Gitiles
Code Review Sign In
review.blissroms.org / platform_vendor_qcom-opensource_data-ipa-cfg-mgr / d31030c4661ddb3429fa15fb67662b4e1dfb4b6e^1..d31030c4661ddb3429fa15fb67662b4e1dfb4b6e / .
commitd31030c4661ddb3429fa15fb67662b4e1dfb4b6e[log] [tgz]
authorLinux Build Service Account <lnxbuild@localhost>Thu Oct 24 18:10:08 2013 -0700
committerGerrit - the friendly Code Review server <code-review@localhost>Thu Oct 24 18:10:08 2013 -0700
treebd3f34ac515ea916cf6a8d4d817744201f1ece41
parent63b0a804c76e6cf82e2a07c746a208f2d5d19199 [diff]
parent57fbbb5f9a4df71ec902880874ea3b0a77157e1c [diff]
Merge "IPACM: IPANAT changes for 9x35"
diff --git a/ipacm/src/IPACM_ConntrackClient.cpp b/ipacm/src/IPACM_ConntrackClient.cpp
index 16e923f..cff8e7a 100755
--- a/ipacm/src/IPACM_ConntrackClient.cpp
+++ b/ipacm/src/IPACM_ConntrackClient.cpp

@@ -290,16 +290,16 @@
 															NFCT_FILTER_LOGIC_NEGATIVE);
 
 				nfct_filter_add_attr(filter, NFCT_FILTER_DST_IPV4, &filter_ipv4);
-			}
-		}
 
-		IPACMDBG("ignore connections orignated to interface %s\n", item->ifr_name);
+				IPACMDBG("ignore connections orignated from interface %s\n", item->ifr_name);
 		IPACM_ConntrackClient::iptodot("with ipv4 address:", filter_ipv4.addr);
 		nfct_filter_set_logic(filter,
 													NFCT_FILTER_SRC_IPV4,
 													NFCT_FILTER_LOGIC_NEGATIVE);
 
 		nfct_filter_add_attr(filter, NFCT_FILTER_SRC_IPV4, &filter_ipv4);
+			}
+		}
 
 		/* Find broadcast address for non lo interfaces */
 		if(strncmp(LO_NAME, item->ifr_name, 2) != 0)

diff --git a/ipacm/src/IPACM_ConntrackListener.cpp b/ipacm/src/IPACM_ConntrackListener.cpp
index cc7c524..bfa2f37 100755
--- a/ipacm/src/IPACM_ConntrackListener.cpp
+++ b/ipacm/src/IPACM_ConntrackListener.cpp

@@ -414,7 +414,7 @@
 
 	 if(IPS_DST_NAT & status)
 	 {
-			IPACMDBG("IPS_SRC_NAT set\n");
+			IPACMDBG("IPS_DST_NAT set\n");
 	 }
 
 	 if(IPS_SRC_NAT_DONE & status)
@@ -474,13 +474,59 @@
 	 u_int8_t tcp_state;
 	 uint32_t status = 0;
 	 NatApp *na = NULL;
+	 uint32_t orig_src_ip, orig_dst_ip;
 
 	 IPACMDBG("Received type:%d with proto:%d", type, l4proto);
 	 status = nfct_get_attr_u32(ct, ATTR_STATUS);
 
 	 if(IPS_DST_NAT & status)
 	 {
-			IPACMDBG("Destination nat flag set\n");
+		 status = IPS_DST_NAT;
+	 }
+	 else if(IPS_SRC_NAT & status)
+	 {
+		 status = IPS_SRC_NAT;
+	 }
+	 else
+	 {
+		 IPACMDBG("Neither Destination nor Source nat flag reset\n");
+		 orig_src_ip = nfct_get_attr_u32(ct, ATTR_ORIG_IPV4_SRC); 
+		 orig_src_ip = ntohl(orig_src_ip);
+		 if(orig_src_ip == 0)
+		 {
+			 IPACMERR("unable to retrieve orig src ip address\n");
+			 return;
+		 }
+
+		 orig_dst_ip = nfct_get_attr_u32(ct, ATTR_ORIG_IPV4_DST);
+		 orig_dst_ip = ntohl(orig_dst_ip);
+		 if(orig_dst_ip == 0)
+		 {
+			 IPACMERR("unable to retrieve orig dst ip address\n");
+			 return;
+		 }
+
+		 if(orig_src_ip == wan_ipaddr)
+		 {
+			 IPACMDBG("orig src ip: equal to wan ip\n",orig_src_ip);
+			 status = IPS_SRC_NAT;
+		 }
+		 else if(orig_dst_ip == wan_ipaddr)
+		 {
+			 IPACMDBG("orig Dst IP: equal to wan ip\n",orig_dst_ip);
+			 status = IPS_DST_NAT;
+		 }
+		 else
+		 {
+			 IPACMDBG("Neither orig src ip:%d Nor orig Dst IP:%d equal to wan ip:%d\n",
+						orig_src_ip, orig_dst_ip, wan_ipaddr);
+			 return;
+		 }
+	 }
+
+	 if(IPS_DST_NAT == status)
+	 {
+			IPACMDBG("Destination NAT\n");
 			rule.dst_nat = true;
 
 			IPACMDBG("Parse reply tuple\n");
@@ -514,9 +560,9 @@
 				 IPACMDBG("unable to retrieve private port\n");
 			}
 	 }
-	 else
+	 else if(IPS_SRC_NAT == status)
 	 {
-			IPACMDBG("destination nat flag reset\n");
+			IPACMDBG("Source NAT\n");
 			rule.dst_nat = false;
 
 			/* Retriev target/dst ip address */
@@ -559,9 +605,18 @@
 				 IPACMDBG("unable to retrieve private port\n");
 			}
 	 }
+	 else
+	 {
+		 IPACMDBG("Neither source Nor destination nat\n");
+		 goto IGNORE;
+		 return;
+	 }
+
 	 /* Retrieve Protocol */
 	 rule.protocol = nfct_get_attr_u8(ct, ATTR_REPL_L4PROTO);
 
+	 if(rule.private_ip != wan_ipaddr)
+	 {
 	 int cnt;
 	 for(cnt = 0; cnt <MAX_NAT_IFACES; cnt++)
 	 {
@@ -579,10 +634,11 @@
 	 
 	 if(cnt == MAX_NAT_IFACES)
 	 {
-		 IPACM_ConntrackClient::iptodot("ProcessTCPorUDPMsg(): ignoring nat rule with private ip",
-																		rule.private_ip);
+			 IPACMDBG("Not mtaching with nat ifaces\n")
+			 goto IGNORE;
 		 return;
 	 }
+	 }
 	 
 	 IPACMDBG("Nat Entry with below information will be added\n");
 	 IPACM_ConntrackClient::iptodot("target ip or dst ip", rule.target_ip);
@@ -646,6 +702,17 @@
 	 }
 
 	 return;
+
+IGNORE:
+	IPACMDBG("ignoring below Nat Entry\n");
+	IPACM_ConntrackClient::iptodot("target ip or dst ip", rule.target_ip);
+	IPACMDBG("target port or dst port: 0x%x Decimal:%d\n", rule.target_port, rule.target_port);
+	IPACM_ConntrackClient::iptodot("private ip or src ip", rule.private_ip);
+	IPACMDBG("private port or src port: 0x%x, Decimal:%d\n", rule.private_port, rule.private_port);
+	IPACMDBG("public port or reply dst port: 0x%x, Decimal:%d\n", rule.public_port, rule.public_port);
+	IPACMDBG("Protocol: %d, destination nat flag: %d\n", rule.protocol, rule.dst_nat);
+
+	return;
 }