Android Upstreaming: Netfilter, Status & Discussion. John Stultz & Mathieu Poirier, LCA14-503, Macau

Size: px

Start display at page:

Download "Android Upstreaming: Netfilter, Status & Discussion. John Stultz & Mathieu Poirier, LCA14-503, Macau"

Doreen Parrish
5 years ago
Views:

1 Android Upstreaming: Netfilter, Status & Discussion John Stultz & Mathieu Poirier, LCA14-503, Macau

2 Overview Mathieu will cover his recent Netfilter work General status on Android Upstreaming Open discussion

3 Android Netfilter Changes Mathieu Poirier

4 Netfilter requirements for Android Capture traffic per application and service Distinguish between data streams (downloads, video, chat, ) Support the notion of quotas. Allow 3rd party applications to track and collect their own data.

5 Current solution: 3 netfilter modules: xt_qtaguid (quota, tag, uid) xt_quota2 xt_idletimer

6 xt_qtaguid Quota, socket tagging, UID tracking Tracks all ingress/egress packets Tracks all interface statistics Let applications tag and delegate their own sockets Count SKB against looked-up TAG+UID Replaces drivers/misc/uid_stats.c

7 xt_quota2 and xt_idletimer xt_quota2 Imported from xtables-addons Add quotas to iptable rules Send uevent on quota hit xt_idletimer Help ConnectivityService deal with quiet interfaces Keeps track of interfaces coming online. (I need to read more on this)

8 Why it can t go upstream? xt_qtaguid does a lot of things that should be better handled in userspace. xt_quota2 duplicates functionality already in place in the nfaccounting framework. xt_idletimer may no longer be needed - need to review when the above two are dealt with.

9 Suggested proposal Use NFQUEUE to replace xt_qtaguid (JPA at Google) Initial concerns about efficiency but Eric Dumazet assured it wouldn t be a problem at Linux Plumbers in New Orleans last year. Extend xt_nfacct with quota capabilities to replace xt_quota2 (Linaro)

10 Work done at Linaro Enhance xt_nfacct.c with quota capabilities Enhance iptables with the capability to define packet/byte quotas for -m nfacct Port userspace tool nfacct from libnfnl to libnl2.0. Add a broadcast group to inform userspace of quota attainment.

11 Where is the code? xt_nfacct enhancements: iptables additions: Port of nfacct application to libnl2.0: (linaro)

12 Current Status (Linaro) Port of nfacct to libnl2.0 is done and pushed to AOSP. Iptables changes are considered done - may need minor tweaks based on pending upstream merge of xt_nfacct changes. xt_nfacct is currently considered for review by the upstream community. Found a problem with nfnetlink accounting - fixing the issue may introduce a delay. Hopefully accepted in 3.15, 3.16 a more likely target. JP s investigation has been stalled by internal project - we may have to pick up the work but reluctant based on heavy coupling with Android userspace.

13 Current Status (Google) JP s investigation on nfqueue has been stalled by internal projects (android64). The new full libnl2.0 doesn t work with wpa_supplicant something they need to look into. Delays in getting xt_nfacct changes accepted doesn t matter because of this issue. Integration of nfacct with BandwithController not started. Getting libnl2.0 working is top priority because is solves other issues with the current libnl.

14 Android Upstreaming Status John Stultz

15 Recent accomplishments 3.12: key reset upstreaming completed powersupply wakeup_source enablement merged binder type cleanups for 64bits 3.13: MMC power management improvements merged RTC wakeup_source enablement merged 3.14: ION cleaned up and merged in staging AOSP: binder 64bit abi rework

16 Community accomplishments 3.14: Functionfs support for configfs ongoing: dma-buf sync And of course more...

17 Linaro.Android branch maintenance Maintain the AOSP tree forward ported against Linus HEAD + a few extra fixes. linaro.android-3.12-merge linaro.android-3.13-merge linaro.android-3.14-merge Maintain linaro-specific fixes for LSK linaro.android-3.10-lsk

18 Current delta (3.14-rc1) 3.14-rc1 vs linaro.android-3.14-merge: b/net/netfilter/xt_qtaguid.c b/drivers/usb/gadget/android.c b/arch/arm/common/fiq_debugger.c b/drivers/cpufreq/cpufreq_interactive.c b/drivers/usb/gadget/f_mtp.c b/drivers/usb/gadget/f_accessory.c b/drivers/video/adf/adf.c b/drivers/video/adf/adf_fops.c b/drivers/staging/android/binder.c b/drivers/usb/gadget/f_audio_source.c b/drivers/video/adf/adf_client.c b/arch/arm/kernel/etm.c b/drivers/video/adf/adf_fbdev.c b/net/netfilter/xt_qtaguid_print.c files changed, insertions(+), deletions(-) 3.10-stable vs android-3.10: 354 files changed, insertions(+), 1422 deletions(-) 3.4-stable vs android-3.4: 1265 files changed, insertions(+), 5934 deletions(-)

19 Current delta (3.14-rc1) 3.14-rc1 vs linaro.android-3.14-merge: b/net/netfilter/xt_qtaguid.c b/drivers/usb/gadget/android.c b/arch/arm/common/fiq_debugger.c b/drivers/cpufreq/cpufreq_interactive.c b/drivers/usb/gadget/f_mtp.c b/drivers/usb/gadget/f_accessory.c b/drivers/video/adf/adf.c b/drivers/video/adf/adf_fops.c b/drivers/staging/android/binder.c b/drivers/usb/gadget/f_audio_source.c b/drivers/video/adf/adf_client.c b/arch/arm/kernel/etm.c b/drivers/video/adf/adf_fbdev.c b/net/netfilter/xt_qtaguid_print.c files changed, insertions(+), deletions(-) 3.10-stable vs android-3.10: 354 files changed, insertions(+), 1422 deletions(-) 3.4-stable vs android-3.4: 1265 files changed, insertions(+), 5934 deletions(-)

20 Next areas of focus ETM/ETB Android Gadget -> ConfigFS Gadget FIQ_Debugger ADF

21 Continuing work Netfilter ION / dmabuf allocation helpers Volatile Ranges Get ashmem out of staging Influence KDBUS development Unlikely to be a binder replacement as hoped Try to find areas where code can be shared Fair amount of memfd/ashmem overlap Continue to help with the Juice project Aiding with helping Android userland take advantage of upstreamed solutions mempressure notifiers sysrq-keyreset etc

22 Thank yous! Takahiro Akashi Serban Constantinescu Ulf Hansson Zoran Markovic Mathieu Poirier Jakub Pavelek

23 Open Discussion Netfilter related questions? What are specific kernel related pain-points for Android device development? Is anyone looking at ADF for their devices yet? Any adjustments in focus we need? Extra resources?

24 More about Linaro Connect: More about Linaro: More about Linaro engineering: Linaro members:

The HiKey AOSP collaborative experience

The HiKey AOSP collaborative experience Presented by John Stultz (With help from Amit Pundir, Guodong Xu, and Vishal Bhoj) Date BKK16-310 March 9, 2016 Event Linaro Connect BKK16 Outline HiKey in AOSP