Nanako/immortalwrt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

kernel/iptables: drop imq support

Browse Source 
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
This commit is contained in:
Tianling Shen 2021-07-23 13:29:02 +08:00
parent 50fc7cd2da
commit aaa39208db
No known key found for this signature in database
GPG Key ID: 6850B6345C862176
7 changed files with 25 additions and 1906 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

69
package/kernel/linux/modules/netfilter.mk
View File

@ -468,75 +468,6 @@ endef
$(eval $(call KernelPackage,ipt-raw))
define KernelPackage/ipt-imq
TITLE:=Intermediate Queueing support
KCONFIG:= \
CONFIG_IMQ \
CONFIG_IMQ_BEHAVIOR_BA=y \
CONFIG_IMQ_NUM_DEVS=2 \
CONFIG_NETFILTER_XT_TARGET_IMQ
FILES:= \
$(LINUX_DIR)/drivers/net/imq.$(LINUX_KMOD_SUFFIX) \
$(foreach mod,$(IPT_IMQ-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
AUTOLOAD:=$(call AutoProbe,$(notdir imq $(IPT_IMQ-m)))
$(call AddDepends/ipt)
endef
define KernelPackage/ipt-imq/description
Kernel support for Intermediate Queueing devices
endef
$(eval $(call KernelPackage,ipt-imq))
define KernelPackage/ipt-bandwidth
SUBMENU:=$(NF_MENU)
TITLE:=bandwidth
KCONFIG:=$(KCONFIG_IPT_BANDWIDTH)
FILES:=$(LINUX_DIR)/net/ipv4/netfilter/*bandwidth*.$(LINUX_KMOD_SUFFIX)
AUTOLOAD:=$(call AutoLoad,$(notdir $(IPT_BANDWIDTH-m)))
DEPENDS:=@!LINUX_5_4 kmod-ipt-core
endef
$(eval $(call KernelPackage,ipt-bandwidth))
define KernelPackage/ipt-timerange
SUBMENU:=$(NF_MENU)
TITLE:=timerange
KCONFIG:=$(KCONFIG_IPT_TIMERANGE)
FILES:=$(LINUX_DIR)/net/ipv4/netfilter/*timerange*.$(LINUX_KMOD_SUFFIX)
AUTOLOAD:=$(call AutoLoad,$(notdir $(IPT_TIMERANGE-m)))
DEPENDS:=@!LINUX_5_4 kmod-ipt-core
endef
$(eval $(call KernelPackage,ipt-timerange))
define KernelPackage/ipt-webmon
SUBMENU:=$(NF_MENU)
TITLE:=webmon
KCONFIG:=$(KCONFIG_IPT_WEBMON)
FILES:=$(LINUX_DIR)/net/ipv4/netfilter/*webmon*.$(LINUX_KMOD_SUFFIX)
AUTOLOAD:=$(call AutoLoad,$(notdir $(IPT_WEBMON-m)))
DEPENDS:=@!LINUX_5_4 kmod-ipt-core
endef
$(eval $(call KernelPackage,ipt-webmon))
define KernelPackage/ipt-weburl
SUBMENU:=$(NF_MENU)
TITLE:=weburl
KCONFIG:=$(KCONFIG_IPT_WEBURL)
FILES:=$(LINUX_DIR)/net/ipv4/netfilter/*weburl*.$(LINUX_KMOD_SUFFIX)
AUTOLOAD:=$(call AutoLoad,$(notdir $(IPT_WEBURL-m)))
DEPENDS:=@!LINUX_5_4 kmod-ipt-core
endef
$(eval $(call KernelPackage,ipt-weburl))
define KernelPackage/ipt-raw6
TITLE:=Netfilter IPv6 raw table support
DEPENDS:=@IPV6

14
package/network/utils/iptables/Makefile
View File

@ -169,19 +169,6 @@ Includes support for:
endef
define Package/iptables-mod-imq
$(call Package/iptables/Module, +kmod-ipt-imq)
TITLE:=IMQ support
endef
define Package/iptables-mod-imq/description
iptables extension for IMQ support.
Targets:
- IMQ
endef
define Package/iptables-mod-ipopt
$(call Package/iptables/Module, +kmod-ipt-ipopt)
TITLE:=IP/Packet option extensions
@ -681,7 +668,6 @@ $(eval $(call BuildPlugin,iptables-mod-conntrack-label,$(IPT_CONNTRACK_LABEL-m))
$(eval $(call BuildPlugin,iptables-mod-extra,$(IPT_EXTRA-m)))
$(eval $(call BuildPlugin,iptables-mod-physdev,$(IPT_PHYSDEV-m)))
$(eval $(call BuildPlugin,iptables-mod-filter,$(IPT_FILTER-m)))
$(eval $(call BuildPlugin,iptables-mod-imq,$(IPT_IMQ-m)))
$(eval $(call BuildPlugin,iptables-mod-ipopt,$(IPT_IPOPT-m)))
$(eval $(call BuildPlugin,iptables-mod-ipsec,$(IPT_IPSEC-m)))
$(eval $(call BuildPlugin,iptables-mod-nat-extra,$(IPT_NAT_EXTRA-m)))

138
package/network/utils/iptables/patches/601-add-imq-support.patch
View File

@ -1,138 +0,0 @@
--- a/dev/null
+++ b/extensions/libxt_IMQ.c
@@ -0,0 +1,105 @@
+/* Shared library add-on to iptables to add IMQ target support. */
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <getopt.h>
+
+#include <xtables.h>
+#include <linux/netfilter/x_tables.h>
+#include <linux/netfilter/xt_IMQ.h>
+
+/* Function which prints out usage message. */
+static void IMQ_help(void)
+{
+ printf(
+"IMQ target options:\n"
+" --todev <N> enqueue to imq<N>, defaults to 0\n");
+
+}
+
+static struct option IMQ_opts[] = {
+ { "todev", 1, 0, '1' },
+ { 0 }
+};
+
+/* Initialize the target. */
+static void IMQ_init(struct xt_entry_target *t)
+{
+ struct xt_imq_info *mr = (struct xt_imq_info*)t->data;
+
+ mr->todev = 0;
+}
+
+/* Function which parses command options; returns true if it
+ ate an option */
+static int IMQ_parse(int c, char **argv, int invert, unsigned int *flags,
+ const void *entry, struct xt_entry_target **target)
+{
+ struct xt_imq_info *mr = (struct xt_imq_info*)(*target)->data;
+
+ switch(c) {
+ case '1':
+/* if (xtables_check_inverse(optarg, &invert, NULL, 0, argv))
+ xtables_error(PARAMETER_PROBLEM,
+ "Unexpected `!' after --todev");
+*/
+ mr->todev=atoi(optarg);
+ break;
+
+ default:
+ return 0;
+ }
+ return 1;
+}
+
+/* Prints out the targinfo. */
+static void IMQ_print(const void *ip,
+ const struct xt_entry_target *target,
+ int numeric)
+{
+ struct xt_imq_info *mr = (struct xt_imq_info*)target->data;
+
+ printf("IMQ: todev %u ", mr->todev);
+}
+
+/* Saves the union ipt_targinfo in parsable form to stdout. */
+static void IMQ_save(const void *ip, const struct xt_entry_target *target)
+{
+ struct xt_imq_info *mr = (struct xt_imq_info*)target->data;
+
+ printf(" --todev %u", mr->todev);
+}
+
+static struct xtables_target imq_target = {
+ .name = "IMQ",
+ .version = XTABLES_VERSION,
+ .family = NFPROTO_IPV4,
+ .size = XT_ALIGN(sizeof(struct xt_imq_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_imq_info)),
+ .help = IMQ_help,
+ .init = IMQ_init,
+ .parse = IMQ_parse,
+ .print = IMQ_print,
+ .save = IMQ_save,
+ .extra_opts = IMQ_opts,
+};
+
+static struct xtables_target imq_target6 = {
+ .name = "IMQ",
+ .version = XTABLES_VERSION,
+ .family = NFPROTO_IPV6,
+ .size = XT_ALIGN(sizeof(struct xt_imq_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_imq_info)),
+ .help = IMQ_help,
+ .init = IMQ_init,
+ .parse = IMQ_parse,
+ .print = IMQ_print,
+ .save = IMQ_save,
+ .extra_opts = IMQ_opts,
+};
+
+// void __attribute((constructor)) nf_ext_init(void){
+void _init(void){
+ xtables_register_target(&imq_target);
+ xtables_register_target(&imq_target6);
+}
--- a/dev/null
+++ b/extensions/libxt_IMQ.man
@@ -0,0 +1,15 @@
+This target is used to redirect the traffic to the IMQ driver and you can apply
+QoS rules like HTB or CBQ.
+For example you can select only traffic comming from a specific interface or
+is going out on a specific interface.
+Also it permits to capture the traffic BEFORE NAT in the case of outgoing traffic
+or AFTER NAT in the case of incomming traffic.
+.TP
+\fB\-\-to\-dev\fP \fIvalue\fP
+Set the IMQ interface where to send this traffic
+.TP
+Example:
+.TP
+Redirect incomming traffic from interface eth0 to imq0 and outgoing traffic to imq1:
+iptables \-t mangle \-A FORWARD \-i eth0 \-j IMQ \-\-to\-dev 0
+iptables \-t mangle \-A FORWARD \-o eth0 \-j IMQ \-\-to\-dev 1
--- a/dev/null
+++ b/include/linux/netfilter/xt_IMQ.h
@@ -0,0 +1,9 @@
+#ifndef _XT_IMQ_H
+#define _XT_IMQ_H
+
+struct xt_imq_info {
+ unsigned int todev; /* target imq device */
+};
+
+#endif /* _XT_IMQ_H */
+

5
target/linux/generic/config-5.4
View File

@ -6556,8 +6556,3 @@ CONFIG_ZONE_DMA=y
# CONFIG_ZRAM_MEMORY_TRACKING is not set
# CONFIG_ZSMALLOC is not set
# CONFIG_ZX_TDM is not set
CONFIG_IMQ_NUM_DEVS=2
# CONFIG_IMQ_BEHAVIOR_AA is not set
# CONFIG_IMQ_BEHAVIOR_AB is not set
CONFIG_IMQ_BEHAVIOR_BA=y
# CONFIG_IMQ_BEHAVIOR_BB is not set

22
target/linux/generic/hack-5.4/952-net-conntrack-events-support-multiple-registrant.patch
View File

@ -1,3 +1,25 @@
From 42824d4b753f84ccf885eca602c5037338b546c8 Mon Sep 17 00:00:00 2001
From: Zhi Chen <zhichen@codeaurora.org>
Date: Tue, 13 Jan 2015 14:28:18 -0800
Subject: [PATCH 3/3] net: conntrack events, support multiple registrant
Merging this patch from kernel 3.4:
This was supported by old (.28) kernel versions but removed
because of it's overhead.
But we need this feature for NA connection manager. Both ipv4
and ipv6 modules needs to register themselves to ct events.
Change-Id: Iebfb254590fb594f5baf232f849d1b7ae45ef757
Signed-off-by: Zhi Chen <zhichen@codeaurora.org>
---
include/net/netfilter/nf_conntrack_ecache.h | 42 ++++++++++++++++++-
include/net/netns/conntrack.h | 4 ++
net/netfilter/Kconfig | 8 ++++
net/netfilter/nf_conntrack_core.c | 4 ++
net/netfilter/nf_conntrack_ecache.c | 63 +++++++++++++++++++++++++++++
net/netfilter/nf_conntrack_netlink.c | 17 ++++++++
6 files changed, 137 insertions(+), 1 deletion(-)
--- a/include/net/netfilter/nf_conntrack_ecache.h
+++ b/include/net/netfilter/nf_conntrack_ecache.h
@@ -72,6 +72,10 @@ struct nf_ct_event {

6
target/linux/generic/hack-5.4/953-net-patch-linux-kernel-to-support-shortcut-fe.patch
View File

@ -99,7 +99,7 @@
#ifdef CONFIG_ETHERNET_PACKET_MANGLE
if (!dev->eth_mangle_tx ||
(skb = dev->eth_mangle_tx(dev, skb)) != NULL)
@@ -4695,6 +4703,11 @@ void netdev_rx_handler_unregister(struct
@@ -4714,6 +4722,11 @@ void netdev_rx_handler_unregister(struct
}
EXPORT_SYMBOL_GPL(netdev_rx_handler_unregister);
@ -111,7 +111,7 @@
/*
* Limit the use of PFMEMALLOC reserves to those protocols that implement
* the special handling of PFMEMALLOC skbs.
@@ -4745,6 +4758,10 @@ static int __netif_receive_skb_core(stru
@@ -4764,6 +4777,10 @@ static int __netif_receive_skb_core(stru
int ret = NET_RX_DROP;
__be16 type;
@ -122,7 +122,7 @@
net_timestamp_check(!netdev_tstamp_prequeue, skb);
trace_netif_receive_skb(skb);
@@ -4784,6 +4801,16 @@ another_round:
@@ -4803,6 +4820,16 @@ another_round:
goto out;
}

1677
target/linux/generic/pending-5.4/601-add-kernel-imq-support.patch
View File

File diff suppressed because it is too large Load Diff