Merge changes I6025abba,I7788a6bb,I4fe381a2,Ib1ee183e,Ifb8843aa, ...
* changes:
gn2bp: create one action per arch
gn2bp: support multiple jni registration modules
gn2bp: get rid of local_include_dir hacks
gn2bp: remove jni_headers from jni_generator genrule
gn2bp: add common header dependencies to defaults
gn2bp: unconditionally remove -DANDROID for all host targets
diff --git a/bpf_progs/clatd.c b/bpf_progs/clatd.c
index b8c6131..22726ac 100644
--- a/bpf_progs/clatd.c
+++ b/bpf_progs/clatd.c
@@ -111,8 +111,8 @@
return TC_ACT_PIPE;
const struct frag_hdr *frag = (const struct frag_hdr *)(ip6 + 1);
proto = frag->nexthdr;
- // Trivial hash of 32-bit IPv6 ID field into 16-bit IPv4 field.
- ip_id = (frag->identification) ^ (frag->identification >> 16);
+ // Per RFC6145 use bottom 16-bits of 32-bit IPv6 ID field for 16-bit IPv4 field.
+ ip_id = frag->identification;
// Conversion of 16-bit IPv6 frag offset to 16-bit IPv4 frag offset field.
// IPv6 is '13 bits of offset in multiples of 8' + 2 zero bits + more fragment bit
// IPv4 is zero bit + don't frag bit + more frag bit + '13 bits of offset in multiples of 8'
diff --git a/bpf_progs/netd.c b/bpf_progs/netd.c
index f9484fc..4cbd751 100644
--- a/bpf_progs/netd.c
+++ b/bpf_progs/netd.c
@@ -79,6 +79,9 @@
// only valid indexes are [0..CONFIGURATION_MAP_SIZE-1]
DEFINE_BPF_MAP_RO_NETD(configuration_map, ARRAY, uint32_t, uint32_t, CONFIGURATION_MAP_SIZE)
+// TODO: consider whether we can merge some of these maps
+// for example it might be possible to merge 2 or 3 of:
+// uid_counterset_map + uid_owner_map + uid_permission_map
DEFINE_BPF_MAP_RW_NETD(cookie_tag_map, HASH, uint64_t, UidTagValue, COOKIE_UID_MAP_SIZE)
DEFINE_BPF_MAP_NO_NETD(uid_counterset_map, HASH, uint32_t, uint8_t, UID_COUNTERSET_MAP_SIZE)
DEFINE_BPF_MAP_NO_NETD(app_uid_stats_map, HASH, uint32_t, StatsValue, APP_STATS_MAP_SIZE)
@@ -198,6 +201,7 @@
}
static __always_inline inline bool skip_owner_match(struct __sk_buff* skb, bool is_4_19) {
+ uint32_t flag = 0;
if (skb->protocol == htons(ETH_P_IP)) {
uint8_t proto;
// no need to check for success, proto will be zeroed if bpf_skb_load_bytes_net() fails
@@ -211,24 +215,22 @@
// field will also fail, and that failure we already handle correctly
// (we also don't check that ihl in [0x45,0x4F] nor that ipv4 header checksum is correct)
(void)bpf_skb_load_bytes_net(skb, IPPROTO_IHL_OFF, &ihl, sizeof(ihl), is_4_19);
- uint32_t flag;
// if the read below fails, we'll just assume no TCP flags are set, which is fine.
(void)bpf_skb_load_bytes_net(skb, (ihl & 0xF) * 4 + TCP_FLAG32_OFF,
&flag, sizeof(flag), is_4_19);
- return flag & TCP_FLAG_RST; // false on read failure
} else if (skb->protocol == htons(ETH_P_IPV6)) {
uint8_t proto;
// no need to check for success, proto will be zeroed if bpf_skb_load_bytes_net() fails
(void)bpf_skb_load_bytes_net(skb, IPV6_PROTO_OFF, &proto, sizeof(proto), is_4_19);
if (proto == IPPROTO_ESP) return true;
if (proto != IPPROTO_TCP) return false; // handles read failure above
- uint32_t flag;
// if the read below fails, we'll just assume no TCP flags are set, which is fine.
(void)bpf_skb_load_bytes_net(skb, sizeof(struct ipv6hdr) + TCP_FLAG32_OFF,
&flag, sizeof(flag), is_4_19);
- return flag & TCP_FLAG_RST; // false on read failure
+ } else {
+ return false;
}
- return false;
+ return flag & TCP_FLAG_RST; // false on read failure
}
static __always_inline inline BpfConfig getConfig(uint32_t configKey) {