patchpanel: add iface based forwarding for guest traffic
This patch adds FORWARD ACCEPT rules based on iif and oif interface
names for ARC++ like downstream guests (multinetwork) and Crosvm like
downstream guests (single network tracking). ConnectedNamespaces will be
migrated in a follow-up patch.
Note that these new rules are effectively not doing anything until the
current FORWARD -m match --mark 1/1 -j ACCEPT rule is maintained in the
system. Before relying on these new FORWARD rules, fwmark based routing
should be implemented first.
BUG=b:161507671
BUG=b:161508179
TEST=Unit tests. Flased rammus, checked ARC++ connectivity.
Change-Id: Iaafb5b6060d40fe7f08d223286dd4fa11eb3b273
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform2/+/2359937
Tested-by: Hugo Benichi <hugobenichi@google.com>
Commit-Queue: Hugo Benichi <hugobenichi@google.com>
Reviewed-by: Abhishek Kumar <kuabhs@chromium.org>
Reviewed-by: Taoyu Li <taoyl@chromium.org>
diff --git a/patchpanel/crostini_service.cc b/patchpanel/crostini_service.cc
index 56a0744..d628677 100644
--- a/patchpanel/crostini_service.cc
+++ b/patchpanel/crostini_service.cc
@@ -88,6 +88,9 @@
LOG(INFO) << "Crostini network service started for {id: " << vm_id << "}";
StartForwarding(shill_client_->default_interface(), tap->host_ifname());
+ auto source = is_termina ? TrafficSource::CROSVM : TrafficSource::PLUGINVM;
+ datapath_->StartRoutingDevice("", tap->host_ifname(),
+ tap->config().host_ipv4_addr(), source);
if (adb_sideloading_enabled_)
StartAdbPortForwarding(tap->phys_ifname());
@@ -105,6 +108,9 @@
}
const auto& ifname = it->second->host_ifname();
+ auto source = is_termina ? TrafficSource::CROSVM : TrafficSource::PLUGINVM;
+ datapath_->StopRoutingDevice("", ifname,
+ it->second->config().host_ipv4_addr(), source);
StopForwarding(shill_client_->default_interface(), ifname);
if (adb_sideloading_enabled_)
StopAdbPortForwarding(ifname);