Use xt_bpf programs to do bandwidth control
To completely move away from xt_qtaguid module, the bandwidth controller
should not using it for uid owner match any more. Instead, it can use a
eBPF map to store the uid need to be matched and use two eBPF program
running on the xt_bpf hooks to filter out the packet.
Bug: 80649292
Test: ./netd_unit_test
Change-Id: I8e9c7cb3371aae0c24ccc6f64e05e6cbd4f78aae
diff --git a/server/BandwidthController.h b/server/BandwidthController.h
index efacdce..3f6c0ad 100644
--- a/server/BandwidthController.h
+++ b/server/BandwidthController.h
@@ -33,7 +33,7 @@
BandwidthController();
int setupIptablesHooks();
- static bool getBpfStatsStatus();
+ static bool getBpfStatus();
int enableBandwidthControl(bool force);
int disableBandwidthControl();
@@ -69,6 +69,9 @@
static const char LOCAL_RAW_PREROUTING[];
static const char LOCAL_MANGLE_POSTROUTING[];
+ enum IptJumpOp { IptJumpReject, IptJumpReturn, IptJumpNoAdd };
+ enum IptOp { IptOpInsert, IptOpDelete };
+
private:
struct QuotaInfo {
int64_t quota;
@@ -77,8 +80,6 @@
enum IptIpVer { IptIpV4, IptIpV6 };
enum IptFullOp { IptFullOpInsert, IptFullOpDelete, IptFullOpAppend };
- enum IptJumpOp { IptJumpReject, IptJumpReturn, IptJumpNoAdd };
- enum IptOp { IptOpInsert, IptOpDelete };
enum QuotaType { QuotaUnique, QuotaShared };
enum RunCmdErrHandling { RunCmdFailureBad, RunCmdFailureOk };
#if LOG_NDEBUG
@@ -125,6 +126,8 @@
static const char *opToString(IptOp op);
static const char *jumpToString(IptJumpOp jumpHandling);
+ bool mBpfSupported;
+
int64_t mSharedQuotaBytes = 0;
int64_t mSharedAlertBytes = 0;
int64_t mGlobalAlertBytes = 0;