From 44195c336dc5c738201e8709d72f063c2e84c9fa Mon Sep 17 00:00:00 2001 From: juhosg Date: Mon, 16 Jun 2008 12:57:56 +0000 Subject: [PATCH] [kernel] generic-2.6: even newer IMQ patch for 2.6.25 and 2.6.26 git-svn-id: svn://svn.openwrt.org/openwrt/trunk@11501 3c298f89-4303-0410-b956-a3cf2f4a3e73 --- .../patches-2.6.25/150-netfilter_imq.patch | 1134 +++++++++-------- .../patches-2.6.26/150-netfilter_imq.patch | 1086 ++++++++-------- 2 files changed, 1166 insertions(+), 1054 deletions(-) diff --git a/target/linux/generic-2.6/patches-2.6.25/150-netfilter_imq.patch b/target/linux/generic-2.6/patches-2.6.25/150-netfilter_imq.patch index fbe2d91de..1524be12f 100644 --- a/target/linux/generic-2.6/patches-2.6.25/150-netfilter_imq.patch +++ b/target/linux/generic-2.6/patches-2.6.25/150-netfilter_imq.patch @@ -1,473 +1,36 @@ ---- /dev/null -+++ b/drivers/net/imq.c -@@ -0,0 +1,464 @@ -+/* -+ * Pseudo-driver for the intermediate queue device. -+ * -+ * This program is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU General Public License -+ * as published by the Free Software Foundation; either version -+ * 2 of the License, or (at your option) any later version. -+ * -+ * Authors: Patrick McHardy, -+ * -+ * The first version was written by Martin Devera, -+ * -+ * Credits: Jan Rafaj -+ * - Update patch to 2.4.21 -+ * Sebastian Strollo -+ * - Fix "Dead-loop on netdevice imq"-issue -+ * Marcel Sebek -+ * - Update to 2.6.2-rc1 -+ * -+ * After some time of inactivity there is a group taking care -+ * of IMQ again: http://www.linuximq.net -+ * -+ * -+ * 2004/06/30 - New version of IMQ patch to kernels <=2.6.7 -+ * including the following changes: -+ * -+ * - Correction of ipv6 support "+"s issue (Hasso Tepper) -+ * - Correction of imq_init_devs() issue that resulted in -+ * kernel OOPS unloading IMQ as module (Norbert Buchmuller) -+ * - Addition of functionality to choose number of IMQ devices -+ * during kernel config (Andre Correa) -+ * - Addition of functionality to choose how IMQ hooks on -+ * PRE and POSTROUTING (after or before NAT) (Andre Correa) -+ * - Cosmetic corrections (Norbert Buchmuller) (Andre Correa) -+ * -+ * -+ * 2005/12/16 - IMQ versions between 2.6.7 and 2.6.13 were -+ * released with almost no problems. 2.6.14-x was released -+ * with some important changes: nfcache was removed; After -+ * some weeks of trouble we figured out that some IMQ fields -+ * in skb were missing in skbuff.c - skb_clone and copy_skb_header. -+ * These functions are correctly patched by this new patch version. -+ * -+ * Thanks for all who helped to figure out all the problems with -+ * 2.6.14.x: Patrick McHardy, Rune Kock, VeNoMouS, Max CtRiX, -+ * Kevin Shanahan, Richard Lucassen, Valery Dachev (hopefully -+ * I didn't forget anybody). I apologize again for my lack of time. -+ * -+ * -+ * 2008/06/07 - Changed imq.c to use qdisc_run() instead of -+ * qdisc_restart() and moved qdisc_run() to tasklet to avoid -+ * recursive locking. (Jussi Kivilinna) -+ * -+ * -+ * More info at: http://www.linuximq.net/ (Andre Correa) -+ */ -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) -+ #include -+#endif -+#include -+#include -+#include -+ -+struct imq_private { -+ struct tasklet_struct tasklet; -+ int tasklet_pending; -+}; -+ -+static nf_hookfn imq_nf_hook; -+ -+static struct nf_hook_ops imq_ingress_ipv4 = { -+ .hook = imq_nf_hook, -+ .owner = THIS_MODULE, -+ .pf = PF_INET, -+ .hooknum = NF_INET_PRE_ROUTING, -+#if defined(CONFIG_IMQ_BEHAVIOR_BA) || defined(CONFIG_IMQ_BEHAVIOR_BB) -+ .priority = NF_IP_PRI_MANGLE + 1 -+#else -+ .priority = NF_IP_PRI_NAT_DST + 1 -+#endif -+}; -+ -+static struct nf_hook_ops imq_egress_ipv4 = { -+ .hook = imq_nf_hook, -+ .owner = THIS_MODULE, -+ .pf = PF_INET, -+ .hooknum = NF_INET_POST_ROUTING, -+#if defined(CONFIG_IMQ_BEHAVIOR_AA) || defined(CONFIG_IMQ_BEHAVIOR_BA) -+ .priority = NF_IP_PRI_LAST -+#else -+ .priority = NF_IP_PRI_NAT_SRC - 1 -+#endif -+}; -+ -+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) -+static struct nf_hook_ops imq_ingress_ipv6 = { -+ .hook = imq_nf_hook, -+ .owner = THIS_MODULE, -+ .pf = PF_INET6, -+ .hooknum = NF_INET_PRE_ROUTING, -+#if defined(CONFIG_IMQ_BEHAVIOR_BA) || defined(CONFIG_IMQ_BEHAVIOR_BB) -+ .priority = NF_IP6_PRI_MANGLE + 1 -+#else -+ .priority = NF_IP6_PRI_NAT_DST + 1 -+#endif -+}; -+ -+static struct nf_hook_ops imq_egress_ipv6 = { -+ .hook = imq_nf_hook, -+ .owner = THIS_MODULE, -+ .pf = PF_INET6, -+ .hooknum = NF_INET_POST_ROUTING, -+#if defined(CONFIG_IMQ_BEHAVIOR_AA) || defined(CONFIG_IMQ_BEHAVIOR_BA) -+ .priority = NF_IP6_PRI_LAST -+#else -+ .priority = NF_IP6_PRI_NAT_SRC - 1 -+#endif -+}; -+#endif -+ -+#if defined(CONFIG_IMQ_NUM_DEVS) -+static unsigned int numdevs = CONFIG_IMQ_NUM_DEVS; -+#else -+static unsigned int numdevs = 16; -+#endif -+ -+static struct net_device *imq_devs; -+ -+static struct net_device_stats *imq_get_stats(struct net_device *dev) -+{ -+ return &dev->stats; -+} -+ -+/* called for packets kfree'd in qdiscs at places other than enqueue */ -+static void imq_skb_destructor(struct sk_buff *skb) -+{ -+ struct nf_queue_entry *entry = skb->nf_queue_entry; -+ -+ if (entry) { -+ if (entry->indev) -+ dev_put(entry->indev); -+ if (entry->outdev) -+ dev_put(entry->outdev); -+ kfree(entry); -+ } -+} -+ -+static int imq_dev_xmit(struct sk_buff *skb, struct net_device *dev) -+{ -+ dev->stats.tx_bytes += skb->len; -+ dev->stats.tx_packets++; -+ -+ skb->imq_flags = 0; -+ skb->destructor = NULL; -+ -+ dev->trans_start = jiffies; -+ nf_reinject(skb->nf_queue_entry, NF_ACCEPT); -+ return 0; -+} -+ -+static int imq_nf_queue(struct nf_queue_entry *entry, unsigned queue_num) -+{ -+ struct net_device *dev; -+ struct imq_private *priv; -+ struct sk_buff *skb2 = NULL; -+ struct Qdisc *q; -+ unsigned int index = entry->skb->imq_flags & IMQ_F_IFMASK; -+ int ret = -1; -+ -+ if (index > numdevs) -+ return -1; -+ -+ dev = imq_devs + index; -+ priv = netdev_priv(dev); -+ if (!(dev->flags & IFF_UP)) { -+ entry->skb->imq_flags = 0; -+ nf_reinject(entry, NF_ACCEPT); -+ return 0; -+ } -+ dev->last_rx = jiffies; -+ -+ if (entry->skb->destructor) { -+ skb2 = entry->skb; -+ entry->skb = skb_clone(entry->skb, GFP_ATOMIC); -+ if (!entry->skb) -+ return -1; -+ } -+ entry->skb->nf_queue_entry = entry; -+ -+ dev->stats.rx_bytes += entry->skb->len; -+ dev->stats.rx_packets++; -+ -+ spin_lock_bh(&dev->queue_lock); -+ q = dev->qdisc; -+ if (q->enqueue) { -+ q->enqueue(skb_get(entry->skb), q); -+ if (skb_shared(entry->skb)) { -+ entry->skb->destructor = imq_skb_destructor; -+ kfree_skb(entry->skb); -+ ret = 0; -+ } -+ } -+ -+ spin_unlock_bh(&dev->queue_lock); -+ -+ if (!test_and_set_bit(1, &priv->tasklet_pending)) -+ tasklet_schedule(&priv->tasklet); -+ -+ if (skb2) -+ kfree_skb(ret ? entry->skb : skb2); -+ -+ return ret; -+} -+ -+static struct nf_queue_handler nfqh = { -+ .name = "imq", -+ .outfn = imq_nf_queue, -+}; -+ -+static void qdisc_run_tasklet(unsigned long arg) -+{ -+ struct net_device *dev = (struct net_device *)arg; -+ struct imq_private *priv = netdev_priv(dev); -+ -+ spin_lock(&dev->queue_lock); -+ qdisc_run(dev); -+ spin_unlock(&dev->queue_lock); -+ -+ clear_bit(1, &priv->tasklet_pending); -+} -+ -+static unsigned int imq_nf_hook(unsigned int hook, struct sk_buff *pskb, -+ const struct net_device *indev, -+ const struct net_device *outdev, -+ int (*okfn)(struct sk_buff *)) -+{ -+ if (pskb->imq_flags & IMQ_F_ENQUEUE) -+ return NF_QUEUE; -+ -+ return NF_ACCEPT; -+} -+ -+static int imq_close(struct net_device *dev) -+{ -+ struct imq_private *priv = netdev_priv(dev); -+ -+ tasklet_kill(&priv->tasklet); -+ netif_stop_queue(dev); -+ -+ return 0; -+} -+ -+static int imq_open(struct net_device *dev) -+{ -+ struct imq_private *priv = netdev_priv(dev); -+ -+ tasklet_init(&priv->tasklet, qdisc_run_tasklet, (unsigned long)dev); -+ netif_start_queue(dev); -+ -+ return 0; -+} -+ -+static int __init imq_init_hooks(void) -+{ -+ int err; -+ -+ err = nf_register_queue_handler(PF_INET, &nfqh); -+ if (err) -+ goto err1; -+ -+ err = nf_register_hook(&imq_ingress_ipv4); -+ if (err) -+ goto err2; -+ -+ err = nf_register_hook(&imq_egress_ipv4); -+ if (err) -+ goto err3; -+ -+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) -+ err = nf_register_queue_handler(PF_INET6, &nfqh); -+ if (err) -+ goto err4; -+ -+ err = nf_register_hook(&imq_ingress_ipv6); -+ if (err) -+ goto err5; -+ -+ err = nf_register_hook(&imq_egress_ipv6); -+ if (err) -+ goto err6; -+#endif -+ -+ return 0; -+ -+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) -+err6: -+ nf_unregister_hook(&imq_ingress_ipv6); -+err5: -+ nf_unregister_queue_handler(PF_INET6, &nfqh); -+err4: -+ nf_unregister_hook(&imq_egress_ipv4); -+#endif -+err3: -+ nf_unregister_hook(&imq_ingress_ipv4); -+err2: -+ nf_unregister_queue_handler(PF_INET, &nfqh); -+err1: -+ return err; -+} -+ -+static void __exit imq_unhook(void) -+{ -+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) -+ nf_unregister_hook(&imq_ingress_ipv6); -+ nf_unregister_hook(&imq_egress_ipv6); -+ nf_unregister_queue_handler(PF_INET6, &nfqh); -+#endif -+ nf_unregister_hook(&imq_ingress_ipv4); -+ nf_unregister_hook(&imq_egress_ipv4); -+ nf_unregister_queue_handler(PF_INET, &nfqh); -+} -+ -+static int __init imq_dev_init(struct net_device *dev) -+{ -+ dev->hard_start_xmit = imq_dev_xmit; -+ dev->open = imq_open; -+ dev->get_stats = imq_get_stats; -+ dev->stop = imq_close; -+ dev->type = ARPHRD_VOID; -+ dev->mtu = 16000; -+ dev->tx_queue_len = 11000; -+ dev->flags = IFF_NOARP; -+ -+ dev->priv = kzalloc(sizeof(struct imq_private), GFP_KERNEL); -+ if (dev->priv == NULL) -+ return -ENOMEM; -+ -+ return 0; -+} -+ -+static void imq_dev_uninit(struct net_device *dev) -+{ -+ kfree(dev->priv); -+} -+ -+static int __init imq_init_devs(struct net *net) -+{ -+ struct net_device *dev; -+ int i, j; -+ -+ if (!numdevs || numdevs > IMQ_MAX_DEVS) { -+ printk(KERN_ERR "IMQ: numdevs has to be betweed 1 and %u\n", -+ IMQ_MAX_DEVS); -+ return -EINVAL; -+ } -+ -+ imq_devs = kzalloc(sizeof(struct net_device) * numdevs, GFP_KERNEL); -+ if (!imq_devs) -+ return -ENOMEM; -+ -+ /* we start counting at zero */ -+ j = numdevs - 1; -+ -+ for (i = 0, dev = imq_devs; i <= j; i++, dev++) { -+ strcpy(dev->name, "imq%d"); -+ dev->init = imq_dev_init; -+ dev->uninit = imq_dev_uninit; -+ dev->nd_net = net; -+ -+ if (register_netdev(dev) < 0) -+ goto err_register; -+ } -+ printk(KERN_INFO "IMQ starting with %u devices...\n", numdevs); -+ return 0; -+ -+err_register: -+ for (; i; i--) -+ unregister_netdev(--dev); -+ kfree(imq_devs); -+ return -EIO; -+} -+ -+static void imq_cleanup_devs(void) -+{ -+ int i; -+ struct net_device *dev = imq_devs; -+ -+ for (i = 0; i <= numdevs; i++) -+ unregister_netdev(dev++); -+ -+ kfree(imq_devs); -+} -+ -+static __net_init int imq_init_module(struct net *net) -+{ -+ int err; -+ -+ err = imq_init_devs(net); -+ if (err) { -+ printk(KERN_ERR "IMQ: Error trying imq_init_devs(net)\n"); -+ return err; -+ } -+ -+ err = imq_init_hooks(); -+ if (err) { -+ printk(KERN_ERR "IMQ: Error trying imq_init_hooks()\n"); -+ imq_cleanup_devs(); -+ return err; -+ } -+ -+ printk(KERN_INFO "IMQ driver loaded successfully.\n"); -+ -+#if defined(CONFIG_IMQ_BEHAVIOR_BA) || defined(CONFIG_IMQ_BEHAVIOR_BB) -+ printk(KERN_INFO "\tHooking IMQ before NAT on PREROUTING.\n"); -+#else -+ printk(KERN_INFO "\tHooking IMQ after NAT on PREROUTING.\n"); -+#endif -+#if defined(CONFIG_IMQ_BEHAVIOR_AB) || defined(CONFIG_IMQ_BEHAVIOR_BB) -+ printk(KERN_INFO "\tHooking IMQ before NAT on POSTROUTING.\n"); -+#else -+ printk(KERN_INFO "\tHooking IMQ after NAT on POSTROUTING.\n"); -+#endif -+ -+ return 0; -+} -+ -+static __net_exit void imq_exit_module(struct net *net) -+{ -+ imq_unhook(); -+ imq_cleanup_devs(); -+ printk(KERN_INFO "IMQ driver unloaded successfully.\n"); -+} -+ -+static struct pernet_operations __net_initdata imq_net_ops = { -+ .init = imq_init_module, -+ .exit = imq_exit_module, -+}; -+ -+static int __init imq_init(void) -+{ -+ return register_pernet_device(&imq_net_ops); -+} -+ -+module_init(imq_init); -+/*module_exit(imq_cleanup_module);*/ -+ -+module_param(numdevs, int, 0); -+MODULE_PARM_DESC(numdevs, "number of IMQ devices (how many imq* devices will " -+ "be created)"); -+MODULE_AUTHOR("http://www.linuximq.net"); -+MODULE_DESCRIPTION("Pseudo-driver for the intermediate queue device. See " -+ "http://www.linuximq.net/ for more information."); -+MODULE_LICENSE("GPL"); -+ + + +--- + + drivers/net/Kconfig | 123 ++++++++ + drivers/net/Makefile | 1 + drivers/net/imq.c | 474 +++++++++++++++++++++++++++++++ + include/linux/imq.h | 9 + + include/linux/netfilter_ipv4/ipt_IMQ.h | 8 + + include/linux/netfilter_ipv6/ip6t_IMQ.h | 8 + + include/linux/skbuff.h | 8 + + net/core/dev.c | 9 + + net/ipv4/netfilter/Kconfig | 11 + + net/ipv4/netfilter/Makefile | 1 + net/ipv4/netfilter/ipt_IMQ.c | 69 +++++ + net/ipv6/netfilter/Kconfig | 9 + + net/ipv6/netfilter/Makefile | 1 + net/ipv6/netfilter/ip6t_IMQ.c | 69 +++++ + net/sched/sch_generic.c | 1 + 15 files changed, 800 insertions(+), 1 deletions(-) + create mode 100644 drivers/net/imq.c + create mode 100644 include/linux/imq.h + create mode 100644 include/linux/netfilter_ipv4/ipt_IMQ.h + create mode 100644 include/linux/netfilter_ipv6/ip6t_IMQ.h + create mode 100644 net/ipv4/netfilter/ipt_IMQ.c + create mode 100644 net/ipv6/netfilter/ip6t_IMQ.c + + +diff --git a/drivers/net/Kconfig b/drivers/net/Kconfig +index 3a0b20a..05c51e7 100644 --- a/drivers/net/Kconfig +++ b/drivers/net/Kconfig -@@ -117,6 +117,129 @@ +@@ -117,6 +117,129 @@ config EQUALIZER To compile this driver as a module, choose M here: the module will be called eql. If unsure, say N. @@ -597,9 +160,11 @@ config TUN tristate "Universal TUN/TAP device driver support" select CRC32 +diff --git a/drivers/net/Makefile b/drivers/net/Makefile +index 3b1ea32..17d0575 100644 --- a/drivers/net/Makefile +++ b/drivers/net/Makefile -@@ -143,6 +143,7 @@ +@@ -143,6 +143,7 @@ obj-$(CONFIG_SLHC) += slhc.o obj-$(CONFIG_XEN_NETDEV_FRONTEND) += xen-netfront.o obj-$(CONFIG_DUMMY) += dummy.o @@ -607,6 +172,489 @@ obj-$(CONFIG_IFB) += ifb.o obj-$(CONFIG_MACVLAN) += macvlan.o obj-$(CONFIG_DE600) += de600.o +diff --git a/drivers/net/imq.c b/drivers/net/imq.c +new file mode 100644 +index 0000000..47c31b4 +--- /dev/null ++++ b/drivers/net/imq.c +@@ -0,0 +1,474 @@ ++/* ++ * Pseudo-driver for the intermediate queue device. ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public License ++ * as published by the Free Software Foundation; either version ++ * 2 of the License, or (at your option) any later version. ++ * ++ * Authors: Patrick McHardy, ++ * ++ * The first version was written by Martin Devera, ++ * ++ * Credits: Jan Rafaj ++ * - Update patch to 2.4.21 ++ * Sebastian Strollo ++ * - Fix "Dead-loop on netdevice imq"-issue ++ * Marcel Sebek ++ * - Update to 2.6.2-rc1 ++ * ++ * After some time of inactivity there is a group taking care ++ * of IMQ again: http://www.linuximq.net ++ * ++ * ++ * 2004/06/30 - New version of IMQ patch to kernels <=2.6.7 ++ * including the following changes: ++ * ++ * - Correction of ipv6 support "+"s issue (Hasso Tepper) ++ * - Correction of imq_init_devs() issue that resulted in ++ * kernel OOPS unloading IMQ as module (Norbert Buchmuller) ++ * - Addition of functionality to choose number of IMQ devices ++ * during kernel config (Andre Correa) ++ * - Addition of functionality to choose how IMQ hooks on ++ * PRE and POSTROUTING (after or before NAT) (Andre Correa) ++ * - Cosmetic corrections (Norbert Buchmuller) (Andre Correa) ++ * ++ * ++ * 2005/12/16 - IMQ versions between 2.6.7 and 2.6.13 were ++ * released with almost no problems. 2.6.14-x was released ++ * with some important changes: nfcache was removed; After ++ * some weeks of trouble we figured out that some IMQ fields ++ * in skb were missing in skbuff.c - skb_clone and copy_skb_header. ++ * These functions are correctly patched by this new patch version. ++ * ++ * Thanks for all who helped to figure out all the problems with ++ * 2.6.14.x: Patrick McHardy, Rune Kock, VeNoMouS, Max CtRiX, ++ * Kevin Shanahan, Richard Lucassen, Valery Dachev (hopefully ++ * I didn't forget anybody). I apologize again for my lack of time. ++ * ++ * ++ * 2008/06/07 - Changed imq.c to use qdisc_run() instead of ++ * qdisc_restart() and moved qdisc_run() to tasklet to avoid ++ * recursive locking. (Jussi Kivilinna) ++ * ++ * 2008/06/14 - New initialization routines to fix 'rmmod' not ++ * working anymore. Used code from ifb.c (Jussi Kivilinna) ++ * ++ * ++ * More info at: http://www.linuximq.net/ (Andre Correa) ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) ++ #include ++#endif ++#include ++#include ++#include ++ ++struct imq_private { ++ struct tasklet_struct tasklet; ++ int tasklet_pending; ++}; ++ ++static nf_hookfn imq_nf_hook; ++ ++static struct nf_hook_ops imq_ingress_ipv4 = { ++ .hook = imq_nf_hook, ++ .owner = THIS_MODULE, ++ .pf = PF_INET, ++ .hooknum = NF_INET_PRE_ROUTING, ++#if defined(CONFIG_IMQ_BEHAVIOR_BA) || defined(CONFIG_IMQ_BEHAVIOR_BB) ++ .priority = NF_IP_PRI_MANGLE + 1 ++#else ++ .priority = NF_IP_PRI_NAT_DST + 1 ++#endif ++}; ++ ++static struct nf_hook_ops imq_egress_ipv4 = { ++ .hook = imq_nf_hook, ++ .owner = THIS_MODULE, ++ .pf = PF_INET, ++ .hooknum = NF_INET_POST_ROUTING, ++#if defined(CONFIG_IMQ_BEHAVIOR_AA) || defined(CONFIG_IMQ_BEHAVIOR_BA) ++ .priority = NF_IP_PRI_LAST ++#else ++ .priority = NF_IP_PRI_NAT_SRC - 1 ++#endif ++}; ++ ++#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) ++static struct nf_hook_ops imq_ingress_ipv6 = { ++ .hook = imq_nf_hook, ++ .owner = THIS_MODULE, ++ .pf = PF_INET6, ++ .hooknum = NF_INET_PRE_ROUTING, ++#if defined(CONFIG_IMQ_BEHAVIOR_BA) || defined(CONFIG_IMQ_BEHAVIOR_BB) ++ .priority = NF_IP6_PRI_MANGLE + 1 ++#else ++ .priority = NF_IP6_PRI_NAT_DST + 1 ++#endif ++}; ++ ++static struct nf_hook_ops imq_egress_ipv6 = { ++ .hook = imq_nf_hook, ++ .owner = THIS_MODULE, ++ .pf = PF_INET6, ++ .hooknum = NF_INET_POST_ROUTING, ++#if defined(CONFIG_IMQ_BEHAVIOR_AA) || defined(CONFIG_IMQ_BEHAVIOR_BA) ++ .priority = NF_IP6_PRI_LAST ++#else ++ .priority = NF_IP6_PRI_NAT_SRC - 1 ++#endif ++}; ++#endif ++ ++#if defined(CONFIG_IMQ_NUM_DEVS) ++static unsigned int numdevs = CONFIG_IMQ_NUM_DEVS; ++#else ++static unsigned int numdevs = IMQ_MAX_DEVS; ++#endif ++ ++static struct net_device *imq_devs_cache[IMQ_MAX_DEVS]; ++ ++static struct net_device_stats *imq_get_stats(struct net_device *dev) ++{ ++ return &dev->stats; ++} ++ ++/* called for packets kfree'd in qdiscs at places other than enqueue */ ++static void imq_skb_destructor(struct sk_buff *skb) ++{ ++ struct nf_queue_entry *entry = skb->nf_queue_entry; ++ ++ if (entry) { ++ if (entry->indev) ++ dev_put(entry->indev); ++ if (entry->outdev) ++ dev_put(entry->outdev); ++ kfree(entry); ++ } ++} ++ ++static int imq_dev_xmit(struct sk_buff *skb, struct net_device *dev) ++{ ++ dev->stats.tx_bytes += skb->len; ++ dev->stats.tx_packets++; ++ ++ skb->imq_flags = 0; ++ skb->destructor = NULL; ++ ++ dev->trans_start = jiffies; ++ nf_reinject(skb->nf_queue_entry, NF_ACCEPT); ++ return 0; ++} ++ ++static int imq_nf_queue(struct nf_queue_entry *entry, unsigned queue_num) ++{ ++ struct net_device *dev; ++ struct imq_private *priv; ++ struct sk_buff *skb2 = NULL; ++ struct Qdisc *q; ++ unsigned int index = entry->skb->imq_flags & IMQ_F_IFMASK; ++ int ret = -1; ++ ++ if (index > numdevs) ++ return -1; ++ ++ /* check for imq device by index from cache */ ++ dev = imq_devs_cache[index]; ++ if (!dev) { ++ char buf[8]; ++ ++ /* get device by name and cache result */ ++ snprintf(buf, sizeof(buf), "imq%d", index); ++ dev = dev_get_by_name(&init_net, buf); ++ if (!dev) { ++ /* not found ?!*/ ++ BUG(); ++ return -1; ++ } ++ ++ imq_devs_cache[index] = dev; ++ } ++ ++ priv = netdev_priv(dev); ++ if (!(dev->flags & IFF_UP)) { ++ entry->skb->imq_flags = 0; ++ nf_reinject(entry, NF_ACCEPT); ++ return 0; ++ } ++ dev->last_rx = jiffies; ++ ++ if (entry->skb->destructor) { ++ skb2 = entry->skb; ++ entry->skb = skb_clone(entry->skb, GFP_ATOMIC); ++ if (!entry->skb) ++ return -1; ++ } ++ entry->skb->nf_queue_entry = entry; ++ ++ dev->stats.rx_bytes += entry->skb->len; ++ dev->stats.rx_packets++; ++ ++ spin_lock_bh(&dev->queue_lock); ++ q = dev->qdisc; ++ if (q->enqueue) { ++ q->enqueue(skb_get(entry->skb), q); ++ if (skb_shared(entry->skb)) { ++ entry->skb->destructor = imq_skb_destructor; ++ kfree_skb(entry->skb); ++ ret = 0; ++ } ++ } ++ if (!test_and_set_bit(1, &priv->tasklet_pending)) ++ tasklet_schedule(&priv->tasklet); ++ spin_unlock_bh(&dev->queue_lock); ++ ++ if (skb2) ++ kfree_skb(ret ? entry->skb : skb2); ++ ++ return ret; ++} ++ ++static struct nf_queue_handler nfqh = { ++ .name = "imq", ++ .outfn = imq_nf_queue, ++}; ++ ++static void qdisc_run_tasklet(unsigned long arg) ++{ ++ struct net_device *dev = (struct net_device *)arg; ++ struct imq_private *priv = netdev_priv(dev); ++ ++ spin_lock(&dev->queue_lock); ++ qdisc_run(dev); ++ clear_bit(1, &priv->tasklet_pending); ++ spin_unlock(&dev->queue_lock); ++} ++ ++static unsigned int imq_nf_hook(unsigned int hook, struct sk_buff *pskb, ++ const struct net_device *indev, ++ const struct net_device *outdev, ++ int (*okfn)(struct sk_buff *)) ++{ ++ if (pskb->imq_flags & IMQ_F_ENQUEUE) ++ return NF_QUEUE; ++ ++ return NF_ACCEPT; ++} ++ ++static int imq_close(struct net_device *dev) ++{ ++ struct imq_private *priv = netdev_priv(dev); ++ ++ tasklet_kill(&priv->tasklet); ++ netif_stop_queue(dev); ++ ++ return 0; ++} ++ ++static int imq_open(struct net_device *dev) ++{ ++ struct imq_private *priv = netdev_priv(dev); ++ ++ tasklet_init(&priv->tasklet, qdisc_run_tasklet, (unsigned long)dev); ++ netif_start_queue(dev); ++ ++ return 0; ++} ++ ++static void imq_setup(struct net_device *dev) ++{ ++ dev->hard_start_xmit = imq_dev_xmit; ++ dev->open = imq_open; ++ dev->get_stats = imq_get_stats; ++ dev->stop = imq_close; ++ dev->type = ARPHRD_VOID; ++ dev->mtu = 16000; ++ dev->tx_queue_len = 11000; ++ dev->flags = IFF_NOARP; ++} ++ ++static struct rtnl_link_ops imq_link_ops __read_mostly = { ++ .kind = "imq", ++ .priv_size = sizeof(struct imq_private), ++ .setup = imq_setup, ++}; ++ ++static int __init imq_init_hooks(void) ++{ ++ int err; ++ ++ err = nf_register_queue_handler(PF_INET, &nfqh); ++ if (err) ++ goto err1; ++ ++ err = nf_register_hook(&imq_ingress_ipv4); ++ if (err) ++ goto err2; ++ ++ err = nf_register_hook(&imq_egress_ipv4); ++ if (err) ++ goto err3; ++ ++#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) ++ err = nf_register_queue_handler(PF_INET6, &nfqh); ++ if (err) ++ goto err4; ++ ++ err = nf_register_hook(&imq_ingress_ipv6); ++ if (err) ++ goto err5; ++ ++ err = nf_register_hook(&imq_egress_ipv6); ++ if (err) ++ goto err6; ++#endif ++ ++ return 0; ++ ++#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) ++err6: ++ nf_unregister_hook(&imq_ingress_ipv6); ++err5: ++ nf_unregister_queue_handler(PF_INET6, &nfqh); ++err4: ++ nf_unregister_hook(&imq_egress_ipv4); ++#endif ++err3: ++ nf_unregister_hook(&imq_ingress_ipv4); ++err2: ++ nf_unregister_queue_handler(PF_INET, &nfqh); ++err1: ++ return err; ++} ++ ++static int __init imq_init_one(int index) ++{ ++ struct net_device *dev; ++ int ret; ++ ++ dev = alloc_netdev(sizeof(struct imq_private), "imq%d", imq_setup); ++ if (!dev) ++ return -ENOMEM; ++ ++ ret = dev_alloc_name(dev, dev->name); ++ if (ret < 0) ++ goto fail; ++ ++ dev->rtnl_link_ops = &imq_link_ops; ++ ret = register_netdevice(dev); ++ if (ret < 0) ++ goto fail; ++ ++ return 0; ++fail: ++ free_netdev(dev); ++ return ret; ++} ++ ++static int __init imq_init_devs(void) ++{ ++ int err, i; ++ ++ if (!numdevs || numdevs > IMQ_MAX_DEVS) { ++ printk(KERN_ERR "IMQ: numdevs has to be betweed 1 and %u\n", ++ IMQ_MAX_DEVS); ++ return -EINVAL; ++ } ++ ++ rtnl_lock(); ++ err = __rtnl_link_register(&imq_link_ops); ++ ++ for (i = 0; i < numdevs && !err; i++) ++ err = imq_init_one(i); ++ ++ if (err) { ++ __rtnl_link_unregister(&imq_link_ops); ++ memset(imq_devs_cache, 0, sizeof(imq_devs_cache)); ++ } ++ rtnl_unlock(); ++ ++ return err; ++} ++ ++static int __init imq_init_module(void) ++{ ++ int err; ++ ++ err = imq_init_devs(); ++ if (err) { ++ printk(KERN_ERR "IMQ: Error trying imq_init_devs(net)\n"); ++ return err; ++ } ++ ++ err = imq_init_hooks(); ++ if (err) { ++ printk(KERN_ERR "IMQ: Error trying imq_init_hooks()\n"); ++ rtnl_link_unregister(&imq_link_ops); ++ memset(imq_devs_cache, 0, sizeof(imq_devs_cache)); ++ return err; ++ } ++ ++ printk(KERN_INFO "IMQ driver loaded successfully.\n"); ++ ++#if defined(CONFIG_IMQ_BEHAVIOR_BA) || defined(CONFIG_IMQ_BEHAVIOR_BB) ++ printk(KERN_INFO "\tHooking IMQ before NAT on PREROUTING.\n"); ++#else ++ printk(KERN_INFO "\tHooking IMQ after NAT on PREROUTING.\n"); ++#endif ++#if defined(CONFIG_IMQ_BEHAVIOR_AB) || defined(CONFIG_IMQ_BEHAVIOR_BB) ++ printk(KERN_INFO "\tHooking IMQ before NAT on POSTROUTING.\n"); ++#else ++ printk(KERN_INFO "\tHooking IMQ after NAT on POSTROUTING.\n"); ++#endif ++ ++ return 0; ++} ++ ++static void __exit imq_unhook(void) ++{ ++#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) ++ nf_unregister_hook(&imq_ingress_ipv6); ++ nf_unregister_hook(&imq_egress_ipv6); ++ nf_unregister_queue_handler(PF_INET6, &nfqh); ++#endif ++ nf_unregister_hook(&imq_ingress_ipv4); ++ nf_unregister_hook(&imq_egress_ipv4); ++ nf_unregister_queue_handler(PF_INET, &nfqh); ++} ++ ++static void __exit imq_cleanup_devs(void) ++{ ++ rtnl_link_unregister(&imq_link_ops); ++ memset(imq_devs_cache, 0, sizeof(imq_devs_cache)); ++} ++ ++static void __exit imq_exit_module(void) ++{ ++ imq_unhook(); ++ imq_cleanup_devs(); ++ printk(KERN_INFO "IMQ driver unloaded successfully.\n"); ++} ++ ++module_init(imq_init_module); ++module_exit(imq_exit_module); ++ ++module_param(numdevs, int, 0); ++MODULE_PARM_DESC(numdevs, "number of IMQ devices (how many imq* devices will " ++ "be created)"); ++MODULE_AUTHOR("http://www.linuximq.net"); ++MODULE_DESCRIPTION("Pseudo-driver for the intermediate queue device. See " ++ "http://www.linuximq.net/ for more information."); ++MODULE_LICENSE("GPL"); ++MODULE_ALIAS_RTNL_LINK("imq"); ++ +diff --git a/include/linux/imq.h b/include/linux/imq.h +new file mode 100644 +index 0000000..1447c4e --- /dev/null +++ b/include/linux/imq.h @@ -0,0 +1,9 @@ @@ -619,6 +667,9 @@ +#define IMQ_F_ENQUEUE 0x80 + +#endif /* _IMQ_H */ +diff --git a/include/linux/netfilter_ipv4/ipt_IMQ.h b/include/linux/netfilter_ipv4/ipt_IMQ.h +new file mode 100644 +index 0000000..a304991 --- /dev/null +++ b/include/linux/netfilter_ipv4/ipt_IMQ.h @@ -0,0 +1,8 @@ @@ -630,6 +681,9 @@ +}; + +#endif /* _IPT_IMQ_H */ +diff --git a/include/linux/netfilter_ipv6/ip6t_IMQ.h b/include/linux/netfilter_ipv6/ip6t_IMQ.h +new file mode 100644 +index 0000000..605f549 --- /dev/null +++ b/include/linux/netfilter_ipv6/ip6t_IMQ.h @@ -0,0 +1,8 @@ @@ -641,9 +695,11 @@ +}; + +#endif /* _IP6T_IMQ_H */ +diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h +index bbd8d00..f7d6f7e 100644 --- a/include/linux/skbuff.h +++ b/include/linux/skbuff.h -@@ -296,6 +296,10 @@ +@@ -296,6 +296,10 @@ struct sk_buff { struct nf_conntrack *nfct; struct sk_buff *nfct_reasm; #endif @@ -654,7 +710,7 @@ #ifdef CONFIG_BRIDGE_NETFILTER struct nf_bridge_info *nf_bridge; #endif -@@ -1736,6 +1740,10 @@ +@@ -1736,6 +1740,10 @@ static inline void __nf_copy(struct sk_buff *dst, const struct sk_buff *src) dst->nfct_reasm = src->nfct_reasm; nf_conntrack_get_reasm(src->nfct_reasm); #endif @@ -665,6 +721,8 @@ #ifdef CONFIG_BRIDGE_NETFILTER dst->nf_bridge = src->nf_bridge; nf_bridge_get(src->nf_bridge); +diff --git a/net/core/dev.c b/net/core/dev.c +index 460e7f9..094838b 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -95,6 +95,9 @@ @@ -677,7 +735,7 @@ #include #include #include -@@ -1537,7 +1540,11 @@ +@@ -1537,7 +1540,11 @@ static int dev_gso_segment(struct sk_buff *skb) int dev_hard_start_xmit(struct sk_buff *skb, struct net_device *dev) { if (likely(!skb->next)) { @@ -690,6 +748,43 @@ dev_queue_xmit_nit(skb, dev); if (netif_needs_gso(dev, skb)) { +diff --git a/net/ipv4/netfilter/Kconfig b/net/ipv4/netfilter/Kconfig +index 9a077cb..3bde19b 100644 +--- a/net/ipv4/netfilter/Kconfig ++++ b/net/ipv4/netfilter/Kconfig +@@ -123,6 +123,17 @@ config IP_NF_FILTER + + To compile it as a module, choose M here. If unsure, say N. + ++config IP_NF_TARGET_IMQ ++ tristate "IMQ target support" ++ depends on IP_NF_MANGLE ++ help ++ This option adds a `IMQ' target which is used to specify if and ++ to which IMQ device packets should get enqueued/dequeued. ++ ++ For more information visit: http://www.linuximq.net/ ++ ++ To compile it as a module, choose M here. If unsure, say N. ++ + config IP_NF_TARGET_REJECT + tristate "REJECT target support" + depends on IP_NF_FILTER +diff --git a/net/ipv4/netfilter/Makefile b/net/ipv4/netfilter/Makefile +index 0c7dc78..7617528 100644 +--- a/net/ipv4/netfilter/Makefile ++++ b/net/ipv4/netfilter/Makefile +@@ -51,6 +51,7 @@ obj-$(CONFIG_IP_NF_MATCH_TTL) += ipt_ttl.o + obj-$(CONFIG_IP_NF_TARGET_CLUSTERIP) += ipt_CLUSTERIP.o + obj-$(CONFIG_IP_NF_TARGET_ECN) += ipt_ECN.o + obj-$(CONFIG_IP_NF_TARGET_LOG) += ipt_LOG.o ++obj-$(CONFIG_IP_NF_TARGET_IMQ) += ipt_IMQ.o + obj-$(CONFIG_IP_NF_TARGET_MASQUERADE) += ipt_MASQUERADE.o + obj-$(CONFIG_IP_NF_TARGET_NETMAP) += ipt_NETMAP.o + obj-$(CONFIG_IP_NF_TARGET_REDIRECT) += ipt_REDIRECT.o +diff --git a/net/ipv4/netfilter/ipt_IMQ.c b/net/ipv4/netfilter/ipt_IMQ.c +new file mode 100644 +index 0000000..cda69a4 --- /dev/null +++ b/net/ipv4/netfilter/ipt_IMQ.c @@ -0,0 +1,69 @@ @@ -709,7 +804,7 @@ + const struct xt_target *target, + const void *targinfo) +{ -+ struct ipt_imq_info *mr = (struct ipt_imq_info*)targinfo; ++ struct ipt_imq_info *mr = (struct ipt_imq_info *)targinfo; + + pskb->imq_flags = mr->todev | IMQ_F_ENQUEUE; + @@ -724,7 +819,7 @@ +{ + struct ipt_imq_info *mr; + -+ mr = (struct ipt_imq_info*)targinfo; ++ mr = (struct ipt_imq_info *)targinfo; + + if (mr->todev > IMQ_MAX_DEVS) { + printk(KERN_WARNING @@ -762,36 +857,41 @@ +MODULE_AUTHOR("http://www.linuximq.net"); +MODULE_DESCRIPTION("Pseudo-driver for the intermediate queue device. See http://www.linuximq.net/ for more information."); +MODULE_LICENSE("GPL"); ---- a/net/ipv4/netfilter/Kconfig -+++ b/net/ipv4/netfilter/Kconfig -@@ -145,6 +145,17 @@ +diff --git a/net/ipv6/netfilter/Kconfig b/net/ipv6/netfilter/Kconfig +index 6cae547..3b3b610 100644 +--- a/net/ipv6/netfilter/Kconfig ++++ b/net/ipv6/netfilter/Kconfig +@@ -179,6 +179,15 @@ config IP6_NF_MANGLE To compile it as a module, choose M here. If unsure, say N. -+config IP_NF_TARGET_IMQ -+ tristate "IMQ target support" -+ depends on IP_NF_MANGLE -+ help -+ This option adds a `IMQ' target which is used to specify if and -+ to which IMQ device packets should get enqueued/dequeued. ++config IP6_NF_TARGET_IMQ ++ tristate "IMQ target support" ++ depends on IP6_NF_MANGLE ++ help ++ This option adds a `IMQ' target which is used to specify if and ++ to which imq device packets should get enqueued/dequeued. + -+ For more information visit: http://www.linuximq.net/ ++ To compile it as a module, choose M here. If unsure, say N. + -+ To compile it as a module, choose M here. If unsure, say N. -+ - config IP_NF_TARGET_REJECT - tristate "REJECT target support" - depends on IP_NF_FILTER ---- a/net/ipv4/netfilter/Makefile -+++ b/net/ipv4/netfilter/Makefile -@@ -55,6 +55,7 @@ - obj-$(CONFIG_IP_NF_TARGET_CLUSTERIP) += ipt_CLUSTERIP.o - obj-$(CONFIG_IP_NF_TARGET_ECN) += ipt_ECN.o - obj-$(CONFIG_IP_NF_TARGET_LOG) += ipt_LOG.o -+obj-$(CONFIG_IP_NF_TARGET_IMQ) += ipt_IMQ.o - obj-$(CONFIG_IP_NF_TARGET_MASQUERADE) += ipt_MASQUERADE.o - obj-$(CONFIG_IP_NF_TARGET_NETMAP) += ipt_NETMAP.o - obj-$(CONFIG_IP_NF_TARGET_REDIRECT) += ipt_REDIRECT.o + config IP6_NF_TARGET_HL + tristate 'HL (hoplimit) target support' + depends on IP6_NF_MANGLE +diff --git a/net/ipv6/netfilter/Makefile b/net/ipv6/netfilter/Makefile +index fbf2c14..dcfe80b 100644 +--- a/net/ipv6/netfilter/Makefile ++++ b/net/ipv6/netfilter/Makefile +@@ -6,6 +6,7 @@ + obj-$(CONFIG_IP6_NF_IPTABLES) += ip6_tables.o + obj-$(CONFIG_IP6_NF_FILTER) += ip6table_filter.o + obj-$(CONFIG_IP6_NF_MANGLE) += ip6table_mangle.o ++obj-$(CONFIG_IP6_NF_TARGET_IMQ) += ip6t_IMQ.o + obj-$(CONFIG_IP6_NF_QUEUE) += ip6_queue.o + obj-$(CONFIG_IP6_NF_RAW) += ip6table_raw.o + +diff --git a/net/ipv6/netfilter/ip6t_IMQ.c b/net/ipv6/netfilter/ip6t_IMQ.c +new file mode 100644 +index 0000000..5cf7b72 --- /dev/null +++ b/net/ipv6/netfilter/ip6t_IMQ.c @@ -0,0 +1,69 @@ @@ -811,7 +911,7 @@ + const struct xt_target *target, + const void *targinfo) +{ -+ struct ip6t_imq_info *mr = (struct ip6t_imq_info*)targinfo; ++ struct ip6t_imq_info *mr = (struct ip6t_imq_info *)targinfo; + + pskb->imq_flags = mr->todev | IMQ_F_ENQUEUE; + @@ -826,7 +926,7 @@ +{ + struct ip6t_imq_info *mr; + -+ mr = (struct ip6t_imq_info*)targinfo; ++ mr = (struct ip6t_imq_info *)targinfo; + + if (mr->todev > IMQ_MAX_DEVS) { + printk(KERN_WARNING @@ -864,37 +964,11 @@ +MODULE_AUTHOR("http://www.linuximq.net"); +MODULE_DESCRIPTION("Pseudo-driver for the intermediate queue device. See http://www.linuximq.net/ for more information."); +MODULE_LICENSE("GPL"); ---- a/net/ipv6/netfilter/Kconfig -+++ b/net/ipv6/netfilter/Kconfig -@@ -179,6 +179,15 @@ - - To compile it as a module, choose M here. If unsure, say N. - -+config IP6_NF_TARGET_IMQ -+ tristate "IMQ target support" -+ depends on IP6_NF_MANGLE -+ help -+ This option adds a `IMQ' target which is used to specify if and -+ to which imq device packets should get enqueued/dequeued. -+ -+ To compile it as a module, choose M here. If unsure, say N. -+ - config IP6_NF_TARGET_HL - tristate 'HL (hoplimit) target support' - depends on IP6_NF_MANGLE ---- a/net/ipv6/netfilter/Makefile -+++ b/net/ipv6/netfilter/Makefile -@@ -6,6 +6,7 @@ - obj-$(CONFIG_IP6_NF_IPTABLES) += ip6_tables.o - obj-$(CONFIG_IP6_NF_FILTER) += ip6table_filter.o - obj-$(CONFIG_IP6_NF_MANGLE) += ip6table_mangle.o -+obj-$(CONFIG_IP6_NF_TARGET_IMQ) += ip6t_IMQ.o - obj-$(CONFIG_IP6_NF_QUEUE) += ip6_queue.o - obj-$(CONFIG_IP6_NF_RAW) += ip6table_raw.o - +diff --git a/net/sched/sch_generic.c b/net/sched/sch_generic.c +index b741618..dcb916e 100644 --- a/net/sched/sch_generic.c +++ b/net/sched/sch_generic.c -@@ -203,6 +203,7 @@ +@@ -203,6 +203,7 @@ void __qdisc_run(struct net_device *dev) clear_bit(__LINK_STATE_QDISC_RUNNING, &dev->state); } diff --git a/target/linux/generic-2.6/patches-2.6.26/150-netfilter_imq.patch b/target/linux/generic-2.6/patches-2.6.26/150-netfilter_imq.patch index 542c54ebb..c99a30d23 100644 --- a/target/linux/generic-2.6/patches-2.6.26/150-netfilter_imq.patch +++ b/target/linux/generic-2.6/patches-2.6.26/150-netfilter_imq.patch @@ -1,470 +1,31 @@ ---- /dev/null -+++ b/drivers/net/imq.c -@@ -0,0 +1,464 @@ -+/* -+ * Pseudo-driver for the intermediate queue device. -+ * -+ * This program is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU General Public License -+ * as published by the Free Software Foundation; either version -+ * 2 of the License, or (at your option) any later version. -+ * -+ * Authors: Patrick McHardy, -+ * -+ * The first version was written by Martin Devera, -+ * -+ * Credits: Jan Rafaj -+ * - Update patch to 2.4.21 -+ * Sebastian Strollo -+ * - Fix "Dead-loop on netdevice imq"-issue -+ * Marcel Sebek -+ * - Update to 2.6.2-rc1 -+ * -+ * After some time of inactivity there is a group taking care -+ * of IMQ again: http://www.linuximq.net -+ * -+ * -+ * 2004/06/30 - New version of IMQ patch to kernels <=2.6.7 -+ * including the following changes: -+ * -+ * - Correction of ipv6 support "+"s issue (Hasso Tepper) -+ * - Correction of imq_init_devs() issue that resulted in -+ * kernel OOPS unloading IMQ as module (Norbert Buchmuller) -+ * - Addition of functionality to choose number of IMQ devices -+ * during kernel config (Andre Correa) -+ * - Addition of functionality to choose how IMQ hooks on -+ * PRE and POSTROUTING (after or before NAT) (Andre Correa) -+ * - Cosmetic corrections (Norbert Buchmuller) (Andre Correa) -+ * -+ * -+ * 2005/12/16 - IMQ versions between 2.6.7 and 2.6.13 were -+ * released with almost no problems. 2.6.14-x was released -+ * with some important changes: nfcache was removed; After -+ * some weeks of trouble we figured out that some IMQ fields -+ * in skb were missing in skbuff.c - skb_clone and copy_skb_header. -+ * These functions are correctly patched by this new patch version. -+ * -+ * Thanks for all who helped to figure out all the problems with -+ * 2.6.14.x: Patrick McHardy, Rune Kock, VeNoMouS, Max CtRiX, -+ * Kevin Shanahan, Richard Lucassen, Valery Dachev (hopefully -+ * I didn't forget anybody). I apologize again for my lack of time. -+ * -+ * -+ * 2008/06/07 - Changed imq.c to use qdisc_run() instead of -+ * qdisc_restart() and moved qdisc_run() to tasklet to avoid -+ * recursive locking. (Jussi Kivilinna) -+ * -+ * -+ * More info at: http://www.linuximq.net/ (Andre Correa) -+ */ -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) -+ #include -+#endif -+#include -+#include -+#include -+ -+struct imq_private { -+ struct tasklet_struct tasklet; -+ int tasklet_pending; -+}; -+ -+static nf_hookfn imq_nf_hook; -+ -+static struct nf_hook_ops imq_ingress_ipv4 = { -+ .hook = imq_nf_hook, -+ .owner = THIS_MODULE, -+ .pf = PF_INET, -+ .hooknum = NF_INET_PRE_ROUTING, -+#if defined(CONFIG_IMQ_BEHAVIOR_BA) || defined(CONFIG_IMQ_BEHAVIOR_BB) -+ .priority = NF_IP_PRI_MANGLE + 1 -+#else -+ .priority = NF_IP_PRI_NAT_DST + 1 -+#endif -+}; -+ -+static struct nf_hook_ops imq_egress_ipv4 = { -+ .hook = imq_nf_hook, -+ .owner = THIS_MODULE, -+ .pf = PF_INET, -+ .hooknum = NF_INET_POST_ROUTING, -+#if defined(CONFIG_IMQ_BEHAVIOR_AA) || defined(CONFIG_IMQ_BEHAVIOR_BA) -+ .priority = NF_IP_PRI_LAST -+#else -+ .priority = NF_IP_PRI_NAT_SRC - 1 -+#endif -+}; -+ -+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) -+static struct nf_hook_ops imq_ingress_ipv6 = { -+ .hook = imq_nf_hook, -+ .owner = THIS_MODULE, -+ .pf = PF_INET6, -+ .hooknum = NF_INET_PRE_ROUTING, -+#if defined(CONFIG_IMQ_BEHAVIOR_BA) || defined(CONFIG_IMQ_BEHAVIOR_BB) -+ .priority = NF_IP6_PRI_MANGLE + 1 -+#else -+ .priority = NF_IP6_PRI_NAT_DST + 1 -+#endif -+}; -+ -+static struct nf_hook_ops imq_egress_ipv6 = { -+ .hook = imq_nf_hook, -+ .owner = THIS_MODULE, -+ .pf = PF_INET6, -+ .hooknum = NF_INET_POST_ROUTING, -+#if defined(CONFIG_IMQ_BEHAVIOR_AA) || defined(CONFIG_IMQ_BEHAVIOR_BA) -+ .priority = NF_IP6_PRI_LAST -+#else -+ .priority = NF_IP6_PRI_NAT_SRC - 1 -+#endif -+}; -+#endif -+ -+#if defined(CONFIG_IMQ_NUM_DEVS) -+static unsigned int numdevs = CONFIG_IMQ_NUM_DEVS; -+#else -+static unsigned int numdevs = 16; -+#endif -+ -+static struct net_device *imq_devs; -+ -+static struct net_device_stats *imq_get_stats(struct net_device *dev) -+{ -+ return &dev->stats; -+} -+ -+/* called for packets kfree'd in qdiscs at places other than enqueue */ -+static void imq_skb_destructor(struct sk_buff *skb) -+{ -+ struct nf_queue_entry *entry = skb->nf_queue_entry; -+ -+ if (entry) { -+ if (entry->indev) -+ dev_put(entry->indev); -+ if (entry->outdev) -+ dev_put(entry->outdev); -+ kfree(entry); -+ } -+} -+ -+static int imq_dev_xmit(struct sk_buff *skb, struct net_device *dev) -+{ -+ dev->stats.tx_bytes += skb->len; -+ dev->stats.tx_packets++; -+ -+ skb->imq_flags = 0; -+ skb->destructor = NULL; -+ -+ dev->trans_start = jiffies; -+ nf_reinject(skb->nf_queue_entry, NF_ACCEPT); -+ return 0; -+} -+ -+static int imq_nf_queue(struct nf_queue_entry *entry, unsigned queue_num) -+{ -+ struct net_device *dev; -+ struct imq_private *priv; -+ struct sk_buff *skb2 = NULL; -+ struct Qdisc *q; -+ unsigned int index = entry->skb->imq_flags & IMQ_F_IFMASK; -+ int ret = -1; -+ -+ if (index > numdevs) -+ return -1; -+ -+ dev = imq_devs + index; -+ priv = netdev_priv(dev); -+ if (!(dev->flags & IFF_UP)) { -+ entry->skb->imq_flags = 0; -+ nf_reinject(entry, NF_ACCEPT); -+ return 0; -+ } -+ dev->last_rx = jiffies; -+ -+ if (entry->skb->destructor) { -+ skb2 = entry->skb; -+ entry->skb = skb_clone(entry->skb, GFP_ATOMIC); -+ if (!entry->skb) -+ return -1; -+ } -+ entry->skb->nf_queue_entry = entry; -+ -+ dev->stats.rx_bytes += entry->skb->len; -+ dev->stats.rx_packets++; -+ -+ spin_lock_bh(&dev->queue_lock); -+ q = dev->qdisc; -+ if (q->enqueue) { -+ q->enqueue(skb_get(entry->skb), q); -+ if (skb_shared(entry->skb)) { -+ entry->skb->destructor = imq_skb_destructor; -+ kfree_skb(entry->skb); -+ ret = 0; -+ } -+ } -+ -+ spin_unlock_bh(&dev->queue_lock); -+ -+ if (!test_and_set_bit(1, &priv->tasklet_pending)) -+ tasklet_schedule(&priv->tasklet); -+ -+ if (skb2) -+ kfree_skb(ret ? entry->skb : skb2); -+ -+ return ret; -+} -+ -+static struct nf_queue_handler nfqh = { -+ .name = "imq", -+ .outfn = imq_nf_queue, -+}; -+ -+static void qdisc_run_tasklet(unsigned long arg) -+{ -+ struct net_device *dev = (struct net_device *)arg; -+ struct imq_private *priv = netdev_priv(dev); -+ -+ spin_lock(&dev->queue_lock); -+ qdisc_run(dev); -+ spin_unlock(&dev->queue_lock); -+ -+ clear_bit(1, &priv->tasklet_pending); -+} -+ -+static unsigned int imq_nf_hook(unsigned int hook, struct sk_buff *pskb, -+ const struct net_device *indev, -+ const struct net_device *outdev, -+ int (*okfn)(struct sk_buff *)) -+{ -+ if (pskb->imq_flags & IMQ_F_ENQUEUE) -+ return NF_QUEUE; -+ -+ return NF_ACCEPT; -+} -+ -+static int imq_close(struct net_device *dev) -+{ -+ struct imq_private *priv = netdev_priv(dev); -+ -+ tasklet_kill(&priv->tasklet); -+ netif_stop_queue(dev); -+ -+ return 0; -+} -+ -+static int imq_open(struct net_device *dev) -+{ -+ struct imq_private *priv = netdev_priv(dev); -+ -+ tasklet_init(&priv->tasklet, qdisc_run_tasklet, (unsigned long)dev); -+ netif_start_queue(dev); -+ -+ return 0; -+} -+ -+static int __init imq_init_hooks(void) -+{ -+ int err; -+ -+ err = nf_register_queue_handler(PF_INET, &nfqh); -+ if (err) -+ goto err1; -+ -+ err = nf_register_hook(&imq_ingress_ipv4); -+ if (err) -+ goto err2; -+ -+ err = nf_register_hook(&imq_egress_ipv4); -+ if (err) -+ goto err3; -+ -+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) -+ err = nf_register_queue_handler(PF_INET6, &nfqh); -+ if (err) -+ goto err4; -+ -+ err = nf_register_hook(&imq_ingress_ipv6); -+ if (err) -+ goto err5; -+ -+ err = nf_register_hook(&imq_egress_ipv6); -+ if (err) -+ goto err6; -+#endif -+ -+ return 0; -+ -+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) -+err6: -+ nf_unregister_hook(&imq_ingress_ipv6); -+err5: -+ nf_unregister_queue_handler(PF_INET6, &nfqh); -+err4: -+ nf_unregister_hook(&imq_egress_ipv4); -+#endif -+err3: -+ nf_unregister_hook(&imq_ingress_ipv4); -+err2: -+ nf_unregister_queue_handler(PF_INET, &nfqh); -+err1: -+ return err; -+} -+ -+static void __exit imq_unhook(void) -+{ -+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) -+ nf_unregister_hook(&imq_ingress_ipv6); -+ nf_unregister_hook(&imq_egress_ipv6); -+ nf_unregister_queue_handler(PF_INET6, &nfqh); -+#endif -+ nf_unregister_hook(&imq_ingress_ipv4); -+ nf_unregister_hook(&imq_egress_ipv4); -+ nf_unregister_queue_handler(PF_INET, &nfqh); -+} -+ -+static int __init imq_dev_init(struct net_device *dev) -+{ -+ dev->hard_start_xmit = imq_dev_xmit; -+ dev->open = imq_open; -+ dev->get_stats = imq_get_stats; -+ dev->stop = imq_close; -+ dev->type = ARPHRD_VOID; -+ dev->mtu = 16000; -+ dev->tx_queue_len = 11000; -+ dev->flags = IFF_NOARP; -+ -+ dev->priv = kzalloc(sizeof(struct imq_private), GFP_KERNEL); -+ if (dev->priv == NULL) -+ return -ENOMEM; -+ -+ return 0; -+} -+ -+static void imq_dev_uninit(struct net_device *dev) -+{ -+ kfree(dev->priv); -+} -+ -+static int __init imq_init_devs(struct net *net) -+{ -+ struct net_device *dev; -+ int i, j; -+ -+ if (!numdevs || numdevs > IMQ_MAX_DEVS) { -+ printk(KERN_ERR "IMQ: numdevs has to be betweed 1 and %u\n", -+ IMQ_MAX_DEVS); -+ return -EINVAL; -+ } -+ -+ imq_devs = kzalloc(sizeof(struct net_device) * numdevs, GFP_KERNEL); -+ if (!imq_devs) -+ return -ENOMEM; -+ -+ /* we start counting at zero */ -+ j = numdevs - 1; -+ -+ for (i = 0, dev = imq_devs; i <= j; i++, dev++) { -+ strcpy(dev->name, "imq%d"); -+ dev->init = imq_dev_init; -+ dev->uninit = imq_dev_uninit; -+ dev->nd_net = net; -+ -+ if (register_netdev(dev) < 0) -+ goto err_register; -+ } -+ printk(KERN_INFO "IMQ starting with %u devices...\n", numdevs); -+ return 0; -+ -+err_register: -+ for (; i; i--) -+ unregister_netdev(--dev); -+ kfree(imq_devs); -+ return -EIO; -+} -+ -+static void imq_cleanup_devs(void) -+{ -+ int i; -+ struct net_device *dev = imq_devs; -+ -+ for (i = 0; i <= numdevs; i++) -+ unregister_netdev(dev++); -+ -+ kfree(imq_devs); -+} -+ -+static __net_init int imq_init_module(struct net *net) -+{ -+ int err; -+ -+ err = imq_init_devs(net); -+ if (err) { -+ printk(KERN_ERR "IMQ: Error trying imq_init_devs(net)\n"); -+ return err; -+ } -+ -+ err = imq_init_hooks(); -+ if (err) { -+ printk(KERN_ERR "IMQ: Error trying imq_init_hooks()\n"); -+ imq_cleanup_devs(); -+ return err; -+ } -+ -+ printk(KERN_INFO "IMQ driver loaded successfully.\n"); -+ -+#if defined(CONFIG_IMQ_BEHAVIOR_BA) || defined(CONFIG_IMQ_BEHAVIOR_BB) -+ printk(KERN_INFO "\tHooking IMQ before NAT on PREROUTING.\n"); -+#else -+ printk(KERN_INFO "\tHooking IMQ after NAT on PREROUTING.\n"); -+#endif -+#if defined(CONFIG_IMQ_BEHAVIOR_AB) || defined(CONFIG_IMQ_BEHAVIOR_BB) -+ printk(KERN_INFO "\tHooking IMQ before NAT on POSTROUTING.\n"); -+#else -+ printk(KERN_INFO "\tHooking IMQ after NAT on POSTROUTING.\n"); -+#endif -+ -+ return 0; -+} -+ -+static __net_exit void imq_exit_module(struct net *net) -+{ -+ imq_unhook(); -+ imq_cleanup_devs(); -+ printk(KERN_INFO "IMQ driver unloaded successfully.\n"); -+} -+ -+static struct pernet_operations __net_initdata imq_net_ops = { -+ .init = imq_init_module, -+ .exit = imq_exit_module, -+}; -+ -+static int __init imq_init(void) -+{ -+ return register_pernet_device(&imq_net_ops); -+} -+ -+module_init(imq_init); -+/*module_exit(imq_cleanup_module);*/ -+ -+module_param(numdevs, int, 0); -+MODULE_PARM_DESC(numdevs, "number of IMQ devices (how many imq* devices will " -+ "be created)"); -+MODULE_AUTHOR("http://www.linuximq.net"); -+MODULE_DESCRIPTION("Pseudo-driver for the intermediate queue device. See " -+ "http://www.linuximq.net/ for more information."); -+MODULE_LICENSE("GPL"); -+ + + +--- + + drivers/net/Kconfig | 123 ++++++++ + drivers/net/Makefile | 1 + drivers/net/imq.c | 474 +++++++++++++++++++++++++++++++ + include/linux/imq.h | 9 + + include/linux/netfilter_ipv4/ipt_IMQ.h | 8 + + include/linux/netfilter_ipv6/ip6t_IMQ.h | 8 + + include/linux/skbuff.h | 8 + + net/core/dev.c | 9 + + net/ipv4/netfilter/Kconfig | 11 + + net/ipv4/netfilter/Makefile | 1 + net/ipv4/netfilter/ipt_IMQ.c | 69 +++++ + net/ipv6/netfilter/Kconfig | 9 + + net/ipv6/netfilter/Makefile | 1 + net/ipv6/netfilter/ip6t_IMQ.c | 69 +++++ + net/sched/sch_generic.c | 1 + 15 files changed, 800 insertions(+), 1 deletions(-) + create mode 100644 drivers/net/imq.c + create mode 100644 include/linux/imq.h + create mode 100644 include/linux/netfilter_ipv4/ipt_IMQ.h + create mode 100644 include/linux/netfilter_ipv6/ip6t_IMQ.h + create mode 100644 net/ipv4/netfilter/ipt_IMQ.c + create mode 100644 net/ipv6/netfilter/ip6t_IMQ.c + + --- a/drivers/net/Kconfig +++ b/drivers/net/Kconfig @@ -117,6 +117,129 @@ @@ -608,6 +169,483 @@ obj-$(CONFIG_MACVLAN) += macvlan.o obj-$(CONFIG_DE600) += de600.o --- /dev/null ++++ b/drivers/net/imq.c +@@ -0,0 +1,474 @@ ++/* ++ * Pseudo-driver for the intermediate queue device. ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public License ++ * as published by the Free Software Foundation; either version ++ * 2 of the License, or (at your option) any later version. ++ * ++ * Authors: Patrick McHardy, ++ * ++ * The first version was written by Martin Devera, ++ * ++ * Credits: Jan Rafaj ++ * - Update patch to 2.4.21 ++ * Sebastian Strollo ++ * - Fix "Dead-loop on netdevice imq"-issue ++ * Marcel Sebek ++ * - Update to 2.6.2-rc1 ++ * ++ * After some time of inactivity there is a group taking care ++ * of IMQ again: http://www.linuximq.net ++ * ++ * ++ * 2004/06/30 - New version of IMQ patch to kernels <=2.6.7 ++ * including the following changes: ++ * ++ * - Correction of ipv6 support "+"s issue (Hasso Tepper) ++ * - Correction of imq_init_devs() issue that resulted in ++ * kernel OOPS unloading IMQ as module (Norbert Buchmuller) ++ * - Addition of functionality to choose number of IMQ devices ++ * during kernel config (Andre Correa) ++ * - Addition of functionality to choose how IMQ hooks on ++ * PRE and POSTROUTING (after or before NAT) (Andre Correa) ++ * - Cosmetic corrections (Norbert Buchmuller) (Andre Correa) ++ * ++ * ++ * 2005/12/16 - IMQ versions between 2.6.7 and 2.6.13 were ++ * released with almost no problems. 2.6.14-x was released ++ * with some important changes: nfcache was removed; After ++ * some weeks of trouble we figured out that some IMQ fields ++ * in skb were missing in skbuff.c - skb_clone and copy_skb_header. ++ * These functions are correctly patched by this new patch version. ++ * ++ * Thanks for all who helped to figure out all the problems with ++ * 2.6.14.x: Patrick McHardy, Rune Kock, VeNoMouS, Max CtRiX, ++ * Kevin Shanahan, Richard Lucassen, Valery Dachev (hopefully ++ * I didn't forget anybody). I apologize again for my lack of time. ++ * ++ * ++ * 2008/06/07 - Changed imq.c to use qdisc_run() instead of ++ * qdisc_restart() and moved qdisc_run() to tasklet to avoid ++ * recursive locking. (Jussi Kivilinna) ++ * ++ * 2008/06/14 - New initialization routines to fix 'rmmod' not ++ * working anymore. Used code from ifb.c (Jussi Kivilinna) ++ * ++ * ++ * More info at: http://www.linuximq.net/ (Andre Correa) ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) ++ #include ++#endif ++#include ++#include ++#include ++ ++struct imq_private { ++ struct tasklet_struct tasklet; ++ int tasklet_pending; ++}; ++ ++static nf_hookfn imq_nf_hook; ++ ++static struct nf_hook_ops imq_ingress_ipv4 = { ++ .hook = imq_nf_hook, ++ .owner = THIS_MODULE, ++ .pf = PF_INET, ++ .hooknum = NF_INET_PRE_ROUTING, ++#if defined(CONFIG_IMQ_BEHAVIOR_BA) || defined(CONFIG_IMQ_BEHAVIOR_BB) ++ .priority = NF_IP_PRI_MANGLE + 1 ++#else ++ .priority = NF_IP_PRI_NAT_DST + 1 ++#endif ++}; ++ ++static struct nf_hook_ops imq_egress_ipv4 = { ++ .hook = imq_nf_hook, ++ .owner = THIS_MODULE, ++ .pf = PF_INET, ++ .hooknum = NF_INET_POST_ROUTING, ++#if defined(CONFIG_IMQ_BEHAVIOR_AA) || defined(CONFIG_IMQ_BEHAVIOR_BA) ++ .priority = NF_IP_PRI_LAST ++#else ++ .priority = NF_IP_PRI_NAT_SRC - 1 ++#endif ++}; ++ ++#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) ++static struct nf_hook_ops imq_ingress_ipv6 = { ++ .hook = imq_nf_hook, ++ .owner = THIS_MODULE, ++ .pf = PF_INET6, ++ .hooknum = NF_INET_PRE_ROUTING, ++#if defined(CONFIG_IMQ_BEHAVIOR_BA) || defined(CONFIG_IMQ_BEHAVIOR_BB) ++ .priority = NF_IP6_PRI_MANGLE + 1 ++#else ++ .priority = NF_IP6_PRI_NAT_DST + 1 ++#endif ++}; ++ ++static struct nf_hook_ops imq_egress_ipv6 = { ++ .hook = imq_nf_hook, ++ .owner = THIS_MODULE, ++ .pf = PF_INET6, ++ .hooknum = NF_INET_POST_ROUTING, ++#if defined(CONFIG_IMQ_BEHAVIOR_AA) || defined(CONFIG_IMQ_BEHAVIOR_BA) ++ .priority = NF_IP6_PRI_LAST ++#else ++ .priority = NF_IP6_PRI_NAT_SRC - 1 ++#endif ++}; ++#endif ++ ++#if defined(CONFIG_IMQ_NUM_DEVS) ++static unsigned int numdevs = CONFIG_IMQ_NUM_DEVS; ++#else ++static unsigned int numdevs = IMQ_MAX_DEVS; ++#endif ++ ++static struct net_device *imq_devs_cache[IMQ_MAX_DEVS]; ++ ++static struct net_device_stats *imq_get_stats(struct net_device *dev) ++{ ++ return &dev->stats; ++} ++ ++/* called for packets kfree'd in qdiscs at places other than enqueue */ ++static void imq_skb_destructor(struct sk_buff *skb) ++{ ++ struct nf_queue_entry *entry = skb->nf_queue_entry; ++ ++ if (entry) { ++ if (entry->indev) ++ dev_put(entry->indev); ++ if (entry->outdev) ++ dev_put(entry->outdev); ++ kfree(entry); ++ } ++} ++ ++static int imq_dev_xmit(struct sk_buff *skb, struct net_device *dev) ++{ ++ dev->stats.tx_bytes += skb->len; ++ dev->stats.tx_packets++; ++ ++ skb->imq_flags = 0; ++ skb->destructor = NULL; ++ ++ dev->trans_start = jiffies; ++ nf_reinject(skb->nf_queue_entry, NF_ACCEPT); ++ return 0; ++} ++ ++static int imq_nf_queue(struct nf_queue_entry *entry, unsigned queue_num) ++{ ++ struct net_device *dev; ++ struct imq_private *priv; ++ struct sk_buff *skb2 = NULL; ++ struct Qdisc *q; ++ unsigned int index = entry->skb->imq_flags & IMQ_F_IFMASK; ++ int ret = -1; ++ ++ if (index > numdevs) ++ return -1; ++ ++ /* check for imq device by index from cache */ ++ dev = imq_devs_cache[index]; ++ if (!dev) { ++ char buf[8]; ++ ++ /* get device by name and cache result */ ++ snprintf(buf, sizeof(buf), "imq%d", index); ++ dev = dev_get_by_name(&init_net, buf); ++ if (!dev) { ++ /* not found ?!*/ ++ BUG(); ++ return -1; ++ } ++ ++ imq_devs_cache[index] = dev; ++ } ++ ++ priv = netdev_priv(dev); ++ if (!(dev->flags & IFF_UP)) { ++ entry->skb->imq_flags = 0; ++ nf_reinject(entry, NF_ACCEPT); ++ return 0; ++ } ++ dev->last_rx = jiffies; ++ ++ if (entry->skb->destructor) { ++ skb2 = entry->skb; ++ entry->skb = skb_clone(entry->skb, GFP_ATOMIC); ++ if (!entry->skb) ++ return -1; ++ } ++ entry->skb->nf_queue_entry = entry; ++ ++ dev->stats.rx_bytes += entry->skb->len; ++ dev->stats.rx_packets++; ++ ++ spin_lock_bh(&dev->queue_lock); ++ q = dev->qdisc; ++ if (q->enqueue) { ++ q->enqueue(skb_get(entry->skb), q); ++ if (skb_shared(entry->skb)) { ++ entry->skb->destructor = imq_skb_destructor; ++ kfree_skb(entry->skb); ++ ret = 0; ++ } ++ } ++ if (!test_and_set_bit(1, &priv->tasklet_pending)) ++ tasklet_schedule(&priv->tasklet); ++ spin_unlock_bh(&dev->queue_lock); ++ ++ if (skb2) ++ kfree_skb(ret ? entry->skb : skb2); ++ ++ return ret; ++} ++ ++static struct nf_queue_handler nfqh = { ++ .name = "imq", ++ .outfn = imq_nf_queue, ++}; ++ ++static void qdisc_run_tasklet(unsigned long arg) ++{ ++ struct net_device *dev = (struct net_device *)arg; ++ struct imq_private *priv = netdev_priv(dev); ++ ++ spin_lock(&dev->queue_lock); ++ qdisc_run(dev); ++ clear_bit(1, &priv->tasklet_pending); ++ spin_unlock(&dev->queue_lock); ++} ++ ++static unsigned int imq_nf_hook(unsigned int hook, struct sk_buff *pskb, ++ const struct net_device *indev, ++ const struct net_device *outdev, ++ int (*okfn)(struct sk_buff *)) ++{ ++ if (pskb->imq_flags & IMQ_F_ENQUEUE) ++ return NF_QUEUE; ++ ++ return NF_ACCEPT; ++} ++ ++static int imq_close(struct net_device *dev) ++{ ++ struct imq_private *priv = netdev_priv(dev); ++ ++ tasklet_kill(&priv->tasklet); ++ netif_stop_queue(dev); ++ ++ return 0; ++} ++ ++static int imq_open(struct net_device *dev) ++{ ++ struct imq_private *priv = netdev_priv(dev); ++ ++ tasklet_init(&priv->tasklet, qdisc_run_tasklet, (unsigned long)dev); ++ netif_start_queue(dev); ++ ++ return 0; ++} ++ ++static void imq_setup(struct net_device *dev) ++{ ++ dev->hard_start_xmit = imq_dev_xmit; ++ dev->open = imq_open; ++ dev->get_stats = imq_get_stats; ++ dev->stop = imq_close; ++ dev->type = ARPHRD_VOID; ++ dev->mtu = 16000; ++ dev->tx_queue_len = 11000; ++ dev->flags = IFF_NOARP; ++} ++ ++static struct rtnl_link_ops imq_link_ops __read_mostly = { ++ .kind = "imq", ++ .priv_size = sizeof(struct imq_private), ++ .setup = imq_setup, ++}; ++ ++static int __init imq_init_hooks(void) ++{ ++ int err; ++ ++ err = nf_register_queue_handler(PF_INET, &nfqh); ++ if (err) ++ goto err1; ++ ++ err = nf_register_hook(&imq_ingress_ipv4); ++ if (err) ++ goto err2; ++ ++ err = nf_register_hook(&imq_egress_ipv4); ++ if (err) ++ goto err3; ++ ++#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) ++ err = nf_register_queue_handler(PF_INET6, &nfqh); ++ if (err) ++ goto err4; ++ ++ err = nf_register_hook(&imq_ingress_ipv6); ++ if (err) ++ goto err5; ++ ++ err = nf_register_hook(&imq_egress_ipv6); ++ if (err) ++ goto err6; ++#endif ++ ++ return 0; ++ ++#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) ++err6: ++ nf_unregister_hook(&imq_ingress_ipv6); ++err5: ++ nf_unregister_queue_handler(PF_INET6, &nfqh); ++err4: ++ nf_unregister_hook(&imq_egress_ipv4); ++#endif ++err3: ++ nf_unregister_hook(&imq_ingress_ipv4); ++err2: ++ nf_unregister_queue_handler(PF_INET, &nfqh); ++err1: ++ return err; ++} ++ ++static int __init imq_init_one(int index) ++{ ++ struct net_device *dev; ++ int ret; ++ ++ dev = alloc_netdev(sizeof(struct imq_private), "imq%d", imq_setup); ++ if (!dev) ++ return -ENOMEM; ++ ++ ret = dev_alloc_name(dev, dev->name); ++ if (ret < 0) ++ goto fail; ++ ++ dev->rtnl_link_ops = &imq_link_ops; ++ ret = register_netdevice(dev); ++ if (ret < 0) ++ goto fail; ++ ++ return 0; ++fail: ++ free_netdev(dev); ++ return ret; ++} ++ ++static int __init imq_init_devs(void) ++{ ++ int err, i; ++ ++ if (!numdevs || numdevs > IMQ_MAX_DEVS) { ++ printk(KERN_ERR "IMQ: numdevs has to be betweed 1 and %u\n", ++ IMQ_MAX_DEVS); ++ return -EINVAL; ++ } ++ ++ rtnl_lock(); ++ err = __rtnl_link_register(&imq_link_ops); ++ ++ for (i = 0; i < numdevs && !err; i++) ++ err = imq_init_one(i); ++ ++ if (err) { ++ __rtnl_link_unregister(&imq_link_ops); ++ memset(imq_devs_cache, 0, sizeof(imq_devs_cache)); ++ } ++ rtnl_unlock(); ++ ++ return err; ++} ++ ++static int __init imq_init_module(void) ++{ ++ int err; ++ ++ err = imq_init_devs(); ++ if (err) { ++ printk(KERN_ERR "IMQ: Error trying imq_init_devs(net)\n"); ++ return err; ++ } ++ ++ err = imq_init_hooks(); ++ if (err) { ++ printk(KERN_ERR "IMQ: Error trying imq_init_hooks()\n"); ++ rtnl_link_unregister(&imq_link_ops); ++ memset(imq_devs_cache, 0, sizeof(imq_devs_cache)); ++ return err; ++ } ++ ++ printk(KERN_INFO "IMQ driver loaded successfully.\n"); ++ ++#if defined(CONFIG_IMQ_BEHAVIOR_BA) || defined(CONFIG_IMQ_BEHAVIOR_BB) ++ printk(KERN_INFO "\tHooking IMQ before NAT on PREROUTING.\n"); ++#else ++ printk(KERN_INFO "\tHooking IMQ after NAT on PREROUTING.\n"); ++#endif ++#if defined(CONFIG_IMQ_BEHAVIOR_AB) || defined(CONFIG_IMQ_BEHAVIOR_BB) ++ printk(KERN_INFO "\tHooking IMQ before NAT on POSTROUTING.\n"); ++#else ++ printk(KERN_INFO "\tHooking IMQ after NAT on POSTROUTING.\n"); ++#endif ++ ++ return 0; ++} ++ ++static void __exit imq_unhook(void) ++{ ++#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) ++ nf_unregister_hook(&imq_ingress_ipv6); ++ nf_unregister_hook(&imq_egress_ipv6); ++ nf_unregister_queue_handler(PF_INET6, &nfqh); ++#endif ++ nf_unregister_hook(&imq_ingress_ipv4); ++ nf_unregister_hook(&imq_egress_ipv4); ++ nf_unregister_queue_handler(PF_INET, &nfqh); ++} ++ ++static void __exit imq_cleanup_devs(void) ++{ ++ rtnl_link_unregister(&imq_link_ops); ++ memset(imq_devs_cache, 0, sizeof(imq_devs_cache)); ++} ++ ++static void __exit imq_exit_module(void) ++{ ++ imq_unhook(); ++ imq_cleanup_devs(); ++ printk(KERN_INFO "IMQ driver unloaded successfully.\n"); ++} ++ ++module_init(imq_init_module); ++module_exit(imq_exit_module); ++ ++module_param(numdevs, int, 0); ++MODULE_PARM_DESC(numdevs, "number of IMQ devices (how many imq* devices will " ++ "be created)"); ++MODULE_AUTHOR("http://www.linuximq.net"); ++MODULE_DESCRIPTION("Pseudo-driver for the intermediate queue device. See " ++ "http://www.linuximq.net/ for more information."); ++MODULE_LICENSE("GPL"); ++MODULE_ALIAS_RTNL_LINK("imq"); ++ +--- /dev/null +++ b/include/linux/imq.h @@ -0,0 +1,9 @@ +#ifndef _IMQ_H @@ -690,6 +728,36 @@ dev_queue_xmit_nit(skb, dev); if (netif_needs_gso(dev, skb)) { +--- a/net/ipv4/netfilter/Kconfig ++++ b/net/ipv4/netfilter/Kconfig +@@ -145,6 +145,17 @@ + + To compile it as a module, choose M here. If unsure, say N. + ++config IP_NF_TARGET_IMQ ++ tristate "IMQ target support" ++ depends on IP_NF_MANGLE ++ help ++ This option adds a `IMQ' target which is used to specify if and ++ to which IMQ device packets should get enqueued/dequeued. ++ ++ For more information visit: http://www.linuximq.net/ ++ ++ To compile it as a module, choose M here. If unsure, say N. ++ + config IP_NF_TARGET_REJECT + tristate "REJECT target support" + depends on IP_NF_FILTER +--- a/net/ipv4/netfilter/Makefile ++++ b/net/ipv4/netfilter/Makefile +@@ -58,6 +58,7 @@ + obj-$(CONFIG_IP_NF_TARGET_CLUSTERIP) += ipt_CLUSTERIP.o + obj-$(CONFIG_IP_NF_TARGET_ECN) += ipt_ECN.o + obj-$(CONFIG_IP_NF_TARGET_LOG) += ipt_LOG.o ++obj-$(CONFIG_IP_NF_TARGET_IMQ) += ipt_IMQ.o + obj-$(CONFIG_IP_NF_TARGET_MASQUERADE) += ipt_MASQUERADE.o + obj-$(CONFIG_IP_NF_TARGET_NETMAP) += ipt_NETMAP.o + obj-$(CONFIG_IP_NF_TARGET_REDIRECT) += ipt_REDIRECT.o --- /dev/null +++ b/net/ipv4/netfilter/ipt_IMQ.c @@ -0,0 +1,69 @@ @@ -709,7 +777,7 @@ + const struct xt_target *target, + const void *targinfo) +{ -+ struct ipt_imq_info *mr = (struct ipt_imq_info*)targinfo; ++ struct ipt_imq_info *mr = (struct ipt_imq_info *)targinfo; + + pskb->imq_flags = mr->todev | IMQ_F_ENQUEUE; + @@ -724,7 +792,7 @@ +{ + struct ipt_imq_info *mr; + -+ mr = (struct ipt_imq_info*)targinfo; ++ mr = (struct ipt_imq_info *)targinfo; + + if (mr->todev > IMQ_MAX_DEVS) { + printk(KERN_WARNING @@ -762,36 +830,34 @@ +MODULE_AUTHOR("http://www.linuximq.net"); +MODULE_DESCRIPTION("Pseudo-driver for the intermediate queue device. See http://www.linuximq.net/ for more information."); +MODULE_LICENSE("GPL"); ---- a/net/ipv4/netfilter/Kconfig -+++ b/net/ipv4/netfilter/Kconfig -@@ -145,6 +145,17 @@ +--- a/net/ipv6/netfilter/Kconfig ++++ b/net/ipv6/netfilter/Kconfig +@@ -179,6 +179,15 @@ To compile it as a module, choose M here. If unsure, say N. -+config IP_NF_TARGET_IMQ -+ tristate "IMQ target support" -+ depends on IP_NF_MANGLE -+ help -+ This option adds a `IMQ' target which is used to specify if and -+ to which IMQ device packets should get enqueued/dequeued. ++config IP6_NF_TARGET_IMQ ++ tristate "IMQ target support" ++ depends on IP6_NF_MANGLE ++ help ++ This option adds a `IMQ' target which is used to specify if and ++ to which imq device packets should get enqueued/dequeued. + -+ For more information visit: http://www.linuximq.net/ ++ To compile it as a module, choose M here. If unsure, say N. + -+ To compile it as a module, choose M here. If unsure, say N. -+ - config IP_NF_TARGET_REJECT - tristate "REJECT target support" - depends on IP_NF_FILTER ---- a/net/ipv4/netfilter/Makefile -+++ b/net/ipv4/netfilter/Makefile -@@ -58,6 +58,7 @@ - obj-$(CONFIG_IP_NF_TARGET_CLUSTERIP) += ipt_CLUSTERIP.o - obj-$(CONFIG_IP_NF_TARGET_ECN) += ipt_ECN.o - obj-$(CONFIG_IP_NF_TARGET_LOG) += ipt_LOG.o -+obj-$(CONFIG_IP_NF_TARGET_IMQ) += ipt_IMQ.o - obj-$(CONFIG_IP_NF_TARGET_MASQUERADE) += ipt_MASQUERADE.o - obj-$(CONFIG_IP_NF_TARGET_NETMAP) += ipt_NETMAP.o - obj-$(CONFIG_IP_NF_TARGET_REDIRECT) += ipt_REDIRECT.o + config IP6_NF_TARGET_HL + tristate 'HL (hoplimit) target support' + depends on IP6_NF_MANGLE +--- a/net/ipv6/netfilter/Makefile ++++ b/net/ipv6/netfilter/Makefile +@@ -6,6 +6,7 @@ + obj-$(CONFIG_IP6_NF_IPTABLES) += ip6_tables.o + obj-$(CONFIG_IP6_NF_FILTER) += ip6table_filter.o + obj-$(CONFIG_IP6_NF_MANGLE) += ip6table_mangle.o ++obj-$(CONFIG_IP6_NF_TARGET_IMQ) += ip6t_IMQ.o + obj-$(CONFIG_IP6_NF_QUEUE) += ip6_queue.o + obj-$(CONFIG_IP6_NF_RAW) += ip6table_raw.o + --- /dev/null +++ b/net/ipv6/netfilter/ip6t_IMQ.c @@ -0,0 +1,69 @@ @@ -811,7 +877,7 @@ + const struct xt_target *target, + const void *targinfo) +{ -+ struct ip6t_imq_info *mr = (struct ip6t_imq_info*)targinfo; ++ struct ip6t_imq_info *mr = (struct ip6t_imq_info *)targinfo; + + pskb->imq_flags = mr->todev | IMQ_F_ENQUEUE; + @@ -826,7 +892,7 @@ +{ + struct ip6t_imq_info *mr; + -+ mr = (struct ip6t_imq_info*)targinfo; ++ mr = (struct ip6t_imq_info *)targinfo; + + if (mr->todev > IMQ_MAX_DEVS) { + printk(KERN_WARNING @@ -864,34 +930,6 @@ +MODULE_AUTHOR("http://www.linuximq.net"); +MODULE_DESCRIPTION("Pseudo-driver for the intermediate queue device. See http://www.linuximq.net/ for more information."); +MODULE_LICENSE("GPL"); ---- a/net/ipv6/netfilter/Kconfig -+++ b/net/ipv6/netfilter/Kconfig -@@ -179,6 +179,15 @@ - - To compile it as a module, choose M here. If unsure, say N. - -+config IP6_NF_TARGET_IMQ -+ tristate "IMQ target support" -+ depends on IP6_NF_MANGLE -+ help -+ This option adds a `IMQ' target which is used to specify if and -+ to which imq device packets should get enqueued/dequeued. -+ -+ To compile it as a module, choose M here. If unsure, say N. -+ - config IP6_NF_TARGET_HL - tristate 'HL (hoplimit) target support' - depends on IP6_NF_MANGLE ---- a/net/ipv6/netfilter/Makefile -+++ b/net/ipv6/netfilter/Makefile -@@ -6,6 +6,7 @@ - obj-$(CONFIG_IP6_NF_IPTABLES) += ip6_tables.o - obj-$(CONFIG_IP6_NF_FILTER) += ip6table_filter.o - obj-$(CONFIG_IP6_NF_MANGLE) += ip6table_mangle.o -+obj-$(CONFIG_IP6_NF_TARGET_IMQ) += ip6t_IMQ.o - obj-$(CONFIG_IP6_NF_QUEUE) += ip6_queue.o - obj-$(CONFIG_IP6_NF_RAW) += ip6table_raw.o - --- a/net/sched/sch_generic.c +++ b/net/sched/sch_generic.c @@ -203,6 +203,7 @@