mirror of
https://github.com/Ysurac/openmptcprouter-feeds.git
synced 2025-03-09 15:40:03 +00:00
Update shortcut-fe
This commit is contained in:
parent
cf871353f8
commit
89c7a3c206
17 changed files with 369 additions and 702 deletions
|
@ -1,43 +1,60 @@
|
|||
#
|
||||
# Copyright (c) 2013-2018 The Linux Foundation. All rights reserved.
|
||||
# Permission to use, copy, modify, and/or distribute this software for
|
||||
# any purpose with or without fee is hereby granted, provided that the
|
||||
# above copyright notice and this permission notice appear in all copies.
|
||||
# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
||||
# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
||||
# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
|
||||
# OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
#
|
||||
|
||||
include $(TOPDIR)/rules.mk
|
||||
include $(INCLUDE_DIR)/kernel.mk
|
||||
|
||||
PKG_NAME:=fast-classifier
|
||||
PKG_RELEASE:=1
|
||||
PKG_CONFIG_DEPENDS := CONFIG_IPV6
|
||||
PKG_RELEASE:=6
|
||||
|
||||
include $(INCLUDE_DIR)/package.mk
|
||||
|
||||
define KernelPackage/$(PKG_NAME)/Default
|
||||
define KernelPackage/fast-classifier/Default
|
||||
SECTION:=kernel
|
||||
CATEGORY:=Kernel modules
|
||||
SUBMENU:=Network Support
|
||||
DEPENDS:=+kmod-ipt-conntrack +kmod-shortcut-fe
|
||||
TITLE:=Kernel driver for FAST Classifier
|
||||
FILES:=$(PKG_BUILD_DIR)/fast-classifier.ko
|
||||
KCONFIG:=CONFIG_NF_CONNTRACK_CHAIN_EVENTS=y CONFIG_NF_CONNTRACK_MARK=y
|
||||
PROVIDES:=$(PKG_NAME)
|
||||
KCONFIG:= \
|
||||
CONFIG_NF_CONNTRACK_EVENTS=y \
|
||||
CONFIG_NF_CONNTRACK_CHAIN_EVENTS=y \
|
||||
CONFIG_NF_CONNTRACK_MARK=y \
|
||||
CONFIG_XFRM=y
|
||||
CONFLICTS:=kmod-shortcut-fe-drv kmod-shortcut-fe-cm
|
||||
endef
|
||||
|
||||
define KernelPackage/$(PKG_NAME)
|
||||
$(call KernelPackage/$(PKG_NAME)/Default)
|
||||
define KernelPackage/fast-classifier
|
||||
$(call KernelPackage/fast-classifier/Default)
|
||||
endef
|
||||
|
||||
define KernelPackage/$(PKG_NAME)-noload
|
||||
$(call KernelPackage/$(PKG_NAME)/Default)
|
||||
define KernelPackage/fast-classifier-noload
|
||||
$(call KernelPackage/fast-classifier/Default)
|
||||
endef
|
||||
|
||||
define KernelPackage/$(PKG_NAME)/Default/description
|
||||
define KernelPackage/fast-classifier/Default/description
|
||||
FAST Classifier talks to SFE to make decisions about offloading connections
|
||||
endef
|
||||
|
||||
define KernelPackage/$(PKG_NAME)/description
|
||||
$(call KernelPackage/$(PKG_NAME)/Default/description)
|
||||
define KernelPackage/fast-classifier/description
|
||||
$(call KernelPackage/fast-classifier/Default/description)
|
||||
endef
|
||||
|
||||
define KernelPackage/$(PKG_NAME)-noload/description
|
||||
$(call KernelPackage/$(PKG_NAME)/Default/description)
|
||||
define KernelPackage/fast-classifier-noload/description
|
||||
$(call KernelPackage/fast-classifier/Default/description)
|
||||
|
||||
This package does not load $(PKG_NAME) at boot by default
|
||||
This package does not load fast-classifier at boot by default
|
||||
endef
|
||||
|
||||
define Package/fast-classifier-example
|
||||
|
@ -50,15 +67,16 @@ Example user space program that communicates with fast
|
|||
classifier kernel module
|
||||
endef
|
||||
|
||||
SFE_MAKE_OPTS:=SFE_SUPPORT_IPV6=$(if $(CONFIG_IPV6),y,n)
|
||||
HAVE_ECM:=$(CONFIG_PACKAGE_kmod-qca-nss-ecm-premium)$(CONFIG_PACKAGE_kmod-qca-nss-ecm-noload)$(CONFIG_PACKAGE_kmod-qca-nss-ecm-premium-noload)$(CONFIG_PACKAGE_kmod-qca-nss-ecm-standard)
|
||||
|
||||
define Build/Compile/kmod
|
||||
+$(MAKE) $(PKG_JOBS) -C "$(LINUX_DIR)" $(SFE_MAKE_OPTS) \
|
||||
+$(MAKE) $(PKG_JOBS) -C "$(LINUX_DIR)" \
|
||||
$(KERNEL_MAKE_FLAGS) \
|
||||
$(PKG_MAKE_FLAGS) \
|
||||
M="$(PKG_BUILD_DIR)" \
|
||||
CONFIG_FAST_CLASSIFIER=m \
|
||||
EXTRA_CFLAGS="$(EXTRA_CFLAGS)" \
|
||||
EXTRA_CFLAGS+="-DSFE_SUPPORT_IPV6" \
|
||||
$(if $(HAVE_ECM),EXTRA_CFLAGS+="-DCONFIG_SFE_ECM" CONFIG_SFE_ECM=y,) \
|
||||
modules
|
||||
endef
|
||||
|
||||
|
@ -81,12 +99,11 @@ define Build/InstallDev
|
|||
$(CP) $(PKG_BUILD_DIR)/fast-classifier.h $(1)/usr/include/
|
||||
endef
|
||||
|
||||
|
||||
define Package/fast-classifier-example/install
|
||||
$(INSTALL_DIR) $(1)/sbin
|
||||
$(CP) $(PKG_BUILD_DIR)/userspace_fast_classifier $(1)/sbin/
|
||||
endef
|
||||
|
||||
$(eval $(call KernelPackage,$(PKG_NAME)))
|
||||
$(eval $(call KernelPackage,$(PKG_NAME)-noload))
|
||||
$(eval $(call KernelPackage,fast-classifier))
|
||||
#$(eval $(call KernelPackage,fast-classifier-noload))
|
||||
#$(eval $(call BuildPackage,fast-classifier-example))
|
||||
|
|
|
@ -36,9 +36,9 @@
|
|||
#include <linux/hashtable.h>
|
||||
#include <linux/version.h>
|
||||
|
||||
#include "sfe_backport.h"
|
||||
#include "sfe.h"
|
||||
#include "sfe_cm.h"
|
||||
#include <sfe_backport.h>
|
||||
#include <sfe.h>
|
||||
#include <sfe_cm.h>
|
||||
#include "fast-classifier.h"
|
||||
|
||||
typedef enum fast_classifier_exception {
|
||||
|
@ -451,6 +451,10 @@ static u32 fc_conn_hash(sfe_ip_addr_t *saddr, sfe_ip_addr_t *daddr,
|
|||
*/
|
||||
static int fast_classifier_update_protocol(struct sfe_connection_create *p_sic, struct nf_conn *ct)
|
||||
{
|
||||
#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 15, 0)
|
||||
struct net *net=NULL ;
|
||||
struct nf_tcp_net *tn=NULL;
|
||||
#endif
|
||||
switch (p_sic->protocol) {
|
||||
case IPPROTO_TCP:
|
||||
p_sic->src_td_window_scale = ct->proto.tcp.seen[0].td_scale;
|
||||
|
@ -461,8 +465,14 @@ static int fast_classifier_update_protocol(struct sfe_connection_create *p_sic,
|
|||
p_sic->dest_td_max_window = ct->proto.tcp.seen[1].td_maxwin;
|
||||
p_sic->dest_td_end = ct->proto.tcp.seen[1].td_end;
|
||||
p_sic->dest_td_max_end = ct->proto.tcp.seen[1].td_maxend;
|
||||
|
||||
if (nf_ct_tcp_no_window_check
|
||||
#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 15, 0)
|
||||
net = nf_ct_net(ct);
|
||||
tn = nf_tcp_pernet(net);
|
||||
if ((tn&&tn->tcp_no_window_check)
|
||||
#else
|
||||
if (nf_ct_tcp_no_window_check
|
||||
#endif
|
||||
|
||||
|| (ct->proto.tcp.seen[0].flags & IP_CT_TCP_FLAG_BE_LIBERAL)
|
||||
|| (ct->proto.tcp.seen[1].flags & IP_CT_TCP_FLAG_BE_LIBERAL)) {
|
||||
p_sic->flags |= SFE_CREATE_FLAG_NO_SEQ_CHECK;
|
||||
|
@ -1744,8 +1754,11 @@ static int __init fast_classifier_init(void)
|
|||
{
|
||||
struct fast_classifier *sc = &__sc;
|
||||
int result = -1;
|
||||
#ifdef CONFIG_SFE_ECM
|
||||
int (*fast_recv)(struct sk_buff *skb);
|
||||
#endif
|
||||
|
||||
printk(KERN_ALERT "fast-classifier (PBR safe v2.1.4a): starting up\n");
|
||||
printk(KERN_ALERT "fast-classifier: starting up\n");
|
||||
DEBUG_INFO("SFE CM init\n");
|
||||
|
||||
hash_init(fc_conn_ht);
|
||||
|
@ -1810,6 +1823,7 @@ static int __init fast_classifier_init(void)
|
|||
goto exit3;
|
||||
}
|
||||
|
||||
#ifdef CONFIG_NF_CONNTRACK_EVENTS
|
||||
/*
|
||||
* Register a notifier hook to get fast notifications of expired connections.
|
||||
*/
|
||||
|
@ -1817,12 +1831,14 @@ static int __init fast_classifier_init(void)
|
|||
result = nf_conntrack_register_chain_notifier(&init_net, &fast_classifier_conntrack_notifier);
|
||||
#else
|
||||
result = nf_conntrack_register_notifier(&init_net, &fast_classifier_conntrack_notifier);
|
||||
#endif
|
||||
if (result < 0) {
|
||||
DEBUG_ERROR("can't register nf notifier hook: %d\n", result);
|
||||
goto exit4;
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 10, 0))
|
||||
result = genl_register_family(&fast_classifier_gnl_family);
|
||||
if (result) {
|
||||
|
@ -1865,7 +1881,16 @@ static int __init fast_classifier_init(void)
|
|||
/*
|
||||
* Hook the receive path in the network stack.
|
||||
*/
|
||||
#ifdef CONFIG_SFE_ECM
|
||||
rcu_read_lock();
|
||||
fast_recv = rcu_dereference(athrs_fast_nat_recv);
|
||||
rcu_read_unlock();
|
||||
if (!fast_recv) {
|
||||
BUG_ON(athrs_fast_nat_recv);
|
||||
}
|
||||
#else
|
||||
BUG_ON(athrs_fast_nat_recv);
|
||||
#endif
|
||||
RCU_INIT_POINTER(athrs_fast_nat_recv, fast_classifier_recv);
|
||||
|
||||
/*
|
||||
|
@ -1974,3 +1999,4 @@ module_exit(fast_classifier_exit)
|
|||
|
||||
MODULE_DESCRIPTION("Shortcut Forwarding Engine - Connection Manager");
|
||||
MODULE_LICENSE("Dual BSD/GPL");
|
||||
|
||||
|
|
|
@ -1,114 +0,0 @@
|
|||
/*
|
||||
* sfe.h
|
||||
* Shortcut forwarding engine.
|
||||
*
|
||||
* Copyright (c) 2013-2017 The Linux Foundation. All rights reserved.
|
||||
* Permission to use, copy, modify, and/or distribute this software for
|
||||
* any purpose with or without fee is hereby granted, provided that the
|
||||
* above copyright notice and this permission notice appear in all copies.
|
||||
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
||||
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
||||
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
|
||||
* OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
|
||||
/*
|
||||
* The following are debug macros used throughout the SFE.
|
||||
*
|
||||
* The DEBUG_LEVEL enables the followings based on its value,
|
||||
* when dynamic debug option is disabled.
|
||||
*
|
||||
* 0 = OFF
|
||||
* 1 = ASSERTS / ERRORS
|
||||
* 2 = 1 + WARN
|
||||
* 3 = 2 + INFO
|
||||
* 4 = 3 + TRACE
|
||||
*/
|
||||
#define DEBUG_LEVEL 2
|
||||
|
||||
#if (DEBUG_LEVEL < 1)
|
||||
#define DEBUG_ASSERT(s, ...)
|
||||
#define DEBUG_ERROR(s, ...)
|
||||
#else
|
||||
#define DEBUG_ASSERT(c, s, ...) if (!(c)) { pr_emerg("ASSERT: %s:%d:" s, __FUNCTION__, __LINE__, ##__VA_ARGS__); BUG(); }
|
||||
#define DEBUG_ERROR(s, ...) pr_err("%s:%d:" s, __FUNCTION__, __LINE__, ##__VA_ARGS__)
|
||||
#endif
|
||||
|
||||
#if defined(CONFIG_DYNAMIC_DEBUG)
|
||||
/*
|
||||
* Compile messages for dynamic enable/disable
|
||||
*/
|
||||
#define DEBUG_WARN(s, ...) pr_debug("%s[%d]:" s, __FUNCTION__, __LINE__, ##__VA_ARGS__)
|
||||
#define DEBUG_INFO(s, ...) pr_debug("%s[%d]:" s, __FUNCTION__, __LINE__, ##__VA_ARGS__)
|
||||
#define DEBUG_TRACE(s, ...) pr_debug("%s[%d]:" s, __FUNCTION__, __LINE__, ##__VA_ARGS__)
|
||||
#else
|
||||
|
||||
/*
|
||||
* Statically compile messages at different levels
|
||||
*/
|
||||
#if (DEBUG_LEVEL < 2)
|
||||
#define DEBUG_WARN(s, ...)
|
||||
#else
|
||||
#define DEBUG_WARN(s, ...) pr_warn("%s[%d]:" s, __FUNCTION__, __LINE__, ##__VA_ARGS__)
|
||||
#endif
|
||||
|
||||
#if (DEBUG_LEVEL < 3)
|
||||
#define DEBUG_INFO(s, ...)
|
||||
#else
|
||||
#define DEBUG_INFO(s, ...) pr_notice("%s[%d]:" s, __FUNCTION__, __LINE__, ##__VA_ARGS__)
|
||||
#endif
|
||||
|
||||
#if (DEBUG_LEVEL < 4)
|
||||
#define DEBUG_TRACE(s, ...)
|
||||
#else
|
||||
#define DEBUG_TRACE(s, ...) pr_info("%s[%d]:" s, __FUNCTION__, __LINE__, ##__VA_ARGS__)
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#ifdef CONFIG_NF_FLOW_COOKIE
|
||||
typedef int (*flow_cookie_set_func_t)(u32 protocol, __be32 src_ip, __be16 src_port,
|
||||
__be32 dst_ip, __be16 dst_port, u16 flow_cookie);
|
||||
/*
|
||||
* sfe_register_flow_cookie_cb
|
||||
* register a function in SFE to let SFE use this function to configure flow cookie for a flow
|
||||
*
|
||||
* Hardware driver which support flow cookie should register a callback function in SFE. Then SFE
|
||||
* can use this function to configure flow cookie for a flow.
|
||||
* return: 0, success; !=0, fail
|
||||
*/
|
||||
int sfe_register_flow_cookie_cb(flow_cookie_set_func_t cb);
|
||||
|
||||
/*
|
||||
* sfe_unregister_flow_cookie_cb
|
||||
* unregister function which is used to configure flow cookie for a flow
|
||||
*
|
||||
* return: 0, success; !=0, fail
|
||||
*/
|
||||
int sfe_unregister_flow_cookie_cb(flow_cookie_set_func_t cb);
|
||||
|
||||
typedef int (*sfe_ipv6_flow_cookie_set_func_t)(u32 protocol, __be32 src_ip[4], __be16 src_port,
|
||||
__be32 dst_ip[4], __be16 dst_port, u16 flow_cookie);
|
||||
|
||||
/*
|
||||
* sfe_ipv6_register_flow_cookie_cb
|
||||
* register a function in SFE to let SFE use this function to configure flow cookie for a flow
|
||||
*
|
||||
* Hardware driver which support flow cookie should register a callback function in SFE. Then SFE
|
||||
* can use this function to configure flow cookie for a flow.
|
||||
* return: 0, success; !=0, fail
|
||||
*/
|
||||
int sfe_ipv6_register_flow_cookie_cb(sfe_ipv6_flow_cookie_set_func_t cb);
|
||||
|
||||
/*
|
||||
* sfe_ipv6_unregister_flow_cookie_cb
|
||||
* unregister function which is used to configure flow cookie for a flow
|
||||
*
|
||||
* return: 0, success; !=0, fail
|
||||
*/
|
||||
int sfe_ipv6_unregister_flow_cookie_cb(sfe_ipv6_flow_cookie_set_func_t cb);
|
||||
|
||||
#endif /*CONFIG_NF_FLOW_COOKIE*/
|
|
@ -1,195 +0,0 @@
|
|||
/*
|
||||
* sfe_backport.h
|
||||
* Shortcut forwarding engine compatible header file.
|
||||
*
|
||||
* Copyright (c) 2014-2016 The Linux Foundation. All rights reserved.
|
||||
* Permission to use, copy, modify, and/or distribute this software for
|
||||
* any purpose with or without fee is hereby granted, provided that the
|
||||
* above copyright notice and this permission notice appear in all copies.
|
||||
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
||||
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
||||
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
|
||||
* OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
#include <linux/version.h>
|
||||
|
||||
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(3, 4, 0))
|
||||
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(3, 7, 0))
|
||||
#include <net/netfilter/nf_conntrack_timeout.h>
|
||||
#else
|
||||
enum udp_conntrack {
|
||||
UDP_CT_UNREPLIED,
|
||||
UDP_CT_REPLIED,
|
||||
UDP_CT_MAX
|
||||
};
|
||||
|
||||
static inline unsigned int *
|
||||
nf_ct_timeout_lookup(struct net *net, struct nf_conn *ct,
|
||||
struct nf_conntrack_l4proto *l4proto)
|
||||
{
|
||||
#ifdef CONFIG_NF_CONNTRACK_TIMEOUT
|
||||
struct nf_conn_timeout *timeout_ext;
|
||||
unsigned int *timeouts;
|
||||
|
||||
timeout_ext = nf_ct_timeout_find(ct);
|
||||
if (timeout_ext)
|
||||
timeouts = NF_CT_TIMEOUT_EXT_DATA(timeout_ext);
|
||||
else
|
||||
timeouts = l4proto->get_timeouts(net);
|
||||
|
||||
return timeouts;
|
||||
#else
|
||||
return l4proto->get_timeouts(net);
|
||||
#endif /*CONFIG_NF_CONNTRACK_TIMEOUT*/
|
||||
}
|
||||
#endif /*KERNEL_VERSION(3, 7, 0)*/
|
||||
#endif /*KERNEL_VERSION(3, 4, 0)*/
|
||||
|
||||
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 4, 0))
|
||||
#define sfe_define_post_routing_hook(FN_NAME, HOOKNUM, OPS, SKB, UNUSED, OUT, OKFN) \
|
||||
static unsigned int FN_NAME(void *priv, \
|
||||
struct sk_buff *SKB, \
|
||||
const struct nf_hook_state *state)
|
||||
#elif (LINUX_VERSION_CODE >= KERNEL_VERSION(3, 13, 0))
|
||||
#define sfe_define_post_routing_hook(FN_NAME, HOOKNUM, OPS, SKB, UNUSED, OUT, OKFN) \
|
||||
static unsigned int FN_NAME(const struct nf_hook_ops *OPS, \
|
||||
struct sk_buff *SKB, \
|
||||
const struct net_device *UNUSED, \
|
||||
const struct net_device *OUT, \
|
||||
int (*OKFN)(struct sk_buff *))
|
||||
#else
|
||||
#define sfe_define_post_routing_hook(FN_NAME, HOOKNUM, OPS, SKB, UNUSED, OUT, OKFN) \
|
||||
static unsigned int FN_NAME(unsigned int HOOKNUM, \
|
||||
struct sk_buff *SKB, \
|
||||
const struct net_device *UNUSED, \
|
||||
const struct net_device *OUT, \
|
||||
int (*OKFN)(struct sk_buff *))
|
||||
#endif
|
||||
|
||||
#define sfe_cm_ipv4_post_routing_hook(HOOKNUM, OPS, SKB, UNUSED, OUT, OKFN) \
|
||||
sfe_define_post_routing_hook(__sfe_cm_ipv4_post_routing_hook, HOOKNUM, OPS, SKB, UNUSED, OUT, OKFN)
|
||||
#define sfe_cm_ipv6_post_routing_hook(HOOKNUM, OPS, SKB, UNUSED, OUT, OKFN) \
|
||||
sfe_define_post_routing_hook(__sfe_cm_ipv6_post_routing_hook, HOOKNUM, OPS, SKB, UNUSED, OUT, OKFN)
|
||||
#define fast_classifier_ipv4_post_routing_hook(HOOKNUM, OPS, SKB, UNUSED, OUT, OKFN) \
|
||||
sfe_define_post_routing_hook(__fast_classifier_ipv4_post_routing_hook, HOOKNUM, OPS, SKB, UNUSED, OUT, OKFN)
|
||||
#define fast_classifier_ipv6_post_routing_hook(HOOKNUM, OPS, SKB, UNUSED, OUT, OKFN) \
|
||||
sfe_define_post_routing_hook(__fast_classifier_ipv6_post_routing_hook, HOOKNUM, OPS, SKB, UNUSED, OUT, OKFN)
|
||||
|
||||
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 4, 0))
|
||||
#define SFE_IPV4_NF_POST_ROUTING_HOOK(fn) \
|
||||
{ \
|
||||
.hook = fn, \
|
||||
.pf = NFPROTO_IPV4, \
|
||||
.hooknum = NF_INET_POST_ROUTING, \
|
||||
.priority = NF_IP_PRI_NAT_SRC + 1, \
|
||||
}
|
||||
#else
|
||||
#define SFE_IPV4_NF_POST_ROUTING_HOOK(fn) \
|
||||
{ \
|
||||
.hook = fn, \
|
||||
.owner = THIS_MODULE, \
|
||||
.pf = NFPROTO_IPV4, \
|
||||
.hooknum = NF_INET_POST_ROUTING, \
|
||||
.priority = NF_IP_PRI_NAT_SRC + 1, \
|
||||
}
|
||||
#endif
|
||||
|
||||
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 4, 0))
|
||||
#define SFE_IPV6_NF_POST_ROUTING_HOOK(fn) \
|
||||
{ \
|
||||
.hook = fn, \
|
||||
.pf = NFPROTO_IPV6, \
|
||||
.hooknum = NF_INET_POST_ROUTING, \
|
||||
.priority = NF_IP_PRI_NAT_SRC + 1, \
|
||||
}
|
||||
#else
|
||||
#define SFE_IPV6_NF_POST_ROUTING_HOOK(fn) \
|
||||
{ \
|
||||
.hook = fn, \
|
||||
.owner = THIS_MODULE, \
|
||||
.pf = NFPROTO_IPV6, \
|
||||
.hooknum = NF_INET_POST_ROUTING, \
|
||||
.priority = NF_IP6_PRI_NAT_SRC + 1, \
|
||||
}
|
||||
#endif
|
||||
|
||||
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 3, 0))
|
||||
#define SFE_NF_CT_DEFAULT_ZONE (&nf_ct_zone_dflt)
|
||||
#else
|
||||
#define SFE_NF_CT_DEFAULT_ZONE NF_CT_DEFAULT_ZONE
|
||||
#endif
|
||||
|
||||
/*
|
||||
* sfe_dev_get_master
|
||||
* get master of bridge port, and hold it
|
||||
*/
|
||||
static inline struct net_device *sfe_dev_get_master(struct net_device *dev)
|
||||
{
|
||||
struct net_device *master;
|
||||
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(3, 9, 0))
|
||||
rcu_read_lock();
|
||||
master = netdev_master_upper_dev_get_rcu(dev);
|
||||
if (master)
|
||||
dev_hold(master);
|
||||
|
||||
rcu_read_unlock();
|
||||
#else
|
||||
master = dev->master;
|
||||
if (master)
|
||||
dev_hold(master);
|
||||
#endif
|
||||
return master;
|
||||
}
|
||||
|
||||
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(3, 11, 0))
|
||||
#define SFE_DEV_EVENT_PTR(PTR) netdev_notifier_info_to_dev(PTR)
|
||||
#else
|
||||
#define SFE_DEV_EVENT_PTR(PTR) (struct net_device *)(PTR)
|
||||
#endif
|
||||
|
||||
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(3, 13, 0))
|
||||
#define SFE_NF_CONN_ACCT(NM) struct nf_conn_acct *NM
|
||||
#else
|
||||
#define SFE_NF_CONN_ACCT(NM) struct nf_conn_counter *NM
|
||||
#endif
|
||||
|
||||
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(3, 13, 0))
|
||||
#define SFE_ACCT_COUNTER(NM) ((NM)->counter)
|
||||
#else
|
||||
#define SFE_ACCT_COUNTER(NM) (NM)
|
||||
#endif
|
||||
|
||||
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(3, 9, 0))
|
||||
#define sfe_hash_for_each_possible(name, obj, node, member, key) \
|
||||
hash_for_each_possible(name, obj, member, key)
|
||||
#else
|
||||
#define sfe_hash_for_each_possible(name, obj, node, member, key) \
|
||||
hash_for_each_possible(name, obj, node, member, key)
|
||||
#endif
|
||||
|
||||
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(3, 9, 0))
|
||||
#define sfe_hash_for_each(name, bkt, node, obj, member) \
|
||||
hash_for_each(name, bkt, obj, member)
|
||||
#else
|
||||
#define sfe_hash_for_each(name, bkt, node, obj, member) \
|
||||
hash_for_each(name, bkt, node, obj, member)
|
||||
#endif
|
||||
|
||||
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(3, 4, 0))
|
||||
#define sfe_dst_get_neighbour(dst, daddr) dst_neigh_lookup(dst, daddr)
|
||||
#else
|
||||
static inline struct neighbour *
|
||||
sfe_dst_get_neighbour(struct dst_entry *dst, void *daddr)
|
||||
{
|
||||
struct neighbour *neigh = dst_get_neighbour_noref(dst);
|
||||
|
||||
if (neigh)
|
||||
neigh_hold(neigh);
|
||||
|
||||
return neigh;
|
||||
}
|
||||
#endif
|
|
@ -1,259 +0,0 @@
|
|||
/*
|
||||
* sfe_cm.h
|
||||
* Shortcut forwarding engine.
|
||||
*
|
||||
* Copyright (c) 2013-2016 The Linux Foundation. All rights reserved.
|
||||
* Permission to use, copy, modify, and/or distribute this software for
|
||||
* any purpose with or without fee is hereby granted, provided that the
|
||||
* above copyright notice and this permission notice appear in all copies.
|
||||
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
||||
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
||||
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
|
||||
* OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
/*
|
||||
* connection flags.
|
||||
*/
|
||||
#define SFE_CREATE_FLAG_NO_SEQ_CHECK BIT(0)
|
||||
/* Indicates that we should not check sequence numbers */
|
||||
#define SFE_CREATE_FLAG_REMARK_PRIORITY BIT(1)
|
||||
/* Indicates that we should remark priority of skb */
|
||||
#define SFE_CREATE_FLAG_REMARK_DSCP BIT(2)
|
||||
/* Indicates that we should remark DSCP of packet */
|
||||
|
||||
/*
|
||||
* IPv6 address structure
|
||||
*/
|
||||
struct sfe_ipv6_addr {
|
||||
__be32 addr[4];
|
||||
};
|
||||
|
||||
typedef union {
|
||||
__be32 ip;
|
||||
struct sfe_ipv6_addr ip6[1];
|
||||
} sfe_ip_addr_t;
|
||||
|
||||
/*
|
||||
* connection creation structure.
|
||||
*/
|
||||
struct sfe_connection_create {
|
||||
int protocol;
|
||||
struct net_device *src_dev;
|
||||
struct net_device *dest_dev;
|
||||
u32 flags;
|
||||
u32 src_mtu;
|
||||
u32 dest_mtu;
|
||||
sfe_ip_addr_t src_ip;
|
||||
sfe_ip_addr_t src_ip_xlate;
|
||||
sfe_ip_addr_t dest_ip;
|
||||
sfe_ip_addr_t dest_ip_xlate;
|
||||
__be16 src_port;
|
||||
__be16 src_port_xlate;
|
||||
__be16 dest_port;
|
||||
__be16 dest_port_xlate;
|
||||
u8 src_mac[ETH_ALEN];
|
||||
u8 src_mac_xlate[ETH_ALEN];
|
||||
u8 dest_mac[ETH_ALEN];
|
||||
u8 dest_mac_xlate[ETH_ALEN];
|
||||
u8 src_td_window_scale;
|
||||
u32 src_td_max_window;
|
||||
u32 src_td_end;
|
||||
u32 src_td_max_end;
|
||||
u8 dest_td_window_scale;
|
||||
u32 dest_td_max_window;
|
||||
u32 dest_td_end;
|
||||
u32 dest_td_max_end;
|
||||
u32 mark;
|
||||
#ifdef CONFIG_XFRM
|
||||
u32 original_accel;
|
||||
u32 reply_accel;
|
||||
#endif
|
||||
u32 src_priority;
|
||||
u32 dest_priority;
|
||||
u32 src_dscp;
|
||||
u32 dest_dscp;
|
||||
};
|
||||
|
||||
/*
|
||||
* connection destruction structure.
|
||||
*/
|
||||
struct sfe_connection_destroy {
|
||||
int protocol;
|
||||
sfe_ip_addr_t src_ip;
|
||||
sfe_ip_addr_t dest_ip;
|
||||
__be16 src_port;
|
||||
__be16 dest_port;
|
||||
};
|
||||
|
||||
typedef enum sfe_sync_reason {
|
||||
SFE_SYNC_REASON_STATS, /* Sync is to synchronize stats */
|
||||
SFE_SYNC_REASON_FLUSH, /* Sync is to flush a entry */
|
||||
SFE_SYNC_REASON_DESTROY /* Sync is to destroy a entry(requested by connection manager) */
|
||||
} sfe_sync_reason_t;
|
||||
|
||||
/*
|
||||
* Structure used to sync connection stats/state back within the system.
|
||||
*
|
||||
* NOTE: The addresses here are NON-NAT addresses, i.e. the true endpoint addressing.
|
||||
* 'src' is the creator of the connection.
|
||||
*/
|
||||
struct sfe_connection_sync {
|
||||
struct net_device *src_dev;
|
||||
struct net_device *dest_dev;
|
||||
int is_v6; /* Is it for ipv6? */
|
||||
int protocol; /* IP protocol number (IPPROTO_...) */
|
||||
sfe_ip_addr_t src_ip; /* Non-NAT source address, i.e. the creator of the connection */
|
||||
sfe_ip_addr_t src_ip_xlate; /* NATed source address */
|
||||
__be16 src_port; /* Non-NAT source port */
|
||||
__be16 src_port_xlate; /* NATed source port */
|
||||
sfe_ip_addr_t dest_ip; /* Non-NAT destination address, i.e. to whom the connection was created */
|
||||
sfe_ip_addr_t dest_ip_xlate; /* NATed destination address */
|
||||
__be16 dest_port; /* Non-NAT destination port */
|
||||
__be16 dest_port_xlate; /* NATed destination port */
|
||||
u32 src_td_max_window;
|
||||
u32 src_td_end;
|
||||
u32 src_td_max_end;
|
||||
u64 src_packet_count;
|
||||
u64 src_byte_count;
|
||||
u32 src_new_packet_count;
|
||||
u32 src_new_byte_count;
|
||||
u32 dest_td_max_window;
|
||||
u32 dest_td_end;
|
||||
u32 dest_td_max_end;
|
||||
u64 dest_packet_count;
|
||||
u64 dest_byte_count;
|
||||
u32 dest_new_packet_count;
|
||||
u32 dest_new_byte_count;
|
||||
u32 reason; /* reason for stats sync message, i.e. destroy, flush, period sync */
|
||||
u64 delta_jiffies; /* Time to be added to the current timeout to keep the connection alive */
|
||||
};
|
||||
|
||||
/*
|
||||
* connection mark structure
|
||||
*/
|
||||
struct sfe_connection_mark {
|
||||
int protocol;
|
||||
sfe_ip_addr_t src_ip;
|
||||
sfe_ip_addr_t dest_ip;
|
||||
__be16 src_port;
|
||||
__be16 dest_port;
|
||||
u32 mark;
|
||||
};
|
||||
|
||||
/*
|
||||
* Expose the hook for the receive processing.
|
||||
*/
|
||||
extern int (*athrs_fast_nat_recv)(struct sk_buff *skb);
|
||||
|
||||
/*
|
||||
* Expose what should be a static flag in the TCP connection tracker.
|
||||
*/
|
||||
extern int nf_ct_tcp_no_window_check;
|
||||
|
||||
/*
|
||||
* This callback will be called in a timer
|
||||
* at 100 times per second to sync stats back to
|
||||
* Linux connection track.
|
||||
*
|
||||
* A RCU lock is taken to prevent this callback
|
||||
* from unregistering.
|
||||
*/
|
||||
typedef void (*sfe_sync_rule_callback_t)(struct sfe_connection_sync *);
|
||||
|
||||
/*
|
||||
* IPv4 APIs used by connection manager
|
||||
*/
|
||||
int sfe_ipv4_recv(struct net_device *dev, struct sk_buff *skb);
|
||||
int sfe_ipv4_create_rule(struct sfe_connection_create *sic);
|
||||
void sfe_ipv4_destroy_rule(struct sfe_connection_destroy *sid);
|
||||
void sfe_ipv4_destroy_all_rules_for_dev(struct net_device *dev);
|
||||
void sfe_ipv4_register_sync_rule_callback(sfe_sync_rule_callback_t callback);
|
||||
void sfe_ipv4_update_rule(struct sfe_connection_create *sic);
|
||||
void sfe_ipv4_mark_rule(struct sfe_connection_mark *mark);
|
||||
|
||||
#ifdef SFE_SUPPORT_IPV6
|
||||
/*
|
||||
* IPv6 APIs used by connection manager
|
||||
*/
|
||||
int sfe_ipv6_recv(struct net_device *dev, struct sk_buff *skb);
|
||||
int sfe_ipv6_create_rule(struct sfe_connection_create *sic);
|
||||
void sfe_ipv6_destroy_rule(struct sfe_connection_destroy *sid);
|
||||
void sfe_ipv6_destroy_all_rules_for_dev(struct net_device *dev);
|
||||
void sfe_ipv6_register_sync_rule_callback(sfe_sync_rule_callback_t callback);
|
||||
void sfe_ipv6_update_rule(struct sfe_connection_create *sic);
|
||||
void sfe_ipv6_mark_rule(struct sfe_connection_mark *mark);
|
||||
#else
|
||||
static inline int sfe_ipv6_recv(struct net_device *dev, struct sk_buff *skb)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
||||
static inline int sfe_ipv6_create_rule(struct sfe_connection_create *sic)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
||||
static inline void sfe_ipv6_destroy_rule(struct sfe_connection_destroy *sid)
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
static inline void sfe_ipv6_destroy_all_rules_for_dev(struct net_device *dev)
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
static inline void sfe_ipv6_register_sync_rule_callback(sfe_sync_rule_callback_t callback)
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
static inline void sfe_ipv6_update_rule(struct sfe_connection_create *sic)
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
static inline void sfe_ipv6_mark_rule(struct sfe_connection_mark *mark)
|
||||
{
|
||||
return;
|
||||
}
|
||||
#endif
|
||||
|
||||
/*
|
||||
* sfe_ipv6_addr_equal()
|
||||
* compare ipv6 address
|
||||
*
|
||||
* return: 1, equal; 0, no equal
|
||||
*/
|
||||
static inline int sfe_ipv6_addr_equal(struct sfe_ipv6_addr *a,
|
||||
struct sfe_ipv6_addr *b)
|
||||
{
|
||||
return a->addr[0] == b->addr[0] &&
|
||||
a->addr[1] == b->addr[1] &&
|
||||
a->addr[2] == b->addr[2] &&
|
||||
a->addr[3] == b->addr[3];
|
||||
}
|
||||
|
||||
/*
|
||||
* sfe_ipv4_addr_equal()
|
||||
* compare ipv4 address
|
||||
*
|
||||
* return: 1, equal; 0, no equal
|
||||
*/
|
||||
#define sfe_ipv4_addr_equal(a, b) ((u32)(a) == (u32)(b))
|
||||
|
||||
/*
|
||||
* sfe_addr_equal()
|
||||
* compare ipv4 or ipv6 address
|
||||
*
|
||||
* return: 1, equal; 0, no equal
|
||||
*/
|
||||
static inline int sfe_addr_equal(sfe_ip_addr_t *a,
|
||||
sfe_ip_addr_t *b, int is_v4)
|
||||
{
|
||||
return is_v4 ? sfe_ipv4_addr_equal(a->ip, b->ip) : sfe_ipv6_addr_equal(a->ip6, b->ip6);
|
||||
}
|
Loading…
Add table
Add a link
Reference in a new issue