commit cc779fbd3155a7bc19a9cf634b63a58ae9731c99
author Maciej Żenczykowski <maze@google.com> Fri Mar 03 17:54:42 2023 +0000
committer Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> Fri Mar 03 17:54:42 2023 +0000
tree 2624b1e98e07aa57103f96650b95b065fdb0c686
parent ab8a7c34315c782e460d75b51e561e88601d9273
parent bfb28d7014d11e9432f3663ad176b910d2f5b52e

Merge "netd bpf - no-op code hygiene fix for DROP_UNLESS_DNS" am: bfb28d7014

Original change: https://android-review.googlesource.com/c/platform/packages/modules/Connectivity/+/2465231

Change-Id: I41225d2ad080663a83c37ded4f0d145a8fb303d6
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

bpf_progs/netd.c

diff --git a/bpf_progs/netd.c b/bpf_progs/netd.c
index 84da79d..cb0da19 100644
--- a/bpf_progs/netd.c
+++ b/bpf_progs/netd.c
@@ -415,11 +415,6 @@
     }
 
     int match = bpf_owner_match(skb, sock_uid, egress, kver);
-    if (egress && (match == DROP)) {
-        // If an outbound packet is going to be dropped, we do not count that
-        // traffic.
-        return match;
-    }
 
 // Workaround for secureVPN with VpnIsolation enabled, refer to b/159994981 for details.
 // Keep TAG_SYSTEM_DNS in sync with DnsResolver/include/netd_resolv/resolv.h
@@ -432,6 +427,9 @@
         if (match == DROP_UNLESS_DNS) match = DROP;
     }
 
+    // If an outbound packet is going to be dropped, we do not count that traffic.
+    if (egress && (match == DROP)) return DROP;
+
     StatsKey key = {.uid = uid, .tag = tag, .counterSet = 0, .ifaceIndex = skb->ifindex};
 
     uint8_t* counterSet = bpf_uid_counterset_map_lookup_elem(&uid);