diff options
author | Skylar Chang <chiaweic@codeaurora.org> | 2017-04-17 13:46:48 -0700 |
---|---|---|
committer | Gerrit - the friendly Code Review server <code-review@localhost> | 2017-08-21 17:47:38 -0700 |
commit | 6376cc2c2cffc662ab36d422c54d3467b1b87482 (patch) | |
tree | 64b6bceccf6277d2e9c28b97b2f6e48f1bfca520 | |
parent | e33f92bd70c814df5fa01ef357b61d78a5bb4e8c (diff) | |
download | ipacfg-mgr-6376cc2c2cffc662ab36d422c54d3467b1b87482.tar.gz |
IPACM: Support Dual embedded & rmnet call
Change DL TCP SYNC/RST/FIN ipv6 filter rules
to meta-data based rules to avoid DL tcp v6
SYNC-ack back to AP in rmnet-call.
Change-Id: I34b56e2bc008e744d7685ae8774705e597952960
-rw-r--r-- | ipacm/inc/IPACM_Wan.h | 4 | ||||
-rw-r--r-- | ipacm/src/IPACM_Wan.cpp | 76 |
2 files changed, 69 insertions, 11 deletions
diff --git a/ipacm/inc/IPACM_Wan.h b/ipacm/inc/IPACM_Wan.h index fde97f6..a631f20 100644 --- a/ipacm/inc/IPACM_Wan.h +++ b/ipacm/inc/IPACM_Wan.h @@ -54,6 +54,8 @@ IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. #ifdef FEATURE_IPA_ANDROID #define IPA_V2_NUM_DEFAULT_WAN_FILTER_RULE_IPV6 6 +#define IPA_V2_NUM_TCP_WAN_FILTER_RULE_IPV6 3 +#define IPA_V2_NUM_MULTICAST_WAN_FILTER_RULE_IPV6 3 #else #define IPA_V2_NUM_DEFAULT_WAN_FILTER_RULE_IPV6 3 #endif @@ -539,6 +541,8 @@ private: int add_dft_filtering_rule(struct ipa_flt_rule_add* rules, int rule_offset, ipa_ip_type iptype); + int add_tcpv6_filtering_rule(struct ipa_flt_rule_add* rules, int rule_offset); + int install_wan_filtering_rule(bool is_sw_routing); void change_to_network_order(ipa_ip_type iptype, ipa_rule_attrib* attrib); diff --git a/ipacm/src/IPACM_Wan.cpp b/ipacm/src/IPACM_Wan.cpp index d0a0ab5..804dc72 100644 --- a/ipacm/src/IPACM_Wan.cpp +++ b/ipacm/src/IPACM_Wan.cpp @@ -3468,6 +3468,9 @@ int IPACM_Wan::config_wan_firewall_rule(ipa_ip_type iptype) } else if(iptype == IPA_IP_v6) { +#ifdef FEATURE_IPA_ANDROID + add_tcpv6_filtering_rule(flt_rule_v6, IPACM_Wan::num_v6_flt_rule); +#endif IPACM_Wan::num_v6_flt_rule = IPA_V2_NUM_DEFAULT_WAN_FILTER_RULE_IPV6; if(IPACM_FAILURE == add_icmp_alg_rules(flt_rule_v6, IPACM_Wan::num_v6_flt_rule, IPA_IP_v6)) { @@ -3715,8 +3718,44 @@ int IPACM_Wan::add_dft_filtering_rule(struct ipa_flt_rule_add *rules, int rule_o memcpy(&(rules[rule_offset + 2]), &flt_rule_entry, sizeof(struct ipa_flt_rule_add)); -#ifdef FEATURE_IPA_ANDROID - IPACMDBG_H("Add TCP ctrl rules: total num %d\n", IPA_V2_NUM_DEFAULT_WAN_FILTER_RULE_IPV6); + IPACM_Wan::num_v6_flt_rule += IPA_V2_NUM_MULTICAST_WAN_FILTER_RULE_IPV6; + IPACMDBG_H("Constructed %d default filtering rules for ip type %d\n", IPA_V2_NUM_MULTICAST_WAN_FILTER_RULE_IPV6, iptype); + } + +fail: + return res; +} + +int IPACM_Wan::add_tcpv6_filtering_rule(struct ipa_flt_rule_add *rules, int rule_offset) +{ + struct ipa_ioc_get_rt_tbl_indx rt_tbl_idx; + struct ipa_flt_rule_add flt_rule_entry; + struct ipa_ioc_generate_flt_eq flt_eq; + int res = IPACM_SUCCESS; + + if(rules == NULL) + { + IPACMERR("No filtering table available.\n"); + return IPACM_FAILURE; + } + if(rx_prop == NULL) + { + IPACMERR("No tx property.\n"); + return IPACM_FAILURE; + } + + memset(&rt_tbl_idx, 0, sizeof(rt_tbl_idx)); + strlcpy(rt_tbl_idx.name, IPACM_Iface::ipacmcfg->rt_tbl_wan_dl.name, IPA_RESOURCE_NAME_MAX); + rt_tbl_idx.name[IPA_RESOURCE_NAME_MAX-1] = '\0'; + rt_tbl_idx.ip = IPA_IP_v6; + if(0 != ioctl(m_fd_ipa, IPA_IOC_QUERY_RT_TBL_INDEX, &rt_tbl_idx)) + { + IPACMERR("Failed to get routing table index from name\n"); + res = IPACM_FAILURE; + goto fail; + } + + IPACMDBG_H("Routing table %s has index %d\n", rt_tbl_idx.name, rt_tbl_idx.idx); memset(&flt_rule_entry, 0, sizeof(struct ipa_flt_rule_add)); flt_rule_entry.at_rear = true; @@ -3725,11 +3764,28 @@ int IPACM_Wan::add_dft_filtering_rule(struct ipa_flt_rule_add *rules, int rule_o flt_rule_entry.rule.retain_hdr = 1; flt_rule_entry.rule.to_uc = 0; + flt_rule_entry.rule.eq_attrib_type = 1; flt_rule_entry.rule.action = IPA_PASS_TO_ROUTING; flt_rule_entry.rule.rt_tbl_idx = rt_tbl_idx.idx; - flt_rule_entry.rule.eq_attrib_type = 1; - flt_rule_entry.rule.eq_attrib.rule_eq_bitmap = 0; + IPACMDBG_H("Add TCP ctrl rules: total num %d\n", IPA_V2_NUM_TCP_WAN_FILTER_RULE_IPV6); + + memcpy(&flt_rule_entry.rule.attrib, + &rx_prop->rx[0].attrib, + sizeof(flt_rule_entry.rule.attrib)); + memset(&flt_eq, 0, sizeof(flt_eq)); + memcpy(&flt_eq.attrib, &flt_rule_entry.rule.attrib, sizeof(flt_eq.attrib)); + flt_eq.ip = IPA_IP_v6; + if(0 != ioctl(m_fd_ipa, IPA_IOC_GENERATE_FLT_EQ, &flt_eq)) + { + IPACMERR("Failed to get eq_attrib\n"); + res = IPACM_FAILURE; + goto fail; + } + + memcpy(&flt_rule_entry.rule.eq_attrib, + &flt_eq.eq_attrib, + sizeof(flt_rule_entry.rule.eq_attrib)); flt_rule_entry.rule.eq_attrib.rule_eq_bitmap |= (1<<1); flt_rule_entry.rule.eq_attrib.protocol_eq_present = 1; @@ -3742,22 +3798,20 @@ int IPACM_Wan::add_dft_filtering_rule(struct ipa_flt_rule_add *rules, int rule_o /* add TCP FIN rule*/ flt_rule_entry.rule.eq_attrib.ihl_offset_meq_32[0].value = (((uint32_t)1)<<TCP_FIN_SHIFT); flt_rule_entry.rule.eq_attrib.ihl_offset_meq_32[0].mask = (((uint32_t)1)<<TCP_FIN_SHIFT); - memcpy(&(rules[rule_offset + 3]), &flt_rule_entry, sizeof(struct ipa_flt_rule_add)); + memcpy(&(rules[rule_offset]), &flt_rule_entry, sizeof(struct ipa_flt_rule_add)); /* add TCP SYN rule*/ flt_rule_entry.rule.eq_attrib.ihl_offset_meq_32[0].value = (((uint32_t)1)<<TCP_SYN_SHIFT); flt_rule_entry.rule.eq_attrib.ihl_offset_meq_32[0].mask = (((uint32_t)1)<<TCP_SYN_SHIFT); - memcpy(&(rules[rule_offset + 4]), &flt_rule_entry, sizeof(struct ipa_flt_rule_add)); + memcpy(&(rules[rule_offset + 1]), &flt_rule_entry, sizeof(struct ipa_flt_rule_add)); /* add TCP RST rule*/ flt_rule_entry.rule.eq_attrib.ihl_offset_meq_32[0].value = (((uint32_t)1)<<TCP_RST_SHIFT); flt_rule_entry.rule.eq_attrib.ihl_offset_meq_32[0].mask = (((uint32_t)1)<<TCP_RST_SHIFT); - memcpy(&(rules[rule_offset + 5]), &flt_rule_entry, sizeof(struct ipa_flt_rule_add)); -#endif + memcpy(&(rules[rule_offset + 2]), &flt_rule_entry, sizeof(struct ipa_flt_rule_add)); - IPACM_Wan::num_v6_flt_rule += IPA_V2_NUM_DEFAULT_WAN_FILTER_RULE_IPV6; - IPACMDBG_H("Constructed %d default filtering rules for ip type %d\n", IPA_V2_NUM_DEFAULT_WAN_FILTER_RULE_IPV6, iptype); - } + IPACM_Wan::num_v6_flt_rule += IPA_V2_NUM_TCP_WAN_FILTER_RULE_IPV6; + IPACMDBG_H("Constructed %d ICMP filtering rules for ip type %d\n", IPA_V2_NUM_TCP_WAN_FILTER_RULE_IPV6, IPA_IP_v6); fail: return res; |