This switches incoming packets from L3 to L2,
ie. they now include the ethernet header for non-rawip cases
(like wifi)
Note: depends on userspace clatd change to offset packet
processing index by tpacket_auxdata->tp_net L3 header offset,
an increase in the read buffer size, and on change to use
IPv6 header relative cBPF for ingress packet filtering!
Test: TreeHugger, atest libclat_test, ping 1.1.1.1 on v6-only wifi
Bug: 265591307
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ie5893d18b0dd796751f95150680a0d4cd5f64c3c
Needed to support AF_PACKET/SOCK_RAW sockets
Test: TreeHugger, ping on ipv6-only wifi works
Bug: 265591307
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: If324ee1e97a90b1a0a2ee0fabe1d91ef0603fdac
Setting SO_MARK to MARK_UNSET, ie. 0, is harmless,
since the default for a brand new socket is already 0.
See ClatCoordinator.java getFwMark() for the mark we actually pass in,
which is guaranteed to have at least 4 bits (16,17,18,19) set.
See also:
https://android-review.git.corp.google.com/c/platform/packages/modules/Connectivity/+/2392272
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I3b4eebc0a5ad20390a13efcc58cecf94868686ba
kernel's net/packet/af_packet.c packet_rcv() does (paraphrased):
unsigned int snaplen = skb->len;
unsigned int res = run_filter(skb, sk, snaplen);
if (!res) goto drop_n_restore;
if (snaplen > res) snaplen = res;
which makes it clear that cbpf filter returning 0 means drop,
while any other unsigned int (ie. u32) value means capture that
many bytes - but no more than packet length.
Might as well just use the maximum u32 as the snaplen,
since it will be truncated to skb->len as needed.
Of course additionally IPv6 packets can have a payload size of 65535
(which does not include the IPv6 header itself, and assumes we
don't bother with IPv6 jumbograms, which we can't translate to IPv4
anyways), so the L3 mtu should actually be 65535 + 40.
Except that is also too large to translate to ipv4,
so instead the max L3 mtu should be 65535 - 20 + 40 + 8
(which is the max IPv4 packet size - sizeof ipv4 header + sizeof
ipv6 header + sizeof ipv6 fragmentation extension header).
Since the cBPF currently deals with L3 packets it should return
an L3 length (ie. not including L2 headers), but this will change
when we switch to using L2 af_packet sockets (this change will
mean we will not need to change this code at that point in time).
Furthermore, this should have always returned MAXMTU, and not
PACKETLEN, as it does not care about the tun_pi extra header
(which is added later).
ie. this *should* have always been:
#define MAXMTU (0xFFFF + 28)
BPF_STMT(BPF_RET | BPF_K, MAXMTU)
but:
BPF_STMT(BPF_RET | BPF_K, 0xFFFFFFFFu)
is even simpler.
Bug: 259872525
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I2cc4960f0092720b5ee196e8716f07826bd7f362
This allows clat to initialize properly when VPNs are configured
with "Block connections without VPN", rather than to error out with
"no IPv6 addresses were available for clat".
This issue primarily affects particular mobile networks configured
with NAT64 (without direct IPv4 connectivity).
Bug: 255040839
Change-Id: I4a8ee0295e0f5d1e330f7529856347b8bd10360c
In order to get counted by mts code coverage, this native test needs to
be run as part of mts.
Bug: 233904825
Test: m mts && mts-tradefed run mts-tethering-coverage
Change-Id: I4ec7108577a8a50d4419bbf387535f92f2f6d099
Don't need anymore since ClatCoordinator uses common lib to access
clat bpf prog/map.
Test: atest libclat_test
Change-Id: I2c3242f8b14b0058420ccfd85bb5728062c852bc
bpf_connectivity_headers already pulls in bpf_headers,
which already pulls in bpf_syscall_wrappers.
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ib22da8d433bd3187349f06f41ec064360c38982f
Move native functions from ClatdController and TcUtils to libclat
for jni ClatdCoordinator.
Bug: 212345928
Test: atest libclat_test
Change-Id: Ia4b344b07537d57c3e4ff1285b0e7b17e0c63c3e
configure_packet_socket() is moved from ClatdController. Only change
the failure return value from errno to -errno. The remaining parts
are the same.
The test is modified from ClatdControllerTest::ConfigureIpv6Address.
Simply set socket filter to an interface and check that the packet
socket is bound to the interface. We can't check the socket filter
because there is no way to fetch it from the kernel.
Bug: 212345928
Test: build and boot
atest libclat_test
Change-Id: Ia33c21051b040829c7d2aa55ed5b7de8766c98c5
detect_mtu() is moved from ClatdController without behavior
change. The unique_fd for socket fd is replaced by primitive int
because libbase is not supported in mainline.
Bug: 212345928
Test: build and boot
atest libclat_test
Change-Id: Ib9c1a9d4b9e1c141d88164e8489c5044fdf70685
isIpv4AddressFree() is moved from ClatdController without behavior
change.
selectIpv4Address() and its test are moved from ClatdController as well.
They have been refactored slightly for testing because function pointer
of isIpv4AddressFreeFunc is not a global variable anymore. We can't set
global function pointer to change selectIpv4Address() behavior for
testing. Instead isIpv4AddressFree is sent as an argument of function
pointer. For public caller, selectIpv4Address() has no behavior change.
For test caller, they can call an internal selectIpv4AddressInternal
(.., fn) to change isIpv4AddrFreeFn function pointer for testing.
Bug: 212345928
Test: build and boot
atest libclat_test
Change-Id: Iab5e6fd5ebbccf10e7b3be2251b45949cf3f3464
generateIpv6Address() is moved from ClatdController without behavior
change. The unique_fd for socket fd is replaced by primitive int
because libbase is not supported in mainline.
Bug: 212345928
Test: build and boot
atest libclat_test
Change-Id: I42e152e6fe3ad577a0274e1d55e737318f61176d
Introduce the library libclat to implement clat functions for jni.
It is helpful for unit test.
makeChecksumNeutral() and its test are moved from ClatdController
without behavior change.
Bug: 212345928
Test: build and boot
atest libclat_test
Change-Id: I1c0981d98141fc1cc07b2d3a0f3cbddf38683ff3
