From 1f373aa0fe7e0313d6d41726f85f820d1a72849e Mon Sep 17 00:00:00 2001 From: Chaitanya Pratapa Date: Thu, 6 Aug 2020 08:12:53 -0700 Subject: ipacm: Fix to add dummy NAT entries for tunneled connections When tunneling is enabled from the device, same NAT entry will be translate from Public to tunneled IP and then to Private IP. In case we try to add the entry to HW, HW ends up translating it to Private IP and connection fails. Make change to add dummy NAT entries for tunneled connections. Change-Id: I340189e2a0db71dd04316a704116e045d6622063 --- ipacm/src/IPACM_ConntrackListener.cpp | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) (limited to 'ipacm') diff --git a/ipacm/src/IPACM_ConntrackListener.cpp b/ipacm/src/IPACM_ConntrackListener.cpp index b991324..fd1566d 100644 --- a/ipacm/src/IPACM_ConntrackListener.cpp +++ b/ipacm/src/IPACM_ConntrackListener.cpp @@ -888,6 +888,8 @@ void IPACM_ConntrackListener::PopulateTCPorUDPEntry( uint32_t status, nat_table_entry *rule) { + uint32_t repl_dst_ip; + if (IPS_DST_NAT == status) { IPACMDBG("Destination NAT\n"); @@ -972,6 +974,15 @@ void IPACM_ConntrackListener::PopulateTCPorUDPEntry( { IPACMDBG("unable to retrieve private port\n"); } + + /* If Reply destination IP is not Public IP, install dummy NAT rule. */ + repl_dst_ip = nfct_get_attr_u32(ct, ATTR_REPL_IPV4_DST); + repl_dst_ip = ntohl(repl_dst_ip); + if(repl_dst_ip != rule->public_ip) + { + IPACMDBG_H("Reply dst IP:0x%x not equal to wan ip:0x%x\n",repl_dst_ip, rule->public_ip); + rule->private_ip = rule->public_ip; + } } return; @@ -1121,8 +1132,8 @@ bool IPACM_ConntrackListener::ProcessTCPorUDPMsg( } } - PopulateTCPorUDPEntry(ct, status, &rule); rule.public_ip = wan_ipaddr; + PopulateTCPorUDPEntry(ct, status, &rule); if (rule.private_ip != wan_ipaddr) { -- cgit v1.2.3