Merge changes Idf75e4e9,Idf0435f4 into main
* changes:
Process enqueued messages from the NAI synchronously.
Remove the queue on the NetworkAgent side
diff --git a/bpf/loader/NetBpfLoad.cpp b/bpf/loader/NetBpfLoad.cpp
index b9ef766..28cb09e 100644
--- a/bpf/loader/NetBpfLoad.cpp
+++ b/bpf/loader/NetBpfLoad.cpp
@@ -17,6 +17,7 @@
#define LOG_TAG "NetBpfLoad"
#include <arpa/inet.h>
+#include <bpf/btf.h>
#include <bpf/libbpf.h>
#include <dirent.h>
#include <elf.h>
@@ -51,6 +52,7 @@
#include <android-base/logging.h>
#include <android-base/macros.h>
#include <android-base/properties.h>
+#include <android-base/scopeguard.h>
#include <android-base/stringprintf.h>
#include <android-base/strings.h>
#include <android-base/unique_fd.h>
@@ -649,10 +651,185 @@
return false;
}
+static int setBtfDatasecSize(ifstream &elfFile, struct btf *btf,
+ struct btf_type *bt) {
+ const char *name = btf__name_by_offset(btf, bt->name_off);
+ if (!name) {
+ ALOGE("Couldn't resolve section name, errno: %d", errno);
+ return -errno;
+ }
+
+ vector<char> data;
+ int ret = readSectionByName(name, elfFile, data);
+ if (ret) {
+ ALOGE("Couldn't read section %s, ret: %d", name, ret);
+ return ret;
+ }
+ bt->size = data.size();
+ return 0;
+}
+
+static int getSymOffsetByName(ifstream &elfFile, const char *name, int *off) {
+ vector<Elf64_Sym> symtab;
+ int ret = readSymTab(elfFile, 1 /* sort */, symtab);
+ if (ret) return ret;
+ for (int i = 0; i < (int)symtab.size(); i++) {
+ string s;
+ ret = getSymName(elfFile, symtab[i].st_name, s);
+ if (ret) continue;
+ if (!strcmp(s.c_str(), name)) {
+ *off = symtab[i].st_value;
+ return 0;
+ }
+ }
+ return -1;
+}
+
+static int setBtfVarOffset(ifstream &elfFile, struct btf *btf,
+ struct btf_type *datasecBt) {
+ int i, vars = btf_vlen(datasecBt);
+ struct btf_var_secinfo *vsi;
+ const char *datasecName = btf__name_by_offset(btf, datasecBt->name_off);
+ if (!datasecName) {
+ ALOGE("Couldn't resolve section name, errno: %d", errno);
+ return -errno;
+ }
+
+ for (i = 0, vsi = btf_var_secinfos(datasecBt); i < vars; i++, vsi++) {
+ const struct btf_type *varBt = btf__type_by_id(btf, vsi->type);
+ if (!varBt || !btf_is_var(varBt)) {
+ ALOGE("Found non VAR kind btf_type, section: %s id: %d", datasecName,
+ vsi->type);
+ return -1;
+ }
+
+ const struct btf_var *var = btf_var(varBt);
+ if (var->linkage == BTF_VAR_STATIC) continue;
+
+ const char *varName = btf__name_by_offset(btf, varBt->name_off);
+ if (!varName) {
+ ALOGE("Failed to resolve var name, section: %s", datasecName);
+ return -1;
+ }
+
+ int off;
+ int ret = getSymOffsetByName(elfFile, varName, &off);
+ if (ret) {
+ ALOGE("No offset found in symbol table, section: %s, var: %s, ret: %d",
+ datasecName, varName, ret);
+ return ret;
+ }
+ vsi->offset = off;
+ }
+ return 0;
+}
+
+static int loadBtf(ifstream &elfFile, struct btf *btf) {
+ int ret;
+ for (unsigned int i = 1; i < btf__type_cnt(btf); ++i) {
+ struct btf_type *bt = (struct btf_type *)btf__type_by_id(btf, i);
+ if (!btf_is_datasec(bt)) continue;
+ ret = setBtfDatasecSize(elfFile, btf, bt);
+ if (ret) return ret;
+ ret = setBtfVarOffset(elfFile, btf, bt);
+ if (ret) return ret;
+ }
+
+ ret = btf__load_into_kernel(btf);
+ if (ret) {
+ if (errno != EINVAL) {
+ ALOGE("btf__load_into_kernel failed, errno: %d", errno);
+ return ret;
+ };
+ // For BTF_KIND_FUNC, newer kernels can read the BTF_INFO_VLEN bits of
+ // struct btf_type to distinguish static vs. global vs. extern
+ // functions, but older kernels enforce that only the BTF_INFO_KIND bits
+ // can be set. Retry with non-BTF_INFO_KIND bits zeroed out to handle
+ // this case.
+ for (unsigned int i = 1; i < btf__type_cnt(btf); ++i) {
+ struct btf_type *bt = (struct btf_type *)btf__type_by_id(btf, i);
+ if (btf_is_func(bt)) {
+ bt->info = (BTF_INFO_KIND(bt->info)) << 24;
+ }
+ }
+ ret = btf__load_into_kernel(btf);
+ if (ret) {
+ ALOGE("btf__load_into_kernel retry failed, errno: %d", errno);
+ return ret;
+ };
+ }
+ return 0;
+}
+
+int getKeyValueTids(const struct btf *btf, const char *mapName,
+ uint32_t expectedKeySize, uint32_t expectedValueSize,
+ uint32_t *keyTypeId, uint32_t *valueTypeId) {
+ const struct btf_type *kvBt;
+ const struct btf_member *key, *value;
+ const size_t max_name = 256;
+ char kvTypeName[max_name];
+ int64_t keySize, valueSize;
+ uint32_t kvId;
+
+ if (snprintf(kvTypeName, max_name, "____btf_map_%s", mapName) == max_name) {
+ ALOGE("____btf_map_%s is too long", mapName);
+ return -1;
+ }
+
+ kvId = btf__find_by_name(btf, kvTypeName);
+ if (kvId < 0) {
+ ALOGE("section not found, map: %s typeName: %s", mapName, kvTypeName);
+ return -1;
+ }
+
+ kvBt = btf__type_by_id(btf, kvId);
+ if (!kvBt) {
+ ALOGE("Couldn't find BTF type, map: %s id: %u", mapName, kvId);
+ return -1;
+ }
+
+ if (!btf_is_struct(kvBt) || btf_vlen(kvBt) < 2) {
+ ALOGE("Non Struct kind or invalid vlen, map: %s id: %u", mapName, kvId);
+ return -1;
+ }
+
+ key = btf_members(kvBt);
+ value = key + 1;
+
+ keySize = btf__resolve_size(btf, key->type);
+ if (keySize < 0) {
+ ALOGE("Couldn't get key size, map: %s errno: %d", mapName, errno);
+ return -1;
+ }
+
+ valueSize = btf__resolve_size(btf, value->type);
+ if (valueSize < 0) {
+ ALOGE("Couldn't get value size, map: %s errno: %d", mapName, errno);
+ return -1;
+ }
+
+ if (expectedKeySize != keySize || expectedValueSize != valueSize) {
+ ALOGE("Key value size mismatch, map: %s key size: %d expected key size: "
+ "%d value size: %d expected value size: %d",
+ mapName, (uint32_t)keySize, expectedKeySize, (uint32_t)valueSize,
+ expectedValueSize);
+ return -1;
+ }
+
+ *keyTypeId = key->type;
+ *valueTypeId = value->type;
+
+ return 0;
+}
+
+static bool isBtfSupported(enum bpf_map_type type) {
+ return type != BPF_MAP_TYPE_DEVMAP_HASH && type != BPF_MAP_TYPE_RINGBUF;
+}
+
static int createMaps(const char* elfPath, ifstream& elfFile, vector<unique_fd>& mapFds,
const char* prefix, const unsigned int bpfloader_ver) {
int ret;
- vector<char> mdData;
+ vector<char> mdData, btfData;
vector<struct bpf_map_def> md;
vector<string> mapNames;
string objName = pathToObjName(string(elfPath));
@@ -679,6 +856,21 @@
ret = getSectionSymNames(elfFile, "maps", mapNames);
if (ret) return ret;
+ ret = readSectionByName(".BTF", elfFile, btfData);
+ if (ret) {
+ ALOGE("Failed to read .BTF section, ret:%d", ret);
+ return ret;
+ }
+ struct btf *btf = btf__new(btfData.data(), btfData.size());
+ if (btf == NULL) {
+ ALOGE("btf__new failed, errno: %d", errno);
+ return -errno;
+ }
+ auto scopeGuard = base::make_scope_guard([btf] { btf__free(btf); });
+
+ ret = loadBtf(elfFile, btf);
+ if (ret) return ret;
+
unsigned kvers = kernelVersion();
for (int i = 0; i < (int)mapNames.size(); i++) {
@@ -804,12 +996,26 @@
};
if (isAtLeastKernelVersion(4, 15, 0))
strlcpy(req.map_name, mapNames[i].c_str(), sizeof(req.map_name));
+
+ if (isBtfSupported(type)) {
+ uint32_t kTid, vTid;
+ ret = getKeyValueTids(btf, mapNames[i].c_str(), md[i].key_size,
+ md[i].value_size, &kTid, &vTid);
+ if (ret) return ret;
+ req.btf_fd = btf__fd(btf);
+ req.btf_key_type_id = kTid;
+ req.btf_value_type_id = vTid;
+ ALOGI("Create map with BTF, map: %s", mapNames[i].c_str());
+ } else {
+ ALOGI("Create map without BTF, map: %s", mapNames[i].c_str());
+ }
+
fd.reset(bpf(BPF_MAP_CREATE, req));
saved_errno = errno;
if (fd.ok()) {
- ALOGD("bpf_create_map[%s] -> %d", mapNames[i].c_str(), fd.get());
+ ALOGD("bpf_create_map[%s] -> %d", mapNames[i].c_str(), fd.get());
} else {
- ALOGE("bpf_create_map[%s] -> %d errno:%d", mapNames[i].c_str(), fd.get(), saved_errno);
+ ALOGE("bpf_create_map[%s] -> %d errno:%d", mapNames[i].c_str(), fd.get(), saved_errno);
}
}
@@ -1414,6 +1620,29 @@
return wear;
}
+static int libbpfPrint(enum libbpf_print_level lvl, const char *const formatStr,
+ va_list argList) {
+ int32_t prio;
+ switch (lvl) {
+ case LIBBPF_WARN:
+ prio = ANDROID_LOG_WARN;
+ break;
+ case LIBBPF_INFO:
+ prio = ANDROID_LOG_INFO;
+ break;
+ case LIBBPF_DEBUG:
+ prio = ANDROID_LOG_DEBUG;
+ break;
+ }
+ char *s = strdup(formatStr ?: "(no format string)");
+ int len = strlen(s);
+ if (len && s[len - 1] == '\n')
+ s[len - 1] = 0;
+ LOG_PRI_VA(prio, LOG_TAG, s, argList);
+ free(s);
+ return 0;
+}
+
static int doLoad(char** argv, char * const envp[]) {
if (!isAtLeastS) {
ALOGE("Impossible - not reachable on Android <S.");
@@ -1421,6 +1650,7 @@
// for any possible busted 'optimized' start everything vendor init hacks on R
return 0;
}
+ libbpf_set_print(libbpfPrint);
const bool runningAsRoot = !getuid(); // true iff U QPR3 or V+
diff --git a/clatd/main.c b/clatd/main.c
index fca996b..bc29041 100644
--- a/clatd/main.c
+++ b/clatd/main.c
@@ -64,6 +64,48 @@
*write_sock_str = NULL;
unsigned len;
+ // Clatd binary is setuid/gid CLAT, thus when we reach here we have:
+ // $ adb shell ps | grep clat
+ // [pid] [ppid]
+ // clat 7650 1393 10785364 2612 do_sys_poll 0 S clatd-wlan0
+ // $ adb shell cat /proc/7650/status | egrep -i '^(Uid:|Gid:|Groups:)'
+ // [real][effective][saved][filesystem]
+ // [uid] [euid] [suid] [fsuid]
+ // Uid: 1000 1029 1029 1029
+ // [gid] [egid] [sgid] [fsgid]
+ // Gid: 1000 1029 1029 1029
+ // Groups: 1001 1002 1003 1004 1005 1006 1007 1008 1009 1010 1018 1021 1023 1024 1032 1065 3001 3002 3003 3005 3006 3007 3009 3010 3011 3012
+ // This mismatch between uid & euid appears to cause periodic (every 5 minutes):
+ // objhash pid ppid uid
+ // W ActivityManager: Stale PhantomProcessRecord {xxxxxxx 7650:1393:clatd-wlan0/1000}, removing
+ // This is due to:
+ // $ adbz shell ls -ld /proc/7650
+ // dr-xr-xr-x 9 clat clat 0 2025-03-14 11:37 /proc/7650
+ // which is used by
+ // //frameworks/base/core/java/com/android/internal/os/ProcessCpuTracker.java
+ // which thus returns the uid 'clat' vs
+ // //frameworks/base/core/java/android/os/Process.java
+ // getUidForPid() which grabs *real* 'uid' from /proc/<pid>/status and is used in:
+ // //frameworks/base/services/core/java/com/android/server/am/PhantomProcessList.java
+ // (perhaps this should grab euid instead? unclear)
+ //
+ // However, we want to drop as many privs as possible, hence:
+ gid_t egid = getegid(); // documented to never fail, hence should return AID_CLAT == 1029
+ uid_t euid = geteuid(); // (ditto)
+ setresgid(egid, egid, egid); // ignore any failure
+ setresuid(euid, euid, euid); // ignore any failure
+ // ideally we'd somehow drop supplementary groups too...
+ // but for historical reasons that actually requires CAP_SETGID which we don't have
+ // (see man 2 setgroups)
+ //
+ // Now we (should) have:
+ // $ adb shell ps | grep clat
+ // clat 5370 1479 10785364 2528 do_sys_poll 0 S clatd-wlan0
+ // # adb shell cat /proc/5370/status | egrep -i '^(Uid:|Gid:|Groups:)'
+ // Uid: 1029 1029 1029 1029
+ // Gid: 1029 1029 1029 1029
+ // Groups: 1001 1002 1003 1004 1005 1006 1007 1008 1009 1010 1018 1021 1023 1024 1032 1065 3001 3002 3003 3005 3006 3007 3009 3010 3011 3012
+
while ((opt = getopt(argc, argv, "i:p:4:6:t:r:w:h")) != -1) {
switch (opt) {
case 'i':
diff --git a/tests/cts/multidevices/apfv6_test.py b/tests/cts/multidevices/apfv6_test.py
index b82a3be..fb45f4a 100644
--- a/tests/cts/multidevices/apfv6_test.py
+++ b/tests/cts/multidevices/apfv6_test.py
@@ -14,6 +14,7 @@
from mobly import asserts
from scapy.layers.inet import IP, ICMP, IPOption_Router_Alert
+from scapy.layers.inet6 import IPv6, ICMPv6EchoRequest, ICMPv6EchoReply
from scapy.layers.l2 import Ether
from scapy.contrib.igmpv3 import IGMPv3, IGMPv3mq, IGMPv3mr, IGMPv3gr
from net_tests_utils.host.python import apf_test_base, apf_utils, adb_utils, assert_utils, packet_utils
@@ -102,6 +103,22 @@
)
@apf_utils.at_least_B()
+ def test_ipv6_icmp_echo_request_offload(self):
+ eth = Ether(src=self.server_mac_address, dst=self.client_mac_address)
+ ip = IPv6(src=self.server_ipv6_addresses[0], dst=self.client_ipv6_addresses[0])
+ icmp = ICMPv6EchoRequest(id=1, seq=123)
+ echo_request = bytes(eth/ip/icmp/b"hello").hex()
+
+ eth = Ether(src=self.client_mac_address, dst=self.server_mac_address)
+ ip = IPv6(src=self.client_ipv6_addresses[0], dst=self.server_ipv6_addresses[0])
+ icmp = ICMPv6EchoReply(id=1, seq=123)
+ expected_echo_reply = bytes(eth/ip/icmp/b"hello").hex()
+
+ self.send_packet_and_expect_reply_received(
+ echo_request, "DROPPED_IPV6_ICMP6_ECHO_REQUEST_REPLIED", expected_echo_reply
+ )
+
+ @apf_utils.at_least_B()
def test_igmpv3_general_query_offload(self):
ether = Ether(src=self.server_mac_address, dst='01:00:5e:00:00:01')
ip = IP(
diff --git a/tests/cts/net/src/android/net/cts/ApfIntegrationTest.kt b/tests/cts/net/src/android/net/cts/ApfIntegrationTest.kt
index 81afabc..7dbb9b2 100644
--- a/tests/cts/net/src/android/net/cts/ApfIntegrationTest.kt
+++ b/tests/cts/net/src/android/net/cts/ApfIntegrationTest.kt
@@ -372,7 +372,7 @@
if (caps.apfVersionSupported > 4) {
assertThat(caps.maximumApfProgramSize).isAtLeast(2048)
- assertThat(caps.apfVersionSupported).isEqualTo(6000) // v6.0000
+ assertThat(caps.apfVersionSupported).isAnyOf(6000, 6100) // v6.000 or v6.100
}
// DEVICEs launching with Android 15 (AOSP experimental) or higher with CHIPSETs that set
@@ -383,14 +383,22 @@
assertThat(caps.maximumApfProgramSize).isAtLeast(2048)
}
- // CHIPSETs (or DEVICES with CHIPSETs) that set ro.board.first_api_level or
- // ro.board.api_level to 202504 or higher:
- // - [VSR-5.3.12-018] MUST implement version 6 of the Android Packet Filtering (APF)
- // interpreter in the Wi-Fi firmware.
- // - [VSR-5.3.12-019] MUST provide at least 4000 bytes of APF RAM.
+ // DEVICEs with CHIPSETs that set ro.board.first_api_level or ro.board.api_level to 202504
+ // or higher:
+ // - [VSR-5.3.12-018] MUST implement version 6 or version 6.1 of the Android Packet
+ // Filtering (APF) interpreter in the Wi-Fi firmware.
+ // - [VSR-5.3.12-019] MUST provide at least 4000 bytes of APF RAM when version 6 is
+ // implemented OR 3000 bytes when version 6.1 is implemented.
+ // - Note, the APF RAM requirement for APF version 6.1 will become 4000 bytes in Android 17
+ // with CHIPSETs that set ro.board.first_api_level or ro.board.api_level to 202604 or
+ // higher.
if (vsrApiLevel >= 202504) {
- assertThat(caps.apfVersionSupported).isEqualTo(6000)
- assertThat(caps.maximumApfProgramSize).isAtLeast(4000)
+ assertThat(caps.apfVersionSupported).isAnyOf(6000, 6100)
+ if (caps.apfVersionSupported == 6000) {
+ assertThat(caps.maximumApfProgramSize).isAtLeast(4000)
+ } else {
+ assertThat(caps.maximumApfProgramSize).isAtLeast(3000)
+ }
}
// ApfFilter does not support anything but ARPHRD_ETHER.
diff --git a/tests/cts/net/util/java/android/net/cts/util/CtsTetheringUtils.java b/tests/cts/net/util/java/android/net/cts/util/CtsTetheringUtils.java
index 27cba3a..3b8f5bc 100644
--- a/tests/cts/net/util/java/android/net/cts/util/CtsTetheringUtils.java
+++ b/tests/cts/net/util/java/android/net/cts/util/CtsTetheringUtils.java
@@ -119,7 +119,10 @@
cv instanceof CallbackValue.OnTetheringStarted);
}
- public void expectTetheringFailed(final int expected) throws InterruptedException {
+ /**
+ * Verify that starting tethering failed with the specified error code.
+ */
+ public void expectTetheringFailed(final int expected) {
final CallbackValue cv = mHistory.poll(TIMEOUT_MS, c -> true);
assertNotNull("No onTetheringFailed after " + TIMEOUT_MS + " ms", cv);
assertTrue("Expect fail with error code " + expected + ", but received: " + cv,
@@ -559,19 +562,28 @@
}
/**
- * Starts Wi-Fi tethering.
+ * Starts Wi-Fi tethering with TETHER_PRIVILEGED permission.
*/
- public TetheringInterface startWifiTethering(final TestTetheringEventCallback callback)
- throws InterruptedException {
+ public TetheringInterface startWifiTethering(final TestTetheringEventCallback callback) {
return startWifiTethering(callback, null);
}
/**
- * Starts Wi-Fi tethering with the specified SoftApConfiguration.
+ * Starts Wi-Fi tethering with TETHER_PRIVILEGED permission and the specified
+ * SoftApConfiguration.
*/
public TetheringInterface startWifiTethering(final TestTetheringEventCallback callback,
- final SoftApConfiguration softApConfiguration)
- throws InterruptedException {
+ final SoftApConfiguration softApConfiguration) {
+ return runAsShell(TETHER_PRIVILEGED, () -> startWifiTetheringNoPermissions(
+ callback, softApConfiguration));
+ }
+
+ /**
+ * Starts Wi-Fi tethering without any permission with the specified SoftApConfiguration.
+ */
+ public TetheringInterface startWifiTetheringNoPermissions(
+ final TestTetheringEventCallback callback,
+ final SoftApConfiguration softApConfiguration) {
final List<String> wifiRegexs = getWifiTetherableInterfaceRegexps(callback);
final StartTetheringCallback startTetheringCallback = new StartTetheringCallback();
@@ -582,19 +594,17 @@
}
final TetheringRequest request = builder.build();
- return runAsShell(TETHER_PRIVILEGED, () -> {
- mTm.startTethering(request, c -> c.run() /* executor */, startTetheringCallback);
- startTetheringCallback.verifyTetheringStarted();
+ mTm.startTethering(request, c -> c.run() /* executor */, startTetheringCallback);
+ startTetheringCallback.verifyTetheringStarted();
- final TetheringInterface iface =
- callback.expectTetheredInterfacesChanged(wifiRegexs, TETHERING_WIFI);
+ final TetheringInterface iface =
+ callback.expectTetheredInterfacesChanged(wifiRegexs, TETHERING_WIFI);
- callback.expectOneOfOffloadStatusChanged(
- TETHER_HARDWARE_OFFLOAD_STARTED,
- TETHER_HARDWARE_OFFLOAD_FAILED);
+ callback.expectOneOfOffloadStatusChanged(
+ TETHER_HARDWARE_OFFLOAD_STARTED,
+ TETHER_HARDWARE_OFFLOAD_FAILED);
- return iface;
- });
+ return iface;
}
private static class StopSoftApCallback implements SoftApCallback {
diff --git a/tests/cts/tethering/src/android/tethering/cts/TetheringManagerTest.java b/tests/cts/tethering/src/android/tethering/cts/TetheringManagerTest.java
index 7d6a213..abe628b 100644
--- a/tests/cts/tethering/src/android/tethering/cts/TetheringManagerTest.java
+++ b/tests/cts/tethering/src/android/tethering/cts/TetheringManagerTest.java
@@ -487,6 +487,9 @@
final TestTetheringEventCallback tetherEventCallback =
mCtsTetheringUtils.registerTetheringEventCallback();
try {
+ tetherEventCallback.assumeWifiTetheringSupported(mContext);
+ tetherEventCallback.expectNoTetheringActive();
+
final StartTetheringCallback startTetheringCallback = new StartTetheringCallback();
mTM.startTethering(new TetheringRequest.Builder(TETHERING_VIRTUAL).build(),
c -> c.run(), startTetheringCallback);
@@ -508,6 +511,7 @@
mCtsTetheringUtils.registerTetheringEventCallback();
try {
tetherEventCallback.assumeWifiTetheringSupported(mContext);
+ tetherEventCallback.expectNoTetheringActive();
SoftApConfiguration softApConfig = new SoftApConfiguration.Builder()
.setWifiSsid(WifiSsid.fromBytes("This is one config"
@@ -532,6 +536,7 @@
mCtsTetheringUtils.registerTetheringEventCallback();
try {
tetherEventCallback.assumeWifiTetheringSupported(mContext);
+ tetherEventCallback.expectNoTetheringActive();
SoftApConfiguration softApConfig = new SoftApConfiguration.Builder()
.setWifiSsid(WifiSsid.fromBytes("This is one config"