source:
npl/kernel/linux_src/linux-5.9-imq.patch
@
1ebb340
| Last change on this file since 1ebb340 was 1ebb340, checked in by , 4 years ago | |
|---|---|
|
|
| File size: 46.3 KB | |
-
drivers/net/imq.c
diff -purN linux-5.8_org/drivers/net/imq.c linux-5.8/drivers/net/imq.c
old new 1 /* 2 * Pseudo-driver for the intermediate queue device. 3 * 4 * This program is free software; you can redistribute it and/or 5 * modify it under the terms of the GNU General Public License 6 * as published by the Free Software Foundation; either version 7 * 2 of the License, or (at your option) any later version. 8 * 9 * Authors: Patrick McHardy, <kaber@trash.net> 10 * 11 * The first version was written by Martin Devera, <devik@cdi.cz> 12 * 13 * See Credits.txt 14 */ 15 16 #include <linux/module.h> 17 #include <linux/kernel.h> 18 #include <linux/moduleparam.h> 19 #include <linux/list.h> 20 #include <linux/skbuff.h> 21 #include <linux/netdevice.h> 22 #include <linux/etherdevice.h> 23 #include <linux/rtnetlink.h> 24 #include <linux/if_arp.h> 25 #include <linux/netfilter.h> 26 #include <linux/netfilter_ipv4.h> 27 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 28 #include <linux/netfilter_ipv6.h> 29 #endif 30 #include <linux/imq.h> 31 #include <net/pkt_sched.h> 32 #include <net/netfilter/nf_queue.h> 33 #include <net/sock.h> 34 #include <linux/ip.h> 35 #include <linux/ipv6.h> 36 #include <linux/if_vlan.h> 37 #include <linux/if_pppox.h> 38 #include <net/ip.h> 39 #include <net/ipv6.h> 40 41 static int imq_nf_queue(struct nf_queue_entry *entry, unsigned queue_num); 42 43 static nf_hookfn imq_nf_hook; 44 45 static struct nf_hook_ops imq_ops[] = { 46 { 47 /* imq_ingress_ipv4 */ 48 .hook = imq_nf_hook, 49 .pf = PF_INET, 50 .hooknum = NF_INET_PRE_ROUTING, 51 #if defined(CONFIG_IMQ_BEHAVIOR_BA) || defined(CONFIG_IMQ_BEHAVIOR_BB) 52 .priority = NF_IP_PRI_MANGLE + 1, 53 #else 54 .priority = NF_IP_PRI_NAT_DST + 1, 55 #endif 56 }, 57 { 58 /* imq_egress_ipv4 */ 59 .hook = imq_nf_hook, 60 .pf = PF_INET, 61 .hooknum = NF_INET_POST_ROUTING, 62 #if defined(CONFIG_IMQ_BEHAVIOR_AA) || defined(CONFIG_IMQ_BEHAVIOR_BA) 63 .priority = NF_IP_PRI_LAST, 64 #else 65 .priority = NF_IP_PRI_NAT_SRC - 1, 66 #endif 67 }, 68 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 69 { 70 /* imq_ingress_ipv6 */ 71 .hook = imq_nf_hook, 72 .pf = PF_INET6, 73 .hooknum = NF_INET_PRE_ROUTING, 74 #if defined(CONFIG_IMQ_BEHAVIOR_BA) || defined(CONFIG_IMQ_BEHAVIOR_BB) 75 .priority = NF_IP6_PRI_MANGLE + 1, 76 #else 77 .priority = NF_IP6_PRI_NAT_DST + 1, 78 #endif 79 }, 80 { 81 /* imq_egress_ipv6 */ 82 .hook = imq_nf_hook, 83 .pf = PF_INET6, 84 .hooknum = NF_INET_POST_ROUTING, 85 #if defined(CONFIG_IMQ_BEHAVIOR_AA) || defined(CONFIG_IMQ_BEHAVIOR_BA) 86 .priority = NF_IP6_PRI_LAST, 87 #else 88 .priority = NF_IP6_PRI_NAT_SRC - 1, 89 #endif 90 }, 91 #endif 92 }; 93 94 #if defined(CONFIG_IMQ_NUM_DEVS) 95 static int numdevs = CONFIG_IMQ_NUM_DEVS; 96 #else 97 static int numdevs = IMQ_MAX_DEVS; 98 #endif 99 100 static struct net_device *imq_devs_cache[IMQ_MAX_DEVS]; 101 102 #define IMQ_MAX_QUEUES 32 103 static int numqueues = 1; 104 static u32 imq_hashrnd; 105 static int imq_dev_accurate_stats = 1; 106 107 static inline __be16 pppoe_proto(const struct sk_buff *skb) 108 { 109 return *((__be16 *)(skb_mac_header(skb) + ETH_HLEN + 110 sizeof(struct pppoe_hdr))); 111 } 112 113 static u16 imq_hash(struct net_device *dev, struct sk_buff *skb) 114 { 115 unsigned int pull_len; 116 u16 protocol = skb->protocol; 117 u32 addr1, addr2; 118 u32 hash, ihl = 0; 119 union { 120 u16 in16[2]; 121 u32 in32; 122 } ports; 123 u8 ip_proto; 124 125 pull_len = 0; 126 127 recheck: 128 switch (protocol) { 129 case htons(ETH_P_8021Q): { 130 if (unlikely(skb_pull(skb, VLAN_HLEN) == NULL)) 131 goto other; 132 133 pull_len += VLAN_HLEN; 134 skb->network_header += VLAN_HLEN; 135 136 protocol = vlan_eth_hdr(skb)->h_vlan_encapsulated_proto; 137 goto recheck; 138 } 139 140 case htons(ETH_P_PPP_SES): { 141 if (unlikely(skb_pull(skb, PPPOE_SES_HLEN) == NULL)) 142 goto other; 143 144 pull_len += PPPOE_SES_HLEN; 145 skb->network_header += PPPOE_SES_HLEN; 146 147 protocol = pppoe_proto(skb); 148 goto recheck; 149 } 150 151 case htons(ETH_P_IP): { 152 const struct iphdr *iph = ip_hdr(skb); 153 154 if (unlikely(!pskb_may_pull(skb, sizeof(struct iphdr)))) 155 goto other; 156 157 addr1 = iph->daddr; 158 addr2 = iph->saddr; 159 160 ip_proto = !(ip_hdr(skb)->frag_off & htons(IP_MF | IP_OFFSET)) ? 161 iph->protocol : 0; 162 ihl = ip_hdrlen(skb); 163 164 break; 165 } 166 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 167 case htons(ETH_P_IPV6): { 168 const struct ipv6hdr *iph = ipv6_hdr(skb); 169 __be16 fo = 0; 170 171 if (unlikely(!pskb_may_pull(skb, sizeof(struct ipv6hdr)))) 172 goto other; 173 174 addr1 = iph->daddr.s6_addr32[3]; 175 addr2 = iph->saddr.s6_addr32[3]; 176 ihl = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr), &ip_proto, 177 &fo); 178 if (unlikely(ihl < 0)) 179 goto other; 180 181 break; 182 } 183 #endif 184 default: 185 other: 186 if (pull_len != 0) { 187 skb_push(skb, pull_len); 188 skb->network_header -= pull_len; 189 } 190 191 return (u16)(ntohs(protocol) % dev->real_num_tx_queues); 192 } 193 194 if (addr1 > addr2) 195 swap(addr1, addr2); 196 197 switch (ip_proto) { 198 case IPPROTO_TCP: 199 case IPPROTO_UDP: 200 case IPPROTO_DCCP: 201 case IPPROTO_ESP: 202 case IPPROTO_AH: 203 case IPPROTO_SCTP: 204 case IPPROTO_UDPLITE: { 205 if (likely(skb_copy_bits(skb, ihl, &ports.in32, 4) >= 0)) { 206 if (ports.in16[0] > ports.in16[1]) 207 swap(ports.in16[0], ports.in16[1]); 208 break; 209 } 210 /* fall-through */ 211 } 212 default: 213 ports.in32 = 0; 214 break; 215 } 216 217 if (pull_len != 0) { 218 skb_push(skb, pull_len); 219 skb->network_header -= pull_len; 220 } 221 222 hash = jhash_3words(addr1, addr2, ports.in32, imq_hashrnd ^ ip_proto); 223 224 return (u16)(((u64)hash * dev->real_num_tx_queues) >> 32); 225 } 226 227 static inline bool sk_tx_queue_recorded(struct sock *sk) 228 { 229 return (sk_tx_queue_get(sk) >= 0); 230 } 231 232 static struct netdev_queue *imq_select_queue(struct net_device *dev, 233 struct sk_buff *skb) 234 { 235 u16 queue_index = 0; 236 u32 hash; 237 238 if (likely(dev->real_num_tx_queues == 1)) 239 goto out; 240 241 /* IMQ can be receiving ingress or engress packets. */ 242 243 /* Check first for if rx_queue is set */ 244 if (skb_rx_queue_recorded(skb)) { 245 queue_index = skb_get_rx_queue(skb); 246 goto out; 247 } 248 249 /* Check if socket has tx_queue set */ 250 if (sk_tx_queue_recorded(skb->sk)) { 251 queue_index = sk_tx_queue_get(skb->sk); 252 goto out; 253 } 254 255 /* Try use socket hash */ 256 if (skb->sk && skb->sk->sk_hash) { 257 hash = skb->sk->sk_hash; 258 queue_index = 259 (u16)(((u64)hash * dev->real_num_tx_queues) >> 32); 260 goto out; 261 } 262 263 /* Generate hash from packet data */ 264 queue_index = imq_hash(dev, skb); 265 266 out: 267 if (unlikely(queue_index >= dev->real_num_tx_queues)) 268 queue_index = (u16)((u32)queue_index % dev->real_num_tx_queues); 269 270 skb_set_queue_mapping(skb, queue_index); 271 return netdev_get_tx_queue(dev, queue_index); 272 } 273 274 static struct net_device_stats *imq_get_stats(struct net_device *dev) 275 { 276 return &dev->stats; 277 } 278 279 /* called for packets kfree'd in qdiscs at places other than enqueue */ 280 static void imq_skb_destructor(struct sk_buff *skb) 281 { 282 struct nf_queue_entry *entry = skb->nf_queue_entry; 283 284 skb->nf_queue_entry = NULL; 285 286 if (entry) { 287 nf_queue_entry_free(entry); 288 kfree(entry); 289 } 290 291 skb_restore_cb(skb); /* kfree backup */ 292 } 293 294 static void imq_done_check_queue_mapping(struct sk_buff *skb, 295 struct net_device *dev) 296 { 297 unsigned int queue_index; 298 299 /* Don't let queue_mapping be left too large after exiting IMQ */ 300 if (likely(skb->dev != dev && skb->dev != NULL)) { 301 queue_index = skb_get_queue_mapping(skb); 302 if (unlikely(queue_index >= skb->dev->real_num_tx_queues)) { 303 queue_index = (u16)((u32)queue_index % 304 skb->dev->real_num_tx_queues); 305 skb_set_queue_mapping(skb, queue_index); 306 } 307 } else { 308 /* skb->dev was IMQ device itself or NULL, be on safe side and 309 * just clear queue mapping. 310 */ 311 skb_set_queue_mapping(skb, 0); 312 } 313 } 314 315 static netdev_tx_t imq_dev_xmit(struct sk_buff *skb, struct net_device *dev) 316 { 317 struct nf_queue_entry *entry = skb->nf_queue_entry; 318 319 rcu_read_lock(); 320 321 skb->nf_queue_entry = NULL; 322 netif_trans_update(dev); 323 324 dev->stats.tx_bytes += skb->len; 325 dev->stats.tx_packets++; 326 327 if (unlikely(entry == NULL)) { 328 /* We don't know what is going on here.. packet is queued for 329 * imq device, but (probably) not by us. 330 * 331 * If this packet was not send here by imq_nf_queue(), then 332 * skb_save_cb() was not used and skb_free() should not show: 333 * WARNING: IMQ: kfree_skb: skb->cb_next:.. 334 * and/or 335 * WARNING: IMQ: kfree_skb: skb->nf_queue_entry... 336 * 337 * However if this message is shown, then IMQ is somehow broken 338 * and you should report this to linuximq.net. 339 */ 340 341 /* imq_dev_xmit is black hole that eats all packets, report that 342 * we eat this packet happily and increase dropped counters. 343 */ 344 345 dev->stats.tx_dropped++; 346 dev_kfree_skb(skb); 347 348 rcu_read_unlock(); 349 return NETDEV_TX_OK; 350 } 351 352 skb_restore_cb(skb); /* restore skb->cb */ 353 354 skb->imq_flags = 0; 355 skb->destructor = NULL; 356 357 imq_done_check_queue_mapping(skb, dev); 358 359 nf_reinject(entry, NF_ACCEPT); 360 361 rcu_read_unlock(); 362 return NETDEV_TX_OK; 363 } 364 365 static struct net_device *get_imq_device_by_index(int index) 366 { 367 struct net_device *dev = NULL; 368 struct net *net; 369 char buf[8]; 370 371 /* get device by name and cache result */ 372 snprintf(buf, sizeof(buf), "imq%d", index); 373 374 /* Search device from all namespaces. */ 375 for_each_net(net) { 376 dev = dev_get_by_name(net, buf); 377 if (dev) 378 break; 379 } 380 381 if (WARN_ON_ONCE(dev == NULL)) { 382 /* IMQ device not found. Exotic config? */ 383 return ERR_PTR(-ENODEV); 384 } 385 386 imq_devs_cache[index] = dev; 387 dev_put(dev); 388 389 return dev; 390 } 391 392 static struct nf_queue_entry *nf_queue_entry_dup(struct nf_queue_entry *e) 393 { 394 struct nf_queue_entry *entry = kmemdup(e, e->size, GFP_ATOMIC); 395 if (entry) { 396 nf_queue_entry_get_refs(entry); 397 return entry; 398 } 399 return NULL; 400 } 401 402 #ifdef CONFIG_BRIDGE_NETFILTER 403 /* When called from bridge netfilter, skb->data must point to MAC header 404 * before calling skb_gso_segment(). Else, original MAC header is lost 405 * and segmented skbs will be sent to wrong destination. 406 */ 407 static void nf_bridge_adjust_skb_data(struct sk_buff *skb) 408 { 409 if (skb->nf_bridge) 410 __skb_push(skb, skb->network_header - skb->mac_header); 411 } 412 413 static void nf_bridge_adjust_segmented_data(struct sk_buff *skb) 414 { 415 if (skb->nf_bridge) 416 __skb_pull(skb, skb->network_header - skb->mac_header); 417 } 418 #else 419 #define nf_bridge_adjust_skb_data(s) do {} while (0) 420 #define nf_bridge_adjust_segmented_data(s) do {} while (0) 421 #endif 422 423 static int __imq_nf_queue(struct nf_queue_entry *entry, struct net_device *dev); 424 425 static int __imq_nf_queue_gso(struct nf_queue_entry *entry, 426 struct net_device *dev, struct sk_buff *skb) 427 { 428 int ret = -ENOMEM; 429 struct nf_queue_entry *entry_seg; 430 431 nf_bridge_adjust_segmented_data(skb); 432 433 if (skb->next == NULL) { /* last packet, no need to copy entry */ 434 struct sk_buff *gso_skb = entry->skb; 435 entry->skb = skb; 436 ret = __imq_nf_queue(entry, dev); 437 if (ret) 438 entry->skb = gso_skb; 439 return ret; 440 } 441 442 skb->next = NULL; 443 444 entry_seg = nf_queue_entry_dup(entry); 445 if (entry_seg) { 446 entry_seg->skb = skb; 447 ret = __imq_nf_queue(entry_seg, dev); 448 if (ret) 449 nf_queue_entry_free(entry_seg); 450 } 451 return ret; 452 } 453 454 static int imq_nf_queue(struct nf_queue_entry *entry, unsigned queue_num) 455 { 456 struct sk_buff *skb, *segs; 457 struct net_device *dev; 458 unsigned int queued; 459 int index, retval, err; 460 461 index = entry->skb->imq_flags & IMQ_F_IFMASK; 462 if (unlikely(index > numdevs - 1)) { 463 if (net_ratelimit()) 464 pr_warn("IMQ: invalid device specified, highest is %u\n", 465 numdevs - 1); 466 retval = -EINVAL; 467 goto out_no_dev; 468 } 469 470 /* check for imq device by index from cache */ 471 dev = imq_devs_cache[index]; 472 if (unlikely(!dev)) { 473 dev = get_imq_device_by_index(index); 474 if (IS_ERR(dev)) { 475 retval = PTR_ERR(dev); 476 goto out_no_dev; 477 } 478 } 479 480 if (unlikely(!(dev->flags & IFF_UP))) { 481 entry->skb->imq_flags = 0; 482 retval = -ECANCELED; 483 goto out_no_dev; 484 } 485 486 /* Since 3.10.x, GSO handling moved here as result of upstream commit 487 * a5fedd43d5f6c94c71053a66e4c3d2e35f1731a2 (netfilter: move 488 * skb_gso_segment into nfnetlink_queue module). 489 * 490 * Following code replicates the gso handling from 491 * 'net/netfilter/nfnetlink_queue_core.c':nfqnl_enqueue_packet(). 492 */ 493 494 skb = entry->skb; 495 496 switch (entry->state.pf) { 497 case NFPROTO_IPV4: 498 skb->protocol = htons(ETH_P_IP); 499 break; 500 case NFPROTO_IPV6: 501 skb->protocol = htons(ETH_P_IPV6); 502 break; 503 } 504 505 if (!skb_is_gso(entry->skb)) 506 return __imq_nf_queue(entry, dev); 507 508 nf_bridge_adjust_skb_data(skb); 509 segs = skb_gso_segment(skb, 0); 510 /* Does not use PTR_ERR to limit the number of error codes that can be 511 * returned by nf_queue. For instance, callers rely on -ECANCELED to 512 * mean 'ignore this hook'. 513 */ 514 err = -ENOBUFS; 515 if (IS_ERR(segs)) 516 goto out_err; 517 queued = 0; 518 err = 0; 519 do { 520 struct sk_buff *nskb = segs->next; 521 if (nskb && nskb->next) 522 nskb->cb_next = NULL; 523 if (err == 0) 524 err = __imq_nf_queue_gso(entry, dev, segs); 525 if (err == 0) 526 queued++; 527 else 528 kfree_skb(segs); 529 segs = nskb; 530 } while (segs); 531 532 if (queued) { 533 if (err) /* some segments are already queued */ 534 nf_queue_entry_free(entry); 535 kfree_skb(skb); 536 return 0; 537 } 538 539 out_err: 540 nf_bridge_adjust_segmented_data(skb); 541 retval = err; 542 out_no_dev: 543 return retval; 544 } 545 546 static int __imq_nf_queue(struct nf_queue_entry *entry, struct net_device *dev) 547 { 548 struct sk_buff *skb_orig, *skb, *skb_shared, *skb_popd; 549 struct Qdisc *q; 550 struct sk_buff *to_free = NULL; 551 struct netdev_queue *txq; 552 spinlock_t *root_lock; 553 int users; 554 int retval = -EINVAL; 555 unsigned int orig_queue_index; 556 bool again = false; 557 558 dev->last_rx = jiffies; 559 560 skb = entry->skb; 561 skb_orig = NULL; 562 563 /* skb has owner? => make clone */ 564 if (unlikely(skb->destructor)) { 565 skb_orig = skb; 566 skb = skb_clone(skb, GFP_ATOMIC); 567 if (unlikely(!skb)) { 568 retval = -ENOMEM; 569 goto out; 570 } 571 skb->cb_next = NULL; 572 entry->skb = skb; 573 } 574 575 dev->stats.rx_bytes += skb->len; 576 dev->stats.rx_packets++; 577 578 if (!skb->dev) { 579 /* skb->dev == NULL causes problems, try the find cause. */ 580 if (net_ratelimit()) { 581 dev_warn(&dev->dev, 582 "received packet with skb->dev == NULL\n"); 583 dump_stack(); 584 } 585 586 skb->dev = dev; 587 } 588 589 /* Disables softirqs for lock below */ 590 rcu_read_lock_bh(); 591 592 /* Multi-queue selection */ 593 orig_queue_index = skb_get_queue_mapping(skb); 594 txq = imq_select_queue(dev, skb); 595 596 q = rcu_dereference_bh(txq->qdisc); 597 if (unlikely(!q->enqueue)) 598 goto packet_not_eaten_by_imq_dev; 599 600 skb->nf_queue_entry = entry; 601 root_lock = qdisc_lock(q); 602 spin_lock(root_lock); 603 604 users = refcount_read(&skb->users); 605 606 skb_shared = skb_get(skb); /* increase reference count by one */ 607 608 /* backup skb->cb, as qdisc layer will overwrite it */ 609 skb_save_cb(skb_shared); 610 qdisc_enqueue_root(skb_shared, q, &to_free); /* might kfree_skb */ 611 if (likely(refcount_read(&skb_shared->users) == users + 1)) { 612 bool validate; 613 614 kfree_skb(skb_shared); /* decrease reference count by one */ 615 616 skb->destructor = &imq_skb_destructor; 617 618 skb_popd = qdisc_dequeue_skb(q, &validate); 619 620 /* cloned? */ 621 if (unlikely(skb_orig)) 622 kfree_skb(skb_orig); /* free original */ 623 624 spin_unlock(root_lock); 625 626 #if 0 627 /* schedule qdisc dequeue */ 628 __netif_schedule(q); 629 #else 630 if (likely(skb_popd)) { 631 /* Note that we validate skb (GSO, checksum, ...) outside of locks */ 632 if (validate) 633 skb_popd = validate_xmit_skb_list(skb_popd, dev, &again); 634 635 if (skb_popd) { 636 int dummy_ret; 637 int cpu = smp_processor_id(); /* ok because BHs are off */ 638 639 txq = skb_get_tx_queue(dev, skb_popd); 640 /* 641 IMQ device will not be frozen or stoped, and it always be successful. 642 So we need not check its status and return value to accelerate. 643 */ 644 if (imq_dev_accurate_stats && txq->xmit_lock_owner != cpu) { 645 HARD_TX_LOCK(dev, txq, cpu); 646 if (!netif_xmit_frozen_or_stopped(txq)) { 647 dev_hard_start_xmit(skb_popd, dev, txq, &dummy_ret); 648 } 649 HARD_TX_UNLOCK(dev, txq); 650 } else { 651 if (!netif_xmit_frozen_or_stopped(txq)) { 652 dev_hard_start_xmit(skb_popd, dev, txq, &dummy_ret); 653 } 654 } 655 } 656 } else { 657 /* No ready skb, then schedule it */ 658 __netif_schedule(q); 659 } 660 #endif 661 rcu_read_unlock_bh(); 662 retval = 0; 663 goto out; 664 } else { 665 skb_restore_cb(skb_shared); /* restore skb->cb */ 666 skb->nf_queue_entry = NULL; 667 /* 668 * qdisc dropped packet and decreased skb reference count of 669 * skb, so we don't really want to and try refree as that would 670 * actually destroy the skb. 671 */ 672 spin_unlock(root_lock); 673 goto packet_not_eaten_by_imq_dev; 674 } 675 676 packet_not_eaten_by_imq_dev: 677 skb_set_queue_mapping(skb, orig_queue_index); 678 rcu_read_unlock_bh(); 679 680 /* cloned? restore original */ 681 if (unlikely(skb_orig)) { 682 kfree_skb(skb); 683 entry->skb = skb_orig; 684 } 685 retval = -1; 686 out: 687 if (unlikely(to_free)) { 688 kfree_skb_list(to_free); 689 } 690 return retval; 691 } 692 static unsigned int imq_nf_hook(void *priv, 693 struct sk_buff *skb, 694 const struct nf_hook_state *state) 695 { 696 return (skb->imq_flags & IMQ_F_ENQUEUE) ? NF_IMQ_QUEUE : NF_ACCEPT; 697 } 698 699 static int imq_close(struct net_device *dev) 700 { 701 netif_stop_queue(dev); 702 return 0; 703 } 704 705 static int imq_open(struct net_device *dev) 706 { 707 netif_start_queue(dev); 708 return 0; 709 } 710 711 static struct device_type imq_device_type = { 712 .name = "imq", 713 }; 714 715 static const struct net_device_ops imq_netdev_ops = { 716 .ndo_open = imq_open, 717 .ndo_stop = imq_close, 718 .ndo_start_xmit = imq_dev_xmit, 719 .ndo_get_stats = imq_get_stats, 720 }; 721 722 static void imq_setup(struct net_device *dev) 723 { 724 dev->netdev_ops = &imq_netdev_ops; 725 dev->type = ARPHRD_VOID; 726 dev->mtu = 16000; /* too small? */ 727 dev->tx_queue_len = 11000; /* too big? */ 728 dev->flags = IFF_NOARP; 729 dev->features = NETIF_F_SG | NETIF_F_FRAGLIST | 730 NETIF_F_GSO | NETIF_F_HW_CSUM | 731 NETIF_F_HIGHDMA; 732 dev->priv_flags &= ~(IFF_XMIT_DST_RELEASE | 733 IFF_TX_SKB_SHARING); 734 } 735 736 static int imq_validate(struct nlattr *tb[], struct nlattr *data[], 737 struct netlink_ext_ack *extack) 738 { 739 int ret = 0; 740 741 if (tb[IFLA_ADDRESS]) { 742 if (nla_len(tb[IFLA_ADDRESS]) != ETH_ALEN) { 743 ret = -EINVAL; 744 goto end; 745 } 746 if (!is_valid_ether_addr(nla_data(tb[IFLA_ADDRESS]))) { 747 ret = -EADDRNOTAVAIL; 748 goto end; 749 } 750 } 751 return 0; 752 end: 753 pr_warn("IMQ: imq_validate failed (%d)\n", ret); 754 return ret; 755 } 756 757 static struct rtnl_link_ops imq_link_ops __read_mostly = { 758 .kind = "imq", 759 .priv_size = 0, 760 .setup = imq_setup, 761 .validate = imq_validate, 762 }; 763 764 static const struct nf_queue_handler imq_nfqh = { 765 .outfn = imq_nf_queue, 766 }; 767 768 static int __net_init imq_nf_register(struct net *net) 769 { 770 return nf_register_net_hooks(net, imq_ops, 771 ARRAY_SIZE(imq_ops)); 772 }; 773 774 static void __net_exit imq_nf_unregister(struct net *net) 775 { 776 nf_unregister_net_hooks(net, imq_ops, 777 ARRAY_SIZE(imq_ops)); 778 }; 779 780 static struct pernet_operations imq_net_ops = { 781 .init = imq_nf_register, 782 .exit = imq_nf_unregister, 783 }; 784 785 static int __net_init imq_init_hooks(void) 786 { 787 int ret; 788 nf_register_queue_imq_handler(&imq_nfqh); 789 790 ret = register_pernet_subsys(&imq_net_ops); 791 if (ret < 0) 792 nf_unregister_queue_imq_handler(); 793 794 return ret; 795 } 796 797 #ifdef CONFIG_LOCKDEP 798 static struct lock_class_key imq_netdev_addr_lock_key; 799 800 static void __init imq_dev_set_lockdep_one(struct net_device *dev, 801 struct netdev_queue *txq, void *arg) 802 { 803 /* 804 * the IMQ transmit locks can be taken recursively, 805 * for example with one IMQ rule for input- and one for 806 * output network devices in iptables! 807 * until we find a better solution ignore them. 808 */ 809 lockdep_set_novalidate_class(&txq->_xmit_lock); 810 } 811 812 static void imq_dev_set_lockdep_class(struct net_device *dev) 813 { 814 lockdep_set_class_and_name(&dev->addr_list_lock, 815 &imq_netdev_addr_lock_key, "_xmit_addr_IMQ"); 816 netdev_for_each_tx_queue(dev, imq_dev_set_lockdep_one, NULL); 817 } 818 #else 819 static inline void imq_dev_set_lockdep_class(struct net_device *dev) 820 { 821 } 822 #endif 823 824 static int __init imq_init_one(int index) 825 { 826 struct net_device *dev; 827 int ret; 828 829 dev = alloc_netdev_mq(0, "imq%d", NET_NAME_UNKNOWN, imq_setup, numqueues); 830 if (!dev) 831 return -ENOMEM; 832 833 ret = dev_alloc_name(dev, dev->name); 834 if (ret < 0) 835 goto fail; 836 837 dev->rtnl_link_ops = &imq_link_ops; 838 SET_NETDEV_DEVTYPE(dev, &imq_device_type); 839 ret = register_netdevice(dev); 840 if (ret < 0) 841 goto fail; 842 843 imq_dev_set_lockdep_class(dev); 844 845 return 0; 846 fail: 847 free_netdev(dev); 848 return ret; 849 } 850 851 static int __init imq_init_devs(void) 852 { 853 int err, i; 854 855 if (numdevs < 1 || numdevs > IMQ_MAX_DEVS) { 856 pr_err("IMQ: numdevs has to be betweed 1 and %u\n", 857 IMQ_MAX_DEVS); 858 return -EINVAL; 859 } 860 861 if (numqueues < 1 || numqueues > IMQ_MAX_QUEUES) { 862 pr_err("IMQ: numqueues has to be betweed 1 and %u\n", 863 IMQ_MAX_QUEUES); 864 return -EINVAL; 865 } 866 867 get_random_bytes(&imq_hashrnd, sizeof(imq_hashrnd)); 868 869 rtnl_lock(); 870 err = __rtnl_link_register(&imq_link_ops); 871 872 for (i = 0; i < numdevs && !err; i++) 873 err = imq_init_one(i); 874 875 if (err) { 876 __rtnl_link_unregister(&imq_link_ops); 877 memset(imq_devs_cache, 0, sizeof(imq_devs_cache)); 878 } 879 rtnl_unlock(); 880 881 return err; 882 } 883 884 static int __init imq_init_module(void) 885 { 886 int err; 887 888 #if defined(CONFIG_IMQ_NUM_DEVS) 889 BUILD_BUG_ON(CONFIG_IMQ_NUM_DEVS > 16); 890 BUILD_BUG_ON(CONFIG_IMQ_NUM_DEVS < 2); 891 BUILD_BUG_ON(CONFIG_IMQ_NUM_DEVS - 1 > IMQ_F_IFMASK); 892 #endif 893 894 err = imq_init_devs(); 895 if (err) { 896 pr_err("IMQ: Error trying imq_init_devs(net)\n"); 897 return err; 898 } 899 900 err = imq_init_hooks(); 901 if (err) { 902 pr_err(KERN_ERR "IMQ: Error trying imq_init_hooks()\n"); 903 rtnl_link_unregister(&imq_link_ops); 904 memset(imq_devs_cache, 0, sizeof(imq_devs_cache)); 905 return err; 906 } 907 908 pr_info("IMQ driver loaded successfully. (numdevs = %d, numqueues = %d, imq_dev_accurate_stats = %d)\n", 909 numdevs, numqueues, imq_dev_accurate_stats); 910 911 #if defined(CONFIG_IMQ_BEHAVIOR_BA) || defined(CONFIG_IMQ_BEHAVIOR_BB) 912 pr_info("\tHooking IMQ before NAT on PREROUTING.\n"); 913 #else 914 pr_info("\tHooking IMQ after NAT on PREROUTING.\n"); 915 #endif 916 #if defined(CONFIG_IMQ_BEHAVIOR_AB) || defined(CONFIG_IMQ_BEHAVIOR_BB) 917 pr_info("\tHooking IMQ before NAT on POSTROUTING.\n"); 918 #else 919 pr_info("\tHooking IMQ after NAT on POSTROUTING.\n"); 920 #endif 921 922 return 0; 923 } 924 925 static void __exit imq_unhook(void) 926 { 927 unregister_pernet_subsys(&imq_net_ops); 928 nf_unregister_queue_imq_handler(); 929 } 930 931 static void __exit imq_cleanup_devs(void) 932 { 933 rtnl_link_unregister(&imq_link_ops); 934 memset(imq_devs_cache, 0, sizeof(imq_devs_cache)); 935 } 936 937 static void __exit imq_exit_module(void) 938 { 939 imq_unhook(); 940 imq_cleanup_devs(); 941 pr_info("IMQ driver unloaded successfully.\n"); 942 } 943 944 module_init(imq_init_module); 945 module_exit(imq_exit_module); 946 947 module_param(numdevs, int, 0); 948 module_param(numqueues, int, 0); 949 module_param(imq_dev_accurate_stats, int, 0); 950 MODULE_PARM_DESC(numdevs, "number of IMQ devices (how many imq* devices will be created)"); 951 MODULE_PARM_DESC(numqueues, "number of queues per IMQ device"); 952 MODULE_PARM_DESC(imq_dev_accurate_stats, "Notify if need the accurate imq device stats"); 953 954 MODULE_AUTHOR("https://github.com/imq/linuximq"); 955 MODULE_DESCRIPTION("Pseudo-driver for the intermediate queue device. See https://github.com/imq/linuximq/wiki for more information."); 956 MODULE_LICENSE("GPL"); 957 MODULE_ALIAS_RTNL_LINK("imq"); -
drivers/net/Kconfig
diff -purN linux-5.8_org/drivers/net/Kconfig linux-5.8/drivers/net/Kconfig
old new config RIONET_RX_SIZE 339 339 depends on RIONET 340 340 default "128" 341 341 342 config IMQ 343 tristate "IMQ (intermediate queueing device) support" 344 depends on NETDEVICES && NETFILTER 345 help 346 The IMQ device(s) is used as placeholder for QoS queueing 347 disciplines. Every packet entering/leaving the IP stack can be 348 directed through the IMQ device where it's enqueued/dequeued to the 349 attached qdisc. This allows you to treat network devices as classes 350 and distribute bandwidth among them. Iptables is used to specify 351 through which IMQ device, if any, packets travel. 352 353 More information at: https://github.com/imq/linuximq 354 355 To compile this driver as a module, choose M here: the module 356 will be called imq. If unsure, say N. 357 358 choice 359 prompt "IMQ behavior (PRE/POSTROUTING)" 360 depends on IMQ 361 default IMQ_BEHAVIOR_AB 362 help 363 This setting defines how IMQ behaves in respect to its 364 hooking in PREROUTING and POSTROUTING. 365 366 IMQ can work in any of the following ways: 367 368 PREROUTING | POSTROUTING 369 -----------------|------------------- 370 #1 After NAT | After NAT 371 #2 After NAT | Before NAT 372 #3 Before NAT | After NAT 373 #4 Before NAT | Before NAT 374 375 The default behavior is to hook before NAT on PREROUTING 376 and after NAT on POSTROUTING (#3). 377 378 This settings are specially usefull when trying to use IMQ 379 to shape NATed clients. 380 381 More information can be found at: https://github.com/imq/linuximq 382 383 If not sure leave the default settings alone. 384 385 config IMQ_BEHAVIOR_AA 386 bool "IMQ AA" 387 help 388 This setting defines how IMQ behaves in respect to its 389 hooking in PREROUTING and POSTROUTING. 390 391 Choosing this option will make IMQ hook like this: 392 393 PREROUTING: After NAT 394 POSTROUTING: After NAT 395 396 More information can be found at: https://github.com/imq/linuximq 397 398 If not sure leave the default settings alone. 399 400 config IMQ_BEHAVIOR_AB 401 bool "IMQ AB" 402 help 403 This setting defines how IMQ behaves in respect to its 404 hooking in PREROUTING and POSTROUTING. 405 406 Choosing this option will make IMQ hook like this: 407 408 PREROUTING: After NAT 409 POSTROUTING: Before NAT 410 411 More information can be found at: https://github.com/imq/linuximq 412 413 If not sure leave the default settings alone. 414 415 config IMQ_BEHAVIOR_BA 416 bool "IMQ BA" 417 help 418 This setting defines how IMQ behaves in respect to its 419 hooking in PREROUTING and POSTROUTING. 420 421 Choosing this option will make IMQ hook like this: 422 423 PREROUTING: Before NAT 424 POSTROUTING: After NAT 425 426 More information can be found at: https://github.com/imq/linuximq 427 428 If not sure leave the default settings alone. 429 430 config IMQ_BEHAVIOR_BB 431 bool "IMQ BB" 432 help 433 This setting defines how IMQ behaves in respect to its 434 hooking in PREROUTING and POSTROUTING. 435 436 Choosing this option will make IMQ hook like this: 437 438 PREROUTING: Before NAT 439 POSTROUTING: Before NAT 440 441 More information can be found at: https://github.com/imq/linuximq 442 443 If not sure leave the default settings alone. 444 445 endchoice 446 447 config IMQ_NUM_DEVS 448 int "Number of IMQ devices" 449 range 2 16 450 depends on IMQ 451 default "16" 452 help 453 This setting defines how many IMQ devices will be created. 454 455 The default value is 16. 456 457 More information can be found at: https://github.com/imq/linuximq 458 459 If not sure leave the default settings alone. 460 342 461 config TUN 343 462 tristate "Universal TUN/TAP device driver support" 344 463 depends on INET -
drivers/net/Makefile
diff -purN linux-5.8_org/drivers/net/Makefile linux-5.8/drivers/net/Makefile
old new obj-$(CONFIG_WIREGUARD) += wireguard/ 14 14 obj-$(CONFIG_EQUALIZER) += eql.o 15 15 obj-$(CONFIG_IFB) += ifb.o 16 16 obj-$(CONFIG_MACSEC) += macsec.o 17 obj-$(CONFIG_IMQ) += imq.o 17 18 obj-$(CONFIG_MACVLAN) += macvlan.o 18 19 obj-$(CONFIG_MACVTAP) += macvtap.o 19 20 obj-$(CONFIG_MII) += mii.o -
include/linux/imq.h
diff -purN linux-5.8_org/include/linux/imq.h linux-5.8/include/linux/imq.h
old new 1 #ifndef _IMQ_H 2 #define _IMQ_H 3 4 /* IFMASK (16 device indexes, 0 to 15) and flag(s) fit in 5 bits */ 5 #define IMQ_F_BITS 5 6 7 #define IMQ_F_IFMASK 0x0f 8 #define IMQ_F_ENQUEUE 0x10 9 10 #define IMQ_MAX_DEVS (IMQ_F_IFMASK + 1) 11 12 #endif /* _IMQ_H */ 13 -
include/linux/netdevice.h
diff -purN linux-5.8_org/include/linux/netdevice.h linux-5.8/include/linux/netdevice.h
old new struct net_device { 1998 1998 /* 1999 1999 * Cache lines mostly used on receive path (including eth_type_trans()) 2000 2000 */ 2001 2002 #if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) 2003 unsigned long last_rx; 2004 #endif 2005 2001 2006 /* Interface address info used in eth_type_trans() */ 2002 2007 unsigned char *dev_addr; 2003 2008 … … static inline void netif_tx_unlock_bh(st 4216 4221 } \ 4217 4222 } 4218 4223 4224 #define HARD_TX_LOCK_BH(dev, txq) { \ 4225 if ((dev->features & NETIF_F_LLTX) == 0) { \ 4226 __netif_tx_lock_bh(txq); \ 4227 } \ 4228 } 4229 4230 #define HARD_TX_UNLOCK_BH(dev, txq) { \ 4231 if ((dev->features & NETIF_F_LLTX) == 0) { \ 4232 __netif_tx_unlock_bh(txq); \ 4233 } \ 4234 } 4235 4236 4219 4237 static inline void netif_tx_disable(struct net_device *dev) 4220 4238 { 4221 4239 unsigned int i; -
include/linux/netfilter/xt_IMQ.h
diff -purN linux-5.8_org/include/linux/netfilter/xt_IMQ.h linux-5.8/include/linux/netfilter/xt_IMQ.h
old new 1 #ifndef _XT_IMQ_H 2 #define _XT_IMQ_H 3 4 struct xt_imq_info { 5 unsigned int todev; /* target imq device */ 6 }; 7 8 #endif /* _XT_IMQ_H */ 9 -
include/linux/netfilter_ipv4/ipt_IMQ.h
diff -purN linux-5.8_org/include/linux/netfilter_ipv4/ipt_IMQ.h linux-5.8/include/linux/netfilter_ipv4/ipt_IMQ.h
old new 1 #ifndef _IPT_IMQ_H 2 #define _IPT_IMQ_H 3 4 /* Backwards compatibility for old userspace */ 5 #include <linux/netfilter/xt_IMQ.h> 6 7 #define ipt_imq_info xt_imq_info 8 9 #endif /* _IPT_IMQ_H */ 10 -
include/linux/netfilter_ipv6/ip6t_IMQ.h
diff -purN linux-5.8_org/include/linux/netfilter_ipv6/ip6t_IMQ.h linux-5.8/include/linux/netfilter_ipv6/ip6t_IMQ.h
old new 1 #ifndef _IP6T_IMQ_H 2 #define _IP6T_IMQ_H 3 4 /* Backwards compatibility for old userspace */ 5 #include <linux/netfilter/xt_IMQ.h> 6 7 #define ip6t_imq_info xt_imq_info 8 9 #endif /* _IP6T_IMQ_H */ 10 -
include/linux/skbuff.h
diff -purN linux-5.8_org/include/linux/skbuff.h linux-5.8/include/linux/skbuff.h
old new 40 40 #if IS_ENABLED(CONFIG_NF_CONNTRACK) 41 41 #include <linux/netfilter/nf_conntrack_common.h> 42 42 #endif 43 #if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) 44 #include <linux/imq.h> 45 #endif 43 46 44 47 /* The interface for checksum offload between the stack and networking drivers 45 48 * is as follows... … … struct sk_buff { 744 747 * first. This is owned by whoever has the skb queued ATM. 745 748 */ 746 749 char cb[48] __aligned(8); 750 #if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) 751 void *cb_next; 752 #endif 747 753 748 754 union { 749 755 struct { … … struct sk_buff { 756 762 #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) 757 763 unsigned long _nfct; 758 764 #endif 765 #if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) 766 struct nf_queue_entry *nf_queue_entry; 767 #endif 759 768 unsigned int len, 760 769 data_len; 761 770 __u16 mac_len, … … struct sk_buff { 845 854 __u8 offload_fwd_mark:1; 846 855 __u8 offload_l3_fwd_mark:1; 847 856 #endif 857 #if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) 858 __u8 imq_flags:IMQ_F_BITS; 859 #endif 848 860 #ifdef CONFIG_NET_CLS_ACT 849 861 __u8 tc_skip_classify:1; 850 862 __u8 tc_at_ingress:1; … … void skb_tx_error(struct sk_buff *skb); 1057 1069 void consume_skb(struct sk_buff *skb); 1058 1070 void __consume_stateless_skb(struct sk_buff *skb); 1059 1071 void __kfree_skb(struct sk_buff *skb); 1072 #if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) 1073 int skb_save_cb(struct sk_buff *skb); 1074 int skb_restore_cb(struct sk_buff *skb); 1075 #endif 1060 1076 extern struct kmem_cache *skbuff_head_cache; 1061 1077 1062 1078 void kfree_skb_partial(struct sk_buff *skb, bool head_stolen); … … static inline void __nf_copy(struct sk_b 4257 4273 dst->_nfct = src->_nfct; 4258 4274 nf_conntrack_get(skb_nfct(src)); 4259 4275 #endif 4276 #if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) 4277 dst->imq_flags = src->imq_flags; 4278 dst->nf_queue_entry = src->nf_queue_entry; 4279 #endif 4260 4280 #if IS_ENABLED(CONFIG_NETFILTER_XT_TARGET_TRACE) || defined(CONFIG_NF_TABLES) 4261 4281 if (copy) 4262 4282 dst->nf_trace = src->nf_trace; -
include/net/netfilter/nf_queue.h
diff -purN linux-5.8_org/include/net/netfilter/nf_queue.h linux-5.8/include/net/netfilter/nf_queue.h
old new void nf_reinject(struct nf_queue_entry * 40 40 void nf_queue_entry_get_refs(struct nf_queue_entry *entry); 41 41 void nf_queue_entry_free(struct nf_queue_entry *entry); 42 42 43 #if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) 44 void nf_register_queue_imq_handler(const struct nf_queue_handler *qh); 45 void nf_unregister_queue_imq_handler(void); 46 #endif 47 43 48 static inline void init_hashrandom(u32 *jhash_initval) 44 49 { 45 50 while (*jhash_initval == 0) -
include/net/pkt_sched.h
diff -purN linux-5.8_org/include/net/pkt_sched.h linux-5.8/include/net/pkt_sched.h
old new bool sch_direct_xmit(struct sk_buff *skb 123 123 124 124 void __qdisc_run(struct Qdisc *q); 125 125 126 struct sk_buff *qdisc_dequeue_skb(struct Qdisc *q, bool *validate); 127 126 128 static inline void qdisc_run(struct Qdisc *q) 127 129 { 128 130 if (qdisc_run_begin(q)) { -
include/net/sch_generic.h
diff -purN linux-5.8_org/include/net/sch_generic.h linux-5.8/include/net/sch_generic.h
old new static inline int qdisc_enqueue(struct s 795 795 return sch->enqueue(skb, sch, to_free); 796 796 } 797 797 798 static inline int qdisc_enqueue_root(struct sk_buff *skb, struct Qdisc *sch, 799 struct sk_buff **to_free) 800 { 801 qdisc_skb_cb(skb)->pkt_len = skb->len; 802 return qdisc_enqueue(skb, sch, to_free) & NET_XMIT_MASK; 803 } 804 798 805 static inline void _bstats_update(struct gnet_stats_basic_packed *bstats, 799 806 __u64 bytes, __u32 packets) 800 807 { -
include/uapi/linux/netfilter.h
diff -purN linux-5.8_org/include/uapi/linux/netfilter.h linux-5.8/include/uapi/linux/netfilter.h
old new 14 14 #define NF_QUEUE 3 15 15 #define NF_REPEAT 4 16 16 #define NF_STOP 5 /* Deprecated, for userspace nf_queue compatibility. */ 17 #define NF_MAX_VERDICT NF_STOP 17 #define NF_IMQ_QUEUE 6 18 #define NF_MAX_VERDICT NF_IMQ_QUEUE 18 19 19 20 /* we overload the higher bits for encoding auxiliary data such as the queue 20 21 * number or errno values. Not nice, but better than additional function -
net/core/dev.c
diff -purN linux-5.8_org/net/core/dev.c linux-5.8/net/core/dev.c
old new 138 138 #include <linux/hrtimer.h> 139 139 #include <linux/netfilter_ingress.h> 140 140 #include <linux/crash_dump.h> 141 #if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) 142 #include <linux/imq.h> 143 #endif 141 144 #include <linux/sctp.h> 142 145 #include <net/udp_tunnel.h> 143 146 #include <linux/net_namespace.h> … … static int xmit_one(struct sk_buff *skb, 3548 3551 unsigned int len; 3549 3552 int rc; 3550 3553 3554 #if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) 3555 if ((!list_empty(&ptype_all) || !list_empty(&dev->ptype_all)) && 3556 !(skb->imq_flags & IMQ_F_ENQUEUE)) 3557 #else 3558 if (!list_empty(&ptype_all) || !list_empty(&dev->ptype_all)) 3559 #endif 3560 3551 3561 if (dev_nit_active(dev)) 3552 3562 dev_queue_xmit_nit(skb, dev); 3553 3563 … … out: 3587 3597 return skb; 3588 3598 } 3589 3599 3600 EXPORT_SYMBOL_GPL(dev_hard_start_xmit); 3601 3590 3602 static struct sk_buff *validate_xmit_vlan(struct sk_buff *skb, 3591 3603 netdev_features_t features) 3592 3604 { -
net/core/skbuff.c
diff -purN linux-5.8_org/net/core/skbuff.c linux-5.8/net/core/skbuff.c
old new static struct kmem_cache *skbuff_ext_cac 87 87 int sysctl_max_skb_frags __read_mostly = MAX_SKB_FRAGS; 88 88 EXPORT_SYMBOL(sysctl_max_skb_frags); 89 89 90 #if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) 91 static struct kmem_cache *skbuff_cb_store_cache __read_mostly; 92 93 /* Control buffer save/restore for IMQ devices */ 94 struct skb_cb_table { 95 char cb[48] __aligned(8); 96 void *cb_next; 97 }; 98 99 int skb_save_cb(struct sk_buff *skb) 100 { 101 struct skb_cb_table *next; 102 103 next = kmem_cache_alloc(skbuff_cb_store_cache, GFP_ATOMIC); 104 if (!next) 105 return -ENOMEM; 106 107 BUILD_BUG_ON(sizeof(skb->cb) != sizeof(next->cb)); 108 109 memcpy(next->cb, skb->cb, sizeof(skb->cb)); 110 next->cb_next = skb->cb_next; 111 skb->cb_next = next; 112 smp_wmb(); 113 114 return 0; 115 } 116 EXPORT_SYMBOL(skb_save_cb); 117 118 int skb_restore_cb(struct sk_buff *skb) 119 { 120 struct skb_cb_table *next; 121 122 if (!skb->cb_next) 123 return 0; 124 125 next = skb->cb_next; 126 127 BUILD_BUG_ON(sizeof(skb->cb) != sizeof(next->cb)); 128 129 memcpy(skb->cb, next->cb, sizeof(skb->cb)); 130 skb->cb_next = next->cb_next; 131 smp_wmb(); 132 133 kmem_cache_free(skbuff_cb_store_cache, next); 134 135 return 0; 136 } 137 EXPORT_SYMBOL(skb_restore_cb); 138 #endif 139 90 140 /** 91 141 * skb_panic - private function for out-of-line support 92 142 * @skb: buffer … … void skb_release_head_state(struct sk_bu 650 700 WARN_ON(in_irq()); 651 701 skb->destructor(skb); 652 702 } 703 #if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) 704 /* 705 * This should not happen. When it does, avoid memleak by restoring 706 * the chain of cb-backups. 707 */ 708 while (skb->cb_next != NULL) { 709 if (net_ratelimit()) 710 pr_warn("IMQ: kfree_skb: skb->cb_next: %08x\n", 711 (unsigned int)(uintptr_t)skb->cb_next); 712 713 skb_restore_cb(skb); 714 } 715 /* 716 * This should not happen either, nf_queue_entry is nullified in 717 * imq_dev_xmit(). If we have non-NULL nf_queue_entry then we are 718 * leaking entry pointers, maybe memory. We don't know if this is 719 * pointer to already freed memory, or should this be freed. 720 * If this happens we need to add refcounting, etc for nf_queue_entry. 721 */ 722 if (skb->nf_queue_entry && net_ratelimit()) 723 pr_warn("%s\n", "IMQ: kfree_skb: skb->nf_queue_entry != NULL"); 724 #endif 653 725 #if IS_ENABLED(CONFIG_NF_CONNTRACK) 654 726 nf_conntrack_put(skb_nfct(skb)); 655 727 #endif … … static void __copy_skb_header(struct sk_ 934 1006 skb_dst_copy(new, old); 935 1007 __skb_ext_copy(new, old); 936 1008 __nf_copy(new, old, false); 1009 #if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) 1010 new->cb_next = NULL; 1011 #endif 937 1012 938 1013 /* Note : this field could be in headers_start/headers_end section 939 1014 * It is not yet because we do not want to have a 16 bit hole … … void __init skb_init(void) 4257 4332 0, 4258 4333 SLAB_HWCACHE_ALIGN|SLAB_PANIC, 4259 4334 NULL); 4335 #if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) 4336 skbuff_cb_store_cache = kmem_cache_create("skbuff_cb_store_cache", 4337 sizeof(struct skb_cb_table), 4338 0, 4339 SLAB_HWCACHE_ALIGN|SLAB_PANIC, 4340 NULL); 4341 #endif 4260 4342 skb_extensions_init(); 4261 4343 } 4262 4344 -
net/netfilter/core.c
diff -purN linux-5.8_org/net/netfilter/core.c linux-5.8/net/netfilter/core.c
old new int nf_hook_slow(struct sk_buff *skb, st 519 519 if (ret == 0) 520 520 ret = -EPERM; 521 521 return ret; 522 case NF_IMQ_QUEUE: 523 ret = nf_queue(skb, state, s, verdict); 524 if (ret == -ECANCELED) 525 continue; 526 return ret; 522 527 case NF_QUEUE: 523 528 ret = nf_queue(skb, state, s, verdict); 524 529 if (ret == 1) -
net/netfilter/Kconfig
diff -purN linux-5.8_org/net/netfilter/Kconfig linux-5.8/net/netfilter/Kconfig
old new config NETFILTER_XT_TARGET_LOG 921 921 922 922 To compile it as a module, choose M here. If unsure, say N. 923 923 924 config NETFILTER_XT_TARGET_IMQ 925 tristate '"IMQ" target support' 926 depends on NETFILTER_XTABLES 927 depends on IP_NF_MANGLE || IP6_NF_MANGLE 928 select IMQ 929 default m if NETFILTER_ADVANCED=n 930 help 931 This option adds a `IMQ' target which is used to specify if and 932 to which imq device packets should get enqueued/dequeued. 933 934 To compile it as a module, choose M here. If unsure, say N. 935 924 936 config NETFILTER_XT_TARGET_MARK 925 937 tristate '"MARK" target support' 926 938 depends on NETFILTER_ADVANCED -
net/netfilter/Makefile
diff -purN linux-5.8_org/net/netfilter/Makefile linux-5.8/net/netfilter/Makefile
old new obj-$(CONFIG_NETFILTER_XT_TARGET_CT) += 147 147 obj-$(CONFIG_NETFILTER_XT_TARGET_DSCP) += xt_DSCP.o 148 148 obj-$(CONFIG_NETFILTER_XT_TARGET_HL) += xt_HL.o 149 149 obj-$(CONFIG_NETFILTER_XT_TARGET_HMARK) += xt_HMARK.o 150 obj-$(CONFIG_NETFILTER_XT_TARGET_IMQ) += xt_IMQ.o 150 151 obj-$(CONFIG_NETFILTER_XT_TARGET_LED) += xt_LED.o 151 152 obj-$(CONFIG_NETFILTER_XT_TARGET_LOG) += xt_LOG.o 152 153 obj-$(CONFIG_NETFILTER_XT_TARGET_NETMAP) += xt_NETMAP.o -
net/netfilter/nf_queue.c
diff -purN linux-5.8_org/net/netfilter/nf_queue.c linux-5.8/net/netfilter/nf_queue.c
old new 29 29 * receives, no matter what. 30 30 */ 31 31 32 #if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) 33 static const struct nf_queue_handler __rcu *queue_imq_handler __read_mostly; 34 35 void nf_register_queue_imq_handler(const struct nf_queue_handler *qh) 36 { 37 rcu_assign_pointer(queue_imq_handler, qh); 38 } 39 EXPORT_SYMBOL_GPL(nf_register_queue_imq_handler); 40 41 void nf_unregister_queue_imq_handler(void) 42 { 43 RCU_INIT_POINTER(queue_imq_handler, NULL); 44 synchronize_rcu(); 45 } 46 EXPORT_SYMBOL_GPL(nf_unregister_queue_imq_handler); 47 #endif 48 32 49 /* return EBUSY when somebody else is registered, return EEXIST if the 33 50 * same handler is registered, return 0 in case of success. */ 34 51 void nf_register_queue_handler(struct net *net, const struct nf_queue_handler *qh) … … static void nf_ip6_saveroute(const struc 153 170 } 154 171 155 172 static int __nf_queue(struct sk_buff *skb, const struct nf_hook_state *state, 156 unsigned int index, unsigned int queuenum)173 unsigned int index, unsigned int verdict) 157 174 { 158 175 struct nf_queue_entry *entry = NULL; 159 176 const struct nf_queue_handler *qh; 160 177 struct net *net = state->net; 161 178 unsigned int route_key_size; 179 unsigned int queuetype = verdict & NF_VERDICT_MASK; 180 unsigned int queuenum = verdict >> NF_VERDICT_QBITS; 162 181 int status; 163 182 164 183 /* QUEUE == DROP if no one is waiting, to be safe. */ 165 qh = rcu_dereference(net->nf.queue_handler); 184 if (queuetype == NF_IMQ_QUEUE) { 185 #if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) 186 qh = rcu_dereference(queue_imq_handler); 187 #else 188 BUG(); 189 goto err_unlock; 190 #endif 191 } else { 192 qh = rcu_dereference(net->nf.queue_handler); 193 } 194 166 195 if (!qh) 167 196 return -ESRCH; 168 197 … … int nf_queue(struct sk_buff *skb, struct 222 251 { 223 252 int ret; 224 253 225 ret = __nf_queue(skb, state, index, verdict >> NF_VERDICT_QBITS);254 ret = __nf_queue(skb, state, index, verdict); 226 255 if (ret < 0) { 256 257 #if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) 258 /* IMQ Bypass */ 259 if (ret == -ECANCELED && skb->imq_flags == 0) { 260 return 1; 261 } 262 #endif 263 227 264 if (ret == -ESRCH && 228 265 (verdict & NF_VERDICT_FLAG_QUEUE_BYPASS)) 229 266 return 1; … … next_hook: 326 363 local_bh_enable(); 327 364 break; 328 365 case NF_QUEUE: 366 case NF_IMQ_QUEUE: 329 367 err = nf_queue(skb, &entry->state, i, verdict); 330 368 if (err == 1) 331 369 goto next_hook; -
net/netfilter/xt_IMQ.c
diff -purN linux-5.8_org/net/netfilter/xt_IMQ.c linux-5.8/net/netfilter/xt_IMQ.c
old new 1 /* 2 * This target marks packets to be enqueued to an imq device 3 */ 4 #include <linux/module.h> 5 #include <linux/skbuff.h> 6 #include <linux/netfilter/x_tables.h> 7 #include <linux/netfilter/xt_IMQ.h> 8 #include <linux/imq.h> 9 10 static unsigned int imq_target(struct sk_buff *pskb, 11 const struct xt_action_param *par) 12 { 13 const struct xt_imq_info *mr = par->targinfo; 14 15 pskb->imq_flags = (mr->todev & IMQ_F_IFMASK) | IMQ_F_ENQUEUE; 16 17 return XT_CONTINUE; 18 } 19 20 static int imq_checkentry(const struct xt_tgchk_param *par) 21 { 22 struct xt_imq_info *mr = par->targinfo; 23 24 if (mr->todev > IMQ_MAX_DEVS - 1) { 25 pr_warn("IMQ: invalid device specified, highest is %u\n", 26 IMQ_MAX_DEVS - 1); 27 return -EINVAL; 28 } 29 30 return 0; 31 } 32 33 static struct xt_target xt_imq_reg[] __read_mostly = { 34 { 35 .name = "IMQ", 36 .family = AF_INET, 37 .checkentry = imq_checkentry, 38 .target = imq_target, 39 .targetsize = sizeof(struct xt_imq_info), 40 .table = "mangle", 41 .me = THIS_MODULE 42 }, 43 { 44 .name = "IMQ", 45 .family = AF_INET6, 46 .checkentry = imq_checkentry, 47 .target = imq_target, 48 .targetsize = sizeof(struct xt_imq_info), 49 .table = "mangle", 50 .me = THIS_MODULE 51 }, 52 }; 53 54 static int __init imq_init(void) 55 { 56 return xt_register_targets(xt_imq_reg, ARRAY_SIZE(xt_imq_reg)); 57 } 58 59 static void __exit imq_fini(void) 60 { 61 xt_unregister_targets(xt_imq_reg, ARRAY_SIZE(xt_imq_reg)); 62 } 63 64 module_init(imq_init); 65 module_exit(imq_fini); 66 67 MODULE_AUTHOR("https://github.com/imq/linuximq"); 68 MODULE_DESCRIPTION("Pseudo-driver for the intermediate queue device. See https://github.com/imq/linuximq/wiki for more information."); 69 MODULE_LICENSE("GPL"); 70 MODULE_ALIAS("ipt_IMQ"); 71 MODULE_ALIAS("ip6t_IMQ"); 72 -
net/sched/sch_generic.c
diff -purN linux-5.8_org/net/sched/sch_generic.c linux-5.8/net/sched/sch_generic.c
old new trace: 273 273 return skb; 274 274 } 275 275 276 struct sk_buff *qdisc_dequeue_skb(struct Qdisc *q, bool *validate) 277 { 278 int packets; 279 280 return dequeue_skb(q, validate, &packets); 281 } 282 EXPORT_SYMBOL(qdisc_dequeue_skb); 283 276 284 /* 277 285 * Transmit possibly several skbs, and handle the return status as 278 286 * required. Owning running seqcount bit guarantees that
Note: See TracBrowser
for help on using the repository browser.
