| be79d6547d93c0be373db811d3f0265a93a76f3f |
|
10-Aug-2017 |
Lorenzo Colitti <lorenzo@google.com> |
Convert NatController to iptables-restore.
This conversion is a bit more involved than previous ones, mostly
due to all the error unwinding.
For the sake of readability, this change limits itself to
converting mostly maintaining their order, with the exception
that it puts the rpfilter rule before all the LOCAL_FORWARD rules
to simplify error handling.
It also groups commands together as much as possible to simplify
error handling: because a set of iptables commands between
"*<table>" and "COMMIT" will either all succeed or all fail,
grouping commands together limits the number of required
error handling paths.
(cherry picked from commit eb7eb3ecea2e06e84fa9528b68d0a618b16b1ad9)
Bug: 28362720
Test: bullhead builds,boots
Test: netd_{unit,integration}_test pass
Change-Id: I73b511e242773e559afef00fa29154267070691d
Merged-In: I3f72946de374a7deaeef88b1dd5589d9a20ccce7
/system/netd/server/NatController.h
|
| 4fcb4a0d90be5e00b16b558089bd69d3c414d382 |
|
03-Feb-2017 |
Lorenzo Colitti <lorenzo@google.com> |
Move NatController startup to iptables-restore.
This makes NatController startup much faster. Before:
02-03 14:09:19.199 485 485 I Netd : Setting up NatController hooks: 223.4ms
After:
02-03 14:28:09.407 488 488 I Netd : Setting up NatController hooks: 13.8ms
Also, fail if MSS rewriting is not supported. It's much easier
to diagnose a failure than a performance problem.
Test: unit tests continue to pass
Test: bullhead builds, boots, wifi tethering works
Fix: 17629786
Bug: 34873832
Change-Id: I0ef498ecbbb82a2672c279056d189d026e13100a
/system/netd/server/NatController.h
|
| 8917e45f7f8d49b645fd6ed10942dfe20c71ac0e |
|
01-Aug-2016 |
Lorenzo Colitti <lorenzo@google.com> |
Enable IPv6 reverse path filtering.
Bug: 9580643
Bug: 30298058
Change-Id: I45c1f46994a07f656434088cafe753d58731faa0
/system/netd/server/NatController.h
|
| 8e1cee9064af5b2e0d8095d5a6a05953616d7d4c |
|
09-Jul-2016 |
Lorenzo Colitti <lorenzo@google.com> |
Add a test for NatController.
Bug: 9580643
Change-Id: I6ac3b754ec0b720674c6221e3a776314e86fe58c
/system/netd/server/NatController.h
|
| e8164ddc8204b626c1144a0a504754bf6622c6fd |
|
02-Oct-2014 |
Lorenzo Colitti <lorenzo@google.com> |
Fix MSS clamping.
http://ag/553410 added an iptables chain and rule to do MSS
clamping for tethered clients, but did not add the chain to any
other chains, so the rule had no effect.
Fix this by adding the chain to the proper forwarding chains.
Also rename some of the new variables and constants so they are
more consistent with the previous code.
Bug: 17552732
Bug: 17727533
Change-Id: I9fcae31de5c0283d7d9f1dac989de84f77c5e53c
/system/netd/server/NatController.h
|
| 87475a1471373b72ffc9f81f17dfd7884723fa86 |
|
16-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Fix WiFi-Direct and Tethering.
A LocalNetwork object now always exists in the NetworkController, with a fixed
NetId that's guaranteed not to collide with NetIds created by the framework.
When routes are added on an interface tracked by the LocalNetwork, they are
added to a fixed "local_network" table.
When NAT is enabled, we add a special "iif -> oif" tethering rule.
Bug: 15413694
Bug: 15413741
Change-Id: I36effc438d5ac193a77174493bf196cb68a5b97a
/system/netd/server/NatController.h
|
| 6a773534e7f8541f221f27fb8063af079b1a5936 |
|
11-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Fix tethering in the case of a regular upstream connection.
Fixes tethering via Ethernet, Bluetooth and WiFi (hotspot).
Tethering when the upstream has a DUN-specific APN is likely still broken
(untested).
For now, assign a fixed NetId (a hack) until we can change the framework to
create a valid NetworkAgent and all that jazz.
Bug: 15968336
Bug: 14988803
Change-Id: Idcf4d492d9329a9c87913e27be6dd835a792bea2
/system/netd/server/NatController.h
|
| 69261cb65186e27dfbdc1e3eec796437f9968ff9 |
|
20-Jun-2014 |
JP Abgrall <jpa@google.com> |
server: check interface names in RPC arguments for validity
This patch introduces a method isIfaceName that checks interface
names from various RPCs for validity before e.g. using them as
part of iptables arguments or in filenames.
All of these RPC calls can only be called from applications
with at least the CONNECTIVITY_INTERNAL permission in recent
Android versions, so the impact of the missing checks luckily
isn't very high.
Orig-Author: Jann Horn <jann@thejh.net>
Change-Id: I80df8d745a3de99ad02d6649f0d10562c81f6b98
Signed-off-by: JP Abgrall <jpa@google.com>
/system/netd/server/NatController.h
|
| f4cfad361175a7f9ccf4d41e76a9b289c3c3da22 |
|
21-May-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Move netd_client into netd.
Change-Id: Ie4b6b303225c93f2448a503d6ea9cebb552cbad5
/system/netd/server/NatController.h
|