HACK: set up iptables rules after setting up tap device
BUG=chromium:703920
TEST=start vm and see that iptables mangle rule has been added
Change-Id: Idd832396c9a420c273820bb980e8da9cca53cd82
Reviewed-on: https://chromium-review.googlesource.com/482704
Commit-Ready: Stephen Barber <smbarber@chromium.org>
Tested-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Chirantan Ekbote <chirantan@chromium.org>
diff --git a/virtio/net.c b/virtio/net.c
index 6d1be65..e6ee6ac 100644
--- a/virtio/net.c
+++ b/virtio/net.c
@@ -323,6 +323,7 @@
bool skipconf = !!params->tapif;
bool macvtap = skipconf && (params->tapif[0] == '/');
const char *tap_file = "/dev/net/tun";
+ char iptables_buf[1024];
/* Did the user already gave us the FD? */
if (params->fd) {
@@ -372,6 +373,15 @@
}
}
+ snprintf(iptables_buf, sizeof(iptables_buf),
+ "iptables -t mangle -A PREROUTING -i %s -j MARK --set-xmark 0x1/0xffffffff",
+ ndev->tap_name);
+
+ if (system(iptables_buf)) {
+ pr_warning("Failed to set iptables rule");
+ goto fail;
+ }
+
if (!skipconf) {
memset(&ifr, 0, sizeof(ifr));
strncpy(ifr.ifr_name, ndev->tap_name, sizeof(ndev->tap_name));
@@ -893,6 +903,7 @@
struct virtio_net_params *params;
struct net_dev *ndev;
struct list_head *ptr;
+ char iptables_buf[1024];
list_for_each(ptr, &ndevs) {
ndev = list_entry(ptr, struct net_dev, list);
@@ -901,6 +912,14 @@
if (ndev->mode == NET_MODE_TAP &&
strcmp(params->downscript, "none"))
virtio_net_exec_script(params->downscript, ndev->tap_name);
+ else if (ndev->mode == NET_MODE_TAP) {
+ snprintf(iptables_buf, sizeof(iptables_buf),
+ "iptables -t mangle -D PREROUTING -i %s -j MARK --set-xmark 0x1/0xffffffff",
+ ndev->tap_name);
+
+ if (system(iptables_buf))
+ pr_warning("Failed to unset iptables rule");
+ }
}
return 0;
}
