1 /*
2 * Copyright (C) 2022-2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "bandwidth_manager.h"
17
18 #include <cinttypes>
19
20 #include "iptables_wrapper.h"
21 #include "net_manager_constants.h"
22 #include "netmanager_base_common_utils.h"
23 #include "netnative_log_wrapper.h"
24
25 namespace OHOS {
26 namespace nmd {
27 using namespace NetManagerStandard;
28 static constexpr const char *CHAIN_NAME_COSTLY_PTR = "ohbw_costly_";
BandwidthManager()29 BandwidthManager::BandwidthManager() : chainInitFlag_(false), dataSaverEnable_(false) {}
30
~BandwidthManager()31 BandwidthManager::~BandwidthManager()
32 {
33 DeInitChain();
34 }
35
CheckChainInitialization()36 inline void BandwidthManager::CheckChainInitialization()
37 {
38 if (chainInitFlag_ == false) {
39 InitChain();
40 InitDefaultRules();
41 }
42 }
43
FetchChainName(ChainType chain)44 std::string BandwidthManager::FetchChainName(ChainType chain)
45 {
46 NETNATIVE_LOG_D("BandwidthManager FetchChainName: chain=%{public}d", chain);
47 std::string chainName;
48 switch (chain) {
49 case ChainType::CHAIN_OHBW_INPUT:
50 chainName = "ohbw_INPUT";
51 break;
52 case ChainType::CHAIN_OHBW_OUTPUT:
53 chainName = "ohbw_OUTPUT";
54 break;
55 case ChainType::CHAIN_OHBW_FORWARD:
56 chainName = "ohbw_FORWARD";
57 break;
58 case ChainType::CHAIN_OHBW_DENIED_LIST_BOX:
59 chainName = "ohbw_denied_list_box";
60 break;
61 case ChainType::CHAIN_OHBW_ALLOWED_LIST_BOX:
62 chainName = "ohbw_allowed_list_box";
63 break;
64 case ChainType::CHAIN_OHBW_GLOBAL_ALERT:
65 chainName = "ohbw_global_alert";
66 break;
67 case ChainType::CHAIN_OHBW_COSTLY_SHARED:
68 chainName = "ohbw_costly_shared";
69 break;
70 case ChainType::CHAIN_OHBW_DATA_SAVER:
71 chainName = "ohbw_data_saver";
72 break;
73 default:
74 chainName = "oh_unusable";
75 break;
76 }
77 return chainName;
78 }
79
InitChain()80 int32_t BandwidthManager::InitChain()
81 {
82 NETNATIVE_LOG_D("BandwidthManager InitChain");
83 bool hasError = false;
84 hasError = (IptablesNewChain(ChainType::CHAIN_OHBW_INPUT) == NETMANAGER_ERROR) ||
85 (IptablesNewChain(ChainType::CHAIN_OHBW_OUTPUT) == NETMANAGER_ERROR) ||
86 (IptablesNewChain(ChainType::CHAIN_OHBW_FORWARD) == NETMANAGER_ERROR) ||
87 (IptablesNewChain(ChainType::CHAIN_OHBW_DENIED_LIST_BOX) == NETMANAGER_ERROR) ||
88 (IptablesNewChain(ChainType::CHAIN_OHBW_ALLOWED_LIST_BOX) == NETMANAGER_ERROR) ||
89 (IptablesNewChain(ChainType::CHAIN_OHBW_GLOBAL_ALERT) == NETMANAGER_ERROR) ||
90 (IptablesNewChain(ChainType::CHAIN_OHBW_COSTLY_SHARED) == NETMANAGER_ERROR) ||
91 (IptablesNewChain(ChainType::CHAIN_OHBW_DATA_SAVER) == NETMANAGER_ERROR);
92 chainInitFlag_ = true;
93 return hasError ? NETMANAGER_ERROR : NETMANAGER_SUCCESS;
94 }
95
DeInitChain()96 int32_t BandwidthManager::DeInitChain()
97 {
98 NETNATIVE_LOG_D("BandwidthManager DeInitChain");
99 bool hasError = false;
100 hasError = (IptablesDeleteChain(ChainType::CHAIN_OHBW_INPUT) == NETMANAGER_ERROR) ||
101 (IptablesDeleteChain(ChainType::CHAIN_OHBW_OUTPUT) == NETMANAGER_ERROR) ||
102 (IptablesDeleteChain(ChainType::CHAIN_OHBW_FORWARD) == NETMANAGER_ERROR) ||
103 (IptablesDeleteChain(ChainType::CHAIN_OHBW_DENIED_LIST_BOX) == NETMANAGER_ERROR) ||
104 (IptablesDeleteChain(ChainType::CHAIN_OHBW_ALLOWED_LIST_BOX) == NETMANAGER_ERROR) ||
105 (IptablesDeleteChain(ChainType::CHAIN_OHBW_GLOBAL_ALERT) == NETMANAGER_ERROR) ||
106 (IptablesDeleteChain(ChainType::CHAIN_OHBW_COSTLY_SHARED) == NETMANAGER_ERROR) ||
107 (IptablesDeleteChain(ChainType::CHAIN_OHBW_DATA_SAVER) == NETMANAGER_ERROR);
108 chainInitFlag_ = false;
109 return hasError ? NETMANAGER_ERROR : NETMANAGER_SUCCESS;
110 }
111
InitDefaultBwChainRules()112 int32_t BandwidthManager::InitDefaultBwChainRules()
113 {
114 bool hasError = false;
115 std::string command;
116 std::string chainName;
117
118 // -A INPUT -j ohbw_INPUT
119 // -A OUTPUT -j ohbw_OUTPUT
120 chainName = FetchChainName(ChainType::CHAIN_OHBW_INPUT);
121 command = "-t filter -A INPUT -j " + chainName;
122 hasError = hasError ||
123 (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR);
124 chainName = FetchChainName(ChainType::CHAIN_OHBW_OUTPUT);
125 command = "-t filter -A OUTPUT -j " + chainName;
126 hasError = hasError ||
127 (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR);
128 // -A ohbw_INPUT -p esp -j RETURN
129 // -A ohbw_INPUT -m mark --mark 0x100000/0x100000 -j RETURN
130 chainName = FetchChainName(ChainType::CHAIN_OHBW_INPUT);
131 command = "-t filter -A " + chainName + " -p esp -j RETURN";
132 hasError = hasError ||
133 (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR);
134 command =
135 "-t filter -A " + FetchChainName(ChainType::CHAIN_OHBW_INPUT) + " -m mark --mark 0x100000/0x100000 -j RETURN";
136 hasError = hasError ||
137 (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR);
138
139 return hasError ? NETMANAGER_ERROR : NETMANAGER_SUCCESS;
140 }
141
InitDefaultListBoxChainRules()142 int32_t BandwidthManager::InitDefaultListBoxChainRules()
143 {
144 bool hasError = false;
145 std::string command;
146 std::string chainName;
147 std::string fChainName;
148
149 // -A ohbw_OUPUT -j ohbw_denied_list_box
150 // -A ohbw_denied_list_box -j ohbw_allowed_list_box
151 // -A ohbw_allowed_list_box -j ohbw_data_saver
152 // -A ohbw_data_saver -j RETURN
153 fChainName = FetchChainName(ChainType::CHAIN_OHBW_DENIED_LIST_BOX);
154 chainName = FetchChainName(ChainType::CHAIN_OHBW_ALLOWED_LIST_BOX);
155 command = "-t filter -A " + fChainName + " -j " + chainName;
156 hasError = hasError ||
157 (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR);
158 fChainName = FetchChainName(ChainType::CHAIN_OHBW_ALLOWED_LIST_BOX);
159 chainName = FetchChainName(ChainType::CHAIN_OHBW_DATA_SAVER);
160 command = "-t filter -A " + fChainName + " -j " + chainName;
161 hasError = hasError ||
162 (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR);
163 chainName = FetchChainName(ChainType::CHAIN_OHBW_DATA_SAVER);
164 command = "-t filter -A " + chainName + " -j RETURN";
165 hasError = hasError ||
166 (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR);
167
168 return hasError ? NETMANAGER_ERROR : NETMANAGER_SUCCESS;
169 }
170
InitDefaultAlertChainRules()171 int32_t BandwidthManager::InitDefaultAlertChainRules()
172 {
173 bool hasError = false;
174 std::string command;
175 std::string chainName;
176 std::string fChainName;
177
178 // -A ohbw_INPUT -j ohbw_global_alert
179 // -A ohbw_OUTPUT -j ohbw_global_alert
180 fChainName = FetchChainName(ChainType::CHAIN_OHBW_INPUT);
181 chainName = FetchChainName(ChainType::CHAIN_OHBW_GLOBAL_ALERT);
182 command = "-t filter -A " + fChainName + " -j " + chainName;
183 hasError = hasError ||
184 (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR);
185 fChainName = FetchChainName(ChainType::CHAIN_OHBW_OUTPUT);
186 chainName = FetchChainName(ChainType::CHAIN_OHBW_GLOBAL_ALERT);
187 command = "-t filter -A " + fChainName + " -j " + chainName;
188 hasError = hasError ||
189 (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR);
190
191 return hasError ? NETMANAGER_ERROR : NETMANAGER_SUCCESS;
192 }
193
InitDefaultRules()194 int32_t BandwidthManager::InitDefaultRules()
195 {
196 NETNATIVE_LOG_D("BandwidthManager InitDefaultRules");
197 bool hasError = false;
198 hasError = (InitDefaultBwChainRules() == NETMANAGER_ERROR) ||
199 (InitDefaultListBoxChainRules() == NETMANAGER_ERROR) ||
200 (InitDefaultAlertChainRules() == NETMANAGER_ERROR);
201
202 return hasError ? NETMANAGER_ERROR : NETMANAGER_SUCCESS;
203 }
204
IptablesNewChain(ChainType chain)205 int32_t BandwidthManager::IptablesNewChain(ChainType chain)
206 {
207 NETNATIVE_LOG_D("BandwidthManager NewChain: chain=%{public}d", chain);
208 std::string command = "-t filter -N " + FetchChainName(chain);
209 return IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command);
210 }
211
IptablesNewChain(const std::string & chainName)212 int32_t BandwidthManager::IptablesNewChain(const std::string &chainName)
213 {
214 NETNATIVE_LOG_D("BandwidthManager NewChain: chain=%{public}s", chainName.c_str());
215 std::string command = "-t filter -N " + chainName;
216 return IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command);
217 }
218
IptablesDeleteChain(ChainType chain)219 int32_t BandwidthManager::IptablesDeleteChain(ChainType chain)
220 {
221 NETNATIVE_LOG_D("BandwidthManager DeleteChain: chain=%{public}d", chain);
222 bool hasError = false;
223 std::string command = "-t filter -F " + FetchChainName(chain);
224 hasError = hasError ||
225 (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR);
226 command = "-t filter -X " + FetchChainName(chain);
227 hasError = hasError ||
228 (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR);
229 return hasError ? NETMANAGER_ERROR : NETMANAGER_SUCCESS;
230 }
231
IptablesDeleteChain(const std::string & chainName)232 int32_t BandwidthManager::IptablesDeleteChain(const std::string &chainName)
233 {
234 NETNATIVE_LOG_D("BandwidthManager DeleteChain: chain=%{public}s", chainName.c_str());
235 bool hasError = false;
236 std::string command = "-t filter -F " + chainName;
237 hasError = hasError ||
238 (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR);
239 command = "-t filter -X " + chainName;
240 hasError = hasError ||
241 (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR);
242 return hasError ? NETMANAGER_ERROR : NETMANAGER_SUCCESS;
243 }
244
SetGlobalAlert(Operate operate,int64_t bytes)245 int32_t BandwidthManager::SetGlobalAlert(Operate operate, int64_t bytes)
246 {
247 NETNATIVE_LOG_D("BandwidthManager SetGlobalAlert: operate=%{public}d, bytes=%{public}" PRId64, operate, bytes);
248 bool hasError = false;
249 std::string command;
250 std::string chainName = FetchChainName(ChainType::CHAIN_OHBW_GLOBAL_ALERT);
251 if (operate == OP_SET) {
252 globalAlertBytes_ = bytes;
253 command = "-t filter -A " + chainName + " -m quota2 --quota " + std::to_string(bytes) + " --name globalAlert";
254 hasError = hasError || (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) ==
255 NETMANAGER_ERROR);
256 } else {
257 if (bytes == globalAlertBytes_) {
258 command =
259 "-t filter -D " + chainName + " -m quota --quota " + std::to_string(bytes) + " --name globalAlert";
260 hasError = hasError || (IptablesWrapper::GetInstance()->RunCommand(
261 IPTYPE_IPV4, command) == NETMANAGER_ERROR);
262 globalAlertBytes_ = 0;
263 } else {
264 NETNATIVE_LOGE("not match bytes, cannot remove global alert");
265 return NETMANAGER_ERROR;
266 }
267 }
268
269 return hasError ? NETMANAGER_ERROR : NETMANAGER_SUCCESS;
270 }
271
SetCostlyAlert(Operate operate,const std::string & iface,int64_t bytes)272 int32_t BandwidthManager::SetCostlyAlert(Operate operate, const std::string &iface, int64_t bytes)
273 {
274 NETNATIVE_LOG_D("BandwidthManager SetCostlyAlert: operate=%{public}d, iface=%{public}s, bytes=%{public}" PRId64,
275 operate, iface.c_str(), bytes);
276 std::lock_guard<std::mutex> guard(ifaceAlertMutex_);
277 bool hasError = false;
278 std::string command;
279 std::string chainName = std::string(CHAIN_NAME_COSTLY_PTR) + iface + "alert";
280 if (operate == OP_SET) {
281 ifaceAlertBytes_[iface] = bytes;
282 command =
283 "-t filter -A " + chainName + " -m quota2 --quota " + std::to_string(bytes) + " --name " + iface + "Alert";
284 hasError = hasError || (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) ==
285 NETMANAGER_ERROR);
286 } else {
287 if (bytes == ifaceAlertBytes_[iface]) {
288 command = "-t filter -D " + chainName + " -m quota2 --quota " + std::to_string(bytes) + " --name " + iface +
289 "Alert";
290 hasError = hasError || (IptablesWrapper::GetInstance()->RunCommand(
291 IPTYPE_IPV4, command) == NETMANAGER_ERROR);
292 ifaceAlertBytes_[iface] = 0;
293 } else {
294 NETNATIVE_LOGE("not match bytes, cannot remove global alert");
295 return NETMANAGER_ERROR;
296 }
297 }
298
299 return hasError ? NETMANAGER_ERROR : NETMANAGER_SUCCESS;
300 }
301
EnableDataSaver(bool enable)302 int32_t BandwidthManager::EnableDataSaver(bool enable)
303 {
304 NETNATIVE_LOG_D("BandwidthManager EnableDataSaver: enable=%{public}d", enable);
305 bool hasError = false;
306 std::unique_lock<std::mutex> lock(bandwidthMutex_);
307 CheckChainInitialization();
308
309 std::string command;
310 std::string chainName = FetchChainName(ChainType::CHAIN_OHBW_DATA_SAVER);
311 if (enable == true && dataSaverEnable_ == false) {
312 dataSaverEnable_ = true;
313 command = "-t filter -R " + chainName + " 1 -j REJECT";
314 hasError = hasError || (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) ==
315 NETMANAGER_ERROR);
316 command = "-t filter -I " + chainName + " -m owner --uid-owner 0-9999 -j RETURN";
317 hasError = hasError || (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) ==
318 NETMANAGER_ERROR);
319 } else if (enable == false && dataSaverEnable_ == true) {
320 dataSaverEnable_ = false;
321 command = "-t filter -D " + chainName + " -m owner --uid-owner 0-9999 -j RETURN";
322 hasError = hasError || (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) ==
323 NETMANAGER_ERROR);
324 command = "-t filter -R " + chainName + " 1 -j RETURN";
325 hasError = hasError || (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) ==
326 NETMANAGER_ERROR);
327 } else {
328 NETNATIVE_LOGE("DataSaver is already %{public}s, do not repeat", enable == true ? "true" : "false");
329 return NETMANAGER_ERROR;
330 }
331
332 return hasError ? NETMANAGER_ERROR : NETMANAGER_SUCCESS;
333 }
334
SetIfaceQuotaDetail(const std::string & ifName,int64_t bytes)335 int32_t BandwidthManager::SetIfaceQuotaDetail(const std::string &ifName, int64_t bytes)
336 {
337 std::string command;
338 std::string chainName = std::string(CHAIN_NAME_COSTLY_PTR) + ifName;
339 std::string fChainName;
340 std::string strMaxBytes = std::to_string(bytes);
341 bool hasError = false;
342
343 if (ifaceQuotaBytes_.count(ifName) > 0) {
344 // -R ohbw_costly_iface 1 -m quota2 ! --quota 12345 --name iface -j REJECT
345 command = "-t filter -D " + chainName + " -m quota2 ! --quota " + std::to_string(ifaceQuotaBytes_[ifName]) +
346 " --name " + ifName + " --jump REJECT";
347 hasError = hasError || (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) ==
348 NETMANAGER_ERROR);
349 command = "-t filter -A " + chainName + " -m quota2 ! --quota " + strMaxBytes + " --name " + ifName +
350 " --jump REJECT";
351 hasError = hasError || (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) ==
352 NETMANAGER_ERROR);
353 NETNATIVE_LOG_D("hasError %d", hasError);
354 ifaceQuotaBytes_[ifName] = bytes;
355 return NETMANAGER_SUCCESS;
356 }
357 hasError = hasError || (IptablesNewChain(chainName) == NETMANAGER_ERROR);
358 ifaceQuotaBytes_[ifName] = bytes;
359
360 fChainName = FetchChainName(ChainType::CHAIN_OHBW_OUTPUT);
361 std::string cChainName = FetchChainName(ChainType::CHAIN_OHBW_DENIED_LIST_BOX);
362 command = "-t filter -A " + fChainName + " -o " + ifName + " -j " + cChainName;
363 hasError = hasError ||
364 (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR);
365
366 // -I ohbw_INPUT -i iface -j ohbw_costly_iface
367 fChainName = FetchChainName(ChainType::CHAIN_OHBW_INPUT);
368 command = "-t filter -I " + fChainName + " -i " + ifName + " --jump " + chainName;
369 hasError = hasError ||
370 (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR);
371 // -I ohbw_OUTPUT -o iface -j ohbw_costly_iface
372 fChainName = FetchChainName(ChainType::CHAIN_OHBW_OUTPUT);
373 command = "-t filter -I " + fChainName + " -o " + ifName + " --jump " + chainName;
374 hasError = hasError ||
375 (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR);
376 // -A ohbw_FORWARD -i iface -j ohbw_costly_iface
377 // -A ohbw_FORWARD -o iface -j ohbw_costly_iface
378 fChainName = FetchChainName(ChainType::CHAIN_OHBW_FORWARD);
379 command = "-t filter -A " + fChainName + " -i " + ifName + " --jump " + chainName;
380 hasError = hasError ||
381 (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR);
382 command = "-t filter -A " + fChainName + " -o " + ifName + " --jump " + chainName;
383 hasError = hasError ||
384 (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR);
385 // -A ohbw_costly_iface -m quota2 ! --quota 12345 --name iface -j REJECT
386 command =
387 "-t filter -A " + chainName + " -m quota2 ! --quota " + strMaxBytes + " --name " + ifName + " --jump REJECT";
388 hasError = hasError ||
389 (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR);
390
391 return hasError ? NETMANAGER_ERROR : NETMANAGER_SUCCESS;
392 }
393
SetIfaceQuota(const std::string & ifName,int64_t bytes)394 int32_t BandwidthManager::SetIfaceQuota(const std::string &ifName, int64_t bytes)
395 {
396 if (!CommonUtils::CheckIfaceName(ifName)) {
397 NETNATIVE_LOGE("iface name valid check fail: %{public}s", ifName.c_str());
398 return NETMANAGER_ERROR;
399 }
400 NETNATIVE_LOG_D("BandwidthManager SetIfaceQuota: ifName=%{public}s, bytes=%{public}" PRId64, ifName.c_str(), bytes);
401 std::unique_lock<std::mutex> lock(bandwidthMutex_);
402 CheckChainInitialization();
403
404 return SetIfaceQuotaDetail(ifName, bytes);
405 }
406
RemoveIfaceQuota(const std::string & ifName)407 int32_t BandwidthManager::RemoveIfaceQuota(const std::string &ifName)
408 {
409 if (!CommonUtils::CheckIfaceName(ifName)) {
410 NETNATIVE_LOGE("iface name valid check fail: %{public}s", ifName.c_str());
411 return NETMANAGER_ERROR;
412 }
413 NETNATIVE_LOG_D("BandwidthManager RemoveIfaceQuota: ifName=%{public}s", ifName.c_str());
414 bool hasError = false;
415 std::unique_lock<std::mutex> lock(bandwidthMutex_);
416 CheckChainInitialization();
417
418 std::string command;
419 std::string chainName = std::string(CHAIN_NAME_COSTLY_PTR) + ifName;
420 std::string fChainName;
421
422 if (ifaceQuotaBytes_.count(ifName) == 0) {
423 NETNATIVE_LOGE("RemoveIfaceQuota iface %s not exist, can not remove", ifName.c_str());
424 return NETMANAGER_ERROR;
425 } else {
426 ifaceQuotaBytes_.erase(ifName);
427 }
428
429 fChainName = FetchChainName(ChainType::CHAIN_OHBW_OUTPUT);
430 std::string cChainName = FetchChainName(ChainType::CHAIN_OHBW_DENIED_LIST_BOX);
431 command = "-t filter -D " + fChainName + " -o " + ifName + " -j " + cChainName;
432 hasError = hasError ||
433 (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR);
434
435 // -D ohbw_INPUT -i iface -j ohbw_costly_iface
436 fChainName = FetchChainName(ChainType::CHAIN_OHBW_INPUT);
437 command = "-t filter -D " + fChainName + " -i " + ifName + " --jump " + chainName;
438 hasError = hasError ||
439 (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR);
440 // -D ohbw_OUTPUT -o iface -j ohbw_costly_iface
441 fChainName = FetchChainName(ChainType::CHAIN_OHBW_OUTPUT);
442 command = "-t filter -D " + fChainName + " -o " + ifName + " --jump " + chainName;
443 hasError = hasError ||
444 (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR);
445 // -D ohbw_FORWARD -i iface -j ohbw_costly_iface
446 // -D ohbw_FORWARD -o iface -j ohbw_costly_iface
447 fChainName = FetchChainName(ChainType::CHAIN_OHBW_FORWARD);
448 command = "-t filter -D " + fChainName + " -i " + ifName + " --jump " + chainName;
449 hasError = hasError ||
450 (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR);
451 command = "-t filter -D " + fChainName + " -o " + ifName + " --jump " + chainName;
452 hasError = hasError ||
453 (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR);
454 // -F ohbw_costly_iface
455 // -X ohbw_costly_iface
456 hasError = hasError || (IptablesDeleteChain(chainName) == NETMANAGER_ERROR);
457
458 return hasError ? NETMANAGER_ERROR : NETMANAGER_SUCCESS;
459 }
460
AddDeniedList(uint32_t uid)461 int32_t BandwidthManager::AddDeniedList(uint32_t uid)
462 {
463 NETNATIVE_LOG_D("BandwidthManager AddDeniedList: uid=%{public}d", uid);
464 std::unique_lock<std::mutex> lock(bandwidthMutex_);
465 CheckChainInitialization();
466
467 auto [_, inserted] = deniedListUids_.insert(uid);
468 if (!inserted) {
469 return NETMANAGER_ERROR;
470 }
471
472 std::string strUid = std::to_string(uid);
473 std::string command;
474 std::string chainName = FetchChainName(ChainType::CHAIN_OHBW_DENIED_LIST_BOX);
475 command = "-t filter -I " + chainName + " -m owner --uid-owner " + strUid + " -j REJECT";
476
477 return IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command);
478 }
479
RemoveDeniedList(uint32_t uid)480 int32_t BandwidthManager::RemoveDeniedList(uint32_t uid)
481 {
482 NETNATIVE_LOG_D("BandwidthManager RemoveDeniedList: uid=%{public}d", uid);
483 std::unique_lock<std::mutex> lock(bandwidthMutex_);
484 CheckChainInitialization();
485
486 if (deniedListUids_.erase(uid) == 0) {
487 return NETMANAGER_ERROR;
488 }
489
490 std::string strUid = std::to_string(uid);
491 std::string command;
492 std::string chainName = FetchChainName(ChainType::CHAIN_OHBW_DENIED_LIST_BOX);
493 command = "-t filter -D " + chainName + " -m owner --uid-owner " + strUid + " -j REJECT";
494
495 return IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command);
496 }
497
AddAllowedList(uint32_t uid)498 int32_t BandwidthManager::AddAllowedList(uint32_t uid)
499 {
500 NETNATIVE_LOG_D("BandwidthManager AddAllowedList: uid=%{public}d", uid);
501 std::unique_lock<std::mutex> lock(bandwidthMutex_);
502 CheckChainInitialization();
503
504 auto [_, inserted] = allowedListUids_.insert(uid);
505 if (!inserted) {
506 return NETMANAGER_ERROR;
507 }
508
509 std::string strUid = std::to_string(uid);
510 std::string command;
511 std::string chainName = FetchChainName(ChainType::CHAIN_OHBW_ALLOWED_LIST_BOX);
512 command = "-t filter -I " + chainName + " -m owner --uid-owner " + strUid + " -j RETURN";
513
514 return IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command);
515 }
516
RemoveAllowedList(uint32_t uid)517 int32_t BandwidthManager::RemoveAllowedList(uint32_t uid)
518 {
519 NETNATIVE_LOG_D("BandwidthManager RemoveAllowedList: uid=%{public}d", uid);
520 std::unique_lock<std::mutex> lock(bandwidthMutex_);
521 CheckChainInitialization();
522
523 if (allowedListUids_.erase(uid) == 0) {
524 return NETMANAGER_ERROR;
525 }
526
527 std::string strUid = std::to_string(uid);
528
529 std::string command;
530 std::string chainName = FetchChainName(ChainType::CHAIN_OHBW_ALLOWED_LIST_BOX);
531 command = "-t filter -D " + chainName + " -m owner --uid-owner " + strUid + " -j RETURN";
532
533 return IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command);
534 }
535 } // namespace nmd
536 } // namespace OHOS
537