From db344d353df64c2f7ebdb2ec8d8b236e827fc43b Mon Sep 17 00:00:00 2001
From: Erik Kline <ek@google.com>
Date: Sun, 22 Oct 2017 21:24:58 +0900
Subject: Set nf_conntrack_tcp_be_liberal only when tethering is enabled

Test: as follows
    - built
    - flashed
    - booted
    - manually tested with tethering enabled
      - verified nf_conntrack_tcp_be_liberal == 0 when not tethering
      - verified nf_conntrack_tcp_be_liberal == 1 when tethering
Bug: 67760792
Merged-In: Ib1000c71275e6c7811e4b8005413d447dd1479c4
Merged-In: I8508f7b9556d87568cac676b04d7577df1ae2d5f
Change-Id: I336439ba0760346c7c038d36d0ebdc8dc4f698f5
(cherry picked from commit 93f9b22d3675e3883ba37543663c87eb953b1025)
(cherry picked from commit 138881fdf824d245d56a802c57da25f6f4cdaec4)
---
 server/TetherController.cpp | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/server/TetherController.cpp b/server/TetherController.cpp
index 1785ec71..43a20486 100644
--- a/server/TetherController.cpp
+++ b/server/TetherController.cpp
@@ -45,6 +45,7 @@ const char BP_TOOLS_MODE[] = "bp-tools";
 const char IPV4_FORWARDING_PROC_FILE[] = "/proc/sys/net/ipv4/ip_forward";
 const char IPV6_FORWARDING_PROC_FILE[] = "/proc/sys/net/ipv6/conf/all/forwarding";
 const char SEPARATOR[] = "|";
+constexpr const char kTcpBeLiberal[] = "/proc/sys/net/netfilter/nf_conntrack_tcp_be_liberal";
 
 bool writeToFile(const char* filename, const char* value) {
     int fd = open(filename, O_WRONLY | O_CLOEXEC);
@@ -63,6 +64,11 @@ bool writeToFile(const char* filename, const char* value) {
     return true;
 }
 
+// TODO: Consider altering TCP and UDP timeouts as well.
+void configureForTethering(bool enabled) {
+    writeToFile(kTcpBeLiberal, enabled ? "1" : "0");
+}
+
 bool configureForIPv6Router(const char *interface) {
     return (InterfaceController::setEnableIPv6(interface, 0) == 0)
             && (InterfaceController::setAcceptIPv6Ra(interface, 0) == 0)
@@ -211,6 +217,7 @@ int TetherController::startTethering(int num_addrs, char **dhcp_ranges) {
         close(pipefd[0]);
         mDaemonPid = pid;
         mDaemonFd = pipefd[1];
+        configureForTethering(true);
         applyDnsInterfaces();
         ALOGD("Tethering services running");
     }
@@ -219,6 +226,7 @@ int TetherController::startTethering(int num_addrs, char **dhcp_ranges) {
 }
 
 int TetherController::stopTethering() {
+    configureForTethering(false);
 
     if (mDaemonPid == 0) {
         ALOGE("Tethering already stopped");
-- 
cgit v1.2.3