diff options
| author | Mohammed Javid <mjavid@codeaurora.org> | 2018-05-24 20:43:58 +0530 |
|---|---|---|
| committer | Mohammed Javid <mjavid@codeaurora.org> | 2018-08-07 14:33:09 +0530 |
| commit | 442dad7d4dae8e340b05f63f53ec4dadf1624bfd (patch) | |
| tree | e5394cafb494908d8e849ffab31d84a75119cd22 /ipacm/src/IPACM_Iface.cpp | |
| parent | 339946aedbd21f42a2d69f62e2defb97a48bd2ab (diff) | |
| download | ipacfg-mgr-442dad7d4dae8e340b05f63f53ec4dadf1624bfd.tar.gz | |
ipacm: send all IPv6 framents to IPA apps
In case of TCP, if the ipv6 packets are fragmented there
is a possibility that the second fragment packets match
TCP SYN/FIN/RST rules and packets are routed to apps.
This results in connection failure as the primary fragment
will be routed correctly to hotspot client.
Change-Id: I482b48c4786bda180b6f5d921149fed766c91fe0
Diffstat (limited to 'ipacm/src/IPACM_Iface.cpp')
| -rw-r--r-- | ipacm/src/IPACM_Iface.cpp | 37 |
1 files changed, 34 insertions, 3 deletions
diff --git a/ipacm/src/IPACM_Iface.cpp b/ipacm/src/IPACM_Iface.cpp index 173b954..ce3d738 100644 --- a/ipacm/src/IPACM_Iface.cpp +++ b/ipacm/src/IPACM_Iface.cpp @@ -850,6 +850,36 @@ int IPACM_Iface::init_fl_rule(ipa_ip_type iptype) memcpy(&(m_pFilteringTable->rules[3]), &flt_rule_entry, sizeof(struct ipa_flt_rule_add)); #ifdef FEATURE_IPA_ANDROID + /* Add the ipv6 tcp fragment filtering rule. */ + memset(&flt_rule_entry, 0, sizeof(struct ipa_flt_rule_add)); + flt_rule_entry.at_rear = true; + flt_rule_entry.flt_rule_hdl = -1; + flt_rule_entry.status = -1; + flt_rule_entry.rule.retain_hdr = 1; + flt_rule_entry.rule.to_uc = 0; + flt_rule_entry.rule.eq_attrib_type = 1; + flt_rule_entry.rule.action = IPA_PASS_TO_EXCEPTION; +#ifdef FEATURE_IPA_V3 + flt_rule_entry.rule.hashable = true; +#endif + flt_rule_entry.rule.eq_attrib.rule_eq_bitmap |= (1<<1); + flt_rule_entry.rule.eq_attrib.protocol_eq_present = 1; + flt_rule_entry.rule.eq_attrib.protocol_eq = IPACM_FIREWALL_IPPROTO_TCP; + flt_rule_entry.rule.attrib.u.v6.next_hdr = (uint8_t)IPACM_FIREWALL_IPPROTO_TCP; + + /* Configuring Fragment Filtering Rule */ + memcpy(&flt_rule_entry.rule.attrib, + &rx_prop->rx[0].attrib, + sizeof(flt_rule_entry.rule.attrib)); + /* remove meta data mask since we only install default flt rules once for all modem + PDN*/ + flt_rule_entry.rule.attrib.attrib_mask &= ~((uint32_t)IPA_FLT_META_DATA); + + flt_rule_entry.rule.attrib.attrib_mask |= IPA_FLT_FRAGMENT; + + memcpy(&(m_pFilteringTable->rules[4]), &flt_rule_entry, + sizeof(struct ipa_flt_rule_add)); + IPACMDBG_H("Add TCP ctrl rules: total num %d\n", IPV6_DEFAULT_FILTERTING_RULES); memset(&flt_rule_entry, 0, sizeof(struct ipa_flt_rule_add)); @@ -891,17 +921,18 @@ int IPACM_Iface::init_fl_rule(ipa_ip_type iptype) /* add TCP FIN rule*/ flt_rule_entry.rule.eq_attrib.ihl_offset_meq_32[0].value = (((uint32_t)1)<<TCP_FIN_SHIFT); flt_rule_entry.rule.eq_attrib.ihl_offset_meq_32[0].mask = (((uint32_t)1)<<TCP_FIN_SHIFT); - memcpy(&(m_pFilteringTable->rules[4]), &flt_rule_entry, sizeof(struct ipa_flt_rule_add)); + memcpy(&(m_pFilteringTable->rules[5]), &flt_rule_entry, sizeof(struct ipa_flt_rule_add)); /* add TCP SYN rule*/ flt_rule_entry.rule.eq_attrib.ihl_offset_meq_32[0].value = (((uint32_t)1)<<TCP_SYN_SHIFT); flt_rule_entry.rule.eq_attrib.ihl_offset_meq_32[0].mask = (((uint32_t)1)<<TCP_SYN_SHIFT); - memcpy(&(m_pFilteringTable->rules[5]), &flt_rule_entry, sizeof(struct ipa_flt_rule_add)); + memcpy(&(m_pFilteringTable->rules[6]), &flt_rule_entry, sizeof(struct ipa_flt_rule_add)); /* add TCP RST rule*/ flt_rule_entry.rule.eq_attrib.ihl_offset_meq_32[0].value = (((uint32_t)1)<<TCP_RST_SHIFT); flt_rule_entry.rule.eq_attrib.ihl_offset_meq_32[0].mask = (((uint32_t)1)<<TCP_RST_SHIFT); - memcpy(&(m_pFilteringTable->rules[6]), &flt_rule_entry, sizeof(struct ipa_flt_rule_add)); + memcpy(&(m_pFilteringTable->rules[7]), &flt_rule_entry, sizeof(struct ipa_flt_rule_add)); + #endif if (m_filtering.AddFilteringRule(m_pFilteringTable) == false) { |