Need some features for "ip -6 rule add~~~" to port Thread to Android 12.

[jihyeahn0630]

My team is up to launch Android12 product which has Openthread.

like this issue, #1739,
Android System has different "ip -6 rule and tables "
Here's mine:

adb shell ip -6 rule
0:    from all lookup local 
10000:    from all fwmark 0xc0000/0xd0000 lookup legacy_system 
11000:    from all iif lo oif dummy0 uidrange 0-0 lookup dummy0 
11000:    from all iif lo oif wlan0 uidrange 0-0 lookup wlan0 
11000:    from all iif lo oif wpan0 uidrange 0-0 lookup wpan0 
16000:    from all fwmark 0x10063/0x1ffff iif lo lookup local_network 
16000:    from all fwmark 0x1006a/0x1ffff iif lo lookup wlan0 
16000:    from all fwmark 0x10064/0x1ffff iif lo lookup wpan0 
17000:    from all iif lo oif dummy0 lookup dummy0 
17000:    from all iif lo oif wlan0 lookup wlan0 
17000:    from all iif lo oif wpan0 lookup wpan0 
18000:    from all fwmark 0x0/0x10000 lookup legacy_system 
19000:    from all fwmark 0x0/0x10000 lookup legacy_network 
20000:    from all fwmark 0x0/0x10000 lookup local_network 
23000:    from all fwmark 0x6a/0x1ffff iif lo lookup wlan0 
23000:    from all fwmark 0x64/0x1ffff iif lo lookup wpan0 
29000:    from all fwmark 0x0/0xffff iif lo lookup wlan0 
**31400:   from all lookup wpan0 <--We Added using executecommand
**31500:   from all lookup wlan0<--We Added using executecommand
32000:    from all unreachable

We added wpan0/wlan0 rule like belows:
inside processNetifLinkEvent function at netif.cpp

error = ot::Posix::ExecuteCommand("ip -6 rule add from all table %s prio 31500", gBackboneNetifName);
otLogWarnPlat("rule add %s : %s",gBackboneNetifName, otThreadErrorToString(error));
error = ot::Posix::ExecuteCommand("ip -6 rule add from all table %s prio 31400", gNetifName);
otLogWarnPlat("rule add %s : %s",gNetifName, otThreadErrorToString(error));

Fortunately, it generally works when the rule looks like above.
but I have two concern points.

1. Are there any better solutions about not using executecommand? Can Thread team add the related feature for that?
2. When the Android system starts booting, the the thread network is up before user tries to set Wifi.
   So the command, "ip -6 rule add from all table wlan0", does not work because wlan0 interface is not up at that time.
   We are trying to find the right time(such as ConnectivityService or NetworkController) when wlan0 is up, but it kinda complicated.

Hope to hear from you soon.
Thanks.

[wgtdkp]

I am sad to hear that you are porting openthread to android, because the OpenThread team ls already doing so: https://cs.android.com/android/platform/superproject/main/+/main:packages/modules/Connectivity/thread/. It's in an Android mainline module and supports Android U and later.

What's the use case that you need to start with Adnroid 12?

[wgtdkp]

You can try Android Thread on Cuttlefish following this guide: https://android-review.git.corp.google.com/c/platform/packages/modules/Connectivity/+/3007440

[inkspot72]

What's the use case that you need to start with Adnroid 12?

Hi.
I work with @jihyeahn0630.
We already knew that Google's OpenThread Border Router has been started since Android 13.
However, BSP support for our HW is only on Android 12, so we are porting OTBR to Android 12.

[inkspot72]

@wgtdkp

Issue description

As the issue mentioned in [https://github.com//issues/1739], after finding spr service with DNS-SD, when External matter comimissioner (like chiptool) tries to establish a CASE session, UDP packets are intermittently not coming in.

At OTBR_LOG_CASE_Failed.txt

03-20 09:37:38.020 I/otbr-agent( 1747): [I] MeshForwarder-: Received IPv6 UDP msg, len:504, chksum:180f, ecn:no, from:0xb001, sec:yes, prio:normal, rss:-54.0
03-20 09:37:38.020 I/otbr-agent( 1747): [I] MeshForwarder-:     src:[fd6d:c275:d857:9d60:34bc:8dcc:3bf2:f3bd]:49155
03-20 09:37:38.020 I/otbr-agent( 1747): [I] MeshForwarder-:     dst:[fd6d:c275:d857:9d60:1aa5:acf6:9e79:b2e1]:53536
03-20 09:37:38.020 I/otbr-agent( 1747): [I] SrpServer-----: Received DNS update from fd6d:c275:d857:9d60:34bc:8dcc:3bf2:f3bd
03-20 09:37:38.053 I/otbr-agent( 1747): [I] SrpServer-----: Processed DNS update info
03-20 09:37:38.053 I/otbr-agent( 1747): [I] SrpServer-----:     Host:0E3E4AB14F570470.default.service.arpa.
03-20 09:37:38.053 I/otbr-agent( 1747): [I] SrpServer-----:     Lease:7200, key-lease:1209600, ttl:7200
03-20 09:37:38.053 I/otbr-agent( 1747): [I] SrpServer-----:     1 host address(es):
03-20 09:37:38.053 I/otbr-agent( 1747): [I] SrpServer-----:       fd7f:545a:bbe9:1:e95a:a5d1:76e5:5ff
03-20 09:37:38.054 I/otbr-agent( 1747): [I] SrpServer-----:     Adding service 'FC5836643173E848-000000000000000B._matter._tcp.default.service.arpa.' subtype:_IFC5836643173E848
03-20 09:37:38.054 I/otbr-agent( 1747): [I] SrpServer-----:     Adding service 'FC5836643173E848-000000000000000B._matter._tcp.default.service.arpa.'
03-20 09:37:38.054 I/otbr-agent( 1747): [I] SrpServer-----: SRP update handler is notified (updatedId = 127859892)
03-20 09:37:38.054 I/otbr-agent( 1747): [INFO]-ADPROXY-: Advertise SRP service updates: host=0E3E4AB14F570470.default.service.arpa.
03-20 09:37:38.054 I/otbr-agent( 1747): [INFO]-MDNS----: Registering new service FC5836643173E848-000000000000000B._matter._tcp,_IFC5836643173E848.local, serviceRef = 0x0
03-20 09:37:38.056 I/otbr-agent( 1747): [INFO]-MDNS----: Registering new host 0E3E4AB14F570470
03-20 09:37:38.058 I/otbr-agent( 1747): [INFO]-MDNS----: Received reply for host 0E3E4AB14F570470.local: OK
03-20 09:37:38.059 I/otbr-agent( 1747): [INFO]-MDNS----: Successfully registered host 0E3E4AB14F570470.local
03-20 09:37:38.059 I/otbr-agent( 1747): [INFO]-ADPROXY-: Handle publish SRP host '0E3E4AB14F570470.default.service.arpa.': OK
03-20 09:37:38.059 I/otbr-agent( 1747): [INFO]-ADPROXY-: Waiting for more publishing callbacks 1
03-20 09:37:38.436 E/T20Service( 2328): checkingService
03-20 09:37:38.771 I/otbr-agent( 1747): [INFO]-MDNS----: Received reply for service FC5836643173E848-000000000000000B._matter._tcp., serviceRef = 0xb400006ff9fcf200
03-20 09:37:38.771 I/otbr-agent( 1747): [INFO]-MDNS----: Successfully registered service FC5836643173E848-000000000000000B._matter._tcp.
03-20 09:37:38.771 I/otbr-agent( 1747): [INFO]-ADPROXY-: Handle publish SRP service 'FC5836643173E848-000000000000000B._matter._tcp.default.service.arpa.': OK
03-20 09:37:38.771 I/otbr-agent( 1747): [I] SrpServer-----: Handler result of SRP update (id = 127859892) is received: OK
03-20 09:37:38.771 I/otbr-agent( 1747): [I] SrpServer-----: Add new host 0E3E4AB14F570470.default.service.arpa.
03-20 09:37:38.772 I/otbr-agent( 1747): [I] SrpServer-----: Add new service 'FC5836643173E848-000000000000000B._matter._tcp.default.service.arpa.' subtype:_IFC5836643173E848
03-20 09:37:38.772 I/otbr-agent( 1747): [I] SrpServer-----: Add new service 'FC5836643173E848-000000000000000B._matter._tcp.default.service.arpa.'
03-20 09:37:38.782 I/otbr-agent( 1747): [I] Settings------: Saved SrpServerInfo {port:53536}
03-20 09:37:38.782 I/otbr-agent( 1747): [I] SrpServer-----: Lease timer is scheduled for 7199 seconds
03-20 09:37:38.782 I/otbr-agent( 1747): [I] SrpServer-----: Send success response with granted lease: 7200 and key lease: 680400

Chiptool tried send UDP packet to establish CASE session .
Chiptool_CASE_Faield.txt

03-20 09:37:39.829 D/KeyValueStoreManager(10091): Key 'f/1/s/000000000000000B' not found in shared preferences
03-20 09:37:39.829 D/EM      (10091): <<< [E:3137i S:0 M:50841616] (U) Msg TX to 0:0000000000000000 [0000] [UDP:[fd7f:545a:bbe9:1:e95a:a5d1:76e5:5ff]:5540] --- Type 0000:30 (SecureChannel:CASE_Sigma1)
03-20 09:37:39.830 D/SC      (10091): Sent Sigma1 msg
03-20 09:37:39.830 D/DIS     (10091): OperationalSessionSetup[1:000000000000000B]: State change 3 --> 4

However, no packets arrived on wlan0.
The problem is occasional, and once it happens, it tends to persist. I suspect it's an issue with the routing table, so I've tried routing via ip -6 route get and it doesn't seem to make much difference if it fails or succeeds.

Unlike Linux, which adds routing rules to the main table, Android creates the network ids for backbone interface wlan0 and network interface wpan0, and then creates a matching routing table a little later.
For example routing table is

console:/ # cat /data/misc/net/rt_tables
255 local
254 main
97 local_network
98 legacy_network
99 legacy_system
1002 dummy0
1009 wlan0
1011 wpan0
console:/ #

It's my IP rule

console:/ # ip -6 rule
0:      from all lookup local
10000:  from all fwmark 0xc0000/0xd0000 lookup legacy_system
11000:  from all iif lo oif dummy0 uidrange 0-0 lookup dummy0
11000:  from all iif lo oif wlan0 uidrange 0-0 lookup wlan0
11000:  from all iif lo oif wpan0 uidrange 0-0 lookup wpan0
16000:  from all fwmark 0x10063/0x1ffff iif lo lookup local_network
16000:  from all fwmark 0x10064/0x1ffff iif lo lookup wlan0
16000:  from all fwmark 0x10064/0x1ffff iif lo lookup wpan0
17000:  from all iif lo oif dummy0 lookup dummy0
17000:  from all iif lo oif wlan0 lookup wlan0
17000:  from all iif lo oif wpan0 lookup wpan0
18000:  from all fwmark 0x0/0x10000 lookup legacy_system
19000:  from all fwmark 0x0/0x10000 lookup legacy_network
20000:  from all fwmark 0x0/0x10000 lookup local_network
23000:  from all fwmark 0x64/0x1ffff iif lo lookup wlan0
23000:  from all fwmark 0x64/0x1ffff iif lo lookup wpan0
29000:  from all fwmark 0x0/0xffff iif lo lookup wlan0
29000:  from all fwmark 0x0/0xffff iif lo lookup wpan0
**31400:  from all lookup wpan0** <-- We Added using executecommand
**31500:  from all lookup wlan0**  <-- We Added using executecommand
32000:  from all unreachable
console:/ #

Even though the rt table was created, it was not added to the ip rule, so we will add two tables to the ip rule at processNetifLinkEvent(), which is when the wpan0 interface goes up.
This location doesn't look too great, that is why @jihyeahn0630 asked about proper point adding the rt table.
I mention this again in case it's related to the issue of no packets coming in.

inside processNetifLinkEvent function at netif.cpp

error = ot::Posix::ExecuteCommand("ip -6 rule add from all table %s prio 31500", gBackboneNetifName);
otLogWarnPlat("rule add %s : %s",gBackboneNetifName, otThreadErrorToString(error));
error = ot::Posix::ExecuteCommand("ip -6 rule add from all table %s prio 31400", gNetifName);
otLogWarnPlat("rule add %s : %s",gNetifName, otThreadErrorToString(error));

Do you know of anything we can look into for this issue?

Thanks

[jihyeahn0630]

In addition to @inkspot72 's comment,
The use case is this :
We want a Thread End Device to join our Thread Network using Android Chiptool on Pixel Phone.
Sometimes it happens very frequently when it comes up once, but sometimes it's very hard to see the issue. I cannot find out the exact cause.

When the issue comes up, AddrResolver does not send AddressQuery for End Devcice Slacc.
I attached pcap log for wlan0 backbone, and android logcat log.
Uploading wlan0_abnormal_pcap.zip…

no_address_resolve.log

This is Commissioner I/F

wlan0     Link encap:UNSPEC    Driver icnss
          inet addr:192.168.0.145  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fd11:1111:1122:2222:7c9f:a235:f2e9:20fe/64 Scope: Global
          inet6 addr: fd11:1111:1122:2233:b876:3692:947:8a7f/64 Scope: Global
          inet6 addr: fd11:1111:1122:2211:80e0:34ff:fe4c:b5f1/64 Scope: Global
          inet6 addr: fd11:1111:1122:2222:80e0:34ff:fe4c:b5f1/64 Scope: Global
          inet6 addr: fd11:1111:1122:2233:80e0:34ff:fe4c:b5f1/64 Scope: Global
          inet6 addr: fe80::80e0:34ff:fe4c:b5f1/64 Scope: Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:460776 errors:0 dropped:0 overruns:0 frame:0
          TX packets:354592 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3000
          RX bytes:284499494 TX bytes:60622382

This is Android I/F

console:/ # ifconfig
wlan0     Link encap:Ethernet  HWaddr 00:08:22:cc:c6:fb  Driver mt-wifi
          inet addr:192.168.0.177  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fd11:1111:1122:2222:1771:fafb:a26:96ac/64 Scope: Global
          inet6 addr: fe80::24dd:95f1:364e:569c/64 Scope: Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:49193 errors:0 dropped:0 overruns:0 frame:0
          TX packets:75576 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3000
          RX bytes:5161245 TX bytes:48980685

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope: Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:18 errors:0 dropped:0 overruns:0 frame:0
          TX packets:18 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1929 TX bytes:1929

eth0      Link encap:Ethernet  HWaddr 70:5d:cc:f8:44:e4  Driver r8152
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 TX bytes:0

wpan0     Link encap:UNSPEC
          inet6 addr: fd2d:3136:2eaa:d7cb:0:ff:fe00:fc11/64 Scope: Global
          inet6 addr: fd2d:3136:2eaa:d7cb:0:ff:fe00:fc38/64 Scope: Global
          inet6 addr: fd2d:3136:2eaa:d7cb:902a:59a4:d04e:fca7/64 Scope: Global
          inet6 addr: fd2d:3136:2eaa:d7cb:0:ff:fe00:fc10/64 Scope: Global
          inet6 addr: fd2d:3136:2eaa:d7cb:0:ff:fe00:3c00/64 Scope: Global
          inet6 addr: fd99:22::3ade:f21e:c13e:bff/64 Scope: Global
          inet6 addr: fe80::7401:8243:b1af:507f/64 Scope: Link
          inet6 addr: fd2d:3136:2eaa:d7cb:0:ff:fe00:fc00/64 Scope: Global
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1280  Metric:1
          RX packets:21 errors:0 dropped:1 overruns:0 frame:0
          TX packets:56 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500
          RX bytes:3318 TX bytes:6787

dummy0    Link encap:Ethernet  HWaddr fe:ff:f7:e1:bd:d8
          inet6 addr: fe80::fcff:f7ff:fee1:bdd8/64 Scope: Link
          UP BROADCAST RUNNING NOARP  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:714 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 TX bytes:283009```

ip -6 route

console:/ # ip -6 route ls table all
fe80::/64 dev dummy0 table dummy0 proto kernel metric 256 pref medium
default dev dummy0 table dummy0 proto static metric 1024 pref medium
fd11:1111:1122:2222::/64 dev wlan0 table wlan0 proto kernel metric 256 expires 1576sec pref medium
fd11:1111:1122:2222::/64 dev wlan0 table wlan0 proto static metric 1024 pref medium
fd55:22::/64 via fe80::641a:9746:8c73:bb8 dev wlan0 table wlan0 proto ra metric 1024 expires 1779sec pref medium
fe80::/64 dev wlan0 table wlan0 proto kernel metric 256 pref medium
fe80::/64 dev wlan0 table wlan0 proto static metric 1024 pref medium
fd2d:3136:2eaa:d7cb::/64 dev wpan0 table wpan0 proto kernel metric 256 pref medium
fd99:22::/64 dev wpan0 table wpan0 proto kernel metric 256 pref medium
fe80::/64 dev wpan0 table wpan0 proto kernel metric 256 pref medium
local ::1 dev lo table local proto kernel metric 0 pref medium
anycast fd11:1111:1122:2222:: dev wlan0 table local proto kernel metric 0 pref medium
local fd11:1111:1122:2222:1771:fafb:a26:96ac dev wlan0 table local proto kernel metric 0 pref medium
anycast fd2d:3136:2eaa:d7cb:: dev wpan0 table local proto kernel metric 0 pref medium
local fd2d:3136:2eaa:d7cb:0:ff:fe00:3c00 dev wpan0 table local proto kernel metric 0 pref medium
local fd2d:3136:2eaa:d7cb:0:ff:fe00:fc00 dev wpan0 table local proto kernel metric 0 pref medium
local fd2d:3136:2eaa:d7cb:0:ff:fe00:fc10 dev wpan0 table local proto kernel metric 0 pref medium
local fd2d:3136:2eaa:d7cb:0:ff:fe00:fc11 dev wpan0 table local proto kernel metric 0 pref medium
local fd2d:3136:2eaa:d7cb:0:ff:fe00:fc38 dev wpan0 table local proto kernel metric 0 pref medium
local fd2d:3136:2eaa:d7cb:902a:59a4:d04e:fca7 dev wpan0 table local proto kernel metric 0 pref medium
anycast fd99:22:: dev wpan0 table local proto kernel metric 0 pref medium
local fd99:22::3ade:f21e:c13e:bff dev wpan0 table local proto kernel metric 0 pref medium
anycast fe80:: dev dummy0 table local proto kernel metric 0 pref medium
anycast fe80:: dev wlan0 table local proto kernel metric 0 pref medium
anycast fe80:: dev wpan0 table local proto kernel metric 0 pref medium
local fe80::24dd:95f1:364e:569c dev wlan0 table local proto kernel metric 0 pref medium
local fe80::7401:8243:b1af:507f dev wpan0 table local proto kernel metric 0 pref medium
local fe80::fcff:f7ff:fee1:bdd8 dev dummy0 table local proto kernel metric 0 pref medium
multicast ff00::/8 dev dummy0 table local proto kernel metric 256 pref medium
multicast ff00::/8 dev wlan0 table local proto kernel metric 256 pref medium
multicast ff00::/8 dev wpan0 table local proto kernel metric 256 pref medium
console:/ #

console:/ # ip -6 route ls table wlan0
fd11:1111:1122:2222::/64 dev wlan0 proto kernel metric 256 expires 1561sec pref medium
fd11:1111:1122:2222::/64 dev wlan0 proto static metric 1024 pref medium
fd55:22::/64 via fe80::641a:9746:8c73:bb8 dev wlan0 proto ra metric 1024 expires 1764sec pref medium
fe80::/64 dev wlan0 proto kernel metric 256 pref medium
fe80::/64 dev wlan0 proto static metric 1024 pref medium
console:/ #

console:/ # ip -6 route ls table wpan0
fd2d:3136:2eaa:d7cb::/64 dev wpan0 proto kernel metric 256 pref medium
fd99:22::/64 dev wpan0 proto kernel metric 256 pref medium
fe80::/64 dev wpan0 proto kernel metric 256 pref medium

[wgtdkp]

What's the use case that you need to start with Adnroid 12?

Hi. I work with @jihyeahn0630. We already knew that Google's OpenThread Border Router has been started since Android 13. However, BSP support for our HW is only on Android 12, so we are porting OTBR to Android 12.

Are you using mainline? If yes, I think it's quite simple to backport to Android 12

[inkspot72]

Unfortunately, I'm not currently using mainline. Also I have other requirements that are not so easy to apply mainline.

[inkspot72]

@wgtdkp

In my situation, mainline is not applicable because it is not possible to install GMS framework, so it is not simple to backport to Android 12. I hope you understand that the current situation is difficult to do porting back on Android 12.
So I ask you again about the bug.

Comparing the results taken with tcpdump on Chiptool's network interface

If it succeeds (with Google BR)

Pcap log : chiptool_with_GOOGLE_BR_case_success.zip

• at packet #8403, OTBR respond to MDNS query for matter device
• at packet #8412, and #8415, The chiptool obtained the information to send the packet to the border router through Neighbor Discovery.
• Finally, chiptool is succeeded to send Sigma 1 packet to Thread end device.
  

If it fails (with my BR device)

pcap log : chiptool_with_my_BR_case_fail.zip

• at packet #15596, #15597 and #15608, Chiptool sends Neighbor Discovery NS to the border router, but the border router does not respond with NA.
• at packet #15627, Eventually, chiptool determines that the Border router is unreachable and fails to send the Sigma packet.

Can I get a hint as to why OTBR is not responding to Neighbor Discovery?

Thanks

[wgtdkp]

My team is up to launch Android12 product which has Openthread.

like this issue, #1739, Android System has different "ip -6 rule and tables " Here's mine:

adb shell ip -6 rule
0:    from all lookup local 
10000:    from all fwmark 0xc0000/0xd0000 lookup legacy_system 
11000:    from all iif lo oif dummy0 uidrange 0-0 lookup dummy0 
11000:    from all iif lo oif wlan0 uidrange 0-0 lookup wlan0 
11000:    from all iif lo oif wpan0 uidrange 0-0 lookup wpan0 
16000:    from all fwmark 0x10063/0x1ffff iif lo lookup local_network 
16000:    from all fwmark 0x1006a/0x1ffff iif lo lookup wlan0 
16000:    from all fwmark 0x10064/0x1ffff iif lo lookup wpan0 
17000:    from all iif lo oif dummy0 lookup dummy0 
17000:    from all iif lo oif wlan0 lookup wlan0 
17000:    from all iif lo oif wpan0 lookup wpan0 
18000:    from all fwmark 0x0/0x10000 lookup legacy_system 
19000:    from all fwmark 0x0/0x10000 lookup legacy_network 
20000:    from all fwmark 0x0/0x10000 lookup local_network 
23000:    from all fwmark 0x6a/0x1ffff iif lo lookup wlan0 
23000:    from all fwmark 0x64/0x1ffff iif lo lookup wpan0 
29000:    from all fwmark 0x0/0xffff iif lo lookup wlan0 
**31400:   from all lookup wpan0 <--We Added using executecommand
**31500:   from all lookup wlan0<--We Added using executecommand
32000:    from all unreachable

We added wpan0/wlan0 rule like belows: inside processNetifLinkEvent function at netif.cpp

error = ot::Posix::ExecuteCommand("ip -6 rule add from all table %s prio 31500", gBackboneNetifName);
otLogWarnPlat("rule add %s : %s",gBackboneNetifName, otThreadErrorToString(error));
error = ot::Posix::ExecuteCommand("ip -6 rule add from all table %s prio 31400", gNetifName);
otLogWarnPlat("rule add %s : %s",gNetifName, otThreadErrorToString(error));

Fortunately, it generally works when the rule looks like above. but I have two concern points.

1. Are there any better solutions about not using executecommand? Can Thread team add the related feature for that?
2. When the Android system starts booting, the the thread network is up before user tries to set Wifi.
   So the command, "ip -6 rule add from all table wlan0", does not work because wlan0 interface is not up at that time.
   We are trying to find the right time(such as ConnectivityService or NetworkController) when wlan0 is up, but it kinda complicated.

Hope to hear from you soon. Thanks.

To your original questions:

1. I don’t think it’s a good idea to submit such changes into the openthread repo given it’s conflicting with the official Android implementation.
2. You can use netlink to subscribe to wlan0 interface state changes (just as we do for wpan0) and adds the IP rule when the wlan0 is up

[jihyeahn0630]

@wgtdkp, Thank you for your answer, but I am still unclear about where you are adding "ip -6 rule for wlan0/wpan0", and one more thing to ask, where does otbr-firewall script execute in Android. I did my best to find out it. lol.
Thank you very much for your help.

[wgtdkp]

@wgtdkp, Thank you for your answer, but I am still unclear about where you are adding "ip -6 rule for wlan0/wpan0", and one more thing to ask, where does otbr-firewall script execute in Android. I did my best to find out it. lol. Thank you very much for your help.

"ip -6 rule for wlan0/wpan0" this is automatically handled by netd when the Thread network is registered to the Android connectivity service. Basically, routes are solely managed by the connectivity service on Android, so I can foresee conflicts between the connectivity service routing controller and ot-br-posix if you manipulates the routes on your own. Your team said that mainline is not supported on the Android 12 device you have, but backporting the mainline code doesn't require you to support downloading the mainline module from Play Store, you can build with the latest mainline prebuilt. Can you check if you can do this?

lunch <your-target>
m com.android.tethering

# change it to your mainline .apex file
adb install -r -d ./out/target/product/module_x86_64/system/apex/com.android.tethering.apex

If it failed, please send me the output.

"otbr-firewall" The iptables-based packet filtering is not used on Android. Instead, we filter in OT core and both Android connectivity service level.