1. Android Network Stack and Enhancement (3G/WiFi, IPV4/IPV6, SIP/VoIP)
1 1
Android Network Stack and Enhancement
(3G/WiFi, IPV4/IPV6, SIP/VoIP)
Mar (Fri)
Geunsik Lim (Nick:인베인)
leemgs.at.gmail.com
blog.naver.com/invain
본 문서는 비상업적 용도에 한해서 자유롭게 수정 및 재배포 가능하며, 자료출처를 명시해야만 합니다.

2. 2 2
CONTENTS
Android Network Technology Session
Computer Network
Understanding Linux Network Internals
Network Terminology (3G/WiFi, IPV4/IPV6, SIP/VoIP)
Differences Between IPv4 and IPv6
Network Information Management on Android Phone
Traffic Monitoring using tcpdump/netstat (including DNS Resolver)
Android Phone Attack using structural vulnerability
Connections between Network Instruments and Android Platform
References
Conclusion
Appendix: Network Scheduler for QoS, Network App for Study
Shih-wei Liao. 료세위 , Shih-wei Liao, a tech leader in google android team for toolchain, in COSCUP
본문서의 내용을 무단으로 복제하는 것은 저작 물 보호를 위해 금지 되어 있으므로,
복제가 필요한 경우 사전에 저자와의 허가를 득해야 하며, 이를 위반시에 법적 조치를 받으 실 수 있습니다.

3. What is Computer Network?
A computer network, often simply referred to as a network, is a collection of computers and devices interconnected by communications channels that facilitate communications among users and allows users to share resources.
A computer network allows sharing of resources and information among interconnected devices.
* Source: wikipedia

4. Overlay Network
IP Layer
SONET/SDH Layer
Optical Layer
Site Layer
An overlay network is a virtual computer network that is built on top of another network. Nodes in the overlay are connected by virtual or logical links, each of which corresponds to a path, perhaps through many physical links, in the underlying network.
For example, many peer-to-peer networks are overlay networks because they are organized as nodes of a virtual system of links run on top of the Internet. The Internet was initially built as an overlay on the telephone network .
OSI Model
The Open Systems Interconnection Reference Model (OSI Model or OSI Reference Model for short) is a layered abstract description for communications and computer network protocol design, developed as part of the Open Systems Interconnection initiative. It is also called the OSI seven layer model

5. Overview of Network Stack
The OSI model remains an important reference point for networking discussions even though it never took off for a variety of reasons. The TCP/IP model covers most of the protocols used by computers today.
OSI Model (7Layer)
TCP/IP Models (4Layer)
Data unit Layers
Data unit Layers 4 3 2 1
Host Layers
data
Application
Network Process to Application
Message
Application
(SIP, HTTP, FTP, DNS, DHCP, IMAP, SMTP, SSH, XMPP, RTP, RTSP, H323) 7 6 5 4 3 2 1
data
Presentation
Data Representation & Encryption
data
Session
Internet Communication
segments
Transport
End-to-End Connections a& Reliability
Segment
Transport
(TCP/UDP)
Media Layers
packets
Network
Path Determination & Logical Addressing(IP)
Datagram/Packet
Internetwork
(IPv4,IPv6, ICMP, IGMP, ARP)
OSI Model(Open System Interface) Model
The Open Systems Interconnection Reference Model (OSI Model or OSI Reference Model for short) is a layered abstract description for communications and computer network protocol design, developed as part of the Open Systems Interconnection initiative. It is also called the OSI seven layer model
frames
Data link
Physical Addressing (MAC & LLC)
Frame
Link Layer or Host-to-network
(Ethernet,Token Ring)
bits
Physical
Media, Signal and Binary Transmission

6. Understanding Linux Network Internals
 Combination of each layer by kernel functions
As we have seen, each layer provides a variety of protocols. Each protocol is handled by a different set of kernel functions. Thus, as the packet travels back up the stack, each protocol must figure out which protocol is being used by the next-higher layer, and invoke the proper kernel function to handle the packet.
Message A B C D
Transport Header
/web/site1.html
Transport Layer Payload
Network Header
Src port=5000 Dst port=80
/web/site1.html
Link Layer Header
Network Layer Payload
Src IP=
Dst IP=
Transport Protocol=TCP
Src port=5000 Dst port=80
/web/site1.html
Link Layer Payload
Src IP=00:20:e1:77:00:02
Dst IP=00:21:e6:32:00:01
Internet Protocol
Src IP=
Dst IP=
Transport Protocol=TCP
Src port=5000 Dst port=80
/web/site1.html
Headers compiled by layers: (a...d) on Host X as we travel down the stack; on Router RT X .

7. Understanding Linux Network Internals
 Android Linux Networking Architecture
tcpdump
tftp
TELNET
PING
Application Layer(INET)
Berkeley Socket Interface
Protocol Layer
Network Device Driver Interface/ queuing Discipline
Physical Device Driver
Physical Device and Media
User space
Kernel space
PF_INET
User space
Kernel space
Application
BSD Socket Interface
PF_PACKET
PF_INET
UDP
TCP
Transport L4
IPV4
ARP …
Network
L3(ptype_base)
Neighboring
OSI Model
The Open Systems Interconnection Reference Model (OSI Model or OSI Reference Model for short) is a layered abstract description for communications and computer network protocol design, developed as part of the Open Systems Interconnection initiative. It is also called the OSI seven layer model
dev_queue_xmit
Device Drivers
Link

8. Understanding Linux Network Internals
 /proc files used by the IPv4 routing subsystem /
proc
sys
net
route
rt_acct
rt_cache
ip_mr_cache
ip_mr_vif
stat
inet_init
net
rt_cache
ip_rt_init ip_mr_init fib_proc_init
Ipv4/v6
ip_forward
icmp_echo_ignore_boradcasts
route
conf
error_burst
error_cost
flush
gc_elasticity
gc_interval
gc_min_interval_ms
gc_thresh
gc_timeout
min_delay
max_delay
max_size
min_adv_mss
min_pmtu
mtu_expires
redirect_load
redirect_number
redirect_silence
secret_interval
all
default
wlan0 lo
rmnet0
accept_redirects
accept_source_route
forwarding
mc_forwarding
rp_filter
secure_redirects
send_redirects
log_martians
devinet_init
inetdev_init

9. Understanding Linux Network Internals
 CPU's ingress queues
The device driver stores in the net_device structure the time its most recent frame was received, and netif_rx stores the time the frame was received in the buffer itself. The local CPU ID is needed to retrieve the data structure associated with that CPU in a per-CPU vector, such as the following code in netif_rx: queue = &_ _get_cpu_var(softnet_data);
rmnet0
rmnet1
Rmnet n
RxComplete
DMADone
CPU 0
CPU 1
net_dev_max_backlog
(300)
completion_queue
The device driver stores in the net_device structure the time its most recent frame was received, and netif_rx stores the time the frame was received in the buffer itself. Thus, one timestamp is associated with a device and the other one is associated with a frame. Note, moreover, that the two timestamps use two different precisions. The device driver stores the timestamp of the most recent frame in jiffies, which in kernel 2.6 comes with a precision of 10 or 1 ms, depending on the architecture (for instance, before 2.6, the i386 used the value 10, but starting with 2.6 the value is 1). netif_rx, however, gets its timestamp by calling get_fast_time, which returns a far more precise value.
The ID of the local CPU is retrieved with smp_processor_id( ) and is stored in the local variable this_cpu:
this_cpu = smp_processor_id( );
The local CPU ID is needed to retrieve the data structure associated with that CPU in a per-CPU vector, such as the following code in netif_rx:
queue = &_ _get_cpu_var(softnet_data);
input_pkt_queue
input_pkt_queue
completion_queue
softnet_data
softnet_data

10. 3G/WiFi, IPV4/IPV6, SIP/VoIP
3G: 3 세대 이동통신 기술 (아날로그 셀룰러폰이 1세대, 디지털 PCS가 2세대이다.)을 위한 ITU 규격이다. 3G는 장치가 정지해 있거나 또는 걷는 정도의 속도로 움직일 때에는 최고 384 Kbps까지, 그리고 차에서는 Kbps, 그리고 고정 장착되어 있는 경우에는 2Mbps까지 전송 속도를 높일 수 있다.
Wi-Fi: 무선 이더넷 호환성 협회 즉, WECA에서 b 무선 이더넷 표준에 대해 제공하고 있는 로고이 다. 호환성을 가진 PC 카드 및 컴퓨터는 Wi-Fi 로고를 사용할 수 있다. WECA의 임무는 Wi-Fi 제품의 상호 운용성을 보증하고, Wi-Fi가 전 세계의 무선랜 표준이 되도록 추진하는데 있다. (/system/etc/apns-conf.xml )
IPv4(Internet Protocol version 4): Internet Protocol 4번째 판이며, 전 세계적으로 사용된 첫 번째 인터 넷 프로토콜이다. IETF RFC 791(1981년 9월)에 기술되어 있다. IPv4는 패킷 교환 네트워크 상에서 데이터 를 교환하기 위한 프로토콜이다.
IPv6(Internet Protocol version 6): Internet Protocol 스택 중 네트워크 계층의 프로토콜로써 version 6 Internet Protocol로 제정된 차세대 인터넷 프로토콜 을 말한다. IPv6와 기존 IPv4 사이의 가장 큰 차이점은 바로 IP 주소의 길이가 128비트로 늘어 났다는 점이다.
VoIP (Voice over IP): IP를 사용하여 음성정보를 전달하는 일련의 설비들을 위한 IP 전화기술이다. 기존 IP 네트웍을 그대로 활용해 전화서비스를 통합 구현함으로써 전화 사용자들이 시내전화 요금만으로 인터넷, 인트라넷 환경에서 시외 및 국제전화 서비스를 받을 수 있음. (H.323, SIP, RTP, SDP, IMS, MGCP)
SIP(Session Initiation Protocol): IETF에서 정의한 시그널링 프로토콜로 음성과 화상 통화 같은 멀티미디어 세션을 제어하기 위해 널리 사용되며, 하나 이상의 참가자들이 함께 세션을 만들고, 수정하고 종료할 수 있게 한다. (2002년 7월 RFC 3261 표준)
H.323
IP Multimedia Subsystem (IMS)
Media Gateway Control Protocol (MGCP)
Session Initiation Protocol (SIP)
Real-time Transport Protocol (RTP)
Session Description Protocol (SDP)

11. Differences Between IPv4 and IPv6 1/2
The IPv4 address space is 2^32, or 4,294,967,296, possible addresses (a little over 4 billion). In contrast, the IPv6 address space is 2^128,
or 340,282,366,920,938,463,463,374,607,431,768,211,456 (3.4 × 10^38) possible
addresses.
IPv6
Internet
Native IPv6
IPv6
host
Native IPv6
IPv6
host
6to4
Server/relay
6to4
Server/relay
IPv Internet
6to4 tunnel
6to4 tunnel
6to4 tunnel
6to4 router
6to4 router
Native IPv6
IPv6 island
IPv6 island

12. Differences Between IPv4 and IPv6 2/2
* IHL: internet header length
* Details: RFC3697
Version
IHL
Type of Service
Total Length
Version
Traffic Class
Flow Label
Identification
Flags
Fragment Offset
Payload Length
Next Header
Hop Limit
20 Octets
Time to Live
Protocol
Header Checksum
Source Address
Source Address
40 Octets
Destination Address
Options
Padding
LEGEND
Destination Address
Field’s name kept from IPv4 to Ipv6
Field not kept in IPv6
Name and position changed in IPv6
New field in IPv6
CPU
Process the
Hop-by-Hop EH
Network Scheduler IN
H/W Engine
Out
Payload
Upper Layer
Hop by Hop
Main header
Router

13. Android Manifest.{permission | permission_group} for Network
Android Manifest.permission_group for Network
Type
Name
Description
String
NETWORK
Used for permissions that provide access to networking services.
Android Manifest.permission for Network
Type
Name
Description
String
ACCESS_NETWORK_STATE
Allows applications to access information about networks
ACCESS_WIFI_STATE
Allows applications to access information about Wi-Fi networks
CHANGE_NETWORK_STATE
Allows applications to change network connectivity state
CHANGE_WIFI_MULTICAST_STATE
Allows applications to enter Wi-Fi Multicast mode
CHANGE_WIFI_STATE
Allows applications to change Wi-Fi connectivity state
INTERNET
Allows applications to open network sockets.
USE_SIP
Allows an application to use SIP service
RECORD_AUDIO
Allows an application to record audio
* Source:

14. How to Get Network Information ( 1/3)
Collect network information with Connectiovity Manager (android.net.ConnectivityManager)
Permission - manifest.xml
<uses-permission android:name=“android.permission.ACCESS_NETWORK_STATE” />
<uses-permission android:name=“android.permission.ACCESS_WIFI_STATE” />
<uses-permission android:name=“android.permission.CHANGE_WIFI_STATE” />
Method to get Network Info
public int getNetworkInfo() {
int result = 3;
ConnectivityManager connectivityManager;
NetworkInfo networkInfo;
connectivityManager = (ConnectivityManager) this.getSystemService(Context.CONNECTIVITY_SERVICE);
networkInfo = connectivityManager.getActiveNetworkInfo();
if (networkInfo == null) {
result = 2;
} else {
if (networkInfo.getType() == 0) result = 0; // 3G MOBILE
else result = 1; // WIFI NETWORK }
return result;

15. How to Get Network Information ( 2/3)
Method to get WiFi Information
public void getWifiInfo() {
WifiManager wifimanager;
wifimanager = (WifiManager) getSystemService(Context.WIFI_SERVICE);
WifiInfo info = wifimanager.getConnectionInfo();
String ssid = info.getSSID();
tvWifi.setText("SSID : " + ssid );
currwifi = "SSID : " + ssid;
if (!currwifi.equals(prevwifi)) {
strwifi = strwifi + "SSID : " + ssid + "\n";
prevwifi = currwifi; }
tvWifi.setText(strwifi);
* SSID: Service Set IDentifier
* WiFiManager wifi = (WifiManager) getSystemService(WIFI_SERVICE);
* DhcpInfo info = wifi.getDhcpInfo();

16. How to Get Network Information ( 3/3)
Permission - manifest.xml
<uses-permission android:name=“android.permission.USE_SIP” />
<uses-permission android:name=“android.permission.RECORD_AUDIO” />
<uses-permission android:name=“android.permission.MODIFY_AUDIO_SETTING” />
Method to get SIP/VoIP Information according to SipManager (on Gingerbread)
public static SipManager newInstance(Context context) {
return (isApiSupported(context) ? new SipManager(context) : null); }
private SipManager(Context context) {
mContext = context;
createSipService();
private void createSipService() {
IBinder b = ServiceManager.getService(Context.SIP_SERVICE);
mSipService = ISipService.Stub.asInterface(b);
* SipManagerCreation
public SipAudioCall makeAudioCall (SipProfile localProfile, SipProfile peerProfile,
SipAudioCall.Listener listener, int timeout) throws
SipException {
SipAudioCall call = new SipAudioCall(mContext, localProfile);
call.setListener(listener);
SipSession s = createSipSession(localProfile, null); …
call.makeCall(peerProfile, s, timeout);
return call; }
* SipAudioCall

17. Hidden Secret Code *#*#4636#*#* for general settings like GSM/CDMA
- IMEI (International Mobile Equipment Identity)
- Phone number (if known)
- Current network
- Ping test
- Signal strength
- Location (signal latency & Cell ID)
- Neighboring Cell IDs
- Roaming state
- GSM service status
- GPRS service status
- Current network type
- Message waiting status
- Call redirect status
- Call status
*#*#8255#*#* for Gtalk service monitor
- Google Talk host address & port
- Your Google JID (presumably Jabber ID, as GTalk is based on Jabber IRC)
- Your Device ID (presumably hashed from something)
- GTalk connection status
- GTalk heartbeat status
IMEI

18. Network Protocols for Android
size
sockets
memory
press
maxhdr
slab
module cl co di ac
HIDP
344 -1 NI no
kernel n
BNEP
RFCOMM
352
SCO
L2CAP
560
KEY
360
PACKET
392
RAWv6
616
yes y
UDPLITEv6
600
UDPv6
TCPv6
1,184 4 5
292
PPPOPNS
416
PPPOLAC
PPPOL2TP
PPPOE
UNIX
368 59
UDP-Lite
472
RAW
456
UDP 2
TCP
1,056
HCI
NETLINK
384 8
/proc/net/protocols , ./net/core/sock.c
2094 static int proto_seq_show(struct seq_file *seq, void *v)
2095 {
if (v == &proto_list)
seq_printf(seq, "%-9s %-4s %-8s %-6s %-5s %-7s %-4s %-10s %s",
"protocol",
"size",
"sockets",
"memory",
"press",
"maxhdr",
"slab",
"module",
"cl co di ac io in de sh ss gs se re sp bi br ha uh gp em\n");
else
proto_seq_printf(seq, list_entry(v, struct proto, node));
return 0;
2110 }
* RAW protocol: This protocol is one of the common computer languages that documents are translated  into and then sent to a networked printer. The printer interprets the protocol and prints the document.

19. Traffic Monitoring using tcpdump 1/2
Cross Compiling tcpdump source on Linux Distribution
Get the latest source for libpcap and tcpdump from
1. Compile libpcap source
rhel6$> tar zxvf libpcap tar.gz
rhel6$> cd libpcap-1.1.1/
rhel6$> CC=arm-kandroid-gcc ac_cv_linux_vers=2 ./configure --host=arm-linux --with-pcap=linux
rhel6$> make
2. Compile tcpdump source
rhel6$> cd ..
rhel6$> tar zxvf tcpdump tar.gz
rhel6$> cd tcpdump-4.1.1/
rhel6$> vi ./Makefile
a. remove the -O2 flag and add the -static flag to the linker (LD_FLAGS += -static)
b. If you get the following error: undefined reference to `__isoc99_sscanf‘ , add #define _GNU_SOURCE in the faulty .c files.

20. Traffic Monitoring using tcpdump 2/2
3. Copy to the android-rootfs based on NFS
rhel6$> sudo cp tcpdump /opt/android-rootfs/
4. Run tcpdump
rhel6#us> sudo ./adb devices
???????????? no permissions
rhel6#us> sudo ./adb kill-server rhel6#us> sudo ./adb shell android#> cd /data/local android#> chmod 777 tcpdump-arm android#> ./tcpdump-arm -i rmnet0 not port 23 (ignoring telnet traffic on port 23)

21. Tcpdump source in Android Official Repository
Git Repository
manifest
#> vi ./mydroid-froyo/.repo/manifest.xml
<project path="external/tcpdump" name="android/platform/external/tcpdump" />
Binary Files
./out/target/product/harmony/obj/EXECUTABLES/tcpdump_intermediates/tcpdump
./out/target/product/harmony/obj/EXECUTABLES/tcpdump_intermediates/LINKED/tcpdump
./out/target/product/harmony/symbols/system/bin/tcpdump
./out/target/product/harmony/system/xbin/tcpdump
* Tcpdump related Ref
Android App
Android market - Search – Download “Shark for Root (native)” software

22. Network Monitoring with wireshark on Host PC 1/3
rhel6$> adb shell tcpdump -i any -p -s 0 -w /sdcard/data.pcap
... do whatever you want to capture, then “Ctrl+C” to stop it ...
rhel6$> adb pull /sdcard/data.pcap .
rhel6$> sudo yum install wireshark # or ethereal, if you're still old version
rhel6$> wireshark ./capture.pcap # or ethereal
... look at your packets and be wise ...
Option
Description
-i any
listen on any network interface -p
disable promiscuous mode (doesn't work anyway)
-s 0
capture the entire packet -w
write packets to a file (rather than printing to stdout)

23. Network Monitoring with wireshark on Host PC 2/3

24. Network Monitoring with wireshark on Host PC 3/3
Utilize Shark for Root / Shark Reader software locally on Android Phone.

25. Unix Socket Connection Information
* Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node PID/Program name Path
unix [ ACC ] STREAM LISTENING /qmuxd /data/radio/qmux_connect_socket
unix [ ACC ] STREAM LISTENING /com.kt.iwlan /data/data/com.kt.iwlan/sock_kaf
unix [ ] DGRAM /lgospd /data/misc/lgosp/ipc_diag
unix [ ] DGRAM /com.kt.wifisv /data/misc/wifi/kaf/kafif_svr
unix [ ] DGRAM /com.lge.osp /data/misc/lgosp/ipc_usbctrl
unix [ ] DGRAM /com.lge.osp /data/misc/lgosp/ipc_usbdata
unix [ ] DGRAM /lgospd /data/misc/lgosp/ipc_fs_access
unix [ ] DGRAM /com.lge.osp /data/misc/lgosp/ipc_gr
* * * * * Middle Omission * * * * *
unix [ ] STREAM /app_process
unix [ ] STREAM CONNECTED /adbd
unix [ ] STREAM CONNECTED /adbd
unix [ ] STREAM CONNECTED /rild /dev/socket/rild
unix [ ] STREAM CONNECTED /com.android.ph
unix [ ] STREAM CONNECTED /zygote /dev/socket/zygote
unix [ ] STREAM CONNECTED /system_server
unix [ ] STREAM CONNECTED /lgesystemd /dev/socket/lgesystemd
unix [ ] STREAM CONNECTED /system_server
unix [ ] STREAM CONNECTED /vold /dev/socket/vold
unix [ ] STREAM CONNECTED /system_server
unix [ ] STREAM CONNECTED /netd /dev/socket/netd
unix [ ] STREAM CONNECTED /system_server
unix [ ] STREAM CONNECTED /dbus-daemon /dev/socket/dbus
unix [ ] STREAM CONNECTED /system_server
unix [ ] STREAM CONNECTED /installd /dev/socket/installd
unix [ ] STREAM CONNECTED /system_server
unix [ ] DGRAM /system_server
unix [ ] STREAM CONNECTED /qmuxd /data/radio/qmux_connect_socket
unix [ ] STREAM CONNECTED /dbus-daemon
unix [ ] STREAM CONNECTED /dbus-daemon
unix [ ] DGRAM /lgospd
unix [ ] DGRAM /lgospd
unix [ ] DGRAM /lgospd
unix [ ] STREAM CONNECTED /init
unix [ ] STREAM CONNECTED /init

26. Network Monitoring with netstat command 1/2
RMNET(Mobile network interface in Linux kernel-speak) is what Google use for Android to connect to the internet to transmit the message to the MMSC server . The interface names "rmnet0”correspond respectively to EDGE/3G and Wi-Fi.
RMNet
slow, broken data but reliable connection
PPP(point-to-point protocol)
fast, high speed data but somewhat unstable connection
/proc/net/dev
/sys/class/net/rmnet0/statistics/tx_packets
1. net-tools-1.60-armv5tel.tar.bz kandroid glibc.alz
/sys/class/net/<rmnet0>/address /sys/class/net/<rmnet0>/statistics/{rx|tx}_packets

27. Network Monitoring with netstat command 2/2
Under the Hood of App Inventor for Android
cat /proc/devices cat /proc/meminfo cat /proc/mounts cat /proc/net/arp cat /proc/net/if_inet6 cat /proc/net/ipv6_route cat /proc/net/route cat /proc/net/wireless cat /proc/version df -ah getprop dalvik.vm.execution-mode getprop dalvik.vm.heapsize getprop gsm.version.baseband getprop ro.build.fingerprint getprop ro.product.version getprop ro.sf.lcd_density ifconfig -a ip -f inet6 addr ip -f inet6 route show ip addr ip route show lsmod netcfg netstat -apnW netstat -rpnW ps route -A inet6 -n route -n uname -a

28. DNS Resolver (RFC 3484 ) 2/2
* RFC
* ANDROID-RFC "RFC 3484 support for Android", 2010,
Bionic uses a NetBSD-derived resolver library which has been modified in the following ways:
1. don't implement the name-server-switch feature (a.k.a. <nsswitch.h>)
2. read /system/etc/resolv.conf instead of /etc/resolv.conf ( ./bionic/libc/netbsd/net/getaddrinfo.c)
3. read the list of servers from system properties(getprop/setprop). the code looks for 'net.dns1', 'net.dns2', etc.. Each property should contain the IP address of a DNS server. These properties are set/modified by other parts of the Android system (e.g. the dhcpd daemon). The implementation also supports per-process DNS server list, using the properties 'net.dns1.<pid>', 'net.dns2.<pid>', etc... Where <pid> stands for the numerical ID of the current process.
4. when performing a query, use a properly randomized Query ID (instead of a incremented one), for increased security.
5. when performing a query, bind the local client socket to a random port for increased security.
6. get rid of *many* unfortunate thread-safety issues in the original code
RFC 3484
/mhydroid/android/libc/netbsd/net/getaddrinfo.c
Getprop and setprop without shysctl command
참고) Bionic does *not* expose implementation details of its DNS resolver; the content of <arpa/nameser.h> is intentionally blank. The resolver implementation might change completely in the future.
* Sources: Android Official Repository

29. DNS Resolver (RFC 3484 ) 2/2 # getprop [ro.secure]: [1]
[ro.allow.mock.location]: [0]
[ro.debuggable]: [0]
[persist.service.adb.enable]: [1]
[ro.factorytest]: [0]
Middle Omission
[net.dns1]: [ ]
[net.dns2]: [ ]
[gsm.current.phone-type]: [1]
[gsm.operator.numeric]: [22110]
[gsm.operator.alpha]: [Kandroid Broadband IT]
[gsm.operator.iso-country]: [it]
[gsm.operator.isroaming]: [false]
[gsm.version.baseband]: [ H_ ]
[EXTERNAL_STORAGE_STATE]: [mounted]
[gsm.network.type]: [UMTS]
[gsm.data.network.type]: [UMTS]
[gsm.sim.change]: [false]
[gsm.cb.max.channel]: [15]

30. Case Study: Android Phone Attack with DDoS 1/2
# for CPU Load 100%
49.56.XXX.XXX
(rmnet0)
PORT STATE SERVICE
21/tcp filtered ftp
22/tcp filtered ssh
23/tcp filtered telnet
79/tcp filtered finger
80/tcp filtered http
135/tcp filtered msrpc
137/tcp filtered netbios-ns
138/tcp filtered netbios-dgm
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
707/tcp filtered unknown
903/tcp filtered iss-console-mgr
1025/tcp filtered NFS-or-IIS
1433/tcp filtered ms-sql-s
1521/tcp filtered oracle
3306/tcp filtered mysql
3389/tcp filtered ms-term-serv
4444/tcp filtered krb524
5000/tcp filtered UPnP
5900/tcp filtered vnc
6101/tcp filtered VeritasBackupExec
6667/tcp filtered irc
8080/tcp filtered http-proxy
17300/tcp filtered kuang2
KRNIC /APNIC.
[ ISP Organization Information ]
Org Name : Korea Android Freetel Corp.
Service Name 7THWING
Org Address : seoul-city kandroid-dong
Org Detail Address: 306
[ ISP IPv4 Admin Contact Information ]
Name : HONG, GILDONG
Phone :
[ ISP IPv4 Tech Contact Information ]
Phone :
[ ISP Network Abuse Contact Information ]
Name : YANG, DEOLPOOL
Phone :
PING-based Distributed Denial of Service (DDoS) attacks
rcvbuf is not enough to hold preload  OOM
while true; do ping -l s 10 -f xx.xx & ; sleep 2; done &
05:26: IP > : ICMP echo request, id 51001, seq 45, length 64
05:26: IP > : ICMP echo reply, id 51001, seq 45, length 64
05:26: IP > : ICMP echo request, id 51001, seq 46, length 64
05:26: IP > : ICMP echo reply, id 51001, seq 46, length 64
05:26: IP > : ICMP echo request, id 51001, seq 47, length 64
Youtube:
Linux centos el5 #1 SMP Thu Sep 3 03:33:56 EDT 2009 i686 i686 i386 GNU/Linux
1. 버퍼 오버플로우 공격
2. SYN 공격
3. UDP Flooding
4. 스머프(Smurf)공격
5. 눈뭉방울 공격
Demo:

31. Case Study: Android Phone Attack with DDoS 2/2
 DDoS Attacks (Distributed Denial-of-Service Attack): 분산되어 있는 다수의 시스템들이 하나의 표적 시스템을 공격하여 DoS [e.g :crash, halt, freeze]를 발생시키는 공격기법
1. Buffer OverFlow(BOF) Attack:컴퓨터의 한정된 메모리 공간과 처리속도 문제를 이용한 OverFlow 공격 기법
2. SYN Flooding: Three-Way Hand Shaking 연결에서 표적시스템의 응답에 침묵을 하는 방법
3. UDP Flooding: 공격자가 서비스를 수신할 IP주소를 표적 시스템의 IP주소로 변경하여 Traffic 과부하 방법
4. Smurf Attack : 공격자가 Src IP주소를 표적시스템의 IP주소로 바꾸어 ICMP Echo broadcast하여 Traffic 과부하 발생시키는 방법
5. Teardrop Attack: 눈물방울공격으로 불리며, 대량의 패킷을 아주 작은 조각으로 분리하여 전송하여 수신측에서 패킷을 재조립하는 과정에서 패킷 순서정보에 대한 결합 로드를 주어 시스템 다운 공격 방법 (
Linux centos el5 #1 SMP Thu Sep 3 03:33:56 EDT 2009 i686 i686 i386 GNU/Linux

32. Connections between Network and Android
Network Instruments-based Android Diagram
/com/android/settings/
/com/android/phone/sip
Application
Setting
(WiFi/VPN)
Phone APK
Dialer
SIP (Setting/Receiver/Caller)
Phone App
Application Framework
Telephony.SIP Package (com.android.internal.telephony.sip)
(framework/base/voip/java/android/net)
Network
Audio/Video
WiFi package (android.net.wifi)
VPN Package (android.net.vpn)
SIP Package (android.net.sip)
RTP Package
(android.net.rtp)
SIP Stack (NIST-SIP)
external/nist-sip/*
JNI
System/Functional Libraries
bionic
RTP(C++)
(arpa/inet)

33. PBX (private branch exchange)
Connections between Network and Android
SIP Architecture
PBX (private branch exchange)
PSTN
IPBX
SIP proxy/registrar
Directory (OpenLDAP)
kandroid’s network
Phone
SIP-PSTN Gateway
RADIUS Server (FreeRADIUS)
Phone
SIP Phone
Access router
internet
SoftPhone User

34. Connections between Network and Android
SIP Connection Flow
IP Phone
SIP Phone A
SIP Phone B
IP Phone
SIP Proxy
SIP/SDP INVITE
SIP/SDP INVITE
Status: 100 Trying
Status: 183 Session Progress
Status: 183 Session Progress
Status: 200OK
LAN
Status: 200OK
SIP ACK
IP Phone
SIP ACK
RTP/RTSP Stream
IP PBX
Signaling Voice Stream
SIP: BYE
SIP: BYE
Status: 200OK
Status: 200OK
IP Phone
IP Phone

35. Connections between Network and Android
Session and Audio Control
SIP Manager
SIP
AUDIO Call
Session
Simple Session Description
Audio Stream
(RTP Stream Inheritance)
Audio Group
Audio Codec
android.net.sip
android.net.rtp
Audio
control
SDP
SIP Session Management
SIP Object Creation & Call API
Service
SipService
SipSessionGroup
SipHelper
SipStack
SipSession
SipAudioCall
SimpleSessionDescriptioin
SipBroadCaseReceiver
SipPhoneFactory
SipPhone
SipCall
SipConnection
SipAudioCallListener
action_sip_add_profile
SIP Manager
PhoneFactory
Registering with a SIP Server
Creating a SIP Manager
Classes and Interfaces
Making an Audio Call
Receiving Calls
RTP
•Initiating SIP sessions.
•Initiating and receiving calls.
•Registering and unregistering with a SIP provider.
•Verifying session connectivity.

36. Conclusion
Many peer-to-peer networks are overlay networks because they are organized as nodes of a virtual system of links run on top of the Internet.
The device driver stores in the ‘net_device’ structure the time its most recent frame was received, and ‘netif_rx’ stores the time the frame was received in the buffer itself.
We can manipulate to understand a lot of packets among the android mobile phone with tcpdump / wireshark. Utilize Shark for Root / Shark Reader software locally on Android Phone.
RMNET is what Google use for Android to connect to the internet to transmit the message.
Bionic uses a NetBSD-derived resolver(RFC3484) library which has been modified for mobile platform.
Android 2.3(API level 9) Provides access to Session Initiation Protocol (SIP) functionality, such as making and answering VOIP calls using SIP. To control how Android Market filters your application from devices that do not support SIP, remember to add the following to the application's manifest. <uses-feature android:name="android.hardware.sip.voip" />
RMNet
slow, broken data but reliable connection
PPP(point-to-point protocol)
fast , high speed data but somewhat unstable connection
RMNET(Mobile network interface in Linux kernel-speak) is what Google use for Android to connect to the internet to transmit the message to the MMSC server . The interface names "rmnet0”correspond respectively to EDGE/3G and Wi-Fi.

37. Think Time for Healthy Network Traffic
How to reduce Google mail content ?
Actually Google mail client of android phone read too many network packet ( e.g: imap header, imap body, images, linked contents)
To reduce the contents of packet ASAP for good network traffic, We have to consider lighet-weight mail client directly with only imap header ).
Whenever we find new wireless network address(APN) because of movement of the users, Why do we always repeat load/unload sequence of wireless kernel module for WiFi?
Think best behavior of kernel functions for effective battery saving and performance improvement.
Our phone acquired too many network protocols, For example, We don't need unnecessary network protocol like RAW.
Do we always wait for the connection completion of WiFi over 5seconds at New street? We have to find improved approach for the fast connection with tiny DNS resolver and Weighted based APN sorting

38. References
TCP/IP Illustrated Book - Volume 1: The Protocols, Addison-Wesley, Volume 2: The Implementation, Addison-Wesley, Volume 3: TCP for Transactions, HTTP, NNTP, and the UNIX Domain Protocols, Addison-Wesley, 1996.
UNIX Network Programming Book - Volume 1, Second Edition: Networking APIs: Sockets and XTI, Prentice Hall, Volume 2, Second Edition: Interprocess Communications, Prentice Hall, 1999
Android Developers Google Groups ,
D. Andersen, H. Balakrishnan, M. Kaashoek, and R. Morris. Resilient Overlay Networks. In Proc. ACM SOSP, Oct
"Basic Components of a Local Area Network (LAN)". NetworkBits.net. Retrieved
Android Developer Document , android.net android.net.sip android.net.wifi SIP Demo
Understanding Linux Network Internals. Author: Christian Benvenuti. Publisher: O'Reilly.
XDA Forums,

39.
Any Questions?
THANKS
사실 OHA와 LiMO와 LiPS는 어찌보면 태생이 상당히 유사함. 같은 리눅스 커널에 비슷한 미 들웨어 컴포넌트를 사용하고 있음
하지만 어플리케이션 개발자 입장에서 보면 차 이가 있음.
결국 “자바”의 내장과 M/W 기술력의 차이에서 오는 그래픽 성능의 차이가 어플리케이션 개발 자에게 차별성으로 느껴지리라 예상
Insert your messages that you think as brain storming…
Adb/ddms/ftrace 으로 OptimusOne 퍼포먼스 저하 요인 분석 방법
2.1 firmware for OptimusOne: 39

40. Appendix: The WRR network scheduler for Linux
WRR(Weighted Round Robin) is a network scheduling module for Linux written by Christian Worm Mortensen. It has the ability to shape an internet connection without buying some expensive QoS solution from the ISP. It can even run on the firewall; thus making more efficient use of the firewall machine.
WRR worked on 2.4 kernels from and newer and on most (if not all) 2.6 kernels until If you need similar traffic shaping for or later, consider using DRR (Deficit Round Robin) which has similar (but not identical) functionality. I have not yet myself switched to DRR so I will not (currently) provide any guidelines.
☞ release
This release is for (tested). It will not work for older kernels. If you need support for older kernels, please use an older release below. It contains no new features but contains a one-line fix for an API change in Please do not try unless you are brave as it seems to have compatibility issues.
IRC: M0ffe at freenode, Undernet and Slashnet.

41. Appendix: Open Source based Applications 1/2
NetMeter allows to trouble-shoot performance problems by letting the user see network and CPU usage over time.
NetCounter is a network traffic counter for the Android platform. GPLv3 license
# for Proxy-based network users
invain$sl6> vi ~/.subversion/servers
[global]
http-proxy-host =
http-proxy-port = 8080

42. Appendix: Open Source based Applications 2/2
Android network tester
Fast Network Tester for Android
Free SIP/VoIP client for Android (GPLV3)
Autorization Username : your-iptel-ID
Password : your-iptel-pass
Server of Proxy : sip.iptel.org
Domain : iptel.org
Port : 5060(default)
Protocol : UDP(default)
sip:
sip: