Nat-related commands refine

We need this to ensure that the tethering IPCs don't need to grab the
lock in two different controllers

The idea is that always having a global_alert rule in bw_global_alert
chain.
TetherController will enable/disable the reference of bw_global_alert
chain.

[childchain order of filter FORWARD chain]
Chain FORWARD
   nm_mdmprxy_iface_pkt_fwder
   oem_fwd
   fw_FORWARD
   bw_FORWARD
   tetherctrl_FORWARD

--Simple rule comparison--
[Before]
Chain bw_FORWARD
    Alert rule
    ... other rules
Chain tetherctrl_FORWARD
    ... other rules
[After]
Chain bw_FORWARD
    No Alert rule
    ... other rules
Chain tetherctrl_FORWARD
    Jump to bw_global_alert
    ... other rules
Chain bw_global_alert
   Alert rule

The exact rule comparison is shown in the bug.

Bug:119735985
Test: built, flashed, booted
      system/netd/tests/runtests.sh passes

Change-Id: Ibf752d0c8de9170689fc74c89c0424d2642853ec

1 files changed, 119 insertions, 115 deletions

diff --git a/server/ControllersTest.cpp b/server/ControllersTest.cpp
index 0c565948..cc8b1aaa 100644
--- a/server/ControllersTest.cpp
+++ b/server/ControllersTest.cpp
@@ -70,121 +70,125 @@ TEST_F(ControllersTest, TestFindExistingChildChains) {
 TEST_F(ControllersTest, TestInitIptablesRules) {
     // Test what happens when we boot and there are no rules.
     ExpectedIptablesCommands expected = {
-        { V4V6, "*filter\n"
-                ":INPUT -\n"
-                "-F INPUT\n"
-                ":bw_INPUT -\n"
-                "-A INPUT -j bw_INPUT\n"
-                ":fw_INPUT -\n"
-                "-A INPUT -j fw_INPUT\n"
-                "COMMIT\n"
-        },
-        { V4V6, "*filter\n"
-                ":FORWARD -\n"
-                "-F FORWARD\n"
-                ":oem_fwd -\n"
-                "-A FORWARD -j oem_fwd\n"
-                ":fw_FORWARD -\n"
-                "-A FORWARD -j fw_FORWARD\n"
-                ":bw_FORWARD -\n"
-                "-A FORWARD -j bw_FORWARD\n"
-                ":tetherctrl_FORWARD -\n"
-                "-A FORWARD -j tetherctrl_FORWARD\n"
-                "COMMIT\n"
-        },
-        { V4V6, "*raw\n"
-                ":PREROUTING -\n"
-                "-F PREROUTING\n"
-                ":bw_raw_PREROUTING -\n"
-                "-A PREROUTING -j bw_raw_PREROUTING\n"
-                ":idletimer_raw_PREROUTING -\n"
-                "-A PREROUTING -j idletimer_raw_PREROUTING\n"
-                ":tetherctrl_raw_PREROUTING -\n"
-                "-A PREROUTING -j tetherctrl_raw_PREROUTING\n"
-                "COMMIT\n"
-        },
-        { V4V6, "*mangle\n"
-                ":FORWARD -\n"
-                "-F FORWARD\n"
-                ":tetherctrl_mangle_FORWARD -\n"
-                "-A FORWARD -j tetherctrl_mangle_FORWARD\n"
-                "COMMIT\n"
-        },
-        { V4V6, "*mangle\n"
-                ":INPUT -\n"
-                "-F INPUT\n"
-                ":wakeupctrl_mangle_INPUT -\n"
-                "-A INPUT -j wakeupctrl_mangle_INPUT\n"
-                ":routectrl_mangle_INPUT -\n"
-                "-A INPUT -j routectrl_mangle_INPUT\n"
-                "COMMIT\n"
-        },
-        { V4,   "*nat\n"
-                ":PREROUTING -\n"
-                "-F PREROUTING\n"
-                ":oem_nat_pre -\n"
-                "-A PREROUTING -j oem_nat_pre\n"
-                "COMMIT\n"
-        },
-        { V4,   "*nat\n"
-                ":POSTROUTING -\n"
-                "-F POSTROUTING\n"
-                ":tetherctrl_nat_POSTROUTING -\n"
-                "-A POSTROUTING -j tetherctrl_nat_POSTROUTING\n"
-                "COMMIT\n"
-        },
-        { V4, "*filter\n"
-              "-S OUTPUT\n"
-              "COMMIT\n" },
-        { V4, "*filter\n"
-              ":oem_out -\n"
-              "-A OUTPUT -j oem_out\n"
-              ":fw_OUTPUT -\n"
-              "-A OUTPUT -j fw_OUTPUT\n"
-              ":st_OUTPUT -\n"
-              "-A OUTPUT -j st_OUTPUT\n"
-              ":bw_OUTPUT -\n"
-              "-A OUTPUT -j bw_OUTPUT\n"
-              "COMMIT\n"
-        },
-        { V6, "*filter\n"
-              "-S OUTPUT\n"
-              "COMMIT\n" },
-        { V6, "*filter\n"
-              ":oem_out -\n"
-              "-A OUTPUT -j oem_out\n"
-              ":fw_OUTPUT -\n"
-              "-A OUTPUT -j fw_OUTPUT\n"
-              ":st_OUTPUT -\n"
-              "-A OUTPUT -j st_OUTPUT\n"
-              ":bw_OUTPUT -\n"
-              "-A OUTPUT -j bw_OUTPUT\n"
-              "COMMIT\n"
-        },
-        { V4, "*mangle\n"
-              "-S POSTROUTING\n"
-              "COMMIT\n" },
-        { V4, "*mangle\n"
-              ":oem_mangle_post -\n"
-              "-A POSTROUTING -j oem_mangle_post\n"
-              ":bw_mangle_POSTROUTING -\n"
-              "-A POSTROUTING -j bw_mangle_POSTROUTING\n"
-              ":idletimer_mangle_POSTROUTING -\n"
-              "-A POSTROUTING -j idletimer_mangle_POSTROUTING\n"
-              "COMMIT\n"
-        },
-        { V6, "*mangle\n"
-              "-S POSTROUTING\n"
-              "COMMIT\n" },
-        { V6, "*mangle\n"
-              ":oem_mangle_post -\n"
-              "-A POSTROUTING -j oem_mangle_post\n"
-              ":bw_mangle_POSTROUTING -\n"
-              "-A POSTROUTING -j bw_mangle_POSTROUTING\n"
-              ":idletimer_mangle_POSTROUTING -\n"
-              "-A POSTROUTING -j idletimer_mangle_POSTROUTING\n"
-              "COMMIT\n"
-        },
+            {V4V6,
+             "*filter\n"
+             ":INPUT -\n"
+             "-F INPUT\n"
+             ":bw_INPUT -\n"
+             "-A INPUT -j bw_INPUT\n"
+             ":fw_INPUT -\n"
+             "-A INPUT -j fw_INPUT\n"
+             "COMMIT\n"},
+            {V4V6,
+             "*filter\n"
+             ":FORWARD -\n"
+             "-F FORWARD\n"
+             ":oem_fwd -\n"
+             "-A FORWARD -j oem_fwd\n"
+             ":fw_FORWARD -\n"
+             "-A FORWARD -j fw_FORWARD\n"
+             ":bw_FORWARD -\n"
+             "-A FORWARD -j bw_FORWARD\n"
+             ":tetherctrl_FORWARD -\n"
+             "-A FORWARD -j tetherctrl_FORWARD\n"
+             "COMMIT\n"},
+            {V4V6,
+             "*raw\n"
+             ":PREROUTING -\n"
+             "-F PREROUTING\n"
+             ":bw_raw_PREROUTING -\n"
+             "-A PREROUTING -j bw_raw_PREROUTING\n"
+             ":idletimer_raw_PREROUTING -\n"
+             "-A PREROUTING -j idletimer_raw_PREROUTING\n"
+             ":tetherctrl_raw_PREROUTING -\n"
+             "-A PREROUTING -j tetherctrl_raw_PREROUTING\n"
+             "COMMIT\n"},
+            {V4V6,
+             "*mangle\n"
+             ":FORWARD -\n"
+             "-F FORWARD\n"
+             ":tetherctrl_mangle_FORWARD -\n"
+             "-A FORWARD -j tetherctrl_mangle_FORWARD\n"
+             "COMMIT\n"},
+            {V4V6,
+             "*mangle\n"
+             ":INPUT -\n"
+             "-F INPUT\n"
+             ":wakeupctrl_mangle_INPUT -\n"
+             "-A INPUT -j wakeupctrl_mangle_INPUT\n"
+             ":routectrl_mangle_INPUT -\n"
+             "-A INPUT -j routectrl_mangle_INPUT\n"
+             "COMMIT\n"},
+            {V4,
+             "*nat\n"
+             ":PREROUTING -\n"
+             "-F PREROUTING\n"
+             ":oem_nat_pre -\n"
+             "-A PREROUTING -j oem_nat_pre\n"
+             "COMMIT\n"},
+            {V4,
+             "*nat\n"
+             ":POSTROUTING -\n"
+             "-F POSTROUTING\n"
+             ":tetherctrl_nat_POSTROUTING -\n"
+             "-A POSTROUTING -j tetherctrl_nat_POSTROUTING\n"
+             "COMMIT\n"},
+            {V4,
+             "*filter\n"
+             "-S OUTPUT\n"
+             "COMMIT\n"},
+            {V4,
+             "*filter\n"
+             ":oem_out -\n"
+             "-A OUTPUT -j oem_out\n"
+             ":fw_OUTPUT -\n"
+             "-A OUTPUT -j fw_OUTPUT\n"
+             ":st_OUTPUT -\n"
+             "-A OUTPUT -j st_OUTPUT\n"
+             ":bw_OUTPUT -\n"
+             "-A OUTPUT -j bw_OUTPUT\n"
+             "COMMIT\n"},
+            {V6,
+             "*filter\n"
+             "-S OUTPUT\n"
+             "COMMIT\n"},
+            {V6,
+             "*filter\n"
+             ":oem_out -\n"
+             "-A OUTPUT -j oem_out\n"
+             ":fw_OUTPUT -\n"
+             "-A OUTPUT -j fw_OUTPUT\n"
+             ":st_OUTPUT -\n"
+             "-A OUTPUT -j st_OUTPUT\n"
+             ":bw_OUTPUT -\n"
+             "-A OUTPUT -j bw_OUTPUT\n"
+             "COMMIT\n"},
+            {V4,
+             "*mangle\n"
+             "-S POSTROUTING\n"
+             "COMMIT\n"},
+            {V4,
+             "*mangle\n"
+             ":oem_mangle_post -\n"
+             "-A POSTROUTING -j oem_mangle_post\n"
+             ":bw_mangle_POSTROUTING -\n"
+             "-A POSTROUTING -j bw_mangle_POSTROUTING\n"
+             ":idletimer_mangle_POSTROUTING -\n"
+             "-A POSTROUTING -j idletimer_mangle_POSTROUTING\n"
+             "COMMIT\n"},
+            {V6,
+             "*mangle\n"
+             "-S POSTROUTING\n"
+             "COMMIT\n"},
+            {V6,
+             "*mangle\n"
+             ":oem_mangle_post -\n"
+             "-A POSTROUTING -j oem_mangle_post\n"
+             ":bw_mangle_POSTROUTING -\n"
+             "-A POSTROUTING -j bw_mangle_POSTROUTING\n"
+             ":idletimer_mangle_POSTROUTING -\n"
+             "-A POSTROUTING -j idletimer_mangle_POSTROUTING\n"
+             "COMMIT\n"},
     };
 
     // Check that we run these commands and these only.