Use iptables-restore to set the incoming packet mark rule.
This speeds up network switching because one rule needs to be
added/removed per interface.
Bug: 28362720
Test: bullhead builds, boots
Test: netd_{unit,integration}_test pass
Test: watch -n1 "adb shell iptables -v -n -t mangle -L INPUT" while switching networks
Change-Id: Ie536db6a50d018c88bb03c5f069965e99e0d162e
diff --git a/server/RouteController.cpp b/server/RouteController.cpp
index aba1458..85ab43a 100644
--- a/server/RouteController.cpp
+++ b/server/RouteController.cpp
@@ -29,22 +29,27 @@
#include "DummyNetwork.h"
#include "Fwmark.h"
+#include "NetdConstants.h"
#include "NetlinkCommands.h"
#include "UidRanges.h"
#include "android-base/file.h"
+#include <android-base/stringprintf.h>
#define LOG_TAG "Netd"
#include "log/log.h"
#include "logwrap/logwrap.h"
#include "netutils/ifc.h"
#include "resolv_netid.h"
+using android::base::StringPrintf;
using android::base::WriteStringToFile;
using android::net::UidRange;
namespace android {
namespace net {
+auto RouteController::iptablesRestoreCommandFunction = execIptablesRestoreCommand;
+
// BEGIN CONSTANTS --------------------------------------------------------------------------------
const uint32_t RULE_PRIORITY_VPN_OVERRIDE_SYSTEM = 10000;
@@ -437,11 +442,9 @@
fwmark.protectedFromVpn = true;
fwmark.permission = permission;
- char markString[UINT32_HEX_STRLEN];
- snprintf(markString, sizeof(markString), "0x%x", fwmark.intValue);
-
- if (execIptables(V4V6, "-t", "mangle", add ? "-A" : "-D", "INPUT", "-i", interface, "-j",
- "MARK", "--set-mark", markString, NULL)) {
+ std::string cmd = StringPrintf("%s INPUT -i %s -j MARK --set-mark 0x%x",
+ add ? "-A" : "-D", interface, fwmark.intValue);
+ if (RouteController::iptablesRestoreCommandFunction(V4V6, "mangle", cmd, nullptr) != 0) {
ALOGE("failed to change iptables rule that sets incoming packet mark");
return -EREMOTEIO;
}