | const char *BandwidthController::cleanupCommands[] = { |
JP Abgrall | 0dad7c2 | 2011-06-24 11:58:14 -0700 | [diff] [blame] | 79 | /* Cleanup rules. */ |
| 80 | "-F", |
| 81 | "-t raw -F", |
| 82 | "-X costly", |
| 83 | "-X penalty_box", |
| 84 | }; |
JP Abgrall | 4a5f5ca | 2011-06-15 18:37:39 -0700 | [diff] [blame] | 85 | |
| 86 | const char *BandwidthController::setupCommands[] = { |
JP Abgrall | 0dad7c2 | 2011-06-24 11:58:14 -0700 | [diff] [blame] | 87 | /* Created needed chains. */ |
| 88 | "-N costly", |
| 89 | "-N penalty_box", |
| 90 | }; |
JP Abgrall | 4a5f5ca | 2011-06-15 18:37:39 -0700 | [diff] [blame] | 91 | |
JP Abgrall | 0dad7c2 | 2011-06-24 11:58:14 -0700 | [diff] [blame] | 92 | const char *BandwidthController::basicAccountingCommands[] = { |
| 93 | "-F INPUT", |
| 94 | "-A INPUT -i lo --jump ACCEPT", |
| 95 | "-A INPUT -m owner --socket-exists", /* This is a tracking rule. */ |
JP Abgrall | 4a5f5ca | 2011-06-15 18:37:39 -0700 | [diff] [blame] | 96 | |
JP Abgrall | 0dad7c2 | 2011-06-24 11:58:14 -0700 | [diff] [blame] | 97 | "-F OUTPUT", |
| 98 | "-A OUTPUT -o lo --jump ACCEPT", |
| 99 | "-A OUTPUT -m owner --socket-exists", /* This is a tracking rule. */ |
JP Abgrall | 4a5f5ca | 2011-06-15 18:37:39 -0700 | [diff] [blame] | 100 | |
JP Abgrall | 0dad7c2 | 2011-06-24 11:58:14 -0700 | [diff] [blame] | 101 | "-F costly", |
| 102 | "-A costly --jump penalty_box", |
| 103 | "-A costly -m owner --socket-exists", /* This is a tracking rule. */ |
| 104 | /* TODO(jpa): Figure out why iptables doesn't correctly return from this |
| 105 | * chain. For now, hack the chain exit with an ACCEPT. |
| 106 | */ |
| 107 | "-A costly --jump ACCEPT", |
| 108 | }; |
JP Abgrall | 4a5f5ca | 2011-06-15 18:37:39 -0700 | [diff] [blame] | 109 | |
| 110 | BandwidthController::BandwidthController(void) { |
| 111 | |
| 112 | char value[PROPERTY_VALUE_MAX]; |
| 113 | |
| 114 | property_get("persist.bandwidth.enable", value, "0"); |
| 115 | if (!strcmp(value, "1")) { |
| 116 | enableBandwidthControl(); |
| 117 | } |
| 118 | |
| 119 | } |
| 120 | |
JP Abgrall | 26e0d49 | 2011-06-24 19:21:51 -0700 | [diff] [blame^] | 121 | int BandwidthController::runIpxtablesCmd(const char *cmd, IptRejectOp rejectHandling) { |
JP Abgrall | 0dad7c2 | 2011-06-24 11:58:14 -0700 | [diff] [blame] | 122 | int res = 0; |
JP Abgrall | 26e0d49 | 2011-06-24 19:21:51 -0700 | [diff] [blame^] | 123 | LOGD("runIpxtablesCmd(cmd=%s)", cmd); |
| 124 | res |= runIptablesCmd(cmd, rejectHandling, IptIpV4); |
| 125 | res |= runIptablesCmd(cmd, rejectHandling, IptIpV6); |
JP Abgrall | 0dad7c2 | 2011-06-24 11:58:14 -0700 | [diff] [blame] | 126 | return res; |
| 127 | } |
| 128 | |
JP Abgrall | 26e0d49 | 2011-06-24 19:21:51 -0700 | [diff] [blame^] | 129 | int BandwidthController::StrncpyAndCheck(char *buffer, const char *src, size_t buffSize) { |
| 130 | |
| 131 | memset(buffer, '\0', buffSize); // strncpy() is not filling leftover with '\0' |
| 132 | strncpy(buffer, src, buffSize); |
| 133 | return buffer[buffSize - 1]; |
| 134 | } |
| 135 | |
| 136 | int BandwidthController::runIptablesCmd(const char *cmd, IptRejectOp rejectHandling, IptIpVer iptVer) { |
| 137 | char buffer[MAX_CMD_LEN]; |
JP Abgrall | 4a5f5ca | 2011-06-15 18:37:39 -0700 | [diff] [blame] | 138 | const char *argv[MAX_CMD_ARGS]; |
JP Abgrall | 26e0d49 | 2011-06-24 19:21:51 -0700 | [diff] [blame^] | 139 | int argc = 0; |
JP Abgrall | 4a5f5ca | 2011-06-15 18:37:39 -0700 | [diff] [blame] | 140 | char *next = buffer; |
| 141 | char *tmp; |
| 142 | |
JP Abgrall | 0dad7c2 | 2011-06-24 11:58:14 -0700 | [diff] [blame] | 143 | std::string fullCmd = cmd; |
JP Abgrall | 26e0d49 | 2011-06-24 19:21:51 -0700 | [diff] [blame^] | 144 | |
| 145 | if (rejectHandling == IptRejectAdd) { |
JP Abgrall | 0dad7c2 | 2011-06-24 11:58:14 -0700 | [diff] [blame] | 146 | fullCmd += " --jump REJECT --reject-with"; |
JP Abgrall | 26e0d49 | 2011-06-24 19:21:51 -0700 | [diff] [blame^] | 147 | switch (iptVer) { |
| 148 | case IptIpV4: |
| 149 | fullCmd += " icmp-net-prohibited"; |
| 150 | break; |
| 151 | case IptIpV6: |
| 152 | fullCmd += " icmp6-adm-prohibited"; |
| 153 | break; |
JP Abgrall | 0dad7c2 | 2011-06-24 11:58:14 -0700 | [diff] [blame] | 154 | } |
JP Abgrall | 0dad7c2 | 2011-06-24 11:58:14 -0700 | [diff] [blame] | 155 | } |
JP Abgrall | fa6f46d | 2011-06-17 23:17:28 -0700 | [diff] [blame] | 156 | |
JP Abgrall | 26e0d49 | 2011-06-24 19:21:51 -0700 | [diff] [blame^] | 157 | argc = 0; |
| 158 | argv[argc++] = iptVer == IptIpV4 ? IPTABLES_PATH : IP6TABLES_PATH; |
JP Abgrall | 0dad7c2 | 2011-06-24 11:58:14 -0700 | [diff] [blame] | 159 | LOGD("About to run: %s %s", argv[0], fullCmd.c_str()); |
| 160 | |
JP Abgrall | 26e0d49 | 2011-06-24 19:21:51 -0700 | [diff] [blame^] | 161 | LOGD("runIpxtablesCmd(): fullCmd.c_str()=%s buffSize=%d", fullCmd.c_str(), sizeof(buffer)); |
| 162 | if (StrncpyAndCheck(buffer, fullCmd.c_str(), sizeof(buffer))) { |
JP Abgrall | 0dad7c2 | 2011-06-24 11:58:14 -0700 | [diff] [blame] | 163 | LOGE("iptables command too long"); |
JP Abgrall | 0dad7c2 | 2011-06-24 11:58:14 -0700 | [diff] [blame] | 164 | return -1; |
| 165 | } |
JP Abgrall | 4a5f5ca | 2011-06-15 18:37:39 -0700 | [diff] [blame] | 166 | |
| 167 | while ((tmp = strsep(&next, " "))) { |
JP Abgrall | 26e0d49 | 2011-06-24 19:21:51 -0700 | [diff] [blame^] | 168 | argv[argc++] = tmp; |
JP Abgrall | 0dad7c2 | 2011-06-24 11:58:14 -0700 | [diff] [blame] | 169 | if (argc >= MAX_CMD_ARGS) { |
JP Abgrall | 4a5f5ca | 2011-06-15 18:37:39 -0700 | [diff] [blame] | 170 | LOGE("iptables argument overflow"); |
JP Abgrall | 4a5f5ca | 2011-06-15 18:37:39 -0700 | [diff] [blame] | 171 | return -1; |
| 172 | } |
| 173 | } |
JP Abgrall | fa6f46d | 2011-06-17 23:17:28 -0700 | [diff] [blame] | 174 | |
JP Abgrall | 4a5f5ca | 2011-06-15 18:37:39 -0700 | [diff] [blame] | 175 | argv[argc] = NULL; |
JP Abgrall | 26e0d49 | 2011-06-24 19:21:51 -0700 | [diff] [blame^] | 176 | LOGD("runIpxtablesCmd(): argc=%d, argv[argc]=%p", argc, argv[argc]); |
JP Abgrall | 4a5f5ca | 2011-06-15 18:37:39 -0700 | [diff] [blame] | 177 | /* TODO(jpa): Once this stabilizes, remove logwrap() as it tends to wedge netd |
| 178 | * Then just talk directly to the kernel via rtnetlink. |
| 179 | */ |
JP Abgrall | 26e0d49 | 2011-06-24 19:21:51 -0700 | [diff] [blame^] | 180 | for (int i = 0 ; i < argc; i++) { |
| 181 | LOGD("runIpxtablesCmd(): argv[%d]=%p:%s", i, argv[i], argv[i]?:"null"); |
| 182 | } |
JP Abgrall | 4a5f5ca | 2011-06-15 18:37:39 -0700 | [diff] [blame] | 183 | return logwrap(argc, argv, 0); |
| 184 | } |
| 185 | |
JP Abgrall | 4a5f5ca | 2011-06-15 18:37:39 -0700 | [diff] [blame] | 186 | int BandwidthController::enableBandwidthControl(void) { |
JP Abgrall | fa6f46d | 2011-06-17 23:17:28 -0700 | [diff] [blame] | 187 | int res; |
| 188 | /* Some of the initialCommands are allowed to fail */ |
JP Abgrall | 26e0d49 | 2011-06-24 19:21:51 -0700 | [diff] [blame^] | 189 | runCommands(sizeof(cleanupCommands) / sizeof(char*), cleanupCommands, RunCmdFailureOk); |
| 190 | runCommands(sizeof(setupCommands) / sizeof(char*), setupCommands, RunCmdFailureOk); |
| 191 | res = runCommands(sizeof(basicAccountingCommands) / sizeof(char*), basicAccountingCommands, RunCmdFailureBad); |
JP Abgrall | fa6f46d | 2011-06-17 23:17:28 -0700 | [diff] [blame] | 192 | return res; |
JP Abgrall | 4a5f5ca | 2011-06-15 18:37:39 -0700 | [diff] [blame] | 193 | |
| 194 | } |
| 195 | |
| 196 | int BandwidthController::disableBandwidthControl(void) { |
JP Abgrall | fa6f46d | 2011-06-17 23:17:28 -0700 | [diff] [blame] | 197 | /* The cleanupCommands are allowed to fail. */ |
JP Abgrall | 26e0d49 | 2011-06-24 19:21:51 -0700 | [diff] [blame^] | 198 | runCommands(sizeof(cleanupCommands) / sizeof(char*), cleanupCommands, RunCmdFailureOk); |
JP Abgrall | fa6f46d | 2011-06-17 23:17:28 -0700 | [diff] [blame] | 199 | return 0; |
JP Abgrall | 4a5f5ca | 2011-06-15 18:37:39 -0700 | [diff] [blame] | 200 | } |
| 201 | |
JP Abgrall | 26e0d49 | 2011-06-24 19:21:51 -0700 | [diff] [blame^] | 202 | int BandwidthController::runCommands(int numCommands, const char *commands[], RunCmdErrHandling cmdErrHandling) { |
JP Abgrall | fa6f46d | 2011-06-17 23:17:28 -0700 | [diff] [blame] | 203 | int res = 0; |
| 204 | LOGD("runCommands(): %d commands", numCommands); |
| 205 | for (int cmdNum = 0; cmdNum < numCommands; cmdNum++) { |
JP Abgrall | 26e0d49 | 2011-06-24 19:21:51 -0700 | [diff] [blame^] | 206 | res = runIpxtablesCmd(commands[cmdNum], IptRejectNoAdd); |
| 207 | if (res && cmdErrHandling != RunCmdFailureBad) |
JP Abgrall | fa6f46d | 2011-06-17 23:17:28 -0700 | [diff] [blame] | 208 | return res; |
| 209 | } |
JP Abgrall | 26e0d49 | 2011-06-24 19:21:51 -0700 | [diff] [blame^] | 210 | return cmdErrHandling == RunCmdFailureBad ? res : 0; |
JP Abgrall | fa6f46d | 2011-06-17 23:17:28 -0700 | [diff] [blame] | 211 | } |
| 212 | |
JP Abgrall | 0dad7c2 | 2011-06-24 11:58:14 -0700 | [diff] [blame] | 213 | std::string BandwidthController::makeIptablesNaughtyCmd(IptOp op, int uid) { |
JP Abgrall | fa6f46d | 2011-06-17 23:17:28 -0700 | [diff] [blame] | 214 | std::string res; |
JP Abgrall | 26e0d49 | 2011-06-24 19:21:51 -0700 | [diff] [blame^] | 215 | char *convBuff; |
JP Abgrall | fa6f46d | 2011-06-17 23:17:28 -0700 | [diff] [blame] | 216 | |
| 217 | switch (op) { |
| 218 | case IptOpInsert: |
| 219 | res = "-I"; |
| 220 | break; |
| 221 | case IptOpReplace: |
| 222 | res = "-R"; |
| 223 | break; |
| 224 | default: |
| 225 | case IptOpDelete: |
| 226 | res = "-D"; |
| 227 | break; |
| 228 | } |
| 229 | res += " penalty_box"; |
JP Abgrall | 26e0d49 | 2011-06-24 19:21:51 -0700 | [diff] [blame^] | 230 | asprintf(&convBuff, "%d", uid); |
JP Abgrall | fa6f46d | 2011-06-17 23:17:28 -0700 | [diff] [blame] | 231 | res += " -m owner --uid-owner "; |
| 232 | res += convBuff; |
JP Abgrall | 26e0d49 | 2011-06-24 19:21:51 -0700 | [diff] [blame^] | 233 | free(convBuff); |
| 234 | LOGD("makeIptablesNaughtyCmd() res=%s", res.c_str()); |
JP Abgrall | fa6f46d | 2011-06-17 23:17:28 -0700 | [diff] [blame] | 235 | return res; |
| 236 | } |
| 237 | |
| 238 | int BandwidthController::addNaughtyApps(int numUids, char *appUids[]) { |
JP Abgrall | 26e0d49 | 2011-06-24 19:21:51 -0700 | [diff] [blame^] | 239 | return maninpulateNaughtyApps(numUids, appUids, NaughtyAppOpAdd); |
JP Abgrall | fa6f46d | 2011-06-17 23:17:28 -0700 | [diff] [blame] | 240 | } |
| 241 | |
| 242 | int BandwidthController::removeNaughtyApps(int numUids, char *appUids[]) { |
JP Abgrall | 26e0d49 | 2011-06-24 19:21:51 -0700 | [diff] [blame^] | 243 | return maninpulateNaughtyApps(numUids, appUids, NaughtyAppOpRemove); |
JP Abgrall | fa6f46d | 2011-06-17 23:17:28 -0700 | [diff] [blame] | 244 | } |
| 245 | |
JP Abgrall | 26e0d49 | 2011-06-24 19:21:51 -0700 | [diff] [blame^] | 246 | int BandwidthController::maninpulateNaughtyApps(int numUids, char *appStrUids[], NaughtyAppOp appOp) { |
JP Abgrall | fa6f46d | 2011-06-17 23:17:28 -0700 | [diff] [blame] | 247 | char cmd[MAX_CMD_LEN]; |
| 248 | int uidNum; |
JP Abgrall | 26e0d49 | 2011-06-24 19:21:51 -0700 | [diff] [blame^] | 249 | const char *failLogTemplate; |
| 250 | IptOp op; |
JP Abgrall | fa6f46d | 2011-06-17 23:17:28 -0700 | [diff] [blame] | 251 | int appUids[numUids]; |
JP Abgrall | 26e0d49 | 2011-06-24 19:21:51 -0700 | [diff] [blame^] | 252 | std::string naughtyCmd; |
| 253 | LOGD("manipulateNaughtyApps()"); |
| 254 | switch (appOp) { |
| 255 | case NaughtyAppOpAdd: |
| 256 | op = IptOpInsert; |
| 257 | failLogTemplate = "Failed to add app uid %d to penalty box."; |
| 258 | break; |
| 259 | case NaughtyAppOpRemove: |
| 260 | op = IptOpDelete; |
| 261 | failLogTemplate = "Failed to delete app uid %d from penalty box."; |
| 262 | break; |
JP Abgrall | fa6f46d | 2011-06-17 23:17:28 -0700 | [diff] [blame] | 263 | } |
| 264 | |
| 265 | for (uidNum = 0; uidNum < numUids; uidNum++) { |
JP Abgrall | 26e0d49 | 2011-06-24 19:21:51 -0700 | [diff] [blame^] | 266 | appUids[uidNum] = atol(appStrUids[uidNum]); |
| 267 | if (appUids[uidNum] == 0) { |
| 268 | LOGE(failLogTemplate, appUids[uidNum]); |
| 269 | goto fail_parse; |
| 270 | } |
| 271 | } |
| 272 | LOGD("manipulateNaughtyApps() got the appUids"); |
| 273 | |
| 274 | for (uidNum = 0; uidNum < numUids; uidNum++) { |
| 275 | naughtyCmd = makeIptablesNaughtyCmd(op, appUids[uidNum]); |
| 276 | if (runIpxtablesCmd(naughtyCmd.c_str(), IptRejectAdd)) { |
| 277 | LOGE(failLogTemplate, appUids[uidNum]); |
JP Abgrall | fa6f46d | 2011-06-17 23:17:28 -0700 | [diff] [blame] | 278 | goto fail_with_uidNum; |
| 279 | } |
| 280 | } |
| 281 | return 0; |
| 282 | |
JP Abgrall | 26e0d49 | 2011-06-24 19:21:51 -0700 | [diff] [blame^] | 283 | fail_with_uidNum: |
JP Abgrall | fa6f46d | 2011-06-17 23:17:28 -0700 | [diff] [blame] | 284 | /* Try to remove the uid that failed in any case*/ |
JP Abgrall | 26e0d49 | 2011-06-24 19:21:51 -0700 | [diff] [blame^] | 285 | naughtyCmd = makeIptablesNaughtyCmd(IptOpDelete, appUids[uidNum]); |
| 286 | runIpxtablesCmd(naughtyCmd.c_str(), IptRejectAdd); |
| 287 | fail_parse: |
| 288 | return -1; |
JP Abgrall | 4a5f5ca | 2011-06-15 18:37:39 -0700 | [diff] [blame] | 289 | } |
| 290 | |
JP Abgrall | 26e0d49 | 2011-06-24 19:21:51 -0700 | [diff] [blame^] | 291 | std::string BandwidthController::makeIptablesQuotaCmd(IptOp op, const char *costName, int64_t quota) { |
JP Abgrall | fa6f46d | 2011-06-17 23:17:28 -0700 | [diff] [blame] | 292 | std::string res; |
| 293 | char convBuff[21]; // log10(2^64) ~ 20 |
JP Abgrall | 0dad7c2 | 2011-06-24 11:58:14 -0700 | [diff] [blame] | 294 | |
| 295 | LOGD("makeIptablesQuotaCmd(%d, %llu)", op, quota); |
| 296 | |
JP Abgrall | fa6f46d | 2011-06-17 23:17:28 -0700 | [diff] [blame] | 297 | switch (op) { |
| 298 | case IptOpInsert: |
| 299 | res = "-I"; |
| 300 | break; |
| 301 | case IptOpReplace: |
| 302 | res = "-R"; |
| 303 | break; |
| 304 | default: |
| 305 | case IptOpDelete: |
| 306 | res = "-D"; |
| 307 | break; |
| 308 | } |
| 309 | res += " costly"; |
| 310 | if (costName) { |
JP Abgrall | 0dad7c2 | 2011-06-24 11:58:14 -0700 | [diff] [blame] | 311 | res += "_"; |
| 312 | res += costName; |
JP Abgrall | fa6f46d | 2011-06-17 23:17:28 -0700 | [diff] [blame] | 313 | } |
| 314 | sprintf(convBuff, "%lld", quota); |
JP Abgrall | 0dad7c2 | 2011-06-24 11:58:14 -0700 | [diff] [blame] | 315 | /* TODO(jpa): Use -m quota2 --name " + costName + " ! --quota " |
| 316 | * once available. |
| 317 | */ |
JP Abgrall | fa6f46d | 2011-06-17 23:17:28 -0700 | [diff] [blame] | 318 | res += " -m quota ! --quota "; |
| 319 | res += convBuff; |
| 320 | ; |
JP Abgrall | 0dad7c2 | 2011-06-24 11:58:14 -0700 | [diff] [blame] | 321 | // The requried --jump REJECT ... will be added later. |
| 322 | return res; |
| 323 | } |
| 324 | |
JP Abgrall | 26e0d49 | 2011-06-24 19:21:51 -0700 | [diff] [blame^] | 325 | int BandwidthController::prepCostlyIface(const char *ifn, QuotaType quotaType) { |
JP Abgrall | 0dad7c2 | 2011-06-24 11:58:14 -0700 | [diff] [blame] | 326 | char cmd[MAX_CMD_LEN]; |
| 327 | int res = 0; |
| 328 | std::string costString; |
| 329 | const char *costCString; |
| 330 | |
| 331 | costString = "costly"; |
| 332 | /* The "-N costly" is created upfront, no need to handle it here. */ |
JP Abgrall | 26e0d49 | 2011-06-24 19:21:51 -0700 | [diff] [blame^] | 333 | switch (quotaType) { |
| 334 | case QuotaUnique: |
JP Abgrall | 0dad7c2 | 2011-06-24 11:58:14 -0700 | [diff] [blame] | 335 | costString += "_"; |
| 336 | costString += ifn; |
| 337 | costCString = costString.c_str(); |
| 338 | snprintf(cmd, sizeof(cmd), "-N %s", costCString); |
JP Abgrall | 26e0d49 | 2011-06-24 19:21:51 -0700 | [diff] [blame^] | 339 | res |= runIpxtablesCmd(cmd, IptRejectNoAdd); |
JP Abgrall | 0dad7c2 | 2011-06-24 11:58:14 -0700 | [diff] [blame] | 340 | snprintf(cmd, sizeof(cmd), "-A %s -j penalty_box", costCString); |
JP Abgrall | 26e0d49 | 2011-06-24 19:21:51 -0700 | [diff] [blame^] | 341 | res |= runIpxtablesCmd(cmd, IptRejectNoAdd); |
JP Abgrall | 0dad7c2 | 2011-06-24 11:58:14 -0700 | [diff] [blame] | 342 | snprintf(cmd, sizeof(cmd), "-A %s -m owner --socket-exists", costCString); |
JP Abgrall | 26e0d49 | 2011-06-24 19:21:51 -0700 | [diff] [blame^] | 343 | res |= runIpxtablesCmd(cmd, IptRejectNoAdd); |
JP Abgrall | 0dad7c2 | 2011-06-24 11:58:14 -0700 | [diff] [blame] | 344 | /* TODO(jpa): Figure out why iptables doesn't correctly return from this |
| 345 | * chain. For now, hack the chain exit with an ACCEPT. |
| 346 | */ |
| 347 | snprintf(cmd, sizeof(cmd), "-A %s --jump ACCEPT", costCString); |
JP Abgrall | 26e0d49 | 2011-06-24 19:21:51 -0700 | [diff] [blame^] | 348 | res |= runIpxtablesCmd(cmd, IptRejectNoAdd); |
| 349 | break; |
| 350 | case QuotaShared: |
JP Abgrall | 0dad7c2 | 2011-06-24 11:58:14 -0700 | [diff] [blame] | 351 | costCString = costString.c_str(); |
JP Abgrall | 26e0d49 | 2011-06-24 19:21:51 -0700 | [diff] [blame^] | 352 | break; |
JP Abgrall | 0dad7c2 | 2011-06-24 11:58:14 -0700 | [diff] [blame] | 353 | } |
| 354 | |
| 355 | snprintf(cmd, sizeof(cmd), "-I INPUT -i %s --goto %s", ifn, costCString); |
JP Abgrall | 26e0d49 | 2011-06-24 19:21:51 -0700 | [diff] [blame^] | 356 | res |= runIpxtablesCmd(cmd, IptRejectNoAdd); |
JP Abgrall | 0dad7c2 | 2011-06-24 11:58:14 -0700 | [diff] [blame] | 357 | snprintf(cmd, sizeof(cmd), "-I OUTPUT -o %s --goto %s", ifn, costCString); |
JP Abgrall | 26e0d49 | 2011-06-24 19:21:51 -0700 | [diff] [blame^] | 358 | res |= runIpxtablesCmd(cmd, IptRejectNoAdd); |
JP Abgrall | 0dad7c2 | 2011-06-24 11:58:14 -0700 | [diff] [blame] | 359 | return res; |
| 360 | } |
| 361 | |
JP Abgrall | 26e0d49 | 2011-06-24 19:21:51 -0700 | [diff] [blame^] | 362 | int BandwidthController::cleanupCostlyIface(const char *ifn, QuotaType quotaType) { |
JP Abgrall | 0dad7c2 | 2011-06-24 11:58:14 -0700 | [diff] [blame] | 363 | char cmd[MAX_CMD_LEN]; |
| 364 | int res = 0; |
| 365 | std::string costString; |
| 366 | const char *costCString; |
| 367 | |
| 368 | costString = "costly"; |
JP Abgrall | 26e0d49 | 2011-06-24 19:21:51 -0700 | [diff] [blame^] | 369 | switch (quotaType) { |
| 370 | case QuotaUnique: |
JP Abgrall | 0dad7c2 | 2011-06-24 11:58:14 -0700 | [diff] [blame] | 371 | costString += "_"; |
| 372 | costString += ifn; |
| 373 | costCString = costString.c_str(); |
JP Abgrall | 26e0d49 | 2011-06-24 19:21:51 -0700 | [diff] [blame^] | 374 | break; |
| 375 | case QuotaShared: |
JP Abgrall | 0dad7c2 | 2011-06-24 11:58:14 -0700 | [diff] [blame] | 376 | costCString = costString.c_str(); |
JP Abgrall | 26e0d49 | 2011-06-24 19:21:51 -0700 | [diff] [blame^] | 377 | break; |
JP Abgrall | 0dad7c2 | 2011-06-24 11:58:14 -0700 | [diff] [blame] | 378 | } |
| 379 | |
| 380 | snprintf(cmd, sizeof(cmd), "-D INPUT -i %s --goto %s", ifn, costCString); |
JP Abgrall | 26e0d49 | 2011-06-24 19:21:51 -0700 | [diff] [blame^] | 381 | res |= runIpxtablesCmd(cmd, IptRejectNoAdd); |
JP Abgrall | 0dad7c2 | 2011-06-24 11:58:14 -0700 | [diff] [blame] | 382 | snprintf(cmd, sizeof(cmd), "-D OUTPUT -o %s --goto %s", ifn, costCString); |
JP Abgrall | 26e0d49 | 2011-06-24 19:21:51 -0700 | [diff] [blame^] | 383 | res |= runIpxtablesCmd(cmd, IptRejectNoAdd); |
JP Abgrall | 0dad7c2 | 2011-06-24 11:58:14 -0700 | [diff] [blame] | 384 | |
| 385 | /* The "-N costly" is created upfront, no need to handle it here. */ |
JP Abgrall | 26e0d49 | 2011-06-24 19:21:51 -0700 | [diff] [blame^] | 386 | if (quotaType == QuotaUnique) { |
JP Abgrall | 0dad7c2 | 2011-06-24 11:58:14 -0700 | [diff] [blame] | 387 | snprintf(cmd, sizeof(cmd), "-F %s", costCString); |
JP Abgrall | 26e0d49 | 2011-06-24 19:21:51 -0700 | [diff] [blame^] | 388 | res |= runIpxtablesCmd(cmd, IptRejectNoAdd); |
JP Abgrall | fa6f46d | 2011-06-17 23:17:28 -0700 | [diff] [blame] | 389 | } |
| 390 | return res; |
| 391 | } |
JP Abgrall | 4a5f5ca | 2011-06-15 18:37:39 -0700 | [diff] [blame] | 392 | |
JP Abgrall | 0dad7c2 | 2011-06-24 11:58:14 -0700 | [diff] [blame] | 393 | int BandwidthController::setInterfaceSharedQuota(const char *iface, int64_t maxBytes) { |
JP Abgrall | 4a5f5ca | 2011-06-15 18:37:39 -0700 | [diff] [blame] | 394 | char cmd[MAX_CMD_LEN]; |
| 395 | char ifn[MAX_IFACENAME_LEN]; |
JP Abgrall | fa6f46d | 2011-06-17 23:17:28 -0700 | [diff] [blame] | 396 | int res = 0; |
JP Abgrall | 26e0d49 | 2011-06-24 19:21:51 -0700 | [diff] [blame^] | 397 | std::string quotaCmd; |
| 398 | std::string ifaceName;; |
| 399 | const char *costName = NULL; /* Shared quota */ |
| 400 | std::list<std::string>::iterator it; |
JP Abgrall | 4a5f5ca | 2011-06-15 18:37:39 -0700 | [diff] [blame] | 401 | |
JP Abgrall | 26e0d49 | 2011-06-24 19:21:51 -0700 | [diff] [blame^] | 402 | if (StrncpyAndCheck(ifn, iface, sizeof(ifn))) { |
| 403 | LOGE("Interface name longer than %d", MAX_IFACENAME_LEN); |
| 404 | return -1; |
| 405 | } |
| 406 | ifaceName = ifn; |
JP Abgrall | 4a5f5ca | 2011-06-15 18:37:39 -0700 | [diff] [blame] | 407 | |
| 408 | if (maxBytes == -1) { |
JP Abgrall | fa6f46d | 2011-06-17 23:17:28 -0700 | [diff] [blame] | 409 | return removeInterfaceSharedQuota(ifn); |
JP Abgrall | 4a5f5ca | 2011-06-15 18:37:39 -0700 | [diff] [blame] | 410 | } |
| 411 | |
| 412 | /* Insert ingress quota. */ |
JP Abgrall | 0dad7c2 | 2011-06-24 11:58:14 -0700 | [diff] [blame] | 413 | for (it = sharedQuotaIfaces.begin(); it != sharedQuotaIfaces.end(); it++) { |
| 414 | if (*it == ifaceName) |
JP Abgrall | fa6f46d | 2011-06-17 23:17:28 -0700 | [diff] [blame] | 415 | break; |
JP Abgrall | 4a5f5ca | 2011-06-15 18:37:39 -0700 | [diff] [blame] | 416 | } |
JP Abgrall | fa6f46d | 2011-06-17 23:17:28 -0700 | [diff] [blame] | 417 | |
JP Abgrall | 0dad7c2 | 2011-06-24 11:58:14 -0700 | [diff] [blame] | 418 | if (it == sharedQuotaIfaces.end()) { |
JP Abgrall | 26e0d49 | 2011-06-24 19:21:51 -0700 | [diff] [blame^] | 419 | res |= prepCostlyIface(ifn, QuotaShared); |
JP Abgrall | 0dad7c2 | 2011-06-24 11:58:14 -0700 | [diff] [blame] | 420 | if (sharedQuotaIfaces.empty()) { |
JP Abgrall | 0dad7c2 | 2011-06-24 11:58:14 -0700 | [diff] [blame] | 421 | quotaCmd = makeIptablesQuotaCmd(IptOpInsert, costName, maxBytes); |
JP Abgrall | 26e0d49 | 2011-06-24 19:21:51 -0700 | [diff] [blame^] | 422 | res |= runIpxtablesCmd(quotaCmd.c_str(), IptRejectAdd); |
JP Abgrall | 4a5f5ca | 2011-06-15 18:37:39 -0700 | [diff] [blame] | 423 | if (res) { |
JP Abgrall | fa6f46d | 2011-06-17 23:17:28 -0700 | [diff] [blame] | 424 | LOGE("Failed set quota rule."); |
| 425 | goto fail; |
JP Abgrall | 4a5f5ca | 2011-06-15 18:37:39 -0700 | [diff] [blame] | 426 | } |
JP Abgrall | fa6f46d | 2011-06-17 23:17:28 -0700 | [diff] [blame] | 427 | sharedQuotaBytes = maxBytes; |
| 428 | } |
JP Abgrall | 0dad7c2 | 2011-06-24 11:58:14 -0700 | [diff] [blame] | 429 | sharedQuotaIfaces.push_front(ifaceName); |
JP Abgrall | fa6f46d | 2011-06-17 23:17:28 -0700 | [diff] [blame] | 430 | |
| 431 | } |
| 432 | |
| 433 | if (maxBytes != sharedQuotaBytes) { |
| 434 | /* Instead of replacing, which requires being aware of the rules in |
| 435 | * the kernel, we just add a new one, then delete the older one. |
| 436 | */ |
JP Abgrall | fa6f46d | 2011-06-17 23:17:28 -0700 | [diff] [blame] | 437 | |
JP Abgrall | 0dad7c2 | 2011-06-24 11:58:14 -0700 | [diff] [blame] | 438 | quotaCmd = makeIptablesQuotaCmd(IptOpInsert, costName, maxBytes); |
JP Abgrall | 26e0d49 | 2011-06-24 19:21:51 -0700 | [diff] [blame^] | 439 | res |= runIpxtablesCmd(quotaCmd.c_str(), IptRejectAdd); |
JP Abgrall | fa6f46d | 2011-06-17 23:17:28 -0700 | [diff] [blame] | 440 | |
JP Abgrall | 0dad7c2 | 2011-06-24 11:58:14 -0700 | [diff] [blame] | 441 | quotaCmd = makeIptablesQuotaCmd(IptOpDelete, costName, sharedQuotaBytes); |
JP Abgrall | 26e0d49 | 2011-06-24 19:21:51 -0700 | [diff] [blame^] | 442 | res |= runIpxtablesCmd(quotaCmd.c_str(), IptRejectAdd); |
JP Abgrall | fa6f46d | 2011-06-17 23:17:28 -0700 | [diff] [blame] | 443 | |
| 444 | if (res) { |
| 445 | LOGE("Failed replace quota rule."); |
| 446 | goto fail; |
| 447 | } |
| 448 | sharedQuotaBytes = maxBytes; |
JP Abgrall | 4a5f5ca | 2011-06-15 18:37:39 -0700 | [diff] [blame] | 449 | } |
| 450 | return 0; |
JP Abgrall | fa6f46d | 2011-06-17 23:17:28 -0700 | [diff] [blame] | 451 | |
| 452 | fail: |
JP Abgrall | 4a5f5ca | 2011-06-15 18:37:39 -0700 | [diff] [blame] | 453 | /* |
JP Abgrall | 4a5f5ca | 2011-06-15 18:37:39 -0700 | [diff] [blame] | 454 | * TODO(jpa): once we get rid of iptables in favor of rtnetlink, reparse |
| 455 | * rules in the kernel to see which ones need cleaning up. |
JP Abgrall | fa6f46d | 2011-06-17 23:17:28 -0700 | [diff] [blame] | 456 | * For now callers needs to choose if they want to "ndc bandwidth enable" |
| 457 | * which resets everything. |
JP Abgrall | 4a5f5ca | 2011-06-15 18:37:39 -0700 | [diff] [blame] | 458 | */ |
JP Abgrall | fa6f46d | 2011-06-17 23:17:28 -0700 | [diff] [blame] | 459 | removeInterfaceSharedQuota(ifn); |
JP Abgrall | 4a5f5ca | 2011-06-15 18:37:39 -0700 | [diff] [blame] | 460 | return -1; |
| 461 | } |
| 462 | |
JP Abgrall | fa6f46d | 2011-06-17 23:17:28 -0700 | [diff] [blame] | 463 | int BandwidthController::removeInterfaceSharedQuota(const char *iface) { |
JP Abgrall | 4a5f5ca | 2011-06-15 18:37:39 -0700 | [diff] [blame] | 464 | char ifn[MAX_IFACENAME_LEN]; |
JP Abgrall | fa6f46d | 2011-06-17 23:17:28 -0700 | [diff] [blame] | 465 | int res = 0; |
JP Abgrall | 26e0d49 | 2011-06-24 19:21:51 -0700 | [diff] [blame^] | 466 | std::string ifaceName; |
JP Abgrall | 0dad7c2 | 2011-06-24 11:58:14 -0700 | [diff] [blame] | 467 | std::list<std::string>::iterator it; |
JP Abgrall | 4a5f5ca | 2011-06-15 18:37:39 -0700 | [diff] [blame] | 468 | |
JP Abgrall | 26e0d49 | 2011-06-24 19:21:51 -0700 | [diff] [blame^] | 469 | if(StrncpyAndCheck(ifn, iface, sizeof(ifn))) { |
| 470 | LOGE("Interface name longer than %d", MAX_IFACENAME_LEN); |
| 471 | return -1; |
| 472 | } |
| 473 | ifaceName =ifn; |
| 474 | |
JP Abgrall | 0dad7c2 | 2011-06-24 11:58:14 -0700 | [diff] [blame] | 475 | for (it = sharedQuotaIfaces.begin(); it != sharedQuotaIfaces.end(); it++) { |
| 476 | if (*it == ifaceName) |
JP Abgrall | fa6f46d | 2011-06-17 23:17:28 -0700 | [diff] [blame] | 477 | break; |
JP Abgrall | 4a5f5ca | 2011-06-15 18:37:39 -0700 | [diff] [blame] | 478 | } |
JP Abgrall | 0dad7c2 | 2011-06-24 11:58:14 -0700 | [diff] [blame] | 479 | if (it == sharedQuotaIfaces.end()) { |
JP Abgrall | fa6f46d | 2011-06-17 23:17:28 -0700 | [diff] [blame] | 480 | LOGE("No such iface %s to delete.", ifn); |
| 481 | return -1; |
JP Abgrall | 4a5f5ca | 2011-06-15 18:37:39 -0700 | [diff] [blame] | 482 | } |
JP Abgrall | fa6f46d | 2011-06-17 23:17:28 -0700 | [diff] [blame] | 483 | |
JP Abgrall | 26e0d49 | 2011-06-24 19:21:51 -0700 | [diff] [blame^] | 484 | res |= cleanupCostlyIface(ifn, QuotaShared); |
JP Abgrall | 0dad7c2 | 2011-06-24 11:58:14 -0700 | [diff] [blame] | 485 | sharedQuotaIfaces.erase(it); |
JP Abgrall | fa6f46d | 2011-06-17 23:17:28 -0700 | [diff] [blame] | 486 | |
JP Abgrall | 0dad7c2 | 2011-06-24 11:58:14 -0700 | [diff] [blame] | 487 | if (sharedQuotaIfaces.empty()) { |
JP Abgrall | fa6f46d | 2011-06-17 23:17:28 -0700 | [diff] [blame] | 488 | std::string quotaCmd; |
JP Abgrall | 0dad7c2 | 2011-06-24 11:58:14 -0700 | [diff] [blame] | 489 | quotaCmd = makeIptablesQuotaCmd(IptOpDelete, NULL, sharedQuotaBytes); |
JP Abgrall | 26e0d49 | 2011-06-24 19:21:51 -0700 | [diff] [blame^] | 490 | res |= runIpxtablesCmd(quotaCmd.c_str(), IptRejectAdd); |
JP Abgrall | fa6f46d | 2011-06-17 23:17:28 -0700 | [diff] [blame] | 491 | sharedQuotaBytes = -1; |
| 492 | } |
| 493 | |
JP Abgrall | 4a5f5ca | 2011-06-15 18:37:39 -0700 | [diff] [blame] | 494 | return res; |
| 495 | } |
JP Abgrall | 0dad7c2 | 2011-06-24 11:58:14 -0700 | [diff] [blame] | 496 | |
| 497 | int BandwidthController::setInterfaceQuota(const char *iface, int64_t maxBytes) { |
| 498 | char ifn[MAX_IFACENAME_LEN]; |
| 499 | int res = 0; |
JP Abgrall | 26e0d49 | 2011-06-24 19:21:51 -0700 | [diff] [blame^] | 500 | std::string ifaceName; |
| 501 | const char *costName; |
| 502 | std::list<QuotaInfo>::iterator it; |
| 503 | std::string quotaCmd; |
JP Abgrall | 0dad7c2 | 2011-06-24 11:58:14 -0700 | [diff] [blame] | 504 | |
| 505 | if (maxBytes == -1) { |
JP Abgrall | 26e0d49 | 2011-06-24 19:21:51 -0700 | [diff] [blame^] | 506 | return removeInterfaceQuota(iface); |
JP Abgrall | 0dad7c2 | 2011-06-24 11:58:14 -0700 | [diff] [blame] | 507 | } |
| 508 | |
JP Abgrall | 26e0d49 | 2011-06-24 19:21:51 -0700 | [diff] [blame^] | 509 | if(StrncpyAndCheck(ifn, iface, sizeof(ifn))) { |
| 510 | LOGE("Interface name longer than %d", MAX_IFACENAME_LEN); |
| 511 | return -1; |
| 512 | } |
| 513 | ifaceName = ifn; |
| 514 | costName = iface; |
| 515 | |
JP Abgrall | 0dad7c2 | 2011-06-24 11:58:14 -0700 | [diff] [blame] | 516 | |
| 517 | /* Insert ingress quota. */ |
JP Abgrall | 0dad7c2 | 2011-06-24 11:58:14 -0700 | [diff] [blame] | 518 | for (it = quotaIfaces.begin(); it != quotaIfaces.end(); it++) { |
| 519 | if (it->first == ifaceName) |
| 520 | break; |
| 521 | } |
| 522 | |
| 523 | if (it == quotaIfaces.end()) { |
JP Abgrall | 26e0d49 | 2011-06-24 19:21:51 -0700 | [diff] [blame^] | 524 | res |= prepCostlyIface(ifn, QuotaUnique); |
JP Abgrall | 0dad7c2 | 2011-06-24 11:58:14 -0700 | [diff] [blame] | 525 | quotaCmd = makeIptablesQuotaCmd(IptOpInsert, costName, maxBytes); |
JP Abgrall | 26e0d49 | 2011-06-24 19:21:51 -0700 | [diff] [blame^] | 526 | res |= runIpxtablesCmd(quotaCmd.c_str(), IptRejectAdd); |
JP Abgrall | 0dad7c2 | 2011-06-24 11:58:14 -0700 | [diff] [blame] | 527 | if (res) { |
| 528 | LOGE("Failed set quota rule."); |
| 529 | goto fail; |
| 530 | } |
| 531 | |
| 532 | quotaIfaces.push_front(QuotaInfo(ifaceName, maxBytes)); |
| 533 | |
| 534 | } else { |
| 535 | /* Instead of replacing, which requires being aware of the rules in |
| 536 | * the kernel, we just add a new one, then delete the older one. |
| 537 | */ |
JP Abgrall | 0dad7c2 | 2011-06-24 11:58:14 -0700 | [diff] [blame] | 538 | quotaCmd = makeIptablesQuotaCmd(IptOpInsert, costName, maxBytes); |
JP Abgrall | 26e0d49 | 2011-06-24 19:21:51 -0700 | [diff] [blame^] | 539 | res |= runIpxtablesCmd(quotaCmd.c_str(), IptRejectAdd); |
JP Abgrall | 0dad7c2 | 2011-06-24 11:58:14 -0700 | [diff] [blame] | 540 | |
| 541 | quotaCmd = makeIptablesQuotaCmd(IptOpDelete, costName, it->second); |
JP Abgrall | 26e0d49 | 2011-06-24 19:21:51 -0700 | [diff] [blame^] | 542 | res |= runIpxtablesCmd(quotaCmd.c_str(), IptRejectAdd); |
JP Abgrall | 0dad7c2 | 2011-06-24 11:58:14 -0700 | [diff] [blame] | 543 | |
| 544 | if (res) { |
| 545 | LOGE("Failed replace quota rule."); |
| 546 | goto fail; |
| 547 | } |
| 548 | it->second = maxBytes; |
| 549 | } |
| 550 | return 0; |
| 551 | |
| 552 | fail: |
| 553 | /* |
| 554 | * TODO(jpa): once we get rid of iptables in favor of rtnetlink, reparse |
| 555 | * rules in the kernel to see which ones need cleaning up. |
| 556 | * For now callers needs to choose if they want to "ndc bandwidth enable" |
| 557 | * which resets everything. |
| 558 | */ |
| 559 | removeInterfaceSharedQuota(ifn); |
| 560 | return -1; |
| 561 | } |
| 562 | |
| 563 | int BandwidthController::removeInterfaceQuota(const char *iface) { |
| 564 | |
| 565 | char ifn[MAX_IFACENAME_LEN]; |
| 566 | int res = 0; |
JP Abgrall | 26e0d49 | 2011-06-24 19:21:51 -0700 | [diff] [blame^] | 567 | std::string ifaceName; |
| 568 | const char *costName; |
JP Abgrall | 0dad7c2 | 2011-06-24 11:58:14 -0700 | [diff] [blame] | 569 | std::list<QuotaInfo>::iterator it; |
JP Abgrall | 26e0d49 | 2011-06-24 19:21:51 -0700 | [diff] [blame^] | 570 | |
| 571 | if(StrncpyAndCheck(ifn, iface, sizeof(ifn))) { |
| 572 | LOGE("Interface name longer than %d", MAX_IFACENAME_LEN); |
| 573 | return -1; |
| 574 | } |
| 575 | ifaceName = ifn; |
| 576 | costName = iface; |
| 577 | |
JP Abgrall | 0dad7c2 | 2011-06-24 11:58:14 -0700 | [diff] [blame] | 578 | for (it = quotaIfaces.begin(); it != quotaIfaces.end(); it++) { |
| 579 | if (it->first == ifaceName) |
| 580 | break; |
| 581 | } |
| 582 | |
| 583 | if (it == quotaIfaces.end()) { |
| 584 | LOGE("No such iface %s to delete.", ifn); |
| 585 | return -1; |
| 586 | } |
| 587 | |
| 588 | /* This also removes the quota command of CostlyIface chain. */ |
JP Abgrall | 26e0d49 | 2011-06-24 19:21:51 -0700 | [diff] [blame^] | 589 | res |= cleanupCostlyIface(ifn, QuotaUnique); |
JP Abgrall | 0dad7c2 | 2011-06-24 11:58:14 -0700 | [diff] [blame] | 590 | |
| 591 | quotaIfaces.erase(it); |
| 592 | |
| 593 | return res; |
| 594 | } |