BPF needs upstream prefixes information to filter spoofing IPv6 source
addresses carried in downstream traffic.
We retrieve prefixes from upstream interface's LinkProperties and pass
it to the BpfCoordinator. Forwarding rules will also be updated when
upstream interface's IPv6 link addresses change.
Test: atest TetheringTests
Bug: 261923493
Change-Id: If8cfc3b191e520ca838654d1b5211ab9e9ec021d
funky naming 'stream.down', because downstream.downstream is just too long...
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Id234654fa8960e7430fc33119f36fd94b858d242
(reversing logic, as 'rawip.rawip' is much shorter then 'ethernet.ethernet')
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ib48cc2b889e8b587e14edbe89606f887a884af87
Generated via:
for f in bpf_progs/{block,dscpPolicy,netd,offload,test}.c; do
sed -i -r 's@KVER[(]([45]), ([0-9]+), 0[)]@KVER_\1_\2@g' "${f}"
done
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I8f211e47bf259fc75aa1caaaf82f41c1929ceab2
This patch is based on aosp/2535559 from maze@.
Add source prefix into the upstream key such that only packets which
source IPv6 address matches it will be forwarded to the upstream
interface.
In this patch, the source prefix is set to zero so there is no
behavior changes. Next CL in patch series will use the real source
prefixes retrieved from upstream interface.
Test: atest TetheringTests
Bug: 261923493
Change-Id: I43d068a29b937c7dfeb6fab632a8effb47ee2263
This is to cut down bpfloader boot time.
Potential savings might be on the order of 30+% (300ms).
Loading BTF requires fork-execing the btfloader,
and currently BTF is only used to facilitate debugging.
Bug: 286369326
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ifa5f0052135b9dc826b18ca4622784615ed9c3c8
It is just a constant source of bugs, with no real tests,
let's stop pretending this is a supported configuration.
The only tested configuration is out-of-process tethering
updatable apex.
Test: TreeHugger
Bug: 279942846
Change-Id: I4b659a3cd32b89a65549b56006b926a5ac755f7b
The comment added by:
https://android-review.git.corp.google.com/c/platform/packages/modules/Connectivity/+/2261966
'offload.c - make tether_error_map read only.'
mentions offload.o loading on T when it should talk about S+.
Tethering offload bpf code was mainlined in S.
(T mainlined all the other bpf code)
Bug: 254543135
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I10b89691082e451115e61dedbdc0dac7a58e499c
(these only affect boot time logging)
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I3f315c5eabe73d3378e6ca0059f05221df7bab5e
InProcessTethering runs as system_server (uid/gid AID_SYSTEM)
instead of as the network_stack (uid/gid AID_NETWORK_STACK).
Additionally only the network_stack has access to the default
selinux context of /sys/fs/bpf/tethering, which is fs_bpf_tethering,
so we need to use 'fs_bpf_net_shared' instead.
Bug: 190523685
Bug: 236925089
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ibb6ae255dcd8a8e8049be112055f60c3b2cf7df0
The objdump -x visible changes between old and new versions of the
mainline shipped .o files are really very minimal: just the inclusion
of a new .BTF section and changes/removals of some 'l' entries from
the symbol table. However, it turns out a change to symbol ordering
is incompatible with BpfLoader <v0.10 which doesn't know to skip
non-function symbols, and as such enabling btf requires a little
bit of gymnastics.
After:
$ adbz shell ls -l /apex/com.android.tethering/etc/bpf/*.o
-rw-r--r-- 1 system system 118352 1969-12-31 16:00 /apex/com.android.tethering/etc/bpf/offload.o
-rw-r--r-- 1 system system 123424 1969-12-31 16:00 /apex/com.android.tethering/etc/bpf/offload@btf.o
-rw-r--r-- 1 system system 2232 1969-12-31 16:00 /apex/com.android.tethering/etc/bpf/test.o
-rw-r--r-- 1 system system 6376 1969-12-31 16:00 /apex/com.android.tethering/etc/bpf/test@btf.o
$ adbz shell logcat -d | egrep offload.*[.]o
07-15 13:10:43.358 0 0 D LibBpfLoader: Loading critical for tethering ELF object /apex/com.android.tethering/etc/bpf/offload.o with license Apache 2.0
07-15 13:10:43.359 0 0 I LibBpfLoader: BpfLoader version 0x00019 ignoring ELF object /apex/com.android.tethering/etc/bpf/offload.o with max ver 0x00019
07-15 13:10:43.359 0 0 I bpfloader: Loaded object: /apex/com.android.tethering/etc/bpf/offload.o
07-15 13:10:43.374 0 0 D LibBpfLoader: Loading critical for tethering ELF object /apex/com.android.tethering/etc/bpf/offload@btf.o with license Apache 2.0
07-15 13:10:43.375 0 0 I LibBpfLoader: BpfLoader version 0x00019 processing ELF object /apex/com.android.tethering/etc/bpf/offload@btf.o with ver [0x00019,0x10000)
07-15 13:10:43.452 0 0 D LibBpfLoader: map_fd found at 0 is 6 in /apex/com.android.tethering/etc/bpf/offload@btf.o
...
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Id658818d1d42763358747523615b7918d312588e
(per request from Lorenzo)
We do bump block/clatd/dscp_policy requirements from 0.12 to 0.13,
but this effectively doesn't matter:
- Beta2 is too old either way (pre-0.12)
- Beta3 is new enough (0.13)
- versions in between are simply obsolete / unused / not important
- bpfloader 0.12 won't boot right anyway due to lack of netd maps/programs
(which cause a netd startup failure)
This allows us to have one less #define in the header files,
with a hard to write explanation about what exactly v0.12 is (or was).
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I1ecf15f9d7abbb82ec6bd49848255fab6a41aed4
Mostly this is cut-and-paste of bottom half of do_forward4
function into a seperate function to force the compiler to
emit two differently optimized versions of the code based on
whether is_tcp is true or false.
Bug: 230359047
Test: TreeHugger, manually on flame
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I9e3e195ba601daaac2e0c9a70fad170a8fb4d921
In practice this function makes things readable and writable,
so use a less confusing name.
Test: TreeHugger, 'git grep try_make_readable' comes up empty
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I32faad148cc5714cf0ec7246620376ed4dd3d6d2
The folder is currently used by tether offload only. Because we will
move netd.c and clatd.c to it, the folder should be moved to the upper
tier.
Also, rename bpf_tethering_headers to bpf_connectivity_headers so that
other connectivity code besides to tethering are justified to use it.
Bug: 202086915
Test: atest FrameworksNetTests
Change-Id: I95943c6e909f1fdca12604ef0c55d67c39ca686b
