source:
npl/kernel/linux_src/linux-4.14-imq.diff
@
efa4154
| Last change on this file since efa4154 was efa4154, checked in by , 5 years ago | |
|---|---|
|
|
| File size: 48.4 KB | |
-
drivers/net/imq.c
diff -Naupr linux-4.14_orig/drivers/net/imq.c linux-4.14/drivers/net/imq.c
old new 1 /* 2 * Pseudo-driver for the intermediate queue device. 3 * 4 * This program is free software; you can redistribute it and/or 5 * modify it under the terms of the GNU General Public License 6 * as published by the Free Software Foundation; either version 7 * 2 of the License, or (at your option) any later version. 8 * 9 * Authors: Patrick McHardy, <kaber@trash.net> 10 * 11 * The first version was written by Martin Devera, <devik@cdi.cz> 12 * 13 * See Credits.txt 14 */ 15 16 #include <linux/module.h> 17 #include <linux/kernel.h> 18 #include <linux/moduleparam.h> 19 #include <linux/list.h> 20 #include <linux/skbuff.h> 21 #include <linux/netdevice.h> 22 #include <linux/etherdevice.h> 23 #include <linux/rtnetlink.h> 24 #include <linux/if_arp.h> 25 #include <linux/netfilter.h> 26 #include <linux/netfilter_ipv4.h> 27 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 28 #include <linux/netfilter_ipv6.h> 29 #endif 30 #include <linux/imq.h> 31 #include <net/pkt_sched.h> 32 #include <net/netfilter/nf_queue.h> 33 #include <net/sock.h> 34 #include <linux/ip.h> 35 #include <linux/ipv6.h> 36 #include <linux/if_vlan.h> 37 #include <linux/if_pppox.h> 38 #include <net/ip.h> 39 #include <net/ipv6.h> 40 41 static int imq_nf_queue(struct nf_queue_entry *entry, unsigned queue_num); 42 43 static nf_hookfn imq_nf_hook; 44 45 static struct nf_hook_ops imq_ops[] = { 46 { 47 /* imq_ingress_ipv4 */ 48 .hook = imq_nf_hook, 49 .pf = PF_INET, 50 .hooknum = NF_INET_PRE_ROUTING, 51 #if defined(CONFIG_IMQ_BEHAVIOR_BA) || defined(CONFIG_IMQ_BEHAVIOR_BB) 52 .priority = NF_IP_PRI_MANGLE + 1, 53 #else 54 .priority = NF_IP_PRI_NAT_DST + 1, 55 #endif 56 }, 57 { 58 /* imq_egress_ipv4 */ 59 .hook = imq_nf_hook, 60 .pf = PF_INET, 61 .hooknum = NF_INET_POST_ROUTING, 62 #if defined(CONFIG_IMQ_BEHAVIOR_AA) || defined(CONFIG_IMQ_BEHAVIOR_BA) 63 .priority = NF_IP_PRI_LAST, 64 #else 65 .priority = NF_IP_PRI_NAT_SRC - 1, 66 #endif 67 }, 68 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 69 { 70 /* imq_ingress_ipv6 */ 71 .hook = imq_nf_hook, 72 .pf = PF_INET6, 73 .hooknum = NF_INET_PRE_ROUTING, 74 #if defined(CONFIG_IMQ_BEHAVIOR_BA) || defined(CONFIG_IMQ_BEHAVIOR_BB) 75 .priority = NF_IP6_PRI_MANGLE + 1, 76 #else 77 .priority = NF_IP6_PRI_NAT_DST + 1, 78 #endif 79 }, 80 { 81 /* imq_egress_ipv6 */ 82 .hook = imq_nf_hook, 83 .pf = PF_INET6, 84 .hooknum = NF_INET_POST_ROUTING, 85 #if defined(CONFIG_IMQ_BEHAVIOR_AA) || defined(CONFIG_IMQ_BEHAVIOR_BA) 86 .priority = NF_IP6_PRI_LAST, 87 #else 88 .priority = NF_IP6_PRI_NAT_SRC - 1, 89 #endif 90 }, 91 #endif 92 }; 93 94 #if defined(CONFIG_IMQ_NUM_DEVS) 95 static int numdevs = CONFIG_IMQ_NUM_DEVS; 96 #else 97 static int numdevs = IMQ_MAX_DEVS; 98 #endif 99 100 static struct net_device *imq_devs_cache[IMQ_MAX_DEVS]; 101 102 #define IMQ_MAX_QUEUES 32 103 static int numqueues = 1; 104 static u32 imq_hashrnd; 105 static int imq_dev_accurate_stats = 1; 106 107 static inline __be16 pppoe_proto(const struct sk_buff *skb) 108 { 109 return *((__be16 *)(skb_mac_header(skb) + ETH_HLEN + 110 sizeof(struct pppoe_hdr))); 111 } 112 113 static u16 imq_hash(struct net_device *dev, struct sk_buff *skb) 114 { 115 unsigned int pull_len; 116 u16 protocol = skb->protocol; 117 u32 addr1, addr2; 118 u32 hash, ihl = 0; 119 union { 120 u16 in16[2]; 121 u32 in32; 122 } ports; 123 u8 ip_proto; 124 125 pull_len = 0; 126 127 recheck: 128 switch (protocol) { 129 case htons(ETH_P_8021Q): { 130 if (unlikely(skb_pull(skb, VLAN_HLEN) == NULL)) 131 goto other; 132 133 pull_len += VLAN_HLEN; 134 skb->network_header += VLAN_HLEN; 135 136 protocol = vlan_eth_hdr(skb)->h_vlan_encapsulated_proto; 137 goto recheck; 138 } 139 140 case htons(ETH_P_PPP_SES): { 141 if (unlikely(skb_pull(skb, PPPOE_SES_HLEN) == NULL)) 142 goto other; 143 144 pull_len += PPPOE_SES_HLEN; 145 skb->network_header += PPPOE_SES_HLEN; 146 147 protocol = pppoe_proto(skb); 148 goto recheck; 149 } 150 151 case htons(ETH_P_IP): { 152 const struct iphdr *iph = ip_hdr(skb); 153 154 if (unlikely(!pskb_may_pull(skb, sizeof(struct iphdr)))) 155 goto other; 156 157 addr1 = iph->daddr; 158 addr2 = iph->saddr; 159 160 ip_proto = !(ip_hdr(skb)->frag_off & htons(IP_MF | IP_OFFSET)) ? 161 iph->protocol : 0; 162 ihl = ip_hdrlen(skb); 163 164 break; 165 } 166 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 167 case htons(ETH_P_IPV6): { 168 const struct ipv6hdr *iph = ipv6_hdr(skb); 169 __be16 fo = 0; 170 171 if (unlikely(!pskb_may_pull(skb, sizeof(struct ipv6hdr)))) 172 goto other; 173 174 addr1 = iph->daddr.s6_addr32[3]; 175 addr2 = iph->saddr.s6_addr32[3]; 176 ihl = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr), &ip_proto, 177 &fo); 178 if (unlikely(ihl < 0)) 179 goto other; 180 181 break; 182 } 183 #endif 184 default: 185 other: 186 if (pull_len != 0) { 187 skb_push(skb, pull_len); 188 skb->network_header -= pull_len; 189 } 190 191 return (u16)(ntohs(protocol) % dev->real_num_tx_queues); 192 } 193 194 if (addr1 > addr2) 195 swap(addr1, addr2); 196 197 switch (ip_proto) { 198 case IPPROTO_TCP: 199 case IPPROTO_UDP: 200 case IPPROTO_DCCP: 201 case IPPROTO_ESP: 202 case IPPROTO_AH: 203 case IPPROTO_SCTP: 204 case IPPROTO_UDPLITE: { 205 if (likely(skb_copy_bits(skb, ihl, &ports.in32, 4) >= 0)) { 206 if (ports.in16[0] > ports.in16[1]) 207 swap(ports.in16[0], ports.in16[1]); 208 break; 209 } 210 /* fall-through */ 211 } 212 default: 213 ports.in32 = 0; 214 break; 215 } 216 217 if (pull_len != 0) { 218 skb_push(skb, pull_len); 219 skb->network_header -= pull_len; 220 } 221 222 hash = jhash_3words(addr1, addr2, ports.in32, imq_hashrnd ^ ip_proto); 223 224 return (u16)(((u64)hash * dev->real_num_tx_queues) >> 32); 225 } 226 227 static inline bool sk_tx_queue_recorded(struct sock *sk) 228 { 229 return (sk_tx_queue_get(sk) >= 0); 230 } 231 232 static struct netdev_queue *imq_select_queue(struct net_device *dev, 233 struct sk_buff *skb) 234 { 235 u16 queue_index = 0; 236 u32 hash; 237 238 if (likely(dev->real_num_tx_queues == 1)) 239 goto out; 240 241 /* IMQ can be receiving ingress or engress packets. */ 242 243 /* Check first for if rx_queue is set */ 244 if (skb_rx_queue_recorded(skb)) { 245 queue_index = skb_get_rx_queue(skb); 246 goto out; 247 } 248 249 /* Check if socket has tx_queue set */ 250 if (sk_tx_queue_recorded(skb->sk)) { 251 queue_index = sk_tx_queue_get(skb->sk); 252 goto out; 253 } 254 255 /* Try use socket hash */ 256 if (skb->sk && skb->sk->sk_hash) { 257 hash = skb->sk->sk_hash; 258 queue_index = 259 (u16)(((u64)hash * dev->real_num_tx_queues) >> 32); 260 goto out; 261 } 262 263 /* Generate hash from packet data */ 264 queue_index = imq_hash(dev, skb); 265 266 out: 267 if (unlikely(queue_index >= dev->real_num_tx_queues)) 268 queue_index = (u16)((u32)queue_index % dev->real_num_tx_queues); 269 270 skb_set_queue_mapping(skb, queue_index); 271 return netdev_get_tx_queue(dev, queue_index); 272 } 273 274 static struct net_device_stats *imq_get_stats(struct net_device *dev) 275 { 276 return &dev->stats; 277 } 278 279 /* called for packets kfree'd in qdiscs at places other than enqueue */ 280 static void imq_skb_destructor(struct sk_buff *skb) 281 { 282 struct nf_queue_entry *entry = skb->nf_queue_entry; 283 284 skb->nf_queue_entry = NULL; 285 286 if (entry) { 287 nf_queue_entry_release_refs(entry); 288 kfree(entry); 289 } 290 291 skb_restore_cb(skb); /* kfree backup */ 292 } 293 294 static void imq_done_check_queue_mapping(struct sk_buff *skb, 295 struct net_device *dev) 296 { 297 unsigned int queue_index; 298 299 /* Don't let queue_mapping be left too large after exiting IMQ */ 300 if (likely(skb->dev != dev && skb->dev != NULL)) { 301 queue_index = skb_get_queue_mapping(skb); 302 if (unlikely(queue_index >= skb->dev->real_num_tx_queues)) { 303 queue_index = (u16)((u32)queue_index % 304 skb->dev->real_num_tx_queues); 305 skb_set_queue_mapping(skb, queue_index); 306 } 307 } else { 308 /* skb->dev was IMQ device itself or NULL, be on safe side and 309 * just clear queue mapping. 310 */ 311 skb_set_queue_mapping(skb, 0); 312 } 313 } 314 315 static netdev_tx_t imq_dev_xmit(struct sk_buff *skb, struct net_device *dev) 316 { 317 struct nf_queue_entry *entry = skb->nf_queue_entry; 318 319 rcu_read_lock(); 320 321 skb->nf_queue_entry = NULL; 322 netif_trans_update(dev); 323 324 dev->stats.tx_bytes += skb->len; 325 dev->stats.tx_packets++; 326 327 if (unlikely(entry == NULL)) { 328 /* We don't know what is going on here.. packet is queued for 329 * imq device, but (probably) not by us. 330 * 331 * If this packet was not send here by imq_nf_queue(), then 332 * skb_save_cb() was not used and skb_free() should not show: 333 * WARNING: IMQ: kfree_skb: skb->cb_next:.. 334 * and/or 335 * WARNING: IMQ: kfree_skb: skb->nf_queue_entry... 336 * 337 * However if this message is shown, then IMQ is somehow broken 338 * and you should report this to linuximq.net. 339 */ 340 341 /* imq_dev_xmit is black hole that eats all packets, report that 342 * we eat this packet happily and increase dropped counters. 343 */ 344 345 dev->stats.tx_dropped++; 346 dev_kfree_skb(skb); 347 348 rcu_read_unlock(); 349 return NETDEV_TX_OK; 350 } 351 352 skb_restore_cb(skb); /* restore skb->cb */ 353 354 skb->imq_flags = 0; 355 skb->destructor = NULL; 356 357 imq_done_check_queue_mapping(skb, dev); 358 359 nf_reinject(entry, NF_ACCEPT); 360 361 rcu_read_unlock(); 362 return NETDEV_TX_OK; 363 } 364 365 static struct net_device *get_imq_device_by_index(int index) 366 { 367 struct net_device *dev = NULL; 368 struct net *net; 369 char buf[8]; 370 371 /* get device by name and cache result */ 372 snprintf(buf, sizeof(buf), "imq%d", index); 373 374 /* Search device from all namespaces. */ 375 for_each_net(net) { 376 dev = dev_get_by_name(net, buf); 377 if (dev) 378 break; 379 } 380 381 if (WARN_ON_ONCE(dev == NULL)) { 382 /* IMQ device not found. Exotic config? */ 383 return ERR_PTR(-ENODEV); 384 } 385 386 imq_devs_cache[index] = dev; 387 dev_put(dev); 388 389 return dev; 390 } 391 392 static struct nf_queue_entry *nf_queue_entry_dup(struct nf_queue_entry *e) 393 { 394 struct nf_queue_entry *entry = kmemdup(e, e->size, GFP_ATOMIC); 395 if (entry) { 396 nf_queue_entry_get_refs(entry); 397 return entry; 398 } 399 return NULL; 400 } 401 402 #ifdef CONFIG_BRIDGE_NETFILTER 403 /* When called from bridge netfilter, skb->data must point to MAC header 404 * before calling skb_gso_segment(). Else, original MAC header is lost 405 * and segmented skbs will be sent to wrong destination. 406 */ 407 static void nf_bridge_adjust_skb_data(struct sk_buff *skb) 408 { 409 if (skb->nf_bridge) 410 __skb_push(skb, skb->network_header - skb->mac_header); 411 } 412 413 static void nf_bridge_adjust_segmented_data(struct sk_buff *skb) 414 { 415 if (skb->nf_bridge) 416 __skb_pull(skb, skb->network_header - skb->mac_header); 417 } 418 #else 419 #define nf_bridge_adjust_skb_data(s) do {} while (0) 420 #define nf_bridge_adjust_segmented_data(s) do {} while (0) 421 #endif 422 423 static void free_entry(struct nf_queue_entry *entry) 424 { 425 nf_queue_entry_release_refs(entry); 426 kfree(entry); 427 } 428 429 static int __imq_nf_queue(struct nf_queue_entry *entry, struct net_device *dev); 430 431 static int __imq_nf_queue_gso(struct nf_queue_entry *entry, 432 struct net_device *dev, struct sk_buff *skb) 433 { 434 int ret = -ENOMEM; 435 struct nf_queue_entry *entry_seg; 436 437 nf_bridge_adjust_segmented_data(skb); 438 439 if (skb->next == NULL) { /* last packet, no need to copy entry */ 440 struct sk_buff *gso_skb = entry->skb; 441 entry->skb = skb; 442 ret = __imq_nf_queue(entry, dev); 443 if (ret) 444 entry->skb = gso_skb; 445 return ret; 446 } 447 448 skb->next = NULL; 449 450 entry_seg = nf_queue_entry_dup(entry); 451 if (entry_seg) { 452 entry_seg->skb = skb; 453 ret = __imq_nf_queue(entry_seg, dev); 454 if (ret) 455 free_entry(entry_seg); 456 } 457 return ret; 458 } 459 460 static int imq_nf_queue(struct nf_queue_entry *entry, unsigned queue_num) 461 { 462 struct sk_buff *skb, *segs; 463 struct net_device *dev; 464 unsigned int queued; 465 int index, retval, err; 466 467 index = entry->skb->imq_flags & IMQ_F_IFMASK; 468 if (unlikely(index > numdevs - 1)) { 469 if (net_ratelimit()) 470 pr_warn("IMQ: invalid device specified, highest is %u\n", 471 numdevs - 1); 472 retval = -EINVAL; 473 goto out_no_dev; 474 } 475 476 /* check for imq device by index from cache */ 477 dev = imq_devs_cache[index]; 478 if (unlikely(!dev)) { 479 dev = get_imq_device_by_index(index); 480 if (IS_ERR(dev)) { 481 retval = PTR_ERR(dev); 482 goto out_no_dev; 483 } 484 } 485 486 if (unlikely(!(dev->flags & IFF_UP))) { 487 entry->skb->imq_flags = 0; 488 retval = -ECANCELED; 489 goto out_no_dev; 490 } 491 492 /* Since 3.10.x, GSO handling moved here as result of upstream commit 493 * a5fedd43d5f6c94c71053a66e4c3d2e35f1731a2 (netfilter: move 494 * skb_gso_segment into nfnetlink_queue module). 495 * 496 * Following code replicates the gso handling from 497 * 'net/netfilter/nfnetlink_queue_core.c':nfqnl_enqueue_packet(). 498 */ 499 500 skb = entry->skb; 501 502 switch (entry->state.pf) { 503 case NFPROTO_IPV4: 504 skb->protocol = htons(ETH_P_IP); 505 break; 506 case NFPROTO_IPV6: 507 skb->protocol = htons(ETH_P_IPV6); 508 break; 509 } 510 511 if (!skb_is_gso(entry->skb)) 512 return __imq_nf_queue(entry, dev); 513 514 nf_bridge_adjust_skb_data(skb); 515 segs = skb_gso_segment(skb, 0); 516 /* Does not use PTR_ERR to limit the number of error codes that can be 517 * returned by nf_queue. For instance, callers rely on -ECANCELED to 518 * mean 'ignore this hook'. 519 */ 520 err = -ENOBUFS; 521 if (IS_ERR(segs)) 522 goto out_err; 523 queued = 0; 524 err = 0; 525 do { 526 struct sk_buff *nskb = segs->next; 527 if (nskb && nskb->next) 528 nskb->cb_next = NULL; 529 if (err == 0) 530 err = __imq_nf_queue_gso(entry, dev, segs); 531 if (err == 0) 532 queued++; 533 else 534 kfree_skb(segs); 535 segs = nskb; 536 } while (segs); 537 538 if (queued) { 539 if (err) /* some segments are already queued */ 540 free_entry(entry); 541 kfree_skb(skb); 542 return 0; 543 } 544 545 out_err: 546 nf_bridge_adjust_segmented_data(skb); 547 retval = err; 548 out_no_dev: 549 return retval; 550 } 551 552 static int __imq_nf_queue(struct nf_queue_entry *entry, struct net_device *dev) 553 { 554 struct sk_buff *skb_orig, *skb, *skb_shared, *skb_popd; 555 struct Qdisc *q; 556 struct sk_buff *to_free = NULL; 557 struct netdev_queue *txq; 558 spinlock_t *root_lock; 559 int users; 560 int retval = -EINVAL; 561 unsigned int orig_queue_index; 562 563 dev->last_rx = jiffies; 564 565 skb = entry->skb; 566 skb_orig = NULL; 567 568 /* skb has owner? => make clone */ 569 if (unlikely(skb->destructor)) { 570 skb_orig = skb; 571 skb = skb_clone(skb, GFP_ATOMIC); 572 if (unlikely(!skb)) { 573 retval = -ENOMEM; 574 goto out; 575 } 576 skb->cb_next = NULL; 577 entry->skb = skb; 578 } 579 580 dev->stats.rx_bytes += skb->len; 581 dev->stats.rx_packets++; 582 583 if (!skb->dev) { 584 /* skb->dev == NULL causes problems, try the find cause. */ 585 if (net_ratelimit()) { 586 dev_warn(&dev->dev, 587 "received packet with skb->dev == NULL\n"); 588 dump_stack(); 589 } 590 591 skb->dev = dev; 592 } 593 594 /* Disables softirqs for lock below */ 595 rcu_read_lock_bh(); 596 597 /* Multi-queue selection */ 598 orig_queue_index = skb_get_queue_mapping(skb); 599 txq = imq_select_queue(dev, skb); 600 601 q = rcu_dereference(txq->qdisc); 602 if (unlikely(!q->enqueue)) 603 goto packet_not_eaten_by_imq_dev; 604 605 skb->nf_queue_entry = entry; 606 root_lock = qdisc_lock(q); 607 spin_lock(root_lock); 608 609 users = refcount_read(&skb->users); 610 611 skb_shared = skb_get(skb); /* increase reference count by one */ 612 613 /* backup skb->cb, as qdisc layer will overwrite it */ 614 skb_save_cb(skb_shared); 615 qdisc_enqueue_root(skb_shared, q, &to_free); /* might kfree_skb */ 616 if (likely(refcount_read(&skb_shared->users) == users + 1)) { 617 bool validate; 618 619 kfree_skb(skb_shared); /* decrease reference count by one */ 620 621 skb->destructor = &imq_skb_destructor; 622 623 skb_popd = qdisc_dequeue_skb(q, &validate); 624 625 /* cloned? */ 626 if (unlikely(skb_orig)) 627 kfree_skb(skb_orig); /* free original */ 628 629 spin_unlock(root_lock); 630 631 #if 0 632 /* schedule qdisc dequeue */ 633 __netif_schedule(q); 634 #else 635 if (likely(skb_popd)) { 636 /* Note that we validate skb (GSO, checksum, ...) outside of locks */ 637 if (validate) 638 skb_popd = validate_xmit_skb_list(skb_popd, dev); 639 640 if (skb_popd) { 641 int dummy_ret; 642 int cpu = smp_processor_id(); /* ok because BHs are off */ 643 644 txq = skb_get_tx_queue(dev, skb_popd); 645 /* 646 IMQ device will not be frozen or stoped, and it always be successful. 647 So we need not check its status and return value to accelerate. 648 */ 649 if (imq_dev_accurate_stats && txq->xmit_lock_owner != cpu) { 650 HARD_TX_LOCK(dev, txq, cpu); 651 if (!netif_xmit_frozen_or_stopped(txq)) { 652 dev_hard_start_xmit(skb_popd, dev, txq, &dummy_ret); 653 } 654 HARD_TX_UNLOCK(dev, txq); 655 } else { 656 if (!netif_xmit_frozen_or_stopped(txq)) { 657 dev_hard_start_xmit(skb_popd, dev, txq, &dummy_ret); 658 } 659 } 660 } 661 } else { 662 /* No ready skb, then schedule it */ 663 __netif_schedule(q); 664 } 665 #endif 666 rcu_read_unlock_bh(); 667 retval = 0; 668 goto out; 669 } else { 670 skb_restore_cb(skb_shared); /* restore skb->cb */ 671 skb->nf_queue_entry = NULL; 672 /* 673 * qdisc dropped packet and decreased skb reference count of 674 * skb, so we don't really want to and try refree as that would 675 * actually destroy the skb. 676 */ 677 spin_unlock(root_lock); 678 goto packet_not_eaten_by_imq_dev; 679 } 680 681 packet_not_eaten_by_imq_dev: 682 skb_set_queue_mapping(skb, orig_queue_index); 683 rcu_read_unlock_bh(); 684 685 /* cloned? restore original */ 686 if (unlikely(skb_orig)) { 687 kfree_skb(skb); 688 entry->skb = skb_orig; 689 } 690 retval = -1; 691 out: 692 if (unlikely(to_free)) { 693 kfree_skb_list(to_free); 694 } 695 return retval; 696 } 697 static unsigned int imq_nf_hook(void *priv, 698 struct sk_buff *skb, 699 const struct nf_hook_state *state) 700 { 701 return (skb->imq_flags & IMQ_F_ENQUEUE) ? NF_IMQ_QUEUE : NF_ACCEPT; 702 } 703 704 static int imq_close(struct net_device *dev) 705 { 706 netif_stop_queue(dev); 707 return 0; 708 } 709 710 static int imq_open(struct net_device *dev) 711 { 712 netif_start_queue(dev); 713 return 0; 714 } 715 716 static struct device_type imq_device_type = { 717 .name = "imq", 718 }; 719 720 static const struct net_device_ops imq_netdev_ops = { 721 .ndo_open = imq_open, 722 .ndo_stop = imq_close, 723 .ndo_start_xmit = imq_dev_xmit, 724 .ndo_get_stats = imq_get_stats, 725 }; 726 727 static void imq_setup(struct net_device *dev) 728 { 729 dev->netdev_ops = &imq_netdev_ops; 730 dev->type = ARPHRD_VOID; 731 dev->mtu = 16000; /* too small? */ 732 dev->tx_queue_len = 11000; /* too big? */ 733 dev->flags = IFF_NOARP; 734 dev->features = NETIF_F_SG | NETIF_F_FRAGLIST | 735 NETIF_F_GSO | NETIF_F_HW_CSUM | 736 NETIF_F_HIGHDMA; 737 dev->priv_flags &= ~(IFF_XMIT_DST_RELEASE | 738 IFF_TX_SKB_SHARING); 739 } 740 741 static int imq_validate(struct nlattr *tb[], struct nlattr *data[], 742 struct netlink_ext_ack *extack) 743 { 744 int ret = 0; 745 746 if (tb[IFLA_ADDRESS]) { 747 if (nla_len(tb[IFLA_ADDRESS]) != ETH_ALEN) { 748 ret = -EINVAL; 749 goto end; 750 } 751 if (!is_valid_ether_addr(nla_data(tb[IFLA_ADDRESS]))) { 752 ret = -EADDRNOTAVAIL; 753 goto end; 754 } 755 } 756 return 0; 757 end: 758 pr_warn("IMQ: imq_validate failed (%d)\n", ret); 759 return ret; 760 } 761 762 static struct rtnl_link_ops imq_link_ops __read_mostly = { 763 .kind = "imq", 764 .priv_size = 0, 765 .setup = imq_setup, 766 .validate = imq_validate, 767 }; 768 769 static const struct nf_queue_handler imq_nfqh = { 770 .outfn = imq_nf_queue, 771 }; 772 773 static int __net_init imq_nf_register(struct net *net) 774 { 775 return nf_register_net_hooks(net, imq_ops, 776 ARRAY_SIZE(imq_ops)); 777 }; 778 779 static void __net_exit imq_nf_unregister(struct net *net) 780 { 781 nf_unregister_net_hooks(net, imq_ops, 782 ARRAY_SIZE(imq_ops)); 783 }; 784 785 static struct pernet_operations imq_net_ops = { 786 .init = imq_nf_register, 787 .exit = imq_nf_unregister, 788 }; 789 790 static int __net_init imq_init_hooks(void) 791 { 792 int ret; 793 nf_register_queue_imq_handler(&imq_nfqh); 794 795 ret = register_pernet_subsys(&imq_net_ops); 796 if (ret < 0) 797 nf_unregister_queue_imq_handler(); 798 799 return ret; 800 } 801 802 #ifdef CONFIG_LOCKDEP 803 static struct lock_class_key imq_netdev_addr_lock_key; 804 805 static void __init imq_dev_set_lockdep_one(struct net_device *dev, 806 struct netdev_queue *txq, void *arg) 807 { 808 /* 809 * the IMQ transmit locks can be taken recursively, 810 * for example with one IMQ rule for input- and one for 811 * output network devices in iptables! 812 * until we find a better solution ignore them. 813 */ 814 lockdep_set_novalidate_class(&txq->_xmit_lock); 815 } 816 817 static void imq_dev_set_lockdep_class(struct net_device *dev) 818 { 819 lockdep_set_class_and_name(&dev->addr_list_lock, 820 &imq_netdev_addr_lock_key, "_xmit_addr_IMQ"); 821 netdev_for_each_tx_queue(dev, imq_dev_set_lockdep_one, NULL); 822 } 823 #else 824 static inline void imq_dev_set_lockdep_class(struct net_device *dev) 825 { 826 } 827 #endif 828 829 static int __init imq_init_one(int index) 830 { 831 struct net_device *dev; 832 int ret; 833 834 dev = alloc_netdev_mq(0, "imq%d", NET_NAME_UNKNOWN, imq_setup, numqueues); 835 if (!dev) 836 return -ENOMEM; 837 838 ret = dev_alloc_name(dev, dev->name); 839 if (ret < 0) 840 goto fail; 841 842 dev->rtnl_link_ops = &imq_link_ops; 843 SET_NETDEV_DEVTYPE(dev, &imq_device_type); 844 ret = register_netdevice(dev); 845 if (ret < 0) 846 goto fail; 847 848 imq_dev_set_lockdep_class(dev); 849 850 return 0; 851 fail: 852 free_netdev(dev); 853 return ret; 854 } 855 856 static int __init imq_init_devs(void) 857 { 858 int err, i; 859 860 if (numdevs < 1 || numdevs > IMQ_MAX_DEVS) { 861 pr_err("IMQ: numdevs has to be betweed 1 and %u\n", 862 IMQ_MAX_DEVS); 863 return -EINVAL; 864 } 865 866 if (numqueues < 1 || numqueues > IMQ_MAX_QUEUES) { 867 pr_err("IMQ: numqueues has to be betweed 1 and %u\n", 868 IMQ_MAX_QUEUES); 869 return -EINVAL; 870 } 871 872 get_random_bytes(&imq_hashrnd, sizeof(imq_hashrnd)); 873 874 rtnl_lock(); 875 err = __rtnl_link_register(&imq_link_ops); 876 877 for (i = 0; i < numdevs && !err; i++) 878 err = imq_init_one(i); 879 880 if (err) { 881 __rtnl_link_unregister(&imq_link_ops); 882 memset(imq_devs_cache, 0, sizeof(imq_devs_cache)); 883 } 884 rtnl_unlock(); 885 886 return err; 887 } 888 889 static int __init imq_init_module(void) 890 { 891 int err; 892 893 #if defined(CONFIG_IMQ_NUM_DEVS) 894 BUILD_BUG_ON(CONFIG_IMQ_NUM_DEVS > 16); 895 BUILD_BUG_ON(CONFIG_IMQ_NUM_DEVS < 2); 896 BUILD_BUG_ON(CONFIG_IMQ_NUM_DEVS - 1 > IMQ_F_IFMASK); 897 #endif 898 899 err = imq_init_devs(); 900 if (err) { 901 pr_err("IMQ: Error trying imq_init_devs(net)\n"); 902 return err; 903 } 904 905 err = imq_init_hooks(); 906 if (err) { 907 pr_err(KERN_ERR "IMQ: Error trying imq_init_hooks()\n"); 908 rtnl_link_unregister(&imq_link_ops); 909 memset(imq_devs_cache, 0, sizeof(imq_devs_cache)); 910 return err; 911 } 912 913 pr_info("IMQ driver loaded successfully. (numdevs = %d, numqueues = %d, imq_dev_accurate_stats = %d)\n", 914 numdevs, numqueues, imq_dev_accurate_stats); 915 916 #if defined(CONFIG_IMQ_BEHAVIOR_BA) || defined(CONFIG_IMQ_BEHAVIOR_BB) 917 pr_info("\tHooking IMQ before NAT on PREROUTING.\n"); 918 #else 919 pr_info("\tHooking IMQ after NAT on PREROUTING.\n"); 920 #endif 921 #if defined(CONFIG_IMQ_BEHAVIOR_AB) || defined(CONFIG_IMQ_BEHAVIOR_BB) 922 pr_info("\tHooking IMQ before NAT on POSTROUTING.\n"); 923 #else 924 pr_info("\tHooking IMQ after NAT on POSTROUTING.\n"); 925 #endif 926 927 return 0; 928 } 929 930 static void __exit imq_unhook(void) 931 { 932 unregister_pernet_subsys(&imq_net_ops); 933 nf_unregister_queue_imq_handler(); 934 } 935 936 static void __exit imq_cleanup_devs(void) 937 { 938 rtnl_link_unregister(&imq_link_ops); 939 memset(imq_devs_cache, 0, sizeof(imq_devs_cache)); 940 } 941 942 static void __exit imq_exit_module(void) 943 { 944 imq_unhook(); 945 imq_cleanup_devs(); 946 pr_info("IMQ driver unloaded successfully.\n"); 947 } 948 949 module_init(imq_init_module); 950 module_exit(imq_exit_module); 951 952 module_param(numdevs, int, 0); 953 module_param(numqueues, int, 0); 954 module_param(imq_dev_accurate_stats, int, 0); 955 MODULE_PARM_DESC(numdevs, "number of IMQ devices (how many imq* devices will be created)"); 956 MODULE_PARM_DESC(numqueues, "number of queues per IMQ device"); 957 MODULE_PARM_DESC(imq_dev_accurate_stats, "Notify if need the accurate imq device stats"); 958 959 MODULE_AUTHOR("https://github.com/imq/linuximq"); 960 MODULE_DESCRIPTION("Pseudo-driver for the intermediate queue device. See https://github.com/imq/linuximq/wiki for more information."); 961 MODULE_LICENSE("GPL"); 962 MODULE_ALIAS_RTNL_LINK("imq"); -
drivers/net/Kconfig
diff -Naupr linux-4.14_orig/drivers/net/Kconfig linux-4.14/drivers/net/Kconfig
old new config RIONET_RX_SIZE 277 277 depends on RIONET 278 278 default "128" 279 279 280 config IMQ 281 tristate "IMQ (intermediate queueing device) support" 282 depends on NETDEVICES && NETFILTER 283 ---help--- 284 The IMQ device(s) is used as placeholder for QoS queueing 285 disciplines. Every packet entering/leaving the IP stack can be 286 directed through the IMQ device where it's enqueued/dequeued to the 287 attached qdisc. This allows you to treat network devices as classes 288 and distribute bandwidth among them. Iptables is used to specify 289 through which IMQ device, if any, packets travel. 290 291 More information at: https://github.com/imq/linuximq 292 293 To compile this driver as a module, choose M here: the module 294 will be called imq. If unsure, say N. 295 296 choice 297 prompt "IMQ behavior (PRE/POSTROUTING)" 298 depends on IMQ 299 default IMQ_BEHAVIOR_AB 300 help 301 This setting defines how IMQ behaves in respect to its 302 hooking in PREROUTING and POSTROUTING. 303 304 IMQ can work in any of the following ways: 305 306 PREROUTING | POSTROUTING 307 -----------------|------------------- 308 #1 After NAT | After NAT 309 #2 After NAT | Before NAT 310 #3 Before NAT | After NAT 311 #4 Before NAT | Before NAT 312 313 The default behavior is to hook before NAT on PREROUTING 314 and after NAT on POSTROUTING (#3). 315 316 This settings are specially usefull when trying to use IMQ 317 to shape NATed clients. 318 319 More information can be found at: https://github.com/imq/linuximq 320 321 If not sure leave the default settings alone. 322 323 config IMQ_BEHAVIOR_AA 324 bool "IMQ AA" 325 help 326 This setting defines how IMQ behaves in respect to its 327 hooking in PREROUTING and POSTROUTING. 328 329 Choosing this option will make IMQ hook like this: 330 331 PREROUTING: After NAT 332 POSTROUTING: After NAT 333 334 More information can be found at: https://github.com/imq/linuximq 335 336 If not sure leave the default settings alone. 337 338 config IMQ_BEHAVIOR_AB 339 bool "IMQ AB" 340 help 341 This setting defines how IMQ behaves in respect to its 342 hooking in PREROUTING and POSTROUTING. 343 344 Choosing this option will make IMQ hook like this: 345 346 PREROUTING: After NAT 347 POSTROUTING: Before NAT 348 349 More information can be found at: https://github.com/imq/linuximq 350 351 If not sure leave the default settings alone. 352 353 config IMQ_BEHAVIOR_BA 354 bool "IMQ BA" 355 help 356 This setting defines how IMQ behaves in respect to its 357 hooking in PREROUTING and POSTROUTING. 358 359 Choosing this option will make IMQ hook like this: 360 361 PREROUTING: Before NAT 362 POSTROUTING: After NAT 363 364 More information can be found at: https://github.com/imq/linuximq 365 366 If not sure leave the default settings alone. 367 368 config IMQ_BEHAVIOR_BB 369 bool "IMQ BB" 370 help 371 This setting defines how IMQ behaves in respect to its 372 hooking in PREROUTING and POSTROUTING. 373 374 Choosing this option will make IMQ hook like this: 375 376 PREROUTING: Before NAT 377 POSTROUTING: Before NAT 378 379 More information can be found at: https://github.com/imq/linuximq 380 381 If not sure leave the default settings alone. 382 383 endchoice 384 385 config IMQ_NUM_DEVS 386 int "Number of IMQ devices" 387 range 2 16 388 depends on IMQ 389 default "16" 390 help 391 This setting defines how many IMQ devices will be created. 392 393 The default value is 16. 394 395 More information can be found at: https://github.com/imq/linuximq 396 397 If not sure leave the default settings alone. 398 280 399 config TUN 281 400 tristate "Universal TUN/TAP device driver support" 282 401 depends on INET -
drivers/net/Makefile
diff -Naupr linux-4.14_orig/drivers/net/Makefile linux-4.14/drivers/net/Makefile
old new obj-$(CONFIG_DUMMY) += dummy.o 13 13 obj-$(CONFIG_EQUALIZER) += eql.o 14 14 obj-$(CONFIG_IFB) += ifb.o 15 15 obj-$(CONFIG_MACSEC) += macsec.o 16 obj-$(CONFIG_IMQ) += imq.o 16 17 obj-$(CONFIG_MACVLAN) += macvlan.o 17 18 obj-$(CONFIG_MACVTAP) += macvtap.o 18 19 obj-$(CONFIG_MII) += mii.o -
include/linux/imq.h
diff -Naupr linux-4.14_orig/include/linux/imq.h linux-4.14/include/linux/imq.h
old new 1 #ifndef _IMQ_H 2 #define _IMQ_H 3 4 /* IFMASK (16 device indexes, 0 to 15) and flag(s) fit in 5 bits */ 5 #define IMQ_F_BITS 5 6 7 #define IMQ_F_IFMASK 0x0f 8 #define IMQ_F_ENQUEUE 0x10 9 10 #define IMQ_MAX_DEVS (IMQ_F_IFMASK + 1) 11 12 #endif /* _IMQ_H */ 13 -
include/linux/netdevice.h
diff -Naupr linux-4.14_orig/include/linux/netdevice.h linux-4.14/include/linux/netdevice.h
old new struct net_device { 1771 1771 /* 1772 1772 * Cache lines mostly used on receive path (including eth_type_trans()) 1773 1773 */ 1774 1775 #if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) 1776 unsigned long last_rx; 1777 #endif 1778 1774 1779 /* Interface address info used in eth_type_trans() */ 1775 1780 unsigned char *dev_addr; 1776 1781 … … static inline void netif_tx_unlock_bh(st 3631 3636 } \ 3632 3637 } 3633 3638 3639 #define HARD_TX_LOCK_BH(dev, txq) { \ 3640 if ((dev->features & NETIF_F_LLTX) == 0) { \ 3641 __netif_tx_lock_bh(txq); \ 3642 } \ 3643 } 3644 3645 #define HARD_TX_UNLOCK_BH(dev, txq) { \ 3646 if ((dev->features & NETIF_F_LLTX) == 0) { \ 3647 __netif_tx_unlock_bh(txq); \ 3648 } \ 3649 } 3650 3651 3634 3652 static inline void netif_tx_disable(struct net_device *dev) 3635 3653 { 3636 3654 unsigned int i; -
include/linux/netfilter/xt_IMQ.h
diff -Naupr linux-4.14_orig/include/linux/netfilter/xt_IMQ.h linux-4.14/include/linux/netfilter/xt_IMQ.h
old new 1 #ifndef _XT_IMQ_H 2 #define _XT_IMQ_H 3 4 struct xt_imq_info { 5 unsigned int todev; /* target imq device */ 6 }; 7 8 #endif /* _XT_IMQ_H */ 9 -
include/linux/netfilter_ipv4/ipt_IMQ.h
diff -Naupr linux-4.14_orig/include/linux/netfilter_ipv4/ipt_IMQ.h linux-4.14/include/linux/netfilter_ipv4/ipt_IMQ.h
old new 1 #ifndef _IPT_IMQ_H 2 #define _IPT_IMQ_H 3 4 /* Backwards compatibility for old userspace */ 5 #include <linux/netfilter/xt_IMQ.h> 6 7 #define ipt_imq_info xt_imq_info 8 9 #endif /* _IPT_IMQ_H */ 10 -
include/linux/netfilter_ipv6/ip6t_IMQ.h
diff -Naupr linux-4.14_orig/include/linux/netfilter_ipv6/ip6t_IMQ.h linux-4.14/include/linux/netfilter_ipv6/ip6t_IMQ.h
old new 1 #ifndef _IP6T_IMQ_H 2 #define _IP6T_IMQ_H 3 4 /* Backwards compatibility for old userspace */ 5 #include <linux/netfilter/xt_IMQ.h> 6 7 #define ip6t_imq_info xt_imq_info 8 9 #endif /* _IP6T_IMQ_H */ 10 -
include/linux/skbuff.h
diff -Naupr linux-4.14_orig/include/linux/skbuff.h linux-4.14/include/linux/skbuff.h
old new 41 41 #include <linux/in6.h> 42 42 #include <linux/if_packet.h> 43 43 #include <net/flow.h> 44 #if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) 45 #include <linux/imq.h> 46 #endif 47 44 48 45 49 /* The interface for checksum offload between the stack and networking drivers 46 50 * is as follows... … … typedef unsigned int sk_buff_data_t; 581 585 typedef unsigned char *sk_buff_data_t; 582 586 #endif 583 587 584 /** 588 /** 585 589 * struct sk_buff - socket buffer 586 590 * @next: Next buffer in list 587 591 * @prev: Previous buffer in list … … struct sk_buff { 684 688 * first. This is owned by whoever has the skb queued ATM. 685 689 */ 686 690 char cb[48] __aligned(8); 691 #if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) 692 void *cb_next; 693 #endif 687 694 688 695 unsigned long _skb_refdst; 689 696 void (*destructor)(struct sk_buff *skb); … … struct sk_buff { 693 700 #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) 694 701 unsigned long _nfct; 695 702 #endif 703 #if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) 704 struct nf_queue_entry *nf_queue_entry; 705 #endif 696 706 #if IS_ENABLED(CONFIG_BRIDGE_NETFILTER) 697 707 struct nf_bridge_info *nf_bridge; 698 708 #endif … … struct sk_buff { 772 782 #ifdef CONFIG_NET_SWITCHDEV 773 783 __u8 offload_fwd_mark:1; 774 784 #endif 785 #if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) 786 __u8 imq_flags:IMQ_F_BITS; 787 #endif 775 788 #ifdef CONFIG_NET_CLS_ACT 776 789 __u8 tc_skip_classify:1; 777 790 __u8 tc_at_ingress:1; … … static inline bool skb_pfmemalloc(const 870 883 */ 871 884 static inline struct dst_entry *skb_dst(const struct sk_buff *skb) 872 885 { 873 /* If refdst was not refcounted, check we still are in a 886 /* If refdst was not refcounted, check we still are in a 874 887 * rcu_read_lock section 875 888 */ 876 889 WARN_ON((skb->_skb_refdst & SKB_DST_NOREF) && … … void skb_tx_error(struct sk_buff *skb); 960 973 void consume_skb(struct sk_buff *skb); 961 974 void __consume_stateless_skb(struct sk_buff *skb); 962 975 void __kfree_skb(struct sk_buff *skb); 976 977 #if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) 978 int skb_save_cb(struct sk_buff *skb); 979 int skb_restore_cb(struct sk_buff *skb); 980 #endif 981 963 982 extern struct kmem_cache *skbuff_head_cache; 964 983 965 984 void kfree_skb_partial(struct sk_buff *skb, bool head_stolen); … … static inline void __nf_copy(struct sk_b 3785 3804 dst->_nfct = src->_nfct; 3786 3805 nf_conntrack_get(skb_nfct(src)); 3787 3806 #endif 3807 #if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) 3808 dst->imq_flags = src->imq_flags; 3809 dst->nf_queue_entry = src->nf_queue_entry; 3810 #endif 3788 3811 #if IS_ENABLED(CONFIG_BRIDGE_NETFILTER) 3789 dst->nf_bridge 3812 dst->nf_bridge = src->nf_bridge; 3790 3813 nf_bridge_get(src->nf_bridge); 3791 3814 #endif 3792 3815 #if IS_ENABLED(CONFIG_NETFILTER_XT_TARGET_TRACE) || defined(CONFIG_NF_TABLES) -
include/net/netfilter/nf_queue.h
diff -Naupr linux-4.14_orig/include/net/netfilter/nf_queue.h linux-4.14/include/net/netfilter/nf_queue.h
old new struct nf_queue_handler { 31 31 void nf_register_queue_handler(struct net *net, const struct nf_queue_handler *qh); 32 32 void nf_unregister_queue_handler(struct net *net); 33 33 void nf_reinject(struct nf_queue_entry *entry, unsigned int verdict); 34 void nf_queue_entry_release_refs(struct nf_queue_entry *entry); 35 36 #if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) 37 void nf_register_queue_imq_handler(const struct nf_queue_handler *qh); 38 void nf_unregister_queue_imq_handler(void); 39 #endif 34 40 35 41 void nf_queue_entry_get_refs(struct nf_queue_entry *entry); 36 42 void nf_queue_entry_release_refs(struct nf_queue_entry *entry); -
include/net/pkt_sched.h
diff -Naupr linux-4.14_orig/include/net/pkt_sched.h linux-4.14/include/net/pkt_sched.h
old new int sch_direct_xmit(struct sk_buff *skb, 109 109 110 110 void __qdisc_run(struct Qdisc *q); 111 111 112 struct sk_buff *qdisc_dequeue_skb(struct Qdisc *q, bool *validate); 113 112 114 static inline void qdisc_run(struct Qdisc *q) 113 115 { 114 116 if (qdisc_run_begin(q)) -
include/net/sch_generic.h
diff -Naupr linux-4.14_orig/include/net/sch_generic.h linux-4.14/include/net/sch_generic.h
old new static inline int qdisc_enqueue(struct s 567 567 return sch->enqueue(skb, sch, to_free); 568 568 } 569 569 570 static inline int qdisc_enqueue_root(struct sk_buff *skb, struct Qdisc *sch, 571 struct sk_buff **to_free) 572 { 573 qdisc_skb_cb(skb)->pkt_len = skb->len; 574 return qdisc_enqueue(skb, sch, to_free) & NET_XMIT_MASK; 575 } 576 570 577 static inline bool qdisc_is_percpu_stats(const struct Qdisc *q) 571 578 { 572 579 return q->flags & TCQ_F_CPUSTATS; -
include/uapi/linux/netfilter.h
diff -Naupr linux-4.14_orig/include/uapi/linux/netfilter.h linux-4.14/include/uapi/linux/netfilter.h
old new 14 14 #define NF_QUEUE 3 15 15 #define NF_REPEAT 4 16 16 #define NF_STOP 5 /* Deprecated, for userspace nf_queue compatibility. */ 17 #define NF_MAX_VERDICT NF_STOP 17 #define NF_IMQ_QUEUE 6 18 #define NF_MAX_VERDICT NF_IMQ_QUEUE 18 19 19 20 /* we overload the higher bits for encoding auxiliary data such as the queue 20 21 * number or errno values. Not nice, but better than additional function -
net/core/dev.c
diff -Naupr linux-4.14_orig/net/core/dev.c linux-4.14/net/core/dev.c
old new 143 143 #include <linux/hrtimer.h> 144 144 #include <linux/netfilter_ingress.h> 145 145 #include <linux/crash_dump.h> 146 #if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) 147 #include <linux/imq.h> 148 #endif 146 149 #include <linux/sctp.h> 147 150 #include <net/udp_tunnel.h> 148 151 … … static int xmit_one(struct sk_buff *skb, 2971 2974 unsigned int len; 2972 2975 int rc; 2973 2976 2977 #if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) 2978 if ((!list_empty(&ptype_all) || !list_empty(&dev->ptype_all)) && 2979 !(skb->imq_flags & IMQ_F_ENQUEUE)) 2980 #else 2974 2981 if (!list_empty(&ptype_all) || !list_empty(&dev->ptype_all)) 2982 #endif 2975 2983 dev_queue_xmit_nit(skb, dev); 2976 2984 2977 2985 len = skb->len; … … out: 3010 3018 return skb; 3011 3019 } 3012 3020 3021 EXPORT_SYMBOL_GPL(dev_hard_start_xmit); 3022 3013 3023 static struct sk_buff *validate_xmit_vlan(struct sk_buff *skb, 3014 3024 netdev_features_t features) 3015 3025 { -
net/core/skbuff.c
diff -Naupr linux-4.14_orig/net/core/skbuff.c linux-4.14/net/core/skbuff.c
old new struct kmem_cache *skbuff_head_cache __r 82 82 static struct kmem_cache *skbuff_fclone_cache __read_mostly; 83 83 int sysctl_max_skb_frags __read_mostly = MAX_SKB_FRAGS; 84 84 EXPORT_SYMBOL(sysctl_max_skb_frags); 85 #if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) 86 static struct kmem_cache *skbuff_cb_store_cache __read_mostly; 87 #endif 88 89 #if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) 90 /* Control buffer save/restore for IMQ devices */ 91 struct skb_cb_table { 92 char cb[48] __aligned(8); 93 void *cb_next; 94 atomic_t refcnt; 95 }; 96 97 static DEFINE_SPINLOCK(skb_cb_store_lock); 98 99 int skb_save_cb(struct sk_buff *skb) 100 { 101 struct skb_cb_table *next; 102 103 next = kmem_cache_alloc(skbuff_cb_store_cache, GFP_ATOMIC); 104 if (!next) 105 return -ENOMEM; 106 107 BUILD_BUG_ON(sizeof(skb->cb) != sizeof(next->cb)); 108 109 memcpy(next->cb, skb->cb, sizeof(skb->cb)); 110 next->cb_next = skb->cb_next; 111 112 atomic_set(&next->refcnt, 1); 113 114 skb->cb_next = next; 115 return 0; 116 } 117 EXPORT_SYMBOL(skb_save_cb); 118 119 int skb_restore_cb(struct sk_buff *skb) 120 { 121 struct skb_cb_table *next; 122 123 if (!skb->cb_next) 124 return 0; 125 126 next = skb->cb_next; 127 128 BUILD_BUG_ON(sizeof(skb->cb) != sizeof(next->cb)); 129 130 memcpy(skb->cb, next->cb, sizeof(skb->cb)); 131 skb->cb_next = next->cb_next; 132 133 spin_lock(&skb_cb_store_lock); 134 135 if (atomic_dec_and_test(&next->refcnt)) 136 kmem_cache_free(skbuff_cb_store_cache, next); 137 138 spin_unlock(&skb_cb_store_lock); 139 140 return 0; 141 } 142 EXPORT_SYMBOL(skb_restore_cb); 143 144 static void skb_copy_stored_cb(struct sk_buff * , const struct sk_buff * ) __attribute__ ((unused)); 145 static void skb_copy_stored_cb(struct sk_buff *new, const struct sk_buff *__old) 146 { 147 struct skb_cb_table *next; 148 struct sk_buff *old; 149 150 if (!__old->cb_next) { 151 new->cb_next = NULL; 152 return; 153 } 154 155 spin_lock(&skb_cb_store_lock); 156 157 old = (struct sk_buff *)__old; 158 159 next = old->cb_next; 160 atomic_inc(&next->refcnt); 161 new->cb_next = next; 162 163 spin_unlock(&skb_cb_store_lock); 164 } 165 #endif 85 166 86 167 /** 87 168 * skb_panic - private function for out-of-line support … … void skb_release_head_state(struct sk_bu 615 696 WARN_ON(in_irq()); 616 697 skb->destructor(skb); 617 698 } 699 #if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) 700 /* 701 * This should not happen. When it does, avoid memleak by restoring 702 * the chain of cb-backups. 703 */ 704 while (skb->cb_next != NULL) { 705 if (net_ratelimit()) 706 pr_warn("IMQ: kfree_skb: skb->cb_next: %08x\n", 707 (unsigned int)(uintptr_t)skb->cb_next); 708 709 skb_restore_cb(skb); 710 } 711 /* 712 * This should not happen either, nf_queue_entry is nullified in 713 * imq_dev_xmit(). If we have non-NULL nf_queue_entry then we are 714 * leaking entry pointers, maybe memory. We don't know if this is 715 * pointer to already freed memory, or should this be freed. 716 * If this happens we need to add refcounting, etc for nf_queue_entry. 717 */ 718 if (skb->nf_queue_entry && net_ratelimit()) 719 pr_warn("%s\n", "IMQ: kfree_skb: skb->nf_queue_entry != NULL"); 720 #endif 618 721 #if IS_ENABLED(CONFIG_NF_CONNTRACK) 619 722 nf_conntrack_put(skb_nfct(skb)); 620 723 #endif … … static void __copy_skb_header(struct sk_ 804 907 new->sp = secpath_get(old->sp); 805 908 #endif 806 909 __nf_copy(new, old, false); 910 #if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) 911 new->cb_next = NULL; 912 /*skb_copy_stored_cb(new, old);*/ 913 #endif 807 914 808 915 /* Note : this field could be in headers_start/headers_end section 809 916 * It is not yet because we do not want to have a 16 bit hole … … void __init skb_init(void) 3902 4009 0, 3903 4010 SLAB_HWCACHE_ALIGN|SLAB_PANIC, 3904 4011 NULL); 4012 #if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) 4013 skbuff_cb_store_cache = kmem_cache_create("skbuff_cb_store_cache", 4014 sizeof(struct skb_cb_table), 4015 0, 4016 SLAB_HWCACHE_ALIGN|SLAB_PANIC, 4017 NULL); 4018 #endif 3905 4019 } 3906 4020 3907 4021 static int -
net/netfilter/core.c
diff -Naupr linux-4.14_orig/net/netfilter/core.c linux-4.14/net/netfilter/core.c
old new int nf_hook_slow(struct sk_buff *skb, st 474 474 if (ret == 0) 475 475 ret = -EPERM; 476 476 return ret; 477 case NF_IMQ_QUEUE: 478 ret = nf_queue(skb, state, e, s, verdict); 479 if (ret == -ECANCELED) 480 continue; 481 return ret; 477 482 case NF_QUEUE: 478 483 ret = nf_queue(skb, state, e, s, verdict); 479 484 if (ret == 1) -
net/netfilter/Kconfig
diff -Naupr linux-4.14_orig/net/netfilter/Kconfig linux-4.14/net/netfilter/Kconfig
old new config NETFILTER_XT_TARGET_LOG 867 867 868 868 To compile it as a module, choose M here. If unsure, say N. 869 869 870 config NETFILTER_XT_TARGET_IMQ 871 tristate '"IMQ" target support' 872 depends on NETFILTER_XTABLES 873 depends on IP_NF_MANGLE || IP6_NF_MANGLE 874 select IMQ 875 default m if NETFILTER_ADVANCED=n 876 help 877 This option adds a `IMQ' target which is used to specify if and 878 to which imq device packets should get enqueued/dequeued. 879 880 To compile it as a module, choose M here. If unsure, say N. 881 870 882 config NETFILTER_XT_TARGET_MARK 871 883 tristate '"MARK" target support' 872 884 depends on NETFILTER_ADVANCED -
net/netfilter/Makefile
diff -Naupr linux-4.14_orig/net/netfilter/Makefile linux-4.14/net/netfilter/Makefile
old new obj-$(CONFIG_NETFILTER_XT_TARGET_CT) += 125 125 obj-$(CONFIG_NETFILTER_XT_TARGET_DSCP) += xt_DSCP.o 126 126 obj-$(CONFIG_NETFILTER_XT_TARGET_HL) += xt_HL.o 127 127 obj-$(CONFIG_NETFILTER_XT_TARGET_HMARK) += xt_HMARK.o 128 obj-$(CONFIG_NETFILTER_XT_TARGET_IMQ) += xt_IMQ.o 128 129 obj-$(CONFIG_NETFILTER_XT_TARGET_LED) += xt_LED.o 129 130 obj-$(CONFIG_NETFILTER_XT_TARGET_LOG) += xt_LOG.o 130 131 obj-$(CONFIG_NETFILTER_XT_TARGET_NETMAP) += xt_NETMAP.o -
net/netfilter/nf_queue.c
diff -Naupr linux-4.14_orig/net/netfilter/nf_queue.c linux-4.14/net/netfilter/nf_queue.c
old new 1 /*1 /* 2 2 * Rusty Russell (C)2000 -- This code is GPL. 3 3 * Patrick McHardy (c) 2006-2012 4 4 */ … … 27 27 * receives, no matter what. 28 28 */ 29 29 30 #if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) 31 static const struct nf_queue_handler __rcu *queue_imq_handler __read_mostly; 32 33 void nf_register_queue_imq_handler(const struct nf_queue_handler *qh) 34 { 35 rcu_assign_pointer(queue_imq_handler, qh); 36 } 37 EXPORT_SYMBOL_GPL(nf_register_queue_imq_handler); 38 39 void nf_unregister_queue_imq_handler(void) 40 { 41 RCU_INIT_POINTER(queue_imq_handler, NULL); 42 synchronize_rcu(); 43 } 44 EXPORT_SYMBOL_GPL(nf_unregister_queue_imq_handler); 45 #endif 46 30 47 /* return EBUSY when somebody else is registered, return EEXIST if the 31 48 * same handler is registered, return 0 in case of success. */ 32 49 void nf_register_queue_handler(struct net *net, const struct nf_queue_handler *qh) … … EXPORT_SYMBOL_GPL(nf_queue_nf_hook_drop) 113 130 114 131 static int __nf_queue(struct sk_buff *skb, const struct nf_hook_state *state, 115 132 const struct nf_hook_entries *entries, 116 unsigned int index, unsigned int queuenum)133 unsigned int index, unsigned int verdict) 117 134 { 118 135 int status = -ENOENT; 119 136 struct nf_queue_entry *entry = NULL; 120 137 const struct nf_afinfo *afinfo; 121 138 const struct nf_queue_handler *qh; 122 139 struct net *net = state->net; 140 unsigned int queuetype = verdict & NF_VERDICT_MASK; 141 unsigned int queuenum = verdict >> NF_VERDICT_QBITS; 123 142 124 143 /* QUEUE == DROP if no one is waiting, to be safe. */ 125 qh = rcu_dereference(net->nf.queue_handler); 144 145 if (queuetype == NF_IMQ_QUEUE) { 146 #if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) 147 qh = rcu_dereference(queue_imq_handler); 148 #else 149 BUG(); 150 goto err_unlock; 151 #endif 152 } else { 153 qh = rcu_dereference(net->nf.queue_handler); 154 } 155 126 156 if (!qh) { 127 157 status = -ESRCH; 128 158 goto err; … … int nf_queue(struct sk_buff *skb, struct 169 199 { 170 200 int ret; 171 201 172 ret = __nf_queue(skb, state, entries, index, verdict >> NF_VERDICT_QBITS);202 ret = __nf_queue(skb, state, entries, index, verdict); 173 203 if (ret < 0) { 204 205 #if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) 206 /* IMQ Bypass */ 207 if (ret == -ECANCELED && skb->imq_flags == 0) { 208 return 1; 209 } 210 #endif 211 174 212 if (ret == -ESRCH && 175 213 (verdict & NF_VERDICT_FLAG_QUEUE_BYPASS)) 176 214 return 1; … … next_hook: 256 294 local_bh_enable(); 257 295 break; 258 296 case NF_QUEUE: 297 case NF_IMQ_QUEUE: 259 298 err = nf_queue(skb, &entry->state, hooks, i, verdict); 260 299 if (err == 1) 261 300 goto next_hook; -
net/netfilter/xt_IMQ.c
diff -Naupr linux-4.14_orig/net/netfilter/xt_IMQ.c linux-4.14/net/netfilter/xt_IMQ.c
old new 1 /* 2 * This target marks packets to be enqueued to an imq device 3 */ 4 #include <linux/module.h> 5 #include <linux/skbuff.h> 6 #include <linux/netfilter/x_tables.h> 7 #include <linux/netfilter/xt_IMQ.h> 8 #include <linux/imq.h> 9 10 static unsigned int imq_target(struct sk_buff *pskb, 11 const struct xt_action_param *par) 12 { 13 const struct xt_imq_info *mr = par->targinfo; 14 15 pskb->imq_flags = (mr->todev & IMQ_F_IFMASK) | IMQ_F_ENQUEUE; 16 17 return XT_CONTINUE; 18 } 19 20 static int imq_checkentry(const struct xt_tgchk_param *par) 21 { 22 struct xt_imq_info *mr = par->targinfo; 23 24 if (mr->todev > IMQ_MAX_DEVS - 1) { 25 pr_warn("IMQ: invalid device specified, highest is %u\n", 26 IMQ_MAX_DEVS - 1); 27 return -EINVAL; 28 } 29 30 return 0; 31 } 32 33 static struct xt_target xt_imq_reg[] __read_mostly = { 34 { 35 .name = "IMQ", 36 .family = AF_INET, 37 .checkentry = imq_checkentry, 38 .target = imq_target, 39 .targetsize = sizeof(struct xt_imq_info), 40 .table = "mangle", 41 .me = THIS_MODULE 42 }, 43 { 44 .name = "IMQ", 45 .family = AF_INET6, 46 .checkentry = imq_checkentry, 47 .target = imq_target, 48 .targetsize = sizeof(struct xt_imq_info), 49 .table = "mangle", 50 .me = THIS_MODULE 51 }, 52 }; 53 54 static int __init imq_init(void) 55 { 56 return xt_register_targets(xt_imq_reg, ARRAY_SIZE(xt_imq_reg)); 57 } 58 59 static void __exit imq_fini(void) 60 { 61 xt_unregister_targets(xt_imq_reg, ARRAY_SIZE(xt_imq_reg)); 62 } 63 64 module_init(imq_init); 65 module_exit(imq_fini); 66 67 MODULE_AUTHOR("https://github.com/imq/linuximq"); 68 MODULE_DESCRIPTION("Pseudo-driver for the intermediate queue device. See https://github.com/imq/linuximq/wiki for more information."); 69 MODULE_LICENSE("GPL"); 70 MODULE_ALIAS("ipt_IMQ"); 71 MODULE_ALIAS("ip6t_IMQ"); 72 -
net/sched/sch_generic.c
diff -Naupr linux-4.14_orig/net/sched/sch_generic.c linux-4.14/net/sched/sch_generic.c
old new trace: 158 158 return skb; 159 159 } 160 160 161 struct sk_buff *qdisc_dequeue_skb(struct Qdisc *q, bool *validate) 162 { 163 int packets; 164 165 return dequeue_skb(q, validate, &packets); 166 } 167 EXPORT_SYMBOL(qdisc_dequeue_skb); 168 161 169 /* 162 170 * Transmit possibly several skbs, and handle the return status as 163 171 * required. Owning running seqcount bit guarantees that
Note: See TracBrowser
for help on using the repository browser.
