LineageOS/android_packages_modules_Connectivity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Take all VPN underlying networks into account when migrating traffic for

Browse Source 
VPN uid.

(cherry picked from commit c8dbdf35de)

Bug: 113122541
Bug: 120145746
Test: atest FrameworksNetTests
Test: Manually verified on device that stats from VPN UID are moved
      appropriately based on its declared underlying network set.
Test: vogar --mode app_process --benchmark NetworkStatsBenchmark.java

Change-Id: I7f368c5970b2dcb969fe0daf5ef44edb1f51d09d
This commit is contained in:
Varun Anand
2019-02-17 23:43:25 -08:00
committed by Lorenzo Colitti
parent 3c6fb30f24
commit 921b3f3e85
2 changed files with 214 additions and 122 deletions
Download Patch File Download Diff File Expand all files Collapse all files

330
core/java/android/net/NetworkStats.java
View File

@@ -18,6 +18,7 @@ package android.net;
import static android.os.Process.CLAT_UID; import static android.os.Process.CLAT_UID;
import android.annotation.NonNull;
import android.annotation.UnsupportedAppUsage; import android.annotation.UnsupportedAppUsage;
import android.os.Parcel; import android.os.Parcel;
import android.os.Parcelable; import android.os.Parcelable;
@@ -1175,133 +1176,217 @@ public class NetworkStats implements Parcelable {
/** /**
* VPN accounting. Move some VPN's underlying traffic to other UIDs that use tun0 iface. * VPN accounting. Move some VPN's underlying traffic to other UIDs that use tun0 iface.
* *
* This method should only be called on delta NetworkStats. Do not call this method on a * <p>This method should only be called on delta NetworkStats. Do not call this method on a
* snapshot {@link NetworkStats} object because the tunUid and/or the underlyingIface may * snapshot {@link NetworkStats} object because the tunUid and/or the underlyingIface may change
* change over time. * over time.
* *
* This method performs adjustments for one active VPN package and one VPN iface at a time. * <p>This method performs adjustments for one active VPN package and one VPN iface at a time.
*
* It is possible for the VPN software to use multiple underlying networks. This method
* only migrates traffic for the primary underlying network.
* *
* @param tunUid uid of the VPN application * @param tunUid uid of the VPN application
* @param tunIface iface of the vpn tunnel * @param tunIface iface of the vpn tunnel
* @param underlyingIface the primary underlying network iface used by the VPN application * @param underlyingIfaces underlying network ifaces used by the VPN application
* @return true if it successfully adjusts the accounting for VPN, false otherwise
*/ */
public boolean migrateTun(int tunUid, String tunIface, String underlyingIface) { public void migrateTun(int tunUid, @NonNull String tunIface,
Entry tunIfaceTotal = new Entry(); @NonNull String[] underlyingIfaces) {
Entry underlyingIfaceTotal = new Entry(); // Combined usage by all apps using VPN.
final Entry tunIfaceTotal = new Entry();
// Usage by VPN, grouped by its {@code underlyingIfaces}.
final Entry[] perInterfaceTotal = new Entry[underlyingIfaces.length];
// Usage by VPN, summed across all its {@code underlyingIfaces}.
final Entry underlyingIfacesTotal = new Entry();
tunAdjustmentInit(tunUid, tunIface, underlyingIface, tunIfaceTotal, underlyingIfaceTotal); for (int i = 0; i < perInterfaceTotal.length; i++) {
perInterfaceTotal[i] = new Entry();
}
// If tunIface < underlyingIface, it leaves the overhead traffic in the VPN app. tunAdjustmentInit(tunUid, tunIface, underlyingIfaces, tunIfaceTotal, perInterfaceTotal,
// If tunIface > underlyingIface, the VPN app doesn't get credit for data compression. underlyingIfacesTotal);
// If tunIface < underlyingIfacesTotal, it leaves the overhead traffic in the VPN app.
// If tunIface > underlyingIfacesTotal, the VPN app doesn't get credit for data compression.
// Negative stats should be avoided. // Negative stats should be avoided.
Entry pool = tunGetPool(tunIfaceTotal, underlyingIfaceTotal); final Entry[] moved =
if (pool.isEmpty()) { addTrafficToApplications(tunUid, tunIface, underlyingIfaces, tunIfaceTotal,
return true; perInterfaceTotal, underlyingIfacesTotal);
} deductTrafficFromVpnApp(tunUid, underlyingIfaces, moved);
Entry moved =
addTrafficToApplications(tunUid, tunIface, underlyingIface, tunIfaceTotal, pool);
deductTrafficFromVpnApp(tunUid, underlyingIface, moved);
if (!moved.isEmpty()) {
Slog.wtf(TAG, "Failed to deduct underlying network traffic from VPN package. Moved="
+ moved);
return false;
}
return true;
} }
/** /**
* Initializes the data used by the migrateTun() method. * Initializes the data used by the migrateTun() method.
* *
* This is the first pass iteration which does the following work: * <p>This is the first pass iteration which does the following work:
* (1) Adds up all the traffic through the tunUid's underlyingIface *
* (both foreground and background). * <ul>
* (2) Adds up all the traffic through tun0 excluding traffic from the vpn app itself. * <li>Adds up all the traffic through the tunUid's underlyingIfaces (both foreground and
* background).
* <li>Adds up all the traffic through tun0 excluding traffic from the vpn app itself.
* </ul>
*
* @param tunUid uid of the VPN application
* @param tunIface iface of the vpn tunnel
* @param underlyingIfaces underlying network ifaces used by the VPN application
* @param tunIfaceTotal output parameter; combined data usage by all apps using VPN
* @param perInterfaceTotal output parameter; data usage by VPN app, grouped by its {@code
* underlyingIfaces}
* @param underlyingIfacesTotal output parameter; data usage by VPN, summed across all of its
* {@code underlyingIfaces}
*/ */
private void tunAdjustmentInit(int tunUid, String tunIface, String underlyingIface, private void tunAdjustmentInit(int tunUid, @NonNull String tunIface,
Entry tunIfaceTotal, Entry underlyingIfaceTotal) { @NonNull String[] underlyingIfaces, @NonNull Entry tunIfaceTotal,
Entry recycle = new Entry(); @NonNull Entry[] perInterfaceTotal, @NonNull Entry underlyingIfacesTotal) {
final Entry recycle = new Entry();
for (int i = 0; i < size; i++) { for (int i = 0; i < size; i++) {
getValues(i, recycle); getValues(i, recycle);
if (recycle.uid == UID_ALL) { if (recycle.uid == UID_ALL) {
throw new IllegalStateException( throw new IllegalStateException(
"Cannot adjust VPN accounting on an iface aggregated NetworkStats."); "Cannot adjust VPN accounting on an iface aggregated NetworkStats.");
} if (recycle.set == SET_DBG_VPN_IN || recycle.set == SET_DBG_VPN_OUT) { }
if (recycle.set == SET_DBG_VPN_IN || recycle.set == SET_DBG_VPN_OUT) {
throw new IllegalStateException( throw new IllegalStateException(
"Cannot adjust VPN accounting on a NetworkStats containing SET_DBG_VPN_*"); "Cannot adjust VPN accounting on a NetworkStats containing SET_DBG_VPN_*");
} }
if (recycle.tag != TAG_NONE) {
if (recycle.uid == tunUid && recycle.tag == TAG_NONE // TODO(b/123666283): Take all tags for tunUid into account.
&& Objects.equals(underlyingIface, recycle.iface)) { continue;
underlyingIfaceTotal.add(recycle);
} }
if (recycle.uid != tunUid && recycle.tag == TAG_NONE if (recycle.uid == tunUid) {
&& Objects.equals(tunIface, recycle.iface)) { // Add up traffic through tunUid's underlying interfaces.
for (int j = 0; j < underlyingIfaces.length; j++) {
if (Objects.equals(underlyingIfaces[j], recycle.iface)) {
perInterfaceTotal[j].add(recycle);
underlyingIfacesTotal.add(recycle);
break;
}
}
} else if (tunIface.equals(recycle.iface)) {
// Add up all tunIface traffic excluding traffic from the vpn app itself. // Add up all tunIface traffic excluding traffic from the vpn app itself.
tunIfaceTotal.add(recycle); tunIfaceTotal.add(recycle);
} }
} }
} }
private static Entry tunGetPool(Entry tunIfaceTotal, Entry underlyingIfaceTotal) { /**
Entry pool = new Entry(); * Distributes traffic across apps that are using given {@code tunIface}, and returns the total
pool.rxBytes = Math.min(tunIfaceTotal.rxBytes, underlyingIfaceTotal.rxBytes); * traffic that should be moved off of {@code tunUid} grouped by {@code underlyingIfaces}.
pool.rxPackets = Math.min(tunIfaceTotal.rxPackets, underlyingIfaceTotal.rxPackets); *
pool.txBytes = Math.min(tunIfaceTotal.txBytes, underlyingIfaceTotal.txBytes); * @param tunUid uid of the VPN application
pool.txPackets = Math.min(tunIfaceTotal.txPackets, underlyingIfaceTotal.txPackets); * @param tunIface iface of the vpn tunnel
pool.operations = Math.min(tunIfaceTotal.operations, underlyingIfaceTotal.operations); * @param underlyingIfaces underlying network ifaces used by the VPN application
return pool; * @param tunIfaceTotal combined data usage across all apps using {@code tunIface}
} * @param perInterfaceTotal data usage by VPN app, grouped by its {@code underlyingIfaces}
* @param underlyingIfacesTotal data usage by VPN, summed across all of its {@code
* underlyingIfaces}
*/
private Entry[] addTrafficToApplications(int tunUid, @NonNull String tunIface,
@NonNull String[] underlyingIfaces, @NonNull Entry tunIfaceTotal,
@NonNull Entry[] perInterfaceTotal, @NonNull Entry underlyingIfacesTotal) {
// Traffic that should be moved off of each underlying interface for tunUid (see
// deductTrafficFromVpnApp below).
final Entry[] moved = new Entry[underlyingIfaces.length];
for (int i = 0; i < underlyingIfaces.length; i++) {
moved[i] = new Entry();
}
private Entry addTrafficToApplications(int tunUid, String tunIface, String underlyingIface, final Entry tmpEntry = new Entry();
Entry tunIfaceTotal, Entry pool) {
Entry moved = new Entry();
Entry tmpEntry = new Entry();
tmpEntry.iface = underlyingIface;
for (int i = 0; i < size; i++) { for (int i = 0; i < size; i++) {
// the vpn app is excluded from the redistribution but all moved traffic will be if (!Objects.equals(iface[i], tunIface)) {
// deducted from the vpn app (see deductTrafficFromVpnApp below). // Consider only entries that go onto the VPN interface.
if (Objects.equals(iface[i], tunIface) && uid[i] != tunUid) { continue;
if (tunIfaceTotal.rxBytes > 0) { }
tmpEntry.rxBytes = pool.rxBytes * rxBytes[i] / tunIfaceTotal.rxBytes; if (uid[i] == tunUid) {
} else { // Exclude VPN app from the redistribution, as it can choose to create packet
tmpEntry.rxBytes = 0; // streams by writing to itself.
} continue;
if (tunIfaceTotal.rxPackets > 0) { }
tmpEntry.rxPackets = pool.rxPackets * rxPackets[i] / tunIfaceTotal.rxPackets; tmpEntry.uid = uid[i];
} else { tmpEntry.tag = tag[i];
tmpEntry.rxPackets = 0; tmpEntry.metered = metered[i];
} tmpEntry.roaming = roaming[i];
if (tunIfaceTotal.txBytes > 0) { tmpEntry.defaultNetwork = defaultNetwork[i];
tmpEntry.txBytes = pool.txBytes * txBytes[i] / tunIfaceTotal.txBytes;
} else { // In a first pass, compute each UID's total share of data across all underlyingIfaces.
tmpEntry.txBytes = 0; // This is computed on the basis of the share of each UID's usage over tunIface.
} // TODO: Consider refactoring first pass into a separate helper method.
if (tunIfaceTotal.txPackets > 0) { long totalRxBytes = 0;
tmpEntry.txPackets = pool.txPackets * txPackets[i] / tunIfaceTotal.txPackets; if (tunIfaceTotal.rxBytes > 0) {
} else { // Note - The multiplication below should not overflow since NetworkStatsService
tmpEntry.txPackets = 0; // processes this every time device has transmitted/received amount equivalent to
} // global threshold alert (~ 2MB) across all interfaces.
if (tunIfaceTotal.operations > 0) { final long rxBytesAcrossUnderlyingIfaces =
tmpEntry.operations = underlyingIfacesTotal.rxBytes * rxBytes[i] / tunIfaceTotal.rxBytes;
pool.operations * operations[i] / tunIfaceTotal.operations; // app must not be blamed for more than it consumed on tunIface
} else { totalRxBytes = Math.min(rxBytes[i], rxBytesAcrossUnderlyingIfaces);
tmpEntry.operations = 0; }
} long totalRxPackets = 0;
tmpEntry.uid = uid[i]; if (tunIfaceTotal.rxPackets > 0) {
tmpEntry.tag = tag[i]; final long rxPacketsAcrossUnderlyingIfaces =
underlyingIfacesTotal.rxPackets * rxPackets[i] / tunIfaceTotal.rxPackets;
totalRxPackets = Math.min(rxPackets[i], rxPacketsAcrossUnderlyingIfaces);
}
long totalTxBytes = 0;
if (tunIfaceTotal.txBytes > 0) {
final long txBytesAcrossUnderlyingIfaces =
underlyingIfacesTotal.txBytes * txBytes[i] / tunIfaceTotal.txBytes;
totalTxBytes = Math.min(txBytes[i], txBytesAcrossUnderlyingIfaces);
}
long totalTxPackets = 0;
if (tunIfaceTotal.txPackets > 0) {
final long txPacketsAcrossUnderlyingIfaces =
underlyingIfacesTotal.txPackets * txPackets[i] / tunIfaceTotal.txPackets;
totalTxPackets = Math.min(txPackets[i], txPacketsAcrossUnderlyingIfaces);
}
long totalOperations = 0;
if (tunIfaceTotal.operations > 0) {
final long operationsAcrossUnderlyingIfaces =
underlyingIfacesTotal.operations * operations[i] / tunIfaceTotal.operations;
totalOperations = Math.min(operations[i], operationsAcrossUnderlyingIfaces);
}
// In a second pass, distribute these values across interfaces in the proportion that
// each interface represents of the total traffic of the underlying interfaces.
for (int j = 0; j < underlyingIfaces.length; j++) {
tmpEntry.iface = underlyingIfaces[j];
tmpEntry.rxBytes = 0;
// Reset 'set' to correct value since it gets updated when adding debug info below.
tmpEntry.set = set[i]; tmpEntry.set = set[i];
tmpEntry.metered = metered[i]; if (underlyingIfacesTotal.rxBytes > 0) {
tmpEntry.roaming = roaming[i]; tmpEntry.rxBytes =
tmpEntry.defaultNetwork = defaultNetwork[i]; totalRxBytes
* perInterfaceTotal[j].rxBytes
/ underlyingIfacesTotal.rxBytes;
}
tmpEntry.rxPackets = 0;
if (underlyingIfacesTotal.rxPackets > 0) {
tmpEntry.rxPackets =
totalRxPackets
* perInterfaceTotal[j].rxPackets
/ underlyingIfacesTotal.rxPackets;
}
tmpEntry.txBytes = 0;
if (underlyingIfacesTotal.txBytes > 0) {
tmpEntry.txBytes =
totalTxBytes
* perInterfaceTotal[j].txBytes
/ underlyingIfacesTotal.txBytes;
}
tmpEntry.txPackets = 0;
if (underlyingIfacesTotal.txPackets > 0) {
tmpEntry.txPackets =
totalTxPackets
* perInterfaceTotal[j].txPackets
/ underlyingIfacesTotal.txPackets;
}
tmpEntry.operations = 0;
if (underlyingIfacesTotal.operations > 0) {
tmpEntry.operations =
totalOperations
* perInterfaceTotal[j].operations
/ underlyingIfacesTotal.operations;
}
combineValues(tmpEntry); combineValues(tmpEntry);
if (tag[i] == TAG_NONE) { if (tag[i] == TAG_NONE) {
moved.add(tmpEntry); moved[j].add(tmpEntry);
// Add debug info // Add debug info
tmpEntry.set = SET_DBG_VPN_IN; tmpEntry.set = SET_DBG_VPN_IN;
combineValues(tmpEntry); combineValues(tmpEntry);
@@ -1311,38 +1396,45 @@ public class NetworkStats implements Parcelable {
return moved; return moved;
} }
private void deductTrafficFromVpnApp(int tunUid, String underlyingIface, Entry moved) { private void deductTrafficFromVpnApp(
// Add debug info int tunUid,
moved.uid = tunUid; @NonNull String[] underlyingIfaces,
moved.set = SET_DBG_VPN_OUT; @NonNull Entry[] moved) {
moved.tag = TAG_NONE; for (int i = 0; i < underlyingIfaces.length; i++) {
moved.iface = underlyingIface; // Add debug info
moved.metered = METERED_ALL; moved[i].uid = tunUid;
moved.roaming = ROAMING_ALL; moved[i].set = SET_DBG_VPN_OUT;
moved.defaultNetwork = DEFAULT_NETWORK_ALL; moved[i].tag = TAG_NONE;
combineValues(moved); moved[i].iface = underlyingIfaces[i];
moved[i].metered = METERED_ALL;
moved[i].roaming = ROAMING_ALL;
moved[i].defaultNetwork = DEFAULT_NETWORK_ALL;
combineValues(moved[i]);
// Caveat: if the vpn software uses tag, the total tagged traffic may be greater than // Caveat: if the vpn software uses tag, the total tagged traffic may be greater than
// the TAG_NONE traffic. // the TAG_NONE traffic.
// //
// Relies on the fact that the underlying traffic only has state ROAMING_NO and METERED_NO, // Relies on the fact that the underlying traffic only has state ROAMING_NO and
// which should be the case as it comes directly from the /proc file. We only blend in the // METERED_NO, which should be the case as it comes directly from the /proc file.
// roaming data after applying these adjustments, by checking the NetworkIdentity of the // We only blend in the roaming data after applying these adjustments, by checking the
// underlying iface. // NetworkIdentity of the underlying iface.
int idxVpnBackground = findIndex(underlyingIface, tunUid, SET_DEFAULT, TAG_NONE, final int idxVpnBackground = findIndex(underlyingIfaces[i], tunUid, SET_DEFAULT,
METERED_NO, ROAMING_NO, DEFAULT_NETWORK_NO); TAG_NONE, METERED_NO, ROAMING_NO, DEFAULT_NETWORK_NO);
if (idxVpnBackground != -1) { if (idxVpnBackground != -1) {
tunSubtract(idxVpnBackground, this, moved); // Note - tunSubtract also updates moved[i]; whatever traffic that's left is removed
} // from foreground usage.
tunSubtract(idxVpnBackground, this, moved[i]);
}
int idxVpnForeground = findIndex(underlyingIface, tunUid, SET_FOREGROUND, TAG_NONE, final int idxVpnForeground = findIndex(underlyingIfaces[i], tunUid, SET_FOREGROUND,
METERED_NO, ROAMING_NO, DEFAULT_NETWORK_NO); TAG_NONE, METERED_NO, ROAMING_NO, DEFAULT_NETWORK_NO);
if (idxVpnForeground != -1) { if (idxVpnForeground != -1) {
tunSubtract(idxVpnForeground, this, moved); tunSubtract(idxVpnForeground, this, moved[i]);
}
} }
} }
private static void tunSubtract(int i, NetworkStats left, Entry right) { private static void tunSubtract(int i, @NonNull NetworkStats left, @NonNull Entry right) {
long rxBytes = Math.min(left.rxBytes[i], right.rxBytes); long rxBytes = Math.min(left.rxBytes[i], right.rxBytes);
left.rxBytes[i] -= rxBytes; left.rxBytes[i] -= rxBytes;
right.rxBytes -= rxBytes; right.rxBytes -= rxBytes;

6
services/core/java/com/android/server/net/NetworkStatsRecorder.java
View File

@@ -41,10 +41,10 @@ import com.android.internal.net.VpnInfo;
import com.android.internal.util.FileRotator; import com.android.internal.util.FileRotator;
import com.android.internal.util.IndentingPrintWriter; import com.android.internal.util.IndentingPrintWriter;
import libcore.io.IoUtils;
import com.google.android.collect.Sets; import com.google.android.collect.Sets;
import libcore.io.IoUtils;
import java.io.ByteArrayOutputStream; import java.io.ByteArrayOutputStream;
import java.io.DataOutputStream; import java.io.DataOutputStream;
import java.io.File; import java.io.File;
@@ -234,7 +234,7 @@ public class NetworkStatsRecorder {
if (vpnArray != null) { if (vpnArray != null) {
for (VpnInfo info : vpnArray) { for (VpnInfo info : vpnArray) {
delta.migrateTun(info.ownerUid, info.vpnIface, info.primaryUnderlyingIface); delta.migrateTun(info.ownerUid, info.vpnIface, info.underlyingIfaces);
} }
} }