diff --git a/package/qca/nss-firmware/Makefile b/package/qca/nss-firmware/Makefile new file mode 100644 index 000000000..b4d6f46ae --- /dev/null +++ b/package/qca/nss-firmware/Makefile @@ -0,0 +1,75 @@ +# +# Copyright (C) 2021 OpenWrt.org +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=nss-firmware +PKG_SOURCE_DATE:=2022-07-14 +PKG_SOURCE_VERSION:=ade6bff594377c9d9c79b45e39bf104303d919bc +PKG_MIRROR_HASH:=99ca44dd0733cff569308550c6c74febb0e7a03093b14df092d0f53362189647 +PKG_RELEASE:=1 + +PKG_SOURCE_PROTO:=git +PKG_SOURCE_URL:=https://github.com/quic/qca-sdk-nss-fw.git + +PKG_LICENSE_FILES:=LICENSE.md + +PKG_MAINTAINER:=Robert Marko + +include $(INCLUDE_DIR)/package.mk + +RSTRIP:=: +STRIP:=: + +VERSION_PATH=$(PKG_BUILD_DIR)/QCA_Networking_2022.SPF_12.0.0/ED1 + +define Package/nss-firmware-default + SECTION:=firmware + CATEGORY:=Firmware + URL:=$(PKG_SOURCE_URL) + DEPENDS:=@TARGET_qualcommax +endef + +define Package/nss-firmware-ipq6018 +$(Package/nss-firmware-default) + TITLE:=NSS firmware for IPQ6018 devices + NSS_ARCHIVE:=$(VERSION_PATH)/IPQ6018.ATH.12.0.0/BIN-NSS.FW.12.1-022-CP.R.tar.bz2 +endef + +define Package/nss-firmware-ipq8074 +$(Package/nss-firmware-default) + TITLE:=NSS firmware for IPQ8074 devices + NSS_ARCHIVE:=$(VERSION_PATH)/IPQ8074.ATH.12.0.0/BIN-NSS.FW.12.0.r1-002-HK.R.tar.bz2 +endef + +define Build/Compile + +endef + +define Package/nss-firmware-ipq6018/install + mkdir -p $(PKG_BUILD_DIR)/IPQ6018 + $(TAR) -C $(PKG_BUILD_DIR)/IPQ6018 -xf $(NSS_ARCHIVE) --strip-components=1 + $(INSTALL_DIR) $(1)/lib/firmware/ + $(INSTALL_DATA) \ + $(PKG_BUILD_DIR)/IPQ6018/retail_router0.bin \ + $(1)/lib/firmware/qca-nss0-retail.bin +endef + +define Package/nss-firmware-ipq8074/install + mkdir -p $(PKG_BUILD_DIR)/IPQ8074 + $(TAR) -C $(PKG_BUILD_DIR)/IPQ8074 -xf $(NSS_ARCHIVE) --strip-components=1 + $(INSTALL_DIR) $(1)/lib/firmware/ + $(INSTALL_DATA) \ + $(PKG_BUILD_DIR)/IPQ8074/retail_router0.bin \ + $(1)/lib/firmware/qca-nss0-retail.bin + $(INSTALL_DATA) \ + $(PKG_BUILD_DIR)/IPQ8074/retail_router1.bin \ + $(1)/lib/firmware/qca-nss1-retail.bin +endef + +$(eval $(call BuildPackage,nss-firmware-ipq6018)) +$(eval $(call BuildPackage,nss-firmware-ipq8074)) diff --git a/package/qca/qca-mcs/Makefile b/package/qca/qca-mcs/Makefile new file mode 100644 index 000000000..7517453bc --- /dev/null +++ b/package/qca/qca-mcs/Makefile @@ -0,0 +1,67 @@ +include $(TOPDIR)/rules.mk + +PKG_NAME:=qca-mcs +PKG_RELEASE:=1 + +PKG_SOURCE_PROTO:=git +PKG_SOURCE_DATE:=2023-04-21 +PKG_SOURCE_URL:=https://git.codelinaro.org/clo/qsdk/oss/lklm/qca-mcs.git +PKG_SOURCE_VERSION:=8797823e392ac3d9098c090964afd46805a0eb2b +PKG_MIRROR_HASH:=f0fa76af4545842ebf8b4f0743e1079e190dfa5f3f0d464c063063521d3d30df + +PKG_BUILD_PARALLEL:=1 + +include $(INCLUDE_DIR)/kernel.mk +include $(INCLUDE_DIR)/package.mk + +define KernelPackage/qca-mcs + SECTION:=kernel + CATEGORY:=Kernel modules + SUBMENU:=Network Support + URL:=http://www.qca.qualcomm.com + MAINTAINER:=Qualcomm Atheros, Inc. + TITLE:=QCA Multicast Snooping Support + DEPENDS:=+@KERNEL_IPV6_MROUTE +@KERNEL_IP_MROUTE + KCONFIG:=CONFIG_NETFILTER=y \ + CONFIG_BRIDGE_NETFILTER=y + FILES:=$(PKG_BUILD_DIR)/qca-mcs.ko + AUTOLOAD:=$(call AutoLoad,41,qca-mcs) +endef + +define KernelPackage/qca-mcs/Description + This package installs the IGMP/MLD Snooping Module +endef + +QCA_MC_SNOOPING_HEADERS= \ + $(PKG_BUILD_DIR)/mc_api.h \ + $(PKG_BUILD_DIR)/mc_ecm.h \ + +define Build/InstallDev + mkdir -p $(1)/usr/include/qca-mcs + $(foreach header_file,$(QCA_MC_SNOOPING_HEADERS), $(CP) $(header_file) $(1)/usr/include/qca-mcs;) + $(foreach header_file,$(QCA_MC_SNOOPING_HEADERS), $(CP) $(header_file) $(1)/usr/include/;) +endef + +EXTRA_CFLAGS+=-Wno-implicit-fallthrough + +QCA_MC_SNOOPING_MAKE_OPTS:= \ + $(KERNEL_MAKE_FLAGS) \ + CONFIG_SUPPORT_MLD=y \ + MDIR=$(PKG_BUILD_DIR) \ + KBUILDPATH=$(LINUX_DIR) \ + KERNELPATH=$(LINUX_SRC_DIR) \ + KERNELRELEASE=$(LINUX_RELEASE) + +define Build/Compile + +$(MAKE) -C $(LINUX_DIR) \ + $(KERNEL_MAKE_FLAGS) \ + $(PKG_JOBS) \ + KBUILDPATH=$(LINUX_DIR) \ + $(PKG_MAKE_FLAGS) \ + M=$(PKG_BUILD_DIR) \ + EXTRA_CFLAGS="$(EXTRA_CFLAGS)" \ + $(strip $(QCA_MC_SNOOPING_MAKE_OPTS)) \ + modules +endef + +$(eval $(call KernelPackage,qca-mcs)) diff --git a/package/qca/qca-mcs/patches/0001-kernel-5.10-compat.patch b/package/qca/qca-mcs/patches/0001-kernel-5.10-compat.patch new file mode 100644 index 000000000..958a7a337 --- /dev/null +++ b/package/qca/qca-mcs/patches/0001-kernel-5.10-compat.patch @@ -0,0 +1,40 @@ +--- a/mc_osdep.h ++++ b/mc_osdep.h +@@ -189,7 +189,7 @@ static inline struct net_bridge_port *mc + + dst = os_br_fdb_get((struct net_bridge *)br, eth_hdr(*skb)->h_dest); + +- if (dst && !dst->is_local) ++ if (dst && !test_bit(BR_FDB_LOCAL, &dst->flags)) + return dst->dst; + + return NULL; +--- a/mc_snooping.c ++++ b/mc_snooping.c +@@ -3453,6 +3453,18 @@ static int mc_proc_snooper_open(struct i + return single_open(file, mc_proc_snooper_show, NULL); + } + ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(5,6,0) ++#define HAVE_PROC_OPS ++#endif ++ ++#ifdef HAVE_PROC_OPS ++static const struct proc_ops mc_proc_snooper_fops = { ++ .proc_open = mc_proc_snooper_open, ++ .proc_read = seq_read, ++ .proc_lseek = seq_lseek, ++ .proc_release = single_release, ++}; ++#else + static const struct file_operations mc_proc_snooper_fops = { + .owner = THIS_MODULE, + .open = mc_proc_snooper_open, +@@ -3460,6 +3472,7 @@ static const struct file_operations mc_p + .llseek = seq_lseek, + .release = single_release, + }; ++#endif + + /* mc_proc_create_snooper_entry + * create proc entry for information show diff --git a/package/qca/qca-nss-cfi/Makefile b/package/qca/qca-nss-cfi/Makefile new file mode 100644 index 000000000..c9964abd3 --- /dev/null +++ b/package/qca/qca-nss-cfi/Makefile @@ -0,0 +1,82 @@ +include $(TOPDIR)/rules.mk + +PKG_NAME:=qca-nss-cfi +PKG_RELEASE:=1 + +PKG_SOURCE_PROTO:=git +PKG_SOURCE_DATE:=2022-12-15 +PKG_SOURCE_URL:=https://git.codelinaro.org/clo/qsdk/oss/lklm/nss-cfi.git +PKG_SOURCE_VERSION:=5cd07ce299ee3ce62dbe4f6783ad36361e57583b +PKG_MIRROR_HASH:=e449eee24fccc09b1cf0f1367bb54cedadcc46a30423934744e78272443197e7 + +PKG_BUILD_PARALLEL:=1 + +include $(INCLUDE_DIR)/kernel.mk +include $(INCLUDE_DIR)/package.mk + +ifneq (, $(findstring $(CONFIG_TARGET_SUBTARGET), "ipq807x" "ipq60xx")) + CFI_OCF_DIR:=ocf/v2.0 + CFI_CRYPTOAPI_DIR:=cryptoapi/v2.0 +else + CFI_CRYPTOAPI_DIR:=cryptoapi/v1.1 + CFI_OCF_DIR:=ocf/v1.0 + CFI_IPSEC_DIR:=ipsec/v1.0 +endif + +define KernelPackage/qca-nss-cfi-cryptoapi + SECTION:=kernel + CATEGORY:=Kernel modules + SUBMENU:=Cryptographic API modules + DEPENDS:=@TARGET_qualcommax +kmod-qca-nss-crypto +kmod-crypto-authenc + TITLE:=Kernel driver for NSS cfi + FILES:=$(PKG_BUILD_DIR)/$(CFI_CRYPTOAPI_DIR)/qca-nss-cfi-cryptoapi.ko + AUTOLOAD:=$(call AutoLoad,59,qca-nss-cfi-cryptoapi) +endef + +define Build/InstallDev + $(INSTALL_DIR) $(1)/usr/include/qca-nss-cfi + $(CP) $(PKG_BUILD_DIR)/$(CFI_CRYPTOAPI_DIR)/../exports/* $(1)/usr/include/qca-nss-cfi + $(CP) $(PKG_BUILD_DIR)/include/* $(1)/usr/include/qca-nss-cfi +endef + +define KernelPackage/qca-nss-cfi/Description +This package contains a NSS cfi driver for QCA chipset +endef + +EXTRA_CFLAGS+= \ + -DCONFIG_NSS_DEBUG_LEVEL=4 \ + -I$(LINUX_DIR)/crypto/ocf \ + -I$(STAGING_DIR)/usr/include/qca-nss-crypto \ + -I$(STAGING_DIR)/usr/include/crypto \ + -I$(STAGING_DIR)/usr/include/qca-nss-drv + +ifneq (, $(findstring $(CONFIG_TARGET_SUBTARGET), "ipq807x")) +EXTRA_CFLAGS+= -I$(STAGING_DIR)/usr/include/qca-nss-clients +endif + +ifneq ($(CONFIG_PACKAGE_kmod-qca-nss-cfi-cryptoapi),) +MAKE_OPTS+= \ + cryptoapi=y \ + NSS_CRYPTOAPI_ABLK=n \ + NSS_CRYPTOAPI_SKCIPHER=y +endif + +ifeq ($(CONFIG_TARGET_BOARD), "qualcommax") + SOC:=$(CONFIG_TARGET_SUBTARGET) +endif + +define Build/Compile + +$(MAKE) -C "$(LINUX_DIR)" $(strip $(MAKE_OPTS)) \ + $(KERNEL_MAKE_FLAGS) \ + M="$(PKG_BUILD_DIR)" \ + EXTRA_CFLAGS="$(EXTRA_CFLAGS)" \ + CC="$(TARGET_CC)" \ + CFI_CRYPTOAPI_DIR=$(CFI_CRYPTOAPI_DIR) \ + CFI_OCF_DIR=$(CFI_OCF_DIR) \ + CFI_IPSEC_DIR=$(CFI_IPSEC_DIR) \ + SoC=$(SOC) \ + $(PKG_JOBS) \ + modules +endef + +$(eval $(call KernelPackage,qca-nss-cfi-cryptoapi)) diff --git a/package/qca/qca-nss-cfi/patches/0001-cryptoapi-v2.0-fix-SHA1-header-include.patch b/package/qca/qca-nss-cfi/patches/0001-cryptoapi-v2.0-fix-SHA1-header-include.patch new file mode 100644 index 000000000..12df90fdc --- /dev/null +++ b/package/qca/qca-nss-cfi/patches/0001-cryptoapi-v2.0-fix-SHA1-header-include.patch @@ -0,0 +1,62 @@ +From 1569ac3b6bbcae9c3f4898e0d34aec8f88297ee6 Mon Sep 17 00:00:00 2001 +From: Robert Marko +Date: Sun, 22 Jan 2023 21:45:23 +0100 +Subject: [PATCH 1/5] cryptoapi: v2.0: fix SHA1 header include + +SHA1 header has been merged to the generic SHA one, +and with that the cryptohash.h was dropped. + +So, fix include in kernels 5.8 and newer. + +Signed-off-by: Robert Marko +--- + cryptoapi/v2.0/nss_cryptoapi.c | 5 +++++ + cryptoapi/v2.0/nss_cryptoapi_aead.c | 5 +++++ + cryptoapi/v2.0/nss_cryptoapi_ahash.c | 5 +++++ + 3 files changed, 15 insertions(+) + +--- a/cryptoapi/v2.0/nss_cryptoapi.c ++++ b/cryptoapi/v2.0/nss_cryptoapi.c +@@ -39,7 +39,12 @@ + + #include + #include ++#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 11, 0) + #include ++#else ++#include ++#include ++#endif + #include + #include + #include +--- a/cryptoapi/v2.0/nss_cryptoapi_aead.c ++++ b/cryptoapi/v2.0/nss_cryptoapi_aead.c +@@ -39,7 +39,12 @@ + + #include + #include ++#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 11, 0) + #include ++#else ++#include ++#include ++#endif + #include + #include + #include +--- a/cryptoapi/v2.0/nss_cryptoapi_ahash.c ++++ b/cryptoapi/v2.0/nss_cryptoapi_ahash.c +@@ -38,7 +38,12 @@ + + #include + #include ++#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 11, 0) + #include ++#else ++#include ++#include ++#endif + #include + #include + #include diff --git a/package/qca/qca-nss-cfi/patches/0002-cryptoapi-v2.0-make-ablkcipher-optional.patch b/package/qca/qca-nss-cfi/patches/0002-cryptoapi-v2.0-make-ablkcipher-optional.patch new file mode 100644 index 000000000..e9702eb33 --- /dev/null +++ b/package/qca/qca-nss-cfi/patches/0002-cryptoapi-v2.0-make-ablkcipher-optional.patch @@ -0,0 +1,116 @@ +From 26cca5006bddb0da57398452616e07ee7b11edb1 Mon Sep 17 00:00:00 2001 +From: Robert Marko +Date: Sun, 22 Jan 2023 22:01:34 +0100 +Subject: [PATCH 2/5] cryptoapi: v2.0: make ablkcipher optional + +albkcipher has been removed from the kernel in v5.5, so until it has been +converted to skcipher, lets make it optional to at least have hashes +working. + +Signed-off-by: Robert Marko +--- + cryptoapi/v2.0/Makefile | 3 +++ + cryptoapi/v2.0/nss_cryptoapi.c | 10 ++++++++++ + cryptoapi/v2.0/nss_cryptoapi_private.h | 2 ++ + 3 files changed, 15 insertions(+) + +--- a/cryptoapi/v2.0/Makefile ++++ b/cryptoapi/v2.0/Makefile +@@ -5,7 +5,10 @@ NSS_CRYPTOAPI_MOD_NAME=qca-nss-cfi-crypt + obj-m += $(NSS_CRYPTOAPI_MOD_NAME).o + $(NSS_CRYPTOAPI_MOD_NAME)-objs = nss_cryptoapi.o + $(NSS_CRYPTOAPI_MOD_NAME)-objs += nss_cryptoapi_aead.o ++ifneq "$(NSS_CRYPTOAPI_ABLK)" "n" + $(NSS_CRYPTOAPI_MOD_NAME)-objs += nss_cryptoapi_ablk.o ++ccflags-y += -DNSS_CRYPTOAPI_ABLK ++endif + $(NSS_CRYPTOAPI_MOD_NAME)-objs += nss_cryptoapi_ahash.o + + obj ?= . +--- a/cryptoapi/v2.0/nss_cryptoapi.c ++++ b/cryptoapi/v2.0/nss_cryptoapi.c +@@ -1367,6 +1367,7 @@ struct aead_alg cryptoapi_aead_algs[] = + /* + * ABLK cipher algorithms + */ ++#if defined(NSS_CRYPTOAPI_ABLK) + static struct crypto_alg cryptoapi_ablkcipher_algs[] = { + { + .cra_name = "cbc(aes)", +@@ -1466,6 +1467,7 @@ static struct crypto_alg cryptoapi_ablkc + }, + } + }; ++#endif + + /* + * AHASH algorithms +@@ -2189,7 +2191,9 @@ void nss_cryptoapi_add_ctx2debugfs(struc + */ + void nss_cryptoapi_attach_user(void *app_data, struct nss_crypto_user *user) + { ++#if defined(NSS_CRYPTOAPI_ABLK) + struct crypto_alg *ablk = cryptoapi_ablkcipher_algs; ++#endif + struct aead_alg *aead = cryptoapi_aead_algs; + struct ahash_alg *ahash = cryptoapi_ahash_algs; + struct nss_cryptoapi *sc = app_data; +@@ -2212,6 +2216,7 @@ void nss_cryptoapi_attach_user(void *app + g_cryptoapi.user = user; + } + ++#if defined(NSS_CRYPTOAPI_ABLK) + for (i = 0; enable_ablk && (i < ARRAY_SIZE(cryptoapi_ablkcipher_algs)); i++, ablk++) { + info = nss_cryptoapi_cra_name_lookup(ablk->cra_name); + if(!info || !nss_crypto_algo_is_supp(info->algo)) +@@ -2222,6 +2227,7 @@ void nss_cryptoapi_attach_user(void *app + ablk->cra_flags = 0; + } + } ++#endif + + for (i = 0; enable_aead && (i < ARRAY_SIZE(cryptoapi_aead_algs)); i++, aead++) { + info = nss_cryptoapi_cra_name_lookup(aead->base.cra_name); +@@ -2257,7 +2263,9 @@ void nss_cryptoapi_attach_user(void *app + */ + void nss_cryptoapi_detach_user(void *app_data, struct nss_crypto_user *user) + { ++#if defined(NSS_CRYPTOAPI_ABLK) + struct crypto_alg *ablk = cryptoapi_ablkcipher_algs; ++#endif + struct aead_alg *aead = cryptoapi_aead_algs; + struct ahash_alg *ahash = cryptoapi_ahash_algs; + struct nss_cryptoapi *sc = app_data; +@@ -2270,6 +2278,7 @@ void nss_cryptoapi_detach_user(void *app + */ + atomic_set(&g_cryptoapi.registered, 0); + ++#if defined(NSS_CRYPTOAPI_ABLK) + for (i = 0; enable_ablk && (i < ARRAY_SIZE(cryptoapi_ablkcipher_algs)); i++, ablk++) { + if (!ablk->cra_flags) + continue; +@@ -2277,6 +2286,7 @@ void nss_cryptoapi_detach_user(void *app + crypto_unregister_alg(ablk); + nss_cfi_info("%px: ABLK unregister succeeded, algo: %s\n", sc, ablk->cra_name); + } ++#endif + + for (i = 0; enable_aead && (i < ARRAY_SIZE(cryptoapi_aead_algs)); i++, aead++) { + if (!aead->base.cra_flags) +--- a/cryptoapi/v2.0/nss_cryptoapi_private.h ++++ b/cryptoapi/v2.0/nss_cryptoapi_private.h +@@ -250,12 +250,14 @@ extern void nss_cryptoapi_aead_tx_proc(s + /* + * ABLKCIPHER + */ ++#if defined(NSS_CRYPTOAPI_ABLK) + extern int nss_cryptoapi_ablkcipher_init(struct crypto_tfm *tfm); + extern void nss_cryptoapi_ablkcipher_exit(struct crypto_tfm *tfm); + extern int nss_cryptoapi_ablk_setkey(struct crypto_ablkcipher *cipher, const u8 *key, unsigned int len); + extern int nss_cryptoapi_ablk_encrypt(struct ablkcipher_request *req); + extern int nss_cryptoapi_ablk_decrypt(struct ablkcipher_request *req); + extern void nss_cryptoapi_copy_iv(struct nss_cryptoapi_ctx *ctx, struct scatterlist *sg, uint8_t *iv, uint8_t iv_len); ++#endif + + /* + * AHASH diff --git a/package/qca/qca-nss-cfi/patches/0003-cryptoapi-v2.0-remove-setting-crypto_ahash_type-for-.patch b/package/qca/qca-nss-cfi/patches/0003-cryptoapi-v2.0-remove-setting-crypto_ahash_type-for-.patch new file mode 100644 index 000000000..ad11b8b35 --- /dev/null +++ b/package/qca/qca-nss-cfi/patches/0003-cryptoapi-v2.0-remove-setting-crypto_ahash_type-for-.patch @@ -0,0 +1,137 @@ +From 797b5166783cda0886038ffb22f5386b9363a961 Mon Sep 17 00:00:00 2001 +From: Robert Marko +Date: Sun, 22 Jan 2023 22:08:27 +0100 +Subject: [PATCH 3/5] cryptoapi: v2.0: remove setting crypto_ahash_type for + newer kernels + +Upstream has stopped exporting crypto_ahash_type and removed setting it +on ahash algos since v4.19 as its easily identifiable by the struct type +and its being set in the core directly, so lets do the same. + +Signed-off-by: Robert Marko +--- + cryptoapi/v2.0/nss_cryptoapi.c | 24 ++++++++++++++++++++++++ + 1 file changed, 24 insertions(+) + +--- a/cryptoapi/v2.0/nss_cryptoapi.c ++++ b/cryptoapi/v2.0/nss_cryptoapi.c +@@ -1495,7 +1495,9 @@ static struct ahash_alg cryptoapi_ahash_ + .cra_blocksize = MD5_HMAC_BLOCK_SIZE, + .cra_ctxsize = sizeof(struct nss_cryptoapi_ctx), + .cra_alignmask = 0, ++#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 19, 0) + .cra_type = &crypto_ahash_type, ++#endif + .cra_module = THIS_MODULE, + .cra_init = nss_cryptoapi_ahash_cra_init, + .cra_exit = nss_cryptoapi_ahash_cra_exit, +@@ -1521,7 +1523,9 @@ static struct ahash_alg cryptoapi_ahash_ + .cra_blocksize = SHA1_BLOCK_SIZE, + .cra_ctxsize = sizeof(struct nss_cryptoapi_ctx), + .cra_alignmask = 0, ++#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 19, 0) + .cra_type = &crypto_ahash_type, ++#endif + .cra_module = THIS_MODULE, + .cra_init = nss_cryptoapi_ahash_cra_init, + .cra_exit = nss_cryptoapi_ahash_cra_exit, +@@ -1547,7 +1551,9 @@ static struct ahash_alg cryptoapi_ahash_ + .cra_blocksize = SHA224_BLOCK_SIZE, + .cra_ctxsize = sizeof(struct nss_cryptoapi_ctx), + .cra_alignmask = 0, ++#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 19, 0) + .cra_type = &crypto_ahash_type, ++#endif + .cra_module = THIS_MODULE, + .cra_init = nss_cryptoapi_ahash_cra_init, + .cra_exit = nss_cryptoapi_ahash_cra_exit, +@@ -1573,7 +1579,9 @@ static struct ahash_alg cryptoapi_ahash_ + .cra_blocksize = SHA256_BLOCK_SIZE, + .cra_ctxsize = sizeof(struct nss_cryptoapi_ctx), + .cra_alignmask = 0, ++#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 19, 0) + .cra_type = &crypto_ahash_type, ++#endif + .cra_module = THIS_MODULE, + .cra_init = nss_cryptoapi_ahash_cra_init, + .cra_exit = nss_cryptoapi_ahash_cra_exit, +@@ -1599,7 +1607,9 @@ static struct ahash_alg cryptoapi_ahash_ + .cra_blocksize = SHA384_BLOCK_SIZE, + .cra_ctxsize = sizeof(struct nss_cryptoapi_ctx), + .cra_alignmask = 0, ++#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 19, 0) + .cra_type = &crypto_ahash_type, ++#endif + .cra_module = THIS_MODULE, + .cra_init = nss_cryptoapi_ahash_cra_init, + .cra_exit = nss_cryptoapi_ahash_cra_exit, +@@ -1625,7 +1635,9 @@ static struct ahash_alg cryptoapi_ahash_ + .cra_blocksize = SHA512_BLOCK_SIZE, + .cra_ctxsize = sizeof(struct nss_cryptoapi_ctx), + .cra_alignmask = 0, ++#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 19, 0) + .cra_type = &crypto_ahash_type, ++#endif + .cra_module = THIS_MODULE, + .cra_init = nss_cryptoapi_ahash_cra_init, + .cra_exit = nss_cryptoapi_ahash_cra_exit, +@@ -1655,7 +1667,9 @@ static struct ahash_alg cryptoapi_ahash_ + .cra_blocksize = MD5_HMAC_BLOCK_SIZE, + .cra_ctxsize = sizeof(struct nss_cryptoapi_ctx), + .cra_alignmask = 0, ++#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 19, 0) + .cra_type = &crypto_ahash_type, ++#endif + .cra_module = THIS_MODULE, + .cra_init = nss_cryptoapi_ahash_cra_init, + .cra_exit = nss_cryptoapi_ahash_cra_exit, +@@ -1681,7 +1695,9 @@ static struct ahash_alg cryptoapi_ahash_ + .cra_blocksize = SHA1_BLOCK_SIZE, + .cra_ctxsize = sizeof(struct nss_cryptoapi_ctx), + .cra_alignmask = 0, ++#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 19, 0) + .cra_type = &crypto_ahash_type, ++#endif + .cra_module = THIS_MODULE, + .cra_init = nss_cryptoapi_ahash_cra_init, + .cra_exit = nss_cryptoapi_ahash_cra_exit, +@@ -1707,7 +1723,9 @@ static struct ahash_alg cryptoapi_ahash_ + .cra_blocksize = SHA224_BLOCK_SIZE, + .cra_ctxsize = sizeof(struct nss_cryptoapi_ctx), + .cra_alignmask = 0, ++#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 19, 0) + .cra_type = &crypto_ahash_type, ++#endif + .cra_module = THIS_MODULE, + .cra_init = nss_cryptoapi_ahash_cra_init, + .cra_exit = nss_cryptoapi_ahash_cra_exit, +@@ -1733,7 +1751,9 @@ static struct ahash_alg cryptoapi_ahash_ + .cra_blocksize = SHA256_BLOCK_SIZE, + .cra_ctxsize = sizeof(struct nss_cryptoapi_ctx), + .cra_alignmask = 0, ++#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 19, 0) + .cra_type = &crypto_ahash_type, ++#endif + .cra_module = THIS_MODULE, + .cra_init = nss_cryptoapi_ahash_cra_init, + .cra_exit = nss_cryptoapi_ahash_cra_exit, +@@ -1759,7 +1779,9 @@ static struct ahash_alg cryptoapi_ahash_ + .cra_blocksize = SHA384_BLOCK_SIZE, + .cra_ctxsize = sizeof(struct nss_cryptoapi_ctx), + .cra_alignmask = 0, ++#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 19, 0) + .cra_type = &crypto_ahash_type, ++#endif + .cra_module = THIS_MODULE, + .cra_init = nss_cryptoapi_ahash_cra_init, + .cra_exit = nss_cryptoapi_ahash_cra_exit, +@@ -1785,7 +1807,9 @@ static struct ahash_alg cryptoapi_ahash_ + .cra_blocksize = SHA512_BLOCK_SIZE, + .cra_ctxsize = sizeof(struct nss_cryptoapi_ctx), + .cra_alignmask = 0, ++#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 19, 0) + .cra_type = &crypto_ahash_type, ++#endif + .cra_module = THIS_MODULE, + .cra_init = nss_cryptoapi_ahash_cra_init, + .cra_exit = nss_cryptoapi_ahash_cra_exit, diff --git a/package/qca/qca-nss-cfi/patches/0004-cryptoapi-v2.0-aead-add-downstream-crypto_tfm_alg_fl.patch b/package/qca/qca-nss-cfi/patches/0004-cryptoapi-v2.0-aead-add-downstream-crypto_tfm_alg_fl.patch new file mode 100644 index 000000000..a872321fb --- /dev/null +++ b/package/qca/qca-nss-cfi/patches/0004-cryptoapi-v2.0-aead-add-downstream-crypto_tfm_alg_fl.patch @@ -0,0 +1,28 @@ +From 8db77add1a794bdee8eef0a351e40bf1cdf6dfa9 Mon Sep 17 00:00:00 2001 +From: Robert Marko +Date: Sun, 22 Jan 2023 22:09:51 +0100 +Subject: [PATCH 4/5] cryptoapi: v2.0: aead: add downstream + crypto_tfm_alg_flags + +crypto_tfm_alg_flags newer made it upstream, but as a temporary stopgap +until a better solution is figured out lets add it. + +Signed-off-by: Robert Marko +--- + cryptoapi/v2.0/nss_cryptoapi_aead.c | 5 +++++ + 1 file changed, 5 insertions(+) + +--- a/cryptoapi/v2.0/nss_cryptoapi_aead.c ++++ b/cryptoapi/v2.0/nss_cryptoapi_aead.c +@@ -61,6 +61,11 @@ + #include + #include "nss_cryptoapi_private.h" + ++static inline u32 crypto_tfm_alg_flags(struct crypto_tfm *tfm) ++{ ++ return tfm->__crt_alg->cra_flags & ~CRYPTO_ALG_TYPE_MASK; ++} ++ + /* + * nss_cryptoapi_aead_ctx2session() + * Cryptoapi function to get the session ID for an AEAD diff --git a/package/qca/qca-nss-cfi/patches/0005-cryptoapi-v2.0-remove-dropped-flags.patch b/package/qca/qca-nss-cfi/patches/0005-cryptoapi-v2.0-remove-dropped-flags.patch new file mode 100644 index 000000000..645633abc --- /dev/null +++ b/package/qca/qca-nss-cfi/patches/0005-cryptoapi-v2.0-remove-dropped-flags.patch @@ -0,0 +1,97 @@ +From 62bbb188e1a72d28916e1eca31f4cb9fbbf51cd1 Mon Sep 17 00:00:00 2001 +From: Robert Marko +Date: Sun, 22 Jan 2023 22:11:06 +0100 +Subject: [PATCH 5/5] cryptoapi: v2.0: remove dropped flags + +Upstream has dropped these flags as there was no use for them, so lets do +the same. + +Signed-off-by: Robert Marko +--- + cryptoapi/v2.0/nss_cryptoapi_aead.c | 6 ------ + cryptoapi/v2.0/nss_cryptoapi_ahash.c | 4 ---- + 2 files changed, 10 deletions(-) + +--- a/cryptoapi/v2.0/nss_cryptoapi_aead.c ++++ b/cryptoapi/v2.0/nss_cryptoapi_aead.c +@@ -207,7 +207,6 @@ int nss_cryptoapi_aead_setkey_noauth(str + ctx->info = nss_cryptoapi_cra_name2info(crypto_tfm_alg_name(tfm), keylen, 0); + if (!ctx->info) { + nss_cfi_err("%px: Unable to find algorithm with keylen\n", ctx); +- crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN); + return -ENOENT; + } + +@@ -239,7 +238,6 @@ int nss_cryptoapi_aead_setkey_noauth(str + status = nss_crypto_session_alloc(ctx->user, &data, &ctx->sid); + if (status < 0) { + nss_cfi_err("%px: Unable to allocate crypto session(%d)\n", ctx, status); +- crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_FLAGS); + return status; + } + +@@ -271,14 +269,12 @@ int nss_cryptoapi_aead_setkey(struct cry + */ + if (crypto_authenc_extractkeys(&keys, key, keylen) != 0) { + nss_cfi_err("%px: Unable to extract keys\n", ctx); +- crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN); + return -EIO; + } + + ctx->info = nss_cryptoapi_cra_name2info(crypto_tfm_alg_name(tfm), keys.enckeylen, crypto_aead_maxauthsize(aead)); + if (!ctx->info) { + nss_cfi_err("%px: Unable to find algorithm with keylen\n", ctx); +- crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN); + return -ENOENT; + } + +@@ -299,7 +295,6 @@ int nss_cryptoapi_aead_setkey(struct cry + */ + if (keys.authkeylen > ctx->info->auth_blocksize) { + nss_cfi_err("%px: Auth keylen(%d) exceeds supported\n", ctx, keys.authkeylen); +- crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN); + return -EINVAL; + } + +@@ -342,7 +337,6 @@ int nss_cryptoapi_aead_setkey(struct cry + status = nss_crypto_session_alloc(ctx->user, &data, &ctx->sid); + if (status < 0) { + nss_cfi_err("%px: Unable to allocate crypto session(%d)\n", ctx, status); +- crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_FLAGS); + return status; + } + +--- a/cryptoapi/v2.0/nss_cryptoapi_ahash.c ++++ b/cryptoapi/v2.0/nss_cryptoapi_ahash.c +@@ -192,7 +192,6 @@ int nss_cryptoapi_ahash_setkey(struct cr + + ctx->info = nss_cryptoapi_cra_name2info(crypto_tfm_alg_name(tfm), 0, crypto_ahash_digestsize(ahash)); + if (!ctx->info) { +- crypto_ahash_set_flags(ahash, CRYPTO_TFM_RES_BAD_KEY_LEN); + return -EINVAL; + } + +@@ -215,7 +214,6 @@ int nss_cryptoapi_ahash_setkey(struct cr + status = nss_crypto_session_alloc(ctx->user, &data, &ctx->sid); + if (status < 0) { + nss_cfi_warn("%px: Unable to allocate crypto session(%d)\n", ctx, status); +- crypto_ahash_set_flags(ahash, CRYPTO_TFM_RES_BAD_FLAGS); + return status; + } + +@@ -299,7 +297,6 @@ int nss_cryptoapi_ahash_init(struct ahas + */ + ctx->info = nss_cryptoapi_cra_name2info(crypto_tfm_alg_name(tfm), 0, 0); + if (!ctx->info) { +- crypto_ahash_set_flags(ahash, CRYPTO_TFM_RES_BAD_KEY_LEN); + return -EINVAL; + } + +@@ -314,7 +311,6 @@ int nss_cryptoapi_ahash_init(struct ahas + status = nss_crypto_session_alloc(ctx->user, &data, &ctx->sid); + if (status < 0) { + nss_cfi_err("%px: Unable to allocate crypto session(%d)\n", ctx, status); +- crypto_ahash_set_flags(ahash, CRYPTO_TFM_RES_BAD_FLAGS); + return status; + } + diff --git a/package/qca/qca-nss-cfi/patches/0006-cryptoapi-v2.0-convert-to-skcipher.patch b/package/qca/qca-nss-cfi/patches/0006-cryptoapi-v2.0-convert-to-skcipher.patch new file mode 100644 index 000000000..f85e3d892 --- /dev/null +++ b/package/qca/qca-nss-cfi/patches/0006-cryptoapi-v2.0-convert-to-skcipher.patch @@ -0,0 +1,1199 @@ +From 1b30927548c2498c76b815b87f604f9a1de40a48 Mon Sep 17 00:00:00 2001 +From: Robert Marko +Date: Sun, 22 Jan 2023 23:31:09 +0100 +Subject: [PATCH] cryptoapi: v2.0: convert to skcipher + +Finally convert the driver from ablkcipher that was dropped in v5.5 to +skcipher. + +Signed-off-by: Robert Marko +--- + cryptoapi/v2.0/Makefile | 6 +- + cryptoapi/v2.0/nss_cryptoapi.c | 200 ++++++++---------- + cryptoapi/v2.0/nss_cryptoapi_private.h | 14 +- + ...ptoapi_ablk.c => nss_cryptoapi_skcipher.c} | 116 +++++----- + 4 files changed, 145 insertions(+), 191 deletions(-) + rename cryptoapi/v2.0/{nss_cryptoapi_ablk.c => nss_cryptoapi_skcipher.c} (74%) + +--- a/cryptoapi/v2.0/Makefile ++++ b/cryptoapi/v2.0/Makefile +@@ -5,9 +5,9 @@ NSS_CRYPTOAPI_MOD_NAME=qca-nss-cfi-crypt + obj-m += $(NSS_CRYPTOAPI_MOD_NAME).o + $(NSS_CRYPTOAPI_MOD_NAME)-objs = nss_cryptoapi.o + $(NSS_CRYPTOAPI_MOD_NAME)-objs += nss_cryptoapi_aead.o +-ifneq "$(NSS_CRYPTOAPI_ABLK)" "n" +-$(NSS_CRYPTOAPI_MOD_NAME)-objs += nss_cryptoapi_ablk.o +-ccflags-y += -DNSS_CRYPTOAPI_ABLK ++ifneq "$(NSS_CRYPTOAPI_SKCIPHER)" "n" ++$(NSS_CRYPTOAPI_MOD_NAME)-objs += nss_cryptoapi_skcipher.o ++ccflags-y += -DNSS_CRYPTOAPI_SKCIPHER + endif + $(NSS_CRYPTOAPI_MOD_NAME)-objs += nss_cryptoapi_ahash.o + +--- a/cryptoapi/v2.0/nss_cryptoapi.c ++++ b/cryptoapi/v2.0/nss_cryptoapi.c +@@ -1367,104 +1367,78 @@ struct aead_alg cryptoapi_aead_algs[] = + /* + * ABLK cipher algorithms + */ +-#if defined(NSS_CRYPTOAPI_ABLK) +-static struct crypto_alg cryptoapi_ablkcipher_algs[] = { ++#if defined(NSS_CRYPTOAPI_SKCIPHER) ++static struct skcipher_alg cryptoapi_skcipher_algs[] = { + { +- .cra_name = "cbc(aes)", +- .cra_driver_name = "nss-cbc-aes", +- .cra_priority = 10000, +- .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | CRYPTO_ALG_ASYNC, +- .cra_blocksize = AES_BLOCK_SIZE, +- .cra_ctxsize = sizeof(struct nss_cryptoapi_ctx), +- .cra_alignmask = 0, +- .cra_type = &crypto_ablkcipher_type, +- .cra_module = THIS_MODULE, +- .cra_init = nss_cryptoapi_ablkcipher_init, +- .cra_exit = nss_cryptoapi_ablkcipher_exit, +- .cra_u = { +- .ablkcipher = { +- .ivsize = AES_BLOCK_SIZE, +- .min_keysize = AES_MIN_KEY_SIZE, +- .max_keysize = AES_MAX_KEY_SIZE, +- .setkey = nss_cryptoapi_ablk_setkey, +- .encrypt = nss_cryptoapi_ablk_encrypt, +- .decrypt = nss_cryptoapi_ablk_decrypt, +- }, +- }, +- }, +- { +- .cra_name = "rfc3686(ctr(aes))", +- .cra_driver_name = "nss-rfc3686-ctr-aes", +- .cra_priority = 30000, +- .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | CRYPTO_ALG_ASYNC, +- .cra_blocksize = AES_BLOCK_SIZE, +- .cra_ctxsize = sizeof(struct nss_cryptoapi_ctx), +- .cra_alignmask = 0, +- .cra_type = &crypto_ablkcipher_type, +- .cra_module = THIS_MODULE, +- .cra_init = nss_cryptoapi_ablkcipher_init, +- .cra_exit = nss_cryptoapi_ablkcipher_exit, +- .cra_u = { +- .ablkcipher = { +- .ivsize = CTR_RFC3686_IV_SIZE, +-/* +- * geniv deprecated from kernel version 5.0 and above +- */ +-#if (LINUX_VERSION_CODE < KERNEL_VERSION(5, 0, 0)) +- .geniv = "seqiv", +-#endif +- .min_keysize = AES_MIN_KEY_SIZE + CTR_RFC3686_NONCE_SIZE, +- .max_keysize = AES_MAX_KEY_SIZE + CTR_RFC3686_NONCE_SIZE, +- .setkey = nss_cryptoapi_ablk_setkey, +- .encrypt = nss_cryptoapi_ablk_encrypt, +- .decrypt = nss_cryptoapi_ablk_decrypt, +- }, +- }, +- }, +- { +- .cra_name = "ecb(aes)", +- .cra_driver_name = "nss-ecb-aes", +- .cra_priority = 10000, +- .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | CRYPTO_ALG_ASYNC, +- .cra_blocksize = AES_BLOCK_SIZE, +- .cra_ctxsize = sizeof(struct nss_cryptoapi_ctx), +- .cra_alignmask = 0, +- .cra_type = &crypto_ablkcipher_type, +- .cra_module = THIS_MODULE, +- .cra_init = nss_cryptoapi_ablkcipher_init, +- .cra_exit = nss_cryptoapi_ablkcipher_exit, +- .cra_u = { +- .ablkcipher = { +- .min_keysize = AES_MIN_KEY_SIZE, +- .max_keysize = AES_MAX_KEY_SIZE, +- .setkey = nss_cryptoapi_ablk_setkey, +- .encrypt = nss_cryptoapi_ablk_encrypt, +- .decrypt = nss_cryptoapi_ablk_decrypt, +- }, +- }, +- }, +- { +- .cra_name = "cbc(des3_ede)", +- .cra_driver_name = "nss-cbc-des-ede", +- .cra_priority = 10000, +- .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | CRYPTO_ALG_ASYNC, +- .cra_blocksize = DES3_EDE_BLOCK_SIZE, +- .cra_ctxsize = sizeof(struct nss_cryptoapi_ctx), +- .cra_alignmask = 0, +- .cra_type = &crypto_ablkcipher_type, +- .cra_module = THIS_MODULE, +- .cra_init = nss_cryptoapi_ablkcipher_init, +- .cra_exit = nss_cryptoapi_ablkcipher_exit, +- .cra_u = { +- .ablkcipher = { +- .ivsize = DES3_EDE_BLOCK_SIZE, +- .min_keysize = DES3_EDE_KEY_SIZE, +- .max_keysize = DES3_EDE_KEY_SIZE, +- .setkey = nss_cryptoapi_ablk_setkey, +- .encrypt = nss_cryptoapi_ablk_encrypt, +- .decrypt = nss_cryptoapi_ablk_decrypt, +- }, +- }, ++ .base.cra_name = "cbc(aes)", ++ .base.cra_driver_name = "nss-cbc-aes", ++ .base.cra_priority = 10000, ++ .base.cra_flags = CRYPTO_ALG_ASYNC, ++ .base.cra_blocksize = AES_BLOCK_SIZE, ++ .base.cra_ctxsize = sizeof(struct nss_cryptoapi_ctx), ++ .base.cra_alignmask = 0, ++ .base.cra_module = THIS_MODULE, ++ .init = nss_cryptoapi_skcipher_init, ++ .exit = nss_cryptoapi_skcipher_exit, ++ .ivsize = AES_BLOCK_SIZE, ++ .min_keysize = AES_MIN_KEY_SIZE, ++ .max_keysize = AES_MAX_KEY_SIZE, ++ .setkey = nss_cryptoapi_skcipher_setkey, ++ .encrypt = nss_cryptoapi_skcipher_encrypt, ++ .decrypt = nss_cryptoapi_skcipher_decrypt, ++ }, ++ { ++ .base.cra_name = "rfc3686(ctr(aes))", ++ .base.cra_driver_name = "nss-rfc3686-ctr-aes", ++ .base.cra_priority = 30000, ++ .base.cra_flags = CRYPTO_ALG_ASYNC, ++ .base.cra_blocksize = AES_BLOCK_SIZE, ++ .base.cra_ctxsize = sizeof(struct nss_cryptoapi_ctx), ++ .base.cra_alignmask = 0, ++ .base.cra_module = THIS_MODULE, ++ .init = nss_cryptoapi_skcipher_init, ++ .exit = nss_cryptoapi_skcipher_exit, ++ .ivsize = CTR_RFC3686_IV_SIZE, ++ .min_keysize = AES_MIN_KEY_SIZE + CTR_RFC3686_NONCE_SIZE, ++ .max_keysize = AES_MAX_KEY_SIZE + CTR_RFC3686_NONCE_SIZE, ++ .setkey = nss_cryptoapi_skcipher_setkey, ++ .encrypt = nss_cryptoapi_skcipher_encrypt, ++ .decrypt = nss_cryptoapi_skcipher_decrypt, ++ }, ++ { ++ .base.cra_name = "ecb(aes)", ++ .base.cra_driver_name = "nss-ecb-aes", ++ .base.cra_priority = 10000, ++ .base.cra_flags = CRYPTO_ALG_ASYNC, ++ .base.cra_blocksize = AES_BLOCK_SIZE, ++ .base.cra_ctxsize = sizeof(struct nss_cryptoapi_ctx), ++ .base.cra_alignmask = 0, ++ .base.cra_module = THIS_MODULE, ++ .init = nss_cryptoapi_skcipher_init, ++ .exit = nss_cryptoapi_skcipher_exit, ++ .min_keysize = AES_MIN_KEY_SIZE, ++ .max_keysize = AES_MAX_KEY_SIZE, ++ .setkey = nss_cryptoapi_skcipher_setkey, ++ .encrypt = nss_cryptoapi_skcipher_encrypt, ++ .decrypt = nss_cryptoapi_skcipher_decrypt, ++ }, ++ { ++ .base.cra_name = "cbc(des3_ede)", ++ .base.cra_driver_name = "nss-cbc-des-ede", ++ .base.cra_priority = 10000, ++ .base.cra_flags = CRYPTO_ALG_ASYNC, ++ .base.cra_blocksize = DES3_EDE_BLOCK_SIZE, ++ .base.cra_ctxsize = sizeof(struct nss_cryptoapi_ctx), ++ .base.cra_alignmask = 0, ++ .base.cra_module = THIS_MODULE, ++ .init = nss_cryptoapi_skcipher_init, ++ .exit = nss_cryptoapi_skcipher_exit, ++ .ivsize = DES3_EDE_BLOCK_SIZE, ++ .min_keysize = DES3_EDE_KEY_SIZE, ++ .max_keysize = DES3_EDE_KEY_SIZE, ++ .setkey = nss_cryptoapi_skcipher_setkey, ++ .encrypt = nss_cryptoapi_skcipher_encrypt, ++ .decrypt = nss_cryptoapi_skcipher_decrypt, + } + }; + #endif +@@ -2215,8 +2189,8 @@ void nss_cryptoapi_add_ctx2debugfs(struc + */ + void nss_cryptoapi_attach_user(void *app_data, struct nss_crypto_user *user) + { +-#if defined(NSS_CRYPTOAPI_ABLK) +- struct crypto_alg *ablk = cryptoapi_ablkcipher_algs; ++#if defined(NSS_CRYPTOAPI_SKCIPHER) ++ struct skcipher_alg *ablk = cryptoapi_skcipher_algs; + #endif + struct aead_alg *aead = cryptoapi_aead_algs; + struct ahash_alg *ahash = cryptoapi_ahash_algs; +@@ -2240,15 +2214,15 @@ void nss_cryptoapi_attach_user(void *app + g_cryptoapi.user = user; + } + +-#if defined(NSS_CRYPTOAPI_ABLK) +- for (i = 0; enable_ablk && (i < ARRAY_SIZE(cryptoapi_ablkcipher_algs)); i++, ablk++) { +- info = nss_cryptoapi_cra_name_lookup(ablk->cra_name); ++#if defined(NSS_CRYPTOAPI_SKCIPHER) ++ for (i = 0; enable_ablk && (i < ARRAY_SIZE(cryptoapi_skcipher_algs)); i++, ablk++) { ++ info = nss_cryptoapi_cra_name_lookup(ablk->base.cra_name); + if(!info || !nss_crypto_algo_is_supp(info->algo)) + continue; + +- if (crypto_register_alg(ablk)) { +- nss_cfi_err("%px: ABLK registration failed(%s)\n", sc, ablk->cra_name); +- ablk->cra_flags = 0; ++ if (crypto_register_skcipher(ablk)) { ++ nss_cfi_err("%px: skcipher registration failed(%s)\n", sc, ablk->base.cra_name); ++ ablk->base.cra_flags = 0; + } + } + #endif +@@ -2287,8 +2261,8 @@ void nss_cryptoapi_attach_user(void *app + */ + void nss_cryptoapi_detach_user(void *app_data, struct nss_crypto_user *user) + { +-#if defined(NSS_CRYPTOAPI_ABLK) +- struct crypto_alg *ablk = cryptoapi_ablkcipher_algs; ++#if defined(NSS_CRYPTOAPI_SKCIPHER) ++ struct skcipher_alg *ablk = cryptoapi_skcipher_algs; + #endif + struct aead_alg *aead = cryptoapi_aead_algs; + struct ahash_alg *ahash = cryptoapi_ahash_algs; +@@ -2302,13 +2276,13 @@ void nss_cryptoapi_detach_user(void *app + */ + atomic_set(&g_cryptoapi.registered, 0); + +-#if defined(NSS_CRYPTOAPI_ABLK) +- for (i = 0; enable_ablk && (i < ARRAY_SIZE(cryptoapi_ablkcipher_algs)); i++, ablk++) { +- if (!ablk->cra_flags) ++#if defined(NSS_CRYPTOAPI_SKCIPHER) ++ for (i = 0; enable_ablk && (i < ARRAY_SIZE(cryptoapi_skcipher_algs)); i++, ablk++) { ++ if (!ablk->base.cra_flags) + continue; + +- crypto_unregister_alg(ablk); +- nss_cfi_info("%px: ABLK unregister succeeded, algo: %s\n", sc, ablk->cra_name); ++ crypto_unregister_skcipher(ablk); ++ nss_cfi_info("%px: skcipher unregister succeeded, algo: %s\n", sc, ablk->base.cra_name); + } + #endif + +--- a/cryptoapi/v2.0/nss_cryptoapi_private.h ++++ b/cryptoapi/v2.0/nss_cryptoapi_private.h +@@ -248,14 +248,14 @@ extern void nss_cryptoapi_aead_tx_proc(s + struct nss_cryptoapi_info *info, bool encrypt); + + /* +- * ABLKCIPHER ++ * SKCIPHER + */ +-#if defined(NSS_CRYPTOAPI_ABLK) +-extern int nss_cryptoapi_ablkcipher_init(struct crypto_tfm *tfm); +-extern void nss_cryptoapi_ablkcipher_exit(struct crypto_tfm *tfm); +-extern int nss_cryptoapi_ablk_setkey(struct crypto_ablkcipher *cipher, const u8 *key, unsigned int len); +-extern int nss_cryptoapi_ablk_encrypt(struct ablkcipher_request *req); +-extern int nss_cryptoapi_ablk_decrypt(struct ablkcipher_request *req); ++#if defined(NSS_CRYPTOAPI_SKCIPHER) ++extern int nss_cryptoapi_skcipher_init(struct crypto_skcipher *tfm); ++extern void nss_cryptoapi_skcipher_exit(struct crypto_skcipher *tfm); ++extern int nss_cryptoapi_skcipher_setkey(struct crypto_skcipher *cipher, const u8 *key, unsigned int len); ++extern int nss_cryptoapi_skcipher_encrypt(struct skcipher_request *req); ++extern int nss_cryptoapi_skcipher_decrypt(struct skcipher_request *req); + extern void nss_cryptoapi_copy_iv(struct nss_cryptoapi_ctx *ctx, struct scatterlist *sg, uint8_t *iv, uint8_t iv_len); + #endif + +--- a/cryptoapi/v2.0/nss_cryptoapi_ablk.c ++++ /dev/null +@@ -1,458 +0,0 @@ +-/* Copyright (c) 2015-2020 The Linux Foundation. All rights reserved. +- * Copyright (c) 2022 Qualcomm Innovation Center, Inc. All rights reserved. +- * +- * Permission to use, copy, modify, and/or distribute this software for any +- * purpose with or without fee is hereby granted, provided that the above +- * copyright notice and this permission notice appear in all copies. +- * +- * +- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +- * AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT +- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +- * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +- * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +- * PERFORMANCE OF THIS SOFTWARE. +- * +- * +- */ +- +-/** +- * nss_cryptoapi_ablk.c +- * Interface to communicate Native Linux crypto framework specific data +- * to Crypto core specific data +- */ +- +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +- +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +- +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include "nss_cryptoapi_private.h" +- +-extern struct nss_cryptoapi g_cryptoapi; +- +-/* +- * nss_cryptoapi_skcipher_ctx2session() +- * Cryptoapi function to get the session ID for an skcipher +- */ +-int nss_cryptoapi_skcipher_ctx2session(struct crypto_skcipher *sk, uint32_t *sid) +-{ +- struct crypto_tfm *tfm = crypto_skcipher_tfm(sk); +- struct crypto_ablkcipher **actx, *ablk; +- struct ablkcipher_tfm *ablk_tfm; +- struct nss_cryptoapi_ctx *ctx; +- +- if (strncmp("nss-", crypto_tfm_alg_driver_name(tfm), 4)) +- return -EINVAL; +- +- /* Get the ablkcipher from the skcipher */ +- actx = crypto_skcipher_ctx(sk); +- if (!actx || !(*actx)) +- return -EINVAL; +- +- /* +- * The ablkcipher now obtained is a wrapper around the actual +- * ablkcipher that is created when the skcipher is created. +- * Hence we derive the required ablkcipher through ablkcipher_tfm. +- */ +- ablk_tfm = crypto_ablkcipher_crt(*actx); +- if (!ablk_tfm) +- return -EINVAL; +- +- ablk = ablk_tfm->base; +- if (!ablk) +- return -EINVAL; +- +- /* Get the nss_cryptoapi context stored in the ablkcipher */ +- ctx = crypto_ablkcipher_ctx(ablk); +- +- BUG_ON(!ctx); +- NSS_CRYPTOAPI_VERIFY_MAGIC(ctx); +- +- *sid = ctx->sid; +- return 0; +-} +-EXPORT_SYMBOL(nss_cryptoapi_skcipher_ctx2session); +- +-/* +- * nss_cryptoapi_ablkcipher_init() +- * Cryptoapi ablkcipher init function. +- */ +-int nss_cryptoapi_ablkcipher_init(struct crypto_tfm *tfm) +-{ +- struct nss_cryptoapi_ctx *ctx = crypto_tfm_ctx(tfm); +- +- BUG_ON(!ctx); +- NSS_CRYPTOAPI_SET_MAGIC(ctx); +- +- memset(ctx, 0, sizeof(struct nss_cryptoapi_ctx)); +- +- ctx->user = g_cryptoapi.user; +- ctx->stats.init++; +- ctx->sid = NSS_CRYPTO_SESSION_MAX; +- init_completion(&ctx->complete); +- +- return 0; +-} +- +-/* +- * nss_cryptoapi_ablkcipher_exit() +- * Cryptoapi ablkcipher exit function. +- */ +-void nss_cryptoapi_ablkcipher_exit(struct crypto_tfm *tfm) +-{ +- struct nss_cryptoapi_ctx *ctx = crypto_tfm_ctx(tfm); +- int ret; +- +- BUG_ON(!ctx); +- NSS_CRYPTOAPI_VERIFY_MAGIC(ctx); +- +- ctx->stats.exit++; +- +- /* +- * When fallback_req is set, it means that fallback tfm was used +- * we didn't create any sessions. +- */ +- if (ctx->fallback_req) { +- ctx->stats.failed_fallback++; +- return; +- } +- +- if (!atomic_read(&ctx->active)) { +- ctx->stats.failed_exit++; +- return; +- } +- +- /* +- * Mark cryptoapi context as inactive +- */ +- atomic_set(&ctx->active, 0); +- +- if (!atomic_sub_and_test(1, &ctx->refcnt)) { +- /* +- * We need to wait for any outstanding packet using this ctx. +- * Once the last packet get processed, reference count will become +- * 0 this ctx. We will wait for the reference to go down to 0. +- */ +- ret = wait_for_completion_timeout(&ctx->complete, NSS_CRYPTOAPI_REQ_TIMEOUT_TICKS); +- WARN_ON(!ret); +- } +- +- if (ctx->sid != NSS_CRYPTO_SESSION_MAX) { +- nss_crypto_session_free(ctx->user, ctx->sid); +- debugfs_remove_recursive(ctx->dentry); +- ctx->sid = NSS_CRYPTO_SESSION_MAX; +- } +- +- NSS_CRYPTOAPI_CLEAR_MAGIC(ctx); +-} +- +-/* +- * nss_cryptoapi_ablk_setkey() +- * Cryptoapi setkey routine for aes. +- */ +-int nss_cryptoapi_ablk_setkey(struct crypto_ablkcipher *cipher, const u8 *key, unsigned int keylen) +-{ +- struct crypto_tfm *tfm = crypto_ablkcipher_tfm(cipher); +- struct nss_cryptoapi_ctx *ctx = crypto_tfm_ctx(tfm); +- struct nss_crypto_session_data data = {0}; +- int status; +- +- /* +- * Validate magic number - init should be called before setkey +- */ +- NSS_CRYPTOAPI_VERIFY_MAGIC(ctx); +- +- ctx->info = nss_cryptoapi_cra_name2info(crypto_tfm_alg_name(tfm), keylen, 0); +- if (!ctx->info) { +- crypto_ablkcipher_set_flags(cipher, CRYPTO_TFM_RES_BAD_KEY_LEN); +- return -EINVAL; +- } +- +- ctx->iv_size = crypto_ablkcipher_ivsize(cipher); +- +- if (ctx->info->cipher_mode == NSS_CRYPTOAPI_CIPHER_MODE_CTR_RFC3686) { +- keylen = keylen - CTR_RFC3686_NONCE_SIZE; +- memcpy(ctx->ctx_iv, key + keylen, CTR_RFC3686_NONCE_SIZE); +- ctx->ctx_iv[3] = ntohl(0x1); +- ctx->iv_size += CTR_RFC3686_NONCE_SIZE + sizeof(uint32_t); +- } +- +- /* +- * Fill NSS crypto session data +- */ +- data.algo = ctx->info->algo; +- data.cipher_key = key; +- +- if (data.algo >= NSS_CRYPTO_CMN_ALGO_MAX) +- return -ERANGE; +- +- if (ctx->sid != NSS_CRYPTO_SESSION_MAX) { +- nss_crypto_session_free(ctx->user, ctx->sid); +- debugfs_remove_recursive(ctx->dentry); +- ctx->sid = NSS_CRYPTO_SESSION_MAX; +- } +- +- status = nss_crypto_session_alloc(ctx->user, &data, &ctx->sid); +- if (status < 0) { +- nss_cfi_err("%px: Unable to allocate crypto session(%d)\n", ctx, status); +- crypto_ablkcipher_set_flags(cipher, CRYPTO_TFM_RES_BAD_FLAGS); +- return status; +- } +- +- nss_cryptoapi_add_ctx2debugfs(ctx); +- atomic_set(&ctx->active, 1); +- atomic_set(&ctx->refcnt, 1); +- return 0; +-} +- +-/* +- * nss_cryptoapi_ablkcipher_done() +- * Cipher operation completion callback function +- */ +-void nss_cryptoapi_ablkcipher_done(void *app_data, struct nss_crypto_hdr *ch, uint8_t status) +-{ +- struct ablkcipher_request *req = app_data; +- struct nss_cryptoapi_ctx *ctx = crypto_tfm_ctx(req->base.tfm); +- int error; +- +- BUG_ON(!ch); +- +- /* +- * Check cryptoapi context magic number. +- */ +- NSS_CRYPTOAPI_VERIFY_MAGIC(ctx); +- +- /* +- * For skcipher decryption case, the last block of encrypted data is used as +- * an IV for the next data +- */ +- if (ch->op == NSS_CRYPTO_OP_DIR_ENC) { +- nss_cryptoapi_copy_iv(ctx, req->dst, req->info, ch->iv_len); +- } +- +- /* +- * Free crypto hdr +- */ +- nss_crypto_hdr_free(ctx->user, ch); +- +- nss_cfi_dbg("data dump after transformation\n"); +- nss_cfi_dbg_data(sg_virt(req->dst), req->nbytes, ' '); +- +- /* +- * Check if there is any error reported by hardware +- */ +- error = nss_cryptoapi_status2error(ctx, status); +- ctx->stats.completed++; +- +- /* +- * Decrement cryptoapi reference +- */ +- nss_cryptoapi_ref_dec(ctx); +- req->base.complete(&req->base, error); +-} +- +-/* +- * nss_cryptoapi_ablk_encrypt() +- * Crytoapi encrypt for AES and 3DES algorithms. +- */ +-int nss_cryptoapi_ablk_encrypt(struct ablkcipher_request *req) +-{ +- struct nss_cryptoapi_info info = {.op_dir = NSS_CRYPTO_OP_DIR_ENC}; +- struct crypto_ablkcipher *cipher = crypto_ablkcipher_reqtfm(req); +- struct nss_cryptoapi_ctx *ctx = crypto_ablkcipher_ctx(cipher); +- struct crypto_tfm *tfm = req->base.tfm; +- struct scatterlist *cur; +- int tot_len = 0; +- int i; +- +- /* +- * Check cryptoapi context magic number. +- */ +- NSS_CRYPTOAPI_VERIFY_MAGIC(ctx); +- +- /* +- * Check if cryptoapi context is active or not +- */ +- if (!atomic_read(&ctx->active)) +- return -EINVAL; +- +- if (sg_nents(req->src) != sg_nents(req->dst)) { +- ctx->stats.failed_req++; +- return -EINVAL; +- } +- +- /* +- * Block size not aligned. +- * AES-CTR requires only a one-byte block size alignment. +- */ +- if (!IS_ALIGNED(req->nbytes, crypto_tfm_alg_blocksize(tfm)) && ctx->info->blk_align) { +- ctx->stats.failed_align++; +- crypto_ablkcipher_set_flags(cipher, CRYPTO_TFM_RES_BAD_BLOCK_LEN); +- return -EFAULT; +- } +- +- /* +- * Fill the request information structure +- */ +- info.iv = req->info; +- info.src.nsegs = sg_nents(req->src); +- info.dst.nsegs = sg_nents(req->dst); +- info.op_dir = NSS_CRYPTO_OP_DIR_ENC; +- info.cb = nss_cryptoapi_ablkcipher_done; +- info.iv_size = ctx->iv_size; +- info.src.first_sg = req->src; +- info.dst.first_sg = req->dst; +- info.dst.last_sg = sg_last(req->dst, info.dst.nsegs); +- +- /* out and in length will be same as ablk does only encrypt/decryt operation */ +- info.total_in_len = info.total_out_len = req->nbytes; +- info.in_place = (req->src == req->dst) ? true : false; +- +- /* +- * The exact length of data that needs to be ciphered for an ABLK +- * request is stored in req->nbytes. Hence we may have to reduce +- * the DMA length to what is specified in req->nbytes and later +- * restore the length of scatterlist back to its original value. +- */ +- for_each_sg(req->src, cur, info.src.nsegs, i) { +- if (!cur) +- break; +- +- tot_len += cur->length; +- if (!sg_next(cur)) +- break; +- } +- +- /* +- * We only support (2^16 - 1) length. +- */ +- if (tot_len > U16_MAX) { +- ctx->stats.failed_len++; +- return -EFBIG; +- } +- +- info.src.last_sg = cur; +- info.ahash_skip = tot_len - req->nbytes; +- +- if (!atomic_inc_not_zero(&ctx->refcnt)) +- return -ENOENT; +- +- return nss_cryptoapi_transform(ctx, &info, (void *)req, false); +-} +- +-/* +- * nss_cryptoapi_ablk_decrypt() +- * Crytoapi decrypt for AES and 3DES CBC algorithms. +- */ +-int nss_cryptoapi_ablk_decrypt(struct ablkcipher_request *req) +-{ +- struct nss_cryptoapi_info info = {.op_dir = NSS_CRYPTO_OP_DIR_DEC}; +- struct crypto_ablkcipher *cipher = crypto_ablkcipher_reqtfm(req); +- struct nss_cryptoapi_ctx *ctx = crypto_ablkcipher_ctx(cipher); +- struct crypto_tfm *tfm = req->base.tfm; +- struct scatterlist *cur; +- int tot_len = 0; +- int i; +- +- /* +- * Check cryptoapi context magic number. +- */ +- NSS_CRYPTOAPI_VERIFY_MAGIC(ctx); +- +- /* +- * Check if cryptoapi context is active or not +- */ +- if (!atomic_read(&ctx->active)) +- return -EINVAL; +- +- if (sg_nents(req->src) != sg_nents(req->dst)) { +- ctx->stats.failed_req++; +- return -EINVAL; +- } +- +- /* +- * Block size not aligned +- */ +- if (!IS_ALIGNED(req->nbytes, crypto_tfm_alg_blocksize(tfm)) && ctx->info->blk_align) { +- ctx->stats.failed_align++; +- crypto_ablkcipher_set_flags(cipher, CRYPTO_TFM_RES_BAD_BLOCK_LEN); +- return -EFAULT; +- } +- +- /* +- * Fill the request information structure +- * Note: For CTR mode, IV size will be set to AES_BLOCK_SIZE. +- * This is because linux gives iv size as 8 while we need to alloc 16 bytes +- * in crypto hdr to accomodate +- * - 4 bytes of nonce +- * - 8 bytes of IV +- * - 4 bytes of initial counter +- */ +- info.iv = req->info; +- info.src.nsegs = sg_nents(req->src); +- info.dst.nsegs = sg_nents(req->dst); +- info.iv_size = ctx->iv_size; +- info.op_dir = NSS_CRYPTO_OP_DIR_DEC; +- info.cb = nss_cryptoapi_ablkcipher_done; +- info.src.first_sg = req->src; +- info.dst.first_sg = req->dst; +- info.dst.last_sg = sg_last(req->dst, info.dst.nsegs); +- +- /* out and in length will be same as ablk does only encrypt/decryt operation */ +- info.total_in_len = info.total_out_len = req->nbytes; +- info.in_place = (req->src == req->dst) ? true : false; +- +- /* +- * The exact length of data that needs to be ciphered for an ABLK +- * request is stored in req->nbytes. Hence we may have to reduce +- * the DMA length to what is specified in req->nbytes and later +- * restore the length of scatterlist back to its original value. +- */ +- for_each_sg(req->src, cur, info.src.nsegs, i) { +- tot_len += cur->length; +- if (!sg_next(cur)) +- break; +- } +- +- /* +- * We only support (2^16 - 1) length. +- */ +- if (tot_len > U16_MAX) { +- ctx->stats.failed_len++; +- return -EFBIG; +- } +- +- info.ahash_skip = tot_len - req->nbytes; +- info.src.last_sg = cur; +- +- if (!atomic_inc_not_zero(&ctx->refcnt)) +- return -ENOENT; +- +- return nss_cryptoapi_transform(ctx, &info, (void *)req, false); +-} +--- /dev/null ++++ b/cryptoapi/v2.0/nss_cryptoapi_skcipher.c +@@ -0,0 +1,438 @@ ++/* Copyright (c) 2015-2020 The Linux Foundation. All rights reserved. ++ * Copyright (c) 2022 Qualcomm Innovation Center, Inc. All rights reserved. ++ * ++ * Permission to use, copy, modify, and/or distribute this software for any ++ * purpose with or without fee is hereby granted, provided that the above ++ * copyright notice and this permission notice appear in all copies. ++ * ++ * ++ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES ++ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY ++ * AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT ++ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM ++ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE ++ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR ++ * PERFORMANCE OF THIS SOFTWARE. ++ * ++ * ++ */ ++ ++/** ++ * nss_cryptoapi_ablk.c ++ * Interface to communicate Native Linux crypto framework specific data ++ * to Crypto core specific data ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++#include ++#include ++#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 11, 0) ++#include ++#else ++#include ++#include ++#endif ++#include ++#include ++#include ++#include ++#include ++#include ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include "nss_cryptoapi_private.h" ++ ++extern struct nss_cryptoapi g_cryptoapi; ++ ++/* ++ * nss_cryptoapi_skcipher_ctx2session() ++ * Cryptoapi function to get the session ID for an skcipher ++ */ ++int nss_cryptoapi_skcipher_ctx2session(struct crypto_skcipher *sk, uint32_t *sid) ++{ ++ struct crypto_tfm *tfm = crypto_skcipher_tfm(sk); ++ struct nss_cryptoapi_ctx *ctx; ++ ++ if (strncmp("nss-", crypto_tfm_alg_driver_name(tfm), 4)) ++ return -EINVAL; ++ ++ /* Get the nss_cryptoapi context stored in skcipher */ ++ ctx = crypto_skcipher_ctx(sk); ++ BUG_ON(!ctx); ++ NSS_CRYPTOAPI_VERIFY_MAGIC(ctx); ++ ++ *sid = ctx->sid; ++ return 0; ++} ++EXPORT_SYMBOL(nss_cryptoapi_skcipher_ctx2session); ++ ++/* ++ * nss_cryptoapi_skcipher_init() ++ * Cryptoapi skcipher init function. ++ */ ++int nss_cryptoapi_skcipher_init(struct crypto_skcipher *tfm) ++{ ++ struct nss_cryptoapi_ctx *ctx = crypto_skcipher_ctx(tfm); ++ ++ BUG_ON(!ctx); ++ NSS_CRYPTOAPI_SET_MAGIC(ctx); ++ ++ memset(ctx, 0, sizeof(struct nss_cryptoapi_ctx)); ++ ++ ctx->user = g_cryptoapi.user; ++ ctx->stats.init++; ++ ctx->sid = NSS_CRYPTO_SESSION_MAX; ++ init_completion(&ctx->complete); ++ ++ return 0; ++} ++ ++/* ++ * nss_cryptoapi_skcipher_exit() ++ * Cryptoapi skcipher exit function. ++ */ ++void nss_cryptoapi_skcipher_exit(struct crypto_skcipher *tfm) ++{ ++ struct nss_cryptoapi_ctx *ctx = crypto_skcipher_ctx(tfm); ++ int ret; ++ ++ BUG_ON(!ctx); ++ NSS_CRYPTOAPI_VERIFY_MAGIC(ctx); ++ ++ ctx->stats.exit++; ++ ++ /* ++ * When fallback_req is set, it means that fallback tfm was used ++ * we didn't create any sessions. ++ */ ++ if (ctx->fallback_req) { ++ ctx->stats.failed_fallback++; ++ return; ++ } ++ ++ if (!atomic_read(&ctx->active)) { ++ ctx->stats.failed_exit++; ++ return; ++ } ++ ++ /* ++ * Mark cryptoapi context as inactive ++ */ ++ atomic_set(&ctx->active, 0); ++ ++ if (!atomic_sub_and_test(1, &ctx->refcnt)) { ++ /* ++ * We need to wait for any outstanding packet using this ctx. ++ * Once the last packet get processed, reference count will become ++ * 0 this ctx. We will wait for the reference to go down to 0. ++ */ ++ ret = wait_for_completion_timeout(&ctx->complete, NSS_CRYPTOAPI_REQ_TIMEOUT_TICKS); ++ WARN_ON(!ret); ++ } ++ ++ if (ctx->sid != NSS_CRYPTO_SESSION_MAX) { ++ nss_crypto_session_free(ctx->user, ctx->sid); ++ debugfs_remove_recursive(ctx->dentry); ++ ctx->sid = NSS_CRYPTO_SESSION_MAX; ++ } ++ ++ NSS_CRYPTOAPI_CLEAR_MAGIC(ctx); ++} ++ ++/* ++ * nss_cryptoapi_skcipher_setkey() ++ * Cryptoapi setkey routine for aes. ++ */ ++int nss_cryptoapi_skcipher_setkey(struct crypto_skcipher *cipher, const u8 *key, unsigned int keylen) ++{ ++ struct crypto_tfm *tfm = crypto_skcipher_tfm(cipher); ++ struct nss_cryptoapi_ctx *ctx = crypto_skcipher_ctx(cipher); ++ struct nss_crypto_session_data data = {0}; ++ int status; ++ ++ /* ++ * Validate magic number - init should be called before setkey ++ */ ++ NSS_CRYPTOAPI_VERIFY_MAGIC(ctx); ++ ++ ctx->info = nss_cryptoapi_cra_name2info(crypto_tfm_alg_name(tfm), keylen, 0); ++ if (!ctx->info) { ++ return -EINVAL; ++ } ++ ++ ctx->iv_size = crypto_skcipher_ivsize(cipher); ++ ++ if (ctx->info->cipher_mode == NSS_CRYPTOAPI_CIPHER_MODE_CTR_RFC3686) { ++ keylen = keylen - CTR_RFC3686_NONCE_SIZE; ++ memcpy(ctx->ctx_iv, key + keylen, CTR_RFC3686_NONCE_SIZE); ++ ctx->ctx_iv[3] = ntohl(0x1); ++ ctx->iv_size += CTR_RFC3686_NONCE_SIZE + sizeof(uint32_t); ++ } ++ ++ /* ++ * Fill NSS crypto session data ++ */ ++ data.algo = ctx->info->algo; ++ data.cipher_key = key; ++ ++ if (data.algo >= NSS_CRYPTO_CMN_ALGO_MAX) ++ return -ERANGE; ++ ++ if (ctx->sid != NSS_CRYPTO_SESSION_MAX) { ++ nss_crypto_session_free(ctx->user, ctx->sid); ++ debugfs_remove_recursive(ctx->dentry); ++ ctx->sid = NSS_CRYPTO_SESSION_MAX; ++ } ++ ++ status = nss_crypto_session_alloc(ctx->user, &data, &ctx->sid); ++ if (status < 0) { ++ nss_cfi_err("%px: Unable to allocate crypto session(%d)\n", ctx, status); ++ return status; ++ } ++ ++ nss_cryptoapi_add_ctx2debugfs(ctx); ++ atomic_set(&ctx->active, 1); ++ atomic_set(&ctx->refcnt, 1); ++ return 0; ++} ++ ++/* ++ * nss_cryptoapi_skcipher_done() ++ * Cipher operation completion callback function ++ */ ++void nss_cryptoapi_skcipher_done(void *app_data, struct nss_crypto_hdr *ch, uint8_t status) ++{ ++ struct skcipher_request *req = app_data; ++ struct nss_cryptoapi_ctx *ctx = skcipher_request_ctx(req); ++ int error; ++ ++ BUG_ON(!ch); ++ ++ /* ++ * Check cryptoapi context magic number. ++ */ ++ NSS_CRYPTOAPI_VERIFY_MAGIC(ctx); ++ ++ /* ++ * For skcipher decryption case, the last block of encrypted data is used as ++ * an IV for the next data ++ */ ++ if (ch->op == NSS_CRYPTO_OP_DIR_ENC) { ++ nss_cryptoapi_copy_iv(ctx, req->dst, req->iv, ch->iv_len); ++ } ++ ++ /* ++ * Free crypto hdr ++ */ ++ nss_crypto_hdr_free(ctx->user, ch); ++ ++ nss_cfi_dbg("data dump after transformation\n"); ++ nss_cfi_dbg_data(sg_virt(req->dst), req->cryptlen, ' '); ++ ++ /* ++ * Check if there is any error reported by hardware ++ */ ++ error = nss_cryptoapi_status2error(ctx, status); ++ ctx->stats.completed++; ++ ++ /* ++ * Decrement cryptoapi reference ++ */ ++ nss_cryptoapi_ref_dec(ctx); ++ req->base.complete(&req->base, error); ++} ++ ++/* ++ * nss_cryptoapi_skcipher_encrypt() ++ * Crytoapi encrypt for AES and 3DES algorithms. ++ */ ++int nss_cryptoapi_skcipher_encrypt(struct skcipher_request *req) ++{ ++ struct nss_cryptoapi_info info = {.op_dir = NSS_CRYPTO_OP_DIR_ENC}; ++ struct crypto_skcipher *cipher = crypto_skcipher_reqtfm(req); ++ struct nss_cryptoapi_ctx *ctx = crypto_skcipher_ctx(cipher); ++ struct crypto_tfm *tfm = req->base.tfm; ++ struct scatterlist *cur; ++ int tot_len = 0; ++ int i; ++ ++ /* ++ * Check cryptoapi context magic number. ++ */ ++ NSS_CRYPTOAPI_VERIFY_MAGIC(ctx); ++ ++ /* ++ * Check if cryptoapi context is active or not ++ */ ++ if (!atomic_read(&ctx->active)) ++ return -EINVAL; ++ ++ if (sg_nents(req->src) != sg_nents(req->dst)) { ++ ctx->stats.failed_req++; ++ return -EINVAL; ++ } ++ ++ /* ++ * Block size not aligned. ++ * AES-CTR requires only a one-byte block size alignment. ++ */ ++ if (!IS_ALIGNED(req->cryptlen, crypto_tfm_alg_blocksize(tfm)) && ctx->info->blk_align) { ++ ctx->stats.failed_align++; ++ return -EFAULT; ++ } ++ ++ /* ++ * Fill the request information structure ++ */ ++ info.iv = req->iv; ++ info.src.nsegs = sg_nents(req->src); ++ info.dst.nsegs = sg_nents(req->dst); ++ info.op_dir = NSS_CRYPTO_OP_DIR_ENC; ++ info.cb = nss_cryptoapi_skcipher_done; ++ info.iv_size = ctx->iv_size; ++ info.src.first_sg = req->src; ++ info.dst.first_sg = req->dst; ++ info.dst.last_sg = sg_last(req->dst, info.dst.nsegs); ++ ++ /* out and in length will be same as ablk does only encrypt/decryt operation */ ++ info.total_in_len = info.total_out_len = req->cryptlen; ++ info.in_place = (req->src == req->dst) ? true : false; ++ ++ /* ++ * The exact length of data that needs to be ciphered for an ABLK ++ * request is stored in req->cryptlen. Hence we may have to reduce ++ * the DMA length to what is specified in req->cryptlen and later ++ * restore the length of scatterlist back to its original value. ++ */ ++ for_each_sg(req->src, cur, info.src.nsegs, i) { ++ if (!cur) ++ break; ++ ++ tot_len += cur->length; ++ if (!sg_next(cur)) ++ break; ++ } ++ ++ /* ++ * We only support (2^16 - 1) length. ++ */ ++ if (tot_len > U16_MAX) { ++ ctx->stats.failed_len++; ++ return -EFBIG; ++ } ++ ++ info.src.last_sg = cur; ++ info.ahash_skip = tot_len - req->cryptlen; ++ ++ if (!atomic_inc_not_zero(&ctx->refcnt)) ++ return -ENOENT; ++ ++ return nss_cryptoapi_transform(ctx, &info, (void *)req, false); ++} ++ ++/* ++ * nss_cryptoapi_skcipher_decrypt() ++ * Crytoapi decrypt for AES and 3DES CBC algorithms. ++ */ ++int nss_cryptoapi_skcipher_decrypt(struct skcipher_request *req) ++{ ++ struct nss_cryptoapi_info info = {.op_dir = NSS_CRYPTO_OP_DIR_DEC}; ++ struct crypto_skcipher *cipher = crypto_skcipher_reqtfm(req); ++ struct nss_cryptoapi_ctx *ctx = crypto_skcipher_ctx(cipher); ++ struct crypto_tfm *tfm = req->base.tfm; ++ struct scatterlist *cur; ++ int tot_len = 0; ++ int i; ++ ++ /* ++ * Check cryptoapi context magic number. ++ */ ++ NSS_CRYPTOAPI_VERIFY_MAGIC(ctx); ++ ++ /* ++ * Check if cryptoapi context is active or not ++ */ ++ if (!atomic_read(&ctx->active)) ++ return -EINVAL; ++ ++ if (sg_nents(req->src) != sg_nents(req->dst)) { ++ ctx->stats.failed_req++; ++ return -EINVAL; ++ } ++ ++ /* ++ * Block size not aligned ++ */ ++ if (!IS_ALIGNED(req->cryptlen, crypto_tfm_alg_blocksize(tfm)) && ctx->info->blk_align) { ++ ctx->stats.failed_align++; ++ return -EFAULT; ++ } ++ ++ /* ++ * Fill the request information structure ++ * Note: For CTR mode, IV size will be set to AES_BLOCK_SIZE. ++ * This is because linux gives iv size as 8 while we need to alloc 16 bytes ++ * in crypto hdr to accomodate ++ * - 4 bytes of nonce ++ * - 8 bytes of IV ++ * - 4 bytes of initial counter ++ */ ++ info.iv = req->iv; ++ info.src.nsegs = sg_nents(req->src); ++ info.dst.nsegs = sg_nents(req->dst); ++ info.iv_size = ctx->iv_size; ++ info.op_dir = NSS_CRYPTO_OP_DIR_DEC; ++ info.cb = nss_cryptoapi_skcipher_done; ++ info.src.first_sg = req->src; ++ info.dst.first_sg = req->dst; ++ info.dst.last_sg = sg_last(req->dst, info.dst.nsegs); ++ ++ /* out and in length will be same as ablk does only encrypt/decryt operation */ ++ info.total_in_len = info.total_out_len = req->cryptlen; ++ info.in_place = (req->src == req->dst) ? true : false; ++ ++ /* ++ * The exact length of data that needs to be ciphered for an ABLK ++ * request is stored in req->cryptlen. Hence we may have to reduce ++ * the DMA length to what is specified in req->cryptlen and later ++ * restore the length of scatterlist back to its original value. ++ */ ++ for_each_sg(req->src, cur, info.src.nsegs, i) { ++ tot_len += cur->length; ++ if (!sg_next(cur)) ++ break; ++ } ++ ++ /* ++ * We only support (2^16 - 1) length. ++ */ ++ if (tot_len > U16_MAX) { ++ ctx->stats.failed_len++; ++ return -EFBIG; ++ } ++ ++ info.ahash_skip = tot_len - req->cryptlen; ++ info.src.last_sg = cur; ++ ++ if (!atomic_inc_not_zero(&ctx->refcnt)) ++ return -ENOENT; ++ ++ return nss_cryptoapi_transform(ctx, &info, (void *)req, false); ++} diff --git a/package/qca/qca-nss-clients/Makefile b/package/qca/qca-nss-clients/Makefile new file mode 100644 index 000000000..f9ac295f7 --- /dev/null +++ b/package/qca/qca-nss-clients/Makefile @@ -0,0 +1,610 @@ +include $(TOPDIR)/rules.mk + +PKG_NAME:=qca-nss-clients +PKG_RELEASE:=1 + +PKG_SOURCE_PROTO:=git +PKG_SOURCE_DATE:=2023-10-04 +PKG_SOURCE_URL:=https://git.codelinaro.org/clo/qsdk/oss/lklm/nss-clients.git +PKG_SOURCE_VERSION:=f058ae199b42f30be9925b2ed1ce53afb128200c +PKG_MIRROR_HASH:=90401b577a7750d3b7eadb423700aab7e1da1af392637598e08f6007f23a92e1 + +PKG_BUILD_PARALLEL:=1 + +include $(INCLUDE_DIR)/kernel.mk +include $(INCLUDE_DIR)/package.mk + +ifeq ($(CONFIG_TARGET_SUBTARGET), "ipq807x") + SOC="ipq807x_64" + subtarget:=$(CONFIG_TARGET_SUBTARGET) +else ifeq ($(CONFIG_TARGET_SUBTARGET), "ipq60xx") + SOC="ipq60xx_64" + subtarget:=$(CONFIG_TARGET_SUBTARGET) +endif + +ifneq (, $(findstring $(subtarget), "ipq807x" "ipq60xx")) + DTLSMGR_DIR:=v2.0 + IPSECMGR_DIR:=v2.0 + IPSECMGR_KLIPS:= $(PKG_BUILD_DIR)/ipsecmgr/$(IPSECMGR_DIR)/plugins/klips/qca-nss-ipsec-klips.ko +endif + +define KernelPackage/qca-nss-drv-gre + SECTION:=kernel + CATEGORY:=Kernel modules + SUBMENU:=Network Devices + TITLE:=Kernel driver for NSS (connection manager) - GRE + DEPENDS:=@TARGET_qualcommax +@NSS_DRV_GRE_ENABLE +kmod-gre6 \ + +PACKAGE_kmod-qca-nss-drv:kmod-qca-nss-drv + FILES:= \ + $(PKG_BUILD_DIR)/gre/qca-nss-gre.ko \ + $(PKG_BUILD_DIR)/gre/test/qca-nss-gre-test.ko + AUTOLOAD:=$(call AutoLoad,51,qca-nss-gre) +endef + +define KernelPackage/qca-nss-drv-gre/description +Kernel modules for NSS connection manager - Support for GRE +endef + +define KernelPackage/qca-nss-drv-l2tpv2 + SECTION:=kernel + CATEGORY:=Kernel modules + SUBMENU:=Network Devices + TITLE:=Kernel driver for NSS (connection manager) - l2tp + DEPENDS:=@NSS_DRV_L2TP_ENABLE +kmod-ppp +kmod-l2tp \ + +PACKAGE_kmod-qca-nss-drv:kmod-qca-nss-drv + FILES:=$(PKG_BUILD_DIR)/l2tp/l2tpv2/qca-nss-l2tpv2.ko + KCONFIG:=CONFIG_L2TP=y + AUTOLOAD:=$(call AutoLoad,51,qca-nss-l2tpv2) +endef + +define KernelPackage/qca-nss-drv-l2tp/description +Kernel modules for NSS connection manager - Support for l2tp tunnel +endef + +define KernelPackage/qca-nss-drv-pptp + SECTION:=kernel + CATEGORY:=Kernel modules + SUBMENU:=Network Devices + TITLE:=Kernel driver for NSS (connection manager) - PPTP + DEPENDS:=+@NSS_DRV_PPTP_ENABLE +kmod-pptp \ + +PACKAGE_kmod-qca-nss-drv:kmod-qca-nss-drv + FILES:=$(PKG_BUILD_DIR)/pptp/qca-nss-pptp.ko + AUTOLOAD:=$(call AutoLoad,51,qca-nss-pptp) +endef + +define KernelPackage/qca-nss-drv-pptp/description +Kernel modules for NSS connection manager - Support for PPTP tunnel +endef + +define KernelPackage/qca-nss-drv-pppoe + SECTION:=kernel + CATEGORY:=Kernel modules + SUBMENU:=Network Devices + TITLE:=Kernel driver for NSS (connection manager) - PPPoE + DEPENDS:=+@NSS_DRV_PPPOE_ENABLE +kmod-ppp +kmod-pppoe \ + +PACKAGE_kmod-bonding:kmod-bonding \ + +PACKAGE_kmod-qca-nss-drv:kmod-qca-nss-drv + FILES:=$(PKG_BUILD_DIR)/pppoe/qca-nss-pppoe.ko + AUTOLOAD:=$(call AutoLoad,51,qca-nss-pppoe) +endef + +define KernelPackage/qca-nss-drv-pppoe/Description +Kernel modules for NSS connection manager - Support for PPPoE +endef + +define KernelPackage/qca-nss-drv-map-t + SECTION:=kernel + CATEGORY:=Kernel modules + SUBMENU:=Network Devices + TITLE:=Kernel driver for NSS (connection manager) - MAP-T + DEPENDS:=+@NSS_DRV_MAPT_ENABLE \ + +PACKAGE_kmod-nat46:kmod-nat46 \ + +PACKAGE_kmod-qca-nss-drv:kmod-qca-nss-drv + FILES:=$(PKG_BUILD_DIR)/map/map-t/qca-nss-map-t.ko + AUTOLOAD:=$(call AutoLoad,51,qca-nss-map-t) +endef + +define KernelPackage/qca-nss-drv-map-t/description +Kernel modules for NSS connection manager - Support for MAP-T +endef + +define KernelPackage/qca-nss-drv-tun6rd + SECTION:=kernel + CATEGORY:=Kernel modules + SUBMENU:=Network Devices + TITLE:=Kernel driver for NSS (connection manager) - tun6rd + DEPENDS:=+@NSS_DRV_TUN6RD_ENABLE +kmod-sit +6rd \ + +PACKAGE_kmod-qca-nss-drv:kmod-qca-nss-drv + FILES:=$(PKG_BUILD_DIR)/qca-nss-tun6rd.ko + AUTOLOAD:=$(call AutoLoad,60,qca-nss-tun6rd) +endef + +define KernelPackage/qca-nss-drv-tun6rd/description +Kernel modules for NSS connection manager - Support for 6rd tunnel +endef + +define KernelPackage/qca-nss-drv-tunipip6 + SECTION:=kernel + CATEGORY:=Kernel modules + SUBMENU:=Network Devices + TITLE:=Kernel driver for NSS (connection manager) - DS-lite and ipip6 Tunnel + DEPENDS:=+@NSS_DRV_TUNIPIP6_ENABLE +kmod-iptunnel6 +kmod-ip6-tunnel \ + +PACKAGE_kmod-qca-nss-drv:kmod-qca-nss-drv + FILES:=$(PKG_BUILD_DIR)/tunipip6/qca-nss-tunipip6.ko + AUTOLOAD:=$(call AutoLoad,60,qca-nss-tunipip6) +endef + +define KernelPackage/qca-nss-drv-tunipip6/description +Kernel modules for NSS connection manager +Add support for DS-lite and ipip6 tunnel +endef + +define KernelPackage/qca-nss-drv-bridge-mgr + SECTION:=kernel + CATEGORY:=Kernel modules + SUBMENU:=Network Devices + TITLE:=Kernel driver for NSS bridge manager + DEPENDS:=@TARGET_qualcommax \ + +kmod-qca-nss-drv-vlan-mgr \ + +@NSS_DRV_BRIDGE_ENABLE \ + +PACKAGE_kmod-bonding:kmod-bonding \ + +PACKAGE_kmod-qca-nss-drv:kmod-qca-nss-drv +ifneq ($(CONFIG_PACKAGE_kmod-qca-ovsmgr),) + DEPENDS+=kmod-qca-ovsmgr +endif + FILES:=$(PKG_BUILD_DIR)/bridge/qca-nss-bridge-mgr.ko + AUTOLOAD:=$(call AutoLoad,51,qca-nss-bridge-mgr) +endef + +define KernelPackage/qca-nss-drv-bridge-mgr/Description +Kernel modules for NSS bridge manager +endef + +define KernelPackage/qca-nss-drv-clmapmgr + SECTION:=kernel + CATEGORY:=Kernel modules + SUBMENU:=Network Devices + DEPENDS:=+@NSS_DRV_CLMAP_ENABLE \ + +PACKAGE_kmod-qca-nss-drv:kmod-qca-nss-drv \ + +kmod-qca-nss-drv-eogremgr + TITLE:=NSS clmap Manager for QCA NSS driver + FILES:=$(PKG_BUILD_DIR)/clmapmgr/qca-nss-clmapmgr.ko +endef + +define KernelPackage/qca-nss-drv-clmapmgr/description +Kernel module for managing NSS clmap +endef + +define KernelPackage/qca-nss-drv-dtlsmgr + SECTION:=kernel + CATEGORY:=Kernel modules + SUBMENU:=Network Devices + TITLE:=Kernel driver for NSS (connection manager) - dtlsmgr + DEPENDS:=+@NSS_DRV_DTLS_ENABLE \ + +PACKAGE_kmod-qca-nss-drv:kmod-qca-nss-drv \ + +PACKAGE_kmod-qca-nss-cfi-cryptoapi:kmod-qca-nss-cfi-cryptoapi + FILES:=$(PKG_BUILD_DIR)/dtls/$(DTLSMGR_DIR)/qca-nss-dtlsmgr.ko +endef + +define KernelPackage/qca-nss-drv-dtls/description +Kernel modules for NSS connection manager - Support for DTLS sessions +endef + +define KernelPackage/qca-nss-drv-tlsmgr + SECTION:=kernel + CATEGORY:=Kernel modules + SUBMENU:=Network Devices + TITLE:=Kernel driver for NSS (connection manager) - tlsmgr + DEPENDS:=@TARGET_qualcommax +@NSS_DRV_TLS_ENABLE \ + +PACKAGE_kmod-qca-nss-drv:kmod-qca-nss-drv \ + +PACKAGE_kmod-qca-nss-cfi-cryptoapi:kmod-qca-nss-cfi-cryptoapi + FILES:=$(PKG_BUILD_DIR)/tls/qca-nss-tlsmgr.ko +endef + +define KernelPackage/qca-nss-drv-tls/description +Kernel modules for NSS connection manager - Support for TLS sessions +endef + +define KernelPackage/qca-nss-drv-ipsecmgr + SECTION:=kernel + CATEGORY:=Kernel modules + SUBMENU:=Network Devices + TITLE:=Kernel driver for NSS (ipsec manager) - ipsecmgr + DEPENDS:=@TARGET_qualcommax \ + +@NSS_DRV_IPSEC_ENABLE \ + +@NSS_DRV_TSTAMP_ENABLE \ + +PACKAGE_kmod-qca-nss-drv:kmod-qca-nss-drv \ + +PACKAGE_kmod-qca-nss-cfi-cryptoapi:kmod-qca-nss-cfi-cryptoapi +ifneq ($(CONFIG_PACKAGE_kmod-qca-nss-drv-l2tpv2),) + DEPENDS+=+kmod-qca-nss-drv-l2tpv2 +endif + FILES:=$(PKG_BUILD_DIR)/ipsecmgr/$(IPSECMGR_DIR)/qca-nss-ipsecmgr.ko $(IPSECMGR_KLIPS) + AUTOLOAD:=$(call AutoLoad,60,qca-nss-ipsecmgr) +endef + +define KernelPackage/qca-nss-drv-ipsecmgr/description +Kernel module for NSS IPsec offload manager +endef + +define KernelPackage/qca-nss-drv-ovpn-mgr + SECTION:=kernel + CATEGORY:=Kernel modules + SUBMENU:=Network Devices + TITLE:=Kernel driver for NSS OpenVPN manager + DEPENDS:=@TARGET_qualcommax +@NSS_DRV_OVPN_ENABLE \ + +kmod-qca-nss-drv +kmod-tun +kmod-ipt-conntrack \ + +PACKAGE_kmod-qca-nss-cfi-cryptoapi:kmod-qca-nss-cfi-cryptoapi + FILES:=$(PKG_BUILD_DIR)/openvpn/src/qca-nss-ovpn-mgr.ko +endef + +define KernelPackage/qca-nss-drv-ovpn-mgr/description +Kernel module for NSS OpenVPN manager +endef + +define KernelPackage/qca-nss-drv-ovpn-link + SECTION:=kernel + CATEGORY:=Kernel modules + SUBMENU:=Network Devices + TITLE:=Kernel driver for interfacing NSS OpenVPN manager with ECM + DEPENDS:=@TARGET_qualcommax \ + +kmod-qca-nss-drv-ovpn-mgr \ + +@PACKAGE_kmod-qca-nss-ecm + FILES:=$(PKG_BUILD_DIR)/openvpn/plugins/qca-nss-ovpn-link.ko +endef + +define KernelPackage/qca-nss-drv-ovpn-link/description +This module registers with ECM and communicates with NSS OpenVPN manager for supporting OpenVPN offload. +endef + +define KernelPackage/qca-nss-drv-pvxlanmgr + SECTION:=kernel + CATEGORY:=Kernel modules + SUBMENU:=Network Devices + DEPENDS:=+@NSS_DRV_PVXLAN_ENABLE \ + +PACKAGE_kmod-qca-nss-drv:kmod-qca-nss-drv + TITLE:=NSS PVXLAN Manager for QCA NSS driver + FILES:=$(PKG_BUILD_DIR)/pvxlanmgr/qca-nss-pvxlanmgr.ko +endef + +define KernelPackage/qca-nss-drv-pvxlanmgr/description +Kernel module for managing NSS PVxLAN +endef + +define KernelPackage/qca-nss-drv-eogremgr + SECTION:=kernel + CATEGORY:=Kernel modules + SUBMENU:=Network Devices + DEPENDS:=+@NSS_DRV_GRE_ENABLE \ + +PACKAGE_kmod-qca-nss-drv:kmod-qca-nss-drv \ + +kmod-qca-nss-drv-gre + TITLE:=NSS EOGRE Manager for QCA NSS driver + FILES:=$(PKG_BUILD_DIR)/eogremgr/qca-nss-eogremgr.ko +endef + +define KernelPackage/qca-nss-drv-eogremgr/description +Kernel module for managing NSS EoGRE +endef + +define KernelPackage/qca-nss-drv-clmapmgr + SECTION:=kernel + CATEGORY:=Kernel modules + SUBMENU:=Network Devices + DEPENDS:=+@NSS_DRV_CLMAP_ENABLE \ + +PACKAGE_kmod-qca-nss-drv:kmod-qca-nss-drv \ + +kmod-qca-nss-drv-eogremgr + TITLE:=NSS clmap Manager for QCA NSS driver + FILES:=$(PKG_BUILD_DIR)/clmapmgr/qca-nss-clmapmgr.ko +endef + +define KernelPackage/qca-nss-drv-clmapmgr/description +Kernel module for managing NSS clmap +endef + +define KernelPackage/qca-nss-drv-lag-mgr + SECTION:=kernel + CATEGORY:=Kernel modules + SUBMENU:=Network Devices + TITLE:=Kernel driver for NSS LAG manager + DEPENDS:=+@NSS_DRV_LAG_ENABLE \ + +kmod-qca-nss-drv-vlan-mgr \ + +PACKAGE_kmod-qca-nss-drv:kmod-qca-nss-drv \ + +PACKAGE_kmod-bonding:kmod-bonding + FILES:=$(PKG_BUILD_DIR)/lag/qca-nss-lag-mgr.ko + AUTOLOAD:=$(call AutoLoad,51,qca-nss-lag-mgr) +endef + +define KernelPackage/qca-nss-drv-lag-mgr/description +Kernel modules for NSS LAG manager +endef + +define KernelPackage/qca-nss-drv-vxlanmgr + SECTION:=kernel + CATEGORY:=Kernel modules + SUBMENU:=Network Devices + DEPENDS:=+@NSS_DRV_VXLAN_ENABLE +@NSS_DRV_PVXLAN_ENABLE +kmod-vxlan \ + +PACKAGE_kmod-qca-nss-drv:kmod-qca-nss-drv + TITLE:=NSS VxLAN Manager for QCA NSS driver + FILES:=$(PKG_BUILD_DIR)/vxlanmgr/qca-nss-vxlanmgr.ko + AUTOLOAD:=$(call AutoLoad,51,qca-nss-vxlanmgr) +endef + +define KernelPackage/qca-nss-drv-vxlanmgr/description +Kernel module for managing NSS VxLAN +endef + +define KernelPackage/qca-nss-drv-vlan-mgr + SECTION:=kernel + CATEGORY:=Kernel modules + SUBMENU:=Network Devices + TITLE:=Kernel driver for NSS vlan manager + DEPENDS:=@TARGET_qualcommax \ + +@NSS_DRV_VLAN_ENABLE \ + +PACKAGE_kmod-bonding:kmod-bonding \ + +PACKAGE_kmod-qca-nss-drv:kmod-qca-nss-drv + FILES:=$(PKG_BUILD_DIR)/vlan/qca-nss-vlan.ko + AUTOLOAD:=$(call AutoLoad,51,qca-nss-vlan) +endef + +define KernelPackage/qca-nss-drv-vlan-mgr/Description +Kernel modules for NSS vlan manager +endef + +define KernelPackage/qca-nss-drv-igs + SECTION:=kernel + CATEGORY:=Kernel modules + SUBMENU:=Network Support + TITLE:=Action for offloading traffic to an IFB interface to perform ingress shaping. + DEPENDS:=@TARGET_qualcommax +@NSS_DRV_IGS_ENABLE +kmod-qca-nss-drv-qdisc \ + +kmod-sched-core +kmod-nf-conntrack +kmod-ifb \ + +PACKAGE_kmod-qca-nss-drv:kmod-qca-nss-drv + FILES:=$(PKG_BUILD_DIR)/nss_qdisc/igs/act_nssmirred.ko +endef + +define KernelPackage/qca-nss-drv-igs/description +Linux action that helps in offloading traffic to an IFB interface to perform ingress shaping. +endef + +define KernelPackage/qca-nss-drv-match + SECTION:=kernel + CATEGORY:=Kernel modules + SUBMENU:=Network Devices + DEPENDS:=+@NSS_DRV_MATCH_ENABLE \ + +PACKAGE_kmod-qca-nss-drv:kmod-qca-nss-drv + TITLE:=NSS Match for QCA NSS driver + FILES:=$(PKG_BUILD_DIR)/match/qca-nss-match.ko +endef + +define KernelPackage/qca-nss-drv-match/description +Kernel module for managing NSS Match +endef + +define KernelPackage/qca-nss-drv-mirror + SECTION:=kernel + CATEGORY:=Kernel modules + SUBMENU:=Network Support + TITLE:=Module for mirroring packets from NSS to host. + DEPENDS:=+@NSS_DRV_MIRROR_ENABLE \ + +PACKAGE_kmod-qca-nss-drv:kmod-qca-nss-drv + FILES:=$(PKG_BUILD_DIR)/mirror/qca-nss-mirror.ko +endef + +define KernelPackage/qca-nss-drv-mirror/Description +Kernel module for managing NSS Mirror +endef + +define KernelPackage/qca-nss-drv-netlink + SECTION:=kernel + CATEGORY:=Kernel modules + SUBMENU:=Network Devices + TITLE:=NSS NETLINK Manager for QCA NSS driver + DEPENDS:=@TARGET_qualcommax +@NSS_DRV_C2C_ENABLE +@NSS_DRV_GRE_REDIR_ENABLE \ + +@NSS_DRV_IPV4_REASM_ENABLE +@NSS_DRV_IPV6_ENABLE +@NSS_DRV_IPV6_REASM_ENABLE \ + +@NSS_DRV_RMNET_ENABLE +@NSS_DRV_OAM_ENABLE +@NSS_DRV_QRFS_ENABLE \ + +kmod-pppoe +kmod-qca-nss-drv-dtlsmgr \ + +PACKAGE_kmod-qca-nss-drv:kmod-qca-nss-drv + FILES:=$(PKG_BUILD_DIR)/netlink/qca-nss-netlink.ko +endef + +define KernelPackage/qca-nss-drv-netlink/Description +Kernel module for NSS netlink manager +endef + +define KernelPackage/qca-nss-drv-qdisc + SECTION:=kernel + CATEGORY:=Kernel modules + SUBMENU:=Network Support + TITLE:=Qdisc for configuring shapers in NSS + DEPENDS:=+@NSS_DRV_SHAPER_ENABLE +@NSS_DRV_IGS_ENABLE \ + +PACKAGE_kmod-qca-nss-drv:kmod-qca-nss-drv + FILES:=$(PKG_BUILD_DIR)/nss_qdisc/qca-nss-qdisc.ko + KCONFIG:=CONFIG_NET_CLS_ACT=y + AUTOLOAD:=$(call AutoLoad,58,qca-nss-qdisc) +endef + +define KernelPackage/qca-nss-drv-qdisc/Description +Linux qdisc that aids in configuring shapers in the NSS +endef + +define Build/InstallDev + mkdir -p $(1)/usr/include/qca-nss-clients + $(CP) $(PKG_BUILD_DIR)/netlink/include/* $(1)/usr/include/qca-nss-clients/ + $(CP) $(PKG_BUILD_DIR)/exports/* $(1)/usr/include/qca-nss-clients/ +endef + +define KernelPackage/qca-nss-drv-ovpn-mgr/install + $(INSTALL_DIR) $(1)/etc/init.d + $(INSTALL_BIN) ./files/qca-nss-ovpn.init $(1)/etc/init.d/qca-nss-ovpn +endef + +define KernelPackage/qca-nss-drv-ipsecmgr/install + $(INSTALL_DIR) $(1)/etc/init.d + $(INSTALL_BIN) ./files/qca-nss-ipsec $(1)/etc/init.d/qca-nss-ipsec +endef + +define KernelPackage/qca-nss-drv-igs/install + $(INSTALL_DIR) $(1)/etc/init.d + $(INSTALL_BIN) ./files/qca-nss-mirred.init $(1)/etc/init.d/qca-nss-mirred +endef + +define KernelPackage/qca-nss-drv-netlink/install + $(INSTALL_DIR) $(1)/etc/init.d + $(INSTALL_BIN) ./files/qca-nss-netlink.init $(1)/etc/init.d/qca-nss-netlink +endef + +EXTRA_CFLAGS+= \ + -I$(STAGING_DIR)/usr/include/qca-nss-drv \ + -I$(STAGING_DIR)/usr/include/qca-nss-crypto \ + -I$(STAGING_DIR)/usr/include/qca-nss-cfi \ + -I$(STAGING_DIR)/usr/include/qca-nss-ecm \ + -I$(STAGING_DIR)/usr/include/qca-ssdk \ + -I$(STAGING_DIR)/usr/include/qca-ssdk/fal \ + -I$(STAGING_DIR)/usr/include/nat46 + +# Build individual packages if selected +ifneq ($(CONFIG_PACKAGE_kmod-qca-nss-drv-tun6rd),) +NSS_CLIENTS_MAKE_OPTS+=tun6rd=m +endif + +ifneq ($(CONFIG_PACKAGE_kmod-qca-nss-drv-dtlsmgr),) +NSS_CLIENTS_MAKE_OPTS+=dtlsmgr=y +endif + +ifneq ($(CONFIG_PACKAGE_kmod-qca-nss-drv-tlsmgr),) +EXTRA_CFLAGS+= -I$(PKG_BUILD_DIR)/exports +NSS_CLIENTS_MAKE_OPTS+=tlsmgr=y +endif + +ifneq ($(CONFIG_PACKAGE_kmod-qca-nss-drv-l2tpv2),) +NSS_CLIENTS_MAKE_OPTS+=l2tpv2=y +EXTRA_CFLAGS += -DNSS_L2TPV2_ENABLED +endif + +ifneq ($(CONFIG_PACKAGE_kmod-qca-nss-drv-gre),) +EXTRA_CFLAGS+= -I$(PKG_BUILD_DIR)/exports +NSS_CLIENTS_MAKE_OPTS+=gre=y +endif + +ifneq ($(CONFIG_PACKAGE_kmod-qca-nss-drv-pppoe),) +NSS_CLIENTS_MAKE_OPTS+=pppoe=y +endif + +ifneq ($(CONFIG_PACKAGE_kmod-qca-nss-drv-bridge-mgr),) +NSS_CLIENTS_MAKE_OPTS+=bridge-mgr=y +#enable OVS bridge if ovsmgr is enabled +ifneq ($(CONFIG_PACKAGE_kmod-qca-ovsmgr),) +NSS_CLIENTS_MAKE_OPTS+= NSS_BRIDGE_MGR_OVS_ENABLE=y +EXTRA_CFLAGS+= -I$(STAGING_DIR)/usr/include/qca-ovsmgr +endif +endif + +ifneq ($(CONFIG_PACKAGE_kmod-qca-nss-drv-ipsecmgr),) +EXTRA_CFLAGS+= -I$(PKG_BUILD_DIR)/exports \ + -I$(STAGING_DIR)/usr/include/qca-nss-ecm +NSS_CLIENTS_MAKE_OPTS+=ipsecmgr=y +endif + +ifneq ($(CONFIG_PACKAGE_kmod-qca-nss-drv-vlan-mgr),) +NSS_CLIENTS_MAKE_OPTS+=vlan-mgr=y +endif + +ifneq ($(CONFIG_PACKAGE_kmod-qca-nss-drv-lag-mgr),) +NSS_CLIENTS_MAKE_OPTS+=lag-mgr=y +endif + +ifneq ($(CONFIG_PACKAGE_kmod-qca-nss-drv-pvxlanmgr),) +# The memset() call in nss_pvxlanmgr_get_tunnel_stats +# triggers a compilation error with GCC 13, most likely +# it is a false positive, disable the warning for now. +EXTRA_CFLAGS+= -Wno-stringop-overread +NSS_CLIENTS_MAKE_OPTS+=pvxlanmgr=y +endif + +ifneq ($(CONFIG_PACKAGE_kmod-qca-nss-drv-clmapmgr),) +NSS_CLIENTS_MAKE_OPTS+=clmapmgr=y +endif + +ifneq ($(CONFIG_PACKAGE_kmod-qca-nss-drv-eogremgr),) +NSS_CLIENTS_MAKE_OPTS+=eogremgr=y +endif + +ifneq ($(CONFIG_PACKAGE_kmod-qca-nss-drv-vlan-mgr),) +NSS_CLIENTS_MAKE_OPTS+=vlan-mgr=y +endif + +ifneq ($(CONFIG_PACKAGE_kmod-qca-nss-drv-vxlanmgr),) +NSS_CLIENTS_MAKE_OPTS+=vxlanmgr=y +EXTRA_CFLAGS += -DNSS_VXLAN_ENABLED +endif + +ifneq ($(CONFIG_PACKAGE_kmod-qca-nss-drv-pptp),) +NSS_CLIENTS_MAKE_OPTS+=pptp=y +endif + +ifneq ($(CONFIG_PACKAGE_kmod-qca-nss-drv-map-t),) +NSS_CLIENTS_MAKE_OPTS+=map-t=y +endif + +ifneq ($(CONFIG_PACKAGE_kmod-qca-nss-drv-ovpn-mgr),) +NSS_CLIENTS_MAKE_OPTS+=ovpn-mgr=y +endif + +ifneq ($(CONFIG_PACKAGE_kmod-qca-nss-drv-ovpn-link),) +NSS_CLIENTS_MAKE_OPTS+=ovpn-link=y +endif + +ifneq ($(CONFIG_PACKAGE_kmod-qca-nss-drv-tunipip6),) +NSS_CLIENTS_MAKE_OPTS+=tunipip6=y +endif + +ifneq ($(CONFIG_PACKAGE_kmod-qca-nss-drv-igs),) +NSS_CLIENTS_MAKE_OPTS+=igs=y +endif + +ifneq ($(CONFIG_PACKAGE_kmod-qca-nss-drv-netlink),) +NSS_CLIENTS_MAKE_OPTS+=netlink=y +endif + +ifneq ($(CONFIG_PACKAGE_kmod-qca-nss-drv-qdisc),) +NSS_CLIENTS_MAKE_OPTS+=qdisc=y +endif + +ifneq ($(CONFIG_PACKAGE_kmod-qca-nss-drv-match),) +NSS_CLIENTS_MAKE_OPTS+=match=y +endif + +define Build/Compile + +$(MAKE) -C "$(LINUX_DIR)" $(strip $(NSS_CLIENTS_MAKE_OPTS)) \ + CROSS_COMPILE="$(TARGET_CROSS)" \ + ARCH="$(LINUX_KARCH)" \ + M="$(PKG_BUILD_DIR)" \ + EXTRA_CFLAGS="$(EXTRA_CFLAGS)" \ + DTLSMGR_DIR="$(DTLSMGR_DIR)" \ + IPSECMGR_DIR="$(IPSECMGR_DIR)" \ + SoC=$(SOC) \ + $(KERNEL_MAKE_FLAGS) \ + modules +endef + +$(eval $(call KernelPackage,qca-nss-drv-gre)) +$(eval $(call KernelPackage,qca-nss-drv-l2tpv2)) +$(eval $(call KernelPackage,qca-nss-drv-pptp)) +$(eval $(call KernelPackage,qca-nss-drv-pppoe)) +$(eval $(call KernelPackage,qca-nss-drv-ipsecmgr)) +$(eval $(call KernelPackage,qca-nss-drv-bridge-mgr)) +$(eval $(call KernelPackage,qca-nss-drv-clmapmgr)) +$(eval $(call KernelPackage,qca-nss-drv-eogremgr)) +$(eval $(call KernelPackage,qca-nss-drv-lag-mgr)) +$(eval $(call KernelPackage,qca-nss-drv-vlan-mgr)) +$(eval $(call KernelPackage,qca-nss-drv-vxlanmgr)) +$(eval $(call KernelPackage,qca-nss-drv-pvxlanmgr)) +$(eval $(call KernelPackage,qca-nss-drv-ovpn-mgr)) +$(eval $(call KernelPackage,qca-nss-drv-ovpn-link)) +$(eval $(call KernelPackage,qca-nss-drv-dtlsmgr)) +$(eval $(call KernelPackage,qca-nss-drv-tlsmgr)) +$(eval $(call KernelPackage,qca-nss-drv-match)) +$(eval $(call KernelPackage,qca-nss-drv-map-t)) +$(eval $(call KernelPackage,qca-nss-drv-tunipip6)) +$(eval $(call KernelPackage,qca-nss-drv-tun6rd)) +$(eval $(call KernelPackage,qca-nss-drv-qdisc)) +$(eval $(call KernelPackage,qca-nss-drv-igs)) +$(eval $(call KernelPackage,qca-nss-drv-netlink)) diff --git a/package/qca/qca-nss-clients/files/qca-nss-ipsec b/package/qca/qca-nss-clients/files/qca-nss-ipsec new file mode 100755 index 000000000..21eea7c4c --- /dev/null +++ b/package/qca/qca-nss-clients/files/qca-nss-ipsec @@ -0,0 +1,231 @@ +#!/bin/sh /etc/rc.common +# +# Copyright (c) 2018-2019, 2021 The Linux Foundation. All rights reserved. +# +# Permission to use, copy, modify, and/or distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +NSS_IPSEC_LOG_FILE=/tmp/.nss_ipsec_log +NSS_IPSEC_LOG_STR_ECM="ECM_Loaded" +NSS_IPSEC_OL_FILE=/tmp/qca_nss_ipsec_ol + +ecm_load () { + if [ ! -d /sys/module/ecm ]; then + /etc/init.d/qca-nss-ecm start + if [ -d /sys/module/ecm ]; then + echo ${NSS_IPSEC_LOG_STR_ECM} >> ${NSS_IPSEC_LOG_FILE} + fi + fi +} + +ecm_unload () { + if [ -f /tmp/.nss_ipsec_log ]; then + str=`grep ${NSS_IPSEC_LOG_STR_ECM} ${NSS_IPSEC_LOG_FILE}` + if [[ $str == ${NSS_IPSEC_LOG_STR_ECM} ]]; then + /etc/init.d/qca-nss-ecm stop + `sed 's/${NSS_IPSEC_LOG_STR_ECM}/ /g' $NSS_IPSEC_LOG_FILE > $NSS_IPSEC_LOG_FILE` + fi + fi +} + +ecm_disable() { + if [ ! -d /sys/module/ecm ]; then + return; + fi + + echo 1 > /sys/kernel/debug/ecm/front_end_ipv4_stop + echo 1 > /sys/kernel/debug/ecm/front_end_ipv6_stop + echo 1 > /sys/kernel/debug/ecm/ecm_db/defunct_all + sleep 2 +} + +ecm_enable() { + if [ ! -d /sys/module/ecm ]; then + return; + fi + + echo 0 > /sys/kernel/debug/ecm/ecm_db/defunct_all + echo 0 > /sys/kernel/debug/ecm/front_end_ipv4_stop + echo 0 > /sys/kernel/debug/ecm/front_end_ipv6_stop +} + +kernel_version_check_5_4() { + major_ver=$(uname -r | awk -F '.' '{print $1}') + minor_ver=$(uname -r | awk -F '.' '{print $2}') + if [ $major_ver -lt 5 ] || ([ $major_ver -eq 5 ] && [ $minor_ver -lt 4 ] ); then + return 1 + else + return 0 + fi +} + +kernel_version_check_5_15() { + major_ver=$(uname -r | awk -F '.' '{print $1}') + minor_ver=$(uname -r | awk -F '.' '{print $2}') + if [ $major_ver -lt 5 ] || ([ $major_ver -eq 5 ] && [ $minor_ver -lt 15 ] ); then + return 1 + else + return 0 + fi +} + +start_klips() { + if kernel_version_check_5_4; then + echo "Kernel 5.4 doesn't support klips stack." + return $? + fi + + if kernel_version_check_5_15; then + echo "Kernel 5.15 doesn't support klips stack." + return $? + fi + + touch $NSS_IPSEC_OL_FILE + ecm_load + + local kernel_version=$(uname -r) + + insmod /lib/modules/${kernel_version}/qca-nss-ipsec-klips.ko + if [ "$?" -gt 0 ]; then + echo "Failed to load plugin. Please start ecm if not done already" + ecm_enable + rm $NSS_IPSEC_OL_FILE + return + fi + + /etc/init.d/ipsec start + sleep 2 + ipsec eroute + + ecm_enable +} + +stop_klips() { + if kernel_version_check_5_4; then + echo "Kernel 5.4 doesn't support klips stack." + return $? + fi + + if kernel_version_check_5_15; then + echo "Kernel 5.15 doesn't support klips stack." + return $? + fi + + ecm_disable + + /etc/init.d/ipsec stop + rmmod qca-nss-ipsec-klips + rm $NSS_IPSEC_OL_FILE + + ecm_unload +} + +start_xfrm() { + touch $NSS_IPSEC_OL_FILE + ecm_load + + local kernel_version=$(uname -r) + + # load all NETKEY modules first. + for mod in xfrm_ipcomp ipcomp xfrm6_tunnel ipcomp6 xfrm6_mode_tunnel xfrm6_mode_beet xfrm6_mode_ro \ + xfrm6_mode_transport xfrm4_mode_transport xfrm4_mode_tunnel \ + xfrm4_tunnel xfrm4_mode_beet esp4 esp6 ah4 ah6 af_key + do + insmod $mod 2> /dev/null + done + + # Now load the xfrm plugin + insmod /lib/modules/${kernel_version}/qca-nss-ipsec-xfrm.ko + if [ "$?" -gt 0 ]; then + echo "Failed to load plugin. Please start ecm if not done already" + ecm_enable + rm $NSS_IPSEC_OL_FILE + return + fi + + /etc/init.d/ipsec start + sleep 2 + + ecm_enable +} + +stop_xfrm() { + ecm_disable + + #Shutdown Pluto first. Then only plugin can be removed. + plutopid=/var/run/pluto/pluto.pid + if [ -f $plutopid ]; then + pid=`cat $plutopid` + if [ ! -z "$pid" ]; then + ipsec whack --shutdown | grep -v "002"; + if [ -s $plutopid ]; then + echo "Attempt to shut Pluto down failed! Trying kill:" + kill $pid; + sleep 5; + fi + fi + rm -rf $plutopid + fi + ip xfrm state flush; + ip xfrm policy flush; + sleep 2 + + #Now we can remove the plugin + retries=5 + while [ -d /sys/module/qca_nss_ipsec_xfrm ] + do + rmmod qca-nss-ipsec-xfrm + if [ "$?" -eq 0 ]; then + rm $NSS_IPSEC_OL_FILE + break + fi + + if [ ${retries} -eq 0 ]; then + echo "Failed to unload qca-nss-ipsec-xfrm plugin!" + exit + fi + + echo "XFRM plugin unload failed; retrying ${retries} times" + sleep 1 + retries=`expr ${retries} - 1` + done + + /etc/init.d/ipsec stop + ecm_unload +} + +start() { + local protostack=`uci -q get ipsec.setup.protostack` + if [ "$protostack" = "klips" ]; then + start_klips + return $? + fi + + start_xfrm + return $? +} + +stop() { + local protostack=`uci -q get ipsec.setup.protostack` + if [ "$protostack" = "klips" ]; then + stop_klips + return $? + fi + + stop_xfrm + return $? +} + +restart() { + stop + start +} diff --git a/package/qca/qca-nss-clients/files/qca-nss-mirred.init b/package/qca/qca-nss-clients/files/qca-nss-mirred.init new file mode 100644 index 000000000..259aaa090 --- /dev/null +++ b/package/qca/qca-nss-clients/files/qca-nss-mirred.init @@ -0,0 +1,28 @@ +#!/bin/sh /etc/rc.common + +########################################################################### +# Copyright (c) 2019, The Linux Foundation. All rights reserved. +# Permission to use, copy, modify, and/or distribute this software for +# any purpose with or without fee is hereby granted, provided that the +# above copyright notice and this permission notice appear in all copies. +# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT +# OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +########################################################################### + +start() { + insmod act_nssmirred.ko +} + +stop() { + rmmod act_nssmirred.ko +} + +restart() { + stop + start +} diff --git a/package/qca/qca-nss-clients/files/qca-nss-netlink.init b/package/qca/qca-nss-clients/files/qca-nss-netlink.init new file mode 100644 index 000000000..8d38ad33f --- /dev/null +++ b/package/qca/qca-nss-clients/files/qca-nss-netlink.init @@ -0,0 +1,31 @@ +#!/bin/sh /etc/rc.common +# +# Copyright (c) 2023, The Linux Foundation. All rights reserved. +# +# Permission to use, copy, modify, and/or distribute this software for +# any purpose with or without fee is hereby granted, provided that the +# above copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT +# OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +start() { + modprobe qca-nss-netlink + + echo 2048 > /proc/sys/dev/nss/n2hcfg/n2h_queue_limit_core0 + echo 2048 > /proc/sys/dev/nss/n2hcfg/n2h_queue_limit_core1 +} + +stop() { + rmmod qca-nss-netlink.ko +} + +restart() { + stop + start +} diff --git a/package/qca/qca-nss-clients/files/qca-nss-ovpn.init b/package/qca/qca-nss-clients/files/qca-nss-ovpn.init new file mode 100644 index 000000000..622e295ee --- /dev/null +++ b/package/qca/qca-nss-clients/files/qca-nss-ovpn.init @@ -0,0 +1,69 @@ +#!/bin/sh /etc/rc.common + +########################################################################### +# Copyright (c) 2019, The Linux Foundation. All rights reserved. +# Permission to use, copy, modify, and/or distribute this software for +# any purpose with or without fee is hereby granted, provided that the +# above copyright notice and this permission notice appear in all copies. +# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT +# OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +########################################################################### + +ecm_disable() { + if [ ! -d /sys/module/ecm ]; then + return + fi + + echo 1 > /sys/kernel/debug/ecm/front_end_ipv4_stop + echo 1 > /sys/kernel/debug/ecm/front_end_ipv6_stop + echo 1 > /sys/kernel/debug/ecm/ecm_db/defunct_all + sleep 2 +} + +ecm_enable() { + if [ ! -d /sys/module/ecm ]; then + return + fi + + echo 0 > /sys/kernel/debug/ecm/ecm_db/defunct_all + echo 0 > /sys/kernel/debug/ecm/front_end_ipv4_stop + echo 0 > /sys/kernel/debug/ecm/front_end_ipv6_stop +} + +restart() { + ecm_disable + + /etc/init.d/openvpn stop + rmmod qca-nss-ovpn-link + rmmod qca-nss-ovpn-mgr + + insmod qca-nss-ovpn-mgr + insmod qca-nss-ovpn-link + + if [ "$?" -gt 0 ]; then + echo "Failed to load plugin. Please start ecm if not done already" + ecm_enable + return + fi + + ecm_enable +} + +start() { + restart +} + +stop() { + ecm_disable + + /etc/init.d/openvpn stop + rmmod qca-nss-ovpn-link + rmmod qca-nss-ovpn-mgr + + ecm_enable +} diff --git a/package/qca/qca-nss-clients/patches/0001-kernel-5.15-support-qdisc.patch b/package/qca/qca-nss-clients/patches/0001-kernel-5.15-support-qdisc.patch new file mode 100644 index 000000000..97479d9b9 --- /dev/null +++ b/package/qca/qca-nss-clients/patches/0001-kernel-5.15-support-qdisc.patch @@ -0,0 +1,162 @@ +--- a/nss_qdisc/igs/nss_mirred.c ++++ b/nss_qdisc/igs/nss_mirred.c +@@ -82,20 +82,24 @@ static const struct nla_policy nss_mirre + * nss_mirred_init() + * Initialize the nss mirred action. + */ +-#if (LINUX_VERSION_CODE < KERNEL_VERSION(5, 4, 0)) + static int nss_mirred_init(struct net *net, struct nlattr *nla, +- struct nlattr *est, struct tc_action *tc_act, int ovr, +- int bind) ++#if (LINUX_VERSION_CODE < KERNEL_VERSION(5, 4, 0)) ++ struct nlattr *est, struct tc_action *tc_act, int ovr, ++ int bind) ++{ ++#elif (LINUX_VERSION_CODE < KERNEL_VERSION(5, 15, 0)) ++ struct nlattr *est, struct tc_action **tc_act, int ovr, ++ int bind, bool rtnl_held, struct tcf_proto *tp, ++ u32 flags, struct netlink_ext_ack *extack) + { + #else +-static int nss_mirred_init(struct net *net, struct nlattr *nla, +- struct nlattr *est, struct tc_action **tc_act, int ovr, +- int bind, bool rtnl_held, struct tcf_proto *tp, +- struct netlink_ext_ack *extack) ++ struct nlattr *est, struct tc_action **tc_act, ++ struct tcf_proto *tp, u32 flags, struct netlink_ext_ack *extack) + { ++ bool bind = flags & TCA_ACT_FLAGS_BIND; ++#endif + struct tc_action_net *tn = net_generic(net, nss_mirred_net_id); + u32 index; +-#endif + struct nlattr *arr[TC_NSS_MIRRED_MAX + 1]; + struct tc_nss_mirred *parm; + struct nss_mirred_tcf *act; +@@ -239,8 +243,13 @@ static int nss_mirred_init(struct net *n + } + + if (!ret) { ++#if (LINUX_VERSION_CODE < KERNEL_VERSION(5, 5, 0)) + ret = tcf_idr_create(tn, index, est, tc_act, &nss_mirred_act_ops, + bind, true); ++#else ++ ret = tcf_idr_create(tn, index, est, tc_act, &nss_mirred_act_ops, ++ bind, true, 0); ++#endif + if (ret) { + tcf_idr_cleanup(tn, index); + return ret; +--- a/nss_qdisc/nss_bf.c ++++ b/nss_qdisc/nss_bf.c +@@ -74,7 +74,7 @@ static inline struct nss_bf_class_data * + */ + #if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 16, 0)) + static int nss_bf_change_class(struct Qdisc *sch, u32 classid, u32 parentid, +- struct nlattr **tca, unsigned long *arg) ++ struct nlattr **tca, unsigned long *arg, struct netlink_ext_ack *extack) + { + struct netlink_ext_ack *extack = NULL; + #else +@@ -290,7 +290,11 @@ static void nss_bf_destroy_class(struct + * nss_bf_delete_class() + * Detaches a class from operation, but does not destroy it. + */ ++#if (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 12, 0)) ++static int nss_bf_delete_class(struct Qdisc *sch, unsigned long arg, struct netlink_ext_ack *extack) ++#else + static int nss_bf_delete_class(struct Qdisc *sch, unsigned long arg) ++#endif + { + struct nss_bf_sched_data *q = qdisc_priv(sch); + struct nss_bf_class_data *cl = (struct nss_bf_class_data *)arg; +--- a/nss_qdisc/nss_htb.c ++++ b/nss_qdisc/nss_htb.c +@@ -282,7 +282,7 @@ static int nss_htb_ppe_change_class(stru + */ + #if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 16, 0)) + static int nss_htb_change_class(struct Qdisc *sch, u32 classid, u32 parentid, +- struct nlattr **tca, unsigned long *arg) ++ struct nlattr **tca, unsigned long *arg, struct netlink_ext_ack *extack) + { + struct netlink_ext_ack *extack = NULL; + #else +@@ -516,7 +516,11 @@ static void nss_htb_destroy_class(struct + * nss_htb_delete_class() + * Detaches a class from operation, but does not destroy it. + */ ++#if (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 12, 0)) ++static int nss_htb_delete_class(struct Qdisc *sch, unsigned long arg, struct netlink_ext_ack *extack) ++#else + static int nss_htb_delete_class(struct Qdisc *sch, unsigned long arg) ++#endif + { + struct nss_htb_sched_data *q = qdisc_priv(sch); + struct nss_htb_class_data *cl = (struct nss_htb_class_data *)arg; +--- a/nss_qdisc/nss_qdisc.c ++++ b/nss_qdisc/nss_qdisc.c +@@ -1140,15 +1140,16 @@ unsigned int nss_qdisc_drop(struct Qdisc + { + struct nss_qdisc *nq = qdisc_priv(sch); + unsigned int ret; ++ struct sk_buff *to_free = qdisc_peek_head(sch); + + if (!nq->is_virtual) { +- ret = __qdisc_queue_drop_head(sch, &sch->q); ++ ret = __qdisc_queue_drop_head(sch, &sch->q, &to_free); + } else { + spin_lock_bh(&nq->bounce_protection_lock); + /* + * This function is safe to call within locks + */ +- ret = __qdisc_queue_drop_head(sch, &sch->q); ++ ret = __qdisc_queue_drop_head(sch, &sch->q, &to_free); + spin_unlock_bh(&nq->bounce_protection_lock); + } + +@@ -1209,10 +1210,10 @@ static bool nss_qdisc_iterate_fl(struct + return 0; + } + +-#if (LINUX_VERSION_CODE < KERNEL_VERSION(5, 4, 0)) +- status = tc_classify(skb, tcf, &res, false); +-#else ++#if (LINUX_VERSION_CODE < KERNEL_VERSION(5, 15, 0)) + status = tcf_classify(skb, tcf, &res, false); ++#else ++ status = tcf_classify(skb, NULL, tcf, &res, false); + #endif + if ((status == TC_ACT_STOLEN) || (status == TC_ACT_QUEUED)) { + return 1; +@@ -2188,6 +2189,8 @@ int __nss_qdisc_init(struct Qdisc *sch, + * This is to prevent mixing NSS and PPE qdisc with linux qdisc. + */ + if ((parent != TC_H_ROOT) && (root->ops->owner != THIS_MODULE)) { ++ nss_qdisc_warning("parent (%d) and TC_H_ROOT (%d))", parent, TC_H_ROOT); ++ nss_qdisc_warning("root->ops->owner (%px) and THIS_MODULE (%px))", root->ops->owner , THIS_MODULE); + nss_qdisc_warning("NSS qdisc %px (type %d) used along with non-nss qdiscs," + " or the interface is currently down", nq->qdisc, nq->type); + } +--- a/nss_qdisc/nss_wrr.c ++++ b/nss_qdisc/nss_wrr.c +@@ -229,7 +229,7 @@ static int nss_wrr_ppe_change_class(stru + + #if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 16, 0)) + static int nss_wrr_change_class(struct Qdisc *sch, u32 classid, u32 parentid, +- struct nlattr **tca, unsigned long *arg) ++ struct nlattr **tca, unsigned long *arg, struct netlink_ext_ack *extack) + { + struct netlink_ext_ack *extack = NULL; + #else +@@ -400,7 +400,11 @@ failure: + return -EINVAL; + } + ++#if (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 12, 0)) ++static int nss_wrr_delete_class(struct Qdisc *sch, unsigned long arg, struct netlink_ext_ack *extack) ++#else + static int nss_wrr_delete_class(struct Qdisc *sch, unsigned long arg) ++#endif + { + struct nss_wrr_sched_data *q = qdisc_priv(sch); + struct nss_wrr_class_data *cl = (struct nss_wrr_class_data *)arg; diff --git a/package/qca/qca-nss-clients/patches/0002-kernel-5.4-support-gre.patch b/package/qca/qca-nss-clients/patches/0002-kernel-5.4-support-gre.patch new file mode 100644 index 000000000..7ed66bd45 --- /dev/null +++ b/package/qca/qca-nss-clients/patches/0002-kernel-5.4-support-gre.patch @@ -0,0 +1,31 @@ +--- a/gre/nss_connmgr_gre_v6.c ++++ b/gre/nss_connmgr_gre_v6.c +@@ -95,7 +95,8 @@ static int nss_connmgr_gre_v6_get_mac_ad + /* + * Find src MAC address + */ +- local_dev = (struct net_device *)ipv6_dev_find(&init_net, &src_addr, 1); ++ local_dev = NULL; ++ local_dev = (struct net_device *)ipv6_dev_find(&init_net, &src_addr, local_dev); + if (!local_dev) { + nss_connmgr_gre_warning("Unable to find local dev for %pI6", src_ip); + return GRE_ERR_NO_LOCAL_NETDEV; +--- a/gre/test/nss_connmgr_gre_test.c ++++ b/gre/test/nss_connmgr_gre_test.c +@@ -229,10 +229,12 @@ static int nss_connmgr_gre_test_open_pro + /* + * Proc ops + */ +-static const struct file_operations nss_connmgr_gre_test_proc_ops = { +- .open = nss_connmgr_gre_test_open_proc, +- .write = nss_connmgr_gre_test_write_proc, +- .read = seq_read, ++static const struct proc_ops nss_connmgr_gre_test_proc_ops = { ++ .proc_open = nss_connmgr_gre_test_open_proc, ++ .proc_read = seq_read, ++ .proc_lseek = seq_lseek, ++ .proc_release = single_release, ++ .proc_write = nss_connmgr_gre_test_write_proc, + }; + + /* diff --git a/package/qca/qca-nss-clients/patches/0003-kernel-5.4-support-ipsec.patch b/package/qca/qca-nss-clients/patches/0003-kernel-5.4-support-ipsec.patch new file mode 100644 index 000000000..de43b4d01 --- /dev/null +++ b/package/qca/qca-nss-clients/patches/0003-kernel-5.4-support-ipsec.patch @@ -0,0 +1,29 @@ +--- a/ipsecmgr/v1.0/nss_ipsecmgr.c ++++ b/ipsecmgr/v1.0/nss_ipsecmgr.c +@@ -377,7 +377,7 @@ free: + * nss_ipsecmgr_tunnel_stats() + * get tunnel statistics + */ +-static struct rtnl_link_stats64 *nss_ipsecmgr_tunnel_stats64(struct net_device *dev, struct rtnl_link_stats64 *stats) ++void nss_ipsecmgr_tunnel_stats64(struct net_device *dev, struct rtnl_link_stats64 *stats) + { + struct nss_ipsecmgr_priv *priv = netdev_priv(dev); + +@@ -389,8 +389,6 @@ static struct rtnl_link_stats64 *nss_ips + read_lock_bh(&ipsecmgr_ctx->lock); + memcpy(stats, &priv->stats, sizeof(struct rtnl_link_stats64)); + read_unlock_bh(&ipsecmgr_ctx->lock); +- +- return stats; + } + + /* +@@ -442,7 +440,7 @@ static void nss_ipsecmgr_tunnel_setup(st + dev->header_ops = NULL; + dev->netdev_ops = &nss_ipsecmgr_tunnel_ops; + +- dev->destructor = nss_ipsecmgr_tunnel_free; ++ dev->priv_destructor = nss_ipsecmgr_tunnel_free; + + /* + * get the MAC address from the ethernet device diff --git a/package/qca/qca-nss-clients/patches/0004-kernel-5.4-support-dtls.patch b/package/qca/qca-nss-clients/patches/0004-kernel-5.4-support-dtls.patch new file mode 100644 index 000000000..ae9c91470 --- /dev/null +++ b/package/qca/qca-nss-clients/patches/0004-kernel-5.4-support-dtls.patch @@ -0,0 +1,11 @@ +--- a/dtls/v1.0/nss_connmgr_dtls_netdev.c ++++ b/dtls/v1.0/nss_connmgr_dtls_netdev.c +@@ -160,7 +160,7 @@ static void nss_dtlsmgr_dev_setup(struct + dev->ethtool_ops = NULL; + dev->header_ops = NULL; + dev->netdev_ops = &nss_dtlsmgr_session_ops; +- dev->destructor = NULL; ++ dev->priv_destructor = NULL; + + memcpy(dev->dev_addr, "\xaa\xbb\xcc\xdd\xee\xff", dev->addr_len); + memset(dev->broadcast, 0xff, dev->addr_len); diff --git a/package/qca/qca-nss-clients/patches/0005-vlanmgr-fix-compile-error.patch b/package/qca/qca-nss-clients/patches/0005-vlanmgr-fix-compile-error.patch new file mode 100644 index 000000000..13fb7673b --- /dev/null +++ b/package/qca/qca-nss-clients/patches/0005-vlanmgr-fix-compile-error.patch @@ -0,0 +1,59 @@ +--- a/vlan/nss_vlan_mgr.c ++++ b/vlan/nss_vlan_mgr.c +@@ -800,8 +800,10 @@ static struct nss_vlan_pvt *nss_vlan_mgr + */ + static void nss_vlan_mgr_instance_free(struct nss_vlan_pvt *v) + { ++#ifdef NSS_VLAN_MGR_PPE_SUPPORT + int32_t i; + int ret = 0; ++#endif + + spin_lock(&vlan_mgr_ctx.lock); + BUG_ON(--v->refs); +@@ -961,8 +963,11 @@ static int nss_vlan_mgr_register_event(s + int ret; + #endif + uint32_t vlan_tag; ++#ifdef NSS_VLAN_MGR_PPE_SUPPORT + struct net_device *slave; +- int32_t port, port_if; ++ int32_t port; ++#endif ++ int32_t port_if; + struct vlan_dev_priv *vlan; + struct net_device *real_dev; + bool is_bond_master = false; +@@ -1355,8 +1360,10 @@ return_with_error: + int nss_vlan_mgr_join_bridge(struct net_device *dev, uint32_t bridge_vsi) + { + struct nss_vlan_pvt *v = nss_vlan_mgr_instance_find_and_ref(dev); ++#ifdef NSS_VLAN_MGR_PPE_SUPPORT + struct net_device *real_dev; + int ret; ++#endif + + if (!v) + return 0; +@@ -1416,8 +1423,10 @@ EXPORT_SYMBOL(nss_vlan_mgr_join_bridge); + int nss_vlan_mgr_leave_bridge(struct net_device *dev, uint32_t bridge_vsi) + { + struct nss_vlan_pvt *v = nss_vlan_mgr_instance_find_and_ref(dev); ++#ifdef NSS_VLAN_MGR_PPE_SUPPORT + struct net_device *real_dev; + int ret; ++#endif + + if (!v) + return 0; +--- a/vlan/Makefile ++++ b/vlan/Makefile +@@ -8,7 +8,7 @@ ifeq ($(SoC),$(filter $(SoC),ipq807x ipq + ccflags-y += -DNSS_VLAN_MGR_PPE_SUPPORT + endif + +-ccflags-y += -DNSS_VLAN_MGR_DEBUG_LEVEL=0 ++ccflags-y += -DNSS_VLAN_MGR_DEBUG_LEVEL=4 + ccflags-y += -Wall -Werror + + ifneq (,$(filter $(CONFIG_BONDING),y m)) diff --git a/package/qca/qca-nss-clients/patches/0006-match-fix-compile-error.patch b/package/qca/qca-nss-clients/patches/0006-match-fix-compile-error.patch new file mode 100644 index 000000000..ad3ad0b91 --- /dev/null +++ b/package/qca/qca-nss-clients/patches/0006-match-fix-compile-error.patch @@ -0,0 +1,25 @@ +--- a/match/nss_match_priv.h ++++ b/match/nss_match_priv.h +@@ -29,19 +29,19 @@ + /* + * Statically compile messages at different levels + */ +-#if (NSS_match_DEBUG_LEVEL < 2) ++#if (NSS_MATCH_DEBUG_LEVEL < 2) + #define nss_match_warn(s, ...) + #else + #define nss_match_warn(s, ...) pr_warn("%s[%d]:" s, __FUNCTION__, __LINE__, ##__VA_ARGS__) + #endif + +-#if (NSS_match_DEBUG_LEVEL < 3) ++#if (NSS_MATCH_DEBUG_LEVEL < 3) + #define nss_match_info(s, ...) + #else + #define nss_match_info(s, ...) pr_notice("%s[%d]:" s, __FUNCTION__, __LINE__, ##__VA_ARGS__) + #endif + +-#if (NSS_match_DEBUG_LEVEL < 4) ++#if (NSS_MATCH_DEBUG_LEVEL < 4) + #define nss_match_trace(s, ...) + #else + #define nss_match_trace(s, ...) pr_info("%s[%d]:" s, __FUNCTION__, __LINE__, ##__VA_ARGS__) diff --git a/package/qca/qca-nss-clients/patches/0007-bridge-fix-compile-error.patch b/package/qca/qca-nss-clients/patches/0007-bridge-fix-compile-error.patch new file mode 100644 index 000000000..539ff6874 --- /dev/null +++ b/package/qca/qca-nss-clients/patches/0007-bridge-fix-compile-error.patch @@ -0,0 +1,29 @@ +--- a/bridge/nss_bridge_mgr.c ++++ b/bridge/nss_bridge_mgr.c +@@ -1098,8 +1098,10 @@ int nss_bridge_mgr_register_br(struct ne + */ + b_pvt->ifnum = ifnum; + b_pvt->mtu = dev->mtu; ++#if defined(NSS_BRIDGE_MGR_PPE_SUPPORT) + b_pvt->wan_if_num = -1; + b_pvt->wan_if_enabled = false; ++#endif + ether_addr_copy(b_pvt->dev_addr, dev->dev_addr); + spin_lock(&br_mgr_ctx.lock); + list_add(&b_pvt->list, &br_mgr_ctx.list); +@@ -1165,6 +1167,7 @@ static int nss_bridge_mgr_bond_slave_cha + return NOTIFY_DONE; + } + ++#if defined(NSS_BRIDGE_MGR_PPE_SUPPORT) + /* + * Add or remove the slave based based on linking event + */ +@@ -1179,6 +1182,7 @@ static int nss_bridge_mgr_bond_slave_cha + cu_info->upper_dev->name, master->name); + } + } ++#endif + + return NOTIFY_DONE; + } diff --git a/package/qca/qca-nss-clients/patches/0008-profiler-fix-compile-error.patch b/package/qca/qca-nss-clients/patches/0008-profiler-fix-compile-error.patch new file mode 100644 index 000000000..8b6d92c05 --- /dev/null +++ b/package/qca/qca-nss-clients/patches/0008-profiler-fix-compile-error.patch @@ -0,0 +1,61 @@ +--- a/profiler/profile.c ++++ b/profiler/profile.c +@@ -31,6 +31,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -937,12 +938,26 @@ static ssize_t debug_if(struct file *fil + return count; + } + ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(5,6,0) ++#define HAVE_PROC_OPS ++#endif ++ ++#ifdef HAVE_PROC_OPS ++static const struct proc_ops profile_fops = { ++ .proc_open = profile_open, ++ .proc_read = profile_read, ++ .proc_lseek = seq_lseek, ++ .proc_release = profile_release, ++ .proc_write = debug_if, ++}; ++#else + static const struct file_operations profile_fops = { + .open = profile_open, + .read = profile_read, + .release = profile_release, + .write = debug_if, + }; ++#endif + + /* + * showing sample status on Linux console +@@ -971,6 +986,15 @@ static ssize_t profile_rate_write(struct + return 0; + } + ++#ifdef HAVE_PROC_OPS ++static const struct proc_ops profile_rate_fops = { ++ .proc_open = profile_rate_open, ++ .proc_read = seq_read, ++ .proc_lseek = seq_lseek, ++ .proc_release = single_release, ++ .proc_write = profile_rate_write, ++}; ++#else + static const struct file_operations profile_rate_fops = { + .open = profile_rate_open, + .read = seq_read, +@@ -978,6 +1002,7 @@ static const struct file_operations prof + .release = single_release, + .write = profile_rate_write, + }; ++#endif + + /* + * hexdump diff --git a/package/qca/qca-nss-clients/patches/0009-gre-fix-compile-error.patch b/package/qca/qca-nss-clients/patches/0009-gre-fix-compile-error.patch new file mode 100644 index 000000000..e833327ed --- /dev/null +++ b/package/qca/qca-nss-clients/patches/0009-gre-fix-compile-error.patch @@ -0,0 +1,17 @@ +--- a/gre/nss_connmgr_gre_v4.c ++++ b/gre/nss_connmgr_gre_v4.c +@@ -172,14 +172,6 @@ int nss_connmgr_gre_v4_set_config(struct + } + } + +- /* +- * IP address validate +- */ +- if ((cfg->src_ip == 0) || (cfg->dest_ip == 0)) { +- nss_connmgr_gre_warning("Source ip/Destination IP is invalid"); +- return GRE_ERR_INVALID_IP; +- } +- + memset(t, 0, sizeof(struct ip_tunnel)); + + priv->pad_len = (cfg->add_padding) ? GRE_HDR_PAD_LEN : 0; diff --git a/package/qca/qca-nss-clients/patches/0010-fix-portifmgr.patch b/package/qca/qca-nss-clients/patches/0010-fix-portifmgr.patch new file mode 100644 index 000000000..343f17b84 --- /dev/null +++ b/package/qca/qca-nss-clients/patches/0010-fix-portifmgr.patch @@ -0,0 +1,35 @@ +--- a/portifmgr/nss_portifmgr.c ++++ b/portifmgr/nss_portifmgr.c +@@ -187,16 +187,20 @@ drop: + } + + /* +- * nss_portifmgr_get_stats() ++ * nss_portifmgr_get_stats64() + * Netdev get stats function to get port stats + */ +-static struct rtnl_link_stats64 *nss_portifmgr_get_stats(struct net_device *dev, struct rtnl_link_stats64 *stats) ++/* ++ * nss_nlgre_redir_cmn_dev_stats64 ++ * Report packet statistics to linux ++ */ ++static void nss_portifmgr_get_stats64(struct net_device *dev, ++ struct rtnl_link_stats64 *stats) + { + struct nss_portifmgr_priv *priv = (struct nss_portifmgr_priv *)netdev_priv(dev); + BUG_ON(priv == NULL); + + nss_portid_get_stats(priv->if_num, stats); +- return stats; + } + + /* +@@ -225,7 +229,7 @@ static const struct net_device_ops nss_p + .ndo_start_xmit = nss_portifmgr_start_xmit, + .ndo_set_mac_address = eth_mac_addr, + .ndo_change_mtu = nss_portifmgr_change_mtu, +- .ndo_get_stats64 = nss_portifmgr_get_stats, ++ .ndo_get_stats64 = nss_portifmgr_get_stats64, + }; + + /* diff --git a/package/qca/qca-nss-clients/patches/0011-dtlsmgr-fix-SHA-header-include-in-5.15.patch b/package/qca/qca-nss-clients/patches/0011-dtlsmgr-fix-SHA-header-include-in-5.15.patch new file mode 100644 index 000000000..a095a5370 --- /dev/null +++ b/package/qca/qca-nss-clients/patches/0011-dtlsmgr-fix-SHA-header-include-in-5.15.patch @@ -0,0 +1,48 @@ +--- a/dtls/v2.0/nss_dtlsmgr.c ++++ b/dtls/v2.0/nss_dtlsmgr.c +@@ -38,7 +38,13 @@ + #include + #include + #include ++#include ++#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 11, 0) + #include ++#else ++#include ++#include ++#endif + #include + #include + +--- a/dtls/v2.0/nss_dtlsmgr_ctx.c ++++ b/dtls/v2.0/nss_dtlsmgr_ctx.c +@@ -40,7 +40,13 @@ + #include + #include + #include ++#include ++#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 11, 0) + #include ++#else ++#include ++#include ++#endif + #include + #include + +--- a/dtls/v2.0/nss_dtlsmgr_ctx_dev.c ++++ b/dtls/v2.0/nss_dtlsmgr_ctx_dev.c +@@ -36,7 +36,13 @@ + #include + #include + #include ++#include ++#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 11, 0) + #include ++#else ++#include ++#include ++#endif + + #include + #include diff --git a/package/qca/qca-nss-clients/patches/0012-dtlsmgr-fix-debug-print-in-5.15.patch b/package/qca/qca-nss-clients/patches/0012-dtlsmgr-fix-debug-print-in-5.15.patch new file mode 100644 index 000000000..89936dbdc --- /dev/null +++ b/package/qca/qca-nss-clients/patches/0012-dtlsmgr-fix-debug-print-in-5.15.patch @@ -0,0 +1,36 @@ +--- a/dtls/v2.0/nss_dtlsmgr_private.h ++++ b/dtls/v2.0/nss_dtlsmgr_private.h +@@ -36,9 +36,9 @@ + /* + * Compile messages for dynamic enable/disable + */ +-#define nss_dtlsmgr_warn(s, ...) pr_debug("%s[%d]:" s "\n", __func__, __LINE__, ##__VA_ARGS__) +-#define nss_dtlsmgr_info(s, ...) pr_debug("%s[%d]:" s "\n", __func__, __LINE__, ##__VA_ARGS__) +-#define nss_dtlsmgr_trace(s, ...) pr_debug("%s[%d]:" s "\n", __func__, __LINE__, ##__VA_ARGS__) ++#define nss_dtlsmgr_warn(s, ...) pr_debug("%s[%d]:" s "\n", __func__, __LINE__, ##__VA_ARGS__); ++#define nss_dtlsmgr_info(s, ...) pr_debug("%s[%d]:" s "\n", __func__, __LINE__, ##__VA_ARGS__); ++#define nss_dtlsmgr_trace(s, ...) pr_debug("%s[%d]:" s "\n", __func__, __LINE__, ##__VA_ARGS__); + #else + + /* +@@ -46,17 +46,17 @@ + */ + #define nss_dtlsmgr_warn(s, ...) { \ + if (NSS_DTLSMGR_DEBUG_LEVEL > NSS_DTLSMGR_DEBUG_LEVEL_ERROR) \ +- pr_warn("%s[%d]:" s "\n", __func__, __LINE__, ##__VA_ARGS__) \ ++ pr_warn("%s[%d]:" s "\n", __func__, __LINE__, ##__VA_ARGS__); \ + } + + #define nss_dtlsmgr_info(s, ...) { \ + if (NSS_DTLSMGR_DEBUG_LEVEL > NSS_DTLSMGR_DEBUG_LEVEL_WARN) \ +- pr_notice("%s[%d]:" s "\n", __func__, __LINE__, ##__VA_ARGS__) \ ++ pr_notice("%s[%d]:" s "\n", __func__, __LINE__, ##__VA_ARGS__); \ + } + + #define nss_dtlsmgr_trace(s, ...) { \ + if (NSS_DTLSMGR_DEBUG_LEVEL > NSS_DTLSMGR_DEBUG_LEVEL_INFO) \ +- pr_info("%s[%d]:" s "\n", __func__, __LINE__, ##__VA_ARGS__) \ ++ pr_info("%s[%d]:" s "\n", __func__, __LINE__, ##__VA_ARGS__); \ + } + + #endif /* CONFIG_DYNAMIC_DEBUG */ diff --git a/package/qca/qca-nss-clients/patches/0013-tlsmgr-fix-SHA-header-include-in-5.15.patch b/package/qca/qca-nss-clients/patches/0013-tlsmgr-fix-SHA-header-include-in-5.15.patch new file mode 100644 index 000000000..f3cee731d --- /dev/null +++ b/package/qca/qca-nss-clients/patches/0013-tlsmgr-fix-SHA-header-include-in-5.15.patch @@ -0,0 +1,32 @@ +--- a/tls/nss_tlsmgr_crypto.c ++++ b/tls/nss_tlsmgr_crypto.c +@@ -41,7 +41,13 @@ + #include + #include + #include ++#include ++#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 11, 0) + #include ++#else ++#include ++#include ++#endif + #include + #include + #include +--- a/tls/nss_tlsmgr_tun.c ++++ b/tls/nss_tlsmgr_tun.c +@@ -35,7 +35,13 @@ + #include + #include + #include ++#include ++#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 11, 0) + #include ++#else ++#include ++#include ++#endif + + #include + #include diff --git a/package/qca/qca-nss-clients/patches/0014-ovpnmgr-fix-SHA-header-include-in-5.15.patch b/package/qca/qca-nss-clients/patches/0014-ovpnmgr-fix-SHA-header-include-in-5.15.patch new file mode 100644 index 000000000..0b8cd17eb --- /dev/null +++ b/package/qca/qca-nss-clients/patches/0014-ovpnmgr-fix-SHA-header-include-in-5.15.patch @@ -0,0 +1,32 @@ +--- a/openvpn/src/nss_ovpnmgr_crypto.c ++++ b/openvpn/src/nss_ovpnmgr_crypto.c +@@ -28,7 +28,13 @@ + #include + #include + #include ++#include ++#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 11, 0) + #include ++#else ++#include ++#include ++#endif + #include + + #include +--- a/openvpn/src/nss_ovpnmgr_route.c ++++ b/openvpn/src/nss_ovpnmgr_route.c +@@ -34,7 +34,13 @@ + #include + #include + #include ++#include ++#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 11, 0) + #include ++#else ++#include ++#include ++#endif + #include + + #include diff --git a/package/qca/qca-nss-clients/patches/0015-tunipip6-fix-compile-error-in-5.15.patch b/package/qca/qca-nss-clients/patches/0015-tunipip6-fix-compile-error-in-5.15.patch new file mode 100644 index 000000000..b9d6c2e22 --- /dev/null +++ b/package/qca/qca-nss-clients/patches/0015-tunipip6-fix-compile-error-in-5.15.patch @@ -0,0 +1,11 @@ +--- a/tunipip6/nss_connmgr_tunipip6.c ++++ b/tunipip6/nss_connmgr_tunipip6.c +@@ -258,7 +258,7 @@ static void nss_tunipip6_decap_exception + struct iphdr *iph; + struct rtable *rt; + int cpu; +- int8_t ver = skb->data[0] >> 4; ++ __attribute__((unused)) int8_t ver = skb->data[0] >> 4; + + nss_tunipip6_trace("%px: received - %d bytes name %s ver %x\n", + dev, skb->len, dev->name, ver); diff --git a/package/qca/qca-nss-clients/patches/0016-vxlanmgr-fix-compile-error-in-5.15.patch b/package/qca/qca-nss-clients/patches/0016-vxlanmgr-fix-compile-error-in-5.15.patch new file mode 100644 index 000000000..80173f88a --- /dev/null +++ b/package/qca/qca-nss-clients/patches/0016-vxlanmgr-fix-compile-error-in-5.15.patch @@ -0,0 +1,11 @@ +--- a/vxlanmgr/nss_vxlanmgr.c ++++ b/vxlanmgr/nss_vxlanmgr.c +@@ -84,7 +84,7 @@ int32_t nss_vxlanmgr_bind_ipsec_by_ip(un + { + int32_t ipsec_if_num; + nss_vxlanmgr_get_ipsec_if_num_by_ip_callback_t ipsec_cb; +- struct nss_ctx_instance *nss_ctx = nss_vxlan_get_ctx(); ++ __attribute__((unused)) struct nss_ctx_instance *nss_ctx = nss_vxlan_get_ctx(); + + /* + * Check if the VxLAN interface is applied over an IPsec interface by querying the IPsec. diff --git a/package/qca/qca-nss-clients/patches/0017-tlsmgr-fix-debug-print-in-5.15.patch b/package/qca/qca-nss-clients/patches/0017-tlsmgr-fix-debug-print-in-5.15.patch new file mode 100644 index 000000000..4fbdecb49 --- /dev/null +++ b/package/qca/qca-nss-clients/patches/0017-tlsmgr-fix-debug-print-in-5.15.patch @@ -0,0 +1,34 @@ +--- a/tls/nss_tlsmgr_priv.h ++++ b/tls/nss_tlsmgr_priv.h +@@ -28,7 +28,7 @@ + #define NSS_TLSMGR_DEBUG_LEVEL_INFO 3 + #define NSS_TLSMGR_DEBUG_LEVEL_TRACE 4 + +-#define nss_tlsmgr_info_always(s, ...) pr_info("%s[%d]:" s "\n", __func__, __LINE__, ##__VA_ARGS__) ++#define nss_tlsmgr_info_always(s, ...) pr_info("%s[%d]:" s "\n", __func__, __LINE__, ##__VA_ARGS__); + + #define nss_tlsmgr_error(s, ...) do { \ + if (net_ratelimit()) { \ +@@ -43,18 +43,18 @@ + } while (0) + + #if defined(CONFIG_DYNAMIC_DEBUG) +-#define nss_tlsmgr_info(s, ...) pr_debug("%s[%d]:" s "\n", __func__, __LINE__, ##__VA_ARGS__) +-#define nss_tlsmgr_trace(s, ...) pr_debug("%s[%d]:" s "\n", __func__, __LINE__, ##__VA_ARGS__) ++#define nss_tlsmgr_info(s, ...) pr_debug("%s[%d]:" s "\n", __func__, __LINE__, ##__VA_ARGS__); ++#define nss_tlsmgr_trace(s, ...) pr_debug("%s[%d]:" s "\n", __func__, __LINE__, ##__VA_ARGS__); + #else + + #define nss_tlsmgr_info(s, ...) { \ + if (NSS_TLSMGR_DEBUG_LEVEL > NSS_TLSMGR_DEBUG_LEVEL_WARN) \ +- pr_notice("%s[%d]:" s "\n", __func__, __LINE__, ##__VA_ARGS__) \ ++ pr_notice("%s[%d]:" s "\n", __func__, __LINE__, ##__VA_ARGS__); \ + } + + #define nss_tlsmgr_trace(s, ...) { \ + if (NSS_TLSMGR_DEBUG_LEVEL > NSS_TLSMGR_DEBUG_LEVEL_INFO) \ +- pr_info("%s[%d]:" s "\n", __func__, __LINE__, ##__VA_ARGS__) \ ++ pr_info("%s[%d]:" s "\n", __func__, __LINE__, ##__VA_ARGS__); \ + } + + #endif /* CONFIG_DYNAMIC_DEBUG */ diff --git a/package/qca/qca-nss-clients/patches/0018-kernel-6.1-support.patch b/package/qca/qca-nss-clients/patches/0018-kernel-6.1-support.patch new file mode 100644 index 000000000..7606a1535 --- /dev/null +++ b/package/qca/qca-nss-clients/patches/0018-kernel-6.1-support.patch @@ -0,0 +1,301 @@ +--- a/bridge/nss_bridge_mgr.c ++++ b/bridge/nss_bridge_mgr.c +@@ -1081,7 +1081,7 @@ int nss_bridge_mgr_register_br(struct ne + } + #endif + +- err = nss_bridge_tx_set_mac_addr_msg(ifnum, dev->dev_addr); ++ err = nss_bridge_tx_set_mac_addr_msg(ifnum, (uint8_t *) dev->dev_addr); + if (err != NSS_TX_SUCCESS) { + nss_bridge_mgr_warn("%px: failed to set mac_addr msg, error = %d\n", b_pvt, err); + goto fail_4; +@@ -1242,7 +1242,7 @@ static int nss_bridge_mgr_changeaddr_eve + + nss_bridge_mgr_trace("%px: MAC changed to %pM, update NSS\n", b_pvt, dev->dev_addr); + +- if (nss_bridge_tx_set_mac_addr_msg(b_pvt->ifnum, dev->dev_addr) != NSS_TX_SUCCESS) { ++ if (nss_bridge_tx_set_mac_addr_msg(b_pvt->ifnum, (uint8_t *) dev->dev_addr) != NSS_TX_SUCCESS) { + nss_bridge_mgr_warn("%px: Failed to send change MAC address message to NSS\n", b_pvt); + return NOTIFY_DONE; + } +--- a/dtls/v2.0/nss_dtlsmgr_ctx_dev.c ++++ b/dtls/v2.0/nss_dtlsmgr_ctx_dev.c +@@ -532,7 +532,7 @@ void nss_dtlsmgr_ctx_dev_setup(struct ne + #else + dev->priv_destructor = nss_dtlsmgr_ctx_dev_free; + #endif +- memcpy(dev->dev_addr, "\xaa\xbb\xcc\xdd\xee\xff", dev->addr_len); ++ memcpy((void *) dev->dev_addr, "\xaa\xbb\xcc\xdd\xee\xff", dev->addr_len); + memset(dev->broadcast, 0xff, dev->addr_len); + memcpy(dev->perm_addr, dev->dev_addr, dev->addr_len); + } +--- a/gre/test/nss_connmgr_gre_test.c ++++ b/gre/test/nss_connmgr_gre_test.c +@@ -223,7 +223,7 @@ static int nss_connmgr_gre_test_show_pro + */ + static int nss_connmgr_gre_test_open_proc(struct inode *inode, struct file *filp) + { +- return single_open(filp, nss_connmgr_gre_test_show_proc, PDE_DATA(inode)); ++ return single_open(filp, nss_connmgr_gre_test_show_proc, pde_data(inode)); + } + + /* +--- a/gre/nss_connmgr_gre.c ++++ b/gre/nss_connmgr_gre.c +@@ -279,10 +279,10 @@ static struct rtnl_link_stats64 *nss_con + #else + start = u64_stats_fetch_begin_irq(&tstats->syncp); + #endif +- rx_packets = tstats->rx_packets; +- tx_packets = tstats->tx_packets; +- rx_bytes = tstats->rx_bytes; +- tx_bytes = tstats->tx_bytes; ++ rx_packets = u64_stats_read(&tstats->rx_packets); ++ tx_packets = u64_stats_read(&tstats->tx_packets); ++ rx_bytes = u64_stats_read(&tstats->rx_bytes); ++ tx_bytes = u64_stats_read(&tstats->tx_bytes); + #if (LINUX_VERSION_CODE < KERNEL_VERSION(3, 15, 0)) + } while (u64_stats_fetch_retry_bh(&tstats->syncp, start)); + #else +@@ -697,11 +697,11 @@ static void nss_connmgr_gre_event_receiv + tstats = this_cpu_ptr(dev->tstats); + u64_stats_update_begin(&tstats->syncp); + if (interface_type == NSS_DYNAMIC_INTERFACE_TYPE_GRE_INNER) { +- tstats->tx_packets += stats->tx_packets; +- tstats->tx_bytes += stats->tx_bytes; ++ u64_stats_add(&tstats->tx_packets, stats->tx_packets); ++ u64_stats_add(&tstats->tx_bytes, stats->tx_bytes); + } else if (interface_type == NSS_DYNAMIC_INTERFACE_TYPE_GRE_OUTER) { +- tstats->rx_packets += stats->rx_packets; +- tstats->rx_bytes += stats->rx_bytes; ++ u64_stats_add(&tstats->rx_packets, stats->rx_packets); ++ u64_stats_add(&tstats->rx_bytes, stats->rx_bytes); + } + u64_stats_update_end(&tstats->syncp); + dev->stats.rx_dropped += nss_cmn_rx_dropped_sum(stats); +--- a/tunipip6/nss_connmgr_tunipip6.c ++++ b/tunipip6/nss_connmgr_tunipip6.c +@@ -354,11 +354,11 @@ static void nss_tunipip6_update_dev_stat + + memset(&stats, 0, sizeof(stats)); + if (interface_type == NSS_DYNAMIC_INTERFACE_TYPE_TUNIPIP6_INNER) { +- stats.tx_packets = sync_stats->node_stats.tx_packets; +- stats.tx_bytes = sync_stats->node_stats.tx_bytes; ++ u64_stats_set(&stats.tx_packets, sync_stats->node_stats.tx_packets); ++ u64_stats_set(&stats.tx_bytes, sync_stats->node_stats.tx_bytes); + } else if (interface_type == NSS_DYNAMIC_INTERFACE_TYPE_TUNIPIP6_OUTER) { +- stats.rx_packets = sync_stats->node_stats.rx_packets; +- stats.rx_bytes = sync_stats->node_stats.rx_bytes; ++ u64_stats_set(&stats.rx_packets, sync_stats->node_stats.rx_packets); ++ u64_stats_set(&stats.rx_bytes, sync_stats->node_stats.rx_bytes); + } else { + nss_tunipip6_warning("%px: Invalid interface type received from NSS\n", dev); + return; +--- a/nss_qdisc/igs/nss_mirred.c ++++ b/nss_qdisc/igs/nss_mirred.c +@@ -317,7 +317,7 @@ static int nss_mirred_act(struct sk_buff + * Update the last use of action. + */ + tcf_lastuse_update(&act->tcf_tm); +- bstats_cpu_update(this_cpu_ptr(act->common.cpu_bstats), skb); ++ bstats_update(this_cpu_ptr(act->common.cpu_bstats), skb); + + rcu_read_lock(); + retval = READ_ONCE(act->tcf_action); +--- a/nss_qdisc/nss_qdisc.h ++++ b/nss_qdisc/nss_qdisc.h +@@ -217,7 +217,7 @@ struct nss_qdisc { + /* Shaper configure callback for reading shaper specific + * responses (e.g. memory size). + */ +- struct gnet_stats_basic_packed bstats; /* Basic class statistics */ ++ struct gnet_stats_basic_sync bstats; /* Basic class statistics */ + struct gnet_stats_queue qstats; /* Qstats for use by classes */ + #if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 13, 0)) + atomic_t refcnt; /* Reference count for class use */ +@@ -464,7 +464,7 @@ extern int nss_qdisc_init(struct Qdisc * + * Wrapper around gnet_stats_copy_basic() + */ + extern int nss_qdisc_gnet_stats_copy_basic(struct Qdisc *sch, +- struct gnet_dump *d, struct gnet_stats_basic_packed *b); ++ struct gnet_dump *d, struct gnet_stats_basic_sync *b); + + /* + * nss_qdisc_gnet_stats_copy_queue() +--- a/nss_qdisc/igs/nss_ifb.c ++++ b/nss_qdisc/igs/nss_ifb.c +@@ -544,8 +544,10 @@ static void nss_ifb_update_dev_stats(str + * post shaping. Therefore IFB interface's stats should be updated + * with NSS firmware's IFB TX stats only. + */ +- stats.rx_packets = stats.tx_packets = node_stats->tx_packets; +- stats.rx_bytes = stats.tx_bytes = node_stats->tx_bytes; ++ u64_stats_set(&stats.rx_packets, node_stats->tx_packets); ++ u64_stats_set(&stats.tx_packets, node_stats->tx_packets); ++ u64_stats_set(&stats.rx_bytes, node_stats->tx_bytes); ++ u64_stats_set(&stats.tx_bytes, node_stats->tx_bytes); + dev->stats.rx_dropped = dev->stats.tx_dropped += sync_stats->igs_stats.tx_dropped; + u64_stats_update_end(&stats.syncp); + +--- a/nss_qdisc/nss_qdisc.c ++++ b/nss_qdisc/nss_qdisc.c +@@ -2608,12 +2608,14 @@ int nss_qdisc_init(struct Qdisc *sch, st + * Wrapper around gnet_stats_copy_basic() + */ + int nss_qdisc_gnet_stats_copy_basic(struct Qdisc *sch, struct gnet_dump *d, +- struct gnet_stats_basic_packed *b) ++ struct gnet_stats_basic_sync *b) + { + #if (LINUX_VERSION_CODE <= KERNEL_VERSION(3, 18, 0)) + return gnet_stats_copy_basic(d, b); + #elif (LINUX_VERSION_CODE < KERNEL_VERSION(4, 8, 0)) + return gnet_stats_copy_basic(d, NULL, b); ++#elif (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 16, 0)) ++ return gnet_stats_copy_basic(d, NULL, b, true); + #else + return gnet_stats_copy_basic(qdisc_root_sleeping_running(sch), d, NULL, b); + #endif +--- a/nss_qdisc/nss_qdisc_stats.c ++++ b/nss_qdisc/nss_qdisc_stats.c +@@ -160,7 +160,7 @@ static void nss_qdisc_stats_process_node + { + struct Qdisc *qdisc; + struct nss_qdisc *nq; +- struct gnet_stats_basic_packed *bstats; ++ struct gnet_stats_basic_sync *bstats; + struct gnet_stats_queue *qstats; + uint32_t qos_tag = response->qos_tag; + #if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 13, 0)) +@@ -214,8 +214,8 @@ static void nss_qdisc_stats_process_node + * Update qdisc->bstats + */ + spin_lock_bh(&nq->lock); +- bstats->bytes += (__u64)response->sn_stats.delta.dequeued_bytes; +- bstats->packets += response->sn_stats.delta.dequeued_packets; ++ u64_stats_add(&bstats->bytes, (__u64)response->sn_stats.delta.dequeued_bytes); ++ u64_stats_add(&bstats->packets, response->sn_stats.delta.dequeued_packets); + + /* + * Update qdisc->qstats +--- a/vlan/nss_vlan_mgr.c ++++ b/vlan/nss_vlan_mgr.c +@@ -787,7 +787,7 @@ static struct nss_vlan_pvt *nss_vlan_mgr + } + + v->mtu = dev->mtu; +- ether_addr_copy(v->dev_addr, dev->dev_addr); ++ ether_addr_copy(v->dev_addr, (uint8_t *) dev->dev_addr); + v->ifindex = dev->ifindex; + v->refs = 1; + +@@ -936,14 +936,14 @@ static int nss_vlan_mgr_changeaddr_event + } + spin_unlock(&vlan_mgr_ctx.lock); + +- if (nss_vlan_tx_set_mac_addr_msg(v_pvt->nss_if, dev->dev_addr) != NSS_TX_SUCCESS) { ++ if (nss_vlan_tx_set_mac_addr_msg(v_pvt->nss_if, (uint8_t *) dev->dev_addr) != NSS_TX_SUCCESS) { + nss_vlan_mgr_warn("%s: Failed to send change MAC address message to NSS\n", dev->name); + nss_vlan_mgr_instance_deref(v_pvt); + return NOTIFY_BAD; + } + + spin_lock(&vlan_mgr_ctx.lock); +- ether_addr_copy(v_pvt->dev_addr, dev->dev_addr); ++ ether_addr_copy(v_pvt->dev_addr, (uint8_t *) dev->dev_addr); + spin_unlock(&vlan_mgr_ctx.lock); + nss_vlan_mgr_trace("%s: MAC changed to %pM, updated NSS\n", dev->name, dev->dev_addr); + nss_vlan_mgr_instance_deref(v_pvt); +--- a/vxlanmgr/nss_vxlanmgr_tunnel.c ++++ b/vxlanmgr/nss_vxlanmgr_tunnel.c +@@ -489,8 +489,8 @@ static void nss_vxlanmgr_tunnel_inner_st + + tstats = this_cpu_ptr(dev->tstats); + u64_stats_update_begin(&tstats->syncp); +- tstats->tx_packets += stats->node_stats.tx_packets; +- tstats->tx_bytes += stats->node_stats.tx_bytes; ++ u64_stats_add(&tstats->tx_packets, stats->node_stats.tx_packets); ++ u64_stats_add(&tstats->tx_bytes, stats->node_stats.tx_bytes); + u64_stats_update_end(&tstats->syncp); + netdev_stats->tx_dropped += dropped; + } +@@ -526,8 +526,8 @@ static void nss_vxlanmgr_tunnel_outer_st + + tstats = this_cpu_ptr(dev->tstats); + u64_stats_update_begin(&tstats->syncp); +- tstats->rx_packets += stats->node_stats.tx_packets; +- tstats->rx_bytes += stats->node_stats.tx_bytes; ++ u64_stats_add(&tstats->rx_packets, stats->node_stats.tx_packets); ++ u64_stats_add(&tstats->rx_bytes, stats->node_stats.tx_bytes); + u64_stats_update_end(&tstats->syncp); + netdev_stats->rx_dropped += dropped; + dev_put(dev); +--- a/pvxlanmgr/nss_pvxlanmgr.c ++++ b/pvxlanmgr/nss_pvxlanmgr.c +@@ -177,7 +177,7 @@ static struct rtnl_link_stats64 *nss_pvx + * Netdev seems to be incrementing rx_dropped because we don't give IP header. + * So reset it as it's of no use for us. + */ +- atomic_long_set(&dev->rx_dropped, 0); ++ atomic_long_set(&(dev)->stats.__rx_dropped, 0); + priv = netdev_priv(dev); + memset(stats, 0, sizeof(struct rtnl_link_stats64)); + memcpy(stats, &priv->stats, sizeof(struct rtnl_link_stats64)); +@@ -305,7 +305,7 @@ static void nss_pvxlanmgr_dummy_netdev_s + dev->priv_destructor = NULL; + #endif + +- memcpy(dev->dev_addr, "\x00\x00\x00\x00\x00\x00", dev->addr_len); ++ memcpy((void *) dev->dev_addr, "\x00\x00\x00\x00\x00\x00", dev->addr_len); + memset(dev->broadcast, 0xff, dev->addr_len); + memcpy(dev->perm_addr, dev->dev_addr, dev->addr_len); + } +--- a/clmapmgr/nss_clmapmgr.c ++++ b/clmapmgr/nss_clmapmgr.c +@@ -103,7 +103,7 @@ static struct rtnl_link_stats64 *nss_clm + * Netdev seems to be incrementing rx_dropped because we don't give IP header. + * So reset it as it's of no use for us. + */ +- atomic_long_set(&dev->rx_dropped, 0); ++ atomic_long_set(&(dev)->stats.__rx_dropped, 0); + priv = netdev_priv(dev); + memset(stats, 0, sizeof(struct rtnl_link_stats64)); + memcpy(stats, &priv->stats, sizeof(struct rtnl_link_stats64)); +--- a/tls/nss_tlsmgr_tun.c ++++ b/tls/nss_tlsmgr_tun.c +@@ -185,7 +185,7 @@ static void nss_tlsmgr_tun_setup(struct + /* + * Get the MAC address from the ethernet device + */ +- random_ether_addr(dev->dev_addr); ++ eth_random_addr((u8 *) dev->dev_addr); + + memset(dev->broadcast, 0xff, dev->addr_len); + memcpy(dev->perm_addr, dev->dev_addr, dev->addr_len); +--- a/netlink/nss_nlgre_redir_cmn.c ++++ b/netlink/nss_nlgre_redir_cmn.c +@@ -384,7 +384,7 @@ static int nss_nlgre_redir_cmn_set_mac_a + return -EINVAL; + } + +- memcpy(dev->dev_addr, addr->sa_data, ETH_ALEN); ++ memcpy((void *) dev->dev_addr, addr->sa_data, ETH_ALEN); + return 0; + } + +--- a/nss_connmgr_tun6rd.c ++++ b/nss_connmgr_tun6rd.c +@@ -101,10 +101,10 @@ static void nss_tun6rd_update_dev_stats( + + u64_stats_init(&stats.syncp); + u64_stats_update_begin(&stats.syncp); +- stats.rx_packets = sync_stats->node_stats.rx_packets; +- stats.rx_bytes = sync_stats->node_stats.rx_bytes; +- stats.tx_packets = sync_stats->node_stats.tx_packets; +- stats.tx_bytes = sync_stats->node_stats.tx_bytes; ++ u64_stats_set(&stats.rx_packets, sync_stats->node_stats.rx_packets); ++ u64_stats_set(&stats.rx_bytes, sync_stats->node_stats.rx_bytes); ++ u64_stats_set(&stats.tx_packets, sync_stats->node_stats.tx_packets); ++ u64_stats_set(&stats.tx_bytes, sync_stats->node_stats.tx_bytes); + u64_stats_update_end(&stats.syncp); + #else + struct nss_tun6rd_stats stats; diff --git a/package/qca/qca-nss-crypto/Makefile b/package/qca/qca-nss-crypto/Makefile new file mode 100644 index 000000000..c0d2dc4bb --- /dev/null +++ b/package/qca/qca-nss-crypto/Makefile @@ -0,0 +1,68 @@ +include $(TOPDIR)/rules.mk + +PKG_NAME:=qca-nss-crypto +PKG_RELEASE:=1 + +PKG_SOURCE_PROTO:=git +PKG_SOURCE_DATE:=2022-12-15 +PKG_SOURCE_URL:=https://git.codelinaro.org/clo/qsdk/oss/lklm/nss-crypto.git +PKG_SOURCE_VERSION:=3c5a574ce99d7f0b9f892002020f1bf9bfc57a81 +PKG_MIRROR_HASH:=ff487c5574481f548eef7b61129fa7be1d83ae285dcc3356a06be237440d8782 + +PKG_BUILD_PARALLEL:=1 + +include $(INCLUDE_DIR)/kernel.mk +include $(INCLUDE_DIR)/package.mk + +# v1.0 is for Akronite +# v2.0 is for Hawkeye/Cypress/Maple +ifneq (, $(findstring $(CONFIG_TARGET_SUBTARGET), "ipq807x" "ipq60xx")) +NSS_CRYPTO_DIR:=v2.0 +else +NSS_CRYPTO_DIR:=v1.0 +endif + +define KernelPackage/qca-nss-crypto + SECTION:=kernel + CATEGORY:=Kernel modules + SUBMENU:=Cryptographic API modules + DEPENDS:=@TARGET_qualcommax +kmod-qca-nss-drv + TITLE:=Kernel driver for NSS crypto driver + FILES:=$(PKG_BUILD_DIR)/$(NSS_CRYPTO_DIR)/src/qca-nss-crypto.ko \ + $(PKG_BUILD_DIR)/$(NSS_CRYPTO_DIR)/tool/qca-nss-crypto-tool.ko + AUTOLOAD:=$(call AutoProbe,qca-nss-crypto) +endef + +define KernelPackage/qca-nss-crypto/Description +This package contains a NSS crypto driver for QCA chipset +endef + +define Build/InstallDev + $(INSTALL_DIR) $(1)/usr/include/qca-nss-crypto + $(CP) $(PKG_BUILD_DIR)/$(NSS_CRYPTO_DIR)/include/* $(1)/usr/include/qca-nss-crypto +endef + +EXTRA_CFLAGS+= \ + -DCONFIG_NSS_DEBUG_LEVEL=4 \ + -I$(STAGING_DIR)/usr/include/qca-nss-crypto \ + -I$(STAGING_DIR)/usr/include/qca-nss-drv \ + -I$(PKG_BUILD_DIR)/$(NSS_CRYPTO_DIR)/include \ + -I$(PKG_BUILD_DIR)/$(NSS_CRYPTO_DIR)/src + +ifeq ($(CONFIG_TARGET_BOARD), "qualcommax") + SOC:=$(CONFIG_TARGET_SUBTARGET) +endif + +define Build/Compile + +$(MAKE) -C "$(LINUX_DIR)" \ + CC="$(TARGET_CC)" \ + $(KERNEL_MAKE_FLAGS) \ + M="$(PKG_BUILD_DIR)" \ + EXTRA_CFLAGS="$(EXTRA_CFLAGS)" \ + NSS_CRYPTO_DIR=$(NSS_CRYPTO_DIR) \ + SoC=$(SOC) \ + $(PKG_JOBS) \ + modules +endef + +$(eval $(call KernelPackage,qca-nss-crypto)) diff --git a/package/qca/qca-nss-crypto/patches/0001-nss-crypto-fix-SHA1-header-include.patch b/package/qca/qca-nss-crypto/patches/0001-nss-crypto-fix-SHA1-header-include.patch new file mode 100644 index 000000000..c9849a2e8 --- /dev/null +++ b/package/qca/qca-nss-crypto/patches/0001-nss-crypto-fix-SHA1-header-include.patch @@ -0,0 +1,27 @@ +From 0c6c593783f2d64a429ad38523661a915aa462fc Mon Sep 17 00:00:00 2001 +From: Robert Marko +Date: Sun, 13 Mar 2022 13:44:47 +0100 +Subject: [PATCH 1/3] nss-crypto: fix SHA1 header include + +SHA1 header has been merged to the generic SHA one, +and with that the cryptohash.h was dropped. + +So, fix include in kernels 5.8 and newer. + +Signed-off-by: Robert Marko +--- + v2.0/src/nss_crypto_hlos.h | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/v2.0/src/nss_crypto_hlos.h ++++ b/v2.0/src/nss_crypto_hlos.h +@@ -55,7 +55,9 @@ + #include + #include + #include ++#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 8, 0) + #include ++#endif + #include + #include + #include diff --git a/package/qca/qca-nss-crypto/patches/0002-nss-crypto-replace-ioremap_nocache-with-ioremap.patch b/package/qca/qca-nss-crypto/patches/0002-nss-crypto-replace-ioremap_nocache-with-ioremap.patch new file mode 100644 index 000000000..19454c457 --- /dev/null +++ b/package/qca/qca-nss-crypto/patches/0002-nss-crypto-replace-ioremap_nocache-with-ioremap.patch @@ -0,0 +1,94 @@ +From 8baa8e747247403c6f814ea5dc3e463c70e0415f Mon Sep 17 00:00:00 2001 +From: Robert Marko +Date: Tue, 8 Jun 2021 22:14:34 +0200 +Subject: [PATCH 2/3] nss-crypto: replace ioremap_nocache() with ioremap + +ioremap_nocache() was dropped in kernel 5.5 as regular +ioremap() was exactly the same. + +So, simply replace all of the ioremap_nocache() calls +with ioremap(). + +Signed-off-by: Robert Marko +--- + v1.0/src/nss_crypto_dtsi.c | 4 ++-- + v1.0/src/nss_crypto_platform.c | 4 ++-- + v2.0/src/hal/ipq50xx/nss_crypto_ce5.c | 4 ++-- + v2.0/src/hal/ipq60xx/nss_crypto_eip197.c | 2 +- + v2.0/src/hal/ipq807x/nss_crypto_eip197.c | 2 +- + 5 files changed, 8 insertions(+), 8 deletions(-) + +--- a/v1.0/src/nss_crypto_dtsi.c ++++ b/v1.0/src/nss_crypto_dtsi.c +@@ -311,11 +311,11 @@ static int nss_crypto_probe(struct platf + e_ctrl->dev = &pdev->dev; + + e_ctrl->cmd_base = crypto_res.start; +- e_ctrl->crypto_base = ioremap_nocache(e_ctrl->cmd_base, resource_size(&crypto_res)); ++ e_ctrl->crypto_base = ioremap(e_ctrl->cmd_base, resource_size(&crypto_res)); + nss_crypto_assert(e_ctrl->crypto_base); + + e_ctrl->bam_pbase = bam_res.start; +- e_ctrl->bam_base = ioremap_nocache(e_ctrl->bam_pbase, resource_size(&bam_res)); ++ e_ctrl->bam_base = ioremap(e_ctrl->bam_pbase, resource_size(&bam_res)); + nss_crypto_assert(e_ctrl->bam_base); + + e_ctrl->bam_ee = bam_ee; +--- a/v1.0/src/nss_crypto_platform.c ++++ b/v1.0/src/nss_crypto_platform.c +@@ -134,11 +134,11 @@ static int nss_crypto_probe(struct platf + e_ctrl->bam_ee = res->bam_ee; + + e_ctrl->cmd_base = res->crypto_pbase; +- e_ctrl->crypto_base = ioremap_nocache(res->crypto_pbase, res->crypto_pbase_sz); ++ e_ctrl->crypto_base = ioremap(res->crypto_pbase, res->crypto_pbase_sz); + nss_crypto_assert(e_ctrl->crypto_base); + + e_ctrl->bam_pbase = res->bam_pbase; +- e_ctrl->bam_base = ioremap_nocache(res->bam_pbase, res->bam_pbase_sz); ++ e_ctrl->bam_base = ioremap(res->bam_pbase, res->bam_pbase_sz); + nss_crypto_assert(e_ctrl->bam_base); + + /* +--- a/v2.0/src/hal/ipq50xx/nss_crypto_ce5.c ++++ b/v2.0/src/hal/ipq50xx/nss_crypto_ce5.c +@@ -288,7 +288,7 @@ int nss_crypto_ce5_engine_init(struct pl + * remap the I/O addresses for crypto + */ + eng->crypto_paddr = crypto_res->start; +- eng->crypto_vaddr = ioremap_nocache(crypto_res->start, resource_size(crypto_res)); ++ eng->crypto_vaddr = ioremap(crypto_res->start, resource_size(crypto_res)); + if (!eng->crypto_vaddr) { + nss_crypto_warn("%px: unable to remap crypto_addr(0x%px)\n", node, (void *)eng->crypto_paddr); + nss_crypto_engine_free(eng); +@@ -299,7 +299,7 @@ int nss_crypto_ce5_engine_init(struct pl + * remap the I/O addresses for bam + */ + eng->dma_paddr = bam_res->start; +- eng->dma_vaddr = ioremap_nocache(bam_res->start, resource_size(bam_res)); ++ eng->dma_vaddr = ioremap(bam_res->start, resource_size(bam_res)); + if (!eng->dma_vaddr) { + iounmap(eng->crypto_vaddr); + nss_crypto_warn("%px: unable to remap dma_addr(0x%px)\n", node, (void *)eng->dma_paddr); +--- a/v2.0/src/hal/ipq60xx/nss_crypto_eip197.c ++++ b/v2.0/src/hal/ipq60xx/nss_crypto_eip197.c +@@ -490,7 +490,7 @@ int nss_crypto_eip197_engine_init(struct + * remap the I/O addresses + */ + paddr = res->start + offset; +- vaddr = ioremap_nocache(paddr, resource_size(res)); ++ vaddr = ioremap(paddr, resource_size(res)); + if (!vaddr) { + nss_crypto_warn("%px: unable to remap crypto_addr(0x%px)\n", node, (void *)paddr); + return -EIO; +--- a/v2.0/src/hal/ipq807x/nss_crypto_eip197.c ++++ b/v2.0/src/hal/ipq807x/nss_crypto_eip197.c +@@ -490,7 +490,7 @@ int nss_crypto_eip197_engine_init(struct + * remap the I/O addresses + */ + paddr = res->start + offset; +- vaddr = ioremap_nocache(paddr, resource_size(res)); ++ vaddr = ioremap(paddr, resource_size(res)); + if (!vaddr) { + nss_crypto_warn("%px: unable to remap crypto_addr(0x%px)\n", node, (void *)paddr); + return -EIO; diff --git a/package/qca/qca-nss-crypto/patches/0003-nss-crypto-fix-SHA-header-include-in-5.15.patch b/package/qca/qca-nss-crypto/patches/0003-nss-crypto-fix-SHA-header-include-in-5.15.patch new file mode 100644 index 000000000..61df791fd --- /dev/null +++ b/package/qca/qca-nss-crypto/patches/0003-nss-crypto-fix-SHA-header-include-in-5.15.patch @@ -0,0 +1,44 @@ +From 96da3ca01ac172e5d858209b3d3d9aefad04423c Mon Sep 17 00:00:00 2001 +From: Robert Marko +Date: Sun, 13 Mar 2022 13:47:24 +0100 +Subject: [PATCH 3/3] nss-crypto: fix SHA header include in 5.15 + +SHA header was split into SHA-1 and SHA-2 headers in kernel 5.11, so +fix the include for newer kernels. + +Signed-off-by: Robert Marko +--- + v2.0/src/nss_crypto_ctrl.c | 6 ++++++ + v2.0/src/nss_crypto_hlos.h | 4 ++++ + 2 files changed, 10 insertions(+) + +--- a/v2.0/src/nss_crypto_ctrl.c ++++ b/v2.0/src/nss_crypto_ctrl.c +@@ -38,7 +38,13 @@ + #include + #include + #include ++#include ++#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 11, 0) + #include ++#else ++#include ++#include ++#endif + #include + #include + #include +--- a/v2.0/src/nss_crypto_hlos.h ++++ b/v2.0/src/nss_crypto_hlos.h +@@ -58,7 +58,11 @@ + #if LINUX_VERSION_CODE < KERNEL_VERSION(5, 8, 0) + #include + #endif ++#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 11, 0) + #include ++#else ++#include ++#endif + #include + #include + #include diff --git a/package/qca/qca-nss-drv/Config.in b/package/qca/qca-nss-drv/Config.in new file mode 100644 index 000000000..c1bd4760a --- /dev/null +++ b/package/qca/qca-nss-drv/Config.in @@ -0,0 +1,184 @@ +menu "Configuration" + depends on PACKAGE_kmod-qca-nss-drv + +comment "Build Options" + +config NSS_DRV_BRIDGE_ENABLE + bool + default n + prompt "Enable BRIDGE" +config NSS_DRV_C2C_ENABLE + bool + default n + prompt "Enable C2C" +config NSS_DRV_CLMAP_ENABLE + bool + default n + prompt "Enable CLMAP" +config NSS_DRV_CRYPTO_ENABLE + bool + default y + prompt "Enable CRYPTO" +config NSS_DRV_DTLS_ENABLE + bool + default n + prompt "Enable DTLS" +config NSS_DRV_EDMA_ENABLE + bool + default n + prompt "Enable EDMA" +config NSS_DRV_GRE_ENABLE + bool + default n + prompt "Enable GRE" +config NSS_DRV_GRE_REDIR_ENABLE + bool + default n + depends on NSS_DRV_GRE_ENABLE + prompt "Enable GRE_REDIR" +config NSS_DRV_GRE_TUNNEL_ENABLE + bool + default n + depends on NSS_DRV_GRE_ENABLE + prompt "Enable GRE_TUNNEL" +config NSS_DRV_IGS_ENABLE + bool + default n + prompt "Enable IGS" +config NSS_DRV_IPSEC_ENABLE + bool + default n + prompt "Enable IPSEC" +config NSS_DRV_IPV4_REASM_ENABLE + bool + default n + prompt "Enable IPV4_REASM" +config NSS_DRV_IPV6_ENABLE + bool + default n + prompt "Enable IPV6" +config NSS_DRV_IPV6_REASM_ENABLE + bool + default n + depends on NSS_DRV_IPV6_ENABLE + prompt "Enable IPV6_REASM" +config NSS_DRV_L2TP_ENABLE + bool + default n + prompt "Enable L2TP" +config NSS_DRV_LAG_ENABLE + bool + default n + prompt "Enable LAG" +config NSS_DRV_MAPT_ENABLE + bool + default n + prompt "Enable MAPT" +config NSS_DRV_MATCH_ENABLE + bool + default n + prompt "Enable MATCH" +config NSS_DRV_MIRROR_ENABLE + bool + default n + prompt "Enable MIRROR" +config NSS_DRV_OAM_ENABLE + bool + default n + prompt "Enable OAM" +config NSS_DRV_PORTID_ENABLE + bool + default n + prompt "Enable PORTID" +config NSS_DRV_PPE_ENABLE + bool + default n + prompt "Enable PPE" +config NSS_DRV_PPPOE_ENABLE + bool + default n + prompt "Enable PPPOE" +config NSS_DRV_PPTP_ENABLE + bool + default y + prompt "Enable PPTP" +config NSS_DRV_PVXLAN_ENABLE + bool + default n + prompt "Enable PVXLAN" +config NSS_DRV_QRFS_ENABLE + bool + default n + prompt "Enable QRFS" +config NSS_DRV_QVPN_ENABLE + bool + default n + prompt "Enable QVPN" +config NSS_DRV_OVPN_ENABLE + bool + default n + prompt "Enable OVPN" +config NSS_DRV_RMNET_ENABLE + bool + default n + prompt "Enable RMNET" +config NSS_DRV_SHAPER_ENABLE + bool + default n + prompt "Enable SHAPER" +config NSS_DRV_SJACK_ENABLE + bool + default n + prompt "Enable SJACK" +config NSS_DRV_TLS_ENABLE + bool + default n + prompt "Enable TLS" +config NSS_DRV_TRUSTSEC_ENABLE + bool + default n + prompt "Enable TRUSTSEC" +config NSS_DRV_TRUSTSEC_RX_ENABLE + bool + default n + prompt "Enable TRUSTSEC_RX" + depends on NSS_DRV_TRUSTSEC_ENABLE +config NSS_DRV_TSTAMP_ENABLE + bool + default n + prompt "Enable TSTAMP" +config NSS_DRV_TUN6RD_ENABLE + bool + default n + prompt "Enable TUN6RD" +config NSS_DRV_TUNIPIP6_ENABLE + bool + default n + prompt "Enable TUNIPIP6" +config NSS_DRV_VIRT_IF_ENABLE + bool + default y + prompt "Enable VIRT_IF" +config NSS_DRV_VLAN_ENABLE + bool + default n + prompt "Enable VLAN" +config NSS_DRV_VXLAN_ENABLE + bool + default n + prompt "Enable VXLAN" +config NSS_DRV_WIFI_ENABLE + bool + default n + prompt "Enable WIFI" +config NSS_DRV_WIFI_EXT_VDEV_ENABLE + bool + default n + depends on NSS_DRV_WIFI_ENABLE + prompt "Enable WIFI EXT VDEV" +config NSS_DRV_WIFI_MESH_ENABLE + bool + default n + depends on NSS_DRV_WIFI_ENABLE + prompt "Enable WIFI MESH" +endmenu diff --git a/package/qca/qca-nss-drv/Makefile b/package/qca/qca-nss-drv/Makefile new file mode 100644 index 000000000..f7ef833f9 --- /dev/null +++ b/package/qca/qca-nss-drv/Makefile @@ -0,0 +1,275 @@ +include $(TOPDIR)/rules.mk + +PKG_NAME:=qca-nss-drv +PKG_RELEASE:=1 + +PKG_SOURCE_PROTO:=git +PKG_SOURCE_DATE:=2023-08-06 +PKG_SOURCE_URL:=https://git.codelinaro.org/clo/qsdk/oss/lklm/nss-drv.git +PKG_SOURCE_VERSION:=1ab184034529539f61093184a67d4454cb3eb352 +PKG_MIRROR_HASH:=6aa081c0853d3e3b6d78eee588a0967e540b2317d15aef3c3f6f7129925653f7 + +PKG_BUILD_PARALLEL:=1 +PKG_FLAGS:=nonshared + +PKG_CONFIG_DEPENDS:= \ + CONFIG_NSS_DRV_BRIDGE_ENABLE \ + CONFIG_NSS_DRV_C2C_ENABLE \ + CONFIG_NSS_DRV_CLMAP_ENABLE \ + CONFIG_NSS_DRV_CRYPTO_ENABLE \ + CONFIG_NSS_DRV_DMA_ENABLE \ + CONFIG_NSS_DRV_DTLS_ENABLE \ + CONFIG_NSS_DRV_EDMA_ENABLE \ + CONFIG_NSS_DRV_GRE_ENABLE \ + CONFIG_NSS_DRV_GRE_REDIR_ENABLE \ + CONFIG_NSS_DRV_GRE_TUNNEL_ENABLE \ + CONFIG_NSS_DRV_IGS_ENABLE \ + CONFIG_NSS_DRV_IPSEC_ENABLE \ + CONFIG_NSS_DRV_IPV4_REASM_ENABLE \ + CONFIG_NSS_DRV_IPV6_ENABLE \ + CONFIG_NSS_DRV_IPV6_REASM_ENABLE \ + CONFIG_NSS_DRV_L2TP_ENABLE \ + CONFIG_NSS_DRV_LAG_ENABLE \ + CONFIG_NSS_DRV_MAPT_ENABLE \ + CONFIG_NSS_DRV_MATCH_ENABLE \ + CONFIG_NSS_DRV_MIRROR_ENABLE \ + CONFIG_NSS_DRV_OAM_ENABLE \ + CONFIG_NSS_DRV_PORTID_ENABLE \ + CONFIG_NSS_DRV_PPE_ENABLE \ + CONFIG_NSS_DRV_PPPOE_ENABLE \ + CONFIG_NSS_DRV_PPTP_ENABLE \ + CONFIG_NSS_DRV_PVXLAN_ENABLE \ + CONFIG_NSS_DRV_QRFS_ENABLE \ + CONFIG_NSS_DRV_QVPN_ENABLE \ + CONFIG_NSS_DRV_OVPN_ENABLE \ + CONFIG_NSS_DRV_RMNET_ENABLE \ + CONFIG_NSS_DRV_SHAPER_ENABLE \ + CONFIG_NSS_DRV_SJACK_ENABLE \ + CONFIG_NSS_DRV_TLS_ENABLE \ + CONFIG_NSS_DRV_TRUSTSEC_ENABLE \ + CONFIG_NSS_DRV_TRUSTSEC_RX_ENABLE \ + CONFIG_NSS_DRV_TSTAMP_ENABLE \ + CONFIG_NSS_DRV_TUN6RD_ENABLE \ + CONFIG_NSS_DRV_TUNIPIP6_ENABLE \ + CONFIG_NSS_DRV_VIRT_IF_ENABLE \ + CONFIG_NSS_DRV_VLAN_ENABLE \ + CONFIG_NSS_DRV_VXLAN_ENABLE \ + CONFIG_NSS_DRV_WIFI_ENABLE \ + CONFIG_NSS_DRV_WIFI_EXT_VDEV_ENABLE \ + CONFIG_NSS_DRV_WIFI_MESH_ENABLE + +include $(INCLUDE_DIR)/kernel.mk +include $(INCLUDE_DIR)/package.mk + +NSS_CLIENTS_DIR:=$(TOPDIR)/qca/src/qca-nss-clients + +define KernelPackage/qca-nss-drv + SECTION:=kernel + CATEGORY:=Kernel modules + SUBMENU:=Network Devices + DEPENDS:=@TARGET_qualcommax +kmod-qca-nss-dp + TITLE:=Qualcomm NSS core driver + FILES:=$(PKG_BUILD_DIR)/qca-nss-drv.ko + AUTOLOAD:=$(call AutoLoad,32,qca-nss-drv) +endef + +define KernelPackage/qca-nss-drv/config + source "$(SOURCE)/Config.in" +endef + +define KernelPackage/qca-nss-drv/install + $(INSTALL_DIR) $(1)/etc/init.d + $(INSTALL_DIR) $(1)/etc/sysctl.d + $(INSTALL_DIR) $(1)/etc/config + $(INSTALL_DIR) $(1)/etc/hotplug.d/firmware + $(INSTALL_DIR) $(1)/lib/debug + + $(INSTALL_BIN) ./files/qca-nss-drv.init $(1)/etc/init.d/qca-nss-drv + $(INSTALL_BIN) ./files/qca-nss-drv.sysctl $(1)/etc/sysctl.d/qca-nss-drv.conf + $(INSTALL_BIN) ./files/qca-nss-drv.conf $(1)/etc/config/nss + $(INSTALL_BIN) ./files/qca-nss-drv.hotplug $(1)/etc/hotplug.d/firmware/10-qca-nss-fw + $(INSTALL_BIN) ./files/qca-nss-drv.debug $(1)/lib/debug/qca-nss-drv +endef + +define KernelPackage/qca-nss-drv/Description +This package contains a NSS driver for QCA chipset +endef + +ifeq ($(CONFIG_TARGET_SUBTARGET), "ipq807x") + SOC="ipq807x_64" + subtarget:=$(CONFIG_TARGET_SUBTARGET) +else ifeq ($(CONFIG_TARGET_SUBTARGET), "ipq60xx") + SOC="ipq60xx_64" + subtarget:=$(CONFIG_TARGET_SUBTARGET) +endif + +define Build/InstallDev + mkdir -p $(1)/usr/include/qca-nss-drv + $(CP) $(PKG_BUILD_DIR)/exports/* $(1)/usr/include/qca-nss-drv/ +ifneq (, $(findstring $(subtarget), "ipq807x" "ipq60xx")) + $(RM) $(1)/usr/include/qca-nss-drv/nss_ipsecmgr.h + # $(INSTALL_DIR) $(1)/usr/include/qca-nss-clients + # $(CP) $(NSS_CLIENTS_DIR)/exports/nss_ipsecmgr.h $(1)/usr/include/qca-nss-clients/. +endif +endef + +EXTRA_CFLAGS+= -I$(STAGING_DIR)/usr/include/qca-nss-gmac \ + -I$(STAGING_DIR)/usr/include/qca-nss-dp \ + -I$(STAGING_DIR)/usr/include/qca-ssdk \ + -Wno-unused-variable \ + -Wno-error=unused-function + +ifeq ($(BOARD),qualcommax) +EXTRA_CFLAGS+= -DNSS_MEM_PROFILE_MEDIUM +endif + +DRV_MAKE_OPTS:= +ifndef CONFIG_NSS_DRV_BRIDGE_ENABLE + DRV_MAKE_OPTS += NSS_DRV_BRIDGE_ENABLE=n +endif +ifndef CONFIG_NSS_DRV_C2C_ENABLE + DRV_MAKE_OPTS += NSS_DRV_C2C_ENABLE=n +endif +ifndef CONFIG_NSS_DRV_CLMAP_ENABLE + DRV_MAKE_OPTS += NSS_DRV_CLMAP_ENABLE=n +endif +ifndef CONFIG_NSS_DRV_CRYPTO_ENABLE + DRV_MAKE_OPTS += NSS_DRV_CRYPTO_ENABLE=n +endif +ifndef CONFIG_NSS_DRV_DMA_ENABLE + DRV_MAKE_OPTS += NSS_DRV_DMA_ENABLE=n +endif +ifndef CONFIG_NSS_DRV_DTLS_ENABLE + DRV_MAKE_OPTS += NSS_DRV_DTLS_ENABLE=n +endif +ifndef CONFIG_NSS_DRV_EDMA_ENABLE + DRV_MAKE_OPTS += NSS_DRV_EDMA_ENABLE=n +endif +ifndef CONFIG_NSS_DRV_GRE_ENABLE + DRV_MAKE_OPTS += NSS_DRV_GRE_ENABLE=n +endif +ifndef CONFIG_NSS_DRV_GRE_REDIR_ENABLE + DRV_MAKE_OPTS += NSS_DRV_GRE_REDIR_ENABLE=n +endif +ifndef CONFIG_NSS_DRV_GRE_TUNNEL_ENABLE + DRV_MAKE_OPTS += NSS_DRV_GRE_TUNNEL_ENABLE=n +endif +ifndef CONFIG_NSS_DRV_IGS_ENABLE + DRV_MAKE_OPTS += NSS_DRV_IGS_ENABLE=n +endif +ifndef CONFIG_NSS_DRV_IPSEC_ENABLE + DRV_MAKE_OPTS += NSS_DRV_IPSEC_ENABLE=n +endif +ifndef CONFIG_NSS_DRV_IPV4_REASM_ENABLE + DRV_MAKE_OPTS += NSS_DRV_IPV4_REASM_ENABLE=n +endif +ifndef CONFIG_NSS_DRV_IPV6_ENABLE + DRV_MAKE_OPTS += NSS_DRV_IPV6_ENABLE=n +endif +ifndef CONFIG_NSS_DRV_IPV6_REASM_ENABLE + DRV_MAKE_OPTS += NSS_DRV_IPV6_REASM_ENABLE=n +endif +ifndef CONFIG_NSS_DRV_L2TP_ENABLE + DRV_MAKE_OPTS += NSS_DRV_L2TP_ENABLE=n +endif +ifndef CONFIG_NSS_DRV_LAG_ENABLE + DRV_MAKE_OPTS += NSS_DRV_LAG_ENABLE=n +endif +ifndef CONFIG_NSS_DRV_MAPT_ENABLE + DRV_MAKE_OPTS += NSS_DRV_MAPT_ENABLE=n +endif +ifndef CONFIG_NSS_DRV_MATCH_ENABLE + DRV_MAKE_OPTS += NSS_DRV_MATCH_ENABLE=n +endif +ifndef CONFIG_NSS_DRV_MIRROR_ENABLE + DRV_MAKE_OPTS += NSS_DRV_MIRROR_ENABLE=n +endif +ifndef CONFIG_NSS_DRV_OAM_ENABLE + DRV_MAKE_OPTS += NSS_DRV_OAM_ENABLE=n +endif +ifndef CONFIG_NSS_DRV_PORTID_ENABLE + DRV_MAKE_OPTS += NSS_DRV_PORTID_ENABLE=n +endif +ifndef CONFIG_NSS_DRV_PPE_ENABLE + DRV_MAKE_OPTS += NSS_DRV_PPE_ENABLE=n +endif +ifndef CONFIG_NSS_DRV_PPPOE_ENABLE + DRV_MAKE_OPTS += NSS_DRV_PPPOE_ENABLE=n +endif +ifndef CONFIG_NSS_DRV_PPTP_ENABLE + DRV_MAKE_OPTS += NSS_DRV_PPTP_ENABLE=n +endif +ifndef CONFIG_NSS_DRV_PVXLAN_ENABLE + DRV_MAKE_OPTS += NSS_DRV_PVXLAN_ENABLE=n +endif +ifndef CONFIG_NSS_DRV_QRFS_ENABLE + DRV_MAKE_OPTS += NSS_DRV_QRFS_ENABLE=n +endif +ifndef CONFIG_NSS_DRV_QVPN_ENABLE + DRV_MAKE_OPTS += NSS_DRV_QVPN_ENABLE=n +endif +ifndef CONFIG_NSS_DRV_OVPN_ENABLE + DRV_MAKE_OPTS += NSS_DRV_OVPN_ENABLE=n +endif +ifndef CONFIG_NSS_DRV_RMNET_ENABLE + DRV_MAKE_OPTS += NSS_DRV_RMNET_ENABLE=n +endif +ifndef CONFIG_NSS_DRV_SHAPER_ENABLE + DRV_MAKE_OPTS += NSS_DRV_SHAPER_ENABLE=n +endif +ifndef CONFIG_NSS_DRV_SJACK_ENABLE + DRV_MAKE_OPTS += NSS_DRV_SJACK_ENABLE=n +endif +ifndef CONFIG_NSS_DRV_TLS_ENABLE + DRV_MAKE_OPTS += NSS_DRV_TLS_ENABLE=n +endif +ifndef CONFIG_NSS_DRV_TRUSTSEC_ENABLE + DRV_MAKE_OPTS += NSS_DRV_TRUSTSEC_ENABLE=n +endif +ifndef CONFIG_NSS_DRV_TRUSTSEC_RX_ENABLE + DRV_MAKE_OPTS += NSS_DRV_TRUSTSEC_RX_ENABLE=n +endif +ifndef CONFIG_NSS_DRV_TSTAMP_ENABLE + DRV_MAKE_OPTS += NSS_DRV_TSTAMP_ENABLE=n +endif +ifndef CONFIG_NSS_DRV_TUN6RD_ENABLE + DRV_MAKE_OPTS += NSS_DRV_TUN6RD_ENABLE=n +endif +ifndef CONFIG_NSS_DRV_TUNIPIP6_ENABLE + DRV_MAKE_OPTS += NSS_DRV_TUNIPIP6_ENABLE=n +endif +ifndef CONFIG_NSS_DRV_VIRT_IF_ENABLE + DRV_MAKE_OPTS += NSS_DRV_VIRT_IF_ENABLE=n +endif +ifndef CONFIG_NSS_DRV_VLAN_ENABLE + DRV_MAKE_OPTS += NSS_DRV_VLAN_ENABLE=n +endif +ifndef CONFIG_NSS_DRV_VXLAN_ENABLE + DRV_MAKE_OPTS += NSS_DRV_VXLAN_ENABLE=n +endif +ifndef CONFIG_NSS_DRV_WIFI_ENABLE + DRV_MAKE_OPTS += NSS_DRV_WIFI_ENABLE=n +endif +ifndef CONFIG_NSS_DRV_WIFI_EXT_VDEV_ENABLE + DRV_MAKE_OPTS += NSS_DRV_WIFI_EXT_VDEV_ENABLE=n +endif +ifndef CONFIG_NSS_DRV_WIFI_MESH_ENABLE + DRV_MAKE_OPTS += NSS_DRV_WIFI_MESH_ENABLE=n +endif + +define Build/Configure + $(LN) arch/nss_$(SOC).h $(PKG_BUILD_DIR)/exports/nss_arch.h +endef + +define Build/Compile + +$(MAKE) -C "$(LINUX_DIR)" $(strip $(DRV_MAKE_OPTS)) \ + CROSS_COMPILE="$(TARGET_CROSS)" \ + $(KERNEL_MAKE_FLAGS) \ + M="$(PKG_BUILD_DIR)" \ + EXTRA_CFLAGS="$(EXTRA_CFLAGS)" \ + SoC=$(SOC) \ + $(PKG_JOBS) \ + modules +endef + +$(eval $(call KernelPackage,qca-nss-drv)) diff --git a/package/qca/qca-nss-drv/files/qca-nss-drv.conf b/package/qca/qca-nss-drv/files/qca-nss-drv.conf new file mode 100644 index 000000000..a8a1fbf40 --- /dev/null +++ b/package/qca/qca-nss-drv/files/qca-nss-drv.conf @@ -0,0 +1,6 @@ +config nss_firmware 'qca_nss_0' + +config nss_firmware 'qca_nss_1' + +config general + option enable_rps '1' diff --git a/package/qca/qca-nss-drv/files/qca-nss-drv.debug b/package/qca/qca-nss-drv/files/qca-nss-drv.debug new file mode 100644 index 000000000..5d435c3a7 --- /dev/null +++ b/package/qca/qca-nss-drv/files/qca-nss-drv.debug @@ -0,0 +1,26 @@ +#!/bin/sh /sbin/sysdebug +# +# Copyright (c) 2015-2016, The Linux Foundation. All rights reserved. +# +# Permission to use, copy, modify, and/or distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +# + +log cat /sys/kernel/debug/qca-nss-drv/stats/pppoe +log cat /sys/kernel/debug/qca-nss-drv/stats/n2h +log cat /sys/kernel/debug/qca-nss-drv/stats/ipv6 +log cat /sys/kernel/debug/qca-nss-drv/stats/ipv4 +log cat /sys/kernel/debug/qca-nss-drv/stats/gmac +log cat /sys/kernel/debug/qca-nss-drv/stats/drv +log cat /sys/kernel/debug/qca-nss-drv/stats/wifi +log cat /sys/kernel/debug/qca-nss-drv/stats/wifi_if +log cat /sys/kernel/debug/qca-nss-drv/stats/eth_rx diff --git a/package/qca/qca-nss-drv/files/qca-nss-drv.hotplug b/package/qca/qca-nss-drv/files/qca-nss-drv.hotplug new file mode 100644 index 000000000..1e4813838 --- /dev/null +++ b/package/qca/qca-nss-drv/files/qca-nss-drv.hotplug @@ -0,0 +1,70 @@ +#!/bin/sh +# +# Copyright (c) 2015-2016, The Linux Foundation. All rights reserved. +# +# Permission to use, copy, modify, and/or distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +# + +KERNEL=`uname -r` +case "${KERNEL}" in + 3.4*) + select_or_load=load_nss_fw + ;; + *) + select_or_load=select_nss_fw + ;; +esac + +load_nss_fw () { + ls -l $1 | awk ' { print $9,$5 } '> /dev/console + echo 1 > /sys/class/firmware/$DEVICENAME/loading + cat $1 > /sys/class/firmware/$DEVICENAME/data + echo 0 > /sys/class/firmware/$DEVICENAME/loading +} + +select_nss_fw () { + rm -f /lib/firmware/$DEVICENAME + ln -s $1 /lib/firmware/$DEVICENAME + ls -l /lib/firmware/$DEVICENAME | awk ' { print $9,$5 } '> /dev/console +} + +[ "$ACTION" != "add" ] && exit + +# dev name for UCI, since it doesn't let you use . or - +SDEVNAME=$(echo ${DEVICENAME} | sed s/[.-]/_/g) + +SELECTED_FW=$(uci get nss.${SDEVNAME}.firmware 2>/dev/null) +[ -e "${SELECTED_FW}" ] && { + $select_or_load ${SELECTED_FW} + exit +} + +case $DEVICENAME in + qca-nss0* | qca-nss.0*) + if [ -e /lib/firmware/qca-nss0-enterprise.bin ] ; then + $select_or_load /lib/firmware/qca-nss0-enterprise.bin + else + $select_or_load /lib/firmware/qca-nss0-retail.bin + fi + exit + ;; + qca-nss1* | qca-nss.1*) + if [ -e /lib/firmware/qca-nss1-enterprise.bin ] ; then + $select_or_load /lib/firmware/qca-nss1-enterprise.bin + else + $select_or_load /lib/firmware/qca-nss1-retail.bin + fi + exit + ;; +esac + diff --git a/package/qca/qca-nss-drv/files/qca-nss-drv.init b/package/qca/qca-nss-drv/files/qca-nss-drv.init new file mode 100644 index 000000000..de12cb6d1 --- /dev/null +++ b/package/qca/qca-nss-drv/files/qca-nss-drv.init @@ -0,0 +1,50 @@ +#!/bin/sh /etc/rc.common +# +# Copyright (c) 2015-2017, The Linux Foundation. All rights reserved. +# +# Permission to use, copy, modify, and/or distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +# + +START=70 + +enable_rps() { + irq_nss_rps=`grep nss_queue1 /proc/interrupts | cut -d ':' -f 1 | tr -d ' '` + for entry in $irq_nss_rps + do + echo 2 > /proc/irq/$entry/smp_affinity + done + + irq_nss_rps=`grep nss_queue2 /proc/interrupts | cut -d ':' -f 1 | tr -d ' '` + for entry in $irq_nss_rps + do + echo 4 > /proc/irq/$entry/smp_affinity + done + + irq_nss_rps=`grep nss_queue3 /proc/interrupts | cut -d ':' -f 1 | tr -d ' '` + for entry in $irq_nss_rps + do + echo 8 > /proc/irq/$entry/smp_affinity + done + + # Enable NSS RPS + sysctl -w dev.nss.rps.enable=1 >/dev/null 2>/dev/null + +} + + +start() { + local rps_enabled="$(uci_get nss @general[0] enable_rps)" + if [ "$rps_enabled" -eq 1 ]; then + enable_rps + fi +} diff --git a/package/qca/qca-nss-drv/files/qca-nss-drv.sysctl b/package/qca/qca-nss-drv/files/qca-nss-drv.sysctl new file mode 100644 index 000000000..0276bba12 --- /dev/null +++ b/package/qca/qca-nss-drv/files/qca-nss-drv.sysctl @@ -0,0 +1,3 @@ +# Default Number of connection configuration +dev.nss.ipv4cfg.ipv4_conn=4096 +dev.nss.ipv6cfg.ipv6_conn=4096 diff --git a/package/qca/qca-nss-drv/patches/0001-nss-drv-replace-ioremap_nocache-with-ioremap.patch b/package/qca/qca-nss-drv/patches/0001-nss-drv-replace-ioremap_nocache-with-ioremap.patch new file mode 100644 index 000000000..edbd10434 --- /dev/null +++ b/package/qca/qca-nss-drv/patches/0001-nss-drv-replace-ioremap_nocache-with-ioremap.patch @@ -0,0 +1,207 @@ +From dddfe22459a988a5b86d195bc3cc3bd3c2ac7037 Mon Sep 17 00:00:00 2001 +From: Robert Marko +Date: Sat, 14 Jan 2023 21:52:38 +0100 +Subject: [PATCH 1/4] nss-drv: replace ioremap_nocache() with ioremap() + +Since 5.5 ioremap_nocache is equal to ioremap on all archs and was removed +from the kernel, so just use ioremap instead. + +Signed-off-by: Robert Marko +--- + nss_hal/fsm9010/nss_hal_pvt.c | 2 +- + nss_hal/ipq50xx/nss_hal_pvt.c | 6 +++--- + nss_hal/ipq60xx/nss_hal_pvt.c | 8 ++++---- + nss_hal/ipq806x/nss_hal_pvt.c | 4 ++-- + nss_hal/ipq807x/nss_hal_pvt.c | 6 +++--- + nss_hal/ipq95xx/nss_hal_pvt.c | 6 +++--- + nss_hal/nss_hal.c | 4 ++-- + nss_meminfo.c | 2 +- + nss_ppe.c | 2 +- + 9 files changed, 20 insertions(+), 20 deletions(-) + +--- a/nss_hal/fsm9010/nss_hal_pvt.c ++++ b/nss_hal/fsm9010/nss_hal_pvt.c +@@ -145,7 +145,7 @@ static struct nss_platform_data *__nss_h + npd->nphys = res_nphys.start; + npd->vphys = res_vphys.start; + +- npd->nmap = ioremap_nocache(npd->nphys, resource_size(&res_nphys)); ++ npd->nmap = ioremap(npd->nphys, resource_size(&res_nphys)); + if (!npd->nmap) { + nss_info_always("%px: nss%d: ioremap() fail for nphys\n", nss_ctx, nss_ctx->id); + goto out; +--- a/nss_hal/ipq50xx/nss_hal_pvt.c ++++ b/nss_hal/ipq50xx/nss_hal_pvt.c +@@ -185,13 +185,13 @@ static struct nss_platform_data *__nss_h + npd->nphys = res_nphys.start; + npd->qgic_phys = res_qgic_phys.start; + +- npd->nmap = ioremap_nocache(npd->nphys, resource_size(&res_nphys)); ++ npd->nmap = ioremap(npd->nphys, resource_size(&res_nphys)); + if (!npd->nmap) { + nss_info_always("%px: nss%d: ioremap() fail for nphys\n", nss_ctx, nss_ctx->id); + goto out; + } + +- npd->qgic_map = ioremap_nocache(npd->qgic_phys, resource_size(&res_qgic_phys)); ++ npd->qgic_map = ioremap(npd->qgic_phys, resource_size(&res_qgic_phys)); + if (!npd->qgic_map) { + nss_info_always("%px: nss%d: ioremap() fail for qgic map\n", nss_ctx, nss_ctx->id); + goto out; +@@ -349,7 +349,7 @@ static int __nss_hal_common_reset(struct + + of_node_put(cmn); + +- nss_misc_reset = ioremap_nocache(res_nss_misc_reset.start, resource_size(&res_nss_misc_reset)); ++ nss_misc_reset = ioremap(res_nss_misc_reset.start, resource_size(&res_nss_misc_reset)); + if (!nss_misc_reset) { + pr_err("%px: ioremap fail for nss_misc_reset\n", nss_dev); + return -EFAULT; +--- a/nss_hal/ipq60xx/nss_hal_pvt.c ++++ b/nss_hal/ipq60xx/nss_hal_pvt.c +@@ -208,13 +208,13 @@ static struct nss_platform_data *__nss_h + npd->nphys = res_nphys.start; + npd->qgic_phys = res_qgic_phys.start; + +- npd->nmap = ioremap_nocache(npd->nphys, resource_size(&res_nphys)); ++ npd->nmap = ioremap(npd->nphys, resource_size(&res_nphys)); + if (!npd->nmap) { + nss_info_always("%px: nss%d: ioremap() fail for nphys\n", nss_ctx, nss_ctx->id); + goto out; + } + +- npd->qgic_map = ioremap_nocache(npd->qgic_phys, resource_size(&res_qgic_phys)); ++ npd->qgic_map = ioremap(npd->qgic_phys, resource_size(&res_qgic_phys)); + if (!npd->qgic_map) { + nss_info_always("%px: nss%d: ioremap() fail for qgic map\n", nss_ctx, nss_ctx->id); + goto out; +@@ -434,13 +434,13 @@ static int __nss_hal_common_reset(struct + + of_node_put(cmn); + +- nss_misc_reset = ioremap_nocache(res_nss_misc_reset.start, resource_size(&res_nss_misc_reset)); ++ nss_misc_reset = ioremap(res_nss_misc_reset.start, resource_size(&res_nss_misc_reset)); + if (!nss_misc_reset) { + pr_err("%px: ioremap fail for nss_misc_reset\n", nss_dev); + return -EFAULT; + } + +- nss_misc_reset_flag = ioremap_nocache(res_nss_misc_reset_flag.start, resource_size(&res_nss_misc_reset_flag)); ++ nss_misc_reset_flag = ioremap(res_nss_misc_reset_flag.start, resource_size(&res_nss_misc_reset_flag)); + if (!nss_misc_reset_flag) { + pr_err("%px: ioremap fail for nss_misc_reset_flag\n", nss_dev); + return -EFAULT; +--- a/nss_hal/ipq806x/nss_hal_pvt.c ++++ b/nss_hal/ipq806x/nss_hal_pvt.c +@@ -461,7 +461,7 @@ static struct nss_platform_data *__nss_h + npd->nphys = res_nphys.start; + npd->vphys = res_vphys.start; + +- npd->nmap = ioremap_nocache(npd->nphys, resource_size(&res_nphys)); ++ npd->nmap = ioremap(npd->nphys, resource_size(&res_nphys)); + if (!npd->nmap) { + nss_info_always("%px: nss%d: ioremap() fail for nphys\n", nss_ctx, nss_ctx->id); + goto out; +@@ -714,7 +714,7 @@ static int __nss_hal_common_reset(struct + } + of_node_put(cmn); + +- fpb_base = ioremap_nocache(res_nss_fpb_base.start, resource_size(&res_nss_fpb_base)); ++ fpb_base = ioremap(res_nss_fpb_base.start, resource_size(&res_nss_fpb_base)); + if (!fpb_base) { + pr_err("%px: ioremap fail for nss_fpb_base\n", nss_dev); + return -EFAULT; +--- a/nss_hal/ipq807x/nss_hal_pvt.c ++++ b/nss_hal/ipq807x/nss_hal_pvt.c +@@ -237,7 +237,7 @@ static struct nss_platform_data *__nss_h + npd->vphys = res_vphys.start; + npd->qgic_phys = res_qgic_phys.start; + +- npd->nmap = ioremap_nocache(npd->nphys, resource_size(&res_nphys)); ++ npd->nmap = ioremap(npd->nphys, resource_size(&res_nphys)); + if (!npd->nmap) { + nss_info_always("%px: nss%d: ioremap() fail for nphys\n", nss_ctx, nss_ctx->id); + goto out; +@@ -250,7 +250,7 @@ static struct nss_platform_data *__nss_h + goto out; + } + +- npd->qgic_map = ioremap_nocache(npd->qgic_phys, resource_size(&res_qgic_phys)); ++ npd->qgic_map = ioremap(npd->qgic_phys, resource_size(&res_qgic_phys)); + if (!npd->qgic_map) { + nss_info_always("%px: nss%d: ioremap() fail for qgic map\n", nss_ctx, nss_ctx->id); + goto out; +@@ -470,7 +470,7 @@ static int __nss_hal_common_reset(struct + } + of_node_put(cmn); + +- nss_misc_reset = ioremap_nocache(res_nss_misc_reset.start, resource_size(&res_nss_misc_reset)); ++ nss_misc_reset = ioremap(res_nss_misc_reset.start, resource_size(&res_nss_misc_reset)); + if (!nss_misc_reset) { + pr_err("%px: ioremap fail for nss_misc_reset\n", nss_dev); + return -EFAULT; +--- a/nss_hal/ipq95xx/nss_hal_pvt.c ++++ b/nss_hal/ipq95xx/nss_hal_pvt.c +@@ -291,7 +291,7 @@ static struct nss_platform_data *__nss_h + npd->vphys = res_vphys.start; + npd->qgic_phys = res_qgic_phys.start; + +- npd->nmap = ioremap_nocache(npd->nphys, resource_size(&res_nphys)); ++ npd->nmap = ioremap(npd->nphys, resource_size(&res_nphys)); + if (!npd->nmap) { + nss_info_always("%px: nss%d: ioremap() fail for nphys\n", nss_ctx, nss_ctx->id); + goto out; +@@ -303,7 +303,7 @@ static struct nss_platform_data *__nss_h + goto out; + } + +- npd->qgic_map = ioremap_nocache(npd->qgic_phys, resource_size(&res_qgic_phys)); ++ npd->qgic_map = ioremap(npd->qgic_phys, resource_size(&res_qgic_phys)); + if (!npd->qgic_map) { + nss_info_always("%px: nss%d: ioremap() fail for qgic map\n", nss_ctx, nss_ctx->id); + goto out; +@@ -608,7 +608,7 @@ static int __nss_hal_common_reset(struct + + of_node_put(cmn); + +- nss_misc_reset = ioremap_nocache(res_nss_misc_reset.start, resource_size(&res_nss_misc_reset)); ++ nss_misc_reset = ioremap(res_nss_misc_reset.start, resource_size(&res_nss_misc_reset)); + if (!nss_misc_reset) { + pr_err("%px: ioremap fail for nss_misc_reset\n", nss_dev); + return -EFAULT; +--- a/nss_hal/nss_hal.c ++++ b/nss_hal/nss_hal.c +@@ -81,9 +81,9 @@ int nss_hal_firmware_load(struct nss_ctx + } + + +- load_mem = ioremap_nocache(npd->load_addr, nss_fw->size); ++ load_mem = ioremap(npd->load_addr, nss_fw->size); + if (!load_mem) { +- nss_info_always("%px: ioremap_nocache failed: %x", nss_ctx, npd->load_addr); ++ nss_info_always("%px: ioremap failed: %x", nss_ctx, npd->load_addr); + release_firmware(nss_fw); + return rc; + } +--- a/nss_meminfo.c ++++ b/nss_meminfo.c +@@ -736,7 +736,7 @@ bool nss_meminfo_init(struct nss_ctx_ins + /* + * meminfo_start is the label where the start address of meminfo map is stored. + */ +- meminfo_start = (uint32_t *)ioremap_nocache(nss_ctx->load + NSS_MEMINFO_MAP_START_OFFSET, ++ meminfo_start = (uint32_t *)ioremap(nss_ctx->load + NSS_MEMINFO_MAP_START_OFFSET, + NSS_MEMINFO_RESERVE_AREA_SIZE); + if (!meminfo_start) { + nss_info_always("%px: cannot remap meminfo start\n", nss_ctx); +--- a/nss_ppe.c ++++ b/nss_ppe.c +@@ -357,7 +357,7 @@ void nss_ppe_init(void) + /* + * Get the PPE base address + */ +- ppe_pvt.ppe_base = ioremap_nocache(PPE_BASE_ADDR, PPE_REG_SIZE); ++ ppe_pvt.ppe_base = ioremap(PPE_BASE_ADDR, PPE_REG_SIZE); + if (!ppe_pvt.ppe_base) { + nss_warning("DRV can't get PPE base address\n"); + return; diff --git a/package/qca/qca-nss-drv/patches/0002-nss-drv-add-support-for-kernel-5.15.patch b/package/qca/qca-nss-drv/patches/0002-nss-drv-add-support-for-kernel-5.15.patch new file mode 100644 index 000000000..279c18e57 --- /dev/null +++ b/package/qca/qca-nss-drv/patches/0002-nss-drv-add-support-for-kernel-5.15.patch @@ -0,0 +1,62 @@ +From 2a3b9f4659542e529f4e1a535c33dfde7e272707 Mon Sep 17 00:00:00 2001 +From: Ansuel Smith +Date: Tue, 5 Apr 2022 18:10:57 +0200 +Subject: [PATCH 2/4] nss-drv: add support for kernel 5.15 + +- Fix coredump panic notifier include change. +- Fix skb ZEROCOPY flag. +- Add skb reuse support for 5.15 kernel version. + +Signed-off-by: Ansuel Smith +--- + nss_core.c | 5 +++-- + nss_coredump.c | 4 ++++ + nss_hal/nss_hal.c | 1 + + 3 files changed, 9 insertions(+), 2 deletions(-) + +--- a/nss_core.c ++++ b/nss_core.c +@@ -61,7 +61,9 @@ + (((LINUX_VERSION_CODE >= KERNEL_VERSION(3, 10, 0)) && (LINUX_VERSION_CODE < KERNEL_VERSION(3, 11, 0)))) || \ + (((LINUX_VERSION_CODE >= KERNEL_VERSION(3, 18, 0)) && (LINUX_VERSION_CODE < KERNEL_VERSION(3, 19, 0)))) || \ + (((LINUX_VERSION_CODE >= KERNEL_VERSION(4, 4, 0)) && (LINUX_VERSION_CODE < KERNEL_VERSION(4, 5, 0)))) || \ +-(((LINUX_VERSION_CODE >= KERNEL_VERSION(5, 4, 0)) && (LINUX_VERSION_CODE < KERNEL_VERSION(5, 5, 0)))))) ++(((LINUX_VERSION_CODE >= KERNEL_VERSION(5, 4, 0)) && (LINUX_VERSION_CODE < KERNEL_VERSION(5, 5, 0)))) || \ ++(((LINUX_VERSION_CODE >= KERNEL_VERSION(5, 15, 0)) && (LINUX_VERSION_CODE < KERNEL_VERSION(5, 16, 0)))) || \ ++(((LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0)) && (LINUX_VERSION_CODE < KERNEL_VERSION(6, 2, 0)))))) + #error "Check skb recycle code in this file to match Linux version" + #endif + +@@ -2658,7 +2660,7 @@ static inline bool nss_core_skb_can_reus + if (unlikely(irqs_disabled())) + return false; + +- if (unlikely(skb_shinfo(nbuf)->tx_flags & SKBTX_DEV_ZEROCOPY)) ++ if (unlikely(skb_shinfo(nbuf)->flags & SKBFL_ZEROCOPY_ENABLE)) + return false; + + if (unlikely(skb_is_nonlinear(nbuf))) +--- a/nss_coredump.c ++++ b/nss_coredump.c +@@ -25,7 +25,11 @@ + #include "nss_hal.h" + #include "nss_log.h" + #include ++#if (LINUX_VERSION_CODE < KERNEL_VERSION(5, 14, 0)) + #include /* for panic_notifier_list */ ++#else ++#include ++#endif + #include /* for time */ + #include "nss_tx_rx_common.h" + +--- a/nss_hal/nss_hal.c ++++ b/nss_hal/nss_hal.c +@@ -27,6 +27,7 @@ + #include + #include + #include ++#include + + #include "nss_hal.h" + #include "nss_arch.h" diff --git a/package/qca/qca-nss-drv/patches/0003-DMA-Fix-NULL-pointer-exceptions.patch b/package/qca/qca-nss-drv/patches/0003-DMA-Fix-NULL-pointer-exceptions.patch new file mode 100644 index 000000000..4577b8a4b --- /dev/null +++ b/package/qca/qca-nss-drv/patches/0003-DMA-Fix-NULL-pointer-exceptions.patch @@ -0,0 +1,28 @@ +From a6e3e81daab4eb9acbdef0ad1fed056e1bfbe320 Mon Sep 17 00:00:00 2001 +From: Robert Marko +Date: Tue, 8 Jun 2021 23:24:43 +0200 +Subject: [PATCH 3/4] DMA: Fix NULL pointer exceptions + +There are multiple instances that pass NULL instead +of device to DMA functions. +That is incorrect and will cause kernel NULL pointer +exceptions. + +So, simply pass the device structure pointers. + +Signed-off-by: Robert Marko +--- + nss_core.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/nss_core.c ++++ b/nss_core.c +@@ -1660,7 +1660,7 @@ static int32_t nss_core_handle_cause_que + * + */ + if (unlikely((buffer_type == N2H_BUFFER_CRYPTO_RESP))) { +- dma_unmap_single(NULL, (desc->buffer + desc->payload_offs), desc->payload_len, DMA_FROM_DEVICE); ++ dma_unmap_single(nss_ctx->dev, (desc->buffer + desc->payload_offs), desc->payload_len, DMA_FROM_DEVICE); + goto consume; + } + diff --git a/package/qca/qca-nss-drv/patches/0004-nss-drv-rework-NSS_CORE_DMA_CACHE_MAINT-ops.patch b/package/qca/qca-nss-drv/patches/0004-nss-drv-rework-NSS_CORE_DMA_CACHE_MAINT-ops.patch new file mode 100644 index 000000000..793da70f0 --- /dev/null +++ b/package/qca/qca-nss-drv/patches/0004-nss-drv-rework-NSS_CORE_DMA_CACHE_MAINT-ops.patch @@ -0,0 +1,558 @@ +From e6814c47d22ee5133a71016375239f87ea265794 Mon Sep 17 00:00:00 2001 +From: Christian Marangi +Date: Tue, 5 Apr 2022 15:38:18 +0200 +Subject: [PATCH 4/4] nss-drv: rework NSS_CORE_DMA_CACHE_MAINT ops + +Rework NSS_CORE_DMA_CACHE_MAINT ops to use standard dma sync ops instead +of using the direct arch function. This permit to skip any hack/patch +needed for nss-drv to correctly compile on upstream kernel. + +We drop any NSS_CORE_DMA_CACHE_MAINT use in nss_core and we correctly +use the dma_sync_single_for_device we correctly dma addr using the new +DMA helper. +We drop sync for IOREMAP addr and we just leave a memory block. +We hope the nss_profiler is correctly ported. +We finally drop the NSS_CORE_DMA_CACHE_MAINT jus in case someone wants +to use it. + +Signed-off-by: Christian Marangi +--- + nss_core.c | 136 +++++++++++++++++++++++++--------- + nss_core.h | 41 +++++----- + nss_hal/ipq806x/nss_hal_pvt.c | 5 +- + nss_hal/ipq807x/nss_hal_pvt.c | 5 +- + nss_meminfo.c | 5 +- + nss_profiler.c | 3 +- + 6 files changed, 127 insertions(+), 68 deletions(-) + +--- a/nss_core.c ++++ b/nss_core.c +@@ -1472,6 +1472,8 @@ static inline void nss_core_handle_empty + uint32_t count, uint32_t hlos_index, + uint16_t mask) + { ++ struct nss_meminfo_ctx *mem_ctx = &nss_ctx->meminfo_ctx; ++ + while (count) { + /* + * Since we only return the primary skb, we have no way to unmap +@@ -1525,7 +1527,9 @@ next: + n2h_desc_ring->hlos_index = hlos_index; + if_map->n2h_hlos_index[NSS_IF_N2H_EMPTY_BUFFER_RETURN_QUEUE] = hlos_index; + +- NSS_CORE_DMA_CACHE_MAINT((void *)&if_map->n2h_hlos_index[NSS_IF_N2H_EMPTY_BUFFER_RETURN_QUEUE], sizeof(uint32_t), DMA_TO_DEVICE); ++ dma_sync_single_for_device(nss_ctx->dev, ++ n2h_hlos_index_to_dma(mem_ctx->if_map_dma, NSS_IF_N2H_EMPTY_BUFFER_RETURN_QUEUE), ++ sizeof(uint32_t), DMA_TO_DEVICE); + NSS_CORE_DSB(); + } + +@@ -1547,6 +1551,7 @@ static int32_t nss_core_handle_cause_que + struct nss_ctx_instance *nss_ctx = int_ctx->nss_ctx; + struct nss_meminfo_ctx *mem_ctx = &nss_ctx->meminfo_ctx; + struct nss_if_mem_map *if_map = mem_ctx->if_map; ++ int dma_size; + + qid = nss_core_cause_to_queue(cause); + +@@ -1558,7 +1563,8 @@ static int32_t nss_core_handle_cause_que + n2h_desc_ring = &nss_ctx->n2h_desc_ring[qid]; + desc_if = &n2h_desc_ring->desc_ring; + desc_ring = desc_if->desc; +- NSS_CORE_DMA_CACHE_MAINT((void *)&if_map->n2h_nss_index[qid], sizeof(uint32_t), DMA_FROM_DEVICE); ++ dma_sync_single_for_cpu(nss_ctx->dev, n2h_nss_index_to_dma(mem_ctx->if_map_dma, qid), ++ sizeof(uint32_t), DMA_FROM_DEVICE); + NSS_CORE_DSB(); + nss_index = if_map->n2h_nss_index[qid]; + +@@ -1587,13 +1593,23 @@ static int32_t nss_core_handle_cause_que + start = hlos_index; + end = (hlos_index + count) & mask; + if (end > start) { +- dmac_inv_range((void *)&desc_ring[start], (void *)&desc_ring[end] + sizeof(struct n2h_descriptor)); ++ dma_size = sizeof(struct n2h_descriptor) * (end - start + 1); ++ ++ dma_sync_single_for_cpu(nss_ctx->dev, n2h_desc_index_to_dma(if_map, qid, start), ++ dma_size, DMA_FROM_DEVICE); + } else { + /* + * We have wrapped around + */ +- dmac_inv_range((void *)&desc_ring[start], (void *)&desc_ring[mask] + sizeof(struct n2h_descriptor)); +- dmac_inv_range((void *)&desc_ring[0], (void *)&desc_ring[end] + sizeof(struct n2h_descriptor)); ++ dma_size = sizeof(struct n2h_descriptor) * (mask - start + 1); ++ ++ dma_sync_single_for_cpu(nss_ctx->dev, n2h_desc_index_to_dma(if_map, qid, start), ++ dma_size, DMA_FROM_DEVICE); ++ ++ dma_size = sizeof(struct n2h_descriptor) * (end + 1); ++ ++ dma_sync_single_for_cpu(nss_ctx->dev, n2h_desc_index_to_dma(if_map, qid, 0), dma_size, ++ DMA_FROM_DEVICE); + } + + /* +@@ -1722,7 +1738,8 @@ next: + n2h_desc_ring->hlos_index = hlos_index; + if_map->n2h_hlos_index[qid] = hlos_index; + +- NSS_CORE_DMA_CACHE_MAINT((void *)&if_map->n2h_hlos_index[qid], sizeof(uint32_t), DMA_TO_DEVICE); ++ dma_sync_single_for_device(nss_ctx->dev, n2h_hlos_index_to_dma(mem_ctx->if_map_dma, qid), ++ sizeof(uint32_t), DMA_TO_DEVICE); + NSS_CORE_DSB(); + + return count; +@@ -1734,11 +1751,12 @@ next: + */ + static void nss_core_init_nss(struct nss_ctx_instance *nss_ctx, struct nss_if_mem_map *if_map) + { ++ struct nss_meminfo_ctx *mem_ctx = &nss_ctx->meminfo_ctx; + struct nss_top_instance *nss_top; + int ret; + int i; + +- NSS_CORE_DMA_CACHE_MAINT((void *)if_map, sizeof(*if_map), DMA_FROM_DEVICE); ++ dma_sync_single_for_cpu(nss_ctx->dev, mem_ctx->if_map_dma, sizeof(*if_map), DMA_FROM_DEVICE); + NSS_CORE_DSB(); + + /* +@@ -1835,6 +1853,7 @@ static void nss_core_alloc_paged_buffers + uint16_t count, int16_t mask, int32_t hlos_index, uint32_t alloc_fail_count, + uint32_t buffer_type, uint32_t buffer_queue, uint32_t stats_index) + { ++ struct nss_meminfo_ctx *mem_ctx = &nss_ctx->meminfo_ctx; + struct sk_buff *nbuf; + struct page *npage; + struct hlos_h2n_desc_rings *h2n_desc_ring = &nss_ctx->h2n_desc_rings[buffer_queue]; +@@ -1904,7 +1923,9 @@ static void nss_core_alloc_paged_buffers + /* + * Flush the descriptor + */ +- NSS_CORE_DMA_CACHE_MAINT((void *)desc, sizeof(*desc), DMA_TO_DEVICE); ++ dma_sync_single_for_device(nss_ctx->dev, ++ h2n_desc_index_to_dma(if_map, buffer_queue, hlos_index), ++ sizeof(*desc), DMA_TO_DEVICE); + + hlos_index = (hlos_index + 1) & (mask); + count--; +@@ -1918,7 +1939,8 @@ static void nss_core_alloc_paged_buffers + h2n_desc_ring->hlos_index = hlos_index; + if_map->h2n_hlos_index[buffer_queue] = hlos_index; + +- NSS_CORE_DMA_CACHE_MAINT(&if_map->h2n_hlos_index[buffer_queue], sizeof(uint32_t), DMA_TO_DEVICE); ++ dma_sync_single_for_device(nss_ctx->dev, h2n_hlos_index_to_dma(mem_ctx->if_map_dma, buffer_queue), ++ sizeof(uint32_t), DMA_TO_DEVICE); + NSS_CORE_DSB(); + + NSS_PKT_STATS_INC(&nss_top->stats_drv[stats_index]); +@@ -1931,7 +1953,7 @@ static void nss_core_alloc_paged_buffers + static void nss_core_alloc_jumbo_mru_buffers(struct nss_ctx_instance *nss_ctx, struct nss_if_mem_map *if_map, + int jumbo_mru, uint16_t count, int16_t mask, int32_t hlos_index) + { +- ++ struct nss_meminfo_ctx *mem_ctx = &nss_ctx->meminfo_ctx; + struct sk_buff *nbuf; + struct hlos_h2n_desc_rings *h2n_desc_ring = &nss_ctx->h2n_desc_rings[NSS_IF_H2N_EMPTY_BUFFER_QUEUE]; + struct h2n_desc_if_instance *desc_if = &h2n_desc_ring->desc_ring; +@@ -1978,7 +2000,9 @@ static void nss_core_alloc_jumbo_mru_buf + /* + * Flush the descriptor + */ +- NSS_CORE_DMA_CACHE_MAINT((void *)desc, sizeof(*desc), DMA_TO_DEVICE); ++ dma_sync_single_for_device(nss_ctx->dev, ++ h2n_desc_index_to_dma(if_map, NSS_IF_H2N_EMPTY_BUFFER_QUEUE, hlos_index), ++ sizeof(*desc), DMA_TO_DEVICE); + + hlos_index = (hlos_index + 1) & (mask); + count--; +@@ -1992,7 +2016,8 @@ static void nss_core_alloc_jumbo_mru_buf + h2n_desc_ring->hlos_index = hlos_index; + if_map->h2n_hlos_index[NSS_IF_H2N_EMPTY_BUFFER_QUEUE] = hlos_index; + +- NSS_CORE_DMA_CACHE_MAINT(&if_map->h2n_hlos_index[NSS_IF_H2N_EMPTY_BUFFER_QUEUE], sizeof(uint32_t), DMA_TO_DEVICE); ++ dma_sync_single_for_device(nss_ctx->dev, h2n_hlos_index_to_dma(mem_ctx->if_map_dma, NSS_IF_H2N_EMPTY_BUFFER_QUEUE), ++ sizeof(uint32_t), DMA_TO_DEVICE); + NSS_CORE_DSB(); + + NSS_PKT_STATS_INC(&nss_top->stats_drv[NSS_DRV_STATS_TX_EMPTY]); +@@ -2005,6 +2030,7 @@ static void nss_core_alloc_jumbo_mru_buf + static void nss_core_alloc_max_avail_size_buffers(struct nss_ctx_instance *nss_ctx, struct nss_if_mem_map *if_map, + uint16_t max_buf_size, uint16_t count, int16_t mask, int32_t hlos_index) + { ++ struct nss_meminfo_ctx *mem_ctx = &nss_ctx->meminfo_ctx; + struct hlos_h2n_desc_rings *h2n_desc_ring = &nss_ctx->h2n_desc_rings[NSS_IF_H2N_EMPTY_BUFFER_QUEUE]; + struct h2n_desc_if_instance *desc_if = &h2n_desc_ring->desc_ring; + struct h2n_descriptor *desc_ring = desc_if->desc; +@@ -2012,6 +2038,7 @@ static void nss_core_alloc_max_avail_siz + uint16_t payload_len = max_buf_size + NET_SKB_PAD; + uint16_t start = hlos_index; + uint16_t prev_hlos_index; ++ int dma_size; + + while (count) { + dma_addr_t buffer; +@@ -2064,13 +2091,26 @@ static void nss_core_alloc_max_avail_siz + * Flush the descriptors, including the descriptor at prev_hlos_index. + */ + if (prev_hlos_index > start) { +- dmac_clean_range((void *)&desc_ring[start], (void *)&desc_ring[prev_hlos_index] + sizeof(struct h2n_descriptor)); ++ dma_size = sizeof(struct h2n_descriptor) * (prev_hlos_index - start + 1); ++ ++ dma_sync_single_for_device(nss_ctx->dev, ++ h2n_desc_index_to_dma(if_map, NSS_IF_H2N_EMPTY_BUFFER_QUEUE, start), ++ dma_size, DMA_TO_DEVICE); + } else { + /* + * We have wrapped around + */ +- dmac_clean_range((void *)&desc_ring[start], (void *)&desc_ring[mask] + sizeof(struct h2n_descriptor)); +- dmac_clean_range((void *)&desc_ring[0], (void *)&desc_ring[prev_hlos_index] + sizeof(struct h2n_descriptor)); ++ dma_size = sizeof(struct h2n_descriptor) * (mask - start + 1); ++ ++ dma_sync_single_for_device(nss_ctx->dev, ++ h2n_desc_index_to_dma(if_map, NSS_IF_H2N_EMPTY_BUFFER_QUEUE, start), ++ dma_size, DMA_TO_DEVICE); ++ ++ dma_size = sizeof(struct h2n_descriptor) * (prev_hlos_index + 1); ++ ++ dma_sync_single_for_device(nss_ctx->dev, ++ h2n_desc_index_to_dma(if_map, NSS_IF_H2N_EMPTY_BUFFER_QUEUE, 0), ++ dma_size, DMA_TO_DEVICE); + } + + /* +@@ -2081,7 +2121,8 @@ static void nss_core_alloc_max_avail_siz + h2n_desc_ring->hlos_index = hlos_index; + if_map->h2n_hlos_index[NSS_IF_H2N_EMPTY_BUFFER_QUEUE] = hlos_index; + +- NSS_CORE_DMA_CACHE_MAINT(&if_map->h2n_hlos_index[NSS_IF_H2N_EMPTY_BUFFER_QUEUE], sizeof(uint32_t), DMA_TO_DEVICE); ++ dma_sync_single_for_device(nss_ctx->dev, h2n_hlos_index_to_dma(mem_ctx->if_map_dma, NSS_IF_H2N_EMPTY_BUFFER_QUEUE), ++ sizeof(uint32_t), DMA_TO_DEVICE); + NSS_CORE_DSB(); + + NSS_PKT_STATS_INC(&nss_top->stats_drv[NSS_DRV_STATS_TX_EMPTY]); +@@ -2094,6 +2135,7 @@ static void nss_core_alloc_max_avail_siz + static inline void nss_core_handle_empty_buffer_sos(struct nss_ctx_instance *nss_ctx, + struct nss_if_mem_map *if_map, uint16_t max_buf_size) + { ++ struct nss_meminfo_ctx *mem_ctx = &nss_ctx->meminfo_ctx; + uint16_t count, size, mask; + int32_t nss_index, hlos_index; + struct hlos_h2n_desc_rings *h2n_desc_ring = &nss_ctx->h2n_desc_rings[NSS_IF_H2N_EMPTY_BUFFER_QUEUE]; +@@ -2104,7 +2146,8 @@ static inline void nss_core_handle_empty + /* + * Check how many empty buffers could be filled in queue + */ +- NSS_CORE_DMA_CACHE_MAINT(&if_map->h2n_nss_index[NSS_IF_H2N_EMPTY_BUFFER_QUEUE], sizeof(uint32_t), DMA_FROM_DEVICE); ++ dma_sync_single_for_cpu(nss_ctx->dev, h2n_nss_index_to_dma(mem_ctx->if_map_dma, NSS_IF_H2N_EMPTY_BUFFER_QUEUE), ++ sizeof(uint32_t), DMA_FROM_DEVICE); + NSS_CORE_DSB(); + nss_index = if_map->h2n_nss_index[NSS_IF_H2N_EMPTY_BUFFER_QUEUE]; + +@@ -2149,6 +2192,7 @@ static inline void nss_core_handle_empty + static inline void nss_core_handle_paged_empty_buffer_sos(struct nss_ctx_instance *nss_ctx, + struct nss_if_mem_map *if_map, uint16_t max_buf_size) + { ++ struct nss_meminfo_ctx *mem_ctx = &nss_ctx->meminfo_ctx; + uint16_t count, size, mask; + int32_t nss_index, hlos_index; + struct hlos_h2n_desc_rings *h2n_desc_ring = &nss_ctx->h2n_desc_rings[NSS_IF_H2N_EMPTY_PAGED_BUFFER_QUEUE]; +@@ -2156,7 +2200,8 @@ static inline void nss_core_handle_paged + /* + * Check how many empty buffers could be filled in queue + */ +- NSS_CORE_DMA_CACHE_MAINT((void *)&if_map->h2n_nss_index[NSS_IF_H2N_EMPTY_PAGED_BUFFER_QUEUE], sizeof(uint32_t), DMA_FROM_DEVICE); ++ dma_sync_single_for_cpu(nss_ctx->dev, h2n_nss_index_to_dma(mem_ctx->if_map_dma, NSS_IF_H2N_EMPTY_PAGED_BUFFER_QUEUE), ++ sizeof(uint32_t), DMA_FROM_DEVICE); + NSS_CORE_DSB(); + nss_index = if_map->h2n_nss_index[NSS_IF_H2N_EMPTY_PAGED_BUFFER_QUEUE]; + +@@ -2733,9 +2778,11 @@ void nss_skb_reuse(struct sk_buff *nbuf) + * Sends one skb to NSS FW + */ + static inline int32_t nss_core_send_buffer_simple_skb(struct nss_ctx_instance *nss_ctx, +- struct h2n_desc_if_instance *desc_if, uint32_t if_num, +- struct sk_buff *nbuf, uint16_t hlos_index, uint16_t flags, uint8_t buffer_type, uint16_t mss) ++ struct h2n_desc_if_instance *desc_if, uint32_t if_num, struct sk_buff *nbuf, ++ uint16_t qid, uint16_t hlos_index, uint16_t flags, uint8_t buffer_type, uint16_t mss) + { ++ struct nss_meminfo_ctx *mem_ctx = &nss_ctx->meminfo_ctx; ++ struct nss_if_mem_map *if_map = mem_ctx->if_map; + struct h2n_descriptor *desc_ring = desc_if->desc; + struct h2n_descriptor *desc; + uint16_t bit_flags; +@@ -2789,7 +2836,8 @@ static inline int32_t nss_core_send_buff + (nss_ptr_t)nbuf, (uint16_t)(nbuf->data - nbuf->head), nbuf->len, + sz, (uint32_t)nbuf->priority, mss, bit_flags); + +- NSS_CORE_DMA_CACHE_MAINT((void *)desc, sizeof(*desc), DMA_TO_DEVICE); ++ dma_sync_single_for_device(nss_ctx->dev, h2n_desc_index_to_dma(if_map, qid, hlos_index), ++ sizeof(*desc), DMA_TO_DEVICE); + + /* + * We are done using the skb fields and can reuse it now +@@ -2813,7 +2861,8 @@ no_reuse: + (nss_ptr_t)nbuf, (uint16_t)(nbuf->data - nbuf->head), nbuf->len, + (uint16_t)skb_end_offset(nbuf), (uint32_t)nbuf->priority, mss, bit_flags); + +- NSS_CORE_DMA_CACHE_MAINT((void *)desc, sizeof(*desc), DMA_TO_DEVICE); ++ dma_sync_single_for_device(nss_ctx->dev, h2n_desc_index_to_dma(if_map, qid, hlos_index), ++ sizeof(*desc), DMA_TO_DEVICE); + + NSS_PKT_STATS_INC(&nss_ctx->nss_top->stats_drv[NSS_DRV_STATS_TX_SIMPLE]); + return 1; +@@ -2827,9 +2876,11 @@ no_reuse: + * Used to differentiate from FRAGLIST + */ + static inline int32_t nss_core_send_buffer_nr_frags(struct nss_ctx_instance *nss_ctx, +- struct h2n_desc_if_instance *desc_if, uint32_t if_num, +- struct sk_buff *nbuf, uint16_t hlos_index, uint16_t flags, uint8_t buffer_type, uint16_t mss) ++ struct h2n_desc_if_instance *desc_if, uint32_t if_num, struct sk_buff *nbuf, ++ uint16_t qid, uint16_t hlos_index, uint16_t flags, uint8_t buffer_type, uint16_t mss) + { ++ struct nss_meminfo_ctx *mem_ctx = &nss_ctx->meminfo_ctx; ++ struct nss_if_mem_map *if_map = mem_ctx->if_map; + struct h2n_descriptor *desc_ring = desc_if->desc; + struct h2n_descriptor *desc; + const skb_frag_t *frag; +@@ -2869,7 +2920,8 @@ static inline int32_t nss_core_send_buff + (nss_ptr_t)NULL, nbuf->data - nbuf->head, nbuf->len - nbuf->data_len, + skb_end_offset(nbuf), (uint32_t)nbuf->priority, mss, bit_flags | H2N_BIT_FLAG_FIRST_SEGMENT); + +- NSS_CORE_DMA_CACHE_MAINT((void *)desc, sizeof(*desc), DMA_TO_DEVICE); ++ dma_sync_single_for_device(nss_ctx->dev, h2n_desc_index_to_dma(if_map, qid, hlos_index), ++ sizeof(*desc), DMA_TO_DEVICE); + + /* + * Now handle rest of the fragments. +@@ -2893,7 +2945,8 @@ static inline int32_t nss_core_send_buff + (nss_ptr_t)NULL, 0, skb_frag_size(frag), skb_frag_size(frag), + nbuf->priority, mss, bit_flags); + +- NSS_CORE_DMA_CACHE_MAINT((void *)desc, sizeof(*desc), DMA_TO_DEVICE); ++ dma_sync_single_for_device(nss_ctx->dev, h2n_desc_index_to_dma(if_map, qid, hlos_index), ++ sizeof(*desc), DMA_TO_DEVICE); + } + + /* +@@ -2909,7 +2962,8 @@ static inline int32_t nss_core_send_buff + desc->bit_flags &= ~(H2N_BIT_FLAG_DISCARD); + desc->opaque = (nss_ptr_t)nbuf; + +- NSS_CORE_DMA_CACHE_MAINT((void *)desc, sizeof(*desc), DMA_TO_DEVICE); ++ dma_sync_single_for_device(nss_ctx->dev, h2n_desc_index_to_dma(if_map, qid, hlos_index), ++ sizeof(*desc), DMA_TO_DEVICE); + + NSS_PKT_STATS_INC(&nss_ctx->nss_top->stats_drv[NSS_DRV_STATS_TX_NR_FRAGS]); + return i+1; +@@ -2923,9 +2977,11 @@ static inline int32_t nss_core_send_buff + * Used to differentiate from FRAGS + */ + static inline int32_t nss_core_send_buffer_fraglist(struct nss_ctx_instance *nss_ctx, +- struct h2n_desc_if_instance *desc_if, uint32_t if_num, +- struct sk_buff *nbuf, uint16_t hlos_index, uint16_t flags, uint8_t buffer_type, uint16_t mss) ++ struct h2n_desc_if_instance *desc_if, uint32_t if_num, struct sk_buff *nbuf, ++ uint16_t qid, uint16_t hlos_index, uint16_t flags, uint8_t buffer_type, uint16_t mss) + { ++ struct nss_meminfo_ctx *mem_ctx = &nss_ctx->meminfo_ctx; ++ struct nss_if_mem_map *if_map = mem_ctx->if_map; + struct h2n_descriptor *desc_ring = desc_if->desc; + struct h2n_descriptor *desc; + dma_addr_t buffer; +@@ -2964,7 +3020,8 @@ static inline int32_t nss_core_send_buff + (nss_ptr_t)nbuf, nbuf->data - nbuf->head, nbuf->len - nbuf->data_len, + skb_end_offset(nbuf), (uint32_t)nbuf->priority, mss, bit_flags | H2N_BIT_FLAG_FIRST_SEGMENT); + +- NSS_CORE_DMA_CACHE_MAINT((void *)desc, sizeof(*desc), DMA_TO_DEVICE); ++ dma_sync_single_for_device(nss_ctx->dev, h2n_desc_index_to_dma(if_map, qid, hlos_index), ++ sizeof(*desc), DMA_TO_DEVICE); + + /* + * Walk the frag_list in nbuf +@@ -3017,7 +3074,8 @@ static inline int32_t nss_core_send_buff + (nss_ptr_t)iter, iter->data - iter->head, iter->len - iter->data_len, + skb_end_offset(iter), iter->priority, mss, bit_flags); + +- NSS_CORE_DMA_CACHE_MAINT((void *)desc, sizeof(*desc), DMA_TO_DEVICE); ++ dma_sync_single_for_device(nss_ctx->dev, h2n_desc_index_to_dma(if_map, qid, hlos_index), ++ sizeof(*desc), DMA_TO_DEVICE); + + i++; + } +@@ -3036,7 +3094,8 @@ static inline int32_t nss_core_send_buff + * Update bit flag for last descriptor. + */ + desc->bit_flags |= H2N_BIT_FLAG_LAST_SEGMENT; +- NSS_CORE_DMA_CACHE_MAINT((void *)desc, sizeof(*desc), DMA_TO_DEVICE); ++ dma_sync_single_for_device(nss_ctx->dev, h2n_desc_index_to_dma(if_map, qid, hlos_index), ++ sizeof(*desc), DMA_TO_DEVICE); + + NSS_PKT_STATS_INC(&nss_ctx->nss_top->stats_drv[NSS_DRV_STATS_TX_FRAGLIST]); + return i+1; +@@ -3115,8 +3174,10 @@ int32_t nss_core_send_buffer(struct nss_ + * We need to work out if there's sufficent space in our transmit descriptor + * ring to place all the segments of a nbuf. + */ +- NSS_CORE_DMA_CACHE_MAINT((void *)&if_map->h2n_nss_index[qid], sizeof(uint32_t), DMA_FROM_DEVICE); ++ dma_sync_single_for_cpu(nss_ctx->dev, h2n_nss_index_to_dma(mem_ctx->if_map_dma, qid), ++ sizeof(uint32_t), DMA_FROM_DEVICE); + NSS_CORE_DSB(); ++ + nss_index = if_map->h2n_nss_index[qid]; + h2n_desc_ring->nss_index_local = nss_index; + count = ((nss_index - hlos_index - 1) + size) & (mask); +@@ -3181,13 +3242,13 @@ int32_t nss_core_send_buffer(struct nss_ + count = 0; + if (likely((segments == 0) || is_bounce)) { + count = nss_core_send_buffer_simple_skb(nss_ctx, desc_if, if_num, +- nbuf, hlos_index, flags, buffer_type, mss); ++ nbuf, qid, hlos_index, flags, buffer_type, mss); + } else if (skb_has_frag_list(nbuf)) { + count = nss_core_send_buffer_fraglist(nss_ctx, desc_if, if_num, +- nbuf, hlos_index, flags, buffer_type, mss); ++ nbuf, qid, hlos_index, flags, buffer_type, mss); + } else { + count = nss_core_send_buffer_nr_frags(nss_ctx, desc_if, if_num, +- nbuf, hlos_index, flags, buffer_type, mss); ++ nbuf, qid, hlos_index, flags, buffer_type, mss); + } + + if (unlikely(count <= 0)) { +@@ -3211,7 +3272,8 @@ int32_t nss_core_send_buffer(struct nss_ + h2n_desc_ring->hlos_index = hlos_index; + if_map->h2n_hlos_index[qid] = hlos_index; + +- NSS_CORE_DMA_CACHE_MAINT(&if_map->h2n_hlos_index[qid], sizeof(uint32_t), DMA_TO_DEVICE); ++ dma_sync_single_for_device(nss_ctx->dev, h2n_hlos_index_to_dma(mem_ctx->if_map_dma, qid), ++ sizeof(uint32_t), DMA_TO_DEVICE); + NSS_CORE_DSB(); + + #ifdef CONFIG_DEBUG_KMEMLEAK +--- a/nss_core.h ++++ b/nss_core.h +@@ -105,31 +105,30 @@ + #endif + + /* +- * Cache operation ++ * DMA Offset helper + */ +-#define NSS_CORE_DSB() dsb(sy) +-#define NSS_CORE_DMA_CACHE_MAINT(start, size, dir) nss_core_dma_cache_maint(start, size, dir) ++#define n2h_desc_index_offset(_index) sizeof(struct n2h_descriptor) * (_index) ++#define h2n_desc_index_offset(_index) sizeof(struct h2n_descriptor) * (_index) ++ ++#define n2h_desc_index_to_dma(_if_map_addr, _qid, _index) (_if_map_addr)->n2h_desc_if[(_qid)].desc_addr + n2h_desc_index_offset(_index) ++#define h2n_desc_index_to_dma(_if_map_addr, _qid, _index) (_if_map_addr)->h2n_desc_if[(_qid)].desc_addr + h2n_desc_index_offset(_index) ++ ++#define h2n_nss_index_offset offsetof(struct nss_if_mem_map, h2n_nss_index) ++#define n2h_nss_index_offset offsetof(struct nss_if_mem_map, n2h_nss_index) ++#define h2n_hlos_index_offset offsetof(struct nss_if_mem_map, h2n_hlos_index) ++#define n2h_hlos_index_offset offsetof(struct nss_if_mem_map, n2h_hlos_index) ++ ++#define h2n_nss_index_to_dma(_if_map_addr, _index) (_if_map_addr) + h2n_nss_index_offset + (sizeof(uint32_t) * (_index)) ++#define n2h_nss_index_to_dma(_if_map_addr, _index) (_if_map_addr) + n2h_nss_index_offset + (sizeof(uint32_t) * (_index)) ++#define h2n_hlos_index_to_dma(_if_map_addr, _index) (_if_map_addr) + h2n_hlos_index_offset + (sizeof(uint32_t) * (_index)) ++#define n2h_hlos_index_to_dma(_if_map_addr, _index) (_if_map_addr) + n2h_hlos_index_offset + (sizeof(uint32_t) * (_index)) + + /* +- * nss_core_dma_cache_maint() +- * Perform the appropriate cache op based on direction ++ * Cache operation + */ +-static inline void nss_core_dma_cache_maint(void *start, uint32_t size, int direction) +-{ +- switch (direction) { +- case DMA_FROM_DEVICE:/* invalidate only */ +- dmac_inv_range(start, start + size); +- break; +- case DMA_TO_DEVICE:/* writeback only */ +- dmac_clean_range(start, start + size); +- break; +- case DMA_BIDIRECTIONAL:/* writeback and invalidate */ +- dmac_flush_range(start, start + size); +- break; +- default: +- BUG(); +- } +-} ++#define NSS_CORE_DSB() dsb(sy) ++#define NSS_CORE_DMA_CACHE_MAINT(dev, start, size, dir) BUILD_BUG_ON_MSG(1, \ ++ "NSS_CORE_DMA_CACHE_MAINT is deprecated. Fix the code to use correct dma_sync_* API") + + #define NSS_DEVICE_IF_START NSS_PHYSICAL_IF_START + +--- a/nss_hal/ipq806x/nss_hal_pvt.c ++++ b/nss_hal/ipq806x/nss_hal_pvt.c +@@ -477,10 +477,9 @@ static struct nss_platform_data *__nss_h + /* + * Clear TCM memory used by this core + */ +- for (i = 0; i < resource_size(&res_vphys) ; i += 4) { ++ for (i = 0; i < resource_size(&res_vphys) ; i += 4) + nss_write_32(npd->vmap, i, 0); +- NSS_CORE_DMA_CACHE_MAINT((npd->vmap + i), 4, DMA_TO_DEVICE); +- } ++ + NSS_CORE_DSB(); + + /* +--- a/nss_hal/ipq807x/nss_hal_pvt.c ++++ b/nss_hal/ipq807x/nss_hal_pvt.c +@@ -259,10 +259,9 @@ static struct nss_platform_data *__nss_h + /* + * Clear TCM memory used by this core + */ +- for (i = 0; i < resource_size(&res_vphys) ; i += 4) { ++ for (i = 0; i < resource_size(&res_vphys) ; i += 4) + nss_write_32(npd->vmap, i, 0); +- NSS_CORE_DMA_CACHE_MAINT((npd->vmap + i), 4, DMA_TO_DEVICE); +- } ++ + NSS_CORE_DSB(); + + /* +--- a/nss_meminfo.c ++++ b/nss_meminfo.c +@@ -415,7 +415,6 @@ static bool nss_meminfo_init_block_lists + /* + * Flush the updated meminfo request. + */ +- NSS_CORE_DMA_CACHE_MAINT(r, sizeof(struct nss_meminfo_request), DMA_TO_DEVICE); + NSS_CORE_DSB(); + + /* +@@ -546,7 +545,7 @@ static bool nss_meminfo_configure_n2h_h2 + * Bring a fresh copy of if_map from memory in order to read it correctly. + */ + if_map = mem_ctx->if_map; +- NSS_CORE_DMA_CACHE_MAINT((void *)if_map, sizeof(struct nss_if_mem_map), DMA_FROM_DEVICE); ++ dma_sync_single_for_cpu(nss_ctx->dev, mem_ctx->if_map_dma, sizeof(struct nss_if_mem_map), DMA_FROM_DEVICE); + NSS_CORE_DSB(); + + if_map->n2h_rings = NSS_N2H_RING_COUNT; +@@ -584,7 +583,7 @@ static bool nss_meminfo_configure_n2h_h2 + /* + * Flush the updated nss_if_mem_map. + */ +- NSS_CORE_DMA_CACHE_MAINT((void *)if_map, sizeof(struct nss_if_mem_map), DMA_TO_DEVICE); ++ dma_sync_single_for_device(nss_ctx->dev, mem_ctx->if_map_dma, sizeof(struct nss_if_mem_map), DMA_TO_DEVICE); + NSS_CORE_DSB(); + + return true; +--- a/nss_profiler.c ++++ b/nss_profiler.c +@@ -209,11 +209,12 @@ EXPORT_SYMBOL(nss_profile_dma_deregister + struct nss_profile_sdma_ctrl *nss_profile_dma_get_ctrl(struct nss_ctx_instance *nss_ctx) + { + struct nss_profile_sdma_ctrl *ctrl = nss_ctx->meminfo_ctx.sdma_ctrl; ++ int size = offsetof(struct nss_profile_sdma_ctrl, cidx); + if (!ctrl) { + return ctrl; + } + +- dmac_inv_range(ctrl, &ctrl->cidx); ++ dma_sync_single_for_cpu(nss_ctx->dev, (dma_addr_t) ctrl, size, DMA_FROM_DEVICE); + dsb(sy); + return ctrl; + } diff --git a/package/qca/qca-nss-drv/patches/0005-nss-drv-rework-getting-the-reserved-memory-size.patch b/package/qca/qca-nss-drv/patches/0005-nss-drv-rework-getting-the-reserved-memory-size.patch new file mode 100644 index 000000000..7bb8549e5 --- /dev/null +++ b/package/qca/qca-nss-drv/patches/0005-nss-drv-rework-getting-the-reserved-memory-size.patch @@ -0,0 +1,114 @@ +From 1c2b564d7b29644765925a784d468f40555ded8a Mon Sep 17 00:00:00 2001 +From: Robert Marko +Date: Fri, 10 Feb 2023 12:50:51 +0100 +Subject: [PATCH] nss-drv: rework getting the reserved-memory size + +Currently, the way NSS DRV gets the reserved memory node strictly depends +on the nss@40000000 node being present so it can find it after globaly +looking for the reserved-memory node and then going through its children. + +After that its evaluation the address and size cells manually in order to +properly calculate the size of reserved-memory. + +We can make this way more reliable and generic, so lets pass the memory +region wia the NSS common DTS node, match it via its compatible and then +get the memory region phandle and simply convert it to a resource. + +Signed-off-by: Robert Marko +--- + nss_core.c | 70 +++++++++++++++++++++++------------------------------- + 1 file changed, 30 insertions(+), 40 deletions(-) + +--- a/nss_core.c ++++ b/nss_core.c +@@ -26,6 +26,8 @@ + #include + #include + #include ++#include ++#include + #include + #include + #ifdef CONFIG_BRIDGE_NETFILTER +@@ -492,50 +494,38 @@ static void nss_core_handle_crypto_pkt(s + */ + static uint32_t nss_soc_mem_info(void) + { +- struct device_node *node; +- struct device_node *snode; +- int addr_cells; +- int size_cells; +- int n_items; +- uint32_t nss_msize = 8 << 20; /* default: 8MB */ +- const __be32 *ppp; +- +- node = of_find_node_by_name(NULL, "reserved-memory"); +- if (!node) { +- nss_info_always("reserved-memory not found\n"); +- return nss_msize; +- } +- +- ppp = (__be32 *)of_get_property(node, "#address-cells", NULL); +- addr_cells = ppp ? be32_to_cpup(ppp) : 2; +- nss_info("%px addr cells %d\n", ppp, addr_cells); +- ppp = (__be32 *)of_get_property(node, "#size-cells", NULL); +- size_cells = ppp ? be32_to_cpup(ppp) : 2; +- nss_info("%px size cells %d\n", ppp, size_cells); +- +- for_each_child_of_node(node, snode) { +- /* +- * compare (snode->full_name, "/reserved-memory/nss@40000000") may be safer +- */ +- nss_info("%px snode %s fn %s\n", snode, snode->name, snode->full_name); +- if (strcmp(snode->name, "nss") == 0) +- break; +- } +- of_node_put(node); +- if (!snode) { +- nss_info_always("nss@node not found: needed to determine NSS reserved DDR\n"); +- return nss_msize; +- } +- +- ppp = (__be32 *)of_get_property(snode, "reg", &n_items); +- if (ppp) { +- n_items /= sizeof(ppp[0]); +- nss_msize = be32_to_cpup(ppp + addr_cells + size_cells - 1); +- nss_info("addr/size storage words %d %d # words %d in DTS, ddr size %x\n", +- addr_cells, size_cells, n_items, nss_msize); ++ struct device_node *common_node, *memory_node; ++ struct resource r; ++ int ret; ++ ++ common_node = of_find_compatible_node(NULL, NULL, "qcom,nss-common"); ++ if (!common_node) { ++ nss_info_always("NSS common node not found!\n"); ++ goto err_use_default_memsize; ++ } ++ ++ memory_node = of_parse_phandle(common_node, "memory-region", 0); ++ if (!memory_node) { ++ nss_info_always("NSS reserved-memory node not found!\n"); ++ goto err_use_default_memsize; ++ } ++ ++ ret = of_address_to_resource(memory_node, 0, &r); ++ of_node_put(common_node); ++ of_node_put(memory_node); ++ if (ret) { ++ nss_info_always("NSS reserved-memory resource not found!\n"); ++ goto err_use_default_memsize; + } +- of_node_put(snode); +- return nss_msize; ++ ++ nss_info_always("NSS DDR size is 0x%x\n", (uint32_t) resource_size(&r)); ++ ++ return resource_size(&r); ++ ++err_use_default_memsize: ++ nss_info_always("Using default NSS reserved-memory size of 0x%x !\n", SZ_8M); ++ ++ return SZ_8M; + } + + /* diff --git a/package/qca/qca-nss-drv/patches/0006-nss-drv-Fix-nss_clmap_stats-enum-int-compilation-error-GCC-13.patch b/package/qca/qca-nss-drv/patches/0006-nss-drv-Fix-nss_clmap_stats-enum-int-compilation-error-GCC-13.patch new file mode 100644 index 000000000..7cdb0127f --- /dev/null +++ b/package/qca/qca-nss-drv/patches/0006-nss-drv-Fix-nss_clmap_stats-enum-int-compilation-error-GCC-13.patch @@ -0,0 +1,11 @@ +--- a/nss_clmap_stats.c ++++ b/nss_clmap_stats.c +@@ -63,7 +63,7 @@ void nss_clmap_stats_session_unregister( + * nss_clmap_stats_session_register + * Register debug statistic for clmap session. + */ +-bool nss_clmap_stats_session_register(uint32_t if_num, uint32_t if_type, struct net_device *netdev) ++bool nss_clmap_stats_session_register(uint32_t if_num, enum nss_clmap_interface_type if_type, struct net_device *netdev) + { + uint32_t i; + bool stats_status = false; diff --git a/package/qca/qca-nss-drv/patches/0007-nss-drv-Fix-nss_wifili_if-compilation-error-GCC-13.patch b/package/qca/qca-nss-drv/patches/0007-nss-drv-Fix-nss_wifili_if-compilation-error-GCC-13.patch new file mode 100644 index 000000000..0abeab1ad --- /dev/null +++ b/package/qca/qca-nss-drv/patches/0007-nss-drv-Fix-nss_wifili_if-compilation-error-GCC-13.patch @@ -0,0 +1,11 @@ +--- a/exports/nss_wifili_if.h ++++ b/exports/nss_wifili_if.h +@@ -2207,7 +2207,7 @@ void nss_wifili_release_external_if(nss_ + */ + uint8_t nss_wifili_thread_scheme_alloc(struct nss_ctx_instance *nss_ctx, + int32_t radio_ifnum, +- uint32_t radio_priority); ++ enum nss_wifili_thread_scheme_priority radio_priority); + + /** + * nss_wifili_thread_scheme_dealloc diff --git a/package/qca/qca-nss-drv/patches/0008-add-kernel-6.1-support.patch b/package/qca/qca-nss-drv/patches/0008-add-kernel-6.1-support.patch new file mode 100644 index 000000000..1ab62585f --- /dev/null +++ b/package/qca/qca-nss-drv/patches/0008-add-kernel-6.1-support.patch @@ -0,0 +1,250 @@ +--- a/nss_hal/fsm9010/nss_hal_pvt.c ++++ b/nss_hal/fsm9010/nss_hal_pvt.c +@@ -291,7 +291,11 @@ static int __nss_hal_request_irq(struct + } + + int_ctx->irq = npd->irq[irq_num]; +- netif_napi_add(&nss_ctx->napi_ndev, &int_ctx->napi, nss_core_handle_napi, 64); ++#if LINUX_VERSION_CODE < KERNEL_VERSION(6, 1, 0) ++ netif_napi_add(&nss_ctx->napi_ndev, &int_ctx->napi, nss_core_handle_napi, 64); ++#else ++ netif_napi_add_weight(&nss_ctx->napi_ndev, &int_ctx->napi, nss_core_handle_napi, 64); ++#endif + return 0; + } + +--- a/nss_hal/ipq50xx/nss_hal_pvt.c ++++ b/nss_hal/ipq50xx/nss_hal_pvt.c +@@ -599,7 +599,11 @@ static int __nss_hal_request_irq(struct + return err; + } + +- netif_napi_add(&nss_ctx->napi_ndev, &int_ctx->napi, napi_poll_cb, napi_wgt); ++#if LINUX_VERSION_CODE < KERNEL_VERSION(6, 1, 0) ++ netif_napi_add(&nss_ctx->napi_ndev, &int_ctx->napi, napi_poll_cb, napi_wgt); ++#else ++ netif_napi_add_weight(&nss_ctx->napi_ndev, &int_ctx->napi, napi_poll_cb, napi_wgt); ++#endif + int_ctx->cause = cause; + err = request_irq(irq, nss_hal_handle_irq, 0, irq_name, int_ctx); + if (err) { +--- a/nss_hal/ipq60xx/nss_hal_pvt.c ++++ b/nss_hal/ipq60xx/nss_hal_pvt.c +@@ -615,62 +615,102 @@ static int __nss_hal_request_irq(struct + irq_set_status_flags(irq, IRQ_DISABLE_UNLAZY); + + if (irq_num == NSS_HAL_N2H_INTR_PURPOSE_EMPTY_BUFFER_SOS) { +- netif_napi_add(&nss_ctx->napi_ndev, &int_ctx->napi, nss_core_handle_napi_non_queue, NSS_EMPTY_BUFFER_SOS_PROCESSING_WEIGHT); ++#if LINUX_VERSION_CODE < KERNEL_VERSION(6, 1, 0) ++ netif_napi_add(&nss_ctx->napi_ndev, &int_ctx->napi, nss_core_handle_napi_non_queue, NSS_EMPTY_BUFFER_SOS_PROCESSING_WEIGHT); ++#else ++ netif_napi_add_weight(&nss_ctx->napi_ndev, &int_ctx->napi, nss_core_handle_napi_non_queue, NSS_EMPTY_BUFFER_SOS_PROCESSING_WEIGHT); ++#endif + int_ctx->cause = NSS_N2H_INTR_EMPTY_BUFFERS_SOS; + err = request_irq(irq, nss_hal_handle_irq, 0, "nss_empty_buf_sos", int_ctx); + } + + if (irq_num == NSS_HAL_N2H_INTR_PURPOSE_EMPTY_BUFFER_QUEUE) { +- netif_napi_add(&nss_ctx->napi_ndev, &int_ctx->napi, nss_core_handle_napi_queue, NSS_EMPTY_BUFFER_RETURN_PROCESSING_WEIGHT); ++#if LINUX_VERSION_CODE < KERNEL_VERSION(6, 1, 0) ++ netif_napi_add(&nss_ctx->napi_ndev, &int_ctx->napi, nss_core_handle_napi_queue, NSS_EMPTY_BUFFER_RETURN_PROCESSING_WEIGHT); ++#else ++ netif_napi_add_weight(&nss_ctx->napi_ndev, &int_ctx->napi, nss_core_handle_napi_queue, NSS_EMPTY_BUFFER_RETURN_PROCESSING_WEIGHT); ++#endif + int_ctx->cause = NSS_N2H_INTR_EMPTY_BUFFER_QUEUE; + err = request_irq(irq, nss_hal_handle_irq, 0, "nss_empty_buf_queue", int_ctx); + } + + if (irq_num == NSS_HAL_N2H_INTR_PURPOSE_TX_UNBLOCKED) { +- netif_napi_add(&nss_ctx->napi_ndev, &int_ctx->napi, nss_core_handle_napi_non_queue, NSS_TX_UNBLOCKED_PROCESSING_WEIGHT); ++#if LINUX_VERSION_CODE < KERNEL_VERSION(6, 1, 0) ++ netif_napi_add(&nss_ctx->napi_ndev, &int_ctx->napi, nss_core_handle_napi_non_queue, NSS_TX_UNBLOCKED_PROCESSING_WEIGHT); ++#else ++ netif_napi_add_weight(&nss_ctx->napi_ndev, &int_ctx->napi, nss_core_handle_napi_non_queue, NSS_TX_UNBLOCKED_PROCESSING_WEIGHT); ++#endif + int_ctx->cause = NSS_N2H_INTR_TX_UNBLOCKED; + err = request_irq(irq, nss_hal_handle_irq, 0, "nss-tx-unblock", int_ctx); + } + + if (irq_num == NSS_HAL_N2H_INTR_PURPOSE_DATA_QUEUE_0) { +- netif_napi_add(&nss_ctx->napi_ndev, &int_ctx->napi, nss_core_handle_napi_queue, NSS_DATA_COMMAND_BUFFER_PROCESSING_WEIGHT); ++#if LINUX_VERSION_CODE < KERNEL_VERSION(6, 1, 0) ++ netif_napi_add(&nss_ctx->napi_ndev, &int_ctx->napi, nss_core_handle_napi_queue, NSS_DATA_COMMAND_BUFFER_PROCESSING_WEIGHT); ++#else ++ netif_napi_add_weight(&nss_ctx->napi_ndev, &int_ctx->napi, nss_core_handle_napi_queue, NSS_DATA_COMMAND_BUFFER_PROCESSING_WEIGHT); ++#endif + int_ctx->cause = NSS_N2H_INTR_DATA_QUEUE_0; + err = request_irq(irq, nss_hal_handle_irq, 0, "nss_queue0", int_ctx); + } + + if (irq_num == NSS_HAL_N2H_INTR_PURPOSE_DATA_QUEUE_1) { + int_ctx->cause = NSS_N2H_INTR_DATA_QUEUE_1; +- netif_napi_add(&nss_ctx->napi_ndev, &int_ctx->napi, nss_core_handle_napi_queue, NSS_DATA_COMMAND_BUFFER_PROCESSING_WEIGHT); ++#if LINUX_VERSION_CODE < KERNEL_VERSION(6, 1, 0) ++ netif_napi_add(&nss_ctx->napi_ndev, &int_ctx->napi, nss_core_handle_napi_queue, NSS_DATA_COMMAND_BUFFER_PROCESSING_WEIGHT); ++#else ++ netif_napi_add_weight(&nss_ctx->napi_ndev, &int_ctx->napi, nss_core_handle_napi_queue, NSS_DATA_COMMAND_BUFFER_PROCESSING_WEIGHT); ++#endif + err = request_irq(irq, nss_hal_handle_irq, 0, "nss_queue1", int_ctx); + } + + if (irq_num == NSS_HAL_N2H_INTR_PURPOSE_DATA_QUEUE_2) { + int_ctx->cause = NSS_N2H_INTR_DATA_QUEUE_2; +- netif_napi_add(&nss_ctx->napi_ndev, &int_ctx->napi, nss_core_handle_napi_queue, NSS_DATA_COMMAND_BUFFER_PROCESSING_WEIGHT); ++#if LINUX_VERSION_CODE < KERNEL_VERSION(6, 1, 0) ++ netif_napi_add(&nss_ctx->napi_ndev, &int_ctx->napi, nss_core_handle_napi_queue, NSS_DATA_COMMAND_BUFFER_PROCESSING_WEIGHT); ++#else ++ netif_napi_add_weight(&nss_ctx->napi_ndev, &int_ctx->napi, nss_core_handle_napi_queue, NSS_DATA_COMMAND_BUFFER_PROCESSING_WEIGHT); ++#endif + err = request_irq(irq, nss_hal_handle_irq, 0, "nss_queue2", int_ctx); + } + + if (irq_num == NSS_HAL_N2H_INTR_PURPOSE_DATA_QUEUE_3) { + int_ctx->cause = NSS_N2H_INTR_DATA_QUEUE_3; +- netif_napi_add(&nss_ctx->napi_ndev, &int_ctx->napi, nss_core_handle_napi_queue, NSS_DATA_COMMAND_BUFFER_PROCESSING_WEIGHT); ++#if LINUX_VERSION_CODE < KERNEL_VERSION(6, 1, 0) ++ netif_napi_add(&nss_ctx->napi_ndev, &int_ctx->napi, nss_core_handle_napi_queue, NSS_DATA_COMMAND_BUFFER_PROCESSING_WEIGHT); ++#else ++ netif_napi_add_weight(&nss_ctx->napi_ndev, &int_ctx->napi, nss_core_handle_napi_queue, NSS_DATA_COMMAND_BUFFER_PROCESSING_WEIGHT); ++#endif + err = request_irq(irq, nss_hal_handle_irq, 0, "nss_queue3", int_ctx); + } + + if (irq_num == NSS_HAL_N2H_INTR_PURPOSE_COREDUMP_COMPLETE) { + int_ctx->cause = NSS_N2H_INTR_COREDUMP_COMPLETE; +- netif_napi_add(&nss_ctx->napi_ndev, &int_ctx->napi, nss_core_handle_napi_emergency, NSS_DATA_COMMAND_BUFFER_PROCESSING_WEIGHT); ++#if LINUX_VERSION_CODE < KERNEL_VERSION(6, 1, 0) ++ netif_napi_add(&nss_ctx->napi_ndev, &int_ctx->napi, nss_core_handle_napi_emergency, NSS_DATA_COMMAND_BUFFER_PROCESSING_WEIGHT); ++#else ++ netif_napi_add_weight(&nss_ctx->napi_ndev, &int_ctx->napi, nss_core_handle_napi_emergency, NSS_DATA_COMMAND_BUFFER_PROCESSING_WEIGHT); ++#endif + err = request_irq(irq, nss_hal_handle_irq, 0, "nss_coredump_complete", int_ctx); + } + + if (irq_num == NSS_HAL_N2H_INTR_PURPOSE_PAGED_EMPTY_BUFFER_SOS) { +- netif_napi_add(&nss_ctx->napi_ndev, &int_ctx->napi, nss_core_handle_napi_non_queue, NSS_EMPTY_BUFFER_SOS_PROCESSING_WEIGHT); ++#if LINUX_VERSION_CODE < KERNEL_VERSION(6, 1, 0) ++ netif_napi_add(&nss_ctx->napi_ndev, &int_ctx->napi, nss_core_handle_napi_non_queue, NSS_EMPTY_BUFFER_SOS_PROCESSING_WEIGHT); ++#else ++ netif_napi_add_weight(&nss_ctx->napi_ndev, &int_ctx->napi, nss_core_handle_napi_non_queue, NSS_EMPTY_BUFFER_SOS_PROCESSING_WEIGHT); ++#endif + int_ctx->cause = NSS_N2H_INTR_PAGED_EMPTY_BUFFERS_SOS; + err = request_irq(irq, nss_hal_handle_irq, 0, "nss_paged_empty_buf_sos", int_ctx); + } + + if (irq_num == NSS_HAL_N2H_INTR_PURPOSE_PROFILE_DMA) { + int_ctx->cause = NSS_N2H_INTR_PROFILE_DMA; +- netif_napi_add(&nss_ctx->napi_ndev, &int_ctx->napi, nss_core_handle_napi_sdma, NSS_DATA_COMMAND_BUFFER_PROCESSING_WEIGHT); ++#if LINUX_VERSION_CODE < KERNEL_VERSION(6, 1, 0) ++ netif_napi_add(&nss_ctx->napi_ndev, &int_ctx->napi, nss_core_handle_napi_sdma, NSS_DATA_COMMAND_BUFFER_PROCESSING_WEIGHT); ++#else ++ netif_napi_add_weight(&nss_ctx->napi_ndev, &int_ctx->napi, nss_core_handle_napi_sdma, NSS_DATA_COMMAND_BUFFER_PROCESSING_WEIGHT); ++#endif + err = request_irq(irq, nss_hal_handle_irq, 0, "nss_profile_dma", int_ctx); + } + +--- a/nss_hal/ipq806x/nss_hal_pvt.c ++++ b/nss_hal/ipq806x/nss_hal_pvt.c +@@ -1185,7 +1185,11 @@ static int __nss_hal_request_irq(struct + } + + int_ctx->irq = npd->irq[irq_num]; +- netif_napi_add(&nss_ctx->napi_ndev, &int_ctx->napi, nss_core_handle_napi, 64); ++#if LINUX_VERSION_CODE < KERNEL_VERSION(6, 1, 0) ++ netif_napi_add(&nss_ctx->napi_ndev, &int_ctx->napi, nss_core_handle_napi, 64); ++#else ++ netif_napi_add_weight(&nss_ctx->napi_ndev, &int_ctx->napi, nss_core_handle_napi, 64); ++#endif + + return 0; + } +--- a/nss_hal/ipq807x/nss_hal_pvt.c ++++ b/nss_hal/ipq807x/nss_hal_pvt.c +@@ -659,62 +659,62 @@ static int __nss_hal_request_irq(struct + irq_set_status_flags(irq, IRQ_DISABLE_UNLAZY); + + if (irq_num == NSS_HAL_N2H_INTR_PURPOSE_EMPTY_BUFFER_SOS) { +- netif_napi_add(&nss_ctx->napi_ndev, &int_ctx->napi, nss_core_handle_napi_non_queue, NSS_EMPTY_BUFFER_SOS_PROCESSING_WEIGHT); ++ netif_napi_add_weight(&nss_ctx->napi_ndev, &int_ctx->napi, nss_core_handle_napi_non_queue, NSS_EMPTY_BUFFER_SOS_PROCESSING_WEIGHT); + int_ctx->cause = NSS_N2H_INTR_EMPTY_BUFFERS_SOS; + err = request_irq(irq, nss_hal_handle_irq, 0, "nss_empty_buf_sos", int_ctx); + } + + if (irq_num == NSS_HAL_N2H_INTR_PURPOSE_EMPTY_BUFFER_QUEUE) { +- netif_napi_add(&nss_ctx->napi_ndev, &int_ctx->napi, nss_core_handle_napi_queue, NSS_EMPTY_BUFFER_RETURN_PROCESSING_WEIGHT); ++ netif_napi_add_weight(&nss_ctx->napi_ndev, &int_ctx->napi, nss_core_handle_napi_queue, NSS_EMPTY_BUFFER_RETURN_PROCESSING_WEIGHT); + int_ctx->cause = NSS_N2H_INTR_EMPTY_BUFFER_QUEUE; + err = request_irq(irq, nss_hal_handle_irq, 0, "nss_empty_buf_queue", int_ctx); + } + + if (irq_num == NSS_HAL_N2H_INTR_PURPOSE_TX_UNBLOCKED) { +- netif_napi_add(&nss_ctx->napi_ndev, &int_ctx->napi, nss_core_handle_napi_non_queue, NSS_TX_UNBLOCKED_PROCESSING_WEIGHT); ++ netif_napi_add_weight(&nss_ctx->napi_ndev, &int_ctx->napi, nss_core_handle_napi_non_queue, NSS_TX_UNBLOCKED_PROCESSING_WEIGHT); + int_ctx->cause = NSS_N2H_INTR_TX_UNBLOCKED; + err = request_irq(irq, nss_hal_handle_irq, 0, "nss-tx-unblock", int_ctx); + } + + if (irq_num == NSS_HAL_N2H_INTR_PURPOSE_DATA_QUEUE_0) { +- netif_napi_add(&nss_ctx->napi_ndev, &int_ctx->napi, nss_core_handle_napi_queue, NSS_DATA_COMMAND_BUFFER_PROCESSING_WEIGHT); ++ netif_napi_add_weight(&nss_ctx->napi_ndev, &int_ctx->napi, nss_core_handle_napi_queue, NSS_DATA_COMMAND_BUFFER_PROCESSING_WEIGHT); + int_ctx->cause = NSS_N2H_INTR_DATA_QUEUE_0; + err = request_irq(irq, nss_hal_handle_irq, 0, "nss_queue0", int_ctx); + } + + if (irq_num == NSS_HAL_N2H_INTR_PURPOSE_DATA_QUEUE_1) { + int_ctx->cause = NSS_N2H_INTR_DATA_QUEUE_1; +- netif_napi_add(&nss_ctx->napi_ndev, &int_ctx->napi, nss_core_handle_napi_queue, NSS_DATA_COMMAND_BUFFER_PROCESSING_WEIGHT); ++ netif_napi_add_weight(&nss_ctx->napi_ndev, &int_ctx->napi, nss_core_handle_napi_queue, NSS_DATA_COMMAND_BUFFER_PROCESSING_WEIGHT); + err = request_irq(irq, nss_hal_handle_irq, 0, "nss_queue1", int_ctx); + } + + if (irq_num == NSS_HAL_N2H_INTR_PURPOSE_DATA_QUEUE_2) { + int_ctx->cause = NSS_N2H_INTR_DATA_QUEUE_2; +- netif_napi_add(&nss_ctx->napi_ndev, &int_ctx->napi, nss_core_handle_napi_queue, NSS_DATA_COMMAND_BUFFER_PROCESSING_WEIGHT); ++ netif_napi_add_weight(&nss_ctx->napi_ndev, &int_ctx->napi, nss_core_handle_napi_queue, NSS_DATA_COMMAND_BUFFER_PROCESSING_WEIGHT); + err = request_irq(irq, nss_hal_handle_irq, 0, "nss_queue2", int_ctx); + } + + if (irq_num == NSS_HAL_N2H_INTR_PURPOSE_DATA_QUEUE_3) { + int_ctx->cause = NSS_N2H_INTR_DATA_QUEUE_3; +- netif_napi_add(&nss_ctx->napi_ndev, &int_ctx->napi, nss_core_handle_napi_queue, NSS_DATA_COMMAND_BUFFER_PROCESSING_WEIGHT); ++ netif_napi_add_weight(&nss_ctx->napi_ndev, &int_ctx->napi, nss_core_handle_napi_queue, NSS_DATA_COMMAND_BUFFER_PROCESSING_WEIGHT); + err = request_irq(irq, nss_hal_handle_irq, 0, "nss_queue3", int_ctx); + } + + if (irq_num == NSS_HAL_N2H_INTR_PURPOSE_COREDUMP_COMPLETE) { + int_ctx->cause = NSS_N2H_INTR_COREDUMP_COMPLETE; +- netif_napi_add(&nss_ctx->napi_ndev, &int_ctx->napi, nss_core_handle_napi_emergency, NSS_DATA_COMMAND_BUFFER_PROCESSING_WEIGHT); ++ netif_napi_add_weight(&nss_ctx->napi_ndev, &int_ctx->napi, nss_core_handle_napi_emergency, NSS_DATA_COMMAND_BUFFER_PROCESSING_WEIGHT); + err = request_irq(irq, nss_hal_handle_irq, 0, "nss_coredump_complete", int_ctx); + } + + if (irq_num == NSS_HAL_N2H_INTR_PURPOSE_PAGED_EMPTY_BUFFER_SOS) { +- netif_napi_add(&nss_ctx->napi_ndev, &int_ctx->napi, nss_core_handle_napi_non_queue, NSS_EMPTY_BUFFER_SOS_PROCESSING_WEIGHT); ++ netif_napi_add_weight(&nss_ctx->napi_ndev, &int_ctx->napi, nss_core_handle_napi_non_queue, NSS_EMPTY_BUFFER_SOS_PROCESSING_WEIGHT); + int_ctx->cause = NSS_N2H_INTR_PAGED_EMPTY_BUFFERS_SOS; + err = request_irq(irq, nss_hal_handle_irq, 0, "nss_paged_empty_buf_sos", int_ctx); + } + + if (irq_num == NSS_HAL_N2H_INTR_PURPOSE_PROFILE_DMA) { + int_ctx->cause = NSS_N2H_INTR_PROFILE_DMA; +- netif_napi_add(&nss_ctx->napi_ndev, &int_ctx->napi, nss_core_handle_napi_sdma, NSS_DATA_COMMAND_BUFFER_PROCESSING_WEIGHT); ++ netif_napi_add_weight(&nss_ctx->napi_ndev, &int_ctx->napi, nss_core_handle_napi_sdma, NSS_DATA_COMMAND_BUFFER_PROCESSING_WEIGHT); + err = request_irq(irq, nss_hal_handle_irq, 0, "nss_profile_dma", int_ctx); + } + +--- a/nss_hal/ipq95xx/nss_hal_pvt.c ++++ b/nss_hal/ipq95xx/nss_hal_pvt.c +@@ -889,7 +889,11 @@ static int __nss_hal_request_irq(struct + return err; + } + +- netif_napi_add(&nss_ctx->napi_ndev, &int_ctx->napi, napi_poll_cb, napi_wgt); ++#if LINUX_VERSION_CODE < KERNEL_VERSION(6, 1, 0) ++ netif_napi_add(&nss_ctx->napi_ndev, &int_ctx->napi, napi_poll_cb, napi_wgt); ++#else ++ netif_napi_add_weight(&nss_ctx->napi_ndev, &int_ctx->napi, napi_poll_cb, napi_wgt); ++#endif + int_ctx->cause = cause; + err = request_irq(irq, nss_hal_handle_irq, 0, irq_name, int_ctx); + if (err) { diff --git a/package/qca/qca-nss-ecm/Makefile b/package/qca/qca-nss-ecm/Makefile new file mode 100644 index 000000000..c844e2f1d --- /dev/null +++ b/package/qca/qca-nss-ecm/Makefile @@ -0,0 +1,161 @@ +include $(TOPDIR)/rules.mk + +PKG_NAME:=qca-nss-ecm +PKG_RELEASE=1 + +PKG_SOURCE_PROTO:=git +PKG_SOURCE_DATE:=2023-10-20 +PKG_SOURCE_URL:=https://git.codelinaro.org/clo/qsdk/oss/lklm/qca-nss-ecm.git +PKG_SOURCE_VERSION:=82b27915fffdbe2cdb2d4eb70e5736ccf92e2560 +PKG_MIRROR_HASH:=643895cb187cacfcde337c19dc5a34512acc225c0db1813a15cc1b66523835c4 + +PKG_BUILD_PARALLEL:=1 +PKG_FLAGS:=nonshared + +include $(INCLUDE_DIR)/kernel.mk +include $(INCLUDE_DIR)/package.mk + +define KernelPackage/qca-nss-ecm + SECTION:=kernel + CATEGORY:=Kernel modules + SUBMENU:=Network Support + DEPENDS:=@TARGET_qualcommax \ + +@NSS_DRV_IPV6_ENABLE \ + +@NSS_DRV_PPE_ENABLE \ + +@NSS_DRV_TUN6RD_ENABLE \ + +@NSS_DRV_PPPOE_ENABLE \ + +@NSS_DRV_PPTP_ENABLE \ + +@NSS_DRV_VIRT_IF_ENABLE \ + +@NSS_DRV_WIFI_ENABLE \ + +kmod-qca-nss-drv \ + +kmod-bonding +kmod-nf-conntrack \ + +kmod-ppp +kmod-pppoe +kmod-pptp \ + +PACKAGE_kmod-pppol2tp:kmod-pppol2tp \ + +PACKAGE_kmod-qca-mcs:kmod-qca-mcs \ + +PACKAGE_kmod-nat46:kmod-nat46 \ + +PACKAGE_kmod-vxlan:kmod-vxlan + TITLE:=QCA NSS Enhanced Connection Manager (ECM) + FILES:=$(PKG_BUILD_DIR)/ecm.ko + KCONFIG:=CONFIG_BRIDGE_NETFILTER=y \ + CONFIG_NF_CONNTRACK_EVENTS=y \ + CONFIG_NF_CONNTRACK_DSCPREMARK_EXT=y +endef + +define KernelPackage/qca-nss-ecm/Description +This package contains the QCA NSS Enhanced Connection Manager +endef + +define KernelPackage/qca-nss-ecm/install + $(INSTALL_DIR) $(1)/etc/firewall.d $(1)/etc/init.d $(1)/usr/bin $(1)/lib/netifd/offload $(1)/etc/config $(1)/etc/uci-defaults $(1)/etc/sysctl.d $(1)/etc/hotplug.d/net + $(INSTALL_DATA) ./files/qca-nss-ecm.firewall $(1)/etc/firewall.d/qca-nss-ecm + $(INSTALL_BIN) ./files/qca-nss-ecm.init $(1)/etc/init.d/qca-nss-ecm + $(INSTALL_BIN) ./files/ecm_dump.sh $(1)/usr/bin/ + $(INSTALL_BIN) ./files/disable_offloads.sh $(1)/usr/bin/ + $(INSTALL_BIN) ./files/on-demand-down $(1)/lib/netifd/offload/on-demand-down + $(INSTALL_DATA) ./files/qca-nss-ecm.uci $(1)/etc/config/ecm + $(INSTALL_DATA) ./files/qca-nss-ecm.defaults $(1)/etc/uci-defaults/99-qca-nss-ecm + $(INSTALL_BIN) ./files/qca-nss-ecm.sysctl $(1)/etc/sysctl.d/qca-nss-ecm.conf + $(INSTALL_BIN) ./files/disable_offloads.hotplug $(1)/etc/hotplug.d/net/99-disable_offloads +endef + +EXTRA_CFLAGS+= \ + -I$(STAGING_DIR)/usr/include/qca-nss-drv \ + -I$(STAGING_DIR)/usr/include/qca-mcs \ + -I$(STAGING_DIR)/usr/include/nat46 + +ifeq ($(BOARD),qualcommax) +ECM_MAKE_OPTS+=ECM_FRONT_END_NSS_ENABLE=y \ + ECM_FRONT_END_SFE_ENABLE=n \ + ECM_NON_PORTED_SUPPORT_ENABLE=y \ + ECM_INTERFACE_BOND_ENABLE=y \ + ECM_INTERFACE_VLAN_ENABLE=y \ + ECM_CLASSIFIER_MARK_ENABLE=y \ + ECM_CLASSIFIER_DSCP_ENABLE=y \ + ECM_CLASSIFIER_PCC_ENABLE=n \ + ECM_BAND_STEERING_ENABLE=n +endif + +# Disable ECM IPv6 support when global IPv6 support is disabled. +ifneq ($(CONFIG_IPV6),) +ECM_MAKE_OPTS+=ECM_IPV6_ENABLE=y +endif + +ifneq ($(CONFIG_PACKAGE_kmod-qca-nss-drv-ovpn-link),) +ECM_MAKE_OPTS+=ECM_INTERFACE_OVPN_ENABLE=y +endif + +ifneq ($(CONFIG_PACKAGE_kmod-qca-nss-drv-vxlanmgr),) +ECM_MAKE_OPTS+=ECM_INTERFACE_VXLAN_ENABLE=y +endif + +ifneq ($(CONFIG_PACKAGE_kmod-qca-ovsmgr),) +ECM_MAKE_OPTS+=ECM_INTERFACE_OVS_BRIDGE_ENABLE=y \ + ECM_CLASSIFIER_OVS_ENABLE=y +EXTRA_CFLAGS+= -I$(STAGING_DIR)/usr/include/qca-ovsmgr +endif + +ifneq ($(CONFIG_PACKAGE_kmod-macvlan),) +ECM_MAKE_OPTS+=ECM_INTERFACE_MACVLAN_ENABLE=y +endif + +ifneq ($(CONFIG_PACKAGE_kmod-qca-mcs),) +ECM_MAKE_OPTS+=ECM_MULTICAST_ENABLE=y +endif + +ifneq ($(CONFIG_PACKAGE_kmod-nat46),) +ECM_MAKE_OPTS+=ECM_INTERFACE_MAP_T_ENABLE=y +endif + +ifneq ($(CONFIG_PACKAGE_kmod-ipsec),) +ECM_MAKE_OPTS+=ECM_INTERFACE_IPSEC_ENABLE=y +endif + +ifneq ($(CONFIG_PACKAGE_kmod-pppoe),) +ECM_MAKE_OPTS+=ECM_INTERFACE_PPPOE_ENABLE=y \ + ECM_INTERFACE_PPTP_ENABLE=y \ + ECM_INTERFACE_PPP_ENABLE=y +endif + +ifneq ($(CONFIG_PACKAGE_kmod-pppol2tp),) +ECM_MAKE_OPTS+=ECM_INTERFACE_L2TPV2_ENABLE=y +endif + +ifneq ($(CONFIG_PACKAGE_kmod-gre)$(CONFIG_PACKAGE_kmod-gre6),) +ECM_MAKE_OPTS+=ECM_INTERFACE_GRE_TAP_ENABLE=y \ + ECM_INTERFACE_GRE_TUN_ENABLE=y +endif + +ifneq ($(CONFIG_PACKAGE_kmod-sit),) +ECM_MAKE_OPTS+=ECM_INTERFACE_SIT_ENABLE=y +endif + +ifneq ($(CONFIG_PACKAGE_kmod-ip6-tunnel),) +ECM_MAKE_OPTS+=ECM_INTERFACE_TUNIPIP6_ENABLE=y +endif + +ifneq ($(CONFIG_PACKAGE_kmod-qca-nss-drv-mscs),) +ECM_MAKE_OPTS+=ECM_CLASSIFIER_MSCS_ENABLE=y +endif + +define Build/InstallDev + mkdir -p $(1)/usr/include/qca-nss-ecm + $(CP) $(PKG_BUILD_DIR)/exports/* $(1)/usr/include/qca-nss-ecm +endef + +ifeq ($(CONFIG_TARGET_BOARD), "qualcommax") + SOC:=$(CONFIG_TARGET_SUBTARGET) +endif + +define Build/Compile + +$(MAKE) -C "$(LINUX_DIR)" $(strip $(ECM_MAKE_OPTS)) \ + CROSS_COMPILE="$(TARGET_CROSS)" \ + ARCH="$(LINUX_KARCH)" \ + $(KERNEL_MAKE_FLAGS) \ + M="$(PKG_BUILD_DIR)" \ + EXTRA_CFLAGS="$(EXTRA_CFLAGS) -Wno-error=unused-function " \ + SoC=$(SOC) \ + $(PKG_JOBS) \ + modules +endef + +$(eval $(call KernelPackage,qca-nss-ecm)) diff --git a/package/qca/qca-nss-ecm/files/disable_offloads.hotplug b/package/qca/qca-nss-ecm/files/disable_offloads.hotplug new file mode 100755 index 000000000..01c564740 --- /dev/null +++ b/package/qca/qca-nss-ecm/files/disable_offloads.hotplug @@ -0,0 +1,187 @@ +#!/bin/sh + +[ "$ACTION" != "add" ] && exit + +function log() +{ + local status="$1" + local feature="$2" + local interface="$3" + + if [ $status -eq 0 ]; then + logger "[ethtool] $feature: disabled on $interface" + fi + + if [ $status -eq 1 ]; then + logger -s "[ethtool] $feature: failed to disable on $interface" + fi + + if [ $status -gt 1 ]; then + logger "[ethtool] $feature: no changes performed on $interface" + fi +} + +function interface_is_virtual() +{ + local interface="$1" + [ -d /sys/devices/virtual/net/"$interface"/ ] || return 1 + return 0 +} + +function get_base_interface() +{ + local interface="$1" + echo "$interface" | grep -Eo '^[a-z]*[0-9]*' 2>/dev/null || return 1 + return 0 +} + +function disable_offloads() +{ + local interface="$1" + local features + local cmd + + # Check if we can change features + if ethtool -k $interface 1>/dev/null 2>/dev/null; then + # Filter whitespaces + # Get only enabled/not fixed features + # Filter features that are only changeable by global keyword + # Filter empty lines + # Cut to First column + features=$(ethtool -k "$interface" | awk '{$1=$1;print}' \ + | grep -E '^.+: on$' \ + | grep -v -E '^tx-checksum-.+$' \ + | grep -v -E '^tx-scatter-gather.+$' \ + | grep -v -E '^tx-tcp.+segmentation.+$' \ + | grep -v -E '^tx-udp-fragmentation$' \ + | grep -v -E '^tx-generic-segmentation$' \ + | grep -v -E '^rx-gro$' \ + | grep -v -E '^rx-gro$' \ + | grep -v -E '^$' \ + | cut -d: -f1) + + # Replace feature name by global keyword + features=$(echo "$features" | sed -e s/rx-checksumming/rx/ \ + -e s/tx-checksumming/tx/ \ + -e s/scatter-gather/sg/ \ + -e s/tcp-segmentation-offload/tso/ \ + -e s/udp-fragmentation-offload/ufo/ \ + -e s/generic-segmentation-offload/gso/ \ + -e s/generic-receive-offload/gro/ \ + -e s/large-receive-offload/lro/ \ + -e s/rx-vlan-offload/rxvlan/ \ + -e s/tx-vlan-offload/txvlan/ \ + -e s/ntuple-filters/ntuple/ \ + -e s/receive-hashing/rxhash/) + + # Check if we can disable anything + if [ -z "$features" ]; then + logger "[ethtool] offloads: no changes performed on $interface" + return 0 + fi + + # Construct ethtool command line + cmd="-K $interface" + + for feature in $features; do + cmd="$cmd $feature off" + done + + # Try to disable offloads + ethtool $cmd 1>/dev/null 2>/dev/null + log $? "Offloads" "$interface" + + else + log $? "Offloads" "$interface" + fi +} + +function disable_flow_control() +{ + local interface="$1" + local features + local cmd + + # Check if we can change settings + if ethtool -a $interface 1>/dev/null 2>/dev/null; then + # Construct ethtool command line + cmd="-A $interface autoneg off tx off rx off" + + # Try to disable flow control + ethtool $cmd 1>/dev/null 2>/dev/null + log $? "Flow Control" "$interface" + + else + log $? "Flow Control" "$interface" + fi +} + +function disable_interrupt_moderation() +{ + local interface="$1" + local features + local cmd + + # Check if we can change settings + if ethtool -c $interface 1>/dev/null 2>/dev/null; then + # Construct ethtool command line + cmd="-C $interface adaptive-tx off adaptive-rx off" + + # Try to disable adaptive interrupt moderation + ethtool $cmd 1>/dev/null 2>/dev/null + log $? "Adaptive Interrupt Moderation" "$interface" + + features=$(ethtool -c $interface | awk '{$1=$1;print}' \ + | grep -v -E '^.+: 0$|Adaptive|Coalesce' \ + | grep -v -E '^$' \ + | cut -d: -f1) + + # Check if we can disable anything + if [ -z "$features" ]; then + logger "[ethtool] Interrupt Moderation: no changes performed on $interface" + return 0 + fi + + # Construct ethtool command line + cmd="-C $interface" + + for feature in $features; do + cmd="$cmd $feature 0" + done + + # Try to disable interrupt Moderation + ethtool $cmd 1>/dev/null 2>/dev/null + log $? "Interrupt Moderation" "$interface" + + else + log $? "Interrupt Moderation" "$interface" + fi +} + +function disable_interface_offloads() { + #local interface=$(get_base_interface "$1") + #{ [ -z "$interface" ] || interface_is_virtual "$interface"; } && exit 0 + + local interface="$1" + + local disable_offloads="$(uci get ecm.@general[0].disable_offloads)" + if [ "$disable_offloads" -eq 1 ]; then + disable_offloads "$interface" + fi + + local disable_flow_control="$(uci get ecm.@general[0].disable_flow_control)" + if [ "$disable_flow_control" -eq 1 ]; then + disable_flow_control "$interface" + fi + + local disable_interrupt_moderation="$(uci get ecm.@general[0].disable_interrupt_moderation)" + if [ "$disable_interrupt_moderation" -eq 1 ]; then + disable_interrupt_moderation "$interface" + fi +} + +if [ "$ACTION" = add ]; then + disable_interface_offloads "$INTERFACE" +fi + +exit 0 diff --git a/package/qca/qca-nss-ecm/files/disable_offloads.sh b/package/qca/qca-nss-ecm/files/disable_offloads.sh new file mode 100755 index 000000000..9f8394fe7 --- /dev/null +++ b/package/qca/qca-nss-ecm/files/disable_offloads.sh @@ -0,0 +1,189 @@ +#!/bin/sh +# +# Helper script which uses ethtool to disable (most) +# interface offloads, if possible. +# +# Reference: +# https://forum.openwrt.org/t/how-to-make-ethtool-setting-persistent-on-br-lan/6433/14 +# + +function log() +{ + local status="$1" + local feature="$2" + local interface="$3" + + if [ $status -eq 0 ]; then + logger "[ethtool] $feature: disabled on $interface" + fi + + if [ $status -eq 1 ]; then + logger -s "[ethtool] $feature: failed to disable on $interface" + fi + + if [ $status -gt 1 ]; then + logger "[ethtool] $feature: no changes performed on $interface" + fi +} + +function interface_is_virtual() +{ + local interface="$1" + [ -d /sys/devices/virtual/net/"$interface"/ ] || return 1 + return 0 +} + +function get_base_interface() +{ + local interface="$1" + echo "$interface" | grep -Eo '^[a-z]*[0-9]*' 2>/dev/null || return 1 + return 0 +} + +function disable_offloads() +{ + local interface="$1" + local features + local cmd + + # Check if we can change features + if ethtool -k $interface 1>/dev/null 2>/dev/null; then + + # Filter whitespaces + # Get only enabled/not fixed features + # Filter features that are only changeable by global keyword + # Filter empty lines + # Cut to First column + features=$(ethtool -k "$interface" | awk '{$1=$1;print}' \ + | grep -E '^.+: on$' \ + | grep -v -E '^tx-checksum-.+$' \ + | grep -v -E '^tx-scatter-gather.+$' \ + | grep -v -E '^tx-tcp.+segmentation.+$' \ + | grep -v -E '^tx-udp-fragmentation$' \ + | grep -v -E '^tx-generic-segmentation$' \ + | grep -v -E '^rx-gro$' \ + | grep -v -E '^rx-gro$' \ + | grep -v -E '^$' \ + | cut -d: -f1) + + # Replace feature name by global keyword + features=$(echo "$features" | sed -e s/rx-checksumming/rx/ \ + -e s/tx-checksumming/tx/ \ + -e s/scatter-gather/sg/ \ + -e s/tcp-segmentation-offload/tso/ \ + -e s/udp-fragmentation-offload/ufo/ \ + -e s/generic-segmentation-offload/gso/ \ + -e s/generic-receive-offload/gro/ \ + -e s/large-receive-offload/lro/ \ + -e s/rx-vlan-offload/rxvlan/ \ + -e s/tx-vlan-offload/txvlan/ \ + -e s/ntuple-filters/ntuple/ \ + -e s/receive-hashing/rxhash/) + + # Check if we can disable anything + if [ -z "$features" ]; then + logger "[ethtool] offloads: no changes performed on $interface" + return 0 + fi + + # Construct ethtool command line + cmd="-K $interface" + + for feature in $features; do + cmd="$cmd $feature off" + done + + # Try to disable offloads + ethtool $cmd 1>/dev/null 2>/dev/null + log $? "Offloads" "$interface" + + else + log $? "Offloads" "$interface" + fi +} + +function disable_flow_control() +{ + local interface="$1" + local features + local cmd + + # Check if we can change settings + if ethtool -a $interface 1>/dev/null 2>/dev/null; then + + # Construct ethtool command line + cmd="-A $interface autoneg off tx off rx off" + + # Try to disable flow control + ethtool $cmd 1>/dev/null 2>/dev/null + log $? "Flow Control" "$interface" + + else + log $? "Flow Control" "$interface" + fi +} + +function disable_interrupt_moderation() +{ + local interface="$1" + local features + local cmd + + # Check if we can change settings + if ethtool -c $interface 1>/dev/null 2>/dev/null; then + # Construct ethtool command line + cmd="-C $interface adaptive-tx off adaptive-rx off" + + # Try to disable adaptive interrupt moderation + ethtool $cmd 1>/dev/null 2>/dev/null + log $? "Adaptive Interrupt Moderation" "$interface" + + features=$(ethtool -c $interface | awk '{$1=$1;print}' \ + | grep -v -E '^.+: 0$|Adaptive|Coalesce' \ + | grep -v -E '^$' \ + | cut -d: -f1) + + # Check if we can disable anything + if [ -z "$features" ]; then + logger "[ethtool] Interrupt Moderation: no changes performed on $interface" + return 0 + fi + + # Construct ethtool command line + cmd="-C $interface" + + for feature in $features; do + cmd="$cmd $feature 0" + done + + # Try to disable interrupt Moderation + ethtool $cmd 1>/dev/null 2>/dev/null + log $? "Interrupt Moderation" "$interface" + + else + log $? "Interrupt Moderation" "$interface" + fi +} + +function main() +{ + for interface in /sys/class/net/*; do + interface=$(basename $interface) + + #interface=$(get_base_interface "$interface") + #{ [ -z "$interface" ] || interface_is_virtual "$interface"; } && exit 0 + + # Skip Loopback + if [ $interface == lo ]; then + continue + fi + + disable_offloads "$interface" + disable_flow_control "$interface" + disable_interrupt_moderation "$interface" + done +} + +main + +exit 0 diff --git a/package/qca/qca-nss-ecm/files/ecm_dump.sh b/package/qca/qca-nss-ecm/files/ecm_dump.sh new file mode 100755 index 000000000..dbf7de753 --- /dev/null +++ b/package/qca/qca-nss-ecm/files/ecm_dump.sh @@ -0,0 +1,95 @@ +#!/bin/sh +# +# Copyright (c) 2015-2016, The Linux Foundation. All rights reserved. +# +# Permission to use, copy, modify, and/or distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +# + +ECM_MODULE=${1:-ecm_state} +MOUNT_ROOT=/dev/ecm + +# +# usage: ecm_dump.sh [module=ecm_db] +# +# with no parameters, ecm_dump.sh will attempt to mount the +# ecm_db state file and cat its contents. +# +# example with a parameter: ecm_dump.sh ecm_classifier_default +# +# this will cause ecm_dump to attempt to find and mount the state +# file for the ecm_classifier_default module, and if successful +# cat the contents. +# + +# this is one of the state files, which happens to be the +# last module started in ecm +ECM_STATE=/sys/kernel/debug/ecm/ecm_state/state_dev_major + +# tests to see if ECM is up and ready to receive commands. +# returns 0 if ECM is fully up and ready, else 1 +ecm_is_ready() { + if [ ! -e "${ECM_STATE}" ] + then + return 1 + fi + return 0 +} + +# +# module_state_mount(module_name) +# Mounts the state file of the module, if supported +# +module_state_mount() { + local module_name=$1 + local mount_dir=$2 + local state_file="/sys/kernel/debug/ecm/${module_name}/state_dev_major" + + if [ -e "${mount_dir}/${module_name}" ] + then + # already mounted + return 0 + fi + + #echo "Mount state file for $module_name ..." + if [ ! -e "$state_file" ] + then + #echo "... $module_name does not support state" + return 1 + fi + + local major="`cat $state_file`" + #echo "... Mounting state $state_file with major: $major" + mknod "${mount_dir}/${module_name}" c $major 0 +} + +# +# main +# +ecm_is_ready || { + #echo "ECM is not running" + exit 1 +} + +# all state files are mounted under MOUNT_ROOT, so make sure it exists +mkdir -p ${MOUNT_ROOT} + +# +# attempt to mount state files for the requested module and cat it +# if the mount succeeded +# +module_state_mount ${ECM_MODULE} ${MOUNT_ROOT} && { + cat ${MOUNT_ROOT}/${ECM_MODULE} + exit 0 +} + +exit 2 diff --git a/package/qca/qca-nss-ecm/files/on-demand-down b/package/qca/qca-nss-ecm/files/on-demand-down new file mode 100644 index 000000000..02d708e03 --- /dev/null +++ b/package/qca/qca-nss-ecm/files/on-demand-down @@ -0,0 +1,6 @@ +#!/bin/sh +# Copyright (c) 2016 The Linux Foundation. All rights reserved. + +[ -e "/sys/kernel/debug/ecm/ecm_db/defunct_all" ] && { + echo 1 > /sys/kernel/debug/ecm/ecm_db/defunct_all +} diff --git a/package/qca/qca-nss-ecm/files/qca-nss-ecm.defaults b/package/qca/qca-nss-ecm/files/qca-nss-ecm.defaults new file mode 100644 index 000000000..308e265c9 --- /dev/null +++ b/package/qca/qca-nss-ecm/files/qca-nss-ecm.defaults @@ -0,0 +1,28 @@ +#!/bin/sh +# +# Copyright (c) 2015-2016, The Linux Foundation. All rights reserved. +# +# Permission to use, copy, modify, and/or distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +# + +uci -q batch << EOF + delete firewall.qcanssecm + set firewall.qcanssecm=include + set firewall.qcanssecm.type=script + set firewall.qcanssecm.path=/etc/firewall.d/qca-nss-ecm + set firewall.qcanssecm.family=any + set firewall.qcanssecm.reload=1 + commit firewall +EOF + +exit 0 diff --git a/package/qca/qca-nss-ecm/files/qca-nss-ecm.firewall b/package/qca/qca-nss-ecm/files/qca-nss-ecm.firewall new file mode 100644 index 000000000..2ec5b7e51 --- /dev/null +++ b/package/qca/qca-nss-ecm/files/qca-nss-ecm.firewall @@ -0,0 +1,11 @@ +#!/bin/sh +if [ ! -r /sbin/fw4 ]; then +iptables-save|grep physdev-is-bridged|while read a; do + iptables -D FORWARD -m physdev --physdev-is-bridged -j ACCEPT +done +iptables -I FORWARD 1 -m physdev --physdev-is-bridged -j ACCEPT +ip6tables-save|grep physdev-is-bridged|while read a; do + ip6tables -D FORWARD -m physdev --physdev-is-bridged -j ACCEPT +done +ip6tables -I FORWARD 1 -m physdev --physdev-is-bridged -j ACCEPT +fi diff --git a/package/qca/qca-nss-ecm/files/qca-nss-ecm.init b/package/qca/qca-nss-ecm/files/qca-nss-ecm.init new file mode 100644 index 000000000..83314e696 --- /dev/null +++ b/package/qca/qca-nss-ecm/files/qca-nss-ecm.init @@ -0,0 +1,137 @@ +#!/bin/sh /etc/rc.common +# +# Copyright (c) 2014, 2019-2020 The Linux Foundation. All rights reserved. +# +# Permission to use, copy, modify, and/or distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +# The shebang above has an extra space intentially to avoid having +# openwrt build scripts automatically enable this package starting +# at boot. + +START=19 + +get_front_end_mode() { + config_load "ecm" + config_get front_end global acceleration_engine "auto" + + case $front_end in + auto) + echo '0' + ;; + nss) + echo '1' + ;; + *) + echo 'uci_option_acceleration_engine is invalid' + esac +} + +support_bridge() { + # NSS support bridge acceleration + [ -d /sys/kernel/debug/ecm/ecm_nss_ipv4 ] && [ -d /sys/kernel/debug/ecm/ecm_nss_ipv6 ] && return 0 +} + +enable_bridge_filtering() { + sysctl -w net.bridge.bridge-nf-call-arptables=1 + sysctl -w net.bridge.bridge-nf-call-iptables=1 + sysctl -w net.bridge.bridge-nf-call-ip6tables=1 + + if ([ -z "$(grep "net.bridge.bridge-nf-call-arptables=1" /etc/sysctl.d/qca-nss-ecm.conf)" ] && \ + [ -z "$(grep "net.bridge.bridge-nf-call-iptables=1" /etc/sysctl.d/qca-nss-ecm.conf)" ] && \ + [ -z "$(grep "net.bridge.bridge-nf-call-ip6tables=1" /etc/sysctl.d/qca-nss-ecm.conf)" ] \ + ); then + echo 'net.bridge.bridge-nf-call-arptables=1' >> /etc/sysctl.d/qca-nss-ecm.conf + echo 'net.bridge.bridge-nf-call-iptables=1' >> /etc/sysctl.d/qca-nss-ecm.conf + echo 'net.bridge.bridge-nf-call-ip6tables=1' >> /etc/sysctl.d/qca-nss-ecm.conf + fi +} + +disable_bridge_filtering() { + sysctl -w net.bridge.bridge-nf-call-arptables=0 + sysctl -w net.bridge.bridge-nf-call-iptables=0 + sysctl -w net.bridge.bridge-nf-call-ip6tables=0 + + sed '/net.bridge.bridge-nf-call-arptables=1/d' -i /etc/sysctl.d/qca-nss-ecm.conf + sed '/net.bridge.bridge-nf-call-iptables=1/d' -i /etc/sysctl.d/qca-nss-ecm.conf + sed '/net.bridge.bridge-nf-call-ip6tables=1/d' -i /etc/sysctl.d/qca-nss-ecm.conf +} + +load_ecm() { + [ -d /sys/module/ecm ] || { + insmod ecm front_end_selection=$(get_front_end_mode) + echo 1 > /sys/kernel/debug/ecm/ecm_classifier_default/accel_delay_pkts + } + + support_bridge && enable_bridge_filtering +} + +unload_ecm() { + disable_bridge_filtering + + if [ -d /sys/module/ecm ]; then + # + # Stop ECM frontends + # + echo 1 > /sys/kernel/debug/ecm/front_end_ipv4_stop + echo 1 > /sys/kernel/debug/ecm/front_end_ipv6_stop + + # + # Defunct the connections + # + echo 1 > /sys/kernel/debug/ecm/ecm_db/defunct_all + sleep 5 + + rmmod ecm + sleep 1 + fi +} + +start() { + load_ecm + + # If the acceleration engine is NSS, enable wifi redirect + [ -d /sys/kernel/debug/ecm/ecm_nss_ipv4 ] && sysctl -w dev.nss.general.redirect=1 + + # If bridge filtering is enabled, apply and persist the sysctl flags + local bridge_filtering_enabled="$(uci_get ecm @general[0] enable_bridge_filtering)" + if [ "$bridge_filtering_enabled" -eq 1 ]; then + echo "Bridge filtering is enabled in the ECM config, this will cause issues with NAT loopback!" + enable_bridge_filtering + fi + + if [ -d /sys/module/qca_ovsmgr ]; then + insmod ecm_ovs + fi +} + +stop() { + # If ECM is already not loaded, just return + if [ ! -d /sys/module/ecm ]; then + return + fi + + # If the acceleration engine is NSS, disable wifi redirect + [ -d /sys/kernel/debug/ecm/ecm_nss_ipv4 ] && sysctl -w dev.nss.general.redirect=0 + + # If bridge filtering is enabled, reset the sysctl flags + local bridge_filtering_enabled="$(uci_get ecm @general[0] enable_bridge_filtering)" + if [ "$bridge_filtering_enabled" -eq 1 ]; then + disable_bridge_filtering + fi + + if [ -d /sys/module/ecm_ovs ]; then + rmmod ecm_ovs + fi + + unload_ecm +} diff --git a/package/qca/qca-nss-ecm/files/qca-nss-ecm.sysctl b/package/qca/qca-nss-ecm/files/qca-nss-ecm.sysctl new file mode 100644 index 000000000..27a819003 --- /dev/null +++ b/package/qca/qca-nss-ecm/files/qca-nss-ecm.sysctl @@ -0,0 +1 @@ +net.netfilter.nf_conntrack_max=32768 diff --git a/package/qca/qca-nss-ecm/files/qca-nss-ecm.uci b/package/qca/qca-nss-ecm/files/qca-nss-ecm.uci new file mode 100644 index 000000000..20c02bbf2 --- /dev/null +++ b/package/qca/qca-nss-ecm/files/qca-nss-ecm.uci @@ -0,0 +1,8 @@ +config ecm 'global' + option acceleration_engine 'auto' + +config general + option enable_bridge_filtering '1' + option disable_offloads '0' + option disable_flow_control '0' + option disable_interrupt_moderation '0' diff --git a/package/qca/qca-nss-ecm/patches/0001-treewide-componentize-the-module-even-more.patch b/package/qca/qca-nss-ecm/patches/0001-treewide-componentize-the-module-even-more.patch new file mode 100644 index 000000000..584f0a3fc --- /dev/null +++ b/package/qca/qca-nss-ecm/patches/0001-treewide-componentize-the-module-even-more.patch @@ -0,0 +1,361 @@ +From 09980e54011e2d95a9db2d6134f635bc90e5a7f2 Mon Sep 17 00:00:00 2001 +From: Ansuel Smith +Date: Wed, 19 May 2021 02:38:53 +0200 +Subject: [PATCH 01/12] treewide: componentize the module even more + +Signed-off-by: Ansuel Smith +--- + Makefile | 57 +++++++++++++++++++++++++------- + Makefile_61.mk | 1 - + ecm_db/ecm_db_connection.c | 8 +++++ + ecm_db/ecm_db_node.c | 4 +++ + ecm_interface.c | 8 +++++ + frontends/ecm_front_end_common.c | 7 ++++ + 6 files changed, 72 insertions(+), 13 deletions(-) + +--- a/Makefile ++++ b/Makefile +@@ -17,7 +17,7 @@ + # ################################################### + # Makefile for the QCA NSS ECM + # ################################################### +-ifneq ($(findstring 6.1., $(KERNELVERSION)),) ++ifneq ($(findstring 6.2., $(KERNELVERSION)),) + include $(obj)/Makefile_61.mk + else + ifeq ($(ECM_FRONT_END_SFE_ENABLE), y) +@@ -134,9 +134,17 @@ ccflags-$(ECM_INTERFACE_BOND_ENABLE) += -DECM_INTERFACE_BOND_ENABLE + # Define ECM_INTERFACE_PPPOE_ENABLE=y in order + # to enable support for PPPoE acceleration. + # ############################################################################# +-ECM_INTERFACE_PPPOE_ENABLE=y ++ifndef $(ECM_INTERFACE_PPPOE_ENABLE) ++ ECM_INTERFACE_PPPOE_ENABLE=y ++endif + ccflags-$(ECM_INTERFACE_PPPOE_ENABLE) += -DECM_INTERFACE_PPPOE_ENABLE + ++# ############################################################################# ++# Define ECM_INTERFACE_L2TPV2_PPTP_ENABLE=y in order ++# to enable support for l2tpv2 or PPTP detection. ++# ############################################################################# ++ccflags-$(ECM_INTERFACE_L2TPV2_PPTP_ENABLE) += -DECM_INTERFACE_L2TPV2_PPTP_ENABLE ++ + # ############################################################################# + # Define ECM_INTERFACE_L2TPV2_ENABLE=y in order + # to enable support for l2tpv2 acceleration. +@@ -163,6 +171,12 @@ endif + endif + ccflags-$(ECM_INTERFACE_PPP_ENABLE) += -DECM_INTERFACE_PPP_ENABLE + ++# ############################################################################# ++# Define ECM_INTERFACE_GRE_ENABLE=y in order ++# to enable support for GRE detection. ++# ############################################################################# ++ccflags-$(ECM_INTERFACE_GRE_ENABLE) += -DECM_INTERFACE_GRE_ENABLE ++ + # ############################################################################# + # Define ECM_INTERFACE_GRE_TAP_ENABLE=y in order + # to enable support for GRE TAP interface. +@@ -246,7 +260,9 @@ ccflags-$(ECM_INTERFACE_OVS_BRIDGE_ENABLE) += -DECM_INTERFACE_OVS_BRIDGE_ENABLE + # ############################################################################# + # Define ECM_INTERFACE_VLAN_ENABLE=y in order to enable support for VLAN + # ############################################################################# +-ECM_INTERFACE_VLAN_ENABLE=y ++ifndef $(ECM_INTERFACE_VLAN_ENABLE) ++ ECM_INTERFACE_VLAN_ENABLE=y ++endif + ccflags-$(ECM_INTERFACE_VLAN_ENABLE) += -DECM_INTERFACE_VLAN_ENABLE + + # ############################################################################# +@@ -288,7 +304,9 @@ ccflags-$(ECM_CLASSIFIER_OVS_ENABLE) += -DECM_CLASSIFIER_OVS_ENABLE + # ############################################################################# + # Define ECM_CLASSIFIER_MARK_ENABLE=y in order to enable mark classifier. + # ############################################################################# +-ECM_CLASSIFIER_MARK_ENABLE=y ++ifndef $(ECM_CLASSIFIER_MARK_ENABLE) ++ ECM_CLASSIFIER_MARK_ENABLE=y ++endif + ecm-$(ECM_CLASSIFIER_MARK_ENABLE) += ecm_classifier_mark.o + ccflags-$(ECM_CLASSIFIER_MARK_ENABLE) += -DECM_CLASSIFIER_MARK_ENABLE + +@@ -312,7 +330,9 @@ ccflags-$(ECM_CLASSIFIER_NL_ENABLE) += -DECM_CLASSIFIER_NL_ENABLE + # ############################################################################# + # Define ECM_CLASSIFIER_DSCP_ENABLE=y in order to enable DSCP classifier. + # ############################################################################# +-ECM_CLASSIFIER_DSCP_ENABLE=y ++ifndef $(ECM_CLASSIFIER_DSCP_ENABLE) ++ ECM_CLASSIFIER_DSCP_ENABLE=y ++endif + ecm-$(ECM_CLASSIFIER_DSCP_ENABLE) += ecm_classifier_dscp.o + ccflags-$(ECM_CLASSIFIER_DSCP_ENABLE) += -DECM_CLASSIFIER_DSCP_ENABLE + ccflags-$(ECM_CLASSIFIER_DSCP_IGS) += -DECM_CLASSIFIER_DSCP_IGS +@@ -331,7 +351,9 @@ ccflags-$(ECM_CLASSIFIER_HYFI_ENABLE) += -DECM_CLASSIFIER_HYFI_ENABLE + # the Parental Controls subsystem classifier in ECM. Currently disabled until + # customers require it / if they need to integrate their Parental Controls with it. + # ############################################################################# +-ECM_CLASSIFIER_PCC_ENABLE=y ++ifndef $(ECM_CLASSIFIER_PCC_ENABLE) ++ ECM_CLASSIFIER_PCC_ENABLE=y ++endif + ecm-$(ECM_CLASSIFIER_PCC_ENABLE) += ecm_classifier_pcc.o + ccflags-$(ECM_CLASSIFIER_PCC_ENABLE) += -DECM_CLASSIFIER_PCC_ENABLE + +@@ -372,27 +394,36 @@ ccflags-$(ECM_NON_PORTED_SUPPORT_ENABLE) += -DECM_NON_PORTED_SUPPORT_ENABLE + # ############################################################################# + # Define ECM_STATE_OUTPUT_ENABLE=y to support XML state output + # ############################################################################# +-ECM_STATE_OUTPUT_ENABLE=y ++ifndef $(ECM_STATE_OUTPUT_ENABLE) ++ ECM_STATE_OUTPUT_ENABLE=y ++endif + ecm-$(ECM_STATE_OUTPUT_ENABLE) += ecm_state.o + ccflags-$(ECM_STATE_OUTPUT_ENABLE) += -DECM_STATE_OUTPUT_ENABLE + + # ############################################################################# + # Define ECM_DB_ADVANCED_STATS_ENABLE to support XML state output + # ############################################################################# +-ECM_DB_ADVANCED_STATS_ENABLE=y ++ifndef $(ECM_DB_ADVANCED_STATS_ENABLE) ++ ECM_DB_ADVANCED_STATS_ENABLE=y ++endif + ccflags-$(ECM_DB_ADVANCED_STATS_ENABLE) += -DECM_DB_ADVANCED_STATS_ENABLE + + # ############################################################################# + # Define ECM_DB_CONNECTION_CROSS_REFERENCING_ENABLE=y in order to enable + # the database to track relationships between objects. + # ############################################################################# +-ECM_DB_CONNECTION_CROSS_REFERENCING_ENABLE=y ++ifndef $(ECM_DB_CONNECTION_CROSS_REFERENCING_ENABLE) ++ ECM_DB_CONNECTION_CROSS_REFERENCING_ENABLE=y ++endif + ccflags-$(ECM_DB_CONNECTION_CROSS_REFERENCING_ENABLE) += -DECM_DB_XREF_ENABLE + + # ############################################################################# + # Define ECM_TRACKER_DPI_SUPPORT_ENABLE=y in order to enable support for + # deep packet inspection and tracking of data with the trackers. + # ############################################################################# ++ifndef $(ECM_TRACKER_DPI_SUPPORT_ENABLE) ++ ECM_TRACKER_DPI_SUPPORT_ENABLE=y ++endif + ccflags-$(ECM_TRACKER_DPI_SUPPORT_ENABLE) += -DECM_TRACKER_DPI_SUPPORT_ENABLE + + # ############################################################################# +@@ -400,14 +431,18 @@ ccflags-$(ECM_TRACKER_DPI_SUPPORT_ENABLE) += -DECM_TRACKER_DPI_SUPPORT_ENABLE + # support for the database keeping lists of connections that are assigned + # on a per TYPE of classifier basis. + # ############################################################################# +-ECM_DB_CLASSIFIER_TYPE_ASSIGNMENTS_TRACK_ENABLE=y ++ifndef $(ECM_DB_CLASSIFIER_TYPE_ASSIGNMENTS_TRACK_ENABLE) ++ ECM_DB_CLASSIFIER_TYPE_ASSIGNMENTS_TRACK_ENABLE=y ++endif + ccflags-$(ECM_DB_CLASSIFIER_TYPE_ASSIGNMENTS_TRACK_ENABLE) += -DECM_DB_CTA_TRACK_ENABLE + + # ############################################################################# + # Define ECM_BAND_STEERING_ENABLE=y in order to enable + # band steering feature. + # ############################################################################# +-ECM_BAND_STEERING_ENABLE=y ++ifndef $(ECM_BAND_STEERING_ENABLE) ++ ECM_BAND_STEERING_ENABLE=y ++endif + ccflags-$(ECM_BAND_STEERING_ENABLE) += -DECM_BAND_STEERING_ENABLE + + # ############################################################################# +@@ -488,7 +523,6 @@ ccflags-y += -DECM_TRACKER_UDP_DEBUG_LEVEL=1 + ccflags-y += -DECM_BOND_NOTIFIER_DEBUG_LEVEL=1 + ccflags-y += -DECM_INTERFACE_DEBUG_LEVEL=1 + ccflags-y += -DECM_STATE_DEBUG_LEVEL=1 +-ccflags-y += -DECM_OPENWRT_SUPPORT=1 + ccflags-y += -DECM_NOTIFIER_DEBUG_LEVEL=1 + ccflags-y += -DECM_AE_CLASSIFIER_DEBUG_LEVEL=1 + ccflags-y += -DECM_STATS_DEBUG_LEVEL=1 +--- a/Makefile_61.mk ++++ b/Makefile_61.mk +@@ -465,7 +465,6 @@ ccflags-y += -DECM_TRACKER_UDP_DEBUG_LEVEL=1 + ccflags-y += -DECM_BOND_NOTIFIER_DEBUG_LEVEL=1 + ccflags-y += -DECM_INTERFACE_DEBUG_LEVEL=1 + ccflags-y += -DECM_STATE_DEBUG_LEVEL=1 +-ccflags-y += -DECM_OPENWRT_SUPPORT=1 + ccflags-y += -DECM_NOTIFIER_DEBUG_LEVEL=1 + ccflags-y += -DECM_AE_CLASSIFIER_DEBUG_LEVEL=1 + ccflags-y += -DECM_STATS_DEBUG_LEVEL=1 +--- a/ecm_db/ecm_db_connection.c ++++ b/ecm_db/ecm_db_connection.c +@@ -446,7 +446,9 @@ EXPORT_SYMBOL(ecm_db_connection_make_def + */ + void ecm_db_connection_data_totals_update(struct ecm_db_connection_instance *ci, bool is_from, uint64_t size, uint64_t packets) + { ++#ifdef ECM_DB_ADVANCED_STATS_ENABLE + int32_t i; ++#endif + + DEBUG_CHECK_MAGIC(ci, ECM_DB_CONNECTION_INSTANCE_MAGIC, "%px: magic failed\n", ci); + +@@ -545,7 +547,9 @@ EXPORT_SYMBOL(ecm_db_connection_data_tot + */ + void ecm_db_connection_data_totals_update_dropped(struct ecm_db_connection_instance *ci, bool is_from, uint64_t size, uint64_t packets) + { ++#ifdef ECM_DB_ADVANCED_STATS_ENABLE + int32_t i; ++#endif + + DEBUG_CHECK_MAGIC(ci, ECM_DB_CONNECTION_INSTANCE_MAGIC, "%px: magic failed\n", ci); + +@@ -1539,6 +1543,7 @@ void ecm_db_connection_defunct_all(void) + } + EXPORT_SYMBOL(ecm_db_connection_defunct_all); + ++#ifdef ECM_INTERFACE_OVS_BRIDGE_ENABLE + /* + * ecm_db_connection_defunct_by_classifier() + * Make defunct based on masked fields +@@ -1705,6 +1710,7 @@ next_ci: + ECM_IP_ADDR_TO_OCTAL(dest_addr_mask), dest_port_mask, proto_mask, cnt); + } + } ++#endif + + /* + * ecm_db_connection_defunct_by_port() +@@ -1994,6 +2000,7 @@ struct ecm_db_node_instance *ecm_db_conn + } + EXPORT_SYMBOL(ecm_db_connection_node_get_and_ref); + ++#ifdef ECM_DB_XREF_ENABLE + /* + * ecm_db_connection_mapping_get_and_ref_next() + * Return reference to next connection in the mapping chain in the specified direction. +@@ -2035,6 +2042,7 @@ struct ecm_db_connection_instance *ecm_d + return nci; + } + EXPORT_SYMBOL(ecm_db_connection_iface_get_and_ref_next); ++#endif + + /* + * ecm_db_connection_mapping_get_and_ref() +--- a/ecm_db/ecm_db_node.c ++++ b/ecm_db/ecm_db_node.c +@@ -227,9 +227,11 @@ EXPORT_SYMBOL(ecm_db_node_get_and_ref_ne + */ + int ecm_db_node_deref(struct ecm_db_node_instance *ni) + { ++#ifdef ECM_DB_XREF_ENABLE + #if (DEBUG_LEVEL >= 1) + int dir; + #endif ++#endif + DEBUG_CHECK_MAGIC(ni, ECM_DB_NODE_INSTANCE_MAGIC, "%px: magic failed\n", ni); + + spin_lock_bh(&ecm_db_lock); +@@ -489,9 +491,11 @@ EXPORT_SYMBOL(ecm_db_node_iface_get_and_ + void ecm_db_node_add(struct ecm_db_node_instance *ni, struct ecm_db_iface_instance *ii, uint8_t *address, + ecm_db_node_final_callback_t final, void *arg) + { ++#ifdef ECM_DB_XREF_ENABLE + #if (DEBUG_LEVEL >= 1) + int dir; + #endif ++#endif + ecm_db_node_hash_t hash_index; + struct ecm_db_listener_instance *li; + +--- a/ecm_interface.c ++++ b/ecm_interface.c +@@ -1509,6 +1509,7 @@ struct neighbour *ecm_interface_ipv6_nei + */ + bool ecm_interface_is_pptp(struct sk_buff *skb, const struct net_device *out) + { ++#ifdef ECM_INTERFACE_PPTP_ENABLE + struct net_device *in; + + /* +@@ -1533,6 +1534,7 @@ bool ecm_interface_is_pptp(struct sk_buf + } + + dev_put(in); ++#endif + return false; + } + +@@ -1545,6 +1547,7 @@ bool ecm_interface_is_pptp(struct sk_buf + */ + bool ecm_interface_is_l2tp_packet_by_version(struct sk_buff *skb, const struct net_device *out, int ver) + { ++#ifdef ECM_INTERFACE_L2TPV2_PPTP_ENABLE + uint32_t flag = 0; + struct net_device *in; + +@@ -1577,6 +1580,7 @@ bool ecm_interface_is_l2tp_packet_by_ver + } + + dev_put(in); ++#endif + return false; + } + +@@ -1589,6 +1593,7 @@ bool ecm_interface_is_l2tp_packet_by_ver + */ + bool ecm_interface_is_l2tp_pptp(struct sk_buff *skb, const struct net_device *out) + { ++#ifdef ECM_INTERFACE_L2TPV2_PPTP_ENABLE + struct net_device *in; + + /* +@@ -1611,6 +1616,7 @@ bool ecm_interface_is_l2tp_pptp(struct s + } + + dev_put(in); ++#endif + return false; + } + +@@ -7127,6 +7133,7 @@ static void ecm_interface_regenerate_con + return; + } + ++#ifdef ECM_DB_XREF_ENABLE + for (dir = 0; dir < ECM_DB_OBJ_DIR_MAX; dir++) { + /* + * Re-generate all connections associated with this interface +@@ -7142,6 +7149,7 @@ static void ecm_interface_regenerate_con + ci[dir] = cin; + } + } ++#endif + + #ifdef ECM_MULTICAST_ENABLE + /* +--- a/frontends/ecm_front_end_common.c ++++ b/frontends/ecm_front_end_common.c +@@ -517,6 +517,7 @@ bool ecm_front_end_gre_proto_is_accel_al + struct nf_conntrack_tuple *reply_tuple, + int ip_version, uint16_t offset) + { ++#ifdef ECM_INTERFACE_GRE_ENABLE + struct net_device *dev; + struct gre_base_hdr *greh; + +@@ -528,10 +529,12 @@ bool ecm_front_end_gre_proto_is_accel_al + /* + * Case 1: PPTP locally terminated + */ ++#ifdef ECM_INTERFACE_PPTP_ENABLE + if (ecm_interface_is_pptp(skb, outdev)) { + DEBUG_TRACE("%px: PPTP GRE locally terminated - allow acceleration\n", skb); + return true; + } ++#endif + + /* + * Case 2: PPTP pass through +@@ -657,6 +660,10 @@ bool ecm_front_end_gre_proto_is_accel_al + */ + DEBUG_TRACE("%px: GRE IPv%d pass through non NAT - allow acceleration\n", skb, ip_version); + return true; ++#else ++ DEBUG_TRACE("%px: GRE%d feature is disabled - do not allow acceleration\n", skb, ip_version); ++ return false; ++#endif + } + + #ifdef ECM_CLASSIFIER_DSCP_ENABLE diff --git a/package/qca/qca-nss-ecm/patches/0002-treewide-rework-ipv6_dev_find_and_hold.patch b/package/qca/qca-nss-ecm/patches/0002-treewide-rework-ipv6_dev_find_and_hold.patch new file mode 100644 index 000000000..57765758c --- /dev/null +++ b/package/qca/qca-nss-ecm/patches/0002-treewide-rework-ipv6_dev_find_and_hold.patch @@ -0,0 +1,63 @@ +--- a/ecm_interface.c ++++ b/ecm_interface.c +@@ -339,9 +339,9 @@ static struct net_device *ecm_interface_ + + ECM_IP_ADDR_TO_NIN6_ADDR(addr6, addr); + #if (LINUX_VERSION_CODE < KERNEL_VERSION(5, 9, 0)) +- dev = (struct net_device *)ipv6_dev_find(&init_net, &addr6, 1); ++ dev = (struct net_device *)ipv6_dev_find_and_hold(&init_net, &addr6, 1); + #else +- dev = (struct net_device *)ipv6_dev_find(&init_net, &addr6, NULL); ++ dev = (struct net_device *)ipv6_dev_find_and_hold(&init_net, &addr6, 1); + #endif + return dev; + } +@@ -802,9 +802,9 @@ static bool ecm_interface_mac_addr_get_i + */ + ECM_IP_ADDR_TO_NIN6_ADDR(daddr, addr); + #if (LINUX_VERSION_CODE < KERNEL_VERSION(5, 9, 0)) +- local_dev = ipv6_dev_find(&init_net, &daddr, 1); ++ local_dev = ipv6_dev_find_and_hold(&init_net, &daddr, 1); + #else +- local_dev = ipv6_dev_find(&init_net, &daddr, NULL); ++ local_dev = ipv6_dev_find_and_hold(&init_net, &daddr, 1); + #endif + if (local_dev) { + DEBUG_TRACE("%pi6 is a local address\n", &daddr); +--- a/frontends/ecm_front_end_common.c ++++ b/frontends/ecm_front_end_common.c +@@ -103,6 +103,10 @@ + #endif + #endif + ++#ifdef ECM_IPV6_ENABLE ++#include "ecm_front_end_ipv6.h" ++#endif ++ + #ifdef ECM_FRONT_END_FSE_ENABLE + /* + * Callback object for ECM frontend interaction with wlan driver to add/delete FSE rules. +@@ -614,9 +618,9 @@ bool ecm_front_end_gre_proto_is_accel_al + } else { + #ifdef ECM_IPV6_ENABLE + #if (LINUX_VERSION_CODE < KERNEL_VERSION(5, 9, 0)) +- dev = ipv6_dev_find(&init_net, &(orig_tuple->src.u3.in6), 1); ++ dev = ipv6_dev_find_and_hold(&init_net, &(orig_tuple->src.u3.in6), 1); + #else +- dev = ipv6_dev_find(&init_net, &(orig_tuple->src.u3.in6), NULL); ++ dev = ipv6_dev_find_and_hold(&init_net, &(orig_tuple->src.u3.in6), 1); + #endif + if (dev) { + /* +@@ -628,9 +632,9 @@ bool ecm_front_end_gre_proto_is_accel_al + } + + #if (LINUX_VERSION_CODE < KERNEL_VERSION(5, 9, 0)) +- dev = ipv6_dev_find(&init_net, &(orig_tuple->dst.u3.in6), 1); ++ dev = ipv6_dev_find_and_hold(&init_net, &(orig_tuple->dst.u3.in6), 1); + #else +- dev = ipv6_dev_find(&init_net, &(orig_tuple->dst.u3.in6), NULL); ++ dev = ipv6_dev_find_and_hold(&init_net, &(orig_tuple->dst.u3.in6), 1); + #endif + if (dev) { + /* diff --git a/package/qca/qca-nss-ecm/patches/0003-qca-nss-ecm-resolve-the-cpu-high-load-regarding-ecm.patch b/package/qca/qca-nss-ecm/patches/0003-qca-nss-ecm-resolve-the-cpu-high-load-regarding-ecm.patch new file mode 100644 index 000000000..00476932b --- /dev/null +++ b/package/qca/qca-nss-ecm/patches/0003-qca-nss-ecm-resolve-the-cpu-high-load-regarding-ecm.patch @@ -0,0 +1,55 @@ +From 65aa71f33891bcf0b75995219e31abaf674c6199 Mon Sep 17 00:00:00 2001 +From: Dirk Buchwalder +Date: Sun, 27 Jun 2021 16:52:39 +0200 +Subject: [PATCH 05/12] qca-nss-ecm: resolve the cpu high load regarding ecm + +If using ECM, cpu load goes up (around 1.0) and stucks there. +This is due to using uninterruptible sleep function, +the patch changes this to interruptible sleep function. + +Signed-off-by: Dirk Buchwalder buchwalder@posteo.de +--- + frontends/nss/ecm_nss_ipv4.c | 4 ++-- + frontends/nss/ecm_nss_ipv6.c | 4 ++-- + 2 files changed, 4 insertions(+), 4 deletions(-) + +--- a/frontends/nss/ecm_nss_ipv4.c ++++ b/frontends/nss/ecm_nss_ipv4.c +@@ -700,7 +700,7 @@ static void ecm_nss_ipv4_stats_sync_req_ + } + spin_unlock_bh(&ecm_nss_ipv4_lock); + +- usleep_range(ECM_NSS_IPV4_STATS_SYNC_UDELAY - 100, ECM_NSS_IPV4_STATS_SYNC_UDELAY); ++ msleep_interruptible(ECM_NSS_IPV4_STATS_SYNC_UDELAY / 1000); + + /* + * If index is 0, we are starting a new round, but if we still have time remain +@@ -714,7 +714,7 @@ static void ecm_nss_ipv4_stats_sync_req_ + } + + if (time_after(ecm_nss_ipv4_next_req_time, current_jiffies)) { +- msleep(jiffies_to_msecs(ecm_nss_ipv4_next_req_time - current_jiffies)); ++ msleep_interruptible(jiffies_to_msecs(ecm_nss_ipv4_next_req_time - current_jiffies)); + } + ecm_nss_ipv4_roll_check_jiffies = jiffies; + ecm_nss_ipv4_next_req_time = ecm_nss_ipv4_roll_check_jiffies + ECM_NSS_IPV4_STATS_SYNC_PERIOD; +--- a/frontends/nss/ecm_nss_ipv6.c ++++ b/frontends/nss/ecm_nss_ipv6.c +@@ -676,7 +676,7 @@ static void ecm_nss_ipv6_stats_sync_req_ + } + spin_unlock_bh(&ecm_nss_ipv6_lock); + +- usleep_range(ECM_NSS_IPV6_STATS_SYNC_UDELAY - 100, ECM_NSS_IPV6_STATS_SYNC_UDELAY); ++ msleep_interruptible(ECM_NSS_IPV6_STATS_SYNC_UDELAY / 1000); + + /* + * If index is 0, we are starting a new round, but if we still have time remain +@@ -690,7 +690,7 @@ static void ecm_nss_ipv6_stats_sync_req_ + } + + if (time_after(ecm_nss_ipv6_next_req_time, current_jiffies)) { +- msleep(jiffies_to_msecs(ecm_nss_ipv6_next_req_time - current_jiffies)); ++ msleep_interruptible(jiffies_to_msecs(ecm_nss_ipv6_next_req_time - current_jiffies)); + } + ecm_nss_ipv6_roll_check_jiffies = jiffies; + ecm_nss_ipv6_next_req_time = ecm_nss_ipv6_roll_check_jiffies + ECM_NSS_IPV6_STATS_SYNC_PERIOD; diff --git a/package/qca/qca-nss-ecm/patches/0005-frontends-drop-use-of-static-be_liberal-and-no_windo.patch b/package/qca/qca-nss-ecm/patches/0005-frontends-drop-use-of-static-be_liberal-and-no_windo.patch new file mode 100644 index 000000000..fc3ff0e38 --- /dev/null +++ b/package/qca/qca-nss-ecm/patches/0005-frontends-drop-use-of-static-be_liberal-and-no_windo.patch @@ -0,0 +1,88 @@ +--- a/frontends/nss/ecm_nss_ported_ipv4.c ++++ b/frontends/nss/ecm_nss_ported_ipv4.c +@@ -1213,7 +1213,6 @@ static void ecm_nss_ported_ipv4_connection_accelerate(struct ecm_front_end_conne + #else + struct nf_tcp_net *tn = nf_tcp_pernet(nf_ct_net(ct)); + uint32_t tcp_be_liberal = tn->tcp_be_liberal; +- uint32_t tcp_no_window_check = tn->tcp_no_window_check; + #endif + ecm_db_connection_address_get(feci->ci, ECM_DB_OBJ_DIR_FROM, addr); + ecm_front_end_flow_and_return_directions_get(ct, addr, 4, &flow_dir, &return_dir); +@@ -1228,11 +1227,7 @@ static void ecm_nss_ported_ipv4_connection_accelerate(struct ecm_front_end_conne + nircm->tcp_rule.return_max_window = ct->proto.tcp.seen[return_dir].td_maxwin; + nircm->tcp_rule.return_end = ct->proto.tcp.seen[return_dir].td_end; + nircm->tcp_rule.return_max_end = ct->proto.tcp.seen[return_dir].td_maxend; +-#ifdef ECM_OPENWRT_SUPPORT +- if (tcp_be_liberal || tcp_no_window_check +-#else + if (tcp_be_liberal +-#endif + || (ct->proto.tcp.seen[flow_dir].flags & IP_CT_TCP_FLAG_BE_LIBERAL) + || (ct->proto.tcp.seen[return_dir].flags & IP_CT_TCP_FLAG_BE_LIBERAL)) { + nircm->rule_flags |= NSS_IPV4_RULE_CREATE_FLAG_NO_SEQ_CHECK; +--- a/frontends/nss/ecm_nss_ported_ipv6.c ++++ b/frontends/nss/ecm_nss_ported_ipv6.c +@@ -1133,7 +1133,6 @@ static void ecm_nss_ported_ipv6_connection_accelerate(struct ecm_front_end_conne + #else + struct nf_tcp_net *tn = nf_tcp_pernet(nf_ct_net(ct)); + uint32_t tcp_be_liberal = tn->tcp_be_liberal; +- uint32_t tcp_no_window_check = tn->tcp_no_window_check; + #endif + ecm_front_end_flow_and_return_directions_get(ct, src_ip, 6, &flow_dir, &return_dir); + +@@ -1147,11 +1146,7 @@ static void ecm_nss_ported_ipv6_connection_accelerate(struct ecm_front_end_conne + nircm->tcp_rule.return_max_window = ct->proto.tcp.seen[return_dir].td_maxwin; + nircm->tcp_rule.return_end = ct->proto.tcp.seen[return_dir].td_end; + nircm->tcp_rule.return_max_end = ct->proto.tcp.seen[return_dir].td_maxend; +-#ifdef ECM_OPENWRT_SUPPORT +- if (tcp_be_liberal || tcp_no_window_check +-#else + if (tcp_be_liberal +-#endif + || (ct->proto.tcp.seen[flow_dir].flags & IP_CT_TCP_FLAG_BE_LIBERAL) + || (ct->proto.tcp.seen[return_dir].flags & IP_CT_TCP_FLAG_BE_LIBERAL)) { + nircm->rule_flags |= NSS_IPV6_RULE_CREATE_FLAG_NO_SEQ_CHECK; +--- a/frontends/sfe/ecm_sfe_ported_ipv4.c ++++ b/frontends/sfe/ecm_sfe_ported_ipv4.c +@@ -1358,7 +1358,6 @@ static void ecm_sfe_ported_ipv4_connection_accelerate(struct ecm_front_end_conne + #else + struct nf_tcp_net *tn = nf_tcp_pernet(nf_ct_net(ct)); + uint32_t tcp_be_liberal = tn->tcp_be_liberal; +- uint32_t tcp_no_window_check = tn->tcp_no_window_check; + #endif + ecm_db_connection_address_get(feci->ci, ECM_DB_OBJ_DIR_FROM, addr); + ecm_front_end_flow_and_return_directions_get(ct, addr, 4, &flow_dir, &return_dir); +@@ -1374,11 +1373,7 @@ static void ecm_sfe_ported_ipv4_connection_accelerate(struct ecm_front_end_conne + nircm->tcp_rule.return_end = ct->proto.tcp.seen[return_dir].td_end; + nircm->tcp_rule.return_max_end = ct->proto.tcp.seen[return_dir].td_maxend; + +-#ifdef ECM_OPENWRT_SUPPORT +- if (tcp_be_liberal || tcp_no_window_check +-#else + if (tcp_be_liberal +-#endif + || (ct->proto.tcp.seen[flow_dir].flags & IP_CT_TCP_FLAG_BE_LIBERAL) + || (ct->proto.tcp.seen[return_dir].flags & IP_CT_TCP_FLAG_BE_LIBERAL)) { + nircm->rule_flags |= SFE_RULE_CREATE_FLAG_NO_SEQ_CHECK; +--- a/frontends/sfe/ecm_sfe_ported_ipv6.c ++++ b/frontends/sfe/ecm_sfe_ported_ipv6.c +@@ -1371,7 +1371,6 @@ static void ecm_sfe_ported_ipv6_connection_accelerate(struct ecm_front_end_conne + #else + struct nf_tcp_net *tn = nf_tcp_pernet(nf_ct_net(ct)); + uint32_t tcp_be_liberal = tn->tcp_be_liberal; +- uint32_t tcp_no_window_check = tn->tcp_no_window_check; + #endif + ecm_front_end_flow_and_return_directions_get(ct, src_ip, 6, &flow_dir, &return_dir); + +@@ -1385,11 +1384,7 @@ static void ecm_sfe_ported_ipv6_connection_accelerate(struct ecm_front_end_conne + nircm->tcp_rule.return_max_window = ct->proto.tcp.seen[return_dir].td_maxwin; + nircm->tcp_rule.return_end = ct->proto.tcp.seen[return_dir].td_end; + nircm->tcp_rule.return_max_end = ct->proto.tcp.seen[return_dir].td_maxend; +-#ifdef ECM_OPENWRT_SUPPORT +- if (tcp_be_liberal || tcp_no_window_check +-#else + if (tcp_be_liberal +-#endif + || (ct->proto.tcp.seen[flow_dir].flags & IP_CT_TCP_FLAG_BE_LIBERAL) + || (ct->proto.tcp.seen[return_dir].flags & IP_CT_TCP_FLAG_BE_LIBERAL)) { + nircm->rule_flags |= SFE_RULE_CREATE_FLAG_NO_SEQ_CHECK; diff --git a/package/qca/qca-nss-ecm/patches/0006-ecm_tracker_datagram-drop-static-for-EXPORT_SYMBOL.patch b/package/qca/qca-nss-ecm/patches/0006-ecm_tracker_datagram-drop-static-for-EXPORT_SYMBOL.patch new file mode 100644 index 000000000..aa95ce15d --- /dev/null +++ b/package/qca/qca-nss-ecm/patches/0006-ecm_tracker_datagram-drop-static-for-EXPORT_SYMBOL.patch @@ -0,0 +1,50 @@ +From 9827d8597545ecfee17eba7b08d48dbcdf55c614 Mon Sep 17 00:00:00 2001 +From: Ansuel Smith +Date: Sun, 8 May 2022 18:39:39 +0200 +Subject: [PATCH 09/12] ecm_tracker_datagram: drop static for EXPORT_SYMBOL + +EXPORT_SYMBOL should NOT be static + +Signed-off-by: Ansuel Smith +--- + ecm_tracker_datagram.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +--- a/ecm_tracker_datagram.c ++++ b/ecm_tracker_datagram.c +@@ -203,7 +203,7 @@ static void ecm_tracker_datagram_datagra + * ecm_tracker_datagram_discard_all() + * Discard all tracked data + */ +-static void ecm_tracker_datagram_discard_all(struct ecm_tracker_datagram_internal_instance *dtii) ++void ecm_tracker_datagram_discard_all(struct ecm_tracker_datagram_internal_instance *dtii) + { + int32_t src_count; + int32_t dest_count; +@@ -364,7 +364,7 @@ static void ecm_tracker_datagram_datagra + * ecm_tracker_datagram_datagram_size_get() + * Return size in bytes of datagram at index i that was sent to the target + */ +-static int32_t ecm_tracker_datagram_datagram_size_get(struct ecm_tracker_datagram_instance *uti, ecm_tracker_sender_type_t sender, int32_t i) ++int32_t ecm_tracker_datagram_datagram_size_get(struct ecm_tracker_datagram_instance *uti, ecm_tracker_sender_type_t sender, int32_t i) + { + struct ecm_tracker_datagram_internal_instance *dtii = (struct ecm_tracker_datagram_internal_instance *)uti; + +@@ -412,7 +412,7 @@ static int32_t ecm_tracker_datagram_data + * ecm_tracker_datagram_datagram_read() + * Read size bytes from datagram at index i into the buffer + */ +-static int ecm_tracker_datagram_datagram_read(struct ecm_tracker_datagram_instance *uti, ecm_tracker_sender_type_t sender, int32_t i, int32_t offset, int32_t size, void *buffer) ++int ecm_tracker_datagram_datagram_read(struct ecm_tracker_datagram_instance *uti, ecm_tracker_sender_type_t sender, int32_t i, int32_t offset, int32_t size, void *buffer) + { + struct ecm_tracker_datagram_internal_instance *dtii = (struct ecm_tracker_datagram_internal_instance *)uti; + int res; +@@ -466,7 +466,7 @@ static int ecm_tracker_datagram_datagram + * ecm_tracker_datagram_datagram_add() + * Append the datagram onto the tracker queue for the given target + */ +-static bool ecm_tracker_datagram_datagram_add(struct ecm_tracker_datagram_instance *uti, ecm_tracker_sender_type_t sender, struct sk_buff *skb) ++bool ecm_tracker_datagram_datagram_add(struct ecm_tracker_datagram_instance *uti, ecm_tracker_sender_type_t sender, struct sk_buff *skb) + { + struct ecm_tracker_datagram_internal_instance *dtii = (struct ecm_tracker_datagram_internal_instance *)uti; + struct sk_buff *skbc; diff --git a/package/qca/qca-nss-ecm/patches/0007-frontends-drop-udp_get_timeouts-and-use-standard-ups.patch b/package/qca/qca-nss-ecm/patches/0007-frontends-drop-udp_get_timeouts-and-use-standard-ups.patch new file mode 100644 index 000000000..1554f2138 --- /dev/null +++ b/package/qca/qca-nss-ecm/patches/0007-frontends-drop-udp_get_timeouts-and-use-standard-ups.patch @@ -0,0 +1,63 @@ +From ef638a84405c9f6556a9d7c257ccbba74efd228e Mon Sep 17 00:00:00 2001 +From: Ansuel Smith +Date: Sat, 14 May 2022 20:15:10 +0200 +Subject: [PATCH 10/12] frontends: drop udp_get_timeouts and use standard + upstream api + +Drop udp_get_timeouts and use nf_udp_pernet and ->timeouts +instead or relying on a downstream api not present upstream. +--- + frontends/nss/ecm_nss_ipv4.c | 3 ++- + frontends/nss/ecm_nss_ipv6.c | 3 ++- + frontends/sfe/ecm_sfe_ipv4.c | 3 ++- + frontends/sfe/ecm_sfe_ipv6.c | 3 ++- + 4 files changed, 8 insertions(+), 4 deletions(-) + +--- a/frontends/nss/ecm_nss_ipv4.c ++++ b/frontends/nss/ecm_nss_ipv4.c +@@ -610,7 +610,8 @@ sync_conntrack: + #else + timeouts = nf_ct_timeout_lookup(ct); + if (!timeouts) { +- timeouts = udp_get_timeouts(nf_ct_net(ct)); ++ struct nf_udp_net *un = nf_udp_pernet(nf_ct_net(ct)); ++ timeouts = un->timeouts; + } + + spin_lock_bh(&ct->lock); +--- a/frontends/nss/ecm_nss_ipv6.c ++++ b/frontends/nss/ecm_nss_ipv6.c +@@ -587,7 +587,8 @@ sync_conntrack: + #else + timeouts = nf_ct_timeout_lookup(ct); + if (!timeouts) { +- timeouts = udp_get_timeouts(nf_ct_net(ct)); ++ struct nf_udp_net *un = nf_udp_pernet(nf_ct_net(ct)); ++ timeouts = un->timeouts; + } + + spin_lock_bh(&ct->lock); +--- a/frontends/sfe/ecm_sfe_ipv4.c ++++ b/frontends/sfe/ecm_sfe_ipv4.c +@@ -562,7 +562,8 @@ sync_conntrack: + #else + timeouts = nf_ct_timeout_lookup(ct); + if (!timeouts) { +- timeouts = udp_get_timeouts(nf_ct_net(ct)); ++ struct nf_udp_net *un = nf_udp_pernet(nf_ct_net(ct)); ++ timeouts = un->timeouts; + } + + spin_lock_bh(&ct->lock); +--- a/frontends/sfe/ecm_sfe_ipv6.c ++++ b/frontends/sfe/ecm_sfe_ipv6.c +@@ -556,7 +556,8 @@ sync_conntrack: + #else + timeouts = nf_ct_timeout_lookup(ct); + if (!timeouts) { +- timeouts = udp_get_timeouts(nf_ct_net(ct)); ++ struct nf_udp_net *un = nf_udp_pernet(nf_ct_net(ct)); ++ timeouts = un->timeouts; + } + + spin_lock_bh(&ct->lock); diff --git a/package/qca/qca-nss-ecm/patches/0008-ecm_interface-fix-ppp-generic-function-calls-for-5.15.patch b/package/qca/qca-nss-ecm/patches/0008-ecm_interface-fix-ppp-generic-function-calls-for-5.15.patch new file mode 100644 index 000000000..e314dc1ef --- /dev/null +++ b/package/qca/qca-nss-ecm/patches/0008-ecm_interface-fix-ppp-generic-function-calls-for-5.15.patch @@ -0,0 +1,20 @@ +--- a/ecm_interface.c ++++ b/ecm_interface.c +@@ -3606,7 +3606,7 @@ identifier_update: + if (skb && (skb->skb_iif == dev->ifindex)) { + struct pppol2tp_common_addr info; + +- if (__ppp_is_multilink(dev) > 0) { ++ if (ppp_is_multilink(dev) > 0) { + DEBUG_TRACE("%px: Net device: %px is MULTILINK PPP - Unknown to the ECM\n", feci, dev); + type_info.unknown.os_specific_ident = dev_interface_num; + +@@ -3616,7 +3616,7 @@ identifier_update: + ii = ecm_interface_unknown_interface_establish(&type_info.unknown, dev_name, dev_interface_num, ae_interface_num, dev_mtu); + return ii; + } +- channel_count = __ppp_hold_channels(dev, ppp_chan, 1); ++ channel_count = ppp_hold_channels(dev, ppp_chan, 1); + if (channel_count != 1) { + DEBUG_TRACE("%px: Net device: %px PPP has %d channels - ECM cannot handle this (interface becomes Unknown type)\n", + feci, dev, channel_count); diff --git a/package/qca/qca-nss-ecm/patches/0009-treewide-export-ipv4-and-ipv6-symbols.patch b/package/qca/qca-nss-ecm/patches/0009-treewide-export-ipv4-and-ipv6-symbols.patch new file mode 100644 index 000000000..6c4cf8b5b --- /dev/null +++ b/package/qca/qca-nss-ecm/patches/0009-treewide-export-ipv4-and-ipv6-symbols.patch @@ -0,0 +1,99 @@ +--- a/frontends/nss/ecm_nss_common.c ++++ b/frontends/nss/ecm_nss_common.c +@@ -67,6 +67,7 @@ bool ecm_nss_ipv6_is_conn_limit_reached( + + return false; + } ++EXPORT_SYMBOL(ecm_nss_ipv6_is_conn_limit_reached); + #endif + + /* +@@ -116,3 +117,4 @@ bool ecm_nss_ipv4_is_conn_limit_reached( + + return false; + } ++EXPORT_SYMBOL(ecm_nss_ipv4_is_conn_limit_reached); +--- a/frontends/nss/ecm_nss_non_ported_ipv4.c ++++ b/frontends/nss/ecm_nss_non_ported_ipv4.c +@@ -1831,6 +1831,7 @@ struct ecm_front_end_connection_instance + + return feci; + } ++EXPORT_SYMBOL(ecm_nss_non_ported_ipv4_connection_instance_alloc); + + /* + * ecm_nss_non_ported_ipv4_debugfs_init() +--- a/frontends/nss/ecm_nss_non_ported_ipv4.h ++++ b/frontends/nss/ecm_nss_non_ported_ipv4.h +@@ -19,7 +19,7 @@ + + extern bool ecm_nss_non_ported_ipv4_debugfs_init(struct dentry *dentry); + +-extern struct ecm_front_end_connection_instance *ecm_nss_non_ported_ipv4_connection_instance_alloc( ++struct ecm_front_end_connection_instance *ecm_nss_non_ported_ipv4_connection_instance_alloc( + uint32_t accel_flags, + int protocol, + struct ecm_db_connection_instance **nci); +--- a/frontends/nss/ecm_nss_non_ported_ipv6.c ++++ b/frontends/nss/ecm_nss_non_ported_ipv6.c +@@ -1657,6 +1657,7 @@ struct ecm_front_end_connection_instance + + return feci; + } ++EXPORT_SYMBOL(ecm_nss_non_ported_ipv6_connection_instance_alloc); + + /* + * ecm_nss_non_ported_ipv6_debugfs_init() +--- a/frontends/nss/ecm_nss_non_ported_ipv6.h ++++ b/frontends/nss/ecm_nss_non_ported_ipv6.h +@@ -19,7 +19,7 @@ + + extern bool ecm_nss_non_ported_ipv6_debugfs_init(struct dentry *dentry); + +-extern struct ecm_front_end_connection_instance *ecm_nss_non_ported_ipv6_connection_instance_alloc( ++struct ecm_front_end_connection_instance *ecm_nss_non_ported_ipv6_connection_instance_alloc( + uint32_t accel_flags, + int protocol, + struct ecm_db_connection_instance **nci); +--- a/frontends/nss/ecm_nss_ported_ipv4.c ++++ b/frontends/nss/ecm_nss_ported_ipv4.c +@@ -1906,6 +1906,7 @@ struct ecm_front_end_connection_instance + + return feci; + } ++EXPORT_SYMBOL(ecm_nss_ported_ipv4_connection_instance_alloc); + + /* + * ecm_nss_ported_ipv4_debugfs_init() +--- a/frontends/nss/ecm_nss_ported_ipv4.h ++++ b/frontends/nss/ecm_nss_ported_ipv4.h +@@ -19,7 +19,7 @@ + + extern bool ecm_nss_ported_ipv4_debugfs_init(struct dentry *dentry); + +-extern struct ecm_front_end_connection_instance *ecm_nss_ported_ipv4_connection_instance_alloc( ++struct ecm_front_end_connection_instance *ecm_nss_ported_ipv4_connection_instance_alloc( + uint32_t accel_flags, + int protocol, + struct ecm_db_connection_instance **nci); +--- a/frontends/nss/ecm_nss_ported_ipv6.c ++++ b/frontends/nss/ecm_nss_ported_ipv6.c +@@ -1812,6 +1812,7 @@ struct ecm_front_end_connection_instance + + return feci; + } ++EXPORT_SYMBOL(ecm_nss_ported_ipv6_connection_instance_alloc); + + /* + * ecm_nss_ported_ipv6_debugfs_init() +--- a/frontends/nss/ecm_nss_ported_ipv6.h ++++ b/frontends/nss/ecm_nss_ported_ipv6.h +@@ -19,7 +19,7 @@ + + extern bool ecm_nss_ported_ipv6_debugfs_init(struct dentry *dentry); + +-extern struct ecm_front_end_connection_instance *ecm_nss_ported_ipv6_connection_instance_alloc( ++struct ecm_front_end_connection_instance *ecm_nss_ported_ipv6_connection_instance_alloc( + uint32_t accel_flags, + int protocol, + struct ecm_db_connection_instance **nci); diff --git a/package/qca/qca-nss-ecm/patches/1000-fix-missing-include-header.patch b/package/qca/qca-nss-ecm/patches/1000-fix-missing-include-header.patch new file mode 100644 index 000000000..cdc42b18e --- /dev/null +++ b/package/qca/qca-nss-ecm/patches/1000-fix-missing-include-header.patch @@ -0,0 +1,10 @@ +--- a/frontends/ecm_front_end_common.c ++++ b/frontends/ecm_front_end_common.c +@@ -26,6 +26,7 @@ + #include + #include + #include ++#include + #ifdef ECM_CLASSIFIER_DSCP_ENABLE + #include + #include diff --git a/package/qca/qca-nss-ecm/patches/900-qca-nss-ecm-fix-a-memcpy-overflow-in-ecm_db.patch b/package/qca/qca-nss-ecm/patches/900-qca-nss-ecm-fix-a-memcpy-overflow-in-ecm_db.patch new file mode 100644 index 000000000..529c79292 --- /dev/null +++ b/package/qca/qca-nss-ecm/patches/900-qca-nss-ecm-fix-a-memcpy-overflow-in-ecm_db.patch @@ -0,0 +1,61 @@ +From 1958e34c4c1b8b4fb62eba693fbd7693536947b9 Mon Sep 17 00:00:00 2001 +From: flebourse +Date: Thu, 23 Dec 2021 16:11:06 +0100 +Subject: [PATCH] qca-nss-ecm: fix a memcpy overflow in ecm_db + +Calls to ipv6_addr_prefix() trigger a memcpy overflow if the prefix len +argument is greater than 128, cap it at this value. + +stack bactrace: +detected buffer overflow in memcpy +Kernel BUG at fortify_panic+0x20/0x24 +Internal error: Oops - BUG: 0 [#1] SMP +CPU: 2 PID: 2592 Comm: netifd Not tainted 5.10.80 #0 +Hardware name: Xiaomi AX9000 (DT) +Call trace: + fortify_panic+0x20/0x24 + ecm_db_exit+0x42c/0x49c [ecm] + ecm_db_exit+0x464/0x49c [ecm] + atomic_notifier_call_chain+0x5c/0x90 + ip6_route_add+0x13c/0x1a4 + inet6_rtm_newroute+0x98/0xa0 + rtnetlink_rcv_msg+0x10c/0x34c + netlink_rcv_skb+0x5c/0x130 + rtnetlink_rcv+0x1c/0x2c + netlink_unicast+0x1ec/0x2e0 + netlink_sendmsg+0x1a4/0x394 + ____sys_sendmsg+0x270/0x2b4 + ___sys_sendmsg+0x7c/0xc0 + __sys_sendmsg+0x5c/0xb0 + __arm64_sys_sendmsg+0x28/0x34 + el0_svc_common.constprop.0+0x88/0x190 + do_el0_svc+0x74/0x94 + el0_svc+0x14/0x20 + el0_sync_handler+0xa8/0x130 + el0_sync+0x184/0x1c0 +Code: aa0003e1 912b4040 910003fd 97fff56c (d4210000) + +Signed-off-By: Francis Le Bourse +--- + ecm_db/ecm_db.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/ecm_db/ecm_db.c ++++ b/ecm_db/ecm_db.c +@@ -298,7 +298,7 @@ static int ecm_db_ipv6_route_table_updat + * Compute ECM connection's prefix destination address by masking it with the + * route config's destination address prefix length. + */ +- ipv6_addr_prefix(&prefix_addr, &ecm_in6, cfg->fc_dst_len); ++ ipv6_addr_prefix(&prefix_addr, &ecm_in6, min(128, cfg->fc_dst_len)); + + DEBUG_TRACE("dest addr prefix: %pI6 prefix_len: %d ecm_in6: %pI6\n", &prefix_addr, cfg->fc_dst_len, &ecm_in6); + +@@ -326,7 +326,7 @@ static int ecm_db_ipv6_route_table_updat + * Compute ECM connection's prefix source address by masking it with the + * route config's destination address prefix length. + */ +- ipv6_addr_prefix(&prefix_addr, &ecm_in6, cfg->fc_dst_len); ++ ipv6_addr_prefix(&prefix_addr, &ecm_in6, min(128, cfg->fc_dst_len)); + + DEBUG_TRACE("src addr prefix: %pI6 prefix_len: %d ecm_in6: %pI6\n", &prefix_addr, cfg->fc_dst_len, &ecm_in6); diff --git a/package/qca/qca-ssdk-shell/Makefile b/package/qca/qca-ssdk-shell/Makefile new file mode 100644 index 000000000..2031a79a2 --- /dev/null +++ b/package/qca/qca-ssdk-shell/Makefile @@ -0,0 +1,47 @@ +include $(TOPDIR)/rules.mk + +PKG_NAME:=qca-ssdk-shell +PKG_RELEASE:=1 + +PKG_SOURCE_PROTO:=git +PKG_SOURCE_DATE:=2023-10-04 +PKG_SOURCE_URL:=https://git.codelinaro.org/clo/qsdk/oss/ssdk-shell.git +PKG_SOURCE_VERSION:=451c3a26e366ea1acdb4305999a72a0389e74fed +PKG_MIRROR_HASH:=e2da723c12120096f1c851808b868abe1affa14e4d969eff7bedb1e1eb984418 + +include $(INCLUDE_DIR)/kernel.mk +include $(INCLUDE_DIR)/package.mk + +define Package/qca-ssdk-shell + SECTION:=QCA + CATEGORY:=Utilities + TITLE:=Shell application for QCA SSDK +endef + +define Package/qca-ssdk-shell/Description + This package contains a qca-ssdk shell application for QCA chipset +endef + +ifndef CONFIG_TOOLCHAIN_BIN_PATH +CONFIG_TOOLCHAIN_BIN_PATH=$(TOOLCHAIN_DIR)/bin +endif + +QCASSDK_CONFIG_OPTS+= \ + TOOL_PATH=$(CONFIG_TOOLCHAIN_BIN_PATH) \ + SYS_PATH=$(LINUX_DIR) \ + TOOLPREFIX=$(TARGET_CROSS) \ + KVER=$(LINUX_VERSION) \ + CFLAGS="$(TARGET_CFLAGS)" \ + LDFLAGS="$(TARGET_LDFLAGS)" \ + ARCH=$(LINUX_KARCH) + +define Build/Compile + $(MAKE) -C $(PKG_BUILD_DIR) $(strip $(QCASSDK_CONFIG_OPTS)) +endef + +define Package/qca-ssdk-shell/install + $(INSTALL_DIR) $(1)/usr/sbin + $(INSTALL_BIN) $(PKG_BUILD_DIR)/build/bin/ssdk_sh $(1)/usr/sbin/ +endef + +$(eval $(call BuildPackage,qca-ssdk-shell)) diff --git a/package/qca/qca-ssdk-shell/patches/0001-qca-ssdk-shell-Fix-fal_port_cdt-compilation-error-GCC-13.patch b/package/qca/qca-ssdk-shell/patches/0001-qca-ssdk-shell-Fix-fal_port_cdt-compilation-error-GCC-13.patch new file mode 100644 index 000000000..9a97ff2d9 --- /dev/null +++ b/package/qca/qca-ssdk-shell/patches/0001-qca-ssdk-shell-Fix-fal_port_cdt-compilation-error-GCC-13.patch @@ -0,0 +1,10 @@ +--- a/src/fal_uk/fal_port_ctrl.c ++++ b/src/fal_uk/fal_port_ctrl.c +@@ -214,7 +214,7 @@ fal_port_hibernate_get(a_uint32_t dev_id + + sw_error_t + fal_port_cdt(a_uint32_t dev_id, fal_port_t port_id, a_uint32_t mdi_pair, +- a_uint32_t *cable_status, a_uint32_t *cable_len) ++ fal_cable_status_t * cable_status, a_uint32_t *cable_len) + { + sw_error_t rv;