be79d6547d93c0be373db811d3f0265a93a76f3f |
|
10-Aug-2017 |
Lorenzo Colitti <lorenzo@google.com> |
Convert NatController to iptables-restore. This conversion is a bit more involved than previous ones, mostly due to all the error unwinding. For the sake of readability, this change limits itself to converting mostly maintaining their order, with the exception that it puts the rpfilter rule before all the LOCAL_FORWARD rules to simplify error handling. It also groups commands together as much as possible to simplify error handling: because a set of iptables commands between "*<table>" and "COMMIT" will either all succeed or all fail, grouping commands together limits the number of required error handling paths. (cherry picked from commit eb7eb3ecea2e06e84fa9528b68d0a618b16b1ad9) Bug: 28362720 Test: bullhead builds,boots Test: netd_{unit,integration}_test pass Change-Id: I73b511e242773e559afef00fa29154267070691d Merged-In: I3f72946de374a7deaeef88b1dd5589d9a20ccce7
/system/netd/server/NatController.h
|
4fcb4a0d90be5e00b16b558089bd69d3c414d382 |
|
03-Feb-2017 |
Lorenzo Colitti <lorenzo@google.com> |
Move NatController startup to iptables-restore. This makes NatController startup much faster. Before: 02-03 14:09:19.199 485 485 I Netd : Setting up NatController hooks: 223.4ms After: 02-03 14:28:09.407 488 488 I Netd : Setting up NatController hooks: 13.8ms Also, fail if MSS rewriting is not supported. It's much easier to diagnose a failure than a performance problem. Test: unit tests continue to pass Test: bullhead builds, boots, wifi tethering works Fix: 17629786 Bug: 34873832 Change-Id: I0ef498ecbbb82a2672c279056d189d026e13100a
/system/netd/server/NatController.h
|
8917e45f7f8d49b645fd6ed10942dfe20c71ac0e |
|
01-Aug-2016 |
Lorenzo Colitti <lorenzo@google.com> |
Enable IPv6 reverse path filtering. Bug: 9580643 Bug: 30298058 Change-Id: I45c1f46994a07f656434088cafe753d58731faa0
/system/netd/server/NatController.h
|
8e1cee9064af5b2e0d8095d5a6a05953616d7d4c |
|
09-Jul-2016 |
Lorenzo Colitti <lorenzo@google.com> |
Add a test for NatController. Bug: 9580643 Change-Id: I6ac3b754ec0b720674c6221e3a776314e86fe58c
/system/netd/server/NatController.h
|
e8164ddc8204b626c1144a0a504754bf6622c6fd |
|
02-Oct-2014 |
Lorenzo Colitti <lorenzo@google.com> |
Fix MSS clamping. http://ag/553410 added an iptables chain and rule to do MSS clamping for tethered clients, but did not add the chain to any other chains, so the rule had no effect. Fix this by adding the chain to the proper forwarding chains. Also rename some of the new variables and constants so they are more consistent with the previous code. Bug: 17552732 Bug: 17727533 Change-Id: I9fcae31de5c0283d7d9f1dac989de84f77c5e53c
/system/netd/server/NatController.h
|
87475a1471373b72ffc9f81f17dfd7884723fa86 |
|
16-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Fix WiFi-Direct and Tethering. A LocalNetwork object now always exists in the NetworkController, with a fixed NetId that's guaranteed not to collide with NetIds created by the framework. When routes are added on an interface tracked by the LocalNetwork, they are added to a fixed "local_network" table. When NAT is enabled, we add a special "iif -> oif" tethering rule. Bug: 15413694 Bug: 15413741 Change-Id: I36effc438d5ac193a77174493bf196cb68a5b97a
/system/netd/server/NatController.h
|
6a773534e7f8541f221f27fb8063af079b1a5936 |
|
11-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Fix tethering in the case of a regular upstream connection. Fixes tethering via Ethernet, Bluetooth and WiFi (hotspot). Tethering when the upstream has a DUN-specific APN is likely still broken (untested). For now, assign a fixed NetId (a hack) until we can change the framework to create a valid NetworkAgent and all that jazz. Bug: 15968336 Bug: 14988803 Change-Id: Idcf4d492d9329a9c87913e27be6dd835a792bea2
/system/netd/server/NatController.h
|
69261cb65186e27dfbdc1e3eec796437f9968ff9 |
|
20-Jun-2014 |
JP Abgrall <jpa@google.com> |
server: check interface names in RPC arguments for validity This patch introduces a method isIfaceName that checks interface names from various RPCs for validity before e.g. using them as part of iptables arguments or in filenames. All of these RPC calls can only be called from applications with at least the CONNECTIVITY_INTERNAL permission in recent Android versions, so the impact of the missing checks luckily isn't very high. Orig-Author: Jann Horn <jann@thejh.net> Change-Id: I80df8d745a3de99ad02d6649f0d10562c81f6b98 Signed-off-by: JP Abgrall <jpa@google.com>
/system/netd/server/NatController.h
|
f4cfad361175a7f9ccf4d41e76a9b289c3c3da22 |
|
21-May-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Move netd_client into netd. Change-Id: Ie4b6b303225c93f2448a503d6ea9cebb552cbad5
/system/netd/server/NatController.h
|