Move createChildChains to iptables-restore.
This reduces netd startup time by about 2x.
Before:
02-02 14:01:20.075 485 485 I Netd : Creating child chains: 2983.5ms
02-02 14:01:20.398 485 485 I Netd : Netd started in 3325ms
After:
02-02 15:23:51.872 480 480 I Netd : Creating child chains: 1572.3ms
02-02 15:23:52.200 480 480 I Netd : Netd started in 1943ms
We cannot switch all chains to iptables-restore because vendor
code manipulates those chains directly. If we did, we would save
an additional ~1 second.
Add an oem_mangle_post chain linked from mangle POSTROUTING so
that said vendor code can modify that instead of POSTROUTING
directly. (There is already an oem_out chain, so no changes are
needed for vendor code to move off of OUTPUT.)
Bug: 34873832
Test: builds, boots, unit and integration tests pass
Test: iptables-save output before and after CL sees no unexpected rule changes
Change-Id: I64cc32e7e14d9966bf6bc9bcc604af8c5d19eae8
2 files changed