1 /*
2 * Copyright (C) 2022-2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "bandwidth_manager.h"
17
18 #include <cinttypes>
19
20 #include "iptables_wrapper.h"
21 #include "net_manager_constants.h"
22 #include "netmanager_base_common_utils.h"
23 #include "netnative_log_wrapper.h"
24
25 namespace OHOS {
26 namespace nmd {
27 using namespace NetManagerStandard;
28 static constexpr const char *CHAIN_NAME_COSTLY_PTR = "ohbw_costly_";
BandwidthManager()29 BandwidthManager::BandwidthManager() : chainInitFlag_(false), dataSaverEnable_(false) {}
30
~BandwidthManager()31 BandwidthManager::~BandwidthManager()
32 {
33 DeInitChain();
34 }
35
CheckChainInitialization()36 inline void BandwidthManager::CheckChainInitialization()
37 {
38 if (chainInitFlag_ == false) {
39 InitChain();
40 InitDefaultRules();
41 }
42 }
43
FetchChainName(ChainType chain)44 std::string BandwidthManager::FetchChainName(ChainType chain)
45 {
46 NETNATIVE_LOG_D("BandwidthManager FetchChainName: chain=%{public}d", chain);
47 std::string chainName;
48 switch (chain) {
49 case ChainType::CHAIN_OHBW_INPUT:
50 chainName = "ohbw_INPUT";
51 break;
52 case ChainType::CHAIN_OHBW_OUTPUT:
53 chainName = "ohbw_OUTPUT";
54 break;
55 case ChainType::CHAIN_OHBW_FORWARD:
56 chainName = "ohbw_FORWARD";
57 break;
58 case ChainType::CHAIN_OHBW_DENIED_LIST_BOX:
59 chainName = "ohbw_denied_list_box";
60 break;
61 case ChainType::CHAIN_OHBW_ALLOWED_LIST_BOX:
62 chainName = "ohbw_allowed_list_box";
63 break;
64 case ChainType::CHAIN_OHBW_GLOBAL_ALERT:
65 chainName = "ohbw_global_alert";
66 break;
67 case ChainType::CHAIN_OHBW_COSTLY_SHARED:
68 chainName = "ohbw_costly_shared";
69 break;
70 case ChainType::CHAIN_OHBW_DATA_SAVER:
71 chainName = "ohbw_data_saver";
72 break;
73 default:
74 chainName = "oh_unusable";
75 break;
76 }
77 return chainName;
78 }
79
InitChain()80 int32_t BandwidthManager::InitChain()
81 {
82 NETNATIVE_LOG_D("BandwidthManager InitChain");
83 bool hasError = false;
84 hasError = (IptablesNewChain(ChainType::CHAIN_OHBW_INPUT) == NETMANAGER_ERROR) ||
85 (IptablesNewChain(ChainType::CHAIN_OHBW_OUTPUT) == NETMANAGER_ERROR) ||
86 (IptablesNewChain(ChainType::CHAIN_OHBW_FORWARD) == NETMANAGER_ERROR) ||
87 (IptablesNewChain(ChainType::CHAIN_OHBW_DENIED_LIST_BOX) == NETMANAGER_ERROR) ||
88 (IptablesNewChain(ChainType::CHAIN_OHBW_ALLOWED_LIST_BOX) == NETMANAGER_ERROR) ||
89 (IptablesNewChain(ChainType::CHAIN_OHBW_GLOBAL_ALERT) == NETMANAGER_ERROR) ||
90 (IptablesNewChain(ChainType::CHAIN_OHBW_COSTLY_SHARED) == NETMANAGER_ERROR) ||
91 (IptablesNewChain(ChainType::CHAIN_OHBW_DATA_SAVER) == NETMANAGER_ERROR);
92 chainInitFlag_ = true;
93 return hasError ? NETMANAGER_ERROR : NETMANAGER_SUCCESS;
94 }
95
DeInitChain()96 int32_t BandwidthManager::DeInitChain()
97 {
98 NETNATIVE_LOG_D("BandwidthManager DeInitChain");
99 bool hasError = false;
100 hasError = (IptablesDeleteChain(ChainType::CHAIN_OHBW_INPUT) == NETMANAGER_ERROR) ||
101 (IptablesDeleteChain(ChainType::CHAIN_OHBW_OUTPUT) == NETMANAGER_ERROR) ||
102 (IptablesDeleteChain(ChainType::CHAIN_OHBW_FORWARD) == NETMANAGER_ERROR) ||
103 (IptablesDeleteChain(ChainType::CHAIN_OHBW_DENIED_LIST_BOX) == NETMANAGER_ERROR) ||
104 (IptablesDeleteChain(ChainType::CHAIN_OHBW_ALLOWED_LIST_BOX) == NETMANAGER_ERROR) ||
105 (IptablesDeleteChain(ChainType::CHAIN_OHBW_GLOBAL_ALERT) == NETMANAGER_ERROR) ||
106 (IptablesDeleteChain(ChainType::CHAIN_OHBW_COSTLY_SHARED) == NETMANAGER_ERROR) ||
107 (IptablesDeleteChain(ChainType::CHAIN_OHBW_DATA_SAVER) == NETMANAGER_ERROR);
108 chainInitFlag_ = false;
109 return hasError ? NETMANAGER_ERROR : NETMANAGER_SUCCESS;
110 }
111
InitDefaultBwChainRules()112 int32_t BandwidthManager::InitDefaultBwChainRules()
113 {
114 bool hasError = false;
115 std::string command;
116 std::string chainName;
117
118 // -A INPUT -j ohbw_INPUT
119 // -A OUTPUT -j ohbw_OUTPUT
120 chainName = FetchChainName(ChainType::CHAIN_OHBW_INPUT);
121 command = "-t filter -A INPUT -j " + chainName;
122 hasError = hasError ||
123 (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR);
124 chainName = FetchChainName(ChainType::CHAIN_OHBW_OUTPUT);
125 command = "-t filter -A OUTPUT -j " + chainName;
126 hasError = hasError ||
127 (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR);
128 // -A ohbw_INPUT -p esp -j RETURN
129 // -A ohbw_INPUT -m mark --mark 0x100000/0x100000 -j RETURN
130 chainName = FetchChainName(ChainType::CHAIN_OHBW_INPUT);
131 command = "-t filter -A " + chainName + " -p esp -j RETURN";
132 hasError = hasError ||
133 (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR);
134 command =
135 "-t filter -A " + FetchChainName(ChainType::CHAIN_OHBW_INPUT) + " -m mark --mark 0x100000/0x100000 -j RETURN";
136 hasError = hasError ||
137 (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR);
138
139 return hasError ? NETMANAGER_ERROR : NETMANAGER_SUCCESS;
140 }
141
InitDefaultListBoxChainRules()142 int32_t BandwidthManager::InitDefaultListBoxChainRules()
143 {
144 bool hasError = false;
145 std::string command;
146 std::string chainName;
147 std::string fChainName;
148
149 // -A ohbw_OUPUT -j ohbw_denied_list_box
150 // -A ohbw_denied_list_box -j ohbw_allowed_list_box
151 // -A ohbw_allowed_list_box -j ohbw_data_saver
152 // -A ohbw_data_saver -j RETURN
153 fChainName = FetchChainName(ChainType::CHAIN_OHBW_DENIED_LIST_BOX);
154 chainName = FetchChainName(ChainType::CHAIN_OHBW_ALLOWED_LIST_BOX);
155 command = "-t filter -A " + fChainName + " -j " + chainName;
156 hasError = hasError ||
157 (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR);
158 fChainName = FetchChainName(ChainType::CHAIN_OHBW_ALLOWED_LIST_BOX);
159 chainName = FetchChainName(ChainType::CHAIN_OHBW_DATA_SAVER);
160 command = "-t filter -A " + fChainName + " -j " + chainName;
161 hasError = hasError ||
162 (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR);
163 chainName = FetchChainName(ChainType::CHAIN_OHBW_DATA_SAVER);
164 command = "-t filter -A " + chainName + " -j RETURN";
165 hasError = hasError ||
166 (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR);
167
168 return hasError ? NETMANAGER_ERROR : NETMANAGER_SUCCESS;
169 }
170
InitDefaultAlertChainRules()171 int32_t BandwidthManager::InitDefaultAlertChainRules()
172 {
173 bool hasError = false;
174 std::string command;
175 std::string chainName;
176 std::string fChainName;
177
178 // -A ohbw_INPUT -j ohbw_global_alert
179 // -A ohbw_OUTPUT -j ohbw_global_alert
180 fChainName = FetchChainName(ChainType::CHAIN_OHBW_INPUT);
181 chainName = FetchChainName(ChainType::CHAIN_OHBW_GLOBAL_ALERT);
182 command = "-t filter -A " + fChainName + " -j " + chainName;
183 hasError = hasError ||
184 (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR);
185 fChainName = FetchChainName(ChainType::CHAIN_OHBW_OUTPUT);
186 chainName = FetchChainName(ChainType::CHAIN_OHBW_GLOBAL_ALERT);
187 command = "-t filter -A " + fChainName + " -j " + chainName;
188 hasError = hasError ||
189 (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR);
190
191 return hasError ? NETMANAGER_ERROR : NETMANAGER_SUCCESS;
192 }
193
InitDefaultRules()194 int32_t BandwidthManager::InitDefaultRules()
195 {
196 NETNATIVE_LOG_D("BandwidthManager InitDefaultRules");
197 bool hasError = false;
198 hasError = (InitDefaultBwChainRules() == NETMANAGER_ERROR) ||
199 (InitDefaultListBoxChainRules() == NETMANAGER_ERROR) ||
200 (InitDefaultAlertChainRules() == NETMANAGER_ERROR);
201
202 return hasError ? NETMANAGER_ERROR : NETMANAGER_SUCCESS;
203 }
204
IptablesNewChain(ChainType chain)205 int32_t BandwidthManager::IptablesNewChain(ChainType chain)
206 {
207 NETNATIVE_LOG_D("BandwidthManager NewChain: chain=%{public}d", chain);
208 std::string command = "-t filter -N " + FetchChainName(chain);
209 return IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command);
210 }
211
IptablesNewChain(const std::string & chainName)212 int32_t BandwidthManager::IptablesNewChain(const std::string &chainName)
213 {
214 NETNATIVE_LOG_D("BandwidthManager NewChain: chain=%{public}s", chainName.c_str());
215 std::string command = "-t filter -N " + chainName;
216 return IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command);
217 }
218
IptablesDeleteChain(ChainType chain)219 int32_t BandwidthManager::IptablesDeleteChain(ChainType chain)
220 {
221 NETNATIVE_LOG_D("BandwidthManager DeleteChain: chain=%{public}d", chain);
222 bool hasError = false;
223 std::string command = "-t filter -F " + FetchChainName(chain);
224 hasError = hasError ||
225 (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR);
226 command = "-t filter -X " + FetchChainName(chain);
227 hasError = hasError ||
228 (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR);
229 return hasError ? NETMANAGER_ERROR : NETMANAGER_SUCCESS;
230 }
231
IptablesDeleteChain(const std::string & chainName)232 int32_t BandwidthManager::IptablesDeleteChain(const std::string &chainName)
233 {
234 NETNATIVE_LOG_D("BandwidthManager DeleteChain: chain=%{public}s", chainName.c_str());
235 bool hasError = false;
236 std::string command = "-t filter -F " + chainName;
237 hasError = hasError ||
238 (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR);
239 command = "-t filter -X " + chainName;
240 hasError = hasError ||
241 (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR);
242 return hasError ? NETMANAGER_ERROR : NETMANAGER_SUCCESS;
243 }
244
SetGlobalAlert(Operate operate,int64_t bytes)245 int32_t BandwidthManager::SetGlobalAlert(Operate operate, int64_t bytes)
246 {
247 NETNATIVE_LOG_D("BandwidthManager SetGlobalAlert: operate=%{public}d, bytes=%{public}" PRId64, operate, bytes);
248 bool hasError = false;
249 std::string command;
250 std::string chainName = FetchChainName(ChainType::CHAIN_OHBW_GLOBAL_ALERT);
251 if (operate == OP_SET) {
252 globalAlertBytes_ = bytes;
253 command = "-t filter -A " + chainName + " -m quota2 --quota " + std::to_string(bytes) + " --name globalAlert";
254 hasError = hasError || (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) ==
255 NETMANAGER_ERROR);
256 } else {
257 if (bytes == globalAlertBytes_) {
258 command =
259 "-t filter -D " + chainName + " -m quota --quota " + std::to_string(bytes) + " --name globalAlert";
260 hasError = hasError || (IptablesWrapper::GetInstance()->RunCommand(
261 IPTYPE_IPV4, command) == NETMANAGER_ERROR);
262 globalAlertBytes_ = 0;
263 } else {
264 NETNATIVE_LOGE("not match bytes, cannot remove global alert");
265 return NETMANAGER_ERROR;
266 }
267 }
268
269 return hasError ? NETMANAGER_ERROR : NETMANAGER_SUCCESS;
270 }
271
SetCostlyAlert(Operate operate,const std::string & iface,int64_t bytes)272 int32_t BandwidthManager::SetCostlyAlert(Operate operate, const std::string &iface, int64_t bytes)
273 {
274 NETNATIVE_LOG_D("BandwidthManager SetCostlyAlert: operate=%{public}d, iface=%{public}s, bytes=%{public}" PRId64,
275 operate, iface.c_str(), bytes);
276 bool hasError = false;
277 std::string command;
278 std::string chainName = std::string(CHAIN_NAME_COSTLY_PTR) + iface + "alert";
279 if (operate == OP_SET) {
280 ifaceAlertBytes_[iface] = bytes;
281 command =
282 "-t filter -A " + chainName + " -m quota2 --quota " + std::to_string(bytes) + " --name " + iface + "Alert";
283 hasError = hasError || (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) ==
284 NETMANAGER_ERROR);
285 } else {
286 if (bytes == ifaceAlertBytes_[iface]) {
287 command = "-t filter -D " + chainName + " -m quota2 --quota " + std::to_string(bytes) + " --name " + iface +
288 "Alert";
289 hasError = hasError || (IptablesWrapper::GetInstance()->RunCommand(
290 IPTYPE_IPV4, command) == NETMANAGER_ERROR);
291 ifaceAlertBytes_[iface] = 0;
292 } else {
293 NETNATIVE_LOGE("not match bytes, cannot remove global alert");
294 return NETMANAGER_ERROR;
295 }
296 }
297
298 return hasError ? NETMANAGER_ERROR : NETMANAGER_SUCCESS;
299 }
300
EnableDataSaver(bool enable)301 int32_t BandwidthManager::EnableDataSaver(bool enable)
302 {
303 NETNATIVE_LOG_D("BandwidthManager EnableDataSaver: enable=%{public}d", enable);
304 bool hasError = false;
305 std::unique_lock<std::mutex> lock(bandwidthMutex_);
306 CheckChainInitialization();
307
308 std::string command;
309 std::string chainName = FetchChainName(ChainType::CHAIN_OHBW_DATA_SAVER);
310 if (enable == true && dataSaverEnable_ == false) {
311 dataSaverEnable_ = true;
312 command = "-t filter -R " + chainName + " 1 -j REJECT";
313 hasError = hasError || (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) ==
314 NETMANAGER_ERROR);
315 command = "-t filter -I " + chainName + " -m owner --uid-owner 0-9999 -j RETURN";
316 hasError = hasError || (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) ==
317 NETMANAGER_ERROR);
318 } else if (enable == false && dataSaverEnable_ == true) {
319 dataSaverEnable_ = false;
320 command = "-t filter -D " + chainName + " -m owner --uid-owner 0-9999 -j RETURN";
321 hasError = hasError || (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) ==
322 NETMANAGER_ERROR);
323 command = "-t filter -R " + chainName + " 1 -j RETURN";
324 hasError = hasError || (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) ==
325 NETMANAGER_ERROR);
326 } else {
327 NETNATIVE_LOGE("DataSaver is already %{public}s, do not repeat", enable == true ? "true" : "false");
328 return NETMANAGER_ERROR;
329 }
330
331 return hasError ? NETMANAGER_ERROR : NETMANAGER_SUCCESS;
332 }
333
SetIfaceQuotaDetail(const std::string & ifName,int64_t bytes)334 int32_t BandwidthManager::SetIfaceQuotaDetail(const std::string &ifName, int64_t bytes)
335 {
336 std::string command;
337 std::string chainName = std::string(CHAIN_NAME_COSTLY_PTR) + ifName;
338 std::string fChainName;
339 std::string strMaxBytes = std::to_string(bytes);
340 bool hasError = false;
341
342 if (ifaceQuotaBytes_.count(ifName) > 0) {
343 // -R ohbw_costly_iface 1 -m quota2 ! --quota 12345 --name iface -j REJECT
344 command = "-t filter -D " + chainName + " -m quota2 ! --quota " + std::to_string(ifaceQuotaBytes_[ifName]) +
345 " --name " + ifName + " --jump REJECT";
346 hasError = hasError || (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) ==
347 NETMANAGER_ERROR);
348 command = "-t filter -A " + chainName + " -m quota2 ! --quota " + strMaxBytes + " --name " + ifName +
349 " --jump REJECT";
350 hasError = hasError || (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) ==
351 NETMANAGER_ERROR);
352 NETNATIVE_LOG_D("hasError %d", hasError);
353 ifaceQuotaBytes_[ifName] = bytes;
354 return NETMANAGER_SUCCESS;
355 }
356 hasError = hasError || (IptablesNewChain(chainName) == NETMANAGER_ERROR);
357 ifaceQuotaBytes_[ifName] = bytes;
358
359 fChainName = FetchChainName(ChainType::CHAIN_OHBW_OUTPUT);
360 std::string cChainName = FetchChainName(ChainType::CHAIN_OHBW_DENIED_LIST_BOX);
361 command = "-t filter -A " + fChainName + " -o " + ifName + " -j " + cChainName;
362 hasError = hasError ||
363 (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR);
364
365 // -I ohbw_INPUT -i iface -j ohbw_costly_iface
366 fChainName = FetchChainName(ChainType::CHAIN_OHBW_INPUT);
367 command = "-t filter -I " + fChainName + " -i " + ifName + " --jump " + chainName;
368 hasError = hasError ||
369 (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR);
370 // -I ohbw_OUTPUT -o iface -j ohbw_costly_iface
371 fChainName = FetchChainName(ChainType::CHAIN_OHBW_OUTPUT);
372 command = "-t filter -I " + fChainName + " -o " + ifName + " --jump " + chainName;
373 hasError = hasError ||
374 (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR);
375 // -A ohbw_FORWARD -i iface -j ohbw_costly_iface
376 // -A ohbw_FORWARD -o iface -j ohbw_costly_iface
377 fChainName = FetchChainName(ChainType::CHAIN_OHBW_FORWARD);
378 command = "-t filter -A " + fChainName + " -i " + ifName + " --jump " + chainName;
379 hasError = hasError ||
380 (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR);
381 command = "-t filter -A " + fChainName + " -o " + ifName + " --jump " + chainName;
382 hasError = hasError ||
383 (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR);
384 // -A ohbw_costly_iface -m quota2 ! --quota 12345 --name iface -j REJECT
385 command =
386 "-t filter -A " + chainName + " -m quota2 ! --quota " + strMaxBytes + " --name " + ifName + " --jump REJECT";
387 hasError = hasError ||
388 (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR);
389
390 return hasError ? NETMANAGER_ERROR : NETMANAGER_SUCCESS;
391 }
392
SetIfaceQuota(const std::string & ifName,int64_t bytes)393 int32_t BandwidthManager::SetIfaceQuota(const std::string &ifName, int64_t bytes)
394 {
395 if (!CommonUtils::CheckIfaceName(ifName)) {
396 NETNATIVE_LOGE("iface name valid check fail: %{public}s", ifName.c_str());
397 return NETMANAGER_ERROR;
398 }
399 NETNATIVE_LOG_D("BandwidthManager SetIfaceQuota: ifName=%{public}s, bytes=%{public}" PRId64, ifName.c_str(), bytes);
400 std::unique_lock<std::mutex> lock(bandwidthMutex_);
401 CheckChainInitialization();
402
403 return SetIfaceQuotaDetail(ifName, bytes);
404 }
405
RemoveIfaceQuota(const std::string & ifName)406 int32_t BandwidthManager::RemoveIfaceQuota(const std::string &ifName)
407 {
408 if (!CommonUtils::CheckIfaceName(ifName)) {
409 NETNATIVE_LOGE("iface name valid check fail: %{public}s", ifName.c_str());
410 return NETMANAGER_ERROR;
411 }
412 NETNATIVE_LOG_D("BandwidthManager RemoveIfaceQuota: ifName=%{public}s", ifName.c_str());
413 bool hasError = false;
414 std::unique_lock<std::mutex> lock(bandwidthMutex_);
415 CheckChainInitialization();
416
417 std::string command;
418 std::string chainName = std::string(CHAIN_NAME_COSTLY_PTR) + ifName;
419 std::string fChainName;
420
421 if (ifaceQuotaBytes_.count(ifName) == 0) {
422 NETNATIVE_LOGE("RemoveIfaceQuota iface %s not exist, can not remove", ifName.c_str());
423 return NETMANAGER_ERROR;
424 } else {
425 ifaceQuotaBytes_.erase(ifName);
426 }
427
428 fChainName = FetchChainName(ChainType::CHAIN_OHBW_OUTPUT);
429 std::string cChainName = FetchChainName(ChainType::CHAIN_OHBW_DENIED_LIST_BOX);
430 command = "-t filter -D " + fChainName + " -o " + ifName + " -j " + cChainName;
431 hasError = hasError ||
432 (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR);
433
434 // -D ohbw_INPUT -i iface -j ohbw_costly_iface
435 fChainName = FetchChainName(ChainType::CHAIN_OHBW_INPUT);
436 command = "-t filter -D " + fChainName + " -i " + ifName + " --jump " + chainName;
437 hasError = hasError ||
438 (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR);
439 // -D ohbw_OUTPUT -o iface -j ohbw_costly_iface
440 fChainName = FetchChainName(ChainType::CHAIN_OHBW_OUTPUT);
441 command = "-t filter -D " + fChainName + " -o " + ifName + " --jump " + chainName;
442 hasError = hasError ||
443 (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR);
444 // -D ohbw_FORWARD -i iface -j ohbw_costly_iface
445 // -D ohbw_FORWARD -o iface -j ohbw_costly_iface
446 fChainName = FetchChainName(ChainType::CHAIN_OHBW_FORWARD);
447 command = "-t filter -D " + fChainName + " -i " + ifName + " --jump " + chainName;
448 hasError = hasError ||
449 (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR);
450 command = "-t filter -D " + fChainName + " -o " + ifName + " --jump " + chainName;
451 hasError = hasError ||
452 (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR);
453 // -F ohbw_costly_iface
454 // -X ohbw_costly_iface
455 hasError = hasError || (IptablesDeleteChain(chainName) == NETMANAGER_ERROR);
456
457 return hasError ? NETMANAGER_ERROR : NETMANAGER_SUCCESS;
458 }
459
AddDeniedList(uint32_t uid)460 int32_t BandwidthManager::AddDeniedList(uint32_t uid)
461 {
462 NETNATIVE_LOG_D("BandwidthManager AddDeniedList: uid=%{public}d", uid);
463 std::unique_lock<std::mutex> lock(bandwidthMutex_);
464 CheckChainInitialization();
465
466 auto [_, inserted] = deniedListUids_.insert(uid);
467 if (!inserted) {
468 return NETMANAGER_ERROR;
469 }
470
471 std::string strUid = std::to_string(uid);
472 std::string command;
473 std::string chainName = FetchChainName(ChainType::CHAIN_OHBW_DENIED_LIST_BOX);
474 command = "-t filter -I " + chainName + " -m owner --uid-owner " + strUid + " -j REJECT";
475
476 return IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command);
477 }
478
RemoveDeniedList(uint32_t uid)479 int32_t BandwidthManager::RemoveDeniedList(uint32_t uid)
480 {
481 NETNATIVE_LOG_D("BandwidthManager RemoveDeniedList: uid=%{public}d", uid);
482 std::unique_lock<std::mutex> lock(bandwidthMutex_);
483 CheckChainInitialization();
484
485 if (deniedListUids_.erase(uid) == 0) {
486 return NETMANAGER_ERROR;
487 }
488
489 std::string strUid = std::to_string(uid);
490 std::string command;
491 std::string chainName = FetchChainName(ChainType::CHAIN_OHBW_DENIED_LIST_BOX);
492 command = "-t filter -D " + chainName + " -m owner --uid-owner " + strUid + " -j REJECT";
493
494 return IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command);
495 }
496
AddAllowedList(uint32_t uid)497 int32_t BandwidthManager::AddAllowedList(uint32_t uid)
498 {
499 NETNATIVE_LOG_D("BandwidthManager AddAllowedList: uid=%{public}d", uid);
500 std::unique_lock<std::mutex> lock(bandwidthMutex_);
501 CheckChainInitialization();
502
503 auto [_, inserted] = allowedListUids_.insert(uid);
504 if (!inserted) {
505 return NETMANAGER_ERROR;
506 }
507
508 std::string strUid = std::to_string(uid);
509 std::string command;
510 std::string chainName = FetchChainName(ChainType::CHAIN_OHBW_ALLOWED_LIST_BOX);
511 command = "-t filter -I " + chainName + " -m owner --uid-owner " + strUid + " -j RETURN";
512
513 return IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command);
514 }
515
RemoveAllowedList(uint32_t uid)516 int32_t BandwidthManager::RemoveAllowedList(uint32_t uid)
517 {
518 NETNATIVE_LOG_D("BandwidthManager RemoveAllowedList: uid=%{public}d", uid);
519 std::unique_lock<std::mutex> lock(bandwidthMutex_);
520 CheckChainInitialization();
521
522 if (allowedListUids_.erase(uid) == 0) {
523 return NETMANAGER_ERROR;
524 }
525
526 std::string strUid = std::to_string(uid);
527
528 std::string command;
529 std::string chainName = FetchChainName(ChainType::CHAIN_OHBW_ALLOWED_LIST_BOX);
530 command = "-t filter -D " + chainName + " -m owner --uid-owner " + strUid + " -j RETURN";
531
532 return IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command);
533 }
534 } // namespace nmd
535 } // namespace OHOS
536