Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 391a9cc7 authored by Niranjan Reddy Dumbala's avatar Niranjan Reddy Dumbala Committed by Stephen Boyd
Browse files

msm: netfilter: NATTYPE Refresh Timer Changes. 



When IPA is present, all the data packets go through IPA
and as a result NATTYPE entry timeout will not be refreshed
and eventually it times out. IPA periodically refreshes
the connection tracking entry timeout. So make changes to refresh
the NATTYPE entry timeout from the connection tracking module.

Change-Id: I5861427990af4bfd6046d21809a778409d0d8d5f
Signed-off-by: default avatarNiranjan Reddy Dumbala <ndumba@codeaurora.org>
parent 5bb66633

include/linux/netfilter_ipv4/ipt_NATTYPE.h

+2 −0
Original line number Diff line number Diff line
@@ -21,5 +21,7 @@ struct ipt_nattype_info { 
	u_int16_t type;

};



extern bool nattype_refresh_timer(unsigned long nattype);



#endif /*_IPT_NATTYPE_H_target*/

include/net/netfilter/nf_conntrack.h

+9 −0
Original line number Diff line number Diff line
@@ -71,6 +71,11 @@ struct nf_conn_help { 
#include <net/netfilter/ipv4/nf_conntrack_ipv4.h>

#include <net/netfilter/ipv6/nf_conntrack_ipv6.h>



/* Handle NATTYPE Stuff,only if NATTYPE module was defined */

#if defined(CONFIG_IP_NF_TARGET_NATTYPE_MODULE)

#include <linux/netfilter_ipv4/ipt_NATTYPE.h>

#endif



struct nf_conn {

	/* Usage count in here is 1 for hash table/destruct timer, 1 per skb,

           plus 1 for any connection(s) we are `master' for */
@@ -105,6 +110,10 @@ struct nf_conn { 
	struct net *ct_net;

#endif



#if defined(CONFIG_IP_NF_TARGET_NATTYPE_MODULE)

	unsigned long nattype_entry;

#endif



	/* Storage reserved for other modules, must be the last member */

	union nf_conntrack_proto proto;

};

net/ipv4/netfilter/ipt_NATTYPE.c

+20 −10
Original line number Diff line number Diff line
@@ -58,6 +58,7 @@ static const char * const modes[] = {"MODE_DNAT", "MODE_FORWARD_IN", 
struct ipt_nattype {

	struct list_head list;

	struct timer_list timeout;

	unsigned char is_valid;

	unsigned short proto;		/* Protocol: TCP or UDP */

	struct nf_nat_ipv4_range range;	/* LAN side source information */

	unsigned short nat_port;	/* Routed NAT port */
@@ -101,14 +102,23 @@ static void nattype_free(struct ipt_nattype *nte) 
 * nattype_refresh_timer()

 *	Refresh the timer for this object.

 */

static bool nattype_refresh_timer(struct ipt_nattype *nte)

bool nattype_refresh_timer(unsigned long nat_type)

{



	struct ipt_nattype *nte = (struct ipt_nattype *)nat_type;

	if (!nte)

		return false;

	spin_lock_bh(&nattype_lock);

	if (!nte->is_valid) {

		spin_unlock_bh(&nattype_lock);

		return false;

	}

	if (del_timer(&nte->timeout)) {

		nte->timeout.expires = jiffies + NATTYPE_TIMEOUT * HZ;

		add_timer(&nte->timeout);

		spin_unlock_bh(&nattype_lock);

		return true;

	}

	spin_unlock_bh(&nattype_lock);

	return false;

}
@@ -128,6 +138,7 @@ static void nattype_timer_timeout(unsigned long in_nattype) 
	nattype_nte_debug_print(nte, "timeout");

	spin_lock_bh(&nattype_lock);

	list_del(&nte->list);

	memset(nte, 0, sizeof(struct ipt_nattype));

	spin_unlock_bh(&nattype_lock);

	nattype_free(nte);

}
@@ -309,6 +320,7 @@ static unsigned int nattype_nat(struct sk_buff *skb, 
		 */

		DEBUGP("Expand ingress conntrack=%p, type=%d, src[%pI4:%d]\n",

			ct, ctinfo, &newrange.min_ip, ntohs(newrange.min.all));

		ct->nattype_entry = (unsigned long)nte;

		ret = nf_nat_setup_info(ct, &newrange, NF_NAT_MANIP_DST);

		DEBUGP("Expand returned: %d\n", ret);

		return ret;
@@ -348,21 +360,19 @@ static unsigned int nattype_forward(struct sk_buff *skb, 
			 */

			if (!nattype_packet_in_match(nte, skb, info))

				continue;



			spin_unlock_bh(&nattype_lock);

			/*

			 * Refresh the timer, if we fail, break

			 * out and forward fail as though we never

			 * found the entry.

			 */

			if (!nattype_refresh_timer(nte))

			if (!nattype_refresh_timer((unsigned long)nte))

				break;



			/*

			 * The entry is found and refreshed, the

			 * entry values should not change so print

			 * them outside the lock.

			 */

			spin_unlock_bh(&nattype_lock);

			nattype_nte_debug_print(nte, "refresh");

			DEBUGP("FORWARD_IN_ACCEPT\n");

			return NF_ACCEPT;
@@ -431,22 +441,20 @@ static unsigned int nattype_forward(struct sk_buff *skb, 
	list_for_each_entry(nte2, &nattype_list, list) {

		if (!nattype_compare(nte, nte2))

			continue;



		spin_unlock_bh(&nattype_lock);

		/*

		 * If we can not refresh this entry, insert our new

		 * entry as this one is timed out and will be removed

		 * from the list shortly.

		 */

		if (!nattype_refresh_timer(nte2))

		if (!nattype_refresh_timer((unsigned long)nte2))

			break;



		/*

		 * Found and refreshed an existing entry.  Its values

		 * do not change so print the values outside of the lock.

		 *

		 * Free up the new entry.

		 */

		spin_unlock_bh(&nattype_lock);

		nattype_nte_debug_print(nte2, "refresh");

		nattype_free(nte);

		return XT_CONTINUE;
@@ -458,6 +466,8 @@ static unsigned int nattype_forward(struct sk_buff *skb, 
	nte->timeout.expires = jiffies + (NATTYPE_TIMEOUT  * HZ);

	add_timer(&nte->timeout);

	list_add(&nte->list, &nattype_list);

	ct->nattype_entry = (unsigned long)nte;

	nte->is_valid = 1;

	spin_unlock_bh(&nattype_lock);

	nattype_nte_debug_print(nte, "ADD");

	return XT_CONTINUE;

net/netfilter/nf_conntrack_core.c

+9 −0
Original line number Diff line number Diff line
@@ -840,6 +840,10 @@ init_conntrack(struct net *net, struct nf_conn *tmpl, 
#endif

#ifdef CONFIG_NF_CONNTRACK_SECMARK

		ct->secmark = exp->master->secmark;

#endif

/* Intialize the NAT type entry. */

#if defined(CONFIG_IP_NF_TARGET_NATTYPE_MODULE)

		ct->nattype_entry = 0;

#endif

		nf_conntrack_get(&ct->master->ct_general);

		NF_CT_STAT_INC(net, expect_new);
@@ -1098,6 +1102,11 @@ void __nf_ct_refresh_acct(struct nf_conn *ct, 
			mod_timer_pending(&ct->timeout, newtime);

	}



/* Refresh the NAT type entry. */

#if defined(CONFIG_IP_NF_TARGET_NATTYPE_MODULE)

	(void)nattype_refresh_timer(ct->nattype_entry);

#endif



acct:

	if (do_acct) {

		struct nf_conn_counter *acct;