History log of /system/netd/NatController.cpp
Revision Date Author Comments (<<< Hide modified files) (Show modified files >>>)
8e188ed5c989ddcc07f0f5e9839493c22d17e7b6 13-Jul-2012 Jeff Sharkey <jsharkey@android.com> Consolidate iptables chain management.

Move creation and management of module iptables chains up into
CommandListener, which gives better visibility into ordering.

Change-Id: If0c94187c6e59a20840b035d7241057f45a0f74b
/system/netd/NatController.cpp
458f318280c3b98d84958c63899c949c71612b1a 25-Apr-2012 JP Abgrall <jpa@google.com> netd: NatController: don't setup iptables hooks in constructor.

iptables top-level chain updates should happen within CommandListener()
when it invokes the various modules' setupIptablesHooks().
And remove the extra DROP rule.


Change-Id: I33d2cfbd5444516f855ff85152c472352944cc77
/system/netd/NatController.cpp
0031cead820149e2fe3ccb3cc2fe05758a3cb5c2 18-Apr-2012 JP Abgrall <jpa@google.com> netd: Idletimer vs Nat vs Bandwidth controllers

* modified iptables users to work in controller specific custom chains.
- each controller only works withing his own custom chains and not the
top level ones (INPUT, OUTPUT, FORWARD, POSTROUTING,...)
- CommandListener now invokes setupIptablesHooks() for each controller
once. That is the only time they are allowed to access the top-level
chains.

* Added idletimer controller.
From https://android-git.corp.google.com/g/#/c/180769/2
- supported commands
. ndc idletimer enable
. ndc idletimer add <iface> <timeout>
. ndc idletimer remove <iface> <timeout_used_during_add>
There is a framework change elsewhere that receives netlink messages.

Signed-off-by: Ashish Sharma <ashishsharma@google.com>
Signed-off-by: JP Abgrall <jpa@google.com>
Change-Id: Ia57450c09166ce20f21d1e3b49047ef1e98f2a3d
/system/netd/NatController.cpp
d14fd4f83ffeea4ad1cd559a41f775f6814565cc 12-Jan-2012 Jaime A Lopez-Sollano <jaimel@quicinc.com> Increase the valid name of the iface to IFNAMSIZ

Define MAX_IFACE_LENGTH as IFNAMSIZ instead of 10, to
prevent netd from treating an interface name 'rmnet_sdio0'
as invalid.
Also fix an off-by-one error.

Change-Id: If6b2b27d2da6eb72f01c090cbe4f7dc2b9c296ae
/system/netd/NatController.cpp
c462177bd58e3bf0ac4f618934dae060569e3e0b 31-Jan-2012 Robert Greenwalt <rgreenwalt@google.com> Keep better tabs on secondary tables.

We had some places (NatController) where routes were being set
but not accounted for in the number-of-routes talley so we
could end up thinking the table was empty and not clean up
after ourselves properly.

Also consolidated constants.

bug:5917475
Change-Id: I98a41d433e1d4b4ca6692fb2328e2c9afc828145
/system/netd/NatController.cpp
053a99cef7b6d87a52216df7845b225703c74462 19-Jan-2012 Kazuhiro Ondo <kazuhiro.ondo@motorola.com> am b210b180: am 4ab46857: Add back hook for inserting OEM specific iptables rules.

* commit 'b210b1806c740bf66eb04eb8e8d8ee75c01652dd':
Add back hook for inserting OEM specific iptables rules.
4ab468577647d1ee73810b89d2287eaa5546fecb 12-Jan-2012 Kazuhiro Ondo <kazuhiro.ondo@motorola.com> Add back hook for inserting OEM specific iptables rules.

The functionality was lost during merge in ICS branch.
This patch is adding back OEM iptables hook in netd.

Bug:5862460
Change-Id: I9444b8c53e8b84fea2002c2c1d9ba42e45ae5f0c
/system/netd/NatController.cpp
5ea0c05a1e7d8e664b808aa1bb1efd08fdb2fb13 06-Jan-2012 Steve Block <steveblock@google.com> Rename (IF_)LOGE(_IF) to (IF_)ALOGE(_IF) DO NOT MERGE

See https://android-git.corp.google.com/g/#/c/157220

Bug: 5449033
Change-Id: I8ab66debe4d0c3857a4b80f6f7b6925a352cda87
/system/netd/NatController.cpp
9e5e0ce62e88ddf9a09798eda51b0c270d354c8e 15-Dec-2011 JP Abgrall <jpa@google.com> netd: fix argument interpretation bug

While working around the logwrap() issue, it was replaced with system()
which could lead to various commands getting misinterpreted.

We now use a system() equivalent that doesn't use "sh -c".

Bug:5758556
Change-Id: I2599b526ac34bcfca18d05261286d902d547efda
/system/netd/NatController.cpp
063af322b48ab1bb0c3e09eb0b64915ba568275b 19-Nov-2011 Robert Greenwalt <rgreenwalt@google.com> Fix some syntax issues with IP command.

Was not building secondary tables properly. Also IPv6 host routes
were failing.

bug:5615697
Change-Id: I0d5ad2ed7d13e4d5bd8c2f8ce15fc0ccb36a4690
/system/netd/NatController.cpp
fc97b82e02979f246d56a4bfd60e4aab8686d3f6 03-Nov-2011 Robert Greenwalt <rgreenwalt@google.com> Start using IP tool for advanced routing.

bug:5495862
bug:5396842
Change-Id: I51f21060947f57e63b18c4d35e9d49fac488d48a
/system/netd/NatController.cpp
f7bf29c8a37d65e132a4dceb7c5a4200ed5c3d79 02-Nov-2011 Robert Greenwalt <rgreenwalt@google.com> When un-natting try to do all we can

Regardless of errors we should try to do as much as possible. Sometimes
some steps may fail if interfaces are taken down before we can un-nat them.

bug:5536516
Change-Id: I9c9b0123198dba890565e0a6e4e15add16b369c2
/system/netd/NatController.cpp
11b4e9b26fe7b878992162afb39f5a8acfd143ed 12-Aug-2011 JP Abgrall <jpa@google.com> netd: all: use system() instead of logwrap() for now.

The logwrapper uses a blocking read() which does not always
correctly detect when the child process at the other end is gone.
This is a quick workaround for http://b/5144246
A cleaner logwrapper parent() will follow.

Add support for BandwidthController() to use either system() or
logwrap(). It looks at "persist.bandwidth.uselogwrap" to be 0 or 1.

Change-Id: I2d17732214f1a7fef6838eee05d827695b707ab0
Signed-off-by: JP Abgrall <jpa@google.com>
/system/netd/NatController.cpp
6ccebd085f8df439447ffe6060206a0a5af8d448 04-Aug-2011 Robert Greenwalt <rgreenwalt@google.com> am e98a5816: am 6e4d5db1: Fix two error-case unwinders.

* commit 'e98a581641a233fd048bf76f68650b627ef546e5':
Fix two error-case unwinders.
6e4d5db1b11f808bb4bdcc8dd45a7158c6c88515 04-Aug-2011 Robert Greenwalt <rgreenwalt@google.com> Fix two error-case unwinders.

Noticed by moto, I missed to calls to actually do the unwinding.

Change-Id: Ie4da4979a3ad0eedcb6d468fecdff6614b1819bd
/system/netd/NatController.cpp
49012139e14e5f9cc4e452716e8164c3e7cfd9de 02-Aug-2011 Robert Greenwalt <rgreenwalt@google.com> am 69a5b777: am ddb9f6eb: Add DROP rule for INVALID packets.

* commit '69a5b7777f67f6d5ad9dbd33758332c7b0104613':
Add DROP rule for INVALID packets.
ddb9f6eb8d8c35f46c1e3da68f375b85903e85c9 02-Aug-2011 Robert Greenwalt <rgreenwalt@google.com> Add DROP rule for INVALID packets.

bug:5094583
Change-Id: Ib942c557e7f2694b6ee18cc6562df597165894ce
/system/netd/NatController.cpp
4309f87d5baa54a2741f35e0cb09959c55ff1ab6 30-Jul-2011 Wink Saville <wink@google.com> DO NOT MERGE: Update OEM iptable hooks and ip fwd

This is a squash of two changes from partner repo:

Clean up OEM iptables hooks

Id: Ife7a1c08ca88beba2dede776d2e4dd6097dad05a

And

Add hooks for OEM iptables rules and IP fwd

- Useful for integrating peripherals that use IP for control and
diagnostics.
- Add hooks for specifying static iptables rules at startup.
- Add system prop to keep IP forwarding enabled all the time.
- Remove the ro.bootmode=bp-tools hacks.

Id: Ic70d4c88179c530414505976193bf616037500a6

Bug: 5045218
Change-Id: I4229d3576426880b68ac448f9fbb67f2f8f304a0
/system/netd/NatController.cpp
d80e94ca116224bf52925a1503ced6f257cb88d6 23-Jun-2011 JP Abgrall <jpa@google.com> DO NOT MERGE: NatController: remove flushing the INPUT/OUTPUT tables.

DO NOT MERGE: cherry-pick from master, as oem's will be updating this
file in HC.

It doesn't use them, so it should not have to flush them.
This is a minimalistic attempt to cooperate with the BandwidthController.

Change-Id: Ia175a86403adf034ac6f44d7ebc4ebe941881368
/system/netd/NatController.cpp
2ad297402daa97238e3fb099fe547e2c0b2cdc4b 23-Jun-2011 JP Abgrall <jpa@google.com> NatController: remove flushing the INPUT/OUTPUT tables.

It doesn't use them, so it should not have to flush them.
This is a minimalistic attempt to cooperate with the BandwidthController.

Change-Id: Ia175a86403adf034ac6f44d7ebc4ebe941881368
/system/netd/NatController.cpp
ac208608c9e10ef199fdd11c38a31675ee9290c0 28-May-2011 John Michelau <john.michelau@motorola.com> Do not wipe all netd iptables rules in test mode

The NatController fail-safe which flushes the iptables when the ref
count reaches zero unintentionally wipes out all static rules setup
by init in bp-tools test mode. Doing this flush is not necessary.

Change-Id: I37890e79cd701aa2e970958a246dfe7514a65c47
/system/netd/NatController.cpp
ff2c0d8c13457e43f0d4bf06d3177271aac104c1 17-Nov-2010 Olivier Bailly <olivier@google.com> Add missing include headers for compilation on x86 targets.

Change-Id: I99f7b79bfb5b6305a0772f418a54ace50cac1bbe
/system/netd/NatController.cpp
b5ff9b277f256df84caf3d798ccc83b4740a1d31 13-Oct-2010 Paul Eastham <eastham@google.com> Remove STOPSHIP comment

Change-Id: I2d42d6ddb16f88929b5edeeeb653feca8348e804
/system/netd/NatController.cpp
210b97745e14830cdb1f29ee1109e6e516f4e6f6 25-Mar-2010 Robert Greenwalt <robdroid@android.com> Fix bug in NATing code.

Silly errors in refcount logic did the wrong thing.

Change-Id: I2cfc208615258397501450717cfcb7eb0386c9d4
/system/netd/NatController.cpp
1caafe66a6b927fa5d8eb4c59ec9eb48b0b1b075 24-Mar-2010 Robert Greenwalt <robdroid@android.com> Make NATing add/remove iptable rules as needed

It was flushing on every unNAT, but really you want to remove just those rules. We'll
Flush when we get to 0 NATs.

bug: 2542176
Change-Id: Ia70580191b1aed754689864044de122234346011
/system/netd/NatController.cpp
9ff78fb7da7158f5bd7c86d89a842691820259cf 19-Jan-2010 San Mehat <san@google.com> netd: Add primitive NAT control

Update: Add stub function to validate interface existance

Signed-off-by: San Mehat <san@google.com>
/system/netd/NatController.cpp