LineageOS/android_packages_modules_Connectivity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

netd bpf - no-op code hygiene fix for DROP_UNLESS_DNS

Browse Source 
We only ever return DROP_UNLESS_DNS on ingress,
so the ordering doesn't actually matter.

Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I742b85748433f5319d518bebc05d976d630b72e7
This commit is contained in:
Maciej Żenczykowski
2023-03-02 00:07:00 +00:00
parent 2a89cc44ff
commit 8e4a794519
1 changed files with 3 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
bpf_progs/netd.c
View File

@@ -415,11 +415,6 @@ static __always_inline inline int bpf_traffic_account(struct __sk_buff* skb, boo
} }
int match = bpf_owner_match(skb, sock_uid, egress, kver); int match = bpf_owner_match(skb, sock_uid, egress, kver);
if (egress && (match == DROP)) {
// If an outbound packet is going to be dropped, we do not count that
// traffic.
return match;
}
// Workaround for secureVPN with VpnIsolation enabled, refer to b/159994981 for details. // Workaround for secureVPN with VpnIsolation enabled, refer to b/159994981 for details.
// Keep TAG_SYSTEM_DNS in sync with DnsResolver/include/netd_resolv/resolv.h // Keep TAG_SYSTEM_DNS in sync with DnsResolver/include/netd_resolv/resolv.h
@@ -432,6 +427,9 @@ static __always_inline inline int bpf_traffic_account(struct __sk_buff* skb, boo
if (match == DROP_UNLESS_DNS) match = DROP; if (match == DROP_UNLESS_DNS) match = DROP;
} }
// If an outbound packet is going to be dropped, we do not count that traffic.
if (egress && (match == DROP)) return DROP;
StatsKey key = {.uid = uid, .tag = tag, .counterSet = 0, .ifaceIndex = skb->ifindex}; StatsKey key = {.uid = uid, .tag = tag, .counterSet = 0, .ifaceIndex = skb->ifindex};
uint8_t* counterSet = bpf_uid_counterset_map_lookup_elem(&uid); uint8_t* counterSet = bpf_uid_counterset_map_lookup_elem(&uid);