1 files changed, 8 insertions, 5 deletions

diff --git a/server/RouteController.cpp b/server/RouteController.cpp
index aba1458e..85ab43a5 100644
--- a/server/RouteController.cpp
+++ b/server/RouteController.cpp
@@ -29,22 +29,27 @@
 
 #include "DummyNetwork.h"
 #include "Fwmark.h"
+#include "NetdConstants.h"
 #include "NetlinkCommands.h"
 #include "UidRanges.h"
 
 #include "android-base/file.h"
+#include <android-base/stringprintf.h>
 #define LOG_TAG "Netd"
 #include "log/log.h"
 #include "logwrap/logwrap.h"
 #include "netutils/ifc.h"
 #include "resolv_netid.h"
 
+using android::base::StringPrintf;
 using android::base::WriteStringToFile;
 using android::net::UidRange;
 
 namespace android {
 namespace net {
 
+auto RouteController::iptablesRestoreCommandFunction = execIptablesRestoreCommand;
+
 // BEGIN CONSTANTS --------------------------------------------------------------------------------
 
 const uint32_t RULE_PRIORITY_VPN_OVERRIDE_SYSTEM = 10000;
@@ -437,11 +442,9 @@ WARN_UNUSED_RESULT int modifyIncomingPacketMark(unsigned netId, const char* inte
     fwmark.protectedFromVpn = true;
     fwmark.permission = permission;
 
-    char markString[UINT32_HEX_STRLEN];
-    snprintf(markString, sizeof(markString), "0x%x", fwmark.intValue);
-
-    if (execIptables(V4V6, "-t", "mangle", add ? "-A" : "-D", "INPUT", "-i", interface, "-j",
-                     "MARK", "--set-mark", markString, NULL)) {
+    std::string cmd = StringPrintf("%s INPUT -i %s -j MARK --set-mark 0x%x",
+                                   add ? "-A" : "-D", interface, fwmark.intValue);
+    if (RouteController::iptablesRestoreCommandFunction(V4V6, "mangle", cmd, nullptr) != 0) {
         ALOGE("failed to change iptables rule that sets incoming packet mark");
         return -EREMOTEIO;
     }