ipq807x: add nss ecm support from QSDK12 for 5.10

2025-04-16 04:13:31 +00:00 · 2022-09-13 10:34:59 +08:00 · 2022-09-13 10:34:59 +08:00 · c07f003c89
commit c07f003c89
parent ea55ecee06
4 changed files with 112 additions and 88 deletions
--- a/package/qca/nss/qca-nss-drv-64/Makefile
+++ b/package/qca/nss/qca-nss-drv-64/Makefile
@ -7,7 +7,7 @@ PKG_SOURCE_URL:=https://git.codelinaro.org/clo/qsdk/oss/lklm/nss-drv.git
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_DATE:=2022-06-15
 PKG_SOURCE_VERSION:=0bbd153ec2698a17e9dd32dd72a2c65f22b449e0
-PKG_MIRROR_HASH:=96429842f32c23ff8ce4a9ec6723770875a7b8ba6fb9c62f62a7bf9c8a3078fc
+PKG_MIRROR_HASH:=0e6caadc5b31ee1c6b8c6592ac3a346337ff7daa0a2005d21603cd3625c6e2d8

 PKG_BUILD_PARALLEL:=1

--- a/package/qca/nss/qca-nss-ecm-64/Makefile
+++ b/package/qca/nss/qca-nss-ecm-64/Makefile
@ -7,7 +7,7 @@ PKG_SOURCE_URL:=https://git.codelinaro.org/clo/qsdk/oss/lklm/qca-nss-ecm.git
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_DATE:=2022-06-15
 PKG_SOURCE_VERSION:=a4854db8d70ed0367556d817faa45e43b533a164
-PKG_MIRROR_HASH:=7661c6c3b137c127b9ec96aec3a05433d341c3a1db231e812d10380216b87858
+PKG_MIRROR_HASH:=073b347d6bc5fa224f7e6d5df8da3af9aa98cede0439f93ff4f2ec223580b0f6

 PKG_BUILD_PARALLEL:=1

@ -19,7 +19,7 @@ define KernelPackage/qca-nss-ecm-64
  CATEGORY:=Kernel modules
  SUBMENU:=Network Support
  DEPENDS:=@(TARGET_ipq807x||TARGET_ipq60xx) \
-  	+kmod-qca-nss-drv \
+  +kmod-qca-nss-drv-64 \
 	+iptables-mod-extra \
 	+kmod-ipt-conntrack \
 	+kmod-ipt-physdev \
--- a/package/qca/nss/qca-nss-ecm-64/patches/0008-frontends-drop-use-of-static-be_liberal-and-no_windo.patch
+++ b/package/qca/nss/qca-nss-ecm-64/patches/0008-frontends-drop-use-of-static-be_liberal-and-no_windo.patch
@ -1,151 +1,156 @@
-From 15530431f3ce3273b3cfc2da356d7fb71ed48020 Mon Sep 17 00:00:00 2001
-From: Ansuel Smith <ansuelsmth@gmail.com>
-Date: Sun, 8 May 2022 16:16:34 +0200
-Subject: [PATCH 08/12] frontends: drop use of static be_liberal and
- no_window_check
-
-Implementation changed, check these values indirectly instead of relying
-on an extern EXPORT_SYMBOL.
-
-Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
---
- frontends/nss/ecm_nss_ported_ipv4.c | 14 ++++----------
- frontends/nss/ecm_nss_ported_ipv6.c | 14 ++++----------
- frontends/sfe/ecm_sfe_ported_ipv4.c |  6 ++++--
- frontends/sfe/ecm_sfe_ported_ipv6.c |  6 ++++--
- 4 files changed, 16 insertions(+), 24 deletions(-)
-
-diff --git a/frontends/nss/ecm_nss_ported_ipv4.c b/frontends/nss/ecm_nss_ported_ipv4.c
-index ea997e3..0c4261a 100644
 --- a/frontends/nss/ecm_nss_ported_ipv4.c
 +++ b/frontends/nss/ecm_nss_ported_ipv4.c
-@@ -125,14 +125,6 @@ struct ecm_nss_ported_ipv4_connection_instance {
+@@ -125,6 +125,7 @@
 static int ecm_nss_ported_ipv4_accelerated_count[ECM_NSS_PORTED_IPV4_PROTO_MAX] = {0};
 						/* Array of Number of TCP and UDP connections currently offloaded */
 
-/*
- * Expose what should be a static flag in the TCP connection tracker.
- */
-#ifdef ECM_OPENWRT_SUPPORT
-extern int nf_ct_tcp_no_window_check;
-#endif
-extern int nf_ct_tcp_be_liberal;
-
+ #if LINUX_VERSION_CODE < KERNEL_VERSION(5, 12, 0)
+ /*
+  * Expose what should be a static flag in the TCP connection tracker.
+  */
+@@ -132,6 +133,7 @@
+ extern int nf_ct_tcp_no_window_check;
+ #endif
+ extern int nf_ct_tcp_be_liberal;
+#endif
+ 
 /*
  * ecm_nss_ported_ipv4_connection_callback()
-  *	Callback for handling create ack/nack calls.
-@@ -372,6 +364,8 @@ static void ecm_nss_ported_ipv4_connection_accelerate(struct ecm_front_end_conne
+@@ -372,6 +374,10 @@
 	uint8_t dest_mac_xlate[ETH_ALEN];
 	ecm_db_direction_t ecm_dir;
 	ecm_front_end_acceleration_mode_t result_mode;
+#if LINUX_VERSION_CODE > KERNEL_VERSION(5, 12, 0)
 +	struct net *net = nf_ct_net(ct);
 +	struct nf_tcp_net *tn = nf_tcp_pernet(net);
+#endif
 
 	DEBUG_CHECK_MAGIC(npci, ECM_NSS_PORTED_IPV4_CONNECTION_INSTANCE_MAGIC, "%px: magic failed", npci);
 
-@@ -1236,9 +1230,9 @@ static void ecm_nss_ported_ipv4_connection_accelerate(struct ecm_front_end_conne
+@@ -1236,9 +1242,17 @@
 			nircm->tcp_rule.return_end = ct->proto.tcp.seen[return_dir].td_end;
 			nircm->tcp_rule.return_max_end = ct->proto.tcp.seen[return_dir].td_maxend;
 #ifdef ECM_OPENWRT_SUPPORT
-			if (nf_ct_tcp_be_liberal || nf_ct_tcp_no_window_check
-+			if (tn->tcp_be_liberal || tn->tcp_no_window_check
+#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 12, 0)
+ 			if (nf_ct_tcp_be_liberal || nf_ct_tcp_no_window_check
 #else
-			if (nf_ct_tcp_be_liberal
+			if (tn->tcp_be_liberal || tn->tcp_no_window_check
+#endif
+#else
+#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 12, 0)
+ 			if (nf_ct_tcp_be_liberal
+#else
 +			if (tn->tcp_be_liberal
+#endif
 #endif
 					|| (ct->proto.tcp.seen[flow_dir].flags & IP_CT_TCP_FLAG_BE_LIBERAL)
 					|| (ct->proto.tcp.seen[return_dir].flags & IP_CT_TCP_FLAG_BE_LIBERAL)) {
-diff --git a/frontends/nss/ecm_nss_ported_ipv6.c b/frontends/nss/ecm_nss_ported_ipv6.c
-index 451a557..d1b3e14 100644
 --- a/frontends/nss/ecm_nss_ported_ipv6.c
 +++ b/frontends/nss/ecm_nss_ported_ipv6.c
-@@ -125,14 +125,6 @@ struct ecm_nss_ported_ipv6_connection_instance {
+@@ -125,6 +125,7 @@
 static int ecm_nss_ported_ipv6_accelerated_count[ECM_NSS_PORTED_IPV6_PROTO_MAX] = {0};
 						/* Array of Number of TCP and UDP connections currently offloaded */
 
-/*
- * Expose what should be a static flag in the TCP connection tracker.
- */
-#ifdef ECM_OPENWRT_SUPPORT
-extern int nf_ct_tcp_no_window_check;
-#endif
-extern int nf_ct_tcp_be_liberal;
-
+#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 12, 0)
+ /*
+  * Expose what should be a static flag in the TCP connection tracker.
+  */
+@@ -132,6 +133,7 @@
+ extern int nf_ct_tcp_no_window_check;
+ #endif
+ extern int nf_ct_tcp_be_liberal;
+#endif
+ 
 /*
  * ecm_nss_ported_ipv6_connection_callback()
-  *	Callback for handling create ack/nack calls.
-@@ -376,6 +368,8 @@ static void ecm_nss_ported_ipv6_connection_accelerate(struct ecm_front_end_conne
+@@ -376,6 +378,10 @@
 	ip_addr_t src_ip;
 	ip_addr_t dest_ip;
 	ecm_front_end_acceleration_mode_t result_mode;
+#if LINUX_VERSION_CODE > KERNEL_VERSION(5, 12, 0)
 +	struct net *net = nf_ct_net(ct);
 +	struct nf_tcp_net *tn = nf_tcp_pernet(net);
+#endif
 
 	DEBUG_CHECK_MAGIC(npci, ECM_NSS_PORTED_IPV6_CONNECTION_INSTANCE_MAGIC, "%px: magic failed", npci);
 
-@@ -1162,9 +1156,9 @@ static void ecm_nss_ported_ipv6_connection_accelerate(struct ecm_front_end_conne
+@@ -1162,9 +1168,17 @@
 			nircm->tcp_rule.return_end = ct->proto.tcp.seen[return_dir].td_end;
 			nircm->tcp_rule.return_max_end = ct->proto.tcp.seen[return_dir].td_maxend;
 #ifdef ECM_OPENWRT_SUPPORT
-			if (nf_ct_tcp_be_liberal || nf_ct_tcp_no_window_check
-+			if (tn->tcp_be_liberal || tn->tcp_no_window_check
+#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 12, 0)
+ 			if (nf_ct_tcp_be_liberal || nf_ct_tcp_no_window_check
 #else
-			if (nf_ct_tcp_be_liberal
+			if (tn->tcp_be_liberal || tn->tcp_no_window_check
+#endif
+#else
+#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 12, 0)
+ 			if (nf_ct_tcp_be_liberal
+#else
 +			if (tn->tcp_be_liberal
+#endif
 #endif
 					|| (ct->proto.tcp.seen[flow_dir].flags & IP_CT_TCP_FLAG_BE_LIBERAL)
 					|| (ct->proto.tcp.seen[return_dir].flags & IP_CT_TCP_FLAG_BE_LIBERAL)) {
-diff --git a/frontends/sfe/ecm_sfe_ported_ipv4.c b/frontends/sfe/ecm_sfe_ported_ipv4.c
-index 53f5b07..ef719ec 100644
 --- a/frontends/sfe/ecm_sfe_ported_ipv4.c
 +++ b/frontends/sfe/ecm_sfe_ported_ipv4.c
-@@ -421,6 +421,8 @@ static void ecm_sfe_ported_ipv4_connecti
- 	uint8_t dest_mac_xlate[ETH_ALEN];
+@@ -422,6 +422,10 @@
 	ecm_db_direction_t ecm_dir;
 	ecm_front_end_acceleration_mode_t result_mode;
+ 	uint32_t l2_accel_bits = (ECM_SFE_COMMON_FLOW_L2_ACCEL_ALLOWED | ECM_SFE_COMMON_RETURN_L2_ACCEL_ALLOWED);
+#if LINUX_VERSION_CODE > KERNEL_VERSION(5, 12, 0)
 +	struct net *net = nf_ct_net(ct);
 +	struct nf_tcp_net *tn = nf_tcp_pernet(net);
- 	uint32_t l2_accel_bits = (ECM_SFE_COMMON_FLOW_L2_ACCEL_ALLOWED | ECM_SFE_COMMON_RETURN_L2_ACCEL_ALLOWED);
+#endif
 	ecm_sfe_common_l2_accel_check_callback_t l2_accel_check;
 
-@@ -1333,9 +1335,9 @@ static void ecm_sfe_ported_ipv4_connecti
+ 	DEBUG_CHECK_MAGIC(npci, ECM_SFE_PORTED_IPV4_CONNECTION_INSTANCE_MAGIC, "%px: magic failed", npci);
+@@ -1333,9 +1337,17 @@
 			nircm->tcp_rule.return_end = ct->proto.tcp.seen[return_dir].td_end;
 			nircm->tcp_rule.return_max_end = ct->proto.tcp.seen[return_dir].td_maxend;
 #ifdef ECM_OPENWRT_SUPPORT
-			if (nf_ct_tcp_be_liberal || nf_ct_tcp_no_window_check
-+           if (tn->tcp_be_liberal || tn->tcp_no_window_check)
+#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 12, 0)
+ 			if (nf_ct_tcp_be_liberal || nf_ct_tcp_no_window_check
 #else
-			if (nf_ct_tcp_be_liberal
+			if (tn->tcp_be_liberal || tn->tcp_no_window_check)
+#endif
+#else
+#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 12, 0)
+ 			if (nf_ct_tcp_be_liberal
+#else
 +			if (tn->tcp_be_liberal)
+#endif
 #endif
 					|| (ct->proto.tcp.seen[flow_dir].flags & IP_CT_TCP_FLAG_BE_LIBERAL)
 					|| (ct->proto.tcp.seen[return_dir].flags & IP_CT_TCP_FLAG_BE_LIBERAL)) {
-diff --git a/frontends/sfe/ecm_sfe_ported_ipv6.c b/frontends/sfe/ecm_sfe_ported_ipv6.c
-index ae04cb4..9abb563 100644
 --- a/frontends/sfe/ecm_sfe_ported_ipv6.c
 +++ b/frontends/sfe/ecm_sfe_ported_ipv6.c
-@@ -426,7 +426,9 @@ static void ecm_sfe_ported_ipv6_connecti
+@@ -426,6 +426,10 @@
 	ip_addr_t src_ip;
 	ip_addr_t dest_ip;
 	ecm_front_end_acceleration_mode_t result_mode;
-	uint32_t l2_accel_bits = (ECM_SFE_COMMON_FLOW_L2_ACCEL_ALLOWED | ECM_SFE_COMMON_RETURN_L2_ACCEL_ALLOWED);
+#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 12, 0)
 +	struct net *net = nf_ct_net(ct);
 +	struct nf_tcp_net *tn = nf_tcp_pernet(net);
-+   uint32_t l2_accel_bits = (ECM_SFE_COMMON_FLOW_L2_ACCEL_ALLOWED | ECM_SFE_COMMON_RETURN_L2_ACCEL_ALLOWED);
+#endif
+ 	uint32_t l2_accel_bits = (ECM_SFE_COMMON_FLOW_L2_ACCEL_ALLOWED | ECM_SFE_COMMON_RETURN_L2_ACCEL_ALLOWED);
 	ecm_sfe_common_l2_accel_check_callback_t l2_accel_check;
 
- 	DEBUG_CHECK_MAGIC(npci, ECM_SFE_PORTED_IPV6_CONNECTION_INSTANCE_MAGIC, "%px: magic failed", npci);
-@@ -1293,9 +1295,9 @@ static void ecm_sfe_ported_ipv6_connecti
+@@ -1293,9 +1297,17 @@
 			nircm->tcp_rule.return_end = ct->proto.tcp.seen[return_dir].td_end;
 			nircm->tcp_rule.return_max_end = ct->proto.tcp.seen[return_dir].td_maxend;
 #ifdef ECM_OPENWRT_SUPPORT
-			if (nf_ct_tcp_be_liberal || nf_ct_tcp_no_window_check
-+           if (tn->tcp_be_liberal || tn->tcp_no_window_check)
+#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 12, 0)
+ 			if (nf_ct_tcp_be_liberal || nf_ct_tcp_no_window_check
 #else
-			if (nf_ct_tcp_be_liberal
+			if (tn->tcp_be_liberal || tn->tcp_no_window_check)
+#endif
+#else
+#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 12, 0)
+ 			if (nf_ct_tcp_be_liberal
+#else
 +			if (tn->tcp_be_liberal)
+#endif
 #endif
 					|| (ct->proto.tcp.seen[flow_dir].flags & IP_CT_TCP_FLAG_BE_LIBERAL)
 					|| (ct->proto.tcp.seen[return_dir].flags & IP_CT_TCP_FLAG_BE_LIBERAL)) {
--
-2.34.1
--- a/target/linux/ipq807x/patches-5.10/600-qca-nss-ecm-support-CORE.patch
+++ b/target/linux/ipq807x/patches-5.10/600-qca-nss-ecm-support-CORE.patch
@ -33,7 +33,7 @@
 
 #if IS_ENABLED(CONFIG_BRIDGE) && IS_ENABLED(CONFIG_BRIDGE_IGMP_SNOOPING)
 int br_multicast_list_adjacent(struct net_device *dev,
-@@ -158,4 +159,41 @@ br_port_flag_is_set(const struct net_dev
+@@ -158,4 +159,42 @@ br_port_flag_is_set(const struct net_dev
 }
 #endif
 
@ -43,6 +43,7 @@
 +					  struct sk_buff *skb,
 +					  unsigned int cookie);
 +extern void br_refresh_fdb_entry(struct net_device *dev, const char *addr);
+extern void br_fdb_entry_refresh(struct net_device *dev, const char *addr, __u16 vid);
 +extern struct net_bridge_fdb_entry *br_fdb_has_entry(struct net_device *dev,
 +						     const char *addr,
 +						     __u16 vid);
@ -322,7 +323,7 @@
 	if (swdev_notify)
 		br_switchdev_fdb_notify(br, fdb, type);
 
-@@ -1317,3 +1379,44 @@ void br_fdb_clear_offload(const struct n
+@@ -1317,3 +1379,62 @@ void br_fdb_clear_offload(const struct n
 	spin_unlock_bh(&p->br->hash_lock);
 }
 EXPORT_SYMBOL_GPL(br_fdb_clear_offload);
@ -348,6 +349,24 @@
 +}
 +EXPORT_SYMBOL_GPL(br_refresh_fdb_entry);
 +
+/* Update timestamp of FDB entries for bridge packets being forwarded by offload engines */
+void br_fdb_entry_refresh(struct net_device *dev, const char *addr, __u16 vid)
+{
+	struct net_bridge_fdb_entry *fdb;
+	struct net_bridge_port *p = br_port_get_rcu(dev);
+
+	if (!p || p->state == BR_STATE_DISABLED)
+		return;
+
+	rcu_read_lock();
+	fdb = fdb_find_rcu(&p->br->fdb_hash_tbl, addr, vid);
+	if (likely(fdb)) {
+		fdb->updated = jiffies;
+	}
+	rcu_read_unlock();
+}
+EXPORT_SYMBOL_GPL(br_fdb_entry_refresh);
+
 +/* Look up the MAC address in the device's bridge fdb table */
 +struct net_bridge_fdb_entry *br_fdb_has_entry(struct net_device *dev,
 +					      const char *addr, __u16 vid)