diff --git a/package/lean/luci-app-turboacc/Makefile b/package/lean/luci-app-turboacc/Makefile index 063a10a9e..2870960e1 100644 --- a/package/lean/luci-app-turboacc/Makefile +++ b/package/lean/luci-app-turboacc/Makefile @@ -16,7 +16,8 @@ PKG_CONFIG_DEPENDS:= \ CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_DNSFORWARDER \ CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_DNSPROXY \ CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_OFFLOADING \ - CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_SHORTCUT_FE + CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_SHORTCUT_FE \ + CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_SHORTCUT_FE_DRV LUCI_TITLE:=LuCI support for Flow Offload / Shortcut-FE LUCI_PKGARCH:=all @@ -25,7 +26,8 @@ LUCI_DEPENDS:=+pdnsd-alt \ +PACKAGE_$(PKG_NAME)_INCLUDE_DNSFORWARDER:dnsforwarder \ +PACKAGE_$(PKG_NAME)_INCLUDE_DNSPROXY:dnsproxy \ +PACKAGE_$(PKG_NAME)_INCLUDE_OFFLOADING:kmod-ipt-offload \ - +PACKAGE_$(PKG_NAME)_INCLUDE_SHORTCUT_FE:kmod-fast-classifier + +PACKAGE_$(PKG_NAME)_INCLUDE_SHORTCUT_FE:kmod-shortcut-fe-cm \ + +PACKAGE_$(PKG_NAME)_INCLUDE_SHORTCUT_FE_DRV:kmod-shortcut-fe-drv define Package/$(PKG_NAME)/config config PACKAGE_$(PKG_NAME)_INCLUDE_OFFLOADING @@ -33,6 +35,11 @@ config PACKAGE_$(PKG_NAME)_INCLUDE_OFFLOADING depends on PACKAGE_$(PKG_NAME)_INCLUDE_SHORTCUT_FE=n default y if i386||x86_64||TARGET_ramips +config PACKAGE_$(PKG_NAME)_INCLUDE_SHORTCUT_FE_DRV + bool "Include Shortcut-FE for ECM" + depends on PACKAGE_$(PKG_NAME)_INCLUDE_SHORTCUT_FE=n + default y if (TARGET_ipq806x||TARGET_ipq807x) + config PACKAGE_$(PKG_NAME)_INCLUDE_SHORTCUT_FE bool "Include Shortcut-FE" default y if !(TARGET_ipq806x||TARGET_ipq807x||TARGET_ramips) diff --git a/package/lean/luci-app-turboacc/luasrc/model/cbi/turboacc.lua b/package/lean/luci-app-turboacc/luasrc/model/cbi/turboacc.lua index a1a26196f..4d2e4571d 100644 --- a/package/lean/luci-app-turboacc/luasrc/model/cbi/turboacc.lua +++ b/package/lean/luci-app-turboacc/luasrc/model/cbi/turboacc.lua @@ -24,25 +24,13 @@ hw_flow.description = translate("Requires hardware NAT support. Implemented at l hw_flow:depends("sw_flow", 1) end -if nixio.fs.access("/lib/modules/" .. kernel_version .. "/fast-classifier.ko") then +if nixio.fs.access("/lib/modules/" .. kernel_version .. "/shortcut-fe-cm.ko") then sfe_flow = s:option(Flag, "sfe_flow", translate("Shortcut-FE flow offloading")) sfe_flow.default = 0 sfe_flow.description = translate("Shortcut-FE based offloading for routing/NAT") sfe_flow:depends("sw_flow", 0) end -sfe_bridge = s:option(Flag, "sfe_bridge", translate("Bridge Acceleration")) -sfe_bridge.default = 0 -sfe_bridge.description = translate("Enable Bridge Acceleration (may be functional conflict with bridge-mode VPN server)") -sfe_bridge:depends("sfe_flow", 1) - -if nixio.fs.access("/proc/sys/net/ipv6") then -sfe_ipv6 = s:option(Flag, "sfe_ipv6", translate("IPv6 Acceleration")) -sfe_ipv6.default = 0 -sfe_ipv6.description = translate("Enable IPv6 Acceleration") -sfe_ipv6:depends("sfe_flow", 1) -end - if nixio.fs.access("/lib/modules/" .. kernel_version .. "/tcp_bbr.ko") then bbr_cca = s:option(Flag, "bbr_cca", translate("BBR CCA")) bbr_cca.default = 0 diff --git a/package/lean/luci-app-turboacc/root/etc/config/turboacc b/package/lean/luci-app-turboacc/root/etc/config/turboacc index 71135e188..a2d4c0bdf 100644 --- a/package/lean/luci-app-turboacc/root/etc/config/turboacc +++ b/package/lean/luci-app-turboacc/root/etc/config/turboacc @@ -3,8 +3,6 @@ config turboacc 'config' option sw_flow '1' option hw_flow '1' option sfe_flow '1' - option sfe_bridge '1' - option sfe_ipv6 '0' option fullcone_nat '1' option bbr_cca '0' option dns_caching '0' diff --git a/package/lean/luci-app-turboacc/root/etc/init.d/turboacc b/package/lean/luci-app-turboacc/root/etc/init.d/turboacc index 0d595568a..0c2814cb1 100755 --- a/package/lean/luci-app-turboacc/root/etc/init.d/turboacc +++ b/package/lean/luci-app-turboacc/root/etc/init.d/turboacc @@ -15,8 +15,6 @@ inital_conf(){ config_get "sw_flow" "config" "sw_flow" "0" config_get "hw_flow" "config" "hw_flow" "0" config_get "sfe_flow" "config" "sfe_flow" "0" - config_get "sfe_bridge" "config" "sfe_bridge" "0" - config_get "sfe_ipv6" "config" "sfe_ipv6" "0" config_get "bbr_cca" "config" "bbr_cca" "0" config_get "fullcone_nat" "config" "fullcone_nat" "0" config_get "dns_caching" "config" "dns_caching" "0" @@ -24,7 +22,7 @@ inital_conf(){ config_get "dns_caching_dns" "config" "dns_caching_dns" [ ! -e "/lib/modules/$(uname -r)/xt_FLOWOFFLOAD.ko" ] && { sw_flow="0"; hw_flow="0"; } - [ ! -e "/lib/modules/$(uname -r)/fast-classifier.ko" ] && { sfe_flow="0"; sfe_bridge="0"; sfe_ipv6="0"; } + [ ! -e "/lib/modules/$(uname -r)/shortcut-fe-cm.ko" ] && sfe_flow="0" [ ! -e "/lib/modules/$(uname -r)/tcp_bbr.ko" ] && bbr_cca="0" [ ! -e "/lib/modules/$(uname -r)/xt_FULLCONENAT.ko" ] && fullcone_nat="0" } @@ -233,13 +231,10 @@ start(){ uci commit firewall [ "${sw_flow}" -ne "1" ] && [ "${sfe_flow}" -eq "1" ] && { - lsmod | grep -q fast_classifier || modprobe fast_classifier 2>"/dev/null" - echo "${sfe_bridge}" > "/sys/fast_classifier/skip_to_bridge_ingress" 2>"/dev/null" - if [ "${sfe_ipv6}" -eq "1" ]; then - [ ! -e "/dev/sfe_ipv6" ] && mknod "/dev/sfe_ipv6" "c" "$(cat "/sys/sfe_ipv6/debug_dev")" "0" - else - rm -f "/dev/sfe_ipv6" - fi + [ "$(have_ecm_init)" = "0" ] && { + /etc/init.d/shortcut-fe enabled && /etc/init.d/shortcut-fe disable + /etc/init.d/shortcut-fe start + } } if [ "${bbr_cca}" -eq "1" ]; then @@ -283,9 +278,7 @@ stop(){ uci commit firewall [ "${sfe_flow}" -ne "1" ] && { - echo "0" > "/sys/fast_classifier/skip_to_bridge_ingress" 2>"/dev/null" - rm -f "/dev/sfe_ipv6" - rmmod "fast_classifier" 2>"/dev/null" + [ "$(have_ecm_init)" = "0" ] && /etc/init.d/shortcut-fe stop 2>"/dev/null" } stop_dnscache @@ -305,6 +298,10 @@ restart(){ /etc/init.d/firewall restart >"/dev/null" 2>&1 } +have_ecm_init() { + [ -d "/etc/init.d/qca-nss-ecm" ] && echo 1 && return + echo 0 +} check_status(){ case "$1" in @@ -313,9 +310,14 @@ check_status(){ echo -n "Flow Offloading" exit 0 elif lsmod | grep -q "ecm"; then - echo -n "QCA-NSS-ECM" - exit 0 - elif lsmod | grep -q "fast_classifier"; then + if lsmod | grep -q "shortcut_fe_drv"; then + echo -n "QCA-NSS-ECM-SFE" + exit 0 + else + echo -n "QCA-NSS-ECM" + exit 0 + fi + elif lsmod | grep -q "shortcut_fe_cm"; then echo -n "Shortcut-FE" exit 0 else diff --git a/package/lean/shortcut-fe/fast-classifier/Makefile b/package/lean/shortcut-fe/fast-classifier/Makefile index 29d024e7b..75fdb5d7b 100644 --- a/package/lean/shortcut-fe/fast-classifier/Makefile +++ b/package/lean/shortcut-fe/fast-classifier/Makefile @@ -1,3 +1,17 @@ +# +# Copyright (c) 2013-2018 The Linux Foundation. All rights reserved. +# Permission to use, copy, modify, and/or distribute this software for +# any purpose with or without fee is hereby granted, provided that the +# above copyright notice and this permission notice appear in all copies. +# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT +# OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +# + include $(TOPDIR)/rules.mk include $(INCLUDE_DIR)/kernel.mk @@ -14,8 +28,11 @@ define KernelPackage/$(PKG_NAME)/Default DEPENDS:=+kmod-ipt-conntrack +kmod-shortcut-fe TITLE:=Kernel driver for FAST Classifier FILES:=$(PKG_BUILD_DIR)/fast-classifier.ko - KCONFIG:=CONFIG_NF_CONNTRACK_CHAIN_EVENTS=y CONFIG_NF_CONNTRACK_MARK=y - PROVIDES:=$(PKG_NAME) + KCONFIG:=CONFIG_NF_CONNTRACK_EVENTS=y \ + CONFIG_NF_CONNTRACK_CHAIN_EVENTS=y \ + CONFIG_NF_CONNTRACK_MARK=y \ + CONFIG_XFRM=y + CONFLICTS:=kmod-shortcut-fe-drv kmod-shortcut-fe-cm endef define KernelPackage/$(PKG_NAME) @@ -51,6 +68,8 @@ classifier kernel module endef SFE_MAKE_OPTS:=SFE_SUPPORT_IPV6=$(if $(CONFIG_IPV6),y,n) +HAVE_ECM:=$(CONFIG_PACKAGE_kmod-qca-nss-ecm-premium)$(CONFIG_PACKAGE_kmod-qca-nss-ecm-noload)$(CONFIG_PACKAGE_kmod-qca-nss-ecm-premium-noload)$(CONFIG_PACKAGE_kmod-qca-nss-ecm-standard) + define Build/Compile/kmod +$(MAKE) $(PKG_JOBS) -C "$(LINUX_DIR)" $(SFE_MAKE_OPTS) \ @@ -58,6 +77,7 @@ define Build/Compile/kmod $(PKG_MAKE_FLAGS) \ M="$(PKG_BUILD_DIR)" \ CONFIG_FAST_CLASSIFIER=m \ + $(if $(HAVE_ECM),EXTRA_CFLAGS+="-DCONFIG_SFE_ECM" CONFIG_SFE_ECM=y,) \ EXTRA_CFLAGS="$(EXTRA_CFLAGS)" \ modules endef diff --git a/package/lean/shortcut-fe/fast-classifier/src/fast-classifier.c b/package/lean/shortcut-fe/fast-classifier/src/fast-classifier.c index 160d14091..6671f816d 100644 --- a/package/lean/shortcut-fe/fast-classifier/src/fast-classifier.c +++ b/package/lean/shortcut-fe/fast-classifier/src/fast-classifier.c @@ -1744,8 +1744,11 @@ static int __init fast_classifier_init(void) { struct fast_classifier *sc = &__sc; int result = -1; +#ifdef CONFIG_SFE_ECM + int (*fast_recv)(struct sk_buff *skb); +#endif - printk(KERN_ALERT "fast-classifier (PBR safe v2.1.4a): starting up\n"); + printk(KERN_ALERT "fast-classifier: starting up\n"); DEBUG_INFO("SFE CM init\n"); hash_init(fc_conn_ht); @@ -1810,6 +1813,7 @@ static int __init fast_classifier_init(void) goto exit3; } +#ifdef CONFIG_NF_CONNTRACK_EVENTS /* * Register a notifier hook to get fast notifications of expired connections. */ @@ -1817,12 +1821,14 @@ static int __init fast_classifier_init(void) result = nf_conntrack_register_chain_notifier(&init_net, &fast_classifier_conntrack_notifier); #else result = nf_conntrack_register_notifier(&init_net, &fast_classifier_conntrack_notifier); +#endif if (result < 0) { DEBUG_ERROR("can't register nf notifier hook: %d\n", result); goto exit4; } #endif + #if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 10, 0)) result = genl_register_family(&fast_classifier_gnl_family); if (result) { @@ -1865,7 +1871,16 @@ static int __init fast_classifier_init(void) /* * Hook the receive path in the network stack. */ +#ifdef CONFIG_SFE_ECM + rcu_read_lock(); + fast_recv = rcu_dereference(athrs_fast_nat_recv); + rcu_read_unlock(); + if (!fast_recv) { + BUG_ON(athrs_fast_nat_recv); + } +#else BUG_ON(athrs_fast_nat_recv); +#endif RCU_INIT_POINTER(athrs_fast_nat_recv, fast_classifier_recv); /* @@ -1974,3 +1989,4 @@ module_exit(fast_classifier_exit) MODULE_DESCRIPTION("Shortcut Forwarding Engine - Connection Manager"); MODULE_LICENSE("Dual BSD/GPL"); + diff --git a/package/lean/shortcut-fe/shortcut-fe/Makefile b/package/lean/shortcut-fe/shortcut-fe/Makefile index 148cfda12..2d7e3a377 100644 --- a/package/lean/shortcut-fe/shortcut-fe/Makefile +++ b/package/lean/shortcut-fe/shortcut-fe/Makefile @@ -1,5 +1,5 @@ # -# Copyright (c) 2014 The Linux Foundation. All rights reserved. +# Copyright (c) 2013-2018, 2020 The Linux Foundation. All rights reserved. # Permission to use, copy, modify, and/or distribute this software for # any purpose with or without fee is hereby granted, provided that the # above copyright notice and this permission notice appear in all copies. @@ -31,7 +31,7 @@ define KernelPackage/shortcut-fe CONFIG_NF_CONNTRACK_TIMEOUT=y \ CONFIG_SHORTCUT_FE=y \ CONFIG_XFRM=y - AUTOLOAD:=$(call AutoLoad,09,shortcut-fe shortcut-fe-ipv6) + PROVIDES:=$(PKG_NAME) endef define KernelPackage/shortcut-fe/Description @@ -39,10 +39,14 @@ Shortcut is an in-Linux-kernel IP packet forwarding engine. endef define KernelPackage/shortcut-fe/install + $(INSTALL_DIR) $(1)/etc/init.d + $(INSTALL_BIN) ./files/etc/init.d/shortcut-fe $(1)/etc/init.d $(INSTALL_DIR) $(1)/usr/bin $(INSTALL_BIN) ./files/usr/bin/sfe_dump $(1)/usr/bin endef +HAVE_ECM:=$(CONFIG_PACKAGE_kmod-qca-nss-ecm-premium)$(CONFIG_PACKAGE_kmod-qca-nss-ecm-noload)$(CONFIG_PACKAGE_kmod-qca-nss-ecm-premium-noload)$(CONFIG_PACKAGE_kmod-qca-nss-ecm-standard) + define KernelPackage/shortcut-fe-cm SECTION:=kernel CATEGORY:=Kernel modules @@ -50,7 +54,10 @@ define KernelPackage/shortcut-fe-cm DEPENDS:=+kmod-ipt-conntrack +kmod-shortcut-fe TITLE:=Kernel driver for SFE FILES:=$(PKG_BUILD_DIR)/shortcut-fe-cm.ko - KCONFIG:=CONFIG_NF_CONNTRACK_CHAIN_EVENTS=y + KCONFIG:=CONFIG_NF_CONNTRACK_CHAIN_EVENTS=y \ + CONFIG_NF_CONNTRACK_EVENTS=y \ + CONFIG_XFRM=y + CONFLICTS:=kmod-shortcut-fe-drv endef define KernelPackage/shortcut-fe-cm/Description @@ -58,12 +65,13 @@ Simple connection manager for the Shortcut forwarding engine. endef define Build/Compile - +$(MAKE) $(PKG_JOBS) -C "$(LINUX_DIR)" \ + $(MAKE) $(PKG_JOBS) -C "$(LINUX_DIR)" \ $(KERNEL_MAKE_FLAGS) \ $(PKG_MAKE_FLAGS) \ M="$(PKG_BUILD_DIR)" \ - modules \ - $(if $(CONFIG_IPV6),EXTRA_CFLAGS="-DSFE_SUPPORT_IPV6" SFE_SUPPORT_IPV6=y,) + $(if $(CONFIG_IPV6),EXTRA_CFLAGS+="-DSFE_SUPPORT_IPV6" SFE_SUPPORT_IPV6=y,) \ + $(if $(HAVE_ECM),EXTRA_CFLAGS+="-DCONFIG_SFE_ECM" CONFIG_SFE_ECM=y,) \ + modules endef ifneq ($(CONFIG_PACKAGE_kmod-shortcut-fe)$(CONFIG_PACKAGE_kmod-shortcut-fe-cm),) diff --git a/package/lean/shortcut-fe/shortcut-fe/files/etc/init.d/shortcut-fe b/package/lean/shortcut-fe/shortcut-fe/files/etc/init.d/shortcut-fe new file mode 100755 index 000000000..885557015 --- /dev/null +++ b/package/lean/shortcut-fe/shortcut-fe/files/etc/init.d/shortcut-fe @@ -0,0 +1,57 @@ +#!/bin/sh /etc/rc.common +# +# Copyright (c) 2014-2015 The Linux Foundation. All rights reserved. +# Permission to use, copy, modify, and/or distribute this software for +# any purpose with or without fee is hereby granted, provided that the +# above copyright notice and this permission notice appear in all copies. +# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT +# OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +# + +#SFE connection manager has a lower priority, it should be started after other connection manager +#to detect the existence of connection manager with higher priority +START=72 + +have_cm() { + [ -d "/sys/kernel/debug/ecm" ] && echo 1 && return + + echo 0 +} + +load_sfe() { + [ -d "/sys/module/shortcut_fe" ] || insmod shortcut-fe + [ -d "/sys/module/shortcut_fe_ipv6" ] || insmod shortcut-fe-ipv6 +} + +#load shortcut-fe connection manager +load_sfe_cm() { + local kernel_version=$(uname -r) + + #no ecm : + #shortcut-fe-drv.ko is not needed because other connection manager is not enabled + [ -d "/sys/module/shortcut_fe_drv" ] && rmmod shortcut_fe_drv + + [ -e "/lib/modules/$kernel_version/shortcut-fe-cm.ko" ] && { + [ -d /sys/module/shortcut_fe_cm ] || insmod /lib/modules/$kernel_version/shortcut-fe-cm.ko + } + [ -e "/lib/modules/$kernel_version/fast-classifier.ko" ] && { + [ -d /sys/module/fast_classifier ] || insmod /lib/modules/$kernel_version/fast-classifier.ko + } +} + +start() { + [ "$(have_cm)" = "0" ] && load_sfe && load_sfe_cm +} + +stop() { + [ -d "/sys/module/shortcut_fe_drv" ] && rmmod shortcut_fe_drv + [ -d "/sys/module/shortcut_fe_cm" ] && rmmod shortcut_fe_cm + [ -d "/sys/module/fast_classifier" ] && rmmod fast_classifier + [ -d "/sys/module/shortcut_fe_ipv6" ] && rmmod shortcut-fe-ipv6 + [ -d "/sys/module/shortcut_fe" ] && rmmod shortcut-fe +} diff --git a/package/lean/shortcut-fe/shortcut-fe/src/Makefile b/package/lean/shortcut-fe/shortcut-fe/src/Makefile index 3b1ceaa44..991a20ec6 100644 --- a/package/lean/shortcut-fe/shortcut-fe/src/Makefile +++ b/package/lean/shortcut-fe/shortcut-fe/src/Makefile @@ -21,3 +21,4 @@ endif shortcut-fe-cm-objs := \ sfe_cm.o +ccflags-y += -Werror -Wall diff --git a/package/lean/shortcut-fe/shortcut-fe/src/sfe_backport.h b/package/lean/shortcut-fe/shortcut-fe/src/sfe_backport.h index 2f8c8ca3c..d2d60c73c 100644 --- a/package/lean/shortcut-fe/shortcut-fe/src/sfe_backport.h +++ b/package/lean/shortcut-fe/shortcut-fe/src/sfe_backport.h @@ -180,7 +180,7 @@ static inline struct net_device *sfe_dev_get_master(struct net_device *dev) #endif #if (LINUX_VERSION_CODE >= KERNEL_VERSION(3, 4, 0)) -#define sfe_dst_get_neighbour(dst, daddr) dst_neigh_lookup(dst, daddr) +#define sfe_dst_get_neighbour(dst, daddr) dst_neigh_lookup(dst, addr) #else static inline struct neighbour * sfe_dst_get_neighbour(struct dst_entry *dst, void *daddr) diff --git a/package/lean/shortcut-fe/shortcut-fe/src/sfe_cm.c b/package/lean/shortcut-fe/shortcut-fe/src/sfe_cm.c index 18f3475e5..35a32b4cf 100644 --- a/package/lean/shortcut-fe/shortcut-fe/src/sfe_cm.c +++ b/package/lean/shortcut-fe/shortcut-fe/src/sfe_cm.c @@ -2,7 +2,7 @@ * sfe-cm.c * Shortcut forwarding engine connection manager. * - * Copyright (c) 2013-2018 The Linux Foundation. All rights reserved. + * Copyright (c) 2013-2018, 2020 The Linux Foundation. All rights reserved. * Permission to use, copy, modify, and/or distribute this software for * any purpose with or without fee is hereby granted, provided that the * above copyright notice and this permission notice appear in all copies. @@ -220,11 +220,11 @@ static bool sfe_cm_find_dev_and_mac_addr(sfe_ip_addr_t *addr, struct net_device dst = (struct dst_entry *)rt; } else { -#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 17, 0)) - rt6 = rt6_lookup(&init_net, (struct in6_addr *)addr->ip6, 0, 0, NULL, 0); -#else +#if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 17, 0)) rt6 = rt6_lookup(&init_net, (struct in6_addr *)addr->ip6, 0, 0, 0); -#endif /*KERNEL_VERSION(4, 17, 0)*/ +#else + rt6 = rt6_lookup(&init_net, (struct in6_addr *)addr->ip6, 0, 0, NULL, 0); +#endif if (!rt6) { goto ret_fail; } @@ -352,16 +352,18 @@ static unsigned int sfe_cm_post_routing(struct sk_buff *skb, int is_v4) return NF_ACCEPT; } -#if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 12, 0)) /* * Don't process untracked connections. */ +#if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 12, 0)) if (unlikely(nf_ct_is_untracked(ct))) { +#else + if (unlikely(ctinfo == IP_CT_UNTRACKED)) { +#endif sfe_cm_incr_exceptions(SFE_CM_EXCEPTION_CT_NO_TRACK); DEBUG_TRACE("untracked connection\n"); return NF_ACCEPT; } -#endif /*KERNEL_VERSION(4, 12, 0)*/ /* * Unconfirmed connection may be dropped by Linux at the final step, @@ -510,6 +512,21 @@ static unsigned int sfe_cm_post_routing(struct sk_buff *skb, int is_v4) return NF_ACCEPT; } spin_unlock_bh(&ct->lock); + + /* + * Somehow, SFE is not playing nice with IPSec traffic. + * Do not accelerate for now. + */ + if (ntohs(sic.dest_port) == 4500 || ntohs(sic.dest_port) == 500) { + if (likely(is_v4)) + DEBUG_TRACE("IPsec bypass: %pI4:%d(%pI4:%d) to %pI4:%d(%pI4:%d)\n", + &sic.src_ip.ip, ntohs(sic.src_port), &sic.src_ip_xlate.ip, ntohs(sic.src_port_xlate), + &sic.dest_ip.ip, ntohs(sic.dest_port), &sic.dest_ip_xlate.ip, ntohs(sic.dest_port_xlate)); + else + DEBUG_TRACE("IPsec bypass: %pI6:%d to %pI6:%d\n", + &sic.src_ip.ip6, ntohs(sic.src_port), &sic.dest_ip.ip6, ntohs(sic.dest_port)); + return NF_ACCEPT; + } break; case IPPROTO_UDP: @@ -533,10 +550,10 @@ static unsigned int sfe_cm_post_routing(struct sk_buff *skb, int is_v4) * For packets de-capsulated from xfrm, we still can accelerate it * on the direction we just received the packet. */ -#if (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 0, 0)) - if (unlikely(skb_ext_exist(skb, SKB_EXT_SEC_PATH))) { -#else +#if (LINUX_VERSION_CODE < KERNEL_VERSION(5, 0, 0)) if (unlikely(skb->sp)) { +#else + if (unlikely(secpath_exists(skb))) { #endif if (sic.protocol == IPPROTO_TCP && !(sic.flags & SFE_CREATE_FLAG_NO_SEQ_CHECK)) { @@ -688,14 +705,11 @@ static int sfe_cm_conntrack_event(unsigned int events, struct nf_ct_event *item) } #if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 12, 0)) - /* - * If this is an untracked connection then we can't have any state either. - */ if (unlikely(nf_ct_is_untracked(ct))) { DEBUG_TRACE("ignoring untracked conn\n"); return NOTIFY_DONE; } -#endif /*KERNEL_VERSION(4, 12, 0)*/ +#endif /* * We're only interested in destroy events. @@ -825,18 +839,17 @@ static void sfe_cm_sync_rule(struct sfe_connection_sync *sis) ct = nf_ct_tuplehash_to_ctrack(h); #if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 9, 0)) NF_CT_ASSERT(ct->timeout.data == (unsigned long)ct); -#endif /*KERNEL_VERSION(4, 9, 0)*/ - +#endif /* * Only update if this is not a fixed timeout */ if (!test_bit(IPS_FIXED_TIMEOUT_BIT, &ct->status)) { spin_lock_bh(&ct->lock); -#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 9, 0)) - ct->timeout += sis->delta_jiffies; -#else +#if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 9, 0)) ct->timeout.expires += sis->delta_jiffies; -#endif /*KERNEL_VERSION(4, 9, 0)*/ +#else + ct->timeout += sis->delta_jiffies; +#endif spin_unlock_bh(&ct->lock); } @@ -891,26 +904,26 @@ static void sfe_cm_sync_rule(struct sfe_connection_sync *sis) if (reply_pkts != 0) { unsigned int *timeouts; - + struct nf_conntrack_l4proto *l4proto __maybe_unused; set_bit(IPS_SEEN_REPLY_BIT, &ct->status); set_bit(IPS_ASSURED_BIT, &ct->status); -#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 19, 0)) - timeouts = nf_ct_timeout_lookup(ct); -#else - struct nf_conntrack_l4proto *l4proto; - +#if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 19, 0)) l4proto = __nf_ct_l4proto_find((sis->is_v6 ? AF_INET6 : AF_INET), IPPROTO_UDP); timeouts = nf_ct_timeout_lookup(&init_net, ct, l4proto); -#endif /*KERNEL_VERSION(4, 19, 0)*/ + spin_lock_bh(&ct->lock); + ct->timeout.expires = jiffies + timeouts[UDP_CT_REPLIED]; + spin_unlock_bh(&ct->lock); +#else + timeouts = nf_ct_timeout_lookup(ct); + if (!timeouts) { + timeouts = udp_get_timeouts(nf_ct_net(ct)); + } spin_lock_bh(&ct->lock); -#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 9, 0)) ct->timeout = jiffies + timeouts[UDP_CT_REPLIED]; -#else - ct->timeout.expires = jiffies + timeouts[UDP_CT_REPLIED]; -#endif /*KERNEL_VERSION(4, 9, 0)*/ spin_unlock_bh(&ct->lock); +#endif } } break; @@ -1001,6 +1014,9 @@ static int __init sfe_cm_init(void) { struct sfe_cm *sc = &__sc; int result = -1; +#ifdef CONFIG_SFE_ECM + int (*fast_recv)(struct sk_buff *skb); +#endif DEBUG_INFO("SFE CM init\n"); @@ -1036,7 +1052,11 @@ static int __init sfe_cm_init(void) /* * Register our netfilter hooks. */ +#if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 13, 0)) + result = nf_register_hooks(sfe_cm_ops_post_routing, ARRAY_SIZE(sfe_cm_ops_post_routing)); +#else result = nf_register_net_hooks(&init_net, sfe_cm_ops_post_routing, ARRAY_SIZE(sfe_cm_ops_post_routing)); +#endif if (result < 0) { DEBUG_ERROR("can't register nf post routing hook: %d\n", result); goto exit3; @@ -1049,22 +1069,30 @@ static int __init sfe_cm_init(void) */ #ifdef CONFIG_NF_CONNTRACK_EVENTS #ifdef CONFIG_NF_CONNTRACK_CHAIN_EVENTS - (void)nf_conntrack_register_chain_notifier(&init_net, &sfe_cm_conntrack_notifier); + result = nf_conntrack_register_chain_notifier(&init_net, &sfe_cm_conntrack_notifier); #else result = nf_conntrack_register_notifier(&init_net, &sfe_cm_conntrack_notifier); +#endif if (result < 0) { DEBUG_ERROR("can't register nf notifier hook: %d\n", result); goto exit4; } #endif -#endif - spin_lock_init(&sc->lock); /* * Hook the receive path in the network stack. */ +#ifdef CONFIG_SFE_ECM + rcu_read_lock(); + fast_recv = rcu_dereference(athrs_fast_nat_recv); + rcu_read_unlock(); + if (!fast_recv) { + BUG_ON(athrs_fast_nat_recv); + } +#else BUG_ON(athrs_fast_nat_recv); +#endif RCU_INIT_POINTER(athrs_fast_nat_recv, sfe_cm_recv); /* @@ -1075,10 +1103,15 @@ static int __init sfe_cm_init(void) return 0; #ifdef CONFIG_NF_CONNTRACK_EVENTS -#ifndef CONFIG_NF_CONNTRACK_CHAIN_EVENTS exit4: +#ifdef CONFIG_NF_CONNTRACK_CHAIN_EVENTS +#if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 13, 0)) + nf_unregister_hooks(sfe_cm_ops_post_routing, ARRAY_SIZE(sfe_cm_ops_post_routing)); +#else nf_unregister_net_hooks(&init_net, sfe_cm_ops_post_routing, ARRAY_SIZE(sfe_cm_ops_post_routing)); #endif + +#endif #endif exit3: unregister_inet6addr_notifier(&sc->inet6_notifier); @@ -1129,8 +1162,12 @@ static void __exit sfe_cm_exit(void) nf_conntrack_unregister_notifier(&init_net, &sfe_cm_conntrack_notifier); #endif #endif - nf_unregister_net_hooks(&init_net, sfe_cm_ops_post_routing, ARRAY_SIZE(sfe_cm_ops_post_routing)); +#if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 13, 0)) + nf_unregister_hooks(sfe_cm_ops_post_routing, ARRAY_SIZE(sfe_cm_ops_post_routing)); +#else + nf_unregister_net_hooks(&init_net, sfe_cm_ops_post_routing, ARRAY_SIZE(sfe_cm_ops_post_routing)); +#endif unregister_inet6addr_notifier(&sc->inet6_notifier); unregister_inetaddr_notifier(&sc->inet_notifier); unregister_netdevice_notifier(&sc->dev_notifier); diff --git a/package/lean/shortcut-fe/shortcut-fe/src/sfe_ipv4.c b/package/lean/shortcut-fe/shortcut-fe/src/sfe_ipv4.c index 531456c05..cdcdd66dd 100644 --- a/package/lean/shortcut-fe/shortcut-fe/src/sfe_ipv4.c +++ b/package/lean/shortcut-fe/shortcut-fe/src/sfe_ipv4.c @@ -2,7 +2,7 @@ * sfe_ipv4.c * Shortcut forwarding engine - IPv4 edition. * - * Copyright (c) 2013-2016, 2019, The Linux Foundation. All rights reserved. + * Copyright (c) 2013-2016, 2019-2020 The Linux Foundation. All rights reserved. * Permission to use, copy, modify, and/or distribute this software for * any purpose with or without fee is hereby granted, provided that the * above copyright notice and this permission notice appear in all copies. @@ -1311,14 +1311,13 @@ static int sfe_ipv4_recv_udp(struct sfe_ipv4 *si, struct sk_buff *skb, struct ne * change the cloned skb's data section. */ if (unlikely(skb_cloned(skb))) { - DEBUG_TRACE("%p: skb is a cloned skb\n", skb); + DEBUG_TRACE("%px: skb is a cloned skb\n", skb); skb = skb_unshare(skb, GFP_ATOMIC); if (!skb) { DEBUG_WARN("Failed to unshare the cloned skb\n"); si->exception_events[SFE_IPV4_EXCEPTION_EVENT_CLONED_SKB_UNSHARE_ERROR]++; si->packets_not_forwarded++; spin_unlock_bh(&si->lock); - return 0; } @@ -1891,14 +1890,13 @@ static int sfe_ipv4_recv_tcp(struct sfe_ipv4 *si, struct sk_buff *skb, struct ne * change the cloned skb's data section. */ if (unlikely(skb_cloned(skb))) { - DEBUG_TRACE("%p: skb is a cloned skb\n", skb); + DEBUG_TRACE("%px: skb is a cloned skb\n", skb); skb = skb_unshare(skb, GFP_ATOMIC); if (!skb) { DEBUG_WARN("Failed to unshare the cloned skb\n"); si->exception_events[SFE_IPV4_EXCEPTION_EVENT_CLONED_SKB_UNSHARE_ERROR]++; si->packets_not_forwarded++; spin_unlock_bh(&si->lock); - return 0; } @@ -2512,7 +2510,7 @@ int sfe_ipv4_create_rule(struct sfe_connection_create *sic) spin_unlock_bh(&si->lock); DEBUG_TRACE("connection already exists - mark: %08x, p: %d\n" - " s: %s:%pM:%pI4:%u, d: %s:%pM:%pI4:%u\n", + " s: %s:%pxM:%pI4:%u, d: %s:%pxM:%pI4:%u\n", sic->mark, sic->protocol, sic->src_dev->name, sic->src_mac, &sic->src_ip.ip, ntohs(sic->src_port), sic->dest_dev->name, sic->dest_mac, &sic->dest_ip.ip, ntohs(sic->dest_port)); @@ -2728,8 +2726,8 @@ int sfe_ipv4_create_rule(struct sfe_connection_create *sic) * We have everything we need! */ DEBUG_INFO("new connection - mark: %08x, p: %d\n" - " s: %s:%pM(%pM):%pI4(%pI4):%u(%u)\n" - " d: %s:%pM(%pM):%pI4(%pI4):%u(%u)\n", + " s: %s:%pxM(%pxM):%pI4(%pI4):%u(%u)\n" + " d: %s:%pxM(%pxM):%pI4(%pI4):%u(%u)\n", sic->mark, sic->protocol, sic->src_dev->name, sic->src_mac, sic->src_mac_xlate, &sic->src_ip.ip, &sic->src_ip_xlate.ip, ntohs(sic->src_port), ntohs(sic->src_port_xlate), @@ -2858,17 +2856,17 @@ another_round: /* * sfe_ipv4_periodic_sync() */ -#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 15, 0)) -static void sfe_ipv4_periodic_sync(struct timer_list *arg) -#else +#if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 15, 0)) static void sfe_ipv4_periodic_sync(unsigned long arg) -#endif /*KERNEL_VERSION(4, 15, 0)*/ -{ -#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 15, 0)) - struct sfe_ipv4 *si = (struct sfe_ipv4 *)arg->cust_data; #else +static void sfe_ipv4_periodic_sync(struct timer_list *tl) +#endif +{ +#if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 15, 0)) struct sfe_ipv4 *si = (struct sfe_ipv4 *)arg; -#endif /*KERNEL_VERSION(4, 15, 0)*/ +#else + struct sfe_ipv4 *si = from_timer(si, tl, timer); +#endif u64 now_jiffies; int quota; sfe_sync_rule_callback_t sync_rule_callback; @@ -3547,12 +3545,11 @@ static int __init sfe_ipv4_init(void) /* * Create a timer to handle periodic statistics. */ -#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 15, 0)) - timer_setup(&si->timer, sfe_ipv4_periodic_sync, 0); - si->timer.cust_data = (unsigned long)si; -#else +#if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 15, 0)) setup_timer(&si->timer, sfe_ipv4_periodic_sync, (unsigned long)si); -#endif /*KERNEL_VERSION(4, 15, 0)*/ +#else + timer_setup(&si->timer, sfe_ipv4_periodic_sync, 0); +#endif mod_timer(&si->timer, jiffies + ((HZ + 99) / 100)); spin_lock_init(&si->lock); diff --git a/package/lean/shortcut-fe/shortcut-fe/src/sfe_ipv6.c b/package/lean/shortcut-fe/shortcut-fe/src/sfe_ipv6.c index 3c5ef1263..ae3306693 100644 --- a/package/lean/shortcut-fe/shortcut-fe/src/sfe_ipv6.c +++ b/package/lean/shortcut-fe/shortcut-fe/src/sfe_ipv6.c @@ -2,7 +2,7 @@ * sfe_ipv6.c * Shortcut forwarding engine - IPv6 support. * - * Copyright (c) 2015-2016, 2019, The Linux Foundation. All rights reserved. + * Copyright (c) 2015-2016, 2019-2020 The Linux Foundation. All rights reserved. * Permission to use, copy, modify, and/or distribute this software for * any purpose with or without fee is hereby granted, provided that the * above copyright notice and this permission notice appear in all copies. @@ -1369,14 +1369,13 @@ static int sfe_ipv6_recv_udp(struct sfe_ipv6 *si, struct sk_buff *skb, struct ne * change the cloned skb's data section. */ if (unlikely(skb_cloned(skb))) { - DEBUG_TRACE("%p: skb is a cloned skb\n", skb); + DEBUG_TRACE("%px: skb is a cloned skb\n", skb); skb = skb_unshare(skb, GFP_ATOMIC); if (!skb) { DEBUG_WARN("Failed to unshare the cloned skb\n"); si->exception_events[SFE_IPV6_EXCEPTION_EVENT_CLONED_SKB_UNSHARE_ERROR]++; si->packets_not_forwarded++; spin_unlock_bh(&si->lock); - return 0; } @@ -1929,14 +1928,13 @@ static int sfe_ipv6_recv_tcp(struct sfe_ipv6 *si, struct sk_buff *skb, struct ne * change the cloned skb's data section. */ if (unlikely(skb_cloned(skb))) { - DEBUG_TRACE("%p: skb is a cloned skb\n", skb); + DEBUG_TRACE("%px: skb is a cloned skb\n", skb); skb = skb_unshare(skb, GFP_ATOMIC); if (!skb) { DEBUG_WARN("Failed to unshare the cloned skb\n"); si->exception_events[SFE_IPV6_EXCEPTION_EVENT_CLONED_SKB_UNSHARE_ERROR]++; si->packets_not_forwarded++; spin_unlock_bh(&si->lock); - return 0; } @@ -2328,7 +2326,7 @@ int sfe_ipv6_recv(struct net_device *dev, struct sk_buff *skb) si->packets_not_forwarded++; spin_unlock_bh(&si->lock); - DEBUG_TRACE("payload_len: %u, exceeds len: %u\n", payload_len, (len - sizeof(struct sfe_ipv6_ip_hdr))); + DEBUG_TRACE("payload_len: %u, exceeds len: %u\n", payload_len, (len - (unsigned int)sizeof(struct sfe_ipv6_ip_hdr))); return 0; } @@ -2526,7 +2524,7 @@ int sfe_ipv6_create_rule(struct sfe_connection_create *sic) spin_unlock_bh(&si->lock); DEBUG_TRACE("connection already exists - mark: %08x, p: %d\n" - " s: %s:%pM:%pI6:%u, d: %s:%pM:%pI6:%u\n", + " s: %s:%pxM:%pI6:%u, d: %s:%pxM:%pI6:%u\n", sic->mark, sic->protocol, sic->src_dev->name, sic->src_mac, sic->src_ip.ip6, ntohs(sic->src_port), sic->dest_dev->name, sic->dest_mac, sic->dest_ip.ip6, ntohs(sic->dest_port)); @@ -2742,8 +2740,8 @@ int sfe_ipv6_create_rule(struct sfe_connection_create *sic) * We have everything we need! */ DEBUG_INFO("new connection - mark: %08x, p: %d\n" - " s: %s:%pM(%pM):%pI6(%pI6):%u(%u)\n" - " d: %s:%pM(%pM):%pI6(%pI6):%u(%u)\n", + " s: %s:%pxM(%pxM):%pI6(%pI6):%u(%u)\n" + " d: %s:%pxM(%pxM):%pI6(%pI6):%u(%u)\n", sic->mark, sic->protocol, sic->src_dev->name, sic->src_mac, sic->src_mac_xlate, sic->src_ip.ip6, sic->src_ip_xlate.ip6, ntohs(sic->src_port), ntohs(sic->src_port_xlate), @@ -2866,17 +2864,17 @@ another_round: /* * sfe_ipv6_periodic_sync() */ -#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 15, 0)) -static void sfe_ipv6_periodic_sync(struct timer_list *arg) -#else +#if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 15, 0)) static void sfe_ipv6_periodic_sync(unsigned long arg) -#endif /*KERNEL_VERSION(4, 15, 0)*/ -{ -#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 15, 0)) - struct sfe_ipv6 *si = (struct sfe_ipv6 *)arg->cust_data; #else +static void sfe_ipv6_periodic_sync(struct timer_list *tl) +#endif +{ +#if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 15, 0)) struct sfe_ipv6 *si = (struct sfe_ipv6 *)arg; -#endif /*KERNEL_VERSION(4, 15, 0)*/ +#else + struct sfe_ipv6 *si = from_timer(si, tl, timer); +#endif u64 now_jiffies; int quota; sfe_sync_rule_callback_t sync_rule_callback; @@ -3555,12 +3553,11 @@ static int __init sfe_ipv6_init(void) /* * Create a timer to handle periodic statistics. */ -#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 15, 0)) - timer_setup(&si->timer, sfe_ipv6_periodic_sync, 0); - si->timer.cust_data = (unsigned long)si; -#else +#if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 15, 0)) setup_timer(&si->timer, sfe_ipv6_periodic_sync, (unsigned long)si); -#endif /*KERNEL_VERSION(4, 15, 0)*/ +#else + timer_setup(&si->timer, sfe_ipv6_periodic_sync, 0); +#endif mod_timer(&si->timer, jiffies + ((HZ + 99) / 100)); spin_lock_init(&si->lock); diff --git a/package/lean/shortcut-fe/simulated-driver/Makefile b/package/lean/shortcut-fe/simulated-driver/Makefile index 480a1e07b..764353fbb 100644 --- a/package/lean/shortcut-fe/simulated-driver/Makefile +++ b/package/lean/shortcut-fe/simulated-driver/Makefile @@ -1,5 +1,5 @@ # -# Copyright (c) 2015 The Linux Foundation. All rights reserved. +# Copyright (c) 2015,2016 The Linux Foundation. All rights reserved. # Permission to use, copy, modify, and/or distribute this software for # any purpose with or without fee is hereby granted, provided that the # above copyright notice and this permission notice appear in all copies. @@ -17,10 +17,12 @@ include $(INCLUDE_DIR)/kernel.mk PKG_NAME:=shortcut-fe-simulated-driver PKG_RELEASE:=1 +PKG_CONFIG_DEPENDS := CONFIG_IPV6 PKG_SOURCE_URL:=https://source.codeaurora.org/quic/qsdk/oss/lklm/shortcut-fe PKG_SOURCE_PROTO:=git -PKG_SOURCE_VERSION:=c7dd8173b178affc9d8da22f51610243be994e1c +PKG_SOURCE_DATE:=2021-03-17 +PKG_SOURCE_VERSION:=697977d8d0ccf0ab596e5692d08608a75dd7f33d include $(INCLUDE_DIR)/package.mk @@ -29,22 +31,22 @@ define KernelPackage/shortcut-fe-drv CATEGORY:=Kernel modules SUBMENU:=Network Support DEPENDS:=@TARGET_ipq806x||TARGET_ipq807x +kmod-shortcut-fe + KCONFIG:=CONFIG_NET_CLS_ACT=y \ + CONFIG_XFRM=y TITLE:=Simulated sfe driver for ECM FILES:=$(PKG_BUILD_DIR)/simulated-driver/shortcut-fe-drv.ko - AUTOLOAD:=$(call AutoLoad,10,shortcut-fe-drv) endef define KernelPackage/shortcut-fe-drv/Description Simulated sfe driver which act as an adapter to convert message between a connection manager and the SFE core engine. endef -EXTRA_CFLAGS+=-DSFE_SUPPORT_IPV6 - define Build/Compile $(MAKE) $(PKG_JOBS) -C "$(LINUX_DIR)" \ $(KERNEL_MAKE_FLAGS) \ $(PKG_MAKE_FLAGS) \ M="$(PKG_BUILD_DIR)/simulated-driver" \ + $(if $(CONFIG_IPV6),EXTRA_CFLAGS+="-DSFE_SUPPORT_IPV6" SFE_SUPPORT_IPV6=y,) \ EXTRA_CFLAGS="$(EXTRA_CFLAGS)" \ modules endef diff --git a/package/qca/nss/qca-nss-ecm-64/files/qca-nss-ecm.init b/package/qca/nss/qca-nss-ecm-64/files/qca-nss-ecm.init index 7afb679f1..78cf16dc0 100644 --- a/package/qca/nss/qca-nss-ecm-64/files/qca-nss-ecm.init +++ b/package/qca/nss/qca-nss-ecm-64/files/qca-nss-ecm.init @@ -57,6 +57,10 @@ load_sfe() { [ -d /sys/module/shortcut_fe_ipv6 ] || insmod shortcut-fe-ipv6 } + [ -e "/lib/modules/$kernel_version/shortcut-fe-cm.ko" ] && { + [ -d /sys/module/shortcut_fe_cm ] || insmod shortcut-fe-cm + } + [ -e "/lib/modules/$kernel_version/shortcut-fe-drv.ko" ] && { [ -d /sys/module/shortcut_fe_drv ] || insmod shortcut-fe-drv } @@ -97,13 +101,6 @@ unload_ecm() { } start() { - # If SFE CM is loaded, return. - if [ -d /sys/module/shortcut_fe_cm ]; then - echo "shortcut_fe CM is loaded, unload it first" - echo "cmd: /etc/init.d/shortcut_fe stop" - return - fi - load_ecm # If the acceleration engine is NSS, enable wifi redirect. diff --git a/package/qca/nss/qca-nss-ecm/files/qca-nss-ecm.init b/package/qca/nss/qca-nss-ecm/files/qca-nss-ecm.init index 9b43fdb09..0d58c3599 100644 --- a/package/qca/nss/qca-nss-ecm/files/qca-nss-ecm.init +++ b/package/qca/nss/qca-nss-ecm/files/qca-nss-ecm.init @@ -47,9 +47,24 @@ support_bridge() { } load_sfe() { - [ -d /sys/module/shortcut_fe ] || insmod shortcut-fe - [ -d /sys/module/shortcut_fe_ipv6 ] || insmod shortcut-fe-ipv6 - [ -d /sys/module/shortcut_fe_drv ] || insmod shortcut-fe-drv + local kernel_version=$(uname -r) + + [ -e "/lib/modules/$kernel_version/shortcut-fe.ko" ] && { + [ -d /sys/module/shortcut_fe ] || insmod shortcut-fe + } + + [ -e "/lib/modules/$kernel_version/shortcut-fe-ipv6.ko" ] && { + [ -d /sys/module/shortcut_fe_ipv6 ] || insmod shortcut-fe-ipv6 + } + + [ -e "/lib/modules/$kernel_version/shortcut-fe-cm.ko" ] && { + [ -d /sys/module/shortcut_fe_cm ] || insmod shortcut-fe-cm + } + + [ -e "/lib/modules/$kernel_version/shortcut-fe-drv.ko" ] && { + [ -d /sys/module/shortcut_fe_drv ] || insmod shortcut-fe-drv + } + } load_ecm() { diff --git a/target/linux/ipq807x/patches-5.10/601-netfilter-export-udp_get_timeouts-function.patch b/target/linux/generic/hack-5.10/601-netfilter-export-udp_get_timeouts-function.patch similarity index 100% rename from target/linux/ipq807x/patches-5.10/601-netfilter-export-udp_get_timeouts-function.patch rename to target/linux/generic/hack-5.10/601-netfilter-export-udp_get_timeouts-function.patch diff --git a/target/linux/generic/hack-5.4/601-netfilter-export-udp_get_timeouts-function.patch b/target/linux/generic/hack-5.4/601-netfilter-export-udp_get_timeouts-function.patch new file mode 100644 index 000000000..3c28843a2 --- /dev/null +++ b/target/linux/generic/hack-5.4/601-netfilter-export-udp_get_timeouts-function.patch @@ -0,0 +1,42 @@ +From ba041eb8000e4a8f556ca641335894f7e7429dbb Mon Sep 17 00:00:00 2001 +From: Ailick <277498654@qq.com> +Date: Sat, 21 Aug 2021 17:12:22 +0800 +Subject: [PATCH] net: patch linux kernel to support shortcut-fe-cm + +--- + nf_conntrack_proto_udp.c | 3 ++- + nf_conntrack_timeout.h | 2 + + 1 file changed, 2 insertion(+) + +diff --git a/include/net/netfilter/nf_conntrack_timeout.h b/include/net/netfilter/nf_conntrack_timeout.h +index 6dd7239..e1f6d69 100644 +--- a/include/net/netfilter/nf_conntrack_timeout.h ++++ b/include/net/netfilter/nf_conntrack_timeout.h +@@ -123,5 +123,7 @@ static inline void nf_ct_destroy_timeout(struct nf_conn *ct) + extern struct nf_ct_timeout *(*nf_ct_timeout_find_get_hook)(struct net *net, const char *name); + extern void (*nf_ct_timeout_put_hook)(struct nf_ct_timeout *timeout); + #endif ++ ++extern unsigned int *udp_get_timeouts(struct net *net); + + #endif /* _NF_CONNTRACK_TIMEOUT_H */ +diff --git a/net/netfilter/nf_conntrack_proto_udp.c b/net/netfilter/nf_conntrack_proto_udp.c +index 7365b43..2238d55 100644 +--- a/net/netfilter/nf_conntrack_proto_udp.c ++++ b/net/netfilter/nf_conntrack_proto_udp.c +@@ -29,10 +29,11 @@ static const unsigned int udp_timeouts[UDP_CT_MAX] = { + [UDP_CT_REPLIED] = 120*HZ, + }; + +-static unsigned int *udp_get_timeouts(struct net *net) ++unsigned int *udp_get_timeouts(struct net *net) + { + return nf_udp_pernet(net)->timeouts; + } ++EXPORT_SYMBOL(udp_get_timeouts); + + static void udp_error_log(const struct sk_buff *skb, + const struct nf_hook_state *state, +-- +2.17.1 +