commit 3902b8c66f3dd034e122019e74137b0ad03ba8d7
author Maciej Żenczykowski <maze@google.com> Mon May 22 18:55:17 2023 +0000
committer Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> Mon May 22 18:55:17 2023 +0000
tree cf68fffdeca43353ae8cebdab7e4528753053889
parent 118e97dd1087b6c83f1fb7d29b1012f090b3064d
parent c88610393ddfa679575c4e49e3af60d402978749

Merge "netd.c - cleanup AID_CLAT handling" am: ab35e1d453 am: c88610393d

Original change: https://android-review.googlesource.com/c/platform/packages/modules/Connectivity/+/2596092

Change-Id: I1d34cfd4c1570df041faf1ce8e0251d76b40b396
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

bpf_progs/netd.c

diff --git a/bpf_progs/netd.c b/bpf_progs/netd.c
index 839ca40..6874382 100644
--- a/bpf_progs/netd.c
+++ b/bpf_progs/netd.c
@@ -412,10 +412,8 @@
 
     // Always allow and never count clat traffic. Only the IPv4 traffic on the stacked
     // interface is accounted for and subject to usage restrictions.
-    // TODO: remove sock_uid check once Nat464Xlat javaland adds the socket tag AID_CLAT for clat.
-    if (sock_uid == AID_CLAT || uid == AID_CLAT) {
-        return PASS;
-    }
+    // CLAT IPv6 TX sockets are *always* tagged with CLAT uid, see tagSocketAsClat()
+    if (uid == AID_CLAT) return PASS;
 
     int match = bpf_owner_match(skb, sock_uid, egress, kver);
 
@@ -502,9 +500,8 @@
     // Clat daemon does not generate new traffic, all its traffic is accounted for already
     // on the v4-* interfaces (except for the 20 (or 28) extra bytes of IPv6 vs IPv4 overhead,
     // but that can be corrected for later when merging v4-foo stats into interface foo's).
-    // TODO: remove sock_uid check once Nat464Xlat javaland adds the socket tag AID_CLAT for clat.
+    // CLAT sockets are created by system server and tagged as uid CLAT, see tagSocketAsClat()
     uint32_t sock_uid = bpf_get_socket_uid(skb);
-    if (sock_uid == AID_CLAT) return BPF_NOMATCH;
     if (sock_uid == AID_SYSTEM) {
         uint64_t cookie = bpf_get_socket_cookie(skb);
         UidTagValue* utag = bpf_cookie_tag_map_lookup_elem(&cookie);