Move NatController startup to iptables-restore.
This makes NatController startup much faster. Before:
02-03 14:09:19.199 485 485 I Netd : Setting up NatController hooks: 223.4ms
After:
02-03 14:28:09.407 488 488 I Netd : Setting up NatController hooks: 13.8ms
Also, fail if MSS rewriting is not supported. It's much easier
to diagnose a failure than a performance problem.
Test: unit tests continue to pass
Test: bullhead builds, boots, wifi tethering works
Fix: 17629786
Bug: 34873832
Change-Id: I0ef498ecbbb82a2672c279056d189d026e13100a
diff --git a/server/NatControllerTest.cpp b/server/NatControllerTest.cpp
index d1dcb11..ada8ad7 100644
--- a/server/NatControllerTest.cpp
+++ b/server/NatControllerTest.cpp
@@ -38,6 +38,7 @@
public:
NatControllerTest() {
NatController::execFunction = fake_android_fork_exec;
+ NatController::iptablesRestoreFunction = fakeExecIptablesRestore;
}
protected:
@@ -48,22 +49,42 @@
}
const ExpectedIptablesCommands FLUSH_COMMANDS = {
- { V4V6, "-F natctrl_FORWARD" },
- { V4, "-A natctrl_FORWARD -j DROP" },
- { V4, "-t nat -F natctrl_nat_POSTROUTING" },
- { V6, "-t raw -F natctrl_raw_PREROUTING" },
+ { V4, "*filter\n"
+ ":natctrl_FORWARD -\n"
+ "-A natctrl_FORWARD -j DROP\n"
+ "COMMIT\n"
+ "*nat\n"
+ ":natctrl_nat_POSTROUTING -\n"
+ "COMMIT\n" },
+ { V6, "*filter\n"
+ ":natctrl_FORWARD -\n"
+ "COMMIT\n"
+ "*raw\n"
+ ":natctrl_raw_PREROUTING -\n"
+ "COMMIT\n" },
};
const ExpectedIptablesCommands SETUP_COMMANDS = {
- { V4V6, "-F natctrl_FORWARD" },
- { V4, "-A natctrl_FORWARD -j DROP" },
- { V4, "-t nat -F natctrl_nat_POSTROUTING" },
- { V6, "-t raw -F natctrl_raw_PREROUTING" },
- { V4V6, "-F natctrl_tether_counters" },
- { V4V6, "-X natctrl_tether_counters" },
- { V4V6, "-N natctrl_tether_counters" },
- { V4, "-t mangle -A natctrl_mangle_FORWARD -p tcp --tcp-flags SYN SYN "
- "-j TCPMSS --clamp-mss-to-pmtu" },
+ { V4, "*filter\n"
+ ":natctrl_FORWARD -\n"
+ "-A natctrl_FORWARD -j DROP\n"
+ "COMMIT\n"
+ "*nat\n"
+ ":natctrl_nat_POSTROUTING -\n"
+ "COMMIT\n" },
+ { V6, "*filter\n"
+ ":natctrl_FORWARD -\n"
+ "COMMIT\n"
+ "*raw\n"
+ ":natctrl_raw_PREROUTING -\n"
+ "COMMIT\n" },
+ { V4, "*mangle\n"
+ "-A natctrl_mangle_FORWARD -p tcp --tcp-flags SYN SYN "
+ "-j TCPMSS --clamp-mss-to-pmtu\n"
+ "COMMIT\n" },
+ { V4V6, "*filter\n"
+ ":natctrl_tether_counters -\n"
+ "COMMIT\n" },
};
const ExpectedIptablesCommands TWIDDLE_COMMANDS = {
@@ -111,12 +132,12 @@
TEST_F(NatControllerTest, TestSetupIptablesHooks) {
mNatCtrl.setupIptablesHooks();
- expectIptablesCommands(SETUP_COMMANDS);
+ expectIptablesRestoreCommands(SETUP_COMMANDS);
}
TEST_F(NatControllerTest, TestSetDefaults) {
setDefaults();
- expectIptablesCommands(FLUSH_COMMANDS);
+ expectIptablesRestoreCommands(FLUSH_COMMANDS);
}
TEST_F(NatControllerTest, TestAddAndRemoveNat) {
@@ -140,10 +161,8 @@
mNatCtrl.disableNat("wlan0", "rmnet0");
expectIptablesCommands(stopOtherNat);
- std::vector<ExpectedIptablesCommands> stopLastNat = {
- stopNatCommands("usb0", "rmnet0"),
- FLUSH_COMMANDS,
- };
+ ExpectedIptablesCommands stopLastNat = stopNatCommands("usb0", "rmnet0");
mNatCtrl.disableNat("usb0", "rmnet0");
expectIptablesCommands(stopLastNat);
+ expectIptablesRestoreCommands(FLUSH_COMMANDS);
}