John Stultz & Mathieu Poirier, LCA14-503, Macau
Android Upstreaming:
Netfilter, Status & Discussion
Overview
• Mathieu will cover his recent Netfilter work
• General status on Android Upstreaming
• Open discussion
Android Netfilter Changes
Mathieu Poirier
Netfilter requirements for Android
• Capture traffic per application and service
• Distinguish between data streams (downl...
Current solution:
3 netfilter modules:
• xt_qtaguid (quota, tag, uid)
• xt_quota2
• xt_idletimer
xt_qtaguid
• Quota, socket tagging, UID tracking
• Tracks all ingress/egress packets
• Tracks all interface statistics
• L...
xt_quota2 and xt_IDLETIMER
xt_quota2
• Imported from xtables-addons
• Add quotas to iptable rules
• Send uevent on quota h...
Why it can’t go upstream?
• xt_qtaguid does a lot of things that should be
better handled in userspace.
• xt_quota2 duplic...
Suggested proposal
• Use NFQUEUE to replace xt_qtaguid (JPA at
Google)
• Initial concerns about efficiency but Eric Dumaze...
Work done at Linaro
• Enhance xt_nfacct.c with quota capabilities
• Enhance iptables with the capability to define
packet/...
Where is the code?
xt_nfacct enhancements:
http://marc.info/?l=netfilter-devel&m=139084250124821&w=2
iptables additions:
h...
Current Status (Linaro)
• Port of nfacct to libnl2.0 is done and pushed to AOSP.
• Iptables changes are considered done - ...
• JP’s investigation on nfqueue has been stalled by internal
projects (android64).
• The new full libnl2.0 doesn’t work wi...
Android Upstreaming Status
John Stultz
Recent accomplishments
3.12: key reset upstreaming completed
powersupply wakeup_source enablement merged
binder type clean...
Community accomplishments
3.14: Functionfs support for configfs
ongoing: dma-buf sync
And of course more...
Linaro.Android branch maintenance
Maintain the AOSP tree forward ported against
Linus’ HEAD + a few extra fixes.
linaro.an...
Current delta (3.14-rc1)
3.14-rc1 vs linaro.android-3.14-merge:
b/net/netfilter/xt_qtaguid.c | 3021 ++++++++++++++++++++++...
Current delta (3.14-rc1)
3.14-rc1 vs linaro.android-3.14-merge:
b/net/netfilter/xt_qtaguid.c | 3021 ++++++++++++++++++++++...
Next areas of focus
• ETM/ETB
• Android Gadget -> ConfigFS Gadget
• FIQ_Debugger
• ADF
Continuing work
• Netfilter
• ION / dmabuf allocation helpers
• Volatile Ranges
• Get ashmem out of staging
• Influence KD...
Thank yous!
• Takahiro Akashi
• Serban Constantinescu
• Ulf Hansson
• Zoran Markovic
• Mathieu Poirier
• Jakub Pavelek
Open Discussion
• Netfilter related questions?
• What are specific kernel related pain-points for Android
device developme...
More about Linaro Connect: http://connect.linaro.org
More about Linaro: http://www.linaro.org/about/
More about Linaro eng...
Upcoming SlideShare
Loading in …5
×

LCA14: LCA14-503: Android Upstreaming: Status, Netfilter & open discussion

6,270 views

Published on

Resource: LCA14
Name: LCA14-503: Android Upstreaming: Status, Netfilter & open discussion
Date: 07-03-2014
Speaker: John Stultz & Mathieu Poirier
Video: https://www.youtube.com/watch?v=PyHdw-VReFM
Website: http://www.linaro.org/
Linaro Connect: http://connect.linaro.org/
Slide: https://www.slideshare.net/linaroorg/lca14-503-androidupstreamingstatusnetfilteropendiscussion

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
6,270
On SlideShare
0
From Embeds
0
Number of Embeds
15
Actions
Shares
0
Downloads
12
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

LCA14: LCA14-503: Android Upstreaming: Status, Netfilter & open discussion

  1. 1. John Stultz & Mathieu Poirier, LCA14-503, Macau Android Upstreaming: Netfilter, Status & Discussion
  2. 2. Overview • Mathieu will cover his recent Netfilter work • General status on Android Upstreaming • Open discussion
  3. 3. Android Netfilter Changes Mathieu Poirier
  4. 4. Netfilter requirements for Android • Capture traffic per application and service • Distinguish between data streams (downloads, video, chat, …) • Support the notion of quotas. • Allow 3rd party applications to track and collect their own data.
  5. 5. Current solution: 3 netfilter modules: • xt_qtaguid (quota, tag, uid) • xt_quota2 • xt_idletimer
  6. 6. xt_qtaguid • Quota, socket tagging, UID tracking • Tracks all ingress/egress packets • Tracks all interface statistics • Let applications tag and delegate their own sockets • Count SKB against looked-up TAG+UID • Replaces “drivers/misc/uid_stats.c”
  7. 7. xt_quota2 and xt_IDLETIMER xt_quota2 • Imported from xtables-addons • Add quotas to iptable rules • Send uevent on quota hit xt_IDLETIMER • Help ConnectivityService deal with quiet interfaces • Keeps track of interfaces coming online. • (I need to read more on this)
  8. 8. Why it can’t go upstream? • xt_qtaguid does a lot of things that should be better handled in userspace. • xt_quota2 duplicates functionality already in place in the nfaccounting framework. • xt_IDLETIMER may no longer be needed - need to review when the above two are dealt with.
  9. 9. Suggested proposal • Use NFQUEUE to replace xt_qtaguid (JPA at Google) • Initial concerns about efficiency but Eric Dumazet assured it wouldn’t be a problem at Linux Plumbers in New Orleans last year. • Extend xt_nfacct with quota capabilities to replace xt_quota2 (Linaro)
  10. 10. Work done at Linaro • Enhance xt_nfacct.c with quota capabilities • Enhance iptables with the capability to define packet/byte quotas for “-m nfacct” • Port userspace tool “nfacct” from “libnfnl” to “libnl2.0”. • Add a broadcast group to inform userspace of quota attainment.
  11. 11. Where is the code? xt_nfacct enhancements: http://marc.info/?l=netfilter-devel&m=139084250124821&w=2 iptables additions: https://git.linaro.org/people/mathieu.poirier/iptables.git Port of nfacct application to libnl2.0: http://android.git.linaro.org/gitweb?p=platform/external/nfacct.git;a=summary (linaro)
  12. 12. Current Status (Linaro) • Port of nfacct to libnl2.0 is done and pushed to AOSP. • Iptables changes are considered done - may need minor tweaks based on pending upstream merge of xt_nfacct changes. • xt_nfacct is currently considered for review by the upstream community. • Found a problem with nfnetlink accounting - fixing the issue may introduce a delay. • Hopefully accepted in 3.15, 3.16 a more likely target. • JP’s investigation has been stalled by internal project - we may have to pick up the work but reluctant based on heavy coupling with Android userspace.
  13. 13. • JP’s investigation on nfqueue has been stalled by internal projects (android64). • The new full libnl2.0 doesn’t work with wpa_supplicant - something they need to look into. • Delays in getting xt_nfacct changes accepted doesn’t matter because of this issue. • Integration of nfacct with BandwithController not started. • Getting libnl2.0 working is top priority because is solves other issues with the current libnl. Current Status (Google)
  14. 14. Android Upstreaming Status John Stultz
  15. 15. Recent accomplishments 3.12: key reset upstreaming completed powersupply wakeup_source enablement merged binder type cleanups for 64bits 3.13: MMC power management improvements merged RTC wakeup_source enablement merged 3.14: ION cleaned up and merged in staging AOSP: binder 64bit abi rework
  16. 16. Community accomplishments 3.14: Functionfs support for configfs ongoing: dma-buf sync And of course more...
  17. 17. Linaro.Android branch maintenance Maintain the AOSP tree forward ported against Linus’ HEAD + a few extra fixes. linaro.android-3.12-merge linaro.android-3.13-merge linaro.android-3.14-merge Maintain linaro-specific fixes for LSK linaro.android-3.10-lsk
  18. 18. Current delta (3.14-rc1) 3.14-rc1 vs linaro.android-3.14-merge: b/net/netfilter/xt_qtaguid.c | 3021 ++++++++++++++++++++++++ b/drivers/usb/gadget/android.c | 1566 ++++++++++++ b/arch/arm/common/fiq_debugger.c | 1376 ++++++++++ b/drivers/cpufreq/cpufreq_interactive.c | 1343 ++++++++++ b/drivers/usb/gadget/f_mtp.c | 1285 ++++++++++ b/drivers/usb/gadget/f_accessory.c | 1180 +++++++++ b/drivers/video/adf/adf.c | 1166 +++++++++ b/drivers/video/adf/adf_fops.c | 957 +++++++ b/drivers/staging/android/binder.c | 867 +++++- b/drivers/usb/gadget/f_audio_source.c | 828 ++++++ b/drivers/video/adf/adf_client.c | 810 ++++++ b/arch/arm/kernel/etm.c | 678 ++++- b/drivers/video/adf/adf_fbdev.c | 651 +++++ b/net/netfilter/xt_qtaguid_print.c | 566 ++++ ... 292 files changed, 30024 insertions(+), 1234 deletions(-) 3.10-stable vs android-3.10: 354 files changed, 35472 insertions(+), 1422 deletions(-) 3.4-stable vs android-3.4: 1265 files changed, 148684 insertions(+), 5934 deletions(-)
  19. 19. Current delta (3.14-rc1) 3.14-rc1 vs linaro.android-3.14-merge: b/net/netfilter/xt_qtaguid.c | 3021 ++++++++++++++++++++++++ b/drivers/usb/gadget/android.c | 1566 ++++++++++++ b/arch/arm/common/fiq_debugger.c | 1376 ++++++++++ b/drivers/cpufreq/cpufreq_interactive.c | 1343 ++++++++++ b/drivers/usb/gadget/f_mtp.c | 1285 ++++++++++ b/drivers/usb/gadget/f_accessory.c | 1180 +++++++++ b/drivers/video/adf/adf.c | 1166 +++++++++ b/drivers/video/adf/adf_fops.c | 957 +++++++ b/drivers/staging/android/binder.c | 867 +++++- b/drivers/usb/gadget/f_audio_source.c | 828 ++++++ b/drivers/video/adf/adf_client.c | 810 ++++++ b/arch/arm/kernel/etm.c | 678 ++++- b/drivers/video/adf/adf_fbdev.c | 651 +++++ b/net/netfilter/xt_qtaguid_print.c | 566 ++++ ... 292 files changed, 30024 insertions(+), 1234 deletions(-) 3.10-stable vs android-3.10: 354 files changed, 35472 insertions(+), 1422 deletions(-) 3.4-stable vs android-3.4: 1265 files changed, 148684 insertions(+), 5934 deletions(-)
  20. 20. Next areas of focus • ETM/ETB • Android Gadget -> ConfigFS Gadget • FIQ_Debugger • ADF
  21. 21. Continuing work • Netfilter • ION / dmabuf allocation helpers • Volatile Ranges • Get ashmem out of staging • Influence KDBUS development • Unlikely to be a binder replacement as hoped • Try to find areas where code can be shared • Fair amount of memfd/ashmem overlap • Continue to help with the Juice project • Aiding with helping Android userland take advantage of upstreamed solutions • mempressure notifiers • sysrq-keyreset • etc
  22. 22. Thank yous! • Takahiro Akashi • Serban Constantinescu • Ulf Hansson • Zoran Markovic • Mathieu Poirier • Jakub Pavelek
  23. 23. Open Discussion • Netfilter related questions? • What are specific kernel related pain-points for Android device development? • Is anyone looking at ADF for their devices yet? • Any adjustments in focus we need? • Extra resources?
  24. 24. More about Linaro Connect: http://connect.linaro.org More about Linaro: http://www.linaro.org/about/ More about Linaro engineering: http://www.linaro.org/engineering/ Linaro members: www.linaro.org/members

×