Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Connectivity / c88610393ddfa679575c4e49e3af60d402978749^1..c88610393ddfa679575c4e49e3af60d402978749 / .
commitc88610393ddfa679575c4e49e3af60d402978749[log] [tgz]
authorMaciej Żenczykowski <maze@google.com>Mon May 22 18:16:07 2023 +0000
committerAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>Mon May 22 18:16:07 2023 +0000
treee7612e9df1f937b56935ff64ecca9393bfcd6d2b
parent61cca7c8e8193b38d5c678fc01d7967ee5ee5d7c [diff]
parentab35e1d45350a2bda86a4fe5ae92fffb4468fcfc [diff]
Merge "netd.c - cleanup AID_CLAT handling" am: ab35e1d453

Original change: https://android-review.googlesource.com/c/platform/packages/modules/Connectivity/+/2596092

Change-Id: I8fd44bcc0bda244f99af50018e8dad05fe9c5d8d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

diff --git a/bpf_progs/netd.c b/bpf_progs/netd.c
index 839ca40..6874382 100644
--- a/bpf_progs/netd.c
+++ b/bpf_progs/netd.c

@@ -412,10 +412,8 @@
 
     // Always allow and never count clat traffic. Only the IPv4 traffic on the stacked
     // interface is accounted for and subject to usage restrictions.
-    // TODO: remove sock_uid check once Nat464Xlat javaland adds the socket tag AID_CLAT for clat.
-    if (sock_uid == AID_CLAT || uid == AID_CLAT) {
-        return PASS;
-    }
+    // CLAT IPv6 TX sockets are *always* tagged with CLAT uid, see tagSocketAsClat()
+    if (uid == AID_CLAT) return PASS;
 
     int match = bpf_owner_match(skb, sock_uid, egress, kver);
 
@@ -502,9 +500,8 @@
     // Clat daemon does not generate new traffic, all its traffic is accounted for already
     // on the v4-* interfaces (except for the 20 (or 28) extra bytes of IPv6 vs IPv4 overhead,
     // but that can be corrected for later when merging v4-foo stats into interface foo's).
-    // TODO: remove sock_uid check once Nat464Xlat javaland adds the socket tag AID_CLAT for clat.
+    // CLAT sockets are created by system server and tagged as uid CLAT, see tagSocketAsClat()
     uint32_t sock_uid = bpf_get_socket_uid(skb);
-    if (sock_uid == AID_CLAT) return BPF_NOMATCH;
     if (sock_uid == AID_SYSTEM) {
         uint64_t cookie = bpf_get_socket_cookie(skb);
         UidTagValue* utag = bpf_cookie_tag_map_lookup_elem(&cookie);