commit ae038f8e16090ac2bf5b5d678cd6ccbe7aa9ec8a
author Luke Huang <huangluke@google.com> Mon Nov 05 11:17:31 2018 +0900
committer Luke Huang <huangluke@google.com> Mon Nov 19 09:28:41 2018 +0000
tree eb3f3c52c6fbf7989a591f1ffc9ecf324a231f28
parent 19b49c534090e84f018d3be91f83c29594ee8f9b

Nat-related commands refine

We need this to ensure that the tethering IPCs don't need to grab the
lock in two different controllers

The idea is that always having a global_alert rule in bw_global_alert
chain.
TetherController will enable/disable the reference of bw_global_alert
chain.

[childchain order of filter FORWARD chain]
Chain FORWARD
   nm_mdmprxy_iface_pkt_fwder
   oem_fwd
   fw_FORWARD
   bw_FORWARD
   tetherctrl_FORWARD

--Simple rule comparison--
[Before]
Chain bw_FORWARD
    Alert rule
    ... other rules
Chain tetherctrl_FORWARD
    ... other rules
[After]
Chain bw_FORWARD
    No Alert rule
    ... other rules
Chain tetherctrl_FORWARD
    Jump to bw_global_alert
    ... other rules
Chain bw_global_alert
   Alert rule

The exact rule comparison is shown in the bug.

Bug:119735985
Test: built, flashed, booted
      system/netd/tests/runtests.sh passes

Change-Id: Ibf752d0c8de9170689fc74c89c0424d2642853ec

server/TetherController.h

diff --git a/server/TetherController.h b/server/TetherController.h
index 54fa6da..18d0dc3 100644
--- a/server/TetherController.h
+++ b/server/TetherController.h
@@ -158,6 +158,7 @@
     bool tetherCountingRuleExists(const std::string& iface1, const std::string& iface2);
 
     int setDefaults();
+    int setTetherGlobalAlertRule();
     int setForwardRules(bool set, const char *intIface, const char *extIface);
     int setTetherCountingRules(bool add, const char *intIface, const char *extIface);