Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit eb30eb83 authored by Niranjan Reddy Dumbala's avatar Niranjan Reddy Dumbala Committed by Ravinder Konka
Browse files

msm: netfilter: NATTYPE Refresh Timer Changes. 



When IPA is present, all the data packets go through IPA
and as a result NATTYPE entry timeout will not be refreshed
and eventually it times out. IPA periodically refreshes
the connection tracking entry timeout. So make changes to refresh
the NATTYPE entry timeout from the connection tracking module.

Change-Id: I5861427990af4bfd6046d21809a778409d0d8d5f
Signed-off-by: default avatarNiranjan Reddy Dumbala <ndumba@codeaurora.org>
parent 49f48803

include/linux/netfilter_ipv4/ipt_NATTYPE.h

+2 −0
Original line number Diff line number Diff line
@@ -21,5 +21,7 @@ struct ipt_nattype_info { 
	u_int16_t type;

};



extern bool nattype_refresh_timer(unsigned long nattype);



#endif /*_IPT_NATTYPE_H_target*/

include/net/netfilter/nf_conntrack.h

+9 −0
Original line number Diff line number Diff line
@@ -71,6 +71,11 @@ struct nf_conn_help { 
#include <net/netfilter/ipv4/nf_conntrack_ipv4.h>

#include <net/netfilter/ipv6/nf_conntrack_ipv6.h>



/* Handle NATTYPE Stuff,only if NATTYPE module was defined */

#if defined(CONFIG_IP_NF_TARGET_NATTYPE_MODULE)

#include <linux/netfilter_ipv4/ipt_NATTYPE.h>

#endif



struct nf_conn {

	/* Usage count in here is 1 for hash table/destruct timer, 1 per skb,

	 * plus 1 for any connection(s) we are `master' for
@@ -112,6 +117,10 @@ struct nf_conn { 
	struct net *ct_net;

#endif



#if defined(CONFIG_IP_NF_TARGET_NATTYPE_MODULE)

	unsigned long nattype_entry;

#endif



	/* Storage reserved for other modules, must be the last member */

	union nf_conntrack_proto proto;

};

net/ipv4/netfilter/ipt_NATTYPE.c

+22 −7
Original line number Diff line number Diff line
@@ -58,6 +58,7 @@ static const char * const modes[] = {"MODE_DNAT", "MODE_FORWARD_IN", 
struct ipt_nattype {

	struct list_head list;

	struct timer_list timeout;

	unsigned char is_valid;

	unsigned short proto;		/* Protocol: TCP or UDP */

	struct nf_nat_ipv4_range range;	/* LAN side src info*/

	unsigned short nat_port;	/* Routed NAT port */
@@ -96,13 +97,24 @@ static void nattype_free(struct ipt_nattype *nte) 
/* netfilter NATTYPE nattype_refresh_timer()

 * Refresh the timer for this object.

 */

static bool nattype_refresh_timer(struct ipt_nattype *nte)

bool nattype_refresh_timer(unsigned long nat_type)

{

	struct ipt_nattype *nte = (struct ipt_nattype *)nat_type;



	if (!nte)

		return false;

	spin_lock_bh(&nattype_lock);

	if (!nte->is_valid) {

		spin_unlock_bh(&nattype_lock);

		return false;

	}

	if (del_timer(&nte->timeout)) {

		nte->timeout.expires = jiffies + NATTYPE_TIMEOUT * HZ;

		add_timer(&nte->timeout);

		spin_unlock_bh(&nattype_lock);

		return true;

	}

	spin_unlock_bh(&nattype_lock);

	return false;

}
@@ -121,6 +133,7 @@ static void nattype_timer_timeout(unsigned long in_nattype) 
	nattype_nte_debug_print(nte, "timeout");

	spin_lock_bh(&nattype_lock);

	list_del(&nte->list);

	memset(nte, 0, sizeof(struct ipt_nattype));

	spin_unlock_bh(&nattype_lock);

	nattype_free(nte);

}
@@ -295,6 +308,7 @@ static unsigned int nattype_nat(struct sk_buff *skb, 
		 */

		DEBUGP("Expand ingress conntrack=%p, type=%d, src[%pI4:%d]\n",

			ct, ctinfo, &newrange.min_ip, ntohs(newrange.min.all));

		ct->nattype_entry = (unsigned long)nte;

		ret = nf_nat_setup_info(ct, &newrange, NF_NAT_MANIP_DST);

		DEBUGP("Expand returned: %d\n", ret);

		return ret;
@@ -334,12 +348,13 @@ static unsigned int nattype_forward(struct sk_buff *skb, 
			if (!nattype_packet_in_match(nte, skb, info))

				continue;



			spin_unlock_bh(&nattype_lock);

			/* netfilter NATTYPE

			 * Refresh the timer, if we fail, break

			 * out and forward fail as though we never

			 * found the entry.

			 */

			if (!nattype_refresh_timer(nte))

			if (!nattype_refresh_timer((unsigned long)nte))

				break;



			/* netfilter NATTYPE
@@ -347,7 +362,6 @@ static unsigned int nattype_forward(struct sk_buff *skb, 
			 * entry values should not change so print

			 * them outside the lock.

			 */

			spin_unlock_bh(&nattype_lock);

			nattype_nte_debug_print(nte, "refresh");

			DEBUGP("FORWARD_IN_ACCEPT\n");

			return NF_ACCEPT;
@@ -417,13 +431,13 @@ static unsigned int nattype_forward(struct sk_buff *skb, 
	list_for_each_entry(nte2, &nattype_list, list) {

		if (!nattype_compare(nte, nte2))

			continue;



		spin_unlock_bh(&nattype_lock);

		/* netfilter NATTYPE

		 * If we can not refresh this entry, insert our new

		 * entry as this one is timed out and will be removed

		 * from the list shortly.

		 */

		if (!nattype_refresh_timer(nte2))

		if (!nattype_refresh_timer((unsigned long)nte2))

			break;



		/* netfilter NATTYPE
@@ -432,7 +446,6 @@ static unsigned int nattype_forward(struct sk_buff *skb, 
		 *

		 * Free up the new entry.

		 */

		spin_unlock_bh(&nattype_lock);

		nattype_nte_debug_print(nte2, "refresh");

		nattype_free(nte);

		return XT_CONTINUE;
@@ -444,6 +457,8 @@ static unsigned int nattype_forward(struct sk_buff *skb, 
	nte->timeout.expires = jiffies + (NATTYPE_TIMEOUT  * HZ);

	add_timer(&nte->timeout);

	list_add(&nte->list, &nattype_list);

	ct->nattype_entry = (unsigned long)nte;

	nte->is_valid = 1;

	spin_unlock_bh(&nattype_lock);

	nattype_nte_debug_print(nte, "ADD");

	return XT_CONTINUE;

net/netfilter/nf_conntrack_core.c

+9 −0
Original line number Diff line number Diff line
@@ -970,6 +970,10 @@ init_conntrack(struct net *net, struct nf_conn *tmpl, 
#endif

#ifdef CONFIG_NF_CONNTRACK_SECMARK

			ct->secmark = exp->master->secmark;

#endif

/* Initialize the NAT type entry. */

#if defined(CONFIG_IP_NF_TARGET_NATTYPE_MODULE)

		ct->nattype_entry = 0;

#endif

			NF_CT_STAT_INC(net, expect_new);

		}
@@ -1230,6 +1234,11 @@ void __nf_ct_refresh_acct(struct nf_conn *ct, 
			mod_timer_pending(&ct->timeout, newtime);

	}



/* Refresh the NAT type entry. */

#if defined(CONFIG_IP_NF_TARGET_NATTYPE_MODULE)

	(void)nattype_refresh_timer(ct->nattype_entry);

#endif



acct:

	if (do_acct) {

		struct nf_conn_acct *acct;