be79d6547d93c0be373db811d3f0265a93a76f3f |
|
10-Aug-2017 |
Lorenzo Colitti <lorenzo@google.com> |
Convert NatController to iptables-restore. This conversion is a bit more involved than previous ones, mostly due to all the error unwinding. For the sake of readability, this change limits itself to converting mostly maintaining their order, with the exception that it puts the rpfilter rule before all the LOCAL_FORWARD rules to simplify error handling. It also groups commands together as much as possible to simplify error handling: because a set of iptables commands between "*<table>" and "COMMIT" will either all succeed or all fail, grouping commands together limits the number of required error handling paths. (cherry picked from commit eb7eb3ecea2e06e84fa9528b68d0a618b16b1ad9) Bug: 28362720 Test: bullhead builds,boots Test: netd_{unit,integration}_test pass Change-Id: I73b511e242773e559afef00fa29154267070691d Merged-In: I3f72946de374a7deaeef88b1dd5589d9a20ccce7
/system/netd/server/NatController.cpp
|
4fcb4a0d90be5e00b16b558089bd69d3c414d382 |
|
03-Feb-2017 |
Lorenzo Colitti <lorenzo@google.com> |
Move NatController startup to iptables-restore. This makes NatController startup much faster. Before: 02-03 14:09:19.199 485 485 I Netd : Setting up NatController hooks: 223.4ms After: 02-03 14:28:09.407 488 488 I Netd : Setting up NatController hooks: 13.8ms Also, fail if MSS rewriting is not supported. It's much easier to diagnose a failure than a performance problem. Test: unit tests continue to pass Test: bullhead builds, boots, wifi tethering works Fix: 17629786 Bug: 34873832 Change-Id: I0ef498ecbbb82a2672c279056d189d026e13100a
/system/netd/server/NatController.cpp
|
bd96d9582e719c5cbc68fd59aa8e6f703b510eb3 |
|
01-Aug-2016 |
Lorenzo Colitti <lorenzo@google.com> |
Don't start tethering if IPv6 RPF is not supported. Bug: 9580643 Bug: 30298058 Change-Id: Ia2e81786527b5718ed7f9dd195a39ea1eb7eb2b4
/system/netd/server/NatController.cpp
|
8917e45f7f8d49b645fd6ed10942dfe20c71ac0e |
|
01-Aug-2016 |
Lorenzo Colitti <lorenzo@google.com> |
Enable IPv6 reverse path filtering. Bug: 9580643 Bug: 30298058 Change-Id: I45c1f46994a07f656434088cafe753d58731faa0
/system/netd/server/NatController.cpp
|
05cfd25d3f22c71c2c6980d1880c01162d915665 |
|
10-Jul-2016 |
Lorenzo Colitti <lorenzo@google.com> |
Add counters for IPv6 tethering. Bug: 9580643 Change-Id: I60ff10cea8e8e90eeaf5412f1b6254696073506d
/system/netd/server/NatController.cpp
|
8e1cee9064af5b2e0d8095d5a6a05953616d7d4c |
|
09-Jul-2016 |
Lorenzo Colitti <lorenzo@google.com> |
Add a test for NatController. Bug: 9580643 Change-Id: I6ac3b754ec0b720674c6221e3a776314e86fe58c
/system/netd/server/NatController.cpp
|
94b2ab92f6e886d24092781159714be75c9f3954 |
|
04-Aug-2015 |
Paul Jensen <pauljensen@google.com> |
Make netd calls to iptables wait for xtables lock Without this wait iptables commands can fail with various unpleasant consequences like Log.wtf() or missing iptables rules. The most critical calls to iptables in NetdConstants.cpp already wait for the lock. Bug:22802665 Change-Id: I7d542c3d4f0e005618e368da674159b90d652c8a
/system/netd/server/NatController.cpp
|
32d768792bcd5860512998543f6904d91da1a9b7 |
|
25-Feb-2015 |
Lorenzo Colitti <lorenzo@google.com> |
Separate NAT from forwarding. Bug: 19500693 Change-Id: Ib3871106ea3c0d68327611e7568c0710210e4ff2
/system/netd/server/NatController.cpp
|
e8164ddc8204b626c1144a0a504754bf6622c6fd |
|
02-Oct-2014 |
Lorenzo Colitti <lorenzo@google.com> |
Fix MSS clamping. http://ag/553410 added an iptables chain and rule to do MSS clamping for tethered clients, but did not add the chain to any other chains, so the rule had no effect. Fix this by adding the chain to the proper forwarding chains. Also rename some of the new variables and constants so they are more consistent with the previous code. Bug: 17552732 Bug: 17727533 Change-Id: I9fcae31de5c0283d7d9f1dac989de84f77c5e53c
/system/netd/server/NatController.cpp
|
6b6f22fac4c33fcd349aaf6970bbdc191db752a3 |
|
18-Sep-2014 |
Gordon Gao <njh348@motorola.com> |
Enable tcp mss clamp for Tethering With this change, IPv4 tethering clients (such as PC) with default MTU size 1500 will be configured again in the phone to use MTU matching the carrier network, then no IP fragemention in the phone and have higher data throughput for tethering. bug:17552732 Change-Id: Ia306b1b8454da1b0e2d9c320e770aeff172d5fc4
/system/netd/server/NatController.cpp
|
8b3b91c6cad577e2928a29073fc962c57ef75af5 |
|
22-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Try to undo iptables rules if a command fails. As per review comments at: https://googleplex-android-review.git.corp.google.com/#/c/504240/5/server/NatController.cpp@194 Bug: 15413694 Bug: 15413741 Change-Id: I99e2f83792fa81498447e4c03f5f8be1d2c43b7d
/system/netd/server/NatController.cpp
|
87475a1471373b72ffc9f81f17dfd7884723fa86 |
|
16-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Fix WiFi-Direct and Tethering. A LocalNetwork object now always exists in the NetworkController, with a fixed NetId that's guaranteed not to collide with NetIds created by the framework. When routes are added on an interface tracked by the LocalNetwork, they are added to a fixed "local_network" table. When NAT is enabled, we add a special "iif -> oif" tethering rule. Bug: 15413694 Bug: 15413741 Change-Id: I36effc438d5ac193a77174493bf196cb68a5b97a
/system/netd/server/NatController.cpp
|
6a773534e7f8541f221f27fb8063af079b1a5936 |
|
11-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Fix tethering in the case of a regular upstream connection. Fixes tethering via Ethernet, Bluetooth and WiFi (hotspot). Tethering when the upstream has a DUN-specific APN is likely still broken (untested). For now, assign a fixed NetId (a hack) until we can change the framework to create a valid NetworkAgent and all that jazz. Bug: 15968336 Bug: 14988803 Change-Id: Idcf4d492d9329a9c87913e27be6dd835a792bea2
/system/netd/server/NatController.cpp
|
e09b20aee85f1dfd8c18c3d8581ac875d939ba70 |
|
06-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Add full support for UIDs in VPNs. Major: + Implement the functions mentioned in http://go/android-multinetwork-routing correctly, including handling accept(), connect(), setNetworkForSocket() and protect() and supporting functions like canUserSelectNetwork(). + Eliminate the old code path of getting/setting UID ranges through SecondaryTableController (which is currently unused) and mUidMap. Minor: + Rename some methods/variables for clarity and consistency. + Moved some methods in .cpp files to match declaration order in the .h files. Bug: 15409918 Change-Id: Ic6ce3646c58cf645db0d9a53cbeefdd7ffafff93
/system/netd/server/NatController.cpp
|
69261cb65186e27dfbdc1e3eec796437f9968ff9 |
|
20-Jun-2014 |
JP Abgrall <jpa@google.com> |
server: check interface names in RPC arguments for validity This patch introduces a method isIfaceName that checks interface names from various RPCs for validity before e.g. using them as part of iptables arguments or in filenames. All of these RPC calls can only be called from applications with at least the CONNECTIVITY_INTERNAL permission in recent Android versions, so the impact of the missing checks luckily isn't very high. Orig-Author: Jann Horn <jann@thejh.net> Change-Id: I80df8d745a3de99ad02d6649f0d10562c81f6b98 Signed-off-by: JP Abgrall <jpa@google.com>
/system/netd/server/NatController.cpp
|
56afacf838d24cf8e54d2cf0d8ab9182ab704125 |
|
29-May-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Turn on C++11 and make all warnings into errors. As a consequence: + Comment out the names of all unused parameters. + Remove all unused variables and functions. In server/Android.mk, there are a couple of non-trivial changes: + Use libcxx instead of stlport. This is needed to fix a bunch of errors due to specifying -std=c++11. + LOCAL_SHARED_LIBRARIES is sorted. Technically, the order in which libraries are listed has an effect on linking, but nobody should be doing such brittle things anyway. Change-Id: I0aff5b745e04609da23144d0e8be4c5694321b8b
/system/netd/server/NatController.cpp
|
f4cfad361175a7f9ccf4d41e76a9b289c3c3da22 |
|
21-May-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Move netd_client into netd. Change-Id: Ie4b6b303225c93f2448a503d6ea9cebb552cbad5
/system/netd/server/NatController.cpp
|