commit c1306ea230c95ef0268d4d20a213911799982671
author Lorenzo Colitti <lorenzo@google.com> Mon Mar 27 05:52:31 2017 +0900
committer Lorenzo Colitti <lorenzo@google.com> Mon Mar 27 16:25:10 2017 +0900
tree 894faae30ed272b2339548578f44cf5fd4ea5990
parent f91e8ed5c906483348b4f00eae234825821943b1

Use iptables-restore to set the incoming packet mark rule.

This speeds up network switching because one rule needs to be
added/removed per interface.

Bug: 28362720
Test: bullhead builds, boots
Test: netd_{unit,integration}_test pass
Test: watch -n1 "adb shell iptables -v -n -t mangle -L INPUT" while switching networks
Change-Id: Ie536db6a50d018c88bb03c5f069965e99e0d162e

server/RouteController.h

diff --git a/server/RouteController.h b/server/RouteController.h
index 48239d7..579cfe2 100644
--- a/server/RouteController.h
+++ b/server/RouteController.h
@@ -91,6 +91,10 @@
                                             Permission permission) WARN_UNUSED_RESULT;
     static int removeVirtualNetworkFallthrough(unsigned vpnNetId, const char* physicalInterface,
                                                Permission permission) WARN_UNUSED_RESULT;
+
+    // For testing.
+    static int (*iptablesRestoreCommandFunction)(IptablesTarget, const std::string&,
+                                                 const std::string&, std::string *);
 };
 
 // Public because they are called by by RouteControllerTest.cpp.
@@ -100,6 +104,8 @@
                   const char* nexthop) WARN_UNUSED_RESULT;
 int flushRoutes(uint32_t table) WARN_UNUSED_RESULT;
 uint32_t getRulePriority(const nlmsghdr *nlh);
+WARN_UNUSED_RESULT int modifyIncomingPacketMark(unsigned netId, const char* interface,
+                                                Permission permission, bool add);
 
 }  // namespace net
 }  // namespace android