• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (C) 2022 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "bandwidth_manager.h"
17 
18 #include <cinttypes>
19 
20 #include "iptables_wrapper.h"
21 #include "net_manager_constants.h"
22 #include "netmanager_base_common_utils.h"
23 #include "netnative_log_wrapper.h"
24 
25 namespace OHOS {
26 namespace nmd {
27 using namespace NetManagerStandard;
28 static constexpr const char *CHAIN_NAME_COSTLY_PTR = "ohbw_costly_";
BandwidthManager()29 BandwidthManager::BandwidthManager() : chainInitFlag_(false), dataSaverEnable_(false) {}
30 
~BandwidthManager()31 BandwidthManager::~BandwidthManager()
32 {
33     DeInitChain();
34 }
35 
CheckChainInitialization()36 inline void BandwidthManager::CheckChainInitialization()
37 {
38     if (chainInitFlag_ == false) {
39         InitChain();
40         InitDefaultRules();
41     }
42 }
43 
FetchChainName(ChainType chain)44 std::string BandwidthManager::FetchChainName(ChainType chain)
45 {
46     NETNATIVE_LOG_D("BandwidthManager FetchChainName: chain=%{public}d", chain);
47     std::string chainName;
48     switch (chain) {
49         case ChainType::CHAIN_OHBW_INPUT:
50             chainName = "ohbw_INPUT";
51             break;
52         case ChainType::CHAIN_OHBW_OUTPUT:
53             chainName = "ohbw_OUTPUT";
54             break;
55         case ChainType::CHAIN_OHBW_FORWARD:
56             chainName = "ohbw_FORWARD";
57             break;
58         case ChainType::CHAIN_OHBW_DENIED_LIST_BOX:
59             chainName = "ohbw_denied_list_box";
60             break;
61         case ChainType::CHAIN_OHBW_ALLOWED_LIST_BOX:
62             chainName = "ohbw_allowed_list_box";
63             break;
64         case ChainType::CHAIN_OHBW_GLOBAL_ALERT:
65             chainName = "ohbw_global_alert";
66             break;
67         case ChainType::CHAIN_OHBW_COSTLY_SHARED:
68             chainName = "ohbw_costly_shared";
69             break;
70         case ChainType::CHAIN_OHBW_DATA_SAVER:
71             chainName = "ohbw_data_saver";
72             break;
73         default:
74             chainName = "oh_unusable";
75             break;
76     }
77     return chainName;
78 }
79 
InitChain()80 int32_t BandwidthManager::InitChain()
81 {
82     NETNATIVE_LOG_D("BandwidthManager InitChain");
83     bool hasError = false;
84     hasError = (IptablesNewChain(ChainType::CHAIN_OHBW_INPUT) == NETMANAGER_ERROR) ||
85                (IptablesNewChain(ChainType::CHAIN_OHBW_OUTPUT) == NETMANAGER_ERROR) ||
86                (IptablesNewChain(ChainType::CHAIN_OHBW_FORWARD) == NETMANAGER_ERROR) ||
87                (IptablesNewChain(ChainType::CHAIN_OHBW_DENIED_LIST_BOX) == NETMANAGER_ERROR) ||
88                (IptablesNewChain(ChainType::CHAIN_OHBW_ALLOWED_LIST_BOX) == NETMANAGER_ERROR) ||
89                (IptablesNewChain(ChainType::CHAIN_OHBW_GLOBAL_ALERT) == NETMANAGER_ERROR) ||
90                (IptablesNewChain(ChainType::CHAIN_OHBW_COSTLY_SHARED) == NETMANAGER_ERROR) ||
91                (IptablesNewChain(ChainType::CHAIN_OHBW_DATA_SAVER) == NETMANAGER_ERROR);
92     chainInitFlag_ = true;
93     return hasError ? NETMANAGER_ERROR : NETMANAGER_SUCCESS;
94 }
95 
DeInitChain()96 int32_t BandwidthManager::DeInitChain()
97 {
98     NETNATIVE_LOG_D("BandwidthManager DeInitChain");
99     bool hasError = false;
100     hasError = (IptablesDeleteChain(ChainType::CHAIN_OHBW_INPUT) == NETMANAGER_ERROR) ||
101                (IptablesDeleteChain(ChainType::CHAIN_OHBW_OUTPUT) == NETMANAGER_ERROR) ||
102                (IptablesDeleteChain(ChainType::CHAIN_OHBW_FORWARD) == NETMANAGER_ERROR) ||
103                (IptablesDeleteChain(ChainType::CHAIN_OHBW_DENIED_LIST_BOX) == NETMANAGER_ERROR) ||
104                (IptablesDeleteChain(ChainType::CHAIN_OHBW_ALLOWED_LIST_BOX) == NETMANAGER_ERROR) ||
105                (IptablesDeleteChain(ChainType::CHAIN_OHBW_GLOBAL_ALERT) == NETMANAGER_ERROR) ||
106                (IptablesDeleteChain(ChainType::CHAIN_OHBW_COSTLY_SHARED) == NETMANAGER_ERROR) ||
107                (IptablesDeleteChain(ChainType::CHAIN_OHBW_DATA_SAVER) == NETMANAGER_ERROR);
108     chainInitFlag_ = false;
109     return hasError ? NETMANAGER_ERROR : NETMANAGER_SUCCESS;
110 }
111 
InitDefaultBwChainRules()112 int32_t BandwidthManager::InitDefaultBwChainRules()
113 {
114     bool hasError = false;
115     std::string command;
116     std::string chainName;
117     std::string fChainName;
118 
119     // -A INPUT -j ohbw_INPUT
120     // -A OUTPUT -j ohbw_OUTPUT
121     chainName = FetchChainName(ChainType::CHAIN_OHBW_INPUT);
122     command = "-t filter -A INPUT -j " + chainName;
123     hasError = hasError ||
124                (DelayedSingleton<IptablesWrapper>::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR);
125     chainName = FetchChainName(ChainType::CHAIN_OHBW_OUTPUT);
126     command = "-t filter -A OUTPUT -j " + chainName;
127     hasError = hasError ||
128                (DelayedSingleton<IptablesWrapper>::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR);
129     // -A ohbw_INPUT -p esp -j RETURN
130     // -A ohbw_INPUT -m mark --mark 0x100000/0x100000 -j RETURN
131     chainName = FetchChainName(ChainType::CHAIN_OHBW_INPUT);
132     command = "-t filter -A " + chainName + " -p esp -j RETURN";
133     hasError = hasError ||
134                (DelayedSingleton<IptablesWrapper>::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR);
135     command =
136         "-t filter -A " + FetchChainName(ChainType::CHAIN_OHBW_INPUT) + " -m mark --mark 0x100000/0x100000 -j RETURN";
137     hasError = hasError ||
138                (DelayedSingleton<IptablesWrapper>::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR);
139 
140     return hasError ? NETMANAGER_ERROR : NETMANAGER_SUCCESS;
141 }
142 
InitDefaultListBoxChainRules()143 int32_t BandwidthManager::InitDefaultListBoxChainRules()
144 {
145     bool hasError = false;
146     std::string command;
147     std::string chainName;
148     std::string fChainName;
149 
150     // -A ohbw_OUPUT -j ohbw_denied_list_box
151     // -A ohbw_denied_list_box -j ohbw_allowed_list_box
152     // -A ohbw_allowed_list_box -j ohbw_data_saver
153     // -A ohbw_data_saver -j RETURN
154     fChainName = FetchChainName(ChainType::CHAIN_OHBW_DENIED_LIST_BOX);
155     chainName = FetchChainName(ChainType::CHAIN_OHBW_ALLOWED_LIST_BOX);
156     command = "-t filter -A " + fChainName + " -j " + chainName;
157     hasError = hasError ||
158                (DelayedSingleton<IptablesWrapper>::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR);
159     fChainName = FetchChainName(ChainType::CHAIN_OHBW_ALLOWED_LIST_BOX);
160     chainName = FetchChainName(ChainType::CHAIN_OHBW_DATA_SAVER);
161     command = "-t filter -A " + fChainName + " -j " + chainName;
162     hasError = hasError ||
163                (DelayedSingleton<IptablesWrapper>::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR);
164     chainName = FetchChainName(ChainType::CHAIN_OHBW_DATA_SAVER);
165     command = "-t filter -A " + chainName + " -j RETURN";
166     hasError = hasError ||
167                (DelayedSingleton<IptablesWrapper>::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR);
168 
169     return hasError ? NETMANAGER_ERROR : NETMANAGER_SUCCESS;
170 }
171 
InitDefaultAlertChainRules()172 int32_t BandwidthManager::InitDefaultAlertChainRules()
173 {
174     bool hasError = false;
175     std::string command;
176     std::string chainName;
177     std::string fChainName;
178 
179     // -A ohbw_INPUT -j ohbw_global_alert
180     // -A ohbw_OUTPUT -j ohbw_global_alert
181     fChainName = FetchChainName(ChainType::CHAIN_OHBW_INPUT);
182     chainName = FetchChainName(ChainType::CHAIN_OHBW_GLOBAL_ALERT);
183     command = "-t filter -A " + fChainName + " -j " + chainName;
184     hasError = hasError ||
185                (DelayedSingleton<IptablesWrapper>::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR);
186     fChainName = FetchChainName(ChainType::CHAIN_OHBW_OUTPUT);
187     chainName = FetchChainName(ChainType::CHAIN_OHBW_GLOBAL_ALERT);
188     command = "-t filter -A " + fChainName + " -j " + chainName;
189     hasError = hasError ||
190                (DelayedSingleton<IptablesWrapper>::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR);
191 
192     return hasError ? NETMANAGER_ERROR : NETMANAGER_SUCCESS;
193 }
194 
InitDefaultRules()195 int32_t BandwidthManager::InitDefaultRules()
196 {
197     NETNATIVE_LOG_D("BandwidthManager InitDefaultRules");
198     bool hasError = false;
199     hasError = (InitDefaultBwChainRules() == NETMANAGER_ERROR) ||
200                (InitDefaultListBoxChainRules() == NETMANAGER_ERROR) ||
201                (InitDefaultAlertChainRules() == NETMANAGER_ERROR);
202 
203     return hasError ? NETMANAGER_ERROR : NETMANAGER_SUCCESS;
204 }
205 
IptablesNewChain(ChainType chain)206 int32_t BandwidthManager::IptablesNewChain(ChainType chain)
207 {
208     NETNATIVE_LOG_D("BandwidthManager NewChain: chain=%{public}d", chain);
209     std::string command = "-t filter -N " + FetchChainName(chain);
210     return DelayedSingleton<IptablesWrapper>::GetInstance()->RunCommand(IPTYPE_IPV4, command);
211 }
212 
IptablesNewChain(const std::string & chainName)213 int32_t BandwidthManager::IptablesNewChain(const std::string &chainName)
214 {
215     NETNATIVE_LOG_D("BandwidthManager NewChain: chain=%{public}s", chainName.c_str());
216     std::string command = "-t filter -N " + chainName;
217     return DelayedSingleton<IptablesWrapper>::GetInstance()->RunCommand(IPTYPE_IPV4, command);
218 }
219 
IptablesDeleteChain(ChainType chain)220 int32_t BandwidthManager::IptablesDeleteChain(ChainType chain)
221 {
222     NETNATIVE_LOG_D("BandwidthManager DeleteChain: chain=%{public}d", chain);
223     bool hasError = false;
224     std::string command = "-t filter -F " + FetchChainName(chain);
225     hasError = hasError ||
226                (DelayedSingleton<IptablesWrapper>::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR);
227     command = "-t filter -X " + FetchChainName(chain);
228     hasError = hasError ||
229                (DelayedSingleton<IptablesWrapper>::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR);
230     return hasError ? NETMANAGER_ERROR : NETMANAGER_SUCCESS;
231 }
232 
IptablesDeleteChain(const std::string & chainName)233 int32_t BandwidthManager::IptablesDeleteChain(const std::string &chainName)
234 {
235     NETNATIVE_LOG_D("BandwidthManager DeleteChain: chain=%{public}s", chainName.c_str());
236     bool hasError = false;
237     std::string command = "-t filter -F " + chainName;
238     hasError = hasError ||
239                (DelayedSingleton<IptablesWrapper>::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR);
240     command = "-t filter -X " + chainName;
241     hasError = hasError ||
242                (DelayedSingleton<IptablesWrapper>::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR);
243     return hasError ? NETMANAGER_ERROR : NETMANAGER_SUCCESS;
244 }
245 
SetGlobalAlert(Operate operate,int64_t bytes)246 int32_t BandwidthManager::SetGlobalAlert(Operate operate, int64_t bytes)
247 {
248     NETNATIVE_LOG_D("BandwidthManager SetGlobalAlert: operate=%{public}d, bytes=%{public}" PRId64, operate, bytes);
249     bool hasError = false;
250     std::string command;
251     std::string chainName = FetchChainName(ChainType::CHAIN_OHBW_GLOBAL_ALERT);
252     if (operate == OP_SET) {
253         globalAlertBytes_ = bytes;
254         command = "-t filter -A " + chainName + " -m quota2 --quota " + std::to_string(bytes) + " --name globalAlert";
255         hasError = hasError || (DelayedSingleton<IptablesWrapper>::GetInstance()->RunCommand(IPTYPE_IPV4, command) ==
256                                 NETMANAGER_ERROR);
257     } else {
258         if (bytes == globalAlertBytes_) {
259             command =
260                 "-t filter -D " + chainName + " -m quota --quota " + std::to_string(bytes) + " --name globalAlert";
261             hasError = hasError || (DelayedSingleton<IptablesWrapper>::GetInstance()->RunCommand(
262                 IPTYPE_IPV4, command) == NETMANAGER_ERROR);
263             globalAlertBytes_ = 0;
264         } else {
265             NETNATIVE_LOGE("not match bytes, cannot remove global alert");
266             return NETMANAGER_ERROR;
267         }
268     }
269 
270     return hasError ? NETMANAGER_ERROR : NETMANAGER_SUCCESS;
271 }
272 
SetCostlyAlert(Operate operate,const std::string & iface,int64_t bytes)273 int32_t BandwidthManager::SetCostlyAlert(Operate operate, const std::string &iface, int64_t bytes)
274 {
275     NETNATIVE_LOG_D("BandwidthManager SetCostlyAlert: operate=%{public}d, iface=%{public}s, bytes=%{public}" PRId64,
276                     operate, iface.c_str(), bytes);
277     bool hasError = false;
278     std::string command;
279     std::string chainName = std::string(CHAIN_NAME_COSTLY_PTR) + iface + "alert";
280     if (operate == OP_SET) {
281         ifaceAlertBytes_[iface] = bytes;
282         command =
283             "-t filter -A " + chainName + " -m quota2 --quota " + std::to_string(bytes) + " --name " + iface + "Alert";
284         hasError = hasError || (DelayedSingleton<IptablesWrapper>::GetInstance()->RunCommand(IPTYPE_IPV4, command) ==
285                                 NETMANAGER_ERROR);
286     } else {
287         if (bytes == ifaceAlertBytes_[iface]) {
288             command = "-t filter -D " + chainName + " -m quota2 --quota " + std::to_string(bytes) + " --name " + iface +
289                       "Alert";
290             hasError = hasError || (DelayedSingleton<IptablesWrapper>::GetInstance()->RunCommand(
291                 IPTYPE_IPV4, command) == NETMANAGER_ERROR);
292             ifaceAlertBytes_[iface] = 0;
293         } else {
294             NETNATIVE_LOGE("not match bytes, cannot remove global alert");
295             return NETMANAGER_ERROR;
296         }
297     }
298 
299     return hasError ? NETMANAGER_ERROR : NETMANAGER_SUCCESS;
300 }
301 
EnableDataSaver(bool enable)302 int32_t BandwidthManager::EnableDataSaver(bool enable)
303 {
304     NETNATIVE_LOG_D("BandwidthManager EnableDataSaver: enable=%{public}d", enable);
305     bool hasError = false;
306     std::unique_lock<std::mutex> lock(bandwidthMutex_);
307     CheckChainInitialization();
308 
309     std::string command;
310     std::string chainName = FetchChainName(ChainType::CHAIN_OHBW_DATA_SAVER);
311     if (enable == true && dataSaverEnable_ == false) {
312         dataSaverEnable_ = true;
313         command = "-t filter -R " + chainName + " 1 -j REJECT";
314         hasError = hasError || (DelayedSingleton<IptablesWrapper>::GetInstance()->RunCommand(IPTYPE_IPV4, command) ==
315                                 NETMANAGER_ERROR);
316         command = "-t filter -I " + chainName + " -m owner --uid-owner 0-9999 -j RETURN";
317         hasError = hasError || (DelayedSingleton<IptablesWrapper>::GetInstance()->RunCommand(IPTYPE_IPV4, command) ==
318                                 NETMANAGER_ERROR);
319     } else if (enable == false && dataSaverEnable_ == true) {
320         dataSaverEnable_ = false;
321         command = "-t filter -D " + chainName + " -m owner --uid-owner 0-9999 -j RETURN";
322         hasError = hasError || (DelayedSingleton<IptablesWrapper>::GetInstance()->RunCommand(IPTYPE_IPV4, command) ==
323                                 NETMANAGER_ERROR);
324         command = "-t filter -R " + chainName + " 1 -j RETURN";
325         hasError = hasError || (DelayedSingleton<IptablesWrapper>::GetInstance()->RunCommand(IPTYPE_IPV4, command) ==
326                                 NETMANAGER_ERROR);
327     } else {
328         NETNATIVE_LOGE("DataSaver is already %{public}s, do not repeat", enable == true ? "true" : "false");
329         return NETMANAGER_ERROR;
330     }
331 
332     return hasError ? NETMANAGER_ERROR : NETMANAGER_SUCCESS;
333 }
334 
SetIfaceQuota(const std::string & ifName,int64_t bytes)335 int32_t BandwidthManager::SetIfaceQuota(const std::string &ifName, int64_t bytes)
336 {
337     if (!CommonUtils::CheckIfaceName(ifName)) {
338         NETNATIVE_LOGE("iface name valid check fail: %{public}s", ifName.c_str());
339         return NETMANAGER_ERROR;
340     }
341     NETNATIVE_LOG_D("BandwidthManager SetIfaceQuota: ifName=%{public}s, bytes=%{public}" PRId64, ifName.c_str(), bytes);
342     bool hasError = false;
343     std::unique_lock<std::mutex> lock(bandwidthMutex_);
344     CheckChainInitialization();
345 
346     std::string command;
347     std::string chainName = std::string(CHAIN_NAME_COSTLY_PTR) + ifName;
348     std::string fChainName;
349     std::string strMaxBytes = std::to_string(bytes);
350 
351     if (ifaceQuotaBytes_.count(ifName) > 0) {
352         // -R ohbw_costly_iface 1 -m quota2 ! --quota 12345 --name iface -j REJECT
353         command = "-t filter -D " + chainName + " -m quota2 ! --quota " + std::to_string(ifaceQuotaBytes_[ifName]) +
354                   " --name " + ifName + " --jump REJECT";
355         hasError = hasError || (DelayedSingleton<IptablesWrapper>::GetInstance()->RunCommand(IPTYPE_IPV4, command) ==
356                                 NETMANAGER_ERROR);
357         command = "-t filter -A " + chainName + " -m quota2 ! --quota " + strMaxBytes + " --name " + ifName +
358                   " --jump REJECT";
359         hasError = hasError || (DelayedSingleton<IptablesWrapper>::GetInstance()->RunCommand(IPTYPE_IPV4, command) ==
360                                 NETMANAGER_ERROR);
361         ifaceQuotaBytes_[ifName] = bytes;
362         return NETMANAGER_SUCCESS;
363     }
364     hasError = hasError || (IptablesNewChain(chainName) == NETMANAGER_ERROR);
365     ifaceQuotaBytes_[ifName] = bytes;
366 
367     fChainName = FetchChainName(ChainType::CHAIN_OHBW_OUTPUT);
368     std::string cChainName = FetchChainName(ChainType::CHAIN_OHBW_DENIED_LIST_BOX);
369     command = "-t filter -A " + fChainName + " -o " + ifName + " -j " + cChainName;
370     hasError = hasError ||
371                (DelayedSingleton<IptablesWrapper>::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR);
372 
373     // -I ohbw_INPUT -i iface -j ohbw_costly_iface
374     fChainName = FetchChainName(ChainType::CHAIN_OHBW_INPUT);
375     command = "-t filter -I " + fChainName + " -i " + ifName + " --jump " + chainName;
376     hasError = hasError ||
377                (DelayedSingleton<IptablesWrapper>::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR);
378     // -I ohbw_OUTPUT -o iface -j ohbw_costly_iface
379     fChainName = FetchChainName(ChainType::CHAIN_OHBW_OUTPUT);
380     command = "-t filter -I " + fChainName + " -o " + ifName + " --jump " + chainName;
381     hasError = hasError ||
382                (DelayedSingleton<IptablesWrapper>::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR);
383     // -A ohbw_FORWARD -i iface -j ohbw_costly_iface
384     // -A ohbw_FORWARD -o iface -j ohbw_costly_iface
385     fChainName = FetchChainName(ChainType::CHAIN_OHBW_FORWARD);
386     command = "-t filter -A " + fChainName + " -i " + ifName + " --jump " + chainName;
387     hasError = hasError ||
388                (DelayedSingleton<IptablesWrapper>::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR);
389     command = "-t filter -A " + fChainName + " -o " + ifName + " --jump " + chainName;
390     hasError = hasError ||
391                (DelayedSingleton<IptablesWrapper>::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR);
392     // -A ohbw_costly_iface -m quota2 ! --quota 12345 --name iface -j REJECT
393     command =
394         "-t filter -A " + chainName + " -m quota2 ! --quota " + strMaxBytes + " --name " + ifName + " --jump REJECT";
395     hasError = hasError ||
396                (DelayedSingleton<IptablesWrapper>::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR);
397 
398     return hasError ? NETMANAGER_ERROR : NETMANAGER_SUCCESS;
399 }
400 
RemoveIfaceQuota(const std::string & ifName)401 int32_t BandwidthManager::RemoveIfaceQuota(const std::string &ifName)
402 {
403     if (!CommonUtils::CheckIfaceName(ifName)) {
404         NETNATIVE_LOGE("iface name valid check fail: %{public}s", ifName.c_str());
405         return NETMANAGER_ERROR;
406     }
407     NETNATIVE_LOG_D("BandwidthManager RemoveIfaceQuota: ifName=%{public}s", ifName.c_str());
408     bool hasError = false;
409     std::unique_lock<std::mutex> lock(bandwidthMutex_);
410     CheckChainInitialization();
411 
412     std::string command;
413     std::string chainName = std::string(CHAIN_NAME_COSTLY_PTR) + ifName;
414     std::string fChainName;
415 
416     if (ifaceQuotaBytes_.count(ifName) == 0) {
417         NETNATIVE_LOGE("RemoveIfaceQuota iface %s not exist, can not remove", ifName.c_str());
418         return NETMANAGER_ERROR;
419     } else {
420         ifaceQuotaBytes_.erase(ifName);
421     }
422 
423     fChainName = FetchChainName(ChainType::CHAIN_OHBW_OUTPUT);
424     std::string cChainName = FetchChainName(ChainType::CHAIN_OHBW_DENIED_LIST_BOX);
425     command = "-t filter -D " + fChainName + " -o " + ifName + " -j " + cChainName;
426     hasError = hasError ||
427                (DelayedSingleton<IptablesWrapper>::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR);
428 
429     // -D ohbw_INPUT -i iface -j ohbw_costly_iface
430     fChainName = FetchChainName(ChainType::CHAIN_OHBW_INPUT);
431     command = "-t filter -D " + fChainName + " -i " + ifName + " --jump " + chainName;
432     hasError = hasError ||
433                (DelayedSingleton<IptablesWrapper>::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR);
434     // -D ohbw_OUTPUT -o iface -j ohbw_costly_iface
435     fChainName = FetchChainName(ChainType::CHAIN_OHBW_OUTPUT);
436     command = "-t filter -D " + fChainName + " -o " + ifName + " --jump " + chainName;
437     hasError = hasError ||
438                (DelayedSingleton<IptablesWrapper>::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR);
439     // -D ohbw_FORWARD -i iface -j ohbw_costly_iface
440     // -D ohbw_FORWARD -o iface -j ohbw_costly_iface
441     fChainName = FetchChainName(ChainType::CHAIN_OHBW_FORWARD);
442     command = "-t filter -D " + fChainName + " -i " + ifName + " --jump " + chainName;
443     hasError = hasError ||
444                (DelayedSingleton<IptablesWrapper>::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR);
445     command = "-t filter -D " + fChainName + " -o " + ifName + " --jump " + chainName;
446     hasError = hasError ||
447                (DelayedSingleton<IptablesWrapper>::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR);
448     // -F ohbw_costly_iface
449     // -X ohbw_costly_iface
450     hasError = hasError || (IptablesDeleteChain(chainName) == NETMANAGER_ERROR);
451 
452     return hasError ? NETMANAGER_ERROR : NETMANAGER_SUCCESS;
453 }
454 
AddDeniedList(uint32_t uid)455 int32_t BandwidthManager::AddDeniedList(uint32_t uid)
456 {
457     NETNATIVE_LOG_D("BandwidthManager AddDeniedList: uid=%{public}d", uid);
458     std::unique_lock<std::mutex> lock(bandwidthMutex_);
459     CheckChainInitialization();
460 
461     if (std::find(deniedListUids_.begin(), deniedListUids_.end(), uid) != deniedListUids_.end()) {
462         NETNATIVE_LOGE("DeniedList uid exist, do not repeat");
463         return NETMANAGER_ERROR;
464     } else {
465         deniedListUids_.push_back(uid);
466     }
467 
468     std::string strUid = std::to_string(uid);
469     std::string command;
470     std::string chainName = FetchChainName(ChainType::CHAIN_OHBW_DENIED_LIST_BOX);
471     command = "-t filter -I " + chainName + " -m owner --uid-owner " + strUid + " -j REJECT";
472 
473     return DelayedSingleton<IptablesWrapper>::GetInstance()->RunCommand(IPTYPE_IPV4, command);
474 }
475 
RemoveDeniedList(uint32_t uid)476 int32_t BandwidthManager::RemoveDeniedList(uint32_t uid)
477 {
478     NETNATIVE_LOG_D("BandwidthManager RemoveDeniedList: uid=%{public}d", uid);
479     std::unique_lock<std::mutex> lock(bandwidthMutex_);
480     CheckChainInitialization();
481 
482     std::vector<uint32_t>::iterator iter = std::find(deniedListUids_.begin(), deniedListUids_.end(), uid);
483     if (iter == deniedListUids_.end()) {
484         NETNATIVE_LOGE("AllowedList uid is not exist, can not remove");
485         return NETMANAGER_ERROR;
486     }
487     deniedListUids_.erase(iter);
488 
489     std::string strUid = std::to_string(uid);
490     std::string command;
491     std::string chainName = FetchChainName(ChainType::CHAIN_OHBW_DENIED_LIST_BOX);
492     command = "-t filter -D " + chainName + " -m owner --uid-owner " + strUid + " -j REJECT";
493 
494     return DelayedSingleton<IptablesWrapper>::GetInstance()->RunCommand(IPTYPE_IPV4, command);
495 }
496 
AddAllowedList(uint32_t uid)497 int32_t BandwidthManager::AddAllowedList(uint32_t uid)
498 {
499     NETNATIVE_LOG_D("BandwidthManager AddAllowedList: uid=%{public}d", uid);
500     std::unique_lock<std::mutex> lock(bandwidthMutex_);
501     CheckChainInitialization();
502 
503     if (std::find(allowedListUids_.begin(), allowedListUids_.end(), uid) != allowedListUids_.end()) {
504         NETNATIVE_LOGE("AllowedList uid exist, do not repeat");
505         return NETMANAGER_ERROR;
506     } else {
507         allowedListUids_.push_back(uid);
508     }
509 
510     std::string strUid = std::to_string(uid);
511     std::string command;
512     std::string chainName = FetchChainName(ChainType::CHAIN_OHBW_ALLOWED_LIST_BOX);
513     command = "-t filter -I " + chainName + " -m owner --uid-owner " + strUid + " -j RETURN";
514 
515     return DelayedSingleton<IptablesWrapper>::GetInstance()->RunCommand(IPTYPE_IPV4, command);
516 }
517 
RemoveAllowedList(uint32_t uid)518 int32_t BandwidthManager::RemoveAllowedList(uint32_t uid)
519 {
520     NETNATIVE_LOG_D("BandwidthManager RemoveAllowedList: uid=%{public}d", uid);
521     std::unique_lock<std::mutex> lock(bandwidthMutex_);
522     CheckChainInitialization();
523 
524     std::vector<uint32_t>::iterator iter = std::find(allowedListUids_.begin(), allowedListUids_.end(), uid);
525     if (iter == allowedListUids_.end()) {
526         NETNATIVE_LOGE("AllowedList uid exist, can not remove");
527         return NETMANAGER_ERROR;
528     } else {
529         allowedListUids_.erase(iter);
530     }
531 
532     std::string strUid = std::to_string(uid);
533 
534     std::string command;
535     std::string chainName = FetchChainName(ChainType::CHAIN_OHBW_ALLOWED_LIST_BOX);
536     command = "-t filter -D " + chainName + " -m owner --uid-owner " + strUid + " -j RETURN";
537 
538     return DelayedSingleton<IptablesWrapper>::GetInstance()->RunCommand(IPTYPE_IPV4, command);
539 }
540 } // namespace nmd
541 } // namespace OHOS
542