kernel:add support shortcut-fe for 5.15

package/lean/openwrt-fullconenat/Makefile

@@ -41,7 +41,9 @@ define KernelPackage/ipt-fullconenat
   TITLE:=FULLCONENAT netfilter module
   DEPENDS:=+kmod-nf-ipt +kmod-nf-nat
   MAINTAINER:=Chion Tang <tech@chionlab.moe>
-  KCONFIG:=CONFIG_NF_CONNTRACK_EVENTS=y CONFIG_NF_CONNTRACK_CHAIN_EVENTS=y
+  KCONFIG:=  \
+	CONFIG_NF_CONNTRACK_EVENTS=y \
+	CONFIG_NF_CONNTRACK_CHAIN_EVENTS=y
   FILES:=$(PKG_BUILD_DIR)/xt_FULLCONENAT.ko
 endef
 

package/lean/openwrt-fullconenat/patches/0001-fix-nf_conntrack_register_notifier.patch

@@ -0,0 +1,25 @@
+From ea9e2477624adaa40e8a553ef876f60ec8d3150c Mon Sep 17 00:00:00 2001
+From: W_Y_CPP <383152993@qq.com>
+Date: Fri, 18 Feb 2022 00:53:12 -0500
+Subject: [PATCH] refresh
+
+---
+ xt_FULLCONENAT.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/xt_FULLCONENAT.c b/xt_FULLCONENAT.c
+index f96cfd8a3..237666039 100644
+--- a/xt_FULLCONENAT.c
++++ b/xt_FULLCONENAT.c
+@@ -1258,8 +1258,7 @@ static int fullconenat_tg_check(const struct xt_tgchk_param *par)
+ #endif
+ 
+ #if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 15, 0) && !defined(CONFIG_NF_CONNTRACK_CHAIN_EVENTS)
+-    if (!READ_ONCE(par->net->ct.nf_conntrack_event_cb)) {
+-      nf_conntrack_register_notifier(par->net, &ct_event_notifier);
++    if (!READ_ONCE(par->net->ct.nf_conntrack_event_cb)&&(nf_conntrack_register_notifier(par->net, &ct_event_notifier)==0)) {
+ #else
+     if (nf_conntrack_register_notifier(par->net, &ct_event_notifier) == 0) {
+ #endif
+-- 
+2.17.1

package/lean/shortcut-fe/fast-classifier/src/fast-classifier.c

@@ -451,6 +451,7 @@ static u32 fc_conn_hash(sfe_ip_addr_t *saddr, sfe_ip_addr_t *daddr,
  */
 static int fast_classifier_update_protocol(struct sfe_connection_create *p_sic, struct nf_conn *ct)
 {
+	struct net *net=NULL ;
 	switch (p_sic->protocol) {
 	case IPPROTO_TCP:
 		p_sic->src_td_window_scale = ct->proto.tcp.seen[0].td_scale;
@@ -461,8 +462,13 @@ static int fast_classifier_update_protocol(struct sfe_connection_create *p_sic,
 		p_sic->dest_td_max_window = ct->proto.tcp.seen[1].td_maxwin;
 		p_sic->dest_td_end = ct->proto.tcp.seen[1].td_end;
 		p_sic->dest_td_max_end = ct->proto.tcp.seen[1].td_maxend;
-
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 15, 0) 
+	net = nf_ct_net(ct);
+	if ((net&&net->ct.sysctl_no_window_check)
+#else
 	if (nf_ct_tcp_no_window_check
+#endif
+	
 		    || (ct->proto.tcp.seen[0].flags & IP_CT_TCP_FLAG_BE_LIBERAL)
 		    || (ct->proto.tcp.seen[1].flags & IP_CT_TCP_FLAG_BE_LIBERAL)) {
 			p_sic->flags |= SFE_CREATE_FLAG_NO_SEQ_CHECK;

package/lean/shortcut-fe/shortcut-fe/src/sfe_cm.c

@@ -311,6 +311,7 @@ static unsigned int sfe_cm_post_routing(struct sk_buff *skb, int is_v4)
 	struct nf_conntrack_tuple reply_tuple;
 	struct sk_buff *tmp_skb = NULL;
 	SFE_NF_CONN_ACCT(acct);
+	struct net *net=NULL;
 
 	/*
 	 * Don't process broadcast or multicast packets.
@@ -496,8 +497,12 @@ static unsigned int sfe_cm_post_routing(struct sk_buff *skb, int is_v4)
 		sic.dest_td_max_window = ct->proto.tcp.seen[1].td_maxwin;
 		sic.dest_td_end = ct->proto.tcp.seen[1].td_end;
 		sic.dest_td_max_end = ct->proto.tcp.seen[1].td_maxend;
-
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 15, 0) 
+	net = nf_ct_net(ct);
+	if ((net&&net->ct.sysctl_no_window_check)
+#else
 	if (nf_ct_tcp_no_window_check
+#endif
 		    || (ct->proto.tcp.seen[0].flags & IP_CT_TCP_FLAG_BE_LIBERAL)
 		    || (ct->proto.tcp.seen[1].flags & IP_CT_TCP_FLAG_BE_LIBERAL)) {
 			sic.flags |= SFE_CREATE_FLAG_NO_SEQ_CHECK;

package/lean/shortcut-fe/shortcut-fe/src/sfe_cm.h

@@ -152,8 +152,9 @@ extern int (*athrs_fast_nat_recv)(struct sk_buff *skb);
 /*
  * Expose what should be a static flag in the TCP connection tracker.
  */
+#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 15, 0)
 extern int nf_ct_tcp_no_window_check;
-
+#endif
 /*
  * This callback will be called in a timer
  * at 100 times per second to sync stats back to

target/linux/generic/hack-5.15/953-net-patch-linux-kernel-to-support-shortcut-fe.patch

@@ -0,0 +1,236 @@
+From ff52cd74910cb21ff3e612ddb359101ce7ad274e Mon Sep 17 00:00:00 2001
+From: W_Y_CPP <383152993@qq.com>
+Date: Wed, 19 Jan 2022 04:56:01 -0500
+Subject: [PATCH] net-patch-linux-kernel-to-support-shortcut-fe
+
+---
+ include/linux/if_bridge.h                   |  3 +++
+ include/linux/skbuff.h                      |  4 +++
+ include/linux/timer.h                       |  4 +++
+ include/net/netfilter/nf_conntrack_ecache.h |  2 ++
+ net/Kconfig                                 |  3 +++
+ net/bridge/br_if.c                          | 22 ++++++++++++++++
+ net/core/dev.c                              | 10 +++++++++++++++++++--
+ net/netfilter/nf_conntrack_ecache.c         | 25 ++++++++++++++++--
+ 8 files changed, 115 insertions(+), 7 deletions(-)
+
+diff --git a/include/linux/if_bridge.h b/include/linux/if_bridge.h
+index 509e18c7e..d0ea4afbb 100644
+--- a/include/linux/if_bridge.h
++++ b/include/linux/if_bridge.h
+@@ -68,6 +68,9 @@ void brioctl_set(int (*hook)(struct net *net, struct net_bridge *br,
+ int br_ioctl_call(struct net *net, struct net_bridge *br, unsigned int cmd,
+ 		  struct ifreq *ifr, void __user *uarg);
+ 
++extern void br_dev_update_stats(struct net_device *dev,
++				struct rtnl_link_stats64 *nlstats);
++
+ #if IS_ENABLED(CONFIG_BRIDGE) && IS_ENABLED(CONFIG_BRIDGE_IGMP_SNOOPING)
+ int br_multicast_list_adjacent(struct net_device *dev,
+ 			       struct list_head *br_ip_list);
+diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
+index b8c273af2..2e238037c 100644
+--- a/include/linux/skbuff.h
++++ b/include/linux/skbuff.h
+@@ -873,6 +873,10 @@ struct sk_buff {
+ #endif
+ 	__u8			slow_gro:1;
+ 
++#ifdef CONFIG_SHORTCUT_FE
++	__u8			fast_forwarded:1;
++#endif
++
+ #ifdef CONFIG_NET_SCHED
+ 	__u16			tc_index;	/* traffic control index */
+ #endif
+diff --git a/include/linux/timer.h b/include/linux/timer.h
+index fda13c9d1..b69492fd4 100644
+--- a/include/linux/timer.h
++++ b/include/linux/timer.h
+@@ -18,6 +18,10 @@ struct timer_list {
+ 	void			(*function)(struct timer_list *);
+ 	u32			flags;
+ 
++#ifdef CONFIG_SHORTCUT_FE
++	unsigned long		cust_data;
++#endif
++
+ #ifdef CONFIG_LOCKDEP
+ 	struct lockdep_map	lockdep_map;
+ #endif
+diff --git a/include/net/netfilter/nf_conntrack_ecache.h b/include/net/netfilter/nf_conntrack_ecache.h
+index c45657013..3c02392ea 100644
+--- a/include/net/netfilter/nf_conntrack_ecache.h
++++ b/include/net/netfilter/nf_conntrack_ecache.h
+@@ -86,6 +86,8 @@ struct nf_ct_event_notifier {
+ #ifdef CONFIG_NF_CONNTRACK_CHAIN_EVENTS
+ extern int nf_conntrack_register_notifier(struct net *net, struct notifier_block *nb);
+ extern int nf_conntrack_unregister_notifier(struct net *net, struct notifier_block *nb);
++extern int nf_conntrack_register_chain_notifier(struct net *net, struct notifier_block *nb);
++extern int nf_conntrack_unregister_chain_notifier(struct net *net, struct notifier_block *nb);
+ #else
+ int nf_conntrack_register_notifier(struct net *net,
+ 				   const struct nf_ct_event_notifier *nb);
+diff --git a/net/Kconfig b/net/Kconfig
+index fb13460c6..2e926a2ed 100644
+--- a/net/Kconfig
++++ b/net/Kconfig
+@@ -447,6 +447,9 @@ config FAILOVER
+ 	  migration of VMs with direct attached VFs by failing over to the
+ 	  paravirtual datapath when the VF is unplugged.
+ 
++config SHORTCUT_FE
++	bool "Enables kernel network stack path for Shortcut  Forwarding Engine"
++
+ config ETHTOOL_NETLINK
+ 	bool "Netlink interface for ethtool"
+ 	default y
+diff --git a/net/bridge/br_if.c b/net/bridge/br_if.c
+index 4a02f8bb2..8a85ab557 100644
+--- a/net/bridge/br_if.c
++++ b/net/bridge/br_if.c
+@@ -773,6 +773,28 @@ void br_port_flags_change(struct net_bridge_port *p, unsigned long mask)
+ 		br_recalculate_neigh_suppress_enabled(br);
+ }
+ 
++void br_dev_update_stats(struct net_device *dev,
++			 struct rtnl_link_stats64 *nlstats)
++{
++	
++	struct pcpu_sw_netstats *stats;
++
++	/* Is this a bridge? */
++	if (!(dev->priv_flags & IFF_EBRIDGE))
++		return;
++
++	
++	stats = this_cpu_ptr(dev->tstats);
++
++	u64_stats_update_begin(&stats->syncp);
++	stats->rx_packets += nlstats->rx_packets;
++	stats->rx_bytes += nlstats->rx_bytes;
++	stats->tx_packets += nlstats->tx_packets;
++	stats->tx_bytes += nlstats->tx_bytes;
++	u64_stats_update_end(&stats->syncp);
++}
++EXPORT_SYMBOL_GPL(br_dev_update_stats);
++
+ bool br_port_flag_is_set(const struct net_device *dev, unsigned long flag)
+ {
+ 	struct net_bridge_port *p;
+diff --git a/net/core/dev.c b/net/core/dev.c
+index e0878a500..4a9846b64 100644
+--- a/net/core/dev.c
++++ b/net/core/dev.c
+@@ -3574,9 +3574,17 @@ static int xmit_one(struct sk_buff *skb, struct net_device *dev,
+ {
+ 	unsigned int len;
+ 	int rc;
+-
++#ifdef CONFIG_SHORTCUT_FE
++	/* If this skb has been fast forwarded then we don't want it to
++	 * go to any taps (by definition we're trying to bypass them).
++	 */
++	if (!skb->fast_forwarded) {
++#endif
+ 	if (dev_nit_active(dev))
+ 		dev_queue_xmit_nit(skb, dev);
++#ifdef CONFIG_SHORTCUT_FE
++	}
++#endif
+ 
+ #ifdef CONFIG_ETHERNET_PACKET_MANGLE
+ 	if (dev->eth_mangle_tx && !(skb = dev->eth_mangle_tx(dev, skb)))
+@@ -5198,6 +5205,11 @@ void netdev_rx_handler_unregister(struct net_device *dev)
+ }
+ EXPORT_SYMBOL_GPL(netdev_rx_handler_unregister);
+ 
++#ifdef CONFIG_SHORTCUT_FE
++int (*athrs_fast_nat_recv)(struct sk_buff *skb) __rcu __read_mostly;
++EXPORT_SYMBOL_GPL(athrs_fast_nat_recv);
++#endif
++
+ /*
+  * Limit the use of PFMEMALLOC reserves to those protocols that implement
+  * the special handling of PFMEMALLOC skbs.
+@@ -5246,6 +5258,10 @@ static int __netif_receive_skb_core(struct sk_buff **pskb, bool pfmemalloc,
+ 	int ret = NET_RX_DROP;
+ 	__be16 type;
+ 
++#ifdef CONFIG_SHORTCUT_FE
++	int (*fast_recv)(struct sk_buff *skb);
++#endif
++
+ 	net_timestamp_check(!netdev_tstamp_prequeue, skb);
+ 
+ 	trace_netif_receive_skb(skb);
+@@ -5283,6 +5299,15 @@ another_round:
+ 			goto out;
+ 	}
+ 
++#ifdef CONFIG_SHORTCUT_FE
++	fast_recv = rcu_dereference(athrs_fast_nat_recv);
++	if (fast_recv) {
++		if (fast_recv(skb)) {
++			ret = NET_RX_SUCCESS;
++			goto out;
++		}
++	}
++#endif
+ 	if (skb_skip_tc_classify(skb))
+ 		goto skip_classify;
+ 
+diff --git a/net/netfilter/nf_conntrack_ecache.c b/net/netfilter/nf_conntrack_ecache.c
+index 9d8075db0..fc49b77e4 100644
+--- a/net/netfilter/nf_conntrack_ecache.c
++++ b/net/netfilter/nf_conntrack_ecache.c
+@@ -149,12 +149,23 @@ static int __nf_conntrack_eventmask_report(struct nf_conntrack_ecache *e,
+ 	rcu_read_lock();
+ 
+ 	notify = rcu_dereference(net->ct.nf_conntrack_event_cb);
+-	if (!notify) {
++#ifdef CONFIG_NF_CONNTRACK_CHAIN_EVENTS
++	if (!notify && !rcu_dereference_raw(net->ct.nf_conntrack_chain.head))
++#else
++	if (!notify) 
++#endif
++	{
+ 		rcu_read_unlock();
+ 		return 0;
+ 	}
+-
++#ifdef CONFIG_NF_CONNTRACK_CHAIN_EVENTS
++		ret = atomic_notifier_call_chain(&net->ct.nf_conntrack_chain,
++			events | missed, &item);
++		if (notify)
++			ret = notify->ct_event(events | missed, item);
++#else
+ 	ret = notify->ct_event(events | missed, item);
++#endif
+ 	rcu_read_unlock();
+ 
+ 	if (likely(ret >= 0 && missed == 0))
+@@ -345,6 +356,11 @@ int nf_conntrack_register_notifier(struct net *net,
+ {
+ 	return atomic_notifier_chain_register(&net->ct.nf_conntrack_chain, nb);
+ }
++int nf_conntrack_register_chain_notifier(struct net *net, struct notifier_block *nb)
++{
++	return atomic_notifier_chain_register(&net->ct.nf_conntrack_chain, nb);
++}
++EXPORT_SYMBOL_GPL(nf_conntrack_register_chain_notifier);
+ #else
+ int nf_conntrack_register_notifier(struct net *net,
+ 				    const struct nf_ct_event_notifier *new)
+@@ -375,6 +391,11 @@ int nf_conntrack_unregister_notifier(struct net *net, struct notifier_block *nb)
+ {
+ 	return atomic_notifier_chain_unregister(&net->ct.nf_conntrack_chain, nb);
+ }
++int nf_conntrack_unregister_chain_notifier(struct net *net, struct notifier_block *nb)
++{
++	return atomic_notifier_chain_unregister(&net->ct.nf_conntrack_chain, nb);
++}
++EXPORT_SYMBOL_GPL(nf_conntrack_unregister_chain_notifier);
+ #else
+ void nf_conntrack_unregister_notifier(struct net *net)
+ {