It is just a constant source of bugs, with no real tests,
let's stop pretending this is a supported configuration.
The only tested configuration is out-of-process tethering
updatable apex.
Test: TreeHugger
Bug: 279942846
Change-Id: I4b659a3cd32b89a65549b56006b926a5ac755f7b
The utility currently contains a firewall class that is used by DNS
resolver tests to block DNS packets.
Bug: 227159929
Test: atest resolv_integration_test
Change-Id: I5c5bc0b263a677f57cd63f002057ff0812f15e64
Move sources of connectivity_native_test to a dedicated folder so that
other native tests or utilities can be added to p/m/c/tests/native/ as
well.
Bug: 227159929
Test: atest connectivity_native_test
Change-Id: I97217fbb03b26ed79f1f34932b92c4227a1ece4d
Underscore character may cause bpf prog/map naming collision. For
example, x.o with map y_z and x_y.o with map z both result in x_y_z
prog/map name, which should be prevented during compile-time.
aosp/2147825 will prohibit underscore character in bpf source name
(source name derives the obj name). Existing bpf modules with underscore
characters in source name need to be updated accordingly.
Bug: 236706995
Test: atest bpf_existence_test
Test: adb root; adb shell ls -l sys/fs/bpf/net_shared | grep dscpPolicy
Change-Id: Ibe98944d09d42bd11b78b5e9ae35ded48c70416d
InProcessTethering runs as system_server (uid/gid AID_SYSTEM)
instead of as the network_stack (uid/gid AID_NETWORK_STACK).
Additionally only the network_stack has access to the default
selinux context of /sys/fs/bpf/tethering, which is fs_bpf_tethering,
so we need to use 'fs_bpf_net_shared' instead.
Bug: 190523685
Bug: 236925089
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ibb6ae255dcd8a8e8049be112055f60c3b2cf7df0
The objdump -x visible changes between old and new versions of the
mainline shipped .o files are really very minimal: just the inclusion
of a new .BTF section and changes/removals of some 'l' entries from
the symbol table. However, it turns out a change to symbol ordering
is incompatible with BpfLoader <v0.10 which doesn't know to skip
non-function symbols, and as such enabling btf requires a little
bit of gymnastics.
After:
$ adbz shell ls -l /apex/com.android.tethering/etc/bpf/*.o
-rw-r--r-- 1 system system 118352 1969-12-31 16:00 /apex/com.android.tethering/etc/bpf/offload.o
-rw-r--r-- 1 system system 123424 1969-12-31 16:00 /apex/com.android.tethering/etc/bpf/offload@btf.o
-rw-r--r-- 1 system system 2232 1969-12-31 16:00 /apex/com.android.tethering/etc/bpf/test.o
-rw-r--r-- 1 system system 6376 1969-12-31 16:00 /apex/com.android.tethering/etc/bpf/test@btf.o
$ adbz shell logcat -d | egrep offload.*[.]o
07-15 13:10:43.358 0 0 D LibBpfLoader: Loading critical for tethering ELF object /apex/com.android.tethering/etc/bpf/offload.o with license Apache 2.0
07-15 13:10:43.359 0 0 I LibBpfLoader: BpfLoader version 0x00019 ignoring ELF object /apex/com.android.tethering/etc/bpf/offload.o with max ver 0x00019
07-15 13:10:43.359 0 0 I bpfloader: Loaded object: /apex/com.android.tethering/etc/bpf/offload.o
07-15 13:10:43.374 0 0 D LibBpfLoader: Loading critical for tethering ELF object /apex/com.android.tethering/etc/bpf/offload@btf.o with license Apache 2.0
07-15 13:10:43.375 0 0 I LibBpfLoader: BpfLoader version 0x00019 processing ELF object /apex/com.android.tethering/etc/bpf/offload@btf.o with ver [0x00019,0x10000)
07-15 13:10:43.452 0 0 D LibBpfLoader: map_fd found at 0 is 6 in /apex/com.android.tethering/etc/bpf/offload@btf.o
...
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Id658818d1d42763358747523615b7918d312588e
(out of current /sys/fs/bpf/net_shared/...)
This will allow genfscon regexp changes in a followup selinux commit.
Note that this has a hard dependency on system/bpf change
'bpfloader: add support for netd_shared and net_private subdirs'
which also bumps bpfloader to v0.13.
This was merged May 12, 2022 (into both aosp/master and tm-dev)
and it is in Android T starting with Beta 3 release.
This isn't really an issue since amusingly T Beta 2 is already
incompatible with current mainline releases due to the snap
reverting a previous required bpfloader system/bpf change:
move net_shared bpf programs into net_shared subdirectory
See: http://b/232050459#comment14
So this doesn't break T Beta1/2, since they already don't work,
and Beta3 will work.
Bug: 218408035
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Id5f14d6e3f11cfe35d9d8a9496548a2bc4d022ec
(we avoid offload - for now - due to that being shipped to <T devices)
Before:
$ adbz shell ls -l /apex/com.android.tethering/etc/bpf/net_shared/*.o
-rw-r--r-- 1 system system 2848 1969-12-31 16:00 /apex/com.android.tethering/etc/bpf/net_shared/block.o
-rw-r--r-- 1 system system 10240 1969-12-31 16:00 /apex/com.android.tethering/etc/bpf/net_shared/clatd.o
-rw-r--r-- 1 system system 16144 1969-12-31 16:00 /apex/com.android.tethering/etc/bpf/net_shared/dscp_policy.o
-rw-r--r-- 1 system system 18840 1969-12-31 16:00 /apex/com.android.tethering/etc/bpf/net_shared/netd.o
After:
$ adbz shell ls -l /apex/com.android.tethering/etc/bpf/net_shared/*.o
-rw-r--r-- 1 system system 6192 1969-12-31 16:00 /apex/com.android.tethering/etc/bpf/net_shared/block.o
-rw-r--r-- 1 system system 19008 1969-12-31 16:00 /apex/com.android.tethering/etc/bpf/net_shared/clatd.o
-rw-r--r-- 1 system system 23960 1969-12-31 16:00 /apex/com.android.tethering/etc/bpf/net_shared/dscp_policy.o
-rw-r--r-- 1 system system 27112 1969-12-31 16:00 /apex/com.android.tethering/etc/bpf/net_shared/netd.o
So there is a minor increase in .o size, but this allows:
$ adbz shell cat /sys/fs/bpf/net_shared/map_netd_iface_index_name_map
# WARNING!! The output is for debug purpose only
# WARNING!! The output format will change
8: {['e','r','s','p','a','n','0',],}
1: {['l','o',],}
4: {['i','f','b','1',],}
2: {['d','u','m','m','y','0',],}
16: {['e','t','h','1',],}
5: {['t','u','n','l','0',],}
14: {['h','w','s','i','m','0',],}
17: {['w','l','a','n','0',],}
12: {['i','p','6','t','n','l','0',],}
18: {['w','l','a','n','1',],}
13: {['i','p','6','g','r','e','0',],}
3: {['i','f','b','0',],}
15: {['b','u','r','i','e','d','_','e','t','h','0',],}
9: {['i','p','_','v','t','i','0',],}
11: {['s','i','t','0',],}
10: {['i','p','6','_','v','t','i','0',],}
6: {['g','r','e','0',],}
7: {['g','r','e','t','a','p','0',],}
This is safe as the net_shared bpf programs are not loaded on pre-T devices,
and the T bpfloader is btf enabled.
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I2d480391b6d1a6e2ba99b0445281684d4a51d74b
this hack is no longer needed now that duplicate target in system/netd
is no longer an issue due to automerger to sc-mainline-prod being
turned off
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Id2c1dfac3bc4e6a8f5376a41ca2d1432b838da38
New Connectivity Service exposed to vendor for
restricting certain ports for use only in vendor.
Bug: 179733303
Change-Id: Iad9aff6924498ede5a08cfa5482082f094c0a90b
1. Add libnetd_updatable.so in com.android.tethering. The library is
loaded by netd. Currently, it mainly targets on a few functions which
access BPF maps. The functionality may extend in the future.
2. Attach gcroup progs from libnetd_updatable.so.
3. Move (privileged)TagSocket and untagSocket implementation to mainline
module. Combine privilegedTagSocket and untagSocket into a single
function.
4. Split related unit tests from netd_unit_test to
libnetd_updatable_unit_test as well.
Bug: 202086915
Test: cd system/netd; atest
Test: atest TrafficStatsTest NetworkUsageStatsTest
Change-Id: Ib556458103a4cbb643c1342d9b689ac692160de0
New events to handle adding and removing of DSCP QoS policies.
Async indication sends status back to client if the policy
has been added, failed, or if the policy limit has been
reached.
Bug: 202871011
Change-Id: I7988d22ae625ad0dd415927d2943de4a749e6fb8
Two reason for renaming:
1. Avoid module name collision in sc-mainline-prod branch.
2. The libnetdbpf was misnamed before.
Bug: 202086915
Test: atest libnetworkstats_test FrameworksNetTests
ConnectivityCoverageTests FrameworksNetSmokeTests
CtsAppOpsTestCases
Change-Id: I87fcf4b1a9d58780a45743a9aa91b9b936e54266
Needed because ClatdController and clatd binary are moved
into apex. libclat is used for accessing BPF map.
Bug: 212345928
Test: build
Change-Id: I1be5d4c9cc2c9865ac99f2595443e54e7334c843
Tethering module.
Delete tagSocket(), privilegedTagSocket() and untagSocket() since
they are moved out of TrafficController in aosp/1849156.
Bug: 202086915
Test: m; flash; boot;
Change-Id: Ifeaeb060fbf1add9f06748e7846b9e11e0345bda
This is a clean move. The content of netd.c is not changed. The object
name is still netd.o. But the module name is renamed to netd.o_mainline
to avoid name collision in sc-mainline-prod branch.
Modified Android.bp according to the file location. The sub_dir is
newly specified. The object file will be compiled to:
- apex/com.android.tethering/etc/bpf/net_shared/netd.o
The extracted programs and maps will be in:
- sys/fs/bpf/net_shared/
The netd.o will not be loaded in pre-T because the bpfloader before T
does not load objects from paths other than:
- apex/com.android.tethering/etc/bpf/
- /system/etc/bpf/
Bug: 202086915
Test: cd system/netd; atest
Test: atest TrafficStatsTest NetworkUsageStatsTest
Change-Id: I5281c851341f9258a37d8aad6da4196c06342940
The header file is referenced by the part going to be mainlined in Netd.
Note that some platform visibility is required with this commit, since
users of bpf_shared.h is currently located in platform. The visibility
can be removed when all users are moved out of platform.
Bug: 202086915
Test: m; flash; boot
Test: cd system/netd && atest
Test: cd packages/modules/Connectivity && atest
Test: atest FrameworksNetTests
Change-Id: I5c16511b6a2d4eb80dfd93157cbc98d5030bd5ac
The folder is currently used by tether offload only. Because we will
move netd.c and clatd.c to it, the folder should be moved to the upper
tier.
Also, rename bpf_tethering_headers to bpf_connectivity_headers so that
other connectivity code besides to tethering are justified to use it.
Bug: 202086915
Test: atest FrameworksNetTests
Change-Id: I95943c6e909f1fdca12604ef0c55d67c39ca686b
