Android Routing/Rules/Iptables

[Yoad Fekete]

Hey Guys!

I am running a modified lollipop AOSP with a 3.4.0-g9fd3879. kernel version.

i'm having a trouble to figure out some of the routing/masking mechanism on the device.

for instance, see this please:

This new INPUT rule (exists by default) is something i haven't seen in 4.4 and it is not used in the rules section, and also - the mark set is incremented on every connectivity change.

see the rules table as well:

please note these rules in priority 13000, 14000, 19000 & 22000

they all point out to routing table number 234, which is empty. also. please note the mark 0x30069 is not used here (unless there's something i'm missing in the mask that actually catches this rule).

The reason i am asking - is because i have a vpn daemon running. i've created rule number 9 with 0x64 fwmark in order to exclude some of apps (route them our through rmnet0).

when the device loads for the first time, the *INPUT* rule is set to 0x30064, and my fwmark is set to 0x64.

it seems like that the device treats those values as same, as the routing mechanism routes all of my application through rmnet0 until i do a connectivity change, and then this 0x30064 increments and everything work as needed.

but i don't see any rule in the OUTPUT section with this 30064, only in INPUT... which is strange.

if somebody here has a clue, or can direct me to the relevant contact i will appreciate it very much!