Merge 6facc43568f6de2ca4142bb497077639c83db7cd on remote branch
Change-Id: I5a6aeb3d39dc5ff7459d3bfe7d4f147866d1119f
diff --git a/ipacm/inc/IPACM_Filtering.h b/ipacm/inc/IPACM_Filtering.h
index 428c21a..6667235 100644
--- a/ipacm/inc/IPACM_Filtering.h
+++ b/ipacm/inc/IPACM_Filtering.h
@@ -48,6 +48,7 @@
#include <linux/rmnet_ipa_fd_ioctl.h>
#define IPA_PCIE_MODEM_RULE_ID_START 69
+#define IPA_PCIE_MODEM_RULE_ID_MAX 1000
class IPACM_Filtering
{
@@ -80,6 +81,7 @@
int fd; /* File descriptor of the IPA device node /dev/ipa */
int total_num_offload_rules;
int pcie_modem_rule_id;
+ bool pcie_modem_rule_id_in_use[IPA_PCIE_MODEM_RULE_ID_MAX];
};
#endif //IPACM_FILTERING_H
diff --git a/ipacm/inc/IPACM_Iface.h b/ipacm/inc/IPACM_Iface.h
index 55d9e99..35d12db 100644
--- a/ipacm/inc/IPACM_Iface.h
+++ b/ipacm/inc/IPACM_Iface.h
@@ -1,5 +1,5 @@
/*
-Copyright (c) 2013-2019, The Linux Foundation. All rights reserved.
+Copyright (c) 2013-2020, The Linux Foundation. All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are
@@ -59,7 +59,7 @@
#define IPV4_DEFAULT_FILTERTING_RULES 3
#ifdef FEATURE_IPA_ANDROID
-#define IPV6_DEFAULT_FILTERTING_RULES 8
+#define IPV6_DEFAULT_FILTERTING_RULES 5
#else
#define IPV6_DEFAULT_FILTERTING_RULES 4
#endif
diff --git a/ipacm/inc/IPACM_Wan.h b/ipacm/inc/IPACM_Wan.h
index 31949c5..ad62783 100644
--- a/ipacm/inc/IPACM_Wan.h
+++ b/ipacm/inc/IPACM_Wan.h
@@ -1,5 +1,5 @@
/*
-Copyright (c) 2013-2019, The Linux Foundation. All rights reserved.
+Copyright (c) 2013-2020, The Linux Foundation. All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are
@@ -53,7 +53,7 @@
#define IPA_V2_NUM_DEFAULT_WAN_FILTER_RULE_IPV4 2
#ifdef FEATURE_IPA_ANDROID
-#define IPA_V2_NUM_DEFAULT_WAN_FILTER_RULE_IPV6 7
+#define IPA_V2_NUM_DEFAULT_WAN_FILTER_RULE_IPV6 4
#define IPA_V2_NUM_TCP_WAN_FILTER_RULE_IPV6 3
#define IPA_V2_NUM_MULTICAST_WAN_FILTER_RULE_IPV6 3
#define IPA_V2_NUM_FRAG_WAN_FILTER_RULE_IPV6 1
@@ -645,8 +645,6 @@
int add_dft_filtering_rule(struct ipa_flt_rule_add* rules, int rule_offset, ipa_ip_type iptype);
- int add_tcpv6_filtering_rule(struct ipa_flt_rule_add* rules, int rule_offset);
-
int install_wan_filtering_rule(bool is_sw_routing);
void handle_wlan_SCC_MCC_switch(bool, ipa_ip_type);
diff --git a/ipacm/src/IPACM_ConntrackListener.cpp b/ipacm/src/IPACM_ConntrackListener.cpp
index fff6bfc..baddb4d 100644
--- a/ipacm/src/IPACM_ConntrackListener.cpp
+++ b/ipacm/src/IPACM_ConntrackListener.cpp
@@ -1,5 +1,5 @@
/*
-Copyright (c) 2013-2019, The Linux Foundation. All rights reserved.
+Copyright (c) 2013-2020, The Linux Foundation. All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are
@@ -1233,14 +1233,26 @@
unsigned int addr_len = sizeof(nlAddr);
pClient = IPACM_ConntrackClient::GetInstance();
+ if(pClient == NULL)
+ {
+ IPACMERR("unable to get conntrack client instance\n");
+ return;
+ }
+
len = MAX_CONNTRACK_ENTRIES * sizeof(struct nf_conntrack **);
ct_entries = (struct nf_conntrack **) malloc(len);
+ if(ct_entries == NULL)
+ {
+ IPACMERR("unable to allocate ct_entries memory \n");
+ return;
+ }
memset(ct_entries, 0, len);
if( pClient->fd_tcp < 0)
{
IPACMDBG_H("Invalid fd %d \n",pClient->fd_tcp);
+ free(ct_entries);
return;
}
diff --git a/ipacm/src/IPACM_Filtering.cpp b/ipacm/src/IPACM_Filtering.cpp
index 8aa25a6..b230c36 100644
--- a/ipacm/src/IPACM_Filtering.cpp
+++ b/ipacm/src/IPACM_Filtering.cpp
@@ -60,6 +60,7 @@
}
total_num_offload_rules = 0;
pcie_modem_rule_id = 0;
+ memset(pcie_modem_rule_id_in_use, 0, sizeof(pcie_modem_rule_id_in_use));
}
IPACM_Filtering::~IPACM_Filtering()
@@ -710,7 +711,7 @@
bool IPACM_Filtering::AddOffloadFilteringRule(struct ipa_ioc_add_flt_rule *flt_rule_tbl, uint8_t mux_id, uint8_t default_path)
{
#ifdef WAN_IOCTL_ADD_OFFLOAD_CONNECTION
- int ret = 0, cnt, pos = 0;
+ int ret = 0, cnt, pos = 0, i;
ipa_add_offload_connection_req_msg_v01 qmi_add_msg;
int fd_wwan_ioctl = open(WWAN_QMI_IOCTL_DEVICE_NAME, O_RDWR);
if(fd_wwan_ioctl < 0)
@@ -807,7 +808,23 @@
sizeof(struct ipa_filter_rule_type_v01));
IPACMDBG_H("mux-id %d, hashable %d\n", qmi_add_msg.filter_spec_ex2_list[pos].mux_id, qmi_add_msg.filter_spec_ex2_list[pos].is_rule_hashable);
pos++;
- pcie_modem_rule_id = (pcie_modem_rule_id + 1)%100;
+ pcie_modem_rule_id_in_use[pcie_modem_rule_id] = true;
+ for(i = 0; i < IPA_PCIE_MODEM_RULE_ID_MAX; i++)
+ {
+ pcie_modem_rule_id = (pcie_modem_rule_id + 1)%IPA_PCIE_MODEM_RULE_ID_MAX;
+ if(!pcie_modem_rule_id_in_use[pcie_modem_rule_id])
+ break;
+ }
+
+ if(i == IPA_PCIE_MODEM_RULE_ID_MAX)
+ {
+ IPACMERR("all handles are in use, max = %d\n", i);
+ return false;
+ }
+ else
+ {
+ IPACMDBG("next free pcie_modem_rule_id: %d\n", pcie_modem_rule_id);
+ }
}
else
{
@@ -892,6 +909,12 @@
/* passing rule-id to wan-driver */
qmi_del_msg.filter_handle_list[pos].filter_spec_identifier = flt_rule_tbl->hdl[cnt].hdl;
pos++;
+
+ /* set in use to false for future rule additions (need to subtract offset and mod max index) */
+ pcie_modem_rule_id_in_use[(IPA_PCIE_MODEM_RULE_ID_MAX + flt_rule_tbl->hdl[cnt].hdl - IPA_PCIE_MODEM_RULE_ID_START)
+ % IPA_PCIE_MODEM_RULE_ID_MAX] = false;
+ IPACMDBG("freeing pcie_modem_rule_id: %d\n", (IPA_PCIE_MODEM_RULE_ID_MAX + flt_rule_tbl->hdl[cnt].hdl -IPA_PCIE_MODEM_RULE_ID_START)
+ % IPA_PCIE_MODEM_RULE_ID_MAX);
}
else
{
diff --git a/ipacm/src/IPACM_Iface.cpp b/ipacm/src/IPACM_Iface.cpp
index 0d4f54f..8282915 100644
--- a/ipacm/src/IPACM_Iface.cpp
+++ b/ipacm/src/IPACM_Iface.cpp
@@ -1,5 +1,5 @@
/*
-Copyright (c) 2013-2019, The Linux Foundation. All rights reserved.
+Copyright (c) 2013-2020, The Linux Foundation. All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are
@@ -955,57 +955,6 @@
memcpy(&(m_pFilteringTable->rules[4]), &flt_rule_entry,
sizeof(struct ipa_flt_rule_add));
- IPACMDBG_H("Add TCP ctrl rules: total num %d\n", IPV6_DEFAULT_FILTERTING_RULES);
- memset(&flt_rule_entry, 0, sizeof(struct ipa_flt_rule_add));
-
- flt_rule_entry.at_rear = true;
- flt_rule_entry.flt_rule_hdl = -1;
- flt_rule_entry.status = -1;
-
- flt_rule_entry.rule.retain_hdr = 1;
- flt_rule_entry.rule.to_uc = 0;
- flt_rule_entry.rule.action = IPA_PASS_TO_EXCEPTION;
- flt_rule_entry.rule.eq_attrib_type = 1;
- flt_rule_entry.rule.eq_attrib.rule_eq_bitmap = 0;
-
- if(rx_prop->rx[0].attrib.attrib_mask & IPA_FLT_META_DATA)
- {
- if (IPACM_Iface::ipacmcfg->isIPAv3Supported())
- flt_rule_entry.rule.eq_attrib.rule_eq_bitmap |= (1<<9);
- else
- flt_rule_entry.rule.eq_attrib.rule_eq_bitmap |= (1<<14);
- flt_rule_entry.rule.eq_attrib.metadata_meq32_present = 1;
- flt_rule_entry.rule.eq_attrib.metadata_meq32.offset = 0;
- flt_rule_entry.rule.eq_attrib.metadata_meq32.value = rx_prop->rx[0].attrib.meta_data;
- flt_rule_entry.rule.eq_attrib.metadata_meq32.mask = rx_prop->rx[0].attrib.meta_data_mask;
- }
-
- flt_rule_entry.rule.eq_attrib.rule_eq_bitmap |= (1<<1);
- flt_rule_entry.rule.eq_attrib.protocol_eq_present = 1;
- flt_rule_entry.rule.eq_attrib.protocol_eq = IPACM_FIREWALL_IPPROTO_TCP;
-
- if (IPACM_Iface::ipacmcfg->isIPAv3Supported())
- flt_rule_entry.rule.eq_attrib.rule_eq_bitmap |= (1<<7);
- else
- flt_rule_entry.rule.eq_attrib.rule_eq_bitmap |= (1<<8);
- flt_rule_entry.rule.eq_attrib.num_ihl_offset_meq_32 = 1;
- flt_rule_entry.rule.eq_attrib.ihl_offset_meq_32[0].offset = 12;
-
- /* add TCP FIN rule*/
- flt_rule_entry.rule.eq_attrib.ihl_offset_meq_32[0].value = (((uint32_t)1)<<TCP_FIN_SHIFT);
- flt_rule_entry.rule.eq_attrib.ihl_offset_meq_32[0].mask = (((uint32_t)1)<<TCP_FIN_SHIFT);
- memcpy(&(m_pFilteringTable->rules[5]), &flt_rule_entry, sizeof(struct ipa_flt_rule_add));
-
- /* add TCP SYN rule*/
- flt_rule_entry.rule.eq_attrib.ihl_offset_meq_32[0].value = (((uint32_t)1)<<TCP_SYN_SHIFT);
- flt_rule_entry.rule.eq_attrib.ihl_offset_meq_32[0].mask = (((uint32_t)1)<<TCP_SYN_SHIFT);
- memcpy(&(m_pFilteringTable->rules[6]), &flt_rule_entry, sizeof(struct ipa_flt_rule_add));
-
- /* add TCP RST rule*/
- flt_rule_entry.rule.eq_attrib.ihl_offset_meq_32[0].value = (((uint32_t)1)<<TCP_RST_SHIFT);
- flt_rule_entry.rule.eq_attrib.ihl_offset_meq_32[0].mask = (((uint32_t)1)<<TCP_RST_SHIFT);
- memcpy(&(m_pFilteringTable->rules[7]), &flt_rule_entry, sizeof(struct ipa_flt_rule_add));
-
#endif
#ifdef IPA_IOCTL_SET_FNR_COUNTER_INFO
/* use index hw-counter */
diff --git a/ipacm/src/IPACM_Wan.cpp b/ipacm/src/IPACM_Wan.cpp
index 7383aed..397c820 100644
--- a/ipacm/src/IPACM_Wan.cpp
+++ b/ipacm/src/IPACM_Wan.cpp
@@ -1,5 +1,5 @@
/*
-Copyright (c) 2013-2019 The Linux Foundation. All rights reserved.
+Copyright (c) 2013-2020 The Linux Foundation. All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are
@@ -4260,9 +4260,6 @@
}
else if(iptype == IPA_IP_v6)
{
-#ifdef FEATURE_IPA_ANDROID
- add_tcpv6_filtering_rule(flt_rule_v6, IPACM_Wan::num_v6_flt_rule);
-#endif
IPACM_Wan::num_v6_flt_rule = IPA_V2_NUM_DEFAULT_WAN_FILTER_RULE_IPV6;
if(IPACM_FAILURE == add_icmp_alg_rules(flt_rule_v6, IPACM_Wan::num_v6_flt_rule, IPA_IP_v6))
{
@@ -4547,103 +4544,6 @@
return res;
}
-int IPACM_Wan::add_tcpv6_filtering_rule(struct ipa_flt_rule_add *rules, int rule_offset)
-{
- struct ipa_ioc_get_rt_tbl_indx rt_tbl_idx;
- struct ipa_flt_rule_add flt_rule_entry;
- struct ipa_ioc_generate_flt_eq flt_eq;
- int res = IPACM_SUCCESS;
-
- if(rules == NULL)
- {
- IPACMERR("No filtering table available.\n");
- return IPACM_FAILURE;
- }
- if(rx_prop == NULL)
- {
- IPACMERR("No tx property.\n");
- return IPACM_FAILURE;
- }
-
- memset(&rt_tbl_idx, 0, sizeof(rt_tbl_idx));
- strlcpy(rt_tbl_idx.name, IPACM_Iface::ipacmcfg->rt_tbl_wan_dl.name, IPA_RESOURCE_NAME_MAX);
- rt_tbl_idx.name[IPA_RESOURCE_NAME_MAX-1] = '\0';
- rt_tbl_idx.ip = IPA_IP_v6;
- if(0 != ioctl(m_fd_ipa, IPA_IOC_QUERY_RT_TBL_INDEX, &rt_tbl_idx))
- {
- IPACMERR("Failed to get routing table index from name\n");
- res = IPACM_FAILURE;
- goto fail;
- }
-
- IPACMDBG_H("Routing table %s has index %d\n", rt_tbl_idx.name, rt_tbl_idx.idx);
- memset(&flt_rule_entry, 0, sizeof(struct ipa_flt_rule_add));
-
- flt_rule_entry.at_rear = true;
- flt_rule_entry.flt_rule_hdl = -1;
- flt_rule_entry.status = -1;
-
- flt_rule_entry.rule.retain_hdr = 1;
- flt_rule_entry.rule.to_uc = 0;
- flt_rule_entry.rule.eq_attrib_type = 1;
- flt_rule_entry.rule.action = IPA_PASS_TO_ROUTING;
- flt_rule_entry.rule.rt_tbl_idx = rt_tbl_idx.idx;
-
-#ifdef FEATURE_IPA_ANDROID
- IPACMDBG_H("Add TCP ctrl rules: total num %d\n", IPA_V2_NUM_TCP_WAN_FILTER_RULE_IPV6);
-#endif
- memcpy(&flt_rule_entry.rule.attrib,
- &rx_prop->rx[0].attrib,
- sizeof(flt_rule_entry.rule.attrib));
- memset(&flt_eq, 0, sizeof(flt_eq));
- memcpy(&flt_eq.attrib, &flt_rule_entry.rule.attrib, sizeof(flt_eq.attrib));
- flt_eq.ip = IPA_IP_v6;
- if(0 != ioctl(m_fd_ipa, IPA_IOC_GENERATE_FLT_EQ, &flt_eq))
- {
- IPACMERR("Failed to get eq_attrib\n");
- res = IPACM_FAILURE;
- goto fail;
- }
-
- memcpy(&flt_rule_entry.rule.eq_attrib,
- &flt_eq.eq_attrib,
- sizeof(flt_rule_entry.rule.eq_attrib));
-
- flt_rule_entry.rule.eq_attrib.rule_eq_bitmap |= (1<<1);
- flt_rule_entry.rule.eq_attrib.protocol_eq_present = 1;
- flt_rule_entry.rule.eq_attrib.protocol_eq = IPACM_FIREWALL_IPPROTO_TCP;
-
- if (IPACM_Iface::ipacmcfg->isIPAv3Supported())
- flt_rule_entry.rule.eq_attrib.rule_eq_bitmap |= (1<<7);
- else
- flt_rule_entry.rule.eq_attrib.rule_eq_bitmap |= (1<<8);
- flt_rule_entry.rule.eq_attrib.num_ihl_offset_meq_32 = 1;
- flt_rule_entry.rule.eq_attrib.ihl_offset_meq_32[0].offset = 12;
-
- /* add TCP FIN rule*/
- flt_rule_entry.rule.eq_attrib.ihl_offset_meq_32[0].value = (((uint32_t)1)<<TCP_FIN_SHIFT);
- flt_rule_entry.rule.eq_attrib.ihl_offset_meq_32[0].mask = (((uint32_t)1)<<TCP_FIN_SHIFT);
- memcpy(&(rules[rule_offset]), &flt_rule_entry, sizeof(struct ipa_flt_rule_add));
-
- /* add TCP SYN rule*/
- flt_rule_entry.rule.eq_attrib.ihl_offset_meq_32[0].value = (((uint32_t)1)<<TCP_SYN_SHIFT);
- flt_rule_entry.rule.eq_attrib.ihl_offset_meq_32[0].mask = (((uint32_t)1)<<TCP_SYN_SHIFT);
- memcpy(&(rules[rule_offset + 1]), &flt_rule_entry, sizeof(struct ipa_flt_rule_add));
-
- /* add TCP RST rule*/
- flt_rule_entry.rule.eq_attrib.ihl_offset_meq_32[0].value = (((uint32_t)1)<<TCP_RST_SHIFT);
- flt_rule_entry.rule.eq_attrib.ihl_offset_meq_32[0].mask = (((uint32_t)1)<<TCP_RST_SHIFT);
- memcpy(&(rules[rule_offset + 2]), &flt_rule_entry, sizeof(struct ipa_flt_rule_add));
-
-#ifdef FEATURE_IPA_ANDROID
- IPACM_Wan::num_v6_flt_rule += IPA_V2_NUM_TCP_WAN_FILTER_RULE_IPV6;
- IPACMDBG_H("Constructed %d ICMP filtering rules for ip type %d\n", IPA_V2_NUM_TCP_WAN_FILTER_RULE_IPV6, IPA_IP_v6);
-#endif
-
-fail:
- return res;
-}
-
int IPACM_Wan::del_wan_firewall_rule(ipa_ip_type iptype)
{
if(iptype == IPA_IP_v4)