Skip to content

O
OpenXG-RAN
Commit 2e8e8227 authored by Lionel Gauthier's avatar Lionel Gauthier
Browse files
Options

output traffic is now masqueraded depending on EPC config file if epc run on... 

output traffic is now masqueraded depending on EPC config file if epc run on same host than eNB.!!@@@###%&!?!!!

git-svn-id: http://svn.eurecom.fr/openair4G/trunk@6251 818b1a75-f10b-46b9-bf7c-635c3b92a50f
parent 5708ab17
Hide whitespace changes
Inline Side-by-side
Showing with 184 additions and 103 deletions
openair-cn/SGW-LITE/sgw_lite_handlers.c
View file @ 2e8e8227
...@@ -52,6 +52,7 @@ ...@@ -52,6 +52,7 @@
#include "sgw_lite_context_manager.h" #include "sgw_lite_context_manager.h"
#include "sgw_lite.h" #include "sgw_lite.h"
#include "pgw_lite_paa.h" #include "pgw_lite_paa.h"
#include "spgw_config.h"
extern sgw_app_t sgw_app; extern sgw_app_t sgw_app;
...@@ -611,7 +612,6 @@ sgw_lite_handle_sgi_endpoint_updated( ...@@ -611,7 +612,6 @@ sgw_lite_handle_sgi_endpoint_updated(
task_id_t to_task; task_id_t to_task;
#if defined (ENABLE_USE_GTPU_IN_KERNEL) #if defined (ENABLE_USE_GTPU_IN_KERNEL)
static uint8_t iptable_uplink_remove_gtpu = FALSE; static uint8_t iptable_uplink_remove_gtpu = FALSE;
char *interface_name_p = NULL;
#endif #endif
#if defined(ENABLE_STANDALONE_EPC) #if defined(ENABLE_STANDALONE_EPC)
...@@ -690,42 +690,58 @@ sgw_lite_handle_sgi_endpoint_updated( ...@@ -690,42 +690,58 @@ sgw_lite_handle_sgi_endpoint_updated(
exit (-1); exit (-1);
} }
//use API when prototype validated //use API when prototype validated
ret = system(cmd); ret = spgw_system(cmd, SPGW_ABORT_ON_ERROR);
if (ret < 0) { if (ret < 0) {
SPGW_APP_ERROR("ERROR in setting up downlink TUNNEL\n"); SPGW_APP_ERROR("ERROR in setting up downlink TUNNEL\n");
} }
if (iptable_uplink_remove_gtpu == FALSE) { if (iptable_uplink_remove_gtpu == FALSE) {
if (strncasecmp("tun",sgw_app.sgw_interface_name_for_S1u_S12_S4_up, strlen("tun")) == 0) { if (strncasecmp("tun",sgw_app.sgw_interface_name_for_S1u_S12_S4_up, strlen("tun")) == 0) {
interface_name_p = "lo"; ret = snprintf(cmd,
} else { 256,
interface_name_p = sgw_app.sgw_interface_name_for_S1u_S12_S4_up; "iptables -t raw -I OUTPUT -s %u.%u.%u.%u -d %u.%u.%u.%u -p udp --dport 2152 -j GTPURH --action remove",
} eps_bearer_entry_p->enb_ip_address_for_S1u.address.ipv4_address[0],
ret = snprintf(cmd, eps_bearer_entry_p->enb_ip_address_for_S1u.address.ipv4_address[1],
256, eps_bearer_entry_p->enb_ip_address_for_S1u.address.ipv4_address[2],
// no "-p udp --dport 2152" because of fragmented packets eps_bearer_entry_p->enb_ip_address_for_S1u.address.ipv4_address[3],
"iptables -t raw -I PREROUTING -i %s -s %u.%u.%u.%u -d %u.%u.%u.%u -p udp --dport 2152 -j GTPURH --action remove", sgw_app.sgw_ip_address_for_S1u_S12_S4_up & 0x000000FF,
interface_name_p, (sgw_app.sgw_ip_address_for_S1u_S12_S4_up & 0x0000FF00) >> 8,
eps_bearer_entry_p->enb_ip_address_for_S1u.address.ipv4_address[0], (sgw_app.sgw_ip_address_for_S1u_S12_S4_up & 0x00FF0000) >> 16,
eps_bearer_entry_p->enb_ip_address_for_S1u.address.ipv4_address[1], (sgw_app.sgw_ip_address_for_S1u_S12_S4_up & 0xFF000000) >> 24);
eps_bearer_entry_p->enb_ip_address_for_S1u.address.ipv4_address[2],
eps_bearer_entry_p->enb_ip_address_for_S1u.address.ipv4_address[3], if ((ret < 0) || (ret > 256)) {
sgw_app.sgw_ip_address_for_S1u_S12_S4_up & 0x000000FF, SPGW_APP_ERROR("ERROR in preparing uplink tunnel, tune string length\n");
(sgw_app.sgw_ip_address_for_S1u_S12_S4_up & 0x0000FF00) >> 8, exit (-1);
(sgw_app.sgw_ip_address_for_S1u_S12_S4_up & 0x00FF0000) >> 16, }
(sgw_app.sgw_ip_address_for_S1u_S12_S4_up & 0xFF000000) >> 24 SPGW_APP_DEBUG("%s\n", cmd);
); ret = spgw_system(cmd, SPGW_ABORT_ON_ERROR);
if ((ret < 0) || (ret > 256)) {
SPGW_APP_ERROR("ERROR in preparing uplink tunnel, tune string length\n");
exit (-1);
}
//use API when prototype validated
SPGW_APP_DEBUG("%s\n", cmd);
ret = system(cmd);
if (ret < 0) {
SPGW_APP_ERROR("ERROR in setting up uplink TUNNEL\n");
} else { } else {
iptable_uplink_remove_gtpu = TRUE; ret = snprintf(cmd,
256,
// no "-p udp --dport 2152" because of fragmented packets
"iptables -t raw -I PREROUTING -i %s -s %u.%u.%u.%u -d %u.%u.%u.%u -p udp --dport 2152 -j GTPURH --action remove",
sgw_app.sgw_interface_name_for_S1u_S12_S4_up,
eps_bearer_entry_p->enb_ip_address_for_S1u.address.ipv4_address[0],
eps_bearer_entry_p->enb_ip_address_for_S1u.address.ipv4_address[1],
eps_bearer_entry_p->enb_ip_address_for_S1u.address.ipv4_address[2],
eps_bearer_entry_p->enb_ip_address_for_S1u.address.ipv4_address[3],
sgw_app.sgw_ip_address_for_S1u_S12_S4_up & 0x000000FF,
(sgw_app.sgw_ip_address_for_S1u_S12_S4_up & 0x0000FF00) >> 8,
(sgw_app.sgw_ip_address_for_S1u_S12_S4_up & 0x00FF0000) >> 16,
(sgw_app.sgw_ip_address_for_S1u_S12_S4_up & 0xFF000000) >> 24
);
if ((ret < 0) || (ret > 256)) {
SPGW_APP_ERROR("ERROR in preparing uplink tunnel, tune string length\n");
exit (-1);
}
//use API when prototype validated
ret = spgw_system(cmd, SPGW_ABORT_ON_ERROR);
if (ret < 0) {
SPGW_APP_ERROR("ERROR in setting up uplink TUNNEL\n");
} else {
iptable_uplink_remove_gtpu = TRUE;
}
} }
} }
#endif #endif
......
openair-cn/SGW-LITE/sgw_lite_task.c
View file @ 2e8e8227
...@@ -123,31 +123,37 @@ int sgw_lite_init(char* config_file_name_pP) ...@@ -123,31 +123,37 @@ int sgw_lite_init(char* config_file_name_pP)
{ {
SPGW_APP_DEBUG("Initializing SPGW-APP task interface\n"); SPGW_APP_DEBUG("Initializing SPGW-APP task interface\n");
#if defined (ENABLE_USE_GTPU_IN_KERNEL) #if defined (ENABLE_USE_GTPU_IN_KERNEL)
spgw_system("rmmod iptable_raw > /dev/null 2>&1", 0); spgw_system("modprobe ip_tables", SPGW_ABORT_ON_ERROR);
spgw_system("rmmod iptable_mangle > /dev/null 2>&1", 0); spgw_system("modprobe x_tables", SPGW_ABORT_ON_ERROR);
spgw_system("rmmod iptable_nat > /dev/null 2>&1", 0); spgw_system("iptables -P INPUT ACCEPT", SPGW_WARN_ON_ERROR);
spgw_system("rmmod iptable_filter > /dev/null 2>&1", 0); spgw_system("iptables -F INPUT", SPGW_WARN_ON_ERROR);
spgw_system("rmmod ip_tables > /dev/null 2>&1", 0); spgw_system("iptables -P OUTPUT ACCEPT", SPGW_WARN_ON_ERROR);
spgw_system("rmmod xt_state xt_mark xt_GTPUAH xt_GTPURH xt_tcpudp xt_connmark ipt_LOG ipt_MASQUERADE > /dev/null 2>&1", 0); spgw_system("iptables -F OUTPUT", SPGW_WARN_ON_ERROR);
spgw_system("rmmod x_tables > /dev/null 2>&1", 0); spgw_system("iptables -P FORWARD ACCEPT", SPGW_WARN_ON_ERROR);
spgw_system("rmmod nf_conntrack_netlink nfnetlink nf_nat nf_conntrack_ipv4 nf_conntrack > /dev/null 2>&1", 0); spgw_system("iptables -F FORWARD", SPGW_WARN_ON_ERROR);
spgw_system("modprobe ip_tables", 1); spgw_system("iptables -t nat -F", SPGW_WARN_ON_ERROR);
spgw_system("modprobe x_tables", 1); spgw_system("iptables -t mangle -F", SPGW_WARN_ON_ERROR);
spgw_system("iptables -P INPUT ACCEPT", 0); spgw_system("iptables -t filter -F", SPGW_WARN_ON_ERROR);
spgw_system("iptables -F INPUT", 0); spgw_system("iptables -t raw -F", SPGW_WARN_ON_ERROR);
spgw_system("iptables -P OUTPUT ACCEPT", 0); spgw_system("ip route flush cache", SPGW_WARN_ON_ERROR);
spgw_system("iptables -F OUTPUT", 0); spgw_system("rmmod iptable_raw > /dev/null 2>&1", SPGW_WARN_ON_ERROR);
spgw_system("iptables -P FORWARD ACCEPT", 0); spgw_system("rmmod iptable_mangle > /dev/null 2>&1", SPGW_WARN_ON_ERROR);
spgw_system("iptables -F FORWARD", 0); spgw_system("rmmod iptable_nat > /dev/null 2>&1", SPGW_WARN_ON_ERROR);
spgw_system("iptables -t nat -F", 0); spgw_system("rmmod iptable_filter > /dev/null 2>&1", SPGW_WARN_ON_ERROR);
spgw_system("iptables -t mangle -F", 0); spgw_system("rmmod ip_tables > /dev/null 2>&1", SPGW_WARN_ON_ERROR);
spgw_system("iptables -t filter -F", 0); spgw_system("rmmod xt_state xt_mark xt_GTPUAH xt_GTPURH xt_tcpudp xt_connmark ipt_LOG ipt_MASQUERADE > /dev/null 2>&1", SPGW_WARN_ON_ERROR);
spgw_system("iptables -t raw -F", 0); spgw_system("rmmod x_tables > /dev/null 2>&1", SPGW_WARN_ON_ERROR);
spgw_system("ip route flush cache", 0); spgw_system("rmmod nf_conntrack_netlink nfnetlink nf_nat nf_conntrack_ipv4 nf_conntrack > /dev/null 2>&1", SPGW_WARN_ON_ERROR);
spgw_system("sysctl -w net.ipv4.netfilter.ip_conntrack_max=10000", 0); spgw_system("modprobe ip_tables", SPGW_ABORT_ON_ERROR);
spgw_system("sysctl -w net.ipv4.ip_forward=1", 0); spgw_system("modprobe x_tables", SPGW_ABORT_ON_ERROR);
spgw_system("insmod $OPENAIRCN_DIR/GTPV1-U/GTPUAH/Bin/xt_GTPUAH.ko", 1); spgw_system("sysctl -w net.ipv4.netfilter.ip_conntrack_max=16000", SPGW_WARN_ON_ERROR);
spgw_system("insmod $OPENAIRCN_DIR/GTPV1-U/GTPURH/Bin/xt_GTPURH.ko", 1); spgw_system("sysctl -w net.ipv4.ip_forward=1", SPGW_WARN_ON_ERROR);
spgw_system("sysctl -w net.ipv4.conf.all.accept_local=1",SPGW_WARN_ON_ERROR);
spgw_system("sysctl -w net.ipv4.conf.all.log_martians=1",SPGW_WARN_ON_ERROR);
spgw_system("sysctl -w net.ipv4.conf.all.route_localnet=1",SPGW_WARN_ON_ERROR);
spgw_system("sysctl -w net.ipv4.conf.all.rp_filter=0",SPGW_WARN_ON_ERROR);
spgw_system("insmod $OPENAIR_TARGETS/bin/xt_GTPUAH.ko", SPGW_ABORT_ON_ERROR);
spgw_system("insmod $OPENAIR_TARGETS/bin/xt_GTPURH.ko", SPGW_ABORT_ON_ERROR);
#endif #endif
spgw_config_init(config_file_name_pP, &spgw_config); spgw_config_init(config_file_name_pP, &spgw_config);
pgw_lite_load_pool_ip_addresses(); pgw_lite_load_pool_ip_addresses();
......
openair-cn/SGW-LITE/spgw_config.c
View file @ 2e8e8227
...@@ -131,7 +131,7 @@ sgw_ipv6_mask_in6_addr( ...@@ -131,7 +131,7 @@ sgw_ipv6_mask_in6_addr(
} }
int spgw_system(char *command_pP, int abort_on_errorP) { int spgw_system(char *command_pP, spgw_system_abort_control_e abort_on_errorP) {
int ret = -1; int ret = -1;
if (command_pP) { if (command_pP) {
SPGW_APP_INFO("system command: %s\n",command_pP); SPGW_APP_INFO("system command: %s\n",command_pP);
...@@ -158,7 +158,7 @@ int spgw_config_process(spgw_config_t* config_pP) { ...@@ -158,7 +158,7 @@ int spgw_config_process(spgw_config_t* config_pP) {
config_pP->sgw_config.ipv4.sgw_interface_name_for_S1u_S12_S4_up, config_pP->sgw_config.ipv4.sgw_interface_name_for_S1u_S12_S4_up,
config_pP->sgw_config.ipv4.sgw_interface_name_for_S1u_S12_S4_up config_pP->sgw_config.ipv4.sgw_interface_name_for_S1u_S12_S4_up
) > 0) { ) > 0) {
ret += spgw_system(system_cmd, 1); ret += spgw_system(system_cmd, SPGW_ABORT_ON_ERROR);
} else { } else {
SPGW_APP_ERROR("Del %s\n", config_pP->sgw_config.ipv4.sgw_interface_name_for_S1u_S12_S4_up); SPGW_APP_ERROR("Del %s\n", config_pP->sgw_config.ipv4.sgw_interface_name_for_S1u_S12_S4_up);
ret = -1; ret = -1;
...@@ -167,7 +167,7 @@ int spgw_config_process(spgw_config_t* config_pP) { ...@@ -167,7 +167,7 @@ int spgw_config_process(spgw_config_t* config_pP) {
"openvpn --mktun --dev %s;sync;ifconfig %s up;sync", "openvpn --mktun --dev %s;sync;ifconfig %s up;sync",
config_pP->sgw_config.ipv4.sgw_interface_name_for_S1u_S12_S4_up, config_pP->sgw_config.ipv4.sgw_interface_name_for_S1u_S12_S4_up,
config_pP->sgw_config.ipv4.sgw_interface_name_for_S1u_S12_S4_up) > 0) { config_pP->sgw_config.ipv4.sgw_interface_name_for_S1u_S12_S4_up) > 0) {
ret += spgw_system(system_cmd, 1); ret += spgw_system(system_cmd, SPGW_ABORT_ON_ERROR);
} else { } else {
SPGW_APP_ERROR("Create %s\n", config_pP->sgw_config.ipv4.sgw_interface_name_for_S1u_S12_S4_up); SPGW_APP_ERROR("Create %s\n", config_pP->sgw_config.ipv4.sgw_interface_name_for_S1u_S12_S4_up);
ret = -1; ret = -1;
...@@ -178,7 +178,7 @@ int spgw_config_process(spgw_config_t* config_pP) { ...@@ -178,7 +178,7 @@ int spgw_config_process(spgw_config_t* config_pP) {
inet_ntoa(inaddr), inet_ntoa(inaddr),
config_pP->sgw_config.ipv4.sgw_ip_netmask_for_S1u_S12_S4_up, config_pP->sgw_config.ipv4.sgw_ip_netmask_for_S1u_S12_S4_up,
config_pP->sgw_config.ipv4.sgw_interface_name_for_S1u_S12_S4_up) > 0) { config_pP->sgw_config.ipv4.sgw_interface_name_for_S1u_S12_S4_up) > 0) {
ret += spgw_system(system_cmd, 1); ret += spgw_system(system_cmd, SPGW_ABORT_ON_ERROR);
} else { } else {
SPGW_APP_ERROR("Set IPv4 address on %s\n", config_pP->sgw_config.ipv4.sgw_interface_name_for_S1u_S12_S4_up); SPGW_APP_ERROR("Set IPv4 address on %s\n", config_pP->sgw_config.ipv4.sgw_interface_name_for_S1u_S12_S4_up);
ret = -1; ret = -1;
...@@ -187,7 +187,7 @@ int spgw_config_process(spgw_config_t* config_pP) { ...@@ -187,7 +187,7 @@ int spgw_config_process(spgw_config_t* config_pP) {
if (snprintf(system_cmd, 128, if (snprintf(system_cmd, 128,
"iptables -t filter -I INPUT -i lo -d %s --protocol sctp -j DROP", "iptables -t filter -I INPUT -i lo -d %s --protocol sctp -j DROP",
inet_ntoa(inaddr)) > 0) { inet_ntoa(inaddr)) > 0) {
ret += spgw_system(system_cmd, 1); ret += spgw_system(system_cmd, SPGW_ABORT_ON_ERROR);
} else { } else {
SPGW_APP_ERROR("Drop SCTP traffic on S1U\n"); SPGW_APP_ERROR("Drop SCTP traffic on S1U\n");
ret = -1; ret = -1;
...@@ -195,7 +195,7 @@ int spgw_config_process(spgw_config_t* config_pP) { ...@@ -195,7 +195,7 @@ int spgw_config_process(spgw_config_t* config_pP) {
if (snprintf(system_cmd, 128, if (snprintf(system_cmd, 128,
"iptables -t filter -I INPUT -i lo -s %s --protocol sctp -j DROP", "iptables -t filter -I INPUT -i lo -s %s --protocol sctp -j DROP",
inet_ntoa(inaddr)) > 0) { inet_ntoa(inaddr)) > 0) {
ret += spgw_system(system_cmd, 1); ret += spgw_system(system_cmd, SPGW_ABORT_ON_ERROR);
} else { } else {
SPGW_APP_ERROR("Drop SCTP traffic on S1U\n"); SPGW_APP_ERROR("Drop SCTP traffic on S1U\n");
ret = -1; ret = -1;
...@@ -211,55 +211,77 @@ int spgw_config_process(spgw_config_t* config_pP) { ...@@ -211,55 +211,77 @@ int spgw_config_process(spgw_config_t* config_pP) {
config_pP->sgw_config.ipv4.sgw_interface_name_for_S1u_S12_S4_up, config_pP->sgw_config.ipv4.sgw_interface_name_for_S1u_S12_S4_up,
config_pP->sgw_config.sgw_interface_mtu_for_S1u_S12_S4_up) > 0) { config_pP->sgw_config.sgw_interface_mtu_for_S1u_S12_S4_up) > 0) {
SPGW_APP_INFO("Set S1U interface MTU: %s\n",system_cmd); SPGW_APP_INFO("Set S1U interface MTU: %s\n",system_cmd);
ret += spgw_system(system_cmd, 1); ret += spgw_system(system_cmd, SPGW_ABORT_ON_ERROR);
} else { } else {
SPGW_APP_ERROR("Set S1U interface MTU\n"); SPGW_APP_ERROR("Set S1U interface MTU\n");
ret = -1; ret = -1;
} }
if (config_pP->sgw_config.sgw_drop_uplink_traffic) { if (config_pP->sgw_config.sgw_drop_uplink_traffic) {
if (snprintf(system_cmd, 128, if (snprintf(system_cmd, 128,
"iptables -t raw -I PREROUTING -i %s --protocol udp --destination-port 2152 -j DROP", "iptables -t raw -I PREROUTING -i %s --protocol udp --destination-port 2152 -j DROP",
config_pP->sgw_config.ipv4.sgw_interface_name_for_S1u_S12_S4_up) > 0) { config_pP->sgw_config.ipv4.sgw_interface_name_for_S1u_S12_S4_up) > 0) {
SPGW_APP_INFO("Drop uplink traffic: %s\n",system_cmd); SPGW_APP_INFO("Drop uplink traffic: %s\n",system_cmd);
ret += spgw_system(system_cmd, 1); ret += spgw_system(system_cmd, SPGW_ABORT_ON_ERROR);
} else { } else {
SPGW_APP_ERROR("Drop uplink traffic\n"); SPGW_APP_ERROR("Drop uplink traffic\n");
ret = -1; ret = -1;
} }
} }
if (config_pP->pgw_config.pgw_masquerade_SGI) { if (config_pP->pgw_config.pgw_masquerade_SGI) {
if (snprintf(system_cmd, 128, inaddr.s_addr = config_pP->pgw_config.ipv4.pgw_ipv4_address_for_SGI;
"iptables -t nat -A POSTROUTING -o %s ! --protocol sctp -j MASQUERADE", if (snprintf(system_cmd, 128,
config_pP->pgw_config.ipv4.pgw_interface_name_for_SGI) > 0) { "iptables -t nat -I POSTROUTING -o %s ! --protocol sctp -j SNAT --to-source %s",
SPGW_APP_INFO("Masquerade SGI: %s\n",system_cmd); config_pP->pgw_config.ipv4.pgw_interface_name_for_SGI,
ret += spgw_system(system_cmd,1); inet_ntoa(inaddr)) > 0) {
} else { SPGW_APP_INFO("Masquerade SGI: %s\n",system_cmd);
SPGW_APP_ERROR("Masquerade SGI\n"); ret += spgw_system(system_cmd, SPGW_ABORT_ON_ERROR);
} else {
SPGW_APP_ERROR("Masquerade SGI\n");
ret = -1; ret = -1;
} }
} }
#if defined (ENABLE_USE_GTPU_IN_KERNEL) #if defined (ENABLE_USE_GTPU_IN_KERNEL)
if (snprintf(system_cmd, 128, if (snprintf(system_cmd, 128,
//"iptables -I POSTROUTING -t mangle -o %s -m state --state NEW -m mark ! --mark 0 ! --protocol sctp -j CONNMARK --save-mark", //"iptables -I POSTROUTING -t mangle -o %s -m state --state NEW -m mark ! --mark 0 ! --protocol sctp -j CONNMARK --save-mark",
"iptables -I POSTROUTING -t mangle -o %s -m mark ! --mark 0 ! --protocol sctp -j CONNMARK --save-mark", "iptables -I POSTROUTING -t mangle -o %s -m mark ! --mark 0 ! --protocol sctp -j CONNMARK --save-mark",
config_pP->pgw_config.ipv4.pgw_interface_name_for_SGI) > 0) { config_pP->pgw_config.ipv4.pgw_interface_name_for_SGI) > 0) {
SPGW_APP_INFO("Save mark: %s\n",system_cmd); ret += spgw_system(system_cmd, SPGW_ABORT_ON_ERROR);
ret += spgw_system(system_cmd, 1);
} else { } else {
SPGW_APP_ERROR("Save mark\n"); SPGW_APP_ERROR("Save mark\n");
ret = -1; ret = -1;
} }
if (snprintf(system_cmd, 128, if (snprintf(system_cmd, 128,
"iptables -I PREROUTING -t mangle -i %s ! --protocol sctp -j CONNMARK --restore-mark", "iptables -I PREROUTING -t mangle -i %s ! --protocol sctp -j CONNMARK --restore-mark",
config_pP->pgw_config.ipv4.pgw_interface_name_for_SGI) > 0) { config_pP->pgw_config.ipv4.pgw_interface_name_for_SGI) > 0) {
SPGW_APP_INFO("Restore mark: %s\n",system_cmd); ret += spgw_system(system_cmd, SPGW_ABORT_ON_ERROR);
ret += spgw_system(system_cmd, 1);
} else { } else {
SPGW_APP_ERROR("Restore mark\n"); SPGW_APP_ERROR("Restore mark\n");
ret = -1; ret = -1;
} }
ret += spgw_system("iptables -X INGTPU", SPGW_WARN_ON_ERROR);
ret += spgw_system("iptables -N INGTPU", SPGW_ABORT_ON_ERROR);
if (strncasecmp("tun",config_pP->sgw_config.ipv4.sgw_interface_name_for_S1u_S12_S4_up, strlen("tun")) == 0) {
if (snprintf(system_cmd, 128,
"iptables -A INPUT -i lo --protocol udp --destination-port 2152 -j INGTPU") > 0) {
ret += spgw_system(system_cmd, SPGW_ABORT_ON_ERROR);
} else {
SPGW_APP_ERROR("Trace IP traffic mark\n");
ret = -1;
}
} else {
if (snprintf(system_cmd, 128,
"iptables -A INPUT -i %s --protocol udp --destination-port 2152 -j INGTPU",
config_pP->sgw_config.ipv4.sgw_interface_name_for_S1u_S12_S4_up) > 0) {
ret += spgw_system(system_cmd, SPGW_ABORT_ON_ERROR);
} else {
SPGW_APP_ERROR("Trace IP traffic mark\n");
ret = -1;
}
}
ret += spgw_system("iptables -A INGTPU -j LOG --log-prefix ' INGTPU ' --log-ip-options --log-level 4", SPGW_ABORT_ON_ERROR);
ret += spgw_system("iptables -A INGTPU -j ACCEPT", SPGW_ABORT_ON_ERROR);
#endif #endif
return ret; return ret;
} }
...@@ -310,6 +332,7 @@ int spgw_config_init(char* lib_config_file_name_pP, spgw_config_t* config_pP) { ...@@ -310,6 +332,7 @@ int spgw_config_init(char* lib_config_file_name_pP, spgw_config_t* config_pP) {
pgw_lite_conf_ipv6_list_elm_t *ip6_ref = NULL; pgw_lite_conf_ipv6_list_elm_t *ip6_ref = NULL;
#if defined (ENABLE_USE_GTPU_IN_KERNEL) #if defined (ENABLE_USE_GTPU_IN_KERNEL)
char system_cmd[256]; char system_cmd[256];
int tun_id = 21;
#endif #endif
memset((char*)config_pP, 0 , sizeof(spgw_config_t)); memset((char*)config_pP, 0 , sizeof(spgw_config_t));
...@@ -502,30 +525,47 @@ int spgw_config_init(char* lib_config_file_name_pP, spgw_config_t* config_pP) { ...@@ -502,30 +525,47 @@ int spgw_config_init(char* lib_config_file_name_pP, spgw_config_t* config_pP) {
// valid address // valid address
atoken2 = strtok(NULL, PGW_CONFIG_STRING_IPV4_PREFIX_DELIMITER); atoken2 = strtok(NULL, PGW_CONFIG_STRING_IPV4_PREFIX_DELIMITER);
#if defined (ENABLE_USE_GTPU_IN_KERNEL) #if defined (ENABLE_USE_GTPU_IN_KERNEL)
if (snprintf(system_cmd, 128, "ip route add %s/%s dev %s", in_addr_var.s_addr = config_pP->sgw_config.ipv4.sgw_ipv4_address_for_S1u_S12_S4_up;
astring,
atoken2, if (strncasecmp("tun",config_pP->sgw_config.ipv4.sgw_interface_name_for_S1u_S12_S4_up, strlen("tun")) == 0) {
config_pP->sgw_config.ipv4.sgw_interface_name_for_S1u_S12_S4_up) > 0) { if (snprintf(system_cmd, 256,
SPGW_APP_INFO("Add route: %s\n",system_cmd); "ip link set tun%d down ;openvpn --rmtun --dev tun%d",
spgw_system(system_cmd, 1); tun_id,tun_id) > 0) {
spgw_system(system_cmd, SPGW_ABORT_ON_ERROR);
} else {
SPGW_APP_ERROR("Del tun%d\n", tun_id);
}
if (snprintf(system_cmd, 256,
"openvpn --mktun --dev tun%d;sync;ifconfig tun%d up;sync",
tun_id,tun_id) > 0) {
spgw_system(system_cmd, SPGW_ABORT_ON_ERROR);
} else {
SPGW_APP_ERROR("Create tun%d\n", tun_id);
}
} else { } else {
SPGW_APP_ERROR("Add route: for %s\n", astring); if (snprintf(system_cmd, 128, "ip route add %s/%s via %s dev %s",
astring,
atoken2,
inet_ntoa(in_addr_var),
config_pP->sgw_config.ipv4.sgw_interface_name_for_S1u_S12_S4_up) > 0) {
spgw_system(system_cmd, SPGW_ABORT_ON_ERROR);
} else {
SPGW_APP_ERROR("Add route: for %s\n", astring);
}
} }
if (config_pP->sgw_config.sgw_drop_downlink_traffic) { if (config_pP->sgw_config.sgw_drop_downlink_traffic) {
if (snprintf(system_cmd, 128, if (snprintf(system_cmd, 128,
"iptables -t filter -I FORWARD -d %s/%s -j DROP", "iptables -t filter -I FORWARD -d %s/%s -j DROP",
astring, atoken2) > 0) { astring, atoken2) > 0) {
SPGW_APP_INFO("Drop downlink traffic: %s\n",system_cmd); spgw_system(system_cmd, SPGW_ABORT_ON_ERROR);
spgw_system(system_cmd, 1);
} else { } else {
SPGW_APP_ERROR("Drop downlink traffic\n"); SPGW_APP_ERROR("Drop downlink traffic\n");
} }
if (snprintf(system_cmd, 128, if (snprintf(system_cmd, 128,
"iptables -t filter -I OUTPUT -d %s/%s -j DROP", "iptables -t filter -I OUTPUT -d %s/%s -j DROP",
astring, atoken2) > 0) { astring, atoken2) > 0) {
SPGW_APP_INFO("Drop downlink traffic: %s\n",system_cmd); spgw_system(system_cmd, SPGW_ABORT_ON_ERROR);
spgw_system(system_cmd, 1);
} else { } else {
SPGW_APP_ERROR("Drop downlink traffic\n"); SPGW_APP_ERROR("Drop downlink traffic\n");
} }
...@@ -533,6 +573,23 @@ int spgw_config_init(char* lib_config_file_name_pP, spgw_config_t* config_pP) { ...@@ -533,6 +573,23 @@ int spgw_config_init(char* lib_config_file_name_pP, spgw_config_t* config_pP) {
#endif #endif
prefix_mask = atoi(atoken2); prefix_mask = atoi(atoken2);
if ((prefix_mask >= 2)&&(prefix_mask < 32)) { if ((prefix_mask >= 2)&&(prefix_mask < 32)) {
#if defined (ENABLE_USE_GTPU_IN_KERNEL)
// TEST ONLY
if (strncasecmp("tun",config_pP->sgw_config.ipv4.sgw_interface_name_for_S1u_S12_S4_up, strlen("tun")) == 0) {
memcpy (&in_addr_var, buf_in_addr, sizeof(struct in_addr));
in_addr_var.s_addr = in_addr_var.s_addr + htonl(1);
if (snprintf(system_cmd, 256,
"ip -4 addr add %s/%d dev tun%d",
inet_ntoa(in_addr_var),
prefix_mask,
tun_id) > 0) {
spgw_system(system_cmd, SPGW_ABORT_ON_ERROR);
} else {
SPGW_APP_ERROR("Set IPv4 address on tun%d\n", tun_id);
}
tun_id +=1;
}
#endif
memcpy (&addr_start, buf_in_addr, sizeof(struct in_addr)); memcpy (&addr_start, buf_in_addr, sizeof(struct in_addr));
memcpy (&addr_mask, buf_in_addr, sizeof(struct in_addr)); memcpy (&addr_mask, buf_in_addr, sizeof(struct in_addr));
...@@ -565,14 +622,14 @@ int spgw_config_init(char* lib_config_file_name_pP, spgw_config_t* config_pP) { ...@@ -565,14 +622,14 @@ int spgw_config_init(char* lib_config_file_name_pP, spgw_config_t* config_pP) {
ip4_ref->addr = addr_start; ip4_ref->addr = addr_start;
STAILQ_INSERT_TAIL(&config_pP->pgw_config.pgw_lite_ipv4_pool_list, ip4_ref, ipv4_entries); STAILQ_INSERT_TAIL(&config_pP->pgw_config.pgw_lite_ipv4_pool_list, ip4_ref, ipv4_entries);
#if defined (ENABLE_USE_GTPU_IN_KERNEL) #if defined (ENABLE_USE_GTPU_IN_KERNEL)
if (snprintf(system_cmd, 128, "ip route add %s dev %s", /*if (snprintf(system_cmd, 128, "ip route add %s dev %s",
buf_in_addr, buf_in_addr,
config_pP->sgw_config.ipv4.sgw_interface_name_for_S1u_S12_S4_up) > 0) { config_pP->sgw_config.ipv4.sgw_interface_name_for_S1u_S12_S4_up) > 0) {
SPGW_APP_INFO("Add route: %s\n",system_cmd); SPGW_APP_INFO("Add route: %s\n",system_cmd);
spgw_system(system_cmd, 1); spgw_system(system_cmd, SPGW_ABORT_ON_ERROR);
} else { } else {
SPGW_APP_ERROR("Add route: for %s\n", buf_in_addr); SPGW_APP_ERROR("Add route: for %s\n", buf_in_addr);
} }*/
#endif #endif
} }
} }
......
openair-cn/SGW-LITE/spgw_config.h
View file @ 2e8e8227
...@@ -146,7 +146,9 @@ typedef struct spgw_config_s { ...@@ -146,7 +146,9 @@ typedef struct spgw_config_s {
extern spgw_config_t spgw_config; extern spgw_config_t spgw_config;
#endif #endif
int spgw_system(char *command_pP, int abort_on_errorP); typedef enum { SPGW_WARN_ON_ERROR = 0, SPGW_ABORT_ON_ERROR} spgw_system_abort_control_e;
int spgw_system(char *command_pP, spgw_system_abort_control_e abort_on_errorP);
int spgw_config_process(spgw_config_t* config_pP); int spgw_config_process(spgw_config_t* config_pP);
int spgw_config_init(char* lib_config_file_name_pP, spgw_config_t* config_pP); int spgw_config_init(char* lib_config_file_name_pP, spgw_config_t* config_pP);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment