[ipsec-qtaguid] Reserve mark, add ipsec bw exemptions This change reserves a mark denoting that a packet has already been accounted for, along with adding rules in BandwidthController to support IPSec packets being billed correctly. Bug: 62994731 Test: BandwidthControllerTest updated, passing. CTS tests also modified and passing Change-Id: I8b42975d1502a0d3b9e533bddc0892cfe1556bed

commit: b9baf26777415ce2791fd86f4dd359ac7aab596c [log] [tgz]
author: Benedict Wong <benedictwong@google.com> Sun Dec 03 15:43:08 2017 -0800
committer: Lorenzo Colitti <lorenzo@google.com> Fri Dec 15 06:55:42 2017 +0000
tree: e157535d2f94873c1b6f18c3c4f589b70f1d9d9a
parent: d2cd467ab4b283378b52ae30f7d514b57d9b5194 [diff] [blame]
diff --git a/server/RouteController.cpp b/server/RouteController.cpp
index 198c8a8..2cca6aa 100644
--- a/server/RouteController.cpp
+++ b/server/RouteController.cpp

@@ -425,9 +425,11 @@
     fwmark.protectedFromVpn = true;
     fwmark.permission = permission;
 
-    std::string cmd = StringPrintf("%s %s -i %s -j MARK --set-mark 0x%x",
-                                   add ? "-A" : "-D", RouteController::LOCAL_MANGLE_INPUT,
-                                   interface, fwmark.intValue);
+    const uint32_t mask = ~Fwmark::getUidBillingMask();
+
+    std::string cmd = StringPrintf(
+        "%s %s -i %s -j MARK --set-mark 0x%x/0x%x", add ? "-A" : "-D",
+        RouteController::LOCAL_MANGLE_INPUT, interface, fwmark.intValue, mask);
     if (RouteController::iptablesRestoreCommandFunction(V4V6, "mangle", cmd, nullptr) != 0) {
         ALOGE("failed to change iptables rule that sets incoming packet mark");
         return -EREMOTEIO;
commit	b9baf26777415ce2791fd86f4dd359ac7aab596c	[log] [tgz]
author	Benedict Wong <benedictwong@google.com>	Sun Dec 03 15:43:08 2017 -0800
committer	Lorenzo Colitti <lorenzo@google.com>	Fri Dec 15 06:55:42 2017 +0000
tree	e157535d2f94873c1b6f18c3c4f589b70f1d9d9a
parent	d2cd467ab4b283378b52ae30f7d514b57d9b5194 [diff] [blame]