Snap for 6539570 from b04b04a849eac3c27464bc76d16909fad37bedf5 to mainline-release
Change-Id: I03a57a5f17ac6753aba6153ceb0548dd31d017c7
diff --git a/core/java/android/net/NetworkStats.java b/core/java/android/net/NetworkStats.java
index b7fb280..34e48eb 100644
--- a/core/java/android/net/NetworkStats.java
+++ b/core/java/android/net/NetworkStats.java
@@ -16,8 +16,6 @@
package android.net;
-import static android.os.Process.CLAT_UID;
-
import android.annotation.IntDef;
import android.annotation.NonNull;
import android.annotation.Nullable;
@@ -1047,73 +1045,54 @@
}
/**
- * Calculate and apply adjustments to captured statistics for 464xlat traffic counted twice.
+ * Calculate and apply adjustments to captured statistics for 464xlat traffic.
*
- * <p>This mutates both base and stacked traffic stats, to account respectively for
- * double-counted traffic and IPv4/IPv6 header size difference.
+ * <p>This mutates stacked traffic stats, to account for IPv4/IPv6 header size difference.
*
- * <p>For 464xlat traffic, xt_qtaguid sees every IPv4 packet twice, once as a native IPv4
- * packet on the stacked interface, and once as translated to an IPv6 packet on the
- * base interface. For correct stats accounting on the base interface, if using xt_qtaguid,
- * every rx 464xlat packet needs to be subtracted from the root UID on the base interface
- * (http://b/12249687, http:/b/33681750), and every tx 464xlat packet which was counted onto
- * clat uid should be ignored.
+ * <p>UID stats, which are only accounted on the stacked interface, need to be increased
+ * by 20 bytes/packet to account for translation overhead.
*
- * As for eBPF, the per uid stats is collected by different hook, the rx packets on base
- * interface will not be counted. Thus, the adjustment on root uid is not needed. However, the
- * tx traffic counted in the same way xt_qtaguid does, so the traffic on clat uid still
- * needs to be ignored.
+ * <p>The potential additional overhead of 8 bytes/packet for ip fragments is ignored.
+ *
+ * <p>Interface stats need to sum traffic on both stacked and base interface because:
+ * - eBPF offloaded packets appear only on the stacked interface
+ * - Non-offloaded ingress packets appear only on the stacked interface
+ * (due to iptables raw PREROUTING drop rules)
+ * - Non-offloaded egress packets appear only on the stacked interface
+ * (due to ignoring traffic from clat daemon by uid match)
+ * (and of course the 20 bytes/packet overhead needs to be applied to stacked interface stats)
*
* <p>This method will behave fine if {@code stackedIfaces} is an non-synchronized but add-only
* {@code ConcurrentHashMap}
* @param baseTraffic Traffic on the base interfaces. Will be mutated.
* @param stackedTraffic Stats with traffic stacked on top of our ifaces. Will also be mutated.
* @param stackedIfaces Mapping ipv6if -> ipv4if interface where traffic is counted on both.
- * @param useBpfStats True if eBPF is in use.
* @hide
*/
public static void apply464xlatAdjustments(NetworkStats baseTraffic,
- NetworkStats stackedTraffic, Map<String, String> stackedIfaces, boolean useBpfStats) {
- // Total 464xlat traffic to subtract from uid 0 on all base interfaces.
- // stackedIfaces may grow afterwards, but NetworkStats will just be resized automatically.
- final NetworkStats adjustments = new NetworkStats(0, stackedIfaces.size());
-
+ NetworkStats stackedTraffic, Map<String, String> stackedIfaces) {
// For recycling
Entry entry = null;
- Entry adjust = new NetworkStats.Entry(IFACE_ALL, 0, 0, 0, 0, 0, 0, 0L, 0L, 0L, 0L, 0L);
-
for (int i = 0; i < stackedTraffic.size; i++) {
entry = stackedTraffic.getValues(i, entry);
- if (entry.iface == null || !entry.iface.startsWith(CLATD_INTERFACE_PREFIX)) {
- continue;
- }
- final String baseIface = stackedIfaces.get(entry.iface);
- if (baseIface == null) {
- continue;
- }
- // Subtract xt_qtaguid 464lat rx traffic seen for the root UID on the current base
- // interface. As for eBPF, the per uid stats is collected by different hook, the rx
- // packets on base interface will not be counted.
- adjust.iface = baseIface;
- if (!useBpfStats) {
- adjust.rxBytes = -(entry.rxBytes + entry.rxPackets * IPV4V6_HEADER_DELTA);
- adjust.rxPackets = -entry.rxPackets;
- }
- adjustments.combineValues(adjust);
+ if (entry == null) continue;
+ if (entry.iface == null) continue;
+ if (!entry.iface.startsWith(CLATD_INTERFACE_PREFIX)) continue;
// For 464xlat traffic, per uid stats only counts the bytes of the native IPv4 packet
// sent on the stacked interface with prefix "v4-" and drops the IPv6 header size after
// unwrapping. To account correctly for on-the-wire traffic, add the 20 additional bytes
// difference for all packets (http://b/12249687, http:/b/33681750).
+ //
+ // Note: this doesn't account for LRO/GRO/GSO/TSO (ie. >mtu) traffic correctly, nor
+ // does it correctly account for the 8 extra bytes in the IPv6 fragmentation header.
+ //
+ // While the ebpf code path does try to simulate proper post segmentation packet
+ // counts, we have nothing of the sort of xt_qtaguid stats.
entry.rxBytes += entry.rxPackets * IPV4V6_HEADER_DELTA;
entry.txBytes += entry.txPackets * IPV4V6_HEADER_DELTA;
stackedTraffic.setValues(i, entry);
}
-
- // Traffic on clat uid is v6 tx traffic that is already counted with app uid on the stacked
- // v4 interface, so it needs to be removed to avoid double-counting.
- baseTraffic.removeUids(new int[] {CLAT_UID});
- baseTraffic.combineAllValues(adjustments);
}
/**
@@ -1125,8 +1104,8 @@
* @param stackedIfaces Mapping ipv6if -> ipv4if interface where traffic is counted on both.
* @hide
*/
- public void apply464xlatAdjustments(Map<String, String> stackedIfaces, boolean useBpfStats) {
- apply464xlatAdjustments(this, this, stackedIfaces, useBpfStats);
+ public void apply464xlatAdjustments(Map<String, String> stackedIfaces) {
+ apply464xlatAdjustments(this, this, stackedIfaces);
}
/**
diff --git a/services/core/java/com/android/server/net/NetworkStatsFactory.java b/services/core/java/com/android/server/net/NetworkStatsFactory.java
index 3dac106..86ad0b3 100644
--- a/services/core/java/com/android/server/net/NetworkStatsFactory.java
+++ b/services/core/java/com/android/server/net/NetworkStatsFactory.java
@@ -152,12 +152,10 @@
/**
* Applies 464xlat adjustments with ifaces noted with {@link #noteStackedIface(String, String)}.
- * @see NetworkStats#apply464xlatAdjustments(NetworkStats, NetworkStats, Map, boolean)
+ * @see NetworkStats#apply464xlatAdjustments(NetworkStats, NetworkStats, Map)
*/
- public void apply464xlatAdjustments(NetworkStats baseTraffic,
- NetworkStats stackedTraffic, boolean useBpfStats) {
- NetworkStats.apply464xlatAdjustments(baseTraffic, stackedTraffic, mStackedIfaces,
- useBpfStats);
+ public void apply464xlatAdjustments(NetworkStats baseTraffic, NetworkStats stackedTraffic) {
+ NetworkStats.apply464xlatAdjustments(baseTraffic, stackedTraffic, mStackedIfaces);
}
public NetworkStatsFactory() {
@@ -380,7 +378,7 @@
// network, the overhead is their fault.
// No locking here: apply464xlatAdjustments behaves fine with an add-only
// ConcurrentHashMap.
- delta.apply464xlatAdjustments(mStackedIfaces, mUseBpfStats);
+ delta.apply464xlatAdjustments(mStackedIfaces);
// Migrate data usage over a VPN to the TUN network.
for (VpnInfo info : vpnArray) {
diff --git a/services/core/java/com/android/server/net/NetworkStatsService.java b/services/core/java/com/android/server/net/NetworkStatsService.java
index dcbdfdf..ba9f486 100644
--- a/services/core/java/com/android/server/net/NetworkStatsService.java
+++ b/services/core/java/com/android/server/net/NetworkStatsService.java
@@ -1311,21 +1311,39 @@
}
// Traffic occurring on stacked interfaces is usually clatd.
- // UID stats are always counted on the stacked interface and never
- // on the base interface, because the packets on the base interface
- // do not actually match application sockets until they are translated.
//
- // Interface stats are more complicated. Packets subject to BPF offload
- // never appear on the base interface and only appear on the stacked
- // interface, so to ensure those packets increment interface stats, interface
- // stats from stacked interfaces must be collected.
+ // UID stats are always counted on the stacked interface and never on the base
+ // interface, because the packets on the base interface do not actually match
+ // application sockets (they're not IPv4) and thus the app uid is not known.
+ // For receive this is obvious: packets must be translated from IPv6 to IPv4
+ // before the application socket can be found.
+ // For transmit: either they go through the clat daemon which by virtue of going
+ // through userspace strips the original socket association during the IPv4 to
+ // IPv6 translation process, or they are offloaded by eBPF, which doesn't:
+ // However, on an ebpf device the accounting is done in cgroup ebpf hooks,
+ // which don't trigger again post ebpf translation.
+ // (as such stats accounted to the clat uid are ignored)
+ //
+ // Interface stats are more complicated.
+ //
+ // eBPF offloaded 464xlat'ed packets never hit base interface ip6tables, and thus
+ // *all* statistics are collected by iptables on the stacked v4-* interface.
+ //
+ // Additionally for ingress all packets bound for the clat IPv6 address are dropped
+ // in ip6tables raw prerouting and thus even non-offloaded packets are only
+ // accounted for on the stacked interface.
+ //
+ // For egress, packets subject to eBPF offload never appear on the base interface
+ // and only appear on the stacked interface. Thus to ensure packets increment
+ // interface stats, we must collate data from stacked interfaces. For xt_qtaguid
+ // (or non eBPF offloaded) TX they would appear on both, however egress interface
+ // accounting is explicitly bypassed for traffic from the clat uid.
+ //
final List<LinkProperties> stackedLinks = state.linkProperties.getStackedLinks();
for (LinkProperties stackedLink : stackedLinks) {
final String stackedIface = stackedLink.getInterfaceName();
if (stackedIface != null) {
- if (mUseBpfTrafficStats) {
- findOrCreateNetworkIdentitySet(mActiveIfaces, stackedIface).add(ident);
- }
+ findOrCreateNetworkIdentitySet(mActiveIfaces, stackedIface).add(ident);
findOrCreateNetworkIdentitySet(mActiveUidIfaces, stackedIface).add(ident);
if (isMobile) {
mobileIfaces.add(stackedIface);
@@ -1864,14 +1882,13 @@
// fold tethering stats and operations into uid snapshot
final NetworkStats tetherSnapshot = getNetworkStatsTethering(STATS_PER_UID);
tetherSnapshot.filter(UID_ALL, ifaces, TAG_ALL);
- mStatsFactory.apply464xlatAdjustments(uidSnapshot, tetherSnapshot,
- mUseBpfTrafficStats);
+ mStatsFactory.apply464xlatAdjustments(uidSnapshot, tetherSnapshot);
uidSnapshot.combineAllValues(tetherSnapshot);
// get a stale copy of uid stats snapshot provided by providers.
final NetworkStats providerStats = getNetworkStatsFromProviders(STATS_PER_UID);
providerStats.filter(UID_ALL, ifaces, TAG_ALL);
- mStatsFactory.apply464xlatAdjustments(uidSnapshot, providerStats, mUseBpfTrafficStats);
+ mStatsFactory.apply464xlatAdjustments(uidSnapshot, providerStats);
uidSnapshot.combineAllValues(providerStats);
uidSnapshot.combineAllValues(mUidOperations);