Use iptables-restore to set the incoming packet mark rule.
This speeds up network switching because one rule needs to be
added/removed per interface.
Bug: 28362720
Test: bullhead builds, boots
Test: netd_{unit,integration}_test pass
Test: watch -n1 "adb shell iptables -v -n -t mangle -L INPUT" while switching networks
Change-Id: Ie536db6a50d018c88bb03c5f069965e99e0d162e
diff --git a/server/IptablesBaseTest.cpp b/server/IptablesBaseTest.cpp
index f879fe6..ce6008a 100644
--- a/server/IptablesBaseTest.cpp
+++ b/server/IptablesBaseTest.cpp
@@ -30,6 +30,8 @@
#define LOG_TAG "IptablesBaseTest"
#include <cutils/log.h>
+using android::base::StringPrintf;
+
IptablesBaseTest::IptablesBaseTest() {
sCmds.clear();
sRestoreCmds.clear();
@@ -87,7 +89,7 @@
return NULL;
}
- std::string realCmd = android::base::StringPrintf("echo '%s'", sPopenContents.front().c_str());
+ std::string realCmd = StringPrintf("echo '%s'", sPopenContents.front().c_str());
sPopenContents.pop_front();
return popen(realCmd.c_str(), "r");
}
@@ -109,6 +111,14 @@
return fakeExecIptablesRestoreWithOutput(target, commands, nullptr);
}
+int IptablesBaseTest::fakeExecIptablesRestoreCommand(IptablesTarget target,
+ const std::string& table,
+ const std::string& command,
+ std::string *output) {
+ std::string fullCmd = StringPrintf("-t %s %s", table.c_str(), command.c_str());
+ return fakeExecIptablesRestoreWithOutput(target, fullCmd, output);
+}
+
int IptablesBaseTest::expectIptablesCommand(IptablesTarget target, int pos,
const std::string& cmd) {