Commit 7b7bfdaf authored by Lionel Gauthier's avatar Lionel Gauthier

git-svn-id: http://svn.eurecom.fr/openair4G/trunk@6285 818b1a75-f10b-46b9-bf7c-635c3b92a50f
parent 21fd7cb0
......@@ -55,6 +55,7 @@
#include "spgw_config.h"
extern sgw_app_t sgw_app;
extern spgw_config_t spgw_config;
static uint32_t g_gtpv1u_teid = 0;
......@@ -668,12 +669,13 @@ sgw_lite_handle_sgi_endpoint_updated(
char cmd[256];
int ret;
ret = snprintf(cmd,
256, // TO DO add --mark tun_id
"iptables -t mangle -A POSTROUTING -d %u.%u.%u.%u -j GTPUAH --own-ip %u.%u.%u.%u --own-tun %u --peer-ip %u.%u.%u.%u --peer-tun %u --action add",
256,
"iptables -t mangle -A POSTROUTING -d %u.%u.%u.%u -m mark --mark %u -j GTPUAH --own-ip %u.%u.%u.%u --own-tun %u --peer-ip %u.%u.%u.%u --peer-tun %u --action add",
eps_bearer_entry_p->paa.ipv4_address[0],
eps_bearer_entry_p->paa.ipv4_address[1],
eps_bearer_entry_p->paa.ipv4_address[2],
eps_bearer_entry_p->paa.ipv4_address[3],
eps_bearer_entry_p->s_gw_teid_for_S1u_S12_S4_up,
sgw_app.sgw_ip_address_for_S1u_S12_S4_up & 0x000000FF,
(sgw_app.sgw_ip_address_for_S1u_S12_S4_up & 0x0000FF00) >> 8,
(sgw_app.sgw_ip_address_for_S1u_S12_S4_up & 0x00FF0000) >> 16,
......@@ -690,16 +692,47 @@ sgw_lite_handle_sgi_endpoint_updated(
exit (-1);
}
//use API when prototype validated
ret = spgw_system(cmd, SPGW_ABORT_ON_ERROR);
ret = spgw_system(cmd, SPGW_ABORT_ON_ERROR, __FILE__, __LINE__);
if (ret < 0) {
SPGW_APP_ERROR("ERROR in setting up downlink TUNNEL\n");
}
// if default bearer
#warning "TODO define constant for default eps_bearer id"
if ((resp_pP->eps_bearer_id == 5) && (spgw_config.pgw_config.pgw_masquerade_SGI == 0)) {
ret = snprintf(cmd,
256,
"iptables -t mangle -A POSTROUTING -d %u.%u.%u.%u -m mark --mark 0 -j GTPUAH --own-ip %u.%u.%u.%u --own-tun %u --peer-ip %u.%u.%u.%u --peer-tun %u --action add",
eps_bearer_entry_p->paa.ipv4_address[0],
eps_bearer_entry_p->paa.ipv4_address[1],
eps_bearer_entry_p->paa.ipv4_address[2],
eps_bearer_entry_p->paa.ipv4_address[3],
sgw_app.sgw_ip_address_for_S1u_S12_S4_up & 0x000000FF,
(sgw_app.sgw_ip_address_for_S1u_S12_S4_up & 0x0000FF00) >> 8,
(sgw_app.sgw_ip_address_for_S1u_S12_S4_up & 0x00FF0000) >> 16,
(sgw_app.sgw_ip_address_for_S1u_S12_S4_up & 0xFF000000) >> 24,
eps_bearer_entry_p->s_gw_teid_for_S1u_S12_S4_up,
eps_bearer_entry_p->enb_ip_address_for_S1u.address.ipv4_address[0],
eps_bearer_entry_p->enb_ip_address_for_S1u.address.ipv4_address[1],
eps_bearer_entry_p->enb_ip_address_for_S1u.address.ipv4_address[2],
eps_bearer_entry_p->enb_ip_address_for_S1u.address.ipv4_address[3],
eps_bearer_entry_p->enb_teid_for_S1u
);
if ((ret < 0) || (ret > 256)) {
SPGW_APP_ERROR("ERROR in preparing downlink tunnel, tune string length\n");
exit (-1);
}
//use API when prototype validated
ret = spgw_system(cmd, SPGW_ABORT_ON_ERROR, __FILE__, __LINE__);
if (ret < 0) {
SPGW_APP_ERROR("ERROR in setting up downlink TUNNEL\n");
}
}
if (iptable_uplink_remove_gtpu == FALSE) {
if (strncasecmp("tun",sgw_app.sgw_interface_name_for_S1u_S12_S4_up, strlen("tun")) == 0) {
ret = snprintf(cmd,
256,
"iptables -t raw -I OUTPUT -s %u.%u.%u.%u -d %u.%u.%u.%u -p udp --dport 2152 -j GTPURH --action remove",
"iptables -t raw -A OUTPUT -s %u.%u.%u.%u -d %u.%u.%u.%u -p udp --dport 2152 -j GTPURH --own-ip %u.%u.%u.%u --own-tun %u --peer-ip %u.%u.%u.%u --peer-tun %u --action remove",
eps_bearer_entry_p->enb_ip_address_for_S1u.address.ipv4_address[0],
eps_bearer_entry_p->enb_ip_address_for_S1u.address.ipv4_address[1],
eps_bearer_entry_p->enb_ip_address_for_S1u.address.ipv4_address[2],
......@@ -707,18 +740,27 @@ sgw_lite_handle_sgi_endpoint_updated(
sgw_app.sgw_ip_address_for_S1u_S12_S4_up & 0x000000FF,
(sgw_app.sgw_ip_address_for_S1u_S12_S4_up & 0x0000FF00) >> 8,
(sgw_app.sgw_ip_address_for_S1u_S12_S4_up & 0x00FF0000) >> 16,
(sgw_app.sgw_ip_address_for_S1u_S12_S4_up & 0xFF000000) >> 24);
(sgw_app.sgw_ip_address_for_S1u_S12_S4_up & 0xFF000000) >> 24,
sgw_app.sgw_ip_address_for_S1u_S12_S4_up & 0x000000FF,
(sgw_app.sgw_ip_address_for_S1u_S12_S4_up & 0x0000FF00) >> 8,
(sgw_app.sgw_ip_address_for_S1u_S12_S4_up & 0x00FF0000) >> 16,
(sgw_app.sgw_ip_address_for_S1u_S12_S4_up & 0xFF000000) >> 24,
eps_bearer_entry_p->s_gw_teid_for_S1u_S12_S4_up,
eps_bearer_entry_p->enb_ip_address_for_S1u.address.ipv4_address[0],
eps_bearer_entry_p->enb_ip_address_for_S1u.address.ipv4_address[1],
eps_bearer_entry_p->enb_ip_address_for_S1u.address.ipv4_address[2],
eps_bearer_entry_p->enb_ip_address_for_S1u.address.ipv4_address[3],
eps_bearer_entry_p->enb_teid_for_S1u);
if ((ret < 0) || (ret > 256)) {
SPGW_APP_ERROR("ERROR in preparing uplink tunnel, tune string length\n");
exit (-1);
}
ret = spgw_system(cmd, SPGW_ABORT_ON_ERROR);
} else {
ret = spgw_system(cmd, SPGW_ABORT_ON_ERROR, __FILE__, __LINE__);
ret = snprintf(cmd,
256,
// no "-p udp --dport 2152" because of fragmented packets
"iptables -t raw -I PREROUTING -i %s -s %u.%u.%u.%u -d %u.%u.%u.%u -p udp --dport 2152 -j GTPURH --action remove",
"iptables -t raw -A PREROUTING -i %s -s %u.%u.%u.%u -d %u.%u.%u.%u -p udp --dport 2152 -j GTPURH --action remove --own-ip %u.%u.%u.%u --own-tun %u --peer-ip %u.%u.%u.%u --peer-tun %u ",
sgw_app.sgw_interface_name_for_S1u_S12_S4_up,
eps_bearer_entry_p->enb_ip_address_for_S1u.address.ipv4_address[0],
eps_bearer_entry_p->enb_ip_address_for_S1u.address.ipv4_address[1],
......@@ -727,22 +769,28 @@ sgw_lite_handle_sgi_endpoint_updated(
sgw_app.sgw_ip_address_for_S1u_S12_S4_up & 0x000000FF,
(sgw_app.sgw_ip_address_for_S1u_S12_S4_up & 0x0000FF00) >> 8,
(sgw_app.sgw_ip_address_for_S1u_S12_S4_up & 0x00FF0000) >> 16,
(sgw_app.sgw_ip_address_for_S1u_S12_S4_up & 0xFF000000) >> 24
);
(sgw_app.sgw_ip_address_for_S1u_S12_S4_up & 0xFF000000) >> 24,
sgw_app.sgw_ip_address_for_S1u_S12_S4_up & 0x000000FF,
(sgw_app.sgw_ip_address_for_S1u_S12_S4_up & 0x0000FF00) >> 8,
(sgw_app.sgw_ip_address_for_S1u_S12_S4_up & 0x00FF0000) >> 16,
(sgw_app.sgw_ip_address_for_S1u_S12_S4_up & 0xFF000000) >> 24,
eps_bearer_entry_p->s_gw_teid_for_S1u_S12_S4_up,
eps_bearer_entry_p->enb_ip_address_for_S1u.address.ipv4_address[0],
eps_bearer_entry_p->enb_ip_address_for_S1u.address.ipv4_address[1],
eps_bearer_entry_p->enb_ip_address_for_S1u.address.ipv4_address[2],
eps_bearer_entry_p->enb_ip_address_for_S1u.address.ipv4_address[3],
eps_bearer_entry_p->enb_teid_for_S1u);
if ((ret < 0) || (ret > 256)) {
SPGW_APP_ERROR("ERROR in preparing uplink tunnel, tune string length\n");
exit (-1);
}
//use API when prototype validated
ret = spgw_system(cmd, SPGW_ABORT_ON_ERROR);
ret = spgw_system(cmd, SPGW_ABORT_ON_ERROR, __FILE__, __LINE__);
if (ret < 0) {
SPGW_APP_ERROR("ERROR in setting up uplink TUNNEL\n");
} else {
iptable_uplink_remove_gtpu = TRUE;
}
}
}
#endif
}
return itti_send_msg_to_task(to_task, INSTANCE_DEFAULT, message_p);
......
......@@ -123,37 +123,35 @@ int sgw_lite_init(char* config_file_name_pP)
{
SPGW_APP_DEBUG("Initializing SPGW-APP task interface\n");
#if defined (ENABLE_USE_GTPU_IN_KERNEL)
spgw_system("modprobe ip_tables", SPGW_ABORT_ON_ERROR);
spgw_system("modprobe x_tables", SPGW_ABORT_ON_ERROR);
spgw_system("iptables -P INPUT ACCEPT", SPGW_WARN_ON_ERROR);
spgw_system("iptables -F INPUT", SPGW_WARN_ON_ERROR);
spgw_system("iptables -P OUTPUT ACCEPT", SPGW_WARN_ON_ERROR);
spgw_system("iptables -F OUTPUT", SPGW_WARN_ON_ERROR);
spgw_system("iptables -P FORWARD ACCEPT", SPGW_WARN_ON_ERROR);
spgw_system("iptables -F FORWARD", SPGW_WARN_ON_ERROR);
spgw_system("iptables -t nat -F", SPGW_WARN_ON_ERROR);
spgw_system("iptables -t mangle -F", SPGW_WARN_ON_ERROR);
spgw_system("iptables -t filter -F", SPGW_WARN_ON_ERROR);
spgw_system("iptables -t raw -F", SPGW_WARN_ON_ERROR);
spgw_system("ip route flush cache", SPGW_WARN_ON_ERROR);
spgw_system("rmmod iptable_raw > /dev/null 2>&1", SPGW_WARN_ON_ERROR);
spgw_system("rmmod iptable_mangle > /dev/null 2>&1", SPGW_WARN_ON_ERROR);
spgw_system("rmmod iptable_nat > /dev/null 2>&1", SPGW_WARN_ON_ERROR);
spgw_system("rmmod iptable_filter > /dev/null 2>&1", SPGW_WARN_ON_ERROR);
spgw_system("rmmod ip_tables > /dev/null 2>&1", SPGW_WARN_ON_ERROR);
spgw_system("rmmod xt_state xt_mark xt_GTPUAH xt_GTPURH xt_tcpudp xt_connmark ipt_LOG ipt_MASQUERADE > /dev/null 2>&1", SPGW_WARN_ON_ERROR);
spgw_system("rmmod x_tables > /dev/null 2>&1", SPGW_WARN_ON_ERROR);
spgw_system("rmmod nf_conntrack_netlink nfnetlink nf_nat nf_conntrack_ipv4 nf_conntrack > /dev/null 2>&1", SPGW_WARN_ON_ERROR);
spgw_system("modprobe ip_tables", SPGW_ABORT_ON_ERROR);
spgw_system("modprobe x_tables", SPGW_ABORT_ON_ERROR);
spgw_system("sysctl -w net.ipv4.netfilter.ip_conntrack_max=16000", SPGW_WARN_ON_ERROR);
spgw_system("sysctl -w net.ipv4.ip_forward=1", SPGW_WARN_ON_ERROR);
spgw_system("sysctl -w net.ipv4.conf.all.accept_local=1",SPGW_WARN_ON_ERROR);
spgw_system("sysctl -w net.ipv4.conf.all.log_martians=1",SPGW_WARN_ON_ERROR);
spgw_system("sysctl -w net.ipv4.conf.all.route_localnet=1",SPGW_WARN_ON_ERROR);
spgw_system("sysctl -w net.ipv4.conf.all.rp_filter=0",SPGW_WARN_ON_ERROR);
spgw_system("insmod $OPENAIR_TARGETS/bin/xt_GTPUAH.ko", SPGW_ABORT_ON_ERROR);
spgw_system("insmod $OPENAIR_TARGETS/bin/xt_GTPURH.ko", SPGW_ABORT_ON_ERROR);
spgw_system("modprobe ip_tables", SPGW_ABORT_ON_ERROR, __FILE__, __LINE__);
spgw_system("modprobe x_tables", SPGW_ABORT_ON_ERROR, __FILE__, __LINE__);
spgw_system("iptables -P INPUT ACCEPT", SPGW_WARN_ON_ERROR, __FILE__, __LINE__);
spgw_system("iptables -F INPUT", SPGW_WARN_ON_ERROR, __FILE__, __LINE__);
spgw_system("iptables -P OUTPUT ACCEPT", SPGW_WARN_ON_ERROR, __FILE__, __LINE__);
spgw_system("iptables -F OUTPUT", SPGW_WARN_ON_ERROR, __FILE__, __LINE__);
spgw_system("iptables -P FORWARD ACCEPT", SPGW_WARN_ON_ERROR, __FILE__, __LINE__);
spgw_system("iptables -F FORWARD", SPGW_WARN_ON_ERROR, __FILE__, __LINE__);
spgw_system("iptables -t nat -F", SPGW_WARN_ON_ERROR, __FILE__, __LINE__);
spgw_system("iptables -t mangle -F", SPGW_WARN_ON_ERROR, __FILE__, __LINE__);
spgw_system("iptables -t filter -F", SPGW_WARN_ON_ERROR, __FILE__, __LINE__);
spgw_system("iptables -t raw -F", SPGW_WARN_ON_ERROR, __FILE__, __LINE__);
spgw_system("ip route flush cache", SPGW_WARN_ON_ERROR, __FILE__, __LINE__);
spgw_system("rmmod iptable_raw > /dev/null 2>&1", SPGW_WARN_ON_ERROR, __FILE__, __LINE__);
spgw_system("rmmod iptable_mangle > /dev/null 2>&1", SPGW_WARN_ON_ERROR, __FILE__, __LINE__);
spgw_system("rmmod iptable_nat > /dev/null 2>&1", SPGW_WARN_ON_ERROR, __FILE__, __LINE__);
spgw_system("rmmod iptable_filter > /dev/null 2>&1", SPGW_WARN_ON_ERROR, __FILE__, __LINE__);
spgw_system("rmmod ip_tables > /dev/null 2>&1", SPGW_WARN_ON_ERROR, __FILE__, __LINE__);
spgw_system("rmmod xt_state xt_mark xt_GTPUAH xt_GTPURH xt_tcpudp xt_connmark ipt_LOG ipt_MASQUERADE > /dev/null 2>&1", SPGW_WARN_ON_ERROR, __FILE__, __LINE__);
spgw_system("rmmod x_tables > /dev/null 2>&1", SPGW_WARN_ON_ERROR, __FILE__, __LINE__);
spgw_system("rmmod nf_conntrack_netlink nfnetlink nf_nat nf_conntrack_ipv4 nf_conntrack > /dev/null 2>&1", SPGW_WARN_ON_ERROR, __FILE__, __LINE__);
spgw_system("modprobe ip_tables", SPGW_ABORT_ON_ERROR, __FILE__, __LINE__);
spgw_system("modprobe x_tables", SPGW_ABORT_ON_ERROR, __FILE__, __LINE__);
spgw_system("sysctl -w net.ipv4.netfilter.ip_conntrack_max=16000", SPGW_WARN_ON_ERROR, __FILE__, __LINE__);
spgw_system("sysctl -w net.ipv4.ip_forward=1", SPGW_WARN_ON_ERROR, __FILE__, __LINE__);
spgw_system("sysctl -w net.ipv4.conf.all.accept_local=1",SPGW_WARN_ON_ERROR, __FILE__, __LINE__);
spgw_system("sysctl -w net.ipv4.conf.all.log_martians=1",SPGW_WARN_ON_ERROR, __FILE__, __LINE__);
spgw_system("sysctl -w net.ipv4.conf.all.route_localnet=1",SPGW_WARN_ON_ERROR, __FILE__, __LINE__);
spgw_system("sysctl -w net.ipv4.conf.all.rp_filter=0",SPGW_WARN_ON_ERROR, __FILE__, __LINE__);
#endif
spgw_config_init(config_file_name_pP, &spgw_config);
pgw_lite_load_pool_ip_addresses();
......
......@@ -131,14 +131,14 @@ sgw_ipv6_mask_in6_addr(
}
int spgw_system(char *command_pP, spgw_system_abort_control_e abort_on_errorP) {
int spgw_system(char *command_pP, spgw_system_abort_control_e abort_on_errorP, const char * const file_nameP, const int line_numberP) {
int ret = -1;
if (command_pP) {
SPGW_APP_INFO("system command: %s\n",command_pP);
ret = system(command_pP);
if (ret != 0) {
SPGW_APP_ERROR("ERROR in system command %s: %d\n",
command_pP,ret);
SPGW_APP_ERROR("ERROR in system command %s: %d at %s:%u\n",
command_pP,ret, file_nameP, line_numberP);
if (abort_on_errorP) {
exit(-1); // may be not exit
}
......@@ -158,7 +158,7 @@ int spgw_config_process(spgw_config_t* config_pP) {
config_pP->sgw_config.ipv4.sgw_interface_name_for_S1u_S12_S4_up,
config_pP->sgw_config.ipv4.sgw_interface_name_for_S1u_S12_S4_up
) > 0) {
ret += spgw_system(system_cmd, SPGW_ABORT_ON_ERROR);
ret += spgw_system(system_cmd, SPGW_ABORT_ON_ERROR, __FILE__, __LINE__);
} else {
SPGW_APP_ERROR("Del %s\n", config_pP->sgw_config.ipv4.sgw_interface_name_for_S1u_S12_S4_up);
ret = -1;
......@@ -166,7 +166,7 @@ int spgw_config_process(spgw_config_t* config_pP) {
if (snprintf(system_cmd, 256,
"openvpn --mktun --dev %s;sync",
config_pP->sgw_config.ipv4.sgw_interface_name_for_S1u_S12_S4_up) > 0) {
ret += spgw_system(system_cmd, SPGW_ABORT_ON_ERROR);
ret += spgw_system(system_cmd, SPGW_ABORT_ON_ERROR, __FILE__, __LINE__);
} else {
SPGW_APP_ERROR("Create %s\n", config_pP->sgw_config.ipv4.sgw_interface_name_for_S1u_S12_S4_up);
ret = -1;
......@@ -177,7 +177,7 @@ int spgw_config_process(spgw_config_t* config_pP) {
inet_ntoa(inaddr),
config_pP->sgw_config.ipv4.sgw_ip_netmask_for_S1u_S12_S4_up,
config_pP->sgw_config.ipv4.sgw_interface_name_for_S1u_S12_S4_up) > 0) {
ret += spgw_system(system_cmd, SPGW_ABORT_ON_ERROR);
ret += spgw_system(system_cmd, SPGW_ABORT_ON_ERROR, __FILE__, __LINE__);
} else {
SPGW_APP_ERROR("Set IPv4 address on %s\n", config_pP->sgw_config.ipv4.sgw_interface_name_for_S1u_S12_S4_up);
ret = -1;
......@@ -185,32 +185,53 @@ int spgw_config_process(spgw_config_t* config_pP) {
if (snprintf(system_cmd, 256,
"sync;ifconfig %s up;sync",
config_pP->sgw_config.ipv4.sgw_interface_name_for_S1u_S12_S4_up) > 0) {
ret += spgw_system(system_cmd, SPGW_ABORT_ON_ERROR);
ret += spgw_system(system_cmd, SPGW_ABORT_ON_ERROR, __FILE__, __LINE__);
} else {
SPGW_APP_ERROR("ifconfig up %s\n", config_pP->sgw_config.ipv4.sgw_interface_name_for_S1u_S12_S4_up);
ret = -1;
}
if (snprintf(system_cmd, 128,
if (snprintf(system_cmd, 256,
"iptables -t filter -I INPUT -i lo -d %s --protocol sctp -j DROP",
inet_ntoa(inaddr)) > 0) {
ret += spgw_system(system_cmd, SPGW_ABORT_ON_ERROR);
ret += spgw_system(system_cmd, SPGW_ABORT_ON_ERROR, __FILE__, __LINE__);
} else {
SPGW_APP_ERROR("Drop SCTP traffic on S1U\n");
ret = -1;
}
if (snprintf(system_cmd, 128,
if (snprintf(system_cmd, 256,
"iptables -t filter -I INPUT -i lo -s %s --protocol sctp -j DROP",
inet_ntoa(inaddr)) > 0) {
ret += spgw_system(system_cmd, SPGW_ABORT_ON_ERROR);
ret += spgw_system(system_cmd, SPGW_ABORT_ON_ERROR, __FILE__, __LINE__);
} else {
SPGW_APP_ERROR("Drop SCTP traffic on S1U\n");
ret = -1;
}
if (snprintf(system_cmd, 256,
"insmod $OPENAIR_TARGETS/bin/xt_GTPUAH.ko tunnel_local=1 gtpu_port=%u mtu=%u",
config_pP->sgw_config.sgw_udp_port_for_S1u_S12_S4_up,
config_pP->sgw_config.sgw_interface_mtu_for_S1u_S12_S4_up) > 0) {
ret += spgw_system(system_cmd, SPGW_ABORT_ON_ERROR, __FILE__, __LINE__);
} else {
SPGW_APP_ERROR("GTPUAH kernel module\n");
ret = -1;
}
} else {
if (snprintf(system_cmd, 256,
"insmod $OPENAIR_TARGETS/bin/xt_GTPUAH.ko tunnel_local=0 gtpu_port=%u mtu=%u",
config_pP->sgw_config.sgw_udp_port_for_S1u_S12_S4_up,
config_pP->sgw_config.sgw_interface_mtu_for_S1u_S12_S4_up) > 0) {
ret += spgw_system(system_cmd, SPGW_ABORT_ON_ERROR, __FILE__, __LINE__);
} else {
SPGW_APP_ERROR("GTPUAH kernel module\n");
ret = -1;
}
}
spgw_system("insmod $OPENAIR_TARGETS/bin/xt_GTPURH.ko", SPGW_ABORT_ON_ERROR, __FILE__, __LINE__);
#if defined (ENABLE_USE_GTPU_IN_KERNEL)
ret += spgw_system("echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects", 1);
ret += spgw_system("echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects", SPGW_ABORT_ON_ERROR, __FILE__, __LINE__);
#endif
if (snprintf(system_cmd, 256,
......@@ -218,18 +239,18 @@ int spgw_config_process(spgw_config_t* config_pP) {
config_pP->sgw_config.ipv4.sgw_interface_name_for_S1u_S12_S4_up,
config_pP->sgw_config.sgw_interface_mtu_for_S1u_S12_S4_up) > 0) {
SPGW_APP_INFO("Set S1U interface MTU: %s\n",system_cmd);
ret += spgw_system(system_cmd, SPGW_ABORT_ON_ERROR);
ret += spgw_system(system_cmd, SPGW_ABORT_ON_ERROR, __FILE__, __LINE__);
} else {
SPGW_APP_ERROR("Set S1U interface MTU\n");
ret = -1;
}
if (config_pP->sgw_config.sgw_drop_uplink_traffic) {
if (snprintf(system_cmd, 128,
if (snprintf(system_cmd, 256,
"iptables -t raw -I PREROUTING -i %s --protocol udp --destination-port 2152 -j DROP",
config_pP->sgw_config.ipv4.sgw_interface_name_for_S1u_S12_S4_up) > 0) {
SPGW_APP_INFO("Drop uplink traffic: %s\n",system_cmd);
ret += spgw_system(system_cmd, SPGW_ABORT_ON_ERROR);
ret += spgw_system(system_cmd, SPGW_ABORT_ON_ERROR, __FILE__, __LINE__);
} else {
SPGW_APP_ERROR("Drop uplink traffic\n");
ret = -1;
......@@ -238,57 +259,92 @@ int spgw_config_process(spgw_config_t* config_pP) {
if (config_pP->pgw_config.pgw_masquerade_SGI) {
inaddr.s_addr = config_pP->pgw_config.ipv4.pgw_ipv4_address_for_SGI;
if (snprintf(system_cmd, 128,
if (snprintf(system_cmd, 256,
"iptables -t nat -I POSTROUTING -o %s ! --protocol sctp -j SNAT --to-source %s",
config_pP->pgw_config.ipv4.pgw_interface_name_for_SGI,
inet_ntoa(inaddr)) > 0) {
SPGW_APP_INFO("Masquerade SGI: %s\n",system_cmd);
ret += spgw_system(system_cmd, SPGW_ABORT_ON_ERROR);
ret += spgw_system(system_cmd, SPGW_ABORT_ON_ERROR, __FILE__, __LINE__);
} else {
SPGW_APP_ERROR("Masquerade SGI\n");
ret = -1;
}
}
#if defined (ENABLE_USE_GTPU_IN_KERNEL)
if (snprintf(system_cmd, 128,
if (snprintf(system_cmd, 256,
//"iptables -I POSTROUTING -t mangle -o %s -m state --state NEW -m mark ! --mark 0 ! --protocol sctp -j CONNMARK --save-mark",
"iptables -I POSTROUTING -t mangle -o %s -m mark ! --mark 0 ! --protocol sctp -j CONNMARK --save-mark",
config_pP->pgw_config.ipv4.pgw_interface_name_for_SGI) > 0) {
ret += spgw_system(system_cmd, SPGW_ABORT_ON_ERROR);
ret += spgw_system(system_cmd, SPGW_ABORT_ON_ERROR, __FILE__, __LINE__);
} else {
SPGW_APP_ERROR("Save mark\n");
ret = -1;
}
if (snprintf(system_cmd, 128,
if (snprintf(system_cmd, 256,
"iptables -I OUTPUT -t mangle -m mark ! --mark 0 ! --protocol sctp -j CONNMARK --save-mark") > 0) {
ret += spgw_system(system_cmd, SPGW_ABORT_ON_ERROR, __FILE__, __LINE__);
} else {
SPGW_APP_ERROR("Save mark\n");
ret = -1;
}
if (snprintf(system_cmd, 256,
"iptables -I PREROUTING -t mangle -i %s ! --protocol sctp -j CONNMARK --restore-mark",
config_pP->pgw_config.ipv4.pgw_interface_name_for_SGI) > 0) {
ret += spgw_system(system_cmd, SPGW_ABORT_ON_ERROR);
ret += spgw_system(system_cmd, SPGW_ABORT_ON_ERROR, __FILE__, __LINE__);
} else {
SPGW_APP_ERROR("Restore mark\n");
ret = -1;
}
ret += spgw_system("iptables -X INGTPU", SPGW_WARN_ON_ERROR);
ret += spgw_system("iptables -N INGTPU", SPGW_ABORT_ON_ERROR);
if (strncasecmp("tun",config_pP->sgw_config.ipv4.sgw_interface_name_for_S1u_S12_S4_up, strlen("tun")) == 0) {
if (snprintf(system_cmd, 128,
"iptables -A INPUT -i lo --protocol udp --destination-port 2152 -j INGTPU") > 0) {
ret += spgw_system(system_cmd, SPGW_ABORT_ON_ERROR);
/*// Mark already there
if (snprintf(system_cmd, 256,
"iptables -I INPUT -t mangle ! --protocol sctp -j CONNMARK --restore-mark") > 0) {
ret += spgw_system(system_cmd, SPGW_ABORT_ON_ERROR, __FILE__, __LINE__);
} else {
SPGW_APP_ERROR("iptables -I INPUT -t mangle ! --protocol sctp -j CONNMARK --restore-mark\n");
ret = -1;
}*/
ret += spgw_system("iptables -X INGTPU", SPGW_WARN_ON_ERROR, __FILE__, __LINE__);
ret += spgw_system("iptables -N INGTPU", SPGW_ABORT_ON_ERROR, __FILE__, __LINE__);
if (snprintf(system_cmd, 256,
"iptables -I INPUT --protocol udp --destination-port 2152 -j INGTPU") > 0) {
ret += spgw_system(system_cmd, SPGW_ABORT_ON_ERROR, __FILE__, __LINE__);
} else {
SPGW_APP_ERROR("Trace IP traffic mark\n");
ret = -1;
}
} else {
if (snprintf(system_cmd, 128,
"iptables -A INPUT -i %s --protocol udp --destination-port 2152 -j INGTPU",
config_pP->sgw_config.ipv4.sgw_interface_name_for_S1u_S12_S4_up) > 0) {
ret += spgw_system(system_cmd, SPGW_ABORT_ON_ERROR);
ret += spgw_system("iptables -A INGTPU -j LOG --log-prefix ' INGTPU ' --log-ip-options --log-level 4", SPGW_ABORT_ON_ERROR, __FILE__, __LINE__);
//ret += spgw_system("iptables -A INGTPU -j ACCEPT", SPGW_ABORT_ON_ERROR, __FILE__, __LINE__);
ret += spgw_system("iptables -X OUTGTPU", SPGW_WARN_ON_ERROR, __FILE__, __LINE__);
ret += spgw_system("iptables -N OUTGTPU", SPGW_ABORT_ON_ERROR, __FILE__, __LINE__);
if (snprintf(system_cmd, 256,
"iptables -I OUTPUT --protocol udp --destination-port 2152 -j OUTGTPU") > 0) {
ret += spgw_system(system_cmd, SPGW_ABORT_ON_ERROR, __FILE__, __LINE__);
} else {
SPGW_APP_ERROR("Trace IP traffic mark\n");
ret = -1;
}
ret += spgw_system("iptables -A OUTGTPU -j LOG --log-prefix ' OUTGTPU ' --log-ip-options --log-level 4", SPGW_ABORT_ON_ERROR, __FILE__, __LINE__);
//ret += spgw_system("iptables -A OUTGTPU -j ACCEPT", SPGW_ABORT_ON_ERROR, __FILE__, __LINE__);
ret += spgw_system("iptables -X FW", SPGW_WARN_ON_ERROR, __FILE__, __LINE__);
ret += spgw_system("iptables -N FW", SPGW_ABORT_ON_ERROR, __FILE__, __LINE__);
if (snprintf(system_cmd, 256,
"iptables -I FORWARD -j FW") > 0) {
ret += spgw_system(system_cmd, SPGW_ABORT_ON_ERROR, __FILE__, __LINE__);
} else {
SPGW_APP_ERROR("Trace IP traffic mark\n");
ret = -1;
}
ret += spgw_system("iptables -A INGTPU -j LOG --log-prefix ' INGTPU ' --log-ip-options --log-level 4", SPGW_ABORT_ON_ERROR);
ret += spgw_system("iptables -A INGTPU -j ACCEPT", SPGW_ABORT_ON_ERROR);
ret += spgw_system("iptables -A FW -j LOG --log-prefix ' FW ' --log-ip-options --log-level 4", SPGW_ABORT_ON_ERROR, __FILE__, __LINE__);
//ret += spgw_system("iptables -A FW -j ACCEPT", SPGW_ABORT_ON_ERROR, __FILE__, __LINE__);
#endif
return ret;
}
......@@ -307,6 +363,7 @@ int spgw_config_init(char* lib_config_file_name_pP, spgw_config_t* config_pP) {
char *sgw_drop_uplink_s1u_traffic = NULL;
char *sgw_drop_downlink_s1u_traffic = NULL;
libconfig_int sgw_interface_mtu_for_S1u_S12_S4_up = 1500;
libconfig_int sgw_udp_port_for_S1u_S12_S4_up = 2152;
config_setting_t *setting_pgw = NULL;
config_setting_t *subsetting = NULL;
......@@ -427,7 +484,20 @@ int spgw_config_init(char* lib_config_file_name_pP, spgw_config_t* config_pP) {
&sgw_interface_mtu_for_S1u_S12_S4_up)
) {
config_pP->sgw_config.sgw_interface_mtu_for_S1u_S12_S4_up = sgw_interface_mtu_for_S1u_S12_S4_up;
} else {
config_pP->sgw_config.sgw_interface_mtu_for_S1u_S12_S4_up = sgw_interface_mtu_for_S1u_S12_S4_up;
}
if(config_setting_lookup_int(
subsetting,
SGW_CONFIG_STRING_SGW_PORT_FOR_S1U_S12_S4_UP,
&sgw_udp_port_for_S1u_S12_S4_up)
) {
config_pP->sgw_config.sgw_udp_port_for_S1u_S12_S4_up = sgw_udp_port_for_S1u_S12_S4_up;
} else {
config_pP->sgw_config.sgw_udp_port_for_S1u_S12_S4_up = sgw_udp_port_for_S1u_S12_S4_up;
}
}
if( (
config_setting_lookup_string( setting_sgw, SGW_CONFIG_STRING_SGW_DROP_UPLINK_S1U_TRAFFIC,
......@@ -539,7 +609,7 @@ int spgw_config_init(char* lib_config_file_name_pP, spgw_config_t* config_pP) {
atoken2,
inet_ntoa(in_addr_var),
config_pP->sgw_config.ipv4.sgw_interface_name_for_S1u_S12_S4_up) > 0) {
spgw_system(system_cmd, SPGW_ABORT_ON_ERROR);
spgw_system(system_cmd, SPGW_ABORT_ON_ERROR, __FILE__, __LINE__);
} else {
SPGW_APP_ERROR("Add route: for %s\n", astring);
}
......@@ -549,14 +619,14 @@ int spgw_config_init(char* lib_config_file_name_pP, spgw_config_t* config_pP) {
if (snprintf(system_cmd, 128,
"iptables -t filter -I FORWARD -d %s/%s -j DROP",
astring, atoken2) > 0) {
spgw_system(system_cmd, SPGW_ABORT_ON_ERROR);
spgw_system(system_cmd, SPGW_ABORT_ON_ERROR, __FILE__, __LINE__);
} else {
SPGW_APP_ERROR("Drop downlink traffic\n");
}
if (snprintf(system_cmd, 128,
"iptables -t filter -I OUTPUT -d %s/%s -j DROP",
astring, atoken2) > 0) {
spgw_system(system_cmd, SPGW_ABORT_ON_ERROR);
spgw_system(system_cmd, SPGW_ABORT_ON_ERROR, __FILE__, __LINE__);
} else {
SPGW_APP_ERROR("Drop downlink traffic\n");
}
......@@ -600,7 +670,7 @@ int spgw_config_init(char* lib_config_file_name_pP, spgw_config_t* config_pP) {
buf_in_addr,
config_pP->sgw_config.ipv4.sgw_interface_name_for_S1u_S12_S4_up) > 0) {
SPGW_APP_INFO("Add route: %s\n",system_cmd);
spgw_system(system_cmd, SPGW_ABORT_ON_ERROR);
spgw_system(system_cmd, SPGW_ABORT_ON_ERROR, __FILE__, __LINE__);
} else {
SPGW_APP_ERROR("Add route: for %s\n", buf_in_addr);
}*/
......
......@@ -96,6 +96,7 @@ typedef struct sgw_config_s {
int sgw_ip_netmask_for_S11;
} ipv4;
int sgw_interface_mtu_for_S1u_S12_S4_up;
int sgw_udp_port_for_S1u_S12_S4_up;
uint8_t sgw_drop_uplink_traffic;
uint8_t sgw_drop_downlink_traffic;
......@@ -148,7 +149,7 @@ extern spgw_config_t spgw_config;
typedef enum { SPGW_WARN_ON_ERROR = 0, SPGW_ABORT_ON_ERROR} spgw_system_abort_control_e;
int spgw_system(char *command_pP, spgw_system_abort_control_e abort_on_errorP);
int spgw_system(char *command_pP, spgw_system_abort_control_e abort_on_errorP, const char * const file_nameP, const int line_numberP);
int spgw_config_process(spgw_config_t* config_pP);
int spgw_config_init(char* lib_config_file_name_pP, spgw_config_t* config_pP);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment