Add xt_owner module support in trafficController
Add bpf maps for recording rules about socket owner uid filtering.
Modified the bpf program so that packets with uid listed in the
the uidOwnerMap will get handled according to userspace settings
Test: bpf program can be loaded and attached when boot
Bug: 72381727 30950746
Change-Id: I39497334fcb5e200dbf07a0046b85c227d59e2d7
diff --git a/server/IptablesRestoreControllerTest.cpp b/server/IptablesRestoreControllerTest.cpp
index 017870f..8194f58 100644
--- a/server/IptablesRestoreControllerTest.cpp
+++ b/server/IptablesRestoreControllerTest.cpp
@@ -32,6 +32,7 @@
#include "IptablesRestoreController.h"
#include "NetdConstants.h"
#include "Stopwatch.h"
+#include "bpf/BpfUtils.h"
#define XT_LOCK_NAME "/system/etc/xtables.lock"
#define XT_LOCK_ATTEMPTS 10
@@ -39,6 +40,9 @@
using android::base::Join;
using android::base::StringPrintf;
+using android::bpf::DOZABLE_UID_MAP_PATH;
+using android::bpf::STANDBY_UID_MAP_PATH;
+using android::bpf::POWERSAVE_UID_MAP_PATH;
using android::netdutils::ScopedMockSyscalls;
using testing::Return;
using testing::StrictMock;
@@ -250,13 +254,16 @@
EXPECT_EQ(expected, output);
}
+
TEST_F(IptablesRestoreControllerTest, TestUidRuleBenchmark) {
const std::vector<int> ITERATIONS = { 1, 5, 10 };
const std::string IPTABLES_RESTORE_ADD =
- "*filter\n-I fw_powersave -m owner --uid-owner 2000000000 -j RETURN\nCOMMIT\n";
+ StringPrintf("*filter\n-I %s -m owner --uid-owner 2000000000 -j RETURN\nCOMMIT\n",
+ mChainName.c_str());
const std::string IPTABLES_RESTORE_DEL =
- "*filter\n-D fw_powersave -m owner --uid-owner 2000000000 -j RETURN\nCOMMIT\n";
+ StringPrintf("*filter\n-D %s -m owner --uid-owner 2000000000 -j RETURN\nCOMMIT\n",
+ mChainName.c_str());
for (const int iterations : ITERATIONS) {
Stopwatch s;