Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 7557b5bd authored by Ravinder konka's avatar Ravinder konka Committed by Ravinder Konka
Browse files

netfilter: Move NATTYPE forward mode to POSTROUTING chain. 



When UL data path is through IPA, only one packet traverses
through SW. NATTYPE module requires at least 2 packets to create
a valid NATTYPE entry. As the NATTYPE entry is not created, DL
data fails in ARCN and FCN. Move NATTYPE forward mode to
POSTROUTING chain to create the NATTYPE entry with only one packet.

Change-Id: Ic03436339e2b0a6c4277146942f518e6c7d49574
Signed-off-by: default avatarRavinder Konka <rkonka@codeaurora.org>
parent ffdac877

net/ipv4/netfilter/ipt_NATTYPE.c

+19 −23
Original line number Diff line number Diff line
@@ -42,16 +42,12 @@ 
#include <linux/netfilter_ipv4/ipt_NATTYPE.h>

#include <linux/atomic.h>



#if !defined(NATTYPE_DEBUG)

#define DEBUGP(type, args...)

#else

static const char * const types[] = {"TYPE_PORT_ADDRESS_RESTRICTED",

			"TYPE_ENDPOINT_INDEPENDENT",

			"TYPE_ADDRESS_RESTRICTED"};

static const char * const modes[] = {"MODE_DNAT", "MODE_FORWARD_IN",

			"MODE_FORWARD_OUT"};

#define DEBUGP(args...) pr_debug(args)

#endif



/* netfilter NATTYPE TODO:

 * Add magic value checks to data structure.
@@ -82,11 +78,13 @@ static DEFINE_SPINLOCK(nattype_lock); 
static void nattype_nte_debug_print(const struct ipt_nattype *nte,

				    const char *s)

{

	DEBUGP("%p: %s - proto[%d], src[%pI4:%d], nat[<x>:%d], dest[%pI4:%d]\n",

	DEBUGP("%p:%s-proto[%d],src[%pI4:%d],nat[%d],dest[%pI4:%d]\n",

	       nte, s, nte->proto,

		&nte->range.min_addr.ip, ntohs(nte->range.min.all),

	       &nte->range.min_addr.ip, ntohs(nte->range.min_proto.all),

	       ntohs(nte->nat_port),

	       &nte->dest_addr, ntohs(nte->dest_port));

	DEBUGP("Timeout[%lx], Expires[%lx]\n", nte->timeout_value,

	       nte->timeout.expires);

}



/* netfilter NATTYPE nattype_free()
@@ -94,7 +92,6 @@ static void nattype_nte_debug_print(const struct ipt_nattype *nte, 
 */

static void nattype_free(struct ipt_nattype *nte)

{

	nattype_nte_debug_print(nte, "free");

	kfree(nte);

}
@@ -113,10 +110,10 @@ bool nattype_refresh_timer(unsigned long nat_type, unsigned long timeout_value) 
		return false;

	}

	if (del_timer(&nte->timeout)) {

		nte->timeout_value = timeout_value - jiffies;

		nte->timeout.expires = timeout_value;

		add_timer(&nte->timeout);

		spin_unlock_bh(&nattype_lock);

		nattype_nte_debug_print(nte, "refresh");

		return true;

	}

	spin_unlock_bh(&nattype_lock);
@@ -240,10 +237,10 @@ static bool nattype_compare(struct ipt_nattype *n1, struct ipt_nattype *n2, 
		return false;

	}



	if (n1->range.min_addr.all != n2->range.min_addr.all) {

	if (n1->range.min_proto.all != n2->range.min_proto.all) {

		DEBUGP("nattype_compare: r.min mismatch: %d:%d\n",

				ntohs(n1->range.min_addr.all),

				ntohs(n2->range.min_addr.all));

				ntohs(n1->range.min_proto.all),

				ntohs(n2->range.min_proto.all));

		return false;

	}
@@ -319,7 +316,7 @@ static unsigned int nattype_nat(struct sk_buff *skb, 
		 */

		DEBUGP("Expand ingress conntrack=%p, type=%d, src[%pI4:%d]\n",

			ct, ctinfo, &newrange.min_addr.ip,

		       ntohs(newrange.min.all));

			ntohs(newrange.min_proto.all));

		ct->nattype_entry = (unsigned long)nte;

		ret = nf_nat_setup_info(ct, &newrange, NF_NAT_MANIP_DST);

		DEBUGP("Expand returned: %d\n", ret);
@@ -346,7 +343,7 @@ static unsigned int nattype_forward(struct sk_buff *skb, 
	enum ip_conntrack_dir dir;





	if (par->hooknum != NF_INET_FORWARD)

	if (par->hooknum != NF_INET_POST_ROUTING)

		return XT_CONTINUE;



	/* netfilter
@@ -456,9 +453,8 @@ static unsigned int nattype_forward(struct sk_buff *skb, 
		 * entry as this one is timed out and will be removed

		 * from the list shortly.

		 */

		nte2->timeout_value = ct->timeout.expires - jiffies;

		if (!nattype_refresh_timer((unsigned long)nte2,

					   ct->timeout.expires))

				jiffies + nte2->timeout_value))

			break;



		/* netfilter NATTYPE
@@ -475,8 +471,8 @@ static unsigned int nattype_forward(struct sk_buff *skb, 
	/* netfilter NATTYPE

	 * Add the new entry to the list.

	 */

	nte->timeout_value = ct->timeout.expires - jiffies;

	nte->timeout.expires = ct->timeout.expires;

	nte->timeout_value = ct->timeout.expires;

	nte->timeout.expires = ct->timeout.expires + jiffies;

	add_timer(&nte->timeout);

	list_add(&nte->list, &nattype_list);

	ct->nattype_entry = (unsigned long)nte;
@@ -570,7 +566,7 @@ static int nattype_check(const struct xt_tgchk_param *par) 
	       types[info->type], modes[info->mode]);



	if (par->hook_mask & ~((1 << NF_INET_PRE_ROUTING) |

		(1 << NF_INET_FORWARD))) {

		(1 << NF_INET_POST_ROUTING))) {

		DEBUGP("nattype_check: bad hooks %x.\n", par->hook_mask);

		return -EINVAL;

	}
@@ -611,7 +607,7 @@ static struct xt_target nattype = { 
	.checkentry	= nattype_check,

	.targetsize	= sizeof(struct ipt_nattype_info),

	.hooks		= ((1 << NF_INET_PRE_ROUTING) |

				(1 << NF_INET_FORWARD)),

				(1 << NF_INET_POST_ROUTING)),

	.me		= THIS_MODULE,

};

net/ipv4/netfilter/nf_nat_masquerade_ipv4.c

+6 −0
Original line number Diff line number Diff line
@@ -68,7 +68,13 @@ nf_nat_masquerade_ipv4(struct sk_buff *skb, unsigned int hooknum, 
	newrange.max_proto   = range->max_proto;



	/* Hand modified range to generic setup. */

#if defined(CONFIG_IP_NF_TARGET_NATTYPE_MODULE)

	nf_nat_setup_info(ct, &newrange, NF_NAT_MANIP_SRC);

	return XT_CONTINUE;

#else

	return nf_nat_setup_info(ct, &newrange, NF_NAT_MANIP_SRC);

#endif



}

EXPORT_SYMBOL_GPL(nf_nat_masquerade_ipv4);