This should not be necessary and causes the script to wait for two seconds.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Daniel Weismüller daniel.weismueller@ipfire.org --- config/qos/makeqosscripts.pl | 4 ---- 1 file changed, 4 deletions(-)
diff --git a/config/qos/makeqosscripts.pl b/config/qos/makeqosscripts.pl index cddfa2772..053b32161 100644 --- a/config/qos/makeqosscripts.pl +++ b/config/qos/makeqosscripts.pl @@ -407,10 +407,6 @@ print <<END ###
### BRING UP $qossettings{'IMQ_DEV'} - if [ `lsmod | grep -q ipt_IMQ` ]; then - insmod ipt_IMQ - sleep 2 - fi modprobe imq numdevs=1 numqueues=$(grep -c "^processor" /proc/cpuinfo || echo 1) ip link set $qossettings{'IMQ_DEV'} up
This is an alternative implementation to the Intermediate Queuing Device (IMQ) which is an out-of-tree kernel patch and has been criticised for being slow, especially with mutliple processors.
IFB is part of the mainline kernel and a lot less code.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Daniel Weismüller daniel.weismueller@ipfire.org --- config/qos/makeqosscripts.pl | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-)
diff --git a/config/qos/makeqosscripts.pl b/config/qos/makeqosscripts.pl index 053b32161..b25aad93a 100644 --- a/config/qos/makeqosscripts.pl +++ b/config/qos/makeqosscripts.pl @@ -406,10 +406,20 @@ print <<END ### $qossettings{'IMQ_DEV'} ###
+ tc qdisc del dev $qossettings{'RED_DEV'} root + tc qdisc del dev $qossettings{'RED_DEV'} ingress + tc qdisc add dev $qossettings{'RED_DEV'} handle ffff: ingress + ### BRING UP $qossettings{'IMQ_DEV'} - modprobe imq numdevs=1 numqueues=$(grep -c "^processor" /proc/cpuinfo || echo 1) + if [ ! -d "/sys/class/net/$qossettings{'IMQ_DEV'}" ]; then + ip link add name $qossettings{'IMQ_DEV'} type ifb + fi + ip link set $qossettings{'IMQ_DEV'} up
+ tc filter add dev $qossettings{'RED_DEV'} parent ffff: protocol all u32 match u32 0 0 \ + action mirred egress redirect dev $qossettings{'IMQ_DEV'} + ### ADD HTB QDISC FOR $qossettings{'IMQ_DEV'} tc qdisc del dev $qossettings{'IMQ_DEV'} root >/dev/null 2>&1 tc qdisc add dev $qossettings{'IMQ_DEV'} root handle 2: htb default $qossettings{'DEFCLASS_INC'} @@ -510,7 +520,6 @@ print <<END iptables -t mangle -A POSTROUTING -i $qossettings{'RED_DEV'} -p ah -j RETURN iptables -t mangle -A POSTROUTING -i $qossettings{'RED_DEV'} -p esp -j RETURN iptables -t mangle -A POSTROUTING -i $qossettings{'RED_DEV'} -p ip -j RETURN - iptables -t mangle -A POSTROUTING -m mark ! --mark 0 ! -o $qossettings{'RED_DEV'} -j IMQ --todev 0 iptables -t mangle -I FORWARD -i $qossettings{'RED_DEV'} -j QOS-INC iptables -t mangle -A FORWARD -i $qossettings{'RED_DEV'} -j QOS-TOS
@@ -527,7 +536,6 @@ print <<END iptables -t mangle -A PREROUTING -i $qossettings{'RED_DEV'} -p ah -j RETURN iptables -t mangle -A PREROUTING -i $qossettings{'RED_DEV'} -p esp -j RETURN iptables -t mangle -A PREROUTING -i $qossettings{'RED_DEV'} -p ip -j RETURN - iptables -t mangle -A PREROUTING -i $qossettings{'RED_DEV'} -j IMQ --todev 0 iptables -t mangle -I PREROUTING -i $qossettings{'RED_DEV'} -j QOS-INC iptables -t mangle -A PREROUTING -i $qossettings{'RED_DEV'} -j QOS-TOS
@@ -688,16 +696,14 @@ print <<END tc qdisc add root dev $qossettings{'IMQ_DEV'} fq_codel >/dev/null 2>&1 # STOP IMQ-DEVICE ip link set $qossettings{'IMQ_DEV'} down >/dev/null 2>&1 + + # REMOVE & FLUSH CHAINS iptables -t mangle --delete POSTROUTING -i $qossettings{'RED_DEV'} -p ah -j RETURN >/dev/null 2>&1 iptables -t mangle --delete POSTROUTING -i $qossettings{'RED_DEV'} -p esp -j RETURN >/dev/null 2>&1 iptables -t mangle --delete POSTROUTING -i $qossettings{'RED_DEV'} -p ip -j RETURN >/dev/null 2>&1 iptables -t mangle --delete PREROUTING -i $qossettings{'RED_DEV'} -p ah -j RETURN >/dev/null 2>&1 iptables -t mangle --delete PREROUTING -i $qossettings{'RED_DEV'} -p esp -j RETURN >/dev/null 2>&1 iptables -t mangle --delete PREROUTING -i $qossettings{'RED_DEV'} -p ip -j RETURN >/dev/null 2>&1 - iptables -t mangle --delete POSTROUTING -m mark ! --mark 0 ! -o $qossettings{'RED_DEV'} -j IMQ --todev 0 >/dev/null 2>&1 - iptables -t mangle --delete PREROUTING -i $qossettings{'RED_DEV'} -j IMQ --todev 0 >/dev/null 2>&1 - # rmmod imq # this crash on 2.6.25.xx - # REMOVE & FLUSH CHAINS iptables -t mangle --delete POSTROUTING -o $qossettings{'RED_DEV'} -j QOS-OUT >/dev/null 2>&1 iptables -t mangle --delete POSTROUTING -o $qossettings{'RED_DEV'} -j QOS-TOS >/dev/null 2>&1 iptables -t mangle --flush QOS-OUT >/dev/null 2>&1
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Daniel Weismüller daniel.weismueller@ipfire.org --- config/qos/makeqosscripts.pl | 3 +++ 1 file changed, 3 insertions(+)
diff --git a/config/qos/makeqosscripts.pl b/config/qos/makeqosscripts.pl index b25aad93a..fbc2da95a 100644 --- a/config/qos/makeqosscripts.pl +++ b/config/qos/makeqosscripts.pl @@ -691,11 +691,14 @@ print <<END (sleep 3 && killall -9 qosd &>/dev/null) & # DELETE QDISCS tc qdisc del dev $qossettings{'RED_DEV'} root >/dev/null 2>&1 + tc qdisc del dev $qossettings{'RED_DEV'} ingress >/dev/null 2>&1 tc qdisc add root dev $qossettings{'RED_DEV'} fq_codel >/dev/null 2>&1 tc qdisc del dev $qossettings{'IMQ_DEV'} root >/dev/null 2>&1 + tc qdisc del dev $qossettings{'IMQ_DEV'} ingress >/dev/null 2>&1 tc qdisc add root dev $qossettings{'IMQ_DEV'} fq_codel >/dev/null 2>&1 # STOP IMQ-DEVICE ip link set $qossettings{'IMQ_DEV'} down >/dev/null 2>&1 + ip link del $qossettings{'IMQ_DEV'} >/dev/null 2>&1
# REMOVE & FLUSH CHAINS iptables -t mangle --delete POSTROUTING -i $qossettings{'RED_DEV'} -p ah -j RETURN >/dev/null 2>&1
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Daniel Weismüller daniel.weismueller@ipfire.org --- config/qos/makeqosscripts.pl | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/config/qos/makeqosscripts.pl b/config/qos/makeqosscripts.pl index fbc2da95a..dbb07ac55 100644 --- a/config/qos/makeqosscripts.pl +++ b/config/qos/makeqosscripts.pl @@ -675,8 +675,8 @@ END print <<END
## STARTING COLLECTOR - ( sleep 10 && /usr/local/bin/qosd $qossettings{'RED_DEV'} >/dev/null 2>&1) & - ( sleep 10 && /usr/local/bin/qosd $qossettings{'IMQ_DEV'} >/dev/null 2>&1) & + /usr/local/bin/qosd $qossettings{'RED_DEV'} >/dev/null 2>&1 + /usr/local/bin/qosd $qossettings{'IMQ_DEV'} >/dev/null 2>&1
for i in $(ls $RRDLOG/class_*.rrd); do rrdtool update $i $(date +%s): 2>/dev/null @@ -688,7 +688,7 @@ print <<END clear|stop) ### RESET EVERYTHING TO A KNOWN STATE killall qosd >/dev/null 2>&1 - (sleep 3 && killall -9 qosd &>/dev/null) & + # DELETE QDISCS tc qdisc del dev $qossettings{'RED_DEV'} root >/dev/null 2>&1 tc qdisc del dev $qossettings{'RED_DEV'} ingress >/dev/null 2>&1
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Daniel Weismüller daniel.weismueller@ipfire.org --- config/qos/makeqosscripts.pl | 1 - 1 file changed, 1 deletion(-)
diff --git a/config/qos/makeqosscripts.pl b/config/qos/makeqosscripts.pl index dbb07ac55..70c1c13a1 100644 --- a/config/qos/makeqosscripts.pl +++ b/config/qos/makeqosscripts.pl @@ -406,7 +406,6 @@ print <<END ### $qossettings{'IMQ_DEV'} ###
- tc qdisc del dev $qossettings{'RED_DEV'} root tc qdisc del dev $qossettings{'RED_DEV'} ingress tc qdisc add dev $qossettings{'RED_DEV'} handle ffff: ingress
This is no longer needed since we are using IFB now
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Daniel Weismüller daniel.weismueller@ipfire.org --- config/kernel/kernel.config.aarch64-ipfire | 7 - .../kernel/kernel.config.armv5tel-ipfire-kirkwood | 7 - config/kernel/kernel.config.armv5tel-ipfire-multi | 7 - config/kernel/kernel.config.i586-ipfire | 7 - config/kernel/kernel.config.i586-ipfire-pae | 7 - config/kernel/kernel.config.x86_64-ipfire | 7 - config/rootfiles/common/aarch64/linux | 13 - config/rootfiles/common/armv5tel/linux-kirkwood | 13 - config/rootfiles/common/armv5tel/linux-multi | 13 - config/rootfiles/common/i586/linux | 13 - config/rootfiles/common/iptables | 1 - config/rootfiles/common/x86_64/linux | 13 - config/rootfiles/packages/linux-pae | 13 - lfs/iptables | 3 - lfs/linux | 3 - src/patches/iptables-1.4.12-IMQ-test4.diff | 141 -- src/patches/linux/linux-4.14-imq.diff | 1759 -------------------- 17 files changed, 2027 deletions(-) delete mode 100644 src/patches/iptables-1.4.12-IMQ-test4.diff delete mode 100644 src/patches/linux/linux-4.14-imq.diff
diff --git a/config/kernel/kernel.config.aarch64-ipfire b/config/kernel/kernel.config.aarch64-ipfire index e263041a8..778b05a9a 100644 --- a/config/kernel/kernel.config.aarch64-ipfire +++ b/config/kernel/kernel.config.aarch64-ipfire @@ -908,7 +908,6 @@ CONFIG_NETFILTER_XT_TARGET_HMARK=m CONFIG_NETFILTER_XT_TARGET_IDLETIMER=m CONFIG_NETFILTER_XT_TARGET_LED=m CONFIG_NETFILTER_XT_TARGET_LOG=m -CONFIG_NETFILTER_XT_TARGET_IMQ=m CONFIG_NETFILTER_XT_TARGET_MARK=m CONFIG_NETFILTER_XT_NAT=m CONFIG_NETFILTER_XT_TARGET_NETMAP=m @@ -1992,12 +1991,6 @@ CONFIG_NETCONSOLE=m CONFIG_NETCONSOLE_DYNAMIC=y CONFIG_NETPOLL=y CONFIG_NET_POLL_CONTROLLER=y -CONFIG_IMQ=m -# CONFIG_IMQ_BEHAVIOR_AA is not set -CONFIG_IMQ_BEHAVIOR_AB=y -# CONFIG_IMQ_BEHAVIOR_BA is not set -# CONFIG_IMQ_BEHAVIOR_BB is not set -CONFIG_IMQ_NUM_DEVS=2 CONFIG_TUN=m CONFIG_TAP=m # CONFIG_TUN_VNET_CROSS_LE is not set diff --git a/config/kernel/kernel.config.armv5tel-ipfire-kirkwood b/config/kernel/kernel.config.armv5tel-ipfire-kirkwood index 35af2a984..fcbac3bcd 100644 --- a/config/kernel/kernel.config.armv5tel-ipfire-kirkwood +++ b/config/kernel/kernel.config.armv5tel-ipfire-kirkwood @@ -894,7 +894,6 @@ CONFIG_NETFILTER_XT_TARGET_HMARK=m CONFIG_NETFILTER_XT_TARGET_IDLETIMER=m CONFIG_NETFILTER_XT_TARGET_LED=m CONFIG_NETFILTER_XT_TARGET_LOG=m -CONFIG_NETFILTER_XT_TARGET_IMQ=m CONFIG_NETFILTER_XT_TARGET_MARK=m CONFIG_NETFILTER_XT_NAT=m CONFIG_NETFILTER_XT_TARGET_NETMAP=m @@ -1955,12 +1954,6 @@ CONFIG_NETCONSOLE=m CONFIG_NETCONSOLE_DYNAMIC=y CONFIG_NETPOLL=y CONFIG_NET_POLL_CONTROLLER=y -CONFIG_IMQ=m -# CONFIG_IMQ_BEHAVIOR_AA is not set -CONFIG_IMQ_BEHAVIOR_AB=y -# CONFIG_IMQ_BEHAVIOR_BA is not set -# CONFIG_IMQ_BEHAVIOR_BB is not set -CONFIG_IMQ_NUM_DEVS=2 CONFIG_TUN=m CONFIG_TAP=m # CONFIG_TUN_VNET_CROSS_LE is not set diff --git a/config/kernel/kernel.config.armv5tel-ipfire-multi b/config/kernel/kernel.config.armv5tel-ipfire-multi index e3be55bf5..fc74eb142 100644 --- a/config/kernel/kernel.config.armv5tel-ipfire-multi +++ b/config/kernel/kernel.config.armv5tel-ipfire-multi @@ -1166,7 +1166,6 @@ CONFIG_NETFILTER_XT_TARGET_HMARK=m CONFIG_NETFILTER_XT_TARGET_IDLETIMER=m CONFIG_NETFILTER_XT_TARGET_LED=m CONFIG_NETFILTER_XT_TARGET_LOG=m -CONFIG_NETFILTER_XT_TARGET_IMQ=m CONFIG_NETFILTER_XT_TARGET_MARK=m CONFIG_NETFILTER_XT_NAT=m CONFIG_NETFILTER_XT_TARGET_NETMAP=m @@ -2263,12 +2262,6 @@ CONFIG_NETCONSOLE=m CONFIG_NETCONSOLE_DYNAMIC=y CONFIG_NETPOLL=y CONFIG_NET_POLL_CONTROLLER=y -CONFIG_IMQ=m -# CONFIG_IMQ_BEHAVIOR_AA is not set -CONFIG_IMQ_BEHAVIOR_AB=y -# CONFIG_IMQ_BEHAVIOR_BA is not set -# CONFIG_IMQ_BEHAVIOR_BB is not set -CONFIG_IMQ_NUM_DEVS=2 CONFIG_TUN=m CONFIG_TAP=m # CONFIG_TUN_VNET_CROSS_LE is not set diff --git a/config/kernel/kernel.config.i586-ipfire b/config/kernel/kernel.config.i586-ipfire index 726e2fe03..4eaae6f74 100644 --- a/config/kernel/kernel.config.i586-ipfire +++ b/config/kernel/kernel.config.i586-ipfire @@ -1102,7 +1102,6 @@ CONFIG_NETFILTER_XT_TARGET_HMARK=m CONFIG_NETFILTER_XT_TARGET_IDLETIMER=m CONFIG_NETFILTER_XT_TARGET_LED=m CONFIG_NETFILTER_XT_TARGET_LOG=m -CONFIG_NETFILTER_XT_TARGET_IMQ=m CONFIG_NETFILTER_XT_TARGET_MARK=m CONFIG_NETFILTER_XT_NAT=m CONFIG_NETFILTER_XT_TARGET_NETMAP=m @@ -2171,12 +2170,6 @@ CONFIG_NETCONSOLE=m CONFIG_NETCONSOLE_DYNAMIC=y CONFIG_NETPOLL=y CONFIG_NET_POLL_CONTROLLER=y -CONFIG_IMQ=m -# CONFIG_IMQ_BEHAVIOR_AA is not set -CONFIG_IMQ_BEHAVIOR_AB=y -# CONFIG_IMQ_BEHAVIOR_BA is not set -# CONFIG_IMQ_BEHAVIOR_BB is not set -CONFIG_IMQ_NUM_DEVS=2 CONFIG_TUN=m CONFIG_TAP=m # CONFIG_TUN_VNET_CROSS_LE is not set diff --git a/config/kernel/kernel.config.i586-ipfire-pae b/config/kernel/kernel.config.i586-ipfire-pae index 4a61ff534..526adbbcb 100644 --- a/config/kernel/kernel.config.i586-ipfire-pae +++ b/config/kernel/kernel.config.i586-ipfire-pae @@ -1120,7 +1120,6 @@ CONFIG_NETFILTER_XT_TARGET_HMARK=m CONFIG_NETFILTER_XT_TARGET_IDLETIMER=m CONFIG_NETFILTER_XT_TARGET_LED=m CONFIG_NETFILTER_XT_TARGET_LOG=m -CONFIG_NETFILTER_XT_TARGET_IMQ=m CONFIG_NETFILTER_XT_TARGET_MARK=m CONFIG_NETFILTER_XT_NAT=m CONFIG_NETFILTER_XT_TARGET_NETMAP=m @@ -2191,12 +2190,6 @@ CONFIG_NETCONSOLE=m CONFIG_NETCONSOLE_DYNAMIC=y CONFIG_NETPOLL=y CONFIG_NET_POLL_CONTROLLER=y -CONFIG_IMQ=m -# CONFIG_IMQ_BEHAVIOR_AA is not set -CONFIG_IMQ_BEHAVIOR_AB=y -# CONFIG_IMQ_BEHAVIOR_BA is not set -# CONFIG_IMQ_BEHAVIOR_BB is not set -CONFIG_IMQ_NUM_DEVS=2 CONFIG_TUN=m CONFIG_TAP=m # CONFIG_TUN_VNET_CROSS_LE is not set diff --git a/config/kernel/kernel.config.x86_64-ipfire b/config/kernel/kernel.config.x86_64-ipfire index da87dce2d..c9563234e 100644 --- a/config/kernel/kernel.config.x86_64-ipfire +++ b/config/kernel/kernel.config.x86_64-ipfire @@ -1094,7 +1094,6 @@ CONFIG_NETFILTER_XT_TARGET_HMARK=m CONFIG_NETFILTER_XT_TARGET_IDLETIMER=m CONFIG_NETFILTER_XT_TARGET_LED=m CONFIG_NETFILTER_XT_TARGET_LOG=m -CONFIG_NETFILTER_XT_TARGET_IMQ=m CONFIG_NETFILTER_XT_TARGET_MARK=m CONFIG_NETFILTER_XT_NAT=y CONFIG_NETFILTER_XT_TARGET_NETMAP=m @@ -2148,12 +2147,6 @@ CONFIG_NETCONSOLE=m CONFIG_NETCONSOLE_DYNAMIC=y CONFIG_NETPOLL=y CONFIG_NET_POLL_CONTROLLER=y -CONFIG_IMQ=m -# CONFIG_IMQ_BEHAVIOR_AA is not set -CONFIG_IMQ_BEHAVIOR_AB=y -# CONFIG_IMQ_BEHAVIOR_BA is not set -# CONFIG_IMQ_BEHAVIOR_BB is not set -CONFIG_IMQ_NUM_DEVS=2 CONFIG_TUN=m CONFIG_TAP=m # CONFIG_TUN_VNET_CROSS_LE is not set diff --git a/config/rootfiles/common/aarch64/linux b/config/rootfiles/common/aarch64/linux index 0451cadcd..d8e93542d 100644 --- a/config/rootfiles/common/aarch64/linux +++ b/config/rootfiles/common/aarch64/linux @@ -7648,12 +7648,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/config/illegal #lib/modules/KVER-ipfire/build/include/config/illegal/pointer #lib/modules/KVER-ipfire/build/include/config/illegal/pointer/value.h -#lib/modules/KVER-ipfire/build/include/config/imq -#lib/modules/KVER-ipfire/build/include/config/imq.h -#lib/modules/KVER-ipfire/build/include/config/imq/behavior -#lib/modules/KVER-ipfire/build/include/config/imq/behavior/ab.h -#lib/modules/KVER-ipfire/build/include/config/imq/num -#lib/modules/KVER-ipfire/build/include/config/imq/num/devs.h #lib/modules/KVER-ipfire/build/include/config/inet #lib/modules/KVER-ipfire/build/include/config/inet.h #lib/modules/KVER-ipfire/build/include/config/inet/ah.h @@ -8793,7 +8787,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/hl.h #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/hmark.h #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/idletimer.h -#lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/imq.h #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/led.h #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/log.h #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/mark.h @@ -12157,7 +12150,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/linux/iio/triggered_event.h #lib/modules/KVER-ipfire/build/include/linux/iio/types.h #lib/modules/KVER-ipfire/build/include/linux/ima.h -#lib/modules/KVER-ipfire/build/include/linux/imq.h #lib/modules/KVER-ipfire/build/include/linux/imx-media.h #lib/modules/KVER-ipfire/build/include/linux/in.h #lib/modules/KVER-ipfire/build/include/linux/in6.h @@ -12770,7 +12762,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/linux/netfilter/nfnetlink.h #lib/modules/KVER-ipfire/build/include/linux/netfilter/nfnetlink_acct.h #lib/modules/KVER-ipfire/build/include/linux/netfilter/x_tables.h -#lib/modules/KVER-ipfire/build/include/linux/netfilter/xt_IMQ.h #lib/modules/KVER-ipfire/build/include/linux/netfilter/xt_hashlimit.h #lib/modules/KVER-ipfire/build/include/linux/netfilter/xt_physdev.h #lib/modules/KVER-ipfire/build/include/linux/netfilter_arp @@ -12784,11 +12775,9 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv4 #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv4.h #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv4/ip_tables.h -#lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv4/ipt_IMQ.h #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv6 #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv6.h #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv6/ip6_tables.h -#lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv6/ip6t_IMQ.h #lib/modules/KVER-ipfire/build/include/linux/netlink.h #lib/modules/KVER-ipfire/build/include/linux/netpoll.h #lib/modules/KVER-ipfire/build/include/linux/nfs.h @@ -18482,7 +18471,6 @@ lib/modules/KVER-ipfire/kernel #lib/modules/KVER-ipfire/kernel/drivers/net/ethernet/wiznet/w5300.ko.xz #lib/modules/KVER-ipfire/kernel/drivers/net/geneve.ko.xz #lib/modules/KVER-ipfire/kernel/drivers/net/ifb.ko.xz -#lib/modules/KVER-ipfire/kernel/drivers/net/imq.ko.xz #lib/modules/KVER-ipfire/kernel/drivers/net/ipvlan #lib/modules/KVER-ipfire/kernel/drivers/net/ipvlan/ipvlan.ko.xz #lib/modules/KVER-ipfire/kernel/drivers/net/ipvlan/ipvtap.ko.xz @@ -19450,7 +19438,6 @@ lib/modules/KVER-ipfire/kernel #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_HL.ko.xz #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_HMARK.ko.xz #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_IDLETIMER.ko.xz -#lib/modules/KVER-ipfire/kernel/net/netfilter/xt_IMQ.ko.xz #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_LED.ko.xz #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_LOG.ko.xz #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_NETMAP.ko.xz diff --git a/config/rootfiles/common/armv5tel/linux-kirkwood b/config/rootfiles/common/armv5tel/linux-kirkwood index 78d0050de..2269896d8 100644 --- a/config/rootfiles/common/armv5tel/linux-kirkwood +++ b/config/rootfiles/common/armv5tel/linux-kirkwood @@ -7370,12 +7370,6 @@ boot/vmlinuz-KVER-ipfire-kirkwood #lib/modules/KVER-ipfire-kirkwood/build/include/config/iio/kfifo #lib/modules/KVER-ipfire-kirkwood/build/include/config/iio/kfifo/buf.h #lib/modules/KVER-ipfire-kirkwood/build/include/config/iio/trigger.h -#lib/modules/KVER-ipfire-kirkwood/build/include/config/imq -#lib/modules/KVER-ipfire-kirkwood/build/include/config/imq.h -#lib/modules/KVER-ipfire-kirkwood/build/include/config/imq/behavior -#lib/modules/KVER-ipfire-kirkwood/build/include/config/imq/behavior/ab.h -#lib/modules/KVER-ipfire-kirkwood/build/include/config/imq/num -#lib/modules/KVER-ipfire-kirkwood/build/include/config/imq/num/devs.h #lib/modules/KVER-ipfire-kirkwood/build/include/config/inet #lib/modules/KVER-ipfire-kirkwood/build/include/config/inet.h #lib/modules/KVER-ipfire-kirkwood/build/include/config/inet/ah.h @@ -8455,7 +8449,6 @@ boot/vmlinuz-KVER-ipfire-kirkwood #lib/modules/KVER-ipfire-kirkwood/build/include/config/netfilter/xt/target/hl.h #lib/modules/KVER-ipfire-kirkwood/build/include/config/netfilter/xt/target/hmark.h #lib/modules/KVER-ipfire-kirkwood/build/include/config/netfilter/xt/target/idletimer.h -#lib/modules/KVER-ipfire-kirkwood/build/include/config/netfilter/xt/target/imq.h #lib/modules/KVER-ipfire-kirkwood/build/include/config/netfilter/xt/target/led.h #lib/modules/KVER-ipfire-kirkwood/build/include/config/netfilter/xt/target/log.h #lib/modules/KVER-ipfire-kirkwood/build/include/config/netfilter/xt/target/mark.h @@ -11454,7 +11447,6 @@ boot/vmlinuz-KVER-ipfire-kirkwood #lib/modules/KVER-ipfire-kirkwood/build/include/linux/iio/triggered_event.h #lib/modules/KVER-ipfire-kirkwood/build/include/linux/iio/types.h #lib/modules/KVER-ipfire-kirkwood/build/include/linux/ima.h -#lib/modules/KVER-ipfire-kirkwood/build/include/linux/imq.h #lib/modules/KVER-ipfire-kirkwood/build/include/linux/imx-media.h #lib/modules/KVER-ipfire-kirkwood/build/include/linux/in.h #lib/modules/KVER-ipfire-kirkwood/build/include/linux/in6.h @@ -12067,7 +12059,6 @@ boot/vmlinuz-KVER-ipfire-kirkwood #lib/modules/KVER-ipfire-kirkwood/build/include/linux/netfilter/nfnetlink.h #lib/modules/KVER-ipfire-kirkwood/build/include/linux/netfilter/nfnetlink_acct.h #lib/modules/KVER-ipfire-kirkwood/build/include/linux/netfilter/x_tables.h -#lib/modules/KVER-ipfire-kirkwood/build/include/linux/netfilter/xt_IMQ.h #lib/modules/KVER-ipfire-kirkwood/build/include/linux/netfilter/xt_hashlimit.h #lib/modules/KVER-ipfire-kirkwood/build/include/linux/netfilter/xt_physdev.h #lib/modules/KVER-ipfire-kirkwood/build/include/linux/netfilter_arp @@ -12081,11 +12072,9 @@ boot/vmlinuz-KVER-ipfire-kirkwood #lib/modules/KVER-ipfire-kirkwood/build/include/linux/netfilter_ipv4 #lib/modules/KVER-ipfire-kirkwood/build/include/linux/netfilter_ipv4.h #lib/modules/KVER-ipfire-kirkwood/build/include/linux/netfilter_ipv4/ip_tables.h -#lib/modules/KVER-ipfire-kirkwood/build/include/linux/netfilter_ipv4/ipt_IMQ.h #lib/modules/KVER-ipfire-kirkwood/build/include/linux/netfilter_ipv6 #lib/modules/KVER-ipfire-kirkwood/build/include/linux/netfilter_ipv6.h #lib/modules/KVER-ipfire-kirkwood/build/include/linux/netfilter_ipv6/ip6_tables.h -#lib/modules/KVER-ipfire-kirkwood/build/include/linux/netfilter_ipv6/ip6t_IMQ.h #lib/modules/KVER-ipfire-kirkwood/build/include/linux/netlink.h #lib/modules/KVER-ipfire-kirkwood/build/include/linux/netpoll.h #lib/modules/KVER-ipfire-kirkwood/build/include/linux/nfs.h @@ -17461,7 +17450,6 @@ lib/modules/KVER-ipfire-kirkwood/kernel #lib/modules/KVER-ipfire-kirkwood/kernel/drivers/net/ethernet/rocker/rocker.ko.xz #lib/modules/KVER-ipfire-kirkwood/kernel/drivers/net/geneve.ko.xz #lib/modules/KVER-ipfire-kirkwood/kernel/drivers/net/ifb.ko.xz -#lib/modules/KVER-ipfire-kirkwood/kernel/drivers/net/imq.ko.xz #lib/modules/KVER-ipfire-kirkwood/kernel/drivers/net/ipvlan #lib/modules/KVER-ipfire-kirkwood/kernel/drivers/net/ipvlan/ipvlan.ko.xz #lib/modules/KVER-ipfire-kirkwood/kernel/drivers/net/ipvlan/ipvtap.ko.xz @@ -18392,7 +18380,6 @@ lib/modules/KVER-ipfire-kirkwood/kernel #lib/modules/KVER-ipfire-kirkwood/kernel/net/netfilter/xt_HL.ko.xz #lib/modules/KVER-ipfire-kirkwood/kernel/net/netfilter/xt_HMARK.ko.xz #lib/modules/KVER-ipfire-kirkwood/kernel/net/netfilter/xt_IDLETIMER.ko.xz -#lib/modules/KVER-ipfire-kirkwood/kernel/net/netfilter/xt_IMQ.ko.xz #lib/modules/KVER-ipfire-kirkwood/kernel/net/netfilter/xt_LED.ko.xz #lib/modules/KVER-ipfire-kirkwood/kernel/net/netfilter/xt_LOG.ko.xz #lib/modules/KVER-ipfire-kirkwood/kernel/net/netfilter/xt_NETMAP.ko.xz diff --git a/config/rootfiles/common/armv5tel/linux-multi b/config/rootfiles/common/armv5tel/linux-multi index 08a5f601c..1e7a090d9 100644 --- a/config/rootfiles/common/armv5tel/linux-multi +++ b/config/rootfiles/common/armv5tel/linux-multi @@ -8353,12 +8353,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire-multi/build/include/config/iio/kfifo #lib/modules/KVER-ipfire-multi/build/include/config/iio/kfifo/buf.h #lib/modules/KVER-ipfire-multi/build/include/config/iio/trigger.h -#lib/modules/KVER-ipfire-multi/build/include/config/imq -#lib/modules/KVER-ipfire-multi/build/include/config/imq.h -#lib/modules/KVER-ipfire-multi/build/include/config/imq/behavior -#lib/modules/KVER-ipfire-multi/build/include/config/imq/behavior/ab.h -#lib/modules/KVER-ipfire-multi/build/include/config/imq/num -#lib/modules/KVER-ipfire-multi/build/include/config/imq/num/devs.h #lib/modules/KVER-ipfire-multi/build/include/config/imx #lib/modules/KVER-ipfire-multi/build/include/config/imx/dma.h #lib/modules/KVER-ipfire-multi/build/include/config/imx/gpcv2.h @@ -9588,7 +9582,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire-multi/build/include/config/netfilter/xt/target/hl.h #lib/modules/KVER-ipfire-multi/build/include/config/netfilter/xt/target/hmark.h #lib/modules/KVER-ipfire-multi/build/include/config/netfilter/xt/target/idletimer.h -#lib/modules/KVER-ipfire-multi/build/include/config/netfilter/xt/target/imq.h #lib/modules/KVER-ipfire-multi/build/include/config/netfilter/xt/target/led.h #lib/modules/KVER-ipfire-multi/build/include/config/netfilter/xt/target/log.h #lib/modules/KVER-ipfire-multi/build/include/config/netfilter/xt/target/mark.h @@ -13192,7 +13185,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire-multi/build/include/linux/iio/triggered_event.h #lib/modules/KVER-ipfire-multi/build/include/linux/iio/types.h #lib/modules/KVER-ipfire-multi/build/include/linux/ima.h -#lib/modules/KVER-ipfire-multi/build/include/linux/imq.h #lib/modules/KVER-ipfire-multi/build/include/linux/imx-media.h #lib/modules/KVER-ipfire-multi/build/include/linux/in.h #lib/modules/KVER-ipfire-multi/build/include/linux/in6.h @@ -13805,7 +13797,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire-multi/build/include/linux/netfilter/nfnetlink.h #lib/modules/KVER-ipfire-multi/build/include/linux/netfilter/nfnetlink_acct.h #lib/modules/KVER-ipfire-multi/build/include/linux/netfilter/x_tables.h -#lib/modules/KVER-ipfire-multi/build/include/linux/netfilter/xt_IMQ.h #lib/modules/KVER-ipfire-multi/build/include/linux/netfilter/xt_hashlimit.h #lib/modules/KVER-ipfire-multi/build/include/linux/netfilter/xt_physdev.h #lib/modules/KVER-ipfire-multi/build/include/linux/netfilter_arp @@ -13819,11 +13810,9 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire-multi/build/include/linux/netfilter_ipv4 #lib/modules/KVER-ipfire-multi/build/include/linux/netfilter_ipv4.h #lib/modules/KVER-ipfire-multi/build/include/linux/netfilter_ipv4/ip_tables.h -#lib/modules/KVER-ipfire-multi/build/include/linux/netfilter_ipv4/ipt_IMQ.h #lib/modules/KVER-ipfire-multi/build/include/linux/netfilter_ipv6 #lib/modules/KVER-ipfire-multi/build/include/linux/netfilter_ipv6.h #lib/modules/KVER-ipfire-multi/build/include/linux/netfilter_ipv6/ip6_tables.h -#lib/modules/KVER-ipfire-multi/build/include/linux/netfilter_ipv6/ip6t_IMQ.h #lib/modules/KVER-ipfire-multi/build/include/linux/netlink.h #lib/modules/KVER-ipfire-multi/build/include/linux/netpoll.h #lib/modules/KVER-ipfire-multi/build/include/linux/nfs.h @@ -19598,7 +19587,6 @@ lib/modules/KVER-ipfire-multi/kernel #lib/modules/KVER-ipfire-multi/kernel/drivers/net/ethernet/wiznet/w5300.ko.xz #lib/modules/KVER-ipfire-multi/kernel/drivers/net/geneve.ko.xz #lib/modules/KVER-ipfire-multi/kernel/drivers/net/ifb.ko.xz -#lib/modules/KVER-ipfire-multi/kernel/drivers/net/imq.ko.xz #lib/modules/KVER-ipfire-multi/kernel/drivers/net/ipvlan #lib/modules/KVER-ipfire-multi/kernel/drivers/net/ipvlan/ipvlan.ko.xz #lib/modules/KVER-ipfire-multi/kernel/drivers/net/ipvlan/ipvtap.ko.xz @@ -20588,7 +20576,6 @@ lib/modules/KVER-ipfire-multi/kernel #lib/modules/KVER-ipfire-multi/kernel/net/netfilter/xt_HL.ko.xz #lib/modules/KVER-ipfire-multi/kernel/net/netfilter/xt_HMARK.ko.xz #lib/modules/KVER-ipfire-multi/kernel/net/netfilter/xt_IDLETIMER.ko.xz -#lib/modules/KVER-ipfire-multi/kernel/net/netfilter/xt_IMQ.ko.xz #lib/modules/KVER-ipfire-multi/kernel/net/netfilter/xt_LED.ko.xz #lib/modules/KVER-ipfire-multi/kernel/net/netfilter/xt_LOG.ko.xz #lib/modules/KVER-ipfire-multi/kernel/net/netfilter/xt_NETMAP.ko.xz diff --git a/config/rootfiles/common/i586/linux b/config/rootfiles/common/i586/linux index 1a1ca83a7..1fe01233f 100644 --- a/config/rootfiles/common/i586/linux +++ b/config/rootfiles/common/i586/linux @@ -8187,12 +8187,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/config/illegal #lib/modules/KVER-ipfire/build/include/config/illegal/pointer #lib/modules/KVER-ipfire/build/include/config/illegal/pointer/value.h -#lib/modules/KVER-ipfire/build/include/config/imq -#lib/modules/KVER-ipfire/build/include/config/imq.h -#lib/modules/KVER-ipfire/build/include/config/imq/behavior -#lib/modules/KVER-ipfire/build/include/config/imq/behavior/ab.h -#lib/modules/KVER-ipfire/build/include/config/imq/num -#lib/modules/KVER-ipfire/build/include/config/imq/num/devs.h #lib/modules/KVER-ipfire/build/include/config/inet #lib/modules/KVER-ipfire/build/include/config/inet.h #lib/modules/KVER-ipfire/build/include/config/inet/ah.h @@ -9472,7 +9466,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/hl.h #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/hmark.h #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/idletimer.h -#lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/imq.h #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/led.h #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/log.h #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/mark.h @@ -13456,7 +13449,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/linux/iio/triggered_event.h #lib/modules/KVER-ipfire/build/include/linux/iio/types.h #lib/modules/KVER-ipfire/build/include/linux/ima.h -#lib/modules/KVER-ipfire/build/include/linux/imq.h #lib/modules/KVER-ipfire/build/include/linux/imx-media.h #lib/modules/KVER-ipfire/build/include/linux/in.h #lib/modules/KVER-ipfire/build/include/linux/in6.h @@ -14069,7 +14061,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/linux/netfilter/nfnetlink.h #lib/modules/KVER-ipfire/build/include/linux/netfilter/nfnetlink_acct.h #lib/modules/KVER-ipfire/build/include/linux/netfilter/x_tables.h -#lib/modules/KVER-ipfire/build/include/linux/netfilter/xt_IMQ.h #lib/modules/KVER-ipfire/build/include/linux/netfilter/xt_hashlimit.h #lib/modules/KVER-ipfire/build/include/linux/netfilter/xt_physdev.h #lib/modules/KVER-ipfire/build/include/linux/netfilter_arp @@ -14083,11 +14074,9 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv4 #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv4.h #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv4/ip_tables.h -#lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv4/ipt_IMQ.h #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv6 #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv6.h #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv6/ip6_tables.h -#lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv6/ip6t_IMQ.h #lib/modules/KVER-ipfire/build/include/linux/netlink.h #lib/modules/KVER-ipfire/build/include/linux/netpoll.h #lib/modules/KVER-ipfire/build/include/linux/nfs.h @@ -20196,7 +20185,6 @@ lib/modules/KVER-ipfire/kernel #lib/modules/KVER-ipfire/kernel/drivers/net/hyperv #lib/modules/KVER-ipfire/kernel/drivers/net/hyperv/hv_netvsc.ko.xz #lib/modules/KVER-ipfire/kernel/drivers/net/ifb.ko.xz -#lib/modules/KVER-ipfire/kernel/drivers/net/imq.ko.xz #lib/modules/KVER-ipfire/kernel/drivers/net/ipvlan #lib/modules/KVER-ipfire/kernel/drivers/net/ipvlan/ipvlan.ko.xz #lib/modules/KVER-ipfire/kernel/drivers/net/ipvlan/ipvtap.ko.xz @@ -21531,7 +21519,6 @@ lib/modules/KVER-ipfire/kernel #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_HL.ko.xz #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_HMARK.ko.xz #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_IDLETIMER.ko.xz -#lib/modules/KVER-ipfire/kernel/net/netfilter/xt_IMQ.ko.xz #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_LED.ko.xz #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_LOG.ko.xz #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_NETMAP.ko.xz diff --git a/config/rootfiles/common/iptables b/config/rootfiles/common/iptables index 389518646..0f8f1cf8c 100644 --- a/config/rootfiles/common/iptables +++ b/config/rootfiles/common/iptables @@ -64,7 +64,6 @@ lib/xtables/libxt_CT.so lib/xtables/libxt_DSCP.so lib/xtables/libxt_HMARK.so lib/xtables/libxt_IDLETIMER.so -lib/xtables/libxt_IMQ.so lib/xtables/libxt_LED.so lib/xtables/libxt_MARK.so lib/xtables/libxt_NFLOG.so diff --git a/config/rootfiles/common/x86_64/linux b/config/rootfiles/common/x86_64/linux index 755d7627a..68f907faa 100644 --- a/config/rootfiles/common/x86_64/linux +++ b/config/rootfiles/common/x86_64/linux @@ -8265,12 +8265,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/config/illegal #lib/modules/KVER-ipfire/build/include/config/illegal/pointer #lib/modules/KVER-ipfire/build/include/config/illegal/pointer/value.h -#lib/modules/KVER-ipfire/build/include/config/imq -#lib/modules/KVER-ipfire/build/include/config/imq.h -#lib/modules/KVER-ipfire/build/include/config/imq/behavior -#lib/modules/KVER-ipfire/build/include/config/imq/behavior/ab.h -#lib/modules/KVER-ipfire/build/include/config/imq/num -#lib/modules/KVER-ipfire/build/include/config/imq/num/devs.h #lib/modules/KVER-ipfire/build/include/config/inet #lib/modules/KVER-ipfire/build/include/config/inet.h #lib/modules/KVER-ipfire/build/include/config/inet/ah.h @@ -9529,7 +9523,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/hl.h #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/hmark.h #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/idletimer.h -#lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/imq.h #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/led.h #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/log.h #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/mark.h @@ -13471,7 +13464,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/linux/iio/triggered_event.h #lib/modules/KVER-ipfire/build/include/linux/iio/types.h #lib/modules/KVER-ipfire/build/include/linux/ima.h -#lib/modules/KVER-ipfire/build/include/linux/imq.h #lib/modules/KVER-ipfire/build/include/linux/imx-media.h #lib/modules/KVER-ipfire/build/include/linux/in.h #lib/modules/KVER-ipfire/build/include/linux/in6.h @@ -14084,7 +14076,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/linux/netfilter/nfnetlink.h #lib/modules/KVER-ipfire/build/include/linux/netfilter/nfnetlink_acct.h #lib/modules/KVER-ipfire/build/include/linux/netfilter/x_tables.h -#lib/modules/KVER-ipfire/build/include/linux/netfilter/xt_IMQ.h #lib/modules/KVER-ipfire/build/include/linux/netfilter/xt_hashlimit.h #lib/modules/KVER-ipfire/build/include/linux/netfilter/xt_physdev.h #lib/modules/KVER-ipfire/build/include/linux/netfilter_arp @@ -14098,11 +14089,9 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv4 #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv4.h #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv4/ip_tables.h -#lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv4/ipt_IMQ.h #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv6 #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv6.h #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv6/ip6_tables.h -#lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv6/ip6t_IMQ.h #lib/modules/KVER-ipfire/build/include/linux/netlink.h #lib/modules/KVER-ipfire/build/include/linux/netpoll.h #lib/modules/KVER-ipfire/build/include/linux/nfs.h @@ -20209,7 +20198,6 @@ lib/modules/KVER-ipfire/kernel #lib/modules/KVER-ipfire/kernel/drivers/net/hyperv #lib/modules/KVER-ipfire/kernel/drivers/net/hyperv/hv_netvsc.ko.xz #lib/modules/KVER-ipfire/kernel/drivers/net/ifb.ko.xz -#lib/modules/KVER-ipfire/kernel/drivers/net/imq.ko.xz #lib/modules/KVER-ipfire/kernel/drivers/net/ipvlan #lib/modules/KVER-ipfire/kernel/drivers/net/ipvlan/ipvlan.ko.xz #lib/modules/KVER-ipfire/kernel/drivers/net/ipvlan/ipvtap.ko.xz @@ -21522,7 +21510,6 @@ lib/modules/KVER-ipfire/kernel #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_HL.ko.xz #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_HMARK.ko.xz #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_IDLETIMER.ko.xz -#lib/modules/KVER-ipfire/kernel/net/netfilter/xt_IMQ.ko.xz #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_LED.ko.xz #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_LOG.ko.xz #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_NETMAP.ko.xz diff --git a/config/rootfiles/packages/linux-pae b/config/rootfiles/packages/linux-pae index 590595828..f3966ce75 100644 --- a/config/rootfiles/packages/linux-pae +++ b/config/rootfiles/packages/linux-pae @@ -8189,12 +8189,6 @@ boot/vmlinuz-KVER-ipfire-pae #lib/modules/KVER-ipfire-pae/build/include/config/illegal #lib/modules/KVER-ipfire-pae/build/include/config/illegal/pointer #lib/modules/KVER-ipfire-pae/build/include/config/illegal/pointer/value.h -#lib/modules/KVER-ipfire-pae/build/include/config/imq -#lib/modules/KVER-ipfire-pae/build/include/config/imq.h -#lib/modules/KVER-ipfire-pae/build/include/config/imq/behavior -#lib/modules/KVER-ipfire-pae/build/include/config/imq/behavior/ab.h -#lib/modules/KVER-ipfire-pae/build/include/config/imq/num -#lib/modules/KVER-ipfire-pae/build/include/config/imq/num/devs.h #lib/modules/KVER-ipfire-pae/build/include/config/inet #lib/modules/KVER-ipfire-pae/build/include/config/inet.h #lib/modules/KVER-ipfire-pae/build/include/config/inet/ah.h @@ -9474,7 +9468,6 @@ boot/vmlinuz-KVER-ipfire-pae #lib/modules/KVER-ipfire-pae/build/include/config/netfilter/xt/target/hl.h #lib/modules/KVER-ipfire-pae/build/include/config/netfilter/xt/target/hmark.h #lib/modules/KVER-ipfire-pae/build/include/config/netfilter/xt/target/idletimer.h -#lib/modules/KVER-ipfire-pae/build/include/config/netfilter/xt/target/imq.h #lib/modules/KVER-ipfire-pae/build/include/config/netfilter/xt/target/led.h #lib/modules/KVER-ipfire-pae/build/include/config/netfilter/xt/target/log.h #lib/modules/KVER-ipfire-pae/build/include/config/netfilter/xt/target/mark.h @@ -13526,7 +13519,6 @@ boot/vmlinuz-KVER-ipfire-pae #lib/modules/KVER-ipfire-pae/build/include/linux/iio/triggered_event.h #lib/modules/KVER-ipfire-pae/build/include/linux/iio/types.h #lib/modules/KVER-ipfire-pae/build/include/linux/ima.h -#lib/modules/KVER-ipfire-pae/build/include/linux/imq.h #lib/modules/KVER-ipfire-pae/build/include/linux/imx-media.h #lib/modules/KVER-ipfire-pae/build/include/linux/in.h #lib/modules/KVER-ipfire-pae/build/include/linux/in6.h @@ -14139,7 +14131,6 @@ boot/vmlinuz-KVER-ipfire-pae #lib/modules/KVER-ipfire-pae/build/include/linux/netfilter/nfnetlink.h #lib/modules/KVER-ipfire-pae/build/include/linux/netfilter/nfnetlink_acct.h #lib/modules/KVER-ipfire-pae/build/include/linux/netfilter/x_tables.h -#lib/modules/KVER-ipfire-pae/build/include/linux/netfilter/xt_IMQ.h #lib/modules/KVER-ipfire-pae/build/include/linux/netfilter/xt_hashlimit.h #lib/modules/KVER-ipfire-pae/build/include/linux/netfilter/xt_physdev.h #lib/modules/KVER-ipfire-pae/build/include/linux/netfilter_arp @@ -14153,11 +14144,9 @@ boot/vmlinuz-KVER-ipfire-pae #lib/modules/KVER-ipfire-pae/build/include/linux/netfilter_ipv4 #lib/modules/KVER-ipfire-pae/build/include/linux/netfilter_ipv4.h #lib/modules/KVER-ipfire-pae/build/include/linux/netfilter_ipv4/ip_tables.h -#lib/modules/KVER-ipfire-pae/build/include/linux/netfilter_ipv4/ipt_IMQ.h #lib/modules/KVER-ipfire-pae/build/include/linux/netfilter_ipv6 #lib/modules/KVER-ipfire-pae/build/include/linux/netfilter_ipv6.h #lib/modules/KVER-ipfire-pae/build/include/linux/netfilter_ipv6/ip6_tables.h -#lib/modules/KVER-ipfire-pae/build/include/linux/netfilter_ipv6/ip6t_IMQ.h #lib/modules/KVER-ipfire-pae/build/include/linux/netlink.h #lib/modules/KVER-ipfire-pae/build/include/linux/netpoll.h #lib/modules/KVER-ipfire-pae/build/include/linux/nfs.h @@ -20267,7 +20256,6 @@ lib/modules/KVER-ipfire-pae/kernel #lib/modules/KVER-ipfire-pae/kernel/drivers/net/hyperv #lib/modules/KVER-ipfire-pae/kernel/drivers/net/hyperv/hv_netvsc.ko.xz #lib/modules/KVER-ipfire-pae/kernel/drivers/net/ifb.ko.xz -#lib/modules/KVER-ipfire-pae/kernel/drivers/net/imq.ko.xz #lib/modules/KVER-ipfire-pae/kernel/drivers/net/ipvlan #lib/modules/KVER-ipfire-pae/kernel/drivers/net/ipvlan/ipvlan.ko.xz #lib/modules/KVER-ipfire-pae/kernel/drivers/net/ipvlan/ipvtap.ko.xz @@ -21618,7 +21606,6 @@ lib/modules/KVER-ipfire-pae/kernel #lib/modules/KVER-ipfire-pae/kernel/net/netfilter/xt_HL.ko.xz #lib/modules/KVER-ipfire-pae/kernel/net/netfilter/xt_HMARK.ko.xz #lib/modules/KVER-ipfire-pae/kernel/net/netfilter/xt_IDLETIMER.ko.xz -#lib/modules/KVER-ipfire-pae/kernel/net/netfilter/xt_IMQ.ko.xz #lib/modules/KVER-ipfire-pae/kernel/net/netfilter/xt_LED.ko.xz #lib/modules/KVER-ipfire-pae/kernel/net/netfilter/xt_LOG.ko.xz #lib/modules/KVER-ipfire-pae/kernel/net/netfilter/xt_NETMAP.ko.xz diff --git a/lfs/iptables b/lfs/iptables index b91e41797..e2012ecb6 100644 --- a/lfs/iptables +++ b/lfs/iptables @@ -79,9 +79,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && cp -vf $(DIR_SRC)/netfilter-layer7-v2.23/iptables-1.4.3forward-for-kernel-2.6.20forward/* \ ./extensions/
- # imq - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/iptables-1.4.12-IMQ-test4.diff - cd $(DIR_APP) && ./configure \ --prefix=/usr \ --libdir=/lib \ diff --git a/lfs/linux b/lfs/linux index 36f2d0ac2..c8bcdbb97 100644 --- a/lfs/linux +++ b/lfs/linux @@ -118,9 +118,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
ln -svf linux-$(VER) $(DIR_SRC)/linux
- # Linux Intermediate Queueing Device - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-4.14-imq.diff - # Layer7-patch cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-4.14-layer7.patch
diff --git a/src/patches/iptables-1.4.12-IMQ-test4.diff b/src/patches/iptables-1.4.12-IMQ-test4.diff deleted file mode 100644 index 5ce17e1b4..000000000 --- a/src/patches/iptables-1.4.12-IMQ-test4.diff +++ /dev/null @@ -1,141 +0,0 @@ -diff -Naur iptables-1.4.12.1/extensions/libxt_IMQ.c iptables-1.4.12.1-imq/extensions/libxt_IMQ.c ---- iptables-1.4.12.1/extensions/libxt_IMQ.c 1970-01-01 02:00:00.000000000 +0200 -+++ iptables-1.4.12.1-imq/extensions/libxt_IMQ.c 2011-09-30 13:53:21.000000000 +0300 -@@ -0,0 +1,105 @@ -+/* Shared library add-on to iptables to add IMQ target support. */ -+#include <stdio.h> -+#include <string.h> -+#include <stdlib.h> -+#include <getopt.h> -+ -+#include <xtables.h> -+#include <linux/netfilter/x_tables.h> -+#include <linux/netfilter/xt_IMQ.h> -+ -+/* Function which prints out usage message. */ -+static void IMQ_help(void) -+{ -+ printf( -+"IMQ target options:\n" -+" --todev <N> enqueue to imq<N>, defaults to 0\n"); -+ -+} -+ -+static struct option IMQ_opts[] = { -+ { "todev", 1, 0, '1' }, -+ { 0 } -+}; -+ -+/* Initialize the target. */ -+static void IMQ_init(struct xt_entry_target *t) -+{ -+ struct xt_imq_info *mr = (struct xt_imq_info*)t->data; -+ -+ mr->todev = 0; -+} -+ -+/* Function which parses command options; returns true if it -+ ate an option */ -+static int IMQ_parse(int c, char **argv, int invert, unsigned int *flags, -+ const void *entry, struct xt_entry_target **target) -+{ -+ struct xt_imq_info *mr = (struct xt_imq_info*)(*target)->data; -+ -+ switch(c) { -+ case '1': -+/* if (xtables_check_inverse(optarg, &invert, NULL, 0, argv)) -+ xtables_error(PARAMETER_PROBLEM, -+ "Unexpected `!' after --todev"); -+*/ -+ mr->todev=atoi(optarg); -+ break; -+ -+ default: -+ return 0; -+ } -+ return 1; -+} -+ -+/* Prints out the targinfo. */ -+static void IMQ_print(const void *ip, -+ const struct xt_entry_target *target, -+ int numeric) -+{ -+ struct xt_imq_info *mr = (struct xt_imq_info*)target->data; -+ -+ printf("IMQ: todev %u ", mr->todev); -+} -+ -+/* Saves the union ipt_targinfo in parsable form to stdout. */ -+static void IMQ_save(const void *ip, const struct xt_entry_target *target) -+{ -+ struct xt_imq_info *mr = (struct xt_imq_info*)target->data; -+ -+ printf(" --todev %u", mr->todev); -+} -+ -+static struct xtables_target imq_target = { -+ .name = "IMQ", -+ .version = XTABLES_VERSION, -+ .family = NFPROTO_IPV4, -+ .size = XT_ALIGN(sizeof(struct xt_imq_info)), -+ .userspacesize = XT_ALIGN(sizeof(struct xt_imq_info)), -+ .help = IMQ_help, -+ .init = IMQ_init, -+ .parse = IMQ_parse, -+ .print = IMQ_print, -+ .save = IMQ_save, -+ .extra_opts = IMQ_opts, -+}; -+ -+static struct xtables_target imq_target6 = { -+ .name = "IMQ", -+ .version = XTABLES_VERSION, -+ .family = NFPROTO_IPV6, -+ .size = XT_ALIGN(sizeof(struct xt_imq_info)), -+ .userspacesize = XT_ALIGN(sizeof(struct xt_imq_info)), -+ .help = IMQ_help, -+ .init = IMQ_init, -+ .parse = IMQ_parse, -+ .print = IMQ_print, -+ .save = IMQ_save, -+ .extra_opts = IMQ_opts, -+}; -+ -+// void __attribute((constructor)) nf_ext_init(void){ -+void _init(void){ -+ xtables_register_target(&imq_target); -+ xtables_register_target(&imq_target6); -+} -diff -Naur iptables-1.4.12.1/extensions/libxt_IMQ.man iptables-1.4.12.1-imq/extensions/libxt_IMQ.man ---- iptables-1.4.12.1/extensions/libxt_IMQ.man 1970-01-01 02:00:00.000000000 +0200 -+++ iptables-1.4.12.1-imq/extensions/libxt_IMQ.man 2011-09-30 13:53:21.000000000 +0300 -@@ -0,0 +1,15 @@ -+This target is used to redirect the traffic to the IMQ driver and you can apply -+QoS rules like HTB or CBQ. -+For example you can select only traffic comming from a specific interface or -+is going out on a specific interface. -+Also it permits to capture the traffic BEFORE NAT in the case of outgoing traffic -+or AFTER NAT in the case of incomming traffic. -+.TP -+\fB--to-dev\fP \fIvalue\fP -+Set the IMQ interface where to send this traffic -+.TP -+Example: -+.TP -+Redirect incomming traffic from interface eth0 to imq0 and outgoing traffic to imq1: -+iptables -t mangle -A FORWARD -i eth0 -j IMQ --to-dev 0 -+iptables -t mangle -A FORWARD -o eth0 -j IMQ --to-dev 1 -diff -Naur iptables-1.4.12.1/include/linux/netfilter/xt_IMQ.h iptables-1.4.12.1-imq/include/linux/netfilter/xt_IMQ.h ---- iptables-1.4.12.1/include/linux/netfilter/xt_IMQ.h 1970-01-01 02:00:00.000000000 +0200 -+++ iptables-1.4.12.1-imq/include/linux/netfilter/xt_IMQ.h 2011-09-30 13:53:21.000000000 +0300 -@@ -0,0 +1,9 @@ -+#ifndef _XT_IMQ_H -+#define _XT_IMQ_H -+ -+struct xt_imq_info { -+ unsigned int todev; /* target imq device */ -+}; -+ -+#endif /* _XT_IMQ_H */ -+ diff --git a/src/patches/linux/linux-4.14-imq.diff b/src/patches/linux/linux-4.14-imq.diff deleted file mode 100644 index 0281bf6e4..000000000 --- a/src/patches/linux/linux-4.14-imq.diff +++ /dev/null @@ -1,1759 +0,0 @@ -diff -Naupr linux-4.14_orig/drivers/net/imq.c linux-4.14/drivers/net/imq.c ---- linux-4.14_orig/drivers/net/imq.c 1970-01-01 07:00:00.000000000 +0700 -+++ linux-4.14/drivers/net/imq.c 2017-11-13 11:46:45.844089945 +0700 -@@ -0,0 +1,962 @@ -+/* -+ * Pseudo-driver for the intermediate queue device. -+ * -+ * This program is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU General Public License -+ * as published by the Free Software Foundation; either version -+ * 2 of the License, or (at your option) any later version. -+ * -+ * Authors: Patrick McHardy, kaber@trash.net -+ * -+ * The first version was written by Martin Devera, devik@cdi.cz -+ * -+ * See Credits.txt -+ */ -+ -+#include <linux/module.h> -+#include <linux/kernel.h> -+#include <linux/moduleparam.h> -+#include <linux/list.h> -+#include <linux/skbuff.h> -+#include <linux/netdevice.h> -+#include <linux/etherdevice.h> -+#include <linux/rtnetlink.h> -+#include <linux/if_arp.h> -+#include <linux/netfilter.h> -+#include <linux/netfilter_ipv4.h> -+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) -+#include <linux/netfilter_ipv6.h> -+#endif -+#include <linux/imq.h> -+#include <net/pkt_sched.h> -+#include <net/netfilter/nf_queue.h> -+#include <net/sock.h> -+#include <linux/ip.h> -+#include <linux/ipv6.h> -+#include <linux/if_vlan.h> -+#include <linux/if_pppox.h> -+#include <net/ip.h> -+#include <net/ipv6.h> -+ -+static int imq_nf_queue(struct nf_queue_entry *entry, unsigned queue_num); -+ -+static nf_hookfn imq_nf_hook; -+ -+static struct nf_hook_ops imq_ops[] = { -+ { -+ /* imq_ingress_ipv4 */ -+ .hook = imq_nf_hook, -+ .pf = PF_INET, -+ .hooknum = NF_INET_PRE_ROUTING, -+#if defined(CONFIG_IMQ_BEHAVIOR_BA) || defined(CONFIG_IMQ_BEHAVIOR_BB) -+ .priority = NF_IP_PRI_MANGLE + 1, -+#else -+ .priority = NF_IP_PRI_NAT_DST + 1, -+#endif -+ }, -+ { -+ /* imq_egress_ipv4 */ -+ .hook = imq_nf_hook, -+ .pf = PF_INET, -+ .hooknum = NF_INET_POST_ROUTING, -+#if defined(CONFIG_IMQ_BEHAVIOR_AA) || defined(CONFIG_IMQ_BEHAVIOR_BA) -+ .priority = NF_IP_PRI_LAST, -+#else -+ .priority = NF_IP_PRI_NAT_SRC - 1, -+#endif -+ }, -+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) -+ { -+ /* imq_ingress_ipv6 */ -+ .hook = imq_nf_hook, -+ .pf = PF_INET6, -+ .hooknum = NF_INET_PRE_ROUTING, -+#if defined(CONFIG_IMQ_BEHAVIOR_BA) || defined(CONFIG_IMQ_BEHAVIOR_BB) -+ .priority = NF_IP6_PRI_MANGLE + 1, -+#else -+ .priority = NF_IP6_PRI_NAT_DST + 1, -+#endif -+ }, -+ { -+ /* imq_egress_ipv6 */ -+ .hook = imq_nf_hook, -+ .pf = PF_INET6, -+ .hooknum = NF_INET_POST_ROUTING, -+#if defined(CONFIG_IMQ_BEHAVIOR_AA) || defined(CONFIG_IMQ_BEHAVIOR_BA) -+ .priority = NF_IP6_PRI_LAST, -+#else -+ .priority = NF_IP6_PRI_NAT_SRC - 1, -+#endif -+ }, -+#endif -+}; -+ -+#if defined(CONFIG_IMQ_NUM_DEVS) -+static int numdevs = CONFIG_IMQ_NUM_DEVS; -+#else -+static int numdevs = IMQ_MAX_DEVS; -+#endif -+ -+static struct net_device *imq_devs_cache[IMQ_MAX_DEVS]; -+ -+#define IMQ_MAX_QUEUES 32 -+static int numqueues = 1; -+static u32 imq_hashrnd; -+static int imq_dev_accurate_stats = 1; -+ -+static inline __be16 pppoe_proto(const struct sk_buff *skb) -+{ -+ return *((__be16 *)(skb_mac_header(skb) + ETH_HLEN + -+ sizeof(struct pppoe_hdr))); -+} -+ -+static u16 imq_hash(struct net_device *dev, struct sk_buff *skb) -+{ -+ unsigned int pull_len; -+ u16 protocol = skb->protocol; -+ u32 addr1, addr2; -+ u32 hash, ihl = 0; -+ union { -+ u16 in16[2]; -+ u32 in32; -+ } ports; -+ u8 ip_proto; -+ -+ pull_len = 0; -+ -+recheck: -+ switch (protocol) { -+ case htons(ETH_P_8021Q): { -+ if (unlikely(skb_pull(skb, VLAN_HLEN) == NULL)) -+ goto other; -+ -+ pull_len += VLAN_HLEN; -+ skb->network_header += VLAN_HLEN; -+ -+ protocol = vlan_eth_hdr(skb)->h_vlan_encapsulated_proto; -+ goto recheck; -+ } -+ -+ case htons(ETH_P_PPP_SES): { -+ if (unlikely(skb_pull(skb, PPPOE_SES_HLEN) == NULL)) -+ goto other; -+ -+ pull_len += PPPOE_SES_HLEN; -+ skb->network_header += PPPOE_SES_HLEN; -+ -+ protocol = pppoe_proto(skb); -+ goto recheck; -+ } -+ -+ case htons(ETH_P_IP): { -+ const struct iphdr *iph = ip_hdr(skb); -+ -+ if (unlikely(!pskb_may_pull(skb, sizeof(struct iphdr)))) -+ goto other; -+ -+ addr1 = iph->daddr; -+ addr2 = iph->saddr; -+ -+ ip_proto = !(ip_hdr(skb)->frag_off & htons(IP_MF | IP_OFFSET)) ? -+ iph->protocol : 0; -+ ihl = ip_hdrlen(skb); -+ -+ break; -+ } -+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) -+ case htons(ETH_P_IPV6): { -+ const struct ipv6hdr *iph = ipv6_hdr(skb); -+ __be16 fo = 0; -+ -+ if (unlikely(!pskb_may_pull(skb, sizeof(struct ipv6hdr)))) -+ goto other; -+ -+ addr1 = iph->daddr.s6_addr32[3]; -+ addr2 = iph->saddr.s6_addr32[3]; -+ ihl = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr), &ip_proto, -+ &fo); -+ if (unlikely(ihl < 0)) -+ goto other; -+ -+ break; -+ } -+#endif -+ default: -+other: -+ if (pull_len != 0) { -+ skb_push(skb, pull_len); -+ skb->network_header -= pull_len; -+ } -+ -+ return (u16)(ntohs(protocol) % dev->real_num_tx_queues); -+ } -+ -+ if (addr1 > addr2) -+ swap(addr1, addr2); -+ -+ switch (ip_proto) { -+ case IPPROTO_TCP: -+ case IPPROTO_UDP: -+ case IPPROTO_DCCP: -+ case IPPROTO_ESP: -+ case IPPROTO_AH: -+ case IPPROTO_SCTP: -+ case IPPROTO_UDPLITE: { -+ if (likely(skb_copy_bits(skb, ihl, &ports.in32, 4) >= 0)) { -+ if (ports.in16[0] > ports.in16[1]) -+ swap(ports.in16[0], ports.in16[1]); -+ break; -+ } -+ /* fall-through */ -+ } -+ default: -+ ports.in32 = 0; -+ break; -+ } -+ -+ if (pull_len != 0) { -+ skb_push(skb, pull_len); -+ skb->network_header -= pull_len; -+ } -+ -+ hash = jhash_3words(addr1, addr2, ports.in32, imq_hashrnd ^ ip_proto); -+ -+ return (u16)(((u64)hash * dev->real_num_tx_queues) >> 32); -+} -+ -+static inline bool sk_tx_queue_recorded(struct sock *sk) -+{ -+ return (sk_tx_queue_get(sk) >= 0); -+} -+ -+static struct netdev_queue *imq_select_queue(struct net_device *dev, -+ struct sk_buff *skb) -+{ -+ u16 queue_index = 0; -+ u32 hash; -+ -+ if (likely(dev->real_num_tx_queues == 1)) -+ goto out; -+ -+ /* IMQ can be receiving ingress or engress packets. */ -+ -+ /* Check first for if rx_queue is set */ -+ if (skb_rx_queue_recorded(skb)) { -+ queue_index = skb_get_rx_queue(skb); -+ goto out; -+ } -+ -+ /* Check if socket has tx_queue set */ -+ if (sk_tx_queue_recorded(skb->sk)) { -+ queue_index = sk_tx_queue_get(skb->sk); -+ goto out; -+ } -+ -+ /* Try use socket hash */ -+ if (skb->sk && skb->sk->sk_hash) { -+ hash = skb->sk->sk_hash; -+ queue_index = -+ (u16)(((u64)hash * dev->real_num_tx_queues) >> 32); -+ goto out; -+ } -+ -+ /* Generate hash from packet data */ -+ queue_index = imq_hash(dev, skb); -+ -+out: -+ if (unlikely(queue_index >= dev->real_num_tx_queues)) -+ queue_index = (u16)((u32)queue_index % dev->real_num_tx_queues); -+ -+ skb_set_queue_mapping(skb, queue_index); -+ return netdev_get_tx_queue(dev, queue_index); -+} -+ -+static struct net_device_stats *imq_get_stats(struct net_device *dev) -+{ -+ return &dev->stats; -+} -+ -+/* called for packets kfree'd in qdiscs at places other than enqueue */ -+static void imq_skb_destructor(struct sk_buff *skb) -+{ -+ struct nf_queue_entry *entry = skb->nf_queue_entry; -+ -+ skb->nf_queue_entry = NULL; -+ -+ if (entry) { -+ nf_queue_entry_release_refs(entry); -+ kfree(entry); -+ } -+ -+ skb_restore_cb(skb); /* kfree backup */ -+} -+ -+static void imq_done_check_queue_mapping(struct sk_buff *skb, -+ struct net_device *dev) -+{ -+ unsigned int queue_index; -+ -+ /* Don't let queue_mapping be left too large after exiting IMQ */ -+ if (likely(skb->dev != dev && skb->dev != NULL)) { -+ queue_index = skb_get_queue_mapping(skb); -+ if (unlikely(queue_index >= skb->dev->real_num_tx_queues)) { -+ queue_index = (u16)((u32)queue_index % -+ skb->dev->real_num_tx_queues); -+ skb_set_queue_mapping(skb, queue_index); -+ } -+ } else { -+ /* skb->dev was IMQ device itself or NULL, be on safe side and -+ * just clear queue mapping. -+ */ -+ skb_set_queue_mapping(skb, 0); -+ } -+} -+ -+static netdev_tx_t imq_dev_xmit(struct sk_buff *skb, struct net_device *dev) -+{ -+ struct nf_queue_entry *entry = skb->nf_queue_entry; -+ -+ rcu_read_lock(); -+ -+ skb->nf_queue_entry = NULL; -+ netif_trans_update(dev); -+ -+ dev->stats.tx_bytes += skb->len; -+ dev->stats.tx_packets++; -+ -+ if (unlikely(entry == NULL)) { -+ /* We don't know what is going on here.. packet is queued for -+ * imq device, but (probably) not by us. -+ * -+ * If this packet was not send here by imq_nf_queue(), then -+ * skb_save_cb() was not used and skb_free() should not show: -+ * WARNING: IMQ: kfree_skb: skb->cb_next:.. -+ * and/or -+ * WARNING: IMQ: kfree_skb: skb->nf_queue_entry... -+ * -+ * However if this message is shown, then IMQ is somehow broken -+ * and you should report this to linuximq.net. -+ */ -+ -+ /* imq_dev_xmit is black hole that eats all packets, report that -+ * we eat this packet happily and increase dropped counters. -+ */ -+ -+ dev->stats.tx_dropped++; -+ dev_kfree_skb(skb); -+ -+ rcu_read_unlock(); -+ return NETDEV_TX_OK; -+ } -+ -+ skb_restore_cb(skb); /* restore skb->cb */ -+ -+ skb->imq_flags = 0; -+ skb->destructor = NULL; -+ -+ imq_done_check_queue_mapping(skb, dev); -+ -+ nf_reinject(entry, NF_ACCEPT); -+ -+ rcu_read_unlock(); -+ return NETDEV_TX_OK; -+} -+ -+static struct net_device *get_imq_device_by_index(int index) -+{ -+ struct net_device *dev = NULL; -+ struct net *net; -+ char buf[8]; -+ -+ /* get device by name and cache result */ -+ snprintf(buf, sizeof(buf), "imq%d", index); -+ -+ /* Search device from all namespaces. */ -+ for_each_net(net) { -+ dev = dev_get_by_name(net, buf); -+ if (dev) -+ break; -+ } -+ -+ if (WARN_ON_ONCE(dev == NULL)) { -+ /* IMQ device not found. Exotic config? */ -+ return ERR_PTR(-ENODEV); -+ } -+ -+ imq_devs_cache[index] = dev; -+ dev_put(dev); -+ -+ return dev; -+} -+ -+static struct nf_queue_entry *nf_queue_entry_dup(struct nf_queue_entry *e) -+{ -+ struct nf_queue_entry *entry = kmemdup(e, e->size, GFP_ATOMIC); -+ if (entry) { -+ nf_queue_entry_get_refs(entry); -+ return entry; -+ } -+ return NULL; -+} -+ -+#ifdef CONFIG_BRIDGE_NETFILTER -+/* When called from bridge netfilter, skb->data must point to MAC header -+ * before calling skb_gso_segment(). Else, original MAC header is lost -+ * and segmented skbs will be sent to wrong destination. -+ */ -+static void nf_bridge_adjust_skb_data(struct sk_buff *skb) -+{ -+ if (skb->nf_bridge) -+ __skb_push(skb, skb->network_header - skb->mac_header); -+} -+ -+static void nf_bridge_adjust_segmented_data(struct sk_buff *skb) -+{ -+ if (skb->nf_bridge) -+ __skb_pull(skb, skb->network_header - skb->mac_header); -+} -+#else -+#define nf_bridge_adjust_skb_data(s) do {} while (0) -+#define nf_bridge_adjust_segmented_data(s) do {} while (0) -+#endif -+ -+static void free_entry(struct nf_queue_entry *entry) -+{ -+ nf_queue_entry_release_refs(entry); -+ kfree(entry); -+} -+ -+static int __imq_nf_queue(struct nf_queue_entry *entry, struct net_device *dev); -+ -+static int __imq_nf_queue_gso(struct nf_queue_entry *entry, -+ struct net_device *dev, struct sk_buff *skb) -+{ -+ int ret = -ENOMEM; -+ struct nf_queue_entry *entry_seg; -+ -+ nf_bridge_adjust_segmented_data(skb); -+ -+ if (skb->next == NULL) { /* last packet, no need to copy entry */ -+ struct sk_buff *gso_skb = entry->skb; -+ entry->skb = skb; -+ ret = __imq_nf_queue(entry, dev); -+ if (ret) -+ entry->skb = gso_skb; -+ return ret; -+ } -+ -+ skb->next = NULL; -+ -+ entry_seg = nf_queue_entry_dup(entry); -+ if (entry_seg) { -+ entry_seg->skb = skb; -+ ret = __imq_nf_queue(entry_seg, dev); -+ if (ret) -+ free_entry(entry_seg); -+ } -+ return ret; -+} -+ -+static int imq_nf_queue(struct nf_queue_entry *entry, unsigned queue_num) -+{ -+ struct sk_buff *skb, *segs; -+ struct net_device *dev; -+ unsigned int queued; -+ int index, retval, err; -+ -+ index = entry->skb->imq_flags & IMQ_F_IFMASK; -+ if (unlikely(index > numdevs - 1)) { -+ if (net_ratelimit()) -+ pr_warn("IMQ: invalid device specified, highest is %u\n", -+ numdevs - 1); -+ retval = -EINVAL; -+ goto out_no_dev; -+ } -+ -+ /* check for imq device by index from cache */ -+ dev = imq_devs_cache[index]; -+ if (unlikely(!dev)) { -+ dev = get_imq_device_by_index(index); -+ if (IS_ERR(dev)) { -+ retval = PTR_ERR(dev); -+ goto out_no_dev; -+ } -+ } -+ -+ if (unlikely(!(dev->flags & IFF_UP))) { -+ entry->skb->imq_flags = 0; -+ retval = -ECANCELED; -+ goto out_no_dev; -+ } -+ -+ /* Since 3.10.x, GSO handling moved here as result of upstream commit -+ * a5fedd43d5f6c94c71053a66e4c3d2e35f1731a2 (netfilter: move -+ * skb_gso_segment into nfnetlink_queue module). -+ * -+ * Following code replicates the gso handling from -+ * 'net/netfilter/nfnetlink_queue_core.c':nfqnl_enqueue_packet(). -+ */ -+ -+ skb = entry->skb; -+ -+ switch (entry->state.pf) { -+ case NFPROTO_IPV4: -+ skb->protocol = htons(ETH_P_IP); -+ break; -+ case NFPROTO_IPV6: -+ skb->protocol = htons(ETH_P_IPV6); -+ break; -+ } -+ -+ if (!skb_is_gso(entry->skb)) -+ return __imq_nf_queue(entry, dev); -+ -+ nf_bridge_adjust_skb_data(skb); -+ segs = skb_gso_segment(skb, 0); -+ /* Does not use PTR_ERR to limit the number of error codes that can be -+ * returned by nf_queue. For instance, callers rely on -ECANCELED to -+ * mean 'ignore this hook'. -+ */ -+ err = -ENOBUFS; -+ if (IS_ERR(segs)) -+ goto out_err; -+ queued = 0; -+ err = 0; -+ do { -+ struct sk_buff *nskb = segs->next; -+ if (nskb && nskb->next) -+ nskb->cb_next = NULL; -+ if (err == 0) -+ err = __imq_nf_queue_gso(entry, dev, segs); -+ if (err == 0) -+ queued++; -+ else -+ kfree_skb(segs); -+ segs = nskb; -+ } while (segs); -+ -+ if (queued) { -+ if (err) /* some segments are already queued */ -+ free_entry(entry); -+ kfree_skb(skb); -+ return 0; -+ } -+ -+out_err: -+ nf_bridge_adjust_segmented_data(skb); -+ retval = err; -+out_no_dev: -+ return retval; -+} -+ -+static int __imq_nf_queue(struct nf_queue_entry *entry, struct net_device *dev) -+{ -+ struct sk_buff *skb_orig, *skb, *skb_shared, *skb_popd; -+ struct Qdisc *q; -+ struct sk_buff *to_free = NULL; -+ struct netdev_queue *txq; -+ spinlock_t *root_lock; -+ int users; -+ int retval = -EINVAL; -+ unsigned int orig_queue_index; -+ -+ dev->last_rx = jiffies; -+ -+ skb = entry->skb; -+ skb_orig = NULL; -+ -+ /* skb has owner? => make clone */ -+ if (unlikely(skb->destructor)) { -+ skb_orig = skb; -+ skb = skb_clone(skb, GFP_ATOMIC); -+ if (unlikely(!skb)) { -+ retval = -ENOMEM; -+ goto out; -+ } -+ skb->cb_next = NULL; -+ entry->skb = skb; -+ } -+ -+ dev->stats.rx_bytes += skb->len; -+ dev->stats.rx_packets++; -+ -+ if (!skb->dev) { -+ /* skb->dev == NULL causes problems, try the find cause. */ -+ if (net_ratelimit()) { -+ dev_warn(&dev->dev, -+ "received packet with skb->dev == NULL\n"); -+ dump_stack(); -+ } -+ -+ skb->dev = dev; -+ } -+ -+ /* Disables softirqs for lock below */ -+ rcu_read_lock_bh(); -+ -+ /* Multi-queue selection */ -+ orig_queue_index = skb_get_queue_mapping(skb); -+ txq = imq_select_queue(dev, skb); -+ -+ q = rcu_dereference(txq->qdisc); -+ if (unlikely(!q->enqueue)) -+ goto packet_not_eaten_by_imq_dev; -+ -+ skb->nf_queue_entry = entry; -+ root_lock = qdisc_lock(q); -+ spin_lock(root_lock); -+ -+ users = refcount_read(&skb->users); -+ -+ skb_shared = skb_get(skb); /* increase reference count by one */ -+ -+ /* backup skb->cb, as qdisc layer will overwrite it */ -+ skb_save_cb(skb_shared); -+ qdisc_enqueue_root(skb_shared, q, &to_free); /* might kfree_skb */ -+ if (likely(refcount_read(&skb_shared->users) == users + 1)) { -+ bool validate; -+ -+ kfree_skb(skb_shared); /* decrease reference count by one */ -+ -+ skb->destructor = &imq_skb_destructor; -+ -+ skb_popd = qdisc_dequeue_skb(q, &validate); -+ -+ /* cloned? */ -+ if (unlikely(skb_orig)) -+ kfree_skb(skb_orig); /* free original */ -+ -+ spin_unlock(root_lock); -+ -+#if 0 -+ /* schedule qdisc dequeue */ -+ __netif_schedule(q); -+#else -+ if (likely(skb_popd)) { -+ /* Note that we validate skb (GSO, checksum, ...) outside of locks */ -+ if (validate) -+ skb_popd = validate_xmit_skb_list(skb_popd, dev); -+ -+ if (skb_popd) { -+ int dummy_ret; -+ int cpu = smp_processor_id(); /* ok because BHs are off */ -+ -+ txq = skb_get_tx_queue(dev, skb_popd); -+ /* -+ IMQ device will not be frozen or stoped, and it always be successful. -+ So we need not check its status and return value to accelerate. -+ */ -+ if (imq_dev_accurate_stats && txq->xmit_lock_owner != cpu) { -+ HARD_TX_LOCK(dev, txq, cpu); -+ if (!netif_xmit_frozen_or_stopped(txq)) { -+ dev_hard_start_xmit(skb_popd, dev, txq, &dummy_ret); -+ } -+ HARD_TX_UNLOCK(dev, txq); -+ } else { -+ if (!netif_xmit_frozen_or_stopped(txq)) { -+ dev_hard_start_xmit(skb_popd, dev, txq, &dummy_ret); -+ } -+ } -+ } -+ } else { -+ /* No ready skb, then schedule it */ -+ __netif_schedule(q); -+ } -+#endif -+ rcu_read_unlock_bh(); -+ retval = 0; -+ goto out; -+ } else { -+ skb_restore_cb(skb_shared); /* restore skb->cb */ -+ skb->nf_queue_entry = NULL; -+ /* -+ * qdisc dropped packet and decreased skb reference count of -+ * skb, so we don't really want to and try refree as that would -+ * actually destroy the skb. -+ */ -+ spin_unlock(root_lock); -+ goto packet_not_eaten_by_imq_dev; -+ } -+ -+packet_not_eaten_by_imq_dev: -+ skb_set_queue_mapping(skb, orig_queue_index); -+ rcu_read_unlock_bh(); -+ -+ /* cloned? restore original */ -+ if (unlikely(skb_orig)) { -+ kfree_skb(skb); -+ entry->skb = skb_orig; -+ } -+ retval = -1; -+out: -+ if (unlikely(to_free)) { -+ kfree_skb_list(to_free); -+ } -+ return retval; -+} -+static unsigned int imq_nf_hook(void *priv, -+ struct sk_buff *skb, -+ const struct nf_hook_state *state) -+{ -+ return (skb->imq_flags & IMQ_F_ENQUEUE) ? NF_IMQ_QUEUE : NF_ACCEPT; -+} -+ -+static int imq_close(struct net_device *dev) -+{ -+ netif_stop_queue(dev); -+ return 0; -+} -+ -+static int imq_open(struct net_device *dev) -+{ -+ netif_start_queue(dev); -+ return 0; -+} -+ -+static struct device_type imq_device_type = { -+ .name = "imq", -+}; -+ -+static const struct net_device_ops imq_netdev_ops = { -+ .ndo_open = imq_open, -+ .ndo_stop = imq_close, -+ .ndo_start_xmit = imq_dev_xmit, -+ .ndo_get_stats = imq_get_stats, -+}; -+ -+static void imq_setup(struct net_device *dev) -+{ -+ dev->netdev_ops = &imq_netdev_ops; -+ dev->type = ARPHRD_VOID; -+ dev->mtu = 16000; /* too small? */ -+ dev->tx_queue_len = 11000; /* too big? */ -+ dev->flags = IFF_NOARP; -+ dev->features = NETIF_F_SG | NETIF_F_FRAGLIST | -+ NETIF_F_GSO | NETIF_F_HW_CSUM | -+ NETIF_F_HIGHDMA; -+ dev->priv_flags &= ~(IFF_XMIT_DST_RELEASE | -+ IFF_TX_SKB_SHARING); -+} -+ -+static int imq_validate(struct nlattr *tb[], struct nlattr *data[], -+ struct netlink_ext_ack *extack) -+{ -+ int ret = 0; -+ -+ if (tb[IFLA_ADDRESS]) { -+ if (nla_len(tb[IFLA_ADDRESS]) != ETH_ALEN) { -+ ret = -EINVAL; -+ goto end; -+ } -+ if (!is_valid_ether_addr(nla_data(tb[IFLA_ADDRESS]))) { -+ ret = -EADDRNOTAVAIL; -+ goto end; -+ } -+ } -+ return 0; -+end: -+ pr_warn("IMQ: imq_validate failed (%d)\n", ret); -+ return ret; -+} -+ -+static struct rtnl_link_ops imq_link_ops __read_mostly = { -+ .kind = "imq", -+ .priv_size = 0, -+ .setup = imq_setup, -+ .validate = imq_validate, -+}; -+ -+static const struct nf_queue_handler imq_nfqh = { -+ .outfn = imq_nf_queue, -+}; -+ -+static int __net_init imq_nf_register(struct net *net) -+{ -+ return nf_register_net_hooks(net, imq_ops, -+ ARRAY_SIZE(imq_ops)); -+}; -+ -+static void __net_exit imq_nf_unregister(struct net *net) -+{ -+ nf_unregister_net_hooks(net, imq_ops, -+ ARRAY_SIZE(imq_ops)); -+}; -+ -+static struct pernet_operations imq_net_ops = { -+ .init = imq_nf_register, -+ .exit = imq_nf_unregister, -+}; -+ -+static int __net_init imq_init_hooks(void) -+{ -+ int ret; -+ nf_register_queue_imq_handler(&imq_nfqh); -+ -+ ret = register_pernet_subsys(&imq_net_ops); -+ if (ret < 0) -+ nf_unregister_queue_imq_handler(); -+ -+ return ret; -+} -+ -+#ifdef CONFIG_LOCKDEP -+ static struct lock_class_key imq_netdev_addr_lock_key; -+ -+ static void __init imq_dev_set_lockdep_one(struct net_device *dev, -+ struct netdev_queue *txq, void *arg) -+ { -+ /* -+ * the IMQ transmit locks can be taken recursively, -+ * for example with one IMQ rule for input- and one for -+ * output network devices in iptables! -+ * until we find a better solution ignore them. -+ */ -+ lockdep_set_novalidate_class(&txq->_xmit_lock); -+ } -+ -+ static void imq_dev_set_lockdep_class(struct net_device *dev) -+ { -+ lockdep_set_class_and_name(&dev->addr_list_lock, -+ &imq_netdev_addr_lock_key, "_xmit_addr_IMQ"); -+ netdev_for_each_tx_queue(dev, imq_dev_set_lockdep_one, NULL); -+} -+#else -+ static inline void imq_dev_set_lockdep_class(struct net_device *dev) -+ { -+ } -+#endif -+ -+static int __init imq_init_one(int index) -+{ -+ struct net_device *dev; -+ int ret; -+ -+ dev = alloc_netdev_mq(0, "imq%d", NET_NAME_UNKNOWN, imq_setup, numqueues); -+ if (!dev) -+ return -ENOMEM; -+ -+ ret = dev_alloc_name(dev, dev->name); -+ if (ret < 0) -+ goto fail; -+ -+ dev->rtnl_link_ops = &imq_link_ops; -+ SET_NETDEV_DEVTYPE(dev, &imq_device_type); -+ ret = register_netdevice(dev); -+ if (ret < 0) -+ goto fail; -+ -+ imq_dev_set_lockdep_class(dev); -+ -+ return 0; -+fail: -+ free_netdev(dev); -+ return ret; -+} -+ -+static int __init imq_init_devs(void) -+{ -+ int err, i; -+ -+ if (numdevs < 1 || numdevs > IMQ_MAX_DEVS) { -+ pr_err("IMQ: numdevs has to be betweed 1 and %u\n", -+ IMQ_MAX_DEVS); -+ return -EINVAL; -+ } -+ -+ if (numqueues < 1 || numqueues > IMQ_MAX_QUEUES) { -+ pr_err("IMQ: numqueues has to be betweed 1 and %u\n", -+ IMQ_MAX_QUEUES); -+ return -EINVAL; -+ } -+ -+ get_random_bytes(&imq_hashrnd, sizeof(imq_hashrnd)); -+ -+ rtnl_lock(); -+ err = __rtnl_link_register(&imq_link_ops); -+ -+ for (i = 0; i < numdevs && !err; i++) -+ err = imq_init_one(i); -+ -+ if (err) { -+ __rtnl_link_unregister(&imq_link_ops); -+ memset(imq_devs_cache, 0, sizeof(imq_devs_cache)); -+ } -+ rtnl_unlock(); -+ -+ return err; -+} -+ -+static int __init imq_init_module(void) -+{ -+ int err; -+ -+#if defined(CONFIG_IMQ_NUM_DEVS) -+ BUILD_BUG_ON(CONFIG_IMQ_NUM_DEVS > 16); -+ BUILD_BUG_ON(CONFIG_IMQ_NUM_DEVS < 2); -+ BUILD_BUG_ON(CONFIG_IMQ_NUM_DEVS - 1 > IMQ_F_IFMASK); -+#endif -+ -+ err = imq_init_devs(); -+ if (err) { -+ pr_err("IMQ: Error trying imq_init_devs(net)\n"); -+ return err; -+ } -+ -+ err = imq_init_hooks(); -+ if (err) { -+ pr_err(KERN_ERR "IMQ: Error trying imq_init_hooks()\n"); -+ rtnl_link_unregister(&imq_link_ops); -+ memset(imq_devs_cache, 0, sizeof(imq_devs_cache)); -+ return err; -+ } -+ -+ pr_info("IMQ driver loaded successfully. (numdevs = %d, numqueues = %d, imq_dev_accurate_stats = %d)\n", -+ numdevs, numqueues, imq_dev_accurate_stats); -+ -+#if defined(CONFIG_IMQ_BEHAVIOR_BA) || defined(CONFIG_IMQ_BEHAVIOR_BB) -+ pr_info("\tHooking IMQ before NAT on PREROUTING.\n"); -+#else -+ pr_info("\tHooking IMQ after NAT on PREROUTING.\n"); -+#endif -+#if defined(CONFIG_IMQ_BEHAVIOR_AB) || defined(CONFIG_IMQ_BEHAVIOR_BB) -+ pr_info("\tHooking IMQ before NAT on POSTROUTING.\n"); -+#else -+ pr_info("\tHooking IMQ after NAT on POSTROUTING.\n"); -+#endif -+ -+ return 0; -+} -+ -+static void __exit imq_unhook(void) -+{ -+ unregister_pernet_subsys(&imq_net_ops); -+ nf_unregister_queue_imq_handler(); -+} -+ -+static void __exit imq_cleanup_devs(void) -+{ -+ rtnl_link_unregister(&imq_link_ops); -+ memset(imq_devs_cache, 0, sizeof(imq_devs_cache)); -+} -+ -+static void __exit imq_exit_module(void) -+{ -+ imq_unhook(); -+ imq_cleanup_devs(); -+ pr_info("IMQ driver unloaded successfully.\n"); -+} -+ -+module_init(imq_init_module); -+module_exit(imq_exit_module); -+ -+module_param(numdevs, int, 0); -+module_param(numqueues, int, 0); -+module_param(imq_dev_accurate_stats, int, 0); -+MODULE_PARM_DESC(numdevs, "number of IMQ devices (how many imq* devices will be created)"); -+MODULE_PARM_DESC(numqueues, "number of queues per IMQ device"); -+MODULE_PARM_DESC(imq_dev_accurate_stats, "Notify if need the accurate imq device stats"); -+ -+MODULE_AUTHOR("https://github.com/imq/linuximq"); -+MODULE_DESCRIPTION("Pseudo-driver for the intermediate queue device. See https://github.com/imq/linuximq/wiki for more information."); -+MODULE_LICENSE("GPL"); -+MODULE_ALIAS_RTNL_LINK("imq"); -diff -Naupr linux-4.14_orig/drivers/net/Kconfig linux-4.14/drivers/net/Kconfig ---- linux-4.14_orig/drivers/net/Kconfig 2017-11-13 01:46:13.000000000 +0700 -+++ linux-4.14/drivers/net/Kconfig 2017-11-13 11:46:45.844089945 +0700 -@@ -277,6 +277,125 @@ config RIONET_RX_SIZE - depends on RIONET - default "128" - -+config IMQ -+ tristate "IMQ (intermediate queueing device) support" -+ depends on NETDEVICES && NETFILTER -+ ---help--- -+ The IMQ device(s) is used as placeholder for QoS queueing -+ disciplines. Every packet entering/leaving the IP stack can be -+ directed through the IMQ device where it's enqueued/dequeued to the -+ attached qdisc. This allows you to treat network devices as classes -+ and distribute bandwidth among them. Iptables is used to specify -+ through which IMQ device, if any, packets travel. -+ -+ More information at: https://github.com/imq/linuximq -+ -+ To compile this driver as a module, choose M here: the module -+ will be called imq. If unsure, say N. -+ -+choice -+ prompt "IMQ behavior (PRE/POSTROUTING)" -+ depends on IMQ -+ default IMQ_BEHAVIOR_AB -+ help -+ This setting defines how IMQ behaves in respect to its -+ hooking in PREROUTING and POSTROUTING. -+ -+ IMQ can work in any of the following ways: -+ -+ PREROUTING | POSTROUTING -+ -----------------|------------------- -+ #1 After NAT | After NAT -+ #2 After NAT | Before NAT -+ #3 Before NAT | After NAT -+ #4 Before NAT | Before NAT -+ -+ The default behavior is to hook before NAT on PREROUTING -+ and after NAT on POSTROUTING (#3). -+ -+ This settings are specially usefull when trying to use IMQ -+ to shape NATed clients. -+ -+ More information can be found at: https://github.com/imq/linuximq -+ -+ If not sure leave the default settings alone. -+ -+config IMQ_BEHAVIOR_AA -+ bool "IMQ AA" -+ help -+ This setting defines how IMQ behaves in respect to its -+ hooking in PREROUTING and POSTROUTING. -+ -+ Choosing this option will make IMQ hook like this: -+ -+ PREROUTING: After NAT -+ POSTROUTING: After NAT -+ -+ More information can be found at: https://github.com/imq/linuximq -+ -+ If not sure leave the default settings alone. -+ -+config IMQ_BEHAVIOR_AB -+ bool "IMQ AB" -+ help -+ This setting defines how IMQ behaves in respect to its -+ hooking in PREROUTING and POSTROUTING. -+ -+ Choosing this option will make IMQ hook like this: -+ -+ PREROUTING: After NAT -+ POSTROUTING: Before NAT -+ -+ More information can be found at: https://github.com/imq/linuximq -+ -+ If not sure leave the default settings alone. -+ -+config IMQ_BEHAVIOR_BA -+ bool "IMQ BA" -+ help -+ This setting defines how IMQ behaves in respect to its -+ hooking in PREROUTING and POSTROUTING. -+ -+ Choosing this option will make IMQ hook like this: -+ -+ PREROUTING: Before NAT -+ POSTROUTING: After NAT -+ -+ More information can be found at: https://github.com/imq/linuximq -+ -+ If not sure leave the default settings alone. -+ -+config IMQ_BEHAVIOR_BB -+ bool "IMQ BB" -+ help -+ This setting defines how IMQ behaves in respect to its -+ hooking in PREROUTING and POSTROUTING. -+ -+ Choosing this option will make IMQ hook like this: -+ -+ PREROUTING: Before NAT -+ POSTROUTING: Before NAT -+ -+ More information can be found at: https://github.com/imq/linuximq -+ -+ If not sure leave the default settings alone. -+ -+endchoice -+ -+config IMQ_NUM_DEVS -+ int "Number of IMQ devices" -+ range 2 16 -+ depends on IMQ -+ default "16" -+ help -+ This setting defines how many IMQ devices will be created. -+ -+ The default value is 16. -+ -+ More information can be found at: https://github.com/imq/linuximq -+ -+ If not sure leave the default settings alone. -+ - config TUN - tristate "Universal TUN/TAP device driver support" - depends on INET -diff -Naupr linux-4.14_orig/drivers/net/Makefile linux-4.14/drivers/net/Makefile ---- linux-4.14_orig/drivers/net/Makefile 2017-11-13 01:46:13.000000000 +0700 -+++ linux-4.14/drivers/net/Makefile 2017-11-13 11:46:45.844089945 +0700 -@@ -13,6 +13,7 @@ obj-$(CONFIG_DUMMY) += dummy.o - obj-$(CONFIG_EQUALIZER) += eql.o - obj-$(CONFIG_IFB) += ifb.o - obj-$(CONFIG_MACSEC) += macsec.o -+obj-$(CONFIG_IMQ) += imq.o - obj-$(CONFIG_MACVLAN) += macvlan.o - obj-$(CONFIG_MACVTAP) += macvtap.o - obj-$(CONFIG_MII) += mii.o -diff -Naupr linux-4.14_orig/include/linux/imq.h linux-4.14/include/linux/imq.h ---- linux-4.14_orig/include/linux/imq.h 1970-01-01 07:00:00.000000000 +0700 -+++ linux-4.14/include/linux/imq.h 2017-11-13 11:46:45.844089945 +0700 -@@ -0,0 +1,13 @@ -+#ifndef _IMQ_H -+#define _IMQ_H -+ -+/* IFMASK (16 device indexes, 0 to 15) and flag(s) fit in 5 bits */ -+#define IMQ_F_BITS 5 -+ -+#define IMQ_F_IFMASK 0x0f -+#define IMQ_F_ENQUEUE 0x10 -+ -+#define IMQ_MAX_DEVS (IMQ_F_IFMASK + 1) -+ -+#endif /* _IMQ_H */ -+ -diff -Naupr linux-4.14_orig/include/linux/netdevice.h linux-4.14/include/linux/netdevice.h ---- linux-4.14_orig/include/linux/netdevice.h 2017-11-13 01:46:13.000000000 +0700 -+++ linux-4.14/include/linux/netdevice.h 2017-11-13 11:46:45.844089945 +0700 -@@ -1771,6 +1771,11 @@ struct net_device { - /* - * Cache lines mostly used on receive path (including eth_type_trans()) - */ -+ -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ unsigned long last_rx; -+#endif -+ - /* Interface address info used in eth_type_trans() */ - unsigned char *dev_addr; - -@@ -3631,6 +3636,19 @@ static inline void netif_tx_unlock_bh(st - } \ - } - -+#define HARD_TX_LOCK_BH(dev, txq) { \ -+ if ((dev->features & NETIF_F_LLTX) == 0) { \ -+ __netif_tx_lock_bh(txq); \ -+ } \ -+} -+ -+#define HARD_TX_UNLOCK_BH(dev, txq) { \ -+ if ((dev->features & NETIF_F_LLTX) == 0) { \ -+ __netif_tx_unlock_bh(txq); \ -+ } \ -+} -+ -+ - static inline void netif_tx_disable(struct net_device *dev) - { - unsigned int i; -diff -Naupr linux-4.14_orig/include/linux/netfilter/xt_IMQ.h linux-4.14/include/linux/netfilter/xt_IMQ.h ---- linux-4.14_orig/include/linux/netfilter/xt_IMQ.h 1970-01-01 07:00:00.000000000 +0700 -+++ linux-4.14/include/linux/netfilter/xt_IMQ.h 2017-11-13 11:46:45.847423298 +0700 -@@ -0,0 +1,9 @@ -+#ifndef _XT_IMQ_H -+#define _XT_IMQ_H -+ -+struct xt_imq_info { -+ unsigned int todev; /* target imq device */ -+}; -+ -+#endif /* _XT_IMQ_H */ -+ -diff -Naupr linux-4.14_orig/include/linux/netfilter_ipv4/ipt_IMQ.h linux-4.14/include/linux/netfilter_ipv4/ipt_IMQ.h ---- linux-4.14_orig/include/linux/netfilter_ipv4/ipt_IMQ.h 1970-01-01 07:00:00.000000000 +0700 -+++ linux-4.14/include/linux/netfilter_ipv4/ipt_IMQ.h 2017-11-13 11:46:45.847423298 +0700 -@@ -0,0 +1,10 @@ -+#ifndef _IPT_IMQ_H -+#define _IPT_IMQ_H -+ -+/* Backwards compatibility for old userspace */ -+#include <linux/netfilter/xt_IMQ.h> -+ -+#define ipt_imq_info xt_imq_info -+ -+#endif /* _IPT_IMQ_H */ -+ -diff -Naupr linux-4.14_orig/include/linux/netfilter_ipv6/ip6t_IMQ.h linux-4.14/include/linux/netfilter_ipv6/ip6t_IMQ.h ---- linux-4.14_orig/include/linux/netfilter_ipv6/ip6t_IMQ.h 1970-01-01 07:00:00.000000000 +0700 -+++ linux-4.14/include/linux/netfilter_ipv6/ip6t_IMQ.h 2017-11-13 11:46:45.847423298 +0700 -@@ -0,0 +1,10 @@ -+#ifndef _IP6T_IMQ_H -+#define _IP6T_IMQ_H -+ -+/* Backwards compatibility for old userspace */ -+#include <linux/netfilter/xt_IMQ.h> -+ -+#define ip6t_imq_info xt_imq_info -+ -+#endif /* _IP6T_IMQ_H */ -+ -diff -Naupr linux-4.14_orig/include/linux/skbuff.h linux-4.14/include/linux/skbuff.h ---- linux-4.14_orig/include/linux/skbuff.h 2017-11-13 01:46:13.000000000 +0700 -+++ linux-4.14/include/linux/skbuff.h 2017-11-13 11:46:45.847423298 +0700 -@@ -41,6 +41,10 @@ - #include <linux/in6.h> - #include <linux/if_packet.h> - #include <net/flow.h> -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+#include <linux/imq.h> -+#endif -+ - - /* The interface for checksum offload between the stack and networking drivers - * is as follows... -@@ -581,7 +585,7 @@ typedef unsigned int sk_buff_data_t; - typedef unsigned char *sk_buff_data_t; - #endif - --/** -+/** - * struct sk_buff - socket buffer - * @next: Next buffer in list - * @prev: Previous buffer in list -@@ -684,6 +688,9 @@ struct sk_buff { - * first. This is owned by whoever has the skb queued ATM. - */ - char cb[48] __aligned(8); -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ void *cb_next; -+#endif - - unsigned long _skb_refdst; - void (*destructor)(struct sk_buff *skb); -@@ -693,6 +700,9 @@ struct sk_buff { - #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) - unsigned long _nfct; - #endif -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ struct nf_queue_entry *nf_queue_entry; -+#endif - #if IS_ENABLED(CONFIG_BRIDGE_NETFILTER) - struct nf_bridge_info *nf_bridge; - #endif -@@ -772,6 +782,9 @@ struct sk_buff { - #ifdef CONFIG_NET_SWITCHDEV - __u8 offload_fwd_mark:1; - #endif -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ __u8 imq_flags:IMQ_F_BITS; -+#endif - #ifdef CONFIG_NET_CLS_ACT - __u8 tc_skip_classify:1; - __u8 tc_at_ingress:1; -@@ -870,7 +883,7 @@ static inline bool skb_pfmemalloc(const - */ - static inline struct dst_entry *skb_dst(const struct sk_buff *skb) - { -- /* If refdst was not refcounted, check we still are in a -+ /* If refdst was not refcounted, check we still are in a - * rcu_read_lock section - */ - WARN_ON((skb->_skb_refdst & SKB_DST_NOREF) && -@@ -960,6 +973,12 @@ void skb_tx_error(struct sk_buff *skb); - void consume_skb(struct sk_buff *skb); - void __consume_stateless_skb(struct sk_buff *skb); - void __kfree_skb(struct sk_buff *skb); -+ -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+int skb_save_cb(struct sk_buff *skb); -+int skb_restore_cb(struct sk_buff *skb); -+#endif -+ - extern struct kmem_cache *skbuff_head_cache; - - void kfree_skb_partial(struct sk_buff *skb, bool head_stolen); -@@ -3785,8 +3804,12 @@ static inline void __nf_copy(struct sk_b - dst->_nfct = src->_nfct; - nf_conntrack_get(skb_nfct(src)); - #endif -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ dst->imq_flags = src->imq_flags; -+ dst->nf_queue_entry = src->nf_queue_entry; -+#endif - #if IS_ENABLED(CONFIG_BRIDGE_NETFILTER) -- dst->nf_bridge = src->nf_bridge; -+ dst->nf_bridge = src->nf_bridge; - nf_bridge_get(src->nf_bridge); - #endif - #if IS_ENABLED(CONFIG_NETFILTER_XT_TARGET_TRACE) || defined(CONFIG_NF_TABLES) -diff -Naupr linux-4.14_orig/include/net/netfilter/nf_queue.h linux-4.14/include/net/netfilter/nf_queue.h ---- linux-4.14_orig/include/net/netfilter/nf_queue.h 2017-11-13 01:46:13.000000000 +0700 -+++ linux-4.14/include/net/netfilter/nf_queue.h 2017-11-13 11:46:45.847423298 +0700 -@@ -31,6 +31,12 @@ struct nf_queue_handler { - void nf_register_queue_handler(struct net *net, const struct nf_queue_handler *qh); - void nf_unregister_queue_handler(struct net *net); - void nf_reinject(struct nf_queue_entry *entry, unsigned int verdict); -+void nf_queue_entry_release_refs(struct nf_queue_entry *entry); -+ -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+void nf_register_queue_imq_handler(const struct nf_queue_handler *qh); -+void nf_unregister_queue_imq_handler(void); -+#endif - - void nf_queue_entry_get_refs(struct nf_queue_entry *entry); - void nf_queue_entry_release_refs(struct nf_queue_entry *entry); -diff -Naupr linux-4.14_orig/include/net/pkt_sched.h linux-4.14/include/net/pkt_sched.h ---- linux-4.14_orig/include/net/pkt_sched.h 2017-11-13 01:46:13.000000000 +0700 -+++ linux-4.14/include/net/pkt_sched.h 2017-11-13 11:46:45.850756651 +0700 -@@ -109,6 +109,8 @@ int sch_direct_xmit(struct sk_buff *skb, - - void __qdisc_run(struct Qdisc *q); - -+struct sk_buff *qdisc_dequeue_skb(struct Qdisc *q, bool *validate); -+ - static inline void qdisc_run(struct Qdisc *q) - { - if (qdisc_run_begin(q)) -diff -Naupr linux-4.14_orig/include/net/sch_generic.h linux-4.14/include/net/sch_generic.h ---- linux-4.14_orig/include/net/sch_generic.h 2017-11-13 01:46:13.000000000 +0700 -+++ linux-4.14/include/net/sch_generic.h 2017-11-13 11:46:45.850756651 +0700 -@@ -567,6 +567,13 @@ static inline int qdisc_enqueue(struct s - return sch->enqueue(skb, sch, to_free); - } - -+static inline int qdisc_enqueue_root(struct sk_buff *skb, struct Qdisc *sch, -+ struct sk_buff **to_free) -+{ -+ qdisc_skb_cb(skb)->pkt_len = skb->len; -+ return qdisc_enqueue(skb, sch, to_free) & NET_XMIT_MASK; -+} -+ - static inline bool qdisc_is_percpu_stats(const struct Qdisc *q) - { - return q->flags & TCQ_F_CPUSTATS; -diff -Naupr linux-4.14_orig/include/uapi/linux/netfilter.h linux-4.14/include/uapi/linux/netfilter.h ---- linux-4.14_orig/include/uapi/linux/netfilter.h 2017-11-13 01:46:13.000000000 +0700 -+++ linux-4.14/include/uapi/linux/netfilter.h 2017-11-13 11:46:45.850756651 +0700 -@@ -14,7 +14,8 @@ - #define NF_QUEUE 3 - #define NF_REPEAT 4 - #define NF_STOP 5 /* Deprecated, for userspace nf_queue compatibility. */ --#define NF_MAX_VERDICT NF_STOP -+#define NF_IMQ_QUEUE 6 -+#define NF_MAX_VERDICT NF_IMQ_QUEUE - - /* we overload the higher bits for encoding auxiliary data such as the queue - * number or errno values. Not nice, but better than additional function -diff -Naupr linux-4.14_orig/net/core/dev.c linux-4.14/net/core/dev.c ---- linux-4.14_orig/net/core/dev.c 2017-11-13 01:46:13.000000000 +0700 -+++ linux-4.14/net/core/dev.c 2017-11-13 11:46:45.854090004 +0700 -@@ -143,6 +143,9 @@ - #include <linux/hrtimer.h> - #include <linux/netfilter_ingress.h> - #include <linux/crash_dump.h> -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+#include <linux/imq.h> -+#endif - #include <linux/sctp.h> - #include <net/udp_tunnel.h> - -@@ -2971,7 +2974,12 @@ static int xmit_one(struct sk_buff *skb, - unsigned int len; - int rc; - -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ if ((!list_empty(&ptype_all) || !list_empty(&dev->ptype_all)) && -+ !(skb->imq_flags & IMQ_F_ENQUEUE)) -+#else - if (!list_empty(&ptype_all) || !list_empty(&dev->ptype_all)) -+#endif - dev_queue_xmit_nit(skb, dev); - - len = skb->len; -@@ -3010,6 +3018,8 @@ out: - return skb; - } - -+EXPORT_SYMBOL_GPL(dev_hard_start_xmit); -+ - static struct sk_buff *validate_xmit_vlan(struct sk_buff *skb, - netdev_features_t features) - { -diff -Naupr linux-4.14_orig/net/core/skbuff.c linux-4.14/net/core/skbuff.c ---- linux-4.14_orig/net/core/skbuff.c 2017-11-13 01:46:13.000000000 +0700 -+++ linux-4.14/net/core/skbuff.c 2017-11-13 11:46:45.854090004 +0700 -@@ -82,6 +82,87 @@ struct kmem_cache *skbuff_head_cache __r - static struct kmem_cache *skbuff_fclone_cache __read_mostly; - int sysctl_max_skb_frags __read_mostly = MAX_SKB_FRAGS; - EXPORT_SYMBOL(sysctl_max_skb_frags); -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+static struct kmem_cache *skbuff_cb_store_cache __read_mostly; -+#endif -+ -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+/* Control buffer save/restore for IMQ devices */ -+struct skb_cb_table { -+ char cb[48] __aligned(8); -+ void *cb_next; -+ atomic_t refcnt; -+}; -+ -+static DEFINE_SPINLOCK(skb_cb_store_lock); -+ -+int skb_save_cb(struct sk_buff *skb) -+{ -+ struct skb_cb_table *next; -+ -+ next = kmem_cache_alloc(skbuff_cb_store_cache, GFP_ATOMIC); -+ if (!next) -+ return -ENOMEM; -+ -+ BUILD_BUG_ON(sizeof(skb->cb) != sizeof(next->cb)); -+ -+ memcpy(next->cb, skb->cb, sizeof(skb->cb)); -+ next->cb_next = skb->cb_next; -+ -+ atomic_set(&next->refcnt, 1); -+ -+ skb->cb_next = next; -+ return 0; -+} -+EXPORT_SYMBOL(skb_save_cb); -+ -+int skb_restore_cb(struct sk_buff *skb) -+{ -+ struct skb_cb_table *next; -+ -+ if (!skb->cb_next) -+ return 0; -+ -+ next = skb->cb_next; -+ -+ BUILD_BUG_ON(sizeof(skb->cb) != sizeof(next->cb)); -+ -+ memcpy(skb->cb, next->cb, sizeof(skb->cb)); -+ skb->cb_next = next->cb_next; -+ -+ spin_lock(&skb_cb_store_lock); -+ -+ if (atomic_dec_and_test(&next->refcnt)) -+ kmem_cache_free(skbuff_cb_store_cache, next); -+ -+ spin_unlock(&skb_cb_store_lock); -+ -+ return 0; -+} -+EXPORT_SYMBOL(skb_restore_cb); -+ -+static void skb_copy_stored_cb(struct sk_buff * , const struct sk_buff * ) __attribute__ ((unused)); -+static void skb_copy_stored_cb(struct sk_buff *new, const struct sk_buff *__old) -+{ -+ struct skb_cb_table *next; -+ struct sk_buff *old; -+ -+ if (!__old->cb_next) { -+ new->cb_next = NULL; -+ return; -+ } -+ -+ spin_lock(&skb_cb_store_lock); -+ -+ old = (struct sk_buff *)__old; -+ -+ next = old->cb_next; -+ atomic_inc(&next->refcnt); -+ new->cb_next = next; -+ -+ spin_unlock(&skb_cb_store_lock); -+} -+#endif - - /** - * skb_panic - private function for out-of-line support -@@ -615,6 +696,28 @@ void skb_release_head_state(struct sk_bu - WARN_ON(in_irq()); - skb->destructor(skb); - } -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ /* -+ * This should not happen. When it does, avoid memleak by restoring -+ * the chain of cb-backups. -+ */ -+ while (skb->cb_next != NULL) { -+ if (net_ratelimit()) -+ pr_warn("IMQ: kfree_skb: skb->cb_next: %08x\n", -+ (unsigned int)(uintptr_t)skb->cb_next); -+ -+ skb_restore_cb(skb); -+ } -+ /* -+ * This should not happen either, nf_queue_entry is nullified in -+ * imq_dev_xmit(). If we have non-NULL nf_queue_entry then we are -+ * leaking entry pointers, maybe memory. We don't know if this is -+ * pointer to already freed memory, or should this be freed. -+ * If this happens we need to add refcounting, etc for nf_queue_entry. -+ */ -+ if (skb->nf_queue_entry && net_ratelimit()) -+ pr_warn("%s\n", "IMQ: kfree_skb: skb->nf_queue_entry != NULL"); -+#endif - #if IS_ENABLED(CONFIG_NF_CONNTRACK) - nf_conntrack_put(skb_nfct(skb)); - #endif -@@ -804,6 +907,10 @@ static void __copy_skb_header(struct sk_ - new->sp = secpath_get(old->sp); - #endif - __nf_copy(new, old, false); -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ new->cb_next = NULL; -+ /*skb_copy_stored_cb(new, old);*/ -+#endif - - /* Note : this field could be in headers_start/headers_end section - * It is not yet because we do not want to have a 16 bit hole -@@ -3902,6 +4009,13 @@ void __init skb_init(void) - 0, - SLAB_HWCACHE_ALIGN|SLAB_PANIC, - NULL); -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ skbuff_cb_store_cache = kmem_cache_create("skbuff_cb_store_cache", -+ sizeof(struct skb_cb_table), -+ 0, -+ SLAB_HWCACHE_ALIGN|SLAB_PANIC, -+ NULL); -+#endif - } - - static int -diff -Naupr linux-4.14_orig/net/netfilter/core.c linux-4.14/net/netfilter/core.c ---- linux-4.14_orig/net/netfilter/core.c 2017-11-13 01:46:13.000000000 +0700 -+++ linux-4.14/net/netfilter/core.c 2017-11-13 14:16:05.896850774 +0700 -@@ -474,6 +474,11 @@ int nf_hook_slow(struct sk_buff *skb, st - if (ret == 0) - ret = -EPERM; - return ret; -+ case NF_IMQ_QUEUE: -+ ret = nf_queue(skb, state, e, s, verdict); -+ if (ret == -ECANCELED) -+ continue; -+ return ret; - case NF_QUEUE: - ret = nf_queue(skb, state, e, s, verdict); - if (ret == 1) -diff -Naupr linux-4.14_orig/net/netfilter/Kconfig linux-4.14/net/netfilter/Kconfig ---- linux-4.14_orig/net/netfilter/Kconfig 2017-11-13 01:46:13.000000000 +0700 -+++ linux-4.14/net/netfilter/Kconfig 2017-11-13 11:46:45.857423358 +0700 -@@ -867,6 +867,18 @@ config NETFILTER_XT_TARGET_LOG - - To compile it as a module, choose M here. If unsure, say N. - -+config NETFILTER_XT_TARGET_IMQ -+ tristate '"IMQ" target support' -+ depends on NETFILTER_XTABLES -+ depends on IP_NF_MANGLE || IP6_NF_MANGLE -+ select IMQ -+ default m if NETFILTER_ADVANCED=n -+ help -+ This option adds a `IMQ' target which is used to specify if and -+ to which imq device packets should get enqueued/dequeued. -+ -+ To compile it as a module, choose M here. If unsure, say N. -+ - config NETFILTER_XT_TARGET_MARK - tristate '"MARK" target support' - depends on NETFILTER_ADVANCED -diff -Naupr linux-4.14_orig/net/netfilter/Makefile linux-4.14/net/netfilter/Makefile ---- linux-4.14_orig/net/netfilter/Makefile 2017-11-13 01:46:13.000000000 +0700 -+++ linux-4.14/net/netfilter/Makefile 2017-11-13 11:46:45.857423358 +0700 -@@ -125,6 +125,7 @@ obj-$(CONFIG_NETFILTER_XT_TARGET_CT) += - obj-$(CONFIG_NETFILTER_XT_TARGET_DSCP) += xt_DSCP.o - obj-$(CONFIG_NETFILTER_XT_TARGET_HL) += xt_HL.o - obj-$(CONFIG_NETFILTER_XT_TARGET_HMARK) += xt_HMARK.o -+obj-$(CONFIG_NETFILTER_XT_TARGET_IMQ) += xt_IMQ.o - obj-$(CONFIG_NETFILTER_XT_TARGET_LED) += xt_LED.o - obj-$(CONFIG_NETFILTER_XT_TARGET_LOG) += xt_LOG.o - obj-$(CONFIG_NETFILTER_XT_TARGET_NETMAP) += xt_NETMAP.o -diff -Naupr linux-4.14_orig/net/netfilter/nf_queue.c linux-4.14/net/netfilter/nf_queue.c ---- linux-4.14_orig/net/netfilter/nf_queue.c 2017-11-13 01:46:13.000000000 +0700 -+++ linux-4.14/net/netfilter/nf_queue.c 2017-11-13 14:25:21.436864671 +0700 -@@ -1,4 +1,4 @@ --/* -+ /* - * Rusty Russell (C)2000 -- This code is GPL. - * Patrick McHardy (c) 2006-2012 - */ -@@ -27,6 +27,23 @@ - * receives, no matter what. - */ - -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+static const struct nf_queue_handler __rcu *queue_imq_handler __read_mostly; -+ -+void nf_register_queue_imq_handler(const struct nf_queue_handler *qh) -+{ -+ rcu_assign_pointer(queue_imq_handler, qh); -+} -+EXPORT_SYMBOL_GPL(nf_register_queue_imq_handler); -+ -+void nf_unregister_queue_imq_handler(void) -+{ -+ RCU_INIT_POINTER(queue_imq_handler, NULL); -+ synchronize_rcu(); -+} -+EXPORT_SYMBOL_GPL(nf_unregister_queue_imq_handler); -+#endif -+ - /* return EBUSY when somebody else is registered, return EEXIST if the - * same handler is registered, return 0 in case of success. */ - void nf_register_queue_handler(struct net *net, const struct nf_queue_handler *qh) -@@ -113,16 +130,29 @@ EXPORT_SYMBOL_GPL(nf_queue_nf_hook_drop) - - static int __nf_queue(struct sk_buff *skb, const struct nf_hook_state *state, - const struct nf_hook_entries *entries, -- unsigned int index, unsigned int queuenum) -+ unsigned int index, unsigned int verdict) - { - int status = -ENOENT; - struct nf_queue_entry *entry = NULL; - const struct nf_afinfo *afinfo; - const struct nf_queue_handler *qh; - struct net *net = state->net; -+ unsigned int queuetype = verdict & NF_VERDICT_MASK; -+ unsigned int queuenum = verdict >> NF_VERDICT_QBITS; - - /* QUEUE == DROP if no one is waiting, to be safe. */ -- qh = rcu_dereference(net->nf.queue_handler); -+ -+ if (queuetype == NF_IMQ_QUEUE) { -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ qh = rcu_dereference(queue_imq_handler); -+#else -+ BUG(); -+ goto err_unlock; -+#endif -+ } else { -+ qh = rcu_dereference(net->nf.queue_handler); -+ } -+ - if (!qh) { - status = -ESRCH; - goto err; -@@ -169,8 +199,16 @@ int nf_queue(struct sk_buff *skb, struct - { - int ret; - -- ret = __nf_queue(skb, state, entries, index, verdict >> NF_VERDICT_QBITS); -+ ret = __nf_queue(skb, state, entries, index, verdict); - if (ret < 0) { -+ -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ /* IMQ Bypass */ -+ if (ret == -ECANCELED && skb->imq_flags == 0) { -+ return 1; -+ } -+#endif -+ - if (ret == -ESRCH && - (verdict & NF_VERDICT_FLAG_QUEUE_BYPASS)) - return 1; -@@ -256,6 +294,7 @@ next_hook: - local_bh_enable(); - break; - case NF_QUEUE: -+ case NF_IMQ_QUEUE: - err = nf_queue(skb, &entry->state, hooks, i, verdict); - if (err == 1) - goto next_hook; -diff -Naupr linux-4.14_orig/net/netfilter/xt_IMQ.c linux-4.14/net/netfilter/xt_IMQ.c ---- linux-4.14_orig/net/netfilter/xt_IMQ.c 1970-01-01 07:00:00.000000000 +0700 -+++ linux-4.14/net/netfilter/xt_IMQ.c 2017-11-13 11:46:45.857423358 +0700 -@@ -0,0 +1,72 @@ -+/* -+ * This target marks packets to be enqueued to an imq device -+ */ -+#include <linux/module.h> -+#include <linux/skbuff.h> -+#include <linux/netfilter/x_tables.h> -+#include <linux/netfilter/xt_IMQ.h> -+#include <linux/imq.h> -+ -+static unsigned int imq_target(struct sk_buff *pskb, -+ const struct xt_action_param *par) -+{ -+ const struct xt_imq_info *mr = par->targinfo; -+ -+ pskb->imq_flags = (mr->todev & IMQ_F_IFMASK) | IMQ_F_ENQUEUE; -+ -+ return XT_CONTINUE; -+} -+ -+static int imq_checkentry(const struct xt_tgchk_param *par) -+{ -+ struct xt_imq_info *mr = par->targinfo; -+ -+ if (mr->todev > IMQ_MAX_DEVS - 1) { -+ pr_warn("IMQ: invalid device specified, highest is %u\n", -+ IMQ_MAX_DEVS - 1); -+ return -EINVAL; -+ } -+ -+ return 0; -+} -+ -+static struct xt_target xt_imq_reg[] __read_mostly = { -+ { -+ .name = "IMQ", -+ .family = AF_INET, -+ .checkentry = imq_checkentry, -+ .target = imq_target, -+ .targetsize = sizeof(struct xt_imq_info), -+ .table = "mangle", -+ .me = THIS_MODULE -+ }, -+ { -+ .name = "IMQ", -+ .family = AF_INET6, -+ .checkentry = imq_checkentry, -+ .target = imq_target, -+ .targetsize = sizeof(struct xt_imq_info), -+ .table = "mangle", -+ .me = THIS_MODULE -+ }, -+}; -+ -+static int __init imq_init(void) -+{ -+ return xt_register_targets(xt_imq_reg, ARRAY_SIZE(xt_imq_reg)); -+} -+ -+static void __exit imq_fini(void) -+{ -+ xt_unregister_targets(xt_imq_reg, ARRAY_SIZE(xt_imq_reg)); -+} -+ -+module_init(imq_init); -+module_exit(imq_fini); -+ -+MODULE_AUTHOR("https://github.com/imq/linuximq"); -+MODULE_DESCRIPTION("Pseudo-driver for the intermediate queue device. See https://github.com/imq/linuximq/wiki for more information."); -+MODULE_LICENSE("GPL"); -+MODULE_ALIAS("ipt_IMQ"); -+MODULE_ALIAS("ip6t_IMQ"); -+ -diff -Naupr linux-4.14_orig/net/sched/sch_generic.c linux-4.14/net/sched/sch_generic.c ---- linux-4.14_orig/net/sched/sch_generic.c 2017-11-13 01:46:13.000000000 +0700 -+++ linux-4.14/net/sched/sch_generic.c 2017-11-13 11:46:45.857423358 +0700 -@@ -158,6 +158,14 @@ trace: - return skb; - } - -+struct sk_buff *qdisc_dequeue_skb(struct Qdisc *q, bool *validate) -+{ -+ int packets; -+ -+ return dequeue_skb(q, validate, &packets); -+} -+EXPORT_SYMBOL(qdisc_dequeue_skb); -+ - /* - * Transmit possibly several skbs, and handle the return status as - * required. Owning running seqcount bit guarantees that
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Daniel Weismüller daniel.weismueller@ipfire.org --- config/qos/makeqosscripts.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/config/qos/makeqosscripts.pl b/config/qos/makeqosscripts.pl index 70c1c13a1..da298ace3 100644 --- a/config/qos/makeqosscripts.pl +++ b/config/qos/makeqosscripts.pl @@ -406,7 +406,7 @@ print <<END ### $qossettings{'IMQ_DEV'} ###
- tc qdisc del dev $qossettings{'RED_DEV'} ingress + tc qdisc del dev $qossettings{'RED_DEV'} ingress >/dev/null 2>&1 tc qdisc add dev $qossettings{'RED_DEV'} handle ffff: ingress
### BRING UP $qossettings{'IMQ_DEV'}
This feature was never properly implemented and the UI was dead
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Daniel Weismüller daniel.weismueller@ipfire.org --- config/qos/makeqosscripts.pl | 94 --------------------- doc/language_issues.de | 4 + doc/language_issues.en | 4 - doc/language_issues.es | 4 + doc/language_issues.fr | 4 + doc/language_issues.it | 4 + doc/language_issues.nl | 4 + doc/language_issues.pl | 4 + doc/language_issues.ru | 4 + doc/language_issues.tr | 4 + html/cgi-bin/qos.cgi | 197 ------------------------------------------- 11 files changed, 32 insertions(+), 295 deletions(-)
diff --git a/config/qos/makeqosscripts.pl b/config/qos/makeqosscripts.pl index da298ace3..2b5cce84f 100644 --- a/config/qos/makeqosscripts.pl +++ b/config/qos/makeqosscripts.pl @@ -35,26 +35,22 @@ my $errormessage = ""; my $c = ""; my $direntry = ""; my $classentry = ""; -my $subclassentry = ""; my $l7ruleentry = ""; my $portruleentry = ""; my $tosruleentry = ""; my @tmp = (); my @classes = (); -my @subclasses = (); my @l7rules = (); my @portrules = (); my @tosrules = (); my @tmpline = (); my @classline = (); -my @subclassline = (); my @tosruleline = (); my @l7ruleline = (); my @portruleline = (); my @proto = (); my %selected= () ; my $classfile = "/var/ipfire/qos/classes"; -my $subclassfile = "/var/ipfire/qos/subclasses"; my $level7file = "/var/ipfire/qos/level7config"; my $portfile = "/var/ipfire/qos/portconfig"; my $tosfile = "/var/ipfire/qos/tosconfig"; @@ -82,9 +78,6 @@ $qossettings{'IMQ_MODE'} = 'PREROUTING'; open( FILE, "< $classfile" ) or die "Unable to read $classfile"; @classes = <FILE>; close FILE; -open( FILE, "< $subclassfile" ) or die "Unable to read $subclassfile"; -@subclasses = <FILE>; -close FILE; open( FILE, "< $level7file" ) or die "Unable to read $level7file"; @l7rules = <FILE>; close FILE; @@ -191,27 +184,6 @@ foreach $classentry (sort @classes) print "\n"; } } -foreach $subclassentry (sort @subclasses) { - @subclassline = split( /;/, $subclassentry ); - if ($qossettings{'RED_DEV'} eq $subclassline[0]) { - $qossettings{'DEVICE'} = $subclassline[0]; - $qossettings{'CLASS'} = $subclassline[1]; - $qossettings{'SCLASS'} = $subclassline[2]; - $qossettings{'SPRIO'} = $subclassline[3]; - $qossettings{'SRATE'} = $subclassline[4]; - $qossettings{'SCEIL'} = $subclassline[5]; - $qossettings{'SBURST'} = $subclassline[6]; - $qossettings{'SCBURST'} = $subclassline[7]; - print "\ttc class add dev $qossettings{'DEVICE'} parent 1:$qossettings{'CLASS'} classid 1:$qossettings{'SCLASS'} htb rate $qossettings{'SRATE'}kbit ceil $qossettings{'SCEIL'}kbit prio $qossettings{'SPRIO'} "; - if ($qossettings{'SBURST'} > 0) { - print "burst $qossettings{'SBURST'}k "; - } - if (($qossettings{'SCBURST'} ne '') && ($qossettings{'SCBURST'} ne 0)) { - print "cburst $qossettings{'CBURST'}k"; - } - print "\n"; - } -}
print "\n\t### ATTACH QDISC TO LEAF CLASSES\n"; foreach $classentry (sort @classes) @@ -223,14 +195,6 @@ foreach $classentry (sort @classes) print "\ttc qdisc add dev $qossettings{'DEVICE'} parent 1:$qossettings{'CLASS'} handle $qossettings{'CLASS'}: fq_codel $fqcodel_options\n"; } } -foreach $subclassentry (sort @subclasses) { - @subclassline = split( /;/, $subclassentry ); - if ($qossettings{'RED_DEV'} eq $subclassline[0]) { - $qossettings{'DEVICE'} = $subclassline[0]; - $qossettings{'SCLASS'} = $subclassline[2]; - print "\ttc qdisc add dev $qossettings{'DEVICE'} parent 1:$qossettings{'SCLASS'} handle $qossettings{'SCLASS'}: fq_codel $fqcodel_options\n"; - } -} print "\n\t### FILTER TRAFFIC INTO CLASSES\n"; foreach $classentry (sort @classes) { @@ -241,15 +205,6 @@ foreach $classentry (sort @classes) print "\ttc filter add dev $qossettings{'DEVICE'} parent 1:0 prio 0 protocol ip handle $qossettings{'CLASS'} fw flowid 1:$qossettings{'CLASS'}\n"; } } -foreach $subclassentry (sort @subclasses) { - @subclassline = split( /;/, $subclassentry ); - if ($qossettings{'RED_DEV'} eq $subclassline[0]) { - $qossettings{'DEVICE'} = $subclassline[0]; - $qossettings{'CLASS'} = $subclassline[1]; - $qossettings{'SCLASS'} = $subclassline[2]; - print "\ttc filter add dev $qossettings{'DEVICE'} parent 1:0 prio 0 protocol ip handle $qossettings{'SCLASS'} fw flowid 1:$qossettings{'SCLASS'}\n"; - } -} print <<END
### add l7-filter to PREROUTING chain to see all traffic @@ -450,27 +405,6 @@ foreach $classentry (sort @classes) print "\n"; } } -foreach $subclassentry (sort @subclasses) { - @subclassline = split( /;/, $subclassentry ); - if ($qossettings{'IMQ_DEV'} eq $subclassline[0]) { - $qossettings{'DEVICE'} = $subclassline[0]; - $qossettings{'CLASS'} = $subclassline[1]; - $qossettings{'SCLASS'} = $subclassline[2]; - $qossettings{'SPRIO'} = $subclassline[3]; - $qossettings{'SRATE'} = $subclassline[4]; - $qossettings{'SCEIL'} = $subclassline[5]; - $qossettings{'SBURST'} = $subclassline[6]; - $qossettings{'SCBURST'} = $subclassline[7]; - print "\ttc class add dev $qossettings{'DEVICE'} parent 2:$qossettings{'CLASS'} classid 2:$qossettings{'SCLASS'} htb rate $qossettings{'SRATE'}kbit ceil $qossettings{'SCEIL'}kbit prio $qossettings{'SPRIO'} "; - if ($qossettings{'SBURST'} > 0) { - print "burst $qossettings{'SBURST'}k "; - } - if (($qossettings{'SCBURST'} ne '') && ($qossettings{'SCBURST'} ne 0)) { - print "cburst $qossettings{'CBURST'}k"; - } - print "\n"; - } -}
print "\n\t### ATTACH QDISC TO LEAF CLASSES\n"; foreach $classentry (sort @classes) @@ -482,14 +416,6 @@ foreach $classentry (sort @classes) print "\ttc qdisc add dev $qossettings{'DEVICE'} parent 2:$qossettings{'CLASS'} handle $qossettings{'CLASS'}: fq_codel $fqcodel_options\n"; } } -foreach $subclassentry (sort @subclasses) { - @subclassline = split( /;/, $subclassentry ); - if ($qossettings{'IMQ_DEV'} eq $subclassline[0]) { - $qossettings{'DEVICE'} = $subclassline[0]; - $qossettings{'SCLASS'} = $subclassline[2]; - print "\ttc qdisc add dev $qossettings{'DEVICE'} parent 2:$qossettings{'SCLASS'} handle $qossettings{'SCLASS'}: fq_codel $fqcodel_options\n"; - } -} print "\n\t### FILTER TRAFFIC INTO CLASSES\n"; foreach $classentry (sort @classes) { @@ -500,15 +426,6 @@ foreach $classentry (sort @classes) print "\ttc filter add dev $qossettings{'DEVICE'} parent 2:0 prio 0 protocol ip handle $qossettings{'CLASS'} fw flowid 2:$qossettings{'CLASS'}\n"; } } -foreach $subclassentry (sort @subclasses) { - @subclassline = split( /;/, $subclassentry ); - if ($qossettings{'IMQ_DEV'} eq $subclassline[0]) { - $qossettings{'DEVICE'} = $subclassline[0]; - $qossettings{'CLASS'} = $subclassline[1]; - $qossettings{'SCLASS'} = $subclassline[2]; - print "\ttc filter add dev $qossettings{'DEVICE'} parent 2:0 prio 0 protocol ip handle $qossettings{'SCLASS'} fw flowid 2:$qossettings{'SCLASS'}\n"; - } -}
if ( $qossettings{'IMQ_MODE'} eq 'POSTROUTING' ) { @@ -659,17 +576,6 @@ END print "\tiptables -t mangle -A QOS-TOS -m mark --mark $qossettings{'CLASS'} -j RETURN\n"; } } - foreach $subclassentry (sort @subclasses) - { - @subclassline = split( /;/, $subclassentry ); - $qossettings{'SUBCLASS'} = $subclassline[1]; - $qossettings{'TOS'} = $subclassline[8]; - $qossettings{'TOS'} = abs $qossettings{'TOS'} * 2; - if ($qossettings{'TOS'} ne "0") { - print "\tiptables -t mangle -A QOS-TOS -m mark --mark $qossettings{'SUBCLASS'} -j TOS --set-tos $qossettings{'TOS'}\n"; - print "\tiptables -t mangle -A QOS-TOS -m mark --mark $qossettings{'SUBCLASS'} -j RETURN\n"; - } - }
print <<END
diff --git a/doc/language_issues.de b/doc/language_issues.de index 412efdc47..61b1c8078 100644 --- a/doc/language_issues.de +++ b/doc/language_issues.de @@ -30,6 +30,7 @@ WARNING: translation string unused: Queuelenght WARNING: translation string unused: Remote IP WARNING: translation string unused: Remote VPN IP WARNING: translation string unused: Resolv +WARNING: translation string unused: Subclass WARNING: translation string unused: TOS Bits WARNING: translation string unused: Verbose WARNING: translation string unused: access allowed @@ -39,6 +40,7 @@ WARNING: translation string unused: add cron WARNING: translation string unused: add network WARNING: translation string unused: add new ovpn WARNING: translation string unused: add service +WARNING: translation string unused: add subclass WARNING: translation string unused: add xtaccess WARNING: translation string unused: add-route WARNING: translation string unused: addon @@ -140,6 +142,7 @@ WARNING: translation string unused: ccd maxclients WARNING: translation string unused: cfg restart WARNING: translation string unused: check for net traffic update WARNING: translation string unused: choose config +WARNING: translation string unused: class in use WARNING: translation string unused: clear cache WARNING: translation string unused: compression WARNING: translation string unused: connect @@ -548,6 +551,7 @@ WARNING: translation string unused: proxy no proxy extend WARNING: translation string unused: proxy no proxy local WARNING: translation string unused: proxy port WARNING: translation string unused: psk +WARNING: translation string unused: qos add subclass WARNING: translation string unused: reboot ask WARNING: translation string unused: reboot question WARNING: translation string unused: reboot schedule diff --git a/doc/language_issues.en b/doc/language_issues.en index 9ca53b50a..3581a688a 100644 --- a/doc/language_issues.en +++ b/doc/language_issues.en @@ -80,7 +80,6 @@ WARNING: untranslated string: Scan for Files = Scan for files WARNING: untranslated string: Scan for Songs = unknown string WARNING: untranslated string: Scan from Directory = Scan from directory WARNING: untranslated string: Set time on boot = Force setting the system clock on boot -WARNING: untranslated string: Subclass = Subclass WARNING: untranslated string: TOS Rule = TOS-Rule WARNING: untranslated string: TOS rule = TOS rule WARNING: untranslated string: The class number does not match the specified interface. = The class number does not match the specified interface. @@ -107,7 +106,6 @@ WARNING: untranslated string: add new alias = Add a new alias WARNING: untranslated string: add new lease = Add a new fixed lease WARNING: untranslated string: add printer = Add printer WARNING: untranslated string: add share = Add share -WARNING: untranslated string: add subclass = Add subclass WARNING: untranslated string: add user = Add user WARNING: untranslated string: added from dhcp lease list = Added from DHCP lease list WARNING: untranslated string: addons = Addons @@ -465,7 +463,6 @@ WARNING: untranslated string: check all = Check all WARNING: untranslated string: check vpn lr = Check WARNING: untranslated string: cipher = Encryption: WARNING: untranslated string: city = City -WARNING: untranslated string: class in use = The class is already in use. WARNING: untranslated string: clear playlist = Empty playlist WARNING: untranslated string: clenabled = Provide time to local network WARNING: untranslated string: click to disable = Enabled (click to disable) @@ -1517,7 +1514,6 @@ WARNING: untranslated string: proxy reports weekly = Weekly reports WARNING: untranslated string: ptr = PTR WARNING: untranslated string: pulse = Pulse WARNING: untranslated string: pulse dial = Pulse dial: -WARNING: untranslated string: qos add subclass = Add subclass WARNING: untranslated string: qos enter bandwidths = You will need to enter your downstream and upstream bandwidth! WARNING: untranslated string: qos graphs = Qos Graphs WARNING: untranslated string: qos warning = The rule <strong>must</strong> be saved, otherwise it will be discarded! diff --git a/doc/language_issues.es b/doc/language_issues.es index 2af165d6b..a4c5bf1f5 100644 --- a/doc/language_issues.es +++ b/doc/language_issues.es @@ -9,6 +9,7 @@ WARNING: translation string unused: Queuelenght WARNING: translation string unused: Remote IP WARNING: translation string unused: Remote VPN IP WARNING: translation string unused: Resolv +WARNING: translation string unused: Subclass WARNING: translation string unused: TOS Bits WARNING: translation string unused: Verbose WARNING: translation string unused: access allowed @@ -18,6 +19,7 @@ WARNING: translation string unused: add cron WARNING: translation string unused: add network WARNING: translation string unused: add new ovpn WARNING: translation string unused: add service +WARNING: translation string unused: add subclass WARNING: translation string unused: add xtaccess WARNING: translation string unused: add-route WARNING: translation string unused: admin user password has been changed @@ -129,6 +131,7 @@ WARNING: translation string unused: cfg restart WARNING: translation string unused: check for net traffic update WARNING: translation string unused: choose config WARNING: translation string unused: choose media +WARNING: translation string unused: class in use WARNING: translation string unused: clear cache WARNING: translation string unused: compression WARNING: translation string unused: connect @@ -475,6 +478,7 @@ WARNING: translation string unused: proxy no proxy extend WARNING: translation string unused: proxy no proxy local WARNING: translation string unused: proxy port WARNING: translation string unused: psk +WARNING: translation string unused: qos add subclass WARNING: translation string unused: quick control WARNING: translation string unused: reboot ask WARNING: translation string unused: reboot question diff --git a/doc/language_issues.fr b/doc/language_issues.fr index f48d65a80..3d657059f 100644 --- a/doc/language_issues.fr +++ b/doc/language_issues.fr @@ -31,6 +31,7 @@ WARNING: translation string unused: Queuelenght WARNING: translation string unused: Remote IP WARNING: translation string unused: Remote VPN IP WARNING: translation string unused: Resolv +WARNING: translation string unused: Subclass WARNING: translation string unused: TOS Bits WARNING: translation string unused: Verbose WARNING: translation string unused: access allowed @@ -40,6 +41,7 @@ WARNING: translation string unused: add cron WARNING: translation string unused: add network WARNING: translation string unused: add new ovpn WARNING: translation string unused: add service +WARNING: translation string unused: add subclass WARNING: translation string unused: add xtaccess WARNING: translation string unused: add-route WARNING: translation string unused: admin user password has been changed @@ -159,6 +161,7 @@ WARNING: translation string unused: cfg restart WARNING: translation string unused: check for net traffic update WARNING: translation string unused: choose config WARNING: translation string unused: choose media +WARNING: translation string unused: class in use WARNING: translation string unused: clear cache WARNING: translation string unused: compression WARNING: translation string unused: connect @@ -577,6 +580,7 @@ WARNING: translation string unused: proxy no proxy extend WARNING: translation string unused: proxy no proxy local WARNING: translation string unused: proxy port WARNING: translation string unused: psk +WARNING: translation string unused: qos add subclass WARNING: translation string unused: quick control WARNING: translation string unused: reboot ask WARNING: translation string unused: reboot question diff --git a/doc/language_issues.it b/doc/language_issues.it index 59c649954..973a7c12c 100644 --- a/doc/language_issues.it +++ b/doc/language_issues.it @@ -10,6 +10,7 @@ WARNING: translation string unused: Queuelenght WARNING: translation string unused: Remote IP WARNING: translation string unused: Remote VPN IP WARNING: translation string unused: Resolv +WARNING: translation string unused: Subclass WARNING: translation string unused: TOS Bits WARNING: translation string unused: Verbose WARNING: translation string unused: access allowed @@ -19,6 +20,7 @@ WARNING: translation string unused: add cron WARNING: translation string unused: add network WARNING: translation string unused: add new ovpn WARNING: translation string unused: add service +WARNING: translation string unused: add subclass WARNING: translation string unused: add xtaccess WARNING: translation string unused: add-route WARNING: translation string unused: admin user password has been changed @@ -137,6 +139,7 @@ WARNING: translation string unused: cfg restart WARNING: translation string unused: check for net traffic update WARNING: translation string unused: choose config WARNING: translation string unused: choose media +WARNING: translation string unused: class in use WARNING: translation string unused: clear cache WARNING: translation string unused: compression WARNING: translation string unused: connect @@ -552,6 +555,7 @@ WARNING: translation string unused: proxy no proxy extend WARNING: translation string unused: proxy no proxy local WARNING: translation string unused: proxy port WARNING: translation string unused: psk +WARNING: translation string unused: qos add subclass WARNING: translation string unused: quick control WARNING: translation string unused: reboot ask WARNING: translation string unused: reboot question diff --git a/doc/language_issues.nl b/doc/language_issues.nl index 836745e5a..2d5e06726 100644 --- a/doc/language_issues.nl +++ b/doc/language_issues.nl @@ -10,6 +10,7 @@ WARNING: translation string unused: Queuelenght WARNING: translation string unused: Remote IP WARNING: translation string unused: Remote VPN IP WARNING: translation string unused: Resolv +WARNING: translation string unused: Subclass WARNING: translation string unused: TOS Bits WARNING: translation string unused: Verbose WARNING: translation string unused: access allowed @@ -19,6 +20,7 @@ WARNING: translation string unused: add cron WARNING: translation string unused: add network WARNING: translation string unused: add new ovpn WARNING: translation string unused: add service +WARNING: translation string unused: add subclass WARNING: translation string unused: add xtaccess WARNING: translation string unused: add-route WARNING: translation string unused: admin user password has been changed @@ -136,6 +138,7 @@ WARNING: translation string unused: cfg restart WARNING: translation string unused: check for net traffic update WARNING: translation string unused: choose config WARNING: translation string unused: choose media +WARNING: translation string unused: class in use WARNING: translation string unused: clear cache WARNING: translation string unused: compression WARNING: translation string unused: connect @@ -547,6 +550,7 @@ WARNING: translation string unused: proxy no proxy extend WARNING: translation string unused: proxy no proxy local WARNING: translation string unused: proxy port WARNING: translation string unused: psk +WARNING: translation string unused: qos add subclass WARNING: translation string unused: quick control WARNING: translation string unused: reboot ask WARNING: translation string unused: reboot question diff --git a/doc/language_issues.pl b/doc/language_issues.pl index 2af165d6b..a4c5bf1f5 100644 --- a/doc/language_issues.pl +++ b/doc/language_issues.pl @@ -9,6 +9,7 @@ WARNING: translation string unused: Queuelenght WARNING: translation string unused: Remote IP WARNING: translation string unused: Remote VPN IP WARNING: translation string unused: Resolv +WARNING: translation string unused: Subclass WARNING: translation string unused: TOS Bits WARNING: translation string unused: Verbose WARNING: translation string unused: access allowed @@ -18,6 +19,7 @@ WARNING: translation string unused: add cron WARNING: translation string unused: add network WARNING: translation string unused: add new ovpn WARNING: translation string unused: add service +WARNING: translation string unused: add subclass WARNING: translation string unused: add xtaccess WARNING: translation string unused: add-route WARNING: translation string unused: admin user password has been changed @@ -129,6 +131,7 @@ WARNING: translation string unused: cfg restart WARNING: translation string unused: check for net traffic update WARNING: translation string unused: choose config WARNING: translation string unused: choose media +WARNING: translation string unused: class in use WARNING: translation string unused: clear cache WARNING: translation string unused: compression WARNING: translation string unused: connect @@ -475,6 +478,7 @@ WARNING: translation string unused: proxy no proxy extend WARNING: translation string unused: proxy no proxy local WARNING: translation string unused: proxy port WARNING: translation string unused: psk +WARNING: translation string unused: qos add subclass WARNING: translation string unused: quick control WARNING: translation string unused: reboot ask WARNING: translation string unused: reboot question diff --git a/doc/language_issues.ru b/doc/language_issues.ru index b904157b1..06e68dfd3 100644 --- a/doc/language_issues.ru +++ b/doc/language_issues.ru @@ -10,6 +10,7 @@ WARNING: translation string unused: Queuelenght WARNING: translation string unused: Remote IP WARNING: translation string unused: Remote VPN IP WARNING: translation string unused: Resolv +WARNING: translation string unused: Subclass WARNING: translation string unused: TOS Bits WARNING: translation string unused: Verbose WARNING: translation string unused: access allowed @@ -19,6 +20,7 @@ WARNING: translation string unused: add cron WARNING: translation string unused: add network WARNING: translation string unused: add new ovpn WARNING: translation string unused: add service +WARNING: translation string unused: add subclass WARNING: translation string unused: add xtaccess WARNING: translation string unused: add-route WARNING: translation string unused: admin user password has been changed @@ -130,6 +132,7 @@ WARNING: translation string unused: cfg restart WARNING: translation string unused: check for net traffic update WARNING: translation string unused: choose config WARNING: translation string unused: choose media +WARNING: translation string unused: class in use WARNING: translation string unused: clear cache WARNING: translation string unused: compression WARNING: translation string unused: connect @@ -478,6 +481,7 @@ WARNING: translation string unused: proxy no proxy extend WARNING: translation string unused: proxy no proxy local WARNING: translation string unused: proxy port WARNING: translation string unused: psk +WARNING: translation string unused: qos add subclass WARNING: translation string unused: quick control WARNING: translation string unused: reboot ask WARNING: translation string unused: reboot question diff --git a/doc/language_issues.tr b/doc/language_issues.tr index cf773d8cb..5bbf9a1b5 100644 --- a/doc/language_issues.tr +++ b/doc/language_issues.tr @@ -31,6 +31,7 @@ WARNING: translation string unused: Queuelenght WARNING: translation string unused: Remote IP WARNING: translation string unused: Remote VPN IP WARNING: translation string unused: Resolv +WARNING: translation string unused: Subclass WARNING: translation string unused: TOS Bits WARNING: translation string unused: Verbose WARNING: translation string unused: access allowed @@ -40,6 +41,7 @@ WARNING: translation string unused: add cron WARNING: translation string unused: add network WARNING: translation string unused: add new ovpn WARNING: translation string unused: add service +WARNING: translation string unused: add subclass WARNING: translation string unused: add xtaccess WARNING: translation string unused: add-route WARNING: translation string unused: admin user password has been changed @@ -159,6 +161,7 @@ WARNING: translation string unused: cfg restart WARNING: translation string unused: check for net traffic update WARNING: translation string unused: choose config WARNING: translation string unused: choose media +WARNING: translation string unused: class in use WARNING: translation string unused: clear cache WARNING: translation string unused: compression WARNING: translation string unused: connect @@ -580,6 +583,7 @@ WARNING: translation string unused: proxy no proxy extend WARNING: translation string unused: proxy no proxy local WARNING: translation string unused: proxy port WARNING: translation string unused: psk +WARNING: translation string unused: qos add subclass WARNING: translation string unused: quick control WARNING: translation string unused: reboot ask WARNING: translation string unused: reboot question diff --git a/html/cgi-bin/qos.cgi b/html/cgi-bin/qos.cgi index b7af11204..320eef67d 100644 --- a/html/cgi-bin/qos.cgi +++ b/html/cgi-bin/qos.cgi @@ -38,19 +38,16 @@ my $errormessage = ""; my $c = ""; my $direntry = ""; my $classentry = ""; -my $subclassentry = ""; my $l7ruleentry = ""; my $portruleentry = ""; my $tosruleentry = ""; my @tmp = (); my @classes = (); -my @subclasses = (); my @l7rules = (); my @portrules = (); my @tosrules = (); my @tmpline = (); my @classline = (); -my @subclassline = (); my @l7ruleline = (); my @portruleline = (); my @tosruleline = (); @@ -58,7 +55,6 @@ my @proto = (); my %selected= (); my @checked = (); my $classfile = "/var/ipfire/qos/classes"; -my $subclassfile = "/var/ipfire/qos/subclasses"; my $level7file = "/var/ipfire/qos/level7config"; my $portfile = "/var/ipfire/qos/portconfig"; my $tosfile = "/var/ipfire/qos/tosconfig"; @@ -85,7 +81,6 @@ $qossettings{'IMQ_DEV_SEL'} = ''; $qossettings{'PRIO'} = ''; $qossettings{'SPD'} = ''; $qossettings{'CLASS'} = ''; -$qossettings{'SCLASS'} = ''; $qossettings{'QPORT'} = ''; $qossettings{'DPORT'} = ''; $qossettings{'QIP'} = ''; @@ -98,7 +93,6 @@ $qossettings{'MAXBWDTH'} = ''; $qossettings{'BURST'} = ''; $qossettings{'CBURST'} = ''; $qossettings{'DOCLASS'} = ''; -$qossettings{'DOSCLASS'} = ''; $qossettings{'DOLEVEL7'} = ''; $qossettings{'DOPORT'} = ''; $qossettings{'CLASS'} = ''; @@ -194,60 +188,12 @@ elsif ($qossettings{'DOCLASS'} eq $Lang::tr{'delete'}) } } close FILE; - open( FILE, "< $subclassfile" ) or die "Unable to read $classfile"; - @tmp = <FILE>; - close FILE; - open( FILE, "> $subclassfile" ) or die "Unable to write $classfile"; - foreach $subclassentry (sort @tmp) - { - @tmpline = split( /;/, $subclassentry ); - if ( $tmpline[1] ne $qossettings{'CLASS'} ) - { - print FILE $subclassentry; - } - } - close FILE; $message = "$Lang::tr{'Class'} $qossettings{'CLASS'} $Lang::tr{'Class was deleted'}"; }
############################################################################################################################ ############################################################################################################################
-if ($qossettings{'DOSCLASS'} eq $Lang::tr{'save'}) -{ - &validsubclass(); - &validminbwdth(); - if ( $qossettings{'VALID'} eq 'yes' ) { - open( FILE, ">> $subclassfile" ) or die "Unable to write $subclassfile"; - print FILE <<END -$qossettings{'DEVICE'};$qossettings{'CLASS'};$qossettings{'SCLASS'};$qossettings{'PRIO'};$qossettings{'MINBWDTH'};$qossettings{'MAXBWDTH'};$qossettings{'BURST'};$qossettings{'CBURST'};$qossettings{'TOS'}; -END -; - close FILE; - } else { - $qossettings{'ACTION'} = $Lang::tr{'qos add subclass'}; - } -} elsif ($qossettings{'DOSCLASS'} eq $Lang::tr{'delete'}) -{ - open( FILE, "< $subclassfile" ) or die "Unable to read $classfile"; - @tmp = <FILE>; - close FILE; - open( FILE, "> $subclassfile" ) or die "Unable to write $classfile"; - foreach $subclassentry (sort @tmp) - { - @tmpline = split( /;/, $subclassentry ); - if ( $tmpline[2] ne $qossettings{'CLASS'} ) - { - print FILE $subclassentry; - } - } - close FILE; - $message = "$Lang::tr{'Subclass'} $qossettings{'CLASS'} $Lang::tr{'was deleted'}."; -} - -############################################################################################################################ -############################################################################################################################ - if ($qossettings{'DOLEVEL7'} eq $Lang::tr{'save'}) { if ( $qossettings{'QIP'} ne '' ) { @@ -612,13 +558,6 @@ elsif ($qossettings{'ACTION'} eq $Lang::tr{'parentclass add'} ) &Header::closepage(); exit } -elsif ($qossettings{'ACTION'} eq $Lang::tr{'qos add subclass'}) -{ - &subclass(); - &Header::closebigbox(); - &Header::closepage(); - exit -} elsif ($qossettings{'ACTION'} eq $Lang::tr{'Add Rule'}) { &Header::openbox('100%', 'center', $Lang::tr{'Add Rule'}); @@ -967,81 +906,6 @@ END &Header::closebox(); }
-sub subclass { - &Header::openbox('100%', 'center', $Lang::tr{'Subclass'}); - print <<END - <form method='post' action='$ENV{'SCRIPT_NAME'}'> - <table width='66%'> -END -; - if ( $message ne "" ) { - print "<tr><td colspan='3' align='center'>$message"; - } - print <<END - <tr><td colspan='3' width='100%'>$Lang::tr{'current class'}: $qossettings{'CLASS'} - <tr><td width='100%' colspan='3'>$Lang::tr{'enter data'} - <tr><td width='33%' align='right'>$Lang::tr{'Subclass'}:<td width='33%' align='left'><select name='SCLASS'> -END -; - if ($qossettings{'CLASS'} >= 100 && $qossettings{'CLASS'} < 121) { - $qossettings{'DEVICE'} = $qossettings{'RED_DEV'}; - for ( $c = 1000 ; $c <= 1020 ; $c++ ) - { - if ( $qossettings{'SCLASS'} ne $c ) - { print "<option value='$c'>$c</option>\n"; } - else { print "<option selected value='$c'>$c</option>\n"; } - } - } elsif ($qossettings{'CLASS'} >= 200 && $qossettings{'CLASS'} < 221) { - $qossettings{'DEVICE'} = $qossettings{'IMQ_DEV'}; - for ( $c = 2000 ; $c <= 2020 ; $c++ ) - { - if ( $qossettings{'SCLASS'} ne $c ) - { print "<option value='$c'>$c</option>\n"; } - else { print "<option selected value='$c'>$c</option>\n"; } - } - } - print <<END - </select> - <td width='33%' align='center'> - <tr><td width='33%' align='right'>$Lang::tr{'priority'}:<td width='33%' align='left'><select name='PRIO'> -END -; - for ( $c = 1 ; $c <= 7 ; $c++ ) - { - if ( $qossettings{'PRIO'} ne $c ) - { print "<option value='$c'>$c</option>\n"; } - else { print "<option selected value='$c'>$c</option>\n"; } - } - print <<END - <td width='33%' align='center'> - <tr><td width='33%' align='right'>$Lang::tr{'guaranteed bandwith'}: - <td width='33%' align='left'><input type='text' name='MINBWDTH' maxlength='8' required='1' value="$qossettings{'MINBWDTH'}" /> - <td width='33%' align='center'> - <tr><td width='33%' align='right'>$Lang::tr{'max bandwith'}: - <td width='33%' align='left'><input type='text' name='MAXBWDTH' maxlength='8' required='1' value="$qossettings{'MAXBWDTH'}" /> - <td width='33%' align='center'> - <tr><td width='33%' align='right'>Burst: - <td width='33%' align='left'><input type='text' name='BURST' maxlength='8' value="$qossettings{'BURST'}" /> - <td width='33%' align='center'> - <tr><td width='33%' align='right'>Ceilburst: - <td width='33%' align='left'><input type='text' name='CBURST' maxlength='8' value="$qossettings{'CBURST'}" /> - <td width='33%' align='center'> - <tr><td width='33%' align='right'>TOS-Bit: - <td width='33%' align='left'><select name='TOS'> - <option value='0'>$Lang::tr{'disabled'} (0)</option> - <option value='8'>$Lang::tr{'min delay'} (8)</option> - <option value='4'>$Lang::tr{'max throughput'} (4)</option> - <option value='2'>$Lang::tr{'max reliability'} (2)</option> - <option value='1'>$Lang::tr{'min costs'} (1)</option></select> - <td width='33%' align='center'><input type='hidden' name='CLASS' value="$qossettings{'CLASS'}" /> - <input type='hidden' name='DEVICE' value="$qossettings{'DEVICE'}" /> - <input type='submit' name='DOSCLASS' value='$Lang::tr{'save'}' /> <input type='reset' value='$Lang::tr{'reset'}' /> - </table></form> -END -; - &Header::closebox(); -} - sub level7rule { &Header::openbox('100%', 'center', $Lang::tr{'Level7 Rule'}); print <<END @@ -1164,9 +1028,6 @@ sub showclasses { @classes = <FILE>; close FILE; if (@classes) { - open( FILE, "< $subclassfile" ) or die "Unable to read $subclassfile"; - @subclasses = <FILE>; - close FILE; open( FILE, "< $level7file" ) or die "Unable to read $level7file"; @l7rules = <FILE>; close FILE; @@ -1205,11 +1066,6 @@ sub showclasses { <table border='0'><tr> <td><form method='post' action='$ENV{'SCRIPT_NAME'}'> <input type='hidden' name='CLASS' value='$classline[1]' /> - <input type='hidden' name='ACTION' value='$Lang::tr{'qos add subclass'}' /> - <input type='image' alt='$Lang::tr{'add subclass'}' title='$Lang::tr{'add subclass'}' src='/images/addblue.gif' /> - </form> - <td><form method='post' action='$ENV{'SCRIPT_NAME'}'> - <input type='hidden' name='CLASS' value='$classline[1]' /> <input type='hidden' name='ACTION' value='$Lang::tr{'Add Rule'}' /> <input type='image' alt='$Lang::tr{'Add Rule'}' title='$Lang::tr{'Add Rule'}' src='/images/addgreen.gif' /> </form> @@ -1386,41 +1242,6 @@ END } END ; - foreach $subclassentry (sort @subclasses) - { - @subclassline = split( /;/, $subclassentry ); - if ( $subclassline[1] eq $classline[1] ) { - print <<END - <tr><td align='center' bgcolor='#FAFAFA'>$Lang::tr{'Subclass'}: - <td align='center' bgcolor='#FAFAFA'>$subclassline[2] - <td align='center' bgcolor='#FAFAFA'>$subclassline[3] - <td align='center' bgcolor='#FAFAFA'>$subclassline[4] - <td align='center' bgcolor='#FAFAFA'>$subclassline[5] - <td align='center' bgcolor='#FAFAFA'>$subclassline[6] - <td align='center' bgcolor='#FAFAFA'>$subclassline[7] - <td align='center' bgcolor='#FAFAFA'>$subclassline[8] - <td align='right' bgcolor='#FAFAFA'> - <table border='0'><tr> - <td><form method='post' action='$ENV{'SCRIPT_NAME'}'> - <input type='hidden' name='CLASS' value='$subclassline[2]' /> - <input type='hidden' name='ACTION' value='$Lang::tr{'Add Rule'}' /> - <input type='image' alt='$Lang::tr{'Add Rule'}' title='$Lang::tr{'Add Rule'}' src='/images/addgreen.gif' /> - </form> - <td><form method='post' action='$ENV{'SCRIPT_NAME'}'> - <input type='hidden' name='CLASS' value='$subclassline[2]' /> - <input type='hidden' name='DOSCLASS' value='$Lang::tr{'edit'}' /> - <input type='image' alt='$Lang::tr{'edit'}' title='$Lang::tr{'edit'}' src='/images/edit.gif' /> - </form> - <td><form method='post' action='$ENV{'SCRIPT_NAME'}'> - <input type='hidden' name='CLASS' value='$subclassline[2]' /> - <input type='hidden' name='DOSCLASS' value='$Lang::tr{'delete'}' /> - <input type='image' alt='$Lang::tr{'delete'}' title='$Lang::tr{'delete'}' src='/images/delete.gif' /> - </form> - </table> -END -; - } - } print <<END </table> END @@ -1488,21 +1309,3 @@ sub validclass { } } } - -sub validsubclass { - if ( $qossettings{'VALID'} eq 'yes' ) { - open( FILE, "< $subclassfile" ) or die "Unable to read $subclassfile"; - @tmp = <FILE>; - close FILE; - foreach $subclassentry (sort @tmp) - { - @tmpline = split( /;/, $subclassentry ); - if ( $tmpline[2] eq $qossettings{'SCLASS'} ) - { - $qossettings{'VALID'} = 'no'; - $message = "$Lang::tr{'class in use'}"; - last - } - } - } -}
This reverts commit 88b8ffac6b258e7b7687eb26111134bf435e23ca.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org --- config/qos/makeqosscripts.pl | 28 ++-------------------------- 1 file changed, 2 insertions(+), 26 deletions(-)
diff --git a/config/qos/makeqosscripts.pl b/config/qos/makeqosscripts.pl index 2b5cce84f..51d818699 100644 --- a/config/qos/makeqosscripts.pl +++ b/config/qos/makeqosscripts.pl @@ -71,7 +71,6 @@ $qossettings{'RED_DEV'} = `cat /var/ipfire/red/iface`; $qossettings{'IMQ_DEV'} = 'imq0'; $qossettings{'TOS'} = ''; $qossettings{'VALID'} = 'yes'; -$qossettings{'IMQ_MODE'} = 'PREROUTING';
&General::readhash("${General::swroot}/qos/settings", %qossettings);
@@ -426,9 +425,6 @@ foreach $classentry (sort @classes) print "\ttc filter add dev $qossettings{'DEVICE'} parent 2:0 prio 0 protocol ip handle $qossettings{'CLASS'} fw flowid 2:$qossettings{'CLASS'}\n"; } } - -if ( $qossettings{'IMQ_MODE'} eq 'POSTROUTING' ) -{ print <<END
### ADD QOS-INC CHAIN TO THE MANGLE TABLE IN IPTABLES @@ -442,24 +438,6 @@ print <<END ### SET TOS END ; -} -else -{ -print <<END - - ### ADD QOS-INC CHAIN TO THE MANGLE TABLE IN IPTABLES - iptables -t mangle -N QOS-INC - iptables -t mangle -A PREROUTING -i $qossettings{'RED_DEV'} -p ah -j RETURN - iptables -t mangle -A PREROUTING -i $qossettings{'RED_DEV'} -p esp -j RETURN - iptables -t mangle -A PREROUTING -i $qossettings{'RED_DEV'} -p ip -j RETURN - iptables -t mangle -I PREROUTING -i $qossettings{'RED_DEV'} -j QOS-INC - iptables -t mangle -A PREROUTING -i $qossettings{'RED_DEV'} -j QOS-TOS - - ### SET TOS -END -; -} - foreach $tosruleentry (sort @tosrules) { @tosruleline = split( /;/, $tosruleentry ); @@ -616,10 +594,8 @@ print <<END iptables -t mangle --delete POSTROUTING -o $qossettings{'RED_DEV'} -j QOS-TOS >/dev/null 2>&1 iptables -t mangle --flush QOS-OUT >/dev/null 2>&1 iptables -t mangle --delete-chain QOS-OUT >/dev/null 2>&1 - iptables -t mangle --delete FORWARD -i $qossettings{'RED_DEV'} -j QOS-INC >/dev/null 2>&1 - iptables -t mangle --delete FORWARD -i $qossettings{'RED_DEV'} -j QOS-TOS >/dev/null 2>&1 - iptables -t mangle --delete PREROUTING -i $qossettings{'RED_DEV'} -j QOS-INC >/dev/null 2>&1 - iptables -t mangle --delete PREROUTING -i $qossettings{'RED_DEV'} -j QOS-TOS >/dev/null 2>&1 + iptables -t mangle --delete FORWARD -i $qossettings{'RED_DEV'} -j QOS-INC + iptables -t mangle --delete FORWARD -i $qossettings{'RED_DEV'} -j QOS-TOS iptables -t mangle --flush QOS-INC >/dev/null 2>&1 iptables -t mangle --delete-chain QOS-INC >/dev/null 2>&1 iptables -t mangle --flush QOS-TOS >/dev/null 2>&1
From: Daniel Weismüller daniel.weismueller@ipfire.org
This patch modifies the connection tracking in that ways that it sets a connection mark which will be retrieved when a packet is being redirected to the IFB interface.
This way, we can use classification without having the packet being sent through iptables first.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Daniel Weismüller daniel.weismueller@ipfire.org --- config/qos/makeqosscripts.pl | 40 ++++++++++------------------------------ 1 file changed, 10 insertions(+), 30 deletions(-)
diff --git a/config/qos/makeqosscripts.pl b/config/qos/makeqosscripts.pl index 51d818699..1754c45fd 100644 --- a/config/qos/makeqosscripts.pl +++ b/config/qos/makeqosscripts.pl @@ -371,6 +371,7 @@ print <<END ip link set $qossettings{'IMQ_DEV'} up
tc filter add dev $qossettings{'RED_DEV'} parent ffff: protocol all u32 match u32 0 0 \ + action connmark \ action mirred egress redirect dev $qossettings{'IMQ_DEV'}
### ADD HTB QDISC FOR $qossettings{'IMQ_DEV'} @@ -435,6 +436,9 @@ print <<END iptables -t mangle -I FORWARD -i $qossettings{'RED_DEV'} -j QOS-INC iptables -t mangle -A FORWARD -i $qossettings{'RED_DEV'} -j QOS-TOS
+ # If the packet is already marked, then skip the processing + iptables -t mangle -A QOS-INC -m mark ! --mark 0 -j RETURN + ### SET TOS END ; @@ -445,8 +449,7 @@ END $qossettings{'TOS'} = abs $tosruleline[2] * 2; if ( $tosruleline[1] eq $qossettings{'IMQ_DEV'} ) { - print "\tiptables -t mangle -A QOS-INC -m tos --tos $qossettings{'TOS'} -j MARK --set-mark $qossettings{'CLASS'}\n"; - print "\tiptables -t mangle -A QOS-INC -m tos --tos $qossettings{'TOS'} -j RETURN\n"; + print "\tiptables -t mangle -A QOS-INC -m mark --mark 0 -m tos --tos $qossettings{'TOS'} -j MARK --set-mark $qossettings{'CLASS'}\n"; }
} @@ -464,7 +467,7 @@ print "\n\t### SET PORT-RULES\n"; $qossettings{'QPORT'} = $portruleline[4]; $qossettings{'DIP'} = $portruleline[5]; $qossettings{'DPORT'} = $portruleline[6]; - print "\tiptables -t mangle -A QOS-INC "; + print "\tiptables -t mangle -A QOS-INC -m mark --mark 0 "; if ($qossettings{'QIP'} ne ''){ print "-s $qossettings{'QIP'} "; } @@ -482,24 +485,6 @@ print "\n\t### SET PORT-RULES\n"; print "--dport $qossettings{'DPORT'} "; } print "-j MARK --set-mark $qossettings{'CLASS'}\n"; - print "\tiptables -t mangle -A QOS-INC "; - if ($qossettings{'QIP'} ne ''){ - print "-s $qossettings{'QIP'} "; - } - if ($qossettings{'DIP'} ne ''){ - print "-d $qossettings{'DIP'} "; - } - print "-p $qossettings{'PPROT'} "; -# if (($qossettings{'QPORT'} ne '') || ($qossettings{'DPORT'} ne '')){ -# print "-m multiport "; -# } - if ($qossettings{'QPORT'} ne ''){ - print "--sport $qossettings{'QPORT'} "; - } - if ($qossettings{'DPORT'} ne ''){ - print "--dport $qossettings{'DPORT'} "; - } - print "-j RETURN\n\n"; } }
@@ -518,7 +503,7 @@ END $qossettings{'L7PROT'} = $l7ruleline[2]; $qossettings{'QIP'} = $l7ruleline[3]; $qossettings{'DIP'} = $l7ruleline[4]; - print "\tiptables -t mangle -A QOS-INC "; + print "\tiptables -t mangle -A QOS-INC -m mark --mark 0 "; if ($qossettings{'QIP'} ne ''){ print "-s $qossettings{'QIP'} "; } @@ -526,14 +511,6 @@ END print "-d $qossettings{'DIP'} "; } print "-m layer7 --l7dir /etc/l7-protocols/protocols --l7proto $qossettings{'L7PROT'} -j MARK --set-mark $qossettings{'CLASS'}\n"; - print "\tiptables -t mangle -A QOS-INC "; - if ($qossettings{'QIP'} ne ''){ - print "-s $qossettings{'QIP'} "; - } - if ($qossettings{'DIP'} ne ''){ - print "-d $qossettings{'DIP'} "; - } - print "-m layer7 --l7dir /etc/l7-protocols/protocols --l7proto $qossettings{'L7PROT'} -j RETURN\n"; } }
@@ -541,6 +518,9 @@ print <<END ### REDUNDANT: SET ALL NONMARKED PACKETS TO DEFAULT CLASS iptables -t mangle -A QOS-INC -m mark --mark 0 -j MARK --set-mark $qossettings{'DEFCLASS_INC'}
+ # Save mark in connection tracking + iptables -t mangle -A QOS-INC -j CONNMARK --save-mark + ### SETTING TOS BITS END ;
Signed-off-by: Michael Tremer michael.tremer@ipfire.org --- config/qos/makeqosscripts.pl | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/config/qos/makeqosscripts.pl b/config/qos/makeqosscripts.pl index 1754c45fd..e5f076c73 100644 --- a/config/qos/makeqosscripts.pl +++ b/config/qos/makeqosscripts.pl @@ -433,8 +433,8 @@ print <<END iptables -t mangle -A POSTROUTING -i $qossettings{'RED_DEV'} -p ah -j RETURN iptables -t mangle -A POSTROUTING -i $qossettings{'RED_DEV'} -p esp -j RETURN iptables -t mangle -A POSTROUTING -i $qossettings{'RED_DEV'} -p ip -j RETURN - iptables -t mangle -I FORWARD -i $qossettings{'RED_DEV'} -j QOS-INC - iptables -t mangle -A FORWARD -i $qossettings{'RED_DEV'} -j QOS-TOS + iptables -t mangle -A PREROUTING -i $qossettings{'RED_DEV'} -j QOS-INC + iptables -t mangle -A PREROUTING -i $qossettings{'RED_DEV'} -j QOS-TOS
# If the packet is already marked, then skip the processing iptables -t mangle -A QOS-INC -m mark ! --mark 0 -j RETURN @@ -574,8 +574,8 @@ print <<END iptables -t mangle --delete POSTROUTING -o $qossettings{'RED_DEV'} -j QOS-TOS >/dev/null 2>&1 iptables -t mangle --flush QOS-OUT >/dev/null 2>&1 iptables -t mangle --delete-chain QOS-OUT >/dev/null 2>&1 - iptables -t mangle --delete FORWARD -i $qossettings{'RED_DEV'} -j QOS-INC - iptables -t mangle --delete FORWARD -i $qossettings{'RED_DEV'} -j QOS-TOS + iptables -t mangle --delete PREROUTING -i $qossettings{'RED_DEV'} -j QOS-INC + iptables -t mangle --delete PREROUTING -i $qossettings{'RED_DEV'} -j QOS-TOS iptables -t mangle --flush QOS-INC >/dev/null 2>&1 iptables -t mangle --delete-chain QOS-INC >/dev/null 2>&1 iptables -t mangle --flush QOS-TOS >/dev/null 2>&1
Signed-off-by: Michael Tremer michael.tremer@ipfire.org --- config/qos/makeqosscripts.pl | 3 --- 1 file changed, 3 deletions(-)
diff --git a/config/qos/makeqosscripts.pl b/config/qos/makeqosscripts.pl index e5f076c73..6f307c743 100644 --- a/config/qos/makeqosscripts.pl +++ b/config/qos/makeqosscripts.pl @@ -430,9 +430,6 @@ print <<END
### ADD QOS-INC CHAIN TO THE MANGLE TABLE IN IPTABLES iptables -t mangle -N QOS-INC - iptables -t mangle -A POSTROUTING -i $qossettings{'RED_DEV'} -p ah -j RETURN - iptables -t mangle -A POSTROUTING -i $qossettings{'RED_DEV'} -p esp -j RETURN - iptables -t mangle -A POSTROUTING -i $qossettings{'RED_DEV'} -p ip -j RETURN iptables -t mangle -A PREROUTING -i $qossettings{'RED_DEV'} -j QOS-INC iptables -t mangle -A PREROUTING -i $qossettings{'RED_DEV'} -j QOS-TOS
This is useless since no ISP will evaluate those settings any more and it has a rather large impact on throughput.
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org --- config/qos/makeqosscripts.pl | 26 +------------------------- html/cgi-bin/qos.cgi | 12 ------------ 2 files changed, 1 insertion(+), 37 deletions(-)
diff --git a/config/qos/makeqosscripts.pl b/config/qos/makeqosscripts.pl index 6f307c743..96c784c89 100644 --- a/config/qos/makeqosscripts.pl +++ b/config/qos/makeqosscripts.pl @@ -134,7 +134,6 @@ case "$1" in echo "[iptables]" iptables -t mangle -n -L QOS-OUT -v -x 2> /dev/null iptables -t mangle -n -L QOS-INC -v -x 2> /dev/null - iptables -t mangle -n -L QOS-TOS -v -x 2> /dev/null exit 0 ;; esac @@ -211,9 +210,7 @@ print <<END
### ADD QOS-OUT CHAIN TO THE MANGLE TABLE IN IPTABLES iptables -t mangle -N QOS-OUT - iptables -t mangle -N QOS-TOS iptables -t mangle -I POSTROUTING -o $qossettings{'RED_DEV'} -j QOS-OUT - iptables -t mangle -A POSTROUTING -o $qossettings{'RED_DEV'} -j QOS-TOS
### Don't change mark on traffic for the ipsec tunnel iptables -t mangle -A QOS-OUT -m mark --mark 50 -j RETURN @@ -431,7 +428,6 @@ print <<END ### ADD QOS-INC CHAIN TO THE MANGLE TABLE IN IPTABLES iptables -t mangle -N QOS-INC iptables -t mangle -A PREROUTING -i $qossettings{'RED_DEV'} -j QOS-INC - iptables -t mangle -A PREROUTING -i $qossettings{'RED_DEV'} -j QOS-TOS
# If the packet is already marked, then skip the processing iptables -t mangle -A QOS-INC -m mark ! --mark 0 -j RETURN @@ -518,22 +514,6 @@ print <<END # Save mark in connection tracking iptables -t mangle -A QOS-INC -j CONNMARK --save-mark
- ### SETTING TOS BITS -END -; - foreach $classentry (sort @classes) - { - @classline = split( /;/, $classentry ); - $qossettings{'CLASS'} = $classline[1]; - $qossettings{'TOS'} = abs $classline[7] * 2; - if ($qossettings{'TOS'} ne "0") { - print "\tiptables -t mangle -A QOS-TOS -m mark --mark $qossettings{'CLASS'} -j TOS --set-tos $qossettings{'TOS'}\n"; - print "\tiptables -t mangle -A QOS-TOS -m mark --mark $qossettings{'CLASS'} -j RETURN\n"; - } - } - -print <<END - ## STARTING COLLECTOR /usr/local/bin/qosd $qossettings{'RED_DEV'} >/dev/null 2>&1 /usr/local/bin/qosd $qossettings{'IMQ_DEV'} >/dev/null 2>&1 @@ -568,15 +548,11 @@ print <<END iptables -t mangle --delete PREROUTING -i $qossettings{'RED_DEV'} -p esp -j RETURN >/dev/null 2>&1 iptables -t mangle --delete PREROUTING -i $qossettings{'RED_DEV'} -p ip -j RETURN >/dev/null 2>&1 iptables -t mangle --delete POSTROUTING -o $qossettings{'RED_DEV'} -j QOS-OUT >/dev/null 2>&1 - iptables -t mangle --delete POSTROUTING -o $qossettings{'RED_DEV'} -j QOS-TOS >/dev/null 2>&1 + iptables -t mangle --delete PREROUTING -i $qossettings{'RED_DEV'} -j QOS-INC >/dev/null 2>&1 iptables -t mangle --flush QOS-OUT >/dev/null 2>&1 iptables -t mangle --delete-chain QOS-OUT >/dev/null 2>&1 - iptables -t mangle --delete PREROUTING -i $qossettings{'RED_DEV'} -j QOS-INC - iptables -t mangle --delete PREROUTING -i $qossettings{'RED_DEV'} -j QOS-TOS iptables -t mangle --flush QOS-INC >/dev/null 2>&1 iptables -t mangle --delete-chain QOS-INC >/dev/null 2>&1 - iptables -t mangle --flush QOS-TOS >/dev/null 2>&1 - iptables -t mangle --delete-chain QOS-TOS >/dev/null 2>&1 # remove l7-filter iptables -t mangle --delete PREROUTING -m layer7 --l7proto unset
diff --git a/html/cgi-bin/qos.cgi b/html/cgi-bin/qos.cgi index 320eef67d..8211a3ca0 100644 --- a/html/cgi-bin/qos.cgi +++ b/html/cgi-bin/qos.cgi @@ -883,18 +883,6 @@ END <tr><td width='33%' align='right'>Ceilburst: <td width='33%' align='left'><input type='text' size='20' name='CBURST' maxlength='8' value="$qossettings{'CBURST'}" /> <td width='33%' align='center'> -END -; - $selected{'TOS'}{$qossettings{'TOS'}} = "selected='selected'"; -print <<END - <tr><td width='33%' align='right'>TOS-Bit: - <td width='33%' align='left'><select name='TOS'> - <option value='0' $selected{'TOS'}{'0'}>$Lang::tr{'disabled'} (0)</option> - <option value='8' $selected{'TOS'}{'8'}>$Lang::tr{'min delay'} (8)</option> - <option value='4' $selected{'TOS'}{'4'}>$Lang::tr{'max throughput'} (4)</option> - <option value='2' $selected{'TOS'}{'2'}>$Lang::tr{'max reliability'} (2)</option> - <option value='1' $selected{'TOS'}{'1'}>$Lang::tr{'min costs'} (1)</option></select> - <td width='33%' align='center'> <tr><td width='33%' align='right'>$Lang::tr{'remark'}: <td width='66%' colspan='2' align='left'><input type='text' name='REMARK' size='40' maxlength='40' value="$qossettings{'REMARK'}" /> <tr><td width='33%' align='right'><img src='/blob.gif' alt='*' /> $Lang::tr{'required field'}
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org --- config/qos/makeqosscripts.pl | 7 ------- 1 file changed, 7 deletions(-)
diff --git a/config/qos/makeqosscripts.pl b/config/qos/makeqosscripts.pl index 96c784c89..9d7c7c5a6 100644 --- a/config/qos/makeqosscripts.pl +++ b/config/qos/makeqosscripts.pl @@ -216,34 +216,27 @@ print <<END iptables -t mangle -A QOS-OUT -m mark --mark 50 -j RETURN
### MARK ACKs - iptables -t mangle -A QOS-OUT -p tcp --tcp-flags SYN,RST SYN -j TOS --set-tos 4 iptables -t mangle -A QOS-OUT -p tcp --tcp-flags SYN,RST SYN -j MARK --set-mark $qossettings{'ACK'} iptables -t mangle -A QOS-OUT -p tcp --tcp-flags SYN,RST SYN -j RETURN
iptables -t mangle -A QOS-OUT -p icmp -m length --length 40:100 -j MARK --set-mark $qossettings{'ACK'} iptables -t mangle -A QOS-OUT -p icmp -m length --length 40:100 -j RETURN
- iptables -t mangle -A QOS-OUT -p tcp --syn -m length --length 40:68 -j TOS --set-tos 4 iptables -t mangle -A QOS-OUT -p tcp --syn -m length --length 40:68 -j MARK --set-mark $qossettings{'ACK'} iptables -t mangle -A QOS-OUT -p tcp --syn -m length --length 40:68 -j RETURN
- iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL SYN,ACK -m length --length 40:68 -j TOS --set-tos 4 iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL SYN,ACK -m length --length 40:68 -j MARK --set-mark $qossettings{'ACK'} iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL SYN,ACK -m length --length 40:68 -j RETURN
- iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL ACK -m length --length 40:100 -j TOS --set-tos 4 iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL ACK -m length --length 40:100 -j MARK --set-mark $qossettings{'ACK'} iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL ACK -m length --length 40:100 -j RETURN
- iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL RST -j TOS --set-tos 4 iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL RST -j MARK --set-mark $qossettings{'ACK'} iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL RST -j RETURN
- iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL ACK,RST -j TOS --set-tos 4 iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL ACK,RST -j MARK --set-mark $qossettings{'ACK'} iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL ACK,RST -j RETURN
- iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL ACK,FIN -j TOS --set-tos 4 iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL ACK,FIN -j MARK --set-mark $qossettings{'ACK'} iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL ACK,FIN -j RETURN
Signed-off-by: Michael Tremer michael.tremer@ipfire.org --- config/qos/makeqosscripts.pl | 6 ------ 1 file changed, 6 deletions(-)
diff --git a/config/qos/makeqosscripts.pl b/config/qos/makeqosscripts.pl index 9d7c7c5a6..1a5d01d52 100644 --- a/config/qos/makeqosscripts.pl +++ b/config/qos/makeqosscripts.pl @@ -534,12 +534,6 @@ print <<END ip link del $qossettings{'IMQ_DEV'} >/dev/null 2>&1
# REMOVE & FLUSH CHAINS - iptables -t mangle --delete POSTROUTING -i $qossettings{'RED_DEV'} -p ah -j RETURN >/dev/null 2>&1 - iptables -t mangle --delete POSTROUTING -i $qossettings{'RED_DEV'} -p esp -j RETURN >/dev/null 2>&1 - iptables -t mangle --delete POSTROUTING -i $qossettings{'RED_DEV'} -p ip -j RETURN >/dev/null 2>&1 - iptables -t mangle --delete PREROUTING -i $qossettings{'RED_DEV'} -p ah -j RETURN >/dev/null 2>&1 - iptables -t mangle --delete PREROUTING -i $qossettings{'RED_DEV'} -p esp -j RETURN >/dev/null 2>&1 - iptables -t mangle --delete PREROUTING -i $qossettings{'RED_DEV'} -p ip -j RETURN >/dev/null 2>&1 iptables -t mangle --delete POSTROUTING -o $qossettings{'RED_DEV'} -j QOS-OUT >/dev/null 2>&1 iptables -t mangle --delete PREROUTING -i $qossettings{'RED_DEV'} -j QOS-INC >/dev/null 2>&1 iptables -t mangle --flush QOS-OUT >/dev/null 2>&1