Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / system / netd / f81cda0e5c1ba6e1e4e7d7829959238ff097adac^! / . / server / Controllers.cpp
commitf81cda0e5c1ba6e1e4e7d7829959238ff097adac[log] [tgz]
authorLorenzo Colitti <lorenzo@google.com>Tue Feb 07 14:24:17 2017 +0900
committerLorenzo Colitti <lorenzo@google.com>Tue Feb 07 14:34:39 2017 +0900
tree3b1231f52de229949760d5cbbb9115837c054064
parent5596e8192ba01f30c6415d3f3c12b6a38666dd59 [diff] [blame]
Revert "Move createChildChains to iptables-restore."

This reverts commit 81ff64ecb3c90cbc2a95c7653420597df604af5d.

Reason for revert: botloops ryu. Incomplete error handling code
in IptablesRestoreController interacts badly with an iptables
error early on caused by ryu not having the iptables "nat" table.

Test: builds, boots bullhead
Test: fixes ryu bootloop
Fix: 35027505
Change-Id: I209c74e46cfcdb80ca2c3e0e6ce9c28f389017ec

diff --git a/server/Controllers.cpp b/server/Controllers.cpp
index 1a618c1..85b6b1e 100644
--- a/server/Controllers.cpp
+++ b/server/Controllers.cpp

@@ -14,8 +14,6 @@
  * limitations under the License.
  */
 
-#include <android-base/stringprintf.h>
-
 #define LOG_TAG "Netd"
 #include <cutils/log.h>
 
@@ -66,7 +64,6 @@
 };
 
 static const char* MANGLE_POSTROUTING[] = {
-        OEM_IPTABLES_MANGLE_POSTROUTING,
         BandwidthController::LOCAL_MANGLE_POSTROUTING,
         IdletimerController::LOCAL_MANGLE_POSTROUTING,
         NULL,
@@ -107,24 +104,6 @@
     } while (*(++childChain) != NULL);
 }
 
-// Fast version of createChildChains. This is only safe to use if the parent chain contains nothing
-// apart from the specified child chains.
-static void createChildChainsFast(IptablesTarget target, const char* table, const char* parentChain,
-        const char** childChains) {
-    const char** childChain = childChains;
-    std::string command = android::base::StringPrintf("*%s\n", table);
-    command += android::base::StringPrintf(":%s -\n", parentChain);
-    // Just running ":chain -" flushes user-defined chains, but not built-in chains like INPUT.
-    // Since at this point we don't know if parentChain is a built-in chain, do both.
-    command += android::base::StringPrintf("-F %s\n", parentChain);
-    do {
-        command += android::base::StringPrintf(":%s -\n", *childChain);
-        command += android::base::StringPrintf("-A %s -j %s\n", parentChain, *childChain);
-    } while (*(++childChain) != NULL);
-    command += "COMMIT\n\n";
-    execIptablesRestore(target, command);
-}
-
 }  // namespace
 
 Controllers::Controllers() : clatdCtrl(&netCtrl) {
@@ -143,18 +122,16 @@
      * otherwise DROP/REJECT.
      */
 
-    // Create chains for child modules.
-    // We cannot use createChildChainsFast for all chains because vendor code modifies filter OUTPUT
-    // and mangle POSTROUTING directly.
+    // Create chains for children modules
     Stopwatch s;
-    createChildChainsFast(V4V6, "filter", "INPUT", FILTER_INPUT);
-    createChildChainsFast(V4V6, "filter", "FORWARD", FILTER_FORWARD);
+    createChildChains(V4V6, "filter", "INPUT", FILTER_INPUT);
+    createChildChains(V4V6, "filter", "FORWARD", FILTER_FORWARD);
     createChildChains(V4V6, "filter", "OUTPUT", FILTER_OUTPUT);
-    createChildChainsFast(V4V6, "raw", "PREROUTING", RAW_PREROUTING);
+    createChildChains(V4V6, "raw", "PREROUTING", RAW_PREROUTING);
     createChildChains(V4V6, "mangle", "POSTROUTING", MANGLE_POSTROUTING);
-    createChildChainsFast(V4V6, "mangle", "FORWARD", MANGLE_FORWARD);
-    createChildChainsFast(V4, "nat", "PREROUTING", NAT_PREROUTING);
-    createChildChainsFast(V4, "nat", "POSTROUTING", NAT_POSTROUTING);
+    createChildChains(V4V6, "mangle", "FORWARD", MANGLE_FORWARD);
+    createChildChains(V4, "nat", "PREROUTING", NAT_PREROUTING);
+    createChildChains(V4, "nat", "POSTROUTING", NAT_POSTROUTING);
     ALOGI("Creating child chains: %.1fms", s.getTimeAndReset());
 
     // Let each module setup their child chains