Closed Bug 960974 Opened 11 years ago Closed 11 years ago

[hamachi] NetworkStats Alarms not working.

Categories

(Firefox OS Graveyard :: General, defect)

ARM
Gonk (Firefox OS)
defect
Not set
normal

Tracking

(blocking-b2g:1.3+)

RESOLVED FIXED
blocking-b2g 1.3+

People

(Reporter: albert, Unassigned)

References

Details

(Keywords: regression, Whiteboard: [POVB])

Usage alarms are not working because of netd errors. Usage alarms use netd to set alarms at a given threshold, and netd does it through iptables. The problem is that kernel of hamachi has some iptables netfilter modules disabled for ip6 and alarms can not be set. From logcat: I/Gecko ( 135): Network Worker: Sending 'bandwidth enable' command to netd. E/BandwidthController( 136): runIptablesCmd(): failed /system/bin/ip6tables -F res=768 E/BandwidthController( 136): runIptablesCmd(): failed /system/bin/ip6tables -N costly_shared res=768 E/BandwidthController( 136): runIptablesCmd(): failed /system/bin/ip6tables -F INPUT res=768 E/BandwidthController( 136): runIptablesCmd(): failed /system/bin/ip6tables -A INPUT -i lo --jump ACCEPT res=768 E/BandwidthController( 136): runIptablesCmd(): failed /system/bin/ip6tables -A INPUT -m owner --socket-exists res=768 E/BandwidthController( 136): runIptablesCmd(): failed /system/bin/ip6tables -F OUTPUT res=768 E/BandwidthController( 136): runIptablesCmd(): failed /system/bin/ip6tables -A OUTPUT -o lo --jump ACCEPT res=768 E/BandwidthController( 136): runIptablesCmd(): failed /system/bin/ip6tables -A OUTPUT -m owner --socket-exists res=768 E/BandwidthController( 136): runIptablesCmd(): failed /system/bin/ip6tables -F costly_shared res=768 E/BandwidthController( 136): runIptablesCmd(): failed /system/bin/iptables -A costly_shared --jump penalty_box res=512 E/BandwidthController( 136): runIptablesCmd(): failed /system/bin/ip6tables -A costly_shared --jump penalty_box res=768 E/BandwidthController( 136): runIptablesCmd(): failed /system/bin/ip6tables -A costly_shared -m owner --socket-exists res=768 E/BandwidthController( 136): runIptablesCmd(): failed /system/bin/ip6tables -A costly_shared --jump ACCEPT res=768 An easy way to test if modules are enabled is: adb shell ip6tables -L ip6tables v1.4.11.1: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?) Perhaps ip6tables or your kernel needs to be upgraded.
Modules that must be enabled in the kernel are: CONFIG_IP_NF_RAW CONFIG_IP6_NF_TARGET_LOG CONFIG_IP6_NF_FILTER CONFIG_IP6_NF_MANGLE CONFIG_IP6_NF_TARGET_REJECT CONFIG_IP6_NF_TARGET_REJECT_SKERR CONFIG_IP6_NF_RAW CONFIG_IP6_NF_IPTABLES
Blocks: 858005, 850125
blocking-b2g: --- → 1.3?
Summary: [HAMACHI] NetworkStats Alarms not working. → [hamachi] NetworkStats Alarms not working.
Hi Albert, I add enabled CONFIG_IPXXXXX follow the comment#1, Is the following shows right? Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination
(In reply to sync-1 from comment #2) > Hi Albert, > I add enabled CONFIG_IPXXXXX follow the comment#1, > Is the following shows right? > > Chain INPUT (policy ACCEPT) > target prot opt source destination > > Chain FORWARD (policy ACCEPT) > target prot opt source destination > > Chain OUTPUT (policy ACCEPT) > target prot opt source destination Yes, it means that now netfilter for ip6 is enabled. To ensure that all is working fine could you try the following commands, please? ip6tables -F ip6tables -t raw -F ip6tables -X ip6tables -N costly_shared ip6tables -N penalty_box ip6tables -F INPUT ip6tables -A INPUT -i lo --jump ACCEPT ip6tables -A INPUT -m owner --socket-exists ip6tables -F OUTPUT ip6tables -A OUTPUT -o lo --jump ACCEPT ip6tables -A OUTPUT -m owner --socket-exists ip6tables -F costly_shared ip6tables -A costly_shared --jump penalty_box ip6tables -A costly_shared -m owner --socket-exists ip6tables -A costly_shared --jump ACCEPT ip6tables -N costly_wlan0 ip6tables -A costly_wlan0 -j penalty_box ip6tables -A costly_wlan0 -m owner --socket-exists ip6tables -A costly_wlan0 --jump ACCEPT ip6tables -I INPUT 1 -i wlan0 --goto costly_wlan0 ip6tables -I OUTPUT 1 -o wlan0 --goto costly_wlan0 ip6tables -I costly_wlan0 -m quota2 ! --quota 10000000000 --name wlan0 --jump REJECT --reject-with icmp6-adm-prohibited ip6tables -I costly_wlan0 1 -m quota2 ! --quota 10000000000 --name wlan0Alert If you don't see any error it means all is rigth. To remove all rules added with previous commands you have to insert these commands: ip6tables -F ip6tables -t raw -F ip6tables -X
Albert - Triage needs a better understanding of impact. Can you clarify the impact of this bug a bit better with user impact?
Flags: needinfo?(acperez)
Usage alarms set in costcontrol won't work using the alarms implementation of NetworkStats API. So will be lag between when the threshold is reached and when the user is notified.
Flags: needinfo?(acperez)
Okay - that sounds bad. Blocking on this then.
blocking-b2g: 1.3? → 1.3+
Keywords: regression
(In reply to Albert [:albert] from comment #3) > (In reply to sync-1 from comment #2) > > Hi Albert, > > I add enabled CONFIG_IPXXXXX follow the comment#1, > > Is the following shows right? > > > > Chain INPUT (policy ACCEPT) > > target prot opt source destination > > > > Chain FORWARD (policy ACCEPT) > > target prot opt source destination > > > > Chain OUTPUT (policy ACCEPT) > > target prot opt source destination > > Yes, it means that now netfilter for ip6 is enabled. To ensure that all is > working fine could you try the following commands, please? > > ip6tables -F > ip6tables -t raw -F > ip6tables -X > ip6tables -N costly_shared > ip6tables -N penalty_box > ip6tables -F INPUT > ip6tables -A INPUT -i lo --jump ACCEPT > ip6tables -A INPUT -m owner --socket-exists > ip6tables -F OUTPUT > ip6tables -A OUTPUT -o lo --jump ACCEPT > ip6tables -A OUTPUT -m owner --socket-exists > ip6tables -F costly_shared > ip6tables -A costly_shared --jump penalty_box > ip6tables -A costly_shared -m owner --socket-exists > ip6tables -A costly_shared --jump ACCEPT > ip6tables -N costly_wlan0 > ip6tables -A costly_wlan0 -j penalty_box > ip6tables -A costly_wlan0 -m owner --socket-exists > ip6tables -A costly_wlan0 --jump ACCEPT > ip6tables -I INPUT 1 -i wlan0 --goto costly_wlan0 > ip6tables -I OUTPUT 1 -o wlan0 --goto costly_wlan0 > ip6tables -I costly_wlan0 -m quota2 ! --quota 10000000000 --name wlan0 > --jump REJECT --reject-with icmp6-adm-prohibited > ip6tables -I costly_wlan0 1 -m quota2 ! --quota 10000000000 --name wlan0Alert > > If you don't see any error it means all is rigth. > > To remove all rules added with previous commands you have to insert these > commands: > > ip6tables -F > ip6tables -t raw -F > ip6tables -X I try all the command, not get any information. root@android:/ # ip6tables -F root@android:/ # ip6tables -t raw -F root@android:/ # ip6tables -X root@android:/ # ip6tables -N costly_shared root@android:/ # ip6tables -N penalty_box root@android:/ # ip6tables -F INPUT root@android:/ # ip6tables -A INPUT -i lo --jump ACCEPT root@android:/ # ip6tables -A INPUT -m owner --socket-exists root@android:/ # ip6tables -F OUTPUT root@android:/ # ip6tables -A OUTPUT -o lo --jump ACCEPT root@android:/ # ip6tables -A OUTPUT -m owner --socket-exists root@android:/ # ip6tables -F costly_shared root@android:/ # ip6tables -A costly_shared --jump penalty_box root@android:/ # ip6tables -A costly_shared -m owner --socket-exists root@android:/ # ip6tables -A costly_shared --jump ACCEPT root@android:/ # ip6tables -N costly_wlan0 root@android:/ # ip6tables -A costly_wlan0 -j penalty_box root@android:/ # ip6tables -A costly_wlan0 -m owner --socket-exists root@android:/ # ip6tables -A costly_wlan0 --jump ACCEPT root@android:/ # ip6tables -I INPUT 1 -i wlan0 --goto costly_wlan0 root@android:/ # ip6tables -I OUTPUT 1 -o wlan0 --goto costly_wlan0 --jump REJECT --reject-with icmp6-adm-prohibited < root@android:/ # quota2 ! --quota 10000000000 --name wlan0Alert
That means all needed modules are enabled because you didn't get errors, so configuration is ok.
Is there anything else that needs to be done with this? Or is this just a kernel config issue?
Flags: needinfo?(acperez)
There is nothing else to be done, just a kernel config issue. All vendors will need to make this change in their kernel to make this feature work. We had received a new kernel from Buri manufacturer and it is working fine.
Flags: needinfo?(acperez)
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Whiteboard: [POVB]
You need to log in before you can comment on or make changes to this bug.