BandwidthController - consistently use -j not --jump throughout
There's already uses of -j in places, and that's the output from
iptables-save and it's shorter.
Generated via:
sed -i -r 's@--jump@-j@g' server/BandwidthControllerTest.cpp
sed -i -r 's@--jump@-j@g' server/BandwidthController.cpp
Test:
git grep '[-]-jump' -- now comes up empty
atest bpf_module_test clatd_test libbpf_android_test libnetdbpf_test
netd_integration_test netd_unit_test netdutils_test
resolv_integration_test resolv_unit_test
Bug: 136696213
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I06b8ea544f681911472c9b60336b31532c408a6f
diff --git a/server/BandwidthController.cpp b/server/BandwidthController.cpp
index 3efc8a3..363cba0 100644
--- a/server/BandwidthController.cpp
+++ b/server/BandwidthController.cpp
@@ -90,7 +90,7 @@
* Some comments about the rules:
* * Ordering
* - when an interface is marked as costly it should be INSERTED into the INPUT/OUTPUT chains.
- * E.g. "-I bw_INPUT -i rmnet0 --jump costly"
+ * E.g. "-I bw_INPUT -i rmnet0 -j costly"
* - quota'd rules in the costly chain should be before bw_penalty_box lookups.
* - the qtaguid counting is done at the end of the bw_INPUT/bw_OUTPUT user chains.
*
@@ -98,26 +98,26 @@
* - global quota for all costly interfaces uses a single costly chain:
* . initial rules
* iptables -N bw_costly_shared
- * iptables -I bw_INPUT -i iface0 --jump bw_costly_shared
- * iptables -I bw_OUTPUT -o iface0 --jump bw_costly_shared
+ * iptables -I bw_INPUT -i iface0 -j bw_costly_shared
+ * iptables -I bw_OUTPUT -o iface0 -j bw_costly_shared
* iptables -I bw_costly_shared -m quota \! --quota 500000 \
- * --jump REJECT --reject-with icmp-net-prohibited
- * iptables -A bw_costly_shared --jump bw_penalty_box
- * iptables -A bw_penalty_box --jump bw_happy_box
- * iptables -A bw_happy_box --jump bw_data_saver
+ * -j REJECT --reject-with icmp-net-prohibited
+ * iptables -A bw_costly_shared -j bw_penalty_box
+ * iptables -A bw_penalty_box -j bw_happy_box
+ * iptables -A bw_happy_box -j bw_data_saver
*
* . adding a new iface to this, E.g.:
- * iptables -I bw_INPUT -i iface1 --jump bw_costly_shared
- * iptables -I bw_OUTPUT -o iface1 --jump bw_costly_shared
+ * iptables -I bw_INPUT -i iface1 -j bw_costly_shared
+ * iptables -I bw_OUTPUT -o iface1 -j bw_costly_shared
*
* - quota per interface. This is achieve by having "costly" chains per quota.
* E.g. adding a new costly interface iface0 with its own quota:
* iptables -N bw_costly_iface0
- * iptables -I bw_INPUT -i iface0 --jump bw_costly_iface0
- * iptables -I bw_OUTPUT -o iface0 --jump bw_costly_iface0
+ * iptables -I bw_INPUT -i iface0 -j bw_costly_iface0
+ * iptables -I bw_OUTPUT -o iface0 -j bw_costly_iface0
* iptables -A bw_costly_iface0 -m quota \! --quota 500000 \
- * --jump REJECT --reject-with icmp-port-unreachable
- * iptables -A bw_costly_iface0 --jump bw_penalty_box
+ * -j REJECT --reject-with icmp-port-unreachable
+ * iptables -A bw_costly_iface0 -j bw_penalty_box
*
* * Penalty box, happy box and data saver.
* - bw_penalty box is a blacklist of apps that are rejected.
@@ -132,25 +132,25 @@
* - only one bw_penalty_box for all interfaces
* E.g Adding an app:
* iptables -I bw_penalty_box -m owner --uid-owner app_3 \
- * --jump REJECT --reject-with icmp-port-unreachable
+ * -j REJECT --reject-with icmp-port-unreachable
*
* * bw_happy_box handling:
* - The bw_happy_box comes after the penalty box.
* E.g Adding a happy app,
* iptables -I bw_happy_box -m owner --uid-owner app_3 \
- * --jump RETURN
+ * -j RETURN
*
* * bw_data_saver handling:
* - The bw_data_saver comes after the happy box.
* Enable data saver:
- * iptables -R 1 bw_data_saver --jump REJECT --reject-with icmp-port-unreachable
+ * iptables -R 1 bw_data_saver -j REJECT --reject-with icmp-port-unreachable
* Disable data saver:
- * iptables -R 1 bw_data_saver --jump RETURN
+ * iptables -R 1 bw_data_saver -j RETURN
*/
const std::string COMMIT_AND_CLOSE = "COMMIT\n";
const std::string HAPPY_BOX_MATCH_WHITELIST_COMMAND =
- StringPrintf("-I bw_happy_box -m owner --uid-owner %d-%d --jump RETURN", 0, MAX_SYSTEM_UID);
+ StringPrintf("-I bw_happy_box -m owner --uid-owner %d-%d -j RETURN", 0, MAX_SYSTEM_UID);
const std::string BPF_HAPPY_BOX_MATCH_WHITELIST_COMMAND = StringPrintf(
"-I bw_happy_box -m bpf --object-pinned %s -j RETURN", XT_BPF_WHITELIST_PROG_PATH);
const std::string BPF_PENALTY_BOX_MATCH_BLACKLIST_COMMAND = StringPrintf(
@@ -231,9 +231,9 @@
"-A bw_OUTPUT -m policy --pol ipsec --dir out -j RETURN",
useBpf ? "" : "-A bw_OUTPUT -m owner --socket-exists",
- "-A bw_costly_shared --jump bw_penalty_box",
+ "-A bw_costly_shared -j bw_penalty_box",
useBpf ? BPF_PENALTY_BOX_MATCH_BLACKLIST_COMMAND : "",
- "-A bw_penalty_box --jump bw_happy_box", "-A bw_happy_box --jump bw_data_saver",
+ "-A bw_penalty_box -j bw_happy_box", "-A bw_happy_box -j bw_data_saver",
"-A bw_data_saver -j RETURN",
useBpf ? BPF_HAPPY_BOX_MATCH_WHITELIST_COMMAND : HAPPY_BOX_MATCH_WHITELIST_COMMAND,
"COMMIT",
@@ -413,15 +413,14 @@
if (it == mSharedQuotaIfaces.end()) {
const int ruleInsertPos = (mGlobalAlertBytes) ? 2 : 1;
std::vector<std::string> cmds = {
- "*filter",
- StringPrintf("-I bw_INPUT %d -i %s --jump %s", ruleInsertPos, iface.c_str(), chain),
- StringPrintf("-I bw_OUTPUT %d -o %s --jump %s", ruleInsertPos, iface.c_str(), chain),
- StringPrintf("-A bw_FORWARD -i %s --jump %s", iface.c_str(), chain),
- StringPrintf("-A bw_FORWARD -o %s --jump %s", iface.c_str(), chain),
+ "*filter",
+ StringPrintf("-I bw_INPUT %d -i %s -j %s", ruleInsertPos, iface.c_str(), chain),
+ StringPrintf("-I bw_OUTPUT %d -o %s -j %s", ruleInsertPos, iface.c_str(), chain),
+ StringPrintf("-A bw_FORWARD -i %s -j %s", iface.c_str(), chain),
+ StringPrintf("-A bw_FORWARD -o %s -j %s", iface.c_str(), chain),
};
if (mSharedQuotaIfaces.empty()) {
- cmds.push_back(StringPrintf("-I %s -m quota2 ! --quota %" PRId64
- " --name %s --jump REJECT",
+ cmds.push_back(StringPrintf("-I %s -m quota2 ! --quota %" PRId64 " --name %s -j REJECT",
chain, maxBytes, cost));
}
cmds.push_back("COMMIT\n");
@@ -464,15 +463,14 @@
}
std::vector<std::string> cmds = {
- "*filter",
- StringPrintf("-D bw_INPUT -i %s --jump %s", iface.c_str(), chain),
- StringPrintf("-D bw_OUTPUT -o %s --jump %s", iface.c_str(), chain),
- StringPrintf("-D bw_FORWARD -i %s --jump %s", iface.c_str(), chain),
- StringPrintf("-D bw_FORWARD -o %s --jump %s", iface.c_str(), chain),
+ "*filter",
+ StringPrintf("-D bw_INPUT -i %s -j %s", iface.c_str(), chain),
+ StringPrintf("-D bw_OUTPUT -o %s -j %s", iface.c_str(), chain),
+ StringPrintf("-D bw_FORWARD -i %s -j %s", iface.c_str(), chain),
+ StringPrintf("-D bw_FORWARD -o %s -j %s", iface.c_str(), chain),
};
if (mSharedQuotaIfaces.size() == 1) {
- cmds.push_back(StringPrintf("-D %s -m quota2 ! --quota %" PRIu64
- " --name %s --jump REJECT",
+ cmds.push_back(StringPrintf("-D %s -m quota2 ! --quota %" PRIu64 " --name %s -j REJECT",
chain, mSharedQuotaBytes, cost));
}
cmds.push_back("COMMIT\n");
@@ -527,18 +525,17 @@
const std::string chain = "bw_costly_" + iface;
const int ruleInsertPos = (mGlobalAlertBytes) ? 2 : 1;
std::vector<std::string> cmds = {
- "*filter",
- StringPrintf(":%s -", chain.c_str()),
- StringPrintf("-A %s -j bw_penalty_box", chain.c_str()),
- StringPrintf("-I bw_INPUT %d -i %s --jump %s", ruleInsertPos, iface.c_str(),
- chain.c_str()),
- StringPrintf("-I bw_OUTPUT %d -o %s --jump %s", ruleInsertPos, iface.c_str(),
- chain.c_str()),
- StringPrintf("-A bw_FORWARD -i %s --jump %s", iface.c_str(), chain.c_str()),
- StringPrintf("-A bw_FORWARD -o %s --jump %s", iface.c_str(), chain.c_str()),
- StringPrintf("-A %s -m quota2 ! --quota %" PRId64 " --name %s --jump REJECT",
- chain.c_str(), maxBytes, cost.c_str()),
- "COMMIT\n",
+ "*filter",
+ StringPrintf(":%s -", chain.c_str()),
+ StringPrintf("-A %s -j bw_penalty_box", chain.c_str()),
+ StringPrintf("-I bw_INPUT %d -i %s -j %s", ruleInsertPos, iface.c_str(), chain.c_str()),
+ StringPrintf("-I bw_OUTPUT %d -o %s -j %s", ruleInsertPos, iface.c_str(),
+ chain.c_str()),
+ StringPrintf("-A bw_FORWARD -i %s -j %s", iface.c_str(), chain.c_str()),
+ StringPrintf("-A bw_FORWARD -o %s -j %s", iface.c_str(), chain.c_str()),
+ StringPrintf("-A %s -m quota2 ! --quota %" PRId64 " --name %s -j REJECT", chain.c_str(),
+ maxBytes, cost.c_str()),
+ "COMMIT\n",
};
if (iptablesRestoreFunction(V4V6, Join(cmds, "\n"), nullptr) != 0) {
ALOGE("Failed set quota rule");
@@ -586,14 +583,14 @@
const std::string chain = "bw_costly_" + iface;
std::vector<std::string> cmds = {
- "*filter",
- StringPrintf("-D bw_INPUT -i %s --jump %s", iface.c_str(), chain.c_str()),
- StringPrintf("-D bw_OUTPUT -o %s --jump %s", iface.c_str(), chain.c_str()),
- StringPrintf("-D bw_FORWARD -i %s --jump %s", iface.c_str(), chain.c_str()),
- StringPrintf("-D bw_FORWARD -o %s --jump %s", iface.c_str(), chain.c_str()),
- StringPrintf("-F %s", chain.c_str()),
- StringPrintf("-X %s", chain.c_str()),
- "COMMIT\n",
+ "*filter",
+ StringPrintf("-D bw_INPUT -i %s -j %s", iface.c_str(), chain.c_str()),
+ StringPrintf("-D bw_OUTPUT -o %s -j %s", iface.c_str(), chain.c_str()),
+ StringPrintf("-D bw_FORWARD -i %s -j %s", iface.c_str(), chain.c_str()),
+ StringPrintf("-D bw_FORWARD -o %s -j %s", iface.c_str(), chain.c_str()),
+ StringPrintf("-F %s", chain.c_str()),
+ StringPrintf("-X %s", chain.c_str()),
+ "COMMIT\n",
};
const int res = iptablesRestoreFunction(V4V6, Join(cmds, "\n"), nullptr);
@@ -859,8 +856,8 @@
case IptJumpNoAdd:
return "";
case IptJumpReject:
- return " --jump REJECT";
+ return " -j REJECT";
case IptJumpReturn:
- return " --jump RETURN";
+ return " -j RETURN";
}
}