commit adc3a5f1beb63d707563ea849a1d541fab40a745
author Lorenzo Colitti <lorenzo@google.com> Tue Aug 08 17:23:12 2017 +0900
committer Lorenzo Colitti <lorenzo@google.com> Tue Aug 15 16:53:29 2017 +0900
tree 09112e242c97a431782b148f866a80a5b54be5d3
parent 2103b6ba8eb494e173b560c48319b4fba6821185

Move all init code to iptables-restore.

This gets rid of one of the last few uses of iptables, and also
reduces startup time from ~750ms to ~150ms.

Bug: 28362720
Test: bullhead builds,boots
Test: netd_{unit,integration}_test pass
Test: rules after "killall netd" look identical
Change-Id: Idf4d8dbc1292cb0017d4546976ad645a4ac7fa08

server/Controllers.h

diff --git a/server/Controllers.h b/server/Controllers.h
index 0754932..53854cf 100644
--- a/server/Controllers.h
+++ b/server/Controllers.h
@@ -63,10 +63,13 @@
     friend class ControllersTest;
     void initIptablesRules();
     static void initChildChains();
+    static std::set<std::string> findExistingChildChains(const IptablesTarget target,
+                                                         const char* table,
+                                                         const char* parentChain);
     static void createChildChains(IptablesTarget target, const char* table, const char* parentChain,
-                                  const char** childChains, bool exclusive);
-    static int (*execIptablesSilently)(IptablesTarget target, ...);
+                                  const std::vector<const char*>& childChains, bool exclusive);
     static int (*execIptablesRestore)(IptablesTarget, const std::string&);
+    static int (*execIptablesRestoreWithOutput)(IptablesTarget, const std::string&, std::string *);
 };
 
 extern Controllers* gCtls;