diff options
| author | Lorenzo Colitti <lorenzo@google.com> | 2017-08-11 01:20:04 +0900 |
|---|---|---|
| committer | Lorenzo Colitti <lorenzo@google.com> | 2017-08-19 11:15:46 +0900 |
| commit | eb7eb3ecea2e06e84fa9528b68d0a618b16b1ad9 (patch) | |
| tree | 142640a823efa3959de54efe88ad8661028ea641 /server/IptablesBaseTest.cpp | |
| parent | bb07f00b6af7fe8f5935ee3e1fdced4ef77fae68 (diff) | |
| download | netd-eb7eb3ecea2e06e84fa9528b68d0a618b16b1ad9.tar.gz | |
Convert NatController to iptables-restore.
This conversion is a bit more involved than previous ones, mostly
due to all the error unwinding.
For the sake of readability, this change limits itself to
converting mostly maintaining their order, with the exception
that it puts the rpfilter rule before all the LOCAL_FORWARD rules
to simplify error handling.
It also groups commands together as much as possible to simplify
error handling: because a set of iptables commands between
"*<table>" and "COMMIT" will either all succeed or all fail,
grouping commands together limits the number of required
error handling paths.
Bug: 28362720
Test: bullhead builds,boots
Test: netd_{unit,integration}_test pass
Change-Id: Idc0ef937583574ceb5b7a8b12ecbaf4c00a49f6d
Diffstat (limited to 'server/IptablesBaseTest.cpp')
| -rw-r--r-- | server/IptablesBaseTest.cpp | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/server/IptablesBaseTest.cpp b/server/IptablesBaseTest.cpp index b5fd9a01..57071b06 100644 --- a/server/IptablesBaseTest.cpp +++ b/server/IptablesBaseTest.cpp @@ -141,7 +141,7 @@ int IptablesBaseTest::expectIptablesCommand(IptablesTarget target, int pos, void IptablesBaseTest::expectIptablesCommands(const std::vector<std::string>& expectedCmds) { ExpectedIptablesCommands expected; - for (auto cmd : expectedCmds) { + for (const auto& cmd : expectedCmds) { expected.push_back({ V4V6, cmd }); } expectIptablesCommands(expected); @@ -150,8 +150,8 @@ void IptablesBaseTest::expectIptablesCommands(const std::vector<std::string>& ex void IptablesBaseTest::expectIptablesCommands(const ExpectedIptablesCommands& expectedCmds) { size_t pos = 0; for (size_t i = 0; i < expectedCmds.size(); i ++) { - auto target = expectedCmds[i].first; - auto cmd = expectedCmds[i].second; + const auto& target = expectedCmds[i].first; + const auto& cmd = expectedCmds[i].second; int numConsumed = expectIptablesCommand(target, pos, cmd); if (numConsumed < 0) { // Read past the end of the array. @@ -175,7 +175,7 @@ void IptablesBaseTest::expectIptablesCommands( void IptablesBaseTest::expectIptablesRestoreCommands(const std::vector<std::string>& expectedCmds) { ExpectedIptablesCommands expected; - for (auto cmd : expectedCmds) { + for (const auto& cmd : expectedCmds) { expected.push_back({ V4V6, cmd }); } expectIptablesRestoreCommands(expected); |