Feature: per-client data usage and access control

[Mygod]

Apparently some asshole wants this feature and wants to get paid by doing nothing but whining about this feature being missing. Fortunately for him this is possible but I'm not going to implement it because I don't need it. However pull requests are definitely cool and welcome.

To implement this feature, instead of allowing all traffic through in Routing.forward, we will add a -j ACCEPT rule for each new client for its IP address using -s/-d taking advantage of IpNeighborMonitor. Then data usage for each client can be obtained using iptables -nvx -L vpnhotspot_fwd. To parse the output of this command, we might be able to take advantage of some code in netd in AOSP. Access control is easy, just not add ACCEPT rule and add DROP rule for system tethering. (I have already played around in the root shell to make sure this works)

After collection, ideally we want to store data usage by client's MAC address and date-time so that we can have some nice charts. We also need to poll that command to update UI for clients usage (including rate).

Of course I could implement this feature if somebody wants to pay me to do it. 😄

Related: https://android.googlesource.com/platform/frameworks/base.git/+/master/core/java/android/net/NetworkStatsHistory.java

[mishamosher]

And how many 🍕 are we talking about to persuade you to develop and implement this functionality? 🙃

[Mygod]

@mishamosher Hmm it depends. Are you talking about access control or usage stats or both? 🙃

[mishamosher]

I'm more for the access control. But if there are not many 🍕's of difference, then I would like 'em both 🍒

[Mygod]

Alright I think a whole Chicago 🍕 would do. ☺️

[mishamosher]

Seriously though, let me know the USD amount and the delivery method 🙃

[Mygod]

Consider it 24 bucks. I'd prefer if you don't do it via Google's in-app purchases as Google takes 30% off my revenue. PayPal should be good. Thanks! 😗

[mishamosher]

Enjoy the 🍕 + 🍷 hehe 🙃

[Mygod]

Thanks a bunch! I'll start implementing this soon. 😄

[Mygod]

I think there's some work I need to do before I can get to this. In the meantime, could you describe why you would need to block connected devices? Personally I only use this app to connect my other devices and therefore this seems redundant.

[mishamosher]

• Have some users with internet and others without.
• Simply block access. I've a Huawei P8 Lite that doesn't allow to change the SSID nor thr password.
• Ban an user temporarily.

I use this app not only for internet sharing, but also for a quick WLAN for file sharing, gaming, or something that doesn't require internet, so it's attractive to me to have the choice to have users without internet.

Also it happens to me every now and then that I've the repeater/hotspot running with ~8 devices connected to it, but I need to kick one user that I know is abusing the connection. It's faster to simply ban that IP/MAC temporarily than to rekey all the connected PCs.

When I still had my Nexus S, I used the 'WiFi thether' app for sharing internet, extending the range of my WiFi, or simply creating a WLAN. It had this feature of per IP/MAC blocking. Your app covers practically the same ussage scenarios, plus VPN sharing and minus blocking.

WiFi thether refuses to work on modern devices for some reason (Nexus 5X, HTC 10, LG Leon), reason why I've been looking for the appearance of an alternative app for a very long time.

Sorry for the long text, but yeah, it's a long nostalgic story 🙃

[Mygod]

Thanks for all the details. Based on your feedback, here's what I think:

• Creating a WLAN for file sharing is what Wi-Fi direct is intended to be used as. I used to use SuperBeam to do this kind of thing. But there's also a wicked (very non-obvious) way you can make an Internet kill-switch with this app:
  • Set upstream network interface to something non-existent, like blah;
  • Check strict mode (for system tethering this requires app version 1.4.2+ that I just released);
  • Check disable IPv6 tethering;
  • Start repeater/tethering or reapply routing rules. (to go back, revert these changes)
• So I'm thinking about banning devices by MAC addresses as IP addresses are usually assigned by dnsmasq server on your device.

Let me know if you have any more feedback.

P.S. That's a crazy amount of possibly naughty clients you have there.

[mishamosher]

What I love about your app is that it is open source. It gives it a better chance of not dying if for some random reason you're unable to mantain it. But thanks for the SuperBeam info, did not know about it 😜

Thanks for the kill-switch tip.

That MAC banning sounds awesome!

P.S. Hehe, love living in the edge 🙃

[Mygod]

Hmmm blocking clients might require you to enable VPN tethering. I'll also add an option to bypass VPN tethering per client.

[Mygod]

Blocking will be implemented in #39. Traffic stats would be recorded but I don't think I'd provide a way to see history stats for now.

[Mygod]

Blocking has been implemented in 53f4d14 and tested for repeater. (damn it I should have asked for more money, this is no fun for me at all 😞)

I'm working on recording traffic stats into local database and displaying realtime traffic (not 24-hour of course). I expect a first 2.0 beta release sometime in October.

[mishamosher]

Be sure that this soul is very grateful for your efforts. Take it more easily if its such a torture 😄

Maybe some day in the near future I'll invite you to something once again 🎁

But seriously, thank you.

[Mygod]

@mishamosher Please try 2.0.x.