Closed
Bug 960974
Opened 11 years ago
Closed 11 years ago
[hamachi] NetworkStats Alarms not working.
Categories
(Firefox OS Graveyard :: General, defect)
Tracking
(blocking-b2g:1.3+)
RESOLVED
FIXED
blocking-b2g | 1.3+ |
People
(Reporter: albert, Unassigned)
References
Details
(Keywords: regression, Whiteboard: [POVB])
Usage alarms are not working because of netd errors.
Usage alarms use netd to set alarms at a given threshold, and netd does it through iptables. The problem is that kernel of hamachi has some iptables netfilter modules disabled for ip6 and alarms can not be set.
From logcat:
I/Gecko ( 135): Network Worker: Sending 'bandwidth enable' command to netd.
E/BandwidthController( 136): runIptablesCmd(): failed /system/bin/ip6tables -F res=768
E/BandwidthController( 136): runIptablesCmd(): failed /system/bin/ip6tables -N costly_shared res=768
E/BandwidthController( 136): runIptablesCmd(): failed /system/bin/ip6tables -F INPUT res=768
E/BandwidthController( 136): runIptablesCmd(): failed /system/bin/ip6tables -A INPUT -i lo --jump ACCEPT res=768
E/BandwidthController( 136): runIptablesCmd(): failed /system/bin/ip6tables -A INPUT -m owner --socket-exists res=768
E/BandwidthController( 136): runIptablesCmd(): failed /system/bin/ip6tables -F OUTPUT res=768
E/BandwidthController( 136): runIptablesCmd(): failed /system/bin/ip6tables -A OUTPUT -o lo --jump ACCEPT res=768
E/BandwidthController( 136): runIptablesCmd(): failed /system/bin/ip6tables -A OUTPUT -m owner --socket-exists res=768
E/BandwidthController( 136): runIptablesCmd(): failed /system/bin/ip6tables -F costly_shared res=768
E/BandwidthController( 136): runIptablesCmd(): failed /system/bin/iptables -A costly_shared --jump penalty_box res=512
E/BandwidthController( 136): runIptablesCmd(): failed /system/bin/ip6tables -A costly_shared --jump penalty_box res=768
E/BandwidthController( 136): runIptablesCmd(): failed /system/bin/ip6tables -A costly_shared -m owner --socket-exists res=768
E/BandwidthController( 136): runIptablesCmd(): failed /system/bin/ip6tables -A costly_shared --jump ACCEPT res=768
An easy way to test if modules are enabled is:
adb shell ip6tables -L
ip6tables v1.4.11.1: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)
Perhaps ip6tables or your kernel needs to be upgraded.
Reporter | ||
Comment 1•11 years ago
|
||
Modules that must be enabled in the kernel are:
CONFIG_IP_NF_RAW
CONFIG_IP6_NF_TARGET_LOG
CONFIG_IP6_NF_FILTER
CONFIG_IP6_NF_MANGLE
CONFIG_IP6_NF_TARGET_REJECT
CONFIG_IP6_NF_TARGET_REJECT_SKERR
CONFIG_IP6_NF_RAW
CONFIG_IP6_NF_IPTABLES
Reporter | ||
Updated•11 years ago
|
Reporter | ||
Updated•11 years ago
|
blocking-b2g: --- → 1.3?
Reporter | ||
Updated•11 years ago
|
Summary: [HAMACHI] NetworkStats Alarms not working. → [hamachi] NetworkStats Alarms not working.
Hi Albert,
I add enabled CONFIG_IPXXXXX follow the comment#1,
Is the following shows right?
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Reporter | ||
Comment 3•11 years ago
|
||
(In reply to sync-1 from comment #2)
> Hi Albert,
> I add enabled CONFIG_IPXXXXX follow the comment#1,
> Is the following shows right?
>
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
>
> Chain FORWARD (policy ACCEPT)
> target prot opt source destination
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
Yes, it means that now netfilter for ip6 is enabled. To ensure that all is working fine could you try the following commands, please?
ip6tables -F
ip6tables -t raw -F
ip6tables -X
ip6tables -N costly_shared
ip6tables -N penalty_box
ip6tables -F INPUT
ip6tables -A INPUT -i lo --jump ACCEPT
ip6tables -A INPUT -m owner --socket-exists
ip6tables -F OUTPUT
ip6tables -A OUTPUT -o lo --jump ACCEPT
ip6tables -A OUTPUT -m owner --socket-exists
ip6tables -F costly_shared
ip6tables -A costly_shared --jump penalty_box
ip6tables -A costly_shared -m owner --socket-exists
ip6tables -A costly_shared --jump ACCEPT
ip6tables -N costly_wlan0
ip6tables -A costly_wlan0 -j penalty_box
ip6tables -A costly_wlan0 -m owner --socket-exists
ip6tables -A costly_wlan0 --jump ACCEPT
ip6tables -I INPUT 1 -i wlan0 --goto costly_wlan0
ip6tables -I OUTPUT 1 -o wlan0 --goto costly_wlan0
ip6tables -I costly_wlan0 -m quota2 ! --quota 10000000000 --name wlan0 --jump REJECT --reject-with icmp6-adm-prohibited
ip6tables -I costly_wlan0 1 -m quota2 ! --quota 10000000000 --name wlan0Alert
If you don't see any error it means all is rigth.
To remove all rules added with previous commands you have to insert these commands:
ip6tables -F
ip6tables -t raw -F
ip6tables -X
Comment 4•11 years ago
|
||
Albert - Triage needs a better understanding of impact. Can you clarify the impact of this bug a bit better with user impact?
Flags: needinfo?(acperez)
Reporter | ||
Comment 5•11 years ago
|
||
Usage alarms set in costcontrol won't work using the alarms implementation of NetworkStats API. So will be lag between when the threshold is reached and when the user is notified.
Flags: needinfo?(acperez)
Comment 6•11 years ago
|
||
Okay - that sounds bad. Blocking on this then.
blocking-b2g: 1.3? → 1.3+
Keywords: regression
(In reply to Albert [:albert] from comment #3)
> (In reply to sync-1 from comment #2)
> > Hi Albert,
> > I add enabled CONFIG_IPXXXXX follow the comment#1,
> > Is the following shows right?
> >
> > Chain INPUT (policy ACCEPT)
> > target prot opt source destination
> >
> > Chain FORWARD (policy ACCEPT)
> > target prot opt source destination
> >
> > Chain OUTPUT (policy ACCEPT)
> > target prot opt source destination
>
> Yes, it means that now netfilter for ip6 is enabled. To ensure that all is
> working fine could you try the following commands, please?
>
> ip6tables -F
> ip6tables -t raw -F
> ip6tables -X
> ip6tables -N costly_shared
> ip6tables -N penalty_box
> ip6tables -F INPUT
> ip6tables -A INPUT -i lo --jump ACCEPT
> ip6tables -A INPUT -m owner --socket-exists
> ip6tables -F OUTPUT
> ip6tables -A OUTPUT -o lo --jump ACCEPT
> ip6tables -A OUTPUT -m owner --socket-exists
> ip6tables -F costly_shared
> ip6tables -A costly_shared --jump penalty_box
> ip6tables -A costly_shared -m owner --socket-exists
> ip6tables -A costly_shared --jump ACCEPT
> ip6tables -N costly_wlan0
> ip6tables -A costly_wlan0 -j penalty_box
> ip6tables -A costly_wlan0 -m owner --socket-exists
> ip6tables -A costly_wlan0 --jump ACCEPT
> ip6tables -I INPUT 1 -i wlan0 --goto costly_wlan0
> ip6tables -I OUTPUT 1 -o wlan0 --goto costly_wlan0
> ip6tables -I costly_wlan0 -m quota2 ! --quota 10000000000 --name wlan0
> --jump REJECT --reject-with icmp6-adm-prohibited
> ip6tables -I costly_wlan0 1 -m quota2 ! --quota 10000000000 --name wlan0Alert
>
> If you don't see any error it means all is rigth.
>
> To remove all rules added with previous commands you have to insert these
> commands:
>
> ip6tables -F
> ip6tables -t raw -F
> ip6tables -X
I try all the command, not get any information.
root@android:/ # ip6tables -F
root@android:/ # ip6tables -t raw -F
root@android:/ # ip6tables -X
root@android:/ # ip6tables -N costly_shared
root@android:/ # ip6tables -N penalty_box
root@android:/ # ip6tables -F INPUT
root@android:/ # ip6tables -A INPUT -i lo --jump ACCEPT
root@android:/ # ip6tables -A INPUT -m owner --socket-exists
root@android:/ # ip6tables -F OUTPUT
root@android:/ # ip6tables -A OUTPUT -o lo --jump ACCEPT
root@android:/ # ip6tables -A OUTPUT -m owner --socket-exists
root@android:/ # ip6tables -F costly_shared
root@android:/ # ip6tables -A costly_shared --jump penalty_box
root@android:/ # ip6tables -A costly_shared -m owner --socket-exists
root@android:/ # ip6tables -A costly_shared --jump ACCEPT
root@android:/ # ip6tables -N costly_wlan0
root@android:/ # ip6tables -A costly_wlan0 -j penalty_box
root@android:/ # ip6tables -A costly_wlan0 -m owner --socket-exists
root@android:/ # ip6tables -A costly_wlan0 --jump ACCEPT
root@android:/ # ip6tables -I INPUT 1 -i wlan0 --goto costly_wlan0
root@android:/ # ip6tables -I OUTPUT 1 -o wlan0 --goto costly_wlan0
--jump REJECT --reject-with icmp6-adm-prohibited <
root@android:/ #
quota2 ! --quota 10000000000 --name wlan0Alert
Reporter | ||
Comment 8•11 years ago
|
||
That means all needed modules are enabled because you didn't get errors, so configuration is ok.
Comment 9•11 years ago
|
||
Is there anything else that needs to be done with this? Or is this just a kernel config issue?
Flags: needinfo?(acperez)
Reporter | ||
Comment 10•11 years ago
|
||
There is nothing else to be done, just a kernel config issue. All vendors will need to make this change in their kernel to make this feature work. We had received a new kernel from Buri manufacturer and it is working fine.
Flags: needinfo?(acperez)
Reporter | ||
Updated•11 years ago
|
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Updated•11 years ago
|
Whiteboard: [POVB]
You need to log in
before you can comment on or make changes to this bug.
Description
•