From 043efc0e619e04661be2b1889382db2fdd378145 Mon Sep 17 00:00:00 2001
From: John Crispin <john@phrozen.org>
Date: Thu, 10 Aug 2017 16:34:36 +0200
Subject: [PATCH 56/57] net: mediatek: add hw nat support

Signed-off-by: John Crispin <john@phrozen.org>
---
 drivers/net/ethernet/mediatek/Kconfig       |  7 +++++++
 drivers/net/ethernet/mediatek/Makefile      |  1 +
 drivers/net/ethernet/mediatek/mtk_eth_soc.c | 13 +++++++++++++
 net/netfilter/nf_conntrack_proto_tcp.c      | 19 +++++++++++++++++++
 4 files changed, 40 insertions(+)

--- a/drivers/net/ethernet/mediatek/Kconfig
+++ b/drivers/net/ethernet/mediatek/Kconfig
@@ -14,4 +14,11 @@ config NET_MEDIATEK_SOC
 	  This driver supports the gigabit ethernet MACs in the
 	  MediaTek MT2701/MT7623 chipset family.
 
+config NET_MEDIATEK_HNAT
+	tristate "MediaTek MT7623 hardware NAT support"
+	depends on NET_MEDIATEK_SOC && NF_CONNTRACK && NF_CONNTRACK_IPV4 && IP_NF_NAT && IP_NF_TARGET_MASQUERADE
+	---help---
+	  This driver supports the hardwaer NAT in the
+	  MediaTek MT2701/MT7623 chipset family.
+
 endif #NET_VENDOR_MEDIATEK
--- a/drivers/net/ethernet/mediatek/Makefile
+++ b/drivers/net/ethernet/mediatek/Makefile
@@ -3,3 +3,4 @@
 #
 
 obj-$(CONFIG_NET_MEDIATEK_SOC)			+= mtk_eth_soc.o
+obj-$(CONFIG_NET_MEDIATEK_HNAT)			+= mtk_hnat/
--- a/drivers/net/ethernet/mediatek/mtk_eth_soc.c
+++ b/drivers/net/ethernet/mediatek/mtk_eth_soc.c
@@ -23,6 +23,10 @@
 #include <linux/reset.h>
 #include <linux/tcp.h>
 
+#if defined(CONFIG_NET_MEDIATEK_HNAT) || defined(CONFIG_NET_MEDIATEK_HNAT_MODULE)
+#include "mtk_hnat/nf_hnat_mtk.h"
+#endif
+
 #include "mtk_eth_soc.h"
 
 static int mtk_msg_level = -1;
@@ -649,6 +653,11 @@ static int mtk_tx_map(struct sk_buff *sk
 		return -ENOMEM;
 
 	/* set the forward port */
+#if defined(CONFIG_NET_MEDIATEK_HNAT) || defined(CONFIG_NET_MEDIATEK_HNAT_MODULE)
+	if (HNAT_SKB_CB2(skb)->magic == 0x78681415)
+		fport |= 0x4 << TX_DMA_FPORT_SHIFT;
+	else
+#endif
 	fport = (mac->id + 1) << TX_DMA_FPORT_SHIFT;
 	txd4 |= fport;
 
@@ -1013,6 +1022,10 @@ static int mtk_poll_rx(struct napi_struc
 		    RX_DMA_VID(trxd.rxd3))
 			__vlan_hwaccel_put_tag(skb, htons(ETH_P_8021Q),
 					       RX_DMA_VID(trxd.rxd3));
+#if defined(CONFIG_NET_MEDIATEK_HNAT) || defined(CONFIG_NET_MEDIATEK_HNAT_MODULE)
+		*(u32 *)(skb->head) = trxd.rxd4;
+		skb_hnat_alg(skb) = 0;
+#endif
 		skb_record_rx_queue(skb, 0);
 		napi_gro_receive(napi, skb);
 
--- a/net/netfilter/nf_conntrack_proto_tcp.c
+++ b/net/netfilter/nf_conntrack_proto_tcp.c
@@ -11,6 +11,7 @@
 #include <linux/types.h>
 #include <linux/timer.h>
 #include <linux/module.h>
+#include <linux/inetdevice.h>
 #include <linux/in.h>
 #include <linux/tcp.h>
 #include <linux/spinlock.h>
@@ -19,6 +20,7 @@
 #include <net/ip6_checksum.h>
 #include <asm/unaligned.h>
 
+#include <net/ip.h>
 #include <net/tcp.h>
 
 #include <linux/netfilter.h>
@@ -53,6 +55,11 @@ static int nf_ct_tcp_max_retrans __read_
   /* FIXME: Examine ipfilter's timeouts and conntrack transitions more
      closely.  They're more complex. --RR */
 
+#ifndef IPV4_DEVCONF_DFLT
+	#define IPV4_DEVCONF_DFLT(net, attr) \
+	IPV4_DEVCONF((*net->ipv4.devconf_dflt), attr)
+#endif
+
 static const char *const tcp_conntrack_names[] = {
 	"NONE",
 	"SYN_SENT",
@@ -519,6 +526,18 @@ static bool tcp_in_window(const struct n
 	if (nf_ct_tcp_no_window_check)
 		return true;
 
+	if (net) {
+		if ((net->ipv4.devconf_all && net->ipv4.devconf_dflt && net->ipv6.devconf_all) &&
+		    net->ipv6.devconf_dflt) {
+			if ((IPV4_DEVCONF_DFLT(net, FORWARDING) ||
+			     IPV4_DEVCONF_ALL(net, FORWARDING)) ||
+			     (net->ipv6.devconf_all->forwarding ||
+			      net->ipv6.devconf_dflt->forwarding)) {
+				return true;
+			}
+		}
+	}
+
 	/*
 	 * Get the required data from the packet.
 	 */