[hamachi] NetworkStats Alarms not working.

RESOLVED FIXED

Status

RESOLVED FIXED
5 years ago
4 years ago

People

(Reporter: albert, Unassigned)

Tracking

({regression})

unspecified
ARM
Gonk (Firefox OS)
regression
Dependency tree / graph

Firefox Tracking Flags

(blocking-b2g:1.3+)

Details

(Whiteboard: [POVB])

(Reporter)

Description

5 years ago
Usage alarms are not working because of netd errors.

Usage alarms use netd to set alarms at a given threshold, and netd does it through iptables. The problem is that kernel of hamachi has some iptables netfilter modules disabled for ip6 and alarms can not be set.

From logcat:
I/Gecko   (  135): Network Worker: Sending 'bandwidth enable' command to netd.
E/BandwidthController(  136): runIptablesCmd(): failed /system/bin/ip6tables -F res=768
E/BandwidthController(  136): runIptablesCmd(): failed /system/bin/ip6tables -N costly_shared res=768
E/BandwidthController(  136): runIptablesCmd(): failed /system/bin/ip6tables -F INPUT res=768
E/BandwidthController(  136): runIptablesCmd(): failed /system/bin/ip6tables -A INPUT -i lo --jump ACCEPT res=768
E/BandwidthController(  136): runIptablesCmd(): failed /system/bin/ip6tables -A INPUT -m owner --socket-exists res=768
E/BandwidthController(  136): runIptablesCmd(): failed /system/bin/ip6tables -F OUTPUT res=768
E/BandwidthController(  136): runIptablesCmd(): failed /system/bin/ip6tables -A OUTPUT -o lo --jump ACCEPT res=768
E/BandwidthController(  136): runIptablesCmd(): failed /system/bin/ip6tables -A OUTPUT -m owner --socket-exists res=768
E/BandwidthController(  136): runIptablesCmd(): failed /system/bin/ip6tables -F costly_shared res=768
E/BandwidthController(  136): runIptablesCmd(): failed /system/bin/iptables -A costly_shared --jump penalty_box res=512
E/BandwidthController(  136): runIptablesCmd(): failed /system/bin/ip6tables -A costly_shared --jump penalty_box res=768
E/BandwidthController(  136): runIptablesCmd(): failed /system/bin/ip6tables -A costly_shared -m owner --socket-exists res=768
E/BandwidthController(  136): runIptablesCmd(): failed /system/bin/ip6tables -A costly_shared --jump ACCEPT res=768

An easy way to test if modules are enabled is:
  adb shell ip6tables -L

ip6tables v1.4.11.1: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)
Perhaps ip6tables or your kernel needs to be upgraded.
(Reporter)

Comment 1

5 years ago
Modules that must be enabled in the kernel are:

  CONFIG_IP_NF_RAW
  CONFIG_IP6_NF_TARGET_LOG
  CONFIG_IP6_NF_FILTER
  CONFIG_IP6_NF_MANGLE
  CONFIG_IP6_NF_TARGET_REJECT
  CONFIG_IP6_NF_TARGET_REJECT_SKERR
  CONFIG_IP6_NF_RAW
  CONFIG_IP6_NF_IPTABLES
(Reporter)

Updated

5 years ago
Blocks: 858005, 850125
(Reporter)

Updated

5 years ago
blocking-b2g: --- → 1.3?
(Reporter)

Updated

5 years ago
Summary: [HAMACHI] NetworkStats Alarms not working. → [hamachi] NetworkStats Alarms not working.

Comment 2

5 years ago
Hi Albert, 
I add enabled CONFIG_IPXXXXX follow the comment#1, 
Is the following shows right?

Chain INPUT (policy ACCEPT)
target     prot opt source               destination        

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination        

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
(Reporter)

Comment 3

5 years ago
(In reply to sync-1 from comment #2)
> Hi Albert, 
> I add enabled CONFIG_IPXXXXX follow the comment#1, 
> Is the following shows right?
> 
> Chain INPUT (policy ACCEPT)
> target     prot opt source               destination        
> 
> Chain FORWARD (policy ACCEPT)
> target     prot opt source               destination        
> 
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination

Yes, it means that now netfilter for ip6 is enabled. To ensure that all is working fine could you try the following commands, please?

ip6tables -F                                                  
ip6tables -t raw -F                                           
ip6tables -X                                                  
ip6tables -N costly_shared
ip6tables -N penalty_box
ip6tables -F INPUT
ip6tables -A INPUT -i lo --jump ACCEPT 
ip6tables -A INPUT -m owner --socket-exists
ip6tables -F OUTPUT
ip6tables -A OUTPUT -o lo --jump ACCEPT
ip6tables -A OUTPUT -m owner --socket-exists
ip6tables -F costly_shared
ip6tables -A costly_shared --jump penalty_box
ip6tables -A costly_shared -m owner --socket-exists
ip6tables -A costly_shared --jump ACCEPT
ip6tables -N costly_wlan0 
ip6tables -A costly_wlan0 -j penalty_box                      
ip6tables -A costly_wlan0 -m owner --socket-exists            
ip6tables -A costly_wlan0 --jump ACCEPT                       
ip6tables -I INPUT 1 -i wlan0 --goto costly_wlan0
ip6tables -I OUTPUT 1 -o wlan0 --goto costly_wlan0
ip6tables -I costly_wlan0 -m quota2 ! --quota 10000000000 --name wlan0  --jump REJECT --reject-with  icmp6-adm-prohibited
ip6tables -I costly_wlan0 1 -m quota2 ! --quota 10000000000 --name wlan0Alert

If you don't see any error it means all is rigth.

To remove all rules added with previous commands you have to insert these commands:

ip6tables -F                                                  
ip6tables -t raw -F                                           
ip6tables -X
Albert - Triage needs a better understanding of impact. Can you clarify the impact of this bug a bit better with user impact?
Flags: needinfo?(acperez)
(Reporter)

Comment 5

5 years ago
Usage alarms set in costcontrol won't work using the alarms implementation of NetworkStats API. So will be lag between when the threshold is reached and when the user is notified.
Flags: needinfo?(acperez)
Okay - that sounds bad. Blocking on this then.
blocking-b2g: 1.3? → 1.3+
Keywords: regression

Comment 7

5 years ago
(In reply to Albert [:albert] from comment #3)
> (In reply to sync-1 from comment #2)
> > Hi Albert, 
> > I add enabled CONFIG_IPXXXXX follow the comment#1, 
> > Is the following shows right?
> > 
> > Chain INPUT (policy ACCEPT)
> > target     prot opt source               destination        
> > 
> > Chain FORWARD (policy ACCEPT)
> > target     prot opt source               destination        
> > 
> > Chain OUTPUT (policy ACCEPT)
> > target     prot opt source               destination
> 
> Yes, it means that now netfilter for ip6 is enabled. To ensure that all is
> working fine could you try the following commands, please?
> 
> ip6tables -F                                                  
> ip6tables -t raw -F                                           
> ip6tables -X                                                  
> ip6tables -N costly_shared
> ip6tables -N penalty_box
> ip6tables -F INPUT
> ip6tables -A INPUT -i lo --jump ACCEPT 
> ip6tables -A INPUT -m owner --socket-exists
> ip6tables -F OUTPUT
> ip6tables -A OUTPUT -o lo --jump ACCEPT
> ip6tables -A OUTPUT -m owner --socket-exists
> ip6tables -F costly_shared
> ip6tables -A costly_shared --jump penalty_box
> ip6tables -A costly_shared -m owner --socket-exists
> ip6tables -A costly_shared --jump ACCEPT
> ip6tables -N costly_wlan0 
> ip6tables -A costly_wlan0 -j penalty_box                      
> ip6tables -A costly_wlan0 -m owner --socket-exists            
> ip6tables -A costly_wlan0 --jump ACCEPT                       
> ip6tables -I INPUT 1 -i wlan0 --goto costly_wlan0
> ip6tables -I OUTPUT 1 -o wlan0 --goto costly_wlan0
> ip6tables -I costly_wlan0 -m quota2 ! --quota 10000000000 --name wlan0 
> --jump REJECT --reject-with  icmp6-adm-prohibited
> ip6tables -I costly_wlan0 1 -m quota2 ! --quota 10000000000 --name wlan0Alert
> 
> If you don't see any error it means all is rigth.
> 
> To remove all rules added with previous commands you have to insert these
> commands:
> 
> ip6tables -F                                                  
> ip6tables -t raw -F                                           
> ip6tables -X

I try all the command, not get any information.

root@android:/ # ip6tables -F
root@android:/ # ip6tables -t raw -F
root@android:/ # ip6tables -X
root@android:/ # ip6tables -N costly_shared
root@android:/ # ip6tables -N penalty_box
root@android:/ # ip6tables -F INPUT
root@android:/ # ip6tables -A INPUT -i lo --jump ACCEPT 
root@android:/ # ip6tables -A INPUT -m owner --socket-exists
root@android:/ # ip6tables -F OUTPUT
root@android:/ # ip6tables -A OUTPUT -o lo --jump ACCEPT
root@android:/ # ip6tables -A OUTPUT -m owner --socket-exists
root@android:/ # ip6tables -F costly_shared
root@android:/ # ip6tables -A costly_shared --jump penalty_box
root@android:/ # ip6tables -A costly_shared -m owner --socket-exists
root@android:/ # ip6tables -A costly_shared --jump ACCEPT
root@android:/ # ip6tables -N costly_wlan0 
root@android:/ # ip6tables -A costly_wlan0 -j penalty_box 
root@android:/ # ip6tables -A costly_wlan0 -m owner --socket-exists 
root@android:/ # ip6tables -A costly_wlan0 --jump ACCEPT  
root@android:/ # ip6tables -I INPUT 1 -i wlan0 --goto costly_wlan0
root@android:/ # ip6tables -I OUTPUT 1 -o wlan0 --goto costly_wlan0
  --jump REJECT --reject-with  icmp6-adm-prohibited                           <
root@android:/ # 
quota2 ! --quota 10000000000 --name wlan0Alert
(Reporter)

Comment 8

5 years ago
That means all needed modules are enabled because you didn't get errors, so configuration is ok.
Is there anything else that needs to be done with this? Or is this just a kernel config issue?
Flags: needinfo?(acperez)
(Reporter)

Comment 10

5 years ago
There is nothing else to be done, just a kernel config issue.  All vendors will need to make this change in their kernel to make this feature work. We had received a new kernel from Buri manufacturer and it is working fine.
Flags: needinfo?(acperez)
(Reporter)

Updated

5 years ago
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED
Whiteboard: [POVB]

Updated

5 years ago
Duplicate of this bug: 990669
You need to log in before you can comment on or make changes to this bug.