(also note the program in p/m/C netd.C is not optional or kernel version dependent)
Bug: 237030932
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ia984f6a1ce0ab14a204fe47ec295db1363879b7b
Non platform ones (ie. shipped via mainline) already have
the value manually specified.
The goal here is to be able to do some bpf.o validity checking
in the bpfloader based on the bpfloader_min_ver.
Such validity checking really only makes sense for mainline
shipped bpf.o's which might need to load on older bpfloaders.
Hence we no longer want platform bpf.o's to have minver == 0.
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I9e2f670c48e30818689a42bc515eb49e86f3cbea
Sometimes you just want to change the setting for all maps and/or
programs in a specific .c file...
Bug: 190523685
Bug: 236925089
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I3ba6b3a8dadf18c1436b21feb1ee03db446e6aba
BpfLoader v0.25+ support loading obj@ver.o files
as if they were obj.o. This allows different
versions of the .o per bpfloader version.
This is useful because BTF enabled bpf.o files
are incompatible with BpfLoader < 0.10.
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I2067b1c54c36842c0baa779f37a904b75b9dfb6d
Per request on:
https://googleplex-android-review.googlesource.com/c/platform/frameworks/libs/net/+/18992756
While we're at it let's temporarily remove the check in .reset(fd)
if (bpfGetFdMapFlags(mMapFd) != 0) abort(); // TODO: fix for BpfMapRO
We'll add it back when the code is in better shape,
and read-only vs read-write state of the map is something
we actually *know*.
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Id8d65bdc529872685b42656e638f22048fafb7f6
(split in two to facilitate manual testing)
Bug: 218408035
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ifc00ed168231615819b88b232155e1fe6f9a8c71
Tested by making the map struct conditional on #define V18,
and only #defining that in the top line of netd.c,
this results in:
$ objdump -s -j size_of_bpf_map_def out/target/product/vsoc_x86_64/apex/com.android.tethering/etc/bpf/net_shared/clatd.o
out/target/product/vsoc_x86_64/apex/com.android.tethering/etc/bpf/net_shared/clatd.o: file format elf64-little
Contents of section size_of_bpf_map_def:
0000 30000000 00000000 0.......
$ objdump -s -j size_of_bpf_prog_def out/target/product/vsoc_x86_64/apex/com.android.tethering/etc/bpf/net_shared/clatd.o
out/target/product/vsoc_x86_64/apex/com.android.tethering/etc/bpf/net_shared/clatd.o: file format elf64-little
Contents of section size_of_bpf_prog_def:
0000 1c000000 00000000 ........
$ objdump -s -j size_of_bpf_map_def out/target/product/vsoc_x86_64/apex/com.android.tethering/etc/bpf/netd_shared/netd.o
out/target/product/vsoc_x86_64/apex/com.android.tethering/etc/bpf/netd_shared/netd.o: file format elf64-little
Contents of section size_of_bpf_map_def:
0000 74000000 00000000 t.......
$ objdump -s -j size_of_bpf_prog_def out/target/product/vsoc_x86_64/apex/com.android.tethering/etc/bpf/netd_shared/netd.o
out/target/product/vsoc_x86_64/apex/com.android.tethering/etc/bpf/netd_shared/netd.o: file format elf64-little
Contents of section size_of_bpf_prog_def:
0000 5c000000 00000000 \.......
$ echo $[0x00000030] $[0x00000074]
48 116
$ echo $[0x0000001c] $[0x0000005c]
28 92
and it still successfully boots.
So the struct extension infrastructure works as desired.
Bug: 218408035
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I8b55769e69dbf9580e844f2a50d48651fd9a0cff
while we're at it:
- replace 'unique_fd != -1' with unique_fd.ok() which is
a test for fd.get() >= 0 and is thus effectively equivalent
- make use of the fact that unique_fd.reset()
takes care to save errno.
(see impl. in //system/libbase/include/android-base/unique_fd.h )
Bug: 236285127
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I6fb7bf28a2265ad84baa3c552b39c620cb3875fe
Really we need to fix the inheritance to make
BpfMapRO the parent class of BpfMap:
but that's a far more difficult thing to do,
so in the short term we punt like this.
This makes BpfMapRO a little bit more usable,
and allows a slow transition across the codebase...
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I1c5112db70e9e523c113cba536fbe19422b4d3f3
(we don't yet do anything with it, but at least in strace we should
now see more detailed errors from the kernel)
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I6a34a0e7e866bbde41daef23870ad90dceee6ded
this way is more obviously not calling dup_with_cloexec
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I4e1ce3b0a42ccea638332ae451e291e025d57895
to replace less safe uses of BpfMap.reset(create(type, keysize, valuesize, entries, flags))
Meant to be used in tests only.
Bug:
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I869f1f935bcf5d00702c42bc46d6094ea552addc
not perfect due to this being in a header file, so multiple copies
potentially exist, but it's really simple, and works nearly as well.
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Id90c6933d57bc12f4dd640c8918fd0885c7474cf
We switch back to int from ParcelFileDescriptor,
and eliminate all calls to close(). Bpf Map FDs
now live till process exit.
Bug: 230880517
Test: TreeHugger, atest com.android.networkstack.tethering.BpfMapTest
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I89b6dc88ea56cb1e50695f8daf54ed79bce3fba2
This will allow healthd to filter uevent packets, if needed
Bug: 203462310
Test: Ensure that healthd can build if it uses bpf filters
Change-Id: I97bfe9509a6934444f656508176495bba38381be
TCA_U32_ACT was missed when converting from the u32 filter to matchall.
Interestingly, cls_matchall does not seem to validate this type as the
kernel happily accepted this configuration (which absolutely should not
happen as TCA_U32_ACT is greater than __TCA_MATCHALL_MAX).
Bug: 218840346
Test: atest CtsNetTestCases:RateLimitTest
Change-Id: Ia24683cbd5fbd10084163db6e6a4415ec03f6f3f
The art apex already has access to bpf_headers which includes bpf_syscall_wrappers,
but this extra line is needed to switch it away from needlessly linking libbpf_android.
Since these are header files only, this annotation is kind of pointless,
but it does turn out to be needed...
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I9e4d3373cea488080304e31ed7c8708aec988933
this doesn't appear to make sense now that it's available to vendors
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: If2d24fa8eccfb5c12832fb191a8560b024751db7
Attach bpf program to cgroup with flags, support 'BPF_F_ALLOW_OVERRIDE'
and 'BPF_F_ALLOW_MULTI'; corresponding to detach a single bpf program in
a cgroup.
Test: m
Signed-off-by: KaiWen Zheng <zhengkaiwen5@xiaomi.corp-partner.google.com>
Change-Id: I9a4d2dcb249c6c628e3f1287d7d5d1879b722bd6
