| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This eliminates the need for netd_updatable BpfHandler.cpp
to initialize the hash map with a zero.
On startup the map will be freshly initialized and thus zero.
On restart it might not be empty, but it doesn't matter to netd.
Furthermore the mainline component of the system server will
re-initialize it again anyway:
see service/native/TrafficController.cpp initMaps()
This does remove the ability to call deleteValue on a key,
since that would always return -EINVAL, but since we don't
currently do that, that's really a feature.
(It does suggest though that we should have a BpfMapNonNullable
class which is writeable, but without a deleteValue() function)
Additionally BpfMap arrays are more efficient for the kernel bpf jit
compiler, as - on newer kernels - it can optimize the read/write
into a simple memory access (as opposed to a bpf helper call).
Before:
$ adb shell ls -l /sys/fs/bpf/netd_shared/map_netd_configuration_map
-rw-rw---- 1 root net_bw_acct 0 2022-06-11 08:20 /sys/fs/bpf/netd_shared/ map_netd_configuration_map
After:
$ adbz shell ls -l /sys/fs/bpf/netd_shared/map_netd_configuration_map
-r--rw---- 1 root net_bw_acct 0 2022-06-16 15:03 /sys/fs/bpf/netd_shared/map_netd_configuration_map
Bug: 218408035
Bug: 235590615
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I21730e4fa22fbf0c94ab0ca5c5db03aa000b7680
(cherry picked from commit b10e055f4b63ef5ae12585069481558b93ecd87f)
Merged-In: I21730e4fa22fbf0c94ab0ca5c5db03aa000b7680
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We'd like to switch more of these (as netd should only be
writing into the cookie map), but this is the only one
where tests (and the BpfMap vs BpfMapRO inheritence inversion)
don't get in our way.
We'll fix the rest later. This gives us an *example* for
further testing.
Bug: 218408035
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I9b280c7ba2d19644fc3cdd0c132de85f45df69b4
(cherry picked from commit 21ce721bc087d679686acedd06ec7d2b19cad164)
Merged-In: I9b280c7ba2d19644fc3cdd0c132de85f45df69b4
|
| |
|
|
|
|
|
|
|
|
|
|
| |
BpfMap.reset(createMap()) is equivalent to newly added BpfMap.resetMap(),
except that the latter makes it impossible to screw up the Key/Value sizes.
Bug: 235286176
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I290986e9ae8660f3fc6f73b086d33f4ab93d6095
(cherry picked from commit 439bac2e566eb8b52981a229e4be88a05b58149c)
Merged-In: I290986e9ae8660f3fc6f73b086d33f4ab93d6095
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We notice that:
BpfMap.reset(dupFd_with_cloexec(BpfMap.getMap())
is equivalent to
BpfMap = BpfMap
due to the current implementation of the BpfMap assignment operator.
Except the latter also verifies BpfMap<K,V> template types match.
Bug: 235286176
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I99fcf77bc6aa360b6a19e22c2cd58d67a1e62976
(cherry picked from commit 55ab87aa4937f562e6952c5b88e90eae6eca41c4)
Merged-In: I99fcf77bc6aa360b6a19e22c2cd58d67a1e62976
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In the BPF code, per-UID network access (e.g., for doze mode,
standby, etc.) is stored in UidOwnerValue structures. Each of
these stores that UID's rules in a 32-bit bitmask of
UidOwnerMatchType values, so the code can support ~31 match
types.
However, which match types are enabled is stored in
configuration_map at index UID_RULES_CONFIGURATION_KEY, and
configuration_map only stores 8-bit values. So it's not
possible to define more than 7 match types.
Widen configuration_map to from 8 to 32 bits to match the width
of UidOwnerValue.rule. This doesn't impact memory because
configuration_map only has 2 entries.
Bug: 208371987
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I7e1eee2daedd66d27965a2dd4ce6b4c3667892f7
(cherry picked from commit 60cbed385dcf3c640674c48b7cd4d60967047cf0)
Merged-In: I7e1eee2daedd66d27965a2dd4ce6b4c3667892f7
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a follow up commit for the family validation {INET, INET6}.
The protocol validation {TCP, UDP} has been added in previous
commit.
The TrafficController socket destroy listener only monitors
on the group {INET_TCP, INET_UDP, INET6_TCP, INET6_UDP}.
Tagging listener unsupported socket causes that the tag can't
be removed from tag map automatically. Eventually, the tag map
run out of space because of dead tag entries.
See TrafficController::makeSkDestroyListener in
packages/modules/Connectivity/service/native/TrafficController.cpp
Also address the comments from previous commit.
- Remove the useless else-statment in tagSocket protocol validation.
- Make the socket cookie query and test into one line in
BpfHandlerTest#TestTagSocketWithUnsupportedProtocol
Bug: 223094609
Test: atest BpfHandlerTest
Change-Id: I0f571fc00caa01c86399f0dbb593e8a40ad94bbd
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The TrafficController socket destroy listener only monitors
on the group {INET_TCP, INET_UDP, INET6_TCP, INET6_UDP}.
Tagging listener unsupported socket causes that the tag can't
be removed from tag map automatically. Eventually, the tag map
run out of space because of dead tag entries.
See TrafficController::makeSkDestroyListener in
packages/modules/Connectivity/service/native/TrafficController.cpp
Bug: 223094609
Test: atest BpfHandlerTest
Change-Id: Icc19b7c9f37fef498b89f43e44767f6b9e931a5a
|
| |
|
|
|
|
|
|
|
| |
The process is not allowed to tag socket to AID_CLAT via tagSocket()
which would cause process data usage accounting to be bypassed.
Bug: 218407445
Test: atest BpfHandlerTest
Change-Id: Ia7b071e1065733da25e9f02f34ccd17f63653217
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Added SPDX-license-identifier-Apache-2.0 to:
netd/Android.bp
Bug: 68860345
Bug: 151177513
Bug: 151953481
Test: m all
Change-Id: Ib1377fbb050fe52ee195eec58fea67ef769a487a
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Before:
$ adbz root && adbz wait-for-device && adbz shell ls -l /apex/com.android.tethering/{bin/for-system,lib,liv64}
/apex/com.android.tethering/bin/for-system:
= -rwsr-sr-x 1 clat clat 18412 1969-12-31 16:00 clatd
/apex/com.android.tethering/lib:
= -rw-r--r-- 1 system system 64560 1969-12-31 16:00 libandroid_net_connectivity_com_android_net_module_util_jni.so
= -rw-r--r-- 1 system system 713636 1969-12-31 16:00 libc++.so
= -rw-r--r-- 1 system system 13596 1969-12-31 16:00 libframework-connectivity-jni.so
d -rw-r--r-- 1 system system 212624 1969-12-31 16:00 libnetd_updatable.so
d -rw-r--r-- 1 system system 948044 1969-12-31 16:00 libservice-connectivity.so
After:
$ adbz root && adbz wait-for-device && adbz shell ls -l /apex/com.android.
/apex/com.android.tethering/bin/for-system:
= -rwsr-sr-x 1 clat clat 18412 1969-12-31 16:00 clatd
/apex/com.android.tethering/lib:
= -rw-r--r-- 1 system system 64560 1969-12-31 16:00 libandroid_net_connectivity_com_android_net_module_util_jni.so
+ -rw-r--r-- 1 system system 251404 1969-12-31 16:00 libbase.so
= -rw-r--r-- 1 system system 713636 1969-12-31 16:00 libc++.so
= -rw-r--r-- 1 system system 13596 1969-12-31 16:00 libframework-connectivity-jni.so
d -rw-r--r-- 1 system system 45584 1969-12-31 16:00 libnetd_updatable.so
+ -rw-r--r-- 1 system system 95872 1969-12-31 16:00 libnetdutils.so
d -rw-r--r-- 1 system system 749980 1969-12-31 16:00 libservice-connectivity.so
Delta: -212624-948044+251404+45584+95872+749980 == -17828
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Id88468442c4f3f24d5bca96b75effb69f20038bf
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Before (aosp_cf_x86_phone-userdebug):
$ adbz shell ls -l /apex/com.android.tethering/lib
-rw-r--r-- 1 system system 251404 1969-12-31 16:00 libbase.so
-rw-r--r-- 1 system system 713636 1969-12-31 16:00 libc++.so
-rw-r--r-- 1 system system 64560 1969-12-31 16:00 libcom_android_connectivity_com_android_net_module_util_jni.so
-rw-r--r-- 1 system system 13596 1969-12-31 16:00 libframework-connectivity-jni.so
-rw-r--r-- 1 system system 45776 1969-12-31 16:00 libnetd_updatable.so
-rw-r--r-- 1 system system 948032 1969-12-31 16:00 libservice-connectivity.so
After (aosp_cf_x86_phone-userdebug):
$ adbz shell ls -l /apex/com.android.tethering/lib
-rw-r--r-- 1 system system 713636 1969-12-31 16:00 libc++.so
-rw-r--r-- 1 system system 64560 1969-12-31 16:00 libcom_android_connectivity_com_android_net_module_util_jni.so
-rw-r--r-- 1 system system 13596 1969-12-31 16:00 libframework-connectivity-jni.so
-rw-r--r-- 1 system system 212624 1969-12-31 16:00 libnetd_updatable.so
-rw-r--r-- 1 system system 948032 1969-12-31 16:00 libservice-connectivity.so
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I19c9d73ba3555bbc1987fbdc0be19af1f0511948
|
|
|
1. Add libnetd_updatable.so in com.android.tethering. The library is
loaded by netd. Currently, it mainly targets on a few functions which
access BPF maps. The functionality may extend in the future.
2. Attach gcroup progs from libnetd_updatable.so.
3. Move (privileged)TagSocket and untagSocket implementation to mainline
module. Combine privilegedTagSocket and untagSocket into a single
function.
4. Split related unit tests from netd_unit_test to
libnetd_updatable_unit_test as well.
Bug: 202086915
Test: cd system/netd; atest
Test: atest TrafficStatsTest NetworkUsageStatsTest
Change-Id: Ib556458103a4cbb643c1342d9b689ac692160de0
|
