From b40baddcfe71f8b4bb45c2b7dfa19440e0ee4d5f Mon Sep 17 00:00:00 2001 From: Tianling Shen Date: Mon, 28 Jun 2021 10:30:57 +0800 Subject: [PATCH] kernel: 5.10: re-add shortcut-fe patch (#7204) * kernel: 5.10: re-add shortcut-fe patch Signed-off-by: Tianling Shen * ipq807x: compat with SFE patch Patch for ECM support includes some stuff provided by the one for sfe alreadly, simply remove these duplicated parts. Signed-off-by: Tianling Shen * qca-nss-ecm: rework netfilter conntrack notification Signed-off-by: Tianling Shen --- package/lean/luci-app-sfe/Makefile | 2 +- package/nss/qca/qca-nss-ecm/Makefile | 2 +- ...-linux-kernel-to-support-shortcut-fe.patch | 252 ++++++++++++++++++ .../600-qca-nss-ecm-support-CORE.patch | 48 +--- 4 files changed, 268 insertions(+), 36 deletions(-) create mode 100644 target/linux/generic/hack-5.10/953-net-patch-linux-kernel-to-support-shortcut-fe.patch diff --git a/package/lean/luci-app-sfe/Makefile b/package/lean/luci-app-sfe/Makefile index 1f2fa2683..7320a8366 100644 --- a/package/lean/luci-app-sfe/Makefile +++ b/package/lean/luci-app-sfe/Makefile @@ -6,7 +6,7 @@ include $(TOPDIR)/rules.mk LUCI_TITLE:=LuCI support for Turbo ACC (SFE) -LUCI_DEPENDS:=@!LINUX_5_10 +kmod-fast-classifier +pdnsd-alt +kmod-tcp-bbr +LUCI_DEPENDS:=+kmod-fast-classifier +pdnsd-alt +kmod-tcp-bbr LUCI_PKGARCH:=all PKG_VERSION:=1.0 PKG_RELEASE:=13 diff --git a/package/nss/qca/qca-nss-ecm/Makefile b/package/nss/qca/qca-nss-ecm/Makefile index 1ebb32917..79d771853 100644 --- a/package/nss/qca/qca-nss-ecm/Makefile +++ b/package/nss/qca/qca-nss-ecm/Makefile @@ -30,7 +30,7 @@ define KernelPackage/qca-nss-ecm FILES:=$(PKG_BUILD_DIR)/*.ko KCONFIG:=CONFIG_BRIDGE_NETFILTER=y \ CONFIG_NF_CONNTRACK_EVENTS=y \ - CONFIG_NF_CONNTRACK_CHAIN_EVENTS=n \ + CONFIG_NF_CONNTRACK_CHAIN_EVENTS=y \ CONFIG_NF_CONNTRACK_DSCPREMARK_EXT=n endef diff --git a/target/linux/generic/hack-5.10/953-net-patch-linux-kernel-to-support-shortcut-fe.patch b/target/linux/generic/hack-5.10/953-net-patch-linux-kernel-to-support-shortcut-fe.patch new file mode 100644 index 000000000..d952c8fae --- /dev/null +++ b/target/linux/generic/hack-5.10/953-net-patch-linux-kernel-to-support-shortcut-fe.patch @@ -0,0 +1,252 @@ +--- a/include/linux/if_bridge.h ++++ b/include/linux/if_bridge.h +@@ -61,6 +61,9 @@ struct br_ip_list { + + extern void brioctl_set(int (*ioctl_hook)(struct net *, unsigned int, void __user *)); + ++extern void br_dev_update_stats(struct net_device *dev, ++ struct rtnl_link_stats64 *nlstats); ++ + #if IS_ENABLED(CONFIG_BRIDGE) && IS_ENABLED(CONFIG_BRIDGE_IGMP_SNOOPING) + int br_multicast_list_adjacent(struct net_device *dev, + struct list_head *br_ip_list); +--- a/include/linux/skbuff.h ++++ b/include/linux/skbuff.h +@@ -860,6 +860,10 @@ struct sk_buff { + #endif + __u8 gro_skip:1; + ++#ifdef CONFIG_SHORTCUT_FE ++ __u8 fast_forwarded:1; ++#endif ++ + #ifdef CONFIG_NET_SCHED + __u16 tc_index; /* traffic control index */ + #endif +--- a/include/linux/timer.h ++++ b/include/linux/timer.h +@@ -18,6 +18,10 @@ struct timer_list { + void (*function)(struct timer_list *); + u32 flags; + ++#ifdef CONFIG_SHORTCUT_FE ++ unsigned long cust_data; ++#endif ++ + #ifdef CONFIG_LOCKDEP + struct lockdep_map lockdep_map; + #endif +--- a/include/net/netfilter/nf_conntrack_ecache.h ++++ b/include/net/netfilter/nf_conntrack_ecache.h +@@ -75,6 +75,8 @@ struct nf_ct_event { + #ifdef CONFIG_NF_CONNTRACK_CHAIN_EVENTS + extern int nf_conntrack_register_notifier(struct net *net, struct notifier_block *nb); + extern int nf_conntrack_unregister_notifier(struct net *net, struct notifier_block *nb); ++extern int nf_conntrack_register_chain_notifier(struct net *net, struct notifier_block *nb); ++extern int nf_conntrack_unregister_chain_notifier(struct net *net, struct notifier_block *nb); + #else + struct nf_ct_event_notifier { + int (*fcn)(unsigned int events, struct nf_ct_event *item); +--- a/net/bridge/br_if.c ++++ b/net/bridge/br_if.c +@@ -762,6 +762,28 @@ void br_port_flags_change(struct net_bri + br_recalculate_neigh_suppress_enabled(br); + } + ++void br_dev_update_stats(struct net_device *dev, ++ struct rtnl_link_stats64 *nlstats) ++{ ++ struct net_bridge *br; ++ struct pcpu_sw_netstats *stats; ++ ++ /* Is this a bridge? */ ++ if (!(dev->priv_flags & IFF_EBRIDGE)) ++ return; ++ ++ br = netdev_priv(dev); ++ stats = this_cpu_ptr(br->stats); ++ ++ u64_stats_update_begin(&stats->syncp); ++ stats->rx_packets += nlstats->rx_packets; ++ stats->rx_bytes += nlstats->rx_bytes; ++ stats->tx_packets += nlstats->tx_packets; ++ stats->tx_bytes += nlstats->tx_bytes; ++ u64_stats_update_end(&stats->syncp); ++} ++EXPORT_SYMBOL_GPL(br_dev_update_stats); ++ + bool br_port_flag_is_set(const struct net_device *dev, unsigned long flag) + { + struct net_bridge_port *p; +--- a/net/core/dev.c ++++ b/net/core/dev.c +@@ -3623,8 +3623,17 @@ static int xmit_one(struct sk_buff *skb, + unsigned int len; + int rc; + ++#ifdef CONFIG_SHORTCUT_FE ++ /* If this skb has been fast forwarded then we don't want it to ++ * go to any taps (by definition we're trying to bypass them). ++ */ ++ if (!skb->fast_forwarded) { ++#endif + if (dev_nit_active(dev)) + dev_queue_xmit_nit(skb, dev); ++#ifdef CONFIG_SHORTCUT_FE ++ } ++#endif + + len = skb->len; + PRANDOM_ADD_NOISE(skb, dev, txq, len + jiffies); +@@ -5147,6 +5156,11 @@ void netdev_rx_handler_unregister(struct + } + EXPORT_SYMBOL_GPL(netdev_rx_handler_unregister); + ++#ifdef CONFIG_SHORTCUT_FE ++int (*athrs_fast_nat_recv)(struct sk_buff *skb) __rcu __read_mostly; ++EXPORT_SYMBOL_GPL(athrs_fast_nat_recv); ++#endif ++ + /* + * Limit the use of PFMEMALLOC reserves to those protocols that implement + * the special handling of PFMEMALLOC skbs. +@@ -5195,6 +5209,10 @@ static int __netif_receive_skb_core(stru + int ret = NET_RX_DROP; + __be16 type; + ++#ifdef CONFIG_SHORTCUT_FE ++ int (*fast_recv)(struct sk_buff *skb); ++#endif ++ + net_timestamp_check(!netdev_tstamp_prequeue, skb); + + trace_netif_receive_skb(skb); +@@ -5234,6 +5252,16 @@ another_round: + goto out; + } + ++#ifdef CONFIG_SHORTCUT_FE ++ fast_recv = rcu_dereference(athrs_fast_nat_recv); ++ if (fast_recv) { ++ if (fast_recv(skb)) { ++ ret = NET_RX_SUCCESS; ++ goto out; ++ } ++ } ++#endif ++ + if (skb_skip_tc_classify(skb)) + goto skip_classify; + +--- a/net/Kconfig ++++ b/net/Kconfig +@@ -475,3 +475,6 @@ config HAVE_CBPF_JIT + # Extended BPF JIT (eBPF) + config HAVE_EBPF_JIT + bool ++ ++config SHORTCUT_FE ++ bool "Enables kernel network stack path for Shortcut Forwarding Engine +--- a/net/netfilter/nf_conntrack_proto_tcp.c ++++ b/net/netfilter/nf_conntrack_proto_tcp.c +@@ -34,11 +34,19 @@ + /* Do not check the TCP window for incoming packets */ + static int nf_ct_tcp_no_window_check __read_mostly = 1; + ++#ifdef CONFIG_SHORTCUT_FE ++EXPORT_SYMBOL_GPL(nf_ct_tcp_no_window_check); ++#endif ++ + /* "Be conservative in what you do, + be liberal in what you accept from others." + If it's non-zero, we mark only out of window RST segments as INVALID. */ + static int nf_ct_tcp_be_liberal __read_mostly = 0; + ++#ifdef CONFIG_SHORTCUT_FE ++EXPORT_SYMBOL_GPL(nf_ct_tcp_be_liberal); ++#endif ++ + /* If it is set to zero, we disable picking up already established + connections. */ + static int nf_ct_tcp_loose __read_mostly = 1; +--- a/net/netfilter/nf_conntrack_ecache.c ++++ b/net/netfilter/nf_conntrack_ecache.c +@@ -171,7 +171,11 @@ int nf_conntrack_eventmask_report(unsign + + rcu_read_lock(); + notify = rcu_dereference(net->ct.nf_conntrack_event_cb); ++#ifdef CONFIG_NF_CONNTRACK_CHAIN_EVENTS ++ if (!notify && !rcu_dereference_raw(net->ct.nf_conntrack_chain.head)) ++#else + if (!notify) ++#endif + goto out_unlock; + + e = nf_ct_ecache_find(ct); +@@ -190,7 +194,14 @@ int nf_conntrack_eventmask_report(unsign + if (!((eventmask | missed) & e->ctmask)) + goto out_unlock; + ++#ifdef CONFIG_NF_CONNTRACK_CHAIN_EVENTS ++ ret = atomic_notifier_call_chain(&net->ct.nf_conntrack_chain, ++ eventmask | missed, &item); ++ if (notify) ++ ret = notify->fcn(eventmask | missed, &item); ++#else + ret = notify->fcn(eventmask | missed, &item); ++#endif + if (unlikely(ret < 0 || missed)) { + spin_lock_bh(&ct->lock); + if (ret < 0) { +@@ -272,7 +283,11 @@ void nf_ct_deliver_cached_events(struct + + rcu_read_lock(); + notify = rcu_dereference(net->ct.nf_conntrack_event_cb); ++#ifdef CONFIG_NF_CONNTRACK_CHAIN_EVENTS ++ if ((notify == NULL) && !rcu_dereference_raw(net->ct.nf_conntrack_chain.head)) ++#else + if (notify == NULL) ++#endif + goto out_unlock; + + if (!nf_ct_is_confirmed(ct) || nf_ct_is_dying(ct)) +@@ -296,7 +311,15 @@ void nf_ct_deliver_cached_events(struct + item.portid = 0; + item.report = 0; + ++#ifdef CONFIG_NF_CONNTRACK_CHAIN_EVENTS ++ ret = atomic_notifier_call_chain(&net->ct.nf_conntrack_chain, ++ events | missed, ++ &item); ++ if (notify != NULL) ++ ret = notify->fcn(events | missed, &item); ++#else + ret = notify->fcn(events | missed, &item); ++#endif + + if (likely(ret == 0 && !missed)) + goto out_unlock; +@@ -350,6 +373,11 @@ int nf_conntrack_register_notifier(struc + { + return atomic_notifier_chain_register(&net->ct.nf_conntrack_chain, nb); + } ++int nf_conntrack_register_chain_notifier(struct net *net, struct notifier_block *nb) ++{ ++ return atomic_notifier_chain_register(&net->ct.nf_conntrack_chain, nb); ++} ++EXPORT_SYMBOL_GPL(nf_conntrack_register_chain_notifier); + #else + int nf_conntrack_register_notifier(struct net *net, + struct nf_ct_event_notifier *new) +@@ -379,6 +407,11 @@ int nf_conntrack_unregister_notifier(str + { + return atomic_notifier_chain_unregister(&net->ct.nf_conntrack_chain, nb); + } ++int nf_conntrack_unregister_chain_notifier(struct net *net, struct notifier_block *nb) ++{ ++ return atomic_notifier_chain_unregister(&net->ct.nf_conntrack_chain, nb); ++} ++EXPORT_SYMBOL_GPL(nf_conntrack_unregister_chain_notifier); + #else + void nf_conntrack_unregister_notifier(struct net *net, + struct nf_ct_event_notifier *new) diff --git a/target/linux/ipq807x/patches-5.10/600-qca-nss-ecm-support-CORE.patch b/target/linux/ipq807x/patches-5.10/600-qca-nss-ecm-support-CORE.patch index a0931ff52..99d5f6e8d 100644 --- a/target/linux/ipq807x/patches-5.10/600-qca-nss-ecm-support-CORE.patch +++ b/target/linux/ipq807x/patches-5.10/600-qca-nss-ecm-support-CORE.patch @@ -1,35 +1,39 @@ --- a/net/netfilter/nf_conntrack_proto_tcp.c +++ b/net/netfilter/nf_conntrack_proto_tcp.c -@@ -32,12 +32,14 @@ +@@ -32,20 +32,14 @@ #include /* Do not check the TCP window for incoming packets */ -static int nf_ct_tcp_no_window_check __read_mostly = 1; +- +-#ifdef CONFIG_SHORTCUT_FE +int nf_ct_tcp_no_window_check __read_mostly = 1; -+EXPORT_SYMBOL_GPL(nf_ct_tcp_no_window_check); + EXPORT_SYMBOL_GPL(nf_ct_tcp_no_window_check); +-#endif /* "Be conservative in what you do, be liberal in what you accept from others." If it's non-zero, we mark only out of window RST segments as INVALID. */ -static int nf_ct_tcp_be_liberal __read_mostly = 0; +- +-#ifdef CONFIG_SHORTCUT_FE +int nf_ct_tcp_be_liberal __read_mostly = 0; -+EXPORT_SYMBOL_GPL(nf_ct_tcp_be_liberal); + EXPORT_SYMBOL_GPL(nf_ct_tcp_be_liberal); +-#endif /* If it is set to zero, we disable picking up already established connections. */ --- a/include/linux/if_bridge.h +++ b/include/linux/if_bridge.h -@@ -60,6 +60,9 @@ struct br_ip_list { - #define BR_DEFAULT_AGEING_TIME (300 * HZ) +@@ -63,6 +63,7 @@ extern void brioctl_set(int (*ioctl_hook - extern void brioctl_set(int (*ioctl_hook)(struct net *, unsigned int, void __user *)); -+extern void br_dev_update_stats(struct net_device *dev, -+ struct rtnl_link_stats64 *nlstats); + extern void br_dev_update_stats(struct net_device *dev, + struct rtnl_link_stats64 *nlstats); +extern bool br_is_hairpin_enabled(struct net_device *dev); #if IS_ENABLED(CONFIG_BRIDGE) && IS_ENABLED(CONFIG_BRIDGE_IGMP_SNOOPING) int br_multicast_list_adjacent(struct net_device *dev, -@@ -155,4 +158,41 @@ br_port_flag_is_set(const struct net_dev +@@ -158,4 +159,41 @@ br_port_flag_is_set(const struct net_dev } #endif @@ -396,35 +400,11 @@ /* Since more than one interface can be attached to a bridge, * there still maybe an alternate path for netconsole to use; * therefore there is no reason for a NETDEV_RELEASE event. -@@ -773,3 +783,98 @@ bool br_port_flag_is_set(const struct ne +@@ -795,3 +805,74 @@ bool br_port_flag_is_set(const struct ne return p->flags & flag; } EXPORT_SYMBOL_GPL(br_port_flag_is_set); + -+/* QCA NSS ECM support - Start */ -+/* Update bridge statistics for bridge packets processed by offload engines */ -+void br_dev_update_stats(struct net_device *dev, -+ struct rtnl_link_stats64 *nlstats) -+{ -+ struct net_bridge *br; -+ struct pcpu_sw_netstats *stats; -+ -+ /* Is this a bridge? */ -+ if (!(dev->priv_flags & IFF_EBRIDGE)) -+ return; -+ -+ br = netdev_priv(dev); -+ stats = this_cpu_ptr(br->stats); -+ -+ u64_stats_update_begin(&stats->syncp); -+ stats->rx_packets += nlstats->rx_packets; -+ stats->rx_bytes += nlstats->rx_bytes; -+ stats->tx_packets += nlstats->tx_packets; -+ stats->tx_bytes += nlstats->tx_bytes; -+ u64_stats_update_end(&stats->syncp); -+} -+EXPORT_SYMBOL_GPL(br_dev_update_stats); -+ +/* API to know if hairpin feature is enabled/disabled on this bridge port */ +bool br_is_hairpin_enabled(struct net_device *dev) +{