Commit 0f4a66cd authored by Lionel Gauthier's avatar Lionel Gauthier

iptables on SGW for local/remote eNB

git-svn-id: http://svn.eurecom.fr/openair4G/trunk@7204 818b1a75-f10b-46b9-bf7c-635c3b92a50f
parent ea7df917
...@@ -655,7 +655,6 @@ sgw_lite_handle_sgi_endpoint_updated( ...@@ -655,7 +655,6 @@ sgw_lite_handle_sgi_endpoint_updated(
task_id_t to_task; task_id_t to_task;
#if defined (ENABLE_USE_GTPU_IN_KERNEL) #if defined (ENABLE_USE_GTPU_IN_KERNEL)
static uint8_t iptable_uplink_remove_gtpu = FALSE; static uint8_t iptable_uplink_remove_gtpu = FALSE;
char *chain = NULL;
char cmd[256]; char cmd[256];
int ret; int ret;
#endif #endif
...@@ -715,7 +714,8 @@ sgw_lite_handle_sgi_endpoint_updated( ...@@ -715,7 +714,8 @@ sgw_lite_handle_sgi_endpoint_updated(
#if defined (ENABLE_USE_GTPU_IN_KERNEL) #if defined (ENABLE_USE_GTPU_IN_KERNEL)
ret = snprintf(cmd, ret = snprintf(cmd,
256, 256,
"iptables -t mangle -I POSTROUTING -d %u.%u.%u.%u -m mark --mark %u -j GTPUAH --own-ip %u.%u.%u.%u --own-tun %u --peer-ip %u.%u.%u.%u --peer-tun %u --action add", "iptables -t mangle -I %s -d %u.%u.%u.%u -m mark --mark %u -j GTPUAH --own-ip %u.%u.%u.%u --own-tun %u --peer-ip %u.%u.%u.%u --peer-tun %u --action add",
(spgw_config.sgw_config.local_to_eNB) ? "INPUT":"POSTROUTING",
eps_bearer_entry_p->paa.ipv4_address[0], eps_bearer_entry_p->paa.ipv4_address[0],
eps_bearer_entry_p->paa.ipv4_address[1], eps_bearer_entry_p->paa.ipv4_address[1],
eps_bearer_entry_p->paa.ipv4_address[2], eps_bearer_entry_p->paa.ipv4_address[2],
...@@ -751,7 +751,8 @@ sgw_lite_handle_sgi_endpoint_updated( ...@@ -751,7 +751,8 @@ sgw_lite_handle_sgi_endpoint_updated(
if ((resp_pP->eps_bearer_id == 5) && (spgw_config.pgw_config.pgw_masquerade_SGI == 0)) { if ((resp_pP->eps_bearer_id == 5) && (spgw_config.pgw_config.pgw_masquerade_SGI == 0)) {
ret = snprintf(cmd, ret = snprintf(cmd,
256, 256,
"iptables -t mangle -A POSTROUTING -d %u.%u.%u.%u -m mark --mark 0 -j GTPUAH --own-ip %u.%u.%u.%u --own-tun %u --peer-ip %u.%u.%u.%u --peer-tun %u --action add", "iptables -t mangle -A %s -d %u.%u.%u.%u -m mark --mark 0 -j GTPUAH --own-ip %u.%u.%u.%u --own-tun %u --peer-ip %u.%u.%u.%u --peer-tun %u --action add",
(spgw_config.sgw_config.local_to_eNB) ? "INPUT":"POSTROUTING",
eps_bearer_entry_p->paa.ipv4_address[0], eps_bearer_entry_p->paa.ipv4_address[0],
eps_bearer_entry_p->paa.ipv4_address[1], eps_bearer_entry_p->paa.ipv4_address[1],
eps_bearer_entry_p->paa.ipv4_address[2], eps_bearer_entry_p->paa.ipv4_address[2],
...@@ -778,16 +779,10 @@ sgw_lite_handle_sgi_endpoint_updated( ...@@ -778,16 +779,10 @@ sgw_lite_handle_sgi_endpoint_updated(
} }
if (iptable_uplink_remove_gtpu == FALSE) { if (iptable_uplink_remove_gtpu == FALSE) {
if (strncasecmp("tun",spgw_config.sgw_config.ipv4.sgw_interface_name_for_S1u_S12_S4_up, strlen("tun")) == 0) {
chain = "OUTPUT";
} else {
chain = "PREROUTING";
}
ret = snprintf(cmd, ret = snprintf(cmd,
256, 256,
"iptables -t raw -I %s -s %u.%u.%u.%u -d %u.%u.%u.%u -p udp --dport 2152 -j GTPURH --own-ip %u.%u.%u.%u --own-tun %u --peer-ip %u.%u.%u.%u --peer-tun %u --action remove", "iptables -t raw -I %s -s %u.%u.%u.%u -d %u.%u.%u.%u -p udp --dport 2152 -j GTPURH --own-ip %u.%u.%u.%u --own-tun %u --peer-ip %u.%u.%u.%u --peer-tun %u --action remove",
chain, (spgw_config.sgw_config.local_to_eNB) ? "OUTPUT":"PREROUTING",
eps_bearer_entry_p->enb_ip_address_for_S1u.address.ipv4_address[0], eps_bearer_entry_p->enb_ip_address_for_S1u.address.ipv4_address[0],
eps_bearer_entry_p->enb_ip_address_for_S1u.address.ipv4_address[1], eps_bearer_entry_p->enb_ip_address_for_S1u.address.ipv4_address[1],
eps_bearer_entry_p->enb_ip_address_for_S1u.address.ipv4_address[2], eps_bearer_entry_p->enb_ip_address_for_S1u.address.ipv4_address[2],
......
...@@ -162,6 +162,7 @@ int spgw_config_process(spgw_config_t* config_pP) ...@@ -162,6 +162,7 @@ int spgw_config_process(spgw_config_t* config_pP)
int ret = 0; int ret = 0;
if (strncasecmp("tun",config_pP->sgw_config.ipv4.sgw_interface_name_for_S1u_S12_S4_up, strlen("tun")) == 0) { if (strncasecmp("tun",config_pP->sgw_config.ipv4.sgw_interface_name_for_S1u_S12_S4_up, strlen("tun")) == 0) {
config_pP->sgw_config.local_to_eNB = TRUE;
if (snprintf(system_cmd, 256, if (snprintf(system_cmd, 256,
"ip link set %s down ;sync;openvpn --rmtun --dev %s;sync", "ip link set %s down ;sync;openvpn --rmtun --dev %s;sync",
config_pP->sgw_config.ipv4.sgw_interface_name_for_S1u_S12_S4_up, config_pP->sgw_config.ipv4.sgw_interface_name_for_S1u_S12_S4_up,
...@@ -232,6 +233,7 @@ int spgw_config_process(spgw_config_t* config_pP) ...@@ -232,6 +233,7 @@ int spgw_config_process(spgw_config_t* config_pP)
ret = -1; ret = -1;
} }
} else { } else {
config_pP->sgw_config.local_to_eNB = FALSE;
if (snprintf(system_cmd, 256, if (snprintf(system_cmd, 256,
"insmod $OPENAIR_TARGETS/bin/xt_GTPUAH.ko tunnel_local=0 gtpu_port=%u mtu=%u", "insmod $OPENAIR_TARGETS/bin/xt_GTPUAH.ko tunnel_local=0 gtpu_port=%u mtu=%u",
config_pP->sgw_config.sgw_udp_port_for_S1u_S12_S4_up, config_pP->sgw_config.sgw_udp_port_for_S1u_S12_S4_up,
...@@ -298,23 +300,31 @@ int spgw_config_process(spgw_config_t* config_pP) ...@@ -298,23 +300,31 @@ int spgw_config_process(spgw_config_t* config_pP)
// } // }
#if defined (ENABLE_USE_GTPU_IN_KERNEL) #if defined (ENABLE_USE_GTPU_IN_KERNEL)
if (config_pP->sgw_config.local_to_eNB) {
if (snprintf(system_cmd, 256, if (snprintf(system_cmd, 256,
"iptables -I POSTROUTING -t mangle -o %s -m mark ! --mark 0 ! --protocol sctp -j CONNMARK --save-mark", "iptables -I OUTPUT -t mangle -m mark ! --mark 0 ! --protocol sctp -j CONNMARK --save-mark") > 0) {
config_pP->pgw_config.ipv4.pgw_interface_name_for_SGI) > 0) {
ret += spgw_system(system_cmd, SPGW_ABORT_ON_ERROR, __FILE__, __LINE__); ret += spgw_system(system_cmd, SPGW_ABORT_ON_ERROR, __FILE__, __LINE__);
} else { } else {
SPGW_APP_ERROR("Save mark\n"); SPGW_APP_ERROR("Save mark\n");
ret = -1; ret = -1;
} }
if (snprintf(system_cmd, 256, if (snprintf(system_cmd, 256,
"iptables -I OUTPUT -t mangle -m mark ! --mark 0 ! --protocol sctp -j CONNMARK --save-mark") > 0) { "iptables -I INPUT -t mangle -i %s ! --protocol sctp -j CONNMARK --restore-mark",
config_pP->pgw_config.ipv4.pgw_interface_name_for_SGI) > 0) {
ret += spgw_system(system_cmd, SPGW_ABORT_ON_ERROR, __FILE__, __LINE__);
} else {
SPGW_APP_ERROR("Restore mark\n");
ret = -1;
}
} else {
if (snprintf(system_cmd, 256,
"iptables -I POSTROUTING -t mangle -o %s -m mark ! --mark 0 ! --protocol sctp -j CONNMARK --save-mark",
config_pP->pgw_config.ipv4.pgw_interface_name_for_SGI) > 0) {
ret += spgw_system(system_cmd, SPGW_ABORT_ON_ERROR, __FILE__, __LINE__); ret += spgw_system(system_cmd, SPGW_ABORT_ON_ERROR, __FILE__, __LINE__);
} else { } else {
SPGW_APP_ERROR("Save mark\n"); SPGW_APP_ERROR("Save mark\n");
ret = -1; ret = -1;
} }
if (snprintf(system_cmd, 256, if (snprintf(system_cmd, 256,
"iptables -I PREROUTING -t mangle -i %s ! --protocol sctp -j CONNMARK --restore-mark", "iptables -I PREROUTING -t mangle -i %s ! --protocol sctp -j CONNMARK --restore-mark",
config_pP->pgw_config.ipv4.pgw_interface_name_for_SGI) > 0) { config_pP->pgw_config.ipv4.pgw_interface_name_for_SGI) > 0) {
...@@ -323,6 +333,8 @@ int spgw_config_process(spgw_config_t* config_pP) ...@@ -323,6 +333,8 @@ int spgw_config_process(spgw_config_t* config_pP)
SPGW_APP_ERROR("Restore mark\n"); SPGW_APP_ERROR("Restore mark\n");
ret = -1; ret = -1;
} }
}
#endif #endif
return ret; return ret;
......
...@@ -100,6 +100,7 @@ typedef struct sgw_config_s { ...@@ -100,6 +100,7 @@ typedef struct sgw_config_s {
uint8_t sgw_drop_uplink_traffic; uint8_t sgw_drop_uplink_traffic;
uint8_t sgw_drop_downlink_traffic; uint8_t sgw_drop_downlink_traffic;
uint8_t local_to_eNB;
} sgw_config_t; } sgw_config_t;
// may be more // may be more
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment