Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / system / netd / 95892f35e7aad3502ccb57d5243d7b34a398d209^! / . / server / BandwidthControllerTest.cpp
commit95892f35e7aad3502ccb57d5243d7b34a398d209[log] [tgz]
authorChenbo Feng <fengc@google.com>Thu Jun 07 14:52:02 2018 -0700
committerChenbo Feng <fengc@google.com>Thu Jun 21 15:31:43 2018 -0700
tree81b5e2b053c036de6f427eb7adc2c978ea6ae205
parent486462f07d5a44bcb04685c5919e15c07be943e0 [diff] [blame]
Use xt_bpf programs to do bandwidth control

To completely move away from xt_qtaguid module, the bandwidth controller
should not using it for uid owner match any more. Instead, it can use a
eBPF map to store the uid need to be matched and use two eBPF program
running on the xt_bpf hooks to filter out the packet.

Bug: 80649292
Test: ./netd_unit_test
Change-Id: I8e9c7cb3371aae0c24ccc6f64e05e6cbd4f78aae

diff --git a/server/BandwidthControllerTest.cpp b/server/BandwidthControllerTest.cpp
index 938cea0..95af148 100644
--- a/server/BandwidthControllerTest.cpp
+++ b/server/BandwidthControllerTest.cpp

@@ -46,8 +46,10 @@
 
 using android::base::Join;
 using android::base::StringPrintf;
+using android::bpf::XT_BPF_BLACKLIST_PROG_PATH;
 using android::bpf::XT_BPF_EGRESS_PROG_PATH;
 using android::bpf::XT_BPF_INGRESS_PROG_PATH;
+using android::bpf::XT_BPF_WHITELIST_PROG_PATH;
 using android::net::TunInterface;
 using android::netdutils::status::ok;
 using android::netdutils::UniqueFile;
@@ -180,7 +182,7 @@
     std::string expectedClean = "";
 
     uint32_t uidBillingMask = Fwmark::getUidBillingMask();
-    bool useBpf = BandwidthController::getBpfStatsStatus();
+    bool useBpf = BandwidthController::getBpfStatus();
     std::string expectedAccounting =
         "*filter\n"
         "-A bw_INPUT -p esp -j RETURN\n" +
@@ -191,11 +193,24 @@
         "-A bw_OUTPUT -o " IPSEC_IFACE_PREFIX "+ -j RETURN\n"
         "-A bw_OUTPUT -m policy --pol ipsec --dir out -j RETURN\n"
         "-A bw_OUTPUT -m owner --socket-exists\n"
-        "-A bw_costly_shared --jump bw_penalty_box\n"
-        "-A bw_penalty_box --jump bw_happy_box\n"
-        "-A bw_happy_box --jump bw_data_saver\n"
-        "-A bw_data_saver -j RETURN\n"
-        "-I bw_happy_box -m owner --uid-owner 0-9999 --jump RETURN\n"
+        "-A bw_costly_shared --jump bw_penalty_box\n";
+    if (useBpf) {
+        expectedAccounting +=
+            StringPrintf("-I bw_penalty_box -m bpf --object-pinned %s -j REJECT\n",
+                         XT_BPF_BLACKLIST_PROG_PATH) +
+            "-A bw_penalty_box --jump bw_happy_box\n" +
+            "-A bw_happy_box --jump bw_data_saver\n"
+            "-A bw_data_saver -j RETURN\n" +
+            StringPrintf("-I bw_happy_box -m bpf --object-pinned %s -j RETURN\n",
+                         XT_BPF_WHITELIST_PROG_PATH);
+    } else {
+        expectedAccounting +=
+            "\n-A bw_penalty_box --jump bw_happy_box\n"
+            "-A bw_happy_box --jump bw_data_saver\n"
+            "-A bw_data_saver -j RETURN\n"
+            "-I bw_happy_box -m owner --uid-owner 0-9999 --jump RETURN\n";
+    }
+    expectedAccounting +=
         "COMMIT\n"
         "*raw\n"
         "-A bw_raw_PREROUTING -i " IPSEC_IFACE_PREFIX "+ -j RETURN\n"
@@ -506,6 +521,7 @@
 }
 
 TEST_F(BandwidthControllerTest, ManipulateSpecialApps) {
+    if (BandwidthController::getBpfStatus()) return;
     std::vector<const char *> appUids = { "1000", "1001", "10012" };
 
     std::vector<std::string> expected = {