Currently, Ipv6UpstreamRule is added follows the adding of
Ipv6DownstreamRule when it is the first rule from a downstream
interface to the upstream interface.
This CL changed it to:
1. Upstream interface change updates both IPv6 upstream and downstream
forwarding rules.
2. Neighbor events updates only IPv6 downstream forwarding rules.
Data limit setting on the upstream interface is now depend on the
upstream rules instead of the downstream rules. This CL also updates
corresponding test cases in IpServerTest and BpfCoordinatorTest.
Test: atest TetheringTests
Bug: 261923493
Change-Id: I5b4df64a3d276afb7a24bbef3a0432f53377e8b2
Replaced startUpstreamIpv6Forwarding and stopUpstreamIpv6Forwarding
with add/remove Ipv6UpstreamRule. This is a preparation for following
CLs which will pass the upstream's prefixes to the bpf map. We might
have more than one upstream rules.
Also renamed Ipv6ForwardingRule to Ipv6DownstreamRule since we have
defined the Ipv6UpstreamRule.
No logic changes are being made in this CL.
Test: atest TetheringTests
Bug: 261923493
Change-Id: I022f97c2daf468bbd4a4279a069ccf498013e7e7
RFC7421_PREFIX_LENGTH is being removed from NetworkConstants and import
it from NetworkStackConstants instead.
Bug: 290885904
Test: TH
Change-Id: I35e785be3f1a278c76b0810cad844710254b0f15
This patch is based on aosp/2535559 from maze@.
Add source prefix into the upstream key such that only packets which
source IPv6 address matches it will be forwarded to the upstream
interface.
In this patch, the source prefix is set to zero so there is no
behavior changes. Next CL in patch series will use the real source
prefixes retrieved from upstream interface.
Test: atest TetheringTests
Bug: 261923493
Change-Id: I43d068a29b937c7dfeb6fab632a8effb47ee2263
Currently, production code uses BpfMap type and TestBpfMap extends
BpfMap but this makes it diffcult to test because TestBpfMap loads the
JNI.
This CL updates to use IBpfMap type in the production code.
Upcoming CL updates TestBpfMap to implement IBpfMap instead of extending
BpfMap so that test can still use TestBpfMap but tests do not need to
load JNI.
Bug: 217624062
Test: atest BpfCoordinatorTest BpfNetMapsTest
Change-Id: Ie67e14bf5519fb4427474ecc0fda441877a9555f
EthernetTetheringTest needs to parse BPF map content for bpf stats
tests. Move the struct class files to common libs.
Compare TetherStats{Key, Value}.java between frameworks/libs/net/common
and packages/modules/Connectivity/Tethering.
There is only the package name change as expected.
$ diff packages/modules/Connectivity/Tethering/src/com/android/networkstack/tethering/TetherStatsKey.java frameworks/libs/net/common/device/com/android/net/module/util/bpf/TetherStatsKey.java
17c17
< package com.android.networkstack.tethering;
Bug: 227159997
Test: atest TetheringCoverageTests
Change-Id: I87193cb6409b4d19c72184011d7e99275800dab1
EthernetTetheringTest needs to parse BPF map content for IPv4
forwarding rule tests. Move the struct class files to common
libs.
Compare Tether4{Key, Value}.java between frameworks/libs/net/common
and packages/modules/Connectivity/Tethering.
There is only the package name change as expected.
$ diff packages/modules/Connectivity/Tethering/src/com/android/networkstack/tethering/Tether4Key.java frameworks/libs/net/common/device/com/android/net/module/util/bpf/Tether4Key.java
17c17
< package com.android.networkstack.tethering;
---
> package com.android.net.module.util.bpf;
$ diff packages/modules/Connectivity/Tethering/src/com/android/networkstack/tethering/Tether4Value.java frameworks/libs/net/common/device/com/android/net/module/util/bpf/Tether4Value.java
17c17
< package com.android.networkstack.tethering;
---
> package com.android.net.module.util.bpf;
Test: atest TetheringCoverageTests
Change-Id: I73c180fa4129aefde1e64ecbafe928f388b061d6
This reverts commit 299a81157c.
Reason for revert:
Stop releasing this commit because it needs more test coverage.
Bug: 190783768
Bug: 192804833
Change-Id: I6a0d93e04814ae73e1ec7d6fd4df19e1d2787207
Test: atest TetheringCoverageTests
Needed because a payload data packet may have gone through
non-offload path, before we added offload rules, and that this
may result in in-kernel conntrack state being in ESTABLISHED
but pending ACK (ie. UNACKED) state. But the in-kernel conntrack
might never see the ACK because we just added offload rules.
As such after adding the rules we need to force the timeout back
to the normal ESTABLISHED timeout of 5 days.
Issue: the timeout is set to unacknowledged 300s (countdwon to 298s)
$ adb shell cat /proc/net/nf_conntrack
ipv4 2 tcp 6 298 ESTABLISHED src=192.168.244.128
dst=140.112.8.116 sport=45694 dport=443 ..
Test: atest TetheringCoverageTests
Manual check:
$ adb shell cat /proc/net/nf_conntrack
ipv4 2 tcp 6 431988 ESTABLISHED src=192.168.40.162
dst=140.112.8.116 sport=40774 dport=443 ..
Bug: 190783768
Bug: 192804833
Change-Id: I8c34e85e26c9d976e5e2b85473db75ff46d8abd4
The condition for deleting IPv4 forwarding rules.
1. When the tethering client has gone, deletes the client and its
rules.
2. When the upstream has gone, deletes all rules.
3. When the upstream has changed, deletes all rules.
Test: atest TetheringCoverageTests and check IPv4 offload rules
via dumpsys tethering in the following test cases.
Bug: 190783768
Test cases:
a. Loss upstream interface while tethering
1. Enable WIFI tethering
2. Disable upstream interface
3. Check the rules are removed.
b. Loss downstream interfaces while tethering
1. Enable WIFI tethering
2. Enable BT tethering
3. Disable BT tethering
4. Check the BT tether rules are removed.
5. Disable WIFI tethering
6. Check the WIFI tether rules are removed.
c. Switch upstream interface while tethering
1. Enable WIFI tethering
2. Enable BT tethering
3. Switch upstream interface from cellular to wifi.
4. Check all rules are removed.
d. Enable NAT failure (manual)
Log:
The rule deletion in each case.
- IpServer#stopIPv4: case b and case d.
- BpfCoordinator#updateUpstreamNetworkState: case a and case c.
Test case a
06-23 09:58:59.245 [...] Tethering: [BpfCoordinator]
updateUpstreamNetworkState tetherOffloadRule4Clear wlan2
Test case b
06-07 22:17:51.886 [..] Tethering: [bt-pan] cleanupUpstream bt-pan
06-07 22:17:51.888 [..] Tethering: [bt-pan] stopIPv4 bt-pan
06-07 22:18:23.769 [..] Tethering: [wlan2] cleanupUpstream wlan2
06-07 22:18:23.772 [..] Tethering: [wlan2] stopIPv4 wlan2
Test case c
06-08 11:11:48.277 [..] Tethering: [BpfCoordinator]
updateUpstreamNetworkState tetherOffloadRule4Clear bt-pan
06-08 11:11:48.396 [..] Tethering: [BpfCoordinator]
updateUpstreamNetworkState tetherOffloadRule4Clear wlan2
06-08 11:11:48.579 [..] Tethering: [wlan2] cleanupUpstreamInterface
wlan2
06-08 11:11:48.808 [..] Tethering: [bt-pan] cleanupUpstreamInterface
bt-pan
Enabling NAT failure
06-08 13:04:18.117 [..] Tethering: [wlan2] Exception enabling NAT [..]
06-08 13:04:18.234 [..] Tethering: [wlan2] cleanupUpstream wlan2
06-08 13:04:18.246 [..] Tethering: [wlan2] stopIPv4 wlan2
Change-Id: Id505a3deb277bbe0f44403234d8ca8bbf01eec80
Required because XDP offload needs input interface mac address
to be a part of the key. The mac address is used for checking
packets which are received from exceped input interface.
Test: atest TetheringCoverageTests, TetheringPrivilegedTests
Change-Id: Ied159454b516c0d70efe0a85744d1bb606892f2d
Currently, BpfCoordinator only sets the data limit on a given
upstream whenever the first IPv6 rule is created on that
upstream, and clears it whenever the last rule is deleted on that
upstream. It never does this when adding or removing IPv4 rules.
This makes it impossible to offload traffic on IPv4-only
networks.
Fix this by setting the limit when IPv4 rules are created or
deleted as well.
Test: atest TetheringCoverageTests
Manual tests as the follows
Test {add, clear} limit with IPv6-only network [OK]
Test {add} limit with IPv4-only upstream [OK]
TODO:
Test {clear} limit with IPv4-only network. blocked by aosp/1579873
because the IPv4 rules have never deleted.
Change-Id: I5a29bdd18e564318759f617023163e23fb5a3ed0
Migrate Maze's BPF program attaching and detaching functions from
system/netd/server/OffloadUtils.{c, h} to tethering module.
Test: atest TetheringCoverageTests
Test case #1:
Enable WiFi hotspot and check tc filters are added or removed on both
wlan1 and rmnet_data#.
$ adb shell tc filter show dev wlan1 ingress
filter protocol ipv6 pref 1 bpf chain 0
filter protocol ipv6 pref 1 bpf chain 0 handle 0x1
prog_offload_schedcls_tether_upstream6_ether:[*fsobj] direct-action
not_in_hw id 2 tag 7cf020cc09a7c982
filter protocol ip pref 2 bpf chain 0
filter protocol ip pref 2 bpf chain 0 handle 0x1
prog_offload_schedcls_tether_upstream4_ether:[*fsobj] direct-action
not_in_hw id 7 tag 2f87d55b636c082c
$ adb shell tc filter show dev rmnet_data2 ingress;
filter protocol ipv6 pref 1 bpf chain 0
filter protocol ipv6 pref 1 bpf chain 0 handle 0x1
prog_offload_schedcls_tether_downstream6_rawip:[*fsobj] direct-action
not_in_hw id 3 tag 8b3885b75bd261de
filter protocol ip pref 2 bpf chain 0
filter protocol ip pref 2 bpf chain 0 handle 0x1
prog_offload_schedcls_tether_downstream4_rawip:[*fsobj] direct-action
not_in_hw id 6 tag b1c9478c91f8df9a
Test case #2:
Enable USB tethering and check tc filters are added or removed on both
rndis0 and rmnet_data#.
Test case #3:
Enable WiFi and USB tethering and check tc filter are added or removed
on rndis0, wlan1 and rmnet_data#.
Change-Id: I3f9a65043271bc8f5bf1b82ae505c471625ca9de
Add code to BpfCoordinator to dump upstream IPv4 and IPv6 rules.
For IPv4, currently only the upstream map is printed, because the
downstream map is expected to be symmetrical.
Example output:
=============
21(21) -> 12(rmnet_data2) 86dd 00:00:00:00:00:00 00:00:00:00:00:00
[wlan1]: iif(iface) oif(iface) v6addr srcmac dstmac
12(rmnet_data2) 21(wlan1) /2001:240:2425:b5dc:21a9:995d:bc57:bc37 b2:b5:e0:24:21:c2 ca:06:8d:54:99:ad
[IPv4]: iif(iface) oif(iface) src nat dst
21(21) 12(rmnet_data2) 192.168.16.247:41544 -> 100.101.80.108:41544 -> 216.239.36.135:443
21(21) 12(rmnet_data2) 192.168.16.247:42028 -> 100.101.80.108:42028 -> 8.8.4.4:853
21(21) 12(rmnet_data2) 192.168.16.247:42032 -> 100.101.80.108:42032 -> 8.8.4.4:853
21(21) 12(rmnet_data2) 192.168.16.247:42042 -> 100.101.80.108:42042 -> 8.8.4.4:853
21(21) 12(rmnet_data2) 192.168.16.247:41816 -> 100.101.80.108:41816 -> 8.8.8.8:853
21(21) 12(rmnet_data2) 192.168.16.247:42040 -> 100.101.80.108:42040 -> 8.8.4.4:853
=============
Also make it possible to do "dumpsys tethering bpf" and get only
the BPF dump.
Test: manual
Change-Id: I2aaa2fdda7d724994090c26feff585f24cd3283b
- Add methods to start and stop IPv6 forwarding upstream
- Populate the upstream IPv6 map when the first rule for any
upstream/downstream pair is created.
- Clear the upstream IPv6 map when the last rule for any
upstream/downstream pair is deleted.
Test: Added coverage to IpServerTest and BpfCoordinatorTest
Change-Id: Ib041081e95f5f449489ab63138de034222ffac8f
The two value types are identical so there is no need to have
separate classes for them.
Test: atest TetheringTests
Change-Id: Ia622b082d0a44373d21f51222f5e675e5bde08e0
Access the IPv4 downstream and upstream BPF map with the built rules.
Test: atest TetheringCoverageTests
Change-Id: I8cd6e49b377c72250988019eea57f93cccd78309
