summaryrefslogtreecommitdiff
path: root/server/BandwidthController.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'server/BandwidthController.cpp')
-rw-r--r--server/BandwidthController.cpp5
1 files changed, 5 insertions, 0 deletions
diff --git a/server/BandwidthController.cpp b/server/BandwidthController.cpp
index 5918dbcb..786894b3 100644
--- a/server/BandwidthController.cpp
+++ b/server/BandwidthController.cpp
@@ -66,6 +66,9 @@ const char BandwidthController::LOCAL_RAW_PREROUTING[] = "bw_raw_PREROUTING";
const char BandwidthController::LOCAL_MANGLE_POSTROUTING[] = "bw_mangle_POSTROUTING";
const char BandwidthController::LOCAL_GLOBAL_ALERT[] = "bw_global_alert";
+// Sync from packages/modules/Connectivity/bpf_progs/clatd.c
+#define CLAT_MARK 0xdeadc1a7
+
auto BandwidthController::iptablesRestoreFunction = execIptablesRestoreWithOutput;
using android::base::Join;
@@ -224,6 +227,8 @@ std::vector<std::string> getBasicAccountingCommands() {
"COMMIT",
"*raw",
+ // Drop duplicate ingress clat packets
+ StringPrintf("-A bw_raw_PREROUTING -m mark --mark 0x%x -j DROP", CLAT_MARK),
// Prevents IPSec double counting (Tunnel mode and Transport mode,
// respectively)
("-A bw_raw_PREROUTING -i " IPSEC_IFACE_PREFIX "+ -j RETURN"),
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-21 21:36:29 +0000