commit 61eccae08a623603ff3d2789fb0a42c0cf8b2d50
author Damien Dejean <damiendejean@google.com> Fri May 21 07:11:53 2021 +0000
committer Commit Bot <commit-bot@chromium.org> Wed May 26 15:23:26 2021 +0000
tree dd91e52b456051c022d47251e9fb2aa7b7df32b6
parent 80b98d99b1cec326f92e6f39c0898244d918d68a

patchpanel: enable conntrack helpers on ARC start.

PPTP clients use GRE protocol to carry packets to the server. ARC
provides a PPTP client as legacy VPN, thus requires GRE to be
transmitted correctly through the NAT which is not possible without
conntrack helpers. This CL enables conntrack helpers when ARC is started
and disable them on ARC stop.

BUG=b:172214190
TEST="configure a PPTP VPN in ARC;
      ensure it connects successfully."

Change-Id: I3ccd41fb7eaa55beac73f86529a67aaa91a87861
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform2/+/2912093
Tested-by: Damien Dejean <damiendejean@google.com>
Reviewed-by: Hugo Benichi <hugobenichi@google.com>
Reviewed-by: Garrick Evans <garrick@chromium.org>
Commit-Queue: Damien Dejean <damiendejean@google.com>
(cherry picked from commit 40e1598dbb523efcfd6ddfcd59a90570f05ab9f0)
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform2/+/2919689

patchpanel/datapath.cc

diff --git a/patchpanel/datapath.cc b/patchpanel/datapath.cc
index caf6d9f..fd98906 100644
--- a/patchpanel/datapath.cc
+++ b/patchpanel/datapath.cc
@@ -1397,6 +1397,16 @@
                                kAdbProxyTcpListenPort, ifname);
 }
 
+bool Datapath::SetConntrackHelpers(const bool enable_helpers) {
+  if (process_runner_->sysctl_w("net.netfilter.nf_conntrack_helper",
+                                enable_helpers ? "1" : "0") != 0) {
+    LOG(ERROR) << "Failed to " << (enable_helpers ? "enable" : "disable")
+               << " netfilter conntrack helpers";
+    return false;
+  }
+  return true;
+}
+
 void Datapath::SetIfnameIndex(const std::string& ifname, int ifindex) {
   if_nametoindex_[ifname] = ifindex;
 }