From 90785f871cc8548ecc25247bb004c242eaf48035 Mon Sep 17 00:00:00 2001 From: coolsnowwolf Date: Tue, 25 Sep 2018 00:13:47 +0800 Subject: [PATCH] make SFE ompatibility with IPSEC VPN and FullCone NAT --- package/lean/shortcut-fe/Makefile | 2 +- .../lean/shortcut-fe/src/fast-classifier.c | 60 +++++-------------- 2 files changed, 15 insertions(+), 47 deletions(-) diff --git a/package/lean/shortcut-fe/Makefile b/package/lean/shortcut-fe/Makefile index 61faaf0f2..5c9a80e57 100644 --- a/package/lean/shortcut-fe/Makefile +++ b/package/lean/shortcut-fe/Makefile @@ -15,7 +15,7 @@ include $(TOPDIR)/rules.mk include $(INCLUDE_DIR)/kernel.mk PKG_NAME:=shortcut-fe -PKG_RELEASE:=1 +PKG_RELEASE:=2 include $(INCLUDE_DIR)/package.mk diff --git a/package/lean/shortcut-fe/src/fast-classifier.c b/package/lean/shortcut-fe/src/fast-classifier.c index 6fba3a9f5..48a2d27f4 100644 --- a/package/lean/shortcut-fe/src/fast-classifier.c +++ b/package/lean/shortcut-fe/src/fast-classifier.c @@ -181,7 +181,7 @@ static atomic_t done_fail_msgs = ATOMIC_INIT(0); * only implement ingress for now, because for egress we * want to have the bridge devices qdiscs be used. */ -static bool skip_to_bridge_ingress = 1; +static bool skip_to_bridge_ingress; /* * fast_classifier_incr_exceptions() @@ -310,15 +310,8 @@ rx_exit: * We look up the rtable entry for the address and, from its neighbour * structure, obtain the hardware address. This means this function also * works if the neighbours are routers too. - * - * 21/10/17, quarkysg - * - modified method signature to accept dst_entry from caller. It will be used in place of existing method logic to lookup - * destination routes, which fails when packets are policy routed. - * - * 22/12/17, quarkysg - * - changed method signature to accept sk_buff * instead, to make it more efficient. */ -static bool fast_classifier_find_dev_and_mac_addr(struct sk_buff *skb, sfe_ip_addr_t *addr, struct net_device **dev, u8 *mac_addr, bool is_v4) +static bool fast_classifier_find_dev_and_mac_addr(sfe_ip_addr_t *addr, struct net_device **dev, u8 *mac_addr, bool is_v4) { struct neighbour *neigh; struct rtable *rt; @@ -326,17 +319,6 @@ static bool fast_classifier_find_dev_and_mac_addr(struct sk_buff *skb, sfe_ip_ad struct dst_entry *dst; struct net_device *mac_dev; - /* - * If we have skb provided, use it as the original code is unable - * to lookup routes that are policy routed. - * - * quarkysg, 22/12/17 - */ - if (unlikely(skb)) { - dst = skb_dst(skb); - goto skip_dst_lookup; - } - /* * Look up the rtable entry for the IP address then get the hardware * address from its neighbour structure. This means this works when the @@ -358,25 +340,18 @@ static bool fast_classifier_find_dev_and_mac_addr(struct sk_buff *skb, sfe_ip_ad dst = (struct dst_entry *)rt6; } -skip_dst_lookup: // quarkysg, 21/10/17 rcu_read_lock(); neigh = dst_neigh_lookup(dst, addr); if (unlikely(!neigh)) { rcu_read_unlock(); - // only release dst_entry found in this method, quarkysg, 21/10/17 - if (likely(!skb)) { - dst_release(dst); - } + dst_release(dst); goto ret_fail; } if (unlikely(!(neigh->nud_state & NUD_VALID))) { rcu_read_unlock(); neigh_release(neigh); - // only release dst_entry found in this method, quarkysg, 21/10/17 - if (likely(!skb)) { - dst_release(dst); - } + dst_release(dst); goto ret_fail; } @@ -384,10 +359,7 @@ skip_dst_lookup: // quarkysg, 21/10/17 if (!mac_dev) { rcu_read_unlock(); neigh_release(neigh); - // only release dst_entry found in this method, quarkysg, 21/10/17 - if (likely(!skb)) { - dst_release(dst); - } + dst_release(dst); goto ret_fail; } @@ -397,10 +369,7 @@ skip_dst_lookup: // quarkysg, 21/10/17 *dev = mac_dev; rcu_read_unlock(); neigh_release(neigh); - // only release dst_entry found in this method, quarkysg, 21/10/17 - if (likely(!skb)) { - dst_release(dst); - } + dst_release(dst); return true; @@ -761,7 +730,7 @@ static int fast_classifier_nl_genl_msg_DUMP(struct sk_buff *skb, } /* auto offload connection once we have this many packets*/ -static int offload_at_pkts = 16; +static int offload_at_pkts = 128; /* * fast_classifier_post_routing() @@ -1049,27 +1018,26 @@ static unsigned int fast_classifier_post_routing(struct sk_buff *skb, bool is_v4 * Get the net device and MAC addresses that correspond to the various source and * destination host addresses. */ - if (!fast_classifier_find_dev_and_mac_addr(NULL, &sic.src_ip, &src_dev, sic.src_mac, is_v4)) { + if (!fast_classifier_find_dev_and_mac_addr(&sic.src_ip, &src_dev, sic.src_mac, is_v4)) { fast_classifier_incr_exceptions(FAST_CL_EXCEPTION_NO_SRC_DEV); return NF_ACCEPT; } - if (!fast_classifier_find_dev_and_mac_addr(NULL, &sic.src_ip_xlate, &dev, sic.src_mac_xlate, is_v4)) { + if (!fast_classifier_find_dev_and_mac_addr(&sic.src_ip_xlate, &dev, sic.src_mac_xlate, is_v4)) { fast_classifier_incr_exceptions(FAST_CL_EXCEPTION_NO_SRC_XLATE_DEV); goto done1; } dev_put(dev); - if (!fast_classifier_find_dev_and_mac_addr(NULL, &sic.dest_ip, &dev, sic.dest_mac, is_v4)) { + if (!fast_classifier_find_dev_and_mac_addr(&sic.dest_ip, &dev, sic.dest_mac, is_v4)) { fast_classifier_incr_exceptions(FAST_CL_EXCEPTION_NO_DEST_DEV); goto done1; } dev_put(dev); - // we pass in sk_buff(skb) to enable acceleration of policy routed packets, quarkysg, 22/12/17 - if (!fast_classifier_find_dev_and_mac_addr(skb, &sic.dest_ip_xlate, &dest_dev, sic.dest_mac_xlate, is_v4)) { + if (!fast_classifier_find_dev_and_mac_addr(&sic.dest_ip_xlate, &dest_dev, sic.dest_mac_xlate, is_v4)) { fast_classifier_incr_exceptions(FAST_CL_EXCEPTION_NO_DEST_XLATE_DEV); goto done1; } @@ -1722,7 +1690,7 @@ static int __init fast_classifier_init(void) int result = -1; size_t i, j; - printk(KERN_ALERT "fast-classifier (PBR safe v2.1b): starting up\n"); + printk(KERN_ALERT "fast-classifier: starting up\n"); DEBUG_INFO("SFE CM init\n"); hash_init(fc_conn_ht); @@ -1813,7 +1781,7 @@ static int __init fast_classifier_init(void) } #endif - printk(KERN_ALERT "fast-classifier (PBR safe v2.1b): registered\n"); + printk(KERN_ALERT "fast-classifier: registered\n"); spin_lock_init(&sc->lock); @@ -1867,7 +1835,7 @@ static void __exit fast_classifier_exit(void) int result = -1; DEBUG_INFO("SFE CM exit\n"); - printk(KERN_ALERT "fast-classifier (PBR safe v2.1b): shutting down\n"); + printk(KERN_ALERT "fast-classifier: shutting down\n"); /* * Unregister our sync callback.