summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorqctecmdr <qctecmdr@localhost>2021-01-21 18:54:35 -0800
committerGerrit - the friendly Code Review server <code-review@localhost>2021-01-21 18:54:35 -0800
commit65b72aca50c99d5ca55524249b9a5206a26dfca2 (patch)
tree16f1c67eb66baceaec182609654386ff98b047a8
parent58d2ae06a3b4c2c1cd86ed36a1ea35e5ccffb0de (diff)
parent1f373aa0fe7e0313d6d41726f85f820d1a72849e (diff)
downloadipacfg-mgr-65b72aca50c99d5ca55524249b9a5206a26dfca2.tar.gz
Merge "ipacm: Fix to add dummy NAT entries for tunneled connections"
Diffstat
-rw-r--r--ipacm/src/IPACM_ConntrackListener.cpp13
1 files changed, 12 insertions, 1 deletions
diff --git a/ipacm/src/IPACM_ConntrackListener.cpp b/ipacm/src/IPACM_ConntrackListener.cpp
index b991324..fd1566d 100644
--- a/ipacm/src/IPACM_ConntrackListener.cpp
+++ b/ipacm/src/IPACM_ConntrackListener.cpp
@@ -888,6 +888,8 @@ void IPACM_ConntrackListener::PopulateTCPorUDPEntry(
uint32_t status,
nat_table_entry *rule)
{
+ uint32_t repl_dst_ip;
+
if (IPS_DST_NAT == status)
{
IPACMDBG("Destination NAT\n");
@@ -972,6 +974,15 @@ void IPACM_ConntrackListener::PopulateTCPorUDPEntry(
{
IPACMDBG("unable to retrieve private port\n");
}
+
+ /* If Reply destination IP is not Public IP, install dummy NAT rule. */
+ repl_dst_ip = nfct_get_attr_u32(ct, ATTR_REPL_IPV4_DST);
+ repl_dst_ip = ntohl(repl_dst_ip);
+ if(repl_dst_ip != rule->public_ip)
+ {
+ IPACMDBG_H("Reply dst IP:0x%x not equal to wan ip:0x%x\n",repl_dst_ip, rule->public_ip);
+ rule->private_ip = rule->public_ip;
+ }
}
return;
@@ -1121,8 +1132,8 @@ bool IPACM_ConntrackListener::ProcessTCPorUDPMsg(
}
}
- PopulateTCPorUDPEntry(ct, status, &rule);
rule.public_ip = wan_ipaddr;
+ PopulateTCPorUDPEntry(ct, status, &rule);
if (rule.private_ip != wan_ipaddr)
{
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-03 15:35:24 +0000