Starting March 27, 2025, we recommend using android-latest-release instead of aosp-main to build and contribute to AOSP. For more information, see Changes to AOSP.
Stay organized with collections
Save and categorize content based on your preferences.
The per-app and delegated data usage monitoring and tracking
functionality relies on the xt_qtaguid module in the android-3.0 Linux
kernel (kernel/net/netfilter/xt_qtaguid). The socket tagging
functionality in the framework (system/core/libcutils/qtaguid.c)
relies mainly on the existence of /proc/net/xt_qtaguid/ctrl
interface exported by the xt_qtaguid kernel module.
The quota2 netfilter module (originally part of xtables-addons)
allows the functionality to set named quota limits and was extended to
support notifying userspace when certain limits are reached. Once the
quota limit is reached, the quota2 module discards all subsequent
network traffic. The framework can also specify additional rules to
restrict background data traffic for an app (refer to
com.android.server.NetworkManagementSocketTagger.setKernelCounterSet
and
android.net.NetworkPolicyManager.POLICY_REJECT_METERED_BACKGROUND).
How does it work?
The qtaguid netfilter module tracks the network traffic on a
per-socket basis for every app using the unique UID of the
owning app. There are two tag components associated with any
socket in the system. The first is the UID which uniquely identifies
the app which is responsible for the data transfer (Linux
allows the ability to ascribe the ownership of each network socket to
the UID of the calling app). The second tag component is used
to support additional characterization of the traffic into app
developer specified categories. Using these app level tags, an
app can profile the traffic into several sub-categories.
In the case of apps that provide network data transfer as a
service, such as the download manager, media streaming service, etc,
it is possible to attribute the ownership of the network data transfer
to the UID of the requesting app using the
TrafficStats.setThreadStatsUid() function call. The caller must hold
the “android.permission.MODIFY_NETWORK_ACCOUNTING” permission to
re-assign the ownership of the network traffic.
Content and code samples on this page are subject to the licenses described in the Content License. Java and OpenJDK are trademarks or registered trademarks of Oracle and/or its affiliates.
Last updated 2025-08-29 UTC.
[null,null,["Last updated 2025-08-29 UTC."],[],[],null,["# Kernel overview\n\nThe per-app and delegated data usage monitoring and tracking\nfunctionality relies on the xt_qtaguid module in the android-3.0 Linux\nkernel (`kernel/net/netfilter/xt_qtaguid`). The socket tagging\nfunctionality in the framework (`system/core/libcutils/qtaguid.c`)\nrelies mainly on the existence of `/proc/net/xt_qtaguid/ctrl`\ninterface exported by the `xt_qtaguid` kernel module.\n| **Note:** Support for `xt_qtaguid` will be phased out starting in the Android 9 release. See [eBPF Traffic\n| Monitoring](/docs/core/data/ebpf-traffic-monitor) for more information.\n\nThe `quota2` netfilter module (originally part of `xtables-addons`)\nallows the functionality to set named quota limits and was extended to\nsupport notifying userspace when certain limits are reached. Once the\nquota limit is reached, the `quota2` module discards all subsequent\nnetwork traffic. The framework can also specify additional rules to\nrestrict background data traffic for an app (refer to\n`com.android.server.NetworkManagementSocketTagger.setKernelCounterSet`\nand\n`android.net.NetworkPolicyManager.POLICY_REJECT_METERED_BACKGROUND`).\n\nHow does it work?\n-----------------\n\nThe `qtaguid` netfilter module tracks the network traffic on a\nper-socket basis for every app using the unique UID of the\nowning app. There are two tag components associated with any\nsocket in the system. The first is the UID which uniquely identifies\nthe app which is responsible for the data transfer (Linux\nallows the ability to ascribe the ownership of each network socket to\nthe UID of the calling app). The second tag component is used\nto support additional characterization of the traffic into app\ndeveloper specified categories. Using these app level tags, an\napp can profile the traffic into several sub-categories.\n\nIn the case of apps that provide network data transfer as a\nservice, such as the download manager, media streaming service, etc,\nit is possible to attribute the ownership of the network data transfer\nto the UID of the requesting app using the\n`TrafficStats.setThreadStatsUid()` function call. The caller must hold\nthe \"`android.permission.MODIFY_NETWORK_ACCOUNTING`\" permission to\nre-assign the ownership of the network traffic."]]
