commit af2021bb04c2dd2ce1dcd4e192f1b57874070014
author Hugo Benichi <hugobenichi@google.com> Fri Nov 20 14:07:16 2020 +0900
committer Commit Bot <commit-bot@chromium.org> Wed Dec 09 13:35:23 2020 +0000
tree d464a959dfbabd6d07643d82ab58ab8bb2f5e412
parent ddf00848aff6f2c9ea36b56c59f43e34614fe06d

patchpanel: add traffic accounting rules for sources

This patch adds to the traffic accounting chains the traffic counter
rules matching individual sources based on the fwmark source tag of the
traffic.

BUG=b:160112868
TEST=unit tests, flashed rammus, checked with iptables that counter
rules are incremented. Checked GetTrafficCounters still work with:
  $ dbus-send --system --dest=org.chromium.PatchPanel --print-reply \
    /org/chromium/PatchPanel org.chromium.PatchPanel.GetTrafficCounters

Change-Id: I24b29911923ecf227837c17447959201fa980431
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform2/+/2562981
Reviewed-by: Jie Jiang <jiejiang@chromium.org>
Commit-Queue: Hugo Benichi <hugobenichi@google.com>
Tested-by: Hugo Benichi <hugobenichi@google.com>

patchpanel/counters_service_test.cc

diff --git a/patchpanel/counters_service_test.cc b/patchpanel/counters_service_test.cc
index 6e6bcc4..72a3118 100644
--- a/patchpanel/counters_service_test.cc
+++ b/patchpanel/counters_service_test.cc
@@ -173,13 +173,50 @@
   // The following commands are expected when eth0 comes up.
   const std::vector<std::vector<std::string>> expected_calls{
       {"-N", "rx_eth0", "-w"},
+      {"-N", "tx_eth0", "-w"},
       {"-A", "INPUT", "-i", "eth0", "-j", "rx_eth0", "-w"},
       {"-A", "FORWARD", "-i", "eth0", "-j", "rx_eth0", "-w"},
-      {"-A", "rx_eth0", "-w"},
-
-      {"-N", "tx_eth0", "-w"},
       {"-A", "POSTROUTING", "-o", "eth0", "-j", "tx_eth0", "-w"},
-      {"-A", "tx_eth0", "-w"},
+      {"-A", "tx_eth0", "-m", "mark", "--mark", "0x00000100/0x00003f00", "-j",
+       "RETURN", "-w"},
+      {"-A", "tx_eth0", "-m", "mark", "--mark", "0x00000200/0x00003f00", "-j",
+       "RETURN", "-w"},
+      {"-A", "tx_eth0", "-m", "mark", "--mark", "0x00000300/0x00003f00", "-j",
+       "RETURN", "-w"},
+      {"-A", "tx_eth0", "-m", "mark", "--mark", "0x00000400/0x00003f00", "-j",
+       "RETURN", "-w"},
+      {"-A", "tx_eth0", "-m", "mark", "--mark", "0x00000500/0x00003f00", "-j",
+       "RETURN", "-w"},
+      {"-A", "tx_eth0", "-m", "mark", "--mark", "0x00002000/0x00003f00", "-j",
+       "RETURN", "-w"},
+      {"-A", "tx_eth0", "-m", "mark", "--mark", "0x00002100/0x00003f00", "-j",
+       "RETURN", "-w"},
+      {"-A", "tx_eth0", "-m", "mark", "--mark", "0x00002200/0x00003f00", "-j",
+       "RETURN", "-w"},
+      {"-A", "tx_eth0", "-m", "mark", "--mark", "0x00002300/0x00003f00", "-j",
+       "RETURN", "-w"},
+      {"-A", "tx_eth0", "-m", "mark", "--mark", "0x00002400/0x00003f00", "-j",
+       "RETURN", "-w"},
+      {"-A", "rx_eth0", "-m", "mark", "--mark", "0x00000100/0x00003f00", "-j",
+       "RETURN", "-w"},
+      {"-A", "rx_eth0", "-m", "mark", "--mark", "0x00000200/0x00003f00", "-j",
+       "RETURN", "-w"},
+      {"-A", "rx_eth0", "-m", "mark", "--mark", "0x00000300/0x00003f00", "-j",
+       "RETURN", "-w"},
+      {"-A", "rx_eth0", "-m", "mark", "--mark", "0x00000400/0x00003f00", "-j",
+       "RETURN", "-w"},
+      {"-A", "rx_eth0", "-m", "mark", "--mark", "0x00000500/0x00003f00", "-j",
+       "RETURN", "-w"},
+      {"-A", "rx_eth0", "-m", "mark", "--mark", "0x00002000/0x00003f00", "-j",
+       "RETURN", "-w"},
+      {"-A", "rx_eth0", "-m", "mark", "--mark", "0x00002100/0x00003f00", "-j",
+       "RETURN", "-w"},
+      {"-A", "rx_eth0", "-m", "mark", "--mark", "0x00002200/0x00003f00", "-j",
+       "RETURN", "-w"},
+      {"-A", "rx_eth0", "-m", "mark", "--mark", "0x00002300/0x00003f00", "-j",
+       "RETURN", "-w"},
+      {"-A", "rx_eth0", "-m", "mark", "--mark", "0x00002400/0x00003f00", "-j",
+       "RETURN", "-w"},
   };
 
   for (const auto& rule : expected_calls) {