209 // + If |mask| is non-zero, the rule matches the specified fwmark and mask. Otherwise, |fwmark| is
218                                     uint32_t table, uint32_t fwmark, uint32_t mask, const char* iif,
220     // Ensure that if you set a bit in the fwmark, it's not being ignored by the mask.
221     if (fwmark & ~mask) {
222         ALOGE("mask 0x%x does not select all the bits set in fwmark 0x%x", mask, fwmark);
273         { &fwmark,           mask ? sizeof(fwmark) : 0 },
304                                     uint32_t fwmark, uint32_t mask, const char* iif,
306     return modifyIpRule(action, priority, FR_ACT_TO_TBL, table, fwmark, mask, iif, oif, uidStart,
311                                     uint32_t fwmark, uint32_t mask) {
312     return modifyIpRule(action, priority, table, fwmark, mask, IIF_NONE, OIF_NONE, INVALID_UID,
412 // + Use the right fwmark for (and thus correctly route) replies (e.g.: TCP RST, ICMP errors, ping
418     Fwmark fwmark;
420     fwmark.netId = netId;
421     fwmark.explicitlySelected = true;
422     fwmark.protectedFromVpn = true;
423     fwmark.permission = permission;
426                                    add ? "-A" : "-D", interface, fwmark.intValue);
452     Fwmark fwmark;
455     fwmark.protectedFromVpn = false;
465         fwmark.explicitlySelected = false;
469     return modifyIpRule(add ? RTM_NEWRULE : RTM_DELRULE, priority, table, fwmark.intValue,
480     Fwmark fwmark;
483     fwmark.netId = netId;
486     fwmark.permission = PERMISSION_SYSTEM;
491     return modifyIpRule(add ? RTM_NEWRULE : RTM_DELRULE, priority, table, fwmark.intValue,
499 // Even though we check permissions at the time we set a netId into the fwmark of a socket, we need
505     Fwmark fwmark;
508     fwmark.netId = netId;
511     fwmark.explicitlySelected = true;
514     fwmark.permission = permission;
518                         fwmark.intValue, mask.intValue, IIF_NONE, OIF_NONE, uidStart, uidEnd);
528     Fwmark fwmark;
531     fwmark.permission = permission;
538                                    table, fwmark.intValue, mask.intValue, IIF_NONE, interface,
545                         fwmark.intValue, mask.intValue, IIF_NONE, interface, uidStart, uidEnd);
555     Fwmark fwmark;
558     fwmark.netId = netId;
561     fwmark.explicitlySelected = false;
564     fwmark.permission = permission;
568                         fwmark.intValue, mask.intValue);
584     Fwmark fwmark;
587     fwmark.netId = vpnNetId;
590     fwmark.explicitlySelected = false;
593     fwmark.permission = permission;
596     return modifyIpRule(action, RULE_PRIORITY_VPN_FALLTHROUGH, table, fwmark.intValue,
602     Fwmark fwmark;
605     fwmark.explicitlySelected = false;
610                                fwmark.intValue, mask.intValue)) {
614                                ROUTE_TABLE_LEGACY_NETWORK, fwmark.intValue, mask.intValue)) {
618     fwmark.permission = PERMISSION_SYSTEM;
623                         fwmark.intValue, mask.intValue);
633     Fwmark fwmark;
636     fwmark.explicitlySelected = false;
640                         fwmark.intValue, mask.intValue);
682     Fwmark fwmark;
685     fwmark.netId = NETID_UNSET;
689                         fwmark.intValue, mask.intValue, IIF_NONE, OIF_NONE, UID_ROOT, UID_ROOT);
731     Fwmark fwmark;
733     fwmark.protectedFromVpn = false;
739                                    fwmark.intValue, mask.intValue, IIF_LOOPBACK, OIF_NONE,
794     Fwmark fwmark;
797     fwmark.netId = NETID_UNSET;
800     fwmark.permission = permission;
803     return modifyIpRule(action, RULE_PRIORITY_DEFAULT_NETWORK, table, fwmark.intValue,

Indexes created Sun Sep 10 09:05:34 CEST 2017