History log of /system/netd/NatController.cpp
Revision Date Author Comments (<<< Hide modified files) (Show modified files >>>)
8e188ed5c989ddcc07f0f5e9839493c22d17e7b6 13-Jul-2012 Jeff Sharkey <jsharkey@android.com> Consolidate iptables chain management.

Move creation and management of module iptables chains up into
CommandListener, which gives better visibility into ordering.

Change-Id: If0c94187c6e59a20840b035d7241057f45a0f74b
458f318280c3b98d84958c63899c949c71612b1a 25-Apr-2012 JP Abgrall <jpa@google.com> netd: NatController: don't setup iptables hooks in constructor.

iptables top-level chain updates should happen within CommandListener()
when it invokes the various modules' setupIptablesHooks().
And remove the extra DROP rule.

Change-Id: I33d2cfbd5444516f855ff85152c472352944cc77
0031cead820149e2fe3ccb3cc2fe05758a3cb5c2 18-Apr-2012 JP Abgrall <jpa@google.com> netd: Idletimer vs Nat vs Bandwidth controllers

* modified iptables users to work in controller specific custom chains.
- each controller only works withing his own custom chains and not the
- CommandListener now invokes setupIptablesHooks() for each controller
once. That is the only time they are allowed to access the top-level

* Added idletimer controller.
From https://android-git.corp.google.com/g/#/c/180769/2
- supported commands
. ndc idletimer enable
. ndc idletimer add <iface> <timeout>
. ndc idletimer remove <iface> <timeout_used_during_add>
There is a framework change elsewhere that receives netlink messages.

Signed-off-by: Ashish Sharma <ashishsharma@google.com>
Signed-off-by: JP Abgrall <jpa@google.com>
Change-Id: Ia57450c09166ce20f21d1e3b49047ef1e98f2a3d
d14fd4f83ffeea4ad1cd559a41f775f6814565cc 12-Jan-2012 Jaime A Lopez-Sollano <jaimel@quicinc.com> Increase the valid name of the iface to IFNAMSIZ

Define MAX_IFACE_LENGTH as IFNAMSIZ instead of 10, to
prevent netd from treating an interface name 'rmnet_sdio0'
as invalid.
Also fix an off-by-one error.

Change-Id: If6b2b27d2da6eb72f01c090cbe4f7dc2b9c296ae
c462177bd58e3bf0ac4f618934dae060569e3e0b 31-Jan-2012 Robert Greenwalt <rgreenwalt@google.com> Keep better tabs on secondary tables.

We had some places (NatController) where routes were being set
but not accounted for in the number-of-routes talley so we
could end up thinking the table was empty and not clean up
after ourselves properly.

Also consolidated constants.

Change-Id: I98a41d433e1d4b4ca6692fb2328e2c9afc828145
053a99cef7b6d87a52216df7845b225703c74462 19-Jan-2012 Kazuhiro Ondo <kazuhiro.ondo@motorola.com> am b210b180: am 4ab46857: Add back hook for inserting OEM specific iptables rules.

* commit 'b210b1806c740bf66eb04eb8e8d8ee75c01652dd':
Add back hook for inserting OEM specific iptables rules.
4ab468577647d1ee73810b89d2287eaa5546fecb 12-Jan-2012 Kazuhiro Ondo <kazuhiro.ondo@motorola.com> Add back hook for inserting OEM specific iptables rules.

The functionality was lost during merge in ICS branch.
This patch is adding back OEM iptables hook in netd.

Change-Id: I9444b8c53e8b84fea2002c2c1d9ba42e45ae5f0c
5ea0c05a1e7d8e664b808aa1bb1efd08fdb2fb13 06-Jan-2012 Steve Block <steveblock@google.com> Rename (IF_)LOGE(_IF) to (IF_)ALOGE(_IF) DO NOT MERGE

See https://android-git.corp.google.com/g/#/c/157220

Bug: 5449033
Change-Id: I8ab66debe4d0c3857a4b80f6f7b6925a352cda87
9e5e0ce62e88ddf9a09798eda51b0c270d354c8e 15-Dec-2011 JP Abgrall <jpa@google.com> netd: fix argument interpretation bug

While working around the logwrap() issue, it was replaced with system()
which could lead to various commands getting misinterpreted.

We now use a system() equivalent that doesn't use "sh -c".

Change-Id: I2599b526ac34bcfca18d05261286d902d547efda
063af322b48ab1bb0c3e09eb0b64915ba568275b 19-Nov-2011 Robert Greenwalt <rgreenwalt@google.com> Fix some syntax issues with IP command.

Was not building secondary tables properly. Also IPv6 host routes
were failing.

Change-Id: I0d5ad2ed7d13e4d5bd8c2f8ce15fc0ccb36a4690
fc97b82e02979f246d56a4bfd60e4aab8686d3f6 03-Nov-2011 Robert Greenwalt <rgreenwalt@google.com> Start using IP tool for advanced routing.

Change-Id: I51f21060947f57e63b18c4d35e9d49fac488d48a
f7bf29c8a37d65e132a4dceb7c5a4200ed5c3d79 02-Nov-2011 Robert Greenwalt <rgreenwalt@google.com> When un-natting try to do all we can

Regardless of errors we should try to do as much as possible. Sometimes
some steps may fail if interfaces are taken down before we can un-nat them.

Change-Id: I9c9b0123198dba890565e0a6e4e15add16b369c2
11b4e9b26fe7b878992162afb39f5a8acfd143ed 12-Aug-2011 JP Abgrall <jpa@google.com> netd: all: use system() instead of logwrap() for now.

The logwrapper uses a blocking read() which does not always
correctly detect when the child process at the other end is gone.
This is a quick workaround for http://b/5144246
A cleaner logwrapper parent() will follow.

Add support for BandwidthController() to use either system() or
logwrap(). It looks at "persist.bandwidth.uselogwrap" to be 0 or 1.

Change-Id: I2d17732214f1a7fef6838eee05d827695b707ab0
Signed-off-by: JP Abgrall <jpa@google.com>
6ccebd085f8df439447ffe6060206a0a5af8d448 04-Aug-2011 Robert Greenwalt <rgreenwalt@google.com> am e98a5816: am 6e4d5db1: Fix two error-case unwinders.

* commit 'e98a581641a233fd048bf76f68650b627ef546e5':
Fix two error-case unwinders.
6e4d5db1b11f808bb4bdcc8dd45a7158c6c88515 04-Aug-2011 Robert Greenwalt <rgreenwalt@google.com> Fix two error-case unwinders.

Noticed by moto, I missed to calls to actually do the unwinding.

Change-Id: Ie4da4979a3ad0eedcb6d468fecdff6614b1819bd
49012139e14e5f9cc4e452716e8164c3e7cfd9de 02-Aug-2011 Robert Greenwalt <rgreenwalt@google.com> am 69a5b777: am ddb9f6eb: Add DROP rule for INVALID packets.

* commit '69a5b7777f67f6d5ad9dbd33758332c7b0104613':
Add DROP rule for INVALID packets.
ddb9f6eb8d8c35f46c1e3da68f375b85903e85c9 02-Aug-2011 Robert Greenwalt <rgreenwalt@google.com> Add DROP rule for INVALID packets.

Change-Id: Ib942c557e7f2694b6ee18cc6562df597165894ce
4309f87d5baa54a2741f35e0cb09959c55ff1ab6 30-Jul-2011 Wink Saville <wink@google.com> DO NOT MERGE: Update OEM iptable hooks and ip fwd

This is a squash of two changes from partner repo:

Clean up OEM iptables hooks

Id: Ife7a1c08ca88beba2dede776d2e4dd6097dad05a


Add hooks for OEM iptables rules and IP fwd

- Useful for integrating peripherals that use IP for control and
- Add hooks for specifying static iptables rules at startup.
- Add system prop to keep IP forwarding enabled all the time.
- Remove the ro.bootmode=bp-tools hacks.

Id: Ic70d4c88179c530414505976193bf616037500a6

Bug: 5045218
Change-Id: I4229d3576426880b68ac448f9fbb67f2f8f304a0
d80e94ca116224bf52925a1503ced6f257cb88d6 23-Jun-2011 JP Abgrall <jpa@google.com> DO NOT MERGE: NatController: remove flushing the INPUT/OUTPUT tables.

DO NOT MERGE: cherry-pick from master, as oem's will be updating this
file in HC.

It doesn't use them, so it should not have to flush them.
This is a minimalistic attempt to cooperate with the BandwidthController.

Change-Id: Ia175a86403adf034ac6f44d7ebc4ebe941881368
2ad297402daa97238e3fb099fe547e2c0b2cdc4b 23-Jun-2011 JP Abgrall <jpa@google.com> NatController: remove flushing the INPUT/OUTPUT tables.

It doesn't use them, so it should not have to flush them.
This is a minimalistic attempt to cooperate with the BandwidthController.

Change-Id: Ia175a86403adf034ac6f44d7ebc4ebe941881368
ac208608c9e10ef199fdd11c38a31675ee9290c0 28-May-2011 John Michelau <john.michelau@motorola.com> Do not wipe all netd iptables rules in test mode

The NatController fail-safe which flushes the iptables when the ref
count reaches zero unintentionally wipes out all static rules setup
by init in bp-tools test mode. Doing this flush is not necessary.

Change-Id: I37890e79cd701aa2e970958a246dfe7514a65c47
ff2c0d8c13457e43f0d4bf06d3177271aac104c1 17-Nov-2010 Olivier Bailly <olivier@google.com> Add missing include headers for compilation on x86 targets.

Change-Id: I99f7b79bfb5b6305a0772f418a54ace50cac1bbe
b5ff9b277f256df84caf3d798ccc83b4740a1d31 13-Oct-2010 Paul Eastham <eastham@google.com> Remove STOPSHIP comment

Change-Id: I2d42d6ddb16f88929b5edeeeb653feca8348e804
210b97745e14830cdb1f29ee1109e6e516f4e6f6 25-Mar-2010 Robert Greenwalt <robdroid@android.com> Fix bug in NATing code.

Silly errors in refcount logic did the wrong thing.

Change-Id: I2cfc208615258397501450717cfcb7eb0386c9d4
1caafe66a6b927fa5d8eb4c59ec9eb48b0b1b075 24-Mar-2010 Robert Greenwalt <robdroid@android.com> Make NATing add/remove iptable rules as needed

It was flushing on every unNAT, but really you want to remove just those rules. We'll
Flush when we get to 0 NATs.

bug: 2542176
Change-Id: Ia70580191b1aed754689864044de122234346011
9ff78fb7da7158f5bd7c86d89a842691820259cf 19-Jan-2010 San Mehat <san@google.com> netd: Add primitive NAT control

Update: Add stub function to validate interface existance

Signed-off-by: San Mehat <san@google.com>