X-Git-Url: http://git.pld-linux.org/?a=blobdiff_plain;f=kernel-imq.patch;h=87ee89ac682277f7f3ceef3ab2c724fcfc049e2f;hb=9f357d5c153dbb03520363a3d2ac40e614c29409;hp=5a9f67001db63314591fae5854df9138b66c2c57;hpb=5379d87d14c0979fdc09c766e35d473d053b822e;p=packages%2Fkernel.git diff --git a/kernel-imq.patch b/kernel-imq.patch index 5a9f6700..87ee89ac 100644 --- a/kernel-imq.patch +++ b/kernel-imq.patch @@ -1,7 +1,7 @@ -diff -U 5 -Nr linux-2.6.32/drivers/net/imq.c linux-2.6.32-imq/drivers/net/imq.c ---- linux-2.6.32/drivers/net/imq.c 1970-01-01 02:00:00.000000000 +0200 -+++ linux-2.6.32-imq/drivers/net/imq.c 2009-12-11 15:08:01.958734740 +0200 -@@ -0,0 +1,632 @@ +diff -Naupr linux-4.10_orig/drivers/net/imq.c linux-4.10/drivers/net/imq.c +--- linux-4.10_orig/drivers/net/imq.c 1970-01-01 07:00:00.000000000 +0700 ++++ linux-4.10/drivers/net/imq.c 2017-02-28 19:03:58.883221583 +0700 +@@ -0,0 +1,945 @@ +/* + * Pseudo-driver for the intermediate queue device. + * @@ -14,79 +14,7 @@ diff -U 5 -Nr linux-2.6.32/drivers/net/imq.c linux-2.6.32-imq/drivers/net/imq.c + * + * The first version was written by Martin Devera, + * -+ * Credits: Jan Rafaj -+ * - Update patch to 2.4.21 -+ * Sebastian Strollo -+ * - Fix "Dead-loop on netdevice imq"-issue -+ * Marcel Sebek -+ * - Update to 2.6.2-rc1 -+ * -+ * After some time of inactivity there is a group taking care -+ * of IMQ again: http://www.linuximq.net -+ * -+ * -+ * 2004/06/30 - New version of IMQ patch to kernels <=2.6.7 -+ * including the following changes: -+ * -+ * - Correction of ipv6 support "+"s issue (Hasso Tepper) -+ * - Correction of imq_init_devs() issue that resulted in -+ * kernel OOPS unloading IMQ as module (Norbert Buchmuller) -+ * - Addition of functionality to choose number of IMQ devices -+ * during kernel config (Andre Correa) -+ * - Addition of functionality to choose how IMQ hooks on -+ * PRE and POSTROUTING (after or before NAT) (Andre Correa) -+ * - Cosmetic corrections (Norbert Buchmuller) (Andre Correa) -+ * -+ * -+ * 2005/12/16 - IMQ versions between 2.6.7 and 2.6.13 were -+ * released with almost no problems. 2.6.14-x was released -+ * with some important changes: nfcache was removed; After -+ * some weeks of trouble we figured out that some IMQ fields -+ * in skb were missing in skbuff.c - skb_clone and copy_skb_header. -+ * These functions are correctly patched by this new patch version. -+ * -+ * Thanks for all who helped to figure out all the problems with -+ * 2.6.14.x: Patrick McHardy, Rune Kock, VeNoMouS, Max CtRiX, -+ * Kevin Shanahan, Richard Lucassen, Valery Dachev (hopefully -+ * I didn't forget anybody). I apologize again for my lack of time. -+ * -+ * -+ * 2008/06/17 - 2.6.25 - Changed imq.c to use qdisc_run() instead -+ * of qdisc_restart() and moved qdisc_run() to tasklet to avoid -+ * recursive locking. New initialization routines to fix 'rmmod' not -+ * working anymore. Used code from ifb.c. (Jussi Kivilinna) -+ * -+ * 2008/08/06 - 2.6.26 - (JK) -+ * - Replaced tasklet with 'netif_schedule()'. -+ * - Cleaned up and added comments for imq_nf_queue(). -+ * -+ * 2009/04/12 -+ * - Add skb_save_cb/skb_restore_cb helper functions for backuping -+ * control buffer. This is needed because qdisc-layer on kernels -+ * 2.6.27 and newer overwrite control buffer. (Jussi Kivilinna) -+ * - Add better locking for IMQ device. Hopefully this will solve -+ * SMP issues. (Jussi Kivilinna) -+ * - Port to 2.6.27 -+ * - Port to 2.6.28 -+ * - Port to 2.6.29 + fix rmmod not working -+ * -+ * 2009/04/20 - (Jussi Kivilinna) -+ * - Use netdevice feature flags to avoid extra packet handling -+ * by core networking layer and possibly increase performance. -+ * -+ * 2009/09/26 - (Jussi Kivilinna) -+ * - Add imq_nf_reinject_lockless to fix deadlock with -+ * imq_nf_queue/imq_nf_reinject. -+ * -+ * 2009/12/08 - (Jussi Kivilinna) -+ * - Port to 2.6.32 -+ * - Add check for skb->nf_queue_entry==NULL in imq_dev_xmit() -+ * - Also add better error checking for skb->nf_queue_entry usage -+ * -+ * Also, many thanks to pablo Sebastian Greco for making the initial -+ * patch and to those who helped the testing. -+ * -+ * More info at: http://www.linuximq.net/ (Andre Correa) ++ * See Credits.txt + */ + +#include @@ -106,144 +34,301 @@ diff -U 5 -Nr linux-2.6.32/drivers/net/imq.c linux-2.6.32-imq/drivers/net/imq.c +#include +#include +#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++static int imq_nf_queue(struct nf_queue_entry *entry, unsigned queue_num); + +static nf_hookfn imq_nf_hook; + -+static struct nf_hook_ops imq_ingress_ipv4 = { -+ .hook = imq_nf_hook, -+ .owner = THIS_MODULE, -+ .pf = PF_INET, -+ .hooknum = NF_INET_PRE_ROUTING, ++static struct nf_hook_ops imq_ops[] = { ++ { ++ /* imq_ingress_ipv4 */ ++ .hook = imq_nf_hook, ++ .pf = PF_INET, ++ .hooknum = NF_INET_PRE_ROUTING, +#if defined(CONFIG_IMQ_BEHAVIOR_BA) || defined(CONFIG_IMQ_BEHAVIOR_BB) -+ .priority = NF_IP_PRI_MANGLE + 1 ++ .priority = NF_IP_PRI_MANGLE + 1, +#else -+ .priority = NF_IP_PRI_NAT_DST + 1 ++ .priority = NF_IP_PRI_NAT_DST + 1, +#endif -+}; -+ -+static struct nf_hook_ops imq_egress_ipv4 = { -+ .hook = imq_nf_hook, -+ .owner = THIS_MODULE, -+ .pf = PF_INET, -+ .hooknum = NF_INET_POST_ROUTING, ++ }, ++ { ++ /* imq_egress_ipv4 */ ++ .hook = imq_nf_hook, ++ .pf = PF_INET, ++ .hooknum = NF_INET_POST_ROUTING, +#if defined(CONFIG_IMQ_BEHAVIOR_AA) || defined(CONFIG_IMQ_BEHAVIOR_BA) -+ .priority = NF_IP_PRI_LAST ++ .priority = NF_IP_PRI_LAST, +#else -+ .priority = NF_IP_PRI_NAT_SRC - 1 ++ .priority = NF_IP_PRI_NAT_SRC - 1, +#endif -+}; -+ ++ }, +#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) -+static struct nf_hook_ops imq_ingress_ipv6 = { -+ .hook = imq_nf_hook, -+ .owner = THIS_MODULE, -+ .pf = PF_INET6, -+ .hooknum = NF_INET_PRE_ROUTING, ++ { ++ /* imq_ingress_ipv6 */ ++ .hook = imq_nf_hook, ++ .pf = PF_INET6, ++ .hooknum = NF_INET_PRE_ROUTING, +#if defined(CONFIG_IMQ_BEHAVIOR_BA) || defined(CONFIG_IMQ_BEHAVIOR_BB) -+ .priority = NF_IP6_PRI_MANGLE + 1 ++ .priority = NF_IP6_PRI_MANGLE + 1, +#else -+ .priority = NF_IP6_PRI_NAT_DST + 1 ++ .priority = NF_IP6_PRI_NAT_DST + 1, +#endif -+}; -+ -+static struct nf_hook_ops imq_egress_ipv6 = { -+ .hook = imq_nf_hook, -+ .owner = THIS_MODULE, -+ .pf = PF_INET6, -+ .hooknum = NF_INET_POST_ROUTING, ++ }, ++ { ++ /* imq_egress_ipv6 */ ++ .hook = imq_nf_hook, ++ .pf = PF_INET6, ++ .hooknum = NF_INET_POST_ROUTING, +#if defined(CONFIG_IMQ_BEHAVIOR_AA) || defined(CONFIG_IMQ_BEHAVIOR_BA) -+ .priority = NF_IP6_PRI_LAST ++ .priority = NF_IP6_PRI_LAST, +#else -+ .priority = NF_IP6_PRI_NAT_SRC - 1 ++ .priority = NF_IP6_PRI_NAT_SRC - 1, +#endif -+}; ++ }, +#endif ++}; + +#if defined(CONFIG_IMQ_NUM_DEVS) -+static unsigned int numdevs = CONFIG_IMQ_NUM_DEVS; ++static int numdevs = CONFIG_IMQ_NUM_DEVS; +#else -+static unsigned int numdevs = IMQ_MAX_DEVS; ++static int numdevs = IMQ_MAX_DEVS; +#endif + -+static DEFINE_SPINLOCK(imq_nf_queue_lock); -+ +static struct net_device *imq_devs_cache[IMQ_MAX_DEVS]; + ++#define IMQ_MAX_QUEUES 32 ++static int numqueues = 1; ++static u32 imq_hashrnd; ++static int imq_dev_accurate_stats = 1; + -+static struct net_device_stats *imq_get_stats(struct net_device *dev) ++static inline __be16 pppoe_proto(const struct sk_buff *skb) +{ -+ return &dev->stats; ++ return *((__be16 *)(skb_mac_header(skb) + ETH_HLEN + ++ sizeof(struct pppoe_hdr))); +} + -+/* called for packets kfree'd in qdiscs at places other than enqueue */ -+static void imq_skb_destructor(struct sk_buff *skb) ++static u16 imq_hash(struct net_device *dev, struct sk_buff *skb) +{ -+ struct nf_queue_entry *entry = skb->nf_queue_entry; ++ unsigned int pull_len; ++ u16 protocol = skb->protocol; ++ u32 addr1, addr2; ++ u32 hash, ihl = 0; ++ union { ++ u16 in16[2]; ++ u32 in32; ++ } ports; ++ u8 ip_proto; ++ ++ pull_len = 0; ++ ++recheck: ++ switch (protocol) { ++ case htons(ETH_P_8021Q): { ++ if (unlikely(skb_pull(skb, VLAN_HLEN) == NULL)) ++ goto other; ++ ++ pull_len += VLAN_HLEN; ++ skb->network_header += VLAN_HLEN; ++ ++ protocol = vlan_eth_hdr(skb)->h_vlan_encapsulated_proto; ++ goto recheck; ++ } + -+ skb->nf_queue_entry = NULL; ++ case htons(ETH_P_PPP_SES): { ++ if (unlikely(skb_pull(skb, PPPOE_SES_HLEN) == NULL)) ++ goto other; + -+ if (entry) { -+ nf_queue_entry_release_refs(entry); -+ kfree(entry); ++ pull_len += PPPOE_SES_HLEN; ++ skb->network_header += PPPOE_SES_HLEN; ++ ++ protocol = pppoe_proto(skb); ++ goto recheck; + } + -+ skb_restore_cb(skb); /* kfree backup */ ++ case htons(ETH_P_IP): { ++ const struct iphdr *iph = ip_hdr(skb); ++ ++ if (unlikely(!pskb_may_pull(skb, sizeof(struct iphdr)))) ++ goto other; ++ ++ addr1 = iph->daddr; ++ addr2 = iph->saddr; ++ ++ ip_proto = !(ip_hdr(skb)->frag_off & htons(IP_MF | IP_OFFSET)) ? ++ iph->protocol : 0; ++ ihl = ip_hdrlen(skb); ++ ++ break; ++ } ++#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) ++ case htons(ETH_P_IPV6): { ++ const struct ipv6hdr *iph = ipv6_hdr(skb); ++ __be16 fo = 0; ++ ++ if (unlikely(!pskb_may_pull(skb, sizeof(struct ipv6hdr)))) ++ goto other; ++ ++ addr1 = iph->daddr.s6_addr32[3]; ++ addr2 = iph->saddr.s6_addr32[3]; ++ ihl = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr), &ip_proto, ++ &fo); ++ if (unlikely(ihl < 0)) ++ goto other; ++ ++ break; ++ } ++#endif ++ default: ++other: ++ if (pull_len != 0) { ++ skb_push(skb, pull_len); ++ skb->network_header -= pull_len; ++ } ++ ++ return (u16)(ntohs(protocol) % dev->real_num_tx_queues); ++ } ++ ++ if (addr1 > addr2) ++ swap(addr1, addr2); ++ ++ switch (ip_proto) { ++ case IPPROTO_TCP: ++ case IPPROTO_UDP: ++ case IPPROTO_DCCP: ++ case IPPROTO_ESP: ++ case IPPROTO_AH: ++ case IPPROTO_SCTP: ++ case IPPROTO_UDPLITE: { ++ if (likely(skb_copy_bits(skb, ihl, &ports.in32, 4) >= 0)) { ++ if (ports.in16[0] > ports.in16[1]) ++ swap(ports.in16[0], ports.in16[1]); ++ break; ++ } ++ /* fall-through */ ++ } ++ default: ++ ports.in32 = 0; ++ break; ++ } ++ ++ if (pull_len != 0) { ++ skb_push(skb, pull_len); ++ skb->network_header -= pull_len; ++ } ++ ++ hash = jhash_3words(addr1, addr2, ports.in32, imq_hashrnd ^ ip_proto); ++ ++ return (u16)(((u64)hash * dev->real_num_tx_queues) >> 32); +} + -+/* locking not needed when called from imq_nf_queue */ -+static void imq_nf_reinject_lockless(struct nf_queue_entry *entry, -+ unsigned int verdict) ++static inline bool sk_tx_queue_recorded(struct sock *sk) +{ -+ int status; ++ return (sk_tx_queue_get(sk) >= 0); ++} + -+ if (!entry->next_outfn) { -+ nf_reinject(entry, verdict); -+ return; ++static struct netdev_queue *imq_select_queue(struct net_device *dev, ++ struct sk_buff *skb) ++{ ++ u16 queue_index = 0; ++ u32 hash; ++ ++ if (likely(dev->real_num_tx_queues == 1)) ++ goto out; ++ ++ /* IMQ can be receiving ingress or engress packets. */ ++ ++ /* Check first for if rx_queue is set */ ++ if (skb_rx_queue_recorded(skb)) { ++ queue_index = skb_get_rx_queue(skb); ++ goto out; + } + -+ status = entry->next_outfn(entry, entry->next_queuenum); -+ if (status < 0) { -+ nf_queue_entry_release_refs(entry); -+ kfree_skb(entry->skb); -+ kfree(entry); ++ /* Check if socket has tx_queue set */ ++ if (sk_tx_queue_recorded(skb->sk)) { ++ queue_index = sk_tx_queue_get(skb->sk); ++ goto out; ++ } ++ ++ /* Try use socket hash */ ++ if (skb->sk && skb->sk->sk_hash) { ++ hash = skb->sk->sk_hash; ++ queue_index = ++ (u16)(((u64)hash * dev->real_num_tx_queues) >> 32); ++ goto out; + } ++ ++ /* Generate hash from packet data */ ++ queue_index = imq_hash(dev, skb); ++ ++out: ++ if (unlikely(queue_index >= dev->real_num_tx_queues)) ++ queue_index = (u16)((u32)queue_index % dev->real_num_tx_queues); ++ ++ skb_set_queue_mapping(skb, queue_index); ++ return netdev_get_tx_queue(dev, queue_index); +} + -+static void imq_nf_reinject(struct nf_queue_entry *entry, unsigned int verdict) ++static struct net_device_stats *imq_get_stats(struct net_device *dev) +{ -+ int status; ++ return &dev->stats; ++} + -+ if (!entry->next_outfn) { -+ spin_lock_bh(&imq_nf_queue_lock); -+ nf_reinject(entry, verdict); -+ spin_unlock_bh(&imq_nf_queue_lock); -+ return; -+ } ++/* called for packets kfree'd in qdiscs at places other than enqueue */ ++static void imq_skb_destructor(struct sk_buff *skb) ++{ ++ struct nf_queue_entry *entry = skb->nf_queue_entry; + -+ rcu_read_lock(); -+ local_bh_disable(); -+ status = entry->next_outfn(entry, entry->next_queuenum); -+ local_bh_enable(); -+ if (status < 0) { ++ skb->nf_queue_entry = NULL; ++ ++ if (entry) { + nf_queue_entry_release_refs(entry); -+ kfree_skb(entry->skb); + kfree(entry); + } + -+ rcu_read_unlock(); ++ skb_restore_cb(skb); /* kfree backup */ ++} ++ ++static void imq_done_check_queue_mapping(struct sk_buff *skb, ++ struct net_device *dev) ++{ ++ unsigned int queue_index; ++ ++ /* Don't let queue_mapping be left too large after exiting IMQ */ ++ if (likely(skb->dev != dev && skb->dev != NULL)) { ++ queue_index = skb_get_queue_mapping(skb); ++ if (unlikely(queue_index >= skb->dev->real_num_tx_queues)) { ++ queue_index = (u16)((u32)queue_index % ++ skb->dev->real_num_tx_queues); ++ skb_set_queue_mapping(skb, queue_index); ++ } ++ } else { ++ /* skb->dev was IMQ device itself or NULL, be on safe side and ++ * just clear queue mapping. ++ */ ++ skb_set_queue_mapping(skb, 0); ++ } +} + +static netdev_tx_t imq_dev_xmit(struct sk_buff *skb, struct net_device *dev) +{ + struct nf_queue_entry *entry = skb->nf_queue_entry; + ++ rcu_read_lock(); ++ + skb->nf_queue_entry = NULL; -+ dev->trans_start = jiffies; ++ netif_trans_update(dev); + + dev->stats.tx_bytes += skb->len; + dev->stats.tx_packets++; + -+ if (entry == NULL) { ++ if (unlikely(entry == NULL)) { + /* We don't know what is going on here.. packet is queued for + * imq device, but (probably) not by us. + * @@ -264,6 +349,7 @@ diff -U 5 -Nr linux-2.6.32/drivers/net/imq.c linux-2.6.32-imq/drivers/net/imq.c + dev->stats.tx_dropped++; + dev_kfree_skb(skb); + ++ rcu_read_unlock(); + return NETDEV_TX_OK; + } + @@ -272,55 +358,212 @@ diff -U 5 -Nr linux-2.6.32/drivers/net/imq.c linux-2.6.32-imq/drivers/net/imq.c + skb->imq_flags = 0; + skb->destructor = NULL; + -+ imq_nf_reinject(entry, NF_ACCEPT); ++ imq_done_check_queue_mapping(skb, dev); + ++ nf_reinject(entry, NF_ACCEPT); ++ ++ rcu_read_unlock(); + return NETDEV_TX_OK; +} + ++static struct net_device *get_imq_device_by_index(int index) ++{ ++ struct net_device *dev = NULL; ++ struct net *net; ++ char buf[8]; ++ ++ /* get device by name and cache result */ ++ snprintf(buf, sizeof(buf), "imq%d", index); ++ ++ /* Search device from all namespaces. */ ++ for_each_net(net) { ++ dev = dev_get_by_name(net, buf); ++ if (dev) ++ break; ++ } ++ ++ if (WARN_ON_ONCE(dev == NULL)) { ++ /* IMQ device not found. Exotic config? */ ++ return ERR_PTR(-ENODEV); ++ } ++ ++ imq_devs_cache[index] = dev; ++ dev_put(dev); ++ ++ return dev; ++} ++ ++static struct nf_queue_entry *nf_queue_entry_dup(struct nf_queue_entry *e) ++{ ++ struct nf_queue_entry *entry = kmemdup(e, e->size, GFP_ATOMIC); ++ if (entry) { ++ nf_queue_entry_get_refs(entry); ++ return entry; ++ } ++ return NULL; ++} ++ ++#ifdef CONFIG_BRIDGE_NETFILTER ++/* When called from bridge netfilter, skb->data must point to MAC header ++ * before calling skb_gso_segment(). Else, original MAC header is lost ++ * and segmented skbs will be sent to wrong destination. ++ */ ++static void nf_bridge_adjust_skb_data(struct sk_buff *skb) ++{ ++ if (skb->nf_bridge) ++ __skb_push(skb, skb->network_header - skb->mac_header); ++} ++ ++static void nf_bridge_adjust_segmented_data(struct sk_buff *skb) ++{ ++ if (skb->nf_bridge) ++ __skb_pull(skb, skb->network_header - skb->mac_header); ++} ++#else ++#define nf_bridge_adjust_skb_data(s) do {} while (0) ++#define nf_bridge_adjust_segmented_data(s) do {} while (0) ++#endif ++ ++static void free_entry(struct nf_queue_entry *entry) ++{ ++ nf_queue_entry_release_refs(entry); ++ kfree(entry); ++} ++ ++static int __imq_nf_queue(struct nf_queue_entry *entry, struct net_device *dev); ++ ++static int __imq_nf_queue_gso(struct nf_queue_entry *entry, ++ struct net_device *dev, struct sk_buff *skb) ++{ ++ int ret = -ENOMEM; ++ struct nf_queue_entry *entry_seg; ++ ++ nf_bridge_adjust_segmented_data(skb); ++ ++ if (skb->next == NULL) { /* last packet, no need to copy entry */ ++ struct sk_buff *gso_skb = entry->skb; ++ entry->skb = skb; ++ ret = __imq_nf_queue(entry, dev); ++ if (ret) ++ entry->skb = gso_skb; ++ return ret; ++ } ++ ++ skb->next = NULL; ++ ++ entry_seg = nf_queue_entry_dup(entry); ++ if (entry_seg) { ++ entry_seg->skb = skb; ++ ret = __imq_nf_queue(entry_seg, dev); ++ if (ret) ++ free_entry(entry_seg); ++ } ++ return ret; ++} ++ +static int imq_nf_queue(struct nf_queue_entry *entry, unsigned queue_num) +{ ++ struct sk_buff *skb, *segs; + struct net_device *dev; -+ struct sk_buff *skb_orig, *skb, *skb_shared; -+ struct Qdisc *q; -+ struct netdev_queue *txq; -+ int users, index; -+ int retval = -EINVAL; ++ unsigned int queued; ++ int index, retval, err; + + index = entry->skb->imq_flags & IMQ_F_IFMASK; + if (unlikely(index > numdevs - 1)) { + if (net_ratelimit()) -+ printk(KERN_WARNING -+ "IMQ: invalid device specified, highest is %u\n", -+ numdevs - 1); ++ pr_warn("IMQ: invalid device specified, highest is %u\n", ++ numdevs - 1); + retval = -EINVAL; -+ goto out; ++ goto out_no_dev; + } + + /* check for imq device by index from cache */ + dev = imq_devs_cache[index]; + if (unlikely(!dev)) { -+ char buf[8]; -+ -+ /* get device by name and cache result */ -+ snprintf(buf, sizeof(buf), "imq%d", index); -+ dev = dev_get_by_name(&init_net, buf); -+ if (!dev) { -+ /* not found ?!*/ -+ BUG(); -+ retval = -ENODEV; -+ goto out; ++ dev = get_imq_device_by_index(index); ++ if (IS_ERR(dev)) { ++ retval = PTR_ERR(dev); ++ goto out_no_dev; + } -+ -+ imq_devs_cache[index] = dev; -+ dev_put(dev); + } + + if (unlikely(!(dev->flags & IFF_UP))) { + entry->skb->imq_flags = 0; -+ imq_nf_reinject_lockless(entry, NF_ACCEPT); -+ retval = 0; -+ goto out; ++ retval = -ECANCELED; ++ goto out_no_dev; + } ++ ++ /* Since 3.10.x, GSO handling moved here as result of upstream commit ++ * a5fedd43d5f6c94c71053a66e4c3d2e35f1731a2 (netfilter: move ++ * skb_gso_segment into nfnetlink_queue module). ++ * ++ * Following code replicates the gso handling from ++ * 'net/netfilter/nfnetlink_queue_core.c':nfqnl_enqueue_packet(). ++ */ ++ ++ skb = entry->skb; ++ ++ switch (entry->state.pf) { ++ case NFPROTO_IPV4: ++ skb->protocol = htons(ETH_P_IP); ++ break; ++ case NFPROTO_IPV6: ++ skb->protocol = htons(ETH_P_IPV6); ++ break; ++ } ++ ++ if (!skb_is_gso(entry->skb)) ++ return __imq_nf_queue(entry, dev); ++ ++ nf_bridge_adjust_skb_data(skb); ++ segs = skb_gso_segment(skb, 0); ++ /* Does not use PTR_ERR to limit the number of error codes that can be ++ * returned by nf_queue. For instance, callers rely on -ECANCELED to ++ * mean 'ignore this hook'. ++ */ ++ err = -ENOBUFS; ++ if (IS_ERR(segs)) ++ goto out_err; ++ queued = 0; ++ err = 0; ++ do { ++ struct sk_buff *nskb = segs->next; ++ if (nskb && nskb->next) ++ nskb->cb_next = NULL; ++ if (err == 0) ++ err = __imq_nf_queue_gso(entry, dev, segs); ++ if (err == 0) ++ queued++; ++ else ++ kfree_skb(segs); ++ segs = nskb; ++ } while (segs); ++ ++ if (queued) { ++ if (err) /* some segments are already queued */ ++ free_entry(entry); ++ kfree_skb(skb); ++ return 0; ++ } ++ ++out_err: ++ nf_bridge_adjust_segmented_data(skb); ++ retval = err; ++out_no_dev: ++ return retval; ++} ++ ++static int __imq_nf_queue(struct nf_queue_entry *entry, struct net_device *dev) ++{ ++ struct sk_buff *skb_orig, *skb, *skb_shared, *skb_popd; ++ struct Qdisc *q; ++ struct sk_buff *to_free = NULL; ++ struct netdev_queue *txq; ++ spinlock_t *root_lock; ++ int users; ++ int retval = -EINVAL; ++ unsigned int orig_queue_index; ++ + dev->last_rx = jiffies; + + skb = entry->skb; @@ -330,84 +573,136 @@ diff -U 5 -Nr linux-2.6.32/drivers/net/imq.c linux-2.6.32-imq/drivers/net/imq.c + if (unlikely(skb->destructor)) { + skb_orig = skb; + skb = skb_clone(skb, GFP_ATOMIC); -+ if (!skb) { ++ if (unlikely(!skb)) { + retval = -ENOMEM; + goto out; + } ++ skb->cb_next = NULL; + entry->skb = skb; + } + -+ skb->nf_queue_entry = entry; -+ + dev->stats.rx_bytes += skb->len; + dev->stats.rx_packets++; + -+ txq = dev_pick_tx(dev, skb); ++ if (!skb->dev) { ++ /* skb->dev == NULL causes problems, try the find cause. */ ++ if (net_ratelimit()) { ++ dev_warn(&dev->dev, ++ "received packet with skb->dev == NULL\n"); ++ dump_stack(); ++ } ++ ++ skb->dev = dev; ++ } ++ ++ /* Disables softirqs for lock below */ ++ rcu_read_lock_bh(); ++ ++ /* Multi-queue selection */ ++ orig_queue_index = skb_get_queue_mapping(skb); ++ txq = imq_select_queue(dev, skb); + + q = rcu_dereference(txq->qdisc); + if (unlikely(!q->enqueue)) + goto packet_not_eaten_by_imq_dev; + -+ spin_lock_bh(qdisc_lock(q)); ++ skb->nf_queue_entry = entry; ++ root_lock = qdisc_lock(q); ++ spin_lock(root_lock); + + users = atomic_read(&skb->users); + + skb_shared = skb_get(skb); /* increase reference count by one */ -+ skb_save_cb(skb_shared); /* backup skb->cb, as qdisc layer will -+ overwrite it */ -+ qdisc_enqueue_root(skb_shared, q); /* might kfree_skb */ + ++ /* backup skb->cb, as qdisc layer will overwrite it */ ++ skb_save_cb(skb_shared); ++ qdisc_enqueue_root(skb_shared, q, &to_free); /* might kfree_skb */ + if (likely(atomic_read(&skb_shared->users) == users + 1)) { ++ bool validate; ++ + kfree_skb(skb_shared); /* decrease reference count by one */ + + skb->destructor = &imq_skb_destructor; + ++ skb_popd = qdisc_dequeue_skb(q, &validate); ++ + /* cloned? */ -+ if (skb_orig) ++ if (unlikely(skb_orig)) + kfree_skb(skb_orig); /* free original */ + -+ spin_unlock_bh(qdisc_lock(q)); ++ spin_unlock(root_lock); + ++#if 0 + /* schedule qdisc dequeue */ + __netif_schedule(q); -+ ++#else ++ if (likely(skb_popd)) { ++ /* Note that we validate skb (GSO, checksum, ...) outside of locks */ ++ if (validate) ++ skb_popd = validate_xmit_skb_list(skb_popd, dev); ++ ++ if (skb_popd) { ++ int dummy_ret; ++ int cpu = smp_processor_id(); /* ok because BHs are off */ ++ ++ txq = skb_get_tx_queue(dev, skb_popd); ++ /* ++ IMQ device will not be frozen or stoped, and it always be successful. ++ So we need not check its status and return value to accelerate. ++ */ ++ if (imq_dev_accurate_stats && txq->xmit_lock_owner != cpu) { ++ HARD_TX_LOCK(dev, txq, cpu); ++ if (!netif_xmit_frozen_or_stopped(txq)) { ++ dev_hard_start_xmit(skb_popd, dev, txq, &dummy_ret); ++ } ++ HARD_TX_UNLOCK(dev, txq); ++ } else { ++ if (!netif_xmit_frozen_or_stopped(txq)) { ++ dev_hard_start_xmit(skb_popd, dev, txq, &dummy_ret); ++ } ++ } ++ } ++ } else { ++ /* No ready skb, then schedule it */ ++ __netif_schedule(q); ++ } ++#endif ++ rcu_read_unlock_bh(); + retval = 0; + goto out; + } else { + skb_restore_cb(skb_shared); /* restore skb->cb */ + skb->nf_queue_entry = NULL; -+ /* qdisc dropped packet and decreased skb reference count of ++ /* ++ * qdisc dropped packet and decreased skb reference count of + * skb, so we don't really want to and try refree as that would -+ * actually destroy the skb. */ -+ spin_unlock_bh(qdisc_lock(q)); ++ * actually destroy the skb. ++ */ ++ spin_unlock(root_lock); + goto packet_not_eaten_by_imq_dev; + } + +packet_not_eaten_by_imq_dev: ++ skb_set_queue_mapping(skb, orig_queue_index); ++ rcu_read_unlock_bh(); ++ + /* cloned? restore original */ -+ if (skb_orig) { ++ if (unlikely(skb_orig)) { + kfree_skb(skb); + entry->skb = skb_orig; + } + retval = -1; +out: ++ if (unlikely(to_free)) { ++ kfree_skb_list(to_free); ++ } + return retval; +} -+ -+static struct nf_queue_handler nfqh = { -+ .name = "imq", -+ .outfn = imq_nf_queue, -+}; -+ -+static unsigned int imq_nf_hook(unsigned int hook, struct sk_buff *pskb, -+ const struct net_device *indev, -+ const struct net_device *outdev, -+ int (*okfn)(struct sk_buff *)) ++static unsigned int imq_nf_hook(void *priv, ++ struct sk_buff *skb, ++ const struct nf_hook_state *state) +{ -+ if (pskb->imq_flags & IMQ_F_ENQUEUE) -+ return NF_QUEUE; -+ -+ return NF_ACCEPT; ++ return (skb->imq_flags & IMQ_F_ENQUEUE) ? NF_IMQ_QUEUE : NF_ACCEPT; +} + +static int imq_close(struct net_device *dev) @@ -422,6 +717,10 @@ diff -U 5 -Nr linux-2.6.32/drivers/net/imq.c linux-2.6.32-imq/drivers/net/imq.c + return 0; +} + ++static struct device_type imq_device_type = { ++ .name = "imq", ++}; ++ +static const struct net_device_ops imq_netdev_ops = { + .ndo_open = imq_open, + .ndo_stop = imq_close, @@ -432,14 +731,15 @@ diff -U 5 -Nr linux-2.6.32/drivers/net/imq.c linux-2.6.32-imq/drivers/net/imq.c +static void imq_setup(struct net_device *dev) +{ + dev->netdev_ops = &imq_netdev_ops; -+ dev->type = ARPHRD_VOID; -+ dev->mtu = 16000; -+ dev->tx_queue_len = 11000; -+ dev->flags = IFF_NOARP; -+ dev->features = NETIF_F_SG | NETIF_F_FRAGLIST | ++ dev->type = ARPHRD_VOID; ++ dev->mtu = 16000; /* too small? */ ++ dev->tx_queue_len = 11000; /* too big? */ ++ dev->flags = IFF_NOARP; ++ dev->features = NETIF_F_SG | NETIF_F_FRAGLIST | + NETIF_F_GSO | NETIF_F_HW_CSUM | + NETIF_F_HIGHDMA; -+ dev->priv_flags &= ~IFF_XMIT_DST_RELEASE; ++ dev->priv_flags &= ~(IFF_XMIT_DST_RELEASE | ++ IFF_TX_SKB_SHARING); +} + +static int imq_validate(struct nlattr *tb[], struct nlattr *data[]) @@ -458,7 +758,7 @@ diff -U 5 -Nr linux-2.6.32/drivers/net/imq.c linux-2.6.32-imq/drivers/net/imq.c + } + return 0; +end: -+ printk(KERN_WARNING "IMQ: imq_validate failed (%d)\n", ret); ++ pr_warn("IMQ: imq_validate failed (%d)\n", ret); + return ret; +} + @@ -469,51 +769,56 @@ diff -U 5 -Nr linux-2.6.32/drivers/net/imq.c linux-2.6.32-imq/drivers/net/imq.c + .validate = imq_validate, +}; + ++static const struct nf_queue_handler imq_nfqh = { ++ .outfn = imq_nf_queue, ++}; ++ +static int __init imq_init_hooks(void) +{ -+ int err; -+ -+ nf_register_queue_imq_handler(&nfqh); ++ int ret; + -+ err = nf_register_hook(&imq_ingress_ipv4); -+ if (err) -+ goto err1; ++ nf_register_queue_imq_handler(&imq_nfqh); + -+ err = nf_register_hook(&imq_egress_ipv4); -+ if (err) -+ goto err2; ++ ret = nf_register_hooks(imq_ops, ARRAY_SIZE(imq_ops)); ++ if (ret < 0) ++ nf_unregister_queue_imq_handler(); + -+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) -+ err = nf_register_hook(&imq_ingress_ipv6); -+ if (err) -+ goto err3; ++ return ret; ++} + -+ err = nf_register_hook(&imq_egress_ipv6); -+ if (err) -+ goto err4; -+#endif ++#ifdef CONFIG_LOCKDEP ++ static struct lock_class_key imq_netdev_addr_lock_key; + -+ return 0; ++ static void __init imq_dev_set_lockdep_one(struct net_device *dev, ++ struct netdev_queue *txq, void *arg) ++ { ++ /* ++ * the IMQ transmit locks can be taken recursively, ++ * for example with one IMQ rule for input- and one for ++ * output network devices in iptables! ++ * until we find a better solution ignore them. ++ */ ++ lockdep_set_novalidate_class(&txq->_xmit_lock); ++ } + -+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) -+err4: -+ nf_unregister_hook(&imq_ingress_ipv6); -+err3: -+ nf_unregister_hook(&imq_egress_ipv4); -+#endif -+err2: -+ nf_unregister_hook(&imq_ingress_ipv4); -+err1: -+ nf_unregister_queue_imq_handler(); -+ return err; ++ static void imq_dev_set_lockdep_class(struct net_device *dev) ++ { ++ lockdep_set_class_and_name(&dev->addr_list_lock, ++ &imq_netdev_addr_lock_key, "_xmit_addr_IMQ"); ++ netdev_for_each_tx_queue(dev, imq_dev_set_lockdep_one, NULL); +} ++#else ++ static inline void imq_dev_set_lockdep_class(struct net_device *dev) ++ { ++ } ++#endif + +static int __init imq_init_one(int index) +{ + struct net_device *dev; + int ret; + -+ dev = alloc_netdev(0, "imq%d", imq_setup); ++ dev = alloc_netdev_mq(0, "imq%d", NET_NAME_UNKNOWN, imq_setup, numqueues); + if (!dev) + return -ENOMEM; + @@ -522,10 +827,13 @@ diff -U 5 -Nr linux-2.6.32/drivers/net/imq.c linux-2.6.32-imq/drivers/net/imq.c + goto fail; + + dev->rtnl_link_ops = &imq_link_ops; ++ SET_NETDEV_DEVTYPE(dev, &imq_device_type); + ret = register_netdevice(dev); + if (ret < 0) + goto fail; + ++ imq_dev_set_lockdep_class(dev); ++ + return 0; +fail: + free_netdev(dev); @@ -537,11 +845,19 @@ diff -U 5 -Nr linux-2.6.32/drivers/net/imq.c linux-2.6.32-imq/drivers/net/imq.c + int err, i; + + if (numdevs < 1 || numdevs > IMQ_MAX_DEVS) { -+ printk(KERN_ERR "IMQ: numdevs has to be betweed 1 and %u\n", ++ pr_err("IMQ: numdevs has to be betweed 1 and %u\n", + IMQ_MAX_DEVS); + return -EINVAL; + } + ++ if (numqueues < 1 || numqueues > IMQ_MAX_QUEUES) { ++ pr_err("IMQ: numqueues has to be betweed 1 and %u\n", ++ IMQ_MAX_QUEUES); ++ return -EINVAL; ++ } ++ ++ get_random_bytes(&imq_hashrnd, sizeof(imq_hashrnd)); ++ + rtnl_lock(); + err = __rtnl_link_register(&imq_link_ops); + @@ -569,29 +885,30 @@ diff -U 5 -Nr linux-2.6.32/drivers/net/imq.c linux-2.6.32-imq/drivers/net/imq.c + + err = imq_init_devs(); + if (err) { -+ printk(KERN_ERR "IMQ: Error trying imq_init_devs(net)\n"); ++ pr_err("IMQ: Error trying imq_init_devs(net)\n"); + return err; + } + + err = imq_init_hooks(); + if (err) { -+ printk(KERN_ERR "IMQ: Error trying imq_init_hooks()\n"); ++ pr_err(KERN_ERR "IMQ: Error trying imq_init_hooks()\n"); + rtnl_link_unregister(&imq_link_ops); + memset(imq_devs_cache, 0, sizeof(imq_devs_cache)); + return err; + } + -+ printk(KERN_INFO "IMQ driver loaded successfully.\n"); ++ pr_info("IMQ driver loaded successfully. (numdevs = %d, numqueues = %d, imq_dev_accurate_stats = %d)\n", ++ numdevs, numqueues, imq_dev_accurate_stats); + +#if defined(CONFIG_IMQ_BEHAVIOR_BA) || defined(CONFIG_IMQ_BEHAVIOR_BB) -+ printk(KERN_INFO "\tHooking IMQ before NAT on PREROUTING.\n"); ++ pr_info("\tHooking IMQ before NAT on PREROUTING.\n"); +#else -+ printk(KERN_INFO "\tHooking IMQ after NAT on PREROUTING.\n"); ++ pr_info("\tHooking IMQ after NAT on PREROUTING.\n"); +#endif +#if defined(CONFIG_IMQ_BEHAVIOR_AB) || defined(CONFIG_IMQ_BEHAVIOR_BB) -+ printk(KERN_INFO "\tHooking IMQ before NAT on POSTROUTING.\n"); ++ pr_info("\tHooking IMQ before NAT on POSTROUTING.\n"); +#else -+ printk(KERN_INFO "\tHooking IMQ after NAT on POSTROUTING.\n"); ++ pr_info("\tHooking IMQ after NAT on POSTROUTING.\n"); +#endif + + return 0; @@ -599,13 +916,7 @@ diff -U 5 -Nr linux-2.6.32/drivers/net/imq.c linux-2.6.32-imq/drivers/net/imq.c + +static void __exit imq_unhook(void) +{ -+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) -+ nf_unregister_hook(&imq_ingress_ipv6); -+ nf_unregister_hook(&imq_egress_ipv6); -+#endif -+ nf_unregister_hook(&imq_ingress_ipv4); -+ nf_unregister_hook(&imq_egress_ipv4); -+ ++ nf_unregister_hooks(imq_ops, ARRAY_SIZE(imq_ops)); + nf_unregister_queue_imq_handler(); +} + @@ -619,29 +930,29 @@ diff -U 5 -Nr linux-2.6.32/drivers/net/imq.c linux-2.6.32-imq/drivers/net/imq.c +{ + imq_unhook(); + imq_cleanup_devs(); -+ printk(KERN_INFO "IMQ driver unloaded successfully.\n"); ++ pr_info("IMQ driver unloaded successfully.\n"); +} + +module_init(imq_init_module); +module_exit(imq_exit_module); + +module_param(numdevs, int, 0); -+MODULE_PARM_DESC(numdevs, "number of IMQ devices (how many imq* devices will " -+ "be created)"); -+MODULE_AUTHOR("http://www.linuximq.net"); -+MODULE_DESCRIPTION("Pseudo-driver for the intermediate queue device. See " -+ "http://www.linuximq.net/ for more information."); ++module_param(numqueues, int, 0); ++module_param(imq_dev_accurate_stats, int, 0); ++MODULE_PARM_DESC(numdevs, "number of IMQ devices (how many imq* devices will be created)"); ++MODULE_PARM_DESC(numqueues, "number of queues per IMQ device"); ++MODULE_PARM_DESC(imq_dev_accurate_stats, "Notify if need the accurate imq device stats"); ++ ++MODULE_AUTHOR("https://github.com/imq/linuximq"); ++MODULE_DESCRIPTION("Pseudo-driver for the intermediate queue device. See https://github.com/imq/linuximq/wiki for more information."); +MODULE_LICENSE("GPL"); +MODULE_ALIAS_RTNL_LINK("imq"); -+ -diff -U 5 -Nr linux-2.6.32/drivers/net/Kconfig linux-2.6.32-imq/drivers/net/Kconfig ---- linux-2.6.32/drivers/net/Kconfig 2009-12-03 05:51:21.000000000 +0200 -+++ linux-2.6.32-imq/drivers/net/Kconfig 2009-12-11 14:16:42.678730699 +0200 -@@ -107,10 +107,133 @@ - . - - To compile this driver as a module, choose M here: the module - will be called eql. If unsure, say N. +diff -Naupr linux-4.10_orig/drivers/net/Kconfig linux-4.10/drivers/net/Kconfig +--- linux-4.10_orig/drivers/net/Kconfig 2017-02-20 05:34:00.000000000 +0700 ++++ linux-4.10/drivers/net/Kconfig 2017-02-28 18:44:55.978280593 +0700 +@@ -260,6 +260,125 @@ config RIONET_RX_SIZE + depends on RIONET + default "128" +config IMQ + tristate "IMQ (intermediate queueing device) support" @@ -654,7 +965,7 @@ diff -U 5 -Nr linux-2.6.32/drivers/net/Kconfig linux-2.6.32-imq/drivers/net/Kcon + and distribute bandwidth among them. Iptables is used to specify + through which IMQ device, if any, packets travel. + -+ More information at: http://www.linuximq.net/ ++ More information at: https://github.com/imq/linuximq + + To compile this driver as a module, choose M here: the module + will be called imq. If unsure, say N. @@ -664,131 +975,121 @@ diff -U 5 -Nr linux-2.6.32/drivers/net/Kconfig linux-2.6.32-imq/drivers/net/Kcon + depends on IMQ + default IMQ_BEHAVIOR_AB + help ++ This setting defines how IMQ behaves in respect to its ++ hooking in PREROUTING and POSTROUTING. + -+ This settings defines how IMQ behaves in respect to its -+ hooking in PREROUTING and POSTROUTING. ++ IMQ can work in any of the following ways: + -+ IMQ can work in any of the following ways: ++ PREROUTING | POSTROUTING ++ -----------------|------------------- ++ #1 After NAT | After NAT ++ #2 After NAT | Before NAT ++ #3 Before NAT | After NAT ++ #4 Before NAT | Before NAT + -+ PREROUTING | POSTROUTING -+ -----------------|------------------- -+ #1 After NAT | After NAT -+ #2 After NAT | Before NAT -+ #3 Before NAT | After NAT -+ #4 Before NAT | Before NAT ++ The default behavior is to hook before NAT on PREROUTING ++ and after NAT on POSTROUTING (#3). + -+ The default behavior is to hook before NAT on PREROUTING -+ and after NAT on POSTROUTING (#3). ++ This settings are specially usefull when trying to use IMQ ++ to shape NATed clients. + -+ This settings are specially usefull when trying to use IMQ -+ to shape NATed clients. ++ More information can be found at: https://github.com/imq/linuximq + -+ More information can be found at: www.linuximq.net -+ -+ If not sure leave the default settings alone. ++ If not sure leave the default settings alone. + +config IMQ_BEHAVIOR_AA + bool "IMQ AA" + help -+ This settings defines how IMQ behaves in respect to its -+ hooking in PREROUTING and POSTROUTING. ++ This setting defines how IMQ behaves in respect to its ++ hooking in PREROUTING and POSTROUTING. + -+ Choosing this option will make IMQ hook like this: ++ Choosing this option will make IMQ hook like this: + -+ PREROUTING: After NAT -+ POSTROUTING: After NAT ++ PREROUTING: After NAT ++ POSTROUTING: After NAT + -+ More information can be found at: www.linuximq.net ++ More information can be found at: https://github.com/imq/linuximq + -+ If not sure leave the default settings alone. ++ If not sure leave the default settings alone. + +config IMQ_BEHAVIOR_AB + bool "IMQ AB" + help -+ This settings defines how IMQ behaves in respect to its -+ hooking in PREROUTING and POSTROUTING. ++ This setting defines how IMQ behaves in respect to its ++ hooking in PREROUTING and POSTROUTING. + -+ Choosing this option will make IMQ hook like this: ++ Choosing this option will make IMQ hook like this: + -+ PREROUTING: After NAT -+ POSTROUTING: Before NAT ++ PREROUTING: After NAT ++ POSTROUTING: Before NAT + -+ More information can be found at: www.linuximq.net ++ More information can be found at: https://github.com/imq/linuximq + -+ If not sure leave the default settings alone. ++ If not sure leave the default settings alone. + +config IMQ_BEHAVIOR_BA + bool "IMQ BA" + help -+ This settings defines how IMQ behaves in respect to its -+ hooking in PREROUTING and POSTROUTING. ++ This setting defines how IMQ behaves in respect to its ++ hooking in PREROUTING and POSTROUTING. + -+ Choosing this option will make IMQ hook like this: ++ Choosing this option will make IMQ hook like this: + -+ PREROUTING: Before NAT -+ POSTROUTING: After NAT ++ PREROUTING: Before NAT ++ POSTROUTING: After NAT + -+ More information can be found at: www.linuximq.net ++ More information can be found at: https://github.com/imq/linuximq + -+ If not sure leave the default settings alone. ++ If not sure leave the default settings alone. + +config IMQ_BEHAVIOR_BB + bool "IMQ BB" + help -+ This settings defines how IMQ behaves in respect to its -+ hooking in PREROUTING and POSTROUTING. ++ This setting defines how IMQ behaves in respect to its ++ hooking in PREROUTING and POSTROUTING. + -+ Choosing this option will make IMQ hook like this: ++ Choosing this option will make IMQ hook like this: + -+ PREROUTING: Before NAT -+ POSTROUTING: Before NAT ++ PREROUTING: Before NAT ++ POSTROUTING: Before NAT + -+ More information can be found at: www.linuximq.net ++ More information can be found at: https://github.com/imq/linuximq + -+ If not sure leave the default settings alone. ++ If not sure leave the default settings alone. + +endchoice + +config IMQ_NUM_DEVS -+ + int "Number of IMQ devices" + range 2 16 + depends on IMQ + default "16" + help ++ This setting defines how many IMQ devices will be created. + -+ This settings defines how many IMQ devices will be -+ created. -+ -+ The default value is 16. ++ The default value is 16. + -+ More information can be found at: www.linuximq.net ++ More information can be found at: https://github.com/imq/linuximq + -+ If not sure leave the default settings alone. ++ If not sure leave the default settings alone. + config TUN tristate "Universal TUN/TAP device driver support" - select CRC32 - ---help--- - TUN/TAP provides packet reception and transmission for user space -diff -U 5 -Nr linux-2.6.32/drivers/net/Makefile linux-2.6.32-imq/drivers/net/Makefile ---- linux-2.6.32/drivers/net/Makefile 2009-12-03 05:51:21.000000000 +0200 -+++ linux-2.6.32-imq/drivers/net/Makefile 2009-12-11 14:16:42.678730699 +0200 -@@ -163,10 +163,11 @@ - obj-$(CONFIG_SLHC) += slhc.o - - obj-$(CONFIG_XEN_NETDEV_FRONTEND) += xen-netfront.o - - obj-$(CONFIG_DUMMY) += dummy.o -+obj-$(CONFIG_IMQ) += imq.o + depends on INET +diff -Naupr linux-4.10_orig/drivers/net/Makefile linux-4.10/drivers/net/Makefile +--- linux-4.10_orig/drivers/net/Makefile 2017-02-20 05:34:00.000000000 +0700 ++++ linux-4.10/drivers/net/Makefile 2017-02-28 18:44:55.978280593 +0700 +@@ -11,6 +11,7 @@ obj-$(CONFIG_DUMMY) += dummy.o + obj-$(CONFIG_EQUALIZER) += eql.o obj-$(CONFIG_IFB) += ifb.o + obj-$(CONFIG_MACSEC) += macsec.o ++obj-$(CONFIG_IMQ) += imq.o obj-$(CONFIG_MACVLAN) += macvlan.o - obj-$(CONFIG_DE600) += de600.o - obj-$(CONFIG_DE620) += de620.o - obj-$(CONFIG_LANCE) += lance.o -diff -U 5 -Nr linux-2.6.32/include/linux/imq.h linux-2.6.32-imq/include/linux/imq.h ---- linux-2.6.32/include/linux/imq.h 1970-01-01 02:00:00.000000000 +0200 -+++ linux-2.6.32-imq/include/linux/imq.h 2009-12-11 14:16:42.678730699 +0200 + obj-$(CONFIG_MACVTAP) += macvtap.o + obj-$(CONFIG_MII) += mii.o +diff -Naupr linux-4.10_orig/include/linux/imq.h linux-4.10/include/linux/imq.h +--- linux-4.10_orig/include/linux/imq.h 1970-01-01 07:00:00.000000000 +0700 ++++ linux-4.10/include/linux/imq.h 2017-02-28 18:44:55.978280593 +0700 @@ -0,0 +1,13 @@ +#ifndef _IMQ_H +#define _IMQ_H @@ -803,24 +1104,32 @@ diff -U 5 -Nr linux-2.6.32/include/linux/imq.h linux-2.6.32-imq/include/linux/im + +#endif /* _IMQ_H */ + -diff -U 5 -Nr linux-2.6.32/include/linux/netdevice.h linux-2.6.32-imq/include/linux/netdevice.h ---- linux-2.6.32/include/linux/netdevice.h 2009-12-03 05:51:21.000000000 +0200 -+++ linux-2.6.32-imq/include/linux/netdevice.h 2009-12-11 14:16:42.679730960 +0200 -@@ -1112,10 +1112,11 @@ - extern struct net_device *__dev_get_by_name(struct net *net, const char *name); - extern int dev_alloc_name(struct net_device *dev, const char *name); - extern int dev_open(struct net_device *dev); - extern int dev_close(struct net_device *dev); - extern void dev_disable_lro(struct net_device *dev); -+extern struct netdev_queue *dev_pick_tx(struct net_device *dev, struct sk_buff *skb); - extern int dev_queue_xmit(struct sk_buff *skb); - extern int register_netdevice(struct net_device *dev); - extern void unregister_netdevice_queue(struct net_device *dev, - struct list_head *head); - extern void unregister_netdevice_many(struct list_head *head); -diff -U 5 -Nr linux-2.6.32/include/linux/netfilter/xt_IMQ.h linux-2.6.32-imq/include/linux/netfilter/xt_IMQ.h ---- linux-2.6.32/include/linux/netfilter/xt_IMQ.h 1970-01-01 02:00:00.000000000 +0200 -+++ linux-2.6.32-imq/include/linux/netfilter/xt_IMQ.h 2009-12-11 14:16:42.679730960 +0200 +diff -Naupr linux-4.10_orig/include/linux/netdevice.h linux-4.10/include/linux/netdevice.h +--- linux-4.10_orig/include/linux/netdevice.h 2017-02-20 05:34:00.000000000 +0700 ++++ linux-4.10/include/linux/netdevice.h 2017-02-28 18:44:55.978280593 +0700 +@@ -3604,6 +3604,19 @@ static inline void netif_tx_unlock_bh(st + } \ + } + ++#define HARD_TX_LOCK_BH(dev, txq) { \ ++ if ((dev->features & NETIF_F_LLTX) == 0) { \ ++ __netif_tx_lock_bh(txq); \ ++ } \ ++} ++ ++#define HARD_TX_UNLOCK_BH(dev, txq) { \ ++ if ((dev->features & NETIF_F_LLTX) == 0) { \ ++ __netif_tx_unlock_bh(txq); \ ++ } \ ++} ++ ++ + static inline void netif_tx_disable(struct net_device *dev) + { + unsigned int i; +diff -Naupr linux-4.10_orig/include/linux/netfilter/xt_IMQ.h linux-4.10/include/linux/netfilter/xt_IMQ.h +--- linux-4.10_orig/include/linux/netfilter/xt_IMQ.h 1970-01-01 07:00:00.000000000 +0700 ++++ linux-4.10/include/linux/netfilter/xt_IMQ.h 2017-02-28 18:44:55.981613941 +0700 @@ -0,0 +1,9 @@ +#ifndef _XT_IMQ_H +#define _XT_IMQ_H @@ -831,9 +1140,9 @@ diff -U 5 -Nr linux-2.6.32/include/linux/netfilter/xt_IMQ.h linux-2.6.32-imq/inc + +#endif /* _XT_IMQ_H */ + -diff -U 5 -Nr linux-2.6.32/include/linux/netfilter_ipv4/ipt_IMQ.h linux-2.6.32-imq/include/linux/netfilter_ipv4/ipt_IMQ.h ---- linux-2.6.32/include/linux/netfilter_ipv4/ipt_IMQ.h 1970-01-01 02:00:00.000000000 +0200 -+++ linux-2.6.32-imq/include/linux/netfilter_ipv4/ipt_IMQ.h 2009-12-11 14:16:42.679730960 +0200 +diff -Naupr linux-4.10_orig/include/linux/netfilter_ipv4/ipt_IMQ.h linux-4.10/include/linux/netfilter_ipv4/ipt_IMQ.h +--- linux-4.10_orig/include/linux/netfilter_ipv4/ipt_IMQ.h 1970-01-01 07:00:00.000000000 +0700 ++++ linux-4.10/include/linux/netfilter_ipv4/ipt_IMQ.h 2017-02-28 18:44:55.981613941 +0700 @@ -0,0 +1,10 @@ +#ifndef _IPT_IMQ_H +#define _IPT_IMQ_H @@ -845,9 +1154,9 @@ diff -U 5 -Nr linux-2.6.32/include/linux/netfilter_ipv4/ipt_IMQ.h linux-2.6.32-i + +#endif /* _IPT_IMQ_H */ + -diff -U 5 -Nr linux-2.6.32/include/linux/netfilter_ipv6/ip6t_IMQ.h linux-2.6.32-imq/include/linux/netfilter_ipv6/ip6t_IMQ.h ---- linux-2.6.32/include/linux/netfilter_ipv6/ip6t_IMQ.h 1970-01-01 02:00:00.000000000 +0200 -+++ linux-2.6.32-imq/include/linux/netfilter_ipv6/ip6t_IMQ.h 2009-12-11 14:16:42.679730960 +0200 +diff -Naupr linux-4.10_orig/include/linux/netfilter_ipv6/ip6t_IMQ.h linux-4.10/include/linux/netfilter_ipv6/ip6t_IMQ.h +--- linux-4.10_orig/include/linux/netfilter_ipv6/ip6t_IMQ.h 1970-01-01 07:00:00.000000000 +0700 ++++ linux-4.10/include/linux/netfilter_ipv6/ip6t_IMQ.h 2017-02-28 18:44:55.981613941 +0700 @@ -0,0 +1,10 @@ +#ifndef _IP6T_IMQ_H +#define _IP6T_IMQ_H @@ -859,216 +1168,184 @@ diff -U 5 -Nr linux-2.6.32/include/linux/netfilter_ipv6/ip6t_IMQ.h linux-2.6.32- + +#endif /* _IP6T_IMQ_H */ + -diff -U 5 -Nr linux-2.6.32/include/linux/skbuff.h linux-2.6.32-imq/include/linux/skbuff.h ---- linux-2.6.32/include/linux/skbuff.h 2009-12-03 05:51:21.000000000 +0200 -+++ linux-2.6.32-imq/include/linux/skbuff.h 2009-12-11 14:16:42.680730834 +0200 -@@ -27,10 +27,13 @@ - #include - #include - #include - #include - #include +diff -Naupr linux-4.10_orig/include/linux/skbuff.h linux-4.10/include/linux/skbuff.h +--- linux-4.10_orig/include/linux/skbuff.h 2017-02-20 05:34:00.000000000 +0700 ++++ linux-4.10/include/linux/skbuff.h 2017-02-28 18:44:55.981613941 +0700 +@@ -39,6 +39,10 @@ + #include + #include + #include +#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) +#include +#endif ++ - /* Don't change this without changing skb_csum_unnecessary! */ - #define CHECKSUM_NONE 0 - #define CHECKSUM_UNNECESSARY 1 - #define CHECKSUM_COMPLETE 2 -@@ -328,10 +331,13 @@ - * layer. Please put your private variables there. If you - * want to keep them across layers you have to do a skb_clone() + /* The interface for checksum offload between the stack and networking drivers + * is as follows... +@@ -661,6 +665,9 @@ struct sk_buff { * first. This is owned by whoever has the skb queued ATM. */ - char cb[48]; + char cb[48] __aligned(8); +#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) + void *cb_next; +#endif - unsigned int len, - data_len; - __u16 mac_len, - hdr_len; -@@ -360,10 +366,13 @@ + unsigned long _skb_refdst; void (*destructor)(struct sk_buff *skb); +@@ -670,6 +677,9 @@ struct sk_buff { #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) struct nf_conntrack *nfct; - struct sk_buff *nfct_reasm; #endif +#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ struct nf_queue_entry *nf_queue_entry; ++ struct nf_queue_entry *nf_queue_entry; +#endif - #ifdef CONFIG_BRIDGE_NETFILTER + #if IS_ENABLED(CONFIG_BRIDGE_NETFILTER) struct nf_bridge_info *nf_bridge; #endif - - int iif; -@@ -381,10 +390,14 @@ +@@ -750,6 +760,9 @@ struct sk_buff { + __u8 offload_fwd_mark:1; #endif - kmemcheck_bitfield_end(flags2); - - /* 0/14 bit hole */ - + /* 2, 4 or 5 bit hole */ +#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) + __u8 imq_flags:IMQ_F_BITS; +#endif -+ - #ifdef CONFIG_NET_DMA - dma_cookie_t dma_cookie; - #endif - #ifdef CONFIG_NETWORK_SECMARK - __u32 secmark; -@@ -435,10 +448,16 @@ - static inline struct rtable *skb_rtable(const struct sk_buff *skb) - { - return (struct rtable *)skb_dst(skb); - } + #ifdef CONFIG_NET_SCHED + __u16 tc_index; /* traffic control index */ +@@ -910,6 +923,12 @@ void kfree_skb_list(struct sk_buff *segs + void skb_tx_error(struct sk_buff *skb); + void consume_skb(struct sk_buff *skb); + void __kfree_skb(struct sk_buff *skb); + +#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+extern int skb_save_cb(struct sk_buff *skb); -+extern int skb_restore_cb(struct sk_buff *skb); ++int skb_save_cb(struct sk_buff *skb); ++int skb_restore_cb(struct sk_buff *skb); +#endif + - extern void kfree_skb(struct sk_buff *skb); - extern void consume_skb(struct sk_buff *skb); - extern void __kfree_skb(struct sk_buff *skb); - extern struct sk_buff *__alloc_skb(unsigned int size, - gfp_t priority, int fclone, int node); -@@ -1970,10 +1989,14 @@ - nf_conntrack_get(src->nfct); - dst->nfctinfo = src->nfctinfo; - dst->nfct_reasm = src->nfct_reasm; - nf_conntrack_get_reasm(src->nfct_reasm); + extern struct kmem_cache *skbuff_head_cache; + + void kfree_skb_partial(struct sk_buff *skb, bool head_stolen); +@@ -3607,6 +3626,10 @@ static inline void __nf_copy(struct sk_b + if (copy) + dst->nfctinfo = src->nfctinfo; #endif +#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ dst->imq_flags = src->imq_flags; -+ dst->nf_queue_entry = src->nf_queue_entry; ++ dst->imq_flags = src->imq_flags; ++ dst->nf_queue_entry = src->nf_queue_entry; +#endif - #ifdef CONFIG_BRIDGE_NETFILTER + #if IS_ENABLED(CONFIG_BRIDGE_NETFILTER) dst->nf_bridge = src->nf_bridge; nf_bridge_get(src->nf_bridge); - #endif - } -diff -U 5 -Nr linux-2.6.32/include/net/netfilter/nf_queue.h linux-2.6.32-imq/include/net/netfilter/nf_queue.h ---- linux-2.6.32/include/net/netfilter/nf_queue.h 2009-12-03 05:51:21.000000000 +0200 -+++ linux-2.6.32-imq/include/net/netfilter/nf_queue.h 2009-12-11 14:16:42.680730834 +0200 -@@ -11,10 +11,16 @@ - u_int8_t pf; - unsigned int hook; - struct net_device *indev; - struct net_device *outdev; - int (*okfn)(struct sk_buff *); +diff -Naupr linux-4.10_orig/include/net/netfilter/nf_queue.h linux-4.10/include/net/netfilter/nf_queue.h +--- linux-4.10_orig/include/net/netfilter/nf_queue.h 2017-02-20 05:34:00.000000000 +0700 ++++ linux-4.10/include/net/netfilter/nf_queue.h 2017-02-28 18:44:55.981613941 +0700 +@@ -31,6 +31,12 @@ struct nf_queue_handler { + void nf_register_queue_handler(struct net *net, const struct nf_queue_handler *qh); + void nf_unregister_queue_handler(struct net *net); + void nf_reinject(struct nf_queue_entry *entry, unsigned int verdict); ++void nf_queue_entry_release_refs(struct nf_queue_entry *entry); + +#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ int (*next_outfn)(struct nf_queue_entry *entry, -+ unsigned int queuenum); -+ unsigned int next_queuenum; ++void nf_register_queue_imq_handler(const struct nf_queue_handler *qh); ++void nf_unregister_queue_imq_handler(void); +#endif - }; - #define nf_queue_entry_reroute(x) ((void *)x + sizeof(struct nf_queue_entry)) + void nf_queue_entry_get_refs(struct nf_queue_entry *entry); + void nf_queue_entry_release_refs(struct nf_queue_entry *entry); +diff -Naupr linux-4.10_orig/include/net/pkt_sched.h linux-4.10/include/net/pkt_sched.h +--- linux-4.10_orig/include/net/pkt_sched.h 2017-02-20 05:34:00.000000000 +0700 ++++ linux-4.10/include/net/pkt_sched.h 2017-02-28 18:44:55.981613941 +0700 +@@ -107,6 +107,8 @@ int sch_direct_xmit(struct sk_buff *skb, - /* Packet queuing */ -@@ -28,7 +34,13 @@ - const struct nf_queue_handler *qh); - extern int nf_unregister_queue_handler(u_int8_t pf, - const struct nf_queue_handler *qh); - extern void nf_unregister_queue_handlers(const struct nf_queue_handler *qh); - extern void nf_reinject(struct nf_queue_entry *entry, unsigned int verdict); -+extern void nf_queue_entry_release_refs(struct nf_queue_entry *entry); + void __qdisc_run(struct Qdisc *q); + ++struct sk_buff *qdisc_dequeue_skb(struct Qdisc *q, bool *validate); + -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+extern void nf_register_queue_imq_handler(const struct nf_queue_handler *qh); -+extern void nf_unregister_queue_imq_handler(void); -+#endif + static inline void qdisc_run(struct Qdisc *q) + { + if (qdisc_run_begin(q)) +diff -Naupr linux-4.10_orig/include/net/sch_generic.h linux-4.10/include/net/sch_generic.h +--- linux-4.10_orig/include/net/sch_generic.h 2017-02-20 05:34:00.000000000 +0700 ++++ linux-4.10/include/net/sch_generic.h 2017-02-28 18:44:55.981613941 +0700 +@@ -518,6 +518,13 @@ static inline int qdisc_enqueue(struct s + return sch->enqueue(skb, sch, to_free); + } - #endif /* _NF_QUEUE_H */ -diff -U 5 -Nr linux-2.6.32/net/core/dev.c linux-2.6.32-imq/net/core/dev.c ---- linux-2.6.32/net/core/dev.c 2009-12-03 05:51:21.000000000 +0200 -+++ linux-2.6.32-imq/net/core/dev.c 2009-12-11 14:16:42.681731014 +0200 -@@ -94,10 +94,13 @@ - #include - #include - #include - #include - #include -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+#include -+#endif - #include - #include - #include - #include - #include -@@ -1702,11 +1705,15 @@ ++static inline int qdisc_enqueue_root(struct sk_buff *skb, struct Qdisc *sch, ++ struct sk_buff **to_free) ++{ ++ qdisc_skb_cb(skb)->pkt_len = skb->len; ++ return qdisc_enqueue(skb, sch, to_free) & NET_XMIT_MASK; ++} ++ + static inline bool qdisc_is_percpu_stats(const struct Qdisc *q) { - const struct net_device_ops *ops = dev->netdev_ops; - int rc = NETDEV_TX_OK; + return q->flags & TCQ_F_CPUSTATS; +diff -Naupr linux-4.10_orig/include/uapi/linux/netfilter.h linux-4.10/include/uapi/linux/netfilter.h +--- linux-4.10_orig/include/uapi/linux/netfilter.h 2017-02-20 05:34:00.000000000 +0700 ++++ linux-4.10/include/uapi/linux/netfilter.h 2017-02-28 18:44:55.981613941 +0700 +@@ -14,7 +14,8 @@ + #define NF_QUEUE 3 + #define NF_REPEAT 4 + #define NF_STOP 5 /* Deprecated, for userspace nf_queue compatibility. */ +-#define NF_MAX_VERDICT NF_STOP ++#define NF_IMQ_QUEUE 6 ++#define NF_MAX_VERDICT NF_IMQ_QUEUE - if (likely(!skb->next)) { -- if (!list_empty(&ptype_all)) -+ if (!list_empty(&ptype_all) + /* we overload the higher bits for encoding auxiliary data such as the queue + * number or errno values. Not nice, but better than additional function +diff -Naupr linux-4.10_orig/net/core/dev.c linux-4.10/net/core/dev.c +--- linux-4.10_orig/net/core/dev.c 2017-02-20 05:34:00.000000000 +0700 ++++ linux-4.10/net/core/dev.c 2017-02-28 18:44:55.984947288 +0700 +@@ -140,6 +140,9 @@ + #include + #include + #include +#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ && !(skb->imq_flags & IMQ_F_ENQUEUE) ++#include +#endif -+ ) - dev_queue_xmit_nit(skb, dev); - if (netif_needs_gso(dev, skb)) { - if (unlikely(dev_gso_segment(skb))) - goto out_kfree_skb; -@@ -1787,7 +1794,7 @@ - return queue_index; - } + #include "net-sysfs.h" --static struct netdev_queue *dev_pick_tx(struct net_device *dev, -+struct netdev_queue *dev_pick_tx(struct net_device *dev, - struct sk_buff *skb) - { - u16 queue_index; -@@ -1801,10 +1807,11 @@ - queue_index = skb_tx_hash(dev, skb); +@@ -2881,7 +2884,12 @@ static int xmit_one(struct sk_buff *skb, + unsigned int len; + int rc; - skb_set_queue_mapping(skb, queue_index); - return netdev_get_tx_queue(dev, queue_index); ++#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) ++ if ((!list_empty(&ptype_all) || !list_empty(&dev->ptype_all)) && ++ !(skb->imq_flags & IMQ_F_ENQUEUE)) ++#else + if (!list_empty(&ptype_all) || !list_empty(&dev->ptype_all)) ++#endif + dev_queue_xmit_nit(skb, dev); + + len = skb->len; +@@ -2920,6 +2928,8 @@ out: + return skb; } -+EXPORT_SYMBOL(dev_pick_tx); - static inline int __dev_xmit_skb(struct sk_buff *skb, struct Qdisc *q, - struct net_device *dev, - struct netdev_queue *txq) ++EXPORT_SYMBOL_GPL(dev_hard_start_xmit); ++ + static struct sk_buff *validate_xmit_vlan(struct sk_buff *skb, + netdev_features_t features) { -diff -U 5 -Nr linux-2.6.32/net/core/skbuff.c linux-2.6.32-imq/net/core/skbuff.c ---- linux-2.6.32/net/core/skbuff.c 2009-12-03 05:51:21.000000000 +0200 -+++ linux-2.6.32-imq/net/core/skbuff.c 2009-12-11 15:12:39.294981618 +0200 -@@ -70,10 +70,13 @@ - - #include "kmap_skb.h" - - static struct kmem_cache *skbuff_head_cache __read_mostly; +diff -Naupr linux-4.10_orig/net/core/skbuff.c linux-4.10/net/core/skbuff.c +--- linux-4.10_orig/net/core/skbuff.c 2017-02-20 05:34:00.000000000 +0700 ++++ linux-4.10/net/core/skbuff.c 2017-02-28 18:44:55.984947288 +0700 +@@ -82,6 +82,87 @@ struct kmem_cache *skbuff_head_cache __r static struct kmem_cache *skbuff_fclone_cache __read_mostly; + int sysctl_max_skb_frags __read_mostly = MAX_SKB_FRAGS; + EXPORT_SYMBOL(sysctl_max_skb_frags); +#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) +static struct kmem_cache *skbuff_cb_store_cache __read_mostly; +#endif - - static void sock_pipe_buf_release(struct pipe_inode_info *pipe, - struct pipe_buffer *buf) - { - put_page(buf->page); -@@ -89,10 +92,87 @@ - struct pipe_buffer *buf) - { - return 1; - } - ++ +#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) +/* Control buffer save/restore for IMQ devices */ +struct skb_cb_table { ++ char cb[48] __aligned(8); + void *cb_next; + atomic_t refcnt; -+ char cb[48]; +}; + +static DEFINE_SPINLOCK(skb_cb_store_lock); @@ -1109,9 +1386,8 @@ diff -U 5 -Nr linux-2.6.32/net/core/skbuff.c linux-2.6.32-imq/net/core/skbuff.c + + spin_lock(&skb_cb_store_lock); + -+ if (atomic_dec_and_test(&next->refcnt)) { ++ if (atomic_dec_and_test(&next->refcnt)) + kmem_cache_free(skbuff_cb_store_cache, next); -+ } + + spin_unlock(&skb_cb_store_lock); + @@ -1119,6 +1395,7 @@ diff -U 5 -Nr linux-2.6.32/net/core/skbuff.c linux-2.6.32-imq/net/core/skbuff.c +} +EXPORT_SYMBOL(skb_restore_cb); + ++static void skb_copy_stored_cb(struct sk_buff * , const struct sk_buff * ) __attribute__ ((unused)); +static void skb_copy_stored_cb(struct sk_buff *new, const struct sk_buff *__old) +{ + struct skb_cb_table *next; @@ -1141,58 +1418,49 @@ diff -U 5 -Nr linux-2.6.32/net/core/skbuff.c linux-2.6.32-imq/net/core/skbuff.c +} +#endif - /* Pipe buffer operations for a socket. */ - static const struct pipe_buf_operations sock_pipe_buf_ops = { - .can_merge = 0, - .map = generic_pipe_buf_map, -@@ -396,10 +476,30 @@ - #endif - if (skb->destructor) { + /** + * skb_panic - private function for out-of-line support +@@ -654,6 +735,28 @@ static void skb_release_head_state(struc WARN_ON(in_irq()); skb->destructor(skb); } +#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ /* This should not happen. When it does, avoid memleak by restoring -+ the chain of cb-backups. */ -+ while(skb->cb_next != NULL) { ++ /* ++ * This should not happen. When it does, avoid memleak by restoring ++ * the chain of cb-backups. ++ */ ++ while (skb->cb_next != NULL) { + if (net_ratelimit()) -+ printk(KERN_WARNING "IMQ: kfree_skb: skb->cb_next: " -+ "%08x\n", (unsigned int)skb->cb_next); ++ pr_warn("IMQ: kfree_skb: skb->cb_next: %08x\n", ++ (unsigned int)(uintptr_t)skb->cb_next); + + skb_restore_cb(skb); + } -+ /* This should not happen either, nf_queue_entry is nullified in ++ /* ++ * This should not happen either, nf_queue_entry is nullified in + * imq_dev_xmit(). If we have non-NULL nf_queue_entry then we are + * leaking entry pointers, maybe memory. We don't know if this is + * pointer to already freed memory, or should this be freed. + * If this happens we need to add refcounting, etc for nf_queue_entry. + */ + if (skb->nf_queue_entry && net_ratelimit()) -+ printk(KERN_WARNING -+ "IMQ: kfree_skb: skb->nf_queue_entry != NULL"); ++ pr_warn("%s\n", "IMQ: kfree_skb: skb->nf_queue_entry != NULL"); +#endif - #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) + #if IS_ENABLED(CONFIG_NF_CONNTRACK) nf_conntrack_put(skb->nfct); - nf_conntrack_put_reasm(skb->nfct_reasm); #endif - #ifdef CONFIG_BRIDGE_NETFILTER -@@ -533,10 +633,13 @@ - skb_dst_set(new, dst_clone(skb_dst(old))); - #ifdef CONFIG_XFRM +@@ -843,6 +946,10 @@ static void __copy_skb_header(struct sk_ new->sp = secpath_get(old->sp); #endif - memcpy(new->cb, old->cb, sizeof(old->cb)); + __nf_copy(new, old, false); +#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ skb_copy_stored_cb(new, old); ++ new->cb_next = NULL; ++ /*skb_copy_stored_cb(new, old);*/ +#endif - new->csum = old->csum; - new->local_df = old->local_df; - new->pkt_type = old->pkt_type; - new->ip_summed = old->ip_summed; - skb_copy_queue_mapping(new, old); -@@ -2774,10 +2877,17 @@ - (2*sizeof(struct sk_buff)) + - sizeof(atomic_t), + + /* Note : this field could be in headers_start/headers_end section + * It is not yet because we do not want to have a 16 bit hole +@@ -3465,6 +3572,13 @@ void __init skb_init(void) 0, SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL); @@ -1206,16 +1474,54 @@ diff -U 5 -Nr linux-2.6.32/net/core/skbuff.c linux-2.6.32-imq/net/core/skbuff.c } /** - * skb_to_sgvec - Fill a scatter-gather list from a socket buffer - * @skb: Socket buffer containing the buffers to be mapped -diff -U 5 -Nr linux-2.6.32/net/netfilter/Kconfig linux-2.6.32-imq/net/netfilter/Kconfig ---- linux-2.6.32/net/netfilter/Kconfig 2009-12-03 05:51:21.000000000 +0200 -+++ linux-2.6.32-imq/net/netfilter/Kconfig 2009-12-11 14:16:42.681731014 +0200 -@@ -394,10 +394,22 @@ - echo netfilter-ssh > /sys/class/leds//trigger +diff -Naupr linux-4.10_orig/net/ipv6/ip6_output.c linux-4.10/net/ipv6/ip6_output.c +--- linux-4.10_orig/net/ipv6/ip6_output.c 2017-02-20 05:34:00.000000000 +0700 ++++ linux-4.10/net/ipv6/ip6_output.c 2017-02-28 18:44:55.988280636 +0700 +@@ -67,9 +67,6 @@ static int ip6_finish_output2(struct net + struct in6_addr *nexthop; + int ret; - For more information on the LEDs available on your system, see - Documentation/leds-class.txt +- skb->protocol = htons(ETH_P_IPV6); +- skb->dev = dev; +- + if (ipv6_addr_is_multicast(&ipv6_hdr(skb)->daddr)) { + struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb)); + +@@ -159,6 +156,13 @@ int ip6_output(struct net *net, struct s + return 0; + } + ++ /* ++ * IMQ-patch: moved setting skb->dev and skb->protocol from ++ * ip6_finish_output2 to fix crashing at netif_skb_features(). ++ */ ++ skb->protocol = htons(ETH_P_IPV6); ++ skb->dev = dev; ++ + return NF_HOOK_COND(NFPROTO_IPV6, NF_INET_POST_ROUTING, + net, sk, skb, NULL, dev, + ip6_finish_output, +diff -Naupr linux-4.10_orig/net/netfilter/core.c linux-4.10/net/netfilter/core.c +--- linux-4.10_orig/net/netfilter/core.c 2017-02-20 05:34:00.000000000 +0700 ++++ linux-4.10/net/netfilter/core.c 2017-02-28 18:44:55.988280636 +0700 +@@ -318,6 +318,11 @@ int nf_hook_slow(struct sk_buff *skb, st + if (ret == 0) + ret = -EPERM; + return ret; ++ case NF_IMQ_QUEUE: ++ ret = nf_queue(skb, state, &entry, verdict); ++ if (ret == -ECANCELED) ++ continue; ++ return ret; + case NF_QUEUE: + ret = nf_queue(skb, state, &entry, verdict); + if (ret == 1 && entry) +diff -Naupr linux-4.10_orig/net/netfilter/Kconfig linux-4.10/net/netfilter/Kconfig +--- linux-4.10_orig/net/netfilter/Kconfig 2017-02-20 05:34:00.000000000 +0700 ++++ linux-4.10/net/netfilter/Kconfig 2017-02-28 18:44:55.988280636 +0700 +@@ -852,6 +852,18 @@ config NETFILTER_XT_TARGET_LOG + + To compile it as a module, choose M here. If unsure, say N. +config NETFILTER_XT_TARGET_IMQ + tristate '"IMQ" target support' @@ -1231,157 +1537,107 @@ diff -U 5 -Nr linux-2.6.32/net/netfilter/Kconfig linux-2.6.32-imq/net/netfilter/ + config NETFILTER_XT_TARGET_MARK tristate '"MARK" target support' - default m if NETFILTER_ADVANCED=n - help - This option adds a `MARK' target, which allows you to create rules -diff -U 5 -Nr linux-2.6.32/net/netfilter/Makefile linux-2.6.32-imq/net/netfilter/Makefile ---- linux-2.6.32/net/netfilter/Makefile 2009-12-03 05:51:21.000000000 +0200 -+++ linux-2.6.32-imq/net/netfilter/Makefile 2009-12-11 14:16:42.681731014 +0200 -@@ -44,10 +44,11 @@ - obj-$(CONFIG_NETFILTER_XT_TARGET_CLASSIFY) += xt_CLASSIFY.o - obj-$(CONFIG_NETFILTER_XT_TARGET_CONNMARK) += xt_CONNMARK.o - obj-$(CONFIG_NETFILTER_XT_TARGET_CONNSECMARK) += xt_CONNSECMARK.o + depends on NETFILTER_ADVANCED +diff -Naupr linux-4.10_orig/net/netfilter/Makefile linux-4.10/net/netfilter/Makefile +--- linux-4.10_orig/net/netfilter/Makefile 2017-02-20 05:34:00.000000000 +0700 ++++ linux-4.10/net/netfilter/Makefile 2017-02-28 18:44:55.988280636 +0700 +@@ -125,6 +125,7 @@ obj-$(CONFIG_NETFILTER_XT_TARGET_CT) += obj-$(CONFIG_NETFILTER_XT_TARGET_DSCP) += xt_DSCP.o obj-$(CONFIG_NETFILTER_XT_TARGET_HL) += xt_HL.o + obj-$(CONFIG_NETFILTER_XT_TARGET_HMARK) += xt_HMARK.o +obj-$(CONFIG_NETFILTER_XT_TARGET_IMQ) += xt_IMQ.o obj-$(CONFIG_NETFILTER_XT_TARGET_LED) += xt_LED.o - obj-$(CONFIG_NETFILTER_XT_TARGET_MARK) += xt_MARK.o - obj-$(CONFIG_NETFILTER_XT_TARGET_NFLOG) += xt_NFLOG.o - obj-$(CONFIG_NETFILTER_XT_TARGET_NFQUEUE) += xt_NFQUEUE.o - obj-$(CONFIG_NETFILTER_XT_TARGET_NOTRACK) += xt_NOTRACK.o -diff -U 5 -Nr linux-2.6.32/net/netfilter/nf_queue.c linux-2.6.32-imq/net/netfilter/nf_queue.c ---- linux-2.6.32/net/netfilter/nf_queue.c 2009-12-03 05:51:21.000000000 +0200 -+++ linux-2.6.32-imq/net/netfilter/nf_queue.c 2009-12-11 14:16:42.681731014 +0200 -@@ -18,10 +18,30 @@ + obj-$(CONFIG_NETFILTER_XT_TARGET_LOG) += xt_LOG.o + obj-$(CONFIG_NETFILTER_XT_TARGET_NETMAP) += xt_NETMAP.o +diff -Naupr linux-4.10_orig/net/netfilter/nf_queue.c linux-4.10/net/netfilter/nf_queue.c +--- linux-4.10_orig/net/netfilter/nf_queue.c 2017-02-20 05:34:00.000000000 +0700 ++++ linux-4.10/net/netfilter/nf_queue.c 2017-02-28 18:44:55.988280636 +0700 +@@ -27,6 +27,23 @@ + * receives, no matter what. */ - static const struct nf_queue_handler *queue_handler[NFPROTO_NUMPROTO] __read_mostly; - - static DEFINE_MUTEX(queue_handler_mutex); +#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+static const struct nf_queue_handler *queue_imq_handler; ++static const struct nf_queue_handler __rcu *queue_imq_handler __read_mostly; + +void nf_register_queue_imq_handler(const struct nf_queue_handler *qh) +{ -+ mutex_lock(&queue_handler_mutex); + rcu_assign_pointer(queue_imq_handler, qh); -+ mutex_unlock(&queue_handler_mutex); +} -+EXPORT_SYMBOL(nf_register_queue_imq_handler); ++EXPORT_SYMBOL_GPL(nf_register_queue_imq_handler); + +void nf_unregister_queue_imq_handler(void) +{ -+ mutex_lock(&queue_handler_mutex); -+ rcu_assign_pointer(queue_imq_handler, NULL); -+ mutex_unlock(&queue_handler_mutex); ++ RCU_INIT_POINTER(queue_imq_handler, NULL); ++ synchronize_rcu(); +} -+EXPORT_SYMBOL(nf_unregister_queue_imq_handler); ++EXPORT_SYMBOL_GPL(nf_unregister_queue_imq_handler); +#endif + /* return EBUSY when somebody else is registered, return EEXIST if the * same handler is registered, return 0 in case of success. */ - int nf_register_queue_handler(u_int8_t pf, const struct nf_queue_handler *qh) - { - int ret; -@@ -78,11 +98,11 @@ - - synchronize_rcu(); + void nf_register_queue_handler(struct net *net, const struct nf_queue_handler *qh) +@@ -108,16 +125,28 @@ void nf_queue_nf_hook_drop(struct net *n } - EXPORT_SYMBOL_GPL(nf_unregister_queue_handlers); --static void nf_queue_entry_release_refs(struct nf_queue_entry *entry) -+void nf_queue_entry_release_refs(struct nf_queue_entry *entry) + static int __nf_queue(struct sk_buff *skb, const struct nf_hook_state *state, +- struct nf_hook_entry *hook_entry, unsigned int queuenum) ++ struct nf_hook_entry *hook_entry, unsigned int verdict) { - /* Release those devices we held, or Alexey will kill me. */ - if (entry->indev) - dev_put(entry->indev); - if (entry->outdev) -@@ -98,10 +118,11 @@ - } - #endif - /* Drop reference to owner of hook which queued us. */ - module_put(entry->elem->owner); - } -+EXPORT_SYMBOL_GPL(nf_queue_entry_release_refs); - - /* - * Any packet that leaves via this function must come back - * through nf_reinject(). - */ -@@ -119,16 +140,30 @@ - struct net_device *physindev; - struct net_device *physoutdev; - #endif + int status = -ENOENT; + struct nf_queue_entry *entry = NULL; const struct nf_afinfo *afinfo; const struct nf_queue_handler *qh; -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ const struct nf_queue_handler *qih = NULL; -+#endif - - /* QUEUE == DROP if noone is waiting, to be safe. */ - rcu_read_lock(); + struct net *net = state->net; ++ unsigned int queuetype = verdict & NF_VERDICT_MASK; ++ unsigned int queuenum = verdict >> NF_VERDICT_QBITS; - qh = rcu_dereference(queue_handler[pf]); + /* QUEUE == DROP if no one is waiting, to be safe. */ +- qh = rcu_dereference(net->nf.queue_handler); ++ if (queuetype == NF_IMQ_QUEUE) { +#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) -+ if (pf == PF_INET || pf == PF_INET6) ++ qh = rcu_dereference(queue_imq_handler); +#else -+ if (pf == PF_INET) ++ BUG(); ++ goto err_unlock; +#endif -+ qih = rcu_dereference(queue_imq_handler); ++ } else { ++ qh = rcu_dereference(net->nf.queue_handler); ++ } + -+ if (!qh && !qih) -+#else /* !IMQ */ - if (!qh) -+#endif - goto err_unlock; - - afinfo = nf_get_afinfo(pf); - if (!afinfo) - goto err_unlock; -@@ -143,10 +178,14 @@ - .pf = pf, - .hook = hook, - .indev = indev, - .outdev = outdev, - .okfn = okfn, -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ .next_outfn = qh ? qh->outfn : NULL, -+ .next_queuenum = queuenum, -+#endif - }; + if (!qh) { + status = -ESRCH; + goto err; +@@ -164,8 +193,17 @@ int nf_queue(struct sk_buff *skb, struct + struct nf_hook_entry *entry = *entryp; + int ret; - /* If it's going away, ignore hook. */ - if (!try_module_get(entry->elem->owner)) { - rcu_read_unlock(); -@@ -168,12 +207,23 @@ - if (physoutdev) - dev_hold(physoutdev); - } - #endif - afinfo->saveroute(skb, entry); +- ret = __nf_queue(skb, state, entry, verdict >> NF_VERDICT_QBITS); ++ ret = __nf_queue(skb, state, entry, verdict); + if (ret < 0) { + +#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ if (qih) { -+ status = qih->outfn(entry, queuenum); -+ goto imq_skip_queue; ++ /* IMQ Bypass */ ++ if (ret == -ECANCELED && skb->imq_flags == 0) { ++ *entryp = rcu_dereference(entry->next); ++ return 1; + } +#endif + - status = qh->outfn(entry, queuenum); - -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+imq_skip_queue: -+#endif - rcu_read_unlock(); - - if (status < 0) { - nf_queue_entry_release_refs(entry); - goto err; -diff -U 5 -Nr linux-2.6.32/net/netfilter/xt_IMQ.c linux-2.6.32-imq/net/netfilter/xt_IMQ.c ---- linux-2.6.32/net/netfilter/xt_IMQ.c 1970-01-01 02:00:00.000000000 +0200 -+++ linux-2.6.32-imq/net/netfilter/xt_IMQ.c 2009-12-11 14:16:42.681731014 +0200 -@@ -0,0 +1,73 @@ + if (ret == -ESRCH && + (verdict & NF_VERDICT_FLAG_QUEUE_BYPASS)) { + *entryp = rcu_dereference(entry->next); +@@ -232,6 +270,7 @@ okfn: + local_bh_enable(); + break; + case NF_QUEUE: ++ case NF_IMQ_QUEUE: + err = nf_queue(skb, &entry->state, &hook_entry, verdict); + if (err == 1) { + if (hook_entry) +diff -Naupr linux-4.10_orig/net/netfilter/xt_IMQ.c linux-4.10/net/netfilter/xt_IMQ.c +--- linux-4.10_orig/net/netfilter/xt_IMQ.c 1970-01-01 07:00:00.000000000 +0700 ++++ linux-4.10/net/netfilter/xt_IMQ.c 2017-02-28 18:44:55.988280636 +0700 +@@ -0,0 +1,72 @@ +/* + * This target marks packets to be enqueued to an imq device + */ @@ -1392,7 +1648,7 @@ diff -U 5 -Nr linux-2.6.32/net/netfilter/xt_IMQ.c linux-2.6.32-imq/net/netfilter +#include + +static unsigned int imq_target(struct sk_buff *pskb, -+ const struct xt_target_param *par) ++ const struct xt_action_param *par) +{ + const struct xt_imq_info *mr = par->targinfo; + @@ -1401,18 +1657,17 @@ diff -U 5 -Nr linux-2.6.32/net/netfilter/xt_IMQ.c linux-2.6.32-imq/net/netfilter + return XT_CONTINUE; +} + -+static bool imq_checkentry(const struct xt_tgchk_param *par) ++static int imq_checkentry(const struct xt_tgchk_param *par) +{ + struct xt_imq_info *mr = par->targinfo; + + if (mr->todev > IMQ_MAX_DEVS - 1) { -+ printk(KERN_WARNING -+ "IMQ: invalid device specified, highest is %u\n", -+ IMQ_MAX_DEVS - 1); -+ return 0; ++ pr_warn("IMQ: invalid device specified, highest is %u\n", ++ IMQ_MAX_DEVS - 1); ++ return -EINVAL; + } + -+ return 1; ++ return 0; +} + +static struct xt_target xt_imq_reg[] __read_mostly = { @@ -1449,9 +1704,27 @@ diff -U 5 -Nr linux-2.6.32/net/netfilter/xt_IMQ.c linux-2.6.32-imq/net/netfilter +module_init(imq_init); +module_exit(imq_fini); + -+MODULE_AUTHOR("http://www.linuximq.net"); -+MODULE_DESCRIPTION("Pseudo-driver for the intermediate queue device. See http://www.linuximq.net/ for more information."); ++MODULE_AUTHOR("https://github.com/imq/linuximq"); ++MODULE_DESCRIPTION("Pseudo-driver for the intermediate queue device. See https://github.com/imq/linuximq/wiki for more information."); +MODULE_LICENSE("GPL"); +MODULE_ALIAS("ipt_IMQ"); +MODULE_ALIAS("ip6t_IMQ"); + +diff -Naupr linux-4.10_orig/net/sched/sch_generic.c linux-4.10/net/sched/sch_generic.c +--- linux-4.10_orig/net/sched/sch_generic.c 2017-02-20 05:34:00.000000000 +0700 ++++ linux-4.10/net/sched/sch_generic.c 2017-02-28 18:44:55.988280636 +0700 +@@ -154,6 +154,14 @@ bulk: + return skb; + } + ++struct sk_buff *qdisc_dequeue_skb(struct Qdisc *q, bool *validate) ++{ ++ int packets; ++ ++ return dequeue_skb(q, validate, &packets); ++} ++EXPORT_SYMBOL(qdisc_dequeue_skb); ++ + /* + * Transmit possibly several skbs, and handle the return status as + * required. Owning running seqcount bit guarantees that