Delete all EOTs in iptables commands and remove fixCommandString.
Test: bullead builds and boots with no iptables errors
Test: netd_{unit,integration}_test pass
Bug: 32323979
Change-Id: I33ad04ee8f0562bcd4e14046352c934cd2039a5d
diff --git a/server/IptablesRestoreController.cpp b/server/IptablesRestoreController.cpp
index 7f54ea5..9eb023b 100644
--- a/server/IptablesRestoreController.cpp
+++ b/server/IptablesRestoreController.cpp
@@ -232,16 +232,7 @@
process->reset(newProcess);
}
- // TODO: Investigate why this horrible hackery is necessary. We're currently
- // sending iptables[6]-restore malformed commands. They appear to contain garbage
- // after the last "\n". They obviously "work" because we fork a new process
- // for every command so it doesn't matter whether the process chokes after
- // the last successful COMMIT.
- const std::string fixedCommand = fixCommandString(command);
-
- if (!android::base::WriteFully((*process)->stdIn,
- fixedCommand.data(),
- fixedCommand.length())) {
+ if (!android::base::WriteFully((*process)->stdIn, command.data(), command.length())) {
ALOGE("Unable to send command: %s", strerror(errno));
return -1;
}
@@ -251,7 +242,7 @@
return -1;
}
- if (!drainAndWaitForAck(*process, fixedCommand, output)) {
+ if (!drainAndWaitForAck(*process, command, output)) {
// drainAndWaitForAck has already logged an error.
return -1;
}
@@ -259,13 +250,6 @@
return 0;
}
-/* static */
-std::string IptablesRestoreController::fixCommandString(const std::string& command) {
- std::string commandDup = command;
- commandDup.erase(commandDup.find_last_of("\n") + 1);
- return commandDup;
-}
-
void IptablesRestoreController::maybeLogStderr(const std::unique_ptr<IptablesProcess> &process,
const std::string& command) {
if (process->errBuf.empty()) {
diff --git a/server/IptablesRestoreController.h b/server/IptablesRestoreController.h
index a9b18e0..a9b6fdc 100644
--- a/server/IptablesRestoreController.h
+++ b/server/IptablesRestoreController.h
@@ -59,8 +59,6 @@
int sendCommand(const IptablesProcessType type, const std::string& command,
std::string *output);
- static std::string fixCommandString(const std::string& command);
-
static bool drainAndWaitForAck(const std::unique_ptr<IptablesProcess> &process,
const std::string& command,
std::string *output);
diff --git a/server/StrictController.cpp b/server/StrictController.cpp
index 8cdee07..eae523c 100644
--- a/server/StrictController.cpp
+++ b/server/StrictController.cpp
@@ -127,7 +127,7 @@
LOCAL_CLEAR_DETECT, u32, LOCAL_CLEAR_CAUGHT);
CMD_V4V6("-A %s -p udp -j %s", LOCAL_CLEAR_DETECT, LOCAL_CLEAR_CAUGHT);
- CMD_V4V6("COMMIT\n\x04");
+ CMD_V4V6("COMMIT\n");
res |= execIptablesRestore(V4, android::base::Join(v4, '\n'));
res |= execIptablesRestore(V6, android::base::Join(v6, '\n'));
@@ -149,7 +149,7 @@
CLEAR_CHAIN(LOCAL_PENALTY_REJECT),
CLEAR_CHAIN(LOCAL_CLEAR_CAUGHT),
CLEAR_CHAIN(LOCAL_CLEAR_DETECT),
- "COMMIT\n\x04"
+ "COMMIT\n"
};
const std::string commands = android::base::Join(commandList, '\n');
return execIptablesRestore(V4V6, commands);
diff --git a/server/StrictControllerTest.cpp b/server/StrictControllerTest.cpp
index b0489bb..c0c8839 100644
--- a/server/StrictControllerTest.cpp
+++ b/server/StrictControllerTest.cpp
@@ -45,7 +45,7 @@
":st_penalty_reject -",
":st_clear_caught -",
":st_clear_detect -",
- "COMMIT\n\x04"
+ "COMMIT\n"
};
std::vector<std::string> v4 = {
@@ -69,7 +69,7 @@
"-A st_clear_detect -p tcp -m state --state ESTABLISHED -m u32 --u32 "
"\"0>>22&0x3C@ 12>>26&0x3C@ 0&0x0=0x0\" -j st_clear_caught",
"-A st_clear_detect -p udp -j st_clear_caught",
- "COMMIT\n\x04"
+ "COMMIT\n"
};
std::vector<std::string> v6 = {
@@ -94,7 +94,7 @@
"-A st_clear_detect -p tcp -m state --state ESTABLISHED -m u32 --u32 "
"\"52>>26&0x3C@ 40&0x0=0x0\" -j st_clear_caught",
"-A st_clear_detect -p udp -j st_clear_caught",
- "COMMIT\n\x04"
+ "COMMIT\n"
};
std::string commandsCommon = android::base::Join(common, '\n');
@@ -119,6 +119,6 @@
":st_penalty_reject -\n"
":st_clear_caught -\n"
":st_clear_detect -\n"
- "COMMIT\n\x04";
+ "COMMIT\n";
expectIptablesRestoreCommands({ expected });
}