Revert "fix shortcut"

This reverts commit 2096997ef7.
2025-03-09 15:40:03 +00:00 · 2021-09-25 17:31:25 +08:00 · 2021-09-25 17:31:25 +08:00 · b28cad97f6
commit b28cad97f6
parent 2096997ef7
31 changed files with 673 additions and 1015 deletions
--- a/shortcut-fe/fast-classifier/Makefile
+++ b/shortcut-fe/fast-classifier/Makefile
@ -1,17 +1,3 @@
 #
 # Copyright (c) 2013-2018 The Linux Foundation. All rights reserved.
 # Permission to use, copy, modify, and/or distribute this software for
 # any purpose with or without fee is hereby granted, provided that the
 # above copyright notice and this permission notice appear in all copies.
 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
 # OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 #
 include $(TOPDIR)/rules.mk
 include $(INCLUDE_DIR)/kernel.mk
@ -28,11 +14,8 @@ define KernelPackage/$(PKG_NAME)/Default
  DEPENDS:=+kmod-ipt-conntrack +kmod-shortcut-fe
  TITLE:=Kernel driver for FAST Classifier
  FILES:=$(PKG_BUILD_DIR)/fast-classifier.ko
-  KCONFIG:=CONFIG_NF_CONNTRACK_EVENTS=y \
+  KCONFIG:=CONFIG_NF_CONNTRACK_CHAIN_EVENTS=y CONFIG_NF_CONNTRACK_MARK=y
-  	   CONFIG_NF_CONNTRACK_CHAIN_EVENTS=y \
+  PROVIDES:=$(PKG_NAME)
  	   CONFIG_NF_CONNTRACK_MARK=y \
  	   CONFIG_XFRM=y
  CONFLICTS:=kmod-shortcut-fe-drv kmod-shortcut-fe-cm
 endef
 define KernelPackage/$(PKG_NAME)
@ -68,8 +51,6 @@ classifier kernel module
 endef
 SFE_MAKE_OPTS:=SFE_SUPPORT_IPV6=$(if $(CONFIG_IPV6),y,n)
 HAVE_ECM:=$(CONFIG_PACKAGE_kmod-qca-nss-ecm-premium)$(CONFIG_PACKAGE_kmod-qca-nss-ecm-noload)$(CONFIG_PACKAGE_kmod-qca-nss-ecm-premium-noload)$(CONFIG_PACKAGE_kmod-qca-nss-ecm-standard)
 define Build/Compile/kmod
 	+$(MAKE) $(PKG_JOBS) -C "$(LINUX_DIR)" $(SFE_MAKE_OPTS) \
@ -77,7 +58,6 @@ define Build/Compile/kmod
 		$(PKG_MAKE_FLAGS) \
 		M="$(PKG_BUILD_DIR)" \
 		CONFIG_FAST_CLASSIFIER=m \
 		$(if $(HAVE_ECM),EXTRA_CFLAGS+="-DCONFIG_SFE_ECM" CONFIG_SFE_ECM=y,) \
 		EXTRA_CFLAGS="$(EXTRA_CFLAGS)" \
 		modules
 endef
--- a/shortcut-fe/fast-classifier/src/Makefile
+++ b/shortcut-fe/fast-classifier/src/Makefile
--- a/shortcut-fe/fast-classifier/src/fast-classifier.c
+++ b/shortcut-fe/fast-classifier/src/fast-classifier.c
@ -36,9 +36,9 @@
 #include <linux/hashtable.h>
 #include <linux/version.h>
-#include <sfe_backport.h>
+#include "sfe_backport.h"
-#include <sfe.h>
+#include "sfe.h"
-#include <sfe_cm.h>
+#include "sfe_cm.h"
 #include "fast-classifier.h"
 typedef enum fast_classifier_exception {
@ -1744,11 +1744,8 @@ static int __init fast_classifier_init(void)
 {
 	struct fast_classifier *sc = &__sc;
 	int result = -1;
 #ifdef CONFIG_SFE_ECM
 	int (*fast_recv)(struct sk_buff *skb);
 #endif
-	printk(KERN_ALERT "fast-classifier: starting up\n");
+	printk(KERN_ALERT "fast-classifier (PBR safe v2.1.4a): starting up\n");
 	DEBUG_INFO("SFE CM init\n");
 	hash_init(fc_conn_ht);
@ -1813,7 +1810,6 @@ static int __init fast_classifier_init(void)
 		goto exit3;
 	}
 #ifdef CONFIG_NF_CONNTRACK_EVENTS
 	/*
 	 * Register a notifier hook to get fast notifications of expired connections.
 	 */
@ -1821,14 +1817,12 @@ static int __init fast_classifier_init(void)
 	result = nf_conntrack_register_chain_notifier(&init_net, &fast_classifier_conntrack_notifier);
 #else
 	result = nf_conntrack_register_notifier(&init_net, &fast_classifier_conntrack_notifier);
 #endif
 	if (result < 0) {
 		DEBUG_ERROR("can't register nf notifier hook: %d\n", result);
 		goto exit4;
 	}
 #endif
 #if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 10, 0))
 	result = genl_register_family(&fast_classifier_gnl_family);
 	if (result) {
@ -1871,16 +1865,7 @@ static int __init fast_classifier_init(void)
 	/*
 	 * Hook the receive path in the network stack.
 	 */
 #ifdef CONFIG_SFE_ECM
 	rcu_read_lock();
 	fast_recv = rcu_dereference(athrs_fast_nat_recv);
 	rcu_read_unlock();
 	if (!fast_recv) {
 		BUG_ON(athrs_fast_nat_recv);
 	}
 #else
 	BUG_ON(athrs_fast_nat_recv);
 #endif
 	RCU_INIT_POINTER(athrs_fast_nat_recv, fast_classifier_recv);
 	/*
@ -1989,4 +1974,3 @@ module_exit(fast_classifier_exit)
 MODULE_DESCRIPTION("Shortcut Forwarding Engine - Connection Manager");
 MODULE_LICENSE("Dual BSD/GPL");
--- a/shortcut-fe/fast-classifier/src/fast-classifier.h
+++ b/shortcut-fe/fast-classifier/src/fast-classifier.h
--- a/shortcut-fe/fast-classifier/src/nl_classifier_test.c
+++ b/shortcut-fe/fast-classifier/src/nl_classifier_test.c
--- a/shortcut-fe/shortcut-fe/src/sfe.h
+++ b/shortcut-fe/shortcut-fe/src/sfe.h
--- a/shortcut-fe/shortcut-fe/src/sfe_backport.h
+++ b/shortcut-fe/shortcut-fe/src/sfe_backport.h
@ -180,7 +180,7 @@ static inline struct net_device *sfe_dev_get_master(struct net_device *dev)
 #endif
 #if (LINUX_VERSION_CODE >= KERNEL_VERSION(3, 4, 0))
-#define sfe_dst_get_neighbour(dst, daddr) dst_neigh_lookup(dst, addr)
+#define sfe_dst_get_neighbour(dst, daddr) dst_neigh_lookup(dst, daddr)
 #else
 static inline struct neighbour *
 sfe_dst_get_neighbour(struct dst_entry *dst, void *daddr)
--- a/shortcut-fe/shortcut-fe/src/sfe_cm.h
+++ b/shortcut-fe/shortcut-fe/src/sfe_cm.h
--- a/shortcut-fe/fast-classifier/src/userspace_example.c
+++ b/shortcut-fe/fast-classifier/src/userspace_example.c
--- a/luci-app-turboacc/Makefile
+++ b/luci-app-turboacc/Makefile
@ -1,62 +0,0 @@
 # SPDX-Identifier-License: GPL-3.0-only
 #
 # Copyright (C) 2018 Lean <coolsnowwolf@gmail.com>
 # Copyright (C) 2019-2021 ImmortalWrt.org
 include $(TOPDIR)/rules.mk
 PKG_NAME:=luci-app-turboacc
 PKG_RELEASE:=$(COMMITCOUNT)
 PKG_LICENSE:=GPL-3.0-only
 PKG_MAINTAINER:=Tianling Shen <cnsztl@immortalwrt.org>
 PKG_CONFIG_DEPENDS:= \
 	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_BBR_CCA \
 	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_DNSFORWARDER \
 	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_DNSPROXY \
 	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_OFFLOADING \
 	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_SHORTCUT_FE \
 	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_SHORTCUT_FE_DRV
 LUCI_TITLE:=LuCI support for Flow Offload / Shortcut-FE
 LUCI_PKGARCH:=all
 LUCI_DEPENDS:=+pdnsd-alt \
 	+PACKAGE_$(PKG_NAME)_INCLUDE_BBR_CCA:kmod-tcp-bbr \
 	+PACKAGE_$(PKG_NAME)_INCLUDE_DNSFORWARDER:dnsforwarder \
 	+PACKAGE_$(PKG_NAME)_INCLUDE_DNSPROXY:dnsproxy \
 	+PACKAGE_$(PKG_NAME)_INCLUDE_OFFLOADING:kmod-ipt-offload \
 	+PACKAGE_$(PKG_NAME)_INCLUDE_SHORTCUT_FE:kmod-shortcut-fe-cm \
 	+PACKAGE_$(PKG_NAME)_INCLUDE_SHORTCUT_FE_DRV:kmod-shortcut-fe-drv
 define Package/$(PKG_NAME)/config
 config PACKAGE_$(PKG_NAME)_INCLUDE_OFFLOADING
 	bool "Include Flow Offload"
 	depends on (PACKAGE_$(PKG_NAME)_INCLUDE_SHORTCUT_FE=n && PACKAGE_$(PKG_NAME)_INCLUDE_SHORTCUT_FE_DRV=n)
 	default y if i386||x86_64||TARGET_ramips
 config PACKAGE_$(PKG_NAME)_INCLUDE_SHORTCUT_FE_DRV
 	bool "Include Shortcut-FE for ECM"
 	depends on PACKAGE_$(PKG_NAME)_INCLUDE_SHORTCUT_FE=n
 	default y if (TARGET_ipq806x||TARGET_ipq807x)
 config PACKAGE_$(PKG_NAME)_INCLUDE_SHORTCUT_FE
 	bool "Include Shortcut-FE"
 	default y if !(TARGET_ipq806x||TARGET_ipq807x||TARGET_ramips)
 config PACKAGE_$(PKG_NAME)_INCLUDE_BBR_CCA
 	bool "Include BBR CCA"
 	default y
 config PACKAGE_$(PKG_NAME)_INCLUDE_DNSFORWARDER
 	bool "Include DNSForwarder"
 	default n
 config PACKAGE_$(PKG_NAME)_INCLUDE_DNSPROXY
 	bool "Include DNSProxy"
 	default n
 endef
 include $(TOPDIR)/feeds/luci/luci.mk
 # call BuildPackage - OpenWrt buildroot signature
--- a/luci-app-turboacc/luasrc/controller/turboacc.lua
+++ b/luci-app-turboacc/luasrc/controller/turboacc.lua
@ -1,39 +0,0 @@
 module("luci.controller.turboacc", package.seeall)
 function index()
 	if not nixio.fs.access("/etc/config/turboacc") then
 		return
 	end
 	local page
 	page = entry({"admin", "network", "turboacc"}, cbi("turboacc"), _("Turbo ACC Center"), 1000)
 	page.i18n = "turboacc"
 	page.dependent = true
 	entry({"admin", "network", "turboacc", "status"}, call("action_status"))
 end
 local function fastpath_status()
 	return luci.sys.call("/etc/init.d/turboacc check_status fastpath") == 0
 end
 local function bbr_status()
 	return luci.sys.call("/etc/init.d/turboacc check_status bbr") == 0
 end
 local function fullconenat_status()
 	return luci.sys.call("/etc/init.d/turboacc check_status fullconenat") == 0
 end
 local function dnscaching_status()
 	return luci.sys.call("/etc/init.d/turboacc check_status dns") == 0
 end
 function action_status()
 	luci.http.prepare_content("application/json")
 	luci.http.write_json({
 		fastpath_state = fastpath_status(),
 		fullconenat_state = fullconenat_status(),
 		bbr_state = bbr_status(),
 		dnscaching_state = dnscaching_status()
 	})
 end
--- a/luci-app-turboacc/luasrc/model/cbi/turboacc.lua
+++ b/luci-app-turboacc/luasrc/model/cbi/turboacc.lua
@ -1,67 +0,0 @@
 local kernel_version = luci.sys.exec("echo -n $(uname -r)")
 m = Map("turboacc")
 m.title	= translate("Turbo ACC Acceleration Settings")
 m.description = translate("Opensource Flow Offloading driver (Fast Path or Hardware NAT)")
 m:append(Template("turboacc/turboacc_status"))
 s = m:section(TypedSection, "turboacc", "")
 s.addremove = false
 s.anonymous = true
 if nixio.fs.access("/lib/modules/" .. kernel_version .. "/xt_FLOWOFFLOAD.ko") then
 sw_flow = s:option(Flag, "sw_flow", translate("Software flow offloading"))
 sw_flow.default = 0
 sw_flow.description = translate("Software based offloading for routing/NAT")
 sw_flow:depends("sfe_flow", 0)
 end
 if luci.sys.call("cat /proc/cpuinfo | grep -q MT76") == 0 then
 hw_flow = s:option(Flag, "hw_flow", translate("Hardware flow offloading"))
 hw_flow.default = 0
 hw_flow.description = translate("Requires hardware NAT support. Implemented at least for mt76xx")
 hw_flow:depends("sw_flow", 1)
 end
 if nixio.fs.access("/lib/modules/" .. kernel_version .. "/shortcut-fe-cm.ko") then
 sfe_flow = s:option(Flag, "sfe_flow", translate("Shortcut-FE flow offloading"))
 sfe_flow.default = 0
 sfe_flow.description = translate("Shortcut-FE based offloading for routing/NAT")
 sfe_flow:depends("sw_flow", 0)
 end
 if nixio.fs.access("/lib/modules/" .. kernel_version .. "/tcp_bbr.ko") then
 bbr_cca = s:option(Flag, "bbr_cca", translate("BBR CCA"))
 bbr_cca.default = 0
 bbr_cca.description = translate("Using BBR CCA can improve TCP network performance effectively")
 end 
 if nixio.fs.access("/lib/modules/" .. kernel_version .. "/xt_FULLCONENAT.ko") then
 fullcone_nat = s:option(Flag, "fullcone_nat", translate("FullCone NAT"))
 fullcone_nat.default = 0
 fullcone_nat.description = translate("Using FullCone NAT can improve gaming performance effectively")
 end 
 dns_caching = s:option(Flag, "dns_caching", translate("DNS Caching"))
 dns_caching.default = 0
 dns_caching.rmempty = false
 dns_caching.description = translate("Enable DNS Caching and anti ISP DNS pollution")
 dns_caching_mode = s:option(ListValue, "dns_caching_mode", translate("Resolve DNS Mode"), translate("DNS Program"))
 dns_caching_mode:value("1", translate("Using PDNSD to query and cache"))
 if nixio.fs.access("/usr/bin/dnsforwarder") then
 dns_caching_mode:value("2", translate("Using DNSForwarder to query and cache"))
 end
 if nixio.fs.access("/usr/bin/dnsproxy") then
 dns_caching_mode:value("3", translate("Using DNSProxy to query and cache"))
 end
 dns_caching_mode.default = 1
 dns_caching_mode:depends("dns_caching", 1)
 dns_caching_dns = s:option(Value, "dns_caching_dns", translate("Upsteam DNS Server"))
 dns_caching_dns.default = "114.114.114.114,114.114.115.115,223.5.5.5,223.6.6.6,180.76.76.76,119.29.29.29,119.28.28.28,1.2.4.8,210.2.4.8"
 dns_caching_dns.description = translate("Muitiple DNS server can saperate with ','")
 dns_caching_dns:depends("dns_caching", 1)
 return m
--- a/luci-app-turboacc/luasrc/view/turboacc/turboacc_status.htm
+++ b/luci-app-turboacc/luasrc/view/turboacc/turboacc_status.htm
@ -1,25 +0,0 @@
 <fieldset class="cbi-section">
 	<legend><%:Running Status%></legend>
 	<table width="100%" cellspacing="10" id="_turboacc_status_table">
 		<tr><td width="33%"><%:Flow Offloading%></td><td id="_fastpath_state"><em><%:Collecting data...%></em></td></tr>
 		<tr><td width="33%"><%:FullCone NAT%></td><td id="_fullconenat_state"><em><%:Collecting data...%></em></td></tr>
 		<tr><td width="33%"><%:BBR CCA%></td><td id="_bbr_state"><em><%:Collecting data...%></em></td></tr>
 		<tr><td width="33%"><%:DNS Caching%></td><td id="_dnscaching_state"><em><%:Collecting data...%></em></td></tr>
 	</table>
 </fieldset>
 <script type="text/javascript">//<![CDATA[
 	var fastpath_state = document.getElementById('_fastpath_state');
 	var bbr_state = document.getElementById('_bbr_state');
 	var fullconenat_state = document.getElementById('_fullconenat_state');
 	var dnscaching_state = document.getElementById('_dnscaching_state');
 	XHR.poll(5, '<%=luci.dispatcher.build_url("admin", "network", "turboacc", "status")%>', null, function(x, status) {
 		if ( x && x.status == 200 ) {
 			fastpath_state.innerHTML = status.fastpath_state ? '<em><b><font color=green><%=luci.sys.exec("/etc/init.d/turboacc check_status fastpath")%></font></b></em>' : '<em><b><font color=red><%:NOT RUNNING%></font></b></em>';
 			fullconenat_state.innerHTML = status.fullconenat_state ? '<em><b><font color=green><%:RUNNING%></font></b></em>' : '<em><b><font color=red><%:NOT RUNNING%></font></b></em>';
 			bbr_state.innerHTML = status.bbr_state ? '<em><b><font color=green><%:RUNNING%></font></b></em>' : '<em><b><font color=red><%:NOT RUNNING%></font></b></em>';
 			dnscaching_state.innerHTML = status.dnscaching_state ? '<em><b><font color=green><%:RUNNING%></font></b></em>' : '<em><b><font color=red><%:NOT RUNNING%></font></b></em>';
 		}
 	});
 //]]>
 //]]></script>
--- a/luci-app-turboacc/po/zh-cn/turboacc.po
+++ b/luci-app-turboacc/po/zh-cn/turboacc.po
@ -1,99 +0,0 @@
 msgid "Turbo ACC Center"
 msgstr "Turbo ACC 网络加速"
 msgid "Turbo ACC Acceleration Settings"
 msgstr "Turbo ACC 网络加速设置"
 msgid "Linux Flow Offload Forwarding Engine Settings"
 msgstr "Linux Flow Offload Forwarding 转发加速引擎设置"
 msgid "Opensource Flow Offloading driver (Fast Path or Hardware NAT)"
 msgstr "开源流量分载驱动 (支持 Fast Path 或者 硬件 NAT)"
 msgid "Software flow offloading"
 msgstr "软件流量分载"
 msgid "Software based offloading for routing/NAT"
 msgstr "基于软件的 Routing/NAT 分载"
 msgid "Hardware flow offloading"
 msgstr "硬件流量分载"
 msgid "Requires hardware NAT support. Implemented at least for mt76xx"
 msgstr "需要硬件 NAT 支持。目前 mt76xx 已实现"
 msgid "Shortcut-FE flow offloading"
 msgstr "Shortcut-FE 流量分载"
 msgid "Shortcut-FE based offloading for routing/NAT"
 msgstr "基于 Shortcut-FE 的 Routing/NAT 分载"
 msgid "Bridge Acceleration"
 msgstr "桥接加速"
 msgid "Enable Bridge Acceleration (may be functional conflict with bridge-mode VPN server)"
 msgstr "启用桥接加速 (可能会和路由器上桥接模式的VPN服务器冲突)"
 msgid "IPv6 Acceleration"
 msgstr "IPv6 加速"
 msgid "Enable IPv6 Acceleration"
 msgstr "启用 IPv6 加速"
 msgid "BBR CCA"
 msgstr "BBR 拥塞控制算法"
 msgid "Using BBR CCA can improve TCP network performance effectively"
 msgstr "使用 BBR 拥塞控制算法可以有效提升 TCP 网络性能"
 msgid "FullCone NAT"
 msgstr "全锥形 NAT"
 msgid "Using FullCone NAT can improve gaming performance effectively"
 msgstr "使用全锥形 NAT 可以有效提升游戏体验"
 msgid "DNS Caching"
 msgstr "DNS 缓存"
 msgid "Enable DNS Caching and anti ISP DNS pollution"
 msgstr "启用 DNS 多线程查询、缓存，并防止 ISP 的 DNS 广告和域名劫持"
 msgid "Resolve DNS Mode"
 msgstr "DNS 解析方式"
 msgid "DNS Program"
 msgstr "DNS 解析程序"
 msgid "Using PDNSD to query and cache"
 msgstr "使用 PDNSD 解析"
 msgid "Using DNSForwarder to query and cache"
 msgstr "使用 DNSForwarder 解析"
 msgid "Using DNSProxy to query and cache"
 msgstr "使用 DNSProxy 解析"
 msgid "Upsteam DNS Server"
 msgstr "上游 DNS 服务器"
 msgid "Muitiple DNS server can saperate with ','"
 msgstr "多个上游 DNS 服务器请用 ',' 分隔（注意用英文逗号)"
 msgid "Running Status"
 msgstr "运行状态"
 msgid "Flow Offloading"
 msgstr "流量分载"
 msgid "BBR CCA"
 msgstr "BBR 拥塞控制算法"
 msgid "FullCone NAT"
 msgstr "全锥型 NAT"
 msgid "DNS Caching"
 msgstr "DNS 缓存"
 msgid "Open Web Interface"
 msgstr "打开 Web 界面"
--- a/luci-app-turboacc/root/etc/config/turboacc
+++ b/luci-app-turboacc/root/etc/config/turboacc
@ -1,10 +0,0 @@
 config turboacc 'config'
 	option sw_flow '1'
 	option hw_flow '1'
 	option sfe_flow '1'
 	option fullcone_nat '1'
 	option bbr_cca '0'
 	option dns_caching '0'
 	option dns_caching_mode '1'
 	option dns_caching_dns '114.114.114.114,114.114.115.115,223.5.5.5,223.6.6.6,180.76.76.76,119.29.29.29,119.28.28.28,1.2.4.8,210.2.4.8'
--- a/luci-app-turboacc/root/etc/init.d/turboacc
+++ b/luci-app-turboacc/root/etc/init.d/turboacc
@ -1,345 +0,0 @@
 #!/bin/sh /etc/rc.common
 # Copyright (C) 2018 Lean <coolsnowwolf@gmail.com>
 # Copyright (C) 2019-2021 Tianling Shen <cnsztl@immortalwrt.org>
 START=90
 STOP=10
 EXTRA_COMMANDS="check_status"
 EXTRA_HELP="	check_status Check running status of utils"
 restart_utils="true"
 inital_conf(){
 	config_load "turboacc"
 	config_get "sw_flow" "config" "sw_flow" "0"
 	config_get "hw_flow" "config" "hw_flow" "0"
 	config_get "sfe_flow" "config" "sfe_flow" "0"
 	config_get "bbr_cca" "config" "bbr_cca" "0"
 	config_get "fullcone_nat" "config" "fullcone_nat" "0"
 	config_get "dns_caching" "config" "dns_caching" "0"
 	config_get "dns_caching_mode" "config" "dns_caching_mode" "0"
 	config_get "dns_caching_dns" "config" "dns_caching_dns"
 	[ ! -e "/lib/modules/$(uname -r)/xt_FLOWOFFLOAD.ko" ] && { sw_flow="0"; hw_flow="0"; }
 	[ ! -e "/lib/modules/$(uname -r)/shortcut-fe-cm.ko" ] && sfe_flow="0"
 	[ ! -e "/lib/modules/$(uname -r)/tcp_bbr.ko" ] && bbr_cca="0"
 	[ ! -e "/lib/modules/$(uname -r)/xt_FULLCONENAT.ko" ] && fullcone_nat="0"
 }
 start_pdnsd() {
 	[ -d "/var/run/dnscache" ] || mkdir -p "/var/run/dnscache"
 	cat > "/var/run/dnscache/dnscache.conf" <<EOF
 global {
    perm_cache=1024;        # dns缓存大小，单位KB，建议不要写的太大
    cache_dir="/var/dnscache";     # 缓存文件的位置
    pid_file = /var/run/dnscache.pid;
    server_ip = 127.0.0.1;        # pdnsd监听的网卡，0.0.0.0是全部网卡
    server_port=5333;           # pdnsd监听的端口，不要和别的服务冲突即可
    status_ctl = on;
    paranoid=on;                  # 二次请求模式，如果请求主DNS服务器返回的是垃圾地址，就向备用服务器请求
    query_method=udp_only;
    neg_domain_pol = off;
    par_queries = 400;          # 最多同时请求数
    min_ttl = 1h;               # DNS结果最短缓存时间
    max_ttl = 1w;               # DNS结果最长缓存时间
    timeout = 10;               # DNS请求超时时间，单位秒
 }
 server {
    label = "routine";
    ip = ${dns_caching_dns};     # 这里为主要上级 dns 的 ip 地址，建议填写一个当地最快的DNS地址
    timeout = 5;              # DNS请求超时时间
    reject = 74.125.127.102,  # 以下是脏IP，也就是DNS污染一般会返回的结果，如果收到如下DNS结果会触发二次请求（TCP协议一般不会碰到脏IP）
        74.125.155.102,
        74.125.39.102,
        74.125.39.113,
        209.85.229.138,
        128.121.126.139,
        159.106.121.75,
        169.132.13.103,
        192.67.198.6,
        202.106.1.2,
        202.181.7.85,
        203.161.230.171,
        203.98.7.65,
        207.12.88.98,
        208.56.31.43,
        209.145.54.50,
        209.220.30.174,
        209.36.73.33,
        211.94.66.147,
        213.169.251.35,
        216.221.188.182,
        216.234.179.13,
        243.185.187.39,
        37.61.54.158,
        4.36.66.178,
        46.82.174.68,
        59.24.3.173,
        64.33.88.161,
        64.33.99.47,
        64.66.163.251,
        65.104.202.252,
        65.160.219.113,
        66.45.252.237,
        69.55.52.253,
        72.14.205.104,
        72.14.205.99,
        78.16.49.15,
        8.7.198.45,
        93.46.8.89,
        37.61.54.158,
        243.185.187.39,
        190.93.247.4,
        190.93.246.4,
        190.93.245.4,
        190.93.244.4,
        65.49.2.178,
        189.163.17.5,
        23.89.5.60,
        49.2.123.56,
        54.76.135.1,
        77.4.7.92,
        118.5.49.6,
        159.24.3.173,
        188.5.4.96,
        197.4.4.12,
        220.250.64.24,
        243.185.187.30,
        249.129.46.48,
        253.157.14.165;
    reject_policy = fail;
 }
 server {
    label = "special";                  # 这个随便写
    ip = 117.50.10.10,52.80.52.52,119.29.29.29; # 这里为备用DNS服务器的 ip 地址
    port = 5353;                        # 推荐使用53以外的端口（DNS服务器必须支持
    proxy_only = on;
    timeout = 5;
 }
 source {
 	owner=localhost;
 //	serve_aliases=on;
 	file="/etc/hosts";
 }
 rr {
 	name=localhost;
 	reverse=on;
 	a=127.0.0.1;
 	owner=localhost;
 	soa=localhost,root.localhost,42,86400,900,86400,86400;
 }
 EOF
 	if [ ! -f "/var/dnscache/pdnsd.cache" ]; then
 		mkdir -p "/var/dnscache"
 		echo -ne "pd13\000\000\000\000" > "/var/dnscache/pdnsd.cache"
 		chown -R nobody.nogroup "/var/dnscache"
 	fi
 	[ -d "/var/sbin" ] || mkdir -p "/var/sbin"
 	cp -a "/usr/sbin/pdnsd" "/var/sbin/dnscache"
 	/var/sbin/dnscache -c "/var/run/dnscache/dnscache.conf" > "/var/log/dnscache.file" 2>&1 &
 	echo "PDNSD: Start DNS Caching"
 }
 start_dnsforwarder() {
 	mkdir -p "/var/run/dnscache"
 	cat > "/var/run/dnscache/dnscache.conf" <<EOF
 LogOn false
 LogFileThresholdLength 102400
 LogFileFolder /var/run/dnscache
 UDPLocal 127.0.0.1:5333
 UDPGroup ${dns_caching_dns} * on
 GroupFile
 BlockIP 243.185.187.39,46.82.174.68,37.61.54.158,93.46.8.89,59.24.3.173,203.98.7.65,8.7.198.45,78.16.49.15,159.106.121.75,69.63.187.12,31.13.76.8,31.13.64.49
 IPSubstituting
 BlockNegativeResponse false
 Hosts
 HostsUpdateInterval 18000
 HostsDownloadPath
 HostsScript
 HostsRetryInterval 30
 AppendHosts
 BlockIpv6WhenIpv4Exists false
 UseCache true
 CacheSize 1048576
 MemoryCache true
 CacheFile
 IgnoreTTL false
 OverrideTTL -1
 MultipleTTL 1
 ReloadCache false
 OverwriteCache false
 DisabledType
 DisabledDomain
 DisabledList
 DomainStatistic false
 DomainStatisticTempletFile
 StatisticUpdateInterval 29
 EOF
 	[ -d "/var/sbin" ] || mkdir -p "/var/sbin"
 	cp -a "/usr/bin/dnsforwarder" "/var/sbin/dnscache"
 	/var/sbin/dnscache -f "/var/run/dnscache/dnscache.conf" > "/var/log/dnscache.file" 2>&1 &
 	echo "DnsForwarder: Start DNS Caching"
 }
 start_dnsproxy() {
 	[ -d "/var/run/dnscache" ] || mkdir -p "/var/run/dnscache"
 	echo -e "${dns_caching_dns//,/\\n}" > "/var/run/dnscache/dnscache.conf"
 	[ -d "/var/sbin" ] || mkdir -p "/var/sbin"
 	cp -a "/usr/bin/dnsproxy" "/var/sbin/dnscache"
 	/var/sbin/dnscache -l "127.0.0.1" -p "5333" -b "tls://9.9.9.9" -f "tls://8.8.8.8" -u "/var/run/dnscache/dnscache.conf" --all-servers --cache --cache-min-ttl=3600 > "/var/log/dnscache.file" 2>&1 &
 	echo "DNSProxy: Start DNS Caching"
 }
 stop_dnscache() {
 	killall -9 "dnscache"
 	kill -9 $(ps | grep dnscache-while.sh | grep -v "grep" | awk '{print $1}')
 	rm -rf "/var/dnscache" "/var/run/dnscache"
 	echo "Stop DNS Caching"
 }
 change_dns() {
 	uci -q delete dhcp.@dnsmasq[0].server
 	uci add_list dhcp.@dnsmasq[0].server="127.0.0.1#5333"
 	uci set dhcp.@dnsmasq[0].noresolv="1"
 	uci commit dhcp
 }
 revert_dns() {
 	uci -q del_list dhcp.@dnsmasq[0].server="127.0.0.1#5333"
 	uci set dhcp.@dnsmasq[0].resolvfile="/tmp/resolv.conf.d/resolv.conf.auto"
 	uci set dhcp.@dnsmasq[0].noresolv="0"
 	uci commit dhcp
 }
 start(){
 	inital_conf
 	uci set firewall.@defaults[0].flow_offloading="${sw_flow}"
 	uci set firewall.@defaults[0].flow_offloading_hw="${hw_flow}"
 	uci set firewall.@defaults[0].fullcone="${fullcone_nat}"
 	uci commit firewall
 	[ "${sw_flow}" -ne "1" ] && [ "${sfe_flow}" -eq "1" ] && {
 		[ "$(have_ecm_init)" = "0" ] && {
 			/etc/init.d/shortcut-fe enabled || /etc/init.d/shortcut-fe enable
 			/etc/init.d/shortcut-fe start
 		}
 	}
 	if [ "${bbr_cca}" -eq "1" ];  then
 		sysctl -w net.ipv4.tcp_congestion_control="bbr"
 	else
 		sysctl -w net.ipv4.tcp_congestion_control="cubic"
 	fi	
 	if [ "${dns_caching}" -eq "1" ];  then
 		stop_dnscache
 		sleep 1
 		rm -f "/var/log/dnscache.file"
 		if [ "${dns_caching_mode}" = "1" ];  then
 			start_pdnsd
 		elif [ "${dns_caching_mode}" = "2" ];  then
 			start_dnsforwarder
 		elif [ "${dns_caching_mode}" = "3" ];  then
 			start_dnsproxy
 		fi
 		change_dns
 		/usr/share/dnscache/dnscache-while.sh > "/var/log/dnscache.file" 2>&1 &
 	else
 		stop_dnscache
 		revert_dns
 	fi
 	if [ "${restart_utils}" = "true" ]; then
 		/etc/init.d/dnsmasq restart >"/dev/null" 2>&1 && echo "DNSMASQ change"
 		/etc/init.d/firewall restart >"/dev/null" 2>&1
 	fi
 }
 stop(){
 	inital_conf
 	uci set firewall.@defaults[0].flow_offloading="${sw_flow}"
 	uci set firewall.@defaults[0].flow_offloading_hw="${hw_flow}"
 	uci set firewall.@defaults[0].fullcone="${fullcone_nat}"
 	uci commit firewall
 	[ "${sfe_flow}" -ne "1" ] && {
 		[ -e "/etc/init.d/shortcut-fe" ] && [ "$(have_ecm_init)" = "0" ] && {
 			/etc/init.d/shortcut-fe stop 2>"/dev/null"
 			/etc/init.d/shortcut-fe enabled && /etc/init.d/shortcut-fe disable
 		}
 	}
 	stop_dnscache
 	revert_dns
 	if [ "${restart_utils}" = "true" ]; then
 		/etc/init.d/dnsmasq restart >"/dev/null" 2>&1 && echo "DNSMASQ revert"
 		/etc/init.d/firewall restart >"/dev/null" 2>&1
 	fi
 }
 restart(){
 	restart_utils="false"
 	stop
 	start
 	/etc/init.d/dnsmasq restart >"/dev/null" 2>&1 && echo "DNSMASQ restart"
 	/etc/init.d/firewall restart >"/dev/null" 2>&1
 }
 have_ecm_init() {
 	[ -d "/etc/init.d/qca-nss-ecm" ] && echo 1 && return
 	echo 0
 }
 check_status(){
 	case "$1" in
 	"fastpath")
 		if [ "$(cat "/sys/module/xt_FLOWOFFLOAD/refcnt" 2>"/dev/null" || echo 0)" -ne "0" ]; then
 			echo -n "Flow Offloading"
 			exit 0
 		elif lsmod | grep -q "ecm"; then
 			if lsmod | grep -q "shortcut_fe_drv"; then
 				echo -n "QCA-NSS-ECM-SFE"
 				exit 0
 			else
 				echo -n "QCA-NSS-ECM"
 				exit 0
 			fi
 		elif lsmod | grep -q "shortcut_fe_cm"; then
 			echo -n "Shortcut-FE"
 			exit 0
 		else
 			exit 1
 		fi
 		;;
 	"fullconenat")
 		[ "$(cat "/sys/module/xt_FULLCONENAT/refcnt" 2>"/dev/null" || echo 0)" -ne "0" ] && \
 			exit 0 || exit 1
 		;;
 	"bbr")
 		[ "x$(cat "/proc/sys/net/ipv4/tcp_congestion_control" 2>"/dev/null")" = "xbbr" ] && \
 			exit 0 || exit 1
 		;;
 	"dns")
 		pgrep "dnscache" >"/dev/null" && exit 0 || exit 1
 		;;
 	*)
 		exit 2
 		;;
 	esac
 }
--- a/luci-app-turboacc/root/etc/uci-defaults/luci-turboacc
+++ b/luci-app-turboacc/root/etc/uci-defaults/luci-turboacc
@ -1,10 +0,0 @@
 #!/bin/sh
 uci -q batch <<-EOF >/dev/null
 	delete ucitrack.@turboacc[-1]
 	add ucitrack turboacc
 	set ucitrack.@turboacc[-1].init=turboacc
 	commit ucitrack
 EOF
 exit 0
--- a/luci-app-turboacc/root/usr/share/dnscache/dnscache-while.sh
+++ b/luci-app-turboacc/root/usr/share/dnscache/dnscache-while.sh
@ -1,38 +0,0 @@
 #!/bin/sh
 sleeptime=60
 dnsconf="/var/run/dnscache/dnscache.conf"
 dnsprogram="/var/sbin/dnscache"
 logfile="/var/log/dnscache.file"
 dns_caching="$(uci -q get turboacc.config.dns_caching)"
 dns_caching_mode="$(uci -q get turboacc.config.dns_caching_mode)"
 clean_log() {
 	logrow="$(grep -c "" "${logfile}")"
 	[ "${logrow}" -lt "500" ] || echo "${curtime} Log 条数超限，清空处理！" > "${logfile}"
 }
 while [ "${dns_caching}" -eq "1" ];
 do
 	curtime="$(date "+%H:%M:%S")"
 	clean_log
 	if pidof dnscache > "/dev/null"; then
 		echo -e "${curtime} online!" >> "${logfile}"
 	else
 		if [ "${dns_caching_mode}" = "1" ]; then
 			${dnsprogram} -c "${dnsconf}" > "${logfile}" 2>&1 &
 		elif [ "${dns_caching_mode}" = "2" ]; then
 			${dnsprogram} -f "${dnsconf}" > "${logfile}" 2>&1 &
 		elif [ "${dns_caching_mode}" = "3" ]; then
 			${dnsprogram} -o "${logfile}" -l "127.0.0.1" -p "5333" -b "tls://9.9.9.9" -f "tls://8.8.8.8" -u "${dnsconf}" --all-servers --cache --cache-min-ttl=3600 > "${logfile}" 2>&1 &
 		fi
 		echo "${curtime} 重启服务！" >> ${logfile}
 	fi
 	sleep "${sleeptime}"
 	continue
 done
--- a/shortcut-fe/shortcut-fe/Makefile
+++ b/shortcut-fe/shortcut-fe/Makefile
@ -1,5 +1,5 @@
 #
-# Copyright (c) 2013-2018, 2020 The Linux Foundation. All rights reserved.
+# Copyright (c) 2014 The Linux Foundation. All rights reserved.
 # Permission to use, copy, modify, and/or distribute this software for
 # any purpose with or without fee is hereby granted, provided that the
 # above copyright notice and this permission notice appear in all copies.
@ -16,6 +16,7 @@ include $(INCLUDE_DIR)/kernel.mk
 PKG_NAME:=shortcut-fe
 PKG_RELEASE:=2
 PKG_CONFIG_DEPENDS := CONFIG_IPV6
 include $(INCLUDE_DIR)/package.mk
@ -23,14 +24,13 @@ define KernelPackage/shortcut-fe
  SECTION:=kernel
  CATEGORY:=Kernel modules
  SUBMENU:=Network Support
-  DEPENDS:=@IPV6
+  DEPENDS:=
  TITLE:=Kernel driver for SFE
  FILES:=$(PKG_BUILD_DIR)/shortcut-fe.ko $(if $(CONFIG_IPV6),$(PKG_BUILD_DIR)/shortcut-fe-ipv6.ko,)
  KCONFIG:=CONFIG_NF_CONNTRACK_EVENTS=y \
 	   CONFIG_NF_CONNTRACK_TIMEOUT=y \
 	   CONFIG_SHORTCUT_FE=y \
 	   CONFIG_XFRM=y
  PROVIDES:=$(PKG_NAME)
  AUTOLOAD:=$(call AutoLoad,09,shortcut-fe shortcut-fe-ipv6)
 endef
@ -39,14 +39,10 @@ Shortcut is an in-Linux-kernel IP packet forwarding engine.
 endef
 define KernelPackage/shortcut-fe/install
 	$(INSTALL_DIR) $(1)/etc/init.d
 	$(INSTALL_BIN) ./files/etc/init.d/shortcut-fe $(1)/etc/init.d
 	$(INSTALL_DIR) $(1)/usr/bin
 	$(INSTALL_BIN) ./files/usr/bin/sfe_dump $(1)/usr/bin
 endef
 HAVE_ECM:=$(CONFIG_PACKAGE_kmod-qca-nss-ecm-premium)$(CONFIG_PACKAGE_kmod-qca-nss-ecm-noload)$(CONFIG_PACKAGE_kmod-qca-nss-ecm-premium-noload)$(CONFIG_PACKAGE_kmod-qca-nss-ecm-standard)
 define KernelPackage/shortcut-fe-cm
  SECTION:=kernel
  CATEGORY:=Kernel modules
@ -54,10 +50,7 @@ define KernelPackage/shortcut-fe-cm
  DEPENDS:=+kmod-ipt-conntrack +kmod-shortcut-fe
  TITLE:=Kernel driver for SFE
  FILES:=$(PKG_BUILD_DIR)/shortcut-fe-cm.ko
-  KCONFIG:=CONFIG_NF_CONNTRACK_CHAIN_EVENTS=y \
+  KCONFIG:=CONFIG_NF_CONNTRACK_CHAIN_EVENTS=y
  	   CONFIG_NF_CONNTRACK_EVENTS=y \
  	   CONFIG_XFRM=y
  CONFLICTS:=kmod-shortcut-fe-drv
 endef
 define KernelPackage/shortcut-fe-cm/Description
@ -65,21 +58,20 @@ Simple connection manager for the Shortcut forwarding engine.
 endef
 define Build/Compile
-	$(MAKE) $(PKG_JOBS) -C "$(LINUX_DIR)" \
+	+$(MAKE) $(PKG_JOBS) -C "$(LINUX_DIR)" \
 		$(KERNEL_MAKE_FLAGS) \
 		$(PKG_MAKE_FLAGS) \
 		M="$(PKG_BUILD_DIR)" \
-		$(if $(CONFIG_IPV6),EXTRA_CFLAGS+="-DSFE_SUPPORT_IPV6" SFE_SUPPORT_IPV6=y,) \
+		modules \
-		$(if $(HAVE_ECM),EXTRA_CFLAGS+="-DCONFIG_SFE_ECM" CONFIG_SFE_ECM=y,) \
+		$(if $(CONFIG_IPV6),EXTRA_CFLAGS="-DSFE_SUPPORT_IPV6" SFE_SUPPORT_IPV6=y,)
 		modules
 endef
-ifneq ($(CONFIG_PACKAGE_kmod-shortcut-fe)$(CONFIG_PACKAGE_kmod-shortcut-fe-cm),)
+#ifneq ($(CONFIG_PACKAGE_kmod-shortcut-fe)$(CONFIG_PACKAGE_kmod-shortcut-fe-cm),)
 define Build/InstallDev
 	$(INSTALL_DIR) $(1)/usr/include/shortcut-fe
 	$(CP) -rf $(PKG_BUILD_DIR)/sfe.h $(1)/usr/include/shortcut-fe
 endef
-endif
+#endif
 $(eval $(call KernelPackage,shortcut-fe))
 $(eval $(call KernelPackage,shortcut-fe-cm))
--- a/shortcut-fe/shortcut-fe/files/usr/bin/sfe_dump
+++ b/shortcut-fe/shortcut-fe/files/usr/bin/sfe_dump
--- a/shortcut-fe/shortcut-fe/files/etc/init.d/shortcut-fe
+++ b/shortcut-fe/shortcut-fe/files/etc/init.d/shortcut-fe
@ -1,51 +0,0 @@
 #!/bin/sh /etc/rc.common
 #
 # Copyright (c) 2014-2015 The Linux Foundation. All rights reserved.
 # Permission to use, copy, modify, and/or distribute this software for
 # any purpose with or without fee is hereby granted, provided that the
 # above copyright notice and this permission notice appear in all copies.
 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
 # OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 #
 #SFE connection manager has a lower priority, it should be started after other connection manager
 #to detect the existence of connection manager with higher priority
 START=99
 have_cm() {
 	[ -d "/sys/kernel/debug/ecm" ] && echo 1 && return
 	echo 0
 }
 #load shortcut-fe and connection manager
 load_sfe() {
 	local kernel_version=$(uname -r)
 	[ -d "/sys/module/shortcut_fe" ] || insmod /lib/modules/$kernel_version/shortcut-fe.ko
 	[ -d "/sys/module/shortcut_fe_ipv6" ] || insmod /lib/modules/$kernel_version/shortcut-fe-ipv6.ko
 	[ -e "/lib/modules/$kernel_version/shortcut-fe-cm.ko" ] && {
 		[ -d /sys/module/shortcut_fe_cm ] || insmod /lib/modules/$kernel_version/shortcut-fe-cm.ko
 	}
 	[ -e "/lib/modules/$kernel_version/fast-classifier.ko" ] && {
 		[ -d /sys/module/fast_classifier ] || insmod /lib/modules/$kernel_version/fast-classifier.ko
 	}
 }
 start() {
 	[ "$(have_cm)" = "0" ] && load_sfe
 }
 stop() {
 	[ -d "/sys/module/shortcut_fe_drv" ] && rmmod shortcut_fe_drv
 	[ -d "/sys/module/shortcut_fe_cm" ] && rmmod shortcut_fe_cm
 	[ -d "/sys/module/fast_classifier" ] && rmmod fast_classifier
 	[ -d "/sys/module/shortcut_fe_ipv6" ] && rmmod shortcut-fe-ipv6
 	[ -d "/sys/module/shortcut_fe" ] && rmmod shortcut-fe
 }
--- a/shortcut-fe/simulated-driver/Makefile
+++ b/shortcut-fe/simulated-driver/Makefile
@ -1,60 +0,0 @@
 #
 # Copyright (c) 2015,2016 The Linux Foundation. All rights reserved.
 # Permission to use, copy, modify, and/or distribute this software for
 # any purpose with or without fee is hereby granted, provided that the
 # above copyright notice and this permission notice appear in all copies.
 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
 # OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 #
 include $(TOPDIR)/rules.mk
 include $(INCLUDE_DIR)/kernel.mk
 PKG_NAME:=shortcut-fe-simulated-driver
 PKG_RELEASE:=1
 PKG_CONFIG_DEPENDS := CONFIG_IPV6
 PKG_SOURCE_URL:=https://source.codeaurora.org/quic/qsdk/oss/lklm/shortcut-fe
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_DATE:=2021-03-17
 PKG_SOURCE_VERSION:=697977d8d0ccf0ab596e5692d08608a75dd7f33d
 PKG_MIRROR_HASH:=659fa82a431e15af797a6c7069faeee02810453ad8b576c51c29f95a1761a045
 include $(INCLUDE_DIR)/package.mk
 define KernelPackage/shortcut-fe-drv
  SECTION:=kernel
  CATEGORY:=Kernel modules
  SUBMENU:=Network Support
  DEPENDS:=@TARGET_ipq806x||TARGET_ipq807x +kmod-shortcut-fe
  KCONFIG:=CONFIG_NET_CLS_ACT=y \
   	    CONFIG_XFRM=y
  TITLE:=Simulated sfe driver for ECM
  FILES:=$(PKG_BUILD_DIR)/simulated-driver/shortcut-fe-drv.ko
 endef
 define KernelPackage/shortcut-fe-drv/Description
 Simulated sfe driver which act as an adapter to convert message between a connection manager and the SFE core engine.
 endef
 define Build/Compile
 	$(MAKE) $(PKG_JOBS) -C "$(LINUX_DIR)" \
 		$(KERNEL_MAKE_FLAGS) \
 		$(PKG_MAKE_FLAGS) \
 		M="$(PKG_BUILD_DIR)/simulated-driver" \
 		$(if $(CONFIG_IPV6),EXTRA_CFLAGS+="-DSFE_SUPPORT_IPV6" SFE_SUPPORT_IPV6=y,) \
 		EXTRA_CFLAGS="$(EXTRA_CFLAGS)" \
 		modules
 endef
 define Build/InstallDev
 	$(INSTALL_DIR) $(1)/usr/include/shortcut-fe
 	$(CP) -rf $(PKG_BUILD_DIR)/simulated-driver/sfe_drv.h $(1)/usr/include/shortcut-fe
 endef
 $(eval $(call KernelPackage,shortcut-fe-drv))
--- a/shortcut-fe/simulated-driver/patches/200-nss-qdisc-support.patch
+++ b/shortcut-fe/simulated-driver/patches/200-nss-qdisc-support.patch
@ -1,11 +0,0 @@
 --- ./simulated-driver/sfe_drv.c.orig	2020-06-16 12:49:47.680153371 +0800
 +++ ./simulated-driver/sfe_drv.c	2020-06-16 12:50:18.540153371 +0800
@@ -1167,7 +1167,7 @@ int sfe_drv_recv(struct sk_buff *skb)
 	 * If ingress Qdisc configured, and packet not processed by ingress Qdisc yet
 	 * We can not accelerate this packet.
 	 */
 -	if (dev->ingress_queue && !(skb->tc_verd & TC_NCLS)) {
 +	if (dev->ingress_queue && !(skb->tc_verd_qca_nss & TC_NCLS)) {
 		return 0;
 	}
 #endif
--- a/shortcut-fe/shortcut-fe/src/Kconfig
+++ b/shortcut-fe/shortcut-fe/src/Kconfig
--- a/shortcut-fe/shortcut-fe/src/Makefile
+++ b/shortcut-fe/shortcut-fe/src/Makefile
@ -21,4 +21,3 @@ endif
 shortcut-fe-cm-objs := \
 	sfe_cm.o
 ccflags-y += -Werror -Wall
--- a/shortcut-fe/src/sfe.h
+++ b/shortcut-fe/src/sfe.h
@ -0,0 +1,114 @@
 /*
 * sfe.h
 *	Shortcut forwarding engine.
 *
 * Copyright (c) 2013-2017 The Linux Foundation. All rights reserved.
 * Permission to use, copy, modify, and/or distribute this software for
 * any purpose with or without fee is hereby granted, provided that the
 * above copyright notice and this permission notice appear in all copies.
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
 * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */
 /*
 * The following are debug macros used throughout the SFE.
 *
 * The DEBUG_LEVEL enables the followings based on its value,
 * when dynamic debug option is disabled.
 *
 * 0 = OFF
 * 1 = ASSERTS / ERRORS
 * 2 = 1 + WARN
 * 3 = 2 + INFO
 * 4 = 3 + TRACE
 */
 #define DEBUG_LEVEL 2
 #if (DEBUG_LEVEL < 1)
 #define DEBUG_ASSERT(s, ...)
 #define DEBUG_ERROR(s, ...)
 #else
 #define DEBUG_ASSERT(c, s, ...) if (!(c)) { pr_emerg("ASSERT: %s:%d:" s, __FUNCTION__, __LINE__, ##__VA_ARGS__); BUG(); }
 #define DEBUG_ERROR(s, ...) pr_err("%s:%d:" s, __FUNCTION__, __LINE__, ##__VA_ARGS__)
 #endif
 #if defined(CONFIG_DYNAMIC_DEBUG)
 /*
 * Compile messages for dynamic enable/disable
 */
 #define DEBUG_WARN(s, ...) pr_debug("%s[%d]:" s, __FUNCTION__, __LINE__, ##__VA_ARGS__)
 #define DEBUG_INFO(s, ...) pr_debug("%s[%d]:" s, __FUNCTION__, __LINE__, ##__VA_ARGS__)
 #define DEBUG_TRACE(s, ...) pr_debug("%s[%d]:" s, __FUNCTION__, __LINE__, ##__VA_ARGS__)
 #else
 /*
 * Statically compile messages at different levels
 */
 #if (DEBUG_LEVEL < 2)
 #define DEBUG_WARN(s, ...)
 #else
 #define DEBUG_WARN(s, ...) pr_warn("%s[%d]:" s, __FUNCTION__, __LINE__, ##__VA_ARGS__)
 #endif
 #if (DEBUG_LEVEL < 3)
 #define DEBUG_INFO(s, ...)
 #else
 #define DEBUG_INFO(s, ...) pr_notice("%s[%d]:" s, __FUNCTION__, __LINE__, ##__VA_ARGS__)
 #endif
 #if (DEBUG_LEVEL < 4)
 #define DEBUG_TRACE(s, ...)
 #else
 #define DEBUG_TRACE(s, ...) pr_info("%s[%d]:" s, __FUNCTION__, __LINE__, ##__VA_ARGS__)
 #endif
 #endif
 #ifdef CONFIG_NF_FLOW_COOKIE
 typedef int (*flow_cookie_set_func_t)(u32 protocol, __be32 src_ip, __be16 src_port,
 				      __be32 dst_ip, __be16 dst_port, u16 flow_cookie);
 /*
 * sfe_register_flow_cookie_cb
 *	register a function in SFE to let SFE use this function to configure flow cookie for a flow
 *
 * Hardware driver which support flow cookie should register a callback function in SFE. Then SFE
 * can use this function to configure flow cookie for a flow.
 * return: 0, success; !=0, fail
 */
 int sfe_register_flow_cookie_cb(flow_cookie_set_func_t cb);
 /*
 * sfe_unregister_flow_cookie_cb
 *	unregister function which is used to configure flow cookie for a flow
 *
 * return: 0, success; !=0, fail
 */
 int sfe_unregister_flow_cookie_cb(flow_cookie_set_func_t cb);
 typedef int (*sfe_ipv6_flow_cookie_set_func_t)(u32 protocol, __be32 src_ip[4], __be16 src_port,
 						__be32 dst_ip[4], __be16 dst_port, u16 flow_cookie);
 /*
 * sfe_ipv6_register_flow_cookie_cb
 *	register a function in SFE to let SFE use this function to configure flow cookie for a flow
 *
 * Hardware driver which support flow cookie should register a callback function in SFE. Then SFE
 * can use this function to configure flow cookie for a flow.
 * return: 0, success; !=0, fail
 */
 int sfe_ipv6_register_flow_cookie_cb(sfe_ipv6_flow_cookie_set_func_t cb);
 /*
 * sfe_ipv6_unregister_flow_cookie_cb
 *	unregister function which is used to configure flow cookie for a flow
 *
 * return: 0, success; !=0, fail
 */
 int sfe_ipv6_unregister_flow_cookie_cb(sfe_ipv6_flow_cookie_set_func_t cb);
 #endif /*CONFIG_NF_FLOW_COOKIE*/
--- a/shortcut-fe/src/sfe_backport.h
+++ b/shortcut-fe/src/sfe_backport.h
@ -0,0 +1,195 @@
 /*
 * sfe_backport.h
 *	Shortcut forwarding engine compatible header file.
 *
 * Copyright (c) 2014-2016 The Linux Foundation. All rights reserved.
 * Permission to use, copy, modify, and/or distribute this software for
 * any purpose with or without fee is hereby granted, provided that the
 * above copyright notice and this permission notice appear in all copies.
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
 * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */
 #include <linux/version.h>
 #if (LINUX_VERSION_CODE >= KERNEL_VERSION(3, 4, 0))
 #if (LINUX_VERSION_CODE >= KERNEL_VERSION(3, 7, 0))
 #include <net/netfilter/nf_conntrack_timeout.h>
 #else
 enum udp_conntrack {
 	UDP_CT_UNREPLIED,
 	UDP_CT_REPLIED,
 	UDP_CT_MAX
 };
 static inline unsigned int *
 nf_ct_timeout_lookup(struct net *net, struct nf_conn *ct,
 		     struct nf_conntrack_l4proto *l4proto)
 {
 #ifdef CONFIG_NF_CONNTRACK_TIMEOUT
 	struct nf_conn_timeout *timeout_ext;
 	unsigned int *timeouts;
 	timeout_ext = nf_ct_timeout_find(ct);
 	if (timeout_ext)
 		timeouts = NF_CT_TIMEOUT_EXT_DATA(timeout_ext);
 	else
 		timeouts = l4proto->get_timeouts(net);
 	return timeouts;
 #else
 	return l4proto->get_timeouts(net);
 #endif /*CONFIG_NF_CONNTRACK_TIMEOUT*/
 }
 #endif /*KERNEL_VERSION(3, 7, 0)*/
 #endif /*KERNEL_VERSION(3, 4, 0)*/
 #if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 4, 0))
 #define sfe_define_post_routing_hook(FN_NAME, HOOKNUM, OPS, SKB, UNUSED, OUT, OKFN) \
 static unsigned int FN_NAME(void *priv, \
 			    struct sk_buff *SKB, \
 			    const struct nf_hook_state *state)
 #elif (LINUX_VERSION_CODE >= KERNEL_VERSION(3, 13, 0))
 #define sfe_define_post_routing_hook(FN_NAME, HOOKNUM, OPS, SKB, UNUSED, OUT, OKFN) \
 static unsigned int FN_NAME(const struct nf_hook_ops *OPS, \
 			    struct sk_buff *SKB, \
 			    const struct net_device *UNUSED, \
 			    const struct net_device *OUT, \
 			    int (*OKFN)(struct sk_buff *))
 #else
 #define sfe_define_post_routing_hook(FN_NAME, HOOKNUM, OPS, SKB, UNUSED, OUT, OKFN) \
 static unsigned int FN_NAME(unsigned int HOOKNUM, \
 			    struct sk_buff *SKB, \
 			    const struct net_device *UNUSED, \
 			    const struct net_device *OUT, \
 			    int (*OKFN)(struct sk_buff *))
 #endif
 #define sfe_cm_ipv4_post_routing_hook(HOOKNUM, OPS, SKB, UNUSED, OUT, OKFN) \
 	sfe_define_post_routing_hook(__sfe_cm_ipv4_post_routing_hook, HOOKNUM, OPS, SKB, UNUSED, OUT, OKFN)
 #define sfe_cm_ipv6_post_routing_hook(HOOKNUM, OPS, SKB, UNUSED, OUT, OKFN) \
 	sfe_define_post_routing_hook(__sfe_cm_ipv6_post_routing_hook, HOOKNUM, OPS, SKB, UNUSED, OUT, OKFN)
 #define fast_classifier_ipv4_post_routing_hook(HOOKNUM, OPS, SKB, UNUSED, OUT, OKFN) \
 	sfe_define_post_routing_hook(__fast_classifier_ipv4_post_routing_hook, HOOKNUM, OPS, SKB, UNUSED, OUT, OKFN)
 #define fast_classifier_ipv6_post_routing_hook(HOOKNUM, OPS, SKB, UNUSED, OUT, OKFN) \
 	sfe_define_post_routing_hook(__fast_classifier_ipv6_post_routing_hook, HOOKNUM, OPS, SKB, UNUSED, OUT, OKFN)
 #if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 4, 0))
 #define SFE_IPV4_NF_POST_ROUTING_HOOK(fn) \
 	{						\
 		.hook = fn,				\
 		.pf = NFPROTO_IPV4,			\
 		.hooknum = NF_INET_POST_ROUTING,	\
 		.priority = NF_IP_PRI_NAT_SRC + 1,	\
 	}
 #else
 #define SFE_IPV4_NF_POST_ROUTING_HOOK(fn) \
 	{						\
 		.hook = fn,				\
 		.owner = THIS_MODULE,			\
 		.pf = NFPROTO_IPV4,			\
 		.hooknum = NF_INET_POST_ROUTING,	\
 		.priority = NF_IP_PRI_NAT_SRC + 1,	\
 	}
 #endif
 #if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 4, 0))
 #define SFE_IPV6_NF_POST_ROUTING_HOOK(fn) \
 	{						\
 		.hook = fn,				\
 		.pf = NFPROTO_IPV6,			\
 		.hooknum = NF_INET_POST_ROUTING,	\
 		.priority = NF_IP_PRI_NAT_SRC + 1,	\
 	}
 #else
 #define SFE_IPV6_NF_POST_ROUTING_HOOK(fn) \
 	{						\
 		.hook = fn,				\
 		.owner = THIS_MODULE,			\
 		.pf = NFPROTO_IPV6,			\
 		.hooknum = NF_INET_POST_ROUTING,	\
 		.priority = NF_IP6_PRI_NAT_SRC + 1,	\
 	}
 #endif
 #if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 3, 0))
 #define SFE_NF_CT_DEFAULT_ZONE (&nf_ct_zone_dflt)
 #else
 #define SFE_NF_CT_DEFAULT_ZONE NF_CT_DEFAULT_ZONE
 #endif
 /*
 * sfe_dev_get_master
 * 	get master of bridge port, and hold it
 */
 static inline struct net_device *sfe_dev_get_master(struct net_device *dev)
 {
 	struct net_device *master;
 #if (LINUX_VERSION_CODE >= KERNEL_VERSION(3, 9, 0))
 	rcu_read_lock();
 	master = netdev_master_upper_dev_get_rcu(dev);
 	if (master)
 		dev_hold(master);
 	rcu_read_unlock();
 #else
 	master = dev->master;
 	if (master)
 		dev_hold(master);
 #endif
 	return master;
 }
 #if (LINUX_VERSION_CODE >= KERNEL_VERSION(3, 11, 0))
 #define SFE_DEV_EVENT_PTR(PTR) netdev_notifier_info_to_dev(PTR)
 #else
 #define SFE_DEV_EVENT_PTR(PTR) (struct net_device *)(PTR)
 #endif
 #if (LINUX_VERSION_CODE >= KERNEL_VERSION(3, 13, 0))
 #define SFE_NF_CONN_ACCT(NM) struct nf_conn_acct *NM
 #else
 #define SFE_NF_CONN_ACCT(NM) struct nf_conn_counter *NM
 #endif
 #if (LINUX_VERSION_CODE >= KERNEL_VERSION(3, 13, 0))
 #define SFE_ACCT_COUNTER(NM) ((NM)->counter)
 #else
 #define SFE_ACCT_COUNTER(NM) (NM)
 #endif
 #if (LINUX_VERSION_CODE >= KERNEL_VERSION(3, 9, 0))
 #define sfe_hash_for_each_possible(name, obj, node, member, key) \
 	hash_for_each_possible(name, obj, member, key)
 #else
 #define sfe_hash_for_each_possible(name, obj, node, member, key) \
 	hash_for_each_possible(name, obj, node, member, key)
 #endif
 #if (LINUX_VERSION_CODE >= KERNEL_VERSION(3, 9, 0))
 #define sfe_hash_for_each(name, bkt, node, obj, member) \
 	hash_for_each(name, bkt, obj, member)
 #else
 #define sfe_hash_for_each(name, bkt, node, obj, member) \
 	hash_for_each(name, bkt, node, obj, member)
 #endif
 #if (LINUX_VERSION_CODE >= KERNEL_VERSION(3, 4, 0))
 #define sfe_dst_get_neighbour(dst, daddr) dst_neigh_lookup(dst, daddr)
 #else
 static inline struct neighbour *
 sfe_dst_get_neighbour(struct dst_entry *dst, void *daddr)
 {
 	struct neighbour *neigh = dst_get_neighbour_noref(dst);
 	if (neigh)
 		neigh_hold(neigh);
 	return neigh;
 }
 #endif
--- a/shortcut-fe/shortcut-fe/src/sfe_cm.c
+++ b/shortcut-fe/shortcut-fe/src/sfe_cm.c
@ -2,7 +2,7 @@
 * sfe-cm.c
 *	Shortcut forwarding engine connection manager.
 *
- * Copyright (c) 2013-2018, 2020 The Linux Foundation. All rights reserved.
+ * Copyright (c) 2013-2018 The Linux Foundation. All rights reserved.
 * Permission to use, copy, modify, and/or distribute this software for
 * any purpose with or without fee is hereby granted, provided that the
 * above copyright notice and this permission notice appear in all copies.
@ -199,7 +199,7 @@ int sfe_cm_recv(struct sk_buff *skb)
 * structure, obtain the hardware address.  This means this function also
 * works if the neighbours are routers too.
 */
-static bool sfe_cm_find_dev_and_mac_addr(struct sk_buff *skb, sfe_ip_addr_t *addr, struct net_device **dev, u8 *mac_addr, int is_v4)
+static bool sfe_cm_find_dev_and_mac_addr(sfe_ip_addr_t *addr, struct net_device **dev, u8 *mac_addr, int is_v4)
 {
 	struct neighbour *neigh;
 	struct rtable *rt;
@ -207,15 +207,6 @@ static bool sfe_cm_find_dev_and_mac_addr(struct sk_buff *skb, sfe_ip_addr_t *add
 	struct dst_entry *dst;
 	struct net_device *mac_dev;
 	/*
 	 * If we have skb provided, use it as the original code is unable
 	 * to lookup routes that are policy routed.
 	*/
 	if (unlikely(skb)) {
 		dst = skb_dst(skb);
 		goto skip_dst_lookup;
 	}
 	/*
 	 * Look up the rtable entry for the IP address then get the hardware
 	 * address from its neighbour structure.  This means this work when the
@ -229,11 +220,11 @@ static bool sfe_cm_find_dev_and_mac_addr(struct sk_buff *skb, sfe_ip_addr_t *add
 		dst = (struct dst_entry *)rt;
 	} else {
-#if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 17, 0))
+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 17, 0))
 		rt6 = rt6_lookup(&init_net, (struct in6_addr *)addr->ip6, 0, 0, 0);
 #else
 		rt6 = rt6_lookup(&init_net, (struct in6_addr *)addr->ip6, 0, 0, NULL, 0);
-#endif
+#else
 		rt6 = rt6_lookup(&init_net, (struct in6_addr *)addr->ip6, 0, 0, 0);
 #endif /*KERNEL_VERSION(4, 17, 0)*/
 		if (!rt6) {
 			goto ret_fail;
 		}
@ -241,21 +232,18 @@ static bool sfe_cm_find_dev_and_mac_addr(struct sk_buff *skb, sfe_ip_addr_t *add
 		dst = (struct dst_entry *)rt6;
 	}
 skip_dst_lookup:
 	rcu_read_lock();
 	neigh = sfe_dst_get_neighbour(dst, addr);
 	if (unlikely(!neigh)) {
 		rcu_read_unlock();
-		if (likely(!skb))
+		dst_release(dst);
 			dst_release(dst);
 		goto ret_fail;
 	}
 	if (unlikely(!(neigh->nud_state & NUD_VALID))) {
 		rcu_read_unlock();
 		neigh_release(neigh);
-		if (likely(!skb))
+		dst_release(dst);
 			dst_release(dst);
 		goto ret_fail;
 	}
@ -263,8 +251,7 @@ skip_dst_lookup:
 	if (!mac_dev) {
 		rcu_read_unlock();
 		neigh_release(neigh);
-		if (likely(!skb))
+		dst_release(dst);
 			dst_release(dst);
 		goto ret_fail;
 	}
@ -274,8 +261,7 @@ skip_dst_lookup:
 	*dev = mac_dev;
 	rcu_read_unlock();
 	neigh_release(neigh);
-	if (likely(!skb))
+	dst_release(dst);
 		dst_release(dst);
 	return true;
@ -305,7 +291,6 @@ static unsigned int sfe_cm_post_routing(struct sk_buff *skb, int is_v4)
 	struct net_device *dest_dev;
 	struct net_device *src_dev_tmp;
 	struct net_device *dest_dev_tmp;
 	struct sk_buff *tmp_skb = NULL;
 	struct net_device *src_br_dev = NULL;
 	struct net_device *dest_br_dev = NULL;
 	struct nf_conntrack_tuple orig_tuple;
@ -367,18 +352,16 @@ static unsigned int sfe_cm_post_routing(struct sk_buff *skb, int is_v4)
 		return NF_ACCEPT;
 	}
 #if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 12, 0))
 	/*
 	 * Don't process untracked connections.
 	 */
 #if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 12, 0))
 	if (unlikely(nf_ct_is_untracked(ct))) {
 #else
 	if (unlikely(ctinfo == IP_CT_UNTRACKED)) {
 #endif
 		sfe_cm_incr_exceptions(SFE_CM_EXCEPTION_CT_NO_TRACK);
 		DEBUG_TRACE("untracked connection\n");
 		return NF_ACCEPT;
 	}
 #endif /*KERNEL_VERSION(4, 12, 0)*/
 	/*
 	 * Unconfirmed connection may be dropped by Linux at the final step,
@ -527,21 +510,6 @@ static unsigned int sfe_cm_post_routing(struct sk_buff *skb, int is_v4)
 			return NF_ACCEPT;
 		}
 		spin_unlock_bh(&ct->lock);
 		/*
 		 * Somehow, SFE is not playing nice with IPSec traffic.
 		 * Do not accelerate for now.
 		 */
 		if (ntohs(sic.dest_port) == 4500 || ntohs(sic.dest_port) == 500) {
 			if (likely(is_v4))
 				DEBUG_TRACE("IPsec bypass: %pI4:%d(%pI4:%d) to %pI4:%d(%pI4:%d)\n",
 					&sic.src_ip.ip, ntohs(sic.src_port), &sic.src_ip_xlate.ip, ntohs(sic.src_port_xlate),
 					&sic.dest_ip.ip, ntohs(sic.dest_port), &sic.dest_ip_xlate.ip, ntohs(sic.dest_port_xlate));
 			else
 				DEBUG_TRACE("IPsec bypass: %pI6:%d to %pI6:%d\n",
 					&sic.src_ip.ip6, ntohs(sic.src_port), &sic.dest_ip.ip6, ntohs(sic.dest_port));
 			return NF_ACCEPT;
 		}
 		break;
 	case IPPROTO_UDP:
@ -565,10 +533,10 @@ static unsigned int sfe_cm_post_routing(struct sk_buff *skb, int is_v4)
 	 * For packets de-capsulated from xfrm, we still can accelerate it
 	 * on the direction we just received the packet.
 	 */
-#if (LINUX_VERSION_CODE < KERNEL_VERSION(5, 0, 0))
+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 0, 0))
-	if (unlikely(skb->sp)) {
+	if (unlikely(skb_ext_exist(skb, SKB_EXT_SEC_PATH))) {
 #else
-	if (unlikely(secpath_exists(skb))) {
+	if (unlikely(skb->sp)) {
 #endif
 		if (sic.protocol == IPPROTO_TCP &&
 		    !(sic.flags & SFE_CREATE_FLAG_NO_SEQ_CHECK)) {
@ -596,27 +564,25 @@ static unsigned int sfe_cm_post_routing(struct sk_buff *skb, int is_v4)
 	 * Get the net device and MAC addresses that correspond to the various source and
 	 * destination host addresses.
 	 */
-	if (!sfe_cm_find_dev_and_mac_addr(NULL, &sic.src_ip, &src_dev_tmp, sic.src_mac, is_v4)) {
+	if (!sfe_cm_find_dev_and_mac_addr(&sic.src_ip, &src_dev_tmp, sic.src_mac, is_v4)) {
 		sfe_cm_incr_exceptions(SFE_CM_EXCEPTION_NO_SRC_DEV);
 		return NF_ACCEPT;
 	}
 	src_dev = src_dev_tmp;
-	if (!sfe_cm_find_dev_and_mac_addr(NULL, &sic.src_ip_xlate, &dev, sic.src_mac_xlate, is_v4)) {
+	if (!sfe_cm_find_dev_and_mac_addr(&sic.src_ip_xlate, &dev, sic.src_mac_xlate, is_v4)) {
 		sfe_cm_incr_exceptions(SFE_CM_EXCEPTION_NO_SRC_XLATE_DEV);
 		goto done1;
 	}
 	dev_put(dev);
-	/* Somehow, for IPv6, we need this workaround as well */
+
-	if (unlikely(!is_v4))
+	if (!sfe_cm_find_dev_and_mac_addr(&sic.dest_ip, &dev, sic.dest_mac, is_v4)) {
 		tmp_skb = skb;
 	if (!sfe_cm_find_dev_and_mac_addr(tmp_skb, &sic.dest_ip, &dev, sic.dest_mac, is_v4)) {
 		sfe_cm_incr_exceptions(SFE_CM_EXCEPTION_NO_DEST_DEV);
 		goto done1;
 	}
 	dev_put(dev);
-	if (!sfe_cm_find_dev_and_mac_addr(skb, &sic.dest_ip_xlate, &dest_dev_tmp, sic.dest_mac_xlate, is_v4)) {
+	if (!sfe_cm_find_dev_and_mac_addr(&sic.dest_ip_xlate, &dest_dev_tmp, sic.dest_mac_xlate, is_v4)) {
 		sfe_cm_incr_exceptions(SFE_CM_EXCEPTION_NO_DEST_XLATE_DEV);
 		goto done1;
 	}
@ -722,11 +688,14 @@ static int sfe_cm_conntrack_event(unsigned int events, struct nf_ct_event *item)
 	}
 #if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 12, 0))
 	/*
 	 * If this is an untracked connection then we can't have any state either.
 	 */
 	if (unlikely(nf_ct_is_untracked(ct))) {
 		DEBUG_TRACE("ignoring untracked conn\n");
 		return NOTIFY_DONE;
 	}
-#endif
+#endif /*KERNEL_VERSION(4, 12, 0)*/
 	/*
 	 * We're only interested in destroy events.
@ -856,17 +825,18 @@ static void sfe_cm_sync_rule(struct sfe_connection_sync *sis)
 	ct = nf_ct_tuplehash_to_ctrack(h);
 #if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 9, 0))
 	NF_CT_ASSERT(ct->timeout.data == (unsigned long)ct);
-#endif
+#endif /*KERNEL_VERSION(4, 9, 0)*/
 	/*
 	 * Only update if this is not a fixed timeout
 	 */
 	if (!test_bit(IPS_FIXED_TIMEOUT_BIT, &ct->status)) {
 		spin_lock_bh(&ct->lock);
-#if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 9, 0))
+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 9, 0))
 		ct->timeout.expires += sis->delta_jiffies;
 #else
 		ct->timeout += sis->delta_jiffies;
-#endif
+#else
 		ct->timeout.expires += sis->delta_jiffies;
 #endif /*KERNEL_VERSION(4, 9, 0)*/
 		spin_unlock_bh(&ct->lock);
 	}
@ -921,26 +891,26 @@ static void sfe_cm_sync_rule(struct sfe_connection_sync *sis)
 			if (reply_pkts != 0) {
 				unsigned int *timeouts;
-				struct nf_conntrack_l4proto *l4proto __maybe_unused;
+
 				set_bit(IPS_SEEN_REPLY_BIT, &ct->status);
 				set_bit(IPS_ASSURED_BIT, &ct->status);
-#if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 19, 0))
+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 19, 0))
 				timeouts = nf_ct_timeout_lookup(ct);
 #else
 				struct nf_conntrack_l4proto *l4proto;
 				l4proto = __nf_ct_l4proto_find((sis->is_v6 ? AF_INET6 : AF_INET), IPPROTO_UDP);
 				timeouts = nf_ct_timeout_lookup(&init_net, ct, l4proto);
-				spin_lock_bh(&ct->lock);
+#endif /*KERNEL_VERSION(4, 19, 0)*/
 				ct->timeout.expires = jiffies + timeouts[UDP_CT_REPLIED];
 				spin_unlock_bh(&ct->lock);
 #else
 				timeouts = nf_ct_timeout_lookup(ct);
 				if (!timeouts) {
 					timeouts = udp_get_timeouts(nf_ct_net(ct));
 				}
 				spin_lock_bh(&ct->lock);
 #if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 9, 0))
 				ct->timeout = jiffies + timeouts[UDP_CT_REPLIED];
 #else
 				ct->timeout.expires = jiffies + timeouts[UDP_CT_REPLIED];
 #endif /*KERNEL_VERSION(4, 9, 0)*/
 				spin_unlock_bh(&ct->lock);
 #endif
 			}
 		}
 		break;
@ -1031,9 +1001,6 @@ static int __init sfe_cm_init(void)
 {
 	struct sfe_cm *sc = &__sc;
 	int result = -1;
 #ifdef CONFIG_SFE_ECM
 	int (*fast_recv)(struct sk_buff *skb);
 #endif
 	DEBUG_INFO("SFE CM init\n");
@ -1069,11 +1036,7 @@ static int __init sfe_cm_init(void)
 	/*
 	 * Register our netfilter hooks.
 	 */
 #if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 13, 0))
 	result = nf_register_hooks(sfe_cm_ops_post_routing, ARRAY_SIZE(sfe_cm_ops_post_routing));
 #else
 	result = nf_register_net_hooks(&init_net, sfe_cm_ops_post_routing, ARRAY_SIZE(sfe_cm_ops_post_routing));
 #endif
 	if (result < 0) {
 		DEBUG_ERROR("can't register nf post routing hook: %d\n", result);
 		goto exit3;
@ -1086,30 +1049,22 @@ static int __init sfe_cm_init(void)
 	 */
 #ifdef CONFIG_NF_CONNTRACK_EVENTS
 #ifdef CONFIG_NF_CONNTRACK_CHAIN_EVENTS
-	result = nf_conntrack_register_chain_notifier(&init_net, &sfe_cm_conntrack_notifier);
+	(void)nf_conntrack_register_chain_notifier(&init_net, &sfe_cm_conntrack_notifier);
 #else
 	result = nf_conntrack_register_notifier(&init_net, &sfe_cm_conntrack_notifier);
 #endif
 	if (result < 0) {
 		DEBUG_ERROR("can't register nf notifier hook: %d\n", result);
 		goto exit4;
 	}
 #endif
 #endif
 	spin_lock_init(&sc->lock);
 	/*
 	 * Hook the receive path in the network stack.
 	 */
 #ifdef CONFIG_SFE_ECM
 	rcu_read_lock();
 	fast_recv = rcu_dereference(athrs_fast_nat_recv);
 	rcu_read_unlock();
 	if (!fast_recv) {
 		BUG_ON(athrs_fast_nat_recv);
 	}
 #else
 	BUG_ON(athrs_fast_nat_recv);
 #endif
 	RCU_INIT_POINTER(athrs_fast_nat_recv, sfe_cm_recv);
 	/*
@ -1120,15 +1075,10 @@ static int __init sfe_cm_init(void)
 	return 0;
 #ifdef CONFIG_NF_CONNTRACK_EVENTS
 #ifndef CONFIG_NF_CONNTRACK_CHAIN_EVENTS
 exit4:
 #ifdef CONFIG_NF_CONNTRACK_CHAIN_EVENTS
 #if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 13, 0))
 	nf_unregister_hooks(sfe_cm_ops_post_routing, ARRAY_SIZE(sfe_cm_ops_post_routing));
 #else
 	nf_unregister_net_hooks(&init_net, sfe_cm_ops_post_routing, ARRAY_SIZE(sfe_cm_ops_post_routing));
 #endif
 #endif
 #endif
 exit3:
 	unregister_inet6addr_notifier(&sc->inet6_notifier);
@ -1179,12 +1129,8 @@ static void __exit sfe_cm_exit(void)
 	nf_conntrack_unregister_notifier(&init_net, &sfe_cm_conntrack_notifier);
 #endif
 #endif
 #if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 13, 0))
 	nf_unregister_hooks(sfe_cm_ops_post_routing, ARRAY_SIZE(sfe_cm_ops_post_routing));
 #else
 	nf_unregister_net_hooks(&init_net, sfe_cm_ops_post_routing, ARRAY_SIZE(sfe_cm_ops_post_routing));
-#endif
+
 	unregister_inet6addr_notifier(&sc->inet6_notifier);
 	unregister_inetaddr_notifier(&sc->inet_notifier);
 	unregister_netdevice_notifier(&sc->dev_notifier);
--- a/shortcut-fe/src/sfe_cm.h
+++ b/shortcut-fe/src/sfe_cm.h
@ -0,0 +1,259 @@
 /*
 * sfe_cm.h
 *	Shortcut forwarding engine.
 *
 * Copyright (c) 2013-2016 The Linux Foundation. All rights reserved.
 * Permission to use, copy, modify, and/or distribute this software for
 * any purpose with or without fee is hereby granted, provided that the
 * above copyright notice and this permission notice appear in all copies.
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
 * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */
 /*
 * connection flags.
 */
 #define SFE_CREATE_FLAG_NO_SEQ_CHECK BIT(0)
 					/* Indicates that we should not check sequence numbers */
 #define SFE_CREATE_FLAG_REMARK_PRIORITY BIT(1)
 					/* Indicates that we should remark priority of skb */
 #define SFE_CREATE_FLAG_REMARK_DSCP BIT(2)
 					/* Indicates that we should remark DSCP of packet */
 /*
 * IPv6 address structure
 */
 struct sfe_ipv6_addr {
 	__be32 addr[4];
 };
 typedef union {
 	__be32			ip;
 	struct sfe_ipv6_addr	ip6[1];
 } sfe_ip_addr_t;
 /*
 * connection creation structure.
 */
 struct sfe_connection_create {
 	int protocol;
 	struct net_device *src_dev;
 	struct net_device *dest_dev;
 	u32 flags;
 	u32 src_mtu;
 	u32 dest_mtu;
 	sfe_ip_addr_t src_ip;
 	sfe_ip_addr_t src_ip_xlate;
 	sfe_ip_addr_t dest_ip;
 	sfe_ip_addr_t dest_ip_xlate;
 	__be16 src_port;
 	__be16 src_port_xlate;
 	__be16 dest_port;
 	__be16 dest_port_xlate;
 	u8 src_mac[ETH_ALEN];
 	u8 src_mac_xlate[ETH_ALEN];
 	u8 dest_mac[ETH_ALEN];
 	u8 dest_mac_xlate[ETH_ALEN];
 	u8 src_td_window_scale;
 	u32 src_td_max_window;
 	u32 src_td_end;
 	u32 src_td_max_end;
 	u8 dest_td_window_scale;
 	u32 dest_td_max_window;
 	u32 dest_td_end;
 	u32 dest_td_max_end;
 	u32 mark;
 #ifdef CONFIG_XFRM
 	u32 original_accel;
 	u32 reply_accel;
 #endif
 	u32 src_priority;
 	u32 dest_priority;
 	u32 src_dscp;
 	u32 dest_dscp;
 };
 /*
 * connection destruction structure.
 */
 struct sfe_connection_destroy {
 	int protocol;
 	sfe_ip_addr_t src_ip;
 	sfe_ip_addr_t dest_ip;
 	__be16 src_port;
 	__be16 dest_port;
 };
 typedef enum sfe_sync_reason {
 	SFE_SYNC_REASON_STATS,	/* Sync is to synchronize stats */
 	SFE_SYNC_REASON_FLUSH,	/* Sync is to flush a entry */
 	SFE_SYNC_REASON_DESTROY	/* Sync is to destroy a entry(requested by connection manager) */
 } sfe_sync_reason_t;
 /*
 * Structure used to sync connection stats/state back within the system.
 *
 * NOTE: The addresses here are NON-NAT addresses, i.e. the true endpoint addressing.
 * 'src' is the creator of the connection.
 */
 struct sfe_connection_sync {
 	struct net_device *src_dev;
 	struct net_device *dest_dev;
 	int is_v6;			/* Is it for ipv6? */
 	int protocol;			/* IP protocol number (IPPROTO_...) */
 	sfe_ip_addr_t src_ip;		/* Non-NAT source address, i.e. the creator of the connection */
 	sfe_ip_addr_t src_ip_xlate;	/* NATed source address */
 	__be16 src_port;		/* Non-NAT source port */
 	__be16 src_port_xlate;		/* NATed source port */
 	sfe_ip_addr_t dest_ip;		/* Non-NAT destination address, i.e. to whom the connection was created */
 	sfe_ip_addr_t dest_ip_xlate;	/* NATed destination address */
 	__be16 dest_port;		/* Non-NAT destination port */
 	__be16 dest_port_xlate;		/* NATed destination port */
 	u32 src_td_max_window;
 	u32 src_td_end;
 	u32 src_td_max_end;
 	u64 src_packet_count;
 	u64 src_byte_count;
 	u32 src_new_packet_count;
 	u32 src_new_byte_count;
 	u32 dest_td_max_window;
 	u32 dest_td_end;
 	u32 dest_td_max_end;
 	u64 dest_packet_count;
 	u64 dest_byte_count;
 	u32 dest_new_packet_count;
 	u32 dest_new_byte_count;
 	u32 reason;		/* reason for stats sync message, i.e. destroy, flush, period sync */
 	u64 delta_jiffies;		/* Time to be added to the current timeout to keep the connection alive */
 };
 /*
 * connection mark structure
 */
 struct sfe_connection_mark {
 	int protocol;
 	sfe_ip_addr_t src_ip;
 	sfe_ip_addr_t dest_ip;
 	__be16 src_port;
 	__be16 dest_port;
 	u32 mark;
 };
 /*
 * Expose the hook for the receive processing.
 */
 extern int (*athrs_fast_nat_recv)(struct sk_buff *skb);
 /*
 * Expose what should be a static flag in the TCP connection tracker.
 */
 extern int nf_ct_tcp_no_window_check;
 /*
 * This callback will be called in a timer
 * at 100 times per second to sync stats back to
 * Linux connection track.
 *
 * A RCU lock is taken to prevent this callback
 * from unregistering.
 */
 typedef void (*sfe_sync_rule_callback_t)(struct sfe_connection_sync *);
 /*
 * IPv4 APIs used by connection manager
 */
 int sfe_ipv4_recv(struct net_device *dev, struct sk_buff *skb);
 int sfe_ipv4_create_rule(struct sfe_connection_create *sic);
 void sfe_ipv4_destroy_rule(struct sfe_connection_destroy *sid);
 void sfe_ipv4_destroy_all_rules_for_dev(struct net_device *dev);
 void sfe_ipv4_register_sync_rule_callback(sfe_sync_rule_callback_t callback);
 void sfe_ipv4_update_rule(struct sfe_connection_create *sic);
 void sfe_ipv4_mark_rule(struct sfe_connection_mark *mark);
 #ifdef SFE_SUPPORT_IPV6
 /*
 * IPv6 APIs used by connection manager
 */
 int sfe_ipv6_recv(struct net_device *dev, struct sk_buff *skb);
 int sfe_ipv6_create_rule(struct sfe_connection_create *sic);
 void sfe_ipv6_destroy_rule(struct sfe_connection_destroy *sid);
 void sfe_ipv6_destroy_all_rules_for_dev(struct net_device *dev);
 void sfe_ipv6_register_sync_rule_callback(sfe_sync_rule_callback_t callback);
 void sfe_ipv6_update_rule(struct sfe_connection_create *sic);
 void sfe_ipv6_mark_rule(struct sfe_connection_mark *mark);
 #else
 static inline int sfe_ipv6_recv(struct net_device *dev, struct sk_buff *skb)
 {
 	return 0;
 }
 static inline int sfe_ipv6_create_rule(struct sfe_connection_create *sic)
 {
 	return 0;
 }
 static inline void sfe_ipv6_destroy_rule(struct sfe_connection_destroy *sid)
 {
 	return;
 }
 static inline void sfe_ipv6_destroy_all_rules_for_dev(struct net_device *dev)
 {
 	return;
 }
 static inline void sfe_ipv6_register_sync_rule_callback(sfe_sync_rule_callback_t callback)
 {
 	return;
 }
 static inline void sfe_ipv6_update_rule(struct sfe_connection_create *sic)
 {
 	return;
 }
 static inline void sfe_ipv6_mark_rule(struct sfe_connection_mark *mark)
 {
 	return;
 }
 #endif
 /*
 * sfe_ipv6_addr_equal()
 *	compare ipv6 address
 *
 * return: 1, equal; 0, no equal
 */
 static inline int sfe_ipv6_addr_equal(struct sfe_ipv6_addr *a,
 				      struct sfe_ipv6_addr *b)
 {
 	return a->addr[0] == b->addr[0] &&
 	       a->addr[1] == b->addr[1] &&
 	       a->addr[2] == b->addr[2] &&
 	       a->addr[3] == b->addr[3];
 }
 /*
 * sfe_ipv4_addr_equal()
 *	compare ipv4 address
 *
 * return: 1, equal; 0, no equal
 */
 #define sfe_ipv4_addr_equal(a, b) ((u32)(a) == (u32)(b))
 /*
 * sfe_addr_equal()
 *	compare ipv4 or ipv6 address
 *
 * return: 1, equal; 0, no equal
 */
 static inline int sfe_addr_equal(sfe_ip_addr_t *a,
 				 sfe_ip_addr_t *b, int is_v4)
 {
 	return is_v4 ? sfe_ipv4_addr_equal(a->ip, b->ip) : sfe_ipv6_addr_equal(a->ip6, b->ip6);
 }
--- a/shortcut-fe/shortcut-fe/src/sfe_ipv4.c
+++ b/shortcut-fe/shortcut-fe/src/sfe_ipv4.c
@ -2,7 +2,7 @@
 * sfe_ipv4.c
 *	Shortcut forwarding engine - IPv4 edition.
 *
- * Copyright (c) 2013-2016, 2019-2020 The Linux Foundation. All rights reserved.
+ * Copyright (c) 2013-2016, 2019, The Linux Foundation. All rights reserved.
 * Permission to use, copy, modify, and/or distribute this software for
 * any purpose with or without fee is hereby granted, provided that the
 * above copyright notice and this permission notice appear in all copies.
@ -1311,13 +1311,14 @@ static int sfe_ipv4_recv_udp(struct sfe_ipv4 *si, struct sk_buff *skb, struct ne
 	 * change the cloned skb's data section.
 	 */
 	if (unlikely(skb_cloned(skb))) {
-		DEBUG_TRACE("%px: skb is a cloned skb\n", skb);
+		DEBUG_TRACE("%p: skb is a cloned skb\n", skb);
 		skb = skb_unshare(skb, GFP_ATOMIC);
                if (!skb) {
 			DEBUG_WARN("Failed to unshare the cloned skb\n");
 			si->exception_events[SFE_IPV4_EXCEPTION_EVENT_CLONED_SKB_UNSHARE_ERROR]++;
 			si->packets_not_forwarded++;
 			spin_unlock_bh(&si->lock);
 			return 0;
 		}
@ -1890,13 +1891,14 @@ static int sfe_ipv4_recv_tcp(struct sfe_ipv4 *si, struct sk_buff *skb, struct ne
 	 * change the cloned skb's data section.
 	 */
 	if (unlikely(skb_cloned(skb))) {
-		DEBUG_TRACE("%px: skb is a cloned skb\n", skb);
+		DEBUG_TRACE("%p: skb is a cloned skb\n", skb);
 		skb = skb_unshare(skb, GFP_ATOMIC);
                if (!skb) {
 			DEBUG_WARN("Failed to unshare the cloned skb\n");
 			si->exception_events[SFE_IPV4_EXCEPTION_EVENT_CLONED_SKB_UNSHARE_ERROR]++;
 			si->packets_not_forwarded++;
 			spin_unlock_bh(&si->lock);
 			return 0;
 		}
@ -2510,7 +2512,7 @@ int sfe_ipv4_create_rule(struct sfe_connection_create *sic)
 		spin_unlock_bh(&si->lock);
 		DEBUG_TRACE("connection already exists - mark: %08x, p: %d\n"
-			    "  s: %s:%pxM:%pI4:%u, d: %s:%pxM:%pI4:%u\n",
+			    "  s: %s:%pM:%pI4:%u, d: %s:%pM:%pI4:%u\n",
 			    sic->mark, sic->protocol,
 			    sic->src_dev->name, sic->src_mac, &sic->src_ip.ip, ntohs(sic->src_port),
 			    sic->dest_dev->name, sic->dest_mac, &sic->dest_ip.ip, ntohs(sic->dest_port));
@ -2726,8 +2728,8 @@ int sfe_ipv4_create_rule(struct sfe_connection_create *sic)
 	 * We have everything we need!
 	 */
 	DEBUG_INFO("new connection - mark: %08x, p: %d\n"
-		   "  s: %s:%pxM(%pxM):%pI4(%pI4):%u(%u)\n"
+		   "  s: %s:%pM(%pM):%pI4(%pI4):%u(%u)\n"
-		   "  d: %s:%pxM(%pxM):%pI4(%pI4):%u(%u)\n",
+		   "  d: %s:%pM(%pM):%pI4(%pI4):%u(%u)\n",
 		   sic->mark, sic->protocol,
 		   sic->src_dev->name, sic->src_mac, sic->src_mac_xlate,
 		   &sic->src_ip.ip, &sic->src_ip_xlate.ip, ntohs(sic->src_port), ntohs(sic->src_port_xlate),
@ -2856,17 +2858,17 @@ another_round:
 /*
 * sfe_ipv4_periodic_sync()
 */
-#if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 15, 0))
+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 15, 0))
 static void sfe_ipv4_periodic_sync(struct timer_list *arg)
 #else
 static void sfe_ipv4_periodic_sync(unsigned long arg)
-#else
+#endif /*KERNEL_VERSION(4, 15, 0)*/
 static void sfe_ipv4_periodic_sync(struct timer_list *tl)
 #endif
 {
-#if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 15, 0))
+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 15, 0))
-	struct sfe_ipv4 *si = (struct sfe_ipv4 *)arg;
+	struct sfe_ipv4 *si = (struct sfe_ipv4 *)arg->cust_data;
 #else
-	struct sfe_ipv4 *si = from_timer(si, tl, timer);
+	struct sfe_ipv4 *si = (struct sfe_ipv4 *)arg;
-#endif
+#endif /*KERNEL_VERSION(4, 15, 0)*/
 	u64 now_jiffies;
 	int quota;
 	sfe_sync_rule_callback_t sync_rule_callback;
@ -3545,11 +3547,12 @@ static int __init sfe_ipv4_init(void)
 	/*
 	 * Create a timer to handle periodic statistics.
 	 */
-#if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 15, 0))
+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 15, 0))
 	setup_timer(&si->timer, sfe_ipv4_periodic_sync, (unsigned long)si);
 #else
 	timer_setup(&si->timer, sfe_ipv4_periodic_sync, 0);
-#endif
+	si->timer.cust_data = (unsigned long)si;
 #else
 	setup_timer(&si->timer, sfe_ipv4_periodic_sync, (unsigned long)si);
 #endif /*KERNEL_VERSION(4, 15, 0)*/
 	mod_timer(&si->timer, jiffies + ((HZ + 99) / 100));
 	spin_lock_init(&si->lock);
--- a/shortcut-fe/shortcut-fe/src/sfe_ipv6.c
+++ b/shortcut-fe/shortcut-fe/src/sfe_ipv6.c
@ -2,7 +2,7 @@
 * sfe_ipv6.c
 *	Shortcut forwarding engine - IPv6 support.
 *
- * Copyright (c) 2015-2016, 2019-2020 The Linux Foundation. All rights reserved.
+ * Copyright (c) 2015-2016, 2019, The Linux Foundation. All rights reserved.
 * Permission to use, copy, modify, and/or distribute this software for
 * any purpose with or without fee is hereby granted, provided that the
 * above copyright notice and this permission notice appear in all copies.
@ -1369,13 +1369,14 @@ static int sfe_ipv6_recv_udp(struct sfe_ipv6 *si, struct sk_buff *skb, struct ne
 	 * change the cloned skb's data section.
 	 */
 	if (unlikely(skb_cloned(skb))) {
-		DEBUG_TRACE("%px: skb is a cloned skb\n", skb);
+		DEBUG_TRACE("%p: skb is a cloned skb\n", skb);
 		skb = skb_unshare(skb, GFP_ATOMIC);
                if (!skb) {
 			DEBUG_WARN("Failed to unshare the cloned skb\n");
 			si->exception_events[SFE_IPV6_EXCEPTION_EVENT_CLONED_SKB_UNSHARE_ERROR]++;
 			si->packets_not_forwarded++;
 			spin_unlock_bh(&si->lock);
 			return 0;
 		}
@ -1928,13 +1929,14 @@ static int sfe_ipv6_recv_tcp(struct sfe_ipv6 *si, struct sk_buff *skb, struct ne
 	 * change the cloned skb's data section.
 	 */
 	if (unlikely(skb_cloned(skb))) {
-		DEBUG_TRACE("%px: skb is a cloned skb\n", skb);
+		DEBUG_TRACE("%p: skb is a cloned skb\n", skb);
 		skb = skb_unshare(skb, GFP_ATOMIC);
                if (!skb) {
 			DEBUG_WARN("Failed to unshare the cloned skb\n");
 			si->exception_events[SFE_IPV6_EXCEPTION_EVENT_CLONED_SKB_UNSHARE_ERROR]++;
 			si->packets_not_forwarded++;
 			spin_unlock_bh(&si->lock);
 			return 0;
 		}
@ -2326,7 +2328,7 @@ int sfe_ipv6_recv(struct net_device *dev, struct sk_buff *skb)
 		si->packets_not_forwarded++;
 		spin_unlock_bh(&si->lock);
-		DEBUG_TRACE("payload_len: %u, exceeds len: %u\n", payload_len, (len - (unsigned int)sizeof(struct sfe_ipv6_ip_hdr)));
+		DEBUG_TRACE("payload_len: %u, exceeds len: %u\n", payload_len, (len - sizeof(struct sfe_ipv6_ip_hdr)));
 		return 0;
 	}
@ -2524,7 +2526,7 @@ int sfe_ipv6_create_rule(struct sfe_connection_create *sic)
 		spin_unlock_bh(&si->lock);
 		DEBUG_TRACE("connection already exists - mark: %08x, p: %d\n"
-			    "  s: %s:%pxM:%pI6:%u, d: %s:%pxM:%pI6:%u\n",
+			    "  s: %s:%pM:%pI6:%u, d: %s:%pM:%pI6:%u\n",
 			    sic->mark, sic->protocol,
 			    sic->src_dev->name, sic->src_mac, sic->src_ip.ip6, ntohs(sic->src_port),
 			    sic->dest_dev->name, sic->dest_mac, sic->dest_ip.ip6, ntohs(sic->dest_port));
@ -2740,8 +2742,8 @@ int sfe_ipv6_create_rule(struct sfe_connection_create *sic)
 	 * We have everything we need!
 	 */
 	DEBUG_INFO("new connection - mark: %08x, p: %d\n"
-		   "  s: %s:%pxM(%pxM):%pI6(%pI6):%u(%u)\n"
+		   "  s: %s:%pM(%pM):%pI6(%pI6):%u(%u)\n"
-		   "  d: %s:%pxM(%pxM):%pI6(%pI6):%u(%u)\n",
+		   "  d: %s:%pM(%pM):%pI6(%pI6):%u(%u)\n",
 		   sic->mark, sic->protocol,
 		   sic->src_dev->name, sic->src_mac, sic->src_mac_xlate,
 		   sic->src_ip.ip6, sic->src_ip_xlate.ip6, ntohs(sic->src_port), ntohs(sic->src_port_xlate),
@ -2864,17 +2866,17 @@ another_round:
 /*
 * sfe_ipv6_periodic_sync()
 */
-#if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 15, 0))
+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 15, 0))
 static void sfe_ipv6_periodic_sync(struct timer_list *arg)
 #else
 static void sfe_ipv6_periodic_sync(unsigned long arg)
-#else
+#endif /*KERNEL_VERSION(4, 15, 0)*/
 static void sfe_ipv6_periodic_sync(struct timer_list *tl)
 #endif
 {
-#if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 15, 0))
+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 15, 0))
-	struct sfe_ipv6 *si = (struct sfe_ipv6 *)arg;
+	struct sfe_ipv6 *si = (struct sfe_ipv6 *)arg->cust_data;
 #else
-	struct sfe_ipv6 *si = from_timer(si, tl, timer);
+	struct sfe_ipv6 *si = (struct sfe_ipv6 *)arg;
-#endif
+#endif /*KERNEL_VERSION(4, 15, 0)*/
 	u64 now_jiffies;
 	int quota;
 	sfe_sync_rule_callback_t sync_rule_callback;
@ -3553,11 +3555,12 @@ static int __init sfe_ipv6_init(void)
 	/*
 	 * Create a timer to handle periodic statistics.
 	 */
-#if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 15, 0))
+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 15, 0))
 	setup_timer(&si->timer, sfe_ipv6_periodic_sync, (unsigned long)si);
 #else
 	timer_setup(&si->timer, sfe_ipv6_periodic_sync, 0);
-#endif
+	si->timer.cust_data = (unsigned long)si;
 #else
 	setup_timer(&si->timer, sfe_ipv6_periodic_sync, (unsigned long)si);
 #endif /*KERNEL_VERSION(4, 15, 0)*/
 	mod_timer(&si->timer, jiffies + ((HZ + 99) / 100));
 	spin_lock_init(&si->lock);