netd.c - only check clat uid on egress am: fca4ee4f08 am: 323be88eda am: dab9b00271 Original change: https://android-review.googlesource.com/c/platform/packages/modules/Connectivity/+/2730954 Change-Id: I129fb0d5e3387e49f69fd051c9b7d4430bc0e46e Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

commit: ea858505cb74f788bd903251f82ab29365c9314e [log] [tgz]
author: Maciej Żenczykowski <maze@google.com> Tue Aug 29 20:53:45 2023 +0000
committer: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> Tue Aug 29 20:53:45 2023 +0000
tree: 98fcdff35dc15f6b54791c702926b4376b139cf2
parent: 702d6fdaab98e4f8e1b131d22d0cf46562e8de0d [diff]
parent: dab9b00271fee3f42b4a34a0f99ac68c2896117b [diff]
diff --git a/bpf_progs/netd.c b/bpf_progs/netd.c
index 74b09e7..9f5c743 100644
--- a/bpf_progs/netd.c
+++ b/bpf_progs/netd.c

@@ -413,7 +413,8 @@
     // Always allow and never count clat traffic. Only the IPv4 traffic on the stacked
     // interface is accounted for and subject to usage restrictions.
     // CLAT IPv6 TX sockets are *always* tagged with CLAT uid, see tagSocketAsClat()
-    if (uid == AID_CLAT) return PASS;
+    // CLAT daemon receives via an untagged AF_PACKET socket.
+    if (egress && uid == AID_CLAT) return PASS;
 
     int match = bpf_owner_match(skb, sock_uid, egress, kver);
commit	ea858505cb74f788bd903251f82ab29365c9314e	[log] [tgz]
author	Maciej Żenczykowski <maze@google.com>	Tue Aug 29 20:53:45 2023 +0000
committer	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	Tue Aug 29 20:53:45 2023 +0000
tree	98fcdff35dc15f6b54791c702926b4376b139cf2
parent	702d6fdaab98e4f8e1b131d22d0cf46562e8de0d [diff]
parent	dab9b00271fee3f42b4a34a0f99ac68c2896117b [diff]