ipacm: Fix to add dummy NAT entries for tunneled connections

When tunneling is enabled from the device, same NAT
entry will be translate from Public to tunneled IP
and then to Private IP. In case we try to add the entry
to HW, HW ends up translating it to Private IP and
connection fails. Make change to add dummy NAT entries
for tunneled connections.

Change-Id: I340189e2a0db71dd04316a704116e045d6622063

1 files changed, 12 insertions, 1 deletions

diff --git a/ipacm/src/IPACM_ConntrackListener.cpp b/ipacm/src/IPACM_ConntrackListener.cpp
index b991324..fd1566d 100644
--- a/ipacm/src/IPACM_ConntrackListener.cpp
+++ b/ipacm/src/IPACM_ConntrackListener.cpp
@@ -888,6 +888,8 @@ void IPACM_ConntrackListener::PopulateTCPorUDPEntry(
 	 uint32_t status,
 	 nat_table_entry *rule)
 {
+	uint32_t repl_dst_ip;
+
 	if (IPS_DST_NAT == status)
 	{
 		IPACMDBG("Destination NAT\n");
@@ -972,6 +974,15 @@ void IPACM_ConntrackListener::PopulateTCPorUDPEntry(
 		{
 			IPACMDBG("unable to retrieve private port\n");
 		}
+
+		/* If Reply destination IP is not Public IP, install dummy NAT rule. */
+		repl_dst_ip = nfct_get_attr_u32(ct, ATTR_REPL_IPV4_DST);
+		repl_dst_ip = ntohl(repl_dst_ip);
+		if(repl_dst_ip != rule->public_ip)
+		{
+			IPACMDBG_H("Reply dst IP:0x%x not equal to wan ip:0x%x\n",repl_dst_ip, rule->public_ip);
+			rule->private_ip = rule->public_ip;
+		}
 	}
 
 	return;
@@ -1121,8 +1132,8 @@ bool IPACM_ConntrackListener::ProcessTCPorUDPMsg(
 		}
 	}
 
-	PopulateTCPorUDPEntry(ct, status, &rule);
 	rule.public_ip = wan_ipaddr;
+	PopulateTCPorUDPEntry(ct, status, &rule);
 
 	if (rule.private_ip != wan_ipaddr)
 	{