Nat-related commands refine
We need this to ensure that the tethering IPCs don't need to grab the
lock in two different controllers
The idea is that always having a global_alert rule in bw_global_alert
chain.
TetherController will enable/disable the reference of bw_global_alert
chain.
[childchain order of filter FORWARD chain]
Chain FORWARD
nm_mdmprxy_iface_pkt_fwder
oem_fwd
fw_FORWARD
bw_FORWARD
tetherctrl_FORWARD
--Simple rule comparison--
[Before]
Chain bw_FORWARD
Alert rule
... other rules
Chain tetherctrl_FORWARD
... other rules
[After]
Chain bw_FORWARD
No Alert rule
... other rules
Chain tetherctrl_FORWARD
Jump to bw_global_alert
... other rules
Chain bw_global_alert
Alert rule
The exact rule comparison is shown in the bug.
Bug:119735985
Test: built, flashed, booted
system/netd/tests/runtests.sh passes
Change-Id: Ibf752d0c8de9170689fc74c89c0424d2642853ec
diff --git a/server/ControllersTest.cpp b/server/ControllersTest.cpp
index 0c56594..cc8b1aa 100644
--- a/server/ControllersTest.cpp
+++ b/server/ControllersTest.cpp
@@ -70,121 +70,125 @@
TEST_F(ControllersTest, TestInitIptablesRules) {
// Test what happens when we boot and there are no rules.
ExpectedIptablesCommands expected = {
- { V4V6, "*filter\n"
- ":INPUT -\n"
- "-F INPUT\n"
- ":bw_INPUT -\n"
- "-A INPUT -j bw_INPUT\n"
- ":fw_INPUT -\n"
- "-A INPUT -j fw_INPUT\n"
- "COMMIT\n"
- },
- { V4V6, "*filter\n"
- ":FORWARD -\n"
- "-F FORWARD\n"
- ":oem_fwd -\n"
- "-A FORWARD -j oem_fwd\n"
- ":fw_FORWARD -\n"
- "-A FORWARD -j fw_FORWARD\n"
- ":bw_FORWARD -\n"
- "-A FORWARD -j bw_FORWARD\n"
- ":tetherctrl_FORWARD -\n"
- "-A FORWARD -j tetherctrl_FORWARD\n"
- "COMMIT\n"
- },
- { V4V6, "*raw\n"
- ":PREROUTING -\n"
- "-F PREROUTING\n"
- ":bw_raw_PREROUTING -\n"
- "-A PREROUTING -j bw_raw_PREROUTING\n"
- ":idletimer_raw_PREROUTING -\n"
- "-A PREROUTING -j idletimer_raw_PREROUTING\n"
- ":tetherctrl_raw_PREROUTING -\n"
- "-A PREROUTING -j tetherctrl_raw_PREROUTING\n"
- "COMMIT\n"
- },
- { V4V6, "*mangle\n"
- ":FORWARD -\n"
- "-F FORWARD\n"
- ":tetherctrl_mangle_FORWARD -\n"
- "-A FORWARD -j tetherctrl_mangle_FORWARD\n"
- "COMMIT\n"
- },
- { V4V6, "*mangle\n"
- ":INPUT -\n"
- "-F INPUT\n"
- ":wakeupctrl_mangle_INPUT -\n"
- "-A INPUT -j wakeupctrl_mangle_INPUT\n"
- ":routectrl_mangle_INPUT -\n"
- "-A INPUT -j routectrl_mangle_INPUT\n"
- "COMMIT\n"
- },
- { V4, "*nat\n"
- ":PREROUTING -\n"
- "-F PREROUTING\n"
- ":oem_nat_pre -\n"
- "-A PREROUTING -j oem_nat_pre\n"
- "COMMIT\n"
- },
- { V4, "*nat\n"
- ":POSTROUTING -\n"
- "-F POSTROUTING\n"
- ":tetherctrl_nat_POSTROUTING -\n"
- "-A POSTROUTING -j tetherctrl_nat_POSTROUTING\n"
- "COMMIT\n"
- },
- { V4, "*filter\n"
- "-S OUTPUT\n"
- "COMMIT\n" },
- { V4, "*filter\n"
- ":oem_out -\n"
- "-A OUTPUT -j oem_out\n"
- ":fw_OUTPUT -\n"
- "-A OUTPUT -j fw_OUTPUT\n"
- ":st_OUTPUT -\n"
- "-A OUTPUT -j st_OUTPUT\n"
- ":bw_OUTPUT -\n"
- "-A OUTPUT -j bw_OUTPUT\n"
- "COMMIT\n"
- },
- { V6, "*filter\n"
- "-S OUTPUT\n"
- "COMMIT\n" },
- { V6, "*filter\n"
- ":oem_out -\n"
- "-A OUTPUT -j oem_out\n"
- ":fw_OUTPUT -\n"
- "-A OUTPUT -j fw_OUTPUT\n"
- ":st_OUTPUT -\n"
- "-A OUTPUT -j st_OUTPUT\n"
- ":bw_OUTPUT -\n"
- "-A OUTPUT -j bw_OUTPUT\n"
- "COMMIT\n"
- },
- { V4, "*mangle\n"
- "-S POSTROUTING\n"
- "COMMIT\n" },
- { V4, "*mangle\n"
- ":oem_mangle_post -\n"
- "-A POSTROUTING -j oem_mangle_post\n"
- ":bw_mangle_POSTROUTING -\n"
- "-A POSTROUTING -j bw_mangle_POSTROUTING\n"
- ":idletimer_mangle_POSTROUTING -\n"
- "-A POSTROUTING -j idletimer_mangle_POSTROUTING\n"
- "COMMIT\n"
- },
- { V6, "*mangle\n"
- "-S POSTROUTING\n"
- "COMMIT\n" },
- { V6, "*mangle\n"
- ":oem_mangle_post -\n"
- "-A POSTROUTING -j oem_mangle_post\n"
- ":bw_mangle_POSTROUTING -\n"
- "-A POSTROUTING -j bw_mangle_POSTROUTING\n"
- ":idletimer_mangle_POSTROUTING -\n"
- "-A POSTROUTING -j idletimer_mangle_POSTROUTING\n"
- "COMMIT\n"
- },
+ {V4V6,
+ "*filter\n"
+ ":INPUT -\n"
+ "-F INPUT\n"
+ ":bw_INPUT -\n"
+ "-A INPUT -j bw_INPUT\n"
+ ":fw_INPUT -\n"
+ "-A INPUT -j fw_INPUT\n"
+ "COMMIT\n"},
+ {V4V6,
+ "*filter\n"
+ ":FORWARD -\n"
+ "-F FORWARD\n"
+ ":oem_fwd -\n"
+ "-A FORWARD -j oem_fwd\n"
+ ":fw_FORWARD -\n"
+ "-A FORWARD -j fw_FORWARD\n"
+ ":bw_FORWARD -\n"
+ "-A FORWARD -j bw_FORWARD\n"
+ ":tetherctrl_FORWARD -\n"
+ "-A FORWARD -j tetherctrl_FORWARD\n"
+ "COMMIT\n"},
+ {V4V6,
+ "*raw\n"
+ ":PREROUTING -\n"
+ "-F PREROUTING\n"
+ ":bw_raw_PREROUTING -\n"
+ "-A PREROUTING -j bw_raw_PREROUTING\n"
+ ":idletimer_raw_PREROUTING -\n"
+ "-A PREROUTING -j idletimer_raw_PREROUTING\n"
+ ":tetherctrl_raw_PREROUTING -\n"
+ "-A PREROUTING -j tetherctrl_raw_PREROUTING\n"
+ "COMMIT\n"},
+ {V4V6,
+ "*mangle\n"
+ ":FORWARD -\n"
+ "-F FORWARD\n"
+ ":tetherctrl_mangle_FORWARD -\n"
+ "-A FORWARD -j tetherctrl_mangle_FORWARD\n"
+ "COMMIT\n"},
+ {V4V6,
+ "*mangle\n"
+ ":INPUT -\n"
+ "-F INPUT\n"
+ ":wakeupctrl_mangle_INPUT -\n"
+ "-A INPUT -j wakeupctrl_mangle_INPUT\n"
+ ":routectrl_mangle_INPUT -\n"
+ "-A INPUT -j routectrl_mangle_INPUT\n"
+ "COMMIT\n"},
+ {V4,
+ "*nat\n"
+ ":PREROUTING -\n"
+ "-F PREROUTING\n"
+ ":oem_nat_pre -\n"
+ "-A PREROUTING -j oem_nat_pre\n"
+ "COMMIT\n"},
+ {V4,
+ "*nat\n"
+ ":POSTROUTING -\n"
+ "-F POSTROUTING\n"
+ ":tetherctrl_nat_POSTROUTING -\n"
+ "-A POSTROUTING -j tetherctrl_nat_POSTROUTING\n"
+ "COMMIT\n"},
+ {V4,
+ "*filter\n"
+ "-S OUTPUT\n"
+ "COMMIT\n"},
+ {V4,
+ "*filter\n"
+ ":oem_out -\n"
+ "-A OUTPUT -j oem_out\n"
+ ":fw_OUTPUT -\n"
+ "-A OUTPUT -j fw_OUTPUT\n"
+ ":st_OUTPUT -\n"
+ "-A OUTPUT -j st_OUTPUT\n"
+ ":bw_OUTPUT -\n"
+ "-A OUTPUT -j bw_OUTPUT\n"
+ "COMMIT\n"},
+ {V6,
+ "*filter\n"
+ "-S OUTPUT\n"
+ "COMMIT\n"},
+ {V6,
+ "*filter\n"
+ ":oem_out -\n"
+ "-A OUTPUT -j oem_out\n"
+ ":fw_OUTPUT -\n"
+ "-A OUTPUT -j fw_OUTPUT\n"
+ ":st_OUTPUT -\n"
+ "-A OUTPUT -j st_OUTPUT\n"
+ ":bw_OUTPUT -\n"
+ "-A OUTPUT -j bw_OUTPUT\n"
+ "COMMIT\n"},
+ {V4,
+ "*mangle\n"
+ "-S POSTROUTING\n"
+ "COMMIT\n"},
+ {V4,
+ "*mangle\n"
+ ":oem_mangle_post -\n"
+ "-A POSTROUTING -j oem_mangle_post\n"
+ ":bw_mangle_POSTROUTING -\n"
+ "-A POSTROUTING -j bw_mangle_POSTROUTING\n"
+ ":idletimer_mangle_POSTROUTING -\n"
+ "-A POSTROUTING -j idletimer_mangle_POSTROUTING\n"
+ "COMMIT\n"},
+ {V6,
+ "*mangle\n"
+ "-S POSTROUTING\n"
+ "COMMIT\n"},
+ {V6,
+ "*mangle\n"
+ ":oem_mangle_post -\n"
+ "-A POSTROUTING -j oem_mangle_post\n"
+ ":bw_mangle_POSTROUTING -\n"
+ "-A POSTROUTING -j bw_mangle_POSTROUTING\n"
+ ":idletimer_mangle_POSTROUTING -\n"
+ "-A POSTROUTING -j idletimer_mangle_POSTROUTING\n"
+ "COMMIT\n"},
};
// Check that we run these commands and these only.