netd.c - only check clat uid on egress am: fca4ee4f08 am: 323be88eda Original change: https://android-review.googlesource.com/c/platform/packages/modules/Connectivity/+/2730954 Change-Id: I7e5eaf823dc63cd339e42d86a3339be17a0aab2c Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

commit: dab9b00271fee3f42b4a34a0f99ac68c2896117b [log] [tgz]
author: Maciej Żenczykowski <maze@google.com> Tue Aug 29 20:04:41 2023 +0000
committer: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> Tue Aug 29 20:04:41 2023 +0000
tree: 37a4b9f7f5725529d4a88c2be979c382aa553532
parent: 7a958e85b86a1359ff2abbb6355a11c31b964d9e [diff]
parent: 323be88eda52bab363d16933c32ada7d73d15793 [diff]
diff --git a/bpf_progs/netd.c b/bpf_progs/netd.c
index 74b09e7..9f5c743 100644
--- a/bpf_progs/netd.c
+++ b/bpf_progs/netd.c

@@ -413,7 +413,8 @@
     // Always allow and never count clat traffic. Only the IPv4 traffic on the stacked
     // interface is accounted for and subject to usage restrictions.
     // CLAT IPv6 TX sockets are *always* tagged with CLAT uid, see tagSocketAsClat()
-    if (uid == AID_CLAT) return PASS;
+    // CLAT daemon receives via an untagged AF_PACKET socket.
+    if (egress && uid == AID_CLAT) return PASS;
 
     int match = bpf_owner_match(skb, sock_uid, egress, kver);
commit	dab9b00271fee3f42b4a34a0f99ac68c2896117b	[log] [tgz]
author	Maciej Żenczykowski <maze@google.com>	Tue Aug 29 20:04:41 2023 +0000
committer	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	Tue Aug 29 20:04:41 2023 +0000
tree	37a4b9f7f5725529d4a88c2be979c382aa553532
parent	7a958e85b86a1359ff2abbb6355a11c31b964d9e [diff]
parent	323be88eda52bab363d16933c32ada7d73d15793 [diff]