Merge "ipacm: Fix to add dummy NAT entries for tunneled connections"

commit: 65b72aca50c99d5ca55524249b9a5206a26dfca2 [log] [tgz]
author: qctecmdr <qctecmdr@localhost> Thu Jan 21 18:54:35 2021 -0800
committer: Gerrit - the friendly Code Review server <code-review@localhost> Thu Jan 21 18:54:35 2021 -0800
tree: 16f1c67eb66baceaec182609654386ff98b047a8
parent: 58d2ae06a3b4c2c1cd86ed36a1ea35e5ccffb0de [diff]
parent: 1f373aa0fe7e0313d6d41726f85f820d1a72849e [diff]
diff --git a/ipacm/src/IPACM_ConntrackListener.cpp b/ipacm/src/IPACM_ConntrackListener.cpp
index b991324..fd1566d 100644
--- a/ipacm/src/IPACM_ConntrackListener.cpp
+++ b/ipacm/src/IPACM_ConntrackListener.cpp

@@ -888,6 +888,8 @@
 	 uint32_t status,
 	 nat_table_entry *rule)
 {
+	uint32_t repl_dst_ip;
+
 	if (IPS_DST_NAT == status)
 	{
 		IPACMDBG("Destination NAT\n");
@@ -972,6 +974,15 @@
 		{
 			IPACMDBG("unable to retrieve private port\n");
 		}
+
+		/* If Reply destination IP is not Public IP, install dummy NAT rule. */
+		repl_dst_ip = nfct_get_attr_u32(ct, ATTR_REPL_IPV4_DST);
+		repl_dst_ip = ntohl(repl_dst_ip);
+		if(repl_dst_ip != rule->public_ip)
+		{
+			IPACMDBG_H("Reply dst IP:0x%x not equal to wan ip:0x%x\n",repl_dst_ip, rule->public_ip);
+			rule->private_ip = rule->public_ip;
+		}
 	}
 
 	return;
@@ -1121,8 +1132,8 @@
 		}
 	}
 
-	PopulateTCPorUDPEntry(ct, status, &rule);
 	rule.public_ip = wan_ipaddr;
+	PopulateTCPorUDPEntry(ct, status, &rule);
 
 	if (rule.private_ip != wan_ipaddr)
 	{
commit	65b72aca50c99d5ca55524249b9a5206a26dfca2	[log] [tgz]
author	qctecmdr <qctecmdr@localhost>	Thu Jan 21 18:54:35 2021 -0800
committer	Gerrit - the friendly Code Review server <code-review@localhost>	Thu Jan 21 18:54:35 2021 -0800
tree	16f1c67eb66baceaec182609654386ff98b047a8
parent	58d2ae06a3b4c2c1cd86ed36a1ea35e5ccffb0de [diff]
parent	1f373aa0fe7e0313d6d41726f85f820d1a72849e [diff]