#!/bin/sh -
-distrosysconfdir="@LXC_DISTRO_SYSCONF@"
-varrun="@RUNTIME_PATH@/lxc"
-varlib="@LOCALSTATEDIR@/lib"
-
-# These can be overridden in @LXC_DISTRO_SYSCONF@/lxc
-# or in @LXC_DISTRO_SYSCONF@/lxc-net
+varrun="/run/anbox-lxc"
+varlib="/var/lib"
USE_LXC_BRIDGE="true"
-LXC_BRIDGE="lxcbr0"
-LXC_BRIDGE_MAC="00:16:3e:00:00:00"
-LXC_ADDR="10.0.3.1"
+LXC_BRIDGE="anbox0"
+LXC_BRIDGE_MAC="00:16:3e:00:00:01"
+LXC_ADDR="192.168.250.1"
LXC_NETMASK="255.255.255.0"
-LXC_NETWORK="10.0.3.0/24"
-LXC_DHCP_RANGE="10.0.3.2,10.0.3.254"
+LXC_NETWORK="192.168.250.0/24"
+LXC_DHCP_RANGE="192.168.250.2,192.168.250.254"
LXC_DHCP_MAX="253"
LXC_DHCP_CONFILE=""
LXC_DHCP_PING="true"
LXC_IPV6_NETWORK=""
LXC_IPV6_NAT="false"
-[ ! -f $distrosysconfdir/lxc ] || . $distrosysconfdir/lxc
+IPTABLES_BIN="$(which iptables-legacy)"
+if [ ! -n "$IPTABLES_BIN" ]; then
+ IPTABLES_BIN="$(which iptables)"
+fi
+IP6TABLES_BIN="$(which ip6tables-legacy)"
+if [ ! -n "$IP6TABLES_BIN" ]; then
+ IP6TABLES_BIN="$(which ip6tables)"
+fi
use_nft() {
[ -n "$NFT" ] && nft list ruleset > /dev/null 2>&1 && [ "$LXC_USE_NFT" = "true" ]
NFT="$(which nft)"
if ! use_nft; then
use_iptables_lock="-w"
- iptables -w -L -n > /dev/null 2>&1 || use_iptables_lock=""
+ $IPTABLES_BIN -w -L -n > /dev/null 2>&1 || use_iptables_lock=""
fi
_netmask2cidr ()
start_iptables() {
start_ipv6
if [ -n "$LXC_IPV6_ARG" ] && [ "$LXC_IPV6_NAT" = "true" ]; then
- ip6tables $use_iptables_lock -t nat -A POSTROUTING -s ${LXC_IPV6_NETWORK} ! -d ${LXC_IPV6_NETWORK} -j MASQUERADE
+ $IP6TABLES_BIN $use_iptables_lock -t nat -A POSTROUTING -s ${LXC_IPV6_NETWORK} ! -d ${LXC_IPV6_NETWORK} -j MASQUERADE
fi
- iptables $use_iptables_lock -I INPUT -i ${LXC_BRIDGE} -p udp --dport 67 -j ACCEPT
- iptables $use_iptables_lock -I INPUT -i ${LXC_BRIDGE} -p tcp --dport 67 -j ACCEPT
- iptables $use_iptables_lock -I INPUT -i ${LXC_BRIDGE} -p udp --dport 53 -j ACCEPT
- iptables $use_iptables_lock -I INPUT -i ${LXC_BRIDGE} -p tcp --dport 53 -j ACCEPT
- iptables $use_iptables_lock -I FORWARD -i ${LXC_BRIDGE} -j ACCEPT
- iptables $use_iptables_lock -I FORWARD -o ${LXC_BRIDGE} -j ACCEPT
- iptables $use_iptables_lock -t nat -A POSTROUTING -s ${LXC_NETWORK} ! -d ${LXC_NETWORK} -j MASQUERADE
- iptables $use_iptables_lock -t mangle -A POSTROUTING -o ${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
+ $IPTABLES_BIN $use_iptables_lock -I INPUT -i ${LXC_BRIDGE} -p udp --dport 67 -j ACCEPT
+ $IPTABLES_BIN $use_iptables_lock -I INPUT -i ${LXC_BRIDGE} -p tcp --dport 67 -j ACCEPT
+ $IPTABLES_BIN $use_iptables_lock -I INPUT -i ${LXC_BRIDGE} -p udp --dport 53 -j ACCEPT
+ $IPTABLES_BIN $use_iptables_lock -I INPUT -i ${LXC_BRIDGE} -p tcp --dport 53 -j ACCEPT
+ $IPTABLES_BIN $use_iptables_lock -I FORWARD -i ${LXC_BRIDGE} -j ACCEPT
+ $IPTABLES_BIN $use_iptables_lock -I FORWARD -o ${LXC_BRIDGE} -j ACCEPT
+ $IPTABLES_BIN $use_iptables_lock -t nat -A POSTROUTING -s ${LXC_NETWORK} ! -d ${LXC_NETWORK} -j MASQUERADE
+ $IPTABLES_BIN $use_iptables_lock -t mangle -A POSTROUTING -o ${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
}
start_nftables() {
start() {
[ "x$USE_LXC_BRIDGE" = "xtrue" ] || { exit 0; }
- [ ! -f "${varrun}/network_up" ] || { echo "lxc-net is already running"; exit 1; }
+ [ ! -f "${varrun}/network_up" ] || { echo "anbox-net is already running"; exit 1; }
if [ -d /sys/class/net/${LXC_BRIDGE} ]; then
stop force || true
cleanup() {
set +e
if [ "$FAILED" = "1" ]; then
- echo "Failed to setup lxc-net." >&2
+ echo "Failed to setup anbox-net." >&2
stop force
exit 1
fi
}
stop_iptables() {
- iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p udp --dport 67 -j ACCEPT
- iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p tcp --dport 67 -j ACCEPT
- iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p udp --dport 53 -j ACCEPT
- iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p tcp --dport 53 -j ACCEPT
- iptables $use_iptables_lock -D FORWARD -i ${LXC_BRIDGE} -j ACCEPT
- iptables $use_iptables_lock -D FORWARD -o ${LXC_BRIDGE} -j ACCEPT
- iptables $use_iptables_lock -t nat -D POSTROUTING -s ${LXC_NETWORK} ! -d ${LXC_NETWORK} -j MASQUERADE
- iptables $use_iptables_lock -t mangle -D POSTROUTING -o ${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
+ $IPTABLES_BIN $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p udp --dport 67 -j ACCEPT
+ $IPTABLES_BIN $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p tcp --dport 67 -j ACCEPT
+ $IPTABLES_BIN $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p udp --dport 53 -j ACCEPT
+ $IPTABLES_BIN $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p tcp --dport 53 -j ACCEPT
+ $IPTABLES_BIN $use_iptables_lock -D FORWARD -i ${LXC_BRIDGE} -j ACCEPT
+ $IPTABLES_BIN $use_iptables_lock -D FORWARD -o ${LXC_BRIDGE} -j ACCEPT
+ $IPTABLES_BIN $use_iptables_lock -t nat -D POSTROUTING -s ${LXC_NETWORK} ! -d ${LXC_NETWORK} -j MASQUERADE
+ $IPTABLES_BIN $use_iptables_lock -t mangle -D POSTROUTING -o ${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
if [ "$LXC_IPV6_NAT" = "true" ]; then
- ip6tables $use_iptables_lock -t nat -D POSTROUTING -s ${LXC_IPV6_NETWORK} ! -d ${LXC_IPV6_NETWORK} -j MASQUERADE
+ $IP6TABLES_BIN $use_iptables_lock -t nat -D POSTROUTING -s ${LXC_IPV6_NETWORK} ! -d ${LXC_IPV6_NETWORK} -j MASQUERADE
fi
}
stop() {
[ "x$USE_LXC_BRIDGE" = "xtrue" ] || { exit 0; }
- [ -f "${varrun}/network_up" ] || [ "$1" = "force" ] || { echo "lxc-net isn't running"; exit 1; }
+ [ -f "${varrun}/network_up" ] || [ "$1" = "force" ] || { echo "anbox-net isn't running"; exit 1; }
if [ -d /sys/class/net/${LXC_BRIDGE} ]; then
_ifdown
projects / waydroid.git / blobdiff