Nat-related commands refine
We need this to ensure that the tethering IPCs don't need to grab the
lock in two different controllers
The idea is that always having a global_alert rule in bw_global_alert
chain.
TetherController will enable/disable the reference of bw_global_alert
chain.
[childchain order of filter FORWARD chain]
Chain FORWARD
nm_mdmprxy_iface_pkt_fwder
oem_fwd
fw_FORWARD
bw_FORWARD
tetherctrl_FORWARD
--Simple rule comparison--
[Before]
Chain bw_FORWARD
Alert rule
... other rules
Chain tetherctrl_FORWARD
... other rules
[After]
Chain bw_FORWARD
No Alert rule
... other rules
Chain tetherctrl_FORWARD
Jump to bw_global_alert
... other rules
Chain bw_global_alert
Alert rule
The exact rule comparison is shown in the bug.
Bug:119735985
Test: built, flashed, booted
system/netd/tests/runtests.sh passes
Change-Id: Ibf752d0c8de9170689fc74c89c0424d2642853ec
diff --git a/server/BandwidthController.h b/server/BandwidthController.h
index 31575b8..b8691dc 100644
--- a/server/BandwidthController.h
+++ b/server/BandwidthController.h
@@ -73,6 +73,7 @@
static const char LOCAL_OUTPUT[];
static const char LOCAL_RAW_PREROUTING[];
static const char LOCAL_MANGLE_POSTROUTING[];
+ static const char LOCAL_GLOBAL_ALERT[];
enum IptJumpOp { IptJumpReject, IptJumpReturn, IptJumpNoAdd };
enum IptOp { IptOpInsert, IptOpDelete };
@@ -136,15 +137,6 @@
int64_t mSharedQuotaBytes = 0;
int64_t mSharedAlertBytes = 0;
int64_t mGlobalAlertBytes = 0;
- /*
- * This tracks the number of tethers setup.
- * The FORWARD chain is updated in the following cases:
- * - The 1st time a globalAlert is setup and there are tethers setup.
- * - Anytime a globalAlert is removed and there are tethers setup.
- * - The 1st tether is setup and there is a globalAlert active.
- * - The last tether is removed and there is a globalAlert active.
- */
- int mGlobalAlertTetherCount = 0;
std::map<std::string, QuotaInfo> mQuotaIfaces;
std::set<std::string> mSharedQuotaIfaces;