X-Git-Url: http://git.pld-linux.org/?a=blobdiff_plain;f=kernel-imq.patch;h=baf5f028586f3bacd16e855b1cc0fb0d7c53cc4c;hb=4844c71c2bbb18a1e9a310fb10fde33068bf5d09;hp=247a57a60056076d1fd00de2285737f574ed9f98;hpb=0394ef040b8128538189451f039f485bf6e078c1;p=packages%2Fkernel.git

diff --git a/kernel-imq.patch b/kernel-imq.patch
index 247a57a6..baf5f028 100644
--- a/kernel-imq.patch
+++ b/kernel-imq.patch
@@ -1,7 +1,147 @@
-diff -Naupr linux-4.8_orig/drivers/net/imq.c linux-4.8/drivers/net/imq.c
---- linux-4.8_orig/drivers/net/imq.c	1970-01-01 07:00:00.000000000 +0700
-+++ linux-4.8/drivers/net/imq.c	2016-10-03 07:59:56.140345020 +0700
-@@ -0,0 +1,904 @@
+diff -urNp -x '*.orig' linux-4.9/drivers/net/Kconfig linux-4.9/drivers/net/Kconfig
+--- linux-4.9/drivers/net/Kconfig	2021-02-24 15:35:10.207508334 +0100
++++ linux-4.9/drivers/net/Kconfig	2021-02-24 15:35:24.097940603 +0100
+@@ -260,6 +260,125 @@ config RIONET_RX_SIZE
+ 	depends on RIONET
+ 	default "128"
+ 
++config IMQ
++	tristate "IMQ (intermediate queueing device) support"
++	depends on NETDEVICES && NETFILTER
++	---help---
++	  The IMQ device(s) is used as placeholder for QoS queueing
++	  disciplines. Every packet entering/leaving the IP stack can be
++	  directed through the IMQ device where it's enqueued/dequeued to the
++	  attached qdisc. This allows you to treat network devices as classes
++	  and distribute bandwidth among them. Iptables is used to specify
++	  through which IMQ device, if any, packets travel.
++
++	  More information at: https://github.com/imq/linuximq
++
++	  To compile this driver as a module, choose M here: the module
++	  will be called imq.  If unsure, say N.
++
++choice
++	prompt "IMQ behavior (PRE/POSTROUTING)"
++	depends on IMQ
++	default IMQ_BEHAVIOR_AB
++	help
++	  This setting defines how IMQ behaves in respect to its
++	  hooking in PREROUTING and POSTROUTING.
++
++	  IMQ can work in any of the following ways:
++
++	      PREROUTING   |      POSTROUTING
++	  -----------------|-------------------
++	  #1  After NAT    |      After NAT
++	  #2  After NAT    |      Before NAT
++	  #3  Before NAT   |      After NAT
++	  #4  Before NAT   |      Before NAT
++
++	  The default behavior is to hook before NAT on PREROUTING
++	  and after NAT on POSTROUTING (#3).
++
++	  This settings are specially usefull when trying to use IMQ
++	  to shape NATed clients.
++
++	  More information can be found at: https://github.com/imq/linuximq
++
++	  If not sure leave the default settings alone.
++
++config IMQ_BEHAVIOR_AA
++	bool "IMQ AA"
++	help
++	  This setting defines how IMQ behaves in respect to its
++	  hooking in PREROUTING and POSTROUTING.
++
++	  Choosing this option will make IMQ hook like this:
++
++	  PREROUTING:   After NAT
++	  POSTROUTING:  After NAT
++
++	  More information can be found at: https://github.com/imq/linuximq
++
++	  If not sure leave the default settings alone.
++
++config IMQ_BEHAVIOR_AB
++	bool "IMQ AB"
++	help
++	  This setting defines how IMQ behaves in respect to its
++	  hooking in PREROUTING and POSTROUTING.
++
++	  Choosing this option will make IMQ hook like this:
++
++	  PREROUTING:   After NAT
++	  POSTROUTING:  Before NAT
++
++	  More information can be found at: https://github.com/imq/linuximq
++
++	  If not sure leave the default settings alone.
++
++config IMQ_BEHAVIOR_BA
++	bool "IMQ BA"
++	help
++	  This setting defines how IMQ behaves in respect to its
++	  hooking in PREROUTING and POSTROUTING.
++
++	  Choosing this option will make IMQ hook like this:
++
++	  PREROUTING:   Before NAT
++	  POSTROUTING:  After NAT
++
++	  More information can be found at: https://github.com/imq/linuximq
++
++	  If not sure leave the default settings alone.
++
++config IMQ_BEHAVIOR_BB
++	bool "IMQ BB"
++	help
++	  This setting defines how IMQ behaves in respect to its
++	  hooking in PREROUTING and POSTROUTING.
++
++	  Choosing this option will make IMQ hook like this:
++
++	  PREROUTING:   Before NAT
++	  POSTROUTING:  Before NAT
++
++	  More information can be found at: https://github.com/imq/linuximq
++
++	  If not sure leave the default settings alone.
++
++endchoice
++
++config IMQ_NUM_DEVS
++	int "Number of IMQ devices"
++	range 2 16
++	depends on IMQ
++	default "16"
++	help
++	  This setting defines how many IMQ devices will be created.
++
++	  The default value is 16.
++
++	  More information can be found at: https://github.com/imq/linuximq
++
++	  If not sure leave the default settings alone.
++
+ config TUN
+ 	tristate "Universal TUN/TAP device driver support"
+ 	depends on INET
+diff -urNp -x '*.orig' linux-4.9/drivers/net/Makefile linux-4.9/drivers/net/Makefile
+--- linux-4.9/drivers/net/Makefile	2016-12-11 20:17:54.000000000 +0100
++++ linux-4.9/drivers/net/Makefile	2021-02-24 15:35:24.097940603 +0100
+@@ -11,6 +11,7 @@ obj-$(CONFIG_DUMMY) += dummy.o
+ obj-$(CONFIG_EQUALIZER) += eql.o
+ obj-$(CONFIG_IFB) += ifb.o
+ obj-$(CONFIG_MACSEC) += macsec.o
++obj-$(CONFIG_IMQ) += imq.o
+ obj-$(CONFIG_MACVLAN) += macvlan.o
+ obj-$(CONFIG_MACVTAP) += macvtap.o
+ obj-$(CONFIG_MII) += mii.o
+diff -urNp -x '*.orig' linux-4.9/drivers/net/imq.c linux-4.9/drivers/net/imq.c
+--- linux-4.9/drivers/net/imq.c	1970-01-01 01:00:00.000000000 +0100
++++ linux-4.9/drivers/net/imq.c	2021-02-24 15:35:24.097940603 +0100
+@@ -0,0 +1,907 @@
 +/*
 + *             Pseudo-driver for the intermediate queue device.
 + *
@@ -553,7 +693,7 @@ diff -Naupr linux-4.8_orig/drivers/net/imq.c linux-4.8/drivers/net/imq.c
 +{
 +	struct sk_buff *skb_orig, *skb, *skb_shared, *skb_popd;
 +	struct Qdisc *q;
-+	struct sk_buff **to_free;
++	struct sk_buff *to_free = NULL;
 +	struct netdev_queue *txq;
 +	spinlock_t *root_lock;
 +	int users;
@@ -612,7 +752,7 @@ diff -Naupr linux-4.8_orig/drivers/net/imq.c linux-4.8/drivers/net/imq.c
 +
 +	/* backup skb->cb, as qdisc layer will overwrite it */
 +	skb_save_cb(skb_shared);
-+	qdisc_enqueue_root(skb_shared, q, to_free); /* might kfree_skb */
++	qdisc_enqueue_root(skb_shared, q, &to_free); /* might kfree_skb */
 +	if (likely(atomic_read(&skb_shared->users) == users + 1)) {
 +		bool validate;
 +
@@ -636,13 +776,13 @@ diff -Naupr linux-4.8_orig/drivers/net/imq.c linux-4.8/drivers/net/imq.c
 +			/* Note that we validate skb (GSO, checksum, ...) outside of locks */
 +			if (validate)
 +        		skb_popd = validate_xmit_skb_list(skb_popd, dev);
-+			
++
 +			if (skb_popd) {
 +				int dummy_ret;
 +				int cpu = smp_processor_id(); /* ok because BHs are off */
 +
 +				txq = skb_get_tx_queue(dev, skb_popd);
-+				/* 
++				/*
 +				IMQ device will not be frozen or stoped, and it always be successful.
 +				So we need not check its status and return value to accelerate.
 +				*/
@@ -689,6 +829,9 @@ diff -Naupr linux-4.8_orig/drivers/net/imq.c linux-4.8/drivers/net/imq.c
 +	}
 +	retval = -1;
 +out:
++	if (unlikely(to_free)) {
++		kfree_skb_list(to_free);
++	}
 +	return retval;
 +}
 +static unsigned int imq_nf_hook(void *priv,
@@ -906,149 +1049,9 @@ diff -Naupr linux-4.8_orig/drivers/net/imq.c linux-4.8/drivers/net/imq.c
 +MODULE_DESCRIPTION("Pseudo-driver for the intermediate queue device. See https://github.com/imq/linuximq/wiki for more information.");
 +MODULE_LICENSE("GPL");
 +MODULE_ALIAS_RTNL_LINK("imq");
-diff -Naupr linux-4.8_orig/drivers/net/Kconfig linux-4.8/drivers/net/Kconfig
---- linux-4.8_orig/drivers/net/Kconfig	2016-10-03 06:24:33.000000000 +0700
-+++ linux-4.8/drivers/net/Kconfig	2016-10-03 07:59:56.140345020 +0700
-@@ -258,6 +258,125 @@ config RIONET_RX_SIZE
- 	depends on RIONET
- 	default "128"
- 
-+config IMQ
-+	tristate "IMQ (intermediate queueing device) support"
-+	depends on NETDEVICES && NETFILTER
-+	---help---
-+	  The IMQ device(s) is used as placeholder for QoS queueing
-+	  disciplines. Every packet entering/leaving the IP stack can be
-+	  directed through the IMQ device where it's enqueued/dequeued to the
-+	  attached qdisc. This allows you to treat network devices as classes
-+	  and distribute bandwidth among them. Iptables is used to specify
-+	  through which IMQ device, if any, packets travel.
-+
-+	  More information at: https://github.com/imq/linuximq
-+
-+	  To compile this driver as a module, choose M here: the module
-+	  will be called imq.  If unsure, say N.
-+
-+choice
-+	prompt "IMQ behavior (PRE/POSTROUTING)"
-+	depends on IMQ
-+	default IMQ_BEHAVIOR_AB
-+	help
-+	  This setting defines how IMQ behaves in respect to its
-+	  hooking in PREROUTING and POSTROUTING.
-+
-+	  IMQ can work in any of the following ways:
-+
-+	      PREROUTING   |      POSTROUTING
-+	  -----------------|-------------------
-+	  #1  After NAT    |      After NAT
-+	  #2  After NAT    |      Before NAT
-+	  #3  Before NAT   |      After NAT
-+	  #4  Before NAT   |      Before NAT
-+
-+	  The default behavior is to hook before NAT on PREROUTING
-+	  and after NAT on POSTROUTING (#3).
-+
-+	  This settings are specially usefull when trying to use IMQ
-+	  to shape NATed clients.
-+
-+	  More information can be found at: https://github.com/imq/linuximq
-+
-+	  If not sure leave the default settings alone.
-+
-+config IMQ_BEHAVIOR_AA
-+	bool "IMQ AA"
-+	help
-+	  This setting defines how IMQ behaves in respect to its
-+	  hooking in PREROUTING and POSTROUTING.
-+
-+	  Choosing this option will make IMQ hook like this:
-+
-+	  PREROUTING:   After NAT
-+	  POSTROUTING:  After NAT
-+
-+	  More information can be found at: https://github.com/imq/linuximq
-+
-+	  If not sure leave the default settings alone.
-+
-+config IMQ_BEHAVIOR_AB
-+	bool "IMQ AB"
-+	help
-+	  This setting defines how IMQ behaves in respect to its
-+	  hooking in PREROUTING and POSTROUTING.
-+
-+	  Choosing this option will make IMQ hook like this:
-+
-+	  PREROUTING:   After NAT
-+	  POSTROUTING:  Before NAT
-+
-+	  More information can be found at: https://github.com/imq/linuximq
-+
-+	  If not sure leave the default settings alone.
-+
-+config IMQ_BEHAVIOR_BA
-+	bool "IMQ BA"
-+	help
-+	  This setting defines how IMQ behaves in respect to its
-+	  hooking in PREROUTING and POSTROUTING.
-+
-+	  Choosing this option will make IMQ hook like this:
-+
-+	  PREROUTING:   Before NAT
-+	  POSTROUTING:  After NAT
-+
-+	  More information can be found at: https://github.com/imq/linuximq
-+
-+	  If not sure leave the default settings alone.
-+
-+config IMQ_BEHAVIOR_BB
-+	bool "IMQ BB"
-+	help
-+	  This setting defines how IMQ behaves in respect to its
-+	  hooking in PREROUTING and POSTROUTING.
-+
-+	  Choosing this option will make IMQ hook like this:
-+
-+	  PREROUTING:   Before NAT
-+	  POSTROUTING:  Before NAT
-+
-+	  More information can be found at: https://github.com/imq/linuximq
-+
-+	  If not sure leave the default settings alone.
-+
-+endchoice
-+
-+config IMQ_NUM_DEVS
-+	int "Number of IMQ devices"
-+	range 2 16
-+	depends on IMQ
-+	default "16"
-+	help
-+	  This setting defines how many IMQ devices will be created.
-+
-+	  The default value is 16.
-+
-+	  More information can be found at: https://github.com/imq/linuximq
-+
-+	  If not sure leave the default settings alone.
-+
- config TUN
- 	tristate "Universal TUN/TAP device driver support"
- 	depends on INET
-diff -Naupr linux-4.8_orig/drivers/net/Makefile linux-4.8/drivers/net/Makefile
---- linux-4.8_orig/drivers/net/Makefile	2016-10-03 06:24:33.000000000 +0700
-+++ linux-4.8/drivers/net/Makefile	2016-10-03 07:59:56.200344939 +0700
-@@ -11,6 +11,7 @@ obj-$(CONFIG_DUMMY) += dummy.o
- obj-$(CONFIG_EQUALIZER) += eql.o
- obj-$(CONFIG_IFB) += ifb.o
- obj-$(CONFIG_MACSEC) += macsec.o
-+obj-$(CONFIG_IMQ) += imq.o
- obj-$(CONFIG_MACVLAN) += macvlan.o
- obj-$(CONFIG_MACVTAP) += macvtap.o
- obj-$(CONFIG_MII) += mii.o
-diff -Naupr linux-4.8_orig/include/linux/imq.h linux-4.8/include/linux/imq.h
---- linux-4.8_orig/include/linux/imq.h	1970-01-01 07:00:00.000000000 +0700
-+++ linux-4.8/include/linux/imq.h	2016-10-03 07:59:56.200344939 +0700
+diff -urNp -x '*.orig' linux-4.9/include/linux/imq.h linux-4.9/include/linux/imq.h
+--- linux-4.9/include/linux/imq.h	1970-01-01 01:00:00.000000000 +0100
++++ linux-4.9/include/linux/imq.h	2021-02-24 15:35:24.097940603 +0100
 @@ -0,0 +1,13 @@
 +#ifndef _IMQ_H
 +#define _IMQ_H
@@ -1063,10 +1066,10 @@ diff -Naupr linux-4.8_orig/include/linux/imq.h linux-4.8/include/linux/imq.h
 +
 +#endif /* _IMQ_H */
 +
-diff -Naupr linux-4.8_orig/include/linux/netdevice.h linux-4.8/include/linux/netdevice.h
---- linux-4.8_orig/include/linux/netdevice.h	2016-10-03 06:24:33.000000000 +0700
-+++ linux-4.8/include/linux/netdevice.h	2016-10-03 07:59:56.200344939 +0700
-@@ -3602,6 +3602,19 @@ static inline void netif_tx_unlock_bh(st
+diff -urNp -x '*.orig' linux-4.9/include/linux/netdevice.h linux-4.9/include/linux/netdevice.h
+--- linux-4.9/include/linux/netdevice.h	2021-02-24 15:35:11.047534473 +0100
++++ linux-4.9/include/linux/netdevice.h	2021-02-24 15:35:24.101274040 +0100
+@@ -3694,6 +3694,19 @@ static inline void netif_tx_unlock_bh(st
  	}						\
  }
  
@@ -1086,9 +1089,9 @@ diff -Naupr linux-4.8_orig/include/linux/netdevice.h linux-4.8/include/linux/net
  static inline void netif_tx_disable(struct net_device *dev)
  {
  	unsigned int i;
-diff -Naupr linux-4.8_orig/include/linux/netfilter/xt_IMQ.h linux-4.8/include/linux/netfilter/xt_IMQ.h
---- linux-4.8_orig/include/linux/netfilter/xt_IMQ.h	1970-01-01 07:00:00.000000000 +0700
-+++ linux-4.8/include/linux/netfilter/xt_IMQ.h	2016-10-03 07:59:56.200344939 +0700
+diff -urNp -x '*.orig' linux-4.9/include/linux/netfilter/xt_IMQ.h linux-4.9/include/linux/netfilter/xt_IMQ.h
+--- linux-4.9/include/linux/netfilter/xt_IMQ.h	1970-01-01 01:00:00.000000000 +0100
++++ linux-4.9/include/linux/netfilter/xt_IMQ.h	2021-02-24 15:35:24.101274040 +0100
 @@ -0,0 +1,9 @@
 +#ifndef _XT_IMQ_H
 +#define _XT_IMQ_H
@@ -1099,9 +1102,9 @@ diff -Naupr linux-4.8_orig/include/linux/netfilter/xt_IMQ.h linux-4.8/include/li
 +
 +#endif /* _XT_IMQ_H */
 +
-diff -Naupr linux-4.8_orig/include/linux/netfilter_ipv4/ipt_IMQ.h linux-4.8/include/linux/netfilter_ipv4/ipt_IMQ.h
---- linux-4.8_orig/include/linux/netfilter_ipv4/ipt_IMQ.h	1970-01-01 07:00:00.000000000 +0700
-+++ linux-4.8/include/linux/netfilter_ipv4/ipt_IMQ.h	2016-10-03 07:59:56.200344939 +0700
+diff -urNp -x '*.orig' linux-4.9/include/linux/netfilter_ipv4/ipt_IMQ.h linux-4.9/include/linux/netfilter_ipv4/ipt_IMQ.h
+--- linux-4.9/include/linux/netfilter_ipv4/ipt_IMQ.h	1970-01-01 01:00:00.000000000 +0100
++++ linux-4.9/include/linux/netfilter_ipv4/ipt_IMQ.h	2021-02-24 15:35:24.101274040 +0100
 @@ -0,0 +1,10 @@
 +#ifndef _IPT_IMQ_H
 +#define _IPT_IMQ_H
@@ -1113,9 +1116,9 @@ diff -Naupr linux-4.8_orig/include/linux/netfilter_ipv4/ipt_IMQ.h linux-4.8/incl
 +
 +#endif /* _IPT_IMQ_H */
 +
-diff -Naupr linux-4.8_orig/include/linux/netfilter_ipv6/ip6t_IMQ.h linux-4.8/include/linux/netfilter_ipv6/ip6t_IMQ.h
---- linux-4.8_orig/include/linux/netfilter_ipv6/ip6t_IMQ.h	1970-01-01 07:00:00.000000000 +0700
-+++ linux-4.8/include/linux/netfilter_ipv6/ip6t_IMQ.h	2016-10-03 07:59:56.200344939 +0700
+diff -urNp -x '*.orig' linux-4.9/include/linux/netfilter_ipv6/ip6t_IMQ.h linux-4.9/include/linux/netfilter_ipv6/ip6t_IMQ.h
+--- linux-4.9/include/linux/netfilter_ipv6/ip6t_IMQ.h	1970-01-01 01:00:00.000000000 +0100
++++ linux-4.9/include/linux/netfilter_ipv6/ip6t_IMQ.h	2021-02-24 15:35:24.101274040 +0100
 @@ -0,0 +1,10 @@
 +#ifndef _IP6T_IMQ_H
 +#define _IP6T_IMQ_H
@@ -1127,9 +1130,9 @@ diff -Naupr linux-4.8_orig/include/linux/netfilter_ipv6/ip6t_IMQ.h linux-4.8/inc
 +
 +#endif /* _IP6T_IMQ_H */
 +
-diff -Naupr linux-4.8_orig/include/linux/skbuff.h linux-4.8/include/linux/skbuff.h
---- linux-4.8_orig/include/linux/skbuff.h	2016-10-03 06:24:33.000000000 +0700
-+++ linux-4.8/include/linux/skbuff.h	2016-10-03 07:59:56.200344939 +0700
+diff -urNp -x '*.orig' linux-4.9/include/linux/skbuff.h linux-4.9/include/linux/skbuff.h
+--- linux-4.9/include/linux/skbuff.h	2021-02-24 15:35:11.060868221 +0100
++++ linux-4.9/include/linux/skbuff.h	2021-02-24 15:35:24.101274040 +0100
 @@ -39,6 +39,10 @@
  #include <linux/in6.h>
  #include <linux/if_packet.h>
@@ -1141,7 +1144,7 @@ diff -Naupr linux-4.8_orig/include/linux/skbuff.h linux-4.8/include/linux/skbuff
  
  /* The interface for checksum offload between the stack and networking drivers
   * is as follows...
-@@ -655,6 +659,9 @@ struct sk_buff {
+@@ -660,6 +664,9 @@ struct sk_buff {
  	 * first. This is owned by whoever has the skb queued ATM.
  	 */
  	char			cb[48] __aligned(8);
@@ -1151,7 +1154,7 @@ diff -Naupr linux-4.8_orig/include/linux/skbuff.h linux-4.8/include/linux/skbuff
  
  	unsigned long		_skb_refdst;
  	void			(*destructor)(struct sk_buff *skb);
-@@ -664,6 +671,9 @@ struct sk_buff {
+@@ -669,6 +676,9 @@ struct sk_buff {
  #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
  	struct nf_conntrack	*nfct;
  #endif
@@ -1161,17 +1164,17 @@ diff -Naupr linux-4.8_orig/include/linux/skbuff.h linux-4.8/include/linux/skbuff
  #if IS_ENABLED(CONFIG_BRIDGE_NETFILTER)
  	struct nf_bridge_info	*nf_bridge;
  #endif
-@@ -731,6 +741,9 @@ struct sk_buff {
- 	__u8			inner_protocol_type:1;
- 	__u8			remcsum_offload:1;
- 	/* 3 or 5 bit hole */
-+	#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE)
-+	__u8                    imq_flags:IMQ_F_BITS;
-+	#endif
+@@ -748,6 +758,9 @@ struct sk_buff {
+ 	__u8			offload_fwd_mark:1;
+ #endif
+ 	/* 2, 4 or 5 bit hole */
++#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE)
++	__u8			imq_flags:IMQ_F_BITS;
++#endif
  
  #ifdef CONFIG_NET_SCHED
  	__u16			tc_index;	/* traffic control index */
-@@ -896,6 +909,12 @@ void kfree_skb_list(struct sk_buff *segs
+@@ -908,6 +921,12 @@ void kfree_skb_list(struct sk_buff *segs
  void skb_tx_error(struct sk_buff *skb);
  void consume_skb(struct sk_buff *skb);
  void  __kfree_skb(struct sk_buff *skb);
@@ -1184,7 +1187,7 @@ diff -Naupr linux-4.8_orig/include/linux/skbuff.h linux-4.8/include/linux/skbuff
  extern struct kmem_cache *skbuff_head_cache;
  
  void kfree_skb_partial(struct sk_buff *skb, bool head_stolen);
-@@ -3555,6 +3574,10 @@ static inline void __nf_copy(struct sk_b
+@@ -3640,6 +3659,10 @@ static inline void __nf_copy(struct sk_b
  	if (copy)
  		dst->nfctinfo = src->nfctinfo;
  #endif
@@ -1195,10 +1198,10 @@ diff -Naupr linux-4.8_orig/include/linux/skbuff.h linux-4.8/include/linux/skbuff
  #if IS_ENABLED(CONFIG_BRIDGE_NETFILTER)
  	dst->nf_bridge  = src->nf_bridge;
  	nf_bridge_get(src->nf_bridge);
-diff -Naupr linux-4.8_orig/include/net/netfilter/nf_queue.h linux-4.8/include/net/netfilter/nf_queue.h
---- linux-4.8_orig/include/net/netfilter/nf_queue.h	2016-10-03 06:24:33.000000000 +0700
-+++ linux-4.8/include/net/netfilter/nf_queue.h	2016-10-03 07:59:56.200344939 +0700
-@@ -31,6 +31,12 @@ struct nf_queue_handler {
+diff -urNp -x '*.orig' linux-4.9/include/net/netfilter/nf_queue.h linux-4.9/include/net/netfilter/nf_queue.h
+--- linux-4.9/include/net/netfilter/nf_queue.h	2016-12-11 20:17:54.000000000 +0100
++++ linux-4.9/include/net/netfilter/nf_queue.h	2021-02-24 15:35:24.101274040 +0100
+@@ -30,6 +30,12 @@ struct nf_queue_handler {
  void nf_register_queue_handler(struct net *net, const struct nf_queue_handler *qh);
  void nf_unregister_queue_handler(struct net *net);
  void nf_reinject(struct nf_queue_entry *entry, unsigned int verdict);
@@ -1211,9 +1214,9 @@ diff -Naupr linux-4.8_orig/include/net/netfilter/nf_queue.h linux-4.8/include/ne
  
  void nf_queue_entry_get_refs(struct nf_queue_entry *entry);
  void nf_queue_entry_release_refs(struct nf_queue_entry *entry);
-diff -Naupr linux-4.8_orig/include/net/pkt_sched.h linux-4.8/include/net/pkt_sched.h
---- linux-4.8_orig/include/net/pkt_sched.h	2016-10-03 06:24:33.000000000 +0700
-+++ linux-4.8/include/net/pkt_sched.h	2016-10-03 07:59:56.200344939 +0700
+diff -urNp -x '*.orig' linux-4.9/include/net/pkt_sched.h linux-4.9/include/net/pkt_sched.h
+--- linux-4.9/include/net/pkt_sched.h	2016-12-11 20:17:54.000000000 +0100
++++ linux-4.9/include/net/pkt_sched.h	2021-02-24 15:35:24.101274040 +0100
 @@ -105,6 +105,8 @@ int sch_direct_xmit(struct sk_buff *skb,
  
  void __qdisc_run(struct Qdisc *q);
@@ -1223,10 +1226,10 @@ diff -Naupr linux-4.8_orig/include/net/pkt_sched.h linux-4.8/include/net/pkt_sch
  static inline void qdisc_run(struct Qdisc *q)
  {
  	if (qdisc_run_begin(q))
-diff -Naupr linux-4.8_orig/include/net/sch_generic.h linux-4.8/include/net/sch_generic.h
---- linux-4.8_orig/include/net/sch_generic.h	2016-10-03 06:24:33.000000000 +0700
-+++ linux-4.8/include/net/sch_generic.h	2016-10-03 07:59:56.200344939 +0700
-@@ -510,6 +510,13 @@ static inline int qdisc_enqueue(struct s
+diff -urNp -x '*.orig' linux-4.9/include/net/sch_generic.h linux-4.9/include/net/sch_generic.h
+--- linux-4.9/include/net/sch_generic.h	2021-02-24 15:35:11.077535407 +0100
++++ linux-4.9/include/net/sch_generic.h	2021-02-24 15:35:24.101274040 +0100
+@@ -523,6 +523,13 @@ static inline int qdisc_enqueue(struct s
  	return sch->enqueue(skb, sch, to_free);
  }
  
@@ -1240,9 +1243,9 @@ diff -Naupr linux-4.8_orig/include/net/sch_generic.h linux-4.8/include/net/sch_g
  static inline bool qdisc_is_percpu_stats(const struct Qdisc *q)
  {
  	return q->flags & TCQ_F_CPUSTATS;
-diff -Naupr linux-4.8_orig/include/uapi/linux/netfilter.h linux-4.8/include/uapi/linux/netfilter.h
---- linux-4.8_orig/include/uapi/linux/netfilter.h	2016-10-03 06:24:33.000000000 +0700
-+++ linux-4.8/include/uapi/linux/netfilter.h	2016-10-03 07:59:56.203678268 +0700
+diff -urNp -x '*.orig' linux-4.9/include/uapi/linux/netfilter.h linux-4.9/include/uapi/linux/netfilter.h
+--- linux-4.9/include/uapi/linux/netfilter.h	2016-12-11 20:17:54.000000000 +0100
++++ linux-4.9/include/uapi/linux/netfilter.h	2021-02-24 15:35:24.101274040 +0100
 @@ -14,7 +14,8 @@
  #define NF_QUEUE 3
  #define NF_REPEAT 4
@@ -1253,10 +1256,10 @@ diff -Naupr linux-4.8_orig/include/uapi/linux/netfilter.h linux-4.8/include/uapi
  
  /* we overload the higher bits for encoding auxiliary data such as the queue
   * number or errno values. Not nice, but better than additional function
-diff -Naupr linux-4.8_orig/net/core/dev.c linux-4.8/net/core/dev.c
---- linux-4.8_orig/net/core/dev.c	2016-10-03 06:24:33.000000000 +0700
-+++ linux-4.8/net/core/dev.c	2016-10-03 07:59:56.203678268 +0700
-@@ -141,6 +141,9 @@
+diff -urNp -x '*.orig' linux-4.9/net/core/dev.c linux-4.9/net/core/dev.c
+--- linux-4.9/net/core/dev.c	2021-02-24 15:35:11.220873200 +0100
++++ linux-4.9/net/core/dev.c	2021-02-24 15:35:24.101274040 +0100
+@@ -142,6 +142,9 @@
  #include <linux/netfilter_ingress.h>
  #include <linux/sctp.h>
  #include <linux/crash_dump.h>
@@ -1266,19 +1269,31 @@ diff -Naupr linux-4.8_orig/net/core/dev.c linux-4.8/net/core/dev.c
  
  #include "net-sysfs.h"
  
-@@ -2952,6 +2952,9 @@
- 	*ret = rc;
+@@ -2965,7 +2968,12 @@ static int xmit_one(struct sk_buff *skb,
+ 	unsigned int len;
+ 	int rc;
+ 
++#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE)
++	if ((!list_empty(&ptype_all) || !list_empty(&dev->ptype_all)) &&
++		!(skb->imq_flags & IMQ_F_ENQUEUE))
++#else
+ 	if (!list_empty(&ptype_all) || !list_empty(&dev->ptype_all))
++#endif
+ 		dev_queue_xmit_nit(skb, dev);
+ 
+ 	len = skb->len;
+@@ -3004,6 +3012,8 @@ out:
  	return skb;
  }
-+#if defined(CONFIG_IMQ_MODULE)
-+EXPORT_SYMBOL_GPL(dev_hard_start_xmit);
-+#endif
  
++EXPORT_SYMBOL_GPL(dev_hard_start_xmit);
++
  static struct sk_buff *validate_xmit_vlan(struct sk_buff *skb,
  					  netdev_features_t features)
-diff -Naupr linux-4.8_orig/net/core/skbuff.c linux-4.8/net/core/skbuff.c
---- linux-4.8_orig/net/core/skbuff.c	2016-10-03 06:24:33.000000000 +0700
-+++ linux-4.8/net/core/skbuff.c	2016-10-03 07:59:56.203678268 +0700
+ {
+diff -urNp -x '*.orig' linux-4.9/net/core/skbuff.c linux-4.9/net/core/skbuff.c
+--- linux-4.9/net/core/skbuff.c	2021-02-24 15:35:11.224206637 +0100
++++ linux-4.9/net/core/skbuff.c	2021-02-24 15:35:24.104607477 +0100
 @@ -82,6 +82,87 @@ struct kmem_cache *skbuff_head_cache __r
  static struct kmem_cache *skbuff_fclone_cache __read_mostly;
  int sysctl_max_skb_frags __read_mostly = MAX_SKB_FRAGS;
@@ -1367,7 +1382,7 @@ diff -Naupr linux-4.8_orig/net/core/skbuff.c linux-4.8/net/core/skbuff.c
  
  /**
   *	skb_panic - private function for out-of-line support
-@@ -654,6 +735,28 @@ static void skb_release_head_state(struc
+@@ -667,6 +748,28 @@ static void skb_release_head_state(struc
  		WARN_ON(in_irq());
  		skb->destructor(skb);
  	}
@@ -1396,7 +1411,7 @@ diff -Naupr linux-4.8_orig/net/core/skbuff.c linux-4.8/net/core/skbuff.c
  #if IS_ENABLED(CONFIG_NF_CONNTRACK)
  	nf_conntrack_put(skb->nfct);
  #endif
-@@ -843,6 +946,10 @@ static void __copy_skb_header(struct sk_
+@@ -856,6 +959,10 @@ static void __copy_skb_header(struct sk_
  	new->sp			= secpath_get(old->sp);
  #endif
  	__nf_copy(new, old, false);
@@ -1407,7 +1422,7 @@ diff -Naupr linux-4.8_orig/net/core/skbuff.c linux-4.8/net/core/skbuff.c
  
  	/* Note : this field could be in headers_start/headers_end section
  	 * It is not yet because we do not want to have a 16 bit hole
-@@ -3439,6 +3546,13 @@ void __init skb_init(void)
+@@ -3536,6 +3643,13 @@ void __init skb_init(void)
  						0,
  						SLAB_HWCACHE_ALIGN|SLAB_PANIC,
  						NULL);
@@ -1420,11 +1435,11 @@ diff -Naupr linux-4.8_orig/net/core/skbuff.c linux-4.8/net/core/skbuff.c
 +#endif
  }
  
- /**
-diff -Naupr linux-4.8_orig/net/ipv6/ip6_output.c linux-4.8/net/ipv6/ip6_output.c
---- linux-4.8_orig/net/ipv6/ip6_output.c	2016-10-03 06:24:33.000000000 +0700
-+++ linux-4.8/net/ipv6/ip6_output.c	2016-10-03 07:59:56.203678268 +0700
-@@ -65,9 +65,6 @@ static int ip6_finish_output2(struct net
+ static int
+diff -urNp -x '*.orig' linux-4.9/net/ipv6/ip6_output.c linux-4.9/net/ipv6/ip6_output.c
+--- linux-4.9/net/ipv6/ip6_output.c	2021-02-24 15:35:11.257541008 +0100
++++ linux-4.9/net/ipv6/ip6_output.c	2021-02-24 15:35:24.104607477 +0100
+@@ -66,9 +66,6 @@ static int ip6_finish_output2(struct net
  	struct in6_addr *nexthop;
  	int ret;
  
@@ -1434,7 +1449,7 @@ diff -Naupr linux-4.8_orig/net/ipv6/ip6_output.c linux-4.8/net/ipv6/ip6_output.c
  	if (ipv6_addr_is_multicast(&ipv6_hdr(skb)->daddr)) {
  		struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb));
  
-@@ -142,6 +139,13 @@ int ip6_output(struct net *net, struct s
+@@ -150,6 +147,13 @@ int ip6_output(struct net *net, struct s
  		return 0;
  	}
  
@@ -1448,30 +1463,10 @@ diff -Naupr linux-4.8_orig/net/ipv6/ip6_output.c linux-4.8/net/ipv6/ip6_output.c
  	return NF_HOOK_COND(NFPROTO_IPV6, NF_INET_POST_ROUTING,
  			    net, sk, skb, NULL, dev,
  			    ip6_finish_output,
-diff -Naupr linux-4.8_orig/net/netfilter/core.c linux-4.8/net/netfilter/core.c
---- linux-4.8_orig/net/netfilter/core.c	2016-10-03 06:24:33.000000000 +0700
-+++ linux-4.8/net/netfilter/core.c	2016-10-03 07:59:56.203678268 +0700
-@@ -311,10 +311,14 @@ next_hook:
- 		ret = NF_DROP_GETERR(verdict);
- 		if (ret == 0)
- 			ret = -EPERM;
--	} else if ((verdict & NF_VERDICT_MASK) == NF_QUEUE) {
-+	} else if ((verdict & NF_VERDICT_MASK) == NF_QUEUE ||
-+		(verdict & NF_VERDICT_MASK) == NF_IMQ_QUEUE) {
- 		int err = nf_queue(skb, elem, state,
--				   verdict >> NF_VERDICT_QBITS);
-+				   verdict >> NF_VERDICT_QBITS,
-+				  verdict & NF_VERDICT_MASK);
- 		if (err < 0) {
-+			if (err == -ECANCELED)
-+				goto next_hook;
- 			if (err == -ESRCH &&
- 			   (verdict & NF_VERDICT_FLAG_QUEUE_BYPASS))
- 				goto next_hook;
-diff -Naupr linux-4.8_orig/net/netfilter/Kconfig linux-4.8/net/netfilter/Kconfig
---- linux-4.8_orig/net/netfilter/Kconfig	2016-10-03 06:24:33.000000000 +0700
-+++ linux-4.8/net/netfilter/Kconfig	2016-10-03 07:59:56.203678268 +0700
-@@ -805,6 +805,18 @@ config NETFILTER_XT_TARGET_LOG
+diff -urNp -x '*.orig' linux-4.9/net/netfilter/Kconfig linux-4.9/net/netfilter/Kconfig
+--- linux-4.9/net/netfilter/Kconfig	2021-02-24 15:35:11.727555634 +0100
++++ linux-4.9/net/netfilter/Kconfig	2021-02-24 15:35:24.104607477 +0100
+@@ -823,6 +823,18 @@ config NETFILTER_XT_TARGET_LOG
  
  	  To compile it as a module, choose M here.  If unsure, say N.
  
@@ -1490,10 +1485,10 @@ diff -Naupr linux-4.8_orig/net/netfilter/Kconfig linux-4.8/net/netfilter/Kconfig
  config NETFILTER_XT_TARGET_MARK
  	tristate '"MARK" target support'
  	depends on NETFILTER_ADVANCED
-diff -Naupr linux-4.8_orig/net/netfilter/Makefile linux-4.8/net/netfilter/Makefile
---- linux-4.8_orig/net/netfilter/Makefile	2016-10-03 06:24:33.000000000 +0700
-+++ linux-4.8/net/netfilter/Makefile	2016-10-03 07:59:56.203678268 +0700
-@@ -115,6 +115,7 @@ obj-$(CONFIG_NETFILTER_XT_TARGET_CT) +=
+diff -urNp -x '*.orig' linux-4.9/net/netfilter/Makefile linux-4.9/net/netfilter/Makefile
+--- linux-4.9/net/netfilter/Makefile	2021-02-24 15:35:11.727555634 +0100
++++ linux-4.9/net/netfilter/Makefile	2021-02-24 15:35:24.104607477 +0100
+@@ -119,6 +119,7 @@ obj-$(CONFIG_NETFILTER_XT_TARGET_CT) +=
  obj-$(CONFIG_NETFILTER_XT_TARGET_DSCP) += xt_DSCP.o
  obj-$(CONFIG_NETFILTER_XT_TARGET_HL) += xt_HL.o
  obj-$(CONFIG_NETFILTER_XT_TARGET_HMARK) += xt_HMARK.o
@@ -1501,21 +1496,25 @@ diff -Naupr linux-4.8_orig/net/netfilter/Makefile linux-4.8/net/netfilter/Makefi
  obj-$(CONFIG_NETFILTER_XT_TARGET_LED) += xt_LED.o
  obj-$(CONFIG_NETFILTER_XT_TARGET_LOG) += xt_LOG.o
  obj-$(CONFIG_NETFILTER_XT_TARGET_NETMAP) += xt_NETMAP.o
-diff -Naupr linux-4.8_orig/net/netfilter/nf_internals.h linux-4.8/net/netfilter/nf_internals.h
---- linux-4.8_orig/net/netfilter/nf_internals.h	2016-10-03 06:24:33.000000000 +0700
-+++ linux-4.8/net/netfilter/nf_internals.h	2016-10-03 07:59:56.203678268 +0700
-@@ -18,7 +18,7 @@ unsigned int nf_iterate(struct list_head
- 
- /* nf_queue.c */
- int nf_queue(struct sk_buff *skb, struct nf_hook_ops *elem,
--	     struct nf_hook_state *state, unsigned int queuenum);
-+	     struct nf_hook_state *state, unsigned int queuenum, unsigned int queuetype);
- void nf_queue_nf_hook_drop(struct net *net, struct nf_hook_ops *ops);
- int __init netfilter_queue_init(void);
- 
-diff -Naupr linux-4.8_orig/net/netfilter/nf_queue.c linux-4.8/net/netfilter/nf_queue.c
---- linux-4.8_orig/net/netfilter/nf_queue.c	2016-10-03 06:24:33.000000000 +0700
-+++ linux-4.8/net/netfilter/nf_queue.c	2016-10-03 07:59:56.203678268 +0700
+diff -urNp -x '*.orig' linux-4.9/net/netfilter/core.c linux-4.9/net/netfilter/core.c
+--- linux-4.9/net/netfilter/core.c	2021-02-24 15:35:11.287541941 +0100
++++ linux-4.9/net/netfilter/core.c	2021-02-24 15:35:24.104607477 +0100
+@@ -360,8 +360,11 @@ next_hook:
+ 		ret = NF_DROP_GETERR(verdict);
+ 		if (ret == 0)
+ 			ret = -EPERM;
+-	} else if ((verdict & NF_VERDICT_MASK) == NF_QUEUE) {
++	} else if ((verdict & NF_VERDICT_MASK) == NF_QUEUE ||
++		   (verdict & NF_VERDICT_MASK) == NF_IMQ_QUEUE) {
+ 		ret = nf_queue(skb, state, &entry, verdict);
++		if (ret == -ECANCELED)
++			goto next_hook;
+ 		if (ret == 1 && entry)
+ 			goto next_hook;
+ 	} else {
+diff -urNp -x '*.orig' linux-4.9/net/netfilter/nf_queue.c linux-4.9/net/netfilter/nf_queue.c
+--- linux-4.9/net/netfilter/nf_queue.c	2016-12-11 20:17:54.000000000 +0100
++++ linux-4.9/net/netfilter/nf_queue.c	2021-02-24 15:35:24.104607477 +0100
 @@ -27,6 +27,23 @@
   * receives, no matter what.
   */
@@ -1540,18 +1539,20 @@ diff -Naupr linux-4.8_orig/net/netfilter/nf_queue.c linux-4.8/net/netfilter/nf_q
  /* return EBUSY when somebody else is registered, return EEXIST if the
   * same handler is registered, return 0 in case of success. */
  void nf_register_queue_handler(struct net *net, const struct nf_queue_handler *qh)
-@@ -114,7 +131,8 @@ void nf_queue_nf_hook_drop(struct net *n
- int nf_queue(struct sk_buff *skb,
- 	     struct nf_hook_ops *elem,
- 	     struct nf_hook_state *state,
--	     unsigned int queuenum)
-+	     unsigned int queuenum,
-+		 unsigned int queuetype)
+@@ -108,16 +125,28 @@ void nf_queue_nf_hook_drop(struct net *n
+ }
+ 
+ static int __nf_queue(struct sk_buff *skb, const struct nf_hook_state *state,
+-		      unsigned int queuenum)
++		      unsigned int verdict)
  {
  	int status = -ENOENT;
  	struct nf_queue_entry *entry = NULL;
-@@ -123,7 +141,17 @@ int nf_queue(struct sk_buff *skb,
+ 	const struct nf_afinfo *afinfo;
+ 	const struct nf_queue_handler *qh;
  	struct net *net = state->net;
++	unsigned int queuetype = verdict & NF_VERDICT_MASK;
++	unsigned int queuenum  = verdict >> NF_VERDICT_QBITS;
  
  	/* QUEUE == DROP if no one is waiting, to be safe. */
 -	qh = rcu_dereference(net->nf.queue_handler);
@@ -1569,21 +1570,17 @@ diff -Naupr linux-4.8_orig/net/netfilter/nf_queue.c linux-4.8/net/netfilter/nf_q
  	if (!qh) {
  		status = -ESRCH;
  		goto err;
-@@ -198,8 +226,10 @@ void nf_reinject(struct nf_queue_entry *
+@@ -218,6 +247,7 @@ okfn:
  		local_bh_enable();
  		break;
  	case NF_QUEUE:
 +	case NF_IMQ_QUEUE:
- 		err = nf_queue(skb, elem, &entry->state,
--			       verdict >> NF_VERDICT_QBITS);
-+			       verdict >> NF_VERDICT_QBITS,
-+				   verdict & NF_VERDICT_MASK);
- 		if (err < 0) {
- 			if (err == -ESRCH &&
- 			   (verdict & NF_VERDICT_FLAG_QUEUE_BYPASS))
-diff -Naupr linux-4.8_orig/net/netfilter/xt_IMQ.c linux-4.8/net/netfilter/xt_IMQ.c
---- linux-4.8_orig/net/netfilter/xt_IMQ.c	1970-01-01 07:00:00.000000000 +0700
-+++ linux-4.8/net/netfilter/xt_IMQ.c	2016-10-03 07:59:56.203678268 +0700
+ 		err = nf_queue(skb, &entry->state, &hook_entry, verdict);
+ 		if (err == 1) {
+ 			if (hook_entry)
+diff -urNp -x '*.orig' linux-4.9/net/netfilter/xt_IMQ.c linux-4.9/net/netfilter/xt_IMQ.c
+--- linux-4.9/net/netfilter/xt_IMQ.c	1970-01-01 01:00:00.000000000 +0100
++++ linux-4.9/net/netfilter/xt_IMQ.c	2021-02-24 15:35:24.104607477 +0100
 @@ -0,0 +1,72 @@
 +/*
 + * This target marks packets to be enqueued to an imq device
@@ -1657,9 +1654,9 @@ diff -Naupr linux-4.8_orig/net/netfilter/xt_IMQ.c linux-4.8/net/netfilter/xt_IMQ
 +MODULE_ALIAS("ipt_IMQ");
 +MODULE_ALIAS("ip6t_IMQ");
 +
-diff -Naupr linux-4.8_orig/net/sched/sch_generic.c linux-4.8/net/sched/sch_generic.c
---- linux-4.8_orig/net/sched/sch_generic.c	2016-10-03 06:24:33.000000000 +0700
-+++ linux-4.8/net/sched/sch_generic.c	2016-10-03 07:59:56.207011597 +0700
+diff -urNp -x '*.orig' linux-4.9/net/sched/sch_generic.c linux-4.9/net/sched/sch_generic.c
+--- linux-4.9/net/sched/sch_generic.c	2021-02-24 15:35:11.317542875 +0100
++++ linux-4.9/net/sched/sch_generic.c	2021-02-24 15:35:24.104607477 +0100
 @@ -154,6 +154,14 @@ bulk:
  	return skb;
  }