X-Git-Url: http://git.pld-linux.org/?a=blobdiff_plain;f=kernel-imq.patch;h=87ee89ac682277f7f3ceef3ab2c724fcfc049e2f;hb=e9788481c9ff174d00e2fa102dac9e857d3a1840;hp=328828087084867192d75992ca53238062a8f39b;hpb=36cbf1a5ac0561f45752f0d0cc1adddf712d82f2;p=packages%2Fkernel.git diff --git a/kernel-imq.patch b/kernel-imq.patch index 32882808..87ee89ac 100644 --- a/kernel-imq.patch +++ b/kernel-imq.patch @@ -1,151 +1,7 @@ -diff --git a/drivers/net/Kconfig b/drivers/net/Kconfig -index 95c32f2..93fada5 100644 ---- a/drivers/net/Kconfig -+++ b/drivers/net/Kconfig -@@ -260,6 +260,125 @@ config RIONET_RX_SIZE - depends on RIONET - default "128" - -+config IMQ -+ tristate "IMQ (intermediate queueing device) support" -+ depends on NETDEVICES && NETFILTER -+ ---help--- -+ The IMQ device(s) is used as placeholder for QoS queueing -+ disciplines. Every packet entering/leaving the IP stack can be -+ directed through the IMQ device where it's enqueued/dequeued to the -+ attached qdisc. This allows you to treat network devices as classes -+ and distribute bandwidth among them. Iptables is used to specify -+ through which IMQ device, if any, packets travel. -+ -+ More information at: https://github.com/imq/linuximq -+ -+ To compile this driver as a module, choose M here: the module -+ will be called imq. If unsure, say N. -+ -+choice -+ prompt "IMQ behavior (PRE/POSTROUTING)" -+ depends on IMQ -+ default IMQ_BEHAVIOR_AB -+ help -+ This setting defines how IMQ behaves in respect to its -+ hooking in PREROUTING and POSTROUTING. -+ -+ IMQ can work in any of the following ways: -+ -+ PREROUTING | POSTROUTING -+ -----------------|------------------- -+ #1 After NAT | After NAT -+ #2 After NAT | Before NAT -+ #3 Before NAT | After NAT -+ #4 Before NAT | Before NAT -+ -+ The default behavior is to hook before NAT on PREROUTING -+ and after NAT on POSTROUTING (#3). -+ -+ This settings are specially usefull when trying to use IMQ -+ to shape NATed clients. -+ -+ More information can be found at: https://github.com/imq/linuximq -+ -+ If not sure leave the default settings alone. -+ -+config IMQ_BEHAVIOR_AA -+ bool "IMQ AA" -+ help -+ This setting defines how IMQ behaves in respect to its -+ hooking in PREROUTING and POSTROUTING. -+ -+ Choosing this option will make IMQ hook like this: -+ -+ PREROUTING: After NAT -+ POSTROUTING: After NAT -+ -+ More information can be found at: https://github.com/imq/linuximq -+ -+ If not sure leave the default settings alone. -+ -+config IMQ_BEHAVIOR_AB -+ bool "IMQ AB" -+ help -+ This setting defines how IMQ behaves in respect to its -+ hooking in PREROUTING and POSTROUTING. -+ -+ Choosing this option will make IMQ hook like this: -+ -+ PREROUTING: After NAT -+ POSTROUTING: Before NAT -+ -+ More information can be found at: https://github.com/imq/linuximq -+ -+ If not sure leave the default settings alone. -+ -+config IMQ_BEHAVIOR_BA -+ bool "IMQ BA" -+ help -+ This setting defines how IMQ behaves in respect to its -+ hooking in PREROUTING and POSTROUTING. -+ -+ Choosing this option will make IMQ hook like this: -+ -+ PREROUTING: Before NAT -+ POSTROUTING: After NAT -+ -+ More information can be found at: https://github.com/imq/linuximq -+ -+ If not sure leave the default settings alone. -+ -+config IMQ_BEHAVIOR_BB -+ bool "IMQ BB" -+ help -+ This setting defines how IMQ behaves in respect to its -+ hooking in PREROUTING and POSTROUTING. -+ -+ Choosing this option will make IMQ hook like this: -+ -+ PREROUTING: Before NAT -+ POSTROUTING: Before NAT -+ -+ More information can be found at: https://github.com/imq/linuximq -+ -+ If not sure leave the default settings alone. -+ -+endchoice -+ -+config IMQ_NUM_DEVS -+ int "Number of IMQ devices" -+ range 2 16 -+ depends on IMQ -+ default "16" -+ help -+ This setting defines how many IMQ devices will be created. -+ -+ The default value is 16. -+ -+ More information can be found at: https://github.com/imq/linuximq -+ -+ If not sure leave the default settings alone. -+ - config TUN - tristate "Universal TUN/TAP device driver support" - depends on INET -diff --git a/drivers/net/Makefile b/drivers/net/Makefile -index 7336cbd..d6d7ad4 100644 ---- a/drivers/net/Makefile -+++ b/drivers/net/Makefile -@@ -11,6 +11,7 @@ obj-$(CONFIG_DUMMY) += dummy.o - obj-$(CONFIG_EQUALIZER) += eql.o - obj-$(CONFIG_IFB) += ifb.o - obj-$(CONFIG_MACSEC) += macsec.o -+obj-$(CONFIG_IMQ) += imq.o - obj-$(CONFIG_MACVLAN) += macvlan.o - obj-$(CONFIG_MACVTAP) += macvtap.o - obj-$(CONFIG_MII) += mii.o -diff --git a/drivers/net/imq.c b/drivers/net/imq.c -new file mode 100644 -index 0000000..bc3b997 ---- /dev/null -+++ b/drivers/net/imq.c -@@ -0,0 +1,907 @@ +diff -Naupr linux-4.10_orig/drivers/net/imq.c linux-4.10/drivers/net/imq.c +--- linux-4.10_orig/drivers/net/imq.c 1970-01-01 07:00:00.000000000 +0700 ++++ linux-4.10/drivers/net/imq.c 2017-02-28 19:03:58.883221583 +0700 +@@ -0,0 +1,945 @@ +/* + * Pseudo-driver for the intermediate queue device. + * @@ -158,7 +14,7 @@ index 0000000..bc3b997 + * + * The first version was written by Martin Devera, + * -+ * See Creditis.txt ++ * See Credits.txt + */ + +#include @@ -464,6 +320,8 @@ index 0000000..bc3b997 +{ + struct nf_queue_entry *entry = skb->nf_queue_entry; + ++ rcu_read_lock(); ++ + skb->nf_queue_entry = NULL; + netif_trans_update(dev); + @@ -491,6 +349,7 @@ index 0000000..bc3b997 + dev->stats.tx_dropped++; + dev_kfree_skb(skb); + ++ rcu_read_unlock(); + return NETDEV_TX_OK; + } + @@ -503,6 +362,7 @@ index 0000000..bc3b997 + + nf_reinject(entry, NF_ACCEPT); + ++ rcu_read_unlock(); + return NETDEV_TX_OK; +} + @@ -538,7 +398,7 @@ index 0000000..bc3b997 + struct nf_queue_entry *entry = kmemdup(e, e->size, GFP_ATOMIC); + if (entry) { + nf_queue_entry_get_refs(entry); -+ return entry; ++ return entry; + } + return NULL; +} @@ -857,6 +717,10 @@ index 0000000..bc3b997 + return 0; +} + ++static struct device_type imq_device_type = { ++ .name = "imq", ++}; ++ +static const struct net_device_ops imq_netdev_ops = { + .ndo_open = imq_open, + .ndo_stop = imq_close, @@ -922,6 +786,33 @@ index 0000000..bc3b997 + return ret; +} + ++#ifdef CONFIG_LOCKDEP ++ static struct lock_class_key imq_netdev_addr_lock_key; ++ ++ static void __init imq_dev_set_lockdep_one(struct net_device *dev, ++ struct netdev_queue *txq, void *arg) ++ { ++ /* ++ * the IMQ transmit locks can be taken recursively, ++ * for example with one IMQ rule for input- and one for ++ * output network devices in iptables! ++ * until we find a better solution ignore them. ++ */ ++ lockdep_set_novalidate_class(&txq->_xmit_lock); ++ } ++ ++ static void imq_dev_set_lockdep_class(struct net_device *dev) ++ { ++ lockdep_set_class_and_name(&dev->addr_list_lock, ++ &imq_netdev_addr_lock_key, "_xmit_addr_IMQ"); ++ netdev_for_each_tx_queue(dev, imq_dev_set_lockdep_one, NULL); ++} ++#else ++ static inline void imq_dev_set_lockdep_class(struct net_device *dev) ++ { ++ } ++#endif ++ +static int __init imq_init_one(int index) +{ + struct net_device *dev; @@ -936,10 +827,13 @@ index 0000000..bc3b997 + goto fail; + + dev->rtnl_link_ops = &imq_link_ops; ++ SET_NETDEV_DEVTYPE(dev, &imq_device_type); + ret = register_netdevice(dev); + if (ret < 0) + goto fail; + ++ imq_dev_set_lockdep_class(dev); ++ + return 0; +fail: + free_netdev(dev); @@ -1053,11 +947,149 @@ index 0000000..bc3b997 +MODULE_DESCRIPTION("Pseudo-driver for the intermediate queue device. See https://github.com/imq/linuximq/wiki for more information."); +MODULE_LICENSE("GPL"); +MODULE_ALIAS_RTNL_LINK("imq"); -diff --git a/include/linux/imq.h b/include/linux/imq.h -new file mode 100644 -index 0000000..1babb09 ---- /dev/null -+++ b/include/linux/imq.h +diff -Naupr linux-4.10_orig/drivers/net/Kconfig linux-4.10/drivers/net/Kconfig +--- linux-4.10_orig/drivers/net/Kconfig 2017-02-20 05:34:00.000000000 +0700 ++++ linux-4.10/drivers/net/Kconfig 2017-02-28 18:44:55.978280593 +0700 +@@ -260,6 +260,125 @@ config RIONET_RX_SIZE + depends on RIONET + default "128" + ++config IMQ ++ tristate "IMQ (intermediate queueing device) support" ++ depends on NETDEVICES && NETFILTER ++ ---help--- ++ The IMQ device(s) is used as placeholder for QoS queueing ++ disciplines. Every packet entering/leaving the IP stack can be ++ directed through the IMQ device where it's enqueued/dequeued to the ++ attached qdisc. This allows you to treat network devices as classes ++ and distribute bandwidth among them. Iptables is used to specify ++ through which IMQ device, if any, packets travel. ++ ++ More information at: https://github.com/imq/linuximq ++ ++ To compile this driver as a module, choose M here: the module ++ will be called imq. If unsure, say N. ++ ++choice ++ prompt "IMQ behavior (PRE/POSTROUTING)" ++ depends on IMQ ++ default IMQ_BEHAVIOR_AB ++ help ++ This setting defines how IMQ behaves in respect to its ++ hooking in PREROUTING and POSTROUTING. ++ ++ IMQ can work in any of the following ways: ++ ++ PREROUTING | POSTROUTING ++ -----------------|------------------- ++ #1 After NAT | After NAT ++ #2 After NAT | Before NAT ++ #3 Before NAT | After NAT ++ #4 Before NAT | Before NAT ++ ++ The default behavior is to hook before NAT on PREROUTING ++ and after NAT on POSTROUTING (#3). ++ ++ This settings are specially usefull when trying to use IMQ ++ to shape NATed clients. ++ ++ More information can be found at: https://github.com/imq/linuximq ++ ++ If not sure leave the default settings alone. ++ ++config IMQ_BEHAVIOR_AA ++ bool "IMQ AA" ++ help ++ This setting defines how IMQ behaves in respect to its ++ hooking in PREROUTING and POSTROUTING. ++ ++ Choosing this option will make IMQ hook like this: ++ ++ PREROUTING: After NAT ++ POSTROUTING: After NAT ++ ++ More information can be found at: https://github.com/imq/linuximq ++ ++ If not sure leave the default settings alone. ++ ++config IMQ_BEHAVIOR_AB ++ bool "IMQ AB" ++ help ++ This setting defines how IMQ behaves in respect to its ++ hooking in PREROUTING and POSTROUTING. ++ ++ Choosing this option will make IMQ hook like this: ++ ++ PREROUTING: After NAT ++ POSTROUTING: Before NAT ++ ++ More information can be found at: https://github.com/imq/linuximq ++ ++ If not sure leave the default settings alone. ++ ++config IMQ_BEHAVIOR_BA ++ bool "IMQ BA" ++ help ++ This setting defines how IMQ behaves in respect to its ++ hooking in PREROUTING and POSTROUTING. ++ ++ Choosing this option will make IMQ hook like this: ++ ++ PREROUTING: Before NAT ++ POSTROUTING: After NAT ++ ++ More information can be found at: https://github.com/imq/linuximq ++ ++ If not sure leave the default settings alone. ++ ++config IMQ_BEHAVIOR_BB ++ bool "IMQ BB" ++ help ++ This setting defines how IMQ behaves in respect to its ++ hooking in PREROUTING and POSTROUTING. ++ ++ Choosing this option will make IMQ hook like this: ++ ++ PREROUTING: Before NAT ++ POSTROUTING: Before NAT ++ ++ More information can be found at: https://github.com/imq/linuximq ++ ++ If not sure leave the default settings alone. ++ ++endchoice ++ ++config IMQ_NUM_DEVS ++ int "Number of IMQ devices" ++ range 2 16 ++ depends on IMQ ++ default "16" ++ help ++ This setting defines how many IMQ devices will be created. ++ ++ The default value is 16. ++ ++ More information can be found at: https://github.com/imq/linuximq ++ ++ If not sure leave the default settings alone. ++ + config TUN + tristate "Universal TUN/TAP device driver support" + depends on INET +diff -Naupr linux-4.10_orig/drivers/net/Makefile linux-4.10/drivers/net/Makefile +--- linux-4.10_orig/drivers/net/Makefile 2017-02-20 05:34:00.000000000 +0700 ++++ linux-4.10/drivers/net/Makefile 2017-02-28 18:44:55.978280593 +0700 +@@ -11,6 +11,7 @@ obj-$(CONFIG_DUMMY) += dummy.o + obj-$(CONFIG_EQUALIZER) += eql.o + obj-$(CONFIG_IFB) += ifb.o + obj-$(CONFIG_MACSEC) += macsec.o ++obj-$(CONFIG_IMQ) += imq.o + obj-$(CONFIG_MACVLAN) += macvlan.o + obj-$(CONFIG_MACVTAP) += macvtap.o + obj-$(CONFIG_MII) += mii.o +diff -Naupr linux-4.10_orig/include/linux/imq.h linux-4.10/include/linux/imq.h +--- linux-4.10_orig/include/linux/imq.h 1970-01-01 07:00:00.000000000 +0700 ++++ linux-4.10/include/linux/imq.h 2017-02-28 18:44:55.978280593 +0700 @@ -0,0 +1,13 @@ +#ifndef _IMQ_H +#define _IMQ_H @@ -1072,11 +1104,10 @@ index 0000000..1babb09 + +#endif /* _IMQ_H */ + -diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h -index e16a2a9..4a1090a 100644 ---- a/include/linux/netdevice.h -+++ b/include/linux/netdevice.h -@@ -3669,6 +3669,19 @@ static inline void netif_tx_unlock_bh(struct net_device *dev) +diff -Naupr linux-4.10_orig/include/linux/netdevice.h linux-4.10/include/linux/netdevice.h +--- linux-4.10_orig/include/linux/netdevice.h 2017-02-20 05:34:00.000000000 +0700 ++++ linux-4.10/include/linux/netdevice.h 2017-02-28 18:44:55.978280593 +0700 +@@ -3604,6 +3604,19 @@ static inline void netif_tx_unlock_bh(st } \ } @@ -1096,11 +1127,9 @@ index e16a2a9..4a1090a 100644 static inline void netif_tx_disable(struct net_device *dev) { unsigned int i; -diff --git a/include/linux/netfilter/xt_IMQ.h b/include/linux/netfilter/xt_IMQ.h -new file mode 100644 -index 0000000..9b07230 ---- /dev/null -+++ b/include/linux/netfilter/xt_IMQ.h +diff -Naupr linux-4.10_orig/include/linux/netfilter/xt_IMQ.h linux-4.10/include/linux/netfilter/xt_IMQ.h +--- linux-4.10_orig/include/linux/netfilter/xt_IMQ.h 1970-01-01 07:00:00.000000000 +0700 ++++ linux-4.10/include/linux/netfilter/xt_IMQ.h 2017-02-28 18:44:55.981613941 +0700 @@ -0,0 +1,9 @@ +#ifndef _XT_IMQ_H +#define _XT_IMQ_H @@ -1111,11 +1140,9 @@ index 0000000..9b07230 + +#endif /* _XT_IMQ_H */ + -diff --git a/include/linux/netfilter_ipv4/ipt_IMQ.h b/include/linux/netfilter_ipv4/ipt_IMQ.h -new file mode 100644 -index 0000000..7af320f ---- /dev/null -+++ b/include/linux/netfilter_ipv4/ipt_IMQ.h +diff -Naupr linux-4.10_orig/include/linux/netfilter_ipv4/ipt_IMQ.h linux-4.10/include/linux/netfilter_ipv4/ipt_IMQ.h +--- linux-4.10_orig/include/linux/netfilter_ipv4/ipt_IMQ.h 1970-01-01 07:00:00.000000000 +0700 ++++ linux-4.10/include/linux/netfilter_ipv4/ipt_IMQ.h 2017-02-28 18:44:55.981613941 +0700 @@ -0,0 +1,10 @@ +#ifndef _IPT_IMQ_H +#define _IPT_IMQ_H @@ -1127,11 +1154,9 @@ index 0000000..7af320f + +#endif /* _IPT_IMQ_H */ + -diff --git a/include/linux/netfilter_ipv6/ip6t_IMQ.h b/include/linux/netfilter_ipv6/ip6t_IMQ.h -new file mode 100644 -index 0000000..198ac01 ---- /dev/null -+++ b/include/linux/netfilter_ipv6/ip6t_IMQ.h +diff -Naupr linux-4.10_orig/include/linux/netfilter_ipv6/ip6t_IMQ.h linux-4.10/include/linux/netfilter_ipv6/ip6t_IMQ.h +--- linux-4.10_orig/include/linux/netfilter_ipv6/ip6t_IMQ.h 1970-01-01 07:00:00.000000000 +0700 ++++ linux-4.10/include/linux/netfilter_ipv6/ip6t_IMQ.h 2017-02-28 18:44:55.981613941 +0700 @@ -0,0 +1,10 @@ +#ifndef _IP6T_IMQ_H +#define _IP6T_IMQ_H @@ -1143,10 +1168,9 @@ index 0000000..198ac01 + +#endif /* _IP6T_IMQ_H */ + -diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h -index 32810f2..4ce1d0a 100644 ---- a/include/linux/skbuff.h -+++ b/include/linux/skbuff.h +diff -Naupr linux-4.10_orig/include/linux/skbuff.h linux-4.10/include/linux/skbuff.h +--- linux-4.10_orig/include/linux/skbuff.h 2017-02-20 05:34:00.000000000 +0700 ++++ linux-4.10/include/linux/skbuff.h 2017-02-28 18:44:55.981613941 +0700 @@ -39,6 +39,10 @@ #include #include @@ -1158,7 +1182,7 @@ index 32810f2..4ce1d0a 100644 /* The interface for checksum offload between the stack and networking drivers * is as follows... -@@ -654,6 +658,9 @@ struct sk_buff { +@@ -661,6 +665,9 @@ struct sk_buff { * first. This is owned by whoever has the skb queued ATM. */ char cb[48] __aligned(8); @@ -1168,7 +1192,7 @@ index 32810f2..4ce1d0a 100644 unsigned long _skb_refdst; void (*destructor)(struct sk_buff *skb); -@@ -663,6 +670,9 @@ struct sk_buff { +@@ -670,6 +677,9 @@ struct sk_buff { #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) struct nf_conntrack *nfct; #endif @@ -1178,7 +1202,7 @@ index 32810f2..4ce1d0a 100644 #if IS_ENABLED(CONFIG_BRIDGE_NETFILTER) struct nf_bridge_info *nf_bridge; #endif -@@ -743,6 +753,9 @@ struct sk_buff { +@@ -750,6 +760,9 @@ struct sk_buff { __u8 offload_fwd_mark:1; #endif /* 2, 4 or 5 bit hole */ @@ -1188,7 +1212,7 @@ index 32810f2..4ce1d0a 100644 #ifdef CONFIG_NET_SCHED __u16 tc_index; /* traffic control index */ -@@ -903,6 +916,12 @@ void kfree_skb_list(struct sk_buff *segs); +@@ -910,6 +923,12 @@ void kfree_skb_list(struct sk_buff *segs void skb_tx_error(struct sk_buff *skb); void consume_skb(struct sk_buff *skb); void __kfree_skb(struct sk_buff *skb); @@ -1201,7 +1225,7 @@ index 32810f2..4ce1d0a 100644 extern struct kmem_cache *skbuff_head_cache; void kfree_skb_partial(struct sk_buff *skb, bool head_stolen); -@@ -3594,6 +3613,10 @@ static inline void __nf_copy(struct sk_buff *dst, const struct sk_buff *src, +@@ -3607,6 +3626,10 @@ static inline void __nf_copy(struct sk_b if (copy) dst->nfctinfo = src->nfctinfo; #endif @@ -1212,11 +1236,10 @@ index 32810f2..4ce1d0a 100644 #if IS_ENABLED(CONFIG_BRIDGE_NETFILTER) dst->nf_bridge = src->nf_bridge; nf_bridge_get(src->nf_bridge); -diff --git a/include/net/netfilter/nf_queue.h b/include/net/netfilter/nf_queue.h -index 2280cfe..ec8fa51 100644 ---- a/include/net/netfilter/nf_queue.h -+++ b/include/net/netfilter/nf_queue.h -@@ -30,6 +30,12 @@ struct nf_queue_handler { +diff -Naupr linux-4.10_orig/include/net/netfilter/nf_queue.h linux-4.10/include/net/netfilter/nf_queue.h +--- linux-4.10_orig/include/net/netfilter/nf_queue.h 2017-02-20 05:34:00.000000000 +0700 ++++ linux-4.10/include/net/netfilter/nf_queue.h 2017-02-28 18:44:55.981613941 +0700 +@@ -31,6 +31,12 @@ struct nf_queue_handler { void nf_register_queue_handler(struct net *net, const struct nf_queue_handler *qh); void nf_unregister_queue_handler(struct net *net); void nf_reinject(struct nf_queue_entry *entry, unsigned int verdict); @@ -1229,11 +1252,10 @@ index 2280cfe..ec8fa51 100644 void nf_queue_entry_get_refs(struct nf_queue_entry *entry); void nf_queue_entry_release_refs(struct nf_queue_entry *entry); -diff --git a/include/net/pkt_sched.h b/include/net/pkt_sched.h -index cd334c9..6757228 100644 ---- a/include/net/pkt_sched.h -+++ b/include/net/pkt_sched.h -@@ -105,6 +105,8 @@ int sch_direct_xmit(struct sk_buff *skb, struct Qdisc *q, +diff -Naupr linux-4.10_orig/include/net/pkt_sched.h linux-4.10/include/net/pkt_sched.h +--- linux-4.10_orig/include/net/pkt_sched.h 2017-02-20 05:34:00.000000000 +0700 ++++ linux-4.10/include/net/pkt_sched.h 2017-02-28 18:44:55.981613941 +0700 +@@ -107,6 +107,8 @@ int sch_direct_xmit(struct sk_buff *skb, void __qdisc_run(struct Qdisc *q); @@ -1242,11 +1264,10 @@ index cd334c9..6757228 100644 static inline void qdisc_run(struct Qdisc *q) { if (qdisc_run_begin(q)) -diff --git a/include/net/sch_generic.h b/include/net/sch_generic.h -index e6aa0a2..08b37dc 100644 ---- a/include/net/sch_generic.h -+++ b/include/net/sch_generic.h -@@ -518,6 +518,13 @@ static inline int qdisc_enqueue(struct sk_buff *skb, struct Qdisc *sch, +diff -Naupr linux-4.10_orig/include/net/sch_generic.h linux-4.10/include/net/sch_generic.h +--- linux-4.10_orig/include/net/sch_generic.h 2017-02-20 05:34:00.000000000 +0700 ++++ linux-4.10/include/net/sch_generic.h 2017-02-28 18:44:55.981613941 +0700 +@@ -518,6 +518,13 @@ static inline int qdisc_enqueue(struct s return sch->enqueue(skb, sch, to_free); } @@ -1260,27 +1281,25 @@ index e6aa0a2..08b37dc 100644 static inline bool qdisc_is_percpu_stats(const struct Qdisc *q) { return q->flags & TCQ_F_CPUSTATS; -diff --git a/include/uapi/linux/netfilter.h b/include/uapi/linux/netfilter.h -index d93f949..23fb6d1 100644 ---- a/include/uapi/linux/netfilter.h -+++ b/include/uapi/linux/netfilter.h +diff -Naupr linux-4.10_orig/include/uapi/linux/netfilter.h linux-4.10/include/uapi/linux/netfilter.h +--- linux-4.10_orig/include/uapi/linux/netfilter.h 2017-02-20 05:34:00.000000000 +0700 ++++ linux-4.10/include/uapi/linux/netfilter.h 2017-02-28 18:44:55.981613941 +0700 @@ -14,7 +14,8 @@ #define NF_QUEUE 3 #define NF_REPEAT 4 - #define NF_STOP 5 + #define NF_STOP 5 /* Deprecated, for userspace nf_queue compatibility. */ -#define NF_MAX_VERDICT NF_STOP +#define NF_IMQ_QUEUE 6 +#define NF_MAX_VERDICT NF_IMQ_QUEUE /* we overload the higher bits for encoding auxiliary data such as the queue * number or errno values. Not nice, but better than additional function -diff --git a/net/core/dev.c b/net/core/dev.c -index 6666b28..3e12add 100644 ---- a/net/core/dev.c -+++ b/net/core/dev.c -@@ -141,6 +141,9 @@ +diff -Naupr linux-4.10_orig/net/core/dev.c linux-4.10/net/core/dev.c +--- linux-4.10_orig/net/core/dev.c 2017-02-20 05:34:00.000000000 +0700 ++++ linux-4.10/net/core/dev.c 2017-02-28 18:44:55.984947288 +0700 +@@ -140,6 +140,9 @@ + #include #include - #include #include +#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) +#include @@ -1288,7 +1307,7 @@ index 6666b28..3e12add 100644 #include "net-sysfs.h" -@@ -2906,7 +2909,12 @@ static int xmit_one(struct sk_buff *skb, struct net_device *dev, +@@ -2881,7 +2884,12 @@ static int xmit_one(struct sk_buff *skb, unsigned int len; int rc; @@ -1301,7 +1320,7 @@ index 6666b28..3e12add 100644 dev_queue_xmit_nit(skb, dev); len = skb->len; -@@ -2945,6 +2953,8 @@ struct sk_buff *dev_hard_start_xmit(struct sk_buff *first, struct net_device *de +@@ -2920,6 +2928,8 @@ out: return skb; } @@ -1310,11 +1329,10 @@ index 6666b28..3e12add 100644 static struct sk_buff *validate_xmit_vlan(struct sk_buff *skb, netdev_features_t features) { -diff --git a/net/core/skbuff.c b/net/core/skbuff.c -index 1e3e008..379236e 100644 ---- a/net/core/skbuff.c -+++ b/net/core/skbuff.c -@@ -82,6 +82,87 @@ struct kmem_cache *skbuff_head_cache __read_mostly; +diff -Naupr linux-4.10_orig/net/core/skbuff.c linux-4.10/net/core/skbuff.c +--- linux-4.10_orig/net/core/skbuff.c 2017-02-20 05:34:00.000000000 +0700 ++++ linux-4.10/net/core/skbuff.c 2017-02-28 18:44:55.984947288 +0700 +@@ -82,6 +82,87 @@ struct kmem_cache *skbuff_head_cache __r static struct kmem_cache *skbuff_fclone_cache __read_mostly; int sysctl_max_skb_frags __read_mostly = MAX_SKB_FRAGS; EXPORT_SYMBOL(sysctl_max_skb_frags); @@ -1402,7 +1420,7 @@ index 1e3e008..379236e 100644 /** * skb_panic - private function for out-of-line support -@@ -654,6 +735,28 @@ static void skb_release_head_state(struct sk_buff *skb) +@@ -654,6 +735,28 @@ static void skb_release_head_state(struc WARN_ON(in_irq()); skb->destructor(skb); } @@ -1431,7 +1449,7 @@ index 1e3e008..379236e 100644 #if IS_ENABLED(CONFIG_NF_CONNTRACK) nf_conntrack_put(skb->nfct); #endif -@@ -843,6 +946,10 @@ static void __copy_skb_header(struct sk_buff *new, const struct sk_buff *old) +@@ -843,6 +946,10 @@ static void __copy_skb_header(struct sk_ new->sp = secpath_get(old->sp); #endif __nf_copy(new, old, false); @@ -1442,7 +1460,7 @@ index 1e3e008..379236e 100644 /* Note : this field could be in headers_start/headers_end section * It is not yet because we do not want to have a 16 bit hole -@@ -3463,6 +3570,13 @@ void __init skb_init(void) +@@ -3465,6 +3572,13 @@ void __init skb_init(void) 0, SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL); @@ -1456,11 +1474,10 @@ index 1e3e008..379236e 100644 } /** -diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c -index 59eb4ed..8020b07 100644 ---- a/net/ipv6/ip6_output.c -+++ b/net/ipv6/ip6_output.c -@@ -66,9 +66,6 @@ static int ip6_finish_output2(struct net *net, struct sock *sk, struct sk_buff * +diff -Naupr linux-4.10_orig/net/ipv6/ip6_output.c linux-4.10/net/ipv6/ip6_output.c +--- linux-4.10_orig/net/ipv6/ip6_output.c 2017-02-20 05:34:00.000000000 +0700 ++++ linux-4.10/net/ipv6/ip6_output.c 2017-02-28 18:44:55.988280636 +0700 +@@ -67,9 +67,6 @@ static int ip6_finish_output2(struct net struct in6_addr *nexthop; int ret; @@ -1470,7 +1487,7 @@ index 59eb4ed..8020b07 100644 if (ipv6_addr_is_multicast(&ipv6_hdr(skb)->daddr)) { struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb)); -@@ -150,6 +147,13 @@ int ip6_output(struct net *net, struct sock *sk, struct sk_buff *skb) +@@ -159,6 +156,13 @@ int ip6_output(struct net *net, struct s return 0; } @@ -1484,11 +1501,25 @@ index 59eb4ed..8020b07 100644 return NF_HOOK_COND(NFPROTO_IPV6, NF_INET_POST_ROUTING, net, sk, skb, NULL, dev, ip6_finish_output, -diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig -index e8d56d9..1ed3468 100644 ---- a/net/netfilter/Kconfig -+++ b/net/netfilter/Kconfig -@@ -823,6 +823,18 @@ config NETFILTER_XT_TARGET_LOG +diff -Naupr linux-4.10_orig/net/netfilter/core.c linux-4.10/net/netfilter/core.c +--- linux-4.10_orig/net/netfilter/core.c 2017-02-20 05:34:00.000000000 +0700 ++++ linux-4.10/net/netfilter/core.c 2017-02-28 18:44:55.988280636 +0700 +@@ -318,6 +318,11 @@ int nf_hook_slow(struct sk_buff *skb, st + if (ret == 0) + ret = -EPERM; + return ret; ++ case NF_IMQ_QUEUE: ++ ret = nf_queue(skb, state, &entry, verdict); ++ if (ret == -ECANCELED) ++ continue; ++ return ret; + case NF_QUEUE: + ret = nf_queue(skb, state, &entry, verdict); + if (ret == 1 && entry) +diff -Naupr linux-4.10_orig/net/netfilter/Kconfig linux-4.10/net/netfilter/Kconfig +--- linux-4.10_orig/net/netfilter/Kconfig 2017-02-20 05:34:00.000000000 +0700 ++++ linux-4.10/net/netfilter/Kconfig 2017-02-28 18:44:55.988280636 +0700 +@@ -852,6 +852,18 @@ config NETFILTER_XT_TARGET_LOG To compile it as a module, choose M here. If unsure, say N. @@ -1507,11 +1538,10 @@ index e8d56d9..1ed3468 100644 config NETFILTER_XT_TARGET_MARK tristate '"MARK" target support' depends on NETFILTER_ADVANCED -diff --git a/net/netfilter/Makefile b/net/netfilter/Makefile -index c23c3c8..99911ef 100644 ---- a/net/netfilter/Makefile -+++ b/net/netfilter/Makefile -@@ -119,6 +119,7 @@ obj-$(CONFIG_NETFILTER_XT_TARGET_CT) += xt_CT.o +diff -Naupr linux-4.10_orig/net/netfilter/Makefile linux-4.10/net/netfilter/Makefile +--- linux-4.10_orig/net/netfilter/Makefile 2017-02-20 05:34:00.000000000 +0700 ++++ linux-4.10/net/netfilter/Makefile 2017-02-28 18:44:55.988280636 +0700 +@@ -125,6 +125,7 @@ obj-$(CONFIG_NETFILTER_XT_TARGET_CT) += obj-$(CONFIG_NETFILTER_XT_TARGET_DSCP) += xt_DSCP.o obj-$(CONFIG_NETFILTER_XT_TARGET_HL) += xt_HL.o obj-$(CONFIG_NETFILTER_XT_TARGET_HMARK) += xt_HMARK.o @@ -1519,27 +1549,9 @@ index c23c3c8..99911ef 100644 obj-$(CONFIG_NETFILTER_XT_TARGET_LED) += xt_LED.o obj-$(CONFIG_NETFILTER_XT_TARGET_LOG) += xt_LOG.o obj-$(CONFIG_NETFILTER_XT_TARGET_NETMAP) += xt_NETMAP.o -diff --git a/net/netfilter/core.c b/net/netfilter/core.c -index 004af03..768a08b 100644 ---- a/net/netfilter/core.c -+++ b/net/netfilter/core.c -@@ -360,8 +360,11 @@ int nf_hook_slow(struct sk_buff *skb, struct nf_hook_state *state) - ret = NF_DROP_GETERR(verdict); - if (ret == 0) - ret = -EPERM; -- } else if ((verdict & NF_VERDICT_MASK) == NF_QUEUE) { -+ } else if ((verdict & NF_VERDICT_MASK) == NF_QUEUE || -+ (verdict & NF_VERDICT_MASK) == NF_IMQ_QUEUE) { - ret = nf_queue(skb, state, &entry, verdict); -+ if (ret == -ECANCELED) -+ goto next_hook; - if (ret == 1 && entry) - goto next_hook; - } -diff --git a/net/netfilter/nf_queue.c b/net/netfilter/nf_queue.c -index 8f08d75..8d362c0 100644 ---- a/net/netfilter/nf_queue.c -+++ b/net/netfilter/nf_queue.c +diff -Naupr linux-4.10_orig/net/netfilter/nf_queue.c linux-4.10/net/netfilter/nf_queue.c +--- linux-4.10_orig/net/netfilter/nf_queue.c 2017-02-20 05:34:00.000000000 +0700 ++++ linux-4.10/net/netfilter/nf_queue.c 2017-02-28 18:44:55.988280636 +0700 @@ -27,6 +27,23 @@ * receives, no matter what. */ @@ -1564,12 +1576,12 @@ index 8f08d75..8d362c0 100644 /* return EBUSY when somebody else is registered, return EEXIST if the * same handler is registered, return 0 in case of success. */ void nf_register_queue_handler(struct net *net, const struct nf_queue_handler *qh) -@@ -108,16 +125,28 @@ void nf_queue_nf_hook_drop(struct net *net, const struct nf_hook_entry *entry) +@@ -108,16 +125,28 @@ void nf_queue_nf_hook_drop(struct net *n } static int __nf_queue(struct sk_buff *skb, const struct nf_hook_state *state, -- unsigned int queuenum) -+ unsigned int verdict) +- struct nf_hook_entry *hook_entry, unsigned int queuenum) ++ struct nf_hook_entry *hook_entry, unsigned int verdict) { int status = -ENOENT; struct nf_queue_entry *entry = NULL; @@ -1583,10 +1595,10 @@ index 8f08d75..8d362c0 100644 - qh = rcu_dereference(net->nf.queue_handler); + if (queuetype == NF_IMQ_QUEUE) { +#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ qh = rcu_dereference(queue_imq_handler); ++ qh = rcu_dereference(queue_imq_handler); +#else -+ BUG(); -+ goto err_unlock; ++ BUG(); ++ goto err_unlock; +#endif + } else { + qh = rcu_dereference(net->nf.queue_handler); @@ -1595,7 +1607,26 @@ index 8f08d75..8d362c0 100644 if (!qh) { status = -ESRCH; goto err; -@@ -218,6 +247,7 @@ void nf_reinject(struct nf_queue_entry *entry, unsigned int verdict) +@@ -164,8 +193,17 @@ int nf_queue(struct sk_buff *skb, struct + struct nf_hook_entry *entry = *entryp; + int ret; + +- ret = __nf_queue(skb, state, entry, verdict >> NF_VERDICT_QBITS); ++ ret = __nf_queue(skb, state, entry, verdict); + if (ret < 0) { ++ ++#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) ++ /* IMQ Bypass */ ++ if (ret == -ECANCELED && skb->imq_flags == 0) { ++ *entryp = rcu_dereference(entry->next); ++ return 1; ++ } ++#endif ++ + if (ret == -ESRCH && + (verdict & NF_VERDICT_FLAG_QUEUE_BYPASS)) { + *entryp = rcu_dereference(entry->next); +@@ -232,6 +270,7 @@ okfn: local_bh_enable(); break; case NF_QUEUE: @@ -1603,11 +1634,9 @@ index 8f08d75..8d362c0 100644 err = nf_queue(skb, &entry->state, &hook_entry, verdict); if (err == 1) { if (hook_entry) -diff --git a/net/netfilter/xt_IMQ.c b/net/netfilter/xt_IMQ.c -new file mode 100644 -index 0000000..f9c5817 ---- /dev/null -+++ b/net/netfilter/xt_IMQ.c +diff -Naupr linux-4.10_orig/net/netfilter/xt_IMQ.c linux-4.10/net/netfilter/xt_IMQ.c +--- linux-4.10_orig/net/netfilter/xt_IMQ.c 1970-01-01 07:00:00.000000000 +0700 ++++ linux-4.10/net/netfilter/xt_IMQ.c 2017-02-28 18:44:55.988280636 +0700 @@ -0,0 +1,72 @@ +/* + * This target marks packets to be enqueued to an imq device @@ -1681,11 +1710,10 @@ index 0000000..f9c5817 +MODULE_ALIAS("ipt_IMQ"); +MODULE_ALIAS("ip6t_IMQ"); + -diff --git a/net/sched/sch_generic.c b/net/sched/sch_generic.c -index 6cfb6e9..4c675e9 100644 ---- a/net/sched/sch_generic.c -+++ b/net/sched/sch_generic.c -@@ -154,6 +154,14 @@ static struct sk_buff *dequeue_skb(struct Qdisc *q, bool *validate, +diff -Naupr linux-4.10_orig/net/sched/sch_generic.c linux-4.10/net/sched/sch_generic.c +--- linux-4.10_orig/net/sched/sch_generic.c 2017-02-20 05:34:00.000000000 +0700 ++++ linux-4.10/net/sched/sch_generic.c 2017-02-28 18:44:55.988280636 +0700 +@@ -154,6 +154,14 @@ bulk: return skb; }