patchpanel: implement traffic tagging for ConnectNamespace
This patch adds fwmark tagging to traffic from network namespaces
configured with the patchpanel ConnectNamespace DBus API. Both the
source tag and the routing tag are added.
The ConnectNamespace implementation has now 3 distinct routing mode:
- tracking default physical network (previously only available mode),
- tracking default logical network, physical or VPN,
- tracking a specific physical network, a-la ARC.
BUG=b:174811524
BUG=b:161508179
BUG=chromium:1156894
TEST=unit tests. $ tast run <DUT_ip> network.TestProxyServer, checked
rules set in iptables -t mangle -L PREROUTING and -L POSTROUTING.
Change-Id: I10d9ea2da6e206f8f2d5270df8680d4351818a97
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform2/+/2574147
Tested-by: Hugo Benichi <hugobenichi@google.com>
Commit-Queue: Hugo Benichi <hugobenichi@google.com>
Reviewed-by: Garrick Evans <garrick@chromium.org>
diff --git a/patchpanel/arc_service_test.cc b/patchpanel/arc_service_test.cc
index 1de745d..cc59dd9 100644
--- a/patchpanel/arc_service_test.cc
+++ b/patchpanel/arc_service_test.cc
@@ -107,7 +107,7 @@
TEST_F(ArcServiceTest, NotStarted_AddDevice) {
EXPECT_CALL(*datapath_, AddBridge(StrEq("arc_eth0"), _, _)).Times(0);
EXPECT_CALL(*datapath_,
- StartRoutingDevice(StrEq("eth0"), StrEq("arc_eth0"), _, _))
+ StartRoutingDevice(StrEq("eth0"), StrEq("arc_eth0"), _, _, false))
.Times(0);
auto svc = NewService(GuestMessage::ARC);
@@ -119,10 +119,10 @@
TEST_F(ArcServiceTest, NotStarted_AddRemoveDevice) {
EXPECT_CALL(*datapath_, AddBridge(StrEq("arc_eth0"), _, _)).Times(0);
EXPECT_CALL(*datapath_,
- StartRoutingDevice(StrEq("eth0"), StrEq("arc_eth0"), _, _))
+ StartRoutingDevice(StrEq("eth0"), StrEq("arc_eth0"), _, _, false))
.Times(0);
EXPECT_CALL(*datapath_,
- StopRoutingDevice(StrEq("eth0"), StrEq("arc_eth0"), _, _))
+ StopRoutingDevice(StrEq("eth0"), StrEq("arc_eth0"), _, _, false))
.Times(0);
EXPECT_CALL(*datapath_, RemoveBridge(StrEq("arc_eth0"))).Times(0);
@@ -275,7 +275,7 @@
StartForwarding(StrEq("eth0"), StrEq("arc_eth0"), _, _));
EXPECT_CALL(*datapath_,
StartRoutingDevice(StrEq("eth0"), StrEq("arc_eth0"),
- kFirstEthGuestIP, TrafficSource::ARC));
+ kFirstEthGuestIP, TrafficSource::ARC, false));
auto svc = NewService(GuestMessage::ARC);
svc->Start(kTestPID);
@@ -360,7 +360,7 @@
StartForwarding(StrEq("eth0"), StrEq("arc_eth0"), _, _));
EXPECT_CALL(*datapath_,
StartRoutingDevice(StrEq("eth0"), StrEq("arc_eth0"),
- kFirstEthGuestIP, TrafficSource::ARC));
+ kFirstEthGuestIP, TrafficSource::ARC, false));
auto svc = NewService(GuestMessage::ARC);
svc->OnDevicesChanged({"eth0"}, {});
@@ -417,9 +417,9 @@
// Expectations for eth0 teardown.
EXPECT_CALL(forwarder_,
StopForwarding(StrEq("eth0"), StrEq("arc_eth0"), _, _));
- EXPECT_CALL(*datapath_,
- StopRoutingDevice(StrEq("eth0"), StrEq("arc_eth0"),
- Ipv4Addr(100, 115, 92, 6), TrafficSource::ARC));
+ EXPECT_CALL(*datapath_, StopRoutingDevice(StrEq("eth0"), StrEq("arc_eth0"),
+ Ipv4Addr(100, 115, 92, 6),
+ TrafficSource::ARC, false));
EXPECT_CALL(*datapath_, RemoveBridge(StrEq("arc_eth0")));
auto svc = NewService(GuestMessage::ARC);
@@ -470,7 +470,7 @@
.WillOnce(Return(true));
EXPECT_CALL(*datapath_, StartRoutingDevice(StrEq("eth0"), StrEq("arc_eth0"),
Ipv4Addr(100, 115, 92, 6),
- TrafficSource::ARC));
+ TrafficSource::ARC, false));
EXPECT_CALL(forwarder_,
StartForwarding(StrEq("eth0"), StrEq("arc_eth0"), _, _));
@@ -500,7 +500,7 @@
.WillOnce(Return(true));
EXPECT_CALL(*datapath_, StartRoutingDevice(StrEq("eth0"), StrEq("arc_eth0"),
Ipv4Addr(100, 115, 92, 6),
- TrafficSource::ARC));
+ TrafficSource::ARC, false));
EXPECT_CALL(forwarder_,
StartForwarding(StrEq("eth0"), StrEq("arc_eth0"), _, _));
// Expectations for wlan0 setup.
@@ -510,7 +510,7 @@
.WillOnce(Return(true));
EXPECT_CALL(*datapath_, StartRoutingDevice(StrEq("wlan0"), StrEq("arc_wlan0"),
Ipv4Addr(100, 115, 92, 14),
- TrafficSource::ARC));
+ TrafficSource::ARC, false));
EXPECT_CALL(forwarder_,
StartForwarding(StrEq("wlan0"), StrEq("arc_wlan0"), _, _));
// Expectations for eth1 setup.
@@ -520,7 +520,7 @@
.WillOnce(Return(true));
EXPECT_CALL(*datapath_, StartRoutingDevice(StrEq("eth1"), StrEq("arc_eth1"),
Ipv4Addr(100, 115, 92, 10),
- TrafficSource::ARC));
+ TrafficSource::ARC, false));
EXPECT_CALL(forwarder_,
StartForwarding(StrEq("eth1"), StrEq("arc_eth1"), _, _));
@@ -583,15 +583,15 @@
.WillOnce(Return(true));
EXPECT_CALL(*datapath_, StartRoutingDevice(StrEq("eth0"), StrEq("arc_eth0"),
Ipv4Addr(100, 115, 92, 6),
- TrafficSource::ARC));
+ TrafficSource::ARC, false));
EXPECT_CALL(forwarder_,
StartForwarding(StrEq("eth0"), StrEq("arc_eth0"), _, _));
// Expectations for eth0 teardown.
EXPECT_CALL(forwarder_,
StopForwarding(StrEq("eth0"), StrEq("arc_eth0"), _, _));
- EXPECT_CALL(*datapath_,
- StopRoutingDevice(StrEq("eth0"), StrEq("arc_eth0"),
- Ipv4Addr(100, 115, 92, 6), TrafficSource::ARC));
+ EXPECT_CALL(*datapath_, StopRoutingDevice(StrEq("eth0"), StrEq("arc_eth0"),
+ Ipv4Addr(100, 115, 92, 6),
+ TrafficSource::ARC, false));
EXPECT_CALL(*datapath_, RemoveBridge(StrEq("arc_eth0")));
auto svc = NewService(GuestMessage::ARC_VM);