IPACM: Delete nat entries from cache
On receiving connection destroy event delete nat
entries from both temp and cache
Acked-by: Sunil Paidimarri <hisunil@qti.qualcomm.com>
Change-Id: I500430fe4ae22d74433c4d9f664869c1dc2140d8
diff --git a/ipacm/src/IPACM_ConntrackListener.cpp b/ipacm/src/IPACM_ConntrackListener.cpp
index 4ad0164..996dbfa 100644
--- a/ipacm/src/IPACM_ConntrackListener.cpp
+++ b/ipacm/src/IPACM_ConntrackListener.cpp
@@ -955,14 +955,8 @@
IPACMDBG("TCP state TCP_CONNTRACK_FIN_WAIT(%d) "
"or type NFCT_T_DESTROY(%d)\n", tcp_state, type);
- if(isTempEntry)
- {
- nat_inst->DeleteTempEntry(&rule);
- }
- else
- {
- nat_inst->DeleteEntry(&rule);
- }
+ nat_inst->DeleteEntry(&rule);
+ nat_inst->DeleteTempEntry(&rule);
}
else
{
@@ -997,14 +991,8 @@
else if(NFCT_T_DESTROY == type)
{
IPACMDBG("UDP connection close at time %ld\n", time(NULL));
- if(isTempEntry)
- {
- nat_inst->DeleteTempEntry(&rule);
- }
- else
- {
- nat_inst->DeleteEntry(&rule);
- }
+ nat_inst->DeleteEntry(&rule);
+ nat_inst->DeleteTempEntry(&rule);
}
}
else
diff --git a/ipacm/src/IPACM_Conntrack_NATApp.cpp b/ipacm/src/IPACM_Conntrack_NATApp.cpp
index bf0daac..9f49f20 100644
--- a/ipacm/src/IPACM_Conntrack_NATApp.cpp
+++ b/ipacm/src/IPACM_Conntrack_NATApp.cpp
@@ -479,7 +479,8 @@
ret = nfct_query(ct_hdl, NFCT_Q_UPDATE, ct);
if(ret == -1)
{
- PERROR("unable to update time stamp");
+ IPACMERR("unable to update time stamp");
+ DeleteEntry(rule);
}
else
{
@@ -688,12 +689,30 @@
{
int cnt;
- IPACMDBG("Received below nat entry\n");
+ IPACMDBG("Received below Temp Nat entry\n");
iptodot("Private IP", new_entry->private_ip);
iptodot("Target IP", new_entry->target_ip);
IPACMDBG("Private Port: %d\t Target Port: %d\t", new_entry->private_port, new_entry->target_port);
IPACMDBG("protocolcol: %d\n", new_entry->protocol);
+ if(ChkForDup(new_entry))
+ {
+ return;
+ }
+
+ for(cnt=0; cnt<MAX_TEMP_ENTRIES; cnt++)
+ {
+ if(temp[cnt].private_ip == new_entry->private_ip &&
+ temp[cnt].target_ip == new_entry->target_ip &&
+ temp[cnt].private_port == new_entry->private_port &&
+ temp[cnt].target_port == new_entry->target_port &&
+ temp[cnt].protocol == new_entry->protocol)
+ {
+ IPACMDBG("Received duplicate Temp entry\n");
+ return;
+ }
+ }
+
for(cnt=0; cnt<MAX_TEMP_ENTRIES; cnt++)
{
if(temp[cnt].private_ip == 0 &&
@@ -705,7 +724,7 @@
}
}
- IPACMDBG("unable to add temp entry, cache full\n");
+ IPACMDBG("Unable to add temp entry, cache full\n");
return;
}
@@ -733,7 +752,7 @@
}
}
- IPACMDBG("No Such Entry exists\n");
+ IPACMDBG("No Such Temp Entry exists\n");
return;
}
@@ -827,6 +846,7 @@
return -1;
}
+
for(cnt = 0; cnt < max_entries; cnt++)
{
if(cache[cnt].target_ip == ip_addr)
diff --git a/ipanat/inc/ipa_nat_drvi.h b/ipanat/inc/ipa_nat_drvi.h
index 4c9f5f3..002c025 100644
--- a/ipanat/inc/ipa_nat_drvi.h
+++ b/ipanat/inc/ipa_nat_drvi.h
@@ -316,6 +316,9 @@
#ifdef IPA_ON_R3PC
uint32_t mmap_offset;
#endif
+
+ uint16_t cur_tbl_cnt;
+ uint16_t cur_expn_tbl_cnt;
};
struct ipa_nat_cache {
diff --git a/ipanat/src/ipa_nat_drvi.c b/ipanat/src/ipa_nat_drvi.c
index 32114b5..8ba2bdb 100644
--- a/ipanat/src/ipa_nat_drvi.c
+++ b/ipanat/src/ipa_nat_drvi.c
@@ -484,12 +484,18 @@
tbl_ptr = &ipv4_nat_cache.ip4_tbl[tbl_hdl-1];
if (tbl_entry >= tbl_ptr->table_entries) {
+ /* Increase the current expansion table count */
+ tbl_ptr->cur_expn_tbl_cnt++;
+
/* Update the index into table */
rule_hdl = tbl_entry - tbl_ptr->table_entries;
rule_hdl = (rule_hdl << IPA_NAT_RULE_HDL_TBL_TYPE_BITS);
/* Update the table type mask */
rule_hdl = (rule_hdl | IPA_NAT_RULE_HDL_TBL_TYPE_MASK);
} else {
+ /* Increase the current count */
+ tbl_ptr->cur_tbl_cnt++;
+
rule_hdl = tbl_entry;
rule_hdl = (rule_hdl << IPA_NAT_RULE_HDL_TBL_TYPE_BITS);
}
@@ -1152,11 +1158,13 @@
/* On collision check for the free entry in expansion table */
new_entry = ipa_nati_expn_tbl_free_entry(expn_tbl,
- tbl_ptr->expn_table_entries);
+ tbl_ptr->expn_table_entries);
if (IPA_NAT_INVALID_NAT_ENTRY == new_entry) {
/* Expansion table is full return*/
- IPAERR("expansion table is full\n");
+ IPAERR("Expansion table is full\n");
+ IPAERR("Current Table: %d & Expn Entries: %d\n",
+ tbl_ptr->cur_tbl_cnt, tbl_ptr->cur_expn_tbl_cnt);
return IPA_NAT_INVALID_NAT_ENTRY;
}
new_entry += tbl_ptr->table_entries;
@@ -1239,13 +1247,14 @@
}
/* On collision check for the free entry in expansion table */
- new_entry = ipa_nati_index_expn_get_free_entry(
- indx_expn_tbl,
- tbl_ptr->expn_table_entries);
+ new_entry = ipa_nati_index_expn_get_free_entry(indx_expn_tbl,
+ tbl_ptr->expn_table_entries);
if (IPA_NAT_INVALID_NAT_ENTRY == new_entry) {
/* Expansion table is full return*/
- IPAERR("index expansion table is full\n");
+ IPAERR("Index expansion table is full\n");
+ IPAERR("Current Table: %d & Expn Entries: %d\n",
+ tbl_ptr->cur_tbl_cnt, tbl_ptr->cur_expn_tbl_cnt);
return IPA_NAT_INVALID_NAT_ENTRY;
}
new_entry += tbl_ptr->table_entries;