netd: Use a persistent iptables[6]-restore process iptables-restore and ip[6]tables-restore are forked on demand whenever we need them, and their stdin/out/err are replaced by pipes to the parent process. All commands are sent via the stdin pipe. We also add SIGCHLD handling so that we can detect error conditions and restart the process whenever required. Bug: 32323979 Test: Manual Test: netd_unit_test, netd_integration_test Change-Id: Ia12ee01f8b45e5b8a699c27eea1b6b55d40f16b5

commit: a5ace89be511d5a9f76d2d987fe8f61c0a8102f5 [log] [tgz]
author: Narayan Kamath <narayan@google.com> Fri Jan 06 15:10:02 2017 +0000
committer: Narayan Kamath <narayan@google.com> Mon Jan 23 14:29:20 2017 +0000
tree: af3559b12da76701eabd7adf0248ddd2b0bf2281
parent: 00e66da21ed82d526b362a427ea2676c539b76ac [diff] [blame]
diff --git a/server/Controllers.h b/server/Controllers.h
index 0877d25..dd8f028 100644
--- a/server/Controllers.h
+++ b/server/Controllers.h

@@ -26,6 +26,7 @@
 #include "BandwidthController.h"
 #include "IdletimerController.h"
 #include "InterfaceController.h"
+#include "IptablesRestoreController.h"
 #include "ResolverController.h"
 #include "FirewallController.h"
 #include "ClatdController.h"
@@ -49,6 +50,7 @@
     ClatdController clatdCtrl;
     StrictController strictCtrl;
     EventReporter eventReporter;
+    IptablesRestoreController iptablesRestoreCtrl;
 };
 
 extern Controllers* gCtls;
commit	a5ace89be511d5a9f76d2d987fe8f61c0a8102f5	[log] [tgz]
author	Narayan Kamath <narayan@google.com>	Fri Jan 06 15:10:02 2017 +0000
committer	Narayan Kamath <narayan@google.com>	Mon Jan 23 14:29:20 2017 +0000
tree	af3559b12da76701eabd7adf0248ddd2b0bf2281
parent	00e66da21ed82d526b362a427ea2676c539b76ac [diff] [blame]