diff --git a/shortcut-fe/fast-classifier/Makefile b/fast-classifier/Makefile similarity index 65% rename from shortcut-fe/fast-classifier/Makefile rename to fast-classifier/Makefile index 75fdb5d7b..29d024e7b 100644 --- a/shortcut-fe/fast-classifier/Makefile +++ b/fast-classifier/Makefile @@ -1,17 +1,3 @@ -# -# Copyright (c) 2013-2018 The Linux Foundation. All rights reserved. -# Permission to use, copy, modify, and/or distribute this software for -# any purpose with or without fee is hereby granted, provided that the -# above copyright notice and this permission notice appear in all copies. -# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT -# OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -# - include $(TOPDIR)/rules.mk include $(INCLUDE_DIR)/kernel.mk @@ -28,11 +14,8 @@ define KernelPackage/$(PKG_NAME)/Default DEPENDS:=+kmod-ipt-conntrack +kmod-shortcut-fe TITLE:=Kernel driver for FAST Classifier FILES:=$(PKG_BUILD_DIR)/fast-classifier.ko - KCONFIG:=CONFIG_NF_CONNTRACK_EVENTS=y \ - CONFIG_NF_CONNTRACK_CHAIN_EVENTS=y \ - CONFIG_NF_CONNTRACK_MARK=y \ - CONFIG_XFRM=y - CONFLICTS:=kmod-shortcut-fe-drv kmod-shortcut-fe-cm + KCONFIG:=CONFIG_NF_CONNTRACK_CHAIN_EVENTS=y CONFIG_NF_CONNTRACK_MARK=y + PROVIDES:=$(PKG_NAME) endef define KernelPackage/$(PKG_NAME) @@ -68,8 +51,6 @@ classifier kernel module endef SFE_MAKE_OPTS:=SFE_SUPPORT_IPV6=$(if $(CONFIG_IPV6),y,n) -HAVE_ECM:=$(CONFIG_PACKAGE_kmod-qca-nss-ecm-premium)$(CONFIG_PACKAGE_kmod-qca-nss-ecm-noload)$(CONFIG_PACKAGE_kmod-qca-nss-ecm-premium-noload)$(CONFIG_PACKAGE_kmod-qca-nss-ecm-standard) - define Build/Compile/kmod +$(MAKE) $(PKG_JOBS) -C "$(LINUX_DIR)" $(SFE_MAKE_OPTS) \ @@ -77,7 +58,6 @@ define Build/Compile/kmod $(PKG_MAKE_FLAGS) \ M="$(PKG_BUILD_DIR)" \ CONFIG_FAST_CLASSIFIER=m \ - $(if $(HAVE_ECM),EXTRA_CFLAGS+="-DCONFIG_SFE_ECM" CONFIG_SFE_ECM=y,) \ EXTRA_CFLAGS="$(EXTRA_CFLAGS)" \ modules endef diff --git a/shortcut-fe/fast-classifier/src/Makefile b/fast-classifier/src/Makefile similarity index 100% rename from shortcut-fe/fast-classifier/src/Makefile rename to fast-classifier/src/Makefile diff --git a/shortcut-fe/fast-classifier/src/fast-classifier.c b/fast-classifier/src/fast-classifier.c similarity index 99% rename from shortcut-fe/fast-classifier/src/fast-classifier.c rename to fast-classifier/src/fast-classifier.c index 6671f816d..7ca5d973b 100644 --- a/shortcut-fe/fast-classifier/src/fast-classifier.c +++ b/fast-classifier/src/fast-classifier.c @@ -36,9 +36,9 @@ #include #include -#include -#include -#include +#include "sfe_backport.h" +#include "sfe.h" +#include "sfe_cm.h" #include "fast-classifier.h" typedef enum fast_classifier_exception { @@ -1744,11 +1744,8 @@ static int __init fast_classifier_init(void) { struct fast_classifier *sc = &__sc; int result = -1; -#ifdef CONFIG_SFE_ECM - int (*fast_recv)(struct sk_buff *skb); -#endif - printk(KERN_ALERT "fast-classifier: starting up\n"); + printk(KERN_ALERT "fast-classifier (PBR safe v2.1.4a): starting up\n"); DEBUG_INFO("SFE CM init\n"); hash_init(fc_conn_ht); @@ -1813,7 +1810,6 @@ static int __init fast_classifier_init(void) goto exit3; } -#ifdef CONFIG_NF_CONNTRACK_EVENTS /* * Register a notifier hook to get fast notifications of expired connections. */ @@ -1821,14 +1817,12 @@ static int __init fast_classifier_init(void) result = nf_conntrack_register_chain_notifier(&init_net, &fast_classifier_conntrack_notifier); #else result = nf_conntrack_register_notifier(&init_net, &fast_classifier_conntrack_notifier); -#endif if (result < 0) { DEBUG_ERROR("can't register nf notifier hook: %d\n", result); goto exit4; } #endif - #if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 10, 0)) result = genl_register_family(&fast_classifier_gnl_family); if (result) { @@ -1871,16 +1865,7 @@ static int __init fast_classifier_init(void) /* * Hook the receive path in the network stack. */ -#ifdef CONFIG_SFE_ECM - rcu_read_lock(); - fast_recv = rcu_dereference(athrs_fast_nat_recv); - rcu_read_unlock(); - if (!fast_recv) { - BUG_ON(athrs_fast_nat_recv); - } -#else BUG_ON(athrs_fast_nat_recv); -#endif RCU_INIT_POINTER(athrs_fast_nat_recv, fast_classifier_recv); /* @@ -1989,4 +1974,3 @@ module_exit(fast_classifier_exit) MODULE_DESCRIPTION("Shortcut Forwarding Engine - Connection Manager"); MODULE_LICENSE("Dual BSD/GPL"); - diff --git a/shortcut-fe/fast-classifier/src/fast-classifier.h b/fast-classifier/src/fast-classifier.h similarity index 100% rename from shortcut-fe/fast-classifier/src/fast-classifier.h rename to fast-classifier/src/fast-classifier.h diff --git a/shortcut-fe/fast-classifier/src/nl_classifier_test.c b/fast-classifier/src/nl_classifier_test.c similarity index 100% rename from shortcut-fe/fast-classifier/src/nl_classifier_test.c rename to fast-classifier/src/nl_classifier_test.c diff --git a/shortcut-fe/shortcut-fe/src/sfe.h b/fast-classifier/src/sfe.h similarity index 100% rename from shortcut-fe/shortcut-fe/src/sfe.h rename to fast-classifier/src/sfe.h diff --git a/shortcut-fe/shortcut-fe/src/sfe_backport.h b/fast-classifier/src/sfe_backport.h similarity index 99% rename from shortcut-fe/shortcut-fe/src/sfe_backport.h rename to fast-classifier/src/sfe_backport.h index d2d60c73c..2f8c8ca3c 100644 --- a/shortcut-fe/shortcut-fe/src/sfe_backport.h +++ b/fast-classifier/src/sfe_backport.h @@ -180,7 +180,7 @@ static inline struct net_device *sfe_dev_get_master(struct net_device *dev) #endif #if (LINUX_VERSION_CODE >= KERNEL_VERSION(3, 4, 0)) -#define sfe_dst_get_neighbour(dst, daddr) dst_neigh_lookup(dst, addr) +#define sfe_dst_get_neighbour(dst, daddr) dst_neigh_lookup(dst, daddr) #else static inline struct neighbour * sfe_dst_get_neighbour(struct dst_entry *dst, void *daddr) diff --git a/shortcut-fe/shortcut-fe/src/sfe_cm.h b/fast-classifier/src/sfe_cm.h similarity index 100% rename from shortcut-fe/shortcut-fe/src/sfe_cm.h rename to fast-classifier/src/sfe_cm.h diff --git a/shortcut-fe/fast-classifier/src/userspace_example.c b/fast-classifier/src/userspace_example.c similarity index 100% rename from shortcut-fe/fast-classifier/src/userspace_example.c rename to fast-classifier/src/userspace_example.c diff --git a/luci-app-turboacc/Makefile b/luci-app-turboacc/Makefile deleted file mode 100644 index 91868d549..000000000 --- a/luci-app-turboacc/Makefile +++ /dev/null @@ -1,62 +0,0 @@ -# SPDX-Identifier-License: GPL-3.0-only -# -# Copyright (C) 2018 Lean -# Copyright (C) 2019-2021 ImmortalWrt.org - -include $(TOPDIR)/rules.mk - -PKG_NAME:=luci-app-turboacc -PKG_RELEASE:=$(COMMITCOUNT) - -PKG_LICENSE:=GPL-3.0-only -PKG_MAINTAINER:=Tianling Shen - -PKG_CONFIG_DEPENDS:= \ - CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_BBR_CCA \ - CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_DNSFORWARDER \ - CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_DNSPROXY \ - CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_OFFLOADING \ - CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_SHORTCUT_FE \ - CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_SHORTCUT_FE_DRV - -LUCI_TITLE:=LuCI support for Flow Offload / Shortcut-FE -LUCI_PKGARCH:=all -LUCI_DEPENDS:=+pdnsd-alt \ - +PACKAGE_$(PKG_NAME)_INCLUDE_BBR_CCA:kmod-tcp-bbr \ - +PACKAGE_$(PKG_NAME)_INCLUDE_DNSFORWARDER:dnsforwarder \ - +PACKAGE_$(PKG_NAME)_INCLUDE_DNSPROXY:dnsproxy \ - +PACKAGE_$(PKG_NAME)_INCLUDE_OFFLOADING:kmod-ipt-offload \ - +PACKAGE_$(PKG_NAME)_INCLUDE_SHORTCUT_FE:kmod-shortcut-fe-cm \ - +PACKAGE_$(PKG_NAME)_INCLUDE_SHORTCUT_FE_DRV:kmod-shortcut-fe-drv - -define Package/$(PKG_NAME)/config -config PACKAGE_$(PKG_NAME)_INCLUDE_OFFLOADING - bool "Include Flow Offload" - depends on (PACKAGE_$(PKG_NAME)_INCLUDE_SHORTCUT_FE=n && PACKAGE_$(PKG_NAME)_INCLUDE_SHORTCUT_FE_DRV=n) - default y if i386||x86_64||TARGET_ramips - -config PACKAGE_$(PKG_NAME)_INCLUDE_SHORTCUT_FE_DRV - bool "Include Shortcut-FE for ECM" - depends on PACKAGE_$(PKG_NAME)_INCLUDE_SHORTCUT_FE=n - default y if (TARGET_ipq806x||TARGET_ipq807x) - -config PACKAGE_$(PKG_NAME)_INCLUDE_SHORTCUT_FE - bool "Include Shortcut-FE" - default y if !(TARGET_ipq806x||TARGET_ipq807x||TARGET_ramips) - -config PACKAGE_$(PKG_NAME)_INCLUDE_BBR_CCA - bool "Include BBR CCA" - default y - -config PACKAGE_$(PKG_NAME)_INCLUDE_DNSFORWARDER - bool "Include DNSForwarder" - default n - -config PACKAGE_$(PKG_NAME)_INCLUDE_DNSPROXY - bool "Include DNSProxy" - default n -endef - -include $(TOPDIR)/feeds/luci/luci.mk - -# call BuildPackage - OpenWrt buildroot signature diff --git a/luci-app-turboacc/luasrc/controller/turboacc.lua b/luci-app-turboacc/luasrc/controller/turboacc.lua deleted file mode 100644 index 4197ad241..000000000 --- a/luci-app-turboacc/luasrc/controller/turboacc.lua +++ /dev/null @@ -1,39 +0,0 @@ -module("luci.controller.turboacc", package.seeall) - -function index() - if not nixio.fs.access("/etc/config/turboacc") then - return - end - local page - page = entry({"admin", "network", "turboacc"}, cbi("turboacc"), _("Turbo ACC Center"), 1000) - page.i18n = "turboacc" - page.dependent = true - - entry({"admin", "network", "turboacc", "status"}, call("action_status")) -end - -local function fastpath_status() - return luci.sys.call("/etc/init.d/turboacc check_status fastpath") == 0 -end - -local function bbr_status() - return luci.sys.call("/etc/init.d/turboacc check_status bbr") == 0 -end - -local function fullconenat_status() - return luci.sys.call("/etc/init.d/turboacc check_status fullconenat") == 0 -end - -local function dnscaching_status() - return luci.sys.call("/etc/init.d/turboacc check_status dns") == 0 -end - -function action_status() - luci.http.prepare_content("application/json") - luci.http.write_json({ - fastpath_state = fastpath_status(), - fullconenat_state = fullconenat_status(), - bbr_state = bbr_status(), - dnscaching_state = dnscaching_status() - }) -end diff --git a/luci-app-turboacc/luasrc/model/cbi/turboacc.lua b/luci-app-turboacc/luasrc/model/cbi/turboacc.lua deleted file mode 100644 index 4d2e4571d..000000000 --- a/luci-app-turboacc/luasrc/model/cbi/turboacc.lua +++ /dev/null @@ -1,67 +0,0 @@ -local kernel_version = luci.sys.exec("echo -n $(uname -r)") - -m = Map("turboacc") -m.title = translate("Turbo ACC Acceleration Settings") -m.description = translate("Opensource Flow Offloading driver (Fast Path or Hardware NAT)") - -m:append(Template("turboacc/turboacc_status")) - -s = m:section(TypedSection, "turboacc", "") -s.addremove = false -s.anonymous = true - -if nixio.fs.access("/lib/modules/" .. kernel_version .. "/xt_FLOWOFFLOAD.ko") then -sw_flow = s:option(Flag, "sw_flow", translate("Software flow offloading")) -sw_flow.default = 0 -sw_flow.description = translate("Software based offloading for routing/NAT") -sw_flow:depends("sfe_flow", 0) -end - -if luci.sys.call("cat /proc/cpuinfo | grep -q MT76") == 0 then -hw_flow = s:option(Flag, "hw_flow", translate("Hardware flow offloading")) -hw_flow.default = 0 -hw_flow.description = translate("Requires hardware NAT support. Implemented at least for mt76xx") -hw_flow:depends("sw_flow", 1) -end - -if nixio.fs.access("/lib/modules/" .. kernel_version .. "/shortcut-fe-cm.ko") then -sfe_flow = s:option(Flag, "sfe_flow", translate("Shortcut-FE flow offloading")) -sfe_flow.default = 0 -sfe_flow.description = translate("Shortcut-FE based offloading for routing/NAT") -sfe_flow:depends("sw_flow", 0) -end - -if nixio.fs.access("/lib/modules/" .. kernel_version .. "/tcp_bbr.ko") then -bbr_cca = s:option(Flag, "bbr_cca", translate("BBR CCA")) -bbr_cca.default = 0 -bbr_cca.description = translate("Using BBR CCA can improve TCP network performance effectively") -end - -if nixio.fs.access("/lib/modules/" .. kernel_version .. "/xt_FULLCONENAT.ko") then -fullcone_nat = s:option(Flag, "fullcone_nat", translate("FullCone NAT")) -fullcone_nat.default = 0 -fullcone_nat.description = translate("Using FullCone NAT can improve gaming performance effectively") -end - -dns_caching = s:option(Flag, "dns_caching", translate("DNS Caching")) -dns_caching.default = 0 -dns_caching.rmempty = false -dns_caching.description = translate("Enable DNS Caching and anti ISP DNS pollution") - -dns_caching_mode = s:option(ListValue, "dns_caching_mode", translate("Resolve DNS Mode"), translate("DNS Program")) -dns_caching_mode:value("1", translate("Using PDNSD to query and cache")) -if nixio.fs.access("/usr/bin/dnsforwarder") then -dns_caching_mode:value("2", translate("Using DNSForwarder to query and cache")) -end -if nixio.fs.access("/usr/bin/dnsproxy") then -dns_caching_mode:value("3", translate("Using DNSProxy to query and cache")) -end -dns_caching_mode.default = 1 -dns_caching_mode:depends("dns_caching", 1) - -dns_caching_dns = s:option(Value, "dns_caching_dns", translate("Upsteam DNS Server")) -dns_caching_dns.default = "114.114.114.114,114.114.115.115,223.5.5.5,223.6.6.6,180.76.76.76,119.29.29.29,119.28.28.28,1.2.4.8,210.2.4.8" -dns_caching_dns.description = translate("Muitiple DNS server can saperate with ','") -dns_caching_dns:depends("dns_caching", 1) - -return m diff --git a/luci-app-turboacc/luasrc/view/turboacc/turboacc_status.htm b/luci-app-turboacc/luasrc/view/turboacc/turboacc_status.htm deleted file mode 100644 index 90de3884b..000000000 --- a/luci-app-turboacc/luasrc/view/turboacc/turboacc_status.htm +++ /dev/null @@ -1,25 +0,0 @@ -
- <%:Running Status%> - - - - - -
<%:Flow Offloading%><%:Collecting data...%>
<%:FullCone NAT%><%:Collecting data...%>
<%:BBR CCA%><%:Collecting data...%>
<%:DNS Caching%><%:Collecting data...%>
-
- - diff --git a/luci-app-turboacc/po/zh-cn/turboacc.po b/luci-app-turboacc/po/zh-cn/turboacc.po deleted file mode 100644 index 9111e3fc4..000000000 --- a/luci-app-turboacc/po/zh-cn/turboacc.po +++ /dev/null @@ -1,99 +0,0 @@ -msgid "Turbo ACC Center" -msgstr "Turbo ACC 网络加速" - -msgid "Turbo ACC Acceleration Settings" -msgstr "Turbo ACC 网络加速设置" - -msgid "Linux Flow Offload Forwarding Engine Settings" -msgstr "Linux Flow Offload Forwarding 转发加速引擎设置" - -msgid "Opensource Flow Offloading driver (Fast Path or Hardware NAT)" -msgstr "开源流量分载驱动 (支持 Fast Path 或者 硬件 NAT)" - -msgid "Software flow offloading" -msgstr "软件流量分载" - -msgid "Software based offloading for routing/NAT" -msgstr "基于软件的 Routing/NAT 分载" - -msgid "Hardware flow offloading" -msgstr "硬件流量分载" - -msgid "Requires hardware NAT support. Implemented at least for mt76xx" -msgstr "需要硬件 NAT 支持。目前 mt76xx 已实现" - -msgid "Shortcut-FE flow offloading" -msgstr "Shortcut-FE 流量分载" - -msgid "Shortcut-FE based offloading for routing/NAT" -msgstr "基于 Shortcut-FE 的 Routing/NAT 分载" - -msgid "Bridge Acceleration" -msgstr "桥接加速" - -msgid "Enable Bridge Acceleration (may be functional conflict with bridge-mode VPN server)" -msgstr "启用桥接加速 (可能会和路由器上桥接模式的VPN服务器冲突)" - -msgid "IPv6 Acceleration" -msgstr "IPv6 加速" - -msgid "Enable IPv6 Acceleration" -msgstr "启用 IPv6 加速" - -msgid "BBR CCA" -msgstr "BBR 拥塞控制算法" - -msgid "Using BBR CCA can improve TCP network performance effectively" -msgstr "使用 BBR 拥塞控制算法可以有效提升 TCP 网络性能" - -msgid "FullCone NAT" -msgstr "全锥形 NAT" - -msgid "Using FullCone NAT can improve gaming performance effectively" -msgstr "使用全锥形 NAT 可以有效提升游戏体验" - -msgid "DNS Caching" -msgstr "DNS 缓存" - -msgid "Enable DNS Caching and anti ISP DNS pollution" -msgstr "启用 DNS 多线程查询、缓存,并防止 ISP 的 DNS 广告和域名劫持" - -msgid "Resolve DNS Mode" -msgstr "DNS 解析方式" - -msgid "DNS Program" -msgstr "DNS 解析程序" - -msgid "Using PDNSD to query and cache" -msgstr "使用 PDNSD 解析" - - -msgid "Using DNSForwarder to query and cache" -msgstr "使用 DNSForwarder 解析" - -msgid "Using DNSProxy to query and cache" -msgstr "使用 DNSProxy 解析" - -msgid "Upsteam DNS Server" -msgstr "上游 DNS 服务器" - -msgid "Muitiple DNS server can saperate with ','" -msgstr "多个上游 DNS 服务器请用 ',' 分隔(注意用英文逗号)" - -msgid "Running Status" -msgstr "运行状态" - -msgid "Flow Offloading" -msgstr "流量分载" - -msgid "BBR CCA" -msgstr "BBR 拥塞控制算法" - -msgid "FullCone NAT" -msgstr "全锥型 NAT" - -msgid "DNS Caching" -msgstr "DNS 缓存" - -msgid "Open Web Interface" -msgstr "打开 Web 界面" diff --git a/luci-app-turboacc/root/etc/config/turboacc b/luci-app-turboacc/root/etc/config/turboacc deleted file mode 100644 index a2d4c0bdf..000000000 --- a/luci-app-turboacc/root/etc/config/turboacc +++ /dev/null @@ -1,10 +0,0 @@ - -config turboacc 'config' - option sw_flow '1' - option hw_flow '1' - option sfe_flow '1' - option fullcone_nat '1' - option bbr_cca '0' - option dns_caching '0' - option dns_caching_mode '1' - option dns_caching_dns '114.114.114.114,114.114.115.115,223.5.5.5,223.6.6.6,180.76.76.76,119.29.29.29,119.28.28.28,1.2.4.8,210.2.4.8' diff --git a/luci-app-turboacc/root/etc/init.d/turboacc b/luci-app-turboacc/root/etc/init.d/turboacc deleted file mode 100755 index c45041d08..000000000 --- a/luci-app-turboacc/root/etc/init.d/turboacc +++ /dev/null @@ -1,345 +0,0 @@ -#!/bin/sh /etc/rc.common -# Copyright (C) 2018 Lean -# Copyright (C) 2019-2021 Tianling Shen - -START=90 -STOP=10 - -EXTRA_COMMANDS="check_status" -EXTRA_HELP=" check_status Check running status of utils" - -restart_utils="true" - -inital_conf(){ - config_load "turboacc" - config_get "sw_flow" "config" "sw_flow" "0" - config_get "hw_flow" "config" "hw_flow" "0" - config_get "sfe_flow" "config" "sfe_flow" "0" - config_get "bbr_cca" "config" "bbr_cca" "0" - config_get "fullcone_nat" "config" "fullcone_nat" "0" - config_get "dns_caching" "config" "dns_caching" "0" - config_get "dns_caching_mode" "config" "dns_caching_mode" "0" - config_get "dns_caching_dns" "config" "dns_caching_dns" - - [ ! -e "/lib/modules/$(uname -r)/xt_FLOWOFFLOAD.ko" ] && { sw_flow="0"; hw_flow="0"; } - [ ! -e "/lib/modules/$(uname -r)/shortcut-fe-cm.ko" ] && sfe_flow="0" - [ ! -e "/lib/modules/$(uname -r)/tcp_bbr.ko" ] && bbr_cca="0" - [ ! -e "/lib/modules/$(uname -r)/xt_FULLCONENAT.ko" ] && fullcone_nat="0" -} - -start_pdnsd() { - [ -d "/var/run/dnscache" ] || mkdir -p "/var/run/dnscache" - cat > "/var/run/dnscache/dnscache.conf" < "/var/dnscache/pdnsd.cache" - chown -R nobody.nogroup "/var/dnscache" - fi - - [ -d "/var/sbin" ] || mkdir -p "/var/sbin" - cp -a "/usr/sbin/pdnsd" "/var/sbin/dnscache" - /var/sbin/dnscache -c "/var/run/dnscache/dnscache.conf" > "/var/log/dnscache.file" 2>&1 & - echo "PDNSD: Start DNS Caching" -} - -start_dnsforwarder() { - mkdir -p "/var/run/dnscache" - cat > "/var/run/dnscache/dnscache.conf" < "/var/log/dnscache.file" 2>&1 & - echo "DnsForwarder: Start DNS Caching" - -} - -start_dnsproxy() { - [ -d "/var/run/dnscache" ] || mkdir -p "/var/run/dnscache" - echo -e "${dns_caching_dns//,/\\n}" > "/var/run/dnscache/dnscache.conf" - - [ -d "/var/sbin" ] || mkdir -p "/var/sbin" - cp -a "/usr/bin/dnsproxy" "/var/sbin/dnscache" - /var/sbin/dnscache -l "127.0.0.1" -p "5333" -b "tls://9.9.9.9" -f "tls://8.8.8.8" -u "/var/run/dnscache/dnscache.conf" --all-servers --cache --cache-min-ttl=3600 > "/var/log/dnscache.file" 2>&1 & - echo "DNSProxy: Start DNS Caching" -} - -stop_dnscache() { - killall -9 "dnscache" - kill -9 $(ps | grep dnscache-while.sh | grep -v "grep" | awk '{print $1}') - rm -rf "/var/dnscache" "/var/run/dnscache" - echo "Stop DNS Caching" -} - -change_dns() { - uci -q delete dhcp.@dnsmasq[0].server - uci add_list dhcp.@dnsmasq[0].server="127.0.0.1#5333" - uci set dhcp.@dnsmasq[0].noresolv="1" - uci commit dhcp - -} - -revert_dns() { - uci -q del_list dhcp.@dnsmasq[0].server="127.0.0.1#5333" - uci set dhcp.@dnsmasq[0].resolvfile="/tmp/resolv.conf.d/resolv.conf.auto" - uci set dhcp.@dnsmasq[0].noresolv="0" - uci commit dhcp -} - -start(){ - inital_conf - - uci set firewall.@defaults[0].flow_offloading="${sw_flow}" - uci set firewall.@defaults[0].flow_offloading_hw="${hw_flow}" - uci set firewall.@defaults[0].fullcone="${fullcone_nat}" - uci commit firewall - - [ "${sw_flow}" -ne "1" ] && [ "${sfe_flow}" -eq "1" ] && { - [ "$(have_ecm_init)" = "0" ] && { - /etc/init.d/shortcut-fe enabled || /etc/init.d/shortcut-fe enable - /etc/init.d/shortcut-fe start - } - } - - if [ "${bbr_cca}" -eq "1" ]; then - sysctl -w net.ipv4.tcp_congestion_control="bbr" - else - sysctl -w net.ipv4.tcp_congestion_control="cubic" - fi - - if [ "${dns_caching}" -eq "1" ]; then - stop_dnscache - sleep 1 - - rm -f "/var/log/dnscache.file" - if [ "${dns_caching_mode}" = "1" ]; then - start_pdnsd - elif [ "${dns_caching_mode}" = "2" ]; then - start_dnsforwarder - elif [ "${dns_caching_mode}" = "3" ]; then - start_dnsproxy - fi - - change_dns - /usr/share/dnscache/dnscache-while.sh > "/var/log/dnscache.file" 2>&1 & - else - stop_dnscache - revert_dns - fi - - if [ "${restart_utils}" = "true" ]; then - /etc/init.d/dnsmasq restart >"/dev/null" 2>&1 && echo "DNSMASQ change" - /etc/init.d/firewall restart >"/dev/null" 2>&1 - fi -} - -stop(){ - inital_conf - - uci set firewall.@defaults[0].flow_offloading="${sw_flow}" - uci set firewall.@defaults[0].flow_offloading_hw="${hw_flow}" - uci set firewall.@defaults[0].fullcone="${fullcone_nat}" - uci commit firewall - - [ "${sfe_flow}" -ne "1" ] && { - [ -e "/etc/init.d/shortcut-fe" ] && [ "$(have_ecm_init)" = "0" ] && { - /etc/init.d/shortcut-fe stop 2>"/dev/null" - /etc/init.d/shortcut-fe enabled && /etc/init.d/shortcut-fe disable - } - } - - stop_dnscache - revert_dns - - if [ "${restart_utils}" = "true" ]; then - /etc/init.d/dnsmasq restart >"/dev/null" 2>&1 && echo "DNSMASQ revert" - /etc/init.d/firewall restart >"/dev/null" 2>&1 - fi -} - -restart(){ - restart_utils="false" - stop - start - /etc/init.d/dnsmasq restart >"/dev/null" 2>&1 && echo "DNSMASQ restart" - /etc/init.d/firewall restart >"/dev/null" 2>&1 -} - -have_ecm_init() { - [ -d "/etc/init.d/qca-nss-ecm" ] && echo 1 && return - echo 0 -} - -check_status(){ - case "$1" in - "fastpath") - if [ "$(cat "/sys/module/xt_FLOWOFFLOAD/refcnt" 2>"/dev/null" || echo 0)" -ne "0" ]; then - echo -n "Flow Offloading" - exit 0 - elif lsmod | grep -q "ecm"; then - if lsmod | grep -q "shortcut_fe_drv"; then - echo -n "QCA-NSS-ECM-SFE" - exit 0 - else - echo -n "QCA-NSS-ECM" - exit 0 - fi - elif lsmod | grep -q "shortcut_fe_cm"; then - echo -n "Shortcut-FE" - exit 0 - else - exit 1 - fi - ;; - "fullconenat") - [ "$(cat "/sys/module/xt_FULLCONENAT/refcnt" 2>"/dev/null" || echo 0)" -ne "0" ] && \ - exit 0 || exit 1 - ;; - "bbr") - [ "x$(cat "/proc/sys/net/ipv4/tcp_congestion_control" 2>"/dev/null")" = "xbbr" ] && \ - exit 0 || exit 1 - ;; - "dns") - pgrep "dnscache" >"/dev/null" && exit 0 || exit 1 - ;; - *) - exit 2 - ;; - esac -} diff --git a/luci-app-turboacc/root/etc/uci-defaults/luci-turboacc b/luci-app-turboacc/root/etc/uci-defaults/luci-turboacc deleted file mode 100755 index 37a556f42..000000000 --- a/luci-app-turboacc/root/etc/uci-defaults/luci-turboacc +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/sh - -uci -q batch <<-EOF >/dev/null - delete ucitrack.@turboacc[-1] - add ucitrack turboacc - set ucitrack.@turboacc[-1].init=turboacc - commit ucitrack -EOF - -exit 0 diff --git a/luci-app-turboacc/root/usr/share/dnscache/dnscache-while.sh b/luci-app-turboacc/root/usr/share/dnscache/dnscache-while.sh deleted file mode 100755 index 63a94bbd8..000000000 --- a/luci-app-turboacc/root/usr/share/dnscache/dnscache-while.sh +++ /dev/null @@ -1,38 +0,0 @@ -#!/bin/sh - -sleeptime=60 - -dnsconf="/var/run/dnscache/dnscache.conf" -dnsprogram="/var/sbin/dnscache" -logfile="/var/log/dnscache.file" - -dns_caching="$(uci -q get turboacc.config.dns_caching)" -dns_caching_mode="$(uci -q get turboacc.config.dns_caching_mode)" - -clean_log() { - logrow="$(grep -c "" "${logfile}")" - [ "${logrow}" -lt "500" ] || echo "${curtime} Log 条数超限,清空处理!" > "${logfile}" -} - -while [ "${dns_caching}" -eq "1" ]; -do - curtime="$(date "+%H:%M:%S")" - - clean_log - - if pidof dnscache > "/dev/null"; then - echo -e "${curtime} online!" >> "${logfile}" - else - if [ "${dns_caching_mode}" = "1" ]; then - ${dnsprogram} -c "${dnsconf}" > "${logfile}" 2>&1 & - elif [ "${dns_caching_mode}" = "2" ]; then - ${dnsprogram} -f "${dnsconf}" > "${logfile}" 2>&1 & - elif [ "${dns_caching_mode}" = "3" ]; then - ${dnsprogram} -o "${logfile}" -l "127.0.0.1" -p "5333" -b "tls://9.9.9.9" -f "tls://8.8.8.8" -u "${dnsconf}" --all-servers --cache --cache-min-ttl=3600 > "${logfile}" 2>&1 & - fi - echo "${curtime} 重启服务!" >> ${logfile} - fi - - sleep "${sleeptime}" - continue -done diff --git a/shortcut-fe/shortcut-fe/Makefile b/shortcut-fe/Makefile similarity index 72% rename from shortcut-fe/shortcut-fe/Makefile rename to shortcut-fe/Makefile index f326e59c9..54711c46a 100644 --- a/shortcut-fe/shortcut-fe/Makefile +++ b/shortcut-fe/Makefile @@ -1,5 +1,5 @@ # -# Copyright (c) 2013-2018, 2020 The Linux Foundation. All rights reserved. +# Copyright (c) 2014 The Linux Foundation. All rights reserved. # Permission to use, copy, modify, and/or distribute this software for # any purpose with or without fee is hereby granted, provided that the # above copyright notice and this permission notice appear in all copies. @@ -16,6 +16,7 @@ include $(INCLUDE_DIR)/kernel.mk PKG_NAME:=shortcut-fe PKG_RELEASE:=2 +PKG_CONFIG_DEPENDS := CONFIG_IPV6 include $(INCLUDE_DIR)/package.mk @@ -23,14 +24,13 @@ define KernelPackage/shortcut-fe SECTION:=kernel CATEGORY:=Kernel modules SUBMENU:=Network Support - DEPENDS:=@IPV6 + DEPENDS:= TITLE:=Kernel driver for SFE FILES:=$(PKG_BUILD_DIR)/shortcut-fe.ko $(if $(CONFIG_IPV6),$(PKG_BUILD_DIR)/shortcut-fe-ipv6.ko,) KCONFIG:=CONFIG_NF_CONNTRACK_EVENTS=y \ CONFIG_NF_CONNTRACK_TIMEOUT=y \ CONFIG_SHORTCUT_FE=y \ CONFIG_XFRM=y - PROVIDES:=$(PKG_NAME) AUTOLOAD:=$(call AutoLoad,09,shortcut-fe shortcut-fe-ipv6) endef @@ -39,14 +39,10 @@ Shortcut is an in-Linux-kernel IP packet forwarding engine. endef define KernelPackage/shortcut-fe/install - $(INSTALL_DIR) $(1)/etc/init.d - $(INSTALL_BIN) ./files/etc/init.d/shortcut-fe $(1)/etc/init.d $(INSTALL_DIR) $(1)/usr/bin $(INSTALL_BIN) ./files/usr/bin/sfe_dump $(1)/usr/bin endef -HAVE_ECM:=$(CONFIG_PACKAGE_kmod-qca-nss-ecm-premium)$(CONFIG_PACKAGE_kmod-qca-nss-ecm-noload)$(CONFIG_PACKAGE_kmod-qca-nss-ecm-premium-noload)$(CONFIG_PACKAGE_kmod-qca-nss-ecm-standard) - define KernelPackage/shortcut-fe-cm SECTION:=kernel CATEGORY:=Kernel modules @@ -54,10 +50,7 @@ define KernelPackage/shortcut-fe-cm DEPENDS:=+kmod-ipt-conntrack +kmod-shortcut-fe TITLE:=Kernel driver for SFE FILES:=$(PKG_BUILD_DIR)/shortcut-fe-cm.ko - KCONFIG:=CONFIG_NF_CONNTRACK_CHAIN_EVENTS=y \ - CONFIG_NF_CONNTRACK_EVENTS=y \ - CONFIG_XFRM=y - CONFLICTS:=kmod-shortcut-fe-drv + KCONFIG:=CONFIG_NF_CONNTRACK_CHAIN_EVENTS=y endef define KernelPackage/shortcut-fe-cm/Description @@ -65,21 +58,20 @@ Simple connection manager for the Shortcut forwarding engine. endef define Build/Compile - $(MAKE) $(PKG_JOBS) -C "$(LINUX_DIR)" \ + +$(MAKE) $(PKG_JOBS) -C "$(LINUX_DIR)" \ $(KERNEL_MAKE_FLAGS) \ $(PKG_MAKE_FLAGS) \ M="$(PKG_BUILD_DIR)" \ - $(if $(CONFIG_IPV6),EXTRA_CFLAGS+="-DSFE_SUPPORT_IPV6" SFE_SUPPORT_IPV6=y,) \ - $(if $(HAVE_ECM),EXTRA_CFLAGS+="-DCONFIG_SFE_ECM" CONFIG_SFE_ECM=y,) \ - modules + modules \ + $(if $(CONFIG_IPV6),EXTRA_CFLAGS="-DSFE_SUPPORT_IPV6" SFE_SUPPORT_IPV6=y,) endef -ifneq ($(CONFIG_PACKAGE_kmod-shortcut-fe)$(CONFIG_PACKAGE_kmod-shortcut-fe-cm),) +#ifneq ($(CONFIG_PACKAGE_kmod-shortcut-fe)$(CONFIG_PACKAGE_kmod-shortcut-fe-cm),) define Build/InstallDev $(INSTALL_DIR) $(1)/usr/include/shortcut-fe $(CP) -rf $(PKG_BUILD_DIR)/sfe.h $(1)/usr/include/shortcut-fe endef -endif +#endif $(eval $(call KernelPackage,shortcut-fe)) $(eval $(call KernelPackage,shortcut-fe-cm)) diff --git a/shortcut-fe/shortcut-fe/files/usr/bin/sfe_dump b/shortcut-fe/files/usr/bin/sfe_dump similarity index 100% rename from shortcut-fe/shortcut-fe/files/usr/bin/sfe_dump rename to shortcut-fe/files/usr/bin/sfe_dump diff --git a/shortcut-fe/shortcut-fe/files/etc/init.d/shortcut-fe b/shortcut-fe/shortcut-fe/files/etc/init.d/shortcut-fe deleted file mode 100755 index 88c381ade..000000000 --- a/shortcut-fe/shortcut-fe/files/etc/init.d/shortcut-fe +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/sh /etc/rc.common -# -# Copyright (c) 2014-2015 The Linux Foundation. All rights reserved. -# Permission to use, copy, modify, and/or distribute this software for -# any purpose with or without fee is hereby granted, provided that the -# above copyright notice and this permission notice appear in all copies. -# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT -# OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -# - -#SFE connection manager has a lower priority, it should be started after other connection manager -#to detect the existence of connection manager with higher priority -START=99 - -have_cm() { - [ -d "/sys/kernel/debug/ecm" ] && echo 1 && return - - echo 0 -} - -#load shortcut-fe and connection manager -load_sfe() { - local kernel_version=$(uname -r) - - [ -d "/sys/module/shortcut_fe" ] || insmod /lib/modules/$kernel_version/shortcut-fe.ko - [ -d "/sys/module/shortcut_fe_ipv6" ] || insmod /lib/modules/$kernel_version/shortcut-fe-ipv6.ko - - [ -e "/lib/modules/$kernel_version/shortcut-fe-cm.ko" ] && { - [ -d /sys/module/shortcut_fe_cm ] || insmod /lib/modules/$kernel_version/shortcut-fe-cm.ko - } - [ -e "/lib/modules/$kernel_version/fast-classifier.ko" ] && { - [ -d /sys/module/fast_classifier ] || insmod /lib/modules/$kernel_version/fast-classifier.ko - } -} - -start() { - [ "$(have_cm)" = "0" ] && load_sfe -} - -stop() { - [ -d "/sys/module/shortcut_fe_drv" ] && rmmod shortcut_fe_drv - [ -d "/sys/module/shortcut_fe_cm" ] && rmmod shortcut_fe_cm - [ -d "/sys/module/fast_classifier" ] && rmmod fast_classifier - [ -d "/sys/module/shortcut_fe_ipv6" ] && rmmod shortcut-fe-ipv6 - [ -d "/sys/module/shortcut_fe" ] && rmmod shortcut-fe -} diff --git a/shortcut-fe/simulated-driver/Makefile b/shortcut-fe/simulated-driver/Makefile deleted file mode 100644 index 1adeb943d..000000000 --- a/shortcut-fe/simulated-driver/Makefile +++ /dev/null @@ -1,60 +0,0 @@ -# -# Copyright (c) 2015,2016 The Linux Foundation. All rights reserved. -# Permission to use, copy, modify, and/or distribute this software for -# any purpose with or without fee is hereby granted, provided that the -# above copyright notice and this permission notice appear in all copies. -# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT -# OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -# - -include $(TOPDIR)/rules.mk -include $(INCLUDE_DIR)/kernel.mk - -PKG_NAME:=shortcut-fe-simulated-driver -PKG_RELEASE:=1 -PKG_CONFIG_DEPENDS := CONFIG_IPV6 - -PKG_SOURCE_URL:=https://source.codeaurora.org/quic/qsdk/oss/lklm/shortcut-fe -PKG_SOURCE_PROTO:=git -PKG_SOURCE_DATE:=2021-03-17 -PKG_SOURCE_VERSION:=697977d8d0ccf0ab596e5692d08608a75dd7f33d -PKG_MIRROR_HASH:=659fa82a431e15af797a6c7069faeee02810453ad8b576c51c29f95a1761a045 - -include $(INCLUDE_DIR)/package.mk - -define KernelPackage/shortcut-fe-drv - SECTION:=kernel - CATEGORY:=Kernel modules - SUBMENU:=Network Support - DEPENDS:=@TARGET_ipq806x||TARGET_ipq807x +kmod-shortcut-fe - KCONFIG:=CONFIG_NET_CLS_ACT=y \ - CONFIG_XFRM=y - TITLE:=Simulated sfe driver for ECM - FILES:=$(PKG_BUILD_DIR)/simulated-driver/shortcut-fe-drv.ko -endef - -define KernelPackage/shortcut-fe-drv/Description -Simulated sfe driver which act as an adapter to convert message between a connection manager and the SFE core engine. -endef - -define Build/Compile - $(MAKE) $(PKG_JOBS) -C "$(LINUX_DIR)" \ - $(KERNEL_MAKE_FLAGS) \ - $(PKG_MAKE_FLAGS) \ - M="$(PKG_BUILD_DIR)/simulated-driver" \ - $(if $(CONFIG_IPV6),EXTRA_CFLAGS+="-DSFE_SUPPORT_IPV6" SFE_SUPPORT_IPV6=y,) \ - EXTRA_CFLAGS="$(EXTRA_CFLAGS)" \ - modules -endef - -define Build/InstallDev - $(INSTALL_DIR) $(1)/usr/include/shortcut-fe - $(CP) -rf $(PKG_BUILD_DIR)/simulated-driver/sfe_drv.h $(1)/usr/include/shortcut-fe -endef - -$(eval $(call KernelPackage,shortcut-fe-drv)) diff --git a/shortcut-fe/simulated-driver/patches/200-nss-qdisc-support.patch b/shortcut-fe/simulated-driver/patches/200-nss-qdisc-support.patch deleted file mode 100644 index 638ad8a84..000000000 --- a/shortcut-fe/simulated-driver/patches/200-nss-qdisc-support.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- ./simulated-driver/sfe_drv.c.orig 2020-06-16 12:49:47.680153371 +0800 -+++ ./simulated-driver/sfe_drv.c 2020-06-16 12:50:18.540153371 +0800 -@@ -1167,7 +1167,7 @@ int sfe_drv_recv(struct sk_buff *skb) - * If ingress Qdisc configured, and packet not processed by ingress Qdisc yet - * We can not accelerate this packet. - */ -- if (dev->ingress_queue && !(skb->tc_verd & TC_NCLS)) { -+ if (dev->ingress_queue && !(skb->tc_verd_qca_nss & TC_NCLS)) { - return 0; - } - #endif diff --git a/shortcut-fe/shortcut-fe/src/Kconfig b/shortcut-fe/src/Kconfig similarity index 100% rename from shortcut-fe/shortcut-fe/src/Kconfig rename to shortcut-fe/src/Kconfig diff --git a/shortcut-fe/shortcut-fe/src/Makefile b/shortcut-fe/src/Makefile similarity index 91% rename from shortcut-fe/shortcut-fe/src/Makefile rename to shortcut-fe/src/Makefile index 991a20ec6..3b1ceaa44 100644 --- a/shortcut-fe/shortcut-fe/src/Makefile +++ b/shortcut-fe/src/Makefile @@ -21,4 +21,3 @@ endif shortcut-fe-cm-objs := \ sfe_cm.o -ccflags-y += -Werror -Wall diff --git a/shortcut-fe/src/sfe.h b/shortcut-fe/src/sfe.h new file mode 100644 index 000000000..279e7b3dc --- /dev/null +++ b/shortcut-fe/src/sfe.h @@ -0,0 +1,114 @@ +/* + * sfe.h + * Shortcut forwarding engine. + * + * Copyright (c) 2013-2017 The Linux Foundation. All rights reserved. + * Permission to use, copy, modify, and/or distribute this software for + * any purpose with or without fee is hereby granted, provided that the + * above copyright notice and this permission notice appear in all copies. + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT + * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + + +/* + * The following are debug macros used throughout the SFE. + * + * The DEBUG_LEVEL enables the followings based on its value, + * when dynamic debug option is disabled. + * + * 0 = OFF + * 1 = ASSERTS / ERRORS + * 2 = 1 + WARN + * 3 = 2 + INFO + * 4 = 3 + TRACE + */ +#define DEBUG_LEVEL 2 + +#if (DEBUG_LEVEL < 1) +#define DEBUG_ASSERT(s, ...) +#define DEBUG_ERROR(s, ...) +#else +#define DEBUG_ASSERT(c, s, ...) if (!(c)) { pr_emerg("ASSERT: %s:%d:" s, __FUNCTION__, __LINE__, ##__VA_ARGS__); BUG(); } +#define DEBUG_ERROR(s, ...) pr_err("%s:%d:" s, __FUNCTION__, __LINE__, ##__VA_ARGS__) +#endif + +#if defined(CONFIG_DYNAMIC_DEBUG) +/* + * Compile messages for dynamic enable/disable + */ +#define DEBUG_WARN(s, ...) pr_debug("%s[%d]:" s, __FUNCTION__, __LINE__, ##__VA_ARGS__) +#define DEBUG_INFO(s, ...) pr_debug("%s[%d]:" s, __FUNCTION__, __LINE__, ##__VA_ARGS__) +#define DEBUG_TRACE(s, ...) pr_debug("%s[%d]:" s, __FUNCTION__, __LINE__, ##__VA_ARGS__) +#else + +/* + * Statically compile messages at different levels + */ +#if (DEBUG_LEVEL < 2) +#define DEBUG_WARN(s, ...) +#else +#define DEBUG_WARN(s, ...) pr_warn("%s[%d]:" s, __FUNCTION__, __LINE__, ##__VA_ARGS__) +#endif + +#if (DEBUG_LEVEL < 3) +#define DEBUG_INFO(s, ...) +#else +#define DEBUG_INFO(s, ...) pr_notice("%s[%d]:" s, __FUNCTION__, __LINE__, ##__VA_ARGS__) +#endif + +#if (DEBUG_LEVEL < 4) +#define DEBUG_TRACE(s, ...) +#else +#define DEBUG_TRACE(s, ...) pr_info("%s[%d]:" s, __FUNCTION__, __LINE__, ##__VA_ARGS__) +#endif +#endif + +#ifdef CONFIG_NF_FLOW_COOKIE +typedef int (*flow_cookie_set_func_t)(u32 protocol, __be32 src_ip, __be16 src_port, + __be32 dst_ip, __be16 dst_port, u16 flow_cookie); +/* + * sfe_register_flow_cookie_cb + * register a function in SFE to let SFE use this function to configure flow cookie for a flow + * + * Hardware driver which support flow cookie should register a callback function in SFE. Then SFE + * can use this function to configure flow cookie for a flow. + * return: 0, success; !=0, fail + */ +int sfe_register_flow_cookie_cb(flow_cookie_set_func_t cb); + +/* + * sfe_unregister_flow_cookie_cb + * unregister function which is used to configure flow cookie for a flow + * + * return: 0, success; !=0, fail + */ +int sfe_unregister_flow_cookie_cb(flow_cookie_set_func_t cb); + +typedef int (*sfe_ipv6_flow_cookie_set_func_t)(u32 protocol, __be32 src_ip[4], __be16 src_port, + __be32 dst_ip[4], __be16 dst_port, u16 flow_cookie); + +/* + * sfe_ipv6_register_flow_cookie_cb + * register a function in SFE to let SFE use this function to configure flow cookie for a flow + * + * Hardware driver which support flow cookie should register a callback function in SFE. Then SFE + * can use this function to configure flow cookie for a flow. + * return: 0, success; !=0, fail + */ +int sfe_ipv6_register_flow_cookie_cb(sfe_ipv6_flow_cookie_set_func_t cb); + +/* + * sfe_ipv6_unregister_flow_cookie_cb + * unregister function which is used to configure flow cookie for a flow + * + * return: 0, success; !=0, fail + */ +int sfe_ipv6_unregister_flow_cookie_cb(sfe_ipv6_flow_cookie_set_func_t cb); + +#endif /*CONFIG_NF_FLOW_COOKIE*/ diff --git a/shortcut-fe/src/sfe_backport.h b/shortcut-fe/src/sfe_backport.h new file mode 100644 index 000000000..2f8c8ca3c --- /dev/null +++ b/shortcut-fe/src/sfe_backport.h @@ -0,0 +1,195 @@ +/* + * sfe_backport.h + * Shortcut forwarding engine compatible header file. + * + * Copyright (c) 2014-2016 The Linux Foundation. All rights reserved. + * Permission to use, copy, modify, and/or distribute this software for + * any purpose with or without fee is hereby granted, provided that the + * above copyright notice and this permission notice appear in all copies. + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT + * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#if (LINUX_VERSION_CODE >= KERNEL_VERSION(3, 4, 0)) +#if (LINUX_VERSION_CODE >= KERNEL_VERSION(3, 7, 0)) +#include +#else +enum udp_conntrack { + UDP_CT_UNREPLIED, + UDP_CT_REPLIED, + UDP_CT_MAX +}; + +static inline unsigned int * +nf_ct_timeout_lookup(struct net *net, struct nf_conn *ct, + struct nf_conntrack_l4proto *l4proto) +{ +#ifdef CONFIG_NF_CONNTRACK_TIMEOUT + struct nf_conn_timeout *timeout_ext; + unsigned int *timeouts; + + timeout_ext = nf_ct_timeout_find(ct); + if (timeout_ext) + timeouts = NF_CT_TIMEOUT_EXT_DATA(timeout_ext); + else + timeouts = l4proto->get_timeouts(net); + + return timeouts; +#else + return l4proto->get_timeouts(net); +#endif /*CONFIG_NF_CONNTRACK_TIMEOUT*/ +} +#endif /*KERNEL_VERSION(3, 7, 0)*/ +#endif /*KERNEL_VERSION(3, 4, 0)*/ + +#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 4, 0)) +#define sfe_define_post_routing_hook(FN_NAME, HOOKNUM, OPS, SKB, UNUSED, OUT, OKFN) \ +static unsigned int FN_NAME(void *priv, \ + struct sk_buff *SKB, \ + const struct nf_hook_state *state) +#elif (LINUX_VERSION_CODE >= KERNEL_VERSION(3, 13, 0)) +#define sfe_define_post_routing_hook(FN_NAME, HOOKNUM, OPS, SKB, UNUSED, OUT, OKFN) \ +static unsigned int FN_NAME(const struct nf_hook_ops *OPS, \ + struct sk_buff *SKB, \ + const struct net_device *UNUSED, \ + const struct net_device *OUT, \ + int (*OKFN)(struct sk_buff *)) +#else +#define sfe_define_post_routing_hook(FN_NAME, HOOKNUM, OPS, SKB, UNUSED, OUT, OKFN) \ +static unsigned int FN_NAME(unsigned int HOOKNUM, \ + struct sk_buff *SKB, \ + const struct net_device *UNUSED, \ + const struct net_device *OUT, \ + int (*OKFN)(struct sk_buff *)) +#endif + +#define sfe_cm_ipv4_post_routing_hook(HOOKNUM, OPS, SKB, UNUSED, OUT, OKFN) \ + sfe_define_post_routing_hook(__sfe_cm_ipv4_post_routing_hook, HOOKNUM, OPS, SKB, UNUSED, OUT, OKFN) +#define sfe_cm_ipv6_post_routing_hook(HOOKNUM, OPS, SKB, UNUSED, OUT, OKFN) \ + sfe_define_post_routing_hook(__sfe_cm_ipv6_post_routing_hook, HOOKNUM, OPS, SKB, UNUSED, OUT, OKFN) +#define fast_classifier_ipv4_post_routing_hook(HOOKNUM, OPS, SKB, UNUSED, OUT, OKFN) \ + sfe_define_post_routing_hook(__fast_classifier_ipv4_post_routing_hook, HOOKNUM, OPS, SKB, UNUSED, OUT, OKFN) +#define fast_classifier_ipv6_post_routing_hook(HOOKNUM, OPS, SKB, UNUSED, OUT, OKFN) \ + sfe_define_post_routing_hook(__fast_classifier_ipv6_post_routing_hook, HOOKNUM, OPS, SKB, UNUSED, OUT, OKFN) + +#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 4, 0)) +#define SFE_IPV4_NF_POST_ROUTING_HOOK(fn) \ + { \ + .hook = fn, \ + .pf = NFPROTO_IPV4, \ + .hooknum = NF_INET_POST_ROUTING, \ + .priority = NF_IP_PRI_NAT_SRC + 1, \ + } +#else +#define SFE_IPV4_NF_POST_ROUTING_HOOK(fn) \ + { \ + .hook = fn, \ + .owner = THIS_MODULE, \ + .pf = NFPROTO_IPV4, \ + .hooknum = NF_INET_POST_ROUTING, \ + .priority = NF_IP_PRI_NAT_SRC + 1, \ + } +#endif + +#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 4, 0)) +#define SFE_IPV6_NF_POST_ROUTING_HOOK(fn) \ + { \ + .hook = fn, \ + .pf = NFPROTO_IPV6, \ + .hooknum = NF_INET_POST_ROUTING, \ + .priority = NF_IP_PRI_NAT_SRC + 1, \ + } +#else +#define SFE_IPV6_NF_POST_ROUTING_HOOK(fn) \ + { \ + .hook = fn, \ + .owner = THIS_MODULE, \ + .pf = NFPROTO_IPV6, \ + .hooknum = NF_INET_POST_ROUTING, \ + .priority = NF_IP6_PRI_NAT_SRC + 1, \ + } +#endif + +#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 3, 0)) +#define SFE_NF_CT_DEFAULT_ZONE (&nf_ct_zone_dflt) +#else +#define SFE_NF_CT_DEFAULT_ZONE NF_CT_DEFAULT_ZONE +#endif + +/* + * sfe_dev_get_master + * get master of bridge port, and hold it + */ +static inline struct net_device *sfe_dev_get_master(struct net_device *dev) +{ + struct net_device *master; +#if (LINUX_VERSION_CODE >= KERNEL_VERSION(3, 9, 0)) + rcu_read_lock(); + master = netdev_master_upper_dev_get_rcu(dev); + if (master) + dev_hold(master); + + rcu_read_unlock(); +#else + master = dev->master; + if (master) + dev_hold(master); +#endif + return master; +} + +#if (LINUX_VERSION_CODE >= KERNEL_VERSION(3, 11, 0)) +#define SFE_DEV_EVENT_PTR(PTR) netdev_notifier_info_to_dev(PTR) +#else +#define SFE_DEV_EVENT_PTR(PTR) (struct net_device *)(PTR) +#endif + +#if (LINUX_VERSION_CODE >= KERNEL_VERSION(3, 13, 0)) +#define SFE_NF_CONN_ACCT(NM) struct nf_conn_acct *NM +#else +#define SFE_NF_CONN_ACCT(NM) struct nf_conn_counter *NM +#endif + +#if (LINUX_VERSION_CODE >= KERNEL_VERSION(3, 13, 0)) +#define SFE_ACCT_COUNTER(NM) ((NM)->counter) +#else +#define SFE_ACCT_COUNTER(NM) (NM) +#endif + +#if (LINUX_VERSION_CODE >= KERNEL_VERSION(3, 9, 0)) +#define sfe_hash_for_each_possible(name, obj, node, member, key) \ + hash_for_each_possible(name, obj, member, key) +#else +#define sfe_hash_for_each_possible(name, obj, node, member, key) \ + hash_for_each_possible(name, obj, node, member, key) +#endif + +#if (LINUX_VERSION_CODE >= KERNEL_VERSION(3, 9, 0)) +#define sfe_hash_for_each(name, bkt, node, obj, member) \ + hash_for_each(name, bkt, obj, member) +#else +#define sfe_hash_for_each(name, bkt, node, obj, member) \ + hash_for_each(name, bkt, node, obj, member) +#endif + +#if (LINUX_VERSION_CODE >= KERNEL_VERSION(3, 4, 0)) +#define sfe_dst_get_neighbour(dst, daddr) dst_neigh_lookup(dst, daddr) +#else +static inline struct neighbour * +sfe_dst_get_neighbour(struct dst_entry *dst, void *daddr) +{ + struct neighbour *neigh = dst_get_neighbour_noref(dst); + + if (neigh) + neigh_hold(neigh); + + return neigh; +} +#endif diff --git a/shortcut-fe/shortcut-fe/src/sfe_cm.c b/shortcut-fe/src/sfe_cm.c similarity index 90% rename from shortcut-fe/shortcut-fe/src/sfe_cm.c rename to shortcut-fe/src/sfe_cm.c index cf146fdb1..18f3475e5 100644 --- a/shortcut-fe/shortcut-fe/src/sfe_cm.c +++ b/shortcut-fe/src/sfe_cm.c @@ -2,7 +2,7 @@ * sfe-cm.c * Shortcut forwarding engine connection manager. * - * Copyright (c) 2013-2018, 2020 The Linux Foundation. All rights reserved. + * Copyright (c) 2013-2018 The Linux Foundation. All rights reserved. * Permission to use, copy, modify, and/or distribute this software for * any purpose with or without fee is hereby granted, provided that the * above copyright notice and this permission notice appear in all copies. @@ -199,7 +199,7 @@ int sfe_cm_recv(struct sk_buff *skb) * structure, obtain the hardware address. This means this function also * works if the neighbours are routers too. */ -static bool sfe_cm_find_dev_and_mac_addr(struct sk_buff *skb, sfe_ip_addr_t *addr, struct net_device **dev, u8 *mac_addr, int is_v4) +static bool sfe_cm_find_dev_and_mac_addr(sfe_ip_addr_t *addr, struct net_device **dev, u8 *mac_addr, int is_v4) { struct neighbour *neigh; struct rtable *rt; @@ -207,15 +207,6 @@ static bool sfe_cm_find_dev_and_mac_addr(struct sk_buff *skb, sfe_ip_addr_t *add struct dst_entry *dst; struct net_device *mac_dev; - /* - * If we have skb provided, use it as the original code is unable - * to lookup routes that are policy routed. - */ - if (unlikely(skb)) { - dst = skb_dst(skb); - goto skip_dst_lookup; - } - /* * Look up the rtable entry for the IP address then get the hardware * address from its neighbour structure. This means this work when the @@ -229,11 +220,11 @@ static bool sfe_cm_find_dev_and_mac_addr(struct sk_buff *skb, sfe_ip_addr_t *add dst = (struct dst_entry *)rt; } else { -#if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 17, 0)) - rt6 = rt6_lookup(&init_net, (struct in6_addr *)addr->ip6, 0, 0, 0); -#else +#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 17, 0)) rt6 = rt6_lookup(&init_net, (struct in6_addr *)addr->ip6, 0, 0, NULL, 0); -#endif +#else + rt6 = rt6_lookup(&init_net, (struct in6_addr *)addr->ip6, 0, 0, 0); +#endif /*KERNEL_VERSION(4, 17, 0)*/ if (!rt6) { goto ret_fail; } @@ -241,21 +232,18 @@ static bool sfe_cm_find_dev_and_mac_addr(struct sk_buff *skb, sfe_ip_addr_t *add dst = (struct dst_entry *)rt6; } -skip_dst_lookup: rcu_read_lock(); neigh = sfe_dst_get_neighbour(dst, addr); if (unlikely(!neigh)) { rcu_read_unlock(); - if (likely(!skb)) - dst_release(dst); + dst_release(dst); goto ret_fail; } if (unlikely(!(neigh->nud_state & NUD_VALID))) { rcu_read_unlock(); neigh_release(neigh); - if (likely(!skb)) - dst_release(dst); + dst_release(dst); goto ret_fail; } @@ -263,8 +251,7 @@ skip_dst_lookup: if (!mac_dev) { rcu_read_unlock(); neigh_release(neigh); - if (likely(!skb)) - dst_release(dst); + dst_release(dst); goto ret_fail; } @@ -274,8 +261,7 @@ skip_dst_lookup: *dev = mac_dev; rcu_read_unlock(); neigh_release(neigh); - if (likely(!skb)) - dst_release(dst); + dst_release(dst); return true; @@ -305,7 +291,6 @@ static unsigned int sfe_cm_post_routing(struct sk_buff *skb, int is_v4) struct net_device *dest_dev; struct net_device *src_dev_tmp; struct net_device *dest_dev_tmp; - struct sk_buff *tmp_skb = NULL; struct net_device *src_br_dev = NULL; struct net_device *dest_br_dev = NULL; struct nf_conntrack_tuple orig_tuple; @@ -367,18 +352,16 @@ static unsigned int sfe_cm_post_routing(struct sk_buff *skb, int is_v4) return NF_ACCEPT; } +#if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 12, 0)) /* * Don't process untracked connections. */ -#if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 12, 0)) if (unlikely(nf_ct_is_untracked(ct))) { -#else - if (unlikely(ctinfo == IP_CT_UNTRACKED)) { -#endif sfe_cm_incr_exceptions(SFE_CM_EXCEPTION_CT_NO_TRACK); DEBUG_TRACE("untracked connection\n"); return NF_ACCEPT; } +#endif /*KERNEL_VERSION(4, 12, 0)*/ /* * Unconfirmed connection may be dropped by Linux at the final step, @@ -527,21 +510,6 @@ static unsigned int sfe_cm_post_routing(struct sk_buff *skb, int is_v4) return NF_ACCEPT; } spin_unlock_bh(&ct->lock); - - /* - * Somehow, SFE is not playing nice with IPSec traffic. - * Do not accelerate for now. - */ - if (ntohs(sic.dest_port) == 4500 || ntohs(sic.dest_port) == 500) { - if (likely(is_v4)) - DEBUG_TRACE("IPsec bypass: %pI4:%d(%pI4:%d) to %pI4:%d(%pI4:%d)\n", - &sic.src_ip.ip, ntohs(sic.src_port), &sic.src_ip_xlate.ip, ntohs(sic.src_port_xlate), - &sic.dest_ip.ip, ntohs(sic.dest_port), &sic.dest_ip_xlate.ip, ntohs(sic.dest_port_xlate)); - else - DEBUG_TRACE("IPsec bypass: %pI6:%d to %pI6:%d\n", - &sic.src_ip.ip6, ntohs(sic.src_port), &sic.dest_ip.ip6, ntohs(sic.dest_port)); - return NF_ACCEPT; - } break; case IPPROTO_UDP: @@ -565,10 +533,10 @@ static unsigned int sfe_cm_post_routing(struct sk_buff *skb, int is_v4) * For packets de-capsulated from xfrm, we still can accelerate it * on the direction we just received the packet. */ -#if (LINUX_VERSION_CODE < KERNEL_VERSION(5, 0, 0)) - if (unlikely(skb->sp)) { +#if (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 0, 0)) + if (unlikely(skb_ext_exist(skb, SKB_EXT_SEC_PATH))) { #else - if (unlikely(secpath_exists(skb))) { + if (unlikely(skb->sp)) { #endif if (sic.protocol == IPPROTO_TCP && !(sic.flags & SFE_CREATE_FLAG_NO_SEQ_CHECK)) { @@ -596,27 +564,25 @@ static unsigned int sfe_cm_post_routing(struct sk_buff *skb, int is_v4) * Get the net device and MAC addresses that correspond to the various source and * destination host addresses. */ - if (!sfe_cm_find_dev_and_mac_addr(NULL, &sic.src_ip, &src_dev_tmp, sic.src_mac, is_v4)) { + if (!sfe_cm_find_dev_and_mac_addr(&sic.src_ip, &src_dev_tmp, sic.src_mac, is_v4)) { sfe_cm_incr_exceptions(SFE_CM_EXCEPTION_NO_SRC_DEV); return NF_ACCEPT; } src_dev = src_dev_tmp; - if (!sfe_cm_find_dev_and_mac_addr(NULL, &sic.src_ip_xlate, &dev, sic.src_mac_xlate, is_v4)) { + if (!sfe_cm_find_dev_and_mac_addr(&sic.src_ip_xlate, &dev, sic.src_mac_xlate, is_v4)) { sfe_cm_incr_exceptions(SFE_CM_EXCEPTION_NO_SRC_XLATE_DEV); goto done1; } dev_put(dev); - /* Somehow, for IPv6, we need this workaround as well */ - if (unlikely(!is_v4)) - tmp_skb = skb; - if (!sfe_cm_find_dev_and_mac_addr(tmp_skb, &sic.dest_ip, &dev, sic.dest_mac, is_v4)) { + + if (!sfe_cm_find_dev_and_mac_addr(&sic.dest_ip, &dev, sic.dest_mac, is_v4)) { sfe_cm_incr_exceptions(SFE_CM_EXCEPTION_NO_DEST_DEV); goto done1; } dev_put(dev); - if (!sfe_cm_find_dev_and_mac_addr(skb, &sic.dest_ip_xlate, &dest_dev_tmp, sic.dest_mac_xlate, is_v4)) { + if (!sfe_cm_find_dev_and_mac_addr(&sic.dest_ip_xlate, &dest_dev_tmp, sic.dest_mac_xlate, is_v4)) { sfe_cm_incr_exceptions(SFE_CM_EXCEPTION_NO_DEST_XLATE_DEV); goto done1; } @@ -722,11 +688,14 @@ static int sfe_cm_conntrack_event(unsigned int events, struct nf_ct_event *item) } #if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 12, 0)) + /* + * If this is an untracked connection then we can't have any state either. + */ if (unlikely(nf_ct_is_untracked(ct))) { DEBUG_TRACE("ignoring untracked conn\n"); return NOTIFY_DONE; } -#endif +#endif /*KERNEL_VERSION(4, 12, 0)*/ /* * We're only interested in destroy events. @@ -856,17 +825,18 @@ static void sfe_cm_sync_rule(struct sfe_connection_sync *sis) ct = nf_ct_tuplehash_to_ctrack(h); #if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 9, 0)) NF_CT_ASSERT(ct->timeout.data == (unsigned long)ct); -#endif +#endif /*KERNEL_VERSION(4, 9, 0)*/ + /* * Only update if this is not a fixed timeout */ if (!test_bit(IPS_FIXED_TIMEOUT_BIT, &ct->status)) { spin_lock_bh(&ct->lock); -#if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 9, 0)) - ct->timeout.expires += sis->delta_jiffies; -#else +#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 9, 0)) ct->timeout += sis->delta_jiffies; -#endif +#else + ct->timeout.expires += sis->delta_jiffies; +#endif /*KERNEL_VERSION(4, 9, 0)*/ spin_unlock_bh(&ct->lock); } @@ -921,26 +891,26 @@ static void sfe_cm_sync_rule(struct sfe_connection_sync *sis) if (reply_pkts != 0) { unsigned int *timeouts; - struct nf_conntrack_l4proto *l4proto __maybe_unused; + set_bit(IPS_SEEN_REPLY_BIT, &ct->status); set_bit(IPS_ASSURED_BIT, &ct->status); -#if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 19, 0)) +#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 19, 0)) + timeouts = nf_ct_timeout_lookup(ct); +#else + struct nf_conntrack_l4proto *l4proto; + l4proto = __nf_ct_l4proto_find((sis->is_v6 ? AF_INET6 : AF_INET), IPPROTO_UDP); timeouts = nf_ct_timeout_lookup(&init_net, ct, l4proto); - spin_lock_bh(&ct->lock); - ct->timeout.expires = jiffies + timeouts[UDP_CT_REPLIED]; - spin_unlock_bh(&ct->lock); -#else - timeouts = nf_ct_timeout_lookup(ct); - if (!timeouts) { - timeouts = udp_get_timeouts(nf_ct_net(ct)); - } +#endif /*KERNEL_VERSION(4, 19, 0)*/ spin_lock_bh(&ct->lock); +#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 9, 0)) ct->timeout = jiffies + timeouts[UDP_CT_REPLIED]; +#else + ct->timeout.expires = jiffies + timeouts[UDP_CT_REPLIED]; +#endif /*KERNEL_VERSION(4, 9, 0)*/ spin_unlock_bh(&ct->lock); -#endif } } break; @@ -1031,9 +1001,6 @@ static int __init sfe_cm_init(void) { struct sfe_cm *sc = &__sc; int result = -1; -#ifdef CONFIG_SFE_ECM - int (*fast_recv)(struct sk_buff *skb); -#endif DEBUG_INFO("SFE CM init\n"); @@ -1069,11 +1036,7 @@ static int __init sfe_cm_init(void) /* * Register our netfilter hooks. */ -#if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 13, 0)) - result = nf_register_hooks(sfe_cm_ops_post_routing, ARRAY_SIZE(sfe_cm_ops_post_routing)); -#else result = nf_register_net_hooks(&init_net, sfe_cm_ops_post_routing, ARRAY_SIZE(sfe_cm_ops_post_routing)); -#endif if (result < 0) { DEBUG_ERROR("can't register nf post routing hook: %d\n", result); goto exit3; @@ -1086,30 +1049,22 @@ static int __init sfe_cm_init(void) */ #ifdef CONFIG_NF_CONNTRACK_EVENTS #ifdef CONFIG_NF_CONNTRACK_CHAIN_EVENTS - result = nf_conntrack_register_chain_notifier(&init_net, &sfe_cm_conntrack_notifier); + (void)nf_conntrack_register_chain_notifier(&init_net, &sfe_cm_conntrack_notifier); #else result = nf_conntrack_register_notifier(&init_net, &sfe_cm_conntrack_notifier); -#endif if (result < 0) { DEBUG_ERROR("can't register nf notifier hook: %d\n", result); goto exit4; } #endif +#endif + spin_lock_init(&sc->lock); /* * Hook the receive path in the network stack. */ -#ifdef CONFIG_SFE_ECM - rcu_read_lock(); - fast_recv = rcu_dereference(athrs_fast_nat_recv); - rcu_read_unlock(); - if (!fast_recv) { - BUG_ON(athrs_fast_nat_recv); - } -#else BUG_ON(athrs_fast_nat_recv); -#endif RCU_INIT_POINTER(athrs_fast_nat_recv, sfe_cm_recv); /* @@ -1120,15 +1075,10 @@ static int __init sfe_cm_init(void) return 0; #ifdef CONFIG_NF_CONNTRACK_EVENTS +#ifndef CONFIG_NF_CONNTRACK_CHAIN_EVENTS exit4: -#ifdef CONFIG_NF_CONNTRACK_CHAIN_EVENTS -#if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 13, 0)) - nf_unregister_hooks(sfe_cm_ops_post_routing, ARRAY_SIZE(sfe_cm_ops_post_routing)); -#else nf_unregister_net_hooks(&init_net, sfe_cm_ops_post_routing, ARRAY_SIZE(sfe_cm_ops_post_routing)); #endif - -#endif #endif exit3: unregister_inet6addr_notifier(&sc->inet6_notifier); @@ -1179,12 +1129,8 @@ static void __exit sfe_cm_exit(void) nf_conntrack_unregister_notifier(&init_net, &sfe_cm_conntrack_notifier); #endif #endif - -#if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 13, 0)) - nf_unregister_hooks(sfe_cm_ops_post_routing, ARRAY_SIZE(sfe_cm_ops_post_routing)); -#else nf_unregister_net_hooks(&init_net, sfe_cm_ops_post_routing, ARRAY_SIZE(sfe_cm_ops_post_routing)); -#endif + unregister_inet6addr_notifier(&sc->inet6_notifier); unregister_inetaddr_notifier(&sc->inet_notifier); unregister_netdevice_notifier(&sc->dev_notifier); diff --git a/shortcut-fe/src/sfe_cm.h b/shortcut-fe/src/sfe_cm.h new file mode 100644 index 000000000..23cbde859 --- /dev/null +++ b/shortcut-fe/src/sfe_cm.h @@ -0,0 +1,259 @@ +/* + * sfe_cm.h + * Shortcut forwarding engine. + * + * Copyright (c) 2013-2016 The Linux Foundation. All rights reserved. + * Permission to use, copy, modify, and/or distribute this software for + * any purpose with or without fee is hereby granted, provided that the + * above copyright notice and this permission notice appear in all copies. + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT + * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * connection flags. + */ +#define SFE_CREATE_FLAG_NO_SEQ_CHECK BIT(0) + /* Indicates that we should not check sequence numbers */ +#define SFE_CREATE_FLAG_REMARK_PRIORITY BIT(1) + /* Indicates that we should remark priority of skb */ +#define SFE_CREATE_FLAG_REMARK_DSCP BIT(2) + /* Indicates that we should remark DSCP of packet */ + +/* + * IPv6 address structure + */ +struct sfe_ipv6_addr { + __be32 addr[4]; +}; + +typedef union { + __be32 ip; + struct sfe_ipv6_addr ip6[1]; +} sfe_ip_addr_t; + +/* + * connection creation structure. + */ +struct sfe_connection_create { + int protocol; + struct net_device *src_dev; + struct net_device *dest_dev; + u32 flags; + u32 src_mtu; + u32 dest_mtu; + sfe_ip_addr_t src_ip; + sfe_ip_addr_t src_ip_xlate; + sfe_ip_addr_t dest_ip; + sfe_ip_addr_t dest_ip_xlate; + __be16 src_port; + __be16 src_port_xlate; + __be16 dest_port; + __be16 dest_port_xlate; + u8 src_mac[ETH_ALEN]; + u8 src_mac_xlate[ETH_ALEN]; + u8 dest_mac[ETH_ALEN]; + u8 dest_mac_xlate[ETH_ALEN]; + u8 src_td_window_scale; + u32 src_td_max_window; + u32 src_td_end; + u32 src_td_max_end; + u8 dest_td_window_scale; + u32 dest_td_max_window; + u32 dest_td_end; + u32 dest_td_max_end; + u32 mark; +#ifdef CONFIG_XFRM + u32 original_accel; + u32 reply_accel; +#endif + u32 src_priority; + u32 dest_priority; + u32 src_dscp; + u32 dest_dscp; +}; + +/* + * connection destruction structure. + */ +struct sfe_connection_destroy { + int protocol; + sfe_ip_addr_t src_ip; + sfe_ip_addr_t dest_ip; + __be16 src_port; + __be16 dest_port; +}; + +typedef enum sfe_sync_reason { + SFE_SYNC_REASON_STATS, /* Sync is to synchronize stats */ + SFE_SYNC_REASON_FLUSH, /* Sync is to flush a entry */ + SFE_SYNC_REASON_DESTROY /* Sync is to destroy a entry(requested by connection manager) */ +} sfe_sync_reason_t; + +/* + * Structure used to sync connection stats/state back within the system. + * + * NOTE: The addresses here are NON-NAT addresses, i.e. the true endpoint addressing. + * 'src' is the creator of the connection. + */ +struct sfe_connection_sync { + struct net_device *src_dev; + struct net_device *dest_dev; + int is_v6; /* Is it for ipv6? */ + int protocol; /* IP protocol number (IPPROTO_...) */ + sfe_ip_addr_t src_ip; /* Non-NAT source address, i.e. the creator of the connection */ + sfe_ip_addr_t src_ip_xlate; /* NATed source address */ + __be16 src_port; /* Non-NAT source port */ + __be16 src_port_xlate; /* NATed source port */ + sfe_ip_addr_t dest_ip; /* Non-NAT destination address, i.e. to whom the connection was created */ + sfe_ip_addr_t dest_ip_xlate; /* NATed destination address */ + __be16 dest_port; /* Non-NAT destination port */ + __be16 dest_port_xlate; /* NATed destination port */ + u32 src_td_max_window; + u32 src_td_end; + u32 src_td_max_end; + u64 src_packet_count; + u64 src_byte_count; + u32 src_new_packet_count; + u32 src_new_byte_count; + u32 dest_td_max_window; + u32 dest_td_end; + u32 dest_td_max_end; + u64 dest_packet_count; + u64 dest_byte_count; + u32 dest_new_packet_count; + u32 dest_new_byte_count; + u32 reason; /* reason for stats sync message, i.e. destroy, flush, period sync */ + u64 delta_jiffies; /* Time to be added to the current timeout to keep the connection alive */ +}; + +/* + * connection mark structure + */ +struct sfe_connection_mark { + int protocol; + sfe_ip_addr_t src_ip; + sfe_ip_addr_t dest_ip; + __be16 src_port; + __be16 dest_port; + u32 mark; +}; + +/* + * Expose the hook for the receive processing. + */ +extern int (*athrs_fast_nat_recv)(struct sk_buff *skb); + +/* + * Expose what should be a static flag in the TCP connection tracker. + */ +extern int nf_ct_tcp_no_window_check; + +/* + * This callback will be called in a timer + * at 100 times per second to sync stats back to + * Linux connection track. + * + * A RCU lock is taken to prevent this callback + * from unregistering. + */ +typedef void (*sfe_sync_rule_callback_t)(struct sfe_connection_sync *); + +/* + * IPv4 APIs used by connection manager + */ +int sfe_ipv4_recv(struct net_device *dev, struct sk_buff *skb); +int sfe_ipv4_create_rule(struct sfe_connection_create *sic); +void sfe_ipv4_destroy_rule(struct sfe_connection_destroy *sid); +void sfe_ipv4_destroy_all_rules_for_dev(struct net_device *dev); +void sfe_ipv4_register_sync_rule_callback(sfe_sync_rule_callback_t callback); +void sfe_ipv4_update_rule(struct sfe_connection_create *sic); +void sfe_ipv4_mark_rule(struct sfe_connection_mark *mark); + +#ifdef SFE_SUPPORT_IPV6 +/* + * IPv6 APIs used by connection manager + */ +int sfe_ipv6_recv(struct net_device *dev, struct sk_buff *skb); +int sfe_ipv6_create_rule(struct sfe_connection_create *sic); +void sfe_ipv6_destroy_rule(struct sfe_connection_destroy *sid); +void sfe_ipv6_destroy_all_rules_for_dev(struct net_device *dev); +void sfe_ipv6_register_sync_rule_callback(sfe_sync_rule_callback_t callback); +void sfe_ipv6_update_rule(struct sfe_connection_create *sic); +void sfe_ipv6_mark_rule(struct sfe_connection_mark *mark); +#else +static inline int sfe_ipv6_recv(struct net_device *dev, struct sk_buff *skb) +{ + return 0; +} + +static inline int sfe_ipv6_create_rule(struct sfe_connection_create *sic) +{ + return 0; +} + +static inline void sfe_ipv6_destroy_rule(struct sfe_connection_destroy *sid) +{ + return; +} + +static inline void sfe_ipv6_destroy_all_rules_for_dev(struct net_device *dev) +{ + return; +} + +static inline void sfe_ipv6_register_sync_rule_callback(sfe_sync_rule_callback_t callback) +{ + return; +} + +static inline void sfe_ipv6_update_rule(struct sfe_connection_create *sic) +{ + return; +} + +static inline void sfe_ipv6_mark_rule(struct sfe_connection_mark *mark) +{ + return; +} +#endif + +/* + * sfe_ipv6_addr_equal() + * compare ipv6 address + * + * return: 1, equal; 0, no equal + */ +static inline int sfe_ipv6_addr_equal(struct sfe_ipv6_addr *a, + struct sfe_ipv6_addr *b) +{ + return a->addr[0] == b->addr[0] && + a->addr[1] == b->addr[1] && + a->addr[2] == b->addr[2] && + a->addr[3] == b->addr[3]; +} + +/* + * sfe_ipv4_addr_equal() + * compare ipv4 address + * + * return: 1, equal; 0, no equal + */ +#define sfe_ipv4_addr_equal(a, b) ((u32)(a) == (u32)(b)) + +/* + * sfe_addr_equal() + * compare ipv4 or ipv6 address + * + * return: 1, equal; 0, no equal + */ +static inline int sfe_addr_equal(sfe_ip_addr_t *a, + sfe_ip_addr_t *b, int is_v4) +{ + return is_v4 ? sfe_ipv4_addr_equal(a->ip, b->ip) : sfe_ipv6_addr_equal(a->ip6, b->ip6); +} diff --git a/shortcut-fe/shortcut-fe/src/sfe_ipv4.c b/shortcut-fe/src/sfe_ipv4.c similarity index 99% rename from shortcut-fe/shortcut-fe/src/sfe_ipv4.c rename to shortcut-fe/src/sfe_ipv4.c index cdcdd66dd..531456c05 100644 --- a/shortcut-fe/shortcut-fe/src/sfe_ipv4.c +++ b/shortcut-fe/src/sfe_ipv4.c @@ -2,7 +2,7 @@ * sfe_ipv4.c * Shortcut forwarding engine - IPv4 edition. * - * Copyright (c) 2013-2016, 2019-2020 The Linux Foundation. All rights reserved. + * Copyright (c) 2013-2016, 2019, The Linux Foundation. All rights reserved. * Permission to use, copy, modify, and/or distribute this software for * any purpose with or without fee is hereby granted, provided that the * above copyright notice and this permission notice appear in all copies. @@ -1311,13 +1311,14 @@ static int sfe_ipv4_recv_udp(struct sfe_ipv4 *si, struct sk_buff *skb, struct ne * change the cloned skb's data section. */ if (unlikely(skb_cloned(skb))) { - DEBUG_TRACE("%px: skb is a cloned skb\n", skb); + DEBUG_TRACE("%p: skb is a cloned skb\n", skb); skb = skb_unshare(skb, GFP_ATOMIC); if (!skb) { DEBUG_WARN("Failed to unshare the cloned skb\n"); si->exception_events[SFE_IPV4_EXCEPTION_EVENT_CLONED_SKB_UNSHARE_ERROR]++; si->packets_not_forwarded++; spin_unlock_bh(&si->lock); + return 0; } @@ -1890,13 +1891,14 @@ static int sfe_ipv4_recv_tcp(struct sfe_ipv4 *si, struct sk_buff *skb, struct ne * change the cloned skb's data section. */ if (unlikely(skb_cloned(skb))) { - DEBUG_TRACE("%px: skb is a cloned skb\n", skb); + DEBUG_TRACE("%p: skb is a cloned skb\n", skb); skb = skb_unshare(skb, GFP_ATOMIC); if (!skb) { DEBUG_WARN("Failed to unshare the cloned skb\n"); si->exception_events[SFE_IPV4_EXCEPTION_EVENT_CLONED_SKB_UNSHARE_ERROR]++; si->packets_not_forwarded++; spin_unlock_bh(&si->lock); + return 0; } @@ -2510,7 +2512,7 @@ int sfe_ipv4_create_rule(struct sfe_connection_create *sic) spin_unlock_bh(&si->lock); DEBUG_TRACE("connection already exists - mark: %08x, p: %d\n" - " s: %s:%pxM:%pI4:%u, d: %s:%pxM:%pI4:%u\n", + " s: %s:%pM:%pI4:%u, d: %s:%pM:%pI4:%u\n", sic->mark, sic->protocol, sic->src_dev->name, sic->src_mac, &sic->src_ip.ip, ntohs(sic->src_port), sic->dest_dev->name, sic->dest_mac, &sic->dest_ip.ip, ntohs(sic->dest_port)); @@ -2726,8 +2728,8 @@ int sfe_ipv4_create_rule(struct sfe_connection_create *sic) * We have everything we need! */ DEBUG_INFO("new connection - mark: %08x, p: %d\n" - " s: %s:%pxM(%pxM):%pI4(%pI4):%u(%u)\n" - " d: %s:%pxM(%pxM):%pI4(%pI4):%u(%u)\n", + " s: %s:%pM(%pM):%pI4(%pI4):%u(%u)\n" + " d: %s:%pM(%pM):%pI4(%pI4):%u(%u)\n", sic->mark, sic->protocol, sic->src_dev->name, sic->src_mac, sic->src_mac_xlate, &sic->src_ip.ip, &sic->src_ip_xlate.ip, ntohs(sic->src_port), ntohs(sic->src_port_xlate), @@ -2856,17 +2858,17 @@ another_round: /* * sfe_ipv4_periodic_sync() */ -#if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 15, 0)) +#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 15, 0)) +static void sfe_ipv4_periodic_sync(struct timer_list *arg) +#else static void sfe_ipv4_periodic_sync(unsigned long arg) -#else -static void sfe_ipv4_periodic_sync(struct timer_list *tl) -#endif +#endif /*KERNEL_VERSION(4, 15, 0)*/ { -#if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 15, 0)) - struct sfe_ipv4 *si = (struct sfe_ipv4 *)arg; +#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 15, 0)) + struct sfe_ipv4 *si = (struct sfe_ipv4 *)arg->cust_data; #else - struct sfe_ipv4 *si = from_timer(si, tl, timer); -#endif + struct sfe_ipv4 *si = (struct sfe_ipv4 *)arg; +#endif /*KERNEL_VERSION(4, 15, 0)*/ u64 now_jiffies; int quota; sfe_sync_rule_callback_t sync_rule_callback; @@ -3545,11 +3547,12 @@ static int __init sfe_ipv4_init(void) /* * Create a timer to handle periodic statistics. */ -#if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 15, 0)) - setup_timer(&si->timer, sfe_ipv4_periodic_sync, (unsigned long)si); -#else +#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 15, 0)) timer_setup(&si->timer, sfe_ipv4_periodic_sync, 0); -#endif + si->timer.cust_data = (unsigned long)si; +#else + setup_timer(&si->timer, sfe_ipv4_periodic_sync, (unsigned long)si); +#endif /*KERNEL_VERSION(4, 15, 0)*/ mod_timer(&si->timer, jiffies + ((HZ + 99) / 100)); spin_lock_init(&si->lock); diff --git a/shortcut-fe/shortcut-fe/src/sfe_ipv6.c b/shortcut-fe/src/sfe_ipv6.c similarity index 99% rename from shortcut-fe/shortcut-fe/src/sfe_ipv6.c rename to shortcut-fe/src/sfe_ipv6.c index ae3306693..3c5ef1263 100644 --- a/shortcut-fe/shortcut-fe/src/sfe_ipv6.c +++ b/shortcut-fe/src/sfe_ipv6.c @@ -2,7 +2,7 @@ * sfe_ipv6.c * Shortcut forwarding engine - IPv6 support. * - * Copyright (c) 2015-2016, 2019-2020 The Linux Foundation. All rights reserved. + * Copyright (c) 2015-2016, 2019, The Linux Foundation. All rights reserved. * Permission to use, copy, modify, and/or distribute this software for * any purpose with or without fee is hereby granted, provided that the * above copyright notice and this permission notice appear in all copies. @@ -1369,13 +1369,14 @@ static int sfe_ipv6_recv_udp(struct sfe_ipv6 *si, struct sk_buff *skb, struct ne * change the cloned skb's data section. */ if (unlikely(skb_cloned(skb))) { - DEBUG_TRACE("%px: skb is a cloned skb\n", skb); + DEBUG_TRACE("%p: skb is a cloned skb\n", skb); skb = skb_unshare(skb, GFP_ATOMIC); if (!skb) { DEBUG_WARN("Failed to unshare the cloned skb\n"); si->exception_events[SFE_IPV6_EXCEPTION_EVENT_CLONED_SKB_UNSHARE_ERROR]++; si->packets_not_forwarded++; spin_unlock_bh(&si->lock); + return 0; } @@ -1928,13 +1929,14 @@ static int sfe_ipv6_recv_tcp(struct sfe_ipv6 *si, struct sk_buff *skb, struct ne * change the cloned skb's data section. */ if (unlikely(skb_cloned(skb))) { - DEBUG_TRACE("%px: skb is a cloned skb\n", skb); + DEBUG_TRACE("%p: skb is a cloned skb\n", skb); skb = skb_unshare(skb, GFP_ATOMIC); if (!skb) { DEBUG_WARN("Failed to unshare the cloned skb\n"); si->exception_events[SFE_IPV6_EXCEPTION_EVENT_CLONED_SKB_UNSHARE_ERROR]++; si->packets_not_forwarded++; spin_unlock_bh(&si->lock); + return 0; } @@ -2326,7 +2328,7 @@ int sfe_ipv6_recv(struct net_device *dev, struct sk_buff *skb) si->packets_not_forwarded++; spin_unlock_bh(&si->lock); - DEBUG_TRACE("payload_len: %u, exceeds len: %u\n", payload_len, (len - (unsigned int)sizeof(struct sfe_ipv6_ip_hdr))); + DEBUG_TRACE("payload_len: %u, exceeds len: %u\n", payload_len, (len - sizeof(struct sfe_ipv6_ip_hdr))); return 0; } @@ -2524,7 +2526,7 @@ int sfe_ipv6_create_rule(struct sfe_connection_create *sic) spin_unlock_bh(&si->lock); DEBUG_TRACE("connection already exists - mark: %08x, p: %d\n" - " s: %s:%pxM:%pI6:%u, d: %s:%pxM:%pI6:%u\n", + " s: %s:%pM:%pI6:%u, d: %s:%pM:%pI6:%u\n", sic->mark, sic->protocol, sic->src_dev->name, sic->src_mac, sic->src_ip.ip6, ntohs(sic->src_port), sic->dest_dev->name, sic->dest_mac, sic->dest_ip.ip6, ntohs(sic->dest_port)); @@ -2740,8 +2742,8 @@ int sfe_ipv6_create_rule(struct sfe_connection_create *sic) * We have everything we need! */ DEBUG_INFO("new connection - mark: %08x, p: %d\n" - " s: %s:%pxM(%pxM):%pI6(%pI6):%u(%u)\n" - " d: %s:%pxM(%pxM):%pI6(%pI6):%u(%u)\n", + " s: %s:%pM(%pM):%pI6(%pI6):%u(%u)\n" + " d: %s:%pM(%pM):%pI6(%pI6):%u(%u)\n", sic->mark, sic->protocol, sic->src_dev->name, sic->src_mac, sic->src_mac_xlate, sic->src_ip.ip6, sic->src_ip_xlate.ip6, ntohs(sic->src_port), ntohs(sic->src_port_xlate), @@ -2864,17 +2866,17 @@ another_round: /* * sfe_ipv6_periodic_sync() */ -#if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 15, 0)) +#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 15, 0)) +static void sfe_ipv6_periodic_sync(struct timer_list *arg) +#else static void sfe_ipv6_periodic_sync(unsigned long arg) -#else -static void sfe_ipv6_periodic_sync(struct timer_list *tl) -#endif +#endif /*KERNEL_VERSION(4, 15, 0)*/ { -#if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 15, 0)) - struct sfe_ipv6 *si = (struct sfe_ipv6 *)arg; +#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 15, 0)) + struct sfe_ipv6 *si = (struct sfe_ipv6 *)arg->cust_data; #else - struct sfe_ipv6 *si = from_timer(si, tl, timer); -#endif + struct sfe_ipv6 *si = (struct sfe_ipv6 *)arg; +#endif /*KERNEL_VERSION(4, 15, 0)*/ u64 now_jiffies; int quota; sfe_sync_rule_callback_t sync_rule_callback; @@ -3553,11 +3555,12 @@ static int __init sfe_ipv6_init(void) /* * Create a timer to handle periodic statistics. */ -#if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 15, 0)) - setup_timer(&si->timer, sfe_ipv6_periodic_sync, (unsigned long)si); -#else +#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 15, 0)) timer_setup(&si->timer, sfe_ipv6_periodic_sync, 0); -#endif + si->timer.cust_data = (unsigned long)si; +#else + setup_timer(&si->timer, sfe_ipv6_periodic_sync, (unsigned long)si); +#endif /*KERNEL_VERSION(4, 15, 0)*/ mod_timer(&si->timer, jiffies + ((HZ + 99) / 100)); spin_lock_init(&si->lock);