Gitiles
Code Review Sign In
gerrit.openfyde.cn / chromium.googlesource.com / chromiumos / platform2 / d82d883e8d09bee5cfabde48abb6fc9572a8d48c^! / . / patchpanel / datapath.h
commitd82d883e8d09bee5cfabde48abb6fc9572a8d48c[log] [tgz]
authorHugo Benichi <hugobenichi@google.com>Fri Aug 14 10:05:03 2020 +0900
committerCommit Bot <commit-bot@chromium.org>Thu Sep 10 03:57:47 2020 +0000
treebf803aa8e3fe048e96636d490726879404b59609
parent8d622b5e1b5254a4ef7a4ee5c35828bcd2ca2f17 [diff] [blame]
patchpanel: datapath: Add generic IP forwarding functions

This patch adds a unique ModifyIpForwarding function and base all
FORWARD ACCEPT rule commands of ot it. There is no functional change in
this patch.

BUG=b:161507671
BUG=b:161508179
TEST=Unit tests.

Change-Id: I9dcadb601524cf8e582a937eb83bc84774453476
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform2/+/2359936
Tested-by: Hugo Benichi <hugobenichi@google.com>
Commit-Queue: Hugo Benichi <hugobenichi@google.com>
Reviewed-by: Taoyu Li <taoyl@chromium.org>

diff --git a/patchpanel/datapath.h b/patchpanel/datapath.h
index 72afb25..03b13b6 100644
--- a/patchpanel/datapath.h
+++ b/patchpanel/datapath.h

@@ -20,6 +20,14 @@
 
 namespace patchpanel {
 
+// Simple enum of bitmasks used for specifying a set of IP family values.
+enum IpFamily {
+  NONE = 0,
+  IPv4 = 1 << 0,
+  IPv6 = 1 << 1,
+  Dual = IPv4 | IPv6,  //(1 << 0) | (1 << 1);
+};
+
 // cros lint will yell to force using int16/int64 instead of long here, however
 // note that unsigned long IS the correct signature for ioctl in Linux kernel -
 // it's 32 bits on 32-bit platform and 64 bits on 64-bit one.
@@ -162,6 +170,20 @@
                                   uint16_t on,
                                   uint16_t off = 0);
 
+  // Starts or stops accepting IP traffic forwarded between |iif| and |oif|
+  // by adding or removing ACCEPT rules in the filter FORWARD chain of iptables
+  // and/or ip6tables. If |iif| is empty, only specifies |oif| as the output
+  // interface.  If |iif| is empty, only specifies |iif| as the input interface.
+  // |oif| and |iif| cannot be both empty.
+  virtual bool StartIpForwarding(IpFamily family,
+                                 const std::string& iif,
+                                 const std::string& oif);
+  virtual bool StopIpForwarding(IpFamily family,
+                                const std::string& iif,
+                                const std::string& oif);
+
+  // Convenience functions for enabling or disabling IPv6 forwarding in both
+  // directions between a pair of interfaces
   virtual bool AddIPv6Forwarding(const std::string& ifname1,
                                  const std::string& ifname2);
   virtual void RemoveIPv6Forwarding(const std::string& ifname1,
@@ -207,6 +229,12 @@
   MinijailedProcessRunner& runner() const;
 
  private:
+  bool ModifyIpForwarding(IpFamily family,
+                          const std::string& op,
+                          const std::string& iif,
+                          const std::string& oif,
+                          bool log_failures = true);
+
   MinijailedProcessRunner* process_runner_;
   Firewall* firewall_;
   ioctl_t ioctl_;