Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit 083688fd authored by Maciej Żenczykowski's avatar Maciej Żenczykowski
Browse files

ClatdController - unconditionally ip6tables drop incoming 464xlat destined frames



Incoming 464xlat destined packets should either have been ebpf offloaded to
ipv4 prior to even making it to ip6tables, or will be picked up by clatd's
AF_PACKET raw socket, and thus do not need to hit the IPv6 stack either.

Making it unconditional should simplify things, and fixes a bug where these
packets can result in the IPv6 stack sending back errors or double delivering
to AF_INET6 UDP :: bound dualstack sockets (one IPv6 and one IPv4 copy).

Note: This potentially breaks traffic accounting.
But that's already broken, just in a different way.
We'll need to fix that as part of the linked bugs once we have decent tests,
so that we actually know *what* doesn't work.

Basically this patch - even though it might cause fallout - moves us in the
right direction.

Test: atest bpf_module_test clatd_test libbpf_android_test libnetdbpf_test
  netd_integration_test netd_unit_test netdutils_test resolv_integration_test
  resolv_unit_test
Related-Bug: 136696213
Bug: 65674744
Bug: 79546774
Signed-off-by: default avatarMaciej Żenczykowski <maze@google.com>
Change-Id: I2f2769d8de4b6057782d565c96ed92d9f9e4ce30
parent 9400524d
Loading
Loading
Loading
Loading
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment