fix

2025-03-09 15:40:03 +00:00 · 2022-09-10 07:06:41 +08:00 · 2022-09-10 07:06:41 +08:00 · f4eb77419f
commit f4eb77419f
parent 4c02f1d8a6
124 changed files with 330 additions and 10758 deletions
--- a/qaa/qca-nss-ecm/Makefile
+++ b/qaa/qca-nss-ecm/Makefile
@ -0,0 +1,90 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=qca-nss-ecm
+PKG_RELEASE:=1
+
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_DATE:=2021-11-09
+PKG_SOURCE_URL:=https://source.codeaurora.org/quic/qsdk/oss/lklm/qca-nss-ecm
+PKG_SOURCE_VERSION:=33122aebdd54803b5817065060289d6af5dfd3ba
+PKG_MIRROR_HASH:=a857db70804e19a20efef2d1ad519fe26bce3a45decd6ae3bb4a26d53f464a8d
+
+include $(INCLUDE_DIR)/kernel.mk
+include $(INCLUDE_DIR)/package.mk
+
+define KernelPackage/qca-nss-ecm
+  SECTION:=kernel
+  CATEGORY:=Kernel modules
+  SUBMENU:=Network Support
+  DEPENDS:=@TARGET_ipq60xx +iptables-mod-extra +iptables-mod-physdev \
+	+kmod-ipt-conntrack +kmod-ipt-physdev +kmod-pppoe +kmod-qca-nss-drv
+  TITLE:=QCA NSS Enhanced Connection Manager (ECM)
+  FILES:=$(PKG_BUILD_DIR)/*.ko
+  KCONFIG:= \
+	CONFIG_BRIDGE_NETFILTER=y \
+	CONFIG_NF_CONNTRACK_EVENTS=y \
+	CONFIG_NF_CONNTRACK_CHAIN_EVENTS=y \
+	CONFIG_NF_CONNTRACK_DSCPREMARK_EXT=n
+endef
+
+define KernelPackage/qca-nss-ecm/Description
+This package contains the QCA NSS Enhanced Connection Manager
+endef
+
+define KernelPackage/qca-nss-ecm/install
+	$(INSTALL_DIR) $(1)/etc/config
+	$(INSTALL_DATA) ./files/qca-nss-ecm.uci $(1)/etc/config/ecm
+	$(INSTALL_DIR) $(1)/etc/init.d
+	$(INSTALL_BIN) ./files/qca-nss-ecm.init $(1)/etc/init.d/qca-nss-ecm
+	$(INSTALL_DIR) $(1)/etc/firewall.d
+	$(INSTALL_DATA) ./files/qca-nss-ecm.firewall $(1)/etc/firewall.d/qca-nss-ecm
+	$(INSTALL_DIR) $(1)/etc/sysctl.d
+	$(INSTALL_BIN) ./files/qca-nss-ecm.sysctl $(1)/etc/sysctl.d/qca-nss-ecm.conf
+	$(INSTALL_DIR) $(1)/etc/uci-defaults
+	$(INSTALL_DATA) ./files/qca-nss-ecm.defaults $(1)/etc/uci-defaults/99-qca-nss-ecm
+	$(INSTALL_DIR) $(1)/usr/bin
+	$(INSTALL_BIN) ./files/ecm_dump.sh $(1)/usr/bin/
+	$(INSTALL_DIR) $(1)/lib/netifd/offload
+	$(INSTALL_BIN) ./files/on-demand-down $(1)/lib/netifd/offload/on-demand-down
+endef
+
+EXTRA_CFLAGS+=-I$(STAGING_DIR)/usr/include/qca-nss-drv
+
+ifneq (, $(findstring $(BOARD), ipq60xx ipq807x))
+ECM_MAKE_OPTS+= \
+		ECM_BAND_STEERING_ENABLE=n \
+		ECM_CLASSIFIER_DSCP_ENABLE=n \
+		ECM_CLASSIFIER_HYFI_ENABLE=n \
+		ECM_CLASSIFIER_MARK_ENABLE=n \
+		ECM_CLASSIFIER_PCC_ENABLE=n \
+		ECM_FRONT_END_NSS_ENABLE=y \
+		ECM_INTERFACE_BOND_ENABLE=n \
+		ECM_INTERFACE_GRE_TAP_ENABLE=n \
+		ECM_INTERFACE_GRE_TUN_ENABLE=n \
+		ECM_INTERFACE_IPSEC_ENABLE=n \
+		ECM_INTERFACE_L2TPV2_ENABLE=n \
+		ECM_INTERFACE_PPPOE_ENABLE=y \
+		ECM_INTERFACE_PPTP_ENABLE=n \
+		ECM_INTERFACE_RAWIP_ENABLE=n \
+		ECM_INTERFACE_SIT_ENABLE=n \
+		ECM_INTERFACE_TUNIPIP6_ENABLE=n \
+		ECM_INTERFACE_VLAN_ENABLE=n \
+		ECM_MULTICAST_ENABLE=n
+endif
+
+define Build/InstallDev
+	mkdir -p $(1)/usr/include/qca-nss-ecm
+	$(CP) $(PKG_BUILD_DIR)/exports/* $(1)/usr/include/qca-nss-ecm
+endef
+
+define Build/Compile
+	$(MAKE) -C "$(LINUX_DIR)" $(strip $(ECM_MAKE_OPTS)) \
+		CROSS_COMPILE="$(TARGET_CROSS)" \
+		EXTRA_CFLAGS="$(EXTRA_CFLAGS)" \
+		$(KERNEL_MAKE_FLAGS) \
+		M="$(PKG_BUILD_DIR)" \
+		SoC="$(BOARD)_64" \
+		modules
+endef
+
+$(eval $(call KernelPackage,qca-nss-ecm))
--- a/qaa/qca-nss-ecm/files/ecm_dump.sh
+++ b/qaa/qca-nss-ecm/files/ecm_dump.sh
@ -0,0 +1,95 @@
+#!/bin/sh
+#
+# Copyright (c) 2015-2016, The Linux Foundation. All rights reserved.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+#
+
+ECM_MODULE=${1:-ecm_state}
+MOUNT_ROOT=/dev/ecm
+
+#
+# usage: ecm_dump.sh [module=ecm_db]
+#
+# with no parameters, ecm_dump.sh will attempt to mount the
+# ecm_db state file and cat its contents.
+#
+# example with a parameter: ecm_dump.sh ecm_classifier_default
+#
+# this will cause ecm_dump to attempt to find and mount the state
+# file for the ecm_classifier_default module, and if successful
+# cat the contents.
+#
+
+# this is one of the state files, which happens to be the
+# last module started in ecm
+ECM_STATE=/sys/kernel/debug/ecm/ecm_state/state_dev_major
+
+# tests to see if ECM is up and ready to receive commands.
+# returns 0 if ECM is fully up and ready, else 1
+ecm_is_ready() {
+	if [ ! -e "${ECM_STATE}" ]
+	then
+		return 1
+	fi
+	return 0
+}
+
+#
+# module_state_mount(module_name)
+#      Mounts the state file of the module, if supported
+#
+module_state_mount() {
+	local module_name=$1
+	local mount_dir=$2
+	local state_file="/sys/kernel/debug/ecm/${module_name}/state_dev_major"
+
+	if [ -e "${mount_dir}/${module_name}" ]
+	then
+		# already mounted
+		return 0
+	fi
+
+	#echo "Mount state file for $module_name ..."
+	if [ ! -e "$state_file" ]
+	then
+		#echo "... $module_name does not support state"
+		return 1
+	fi
+
+	local major="`cat $state_file`"
+	#echo "... Mounting state $state_file with major: $major"
+	mknod "${mount_dir}/${module_name}" c $major 0
+}
+
+#
+# main
+#
+ecm_is_ready || {
+	#echo "ECM is not running"
+	exit 1
+}
+
+# all state files are mounted under MOUNT_ROOT, so make sure it exists
+mkdir -p ${MOUNT_ROOT}
+
+#
+# attempt to mount state files for the requested module and cat it
+# if the mount succeeded
+#
+module_state_mount ${ECM_MODULE} ${MOUNT_ROOT} && {
+	cat ${MOUNT_ROOT}/${ECM_MODULE}
+	exit 0
+}
+
+exit 2
--- a/qaa/qca-nss-ecm/files/on-demand-down
+++ b/qaa/qca-nss-ecm/files/on-demand-down
@ -0,0 +1,6 @@
+#!/bin/sh
+# Copyright (c) 2016 The Linux Foundation. All rights reserved.
+
+[ -e "/sys/kernel/debug/ecm/ecm_db/defunct_all" ] && {
+	echo 1 > /sys/kernel/debug/ecm/ecm_db/defunct_all
+}
--- a/qaa/qca-nss-ecm/files/qca-nss-ecm.defaults
+++ b/qaa/qca-nss-ecm/files/qca-nss-ecm.defaults
@ -0,0 +1,28 @@
+#!/bin/sh
+#
+# Copyright (c) 2015-2016, The Linux Foundation. All rights reserved.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+#
+
+uci -q batch << EOF
+	delete firewall.qcanssecm
+	set firewall.qcanssecm=include
+	set firewall.qcanssecm.type=script
+	set firewall.qcanssecm.path=/etc/firewall.d/qca-nss-ecm
+	set firewall.qcanssecm.family=any
+	set firewall.qcanssecm.reload=1
+	commit firewall
+EOF
+
+exit 0
--- a/qaa/qca-nss-ecm/files/qca-nss-ecm.firewall
+++ b/qaa/qca-nss-ecm/files/qca-nss-ecm.firewall
@ -0,0 +1,18 @@
+#!/bin/sh
+#
+# Copyright (c) 2015-2016, The Linux Foundation. All rights reserved.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+#
+
+iptables -A FORWARD -m physdev --physdev-is-bridged -j ACCEPT
--- a/qaa/qca-nss-ecm/files/qca-nss-ecm.init
+++ b/qaa/qca-nss-ecm/files/qca-nss-ecm.init
@ -0,0 +1,139 @@
+#!/bin/sh  /etc/rc.common
+#
+# Copyright (c) 2014, 2019-2020 The Linux Foundation. All rights reserved.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+# The shebang above has an extra space intentially to avoid having
+# openwrt build scripts automatically enable this package starting
+# at boot.
+
+START=19
+
+get_front_end_mode() {
+	config_load "ecm"
+	config_get front_end global acceleration_engine "auto"
+
+	case $front_end in
+	auto)
+		echo '0'
+		;;
+	nss)
+		echo '1'
+		;;
+	sfe)
+		echo '2'
+		;;
+	*)
+		echo 'uci_option_acceleration_engine is invalid'
+	esac
+}
+
+support_bridge() {
+	#NSS support bridge acceleration
+	[ -d /sys/kernel/debug/ecm/ecm_nss_ipv4 ] && return 0
+	#SFE doesn't support bridge acceleration
+	[ -d /sys/kernel/debug/ecm/ecm_sfe_ipv4 ] && return 1
+}
+
+load_sfe() {
+	local kernel_version=$(uname -r)
+
+	[ -e "/lib/modules/$kernel_version/shortcut-fe.ko" ] && {
+		[ -d /sys/module/shortcut_fe ] || insmod shortcut-fe
+	}
+
+	[ -e "/lib/modules/$kernel_version/shortcut-fe-ipv6.ko" ] && {
+		[ -d /sys/module/shortcut_fe_ipv6 ] || insmod shortcut-fe-ipv6
+	}
+
+	[ -e "/lib/modules/$kernel_version/shortcut-fe-drv.ko" ] && {
+		[ -d /sys/module/shortcut_fe_drv ] || insmod shortcut-fe-drv
+	}
+}
+
+load_ecm() {
+	[ -d /sys/module/ecm ] || {
+		[ ! -e /proc/device-tree/MP_256 ] && load_sfe
+		insmod ecm front_end_selection=$(get_front_end_mode)
+	}
+
+	support_bridge && {
+		sysctl -w net.bridge.bridge-nf-call-ip6tables=1
+		sysctl -w net.bridge.bridge-nf-call-iptables=1
+	}
+}
+
+unload_ecm() {
+	sysctl -w net.bridge.bridge-nf-call-ip6tables=0
+	sysctl -w net.bridge.bridge-nf-call-iptables=0
+
+	if [ -d /sys/module/ecm ]; then
+		#
+		# Stop ECM frontends
+		#
+		echo 1 > /sys/kernel/debug/ecm/front_end_ipv4_stop
+		echo 1 > /sys/kernel/debug/ecm/front_end_ipv6_stop
+
+		#
+		# Defunct the connections
+		#
+	        echo 1 > /sys/kernel/debug/ecm/ecm_db/defunct_all
+		sleep 5;
+
+		rmmod ecm
+		sleep 1
+	fi
+}
+
+start() {
+	# If SFE CM is loaded, return.
+	if [ -d /sys/module/shortcut_fe_cm ]; then
+		echo "shortcut_fe CM is loaded, unload it first"
+		echo "cmd: /etc/init.d/shortcut_fe stop"
+		return
+	fi
+
+	load_ecm
+
+	# If the acceleration engine is NSS, enable wifi redirect.
+	[ -d /sys/kernel/debug/ecm/ecm_nss_ipv4 ] && sysctl -w dev.nss.general.redirect=1
+
+	support_bridge && {
+		echo 'net.bridge.bridge-nf-call-ip6tables=1' >> /etc/sysctl.d/qca-nss-ecm.conf
+		echo 'net.bridge.bridge-nf-call-iptables=1' >> /etc/sysctl.d/qca-nss-ecm.conf
+	}
+
+	if [ -d /sys/module/qca_ovsmgr ]; then
+		insmod ecm_ovs
+	fi
+}
+
+stop() {
+	# If ECM is already not loaded, just return.
+	if [ ! -d /sys/module/ecm ]; then
+		return
+	fi
+
+	# If the acceleration engine is NSS, disable wifi redirect.
+	[ -d /sys/kernel/debug/ecm/ecm_nss_ipv4 ] && sysctl -w dev.nss.general.redirect=0
+
+	sed '/net.bridge.bridge-nf-call-ip6tables=1/d' -i /etc/sysctl.d/qca-nss-ecm.conf
+	sed '/net.bridge.bridge-nf-call-iptables=1/d' -i /etc/sysctl.d/qca-nss-ecm.conf
+
+	if [ -d /sys/module/ecm_ovs ]; then
+		rmmod ecm_ovs
+	fi
+
+	unload_ecm
+}
--- a/qaa/qca-nss-ecm/files/qca-nss-ecm.sysctl
+++ b/qaa/qca-nss-ecm/files/qca-nss-ecm.sysctl
@ -0,0 +1,2 @@
+# nf_conntrack_tcp_no_window_check is 0 by default, set it to 1
+net.netfilter.nf_conntrack_tcp_no_window_check=1
--- a/qaa/qca-nss-ecm/files/qca-nss-ecm.uci
+++ b/qaa/qca-nss-ecm/files/qca-nss-ecm.uci
@ -0,0 +1,2 @@
+config ecm 'global'
+	option acceleration_engine 'auto'
--- a/qaa/qca-nss-ecm/patches/200-resolve-high-load.patch
+++ b/qaa/qca-nss-ecm/patches/200-resolve-high-load.patch
@ -0,0 +1,61 @@
+From 6924b71ed809b37fffd74d6428a8ca83e5919746 Mon Sep 17 00:00:00 2001
+From: Dirk Buchwalder <buchwalder@posteo.de>
+Date: Sun, 27 Jun 2021 16:52:39 +0200
+Subject: [PATCH] qca-nss-ecm: resolve the cpu high load regarding ecm
+
+If using ECM, cpu load goes up (around 1.0) and stucks there.
+This is due to using uninterruptible sleep function,
+the patch changes this to interruptible sleep function.
+
+Signed-off-by: Dirk Buchwalder <buchwalder@posteo.de>
+---
+ frontends/nss/ecm_nss_ipv4.c | 4 ++--
+ frontends/nss/ecm_nss_ipv6.c | 4 ++--
+ 2 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/frontends/nss/ecm_nss_ipv4.c b/frontends/nss/ecm_nss_ipv4.c
+index e00553c..94b39cd 100644
+--- a/frontends/nss/ecm_nss_ipv4.c
+++ b/frontends/nss/ecm_nss_ipv4.c
+@@ -2471,7 +2471,7 @@ static void ecm_nss_ipv4_stats_sync_req_work(struct work_struct *work)
+ 	}
+ 	spin_unlock_bh(&ecm_nss_ipv4_lock);
+ 
+-	usleep_range(ECM_NSS_IPV4_STATS_SYNC_UDELAY - 100, ECM_NSS_IPV4_STATS_SYNC_UDELAY);
+	msleep_interruptible(ECM_NSS_IPV4_STATS_SYNC_UDELAY / 1000);
+ 
+ 	/*
+ 	 * If index is 0, we are starting a new round, but if we still have time remain
+@@ -2485,7 +2485,7 @@ static void ecm_nss_ipv4_stats_sync_req_work(struct work_struct *work)
+ 		}
+ 
+ 		if (time_after(ecm_nss_ipv4_next_req_time, current_jiffies)) {
+-			msleep(jiffies_to_msecs(ecm_nss_ipv4_next_req_time - current_jiffies));
+			msleep_interruptible(jiffies_to_msecs(ecm_nss_ipv4_next_req_time - current_jiffies));
+ 		}
+ 		ecm_nss_ipv4_roll_check_jiffies = jiffies;
+ 		ecm_nss_ipv4_next_req_time = ecm_nss_ipv4_roll_check_jiffies + ECM_NSS_IPV4_STATS_SYNC_PERIOD;
+diff --git a/frontends/nss/ecm_nss_ipv6.c b/frontends/nss/ecm_nss_ipv6.c
+index 82e739f..30af050 100644
+--- a/frontends/nss/ecm_nss_ipv6.c
+++ b/frontends/nss/ecm_nss_ipv6.c
+@@ -2210,7 +2210,7 @@ static void ecm_nss_ipv6_stats_sync_req_work(struct work_struct *work)
+ 	}
+ 	spin_unlock_bh(&ecm_nss_ipv6_lock);
+ 
+-	usleep_range(ECM_NSS_IPV6_STATS_SYNC_UDELAY - 100, ECM_NSS_IPV6_STATS_SYNC_UDELAY);
+	msleep_interruptible(ECM_NSS_IPV6_STATS_SYNC_UDELAY / 1000);
+ 
+ 	/*
+ 	 * If index is 0, we are starting a new round, but if we still have time remain
+@@ -2224,7 +2224,7 @@ static void ecm_nss_ipv6_stats_sync_req_work(struct work_struct *work)
+ 		}
+ 
+ 		if (time_after(ecm_nss_ipv6_next_req_time, current_jiffies)) {
+-			msleep(jiffies_to_msecs(ecm_nss_ipv6_next_req_time - current_jiffies));
+			msleep_interruptible(jiffies_to_msecs(ecm_nss_ipv6_next_req_time - current_jiffies));
+ 		}
+ 		ecm_nss_ipv6_roll_check_jiffies = jiffies;
+ 		ecm_nss_ipv6_next_req_time = ecm_nss_ipv6_roll_check_jiffies + ECM_NSS_IPV6_STATS_SYNC_PERIOD;
+-- 
+2.31.1