2bf769bb24c2ecf2ffac37773c1656cc15b654dd |
|
10-Mar-2017 |
Lorenzo Colitti <lorenzo@google.com> |
Android-specific changes for upgrade to iptables-1.6.1. The most important change here regards the iptables lock. Upstream uses flock() to lock /run/xtables.lock, creating it if it does not exist. Instead of putting the lock on a read-write partition such as /data, which on some devices is mounted twice during boot, add a zero-length file to /system/etc so we're always locking the same file. strace shows that flock() succeeds on this file even if /system is mounted readonly: $ adb shell cat /proc/mounts | grep /system /dev/block/platform/soc.0/f9824900.sdhci/by-name/system /system ext4 ro,seclabel,relatime,data=ordered,inode_readahead_blks=8 0 0 $ adb shell strace iptables -L -n -t nat 2>&1 | egrep "flock|xtables.lock" openat(AT_FDCWD, "/system/etc/xtables.lock", O_RDONLY|O_CREAT, 0600) = 3 flock(3, LOCK_EX|LOCK_NB) = 0 Also: 1. Don't compile the xt_cgroup module. This doesn't exist in our current version, and it doesn't build due to a redefinition of O_PATH. 2. Set HAVE_LINUX_PROC_FS_H since we have it. 3. Update version number. 4. Include time.h from xshared.h. This fixes the warning: external/iptables/iptables/xshared.h:89:36: error: declaration of 'struct timeval' will not be visible outside of this function [-Werror,-Wvisibility] This CL only contains changes to Android code. Bug: 36108349 Test: bullhead builds and boots Test: netd_{unit,integration} test passes Test: iptables rules on boot are the same before and after change stack Change-Id: I9fc172c76b820a0cb11ac72b83fc2ddd5b222545
/external/iptables/config.h
|