ipacm: add DL filtering rule for IPV4 FIN and RST
Add DL filtering rule to use Legacy MHI path for TCP FIN and RST.
Change-Id: I42af4343c58ed7b79da677fccebdf42b62401c9a
diff --git a/ipacm/inc/IPACM_Wan.h b/ipacm/inc/IPACM_Wan.h
index 9acf175..9f1001a 100644
--- a/ipacm/inc/IPACM_Wan.h
+++ b/ipacm/inc/IPACM_Wan.h
@@ -370,6 +370,12 @@
/* handle for icmpv6 exception rule */
uint32_t icmpv6_exception_hdl;
+ /* handle for TCP FIN rule */
+ uint32_t tcp_fin_hdl;
+
+ /* handle for TCP RST rule */
+ uint32_t tcp_rst_hdl;
+
inline ipa_wan_client* get_client_memptr(ipa_wan_client *param, int cnt)
{
char *ret = ((char *)param) + (wan_client_len * cnt);
@@ -636,6 +642,10 @@
int add_icmpv6_exception_rule();
int delete_icmpv6_exception_rule();
+
+ int add_tcp_fin_rst_exception_rule();
+
+ int delete_tcp_fin_rst_exception_rule();
};
#endif /* IPACM_WAN_H */
diff --git a/ipacm/src/IPACM_Wan.cpp b/ipacm/src/IPACM_Wan.cpp
index 7638765..313593b 100644
--- a/ipacm/src/IPACM_Wan.cpp
+++ b/ipacm/src/IPACM_Wan.cpp
@@ -1854,6 +1854,13 @@
IPACMERR("Failed to send ICMPv6 ex rule to modem.\n");
return IPACM_FAILURE;
}
+
+ /* send ipv4 TCP FIN filtering rule */
+ if(iptype==IPA_IP_v4 && add_tcp_fin_rst_exception_rule())
+ {
+ IPACMERR("Failed to send TCP FIN RST rule to modem.\n");
+ return IPACM_FAILURE;
+ }
}
else
{
@@ -4899,6 +4906,12 @@
IPACMERR("Failed to delete icmpv6 rule \n");
return IPACM_FAILURE;
}
+ /* Delete tcp_fin_rst rule */
+ if(delete_tcp_fin_rst_exception_rule())
+ {
+ IPACMERR("Failed to delete tcp_fin_rst rule \n");
+ return IPACM_FAILURE;
+ }
}
else
{
@@ -7606,7 +7619,7 @@
flt_rule_entry.rule.retain_hdr = 1;
flt_rule_entry.rule.to_uc = 0;
flt_rule_entry.rule.eq_attrib_type = 0;
- flt_rule_entry.at_rear = true;
+ flt_rule_entry.at_rear = false;
flt_rule_entry.flt_rule_hdl = -1;
flt_rule_entry.status = -1;
flt_rule_entry.rule.action = IPA_PASS_TO_EXCEPTION;
@@ -7710,3 +7723,170 @@
}
return res;
}
+
+int IPACM_Wan::add_tcp_fin_rst_exception_rule()
+{
+ int fd;
+ int len, res = IPACM_SUCCESS;
+ uint8_t mux_id;
+ ipa_ioc_add_flt_rule *pFilteringTable = NULL;
+
+ mux_id = ext_prop->ext[0].mux_id;
+ /* contruct filter rules to pcie modem */
+ struct ipa_flt_rule_add flt_rule_entry;
+ ipa_ioc_generate_flt_eq flt_eq;
+
+ /* construct rule */
+ IPACMDBG_H("adding MHI TCP FIN RST rule\n");
+ len = sizeof(struct ipa_ioc_add_flt_rule) + (2 * sizeof(struct ipa_flt_rule_add));
+ pFilteringTable = (struct ipa_ioc_add_flt_rule*)malloc(len);
+ if (pFilteringTable == NULL)
+ {
+ IPACMERR("Error Locate ipa_flt_rule_add memory...\n");
+ return IPACM_FAILURE;
+ }
+ memset(pFilteringTable, 0, len);
+
+ pFilteringTable->commit = 1;
+ pFilteringTable->global = false;
+ pFilteringTable->ip = IPA_IP_v4;
+ pFilteringTable->num_rules = (uint8_t)2;
+
+ /* Configuring TCP FIN RST Filtering Rule */
+ memset(&flt_rule_entry, 0, sizeof(struct ipa_flt_rule_add));
+ flt_rule_entry.rule.retain_hdr = 1;
+ flt_rule_entry.rule.to_uc = 0;
+ flt_rule_entry.rule.eq_attrib_type = 0;
+ flt_rule_entry.at_rear = false;
+ flt_rule_entry.flt_rule_hdl = -1;
+ flt_rule_entry.status = -1;
+ flt_rule_entry.rule.action = IPA_PASS_TO_EXCEPTION;
+ /*
+ * need this since fin is last packet in an ongoing TCP connection
+ * so it will always match the previous hash and take MHIP path
+ */
+ flt_rule_entry.rule.hashable = false;
+
+ IPACMDBG_H("rx property attrib mask:0x%x\n", rx_prop->rx[0].attrib.attrib_mask);
+ memcpy(&flt_rule_entry.rule.attrib, &rx_prop->rx[0].attrib, sizeof(flt_rule_entry.rule.attrib));
+ flt_rule_entry.rule.attrib.attrib_mask |= IPA_FLT_PROTOCOL;
+ flt_rule_entry.rule.attrib.u.v4.protocol = (uint8_t)IPACM_FIREWALL_IPPROTO_TCP;
+
+ /* generate eq */
+ memset(&flt_eq, 0, sizeof(flt_eq));
+ memcpy(&flt_eq.attrib, &flt_rule_entry.rule.attrib, sizeof(flt_eq.attrib));
+ flt_eq.ip = IPA_IP_v4;
+
+ fd = open(IPA_DEVICE_NAME, O_RDWR);
+ if (fd < 0)
+ {
+ IPACMERR("Failed opening %s.\n", IPA_DEVICE_NAME);
+ free(pFilteringTable);
+ return IPACM_FAILURE;
+ }
+
+ if(0 != ioctl(fd, IPA_IOC_GENERATE_FLT_EQ, &flt_eq)) //define and cpy attribute to this struct
+ {
+ IPACMERR("Failed to get eq_attrib\n");
+ res = IPACM_FAILURE;
+ goto fail;
+ }
+ memcpy(&flt_rule_entry.rule.eq_attrib,
+ &flt_eq.eq_attrib,
+ sizeof(flt_rule_entry.rule.eq_attrib));
+
+ /* set the bit mask to use MEQ32_IHL offset */
+ #ifdef FEATURE_IPA_V3
+ flt_rule_entry.rule.eq_attrib.rule_eq_bitmap |= (1<<7);
+ #else
+ flt_rule_entry.rule.eq_attrib.rule_eq_bitmap |= (1<<8);
+ #endif
+
+ /* add offset to compare TCP flags */
+ flt_rule_entry.rule.eq_attrib.num_ihl_offset_meq_32 = 1;
+ flt_rule_entry.rule.eq_attrib.ihl_offset_meq_32[0].offset = 12;
+
+ /* add TCP FIN RULE */
+ flt_rule_entry.rule.eq_attrib.ihl_offset_meq_32[0].value = (((uint32_t)1)<<TCP_FIN_SHIFT);
+ flt_rule_entry.rule.eq_attrib.ihl_offset_meq_32[0].mask = (((uint32_t)1)<<TCP_FIN_SHIFT);
+ memcpy(&(pFilteringTable->rules[0]), &flt_rule_entry, sizeof(struct ipa_flt_rule_add));
+
+ /* add TCP RST rule*/
+ flt_rule_entry.rule.eq_attrib.ihl_offset_meq_32[0].value = (((uint32_t)1)<<TCP_RST_SHIFT);
+ flt_rule_entry.rule.eq_attrib.ihl_offset_meq_32[0].mask = (((uint32_t)1)<<TCP_RST_SHIFT);
+ memcpy(&(pFilteringTable->rules[1]), &flt_rule_entry, sizeof(struct ipa_flt_rule_add));
+
+ /* add rules */
+ if(false == m_filtering.AddOffloadFilteringRule(pFilteringTable, mux_id, 1))
+ {
+ IPACMERR("Failed to install WAN DL filtering table.\n");
+ res = IPACM_FAILURE;
+ goto fail;
+ }
+
+ /* save handle */
+ tcp_fin_hdl = pFilteringTable->rules[0].flt_rule_hdl;
+ tcp_rst_hdl = pFilteringTable->rules[1].flt_rule_hdl;
+
+fail:
+ close(fd);
+ if(pFilteringTable != NULL)
+ {
+ free(pFilteringTable);
+ }
+ return res;
+}
+
+int IPACM_Wan::delete_tcp_fin_rst_exception_rule()
+{
+ int len, res = IPACM_SUCCESS;
+ ipa_ioc_del_flt_rule *pFilteringTable = NULL;
+
+ struct ipa_flt_rule_del flt_rule_entry;
+
+ IPACMDBG_H("deleting MHI TCP FIN RST rule \n");
+ len = sizeof(struct ipa_ioc_del_flt_rule) + (2 * sizeof(struct ipa_flt_rule_del));
+ pFilteringTable = (struct ipa_ioc_del_flt_rule*)malloc(len);
+ if (pFilteringTable == NULL)
+ {
+ IPACMERR("Error Locate ipa_ioc_del_flt_rule memory...\n");
+ return IPACM_FAILURE;
+ }
+ memset(pFilteringTable, 0, len);
+
+ pFilteringTable->commit = 1;
+ pFilteringTable->ip = IPA_IP_v4;
+ pFilteringTable->num_hdls = (uint8_t)2;
+
+ if (tcp_fin_hdl == 0 || tcp_rst_hdl == 0)
+ {
+ IPACMERR("invalid tcp_fin_rst_hdl.\n");
+ res = IPACM_FAILURE;
+ goto fail;
+ }
+
+ memset(&flt_rule_entry, 0, sizeof(struct ipa_flt_rule_del));
+ flt_rule_entry.hdl = tcp_fin_hdl;
+
+ memcpy(&(pFilteringTable->hdl[0]), &flt_rule_entry, sizeof(struct ipa_flt_rule_del));
+
+ flt_rule_entry.hdl = tcp_rst_hdl;
+
+ memcpy(&(pFilteringTable->hdl[1]), &flt_rule_entry, sizeof(struct ipa_flt_rule_del));
+
+ if(false == m_filtering.DelOffloadFilteringRule(pFilteringTable))
+ {
+ IPACMERR("Failed to delete MHI TCP FIN RST rule.\n");
+ res = IPACM_FAILURE;
+ goto fail;
+ }
+ tcp_fin_hdl = 0;
+ tcp_rst_hdl = 0;
+
+fail:
+ if(pFilteringTable != NULL)
+ {
+ free(pFilteringTable);
+ }
+ return res;
+}