and more importantly unconditionally. This requires less effort
on the part of the in-kernel bpf verifier.
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ibaa94bf096fc81c4d984dfabf515131b1c81ef09
We've backported the necessary support to all 4.14+ ACK kernels,
but we can't actually enforce that these changes will be picked
up by all devices. Thus we can only make the full featured
implementations optional on [4.14..5.8) kernels, with a tcp-only
version for those 4.14+ devices where the full featured version
fails to load.
Note: there's still a fair bit of implementation work left
in the do_forward4() function itself. This is really just
the skeleton.
Test: atest, TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: If78123e00d55a77f2ecd7da1547581797e23f9b2
This will facilitate providing a tcp-only version of the programs
which due to TCP's very long timeouts will not need to use the
Linux 5.8+ bpf_ktime_get_boot_ns() helpers.
Test: atest, TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I1e49b6758d3754782ac6f8820e0c15aa20e4c61d
As this is the actual version that is required,
ie. the version that supports bpf_ktime_get_boot_ns() helper.
Test: atest, TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I2ea4830597a0bed53950a5d0c483a47208959f35
The tethering module uses JNI in various classes, but only calls
System.loadLibrary in TetheringService#makeTethering. This means
that:
1. Any test that uses a class that uses JNI must load the
library itself.
2. Any code that runs before TetheringService#makeTethering could
potentially crash if it uses JNI. We may never have such code
though.
Instead, make every class that has a native method load the JNI
library itself at static initialization time. This guarantees
that the class will have the JNI code available in any context
(production, test, etc.)
System.loadLibrary is documented not to do anything if called
more than once with the same library name:
https://docs.oracle.com/javase/7/docs/api/java/lang/Runtime.html#loadLibrary(java.lang.String)
and the implementation has a lock so it is safe to call from
multiple threads concurrently.
Test: builds, boots, tethering starts
Test: atest TetheringCoverageTests
Change-Id: I9c0147ae9a28877f416aaff387b426d304ae552d
This CL adds the counters collected by the tethering programs to
the output of "dumpsys tethering bpf". The counter names are
fetched by JNI code at startup and then read by the debugging
code on demand.
Example from my device:
Forwarding errors:
TCP_CONTROL_PACKET: 67
NON_GLOBAL_SRC: 13
NON_GLOBAL_DST: 17
LOCAL_SRC_DST: 7
Test: manual (debug-only code)
Change-Id: I7ec7992612556a4bca5f1b6bb52c655d6d870201
Currently, the dump methods open BpfMap objects and never close
them. This leaks filedescriptors, and if dump is called often
enough, will crash the networkstack process.
Fix this by using try-with-resources statements that
automatically close the map when exiting the try block.
Change the signature of BpfMap#close from "throws Exception" to
"throws ErrnoException" since it does not throw any other type
of checked exceptions.
Test: "lsof | grep network_st" while running "dumpsys tethering bpf" in a loop
Change-Id: I66c407454c2715bf41bf3a2e81bd582f9ea5a905
Currently, debugging the tethering programs is not easy because
in case of any failure they simply return TC_ACT_OK. This CL adds
a number of counters that the program can increment in the case
of interesting events such as malformed packets.
At the moment the counters are stored in a global tethering error
map, which is an ARRAY map of 32-bit counters. This should not
take up much space because there are only a dozen of these.
We might not need all of these counters. In future CLs we can
reduce the number of counters, or perhaps move them to a map of
maps so as to have separate counters on a per-interface basis.
Test: manual
Change-Id: I3fcd7eb8d318700092949ff2f39987bf4ba3656c
This provides a place to store common definitions that can be
used by both the programs and by JNI code in the tethering
module.
Over time much of the tethering-specific code in bpf_shared.h
could move here.
Test: m
Bug: 177884581
Change-Id: I4bf2c762d61cd5db003d59880e6bf7d107ff1a07
Add NetdStaticLibTestsLib into Tethering MTS , so that the tests
under client-libs can also be run when running tethering MTS.
Bug: 170598012
Test: atest TetheringCoverageTests
Change-Id: Idd47becaa4254ab80b74ad5f3ddcdd4b017a5e69
Add code to BpfCoordinator to dump upstream IPv4 and IPv6 rules.
For IPv4, currently only the upstream map is printed, because the
downstream map is expected to be symmetrical.
Example output:
=============
21(21) -> 12(rmnet_data2) 86dd 00:00:00:00:00:00 00:00:00:00:00:00
[wlan1]: iif(iface) oif(iface) v6addr srcmac dstmac
12(rmnet_data2) 21(wlan1) /2001:240:2425:b5dc:21a9:995d:bc57:bc37 b2:b5:e0:24:21:c2 ca:06:8d:54:99:ad
[IPv4]: iif(iface) oif(iface) src nat dst
21(21) 12(rmnet_data2) 192.168.16.247:41544 -> 100.101.80.108:41544 -> 216.239.36.135:443
21(21) 12(rmnet_data2) 192.168.16.247:42028 -> 100.101.80.108:42028 -> 8.8.4.4:853
21(21) 12(rmnet_data2) 192.168.16.247:42032 -> 100.101.80.108:42032 -> 8.8.4.4:853
21(21) 12(rmnet_data2) 192.168.16.247:42042 -> 100.101.80.108:42042 -> 8.8.4.4:853
21(21) 12(rmnet_data2) 192.168.16.247:41816 -> 100.101.80.108:41816 -> 8.8.8.8:853
21(21) 12(rmnet_data2) 192.168.16.247:42040 -> 100.101.80.108:42040 -> 8.8.4.4:853
=============
Also make it possible to do "dumpsys tethering bpf" and get only
the BPF dump.
Test: manual
Change-Id: I2aaa2fdda7d724994090c26feff585f24cd3283b
- Add methods to start and stop IPv6 forwarding upstream
- Populate the upstream IPv6 map when the first rule for any
upstream/downstream pair is created.
- Clear the upstream IPv6 map when the last rule for any
upstream/downstream pair is deleted.
Test: Added coverage to IpServerTest and BpfCoordinatorTest
Change-Id: Ib041081e95f5f449489ab63138de034222ffac8f
The two value types are identical so there is no need to have
separate classes for them.
Test: atest TetheringTests
Change-Id: Ia622b082d0a44373d21f51222f5e675e5bde08e0
These are read-only intents and should not be mutated by any
app receiving them.
Bug: 178324405
Bug: 178249531
Test: atest TetheringTests TetheringCoverageTests GtsTetheringTestCases
Change-Id: I5395e7c19e6453640ad790f2b9a9ba22bbcefa88
The keys are identical, and the values nearly so, this will make everyone's life easier.
Test: git grep 'Tether(Down|Up)stream4(Key|Value)' finds nothing
(note this requires follow up commits)
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ifbff2c617ac5834ea80f827eaf89ca81e862baec
Access the IPv4 downstream and upstream BPF map with the built rules.
Test: atest TetheringCoverageTests
Change-Id: I8cd6e49b377c72250988019eea57f93cccd78309
* changes:
[NFCT.TETHER.8] Prepare the upstream information for IPv4 offload rule
[NFCT.TETHER.7] Prepare the downstream information for IPv4 offload rule
We want connection establishment/shutdown to flow through
the kernel code path so connection tracking state is at least
somewhat correct.
Test: atest, TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Iee97baa65750188f3436937b16c9b320f0495a5a
Build the upstream and upstream rules when the conntrack event is
received.
Test: atest TetheringCoverageTests
Change-Id: Ibb52c7b75812bd586091d809e260bc9206c06262
Add upstream interface index and its IPv4 address mapping
Required for building IPv4 forwarding rule when a conntrack event is
received.
Test: atest TetheringCoverageTests
Change-Id: I73f304777704f09481b80d18751e0bab5bab2edc
Add and remove downstream client information to BpfCoordinator
Required for building IPv4 forwarding rule when a conntrack event is
received. The IpServer provides the following elements of a rule which
is not included in conntrack event:
- Downstream interface index
- Downstream Mac address
- Client IP address to Client Mac address
Test: atest TetheringCoverageTests
Change-Id: I84db13acc047ace5730d17f0d3dd99544f516084
