commit 61eccae08a623603ff3d2789fb0a42c0cf8b2d50
author Damien Dejean <damiendejean@google.com> Fri May 21 07:11:53 2021 +0000
committer Commit Bot <commit-bot@chromium.org> Wed May 26 15:23:26 2021 +0000
tree dd91e52b456051c022d47251e9fb2aa7b7df32b6
parent 80b98d99b1cec326f92e6f39c0898244d918d68a

patchpanel: enable conntrack helpers on ARC start.

PPTP clients use GRE protocol to carry packets to the server. ARC
provides a PPTP client as legacy VPN, thus requires GRE to be
transmitted correctly through the NAT which is not possible without
conntrack helpers. This CL enables conntrack helpers when ARC is started
and disable them on ARC stop.

BUG=b:172214190
TEST="configure a PPTP VPN in ARC;
      ensure it connects successfully."

Change-Id: I3ccd41fb7eaa55beac73f86529a67aaa91a87861
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform2/+/2912093
Tested-by: Damien Dejean <damiendejean@google.com>
Reviewed-by: Hugo Benichi <hugobenichi@google.com>
Reviewed-by: Garrick Evans <garrick@chromium.org>
Commit-Queue: Damien Dejean <damiendejean@google.com>
(cherry picked from commit 40e1598dbb523efcfd6ddfcd59a90570f05ab9f0)
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform2/+/2919689

patchpanel/arc_service.cc

diff --git a/patchpanel/arc_service.cc b/patchpanel/arc_service.cc
index ecfd012..3974702 100644
--- a/patchpanel/arc_service.cc
+++ b/patchpanel/arc_service.cc
@@ -337,6 +337,12 @@
   for (const auto& [ifname, type] : shill_devices_)
     AddDevice(ifname, type);
 
+  // Enable conntrack helpers (b/172214190).
+  if (!datapath_->SetConntrackHelpers(true)) {
+    LOG(ERROR) << "Failed to enable conntrack helpers";
+    return false;
+  }
+
   return true;
 }
 
@@ -352,6 +358,9 @@
     return;
   }
 
+  if (!datapath_->SetConntrackHelpers(false))
+    LOG(ERROR) << "Failed to disable conntrack helpers";
+
   // Stop Shill <-> ARC mapped devices.
   for (const auto& [ifname, type] : shill_devices_)
     RemoveDevice(ifname, type);