diff --git a/6in4/Makefile b/6in4/Makefile new file mode 100755 index 000000000..d0f2ad30c --- /dev/null +++ b/6in4/Makefile @@ -0,0 +1,45 @@ +# +# Copyright (C) 2010-2015 OpenWrt.org +# Copyright (C) 2018-2019 Ycarus (Yannick Chabanois) +# - Added gateway setting +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=6in4 +PKG_VERSION:=270 +PKG_RELEASE:=2 +PKG_LICENSE:=GPL-2.0 + +include $(INCLUDE_DIR)/package.mk + +define Package/6in4 + SECTION:=net + CATEGORY:=Network + DEPENDS:=@IPV6 +kmod-sit +uclient-fetch + TITLE:=IPv6-in-IPv4 configuration support + MAINTAINER:=Jo-Philipp Wich + PKGARCH:=all +endef + +define Package/6in4/description +Provides support for 6in4 tunnels in /etc/config/network. +Refer to http://wiki.openwrt.org/doc/uci/network for +configuration details. +endef + +define Build/Compile +endef + +define Build/Configure +endef + +define Package/6in4/install + $(INSTALL_DIR) $(1)/lib/netifd/proto + $(INSTALL_BIN) ./files/6in4.sh $(1)/lib/netifd/proto/6in4.sh +endef + +$(eval $(call BuildPackage,6in4)) diff --git a/6in4/files/6in4.sh b/6in4/files/6in4.sh new file mode 100755 index 000000000..cf17c86d8 --- /dev/null +++ b/6in4/files/6in4.sh @@ -0,0 +1,149 @@ +#!/bin/sh +# 6in4.sh - IPv6-in-IPv4 tunnel backend +# Copyright (c) 2010-2015 OpenWrt.org + +[ -n "$INCLUDE_ONLY" ] || { + . /lib/functions.sh + . /lib/functions/network.sh + . ../netifd-proto.sh + init_proto "$@" +} + +proto_6in4_update() { + sh -c ' + timeout=5 + + (while [ $((timeout--)) -gt 0 ]; do + sleep 1 + kill -0 $$ || exit 0 + done; kill -9 $$) 2>/dev/null & + + exec "$@" + ' "$1" "$@" +} + +proto_6in4_add_prefix() { + append "$3" "$1" +} + +proto_6in4_setup() { + local cfg="$1" + local iface="$2" + local link="6in4-$cfg" + + local mtu ttl tos ipaddr peeraddr ip6addr ip6prefix ip6prefixes tunlink tunnelid username password updatekey gateway + json_get_vars mtu ttl tos ipaddr peeraddr ip6addr tunlink tunnelid username password updatekey gateway + json_for_each_item proto_6in4_add_prefix ip6prefix ip6prefixes + + [ -z "$peeraddr" ] && { + proto_notify_error "$cfg" "MISSING_ADDRESS" + proto_block_restart "$cfg" + return + } + + [ -n "$tunlink" ] && ( proto_add_host_dependency "$cfg" "$peeraddr" "$tunlink" ) + + [ -z "$ipaddr" ] && { + local wanif="$tunlink" + if [ -z "$wanif" ] && ! network_find_wan wanif; then + proto_notify_error "$cfg" "NO_WAN_LINK" + return + fi + + if ! network_get_ipaddr ipaddr "$wanif"; then + proto_notify_error "$cfg" "NO_WAN_LINK" + return + fi + } + + proto_init_update "$link" 1 + + [ -n "$ip6addr" ] && { + local local6="${ip6addr%%/*}" + local mask6="${ip6addr##*/}" + [[ "$local6" = "$mask6" ]] && mask6= + proto_add_ipv6_address "$local6" "$mask6" + proto_add_ipv6_route "::" 0 "" "" "" "$local6/$mask6" + } + + [ -n "$gateway" ] && { + proto_add_ipv6_route "::" 0 "$gateway" + } + + for ip6prefix in $ip6prefixes; do + proto_add_ipv6_prefix "$ip6prefix" + proto_add_ipv6_route "::" 0 "" "" "" "$ip6prefix" + done + + proto_add_tunnel + json_add_string mode sit + json_add_int mtu "${mtu:-1280}" + json_add_int ttl "${ttl:-64}" + [ -n "$tos" ] && json_add_string tos "$tos" + json_add_string local "$ipaddr" + json_add_string remote "$peeraddr" + [ -n "$tunlink" ] && json_add_string link "$tunlink" + proto_close_tunnel + + proto_send_update "$cfg" + + [ -n "$tunnelid" -a -n "$username" -a \( -n "$password" -o -n "$updatekey" \) ] && { + [ -n "$updatekey" ] && password="$updatekey" + + local http="http" + local urlget="uclient-fetch" + local urlget_opts="-qO-" + local ca_path="${SSL_CERT_DIR:-/etc/ssl/certs}" + + [ -f /lib/libustream-ssl.so ] && http=https + [ "$http" = "https" -a -z "$(find $ca_path -name "*.0" 2>/dev/null)" ] && { + urlget_opts="$urlget_opts --no-check-certificate" + } + + local url="$http://ipv4.tunnelbroker.net/nic/update?hostname=$tunnelid" + local try=0 + local max=3 + + ( + set -o pipefail + while [ $((++try)) -le $max ]; do + if proto_6in4_update $urlget $urlget_opts --user="$username" --password="$password" "$url" 2>&1 | \ + sed -e 's,^Killed$,timeout,' -e "s,^,update $try/$max: ," | \ + logger -t "$link"; + then + logger -t "$link" "updated" + return 0 + fi + sleep 5 + done + logger -t "$link" "update failed" + ) + } +} + +proto_6in4_teardown() { + local cfg="$1" +} + +proto_6in4_init_config() { + no_device=1 + available=1 + + proto_config_add_string "ipaddr" + proto_config_add_string "ip6addr" + proto_config_add_array "ip6prefix" + proto_config_add_string "peeraddr" + proto_config_add_string "tunlink" + proto_config_add_string "tunnelid" + proto_config_add_string "username" + proto_config_add_string "password" + proto_config_add_string "updatekey" + proto_config_add_string "gateway" + proto_config_add_int "mtu" + proto_config_add_int "ttl" + proto_config_add_string "tos" +} + +[ -n "$INCLUDE_ONLY" ] || { + add_protocol 6in4 +} diff --git a/CLA-entity.md b/CLA-entity.md old mode 100644 new mode 100755 diff --git a/CLA-individual.md b/CLA-individual.md old mode 100644 new mode 100755 diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md old mode 100644 new mode 100755 diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md old mode 100644 new mode 100755 diff --git a/LICENSE b/LICENSE old mode 100644 new mode 100755 diff --git a/README.md b/README.md old mode 100644 new mode 100755 diff --git a/aquantia/Makefile b/aquantia/Makefile old mode 100644 new mode 100755 diff --git a/bcm27xx-eeprom/Makefile b/bcm27xx-eeprom/Makefile deleted file mode 100644 index 1dcf6883b..000000000 --- a/bcm27xx-eeprom/Makefile +++ /dev/null @@ -1,58 +0,0 @@ -include $(TOPDIR)/rules.mk - -PKG_NAME:=bcm27xx-eeprom -PKG_VERSION:=47976e4409c6999a8e211976c75c60a97c90275c -PKG_RELEASE:=4 - -PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz -PKG_SOURCE_URL:=https://codeload.github.com/raspberrypi/rpi-eeprom/tar.gz/$(PKG_VERSION)? -PKG_HASH:=skip - -PKG_LICENSE:=BSD-3-Clause Custom -PKG_LICENSE_FILES:=LICENSE - -PKG_MAINTAINER:=Álvaro Fernández Rojas - -include $(INCLUDE_DIR)/package.mk - -TAR_OPTIONS:=--strip-components 1 $(TAR_OPTIONS) -TAR_CMD=$(HOST_TAR) -C $(1) $(TAR_OPTIONS) - -define Package/bcm27xx-eeprom - SECTION:=utils - CATEGORY:=Utilities - DEPENDS:=bcm27xx-userland +blkid +pciutils +python3-light +coreutils +coreutils-od - TITLE:=BCM27xx EEPROM tools -endef - -define Package/bcm27xx-eeprom/description - BCM27xx EEPROM tools. -endef - -define Build/Compile - true -endef - -define Package/bcm27xx-eeprom/conffiles -/etc/bcm27xx-eeprom.conf -endef - -define Package/bcm27xx-eeprom/install - $(INSTALL_DIR) $(1)/etc - $(INSTALL_CONF) $(PKG_BUILD_DIR)/rpi-eeprom-update-default $(1)/etc/bcm27xx-eeprom.conf - - $(INSTALL_DIR) $(1)/usr/bin - $(INSTALL_BIN) $(PKG_BUILD_DIR)/rpi-eeprom-config $(1)/usr/bin - $(INSTALL_BIN) $(PKG_BUILD_DIR)/rpi-eeprom-update $(1)/usr/bin - - $(INSTALL_DIR) $(1)/lib/firmware/raspberrypi/bootloader - $(CP) $(PKG_BUILD_DIR)/firmware/release-notes.md $(1)/lib/firmware/raspberrypi/bootloader - - $(INSTALL_DIR) $(1)/lib/firmware/raspberrypi/bootloader/critical - $(CP) $(PKG_BUILD_DIR)/firmware/critical/ $(1)/lib/firmware/raspberrypi/bootloader/ - - $(INSTALL_DIR) $(1)/lib/firmware/raspberrypi/bootloader/stable - $(CP) $(PKG_BUILD_DIR)/firmware/stable/ $(1)/lib/firmware/raspberrypi/bootloader/ -endef - -$(eval $(call BuildPackage,bcm27xx-eeprom)) diff --git a/bcm27xx-eeprom/patches/0001-rpi-eeprom-update-OpenWrt-defaults.patch b/bcm27xx-eeprom/patches/0001-rpi-eeprom-update-OpenWrt-defaults.patch deleted file mode 100644 index 7fc10a8a5..000000000 --- a/bcm27xx-eeprom/patches/0001-rpi-eeprom-update-OpenWrt-defaults.patch +++ /dev/null @@ -1,45 +0,0 @@ -From da37f7b051fe6833e25e78184cc9217dd4379187 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?=C3=81lvaro=20Fern=C3=A1ndez=20Rojas?= -Date: Mon, 23 Mar 2020 10:10:55 +0100 -Subject: [PATCH] rpi-eeprom-update: OpenWrt defaults -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Signed-off-by: Álvaro Fernández Rojas ---- - rpi-eeprom-update | 6 +++--- - rpi-eeprom-update-default | 5 +++-- - 2 files changed, 6 insertions(+), 5 deletions(-) - ---- a/rpi-eeprom-update -+++ b/rpi-eeprom-update -@@ -24,12 +24,12 @@ else - fi - - # Selects the release sub-directory --FIRMWARE_RELEASE_STATUS=${FIRMWARE_RELEASE_STATUS:-default} -+FIRMWARE_RELEASE_STATUS=${FIRMWARE_RELEASE_STATUS:-stable} - FIRMWARE_IMAGE_DIR=${FIRMWARE_IMAGE_DIR:-${FIRMWARE_ROOT}/${FIRMWARE_RELEASE_STATUS}} --FIRMWARE_BACKUP_DIR=${FIRMWARE_BACKUP_DIR:-/var/lib/raspberrypi/bootloader/backup} -+FIRMWARE_BACKUP_DIR=${FIRMWARE_BACKUP_DIR:-${FIRMWARE_ROOT}/backup} - ENABLE_VL805_UPDATES=${ENABLE_VL805_UPDATES:-1} - RECOVERY_BIN=${RECOVERY_BIN:-${FIRMWARE_ROOT}/${FIRMWARE_RELEASE_STATUS}/recovery.bin} - BOOTFS=${BOOTFS:-/boot} - CM4_ENABLE_RPI_EEPROM_UPDATE=${CM4_ENABLE_RPI_EEPROM_UPDATE:-0} - RPI_EEPROM_UPDATE_CONFIG_TOOL="${RPI_EEPROM_UPDATE_CONFIG_TOOL:-raspi-config}" - ---- a/rpi-eeprom-update-default -+++ b/rpi-eeprom-update-default -@@ -1,8 +1,9 @@ - - FIRMWARE_ROOT=/lib/firmware/raspberrypi/bootloader --FIRMWARE_RELEASE_STATUS="critical" -+FIRMWARE_RELEASE_STATUS="stable" - FIRMWARE_IMAGE_DIR="${FIRMWARE_ROOT}/${FIRMWARE_RELEASE_STATUS}" --FIRMWARE_BACKUP_DIR="/var/lib/raspberrypi/bootloader/backup" -+FIRMWARE_BACKUP_DIR="${FIRMWARE_ROOT}/backup" - BOOTFS=/boot - USE_FLASHROM=0 - EEPROM_CONFIG_HOOK= -+VCMAILBOX=/usr/bin/vcmailbox diff --git a/bcm27xx-eeprom/patches/0003-rpi-eeprom-update-change-default-include-path.patch b/bcm27xx-eeprom/patches/0003-rpi-eeprom-update-change-default-include-path.patch deleted file mode 100644 index f24a9c3f1..000000000 --- a/bcm27xx-eeprom/patches/0003-rpi-eeprom-update-change-default-include-path.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 6674d49dea0104031b3f54df4c7a356dc4307bb2 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?=C3=81lvaro=20Fern=C3=A1ndez=20Rojas?= -Date: Wed, 25 Mar 2020 20:58:35 +0100 -Subject: [PATCH] rpi-eeprom-update: change default include path -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Signed-off-by: Álvaro Fernández Rojas ---- - rpi-eeprom-update | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - ---- a/rpi-eeprom-update -+++ b/rpi-eeprom-update -@@ -6,8 +6,8 @@ set -e - - script_dir=$(cd "$(dirname "$0")" && pwd) - --if [ -f /etc/default/rpi-eeprom-update ]; then -- . /etc/default/rpi-eeprom-update -+if [ -f /etc/bcm27xx-eeprom.conf ]; then -+ . /etc/bcm27xx-eeprom.conf - fi - - LOCAL_MODE=0 diff --git a/bcm27xx-eeprom/patches/0004-rpi-eeprom-update-remove-chmod.patch b/bcm27xx-eeprom/patches/0004-rpi-eeprom-update-remove-chmod.patch deleted file mode 100644 index a79fa89b1..000000000 --- a/bcm27xx-eeprom/patches/0004-rpi-eeprom-update-remove-chmod.patch +++ /dev/null @@ -1,24 +0,0 @@ ---- a/rpi-eeprom-update 2020-11-05 21:58:02.247836497 +0100 -+++ b/rpi-eeprom-update 2020-11-05 21:58:36.911266307 +0100 -@@ -212,8 +212,8 @@ - || die "Failed to copy ${TMP_EEPROM_IMAGE} to ${BOOTFS}" - - # For NFS mounts ensure that the files are readable to the TFTP user -- chmod -f go+r "${BOOTFS}/pieeprom.upd" "${BOOTFS}/pieeprom.sig" \ -- || die "Failed to set permissions on eeprom update files" -+ #chmod -f go+r "${BOOTFS}/pieeprom.upd" "${BOOTFS}/pieeprom.sig" \ -+ # || die "Failed to set permissions on eeprom update files" - fi - - if [ -n "${VL805_UPDATE_IMAGE}" ]; then -@@ -224,8 +224,8 @@ - || die "Failed to copy ${VL805_UPDATE_IMAGE} to ${BOOTFS}/vl805.bin" - - # For NFS mounts ensure that the files are readable to the TFTP user -- chmod -f go+r "${BOOTFS}/vl805.bin" "${BOOTFS}/vl805.sig" \ -- || die "Failed to set permissions on eeprom update files" -+ #chmod -f go+r "${BOOTFS}/vl805.bin" "${BOOTFS}/vl805.sig" \ -+ # || die "Failed to set permissions on eeprom update files" - fi - - cp -f "${RECOVERY_BIN}" "${BOOTFS}/recovery.bin" \ diff --git a/contributors/cr3ative.md b/contributors/cr3ative.md old mode 100644 new mode 100755 diff --git a/contributors/example.md b/contributors/example.md old mode 100644 new mode 100755 diff --git a/cryptodev-linux/Makefile b/cryptodev-linux/Makefile deleted file mode 100644 index 0c1f63a60..000000000 --- a/cryptodev-linux/Makefile +++ /dev/null @@ -1,58 +0,0 @@ -# -# Copyright (C) 2014 OpenWrt.org -# -# This is free software, licensed under the GNU General Public License v2. -# See /LICENSE for more information. -# -# $Id$ - -include $(TOPDIR)/rules.mk -include $(INCLUDE_DIR)/kernel.mk - -PKG_NAME:=cryptodev-linux -PKG_VERSION:=1.12 -PKG_RELEASE:=1 - -PKG_SOURCE_URL:=https://codeload.github.com/$(PKG_NAME)/$(PKG_NAME)/tar.gz/$(PKG_NAME)-$(PKG_VERSION)? -PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz -PKG_HASH:=f51c2254749233b1b1d7ec9445158bd709f124f88e1c650fe2faac83c3a81938 -PKG_LICENSE:=GPL-2.0 -PKG_LICENSE_FILES:=COPYING - -PKG_MAINTAINER:=Ansuel Smith - -PKG_BUILD_DIR:=$(KERNEL_BUILD_DIR)/$(PKG_NAME)-$(PKG_NAME)-$(PKG_VERSION) - -include $(INCLUDE_DIR)/package.mk - -define KernelPackage/cryptodev - SUBMENU:=Cryptographic API modules - TITLE:=Driver for cryptographic acceleration - URL:=http://cryptodev-linux.org/ - VERSION:=$(LINUX_VERSION)+$(PKG_VERSION)-$(BOARD)-$(PKG_RELEASE) - DEPENDS:=+kmod-crypto-authenc +kmod-crypto-hash - FILES:=$(PKG_BUILD_DIR)/cryptodev.$(LINUX_KMOD_SUFFIX) - AUTOLOAD:=$(call AutoLoad,50,cryptodev) - MODPARAMS.cryptodev:=cryptodev_verbosity=-1 -endef - -define KernelPackage/cryptodev/description - This is a driver for that allows to use the Linux kernel supported - hardware ciphers by user-space applications. -endef - -define Build/Configure -endef - -define Build/Compile - $(MAKE) -C $(PKG_BUILD_DIR) \ - $(KERNEL_MAKE_FLAGS) \ - KERNEL_DIR="$(LINUX_DIR)" -endef - -define Build/InstallDev - $(INSTALL_DIR) $(STAGING_DIR)/usr/include/crypto - $(CP) $(PKG_BUILD_DIR)/crypto/cryptodev.h $(STAGING_DIR)/usr/include/crypto/ -endef - -$(eval $(call KernelPackage,cryptodev)) diff --git a/dsvpn/Makefile b/dsvpn/Makefile old mode 100644 new mode 100755 diff --git a/dsvpn/patches/nofirewall.patch b/dsvpn/patches/nofirewall.patch old mode 100644 new mode 100755 diff --git a/dsvpn/patches/nostrip.patch b/dsvpn/patches/nostrip.patch old mode 100644 new mode 100755 diff --git a/glorytun-udp/Makefile b/glorytun-udp/Makefile old mode 100644 new mode 100755 diff --git a/glorytun-udp/patches/aegis-arm.patch b/glorytun-udp/patches/aegis-arm.patch old mode 100644 new mode 100755 diff --git a/glorytun/Makefile b/glorytun/Makefile old mode 100644 new mode 100755 diff --git a/glorytun/glorytun.config b/glorytun/glorytun.config old mode 100644 new mode 100755 diff --git a/golang/golang-golang-x-crypto/Makefile b/golang-golang-x-crypto/Makefile old mode 100644 new mode 100755 similarity index 95% rename from golang/golang-golang-x-crypto/Makefile rename to golang-golang-x-crypto/Makefile index b2d09364f..707a8edee --- a/golang/golang-golang-x-crypto/Makefile +++ b/golang-golang-x-crypto/Makefile @@ -27,7 +27,7 @@ GO_PKG:=golang.org/x/crypto GO_PKG_SOURCE_ONLY:=1 include $(INCLUDE_DIR)/package.mk -include ../golang-package.mk +include $(TOPDIR)/feeds/packages/lang/golang/golang-package.mk define Package/golang-golang-x-crypto-dev $(call GoPackage/GoSubMenu) diff --git a/golang/golang-golang-x-net/Makefile b/golang-golang-x-net/Makefile old mode 100644 new mode 100755 similarity index 96% rename from golang/golang-golang-x-net/Makefile rename to golang-golang-x-net/Makefile index 979d9be7f..49a67b987 --- a/golang/golang-golang-x-net/Makefile +++ b/golang-golang-x-net/Makefile @@ -29,7 +29,7 @@ GO_PKG:=golang.org/x/net GO_PKG_SOURCE_ONLY:=1 include $(INCLUDE_DIR)/package.mk -include ../golang-package.mk +include $(TOPDIR)/feeds/packages/lang/golang/golang-package.mk define Package/golang-golang-x-net-dev $(call GoPackage/GoSubMenu) diff --git a/golang/golang-golang-x-sys/Makefile b/golang-golang-x-sys/Makefile old mode 100644 new mode 100755 similarity index 94% rename from golang/golang-golang-x-sys/Makefile rename to golang-golang-x-sys/Makefile index 5350f3cbe..89a043c1c --- a/golang/golang-golang-x-sys/Makefile +++ b/golang-golang-x-sys/Makefile @@ -27,7 +27,7 @@ GO_PKG:=golang.org/x/sys GO_PKG_SOURCE_ONLY:=1 include $(INCLUDE_DIR)/package.mk -include ../golang-package.mk +include $(TOPDIR)/feeds/packages/lang/golang/golang-package.mk define Package/golang-golang-x-sys-dev $(call GoPackage/GoSubMenu) diff --git a/golang/golang-golang-x-text/Makefile b/golang-golang-x-text/Makefile old mode 100644 new mode 100755 similarity index 95% rename from golang/golang-golang-x-text/Makefile rename to golang-golang-x-text/Makefile index e3b1120b9..edffb8236 --- a/golang/golang-golang-x-text/Makefile +++ b/golang-golang-x-text/Makefile @@ -29,7 +29,7 @@ GO_PKG:=golang.org/x/text GO_PKG_SOURCE_ONLY:=1 include $(INCLUDE_DIR)/package.mk -include ../golang-package.mk +include $(TOPDIR)/feeds/packages/lang/golang/golang-package.mk define Package/golang-golang-x-text-dev $(call GoPackage/GoSubMenu) diff --git a/golang-protobuf/Makefile b/golang-protobuf/Makefile old mode 100644 new mode 100755 index 04cc930f4..1dd992c0f --- a/golang-protobuf/Makefile +++ b/golang-protobuf/Makefile @@ -25,7 +25,7 @@ GO_PKG:=github.com/golang/protobuf GO_PKG_SOURCE_ONLY:=1 include $(INCLUDE_DIR)/package.mk -include ../golang/golang-package.mk +include $(TOPDIR)/feeds/packages/lang/golang/golang-package.mk define Package/golang-protobuf-dev $(call GoPackage/GoSubMenu) diff --git a/golang/golang-build.sh b/golang/golang-build.sh deleted file mode 100644 index 5e40436bb..000000000 --- a/golang/golang-build.sh +++ /dev/null @@ -1,204 +0,0 @@ -#!/bin/sh - -nl=" -" - -log() { - # shellcheck disable=SC2039 - local IFS=" " - printf '%s\n' "$*" -} - -log_error() { - # shellcheck disable=SC2039 - local IFS=" " - printf 'Error: %s\n' "$*" >&2 -} - -link_contents() { - # shellcheck disable=SC2039 - local src="$1" dest="$2" IFS="$nl" dirs dir base - - if [ -n "$(find "$src" -mindepth 1 -maxdepth 1 -name "*.go" -not -type d)" ]; then - log_error "$src is already a Go library" - return 1 - fi - - dirs="$(find "$src" -mindepth 1 -maxdepth 1 -type d)" - for dir in $dirs; do - base="${dir##*/}" - if [ -d "$dest/$base" ]; then - case "$dir" in - *$GO_BUILD_DEPENDS_SRC/$GO_PKG) - log "$GO_PKG is already installed. Please check for circular dependencies." - ;; - *) - link_contents "$src/$base" "$dest/$base" - ;; - esac - else - log "...${src#$GO_BUILD_DEPENDS_SRC}/$base" - ln -sf "$src/$base" "$dest/$base" - fi - done - - return 0 -} - -configure() { - # shellcheck disable=SC2039 - local files code testdata gomod pattern extra IFS file dest - - cd "$BUILD_DIR" || return 1 - - files="$(find ./ -path "*/.*" -prune -o -not -type d -print)" - - if [ "$GO_INSTALL_ALL" != 1 ]; then - code="$(printf '%s\n' "$files" | grep '\.\(c\|cc\|cpp\|go\|h\|hh\|hpp\|proto\|s\)$')" - testdata="$(printf '%s\n' "$files" | grep '/testdata/')" - gomod="$(printf '%s\n' "$files" | grep '/go\.\(mod\|sum\)$')" - - for pattern in $GO_INSTALL_EXTRA; do - extra="$(printf '%s\n' "$extra"; printf '%s\n' "$files" | grep -e "$pattern")" - done - - files="$(printf '%s\n%s\n%s\n%s\n' "$code" "$testdata" "$gomod" "$extra" | grep -v '^[[:space:]]*$' | sort -u)" - fi - - IFS="$nl" - - log "Copying files from $BUILD_DIR into $GO_BUILD_DIR/src/$GO_PKG" - mkdir -p "$GO_BUILD_DIR/src" - for file in $files; do - log "${file#./}" - dest="$GO_BUILD_DIR/src/$GO_PKG/${file#./}" - mkdir -p "${dest%/*}" - cp -fpR "$file" "$dest" - done - log - - if [ "$GO_SOURCE_ONLY" != 1 ]; then - if [ -d "$GO_BUILD_DEPENDS_SRC" ]; then - log "Symlinking directories from $GO_BUILD_DEPENDS_SRC into $GO_BUILD_DIR/src" - link_contents "$GO_BUILD_DEPENDS_SRC" "$GO_BUILD_DIR/src" - else - log "$GO_BUILD_DEPENDS_SRC does not exist, skipping symlinks" - fi - else - log "Not building binaries, skipping symlinks" - fi - log - - return 0 -} - -build() { - # shellcheck disable=SC2039 - local modargs pattern targets retval - - cd "$GO_BUILD_DIR" || return 1 - - if [ -f "$BUILD_DIR/go.mod" ] ; then - mkdir -p "$GO_MOD_CACHE_DIR" - modargs="$GO_MOD_ARGS" - fi - - log "Finding targets" - # shellcheck disable=SC2086 - targets="$(go list $modargs $GO_BUILD_PKG)" - for pattern in $GO_EXCLUDES; do - targets="$(printf '%s\n' "$targets" | grep -v "$pattern")" - done - log - - if [ "$GO_GO_GENERATE" = 1 ]; then - log "Calling go generate" - # shellcheck disable=SC2086 - GOOS='' GOARCH='' GO386='' GOARM='' GOMIPS='' GOMIPS64='' \ - go generate -v $targets - log - fi - - if [ "$GO_SOURCE_ONLY" = 1 ]; then - return 0 - fi - - log "Building targets" - mkdir -p "$GO_BUILD_DIR/bin" "$GO_BUILD_CACHE_DIR" - # shellcheck disable=SC2086 - go install $modargs "$@" $targets - retval="$?" - log - - if [ "$retval" -eq 0 ] && [ -z "$(find "$GO_BUILD_BIN_DIR" -maxdepth 0 -type d -not -empty 2>/dev/null)" ]; then - log_error "No binaries were built" - retval=1 - fi - - if [ "$retval" -ne 0 ]; then - cache_cleanup - fi - - return "$retval" -} - -install_bin() { - # shellcheck disable=SC2039 - local dest="$1" - install -d -m0755 "$dest/$GO_INSTALL_BIN_PATH" - install -m0755 "$GO_BUILD_BIN_DIR"/* "$dest/$GO_INSTALL_BIN_PATH/" -} - -install_src() { - # shellcheck disable=SC2039 - local dest="$1" dir="${GO_PKG%/*}" - install -d -m0755 "$dest/$GO_BUILD_DEPENDS_PATH/src/$dir" - cp -fpR "$GO_BUILD_DIR/src/$GO_PKG" "$dest/$GO_BUILD_DEPENDS_PATH/src/$dir/" -} - -cache_cleanup() { - if ! [ -d "$GO_MOD_CACHE_DIR" ]; then - return 0 - fi - - # in case go is called without -modcacherw - find "$GO_MOD_CACHE_DIR" -type d -not -perm -u+w -exec chmod u+w '{}' + - - if [ -n "$CONFIG_GOLANG_MOD_CACHE_WORLD_READABLE" ]; then - find "$GO_MOD_CACHE_DIR" -type d -not -perm -go+rx -exec chmod go+rx '{}' + - find "$GO_MOD_CACHE_DIR" -not -type d -not -perm -go+r -exec chmod go+r '{}' + - fi - - return 0 -} - - -if [ "$#" -lt 1 ]; then - log_error "Missing command" - exit 1 -fi - -command="$1" -shift 1 - -case "$command" in - configure) - configure - ;; - build) - build "$@" - ;; - install_bin) - install_bin "$@" - ;; - install_src) - install_src "$@" - ;; - cache_cleanup) - cache_cleanup - ;; - *) - log_error "Invalid command \"$command\"" - exit 1 - ;; -esac diff --git a/golang/golang-compiler.mk b/golang/golang-compiler.mk deleted file mode 100644 index e8b4b9156..000000000 --- a/golang/golang-compiler.mk +++ /dev/null @@ -1,188 +0,0 @@ -# -# Copyright (C) 2018, 2020 Jeffery To -# -# This is free software, licensed under the GNU General Public License v2. -# See /LICENSE for more information. -# - -ifeq ($(origin GO_INCLUDE_DIR),undefined) - GO_INCLUDE_DIR:=$(dir $(lastword $(MAKEFILE_LIST))) -endif - -include $(GO_INCLUDE_DIR)/golang-values.mk - - -# $(1) valid GOOS_GOARCH combinations -# $(2) go version id -define GoCompiler/Default/CheckHost - $(if $(filter $(GO_HOST_OS_ARCH),$(1)),,$(error go-$(2) cannot be installed on $(GO_HOST_OS)/$(GO_HOST_ARCH))) -endef - -# $(1) source go root -# $(2) destination prefix -# $(3) go version id -# $(4) additional environment variables (optional) -define GoCompiler/Default/Make - ( \ - cd "$(1)/src" ; \ - $(if $(2),GOROOT_FINAL="$(2)/lib/go-$(3)") \ - $(4) \ - $(BASH) make.bash --no-banner ; \ - ) -endef - -# $(1) destination prefix -# $(2) go version id -define GoCompiler/Default/Install/make-dirs - $(INSTALL_DIR) "$(1)/lib/go-$(2)" - $(INSTALL_DIR) "$(1)/share/go-$(2)" -endef - -# $(1) source go root -# $(2) destination prefix -# $(3) go version id -# $(4) file/directory name -define GoCompiler/Default/Install/install-share-data - $(CP) "$(1)/$(4)" "$(2)/share/go-$(3)/" - $(LN) "../../share/go-$(3)/$(4)" "$(2)/lib/go-$(3)/" -endef - -# $(1) source go root -# $(2) destination prefix -# $(3) go version id -# $(4) GOOS_GOARCH -# $(5) install suffix (optional) -define GoCompiler/Default/Install/Bin - $(call GoCompiler/Default/Install/make-dirs,$(2),$(3)) - - $(call GoCompiler/Default/Install/install-share-data,$(1),$(2),$(3),api) - - $(INSTALL_DATA) -p "$(1)/VERSION" "$(2)/lib/go-$(3)/" - - for file in AUTHORS CONTRIBUTING.md CONTRIBUTORS LICENSE PATENTS README.md SECURITY.md; do \ - if [ -f "$(1)/$$$$file" ]; then \ - $(INSTALL_DATA) -p "$(1)/$$$$file" "$(2)/share/go-$(3)/" ; \ - fi ; \ - done - - $(INSTALL_DIR) "$(2)/lib/go-$(3)/bin" - - ifeq ($(4),$(GO_HOST_OS_ARCH)) - $(INSTALL_BIN) -p "$(1)/bin"/* "$(2)/lib/go-$(3)/bin/" - else - $(INSTALL_BIN) -p "$(1)/bin/$(4)"/* "$(2)/lib/go-$(3)/bin/" - endif - - $(INSTALL_DIR) "$(2)/lib/go-$(3)/pkg" - $(CP) "$(1)/pkg/$(4)$(if $(5),_$(5))" "$(2)/lib/go-$(3)/pkg/" - - $(INSTALL_DIR) "$(2)/lib/go-$(3)/pkg/tool/$(4)" - $(INSTALL_BIN) -p "$(1)/pkg/tool/$(4)"/* "$(2)/lib/go-$(3)/pkg/tool/$(4)/" -endef - -# $(1) destination prefix -# $(2) go version id -define GoCompiler/Default/Install/BinLinks - $(INSTALL_DIR) "$(1)/bin" - $(LN) "../lib/go-$(2)/bin/go" "$(1)/bin/go" - $(LN) "../lib/go-$(2)/bin/gofmt" "$(1)/bin/gofmt" -endef - -# $(1) source go root -# $(2) destination prefix -# $(3) go version id -define GoCompiler/Default/Install/Doc - $(call GoCompiler/Default/Install/make-dirs,$(2),$(3)) - - $(call GoCompiler/Default/Install/install-share-data,$(1),$(2),$(3),doc) - $(call GoCompiler/Default/Install/install-share-data,$(1),$(2),$(3),favicon.ico) - $(call GoCompiler/Default/Install/install-share-data,$(1),$(2),$(3),robots.txt) -endef - -# $(1) source go root -# $(2) destination prefix -# $(3) go version id -define GoCompiler/Default/Install/Src - $(call GoCompiler/Default/Install/make-dirs,$(2),$(3)) - - $(call GoCompiler/Default/Install/install-share-data,$(1),$(2),$(3),lib) - $(call GoCompiler/Default/Install/install-share-data,$(1),$(2),$(3),misc) - $(call GoCompiler/Default/Install/install-share-data,$(1),$(2),$(3),src) - $(call GoCompiler/Default/Install/install-share-data,$(1),$(2),$(3),test) - - $(FIND) \ - "$(2)/share/go-$(3)/src/" \ - \! -type d -a \( -name "*.bat" -o -name "*.rc" \) \ - -delete - - if [ -d "$(1)/pkg/include" ]; then \ - $(INSTALL_DIR) "$(2)/lib/go-$(3)/pkg" ; \ - $(INSTALL_DIR) "$(2)/share/go-$(3)/pkg" ; \ - $(CP) "$(1)/pkg/include" "$(2)/share/go-$(3)/pkg/" ; \ - $(LN) "../../../share/go-$(3)/pkg/include" "$(2)/lib/go-$(3)/pkg/" ; \ - fi -endef - -# $(1) destination prefix -# $(2) go version id -define GoCompiler/Default/Uninstall - rm -rf "$(1)/lib/go-$(2)" - rm -rf "$(1)/share/go-$(2)" -endef - -# $(1) destination prefix -define GoCompiler/Default/Uninstall/BinLinks - rm -f "$(1)/bin/go" - rm -f "$(1)/bin/gofmt" -endef - - -# $(1) profile name -# $(2) source go root -# $(3) destination prefix -# $(4) go version id -# $(5) GOOS_GOARCH -# $(6) install suffix (optional) -define GoCompiler/AddProfile - - # $$(1) valid GOOS_GOARCH combinations - define GoCompiler/$(1)/CheckHost - $$(call GoCompiler/Default/CheckHost,$$(1),$(4)) - endef - - # $$(1) additional environment variables (optional) - define GoCompiler/$(1)/Make - $$(call GoCompiler/Default/Make,$(2),$(3),$(4),$$(1)) - endef - - # $$(1) override install prefix (optional) - define GoCompiler/$(1)/Install/Bin - $$(call GoCompiler/Default/Install/Bin,$(2),$$(or $$(1),$(3)),$(4),$(5),$(6)) - endef - - # $$(1) override install prefix (optional) - define GoCompiler/$(1)/Install/BinLinks - $$(call GoCompiler/Default/Install/BinLinks,$$(or $$(1),$(3)),$(4)) - endef - - # $$(1) override install prefix (optional) - define GoCompiler/$(1)/Install/Doc - $$(call GoCompiler/Default/Install/Doc,$(2),$$(or $$(1),$(3)),$(4)) - endef - - # $$(1) override install prefix (optional) - define GoCompiler/$(1)/Install/Src - $$(call GoCompiler/Default/Install/Src,$(2),$$(or $$(1),$(3)),$(4)) - endef - - # $$(1) override install prefix (optional) - define GoCompiler/$(1)/Uninstall - $$(call GoCompiler/Default/Uninstall,$$(or $$(1),$(3)),$(4)) - endef - - # $$(1) override install prefix (optional) - define GoCompiler/$(1)/Uninstall/BinLinks - $$(call GoCompiler/Default/Uninstall/BinLinks,$$(or $$(1),$(3))) - endef - -endef diff --git a/golang/golang-host-build.mk b/golang/golang-host-build.mk deleted file mode 100644 index ee4f1ea31..000000000 --- a/golang/golang-host-build.mk +++ /dev/null @@ -1,220 +0,0 @@ -# -# Copyright (C) 2020 Jeffery To -# -# This is free software, licensed under the GNU General Public License v2. -# See /LICENSE for more information. -# - -ifeq ($(origin GO_INCLUDE_DIR),undefined) - GO_INCLUDE_DIR:=$(dir $(lastword $(MAKEFILE_LIST))) -endif - -include $(GO_INCLUDE_DIR)/golang-values.mk - - -# these variables have the same meanings as in golang-package.mk -GO_HOST_INSTALL_EXTRA?=$(GO_PKG_INSTALL_EXTRA) -GO_HOST_INSTALL_ALL?=$(GO_PKG_INSTALL_ALL) -GO_HOST_SOURCE_ONLY?=$(GO_PKG_SOURCE_ONLY) -GO_HOST_BUILD_PKG?=$(GO_PKG_BUILD_PKG) -GO_HOST_EXCLUDES?=$(GO_PKG_EXCLUDES) -GO_HOST_GO_GENERATE?=$(GO_PKG_GO_GENERATE) -GO_HOST_GCFLAGS?=$(GO_PKG_GCFLAGS) -GO_HOST_LDFLAGS?=$(GO_PKG_LDFLAGS) -GO_HOST_LDFLAGS_X?=$(GO_PKG_LDFLAGS_X) -GO_HOST_TAGS?=$(GO_PKG_TAGS) -GO_HOST_INSTALL_BIN_PATH?=/bin - - -# need to repeat this here in case golang-package.mk is not included -GO_PKG_BUILD_PKG?=$(strip $(GO_PKG))/... - -GO_HOST_WORK_DIR_NAME:=.go_work -GO_HOST_BUILD_DIR=$(HOST_BUILD_DIR)/$(GO_HOST_WORK_DIR_NAME)/build -GO_HOST_BUILD_BIN_DIR=$(GO_HOST_BUILD_DIR)/bin - -GO_HOST_BUILD_DEPENDS_PATH:=/share/gocode -GO_HOST_BUILD_DEPENDS_SRC=$(STAGING_DIR_HOSTPKG)$(GO_HOST_BUILD_DEPENDS_PATH)/src - -GO_HOST_DIR_NAME:=$(lastword $(subst /,$(space),$(CURDIR))) -GO_HOST_STAGING_DIR:=$(TMP_DIR)/host-stage-$(GO_HOST_DIR_NAME) -GO_HOST_STAGING_FILES_LIST_DIR:=$(HOST_BUILD_PREFIX)/stamp -GO_HOST_BIN_STAGING_FILES_LIST:=$(GO_HOST_STAGING_FILES_LIST_DIR)/$(GO_HOST_DIR_NAME)-bin.list -GO_HOST_SRC_STAGING_FILES_LIST:=$(GO_HOST_STAGING_FILES_LIST_DIR)/$(GO_HOST_DIR_NAME)-src.list - -ifeq ($(GO_HOST_PIE_SUPPORTED),1) - GO_HOST_ENABLE_PIE:=1 -endif - -GO_HOST_BUILD_CONFIG_VARS= \ - GO_PKG="$(strip $(GO_PKG))" \ - GO_INSTALL_EXTRA="$(strip $(GO_HOST_INSTALL_EXTRA))" \ - GO_INSTALL_ALL="$(strip $(GO_HOST_INSTALL_ALL))" \ - GO_SOURCE_ONLY="$(strip $(GO_HOST_SOURCE_ONLY))" \ - GO_BUILD_PKG="$(strip $(GO_HOST_BUILD_PKG))" \ - GO_EXCLUDES="$(strip $(GO_HOST_EXCLUDES))" \ - GO_GO_GENERATE="$(strip $(GO_HOST_GO_GENERATE))" \ - GO_INSTALL_BIN_PATH="$(strip $(GO_HOST_INSTALL_BIN_PATH))" \ - BUILD_DIR="$(HOST_BUILD_DIR)" \ - GO_BUILD_DIR="$(GO_HOST_BUILD_DIR)" \ - GO_BUILD_BIN_DIR="$(GO_HOST_BUILD_BIN_DIR)" \ - GO_BUILD_DEPENDS_PATH="$(GO_HOST_BUILD_DEPENDS_PATH)" \ - GO_BUILD_DEPENDS_SRC="$(GO_HOST_BUILD_DEPENDS_SRC)" - -GO_HOST_MORE_CFLAGS?= \ - -Wformat -Werror=format-security \ - -fstack-protector-strong \ - -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 \ - -Wl,-z,now -Wl,-z,relro \ - $(if $(GO_HOST_ENABLE_PIE),$(FPIC)) - -GO_HOST_MORE_LDFLAGS?= \ - -znow -zrelro \ - $(if $(GO_HOST_ENABLE_PIE),$(FPIC) -specs=$(INCLUDE_DIR)/hardened-ld-pie.specs) - -GO_HOST_TARGET_VARS= \ - CGO_ENABLED=1 \ - CC=gcc \ - CXX=g++ \ - PKG_CONFIG=pkg-config \ - CGO_CFLAGS="$(HOST_CFLAGS) $(GO_HOST_MORE_CFLAGS)" \ - CGO_CPPFLAGS="$(HOST_CPPFLAGS) $(GO_HOST_MORE_CPPFLAGS)" \ - CGO_CXXFLAGS="$(HOST_CFLAGS) $(GO_HOST_MORE_CFLAGS)" \ - CGO_LDFLAGS="$(HOST_LDFLAGS) $(GO_HOST_MORE_LDFLAGS)" \ - GO_GCC_HELPER_CC="$(HOSTCC)" \ - GO_GCC_HELPER_CXX="$(HOSTCXX)" \ - GO_GCC_HELPER_PATH="$$$$PATH" \ - PATH="$(STAGING_DIR_HOSTPKG)/lib/go-cross/openwrt:$$$$PATH" - -GO_HOST_BUILD_VARS= \ - GOPATH="$(GO_HOST_BUILD_DIR)" \ - GOCACHE="$(GO_BUILD_CACHE_DIR)" \ - GOMODCACHE="$(GO_MOD_CACHE_DIR)" \ - GOENV=off - -GO_HOST_VARS= \ - $(GO_HOST_TARGET_VARS) \ - $(GO_HOST_BUILD_VARS) - -GO_HOST_DEFAULT_LDFLAGS= \ - -linkmode external \ - -extldflags '$(patsubst -z%,-Wl$(comma)-z$(comma)%,$(HOST_LDFLAGS) $(GO_HOST_MORE_LDFLAGS))' - -GO_HOST_CUSTOM_LDFLAGS= \ - $(GO_HOST_LDFLAGS) \ - $(patsubst %,-X %,$(GO_HOST_LDFLAGS_X)) - -GO_HOST_INSTALL_ARGS= \ - -v \ - -ldflags "all=$(GO_HOST_DEFAULT_LDFLAGS)" \ - $(if $(filter $(GO_HOST_ENABLE_PIE),1),-buildmode pie) \ - $(if $(GO_HOST_GCFLAGS),-gcflags "$(GO_HOST_GCFLAGS)") \ - $(if $(GO_HOST_CUSTOM_LDFLAGS),-ldflags "$(GO_HOST_CUSTOM_LDFLAGS) $(GO_HOST_DEFAULT_LDFLAGS)") \ - $(if $(GO_HOST_TAGS),-tags "$(GO_HOST_TAGS)") - -define GoHost/Host/Configure - $(GO_GENERAL_BUILD_CONFIG_VARS) \ - $(GO_HOST_BUILD_CONFIG_VARS) \ - $(SHELL) $(GO_INCLUDE_DIR)/golang-build.sh configure -endef - -# $(1) additional arguments for go command line (optional) -define GoHost/Host/Compile - $(GO_GENERAL_BUILD_CONFIG_VARS) \ - $(GO_HOST_BUILD_CONFIG_VARS) \ - $(GO_HOST_VARS) \ - $(SHELL) $(GO_INCLUDE_DIR)/golang-build.sh build $(GO_HOST_INSTALL_ARGS) $(1) -endef - -define GoHost/Host/Install/Bin - rm -rf "$(GO_HOST_STAGING_DIR)" - mkdir -p "$(GO_HOST_STAGING_DIR)" "$(GO_HOST_STAGING_FILES_LIST_DIR)" - - $(GO_GENERAL_BUILD_CONFIG_VARS) \ - $(GO_HOST_BUILD_CONFIG_VARS) \ - $(SHELL) $(GO_INCLUDE_DIR)/golang-build.sh install_bin "$(GO_HOST_STAGING_DIR)" - - if [ -f "$(GO_HOST_BIN_STAGING_FILES_LIST)" ]; then \ - "$(SCRIPT_DIR)/clean-package.sh" \ - "$(GO_HOST_BIN_STAGING_FILES_LIST)" \ - "$(1)" ; \ - fi - - cd "$(GO_HOST_STAGING_DIR)" && find ./ > "$(GO_HOST_STAGING_DIR).files" - - $(call locked, \ - mv "$(GO_HOST_STAGING_DIR).files" "$(GO_HOST_BIN_STAGING_FILES_LIST)" && \ - $(CP) "$(GO_HOST_STAGING_DIR)"/* "$(1)/", \ - host-staging-dir \ - ) - - rm -rf "$(GO_HOST_STAGING_DIR)" -endef - -define GoHost/Host/Install/Src - rm -rf "$(GO_HOST_STAGING_DIR)" - mkdir -p "$(GO_HOST_STAGING_DIR)" "$(GO_HOST_STAGING_FILES_LIST_DIR)" - - $(GO_GENERAL_BUILD_CONFIG_VARS) \ - $(GO_HOST_BUILD_CONFIG_VARS) \ - $(SHELL) $(GO_INCLUDE_DIR)/golang-build.sh install_src "$(GO_HOST_STAGING_DIR)" - - if [ -f "$(GO_HOST_SRC_STAGING_FILES_LIST)" ]; then \ - "$(SCRIPT_DIR)/clean-package.sh" \ - "$(GO_HOST_SRC_STAGING_FILES_LIST)" \ - "$(1)" ; \ - fi - - cd "$(GO_HOST_STAGING_DIR)" && find ./ > "$(GO_HOST_STAGING_DIR).files" - - $(call locked, \ - mv "$(GO_HOST_STAGING_DIR).files" "$(GO_HOST_SRC_STAGING_FILES_LIST)" && \ - $(CP) "$(GO_HOST_STAGING_DIR)"/* "$(1)/", \ - host-staging-dir \ - ) - - rm -rf "$(GO_HOST_STAGING_DIR)" -endef - -define GoHost/Host/Install - $(if $(filter $(GO_HOST_SOURCE_ONLY),1),, \ - $(call GoHost/Host/Install/Bin,$(1)) \ - ) - $(call GoHost/Host/Install/Src,$(1)) -endef - -define GoHost/Host/Uninstall - if [ -f "$(GO_HOST_BIN_STAGING_FILES_LIST)" ]; then \ - "$(SCRIPT_DIR)/clean-package.sh" \ - "$(GO_HOST_BIN_STAGING_FILES_LIST)" \ - "$(HOST_BUILD_PREFIX)" ; \ - rm -f "$(GO_HOST_BIN_STAGING_FILES_LIST)" ; \ - fi - - if [ -f "$(GO_HOST_SRC_STAGING_FILES_LIST)" ]; then \ - "$(SCRIPT_DIR)/clean-package.sh" \ - "$(GO_HOST_SRC_STAGING_FILES_LIST)" \ - "$(HOST_BUILD_PREFIX)" ; \ - rm -f "$(GO_HOST_SRC_STAGING_FILES_LIST)" ; \ - fi -endef - - -ifneq ($(strip $(GO_PKG)),) - Host/Configure=$(call GoHost/Host/Configure) - Host/Compile=$(call GoHost/Host/Compile) - Hooks/HostCompile/Post+=Go/CacheCleanup - Host/Uninstall=$(call GoHost/Host/Uninstall,$(1)) -endif - -define GoHostBuild - Host/Install=$$(call GoHost/Host/Install,$$(1)) -endef - -define GoBinHostBuild - Host/Install=$$(call GoHost/Host/Install/Bin,$$(1)) -endef - -define GoSrcHostBuild - Host/Install=$$(call GoHost/Host/Install/Src,$$(1)) -endef diff --git a/golang/golang-package.mk b/golang/golang-package.mk deleted file mode 100644 index 7144a4524..000000000 --- a/golang/golang-package.mk +++ /dev/null @@ -1,327 +0,0 @@ -# -# Copyright (C) 2018-2020 Jeffery To -# -# This is free software, licensed under the GNU General Public License v2. -# See /LICENSE for more information. -# - -ifeq ($(origin GO_INCLUDE_DIR),undefined) - GO_INCLUDE_DIR:=$(dir $(lastword $(MAKEFILE_LIST))) -endif - -include $(GO_INCLUDE_DIR)/golang-values.mk - - -# Variables (all optional, except GO_PKG) to be set in package -# Makefiles: -# -# GO_PKG (required) - name of Go package -# -# Go name of the package. -# -# e.g. GO_PKG:=golang.org/x/text -# -# -# GO_PKG_INSTALL_EXTRA - list of regular expressions, default empty -# -# Additional files/directories to install. By default, only these -# files are installed: -# -# * Files with one of these extensions: -# .go, .c, .cc, .cpp, .h, .hh, .hpp, .proto, .s -# -# * Files in any 'testdata' directory -# -# * go.mod and go.sum, in any directory -# -# e.g. GO_PKG_INSTALL_EXTRA:=example.toml marshal_test.toml -# -# -# GO_PKG_INSTALL_ALL - boolean (0 or 1), default false -# -# If true, install all files regardless of extension or directory. -# -# e.g. GO_PKG_INSTALL_ALL:=1 -# -# -# GO_PKG_SOURCE_ONLY - boolean (0 or 1), default false -# -# If true, 'go install' will not be called. If the package does not -# (or should not) build any binaries, then specifying this option will -# save build time. -# -# e.g. GO_PKG_SOURCE_ONLY:=1 -# -# -# GO_PKG_BUILD_PKG - list of build targets, default GO_PKG/... -# -# Build targets for compiling this Go package, i.e. arguments passed -# to 'go install'. -# -# e.g. GO_PKG_BUILD_PKG:=github.com/debian/ratt/cmd/... -# -# -# GO_PKG_EXCLUDES - list of regular expressions, default empty -# -# Patterns to exclude from the build targets expanded from -# GO_PKG_BUILD_PKG. -# -# e.g. GO_PKG_EXCLUDES:=examples/ -# -# -# GO_PKG_GO_GENERATE - boolean (0 or 1), default false -# -# If true, 'go generate' will be called on all build targets (as -# determined by GO_PKG_BUILD_PKG and GO_PKG_EXCLUDES). This is usually -# not necessary. -# -# e.g. GO_PKG_GO_GENERATE:=1 -# -# -# GO_PKG_GCFLAGS - list of options, default empty -# -# Additional go tool compile options to use when building targets. -# -# e.g. GO_PKG_GCFLAGS:=-N -l -# -# -# GO_PKG_LDFLAGS - list of options, default empty -# -# Additional go tool link options to use when building targets. -# -# Note that the OpenWrt build system has an option to strip binaries -# (enabled by default), so -s (Omit the symbol table and debug -# information) and -w (Omit the DWARF symbol table) flags are not -# necessary. -# -# e.g. GO_PKG_LDFLAGS:=-r dir1:dir2 -u -# -# -# GO_PKG_LDFLAGS_X - list of string variable definitions, default empty -# -# Each definition will be passed as the parameter to the -X go tool -# link option, i.e. -ldflags "-X importpath.name=value". -# -# e.g. GO_PKG_LDFLAGS_X:=main.Version=$(PKG_VERSION) main.BuildStamp=$(SOURCE_DATE_EPOCH) -# -# -# GO_PKG_TAGS - list of build tags, default empty -# -# Build tags to consider satisfied during the build, passed as the -# parameter to the -tags option for 'go install'. -# -# e.g. GO_PKG_TAGS:=release,noupgrade -# -# -# GO_PKG_INSTALL_BIN_PATH - target directory path, default /usr/bin -# -# Directory path under "dest_dir" where binaries will be installed by -# '$(call GoPackage/Package/Install/Bin,dest_dir)'. -# -# e.g. GO_PKG_INSTALL_BIN_PATH:=/sbin - -# Credit for this package build process (GoPackage/Build/Configure and -# GoPackage/Build/Compile) belong to Debian's dh-golang completely. -# https://salsa.debian.org/go-team/packages/dh-golang - - -GO_PKG_BUILD_PKG?=$(strip $(GO_PKG))/... -GO_PKG_INSTALL_BIN_PATH?=/usr/bin - -GO_PKG_WORK_DIR_NAME:=.go_work -GO_PKG_BUILD_DIR=$(PKG_BUILD_DIR)/$(GO_PKG_WORK_DIR_NAME)/build -GO_PKG_BUILD_BIN_DIR=$(GO_PKG_BUILD_DIR)/bin$(if $(GO_HOST_TARGET_DIFFERENT),/$(GO_OS_ARCH)) - -GO_PKG_BUILD_DEPENDS_PATH:=/usr/share/gocode -GO_PKG_BUILD_DEPENDS_SRC=$(STAGING_DIR)$(GO_PKG_BUILD_DEPENDS_PATH)/src - -ifdef CONFIG_PKG_ASLR_PIE_ALL - ifeq ($(strip $(PKG_ASLR_PIE)),1) - ifeq ($(GO_TARGET_PIE_SUPPORTED),1) - GO_PKG_ENABLE_PIE:=1 - else - $(warning PIE buildmode is not supported for $(GO_OS)/$(GO_ARCH)) - endif - endif -endif - -ifdef CONFIG_PKG_ASLR_PIE_REGULAR - ifeq ($(strip $(PKG_ASLR_PIE_REGULAR)),1) - ifeq ($(GO_TARGET_PIE_SUPPORTED),1) - GO_PKG_ENABLE_PIE:=1 - else - $(warning PIE buildmode is not supported for $(GO_OS)/$(GO_ARCH)) - endif - endif -endif - -ifdef CONFIG_GOLANG_SPECTRE - ifeq ($(GO_TARGET_SPECTRE_SUPPORTED),1) - GO_PKG_ENABLE_SPECTRE:=1 - else - $(warning Spectre mitigations are not supported for $(GO_ARCH)) - endif -endif - -# sstrip causes corrupted section header size -ifneq ($(CONFIG_USE_SSTRIP),) - ifneq ($(CONFIG_DEBUG),) - GO_PKG_STRIP_ARGS:=--strip-unneeded --remove-section=.comment --remove-section=.note - else - GO_PKG_STRIP_ARGS:=--strip-all - endif - STRIP:=$(TARGET_CROSS)strip $(GO_PKG_STRIP_ARGS) -endif - -define GoPackage/GoSubMenu - SUBMENU:=Go - SECTION:=lang - CATEGORY:=Languages -endef - -GO_PKG_BUILD_CONFIG_VARS= \ - GO_PKG="$(strip $(GO_PKG))" \ - GO_INSTALL_EXTRA="$(strip $(GO_PKG_INSTALL_EXTRA))" \ - GO_INSTALL_ALL="$(strip $(GO_PKG_INSTALL_ALL))" \ - GO_SOURCE_ONLY="$(strip $(GO_PKG_SOURCE_ONLY))" \ - GO_BUILD_PKG="$(strip $(GO_PKG_BUILD_PKG))" \ - GO_EXCLUDES="$(strip $(GO_PKG_EXCLUDES))" \ - GO_GO_GENERATE="$(strip $(GO_PKG_GO_GENERATE))" \ - GO_INSTALL_BIN_PATH="$(strip $(GO_PKG_INSTALL_BIN_PATH))" \ - BUILD_DIR="$(PKG_BUILD_DIR)" \ - GO_BUILD_DIR="$(GO_PKG_BUILD_DIR)" \ - GO_BUILD_BIN_DIR="$(GO_PKG_BUILD_BIN_DIR)" \ - GO_BUILD_DEPENDS_PATH="$(GO_PKG_BUILD_DEPENDS_PATH)" \ - GO_BUILD_DEPENDS_SRC="$(GO_PKG_BUILD_DEPENDS_SRC)" - -GO_PKG_TARGET_VARS= \ - GOOS="$(GO_OS)" \ - GOARCH="$(GO_ARCH)" \ - GO386="$(GO_386)" \ - GOARM="$(GO_ARM)" \ - GOMIPS="$(GO_MIPS)" \ - GOMIPS64="$(GO_MIPS64)" \ - CGO_ENABLED=1 \ - CC="$(TARGET_CC)" \ - CXX="$(TARGET_CXX)" \ - CGO_CFLAGS="$(filter-out $(GO_CFLAGS_TO_REMOVE),$(TARGET_CFLAGS))" \ - CGO_CPPFLAGS="$(TARGET_CPPFLAGS)" \ - CGO_CXXFLAGS="$(filter-out $(GO_CFLAGS_TO_REMOVE),$(TARGET_CXXFLAGS))" \ - CGO_LDFLAGS="$(TARGET_LDFLAGS)" - -GO_PKG_BUILD_VARS= \ - GOPATH="$(GO_PKG_BUILD_DIR)" \ - GOCACHE="$(GO_BUILD_CACHE_DIR)" \ - GOMODCACHE="$(GO_MOD_CACHE_DIR)" \ - GOENV=off - -GO_PKG_VARS= \ - $(GO_PKG_TARGET_VARS) \ - $(GO_PKG_BUILD_VARS) - -GO_PKG_DEFAULT_GCFLAGS= \ - $(if $(GO_PKG_ENABLE_SPECTRE),-spectre all) - -GO_PKG_DEFAULT_ASMFLAGS= \ - $(if $(GO_PKG_ENABLE_SPECTRE),-spectre all) - -GO_PKG_DEFAULT_LDFLAGS= \ - -buildid '$(SOURCE_DATE_EPOCH)' \ - -linkmode external \ - -extldflags '$(patsubst -z%,-Wl$(comma)-z$(comma)%,$(TARGET_LDFLAGS))' - -GO_PKG_CUSTOM_LDFLAGS= \ - $(GO_PKG_LDFLAGS) \ - $(patsubst %,-X %,$(GO_PKG_LDFLAGS_X)) - -GO_PKG_INSTALL_ARGS= \ - -v \ - -trimpath \ - -ldflags "all=$(GO_PKG_DEFAULT_LDFLAGS)" \ - $(if $(GO_PKG_DEFAULT_GCFLAGS),-gcflags "all=$(GO_PKG_DEFAULT_GCFLAGS)") \ - $(if $(GO_PKG_DEFAULT_ASMFLAGS),-asmflags "all=$(GO_PKG_DEFAULT_ASMFLAGS)") \ - $(if $(filter $(GO_PKG_ENABLE_PIE),1),-buildmode pie) \ - $(if $(filter $(GO_ARCH),arm),-installsuffix "v$(GO_ARM)") \ - $(if $(filter $(GO_ARCH),mips mipsle),-installsuffix "$(GO_MIPS)") \ - $(if $(filter $(GO_ARCH),mips64 mips64le),-installsuffix "$(GO_MIPS64)") \ - $(if $(GO_PKG_GCFLAGS),-gcflags "$(GO_PKG_GCFLAGS) $(GO_PKG_DEFAULT_GCFLAGS)") \ - $(if $(GO_PKG_CUSTOM_LDFLAGS),-ldflags "$(GO_PKG_CUSTOM_LDFLAGS) $(GO_PKG_DEFAULT_LDFLAGS)") \ - $(if $(GO_PKG_TAGS),-tags "$(GO_PKG_TAGS)") - -define GoPackage/Build/Configure - $(GO_GENERAL_BUILD_CONFIG_VARS) \ - $(GO_PKG_BUILD_CONFIG_VARS) \ - $(SHELL) $(GO_INCLUDE_DIR)/golang-build.sh configure -endef - -# $(1) additional arguments for go command line (optional) -define GoPackage/Build/Compile - $(GO_GENERAL_BUILD_CONFIG_VARS) \ - $(GO_PKG_BUILD_CONFIG_VARS) \ - $(GO_PKG_VARS) \ - $(SHELL) $(GO_INCLUDE_DIR)/golang-build.sh build $(GO_PKG_INSTALL_ARGS) $(1) -endef - -define GoPackage/Build/InstallDev - $(call GoPackage/Package/Install/Src,$(1)) -endef - -define GoPackage/Package/Install/Bin - $(GO_GENERAL_BUILD_CONFIG_VARS) \ - $(GO_PKG_BUILD_CONFIG_VARS) \ - $(SHELL) $(GO_INCLUDE_DIR)/golang-build.sh install_bin "$(1)" -endef - -define GoPackage/Package/Install/Src - $(GO_GENERAL_BUILD_CONFIG_VARS) \ - $(GO_PKG_BUILD_CONFIG_VARS) \ - $(SHELL) $(GO_INCLUDE_DIR)/golang-build.sh install_src "$(1)" -endef - -define GoPackage/Package/Install - $(if $(filter $(GO_PKG_SOURCE_ONLY),1),, \ - $(call GoPackage/Package/Install/Bin,$(1)) \ - ) - $(call GoPackage/Package/Install/Src,$(1)) -endef - - -ifneq ($(strip $(GO_PKG)),) - ifeq ($(GO_TARGET_SPECTRE_SUPPORTED),1) - PKG_CONFIG_DEPENDS+=CONFIG_GOLANG_SPECTRE - endif - - Build/Configure=$(call GoPackage/Build/Configure) - Build/Compile=$(call GoPackage/Build/Compile) - Hooks/Compile/Post+=Go/CacheCleanup - Build/InstallDev=$(call GoPackage/Build/InstallDev,$(1)) -endif - -define GoPackage - ifndef Package/$(1)/install - Package/$(1)/install=$$(call GoPackage/Package/Install,$$(1)) - endif -endef - -define GoBinPackage - ifndef Package/$(1)/install - Package/$(1)/install=$$(call GoPackage/Package/Install/Bin,$$(1)) - endif -endef - -define GoSrcPackage - ifndef Package/$(1)/install - Package/$(1)/install=$$(call GoPackage/Package/Install/Src,$$(1)) - endif -endef - - -# Deprecated variables - these will be removed after the next OpenWrt release -GO_PKG_PATH=$(GO_PKG_BUILD_DEPENDS_PATH) -GO_PKG_WORK_DIR=$(PKG_BUILD_DIR)/$(GO_PKG_WORK_DIR_NAME) -GO_PKG_CACHE_DIR=$(GO_BUILD_CACHE_DIR) -GO_PKG_DEFAULT_VARS=$(GO_PKG_VARS) -GoPackage/Environment=$(GO_PKG_VARS) -GoPackage/is_dir_not_empty=$$$$($(FIND) "$(1)" -maxdepth 0 -type d \! -empty 2>/dev/null) -GoPackage/has_binaries=$(call GoPackage/is_dir_not_empty,$(GO_PKG_BUILD_BIN_DIR)) -# End of deprecated variables diff --git a/golang/golang-values.mk b/golang/golang-values.mk deleted file mode 100644 index 34c9c1c65..000000000 --- a/golang/golang-values.mk +++ /dev/null @@ -1,256 +0,0 @@ -# -# Copyright (C) 2018, 2020 Jeffery To -# -# This is free software, licensed under the GNU General Public License v2. -# See /LICENSE for more information. -# - -ifeq ($(origin GO_INCLUDE_DIR),undefined) - GO_INCLUDE_DIR:=$(dir $(lastword $(MAKEFILE_LIST))) -endif - - -# Unset environment variables -# There are more magic variables to track down, but ain't nobody got time for that - -# From https://pkg.go.dev/cmd/go#hdr-Environment_variables - -# General-purpose environment variables: -unexport \ - GO111MODULE \ - GCCGO \ - GOARCH \ - GOBIN \ - GOCACHE \ - GOMODCACHE \ - GODEBUG \ - GOENV \ - GOFLAGS \ - GOOS \ - GOPATH \ - GOROOT \ - GOTMPDIR -# Unmodified: -# GOINSECURE -# GOPRIVATE -# GOPROXY -# GONOPROXY -# GOSUMDB -# GONOSUMDB -# GOVCS - -# Environment variables for use with cgo: -unexport \ - AR \ - CC \ - CGO_ENABLED \ - CGO_CFLAGS CGO_CFLAGS_ALLOW CGO_CFLAGS_DISALLOW \ - CGO_CPPFLAGS CGO_CPPFLAGS_ALLOW CGO_CPPFLAGS_DISALLOW \ - CGO_CXXFLAGS CGO_CXXFLAGS_ALLOW CGO_CXXFLAGS_DISALLOW \ - CGO_FFLAGS CGO_FFLAGS_ALLOW CGO_FFLAGS_DISALLOW \ - CGO_LDFLAGS CGO_LDFLAGS_ALLOW CGO_LDFLAGS_DISALLOW \ - CXX \ - FC -# Unmodified: -# PKG_CONFIG - -# Architecture-specific environment variables: -unexport \ - GOARM \ - GO386 \ - GOMIPS \ - GOMIPS64 \ - GOWASM - -# Special-purpose environment variables: -unexport \ - GCCGOTOOLDIR \ - GOEXPERIMENT \ - GOROOT_FINAL \ - GO_EXTLINK_ENABLED -# Unmodified: -# GIT_ALLOW_PROTOCOL - -# From https://pkg.go.dev/runtime#hdr-Environment_Variables -unexport \ - GOGC \ - GOMAXPROCS \ - GORACE \ - GOTRACEBACK - -# From https://pkg.go.dev/cmd/cgo#hdr-Using_cgo_with_the_go_command -unexport \ - CC_FOR_TARGET \ - CXX_FOR_TARGET -# Todo: -# CC_FOR_${GOOS}_${GOARCH} -# CXX_FOR_${GOOS}_${GOARCH} - -# From https://golang.org/doc/install/source#environment -unexport \ - GOHOSTOS \ - GOHOSTARCH \ - GOPPC64 - -# From https://golang.org/src/make.bash -unexport \ - GO_GCFLAGS \ - GO_LDFLAGS \ - GO_LDSO \ - GO_DISTFLAGS \ - GOBUILDTIMELOGFILE \ - GOROOT_BOOTSTRAP - -# From https://golang.org/doc/go1.9#parallel-compile -unexport \ - GO19CONCURRENTCOMPILATION - -# From https://golang.org/src/cmd/dist/build.go -unexport \ - BOOT_GO_GCFLAGS \ - BOOT_GO_LDFLAGS - -# From https://golang.org/src/cmd/dist/buildtool.go -unexport \ - GOBOOTSTRAP_TOOLEXEC - - -# GOOS / GOARCH - -go_arch=$(subst \ - aarch64,arm64,$(subst \ - i386,386,$(subst \ - mipsel,mipsle,$(subst \ - mips64el,mips64le,$(subst \ - powerpc64,ppc64,$(subst \ - x86_64,amd64,$(1))))))) - -GO_OS:=linux -GO_ARCH:=$(call go_arch,$(ARCH)) -GO_OS_ARCH:=$(GO_OS)_$(GO_ARCH) - -GO_HOST_OS:=$(call tolower,$(HOST_OS)) -GO_HOST_ARCH:=$(call go_arch,$(subst \ - armv6l,arm,$(subst \ - armv7l,arm,$(subst \ - i686,i386,$(HOST_ARCH))))) -GO_HOST_OS_ARCH:=$(GO_HOST_OS)_$(GO_HOST_ARCH) - -ifeq ($(GO_OS_ARCH),$(GO_HOST_OS_ARCH)) - GO_HOST_TARGET_SAME:=1 -else - GO_HOST_TARGET_DIFFERENT:=1 -endif - -ifeq ($(GO_ARCH),386) - ifeq ($(CONFIG_TARGET_x86_geode)$(CONFIG_TARGET_x86_legacy),y) - GO_386:=softfloat - else - GO_386:=sse2 - endif - - # -fno-plt: causes "unexpected GOT reloc for non-dynamic symbol" errors - GO_CFLAGS_TO_REMOVE:=-fno-plt - -else ifeq ($(GO_ARCH),arm) - GO_TARGET_FPU:=$(word 2,$(subst +,$(space),$(call qstrip,$(CONFIG_CPU_TYPE)))) - - # FPU names from https://gcc.gnu.org/onlinedocs/gcc-8.4.0/gcc/ARM-Options.html#index-mfpu-1 - # see also https://github.com/gcc-mirror/gcc/blob/releases/gcc-8.4.0/gcc/config/arm/arm-cpus.in - - ifeq ($(GO_TARGET_FPU),) - GO_ARM:=5 - else ifneq ($(filter $(GO_TARGET_FPU),vfp vfpv2),) - GO_ARM:=6 - else - GO_ARM:=7 - endif - -else ifneq ($(filter $(GO_ARCH),mips mipsle),) - ifeq ($(CONFIG_HAS_FPU),y) - GO_MIPS:=hardfloat - else - GO_MIPS:=softfloat - endif - - # -mips32r2: conflicts with -march=mips32 set by go - GO_CFLAGS_TO_REMOVE:=-mips32r2 - -else ifneq ($(filter $(GO_ARCH),mips64 mips64le),) - ifeq ($(CONFIG_HAS_FPU),y) - GO_MIPS64:=hardfloat - else - GO_MIPS64:=softfloat - endif - -endif - - -# Target Go - -GO_ARCH_DEPENDS:=@(aarch64||arm||i386||i686||mips||mips64||mips64el||mipsel||powerpc64||x86_64) - - -# ASLR/PIE - -# From https://golang.org/src/cmd/internal/sys/supported.go -GO_PIE_SUPPORTED_OS_ARCH:= \ - android_386 android_amd64 android_arm android_arm64 \ - linux_386 linux_amd64 linux_arm linux_arm64 \ - \ - windows_386 windows_amd64 windows_arm \ - \ - darwin_amd64 darwin_arm64 \ - ios_amd64 ios_arm64 \ - \ - freebsd_amd64 \ - \ - aix_ppc64 \ - \ - linux_ppc64le linux_riscv64 linux_s390x - -# From https://golang.org/src/cmd/go/internal/work/init.go -go_pie_install_suffix=$(if $(filter $(1),aix_ppc64 windows_386 windows_amd64 windows_arm),,shared) - -ifneq ($(filter $(GO_HOST_OS_ARCH),$(GO_PIE_SUPPORTED_OS_ARCH)),) - GO_HOST_PIE_SUPPORTED:=1 - GO_HOST_PIE_INSTALL_SUFFIX:=$(call go_pie_install_suffix,$(GO_HOST_OS_ARCH)) -endif - -ifneq ($(filter $(GO_OS_ARCH),$(GO_PIE_SUPPORTED_OS_ARCH)),) - GO_TARGET_PIE_SUPPORTED:=1 - GO_TARGET_PIE_INSTALL_SUFFIX:=$(call go_pie_install_suffix,$(GO_OS_ARCH)) -endif - - -# Spectre mitigations - -GO_SPECTRE_SUPPORTED_ARCH:=amd64 - -ifneq ($(filter $(GO_HOST_ARCH),$(GO_SPECTRE_SUPPORTED_ARCH)),) - GO_HOST_SPECTRE_SUPPORTED:=1 -endif - -ifneq ($(filter $(GO_ARCH),$(GO_SPECTRE_SUPPORTED_ARCH)),) - GO_TARGET_SPECTRE_SUPPORTED:=1 -endif - - -# General build info - -GO_BUILD_CACHE_DIR:=$(or $(call qstrip,$(CONFIG_GOLANG_BUILD_CACHE_DIR)),$(TMP_DIR)/go-build) -GO_MOD_CACHE_DIR:=$(DL_DIR)/go-mod-cache - -GO_MOD_ARGS= \ - -modcacherw - -GO_GENERAL_BUILD_CONFIG_VARS= \ - CONFIG_GOLANG_MOD_CACHE_WORLD_READABLE="$(CONFIG_GOLANG_MOD_CACHE_WORLD_READABLE)" \ - GO_BUILD_CACHE_DIR="$(GO_BUILD_CACHE_DIR)" \ - GO_MOD_CACHE_DIR="$(GO_MOD_CACHE_DIR)" \ - GO_MOD_ARGS="$(GO_MOD_ARGS)" - -define Go/CacheCleanup - $(GO_GENERAL_BUILD_CONFIG_VARS) \ - $(SHELL) $(GO_INCLUDE_DIR)/golang-build.sh cache_cleanup -endef diff --git a/golang/golang/Config.in b/golang/golang/Config.in deleted file mode 100644 index 714bf01fd..000000000 --- a/golang/golang/Config.in +++ /dev/null @@ -1,33 +0,0 @@ -menu "Configuration" - -config GOLANG_EXTERNAL_BOOTSTRAP_ROOT - string "External bootstrap Go root directory" - default "" - help - Path to a working Go tree (>= Go 1.4), with bin, pkg, and src - subdirectories and the Go compiler at bin/go. - - If specified, the existing Go installation will be used to - compile host (buildroot) Go. - - Leave blank to compile the default bootstrap Go. - -config GOLANG_BUILD_CACHE_DIR - string "Go build cache directory" - default "" - help - Store the Go build cache in this directory. - If not set, uses './.go-build'. - -config GOLANG_MOD_CACHE_WORLD_READABLE - bool "Ensure Go module cache is world-readable" - default n - -config GOLANG_SPECTRE - bool "Enable Spectre mitigations" - default n - depends on x86_64 - help - Currently only available for x86-64 (amd64). - -endmenu diff --git a/golang/golang/Makefile b/golang/golang/Makefile deleted file mode 100644 index 30979fe7c..000000000 --- a/golang/golang/Makefile +++ /dev/null @@ -1,368 +0,0 @@ -# -# Copyright (C) 2018, 2020 Jeffery To -# -# This is free software, licensed under the GNU General Public License v2. -# See /LICENSE for more information. -# - -include $(TOPDIR)/rules.mk - -GO_VERSION_MAJOR_MINOR:=1.17 -GO_VERSION_PATCH:=3 - -PKG_NAME:=golang -PKG_VERSION:=$(GO_VERSION_MAJOR_MINOR)$(if $(GO_VERSION_PATCH),.$(GO_VERSION_PATCH)) -PKG_RELEASE:=1 - -GO_SOURCE_URLS:=https://dl.google.com/go/ \ - https://mirrors.ustc.edu.cn/golang/ \ - https://mirrors.nju.edu.cn/golang/ - -PKG_SOURCE:=go$(PKG_VERSION).src.tar.gz -PKG_SOURCE_URL:=$(GO_SOURCE_URLS) -PKG_HASH:=705c64251e5b25d5d55ede1039c6aa22bea40a7a931d14c370339853643c3df0 - -PKG_MAINTAINER:=Jeffery To -PKG_LICENSE:=BSD-3-Clause -PKG_LICENSE_FILES:=LICENSE -PKG_CPE_ID:=cpe:/a:golang:go - -PKG_BUILD_DEPENDS:=golang/host -PKG_BUILD_DIR:=$(BUILD_DIR)/go-$(PKG_VERSION) -PKG_BUILD_PARALLEL:=1 -PKG_USE_MIPS16:=0 - -PKG_GO_PREFIX:=/usr -PKG_GO_VERSION_ID:=$(GO_VERSION_MAJOR_MINOR) -PKG_GO_ROOT:=$(PKG_GO_PREFIX)/lib/go-$(PKG_GO_VERSION_ID) - -HOST_BUILD_DIR:=$(BUILD_DIR_HOST)/go-$(PKG_VERSION) -HOST_BUILD_PARALLEL:=1 - -HOST_GO_PREFIX:=$(STAGING_DIR_HOSTPKG) -HOST_GO_VERSION_ID:=cross -HOST_GO_ROOT:=$(HOST_GO_PREFIX)/lib/go-$(HOST_GO_VERSION_ID) - -HOST_GO_VALID_OS_ARCH:= \ - android_386 android_amd64 android_arm android_arm64 \ - freebsd_386 freebsd_amd64 freebsd_arm freebsd_arm64 \ - linux_386 linux_amd64 linux_arm linux_arm64 \ - openbsd_386 openbsd_amd64 openbsd_arm openbsd_arm64 \ - netbsd_386 netbsd_amd64 netbsd_arm netbsd_arm64 \ - windows_386 windows_amd64 windows_arm windows_arm64 \ - \ - plan9_386 plan9_amd64 plan9_arm \ - \ - darwin_amd64 darwin_arm64 \ - ios_amd64 ios_arm64 \ - \ - dragonfly_amd64 \ - illumos_amd64 \ - solaris_amd64 \ - \ - aix_ppc64 \ - js_wasm \ - \ - linux_ppc64 linux_ppc64le \ - linux_mips linux_mipsle linux_mips64 linux_mips64le \ - linux_riscv64 linux_s390x \ - \ - openbsd_mips64 - -BOOTSTRAP_SOURCE:=go1.4-bootstrap-20171003.tar.gz -BOOTSTRAP_SOURCE_URL:=$(GO_SOURCE_URLS) -BOOTSTRAP_HASH:=f4ff5b5eb3a3cae1c993723f3eab519c5bae18866b5e5f96fe1102f0cb5c3e52 - -BOOTSTRAP_BUILD_DIR:=$(HOST_BUILD_DIR)/.go_bootstrap - -BOOTSTRAP_GO_VALID_OS_ARCH:= \ - darwin_386 darwin_amd64 \ - dragonfly_386 dragonfly_amd64 \ - freebsd_386 freebsd_amd64 freebsd_arm \ - linux_386 linux_amd64 linux_arm \ - netbsd_386 netbsd_amd64 netbsd_arm \ - openbsd_386 openbsd_amd64 \ - plan9_386 plan9_amd64 \ - solaris_amd64 \ - windows_386 windows_amd64 - -include $(INCLUDE_DIR)/host-build.mk -include $(INCLUDE_DIR)/package.mk -include ../golang-compiler.mk -include ../golang-package.mk - -PKG_UNPACK:=$(HOST_TAR) -C "$(PKG_BUILD_DIR)" --strip-components=1 -xzf "$(DL_DIR)/$(PKG_SOURCE)" -HOST_UNPACK:=$(HOST_TAR) -C "$(HOST_BUILD_DIR)" --strip-components=1 -xzf "$(DL_DIR)/$(PKG_SOURCE)" -BOOTSTRAP_UNPACK:=$(HOST_TAR) -C "$(BOOTSTRAP_BUILD_DIR)" --strip-components=1 -xzf "$(DL_DIR)/$(BOOTSTRAP_SOURCE)" - -# don't strip ELF executables in test data -RSTRIP:=: -STRIP:=: - -ifeq ($(GO_TARGET_SPECTRE_SUPPORTED),1) - PKG_CONFIG_DEPENDS+=CONFIG_GOLANG_SPECTRE -endif - -define Package/golang/Default -$(call GoPackage/GoSubMenu) - TITLE:=Go programming language - URL:=https://golang.org/ - DEPENDS:=$(GO_ARCH_DEPENDS) -endef - -define Package/golang/Default/description -The Go programming language is an open source project to make -programmers more productive. - -Go is expressive, concise, clean, and efficient. Its concurrency -mechanisms make it easy to write programs that get the most out of -multicore and networked machines, while its novel type system enables -flexible and modular program construction. Go compiles quickly to -machine code yet has the convenience of garbage collection and the power -of run-time reflection. It's a fast, statically typed, compiled language -that feels like a dynamically typed, interpreted language. -endef - -# go tool requires source present: -# https://github.com/golang/go/issues/4635 -define Package/golang -$(call Package/golang/Default) - TITLE+= (compiler) - DEPENDS+= +golang-src -endef - -define Package/golang/description -$(call Package/golang/Default/description) - -This package provides an assembler, compiler, linker, and compiled -libraries for the Go programming language. -endef - -define Package/golang/config - source "$(SOURCE)/Config.in" -endef - -define Package/golang-doc -$(call Package/golang/Default) - TITLE+= (documentation) -endef - -define Package/golang-doc/description -$(call Package/golang/Default/description) - -This package provides the documentation for the Go programming language. -endef - -define Package/golang-src -$(call Package/golang/Default) - TITLE+= (source files) -endef - -define Package/golang-src/description -$(call Package/golang/Default/description) - -This package provides the Go programming language source files needed -for cross-compilation. -endef - - -# Bootstrap - -BOOTSTRAP_ROOT_DIR:=$(call qstrip,$(CONFIG_GOLANG_EXTERNAL_BOOTSTRAP_ROOT)) - -ifeq ($(BOOTSTRAP_ROOT_DIR),) - BOOTSTRAP_ROOT_DIR:=$(BOOTSTRAP_BUILD_DIR) - - define Download/golang-bootstrap - FILE:=$(BOOTSTRAP_SOURCE) - URL:=$(BOOTSTRAP_SOURCE_URL) - HASH:=$(BOOTSTRAP_HASH) - endef - $(eval $(call Download,golang-bootstrap)) - - define Bootstrap/Prepare - mkdir -p "$(BOOTSTRAP_BUILD_DIR)" - $(BOOTSTRAP_UNPACK) - endef - Hooks/HostPrepare/Post+=Bootstrap/Prepare - - $(eval $(call GoCompiler/AddProfile,Bootstrap,$(BOOTSTRAP_BUILD_DIR),,bootstrap,$(GO_HOST_OS_ARCH))) -endif - - -# Host - -ifeq ($(GO_HOST_PIE_SUPPORTED),1) - HOST_GO_ENABLE_PIE:=1 -endif - -# when using GO_LDFLAGS to set buildmode=pie, the PIE install suffix -# does not apply (we also delete the std lib during Host/Install) - -$(eval $(call GoCompiler/AddProfile,Host,$(HOST_BUILD_DIR),$(HOST_GO_PREFIX),$(HOST_GO_VERSION_ID),$(GO_HOST_OS_ARCH),$(HOST_GO_INSTALL_SUFFIX))) - -HOST_GO_VARS= \ - GOCACHE="$(GO_BUILD_CACHE_DIR)" \ - GOENV=off \ - CC="$(HOSTCC_NOCACHE)" \ - CXX="$(HOSTCXX_NOCACHE)" - -define Host/Compile - $(call GoCompiler/Bootstrap/CheckHost,$(BOOTSTRAP_GO_VALID_OS_ARCH)) - $(call GoCompiler/Host/CheckHost,$(HOST_GO_VALID_OS_ARCH)) - - mkdir -p "$(GO_BUILD_CACHE_DIR)" - - $(call GoCompiler/Bootstrap/Make, \ - $(HOST_GO_VARS) \ - ) - - $(call GoCompiler/Host/Make, \ - GOROOT_BOOTSTRAP="$(BOOTSTRAP_ROOT_DIR)" \ - $(if $(HOST_GO_ENABLE_PIE),GO_LDFLAGS="-buildmode pie") \ - $(HOST_GO_VARS) \ - ) -endef - -# if host and target os/arch are the same, -# when go compiles a program, it will use the host std lib -# so remove it now and force go to rebuild std for target later -define Host/Install - $(call Host/Uninstall) - - $(call GoCompiler/Host/Install/Bin,) - $(call GoCompiler/Host/Install/Src,) - - $(call GoCompiler/Host/Install/BinLinks,) - - rm -rf "$(HOST_GO_ROOT)/pkg/$(GO_HOST_OS_ARCH)$(if $(HOST_GO_INSTALL_SUFFIX),_$(HOST_GO_INSTALL_SUFFIX))" - - $(INSTALL_DIR) "$(HOST_GO_ROOT)/openwrt" - $(INSTALL_BIN) ./files/go-gcc-helper "$(HOST_GO_ROOT)/openwrt/" - $(LN) go-gcc-helper "$(HOST_GO_ROOT)/openwrt/gcc" - $(LN) go-gcc-helper "$(HOST_GO_ROOT)/openwrt/g++" -endef - -define Host/Uninstall - rm -rf "$(HOST_GO_ROOT)/openwrt" - - $(call GoCompiler/Host/Uninstall/BinLinks,) - - $(call GoCompiler/Host/Uninstall,) -endef - - -# Target - -ifeq ($(GO_PKG_ENABLE_PIE),1) - PKG_GO_INSTALL_SUFFIX:=$(GO_TARGET_PIE_INSTALL_SUFFIX) -endif - -$(eval $(call GoCompiler/AddProfile,Package,$(PKG_BUILD_DIR),$(PKG_GO_PREFIX),$(PKG_GO_VERSION_ID),$(GO_OS_ARCH),$(PKG_GO_INSTALL_SUFFIX))) - -PKG_GO_ZBOOTSTRAP_MODS:= \ - s/defaultGO386 = `[^`]*`/defaultGO386 = `$(or $(GO_386),sse2)`/; \ - s/defaultGOARM = `[^`]*`/defaultGOARM = `$(or $(GO_ARM),5)`/; \ - s/defaultGOMIPS = `[^`]*`/defaultGOMIPS = `$(or $(GO_MIPS),hardfloat)`/; \ - s/defaultGOMIPS64 = `[^`]*`/defaultGOMIPS64 = `$(or $(GO_MIPS64),hardfloat)`/; \ - s/defaultGOPPC64 = `[^`]*`/defaultGOPPC64 = `power8`/; - -PKG_GO_ZBOOTSTRAP_PATH:=$(PKG_BUILD_DIR)/src/internal/buildcfg/zbootstrap.go - -PKG_GO_VARS= \ - GOCACHE="$(GO_BUILD_CACHE_DIR)" \ - GOENV=off \ - GO_GCC_HELPER_PATH="$$$$PATH" \ - CC=gcc \ - CXX=g++ \ - PKG_CONFIG=pkg-config \ - PATH="$(HOST_GO_ROOT)/openwrt:$$$$PATH" - -PKG_GO_GCFLAGS= \ - $(if $(GO_PKG_ENABLE_SPECTRE),-spectre all) - -PKG_GO_ASMFLAGS= \ - $(if $(GO_PKG_ENABLE_SPECTRE),-spectre all) - -PKG_GO_LDFLAGS= \ - -buildid '$(SOURCE_DATE_EPOCH)' \ - -linkmode external \ - -extldflags '$(patsubst -z%,-Wl$(comma)-z$(comma)%,$(TARGET_LDFLAGS))' \ - $(if $(CONFIG_NO_STRIP)$(CONFIG_DEBUG),,-s -w) - -# setting -trimpath is not necessary here because the paths inside the -# compiler binary are relative to GOROOT_FINAL (PKG_GO_ROOT), which is -# static / not dependent on the build environment -PKG_GO_INSTALL_ARGS= \ - -ldflags "all=$(PKG_GO_LDFLAGS)" \ - $(if $(PKG_GO_GCFLAGS),-gcflags "all=$(PKG_GO_GCFLAGS)") \ - $(if $(PKG_GO_ASMFLAGS),-asmflags "all=$(PKG_GO_ASMFLAGS)") \ - $(if $(filter $(GO_PKG_ENABLE_PIE),1),-buildmode pie) - -define Build/Compile - mkdir -p "$(GO_BUILD_CACHE_DIR)" - - @echo "Building target Go first stage" - - $(call GoCompiler/Package/Make, \ - GOROOT_BOOTSTRAP="$(HOST_GO_ROOT)" \ - GO_GCC_HELPER_CC="$(HOSTCC)" \ - GO_GCC_HELPER_CXX="$(HOSTCXX)" \ - $(PKG_GO_VARS) \ - ) - - $(SED) '$(PKG_GO_ZBOOTSTRAP_MODS)' "$(PKG_GO_ZBOOTSTRAP_PATH)" - - ( \ - if echo 'int main() { return 0; }' | $(TARGET_CC) -o $(PKG_BUILD_DIR)/test-ldso -x c - > /dev/null 2>&1; then \ - LDSO=$$$$( \ - readelf -l $(PKG_BUILD_DIR)/test-ldso | \ - sed -n -e 's/^.*interpreter: \(.*\)[]]/\1/p' \ - ) ; \ - fi ; \ - $(SED) "s,defaultGO_LDSO = \`[^\`]*\`,defaultGO_LDSO = \`$$$$LDSO\`," "$(PKG_GO_ZBOOTSTRAP_PATH)" ; \ - ) - - @echo "Building target Go second stage" - - ( \ - cd "$(PKG_BUILD_DIR)/bin" ; \ - export $(GO_PKG_TARGET_VARS) ; \ - $(CP) go go-host ; \ - GOROOT_FINAL="$(PKG_GO_ROOT)" \ - GO_GCC_HELPER_CC="$(TARGET_CC)" \ - GO_GCC_HELPER_CXX="$(TARGET_CXX)" \ - $(PKG_GO_VARS) \ - ./go-host install -a $(PKG_GO_INSTALL_ARGS) std cmd ; \ - retval="$$$$?" ; \ - rm -f go-host ; \ - exit "$$$$retval" ; \ - ) -endef - -define Package/golang/install - $(call GoCompiler/Package/Install/Bin,$(1)$(PKG_GO_PREFIX)) - $(call GoCompiler/Package/Install/BinLinks,$(1)$(PKG_GO_PREFIX)) -endef - -define Package/golang-doc/install - $(call GoCompiler/Package/Install/Doc,$(1)$(PKG_GO_PREFIX)) -endef - -define Package/golang-src/install - $(call GoCompiler/Package/Install/Src,$(1)$(PKG_GO_PREFIX)) -endef - -# src/debug contains ELF executables as test data -# and they reference these libraries -# we need to call this in Package/$(1)/extra_provides -# to pass CheckDependencies in include/package-ipkg.mk -define Package/golang-src/extra_provides - echo 'libc.so.6' -endef - - -$(eval $(call HostBuild)) -$(eval $(call BuildPackage,golang)) -$(eval $(call BuildPackage,golang-doc)) -$(eval $(call BuildPackage,golang-src)) diff --git a/golang/golang/files/go-gcc-helper b/golang/golang/files/go-gcc-helper deleted file mode 100644 index b396e302c..000000000 --- a/golang/golang/files/go-gcc-helper +++ /dev/null @@ -1,41 +0,0 @@ -#!/bin/sh - -me=go-gcc-helper -name="${0##*/}" - -log() { - # shellcheck disable=SC2039 - local IFS=" " - printf '%s\n' "$me: $*" -} - -case "$name" in -gcc) - if [ -z "$GO_GCC_HELPER_CC" ]; then - log "missing GO_GCC_HELPER_CC" - exit 1 - fi - cmd="$GO_GCC_HELPER_CC" - ;; -g++) - if [ -z "$GO_GCC_HELPER_CXX" ]; then - log "missing GO_GCC_HELPER_CXX" - exit 1 - fi - cmd="$GO_GCC_HELPER_CXX" - ;; -*) - log "unknown command \"$name\"" - exit 1 - ;; -esac - -if [ -n "$GO_GCC_HELPER_PATH" ]; then - export PATH="$GO_GCC_HELPER_PATH" -else - log "missing GO_GCC_HELPER_PATH" -fi - -log "running $cmd $*" - -$cmd "$@" diff --git a/https-dns-proxy/Makefile b/https-dns-proxy/Makefile old mode 100644 new mode 100755 diff --git a/https-dns-proxy/files/README.md b/https-dns-proxy/files/README.md old mode 100644 new mode 100755 diff --git a/https-dns-proxy/files/https-dns-proxy.config b/https-dns-proxy/files/https-dns-proxy.config old mode 100644 new mode 100755 diff --git a/https-dns-proxy/test.sh b/https-dns-proxy/test.sh old mode 100644 new mode 100755 diff --git a/ipcalc/Makefile b/ipcalc/Makefile old mode 100644 new mode 100755 diff --git a/iperf3/Makefile b/iperf3/Makefile deleted file mode 100644 index cf0d6599c..000000000 --- a/iperf3/Makefile +++ /dev/null @@ -1,83 +0,0 @@ -# -# Copyright (C) 2007-2010 OpenWrt.org -# -# This is free software, licensed under the GNU General Public License v2. -# See /LICENSE for more information. -# - -include $(TOPDIR)/rules.mk - -PKG_NAME:=iperf -PKG_VERSION:=3.11 -PKG_RELEASE:=10 - -PKG_SOURCE:=$(PKG_VERSION).tar.gz -PKG_SOURCE_URL:=https://github.com/esnet/iperf/archive/refs/tags/ -PKG_HASH:=96e909c0d3ab6034c52328c2954fb3934aaff349395c4bc2611dcd50e6b89875 - -PKG_MAINTAINER:=Felix Fietkau -PKG_LICENSE:=BSD-3-Clause - -PKG_BUILD_PARALLEL:=1 -PKG_INSTALL:=1 - -PKG_FIXUP:=autoreconf - -include $(INCLUDE_DIR)/package.mk - -DISABLE_NLS:= - -define Package/iperf3/default - SECTION:=net - CATEGORY:=Network - TITLE:=Internet Protocol bandwidth measuring tool - URL:=https://github.com/esnet/iperf -endef - -define Package/iperf3 -$(call Package/iperf3/default) - VARIANT:=nossl -endef - -define Package/iperf3-ssl -$(call Package/iperf3/default) - TITLE+= with iperf_auth support - VARIANT:=ssl - DEPENDS:= +libopenssl -endef - -TARGET_CFLAGS += -D_GNU_SOURCE -CONFIGURE_ARGS += --disable-shared - -ifeq ($(BUILD_VARIANT),ssl) - CONFIGURE_ARGS += --with-openssl="$(STAGING_DIR)/usr" -else - CONFIGURE_ARGS += --without-openssl -endif - -MAKE_FLAGS += noinst_PROGRAMS= - -define Package/iperf3/description - Iperf is a modern alternative for measuring TCP and UDP bandwidth - performance, allowing the tuning of various parameters and - characteristics. -endef - -# autoreconf fails if the README file isn't present -define Build/Prepare - $(call Build/Prepare/Default) - touch $(PKG_BUILD_DIR)/README -endef - -define Package/iperf3/install - $(INSTALL_DIR) $(1)/usr/bin - $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/iperf3 $(1)/usr/bin/ -endef - -define Package/iperf3-ssl/install - $(INSTALL_DIR) $(1)/usr/bin - $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/iperf3 $(1)/usr/bin/ -endef - -$(eval $(call BuildPackage,iperf3)) -$(eval $(call BuildPackage,iperf3-ssl)) diff --git a/iperf3/patches/remove-in6_flowlabel_req.patch b/iperf3/patches/remove-in6_flowlabel_req.patch deleted file mode 100644 index 539f9c3c8..000000000 --- a/iperf3/patches/remove-in6_flowlabel_req.patch +++ /dev/null @@ -1,25 +0,0 @@ ---- a/src/flowlabel.h 2021-06-24 13:26:33.142463630 +0200 -+++ b/src/flowlabel.h 2021-06-24 13:27:45.669235179 +0200 -@@ -37,21 +37,21 @@ - conflicts with "netinet/in.h" . - */ - --#ifndef __ANDROID__ -+#ifndef _LINUX_IN6_H - struct in6_flowlabel_req - { - struct in6_addr flr_dst; - __u32 flr_label; - __u8 flr_action; - __u8 flr_share; - __u16 flr_flags; - __u16 flr_expires; - __u16 flr_linger; - __u32 __flr_pad; - /* Options in format of IPV6_PKTOPTIONS */ - }; - #endif - - #define IPV6_FL_A_GET 0 - #define IPV6_FL_A_PUT 1 - #define IPV6_FL_A_RENEW 2 diff --git a/iproute2/Makefile b/iproute2/Makefile deleted file mode 100644 index 1405f0752..000000000 --- a/iproute2/Makefile +++ /dev/null @@ -1,246 +0,0 @@ -# -# Copyright (C) 2006-2015 OpenWrt.org -# -# This is free software, licensed under the GNU General Public License v2. -# See /LICENSE for more information. -# - -include $(TOPDIR)/rules.mk - -PKG_NAME:=iproute2 -PKG_RELEASE:=$(AUTORELEASE) - -PKG_SOURCE_PROTO:=git -PKG_SOURCE_URL:=git://git.kernel.org/pub/scm/network/iproute2/iproute2.git -PKG_SOURCE_VERSION:=29da83f89f6e1fe528c59131a01f5d43bcd0a000 -PKG_VERSION:=5.16.0-$(PKG_SOURCE_VERSION) - -PKG_BUILD_PARALLEL:=1 -PKG_BUILD_DEPENDS:=iptables -PKG_LICENSE:=GPL-2.0 -PKG_CPE_ID:=cpe:/a:iproute2_project:iproute2 - -include $(INCLUDE_DIR)/kernel.mk -include $(INCLUDE_DIR)/package.mk -include $(INCLUDE_DIR)/nls.mk - -define Package/iproute2/Default - SECTION:=net - CATEGORY:=Network - URL:=http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2 - SUBMENU:=Routing and Redirection - MAINTAINER:=Russell Senior -endef - -define Package/ip-tiny -$(call Package/iproute2/Default) - TITLE:=Routing control utility (minimal) - VARIANT:=iptiny - DEFAULT_VARIANT:=1 - PROVIDES:=ip - ALTERNATIVES:=200:/sbin/ip:/usr/libexec/ip-tiny - DEPENDS:=+libnl-tiny +(PACKAGE_devlink||PACKAGE_rdma):libmnl -endef - -define Package/ip-full -$(call Package/iproute2/Default) - TITLE:=Routing control utility (full) - VARIANT:=ipfull - PROVIDES:=ip - ALTERNATIVES:=300:/sbin/ip:/usr/libexec/ip-full - DEPENDS:=+libnl-tiny +libbpf +(PACKAGE_devlink||PACKAGE_rdma):libmnl -endef - -define Package/tc-tiny -$(call Package/iproute2/Default) - TITLE:=Traffic control utility (minimal) - VARIANT:=tctiny - DEFAULT_VARIANT:=1 - PROVIDES:=tc - ALTERNATIVES:=200:/sbin/tc:/usr/libexec/tc-tiny - DEPENDS:=+kmod-sched-core +libxtables +tc-mod-iptables +(PACKAGE_devlink||PACKAGE_rdma):libmnl -endef - -define Package/tc-full -$(call Package/iproute2/Default) - TITLE:=Traffic control utility (full) - VARIANT:=tcfull - PROVIDES:=tc - ALTERNATIVES:=300:/sbin/tc:/usr/libexec/tc-full - DEPENDS:=+kmod-sched-core +libxtables +tc-mod-iptables +libbpf +(PACKAGE_devlink||PACKAGE_rdma):libmnl -endef - -define Package/tc-mod-iptables -$(call Package/iproute2/Default) - TITLE:=Traffic control module - iptables action - DEPENDS:=+libxtables -endef - -define Package/genl -$(call Package/iproute2/Default) - TITLE:=General netlink utility frontend - DEPENDS:=+libnl-tiny +(PACKAGE_devlink||PACKAGE_rdma):libmnl -endef - -define Package/ip-bridge -$(call Package/iproute2/Default) - TITLE:=Bridge configuration utility from iproute2 - DEPENDS:=+libnl-tiny +(PACKAGE_devlink||PACKAGE_rdma):libmnl -endef - -define Package/ss -$(call Package/iproute2/Default) - TITLE:=Socket statistics utility - DEPENDS:=+libnl-tiny +(PACKAGE_devlink||PACKAGE_rdma):libmnl +kmod-netlink-diag -endef - -define Package/nstat -$(call Package/iproute2/Default) - TITLE:=Network statistics utility - DEPENDS:=+libnl-tiny +(PACKAGE_devlink||PACKAGE_rdma):libmnl -endef - -define Package/devlink -$(call Package/iproute2/Default) - TITLE:=Network devlink utility - DEPENDS:=+libmnl -endef - -define Package/rdma -$(call Package/iproute2/Default) - TITLE:=Network rdma utility - DEPENDS:=+libmnl -endef - -ifeq ($(BUILD_VARIANT),iptiny) - IP_CONFIG_TINY:=y - LIBBPF_FORCE:=off -endif - -ifeq ($(BUILD_VARIANT),ipfull) - HAVE_ELF:=y - LIBBPF_FORCE:=on -endif - -ifeq ($(BUILD_VARIANT),tctiny) - LIBBPF_FORCE:=off - SHARED_LIBS:=y -endif - -ifeq ($(BUILD_VARIANT),tcfull) - HAVE_ELF:=y - LIBBPF_FORCE:=on - SHARED_LIBS:=y -endif - -ifdef CONFIG_PACKAGE_devlink - HAVE_MNL:=y -endif - -ifdef CONFIG_PACKAGE_rdma - HAVE_MNL:=y -endif - -define Build/Configure - echo "static const char SNAPSHOT[] = \"$(PKG_VERSION)-$(PKG_RELEASE)-openwrt\";" \ - > $(PKG_BUILD_DIR)/include/SNAPSHOT.h -endef - -TARGET_CFLAGS += -ffunction-sections -fdata-sections -flto -TARGET_LDFLAGS += -Wl,--gc-sections -Wl,--as-needed -TARGET_CPPFLAGS += -I$(STAGING_DIR)/usr/include/libnl-tiny - -MAKE_FLAGS += \ - KERNEL_INCLUDE="$(LINUX_DIR)/user_headers/include" \ - SHARED_LIBS=$(SHARED_LIBS) \ - IP_CONFIG_TINY=$(IP_CONFIG_TINY) \ - BUILD_VARIANT=$(BUILD_VARIANT) \ - LIBBPF_FORCE=$(LIBBPF_FORCE) \ - HAVE_ELF=$(HAVE_ELF) \ - HAVE_MNL=$(HAVE_MNL) \ - HAVE_CAP=$(HAVE_CAP) \ - IPT_LIB_DIR=/usr/lib/iptables \ - XT_LIB_DIR=/usr/lib/iptables \ - FPIC="$(FPIC)" \ - $(if $(findstring c,$(OPENWRT_VERBOSE)),V=1,V='') - -define Build/Compile - +$(MAKE_VARS) $(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) $(MAKE_FLAGS) -endef - -define Build/InstallDev - $(INSTALL_DIR) $(1)/usr/include/iproute2 - $(CP) $(PKG_BUILD_DIR)/include/bpf_elf.h $(1)/usr/include/iproute2 - $(CP) $(PKG_BUILD_DIR)/include/{libgenl,libnetlink}.h $(1)/usr/include/ - $(INSTALL_DIR) $(1)/usr/lib - $(CP) $(PKG_BUILD_DIR)/lib/libnetlink.a $(1)/usr/lib/ -endef - -define Package/ip-tiny/install - $(INSTALL_DIR) $(1)/usr/libexec - $(INSTALL_BIN) $(PKG_BUILD_DIR)/ip/ip $(1)/usr/libexec/ip-tiny -endef - -define Package/ip-full/install - $(INSTALL_DIR) $(1)/usr/libexec - $(INSTALL_BIN) $(PKG_BUILD_DIR)/ip/ip $(1)/usr/libexec/ip-full -endef - -define Package/tc-tiny/install - $(INSTALL_DIR) $(1)/usr/libexec - $(INSTALL_BIN) $(PKG_BUILD_DIR)/tc/tc $(1)/usr/libexec/tc-tiny -endef - -define Package/tc-full/install - $(INSTALL_DIR) $(1)/usr/libexec - $(INSTALL_BIN) $(PKG_BUILD_DIR)/tc/tc $(1)/usr/libexec/tc-full -endef - -define Package/tc-mod-iptables/install - $(INSTALL_DIR) $(1)/usr/lib/tc - $(CP) $(PKG_BUILD_DIR)/tc/m_xt.so $(1)/usr/lib/tc -endef - -define Package/genl/install - $(INSTALL_DIR) $(1)/usr/sbin - $(INSTALL_BIN) $(PKG_BUILD_DIR)/genl/genl $(1)/usr/sbin/ -endef - -define Package/ip-bridge/install - $(INSTALL_DIR) $(1)/usr/sbin - $(INSTALL_BIN) $(PKG_BUILD_DIR)/bridge/bridge $(1)/usr/sbin/ -endef - -define Package/ss/install - $(INSTALL_DIR) $(1)/usr/sbin - $(INSTALL_BIN) $(PKG_BUILD_DIR)/misc/ss $(1)/usr/sbin/ -endef - -define Package/nstat/install - $(INSTALL_DIR) $(1)/usr/sbin - $(INSTALL_BIN) $(PKG_BUILD_DIR)/misc/nstat $(1)/usr/sbin/ -endef - -define Package/devlink/install - $(INSTALL_DIR) $(1)/usr/sbin - $(INSTALL_BIN) $(PKG_BUILD_DIR)/devlink/devlink $(1)/usr/sbin/ -endef - -define Package/rdma/install - $(INSTALL_DIR) $(1)/usr/sbin - $(INSTALL_BIN) $(PKG_BUILD_DIR)/rdma/rdma $(1)/usr/sbin/ -endef - -#$(eval $(call BuildPackage,ip-tiny)) -$(eval $(call BuildPackage,ip-full)) -# build tc-mod-iptables before its dependents, to avoid -# spurious rebuilds when building multiple variants. -$(eval $(call BuildPackage,tc-mod-iptables)) -#$(eval $(call BuildPackage,tc-tiny)) -$(eval $(call BuildPackage,tc-full)) -$(eval $(call BuildPackage,genl)) -$(eval $(call BuildPackage,ip-bridge)) -$(eval $(call BuildPackage,ss)) -$(eval $(call BuildPackage,nstat)) -$(eval $(call BuildPackage,devlink)) -$(eval $(call BuildPackage,rdma)) diff --git a/iproute2/patches/100-configure.patch b/iproute2/patches/100-configure.patch deleted file mode 100644 index 0c19b2086..000000000 --- a/iproute2/patches/100-configure.patch +++ /dev/null @@ -1,12 +0,0 @@ ---- a/configure -+++ b/configure -@@ -34,7 +34,8 @@ int main(int argc, char **argv) { - } - EOF - -- if $CC -I$INCLUDE -o $TMPDIR/atmtest $TMPDIR/atmtest.c -latm >/dev/null 2>&1; then -+# OpenWrt: disable ATM support even if present on host system -+ if [ 1 -eq 0 ]; then - echo "TC_CONFIG_ATM:=y" >>$CONFIG - echo yes - else diff --git a/iproute2/patches/110-darwin_fixes.patch b/iproute2/patches/110-darwin_fixes.patch deleted file mode 100644 index 1f3eb101e..000000000 --- a/iproute2/patches/110-darwin_fixes.patch +++ /dev/null @@ -1,59 +0,0 @@ ---- a/netem/maketable.c -+++ b/netem/maketable.c -@@ -10,7 +10,9 @@ - #include - #include - #include -+#if !defined(__APPLE__) && !defined(__FreeBSD__) - #include -+#endif - #include - #include - #include ---- a/netem/normal.c -+++ b/netem/normal.c -@@ -8,8 +8,12 @@ - #include - #include - -+#if !defined(__APPLE__) && !defined(__FreeBSD__) - #include - #include -+#else -+#define NETEM_DIST_SCALE 8192 -+#endif - - #define TABLESIZE 16384 - #define TABLEFACTOR NETEM_DIST_SCALE ---- a/netem/pareto.c -+++ b/netem/pareto.c -@@ -7,8 +7,12 @@ - #include - #include - -+#if !defined(__APPLE__) && !defined(__FreeBSD__) - #include - #include -+#else -+#define NETEM_DIST_SCALE 8192 -+#endif - - static const double a=3.0; - #define TABLESIZE 16384 ---- a/netem/paretonormal.c -+++ b/netem/paretonormal.c -@@ -14,10 +14,13 @@ - #include - #include - #include -+#if !defined(__APPLE__) && !defined(__FreeBSD__) - #include -- - #include - #include -+#else -+#define NETEM_DIST_SCALE 8192 -+#endif - - #define TABLESIZE 16384 - #define TABLEFACTOR NETEM_DIST_SCALE diff --git a/iproute2/patches/115-add-config-xtlibdir.patch b/iproute2/patches/115-add-config-xtlibdir.patch deleted file mode 100644 index 8702d5fd2..000000000 --- a/iproute2/patches/115-add-config-xtlibdir.patch +++ /dev/null @@ -1,12 +0,0 @@ ---- a/tc/Makefile -+++ b/tc/Makefile -@@ -128,6 +128,9 @@ CFLAGS += -DCONFIG_GACT -DCONFIG_GACT_PR - ifneq ($(IPT_LIB_DIR),) - CFLAGS += -DIPT_LIB_DIR=\"$(IPT_LIB_DIR)\" - endif -+ifneq ($(XT_LIB_DIR),) -+ CFLAGS += -DXT_LIB_DIR=\"$(XT_LIB_DIR)\" -+endif - - LEX := flex - CFLAGS += -DYY_NO_INPUT diff --git a/iproute2/patches/120-no_arpd_ifstat_rtacct_lnstat.patch b/iproute2/patches/120-no_arpd_ifstat_rtacct_lnstat.patch deleted file mode 100644 index bb6a8d018..000000000 --- a/iproute2/patches/120-no_arpd_ifstat_rtacct_lnstat.patch +++ /dev/null @@ -1,20 +0,0 @@ ---- a/misc/Makefile -+++ b/misc/Makefile -@@ -2,13 +2,13 @@ - SSOBJ=ss.o ssfilter_check.o ssfilter.tab.o - LNSTATOBJ=lnstat.o lnstat_util.o - --TARGETS=ss nstat ifstat rtacct lnstat -+TARGETS=ss nstat - - include ../config.mk - --ifeq ($(HAVE_BERKELEY_DB),y) -- TARGETS += arpd --endif -+#ifeq ($(HAVE_BERKELEY_DB),y) -+# TARGETS += arpd -+#endif - - all: $(TARGETS) - diff --git a/iproute2/patches/130-no_netem_tipc_dcb_man_vdpa.patch b/iproute2/patches/130-no_netem_tipc_dcb_man_vdpa.patch deleted file mode 100644 index 8ddb31674..000000000 --- a/iproute2/patches/130-no_netem_tipc_dcb_man_vdpa.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/Makefile -+++ b/Makefile -@@ -55,7 +55,7 @@ WFLAGS += -Wmissing-declarations -Wold-s - CFLAGS := $(WFLAGS) $(CCOPTS) -I../include -I../include/uapi $(DEFINES) $(CFLAGS) - YACCFLAGS = -d -t -v - --SUBDIRS=lib ip tc bridge misc netem genl tipc devlink rdma dcb man vdpa -+SUBDIRS=lib ip tc bridge misc genl devlink rdma - - LIBNETLINK=../lib/libutil.a ../lib/libnetlink.a - LDLIBS += $(LIBNETLINK) diff --git a/iproute2/patches/140-allow_pfifo_fast.patch b/iproute2/patches/140-allow_pfifo_fast.patch deleted file mode 100644 index 13de48f41..000000000 --- a/iproute2/patches/140-allow_pfifo_fast.patch +++ /dev/null @@ -1,9 +0,0 @@ ---- a/tc/q_fifo.c -+++ b/tc/q_fifo.c -@@ -95,5 +95,6 @@ struct qdisc_util pfifo_head_drop_qdisc_ - - struct qdisc_util pfifo_fast_qdisc_util = { - .id = "pfifo_fast", -+ .parse_qopt = fifo_parse_opt, - .print_qopt = prio_print_opt, - }; diff --git a/iproute2/patches/140-keep_libmnl_optional.patch b/iproute2/patches/140-keep_libmnl_optional.patch deleted file mode 100644 index ff7e9ca4e..000000000 --- a/iproute2/patches/140-keep_libmnl_optional.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/configure -+++ b/configure -@@ -387,7 +387,7 @@ check_selinux() - - check_mnl() - { -- if ${PKG_CONFIG} libmnl --exists; then -+ if [ "${HAVE_MNL}" = "y" ] && ${PKG_CONFIG} libmnl --exists; then - echo "HAVE_MNL:=y" >>$CONFIG - echo "yes" - diff --git a/iproute2/patches/145-keep_libelf_optional.patch b/iproute2/patches/145-keep_libelf_optional.patch deleted file mode 100644 index 079ca0512..000000000 --- a/iproute2/patches/145-keep_libelf_optional.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/configure -+++ b/configure -@@ -255,7 +255,7 @@ EOF - - check_elf() - { -- if ${PKG_CONFIG} libelf --exists; then -+ if [ "${HAVE_ELF}" = "y" ] && ${PKG_CONFIG} libelf --exists; then - echo "HAVE_ELF:=y" >>$CONFIG - echo "yes" - diff --git a/iproute2/patches/150-keep_libcap_optional.patch b/iproute2/patches/150-keep_libcap_optional.patch deleted file mode 100644 index 68e162416..000000000 --- a/iproute2/patches/150-keep_libcap_optional.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/configure -+++ b/configure -@@ -445,7 +445,7 @@ EOF - - check_cap() - { -- if ${PKG_CONFIG} libcap --exists; then -+ if [ "${HAVE_CAP}" = "y" ] && ${PKG_CONFIG} libcap --exists; then - echo "HAVE_CAP:=y" >>$CONFIG - echo "yes" - diff --git a/iproute2/patches/160-libnetlink-pic.patch b/iproute2/patches/160-libnetlink-pic.patch deleted file mode 100644 index 145ec7a9e..000000000 --- a/iproute2/patches/160-libnetlink-pic.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/lib/Makefile -+++ b/lib/Makefile -@@ -1,7 +1,7 @@ - # SPDX-License-Identifier: GPL-2.0 - include ../config.mk - --CFLAGS += -fPIC -+CFLAGS += $(FPIC) - - UTILOBJ = utils.o utils_math.o rt_names.o ll_map.o ll_types.o ll_proto.o ll_addr.o \ - inet_proto.o namespace.o json_writer.o json_print.o json_print_math.o \ diff --git a/iproute2/patches/175-reduce-dynamic-syms.patch b/iproute2/patches/175-reduce-dynamic-syms.patch deleted file mode 100644 index c3892e5a0..000000000 --- a/iproute2/patches/175-reduce-dynamic-syms.patch +++ /dev/null @@ -1,45 +0,0 @@ ---- a/tc/Makefile -+++ b/tc/Makefile -@@ -114,7 +114,7 @@ LDLIBS += -L. -lm - - ifeq ($(SHARED_LIBS),y) - LDLIBS += -ldl --LDFLAGS += -Wl,-export-dynamic -+LDFLAGS += -Wl,--dynamic-list=dynsyms.list - endif - - TCLIB := tc_core.o -@@ -144,7 +144,7 @@ MODDESTDIR := $(DESTDIR)$(LIBDIR)/tc - all: tc $(TCSO) - - tc: $(TCOBJ) $(LIBNETLINK) libtc.a -- $(QUIET_LINK)$(CC) $^ $(LDFLAGS) $(LDLIBS) -o $@ -+ $(QUIET_LINK)$(CC) $(filter-out dynsyms.list, $^) $(LDFLAGS) $(LDLIBS) -o $@ - - libtc.a: $(TCLIB) - $(QUIET_AR)$(AR) rcs $@ $^ -@@ -166,6 +166,7 @@ install: all - clean: - rm -f $(TCOBJ) $(TCLIB) libtc.a tc *.so emp_ematch.tab.h; \ - rm -f emp_ematch.tab.* -+ rm -f dynsyms.list - - q_atm.so: q_atm.c - $(QUIET_CC)$(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -shared -fpic -o q_atm.so q_atm.c -latm -@@ -205,4 +206,16 @@ static-syms.h: $(wildcard *.c) - sed -n '/'$$s'[^ ]* =/{s:.* \([^ ]*'$$s'[^ ]*\) .*:extern char \1[] __attribute__((weak)); if (!strcmp(sym, "\1")) return \1;:;p}' $$files ; \ - done > $@ - -+else -+ -+tc: dynsyms.list -+m_xt.so: dynsyms.list -+dynsyms.list: $(wildcard *.c) -+ files="$(filter-out $(patsubst %.so,%.c,$(TCSO)), $^)" ; \ -+ echo "{" > $@ ; \ -+ for s in `grep -B 3 '\> $@ ; \ -+ echo "show_stats; print_nl; print_tm; parse_rtattr; parse_rtattr_flags; get_u32; matches; addattr_l; addattr_nest; addattr_nest_end; };" >> $@ -+ - endif diff --git a/iproute2/patches/180-drop_FAILED_POLICY.patch b/iproute2/patches/180-drop_FAILED_POLICY.patch deleted file mode 100644 index 07d5230a6..000000000 --- a/iproute2/patches/180-drop_FAILED_POLICY.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 4e7dbf76227e8c7be7897dc81def3011f637864d Mon Sep 17 00:00:00 2001 -From: Jonas Gorski -Date: Thu, 30 May 2013 11:54:04 +0200 -Subject: [PATCH] add support for dropping with FAILED_POLICY - ---- - include/linux/fib_rules.h | 4 ++++ - include/linux/rtnetlink.h | 1 + - ip/rtm_map.c | 4 ++++ - 3 files changed, 9 insertions(+) - ---- a/ip/rtm_map.c -+++ b/ip/rtm_map.c -@@ -54,6 +54,8 @@ char *rtnl_rtntype_n2a(int id, char *buf - return "nat"; - case RTN_XRESOLVE: - return "xresolve"; -+ case RTN_FAILED_POLICY: -+ return "failed_policy"; - default: - snprintf(buf, len, "%d", id); - return buf; -@@ -89,6 +91,8 @@ int rtnl_rtntype_a2n(int *id, char *arg) - res = RTN_UNICAST; - else if (strcmp(arg, "throw") == 0) - res = RTN_THROW; -+ else if (strcmp(arg, "failed_policy") == 0) -+ res = RTN_FAILED_POLICY; - else { - res = strtoul(arg, &end, 0); - if (!end || end == arg || *end || res > 255) ---- a/include/uapi/linux/rtnetlink.h -+++ b/include/uapi/linux/rtnetlink.h -@@ -256,6 +256,7 @@ enum { - RTN_THROW, /* Not in this table */ - RTN_NAT, /* Translate this address */ - RTN_XRESOLVE, /* Use external resolver */ -+ RTN_FAILED_POLICY, /* Source address failed policy */ - __RTN_MAX - }; - diff --git a/iproute2/patches/190-fix-nls-rpath-link.patch b/iproute2/patches/190-fix-nls-rpath-link.patch deleted file mode 100644 index 92d02b9a4..000000000 --- a/iproute2/patches/190-fix-nls-rpath-link.patch +++ /dev/null @@ -1,20 +0,0 @@ ---- a/configure -+++ b/configure -@@ -279,7 +279,7 @@ int main(int argc, char **argv) { - } - EOF - -- $CC -o $TMPDIR/libbpf_test $TMPDIR/libbpf_test.c $LIBBPF_CFLAGS $LIBBPF_LDLIBS >/dev/null 2>&1 -+ $CC -o $TMPDIR/libbpf_test $TMPDIR/libbpf_test.c $LIBBPF_CFLAGS $LIBBPF_LDLIBS $LDFLAGS >/dev/null 2>&1 - local ret=$? - - rm -f $TMPDIR/libbpf_test.c $TMPDIR/libbpf_test -@@ -297,7 +297,7 @@ int main(int argc, char **argv) { - } - EOF - -- $CC -o $TMPDIR/libbpf_sec_test $TMPDIR/libbpf_sec_test.c $LIBBPF_CFLAGS $LIBBPF_LDLIBS >/dev/null 2>&1 -+ $CC -o $TMPDIR/libbpf_sec_test $TMPDIR/libbpf_sec_test.c $LIBBPF_CFLAGS $LIBBPF_LDLIBS $LDFLAGS >/dev/null 2>&1 - local ret=$? - - rm -f $TMPDIR/libbpf_sec_test.c $TMPDIR/libbpf_sec_test diff --git a/iproute2/patches/200-drop_libbsd_dependency.patch b/iproute2/patches/200-drop_libbsd_dependency.patch deleted file mode 100644 index 12a1ccfa3..000000000 --- a/iproute2/patches/200-drop_libbsd_dependency.patch +++ /dev/null @@ -1,19 +0,0 @@ ---- a/configure -+++ b/configure -@@ -431,14 +431,8 @@ EOF - if $CC -I$INCLUDE -o $TMPDIR/strtest $TMPDIR/strtest.c >/dev/null 2>&1; then - echo "no" - else -- if ${PKG_CONFIG} libbsd --exists; then -- echo 'CFLAGS += -DHAVE_LIBBSD' `${PKG_CONFIG} libbsd --cflags` >>$CONFIG -- echo 'LDLIBS +=' `${PKG_CONFIG} libbsd --libs` >> $CONFIG -- echo "no" -- else -- echo 'CFLAGS += -DNEED_STRLCPY' >>$CONFIG -- echo "yes" -- fi -+ echo 'CFLAGS += -DNEED_STRLCPY' >>$CONFIG -+ echo "yes" - fi - rm -f $TMPDIR/strtest.c $TMPDIR/strtest - } diff --git a/iproute2/patches/300-selinux-configurable.patch b/iproute2/patches/300-selinux-configurable.patch deleted file mode 100644 index b7e61fd3b..000000000 --- a/iproute2/patches/300-selinux-configurable.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/configure -+++ b/configure -@@ -374,7 +374,7 @@ check_libbpf() - check_selinux() - # SELinux is a compile time option in the ss utility - { -- if ${PKG_CONFIG} libselinux --exists; then -+ if [ "${HAVE_SELINUX}" = "y" ] && ${PKG_CONFIG} libselinux --exists; then - echo "HAVE_SELINUX:=y" >>$CONFIG - echo "yes" - diff --git a/lcd4linux/Config.in b/lcd4linux/Config.in old mode 100644 new mode 100755 diff --git a/lcd4linux/Makefile b/lcd4linux/Makefile old mode 100644 new mode 100755 diff --git a/lcd4linux/files/lcd4linux.init b/lcd4linux/files/lcd4linux.init old mode 100644 new mode 100755 diff --git a/lcd4linux/patches/120-remove-as-needed-linker-option.patch b/lcd4linux/patches/120-remove-as-needed-linker-option.patch old mode 100644 new mode 100755 diff --git a/lcd4linux/patches/140-no_repnop_T6963.patch b/lcd4linux/patches/140-no_repnop_T6963.patch old mode 100644 new mode 100755 diff --git a/lcd4linux/patches/150-addlibmpdclient.patch b/lcd4linux/patches/150-addlibmpdclient.patch old mode 100644 new mode 100755 diff --git a/lcd4linux/patches/160-uinput_defs.patch b/lcd4linux/patches/160-uinput_defs.patch old mode 100644 new mode 100755 diff --git a/lcd4linux/patches/170-add-generic-spidev-driver.patch b/lcd4linux/patches/170-add-generic-spidev-driver.patch old mode 100644 new mode 100755 diff --git a/lcd4linux/patches/173-glcd2usb-bigendian-fix.patch b/lcd4linux/patches/173-glcd2usb-bigendian-fix.patch old mode 100644 new mode 100755 diff --git a/libell/Makefile b/libell/Makefile old mode 100644 new mode 100755 diff --git a/libmbim/Makefile b/libmbim/Makefile deleted file mode 100644 index 505ae7bc6..000000000 --- a/libmbim/Makefile +++ /dev/null @@ -1,95 +0,0 @@ -# -# Copyright (C) 2016 Velocloud Inc. -# Copyright (C) 2016 Aleksander Morgado -# -# This is free software, licensed under the GNU General Public License v2. -# - -include $(TOPDIR)/rules.mk - -PKG_NAME:=libmbim -PKG_VERSION:=1.26.2 -PKG_RELEASE:=$(AUTORELEASE) - -PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz -PKG_SOURCE_URL:=https://www.freedesktop.org/software/libmbim -PKG_HASH:=10c77bf5b5eb8c92ba80e9b519923ad9b898362bc8e1928e2bc9a17eeba649af - -PKG_MAINTAINER:=Nicholas Smith - -PKG_INSTALL:=1 -PKG_BUILD_PARALLEL:=1 - -include $(INCLUDE_DIR)/package.mk -include $(INCLUDE_DIR)/nls.mk - -CONFIGURE_ARGS += \ - --disable-static \ - --disable-gtk-doc \ - --disable-gtk-doc-html \ - --disable-gtk-doc-pdf \ - --disable-silent-rules \ - --enable-more-warnings=yes - -define Package/libmbim - SECTION:=libs - CATEGORY:=Libraries - DEPENDS:=+glib2 - TITLE:=Helper library and utils to talk to MBIM enabled modems - URL:=https://www.freedesktop.org/wiki/Software/libmbim - LICENSE:=LGPL-2.0-or-later - LICENSE_FILES:=COPYING.LIB -endef - -define Package/libmbim/description - Helper library to talk to MBIM enabled modems. - Add mbim-utils for extra utilities. -endef - -define Package/mbim-utils - SECTION:=utils - CATEGORY:=Utilities - DEPENDS:=+libmbim - TITLE:=Utilities to talk to MBIM enabled modems - URL:=https://www.freedesktop.org/wiki/Software/libmbim - LICENSE:=GPL-2.0-or-later - LICENSE_FILES:=COPYING -endef - -CONFIGURE_ARGS += \ - --without-udev \ - --without-udev-base-dir - -define Build/InstallDev - $(INSTALL_DIR) $(1)/usr/include - $(CP) \ - $(PKG_INSTALL_DIR)/usr/include/libmbim-glib \ - $(1)/usr/include/ - - $(INSTALL_DIR) $(1)/usr/lib - $(CP) \ - $(PKG_INSTALL_DIR)/usr/lib/libmbim*.so* \ - $(1)/usr/lib/ - - $(INSTALL_DIR) $(1)/usr/lib/pkgconfig - $(CP) \ - $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/mbim-glib.pc \ - $(1)/usr/lib/pkgconfig -endef - -define Package/libmbim/install - $(INSTALL_DIR) $(1)/usr/lib - $(CP) \ - $(PKG_INSTALL_DIR)/usr/lib/libmbim*.so.* \ - $(1)/usr/lib/ - $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/mbim-proxy $(1)/usr/lib/ -endef - -define Package/mbim-utils/install - $(INSTALL_DIR) $(1)/usr/bin - $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/mbimcli $(1)/usr/bin/ - $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/mbim-network $(1)/usr/bin/ -endef - -$(eval $(call BuildPackage,libmbim)) -$(eval $(call BuildPackage,mbim-utils)) diff --git a/libqmi/Config.in b/libqmi/Config.in deleted file mode 100644 index 6f35b7453..000000000 --- a/libqmi/Config.in +++ /dev/null @@ -1,16 +0,0 @@ -menu "Configuration" - depends on PACKAGE_libqmi - -config LIBQMI_WITH_MBIM_QMUX - bool "Include MBIM QMUX service support" - default y - help - Compile libqmi with QMI-over-MBIM support - -config LIBQMI_WITH_QRTR_GLIB - bool "Include QRTR support" - default y - help - Compile libqmi with QRTR support - -endmenu diff --git a/libqmi/Makefile b/libqmi/Makefile deleted file mode 100644 index d3ebdeecd..000000000 --- a/libqmi/Makefile +++ /dev/null @@ -1,119 +0,0 @@ -# -# Copyright (C) 2016 Velocloud Inc. -# Copyright (C) 2016 Aleksander Morgado -# -# This is free software, licensed under the GNU General Public License v2. -# - -include $(TOPDIR)/rules.mk - -PKG_NAME:=libqmi -PKG_VERSION:=1.30.4 -PKG_RELEASE:=$(AUTORELEASE) - -PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz -PKG_SOURCE_URL:=https://www.freedesktop.org/software/libqmi -PKG_HASH:=00d7da30a4f8d1185f37cba289cfaf1dfcd04a58f2f76d6acfdf5b85312d6ed6 - -PKG_MAINTAINER:=Nicholas Smith - -PKG_INSTALL:=1 -PKG_BUILD_PARALLEL:=1 - -include $(INCLUDE_DIR)/package.mk -include $(INCLUDE_DIR)/nls.mk - -define Package/libqmi/config - source "$(SOURCE)/Config.in" -endef - -define Package/libqmi - SECTION:=libs - CATEGORY:=Libraries - DEPENDS:= \ - +glib2 \ - +LIBQMI_WITH_MBIM_QMUX:libmbim \ - +LIBQMI_WITH_QRTR_GLIB:libqrtr-glib - TITLE:=Helper library to talk to QMI enabled modems - URL:=https://www.freedesktop.org/wiki/Software/libqmi - LICENSE:=LGPL-2.0-or-later - LICENSE_FILES:=COPYING.LIB -endef - -define Package/libqmi/description - Helper library talk to QMI enabled modems. - Add qmi-utils for extra utilities. -endef - -define Package/qmi-utils - SECTION:=utils - CATEGORY:=Utilities - DEPENDS:=+libqmi - TITLE:=Utilities to talk to QMI enabled modems - URL:=https://www.freedesktop.org/wiki/Software/libqmi - LICENSE:=GPL-2.0-or-later - LICENSE_FILES:=COPYING -endef - -define Package/libqmi-utils/description - Utils to talk to QMI enabled modems -endef - -CONFIGURE_ARGS += \ - --disable-static \ - --disable-gtk-doc \ - --disable-gtk-doc-html \ - --disable-gtk-doc-pdf \ - --disable-silent-rules \ - --enable-firmware-update \ - --enable-more-warnings=yes \ - --without-udev \ - --without-udev-base-dir - -ifeq ($(CONFIG_LIBQMI_WITH_MBIM_QMUX),y) - CONFIGURE_ARGS += --enable-mbim-qmux -else - CONFIGURE_ARGS += --disable-mbim-qmux -endif - -ifeq ($(CONFIG_LIBQMI_WITH_QRTR_GLIB),y) - CONFIGURE_ARGS += --enable-qrtr -else - CONFIGURE_ARGS += --disable-qrtr -endif - -define Build/InstallDev - $(INSTALL_DIR) $(1)/usr/include - $(CP) \ - $(PKG_INSTALL_DIR)/usr/include/libqmi-glib \ - $(1)/usr/include/ - - $(INSTALL_DIR) $(1)/usr/lib - $(CP) \ - $(PKG_INSTALL_DIR)/usr/lib/libqmi*.so* \ - $(1)/usr/lib/ - - $(INSTALL_DIR) $(1)/usr/lib/pkgconfig - $(CP) \ - $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/qmi-glib.pc \ - $(1)/usr/lib/pkgconfig -endef - -define Package/libqmi/install - $(INSTALL_DIR) $(1)/usr/lib - $(CP) \ - $(PKG_INSTALL_DIR)/usr/lib/libqmi*.so.* \ - $(1)/usr/lib/ - - $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/qmi-proxy $(1)/usr/lib/ -endef - -define Package/qmi-utils/install - $(INSTALL_DIR) $(1)/usr/bin - $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/qmicli $(1)/usr/bin/ - $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/qmi-network $(1)/usr/bin/ - $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/qmi-firmware-update $(1)/usr/bin/ -endef - -$(eval $(call BuildPackage,libqmi)) -$(eval $(call BuildPackage,qmi-utils)) diff --git a/luci-app-dsvpn/Makefile b/luci-app-dsvpn/Makefile old mode 100644 new mode 100755 diff --git a/luci-app-dsvpn/htdocs/luci-static/resources/view/services/dsvpn.js b/luci-app-dsvpn/htdocs/luci-static/resources/view/services/dsvpn.js old mode 100644 new mode 100755 diff --git a/luci-app-dsvpn/po/fr/dsvpn.po b/luci-app-dsvpn/po/fr/dsvpn.po old mode 100644 new mode 100755 diff --git a/luci-app-dsvpn/po/fr/dsvpn.po~ b/luci-app-dsvpn/po/fr/dsvpn.po~ old mode 100644 new mode 100755 diff --git a/luci-app-dsvpn/po/ru/dsvpn.po b/luci-app-dsvpn/po/ru/dsvpn.po old mode 100644 new mode 100755 diff --git a/luci-app-dsvpn/po/templates/dsvpn.pot b/luci-app-dsvpn/po/templates/dsvpn.pot old mode 100644 new mode 100755 diff --git a/luci-app-dsvpn/po/zh_Hans/dsvpn.po b/luci-app-dsvpn/po/zh_Hans/dsvpn.po old mode 100644 new mode 100755 diff --git a/luci-app-dsvpn/po/zh_Hans/dsvpn.po~ b/luci-app-dsvpn/po/zh_Hans/dsvpn.po~ old mode 100644 new mode 100755 diff --git a/luci-app-dsvpn/root/usr/share/luci/menu.d/luci-app-dsvpn.json b/luci-app-dsvpn/root/usr/share/luci/menu.d/luci-app-dsvpn.json old mode 100644 new mode 100755 diff --git a/luci-app-dsvpn/root/usr/share/rpcd/acl.d/luci-app-dsvpn.json b/luci-app-dsvpn/root/usr/share/rpcd/acl.d/luci-app-dsvpn.json old mode 100644 new mode 100755 diff --git a/luci-app-firewall/Makefile b/luci-app-firewall/Makefile old mode 100644 new mode 100755 diff --git a/luci-app-firewall/htdocs/luci-static/resources/tools/firewall.js b/luci-app-firewall/htdocs/luci-static/resources/tools/firewall.js old mode 100644 new mode 100755 diff --git a/luci-app-firewall/htdocs/luci-static/resources/view/firewall/custom.js b/luci-app-firewall/htdocs/luci-static/resources/view/firewall/custom.js old mode 100644 new mode 100755 diff --git a/luci-app-firewall/htdocs/luci-static/resources/view/firewall/forwards.js b/luci-app-firewall/htdocs/luci-static/resources/view/firewall/forwards.js old mode 100644 new mode 100755 diff --git a/luci-app-firewall/htdocs/luci-static/resources/view/firewall/rules.js b/luci-app-firewall/htdocs/luci-static/resources/view/firewall/rules.js old mode 100644 new mode 100755 diff --git a/luci-app-firewall/htdocs/luci-static/resources/view/firewall/snats.js b/luci-app-firewall/htdocs/luci-static/resources/view/firewall/snats.js old mode 100644 new mode 100755 diff --git a/luci-app-firewall/htdocs/luci-static/resources/view/firewall/zones.js b/luci-app-firewall/htdocs/luci-static/resources/view/firewall/zones.js old mode 100644 new mode 100755 diff --git a/luci-app-firewall/po/bg/firewall.po b/luci-app-firewall/po/bg/firewall.po old mode 100644 new mode 100755 diff --git a/luci-app-firewall/po/ca/firewall.po b/luci-app-firewall/po/ca/firewall.po old mode 100644 new mode 100755 diff --git a/luci-app-firewall/po/cs/firewall.po b/luci-app-firewall/po/cs/firewall.po old mode 100644 new mode 100755 diff --git a/luci-app-firewall/po/de/firewall.po b/luci-app-firewall/po/de/firewall.po old mode 100644 new mode 100755 diff --git a/luci-app-firewall/po/el/firewall.po b/luci-app-firewall/po/el/firewall.po old mode 100644 new mode 100755 diff --git a/luci-app-firewall/po/en/firewall.po b/luci-app-firewall/po/en/firewall.po old mode 100644 new mode 100755 diff --git a/luci-app-firewall/po/es/firewall.po b/luci-app-firewall/po/es/firewall.po old mode 100644 new mode 100755 diff --git a/luci-app-firewall/po/fr/firewall.po b/luci-app-firewall/po/fr/firewall.po old mode 100644 new mode 100755 diff --git a/luci-app-firewall/po/he/firewall.po b/luci-app-firewall/po/he/firewall.po old mode 100644 new mode 100755 diff --git a/luci-app-firewall/po/hi/firewall.po b/luci-app-firewall/po/hi/firewall.po old mode 100644 new mode 100755 diff --git a/luci-app-firewall/po/hu/firewall.po b/luci-app-firewall/po/hu/firewall.po old mode 100644 new mode 100755 diff --git a/luci-app-firewall/po/it/firewall.po b/luci-app-firewall/po/it/firewall.po old mode 100644 new mode 100755 diff --git a/luci-app-firewall/po/ja/firewall.po b/luci-app-firewall/po/ja/firewall.po old mode 100644 new mode 100755 diff --git a/luci-app-firewall/po/ko/firewall.po b/luci-app-firewall/po/ko/firewall.po old mode 100644 new mode 100755 diff --git a/luci-app-firewall/po/mr/firewall.po b/luci-app-firewall/po/mr/firewall.po old mode 100644 new mode 100755 diff --git a/luci-app-firewall/po/ms/firewall.po b/luci-app-firewall/po/ms/firewall.po old mode 100644 new mode 100755 diff --git a/luci-app-firewall/po/nb_NO/firewall.po b/luci-app-firewall/po/nb_NO/firewall.po old mode 100644 new mode 100755 diff --git a/luci-app-firewall/po/pl/firewall.po b/luci-app-firewall/po/pl/firewall.po old mode 100644 new mode 100755 diff --git a/luci-app-firewall/po/pt/firewall.po b/luci-app-firewall/po/pt/firewall.po old mode 100644 new mode 100755 diff --git a/luci-app-firewall/po/pt_BR/firewall.po b/luci-app-firewall/po/pt_BR/firewall.po old mode 100644 new mode 100755 diff --git a/luci-app-firewall/po/ro/firewall.po b/luci-app-firewall/po/ro/firewall.po old mode 100644 new mode 100755 diff --git a/luci-app-firewall/po/ru/firewall.po b/luci-app-firewall/po/ru/firewall.po old mode 100644 new mode 100755 diff --git a/luci-app-firewall/po/sk/firewall.po b/luci-app-firewall/po/sk/firewall.po old mode 100644 new mode 100755 diff --git a/luci-app-firewall/po/sv/firewall.po b/luci-app-firewall/po/sv/firewall.po old mode 100644 new mode 100755 diff --git a/luci-app-firewall/po/templates/firewall.pot b/luci-app-firewall/po/templates/firewall.pot old mode 100644 new mode 100755 diff --git a/luci-app-firewall/po/tr/firewall.po b/luci-app-firewall/po/tr/firewall.po old mode 100644 new mode 100755 diff --git a/luci-app-firewall/po/uk/firewall.po b/luci-app-firewall/po/uk/firewall.po old mode 100644 new mode 100755 diff --git a/luci-app-firewall/po/vi/firewall.po b/luci-app-firewall/po/vi/firewall.po old mode 100644 new mode 100755 diff --git a/luci-app-firewall/po/zh_Hans/firewall.po b/luci-app-firewall/po/zh_Hans/firewall.po old mode 100644 new mode 100755 diff --git a/luci-app-firewall/po/zh_Hant/firewall.po b/luci-app-firewall/po/zh_Hant/firewall.po old mode 100644 new mode 100755 diff --git a/luci-app-firewall/root/usr/share/luci/menu.d/luci-app-firewall.json b/luci-app-firewall/root/usr/share/luci/menu.d/luci-app-firewall.json old mode 100644 new mode 100755 diff --git a/luci-app-firewall/root/usr/share/rpcd/acl.d/luci-app-firewall.json b/luci-app-firewall/root/usr/share/rpcd/acl.d/luci-app-firewall.json old mode 100644 new mode 100755 diff --git a/luci-app-glorytun-tcp/Makefile b/luci-app-glorytun-tcp/Makefile old mode 100644 new mode 100755 diff --git a/luci-app-glorytun-tcp/htdocs/luci-static/resources/view/services/glorytun-tcp.js b/luci-app-glorytun-tcp/htdocs/luci-static/resources/view/services/glorytun-tcp.js old mode 100644 new mode 100755 diff --git a/luci-app-glorytun-tcp/po/fr/glorytun-tcp.po b/luci-app-glorytun-tcp/po/fr/glorytun-tcp.po old mode 100644 new mode 100755 diff --git a/luci-app-glorytun-tcp/po/fr/glorytun-tcp.po~ b/luci-app-glorytun-tcp/po/fr/glorytun-tcp.po~ old mode 100644 new mode 100755 diff --git a/luci-app-glorytun-tcp/po/ru/glorytun-tcp.po b/luci-app-glorytun-tcp/po/ru/glorytun-tcp.po old mode 100644 new mode 100755 diff --git a/luci-app-glorytun-tcp/po/templates/glorytun-tcp.pot b/luci-app-glorytun-tcp/po/templates/glorytun-tcp.pot old mode 100644 new mode 100755 diff --git a/luci-app-glorytun-tcp/po/zh_Hans/glorytun-tcp.po b/luci-app-glorytun-tcp/po/zh_Hans/glorytun-tcp.po old mode 100644 new mode 100755 diff --git a/luci-app-glorytun-tcp/po/zh_Hans/glorytun-tcp.po~ b/luci-app-glorytun-tcp/po/zh_Hans/glorytun-tcp.po~ old mode 100644 new mode 100755 diff --git a/luci-app-glorytun-tcp/root/etc/hotplug.d/iface/30-glorytun b/luci-app-glorytun-tcp/root/etc/hotplug.d/iface/30-glorytun old mode 100644 new mode 100755 diff --git a/luci-app-glorytun-tcp/root/etc/uci-defaults/1200-luci-glorytun b/luci-app-glorytun-tcp/root/etc/uci-defaults/1200-luci-glorytun old mode 100644 new mode 100755 diff --git a/luci-app-glorytun-tcp/root/usr/share/luci/menu.d/luci-app-glorytun-tcp.json b/luci-app-glorytun-tcp/root/usr/share/luci/menu.d/luci-app-glorytun-tcp.json old mode 100644 new mode 100755 diff --git a/luci-app-glorytun-tcp/root/usr/share/rpcd/acl.d/luci-app-glorytun-tcp.json b/luci-app-glorytun-tcp/root/usr/share/rpcd/acl.d/luci-app-glorytun-tcp.json old mode 100644 new mode 100755 diff --git a/luci-app-glorytun-udp/Makefile b/luci-app-glorytun-udp/Makefile old mode 100644 new mode 100755 diff --git a/luci-app-glorytun-udp/htdocs/luci-static/resources/view/services/glorytun-udp.js b/luci-app-glorytun-udp/htdocs/luci-static/resources/view/services/glorytun-udp.js old mode 100644 new mode 100755 diff --git a/luci-app-glorytun-udp/po/fr/glorytun-udp.po b/luci-app-glorytun-udp/po/fr/glorytun-udp.po old mode 100644 new mode 100755 diff --git a/luci-app-glorytun-udp/po/fr/glorytun-udp.po~ b/luci-app-glorytun-udp/po/fr/glorytun-udp.po~ old mode 100644 new mode 100755 diff --git a/luci-app-glorytun-udp/po/ru/glorytun-udp.po b/luci-app-glorytun-udp/po/ru/glorytun-udp.po old mode 100644 new mode 100755 diff --git a/luci-app-glorytun-udp/po/templates/glorytun-udp.pot b/luci-app-glorytun-udp/po/templates/glorytun-udp.pot old mode 100644 new mode 100755 diff --git a/luci-app-glorytun-udp/po/zh_Hans/glorytun-udp.po b/luci-app-glorytun-udp/po/zh_Hans/glorytun-udp.po old mode 100644 new mode 100755 diff --git a/luci-app-glorytun-udp/po/zh_Hans/glorytun-udp.po~ b/luci-app-glorytun-udp/po/zh_Hans/glorytun-udp.po~ old mode 100644 new mode 100755 diff --git a/luci-app-glorytun-udp/root/etc/config/glorytun-udp b/luci-app-glorytun-udp/root/etc/config/glorytun-udp old mode 100644 new mode 100755 diff --git a/luci-app-glorytun-udp/root/etc/hotplug.d/iface/30-glorytun-udp b/luci-app-glorytun-udp/root/etc/hotplug.d/iface/30-glorytun-udp old mode 100644 new mode 100755 diff --git a/luci-app-glorytun-udp/root/etc/uci-defaults/1201-luci-glorytun-udp b/luci-app-glorytun-udp/root/etc/uci-defaults/1201-luci-glorytun-udp old mode 100644 new mode 100755 diff --git a/luci-app-glorytun-udp/root/usr/share/luci/menu.d/luci-app-glorytun-udp.json b/luci-app-glorytun-udp/root/usr/share/luci/menu.d/luci-app-glorytun-udp.json old mode 100644 new mode 100755 diff --git a/luci-app-glorytun-udp/root/usr/share/rpcd/acl.d/luci-app-glorytun-udp.json b/luci-app-glorytun-udp/root/usr/share/rpcd/acl.d/luci-app-glorytun-udp.json old mode 100644 new mode 100755 diff --git a/luci-app-haproxy-tcp/LICENSE b/luci-app-haproxy-tcp/LICENSE old mode 100644 new mode 100755 diff --git a/luci-app-haproxy-tcp/Makefile b/luci-app-haproxy-tcp/Makefile old mode 100644 new mode 100755 diff --git a/luci-app-haproxy-tcp/README.md b/luci-app-haproxy-tcp/README.md old mode 100644 new mode 100755 diff --git a/luci-app-haproxy-tcp/luasrc/controller/haproxy-tcp.lua b/luci-app-haproxy-tcp/luasrc/controller/haproxy-tcp.lua old mode 100644 new mode 100755 diff --git a/luci-app-haproxy-tcp/luasrc/model/cbi/haproxy-tcp.lua b/luci-app-haproxy-tcp/luasrc/model/cbi/haproxy-tcp.lua old mode 100644 new mode 100755 diff --git a/luci-app-haproxy-tcp/po/fr/haproxy-tcp.po b/luci-app-haproxy-tcp/po/fr/haproxy-tcp.po old mode 100644 new mode 100755 diff --git a/luci-app-haproxy-tcp/po/templates/haproxy-tcp.pot b/luci-app-haproxy-tcp/po/templates/haproxy-tcp.pot old mode 100644 new mode 100755 diff --git a/luci-app-haproxy-tcp/po/zh-cn/haproxy-tcp.po b/luci-app-haproxy-tcp/po/zh-cn/haproxy-tcp.po old mode 100644 new mode 100755 diff --git a/luci-app-haproxy-tcp/root/etc/config/haproxy-tcp b/luci-app-haproxy-tcp/root/etc/config/haproxy-tcp old mode 100644 new mode 100755 diff --git a/luci-app-haproxy-tcp/root/etc/uci-defaults/41_luci-haproxy-tcp b/luci-app-haproxy-tcp/root/etc/uci-defaults/41_luci-haproxy-tcp old mode 100644 new mode 100755 diff --git a/luci-app-https-dns-proxy/Makefile b/luci-app-https-dns-proxy/Makefile old mode 100644 new mode 100755 diff --git a/luci-app-https-dns-proxy/luasrc/controller/https-dns-proxy.lua b/luci-app-https-dns-proxy/luasrc/controller/https-dns-proxy.lua old mode 100644 new mode 100755 diff --git a/luci-app-https-dns-proxy/luasrc/https-dns-proxy/providers.disabled/ch.digitale-gesellschaft.dns.lua b/luci-app-https-dns-proxy/luasrc/https-dns-proxy/providers.disabled/ch.digitale-gesellschaft.dns.lua old mode 100644 new mode 100755 diff --git a/luci-app-https-dns-proxy/luasrc/https-dns-proxy/providers.disabled/cn.rubyfish.dns.lua b/luci-app-https-dns-proxy/luasrc/https-dns-proxy/providers.disabled/cn.rubyfish.dns.lua old mode 100644 new mode 100755 diff --git a/luci-app-https-dns-proxy/luasrc/https-dns-proxy/providers.disabled/sb.dns.lua b/luci-app-https-dns-proxy/luasrc/https-dns-proxy/providers.disabled/sb.dns.lua old mode 100644 new mode 100755 diff --git a/luci-app-https-dns-proxy/luasrc/https-dns-proxy/providers/com.adguard.dns-family.lua b/luci-app-https-dns-proxy/luasrc/https-dns-proxy/providers/com.adguard.dns-family.lua old mode 100644 new mode 100755 diff --git a/luci-app-https-dns-proxy/luasrc/https-dns-proxy/providers/com.adguard.dns.lua b/luci-app-https-dns-proxy/luasrc/https-dns-proxy/providers/com.adguard.dns.lua old mode 100644 new mode 100755 diff --git a/luci-app-https-dns-proxy/luasrc/https-dns-proxy/providers/com.cloudflare-dns-family.lua b/luci-app-https-dns-proxy/luasrc/https-dns-proxy/providers/com.cloudflare-dns-family.lua old mode 100644 new mode 100755 diff --git a/luci-app-https-dns-proxy/luasrc/https-dns-proxy/providers/com.cloudflare-dns-malware.lua b/luci-app-https-dns-proxy/luasrc/https-dns-proxy/providers/com.cloudflare-dns-malware.lua old mode 100644 new mode 100755 diff --git a/luci-app-https-dns-proxy/luasrc/https-dns-proxy/providers/com.cloudflare-dns.lua b/luci-app-https-dns-proxy/luasrc/https-dns-proxy/providers/com.cloudflare-dns.lua old mode 100644 new mode 100755 diff --git a/luci-app-https-dns-proxy/luasrc/https-dns-proxy/providers/cz.nic.odvr.lua b/luci-app-https-dns-proxy/luasrc/https-dns-proxy/providers/cz.nic.odvr.lua old mode 100644 new mode 100755 diff --git a/luci-app-https-dns-proxy/luasrc/https-dns-proxy/providers/google.dns.lua b/luci-app-https-dns-proxy/luasrc/https-dns-proxy/providers/google.dns.lua old mode 100644 new mode 100755 diff --git a/luci-app-https-dns-proxy/luasrc/https-dns-proxy/providers/gr.libredns.doh-ads.lua b/luci-app-https-dns-proxy/luasrc/https-dns-proxy/providers/gr.libredns.doh-ads.lua old mode 100644 new mode 100755 diff --git a/luci-app-https-dns-proxy/luasrc/https-dns-proxy/providers/gr.libredns.doh.lua b/luci-app-https-dns-proxy/luasrc/https-dns-proxy/providers/gr.libredns.doh.lua old mode 100644 new mode 100755 diff --git a/luci-app-https-dns-proxy/luasrc/https-dns-proxy/providers/net.quad9.dns.lua b/luci-app-https-dns-proxy/luasrc/https-dns-proxy/providers/net.quad9.dns.lua old mode 100644 new mode 100755 diff --git a/luci-app-https-dns-proxy/luasrc/https-dns-proxy/providers/net.quad9.dns10.lua b/luci-app-https-dns-proxy/luasrc/https-dns-proxy/providers/net.quad9.dns10.lua old mode 100644 new mode 100755 diff --git a/luci-app-https-dns-proxy/luasrc/https-dns-proxy/providers/net.quad9.dns11.lua b/luci-app-https-dns-proxy/luasrc/https-dns-proxy/providers/net.quad9.dns11.lua old mode 100644 new mode 100755 diff --git a/luci-app-https-dns-proxy/luasrc/https-dns-proxy/providers/net.quad9.dns9.lua b/luci-app-https-dns-proxy/luasrc/https-dns-proxy/providers/net.quad9.dns9.lua old mode 100644 new mode 100755 diff --git a/luci-app-https-dns-proxy/luasrc/https-dns-proxy/providers/org.cleanbrowsing.doh-adult.lua b/luci-app-https-dns-proxy/luasrc/https-dns-proxy/providers/org.cleanbrowsing.doh-adult.lua old mode 100644 new mode 100755 diff --git a/luci-app-https-dns-proxy/luasrc/https-dns-proxy/providers/org.cleanbrowsing.doh-family.lua b/luci-app-https-dns-proxy/luasrc/https-dns-proxy/providers/org.cleanbrowsing.doh-family.lua old mode 100644 new mode 100755 diff --git a/luci-app-https-dns-proxy/luasrc/https-dns-proxy/providers/org.cleanbrowsing.doh-security.lua b/luci-app-https-dns-proxy/luasrc/https-dns-proxy/providers/org.cleanbrowsing.doh-security.lua old mode 100644 new mode 100755 diff --git a/luci-app-https-dns-proxy/luasrc/model/cbi/https-dns-proxy.lua b/luci-app-https-dns-proxy/luasrc/model/cbi/https-dns-proxy.lua old mode 100644 new mode 100755 diff --git a/luci-app-https-dns-proxy/luasrc/view/https-dns-proxy/buttons.htm b/luci-app-https-dns-proxy/luasrc/view/https-dns-proxy/buttons.htm old mode 100644 new mode 100755 diff --git a/luci-app-https-dns-proxy/luasrc/view/https-dns-proxy/css.htm b/luci-app-https-dns-proxy/luasrc/view/https-dns-proxy/css.htm old mode 100644 new mode 100755 diff --git a/luci-app-https-dns-proxy/luasrc/view/https-dns-proxy/js.htm b/luci-app-https-dns-proxy/luasrc/view/https-dns-proxy/js.htm old mode 100644 new mode 100755 diff --git a/luci-app-https-dns-proxy/luasrc/view/https-dns-proxy/status-textarea.htm b/luci-app-https-dns-proxy/luasrc/view/https-dns-proxy/status-textarea.htm old mode 100644 new mode 100755 diff --git a/luci-app-https-dns-proxy/luasrc/view/https-dns-proxy/status.htm b/luci-app-https-dns-proxy/luasrc/view/https-dns-proxy/status.htm old mode 100644 new mode 100755 diff --git a/luci-app-https-dns-proxy/po/bg/https-dns-proxy.po b/luci-app-https-dns-proxy/po/bg/https-dns-proxy.po old mode 100644 new mode 100755 diff --git a/luci-app-https-dns-proxy/po/ca/https-dns-proxy.po b/luci-app-https-dns-proxy/po/ca/https-dns-proxy.po old mode 100644 new mode 100755 diff --git a/luci-app-https-dns-proxy/po/cs/https-dns-proxy.po b/luci-app-https-dns-proxy/po/cs/https-dns-proxy.po old mode 100644 new mode 100755 diff --git a/luci-app-https-dns-proxy/po/de/https-dns-proxy.po b/luci-app-https-dns-proxy/po/de/https-dns-proxy.po old mode 100644 new mode 100755 diff --git a/luci-app-https-dns-proxy/po/el/https-dns-proxy.po b/luci-app-https-dns-proxy/po/el/https-dns-proxy.po old mode 100644 new mode 100755 diff --git a/luci-app-https-dns-proxy/po/en/https-dns-proxy.po b/luci-app-https-dns-proxy/po/en/https-dns-proxy.po old mode 100644 new mode 100755 diff --git a/luci-app-https-dns-proxy/po/es/https-dns-proxy.po b/luci-app-https-dns-proxy/po/es/https-dns-proxy.po old mode 100644 new mode 100755 diff --git a/luci-app-https-dns-proxy/po/fr/https-dns-proxy.po b/luci-app-https-dns-proxy/po/fr/https-dns-proxy.po old mode 100644 new mode 100755 diff --git a/luci-app-https-dns-proxy/po/he/https-dns-proxy.po b/luci-app-https-dns-proxy/po/he/https-dns-proxy.po old mode 100644 new mode 100755 diff --git a/luci-app-https-dns-proxy/po/hi/https-dns-proxy.po b/luci-app-https-dns-proxy/po/hi/https-dns-proxy.po old mode 100644 new mode 100755 diff --git a/luci-app-https-dns-proxy/po/hu/https-dns-proxy.po b/luci-app-https-dns-proxy/po/hu/https-dns-proxy.po old mode 100644 new mode 100755 diff --git a/luci-app-https-dns-proxy/po/it/https-dns-proxy.po b/luci-app-https-dns-proxy/po/it/https-dns-proxy.po old mode 100644 new mode 100755 diff --git a/luci-app-https-dns-proxy/po/ja/https-dns-proxy.po b/luci-app-https-dns-proxy/po/ja/https-dns-proxy.po old mode 100644 new mode 100755 diff --git a/luci-app-https-dns-proxy/po/ko/https-dns-proxy.po b/luci-app-https-dns-proxy/po/ko/https-dns-proxy.po old mode 100644 new mode 100755 diff --git a/luci-app-https-dns-proxy/po/mr/https-dns-proxy.po b/luci-app-https-dns-proxy/po/mr/https-dns-proxy.po old mode 100644 new mode 100755 diff --git a/luci-app-https-dns-proxy/po/ms/https-dns-proxy.po b/luci-app-https-dns-proxy/po/ms/https-dns-proxy.po old mode 100644 new mode 100755 diff --git a/luci-app-https-dns-proxy/po/nb_NO/https-dns-proxy.po b/luci-app-https-dns-proxy/po/nb_NO/https-dns-proxy.po old mode 100644 new mode 100755 diff --git a/luci-app-https-dns-proxy/po/pl/https-dns-proxy.po b/luci-app-https-dns-proxy/po/pl/https-dns-proxy.po old mode 100644 new mode 100755 diff --git a/luci-app-https-dns-proxy/po/pt/https-dns-proxy.po b/luci-app-https-dns-proxy/po/pt/https-dns-proxy.po old mode 100644 new mode 100755 diff --git a/luci-app-https-dns-proxy/po/pt_BR/https-dns-proxy.po b/luci-app-https-dns-proxy/po/pt_BR/https-dns-proxy.po old mode 100644 new mode 100755 diff --git a/luci-app-https-dns-proxy/po/ro/https-dns-proxy.po b/luci-app-https-dns-proxy/po/ro/https-dns-proxy.po old mode 100644 new mode 100755 diff --git a/luci-app-https-dns-proxy/po/ru/https-dns-proxy.po b/luci-app-https-dns-proxy/po/ru/https-dns-proxy.po old mode 100644 new mode 100755 diff --git a/luci-app-https-dns-proxy/po/sk/https-dns-proxy.po b/luci-app-https-dns-proxy/po/sk/https-dns-proxy.po old mode 100644 new mode 100755 diff --git a/luci-app-https-dns-proxy/po/sv/https-dns-proxy.po b/luci-app-https-dns-proxy/po/sv/https-dns-proxy.po old mode 100644 new mode 100755 diff --git a/luci-app-https-dns-proxy/po/templates/https-dns-proxy.pot b/luci-app-https-dns-proxy/po/templates/https-dns-proxy.pot old mode 100644 new mode 100755 diff --git a/luci-app-https-dns-proxy/po/tr/https-dns-proxy.po b/luci-app-https-dns-proxy/po/tr/https-dns-proxy.po old mode 100644 new mode 100755 diff --git a/luci-app-https-dns-proxy/po/uk/https-dns-proxy.po b/luci-app-https-dns-proxy/po/uk/https-dns-proxy.po old mode 100644 new mode 100755 diff --git a/luci-app-https-dns-proxy/po/vi/https-dns-proxy.po b/luci-app-https-dns-proxy/po/vi/https-dns-proxy.po old mode 100644 new mode 100755 diff --git a/luci-app-https-dns-proxy/po/zh_Hans/https-dns-proxy.po b/luci-app-https-dns-proxy/po/zh_Hans/https-dns-proxy.po old mode 100644 new mode 100755 diff --git a/luci-app-https-dns-proxy/po/zh_Hant/https-dns-proxy.po b/luci-app-https-dns-proxy/po/zh_Hant/https-dns-proxy.po old mode 100644 new mode 100755 diff --git a/luci-app-https-dns-proxy/root/etc/uci-defaults/40_luci-https-dns-proxy b/luci-app-https-dns-proxy/root/etc/uci-defaults/40_luci-https-dns-proxy old mode 100644 new mode 100755 diff --git a/luci-app-https-dns-proxy/root/usr/share/luci/menu.d/luci-app-https-dns-proxy.json b/luci-app-https-dns-proxy/root/usr/share/luci/menu.d/luci-app-https-dns-proxy.json old mode 100644 new mode 100755 diff --git a/luci-app-https-dns-proxy/root/usr/share/rpcd/acl.d/luci-app-https-dns-proxy.json b/luci-app-https-dns-proxy/root/usr/share/rpcd/acl.d/luci-app-https-dns-proxy.json old mode 100644 new mode 100755 diff --git a/luci-app-iperf/Makefile b/luci-app-iperf/Makefile old mode 100644 new mode 100755 diff --git a/luci-app-iperf/luasrc/controller/iperf.lua b/luci-app-iperf/luasrc/controller/iperf.lua old mode 100644 new mode 100755 diff --git a/luci-app-iperf/luasrc/view/iperf/test.htm b/luci-app-iperf/luasrc/view/iperf/test.htm old mode 100644 new mode 100755 diff --git a/luci-app-iperf/po/de/iperf.po b/luci-app-iperf/po/de/iperf.po old mode 100644 new mode 100755 diff --git a/luci-app-iperf/po/fr/iperf.po b/luci-app-iperf/po/fr/iperf.po old mode 100644 new mode 100755 diff --git a/luci-app-iperf/po/it/iperf.po b/luci-app-iperf/po/it/iperf.po old mode 100644 new mode 100755 diff --git a/luci-app-iperf/po/oc/iperf.po b/luci-app-iperf/po/oc/iperf.po old mode 100644 new mode 100755 diff --git a/luci-app-iperf/po/ru/iperf.po b/luci-app-iperf/po/ru/iperf.po old mode 100644 new mode 100755 diff --git a/luci-app-iperf/po/templates/iperf.pot b/luci-app-iperf/po/templates/iperf.pot old mode 100644 new mode 100755 diff --git a/luci-app-iperf/po/zh_Hans/iperf.po b/luci-app-iperf/po/zh_Hans/iperf.po old mode 100644 new mode 100755 diff --git a/luci-app-iperf/root/usr/share/luci/menu.d/luci-app-iperf.json b/luci-app-iperf/root/usr/share/luci/menu.d/luci-app-iperf.json old mode 100644 new mode 100755 diff --git a/luci-app-iperf/root/usr/share/rpcd/acl.d/luci-app-iperf.json b/luci-app-iperf/root/usr/share/rpcd/acl.d/luci-app-iperf.json old mode 100644 new mode 100755 diff --git a/luci-app-macvlan/po/zh_Hans/macvlan.po b/luci-app-macvlan/po/zh_Hans/macvlan.po old mode 100644 new mode 100755 diff --git a/luci-app-mail/Makefile b/luci-app-mail/Makefile old mode 100644 new mode 100755 diff --git a/luci-app-mail/luasrc/controller/mail.lua b/luci-app-mail/luasrc/controller/mail.lua old mode 100644 new mode 100755 diff --git a/luci-app-mail/luasrc/model/cbi/mail.lua b/luci-app-mail/luasrc/model/cbi/mail.lua old mode 100644 new mode 100755 diff --git a/luci-app-mail/po/de/mail.po b/luci-app-mail/po/de/mail.po old mode 100644 new mode 100755 diff --git a/luci-app-mail/po/de/mail.po~ b/luci-app-mail/po/de/mail.po~ old mode 100644 new mode 100755 diff --git a/luci-app-mail/po/fr/mail.po b/luci-app-mail/po/fr/mail.po old mode 100644 new mode 100755 diff --git a/luci-app-mail/po/fr/mail.po~ b/luci-app-mail/po/fr/mail.po~ old mode 100644 new mode 100755 diff --git a/luci-app-mail/po/it/mail.po b/luci-app-mail/po/it/mail.po old mode 100644 new mode 100755 diff --git a/luci-app-mail/po/it/mail.po~ b/luci-app-mail/po/it/mail.po~ old mode 100644 new mode 100755 diff --git a/luci-app-mail/po/oc/mail.po b/luci-app-mail/po/oc/mail.po old mode 100644 new mode 100755 diff --git a/luci-app-mail/po/oc/mail.po~ b/luci-app-mail/po/oc/mail.po~ old mode 100644 new mode 100755 diff --git a/luci-app-mail/po/ru/mail.po b/luci-app-mail/po/ru/mail.po old mode 100644 new mode 100755 diff --git a/luci-app-mail/po/templates/mail.pot b/luci-app-mail/po/templates/mail.pot old mode 100644 new mode 100755 diff --git a/luci-app-mail/po/zh_Hans/mail.po b/luci-app-mail/po/zh_Hans/mail.po old mode 100644 new mode 100755 diff --git a/luci-app-mail/po/zh_Hans/mail.po~ b/luci-app-mail/po/zh_Hans/mail.po~ old mode 100644 new mode 100755 diff --git a/luci-app-mail/root/etc/config/mail b/luci-app-mail/root/etc/config/mail old mode 100644 new mode 100755 diff --git a/luci-app-mail/root/usr/share/luci/menu.d/luci-app-mail.json b/luci-app-mail/root/usr/share/luci/menu.d/luci-app-mail.json old mode 100644 new mode 100755 diff --git a/luci-app-mail/root/usr/share/rpcd/acl.d/luci-app-mail.json b/luci-app-mail/root/usr/share/rpcd/acl.d/luci-app-mail.json old mode 100644 new mode 100755 diff --git a/luci-app-mlvpn/Makefile b/luci-app-mlvpn/Makefile old mode 100644 new mode 100755 diff --git a/luci-app-mlvpn/htdocs/luci-static/resources/view/services/mlvpn.js b/luci-app-mlvpn/htdocs/luci-static/resources/view/services/mlvpn.js old mode 100644 new mode 100755 diff --git a/luci-app-mlvpn/po/fr/mlvpn.po b/luci-app-mlvpn/po/fr/mlvpn.po old mode 100644 new mode 100755 diff --git a/luci-app-mlvpn/po/fr/mlvpn.po~ b/luci-app-mlvpn/po/fr/mlvpn.po~ old mode 100644 new mode 100755 diff --git a/luci-app-mlvpn/po/ru/mlvpn.po b/luci-app-mlvpn/po/ru/mlvpn.po old mode 100644 new mode 100755 diff --git a/luci-app-mlvpn/po/templates/mlvpn.pot b/luci-app-mlvpn/po/templates/mlvpn.pot old mode 100644 new mode 100755 diff --git a/luci-app-mlvpn/po/zh_Hans/mlvpn.po b/luci-app-mlvpn/po/zh_Hans/mlvpn.po old mode 100644 new mode 100755 diff --git a/luci-app-mlvpn/po/zh_Hans/mlvpn.po~ b/luci-app-mlvpn/po/zh_Hans/mlvpn.po~ old mode 100644 new mode 100755 diff --git a/luci-app-mlvpn/root/usr/share/luci/menu.d/luci-app-mlvpn.json b/luci-app-mlvpn/root/usr/share/luci/menu.d/luci-app-mlvpn.json old mode 100644 new mode 100755 diff --git a/luci-app-mlvpn/root/usr/share/rpcd/acl.d/luci-app-mlvpn.json b/luci-app-mlvpn/root/usr/share/rpcd/acl.d/luci-app-mlvpn.json old mode 100644 new mode 100755 diff --git a/luci-app-mptcp/Makefile b/luci-app-mptcp/Makefile old mode 100644 new mode 100755 diff --git a/luci-app-mptcp/htdocs/luci-static/resources/seedrandom.js b/luci-app-mptcp/htdocs/luci-static/resources/seedrandom.js old mode 100644 new mode 100755 diff --git a/luci-app-mptcp/luasrc/controller/mptcp.lua b/luci-app-mptcp/luasrc/controller/mptcp.lua old mode 100644 new mode 100755 diff --git a/luci-app-mptcp/luasrc/model/cbi/mptcp.lua b/luci-app-mptcp/luasrc/model/cbi/mptcp.lua old mode 100644 new mode 100755 diff --git a/luci-app-mptcp/luasrc/view/mptcp/mptcp_check.htm b/luci-app-mptcp/luasrc/view/mptcp/mptcp_check.htm old mode 100644 new mode 100755 diff --git a/luci-app-mptcp/luasrc/view/mptcp/mptcp_connections.htm b/luci-app-mptcp/luasrc/view/mptcp/mptcp_connections.htm old mode 100644 new mode 100755 diff --git a/luci-app-mptcp/luasrc/view/mptcp/mptcp_fullmesh.htm b/luci-app-mptcp/luasrc/view/mptcp/mptcp_fullmesh.htm old mode 100644 new mode 100755 diff --git a/luci-app-mptcp/luasrc/view/mptcp/mptcp_monitor.htm b/luci-app-mptcp/luasrc/view/mptcp/mptcp_monitor.htm old mode 100644 new mode 100755 diff --git a/luci-app-mptcp/luasrc/view/mptcp/multipath.htm b/luci-app-mptcp/luasrc/view/mptcp/multipath.htm old mode 100644 new mode 100755 diff --git a/luci-app-mptcp/po/de/mptcp.po b/luci-app-mptcp/po/de/mptcp.po old mode 100644 new mode 100755 diff --git a/luci-app-mptcp/po/de/mptcp.po~ b/luci-app-mptcp/po/de/mptcp.po~ old mode 100644 new mode 100755 diff --git a/luci-app-mptcp/po/fr/mptcp.po b/luci-app-mptcp/po/fr/mptcp.po old mode 100644 new mode 100755 diff --git a/luci-app-mptcp/po/it/mptcp.po b/luci-app-mptcp/po/it/mptcp.po old mode 100644 new mode 100755 diff --git a/luci-app-mptcp/po/it/mptcp.po~ b/luci-app-mptcp/po/it/mptcp.po~ old mode 100644 new mode 100755 diff --git a/luci-app-mptcp/po/oc/mptcp.po b/luci-app-mptcp/po/oc/mptcp.po old mode 100644 new mode 100755 diff --git a/luci-app-mptcp/po/oc/mptcp.po~ b/luci-app-mptcp/po/oc/mptcp.po~ old mode 100644 new mode 100755 diff --git a/luci-app-mptcp/po/ru/mptcp.po b/luci-app-mptcp/po/ru/mptcp.po old mode 100644 new mode 100755 diff --git a/luci-app-mptcp/po/templates/mptcp.pot b/luci-app-mptcp/po/templates/mptcp.pot old mode 100644 new mode 100755 diff --git a/luci-app-mptcp/po/zh_Hans/mptcp.po b/luci-app-mptcp/po/zh_Hans/mptcp.po old mode 100644 new mode 100755 diff --git a/luci-app-mptcp/root/usr/share/luci/menu.d/luci-app-mptcp.json b/luci-app-mptcp/root/usr/share/luci/menu.d/luci-app-mptcp.json old mode 100644 new mode 100755 diff --git a/luci-app-mptcp/root/usr/share/rpcd/acl.d/luci-app-mptcp.json b/luci-app-mptcp/root/usr/share/rpcd/acl.d/luci-app-mptcp.json old mode 100644 new mode 100755 diff --git a/luci-app-nginx-ha/LICENSE b/luci-app-nginx-ha/LICENSE old mode 100644 new mode 100755 diff --git a/luci-app-nginx-ha/Makefile b/luci-app-nginx-ha/Makefile old mode 100644 new mode 100755 diff --git a/luci-app-nginx-ha/luasrc/controller/nginx-ha.lua b/luci-app-nginx-ha/luasrc/controller/nginx-ha.lua old mode 100644 new mode 100755 diff --git a/luci-app-nginx-ha/luasrc/model/cbi/nginx-ha.lua b/luci-app-nginx-ha/luasrc/model/cbi/nginx-ha.lua old mode 100644 new mode 100755 diff --git a/luci-app-nginx-ha/po/fr/nginx-ha.po b/luci-app-nginx-ha/po/fr/nginx-ha.po old mode 100644 new mode 100755 diff --git a/luci-app-nginx-ha/po/templates/nginx-ha.pot b/luci-app-nginx-ha/po/templates/nginx-ha.pot old mode 100644 new mode 100755 diff --git a/luci-app-nginx-ha/root/etc/config/nginx-ha b/luci-app-nginx-ha/root/etc/config/nginx-ha old mode 100644 new mode 100755 diff --git a/luci-app-nginx-ha/root/etc/uci-defaults/42_luci-nginx-ha b/luci-app-nginx-ha/root/etc/uci-defaults/42_luci-nginx-ha old mode 100644 new mode 100755 diff --git a/luci-app-nginx-ha/root/usr/share/luci/menu.d/luci-app-nginx-ha.json b/luci-app-nginx-ha/root/usr/share/luci/menu.d/luci-app-nginx-ha.json old mode 100644 new mode 100755 diff --git a/luci-app-nginx-ha/root/usr/share/rpcd/acl.d/luci-app-nginx-ha.json b/luci-app-nginx-ha/root/usr/share/rpcd/acl.d/luci-app-nginx-ha.json old mode 100644 new mode 100755 diff --git a/luci-app-omr-bypass/htdocs/luci-static/resources/view/services/omr-bypass.js b/luci-app-omr-bypass/htdocs/luci-static/resources/view/services/omr-bypass.js old mode 100644 new mode 100755 diff --git a/luci-app-omr-bypass/po/de/omr-bypass.po b/luci-app-omr-bypass/po/de/omr-bypass.po old mode 100644 new mode 100755 diff --git a/luci-app-omr-bypass/po/fr/omr-bypass.po b/luci-app-omr-bypass/po/fr/omr-bypass.po old mode 100644 new mode 100755 diff --git a/luci-app-omr-bypass/po/it/omr-bypass.po b/luci-app-omr-bypass/po/it/omr-bypass.po old mode 100644 new mode 100755 diff --git a/luci-app-omr-bypass/po/oc/omr-bypass.po b/luci-app-omr-bypass/po/oc/omr-bypass.po old mode 100644 new mode 100755 diff --git a/luci-app-omr-bypass/po/ru/omr-bypass.po b/luci-app-omr-bypass/po/ru/omr-bypass.po old mode 100644 new mode 100755 diff --git a/luci-app-omr-bypass/po/templates/omr-bypass.pot b/luci-app-omr-bypass/po/templates/omr-bypass.pot old mode 100644 new mode 100755 diff --git a/luci-app-omr-bypass/po/zh_Hans/omr-bypass.po b/luci-app-omr-bypass/po/zh_Hans/omr-bypass.po old mode 100644 new mode 100755 diff --git a/luci-app-omr-bypass/root/etc/config/omr-bypass b/luci-app-omr-bypass/root/etc/config/omr-bypass old mode 100644 new mode 100755 diff --git a/luci-app-omr-bypass/root/etc/firewall.omr-bypass b/luci-app-omr-bypass/root/etc/firewall.omr-bypass old mode 100644 new mode 100755 diff --git a/luci-app-omr-bypass/root/usr/share/luci/menu.d/luci-app-omr-bypass.json b/luci-app-omr-bypass/root/usr/share/luci/menu.d/luci-app-omr-bypass.json old mode 100644 new mode 100755 diff --git a/luci-app-omr-bypass/root/usr/share/rpcd/acl.d/luci-app-omr-bypass.json b/luci-app-omr-bypass/root/usr/share/rpcd/acl.d/luci-app-omr-bypass.json old mode 100644 new mode 100755 diff --git a/luci-app-omr-dscp/Makefile b/luci-app-omr-dscp/Makefile old mode 100644 new mode 100755 diff --git a/luci-app-omr-dscp/luasrc/controller/omr-dscp.lua b/luci-app-omr-dscp/luasrc/controller/omr-dscp.lua old mode 100644 new mode 100755 diff --git a/luci-app-omr-dscp/luasrc/model/cbi/dscp-domains.lua b/luci-app-omr-dscp/luasrc/model/cbi/dscp-domains.lua old mode 100644 new mode 100755 diff --git a/luci-app-omr-dscp/luasrc/model/cbi/dscp.lua b/luci-app-omr-dscp/luasrc/model/cbi/dscp.lua old mode 100644 new mode 100755 diff --git a/luci-app-omr-dscp/po/de/omr-dscp.po b/luci-app-omr-dscp/po/de/omr-dscp.po old mode 100644 new mode 100755 diff --git a/luci-app-omr-dscp/po/de/omr-dscp.po~ b/luci-app-omr-dscp/po/de/omr-dscp.po~ old mode 100644 new mode 100755 diff --git a/luci-app-omr-dscp/po/fr/omr-dscp.po b/luci-app-omr-dscp/po/fr/omr-dscp.po old mode 100644 new mode 100755 diff --git a/luci-app-omr-dscp/po/fr/omr-dscp.po~ b/luci-app-omr-dscp/po/fr/omr-dscp.po~ old mode 100644 new mode 100755 diff --git a/luci-app-omr-dscp/po/it/omr-dscp.po b/luci-app-omr-dscp/po/it/omr-dscp.po old mode 100644 new mode 100755 diff --git a/luci-app-omr-dscp/po/it/omr-dscp.po~ b/luci-app-omr-dscp/po/it/omr-dscp.po~ old mode 100644 new mode 100755 diff --git a/luci-app-omr-dscp/po/oc/omr-dscp.po b/luci-app-omr-dscp/po/oc/omr-dscp.po old mode 100644 new mode 100755 diff --git a/luci-app-omr-dscp/po/oc/omr-dscp.po~ b/luci-app-omr-dscp/po/oc/omr-dscp.po~ old mode 100644 new mode 100755 diff --git a/luci-app-omr-dscp/po/templates/omr-dscp.pot b/luci-app-omr-dscp/po/templates/omr-dscp.pot old mode 100644 new mode 100755 diff --git a/luci-app-omr-dscp/po/zh_Hans/omr-dscp.po b/luci-app-omr-dscp/po/zh_Hans/omr-dscp.po old mode 100644 new mode 100755 diff --git a/luci-app-omr-dscp/po/zh_Hans/omr-dscp.po~ b/luci-app-omr-dscp/po/zh_Hans/omr-dscp.po~ old mode 100644 new mode 100755 diff --git a/luci-app-omr-dscp/root/etc/config/dscp b/luci-app-omr-dscp/root/etc/config/dscp old mode 100644 new mode 100755 diff --git a/luci-app-omr-dscp/root/usr/share/luci/menu.d/luci-app-omr-dscp.json b/luci-app-omr-dscp/root/usr/share/luci/menu.d/luci-app-omr-dscp.json old mode 100644 new mode 100755 diff --git a/luci-app-omr-dscp/root/usr/share/rpcd/acl.d/luci-app-omr-dscp.json b/luci-app-omr-dscp/root/usr/share/rpcd/acl.d/luci-app-omr-dscp.json old mode 100644 new mode 100755 diff --git a/luci-app-omr-quota/Makefile b/luci-app-omr-quota/Makefile old mode 100644 new mode 100755 diff --git a/luci-app-omr-quota/luasrc/controller/quota.lua b/luci-app-omr-quota/luasrc/controller/quota.lua old mode 100644 new mode 100755 diff --git a/luci-app-omr-quota/luasrc/model/cbi/quota/quota.lua b/luci-app-omr-quota/luasrc/model/cbi/quota/quota.lua old mode 100644 new mode 100755 diff --git a/luci-app-omr-quota/luasrc/view/omr-quota/cbi-select-add.htm b/luci-app-omr-quota/luasrc/view/omr-quota/cbi-select-add.htm old mode 100644 new mode 100755 diff --git a/luci-app-omr-quota/po/de/omr-quota.po b/luci-app-omr-quota/po/de/omr-quota.po old mode 100644 new mode 100755 diff --git a/luci-app-omr-quota/po/de/omr-quota.po~ b/luci-app-omr-quota/po/de/omr-quota.po~ old mode 100644 new mode 100755 diff --git a/luci-app-omr-quota/po/fr/omr-quota.po b/luci-app-omr-quota/po/fr/omr-quota.po old mode 100644 new mode 100755 diff --git a/luci-app-omr-quota/po/fr/omr-quota.po~ b/luci-app-omr-quota/po/fr/omr-quota.po~ old mode 100644 new mode 100755 diff --git a/luci-app-omr-quota/po/it/omr-quota.po b/luci-app-omr-quota/po/it/omr-quota.po old mode 100644 new mode 100755 diff --git a/luci-app-omr-quota/po/it/omr-quota.po~ b/luci-app-omr-quota/po/it/omr-quota.po~ old mode 100644 new mode 100755 diff --git a/luci-app-omr-quota/po/oc/omr-quota.po b/luci-app-omr-quota/po/oc/omr-quota.po old mode 100644 new mode 100755 diff --git a/luci-app-omr-quota/po/oc/omr-quota.po~ b/luci-app-omr-quota/po/oc/omr-quota.po~ old mode 100644 new mode 100755 diff --git a/luci-app-omr-quota/po/ru/omr-quota.po b/luci-app-omr-quota/po/ru/omr-quota.po old mode 100644 new mode 100755 diff --git a/luci-app-omr-quota/po/templates/omr-quota.pot b/luci-app-omr-quota/po/templates/omr-quota.pot old mode 100644 new mode 100755 diff --git a/luci-app-omr-quota/po/zh_Hans/omr-quota.po b/luci-app-omr-quota/po/zh_Hans/omr-quota.po old mode 100644 new mode 100755 diff --git a/luci-app-omr-quota/po/zh_Hans/omr-quota.po~ b/luci-app-omr-quota/po/zh_Hans/omr-quota.po~ old mode 100644 new mode 100755 diff --git a/luci-app-omr-quota/root/usr/share/luci/menu.d/luci-app-omr-quota.json b/luci-app-omr-quota/root/usr/share/luci/menu.d/luci-app-omr-quota.json old mode 100644 new mode 100755 diff --git a/luci-app-omr-quota/root/usr/share/rpcd/acl.d/luci-app-omr-quota.json b/luci-app-omr-quota/root/usr/share/rpcd/acl.d/luci-app-omr-quota.json old mode 100644 new mode 100755 diff --git a/luci-app-omr-tracker/Makefile b/luci-app-omr-tracker/Makefile old mode 100644 new mode 100755 diff --git a/luci-app-omr-tracker/luasrc/controller/omr-tracker.lua b/luci-app-omr-tracker/luasrc/controller/omr-tracker.lua old mode 100644 new mode 100755 diff --git a/luci-app-omr-tracker/luasrc/model/cbi/omr-tracker.lua b/luci-app-omr-tracker/luasrc/model/cbi/omr-tracker.lua old mode 100644 new mode 100755 diff --git a/luci-app-omr-tracker/luasrc/view/omr-tracker/cbi-select-add.htm b/luci-app-omr-tracker/luasrc/view/omr-tracker/cbi-select-add.htm old mode 100644 new mode 100755 diff --git a/luci-app-omr-tracker/po/de/omr-tracker.po b/luci-app-omr-tracker/po/de/omr-tracker.po old mode 100644 new mode 100755 diff --git a/luci-app-omr-tracker/po/de/omr-tracker.po~ b/luci-app-omr-tracker/po/de/omr-tracker.po~ old mode 100644 new mode 100755 diff --git a/luci-app-omr-tracker/po/fr/omr-tracker.po b/luci-app-omr-tracker/po/fr/omr-tracker.po old mode 100644 new mode 100755 diff --git a/luci-app-omr-tracker/po/fr/omr-tracker.po~ b/luci-app-omr-tracker/po/fr/omr-tracker.po~ old mode 100644 new mode 100755 diff --git a/luci-app-omr-tracker/po/it/omr-tracker.po b/luci-app-omr-tracker/po/it/omr-tracker.po old mode 100644 new mode 100755 diff --git a/luci-app-omr-tracker/po/it/omr-tracker.po~ b/luci-app-omr-tracker/po/it/omr-tracker.po~ old mode 100644 new mode 100755 diff --git a/luci-app-omr-tracker/po/oc/omr-tracker.po b/luci-app-omr-tracker/po/oc/omr-tracker.po old mode 100644 new mode 100755 diff --git a/luci-app-omr-tracker/po/oc/omr-tracker.po~ b/luci-app-omr-tracker/po/oc/omr-tracker.po~ old mode 100644 new mode 100755 diff --git a/luci-app-omr-tracker/po/templates/omr-tracker.pot b/luci-app-omr-tracker/po/templates/omr-tracker.pot old mode 100644 new mode 100755 diff --git a/luci-app-omr-tracker/po/zh_Hans/omr-tracker.po b/luci-app-omr-tracker/po/zh_Hans/omr-tracker.po old mode 100644 new mode 100755 diff --git a/luci-app-omr-tracker/root/etc/uci-defaults/42_luci-omr-tracker b/luci-app-omr-tracker/root/etc/uci-defaults/42_luci-omr-tracker old mode 100644 new mode 100755 diff --git a/luci-app-openmptcprouter/Makefile b/luci-app-openmptcprouter/Makefile old mode 100644 new mode 100755 diff --git a/luci-app-openmptcprouter/po/de/openmptcprouter.po b/luci-app-openmptcprouter/po/de/openmptcprouter.po old mode 100644 new mode 100755 diff --git a/luci-app-openmptcprouter/po/de/openmptcprouter.po~ b/luci-app-openmptcprouter/po/de/openmptcprouter.po~ old mode 100644 new mode 100755 diff --git a/luci-app-openmptcprouter/po/fr/openmptcprouter.po b/luci-app-openmptcprouter/po/fr/openmptcprouter.po old mode 100644 new mode 100755 diff --git a/luci-app-openmptcprouter/po/fr/openmptcprouter.po~ b/luci-app-openmptcprouter/po/fr/openmptcprouter.po~ old mode 100644 new mode 100755 diff --git a/luci-app-openmptcprouter/po/it/openmptcprouter.po b/luci-app-openmptcprouter/po/it/openmptcprouter.po old mode 100644 new mode 100755 diff --git a/luci-app-openmptcprouter/po/it/openmptcprouter.po~ b/luci-app-openmptcprouter/po/it/openmptcprouter.po~ old mode 100644 new mode 100755 diff --git a/luci-app-openmptcprouter/po/oc/openmptcprouter.po b/luci-app-openmptcprouter/po/oc/openmptcprouter.po old mode 100644 new mode 100755 diff --git a/luci-app-openmptcprouter/po/oc/openmptcprouter.po~ b/luci-app-openmptcprouter/po/oc/openmptcprouter.po~ old mode 100644 new mode 100755 diff --git a/luci-app-openmptcprouter/po/templates/openmptcprouter.pot b/luci-app-openmptcprouter/po/templates/openmptcprouter.pot old mode 100644 new mode 100755 diff --git a/luci-app-openmptcprouter/po/zh_Hans/openmptcprouter.po b/luci-app-openmptcprouter/po/zh_Hans/openmptcprouter.po old mode 100644 new mode 100755 diff --git a/luci-app-openmptcprouter/po/zh_Hans/openmptcprouter.po~ b/luci-app-openmptcprouter/po/zh_Hans/openmptcprouter.po~ old mode 100644 new mode 100755 diff --git a/luci-app-openmptcprouter/root/etc/config/openmptcprouter b/luci-app-openmptcprouter/root/etc/config/openmptcprouter old mode 100644 new mode 100755 diff --git a/luci-app-openmptcprouter/root/usr/share/luci/menu.d/luci-app-openmptcprouter.json b/luci-app-openmptcprouter/root/usr/share/luci/menu.d/luci-app-openmptcprouter.json old mode 100644 new mode 100755 diff --git a/luci-app-openmptcprouter/root/usr/share/rpcd/acl.d/luci-app-openmptcprouter.json b/luci-app-openmptcprouter/root/usr/share/rpcd/acl.d/luci-app-openmptcprouter.json old mode 100644 new mode 100755 diff --git a/luci-app-packet-capture/Makefile b/luci-app-packet-capture/Makefile old mode 100644 new mode 100755 diff --git a/luci-app-packet-capture/htdocs/luci-static/resources/view/packet_capture/tcpdump.js b/luci-app-packet-capture/htdocs/luci-static/resources/view/packet_capture/tcpdump.js old mode 100644 new mode 100755 diff --git a/luci-app-packet-capture/po/fr/packet-capture.po b/luci-app-packet-capture/po/fr/packet-capture.po old mode 100644 new mode 100755 diff --git a/luci-app-packet-capture/po/templates/packet-capture.pot b/luci-app-packet-capture/po/templates/packet-capture.pot old mode 100644 new mode 100755 diff --git a/luci-app-packet-capture/po/zh_Hans/packet-capture.po b/luci-app-packet-capture/po/zh_Hans/packet-capture.po old mode 100644 new mode 100755 diff --git a/luci-app-packet-capture/root/etc/config/packet_capture b/luci-app-packet-capture/root/etc/config/packet_capture old mode 100644 new mode 100755 diff --git a/luci-app-packet-capture/root/usr/share/luci/menu.d/luci-app-packet-capture.json b/luci-app-packet-capture/root/usr/share/luci/menu.d/luci-app-packet-capture.json old mode 100644 new mode 100755 diff --git a/luci-app-packet-capture/root/usr/share/rpcd/acl.d/luci-app-packet-capture.json b/luci-app-packet-capture/root/usr/share/rpcd/acl.d/luci-app-packet-capture.json old mode 100644 new mode 100755 diff --git a/luci-app-shadowsocks-libev/Makefile b/luci-app-shadowsocks-libev/Makefile old mode 100644 new mode 100755 diff --git a/luci-app-shadowsocks-libev/htdocs/luci-static/resources/shadowsocks-libev.js b/luci-app-shadowsocks-libev/htdocs/luci-static/resources/shadowsocks-libev.js old mode 100644 new mode 100755 diff --git a/luci-app-shadowsocks-libev/htdocs/luci-static/resources/view/shadowsocks-libev/instances.js b/luci-app-shadowsocks-libev/htdocs/luci-static/resources/view/shadowsocks-libev/instances.js old mode 100644 new mode 100755 diff --git a/luci-app-shadowsocks-libev/htdocs/luci-static/resources/view/shadowsocks-libev/rules.js b/luci-app-shadowsocks-libev/htdocs/luci-static/resources/view/shadowsocks-libev/rules.js old mode 100644 new mode 100755 diff --git a/luci-app-shadowsocks-libev/htdocs/luci-static/resources/view/shadowsocks-libev/servers.js b/luci-app-shadowsocks-libev/htdocs/luci-static/resources/view/shadowsocks-libev/servers.js old mode 100644 new mode 100755 diff --git a/luci-app-shadowsocks-libev/luasrc/controller/shadowsocks-libev.lua b/luci-app-shadowsocks-libev/luasrc/controller/shadowsocks-libev.lua old mode 100644 new mode 100755 diff --git a/luci-app-shadowsocks-libev/po/bg/shadowsocks-libev.po b/luci-app-shadowsocks-libev/po/bg/shadowsocks-libev.po old mode 100644 new mode 100755 diff --git a/luci-app-shadowsocks-libev/po/ca/shadowsocks-libev.po b/luci-app-shadowsocks-libev/po/ca/shadowsocks-libev.po old mode 100644 new mode 100755 diff --git a/luci-app-shadowsocks-libev/po/cs/shadowsocks-libev.po b/luci-app-shadowsocks-libev/po/cs/shadowsocks-libev.po old mode 100644 new mode 100755 diff --git a/luci-app-shadowsocks-libev/po/de/shadowsocks-libev.po b/luci-app-shadowsocks-libev/po/de/shadowsocks-libev.po old mode 100644 new mode 100755 diff --git a/luci-app-shadowsocks-libev/po/el/shadowsocks-libev.po b/luci-app-shadowsocks-libev/po/el/shadowsocks-libev.po old mode 100644 new mode 100755 diff --git a/luci-app-shadowsocks-libev/po/en/shadowsocks-libev.po b/luci-app-shadowsocks-libev/po/en/shadowsocks-libev.po old mode 100644 new mode 100755 diff --git a/luci-app-shadowsocks-libev/po/es/shadowsocks-libev.po b/luci-app-shadowsocks-libev/po/es/shadowsocks-libev.po old mode 100644 new mode 100755 diff --git a/luci-app-shadowsocks-libev/po/fr/shadowsocks-libev.po b/luci-app-shadowsocks-libev/po/fr/shadowsocks-libev.po old mode 100644 new mode 100755 diff --git a/luci-app-shadowsocks-libev/po/he/shadowsocks-libev.po b/luci-app-shadowsocks-libev/po/he/shadowsocks-libev.po old mode 100644 new mode 100755 diff --git a/luci-app-shadowsocks-libev/po/hi/shadowsocks-libev.po b/luci-app-shadowsocks-libev/po/hi/shadowsocks-libev.po old mode 100644 new mode 100755 diff --git a/luci-app-shadowsocks-libev/po/hu/shadowsocks-libev.po b/luci-app-shadowsocks-libev/po/hu/shadowsocks-libev.po old mode 100644 new mode 100755 diff --git a/luci-app-shadowsocks-libev/po/it/shadowsocks-libev.po b/luci-app-shadowsocks-libev/po/it/shadowsocks-libev.po old mode 100644 new mode 100755 diff --git a/luci-app-shadowsocks-libev/po/ja/shadowsocks-libev.po b/luci-app-shadowsocks-libev/po/ja/shadowsocks-libev.po old mode 100644 new mode 100755 diff --git a/luci-app-shadowsocks-libev/po/ko/shadowsocks-libev.po b/luci-app-shadowsocks-libev/po/ko/shadowsocks-libev.po old mode 100644 new mode 100755 diff --git a/luci-app-shadowsocks-libev/po/ms/shadowsocks-libev.po b/luci-app-shadowsocks-libev/po/ms/shadowsocks-libev.po old mode 100644 new mode 100755 diff --git a/luci-app-shadowsocks-libev/po/nb_NO/shadowsocks-libev.po b/luci-app-shadowsocks-libev/po/nb_NO/shadowsocks-libev.po old mode 100644 new mode 100755 diff --git a/luci-app-shadowsocks-libev/po/pl/shadowsocks-libev.po b/luci-app-shadowsocks-libev/po/pl/shadowsocks-libev.po old mode 100644 new mode 100755 diff --git a/luci-app-shadowsocks-libev/po/pt/shadowsocks-libev.po b/luci-app-shadowsocks-libev/po/pt/shadowsocks-libev.po old mode 100644 new mode 100755 diff --git a/luci-app-shadowsocks-libev/po/pt_BR/shadowsocks-libev.po b/luci-app-shadowsocks-libev/po/pt_BR/shadowsocks-libev.po old mode 100644 new mode 100755 diff --git a/luci-app-shadowsocks-libev/po/ro/shadowsocks-libev.po b/luci-app-shadowsocks-libev/po/ro/shadowsocks-libev.po old mode 100644 new mode 100755 diff --git a/luci-app-shadowsocks-libev/po/ru/shadowsocks-libev.po b/luci-app-shadowsocks-libev/po/ru/shadowsocks-libev.po old mode 100644 new mode 100755 diff --git a/luci-app-shadowsocks-libev/po/sk/shadowsocks-libev.po b/luci-app-shadowsocks-libev/po/sk/shadowsocks-libev.po old mode 100644 new mode 100755 diff --git a/luci-app-shadowsocks-libev/po/sv/shadowsocks-libev.po b/luci-app-shadowsocks-libev/po/sv/shadowsocks-libev.po old mode 100644 new mode 100755 diff --git a/luci-app-shadowsocks-libev/po/templates/shadowsocks-libev.pot b/luci-app-shadowsocks-libev/po/templates/shadowsocks-libev.pot old mode 100644 new mode 100755 diff --git a/luci-app-shadowsocks-libev/po/tr/shadowsocks-libev.po b/luci-app-shadowsocks-libev/po/tr/shadowsocks-libev.po old mode 100644 new mode 100755 diff --git a/luci-app-shadowsocks-libev/po/uk/shadowsocks-libev.po b/luci-app-shadowsocks-libev/po/uk/shadowsocks-libev.po old mode 100644 new mode 100755 diff --git a/luci-app-shadowsocks-libev/po/vi/shadowsocks-libev.po b/luci-app-shadowsocks-libev/po/vi/shadowsocks-libev.po old mode 100644 new mode 100755 diff --git a/luci-app-shadowsocks-libev/po/zh-cn/shadowsocks-libev.po b/luci-app-shadowsocks-libev/po/zh-cn/shadowsocks-libev.po old mode 100644 new mode 100755 diff --git a/luci-app-shadowsocks-libev/po/zh-tw/shadowsocks-libev.po b/luci-app-shadowsocks-libev/po/zh-tw/shadowsocks-libev.po old mode 100644 new mode 100755 diff --git a/luci-app-shadowsocks-libev/root/etc/uci-defaults/40_luci-shadowsocks-libev b/luci-app-shadowsocks-libev/root/etc/uci-defaults/40_luci-shadowsocks-libev old mode 100644 new mode 100755 diff --git a/luci-app-shadowsocks-libev/root/usr/share/luci/menu.d/luci-app-shadowsocks-libev.json b/luci-app-shadowsocks-libev/root/usr/share/luci/menu.d/luci-app-shadowsocks-libev.json old mode 100644 new mode 100755 diff --git a/luci-app-shadowsocks-libev/root/usr/share/rpcd/acl.d/luci-app-shadowsocks-libev.json b/luci-app-shadowsocks-libev/root/usr/share/rpcd/acl.d/luci-app-shadowsocks-libev.json old mode 100644 new mode 100755 diff --git a/luci-app-shutdown/Makefile b/luci-app-shutdown/Makefile old mode 100644 new mode 100755 diff --git a/luci-app-shutdown/htdocs/luci-static/resources/view/system/shutdown.js b/luci-app-shutdown/htdocs/luci-static/resources/view/system/shutdown.js old mode 100644 new mode 100755 diff --git a/luci-app-shutdown/po/de/shutdown.po b/luci-app-shutdown/po/de/shutdown.po old mode 100644 new mode 100755 diff --git a/luci-app-shutdown/po/fr/shutdown.po b/luci-app-shutdown/po/fr/shutdown.po old mode 100644 new mode 100755 diff --git a/luci-app-shutdown/po/it/shutdown.po b/luci-app-shutdown/po/it/shutdown.po old mode 100644 new mode 100755 diff --git a/luci-app-shutdown/po/oc/shutdown.po b/luci-app-shutdown/po/oc/shutdown.po old mode 100644 new mode 100755 diff --git a/luci-app-shutdown/po/pl/shutdown.po b/luci-app-shutdown/po/pl/shutdown.po old mode 100644 new mode 100755 diff --git a/luci-app-shutdown/po/ru/shutdown.po b/luci-app-shutdown/po/ru/shutdown.po old mode 100644 new mode 100755 diff --git a/luci-app-shutdown/po/templates/shutdown.pot b/luci-app-shutdown/po/templates/shutdown.pot old mode 100644 new mode 100755 diff --git a/luci-app-shutdown/po/zh_Hans/shutdown.po b/luci-app-shutdown/po/zh_Hans/shutdown.po old mode 100644 new mode 100755 diff --git a/luci-app-shutdown/root/usr/share/luci/menu.d/luci-app-shutdown.json b/luci-app-shutdown/root/usr/share/luci/menu.d/luci-app-shutdown.json old mode 100644 new mode 100755 diff --git a/luci-app-shutdown/root/usr/share/rpcd/acl.d/luci-app-shutdown.json b/luci-app-shutdown/root/usr/share/rpcd/acl.d/luci-app-shutdown.json old mode 100644 new mode 100755 diff --git a/luci-app-snmpd/Makefile b/luci-app-snmpd/Makefile old mode 100644 new mode 100755 diff --git a/luci-app-snmpd/luasrc/controller/snmpd.lua b/luci-app-snmpd/luasrc/controller/snmpd.lua old mode 100644 new mode 100755 diff --git a/luci-app-snmpd/luasrc/model/cbi/snmpd.lua b/luci-app-snmpd/luasrc/model/cbi/snmpd.lua old mode 100644 new mode 100755 diff --git a/luci-app-snmpd/luasrc/view/snmpd.htm b/luci-app-snmpd/luasrc/view/snmpd.htm old mode 100644 new mode 100755 diff --git a/luci-app-snmpd/po/de/snmpd.po b/luci-app-snmpd/po/de/snmpd.po old mode 100644 new mode 100755 diff --git a/luci-app-snmpd/po/fr/snmpd.po b/luci-app-snmpd/po/fr/snmpd.po old mode 100644 new mode 100755 diff --git a/luci-app-snmpd/po/it/snmpd.po b/luci-app-snmpd/po/it/snmpd.po old mode 100644 new mode 100755 diff --git a/luci-app-snmpd/po/oc/snmpd.po b/luci-app-snmpd/po/oc/snmpd.po old mode 100644 new mode 100755 diff --git a/luci-app-snmpd/po/templates/snmpd.pot b/luci-app-snmpd/po/templates/snmpd.pot old mode 100644 new mode 100755 diff --git a/luci-app-snmpd/po/zh_Hans/snmpd.po b/luci-app-snmpd/po/zh_Hans/snmpd.po old mode 100644 new mode 100755 diff --git a/luci-app-snmpd/root/etc/config/snmpd b/luci-app-snmpd/root/etc/config/snmpd old mode 100644 new mode 100755 diff --git a/luci-app-snmpd/root/usr/share/luci/menu.d/luci-app-snmpd.json b/luci-app-snmpd/root/usr/share/luci/menu.d/luci-app-snmpd.json old mode 100644 new mode 100755 diff --git a/luci-app-snmpd/root/usr/share/rpcd/acl.d/luci-app-snmpd.json b/luci-app-snmpd/root/usr/share/rpcd/acl.d/luci-app-snmpd.json old mode 100644 new mode 100755 diff --git a/luci-app-sysupgrade/Makefile b/luci-app-sysupgrade/Makefile old mode 100644 new mode 100755 diff --git a/luci-app-sysupgrade/luasrc/view/sysupgrade.htm b/luci-app-sysupgrade/luasrc/view/sysupgrade.htm old mode 100644 new mode 100755 diff --git a/luci-app-sysupgrade/po/fr/sysupgrade.po b/luci-app-sysupgrade/po/fr/sysupgrade.po old mode 100644 new mode 100755 diff --git a/luci-app-sysupgrade/po/fr/sysupgrade.po~ b/luci-app-sysupgrade/po/fr/sysupgrade.po~ old mode 100644 new mode 100755 diff --git a/luci-app-sysupgrade/po/ru/sysupgrade.po b/luci-app-sysupgrade/po/ru/sysupgrade.po old mode 100644 new mode 100755 diff --git a/luci-app-sysupgrade/po/templates/sysupgrade.pot b/luci-app-sysupgrade/po/templates/sysupgrade.pot old mode 100644 new mode 100755 diff --git a/luci-app-sysupgrade/po/zh_Hans/sysupgrade.po b/luci-app-sysupgrade/po/zh_Hans/sysupgrade.po old mode 100644 new mode 100755 diff --git a/luci-app-sysupgrade/po/zh_Hans/sysupgrade.po~ b/luci-app-sysupgrade/po/zh_Hans/sysupgrade.po~ old mode 100644 new mode 100755 diff --git a/luci-app-sysupgrade/root/usr/share/luci/menu.d/luci-app-sysupgrade.json b/luci-app-sysupgrade/root/usr/share/luci/menu.d/luci-app-sysupgrade.json old mode 100644 new mode 100755 diff --git a/luci-app-sysupgrade/root/usr/share/rpcd/acl.d/sysupgrade.json b/luci-app-sysupgrade/root/usr/share/rpcd/acl.d/sysupgrade.json old mode 100644 new mode 100755 diff --git a/luci-app-sysupgrade/root/www/luci-static/resources/sysupgrade.js b/luci-app-sysupgrade/root/www/luci-static/resources/sysupgrade.js old mode 100644 new mode 100755 diff --git a/luci-base/po/oc/base.po b/luci-base/po/oc/base.po old mode 100644 new mode 100755 diff --git a/luci-base/po/templates/base.pot b/luci-base/po/templates/base.pot old mode 100644 new mode 100755 diff --git a/luci-mod-dashboard/Makefile b/luci-mod-dashboard/Makefile old mode 100644 new mode 100755 diff --git a/luci-mod-dashboard/htdocs/luci-static/resources/view/dashboard/css/custom.css b/luci-mod-dashboard/htdocs/luci-static/resources/view/dashboard/css/custom.css old mode 100644 new mode 100755 diff --git a/luci-mod-dashboard/htdocs/luci-static/resources/view/dashboard/icons/devices.svg b/luci-mod-dashboard/htdocs/luci-static/resources/view/dashboard/icons/devices.svg old mode 100644 new mode 100755 diff --git a/luci-mod-dashboard/htdocs/luci-static/resources/view/dashboard/icons/internet.svg b/luci-mod-dashboard/htdocs/luci-static/resources/view/dashboard/icons/internet.svg old mode 100644 new mode 100755 diff --git a/luci-mod-dashboard/htdocs/luci-static/resources/view/dashboard/icons/not-internet.svg b/luci-mod-dashboard/htdocs/luci-static/resources/view/dashboard/icons/not-internet.svg old mode 100644 new mode 100755 diff --git a/luci-mod-dashboard/htdocs/luci-static/resources/view/dashboard/icons/router.svg b/luci-mod-dashboard/htdocs/luci-static/resources/view/dashboard/icons/router.svg old mode 100644 new mode 100755 diff --git a/luci-mod-dashboard/htdocs/luci-static/resources/view/dashboard/icons/wireless.svg b/luci-mod-dashboard/htdocs/luci-static/resources/view/dashboard/icons/wireless.svg old mode 100644 new mode 100755 diff --git a/luci-mod-dashboard/htdocs/luci-static/resources/view/dashboard/include/10_router.js b/luci-mod-dashboard/htdocs/luci-static/resources/view/dashboard/include/10_router.js old mode 100644 new mode 100755 diff --git a/luci-mod-dashboard/htdocs/luci-static/resources/view/dashboard/include/20_lan.js b/luci-mod-dashboard/htdocs/luci-static/resources/view/dashboard/include/20_lan.js old mode 100644 new mode 100755 diff --git a/luci-mod-dashboard/htdocs/luci-static/resources/view/dashboard/include/30_wifi.js b/luci-mod-dashboard/htdocs/luci-static/resources/view/dashboard/include/30_wifi.js old mode 100644 new mode 100755 diff --git a/luci-mod-dashboard/htdocs/luci-static/resources/view/dashboard/index.js b/luci-mod-dashboard/htdocs/luci-static/resources/view/dashboard/index.js old mode 100644 new mode 100755 diff --git a/luci-mod-dashboard/po/fr/dashboard.po b/luci-mod-dashboard/po/fr/dashboard.po old mode 100644 new mode 100755 diff --git a/luci-mod-dashboard/po/ru/dashboard.po b/luci-mod-dashboard/po/ru/dashboard.po old mode 100644 new mode 100755 diff --git a/luci-mod-dashboard/po/templates/dashboard.pot b/luci-mod-dashboard/po/templates/dashboard.pot old mode 100644 new mode 100755 diff --git a/luci-mod-dashboard/po/zh_Hans/dashboard.po b/luci-mod-dashboard/po/zh_Hans/dashboard.po old mode 100644 new mode 100755 diff --git a/luci-mod-dashboard/root/usr/share/luci/menu.d/luci-mod-dashboard.json b/luci-mod-dashboard/root/usr/share/luci/menu.d/luci-mod-dashboard.json old mode 100644 new mode 100755 diff --git a/luci-mod-dashboard/root/usr/share/rpcd/acl.d/luci-mod-dashboard.json b/luci-mod-dashboard/root/usr/share/rpcd/acl.d/luci-mod-dashboard.json old mode 100644 new mode 100755 diff --git a/luci-mod-network/Makefile b/luci-mod-network/Makefile old mode 100644 new mode 100755 diff --git a/luci-mod-network/htdocs/luci-static/resources/tools/network.js b/luci-mod-network/htdocs/luci-static/resources/tools/network.js old mode 100644 new mode 100755 diff --git a/luci-mod-network/htdocs/luci-static/resources/view/network/dhcp.js b/luci-mod-network/htdocs/luci-static/resources/view/network/dhcp.js old mode 100644 new mode 100755 diff --git a/luci-mod-network/htdocs/luci-static/resources/view/network/diagnostics.js b/luci-mod-network/htdocs/luci-static/resources/view/network/diagnostics.js old mode 100644 new mode 100755 diff --git a/luci-mod-network/htdocs/luci-static/resources/view/network/hosts.js b/luci-mod-network/htdocs/luci-static/resources/view/network/hosts.js old mode 100644 new mode 100755 diff --git a/luci-mod-network/htdocs/luci-static/resources/view/network/interfaces.js b/luci-mod-network/htdocs/luci-static/resources/view/network/interfaces.js old mode 100644 new mode 100755 diff --git a/luci-mod-network/htdocs/luci-static/resources/view/network/routes.js b/luci-mod-network/htdocs/luci-static/resources/view/network/routes.js old mode 100644 new mode 100755 diff --git a/luci-mod-network/htdocs/luci-static/resources/view/network/switch.js b/luci-mod-network/htdocs/luci-static/resources/view/network/switch.js old mode 100644 new mode 100755 diff --git a/luci-mod-network/htdocs/luci-static/resources/view/network/wireless.js b/luci-mod-network/htdocs/luci-static/resources/view/network/wireless.js old mode 100644 new mode 100755 diff --git a/luci-mod-network/root/usr/share/luci/menu.d/luci-mod-network.json b/luci-mod-network/root/usr/share/luci/menu.d/luci-mod-network.json old mode 100644 new mode 100755 diff --git a/luci-mod-network/root/usr/share/rpcd/acl.d/luci-mod-network.json b/luci-mod-network/root/usr/share/rpcd/acl.d/luci-mod-network.json old mode 100644 new mode 100755 diff --git a/luci-proto-mbim/Makefile b/luci-proto-mbim/Makefile old mode 100644 new mode 100755 diff --git a/luci-proto-mbim/htdocs/luci-static/resources/protocol/mbim.js b/luci-proto-mbim/htdocs/luci-static/resources/protocol/mbim.js old mode 100644 new mode 100755 diff --git a/luci-theme-argon/Makefile b/luci-theme-argon/Makefile old mode 100644 new mode 100755 diff --git a/luci-theme-argon/README.md b/luci-theme-argon/README.md old mode 100644 new mode 100755 diff --git a/luci-theme-argon/README_ZH.md b/luci-theme-argon/README_ZH.md old mode 100644 new mode 100755 diff --git a/luci-theme-argon/Screenshots/screenshot_pc.jpg b/luci-theme-argon/Screenshots/screenshot_pc.jpg old mode 100644 new mode 100755 diff --git a/luci-theme-argon/Screenshots/screenshot_phone.jpg b/luci-theme-argon/Screenshots/screenshot_phone.jpg old mode 100644 new mode 100755 diff --git a/luci-theme-argon/htdocs/luci-static/argon/background/README.md b/luci-theme-argon/htdocs/luci-static/argon/background/README.md old mode 100644 new mode 100755 diff --git a/luci-theme-argon/htdocs/luci-static/argon/css/cascade.css b/luci-theme-argon/htdocs/luci-static/argon/css/cascade.css old mode 100644 new mode 100755 diff --git a/luci-theme-argon/htdocs/luci-static/argon/css/dark.css b/luci-theme-argon/htdocs/luci-static/argon/css/dark.css old mode 100644 new mode 100755 diff --git a/luci-theme-argon/htdocs/luci-static/argon/css/fonts.css b/luci-theme-argon/htdocs/luci-static/argon/css/fonts.css old mode 100644 new mode 100755 diff --git a/luci-theme-argon/htdocs/luci-static/argon/css/pure-min.css b/luci-theme-argon/htdocs/luci-static/argon/css/pure-min.css old mode 100644 new mode 100755 diff --git a/luci-theme-argon/htdocs/luci-static/argon/favicon.ico b/luci-theme-argon/htdocs/luci-static/argon/favicon.ico old mode 100644 new mode 100755 diff --git a/luci-theme-argon/htdocs/luci-static/argon/fonts/TypoGraphica.eot b/luci-theme-argon/htdocs/luci-static/argon/fonts/TypoGraphica.eot old mode 100644 new mode 100755 diff --git a/luci-theme-argon/htdocs/luci-static/argon/fonts/TypoGraphica.svg b/luci-theme-argon/htdocs/luci-static/argon/fonts/TypoGraphica.svg old mode 100644 new mode 100755 diff --git a/luci-theme-argon/htdocs/luci-static/argon/fonts/TypoGraphica.ttf b/luci-theme-argon/htdocs/luci-static/argon/fonts/TypoGraphica.ttf old mode 100644 new mode 100755 diff --git a/luci-theme-argon/htdocs/luci-static/argon/fonts/TypoGraphica.woff b/luci-theme-argon/htdocs/luci-static/argon/fonts/TypoGraphica.woff old mode 100644 new mode 100755 diff --git a/luci-theme-argon/htdocs/luci-static/argon/fonts/argon.eot b/luci-theme-argon/htdocs/luci-static/argon/fonts/argon.eot old mode 100644 new mode 100755 diff --git a/luci-theme-argon/htdocs/luci-static/argon/fonts/argon.svg b/luci-theme-argon/htdocs/luci-static/argon/fonts/argon.svg old mode 100644 new mode 100755 diff --git a/luci-theme-argon/htdocs/luci-static/argon/fonts/argon.ttf b/luci-theme-argon/htdocs/luci-static/argon/fonts/argon.ttf old mode 100644 new mode 100755 diff --git a/luci-theme-argon/htdocs/luci-static/argon/fonts/argon.woff b/luci-theme-argon/htdocs/luci-static/argon/fonts/argon.woff old mode 100644 new mode 100755 diff --git a/luci-theme-argon/htdocs/luci-static/argon/icon/android-icon-192x192.png b/luci-theme-argon/htdocs/luci-static/argon/icon/android-icon-192x192.png old mode 100644 new mode 100755 diff --git a/luci-theme-argon/htdocs/luci-static/argon/icon/apple-icon-144x144.png b/luci-theme-argon/htdocs/luci-static/argon/icon/apple-icon-144x144.png old mode 100644 new mode 100755 diff --git a/luci-theme-argon/htdocs/luci-static/argon/icon/apple-icon-60x60.png b/luci-theme-argon/htdocs/luci-static/argon/icon/apple-icon-60x60.png old mode 100644 new mode 100755 diff --git a/luci-theme-argon/htdocs/luci-static/argon/icon/apple-icon-72x72.png b/luci-theme-argon/htdocs/luci-static/argon/icon/apple-icon-72x72.png old mode 100644 new mode 100755 diff --git a/luci-theme-argon/htdocs/luci-static/argon/icon/arrow.svg b/luci-theme-argon/htdocs/luci-static/argon/icon/arrow.svg old mode 100644 new mode 100755 diff --git a/luci-theme-argon/htdocs/luci-static/argon/icon/browserconfig.xml b/luci-theme-argon/htdocs/luci-static/argon/icon/browserconfig.xml old mode 100644 new mode 100755 diff --git a/luci-theme-argon/htdocs/luci-static/argon/icon/favicon-16x16.png b/luci-theme-argon/htdocs/luci-static/argon/icon/favicon-16x16.png old mode 100644 new mode 100755 diff --git a/luci-theme-argon/htdocs/luci-static/argon/icon/favicon-32x32.png b/luci-theme-argon/htdocs/luci-static/argon/icon/favicon-32x32.png old mode 100644 new mode 100755 diff --git a/luci-theme-argon/htdocs/luci-static/argon/icon/favicon-96x96.png b/luci-theme-argon/htdocs/luci-static/argon/icon/favicon-96x96.png old mode 100644 new mode 100755 diff --git a/luci-theme-argon/htdocs/luci-static/argon/icon/manifest.json b/luci-theme-argon/htdocs/luci-static/argon/icon/manifest.json old mode 100644 new mode 100755 diff --git a/luci-theme-argon/htdocs/luci-static/argon/icon/ms-icon-144x144.png b/luci-theme-argon/htdocs/luci-static/argon/icon/ms-icon-144x144.png old mode 100644 new mode 100755 diff --git a/luci-theme-argon/htdocs/luci-static/argon/icon/spinner.svg b/luci-theme-argon/htdocs/luci-static/argon/icon/spinner.svg old mode 100644 new mode 100755 diff --git a/luci-theme-argon/htdocs/luci-static/argon/img/argon.svg b/luci-theme-argon/htdocs/luci-static/argon/img/argon.svg old mode 100644 new mode 100755 diff --git a/luci-theme-argon/htdocs/luci-static/argon/img/bg1.jpg b/luci-theme-argon/htdocs/luci-static/argon/img/bg1.jpg old mode 100644 new mode 100755 diff --git a/luci-theme-argon/htdocs/luci-static/argon/img/blank.png b/luci-theme-argon/htdocs/luci-static/argon/img/blank.png old mode 100644 new mode 100755 diff --git a/luci-theme-argon/htdocs/luci-static/argon/img/volume_high.svg b/luci-theme-argon/htdocs/luci-static/argon/img/volume_high.svg old mode 100644 new mode 100755 diff --git a/luci-theme-argon/htdocs/luci-static/argon/img/volume_off.svg b/luci-theme-argon/htdocs/luci-static/argon/img/volume_off.svg old mode 100644 new mode 100755 diff --git a/luci-theme-argon/htdocs/luci-static/argon/js/jquery.min.js b/luci-theme-argon/htdocs/luci-static/argon/js/jquery.min.js old mode 100644 new mode 100755 diff --git a/luci-theme-argon/htdocs/luci-static/argon/js/polyfill.min.js b/luci-theme-argon/htdocs/luci-static/argon/js/polyfill.min.js old mode 100644 new mode 100755 diff --git a/luci-theme-argon/htdocs/luci-static/argon/js/script.js b/luci-theme-argon/htdocs/luci-static/argon/js/script.js old mode 100644 new mode 100755 diff --git a/luci-theme-argon/htdocs/luci-static/argon/less/cascade.less b/luci-theme-argon/htdocs/luci-static/argon/less/cascade.less old mode 100644 new mode 100755 diff --git a/luci-theme-argon/htdocs/luci-static/argon/less/dark.less b/luci-theme-argon/htdocs/luci-static/argon/less/dark.less old mode 100644 new mode 100755 diff --git a/luci-theme-argon/luasrc/view/themes/argon/footer_login.htm b/luci-theme-argon/luasrc/view/themes/argon/footer_login.htm old mode 100644 new mode 100755 diff --git a/luci-theme-argon/luasrc/view/themes/argon/header.htm b/luci-theme-argon/luasrc/view/themes/argon/header.htm old mode 100644 new mode 100755 diff --git a/luci-theme-argon/luasrc/view/themes/argon/header_login.htm b/luci-theme-argon/luasrc/view/themes/argon/header_login.htm old mode 100644 new mode 100755 diff --git a/luci-theme-argon/luasrc/view/themes/argon/out_footer_login.htm b/luci-theme-argon/luasrc/view/themes/argon/out_footer_login.htm old mode 100644 new mode 100755 diff --git a/luci-theme-argon/luasrc/view/themes/argon/out_header_login.htm b/luci-theme-argon/luasrc/view/themes/argon/out_header_login.htm old mode 100644 new mode 100755 diff --git a/luci-theme-argon/luasrc/view/themes/argon/sysauth.htm b/luci-theme-argon/luasrc/view/themes/argon/sysauth.htm old mode 100644 new mode 100755 diff --git a/luci-theme-argon/root/etc/uci-defaults/30_luci-theme-argon b/luci-theme-argon/root/etc/uci-defaults/30_luci-theme-argon old mode 100644 new mode 100755 diff --git a/luci-theme-openwrt-2020/Makefile b/luci-theme-openwrt-2020/Makefile old mode 100644 new mode 100755 diff --git a/macvlan/Makefile b/macvlan/Makefile old mode 100644 new mode 100755 diff --git a/macvlan/files/etc/config/macvlan b/macvlan/files/etc/config/macvlan old mode 100644 new mode 100755 diff --git a/macvlan/files/etc/uci-defaults/40_luci-app-macvlan b/macvlan/files/etc/uci-defaults/40_luci-app-macvlan old mode 100644 new mode 100755 diff --git a/mlvpn/Makefile b/mlvpn/Makefile old mode 100644 new mode 100755 diff --git a/mlvpn/files/etc/config/mlvpn b/mlvpn/files/etc/config/mlvpn old mode 100644 new mode 100755 diff --git a/mlvpn/files/etc/uci-defaults/4100-mlvpn b/mlvpn/files/etc/uci-defaults/4100-mlvpn old mode 100644 new mode 100755 diff --git a/mlvpn/patches/020-remove-cdefs.patch b/mlvpn/patches/020-remove-cdefs.patch old mode 100644 new mode 100755 diff --git a/modemmanager/Config.in b/modemmanager/Config.in deleted file mode 100644 index 283a9e10a..000000000 --- a/modemmanager/Config.in +++ /dev/null @@ -1,21 +0,0 @@ -menu "Configuration" -depends on PACKAGE_modemmanager - - config MODEMMANAGER_WITH_MBIM - bool "Include MBIM support" - default y - help - Compile ModemManager with MBIM support - - config MODEMMANAGER_WITH_QMI - bool "Include QMI support" - default y - help - Compile ModemManager with QMI support - - config MODEMMANAGER_WITH_AT_COMMAND_VIA_DBUS - bool "Allow AT commands via DBus" - default n - help - Compile ModemManager allowing AT commands without debug flag -endmenu diff --git a/modemmanager/Makefile b/modemmanager/Makefile deleted file mode 100644 index 3eb780398..000000000 --- a/modemmanager/Makefile +++ /dev/null @@ -1,142 +0,0 @@ -# -# Copyright (C) 2016 Velocloud Inc. -# Copyright (C) 2016 Aleksander Morgado -# -# This is free software, licensed under the GNU General Public License v2. -# - -include $(TOPDIR)/rules.mk - -PKG_NAME:=modemmanager -PKG_VERSION:=1.18.6 -PKG_RELEASE:=1 - -PKG_SOURCE:=ModemManager-$(PKG_VERSION).tar.xz -PKG_SOURCE_URL:=https://www.freedesktop.org/software/ModemManager -PKG_HASH:=d4f804b31cf504239c5f1d4973c62095c00cba1ee9abb503718dac6d146a470a -PKG_BUILD_DIR:=$(BUILD_DIR)/ModemManager-$(PKG_VERSION) - -PKG_MAINTAINER:=Nicholas Smith -PKG_LICENSE:=GPL-2.0-or-later -PKG_LICENSE_FILES:=COPYING - -PKG_INSTALL:=1 -PKG_BUILD_PARALLEL:=1 - -include $(INCLUDE_DIR)/package.mk -include $(INCLUDE_DIR)/nls.mk - -define Package/modemmanager/config - source "$(SOURCE)/Config.in" -endef - -define Package/modemmanager - SECTION:=net - CATEGORY:=Network - TITLE:=Control utility for any kind of mobile broadband modem - URL:=https://www.freedesktop.org/wiki/Software/ModemManager - DEPENDS:= \ - $(INTL_DEPENDS) \ - +glib2 \ - +dbus \ - +ppp \ - +MODEMMANAGER_WITH_MBIM:libmbim \ - +MODEMMANAGER_WITH_QMI:libqmi -endef - -define Package/modemmanager/description - ModemManager is a D-Bus-activated service which allows controlling mobile - broadband modems. Add kernel modules for your modems as needed. - Select Utilities/usb-modeswitch if needed. -endef - -CONFIGURE_ARGS += \ - --without-polkit \ - --without-udev \ - --without-systemdsystemunitdir \ - --disable-rpath \ - --disable-gtk-doc - -ifeq ($(CONFIG_MODEMMANAGER_WITH_AT_COMMAND_VIA_DBUS),y) - CONFIGURE_ARGS += --with-at-command-via-dbus -endif - -ifdef CONFIG_MODEMMANAGER_WITH_MBIM - CONFIGURE_ARGS += --with-mbim -else - CONFIGURE_ARGS += --without-mbim -endif - -ifdef CONFIG_MODEMMANAGER_WITH_QMI - CONFIGURE_ARGS += --with-qmi -else - CONFIGURE_ARGS += --without-qmi -endif - -define Build/Prepare - $(call Build/Prepare/Default) - ( cd "$(PKG_BUILD_DIR)"; \ - printf "all:\ninstall:\n" >po/Makefile.in.in; \ - ) -endef - -define Build/InstallDev - $(INSTALL_DIR) $(1)/usr/include/ModemManager - $(CP) $(PKG_INSTALL_DIR)/usr/include/ModemManager/*.h $(1)/usr/include/ModemManager - $(INSTALL_DIR) $(1)/usr/include/libmm-glib - $(CP) $(PKG_INSTALL_DIR)/usr/include/libmm-glib/*.h $(1)/usr/include/libmm-glib - $(INSTALL_DIR) $(1)/usr/lib - $(CP) $(PKG_INSTALL_DIR)/usr/lib/libmm-glib.so* $(1)/usr/lib - $(INSTALL_DIR) $(1)/usr/lib/pkgconfig - $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/ModemManager.pc $(1)/usr/lib/pkgconfig - $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/mm-glib.pc $(1)/usr/lib/pkgconfig -endef - -define Package/modemmanager/install - $(INSTALL_DIR) $(1)/lib/udev/rules.d - $(INSTALL_DATA) $(PKG_INSTALL_DIR)/lib/udev/rules.d/*.rules $(1)/lib/udev/rules.d - - $(INSTALL_DIR) $(1)/usr/sbin - $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/ModemManager $(1)/usr/sbin - $(INSTALL_BIN) ./files/usr/sbin/ModemManager-wrapper $(1)/usr/sbin - - $(INSTALL_DIR) $(1)/usr/bin - $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/mmcli $(1)/usr/bin - - $(INSTALL_DIR) $(1)/usr/lib - $(CP) $(PKG_INSTALL_DIR)/usr/lib/libmm-glib.so.* $(1)/usr/lib - - $(INSTALL_DIR) $(1)/usr/lib/ModemManager - $(CP) $(PKG_INSTALL_DIR)/usr/lib/ModemManager/libmm-shared-*.so* $(1)/usr/lib/ModemManager - $(CP) $(PKG_INSTALL_DIR)/usr/lib/ModemManager/libmm-plugin-*.so* $(1)/usr/lib/ModemManager - - $(INSTALL_DIR) $(1)/etc/dbus-1/system.d - $(INSTALL_CONF) $(PKG_INSTALL_DIR)/etc/dbus-1/system.d/org.freedesktop.ModemManager1.conf $(1)/etc/dbus-1/system.d - - $(INSTALL_DIR) $(1)/usr/share/dbus-1/system-services - $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/share/dbus-1/system-services/org.freedesktop.ModemManager1.service $(1)/usr/share/dbus-1/system-services - - $(INSTALL_DIR) $(1)/usr/share/ModemManager - $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/share/ModemManager/*.conf $(1)/usr/share/ModemManager - $(INSTALL_DATA) ./files/modemmanager.common $(1)/usr/share/ModemManager - - $(INSTALL_DIR) $(1)/etc/init.d - $(INSTALL_BIN) ./files/modemmanager.init $(1)/etc/init.d/modemmanager - - $(INSTALL_DIR) $(1)/etc/hotplug.d/usb - $(INSTALL_DATA) ./files/25-modemmanager-usb $(1)/etc/hotplug.d/usb - - $(INSTALL_DIR) $(1)/etc/hotplug.d/net - $(INSTALL_DATA) ./files/25-modemmanager-net $(1)/etc/hotplug.d/net - - $(INSTALL_DIR) $(1)/etc/hotplug.d/tty - $(INSTALL_DATA) ./files/25-modemmanager-tty $(1)/etc/hotplug.d/tty - - $(INSTALL_DIR) $(1)/etc/hotplug.d/wwan - $(INSTALL_DATA) ./files/25-modemmanager-wwan $(1)/etc/hotplug.d/wwan - - $(INSTALL_DIR) $(1)/lib/netifd/proto - $(INSTALL_BIN) ./files/modemmanager.proto $(1)/lib/netifd/proto/modemmanager.sh -endef - -$(eval $(call BuildPackage,modemmanager)) diff --git a/modemmanager/README.md b/modemmanager/README.md deleted file mode 100644 index c9d880ea4..000000000 --- a/modemmanager/README.md +++ /dev/null @@ -1,40 +0,0 @@ -# OpenWrt ModemManager - -## Description - -Cellular modem control and connectivity - -Optional libraries libmbim and libqmi are available. -Your modem may require additional kernel modules and/or the usb-modeswitch -package. - -## Usage - -Once installed, you can configure the 2G/3G/4G modem connections directly in -/etc/config/network as in the following example: - - config interface 'broadband' - option device '/sys/devices/platform/soc/20980000.usb/usb1/1-1/1-1.2/1-1.2.1' - option proto 'modemmanager' - option apn 'ac.vodafone.es' - option allowedauth 'pap chap' - option username 'vodafone' - option password 'vodafone' - option pincode '7423' - option iptype 'ipv4' - option lowpower '1' - option signalrate '30' - -Only 'device' and 'proto' are mandatory options, the remaining ones are all -optional. - -The 'allowedauth' option allows limiting the list of authentication protocols. -It is given as a space-separated list of values, including any of the -following: 'pap', 'chap', 'mschap', 'mschapv2' or 'eap'. It will default to -allowing all protocols. - -The 'iptype' option supports any of these values: 'ipv4', 'ipv6' or 'ipv4v6'. -It will default to 'ipv4' if not given. - -The 'signalrate' option set's the signal refresh rate (in seconds) for the device. -You can call signal info with command: mmcli -m 0 --signal-get diff --git a/modemmanager/files/25-modemmanager-net b/modemmanager/files/25-modemmanager-net deleted file mode 100644 index e87231e31..000000000 --- a/modemmanager/files/25-modemmanager-net +++ /dev/null @@ -1,31 +0,0 @@ -#!/bin/sh -# Copyright (C) 2016 Velocloud Inc -# Copyright (C) 2016 Aleksander Morgado - -# Load common utilities -. /usr/share/ModemManager/modemmanager.common - -# We require a interface name -[ -n "${INTERFACE}" ] || exit - -# Always make sure the rundir exists -mkdir -m 0755 -p "${MODEMMANAGER_RUNDIR}" - -# Report network interface -mm_log "${ACTION} network interface ${INTERFACE}: event processed" -mm_report_event "${ACTION}" "${INTERFACE}" "net" "/sys${DEVPATH}" - -# Look for an associated cdc-wdm interface - -cdcwdm="" - -case "${ACTION}" in - "add") cdcwdm=$(mm_track_cdcwdm "${INTERFACE}") ;; - "remove") cdcwdm=$(mm_untrack_cdcwdm "${INTERFACE}") ;; -esac - -# Report cdc-wdm device, if any -[ -n "${cdcwdm}" ] && { - mm_log "${ACTION} cdc interface ${cdcwdm}: custom event processed" - mm_report_event "${ACTION}" "${cdcwdm}" "usbmisc" "/sys${DEVPATH}" -} diff --git a/modemmanager/files/25-modemmanager-tty b/modemmanager/files/25-modemmanager-tty deleted file mode 100644 index c13148a33..000000000 --- a/modemmanager/files/25-modemmanager-tty +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/sh -# Copyright (C) 2016 Velocloud Inc -# Copyright (C) 2016 Aleksander Morgado - -# Load hotplug common utilities -. /usr/share/ModemManager/modemmanager.common - -# We require a device name -[ -n "$DEVNAME" ] || exit - -# Always make sure the rundir exists -mkdir -m 0755 -p "${MODEMMANAGER_RUNDIR}" - -# Report TTY -mm_log "${ACTION} serial interface ${DEVNAME}: event processed" -mm_report_event "${ACTION}" "${DEVNAME}" "tty" "/sys${DEVPATH}" diff --git a/modemmanager/files/25-modemmanager-usb b/modemmanager/files/25-modemmanager-usb deleted file mode 100644 index 93d0bf70a..000000000 --- a/modemmanager/files/25-modemmanager-usb +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/sh -# Copyright (C) 2019 Aleksander Morgado - -# We need to process only full USB device removal events, we don't -# want to process specific interface removal events. -[ "$ACTION" = remove ] || exit -[ -z "${INTERFACE}" ] || exit - -# Load common utilities -. /usr/share/ModemManager/modemmanager.common - -mm_clear_modem_wait_status "/sys${DEVPATH}" -mm_cleanup_interface_by_sysfspath "/sys${DEVPATH}" diff --git a/modemmanager/files/25-modemmanager-wwan b/modemmanager/files/25-modemmanager-wwan deleted file mode 100644 index c4dc6b897..000000000 --- a/modemmanager/files/25-modemmanager-wwan +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/sh -# Copyright (C) 2021 Aleksander Morgado - -# Load hotplug common utilities -. /usr/share/ModemManager/modemmanager.common - -# We require a device name -[ -n "$DEVNAME" ] || exit - -# Always make sure the rundir exists -mkdir -m 0755 -p "${MODEMMANAGER_RUNDIR}" - -# Report wwan -mm_log "${ACTION} wwan control port ${DEVNAME}: event processed" -mm_report_event "${ACTION}" "${DEVNAME}" "wwan" "/sys${DEVPATH}" diff --git a/modemmanager/files/modemmanager.common b/modemmanager/files/modemmanager.common deleted file mode 100644 index a439179de..000000000 --- a/modemmanager/files/modemmanager.common +++ /dev/null @@ -1,341 +0,0 @@ -#!/bin/sh -# Copyright (C) 2016 Velocloud Inc -# Copyright (C) 2016 Aleksander Morgado - -################################################################################ - -. /lib/functions.sh -. /lib/netifd/netifd-proto.sh - -################################################################################ -# Runtime state - -MODEMMANAGER_RUNDIR="/var/run/modemmanager" -MODEMMANAGER_PID_FILE="${MODEMMANAGER_RUNDIR}/modemmanager.pid" -MODEMMANAGER_CDCWDM_CACHE="${MODEMMANAGER_RUNDIR}/cdcwdm.cache" -MODEMMANAGER_SYSFS_CACHE="${MODEMMANAGER_RUNDIR}/sysfs.cache" -MODEMMANAGER_EVENTS_CACHE="${MODEMMANAGER_RUNDIR}/events.cache" - -################################################################################ -# Common logging - -mm_log() { - [ "$(uci -q get openmptcprouter.settings.debug)" = "true" ] && logger -t "ModemManager" "hotplug: $*" -} - -################################################################################ -# Receives as input argument the full sysfs path of the device -# Returns the physical device sysfs path -# -# NOTE: this method only works when the device exists, i.e. it cannot be used -# on removal hotplug events - -mm_find_physdev_sysfs_path() { - local tmp_path="$1" - - while true; do - tmp_path=$(dirname "${tmp_path}") - - # avoid infinite loops iterating - [ -z "${tmp_path}" ] || [ "${tmp_path}" = "/" ] && return - - # for USB devices, the physical device will be that with a idVendor - # and idProduct pair of files - [ -f "${tmp_path}"/idVendor ] && [ -f "${tmp_path}"/idProduct ] && { - tmp_path=$(readlink -f "$tmp_path") - echo "${tmp_path}" - return - } - - # For PCI devices, the physical device will be that with a vendor - # and device pair of files - [ -f "${tmp_path}"/vendor ] && [ -f "${tmp_path}"/device ] && { - tmp_path=$(readlink -f "$tmp_path") - echo "${tmp_path}" - return - } - done -} - -################################################################################ - -# Returns the cdc-wdm name retrieved from sysfs -mm_track_cdcwdm() { - local wwan="$1" - local cdcwdm - - cdcwdm=$(ls "/sys/class/net/${wwan}/device/usbmisc/") - [ -n "${cdcwdm}" ] || return - - # We have to cache it for later, as we won't be able to get the - # associated cdc-wdm device on a remove event - echo "${wwan} ${cdcwdm}" >> "${MODEMMANAGER_CDCWDM_CACHE}" - - echo "${cdcwdm}" -} - -# Returns the cdc-wdm name retrieved from the cache -mm_untrack_cdcwdm() { - local wwan="$1" - local cdcwdm - - # Look for the cached associated cdc-wdm device - [ -f "${MODEMMANAGER_CDCWDM_CACHE}" ] || return - - cdcwdm=$(awk -v wwan="${wwan}" '!/^#/ && $0 ~ wwan { print $2 }' "${MODEMMANAGER_CDCWDM_CACHE}") - [ -n "${cdcwdm}" ] || return - - # Remove from cache - sed -i "/${wwan} ${cdcwdm}/d" "${MODEMMANAGER_CDCWDM_CACHE}" - - echo "${cdcwdm}" -} - -################################################################################ -# ModemManager needs some time from the ports being added until a modem object -# is exposed in DBus. With the logic here we do an explicit wait of N seconds -# for ModemManager to expose the new modem object, making sure that the wait is -# unique per device (i.e. per physical device sysfs path). - -# Gets the modem wait status as retrieved from the cache -mm_get_modem_wait_status() { - local sysfspath="$1" - - # If no sysfs cache file, we're done - [ -f "${MODEMMANAGER_SYSFS_CACHE}" ] || return - - # Get status of the sysfs path - awk -v sysfspath="${sysfspath}" '!/^#/ && $0 ~ sysfspath { print $2 }' "${MODEMMANAGER_SYSFS_CACHE}" -} - -# Clear the modem wait status from the cache, if any -mm_clear_modem_wait_status() { - local sysfspath="$1" - - local escaped_sysfspath - - [ -f "${MODEMMANAGER_SYSFS_CACHE}" ] && { - # escape '/', '\' and '&' for sed... - escaped_sysfspath=$(echo "$sysfspath" | sed -e 's/[\/&]/\\&/g') - sed -i "/${escaped_sysfspath}/d" "${MODEMMANAGER_SYSFS_CACHE}" - } -} - -# Sets the modem wait status in the cache -mm_set_modem_wait_status() { - local sysfspath="$1" - local status="$2" - - # Remove sysfs line before adding the new one with the new state - mm_clear_modem_wait_status "${sysfspath}" - - # Add the new status - echo "${sysfspath} ${status}" >> "${MODEMMANAGER_SYSFS_CACHE}" -} - -# Callback for config_foreach() -mm_get_modem_config_foreach_cb() { - local cfg="$1" - local sysfspath="$2" - - local proto - config_get proto "${cfg}" proto - [ "${proto}" = modemmanager ] || return 0 - - local dev - dev=$(uci_get network "${cfg}" device) - [ "${dev}" = "${sysfspath}" ] || return 0 - - echo "${cfg}" -} - -# Returns the name of the interface configured for this device -mm_get_modem_config() { - local sysfspath="$1" - - # Look for configuration for the given sysfs path - config_load network - config_foreach mm_get_modem_config_foreach_cb interface "${sysfspath}" -} - -# Wait for a modem in the specified sysfspath -mm_wait_for_modem() { - local cfg="$1" - local sysfspath="$2" - - # TODO: config max wait - local n=45 - local step=5 - - while [ $n -ge 0 ]; do - [ -d "${sysfspath}" ] || { - mm_log "error: ignoring modem detection request: no device at ${sysfspath}" - proto_set_available "${cfg}" 0 - return 1 - } - - # Check if the modem exists at the given sysfs path - if ! mmcli -m "${sysfspath}" > /dev/null 2>&1 - then - mm_log "error: modem not detected at sysfs path" - else - mm_log "modem exported successfully at ${sysfspath}" - mm_log "setting interface '${cfg}' as available" - proto_set_available "${cfg}" 1 - return 0 - fi - - sleep $step - n=$((n-step)) - done - - mm_log "error: timed out waiting for the modem to get exported at ${sysfspath}" - proto_set_available "${cfg}" 0 - return 2 -} - -mm_report_modem_wait() { - local sysfspath=$1 - - local parent_sysfspath status - - parent_sysfspath=$(mm_find_physdev_sysfs_path "$sysfspath") - [ -n "${parent_sysfspath}" ] || { - mm_log "error: parent device sysfspath not found" - return - } - - status=$(mm_get_modem_wait_status "${parent_sysfspath}") - case "${status}" in - "") - local cfg - - cfg=$(mm_get_modem_config "${parent_sysfspath}") - if [ -n "${cfg}" ]; then - mm_log "interface '${cfg}' is set to configure device '${parent_sysfspath}'" - mm_log "now waiting for modem at sysfs path ${parent_sysfspath}" - mm_set_modem_wait_status "${parent_sysfspath}" "processed" - # Launch subshell for the explicit wait - ( mm_wait_for_modem "${cfg}" "${parent_sysfspath}" ) > /dev/null 2>&1 & - else - mm_log "no need to wait for modem at sysfs path ${parent_sysfspath}" - mm_set_modem_wait_status "${parent_sysfspath}" "ignored" - fi - ;; - "processed") - mm_log "already waiting for modem at sysfs path ${parent_sysfspath}" - ;; - "ignored") - ;; - *) - mm_log "error: unknown status read for device at sysfs path ${parent_sysfspath}" - ;; - esac -} - -################################################################################ -# Cleanup interfaces - -mm_cleanup_interface_cb() { - local cfg="$1" - - local proto - config_get proto "${cfg}" proto - [ "${proto}" = modemmanager ] || return 0 - - proto_set_available "${cfg}" 0 -} - -mm_cleanup_interfaces() { - config_load network - config_foreach mm_cleanup_interface_cb interface -} - -mm_cleanup_interface_by_sysfspath() { - local dev="$1" - - local cfg - cfg=$(mm_get_modem_config "$dev") - [ -n "${cfg}" ] || return - - mm_log "setting interface '$cfg' as unavailable" - proto_set_available "${cfg}" 0 -} - -################################################################################ -# Event reporting - -# Receives as input the action, the device name and the subsystem -mm_report_event() { - local action="$1" - local name="$2" - local subsystem="$3" - local sysfspath="$4" - - # Track/untrack events in cache - case "${action}" in - "add") - # On add events, store event details in cache (if not exists yet) - grep -qs "${name},${subsystem}" "${MODEMMANAGER_EVENTS_CACHE}" || \ - echo "${action},${name},${subsystem},${sysfspath}" >> "${MODEMMANAGER_EVENTS_CACHE}" - ;; - "remove") - # On remove events, remove old events from cache (match by subsystem+name) - sed -i "/${name},${subsystem}/d" "${MODEMMANAGER_EVENTS_CACHE}" - ;; - esac - - # Report the event - mm_log "event reported: action=${action}, name=${name}, subsystem=${subsystem}" - mmcli --report-kernel-event="action=${action},name=${name},subsystem=${subsystem}" 1>/dev/null 2>&1 & - - # Wait for added modem if a sysfspath is given - [ -n "${sysfspath}" ] && [ "$action" = "add" ] && mm_report_modem_wait "${sysfspath}" -} - -mm_report_event_from_cache_line() { - local event_line="$1" - - local action name subsystem sysfspath - action=$(echo "${event_line}" | awk -F ',' '{ print $1 }') - name=$(echo "${event_line}" | awk -F ',' '{ print $2 }') - subsystem=$(echo "${event_line}" | awk -F ',' '{ print $3 }') - sysfspath=$(echo "${event_line}" | awk -F ',' '{ print $4 }') - - mm_log "cached event found: action=${action}, name=${name}, subsystem=${subsystem}, sysfspath=${sysfspath}" - mm_report_event "${action}" "${name}" "${subsystem}" "${sysfspath}" -} - -mm_report_events_from_cache() { - # Remove the sysfs cache - rm -f "${MODEMMANAGER_SYSFS_CACHE}" - - local n=60 - local step=1 - local mmrunning=0 - - # Wait for ModemManager to be available in the bus - while [ $n -ge 0 ]; do - sleep $step - mm_log "checking if ModemManager is available..." - - if ! mmcli -L >/dev/null 2>&1 - then - mm_log "ModemManager not yet available" - else - mmrunning=1 - break - fi - n=$((n-step)) - done - - [ ${mmrunning} -eq 1 ] || { - mm_log "error: couldn't report initial kernel events: ModemManager not running" - return - } - - # Report cached kernel events - while IFS= read -r event_line; do - mm_report_event_from_cache_line "${event_line}" - done < ${MODEMMANAGER_EVENTS_CACHE} -} diff --git a/modemmanager/files/modemmanager.init b/modemmanager/files/modemmanager.init deleted file mode 100644 index a3f6c1b12..000000000 --- a/modemmanager/files/modemmanager.init +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/sh /etc/rc.common -# Copyright (C) 2016 Aleksander Morgado - -USE_PROCD=1 -START=70 - -stop_service() { - # Load common utils - . /usr/share/ModemManager/modemmanager.common - # Set all configured interfaces as unavailable - mm_cleanup_interfaces -} - -start_service() { - # Setup ModemManager service - # - # We will make sure that the rundir always exists, and we initially cleanup - # all interfaces flagging them as unavailable. - # - # The cached events processing will wait for MM to be available in DBus - # and will make sure all ports are re-notified to ModemManager every time - # it starts. - # - # All these commands need to be executed on every MM start, even after - # procd-triggered respawns, which is why this is wrapped in a startup - # wrapper script called '/usr/sbin/ModemManager-wrapper'. - # - . /usr/share/ModemManager/modemmanager.common - procd_open_instance - procd_set_param command /usr/sbin/ModemManager-wrapper - procd_set_param respawn "${respawn_threshold:-3600}" "${respawn_timeout:-5}" "${respawn_retry:-5}" - procd_set_param pidfile "${MODEMMANAGER_PID_FILE}" - procd_close_instance -} diff --git a/modemmanager/files/modemmanager.proto b/modemmanager/files/modemmanager.proto deleted file mode 100755 index 0e050e7b9..000000000 --- a/modemmanager/files/modemmanager.proto +++ /dev/null @@ -1,555 +0,0 @@ -#!/bin/sh -# Copyright (C) 2016-2019 Aleksander Morgado - -[ -x /usr/bin/mmcli ] || exit 0 -[ -x /usr/sbin/pppd ] || exit 0 - -[ -n "$INCLUDE_ONLY" ] || { - . /lib/functions.sh - . ../netifd-proto.sh - . ./ppp.sh - init_proto "$@" -} - -cdr2mask () -{ - # Number of args to shift, 255..255, first non-255 byte, zeroes - set -- $(( 5 - ($1 / 8) )) 255 255 255 255 $(( (255 << (8 - ($1 % 8))) & 255 )) 0 0 0 - if [ "$1" -gt 1 ] - then - shift "$1" - else - shift - fi - echo "${1-0}"."${2-0}"."${3-0}"."${4-0}" -} - -# This method expects as first argument a list of key-value pairs, as returned by mmcli --output-keyvalue -# The second argument must be exactly the name of the field to read -# -# Sample output: -# $ mmcli -m 0 -K -# modem.dbus-path : /org/freedesktop/ModemManager1/Modem/0 -# modem.generic.device-identifier : ed6eff2e3e0f90463da1c2a755b2acacd1335752 -# modem.generic.manufacturer : Dell Inc. -# modem.generic.model : DW5821e Snapdragon X20 LTE -# modem.generic.revision : T77W968.F1.0.0.4.0.GC.009\n026 -# modem.generic.carrier-configuration : GCF -# modem.generic.carrier-configuration-revision : 08E00009 -# modem.generic.hardware-revision : DW5821e Snapdragon X20 LTE -# .... -modemmanager_get_field() { - local list=$1 - local field=$2 - local value="" - - [ -z "${list}" ] || [ -z "${field}" ] && return - - # there is always at least a whitespace after each key, and we use that as part of the - # key matching we do (e.g. to avoid getting 'modem.generic.state-failed-reason' as a result - # when grepping for 'modem.generic.state'. - line=$(echo "${list}" | grep "${field} ") - value=$(echo ${line#*:}) - - # not found? - [ -n "${value}" ] || return 2 - - # only print value if set - [ "${value}" != "--" ] && echo "${value}" - return 0 -} - -# build a comma-separated list of values from the list -modemmanager_get_multivalue_field() { - local list=$1 - local field=$2 - local value="" - local length idx item - - [ -z "${list}" ] || [ -z "${field}" ] && return - - length=$(modemmanager_get_field "${list}" "${field}.length") - [ -n "${length}" ] || return 0 - [ "$length" -ge 1 ] || return 0 - - idx=1 - while [ $idx -le "$length" ]; do - item=$(modemmanager_get_field "${list}" "${field}.value\[$idx\]") - [ -n "${item}" ] && [ "${item}" != "--" ] && { - [ -n "${value}" ] && value="${value}, " - value="${value}${item}" - } - idx=$((idx + 1)) - done - - # nothing built? - [ -n "${value}" ] || return 2 - - # only print value if set - echo "${value}" - return 0 -} - -modemmanager_cleanup_connection() { - local modemstatus="$1" - - local bearercount idx bearerpath - - bearercount=$(modemmanager_get_field "${modemstatus}" "modem.generic.bearers.length") - - # do nothing if no bearers reported - [ -n "${bearercount}" ] && [ "$bearercount" -ge 1 ] && { - # explicitly disconnect just in case - mmcli --modem="${device}" --simple-disconnect >/dev/null 2>&1 - # and remove all bearer objects, if any found - idx=1 - while [ $idx -le "$bearercount" ]; do - bearerpath=$(modemmanager_get_field "${modemstatus}" "modem.generic.bearers.value\[$idx\]") - mmcli --modem "${device}" --delete-bearer="${bearerpath}" >/dev/null 2>&1 - idx=$((idx + 1)) - done - } -} - -modemmanager_connected_method_ppp_ipv4() { - local interface="$1" - local ttyname="$2" - local username="$3" - local password="$4" - local allowedauth="$5" - - # all auth types are allowed unless a user given list is given - local authopts - local pap=1 - local chap=1 - local mschap=1 - local mschapv2=1 - local eap=1 - - [ -n "$allowedauth" ] && { - pap=0 chap=0 mschap=0 mschapv2=0 eap=0 - for auth in $allowedauth; do - case $auth in - "pap") pap=1 ;; - "chap") chap=1 ;; - "mschap") mschap=1 ;; - "mschapv2") mschapv2=1 ;; - "eap") eap=1 ;; - *) ;; - esac - done - } - - [ $pap -eq 1 ] || append authopts "refuse-pap" - [ $chap -eq 1 ] || append authopts "refuse-chap" - [ $mschap -eq 1 ] || append authopts "refuse-mschap" - [ $mschapv2 -eq 1 ] || append authopts "refuse-mschap-v2" - [ $eap -eq 1 ] || append authopts "refuse-eap" - - proto_run_command "${interface}" /usr/sbin/pppd \ - "${ttyname}" \ - 115200 \ - nodetach \ - noaccomp \ - nobsdcomp \ - nopcomp \ - novj \ - noauth \ - $authopts \ - ${username:+ user $username} \ - ${password:+ password $password} \ - lcp-echo-failure 5 \ - lcp-echo-interval 15 \ - lock \ - crtscts \ - nodefaultroute \ - usepeerdns \ - ipparam "${interface}" \ - ip-up-script /lib/netifd/ppp-up \ - ip-down-script /lib/netifd/ppp-down -} - -modemmanager_disconnected_method_ppp_ipv4() { - local interface="$1" - - echo "running disconnection (ppp method)" - - [ -n "${ERROR}" ] && { - local errorstring - errorstring=$(ppp_exitcode_tostring "${ERROR}") - case "$ERROR" in - 0) - ;; - 2) - proto_notify_error "$interface" "$errorstring" - proto_block_restart "$interface" - ;; - *) - proto_notify_error "$interface" "$errorstring" - ;; - esac - } || echo "pppd result code not given" - - proto_kill_command "$interface" -} - -modemmanager_connected_method_dhcp_ipv4() { - local interface="$1" - local wwan="$2" - local metric="$3" - local defaultroute="$4" - - proto_init_update "${wwan}" 1 - proto_set_keep 1 - proto_send_update "${interface}" - - json_init - json_add_string name "${interface}_4" - json_add_string ifname "@${interface}" - json_add_string proto "dhcp" - proto_add_dynamic_defaults - [ -n "$metric" ] && json_add_int metric "${metric}" - json_close_object - ubus call network add_dynamic "$(json_dump)" -} - -modemmanager_connected_method_static_ipv4() { - local interface="$1" - local wwan="$2" - local address="$3" - local prefix="$4" - local gateway="$5" - local mtu="$6" - local dns1="$7" - local dns2="$8" - local metric="$9" - local defaultroute="$10" - - local mask="" - - [ -n "${address}" ] || { - proto_notify_error "${interface}" ADDRESS_MISSING - return - } - - [ -n "${prefix}" ] || { - proto_notify_error "${interface}" PREFIX_MISSING - return - } - mask=$(cdr2mask "${prefix}") - - [ -n "${mtu}" ] && /sbin/ip link set dev "${wwan}" mtu "${mtu}" - - proto_init_update "${wwan}" 1 - proto_set_keep 1 - echo "adding IPv4 address ${address}, netmask ${mask}" - proto_add_ipv4_address "${address}" "${mask}" - [ -n "${gateway}" ] && [ "${defaultroute}" != 0 ] && { - echo "adding default IPv4 route via ${gateway}" - logger -t "modemmanager.proto" "adding default IPv4 route via ${gateway} ${address}" - proto_add_ipv4_route "0.0.0.0" "0" "${gateway}" "${address}" - } - [ -n "${dns1}" ] && { - echo "adding primary DNS at ${dns1}" - proto_add_dns_server "${dns1}" - } - [ -n "${dns2}" ] && { - echo "adding secondary DNS at ${dns2}" - proto_add_dns_server "${dns2}" - } - [ -n "$metric" ] && json_add_int metric "${metric}" - proto_send_update "${interface}" -} - -modemmanager_connected_method_dhcp_ipv6() { - local interface="$1" - local wwan="$2" - local metric="$3" - local defaultroute="$4" - - proto_init_update "${wwan}" 1 - proto_set_keep 1 - proto_send_update "${interface}" - - json_init - json_add_string name "${interface}_6" - json_add_string ifname "@${interface}" - json_add_string proto "dhcpv6" - proto_add_dynamic_defaults - json_add_string extendprefix 1 # RFC 7278: Extend an IPv6 /64 Prefix to LAN - [ -n "$metric" ] && json_add_int metric "${metric}" - json_close_object - ubus call network add_dynamic "$(json_dump)" -} - -modemmanager_connected_method_static_ipv6() { - local interface="$1" - local wwan="$2" - local address="$3" - local prefix="$4" - local gateway="$5" - local mtu="$6" - local dns1="$7" - local dns2="$8" - local metric="$9" - local defaultroute="$10" - - [ -n "${address}" ] || { - proto_notify_error "${interface}" ADDRESS_MISSING - return - } - - [ -n "${prefix}" ] || { - proto_notify_error "${interface}" PREFIX_MISSING - return - } - - [ -n "${mtu}" ] && /sbin/ip link set dev "${wwan}" mtu "${mtu}" - - proto_init_update "${wwan}" 1 - proto_set_keep 1 - echo "adding IPv6 address ${address}, prefix ${prefix}" - proto_add_ipv6_address "${address}" "128" - proto_add_ipv6_prefix "${address}/${prefix}" - [ -n "${gateway}" ] && [ "$defaultroute" != 0 ] && { - echo "adding default IPv6 route via ${gateway}" - proto_add_ipv6_route "${gateway}" "128" - proto_add_ipv6_route "::0" "0" "${gateway}" "" "" "${address}/${prefix}" - } - [ -n "${dns1}" ] && { - echo "adding primary DNS at ${dns1}" - proto_add_dns_server "${dns1}" - } - [ -n "${dns2}" ] && { - echo "adding secondary DNS at ${dns2}" - proto_add_dns_server "${dns2}" - } - [ -n "$metric" ] && json_add_int metric "${metric}" - proto_send_update "${interface}" -} - -modemmanager_disconnected_method_common() { - local interface="$1" - - echo "running disconnection (common)" - proto_notify_error "${interface}" MM_DISCONNECT_IN_PROGRESS - - proto_init_update "*" 0 - proto_send_update "${interface}" -} - -proto_modemmanager_init_config() { - available=1 - no_device=1 - proto_config_add_string device - proto_config_add_string apn - proto_config_add_string 'allowedauth:list(string)' - proto_config_add_string username - proto_config_add_string password - proto_config_add_string pincode - proto_config_add_string iptype - proto_config_add_int signalrate - proto_config_add_boolean lowpower - proto_config_add_defaults -} - -proto_modemmanager_setup() { - local interface="$1" - - local modempath modemstatus bearercount bearerpath connectargs bearerstatus beareriface - local bearermethod_ipv4 bearermethod_ipv6 auth cliauth - local operatorname operatorid registration accesstech signalquality - - local device apn allowedauth username password pincode iptype metric signalrate - - local address prefix gateway mtu dns1 dns2 defaultroute - - json_get_vars device apn allowedauth username password pincode iptype metric signalrate defaultroute - - # validate sysfs path given in config - [ -n "${device}" ] || { - echo "No device specified" - proto_notify_error "${interface}" NO_DEVICE - proto_set_available "${interface}" 0 - return 1 - } - [ -e "${device}" ] || { - echo "Device not found in sysfs" - proto_set_available "${interface}" 0 - return 1 - } - - # validate that ModemManager is handling the modem at the sysfs path - modemstatus=$(mmcli --modem="${device}" --output-keyvalue) - modempath=$(modemmanager_get_field "${modemstatus}" "modem.dbus-path") - [ -n "${modempath}" ] || { - echo "Device not managed by ModemManager" - proto_notify_error "${interface}" DEVICE_NOT_MANAGED - proto_set_available "${interface}" 0 - return 1 - } - echo "modem available at ${modempath}" - - # always cleanup before attempting a new connection, just in case - modemmanager_cleanup_connection "${modemstatus}" - - # if allowedauth list given, build option string - for auth in $allowedauth; do - cliauth="${cliauth}${cliauth:+|}$auth" - done - - # setup connect args; APN mandatory (even if it may be empty) - echo "starting connection with apn '${apn}'..." - proto_notify_error "${interface}" MM_CONNECT_IN_PROGRESS - - connectargs="apn=${apn}${iptype:+,ip-type=${iptype}}${cliauth:+,allowed-auth=${cliauth}}${username:+,user=${username}}${password:+,password=${password}}${pincode:+,pin=${pincode}}" - mmcli --modem="${device}" --timeout 120 --simple-connect="${connectargs}" || { - proto_notify_error "${interface}" MM_CONNECT_FAILED - proto_block_restart "${interface}" - return 1 - } - - # check if Signal refresh rate is set - if [ -n "${signalrate}" ] && [ "${signalrate}" -eq "${signalrate}" ] 2>/dev/null; then - echo "setting signal refresh rate to ${signalrate} seconds" - mmcli --modem="${device}" --signal-setup="${signalrate}" - else - echo "signal refresh rate is not set" - fi - - # log additional useful information - modemstatus=$(mmcli --modem="${device}" --output-keyvalue) - operatorname=$(modemmanager_get_field "${modemstatus}" "modem.3gpp.operator-name") - [ -n "${operatorname}" ] && echo "network operator name: ${operatorname}" - operatorid=$(modemmanager_get_field "${modemstatus}" "modem.3gpp.operator-code") - [ -n "${operatorid}" ] && echo "network operator MCCMNC: ${operatorid}" - registration=$(modemmanager_get_field "${modemstatus}" "modem.3gpp.registration-state") - [ -n "${registration}" ] && echo "registration type: ${registration}" - accesstech=$(modemmanager_get_multivalue_field "${modemstatus}" "modem.generic.access-technologies") - [ -n "${accesstech}" ] && echo "access technology: ${accesstech}" - signalquality=$(modemmanager_get_field "${modemstatus}" "modem.generic.signal-quality.value") - [ -n "${signalquality}" ] && echo "signal quality: ${signalquality}%" - - # we won't like it if there are more than one bearers, as that would mean the - # user manually created them, and that's unsupported by this proto - bearercount=$(modemmanager_get_field "${modemstatus}" "modem.generic.bearers.length") - [ -n "${bearercount}" ] && [ "$bearercount" -eq 1 ] || { - proto_notify_error "${interface}" INVALID_BEARER_LIST - return 1 - } - - # load connected bearer information - bearerpath=$(modemmanager_get_field "${modemstatus}" "modem.generic.bearers.value\[1\]") - bearerstatus=$(mmcli --bearer "${bearerpath}" --output-keyvalue) - - # load network interface and method information - beareriface=$(modemmanager_get_field "${bearerstatus}" "bearer.status.interface") - bearermethod_ipv4=$(modemmanager_get_field "${bearerstatus}" "bearer.ipv4-config.method") - bearermethod_ipv6=$(modemmanager_get_field "${bearerstatus}" "bearer.ipv6-config.method") - - # setup IPv4 - [ -n "${bearermethod_ipv4}" ] && { - echo "IPv4 connection setup required in interface ${interface}: ${bearermethod_ipv4}" - case "${bearermethod_ipv4}" in - "dhcp") - modemmanager_connected_method_dhcp_ipv4 "${interface}" "${beareriface}" "${metric}" "${defaultroute}" - ;; - "static") - address=$(modemmanager_get_field "${bearerstatus}" "bearer.ipv4-config.address") - prefix=$(modemmanager_get_field "${bearerstatus}" "bearer.ipv4-config.prefix") - gateway=$(modemmanager_get_field "${bearerstatus}" "bearer.ipv4-config.gateway") - mtu=$(modemmanager_get_field "${bearerstatus}" "bearer.ipv4-config.mtu") - dns1=$(modemmanager_get_field "${bearerstatus}" "bearer.ipv4-config.dns.value\[1\]") - dns2=$(modemmanager_get_field "${bearerstatus}" "bearer.ipv4-config.dns.value\[2\]") - modemmanager_connected_method_static_ipv4 "${interface}" "${beareriface}" "${address}" "${prefix}" "${gateway}" "${mtu}" "${dns1}" "${dns2}" "${metric}" "${defaultroute}" - ;; - "ppp") - modemmanager_connected_method_ppp_ipv4 "${interface}" "${beareriface}" "${username}" "${password}" "${allowedauth}" - ;; - *) - proto_notify_error "${interface}" UNKNOWN_METHOD - return 1 - ;; - esac - } - - # setup IPv6 - # note: if using ipv4v6, both IPv4 and IPv6 settings will have the same MTU and metric values reported - [ -n "${bearermethod_ipv6}" ] && { - echo "IPv6 connection setup required in interface ${interface}: ${bearermethod_ipv6}" - case "${bearermethod_ipv6}" in - "dhcp") - modemmanager_connected_method_dhcp_ipv6 "${interface}" "${beareriface}" "${metric}" "${defaultroute}" - ;; - "static") - address=$(modemmanager_get_field "${bearerstatus}" "bearer.ipv6-config.address") - prefix=$(modemmanager_get_field "${bearerstatus}" "bearer.ipv6-config.prefix") - gateway=$(modemmanager_get_field "${bearerstatus}" "bearer.ipv6-config.gateway") - mtu=$(modemmanager_get_field "${bearerstatus}" "bearer.ipv6-config.mtu") - dns1=$(modemmanager_get_field "${bearerstatus}" "bearer.ipv6-config.dns.value\[1\]") - dns2=$(modemmanager_get_field "${bearerstatus}" "bearer.ipv6-config.dns.value\[2\]") - modemmanager_connected_method_static_ipv6 "${interface}" "${beareriface}" "${address}" "${prefix}" "${gateway}" "${mtu}" "${dns1}" "${dns2}" "${metric}" "${defaultroute}" - ;; - "ppp") - proto_notify_error "${interface}" "unsupported method" - return 1 - ;; - *) - proto_notify_error "${interface}" UNKNOWN_METHOD - return 1 - ;; - esac - } - - return 0 -} - -proto_modemmanager_teardown() { - local interface="$1" - - local modemstatus bearerpath errorstring - local bearermethod_ipv4 bearermethod_ipv6 - - local device lowpower iptype - json_get_vars device lowpower iptype - - echo "stopping network" - proto_notify_error "${interface}" MM_TEARDOWN_IN_PROGRESS - - # load connected bearer information, just the first one should be ok - modemstatus=$(mmcli --modem="${device}" --output-keyvalue) - bearerpath=$(modemmanager_get_field "${modemstatus}" "modem.generic.bearers.value\[1\]") - [ -n "${bearerpath}" ] || { - echo "couldn't load bearer path" - return - } - - # load bearer connection methods - bearerstatus=$(mmcli --bearer "${bearerpath}" --output-keyvalue) - bearermethod_ipv4=$(modemmanager_get_field "${bearerstatus}" "bearer.ipv4-config.method") - [ -n "${bearermethod_ipv4}" ] && - echo "IPv4 connection teardown required in interface ${interface}: ${bearermethod_ipv4}" - bearermethod_ipv6=$(modemmanager_get_field "${bearerstatus}" "bearer.ipv6-config.method") - [ -n "${bearermethod_ipv6}" ] && - echo "IPv6 connection teardown required in interface ${interface}: ${bearermethod_ipv6}" - - # disconnection handling only requires special treatment in IPv4/PPP - [ "${bearermethod_ipv4}" = "ppp" ] && modemmanager_disconnected_method_ppp_ipv4 "${interface}" - modemmanager_disconnected_method_common "${interface}" - - # disconnect - mmcli --modem="${device}" --simple-disconnect || - proto_notify_error "${interface}" DISCONNECT_FAILED - - # disable - mmcli --modem="${device}" --disable - proto_notify_error "${interface}" MM_MODEM_DISABLED - - # low power, only if requested - [ "${lowpower:-0}" -lt 1 ] || - mmcli --modem="${device}" --set-power-state-low -} - -[ -n "$INCLUDE_ONLY" ] || { - add_protocol modemmanager -} diff --git a/modemmanager/files/usr/sbin/ModemManager-wrapper b/modemmanager/files/usr/sbin/ModemManager-wrapper deleted file mode 100755 index 4fd64227f..000000000 --- a/modemmanager/files/usr/sbin/ModemManager-wrapper +++ /dev/null @@ -1,33 +0,0 @@ -#!/bin/sh - -trap_with_arg() { - func="$1" ; shift - for sig ; do - # shellcheck disable=SC2064 - trap "$func $sig" "$sig" - done -} - -func_trap() { - logger "ModemManager-wrapper[$$]" "Sending signal ${1}..." - kill "-${1}" "$CHILD" 2>/dev/null -} - -main() { - . /usr/share/ModemManager/modemmanager.common - - trap_with_arg func_trap INT TERM KILL - - mkdir -p "${MODEMMANAGER_RUNDIR}" - chmod 0755 "${MODEMMANAGER_RUNDIR}" - mm_cleanup_interfaces - - /usr/sbin/ModemManager "$@" 1>/dev/null 2>/dev/null & - CHILD="$!" - - mm_report_events_from_cache - - wait "$CHILD" -} - -main "$@" diff --git a/mptcp/Makefile b/mptcp/Makefile old mode 100644 new mode 100755 diff --git a/mptcp/files/etc/hotplug.d/iface/30-mptcp b/mptcp/files/etc/hotplug.d/iface/30-mptcp old mode 100644 new mode 100755 diff --git a/mptcpd/Makefile b/mptcpd/Makefile old mode 100644 new mode 100755 diff --git a/mptcpd/patches/remove_log.patch b/mptcpd/patches/remove_log.patch old mode 100644 new mode 100755 diff --git a/msmtp/Makefile b/msmtp/Makefile old mode 100644 new mode 100755 index d4588bbcf..70702bfdb --- a/msmtp/Makefile +++ b/msmtp/Makefile @@ -46,7 +46,7 @@ endef define Package/msmtp $(call Package/msmtp/Default) - DEPENDS+= +libgnutls +ca-bundle + DEPENDS+= +libgnutls +ca-bundle +libopenssl TITLE+= (with SSL support) VARIANT:=ssl DEFAULT_VARIANT:=1 diff --git a/ndisc6/Makefile b/ndisc6/Makefile old mode 100644 new mode 100755 diff --git a/net-tools/Makefile b/net-tools/Makefile old mode 100644 new mode 100755 diff --git a/net-tools/patches/mptcp-support.patch b/net-tools/patches/mptcp-support.patch old mode 100644 new mode 100755 diff --git a/netifd/Makefile b/netifd/Makefile deleted file mode 100644 index 4b5f110da..000000000 --- a/netifd/Makefile +++ /dev/null @@ -1,52 +0,0 @@ -include $(TOPDIR)/rules.mk - -PKG_NAME:=netifd -PKG_RELEASE:=1 - -PKG_SOURCE_PROTO:=git -PKG_SOURCE_URL=$(PROJECT_GIT)/project/netifd.git -PKG_SOURCE_DATE:=2021-07-26 -PKG_SOURCE_VERSION:=440eb0647708274cc8d7d9e7c2bb0cfdfba90023 -PKG_MIRROR_HASH:=eed957036ab608fdc49bdf801fc5b4405fcd2a3a5e5d3343ec39898e156c10e9 -PKG_MAINTAINER:=Felix Fietkau - -PKG_LICENSE:=GPL-2.0 -PKG_LICENSE_FILES:= - -PKG_BUILD_PARALLEL:=1 - -include $(INCLUDE_DIR)/package.mk -include $(INCLUDE_DIR)/cmake.mk - -define Package/netifd - SECTION:=base - CATEGORY:=Base system - DEPENDS:=+libuci +libnl-tiny +libubus +ubus +ubusd +jshn +libubox - TITLE:=OpenWrt Network Interface Configuration Daemon -endef - -define Package/netifd/conffiles -/etc/udhcpc.user -/etc/udhcpc.user.d/ -endef - -TARGET_CFLAGS += \ - -I$(STAGING_DIR)/usr/include/libnl-tiny \ - -I$(STAGING_DIR)/usr/include \ - -flto - -TARGET_LDFLAGS += -flto -fuse-linker-plugin - -CMAKE_OPTIONS += \ - -DLIBNL_LIBS=-lnl-tiny \ - -DDEBUG=1 - -define Package/netifd/install - $(INSTALL_DIR) $(1)/sbin - $(INSTALL_BIN) $(PKG_BUILD_DIR)/netifd $(1)/sbin/ - $(CP) ./files/* $(1)/ - $(INSTALL_DIR) $(1)/etc/udhcpc.user.d/ - $(CP) $(PKG_BUILD_DIR)/scripts/* $(1)/lib/netifd/ -endef - -$(eval $(call BuildPackage,netifd)) diff --git a/netifd/files/etc/hotplug.d/iface/00-netstate b/netifd/files/etc/hotplug.d/iface/00-netstate deleted file mode 100644 index 71ccb0191..000000000 --- a/netifd/files/etc/hotplug.d/iface/00-netstate +++ /dev/null @@ -1,6 +0,0 @@ -[ ifup = "$ACTION" ] && { - uci_toggle_state network "$INTERFACE" up 1 - [ -n "$DEVICE" ] && { - uci_toggle_state network "$INTERFACE" ifname "$DEVICE" - } -} diff --git a/netifd/files/etc/hotplug.d/net/20-smp-packet-steering b/netifd/files/etc/hotplug.d/net/20-smp-packet-steering deleted file mode 100644 index 8a86bf75f..000000000 --- a/netifd/files/etc/hotplug.d/net/20-smp-packet-steering +++ /dev/null @@ -1,67 +0,0 @@ -#!/bin/sh -[ "$ACTION" = add ] || exit - -NPROCS="$(grep -c "^processor.*:" /proc/cpuinfo)" -[ "$NPROCS" -gt 1 ] || exit - -PROC_MASK="$(( (1 << $NPROCS) - 1 ))" - -find_irq_cpu() { - local dev="$1" - local match="$(grep -m 1 "$dev\$" /proc/interrupts)" - local cpu=0 - - [ -n "$match" ] && { - set -- $match - shift - for cur in $(seq 1 $NPROCS); do - [ "$1" -gt 0 ] && { - cpu=$(($cur - 1)) - break - } - shift - done - } - - echo "$cpu" -} - -set_hex_val() { - local file="$1" - local val="$2" - val="$(printf %x "$val")" - [ -n "$DEBUG" ] && echo "$file = $val" - echo "$val" > "$file" -} - -packet_steering="$(uci get "network.@globals[0].packet_steering")" -[ "$packet_steering" != 1 ] && exit 0 - -exec 512>/var/lock/smp_tune.lock -flock 512 || exit 1 - -for dev in /sys/class/net/*; do - [ -d "$dev" ] || continue - - # ignore virtual interfaces - [ -n "$(ls "${dev}/" | grep '^lower_')" ] && continue - [ -d "${dev}/device" ] || continue - - device="$(readlink "${dev}/device")" - device="$(basename "$device")" - irq_cpu="$(find_irq_cpu "$device")" - irq_cpu_mask="$((1 << $irq_cpu))" - - for q in ${dev}/queues/tx-*; do - set_hex_val "$q/xps_cpus" "$PROC_MASK" - done - - # ignore dsa slave ports for RPS - subsys="$(readlink "${dev}/device/subsystem")" - subsys="$(basename "$subsys")" - [ "$subsys" = "mdio_bus" ] && continue - - for q in ${dev}/queues/rx-*; do - set_hex_val "$q/rps_cpus" "$PROC_MASK" - done -done diff --git a/netifd/files/etc/init.d/network b/netifd/files/etc/init.d/network deleted file mode 100755 index dc208c4ce..000000000 --- a/netifd/files/etc/init.d/network +++ /dev/null @@ -1,144 +0,0 @@ -#!/bin/sh /etc/rc.common - -START=20 -STOP=90 - -USE_PROCD=1 - -init_switch() { - setup_switch() { return 0; } - - include /lib/network - setup_switch -} - -start_service() { - init_switch - - procd_open_instance - procd_set_param command /sbin/netifd - procd_set_param respawn - procd_set_param watch network.interface - [ -e /proc/sys/kernel/core_pattern ] && { - procd_set_param limits core="unlimited" - } - procd_close_instance -} - -reload_service() { - local rv=0 - - init_switch - ubus call network reload || rv=1 - /sbin/wifi reload_legacy - return $rv -} - -stop_service() { - /sbin/wifi down - ifdown -a - sleep 1 -} - -validate_atm_bridge_section() -{ - uci_validate_section network "atm-bridge" "${1}" \ - 'unit:uinteger:0' \ - 'vci:range(32, 65535):35' \ - 'vpi:range(0, 255):8' \ - 'atmdev:uinteger:0' \ - 'encaps:or("llc", "vc"):llc' \ - 'payload:or("bridged", "routed"):bridged' -} - -validate_route_section() -{ - uci_validate_section network route "${1}" \ - 'interface:string' \ - 'target:cidr4' \ - 'netmask:netmask4' \ - 'gateway:ip4addr' \ - 'metric:uinteger' \ - 'mtu:uinteger' \ - 'table:or(range(0,65535),string)' -} - -validate_route6_section() -{ - uci_validate_section network route6 "${1}" \ - 'interface:string' \ - 'target:cidr6' \ - 'gateway:ip6addr' \ - 'metric:uinteger' \ - 'mtu:uinteger' \ - 'table:or(range(0,65535),string)' -} - -validate_rule_section() -{ - uci_validate_section network rule "${1}" \ - 'in:string' \ - 'out:string' \ - 'src:cidr4' \ - 'dest:cidr4' \ - 'tos:range(0,31)' \ - 'mark:string' \ - 'invert:bool' \ - 'lookup:or(range(0,65535),string)' \ - 'goto:range(0,65535)' \ - 'action:or("prohibit", "unreachable", "blackhole", "throw")' -} - -validate_rule6_section() -{ - uci_validate_section network rule6 "${1}" \ - 'in:string' \ - 'out:string' \ - 'src:cidr6' \ - 'dest:cidr6' \ - 'tos:range(0,31)' \ - 'mark:string' \ - 'invert:bool' \ - 'lookup:or(range(0,65535),string)' \ - 'goto:range(0,65535)' \ - 'action:or("prohibit", "unreachable", "blackhole", "throw")' -} - -validate_switch_section() -{ - uci_validate_section network switch "${1}" \ - 'name:string' \ - 'enable:bool' \ - 'enable_vlan:bool' \ - 'reset:bool' \ - 'ar8xxx_mib_poll_interval:uinteger' \ - 'ar8xxx_mib_type:range(0,1)' -} - -validate_switch_vlan() -{ - uci_validate_section network switch_vlan "${1}" \ - 'device:string' \ - 'vlan:uinteger' \ - 'ports:list(ports)' -} - -service_triggers() -{ - procd_add_reload_trigger network wireless - - procd_open_validate - validate_atm_bridge_section - validate_route_section - [ -e /proc/sys/net/ipv6 ] && validate_route6_section - validate_rule_section - [ -e /proc/sys/net/ipv6 ] && validate_rule6_section - validate_switch_section - validate_switch_vlan - procd_close_validate -} - -shutdown() { - ifdown -a - sleep 1 -} diff --git a/netifd/files/etc/uci-defaults/14_migrate-dhcp-release b/netifd/files/etc/uci-defaults/14_migrate-dhcp-release deleted file mode 100644 index f1b384eec..000000000 --- a/netifd/files/etc/uci-defaults/14_migrate-dhcp-release +++ /dev/null @@ -1,23 +0,0 @@ -. /lib/functions.sh - -migrate_release() { - local config="$1" - local proto - local release - - config_get proto "$config" proto - config_get release "$config" release - - [ "$proto" = "dhcp" ] && [ -n "$release" ] && { - norelease="$((!$release))" - uci_set network "$config" norelease "$norelease" - uci_remove network "$config" release - } - -} - -config_load network -config_foreach migrate_release interface -uci commit network - -exit 0 diff --git a/netifd/files/etc/udhcpc.user b/netifd/files/etc/udhcpc.user deleted file mode 100644 index 78e2ba5f1..000000000 --- a/netifd/files/etc/udhcpc.user +++ /dev/null @@ -1 +0,0 @@ -# This script is sourced by udhcpc's dhcp.script at every DHCP event. diff --git a/netifd/files/lib/netifd/dhcp.script b/netifd/files/lib/netifd/dhcp.script deleted file mode 100755 index c857c9fc0..000000000 --- a/netifd/files/lib/netifd/dhcp.script +++ /dev/null @@ -1,120 +0,0 @@ -#!/bin/sh -[ -z "$1" ] && echo "Error: should be run by udhcpc" && exit 1 - -. /lib/functions.sh -. /lib/netifd/netifd-proto.sh - -set_classless_routes() { - local max=128 - while [ -n "$1" -a -n "$2" -a $max -gt 0 ]; do - proto_add_ipv4_route "${1%%/*}" "${1##*/}" "$2" "$ip" - max=$(($max-1)) - shift 2 - done -} - -setup_interface() { - proto_init_update "*" 1 - proto_add_ipv4_address "$ip" "${subnet:-255.255.255.0}" - # TODO: apply $broadcast - - local ip_net - eval "$(ipcalc.sh "$ip/$mask")";ip_net="$NETWORK" - - local i - for i in $router; do - local gw_net - eval "$(ipcalc.sh "$i/$mask")";gw_net="$NETWORK" - - [ "$ip_net" != "$gw_net" ] && proto_add_ipv4_route "$i" 32 "" "$ip" - #[ "$DEFAULTROUTE" = 0 ] || proto_add_ipv4_route 0.0.0.0 0 "$i" "$ip" - proto_add_ipv4_route 0.0.0.0 0 "$i" "$ip" - - local r - for r in $CUSTOMROUTES; do - proto_add_ipv4_route "${r%%/*}" "${r##*/}" "$i" "$ip" - done - done - - # CIDR STATIC ROUTES (rfc3442) - [ -n "$staticroutes" ] && set_classless_routes $staticroutes - [ -n "$msstaticroutes" ] && set_classless_routes $msstaticroutes - - for i in $dns; do - proto_add_dns_server "$i" - done - for i in $domain; do - proto_add_dns_search "$i" - done - - # TODO: Deprecate timesvr in favor of timesrv - if [ -n "$timesvr" -a -z "$timesrv" ]; then - timesrv="$timesvr" - echo "Environment variable 'timesvr' will be deprecated; use 'timesrv' instead." - fi - - proto_add_data - [ -n "$ZONE" ] && json_add_string zone "$ZONE" - [ -n "$ntpsrv" ] && json_add_string ntpserver "$ntpsrv" - [ -n "$timesrv" ] && json_add_string timeserver "$timesrv" - [ -n "$hostname" ] && json_add_string hostname "$hostname" - [ -n "$message" ] && json_add_string message "$message" - [ -n "$timezone" ] && json_add_int timezone "$timezone" - [ -n "$lease" ] && json_add_int leasetime "$lease" - proto_close_data - - proto_send_update "$INTERFACE" - - - if [ "$IFACE6RD" != 0 -a -n "$ip6rd" ]; then - local v4mask="${ip6rd%% *}" - ip6rd="${ip6rd#* }" - local ip6rdprefixlen="${ip6rd%% *}" - ip6rd="${ip6rd#* }" - local ip6rdprefix="${ip6rd%% *}" - ip6rd="${ip6rd#* }" - local ip6rdbr="${ip6rd%% *}" - - [ -n "$ZONE" ] || ZONE=$(fw3 -q network $INTERFACE 2>/dev/null) - [ -z "$IFACE6RD" -o "$IFACE6RD" = 1 ] && IFACE6RD=${INTERFACE}_6 - - json_init - json_add_string name "$IFACE6RD" - json_add_string ifname "@$INTERFACE" - json_add_string proto "6rd" - json_add_string peeraddr "$ip6rdbr" - json_add_int ip4prefixlen "$v4mask" - json_add_string ip6prefix "$ip6rdprefix" - json_add_int ip6prefixlen "$ip6rdprefixlen" - json_add_string tunlink "$INTERFACE" - [ -n "$IFACE6RD_DELEGATE" ] && json_add_boolean delegate "$IFACE6RD_DELEGATE" - [ -n "$ZONE6RD" ] || ZONE6RD=$ZONE - [ -n "$ZONE6RD" ] && json_add_string zone "$ZONE6RD" - [ -n "$MTU6RD" ] && json_add_string mtu "$MTU6RD" - json_close_object - - ubus call network add_dynamic "$(json_dump)" - fi -} - -deconfig_interface() { - proto_init_update "*" 0 - proto_send_update "$INTERFACE" -} - -case "$1" in - deconfig) - deconfig_interface - ;; - renew|bound) - setup_interface - ;; -esac - -# user rules -[ -f /etc/udhcpc.user ] && . /etc/udhcpc.user "$@" -for f in /etc/udhcpc.user.d/*; do - [ -f "$f" ] && (. "$f" "$@") -done - -exit 0 diff --git a/netifd/files/lib/netifd/proto/dhcp.sh b/netifd/files/lib/netifd/proto/dhcp.sh deleted file mode 100755 index 8db848260..000000000 --- a/netifd/files/lib/netifd/proto/dhcp.sh +++ /dev/null @@ -1,89 +0,0 @@ -#!/bin/sh - -[ -L /sbin/udhcpc ] || exit 0 - -. /lib/functions.sh -. ../netifd-proto.sh -init_proto "$@" - -proto_dhcp_init_config() { - renew_handler=1 - - proto_config_add_string 'ipaddr:ipaddr' - proto_config_add_string 'hostname:hostname' - proto_config_add_string clientid - proto_config_add_string vendorid - proto_config_add_boolean 'broadcast:bool' - proto_config_add_boolean 'norelease:bool' - proto_config_add_string 'reqopts:list(string)' - proto_config_add_boolean 'defaultreqopts:bool' - proto_config_add_string iface6rd - proto_config_add_array 'sendopts:list(string)' - proto_config_add_boolean delegate - proto_config_add_string zone6rd - proto_config_add_string zone - proto_config_add_string mtu6rd - proto_config_add_string customroutes - proto_config_add_boolean classlessroute -} - -proto_dhcp_add_sendopts() { - [ -n "$1" ] && append "$3" "-x $1" -} - -proto_dhcp_setup() { - local config="$1" - local iface="$2" - - local ipaddr hostname clientid vendorid broadcast norelease reqopts defaultreqopts iface6rd sendopts delegate zone6rd zone mtu6rd customroutes classlessroute defaultroute - json_get_vars ipaddr hostname clientid vendorid broadcast norelease reqopts defaultreqopts iface6rd delegate zone6rd zone mtu6rd customroutes classlessroute defaultroute - - local opt dhcpopts - for opt in $reqopts; do - append dhcpopts "-O $opt" - done - - json_for_each_item proto_dhcp_add_sendopts sendopts dhcpopts - - [ -z "$hostname" ] && hostname="$(cat /proc/sys/kernel/hostname)" - [ "$hostname" = "*" ] && hostname= - - [ "$defaultreqopts" = 0 ] && defaultreqopts="-o" || defaultreqopts= - [ "$broadcast" = 1 ] && broadcast="-B" || broadcast= - [ "$norelease" = 1 ] && norelease="" || norelease="-R" - [ -n "$clientid" ] && clientid="-x 0x3d:${clientid//:/}" || clientid="-C" - [ -n "$iface6rd" ] && proto_export "IFACE6RD=$iface6rd" - [ "$iface6rd" != 0 -a -f /lib/netifd/proto/6rd.sh ] && append dhcpopts "-O 212" - [ -n "$zone6rd" ] && proto_export "ZONE6RD=$zone6rd" - [ -n "$zone" ] && proto_export "ZONE=$zone" - [ -n "$mtu6rd" ] && proto_export "MTU6RD=$mtu6rd" - [ -n "$customroutes" ] && proto_export "CUSTOMROUTES=$customroutes" - [ -n "$defaultroute" ] && proto_export "DEFAULTROUTE=$defaultroute" - [ "$delegate" = "0" ] && proto_export "IFACE6RD_DELEGATE=0" - # Request classless route option (see RFC 3442) by default - [ "$classlessroute" = "0" ] || append dhcpopts "-O 121" - - proto_export "INTERFACE=$config" - proto_run_command "$config" udhcpc \ - -p /var/run/udhcpc-$iface.pid \ - -s /lib/netifd/dhcp.script \ - -f -t 0 -i "$iface" \ - ${ipaddr:+-r $ipaddr} \ - ${hostname:+-x "hostname:$hostname"} \ - ${vendorid:+-V "$vendorid"} \ - $clientid $defaultreqopts $broadcast $norelease $dhcpopts -} - -proto_dhcp_renew() { - local interface="$1" - # SIGUSR1 forces udhcpc to renew its lease - local sigusr1="$(kill -l SIGUSR1)" - [ -n "$sigusr1" ] && proto_kill_command "$interface" $sigusr1 -} - -proto_dhcp_teardown() { - local interface="$1" - proto_kill_command "$interface" -} - -add_protocol dhcp diff --git a/netifd/files/lib/network/config.sh b/netifd/files/lib/network/config.sh deleted file mode 100755 index 4cd28e4ce..000000000 --- a/netifd/files/lib/network/config.sh +++ /dev/null @@ -1,76 +0,0 @@ -#!/bin/sh -# Copyright (C) 2011 OpenWrt.org - -. /usr/share/libubox/jshn.sh - -find_config() { - local device="$1" - local ifdev ifl3dev ifobj - for ifobj in $(ubus list network.interface.\*); do - interface="${ifobj##network.interface.}" - ( - json_load "$(ifstatus $interface)" - json_get_var ifdev device - json_get_var ifl3dev l3_device - if [ "$device" = "$ifdev" ] || [ "$device" = "$ifl3dev" ]; then - echo "$interface" - exit 0 - else - exit 1 - fi - ) && return - done -} - -unbridge() { - return -} - -ubus_call() { - json_init - local _data="$(ubus -S call "$1" "$2")" - [ -z "$_data" ] && return 1 - json_load "$_data" - return 0 -} - - -fixup_interface() { - local config="$1" - local ifname type device l3dev - - config_get type "$config" type - config_get ifname "$config" ifname - [ "bridge" = "$type" ] && ifname="br-$config" - ubus_call "network.interface.$config" status || return 0 - json_get_var l3dev l3_device - [ -n "$l3dev" ] && ifname="$l3dev" - json_init - config_set "$config" ifname "$ifname" -} - -scan_interfaces() { - config_load network - config_foreach fixup_interface interface -} - -prepare_interface_bridge() { - local config="$1" - - [ -n "$config" ] || return 0 - ubus call network.interface."$config" prepare -} - -setup_interface() { - local iface="$1" - local config="$2" - - [ -n "$config" ] || return 0 - ubus call network.interface."$config" add_device "{ \"name\": \"$iface\" }" -} - -do_sysctl() { - [ -n "$2" ] && \ - sysctl -n -e -w "$1=$2" >/dev/null || \ - sysctl -n -e "$1" -} diff --git a/netifd/files/sbin/devstatus b/netifd/files/sbin/devstatus deleted file mode 100755 index 3c35b26a4..000000000 --- a/netifd/files/sbin/devstatus +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/sh -. /usr/share/libubox/jshn.sh -DEVICE="$1" - -[ -n "$DEVICE" ] || { - echo "Usage: $0 " - exit 1 -} - -json_init -json_add_string name "$DEVICE" -ubus call network.device status "$(json_dump)" diff --git a/netifd/files/sbin/ifdown b/netifd/files/sbin/ifdown deleted file mode 120000 index a0e5c176a..000000000 --- a/netifd/files/sbin/ifdown +++ /dev/null @@ -1 +0,0 @@ -ifup \ No newline at end of file diff --git a/netifd/files/sbin/ifstatus b/netifd/files/sbin/ifstatus deleted file mode 100755 index 8a951e6e1..000000000 --- a/netifd/files/sbin/ifstatus +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/sh -INTERFACE="$1" - -[ -n "$INTERFACE" ] || { - echo "Usage: $0 " - exit 1 -} - -ubus -S list "network.interface.$INTERFACE" >/dev/null || { - echo "Interface $INTERFACE not found" - exit 1 -} -ubus call network.interface status "{ \"interface\" : \"$INTERFACE\" }" diff --git a/netifd/files/sbin/ifup b/netifd/files/sbin/ifup deleted file mode 100755 index 15be535bb..000000000 --- a/netifd/files/sbin/ifup +++ /dev/null @@ -1,77 +0,0 @@ -#!/bin/sh - -ifup_all= -setup_wifi= - -if_call() { - local interface="$1" - for mode in $modes; do - ubus call network.interface $mode "{ \"interface\" : \"$interface\" }" - done -} - -case "$0" in - *ifdown) modes=down;; - *ifup) - modes="down up" - setup_wifi=1 - ;; - *) echo "Invalid command: $0";; -esac - -while :; do - case "$1" in - -a) - ifup_all=1 - shift - ;; - -w) - setup_wifi= - shift - ;; - *) - break - ;; - esac -done - -[ "$modes" = "down up" ] && ubus call network reload -if [ -n "$ifup_all" ]; then - for interface in $(ubus -S list 'network.interface.*'); do - if_call "${interface##network.interface.}" - done - [ -n "$setup_wifi" ] && /sbin/wifi up - exit -else - ubus -S list "network.interface.$1" > /dev/null || { - echo "Interface $1 not found" - exit - } - if_call "$1" -fi - -if [ -n "$setup_wifi" ] && grep -sq config /etc/config/wireless; then - . /lib/functions.sh - - find_related_radios() { - local wdev wnet - config_get wdev "$1" device - config_get wnet "$1" network - - if [ -n "$wdev" ]; then - for wnet in $wnet; do - if [ "$wnet" = "$network" ]; then - append radio_devs "$wdev" "$N" - fi - done - fi - } - - network="$1" - config_load wireless - config_foreach find_related_radios wifi-iface - - for dev in $(echo "$radio_devs" | sort -u); do - /sbin/wifi up "$dev" - done -fi diff --git a/netifd/files/usr/share/udhcpc/default.script b/netifd/files/usr/share/udhcpc/default.script deleted file mode 100755 index 0a9eb0180..000000000 --- a/netifd/files/usr/share/udhcpc/default.script +++ /dev/null @@ -1,57 +0,0 @@ -#!/bin/sh -[ -z "$1" ] && echo "Error: should be run by udhcpc" && exit 1 - -set_classless_routes() { - local max=128 - local type - while [ -n "$1" -a -n "$2" -a $max -gt 0 ]; do - [ ${1##*/} -eq 32 ] && type=host || type=net - echo "udhcpc: adding route for $type $1 via $2" - route add -$type "$1" gw "$2" dev "$interface" - max=$(($max-1)) - shift 2 - done -} - -setup_interface() { - echo "udhcpc: ip addr add $ip/${subnet:-255.255.255.0} broadcast ${broadcast:-+} dev $interface" - ip addr add $ip/${subnet:-255.255.255.0} broadcast ${broadcast:-+} dev $interface - - [ -n "$router" ] && [ "$router" != "0.0.0.0" ] && [ "$router" != "255.255.255.255" ] && { - echo "udhcpc: setting default routers: $router" - - local valid_gw="" - for i in $router ; do - route add default gw $i dev $interface - valid_gw="${valid_gw:+$valid_gw|}$i" - done - - eval $(route -n | awk ' - /^0.0.0.0\W{9}('$valid_gw')\W/ {next} - /^0.0.0.0/ {print "route del -net "$1" gw "$2";"} - ') - } - - # CIDR STATIC ROUTES (rfc3442) - [ -n "$staticroutes" ] && set_classless_routes $staticroutes - [ -n "$msstaticroutes" ] && set_classless_routes $msstaticroutes -} - - -applied= -case "$1" in - deconfig) - ip -4 addr flush dev "$interface" - ;; - renew) - setup_interface update - ;; - bound) - setup_interface ifup - ;; -esac - -# user rules -[ -f /etc/udhcpc.user ] && . /etc/udhcpc.user - -exit 0 diff --git a/nginx/Config.in b/nginx/Config.in old mode 100644 new mode 100755 diff --git a/nginx/Config_ssl.in b/nginx/Config_ssl.in old mode 100644 new mode 100755 diff --git a/nginx/Makefile b/nginx/Makefile old mode 100644 new mode 100755 diff --git a/nginx/files-luci-support/60_nginx-luci-support b/nginx/files-luci-support/60_nginx-luci-support old mode 100644 new mode 100755 diff --git a/nginx/files-luci-support/70_nginx-luci-support-ssl b/nginx/files-luci-support/70_nginx-luci-support-ssl old mode 100644 new mode 100755 diff --git a/nginx/files-luci-support/luci_nginx.conf b/nginx/files-luci-support/luci_nginx.conf old mode 100644 new mode 100755 diff --git a/nginx/files-luci-support/luci_nginx_ssl.conf b/nginx/files-luci-support/luci_nginx_ssl.conf old mode 100644 new mode 100755 diff --git a/nginx/files-luci-support/luci_uwsgi.conf b/nginx/files-luci-support/luci_uwsgi.conf old mode 100644 new mode 100755 diff --git a/nginx/files/nginx.init b/nginx/files/nginx.init old mode 100644 new mode 100755 diff --git a/nginx/patches-lua-nginx/100-no_by_lua_block.patch b/nginx/patches-lua-nginx/100-no_by_lua_block.patch old mode 100644 new mode 100755 diff --git a/nginx/patches/101-feature_test_fix.patch b/nginx/patches/101-feature_test_fix.patch old mode 100644 new mode 100755 diff --git a/nginx/patches/102-sizeof_test_fix.patch b/nginx/patches/102-sizeof_test_fix.patch old mode 100644 new mode 100755 diff --git a/nginx/patches/103-sys_nerr.patch b/nginx/patches/103-sys_nerr.patch old mode 100644 new mode 100755 diff --git a/nginx/patches/200-config.patch b/nginx/patches/200-config.patch old mode 100644 new mode 100755 diff --git a/nginx/patches/201-ignore-invalid-options.patch b/nginx/patches/201-ignore-invalid-options.patch old mode 100644 new mode 100755 diff --git a/nginx/patches/300-max-processes.patch b/nginx/patches/300-max-processes.patch old mode 100644 new mode 100755 diff --git a/omr-6in4/Makefile b/omr-6in4/Makefile old mode 100644 new mode 100755 diff --git a/omr-quota/Makefile b/omr-quota/Makefile old mode 100644 new mode 100755 diff --git a/omr-quota/files/etc/config/omr-quota b/omr-quota/files/etc/config/omr-quota old mode 100644 new mode 100755 diff --git a/omr-tracker/Makefile b/omr-tracker/Makefile old mode 100644 new mode 100755 diff --git a/omr-update/Makefile b/omr-update/Makefile old mode 100644 new mode 100755 diff --git a/openmptcprouter-full/Makefile b/openmptcprouter-full/Makefile index d2f4710b6..a81bd390f 100755 --- a/openmptcprouter-full/Makefile +++ b/openmptcprouter-full/Makefile @@ -28,10 +28,10 @@ MY_DEPENDS := \ iperf3-ssl luci-app-iperf \ arptables \ bind-dig \ - libnetfilter-conntrack ebtables ebtables-utils ip-full nstat \ + libnetfilter-conntrack ebtables-legacy ebtables-legacy-utils ip-full nstat \ iptables-mod-iface iptables-mod-ipmark iptables-mod-hashlimit iptables-mod-condition iptables-mod-trace iptables-mod-conntrack-extra iptables-mod-account \ kmod-nf-nat kmod-nf-nathelper kmod-nf-nathelper-extra iptables-mod-extra conntrack \ - iptables-mod-ipsec kmod-crypto-authenc kmod-ipsec kmod-ipsec4 kmod-ipt-ipsec \ + iptables-mod-ipsec kmod-crypto-authenc kmod-ipsec kmod-ipsec4 kmod-ipsec6 kmod-ipt-ipsec \ wireless-tools \ libiwinfo-lua \ ca-bundle ca-certificates \ @@ -39,12 +39,13 @@ MY_DEPENDS := \ luci-app-omr-tracker luci-app-omr-dscp \ luci-app-sqm sqm-scripts-extra \ luci-app-vnstat2 omr-quota luci-app-omr-quota \ - luci-app-mptcp luci-app-openmptcprouter luci-app-omr-bypass luci-app-mail \ + luci-app-mptcp luci-app-openmptcprouter luci-app-omr-bypass luci-app-mail luci-app-upnp \ luci-app-wol luci-app-opkg \ luci-app-uhttpd \ luci-mod-rpc rpcd-mod-rpcsys rpcd-mod-file rpcd-mod-iwinfo \ luci-app-openvpn \ shadowsocks-libev-ss-server shadowsocks-libev-ss-tunnel \ + omr-6in4 ip6tables-mod-nat luci-proto-ipv6 6to4 6in4 6rd ip6tables \ speedtestcpp \ iftop \ htop \ @@ -75,10 +76,10 @@ MY_DEPENDS := \ !TARGET_mvebu:kmod-usb-serial !TARGET_mvebu:kmod-usb-serial-option !TARGET_mvebu:kmod-usb-serial-wwan !TARGET_mvebu:usb-modeswitch !TARGET_mvebu:uqmi \ !TARGET_mvebu:umbim !TARGET_mvebu:kmod-mii !TARGET_mvebu:kmod-usb-net !TARGET_mvebu:kmod-usb-wdm !TARGET_mvebu:kmod-usb-net-qmi-wwan !TARGET_mvebu:kmod-usb-net-cdc-mbim !TARGET_mvebu:umbim \ !TARGET_mvebu:kmod-usb-net-huawei-cdc-ncm !TARGET_mvebu:kmod-usb-net-rndis !TARGET_mvebu:kmod-usb-net-cdc-ether !TARGET_mvebu:kmod-usb-net-ipheth !TARGET_mvebu:usbmuxd \ - !TARGET_mvebu:luci-proto-qmi wpad-basic TARGET_r4s:kmod-r8168 (TARGET_x86||TARGET_x86_64):kmod-usb-net-rtl8152 \ - luci-app-mlvpn mlvpn !TARGET_mvebu:kmod-usb-net-smsc75xx kmod-zram kmod-swconfig swconfig kmod-ipt-nat kmod-ipt-nat6 luci-app-https-dns-proxy kmod-tcp-nanqinlang (TARGET_x86_64||aarch64):kmod-tcp-bbr2 iptables-mod-ipopt igmpproxy ss iptraf-ng \ - luci-app-acl block-mount blockd fstools luci-app-shutdown libwebp luci-proto-gre tcptraceroute luci-proto-mbim kmod-ath9k-htc luci-app-ttyd luci-mod-dashboard (TARGET_x86||TARGET_x86_64):rtl8192eu-firmware kmod-usb2 libustream-openssl (TARGET_x86||TARGET_x86_64):kmod-ixgbevf (TARGET_x86||TARGET_x86_64):kmod-igbvf \ - hwinfo (TARGET_x86||TARGET_x86_64):dmidecode luci-app-packet-capture kmod-bonding luci-proto-bonding luci-app-sysupgrade \ + !TARGET_mvebu:luci-proto-qmi TARGET_r4s:kmod-r8168 (TARGET_x86||TARGET_x86_64):kmod-usb-net-rtl8152 \ + luci-app-mlvpn mlvpn 464xlat !TARGET_mvebu:kmod-usb-net-smsc75xx kmod-zram kmod-swconfig swconfig kmod-ipt-nat kmod-ipt-nat6 luci-app-https-dns-proxy iptables-mod-ipopt igmpproxy ss iptraf-ng \ + luci-app-acl block-mount blockd fstools luci-app-shutdown libwebp luci-proto-gre tcptraceroute luci-proto-mbim luci-app-ttyd luci-mod-dashboard (TARGET_x86||TARGET_x86_64):rtl8192eu-firmware kmod-usb2 (TARGET_x86||TARGET_x86_64):kmod-ixgbevf (TARGET_x86||TARGET_x86_64):kmod-igbvf \ + (TARGET_x86||TARGET_x86_64):dmidecode luci-app-packet-capture kmod-bonding luci-proto-bonding luci-app-sysupgrade \ luci-theme-openwrt-2020 luci-proto-wireguard luci-app-wireguard (TARGET_x86||TARGET_x86_64):kmod-r8125 TARGET_x86_64:kmod-atlantic \ mptcpd # luci-theme-bootstrap luci-theme-openwrt-2020 luci-theme-openwrt luci-app-status diff --git a/openmptcprouter/files/etc/iproute2/rt_dsfield b/openmptcprouter/files/etc/iproute2/rt_dsfield deleted file mode 100755 index 30405f0a3..000000000 --- a/openmptcprouter/files/etc/iproute2/rt_dsfield +++ /dev/null @@ -1,26 +0,0 @@ -# Differentiated field values -# These include the DSCP and unused bits -0x0 default -# Newer RFC2597 values -0x28 AF11 -0x30 AF12 -0x38 AF13 -0x48 AF21 -0x50 AF22 -0x58 AF23 -0x68 AF31 -0x70 AF32 -0x78 AF33 -0x88 AF41 -0x90 AF42 -0x98 AF43 -# Older values RFC2474 -0x20 CS1 -0x40 CS2 -0x60 CS3 -0x80 CS4 -0xA0 CS5 -0xC0 CS6 -0xE0 CS7 -# RFC 2598 -0xB8 EF diff --git a/protobuf/Makefile b/protobuf/Makefile old mode 100644 new mode 100755 diff --git a/r8168/Makefile b/r8168/Makefile old mode 100644 new mode 100755 diff --git a/r8168/patches/001-r8168-add-LED-configuration-from-OF.patch b/r8168/patches/001-r8168-add-LED-configuration-from-OF.patch old mode 100644 new mode 100755 diff --git a/serdisplib/Makefile b/serdisplib/Makefile old mode 100644 new mode 100755 diff --git a/shadowsocks-libev/Makefile b/shadowsocks-libev/Makefile old mode 100644 new mode 100755 diff --git a/shadowsocks-libev/README.md b/shadowsocks-libev/README.md old mode 100644 new mode 100755 diff --git a/shadowsocks-libev/files/firewall.ss-rules b/shadowsocks-libev/files/firewall.ss-rules old mode 100644 new mode 100755 diff --git a/shadowsocks-libev/files/shadowsocks-libev.config b/shadowsocks-libev/files/shadowsocks-libev.config old mode 100644 new mode 100755 diff --git a/shadowsocks-libev/files/shadowsocks-libev.init b/shadowsocks-libev/files/shadowsocks-libev.init old mode 100644 new mode 100755 diff --git a/shadowsocks-libev/files/shadowsocks.conf b/shadowsocks-libev/files/shadowsocks.conf old mode 100644 new mode 100755 diff --git a/shadowsocks-libev/patches/010-ECONNRESET.patch b/shadowsocks-libev/patches/010-ECONNRESET.patch old mode 100644 new mode 100755 diff --git a/shadowsocks-v2ray-plugin/Makefile b/shadowsocks-v2ray-plugin/Makefile old mode 100644 new mode 100755 index 5cc81054e..e50a54e7c --- a/shadowsocks-v2ray-plugin/Makefile +++ b/shadowsocks-v2ray-plugin/Makefile @@ -25,7 +25,7 @@ GO_PKG:=github.com/shadowsocks/v2ray-plugin PKG_USE_MIPS16:=0 include $(INCLUDE_DIR)/package.mk -include ../golang/golang-package.mk +include $(TOPDIR)/feeds/packages/lang/golang/golang-package.mk define Package/v2ray-plugin SECTION:=net diff --git a/shortcut-fe/Makefile b/shortcut-fe/Makefile deleted file mode 100644 index 54711c46a..000000000 --- a/shortcut-fe/Makefile +++ /dev/null @@ -1,77 +0,0 @@ -# -# Copyright (c) 2014 The Linux Foundation. All rights reserved. -# Permission to use, copy, modify, and/or distribute this software for -# any purpose with or without fee is hereby granted, provided that the -# above copyright notice and this permission notice appear in all copies. -# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT -# OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -# -include $(TOPDIR)/rules.mk -include $(INCLUDE_DIR)/kernel.mk - -PKG_NAME:=shortcut-fe -PKG_RELEASE:=2 -PKG_CONFIG_DEPENDS := CONFIG_IPV6 - -include $(INCLUDE_DIR)/package.mk - -define KernelPackage/shortcut-fe - SECTION:=kernel - CATEGORY:=Kernel modules - SUBMENU:=Network Support - DEPENDS:= - TITLE:=Kernel driver for SFE - FILES:=$(PKG_BUILD_DIR)/shortcut-fe.ko $(if $(CONFIG_IPV6),$(PKG_BUILD_DIR)/shortcut-fe-ipv6.ko,) - KCONFIG:=CONFIG_NF_CONNTRACK_EVENTS=y \ - CONFIG_NF_CONNTRACK_TIMEOUT=y \ - CONFIG_SHORTCUT_FE=y \ - CONFIG_XFRM=y - AUTOLOAD:=$(call AutoLoad,09,shortcut-fe shortcut-fe-ipv6) -endef - -define KernelPackage/shortcut-fe/Description -Shortcut is an in-Linux-kernel IP packet forwarding engine. -endef - -define KernelPackage/shortcut-fe/install - $(INSTALL_DIR) $(1)/usr/bin - $(INSTALL_BIN) ./files/usr/bin/sfe_dump $(1)/usr/bin -endef - -define KernelPackage/shortcut-fe-cm - SECTION:=kernel - CATEGORY:=Kernel modules - SUBMENU:=Network Support - DEPENDS:=+kmod-ipt-conntrack +kmod-shortcut-fe - TITLE:=Kernel driver for SFE - FILES:=$(PKG_BUILD_DIR)/shortcut-fe-cm.ko - KCONFIG:=CONFIG_NF_CONNTRACK_CHAIN_EVENTS=y -endef - -define KernelPackage/shortcut-fe-cm/Description -Simple connection manager for the Shortcut forwarding engine. -endef - -define Build/Compile - +$(MAKE) $(PKG_JOBS) -C "$(LINUX_DIR)" \ - $(KERNEL_MAKE_FLAGS) \ - $(PKG_MAKE_FLAGS) \ - M="$(PKG_BUILD_DIR)" \ - modules \ - $(if $(CONFIG_IPV6),EXTRA_CFLAGS="-DSFE_SUPPORT_IPV6" SFE_SUPPORT_IPV6=y,) -endef - -#ifneq ($(CONFIG_PACKAGE_kmod-shortcut-fe)$(CONFIG_PACKAGE_kmod-shortcut-fe-cm),) -define Build/InstallDev - $(INSTALL_DIR) $(1)/usr/include/shortcut-fe - $(CP) -rf $(PKG_BUILD_DIR)/sfe.h $(1)/usr/include/shortcut-fe -endef -#endif - -$(eval $(call KernelPackage,shortcut-fe)) -$(eval $(call KernelPackage,shortcut-fe-cm)) diff --git a/shortcut-fe/files/usr/bin/sfe_dump b/shortcut-fe/files/usr/bin/sfe_dump deleted file mode 100644 index 2a224e0ca..000000000 --- a/shortcut-fe/files/usr/bin/sfe_dump +++ /dev/null @@ -1,35 +0,0 @@ -#!/bin/sh -# -# Copyright (c) 2015 The Linux Foundation. All rights reserved. -# Permission to use, copy, modify, and/or distribute this software for -# any purpose with or without fee is hereby granted, provided that the -# above copyright notice and this permission notice appear in all copies. -# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT -# OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -# - -#@sfe_dump -#@example : sfe_dump (ipv4|ipv6) -sfe_dump(){ - [ -e "/dev/sfe_ipv4" ] || { - dev_num=$(cat /sys/sfe_ipv4/debug_dev) - mknod /dev/sfe_ipv4 c $dev_num 0 - } - [ -e "/dev/sfe_ipv6" ] || { - dev_num=$(cat /sys/sfe_ipv6/debug_dev) - mknod /dev/sfe_ipv6 c $dev_num 0 - } - cat /dev/sfe_$1 -} - -if [ -z "$1" ]; then - sfe_dump ipv4 - sfe_dump ipv6 -else - sfe_dump $1 -fi diff --git a/shortcut-fe/src/Kconfig b/shortcut-fe/src/Kconfig deleted file mode 100644 index f45e56b47..000000000 --- a/shortcut-fe/src/Kconfig +++ /dev/null @@ -1,15 +0,0 @@ -# -# Shortcut forwarding engine -# - -config SHORTCUT_FE - tristate "Shortcut Forwarding Engine" - depends on NF_CONNTRACK - default n - help - Shortcut is a fast in-kernel packet forwarding engine. - - To compile this code as a module, choose M here: the module will be - called shortcut-fe. - - If unsure, say N. diff --git a/shortcut-fe/src/Makefile b/shortcut-fe/src/Makefile deleted file mode 100644 index 3b1ceaa44..000000000 --- a/shortcut-fe/src/Makefile +++ /dev/null @@ -1,23 +0,0 @@ -# -# Makefile for Shortcut FE. -# - -obj-m += shortcut-fe.o - -ifdef SFE_SUPPORT_IPV6 -obj-m += shortcut-fe-ipv6.o -endif - -obj-m += shortcut-fe-cm.o - -shortcut-fe-objs := \ - sfe_ipv4.o - -ifdef SFE_SUPPORT_IPV6 -shortcut-fe-ipv6-objs := \ - sfe_ipv6.o -endif - -shortcut-fe-cm-objs := \ - sfe_cm.o - diff --git a/shortcut-fe/src/sfe.h b/shortcut-fe/src/sfe.h deleted file mode 100644 index 279e7b3dc..000000000 --- a/shortcut-fe/src/sfe.h +++ /dev/null @@ -1,114 +0,0 @@ -/* - * sfe.h - * Shortcut forwarding engine. - * - * Copyright (c) 2013-2017 The Linux Foundation. All rights reserved. - * Permission to use, copy, modify, and/or distribute this software for - * any purpose with or without fee is hereby granted, provided that the - * above copyright notice and this permission notice appear in all copies. - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT - * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - - -/* - * The following are debug macros used throughout the SFE. - * - * The DEBUG_LEVEL enables the followings based on its value, - * when dynamic debug option is disabled. - * - * 0 = OFF - * 1 = ASSERTS / ERRORS - * 2 = 1 + WARN - * 3 = 2 + INFO - * 4 = 3 + TRACE - */ -#define DEBUG_LEVEL 2 - -#if (DEBUG_LEVEL < 1) -#define DEBUG_ASSERT(s, ...) -#define DEBUG_ERROR(s, ...) -#else -#define DEBUG_ASSERT(c, s, ...) if (!(c)) { pr_emerg("ASSERT: %s:%d:" s, __FUNCTION__, __LINE__, ##__VA_ARGS__); BUG(); } -#define DEBUG_ERROR(s, ...) pr_err("%s:%d:" s, __FUNCTION__, __LINE__, ##__VA_ARGS__) -#endif - -#if defined(CONFIG_DYNAMIC_DEBUG) -/* - * Compile messages for dynamic enable/disable - */ -#define DEBUG_WARN(s, ...) pr_debug("%s[%d]:" s, __FUNCTION__, __LINE__, ##__VA_ARGS__) -#define DEBUG_INFO(s, ...) pr_debug("%s[%d]:" s, __FUNCTION__, __LINE__, ##__VA_ARGS__) -#define DEBUG_TRACE(s, ...) pr_debug("%s[%d]:" s, __FUNCTION__, __LINE__, ##__VA_ARGS__) -#else - -/* - * Statically compile messages at different levels - */ -#if (DEBUG_LEVEL < 2) -#define DEBUG_WARN(s, ...) -#else -#define DEBUG_WARN(s, ...) pr_warn("%s[%d]:" s, __FUNCTION__, __LINE__, ##__VA_ARGS__) -#endif - -#if (DEBUG_LEVEL < 3) -#define DEBUG_INFO(s, ...) -#else -#define DEBUG_INFO(s, ...) pr_notice("%s[%d]:" s, __FUNCTION__, __LINE__, ##__VA_ARGS__) -#endif - -#if (DEBUG_LEVEL < 4) -#define DEBUG_TRACE(s, ...) -#else -#define DEBUG_TRACE(s, ...) pr_info("%s[%d]:" s, __FUNCTION__, __LINE__, ##__VA_ARGS__) -#endif -#endif - -#ifdef CONFIG_NF_FLOW_COOKIE -typedef int (*flow_cookie_set_func_t)(u32 protocol, __be32 src_ip, __be16 src_port, - __be32 dst_ip, __be16 dst_port, u16 flow_cookie); -/* - * sfe_register_flow_cookie_cb - * register a function in SFE to let SFE use this function to configure flow cookie for a flow - * - * Hardware driver which support flow cookie should register a callback function in SFE. Then SFE - * can use this function to configure flow cookie for a flow. - * return: 0, success; !=0, fail - */ -int sfe_register_flow_cookie_cb(flow_cookie_set_func_t cb); - -/* - * sfe_unregister_flow_cookie_cb - * unregister function which is used to configure flow cookie for a flow - * - * return: 0, success; !=0, fail - */ -int sfe_unregister_flow_cookie_cb(flow_cookie_set_func_t cb); - -typedef int (*sfe_ipv6_flow_cookie_set_func_t)(u32 protocol, __be32 src_ip[4], __be16 src_port, - __be32 dst_ip[4], __be16 dst_port, u16 flow_cookie); - -/* - * sfe_ipv6_register_flow_cookie_cb - * register a function in SFE to let SFE use this function to configure flow cookie for a flow - * - * Hardware driver which support flow cookie should register a callback function in SFE. Then SFE - * can use this function to configure flow cookie for a flow. - * return: 0, success; !=0, fail - */ -int sfe_ipv6_register_flow_cookie_cb(sfe_ipv6_flow_cookie_set_func_t cb); - -/* - * sfe_ipv6_unregister_flow_cookie_cb - * unregister function which is used to configure flow cookie for a flow - * - * return: 0, success; !=0, fail - */ -int sfe_ipv6_unregister_flow_cookie_cb(sfe_ipv6_flow_cookie_set_func_t cb); - -#endif /*CONFIG_NF_FLOW_COOKIE*/ diff --git a/shortcut-fe/src/sfe_backport.h b/shortcut-fe/src/sfe_backport.h deleted file mode 100644 index 2f8c8ca3c..000000000 --- a/shortcut-fe/src/sfe_backport.h +++ /dev/null @@ -1,195 +0,0 @@ -/* - * sfe_backport.h - * Shortcut forwarding engine compatible header file. - * - * Copyright (c) 2014-2016 The Linux Foundation. All rights reserved. - * Permission to use, copy, modify, and/or distribute this software for - * any purpose with or without fee is hereby granted, provided that the - * above copyright notice and this permission notice appear in all copies. - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT - * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include - -#if (LINUX_VERSION_CODE >= KERNEL_VERSION(3, 4, 0)) -#if (LINUX_VERSION_CODE >= KERNEL_VERSION(3, 7, 0)) -#include -#else -enum udp_conntrack { - UDP_CT_UNREPLIED, - UDP_CT_REPLIED, - UDP_CT_MAX -}; - -static inline unsigned int * -nf_ct_timeout_lookup(struct net *net, struct nf_conn *ct, - struct nf_conntrack_l4proto *l4proto) -{ -#ifdef CONFIG_NF_CONNTRACK_TIMEOUT - struct nf_conn_timeout *timeout_ext; - unsigned int *timeouts; - - timeout_ext = nf_ct_timeout_find(ct); - if (timeout_ext) - timeouts = NF_CT_TIMEOUT_EXT_DATA(timeout_ext); - else - timeouts = l4proto->get_timeouts(net); - - return timeouts; -#else - return l4proto->get_timeouts(net); -#endif /*CONFIG_NF_CONNTRACK_TIMEOUT*/ -} -#endif /*KERNEL_VERSION(3, 7, 0)*/ -#endif /*KERNEL_VERSION(3, 4, 0)*/ - -#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 4, 0)) -#define sfe_define_post_routing_hook(FN_NAME, HOOKNUM, OPS, SKB, UNUSED, OUT, OKFN) \ -static unsigned int FN_NAME(void *priv, \ - struct sk_buff *SKB, \ - const struct nf_hook_state *state) -#elif (LINUX_VERSION_CODE >= KERNEL_VERSION(3, 13, 0)) -#define sfe_define_post_routing_hook(FN_NAME, HOOKNUM, OPS, SKB, UNUSED, OUT, OKFN) \ -static unsigned int FN_NAME(const struct nf_hook_ops *OPS, \ - struct sk_buff *SKB, \ - const struct net_device *UNUSED, \ - const struct net_device *OUT, \ - int (*OKFN)(struct sk_buff *)) -#else -#define sfe_define_post_routing_hook(FN_NAME, HOOKNUM, OPS, SKB, UNUSED, OUT, OKFN) \ -static unsigned int FN_NAME(unsigned int HOOKNUM, \ - struct sk_buff *SKB, \ - const struct net_device *UNUSED, \ - const struct net_device *OUT, \ - int (*OKFN)(struct sk_buff *)) -#endif - -#define sfe_cm_ipv4_post_routing_hook(HOOKNUM, OPS, SKB, UNUSED, OUT, OKFN) \ - sfe_define_post_routing_hook(__sfe_cm_ipv4_post_routing_hook, HOOKNUM, OPS, SKB, UNUSED, OUT, OKFN) -#define sfe_cm_ipv6_post_routing_hook(HOOKNUM, OPS, SKB, UNUSED, OUT, OKFN) \ - sfe_define_post_routing_hook(__sfe_cm_ipv6_post_routing_hook, HOOKNUM, OPS, SKB, UNUSED, OUT, OKFN) -#define fast_classifier_ipv4_post_routing_hook(HOOKNUM, OPS, SKB, UNUSED, OUT, OKFN) \ - sfe_define_post_routing_hook(__fast_classifier_ipv4_post_routing_hook, HOOKNUM, OPS, SKB, UNUSED, OUT, OKFN) -#define fast_classifier_ipv6_post_routing_hook(HOOKNUM, OPS, SKB, UNUSED, OUT, OKFN) \ - sfe_define_post_routing_hook(__fast_classifier_ipv6_post_routing_hook, HOOKNUM, OPS, SKB, UNUSED, OUT, OKFN) - -#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 4, 0)) -#define SFE_IPV4_NF_POST_ROUTING_HOOK(fn) \ - { \ - .hook = fn, \ - .pf = NFPROTO_IPV4, \ - .hooknum = NF_INET_POST_ROUTING, \ - .priority = NF_IP_PRI_NAT_SRC + 1, \ - } -#else -#define SFE_IPV4_NF_POST_ROUTING_HOOK(fn) \ - { \ - .hook = fn, \ - .owner = THIS_MODULE, \ - .pf = NFPROTO_IPV4, \ - .hooknum = NF_INET_POST_ROUTING, \ - .priority = NF_IP_PRI_NAT_SRC + 1, \ - } -#endif - -#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 4, 0)) -#define SFE_IPV6_NF_POST_ROUTING_HOOK(fn) \ - { \ - .hook = fn, \ - .pf = NFPROTO_IPV6, \ - .hooknum = NF_INET_POST_ROUTING, \ - .priority = NF_IP_PRI_NAT_SRC + 1, \ - } -#else -#define SFE_IPV6_NF_POST_ROUTING_HOOK(fn) \ - { \ - .hook = fn, \ - .owner = THIS_MODULE, \ - .pf = NFPROTO_IPV6, \ - .hooknum = NF_INET_POST_ROUTING, \ - .priority = NF_IP6_PRI_NAT_SRC + 1, \ - } -#endif - -#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 3, 0)) -#define SFE_NF_CT_DEFAULT_ZONE (&nf_ct_zone_dflt) -#else -#define SFE_NF_CT_DEFAULT_ZONE NF_CT_DEFAULT_ZONE -#endif - -/* - * sfe_dev_get_master - * get master of bridge port, and hold it - */ -static inline struct net_device *sfe_dev_get_master(struct net_device *dev) -{ - struct net_device *master; -#if (LINUX_VERSION_CODE >= KERNEL_VERSION(3, 9, 0)) - rcu_read_lock(); - master = netdev_master_upper_dev_get_rcu(dev); - if (master) - dev_hold(master); - - rcu_read_unlock(); -#else - master = dev->master; - if (master) - dev_hold(master); -#endif - return master; -} - -#if (LINUX_VERSION_CODE >= KERNEL_VERSION(3, 11, 0)) -#define SFE_DEV_EVENT_PTR(PTR) netdev_notifier_info_to_dev(PTR) -#else -#define SFE_DEV_EVENT_PTR(PTR) (struct net_device *)(PTR) -#endif - -#if (LINUX_VERSION_CODE >= KERNEL_VERSION(3, 13, 0)) -#define SFE_NF_CONN_ACCT(NM) struct nf_conn_acct *NM -#else -#define SFE_NF_CONN_ACCT(NM) struct nf_conn_counter *NM -#endif - -#if (LINUX_VERSION_CODE >= KERNEL_VERSION(3, 13, 0)) -#define SFE_ACCT_COUNTER(NM) ((NM)->counter) -#else -#define SFE_ACCT_COUNTER(NM) (NM) -#endif - -#if (LINUX_VERSION_CODE >= KERNEL_VERSION(3, 9, 0)) -#define sfe_hash_for_each_possible(name, obj, node, member, key) \ - hash_for_each_possible(name, obj, member, key) -#else -#define sfe_hash_for_each_possible(name, obj, node, member, key) \ - hash_for_each_possible(name, obj, node, member, key) -#endif - -#if (LINUX_VERSION_CODE >= KERNEL_VERSION(3, 9, 0)) -#define sfe_hash_for_each(name, bkt, node, obj, member) \ - hash_for_each(name, bkt, obj, member) -#else -#define sfe_hash_for_each(name, bkt, node, obj, member) \ - hash_for_each(name, bkt, node, obj, member) -#endif - -#if (LINUX_VERSION_CODE >= KERNEL_VERSION(3, 4, 0)) -#define sfe_dst_get_neighbour(dst, daddr) dst_neigh_lookup(dst, daddr) -#else -static inline struct neighbour * -sfe_dst_get_neighbour(struct dst_entry *dst, void *daddr) -{ - struct neighbour *neigh = dst_get_neighbour_noref(dst); - - if (neigh) - neigh_hold(neigh); - - return neigh; -} -#endif diff --git a/shortcut-fe/src/sfe_cm.c b/shortcut-fe/src/sfe_cm.c deleted file mode 100644 index 18f3475e5..000000000 --- a/shortcut-fe/src/sfe_cm.c +++ /dev/null @@ -1,1146 +0,0 @@ -/* - * sfe-cm.c - * Shortcut forwarding engine connection manager. - * - * Copyright (c) 2013-2018 The Linux Foundation. All rights reserved. - * Permission to use, copy, modify, and/or distribute this software for - * any purpose with or without fee is hereby granted, provided that the - * above copyright notice and this permission notice appear in all copies. - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT - * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "sfe.h" -#include "sfe_cm.h" -#include "sfe_backport.h" - -typedef enum sfe_cm_exception { - SFE_CM_EXCEPTION_PACKET_BROADCAST, - SFE_CM_EXCEPTION_PACKET_MULTICAST, - SFE_CM_EXCEPTION_NO_IIF, - SFE_CM_EXCEPTION_NO_CT, - SFE_CM_EXCEPTION_CT_NO_TRACK, - SFE_CM_EXCEPTION_CT_NO_CONFIRM, - SFE_CM_EXCEPTION_CT_IS_ALG, - SFE_CM_EXCEPTION_IS_IPV4_MCAST, - SFE_CM_EXCEPTION_IS_IPV6_MCAST, - SFE_CM_EXCEPTION_TCP_NOT_ASSURED, - SFE_CM_EXCEPTION_TCP_NOT_ESTABLISHED, - SFE_CM_EXCEPTION_UNKNOW_PROTOCOL, - SFE_CM_EXCEPTION_NO_SRC_DEV, - SFE_CM_EXCEPTION_NO_SRC_XLATE_DEV, - SFE_CM_EXCEPTION_NO_DEST_DEV, - SFE_CM_EXCEPTION_NO_DEST_XLATE_DEV, - SFE_CM_EXCEPTION_NO_BRIDGE, - SFE_CM_EXCEPTION_LOCAL_OUT, - SFE_CM_EXCEPTION_MAX -} sfe_cm_exception_t; - -static char *sfe_cm_exception_events_string[SFE_CM_EXCEPTION_MAX] = { - "PACKET_BROADCAST", - "PACKET_MULTICAST", - "NO_IIF", - "NO_CT", - "CT_NO_TRACK", - "CT_NO_CONFIRM", - "CT_IS_ALG", - "IS_IPV4_MCAST", - "IS_IPV6_MCAST", - "TCP_NOT_ASSURED", - "TCP_NOT_ESTABLISHED", - "UNKNOW_PROTOCOL", - "NO_SRC_DEV", - "NO_SRC_XLATE_DEV", - "NO_DEST_DEV", - "NO_DEST_XLATE_DEV", - "NO_BRIDGE", - "LOCAL_OUT" -}; - -/* - * Per-module structure. - */ -struct sfe_cm { - spinlock_t lock; /* Lock for SMP correctness */ - - /* - * Control state. - */ - struct kobject *sys_sfe_cm; /* sysfs linkage */ - - /* - * Callback notifiers. - */ - struct notifier_block dev_notifier; /* Device notifier */ - struct notifier_block inet_notifier; /* IPv4 notifier */ - struct notifier_block inet6_notifier; /* IPv6 notifier */ - u32 exceptions[SFE_CM_EXCEPTION_MAX]; -}; - -static struct sfe_cm __sc; - -/* - * sfe_cm_incr_exceptions() - * increase an exception counter. - */ -static inline void sfe_cm_incr_exceptions(sfe_cm_exception_t except) -{ - struct sfe_cm *sc = &__sc; - - spin_lock_bh(&sc->lock); - sc->exceptions[except]++; - spin_unlock_bh(&sc->lock); -} - -/* - * sfe_cm_recv() - * Handle packet receives. - * - * Returns 1 if the packet is forwarded or 0 if it isn't. - */ -int sfe_cm_recv(struct sk_buff *skb) -{ - struct net_device *dev; - - /* - * We know that for the vast majority of packets we need the transport - * layer header so we may as well start to fetch it now! - */ - prefetch(skb->data + 32); - barrier(); - - dev = skb->dev; - - /* - * We're only interested in IPv4 and IPv6 packets. - */ - if (likely(htons(ETH_P_IP) == skb->protocol)) { - struct in_device *in_dev; - - /* - * Does our input device support IP processing? - */ - in_dev = (struct in_device *)dev->ip_ptr; - if (unlikely(!in_dev)) { - DEBUG_TRACE("no IP processing for device: %s\n", dev->name); - return 0; - } - - /* - * Does it have an IP address? If it doesn't then we can't do anything - * interesting here! - */ - if (unlikely(!in_dev->ifa_list)) { - DEBUG_TRACE("no IP address for device: %s\n", dev->name); - return 0; - } - - return sfe_ipv4_recv(dev, skb); - } - - if (likely(htons(ETH_P_IPV6) == skb->protocol)) { - struct inet6_dev *in_dev; - - /* - * Does our input device support IPv6 processing? - */ - in_dev = (struct inet6_dev *)dev->ip6_ptr; - if (unlikely(!in_dev)) { - DEBUG_TRACE("no IPv6 processing for device: %s\n", dev->name); - return 0; - } - - /* - * Does it have an IPv6 address? If it doesn't then we can't do anything - * interesting here! - */ - if (unlikely(list_empty(&in_dev->addr_list))) { - DEBUG_TRACE("no IPv6 address for device: %s\n", dev->name); - return 0; - } - - return sfe_ipv6_recv(dev, skb); - } - - DEBUG_TRACE("not IP packet\n"); - return 0; -} - -/* - * sfe_cm_find_dev_and_mac_addr() - * Find the device and MAC address for a given IPv4/IPv6 address. - * - * Returns true if we find the device and MAC address, otherwise false. - * - * We look up the rtable entry for the address and, from its neighbour - * structure, obtain the hardware address. This means this function also - * works if the neighbours are routers too. - */ -static bool sfe_cm_find_dev_and_mac_addr(sfe_ip_addr_t *addr, struct net_device **dev, u8 *mac_addr, int is_v4) -{ - struct neighbour *neigh; - struct rtable *rt; - struct rt6_info *rt6; - struct dst_entry *dst; - struct net_device *mac_dev; - - /* - * Look up the rtable entry for the IP address then get the hardware - * address from its neighbour structure. This means this work when the - * neighbours are routers too. - */ - if (likely(is_v4)) { - rt = ip_route_output(&init_net, addr->ip, 0, 0, 0); - if (unlikely(IS_ERR(rt))) { - goto ret_fail; - } - - dst = (struct dst_entry *)rt; - } else { -#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 17, 0)) - rt6 = rt6_lookup(&init_net, (struct in6_addr *)addr->ip6, 0, 0, NULL, 0); -#else - rt6 = rt6_lookup(&init_net, (struct in6_addr *)addr->ip6, 0, 0, 0); -#endif /*KERNEL_VERSION(4, 17, 0)*/ - if (!rt6) { - goto ret_fail; - } - - dst = (struct dst_entry *)rt6; - } - - rcu_read_lock(); - neigh = sfe_dst_get_neighbour(dst, addr); - if (unlikely(!neigh)) { - rcu_read_unlock(); - dst_release(dst); - goto ret_fail; - } - - if (unlikely(!(neigh->nud_state & NUD_VALID))) { - rcu_read_unlock(); - neigh_release(neigh); - dst_release(dst); - goto ret_fail; - } - - mac_dev = neigh->dev; - if (!mac_dev) { - rcu_read_unlock(); - neigh_release(neigh); - dst_release(dst); - goto ret_fail; - } - - memcpy(mac_addr, neigh->ha, (size_t)mac_dev->addr_len); - - dev_hold(mac_dev); - *dev = mac_dev; - rcu_read_unlock(); - neigh_release(neigh); - dst_release(dst); - - return true; - -ret_fail: - if (is_v4) { - DEBUG_TRACE("failed to find MAC address for IP: %pI4\n", &addr->ip); - - } else { - DEBUG_TRACE("failed to find MAC address for IP: %pI6\n", addr->ip6); - } - - return false; -} - -/* - * sfe_cm_post_routing() - * Called for packets about to leave the box - either locally generated or forwarded from another interface - */ -static unsigned int sfe_cm_post_routing(struct sk_buff *skb, int is_v4) -{ - struct sfe_connection_create sic; - struct net_device *in; - struct nf_conn *ct; - enum ip_conntrack_info ctinfo; - struct net_device *dev; - struct net_device *src_dev; - struct net_device *dest_dev; - struct net_device *src_dev_tmp; - struct net_device *dest_dev_tmp; - struct net_device *src_br_dev = NULL; - struct net_device *dest_br_dev = NULL; - struct nf_conntrack_tuple orig_tuple; - struct nf_conntrack_tuple reply_tuple; - SFE_NF_CONN_ACCT(acct); - - /* - * Don't process broadcast or multicast packets. - */ - if (unlikely(skb->pkt_type == PACKET_BROADCAST)) { - sfe_cm_incr_exceptions(SFE_CM_EXCEPTION_PACKET_BROADCAST); - DEBUG_TRACE("broadcast, ignoring\n"); - return NF_ACCEPT; - } - if (unlikely(skb->pkt_type == PACKET_MULTICAST)) { - sfe_cm_incr_exceptions(SFE_CM_EXCEPTION_PACKET_MULTICAST); - DEBUG_TRACE("multicast, ignoring\n"); - return NF_ACCEPT; - } - -#ifdef CONFIG_XFRM - /* - * Packet to xfrm for encapsulation, we can't process it - */ - if (unlikely(skb_dst(skb)->xfrm)) { - DEBUG_TRACE("packet to xfrm, ignoring\n"); - return NF_ACCEPT; - } -#endif - - /* - * Don't process locally generated packets. - */ - if (skb->sk) { - sfe_cm_incr_exceptions(SFE_CM_EXCEPTION_LOCAL_OUT); - DEBUG_TRACE("skip local out packet\n"); - return NF_ACCEPT; - } - - /* - * Don't process packets that are not being forwarded. - */ - in = dev_get_by_index(&init_net, skb->skb_iif); - if (!in) { - sfe_cm_incr_exceptions(SFE_CM_EXCEPTION_NO_IIF); - DEBUG_TRACE("packet not forwarding\n"); - return NF_ACCEPT; - } - - dev_put(in); - - /* - * Don't process packets that aren't being tracked by conntrack. - */ - ct = nf_ct_get(skb, &ctinfo); - if (unlikely(!ct)) { - sfe_cm_incr_exceptions(SFE_CM_EXCEPTION_NO_CT); - DEBUG_TRACE("no conntrack connection, ignoring\n"); - return NF_ACCEPT; - } - -#if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 12, 0)) - /* - * Don't process untracked connections. - */ - if (unlikely(nf_ct_is_untracked(ct))) { - sfe_cm_incr_exceptions(SFE_CM_EXCEPTION_CT_NO_TRACK); - DEBUG_TRACE("untracked connection\n"); - return NF_ACCEPT; - } -#endif /*KERNEL_VERSION(4, 12, 0)*/ - - /* - * Unconfirmed connection may be dropped by Linux at the final step, - * So we don't process unconfirmed connections. - */ - if (!nf_ct_is_confirmed(ct)) { - sfe_cm_incr_exceptions(SFE_CM_EXCEPTION_CT_NO_CONFIRM); - DEBUG_TRACE("unconfirmed connection\n"); - return NF_ACCEPT; - } - - /* - * Don't process connections that require support from a 'helper' (typically a NAT ALG). - */ - if (unlikely(nfct_help(ct))) { - sfe_cm_incr_exceptions(SFE_CM_EXCEPTION_CT_IS_ALG); - DEBUG_TRACE("connection has helper\n"); - return NF_ACCEPT; - } - - /* - * Check if the acceleration of a flow could be rejected quickly. - */ - acct = nf_conn_acct_find(ct); - if (acct) { - long long packets = atomic64_read(&SFE_ACCT_COUNTER(acct)[CTINFO2DIR(ctinfo)].packets); - if ((packets > 0xff) && (packets & 0xff)) { - /* - * Connection hits slow path at least 256 times, so it must be not able to accelerate. - * But we also give it a chance to walk through ECM every 256 packets - */ - return NF_ACCEPT; - } - } - - /* - * Look up the details of our connection in conntrack. - * - * Note that the data we get from conntrack is for the "ORIGINAL" direction - * but our packet may actually be in the "REPLY" direction. - */ - orig_tuple = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple; - reply_tuple = ct->tuplehash[IP_CT_DIR_REPLY].tuple; - sic.protocol = (s32)orig_tuple.dst.protonum; - - sic.flags = 0; - - /* - * Get addressing information, non-NAT first - */ - if (likely(is_v4)) { - u32 dscp; - - sic.src_ip.ip = (__be32)orig_tuple.src.u3.ip; - sic.dest_ip.ip = (__be32)orig_tuple.dst.u3.ip; - - if (ipv4_is_multicast(sic.src_ip.ip) || ipv4_is_multicast(sic.dest_ip.ip)) { - sfe_cm_incr_exceptions(SFE_CM_EXCEPTION_IS_IPV4_MCAST); - DEBUG_TRACE("multicast address\n"); - return NF_ACCEPT; - } - - /* - * NAT'ed addresses - note these are as seen from the 'reply' direction - * When NAT does not apply to this connection these will be identical to the above. - */ - sic.src_ip_xlate.ip = (__be32)reply_tuple.dst.u3.ip; - sic.dest_ip_xlate.ip = (__be32)reply_tuple.src.u3.ip; - - dscp = ipv4_get_dsfield(ip_hdr(skb)) >> XT_DSCP_SHIFT; - if (dscp) { - sic.dest_dscp = dscp; - sic.src_dscp = sic.dest_dscp; - sic.flags |= SFE_CREATE_FLAG_REMARK_DSCP; - } - } else { - u32 dscp; - - sic.src_ip.ip6[0] = *((struct sfe_ipv6_addr *)&orig_tuple.src.u3.in6); - sic.dest_ip.ip6[0] = *((struct sfe_ipv6_addr *)&orig_tuple.dst.u3.in6); - - if (ipv6_addr_is_multicast((struct in6_addr *)sic.src_ip.ip6) || - ipv6_addr_is_multicast((struct in6_addr *)sic.dest_ip.ip6)) { - sfe_cm_incr_exceptions(SFE_CM_EXCEPTION_IS_IPV6_MCAST); - DEBUG_TRACE("multicast address\n"); - return NF_ACCEPT; - } - - /* - * NAT'ed addresses - note these are as seen from the 'reply' direction - * When NAT does not apply to this connection these will be identical to the above. - */ - sic.src_ip_xlate.ip6[0] = *((struct sfe_ipv6_addr *)&reply_tuple.dst.u3.in6); - sic.dest_ip_xlate.ip6[0] = *((struct sfe_ipv6_addr *)&reply_tuple.src.u3.in6); - - dscp = ipv6_get_dsfield(ipv6_hdr(skb)) >> XT_DSCP_SHIFT; - if (dscp) { - sic.dest_dscp = dscp; - sic.src_dscp = sic.dest_dscp; - sic.flags |= SFE_CREATE_FLAG_REMARK_DSCP; - } - } - - switch (sic.protocol) { - case IPPROTO_TCP: - sic.src_port = orig_tuple.src.u.tcp.port; - sic.dest_port = orig_tuple.dst.u.tcp.port; - sic.src_port_xlate = reply_tuple.dst.u.tcp.port; - sic.dest_port_xlate = reply_tuple.src.u.tcp.port; - sic.src_td_window_scale = ct->proto.tcp.seen[0].td_scale; - sic.src_td_max_window = ct->proto.tcp.seen[0].td_maxwin; - sic.src_td_end = ct->proto.tcp.seen[0].td_end; - sic.src_td_max_end = ct->proto.tcp.seen[0].td_maxend; - sic.dest_td_window_scale = ct->proto.tcp.seen[1].td_scale; - sic.dest_td_max_window = ct->proto.tcp.seen[1].td_maxwin; - sic.dest_td_end = ct->proto.tcp.seen[1].td_end; - sic.dest_td_max_end = ct->proto.tcp.seen[1].td_maxend; - - if (nf_ct_tcp_no_window_check - || (ct->proto.tcp.seen[0].flags & IP_CT_TCP_FLAG_BE_LIBERAL) - || (ct->proto.tcp.seen[1].flags & IP_CT_TCP_FLAG_BE_LIBERAL)) { - sic.flags |= SFE_CREATE_FLAG_NO_SEQ_CHECK; - } - - /* - * Don't try to manage a non-established connection. - */ - if (!test_bit(IPS_ASSURED_BIT, &ct->status)) { - sfe_cm_incr_exceptions(SFE_CM_EXCEPTION_TCP_NOT_ASSURED); - DEBUG_TRACE("non-established connection\n"); - return NF_ACCEPT; - } - - /* - * If the connection is shutting down do not manage it. - * state can not be SYN_SENT, SYN_RECV because connection is assured - * Not managed states: FIN_WAIT, CLOSE_WAIT, LAST_ACK, TIME_WAIT, CLOSE. - */ - spin_lock_bh(&ct->lock); - if (ct->proto.tcp.state != TCP_CONNTRACK_ESTABLISHED) { - spin_unlock_bh(&ct->lock); - sfe_cm_incr_exceptions(SFE_CM_EXCEPTION_TCP_NOT_ESTABLISHED); - DEBUG_TRACE("connection in termination state: %#x, s: %pI4:%u, d: %pI4:%u\n", - ct->proto.tcp.state, &sic.src_ip, ntohs(sic.src_port), - &sic.dest_ip, ntohs(sic.dest_port)); - return NF_ACCEPT; - } - spin_unlock_bh(&ct->lock); - break; - - case IPPROTO_UDP: - sic.src_port = orig_tuple.src.u.udp.port; - sic.dest_port = orig_tuple.dst.u.udp.port; - sic.src_port_xlate = reply_tuple.dst.u.udp.port; - sic.dest_port_xlate = reply_tuple.src.u.udp.port; - break; - - default: - sfe_cm_incr_exceptions(SFE_CM_EXCEPTION_UNKNOW_PROTOCOL); - DEBUG_TRACE("unhandled protocol %d\n", sic.protocol); - return NF_ACCEPT; - } - -#ifdef CONFIG_XFRM - sic.original_accel = 1; - sic.reply_accel = 1; - - /* - * For packets de-capsulated from xfrm, we still can accelerate it - * on the direction we just received the packet. - */ -#if (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 0, 0)) - if (unlikely(skb_ext_exist(skb, SKB_EXT_SEC_PATH))) { -#else - if (unlikely(skb->sp)) { -#endif - if (sic.protocol == IPPROTO_TCP && - !(sic.flags & SFE_CREATE_FLAG_NO_SEQ_CHECK)) { - return NF_ACCEPT; - } - - if (CTINFO2DIR(ctinfo) == IP_CT_DIR_ORIGINAL) { - sic.reply_accel = 0; - } else { - sic.original_accel = 0; - } - } -#endif - - /* - * Get QoS information - */ - if (skb->priority) { - sic.dest_priority = skb->priority; - sic.src_priority = sic.dest_priority; - sic.flags |= SFE_CREATE_FLAG_REMARK_PRIORITY; - } - - /* - * Get the net device and MAC addresses that correspond to the various source and - * destination host addresses. - */ - if (!sfe_cm_find_dev_and_mac_addr(&sic.src_ip, &src_dev_tmp, sic.src_mac, is_v4)) { - sfe_cm_incr_exceptions(SFE_CM_EXCEPTION_NO_SRC_DEV); - return NF_ACCEPT; - } - src_dev = src_dev_tmp; - - if (!sfe_cm_find_dev_and_mac_addr(&sic.src_ip_xlate, &dev, sic.src_mac_xlate, is_v4)) { - sfe_cm_incr_exceptions(SFE_CM_EXCEPTION_NO_SRC_XLATE_DEV); - goto done1; - } - dev_put(dev); - - if (!sfe_cm_find_dev_and_mac_addr(&sic.dest_ip, &dev, sic.dest_mac, is_v4)) { - sfe_cm_incr_exceptions(SFE_CM_EXCEPTION_NO_DEST_DEV); - goto done1; - } - dev_put(dev); - - if (!sfe_cm_find_dev_and_mac_addr(&sic.dest_ip_xlate, &dest_dev_tmp, sic.dest_mac_xlate, is_v4)) { - sfe_cm_incr_exceptions(SFE_CM_EXCEPTION_NO_DEST_XLATE_DEV); - goto done1; - } - dest_dev = dest_dev_tmp; - - /* - * Our devices may actually be part of a bridge interface. If that's - * the case then find the bridge interface instead. - */ - if (src_dev->priv_flags & IFF_BRIDGE_PORT) { - src_br_dev = sfe_dev_get_master(src_dev); - if (!src_br_dev) { - sfe_cm_incr_exceptions(SFE_CM_EXCEPTION_NO_BRIDGE); - DEBUG_TRACE("no bridge found for: %s\n", src_dev->name); - goto done2; - } - src_dev = src_br_dev; - } - - if (dest_dev->priv_flags & IFF_BRIDGE_PORT) { - dest_br_dev = sfe_dev_get_master(dest_dev); - if (!dest_br_dev) { - sfe_cm_incr_exceptions(SFE_CM_EXCEPTION_NO_BRIDGE); - DEBUG_TRACE("no bridge found for: %s\n", dest_dev->name); - goto done3; - } - dest_dev = dest_br_dev; - } - - sic.src_dev = src_dev; - sic.dest_dev = dest_dev; - - sic.src_mtu = src_dev->mtu; - sic.dest_mtu = dest_dev->mtu; - - if (likely(is_v4)) { - sfe_ipv4_create_rule(&sic); - } else { - sfe_ipv6_create_rule(&sic); - } - - /* - * If we had bridge ports then release them too. - */ - if (dest_br_dev) { - dev_put(dest_br_dev); - } -done3: - if (src_br_dev) { - dev_put(src_br_dev); - } -done2: - dev_put(dest_dev_tmp); -done1: - dev_put(src_dev_tmp); - - return NF_ACCEPT; -} - -/* - * sfe_cm_ipv4_post_routing_hook() - * Called for packets about to leave the box - either locally generated or forwarded from another interface - */ -sfe_cm_ipv4_post_routing_hook(hooknum, ops, skb, in_unused, out, okfn) -{ - return sfe_cm_post_routing(skb, true); -} - -/* - * sfe_cm_ipv6_post_routing_hook() - * Called for packets about to leave the box - either locally generated or forwarded from another interface - */ -sfe_cm_ipv6_post_routing_hook(hooknum, ops, skb, in_unused, out, okfn) -{ - return sfe_cm_post_routing(skb, false); -} - -#ifdef CONFIG_NF_CONNTRACK_EVENTS -/* - * sfe_cm_conntrack_event() - * Callback event invoked when a conntrack connection's state changes. - */ -#ifdef CONFIG_NF_CONNTRACK_CHAIN_EVENTS -static int sfe_cm_conntrack_event(struct notifier_block *this, - unsigned long events, void *ptr) -#else -static int sfe_cm_conntrack_event(unsigned int events, struct nf_ct_event *item) -#endif -{ -#ifdef CONFIG_NF_CONNTRACK_CHAIN_EVENTS - struct nf_ct_event *item = ptr; -#endif - struct sfe_connection_destroy sid; - struct nf_conn *ct = item->ct; - struct nf_conntrack_tuple orig_tuple; - - /* - * If we don't have a conntrack entry then we're done. - */ - if (unlikely(!ct)) { - DEBUG_WARN("no ct in conntrack event callback\n"); - return NOTIFY_DONE; - } - -#if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 12, 0)) - /* - * If this is an untracked connection then we can't have any state either. - */ - if (unlikely(nf_ct_is_untracked(ct))) { - DEBUG_TRACE("ignoring untracked conn\n"); - return NOTIFY_DONE; - } -#endif /*KERNEL_VERSION(4, 12, 0)*/ - - /* - * We're only interested in destroy events. - */ - if (unlikely(!(events & (1 << IPCT_DESTROY)))) { - DEBUG_TRACE("ignoring non-destroy event\n"); - return NOTIFY_DONE; - } - - orig_tuple = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple; - sid.protocol = (s32)orig_tuple.dst.protonum; - - /* - * Extract information from the conntrack connection. We're only interested - * in nominal connection information (i.e. we're ignoring any NAT information). - */ - switch (sid.protocol) { - case IPPROTO_TCP: - sid.src_port = orig_tuple.src.u.tcp.port; - sid.dest_port = orig_tuple.dst.u.tcp.port; - break; - - case IPPROTO_UDP: - sid.src_port = orig_tuple.src.u.udp.port; - sid.dest_port = orig_tuple.dst.u.udp.port; - break; - - default: - DEBUG_TRACE("unhandled protocol: %d\n", sid.protocol); - return NOTIFY_DONE; - } - - if (likely(nf_ct_l3num(ct) == AF_INET)) { - sid.src_ip.ip = (__be32)orig_tuple.src.u3.ip; - sid.dest_ip.ip = (__be32)orig_tuple.dst.u3.ip; - - sfe_ipv4_destroy_rule(&sid); - } else if (likely(nf_ct_l3num(ct) == AF_INET6)) { - sid.src_ip.ip6[0] = *((struct sfe_ipv6_addr *)&orig_tuple.src.u3.in6); - sid.dest_ip.ip6[0] = *((struct sfe_ipv6_addr *)&orig_tuple.dst.u3.in6); - - sfe_ipv6_destroy_rule(&sid); - } else { - DEBUG_TRACE("ignoring non-IPv4 and non-IPv6 connection\n"); - } - - return NOTIFY_DONE; -} - -/* - * Netfilter conntrack event system to monitor connection tracking changes - */ -#ifdef CONFIG_NF_CONNTRACK_CHAIN_EVENTS -static struct notifier_block sfe_cm_conntrack_notifier = { - .notifier_call = sfe_cm_conntrack_event, -}; -#else -static struct nf_ct_event_notifier sfe_cm_conntrack_notifier = { - .fcn = sfe_cm_conntrack_event, -}; -#endif -#endif - -/* - * Structure to establish a hook into the post routing netfilter point - this - * will pick up local outbound and packets going from one interface to another. - * - * Note: see include/linux/netfilter_ipv4.h for info related to priority levels. - * We want to examine packets after NAT translation and any ALG processing. - */ -static struct nf_hook_ops sfe_cm_ops_post_routing[] __read_mostly = { - SFE_IPV4_NF_POST_ROUTING_HOOK(__sfe_cm_ipv4_post_routing_hook), -#ifdef SFE_SUPPORT_IPV6 - SFE_IPV6_NF_POST_ROUTING_HOOK(__sfe_cm_ipv6_post_routing_hook), -#endif -}; - -/* - * sfe_cm_sync_rule() - * Synchronize a connection's state. - */ -static void sfe_cm_sync_rule(struct sfe_connection_sync *sis) -{ - struct nf_conntrack_tuple_hash *h; - struct nf_conntrack_tuple tuple; - struct nf_conn *ct; - SFE_NF_CONN_ACCT(acct); - - /* - * Create a tuple so as to be able to look up a connection - */ - memset(&tuple, 0, sizeof(tuple)); - tuple.src.u.all = (__be16)sis->src_port; - tuple.dst.dir = IP_CT_DIR_ORIGINAL; - tuple.dst.protonum = (u8)sis->protocol; - tuple.dst.u.all = (__be16)sis->dest_port; - - if (sis->is_v6) { - tuple.src.u3.in6 = *((struct in6_addr *)sis->src_ip.ip6); - tuple.dst.u3.in6 = *((struct in6_addr *)sis->dest_ip.ip6); - tuple.src.l3num = AF_INET6; - - DEBUG_TRACE("update connection - p: %d, s: %pI6:%u, d: %pI6:%u\n", - (int)tuple.dst.protonum, - &tuple.src.u3.in6, (unsigned int)ntohs(tuple.src.u.all), - &tuple.dst.u3.in6, (unsigned int)ntohs(tuple.dst.u.all)); - } else { - tuple.src.u3.ip = sis->src_ip.ip; - tuple.dst.u3.ip = sis->dest_ip.ip; - tuple.src.l3num = AF_INET; - - DEBUG_TRACE("update connection - p: %d, s: %pI4:%u, d: %pI4:%u\n", - (int)tuple.dst.protonum, - &tuple.src.u3.ip, (unsigned int)ntohs(tuple.src.u.all), - &tuple.dst.u3.ip, (unsigned int)ntohs(tuple.dst.u.all)); - } - - /* - * Look up conntrack connection - */ - h = nf_conntrack_find_get(&init_net, SFE_NF_CT_DEFAULT_ZONE, &tuple); - if (unlikely(!h)) { - DEBUG_TRACE("no connection found\n"); - return; - } - - ct = nf_ct_tuplehash_to_ctrack(h); -#if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 9, 0)) - NF_CT_ASSERT(ct->timeout.data == (unsigned long)ct); -#endif /*KERNEL_VERSION(4, 9, 0)*/ - - /* - * Only update if this is not a fixed timeout - */ - if (!test_bit(IPS_FIXED_TIMEOUT_BIT, &ct->status)) { - spin_lock_bh(&ct->lock); -#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 9, 0)) - ct->timeout += sis->delta_jiffies; -#else - ct->timeout.expires += sis->delta_jiffies; -#endif /*KERNEL_VERSION(4, 9, 0)*/ - spin_unlock_bh(&ct->lock); - } - - acct = nf_conn_acct_find(ct); - if (acct) { - spin_lock_bh(&ct->lock); - atomic64_add(sis->src_new_packet_count, &SFE_ACCT_COUNTER(acct)[IP_CT_DIR_ORIGINAL].packets); - atomic64_add(sis->src_new_byte_count, &SFE_ACCT_COUNTER(acct)[IP_CT_DIR_ORIGINAL].bytes); - atomic64_add(sis->dest_new_packet_count, &SFE_ACCT_COUNTER(acct)[IP_CT_DIR_REPLY].packets); - atomic64_add(sis->dest_new_byte_count, &SFE_ACCT_COUNTER(acct)[IP_CT_DIR_REPLY].bytes); - spin_unlock_bh(&ct->lock); - } - - switch (sis->protocol) { - case IPPROTO_TCP: - spin_lock_bh(&ct->lock); - if (ct->proto.tcp.seen[0].td_maxwin < sis->src_td_max_window) { - ct->proto.tcp.seen[0].td_maxwin = sis->src_td_max_window; - } - if ((s32)(ct->proto.tcp.seen[0].td_end - sis->src_td_end) < 0) { - ct->proto.tcp.seen[0].td_end = sis->src_td_end; - } - if ((s32)(ct->proto.tcp.seen[0].td_maxend - sis->src_td_max_end) < 0) { - ct->proto.tcp.seen[0].td_maxend = sis->src_td_max_end; - } - if (ct->proto.tcp.seen[1].td_maxwin < sis->dest_td_max_window) { - ct->proto.tcp.seen[1].td_maxwin = sis->dest_td_max_window; - } - if ((s32)(ct->proto.tcp.seen[1].td_end - sis->dest_td_end) < 0) { - ct->proto.tcp.seen[1].td_end = sis->dest_td_end; - } - if ((s32)(ct->proto.tcp.seen[1].td_maxend - sis->dest_td_max_end) < 0) { - ct->proto.tcp.seen[1].td_maxend = sis->dest_td_max_end; - } - spin_unlock_bh(&ct->lock); - break; -#if (LINUX_VERSION_CODE >= KERNEL_VERSION(3, 4, 0)) - case IPPROTO_UDP: - /* - * In Linux connection track, UDP flow has two timeout values: - * /proc/sys/net/netfilter/nf_conntrack_udp_timeout: - * this is for uni-direction UDP flow, normally its value is 60 seconds - * /proc/sys/net/netfilter/nf_conntrack_udp_timeout_stream: - * this is for bi-direction UDP flow, normally its value is 180 seconds - * - * Linux will update timer of UDP flow to stream timeout once it seen packets - * in reply direction. But if flow is accelerated by NSS or SFE, Linux won't - * see any packets. So we have to do the same thing in our stats sync message. - */ - if (!test_bit(IPS_ASSURED_BIT, &ct->status) && acct) { - u_int64_t reply_pkts = atomic64_read(&SFE_ACCT_COUNTER(acct)[IP_CT_DIR_REPLY].packets); - - if (reply_pkts != 0) { - unsigned int *timeouts; - - set_bit(IPS_SEEN_REPLY_BIT, &ct->status); - set_bit(IPS_ASSURED_BIT, &ct->status); - -#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 19, 0)) - timeouts = nf_ct_timeout_lookup(ct); -#else - struct nf_conntrack_l4proto *l4proto; - - l4proto = __nf_ct_l4proto_find((sis->is_v6 ? AF_INET6 : AF_INET), IPPROTO_UDP); - timeouts = nf_ct_timeout_lookup(&init_net, ct, l4proto); -#endif /*KERNEL_VERSION(4, 19, 0)*/ - - spin_lock_bh(&ct->lock); -#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 9, 0)) - ct->timeout = jiffies + timeouts[UDP_CT_REPLIED]; -#else - ct->timeout.expires = jiffies + timeouts[UDP_CT_REPLIED]; -#endif /*KERNEL_VERSION(4, 9, 0)*/ - spin_unlock_bh(&ct->lock); - } - } - break; -#endif /*KERNEL_VERSION(3, 4, 0)*/ - } - - /* - * Release connection - */ - nf_ct_put(ct); -} - -/* - * sfe_cm_device_event() - */ -int sfe_cm_device_event(struct notifier_block *this, unsigned long event, void *ptr) -{ - struct net_device *dev = SFE_DEV_EVENT_PTR(ptr); - - if (dev && (event == NETDEV_DOWN)) { - sfe_ipv4_destroy_all_rules_for_dev(dev); - sfe_ipv6_destroy_all_rules_for_dev(dev); - } - - return NOTIFY_DONE; -} - -/* - * sfe_cm_inet_event() - */ -static int sfe_cm_inet_event(struct notifier_block *this, unsigned long event, void *ptr) -{ - struct net_device *dev = ((struct in_ifaddr *)ptr)->ifa_dev->dev; - - if (dev && (event == NETDEV_DOWN)) { - sfe_ipv4_destroy_all_rules_for_dev(dev); - } - - return NOTIFY_DONE; -} - -/* - * sfe_cm_inet6_event() - */ -static int sfe_cm_inet6_event(struct notifier_block *this, unsigned long event, void *ptr) -{ - struct net_device *dev = ((struct inet6_ifaddr *)ptr)->idev->dev; - - if (dev && (event == NETDEV_DOWN)) { - sfe_ipv6_destroy_all_rules_for_dev(dev); - } - - return NOTIFY_DONE; -} - -/* - * sfe_cm_get_exceptions - * dump exception counters - */ -static ssize_t sfe_cm_get_exceptions(struct device *dev, - struct device_attribute *attr, - char *buf) -{ - int idx, len; - struct sfe_cm *sc = &__sc; - - spin_lock_bh(&sc->lock); - for (len = 0, idx = 0; idx < SFE_CM_EXCEPTION_MAX; idx++) { - if (sc->exceptions[idx]) { - len += snprintf(buf + len, (ssize_t)(PAGE_SIZE - len), "%s = %d\n", sfe_cm_exception_events_string[idx], sc->exceptions[idx]); - } - } - spin_unlock_bh(&sc->lock); - - return len; -} - -/* - * sysfs attributes. - */ -static const struct device_attribute sfe_cm_exceptions_attr = - __ATTR(exceptions, S_IRUGO, sfe_cm_get_exceptions, NULL); - -/* - * sfe_cm_init() - */ -static int __init sfe_cm_init(void) -{ - struct sfe_cm *sc = &__sc; - int result = -1; - - DEBUG_INFO("SFE CM init\n"); - - /* - * Create sys/sfe_cm - */ - sc->sys_sfe_cm = kobject_create_and_add("sfe_cm", NULL); - if (!sc->sys_sfe_cm) { - DEBUG_ERROR("failed to register sfe_cm\n"); - goto exit1; - } - - /* - * Create sys/sfe_cm/exceptions - */ - result = sysfs_create_file(sc->sys_sfe_cm, &sfe_cm_exceptions_attr.attr); - if (result) { - DEBUG_ERROR("failed to register exceptions file: %d\n", result); - goto exit2; - } - - sc->dev_notifier.notifier_call = sfe_cm_device_event; - sc->dev_notifier.priority = 1; - register_netdevice_notifier(&sc->dev_notifier); - - sc->inet_notifier.notifier_call = sfe_cm_inet_event; - sc->inet_notifier.priority = 1; - register_inetaddr_notifier(&sc->inet_notifier); - - sc->inet6_notifier.notifier_call = sfe_cm_inet6_event; - sc->inet6_notifier.priority = 1; - register_inet6addr_notifier(&sc->inet6_notifier); - /* - * Register our netfilter hooks. - */ - result = nf_register_net_hooks(&init_net, sfe_cm_ops_post_routing, ARRAY_SIZE(sfe_cm_ops_post_routing)); - if (result < 0) { - DEBUG_ERROR("can't register nf post routing hook: %d\n", result); - goto exit3; - } - - /* - * Register a notifier hook to get fast notifications of expired connections. - * Note: In CONFIG_NF_CONNTRACK_CHAIN_EVENTS enabled case, nf_conntrack_register_notifier() - * function always returns 0. - */ -#ifdef CONFIG_NF_CONNTRACK_EVENTS -#ifdef CONFIG_NF_CONNTRACK_CHAIN_EVENTS - (void)nf_conntrack_register_chain_notifier(&init_net, &sfe_cm_conntrack_notifier); -#else - result = nf_conntrack_register_notifier(&init_net, &sfe_cm_conntrack_notifier); - if (result < 0) { - DEBUG_ERROR("can't register nf notifier hook: %d\n", result); - goto exit4; - } -#endif -#endif - - spin_lock_init(&sc->lock); - - /* - * Hook the receive path in the network stack. - */ - BUG_ON(athrs_fast_nat_recv); - RCU_INIT_POINTER(athrs_fast_nat_recv, sfe_cm_recv); - - /* - * Hook the shortcut sync callback. - */ - sfe_ipv4_register_sync_rule_callback(sfe_cm_sync_rule); - sfe_ipv6_register_sync_rule_callback(sfe_cm_sync_rule); - return 0; - -#ifdef CONFIG_NF_CONNTRACK_EVENTS -#ifndef CONFIG_NF_CONNTRACK_CHAIN_EVENTS -exit4: - nf_unregister_net_hooks(&init_net, sfe_cm_ops_post_routing, ARRAY_SIZE(sfe_cm_ops_post_routing)); -#endif -#endif -exit3: - unregister_inet6addr_notifier(&sc->inet6_notifier); - unregister_inetaddr_notifier(&sc->inet_notifier); - unregister_netdevice_notifier(&sc->dev_notifier); -exit2: - kobject_put(sc->sys_sfe_cm); - -exit1: - return result; -} - -/* - * sfe_cm_exit() - */ -static void __exit sfe_cm_exit(void) -{ - struct sfe_cm *sc = &__sc; - - DEBUG_INFO("SFE CM exit\n"); - - /* - * Unregister our sync callback. - */ - sfe_ipv4_register_sync_rule_callback(NULL); - sfe_ipv6_register_sync_rule_callback(NULL); - - /* - * Unregister our receive callback. - */ - RCU_INIT_POINTER(athrs_fast_nat_recv, NULL); - - /* - * Wait for all callbacks to complete. - */ - rcu_barrier(); - - /* - * Destroy all connections. - */ - sfe_ipv4_destroy_all_rules_for_dev(NULL); - sfe_ipv6_destroy_all_rules_for_dev(NULL); - -#ifdef CONFIG_NF_CONNTRACK_EVENTS -#ifdef CONFIG_NF_CONNTRACK_CHAIN_EVENTS - nf_conntrack_unregister_chain_notifier(&init_net, &sfe_cm_conntrack_notifier); -#else - nf_conntrack_unregister_notifier(&init_net, &sfe_cm_conntrack_notifier); -#endif -#endif - nf_unregister_net_hooks(&init_net, sfe_cm_ops_post_routing, ARRAY_SIZE(sfe_cm_ops_post_routing)); - - unregister_inet6addr_notifier(&sc->inet6_notifier); - unregister_inetaddr_notifier(&sc->inet_notifier); - unregister_netdevice_notifier(&sc->dev_notifier); - - kobject_put(sc->sys_sfe_cm); -} - -module_init(sfe_cm_init) -module_exit(sfe_cm_exit) - -MODULE_DESCRIPTION("Shortcut Forwarding Engine - Connection Manager"); -MODULE_LICENSE("Dual BSD/GPL"); - diff --git a/shortcut-fe/src/sfe_cm.h b/shortcut-fe/src/sfe_cm.h deleted file mode 100644 index 23cbde859..000000000 --- a/shortcut-fe/src/sfe_cm.h +++ /dev/null @@ -1,259 +0,0 @@ -/* - * sfe_cm.h - * Shortcut forwarding engine. - * - * Copyright (c) 2013-2016 The Linux Foundation. All rights reserved. - * Permission to use, copy, modify, and/or distribute this software for - * any purpose with or without fee is hereby granted, provided that the - * above copyright notice and this permission notice appear in all copies. - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT - * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* - * connection flags. - */ -#define SFE_CREATE_FLAG_NO_SEQ_CHECK BIT(0) - /* Indicates that we should not check sequence numbers */ -#define SFE_CREATE_FLAG_REMARK_PRIORITY BIT(1) - /* Indicates that we should remark priority of skb */ -#define SFE_CREATE_FLAG_REMARK_DSCP BIT(2) - /* Indicates that we should remark DSCP of packet */ - -/* - * IPv6 address structure - */ -struct sfe_ipv6_addr { - __be32 addr[4]; -}; - -typedef union { - __be32 ip; - struct sfe_ipv6_addr ip6[1]; -} sfe_ip_addr_t; - -/* - * connection creation structure. - */ -struct sfe_connection_create { - int protocol; - struct net_device *src_dev; - struct net_device *dest_dev; - u32 flags; - u32 src_mtu; - u32 dest_mtu; - sfe_ip_addr_t src_ip; - sfe_ip_addr_t src_ip_xlate; - sfe_ip_addr_t dest_ip; - sfe_ip_addr_t dest_ip_xlate; - __be16 src_port; - __be16 src_port_xlate; - __be16 dest_port; - __be16 dest_port_xlate; - u8 src_mac[ETH_ALEN]; - u8 src_mac_xlate[ETH_ALEN]; - u8 dest_mac[ETH_ALEN]; - u8 dest_mac_xlate[ETH_ALEN]; - u8 src_td_window_scale; - u32 src_td_max_window; - u32 src_td_end; - u32 src_td_max_end; - u8 dest_td_window_scale; - u32 dest_td_max_window; - u32 dest_td_end; - u32 dest_td_max_end; - u32 mark; -#ifdef CONFIG_XFRM - u32 original_accel; - u32 reply_accel; -#endif - u32 src_priority; - u32 dest_priority; - u32 src_dscp; - u32 dest_dscp; -}; - -/* - * connection destruction structure. - */ -struct sfe_connection_destroy { - int protocol; - sfe_ip_addr_t src_ip; - sfe_ip_addr_t dest_ip; - __be16 src_port; - __be16 dest_port; -}; - -typedef enum sfe_sync_reason { - SFE_SYNC_REASON_STATS, /* Sync is to synchronize stats */ - SFE_SYNC_REASON_FLUSH, /* Sync is to flush a entry */ - SFE_SYNC_REASON_DESTROY /* Sync is to destroy a entry(requested by connection manager) */ -} sfe_sync_reason_t; - -/* - * Structure used to sync connection stats/state back within the system. - * - * NOTE: The addresses here are NON-NAT addresses, i.e. the true endpoint addressing. - * 'src' is the creator of the connection. - */ -struct sfe_connection_sync { - struct net_device *src_dev; - struct net_device *dest_dev; - int is_v6; /* Is it for ipv6? */ - int protocol; /* IP protocol number (IPPROTO_...) */ - sfe_ip_addr_t src_ip; /* Non-NAT source address, i.e. the creator of the connection */ - sfe_ip_addr_t src_ip_xlate; /* NATed source address */ - __be16 src_port; /* Non-NAT source port */ - __be16 src_port_xlate; /* NATed source port */ - sfe_ip_addr_t dest_ip; /* Non-NAT destination address, i.e. to whom the connection was created */ - sfe_ip_addr_t dest_ip_xlate; /* NATed destination address */ - __be16 dest_port; /* Non-NAT destination port */ - __be16 dest_port_xlate; /* NATed destination port */ - u32 src_td_max_window; - u32 src_td_end; - u32 src_td_max_end; - u64 src_packet_count; - u64 src_byte_count; - u32 src_new_packet_count; - u32 src_new_byte_count; - u32 dest_td_max_window; - u32 dest_td_end; - u32 dest_td_max_end; - u64 dest_packet_count; - u64 dest_byte_count; - u32 dest_new_packet_count; - u32 dest_new_byte_count; - u32 reason; /* reason for stats sync message, i.e. destroy, flush, period sync */ - u64 delta_jiffies; /* Time to be added to the current timeout to keep the connection alive */ -}; - -/* - * connection mark structure - */ -struct sfe_connection_mark { - int protocol; - sfe_ip_addr_t src_ip; - sfe_ip_addr_t dest_ip; - __be16 src_port; - __be16 dest_port; - u32 mark; -}; - -/* - * Expose the hook for the receive processing. - */ -extern int (*athrs_fast_nat_recv)(struct sk_buff *skb); - -/* - * Expose what should be a static flag in the TCP connection tracker. - */ -extern int nf_ct_tcp_no_window_check; - -/* - * This callback will be called in a timer - * at 100 times per second to sync stats back to - * Linux connection track. - * - * A RCU lock is taken to prevent this callback - * from unregistering. - */ -typedef void (*sfe_sync_rule_callback_t)(struct sfe_connection_sync *); - -/* - * IPv4 APIs used by connection manager - */ -int sfe_ipv4_recv(struct net_device *dev, struct sk_buff *skb); -int sfe_ipv4_create_rule(struct sfe_connection_create *sic); -void sfe_ipv4_destroy_rule(struct sfe_connection_destroy *sid); -void sfe_ipv4_destroy_all_rules_for_dev(struct net_device *dev); -void sfe_ipv4_register_sync_rule_callback(sfe_sync_rule_callback_t callback); -void sfe_ipv4_update_rule(struct sfe_connection_create *sic); -void sfe_ipv4_mark_rule(struct sfe_connection_mark *mark); - -#ifdef SFE_SUPPORT_IPV6 -/* - * IPv6 APIs used by connection manager - */ -int sfe_ipv6_recv(struct net_device *dev, struct sk_buff *skb); -int sfe_ipv6_create_rule(struct sfe_connection_create *sic); -void sfe_ipv6_destroy_rule(struct sfe_connection_destroy *sid); -void sfe_ipv6_destroy_all_rules_for_dev(struct net_device *dev); -void sfe_ipv6_register_sync_rule_callback(sfe_sync_rule_callback_t callback); -void sfe_ipv6_update_rule(struct sfe_connection_create *sic); -void sfe_ipv6_mark_rule(struct sfe_connection_mark *mark); -#else -static inline int sfe_ipv6_recv(struct net_device *dev, struct sk_buff *skb) -{ - return 0; -} - -static inline int sfe_ipv6_create_rule(struct sfe_connection_create *sic) -{ - return 0; -} - -static inline void sfe_ipv6_destroy_rule(struct sfe_connection_destroy *sid) -{ - return; -} - -static inline void sfe_ipv6_destroy_all_rules_for_dev(struct net_device *dev) -{ - return; -} - -static inline void sfe_ipv6_register_sync_rule_callback(sfe_sync_rule_callback_t callback) -{ - return; -} - -static inline void sfe_ipv6_update_rule(struct sfe_connection_create *sic) -{ - return; -} - -static inline void sfe_ipv6_mark_rule(struct sfe_connection_mark *mark) -{ - return; -} -#endif - -/* - * sfe_ipv6_addr_equal() - * compare ipv6 address - * - * return: 1, equal; 0, no equal - */ -static inline int sfe_ipv6_addr_equal(struct sfe_ipv6_addr *a, - struct sfe_ipv6_addr *b) -{ - return a->addr[0] == b->addr[0] && - a->addr[1] == b->addr[1] && - a->addr[2] == b->addr[2] && - a->addr[3] == b->addr[3]; -} - -/* - * sfe_ipv4_addr_equal() - * compare ipv4 address - * - * return: 1, equal; 0, no equal - */ -#define sfe_ipv4_addr_equal(a, b) ((u32)(a) == (u32)(b)) - -/* - * sfe_addr_equal() - * compare ipv4 or ipv6 address - * - * return: 1, equal; 0, no equal - */ -static inline int sfe_addr_equal(sfe_ip_addr_t *a, - sfe_ip_addr_t *b, int is_v4) -{ - return is_v4 ? sfe_ipv4_addr_equal(a->ip, b->ip) : sfe_ipv6_addr_equal(a->ip6, b->ip6); -} diff --git a/shortcut-fe/src/sfe_ipv4.c b/shortcut-fe/src/sfe_ipv4.c deleted file mode 100644 index 531456c05..000000000 --- a/shortcut-fe/src/sfe_ipv4.c +++ /dev/null @@ -1,3621 +0,0 @@ -/* - * sfe_ipv4.c - * Shortcut forwarding engine - IPv4 edition. - * - * Copyright (c) 2013-2016, 2019, The Linux Foundation. All rights reserved. - * Permission to use, copy, modify, and/or distribute this software for - * any purpose with or without fee is hereby granted, provided that the - * above copyright notice and this permission notice appear in all copies. - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT - * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include -#include -#include -#include -#include -#include -#include - -#include "sfe.h" -#include "sfe_cm.h" - -/* - * By default Linux IP header and transport layer header structures are - * unpacked, assuming that such headers should be 32-bit aligned. - * Unfortunately some wireless adaptors can't cope with this requirement and - * some CPUs can't handle misaligned accesses. For those platforms we - * define SFE_IPV4_UNALIGNED_IP_HEADER and mark the structures as packed. - * When we do this the compiler will generate slightly worse code than for the - * aligned case (on most platforms) but will be much quicker than fixing - * things up in an unaligned trap handler. - */ -#define SFE_IPV4_UNALIGNED_IP_HEADER 1 -#if SFE_IPV4_UNALIGNED_IP_HEADER -#define SFE_IPV4_UNALIGNED_STRUCT __attribute__((packed)) -#else -#define SFE_IPV4_UNALIGNED_STRUCT -#endif - -/* - * An Ethernet header, but with an optional "packed" attribute to - * help with performance on some platforms (see the definition of - * SFE_IPV4_UNALIGNED_STRUCT) - */ -struct sfe_ipv4_eth_hdr { - __be16 h_dest[ETH_ALEN / 2]; - __be16 h_source[ETH_ALEN / 2]; - __be16 h_proto; -} SFE_IPV4_UNALIGNED_STRUCT; - -#define SFE_IPV4_DSCP_MASK 0x3 -#define SFE_IPV4_DSCP_SHIFT 2 - -/* - * An IPv4 header, but with an optional "packed" attribute to - * help with performance on some platforms (see the definition of - * SFE_IPV4_UNALIGNED_STRUCT) - */ -struct sfe_ipv4_ip_hdr { -#if defined(__LITTLE_ENDIAN_BITFIELD) - __u8 ihl:4, - version:4; -#elif defined (__BIG_ENDIAN_BITFIELD) - __u8 version:4, - ihl:4; -#else -#error "Please fix " -#endif - __u8 tos; - __be16 tot_len; - __be16 id; - __be16 frag_off; - __u8 ttl; - __u8 protocol; - __sum16 check; - __be32 saddr; - __be32 daddr; - - /* - * The options start here. - */ -} SFE_IPV4_UNALIGNED_STRUCT; - -/* - * A UDP header, but with an optional "packed" attribute to - * help with performance on some platforms (see the definition of - * SFE_IPV4_UNALIGNED_STRUCT) - */ -struct sfe_ipv4_udp_hdr { - __be16 source; - __be16 dest; - __be16 len; - __sum16 check; -} SFE_IPV4_UNALIGNED_STRUCT; - -/* - * A TCP header, but with an optional "packed" attribute to - * help with performance on some platforms (see the definition of - * SFE_IPV4_UNALIGNED_STRUCT) - */ -struct sfe_ipv4_tcp_hdr { - __be16 source; - __be16 dest; - __be32 seq; - __be32 ack_seq; -#if defined(__LITTLE_ENDIAN_BITFIELD) - __u16 res1:4, - doff:4, - fin:1, - syn:1, - rst:1, - psh:1, - ack:1, - urg:1, - ece:1, - cwr:1; -#elif defined(__BIG_ENDIAN_BITFIELD) - __u16 doff:4, - res1:4, - cwr:1, - ece:1, - urg:1, - ack:1, - psh:1, - rst:1, - syn:1, - fin:1; -#else -#error "Adjust your defines" -#endif - __be16 window; - __sum16 check; - __be16 urg_ptr; -} SFE_IPV4_UNALIGNED_STRUCT; - -/* - * Specifies the lower bound on ACK numbers carried in the TCP header - */ -#define SFE_IPV4_TCP_MAX_ACK_WINDOW 65520 - -/* - * IPv4 TCP connection match additional data. - */ -struct sfe_ipv4_tcp_connection_match { - u8 win_scale; /* Window scale */ - u32 max_win; /* Maximum window size seen */ - u32 end; /* Sequence number of the next byte to send (seq + segment length) */ - u32 max_end; /* Sequence number of the last byte to ack */ -}; - -/* - * Bit flags for IPv4 connection matching entry. - */ -#define SFE_IPV4_CONNECTION_MATCH_FLAG_XLATE_SRC (1<<0) - /* Perform source translation */ -#define SFE_IPV4_CONNECTION_MATCH_FLAG_XLATE_DEST (1<<1) - /* Perform destination translation */ -#define SFE_IPV4_CONNECTION_MATCH_FLAG_NO_SEQ_CHECK (1<<2) - /* Ignore TCP sequence numbers */ -#define SFE_IPV4_CONNECTION_MATCH_FLAG_WRITE_FAST_ETH_HDR (1<<3) - /* Fast Ethernet header write */ -#define SFE_IPV4_CONNECTION_MATCH_FLAG_WRITE_L2_HDR (1<<4) - /* Fast Ethernet header write */ -#define SFE_IPV4_CONNECTION_MATCH_FLAG_PRIORITY_REMARK (1<<5) - /* remark priority of SKB */ -#define SFE_IPV4_CONNECTION_MATCH_FLAG_DSCP_REMARK (1<<6) - /* remark DSCP of packet */ - -/* - * IPv4 connection matching structure. - */ -struct sfe_ipv4_connection_match { - /* - * References to other objects. - */ - struct sfe_ipv4_connection_match *next; - struct sfe_ipv4_connection_match *prev; - struct sfe_ipv4_connection *connection; - struct sfe_ipv4_connection_match *counter_match; - /* Matches the flow in the opposite direction as the one in *connection */ - struct sfe_ipv4_connection_match *active_next; - struct sfe_ipv4_connection_match *active_prev; - bool active; /* Flag to indicate if we're on the active list */ - - /* - * Characteristics that identify flows that match this rule. - */ - struct net_device *match_dev; /* Network device */ - u8 match_protocol; /* Protocol */ - __be32 match_src_ip; /* Source IP address */ - __be32 match_dest_ip; /* Destination IP address */ - __be16 match_src_port; /* Source port/connection ident */ - __be16 match_dest_port; /* Destination port/connection ident */ - - /* - * Control the operations of the match. - */ - u32 flags; /* Bit flags */ -#ifdef CONFIG_NF_FLOW_COOKIE - u32 flow_cookie; /* used flow cookie, for debug */ -#endif -#ifdef CONFIG_XFRM - u32 flow_accel; /* The flow accelerated or not */ -#endif - - /* - * Connection state that we track once we match. - */ - union { /* Protocol-specific state */ - struct sfe_ipv4_tcp_connection_match tcp; - } protocol_state; - /* - * Stats recorded in a sync period. These stats will be added to - * rx_packet_count64/rx_byte_count64 after a sync period. - */ - u32 rx_packet_count; - u32 rx_byte_count; - - /* - * Packet translation information. - */ - __be32 xlate_src_ip; /* Address after source translation */ - __be16 xlate_src_port; /* Port/connection ident after source translation */ - u16 xlate_src_csum_adjustment; - /* Transport layer checksum adjustment after source translation */ - u16 xlate_src_partial_csum_adjustment; - /* Transport layer pseudo header checksum adjustment after source translation */ - - __be32 xlate_dest_ip; /* Address after destination translation */ - __be16 xlate_dest_port; /* Port/connection ident after destination translation */ - u16 xlate_dest_csum_adjustment; - /* Transport layer checksum adjustment after destination translation */ - u16 xlate_dest_partial_csum_adjustment; - /* Transport layer pseudo header checksum adjustment after destination translation */ - - /* - * QoS information - */ - u32 priority; - u32 dscp; - - /* - * Packet transmit information. - */ - struct net_device *xmit_dev; /* Network device on which to transmit */ - unsigned short int xmit_dev_mtu; - /* Interface MTU */ - u16 xmit_dest_mac[ETH_ALEN / 2]; - /* Destination MAC address to use when forwarding */ - u16 xmit_src_mac[ETH_ALEN / 2]; - /* Source MAC address to use when forwarding */ - - /* - * Summary stats. - */ - u64 rx_packet_count64; - u64 rx_byte_count64; -}; - -/* - * Per-connection data structure. - */ -struct sfe_ipv4_connection { - struct sfe_ipv4_connection *next; - /* Pointer to the next entry in a hash chain */ - struct sfe_ipv4_connection *prev; - /* Pointer to the previous entry in a hash chain */ - int protocol; /* IP protocol number */ - __be32 src_ip; /* Src IP addr pre-translation */ - __be32 src_ip_xlate; /* Src IP addr post-translation */ - __be32 dest_ip; /* Dest IP addr pre-translation */ - __be32 dest_ip_xlate; /* Dest IP addr post-translation */ - __be16 src_port; /* Src port pre-translation */ - __be16 src_port_xlate; /* Src port post-translation */ - __be16 dest_port; /* Dest port pre-translation */ - __be16 dest_port_xlate; /* Dest port post-translation */ - struct sfe_ipv4_connection_match *original_match; - /* Original direction matching structure */ - struct net_device *original_dev; - /* Original direction source device */ - struct sfe_ipv4_connection_match *reply_match; - /* Reply direction matching structure */ - struct net_device *reply_dev; /* Reply direction source device */ - u64 last_sync_jiffies; /* Jiffies count for the last sync */ - struct sfe_ipv4_connection *all_connections_next; - /* Pointer to the next entry in the list of all connections */ - struct sfe_ipv4_connection *all_connections_prev; - /* Pointer to the previous entry in the list of all connections */ - u32 mark; /* mark for outgoing packet */ - u32 debug_read_seq; /* sequence number for debug dump */ -}; - -/* - * IPv4 connections and hash table size information. - */ -#define SFE_IPV4_CONNECTION_HASH_SHIFT 12 -#define SFE_IPV4_CONNECTION_HASH_SIZE (1 << SFE_IPV4_CONNECTION_HASH_SHIFT) -#define SFE_IPV4_CONNECTION_HASH_MASK (SFE_IPV4_CONNECTION_HASH_SIZE - 1) - -#ifdef CONFIG_NF_FLOW_COOKIE -#define SFE_FLOW_COOKIE_SIZE 2048 -#define SFE_FLOW_COOKIE_MASK 0x7ff - -struct sfe_flow_cookie_entry { - struct sfe_ipv4_connection_match *match; - unsigned long last_clean_time; -}; -#endif - -enum sfe_ipv4_exception_events { - SFE_IPV4_EXCEPTION_EVENT_UDP_HEADER_INCOMPLETE, - SFE_IPV4_EXCEPTION_EVENT_UDP_NO_CONNECTION, - SFE_IPV4_EXCEPTION_EVENT_UDP_IP_OPTIONS_OR_INITIAL_FRAGMENT, - SFE_IPV4_EXCEPTION_EVENT_UDP_SMALL_TTL, - SFE_IPV4_EXCEPTION_EVENT_UDP_NEEDS_FRAGMENTATION, - SFE_IPV4_EXCEPTION_EVENT_TCP_HEADER_INCOMPLETE, - SFE_IPV4_EXCEPTION_EVENT_TCP_NO_CONNECTION_SLOW_FLAGS, - SFE_IPV4_EXCEPTION_EVENT_TCP_NO_CONNECTION_FAST_FLAGS, - SFE_IPV4_EXCEPTION_EVENT_TCP_IP_OPTIONS_OR_INITIAL_FRAGMENT, - SFE_IPV4_EXCEPTION_EVENT_TCP_SMALL_TTL, - SFE_IPV4_EXCEPTION_EVENT_TCP_NEEDS_FRAGMENTATION, - SFE_IPV4_EXCEPTION_EVENT_TCP_FLAGS, - SFE_IPV4_EXCEPTION_EVENT_TCP_SEQ_EXCEEDS_RIGHT_EDGE, - SFE_IPV4_EXCEPTION_EVENT_TCP_SMALL_DATA_OFFS, - SFE_IPV4_EXCEPTION_EVENT_TCP_BAD_SACK, - SFE_IPV4_EXCEPTION_EVENT_TCP_BIG_DATA_OFFS, - SFE_IPV4_EXCEPTION_EVENT_TCP_SEQ_BEFORE_LEFT_EDGE, - SFE_IPV4_EXCEPTION_EVENT_TCP_ACK_EXCEEDS_RIGHT_EDGE, - SFE_IPV4_EXCEPTION_EVENT_TCP_ACK_BEFORE_LEFT_EDGE, - SFE_IPV4_EXCEPTION_EVENT_ICMP_HEADER_INCOMPLETE, - SFE_IPV4_EXCEPTION_EVENT_ICMP_UNHANDLED_TYPE, - SFE_IPV4_EXCEPTION_EVENT_ICMP_IPV4_HEADER_INCOMPLETE, - SFE_IPV4_EXCEPTION_EVENT_ICMP_IPV4_NON_V4, - SFE_IPV4_EXCEPTION_EVENT_ICMP_IPV4_IP_OPTIONS_INCOMPLETE, - SFE_IPV4_EXCEPTION_EVENT_ICMP_IPV4_UDP_HEADER_INCOMPLETE, - SFE_IPV4_EXCEPTION_EVENT_ICMP_IPV4_TCP_HEADER_INCOMPLETE, - SFE_IPV4_EXCEPTION_EVENT_ICMP_IPV4_UNHANDLED_PROTOCOL, - SFE_IPV4_EXCEPTION_EVENT_ICMP_NO_CONNECTION, - SFE_IPV4_EXCEPTION_EVENT_ICMP_FLUSHED_CONNECTION, - SFE_IPV4_EXCEPTION_EVENT_HEADER_INCOMPLETE, - SFE_IPV4_EXCEPTION_EVENT_BAD_TOTAL_LENGTH, - SFE_IPV4_EXCEPTION_EVENT_NON_V4, - SFE_IPV4_EXCEPTION_EVENT_NON_INITIAL_FRAGMENT, - SFE_IPV4_EXCEPTION_EVENT_DATAGRAM_INCOMPLETE, - SFE_IPV4_EXCEPTION_EVENT_IP_OPTIONS_INCOMPLETE, - SFE_IPV4_EXCEPTION_EVENT_UNHANDLED_PROTOCOL, - SFE_IPV4_EXCEPTION_EVENT_CLONED_SKB_UNSHARE_ERROR, - SFE_IPV4_EXCEPTION_EVENT_LAST -}; - -static char *sfe_ipv4_exception_events_string[SFE_IPV4_EXCEPTION_EVENT_LAST] = { - "UDP_HEADER_INCOMPLETE", - "UDP_NO_CONNECTION", - "UDP_IP_OPTIONS_OR_INITIAL_FRAGMENT", - "UDP_SMALL_TTL", - "UDP_NEEDS_FRAGMENTATION", - "TCP_HEADER_INCOMPLETE", - "TCP_NO_CONNECTION_SLOW_FLAGS", - "TCP_NO_CONNECTION_FAST_FLAGS", - "TCP_IP_OPTIONS_OR_INITIAL_FRAGMENT", - "TCP_SMALL_TTL", - "TCP_NEEDS_FRAGMENTATION", - "TCP_FLAGS", - "TCP_SEQ_EXCEEDS_RIGHT_EDGE", - "TCP_SMALL_DATA_OFFS", - "TCP_BAD_SACK", - "TCP_BIG_DATA_OFFS", - "TCP_SEQ_BEFORE_LEFT_EDGE", - "TCP_ACK_EXCEEDS_RIGHT_EDGE", - "TCP_ACK_BEFORE_LEFT_EDGE", - "ICMP_HEADER_INCOMPLETE", - "ICMP_UNHANDLED_TYPE", - "ICMP_IPV4_HEADER_INCOMPLETE", - "ICMP_IPV4_NON_V4", - "ICMP_IPV4_IP_OPTIONS_INCOMPLETE", - "ICMP_IPV4_UDP_HEADER_INCOMPLETE", - "ICMP_IPV4_TCP_HEADER_INCOMPLETE", - "ICMP_IPV4_UNHANDLED_PROTOCOL", - "ICMP_NO_CONNECTION", - "ICMP_FLUSHED_CONNECTION", - "HEADER_INCOMPLETE", - "BAD_TOTAL_LENGTH", - "NON_V4", - "NON_INITIAL_FRAGMENT", - "DATAGRAM_INCOMPLETE", - "IP_OPTIONS_INCOMPLETE", - "UNHANDLED_PROTOCOL", - "CLONED_SKB_UNSHARE_ERROR" -}; - -/* - * Per-module structure. - */ -struct sfe_ipv4 { - spinlock_t lock; /* Lock for SMP correctness */ - struct sfe_ipv4_connection_match *active_head; - /* Head of the list of recently active connections */ - struct sfe_ipv4_connection_match *active_tail; - /* Tail of the list of recently active connections */ - struct sfe_ipv4_connection *all_connections_head; - /* Head of the list of all connections */ - struct sfe_ipv4_connection *all_connections_tail; - /* Tail of the list of all connections */ - unsigned int num_connections; /* Number of connections */ - struct timer_list timer; /* Timer used for periodic sync ops */ - sfe_sync_rule_callback_t __rcu sync_rule_callback; - /* Callback function registered by a connection manager for stats syncing */ - struct sfe_ipv4_connection *conn_hash[SFE_IPV4_CONNECTION_HASH_SIZE]; - /* Connection hash table */ - struct sfe_ipv4_connection_match *conn_match_hash[SFE_IPV4_CONNECTION_HASH_SIZE]; - /* Connection match hash table */ -#ifdef CONFIG_NF_FLOW_COOKIE - struct sfe_flow_cookie_entry sfe_flow_cookie_table[SFE_FLOW_COOKIE_SIZE]; - /* flow cookie table*/ - flow_cookie_set_func_t flow_cookie_set_func; - /* function used to configure flow cookie in hardware*/ - int flow_cookie_enable; - /* Enable/disable flow cookie at runtime */ -#endif - - /* - * Stats recorded in a sync period. These stats will be added to - * connection_xxx64 after a sync period. - */ - u32 connection_create_requests; - /* Number of IPv4 connection create requests */ - u32 connection_create_collisions; - /* Number of IPv4 connection create requests that collided with existing hash table entries */ - u32 connection_destroy_requests; - /* Number of IPv4 connection destroy requests */ - u32 connection_destroy_misses; - /* Number of IPv4 connection destroy requests that missed our hash table */ - u32 connection_match_hash_hits; - /* Number of IPv4 connection match hash hits */ - u32 connection_match_hash_reorders; - /* Number of IPv4 connection match hash reorders */ - u32 connection_flushes; /* Number of IPv4 connection flushes */ - u32 packets_forwarded; /* Number of IPv4 packets forwarded */ - u32 packets_not_forwarded; /* Number of IPv4 packets not forwarded */ - u32 exception_events[SFE_IPV4_EXCEPTION_EVENT_LAST]; - - /* - * Summary statistics. - */ - u64 connection_create_requests64; - /* Number of IPv4 connection create requests */ - u64 connection_create_collisions64; - /* Number of IPv4 connection create requests that collided with existing hash table entries */ - u64 connection_destroy_requests64; - /* Number of IPv4 connection destroy requests */ - u64 connection_destroy_misses64; - /* Number of IPv4 connection destroy requests that missed our hash table */ - u64 connection_match_hash_hits64; - /* Number of IPv4 connection match hash hits */ - u64 connection_match_hash_reorders64; - /* Number of IPv4 connection match hash reorders */ - u64 connection_flushes64; /* Number of IPv4 connection flushes */ - u64 packets_forwarded64; /* Number of IPv4 packets forwarded */ - u64 packets_not_forwarded64; - /* Number of IPv4 packets not forwarded */ - u64 exception_events64[SFE_IPV4_EXCEPTION_EVENT_LAST]; - - /* - * Control state. - */ - struct kobject *sys_sfe_ipv4; /* sysfs linkage */ - int debug_dev; /* Major number of the debug char device */ - u32 debug_read_seq; /* sequence number for debug dump */ -}; - -/* - * Enumeration of the XML output. - */ -enum sfe_ipv4_debug_xml_states { - SFE_IPV4_DEBUG_XML_STATE_START, - SFE_IPV4_DEBUG_XML_STATE_CONNECTIONS_START, - SFE_IPV4_DEBUG_XML_STATE_CONNECTIONS_CONNECTION, - SFE_IPV4_DEBUG_XML_STATE_CONNECTIONS_END, - SFE_IPV4_DEBUG_XML_STATE_EXCEPTIONS_START, - SFE_IPV4_DEBUG_XML_STATE_EXCEPTIONS_EXCEPTION, - SFE_IPV4_DEBUG_XML_STATE_EXCEPTIONS_END, - SFE_IPV4_DEBUG_XML_STATE_STATS, - SFE_IPV4_DEBUG_XML_STATE_END, - SFE_IPV4_DEBUG_XML_STATE_DONE -}; - -/* - * XML write state. - */ -struct sfe_ipv4_debug_xml_write_state { - enum sfe_ipv4_debug_xml_states state; - /* XML output file state machine state */ - int iter_exception; /* Next exception iterator */ -}; - -typedef bool (*sfe_ipv4_debug_xml_write_method_t)(struct sfe_ipv4 *si, char *buffer, char *msg, size_t *length, - int *total_read, struct sfe_ipv4_debug_xml_write_state *ws); - -static struct sfe_ipv4 __si; - -/* - * sfe_ipv4_gen_ip_csum() - * Generate the IP checksum for an IPv4 header. - * - * Note that this function assumes that we have only 20 bytes of IP header. - */ -static inline u16 sfe_ipv4_gen_ip_csum(struct sfe_ipv4_ip_hdr *iph) -{ - u32 sum; - u16 *i = (u16 *)iph; - - iph->check = 0; - - /* - * Generate the sum. - */ - sum = i[0] + i[1] + i[2] + i[3] + i[4] + i[5] + i[6] + i[7] + i[8] + i[9]; - - /* - * Fold it to ones-complement form. - */ - sum = (sum & 0xffff) + (sum >> 16); - sum = (sum & 0xffff) + (sum >> 16); - - return (u16)sum ^ 0xffff; -} - -/* - * sfe_ipv4_get_connection_match_hash() - * Generate the hash used in connection match lookups. - */ -static inline unsigned int sfe_ipv4_get_connection_match_hash(struct net_device *dev, u8 protocol, - __be32 src_ip, __be16 src_port, - __be32 dest_ip, __be16 dest_port) -{ - size_t dev_addr = (size_t)dev; - u32 hash = ((u32)dev_addr) ^ ntohl(src_ip ^ dest_ip) ^ protocol ^ ntohs(src_port ^ dest_port); - return ((hash >> SFE_IPV4_CONNECTION_HASH_SHIFT) ^ hash) & SFE_IPV4_CONNECTION_HASH_MASK; -} - -/* - * sfe_ipv4_find_sfe_ipv4_connection_match() - * Get the IPv4 flow match info that corresponds to a particular 5-tuple. - * - * On entry we must be holding the lock that protects the hash table. - */ -static struct sfe_ipv4_connection_match * -sfe_ipv4_find_sfe_ipv4_connection_match(struct sfe_ipv4 *si, struct net_device *dev, u8 protocol, - __be32 src_ip, __be16 src_port, - __be32 dest_ip, __be16 dest_port) -{ - struct sfe_ipv4_connection_match *cm; - struct sfe_ipv4_connection_match *head; - unsigned int conn_match_idx; - - conn_match_idx = sfe_ipv4_get_connection_match_hash(dev, protocol, src_ip, src_port, dest_ip, dest_port); - cm = si->conn_match_hash[conn_match_idx]; - - /* - * If we don't have anything in this chain then bail. - */ - if (unlikely(!cm)) { - return NULL; - } - - /* - * Hopefully the first entry is the one we want. - */ - if ((cm->match_src_port == src_port) - && (cm->match_dest_port == dest_port) - && (cm->match_src_ip == src_ip) - && (cm->match_dest_ip == dest_ip) - && (cm->match_protocol == protocol) - && (cm->match_dev == dev)) { - si->connection_match_hash_hits++; - return cm; - } - - /* - * Unfortunately we didn't find it at head, so we search it in chain and - * move matching entry to the top of the hash chain. We presume that this - * will be reused again very quickly. - */ - head = cm; - do { - cm = cm->next; - } while (cm && (cm->match_src_port != src_port - || cm->match_dest_port != dest_port - || cm->match_src_ip != src_ip - || cm->match_dest_ip != dest_ip - || cm->match_protocol != protocol - || cm->match_dev != dev)); - - /* - * Not found then we're done. - */ - if (unlikely(!cm)) { - return NULL; - } - - /* - * We found a match so move it. - */ - if (cm->next) { - cm->next->prev = cm->prev; - } - cm->prev->next = cm->next; - cm->prev = NULL; - cm->next = head; - head->prev = cm; - si->conn_match_hash[conn_match_idx] = cm; - si->connection_match_hash_reorders++; - - return cm; -} - -/* - * sfe_ipv4_connection_match_update_summary_stats() - * Update the summary stats for a connection match entry. - */ -static inline void sfe_ipv4_connection_match_update_summary_stats(struct sfe_ipv4_connection_match *cm) -{ - cm->rx_packet_count64 += cm->rx_packet_count; - cm->rx_packet_count = 0; - cm->rx_byte_count64 += cm->rx_byte_count; - cm->rx_byte_count = 0; -} - -/* - * sfe_ipv4_connection_match_compute_translations() - * Compute port and address translations for a connection match entry. - */ -static void sfe_ipv4_connection_match_compute_translations(struct sfe_ipv4_connection_match *cm) -{ - /* - * Before we insert the entry look to see if this is tagged as doing address - * translations. If it is then work out the adjustment that we need to apply - * to the transport checksum. - */ - if (cm->flags & SFE_IPV4_CONNECTION_MATCH_FLAG_XLATE_SRC) { - /* - * Precompute an incremental checksum adjustment so we can - * edit packets in this stream very quickly. The algorithm is from RFC1624. - */ - u16 src_ip_hi = cm->match_src_ip >> 16; - u16 src_ip_lo = cm->match_src_ip & 0xffff; - u32 xlate_src_ip = ~cm->xlate_src_ip; - u16 xlate_src_ip_hi = xlate_src_ip >> 16; - u16 xlate_src_ip_lo = xlate_src_ip & 0xffff; - u16 xlate_src_port = ~cm->xlate_src_port; - u32 adj; - - /* - * When we compute this fold it down to a 16-bit offset - * as that way we can avoid having to do a double - * folding of the twos-complement result because the - * addition of 2 16-bit values cannot cause a double - * wrap-around! - */ - adj = src_ip_hi + src_ip_lo + cm->match_src_port - + xlate_src_ip_hi + xlate_src_ip_lo + xlate_src_port; - adj = (adj & 0xffff) + (adj >> 16); - adj = (adj & 0xffff) + (adj >> 16); - cm->xlate_src_csum_adjustment = (u16)adj; - - } - - if (cm->flags & SFE_IPV4_CONNECTION_MATCH_FLAG_XLATE_DEST) { - /* - * Precompute an incremental checksum adjustment so we can - * edit packets in this stream very quickly. The algorithm is from RFC1624. - */ - u16 dest_ip_hi = cm->match_dest_ip >> 16; - u16 dest_ip_lo = cm->match_dest_ip & 0xffff; - u32 xlate_dest_ip = ~cm->xlate_dest_ip; - u16 xlate_dest_ip_hi = xlate_dest_ip >> 16; - u16 xlate_dest_ip_lo = xlate_dest_ip & 0xffff; - u16 xlate_dest_port = ~cm->xlate_dest_port; - u32 adj; - - /* - * When we compute this fold it down to a 16-bit offset - * as that way we can avoid having to do a double - * folding of the twos-complement result because the - * addition of 2 16-bit values cannot cause a double - * wrap-around! - */ - adj = dest_ip_hi + dest_ip_lo + cm->match_dest_port - + xlate_dest_ip_hi + xlate_dest_ip_lo + xlate_dest_port; - adj = (adj & 0xffff) + (adj >> 16); - adj = (adj & 0xffff) + (adj >> 16); - cm->xlate_dest_csum_adjustment = (u16)adj; - } - - if (cm->flags & SFE_IPV4_CONNECTION_MATCH_FLAG_XLATE_SRC) { - u32 adj = ~cm->match_src_ip + cm->xlate_src_ip; - if (adj < cm->xlate_src_ip) { - adj++; - } - - adj = (adj & 0xffff) + (adj >> 16); - adj = (adj & 0xffff) + (adj >> 16); - cm->xlate_src_partial_csum_adjustment = (u16)adj; - } - - if (cm->flags & SFE_IPV4_CONNECTION_MATCH_FLAG_XLATE_DEST) { - u32 adj = ~cm->match_dest_ip + cm->xlate_dest_ip; - if (adj < cm->xlate_dest_ip) { - adj++; - } - - adj = (adj & 0xffff) + (adj >> 16); - adj = (adj & 0xffff) + (adj >> 16); - cm->xlate_dest_partial_csum_adjustment = (u16)adj; - } - -} - -/* - * sfe_ipv4_update_summary_stats() - * Update the summary stats. - */ -static void sfe_ipv4_update_summary_stats(struct sfe_ipv4 *si) -{ - int i; - - si->connection_create_requests64 += si->connection_create_requests; - si->connection_create_requests = 0; - si->connection_create_collisions64 += si->connection_create_collisions; - si->connection_create_collisions = 0; - si->connection_destroy_requests64 += si->connection_destroy_requests; - si->connection_destroy_requests = 0; - si->connection_destroy_misses64 += si->connection_destroy_misses; - si->connection_destroy_misses = 0; - si->connection_match_hash_hits64 += si->connection_match_hash_hits; - si->connection_match_hash_hits = 0; - si->connection_match_hash_reorders64 += si->connection_match_hash_reorders; - si->connection_match_hash_reorders = 0; - si->connection_flushes64 += si->connection_flushes; - si->connection_flushes = 0; - si->packets_forwarded64 += si->packets_forwarded; - si->packets_forwarded = 0; - si->packets_not_forwarded64 += si->packets_not_forwarded; - si->packets_not_forwarded = 0; - - for (i = 0; i < SFE_IPV4_EXCEPTION_EVENT_LAST; i++) { - si->exception_events64[i] += si->exception_events[i]; - si->exception_events[i] = 0; - } -} - -/* - * sfe_ipv4_insert_sfe_ipv4_connection_match() - * Insert a connection match into the hash. - * - * On entry we must be holding the lock that protects the hash table. - */ -static inline void sfe_ipv4_insert_sfe_ipv4_connection_match(struct sfe_ipv4 *si, - struct sfe_ipv4_connection_match *cm) -{ - struct sfe_ipv4_connection_match **hash_head; - struct sfe_ipv4_connection_match *prev_head; - unsigned int conn_match_idx - = sfe_ipv4_get_connection_match_hash(cm->match_dev, cm->match_protocol, - cm->match_src_ip, cm->match_src_port, - cm->match_dest_ip, cm->match_dest_port); - - hash_head = &si->conn_match_hash[conn_match_idx]; - prev_head = *hash_head; - cm->prev = NULL; - if (prev_head) { - prev_head->prev = cm; - } - - cm->next = prev_head; - *hash_head = cm; - -#ifdef CONFIG_NF_FLOW_COOKIE - if (!si->flow_cookie_enable) - return; - - /* - * Configure hardware to put a flow cookie in packet of this flow, - * then we can accelerate the lookup process when we received this packet. - */ - for (conn_match_idx = 1; conn_match_idx < SFE_FLOW_COOKIE_SIZE; conn_match_idx++) { - struct sfe_flow_cookie_entry *entry = &si->sfe_flow_cookie_table[conn_match_idx]; - - if ((NULL == entry->match) && time_is_before_jiffies(entry->last_clean_time + HZ)) { - flow_cookie_set_func_t func; - - rcu_read_lock(); - func = rcu_dereference(si->flow_cookie_set_func); - if (func) { - if (!func(cm->match_protocol, cm->match_src_ip, cm->match_src_port, - cm->match_dest_ip, cm->match_dest_port, conn_match_idx)) { - entry->match = cm; - cm->flow_cookie = conn_match_idx; - } - } - rcu_read_unlock(); - - break; - } - } -#endif -} - -/* - * sfe_ipv4_remove_sfe_ipv4_connection_match() - * Remove a connection match object from the hash. - * - * On entry we must be holding the lock that protects the hash table. - */ -static inline void sfe_ipv4_remove_sfe_ipv4_connection_match(struct sfe_ipv4 *si, struct sfe_ipv4_connection_match *cm) -{ -#ifdef CONFIG_NF_FLOW_COOKIE - if (si->flow_cookie_enable) { - /* - * Tell hardware that we no longer need a flow cookie in packet of this flow - */ - unsigned int conn_match_idx; - - for (conn_match_idx = 1; conn_match_idx < SFE_FLOW_COOKIE_SIZE; conn_match_idx++) { - struct sfe_flow_cookie_entry *entry = &si->sfe_flow_cookie_table[conn_match_idx]; - - if (cm == entry->match) { - flow_cookie_set_func_t func; - - rcu_read_lock(); - func = rcu_dereference(si->flow_cookie_set_func); - if (func) { - func(cm->match_protocol, cm->match_src_ip, cm->match_src_port, - cm->match_dest_ip, cm->match_dest_port, 0); - } - rcu_read_unlock(); - - cm->flow_cookie = 0; - entry->match = NULL; - entry->last_clean_time = jiffies; - break; - } - } - } -#endif - - /* - * Unlink the connection match entry from the hash. - */ - if (cm->prev) { - cm->prev->next = cm->next; - } else { - unsigned int conn_match_idx - = sfe_ipv4_get_connection_match_hash(cm->match_dev, cm->match_protocol, - cm->match_src_ip, cm->match_src_port, - cm->match_dest_ip, cm->match_dest_port); - si->conn_match_hash[conn_match_idx] = cm->next; - } - - if (cm->next) { - cm->next->prev = cm->prev; - } - - /* - * If the connection match entry is in the active list remove it. - */ - if (cm->active) { - if (likely(cm->active_prev)) { - cm->active_prev->active_next = cm->active_next; - } else { - si->active_head = cm->active_next; - } - - if (likely(cm->active_next)) { - cm->active_next->active_prev = cm->active_prev; - } else { - si->active_tail = cm->active_prev; - } - } -} - -/* - * sfe_ipv4_get_connection_hash() - * Generate the hash used in connection lookups. - */ -static inline unsigned int sfe_ipv4_get_connection_hash(u8 protocol, __be32 src_ip, __be16 src_port, - __be32 dest_ip, __be16 dest_port) -{ - u32 hash = ntohl(src_ip ^ dest_ip) ^ protocol ^ ntohs(src_port ^ dest_port); - return ((hash >> SFE_IPV4_CONNECTION_HASH_SHIFT) ^ hash) & SFE_IPV4_CONNECTION_HASH_MASK; -} - -/* - * sfe_ipv4_find_sfe_ipv4_connection() - * Get the IPv4 connection info that corresponds to a particular 5-tuple. - * - * On entry we must be holding the lock that protects the hash table. - */ -static inline struct sfe_ipv4_connection *sfe_ipv4_find_sfe_ipv4_connection(struct sfe_ipv4 *si, u32 protocol, - __be32 src_ip, __be16 src_port, - __be32 dest_ip, __be16 dest_port) -{ - struct sfe_ipv4_connection *c; - unsigned int conn_idx = sfe_ipv4_get_connection_hash(protocol, src_ip, src_port, dest_ip, dest_port); - c = si->conn_hash[conn_idx]; - - /* - * If we don't have anything in this chain then bale. - */ - if (unlikely(!c)) { - return NULL; - } - - /* - * Hopefully the first entry is the one we want. - */ - if ((c->src_port == src_port) - && (c->dest_port == dest_port) - && (c->src_ip == src_ip) - && (c->dest_ip == dest_ip) - && (c->protocol == protocol)) { - return c; - } - - /* - * Unfortunately we didn't find it at head, so we search it in chain. - */ - do { - c = c->next; - } while (c && (c->src_port != src_port - || c->dest_port != dest_port - || c->src_ip != src_ip - || c->dest_ip != dest_ip - || c->protocol != protocol)); - - /* - * Will need connection entry for next create/destroy metadata, - * So no need to re-order entry for these requests - */ - return c; -} - -/* - * sfe_ipv4_mark_rule() - * Updates the mark for a current offloaded connection - * - * Will take hash lock upon entry - */ -void sfe_ipv4_mark_rule(struct sfe_connection_mark *mark) -{ - struct sfe_ipv4 *si = &__si; - struct sfe_ipv4_connection *c; - - spin_lock_bh(&si->lock); - c = sfe_ipv4_find_sfe_ipv4_connection(si, mark->protocol, - mark->src_ip.ip, mark->src_port, - mark->dest_ip.ip, mark->dest_port); - if (c) { - WARN_ON((0 != c->mark) && (0 == mark->mark)); - c->mark = mark->mark; - } - spin_unlock_bh(&si->lock); - - if (c) { - DEBUG_TRACE("Matching connection found for mark, " - "setting from %08x to %08x\n", - c->mark, mark->mark); - } -} - -/* - * sfe_ipv4_insert_sfe_ipv4_connection() - * Insert a connection into the hash. - * - * On entry we must be holding the lock that protects the hash table. - */ -static void sfe_ipv4_insert_sfe_ipv4_connection(struct sfe_ipv4 *si, struct sfe_ipv4_connection *c) -{ - struct sfe_ipv4_connection **hash_head; - struct sfe_ipv4_connection *prev_head; - unsigned int conn_idx; - - /* - * Insert entry into the connection hash. - */ - conn_idx = sfe_ipv4_get_connection_hash(c->protocol, c->src_ip, c->src_port, - c->dest_ip, c->dest_port); - hash_head = &si->conn_hash[conn_idx]; - prev_head = *hash_head; - c->prev = NULL; - if (prev_head) { - prev_head->prev = c; - } - - c->next = prev_head; - *hash_head = c; - - /* - * Insert entry into the "all connections" list. - */ - if (si->all_connections_tail) { - c->all_connections_prev = si->all_connections_tail; - si->all_connections_tail->all_connections_next = c; - } else { - c->all_connections_prev = NULL; - si->all_connections_head = c; - } - - si->all_connections_tail = c; - c->all_connections_next = NULL; - si->num_connections++; - - /* - * Insert the connection match objects too. - */ - sfe_ipv4_insert_sfe_ipv4_connection_match(si, c->original_match); - sfe_ipv4_insert_sfe_ipv4_connection_match(si, c->reply_match); -} - -/* - * sfe_ipv4_remove_sfe_ipv4_connection() - * Remove a sfe_ipv4_connection object from the hash. - * - * On entry we must be holding the lock that protects the hash table. - */ -static void sfe_ipv4_remove_sfe_ipv4_connection(struct sfe_ipv4 *si, struct sfe_ipv4_connection *c) -{ - /* - * Remove the connection match objects. - */ - sfe_ipv4_remove_sfe_ipv4_connection_match(si, c->reply_match); - sfe_ipv4_remove_sfe_ipv4_connection_match(si, c->original_match); - - /* - * Unlink the connection. - */ - if (c->prev) { - c->prev->next = c->next; - } else { - unsigned int conn_idx = sfe_ipv4_get_connection_hash(c->protocol, c->src_ip, c->src_port, - c->dest_ip, c->dest_port); - si->conn_hash[conn_idx] = c->next; - } - - if (c->next) { - c->next->prev = c->prev; - } - - /* - * Unlink connection from all_connections list - */ - if (c->all_connections_prev) { - c->all_connections_prev->all_connections_next = c->all_connections_next; - } else { - si->all_connections_head = c->all_connections_next; - } - - if (c->all_connections_next) { - c->all_connections_next->all_connections_prev = c->all_connections_prev; - } else { - si->all_connections_tail = c->all_connections_prev; - } - - si->num_connections--; -} - -/* - * sfe_ipv4_sync_sfe_ipv4_connection() - * Sync a connection. - * - * On entry to this function we expect that the lock for the connection is either - * already held or isn't required. - */ -static void sfe_ipv4_gen_sync_sfe_ipv4_connection(struct sfe_ipv4 *si, struct sfe_ipv4_connection *c, - struct sfe_connection_sync *sis, sfe_sync_reason_t reason, - u64 now_jiffies) -{ - struct sfe_ipv4_connection_match *original_cm; - struct sfe_ipv4_connection_match *reply_cm; - - /* - * Fill in the update message. - */ - sis->is_v6 = 0; - sis->protocol = c->protocol; - sis->src_ip.ip = c->src_ip; - sis->src_ip_xlate.ip = c->src_ip_xlate; - sis->dest_ip.ip = c->dest_ip; - sis->dest_ip_xlate.ip = c->dest_ip_xlate; - sis->src_port = c->src_port; - sis->src_port_xlate = c->src_port_xlate; - sis->dest_port = c->dest_port; - sis->dest_port_xlate = c->dest_port_xlate; - - original_cm = c->original_match; - reply_cm = c->reply_match; - sis->src_td_max_window = original_cm->protocol_state.tcp.max_win; - sis->src_td_end = original_cm->protocol_state.tcp.end; - sis->src_td_max_end = original_cm->protocol_state.tcp.max_end; - sis->dest_td_max_window = reply_cm->protocol_state.tcp.max_win; - sis->dest_td_end = reply_cm->protocol_state.tcp.end; - sis->dest_td_max_end = reply_cm->protocol_state.tcp.max_end; - - sis->src_new_packet_count = original_cm->rx_packet_count; - sis->src_new_byte_count = original_cm->rx_byte_count; - sis->dest_new_packet_count = reply_cm->rx_packet_count; - sis->dest_new_byte_count = reply_cm->rx_byte_count; - - sfe_ipv4_connection_match_update_summary_stats(original_cm); - sfe_ipv4_connection_match_update_summary_stats(reply_cm); - - sis->src_dev = original_cm->match_dev; - sis->src_packet_count = original_cm->rx_packet_count64; - sis->src_byte_count = original_cm->rx_byte_count64; - - sis->dest_dev = reply_cm->match_dev; - sis->dest_packet_count = reply_cm->rx_packet_count64; - sis->dest_byte_count = reply_cm->rx_byte_count64; - - sis->reason = reason; - - /* - * Get the time increment since our last sync. - */ - sis->delta_jiffies = now_jiffies - c->last_sync_jiffies; - c->last_sync_jiffies = now_jiffies; -} - -/* - * sfe_ipv4_flush_sfe_ipv4_connection() - * Flush a connection and free all associated resources. - * - * We need to be called with bottom halves disabled locally as we need to acquire - * the connection hash lock and release it again. In general we're actually called - * from within a BH and so we're fine, but we're also called when connections are - * torn down. - */ -static void sfe_ipv4_flush_sfe_ipv4_connection(struct sfe_ipv4 *si, - struct sfe_ipv4_connection *c, - sfe_sync_reason_t reason) -{ - struct sfe_connection_sync sis; - u64 now_jiffies; - sfe_sync_rule_callback_t sync_rule_callback; - - rcu_read_lock(); - spin_lock_bh(&si->lock); - si->connection_flushes++; - sync_rule_callback = rcu_dereference(si->sync_rule_callback); - spin_unlock_bh(&si->lock); - - if (sync_rule_callback) { - /* - * Generate a sync message and then sync. - */ - now_jiffies = get_jiffies_64(); - sfe_ipv4_gen_sync_sfe_ipv4_connection(si, c, &sis, reason, now_jiffies); - sync_rule_callback(&sis); - } - - rcu_read_unlock(); - - /* - * Release our hold of the source and dest devices and free the memory - * for our connection objects. - */ - dev_put(c->original_dev); - dev_put(c->reply_dev); - kfree(c->original_match); - kfree(c->reply_match); - kfree(c); -} - -/* - * sfe_ipv4_recv_udp() - * Handle UDP packet receives and forwarding. - */ -static int sfe_ipv4_recv_udp(struct sfe_ipv4 *si, struct sk_buff *skb, struct net_device *dev, - unsigned int len, struct sfe_ipv4_ip_hdr *iph, unsigned int ihl, bool flush_on_find) -{ - struct sfe_ipv4_udp_hdr *udph; - __be32 src_ip; - __be32 dest_ip; - __be16 src_port; - __be16 dest_port; - struct sfe_ipv4_connection_match *cm; - u8 ttl; - struct net_device *xmit_dev; - - /* - * Is our packet too short to contain a valid UDP header? - */ - if (unlikely(!pskb_may_pull(skb, (sizeof(struct sfe_ipv4_udp_hdr) + ihl)))) { - spin_lock_bh(&si->lock); - si->exception_events[SFE_IPV4_EXCEPTION_EVENT_UDP_HEADER_INCOMPLETE]++; - si->packets_not_forwarded++; - spin_unlock_bh(&si->lock); - - DEBUG_TRACE("packet too short for UDP header\n"); - return 0; - } - - /* - * Read the IP address and port information. Read the IP header data first - * because we've almost certainly got that in the cache. We may not yet have - * the UDP header cached though so allow more time for any prefetching. - */ - src_ip = iph->saddr; - dest_ip = iph->daddr; - - udph = (struct sfe_ipv4_udp_hdr *)(skb->data + ihl); - src_port = udph->source; - dest_port = udph->dest; - - spin_lock_bh(&si->lock); - - /* - * Look for a connection match. - */ -#ifdef CONFIG_NF_FLOW_COOKIE - cm = si->sfe_flow_cookie_table[skb->flow_cookie & SFE_FLOW_COOKIE_MASK].match; - if (unlikely(!cm)) { - cm = sfe_ipv4_find_sfe_ipv4_connection_match(si, dev, IPPROTO_UDP, src_ip, src_port, dest_ip, dest_port); - } -#else - cm = sfe_ipv4_find_sfe_ipv4_connection_match(si, dev, IPPROTO_UDP, src_ip, src_port, dest_ip, dest_port); -#endif - if (unlikely(!cm)) { - si->exception_events[SFE_IPV4_EXCEPTION_EVENT_UDP_NO_CONNECTION]++; - si->packets_not_forwarded++; - spin_unlock_bh(&si->lock); - - DEBUG_TRACE("no connection found\n"); - return 0; - } - - /* - * If our packet has beern marked as "flush on find" we can't actually - * forward it in the fast path, but now that we've found an associated - * connection we can flush that out before we process the packet. - */ - if (unlikely(flush_on_find)) { - struct sfe_ipv4_connection *c = cm->connection; - sfe_ipv4_remove_sfe_ipv4_connection(si, c); - si->exception_events[SFE_IPV4_EXCEPTION_EVENT_UDP_IP_OPTIONS_OR_INITIAL_FRAGMENT]++; - si->packets_not_forwarded++; - spin_unlock_bh(&si->lock); - - DEBUG_TRACE("flush on find\n"); - sfe_ipv4_flush_sfe_ipv4_connection(si, c, SFE_SYNC_REASON_FLUSH); - return 0; - } - -#ifdef CONFIG_XFRM - /* - * We can't accelerate the flow on this direction, just let it go - * through the slow path. - */ - if (unlikely(!cm->flow_accel)) { - si->packets_not_forwarded++; - spin_unlock_bh(&si->lock); - return 0; - } -#endif - - /* - * Does our TTL allow forwarding? - */ - ttl = iph->ttl; - if (unlikely(ttl < 2)) { - struct sfe_ipv4_connection *c = cm->connection; - sfe_ipv4_remove_sfe_ipv4_connection(si, c); - si->exception_events[SFE_IPV4_EXCEPTION_EVENT_UDP_SMALL_TTL]++; - si->packets_not_forwarded++; - spin_unlock_bh(&si->lock); - - DEBUG_TRACE("ttl too low\n"); - sfe_ipv4_flush_sfe_ipv4_connection(si, c, SFE_SYNC_REASON_FLUSH); - return 0; - } - - /* - * If our packet is larger than the MTU of the transmit interface then - * we can't forward it easily. - */ - if (unlikely(len > cm->xmit_dev_mtu)) { - struct sfe_ipv4_connection *c = cm->connection; - sfe_ipv4_remove_sfe_ipv4_connection(si, c); - si->exception_events[SFE_IPV4_EXCEPTION_EVENT_UDP_NEEDS_FRAGMENTATION]++; - si->packets_not_forwarded++; - spin_unlock_bh(&si->lock); - - DEBUG_TRACE("larger than mtu\n"); - sfe_ipv4_flush_sfe_ipv4_connection(si, c, SFE_SYNC_REASON_FLUSH); - return 0; - } - - /* - * From this point on we're good to modify the packet. - */ - - /* - * Check if skb was cloned. If it was, unshare it. Because - * the data area is going to be written in this path and we don't want to - * change the cloned skb's data section. - */ - if (unlikely(skb_cloned(skb))) { - DEBUG_TRACE("%p: skb is a cloned skb\n", skb); - skb = skb_unshare(skb, GFP_ATOMIC); - if (!skb) { - DEBUG_WARN("Failed to unshare the cloned skb\n"); - si->exception_events[SFE_IPV4_EXCEPTION_EVENT_CLONED_SKB_UNSHARE_ERROR]++; - si->packets_not_forwarded++; - spin_unlock_bh(&si->lock); - - return 0; - } - - /* - * Update the iph and udph pointers with the unshared skb's data area. - */ - iph = (struct sfe_ipv4_ip_hdr *)skb->data; - udph = (struct sfe_ipv4_udp_hdr *)(skb->data + ihl); - } - - /* - * Update DSCP - */ - if (unlikely(cm->flags & SFE_IPV4_CONNECTION_MATCH_FLAG_DSCP_REMARK)) { - iph->tos = (iph->tos & SFE_IPV4_DSCP_MASK) | cm->dscp; - } - - /* - * Decrement our TTL. - */ - iph->ttl = ttl - 1; - - /* - * Do we have to perform translations of the source address/port? - */ - if (unlikely(cm->flags & SFE_IPV4_CONNECTION_MATCH_FLAG_XLATE_SRC)) { - u16 udp_csum; - - iph->saddr = cm->xlate_src_ip; - udph->source = cm->xlate_src_port; - - /* - * Do we have a non-zero UDP checksum? If we do then we need - * to update it. - */ - udp_csum = udph->check; - if (likely(udp_csum)) { - u32 sum; - - if (unlikely(skb->ip_summed == CHECKSUM_PARTIAL)) { - sum = udp_csum + cm->xlate_src_partial_csum_adjustment; - } else { - sum = udp_csum + cm->xlate_src_csum_adjustment; - } - - sum = (sum & 0xffff) + (sum >> 16); - udph->check = (u16)sum; - } - } - - /* - * Do we have to perform translations of the destination address/port? - */ - if (unlikely(cm->flags & SFE_IPV4_CONNECTION_MATCH_FLAG_XLATE_DEST)) { - u16 udp_csum; - - iph->daddr = cm->xlate_dest_ip; - udph->dest = cm->xlate_dest_port; - - /* - * Do we have a non-zero UDP checksum? If we do then we need - * to update it. - */ - udp_csum = udph->check; - if (likely(udp_csum)) { - u32 sum; - - if (unlikely(skb->ip_summed == CHECKSUM_PARTIAL)) { - sum = udp_csum + cm->xlate_dest_partial_csum_adjustment; - } else { - sum = udp_csum + cm->xlate_dest_csum_adjustment; - } - - sum = (sum & 0xffff) + (sum >> 16); - udph->check = (u16)sum; - } - } - - /* - * Replace the IP checksum. - */ - iph->check = sfe_ipv4_gen_ip_csum(iph); - - /* - * Update traffic stats. - */ - cm->rx_packet_count++; - cm->rx_byte_count += len; - - /* - * If we're not already on the active list then insert ourselves at the tail - * of the current list. - */ - if (unlikely(!cm->active)) { - cm->active = true; - cm->active_prev = si->active_tail; - if (likely(si->active_tail)) { - si->active_tail->active_next = cm; - } else { - si->active_head = cm; - } - si->active_tail = cm; - } - - xmit_dev = cm->xmit_dev; - skb->dev = xmit_dev; - - /* - * Check to see if we need to write a header. - */ - if (likely(cm->flags & SFE_IPV4_CONNECTION_MATCH_FLAG_WRITE_L2_HDR)) { - if (unlikely(!(cm->flags & SFE_IPV4_CONNECTION_MATCH_FLAG_WRITE_FAST_ETH_HDR))) { - dev_hard_header(skb, xmit_dev, ETH_P_IP, - cm->xmit_dest_mac, cm->xmit_src_mac, len); - } else { - /* - * For the simple case we write this really fast. - */ - struct sfe_ipv4_eth_hdr *eth = (struct sfe_ipv4_eth_hdr *)__skb_push(skb, ETH_HLEN); - eth->h_proto = htons(ETH_P_IP); - eth->h_dest[0] = cm->xmit_dest_mac[0]; - eth->h_dest[1] = cm->xmit_dest_mac[1]; - eth->h_dest[2] = cm->xmit_dest_mac[2]; - eth->h_source[0] = cm->xmit_src_mac[0]; - eth->h_source[1] = cm->xmit_src_mac[1]; - eth->h_source[2] = cm->xmit_src_mac[2]; - } - } - - /* - * Update priority of skb. - */ - if (unlikely(cm->flags & SFE_IPV4_CONNECTION_MATCH_FLAG_PRIORITY_REMARK)) { - skb->priority = cm->priority; - } - - /* - * Mark outgoing packet. - */ - skb->mark = cm->connection->mark; - if (skb->mark) { - DEBUG_TRACE("SKB MARK is NON ZERO %x\n", skb->mark); - } - - si->packets_forwarded++; - spin_unlock_bh(&si->lock); - - /* - * We're going to check for GSO flags when we transmit the packet so - * start fetching the necessary cache line now. - */ - prefetch(skb_shinfo(skb)); - - /* - * Mark that this packet has been fast forwarded. - */ - skb->fast_forwarded = 1; - - /* - * Send the packet on its way. - */ - dev_queue_xmit(skb); - - return 1; -} - -/* - * sfe_ipv4_process_tcp_option_sack() - * Parse TCP SACK option and update ack according - */ -static bool sfe_ipv4_process_tcp_option_sack(const struct sfe_ipv4_tcp_hdr *th, const u32 data_offs, - u32 *ack) -{ - u32 length = sizeof(struct sfe_ipv4_tcp_hdr); - u8 *ptr = (u8 *)th + length; - - /* - * Ignore processing if TCP packet has only TIMESTAMP option. - */ - if (likely(data_offs == length + TCPOLEN_TIMESTAMP + 1 + 1) - && likely(ptr[0] == TCPOPT_NOP) - && likely(ptr[1] == TCPOPT_NOP) - && likely(ptr[2] == TCPOPT_TIMESTAMP) - && likely(ptr[3] == TCPOLEN_TIMESTAMP)) { - return true; - } - - /* - * TCP options. Parse SACK option. - */ - while (length < data_offs) { - u8 size; - u8 kind; - - ptr = (u8 *)th + length; - kind = *ptr; - - /* - * NOP, for padding - * Not in the switch because to fast escape and to not calculate size - */ - if (kind == TCPOPT_NOP) { - length++; - continue; - } - - if (kind == TCPOPT_SACK) { - u32 sack = 0; - u8 re = 1 + 1; - - size = *(ptr + 1); - if ((size < (1 + 1 + TCPOLEN_SACK_PERBLOCK)) - || ((size - (1 + 1)) % (TCPOLEN_SACK_PERBLOCK)) - || (size > (data_offs - length))) { - return false; - } - - re += 4; - while (re < size) { - u32 sack_re; - u8 *sptr = ptr + re; - sack_re = (sptr[0] << 24) | (sptr[1] << 16) | (sptr[2] << 8) | sptr[3]; - if (sack_re > sack) { - sack = sack_re; - } - re += TCPOLEN_SACK_PERBLOCK; - } - if (sack > *ack) { - *ack = sack; - } - length += size; - continue; - } - if (kind == TCPOPT_EOL) { - return true; - } - size = *(ptr + 1); - if (size < 2) { - return false; - } - length += size; - } - - return true; -} - -/* - * sfe_ipv4_recv_tcp() - * Handle TCP packet receives and forwarding. - */ -static int sfe_ipv4_recv_tcp(struct sfe_ipv4 *si, struct sk_buff *skb, struct net_device *dev, - unsigned int len, struct sfe_ipv4_ip_hdr *iph, unsigned int ihl, bool flush_on_find) -{ - struct sfe_ipv4_tcp_hdr *tcph; - __be32 src_ip; - __be32 dest_ip; - __be16 src_port; - __be16 dest_port; - struct sfe_ipv4_connection_match *cm; - struct sfe_ipv4_connection_match *counter_cm; - u8 ttl; - u32 flags; - struct net_device *xmit_dev; - - /* - * Is our packet too short to contain a valid UDP header? - */ - if (unlikely(!pskb_may_pull(skb, (sizeof(struct sfe_ipv4_tcp_hdr) + ihl)))) { - spin_lock_bh(&si->lock); - si->exception_events[SFE_IPV4_EXCEPTION_EVENT_TCP_HEADER_INCOMPLETE]++; - si->packets_not_forwarded++; - spin_unlock_bh(&si->lock); - - DEBUG_TRACE("packet too short for TCP header\n"); - return 0; - } - - /* - * Read the IP address and port information. Read the IP header data first - * because we've almost certainly got that in the cache. We may not yet have - * the TCP header cached though so allow more time for any prefetching. - */ - src_ip = iph->saddr; - dest_ip = iph->daddr; - - tcph = (struct sfe_ipv4_tcp_hdr *)(skb->data + ihl); - src_port = tcph->source; - dest_port = tcph->dest; - flags = tcp_flag_word(tcph); - - spin_lock_bh(&si->lock); - - /* - * Look for a connection match. - */ -#ifdef CONFIG_NF_FLOW_COOKIE - cm = si->sfe_flow_cookie_table[skb->flow_cookie & SFE_FLOW_COOKIE_MASK].match; - if (unlikely(!cm)) { - cm = sfe_ipv4_find_sfe_ipv4_connection_match(si, dev, IPPROTO_TCP, src_ip, src_port, dest_ip, dest_port); - } -#else - cm = sfe_ipv4_find_sfe_ipv4_connection_match(si, dev, IPPROTO_TCP, src_ip, src_port, dest_ip, dest_port); -#endif - if (unlikely(!cm)) { - /* - * We didn't get a connection but as TCP is connection-oriented that - * may be because this is a non-fast connection (not running established). - * For diagnostic purposes we differentiate this here. - */ - if (likely((flags & (TCP_FLAG_SYN | TCP_FLAG_RST | TCP_FLAG_FIN | TCP_FLAG_ACK)) == TCP_FLAG_ACK)) { - si->exception_events[SFE_IPV4_EXCEPTION_EVENT_TCP_NO_CONNECTION_FAST_FLAGS]++; - si->packets_not_forwarded++; - spin_unlock_bh(&si->lock); - - DEBUG_TRACE("no connection found - fast flags\n"); - return 0; - } - si->exception_events[SFE_IPV4_EXCEPTION_EVENT_TCP_NO_CONNECTION_SLOW_FLAGS]++; - si->packets_not_forwarded++; - spin_unlock_bh(&si->lock); - - DEBUG_TRACE("no connection found - slow flags: 0x%x\n", - flags & (TCP_FLAG_SYN | TCP_FLAG_RST | TCP_FLAG_FIN | TCP_FLAG_ACK)); - return 0; - } - - /* - * If our packet has beern marked as "flush on find" we can't actually - * forward it in the fast path, but now that we've found an associated - * connection we can flush that out before we process the packet. - */ - if (unlikely(flush_on_find)) { - struct sfe_ipv4_connection *c = cm->connection; - sfe_ipv4_remove_sfe_ipv4_connection(si, c); - si->exception_events[SFE_IPV4_EXCEPTION_EVENT_TCP_IP_OPTIONS_OR_INITIAL_FRAGMENT]++; - si->packets_not_forwarded++; - spin_unlock_bh(&si->lock); - - DEBUG_TRACE("flush on find\n"); - sfe_ipv4_flush_sfe_ipv4_connection(si, c, SFE_SYNC_REASON_FLUSH); - return 0; - } - -#ifdef CONFIG_XFRM - /* - * We can't accelerate the flow on this direction, just let it go - * through the slow path. - */ - if (unlikely(!cm->flow_accel)) { - si->packets_not_forwarded++; - spin_unlock_bh(&si->lock); - return 0; - } -#endif - /* - * Does our TTL allow forwarding? - */ - ttl = iph->ttl; - if (unlikely(ttl < 2)) { - struct sfe_ipv4_connection *c = cm->connection; - sfe_ipv4_remove_sfe_ipv4_connection(si, c); - si->exception_events[SFE_IPV4_EXCEPTION_EVENT_TCP_SMALL_TTL]++; - si->packets_not_forwarded++; - spin_unlock_bh(&si->lock); - - DEBUG_TRACE("ttl too low\n"); - sfe_ipv4_flush_sfe_ipv4_connection(si, c, SFE_SYNC_REASON_FLUSH); - return 0; - } - - /* - * If our packet is larger than the MTU of the transmit interface then - * we can't forward it easily. - */ - if (unlikely((len > cm->xmit_dev_mtu) && !skb_is_gso(skb))) { - struct sfe_ipv4_connection *c = cm->connection; - sfe_ipv4_remove_sfe_ipv4_connection(si, c); - si->exception_events[SFE_IPV4_EXCEPTION_EVENT_TCP_NEEDS_FRAGMENTATION]++; - si->packets_not_forwarded++; - spin_unlock_bh(&si->lock); - - DEBUG_TRACE("larger than mtu\n"); - sfe_ipv4_flush_sfe_ipv4_connection(si, c, SFE_SYNC_REASON_FLUSH); - return 0; - } - - /* - * Look at our TCP flags. Anything missing an ACK or that has RST, SYN or FIN - * set is not a fast path packet. - */ - if (unlikely((flags & (TCP_FLAG_SYN | TCP_FLAG_RST | TCP_FLAG_FIN | TCP_FLAG_ACK)) != TCP_FLAG_ACK)) { - struct sfe_ipv4_connection *c = cm->connection; - sfe_ipv4_remove_sfe_ipv4_connection(si, c); - si->exception_events[SFE_IPV4_EXCEPTION_EVENT_TCP_FLAGS]++; - si->packets_not_forwarded++; - spin_unlock_bh(&si->lock); - - DEBUG_TRACE("TCP flags: 0x%x are not fast\n", - flags & (TCP_FLAG_SYN | TCP_FLAG_RST | TCP_FLAG_FIN | TCP_FLAG_ACK)); - sfe_ipv4_flush_sfe_ipv4_connection(si, c, SFE_SYNC_REASON_FLUSH); - return 0; - } - - counter_cm = cm->counter_match; - - /* - * Are we doing sequence number checking? - */ - if (likely(!(cm->flags & SFE_IPV4_CONNECTION_MATCH_FLAG_NO_SEQ_CHECK))) { - u32 seq; - u32 ack; - u32 sack; - u32 data_offs; - u32 end; - u32 left_edge; - u32 scaled_win; - u32 max_end; - - /* - * Is our sequence fully past the right hand edge of the window? - */ - seq = ntohl(tcph->seq); - if (unlikely((s32)(seq - (cm->protocol_state.tcp.max_end + 1)) > 0)) { - struct sfe_ipv4_connection *c = cm->connection; - sfe_ipv4_remove_sfe_ipv4_connection(si, c); - si->exception_events[SFE_IPV4_EXCEPTION_EVENT_TCP_SEQ_EXCEEDS_RIGHT_EDGE]++; - si->packets_not_forwarded++; - spin_unlock_bh(&si->lock); - - DEBUG_TRACE("seq: %u exceeds right edge: %u\n", - seq, cm->protocol_state.tcp.max_end + 1); - sfe_ipv4_flush_sfe_ipv4_connection(si, c, SFE_SYNC_REASON_FLUSH); - return 0; - } - - /* - * Check that our TCP data offset isn't too short. - */ - data_offs = tcph->doff << 2; - if (unlikely(data_offs < sizeof(struct sfe_ipv4_tcp_hdr))) { - struct sfe_ipv4_connection *c = cm->connection; - sfe_ipv4_remove_sfe_ipv4_connection(si, c); - si->exception_events[SFE_IPV4_EXCEPTION_EVENT_TCP_SMALL_DATA_OFFS]++; - si->packets_not_forwarded++; - spin_unlock_bh(&si->lock); - - DEBUG_TRACE("TCP data offset: %u, too small\n", data_offs); - sfe_ipv4_flush_sfe_ipv4_connection(si, c, SFE_SYNC_REASON_FLUSH); - return 0; - } - - /* - * Update ACK according to any SACK option. - */ - ack = ntohl(tcph->ack_seq); - sack = ack; - if (unlikely(!sfe_ipv4_process_tcp_option_sack(tcph, data_offs, &sack))) { - struct sfe_ipv4_connection *c = cm->connection; - sfe_ipv4_remove_sfe_ipv4_connection(si, c); - si->exception_events[SFE_IPV4_EXCEPTION_EVENT_TCP_BAD_SACK]++; - si->packets_not_forwarded++; - spin_unlock_bh(&si->lock); - - DEBUG_TRACE("TCP option SACK size is wrong\n"); - sfe_ipv4_flush_sfe_ipv4_connection(si, c, SFE_SYNC_REASON_FLUSH); - return 0; - } - - /* - * Check that our TCP data offset isn't past the end of the packet. - */ - data_offs += sizeof(struct sfe_ipv4_ip_hdr); - if (unlikely(len < data_offs)) { - struct sfe_ipv4_connection *c = cm->connection; - sfe_ipv4_remove_sfe_ipv4_connection(si, c); - si->exception_events[SFE_IPV4_EXCEPTION_EVENT_TCP_BIG_DATA_OFFS]++; - si->packets_not_forwarded++; - spin_unlock_bh(&si->lock); - - DEBUG_TRACE("TCP data offset: %u, past end of packet: %u\n", - data_offs, len); - sfe_ipv4_flush_sfe_ipv4_connection(si, c, SFE_SYNC_REASON_FLUSH); - return 0; - } - - end = seq + len - data_offs; - - /* - * Is our sequence fully before the left hand edge of the window? - */ - if (unlikely((s32)(end - (cm->protocol_state.tcp.end - - counter_cm->protocol_state.tcp.max_win - 1)) < 0)) { - struct sfe_ipv4_connection *c = cm->connection; - sfe_ipv4_remove_sfe_ipv4_connection(si, c); - si->exception_events[SFE_IPV4_EXCEPTION_EVENT_TCP_SEQ_BEFORE_LEFT_EDGE]++; - si->packets_not_forwarded++; - spin_unlock_bh(&si->lock); - - DEBUG_TRACE("seq: %u before left edge: %u\n", - end, cm->protocol_state.tcp.end - counter_cm->protocol_state.tcp.max_win - 1); - sfe_ipv4_flush_sfe_ipv4_connection(si, c, SFE_SYNC_REASON_FLUSH); - return 0; - } - - /* - * Are we acking data that is to the right of what has been sent? - */ - if (unlikely((s32)(sack - (counter_cm->protocol_state.tcp.end + 1)) > 0)) { - struct sfe_ipv4_connection *c = cm->connection; - sfe_ipv4_remove_sfe_ipv4_connection(si, c); - si->exception_events[SFE_IPV4_EXCEPTION_EVENT_TCP_ACK_EXCEEDS_RIGHT_EDGE]++; - si->packets_not_forwarded++; - spin_unlock_bh(&si->lock); - - DEBUG_TRACE("ack: %u exceeds right edge: %u\n", - sack, counter_cm->protocol_state.tcp.end + 1); - sfe_ipv4_flush_sfe_ipv4_connection(si, c, SFE_SYNC_REASON_FLUSH); - return 0; - } - - /* - * Is our ack too far before the left hand edge of the window? - */ - left_edge = counter_cm->protocol_state.tcp.end - - cm->protocol_state.tcp.max_win - - SFE_IPV4_TCP_MAX_ACK_WINDOW - - 1; - if (unlikely((s32)(sack - left_edge) < 0)) { - struct sfe_ipv4_connection *c = cm->connection; - sfe_ipv4_remove_sfe_ipv4_connection(si, c); - si->exception_events[SFE_IPV4_EXCEPTION_EVENT_TCP_ACK_BEFORE_LEFT_EDGE]++; - si->packets_not_forwarded++; - spin_unlock_bh(&si->lock); - - DEBUG_TRACE("ack: %u before left edge: %u\n", sack, left_edge); - sfe_ipv4_flush_sfe_ipv4_connection(si, c, SFE_SYNC_REASON_FLUSH); - return 0; - } - - /* - * Have we just seen the largest window size yet for this connection? If yes - * then we need to record the new value. - */ - scaled_win = ntohs(tcph->window) << cm->protocol_state.tcp.win_scale; - scaled_win += (sack - ack); - if (unlikely(cm->protocol_state.tcp.max_win < scaled_win)) { - cm->protocol_state.tcp.max_win = scaled_win; - } - - /* - * If our sequence and/or ack numbers have advanced then record the new state. - */ - if (likely((s32)(end - cm->protocol_state.tcp.end) >= 0)) { - cm->protocol_state.tcp.end = end; - } - - max_end = sack + scaled_win; - if (likely((s32)(max_end - counter_cm->protocol_state.tcp.max_end) >= 0)) { - counter_cm->protocol_state.tcp.max_end = max_end; - } - } - - /* - * From this point on we're good to modify the packet. - */ - - /* - * Check if skb was cloned. If it was, unshare it. Because - * the data area is going to be written in this path and we don't want to - * change the cloned skb's data section. - */ - if (unlikely(skb_cloned(skb))) { - DEBUG_TRACE("%p: skb is a cloned skb\n", skb); - skb = skb_unshare(skb, GFP_ATOMIC); - if (!skb) { - DEBUG_WARN("Failed to unshare the cloned skb\n"); - si->exception_events[SFE_IPV4_EXCEPTION_EVENT_CLONED_SKB_UNSHARE_ERROR]++; - si->packets_not_forwarded++; - spin_unlock_bh(&si->lock); - - return 0; - } - - /* - * Update the iph and tcph pointers with the unshared skb's data area. - */ - iph = (struct sfe_ipv4_ip_hdr *)skb->data; - tcph = (struct sfe_ipv4_tcp_hdr *)(skb->data + ihl); - } - - /* - * Update DSCP - */ - if (unlikely(cm->flags & SFE_IPV4_CONNECTION_MATCH_FLAG_DSCP_REMARK)) { - iph->tos = (iph->tos & SFE_IPV4_DSCP_MASK) | cm->dscp; - } - - /* - * Decrement our TTL. - */ - iph->ttl = ttl - 1; - - /* - * Do we have to perform translations of the source address/port? - */ - if (unlikely(cm->flags & SFE_IPV4_CONNECTION_MATCH_FLAG_XLATE_SRC)) { - u16 tcp_csum; - u32 sum; - - iph->saddr = cm->xlate_src_ip; - tcph->source = cm->xlate_src_port; - - /* - * Do we have a non-zero UDP checksum? If we do then we need - * to update it. - */ - tcp_csum = tcph->check; - if (unlikely(skb->ip_summed == CHECKSUM_PARTIAL)) { - sum = tcp_csum + cm->xlate_src_partial_csum_adjustment; - } else { - sum = tcp_csum + cm->xlate_src_csum_adjustment; - } - - sum = (sum & 0xffff) + (sum >> 16); - tcph->check = (u16)sum; - } - - /* - * Do we have to perform translations of the destination address/port? - */ - if (unlikely(cm->flags & SFE_IPV4_CONNECTION_MATCH_FLAG_XLATE_DEST)) { - u16 tcp_csum; - u32 sum; - - iph->daddr = cm->xlate_dest_ip; - tcph->dest = cm->xlate_dest_port; - - /* - * Do we have a non-zero UDP checksum? If we do then we need - * to update it. - */ - tcp_csum = tcph->check; - if (unlikely(skb->ip_summed == CHECKSUM_PARTIAL)) { - sum = tcp_csum + cm->xlate_dest_partial_csum_adjustment; - } else { - sum = tcp_csum + cm->xlate_dest_csum_adjustment; - } - - sum = (sum & 0xffff) + (sum >> 16); - tcph->check = (u16)sum; - } - - /* - * Replace the IP checksum. - */ - iph->check = sfe_ipv4_gen_ip_csum(iph); - - /* - * Update traffic stats. - */ - cm->rx_packet_count++; - cm->rx_byte_count += len; - - /* - * If we're not already on the active list then insert ourselves at the tail - * of the current list. - */ - if (unlikely(!cm->active)) { - cm->active = true; - cm->active_prev = si->active_tail; - if (likely(si->active_tail)) { - si->active_tail->active_next = cm; - } else { - si->active_head = cm; - } - si->active_tail = cm; - } - - xmit_dev = cm->xmit_dev; - skb->dev = xmit_dev; - - /* - * Check to see if we need to write a header. - */ - if (likely(cm->flags & SFE_IPV4_CONNECTION_MATCH_FLAG_WRITE_L2_HDR)) { - if (unlikely(!(cm->flags & SFE_IPV4_CONNECTION_MATCH_FLAG_WRITE_FAST_ETH_HDR))) { - dev_hard_header(skb, xmit_dev, ETH_P_IP, - cm->xmit_dest_mac, cm->xmit_src_mac, len); - } else { - /* - * For the simple case we write this really fast. - */ - struct sfe_ipv4_eth_hdr *eth = (struct sfe_ipv4_eth_hdr *)__skb_push(skb, ETH_HLEN); - eth->h_proto = htons(ETH_P_IP); - eth->h_dest[0] = cm->xmit_dest_mac[0]; - eth->h_dest[1] = cm->xmit_dest_mac[1]; - eth->h_dest[2] = cm->xmit_dest_mac[2]; - eth->h_source[0] = cm->xmit_src_mac[0]; - eth->h_source[1] = cm->xmit_src_mac[1]; - eth->h_source[2] = cm->xmit_src_mac[2]; - } - } - - /* - * Update priority of skb. - */ - if (unlikely(cm->flags & SFE_IPV4_CONNECTION_MATCH_FLAG_PRIORITY_REMARK)) { - skb->priority = cm->priority; - } - - /* - * Mark outgoing packet - */ - skb->mark = cm->connection->mark; - if (skb->mark) { - DEBUG_TRACE("SKB MARK is NON ZERO %x\n", skb->mark); - } - - si->packets_forwarded++; - spin_unlock_bh(&si->lock); - - /* - * We're going to check for GSO flags when we transmit the packet so - * start fetching the necessary cache line now. - */ - prefetch(skb_shinfo(skb)); - - /* - * Mark that this packet has been fast forwarded. - */ - skb->fast_forwarded = 1; - - /* - * Send the packet on its way. - */ - dev_queue_xmit(skb); - - return 1; -} - -/* - * sfe_ipv4_recv_icmp() - * Handle ICMP packet receives. - * - * ICMP packets aren't handled as a "fast path" and always have us process them - * through the default Linux stack. What we do need to do is look for any errors - * about connections we are handling in the fast path. If we find any such - * connections then we want to flush their state so that the ICMP error path - * within Linux has all of the correct state should it need it. - */ -static int sfe_ipv4_recv_icmp(struct sfe_ipv4 *si, struct sk_buff *skb, struct net_device *dev, - unsigned int len, struct sfe_ipv4_ip_hdr *iph, unsigned int ihl) -{ - struct icmphdr *icmph; - struct sfe_ipv4_ip_hdr *icmp_iph; - unsigned int icmp_ihl_words; - unsigned int icmp_ihl; - u32 *icmp_trans_h; - struct sfe_ipv4_udp_hdr *icmp_udph; - struct sfe_ipv4_tcp_hdr *icmp_tcph; - __be32 src_ip; - __be32 dest_ip; - __be16 src_port; - __be16 dest_port; - struct sfe_ipv4_connection_match *cm; - struct sfe_ipv4_connection *c; - u32 pull_len = sizeof(struct icmphdr) + ihl; - - /* - * Is our packet too short to contain a valid ICMP header? - */ - len -= ihl; - if (!pskb_may_pull(skb, pull_len)) { - spin_lock_bh(&si->lock); - si->exception_events[SFE_IPV4_EXCEPTION_EVENT_ICMP_HEADER_INCOMPLETE]++; - si->packets_not_forwarded++; - spin_unlock_bh(&si->lock); - - DEBUG_TRACE("packet too short for ICMP header\n"); - return 0; - } - - /* - * We only handle "destination unreachable" and "time exceeded" messages. - */ - icmph = (struct icmphdr *)(skb->data + ihl); - if ((icmph->type != ICMP_DEST_UNREACH) - && (icmph->type != ICMP_TIME_EXCEEDED)) { - spin_lock_bh(&si->lock); - si->exception_events[SFE_IPV4_EXCEPTION_EVENT_ICMP_UNHANDLED_TYPE]++; - si->packets_not_forwarded++; - spin_unlock_bh(&si->lock); - - DEBUG_TRACE("unhandled ICMP type: 0x%x\n", icmph->type); - return 0; - } - - /* - * Do we have the full embedded IP header? - */ - len -= sizeof(struct icmphdr); - pull_len += sizeof(struct sfe_ipv4_ip_hdr); - if (!pskb_may_pull(skb, pull_len)) { - spin_lock_bh(&si->lock); - si->exception_events[SFE_IPV4_EXCEPTION_EVENT_ICMP_IPV4_HEADER_INCOMPLETE]++; - si->packets_not_forwarded++; - spin_unlock_bh(&si->lock); - - DEBUG_TRACE("Embedded IP header not complete\n"); - return 0; - } - - /* - * Is our embedded IP version wrong? - */ - icmp_iph = (struct sfe_ipv4_ip_hdr *)(icmph + 1); - if (unlikely(icmp_iph->version != 4)) { - spin_lock_bh(&si->lock); - si->exception_events[SFE_IPV4_EXCEPTION_EVENT_ICMP_IPV4_NON_V4]++; - si->packets_not_forwarded++; - spin_unlock_bh(&si->lock); - - DEBUG_TRACE("IP version: %u\n", icmp_iph->version); - return 0; - } - - /* - * Do we have the full embedded IP header, including any options? - */ - icmp_ihl_words = icmp_iph->ihl; - icmp_ihl = icmp_ihl_words << 2; - pull_len += icmp_ihl - sizeof(struct sfe_ipv4_ip_hdr); - if (!pskb_may_pull(skb, pull_len)) { - spin_lock_bh(&si->lock); - si->exception_events[SFE_IPV4_EXCEPTION_EVENT_ICMP_IPV4_IP_OPTIONS_INCOMPLETE]++; - si->packets_not_forwarded++; - spin_unlock_bh(&si->lock); - - DEBUG_TRACE("Embedded header not large enough for IP options\n"); - return 0; - } - - len -= icmp_ihl; - icmp_trans_h = ((u32 *)icmp_iph) + icmp_ihl_words; - - /* - * Handle the embedded transport layer header. - */ - switch (icmp_iph->protocol) { - case IPPROTO_UDP: - /* - * We should have 8 bytes of UDP header - that's enough to identify - * the connection. - */ - pull_len += 8; - if (!pskb_may_pull(skb, pull_len)) { - spin_lock_bh(&si->lock); - si->exception_events[SFE_IPV4_EXCEPTION_EVENT_ICMP_IPV4_UDP_HEADER_INCOMPLETE]++; - si->packets_not_forwarded++; - spin_unlock_bh(&si->lock); - - DEBUG_TRACE("Incomplete embedded UDP header\n"); - return 0; - } - - icmp_udph = (struct sfe_ipv4_udp_hdr *)icmp_trans_h; - src_port = icmp_udph->source; - dest_port = icmp_udph->dest; - break; - - case IPPROTO_TCP: - /* - * We should have 8 bytes of TCP header - that's enough to identify - * the connection. - */ - pull_len += 8; - if (!pskb_may_pull(skb, pull_len)) { - spin_lock_bh(&si->lock); - si->exception_events[SFE_IPV4_EXCEPTION_EVENT_ICMP_IPV4_TCP_HEADER_INCOMPLETE]++; - si->packets_not_forwarded++; - spin_unlock_bh(&si->lock); - - DEBUG_TRACE("Incomplete embedded TCP header\n"); - return 0; - } - - icmp_tcph = (struct sfe_ipv4_tcp_hdr *)icmp_trans_h; - src_port = icmp_tcph->source; - dest_port = icmp_tcph->dest; - break; - - default: - spin_lock_bh(&si->lock); - si->exception_events[SFE_IPV4_EXCEPTION_EVENT_ICMP_IPV4_UNHANDLED_PROTOCOL]++; - si->packets_not_forwarded++; - spin_unlock_bh(&si->lock); - - DEBUG_TRACE("Unhandled embedded IP protocol: %u\n", icmp_iph->protocol); - return 0; - } - - src_ip = icmp_iph->saddr; - dest_ip = icmp_iph->daddr; - - spin_lock_bh(&si->lock); - - /* - * Look for a connection match. Note that we reverse the source and destination - * here because our embedded message contains a packet that was sent in the - * opposite direction to the one in which we just received it. It will have - * been sent on the interface from which we received it though so that's still - * ok to use. - */ - cm = sfe_ipv4_find_sfe_ipv4_connection_match(si, dev, icmp_iph->protocol, dest_ip, dest_port, src_ip, src_port); - if (unlikely(!cm)) { - si->exception_events[SFE_IPV4_EXCEPTION_EVENT_ICMP_NO_CONNECTION]++; - si->packets_not_forwarded++; - spin_unlock_bh(&si->lock); - - DEBUG_TRACE("no connection found\n"); - return 0; - } - - /* - * We found a connection so now remove it from the connection list and flush - * its state. - */ - c = cm->connection; - sfe_ipv4_remove_sfe_ipv4_connection(si, c); - si->exception_events[SFE_IPV4_EXCEPTION_EVENT_ICMP_FLUSHED_CONNECTION]++; - si->packets_not_forwarded++; - spin_unlock_bh(&si->lock); - - sfe_ipv4_flush_sfe_ipv4_connection(si, c, SFE_SYNC_REASON_FLUSH); - return 0; -} - -/* - * sfe_ipv4_recv() - * Handle packet receives and forwaring. - * - * Returns 1 if the packet is forwarded or 0 if it isn't. - */ -int sfe_ipv4_recv(struct net_device *dev, struct sk_buff *skb) -{ - struct sfe_ipv4 *si = &__si; - unsigned int len; - unsigned int tot_len; - unsigned int frag_off; - unsigned int ihl; - bool flush_on_find; - bool ip_options; - struct sfe_ipv4_ip_hdr *iph; - u32 protocol; - - /* - * Check that we have space for an IP header here. - */ - len = skb->len; - if (unlikely(!pskb_may_pull(skb, sizeof(struct sfe_ipv4_ip_hdr)))) { - spin_lock_bh(&si->lock); - si->exception_events[SFE_IPV4_EXCEPTION_EVENT_HEADER_INCOMPLETE]++; - si->packets_not_forwarded++; - spin_unlock_bh(&si->lock); - - DEBUG_TRACE("len: %u is too short\n", len); - return 0; - } - - /* - * Check that our "total length" is large enough for an IP header. - */ - iph = (struct sfe_ipv4_ip_hdr *)skb->data; - tot_len = ntohs(iph->tot_len); - if (unlikely(tot_len < sizeof(struct sfe_ipv4_ip_hdr))) { - spin_lock_bh(&si->lock); - si->exception_events[SFE_IPV4_EXCEPTION_EVENT_BAD_TOTAL_LENGTH]++; - si->packets_not_forwarded++; - spin_unlock_bh(&si->lock); - - DEBUG_TRACE("tot_len: %u is too short\n", tot_len); - return 0; - } - - /* - * Is our IP version wrong? - */ - if (unlikely(iph->version != 4)) { - spin_lock_bh(&si->lock); - si->exception_events[SFE_IPV4_EXCEPTION_EVENT_NON_V4]++; - si->packets_not_forwarded++; - spin_unlock_bh(&si->lock); - - DEBUG_TRACE("IP version: %u\n", iph->version); - return 0; - } - - /* - * Does our datagram fit inside the skb? - */ - if (unlikely(tot_len > len)) { - spin_lock_bh(&si->lock); - si->exception_events[SFE_IPV4_EXCEPTION_EVENT_DATAGRAM_INCOMPLETE]++; - si->packets_not_forwarded++; - spin_unlock_bh(&si->lock); - - DEBUG_TRACE("tot_len: %u, exceeds len: %u\n", tot_len, len); - return 0; - } - - /* - * Do we have a non-initial fragment? - */ - frag_off = ntohs(iph->frag_off); - if (unlikely(frag_off & IP_OFFSET)) { - spin_lock_bh(&si->lock); - si->exception_events[SFE_IPV4_EXCEPTION_EVENT_NON_INITIAL_FRAGMENT]++; - si->packets_not_forwarded++; - spin_unlock_bh(&si->lock); - - DEBUG_TRACE("non-initial fragment\n"); - return 0; - } - - /* - * If we have a (first) fragment then mark it to cause any connection to flush. - */ - flush_on_find = unlikely(frag_off & IP_MF) ? true : false; - - /* - * Do we have any IP options? That's definite a slow path! If we do have IP - * options we need to recheck our header size. - */ - ihl = iph->ihl << 2; - ip_options = unlikely(ihl != sizeof(struct sfe_ipv4_ip_hdr)) ? true : false; - if (unlikely(ip_options)) { - if (unlikely(len < ihl)) { - spin_lock_bh(&si->lock); - si->exception_events[SFE_IPV4_EXCEPTION_EVENT_IP_OPTIONS_INCOMPLETE]++; - si->packets_not_forwarded++; - spin_unlock_bh(&si->lock); - - DEBUG_TRACE("len: %u is too short for header of size: %u\n", len, ihl); - return 0; - } - - flush_on_find = true; - } - - protocol = iph->protocol; - if (IPPROTO_UDP == protocol) { - return sfe_ipv4_recv_udp(si, skb, dev, len, iph, ihl, flush_on_find); - } - - if (IPPROTO_TCP == protocol) { - return sfe_ipv4_recv_tcp(si, skb, dev, len, iph, ihl, flush_on_find); - } - - if (IPPROTO_ICMP == protocol) { - return sfe_ipv4_recv_icmp(si, skb, dev, len, iph, ihl); - } - - spin_lock_bh(&si->lock); - si->exception_events[SFE_IPV4_EXCEPTION_EVENT_UNHANDLED_PROTOCOL]++; - si->packets_not_forwarded++; - spin_unlock_bh(&si->lock); - - DEBUG_TRACE("not UDP, TCP or ICMP: %u\n", protocol); - return 0; -} - -static void -sfe_ipv4_update_tcp_state(struct sfe_ipv4_connection *c, - struct sfe_connection_create *sic) -{ - struct sfe_ipv4_connection_match *orig_cm; - struct sfe_ipv4_connection_match *repl_cm; - struct sfe_ipv4_tcp_connection_match *orig_tcp; - struct sfe_ipv4_tcp_connection_match *repl_tcp; - - orig_cm = c->original_match; - repl_cm = c->reply_match; - orig_tcp = &orig_cm->protocol_state.tcp; - repl_tcp = &repl_cm->protocol_state.tcp; - - /* update orig */ - if (orig_tcp->max_win < sic->src_td_max_window) { - orig_tcp->max_win = sic->src_td_max_window; - } - if ((s32)(orig_tcp->end - sic->src_td_end) < 0) { - orig_tcp->end = sic->src_td_end; - } - if ((s32)(orig_tcp->max_end - sic->src_td_max_end) < 0) { - orig_tcp->max_end = sic->src_td_max_end; - } - - /* update reply */ - if (repl_tcp->max_win < sic->dest_td_max_window) { - repl_tcp->max_win = sic->dest_td_max_window; - } - if ((s32)(repl_tcp->end - sic->dest_td_end) < 0) { - repl_tcp->end = sic->dest_td_end; - } - if ((s32)(repl_tcp->max_end - sic->dest_td_max_end) < 0) { - repl_tcp->max_end = sic->dest_td_max_end; - } - - /* update match flags */ - orig_cm->flags &= ~SFE_IPV4_CONNECTION_MATCH_FLAG_NO_SEQ_CHECK; - repl_cm->flags &= ~SFE_IPV4_CONNECTION_MATCH_FLAG_NO_SEQ_CHECK; - if (sic->flags & SFE_CREATE_FLAG_NO_SEQ_CHECK) { - orig_cm->flags |= SFE_IPV4_CONNECTION_MATCH_FLAG_NO_SEQ_CHECK; - repl_cm->flags |= SFE_IPV4_CONNECTION_MATCH_FLAG_NO_SEQ_CHECK; - } -} - -static void -sfe_ipv4_update_protocol_state(struct sfe_ipv4_connection *c, - struct sfe_connection_create *sic) -{ - switch (sic->protocol) { - case IPPROTO_TCP: - sfe_ipv4_update_tcp_state(c, sic); - break; - } -} - -void sfe_ipv4_update_rule(struct sfe_connection_create *sic) -{ - struct sfe_ipv4_connection *c; - struct sfe_ipv4 *si = &__si; - - spin_lock_bh(&si->lock); - - c = sfe_ipv4_find_sfe_ipv4_connection(si, - sic->protocol, - sic->src_ip.ip, - sic->src_port, - sic->dest_ip.ip, - sic->dest_port); - if (c != NULL) { - sfe_ipv4_update_protocol_state(c, sic); - } - - spin_unlock_bh(&si->lock); -} - -/* - * sfe_ipv4_create_rule() - * Create a forwarding rule. - */ -int sfe_ipv4_create_rule(struct sfe_connection_create *sic) -{ - struct sfe_ipv4 *si = &__si; - struct sfe_ipv4_connection *c; - struct sfe_ipv4_connection_match *original_cm; - struct sfe_ipv4_connection_match *reply_cm; - struct net_device *dest_dev; - struct net_device *src_dev; - - dest_dev = sic->dest_dev; - src_dev = sic->src_dev; - - if (unlikely((dest_dev->reg_state != NETREG_REGISTERED) || - (src_dev->reg_state != NETREG_REGISTERED))) { - return -EINVAL; - } - - spin_lock_bh(&si->lock); - si->connection_create_requests++; - - /* - * Check to see if there is already a flow that matches the rule we're - * trying to create. If there is then we can't create a new one. - */ - c = sfe_ipv4_find_sfe_ipv4_connection(si, - sic->protocol, - sic->src_ip.ip, - sic->src_port, - sic->dest_ip.ip, - sic->dest_port); - if (c != NULL) { - si->connection_create_collisions++; - - /* - * If we already have the flow then it's likely that this - * request to create the connection rule contains more - * up-to-date information. Check and update accordingly. - */ - sfe_ipv4_update_protocol_state(c, sic); - spin_unlock_bh(&si->lock); - - DEBUG_TRACE("connection already exists - mark: %08x, p: %d\n" - " s: %s:%pM:%pI4:%u, d: %s:%pM:%pI4:%u\n", - sic->mark, sic->protocol, - sic->src_dev->name, sic->src_mac, &sic->src_ip.ip, ntohs(sic->src_port), - sic->dest_dev->name, sic->dest_mac, &sic->dest_ip.ip, ntohs(sic->dest_port)); - return -EADDRINUSE; - } - - /* - * Allocate the various connection tracking objects. - */ - c = (struct sfe_ipv4_connection *)kmalloc(sizeof(struct sfe_ipv4_connection), GFP_ATOMIC); - if (unlikely(!c)) { - spin_unlock_bh(&si->lock); - return -ENOMEM; - } - - original_cm = (struct sfe_ipv4_connection_match *)kmalloc(sizeof(struct sfe_ipv4_connection_match), GFP_ATOMIC); - if (unlikely(!original_cm)) { - spin_unlock_bh(&si->lock); - kfree(c); - return -ENOMEM; - } - - reply_cm = (struct sfe_ipv4_connection_match *)kmalloc(sizeof(struct sfe_ipv4_connection_match), GFP_ATOMIC); - if (unlikely(!reply_cm)) { - spin_unlock_bh(&si->lock); - kfree(original_cm); - kfree(c); - return -ENOMEM; - } - - /* - * Fill in the "original" direction connection matching object. - * Note that the transmit MAC address is "dest_mac_xlate" because - * we always know both ends of a connection by their translated - * addresses and not their public addresses. - */ - original_cm->match_dev = src_dev; - original_cm->match_protocol = sic->protocol; - original_cm->match_src_ip = sic->src_ip.ip; - original_cm->match_src_port = sic->src_port; - original_cm->match_dest_ip = sic->dest_ip.ip; - original_cm->match_dest_port = sic->dest_port; - original_cm->xlate_src_ip = sic->src_ip_xlate.ip; - original_cm->xlate_src_port = sic->src_port_xlate; - original_cm->xlate_dest_ip = sic->dest_ip_xlate.ip; - original_cm->xlate_dest_port = sic->dest_port_xlate; - original_cm->rx_packet_count = 0; - original_cm->rx_packet_count64 = 0; - original_cm->rx_byte_count = 0; - original_cm->rx_byte_count64 = 0; - original_cm->xmit_dev = dest_dev; - original_cm->xmit_dev_mtu = sic->dest_mtu; - memcpy(original_cm->xmit_src_mac, dest_dev->dev_addr, ETH_ALEN); - memcpy(original_cm->xmit_dest_mac, sic->dest_mac_xlate, ETH_ALEN); - original_cm->connection = c; - original_cm->counter_match = reply_cm; - original_cm->flags = 0; - if (sic->flags & SFE_CREATE_FLAG_REMARK_PRIORITY) { - original_cm->priority = sic->src_priority; - original_cm->flags |= SFE_IPV4_CONNECTION_MATCH_FLAG_PRIORITY_REMARK; - } - if (sic->flags & SFE_CREATE_FLAG_REMARK_DSCP) { - original_cm->dscp = sic->src_dscp << SFE_IPV4_DSCP_SHIFT; - original_cm->flags |= SFE_IPV4_CONNECTION_MATCH_FLAG_DSCP_REMARK; - } -#ifdef CONFIG_NF_FLOW_COOKIE - original_cm->flow_cookie = 0; -#endif -#ifdef CONFIG_XFRM - original_cm->flow_accel = sic->original_accel; -#endif - original_cm->active_next = NULL; - original_cm->active_prev = NULL; - original_cm->active = false; - - /* - * For PPP links we don't write an L2 header. For everything else we do. - */ - if (!(dest_dev->flags & IFF_POINTOPOINT)) { - original_cm->flags |= SFE_IPV4_CONNECTION_MATCH_FLAG_WRITE_L2_HDR; - - /* - * If our dev writes Ethernet headers then we can write a really fast - * version. - */ - if (dest_dev->header_ops) { - if (dest_dev->header_ops->create == eth_header) { - original_cm->flags |= SFE_IPV4_CONNECTION_MATCH_FLAG_WRITE_FAST_ETH_HDR; - } - } - } - - /* - * Fill in the "reply" direction connection matching object. - */ - reply_cm->match_dev = dest_dev; - reply_cm->match_protocol = sic->protocol; - reply_cm->match_src_ip = sic->dest_ip_xlate.ip; - reply_cm->match_src_port = sic->dest_port_xlate; - reply_cm->match_dest_ip = sic->src_ip_xlate.ip; - reply_cm->match_dest_port = sic->src_port_xlate; - reply_cm->xlate_src_ip = sic->dest_ip.ip; - reply_cm->xlate_src_port = sic->dest_port; - reply_cm->xlate_dest_ip = sic->src_ip.ip; - reply_cm->xlate_dest_port = sic->src_port; - reply_cm->rx_packet_count = 0; - reply_cm->rx_packet_count64 = 0; - reply_cm->rx_byte_count = 0; - reply_cm->rx_byte_count64 = 0; - reply_cm->xmit_dev = src_dev; - reply_cm->xmit_dev_mtu = sic->src_mtu; - memcpy(reply_cm->xmit_src_mac, src_dev->dev_addr, ETH_ALEN); - memcpy(reply_cm->xmit_dest_mac, sic->src_mac, ETH_ALEN); - reply_cm->connection = c; - reply_cm->counter_match = original_cm; - reply_cm->flags = 0; - if (sic->flags & SFE_CREATE_FLAG_REMARK_PRIORITY) { - reply_cm->priority = sic->dest_priority; - reply_cm->flags |= SFE_IPV4_CONNECTION_MATCH_FLAG_PRIORITY_REMARK; - } - if (sic->flags & SFE_CREATE_FLAG_REMARK_DSCP) { - reply_cm->dscp = sic->dest_dscp << SFE_IPV4_DSCP_SHIFT; - reply_cm->flags |= SFE_IPV4_CONNECTION_MATCH_FLAG_DSCP_REMARK; - } -#ifdef CONFIG_NF_FLOW_COOKIE - reply_cm->flow_cookie = 0; -#endif -#ifdef CONFIG_XFRM - reply_cm->flow_accel = sic->reply_accel; -#endif - reply_cm->active_next = NULL; - reply_cm->active_prev = NULL; - reply_cm->active = false; - - /* - * For PPP links we don't write an L2 header. For everything else we do. - */ - if (!(src_dev->flags & IFF_POINTOPOINT)) { - reply_cm->flags |= SFE_IPV4_CONNECTION_MATCH_FLAG_WRITE_L2_HDR; - - /* - * If our dev writes Ethernet headers then we can write a really fast - * version. - */ - if (src_dev->header_ops) { - if (src_dev->header_ops->create == eth_header) { - reply_cm->flags |= SFE_IPV4_CONNECTION_MATCH_FLAG_WRITE_FAST_ETH_HDR; - } - } - } - - - if (sic->dest_ip.ip != sic->dest_ip_xlate.ip || sic->dest_port != sic->dest_port_xlate) { - original_cm->flags |= SFE_IPV4_CONNECTION_MATCH_FLAG_XLATE_DEST; - reply_cm->flags |= SFE_IPV4_CONNECTION_MATCH_FLAG_XLATE_SRC; - } - - if (sic->src_ip.ip != sic->src_ip_xlate.ip || sic->src_port != sic->src_port_xlate) { - original_cm->flags |= SFE_IPV4_CONNECTION_MATCH_FLAG_XLATE_SRC; - reply_cm->flags |= SFE_IPV4_CONNECTION_MATCH_FLAG_XLATE_DEST; - } - - c->protocol = sic->protocol; - c->src_ip = sic->src_ip.ip; - c->src_ip_xlate = sic->src_ip_xlate.ip; - c->src_port = sic->src_port; - c->src_port_xlate = sic->src_port_xlate; - c->original_dev = src_dev; - c->original_match = original_cm; - c->dest_ip = sic->dest_ip.ip; - c->dest_ip_xlate = sic->dest_ip_xlate.ip; - c->dest_port = sic->dest_port; - c->dest_port_xlate = sic->dest_port_xlate; - c->reply_dev = dest_dev; - c->reply_match = reply_cm; - c->mark = sic->mark; - c->debug_read_seq = 0; - c->last_sync_jiffies = get_jiffies_64(); - - /* - * Take hold of our source and dest devices for the duration of the connection. - */ - dev_hold(c->original_dev); - dev_hold(c->reply_dev); - - /* - * Initialize the protocol-specific information that we track. - */ - switch (sic->protocol) { - case IPPROTO_TCP: - original_cm->protocol_state.tcp.win_scale = sic->src_td_window_scale; - original_cm->protocol_state.tcp.max_win = sic->src_td_max_window ? sic->src_td_max_window : 1; - original_cm->protocol_state.tcp.end = sic->src_td_end; - original_cm->protocol_state.tcp.max_end = sic->src_td_max_end; - reply_cm->protocol_state.tcp.win_scale = sic->dest_td_window_scale; - reply_cm->protocol_state.tcp.max_win = sic->dest_td_max_window ? sic->dest_td_max_window : 1; - reply_cm->protocol_state.tcp.end = sic->dest_td_end; - reply_cm->protocol_state.tcp.max_end = sic->dest_td_max_end; - if (sic->flags & SFE_CREATE_FLAG_NO_SEQ_CHECK) { - original_cm->flags |= SFE_IPV4_CONNECTION_MATCH_FLAG_NO_SEQ_CHECK; - reply_cm->flags |= SFE_IPV4_CONNECTION_MATCH_FLAG_NO_SEQ_CHECK; - } - break; - } - - sfe_ipv4_connection_match_compute_translations(original_cm); - sfe_ipv4_connection_match_compute_translations(reply_cm); - sfe_ipv4_insert_sfe_ipv4_connection(si, c); - - spin_unlock_bh(&si->lock); - - /* - * We have everything we need! - */ - DEBUG_INFO("new connection - mark: %08x, p: %d\n" - " s: %s:%pM(%pM):%pI4(%pI4):%u(%u)\n" - " d: %s:%pM(%pM):%pI4(%pI4):%u(%u)\n", - sic->mark, sic->protocol, - sic->src_dev->name, sic->src_mac, sic->src_mac_xlate, - &sic->src_ip.ip, &sic->src_ip_xlate.ip, ntohs(sic->src_port), ntohs(sic->src_port_xlate), - dest_dev->name, sic->dest_mac, sic->dest_mac_xlate, - &sic->dest_ip.ip, &sic->dest_ip_xlate.ip, ntohs(sic->dest_port), ntohs(sic->dest_port_xlate)); - - return 0; -} - -/* - * sfe_ipv4_destroy_rule() - * Destroy a forwarding rule. - */ -void sfe_ipv4_destroy_rule(struct sfe_connection_destroy *sid) -{ - struct sfe_ipv4 *si = &__si; - struct sfe_ipv4_connection *c; - - spin_lock_bh(&si->lock); - si->connection_destroy_requests++; - - /* - * Check to see if we have a flow that matches the rule we're trying - * to destroy. If there isn't then we can't destroy it. - */ - c = sfe_ipv4_find_sfe_ipv4_connection(si, sid->protocol, sid->src_ip.ip, sid->src_port, - sid->dest_ip.ip, sid->dest_port); - if (!c) { - si->connection_destroy_misses++; - spin_unlock_bh(&si->lock); - - DEBUG_TRACE("connection does not exist - p: %d, s: %pI4:%u, d: %pI4:%u\n", - sid->protocol, &sid->src_ip, ntohs(sid->src_port), - &sid->dest_ip, ntohs(sid->dest_port)); - return; - } - - /* - * Remove our connection details from the hash tables. - */ - sfe_ipv4_remove_sfe_ipv4_connection(si, c); - spin_unlock_bh(&si->lock); - - sfe_ipv4_flush_sfe_ipv4_connection(si, c, SFE_SYNC_REASON_DESTROY); - - DEBUG_INFO("connection destroyed - p: %d, s: %pI4:%u, d: %pI4:%u\n", - sid->protocol, &sid->src_ip.ip, ntohs(sid->src_port), - &sid->dest_ip.ip, ntohs(sid->dest_port)); -} - -/* - * sfe_ipv4_register_sync_rule_callback() - * Register a callback for rule synchronization. - */ -void sfe_ipv4_register_sync_rule_callback(sfe_sync_rule_callback_t sync_rule_callback) -{ - struct sfe_ipv4 *si = &__si; - - spin_lock_bh(&si->lock); - rcu_assign_pointer(si->sync_rule_callback, sync_rule_callback); - spin_unlock_bh(&si->lock); -} - -/* - * sfe_ipv4_get_debug_dev() - */ -static ssize_t sfe_ipv4_get_debug_dev(struct device *dev, - struct device_attribute *attr, - char *buf) -{ - struct sfe_ipv4 *si = &__si; - ssize_t count; - int num; - - spin_lock_bh(&si->lock); - num = si->debug_dev; - spin_unlock_bh(&si->lock); - - count = snprintf(buf, (ssize_t)PAGE_SIZE, "%d\n", num); - return count; -} - -/* - * sysfs attributes. - */ -static const struct device_attribute sfe_ipv4_debug_dev_attr = - __ATTR(debug_dev, S_IWUSR | S_IRUGO, sfe_ipv4_get_debug_dev, NULL); - -/* - * sfe_ipv4_destroy_all_rules_for_dev() - * Destroy all connections that match a particular device. - * - * If we pass dev as NULL then this destroys all connections. - */ -void sfe_ipv4_destroy_all_rules_for_dev(struct net_device *dev) -{ - struct sfe_ipv4 *si = &__si; - struct sfe_ipv4_connection *c; - -another_round: - spin_lock_bh(&si->lock); - - for (c = si->all_connections_head; c; c = c->all_connections_next) { - /* - * Does this connection relate to the device we are destroying? - */ - if (!dev - || (dev == c->original_dev) - || (dev == c->reply_dev)) { - break; - } - } - - if (c) { - sfe_ipv4_remove_sfe_ipv4_connection(si, c); - } - - spin_unlock_bh(&si->lock); - - if (c) { - sfe_ipv4_flush_sfe_ipv4_connection(si, c, SFE_SYNC_REASON_DESTROY); - goto another_round; - } -} - -/* - * sfe_ipv4_periodic_sync() - */ -#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 15, 0)) -static void sfe_ipv4_periodic_sync(struct timer_list *arg) -#else -static void sfe_ipv4_periodic_sync(unsigned long arg) -#endif /*KERNEL_VERSION(4, 15, 0)*/ -{ -#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 15, 0)) - struct sfe_ipv4 *si = (struct sfe_ipv4 *)arg->cust_data; -#else - struct sfe_ipv4 *si = (struct sfe_ipv4 *)arg; -#endif /*KERNEL_VERSION(4, 15, 0)*/ - u64 now_jiffies; - int quota; - sfe_sync_rule_callback_t sync_rule_callback; - - now_jiffies = get_jiffies_64(); - - rcu_read_lock(); - sync_rule_callback = rcu_dereference(si->sync_rule_callback); - if (!sync_rule_callback) { - rcu_read_unlock(); - goto done; - } - - spin_lock_bh(&si->lock); - sfe_ipv4_update_summary_stats(si); - - /* - * Get an estimate of the number of connections to parse in this sync. - */ - quota = (si->num_connections + 63) / 64; - - /* - * Walk the "active" list and sync the connection state. - */ - while (quota--) { - struct sfe_ipv4_connection_match *cm; - struct sfe_ipv4_connection_match *counter_cm; - struct sfe_ipv4_connection *c; - struct sfe_connection_sync sis; - - cm = si->active_head; - if (!cm) { - break; - } - - /* - * There's a possibility that our counter match is in the active list too. - * If it is then remove it. - */ - counter_cm = cm->counter_match; - if (counter_cm->active) { - counter_cm->active = false; - - /* - * We must have a connection preceding this counter match - * because that's the one that got us to this point, so we don't have - * to worry about removing the head of the list. - */ - counter_cm->active_prev->active_next = counter_cm->active_next; - - if (likely(counter_cm->active_next)) { - counter_cm->active_next->active_prev = counter_cm->active_prev; - } else { - si->active_tail = counter_cm->active_prev; - } - - counter_cm->active_next = NULL; - counter_cm->active_prev = NULL; - } - - /* - * Now remove the head of the active scan list. - */ - cm->active = false; - si->active_head = cm->active_next; - if (likely(cm->active_next)) { - cm->active_next->active_prev = NULL; - } else { - si->active_tail = NULL; - } - cm->active_next = NULL; - - /* - * Sync the connection state. - */ - c = cm->connection; - sfe_ipv4_gen_sync_sfe_ipv4_connection(si, c, &sis, SFE_SYNC_REASON_STATS, now_jiffies); - - /* - * We don't want to be holding the lock when we sync! - */ - spin_unlock_bh(&si->lock); - sync_rule_callback(&sis); - spin_lock_bh(&si->lock); - } - - spin_unlock_bh(&si->lock); - rcu_read_unlock(); - -done: - mod_timer(&si->timer, jiffies + ((HZ + 99) / 100)); -} - -#define CHAR_DEV_MSG_SIZE 768 - -/* - * sfe_ipv4_debug_dev_read_start() - * Generate part of the XML output. - */ -static bool sfe_ipv4_debug_dev_read_start(struct sfe_ipv4 *si, char *buffer, char *msg, size_t *length, - int *total_read, struct sfe_ipv4_debug_xml_write_state *ws) -{ - int bytes_read; - - si->debug_read_seq++; - - bytes_read = snprintf(msg, CHAR_DEV_MSG_SIZE, "\n"); - if (copy_to_user(buffer + *total_read, msg, CHAR_DEV_MSG_SIZE)) { - return false; - } - - *length -= bytes_read; - *total_read += bytes_read; - - ws->state++; - return true; -} - -/* - * sfe_ipv4_debug_dev_read_connections_start() - * Generate part of the XML output. - */ -static bool sfe_ipv4_debug_dev_read_connections_start(struct sfe_ipv4 *si, char *buffer, char *msg, size_t *length, - int *total_read, struct sfe_ipv4_debug_xml_write_state *ws) -{ - int bytes_read; - - bytes_read = snprintf(msg, CHAR_DEV_MSG_SIZE, "\t\n"); - if (copy_to_user(buffer + *total_read, msg, CHAR_DEV_MSG_SIZE)) { - return false; - } - - *length -= bytes_read; - *total_read += bytes_read; - - ws->state++; - return true; -} - -/* - * sfe_ipv4_debug_dev_read_connections_connection() - * Generate part of the XML output. - */ -static bool sfe_ipv4_debug_dev_read_connections_connection(struct sfe_ipv4 *si, char *buffer, char *msg, size_t *length, - int *total_read, struct sfe_ipv4_debug_xml_write_state *ws) -{ - struct sfe_ipv4_connection *c; - struct sfe_ipv4_connection_match *original_cm; - struct sfe_ipv4_connection_match *reply_cm; - int bytes_read; - int protocol; - struct net_device *src_dev; - __be32 src_ip; - __be32 src_ip_xlate; - __be16 src_port; - __be16 src_port_xlate; - u64 src_rx_packets; - u64 src_rx_bytes; - struct net_device *dest_dev; - __be32 dest_ip; - __be32 dest_ip_xlate; - __be16 dest_port; - __be16 dest_port_xlate; - u64 dest_rx_packets; - u64 dest_rx_bytes; - u64 last_sync_jiffies; - u32 mark, src_priority, dest_priority, src_dscp, dest_dscp; -#ifdef CONFIG_NF_FLOW_COOKIE - int src_flow_cookie, dst_flow_cookie; -#endif - - spin_lock_bh(&si->lock); - - for (c = si->all_connections_head; c; c = c->all_connections_next) { - if (c->debug_read_seq < si->debug_read_seq) { - c->debug_read_seq = si->debug_read_seq; - break; - } - } - - /* - * If there were no connections then move to the next state. - */ - if (!c) { - spin_unlock_bh(&si->lock); - ws->state++; - return true; - } - - original_cm = c->original_match; - reply_cm = c->reply_match; - - protocol = c->protocol; - src_dev = c->original_dev; - src_ip = c->src_ip; - src_ip_xlate = c->src_ip_xlate; - src_port = c->src_port; - src_port_xlate = c->src_port_xlate; - src_priority = original_cm->priority; - src_dscp = original_cm->dscp >> SFE_IPV4_DSCP_SHIFT; - - sfe_ipv4_connection_match_update_summary_stats(original_cm); - sfe_ipv4_connection_match_update_summary_stats(reply_cm); - - src_rx_packets = original_cm->rx_packet_count64; - src_rx_bytes = original_cm->rx_byte_count64; - dest_dev = c->reply_dev; - dest_ip = c->dest_ip; - dest_ip_xlate = c->dest_ip_xlate; - dest_port = c->dest_port; - dest_port_xlate = c->dest_port_xlate; - dest_priority = reply_cm->priority; - dest_dscp = reply_cm->dscp >> SFE_IPV4_DSCP_SHIFT; - dest_rx_packets = reply_cm->rx_packet_count64; - dest_rx_bytes = reply_cm->rx_byte_count64; - last_sync_jiffies = get_jiffies_64() - c->last_sync_jiffies; - mark = c->mark; -#ifdef CONFIG_NF_FLOW_COOKIE - src_flow_cookie = original_cm->flow_cookie; - dst_flow_cookie = reply_cm->flow_cookie; -#endif - spin_unlock_bh(&si->lock); - - bytes_read = snprintf(msg, CHAR_DEV_MSG_SIZE, "\t\t\n", - protocol, - src_dev->name, - &src_ip, &src_ip_xlate, - ntohs(src_port), ntohs(src_port_xlate), - src_priority, src_dscp, - src_rx_packets, src_rx_bytes, - dest_dev->name, - &dest_ip, &dest_ip_xlate, - ntohs(dest_port), ntohs(dest_port_xlate), - dest_priority, dest_dscp, - dest_rx_packets, dest_rx_bytes, -#ifdef CONFIG_NF_FLOW_COOKIE - src_flow_cookie, dst_flow_cookie, -#endif - last_sync_jiffies, mark); - - if (copy_to_user(buffer + *total_read, msg, CHAR_DEV_MSG_SIZE)) { - return false; - } - - *length -= bytes_read; - *total_read += bytes_read; - - return true; -} - -/* - * sfe_ipv4_debug_dev_read_connections_end() - * Generate part of the XML output. - */ -static bool sfe_ipv4_debug_dev_read_connections_end(struct sfe_ipv4 *si, char *buffer, char *msg, size_t *length, - int *total_read, struct sfe_ipv4_debug_xml_write_state *ws) -{ - int bytes_read; - - bytes_read = snprintf(msg, CHAR_DEV_MSG_SIZE, "\t\n"); - if (copy_to_user(buffer + *total_read, msg, CHAR_DEV_MSG_SIZE)) { - return false; - } - - *length -= bytes_read; - *total_read += bytes_read; - - ws->state++; - return true; -} - -/* - * sfe_ipv4_debug_dev_read_exceptions_start() - * Generate part of the XML output. - */ -static bool sfe_ipv4_debug_dev_read_exceptions_start(struct sfe_ipv4 *si, char *buffer, char *msg, size_t *length, - int *total_read, struct sfe_ipv4_debug_xml_write_state *ws) -{ - int bytes_read; - - bytes_read = snprintf(msg, CHAR_DEV_MSG_SIZE, "\t\n"); - if (copy_to_user(buffer + *total_read, msg, CHAR_DEV_MSG_SIZE)) { - return false; - } - - *length -= bytes_read; - *total_read += bytes_read; - - ws->state++; - return true; -} - -/* - * sfe_ipv4_debug_dev_read_exceptions_exception() - * Generate part of the XML output. - */ -static bool sfe_ipv4_debug_dev_read_exceptions_exception(struct sfe_ipv4 *si, char *buffer, char *msg, size_t *length, - int *total_read, struct sfe_ipv4_debug_xml_write_state *ws) -{ - u64 ct; - - spin_lock_bh(&si->lock); - ct = si->exception_events64[ws->iter_exception]; - spin_unlock_bh(&si->lock); - - if (ct) { - int bytes_read; - - bytes_read = snprintf(msg, CHAR_DEV_MSG_SIZE, - "\t\t\n", - sfe_ipv4_exception_events_string[ws->iter_exception], - ct); - if (copy_to_user(buffer + *total_read, msg, CHAR_DEV_MSG_SIZE)) { - return false; - } - - *length -= bytes_read; - *total_read += bytes_read; - } - - ws->iter_exception++; - if (ws->iter_exception >= SFE_IPV4_EXCEPTION_EVENT_LAST) { - ws->iter_exception = 0; - ws->state++; - } - - return true; -} - -/* - * sfe_ipv4_debug_dev_read_exceptions_end() - * Generate part of the XML output. - */ -static bool sfe_ipv4_debug_dev_read_exceptions_end(struct sfe_ipv4 *si, char *buffer, char *msg, size_t *length, - int *total_read, struct sfe_ipv4_debug_xml_write_state *ws) -{ - int bytes_read; - - bytes_read = snprintf(msg, CHAR_DEV_MSG_SIZE, "\t\n"); - if (copy_to_user(buffer + *total_read, msg, CHAR_DEV_MSG_SIZE)) { - return false; - } - - *length -= bytes_read; - *total_read += bytes_read; - - ws->state++; - return true; -} - -/* - * sfe_ipv4_debug_dev_read_stats() - * Generate part of the XML output. - */ -static bool sfe_ipv4_debug_dev_read_stats(struct sfe_ipv4 *si, char *buffer, char *msg, size_t *length, - int *total_read, struct sfe_ipv4_debug_xml_write_state *ws) -{ - int bytes_read; - unsigned int num_connections; - u64 packets_forwarded; - u64 packets_not_forwarded; - u64 connection_create_requests; - u64 connection_create_collisions; - u64 connection_destroy_requests; - u64 connection_destroy_misses; - u64 connection_flushes; - u64 connection_match_hash_hits; - u64 connection_match_hash_reorders; - - spin_lock_bh(&si->lock); - sfe_ipv4_update_summary_stats(si); - - num_connections = si->num_connections; - packets_forwarded = si->packets_forwarded64; - packets_not_forwarded = si->packets_not_forwarded64; - connection_create_requests = si->connection_create_requests64; - connection_create_collisions = si->connection_create_collisions64; - connection_destroy_requests = si->connection_destroy_requests64; - connection_destroy_misses = si->connection_destroy_misses64; - connection_flushes = si->connection_flushes64; - connection_match_hash_hits = si->connection_match_hash_hits64; - connection_match_hash_reorders = si->connection_match_hash_reorders64; - spin_unlock_bh(&si->lock); - - bytes_read = snprintf(msg, CHAR_DEV_MSG_SIZE, "\t\n", - num_connections, - packets_forwarded, - packets_not_forwarded, - connection_create_requests, - connection_create_collisions, - connection_destroy_requests, - connection_destroy_misses, - connection_flushes, - connection_match_hash_hits, - connection_match_hash_reorders); - if (copy_to_user(buffer + *total_read, msg, CHAR_DEV_MSG_SIZE)) { - return false; - } - - *length -= bytes_read; - *total_read += bytes_read; - - ws->state++; - return true; -} - -/* - * sfe_ipv4_debug_dev_read_end() - * Generate part of the XML output. - */ -static bool sfe_ipv4_debug_dev_read_end(struct sfe_ipv4 *si, char *buffer, char *msg, size_t *length, - int *total_read, struct sfe_ipv4_debug_xml_write_state *ws) -{ - int bytes_read; - - bytes_read = snprintf(msg, CHAR_DEV_MSG_SIZE, "\n"); - if (copy_to_user(buffer + *total_read, msg, CHAR_DEV_MSG_SIZE)) { - return false; - } - - *length -= bytes_read; - *total_read += bytes_read; - - ws->state++; - return true; -} - -/* - * Array of write functions that write various XML elements that correspond to - * our XML output state machine. - */ -static sfe_ipv4_debug_xml_write_method_t sfe_ipv4_debug_xml_write_methods[SFE_IPV4_DEBUG_XML_STATE_DONE] = { - sfe_ipv4_debug_dev_read_start, - sfe_ipv4_debug_dev_read_connections_start, - sfe_ipv4_debug_dev_read_connections_connection, - sfe_ipv4_debug_dev_read_connections_end, - sfe_ipv4_debug_dev_read_exceptions_start, - sfe_ipv4_debug_dev_read_exceptions_exception, - sfe_ipv4_debug_dev_read_exceptions_end, - sfe_ipv4_debug_dev_read_stats, - sfe_ipv4_debug_dev_read_end, -}; - -/* - * sfe_ipv4_debug_dev_read() - * Send info to userspace upon read request from user - */ -static ssize_t sfe_ipv4_debug_dev_read(struct file *filp, char *buffer, size_t length, loff_t *offset) -{ - char msg[CHAR_DEV_MSG_SIZE]; - int total_read = 0; - struct sfe_ipv4_debug_xml_write_state *ws; - struct sfe_ipv4 *si = &__si; - - ws = (struct sfe_ipv4_debug_xml_write_state *)filp->private_data; - while ((ws->state != SFE_IPV4_DEBUG_XML_STATE_DONE) && (length > CHAR_DEV_MSG_SIZE)) { - if ((sfe_ipv4_debug_xml_write_methods[ws->state])(si, buffer, msg, &length, &total_read, ws)) { - continue; - } - } - - return total_read; -} - -/* - * sfe_ipv4_debug_dev_write() - * Write to char device resets some stats - */ -static ssize_t sfe_ipv4_debug_dev_write(struct file *filp, const char *buffer, size_t length, loff_t *offset) -{ - struct sfe_ipv4 *si = &__si; - - spin_lock_bh(&si->lock); - sfe_ipv4_update_summary_stats(si); - - si->packets_forwarded64 = 0; - si->packets_not_forwarded64 = 0; - si->connection_create_requests64 = 0; - si->connection_create_collisions64 = 0; - si->connection_destroy_requests64 = 0; - si->connection_destroy_misses64 = 0; - si->connection_flushes64 = 0; - si->connection_match_hash_hits64 = 0; - si->connection_match_hash_reorders64 = 0; - spin_unlock_bh(&si->lock); - - return length; -} - -/* - * sfe_ipv4_debug_dev_open() - */ -static int sfe_ipv4_debug_dev_open(struct inode *inode, struct file *file) -{ - struct sfe_ipv4_debug_xml_write_state *ws; - - ws = (struct sfe_ipv4_debug_xml_write_state *)file->private_data; - if (!ws) { - ws = kzalloc(sizeof(struct sfe_ipv4_debug_xml_write_state), GFP_KERNEL); - if (!ws) { - return -ENOMEM; - } - - ws->state = SFE_IPV4_DEBUG_XML_STATE_START; - file->private_data = ws; - } - - return 0; -} - -/* - * sfe_ipv4_debug_dev_release() - */ -static int sfe_ipv4_debug_dev_release(struct inode *inode, struct file *file) -{ - struct sfe_ipv4_debug_xml_write_state *ws; - - ws = (struct sfe_ipv4_debug_xml_write_state *)file->private_data; - if (ws) { - /* - * We've finished with our output so free the write state. - */ - kfree(ws); - } - - return 0; -} - -/* - * File operations used in the debug char device - */ -static struct file_operations sfe_ipv4_debug_dev_fops = { - .read = sfe_ipv4_debug_dev_read, - .write = sfe_ipv4_debug_dev_write, - .open = sfe_ipv4_debug_dev_open, - .release = sfe_ipv4_debug_dev_release -}; - -#ifdef CONFIG_NF_FLOW_COOKIE -/* - * sfe_register_flow_cookie_cb - * register a function in SFE to let SFE use this function to configure flow cookie for a flow - * - * Hardware driver which support flow cookie should register a callback function in SFE. Then SFE - * can use this function to configure flow cookie for a flow. - * return: 0, success; !=0, fail - */ -int sfe_register_flow_cookie_cb(flow_cookie_set_func_t cb) -{ - struct sfe_ipv4 *si = &__si; - - BUG_ON(!cb); - - if (si->flow_cookie_set_func) { - return -1; - } - - rcu_assign_pointer(si->flow_cookie_set_func, cb); - return 0; -} - -/* - * sfe_unregister_flow_cookie_cb - * unregister function which is used to configure flow cookie for a flow - * - * return: 0, success; !=0, fail - */ -int sfe_unregister_flow_cookie_cb(flow_cookie_set_func_t cb) -{ - struct sfe_ipv4 *si = &__si; - - RCU_INIT_POINTER(si->flow_cookie_set_func, NULL); - return 0; -} - -/* - * sfe_ipv4_get_flow_cookie() - */ -static ssize_t sfe_ipv4_get_flow_cookie(struct device *dev, - struct device_attribute *attr, - char *buf) -{ - struct sfe_ipv4 *si = &__si; - return snprintf(buf, (ssize_t)PAGE_SIZE, "%d\n", si->flow_cookie_enable); -} - -/* - * sfe_ipv4_set_flow_cookie() - */ -static ssize_t sfe_ipv4_set_flow_cookie(struct device *dev, - struct device_attribute *attr, - const char *buf, size_t size) -{ - struct sfe_ipv4 *si = &__si; - strict_strtol(buf, 0, (long int *)&si->flow_cookie_enable); - - return size; -} - -/* - * sysfs attributes. - */ -static const struct device_attribute sfe_ipv4_flow_cookie_attr = - __ATTR(flow_cookie_enable, S_IWUSR | S_IRUGO, sfe_ipv4_get_flow_cookie, sfe_ipv4_set_flow_cookie); -#endif /*CONFIG_NF_FLOW_COOKIE*/ - -/* - * sfe_ipv4_init() - */ -static int __init sfe_ipv4_init(void) -{ - struct sfe_ipv4 *si = &__si; - int result = -1; - - DEBUG_INFO("SFE IPv4 init\n"); - - /* - * Create sys/sfe_ipv4 - */ - si->sys_sfe_ipv4 = kobject_create_and_add("sfe_ipv4", NULL); - if (!si->sys_sfe_ipv4) { - DEBUG_ERROR("failed to register sfe_ipv4\n"); - goto exit1; - } - - /* - * Create files, one for each parameter supported by this module. - */ - result = sysfs_create_file(si->sys_sfe_ipv4, &sfe_ipv4_debug_dev_attr.attr); - if (result) { - DEBUG_ERROR("failed to register debug dev file: %d\n", result); - goto exit2; - } - -#ifdef CONFIG_NF_FLOW_COOKIE - result = sysfs_create_file(si->sys_sfe_ipv4, &sfe_ipv4_flow_cookie_attr.attr); - if (result) { - DEBUG_ERROR("failed to register flow cookie enable file: %d\n", result); - goto exit3; - } -#endif /* CONFIG_NF_FLOW_COOKIE */ - - /* - * Register our debug char device. - */ - result = register_chrdev(0, "sfe_ipv4", &sfe_ipv4_debug_dev_fops); - if (result < 0) { - DEBUG_ERROR("Failed to register chrdev: %d\n", result); - goto exit4; - } - - si->debug_dev = result; - - /* - * Create a timer to handle periodic statistics. - */ -#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 15, 0)) - timer_setup(&si->timer, sfe_ipv4_periodic_sync, 0); - si->timer.cust_data = (unsigned long)si; -#else - setup_timer(&si->timer, sfe_ipv4_periodic_sync, (unsigned long)si); -#endif /*KERNEL_VERSION(4, 15, 0)*/ - mod_timer(&si->timer, jiffies + ((HZ + 99) / 100)); - - spin_lock_init(&si->lock); - - return 0; - -exit4: -#ifdef CONFIG_NF_FLOW_COOKIE - sysfs_remove_file(si->sys_sfe_ipv4, &sfe_ipv4_flow_cookie_attr.attr); - -exit3: -#endif /* CONFIG_NF_FLOW_COOKIE */ - sysfs_remove_file(si->sys_sfe_ipv4, &sfe_ipv4_debug_dev_attr.attr); - -exit2: - kobject_put(si->sys_sfe_ipv4); - -exit1: - return result; -} - -/* - * sfe_ipv4_exit() - */ -static void __exit sfe_ipv4_exit(void) -{ - struct sfe_ipv4 *si = &__si; - - DEBUG_INFO("SFE IPv4 exit\n"); - - /* - * Destroy all connections. - */ - sfe_ipv4_destroy_all_rules_for_dev(NULL); - - del_timer_sync(&si->timer); - - unregister_chrdev(si->debug_dev, "sfe_ipv4"); - -#ifdef CONFIG_NF_FLOW_COOKIE - sysfs_remove_file(si->sys_sfe_ipv4, &sfe_ipv4_flow_cookie_attr.attr); -#endif /* CONFIG_NF_FLOW_COOKIE */ - sysfs_remove_file(si->sys_sfe_ipv4, &sfe_ipv4_debug_dev_attr.attr); - - kobject_put(si->sys_sfe_ipv4); - -} - -module_init(sfe_ipv4_init) -module_exit(sfe_ipv4_exit) - -EXPORT_SYMBOL(sfe_ipv4_recv); -EXPORT_SYMBOL(sfe_ipv4_create_rule); -EXPORT_SYMBOL(sfe_ipv4_destroy_rule); -EXPORT_SYMBOL(sfe_ipv4_destroy_all_rules_for_dev); -EXPORT_SYMBOL(sfe_ipv4_register_sync_rule_callback); -EXPORT_SYMBOL(sfe_ipv4_mark_rule); -EXPORT_SYMBOL(sfe_ipv4_update_rule); -#ifdef CONFIG_NF_FLOW_COOKIE -EXPORT_SYMBOL(sfe_register_flow_cookie_cb); -EXPORT_SYMBOL(sfe_unregister_flow_cookie_cb); -#endif - -MODULE_DESCRIPTION("Shortcut Forwarding Engine - IPv4 edition"); -MODULE_LICENSE("Dual BSD/GPL"); - diff --git a/shortcut-fe/src/sfe_ipv6.c b/shortcut-fe/src/sfe_ipv6.c deleted file mode 100644 index 3c5ef1263..000000000 --- a/shortcut-fe/src/sfe_ipv6.c +++ /dev/null @@ -1,3628 +0,0 @@ -/* - * sfe_ipv6.c - * Shortcut forwarding engine - IPv6 support. - * - * Copyright (c) 2015-2016, 2019, The Linux Foundation. All rights reserved. - * Permission to use, copy, modify, and/or distribute this software for - * any purpose with or without fee is hereby granted, provided that the - * above copyright notice and this permission notice appear in all copies. - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT - * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include -#include -#include -#include -#include -#include -#include - -#include "sfe.h" -#include "sfe_cm.h" - -/* - * By default Linux IP header and transport layer header structures are - * unpacked, assuming that such headers should be 32-bit aligned. - * Unfortunately some wireless adaptors can't cope with this requirement and - * some CPUs can't handle misaligned accesses. For those platforms we - * define SFE_IPV6_UNALIGNED_IP_HEADER and mark the structures as packed. - * When we do this the compiler will generate slightly worse code than for the - * aligned case (on most platforms) but will be much quicker than fixing - * things up in an unaligned trap handler. - */ -#define SFE_IPV6_UNALIGNED_IP_HEADER 1 -#if SFE_IPV6_UNALIGNED_IP_HEADER -#define SFE_IPV6_UNALIGNED_STRUCT __attribute__((packed)) -#else -#define SFE_IPV6_UNALIGNED_STRUCT -#endif - -#define CHAR_DEV_MSG_SIZE 768 - -/* - * An Ethernet header, but with an optional "packed" attribute to - * help with performance on some platforms (see the definition of - * SFE_IPV6_UNALIGNED_STRUCT) - */ -struct sfe_ipv6_eth_hdr { - __be16 h_dest[ETH_ALEN / 2]; - __be16 h_source[ETH_ALEN / 2]; - __be16 h_proto; -} SFE_IPV6_UNALIGNED_STRUCT; - -#define SFE_IPV6_DSCP_MASK 0xf03f -#define SFE_IPV6_DSCP_SHIFT 2 - -/* - * An IPv6 header, but with an optional "packed" attribute to - * help with performance on some platforms (see the definition of - * SFE_IPV6_UNALIGNED_STRUCT) - */ -struct sfe_ipv6_ip_hdr { -#if defined(__LITTLE_ENDIAN_BITFIELD) - __u8 priority:4, - version:4; -#elif defined(__BIG_ENDIAN_BITFIELD) - __u8 version:4, - priority:4; -#else -#error "Please fix " -#endif - __u8 flow_lbl[3]; - __be16 payload_len; - __u8 nexthdr; - __u8 hop_limit; - struct sfe_ipv6_addr saddr; - struct sfe_ipv6_addr daddr; - - /* - * The extension header start here. - */ -} SFE_IPV6_UNALIGNED_STRUCT; - -#define SFE_IPV6_EXT_HDR_HOP 0 -#define SFE_IPV6_EXT_HDR_ROUTING 43 -#define SFE_IPV6_EXT_HDR_FRAG 44 -#define SFE_IPV6_EXT_HDR_ESP 50 -#define SFE_IPV6_EXT_HDR_AH 51 -#define SFE_IPV6_EXT_HDR_NONE 59 -#define SFE_IPV6_EXT_HDR_DST 60 -#define SFE_IPV6_EXT_HDR_MH 135 - -/* - * fragmentation header - */ - -struct sfe_ipv6_frag_hdr { - __u8 nexthdr; - __u8 reserved; - __be16 frag_off; - __be32 identification; -}; - -#define SFE_IPV6_FRAG_OFFSET 0xfff8 - -/* - * generic IPv6 extension header - */ -struct sfe_ipv6_ext_hdr { - __u8 next_hdr; - __u8 hdr_len; - __u8 padding[6]; -} SFE_IPV6_UNALIGNED_STRUCT; - -/* - * A UDP header, but with an optional "packed" attribute to - * help with performance on some platforms (see the definition of - * SFE_IPV6_UNALIGNED_STRUCT) - */ -struct sfe_ipv6_udp_hdr { - __be16 source; - __be16 dest; - __be16 len; - __sum16 check; -} SFE_IPV6_UNALIGNED_STRUCT; - -/* - * A TCP header, but with an optional "packed" attribute to - * help with performance on some platforms (see the definition of - * SFE_IPV6_UNALIGNED_STRUCT) - */ -struct sfe_ipv6_tcp_hdr { - __be16 source; - __be16 dest; - __be32 seq; - __be32 ack_seq; -#if defined(__LITTLE_ENDIAN_BITFIELD) - __u16 res1:4, - doff:4, - fin:1, - syn:1, - rst:1, - psh:1, - ack:1, - urg:1, - ece:1, - cwr:1; -#elif defined(__BIG_ENDIAN_BITFIELD) - __u16 doff:4, - res1:4, - cwr:1, - ece:1, - urg:1, - ack:1, - psh:1, - rst:1, - syn:1, - fin:1; -#else -#error "Adjust your defines" -#endif - __be16 window; - __sum16 check; - __be16 urg_ptr; -} SFE_IPV6_UNALIGNED_STRUCT; - -/* - * Specifies the lower bound on ACK numbers carried in the TCP header - */ -#define SFE_IPV6_TCP_MAX_ACK_WINDOW 65520 - -/* - * IPv6 TCP connection match additional data. - */ -struct sfe_ipv6_tcp_connection_match { - u8 win_scale; /* Window scale */ - u32 max_win; /* Maximum window size seen */ - u32 end; /* Sequence number of the next byte to send (seq + segment length) */ - u32 max_end; /* Sequence number of the last byte to ack */ -}; - -/* - * Bit flags for IPv6 connection matching entry. - */ -#define SFE_IPV6_CONNECTION_MATCH_FLAG_XLATE_SRC (1<<0) - /* Perform source translation */ -#define SFE_IPV6_CONNECTION_MATCH_FLAG_XLATE_DEST (1<<1) - /* Perform destination translation */ -#define SFE_IPV6_CONNECTION_MATCH_FLAG_NO_SEQ_CHECK (1<<2) - /* Ignore TCP sequence numbers */ -#define SFE_IPV6_CONNECTION_MATCH_FLAG_WRITE_FAST_ETH_HDR (1<<3) - /* Fast Ethernet header write */ -#define SFE_IPV6_CONNECTION_MATCH_FLAG_WRITE_L2_HDR (1<<4) - /* Fast Ethernet header write */ -#define SFE_IPV6_CONNECTION_MATCH_FLAG_PRIORITY_REMARK (1<<5) - /* remark priority of SKB */ -#define SFE_IPV6_CONNECTION_MATCH_FLAG_DSCP_REMARK (1<<6) - /* remark DSCP of packet */ - -/* - * IPv6 connection matching structure. - */ -struct sfe_ipv6_connection_match { - /* - * References to other objects. - */ - struct sfe_ipv6_connection_match *next; - struct sfe_ipv6_connection_match *prev; - struct sfe_ipv6_connection *connection; - struct sfe_ipv6_connection_match *counter_match; - /* Matches the flow in the opposite direction as the one in connection */ - struct sfe_ipv6_connection_match *active_next; - struct sfe_ipv6_connection_match *active_prev; - bool active; /* Flag to indicate if we're on the active list */ - - /* - * Characteristics that identify flows that match this rule. - */ - struct net_device *match_dev; /* Network device */ - u8 match_protocol; /* Protocol */ - struct sfe_ipv6_addr match_src_ip[1]; /* Source IP address */ - struct sfe_ipv6_addr match_dest_ip[1]; /* Destination IP address */ - __be16 match_src_port; /* Source port/connection ident */ - __be16 match_dest_port; /* Destination port/connection ident */ - - /* - * Control the operations of the match. - */ - u32 flags; /* Bit flags */ -#ifdef CONFIG_NF_FLOW_COOKIE - u32 flow_cookie; /* used flow cookie, for debug */ -#endif -#ifdef CONFIG_XFRM - u32 flow_accel; /* The flow accelerated or not */ -#endif - - /* - * Connection state that we track once we match. - */ - union { /* Protocol-specific state */ - struct sfe_ipv6_tcp_connection_match tcp; - } protocol_state; - /* - * Stats recorded in a sync period. These stats will be added to - * rx_packet_count64/rx_byte_count64 after a sync period. - */ - u32 rx_packet_count; - u32 rx_byte_count; - - /* - * Packet translation information. - */ - struct sfe_ipv6_addr xlate_src_ip[1]; /* Address after source translation */ - __be16 xlate_src_port; /* Port/connection ident after source translation */ - u16 xlate_src_csum_adjustment; - /* Transport layer checksum adjustment after source translation */ - struct sfe_ipv6_addr xlate_dest_ip[1]; /* Address after destination translation */ - __be16 xlate_dest_port; /* Port/connection ident after destination translation */ - u16 xlate_dest_csum_adjustment; - /* Transport layer checksum adjustment after destination translation */ - - /* - * QoS information - */ - u32 priority; - u32 dscp; - - /* - * Packet transmit information. - */ - struct net_device *xmit_dev; /* Network device on which to transmit */ - unsigned short int xmit_dev_mtu; - /* Interface MTU */ - u16 xmit_dest_mac[ETH_ALEN / 2]; - /* Destination MAC address to use when forwarding */ - u16 xmit_src_mac[ETH_ALEN / 2]; - /* Source MAC address to use when forwarding */ - - /* - * Summary stats. - */ - u64 rx_packet_count64; - u64 rx_byte_count64; -}; - -/* - * Per-connection data structure. - */ -struct sfe_ipv6_connection { - struct sfe_ipv6_connection *next; - /* Pointer to the next entry in a hash chain */ - struct sfe_ipv6_connection *prev; - /* Pointer to the previous entry in a hash chain */ - int protocol; /* IP protocol number */ - struct sfe_ipv6_addr src_ip[1]; /* Src IP addr pre-translation */ - struct sfe_ipv6_addr src_ip_xlate[1]; /* Src IP addr post-translation */ - struct sfe_ipv6_addr dest_ip[1]; /* Dest IP addr pre-translation */ - struct sfe_ipv6_addr dest_ip_xlate[1]; /* Dest IP addr post-translation */ - __be16 src_port; /* Src port pre-translation */ - __be16 src_port_xlate; /* Src port post-translation */ - __be16 dest_port; /* Dest port pre-translation */ - __be16 dest_port_xlate; /* Dest port post-translation */ - struct sfe_ipv6_connection_match *original_match; - /* Original direction matching structure */ - struct net_device *original_dev; - /* Original direction source device */ - struct sfe_ipv6_connection_match *reply_match; - /* Reply direction matching structure */ - struct net_device *reply_dev; /* Reply direction source device */ - u64 last_sync_jiffies; /* Jiffies count for the last sync */ - struct sfe_ipv6_connection *all_connections_next; - /* Pointer to the next entry in the list of all connections */ - struct sfe_ipv6_connection *all_connections_prev; - /* Pointer to the previous entry in the list of all connections */ - u32 mark; /* mark for outgoing packet */ - u32 debug_read_seq; /* sequence number for debug dump */ -}; - -/* - * IPv6 connections and hash table size information. - */ -#define SFE_IPV6_CONNECTION_HASH_SHIFT 12 -#define SFE_IPV6_CONNECTION_HASH_SIZE (1 << SFE_IPV6_CONNECTION_HASH_SHIFT) -#define SFE_IPV6_CONNECTION_HASH_MASK (SFE_IPV6_CONNECTION_HASH_SIZE - 1) - -#ifdef CONFIG_NF_FLOW_COOKIE -#define SFE_FLOW_COOKIE_SIZE 2048 -#define SFE_FLOW_COOKIE_MASK 0x7ff - -struct sfe_ipv6_flow_cookie_entry { - struct sfe_ipv6_connection_match *match; - unsigned long last_clean_time; -}; -#endif - -enum sfe_ipv6_exception_events { - SFE_IPV6_EXCEPTION_EVENT_UDP_HEADER_INCOMPLETE, - SFE_IPV6_EXCEPTION_EVENT_UDP_NO_CONNECTION, - SFE_IPV6_EXCEPTION_EVENT_UDP_IP_OPTIONS_OR_INITIAL_FRAGMENT, - SFE_IPV6_EXCEPTION_EVENT_UDP_SMALL_TTL, - SFE_IPV6_EXCEPTION_EVENT_UDP_NEEDS_FRAGMENTATION, - SFE_IPV6_EXCEPTION_EVENT_TCP_HEADER_INCOMPLETE, - SFE_IPV6_EXCEPTION_EVENT_TCP_NO_CONNECTION_SLOW_FLAGS, - SFE_IPV6_EXCEPTION_EVENT_TCP_NO_CONNECTION_FAST_FLAGS, - SFE_IPV6_EXCEPTION_EVENT_TCP_IP_OPTIONS_OR_INITIAL_FRAGMENT, - SFE_IPV6_EXCEPTION_EVENT_TCP_SMALL_TTL, - SFE_IPV6_EXCEPTION_EVENT_TCP_NEEDS_FRAGMENTATION, - SFE_IPV6_EXCEPTION_EVENT_TCP_FLAGS, - SFE_IPV6_EXCEPTION_EVENT_TCP_SEQ_EXCEEDS_RIGHT_EDGE, - SFE_IPV6_EXCEPTION_EVENT_TCP_SMALL_DATA_OFFS, - SFE_IPV6_EXCEPTION_EVENT_TCP_BAD_SACK, - SFE_IPV6_EXCEPTION_EVENT_TCP_BIG_DATA_OFFS, - SFE_IPV6_EXCEPTION_EVENT_TCP_SEQ_BEFORE_LEFT_EDGE, - SFE_IPV6_EXCEPTION_EVENT_TCP_ACK_EXCEEDS_RIGHT_EDGE, - SFE_IPV6_EXCEPTION_EVENT_TCP_ACK_BEFORE_LEFT_EDGE, - SFE_IPV6_EXCEPTION_EVENT_ICMP_HEADER_INCOMPLETE, - SFE_IPV6_EXCEPTION_EVENT_ICMP_UNHANDLED_TYPE, - SFE_IPV6_EXCEPTION_EVENT_ICMP_IPV6_HEADER_INCOMPLETE, - SFE_IPV6_EXCEPTION_EVENT_ICMP_IPV6_NON_V6, - SFE_IPV6_EXCEPTION_EVENT_ICMP_IPV6_IP_OPTIONS_INCOMPLETE, - SFE_IPV6_EXCEPTION_EVENT_ICMP_IPV6_UDP_HEADER_INCOMPLETE, - SFE_IPV6_EXCEPTION_EVENT_ICMP_IPV6_TCP_HEADER_INCOMPLETE, - SFE_IPV6_EXCEPTION_EVENT_ICMP_IPV6_UNHANDLED_PROTOCOL, - SFE_IPV6_EXCEPTION_EVENT_ICMP_NO_CONNECTION, - SFE_IPV6_EXCEPTION_EVENT_ICMP_FLUSHED_CONNECTION, - SFE_IPV6_EXCEPTION_EVENT_HEADER_INCOMPLETE, - SFE_IPV6_EXCEPTION_EVENT_BAD_TOTAL_LENGTH, - SFE_IPV6_EXCEPTION_EVENT_NON_V6, - SFE_IPV6_EXCEPTION_EVENT_NON_INITIAL_FRAGMENT, - SFE_IPV6_EXCEPTION_EVENT_DATAGRAM_INCOMPLETE, - SFE_IPV6_EXCEPTION_EVENT_IP_OPTIONS_INCOMPLETE, - SFE_IPV6_EXCEPTION_EVENT_UNHANDLED_PROTOCOL, - SFE_IPV6_EXCEPTION_EVENT_FLOW_COOKIE_ADD_FAIL, - SFE_IPV6_EXCEPTION_EVENT_CLONED_SKB_UNSHARE_ERROR, - SFE_IPV6_EXCEPTION_EVENT_LAST -}; - -static char *sfe_ipv6_exception_events_string[SFE_IPV6_EXCEPTION_EVENT_LAST] = { - "UDP_HEADER_INCOMPLETE", - "UDP_NO_CONNECTION", - "UDP_IP_OPTIONS_OR_INITIAL_FRAGMENT", - "UDP_SMALL_TTL", - "UDP_NEEDS_FRAGMENTATION", - "TCP_HEADER_INCOMPLETE", - "TCP_NO_CONNECTION_SLOW_FLAGS", - "TCP_NO_CONNECTION_FAST_FLAGS", - "TCP_IP_OPTIONS_OR_INITIAL_FRAGMENT", - "TCP_SMALL_TTL", - "TCP_NEEDS_FRAGMENTATION", - "TCP_FLAGS", - "TCP_SEQ_EXCEEDS_RIGHT_EDGE", - "TCP_SMALL_DATA_OFFS", - "TCP_BAD_SACK", - "TCP_BIG_DATA_OFFS", - "TCP_SEQ_BEFORE_LEFT_EDGE", - "TCP_ACK_EXCEEDS_RIGHT_EDGE", - "TCP_ACK_BEFORE_LEFT_EDGE", - "ICMP_HEADER_INCOMPLETE", - "ICMP_UNHANDLED_TYPE", - "ICMP_IPV6_HEADER_INCOMPLETE", - "ICMP_IPV6_NON_V6", - "ICMP_IPV6_IP_OPTIONS_INCOMPLETE", - "ICMP_IPV6_UDP_HEADER_INCOMPLETE", - "ICMP_IPV6_TCP_HEADER_INCOMPLETE", - "ICMP_IPV6_UNHANDLED_PROTOCOL", - "ICMP_NO_CONNECTION", - "ICMP_FLUSHED_CONNECTION", - "HEADER_INCOMPLETE", - "BAD_TOTAL_LENGTH", - "NON_V6", - "NON_INITIAL_FRAGMENT", - "DATAGRAM_INCOMPLETE", - "IP_OPTIONS_INCOMPLETE", - "UNHANDLED_PROTOCOL", - "FLOW_COOKIE_ADD_FAIL", - "CLONED_SKB_UNSHARE_ERROR" -}; - -/* - * Per-module structure. - */ -struct sfe_ipv6 { - spinlock_t lock; /* Lock for SMP correctness */ - struct sfe_ipv6_connection_match *active_head; - /* Head of the list of recently active connections */ - struct sfe_ipv6_connection_match *active_tail; - /* Tail of the list of recently active connections */ - struct sfe_ipv6_connection *all_connections_head; - /* Head of the list of all connections */ - struct sfe_ipv6_connection *all_connections_tail; - /* Tail of the list of all connections */ - unsigned int num_connections; /* Number of connections */ - struct timer_list timer; /* Timer used for periodic sync ops */ - sfe_sync_rule_callback_t __rcu sync_rule_callback; - /* Callback function registered by a connection manager for stats syncing */ - struct sfe_ipv6_connection *conn_hash[SFE_IPV6_CONNECTION_HASH_SIZE]; - /* Connection hash table */ - struct sfe_ipv6_connection_match *conn_match_hash[SFE_IPV6_CONNECTION_HASH_SIZE]; - /* Connection match hash table */ -#ifdef CONFIG_NF_FLOW_COOKIE - struct sfe_ipv6_flow_cookie_entry sfe_flow_cookie_table[SFE_FLOW_COOKIE_SIZE]; - /* flow cookie table*/ - sfe_ipv6_flow_cookie_set_func_t flow_cookie_set_func; - /* function used to configure flow cookie in hardware*/ - int flow_cookie_enable; - /* Enable/disable flow cookie at runtime */ -#endif - - /* - * Stats recorded in a sync period. These stats will be added to - * connection_xxx64 after a sync period. - */ - u32 connection_create_requests; - /* Number of IPv6 connection create requests */ - u32 connection_create_collisions; - /* Number of IPv6 connection create requests that collided with existing hash table entries */ - u32 connection_destroy_requests; - /* Number of IPv6 connection destroy requests */ - u32 connection_destroy_misses; - /* Number of IPv6 connection destroy requests that missed our hash table */ - u32 connection_match_hash_hits; - /* Number of IPv6 connection match hash hits */ - u32 connection_match_hash_reorders; - /* Number of IPv6 connection match hash reorders */ - u32 connection_flushes; /* Number of IPv6 connection flushes */ - u32 packets_forwarded; /* Number of IPv6 packets forwarded */ - u32 packets_not_forwarded; /* Number of IPv6 packets not forwarded */ - u32 exception_events[SFE_IPV6_EXCEPTION_EVENT_LAST]; - - /* - * Summary statistics. - */ - u64 connection_create_requests64; - /* Number of IPv6 connection create requests */ - u64 connection_create_collisions64; - /* Number of IPv6 connection create requests that collided with existing hash table entries */ - u64 connection_destroy_requests64; - /* Number of IPv6 connection destroy requests */ - u64 connection_destroy_misses64; - /* Number of IPv6 connection destroy requests that missed our hash table */ - u64 connection_match_hash_hits64; - /* Number of IPv6 connection match hash hits */ - u64 connection_match_hash_reorders64; - /* Number of IPv6 connection match hash reorders */ - u64 connection_flushes64; /* Number of IPv6 connection flushes */ - u64 packets_forwarded64; /* Number of IPv6 packets forwarded */ - u64 packets_not_forwarded64; - /* Number of IPv6 packets not forwarded */ - u64 exception_events64[SFE_IPV6_EXCEPTION_EVENT_LAST]; - - /* - * Control state. - */ - struct kobject *sys_sfe_ipv6; /* sysfs linkage */ - int debug_dev; /* Major number of the debug char device */ - u32 debug_read_seq; /* sequence number for debug dump */ -}; - -/* - * Enumeration of the XML output. - */ -enum sfe_ipv6_debug_xml_states { - SFE_IPV6_DEBUG_XML_STATE_START, - SFE_IPV6_DEBUG_XML_STATE_CONNECTIONS_START, - SFE_IPV6_DEBUG_XML_STATE_CONNECTIONS_CONNECTION, - SFE_IPV6_DEBUG_XML_STATE_CONNECTIONS_END, - SFE_IPV6_DEBUG_XML_STATE_EXCEPTIONS_START, - SFE_IPV6_DEBUG_XML_STATE_EXCEPTIONS_EXCEPTION, - SFE_IPV6_DEBUG_XML_STATE_EXCEPTIONS_END, - SFE_IPV6_DEBUG_XML_STATE_STATS, - SFE_IPV6_DEBUG_XML_STATE_END, - SFE_IPV6_DEBUG_XML_STATE_DONE -}; - -/* - * XML write state. - */ -struct sfe_ipv6_debug_xml_write_state { - enum sfe_ipv6_debug_xml_states state; - /* XML output file state machine state */ - int iter_exception; /* Next exception iterator */ -}; - -typedef bool (*sfe_ipv6_debug_xml_write_method_t)(struct sfe_ipv6 *si, char *buffer, char *msg, size_t *length, - int *total_read, struct sfe_ipv6_debug_xml_write_state *ws); - -static struct sfe_ipv6 __si6; - -/* - * sfe_ipv6_get_debug_dev() - */ -static ssize_t sfe_ipv6_get_debug_dev(struct device *dev, struct device_attribute *attr, char *buf); - -/* - * sysfs attributes. - */ -static const struct device_attribute sfe_ipv6_debug_dev_attr = - __ATTR(debug_dev, S_IWUSR | S_IRUGO, sfe_ipv6_get_debug_dev, NULL); - -/* - * sfe_ipv6_is_ext_hdr() - * check if we recognize ipv6 extension header - */ -static inline bool sfe_ipv6_is_ext_hdr(u8 hdr) -{ - return (hdr == SFE_IPV6_EXT_HDR_HOP) || - (hdr == SFE_IPV6_EXT_HDR_ROUTING) || - (hdr == SFE_IPV6_EXT_HDR_FRAG) || - (hdr == SFE_IPV6_EXT_HDR_AH) || - (hdr == SFE_IPV6_EXT_HDR_DST) || - (hdr == SFE_IPV6_EXT_HDR_MH); -} - -/* - * sfe_ipv6_change_dsfield() - * change dscp field in IPv6 packet - */ -static inline void sfe_ipv6_change_dsfield(struct sfe_ipv6_ip_hdr *iph, u8 dscp) -{ - __be16 *p = (__be16 *)iph; - - *p = ((*p & htons(SFE_IPV6_DSCP_MASK)) | htons((u16)dscp << 4)); -} - -/* - * sfe_ipv6_get_connection_match_hash() - * Generate the hash used in connection match lookups. - */ -static inline unsigned int sfe_ipv6_get_connection_match_hash(struct net_device *dev, u8 protocol, - struct sfe_ipv6_addr *src_ip, __be16 src_port, - struct sfe_ipv6_addr *dest_ip, __be16 dest_port) -{ - u32 idx, hash = 0; - size_t dev_addr = (size_t)dev; - - for (idx = 0; idx < 4; idx++) { - hash ^= src_ip->addr[idx] ^ dest_ip->addr[idx]; - } - hash = ((u32)dev_addr) ^ hash ^ protocol ^ ntohs(src_port ^ dest_port); - return ((hash >> SFE_IPV6_CONNECTION_HASH_SHIFT) ^ hash) & SFE_IPV6_CONNECTION_HASH_MASK; -} - -/* - * sfe_ipv6_find_connection_match() - * Get the IPv6 flow match info that corresponds to a particular 5-tuple. - * - * On entry we must be holding the lock that protects the hash table. - */ -static struct sfe_ipv6_connection_match * -sfe_ipv6_find_connection_match(struct sfe_ipv6 *si, struct net_device *dev, u8 protocol, - struct sfe_ipv6_addr *src_ip, __be16 src_port, - struct sfe_ipv6_addr *dest_ip, __be16 dest_port) -{ - struct sfe_ipv6_connection_match *cm; - struct sfe_ipv6_connection_match *head; - unsigned int conn_match_idx; - - conn_match_idx = sfe_ipv6_get_connection_match_hash(dev, protocol, src_ip, src_port, dest_ip, dest_port); - cm = si->conn_match_hash[conn_match_idx]; - - /* - * If we don't have anything in this chain then bail. - */ - if (unlikely(!cm)) { - return NULL; - } - - /* - * Hopefully the first entry is the one we want. - */ - if ((cm->match_src_port == src_port) - && (cm->match_dest_port == dest_port) - && (sfe_ipv6_addr_equal(cm->match_src_ip, src_ip)) - && (sfe_ipv6_addr_equal(cm->match_dest_ip, dest_ip)) - && (cm->match_protocol == protocol) - && (cm->match_dev == dev)) { - si->connection_match_hash_hits++; - return cm; - } - - /* - * Unfortunately we didn't find it at head, so we search it in chain and - * move matching entry to the top of the hash chain. We presume that this - * will be reused again very quickly. - */ - head = cm; - do { - cm = cm->next; - } while (cm && (cm->match_src_port != src_port - || cm->match_dest_port != dest_port - || !sfe_ipv6_addr_equal(cm->match_src_ip, src_ip) - || !sfe_ipv6_addr_equal(cm->match_dest_ip, dest_ip) - || cm->match_protocol != protocol - || cm->match_dev != dev)); - - /* - * Not found then we're done. - */ - if (unlikely(!cm)) { - return NULL; - } - - /* - * We found a match so move it. - */ - if (cm->next) { - cm->next->prev = cm->prev; - } - cm->prev->next = cm->next; - cm->prev = NULL; - cm->next = head; - head->prev = cm; - si->conn_match_hash[conn_match_idx] = cm; - si->connection_match_hash_reorders++; - - return cm; -} - -/* - * sfe_ipv6_connection_match_update_summary_stats() - * Update the summary stats for a connection match entry. - */ -static inline void sfe_ipv6_connection_match_update_summary_stats(struct sfe_ipv6_connection_match *cm) -{ - cm->rx_packet_count64 += cm->rx_packet_count; - cm->rx_packet_count = 0; - cm->rx_byte_count64 += cm->rx_byte_count; - cm->rx_byte_count = 0; -} - -/* - * sfe_ipv6_connection_match_compute_translations() - * Compute port and address translations for a connection match entry. - */ -static void sfe_ipv6_connection_match_compute_translations(struct sfe_ipv6_connection_match *cm) -{ - u32 diff[9]; - u32 *idx_32; - u16 *idx_16; - - /* - * Before we insert the entry look to see if this is tagged as doing address - * translations. If it is then work out the adjustment that we need to apply - * to the transport checksum. - */ - if (cm->flags & SFE_IPV6_CONNECTION_MATCH_FLAG_XLATE_SRC) { - u32 adj = 0; - u32 carry = 0; - - /* - * Precompute an incremental checksum adjustment so we can - * edit packets in this stream very quickly. The algorithm is from RFC1624. - */ - idx_32 = diff; - *(idx_32++) = cm->match_src_ip->addr[0]; - *(idx_32++) = cm->match_src_ip->addr[1]; - *(idx_32++) = cm->match_src_ip->addr[2]; - *(idx_32++) = cm->match_src_ip->addr[3]; - - idx_16 = (u16 *)idx_32; - *(idx_16++) = cm->match_src_port; - *(idx_16++) = ~cm->xlate_src_port; - idx_32 = (u32 *)idx_16; - - *(idx_32++) = ~cm->xlate_src_ip->addr[0]; - *(idx_32++) = ~cm->xlate_src_ip->addr[1]; - *(idx_32++) = ~cm->xlate_src_ip->addr[2]; - *(idx_32++) = ~cm->xlate_src_ip->addr[3]; - - /* - * When we compute this fold it down to a 16-bit offset - * as that way we can avoid having to do a double - * folding of the twos-complement result because the - * addition of 2 16-bit values cannot cause a double - * wrap-around! - */ - for (idx_32 = diff; idx_32 < diff + 9; idx_32++) { - u32 w = *idx_32; - adj += carry; - adj += w; - carry = (w > adj); - } - adj += carry; - adj = (adj & 0xffff) + (adj >> 16); - adj = (adj & 0xffff) + (adj >> 16); - cm->xlate_src_csum_adjustment = (u16)adj; - } - - if (cm->flags & SFE_IPV6_CONNECTION_MATCH_FLAG_XLATE_DEST) { - u32 adj = 0; - u32 carry = 0; - - /* - * Precompute an incremental checksum adjustment so we can - * edit packets in this stream very quickly. The algorithm is from RFC1624. - */ - idx_32 = diff; - *(idx_32++) = cm->match_dest_ip->addr[0]; - *(idx_32++) = cm->match_dest_ip->addr[1]; - *(idx_32++) = cm->match_dest_ip->addr[2]; - *(idx_32++) = cm->match_dest_ip->addr[3]; - - idx_16 = (u16 *)idx_32; - *(idx_16++) = cm->match_dest_port; - *(idx_16++) = ~cm->xlate_dest_port; - idx_32 = (u32 *)idx_16; - - *(idx_32++) = ~cm->xlate_dest_ip->addr[0]; - *(idx_32++) = ~cm->xlate_dest_ip->addr[1]; - *(idx_32++) = ~cm->xlate_dest_ip->addr[2]; - *(idx_32++) = ~cm->xlate_dest_ip->addr[3]; - - /* - * When we compute this fold it down to a 16-bit offset - * as that way we can avoid having to do a double - * folding of the twos-complement result because the - * addition of 2 16-bit values cannot cause a double - * wrap-around! - */ - for (idx_32 = diff; idx_32 < diff + 9; idx_32++) { - u32 w = *idx_32; - adj += carry; - adj += w; - carry = (w > adj); - } - adj += carry; - adj = (adj & 0xffff) + (adj >> 16); - adj = (adj & 0xffff) + (adj >> 16); - cm->xlate_dest_csum_adjustment = (u16)adj; - } -} - -/* - * sfe_ipv6_update_summary_stats() - * Update the summary stats. - */ -static void sfe_ipv6_update_summary_stats(struct sfe_ipv6 *si) -{ - int i; - - si->connection_create_requests64 += si->connection_create_requests; - si->connection_create_requests = 0; - si->connection_create_collisions64 += si->connection_create_collisions; - si->connection_create_collisions = 0; - si->connection_destroy_requests64 += si->connection_destroy_requests; - si->connection_destroy_requests = 0; - si->connection_destroy_misses64 += si->connection_destroy_misses; - si->connection_destroy_misses = 0; - si->connection_match_hash_hits64 += si->connection_match_hash_hits; - si->connection_match_hash_hits = 0; - si->connection_match_hash_reorders64 += si->connection_match_hash_reorders; - si->connection_match_hash_reorders = 0; - si->connection_flushes64 += si->connection_flushes; - si->connection_flushes = 0; - si->packets_forwarded64 += si->packets_forwarded; - si->packets_forwarded = 0; - si->packets_not_forwarded64 += si->packets_not_forwarded; - si->packets_not_forwarded = 0; - - for (i = 0; i < SFE_IPV6_EXCEPTION_EVENT_LAST; i++) { - si->exception_events64[i] += si->exception_events[i]; - si->exception_events[i] = 0; - } -} - -/* - * sfe_ipv6_insert_connection_match() - * Insert a connection match into the hash. - * - * On entry we must be holding the lock that protects the hash table. - */ -static inline void sfe_ipv6_insert_connection_match(struct sfe_ipv6 *si, - struct sfe_ipv6_connection_match *cm) -{ - struct sfe_ipv6_connection_match **hash_head; - struct sfe_ipv6_connection_match *prev_head; - unsigned int conn_match_idx - = sfe_ipv6_get_connection_match_hash(cm->match_dev, cm->match_protocol, - cm->match_src_ip, cm->match_src_port, - cm->match_dest_ip, cm->match_dest_port); - - hash_head = &si->conn_match_hash[conn_match_idx]; - prev_head = *hash_head; - cm->prev = NULL; - if (prev_head) { - prev_head->prev = cm; - } - - cm->next = prev_head; - *hash_head = cm; - -#ifdef CONFIG_NF_FLOW_COOKIE - if (!si->flow_cookie_enable || !(cm->flags & (SFE_IPV6_CONNECTION_MATCH_FLAG_XLATE_SRC | SFE_IPV6_CONNECTION_MATCH_FLAG_XLATE_DEST))) - return; - - /* - * Configure hardware to put a flow cookie in packet of this flow, - * then we can accelerate the lookup process when we received this packet. - */ - for (conn_match_idx = 1; conn_match_idx < SFE_FLOW_COOKIE_SIZE; conn_match_idx++) { - struct sfe_ipv6_flow_cookie_entry *entry = &si->sfe_flow_cookie_table[conn_match_idx]; - - if ((NULL == entry->match) && time_is_before_jiffies(entry->last_clean_time + HZ)) { - sfe_ipv6_flow_cookie_set_func_t func; - - rcu_read_lock(); - func = rcu_dereference(si->flow_cookie_set_func); - if (func) { - if (!func(cm->match_protocol, cm->match_src_ip->addr, cm->match_src_port, - cm->match_dest_ip->addr, cm->match_dest_port, conn_match_idx)) { - entry->match = cm; - cm->flow_cookie = conn_match_idx; - } else { - si->exception_events[SFE_IPV6_EXCEPTION_EVENT_FLOW_COOKIE_ADD_FAIL]++; - } - } - rcu_read_unlock(); - - break; - } - } -#endif -} - -/* - * sfe_ipv6_remove_connection_match() - * Remove a connection match object from the hash. - * - * On entry we must be holding the lock that protects the hash table. - */ -static inline void sfe_ipv6_remove_connection_match(struct sfe_ipv6 *si, struct sfe_ipv6_connection_match *cm) -{ -#ifdef CONFIG_NF_FLOW_COOKIE - if (si->flow_cookie_enable) { - /* - * Tell hardware that we no longer need a flow cookie in packet of this flow - */ - unsigned int conn_match_idx; - - for (conn_match_idx = 1; conn_match_idx < SFE_FLOW_COOKIE_SIZE; conn_match_idx++) { - struct sfe_ipv6_flow_cookie_entry *entry = &si->sfe_flow_cookie_table[conn_match_idx]; - - if (cm == entry->match) { - sfe_ipv6_flow_cookie_set_func_t func; - - rcu_read_lock(); - func = rcu_dereference(si->flow_cookie_set_func); - if (func) { - func(cm->match_protocol, cm->match_src_ip->addr, cm->match_src_port, - cm->match_dest_ip->addr, cm->match_dest_port, 0); - } - rcu_read_unlock(); - - cm->flow_cookie = 0; - entry->match = NULL; - entry->last_clean_time = jiffies; - break; - } - } - } -#endif - - /* - * Unlink the connection match entry from the hash. - */ - if (cm->prev) { - cm->prev->next = cm->next; - } else { - unsigned int conn_match_idx - = sfe_ipv6_get_connection_match_hash(cm->match_dev, cm->match_protocol, - cm->match_src_ip, cm->match_src_port, - cm->match_dest_ip, cm->match_dest_port); - si->conn_match_hash[conn_match_idx] = cm->next; - } - - if (cm->next) { - cm->next->prev = cm->prev; - } - - /* - * If the connection match entry is in the active list remove it. - */ - if (cm->active) { - if (likely(cm->active_prev)) { - cm->active_prev->active_next = cm->active_next; - } else { - si->active_head = cm->active_next; - } - - if (likely(cm->active_next)) { - cm->active_next->active_prev = cm->active_prev; - } else { - si->active_tail = cm->active_prev; - } - } -} - -/* - * sfe_ipv6_get_connection_hash() - * Generate the hash used in connection lookups. - */ -static inline unsigned int sfe_ipv6_get_connection_hash(u8 protocol, struct sfe_ipv6_addr *src_ip, __be16 src_port, - struct sfe_ipv6_addr *dest_ip, __be16 dest_port) -{ - u32 idx, hash = 0; - - for (idx = 0; idx < 4; idx++) { - hash ^= src_ip->addr[idx] ^ dest_ip->addr[idx]; - } - hash = hash ^ protocol ^ ntohs(src_port ^ dest_port); - return ((hash >> SFE_IPV6_CONNECTION_HASH_SHIFT) ^ hash) & SFE_IPV6_CONNECTION_HASH_MASK; -} - -/* - * sfe_ipv6_find_connection() - * Get the IPv6 connection info that corresponds to a particular 5-tuple. - * - * On entry we must be holding the lock that protects the hash table. - */ -static inline struct sfe_ipv6_connection *sfe_ipv6_find_connection(struct sfe_ipv6 *si, u32 protocol, - struct sfe_ipv6_addr *src_ip, __be16 src_port, - struct sfe_ipv6_addr *dest_ip, __be16 dest_port) -{ - struct sfe_ipv6_connection *c; - unsigned int conn_idx = sfe_ipv6_get_connection_hash(protocol, src_ip, src_port, dest_ip, dest_port); - c = si->conn_hash[conn_idx]; - - /* - * If we don't have anything in this chain then bale. - */ - if (unlikely(!c)) { - return NULL; - } - - /* - * Hopefully the first entry is the one we want. - */ - if ((c->src_port == src_port) - && (c->dest_port == dest_port) - && (sfe_ipv6_addr_equal(c->src_ip, src_ip)) - && (sfe_ipv6_addr_equal(c->dest_ip, dest_ip)) - && (c->protocol == protocol)) { - return c; - } - - /* - * Unfortunately we didn't find it at head, so we search it in chain. - */ - do { - c = c->next; - } while (c && (c->src_port != src_port - || c->dest_port != dest_port - || !sfe_ipv6_addr_equal(c->src_ip, src_ip) - || !sfe_ipv6_addr_equal(c->dest_ip, dest_ip) - || c->protocol != protocol)); - - /* - * Will need connection entry for next create/destroy metadata, - * So no need to re-order entry for these requests - */ - return c; -} - -/* - * sfe_ipv6_mark_rule() - * Updates the mark for a current offloaded connection - * - * Will take hash lock upon entry - */ -void sfe_ipv6_mark_rule(struct sfe_connection_mark *mark) -{ - struct sfe_ipv6 *si = &__si6; - struct sfe_ipv6_connection *c; - - spin_lock_bh(&si->lock); - c = sfe_ipv6_find_connection(si, mark->protocol, - mark->src_ip.ip6, mark->src_port, - mark->dest_ip.ip6, mark->dest_port); - if (c) { - WARN_ON((0 != c->mark) && (0 == mark->mark)); - c->mark = mark->mark; - } - spin_unlock_bh(&si->lock); - - if (c) { - DEBUG_TRACE("Matching connection found for mark, " - "setting from %08x to %08x\n", - c->mark, mark->mark); - } -} - -/* - * sfe_ipv6_insert_connection() - * Insert a connection into the hash. - * - * On entry we must be holding the lock that protects the hash table. - */ -static void sfe_ipv6_insert_connection(struct sfe_ipv6 *si, struct sfe_ipv6_connection *c) -{ - struct sfe_ipv6_connection **hash_head; - struct sfe_ipv6_connection *prev_head; - unsigned int conn_idx; - - /* - * Insert entry into the connection hash. - */ - conn_idx = sfe_ipv6_get_connection_hash(c->protocol, c->src_ip, c->src_port, - c->dest_ip, c->dest_port); - hash_head = &si->conn_hash[conn_idx]; - prev_head = *hash_head; - c->prev = NULL; - if (prev_head) { - prev_head->prev = c; - } - - c->next = prev_head; - *hash_head = c; - - /* - * Insert entry into the "all connections" list. - */ - if (si->all_connections_tail) { - c->all_connections_prev = si->all_connections_tail; - si->all_connections_tail->all_connections_next = c; - } else { - c->all_connections_prev = NULL; - si->all_connections_head = c; - } - - si->all_connections_tail = c; - c->all_connections_next = NULL; - si->num_connections++; - - /* - * Insert the connection match objects too. - */ - sfe_ipv6_insert_connection_match(si, c->original_match); - sfe_ipv6_insert_connection_match(si, c->reply_match); -} - -/* - * sfe_ipv6_remove_connection() - * Remove a sfe_ipv6_connection object from the hash. - * - * On entry we must be holding the lock that protects the hash table. - */ -static void sfe_ipv6_remove_connection(struct sfe_ipv6 *si, struct sfe_ipv6_connection *c) -{ - /* - * Remove the connection match objects. - */ - sfe_ipv6_remove_connection_match(si, c->reply_match); - sfe_ipv6_remove_connection_match(si, c->original_match); - - /* - * Unlink the connection. - */ - if (c->prev) { - c->prev->next = c->next; - } else { - unsigned int conn_idx = sfe_ipv6_get_connection_hash(c->protocol, c->src_ip, c->src_port, - c->dest_ip, c->dest_port); - si->conn_hash[conn_idx] = c->next; - } - - if (c->next) { - c->next->prev = c->prev; - } - - /* - * Unlink connection from all_connections list - */ - if (c->all_connections_prev) { - c->all_connections_prev->all_connections_next = c->all_connections_next; - } else { - si->all_connections_head = c->all_connections_next; - } - - if (c->all_connections_next) { - c->all_connections_next->all_connections_prev = c->all_connections_prev; - } else { - si->all_connections_tail = c->all_connections_prev; - } - - si->num_connections--; -} - -/* - * sfe_ipv6_gen_sync_connection() - * Sync a connection. - * - * On entry to this function we expect that the lock for the connection is either - * already held or isn't required. - */ -static void sfe_ipv6_gen_sync_connection(struct sfe_ipv6 *si, struct sfe_ipv6_connection *c, - struct sfe_connection_sync *sis, sfe_sync_reason_t reason, - u64 now_jiffies) -{ - struct sfe_ipv6_connection_match *original_cm; - struct sfe_ipv6_connection_match *reply_cm; - - /* - * Fill in the update message. - */ - sis->is_v6 = 1; - sis->protocol = c->protocol; - sis->src_ip.ip6[0] = c->src_ip[0]; - sis->src_ip_xlate.ip6[0] = c->src_ip_xlate[0]; - sis->dest_ip.ip6[0] = c->dest_ip[0]; - sis->dest_ip_xlate.ip6[0] = c->dest_ip_xlate[0]; - sis->src_port = c->src_port; - sis->src_port_xlate = c->src_port_xlate; - sis->dest_port = c->dest_port; - sis->dest_port_xlate = c->dest_port_xlate; - - original_cm = c->original_match; - reply_cm = c->reply_match; - sis->src_td_max_window = original_cm->protocol_state.tcp.max_win; - sis->src_td_end = original_cm->protocol_state.tcp.end; - sis->src_td_max_end = original_cm->protocol_state.tcp.max_end; - sis->dest_td_max_window = reply_cm->protocol_state.tcp.max_win; - sis->dest_td_end = reply_cm->protocol_state.tcp.end; - sis->dest_td_max_end = reply_cm->protocol_state.tcp.max_end; - - sis->src_new_packet_count = original_cm->rx_packet_count; - sis->src_new_byte_count = original_cm->rx_byte_count; - sis->dest_new_packet_count = reply_cm->rx_packet_count; - sis->dest_new_byte_count = reply_cm->rx_byte_count; - - sfe_ipv6_connection_match_update_summary_stats(original_cm); - sfe_ipv6_connection_match_update_summary_stats(reply_cm); - - sis->src_dev = original_cm->match_dev; - sis->src_packet_count = original_cm->rx_packet_count64; - sis->src_byte_count = original_cm->rx_byte_count64; - - sis->dest_dev = reply_cm->match_dev; - sis->dest_packet_count = reply_cm->rx_packet_count64; - sis->dest_byte_count = reply_cm->rx_byte_count64; - - sis->reason = reason; - - /* - * Get the time increment since our last sync. - */ - sis->delta_jiffies = now_jiffies - c->last_sync_jiffies; - c->last_sync_jiffies = now_jiffies; -} - -/* - * sfe_ipv6_flush_connection() - * Flush a connection and free all associated resources. - * - * We need to be called with bottom halves disabled locally as we need to acquire - * the connection hash lock and release it again. In general we're actually called - * from within a BH and so we're fine, but we're also called when connections are - * torn down. - */ -static void sfe_ipv6_flush_connection(struct sfe_ipv6 *si, - struct sfe_ipv6_connection *c, - sfe_sync_reason_t reason) -{ - struct sfe_connection_sync sis; - u64 now_jiffies; - sfe_sync_rule_callback_t sync_rule_callback; - - rcu_read_lock(); - spin_lock_bh(&si->lock); - si->connection_flushes++; - sync_rule_callback = rcu_dereference(si->sync_rule_callback); - spin_unlock_bh(&si->lock); - - if (sync_rule_callback) { - /* - * Generate a sync message and then sync. - */ - now_jiffies = get_jiffies_64(); - sfe_ipv6_gen_sync_connection(si, c, &sis, reason, now_jiffies); - sync_rule_callback(&sis); - } - - rcu_read_unlock(); - - /* - * Release our hold of the source and dest devices and free the memory - * for our connection objects. - */ - dev_put(c->original_dev); - dev_put(c->reply_dev); - kfree(c->original_match); - kfree(c->reply_match); - kfree(c); -} - -/* - * sfe_ipv6_recv_udp() - * Handle UDP packet receives and forwarding. - */ -static int sfe_ipv6_recv_udp(struct sfe_ipv6 *si, struct sk_buff *skb, struct net_device *dev, - unsigned int len, struct sfe_ipv6_ip_hdr *iph, unsigned int ihl, bool flush_on_find) -{ - struct sfe_ipv6_udp_hdr *udph; - struct sfe_ipv6_addr *src_ip; - struct sfe_ipv6_addr *dest_ip; - __be16 src_port; - __be16 dest_port; - struct sfe_ipv6_connection_match *cm; - struct net_device *xmit_dev; - - /* - * Is our packet too short to contain a valid UDP header? - */ - if (!pskb_may_pull(skb, (sizeof(struct sfe_ipv6_udp_hdr) + ihl))) { - spin_lock_bh(&si->lock); - si->exception_events[SFE_IPV6_EXCEPTION_EVENT_UDP_HEADER_INCOMPLETE]++; - si->packets_not_forwarded++; - spin_unlock_bh(&si->lock); - - DEBUG_TRACE("packet too short for UDP header\n"); - return 0; - } - - /* - * Read the IP address and port information. Read the IP header data first - * because we've almost certainly got that in the cache. We may not yet have - * the UDP header cached though so allow more time for any prefetching. - */ - src_ip = &iph->saddr; - dest_ip = &iph->daddr; - - udph = (struct sfe_ipv6_udp_hdr *)(skb->data + ihl); - src_port = udph->source; - dest_port = udph->dest; - - spin_lock_bh(&si->lock); - - /* - * Look for a connection match. - */ -#ifdef CONFIG_NF_FLOW_COOKIE - cm = si->sfe_flow_cookie_table[skb->flow_cookie & SFE_FLOW_COOKIE_MASK].match; - if (unlikely(!cm)) { - cm = sfe_ipv6_find_connection_match(si, dev, IPPROTO_UDP, src_ip, src_port, dest_ip, dest_port); - } -#else - cm = sfe_ipv6_find_connection_match(si, dev, IPPROTO_UDP, src_ip, src_port, dest_ip, dest_port); -#endif - if (unlikely(!cm)) { - si->exception_events[SFE_IPV6_EXCEPTION_EVENT_UDP_NO_CONNECTION]++; - si->packets_not_forwarded++; - spin_unlock_bh(&si->lock); - - DEBUG_TRACE("no connection found\n"); - return 0; - } - - /* - * If our packet has beern marked as "flush on find" we can't actually - * forward it in the fast path, but now that we've found an associated - * connection we can flush that out before we process the packet. - */ - if (unlikely(flush_on_find)) { - struct sfe_ipv6_connection *c = cm->connection; - sfe_ipv6_remove_connection(si, c); - si->exception_events[SFE_IPV6_EXCEPTION_EVENT_UDP_IP_OPTIONS_OR_INITIAL_FRAGMENT]++; - si->packets_not_forwarded++; - spin_unlock_bh(&si->lock); - - DEBUG_TRACE("flush on find\n"); - sfe_ipv6_flush_connection(si, c, SFE_SYNC_REASON_FLUSH); - return 0; - } - -#ifdef CONFIG_XFRM - /* - * We can't accelerate the flow on this direction, just let it go - * through the slow path. - */ - if (unlikely(!cm->flow_accel)) { - si->packets_not_forwarded++; - spin_unlock_bh(&si->lock); - return 0; - } -#endif - - /* - * Does our hop_limit allow forwarding? - */ - if (unlikely(iph->hop_limit < 2)) { - struct sfe_ipv6_connection *c = cm->connection; - sfe_ipv6_remove_connection(si, c); - si->exception_events[SFE_IPV6_EXCEPTION_EVENT_UDP_SMALL_TTL]++; - si->packets_not_forwarded++; - spin_unlock_bh(&si->lock); - - DEBUG_TRACE("hop_limit too low\n"); - sfe_ipv6_flush_connection(si, c, SFE_SYNC_REASON_FLUSH); - return 0; - } - - /* - * If our packet is larger than the MTU of the transmit interface then - * we can't forward it easily. - */ - if (unlikely(len > cm->xmit_dev_mtu)) { - struct sfe_ipv6_connection *c = cm->connection; - sfe_ipv6_remove_connection(si, c); - si->exception_events[SFE_IPV6_EXCEPTION_EVENT_UDP_NEEDS_FRAGMENTATION]++; - si->packets_not_forwarded++; - spin_unlock_bh(&si->lock); - - DEBUG_TRACE("larger than mtu\n"); - sfe_ipv6_flush_connection(si, c, SFE_SYNC_REASON_FLUSH); - return 0; - } - - /* - * From this point on we're good to modify the packet. - */ - - /* - * Check if skb was cloned. If it was, unshare it. Because - * the data area is going to be written in this path and we don't want to - * change the cloned skb's data section. - */ - if (unlikely(skb_cloned(skb))) { - DEBUG_TRACE("%p: skb is a cloned skb\n", skb); - skb = skb_unshare(skb, GFP_ATOMIC); - if (!skb) { - DEBUG_WARN("Failed to unshare the cloned skb\n"); - si->exception_events[SFE_IPV6_EXCEPTION_EVENT_CLONED_SKB_UNSHARE_ERROR]++; - si->packets_not_forwarded++; - spin_unlock_bh(&si->lock); - - return 0; - } - - /* - * Update the iph and udph pointers with the unshared skb's data area. - */ - iph = (struct sfe_ipv6_ip_hdr *)skb->data; - udph = (struct sfe_ipv6_udp_hdr *)(skb->data + ihl); - } - - /* - * Update DSCP - */ - if (unlikely(cm->flags & SFE_IPV6_CONNECTION_MATCH_FLAG_DSCP_REMARK)) { - sfe_ipv6_change_dsfield(iph, cm->dscp); - } - - /* - * Decrement our hop_limit. - */ - iph->hop_limit -= 1; - - /* - * Do we have to perform translations of the source address/port? - */ - if (unlikely(cm->flags & SFE_IPV6_CONNECTION_MATCH_FLAG_XLATE_SRC)) { - u16 udp_csum; - - iph->saddr = cm->xlate_src_ip[0]; - udph->source = cm->xlate_src_port; - - /* - * Do we have a non-zero UDP checksum? If we do then we need - * to update it. - */ - udp_csum = udph->check; - if (likely(udp_csum)) { - u32 sum = udp_csum + cm->xlate_src_csum_adjustment; - sum = (sum & 0xffff) + (sum >> 16); - udph->check = (u16)sum; - } - } - - /* - * Do we have to perform translations of the destination address/port? - */ - if (unlikely(cm->flags & SFE_IPV6_CONNECTION_MATCH_FLAG_XLATE_DEST)) { - u16 udp_csum; - - iph->daddr = cm->xlate_dest_ip[0]; - udph->dest = cm->xlate_dest_port; - - /* - * Do we have a non-zero UDP checksum? If we do then we need - * to update it. - */ - udp_csum = udph->check; - if (likely(udp_csum)) { - u32 sum = udp_csum + cm->xlate_dest_csum_adjustment; - sum = (sum & 0xffff) + (sum >> 16); - udph->check = (u16)sum; - } - } - - /* - * Update traffic stats. - */ - cm->rx_packet_count++; - cm->rx_byte_count += len; - - /* - * If we're not already on the active list then insert ourselves at the tail - * of the current list. - */ - if (unlikely(!cm->active)) { - cm->active = true; - cm->active_prev = si->active_tail; - if (likely(si->active_tail)) { - si->active_tail->active_next = cm; - } else { - si->active_head = cm; - } - si->active_tail = cm; - } - - xmit_dev = cm->xmit_dev; - skb->dev = xmit_dev; - - /* - * Check to see if we need to write a header. - */ - if (likely(cm->flags & SFE_IPV6_CONNECTION_MATCH_FLAG_WRITE_L2_HDR)) { - if (unlikely(!(cm->flags & SFE_IPV6_CONNECTION_MATCH_FLAG_WRITE_FAST_ETH_HDR))) { - dev_hard_header(skb, xmit_dev, ETH_P_IPV6, - cm->xmit_dest_mac, cm->xmit_src_mac, len); - } else { - /* - * For the simple case we write this really fast. - */ - struct sfe_ipv6_eth_hdr *eth = (struct sfe_ipv6_eth_hdr *)__skb_push(skb, ETH_HLEN); - eth->h_proto = htons(ETH_P_IPV6); - eth->h_dest[0] = cm->xmit_dest_mac[0]; - eth->h_dest[1] = cm->xmit_dest_mac[1]; - eth->h_dest[2] = cm->xmit_dest_mac[2]; - eth->h_source[0] = cm->xmit_src_mac[0]; - eth->h_source[1] = cm->xmit_src_mac[1]; - eth->h_source[2] = cm->xmit_src_mac[2]; - } - } - - /* - * Update priority of skb. - */ - if (unlikely(cm->flags & SFE_IPV6_CONNECTION_MATCH_FLAG_PRIORITY_REMARK)) { - skb->priority = cm->priority; - } - - /* - * Mark outgoing packet. - */ - skb->mark = cm->connection->mark; - if (skb->mark) { - DEBUG_TRACE("SKB MARK is NON ZERO %x\n", skb->mark); - } - - si->packets_forwarded++; - spin_unlock_bh(&si->lock); - - /* - * We're going to check for GSO flags when we transmit the packet so - * start fetching the necessary cache line now. - */ - prefetch(skb_shinfo(skb)); - - /* - * Mark that this packet has been fast forwarded. - */ - skb->fast_forwarded = 1; - - /* - * Send the packet on its way. - */ - dev_queue_xmit(skb); - - return 1; -} - -/* - * sfe_ipv6_process_tcp_option_sack() - * Parse TCP SACK option and update ack according - */ -static bool sfe_ipv6_process_tcp_option_sack(const struct sfe_ipv6_tcp_hdr *th, const u32 data_offs, - u32 *ack) -{ - u32 length = sizeof(struct sfe_ipv6_tcp_hdr); - u8 *ptr = (u8 *)th + length; - - /* - * Ignore processing if TCP packet has only TIMESTAMP option. - */ - if (likely(data_offs == length + TCPOLEN_TIMESTAMP + 1 + 1) - && likely(ptr[0] == TCPOPT_NOP) - && likely(ptr[1] == TCPOPT_NOP) - && likely(ptr[2] == TCPOPT_TIMESTAMP) - && likely(ptr[3] == TCPOLEN_TIMESTAMP)) { - return true; - } - - /* - * TCP options. Parse SACK option. - */ - while (length < data_offs) { - u8 size; - u8 kind; - - ptr = (u8 *)th + length; - kind = *ptr; - - /* - * NOP, for padding - * Not in the switch because to fast escape and to not calculate size - */ - if (kind == TCPOPT_NOP) { - length++; - continue; - } - - if (kind == TCPOPT_SACK) { - u32 sack = 0; - u8 re = 1 + 1; - - size = *(ptr + 1); - if ((size < (1 + 1 + TCPOLEN_SACK_PERBLOCK)) - || ((size - (1 + 1)) % (TCPOLEN_SACK_PERBLOCK)) - || (size > (data_offs - length))) { - return false; - } - - re += 4; - while (re < size) { - u32 sack_re; - u8 *sptr = ptr + re; - sack_re = (sptr[0] << 24) | (sptr[1] << 16) | (sptr[2] << 8) | sptr[3]; - if (sack_re > sack) { - sack = sack_re; - } - re += TCPOLEN_SACK_PERBLOCK; - } - if (sack > *ack) { - *ack = sack; - } - length += size; - continue; - } - if (kind == TCPOPT_EOL) { - return true; - } - size = *(ptr + 1); - if (size < 2) { - return false; - } - length += size; - } - - return true; -} - -/* - * sfe_ipv6_recv_tcp() - * Handle TCP packet receives and forwarding. - */ -static int sfe_ipv6_recv_tcp(struct sfe_ipv6 *si, struct sk_buff *skb, struct net_device *dev, - unsigned int len, struct sfe_ipv6_ip_hdr *iph, unsigned int ihl, bool flush_on_find) -{ - struct sfe_ipv6_tcp_hdr *tcph; - struct sfe_ipv6_addr *src_ip; - struct sfe_ipv6_addr *dest_ip; - __be16 src_port; - __be16 dest_port; - struct sfe_ipv6_connection_match *cm; - struct sfe_ipv6_connection_match *counter_cm; - u32 flags; - struct net_device *xmit_dev; - - /* - * Is our packet too short to contain a valid UDP header? - */ - if (!pskb_may_pull(skb, (sizeof(struct sfe_ipv6_tcp_hdr) + ihl))) { - spin_lock_bh(&si->lock); - si->exception_events[SFE_IPV6_EXCEPTION_EVENT_TCP_HEADER_INCOMPLETE]++; - si->packets_not_forwarded++; - spin_unlock_bh(&si->lock); - - DEBUG_TRACE("packet too short for TCP header\n"); - return 0; - } - - /* - * Read the IP address and port information. Read the IP header data first - * because we've almost certainly got that in the cache. We may not yet have - * the TCP header cached though so allow more time for any prefetching. - */ - src_ip = &iph->saddr; - dest_ip = &iph->daddr; - - tcph = (struct sfe_ipv6_tcp_hdr *)(skb->data + ihl); - src_port = tcph->source; - dest_port = tcph->dest; - flags = tcp_flag_word(tcph); - - spin_lock_bh(&si->lock); - - /* - * Look for a connection match. - */ -#ifdef CONFIG_NF_FLOW_COOKIE - cm = si->sfe_flow_cookie_table[skb->flow_cookie & SFE_FLOW_COOKIE_MASK].match; - if (unlikely(!cm)) { - cm = sfe_ipv6_find_connection_match(si, dev, IPPROTO_TCP, src_ip, src_port, dest_ip, dest_port); - } -#else - cm = sfe_ipv6_find_connection_match(si, dev, IPPROTO_TCP, src_ip, src_port, dest_ip, dest_port); -#endif - if (unlikely(!cm)) { - /* - * We didn't get a connection but as TCP is connection-oriented that - * may be because this is a non-fast connection (not running established). - * For diagnostic purposes we differentiate this here. - */ - if (likely((flags & (TCP_FLAG_SYN | TCP_FLAG_RST | TCP_FLAG_FIN | TCP_FLAG_ACK)) == TCP_FLAG_ACK)) { - si->exception_events[SFE_IPV6_EXCEPTION_EVENT_TCP_NO_CONNECTION_FAST_FLAGS]++; - si->packets_not_forwarded++; - spin_unlock_bh(&si->lock); - - DEBUG_TRACE("no connection found - fast flags\n"); - return 0; - } - si->exception_events[SFE_IPV6_EXCEPTION_EVENT_TCP_NO_CONNECTION_SLOW_FLAGS]++; - si->packets_not_forwarded++; - spin_unlock_bh(&si->lock); - - DEBUG_TRACE("no connection found - slow flags: 0x%x\n", - flags & (TCP_FLAG_SYN | TCP_FLAG_RST | TCP_FLAG_FIN | TCP_FLAG_ACK)); - return 0; - } - - /* - * If our packet has beern marked as "flush on find" we can't actually - * forward it in the fast path, but now that we've found an associated - * connection we can flush that out before we process the packet. - */ - if (unlikely(flush_on_find)) { - struct sfe_ipv6_connection *c = cm->connection; - sfe_ipv6_remove_connection(si, c); - si->exception_events[SFE_IPV6_EXCEPTION_EVENT_TCP_IP_OPTIONS_OR_INITIAL_FRAGMENT]++; - si->packets_not_forwarded++; - spin_unlock_bh(&si->lock); - - DEBUG_TRACE("flush on find\n"); - sfe_ipv6_flush_connection(si, c, SFE_SYNC_REASON_FLUSH); - return 0; - } - -#ifdef CONFIG_XFRM - /* - * We can't accelerate the flow on this direction, just let it go - * through the slow path. - */ - if (unlikely(!cm->flow_accel)) { - si->packets_not_forwarded++; - spin_unlock_bh(&si->lock); - return 0; - } -#endif - - /* - * Does our hop_limit allow forwarding? - */ - if (unlikely(iph->hop_limit < 2)) { - struct sfe_ipv6_connection *c = cm->connection; - sfe_ipv6_remove_connection(si, c); - si->exception_events[SFE_IPV6_EXCEPTION_EVENT_TCP_SMALL_TTL]++; - si->packets_not_forwarded++; - spin_unlock_bh(&si->lock); - - DEBUG_TRACE("hop_limit too low\n"); - sfe_ipv6_flush_connection(si, c, SFE_SYNC_REASON_FLUSH); - return 0; - } - - /* - * If our packet is larger than the MTU of the transmit interface then - * we can't forward it easily. - */ - if (unlikely((len > cm->xmit_dev_mtu) && !skb_is_gso(skb))) { - struct sfe_ipv6_connection *c = cm->connection; - sfe_ipv6_remove_connection(si, c); - si->exception_events[SFE_IPV6_EXCEPTION_EVENT_TCP_NEEDS_FRAGMENTATION]++; - si->packets_not_forwarded++; - spin_unlock_bh(&si->lock); - - DEBUG_TRACE("larger than mtu\n"); - sfe_ipv6_flush_connection(si, c, SFE_SYNC_REASON_FLUSH); - return 0; - } - - /* - * Look at our TCP flags. Anything missing an ACK or that has RST, SYN or FIN - * set is not a fast path packet. - */ - if (unlikely((flags & (TCP_FLAG_SYN | TCP_FLAG_RST | TCP_FLAG_FIN | TCP_FLAG_ACK)) != TCP_FLAG_ACK)) { - struct sfe_ipv6_connection *c = cm->connection; - sfe_ipv6_remove_connection(si, c); - si->exception_events[SFE_IPV6_EXCEPTION_EVENT_TCP_FLAGS]++; - si->packets_not_forwarded++; - spin_unlock_bh(&si->lock); - - DEBUG_TRACE("TCP flags: 0x%x are not fast\n", - flags & (TCP_FLAG_SYN | TCP_FLAG_RST | TCP_FLAG_FIN | TCP_FLAG_ACK)); - sfe_ipv6_flush_connection(si, c, SFE_SYNC_REASON_FLUSH); - return 0; - } - - counter_cm = cm->counter_match; - - /* - * Are we doing sequence number checking? - */ - if (likely(!(cm->flags & SFE_IPV6_CONNECTION_MATCH_FLAG_NO_SEQ_CHECK))) { - u32 seq; - u32 ack; - u32 sack; - u32 data_offs; - u32 end; - u32 left_edge; - u32 scaled_win; - u32 max_end; - - /* - * Is our sequence fully past the right hand edge of the window? - */ - seq = ntohl(tcph->seq); - if (unlikely((s32)(seq - (cm->protocol_state.tcp.max_end + 1)) > 0)) { - struct sfe_ipv6_connection *c = cm->connection; - sfe_ipv6_remove_connection(si, c); - si->exception_events[SFE_IPV6_EXCEPTION_EVENT_TCP_SEQ_EXCEEDS_RIGHT_EDGE]++; - si->packets_not_forwarded++; - spin_unlock_bh(&si->lock); - - DEBUG_TRACE("seq: %u exceeds right edge: %u\n", - seq, cm->protocol_state.tcp.max_end + 1); - sfe_ipv6_flush_connection(si, c, SFE_SYNC_REASON_FLUSH); - return 0; - } - - /* - * Check that our TCP data offset isn't too short. - */ - data_offs = tcph->doff << 2; - if (unlikely(data_offs < sizeof(struct sfe_ipv6_tcp_hdr))) { - struct sfe_ipv6_connection *c = cm->connection; - sfe_ipv6_remove_connection(si, c); - si->exception_events[SFE_IPV6_EXCEPTION_EVENT_TCP_SMALL_DATA_OFFS]++; - si->packets_not_forwarded++; - spin_unlock_bh(&si->lock); - - DEBUG_TRACE("TCP data offset: %u, too small\n", data_offs); - sfe_ipv6_flush_connection(si, c, SFE_SYNC_REASON_FLUSH); - return 0; - } - - /* - * Update ACK according to any SACK option. - */ - ack = ntohl(tcph->ack_seq); - sack = ack; - if (unlikely(!sfe_ipv6_process_tcp_option_sack(tcph, data_offs, &sack))) { - struct sfe_ipv6_connection *c = cm->connection; - sfe_ipv6_remove_connection(si, c); - si->exception_events[SFE_IPV6_EXCEPTION_EVENT_TCP_BAD_SACK]++; - si->packets_not_forwarded++; - spin_unlock_bh(&si->lock); - - DEBUG_TRACE("TCP option SACK size is wrong\n"); - sfe_ipv6_flush_connection(si, c, SFE_SYNC_REASON_FLUSH); - return 0; - } - - /* - * Check that our TCP data offset isn't past the end of the packet. - */ - data_offs += sizeof(struct sfe_ipv6_ip_hdr); - if (unlikely(len < data_offs)) { - struct sfe_ipv6_connection *c = cm->connection; - sfe_ipv6_remove_connection(si, c); - si->exception_events[SFE_IPV6_EXCEPTION_EVENT_TCP_BIG_DATA_OFFS]++; - si->packets_not_forwarded++; - spin_unlock_bh(&si->lock); - - DEBUG_TRACE("TCP data offset: %u, past end of packet: %u\n", - data_offs, len); - sfe_ipv6_flush_connection(si, c, SFE_SYNC_REASON_FLUSH); - return 0; - } - - end = seq + len - data_offs; - - /* - * Is our sequence fully before the left hand edge of the window? - */ - if (unlikely((s32)(end - (cm->protocol_state.tcp.end - - counter_cm->protocol_state.tcp.max_win - 1)) < 0)) { - struct sfe_ipv6_connection *c = cm->connection; - sfe_ipv6_remove_connection(si, c); - si->exception_events[SFE_IPV6_EXCEPTION_EVENT_TCP_SEQ_BEFORE_LEFT_EDGE]++; - si->packets_not_forwarded++; - spin_unlock_bh(&si->lock); - - DEBUG_TRACE("seq: %u before left edge: %u\n", - end, cm->protocol_state.tcp.end - counter_cm->protocol_state.tcp.max_win - 1); - sfe_ipv6_flush_connection(si, c, SFE_SYNC_REASON_FLUSH); - return 0; - } - - /* - * Are we acking data that is to the right of what has been sent? - */ - if (unlikely((s32)(sack - (counter_cm->protocol_state.tcp.end + 1)) > 0)) { - struct sfe_ipv6_connection *c = cm->connection; - sfe_ipv6_remove_connection(si, c); - si->exception_events[SFE_IPV6_EXCEPTION_EVENT_TCP_ACK_EXCEEDS_RIGHT_EDGE]++; - si->packets_not_forwarded++; - spin_unlock_bh(&si->lock); - - DEBUG_TRACE("ack: %u exceeds right edge: %u\n", - sack, counter_cm->protocol_state.tcp.end + 1); - sfe_ipv6_flush_connection(si, c, SFE_SYNC_REASON_FLUSH); - return 0; - } - - /* - * Is our ack too far before the left hand edge of the window? - */ - left_edge = counter_cm->protocol_state.tcp.end - - cm->protocol_state.tcp.max_win - - SFE_IPV6_TCP_MAX_ACK_WINDOW - - 1; - if (unlikely((s32)(sack - left_edge) < 0)) { - struct sfe_ipv6_connection *c = cm->connection; - sfe_ipv6_remove_connection(si, c); - si->exception_events[SFE_IPV6_EXCEPTION_EVENT_TCP_ACK_BEFORE_LEFT_EDGE]++; - si->packets_not_forwarded++; - spin_unlock_bh(&si->lock); - - DEBUG_TRACE("ack: %u before left edge: %u\n", sack, left_edge); - sfe_ipv6_flush_connection(si, c, SFE_SYNC_REASON_FLUSH); - return 0; - } - - /* - * Have we just seen the largest window size yet for this connection? If yes - * then we need to record the new value. - */ - scaled_win = ntohs(tcph->window) << cm->protocol_state.tcp.win_scale; - scaled_win += (sack - ack); - if (unlikely(cm->protocol_state.tcp.max_win < scaled_win)) { - cm->protocol_state.tcp.max_win = scaled_win; - } - - /* - * If our sequence and/or ack numbers have advanced then record the new state. - */ - if (likely((s32)(end - cm->protocol_state.tcp.end) >= 0)) { - cm->protocol_state.tcp.end = end; - } - - max_end = sack + scaled_win; - if (likely((s32)(max_end - counter_cm->protocol_state.tcp.max_end) >= 0)) { - counter_cm->protocol_state.tcp.max_end = max_end; - } - } - - /* - * From this point on we're good to modify the packet. - */ - - /* - * Check if skb was cloned. If it was, unshare it. Because - * the data area is going to be written in this path and we don't want to - * change the cloned skb's data section. - */ - if (unlikely(skb_cloned(skb))) { - DEBUG_TRACE("%p: skb is a cloned skb\n", skb); - skb = skb_unshare(skb, GFP_ATOMIC); - if (!skb) { - DEBUG_WARN("Failed to unshare the cloned skb\n"); - si->exception_events[SFE_IPV6_EXCEPTION_EVENT_CLONED_SKB_UNSHARE_ERROR]++; - si->packets_not_forwarded++; - spin_unlock_bh(&si->lock); - - return 0; - } - - /* - * Update the iph and tcph pointers with the unshared skb's data area. - */ - iph = (struct sfe_ipv6_ip_hdr *)skb->data; - tcph = (struct sfe_ipv6_tcp_hdr *)(skb->data + ihl); - } - - /* - * Update DSCP - */ - if (unlikely(cm->flags & SFE_IPV6_CONNECTION_MATCH_FLAG_DSCP_REMARK)) { - sfe_ipv6_change_dsfield(iph, cm->dscp); - } - - /* - * Decrement our hop_limit. - */ - iph->hop_limit -= 1; - - /* - * Do we have to perform translations of the source address/port? - */ - if (unlikely(cm->flags & SFE_IPV6_CONNECTION_MATCH_FLAG_XLATE_SRC)) { - u16 tcp_csum; - u32 sum; - - iph->saddr = cm->xlate_src_ip[0]; - tcph->source = cm->xlate_src_port; - - /* - * Do we have a non-zero UDP checksum? If we do then we need - * to update it. - */ - tcp_csum = tcph->check; - sum = tcp_csum + cm->xlate_src_csum_adjustment; - sum = (sum & 0xffff) + (sum >> 16); - tcph->check = (u16)sum; - } - - /* - * Do we have to perform translations of the destination address/port? - */ - if (unlikely(cm->flags & SFE_IPV6_CONNECTION_MATCH_FLAG_XLATE_DEST)) { - u16 tcp_csum; - u32 sum; - - iph->daddr = cm->xlate_dest_ip[0]; - tcph->dest = cm->xlate_dest_port; - - /* - * Do we have a non-zero UDP checksum? If we do then we need - * to update it. - */ - tcp_csum = tcph->check; - sum = tcp_csum + cm->xlate_dest_csum_adjustment; - sum = (sum & 0xffff) + (sum >> 16); - tcph->check = (u16)sum; - } - - /* - * Update traffic stats. - */ - cm->rx_packet_count++; - cm->rx_byte_count += len; - - /* - * If we're not already on the active list then insert ourselves at the tail - * of the current list. - */ - if (unlikely(!cm->active)) { - cm->active = true; - cm->active_prev = si->active_tail; - if (likely(si->active_tail)) { - si->active_tail->active_next = cm; - } else { - si->active_head = cm; - } - si->active_tail = cm; - } - - xmit_dev = cm->xmit_dev; - skb->dev = xmit_dev; - - /* - * Check to see if we need to write a header. - */ - if (likely(cm->flags & SFE_IPV6_CONNECTION_MATCH_FLAG_WRITE_L2_HDR)) { - if (unlikely(!(cm->flags & SFE_IPV6_CONNECTION_MATCH_FLAG_WRITE_FAST_ETH_HDR))) { - dev_hard_header(skb, xmit_dev, ETH_P_IPV6, - cm->xmit_dest_mac, cm->xmit_src_mac, len); - } else { - /* - * For the simple case we write this really fast. - */ - struct sfe_ipv6_eth_hdr *eth = (struct sfe_ipv6_eth_hdr *)__skb_push(skb, ETH_HLEN); - eth->h_proto = htons(ETH_P_IPV6); - eth->h_dest[0] = cm->xmit_dest_mac[0]; - eth->h_dest[1] = cm->xmit_dest_mac[1]; - eth->h_dest[2] = cm->xmit_dest_mac[2]; - eth->h_source[0] = cm->xmit_src_mac[0]; - eth->h_source[1] = cm->xmit_src_mac[1]; - eth->h_source[2] = cm->xmit_src_mac[2]; - } - } - - /* - * Update priority of skb. - */ - if (unlikely(cm->flags & SFE_IPV6_CONNECTION_MATCH_FLAG_PRIORITY_REMARK)) { - skb->priority = cm->priority; - } - - /* - * Mark outgoing packet - */ - skb->mark = cm->connection->mark; - if (skb->mark) { - DEBUG_TRACE("SKB MARK is NON ZERO %x\n", skb->mark); - } - - si->packets_forwarded++; - spin_unlock_bh(&si->lock); - - /* - * We're going to check for GSO flags when we transmit the packet so - * start fetching the necessary cache line now. - */ - prefetch(skb_shinfo(skb)); - - /* - * Mark that this packet has been fast forwarded. - */ - skb->fast_forwarded = 1; - - /* - * Send the packet on its way. - */ - dev_queue_xmit(skb); - - return 1; -} - -/* - * sfe_ipv6_recv_icmp() - * Handle ICMP packet receives. - * - * ICMP packets aren't handled as a "fast path" and always have us process them - * through the default Linux stack. What we do need to do is look for any errors - * about connections we are handling in the fast path. If we find any such - * connections then we want to flush their state so that the ICMP error path - * within Linux has all of the correct state should it need it. - */ -static int sfe_ipv6_recv_icmp(struct sfe_ipv6 *si, struct sk_buff *skb, struct net_device *dev, - unsigned int len, struct sfe_ipv6_ip_hdr *iph, unsigned int ihl) -{ - struct icmp6hdr *icmph; - struct sfe_ipv6_ip_hdr *icmp_iph; - struct sfe_ipv6_udp_hdr *icmp_udph; - struct sfe_ipv6_tcp_hdr *icmp_tcph; - struct sfe_ipv6_addr *src_ip; - struct sfe_ipv6_addr *dest_ip; - __be16 src_port; - __be16 dest_port; - struct sfe_ipv6_connection_match *cm; - struct sfe_ipv6_connection *c; - u8 next_hdr; - - /* - * Is our packet too short to contain a valid ICMP header? - */ - len -= ihl; - if (!pskb_may_pull(skb, ihl + sizeof(struct icmp6hdr))) { - spin_lock_bh(&si->lock); - si->exception_events[SFE_IPV6_EXCEPTION_EVENT_ICMP_HEADER_INCOMPLETE]++; - si->packets_not_forwarded++; - spin_unlock_bh(&si->lock); - - DEBUG_TRACE("packet too short for ICMP header\n"); - return 0; - } - - /* - * We only handle "destination unreachable" and "time exceeded" messages. - */ - icmph = (struct icmp6hdr *)(skb->data + ihl); - if ((icmph->icmp6_type != ICMPV6_DEST_UNREACH) - && (icmph->icmp6_type != ICMPV6_TIME_EXCEED)) { - spin_lock_bh(&si->lock); - si->exception_events[SFE_IPV6_EXCEPTION_EVENT_ICMP_UNHANDLED_TYPE]++; - si->packets_not_forwarded++; - spin_unlock_bh(&si->lock); - - DEBUG_TRACE("unhandled ICMP type: 0x%x\n", icmph->icmp6_type); - return 0; - } - - /* - * Do we have the full embedded IP header? - * We should have 8 bytes of next L4 header - that's enough to identify - * the connection. - */ - len -= sizeof(struct icmp6hdr); - ihl += sizeof(struct icmp6hdr); - if (!pskb_may_pull(skb, ihl + sizeof(struct sfe_ipv6_ip_hdr) + sizeof(struct sfe_ipv6_ext_hdr))) { - spin_lock_bh(&si->lock); - si->exception_events[SFE_IPV6_EXCEPTION_EVENT_ICMP_IPV6_HEADER_INCOMPLETE]++; - si->packets_not_forwarded++; - spin_unlock_bh(&si->lock); - - DEBUG_TRACE("Embedded IP header not complete\n"); - return 0; - } - - /* - * Is our embedded IP version wrong? - */ - icmp_iph = (struct sfe_ipv6_ip_hdr *)(icmph + 1); - if (unlikely(icmp_iph->version != 6)) { - spin_lock_bh(&si->lock); - si->exception_events[SFE_IPV6_EXCEPTION_EVENT_ICMP_IPV6_NON_V6]++; - si->packets_not_forwarded++; - spin_unlock_bh(&si->lock); - - DEBUG_TRACE("IP version: %u\n", icmp_iph->version); - return 0; - } - - len -= sizeof(struct sfe_ipv6_ip_hdr); - ihl += sizeof(struct sfe_ipv6_ip_hdr); - next_hdr = icmp_iph->nexthdr; - while (unlikely(sfe_ipv6_is_ext_hdr(next_hdr))) { - struct sfe_ipv6_ext_hdr *ext_hdr; - unsigned int ext_hdr_len; - - ext_hdr = (struct sfe_ipv6_ext_hdr *)(skb->data + ihl); - if (next_hdr == SFE_IPV6_EXT_HDR_FRAG) { - struct sfe_ipv6_frag_hdr *frag_hdr = (struct sfe_ipv6_frag_hdr *)ext_hdr; - unsigned int frag_off = ntohs(frag_hdr->frag_off); - - if (frag_off & SFE_IPV6_FRAG_OFFSET) { - spin_lock_bh(&si->lock); - si->exception_events[SFE_IPV6_EXCEPTION_EVENT_NON_INITIAL_FRAGMENT]++; - si->packets_not_forwarded++; - spin_unlock_bh(&si->lock); - - DEBUG_TRACE("non-initial fragment\n"); - return 0; - } - } - - ext_hdr_len = ext_hdr->hdr_len; - ext_hdr_len <<= 3; - ext_hdr_len += sizeof(struct sfe_ipv6_ext_hdr); - len -= ext_hdr_len; - ihl += ext_hdr_len; - /* - * We should have 8 bytes of next header - that's enough to identify - * the connection. - */ - if (!pskb_may_pull(skb, ihl + sizeof(struct sfe_ipv6_ext_hdr))) { - spin_lock_bh(&si->lock); - si->exception_events[SFE_IPV6_EXCEPTION_EVENT_HEADER_INCOMPLETE]++; - si->packets_not_forwarded++; - spin_unlock_bh(&si->lock); - - DEBUG_TRACE("extension header %d not completed\n", next_hdr); - return 0; - } - - next_hdr = ext_hdr->next_hdr; - } - - /* - * Handle the embedded transport layer header. - */ - switch (next_hdr) { - case IPPROTO_UDP: - icmp_udph = (struct sfe_ipv6_udp_hdr *)(skb->data + ihl); - src_port = icmp_udph->source; - dest_port = icmp_udph->dest; - break; - - case IPPROTO_TCP: - icmp_tcph = (struct sfe_ipv6_tcp_hdr *)(skb->data + ihl); - src_port = icmp_tcph->source; - dest_port = icmp_tcph->dest; - break; - - default: - spin_lock_bh(&si->lock); - si->exception_events[SFE_IPV6_EXCEPTION_EVENT_ICMP_IPV6_UNHANDLED_PROTOCOL]++; - si->packets_not_forwarded++; - spin_unlock_bh(&si->lock); - - DEBUG_TRACE("Unhandled embedded IP protocol: %u\n", next_hdr); - return 0; - } - - src_ip = &icmp_iph->saddr; - dest_ip = &icmp_iph->daddr; - - spin_lock_bh(&si->lock); - - /* - * Look for a connection match. Note that we reverse the source and destination - * here because our embedded message contains a packet that was sent in the - * opposite direction to the one in which we just received it. It will have - * been sent on the interface from which we received it though so that's still - * ok to use. - */ - cm = sfe_ipv6_find_connection_match(si, dev, icmp_iph->nexthdr, dest_ip, dest_port, src_ip, src_port); - if (unlikely(!cm)) { - si->exception_events[SFE_IPV6_EXCEPTION_EVENT_ICMP_NO_CONNECTION]++; - si->packets_not_forwarded++; - spin_unlock_bh(&si->lock); - - DEBUG_TRACE("no connection found\n"); - return 0; - } - - /* - * We found a connection so now remove it from the connection list and flush - * its state. - */ - c = cm->connection; - sfe_ipv6_remove_connection(si, c); - si->exception_events[SFE_IPV6_EXCEPTION_EVENT_ICMP_FLUSHED_CONNECTION]++; - si->packets_not_forwarded++; - spin_unlock_bh(&si->lock); - - sfe_ipv6_flush_connection(si, c, SFE_SYNC_REASON_FLUSH); - return 0; -} - -/* - * sfe_ipv6_recv() - * Handle packet receives and forwaring. - * - * Returns 1 if the packet is forwarded or 0 if it isn't. - */ -int sfe_ipv6_recv(struct net_device *dev, struct sk_buff *skb) -{ - struct sfe_ipv6 *si = &__si6; - unsigned int len; - unsigned int payload_len; - unsigned int ihl = sizeof(struct sfe_ipv6_ip_hdr); - bool flush_on_find = false; - struct sfe_ipv6_ip_hdr *iph; - u8 next_hdr; - - /* - * Check that we have space for an IP header and an uplayer header here. - */ - len = skb->len; - if (!pskb_may_pull(skb, ihl + sizeof(struct sfe_ipv6_ext_hdr))) { - spin_lock_bh(&si->lock); - si->exception_events[SFE_IPV6_EXCEPTION_EVENT_HEADER_INCOMPLETE]++; - si->packets_not_forwarded++; - spin_unlock_bh(&si->lock); - - DEBUG_TRACE("len: %u is too short\n", len); - return 0; - } - - /* - * Is our IP version wrong? - */ - iph = (struct sfe_ipv6_ip_hdr *)skb->data; - if (unlikely(iph->version != 6)) { - spin_lock_bh(&si->lock); - si->exception_events[SFE_IPV6_EXCEPTION_EVENT_NON_V6]++; - si->packets_not_forwarded++; - spin_unlock_bh(&si->lock); - - DEBUG_TRACE("IP version: %u\n", iph->version); - return 0; - } - - /* - * Does our datagram fit inside the skb? - */ - payload_len = ntohs(iph->payload_len); - if (unlikely(payload_len > (len - ihl))) { - spin_lock_bh(&si->lock); - si->exception_events[SFE_IPV6_EXCEPTION_EVENT_DATAGRAM_INCOMPLETE]++; - si->packets_not_forwarded++; - spin_unlock_bh(&si->lock); - - DEBUG_TRACE("payload_len: %u, exceeds len: %u\n", payload_len, (len - sizeof(struct sfe_ipv6_ip_hdr))); - return 0; - } - - next_hdr = iph->nexthdr; - while (unlikely(sfe_ipv6_is_ext_hdr(next_hdr))) { - struct sfe_ipv6_ext_hdr *ext_hdr; - unsigned int ext_hdr_len; - - ext_hdr = (struct sfe_ipv6_ext_hdr *)(skb->data + ihl); - if (next_hdr == SFE_IPV6_EXT_HDR_FRAG) { - struct sfe_ipv6_frag_hdr *frag_hdr = (struct sfe_ipv6_frag_hdr *)ext_hdr; - unsigned int frag_off = ntohs(frag_hdr->frag_off); - - if (frag_off & SFE_IPV6_FRAG_OFFSET) { - spin_lock_bh(&si->lock); - si->exception_events[SFE_IPV6_EXCEPTION_EVENT_NON_INITIAL_FRAGMENT]++; - si->packets_not_forwarded++; - spin_unlock_bh(&si->lock); - - DEBUG_TRACE("non-initial fragment\n"); - return 0; - } - } - - ext_hdr_len = ext_hdr->hdr_len; - ext_hdr_len <<= 3; - ext_hdr_len += sizeof(struct sfe_ipv6_ext_hdr); - ihl += ext_hdr_len; - if (!pskb_may_pull(skb, ihl + sizeof(struct sfe_ipv6_ext_hdr))) { - spin_lock_bh(&si->lock); - si->exception_events[SFE_IPV6_EXCEPTION_EVENT_HEADER_INCOMPLETE]++; - si->packets_not_forwarded++; - spin_unlock_bh(&si->lock); - - DEBUG_TRACE("extension header %d not completed\n", next_hdr); - return 0; - } - - flush_on_find = true; - next_hdr = ext_hdr->next_hdr; - } - - if (IPPROTO_UDP == next_hdr) { - return sfe_ipv6_recv_udp(si, skb, dev, len, iph, ihl, flush_on_find); - } - - if (IPPROTO_TCP == next_hdr) { - return sfe_ipv6_recv_tcp(si, skb, dev, len, iph, ihl, flush_on_find); - } - - if (IPPROTO_ICMPV6 == next_hdr) { - return sfe_ipv6_recv_icmp(si, skb, dev, len, iph, ihl); - } - - spin_lock_bh(&si->lock); - si->exception_events[SFE_IPV6_EXCEPTION_EVENT_UNHANDLED_PROTOCOL]++; - si->packets_not_forwarded++; - spin_unlock_bh(&si->lock); - - DEBUG_TRACE("not UDP, TCP or ICMP: %u\n", next_hdr); - return 0; -} - -/* - * sfe_ipv6_update_tcp_state() - * update TCP window variables. - */ -static void -sfe_ipv6_update_tcp_state(struct sfe_ipv6_connection *c, - struct sfe_connection_create *sic) -{ - struct sfe_ipv6_connection_match *orig_cm; - struct sfe_ipv6_connection_match *repl_cm; - struct sfe_ipv6_tcp_connection_match *orig_tcp; - struct sfe_ipv6_tcp_connection_match *repl_tcp; - - orig_cm = c->original_match; - repl_cm = c->reply_match; - orig_tcp = &orig_cm->protocol_state.tcp; - repl_tcp = &repl_cm->protocol_state.tcp; - - /* update orig */ - if (orig_tcp->max_win < sic->src_td_max_window) { - orig_tcp->max_win = sic->src_td_max_window; - } - if ((s32)(orig_tcp->end - sic->src_td_end) < 0) { - orig_tcp->end = sic->src_td_end; - } - if ((s32)(orig_tcp->max_end - sic->src_td_max_end) < 0) { - orig_tcp->max_end = sic->src_td_max_end; - } - - /* update reply */ - if (repl_tcp->max_win < sic->dest_td_max_window) { - repl_tcp->max_win = sic->dest_td_max_window; - } - if ((s32)(repl_tcp->end - sic->dest_td_end) < 0) { - repl_tcp->end = sic->dest_td_end; - } - if ((s32)(repl_tcp->max_end - sic->dest_td_max_end) < 0) { - repl_tcp->max_end = sic->dest_td_max_end; - } - - /* update match flags */ - orig_cm->flags &= ~SFE_IPV6_CONNECTION_MATCH_FLAG_NO_SEQ_CHECK; - repl_cm->flags &= ~SFE_IPV6_CONNECTION_MATCH_FLAG_NO_SEQ_CHECK; - if (sic->flags & SFE_CREATE_FLAG_NO_SEQ_CHECK) { - orig_cm->flags |= SFE_IPV6_CONNECTION_MATCH_FLAG_NO_SEQ_CHECK; - repl_cm->flags |= SFE_IPV6_CONNECTION_MATCH_FLAG_NO_SEQ_CHECK; - } -} - -/* - * sfe_ipv6_update_protocol_state() - * update protocol specified state machine. - */ -static void -sfe_ipv6_update_protocol_state(struct sfe_ipv6_connection *c, - struct sfe_connection_create *sic) -{ - switch (sic->protocol) { - case IPPROTO_TCP: - sfe_ipv6_update_tcp_state(c, sic); - break; - } -} - -/* - * sfe_ipv6_update_rule() - * update forwarding rule after rule is created. - */ -void sfe_ipv6_update_rule(struct sfe_connection_create *sic) -{ - struct sfe_ipv6_connection *c; - struct sfe_ipv6 *si = &__si6; - - spin_lock_bh(&si->lock); - - c = sfe_ipv6_find_connection(si, - sic->protocol, - sic->src_ip.ip6, - sic->src_port, - sic->dest_ip.ip6, - sic->dest_port); - if (c != NULL) { - sfe_ipv6_update_protocol_state(c, sic); - } - - spin_unlock_bh(&si->lock); -} - -/* - * sfe_ipv6_create_rule() - * Create a forwarding rule. - */ -int sfe_ipv6_create_rule(struct sfe_connection_create *sic) -{ - struct sfe_ipv6 *si = &__si6; - struct sfe_ipv6_connection *c; - struct sfe_ipv6_connection_match *original_cm; - struct sfe_ipv6_connection_match *reply_cm; - struct net_device *dest_dev; - struct net_device *src_dev; - - dest_dev = sic->dest_dev; - src_dev = sic->src_dev; - - if (unlikely((dest_dev->reg_state != NETREG_REGISTERED) || - (src_dev->reg_state != NETREG_REGISTERED))) { - return -EINVAL; - } - - spin_lock_bh(&si->lock); - si->connection_create_requests++; - - /* - * Check to see if there is already a flow that matches the rule we're - * trying to create. If there is then we can't create a new one. - */ - c = sfe_ipv6_find_connection(si, - sic->protocol, - sic->src_ip.ip6, - sic->src_port, - sic->dest_ip.ip6, - sic->dest_port); - if (c != NULL) { - si->connection_create_collisions++; - - /* - * If we already have the flow then it's likely that this - * request to create the connection rule contains more - * up-to-date information. Check and update accordingly. - */ - sfe_ipv6_update_protocol_state(c, sic); - spin_unlock_bh(&si->lock); - - DEBUG_TRACE("connection already exists - mark: %08x, p: %d\n" - " s: %s:%pM:%pI6:%u, d: %s:%pM:%pI6:%u\n", - sic->mark, sic->protocol, - sic->src_dev->name, sic->src_mac, sic->src_ip.ip6, ntohs(sic->src_port), - sic->dest_dev->name, sic->dest_mac, sic->dest_ip.ip6, ntohs(sic->dest_port)); - return -EADDRINUSE; - } - - /* - * Allocate the various connection tracking objects. - */ - c = (struct sfe_ipv6_connection *)kmalloc(sizeof(struct sfe_ipv6_connection), GFP_ATOMIC); - if (unlikely(!c)) { - spin_unlock_bh(&si->lock); - return -ENOMEM; - } - - original_cm = (struct sfe_ipv6_connection_match *)kmalloc(sizeof(struct sfe_ipv6_connection_match), GFP_ATOMIC); - if (unlikely(!original_cm)) { - spin_unlock_bh(&si->lock); - kfree(c); - return -ENOMEM; - } - - reply_cm = (struct sfe_ipv6_connection_match *)kmalloc(sizeof(struct sfe_ipv6_connection_match), GFP_ATOMIC); - if (unlikely(!reply_cm)) { - spin_unlock_bh(&si->lock); - kfree(original_cm); - kfree(c); - return -ENOMEM; - } - - /* - * Fill in the "original" direction connection matching object. - * Note that the transmit MAC address is "dest_mac_xlate" because - * we always know both ends of a connection by their translated - * addresses and not their public addresses. - */ - original_cm->match_dev = src_dev; - original_cm->match_protocol = sic->protocol; - original_cm->match_src_ip[0] = sic->src_ip.ip6[0]; - original_cm->match_src_port = sic->src_port; - original_cm->match_dest_ip[0] = sic->dest_ip.ip6[0]; - original_cm->match_dest_port = sic->dest_port; - original_cm->xlate_src_ip[0] = sic->src_ip_xlate.ip6[0]; - original_cm->xlate_src_port = sic->src_port_xlate; - original_cm->xlate_dest_ip[0] = sic->dest_ip_xlate.ip6[0]; - original_cm->xlate_dest_port = sic->dest_port_xlate; - original_cm->rx_packet_count = 0; - original_cm->rx_packet_count64 = 0; - original_cm->rx_byte_count = 0; - original_cm->rx_byte_count64 = 0; - original_cm->xmit_dev = dest_dev; - original_cm->xmit_dev_mtu = sic->dest_mtu; - memcpy(original_cm->xmit_src_mac, dest_dev->dev_addr, ETH_ALEN); - memcpy(original_cm->xmit_dest_mac, sic->dest_mac_xlate, ETH_ALEN); - original_cm->connection = c; - original_cm->counter_match = reply_cm; - original_cm->flags = 0; - if (sic->flags & SFE_CREATE_FLAG_REMARK_PRIORITY) { - original_cm->priority = sic->src_priority; - original_cm->flags |= SFE_IPV6_CONNECTION_MATCH_FLAG_PRIORITY_REMARK; - } - if (sic->flags & SFE_CREATE_FLAG_REMARK_DSCP) { - original_cm->dscp = sic->src_dscp << SFE_IPV6_DSCP_SHIFT; - original_cm->flags |= SFE_IPV6_CONNECTION_MATCH_FLAG_DSCP_REMARK; - } -#ifdef CONFIG_NF_FLOW_COOKIE - original_cm->flow_cookie = 0; -#endif -#ifdef CONFIG_XFRM - original_cm->flow_accel = sic->original_accel; -#endif - original_cm->active_next = NULL; - original_cm->active_prev = NULL; - original_cm->active = false; - - /* - * For PPP links we don't write an L2 header. For everything else we do. - */ - if (!(dest_dev->flags & IFF_POINTOPOINT)) { - original_cm->flags |= SFE_IPV6_CONNECTION_MATCH_FLAG_WRITE_L2_HDR; - - /* - * If our dev writes Ethernet headers then we can write a really fast - * version. - */ - if (dest_dev->header_ops) { - if (dest_dev->header_ops->create == eth_header) { - original_cm->flags |= SFE_IPV6_CONNECTION_MATCH_FLAG_WRITE_FAST_ETH_HDR; - } - } - } - - /* - * Fill in the "reply" direction connection matching object. - */ - reply_cm->match_dev = dest_dev; - reply_cm->match_protocol = sic->protocol; - reply_cm->match_src_ip[0] = sic->dest_ip_xlate.ip6[0]; - reply_cm->match_src_port = sic->dest_port_xlate; - reply_cm->match_dest_ip[0] = sic->src_ip_xlate.ip6[0]; - reply_cm->match_dest_port = sic->src_port_xlate; - reply_cm->xlate_src_ip[0] = sic->dest_ip.ip6[0]; - reply_cm->xlate_src_port = sic->dest_port; - reply_cm->xlate_dest_ip[0] = sic->src_ip.ip6[0]; - reply_cm->xlate_dest_port = sic->src_port; - reply_cm->rx_packet_count = 0; - reply_cm->rx_packet_count64 = 0; - reply_cm->rx_byte_count = 0; - reply_cm->rx_byte_count64 = 0; - reply_cm->xmit_dev = src_dev; - reply_cm->xmit_dev_mtu = sic->src_mtu; - memcpy(reply_cm->xmit_src_mac, src_dev->dev_addr, ETH_ALEN); - memcpy(reply_cm->xmit_dest_mac, sic->src_mac, ETH_ALEN); - reply_cm->connection = c; - reply_cm->counter_match = original_cm; - reply_cm->flags = 0; - if (sic->flags & SFE_CREATE_FLAG_REMARK_PRIORITY) { - reply_cm->priority = sic->dest_priority; - reply_cm->flags |= SFE_IPV6_CONNECTION_MATCH_FLAG_PRIORITY_REMARK; - } - if (sic->flags & SFE_CREATE_FLAG_REMARK_DSCP) { - reply_cm->dscp = sic->dest_dscp << SFE_IPV6_DSCP_SHIFT; - reply_cm->flags |= SFE_IPV6_CONNECTION_MATCH_FLAG_DSCP_REMARK; - } -#ifdef CONFIG_NF_FLOW_COOKIE - reply_cm->flow_cookie = 0; -#endif -#ifdef CONFIG_XFRM - reply_cm->flow_accel = sic->reply_accel; -#endif - reply_cm->active_next = NULL; - reply_cm->active_prev = NULL; - reply_cm->active = false; - - /* - * For PPP links we don't write an L2 header. For everything else we do. - */ - if (!(src_dev->flags & IFF_POINTOPOINT)) { - reply_cm->flags |= SFE_IPV6_CONNECTION_MATCH_FLAG_WRITE_L2_HDR; - - /* - * If our dev writes Ethernet headers then we can write a really fast - * version. - */ - if (src_dev->header_ops) { - if (src_dev->header_ops->create == eth_header) { - reply_cm->flags |= SFE_IPV6_CONNECTION_MATCH_FLAG_WRITE_FAST_ETH_HDR; - } - } - } - - - if (!sfe_ipv6_addr_equal(sic->dest_ip.ip6, sic->dest_ip_xlate.ip6) || sic->dest_port != sic->dest_port_xlate) { - original_cm->flags |= SFE_IPV6_CONNECTION_MATCH_FLAG_XLATE_DEST; - reply_cm->flags |= SFE_IPV6_CONNECTION_MATCH_FLAG_XLATE_SRC; - } - - if (!sfe_ipv6_addr_equal(sic->src_ip.ip6, sic->src_ip_xlate.ip6) || sic->src_port != sic->src_port_xlate) { - original_cm->flags |= SFE_IPV6_CONNECTION_MATCH_FLAG_XLATE_SRC; - reply_cm->flags |= SFE_IPV6_CONNECTION_MATCH_FLAG_XLATE_DEST; - } - - c->protocol = sic->protocol; - c->src_ip[0] = sic->src_ip.ip6[0]; - c->src_ip_xlate[0] = sic->src_ip_xlate.ip6[0]; - c->src_port = sic->src_port; - c->src_port_xlate = sic->src_port_xlate; - c->original_dev = src_dev; - c->original_match = original_cm; - c->dest_ip[0] = sic->dest_ip.ip6[0]; - c->dest_ip_xlate[0] = sic->dest_ip_xlate.ip6[0]; - c->dest_port = sic->dest_port; - c->dest_port_xlate = sic->dest_port_xlate; - c->reply_dev = dest_dev; - c->reply_match = reply_cm; - c->mark = sic->mark; - c->debug_read_seq = 0; - c->last_sync_jiffies = get_jiffies_64(); - - /* - * Take hold of our source and dest devices for the duration of the connection. - */ - dev_hold(c->original_dev); - dev_hold(c->reply_dev); - - /* - * Initialize the protocol-specific information that we track. - */ - switch (sic->protocol) { - case IPPROTO_TCP: - original_cm->protocol_state.tcp.win_scale = sic->src_td_window_scale; - original_cm->protocol_state.tcp.max_win = sic->src_td_max_window ? sic->src_td_max_window : 1; - original_cm->protocol_state.tcp.end = sic->src_td_end; - original_cm->protocol_state.tcp.max_end = sic->src_td_max_end; - reply_cm->protocol_state.tcp.win_scale = sic->dest_td_window_scale; - reply_cm->protocol_state.tcp.max_win = sic->dest_td_max_window ? sic->dest_td_max_window : 1; - reply_cm->protocol_state.tcp.end = sic->dest_td_end; - reply_cm->protocol_state.tcp.max_end = sic->dest_td_max_end; - if (sic->flags & SFE_CREATE_FLAG_NO_SEQ_CHECK) { - original_cm->flags |= SFE_IPV6_CONNECTION_MATCH_FLAG_NO_SEQ_CHECK; - reply_cm->flags |= SFE_IPV6_CONNECTION_MATCH_FLAG_NO_SEQ_CHECK; - } - break; - } - - sfe_ipv6_connection_match_compute_translations(original_cm); - sfe_ipv6_connection_match_compute_translations(reply_cm); - sfe_ipv6_insert_connection(si, c); - - spin_unlock_bh(&si->lock); - - /* - * We have everything we need! - */ - DEBUG_INFO("new connection - mark: %08x, p: %d\n" - " s: %s:%pM(%pM):%pI6(%pI6):%u(%u)\n" - " d: %s:%pM(%pM):%pI6(%pI6):%u(%u)\n", - sic->mark, sic->protocol, - sic->src_dev->name, sic->src_mac, sic->src_mac_xlate, - sic->src_ip.ip6, sic->src_ip_xlate.ip6, ntohs(sic->src_port), ntohs(sic->src_port_xlate), - dest_dev->name, sic->dest_mac, sic->dest_mac_xlate, - sic->dest_ip.ip6, sic->dest_ip_xlate.ip6, ntohs(sic->dest_port), ntohs(sic->dest_port_xlate)); - - return 0; -} - -/* - * sfe_ipv6_destroy_rule() - * Destroy a forwarding rule. - */ -void sfe_ipv6_destroy_rule(struct sfe_connection_destroy *sid) -{ - struct sfe_ipv6 *si = &__si6; - struct sfe_ipv6_connection *c; - - spin_lock_bh(&si->lock); - si->connection_destroy_requests++; - - /* - * Check to see if we have a flow that matches the rule we're trying - * to destroy. If there isn't then we can't destroy it. - */ - c = sfe_ipv6_find_connection(si, sid->protocol, sid->src_ip.ip6, sid->src_port, - sid->dest_ip.ip6, sid->dest_port); - if (!c) { - si->connection_destroy_misses++; - spin_unlock_bh(&si->lock); - - DEBUG_TRACE("connection does not exist - p: %d, s: %pI6:%u, d: %pI6:%u\n", - sid->protocol, sid->src_ip.ip6, ntohs(sid->src_port), - sid->dest_ip.ip6, ntohs(sid->dest_port)); - return; - } - - /* - * Remove our connection details from the hash tables. - */ - sfe_ipv6_remove_connection(si, c); - spin_unlock_bh(&si->lock); - - sfe_ipv6_flush_connection(si, c, SFE_SYNC_REASON_DESTROY); - - DEBUG_INFO("connection destroyed - p: %d, s: %pI6:%u, d: %pI6:%u\n", - sid->protocol, sid->src_ip.ip6, ntohs(sid->src_port), - sid->dest_ip.ip6, ntohs(sid->dest_port)); -} - -/* - * sfe_ipv6_register_sync_rule_callback() - * Register a callback for rule synchronization. - */ -void sfe_ipv6_register_sync_rule_callback(sfe_sync_rule_callback_t sync_rule_callback) -{ - struct sfe_ipv6 *si = &__si6; - - spin_lock_bh(&si->lock); - rcu_assign_pointer(si->sync_rule_callback, sync_rule_callback); - spin_unlock_bh(&si->lock); -} - -/* - * sfe_ipv6_get_debug_dev() - */ -static ssize_t sfe_ipv6_get_debug_dev(struct device *dev, - struct device_attribute *attr, - char *buf) -{ - struct sfe_ipv6 *si = &__si6; - ssize_t count; - int num; - - spin_lock_bh(&si->lock); - num = si->debug_dev; - spin_unlock_bh(&si->lock); - - count = snprintf(buf, (ssize_t)PAGE_SIZE, "%d\n", num); - return count; -} - -/* - * sfe_ipv6_destroy_all_rules_for_dev() - * Destroy all connections that match a particular device. - * - * If we pass dev as NULL then this destroys all connections. - */ -void sfe_ipv6_destroy_all_rules_for_dev(struct net_device *dev) -{ - struct sfe_ipv6 *si = &__si6; - struct sfe_ipv6_connection *c; - -another_round: - spin_lock_bh(&si->lock); - - for (c = si->all_connections_head; c; c = c->all_connections_next) { - /* - * Does this connection relate to the device we are destroying? - */ - if (!dev - || (dev == c->original_dev) - || (dev == c->reply_dev)) { - break; - } - } - - if (c) { - sfe_ipv6_remove_connection(si, c); - } - - spin_unlock_bh(&si->lock); - - if (c) { - sfe_ipv6_flush_connection(si, c, SFE_SYNC_REASON_DESTROY); - goto another_round; - } -} - -/* - * sfe_ipv6_periodic_sync() - */ -#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 15, 0)) -static void sfe_ipv6_periodic_sync(struct timer_list *arg) -#else -static void sfe_ipv6_periodic_sync(unsigned long arg) -#endif /*KERNEL_VERSION(4, 15, 0)*/ -{ -#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 15, 0)) - struct sfe_ipv6 *si = (struct sfe_ipv6 *)arg->cust_data; -#else - struct sfe_ipv6 *si = (struct sfe_ipv6 *)arg; -#endif /*KERNEL_VERSION(4, 15, 0)*/ - u64 now_jiffies; - int quota; - sfe_sync_rule_callback_t sync_rule_callback; - - now_jiffies = get_jiffies_64(); - - rcu_read_lock(); - sync_rule_callback = rcu_dereference(si->sync_rule_callback); - if (!sync_rule_callback) { - rcu_read_unlock(); - goto done; - } - - spin_lock_bh(&si->lock); - sfe_ipv6_update_summary_stats(si); - - /* - * Get an estimate of the number of connections to parse in this sync. - */ - quota = (si->num_connections + 63) / 64; - - /* - * Walk the "active" list and sync the connection state. - */ - while (quota--) { - struct sfe_ipv6_connection_match *cm; - struct sfe_ipv6_connection_match *counter_cm; - struct sfe_ipv6_connection *c; - struct sfe_connection_sync sis; - - cm = si->active_head; - if (!cm) { - break; - } - - /* - * There's a possibility that our counter match is in the active list too. - * If it is then remove it. - */ - counter_cm = cm->counter_match; - if (counter_cm->active) { - counter_cm->active = false; - - /* - * We must have a connection preceding this counter match - * because that's the one that got us to this point, so we don't have - * to worry about removing the head of the list. - */ - counter_cm->active_prev->active_next = counter_cm->active_next; - - if (likely(counter_cm->active_next)) { - counter_cm->active_next->active_prev = counter_cm->active_prev; - } else { - si->active_tail = counter_cm->active_prev; - } - - counter_cm->active_next = NULL; - counter_cm->active_prev = NULL; - } - - /* - * Now remove the head of the active scan list. - */ - cm->active = false; - si->active_head = cm->active_next; - if (likely(cm->active_next)) { - cm->active_next->active_prev = NULL; - } else { - si->active_tail = NULL; - } - cm->active_next = NULL; - - /* - * Sync the connection state. - */ - c = cm->connection; - sfe_ipv6_gen_sync_connection(si, c, &sis, SFE_SYNC_REASON_STATS, now_jiffies); - - /* - * We don't want to be holding the lock when we sync! - */ - spin_unlock_bh(&si->lock); - sync_rule_callback(&sis); - spin_lock_bh(&si->lock); - } - - spin_unlock_bh(&si->lock); - rcu_read_unlock(); - -done: - mod_timer(&si->timer, jiffies + ((HZ + 99) / 100)); -} - -/* - * sfe_ipv6_debug_dev_read_start() - * Generate part of the XML output. - */ -static bool sfe_ipv6_debug_dev_read_start(struct sfe_ipv6 *si, char *buffer, char *msg, size_t *length, - int *total_read, struct sfe_ipv6_debug_xml_write_state *ws) -{ - int bytes_read; - - si->debug_read_seq++; - - bytes_read = snprintf(msg, CHAR_DEV_MSG_SIZE, "\n"); - if (copy_to_user(buffer + *total_read, msg, CHAR_DEV_MSG_SIZE)) { - return false; - } - - *length -= bytes_read; - *total_read += bytes_read; - - ws->state++; - return true; -} - -/* - * sfe_ipv6_debug_dev_read_connections_start() - * Generate part of the XML output. - */ -static bool sfe_ipv6_debug_dev_read_connections_start(struct sfe_ipv6 *si, char *buffer, char *msg, size_t *length, - int *total_read, struct sfe_ipv6_debug_xml_write_state *ws) -{ - int bytes_read; - - bytes_read = snprintf(msg, CHAR_DEV_MSG_SIZE, "\t\n"); - if (copy_to_user(buffer + *total_read, msg, CHAR_DEV_MSG_SIZE)) { - return false; - } - - *length -= bytes_read; - *total_read += bytes_read; - - ws->state++; - return true; -} - -/* - * sfe_ipv6_debug_dev_read_connections_connection() - * Generate part of the XML output. - */ -static bool sfe_ipv6_debug_dev_read_connections_connection(struct sfe_ipv6 *si, char *buffer, char *msg, size_t *length, - int *total_read, struct sfe_ipv6_debug_xml_write_state *ws) -{ - struct sfe_ipv6_connection *c; - struct sfe_ipv6_connection_match *original_cm; - struct sfe_ipv6_connection_match *reply_cm; - int bytes_read; - int protocol; - struct net_device *src_dev; - struct sfe_ipv6_addr src_ip; - struct sfe_ipv6_addr src_ip_xlate; - __be16 src_port; - __be16 src_port_xlate; - u64 src_rx_packets; - u64 src_rx_bytes; - struct net_device *dest_dev; - struct sfe_ipv6_addr dest_ip; - struct sfe_ipv6_addr dest_ip_xlate; - __be16 dest_port; - __be16 dest_port_xlate; - u64 dest_rx_packets; - u64 dest_rx_bytes; - u64 last_sync_jiffies; - u32 mark, src_priority, dest_priority, src_dscp, dest_dscp; -#ifdef CONFIG_NF_FLOW_COOKIE - int src_flow_cookie, dst_flow_cookie; -#endif - - spin_lock_bh(&si->lock); - - for (c = si->all_connections_head; c; c = c->all_connections_next) { - if (c->debug_read_seq < si->debug_read_seq) { - c->debug_read_seq = si->debug_read_seq; - break; - } - } - - /* - * If there were no connections then move to the next state. - */ - if (!c) { - spin_unlock_bh(&si->lock); - ws->state++; - return true; - } - - original_cm = c->original_match; - reply_cm = c->reply_match; - - protocol = c->protocol; - src_dev = c->original_dev; - src_ip = c->src_ip[0]; - src_ip_xlate = c->src_ip_xlate[0]; - src_port = c->src_port; - src_port_xlate = c->src_port_xlate; - src_priority = original_cm->priority; - src_dscp = original_cm->dscp >> SFE_IPV6_DSCP_SHIFT; - - sfe_ipv6_connection_match_update_summary_stats(original_cm); - sfe_ipv6_connection_match_update_summary_stats(reply_cm); - - src_rx_packets = original_cm->rx_packet_count64; - src_rx_bytes = original_cm->rx_byte_count64; - dest_dev = c->reply_dev; - dest_ip = c->dest_ip[0]; - dest_ip_xlate = c->dest_ip_xlate[0]; - dest_port = c->dest_port; - dest_port_xlate = c->dest_port_xlate; - dest_priority = reply_cm->priority; - dest_dscp = reply_cm->dscp >> SFE_IPV6_DSCP_SHIFT; - dest_rx_packets = reply_cm->rx_packet_count64; - dest_rx_bytes = reply_cm->rx_byte_count64; - last_sync_jiffies = get_jiffies_64() - c->last_sync_jiffies; - mark = c->mark; -#ifdef CONFIG_NF_FLOW_COOKIE - src_flow_cookie = original_cm->flow_cookie; - dst_flow_cookie = reply_cm->flow_cookie; -#endif - spin_unlock_bh(&si->lock); - - bytes_read = snprintf(msg, CHAR_DEV_MSG_SIZE, "\t\t\n", - protocol, - src_dev->name, - &src_ip, &src_ip_xlate, - ntohs(src_port), ntohs(src_port_xlate), - src_priority, src_dscp, - src_rx_packets, src_rx_bytes, - dest_dev->name, - &dest_ip, &dest_ip_xlate, - ntohs(dest_port), ntohs(dest_port_xlate), - dest_priority, dest_dscp, - dest_rx_packets, dest_rx_bytes, -#ifdef CONFIG_NF_FLOW_COOKIE - src_flow_cookie, dst_flow_cookie, -#endif - last_sync_jiffies, mark); - - if (copy_to_user(buffer + *total_read, msg, CHAR_DEV_MSG_SIZE)) { - return false; - } - - *length -= bytes_read; - *total_read += bytes_read; - - return true; -} - -/* - * sfe_ipv6_debug_dev_read_connections_end() - * Generate part of the XML output. - */ -static bool sfe_ipv6_debug_dev_read_connections_end(struct sfe_ipv6 *si, char *buffer, char *msg, size_t *length, - int *total_read, struct sfe_ipv6_debug_xml_write_state *ws) -{ - int bytes_read; - - bytes_read = snprintf(msg, CHAR_DEV_MSG_SIZE, "\t\n"); - if (copy_to_user(buffer + *total_read, msg, CHAR_DEV_MSG_SIZE)) { - return false; - } - - *length -= bytes_read; - *total_read += bytes_read; - - ws->state++; - return true; -} - -/* - * sfe_ipv6_debug_dev_read_exceptions_start() - * Generate part of the XML output. - */ -static bool sfe_ipv6_debug_dev_read_exceptions_start(struct sfe_ipv6 *si, char *buffer, char *msg, size_t *length, - int *total_read, struct sfe_ipv6_debug_xml_write_state *ws) -{ - int bytes_read; - - bytes_read = snprintf(msg, CHAR_DEV_MSG_SIZE, "\t\n"); - if (copy_to_user(buffer + *total_read, msg, CHAR_DEV_MSG_SIZE)) { - return false; - } - - *length -= bytes_read; - *total_read += bytes_read; - - ws->state++; - return true; -} - -/* - * sfe_ipv6_debug_dev_read_exceptions_exception() - * Generate part of the XML output. - */ -static bool sfe_ipv6_debug_dev_read_exceptions_exception(struct sfe_ipv6 *si, char *buffer, char *msg, size_t *length, - int *total_read, struct sfe_ipv6_debug_xml_write_state *ws) -{ - u64 ct; - - spin_lock_bh(&si->lock); - ct = si->exception_events64[ws->iter_exception]; - spin_unlock_bh(&si->lock); - - if (ct) { - int bytes_read; - - bytes_read = snprintf(msg, CHAR_DEV_MSG_SIZE, - "\t\t\n", - sfe_ipv6_exception_events_string[ws->iter_exception], - ct); - if (copy_to_user(buffer + *total_read, msg, CHAR_DEV_MSG_SIZE)) { - return false; - } - - *length -= bytes_read; - *total_read += bytes_read; - } - - ws->iter_exception++; - if (ws->iter_exception >= SFE_IPV6_EXCEPTION_EVENT_LAST) { - ws->iter_exception = 0; - ws->state++; - } - - return true; -} - -/* - * sfe_ipv6_debug_dev_read_exceptions_end() - * Generate part of the XML output. - */ -static bool sfe_ipv6_debug_dev_read_exceptions_end(struct sfe_ipv6 *si, char *buffer, char *msg, size_t *length, - int *total_read, struct sfe_ipv6_debug_xml_write_state *ws) -{ - int bytes_read; - - bytes_read = snprintf(msg, CHAR_DEV_MSG_SIZE, "\t\n"); - if (copy_to_user(buffer + *total_read, msg, CHAR_DEV_MSG_SIZE)) { - return false; - } - - *length -= bytes_read; - *total_read += bytes_read; - - ws->state++; - return true; -} - -/* - * sfe_ipv6_debug_dev_read_stats() - * Generate part of the XML output. - */ -static bool sfe_ipv6_debug_dev_read_stats(struct sfe_ipv6 *si, char *buffer, char *msg, size_t *length, - int *total_read, struct sfe_ipv6_debug_xml_write_state *ws) -{ - int bytes_read; - unsigned int num_connections; - u64 packets_forwarded; - u64 packets_not_forwarded; - u64 connection_create_requests; - u64 connection_create_collisions; - u64 connection_destroy_requests; - u64 connection_destroy_misses; - u64 connection_flushes; - u64 connection_match_hash_hits; - u64 connection_match_hash_reorders; - - spin_lock_bh(&si->lock); - sfe_ipv6_update_summary_stats(si); - - num_connections = si->num_connections; - packets_forwarded = si->packets_forwarded64; - packets_not_forwarded = si->packets_not_forwarded64; - connection_create_requests = si->connection_create_requests64; - connection_create_collisions = si->connection_create_collisions64; - connection_destroy_requests = si->connection_destroy_requests64; - connection_destroy_misses = si->connection_destroy_misses64; - connection_flushes = si->connection_flushes64; - connection_match_hash_hits = si->connection_match_hash_hits64; - connection_match_hash_reorders = si->connection_match_hash_reorders64; - spin_unlock_bh(&si->lock); - - bytes_read = snprintf(msg, CHAR_DEV_MSG_SIZE, "\t\n", - num_connections, - packets_forwarded, - packets_not_forwarded, - connection_create_requests, - connection_create_collisions, - connection_destroy_requests, - connection_destroy_misses, - connection_flushes, - connection_match_hash_hits, - connection_match_hash_reorders); - if (copy_to_user(buffer + *total_read, msg, CHAR_DEV_MSG_SIZE)) { - return false; - } - - *length -= bytes_read; - *total_read += bytes_read; - - ws->state++; - return true; -} - -/* - * sfe_ipv6_debug_dev_read_end() - * Generate part of the XML output. - */ -static bool sfe_ipv6_debug_dev_read_end(struct sfe_ipv6 *si, char *buffer, char *msg, size_t *length, - int *total_read, struct sfe_ipv6_debug_xml_write_state *ws) -{ - int bytes_read; - - bytes_read = snprintf(msg, CHAR_DEV_MSG_SIZE, "\n"); - if (copy_to_user(buffer + *total_read, msg, CHAR_DEV_MSG_SIZE)) { - return false; - } - - *length -= bytes_read; - *total_read += bytes_read; - - ws->state++; - return true; -} - -/* - * Array of write functions that write various XML elements that correspond to - * our XML output state machine. - */ -static sfe_ipv6_debug_xml_write_method_t sfe_ipv6_debug_xml_write_methods[SFE_IPV6_DEBUG_XML_STATE_DONE] = { - sfe_ipv6_debug_dev_read_start, - sfe_ipv6_debug_dev_read_connections_start, - sfe_ipv6_debug_dev_read_connections_connection, - sfe_ipv6_debug_dev_read_connections_end, - sfe_ipv6_debug_dev_read_exceptions_start, - sfe_ipv6_debug_dev_read_exceptions_exception, - sfe_ipv6_debug_dev_read_exceptions_end, - sfe_ipv6_debug_dev_read_stats, - sfe_ipv6_debug_dev_read_end, -}; - -/* - * sfe_ipv6_debug_dev_read() - * Send info to userspace upon read request from user - */ -static ssize_t sfe_ipv6_debug_dev_read(struct file *filp, char *buffer, size_t length, loff_t *offset) -{ - char msg[CHAR_DEV_MSG_SIZE]; - int total_read = 0; - struct sfe_ipv6_debug_xml_write_state *ws; - struct sfe_ipv6 *si = &__si6; - - ws = (struct sfe_ipv6_debug_xml_write_state *)filp->private_data; - while ((ws->state != SFE_IPV6_DEBUG_XML_STATE_DONE) && (length > CHAR_DEV_MSG_SIZE)) { - if ((sfe_ipv6_debug_xml_write_methods[ws->state])(si, buffer, msg, &length, &total_read, ws)) { - continue; - } - } - - return total_read; -} - -/* - * sfe_ipv6_debug_dev_write() - * Write to char device resets some stats - */ -static ssize_t sfe_ipv6_debug_dev_write(struct file *filp, const char *buffer, size_t length, loff_t *offset) -{ - struct sfe_ipv6 *si = &__si6; - - spin_lock_bh(&si->lock); - sfe_ipv6_update_summary_stats(si); - - si->packets_forwarded64 = 0; - si->packets_not_forwarded64 = 0; - si->connection_create_requests64 = 0; - si->connection_create_collisions64 = 0; - si->connection_destroy_requests64 = 0; - si->connection_destroy_misses64 = 0; - si->connection_flushes64 = 0; - si->connection_match_hash_hits64 = 0; - si->connection_match_hash_reorders64 = 0; - spin_unlock_bh(&si->lock); - - return length; -} - -/* - * sfe_ipv6_debug_dev_open() - */ -static int sfe_ipv6_debug_dev_open(struct inode *inode, struct file *file) -{ - struct sfe_ipv6_debug_xml_write_state *ws; - - ws = (struct sfe_ipv6_debug_xml_write_state *)file->private_data; - if (ws) { - return 0; - } - - ws = kzalloc(sizeof(struct sfe_ipv6_debug_xml_write_state), GFP_KERNEL); - if (!ws) { - return -ENOMEM; - } - - ws->state = SFE_IPV6_DEBUG_XML_STATE_START; - file->private_data = ws; - - return 0; -} - -/* - * sfe_ipv6_debug_dev_release() - */ -static int sfe_ipv6_debug_dev_release(struct inode *inode, struct file *file) -{ - struct sfe_ipv6_debug_xml_write_state *ws; - - ws = (struct sfe_ipv6_debug_xml_write_state *)file->private_data; - if (ws) { - /* - * We've finished with our output so free the write state. - */ - kfree(ws); - } - - return 0; -} - -/* - * File operations used in the debug char device - */ -static struct file_operations sfe_ipv6_debug_dev_fops = { - .read = sfe_ipv6_debug_dev_read, - .write = sfe_ipv6_debug_dev_write, - .open = sfe_ipv6_debug_dev_open, - .release = sfe_ipv6_debug_dev_release -}; - -#ifdef CONFIG_NF_FLOW_COOKIE -/* - * sfe_ipv6_register_flow_cookie_cb - * register a function in SFE to let SFE use this function to configure flow cookie for a flow - * - * Hardware driver which support flow cookie should register a callback function in SFE. Then SFE - * can use this function to configure flow cookie for a flow. - * return: 0, success; !=0, fail - */ -int sfe_ipv6_register_flow_cookie_cb(sfe_ipv6_flow_cookie_set_func_t cb) -{ - struct sfe_ipv6 *si = &__si6; - - BUG_ON(!cb); - - if (si->flow_cookie_set_func) { - return -1; - } - - rcu_assign_pointer(si->flow_cookie_set_func, cb); - return 0; -} - -/* - * sfe_ipv6_unregister_flow_cookie_cb - * unregister function which is used to configure flow cookie for a flow - * - * return: 0, success; !=0, fail - */ -int sfe_ipv6_unregister_flow_cookie_cb(sfe_ipv6_flow_cookie_set_func_t cb) -{ - struct sfe_ipv6 *si = &__si6; - - RCU_INIT_POINTER(si->flow_cookie_set_func, NULL); - return 0; -} - -/* - * sfe_ipv6_get_flow_cookie() - */ -static ssize_t sfe_ipv6_get_flow_cookie(struct device *dev, - struct device_attribute *attr, - char *buf) -{ - struct sfe_ipv6 *si = &__si6; - return snprintf(buf, (ssize_t)PAGE_SIZE, "%d\n", si->flow_cookie_enable); -} - -/* - * sfe_ipv6_set_flow_cookie() - */ -static ssize_t sfe_ipv6_set_flow_cookie(struct device *dev, - struct device_attribute *attr, - const char *buf, size_t size) -{ - struct sfe_ipv6 *si = &__si6; - strict_strtol(buf, 0, (long int *)&si->flow_cookie_enable); - - return size; -} - -/* - * sysfs attributes. - */ -static const struct device_attribute sfe_ipv6_flow_cookie_attr = - __ATTR(flow_cookie_enable, S_IWUSR | S_IRUGO, sfe_ipv6_get_flow_cookie, sfe_ipv6_set_flow_cookie); -#endif /*CONFIG_NF_FLOW_COOKIE*/ - -/* - * sfe_ipv6_init() - */ -static int __init sfe_ipv6_init(void) -{ - struct sfe_ipv6 *si = &__si6; - int result = -1; - - DEBUG_INFO("SFE IPv6 init\n"); - - /* - * Create sys/sfe_ipv6 - */ - si->sys_sfe_ipv6 = kobject_create_and_add("sfe_ipv6", NULL); - if (!si->sys_sfe_ipv6) { - DEBUG_ERROR("failed to register sfe_ipv6\n"); - goto exit1; - } - - /* - * Create files, one for each parameter supported by this module. - */ - result = sysfs_create_file(si->sys_sfe_ipv6, &sfe_ipv6_debug_dev_attr.attr); - if (result) { - DEBUG_ERROR("failed to register debug dev file: %d\n", result); - goto exit2; - } - -#ifdef CONFIG_NF_FLOW_COOKIE - result = sysfs_create_file(si->sys_sfe_ipv6, &sfe_ipv6_flow_cookie_attr.attr); - if (result) { - DEBUG_ERROR("failed to register flow cookie enable file: %d\n", result); - goto exit3; - } -#endif /* CONFIG_NF_FLOW_COOKIE */ - - /* - * Register our debug char device. - */ - result = register_chrdev(0, "sfe_ipv6", &sfe_ipv6_debug_dev_fops); - if (result < 0) { - DEBUG_ERROR("Failed to register chrdev: %d\n", result); - goto exit4; - } - - si->debug_dev = result; - - /* - * Create a timer to handle periodic statistics. - */ -#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 15, 0)) - timer_setup(&si->timer, sfe_ipv6_periodic_sync, 0); - si->timer.cust_data = (unsigned long)si; -#else - setup_timer(&si->timer, sfe_ipv6_periodic_sync, (unsigned long)si); -#endif /*KERNEL_VERSION(4, 15, 0)*/ - mod_timer(&si->timer, jiffies + ((HZ + 99) / 100)); - - spin_lock_init(&si->lock); - - return 0; - -exit4: -#ifdef CONFIG_NF_FLOW_COOKIE - sysfs_remove_file(si->sys_sfe_ipv6, &sfe_ipv6_flow_cookie_attr.attr); - -exit3: -#endif /* CONFIG_NF_FLOW_COOKIE */ - sysfs_remove_file(si->sys_sfe_ipv6, &sfe_ipv6_debug_dev_attr.attr); - -exit2: - kobject_put(si->sys_sfe_ipv6); - -exit1: - return result; -} - -/* - * sfe_ipv6_exit() - */ -static void __exit sfe_ipv6_exit(void) -{ - struct sfe_ipv6 *si = &__si6; - - DEBUG_INFO("SFE IPv6 exit\n"); - - /* - * Destroy all connections. - */ - sfe_ipv6_destroy_all_rules_for_dev(NULL); - - del_timer_sync(&si->timer); - - unregister_chrdev(si->debug_dev, "sfe_ipv6"); - -#ifdef CONFIG_NF_FLOW_COOKIE - sysfs_remove_file(si->sys_sfe_ipv6, &sfe_ipv6_flow_cookie_attr.attr); -#endif /* CONFIG_NF_FLOW_COOKIE */ - sysfs_remove_file(si->sys_sfe_ipv6, &sfe_ipv6_debug_dev_attr.attr); - - kobject_put(si->sys_sfe_ipv6); -} - -module_init(sfe_ipv6_init) -module_exit(sfe_ipv6_exit) - -EXPORT_SYMBOL(sfe_ipv6_recv); -EXPORT_SYMBOL(sfe_ipv6_create_rule); -EXPORT_SYMBOL(sfe_ipv6_destroy_rule); -EXPORT_SYMBOL(sfe_ipv6_destroy_all_rules_for_dev); -EXPORT_SYMBOL(sfe_ipv6_register_sync_rule_callback); -EXPORT_SYMBOL(sfe_ipv6_mark_rule); -EXPORT_SYMBOL(sfe_ipv6_update_rule); -#ifdef CONFIG_NF_FLOW_COOKIE -EXPORT_SYMBOL(sfe_ipv6_register_flow_cookie_cb); -EXPORT_SYMBOL(sfe_ipv6_unregister_flow_cookie_cb); -#endif - -MODULE_DESCRIPTION("Shortcut Forwarding Engine - IPv6 support"); -MODULE_LICENSE("Dual BSD/GPL"); - diff --git a/simple-obfs/LICENSE b/simple-obfs/LICENSE old mode 100644 new mode 100755 diff --git a/simple-obfs/Makefile b/simple-obfs/Makefile old mode 100644 new mode 100755 diff --git a/speedtestc/Makefile b/speedtestc/Makefile old mode 100644 new mode 100755 diff --git a/tcptraceroute/Makefile b/tcptraceroute/Makefile old mode 100644 new mode 100755 diff --git a/tcptraceroute/patches/001-configure_cross_compile.patch b/tcptraceroute/patches/001-configure_cross_compile.patch old mode 100644 new mode 100755 diff --git a/tracebox/Makefile b/tracebox/Makefile old mode 100644 new mode 100755 diff --git a/tracebox/files/usr/share/tracebox/omr-mptcp-trace.lua b/tracebox/files/usr/share/tracebox/omr-mptcp-trace.lua old mode 100644 new mode 100755 diff --git a/tracebox/patches/101-build-fixes.patch b/tracebox/patches/101-build-fixes.patch old mode 100644 new mode 100755 diff --git a/tracebox/patches/102-configure.patch b/tracebox/patches/102-configure.patch old mode 100644 new mode 100755 diff --git a/tracebox/patches/103-configure.patch b/tracebox/patches/103-configure.patch old mode 100644 new mode 100755 diff --git a/tracebox/patches/104-ns_name_compress.patch b/tracebox/patches/104-ns_name_compress.patch old mode 100644 new mode 100755 diff --git a/tracebox/patches/202-fix-lua-include-hpp.patch b/tracebox/patches/202-fix-lua-include-hpp.patch old mode 100644 new mode 100755 diff --git a/tracebox/patches/204-fix-lua-namespace-crafter.patch b/tracebox/patches/204-fix-lua-namespace-crafter.patch old mode 100644 new mode 100755 diff --git a/v2ray-core/Config.in b/v2ray-core/Config.in old mode 100644 new mode 100755 diff --git a/v2ray-core/LICENSE b/v2ray-core/LICENSE old mode 100644 new mode 100755 diff --git a/v2ray-core/Makefile b/v2ray-core/Makefile old mode 100644 new mode 100755 diff --git a/v2ray-core/files/etc/firewall.v2ray-rules b/v2ray-core/files/etc/firewall.v2ray-rules old mode 100644 new mode 100755 diff --git a/v2ray-core/files/etc/uci-defaults/3010-omr-v2ray b/v2ray-core/files/etc/uci-defaults/3010-omr-v2ray old mode 100644 new mode 100755 diff --git a/v2ray-ext/Makefile b/v2ray-ext/Makefile old mode 100644 new mode 100755 index f1fd155fb..87f6ba25f --- a/v2ray-ext/Makefile +++ b/v2ray-ext/Makefile @@ -25,7 +25,7 @@ GO_PKG:=v2ray.com/ext GO_PKG_SOURCE_ONLY:=1 include $(INCLUDE_DIR)/package.mk -include ../golang/golang-package.mk +include $(TOPDIR)/feeds/packages/lang/golang/golang-package.mk define Package/v2ray-ext-dev $(call GoPackage/GoSubMenu)