mirror of
https://github.com/coolsnowwolf/lede.git
synced 2025-04-16 04:13:31 +00:00
1277 lines
48 KiB
Diff
1277 lines
48 KiB
Diff
--- a/ecm_classifier_default.c
|
|
+++ b/ecm_classifier_default.c
|
|
@@ -42,7 +42,6 @@
|
|
#include <net/netfilter/nf_conntrack.h>
|
|
#include <net/netfilter/nf_conntrack_helper.h>
|
|
#include <net/netfilter/nf_conntrack_l4proto.h>
|
|
-#include <net/netfilter/nf_conntrack_l3proto.h>
|
|
#include <net/netfilter/nf_conntrack_core.h>
|
|
#include <net/netfilter/ipv4/nf_conntrack_ipv4.h>
|
|
#include <net/netfilter/ipv4/nf_defrag_ipv4.h>
|
|
--- a/ecm_classifier_dscp.c
|
|
+++ b/ecm_classifier_dscp.c
|
|
@@ -41,7 +41,6 @@
|
|
#include <net/netfilter/nf_conntrack.h>
|
|
#include <net/netfilter/nf_conntrack_helper.h>
|
|
#include <net/netfilter/nf_conntrack_l4proto.h>
|
|
-#include <net/netfilter/nf_conntrack_l3proto.h>
|
|
#include <net/netfilter/nf_conntrack_core.h>
|
|
#include <net/netfilter/ipv4/nf_conntrack_ipv4.h>
|
|
#include <net/netfilter/ipv4/nf_defrag_ipv4.h>
|
|
--- a/ecm_classifier_hyfi.c
|
|
+++ b/ecm_classifier_hyfi.c
|
|
@@ -41,7 +41,6 @@
|
|
#include <net/netfilter/nf_conntrack.h>
|
|
#include <net/netfilter/nf_conntrack_helper.h>
|
|
#include <net/netfilter/nf_conntrack_l4proto.h>
|
|
-#include <net/netfilter/nf_conntrack_l3proto.h>
|
|
#include <net/netfilter/nf_conntrack_core.h>
|
|
#include <net/netfilter/ipv4/nf_conntrack_ipv4.h>
|
|
#include <net/netfilter/ipv4/nf_defrag_ipv4.h>
|
|
--- a/ecm_classifier_nl.c
|
|
+++ b/ecm_classifier_nl.c
|
|
@@ -41,7 +41,6 @@
|
|
#include <net/netfilter/nf_conntrack.h>
|
|
#include <net/netfilter/nf_conntrack_helper.h>
|
|
#include <net/netfilter/nf_conntrack_l4proto.h>
|
|
-#include <net/netfilter/nf_conntrack_l3proto.h>
|
|
#if (LINUX_VERSION_CODE <= KERNEL_VERSION(4, 2, 0))
|
|
#include <net/netfilter/nf_conntrack_zones.h>
|
|
#else
|
|
@@ -146,12 +145,42 @@ static struct genl_multicast_group ecm_c
|
|
},
|
|
};
|
|
|
|
+static int ecm_classifier_nl_genl_msg_ACCEL(struct sk_buff *skb, struct genl_info *info);
|
|
+static int ecm_classifier_nl_genl_msg_DUMP(struct sk_buff *skb, struct netlink_callback *cb);
|
|
+
|
|
+/*
|
|
+ * Generic Netlink message-to-handler mapping
|
|
+ */
|
|
+static struct genl_ops ecm_cl_nl_genl_ops[] = {
|
|
+ {
|
|
+ .cmd = ECM_CL_NL_GENL_CMD_ACCEL,
|
|
+ .flags = 0,
|
|
+ .doit = ecm_classifier_nl_genl_msg_ACCEL,
|
|
+ .dumpit = NULL,
|
|
+ },
|
|
+ {
|
|
+ .cmd = ECM_CL_NL_GENL_CMD_ACCEL_OK,
|
|
+ .flags = 0,
|
|
+ .doit = NULL,
|
|
+ .dumpit = ecm_classifier_nl_genl_msg_DUMP,
|
|
+ },
|
|
+ {
|
|
+ .cmd = ECM_CL_NL_GENL_CMD_CONNECTION_CLOSED,
|
|
+ .flags = 0,
|
|
+ .doit = NULL,
|
|
+ .dumpit = ecm_classifier_nl_genl_msg_DUMP,
|
|
+ },
|
|
+};
|
|
+
|
|
static struct genl_family ecm_cl_nl_genl_family = {
|
|
- .id = GENL_ID_GENERATE,
|
|
.hdrsize = 0,
|
|
.name = ECM_CL_NL_GENL_NAME,
|
|
.version = ECM_CL_NL_GENL_VERSION,
|
|
.maxattr = ECM_CL_NL_GENL_ATTR_MAX,
|
|
+ .ops = ecm_cl_nl_genl_ops,
|
|
+ .n_ops = ARRAY_SIZE(ecm_cl_nl_genl_ops),
|
|
+ .mcgrps = ecm_cl_nl_genl_mcgrp,
|
|
+ .n_mcgrps = ARRAY_SIZE(ecm_cl_nl_genl_mcgrp),
|
|
};
|
|
|
|
/*
|
|
@@ -215,12 +244,7 @@ ecm_classifier_nl_send_genl_msg(enum ECM
|
|
return ret;
|
|
}
|
|
|
|
- ret = genlmsg_end(skb, msg_head);
|
|
- if (ret < 0) {
|
|
- DEBUG_WARN("failed to finalize genl msg: %d\n", ret);
|
|
- nlmsg_free(skb);
|
|
- return ret;
|
|
- }
|
|
+ genlmsg_end(skb, msg_head);
|
|
|
|
/* genlmsg_multicast frees the skb in both success and error cases */
|
|
#if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 13, 0)
|
|
@@ -1377,85 +1401,14 @@ static struct file_operations ecm_classi
|
|
.write = ecm_classifier_nl_set_command,
|
|
};
|
|
|
|
-/*
|
|
- * Generic Netlink attr checking policies
|
|
- */
|
|
-static struct nla_policy
|
|
-ecm_cl_nl_genl_policy[ECM_CL_NL_GENL_ATTR_COUNT] = {
|
|
- [ECM_CL_NL_GENL_ATTR_TUPLE] = {
|
|
- .type = NLA_UNSPEC,
|
|
- .len = sizeof(struct ecm_cl_nl_genl_attr_tuple), },
|
|
-};
|
|
-
|
|
-/*
|
|
- * Generic Netlink message-to-handler mapping
|
|
- */
|
|
-static struct genl_ops ecm_cl_nl_genl_ops[] = {
|
|
- {
|
|
- .cmd = ECM_CL_NL_GENL_CMD_ACCEL,
|
|
- .flags = 0,
|
|
- .policy = ecm_cl_nl_genl_policy,
|
|
- .doit = ecm_classifier_nl_genl_msg_ACCEL,
|
|
- .dumpit = NULL,
|
|
- },
|
|
- {
|
|
- .cmd = ECM_CL_NL_GENL_CMD_ACCEL_OK,
|
|
- .flags = 0,
|
|
- .policy = ecm_cl_nl_genl_policy,
|
|
- .doit = NULL,
|
|
- .dumpit = ecm_classifier_nl_genl_msg_DUMP,
|
|
- },
|
|
- {
|
|
- .cmd = ECM_CL_NL_GENL_CMD_CONNECTION_CLOSED,
|
|
- .flags = 0,
|
|
- .policy = ecm_cl_nl_genl_policy,
|
|
- .doit = NULL,
|
|
- .dumpit = ecm_classifier_nl_genl_msg_DUMP,
|
|
- },
|
|
-};
|
|
-
|
|
static int ecm_classifier_nl_register_genl(void)
|
|
{
|
|
int result;
|
|
|
|
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 13, 0)
|
|
- result = genl_register_family_with_ops_groups(&ecm_cl_nl_genl_family,
|
|
- ecm_cl_nl_genl_ops,
|
|
- ecm_cl_nl_genl_mcgrp);
|
|
- if (result != 0) {
|
|
- DEBUG_ERROR("failed to register genl ops: %d\n", result);
|
|
- return result;
|
|
- }
|
|
-#else
|
|
result = genl_register_family(&ecm_cl_nl_genl_family);
|
|
- if (result != 0) {
|
|
+ if (result != 0)
|
|
DEBUG_ERROR("failed to register genl family: %d\n", result);
|
|
- goto err1;
|
|
- }
|
|
-
|
|
- result = genl_register_ops(&ecm_cl_nl_genl_family,
|
|
- ecm_cl_nl_genl_ops);
|
|
- if (result != 0) {
|
|
- DEBUG_ERROR("failed to register genl ops: %d\n", result);
|
|
- goto err2;
|
|
- }
|
|
-
|
|
- result = genl_register_mc_group(&ecm_cl_nl_genl_family,
|
|
- ecm_cl_nl_genl_mcgrp);
|
|
- if (result != 0) {
|
|
- DEBUG_ERROR("failed to register genl multicast group: %d\n",
|
|
- result);
|
|
- goto err3;
|
|
- }
|
|
-
|
|
- return 0;
|
|
|
|
-err3:
|
|
- genl_unregister_ops(&ecm_cl_nl_genl_family, ecm_cl_nl_genl_ops);
|
|
-err2:
|
|
- genl_unregister_family(&ecm_cl_nl_genl_family);
|
|
-err1:
|
|
-#endif
|
|
return result;
|
|
}
|
|
|
|
--- a/ecm_classifier_pcc.c
|
|
+++ b/ecm_classifier_pcc.c
|
|
@@ -49,7 +49,6 @@
|
|
#include <net/netfilter/nf_conntrack.h>
|
|
#include <net/netfilter/nf_conntrack_helper.h>
|
|
#include <net/netfilter/nf_conntrack_l4proto.h>
|
|
-#include <net/netfilter/nf_conntrack_l3proto.h>
|
|
#include <net/netfilter/nf_conntrack_core.h>
|
|
#include <net/netfilter/ipv4/nf_conntrack_ipv4.h>
|
|
#include <net/netfilter/ipv4/nf_defrag_ipv4.h>
|
|
--- a/ecm_conntrack_notifier.c
|
|
+++ b/ecm_conntrack_notifier.c
|
|
@@ -51,7 +51,6 @@
|
|
#include <net/netfilter/nf_conntrack_acct.h>
|
|
#include <net/netfilter/nf_conntrack_helper.h>
|
|
#include <net/netfilter/nf_conntrack_l4proto.h>
|
|
-#include <net/netfilter/nf_conntrack_l3proto.h>
|
|
#include <net/netfilter/nf_conntrack_zones.h>
|
|
#include <net/netfilter/nf_conntrack_core.h>
|
|
#include <net/netfilter/ipv4/nf_conntrack_ipv4.h>
|
|
@@ -345,14 +344,6 @@ static int ecm_conntrack_event(unsigned
|
|
return NOTIFY_DONE;
|
|
}
|
|
|
|
- /*
|
|
- * Special untracked connection is not monitored
|
|
- */
|
|
- if (ct == &nf_conntrack_untracked) {
|
|
- DEBUG_TRACE("Fake connection event - ignoring\n");
|
|
- return NOTIFY_DONE;
|
|
- }
|
|
-
|
|
/*
|
|
* Only interested if this is IPv4 or IPv6.
|
|
*/
|
|
--- a/ecm_db/ecm_db.c
|
|
+++ b/ecm_db/ecm_db.c
|
|
@@ -42,7 +42,6 @@
|
|
#include <net/netfilter/nf_conntrack.h>
|
|
#include <net/netfilter/nf_conntrack_helper.h>
|
|
#include <net/netfilter/nf_conntrack_l4proto.h>
|
|
-#include <net/netfilter/nf_conntrack_l3proto.h>
|
|
#include <net/netfilter/nf_conntrack_core.h>
|
|
#include <net/netfilter/ipv4/nf_conntrack_ipv4.h>
|
|
#include <net/netfilter/ipv4/nf_defrag_ipv4.h>
|
|
--- a/ecm_db/ecm_db_connection.c
|
|
+++ b/ecm_db/ecm_db_connection.c
|
|
@@ -41,7 +41,6 @@
|
|
#include <net/netfilter/nf_conntrack.h>
|
|
#include <net/netfilter/nf_conntrack_helper.h>
|
|
#include <net/netfilter/nf_conntrack_l4proto.h>
|
|
-#include <net/netfilter/nf_conntrack_l3proto.h>
|
|
#include <net/netfilter/nf_conntrack_core.h>
|
|
#include <net/netfilter/ipv4/nf_conntrack_ipv4.h>
|
|
#include <net/netfilter/ipv4/nf_defrag_ipv4.h>
|
|
--- a/ecm_db/ecm_db_host.c
|
|
+++ b/ecm_db/ecm_db_host.c
|
|
@@ -41,7 +41,6 @@
|
|
#include <net/netfilter/nf_conntrack.h>
|
|
#include <net/netfilter/nf_conntrack_helper.h>
|
|
#include <net/netfilter/nf_conntrack_l4proto.h>
|
|
-#include <net/netfilter/nf_conntrack_l3proto.h>
|
|
#include <net/netfilter/nf_conntrack_core.h>
|
|
#include <net/netfilter/ipv4/nf_conntrack_ipv4.h>
|
|
#include <net/netfilter/ipv4/nf_defrag_ipv4.h>
|
|
--- a/ecm_db/ecm_db_iface.c
|
|
+++ b/ecm_db/ecm_db_iface.c
|
|
@@ -41,7 +41,6 @@
|
|
#include <net/netfilter/nf_conntrack.h>
|
|
#include <net/netfilter/nf_conntrack_helper.h>
|
|
#include <net/netfilter/nf_conntrack_l4proto.h>
|
|
-#include <net/netfilter/nf_conntrack_l3proto.h>
|
|
#include <net/netfilter/nf_conntrack_core.h>
|
|
#include <net/netfilter/ipv4/nf_conntrack_ipv4.h>
|
|
#include <net/netfilter/ipv4/nf_defrag_ipv4.h>
|
|
--- a/ecm_db/ecm_db_listener.c
|
|
+++ b/ecm_db/ecm_db_listener.c
|
|
@@ -41,7 +41,6 @@
|
|
#include <net/netfilter/nf_conntrack.h>
|
|
#include <net/netfilter/nf_conntrack_helper.h>
|
|
#include <net/netfilter/nf_conntrack_l4proto.h>
|
|
-#include <net/netfilter/nf_conntrack_l3proto.h>
|
|
#include <net/netfilter/nf_conntrack_core.h>
|
|
#include <net/netfilter/ipv4/nf_conntrack_ipv4.h>
|
|
#include <net/netfilter/ipv4/nf_defrag_ipv4.h>
|
|
--- a/ecm_db/ecm_db_mapping.c
|
|
+++ b/ecm_db/ecm_db_mapping.c
|
|
@@ -41,7 +41,6 @@
|
|
#include <net/netfilter/nf_conntrack.h>
|
|
#include <net/netfilter/nf_conntrack_helper.h>
|
|
#include <net/netfilter/nf_conntrack_l4proto.h>
|
|
-#include <net/netfilter/nf_conntrack_l3proto.h>
|
|
#include <net/netfilter/nf_conntrack_core.h>
|
|
#include <net/netfilter/ipv4/nf_conntrack_ipv4.h>
|
|
#include <net/netfilter/ipv4/nf_defrag_ipv4.h>
|
|
--- a/ecm_db/ecm_db_multicast.c
|
|
+++ b/ecm_db/ecm_db_multicast.c
|
|
@@ -42,7 +42,6 @@
|
|
#include <net/netfilter/nf_conntrack.h>
|
|
#include <net/netfilter/nf_conntrack_helper.h>
|
|
#include <net/netfilter/nf_conntrack_l4proto.h>
|
|
-#include <net/netfilter/nf_conntrack_l3proto.h>
|
|
#include <net/netfilter/nf_conntrack_core.h>
|
|
#include <net/netfilter/ipv4/nf_conntrack_ipv4.h>
|
|
#include <net/netfilter/ipv4/nf_defrag_ipv4.h>
|
|
--- a/ecm_db/ecm_db_node.c
|
|
+++ b/ecm_db/ecm_db_node.c
|
|
@@ -41,7 +41,6 @@
|
|
#include <net/netfilter/nf_conntrack.h>
|
|
#include <net/netfilter/nf_conntrack_helper.h>
|
|
#include <net/netfilter/nf_conntrack_l4proto.h>
|
|
-#include <net/netfilter/nf_conntrack_l3proto.h>
|
|
#include <net/netfilter/nf_conntrack_core.h>
|
|
#include <net/netfilter/ipv4/nf_conntrack_ipv4.h>
|
|
#include <net/netfilter/ipv4/nf_defrag_ipv4.h>
|
|
--- a/ecm_db/ecm_db_timer.c
|
|
+++ b/ecm_db/ecm_db_timer.c
|
|
@@ -42,7 +42,6 @@
|
|
#include <net/netfilter/nf_conntrack.h>
|
|
#include <net/netfilter/nf_conntrack_helper.h>
|
|
#include <net/netfilter/nf_conntrack_l4proto.h>
|
|
-#include <net/netfilter/nf_conntrack_l3proto.h>
|
|
#include <net/netfilter/nf_conntrack_core.h>
|
|
#include <net/netfilter/ipv4/nf_conntrack_ipv4.h>
|
|
#include <net/netfilter/ipv4/nf_defrag_ipv4.h>
|
|
@@ -387,7 +386,7 @@ EXPORT_SYMBOL(ecm_db_time_get);
|
|
* Manage expiration of connections
|
|
* NOTE: This is softirq context
|
|
*/
|
|
-static void ecm_db_timer_callback(unsigned long data)
|
|
+static void ecm_db_timer_callback(struct timer_list *arg)
|
|
{
|
|
uint32_t timer;
|
|
|
|
@@ -425,9 +424,7 @@ void ecm_db_timer_init(void)
|
|
/*
|
|
* Set a timer to manage cleanup of expired connections
|
|
*/
|
|
- init_timer(&ecm_db_timer);
|
|
- ecm_db_timer.function = ecm_db_timer_callback;
|
|
- ecm_db_timer.data = 0;
|
|
+ timer_setup(&ecm_db_timer, ecm_db_timer_callback, 0);
|
|
ecm_db_timer.expires = jiffies + HZ;
|
|
add_timer(&ecm_db_timer);
|
|
|
|
--- a/ecm_interface.c
|
|
+++ b/ecm_interface.c
|
|
@@ -66,7 +66,6 @@
|
|
#include <net/netfilter/nf_conntrack_acct.h>
|
|
#include <net/netfilter/nf_conntrack_helper.h>
|
|
#include <net/netfilter/nf_conntrack_l4proto.h>
|
|
-#include <net/netfilter/nf_conntrack_l3proto.h>
|
|
#include <net/netfilter/nf_conntrack_zones.h>
|
|
#include <net/netfilter/nf_conntrack_core.h>
|
|
#include <linux/netfilter_ipv6/ip6_tables.h>
|
|
@@ -537,7 +536,7 @@ static bool ecm_interface_find_gateway_ipv4(ip_addr_t addr, ip_addr_t gw_addr)
|
|
return false;
|
|
}
|
|
|
|
- ECM_NIN4_ADDR_TO_IP_ADDR(gw_addr, rt->rt_gateway)
|
|
+ ECM_NIN4_ADDR_TO_IP_ADDR(gw_addr, rt->rt_gw4)
|
|
ecm_interface_route_release(&ecm_rt);
|
|
return true;
|
|
}
|
|
@@ -596,7 +595,7 @@ static bool ecm_interface_mac_addr_get_ipv4(ip_addr_t addr, uint8_t *mac_addr, b
|
|
if (rt->rt_uses_gateway || (rt->rt_flags & RTF_GATEWAY)) {
|
|
#endif
|
|
*on_link = false;
|
|
- ECM_NIN4_ADDR_TO_IP_ADDR(gw_addr, rt->rt_gateway)
|
|
+ ECM_NIN4_ADDR_TO_IP_ADDR(gw_addr, rt->rt_gw4)
|
|
} else {
|
|
*on_link = true;
|
|
}
|
|
@@ -1003,7 +1002,7 @@ static bool ecm_interface_find_route_by_addr_ipv6(ip_addr_t addr, struct ecm_int
|
|
* Get a route to the given IP address, this will allow us to also find the interface
|
|
* it is using to communicate with that IP address.
|
|
*/
|
|
- ecm_rt->rt.rtv6 = rt6_lookup(&init_net, &naddr, NULL, 0, 0);
|
|
+ ecm_rt->rt.rtv6 = rt6_lookup(&init_net, &naddr, NULL, 0, NULL, 0);
|
|
if (!ecm_rt->rt.rtv6) {
|
|
DEBUG_TRACE("No output route to: " ECM_IP_ADDR_OCTAL_FMT "\n", ECM_IP_ADDR_TO_OCTAL(addr));
|
|
return NULL;
|
|
@@ -1077,7 +1076,7 @@ void ecm_interface_send_neighbour_solicitation(struct net_device *dev, ip_addr_t
|
|
/*
|
|
* Find the route entry
|
|
*/
|
|
- rt6i = rt6_lookup(netf, &dst_addr, NULL, 0, 0);
|
|
+ rt6i = rt6_lookup(netf, &dst_addr, NULL, 0, NULL, 0);
|
|
if (!rt6i) {
|
|
DEBUG_TRACE("IPv6 Route lookup failure for destination IPv6 address " ECM_IP_ADDR_OCTAL_FMT "\n", ECM_IP_ADDR_TO_OCTAL(addr));
|
|
return;
|
|
@@ -1104,7 +1103,7 @@ void ecm_interface_send_neighbour_solicitation(struct net_device *dev, ip_addr_t
|
|
#if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 4, 0))
|
|
ndisc_send_ns(dev, neigh, &dst_addr, &mc_dst_addr, &src_addr);
|
|
#else
|
|
- ndisc_send_ns(dev, &dst_addr, &mc_dst_addr, &src_addr);
|
|
+ ndisc_send_ns(dev, &dst_addr, &mc_dst_addr, &src_addr, 0);
|
|
#endif
|
|
neigh_release(neigh);
|
|
dst_release(&rt6i->dst);
|
|
@@ -1194,7 +1193,7 @@ struct neighbour *ecm_interface_ipv6_neigh_get(ip_addr_t addr)
|
|
struct in6_addr ipv6_addr;
|
|
|
|
ECM_IP_ADDR_TO_NIN6_ADDR(ipv6_addr, addr);
|
|
- rt = rt6_lookup(&init_net, &ipv6_addr, NULL, 0, 0);
|
|
+ rt = rt6_lookup(&init_net, &ipv6_addr, NULL, 0, NULL, 0);
|
|
if (!rt) {
|
|
return NULL;
|
|
}
|
|
@@ -1220,7 +1219,7 @@ bool ecm_interface_is_pptp(struct sk_buff *skb, const struct net_device *out)
|
|
* skip first pass of l2tp/pptp tunnel encapsulated traffic
|
|
*/
|
|
if (out->type == ARPHRD_PPP) {
|
|
- if (out->priv_flags & IFF_PPP_PPTP) {
|
|
+ if (out->priv_flags_qca_ecm & IFF_QCA_ECM_PPP_PPTP) {
|
|
return true;
|
|
}
|
|
}
|
|
@@ -1231,7 +1230,7 @@ bool ecm_interface_is_pptp(struct sk_buff *skb, const struct net_device *out)
|
|
}
|
|
|
|
if (in->type == ARPHRD_PPP) {
|
|
- if (in->priv_flags & IFF_PPP_PPTP) {
|
|
+ if (in->priv_flags_qca_ecm & IFF_QCA_ECM_PPP_PPTP) {
|
|
dev_put(in);
|
|
return true;
|
|
}
|
|
@@ -1256,10 +1255,10 @@ bool ecm_interface_is_l2tp_packet_by_version(struct sk_buff *skb, const struct n
|
|
|
|
switch (ver) {
|
|
case 2:
|
|
- flag = IFF_PPP_L2TPV2;
|
|
+ flag = IFF_QCA_ECM_PPP_L2TPV2;
|
|
break;
|
|
case 3:
|
|
- flag = IFF_PPP_L2TPV3;
|
|
+ flag = IFF_QCA_ECM_PPP_L2TPV3;
|
|
break;
|
|
default:
|
|
break;
|
|
@@ -1268,10 +1267,8 @@ bool ecm_interface_is_l2tp_packet_by_version(struct sk_buff *skb, const struct n
|
|
/*
|
|
* skip first pass of l2tp/pptp tunnel encapsulated traffic
|
|
*/
|
|
- if (out->type == ARPHRD_PPP) {
|
|
- if (out->priv_flags & flag) {
|
|
- return true;
|
|
- }
|
|
+ if (out->priv_flags_qca_ecm & flag) {
|
|
+ return true;
|
|
}
|
|
|
|
in = dev_get_by_index(&init_net, skb->skb_iif);
|
|
@@ -1279,11 +1276,9 @@ bool ecm_interface_is_l2tp_packet_by_version(struct sk_buff *skb, const struct n
|
|
return true;
|
|
}
|
|
|
|
- if (in->type == ARPHRD_PPP) {
|
|
- if (in->priv_flags & flag) {
|
|
- dev_put(in);
|
|
- return true;
|
|
- }
|
|
+ if (out->priv_flags_qca_ecm & flag) {
|
|
+ dev_put(in);
|
|
+ return true;
|
|
}
|
|
|
|
dev_put(in);
|
|
@@ -1304,11 +1299,9 @@ bool ecm_interface_is_l2tp_pptp(struct sk_buff *skb, const struct net_device *ou
|
|
/*
|
|
* skip first pass of l2tp/pptp tunnel encapsulated traffic
|
|
*/
|
|
- if (out->type == ARPHRD_PPP) {
|
|
- if (out->priv_flags & (IFF_PPP_L2TPV2 | IFF_PPP_L2TPV3 |
|
|
- IFF_PPP_PPTP)) {
|
|
- return true;
|
|
- }
|
|
+ if (out->priv_flags_qca_ecm & (IFF_QCA_ECM_PPP_L2TPV2 | IFF_QCA_ECM_PPP_L2TPV3 |
|
|
+ IFF_QCA_ECM_PPP_PPTP)) {
|
|
+ return true;
|
|
}
|
|
|
|
in = dev_get_by_index(&init_net, skb->skb_iif);
|
|
@@ -1316,12 +1309,10 @@ bool ecm_interface_is_l2tp_pptp(struct sk_buff *skb, const struct net_device *ou
|
|
return true;
|
|
}
|
|
|
|
- if (in->type == ARPHRD_PPP) {
|
|
- if (in->priv_flags & (IFF_PPP_L2TPV2 | IFF_PPP_L2TPV3 |
|
|
- IFF_PPP_PPTP)) {
|
|
- dev_put(in);
|
|
- return true;
|
|
- }
|
|
+ if (out->priv_flags_qca_ecm & (IFF_QCA_ECM_PPP_L2TPV2 | IFF_QCA_ECM_PPP_L2TPV3 |
|
|
+ IFF_QCA_ECM_PPP_PPTP)) {
|
|
+ dev_put(in);
|
|
+ return true;
|
|
}
|
|
|
|
dev_put(in);
|
|
@@ -2416,7 +2407,7 @@ struct ecm_db_iface_instance *ecm_interface_establish_and_ref(struct ecm_front_e
|
|
/*
|
|
* GRE TAP?
|
|
*/
|
|
- if (dev->priv_flags & (IFF_GRE_V4_TAP | IFF_GRE_V6_TAP)) {
|
|
+ if (dev->priv_flags_qca_ecm & (IFF_QCA_ECM_GRE_V4_TAP | IFF_QCA_ECM_GRE_V6_TAP)) {
|
|
interface_type = feci->ae_interface_type_get(feci, dev);
|
|
ae_interface_num = feci->ae_interface_number_by_dev_type_get(dev, interface_type);
|
|
|
|
@@ -2680,7 +2671,7 @@ identifier_update:
|
|
/*
|
|
* OVPN Tunnel?
|
|
*/
|
|
- if ((dev_type == ARPHRD_NONE) && (dev->priv_flags & IFF_TUN_TAP)) {
|
|
+ if ((dev_type == ARPHRD_NONE) && (dev->priv_flags_qca_ecm & IFF_QCA_ECM_TUN_TAP)) {
|
|
struct net_device *tun_dev = NULL;
|
|
ip_addr_t saddr, daddr;
|
|
|
|
@@ -2746,7 +2737,7 @@ identifier_update:
|
|
* ppp_is_multilink() and ppp_hold_channels() which acquire same lock
|
|
*/
|
|
|
|
- if ((dev->priv_flags & IFF_PPP_L2TPV2) && ppp_is_xmit_locked(dev)) {
|
|
+ if ((dev->priv_flags_qca_ecm & IFF_QCA_ECM_PPP_L2TPV2) && ppp_is_xmit_locked(dev)) {
|
|
if (skb && (skb->skb_iif == dev->ifindex)) {
|
|
struct pppol2tp_common_addr info;
|
|
|
|
@@ -2804,7 +2795,7 @@ identifier_update:
|
|
#endif
|
|
|
|
#ifdef ECM_INTERFACE_PPTP_ENABLE
|
|
- if ((protocol == IPPROTO_GRE) && skb && v4_hdr && (dev->priv_flags & IFF_PPP_PPTP)) {
|
|
+ if ((protocol == IPPROTO_GRE) && skb && v4_hdr && (dev->priv_flags_qca_ecm & IFF_QCA_ECM_PPP_PPTP)) {
|
|
struct gre_hdr_pptp *gre_hdr;
|
|
uint16_t proto;
|
|
int ret;
|
|
@@ -3972,7 +3963,7 @@ int32_t ecm_interface_heirarchy_construct(struct ecm_front_end_connection_instan
|
|
if (((ip_version == 4) && (protocol == IPPROTO_IPV6)) ||
|
|
((ip_version == 6) && (protocol == IPPROTO_IPIP)) ||
|
|
(protocol == IPPROTO_GRE) ||
|
|
- ((given_dest_dev->type == ARPHRD_NONE) && (given_dest_dev->priv_flags & IFF_TUN_TAP))) {
|
|
+ ((given_dest_dev->type == ARPHRD_NONE) && (given_dest_dev->priv_flags_qca_ecm & IFF_QCA_ECM_TUN_TAP))) {
|
|
dev_put(dest_dev);
|
|
dest_dev = given_dest_dev;
|
|
if (dest_dev) {
|
|
@@ -3991,7 +3982,7 @@ int32_t ecm_interface_heirarchy_construct(struct ecm_front_end_connection_instan
|
|
/*
|
|
* if the address is a local address and indev=l2tp.
|
|
*/
|
|
- if ((given_src_dev->type == ARPHRD_PPP) && (given_src_dev->priv_flags & IFF_PPP_L2TPV2) && ppp_is_xmit_locked(given_src_dev)) {
|
|
+ if ((given_src_dev->type == ARPHRD_PPP) && (given_src_dev->priv_flags_qca_ecm & IFF_QCA_ECM_PPP_L2TPV2) && ppp_is_xmit_locked(given_src_dev)) {
|
|
dev_put(dest_dev);
|
|
dest_dev = given_dest_dev;
|
|
if (dest_dev) {
|
|
@@ -4005,7 +3996,7 @@ int32_t ecm_interface_heirarchy_construct(struct ecm_front_end_connection_instan
|
|
/*
|
|
* if the address is a local address and indev=PPTP.
|
|
*/
|
|
- if (protocol == IPPROTO_GRE && given_dest_dev && (given_dest_dev->priv_flags & IFF_PPP_PPTP)){
|
|
+ if (protocol == IPPROTO_GRE && given_dest_dev && (given_dest_dev->priv_flags_qca_ecm & IFF_QCA_ECM_PPP_PPTP)){
|
|
dev_put(dest_dev);
|
|
dest_dev = given_dest_dev;
|
|
if (dest_dev) {
|
|
@@ -4054,7 +4045,7 @@ int32_t ecm_interface_heirarchy_construct(struct ecm_front_end_connection_instan
|
|
if (((ip_version == 4) && (protocol == IPPROTO_IPV6)) ||
|
|
((ip_version == 6) && (protocol == IPPROTO_IPIP)) ||
|
|
(protocol == IPPROTO_GRE) ||
|
|
- ((given_src_dev->type == ARPHRD_NONE) && (given_src_dev->priv_flags & IFF_TUN_TAP))) {
|
|
+ ((given_src_dev->type == ARPHRD_NONE) && (given_src_dev->priv_flags_qca_ecm & IFF_QCA_ECM_TUN_TAP))) {
|
|
dev_put(src_dev);
|
|
src_dev = given_src_dev;
|
|
if (src_dev) {
|
|
@@ -4504,7 +4495,7 @@ lag_success:
|
|
/*
|
|
* OVPN ?
|
|
*/
|
|
- if ((dest_dev_type == ARPHRD_NONE) && (dest_dev->priv_flags & IFF_TUN_TAP)) {
|
|
+ if ((dest_dev_type == ARPHRD_NONE) && (dest_dev->priv_flags_qca_ecm & IFF_QCA_ECM_TUN_TAP)) {
|
|
DEBUG_TRACE("Net device: %p is OVPN, device name: %s\n", dest_dev, dest_dev->name);
|
|
break;
|
|
}
|
|
@@ -4523,7 +4514,7 @@ lag_success:
|
|
DEBUG_TRACE("%p: Net device: %p is PPP\n", feci, dest_dev);
|
|
|
|
#ifdef ECM_INTERFACE_L2TPV2_ENABLE
|
|
- if ((given_src_dev->priv_flags & IFF_PPP_L2TPV2) && ppp_is_xmit_locked(given_src_dev)) {
|
|
+ if ((given_src_dev->priv_flags_qca_ecm & IFF_QCA_ECM_PPP_L2TPV2) && ppp_is_xmit_locked(given_src_dev)) {
|
|
if (skb->skb_iif == dest_dev->ifindex) {
|
|
DEBUG_TRACE("%p: Net device: %p PPP channel is PPPoL2TPV2\n", feci, dest_dev);
|
|
break;
|
|
@@ -4532,7 +4523,7 @@ lag_success:
|
|
#endif
|
|
|
|
#ifdef ECM_INTERFACE_PPTP_ENABLE
|
|
- if (protocol == IPPROTO_GRE && dest_dev && (dest_dev->priv_flags & IFF_PPP_PPTP)) {
|
|
+ if (protocol == IPPROTO_GRE && dest_dev && (dest_dev->priv_flags_qca_ecm & IFF_QCA_ECM_PPP_PPTP)) {
|
|
DEBUG_TRACE("%p: Net device: %p PPP channel is PPTP\n", feci, dest_dev);
|
|
break;
|
|
}
|
|
@@ -4798,7 +4789,7 @@ int32_t ecm_interface_multicast_from_heirarchy_construct(struct ecm_front_end_co
|
|
/*
|
|
* if the address is a local address and indev=l2tp.
|
|
*/
|
|
- if ((given_src_dev->type == ARPHRD_PPP) && (given_src_dev->priv_flags & IFF_PPP_L2TPV2) && ppp_is_xmit_locked(given_src_dev)) {
|
|
+ if ((given_src_dev->type == ARPHRD_PPP) && (given_src_dev->priv_flags_qca_ecm & IFF_QCA_ECM_PPP_L2TPV2) && ppp_is_xmit_locked(given_src_dev)) {
|
|
dev_put(dest_dev);
|
|
dest_dev = given_dest_dev;
|
|
if (dest_dev) {
|
|
@@ -5265,7 +5256,7 @@ int32_t ecm_interface_multicast_from_heirarchy_construct(struct ecm_front_end_co
|
|
DEBUG_TRACE("Net device: %p is PPP\n", dest_dev);
|
|
|
|
#ifdef ECM_INTERFACE_L2TPV2_ENABLE
|
|
- if ((given_src_dev->priv_flags & IFF_PPP_L2TPV2) && ppp_is_xmit_locked(given_src_dev)) {
|
|
+ if ((given_src_dev->priv_flags_qca_ecm & IFF_QCA_ECM_PPP_L2TPV2) && ppp_is_xmit_locked(given_src_dev)) {
|
|
if (skb->skb_iif == dest_dev->ifindex) {
|
|
DEBUG_TRACE("Net device: %p PPP channel is PPPoL2TPV2\n", dest_dev);
|
|
break;
|
|
@@ -6520,7 +6511,7 @@ static int ecm_interface_wifi_event_rx(struct socket *sock, struct sockaddr_nl *
|
|
#endif
|
|
oldfs = get_fs();
|
|
set_fs(KERNEL_DS);
|
|
- size = sock_recvmsg(sock, &msg, len, msg.msg_flags);
|
|
+ size = sock_recvmsg(sock, &msg, msg.msg_flags);
|
|
set_fs(oldfs);
|
|
|
|
return size;
|
|
@@ -6609,7 +6600,7 @@ int ecm_interface_wifi_event_stop(void)
|
|
}
|
|
|
|
DEBUG_INFO("kill ecm_interface_wifi_event thread\n");
|
|
- force_sig(SIGKILL, __ewn.thread);
|
|
+ send_sig(SIGKILL, __ewn.thread, 1);
|
|
err = kthread_stop(__ewn.thread);
|
|
__ewn.thread = NULL;
|
|
|
|
--- a/ecm_tracker.c
|
|
+++ b/ecm_tracker.c
|
|
@@ -43,7 +43,6 @@
|
|
#include <net/netfilter/nf_conntrack.h>
|
|
#include <net/netfilter/nf_conntrack_helper.h>
|
|
#include <net/netfilter/nf_conntrack_l4proto.h>
|
|
-#include <net/netfilter/nf_conntrack_l3proto.h>
|
|
#include <net/netfilter/nf_conntrack_core.h>
|
|
#include <net/netfilter/ipv4/nf_conntrack_ipv4.h>
|
|
#include <net/netfilter/ipv4/nf_defrag_ipv4.h>
|
|
--- a/ecm_tracker_datagram.c
|
|
+++ b/ecm_tracker_datagram.c
|
|
@@ -43,7 +43,6 @@
|
|
#include <net/netfilter/nf_conntrack.h>
|
|
#include <net/netfilter/nf_conntrack_helper.h>
|
|
#include <net/netfilter/nf_conntrack_l4proto.h>
|
|
-#include <net/netfilter/nf_conntrack_l3proto.h>
|
|
#include <net/netfilter/nf_conntrack_core.h>
|
|
#include <net/netfilter/ipv4/nf_conntrack_ipv4.h>
|
|
#include <net/netfilter/ipv4/nf_defrag_ipv4.h>
|
|
--- a/ecm_tracker_tcp.c
|
|
+++ b/ecm_tracker_tcp.c
|
|
@@ -43,7 +43,6 @@
|
|
#include <net/netfilter/nf_conntrack.h>
|
|
#include <net/netfilter/nf_conntrack_helper.h>
|
|
#include <net/netfilter/nf_conntrack_l4proto.h>
|
|
-#include <net/netfilter/nf_conntrack_l3proto.h>
|
|
#include <net/netfilter/nf_conntrack_core.h>
|
|
#include <net/netfilter/ipv4/nf_conntrack_ipv4.h>
|
|
#include <net/netfilter/ipv4/nf_defrag_ipv4.h>
|
|
@@ -1143,7 +1142,7 @@ static bool ecm_tracker_tcp_extract_mss(
|
|
const u8 *hash_location;
|
|
tcp_parse_options(skb, &opt_rx, &hash_location, 0);
|
|
#elif (LINUX_VERSION_CODE >= KERNEL_VERSION(3,10,0))
|
|
- tcp_parse_options(skb, &opt_rx, 0, NULL);
|
|
+ tcp_parse_options(&init_net, skb, &opt_rx, 0, NULL);
|
|
#else
|
|
#error "Unsupported kernel version for tcp_parse_options()"
|
|
#endif
|
|
--- a/ecm_tracker_udp.c
|
|
+++ b/ecm_tracker_udp.c
|
|
@@ -43,7 +43,6 @@
|
|
#include <net/netfilter/nf_conntrack.h>
|
|
#include <net/netfilter/nf_conntrack_helper.h>
|
|
#include <net/netfilter/nf_conntrack_l4proto.h>
|
|
-#include <net/netfilter/nf_conntrack_l3proto.h>
|
|
#include <net/netfilter/nf_conntrack_core.h>
|
|
#include <net/netfilter/ipv4/nf_conntrack_ipv4.h>
|
|
#include <net/netfilter/ipv4/nf_defrag_ipv4.h>
|
|
--- a/frontends/ecm_front_end_ipv4.c
|
|
+++ b/frontends/ecm_front_end_ipv4.c
|
|
@@ -215,7 +215,7 @@ bool ecm_front_end_ipv4_interface_constr
|
|
* behind a gateway.
|
|
*/
|
|
DEBUG_TRACE("Gateway address will be looked up overwrite the rt_dst_addr\n");
|
|
- ECM_NIN4_ADDR_TO_IP_ADDR(rt_dst_addr, rt->rt_gateway)
|
|
+ ECM_NIN4_ADDR_TO_IP_ADDR(rt_dst_addr, rt->rt_gw4)
|
|
gateway = true;
|
|
}
|
|
|
|
--- a/frontends/include/ecm_front_end_common.h
|
|
+++ b/frontends/include/ecm_front_end_common.h
|
|
@@ -98,13 +98,6 @@ static inline bool ecm_front_end_acceler
|
|
return false;
|
|
}
|
|
|
|
- if (unlikely(nf_ct_is_untracked(ct))) {
|
|
- /*
|
|
- * Untracked traffic certainly can't be accelerated.
|
|
- */
|
|
- return true;
|
|
- }
|
|
-
|
|
#if (LINUX_VERSION_CODE <= KERNEL_VERSION(3, 6, 0))
|
|
acct = nf_conn_acct_find(ct);
|
|
#else
|
|
--- a/frontends/nss/ecm_nss_bond_notifier.c
|
|
+++ b/frontends/nss/ecm_nss_bond_notifier.c
|
|
@@ -52,7 +52,6 @@
|
|
#include <net/netfilter/nf_conntrack_acct.h>
|
|
#include <net/netfilter/nf_conntrack_helper.h>
|
|
#include <net/netfilter/nf_conntrack_l4proto.h>
|
|
-#include <net/netfilter/nf_conntrack_l3proto.h>
|
|
#include <net/netfilter/nf_conntrack_zones.h>
|
|
#include <net/netfilter/nf_conntrack_core.h>
|
|
#include <net/netfilter/ipv4/nf_conntrack_ipv4.h>
|
|
--- a/frontends/nss/ecm_nss_common.h
|
|
+++ b/frontends/nss/ecm_nss_common.h
|
|
@@ -144,7 +144,7 @@ static inline int32_t ecm_nss_common_get_interface_type(struct ecm_front_end_con
|
|
/*
|
|
* If device is not GRETAP then return NONE.
|
|
*/
|
|
- if (!(dev->priv_flags & (IFF_GRE_V4_TAP | IFF_GRE_V6_TAP))) {
|
|
+ if (!(dev->priv_flags_qca_ecm & (IFF_QCA_ECM_GRE_V4_TAP | IFF_QCA_ECM_GRE_V6_TAP))) {
|
|
break;
|
|
}
|
|
#endif
|
|
--- a/frontends/nss/ecm_nss_ipv4.c
|
|
+++ b/frontends/nss/ecm_nss_ipv4.c
|
|
@@ -48,7 +48,6 @@
|
|
#include <net/netfilter/nf_conntrack_acct.h>
|
|
#include <net/netfilter/nf_conntrack_helper.h>
|
|
#include <net/netfilter/nf_conntrack_l4proto.h>
|
|
-#include <net/netfilter/nf_conntrack_l3proto.h>
|
|
#if (LINUX_VERSION_CODE <= KERNEL_VERSION(4, 2, 0))
|
|
#include <net/netfilter/nf_conntrack_zones.h>
|
|
#else
|
|
@@ -1053,7 +1052,7 @@ static unsigned int ecm_nss_ipv4_ip_process(struct net_device *out_dev, struct n
|
|
* If any of the input or output interface is a GRE V4 TAP/TUN interface
|
|
* we can continue to accelerate it.
|
|
*/
|
|
- if ((in_dev->priv_flags & IFF_GRE_V4_TAP) || (out_dev->priv_flags & IFF_GRE_V4_TAP)) {
|
|
+ if ((in_dev->priv_flags_qca_ecm & IFF_QCA_ECM_GRE_V4_TAP) || (out_dev->priv_flags_qca_ecm & IFF_QCA_ECM_GRE_V4_TAP)) {
|
|
#ifndef ECM_INTERFACE_GRE_TAP_ENABLE
|
|
DEBUG_TRACE("GRE TAP acceleration is disabled\n");
|
|
return NF_ACCEPT;
|
|
@@ -1082,7 +1081,7 @@ static unsigned int ecm_nss_ipv4_ip_process(struct net_device *out_dev, struct n
|
|
reply_tuple.dst.u3.ip = orig_tuple.src.u3.ip;
|
|
sender = ECM_TRACKER_SENDER_TYPE_SRC;
|
|
} else {
|
|
- if (unlikely(ct == &nf_conntrack_untracked)) {
|
|
+ if (unlikely(ctinfo == IP_CT_UNTRACKED)) {
|
|
DEBUG_TRACE("%p: ct: untracked\n", skb);
|
|
return NF_ACCEPT;
|
|
}
|
|
@@ -2097,7 +2096,6 @@ sync_conntrack:
|
|
}
|
|
|
|
ct = nf_ct_tuplehash_to_ctrack(h);
|
|
- NF_CT_ASSERT(ct->timeout.data == (unsigned long)ct);
|
|
DEBUG_TRACE("%p: NSS Sync: conntrack connection\n", ct);
|
|
|
|
ecm_front_end_flow_and_return_directions_get(ct, flow_ip, 4, &flow_dir, &return_dir);
|
|
@@ -2108,7 +2106,7 @@ sync_conntrack:
|
|
*/
|
|
if (!test_bit(IPS_FIXED_TIMEOUT_BIT, &ct->status)) {
|
|
spin_lock_bh(&ct->lock);
|
|
- ct->timeout.expires += delta_jiffies;
|
|
+ ct->timeout += delta_jiffies;
|
|
spin_unlock_bh(&ct->lock);
|
|
}
|
|
|
|
@@ -2166,17 +2164,15 @@ sync_conntrack:
|
|
u_int64_t reply_pkts = atomic64_read(&acct[IP_CT_DIR_REPLY].packets);
|
|
|
|
if (reply_pkts != 0) {
|
|
- struct nf_conntrack_l4proto *l4proto;
|
|
unsigned int *timeouts;
|
|
|
|
set_bit(IPS_SEEN_REPLY_BIT, &ct->status);
|
|
set_bit(IPS_ASSURED_BIT, &ct->status);
|
|
|
|
- l4proto = __nf_ct_l4proto_find(AF_INET, IPPROTO_UDP);
|
|
- timeouts = nf_ct_timeout_lookup(&init_net, ct, l4proto);
|
|
+ timeouts = nf_ct_timeout_lookup(ct);
|
|
|
|
spin_lock_bh(&ct->lock);
|
|
- ct->timeout.expires = jiffies + timeouts[UDP_CT_REPLIED];
|
|
+ ct->timeout = jiffies + timeouts[UDP_CT_REPLIED];
|
|
spin_unlock_bh(&ct->lock);
|
|
}
|
|
}
|
|
@@ -2690,7 +2686,8 @@ int ecm_nss_ipv4_init(struct dentry *dentry)
|
|
/*
|
|
* Register netfilter hooks
|
|
*/
|
|
- result = nf_register_hooks(ecm_nss_ipv4_netfilter_hooks, ARRAY_SIZE(ecm_nss_ipv4_netfilter_hooks));
|
|
+ result = nf_register_net_hooks(&init_net, ecm_nss_ipv4_netfilter_hooks, \
|
|
+ ARRAY_SIZE(ecm_nss_ipv4_netfilter_hooks));
|
|
if (result < 0) {
|
|
DEBUG_ERROR("Can't register netfilter hooks.\n");
|
|
nss_ipv4_notify_unregister();
|
|
@@ -2702,8 +2699,8 @@ int ecm_nss_ipv4_init(struct dentry *dentry)
|
|
if (result < 0) {
|
|
DEBUG_ERROR("Failed to init ecm ipv4 multicast frontend\n");
|
|
nss_ipv4_notify_unregister();
|
|
- nf_unregister_hooks(ecm_nss_ipv4_netfilter_hooks,
|
|
- ARRAY_SIZE(ecm_nss_ipv4_netfilter_hooks));
|
|
+ nf_unregister_net_hooks(&init_net, ecm_nss_ipv4_netfilter_hooks,
|
|
+ ARRAY_SIZE(ecm_nss_ipv4_netfilter_hooks));
|
|
goto task_cleanup;
|
|
}
|
|
#endif
|
|
@@ -2714,8 +2711,8 @@ int ecm_nss_ipv4_init(struct dentry *dentry)
|
|
#ifdef ECM_MULTICAST_ENABLE
|
|
ecm_nss_multicast_ipv4_exit();
|
|
#endif
|
|
- nf_unregister_hooks(ecm_nss_ipv4_netfilter_hooks,
|
|
- ARRAY_SIZE(ecm_nss_ipv4_netfilter_hooks));
|
|
+ nf_unregister_net_hooks(&init_net, ecm_nss_ipv4_netfilter_hooks,
|
|
+ ARRAY_SIZE(ecm_nss_ipv4_netfilter_hooks));
|
|
goto task_cleanup;
|
|
}
|
|
|
|
@@ -2742,8 +2739,8 @@ void ecm_nss_ipv4_exit(void)
|
|
/*
|
|
* Stop the network stack hooks
|
|
*/
|
|
- nf_unregister_hooks(ecm_nss_ipv4_netfilter_hooks,
|
|
- ARRAY_SIZE(ecm_nss_ipv4_netfilter_hooks));
|
|
+ nf_unregister_net_hooks(&init_net, ecm_nss_ipv4_netfilter_hooks,
|
|
+ ARRAY_SIZE(ecm_nss_ipv4_netfilter_hooks));
|
|
|
|
/*
|
|
* Unregister from the Linux NSS Network driver
|
|
--- a/frontends/nss/ecm_nss_ipv6.c
|
|
+++ b/frontends/nss/ecm_nss_ipv6.c
|
|
@@ -51,7 +51,6 @@
|
|
#include <net/netfilter/nf_conntrack_acct.h>
|
|
#include <net/netfilter/nf_conntrack_helper.h>
|
|
#include <net/netfilter/nf_conntrack_l4proto.h>
|
|
-#include <net/netfilter/nf_conntrack_l3proto.h>
|
|
#if (LINUX_VERSION_CODE <= KERNEL_VERSION(4, 2, 0))
|
|
#include <net/netfilter/nf_conntrack_zones.h>
|
|
#else
|
|
@@ -1035,7 +1034,7 @@ static unsigned int ecm_nss_ipv6_ip_process(struct net_device *out_dev, struct n
|
|
* If any of the input or output interface is a GRE V4 TAP/TUN interface
|
|
* we can continue to accelerate it.
|
|
*/
|
|
- if ((in_dev->priv_flags & IFF_GRE_V4_TAP) || (out_dev->priv_flags & IFF_GRE_V4_TAP)) {
|
|
+ if ((in_dev->priv_flags_qca_ecm & IFF_QCA_ECM_GRE_V4_TAP) || (out_dev->priv_flags_qca_ecm & IFF_QCA_ECM_GRE_V4_TAP)) {
|
|
#ifndef ECM_INTERFACE_GRE_TAP_ENABLE
|
|
DEBUG_TRACE("GRE TAP acceleration is disabled\n");
|
|
return NF_ACCEPT;
|
|
@@ -1064,7 +1063,7 @@ static unsigned int ecm_nss_ipv6_ip_process(struct net_device *out_dev, struct n
|
|
ECM_IP_ADDR_TO_NIN6_ADDR(reply_tuple.dst.u3.in6, ip_hdr.src_addr);
|
|
sender = ECM_TRACKER_SENDER_TYPE_SRC;
|
|
} else {
|
|
- if (unlikely(ct == &nf_conntrack_untracked)) {
|
|
+ if (unlikely(ctinfo == IP_CT_UNTRACKED)) {
|
|
DEBUG_TRACE("%p: ct: untracked\n", skb);
|
|
return NF_ACCEPT;
|
|
}
|
|
@@ -1809,7 +1808,6 @@ sync_conntrack:
|
|
}
|
|
|
|
ct = nf_ct_tuplehash_to_ctrack(h);
|
|
- NF_CT_ASSERT(ct->timeout.data == (unsigned long)ct);
|
|
DEBUG_TRACE("%p: NSS Sync: conntrack connection\n", ct);
|
|
|
|
ecm_front_end_flow_and_return_directions_get(ct, flow_ip, 6, &flow_dir, &return_dir);
|
|
@@ -1820,7 +1818,7 @@ sync_conntrack:
|
|
*/
|
|
if (!test_bit(IPS_FIXED_TIMEOUT_BIT, &ct->status)) {
|
|
spin_lock_bh(&ct->lock);
|
|
- ct->timeout.expires += delta_jiffies;
|
|
+ ct->timeout += delta_jiffies;
|
|
spin_unlock_bh(&ct->lock);
|
|
}
|
|
|
|
@@ -1878,17 +1876,15 @@ sync_conntrack:
|
|
u_int64_t reply_pkts = atomic64_read(&acct[IP_CT_DIR_REPLY].packets);
|
|
|
|
if (reply_pkts != 0) {
|
|
- struct nf_conntrack_l4proto *l4proto;
|
|
unsigned int *timeouts;
|
|
|
|
set_bit(IPS_SEEN_REPLY_BIT, &ct->status);
|
|
set_bit(IPS_ASSURED_BIT, &ct->status);
|
|
|
|
- l4proto = __nf_ct_l4proto_find(AF_INET6, IPPROTO_UDP);
|
|
- timeouts = nf_ct_timeout_lookup(&init_net, ct, l4proto);
|
|
+ timeouts = nf_ct_timeout_lookup(ct);
|
|
|
|
spin_lock_bh(&ct->lock);
|
|
- ct->timeout.expires = jiffies + timeouts[UDP_CT_REPLIED];
|
|
+ ct->timeout = jiffies + timeouts[UDP_CT_REPLIED];
|
|
spin_unlock_bh(&ct->lock);
|
|
}
|
|
}
|
|
@@ -2402,7 +2398,7 @@ int ecm_nss_ipv6_init(struct dentry *dentry)
|
|
/*
|
|
* Register netfilter hooks
|
|
*/
|
|
- result = nf_register_hooks(ecm_nss_ipv6_netfilter_hooks, ARRAY_SIZE(ecm_nss_ipv6_netfilter_hooks));
|
|
+ result = nf_register_net_hooks(&init_net, ecm_nss_ipv6_netfilter_hooks, ARRAY_SIZE(ecm_nss_ipv6_netfilter_hooks));
|
|
if (result < 0) {
|
|
DEBUG_ERROR("Can't register netfilter hooks.\n");
|
|
nss_ipv6_notify_unregister();
|
|
@@ -2414,8 +2410,8 @@ int ecm_nss_ipv6_init(struct dentry *dentry)
|
|
if (result < 0) {
|
|
DEBUG_ERROR("Failed to init ecm ipv6 multicast frontend\n");
|
|
nss_ipv6_notify_unregister();
|
|
- nf_unregister_hooks(ecm_nss_ipv6_netfilter_hooks,
|
|
- ARRAY_SIZE(ecm_nss_ipv6_netfilter_hooks));
|
|
+ nf_unregister_net_hooks(&init_net, ecm_nss_ipv6_netfilter_hooks,
|
|
+ ARRAY_SIZE(ecm_nss_ipv6_netfilter_hooks));
|
|
goto task_cleanup;
|
|
}
|
|
#endif
|
|
@@ -2426,8 +2422,8 @@ int ecm_nss_ipv6_init(struct dentry *dentry)
|
|
#ifdef ECM_MULTICAST_ENABLE
|
|
ecm_nss_multicast_ipv6_exit();
|
|
#endif
|
|
- nf_unregister_hooks(ecm_nss_ipv6_netfilter_hooks,
|
|
- ARRAY_SIZE(ecm_nss_ipv6_netfilter_hooks));
|
|
+ nf_unregister_net_hooks(&init_net, ecm_nss_ipv6_netfilter_hooks,
|
|
+ ARRAY_SIZE(ecm_nss_ipv6_netfilter_hooks));
|
|
goto task_cleanup;
|
|
}
|
|
|
|
@@ -2453,8 +2449,8 @@ void ecm_nss_ipv6_exit(void)
|
|
/*
|
|
* Stop the network stack hooks
|
|
*/
|
|
- nf_unregister_hooks(ecm_nss_ipv6_netfilter_hooks,
|
|
- ARRAY_SIZE(ecm_nss_ipv6_netfilter_hooks));
|
|
+ nf_unregister_net_hooks(&init_net, ecm_nss_ipv6_netfilter_hooks,
|
|
+ ARRAY_SIZE(ecm_nss_ipv6_netfilter_hooks));
|
|
|
|
/*
|
|
* Unregister from the Linux NSS Network driver
|
|
--- a/frontends/nss/ecm_nss_multicast_ipv4.c
|
|
+++ b/frontends/nss/ecm_nss_multicast_ipv4.c
|
|
@@ -50,7 +50,6 @@
|
|
#include <net/netfilter/nf_conntrack_acct.h>
|
|
#include <net/netfilter/nf_conntrack_helper.h>
|
|
#include <net/netfilter/nf_conntrack_l4proto.h>
|
|
-#include <net/netfilter/nf_conntrack_l3proto.h>
|
|
#include <net/netfilter/nf_conntrack_zones.h>
|
|
#include <net/netfilter/nf_conntrack_core.h>
|
|
#include <net/netfilter/ipv4/nf_conntrack_ipv4.h>
|
|
--- a/frontends/nss/ecm_nss_multicast_ipv6.c
|
|
+++ b/frontends/nss/ecm_nss_multicast_ipv6.c
|
|
@@ -51,7 +51,6 @@
|
|
#include <net/netfilter/nf_conntrack_acct.h>
|
|
#include <net/netfilter/nf_conntrack_helper.h>
|
|
#include <net/netfilter/nf_conntrack_l4proto.h>
|
|
-#include <net/netfilter/nf_conntrack_l3proto.h>
|
|
#include <net/netfilter/nf_conntrack_zones.h>
|
|
#include <net/netfilter/nf_conntrack_core.h>
|
|
#include <net/netfilter/ipv6/nf_conntrack_ipv6.h>
|
|
--- a/frontends/nss/ecm_nss_non_ported_ipv4.c
|
|
+++ b/frontends/nss/ecm_nss_non_ported_ipv4.c
|
|
@@ -47,7 +47,6 @@
|
|
#include <net/netfilter/nf_conntrack_acct.h>
|
|
#include <net/netfilter/nf_conntrack_helper.h>
|
|
#include <net/netfilter/nf_conntrack_l4proto.h>
|
|
-#include <net/netfilter/nf_conntrack_l3proto.h>
|
|
#include <net/netfilter/nf_conntrack_zones.h>
|
|
#include <net/netfilter/nf_conntrack_core.h>
|
|
#include <net/netfilter/ipv4/nf_conntrack_ipv4.h>
|
|
@@ -640,7 +639,7 @@ static void ecm_nss_non_ported_ipv4_connection_accelerate(struct ecm_front_end_c
|
|
#ifdef ECM_INTERFACE_GRE_TAP_ENABLE
|
|
dev = dev_get_by_index(&init_net, ecm_db_iface_interface_identifier_get(ii));
|
|
if (dev) {
|
|
- if (dev->priv_flags & IFF_GRE_V4_TAP) {
|
|
+ if (dev->priv_flags_qca_ecm & IFF_QCA_ECM_GRE_V4_TAP) {
|
|
/*
|
|
* Clear QOS_VALID to prevent outer rule from overwriting
|
|
* inner flow's QoS classification.
|
|
--- a/frontends/nss/ecm_nss_non_ported_ipv6.c
|
|
+++ b/frontends/nss/ecm_nss_non_ported_ipv6.c
|
|
@@ -47,7 +47,6 @@
|
|
#include <net/netfilter/nf_conntrack_acct.h>
|
|
#include <net/netfilter/nf_conntrack_helper.h>
|
|
#include <net/netfilter/nf_conntrack_l4proto.h>
|
|
-#include <net/netfilter/nf_conntrack_l3proto.h>
|
|
#include <net/netfilter/nf_conntrack_zones.h>
|
|
#include <net/netfilter/nf_conntrack_core.h>
|
|
#include <net/netfilter/ipv6/nf_conntrack_ipv6.h>
|
|
@@ -548,7 +547,7 @@ static void ecm_nss_non_ported_ipv6_connection_accelerate(struct ecm_front_end_c
|
|
#ifdef ECM_INTERFACE_GRE_TAP_ENABLE
|
|
dev = dev_get_by_index(&init_net, ecm_db_iface_interface_identifier_get(ii));
|
|
if (dev) {
|
|
- if (dev->priv_flags & IFF_GRE_V6_TAP) {
|
|
+ if (dev->priv_flags_qca_ecm & IFF_QCA_ECM_GRE_V6_TAP) {
|
|
/*
|
|
* Clear QOS_VALID to prevent outer rule from overwriting
|
|
* inner flow's QoS classification.
|
|
--- a/frontends/nss/ecm_nss_ported_ipv4.c
|
|
+++ b/frontends/nss/ecm_nss_ported_ipv4.c
|
|
@@ -47,7 +47,6 @@
|
|
#include <net/netfilter/nf_conntrack_acct.h>
|
|
#include <net/netfilter/nf_conntrack_helper.h>
|
|
#include <net/netfilter/nf_conntrack_l4proto.h>
|
|
-#include <net/netfilter/nf_conntrack_l3proto.h>
|
|
#include <net/netfilter/nf_conntrack_zones.h>
|
|
#include <net/netfilter/nf_conntrack_core.h>
|
|
#include <net/netfilter/ipv4/nf_conntrack_ipv4.h>
|
|
--- a/frontends/nss/ecm_nss_ported_ipv6.c
|
|
+++ b/frontends/nss/ecm_nss_ported_ipv6.c
|
|
@@ -47,7 +47,6 @@
|
|
#include <net/netfilter/nf_conntrack_acct.h>
|
|
#include <net/netfilter/nf_conntrack_helper.h>
|
|
#include <net/netfilter/nf_conntrack_l4proto.h>
|
|
-#include <net/netfilter/nf_conntrack_l3proto.h>
|
|
#include <net/netfilter/nf_conntrack_zones.h>
|
|
#include <net/netfilter/nf_conntrack_core.h>
|
|
#include <net/netfilter/ipv6/nf_conntrack_ipv6.h>
|
|
@@ -1996,7 +1995,7 @@ unsigned int ecm_nss_ported_ipv6_process
|
|
/*
|
|
* Deny acceleration for L2TP-over-UDP tunnel
|
|
*/
|
|
- if ((in_dev->priv_flags & IFF_PPP_L2TPV2) && ppp_is_xmit_locked(in_dev)) {
|
|
+ if ((in_dev->priv_flags_qca_ecm & IFF_QCA_ECM_PPP_L2TPV2) && ppp_is_xmit_locked(in_dev)) {
|
|
DEBUG_TRACE("Skip packets for L2TP tunnel in skb %p\n", skb);
|
|
can_accel = false;
|
|
}
|
|
--- a/frontends/sfe/ecm_sfe_ipv4.c
|
|
+++ b/frontends/sfe/ecm_sfe_ipv4.c
|
|
@@ -47,7 +47,6 @@
|
|
#include <net/netfilter/nf_conntrack_acct.h>
|
|
#include <net/netfilter/nf_conntrack_helper.h>
|
|
#include <net/netfilter/nf_conntrack_l4proto.h>
|
|
-#include <net/netfilter/nf_conntrack_l3proto.h>
|
|
#if (LINUX_VERSION_CODE <= KERNEL_VERSION(4, 2, 0))
|
|
#include <net/netfilter/nf_conntrack_zones.h>
|
|
#else
|
|
@@ -746,7 +745,8 @@ static unsigned int ecm_sfe_ipv4_ip_proc
|
|
* If skb_dst(skb)->xfrm is not null, packet is to be encrypted by ipsec, we can't accelerate it.
|
|
* If skb->sp is not null, packet is decrypted by ipsec. We only accelerate it when configuration didn't reject ipsec.
|
|
*/
|
|
- if (unlikely((skb_dst(skb) && skb_dst(skb)->xfrm) || (ecm_sfe_ipv4_reject_acceleration_for_ipsec && skb->sp))) {
|
|
+ if (unlikely((skb_dst(skb) && skb_dst(skb)->xfrm) || \
|
|
+ (ecm_sfe_ipv4_reject_acceleration_for_ipsec && skb_ext_exist(skb, SKB_EXT_SEC_PATH)))) {
|
|
DEBUG_TRACE("skip local ipsec flows\n");
|
|
return NF_ACCEPT;
|
|
}
|
|
@@ -762,7 +762,7 @@ static unsigned int ecm_sfe_ipv4_ip_process(struct net_device *out_dev, struct n
|
|
reply_tuple.dst.u3.ip = orig_tuple.src.u3.ip;
|
|
sender = ECM_TRACKER_SENDER_TYPE_SRC;
|
|
} else {
|
|
- if (unlikely(ct == &nf_conntrack_untracked)) {
|
|
+ if (unlikely(ctinfo == IP_CT_UNTRACKED)) {
|
|
DEBUG_TRACE("%p: ct: untracked\n", skb);
|
|
return NF_ACCEPT;
|
|
}
|
|
@@ -1531,7 +1526,6 @@ sync_conntrack:
|
|
}
|
|
|
|
ct = nf_ct_tuplehash_to_ctrack(h);
|
|
- NF_CT_ASSERT(ct->timeout.data == (unsigned long)ct);
|
|
DEBUG_TRACE("%p: SFE Sync: conntrack connection\n", ct);
|
|
|
|
ecm_front_end_flow_and_return_directions_get(ct, flow_ip, 4, &flow_dir, &return_dir);
|
|
@@ -1551,7 +1545,7 @@ sync_conntrack:
|
|
delta_jiffies = ((sync->inc_ticks * HZ) + (MSEC_PER_SEC / 2)) / MSEC_PER_SEC;
|
|
|
|
spin_lock_bh(&ct->lock);
|
|
- ct->timeout.expires += delta_jiffies;
|
|
+ ct->timeout += delta_jiffies;
|
|
spin_unlock_bh(&ct->lock);
|
|
}
|
|
|
|
@@ -1609,17 +1603,15 @@ sync_conntrack:
|
|
u_int64_t reply_pkts = atomic64_read(&acct[IP_CT_DIR_REPLY].packets);
|
|
|
|
if (reply_pkts != 0) {
|
|
- struct nf_conntrack_l4proto *l4proto;
|
|
unsigned int *timeouts;
|
|
|
|
set_bit(IPS_SEEN_REPLY_BIT, &ct->status);
|
|
set_bit(IPS_ASSURED_BIT, &ct->status);
|
|
|
|
- l4proto = __nf_ct_l4proto_find(AF_INET, IPPROTO_UDP);
|
|
- timeouts = nf_ct_timeout_lookup(&init_net, ct, l4proto);
|
|
+ timeouts = nf_ct_timeout_lookup(ct);
|
|
|
|
spin_lock_bh(&ct->lock);
|
|
- ct->timeout.expires = jiffies + timeouts[UDP_CT_REPLIED];
|
|
+ ct->timeout = jiffies + timeouts[UDP_CT_REPLIED];
|
|
spin_unlock_bh(&ct->lock);
|
|
}
|
|
}
|
|
@@ -1901,7 +1893,7 @@ int ecm_sfe_ipv4_init(struct dentry *den
|
|
/*
|
|
* Register netfilter hooks
|
|
*/
|
|
- result = nf_register_hooks(ecm_sfe_ipv4_netfilter_hooks, ARRAY_SIZE(ecm_sfe_ipv4_netfilter_hooks));
|
|
+ result = nf_register_net_hooks(&init_net, ecm_sfe_ipv4_netfilter_hooks, ARRAY_SIZE(ecm_sfe_ipv4_netfilter_hooks));
|
|
if (result < 0) {
|
|
DEBUG_ERROR("Can't register netfilter hooks.\n");
|
|
sfe_drv_ipv4_notify_unregister();
|
|
@@ -1934,8 +1926,8 @@ void ecm_sfe_ipv4_exit(void)
|
|
/*
|
|
* Stop the network stack hooks
|
|
*/
|
|
- nf_unregister_hooks(ecm_sfe_ipv4_netfilter_hooks,
|
|
- ARRAY_SIZE(ecm_sfe_ipv4_netfilter_hooks));
|
|
+ nf_unregister_net_hooks(&init_net, ecm_sfe_ipv4_netfilter_hooks,
|
|
+ ARRAY_SIZE(ecm_sfe_ipv4_netfilter_hooks));
|
|
|
|
/*
|
|
* Unregister from the simulated sfe driver
|
|
--- a/frontends/sfe/ecm_sfe_ipv6.c
|
|
+++ b/frontends/sfe/ecm_sfe_ipv6.c
|
|
@@ -51,7 +51,6 @@
|
|
#include <net/netfilter/nf_conntrack_acct.h>
|
|
#include <net/netfilter/nf_conntrack_helper.h>
|
|
#include <net/netfilter/nf_conntrack_l4proto.h>
|
|
-#include <net/netfilter/nf_conntrack_l3proto.h>
|
|
#if (LINUX_VERSION_CODE <= KERNEL_VERSION(4, 2, 0))
|
|
#include <net/netfilter/nf_conntrack_zones.h>
|
|
#else
|
|
@@ -714,7 +713,8 @@ static unsigned int ecm_sfe_ipv6_ip_proc
|
|
* If skb_dst(skb)->xfrm is not null, packet is to be encrypted by ipsec, we can't accelerate it.
|
|
* If skb->sp is not null, packet is decrypted by ipsec. We only accelerate it when configuration didn't reject ipsec.
|
|
*/
|
|
- if (unlikely((skb_dst(skb) && skb_dst(skb)->xfrm) || (ecm_sfe_ipv6_reject_acceleration_for_ipsec && skb->sp))) {
|
|
+ if (unlikely((skb_dst(skb) && skb_dst(skb)->xfrm) || \
|
|
+ (ecm_sfe_ipv6_reject_acceleration_for_ipsec && skb_ext_exist(skb, SKB_EXT_SEC_PATH)))) {
|
|
DEBUG_TRACE("skip local ipsec flows\n");
|
|
return NF_ACCEPT;
|
|
}
|
|
@@ -733,7 +733,7 @@ static unsigned int ecm_sfe_ipv6_ip_proc
|
|
ECM_IP_ADDR_TO_NIN6_ADDR(reply_tuple.dst.u3.in6, ip_hdr.src_addr);
|
|
sender = ECM_TRACKER_SENDER_TYPE_SRC;
|
|
} else {
|
|
- if (unlikely(ct == &nf_conntrack_untracked)) {
|
|
+ if (unlikely(ctinfo == IP_CT_UNTRACKED)) {
|
|
DEBUG_TRACE("%p: ct: untracked\n", skb);
|
|
return NF_ACCEPT;
|
|
}
|
|
@@ -1255,7 +1255,6 @@ sync_conntrack:
|
|
}
|
|
|
|
ct = nf_ct_tuplehash_to_ctrack(h);
|
|
- NF_CT_ASSERT(ct->timeout.data == (unsigned long)ct);
|
|
DEBUG_TRACE("%p: SFE Sync: conntrack connection\n", ct);
|
|
|
|
ecm_front_end_flow_and_return_directions_get(ct, flow_ip, 6, &flow_dir, &return_dir);
|
|
@@ -1275,7 +1274,7 @@ sync_conntrack:
|
|
delta_jiffies = ((sync->inc_ticks * HZ) + (MSEC_PER_SEC / 2)) / MSEC_PER_SEC;
|
|
|
|
spin_lock_bh(&ct->lock);
|
|
- ct->timeout.expires += delta_jiffies;
|
|
+ ct->timeout += delta_jiffies;
|
|
spin_unlock_bh(&ct->lock);
|
|
}
|
|
#if (LINUX_VERSION_CODE <= KERNEL_VERSION(3,6,0))
|
|
@@ -1332,17 +1331,15 @@ sync_conntrack:
|
|
u_int64_t reply_pkts = atomic64_read(&acct[IP_CT_DIR_REPLY].packets);
|
|
|
|
if (reply_pkts != 0) {
|
|
- struct nf_conntrack_l4proto *l4proto;
|
|
unsigned int *timeouts;
|
|
|
|
set_bit(IPS_SEEN_REPLY_BIT, &ct->status);
|
|
set_bit(IPS_ASSURED_BIT, &ct->status);
|
|
|
|
- l4proto = __nf_ct_l4proto_find(AF_INET6, IPPROTO_UDP);
|
|
- timeouts = nf_ct_timeout_lookup(&init_net, ct, l4proto);
|
|
+ timeouts = nf_ct_timeout_lookup(ct);
|
|
|
|
spin_lock_bh(&ct->lock);
|
|
- ct->timeout.expires = jiffies + timeouts[UDP_CT_REPLIED];
|
|
+ ct->timeout = jiffies + timeouts[UDP_CT_REPLIED];
|
|
spin_unlock_bh(&ct->lock);
|
|
}
|
|
}
|
|
@@ -1624,7 +1621,7 @@ int ecm_sfe_ipv6_init(struct dentry *den
|
|
/*
|
|
* Register netfilter hooks
|
|
*/
|
|
- result = nf_register_hooks(ecm_sfe_ipv6_netfilter_hooks, ARRAY_SIZE(ecm_sfe_ipv6_netfilter_hooks));
|
|
+ result = nf_register_net_hooks(&init_net, ecm_sfe_ipv6_netfilter_hooks, ARRAY_SIZE(ecm_sfe_ipv6_netfilter_hooks));
|
|
if (result < 0) {
|
|
DEBUG_ERROR("Can't register netfilter hooks.\n");
|
|
sfe_drv_ipv6_notify_unregister();
|
|
@@ -1656,8 +1653,8 @@ void ecm_sfe_ipv6_exit(void)
|
|
/*
|
|
* Stop the network stack hooks
|
|
*/
|
|
- nf_unregister_hooks(ecm_sfe_ipv6_netfilter_hooks,
|
|
- ARRAY_SIZE(ecm_sfe_ipv6_netfilter_hooks));
|
|
+ nf_unregister_net_hooks(&init_net, ecm_sfe_ipv6_netfilter_hooks,
|
|
+ ARRAY_SIZE(ecm_sfe_ipv6_netfilter_hooks));
|
|
|
|
/*
|
|
* Unregister from the Linux SFE Network driver
|
|
--- a/frontends/sfe/ecm_sfe_non_ported_ipv4.c
|
|
+++ b/frontends/sfe/ecm_sfe_non_ported_ipv4.c
|
|
@@ -46,7 +46,6 @@
|
|
#include <net/netfilter/nf_conntrack_acct.h>
|
|
#include <net/netfilter/nf_conntrack_helper.h>
|
|
#include <net/netfilter/nf_conntrack_l4proto.h>
|
|
-#include <net/netfilter/nf_conntrack_l3proto.h>
|
|
#include <net/netfilter/nf_conntrack_zones.h>
|
|
#include <net/netfilter/nf_conntrack_core.h>
|
|
#include <net/netfilter/ipv4/nf_conntrack_ipv4.h>
|
|
@@ -1829,7 +1828,7 @@ unsigned int ecm_sfe_non_ported_ipv4_pro
|
|
/*
|
|
* Packet has been decrypted by ipsec, mark it in connection.
|
|
*/
|
|
- if (unlikely(skb->sp)) {
|
|
+ if (unlikely(skb_ext_exist(skb, SKB_EXT_SEC_PATH))) {
|
|
((struct ecm_sfe_non_ported_ipv4_connection_instance *)feci)->flow_ipsec_state = ECM_SFE_IPSEC_STATE_WAS_DECRYPTED;
|
|
((struct ecm_sfe_non_ported_ipv4_connection_instance *)feci)->return_ipsec_state = ECM_SFE_IPSEC_STATE_TO_ENCRYPT;
|
|
}
|
|
--- a/frontends/sfe/ecm_sfe_non_ported_ipv6.c
|
|
+++ b/frontends/sfe/ecm_sfe_non_ported_ipv6.c
|
|
@@ -47,7 +47,6 @@
|
|
#include <net/netfilter/nf_conntrack_acct.h>
|
|
#include <net/netfilter/nf_conntrack_helper.h>
|
|
#include <net/netfilter/nf_conntrack_l4proto.h>
|
|
-#include <net/netfilter/nf_conntrack_l3proto.h>
|
|
#include <net/netfilter/nf_conntrack_zones.h>
|
|
#include <net/netfilter/nf_conntrack_core.h>
|
|
#include <net/netfilter/ipv6/nf_conntrack_ipv6.h>
|
|
@@ -1710,7 +1709,7 @@ unsigned int ecm_sfe_non_ported_ipv6_pro
|
|
/*
|
|
* Packet has been decrypted by ipsec, mark it in connection.
|
|
*/
|
|
- if (unlikely(skb->sp)) {
|
|
+ if (unlikely(skb_ext_exist(skb, SKB_EXT_SEC_PATH))) {
|
|
((struct ecm_sfe_non_ported_ipv6_connection_instance *)feci)->flow_ipsec_state = ECM_SFE_IPSEC_STATE_WAS_DECRYPTED;
|
|
((struct ecm_sfe_non_ported_ipv6_connection_instance *)feci)->return_ipsec_state = ECM_SFE_IPSEC_STATE_TO_ENCRYPT;
|
|
}
|
|
--- a/frontends/sfe/ecm_sfe_ported_ipv4.c
|
|
+++ b/frontends/sfe/ecm_sfe_ported_ipv4.c
|
|
@@ -46,7 +46,6 @@
|
|
#include <net/netfilter/nf_conntrack_acct.h>
|
|
#include <net/netfilter/nf_conntrack_helper.h>
|
|
#include <net/netfilter/nf_conntrack_l4proto.h>
|
|
-#include <net/netfilter/nf_conntrack_l3proto.h>
|
|
#include <net/netfilter/nf_conntrack_zones.h>
|
|
#include <net/netfilter/nf_conntrack_core.h>
|
|
#include <net/netfilter/ipv4/nf_conntrack_ipv4.h>
|
|
@@ -2053,7 +2052,7 @@ unsigned int ecm_sfe_ported_ipv4_process
|
|
/*
|
|
* Packet has been decrypted by ipsec, mark it in connection.
|
|
*/
|
|
- if (unlikely(skb->sp)) {
|
|
+ if (unlikely(skb_ext_exist(skb, SKB_EXT_SEC_PATH))) {
|
|
((struct ecm_sfe_ported_ipv4_connection_instance *)feci)->flow_ipsec_state = ECM_SFE_IPSEC_STATE_WAS_DECRYPTED;
|
|
((struct ecm_sfe_ported_ipv4_connection_instance *)feci)->return_ipsec_state = ECM_SFE_IPSEC_STATE_TO_ENCRYPT;
|
|
}
|
|
--- a/frontends/sfe/ecm_sfe_ported_ipv6.c
|
|
+++ b/frontends/sfe/ecm_sfe_ported_ipv6.c
|
|
@@ -47,7 +47,6 @@
|
|
#include <net/netfilter/nf_conntrack_acct.h>
|
|
#include <net/netfilter/nf_conntrack_helper.h>
|
|
#include <net/netfilter/nf_conntrack_l4proto.h>
|
|
-#include <net/netfilter/nf_conntrack_l3proto.h>
|
|
#include <net/netfilter/nf_conntrack_zones.h>
|
|
#include <net/netfilter/nf_conntrack_core.h>
|
|
#include <net/netfilter/ipv6/nf_conntrack_ipv6.h>
|
|
@@ -1826,7 +1825,7 @@ unsigned int ecm_sfe_ported_ipv6_process
|
|
/*
|
|
* Deny acceleration for L2TP-over-UDP tunnel
|
|
*/
|
|
- if ((in_dev->priv_flags & IFF_PPP_L2TPV2) && ppp_is_xmit_locked(in_dev)) {
|
|
+ if ((in_dev->priv_flags_qca_ecm & IFF_QCA_ECM_PPP_L2TPV2) && ppp_is_xmit_locked(in_dev)) {
|
|
DEBUG_TRACE("Skip packets for L2TP tunnel in skb %p\n", skb);
|
|
can_accel = false;
|
|
}
|
|
@@ -1958,7 +1957,7 @@ unsigned int ecm_sfe_ported_ipv6_process
|
|
/*
|
|
* Packet has been decrypted by ipsec, mark it in connection.
|
|
*/
|
|
- if (unlikely(skb->sp)) {
|
|
+ if (unlikely(skb_ext_exist(skb, SKB_EXT_SEC_PATH))) {
|
|
((struct ecm_sfe_ported_ipv6_connection_instance *)feci)->flow_ipsec_state = ECM_SFE_IPSEC_STATE_WAS_DECRYPTED;
|
|
((struct ecm_sfe_ported_ipv6_connection_instance *)feci)->return_ipsec_state = ECM_SFE_IPSEC_STATE_TO_ENCRYPT;
|
|
}
|