From c07f003c89cc2c64330e1fbe743010960e3d7a43 Mon Sep 17 00:00:00 2001 From: lean Date: Tue, 13 Sep 2022 10:34:59 +0800 Subject: [PATCH] ipq807x: add nss ecm support from QSDK12 for 5.10 --- package/qca/nss/qca-nss-drv-64/Makefile | 2 +- package/qca/nss/qca-nss-ecm-64/Makefile | 4 +- ...se-of-static-be_liberal-and-no_windo.patch | 171 +++++++++--------- .../600-qca-nss-ecm-support-CORE.patch | 23 ++- 4 files changed, 112 insertions(+), 88 deletions(-) diff --git a/package/qca/nss/qca-nss-drv-64/Makefile b/package/qca/nss/qca-nss-drv-64/Makefile index 2d2ff5946..92631dfe0 100644 --- a/package/qca/nss/qca-nss-drv-64/Makefile +++ b/package/qca/nss/qca-nss-drv-64/Makefile @@ -7,7 +7,7 @@ PKG_SOURCE_URL:=https://git.codelinaro.org/clo/qsdk/oss/lklm/nss-drv.git PKG_SOURCE_PROTO:=git PKG_SOURCE_DATE:=2022-06-15 PKG_SOURCE_VERSION:=0bbd153ec2698a17e9dd32dd72a2c65f22b449e0 -PKG_MIRROR_HASH:=96429842f32c23ff8ce4a9ec6723770875a7b8ba6fb9c62f62a7bf9c8a3078fc +PKG_MIRROR_HASH:=0e6caadc5b31ee1c6b8c6592ac3a346337ff7daa0a2005d21603cd3625c6e2d8 PKG_BUILD_PARALLEL:=1 diff --git a/package/qca/nss/qca-nss-ecm-64/Makefile b/package/qca/nss/qca-nss-ecm-64/Makefile index ab71727e2..6484c3a07 100644 --- a/package/qca/nss/qca-nss-ecm-64/Makefile +++ b/package/qca/nss/qca-nss-ecm-64/Makefile @@ -7,7 +7,7 @@ PKG_SOURCE_URL:=https://git.codelinaro.org/clo/qsdk/oss/lklm/qca-nss-ecm.git PKG_SOURCE_PROTO:=git PKG_SOURCE_DATE:=2022-06-15 PKG_SOURCE_VERSION:=a4854db8d70ed0367556d817faa45e43b533a164 -PKG_MIRROR_HASH:=7661c6c3b137c127b9ec96aec3a05433d341c3a1db231e812d10380216b87858 +PKG_MIRROR_HASH:=073b347d6bc5fa224f7e6d5df8da3af9aa98cede0439f93ff4f2ec223580b0f6 PKG_BUILD_PARALLEL:=1 @@ -19,7 +19,7 @@ define KernelPackage/qca-nss-ecm-64 CATEGORY:=Kernel modules SUBMENU:=Network Support DEPENDS:=@(TARGET_ipq807x||TARGET_ipq60xx) \ - +kmod-qca-nss-drv \ + +kmod-qca-nss-drv-64 \ +iptables-mod-extra \ +kmod-ipt-conntrack \ +kmod-ipt-physdev \ diff --git a/package/qca/nss/qca-nss-ecm-64/patches/0008-frontends-drop-use-of-static-be_liberal-and-no_windo.patch b/package/qca/nss/qca-nss-ecm-64/patches/0008-frontends-drop-use-of-static-be_liberal-and-no_windo.patch index 9d9c75370..bf456164a 100644 --- a/package/qca/nss/qca-nss-ecm-64/patches/0008-frontends-drop-use-of-static-be_liberal-and-no_windo.patch +++ b/package/qca/nss/qca-nss-ecm-64/patches/0008-frontends-drop-use-of-static-be_liberal-and-no_windo.patch @@ -1,151 +1,156 @@ -From 15530431f3ce3273b3cfc2da356d7fb71ed48020 Mon Sep 17 00:00:00 2001 -From: Ansuel Smith -Date: Sun, 8 May 2022 16:16:34 +0200 -Subject: [PATCH 08/12] frontends: drop use of static be_liberal and - no_window_check - -Implementation changed, check these values indirectly instead of relying -on an extern EXPORT_SYMBOL. - -Signed-off-by: Ansuel Smith ---- - frontends/nss/ecm_nss_ported_ipv4.c | 14 ++++---------- - frontends/nss/ecm_nss_ported_ipv6.c | 14 ++++---------- - frontends/sfe/ecm_sfe_ported_ipv4.c | 6 ++++-- - frontends/sfe/ecm_sfe_ported_ipv6.c | 6 ++++-- - 4 files changed, 16 insertions(+), 24 deletions(-) - -diff --git a/frontends/nss/ecm_nss_ported_ipv4.c b/frontends/nss/ecm_nss_ported_ipv4.c -index ea997e3..0c4261a 100644 --- a/frontends/nss/ecm_nss_ported_ipv4.c +++ b/frontends/nss/ecm_nss_ported_ipv4.c -@@ -125,14 +125,6 @@ struct ecm_nss_ported_ipv4_connection_instance { +@@ -125,6 +125,7 @@ static int ecm_nss_ported_ipv4_accelerated_count[ECM_NSS_PORTED_IPV4_PROTO_MAX] = {0}; /* Array of Number of TCP and UDP connections currently offloaded */ - --/* -- * Expose what should be a static flag in the TCP connection tracker. -- */ --#ifdef ECM_OPENWRT_SUPPORT --extern int nf_ct_tcp_no_window_check; --#endif --extern int nf_ct_tcp_be_liberal; -- + ++ #if LINUX_VERSION_CODE < KERNEL_VERSION(5, 12, 0) + /* + * Expose what should be a static flag in the TCP connection tracker. + */ +@@ -132,6 +133,7 @@ + extern int nf_ct_tcp_no_window_check; + #endif + extern int nf_ct_tcp_be_liberal; ++#endif + /* * ecm_nss_ported_ipv4_connection_callback() - * Callback for handling create ack/nack calls. -@@ -372,6 +364,8 @@ static void ecm_nss_ported_ipv4_connection_accelerate(struct ecm_front_end_conne +@@ -372,6 +374,10 @@ uint8_t dest_mac_xlate[ETH_ALEN]; ecm_db_direction_t ecm_dir; ecm_front_end_acceleration_mode_t result_mode; ++#if LINUX_VERSION_CODE > KERNEL_VERSION(5, 12, 0) + struct net *net = nf_ct_net(ct); + struct nf_tcp_net *tn = nf_tcp_pernet(net); - ++#endif + DEBUG_CHECK_MAGIC(npci, ECM_NSS_PORTED_IPV4_CONNECTION_INSTANCE_MAGIC, "%px: magic failed", npci); - -@@ -1236,9 +1230,9 @@ static void ecm_nss_ported_ipv4_connection_accelerate(struct ecm_front_end_conne + +@@ -1236,9 +1242,17 @@ nircm->tcp_rule.return_end = ct->proto.tcp.seen[return_dir].td_end; nircm->tcp_rule.return_max_end = ct->proto.tcp.seen[return_dir].td_maxend; #ifdef ECM_OPENWRT_SUPPORT -- if (nf_ct_tcp_be_liberal || nf_ct_tcp_no_window_check -+ if (tn->tcp_be_liberal || tn->tcp_no_window_check ++#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 12, 0) + if (nf_ct_tcp_be_liberal || nf_ct_tcp_no_window_check #else -- if (nf_ct_tcp_be_liberal ++ if (tn->tcp_be_liberal || tn->tcp_no_window_check ++#endif ++#else ++#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 12, 0) + if (nf_ct_tcp_be_liberal ++#else + if (tn->tcp_be_liberal ++#endif #endif || (ct->proto.tcp.seen[flow_dir].flags & IP_CT_TCP_FLAG_BE_LIBERAL) || (ct->proto.tcp.seen[return_dir].flags & IP_CT_TCP_FLAG_BE_LIBERAL)) { -diff --git a/frontends/nss/ecm_nss_ported_ipv6.c b/frontends/nss/ecm_nss_ported_ipv6.c -index 451a557..d1b3e14 100644 --- a/frontends/nss/ecm_nss_ported_ipv6.c +++ b/frontends/nss/ecm_nss_ported_ipv6.c -@@ -125,14 +125,6 @@ struct ecm_nss_ported_ipv6_connection_instance { +@@ -125,6 +125,7 @@ static int ecm_nss_ported_ipv6_accelerated_count[ECM_NSS_PORTED_IPV6_PROTO_MAX] = {0}; /* Array of Number of TCP and UDP connections currently offloaded */ - --/* -- * Expose what should be a static flag in the TCP connection tracker. -- */ --#ifdef ECM_OPENWRT_SUPPORT --extern int nf_ct_tcp_no_window_check; --#endif --extern int nf_ct_tcp_be_liberal; -- + ++#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 12, 0) + /* + * Expose what should be a static flag in the TCP connection tracker. + */ +@@ -132,6 +133,7 @@ + extern int nf_ct_tcp_no_window_check; + #endif + extern int nf_ct_tcp_be_liberal; ++#endif + /* * ecm_nss_ported_ipv6_connection_callback() - * Callback for handling create ack/nack calls. -@@ -376,6 +368,8 @@ static void ecm_nss_ported_ipv6_connection_accelerate(struct ecm_front_end_conne +@@ -376,6 +378,10 @@ ip_addr_t src_ip; ip_addr_t dest_ip; ecm_front_end_acceleration_mode_t result_mode; ++#if LINUX_VERSION_CODE > KERNEL_VERSION(5, 12, 0) + struct net *net = nf_ct_net(ct); + struct nf_tcp_net *tn = nf_tcp_pernet(net); - ++#endif + DEBUG_CHECK_MAGIC(npci, ECM_NSS_PORTED_IPV6_CONNECTION_INSTANCE_MAGIC, "%px: magic failed", npci); - -@@ -1162,9 +1156,9 @@ static void ecm_nss_ported_ipv6_connection_accelerate(struct ecm_front_end_conne + +@@ -1162,9 +1168,17 @@ nircm->tcp_rule.return_end = ct->proto.tcp.seen[return_dir].td_end; nircm->tcp_rule.return_max_end = ct->proto.tcp.seen[return_dir].td_maxend; #ifdef ECM_OPENWRT_SUPPORT -- if (nf_ct_tcp_be_liberal || nf_ct_tcp_no_window_check -+ if (tn->tcp_be_liberal || tn->tcp_no_window_check ++#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 12, 0) + if (nf_ct_tcp_be_liberal || nf_ct_tcp_no_window_check #else -- if (nf_ct_tcp_be_liberal ++ if (tn->tcp_be_liberal || tn->tcp_no_window_check ++#endif ++#else ++#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 12, 0) + if (nf_ct_tcp_be_liberal ++#else + if (tn->tcp_be_liberal ++#endif #endif || (ct->proto.tcp.seen[flow_dir].flags & IP_CT_TCP_FLAG_BE_LIBERAL) || (ct->proto.tcp.seen[return_dir].flags & IP_CT_TCP_FLAG_BE_LIBERAL)) { -diff --git a/frontends/sfe/ecm_sfe_ported_ipv4.c b/frontends/sfe/ecm_sfe_ported_ipv4.c -index 53f5b07..ef719ec 100644 --- a/frontends/sfe/ecm_sfe_ported_ipv4.c +++ b/frontends/sfe/ecm_sfe_ported_ipv4.c -@@ -421,6 +421,8 @@ static void ecm_sfe_ported_ipv4_connecti - uint8_t dest_mac_xlate[ETH_ALEN]; +@@ -422,6 +422,10 @@ ecm_db_direction_t ecm_dir; ecm_front_end_acceleration_mode_t result_mode; -+ struct net *net = nf_ct_net(ct); -+ struct nf_tcp_net *tn = nf_tcp_pernet(net); uint32_t l2_accel_bits = (ECM_SFE_COMMON_FLOW_L2_ACCEL_ALLOWED | ECM_SFE_COMMON_RETURN_L2_ACCEL_ALLOWED); ++#if LINUX_VERSION_CODE > KERNEL_VERSION(5, 12, 0) ++ struct net *net = nf_ct_net(ct); ++ struct nf_tcp_net *tn = nf_tcp_pernet(net); ++#endif ecm_sfe_common_l2_accel_check_callback_t l2_accel_check; - -@@ -1333,9 +1335,9 @@ static void ecm_sfe_ported_ipv4_connecti + + DEBUG_CHECK_MAGIC(npci, ECM_SFE_PORTED_IPV4_CONNECTION_INSTANCE_MAGIC, "%px: magic failed", npci); +@@ -1333,9 +1337,17 @@ nircm->tcp_rule.return_end = ct->proto.tcp.seen[return_dir].td_end; nircm->tcp_rule.return_max_end = ct->proto.tcp.seen[return_dir].td_maxend; #ifdef ECM_OPENWRT_SUPPORT -- if (nf_ct_tcp_be_liberal || nf_ct_tcp_no_window_check -+ if (tn->tcp_be_liberal || tn->tcp_no_window_check) ++#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 12, 0) + if (nf_ct_tcp_be_liberal || nf_ct_tcp_no_window_check #else -- if (nf_ct_tcp_be_liberal -+ if (tn->tcp_be_liberal) ++ if (tn->tcp_be_liberal || tn->tcp_no_window_check) ++#endif ++#else ++#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 12, 0) + if (nf_ct_tcp_be_liberal ++#else ++ if (tn->tcp_be_liberal) ++#endif #endif || (ct->proto.tcp.seen[flow_dir].flags & IP_CT_TCP_FLAG_BE_LIBERAL) || (ct->proto.tcp.seen[return_dir].flags & IP_CT_TCP_FLAG_BE_LIBERAL)) { -diff --git a/frontends/sfe/ecm_sfe_ported_ipv6.c b/frontends/sfe/ecm_sfe_ported_ipv6.c -index ae04cb4..9abb563 100644 --- a/frontends/sfe/ecm_sfe_ported_ipv6.c +++ b/frontends/sfe/ecm_sfe_ported_ipv6.c -@@ -426,7 +426,9 @@ static void ecm_sfe_ported_ipv6_connecti +@@ -426,6 +426,10 @@ ip_addr_t src_ip; ip_addr_t dest_ip; ecm_front_end_acceleration_mode_t result_mode; -- uint32_t l2_accel_bits = (ECM_SFE_COMMON_FLOW_L2_ACCEL_ALLOWED | ECM_SFE_COMMON_RETURN_L2_ACCEL_ALLOWED); ++#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 12, 0) + struct net *net = nf_ct_net(ct); -+ struct nf_tcp_net *tn = nf_tcp_pernet(net); -+ uint32_t l2_accel_bits = (ECM_SFE_COMMON_FLOW_L2_ACCEL_ALLOWED | ECM_SFE_COMMON_RETURN_L2_ACCEL_ALLOWED); ++ struct nf_tcp_net *tn = nf_tcp_pernet(net); ++#endif + uint32_t l2_accel_bits = (ECM_SFE_COMMON_FLOW_L2_ACCEL_ALLOWED | ECM_SFE_COMMON_RETURN_L2_ACCEL_ALLOWED); ecm_sfe_common_l2_accel_check_callback_t l2_accel_check; - - DEBUG_CHECK_MAGIC(npci, ECM_SFE_PORTED_IPV6_CONNECTION_INSTANCE_MAGIC, "%px: magic failed", npci); -@@ -1293,9 +1295,9 @@ static void ecm_sfe_ported_ipv6_connecti + +@@ -1293,9 +1297,17 @@ nircm->tcp_rule.return_end = ct->proto.tcp.seen[return_dir].td_end; nircm->tcp_rule.return_max_end = ct->proto.tcp.seen[return_dir].td_maxend; #ifdef ECM_OPENWRT_SUPPORT -- if (nf_ct_tcp_be_liberal || nf_ct_tcp_no_window_check -+ if (tn->tcp_be_liberal || tn->tcp_no_window_check) ++#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 12, 0) + if (nf_ct_tcp_be_liberal || nf_ct_tcp_no_window_check #else -- if (nf_ct_tcp_be_liberal ++ if (tn->tcp_be_liberal || tn->tcp_no_window_check) ++#endif ++#else ++#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 12, 0) + if (nf_ct_tcp_be_liberal ++#else + if (tn->tcp_be_liberal) ++#endif #endif || (ct->proto.tcp.seen[flow_dir].flags & IP_CT_TCP_FLAG_BE_LIBERAL) || (ct->proto.tcp.seen[return_dir].flags & IP_CT_TCP_FLAG_BE_LIBERAL)) { --- -2.34.1 diff --git a/target/linux/ipq807x/patches-5.10/600-qca-nss-ecm-support-CORE.patch b/target/linux/ipq807x/patches-5.10/600-qca-nss-ecm-support-CORE.patch index c05c220d9..8a04c568e 100644 --- a/target/linux/ipq807x/patches-5.10/600-qca-nss-ecm-support-CORE.patch +++ b/target/linux/ipq807x/patches-5.10/600-qca-nss-ecm-support-CORE.patch @@ -33,7 +33,7 @@ #if IS_ENABLED(CONFIG_BRIDGE) && IS_ENABLED(CONFIG_BRIDGE_IGMP_SNOOPING) int br_multicast_list_adjacent(struct net_device *dev, -@@ -158,4 +159,41 @@ br_port_flag_is_set(const struct net_dev +@@ -158,4 +159,42 @@ br_port_flag_is_set(const struct net_dev } #endif @@ -43,6 +43,7 @@ + struct sk_buff *skb, + unsigned int cookie); +extern void br_refresh_fdb_entry(struct net_device *dev, const char *addr); ++extern void br_fdb_entry_refresh(struct net_device *dev, const char *addr, __u16 vid); +extern struct net_bridge_fdb_entry *br_fdb_has_entry(struct net_device *dev, + const char *addr, + __u16 vid); @@ -322,7 +323,7 @@ if (swdev_notify) br_switchdev_fdb_notify(br, fdb, type); -@@ -1317,3 +1379,44 @@ void br_fdb_clear_offload(const struct n +@@ -1317,3 +1379,62 @@ void br_fdb_clear_offload(const struct n spin_unlock_bh(&p->br->hash_lock); } EXPORT_SYMBOL_GPL(br_fdb_clear_offload); @@ -348,6 +349,24 @@ +} +EXPORT_SYMBOL_GPL(br_refresh_fdb_entry); + ++/* Update timestamp of FDB entries for bridge packets being forwarded by offload engines */ ++void br_fdb_entry_refresh(struct net_device *dev, const char *addr, __u16 vid) ++{ ++ struct net_bridge_fdb_entry *fdb; ++ struct net_bridge_port *p = br_port_get_rcu(dev); ++ ++ if (!p || p->state == BR_STATE_DISABLED) ++ return; ++ ++ rcu_read_lock(); ++ fdb = fdb_find_rcu(&p->br->fdb_hash_tbl, addr, vid); ++ if (likely(fdb)) { ++ fdb->updated = jiffies; ++ } ++ rcu_read_unlock(); ++} ++EXPORT_SYMBOL_GPL(br_fdb_entry_refresh); ++ +/* Look up the MAC address in the device's bridge fdb table */ +struct net_bridge_fdb_entry *br_fdb_has_entry(struct net_device *dev, + const char *addr, __u16 vid)