diff options
Diffstat (limited to 'data-ipa-cfg-mgr/ipacm/src/IPACM_Conntrack_NATApp.cpp')
| -rw-r--r-- | data-ipa-cfg-mgr/ipacm/src/IPACM_Conntrack_NATApp.cpp | 1051 |
1 files changed, 0 insertions, 1051 deletions
diff --git a/data-ipa-cfg-mgr/ipacm/src/IPACM_Conntrack_NATApp.cpp b/data-ipa-cfg-mgr/ipacm/src/IPACM_Conntrack_NATApp.cpp deleted file mode 100644 index 4004597..0000000 --- a/data-ipa-cfg-mgr/ipacm/src/IPACM_Conntrack_NATApp.cpp +++ /dev/null @@ -1,1051 +0,0 @@ -/* -Copyright (c) 2013-2018, The Linux Foundation. All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are -met: - * Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above - copyright notice, this list of conditions and the following - disclaimer in the documentation and/or other materials provided - with the distribution. - * Neither the name of The Linux Foundation nor the names of its - contributors may be used to endorse or promote products derived - from this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED -WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT -ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS -BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR -BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, -WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE -OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN -IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -*/ -#include "IPACM_Conntrack_NATApp.h" -#include "IPACM_ConntrackClient.h" -#ifdef FEATURE_IPACM_HAL -#include "IPACM_OffloadManager.h" -#endif -#include "IPACM_Iface.h" - -#define INVALID_IP_ADDR 0x0 - -#define HDR_METADATA_MUX_ID_BMASK 0x00FF0000 -#define HDR_METADATA_MUX_ID_SHFT 0x10 - -/* NatApp class Implementation */ -NatApp *NatApp::pInstance = NULL; -NatApp::NatApp() -{ - max_entries = 0; - cache = NULL; - - nat_table_hdl = 0; - pub_ip_addr = 0; - - curCnt = 0; - - pALGPorts = NULL; - nALGPort = 0; - - ct = NULL; - ct_hdl = NULL; - - memset(temp, 0, sizeof(temp)); -} - -int NatApp::Init(void) -{ - IPACM_Config *pConfig; - int size = 0; - - pConfig = IPACM_Config::GetInstance(); - if(pConfig == NULL) - { - IPACMERR("Unable to get Config instance\n"); - return -1; - } - - max_entries = pConfig->GetNatMaxEntries(); - - size = (sizeof(nat_table_entry) * max_entries); - cache = (nat_table_entry *)malloc(size); - if(cache == NULL) - { - IPACMERR("Unable to allocate memory for cache\n"); - goto fail; - } - IPACMDBG("Allocated %d bytes for config manager nat cache\n", size); - memset(cache, 0, size); - - nALGPort = pConfig->GetAlgPortCnt(); - if(nALGPort > 0) - { - pALGPorts = (ipacm_alg *)malloc(sizeof(ipacm_alg) * nALGPort); - if(pALGPorts == NULL) - { - IPACMERR("Unable to allocate memory for alg prots\n"); - goto fail; - } - memset(pALGPorts, 0, sizeof(ipacm_alg) * nALGPort); - - pConfig->GetAlgPorts(nALGPort, pALGPorts); - - IPACMDBG("Printing %d alg ports information\n", nALGPort); - for(int cnt=0; cnt<nALGPort; cnt++) - { - IPACMDBG("%d: Proto[%d], port[%d]\n", cnt, pALGPorts[cnt].protocol, pALGPorts[cnt].port); - } - } - else - { - IPACMERR("Unable to retrieve ALG prot count\n"); - goto fail; - } - - return 0; - -fail: - if(cache != NULL) - { - free(cache); - } - if(pALGPorts != NULL) - { - free(pALGPorts); - } - return -1; -} - -NatApp* NatApp::GetInstance() -{ - if(pInstance == NULL) - { - pInstance = new NatApp(); - - if(pInstance->Init()) - { - delete pInstance; - return NULL; - } - } - - return pInstance; -} - -uint32_t NatApp::GenerateMetdata(uint8_t mux_id) -{ - return (mux_id << HDR_METADATA_MUX_ID_SHFT) & HDR_METADATA_MUX_ID_BMASK; -} - -/* NAT APP related object function definitions */ - -int NatApp::AddTable(uint32_t pub_ip, uint8_t mux_id) -{ - int ret; - int cnt = 0; - ipa_nat_ipv4_rule nat_rule; - IPACMDBG_H("%s() %d\n", __FUNCTION__, __LINE__); - - /* Not reset the cache wait it timeout by destroy event */ -#if 0 - if (pub_ip != pub_ip_addr_pre) - { - IPACMDBG("Reset the cache because NAT-ipv4 different\n"); - memset(cache, 0, sizeof(nat_table_entry) * max_entries); - curCnt = 0; - } -#endif - ret = ipa_nat_add_ipv4_tbl(pub_ip, max_entries, &nat_table_hdl); - if(ret) - { - IPACMERR("unable to create nat table Error:%d\n", ret); - return ret; - } - if(IPACM_Iface::ipacmcfg->GetIPAVer() >= IPA_HW_v4_0) { - /* modify PDN 0 so it will hold the mux ID in the src metadata field */ - ipa_nat_pdn_entry entry; - - entry.dst_metadata = 0; - entry.src_metadata = GenerateMetdata(mux_id); - entry.public_ip = pub_ip; - ret = ipa_nat_modify_pdn(nat_table_hdl, 0, &entry); - if(ret) - { - IPACMERR("unable to modify PDN 0 entry Error:%d INIT_HDR_METADATA register values will be used!\n", ret); - } - } - - /* Add back the cached NAT-entry */ - if (pub_ip == pub_ip_addr_pre) - { - IPACMDBG("Restore the cache to ipa NAT-table\n"); - for(cnt = 0; cnt < max_entries; cnt++) - { - if(cache[cnt].private_ip !=0) - { - memset(&nat_rule, 0 , sizeof(nat_rule)); - nat_rule.private_ip = cache[cnt].private_ip; - nat_rule.target_ip = cache[cnt].target_ip; - nat_rule.target_port = cache[cnt].target_port; - nat_rule.private_port = cache[cnt].private_port; - nat_rule.public_port = cache[cnt].public_port; - nat_rule.protocol = cache[cnt].protocol; - - if(ipa_nat_add_ipv4_rule(nat_table_hdl, &nat_rule, &cache[cnt].rule_hdl) < 0) - { - IPACMERR("unable to add the rule delete from cache\n"); - memset(&cache[cnt], 0, sizeof(cache[cnt])); - curCnt--; - continue; - } - cache[cnt].enabled = true; - - IPACMDBG("On wan-iface reset added below rule successfully\n"); - iptodot("Private IP", nat_rule.private_ip); - iptodot("Target IP", nat_rule.target_ip); - IPACMDBG("Private Port:%d \t Target Port: %d\t", nat_rule.private_port, nat_rule.target_port); - IPACMDBG("Public Port:%d\n", nat_rule.public_port); - IPACMDBG("protocol: %d\n", nat_rule.protocol); - } - } - } - - pub_ip_addr = pub_ip; - return 0; -} - -void NatApp::Reset() -{ - int cnt = 0; - - nat_table_hdl = 0; - pub_ip_addr = 0; - /* NAT tbl deleted, reset enabled bit */ - for(cnt = 0; cnt < max_entries; cnt++) - { - cache[cnt].enabled = false; - } -} - -int NatApp::DeleteTable(uint32_t pub_ip) -{ - int ret; - IPACMDBG_H("%s() %d\n", __FUNCTION__, __LINE__); - - CHK_TBL_HDL(); - - if(pub_ip_addr != pub_ip) - { - IPACMDBG("Public ip address is not matching\n"); - IPACMERR("unable to delete the nat table\n"); - return -1; - } - - ret = ipa_nat_del_ipv4_tbl(nat_table_hdl); - if(ret) - { - IPACMERR("unable to delete nat table Error: %d\n", ret);; - return ret; - } - - pub_ip_addr_pre = pub_ip_addr; - Reset(); - return 0; -} - -/* Check for duplicate entries */ -bool NatApp::ChkForDup(const nat_table_entry *rule) -{ - int cnt = 0; - IPACMDBG("%s() %d\n", __FUNCTION__, __LINE__); - - for(; cnt < max_entries; cnt++) - { - if(cache[cnt].private_ip == rule->private_ip && - cache[cnt].target_ip == rule->target_ip && - cache[cnt].private_port == rule->private_port && - cache[cnt].target_port == rule->target_port && - cache[cnt].protocol == rule->protocol) - { - log_nat(rule->protocol,rule->private_ip,rule->target_ip,rule->private_port,\ - rule->target_port,"Duplicate Rule\n"); - return true; - } - } - - return false; -} - -/* Delete the entry from Nat table on connection close */ -int NatApp::DeleteEntry(const nat_table_entry *rule) -{ - int cnt = 0; - IPACMDBG("%s() %d\n", __FUNCTION__, __LINE__); - - log_nat(rule->protocol,rule->private_ip,rule->target_ip,rule->private_port,\ - rule->target_port,"for deletion\n"); - - - for(; cnt < max_entries; cnt++) - { - if(cache[cnt].private_ip == rule->private_ip && - cache[cnt].target_ip == rule->target_ip && - cache[cnt].private_port == rule->private_port && - cache[cnt].target_port == rule->target_port && - cache[cnt].protocol == rule->protocol) - { - - if(cache[cnt].enabled == true) - { - if(ipa_nat_del_ipv4_rule(nat_table_hdl, cache[cnt].rule_hdl) < 0) - { - IPACMERR("%s() %d deletion failed\n", __FUNCTION__, __LINE__); - } - - IPACMDBG_H("Deleted Nat entry(%d) Successfully\n", cnt); - } - else - { - IPACMDBG_H("Deleted Nat entry(%d) only from cache\n", cnt); - } - - memset(&cache[cnt], 0, sizeof(cache[cnt])); - curCnt--; - break; - } - } - - return 0; -} - -/* Add new entry to the nat table on new connection */ -int NatApp::AddEntry(const nat_table_entry *rule) -{ - int cnt = 0; - ipa_nat_ipv4_rule nat_rule; - - IPACMDBG("%s() %d\n", __FUNCTION__, __LINE__); - - CHK_TBL_HDL(); - log_nat(rule->protocol,rule->private_ip,rule->target_ip,rule->private_port,\ - rule->target_port,"for addition\n"); - if(isAlgPort(rule->protocol, rule->private_port) || - isAlgPort(rule->protocol, rule->target_port)) - { - IPACMERR("connection using ALG Port, ignore\n"); - return -1; - } - - if(rule->private_ip == 0 || - rule->target_ip == 0 || - rule->private_port == 0 || - rule->target_port == 0 || - rule->protocol == 0) - { - IPACMERR("Invalid Connection, ignoring it\n"); - return 0; - } - - if(!ChkForDup(rule)) - { - for(; cnt < max_entries; cnt++) - { - if(cache[cnt].private_ip == 0 && - cache[cnt].target_ip == 0 && - cache[cnt].private_port == 0 && - cache[cnt].target_port == 0 && - cache[cnt].protocol == 0) - { - break; - } - } - - if(max_entries == cnt) - { - IPACMERR("Error: Unable to add, reached maximum rules\n"); - return -1; - } - else - { - memset(&nat_rule, 0, sizeof(nat_rule)); - nat_rule.private_ip = rule->private_ip; - nat_rule.target_ip = rule->target_ip; - nat_rule.target_port = rule->target_port; - nat_rule.private_port = rule->private_port; - nat_rule.public_port = rule->public_port; - nat_rule.protocol = rule->protocol; - - if(isPwrSaveIf(rule->private_ip) || - isPwrSaveIf(rule->target_ip)) - { - IPACMDBG("Device is Power Save mode: Dont insert into nat table but cache\n"); - cache[cnt].enabled = false; - cache[cnt].rule_hdl = 0; - } - else - { - - if(ipa_nat_add_ipv4_rule(nat_table_hdl, &nat_rule, &cache[cnt].rule_hdl) < 0) - { - IPACMERR("unable to add the rule\n"); - return -1; - } - - cache[cnt].enabled = true; - } - - cache[cnt].private_ip = rule->private_ip; - cache[cnt].target_ip = rule->target_ip; - cache[cnt].target_port = rule->target_port; - cache[cnt].private_port = rule->private_port; - cache[cnt].protocol = rule->protocol; - cache[cnt].timestamp = 0; - cache[cnt].public_port = rule->public_port; - cache[cnt].dst_nat = rule->dst_nat; - curCnt++; - } - - } - else - { - IPACMERR("Duplicate rule. Ignore it\n"); - return -1; - } - - if(cache[cnt].enabled == true) - { - IPACMDBG_H("Added rule(%d) successfully\n", cnt); - } - else - { - IPACMDBG_H("Cached rule(%d) successfully\n", cnt); - } - - return 0; -} - -void NatApp::UpdateCTUdpTs(nat_table_entry *rule, uint32_t new_ts) -{ -#ifdef FEATURE_IPACM_HAL - IOffloadManager::ConntrackTimeoutUpdater::natTimeoutUpdate_t entry; - IPACM_OffloadManager* OffloadMng; -#endif - iptodot("Private IP:", rule->private_ip); - iptodot("Target IP:", rule->target_ip); - IPACMDBG("Private Port: %d, Target Port: %d\n", rule->private_port, rule->target_port); - -#ifndef FEATURE_IPACM_HAL - int ret; - if(!ct_hdl) - { - ct_hdl = nfct_open(CONNTRACK, 0); - if(!ct_hdl) - { - PERROR("nfct_open"); - return; - } - } - - if(!ct) - { - ct = nfct_new(); - if(!ct) - { - PERROR("nfct_new"); - return; - } - } - - nfct_set_attr_u8(ct, ATTR_L3PROTO, AF_INET); - if(rule->protocol == IPPROTO_UDP) - { - nfct_set_attr_u8(ct, ATTR_L4PROTO, rule->protocol); - nfct_set_attr_u32(ct, ATTR_TIMEOUT, udp_timeout); - } - else - { - nfct_set_attr_u8(ct, ATTR_L4PROTO, rule->protocol); - nfct_set_attr_u32(ct, ATTR_TIMEOUT, tcp_timeout); - } - - if(rule->dst_nat == false) - { - nfct_set_attr_u32(ct, ATTR_IPV4_SRC, htonl(rule->private_ip)); - nfct_set_attr_u16(ct, ATTR_PORT_SRC, htons(rule->private_port)); - - nfct_set_attr_u32(ct, ATTR_IPV4_DST, htonl(rule->target_ip)); - nfct_set_attr_u16(ct, ATTR_PORT_DST, htons(rule->target_port)); - - IPACMDBG("dst nat is not set\n"); - } - else - { - nfct_set_attr_u32(ct, ATTR_IPV4_SRC, htonl(rule->target_ip)); - nfct_set_attr_u16(ct, ATTR_PORT_SRC, htons(rule->target_port)); - - nfct_set_attr_u32(ct, ATTR_IPV4_DST, htonl(pub_ip_addr)); - nfct_set_attr_u16(ct, ATTR_PORT_DST, htons(rule->public_port)); - - IPACMDBG("dst nat is set\n"); - } - - iptodot("Source IP:", nfct_get_attr_u32(ct, ATTR_IPV4_SRC)); - iptodot("Destination IP:", nfct_get_attr_u32(ct, ATTR_IPV4_DST)); - IPACMDBG("Source Port: %d, Destination Port: %d\n", - nfct_get_attr_u16(ct, ATTR_PORT_SRC), nfct_get_attr_u16(ct, ATTR_PORT_DST)); - - IPACMDBG("updating %d connection with time: %d\n", - rule->protocol, nfct_get_attr_u32(ct, ATTR_TIMEOUT)); - - ret = nfct_query(ct_hdl, NFCT_Q_UPDATE, ct); - if(ret == -1) - { - IPACMERR("unable to update time stamp"); - DeleteEntry(rule); - } - else - { - rule->timestamp = new_ts; - IPACMDBG("Updated time stamp successfully\n"); - } -#else - if(rule->protocol == IPPROTO_UDP) - { - entry.proto = IOffloadManager::ConntrackTimeoutUpdater::UDP;; - } - else - { - entry.proto = IOffloadManager::ConntrackTimeoutUpdater::TCP; - } - - if(rule->dst_nat == false) - { - entry.src.ipAddr = htonl(rule->private_ip); - entry.src.port = rule->private_port; - entry.dst.ipAddr = htonl(rule->target_ip); - entry.dst.port = rule->target_port; - IPACMDBG("dst nat is not set\n"); - } - else - { - entry.src.ipAddr = htonl(rule->target_ip); - entry.src.port = rule->target_port; - entry.dst.ipAddr = htonl(pub_ip_addr); - entry.dst.port = rule->public_port; - IPACMDBG("dst nat is set\n"); - } - - iptodot("Source IP:", entry.src.ipAddr); - iptodot("Destination IP:", entry.dst.ipAddr); - IPACMDBG("Source Port: %d, Destination Port: %d\n", - entry.src.port, entry.dst.port); - - OffloadMng = IPACM_OffloadManager::GetInstance(); - if (OffloadMng->touInstance == NULL) { - IPACMERR("OffloadMng->touInstance is NULL, can't forward to framework!\n"); - } else { - OffloadMng->touInstance->updateTimeout(entry); - IPACMDBG("Updated time stamp successfully\n"); - rule->timestamp = new_ts; - } -#endif - return; -} - -void NatApp::UpdateUDPTimeStamp() -{ - int cnt; - uint32_t ts; - bool read_to = false; - - for(cnt = 0; cnt < max_entries; cnt++) - { - ts = 0; - if(cache[cnt].enabled == true && - (cache[cnt].private_ip != cache[cnt].public_ip)) - { - IPACMDBG("\n"); - if(ipa_nat_query_timestamp(nat_table_hdl, cache[cnt].rule_hdl, &ts) < 0) - { - IPACMERR("unable to retrieve timeout for rule hanle: %d\n", cache[cnt].rule_hdl); - continue; - } - - if(cache[cnt].timestamp == ts) - { - IPACMDBG("No Change in Time Stamp: cahce:%d, ipahw:%d\n", - cache[cnt].timestamp, ts); - continue; - } - - if (read_to == false) { - read_to = true; - Read_TcpUdp_Timeout(); - } - - UpdateCTUdpTs(&cache[cnt], ts); - } /* end of outer if */ - - } /* end of for loop */ - -} - -bool NatApp::isAlgPort(uint8_t proto, uint16_t port) -{ - int cnt; - for(cnt = 0; cnt < nALGPort; cnt++) - { - if(proto == pALGPorts[cnt].protocol && - port == pALGPorts[cnt].port) - { - return true; - } - } - - return false; -} - -bool NatApp::isPwrSaveIf(uint32_t ip_addr) -{ - int cnt; - - for(cnt = 0; cnt < IPA_MAX_NUM_WIFI_CLIENTS; cnt++) - { - if(0 != PwrSaveIfs[cnt] && - ip_addr == PwrSaveIfs[cnt]) - { - return true; - } - } - - return false; -} - -int NatApp::UpdatePwrSaveIf(uint32_t client_lan_ip) -{ - int cnt; - IPACMDBG_H("Received IP address: 0x%x\n", client_lan_ip); - - if(client_lan_ip == INVALID_IP_ADDR) - { - IPACMERR("Invalid ip address received\n"); - return -1; - } - - /* check for duplicate events */ - for(cnt = 0; cnt < IPA_MAX_NUM_WIFI_CLIENTS; cnt++) - { - if(PwrSaveIfs[cnt] == client_lan_ip) - { - IPACMDBG("The client 0x%x is already in power save\n", client_lan_ip); - return 0; - } - } - - for(cnt = 0; cnt < IPA_MAX_NUM_WIFI_CLIENTS; cnt++) - { - if(PwrSaveIfs[cnt] == 0) - { - PwrSaveIfs[cnt] = client_lan_ip; - break; - } - } - - for(cnt = 0; cnt < max_entries; cnt++) - { - if(cache[cnt].private_ip == client_lan_ip && - cache[cnt].enabled == true) - { - if(ipa_nat_del_ipv4_rule(nat_table_hdl, cache[cnt].rule_hdl) < 0) - { - IPACMERR("unable to delete the rule\n"); - continue; - } - - cache[cnt].enabled = false; - cache[cnt].rule_hdl = 0; - } - } - - return 0; -} - -int NatApp::ResetPwrSaveIf(uint32_t client_lan_ip) -{ - int cnt; - ipa_nat_ipv4_rule nat_rule; - - IPACMDBG_H("Received ip address: 0x%x\n", client_lan_ip); - - if(client_lan_ip == INVALID_IP_ADDR) - { - IPACMERR("Invalid ip address received\n"); - return -1; - } - - for(cnt = 0; cnt < IPA_MAX_NUM_WIFI_CLIENTS; cnt++) - { - if(PwrSaveIfs[cnt] == client_lan_ip) - { - PwrSaveIfs[cnt] = 0; - break; - } - } - - for(cnt = 0; cnt < max_entries; cnt++) - { - IPACMDBG("cache (%d): enable %d, ip 0x%x\n", cnt, cache[cnt].enabled, cache[cnt].private_ip); - - if(cache[cnt].private_ip == client_lan_ip && - cache[cnt].enabled == false) - { - memset(&nat_rule, 0 , sizeof(nat_rule)); - nat_rule.private_ip = cache[cnt].private_ip; - nat_rule.target_ip = cache[cnt].target_ip; - nat_rule.target_port = cache[cnt].target_port; - nat_rule.private_port = cache[cnt].private_port; - nat_rule.public_port = cache[cnt].public_port; - nat_rule.protocol = cache[cnt].protocol; - - if(ipa_nat_add_ipv4_rule(nat_table_hdl, &nat_rule, &cache[cnt].rule_hdl) < 0) - { - IPACMERR("unable to add the rule delete from cache\n"); - memset(&cache[cnt], 0, sizeof(cache[cnt])); - curCnt--; - continue; - } - cache[cnt].enabled = true; - - IPACMDBG("On power reset added below rule successfully\n"); - iptodot("Private IP", nat_rule.private_ip); - iptodot("Target IP", nat_rule.target_ip); - IPACMDBG("Private Port:%d \t Target Port: %d\t", nat_rule.private_port, nat_rule.target_port); - IPACMDBG("Public Port:%d\n", nat_rule.public_port); - IPACMDBG("protocol: %d\n", nat_rule.protocol); - - } - } - - return -1; -} - -uint32_t NatApp::GetTableHdl(uint32_t in_ip_addr) -{ - if(in_ip_addr == pub_ip_addr) - { - return nat_table_hdl; - } - - return -1; -} - -void NatApp::AddTempEntry(const nat_table_entry *new_entry) -{ - int cnt; - - IPACMDBG("Received below Temp Nat entry\n"); - iptodot("Private IP", new_entry->private_ip); - iptodot("Target IP", new_entry->target_ip); - IPACMDBG("Private Port: %d\t Target Port: %d\t", new_entry->private_port, new_entry->target_port); - IPACMDBG("protocolcol: %d\n", new_entry->protocol); - - if(isAlgPort(new_entry->protocol, new_entry->private_port) || - isAlgPort(new_entry->protocol, new_entry->target_port)) - { - IPACMDBG("connection using ALG Port. Dont insert into nat cache\n"); - return; - } - - if(ChkForDup(new_entry)) - { - return; - } - - for(cnt=0; cnt<MAX_TEMP_ENTRIES; cnt++) - { - if(temp[cnt].private_ip == new_entry->private_ip && - temp[cnt].target_ip == new_entry->target_ip && - temp[cnt].private_port == new_entry->private_port && - temp[cnt].target_port == new_entry->target_port && - temp[cnt].protocol == new_entry->protocol) - { - IPACMDBG("Received duplicate Temp entry\n"); - return; - } - } - - for(cnt=0; cnt<MAX_TEMP_ENTRIES; cnt++) - { - if(temp[cnt].private_ip == 0 && - temp[cnt].target_ip == 0) - { - memcpy(&temp[cnt], new_entry, sizeof(nat_table_entry)); - IPACMDBG("Added Temp Entry\n"); - return; - } - } - - IPACMDBG("Unable to add temp entry, cache full\n"); - return; -} - -void NatApp::DeleteTempEntry(const nat_table_entry *entry) -{ - int cnt; - - IPACMDBG("Received below nat entry\n"); - iptodot("Private IP", entry->private_ip); - iptodot("Target IP", entry->target_ip); - IPACMDBG("Private Port: %d\t Target Port: %d\n", entry->private_port, entry->target_port); - IPACMDBG("protocol: %d\n", entry->protocol); - - for(cnt=0; cnt<MAX_TEMP_ENTRIES; cnt++) - { - if(temp[cnt].private_ip == entry->private_ip && - temp[cnt].target_ip == entry->target_ip && - temp[cnt].private_port == entry->private_port && - temp[cnt].target_port == entry->target_port && - temp[cnt].protocol == entry->protocol) - { - memset(&temp[cnt], 0, sizeof(nat_table_entry)); - IPACMDBG("Delete Temp Entry\n"); - return; - } - } - - IPACMDBG("No Such Temp Entry exists\n"); - return; -} - -void NatApp::FlushTempEntries(uint32_t ip_addr, bool isAdd, - bool isDummy) -{ - int cnt; - int ret; - - IPACMDBG_H("Received below with isAdd:%d ", isAdd); - iptodot("IP Address: ", ip_addr); - - for(cnt=0; cnt<MAX_TEMP_ENTRIES; cnt++) - { - if(temp[cnt].private_ip == ip_addr || - temp[cnt].target_ip == ip_addr) - { - if(isAdd) - { - if(temp[cnt].public_ip == pub_ip_addr) - { - if (isDummy) { - /* To avoild DL expections for non IPA path */ - temp[cnt].private_ip = temp[cnt].public_ip; - temp[cnt].private_port = temp[cnt].public_port; - IPACMDBG("Flushing dummy temp rule"); - iptodot("Private IP", temp[cnt].private_ip); - } - - ret = AddEntry(&temp[cnt]); - if(ret) - { - IPACMERR("unable to add temp entry: %d\n", ret); - continue; - } - } - } - memset(&temp[cnt], 0, sizeof(nat_table_entry)); - } - } - - return; -} - -int NatApp::DelEntriesOnClntDiscon(uint32_t ip_addr) -{ - int cnt, tmp = 0; - IPACMDBG_H("Received IP address: 0x%x\n", ip_addr); - - if(ip_addr == INVALID_IP_ADDR) - { - IPACMERR("Invalid ip address received\n"); - return -1; - } - - for(cnt = 0; cnt < IPA_MAX_NUM_WIFI_CLIENTS; cnt++) - { - if(PwrSaveIfs[cnt] == ip_addr) - { - PwrSaveIfs[cnt] = 0; - IPACMDBG("Remove %d power save entry\n", cnt); - break; - } - } - - for(cnt = 0; cnt < max_entries; cnt++) - { - if(cache[cnt].private_ip == ip_addr) - { - if(cache[cnt].enabled == true) - { - if(ipa_nat_del_ipv4_rule(nat_table_hdl, cache[cnt].rule_hdl) < 0) - { - IPACMERR("unable to delete the rule\n"); - continue; - } - else - { - IPACMDBG("won't delete the rule\n"); - cache[cnt].enabled = false; - tmp++; - } - } - IPACMDBG("won't delete the rule for entry %d, enabled %d\n",cnt, cache[cnt].enabled); - } - } - - IPACMDBG("Deleted (but cached) %d entries\n", tmp); - return 0; -} - -int NatApp::DelEntriesOnSTAClntDiscon(uint32_t ip_addr) -{ - int cnt, tmp = curCnt; - IPACMDBG_H("Received IP address: 0x%x\n", ip_addr); - - if(ip_addr == INVALID_IP_ADDR) - { - IPACMERR("Invalid ip address received\n"); - return -1; - } - - - for(cnt = 0; cnt < max_entries; cnt++) - { - if(cache[cnt].target_ip == ip_addr) - { - if(cache[cnt].enabled == true) - { - if(ipa_nat_del_ipv4_rule(nat_table_hdl, cache[cnt].rule_hdl) < 0) - { - IPACMERR("unable to delete the rule\n"); - continue; - } - } - - memset(&cache[cnt], 0, sizeof(cache[cnt])); - curCnt--; - } - } - - IPACMDBG("Deleted %d entries\n", (tmp - curCnt)); - return 0; -} - -void NatApp::CacheEntry(const nat_table_entry *rule) -{ - int cnt; - - if(rule->private_ip == 0 || - rule->target_ip == 0 || - rule->private_port == 0 || - rule->target_port == 0 || - rule->protocol == 0) - { - IPACMERR("Invalid Connection, ignoring it\n"); - return; - } - - if(!ChkForDup(rule)) - { - for(cnt=0; cnt < max_entries; cnt++) - { - if(cache[cnt].private_ip == 0 && - cache[cnt].target_ip == 0 && - cache[cnt].private_port == 0 && - cache[cnt].target_port == 0 && - cache[cnt].protocol == 0) - { - break; - } - } - - if(max_entries == cnt) - { - IPACMERR("Error: Unable to add, reached maximum rules\n"); - return; - } - else - { - cache[cnt].enabled = false; - cache[cnt].rule_hdl = 0; - cache[cnt].private_ip = rule->private_ip; - cache[cnt].target_ip = rule->target_ip; - cache[cnt].target_port = rule->target_port; - cache[cnt].private_port = rule->private_port; - cache[cnt].protocol = rule->protocol; - cache[cnt].timestamp = 0; - cache[cnt].public_port = rule->public_port; - cache[cnt].public_ip = rule->public_ip; - cache[cnt].dst_nat = rule->dst_nat; - curCnt++; - } - - } - else - { - IPACMERR("Duplicate rule. Ignore it\n"); - return; - } - - IPACMDBG("Cached rule(%d) successfully\n", cnt); - return; -} - -void NatApp::Read_TcpUdp_Timeout(void) { -#ifdef FEATURE_IPACM_HAL - tcp_timeout = 432000; - udp_timeout = 180; - IPACMDBG_H("udp timeout value: %d\n", udp_timeout); - IPACMDBG_H("tcp timeout value: %d\n", tcp_timeout); -#else - FILE *udp_fd = NULL, *tcp_fd = NULL; - /* Read UDP timeout value */ - udp_fd = fopen(IPACM_UDP_FULL_FILE_NAME, "r"); - if (udp_fd == NULL) { - IPACMERR("unable to open %s\n", IPACM_UDP_FULL_FILE_NAME); - goto fail; - } - - if (fscanf(udp_fd, "%d", &udp_timeout) != 1) { - IPACMERR("Error reading udp timeout\n"); - } - IPACMDBG_H("udp timeout value: %d\n", udp_timeout); - - - /* Read TCP timeout value */ - tcp_fd = fopen(IPACM_TCP_FULL_FILE_NAME, "r"); - if (tcp_fd == NULL) { - IPACMERR("unable to open %s\n", IPACM_TCP_FULL_FILE_NAME); - goto fail; - } - - - if (fscanf(tcp_fd, "%d", &tcp_timeout) != 1) { - IPACMERR("Error reading tcp timeout\n"); - } - IPACMDBG_H("tcp timeout value: %d\n", tcp_timeout); - -fail: - if (udp_fd) { - fclose(udp_fd); - } - if (tcp_fd) { - fclose(tcp_fd); - } -#endif - return; -} |