Use xt_bpf programs to do bandwidth control
To completely move away from xt_qtaguid module, the bandwidth controller
should not using it for uid owner match any more. Instead, it can use a
eBPF map to store the uid need to be matched and use two eBPF program
running on the xt_bpf hooks to filter out the packet.
Bug: 80649292
Test: ./netd_unit_test
Change-Id: I8e9c7cb3371aae0c24ccc6f64e05e6cbd4f78aae
diff --git a/server/TrafficController.h b/server/TrafficController.h
index 79f7d14..e4e32f4 100644
--- a/server/TrafficController.h
+++ b/server/TrafficController.h
@@ -20,12 +20,14 @@
#include <linux/bpf.h>
#include <netdutils/StatusOr.h>
+#include "BandwidthController.h"
#include "FirewallController.h"
#include "NetlinkListener.h"
#include "Network.h"
#include "android-base/thread_annotations.h"
#include "android-base/unique_fd.h"
#include "bpf/BpfMap.h"
+#include "bpf/bpf_shared.h"
using android::bpf::BpfMap;
using android::bpf::IfaceValue;
@@ -106,6 +108,9 @@
const std::vector<int32_t>& uids, FirewallRule rule,
FirewallType type);
+ netdutils::Status updateBandwidthUidMap(const std::vector<std::string>& appStrUids,
+ BandwidthController::IptJumpOp jumpHandling,
+ BandwidthController::IptOp op);
static const String16 DUMP_KEYWORD;
int toggleUidOwnerMap(ChildChain chain, bool enable);
@@ -192,6 +197,11 @@
*/
BpfMap<uint32_t, uint8_t> mPowerSaveUidMap GUARDED_BY(mOwnerMatchMutex);
+ /*
+ * mBandwidthUidMap: Store uids that are used for bandwidth control uid match.
+ */
+ BpfMap<uint32_t, uint8_t> mBandwidthUidMap;
+
std::unique_ptr<NetlinkListenerInterface> mSkDestroyListener;
bool ebpfSupported;
@@ -202,6 +212,8 @@
base::unique_fd& cg_fd);
netdutils::Status initMaps();
+
+ BandwithMatchType jumpOpToMatch(BandwidthController::IptJumpOp jumpHandling);
// For testing
friend class TrafficControllerTest;
};