LineageOS/android_packages_modules_Connectivity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Open and close clat bpf map while clat is starting and stoping

Browse Source 
BpfMap class supports AutoCloseable interface which closes
file descriptor only in try-exit. BpfMap class doesn't close
fds while the object is released.

Change the timing of opening and closing bpf map file descriptors
to clat is starting and stoping.

Moreover, the reason that manual close BPF map file descriptors is
as follows. Just don't rely on that GC releasing to close the file
descriptors even if class BpfMap supports close file descriptor in
finalize(). If the interfaces are added and removed quickly, too
many unclosed file descriptors may cause unexpected problems.

Bug: 230880517
Test: manual test
Steps:
1. Connect to IPv6 only wifi (GoogleGuest) and mobile data
2. Check that map fds are appeared:
   /proc/$(system_server_pid)/fd/$(bpf_map_fd)

$ adb shell ps | grep system_server
system        1929   825 20311224 730060 do_epoll_wait      0 S system_server

$ adb shell ls -all proc/1929/fd | grep bpf-map
.. system system 64 2022-05-05 13:36:42 .. 331 -> anon_inode:bpf-map
.. system system 64 2022-05-05 13:36:42 .. 348 -> anon_inode:bpf-map

3. Check the clat maps are added.
$ adb shell dumpsys connectivity
NetworkAgentInfo{network{105}  handle{454377263117}  ni{WIFI ..
Nat464Xlat:
..
  Forwarding rules:
    BPF ingress map: iif nat64Prefix v6Addr -> v4Addr oif
      47 /64:ff9b::/96 /2a00:79e1:abc:6f02:f182:6c29:ab56:9961 -> /192.0.0.4 62
    BPF egress map: iif v4Addr -> v6Addr nat64Prefix oif
      62 /192.0.0.4 -> /2a00:79e1:abc:6f02:f182:6c29:ab56:9961 /64:ff9b::/96 47 ether
NetworkAgentInfo{network{106}  handle{458672230413}  ni{MOBILE[LTE] ..
    Nat464Xlat:
      <not start>

4. Disconnect from wifi

5. Check that map fds are disappeared:
   /proc/$(system_server_pid)/fd/$(bpf_map_fd)

$ adb shell ls -all proc/1929/fd | grep bpf-map
(fd 331 and 348 were not found)

Change-Id: I60c0301bf00beae5cf5ab3535c6a3da68a2a4a9b
This commit is contained in:
Hungming Chen
2022-05-05 13:49:24 +08:00
parent 34a257ad5f
commit c03323c8ef
2 changed files with 49 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
tests/unit/java/com/android/server/connectivity/ClatCoordinatorTest.java
View File

@@ -46,7 +46,7 @@ import android.os.ParcelFileDescriptor;
import androidx.test.filters.SmallTest;
import com.android.net.module.util.IBpfMap;
import com.android.net.module.util.BpfMap;
import com.android.net.module.util.bpf.ClatEgress4Key;
import com.android.net.module.util.bpf.ClatEgress4Value;
import com.android.net.module.util.bpf.ClatIngress6Key;
@@ -123,8 +123,8 @@ public class ClatCoordinatorTest {
@Mock private INetd mNetd;
@Spy private TestDependencies mDeps = new TestDependencies();
@Mock private IBpfMap<ClatIngress6Key, ClatIngress6Value> mIngressMap;
@Mock private IBpfMap<ClatEgress4Key, ClatEgress4Value> mEgressMap;
@Mock private BpfMap<ClatIngress6Key, ClatIngress6Value> mIngressMap;
@Mock private BpfMap<ClatEgress4Key, ClatEgress4Value> mEgressMap;
/**
* The dependency injection class is used to mock the JNI functions and system functions
@@ -326,13 +326,13 @@ public class ClatCoordinatorTest {
/** Get ingress6 BPF map. */
@Override
public IBpfMap<ClatIngress6Key, ClatIngress6Value> getBpfIngress6Map() {
public BpfMap<ClatIngress6Key, ClatIngress6Value> getBpfIngress6Map() {
return mIngressMap;
}
/** Get egress4 BPF map. */
@Override
public IBpfMap<ClatEgress4Key, ClatEgress4Value> getBpfEgress4Map() {
public BpfMap<ClatEgress4Key, ClatEgress4Value> getBpfEgress4Map() {
return mEgressMap;
}
@@ -447,6 +447,8 @@ public class ClatCoordinatorTest {
argThat(fd -> Objects.equals(RAW_SOCK_PFD.getFileDescriptor(), fd)),
eq(BASE_IFACE), eq(NAT64_PREFIX_STRING),
eq(XLAT_LOCAL_IPV4ADDR_STRING), eq(XLAT_LOCAL_IPV6ADDR_STRING));
inOrder.verify(mDeps).getBpfEgress4Map();
inOrder.verify(mDeps).getBpfIngress6Map();
inOrder.verify(mEgressMap).insertEntry(eq(EGRESS_KEY), eq(EGRESS_VALUE));
inOrder.verify(mIngressMap).insertEntry(eq(INGRESS_KEY), eq(INGRESS_VALUE));
inOrder.verify(mDeps).tcQdiscAddDevClsact(eq(STACKED_IFINDEX));
@@ -469,6 +471,8 @@ public class ClatCoordinatorTest {
eq((short) PRIO_CLAT), eq((short) ETH_P_IP));
inOrder.verify(mEgressMap).deleteEntry(eq(EGRESS_KEY));
inOrder.verify(mIngressMap).deleteEntry(eq(INGRESS_KEY));
inOrder.verify(mEgressMap).close();
inOrder.verify(mIngressMap).close();
inOrder.verify(mDeps).stopClatd(eq(BASE_IFACE), eq(NAT64_PREFIX_STRING),
eq(XLAT_LOCAL_IPV4ADDR_STRING), eq(XLAT_LOCAL_IPV6ADDR_STRING), eq(CLATD_PID));
inOrder.verify(mDeps).untagSocket(eq(RAW_SOCK_COOKIE));