-diff -Naupr linux-4.7_orig/drivers/net/imq.c linux-4.7/drivers/net/imq.c
---- linux-4.7_orig/drivers/net/imq.c 1970-01-01 07:00:00.000000000 +0700
-+++ linux-4.7/drivers/net/imq.c 2016-07-26 20:58:55.635901659 +0700
-@@ -0,0 +1,903 @@
+diff -Naupr linux-4.10_orig/drivers/net/imq.c linux-4.10/drivers/net/imq.c
+--- linux-4.10_orig/drivers/net/imq.c 1970-01-01 07:00:00.000000000 +0700
++++ linux-4.10/drivers/net/imq.c 2017-02-28 19:03:58.883221583 +0700
+@@ -0,0 +1,945 @@
+/*
+ * Pseudo-driver for the intermediate queue device.
+ *
+ *
+ * The first version was written by Martin Devera, <devik@cdi.cz>
+ *
-+ * See Creditis.txt
++ * See Credits.txt
+ */
+
+#include <linux/module.h>
+{
+ struct nf_queue_entry *entry = skb->nf_queue_entry;
+
++ rcu_read_lock();
++
+ skb->nf_queue_entry = NULL;
+ netif_trans_update(dev);
+
+ dev->stats.tx_dropped++;
+ dev_kfree_skb(skb);
+
++ rcu_read_unlock();
+ return NETDEV_TX_OK;
+ }
+
+
+ nf_reinject(entry, NF_ACCEPT);
+
++ rcu_read_unlock();
+ return NETDEV_TX_OK;
+}
+
+ struct nf_queue_entry *entry = kmemdup(e, e->size, GFP_ATOMIC);
+ if (entry) {
+ nf_queue_entry_get_refs(entry);
-+ return entry;
++ return entry;
+ }
+ return NULL;
+}
+{
+ struct sk_buff *skb_orig, *skb, *skb_shared, *skb_popd;
+ struct Qdisc *q;
++ struct sk_buff *to_free = NULL;
+ struct netdev_queue *txq;
+ spinlock_t *root_lock;
+ int users;
+
+ /* backup skb->cb, as qdisc layer will overwrite it */
+ skb_save_cb(skb_shared);
-+ qdisc_enqueue_root(skb_shared, q); /* might kfree_skb */
++ qdisc_enqueue_root(skb_shared, q, &to_free); /* might kfree_skb */
+ if (likely(atomic_read(&skb_shared->users) == users + 1)) {
+ bool validate;
+
+ /* Note that we validate skb (GSO, checksum, ...) outside of locks */
+ if (validate)
+ skb_popd = validate_xmit_skb_list(skb_popd, dev);
-+
++
+ if (skb_popd) {
+ int dummy_ret;
+ int cpu = smp_processor_id(); /* ok because BHs are off */
+
+ txq = skb_get_tx_queue(dev, skb_popd);
-+ /*
++ /*
+ IMQ device will not be frozen or stoped, and it always be successful.
+ So we need not check its status and return value to accelerate.
+ */
+ }
+ retval = -1;
+out:
++ if (unlikely(to_free)) {
++ kfree_skb_list(to_free);
++ }
+ return retval;
+}
+static unsigned int imq_nf_hook(void *priv,
+ return 0;
+}
+
++static struct device_type imq_device_type = {
++ .name = "imq",
++};
++
+static const struct net_device_ops imq_netdev_ops = {
+ .ndo_open = imq_open,
+ .ndo_stop = imq_close,
+ return ret;
+}
+
++#ifdef CONFIG_LOCKDEP
++ static struct lock_class_key imq_netdev_addr_lock_key;
++
++ static void __init imq_dev_set_lockdep_one(struct net_device *dev,
++ struct netdev_queue *txq, void *arg)
++ {
++ /*
++ * the IMQ transmit locks can be taken recursively,
++ * for example with one IMQ rule for input- and one for
++ * output network devices in iptables!
++ * until we find a better solution ignore them.
++ */
++ lockdep_set_novalidate_class(&txq->_xmit_lock);
++ }
++
++ static void imq_dev_set_lockdep_class(struct net_device *dev)
++ {
++ lockdep_set_class_and_name(&dev->addr_list_lock,
++ &imq_netdev_addr_lock_key, "_xmit_addr_IMQ");
++ netdev_for_each_tx_queue(dev, imq_dev_set_lockdep_one, NULL);
++}
++#else
++ static inline void imq_dev_set_lockdep_class(struct net_device *dev)
++ {
++ }
++#endif
++
+static int __init imq_init_one(int index)
+{
+ struct net_device *dev;
+ goto fail;
+
+ dev->rtnl_link_ops = &imq_link_ops;
++ SET_NETDEV_DEVTYPE(dev, &imq_device_type);
+ ret = register_netdevice(dev);
+ if (ret < 0)
+ goto fail;
+
++ imq_dev_set_lockdep_class(dev);
++
+ return 0;
+fail:
+ free_netdev(dev);
+MODULE_PARM_DESC(numqueues, "number of queues per IMQ device");
+MODULE_PARM_DESC(imq_dev_accurate_stats, "Notify if need the accurate imq device stats");
+
-+MODULE_AUTHOR("http://https://github.com/imq/linuximq");
++MODULE_AUTHOR("https://github.com/imq/linuximq");
+MODULE_DESCRIPTION("Pseudo-driver for the intermediate queue device. See https://github.com/imq/linuximq/wiki for more information.");
+MODULE_LICENSE("GPL");
+MODULE_ALIAS_RTNL_LINK("imq");
-diff -Naupr linux-4.7_orig/drivers/net/Kconfig linux-4.7/drivers/net/Kconfig
---- linux-4.7_orig/drivers/net/Kconfig 2016-07-25 02:23:50.000000000 +0700
-+++ linux-4.7/drivers/net/Kconfig 2016-07-26 20:58:55.635901659 +0700
-@@ -258,6 +258,125 @@ config RIONET_RX_SIZE
+diff -Naupr linux-4.10_orig/drivers/net/Kconfig linux-4.10/drivers/net/Kconfig
+--- linux-4.10_orig/drivers/net/Kconfig 2017-02-20 05:34:00.000000000 +0700
++++ linux-4.10/drivers/net/Kconfig 2017-02-28 18:44:55.978280593 +0700
+@@ -260,6 +260,125 @@ config RIONET_RX_SIZE
depends on RIONET
default "128"
config TUN
tristate "Universal TUN/TAP device driver support"
depends on INET
-diff -Naupr linux-4.7_orig/drivers/net/Makefile linux-4.7/drivers/net/Makefile
---- linux-4.7_orig/drivers/net/Makefile 2016-07-25 02:23:50.000000000 +0700
-+++ linux-4.7/drivers/net/Makefile 2016-07-26 20:58:55.635901659 +0700
+diff -Naupr linux-4.10_orig/drivers/net/Makefile linux-4.10/drivers/net/Makefile
+--- linux-4.10_orig/drivers/net/Makefile 2017-02-20 05:34:00.000000000 +0700
++++ linux-4.10/drivers/net/Makefile 2017-02-28 18:44:55.978280593 +0700
@@ -11,6 +11,7 @@ obj-$(CONFIG_DUMMY) += dummy.o
obj-$(CONFIG_EQUALIZER) += eql.o
obj-$(CONFIG_IFB) += ifb.o
obj-$(CONFIG_MACVLAN) += macvlan.o
obj-$(CONFIG_MACVTAP) += macvtap.o
obj-$(CONFIG_MII) += mii.o
-diff -Naupr linux-4.7_orig/include/linux/imq.h linux-4.7/include/linux/imq.h
---- linux-4.7_orig/include/linux/imq.h 1970-01-01 07:00:00.000000000 +0700
-+++ linux-4.7/include/linux/imq.h 2016-07-26 20:58:55.639235009 +0700
+diff -Naupr linux-4.10_orig/include/linux/imq.h linux-4.10/include/linux/imq.h
+--- linux-4.10_orig/include/linux/imq.h 1970-01-01 07:00:00.000000000 +0700
++++ linux-4.10/include/linux/imq.h 2017-02-28 18:44:55.978280593 +0700
@@ -0,0 +1,13 @@
+#ifndef _IMQ_H
+#define _IMQ_H
+
+#endif /* _IMQ_H */
+
-diff -Naupr linux-4.7_orig/include/linux/netdevice.h linux-4.7/include/linux/netdevice.h
---- linux-4.7_orig/include/linux/netdevice.h 2016-07-25 02:23:50.000000000 +0700
-+++ linux-4.7/include/linux/netdevice.h 2016-07-26 20:58:55.639235009 +0700
-@@ -3558,6 +3558,19 @@ static inline void netif_tx_unlock_bh(st
+diff -Naupr linux-4.10_orig/include/linux/netdevice.h linux-4.10/include/linux/netdevice.h
+--- linux-4.10_orig/include/linux/netdevice.h 2017-02-20 05:34:00.000000000 +0700
++++ linux-4.10/include/linux/netdevice.h 2017-02-28 18:44:55.978280593 +0700
+@@ -3604,6 +3604,19 @@ static inline void netif_tx_unlock_bh(st
} \
}
static inline void netif_tx_disable(struct net_device *dev)
{
unsigned int i;
-diff -Naupr linux-4.7_orig/include/linux/netfilter/xt_IMQ.h linux-4.7/include/linux/netfilter/xt_IMQ.h
---- linux-4.7_orig/include/linux/netfilter/xt_IMQ.h 1970-01-01 07:00:00.000000000 +0700
-+++ linux-4.7/include/linux/netfilter/xt_IMQ.h 2016-07-26 20:58:55.639235009 +0700
+diff -Naupr linux-4.10_orig/include/linux/netfilter/xt_IMQ.h linux-4.10/include/linux/netfilter/xt_IMQ.h
+--- linux-4.10_orig/include/linux/netfilter/xt_IMQ.h 1970-01-01 07:00:00.000000000 +0700
++++ linux-4.10/include/linux/netfilter/xt_IMQ.h 2017-02-28 18:44:55.981613941 +0700
@@ -0,0 +1,9 @@
+#ifndef _XT_IMQ_H
+#define _XT_IMQ_H
+
+#endif /* _XT_IMQ_H */
+
-diff -Naupr linux-4.7_orig/include/linux/netfilter_ipv4/ipt_IMQ.h linux-4.7/include/linux/netfilter_ipv4/ipt_IMQ.h
---- linux-4.7_orig/include/linux/netfilter_ipv4/ipt_IMQ.h 1970-01-01 07:00:00.000000000 +0700
-+++ linux-4.7/include/linux/netfilter_ipv4/ipt_IMQ.h 2016-07-26 20:58:55.639235009 +0700
+diff -Naupr linux-4.10_orig/include/linux/netfilter_ipv4/ipt_IMQ.h linux-4.10/include/linux/netfilter_ipv4/ipt_IMQ.h
+--- linux-4.10_orig/include/linux/netfilter_ipv4/ipt_IMQ.h 1970-01-01 07:00:00.000000000 +0700
++++ linux-4.10/include/linux/netfilter_ipv4/ipt_IMQ.h 2017-02-28 18:44:55.981613941 +0700
@@ -0,0 +1,10 @@
+#ifndef _IPT_IMQ_H
+#define _IPT_IMQ_H
+
+#endif /* _IPT_IMQ_H */
+
-diff -Naupr linux-4.7_orig/include/linux/netfilter_ipv6/ip6t_IMQ.h linux-4.7/include/linux/netfilter_ipv6/ip6t_IMQ.h
---- linux-4.7_orig/include/linux/netfilter_ipv6/ip6t_IMQ.h 1970-01-01 07:00:00.000000000 +0700
-+++ linux-4.7/include/linux/netfilter_ipv6/ip6t_IMQ.h 2016-07-26 20:58:55.639235009 +0700
+diff -Naupr linux-4.10_orig/include/linux/netfilter_ipv6/ip6t_IMQ.h linux-4.10/include/linux/netfilter_ipv6/ip6t_IMQ.h
+--- linux-4.10_orig/include/linux/netfilter_ipv6/ip6t_IMQ.h 1970-01-01 07:00:00.000000000 +0700
++++ linux-4.10/include/linux/netfilter_ipv6/ip6t_IMQ.h 2017-02-28 18:44:55.981613941 +0700
@@ -0,0 +1,10 @@
+#ifndef _IP6T_IMQ_H
+#define _IP6T_IMQ_H
+
+#endif /* _IP6T_IMQ_H */
+
-diff -Naupr linux-4.7_orig/include/linux/skbuff.h linux-4.7/include/linux/skbuff.h
---- linux-4.7_orig/include/linux/skbuff.h 2016-07-25 02:23:50.000000000 +0700
-+++ linux-4.7/include/linux/skbuff.h 2016-07-26 20:58:55.639235009 +0700
-@@ -38,6 +38,10 @@
- #include <linux/splice.h>
+diff -Naupr linux-4.10_orig/include/linux/skbuff.h linux-4.10/include/linux/skbuff.h
+--- linux-4.10_orig/include/linux/skbuff.h 2017-02-20 05:34:00.000000000 +0700
++++ linux-4.10/include/linux/skbuff.h 2017-02-28 18:44:55.981613941 +0700
+@@ -39,6 +39,10 @@
#include <linux/in6.h>
+ #include <linux/if_packet.h>
#include <net/flow.h>
+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE)
+#include <linux/imq.h>
/* The interface for checksum offload between the stack and networking drivers
* is as follows...
-@@ -647,6 +651,9 @@ struct sk_buff {
+@@ -661,6 +665,9 @@ struct sk_buff {
* first. This is owned by whoever has the skb queued ATM.
*/
char cb[48] __aligned(8);
unsigned long _skb_refdst;
void (*destructor)(struct sk_buff *skb);
-@@ -656,6 +663,9 @@ struct sk_buff {
+@@ -670,6 +677,9 @@ struct sk_buff {
#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
struct nf_conntrack *nfct;
#endif
#if IS_ENABLED(CONFIG_BRIDGE_NETFILTER)
struct nf_bridge_info *nf_bridge;
#endif
-@@ -723,6 +733,9 @@ struct sk_buff {
- __u8 inner_protocol_type:1;
- __u8 remcsum_offload:1;
- /* 3 or 5 bit hole */
-+ #if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE)
-+ __u8 imq_flags:IMQ_F_BITS;
-+ #endif
+@@ -750,6 +760,9 @@ struct sk_buff {
+ __u8 offload_fwd_mark:1;
+ #endif
+ /* 2, 4 or 5 bit hole */
++#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE)
++ __u8 imq_flags:IMQ_F_BITS;
++#endif
#ifdef CONFIG_NET_SCHED
__u16 tc_index; /* traffic control index */
-@@ -879,6 +892,12 @@ void kfree_skb_list(struct sk_buff *segs
+@@ -910,6 +923,12 @@ void kfree_skb_list(struct sk_buff *segs
void skb_tx_error(struct sk_buff *skb);
void consume_skb(struct sk_buff *skb);
void __kfree_skb(struct sk_buff *skb);
extern struct kmem_cache *skbuff_head_cache;
void kfree_skb_partial(struct sk_buff *skb, bool head_stolen);
-@@ -3523,6 +3542,10 @@ static inline void __nf_copy(struct sk_b
+@@ -3607,6 +3626,10 @@ static inline void __nf_copy(struct sk_b
if (copy)
dst->nfctinfo = src->nfctinfo;
#endif
#if IS_ENABLED(CONFIG_BRIDGE_NETFILTER)
dst->nf_bridge = src->nf_bridge;
nf_bridge_get(src->nf_bridge);
-diff -Naupr linux-4.7_orig/include/net/netfilter/nf_queue.h linux-4.7/include/net/netfilter/nf_queue.h
---- linux-4.7_orig/include/net/netfilter/nf_queue.h 2016-07-25 02:23:50.000000000 +0700
-+++ linux-4.7/include/net/netfilter/nf_queue.h 2016-07-26 20:58:55.642568359 +0700
+diff -Naupr linux-4.10_orig/include/net/netfilter/nf_queue.h linux-4.10/include/net/netfilter/nf_queue.h
+--- linux-4.10_orig/include/net/netfilter/nf_queue.h 2017-02-20 05:34:00.000000000 +0700
++++ linux-4.10/include/net/netfilter/nf_queue.h 2017-02-28 18:44:55.981613941 +0700
@@ -31,6 +31,12 @@ struct nf_queue_handler {
void nf_register_queue_handler(struct net *net, const struct nf_queue_handler *qh);
void nf_unregister_queue_handler(struct net *net);
void nf_queue_entry_get_refs(struct nf_queue_entry *entry);
void nf_queue_entry_release_refs(struct nf_queue_entry *entry);
-diff -Naupr linux-4.7_orig/include/net/pkt_sched.h linux-4.7/include/net/pkt_sched.h
---- linux-4.7_orig/include/net/pkt_sched.h 2016-07-25 02:23:50.000000000 +0700
-+++ linux-4.7/include/net/pkt_sched.h 2016-07-26 20:58:55.642568359 +0700
-@@ -105,6 +105,8 @@ int sch_direct_xmit(struct sk_buff *skb,
+diff -Naupr linux-4.10_orig/include/net/pkt_sched.h linux-4.10/include/net/pkt_sched.h
+--- linux-4.10_orig/include/net/pkt_sched.h 2017-02-20 05:34:00.000000000 +0700
++++ linux-4.10/include/net/pkt_sched.h 2017-02-28 18:44:55.981613941 +0700
+@@ -107,6 +107,8 @@ int sch_direct_xmit(struct sk_buff *skb,
void __qdisc_run(struct Qdisc *q);
static inline void qdisc_run(struct Qdisc *q)
{
if (qdisc_run_begin(q))
-diff -Naupr linux-4.7_orig/include/net/sch_generic.h linux-4.7/include/net/sch_generic.h
---- linux-4.7_orig/include/net/sch_generic.h 2016-07-25 02:23:50.000000000 +0700
-+++ linux-4.7/include/net/sch_generic.h 2016-07-26 20:58:55.642568359 +0700
-@@ -523,6 +523,12 @@ static inline int qdisc_enqueue(struct s
- return sch->enqueue(skb, sch);
+diff -Naupr linux-4.10_orig/include/net/sch_generic.h linux-4.10/include/net/sch_generic.h
+--- linux-4.10_orig/include/net/sch_generic.h 2017-02-20 05:34:00.000000000 +0700
++++ linux-4.10/include/net/sch_generic.h 2017-02-28 18:44:55.981613941 +0700
+@@ -518,6 +518,13 @@ static inline int qdisc_enqueue(struct s
+ return sch->enqueue(skb, sch, to_free);
}
-+static inline int qdisc_enqueue_root(struct sk_buff *skb, struct Qdisc *sch)
++static inline int qdisc_enqueue_root(struct sk_buff *skb, struct Qdisc *sch,
++ struct sk_buff **to_free)
+{
+ qdisc_skb_cb(skb)->pkt_len = skb->len;
-+ return qdisc_enqueue(skb, sch) & NET_XMIT_MASK;
++ return qdisc_enqueue(skb, sch, to_free) & NET_XMIT_MASK;
+}
+
static inline bool qdisc_is_percpu_stats(const struct Qdisc *q)
{
return q->flags & TCQ_F_CPUSTATS;
-diff -Naupr linux-4.7_orig/include/uapi/linux/netfilter.h linux-4.7/include/uapi/linux/netfilter.h
---- linux-4.7_orig/include/uapi/linux/netfilter.h 2016-07-25 02:23:50.000000000 +0700
-+++ linux-4.7/include/uapi/linux/netfilter.h 2016-07-26 20:58:55.642568359 +0700
+diff -Naupr linux-4.10_orig/include/uapi/linux/netfilter.h linux-4.10/include/uapi/linux/netfilter.h
+--- linux-4.10_orig/include/uapi/linux/netfilter.h 2017-02-20 05:34:00.000000000 +0700
++++ linux-4.10/include/uapi/linux/netfilter.h 2017-02-28 18:44:55.981613941 +0700
@@ -14,7 +14,8 @@
#define NF_QUEUE 3
#define NF_REPEAT 4
- #define NF_STOP 5
+ #define NF_STOP 5 /* Deprecated, for userspace nf_queue compatibility. */
-#define NF_MAX_VERDICT NF_STOP
+#define NF_IMQ_QUEUE 6
+#define NF_MAX_VERDICT NF_IMQ_QUEUE
/* we overload the higher bits for encoding auxiliary data such as the queue
* number or errno values. Not nice, but better than additional function
-diff -Naupr linux-4.7_orig/net/core/dev.c linux-4.7/net/core/dev.c
---- linux-4.7_orig/net/core/dev.c 2016-07-25 02:23:50.000000000 +0700
-+++ linux-4.7/net/core/dev.c 2016-07-26 20:58:55.642568359 +0700
-@@ -139,6 +139,9 @@
+diff -Naupr linux-4.10_orig/net/core/dev.c linux-4.10/net/core/dev.c
+--- linux-4.10_orig/net/core/dev.c 2017-02-20 05:34:00.000000000 +0700
++++ linux-4.10/net/core/dev.c 2017-02-28 18:44:55.984947288 +0700
+@@ -140,6 +140,9 @@
#include <linux/hrtimer.h>
#include <linux/netfilter_ingress.h>
- #include <linux/sctp.h>
+ #include <linux/crash_dump.h>
+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE)
+#include <linux/imq.h>
+#endif
#include "net-sysfs.h"
-@@ -2908,7 +2911,12 @@ static int xmit_one(struct sk_buff *skb,
+@@ -2881,7 +2884,12 @@ static int xmit_one(struct sk_buff *skb,
unsigned int len;
int rc;
dev_queue_xmit_nit(skb, dev);
len = skb->len;
-@@ -2946,6 +2954,7 @@ out:
- *ret = rc;
+@@ -2920,6 +2928,8 @@ out:
return skb;
}
-+EXPORT_SYMBOL(dev_hard_start_xmit);
++EXPORT_SYMBOL_GPL(dev_hard_start_xmit);
++
static struct sk_buff *validate_xmit_vlan(struct sk_buff *skb,
netdev_features_t features)
-@@ -3032,6 +3041,7 @@ struct sk_buff *validate_xmit_skb_list(s
- }
- return head;
- }
-+EXPORT_SYMBOL(validate_xmit_skb_list);
-
- static void qdisc_pkt_len_init(struct sk_buff *skb)
{
-diff -Naupr linux-4.7_orig/net/core/skbuff.c linux-4.7/net/core/skbuff.c
---- linux-4.7_orig/net/core/skbuff.c 2016-07-25 02:23:50.000000000 +0700
-+++ linux-4.7/net/core/skbuff.c 2016-07-26 20:58:55.645901708 +0700
-@@ -81,6 +81,87 @@ struct kmem_cache *skbuff_head_cache __r
+diff -Naupr linux-4.10_orig/net/core/skbuff.c linux-4.10/net/core/skbuff.c
+--- linux-4.10_orig/net/core/skbuff.c 2017-02-20 05:34:00.000000000 +0700
++++ linux-4.10/net/core/skbuff.c 2017-02-28 18:44:55.984947288 +0700
+@@ -82,6 +82,87 @@ struct kmem_cache *skbuff_head_cache __r
static struct kmem_cache *skbuff_fclone_cache __read_mostly;
int sysctl_max_skb_frags __read_mostly = MAX_SKB_FRAGS;
EXPORT_SYMBOL(sysctl_max_skb_frags);
/**
* skb_panic - private function for out-of-line support
-@@ -653,6 +734,28 @@ static void skb_release_head_state(struc
+@@ -654,6 +735,28 @@ static void skb_release_head_state(struc
WARN_ON(in_irq());
skb->destructor(skb);
}
#if IS_ENABLED(CONFIG_NF_CONNTRACK)
nf_conntrack_put(skb->nfct);
#endif
-@@ -842,6 +945,10 @@ static void __copy_skb_header(struct sk_
+@@ -843,6 +946,10 @@ static void __copy_skb_header(struct sk_
new->sp = secpath_get(old->sp);
#endif
__nf_copy(new, old, false);
/* Note : this field could be in headers_start/headers_end section
* It is not yet because we do not want to have a 16 bit hole
-@@ -3433,6 +3540,13 @@ void __init skb_init(void)
+@@ -3465,6 +3572,13 @@ void __init skb_init(void)
0,
SLAB_HWCACHE_ALIGN|SLAB_PANIC,
NULL);
}
/**
-diff -Naupr linux-4.7_orig/net/ipv6/ip6_output.c linux-4.7/net/ipv6/ip6_output.c
---- linux-4.7_orig/net/ipv6/ip6_output.c 2016-07-25 02:23:50.000000000 +0700
-+++ linux-4.7/net/ipv6/ip6_output.c 2016-07-26 20:58:55.645901708 +0700
-@@ -65,9 +65,6 @@ static int ip6_finish_output2(struct net
+diff -Naupr linux-4.10_orig/net/ipv6/ip6_output.c linux-4.10/net/ipv6/ip6_output.c
+--- linux-4.10_orig/net/ipv6/ip6_output.c 2017-02-20 05:34:00.000000000 +0700
++++ linux-4.10/net/ipv6/ip6_output.c 2017-02-28 18:44:55.988280636 +0700
+@@ -67,9 +67,6 @@ static int ip6_finish_output2(struct net
struct in6_addr *nexthop;
int ret;
if (ipv6_addr_is_multicast(&ipv6_hdr(skb)->daddr)) {
struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb));
-@@ -142,6 +139,13 @@ int ip6_output(struct net *net, struct s
+@@ -159,6 +156,13 @@ int ip6_output(struct net *net, struct s
return 0;
}
return NF_HOOK_COND(NFPROTO_IPV6, NF_INET_POST_ROUTING,
net, sk, skb, NULL, dev,
ip6_finish_output,
-diff -Naupr linux-4.7_orig/net/netfilter/core.c linux-4.7/net/netfilter/core.c
---- linux-4.7_orig/net/netfilter/core.c 2016-07-25 02:23:50.000000000 +0700
-+++ linux-4.7/net/netfilter/core.c 2016-07-26 20:58:55.645901708 +0700
-@@ -311,9 +311,11 @@ next_hook:
- ret = NF_DROP_GETERR(verdict);
- if (ret == 0)
- ret = -EPERM;
-- } else if ((verdict & NF_VERDICT_MASK) == NF_QUEUE) {
-+ } else if ((verdict & NF_VERDICT_MASK) == NF_QUEUE ||
-+ (verdict & NF_VERDICT_MASK) == NF_IMQ_QUEUE) {
- int err = nf_queue(skb, elem, state,
-- verdict >> NF_VERDICT_QBITS);
-+ verdict >> NF_VERDICT_QBITS,
-+ verdict & NF_VERDICT_MASK);
- if (err < 0) {
- if (err == -ESRCH &&
- (verdict & NF_VERDICT_FLAG_QUEUE_BYPASS))
-diff -Naupr linux-4.7_orig/net/netfilter/Kconfig linux-4.7/net/netfilter/Kconfig
---- linux-4.7_orig/net/netfilter/Kconfig 2016-07-25 02:23:50.000000000 +0700
-+++ linux-4.7/net/netfilter/Kconfig 2016-07-26 20:58:55.645901708 +0700
-@@ -807,6 +807,18 @@ config NETFILTER_XT_TARGET_LOG
+diff -Naupr linux-4.10_orig/net/netfilter/core.c linux-4.10/net/netfilter/core.c
+--- linux-4.10_orig/net/netfilter/core.c 2017-02-20 05:34:00.000000000 +0700
++++ linux-4.10/net/netfilter/core.c 2017-02-28 18:44:55.988280636 +0700
+@@ -318,6 +318,11 @@ int nf_hook_slow(struct sk_buff *skb, st
+ if (ret == 0)
+ ret = -EPERM;
+ return ret;
++ case NF_IMQ_QUEUE:
++ ret = nf_queue(skb, state, &entry, verdict);
++ if (ret == -ECANCELED)
++ continue;
++ return ret;
+ case NF_QUEUE:
+ ret = nf_queue(skb, state, &entry, verdict);
+ if (ret == 1 && entry)
+diff -Naupr linux-4.10_orig/net/netfilter/Kconfig linux-4.10/net/netfilter/Kconfig
+--- linux-4.10_orig/net/netfilter/Kconfig 2017-02-20 05:34:00.000000000 +0700
++++ linux-4.10/net/netfilter/Kconfig 2017-02-28 18:44:55.988280636 +0700
+@@ -852,6 +852,18 @@ config NETFILTER_XT_TARGET_LOG
To compile it as a module, choose M here. If unsure, say N.
config NETFILTER_XT_TARGET_MARK
tristate '"MARK" target support'
depends on NETFILTER_ADVANCED
-diff -Naupr linux-4.7_orig/net/netfilter/Makefile linux-4.7/net/netfilter/Makefile
---- linux-4.7_orig/net/netfilter/Makefile 2016-07-25 02:23:50.000000000 +0700
-+++ linux-4.7/net/netfilter/Makefile 2016-07-26 20:58:55.645901708 +0700
-@@ -115,6 +115,7 @@ obj-$(CONFIG_NETFILTER_XT_TARGET_CT) +=
+diff -Naupr linux-4.10_orig/net/netfilter/Makefile linux-4.10/net/netfilter/Makefile
+--- linux-4.10_orig/net/netfilter/Makefile 2017-02-20 05:34:00.000000000 +0700
++++ linux-4.10/net/netfilter/Makefile 2017-02-28 18:44:55.988280636 +0700
+@@ -125,6 +125,7 @@ obj-$(CONFIG_NETFILTER_XT_TARGET_CT) +=
obj-$(CONFIG_NETFILTER_XT_TARGET_DSCP) += xt_DSCP.o
obj-$(CONFIG_NETFILTER_XT_TARGET_HL) += xt_HL.o
obj-$(CONFIG_NETFILTER_XT_TARGET_HMARK) += xt_HMARK.o
obj-$(CONFIG_NETFILTER_XT_TARGET_LED) += xt_LED.o
obj-$(CONFIG_NETFILTER_XT_TARGET_LOG) += xt_LOG.o
obj-$(CONFIG_NETFILTER_XT_TARGET_NETMAP) += xt_NETMAP.o
-diff -Naupr linux-4.7_orig/net/netfilter/nf_internals.h linux-4.7/net/netfilter/nf_internals.h
---- linux-4.7_orig/net/netfilter/nf_internals.h 2016-07-25 02:23:50.000000000 +0700
-+++ linux-4.7/net/netfilter/nf_internals.h 2016-07-26 20:58:55.645901708 +0700
-@@ -18,7 +18,7 @@ unsigned int nf_iterate(struct list_head
-
- /* nf_queue.c */
- int nf_queue(struct sk_buff *skb, struct nf_hook_ops *elem,
-- struct nf_hook_state *state, unsigned int queuenum);
-+ struct nf_hook_state *state, unsigned int queuenum, unsigned int queuetype);
- void nf_queue_nf_hook_drop(struct net *net, struct nf_hook_ops *ops);
- int __init netfilter_queue_init(void);
-
-diff -Naupr linux-4.7_orig/net/netfilter/nf_queue.c linux-4.7/net/netfilter/nf_queue.c
---- linux-4.7_orig/net/netfilter/nf_queue.c 2016-07-25 02:23:50.000000000 +0700
-+++ linux-4.7/net/netfilter/nf_queue.c 2016-07-26 20:58:55.649235058 +0700
+diff -Naupr linux-4.10_orig/net/netfilter/nf_queue.c linux-4.10/net/netfilter/nf_queue.c
+--- linux-4.10_orig/net/netfilter/nf_queue.c 2017-02-20 05:34:00.000000000 +0700
++++ linux-4.10/net/netfilter/nf_queue.c 2017-02-28 18:44:55.988280636 +0700
@@ -27,6 +27,23 @@
* receives, no matter what.
*/
/* return EBUSY when somebody else is registered, return EEXIST if the
* same handler is registered, return 0 in case of success. */
void nf_register_queue_handler(struct net *net, const struct nf_queue_handler *qh)
-@@ -114,7 +131,8 @@ void nf_queue_nf_hook_drop(struct net *n
- int nf_queue(struct sk_buff *skb,
- struct nf_hook_ops *elem,
- struct nf_hook_state *state,
-- unsigned int queuenum)
-+ unsigned int queuenum,
-+ unsigned int queuetype)
+@@ -108,16 +125,28 @@ void nf_queue_nf_hook_drop(struct net *n
+ }
+
+ static int __nf_queue(struct sk_buff *skb, const struct nf_hook_state *state,
+- struct nf_hook_entry *hook_entry, unsigned int queuenum)
++ struct nf_hook_entry *hook_entry, unsigned int verdict)
{
int status = -ENOENT;
struct nf_queue_entry *entry = NULL;
-@@ -123,7 +141,17 @@ int nf_queue(struct sk_buff *skb,
+ const struct nf_afinfo *afinfo;
+ const struct nf_queue_handler *qh;
struct net *net = state->net;
++ unsigned int queuetype = verdict & NF_VERDICT_MASK;
++ unsigned int queuenum = verdict >> NF_VERDICT_QBITS;
/* QUEUE == DROP if no one is waiting, to be safe. */
- qh = rcu_dereference(net->nf.queue_handler);
+ if (queuetype == NF_IMQ_QUEUE) {
+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE)
-+ qh = rcu_dereference(queue_imq_handler);
++ qh = rcu_dereference(queue_imq_handler);
+#else
-+ BUG();
-+ goto err_unlock;
++ BUG();
++ goto err_unlock;
+#endif
+ } else {
+ qh = rcu_dereference(net->nf.queue_handler);
if (!qh) {
status = -ESRCH;
goto err;
-@@ -198,8 +226,10 @@ void nf_reinject(struct nf_queue_entry *
+@@ -164,8 +193,17 @@ int nf_queue(struct sk_buff *skb, struct
+ struct nf_hook_entry *entry = *entryp;
+ int ret;
+
+- ret = __nf_queue(skb, state, entry, verdict >> NF_VERDICT_QBITS);
++ ret = __nf_queue(skb, state, entry, verdict);
+ if (ret < 0) {
++
++#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE)
++ /* IMQ Bypass */
++ if (ret == -ECANCELED && skb->imq_flags == 0) {
++ *entryp = rcu_dereference(entry->next);
++ return 1;
++ }
++#endif
++
+ if (ret == -ESRCH &&
+ (verdict & NF_VERDICT_FLAG_QUEUE_BYPASS)) {
+ *entryp = rcu_dereference(entry->next);
+@@ -232,6 +270,7 @@ okfn:
local_bh_enable();
break;
case NF_QUEUE:
+ case NF_IMQ_QUEUE:
- err = nf_queue(skb, elem, &entry->state,
-- verdict >> NF_VERDICT_QBITS);
-+ verdict >> NF_VERDICT_QBITS,
-+ verdict & NF_VERDICT_MASK);
- if (err < 0) {
- if (err == -ESRCH &&
- (verdict & NF_VERDICT_FLAG_QUEUE_BYPASS))
-diff -Naupr linux-4.7_orig/net/netfilter/xt_IMQ.c linux-4.7/net/netfilter/xt_IMQ.c
---- linux-4.7_orig/net/netfilter/xt_IMQ.c 1970-01-01 07:00:00.000000000 +0700
-+++ linux-4.7/net/netfilter/xt_IMQ.c 2016-07-26 20:58:55.649235058 +0700
+ err = nf_queue(skb, &entry->state, &hook_entry, verdict);
+ if (err == 1) {
+ if (hook_entry)
+diff -Naupr linux-4.10_orig/net/netfilter/xt_IMQ.c linux-4.10/net/netfilter/xt_IMQ.c
+--- linux-4.10_orig/net/netfilter/xt_IMQ.c 1970-01-01 07:00:00.000000000 +0700
++++ linux-4.10/net/netfilter/xt_IMQ.c 2017-02-28 18:44:55.988280636 +0700
@@ -0,0 +1,72 @@
+/*
+ * This target marks packets to be enqueued to an imq device
+MODULE_ALIAS("ipt_IMQ");
+MODULE_ALIAS("ip6t_IMQ");
+
-diff -Naupr linux-4.7_orig/net/sched/sch_generic.c linux-4.7/net/sched/sch_generic.c
---- linux-4.7_orig/net/sched/sch_generic.c 2016-07-25 02:23:50.000000000 +0700
-+++ linux-4.7/net/sched/sch_generic.c 2016-07-26 20:58:55.649235058 +0700
-@@ -110,6 +110,14 @@ static struct sk_buff *dequeue_skb(struc
+diff -Naupr linux-4.10_orig/net/sched/sch_generic.c linux-4.10/net/sched/sch_generic.c
+--- linux-4.10_orig/net/sched/sch_generic.c 2017-02-20 05:34:00.000000000 +0700
++++ linux-4.10/net/sched/sch_generic.c 2017-02-28 18:44:55.988280636 +0700
+@@ -154,6 +154,14 @@ bulk:
return skb;
}
+
/*
* Transmit possibly several skbs, and handle the return status as
- * required. Holding the __QDISC___STATE_RUNNING bit guarantees that
+ * required. Owning running seqcount bit guarantees that
projects / packages / kernel.git / blobdiff