Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / system / netd / d8b6a38997944e92eccbaa3071fe06f7034fd435^! / . / server / XfrmControllerTest.cpp
commitd8b6a38997944e92eccbaa3071fe06f7034fd435[log] [tgz]
authorBenedict Wong <benedictwong@google.com>Tue Sep 18 17:16:10 2018 -0700
committerBenedict Wong <benedictwong@google.com>Thu Nov 22 03:39:54 2018 +0000
tree778ec4c9d1b312d4ae55f9ac281b97982b1cc8d6
parent0fba37baac4d439d557b7b54dcc67e67ac9af155 [diff] [blame]
Always set additional fwmark bits in output mark

This change always selects the protectFromVpn explicitlySelected and
permission bits in the output mark of any tunnel mode SAs. This ensures
that IWLAN and other telephony traffic does not get funneled through
VPNs.

Bug: 116035464
Test: Binder, unit tests passing.
Change-Id: I873e287e0919c05772a39119c88bd358552232a1

diff --git a/server/XfrmControllerTest.cpp b/server/XfrmControllerTest.cpp
index 5b90860..5539dab 100644
--- a/server/XfrmControllerTest.cpp
+++ b/server/XfrmControllerTest.cpp

@@ -43,8 +43,10 @@
 #include <android-base/unique_fd.h>
 #include <gtest/gtest.h>
 
+#include "Fwmark.h"
 #include "NetdConstants.h"
 #include "NetlinkCommands.h"
+#include "Permission.h"
 #include "Stopwatch.h"
 #include "XfrmController.h"
 #include "android/net/INetd.h"
@@ -101,7 +103,7 @@
 static constexpr int DROID_SPI = 0xD1201D;
 static constexpr size_t KEY_LENGTH = 32;
 static constexpr int NLMSG_DEFAULTSIZE = 8192;
-static constexpr uint32_t TEST_XFRM_OUTPUT_MARK = 0x512;
+static constexpr uint16_t TEST_XFRM_OUTPUT_MARK = 0x512;
 static constexpr uint32_t TEST_XFRM_MARK = 0x123;
 static constexpr uint32_t TEST_XFRM_MASK = 0xFFFFFFFF;
 
@@ -365,7 +367,12 @@
     EXPECT_EQ(TEST_XFRM_MARK, mark.mark.v);
     EXPECT_EQ(TEST_XFRM_MASK, mark.mark.m);
     if (underlying_netid) {
-        EXPECT_EQ(TEST_XFRM_OUTPUT_MARK, outputmark.outputMark);
+        Fwmark fwmark;
+        fwmark.intValue = outputmark.outputMark;
+        EXPECT_EQ(underlying_netid, fwmark.netId);
+        EXPECT_EQ(PERMISSION_SYSTEM, fwmark.permission);
+        EXPECT_TRUE(fwmark.explicitlySelected);
+        EXPECT_TRUE(fwmark.protectedFromVpn);
     }
 }