Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / system / netd / 4f6c237759e8bdc3ace937ad0eaaf9be893702da^! / . / server / TrafficController.h
commit4f6c237759e8bdc3ace937ad0eaaf9be893702da[log] [tgz]
authorChenbo Feng <fengc@google.com>Thu Apr 26 10:37:55 2018 -0700
committerChenbo Feng <fengc@google.com>Tue May 29 20:15:36 2018 -0700
tree879ef9b7a8959b884a02a8787845bd63023828d1
parent4961637a73fdf36b613114398b466257928f28bd [diff] [blame]
refactor bpf maps into class

Use a class object to wrap up the bpf map file descriptor and provide
some base function to look up, write and delete the map content. The map
class also have a nested iterator class to iterate over the map and two
helper function to simplify the iterating process. Removed the
mDeleteStatsMutex since it cannot prevent framework side to read the
stats while we are deleting the stats and all the other netd operation
on the stats related map doesn't need to iterate through the map anyway.

Bug: 78250686
Test: netd_unit_test libbpf_test
Change-Id: I358ba65f7022fd03f8ca573550055734052b6fd2

diff --git a/server/TrafficController.h b/server/TrafficController.h
index b810bf8..05d91df 100644
--- a/server/TrafficController.h
+++ b/server/TrafficController.h

@@ -25,26 +25,13 @@
 #include "Network.h"
 #include "android-base/thread_annotations.h"
 #include "android-base/unique_fd.h"
+#include "bpf/BpfMap.h"
 
-// Since we cannot garbage collect the stats map since device boot, we need to make these maps as
-// large as possible. The current rlimit of MEM_LOCK allows at most 10000 map entries for each
-// stats map. In the old qtaguid module, we don't have a total limit for data entries but only have
-// limitation of tags each uid can have. (default is 1024 in kernel);
-// cookie_uid_map:      key:  8 bytes, value:  8 bytes, total:10000*8*2 bytes         =  160Kbytes
-// uid_counter_set_map: key:  4 bytes, value:  4 bytes, total:10000*4*2 bytes         =   80Kbytes
-// uid_stats_map:       key: 16 bytes, value: 32 bytes, total:10000*16+10000*32 bytes =  480Kbytes
-// tag_stats_map:       key: 16 bytes, value: 32 bytes, total:10000*16+10000*32 bytes =  480Kbytes
-// iface_index_name_map:key:  4 bytes, value: 32 bytes, total:10000*36 bytes          =  360Kbytes
-// total:                                                                               1560Kbytes
-constexpr const int COOKIE_UID_MAP_SIZE = 10000;
-constexpr const int UID_COUNTERSET_MAP_SIZE = 10000;
-constexpr const int UID_STATS_MAP_SIZE = 10000;
-constexpr const int TAG_STATS_MAP_SIZE = 10000;
-constexpr const int IFACE_INDEX_NAME_MAP_SIZE = 1000;
-constexpr const int IFACE_STATS_MAP_SIZE = 1000;
-constexpr const int UID_OWNER_MAP_SIZE = 10000;
-
-constexpr const int COUNTERSETS_LIMIT = 2;
+using android::bpf::BpfMap;
+using android::bpf::IfaceValue;
+using android::bpf::StatsKey;
+using android::bpf::StatsValue;
+using android::bpf::UidTag;
 
 namespace android {
 namespace net {
@@ -110,13 +97,14 @@
     int replaceUidOwnerMap(const std::string& name, bool isWhitelist,
                            const std::vector<int32_t>& uids);
 
-    int updateOwnerMapEntry(const base::unique_fd& map_fd, uid_t uid, FirewallRule rule,
-                            FirewallType type);
+    netdutils::Status updateOwnerMapEntry(BpfMap<uint32_t, uint8_t>& map, uid_t uid,
+                                          FirewallRule rule, FirewallType type);
 
     void dump(DumpWriter& dw, bool verbose);
 
-    int replaceUidsInMap(const base::unique_fd& map_fd, const std::vector<int32_t> &uids,
-                         FirewallRule rule, FirewallType type);
+    netdutils::Status replaceUidsInMap(BpfMap<uint32_t, uint8_t>& map,
+                                       const std::vector<int32_t>& uids, FirewallRule rule,
+                                       FirewallType type);
 
     static const String16 DUMP_KEYWORD;
 
@@ -133,7 +121,7 @@
      * Map Key: uint64_t socket cookie
      * Map Value: struct UidTag, contains a uint32 uid and a uint32 tag.
      */
-    base::unique_fd mCookieTagMap;
+    BpfMap<uint64_t, UidTag> mCookieTagMap;
 
     /*
      * mUidCounterSetMap: Store the counterSet of a specific uid.
@@ -141,7 +129,7 @@
      * Map Value: uint32 counterSet specifies if the traffic is a background
      * or foreground traffic.
      */
-    base::unique_fd mUidCounterSetMap;
+    BpfMap<uint32_t, uint8_t> mUidCounterSetMap;
 
     /*
      * mUidStatsMap: Store the traffic statistics for a specific combination of
@@ -153,7 +141,7 @@
      * Map Value: struct Stats, contains packet count and byte count of each
      * transport protocol on egress and ingress direction.
      */
-    base::unique_fd mUidStatsMap GUARDED_BY(mDeleteStatsMutex);
+    BpfMap<StatsKey, StatsValue> mUidStatsMap;
 
     /*
      * mTagStatsMap: Store the traffic statistics for a specific combination of
@@ -164,39 +152,38 @@
      * Map Value: struct Stats, contains packet count and byte count of each
      * transport protocol on egress and ingress direction.
      */
-    base::unique_fd mTagStatsMap GUARDED_BY(mDeleteStatsMutex);
-
+    BpfMap<StatsKey, StatsValue> mTagStatsMap;
 
     /*
      * mIfaceIndexNameMap: Store the index name pair of each interface show up
      * on the device since boot. The interface index is used by the eBPF program
      * to correctly match the iface name when receiving a packet.
      */
-    base::unique_fd mIfaceIndexNameMap;
+    BpfMap<uint32_t, IfaceValue> mIfaceIndexNameMap;
 
     /*
      * mIfaceStataMap: Store per iface traffic stats gathered from xt_bpf
      * filter.
      */
-    base::unique_fd mIfaceStatsMap;
+    BpfMap<uint32_t, StatsValue> mIfaceStatsMap;
 
     /*
      * mDozableUidMap: Store uids that have related rules in dozable mode owner match
      * chain.
      */
-    base::unique_fd mDozableUidMap GUARDED_BY(mOwnerMatchMutex);
+    BpfMap<uint32_t, uint8_t> mDozableUidMap GUARDED_BY(mOwnerMatchMutex);
 
     /*
      * mStandbyUidMap: Store uids that have related rules in standby mode owner match
      * chain.
      */
-    base::unique_fd mStandbyUidMap GUARDED_BY(mOwnerMatchMutex);
+    BpfMap<uint32_t, uint8_t> mStandbyUidMap GUARDED_BY(mOwnerMatchMutex);
 
     /*
      * mPowerSaveUidMap: Store uids that have related rules in power save mode owner match
      * chain.
      */
-    base::unique_fd mPowerSaveUidMap GUARDED_BY(mOwnerMatchMutex);
+    BpfMap<uint32_t, uint8_t> mPowerSaveUidMap GUARDED_BY(mOwnerMatchMutex);
 
     std::unique_ptr<NetlinkListenerInterface> mSkDestroyListener;
 
@@ -204,18 +191,6 @@
 
     std::mutex mOwnerMatchMutex;
 
-    // When aquiring both mOwnerMatchMutex and mDeleteStatsMutex,
-    // mOwnerMatchMutex must be grabbed first to prevent protential deadlock.
-    // This lock need to be hold when deleting from any stats map which we
-    // can iterate which are uidStatsMap and tagStatsMap. We don't need this
-    // lock to guard mUidCounterSetMap because we always directly look up /
-    // write / delete the map by uid. Also we don't need this lock for
-    // mCookieTagMap since the only time we need to iterate the map is
-    // deleteTagStats and we don't care if we failed and started from the
-    // beginning, since we will eventually scan through the map and delete all
-    // target entries.
-    std::mutex mDeleteStatsMutex;
-
     netdutils::Status loadAndAttachProgram(bpf_attach_type type, const char* path, const char* name,
                                            base::unique_fd& cg_fd);