diff --git a/root/target/linux/generic/hack-4.19/998-ndpi-netfilter.patch b/root/target/linux/generic/hack-4.19/998-ndpi-netfilter.patch new file mode 100644 index 00000000..cd8d61a7 --- /dev/null +++ b/root/target/linux/generic/hack-4.19/998-ndpi-netfilter.patch @@ -0,0 +1,116 @@ +diff --git a/include/net/netfilter/nf_conntrack_extend.h b/include/net/netfilter/nf_conntrack_extend.h +index 21f887c..59980ec 100644 +--- a/include/net/netfilter/nf_conntrack_extend.h ++++ b/include/net/netfilter/nf_conntrack_extend.h +@@ -28,7 +28,8 @@ enum nf_ct_ext_id { + #if IS_ENABLED(CONFIG_NETFILTER_SYNPROXY) + NF_CT_EXT_SYNPROXY, + #endif +- NF_CT_EXT_NUM, ++ NF_CT_EXT_CUSTOM, ++ NF_CT_EXT_NUM=NF_CT_EXT_CUSTOM+CONFIG_NF_CONNTRACK_CUSTOM, + }; + + #define NF_CT_EXT_HELPER_TYPE struct nf_conn_help +@@ -96,5 +97,6 @@ struct nf_ct_ext_type { + }; + + int nf_ct_extend_register(const struct nf_ct_ext_type *type); ++int nf_ct_extend_custom_register(struct nf_ct_ext_type *type,unsigned long int cid); + void nf_ct_extend_unregister(const struct nf_ct_ext_type *type); + #endif /* _NF_CONNTRACK_EXTEND_H */ +diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig +index 7581e82..30a11eb 100644 +--- a/net/netfilter/Kconfig ++++ b/net/netfilter/Kconfig +@@ -85,6 +85,16 @@ config NF_CONNTRACK_SECMARK + + If unsure, say 'N'. + ++config NF_CONNTRACK_CUSTOM ++ int "Number of custom extend" ++ range 0 8 ++ depends on NETFILTER_ADVANCED ++ default "2" ++ help ++ This parameter specifies how many custom extensions can be registered. ++ ++ The default value is 2. ++ + config NF_CONNTRACK_ZONES + bool 'Connection tracking zones' + depends on NETFILTER_ADVANCED +diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c +index 85f643c..44e2fdd 100644 +--- a/net/netfilter/nf_conntrack_core.c ++++ b/net/netfilter/nf_conntrack_core.c +@@ -1971,7 +1971,7 @@ int nf_conntrack_set_hashsize(const char *val, const struct kernel_param *kp) + static __always_inline unsigned int total_extension_size(void) + { + /* remember to add new extensions below */ +- BUILD_BUG_ON(NF_CT_EXT_NUM > 9); ++ BUILD_BUG_ON(NF_CT_EXT_NUM > 12); + + return sizeof(struct nf_ct_ext) + + sizeof(struct nf_conn_help) +diff --git a/net/netfilter/nf_conntrack_extend.c b/net/netfilter/nf_conntrack_extend.c +index 9fe0ddc..5a9054e 100644 +--- a/net/netfilter/nf_conntrack_extend.c ++++ b/net/netfilter/nf_conntrack_extend.c +@@ -108,11 +108,56 @@ int nf_ct_extend_register(const struct nf_ct_ext_type *type) + } + EXPORT_SYMBOL_GPL(nf_ct_extend_register); + ++static unsigned long int nf_ct_ext_cust_id[CONFIG_NF_CONNTRACK_CUSTOM]; ++static enum nf_ct_ext_id ++nf_ct_extend_get_custom_id(unsigned long int ext_id); ++ ++int nf_ct_extend_custom_register(struct nf_ct_ext_type *type, ++ unsigned long int cid) ++{ ++ int ret; ++ enum nf_ct_ext_id new_id = nf_ct_extend_get_custom_id(cid); ++ if(!new_id) ++ return -EBUSY; ++ type->id = new_id; ++ ret = nf_ct_extend_register(type); ++ if(ret < 0) { ++ mutex_lock(&nf_ct_ext_type_mutex); ++ nf_ct_ext_cust_id[new_id - NF_CT_EXT_CUSTOM] = 0; ++ mutex_unlock(&nf_ct_ext_type_mutex); ++ } ++ return ret; ++} ++EXPORT_SYMBOL_GPL(nf_ct_extend_custom_register); ++ ++static enum nf_ct_ext_id ++nf_ct_extend_get_custom_id(unsigned long int ext_id) ++{ ++ enum nf_ct_ext_id ret = 0; ++ int i; ++ mutex_lock(&nf_ct_ext_type_mutex); ++ for(i = 0; i < CONFIG_NF_CONNTRACK_CUSTOM; i++) { ++ if(!nf_ct_ext_cust_id[i]) { ++ nf_ct_ext_cust_id[i] = ext_id; ++ ret = i+NF_CT_EXT_CUSTOM; ++ break; ++ } ++ if(nf_ct_ext_cust_id[i] == ext_id) { ++ ret = i+NF_CT_EXT_CUSTOM; ++ break; ++ } ++ } ++ mutex_unlock(&nf_ct_ext_type_mutex); ++ return ret; ++} ++ + /* This MUST be called in process context. */ + void nf_ct_extend_unregister(const struct nf_ct_ext_type *type) + { + mutex_lock(&nf_ct_ext_type_mutex); + RCU_INIT_POINTER(nf_ct_ext_types[type->id], NULL); ++ if(type->id >= NF_CT_EXT_CUSTOM && type->id < NF_CT_EXT_NUM) ++ nf_ct_ext_cust_id[type->id-NF_CT_EXT_CUSTOM] = 0; + mutex_unlock(&nf_ct_ext_type_mutex); + synchronize_rcu(); + }