diff --git a/target/linux/generic/patches-4.4/950-net-patch-linux-kernel-to-support-shortcut-fe.patch b/target/linux/generic/patches-4.4/950-net-patch-linux-kernel-to-support-shortcut-fe.patch new file mode 100644 index 0000000000..a410015e2e --- /dev/null +++ b/target/linux/generic/patches-4.4/950-net-patch-linux-kernel-to-support-shortcut-fe.patch @@ -0,0 +1,145 @@ +From ee0b636607a8685dcac16b217ee49432de171cb0 Mon Sep 17 00:00:00 2001 +From: Xiaoping Fan +Date: Fri, 26 Feb 2016 15:01:53 -0800 +Subject: [PATCH 1/3] net: patch linux kernel to support shortcut-fe + +1, add a new flag 'fast_forwarded' in skb structure. +2, put a hook in '__netif_receive_skb_core' to + deliver packet to shortcut-fe. + +Change-Id: Icaa7c172a06df1c3bc89ff89814d1136772fe217 +Signed-off-by: Xiaoping Fan + +msm: ipq806x: exporting TCP sequence check parameters + +This is for use in NSS connection manager. + +Change-Id: I01d30c0ab552308c439353c0d51d3d0ab3aa7699 +Signed-off-by: Pamidipati, Vijay +Signed-off-by: Murat Sezgin +--- + include/linux/skbuff.h | 5 +++++ + net/Kconfig | 3 +++ + net/core/dev.c | 27 +++++++++++++++++++++++++++ + net/netfilter/nf_conntrack_proto_tcp.c | 10 ++++++++++ + 4 files changed, 45 insertions(+) + +diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h +index a4b1aaa..f72eea2 100644 +--- a/include/linux/skbuff.h ++++ b/include/linux/skbuff.h +@@ -643,7 +643,12 @@ struct sk_buff { + __u8 inner_protocol_type:1; + __u8 remcsum_offload:1; + __u8 gro_skip:1; ++#ifdef CONFIG_SHORTCUT_FE ++ __u8 fast_forwarded:1; ++ /* 1 or 3 bit hole */ ++#else + /* 2 or 4 bit hole */ ++#endif + + #ifdef CONFIG_NET_SCHED + __u16 tc_index; /* traffic control index */ +diff --git a/net/Kconfig b/net/Kconfig +index 6dedbb5..e8c6e6c 100644 +--- a/net/Kconfig ++++ b/net/Kconfig +@@ -397,3 +397,6 @@ endif # if NET + # Used by archs to tell that they support BPF_JIT + config HAVE_BPF_JIT + bool ++ ++config SHORTCUT_FE ++ bool "Enables kernel network stack path for Shortcut Forwarding Engine" +diff --git a/net/core/dev.c b/net/core/dev.c +index 11b9cda..3761691 100644 +--- a/net/core/dev.c ++++ b/net/core/dev.c +@@ -2732,8 +2732,17 @@ static int xmit_one(struct sk_buff *skb, struct net_device *dev, + unsigned int len; + int rc; + ++#ifdef CONFIG_SHORTCUT_FE ++ /* If this skb has been fast forwarded then we don't want it to ++ * go to any taps (by definition we're trying to bypass them). ++ */ ++ if (!skb->fast_forwarded) { ++#endif + if (!list_empty(&ptype_all) || !list_empty(&dev->ptype_all)) + dev_queue_xmit_nit(skb, dev); ++#ifdef CONFIG_SHORTCUT_FE ++ } ++#endif + + #ifdef CONFIG_ETHERNET_PACKET_MANGLE + if (!dev->eth_mangle_tx || +@@ -3825,6 +3834,11 @@ void netdev_rx_handler_unregister(struct net_device *dev) + } + EXPORT_SYMBOL_GPL(netdev_rx_handler_unregister); + ++#ifdef CONFIG_SHORTCUT_FE ++int (*fast_nat_recv)(struct sk_buff *skb) __rcu __read_mostly; ++EXPORT_SYMBOL_GPL(fast_nat_recv); ++#endif ++ + /* + * Limit the use of PFMEMALLOC reserves to those protocols that implement + * the special handling of PFMEMALLOC skbs. +@@ -3867,6 +3881,9 @@ static int __netif_receive_skb_core(struct sk_buff *skb, bool pfmemalloc) + bool deliver_exact = false; + int ret = NET_RX_DROP; + __be16 type; ++#ifdef CONFIG_SHORTCUT_FE ++ int (*fast_recv)(struct sk_buff *skb); ++#endif + + net_timestamp_check(!netdev_tstamp_prequeue, skb); + +@@ -3893,6 +3910,16 @@ another_round: + goto out; + } + ++#ifdef CONFIG_SHORTCUT_FE ++ fast_recv = rcu_dereference(fast_nat_recv); ++ if (fast_recv) { ++ if (fast_recv(skb)) { ++ ret = NET_RX_SUCCESS; ++ goto out; ++ } ++ } ++#endif ++ + #ifdef CONFIG_NET_CLS_ACT + if (skb->tc_verd & TC_NCLS) { + skb->tc_verd = CLR_TC_NCLS(skb->tc_verd); +diff --git a/net/netfilter/nf_conntrack_proto_tcp.c b/net/netfilter/nf_conntrack_proto_tcp.c +index d41fdab..6f3cdfd 100644 +--- a/net/netfilter/nf_conntrack_proto_tcp.c ++++ b/net/netfilter/nf_conntrack_proto_tcp.c +@@ -34,12 +34,22 @@ + #include + + /* Do not check the TCP window for incoming packets */ ++#ifdef CONFIG_SHORTCUT_FE ++int nf_ct_tcp_no_window_check __read_mostly = 0; ++EXPORT_SYMBOL_GPL(nf_ct_tcp_no_window_check); ++#else + static int nf_ct_tcp_no_window_check __read_mostly = 1; ++#endif + + /* "Be conservative in what you do, + be liberal in what you accept from others." + If it's non-zero, we mark only out of window RST segments as INVALID. */ ++#ifdef CONFIG_SHORTCUT_FE ++int nf_ct_tcp_be_liberal __read_mostly; ++EXPORT_SYMBOL_GPL(nf_ct_tcp_be_liberal); ++#else + static int nf_ct_tcp_be_liberal __read_mostly = 0; ++#endif + + /* If it is set to zero, we disable picking up already established + connections. */ +-- +2.7.4 + diff --git a/target/linux/generic/patches-4.4/951-bridge-Add-new-bridge-APIs-needed-for-network-HW-acc.patch b/target/linux/generic/patches-4.4/951-bridge-Add-new-bridge-APIs-needed-for-network-HW-acc.patch new file mode 100644 index 0000000000..3153143279 --- /dev/null +++ b/target/linux/generic/patches-4.4/951-bridge-Add-new-bridge-APIs-needed-for-network-HW-acc.patch @@ -0,0 +1,74 @@ +From b24526cad8642f974d3c3c440824ecca68ebd9f0 Mon Sep 17 00:00:00 2001 +From: Murat Sezgin +Date: Tue, 25 Nov 2014 17:22:24 -0800 +Subject: [PATCH 2/3] bridge: Add new bridge APIs needed for network HW + acceleration + +Bridge acceleration hardware needs to perform certain operations, + currently unsupported by the existing bridge code: + + ** cut ** + + *update bridge interface statistics from outside the bridge code: + once acceleration is enabled on a connection, packets will not flow + through the host CPU, so we need the hardware accelerator driver to + maintain the statistics on the host and update them and add whatever + flows through the hardware. + These change adds the corresponding functions, and make it available + to other through EXPORT_SYMBOLS(). + +Change-Id: I67afb325796004053897d9916e2df91827b65139 +Signed-off-by: Murat Sezgin +--- + include/linux/if_bridge.h | 2 ++ + net/bridge/br_if.c | 24 ++++++++++++++++++++++++ + 2 files changed, 26 insertions(+) + +diff --git a/include/linux/if_bridge.h b/include/linux/if_bridge.h +index ef5661b..de79c00 100644 +--- a/include/linux/if_bridge.h ++++ b/include/linux/if_bridge.h +@@ -51,6 +51,8 @@ struct br_ip_list { + #define BR_DEFAULT_AGEING_TIME (300 * HZ) + + extern void brioctl_set(int (*ioctl_hook)(struct net *, unsigned int, void __user *)); ++extern void br_dev_update_stats(struct net_device *dev, ++ struct rtnl_link_stats64 *nlstats); + + typedef int br_should_route_hook_t(struct sk_buff *skb); + extern br_should_route_hook_t __rcu *br_should_route_hook; +diff --git a/net/bridge/br_if.c b/net/bridge/br_if.c +index ec02f58..977415a 100644 +--- a/net/bridge/br_if.c ++++ b/net/bridge/br_if.c +@@ -588,3 +588,27 @@ void br_port_flags_change(struct net_bridge_port *p, unsigned long mask) + if (mask & BR_AUTO_MASK) + nbp_update_port_count(br); + } ++ ++/* Update bridge statistics for bridge packets processed by offload engines */ ++void br_dev_update_stats(struct net_device *dev, ++ struct rtnl_link_stats64 *nlstats) ++{ ++ struct net_bridge *br; ++ struct pcpu_sw_netstats *stats; ++ ++ /* Is this a bridge? */ ++ if (!(dev->priv_flags & IFF_EBRIDGE)) ++ return; ++ ++ br = netdev_priv(dev); ++ stats = this_cpu_ptr(br->stats); ++ ++ u64_stats_update_begin(&stats->syncp); ++ stats->rx_packets += nlstats->rx_packets; ++ stats->rx_bytes += nlstats->rx_bytes; ++ stats->tx_packets += nlstats->tx_packets; ++ stats->tx_bytes += nlstats->tx_bytes; ++ u64_stats_update_end(&stats->syncp); ++} ++EXPORT_SYMBOL_GPL(br_dev_update_stats); ++ +-- +2.7.4 + diff --git a/target/linux/generic/patches-4.4/952-net-conntrack-events-support-multiple-registrant.patch b/target/linux/generic/patches-4.4/952-net-conntrack-events-support-multiple-registrant.patch new file mode 100644 index 0000000000..54e7c07b81 --- /dev/null +++ b/target/linux/generic/patches-4.4/952-net-conntrack-events-support-multiple-registrant.patch @@ -0,0 +1,318 @@ +From 42824d4b753f84ccf885eca602c5037338b546c8 Mon Sep 17 00:00:00 2001 +From: Zhi Chen +Date: Tue, 13 Jan 2015 14:28:18 -0800 +Subject: [PATCH 3/3] net: conntrack events, support multiple registrant + +Merging this patch from kernel 3.4: +This was supported by old (.28) kernel versions but removed +because of it's overhead. +But we need this feature for NA connection manager. Both ipv4 +and ipv6 modules needs to register themselves to ct events. + +Change-Id: Iebfb254590fb594f5baf232f849d1b7ae45ef757 +Signed-off-by: Zhi Chen +--- + include/net/netfilter/nf_conntrack_ecache.h | 42 ++++++++++++++++++- + include/net/netns/conntrack.h | 4 ++ + net/netfilter/Kconfig | 8 ++++ + net/netfilter/nf_conntrack_core.c | 4 ++ + net/netfilter/nf_conntrack_ecache.c | 63 +++++++++++++++++++++++++++++ + net/netfilter/nf_conntrack_netlink.c | 17 ++++++++ + 6 files changed, 137 insertions(+), 1 deletion(-) + +diff --git a/include/net/netfilter/nf_conntrack_ecache.h b/include/net/netfilter/nf_conntrack_ecache.h +index 57c8803..f921354 100644 +--- a/include/net/netfilter/nf_conntrack_ecache.h ++++ b/include/net/netfilter/nf_conntrack_ecache.h +@@ -63,6 +63,10 @@ struct nf_ct_event { + int report; + }; + ++#ifdef CONFIG_NF_CONNTRACK_CHAIN_EVENTS ++extern int nf_conntrack_register_notifier(struct net *net, struct notifier_block *nb); ++extern int nf_conntrack_unregister_notifier(struct net *net, struct notifier_block *nb); ++#else + struct nf_ct_event_notifier { + int (*fcn)(unsigned int events, struct nf_ct_event *item); + }; +@@ -71,17 +75,20 @@ int nf_conntrack_register_notifier(struct net *net, + struct nf_ct_event_notifier *nb); + void nf_conntrack_unregister_notifier(struct net *net, + struct nf_ct_event_notifier *nb); ++#endif + + void nf_ct_deliver_cached_events(struct nf_conn *ct); + + static inline void + nf_conntrack_event_cache(enum ip_conntrack_events event, struct nf_conn *ct) + { +- struct net *net = nf_ct_net(ct); + struct nf_conntrack_ecache *e; ++#ifndef CONFIG_NF_CONNTRACK_CHAIN_EVENTS ++ struct net *net = nf_ct_net(ct); + + if (!rcu_access_pointer(net->ct.nf_conntrack_event_cb)) + return; ++#endif + + e = nf_ct_ecache_find(ct); + if (e == NULL) +@@ -90,6 +97,38 @@ nf_conntrack_event_cache(enum ip_conntrack_events event, struct nf_conn *ct) + set_bit(event, &e->cache); + } + ++#ifdef CONFIG_NF_CONNTRACK_CHAIN_EVENTS ++static inline int ++nf_conntrack_eventmask_report(unsigned int eventmask, ++ struct nf_conn *ct, ++ u32 portid, ++ int report) ++{ ++ struct nf_conntrack_ecache *e; ++ struct net *net = nf_ct_net(ct); ++ ++ e = nf_ct_ecache_find(ct); ++ if (e == NULL) ++ return 0; ++ ++ if (nf_ct_is_confirmed(ct) && !nf_ct_is_dying(ct)) { ++ struct nf_ct_event item = { ++ .ct = ct, ++ .portid = e->portid ? e->portid : portid, ++ .report = report ++ }; ++ /* This is a resent of a destroy event? If so, skip missed */ ++ unsigned long missed = e->portid ? 0 : e->missed; ++ ++ if (!((eventmask | missed) & e->ctmask)) ++ return 0; ++ ++ atomic_notifier_call_chain(&net->ct.nf_conntrack_chain, eventmask | missed, &item); ++ } ++ ++ return 0; ++} ++#else + static inline int + nf_conntrack_eventmask_report(unsigned int eventmask, + struct nf_conn *ct, +@@ -143,6 +182,7 @@ out_unlock: + rcu_read_unlock(); + return ret; + } ++#endif + + static inline int + nf_conntrack_event_report(enum ip_conntrack_events event, struct nf_conn *ct, +diff --git a/include/net/netns/conntrack.h b/include/net/netns/conntrack.h +index 723b61c..fbb9c16 100644 +--- a/include/net/netns/conntrack.h ++++ b/include/net/netns/conntrack.h +@@ -100,7 +100,11 @@ struct netns_ct { + struct hlist_head *expect_hash; + struct ct_pcpu __percpu *pcpu_lists; + struct ip_conntrack_stat __percpu *stat; ++#ifdef CONFIG_NF_CONNTRACK_CHAIN_EVENTS ++ struct atomic_notifier_head nf_conntrack_chain; ++#else + struct nf_ct_event_notifier __rcu *nf_conntrack_event_cb; ++#endif + struct nf_exp_event_notifier __rcu *nf_expect_event_cb; + struct nf_ip_net nf_ct_proto; + #if defined(CONFIG_NF_CONNTRACK_LABELS) +diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig +index 7da6cef..c374447 100644 +--- a/net/netfilter/Kconfig ++++ b/net/netfilter/Kconfig +@@ -136,6 +136,14 @@ config NF_CONNTRACK_TIMEOUT + + If unsure, say `N'. + ++config NF_CONNTRACK_CHAIN_EVENTS ++ bool "Register multiple callbacks to ct events" ++ depends on NF_CONNTRACK_EVENTS ++ help ++ Support multiple registrations. ++ ++ If unsure, say `N'. ++ + config NF_CONNTRACK_TIMESTAMP + bool 'Connection tracking timestamping' + depends on NETFILTER_ADVANCED +diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c +index 86a3c6f..027c203 100644 +--- a/net/netfilter/nf_conntrack_core.c ++++ b/net/netfilter/nf_conntrack_core.c +@@ -1817,6 +1817,10 @@ int nf_conntrack_init_net(struct net *net) + ret = nf_conntrack_proto_pernet_init(net); + if (ret < 0) + goto err_proto; ++ ++#ifdef CONFIG_NF_CONNTRACK_CHAIN_EVENTS ++ ATOMIC_INIT_NOTIFIER_HEAD(&net->ct.nf_conntrack_chain); ++#endif + return 0; + + err_proto: +diff --git a/net/netfilter/nf_conntrack_ecache.c b/net/netfilter/nf_conntrack_ecache.c +index 4e78c57..d3e6773 100644 +--- a/net/netfilter/nf_conntrack_ecache.c ++++ b/net/netfilter/nf_conntrack_ecache.c +@@ -18,6 +18,9 @@ + #include + #include + #include ++#ifdef CONFIG_NF_CONNTRACK_CHAIN_EVENTS ++#include ++#endif + #include + #include + #include +@@ -115,6 +118,51 @@ static void ecache_work(struct work_struct *work) + + /* deliver cached events and clear cache entry - must be called with locally + * disabled softirqs */ ++#ifdef CONFIG_NF_CONNTRACK_CHAIN_EVENTS ++void nf_ct_deliver_cached_events(struct nf_conn *ct) ++{ ++ unsigned long events, missed; ++ struct nf_conntrack_ecache *e; ++ struct nf_ct_event item; ++ struct net *net = nf_ct_net(ct); ++ int ret = 0; ++ ++ e = nf_ct_ecache_find(ct); ++ if (e == NULL) ++ return; ++ ++ events = xchg(&e->cache, 0); ++ ++ if (!nf_ct_is_confirmed(ct) || nf_ct_is_dying(ct) || !events) ++ return; ++ ++ /* We make a copy of the missed event cache without taking ++ * the lock, thus we may send missed events twice. However, ++ * this does not harm and it happens very rarely. */ ++ missed = e->missed; ++ ++ if (!((events | missed) & e->ctmask)) ++ return; ++ ++ item.ct = ct; ++ item.portid = 0; ++ item.report = 0; ++ ++ atomic_notifier_call_chain(&net->ct.nf_conntrack_chain, ++ events | missed, ++ &item); ++ ++ if (likely(ret >= 0 && !missed)) ++ return; ++ ++ spin_lock_bh(&ct->lock); ++ if (ret < 0) ++ e->missed |= events; ++ else ++ e->missed &= ~missed; ++ spin_unlock_bh(&ct->lock); ++} ++#else + void nf_ct_deliver_cached_events(struct nf_conn *ct) + { + struct net *net = nf_ct_net(ct); +@@ -165,8 +213,15 @@ void nf_ct_deliver_cached_events(struct nf_conn *ct) + out_unlock: + rcu_read_unlock(); + } ++#endif + EXPORT_SYMBOL_GPL(nf_ct_deliver_cached_events); + ++#ifdef CONFIG_NF_CONNTRACK_CHAIN_EVENTS ++int nf_conntrack_register_notifier(struct net *net, struct notifier_block *nb) ++{ ++ return atomic_notifier_chain_register(&net->ct.nf_conntrack_chain, nb); ++} ++#else + int nf_conntrack_register_notifier(struct net *net, + struct nf_ct_event_notifier *new) + { +@@ -187,8 +242,15 @@ out_unlock: + mutex_unlock(&nf_ct_ecache_mutex); + return ret; + } ++#endif + EXPORT_SYMBOL_GPL(nf_conntrack_register_notifier); + ++#ifdef CONFIG_NF_CONNTRACK_CHAIN_EVENTS ++int nf_conntrack_unregister_notifier(struct net *net, struct notifier_block *nb) ++{ ++ return atomic_notifier_chain_unregister(&net->ct.nf_conntrack_chain, nb); ++} ++#else + void nf_conntrack_unregister_notifier(struct net *net, + struct nf_ct_event_notifier *new) + { +@@ -201,6 +263,7 @@ void nf_conntrack_unregister_notifier(struct net *net, + RCU_INIT_POINTER(net->ct.nf_conntrack_event_cb, NULL); + mutex_unlock(&nf_ct_ecache_mutex); + } ++#endif + EXPORT_SYMBOL_GPL(nf_conntrack_unregister_notifier); + + int nf_ct_expect_register_notifier(struct net *net, +diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c +index 9f52729..8d8f355 100644 +--- a/net/netfilter/nf_conntrack_netlink.c ++++ b/net/netfilter/nf_conntrack_netlink.c +@@ -28,6 +28,9 @@ + #include + #include + #include ++#ifdef CONFIG_NF_CONNTRACK_CHAIN_EVENTS ++#include ++#endif + #include + + #include +@@ -629,14 +632,22 @@ ctnetlink_nlmsg_size(const struct nf_conn *ct) + } + + #ifdef CONFIG_NF_CONNTRACK_EVENTS ++#ifdef CONFIG_NF_CONNTRACK_CHAIN_EVENTS ++static int ctnetlink_conntrack_event(struct notifier_block *this, ++ unsigned long events, void *ptr) ++#else + static int + ctnetlink_conntrack_event(unsigned int events, struct nf_ct_event *item) ++#endif + { + const struct nf_conntrack_zone *zone; + struct net *net; + struct nlmsghdr *nlh; + struct nfgenmsg *nfmsg; + struct nlattr *nest_parms; ++#ifdef CONFIG_NF_CONNTRACK_CHAIN_EVENTS ++ struct nf_ct_event *item = ptr; ++#endif + struct nf_conn *ct = item->ct; + struct sk_buff *skb; + unsigned int type; +@@ -3258,9 +3269,15 @@ ctnetlink_stat_exp_cpu(struct sock *ctnl, struct sk_buff *skb, + } + + #ifdef CONFIG_NF_CONNTRACK_EVENTS ++#ifdef CONFIG_NF_CONNTRACK_CHAIN_EVENTS ++static struct notifier_block ctnl_notifier = { ++ .notifier_call = ctnetlink_conntrack_event, ++}; ++#else + static struct nf_ct_event_notifier ctnl_notifier = { + .fcn = ctnetlink_conntrack_event, + }; ++#endif + + static struct nf_exp_event_notifier ctnl_notifier_exp = { + .fcn = ctnetlink_expect_event, +-- +2.7.4 +