From 020b3d2c64f34f1e26941f0cba51f5caee2660d7 Mon Sep 17 00:00:00 2001 From: lean Date: Fri, 25 Feb 2022 18:15:14 +0800 Subject: [PATCH] kernel:add support shortcut-fe for 5.15 --- package/lean/openwrt-fullconenat/Makefile | 4 +- ...1-fix-nf_conntrack_register_notifier.patch | 25 ++ .../fast-classifier/src/fast-classifier.c | 10 +- .../lean/shortcut-fe/shortcut-fe/src/sfe_cm.c | 9 +- .../lean/shortcut-fe/shortcut-fe/src/sfe_cm.h | 3 +- ...-linux-kernel-to-support-shortcut-fe.patch | 236 ++++++++++++++++++ 6 files changed, 281 insertions(+), 6 deletions(-) create mode 100644 package/lean/openwrt-fullconenat/patches/0001-fix-nf_conntrack_register_notifier.patch create mode 100644 target/linux/generic/hack-5.15/953-net-patch-linux-kernel-to-support-shortcut-fe.patch diff --git a/package/lean/openwrt-fullconenat/Makefile b/package/lean/openwrt-fullconenat/Makefile index 13ccff1be..3036baf24 100644 --- a/package/lean/openwrt-fullconenat/Makefile +++ b/package/lean/openwrt-fullconenat/Makefile @@ -41,7 +41,9 @@ define KernelPackage/ipt-fullconenat TITLE:=FULLCONENAT netfilter module DEPENDS:=+kmod-nf-ipt +kmod-nf-nat MAINTAINER:=Chion Tang - KCONFIG:=CONFIG_NF_CONNTRACK_EVENTS=y CONFIG_NF_CONNTRACK_CHAIN_EVENTS=y + KCONFIG:= \ + CONFIG_NF_CONNTRACK_EVENTS=y \ + CONFIG_NF_CONNTRACK_CHAIN_EVENTS=y FILES:=$(PKG_BUILD_DIR)/xt_FULLCONENAT.ko endef diff --git a/package/lean/openwrt-fullconenat/patches/0001-fix-nf_conntrack_register_notifier.patch b/package/lean/openwrt-fullconenat/patches/0001-fix-nf_conntrack_register_notifier.patch new file mode 100644 index 000000000..4ff41f5e1 --- /dev/null +++ b/package/lean/openwrt-fullconenat/patches/0001-fix-nf_conntrack_register_notifier.patch @@ -0,0 +1,25 @@ +From ea9e2477624adaa40e8a553ef876f60ec8d3150c Mon Sep 17 00:00:00 2001 +From: W_Y_CPP <383152993@qq.com> +Date: Fri, 18 Feb 2022 00:53:12 -0500 +Subject: [PATCH] refresh + +--- + xt_FULLCONENAT.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/xt_FULLCONENAT.c b/xt_FULLCONENAT.c +index f96cfd8a3..237666039 100644 +--- a/xt_FULLCONENAT.c ++++ b/xt_FULLCONENAT.c +@@ -1258,8 +1258,7 @@ static int fullconenat_tg_check(const struct xt_tgchk_param *par) + #endif + + #if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 15, 0) && !defined(CONFIG_NF_CONNTRACK_CHAIN_EVENTS) +- if (!READ_ONCE(par->net->ct.nf_conntrack_event_cb)) { +- nf_conntrack_register_notifier(par->net, &ct_event_notifier); ++ if (!READ_ONCE(par->net->ct.nf_conntrack_event_cb)&&(nf_conntrack_register_notifier(par->net, &ct_event_notifier)==0)) { + #else + if (nf_conntrack_register_notifier(par->net, &ct_event_notifier) == 0) { + #endif +-- +2.17.1 diff --git a/package/lean/shortcut-fe/fast-classifier/src/fast-classifier.c b/package/lean/shortcut-fe/fast-classifier/src/fast-classifier.c index 6671f816d..085bd0f73 100644 --- a/package/lean/shortcut-fe/fast-classifier/src/fast-classifier.c +++ b/package/lean/shortcut-fe/fast-classifier/src/fast-classifier.c @@ -451,6 +451,7 @@ static u32 fc_conn_hash(sfe_ip_addr_t *saddr, sfe_ip_addr_t *daddr, */ static int fast_classifier_update_protocol(struct sfe_connection_create *p_sic, struct nf_conn *ct) { + struct net *net=NULL ; switch (p_sic->protocol) { case IPPROTO_TCP: p_sic->src_td_window_scale = ct->proto.tcp.seen[0].td_scale; @@ -461,8 +462,13 @@ static int fast_classifier_update_protocol(struct sfe_connection_create *p_sic, p_sic->dest_td_max_window = ct->proto.tcp.seen[1].td_maxwin; p_sic->dest_td_end = ct->proto.tcp.seen[1].td_end; p_sic->dest_td_max_end = ct->proto.tcp.seen[1].td_maxend; - - if (nf_ct_tcp_no_window_check +#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 15, 0) + net = nf_ct_net(ct); + if ((net&&net->ct.sysctl_no_window_check) +#else + if (nf_ct_tcp_no_window_check +#endif + || (ct->proto.tcp.seen[0].flags & IP_CT_TCP_FLAG_BE_LIBERAL) || (ct->proto.tcp.seen[1].flags & IP_CT_TCP_FLAG_BE_LIBERAL)) { p_sic->flags |= SFE_CREATE_FLAG_NO_SEQ_CHECK; diff --git a/package/lean/shortcut-fe/shortcut-fe/src/sfe_cm.c b/package/lean/shortcut-fe/shortcut-fe/src/sfe_cm.c index d042c740e..eab7572c0 100644 --- a/package/lean/shortcut-fe/shortcut-fe/src/sfe_cm.c +++ b/package/lean/shortcut-fe/shortcut-fe/src/sfe_cm.c @@ -311,6 +311,7 @@ static unsigned int sfe_cm_post_routing(struct sk_buff *skb, int is_v4) struct nf_conntrack_tuple reply_tuple; struct sk_buff *tmp_skb = NULL; SFE_NF_CONN_ACCT(acct); + struct net *net=NULL; /* * Don't process broadcast or multicast packets. @@ -496,8 +497,12 @@ static unsigned int sfe_cm_post_routing(struct sk_buff *skb, int is_v4) sic.dest_td_max_window = ct->proto.tcp.seen[1].td_maxwin; sic.dest_td_end = ct->proto.tcp.seen[1].td_end; sic.dest_td_max_end = ct->proto.tcp.seen[1].td_maxend; - - if (nf_ct_tcp_no_window_check +#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 15, 0) + net = nf_ct_net(ct); + if ((net&&net->ct.sysctl_no_window_check) +#else + if (nf_ct_tcp_no_window_check +#endif || (ct->proto.tcp.seen[0].flags & IP_CT_TCP_FLAG_BE_LIBERAL) || (ct->proto.tcp.seen[1].flags & IP_CT_TCP_FLAG_BE_LIBERAL)) { sic.flags |= SFE_CREATE_FLAG_NO_SEQ_CHECK; diff --git a/package/lean/shortcut-fe/shortcut-fe/src/sfe_cm.h b/package/lean/shortcut-fe/shortcut-fe/src/sfe_cm.h index 23cbde859..124c86f47 100644 --- a/package/lean/shortcut-fe/shortcut-fe/src/sfe_cm.h +++ b/package/lean/shortcut-fe/shortcut-fe/src/sfe_cm.h @@ -152,8 +152,9 @@ extern int (*athrs_fast_nat_recv)(struct sk_buff *skb); /* * Expose what should be a static flag in the TCP connection tracker. */ +#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 15, 0) extern int nf_ct_tcp_no_window_check; - +#endif /* * This callback will be called in a timer * at 100 times per second to sync stats back to diff --git a/target/linux/generic/hack-5.15/953-net-patch-linux-kernel-to-support-shortcut-fe.patch b/target/linux/generic/hack-5.15/953-net-patch-linux-kernel-to-support-shortcut-fe.patch new file mode 100644 index 000000000..21fa171fe --- /dev/null +++ b/target/linux/generic/hack-5.15/953-net-patch-linux-kernel-to-support-shortcut-fe.patch @@ -0,0 +1,236 @@ +From ff52cd74910cb21ff3e612ddb359101ce7ad274e Mon Sep 17 00:00:00 2001 +From: W_Y_CPP <383152993@qq.com> +Date: Wed, 19 Jan 2022 04:56:01 -0500 +Subject: [PATCH] net-patch-linux-kernel-to-support-shortcut-fe + +--- + include/linux/if_bridge.h | 3 +++ + include/linux/skbuff.h | 4 +++ + include/linux/timer.h | 4 +++ + include/net/netfilter/nf_conntrack_ecache.h | 2 ++ + net/Kconfig | 3 +++ + net/bridge/br_if.c | 22 ++++++++++++++++ + net/core/dev.c | 10 +++++++++++++++++++-- + net/netfilter/nf_conntrack_ecache.c | 25 ++++++++++++++++-- + 8 files changed, 115 insertions(+), 7 deletions(-) + +diff --git a/include/linux/if_bridge.h b/include/linux/if_bridge.h +index 509e18c7e..d0ea4afbb 100644 +--- a/include/linux/if_bridge.h ++++ b/include/linux/if_bridge.h +@@ -68,6 +68,9 @@ void brioctl_set(int (*hook)(struct net *net, struct net_bridge *br, + int br_ioctl_call(struct net *net, struct net_bridge *br, unsigned int cmd, + struct ifreq *ifr, void __user *uarg); + ++extern void br_dev_update_stats(struct net_device *dev, ++ struct rtnl_link_stats64 *nlstats); ++ + #if IS_ENABLED(CONFIG_BRIDGE) && IS_ENABLED(CONFIG_BRIDGE_IGMP_SNOOPING) + int br_multicast_list_adjacent(struct net_device *dev, + struct list_head *br_ip_list); +diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h +index b8c273af2..2e238037c 100644 +--- a/include/linux/skbuff.h ++++ b/include/linux/skbuff.h +@@ -873,6 +873,10 @@ struct sk_buff { + #endif + __u8 slow_gro:1; + ++#ifdef CONFIG_SHORTCUT_FE ++ __u8 fast_forwarded:1; ++#endif ++ + #ifdef CONFIG_NET_SCHED + __u16 tc_index; /* traffic control index */ + #endif +diff --git a/include/linux/timer.h b/include/linux/timer.h +index fda13c9d1..b69492fd4 100644 +--- a/include/linux/timer.h ++++ b/include/linux/timer.h +@@ -18,6 +18,10 @@ struct timer_list { + void (*function)(struct timer_list *); + u32 flags; + ++#ifdef CONFIG_SHORTCUT_FE ++ unsigned long cust_data; ++#endif ++ + #ifdef CONFIG_LOCKDEP + struct lockdep_map lockdep_map; + #endif +diff --git a/include/net/netfilter/nf_conntrack_ecache.h b/include/net/netfilter/nf_conntrack_ecache.h +index c45657013..3c02392ea 100644 +--- a/include/net/netfilter/nf_conntrack_ecache.h ++++ b/include/net/netfilter/nf_conntrack_ecache.h +@@ -86,6 +86,8 @@ struct nf_ct_event_notifier { + #ifdef CONFIG_NF_CONNTRACK_CHAIN_EVENTS + extern int nf_conntrack_register_notifier(struct net *net, struct notifier_block *nb); + extern int nf_conntrack_unregister_notifier(struct net *net, struct notifier_block *nb); ++extern int nf_conntrack_register_chain_notifier(struct net *net, struct notifier_block *nb); ++extern int nf_conntrack_unregister_chain_notifier(struct net *net, struct notifier_block *nb); + #else + int nf_conntrack_register_notifier(struct net *net, + const struct nf_ct_event_notifier *nb); +diff --git a/net/Kconfig b/net/Kconfig +index fb13460c6..2e926a2ed 100644 +--- a/net/Kconfig ++++ b/net/Kconfig +@@ -447,6 +447,9 @@ config FAILOVER + migration of VMs with direct attached VFs by failing over to the + paravirtual datapath when the VF is unplugged. + ++config SHORTCUT_FE ++ bool "Enables kernel network stack path for Shortcut Forwarding Engine" ++ + config ETHTOOL_NETLINK + bool "Netlink interface for ethtool" + default y +diff --git a/net/bridge/br_if.c b/net/bridge/br_if.c +index 4a02f8bb2..8a85ab557 100644 +--- a/net/bridge/br_if.c ++++ b/net/bridge/br_if.c +@@ -773,6 +773,28 @@ void br_port_flags_change(struct net_bridge_port *p, unsigned long mask) + br_recalculate_neigh_suppress_enabled(br); + } + ++void br_dev_update_stats(struct net_device *dev, ++ struct rtnl_link_stats64 *nlstats) ++{ ++ ++ struct pcpu_sw_netstats *stats; ++ ++ /* Is this a bridge? */ ++ if (!(dev->priv_flags & IFF_EBRIDGE)) ++ return; ++ ++ ++ stats = this_cpu_ptr(dev->tstats); ++ ++ u64_stats_update_begin(&stats->syncp); ++ stats->rx_packets += nlstats->rx_packets; ++ stats->rx_bytes += nlstats->rx_bytes; ++ stats->tx_packets += nlstats->tx_packets; ++ stats->tx_bytes += nlstats->tx_bytes; ++ u64_stats_update_end(&stats->syncp); ++} ++EXPORT_SYMBOL_GPL(br_dev_update_stats); ++ + bool br_port_flag_is_set(const struct net_device *dev, unsigned long flag) + { + struct net_bridge_port *p; +diff --git a/net/core/dev.c b/net/core/dev.c +index e0878a500..4a9846b64 100644 +--- a/net/core/dev.c ++++ b/net/core/dev.c +@@ -3574,9 +3574,17 @@ static int xmit_one(struct sk_buff *skb, struct net_device *dev, + { + unsigned int len; + int rc; +- ++#ifdef CONFIG_SHORTCUT_FE ++ /* If this skb has been fast forwarded then we don't want it to ++ * go to any taps (by definition we're trying to bypass them). ++ */ ++ if (!skb->fast_forwarded) { ++#endif + if (dev_nit_active(dev)) + dev_queue_xmit_nit(skb, dev); ++#ifdef CONFIG_SHORTCUT_FE ++ } ++#endif + + #ifdef CONFIG_ETHERNET_PACKET_MANGLE + if (dev->eth_mangle_tx && !(skb = dev->eth_mangle_tx(dev, skb))) +@@ -5198,6 +5205,11 @@ void netdev_rx_handler_unregister(struct net_device *dev) + } + EXPORT_SYMBOL_GPL(netdev_rx_handler_unregister); + ++#ifdef CONFIG_SHORTCUT_FE ++int (*athrs_fast_nat_recv)(struct sk_buff *skb) __rcu __read_mostly; ++EXPORT_SYMBOL_GPL(athrs_fast_nat_recv); ++#endif ++ + /* + * Limit the use of PFMEMALLOC reserves to those protocols that implement + * the special handling of PFMEMALLOC skbs. +@@ -5246,6 +5258,10 @@ static int __netif_receive_skb_core(struct sk_buff **pskb, bool pfmemalloc, + int ret = NET_RX_DROP; + __be16 type; + ++#ifdef CONFIG_SHORTCUT_FE ++ int (*fast_recv)(struct sk_buff *skb); ++#endif ++ + net_timestamp_check(!netdev_tstamp_prequeue, skb); + + trace_netif_receive_skb(skb); +@@ -5283,6 +5299,15 @@ another_round: + goto out; + } + ++#ifdef CONFIG_SHORTCUT_FE ++ fast_recv = rcu_dereference(athrs_fast_nat_recv); ++ if (fast_recv) { ++ if (fast_recv(skb)) { ++ ret = NET_RX_SUCCESS; ++ goto out; ++ } ++ } ++#endif + if (skb_skip_tc_classify(skb)) + goto skip_classify; + +diff --git a/net/netfilter/nf_conntrack_ecache.c b/net/netfilter/nf_conntrack_ecache.c +index 9d8075db0..fc49b77e4 100644 +--- a/net/netfilter/nf_conntrack_ecache.c ++++ b/net/netfilter/nf_conntrack_ecache.c +@@ -149,12 +149,23 @@ static int __nf_conntrack_eventmask_report(struct nf_conntrack_ecache *e, + rcu_read_lock(); + + notify = rcu_dereference(net->ct.nf_conntrack_event_cb); +- if (!notify) { ++#ifdef CONFIG_NF_CONNTRACK_CHAIN_EVENTS ++ if (!notify && !rcu_dereference_raw(net->ct.nf_conntrack_chain.head)) ++#else ++ if (!notify) ++#endif ++ { + rcu_read_unlock(); + return 0; + } +- ++#ifdef CONFIG_NF_CONNTRACK_CHAIN_EVENTS ++ ret = atomic_notifier_call_chain(&net->ct.nf_conntrack_chain, ++ events | missed, &item); ++ if (notify) ++ ret = notify->ct_event(events | missed, item); ++#else + ret = notify->ct_event(events | missed, item); ++#endif + rcu_read_unlock(); + + if (likely(ret >= 0 && missed == 0)) +@@ -345,6 +356,11 @@ int nf_conntrack_register_notifier(struct net *net, + { + return atomic_notifier_chain_register(&net->ct.nf_conntrack_chain, nb); + } ++int nf_conntrack_register_chain_notifier(struct net *net, struct notifier_block *nb) ++{ ++ return atomic_notifier_chain_register(&net->ct.nf_conntrack_chain, nb); ++} ++EXPORT_SYMBOL_GPL(nf_conntrack_register_chain_notifier); + #else + int nf_conntrack_register_notifier(struct net *net, + const struct nf_ct_event_notifier *new) +@@ -375,6 +391,11 @@ int nf_conntrack_unregister_notifier(struct net *net, struct notifier_block *nb) + { + return atomic_notifier_chain_unregister(&net->ct.nf_conntrack_chain, nb); + } ++int nf_conntrack_unregister_chain_notifier(struct net *net, struct notifier_block *nb) ++{ ++ return atomic_notifier_chain_unregister(&net->ct.nf_conntrack_chain, nb); ++} ++EXPORT_SYMBOL_GPL(nf_conntrack_unregister_chain_notifier); + #else + void nf_conntrack_unregister_notifier(struct net *net) + { \ No newline at end of file