Use iptables-restore to set the incoming packet mark rule. This speeds up network switching because one rule needs to be added/removed per interface. Bug: 28362720 Test: bullhead builds, boots Test: netd_{unit,integration}_test pass Test: watch -n1 "adb shell iptables -v -n -t mangle -L INPUT" while switching networks Change-Id: Ie536db6a50d018c88bb03c5f069965e99e0d162e

commit: c1306ea230c95ef0268d4d20a213911799982671 [log] [tgz]
author: Lorenzo Colitti <lorenzo@google.com> Mon Mar 27 05:52:31 2017 +0900
committer: Lorenzo Colitti <lorenzo@google.com> Mon Mar 27 16:25:10 2017 +0900
tree: 894faae30ed272b2339548578f44cf5fd4ea5990
parent: f91e8ed5c906483348b4f00eae234825821943b1 [diff] [blame]
diff --git a/server/NetdConstants.cpp b/server/NetdConstants.cpp
index ff3fc2c..99f4bf9 100644
--- a/server/NetdConstants.cpp
+++ b/server/NetdConstants.cpp

@@ -26,6 +26,7 @@
 
 #define LOG_TAG "Netd"
 
+#include <android-base/stringprintf.h>
 #include <cutils/log.h>
 #include <logwrap/logwrap.h>
 
@@ -128,6 +129,13 @@
     return execIptablesRestoreWithOutput(target, commands, nullptr);
 }
 
+int execIptablesRestoreCommand(IptablesTarget target, const std::string& table,
+                               const std::string& command, std::string *output) {
+    std::string fullCmd = android::base::StringPrintf("*%s\n%s\nCOMMIT\n", table.c_str(),
+                                                      command.c_str());
+    return execIptablesRestoreWithOutput(target, fullCmd, output);
+}
+
 /*
  * Check an interface name for plausibility. This should e.g. help against
  * directory traversal.
commit	c1306ea230c95ef0268d4d20a213911799982671	[log] [tgz]
author	Lorenzo Colitti <lorenzo@google.com>	Mon Mar 27 05:52:31 2017 +0900
committer	Lorenzo Colitti <lorenzo@google.com>	Mon Mar 27 16:25:10 2017 +0900
tree	894faae30ed272b2339548578f44cf5fd4ea5990
parent	f91e8ed5c906483348b4f00eae234825821943b1 [diff] [blame]