| be79d6547d93c0be373db811d3f0265a93a76f3f |
|
10-Aug-2017 |
Lorenzo Colitti <lorenzo@google.com> |
Convert NatController to iptables-restore.
This conversion is a bit more involved than previous ones, mostly
due to all the error unwinding.
For the sake of readability, this change limits itself to
converting mostly maintaining their order, with the exception
that it puts the rpfilter rule before all the LOCAL_FORWARD rules
to simplify error handling.
It also groups commands together as much as possible to simplify
error handling: because a set of iptables commands between
"*<table>" and "COMMIT" will either all succeed or all fail,
grouping commands together limits the number of required
error handling paths.
(cherry picked from commit eb7eb3ecea2e06e84fa9528b68d0a618b16b1ad9)
Bug: 28362720
Test: bullhead builds,boots
Test: netd_{unit,integration}_test pass
Change-Id: I73b511e242773e559afef00fa29154267070691d
Merged-In: I3f72946de374a7deaeef88b1dd5589d9a20ccce7
/system/netd/server/NatController.cpp
|
| 4fcb4a0d90be5e00b16b558089bd69d3c414d382 |
|
03-Feb-2017 |
Lorenzo Colitti <lorenzo@google.com> |
Move NatController startup to iptables-restore.
This makes NatController startup much faster. Before:
02-03 14:09:19.199 485 485 I Netd : Setting up NatController hooks: 223.4ms
After:
02-03 14:28:09.407 488 488 I Netd : Setting up NatController hooks: 13.8ms
Also, fail if MSS rewriting is not supported. It's much easier
to diagnose a failure than a performance problem.
Test: unit tests continue to pass
Test: bullhead builds, boots, wifi tethering works
Fix: 17629786
Bug: 34873832
Change-Id: I0ef498ecbbb82a2672c279056d189d026e13100a
/system/netd/server/NatController.cpp
|
| bd96d9582e719c5cbc68fd59aa8e6f703b510eb3 |
|
01-Aug-2016 |
Lorenzo Colitti <lorenzo@google.com> |
Don't start tethering if IPv6 RPF is not supported.
Bug: 9580643
Bug: 30298058
Change-Id: Ia2e81786527b5718ed7f9dd195a39ea1eb7eb2b4
/system/netd/server/NatController.cpp
|
| 8917e45f7f8d49b645fd6ed10942dfe20c71ac0e |
|
01-Aug-2016 |
Lorenzo Colitti <lorenzo@google.com> |
Enable IPv6 reverse path filtering.
Bug: 9580643
Bug: 30298058
Change-Id: I45c1f46994a07f656434088cafe753d58731faa0
/system/netd/server/NatController.cpp
|
| 05cfd25d3f22c71c2c6980d1880c01162d915665 |
|
10-Jul-2016 |
Lorenzo Colitti <lorenzo@google.com> |
Add counters for IPv6 tethering.
Bug: 9580643
Change-Id: I60ff10cea8e8e90eeaf5412f1b6254696073506d
/system/netd/server/NatController.cpp
|
| 8e1cee9064af5b2e0d8095d5a6a05953616d7d4c |
|
09-Jul-2016 |
Lorenzo Colitti <lorenzo@google.com> |
Add a test for NatController.
Bug: 9580643
Change-Id: I6ac3b754ec0b720674c6221e3a776314e86fe58c
/system/netd/server/NatController.cpp
|
| 94b2ab92f6e886d24092781159714be75c9f3954 |
|
04-Aug-2015 |
Paul Jensen <pauljensen@google.com> |
Make netd calls to iptables wait for xtables lock
Without this wait iptables commands can fail with various unpleasant
consequences like Log.wtf() or missing iptables rules. The most
critical calls to iptables in NetdConstants.cpp already wait for the
lock.
Bug:22802665
Change-Id: I7d542c3d4f0e005618e368da674159b90d652c8a
/system/netd/server/NatController.cpp
|
| 32d768792bcd5860512998543f6904d91da1a9b7 |
|
25-Feb-2015 |
Lorenzo Colitti <lorenzo@google.com> |
Separate NAT from forwarding.
Bug: 19500693
Change-Id: Ib3871106ea3c0d68327611e7568c0710210e4ff2
/system/netd/server/NatController.cpp
|
| e8164ddc8204b626c1144a0a504754bf6622c6fd |
|
02-Oct-2014 |
Lorenzo Colitti <lorenzo@google.com> |
Fix MSS clamping.
http://ag/553410 added an iptables chain and rule to do MSS
clamping for tethered clients, but did not add the chain to any
other chains, so the rule had no effect.
Fix this by adding the chain to the proper forwarding chains.
Also rename some of the new variables and constants so they are
more consistent with the previous code.
Bug: 17552732
Bug: 17727533
Change-Id: I9fcae31de5c0283d7d9f1dac989de84f77c5e53c
/system/netd/server/NatController.cpp
|
| 6b6f22fac4c33fcd349aaf6970bbdc191db752a3 |
|
18-Sep-2014 |
Gordon Gao <njh348@motorola.com> |
Enable tcp mss clamp for Tethering
With this change, IPv4 tethering clients (such as PC) with default
MTU size 1500 will be configured again in the phone to use MTU
matching the carrier network, then no IP fragemention in the phone
and have higher data throughput for tethering.
bug:17552732
Change-Id: Ia306b1b8454da1b0e2d9c320e770aeff172d5fc4
/system/netd/server/NatController.cpp
|
| 8b3b91c6cad577e2928a29073fc962c57ef75af5 |
|
22-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Try to undo iptables rules if a command fails.
As per review comments at:
https://googleplex-android-review.git.corp.google.com/#/c/504240/5/server/NatController.cpp@194
Bug: 15413694
Bug: 15413741
Change-Id: I99e2f83792fa81498447e4c03f5f8be1d2c43b7d
/system/netd/server/NatController.cpp
|
| 87475a1471373b72ffc9f81f17dfd7884723fa86 |
|
16-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Fix WiFi-Direct and Tethering.
A LocalNetwork object now always exists in the NetworkController, with a fixed
NetId that's guaranteed not to collide with NetIds created by the framework.
When routes are added on an interface tracked by the LocalNetwork, they are
added to a fixed "local_network" table.
When NAT is enabled, we add a special "iif -> oif" tethering rule.
Bug: 15413694
Bug: 15413741
Change-Id: I36effc438d5ac193a77174493bf196cb68a5b97a
/system/netd/server/NatController.cpp
|
| 6a773534e7f8541f221f27fb8063af079b1a5936 |
|
11-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Fix tethering in the case of a regular upstream connection.
Fixes tethering via Ethernet, Bluetooth and WiFi (hotspot).
Tethering when the upstream has a DUN-specific APN is likely still broken
(untested).
For now, assign a fixed NetId (a hack) until we can change the framework to
create a valid NetworkAgent and all that jazz.
Bug: 15968336
Bug: 14988803
Change-Id: Idcf4d492d9329a9c87913e27be6dd835a792bea2
/system/netd/server/NatController.cpp
|
| e09b20aee85f1dfd8c18c3d8581ac875d939ba70 |
|
06-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Add full support for UIDs in VPNs.
Major:
+ Implement the functions mentioned in http://go/android-multinetwork-routing
correctly, including handling accept(), connect(), setNetworkForSocket()
and protect() and supporting functions like canUserSelectNetwork().
+ Eliminate the old code path of getting/setting UID ranges through
SecondaryTableController (which is currently unused) and mUidMap.
Minor:
+ Rename some methods/variables for clarity and consistency.
+ Moved some methods in .cpp files to match declaration order in the .h files.
Bug: 15409918
Change-Id: Ic6ce3646c58cf645db0d9a53cbeefdd7ffafff93
/system/netd/server/NatController.cpp
|
| 69261cb65186e27dfbdc1e3eec796437f9968ff9 |
|
20-Jun-2014 |
JP Abgrall <jpa@google.com> |
server: check interface names in RPC arguments for validity
This patch introduces a method isIfaceName that checks interface
names from various RPCs for validity before e.g. using them as
part of iptables arguments or in filenames.
All of these RPC calls can only be called from applications
with at least the CONNECTIVITY_INTERNAL permission in recent
Android versions, so the impact of the missing checks luckily
isn't very high.
Orig-Author: Jann Horn <jann@thejh.net>
Change-Id: I80df8d745a3de99ad02d6649f0d10562c81f6b98
Signed-off-by: JP Abgrall <jpa@google.com>
/system/netd/server/NatController.cpp
|
| 56afacf838d24cf8e54d2cf0d8ab9182ab704125 |
|
29-May-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Turn on C++11 and make all warnings into errors.
As a consequence:
+ Comment out the names of all unused parameters.
+ Remove all unused variables and functions.
In server/Android.mk, there are a couple of non-trivial changes:
+ Use libcxx instead of stlport. This is needed to fix a bunch of errors due to
specifying -std=c++11.
+ LOCAL_SHARED_LIBRARIES is sorted. Technically, the order in which libraries
are listed has an effect on linking, but nobody should be doing such brittle
things anyway.
Change-Id: I0aff5b745e04609da23144d0e8be4c5694321b8b
/system/netd/server/NatController.cpp
|
| f4cfad361175a7f9ccf4d41e76a9b289c3c3da22 |
|
21-May-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Move netd_client into netd.
Change-Id: Ie4b6b303225c93f2448a503d6ea9cebb552cbad5
/system/netd/server/NatController.cpp
|