This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via fb41342122256c14a48bd9254f732b38299245b0 (commit) via bd122644e4548e2a9fdc1e168ae5e8b08e0299df (commit) via 707e0471cefb5b37e8bc9c77b95d5fee583f6ffa (commit) via 5e661eb533a2271bfe57263f9187b64ad74d7244 (commit) via 005fc8ed5de2fd53884e3baeda551a0f82b86de1 (commit) via d7297c477ad2253e8908836036b37b4bf30a0cd4 (commit) via fb8d7759b85027cda6c4b3901cc48a06357fb0c1 (commit) via c27fdd869703ea18e05e7702f53f2777dad630b6 (commit) via fc08e632e3a804f353c7797422d3a8dc65ae23de (commit) via 896f24cc5850311ea60e70f2765ba8eb53b12b3e (commit) via 323900264f78eb52204b84cfbbcd76ec04cbc822 (commit) via bebc33813ae29578b4297947971afe76925c8954 (commit) via 50e97cd55f43fd70feab62aad5bc1b97b9da05e3 (commit) via 6aeaa3a75e6ba1bb672b526a7c08903b5b959ad3 (commit) via ac45e4f3e9d3174982f0023cbbbe6773c858e4c5 (commit) from 6e414ea1e072133501d44002c857e1d7cbf2b076 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit fb41342122256c14a48bd9254f732b38299245b0 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Oct 20 20:25:24 2019 +0000
Revert "QoS: Do not manually load iptables modules"
This reverts commit cae6916d598b08d79d91e92733f676be4a4bb10c.
commit bd122644e4548e2a9fdc1e168ae5e8b08e0299df Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Oct 20 20:24:43 2019 +0000
Revert "QoS: Use Intermediate Functional Block"
This reverts commit 3c33d9d8545c46d2446244e7d20eb25f3d2f2d90.
commit 707e0471cefb5b37e8bc9c77b95d5fee583f6ffa Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Oct 20 20:24:16 2019 +0000
Revert "Revert "Make IMQ Switchable between PREROUTING and POSTROUTING""
This reverts commit ec01ebe246072cae77bc53d3c1fc09ad8277a89f.
commit 5e661eb533a2271bfe57263f9187b64ad74d7244 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Oct 20 20:23:54 2019 +0000
Revert "QoS: Tidy up qdiscs after QoS is being stopped"
This reverts commit eedf7b06c0c4a598b78dd87edb0f49a7f2bb061c.
commit 005fc8ed5de2fd53884e3baeda551a0f82b86de1 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Oct 20 20:23:13 2019 +0000
Revert "QoS: Process incoming packets in PREROUTING only"
This reverts commit e6341c5856ad6d7ed390d1a9ffbfadf449daebd8.
commit d7297c477ad2253e8908836036b37b4bf30a0cd4 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Oct 20 20:21:53 2019 +0000
Revert "QoS: Do not delete egress qdisc after classes have been created"
This reverts commit 39ff91ecf8d22a4752e3eeef8ae5cf60e497cb44.
commit fb8d7759b85027cda6c4b3901cc48a06357fb0c1 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Oct 20 20:21:23 2019 +0000
Revert "QoS: Start qosd immediately"
This reverts commit 6a9bcd6c1d7ac0f8f4926a886beb8b3989227874.
commit c27fdd869703ea18e05e7702f53f2777dad630b6 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Oct 20 20:20:26 2019 +0000
Revert "linux+iptables: Drop support for IMQ"
This reverts commit 59b9a6bd22c0a5236b291ad7a50395032d600739.
commit fc08e632e3a804f353c7797422d3a8dc65ae23de Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Oct 20 20:19:58 2019 +0000
Revert "QoS: Suppress an error message when cleaning up from previous runs"
This reverts commit cebad6e2b938071e1da2bea9dfa3fe09169ee5a0.
commit 896f24cc5850311ea60e70f2765ba8eb53b12b3e Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Oct 20 20:19:21 2019 +0000
Revert "QoS: Move packet classification to FORWARD chain for ingress"
This reverts commit 424a332fd38ab844094d3e978cf5e159ead64b6c.
commit 323900264f78eb52204b84cfbbcd76ec04cbc822 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Oct 20 20:18:56 2019 +0000
Revert "QoS: Use CLASSIFY iptables target instead of MARK"
This reverts commit 3e151d19f9b813206e36da6b66fdc8cc99cdd26f.
commit bebc33813ae29578b4297947971afe76925c8954 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Oct 20 20:18:34 2019 +0000
Revert "QoS: Drop tc filter rules to move marked packets into the correct class"
This reverts commit 63f7d7475e97d74d4bcd23bd739b6b1721e55e14.
commit 50e97cd55f43fd70feab62aad5bc1b97b9da05e3 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Oct 20 20:18:00 2019 +0000
Revert "QoS: Drop support for subclasses"
This reverts commit bc4d4da87009ebffcd93d30dcbfffff797b92588.
commit 6aeaa3a75e6ba1bb672b526a7c08903b5b959ad3 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Oct 20 20:17:18 2019 +0000
Revert "QoS: Drop support for setting TOS bits per class"
This reverts commit 3174d9c6b610c1f1ce1e7a8828a4575def2e2392.
commit ac45e4f3e9d3174982f0023cbbbe6773c858e4c5 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Oct 20 20:16:05 2019 +0000
Revert "QoS: No longer set TOS bits for ACK packets"
This reverts commit b1c695e872f0b1968dadee7fc38cf3258423c3ac.
-----------------------------------------------------------------------
Summary of changes: config/kernel/kernel.config.aarch64-ipfire | 7 + .../kernel/kernel.config.armv5tel-ipfire-kirkwood | 7 + config/kernel/kernel.config.armv5tel-ipfire-multi | 7 + config/kernel/kernel.config.i586-ipfire | 7 + config/kernel/kernel.config.i586-ipfire-pae | 7 + config/kernel/kernel.config.x86_64-ipfire | 7 + config/qos/makeqosscripts.pl | 257 ++- config/rootfiles/common/aarch64/linux | 13 + config/rootfiles/common/armv5tel/linux-kirkwood | 13 + config/rootfiles/common/armv5tel/linux-multi | 13 + config/rootfiles/common/i586/linux | 13 + config/rootfiles/common/iptables | 1 + config/rootfiles/common/x86_64/linux | 13 + config/rootfiles/packages/linux-pae | 13 + doc/language_issues.de | 4 - doc/language_issues.en | 4 + doc/language_issues.es | 4 - doc/language_issues.fr | 4 - doc/language_issues.it | 4 - doc/language_issues.nl | 4 - doc/language_issues.pl | 4 - doc/language_issues.ru | 4 - doc/language_issues.tr | 4 - html/cgi-bin/qos.cgi | 209 +++ lfs/iptables | 3 + lfs/linux | 3 + src/patches/iptables-1.4.12-IMQ-test4.diff | 141 ++ src/patches/linux/linux-4.14-imq.diff | 1759 ++++++++++++++++++++ 28 files changed, 2461 insertions(+), 68 deletions(-) create mode 100644 src/patches/iptables-1.4.12-IMQ-test4.diff create mode 100644 src/patches/linux/linux-4.14-imq.diff
Difference in files: diff --git a/config/kernel/kernel.config.aarch64-ipfire b/config/kernel/kernel.config.aarch64-ipfire index 778b05a9a..e263041a8 100644 --- a/config/kernel/kernel.config.aarch64-ipfire +++ b/config/kernel/kernel.config.aarch64-ipfire @@ -908,6 +908,7 @@ CONFIG_NETFILTER_XT_TARGET_HMARK=m CONFIG_NETFILTER_XT_TARGET_IDLETIMER=m CONFIG_NETFILTER_XT_TARGET_LED=m CONFIG_NETFILTER_XT_TARGET_LOG=m +CONFIG_NETFILTER_XT_TARGET_IMQ=m CONFIG_NETFILTER_XT_TARGET_MARK=m CONFIG_NETFILTER_XT_NAT=m CONFIG_NETFILTER_XT_TARGET_NETMAP=m @@ -1991,6 +1992,12 @@ CONFIG_NETCONSOLE=m CONFIG_NETCONSOLE_DYNAMIC=y CONFIG_NETPOLL=y CONFIG_NET_POLL_CONTROLLER=y +CONFIG_IMQ=m +# CONFIG_IMQ_BEHAVIOR_AA is not set +CONFIG_IMQ_BEHAVIOR_AB=y +# CONFIG_IMQ_BEHAVIOR_BA is not set +# CONFIG_IMQ_BEHAVIOR_BB is not set +CONFIG_IMQ_NUM_DEVS=2 CONFIG_TUN=m CONFIG_TAP=m # CONFIG_TUN_VNET_CROSS_LE is not set diff --git a/config/kernel/kernel.config.armv5tel-ipfire-kirkwood b/config/kernel/kernel.config.armv5tel-ipfire-kirkwood index fcbac3bcd..35af2a984 100644 --- a/config/kernel/kernel.config.armv5tel-ipfire-kirkwood +++ b/config/kernel/kernel.config.armv5tel-ipfire-kirkwood @@ -894,6 +894,7 @@ CONFIG_NETFILTER_XT_TARGET_HMARK=m CONFIG_NETFILTER_XT_TARGET_IDLETIMER=m CONFIG_NETFILTER_XT_TARGET_LED=m CONFIG_NETFILTER_XT_TARGET_LOG=m +CONFIG_NETFILTER_XT_TARGET_IMQ=m CONFIG_NETFILTER_XT_TARGET_MARK=m CONFIG_NETFILTER_XT_NAT=m CONFIG_NETFILTER_XT_TARGET_NETMAP=m @@ -1954,6 +1955,12 @@ CONFIG_NETCONSOLE=m CONFIG_NETCONSOLE_DYNAMIC=y CONFIG_NETPOLL=y CONFIG_NET_POLL_CONTROLLER=y +CONFIG_IMQ=m +# CONFIG_IMQ_BEHAVIOR_AA is not set +CONFIG_IMQ_BEHAVIOR_AB=y +# CONFIG_IMQ_BEHAVIOR_BA is not set +# CONFIG_IMQ_BEHAVIOR_BB is not set +CONFIG_IMQ_NUM_DEVS=2 CONFIG_TUN=m CONFIG_TAP=m # CONFIG_TUN_VNET_CROSS_LE is not set diff --git a/config/kernel/kernel.config.armv5tel-ipfire-multi b/config/kernel/kernel.config.armv5tel-ipfire-multi index fc74eb142..e3be55bf5 100644 --- a/config/kernel/kernel.config.armv5tel-ipfire-multi +++ b/config/kernel/kernel.config.armv5tel-ipfire-multi @@ -1166,6 +1166,7 @@ CONFIG_NETFILTER_XT_TARGET_HMARK=m CONFIG_NETFILTER_XT_TARGET_IDLETIMER=m CONFIG_NETFILTER_XT_TARGET_LED=m CONFIG_NETFILTER_XT_TARGET_LOG=m +CONFIG_NETFILTER_XT_TARGET_IMQ=m CONFIG_NETFILTER_XT_TARGET_MARK=m CONFIG_NETFILTER_XT_NAT=m CONFIG_NETFILTER_XT_TARGET_NETMAP=m @@ -2262,6 +2263,12 @@ CONFIG_NETCONSOLE=m CONFIG_NETCONSOLE_DYNAMIC=y CONFIG_NETPOLL=y CONFIG_NET_POLL_CONTROLLER=y +CONFIG_IMQ=m +# CONFIG_IMQ_BEHAVIOR_AA is not set +CONFIG_IMQ_BEHAVIOR_AB=y +# CONFIG_IMQ_BEHAVIOR_BA is not set +# CONFIG_IMQ_BEHAVIOR_BB is not set +CONFIG_IMQ_NUM_DEVS=2 CONFIG_TUN=m CONFIG_TAP=m # CONFIG_TUN_VNET_CROSS_LE is not set diff --git a/config/kernel/kernel.config.i586-ipfire b/config/kernel/kernel.config.i586-ipfire index 4eaae6f74..726e2fe03 100644 --- a/config/kernel/kernel.config.i586-ipfire +++ b/config/kernel/kernel.config.i586-ipfire @@ -1102,6 +1102,7 @@ CONFIG_NETFILTER_XT_TARGET_HMARK=m CONFIG_NETFILTER_XT_TARGET_IDLETIMER=m CONFIG_NETFILTER_XT_TARGET_LED=m CONFIG_NETFILTER_XT_TARGET_LOG=m +CONFIG_NETFILTER_XT_TARGET_IMQ=m CONFIG_NETFILTER_XT_TARGET_MARK=m CONFIG_NETFILTER_XT_NAT=m CONFIG_NETFILTER_XT_TARGET_NETMAP=m @@ -2170,6 +2171,12 @@ CONFIG_NETCONSOLE=m CONFIG_NETCONSOLE_DYNAMIC=y CONFIG_NETPOLL=y CONFIG_NET_POLL_CONTROLLER=y +CONFIG_IMQ=m +# CONFIG_IMQ_BEHAVIOR_AA is not set +CONFIG_IMQ_BEHAVIOR_AB=y +# CONFIG_IMQ_BEHAVIOR_BA is not set +# CONFIG_IMQ_BEHAVIOR_BB is not set +CONFIG_IMQ_NUM_DEVS=2 CONFIG_TUN=m CONFIG_TAP=m # CONFIG_TUN_VNET_CROSS_LE is not set diff --git a/config/kernel/kernel.config.i586-ipfire-pae b/config/kernel/kernel.config.i586-ipfire-pae index 526adbbcb..4a61ff534 100644 --- a/config/kernel/kernel.config.i586-ipfire-pae +++ b/config/kernel/kernel.config.i586-ipfire-pae @@ -1120,6 +1120,7 @@ CONFIG_NETFILTER_XT_TARGET_HMARK=m CONFIG_NETFILTER_XT_TARGET_IDLETIMER=m CONFIG_NETFILTER_XT_TARGET_LED=m CONFIG_NETFILTER_XT_TARGET_LOG=m +CONFIG_NETFILTER_XT_TARGET_IMQ=m CONFIG_NETFILTER_XT_TARGET_MARK=m CONFIG_NETFILTER_XT_NAT=m CONFIG_NETFILTER_XT_TARGET_NETMAP=m @@ -2190,6 +2191,12 @@ CONFIG_NETCONSOLE=m CONFIG_NETCONSOLE_DYNAMIC=y CONFIG_NETPOLL=y CONFIG_NET_POLL_CONTROLLER=y +CONFIG_IMQ=m +# CONFIG_IMQ_BEHAVIOR_AA is not set +CONFIG_IMQ_BEHAVIOR_AB=y +# CONFIG_IMQ_BEHAVIOR_BA is not set +# CONFIG_IMQ_BEHAVIOR_BB is not set +CONFIG_IMQ_NUM_DEVS=2 CONFIG_TUN=m CONFIG_TAP=m # CONFIG_TUN_VNET_CROSS_LE is not set diff --git a/config/kernel/kernel.config.x86_64-ipfire b/config/kernel/kernel.config.x86_64-ipfire index c9563234e..da87dce2d 100644 --- a/config/kernel/kernel.config.x86_64-ipfire +++ b/config/kernel/kernel.config.x86_64-ipfire @@ -1094,6 +1094,7 @@ CONFIG_NETFILTER_XT_TARGET_HMARK=m CONFIG_NETFILTER_XT_TARGET_IDLETIMER=m CONFIG_NETFILTER_XT_TARGET_LED=m CONFIG_NETFILTER_XT_TARGET_LOG=m +CONFIG_NETFILTER_XT_TARGET_IMQ=m CONFIG_NETFILTER_XT_TARGET_MARK=m CONFIG_NETFILTER_XT_NAT=y CONFIG_NETFILTER_XT_TARGET_NETMAP=m @@ -2147,6 +2148,12 @@ CONFIG_NETCONSOLE=m CONFIG_NETCONSOLE_DYNAMIC=y CONFIG_NETPOLL=y CONFIG_NET_POLL_CONTROLLER=y +CONFIG_IMQ=m +# CONFIG_IMQ_BEHAVIOR_AA is not set +CONFIG_IMQ_BEHAVIOR_AB=y +# CONFIG_IMQ_BEHAVIOR_BA is not set +# CONFIG_IMQ_BEHAVIOR_BB is not set +CONFIG_IMQ_NUM_DEVS=2 CONFIG_TUN=m CONFIG_TAP=m # CONFIG_TUN_VNET_CROSS_LE is not set diff --git a/config/qos/makeqosscripts.pl b/config/qos/makeqosscripts.pl index ff4cbcb12..cddfa2772 100644 --- a/config/qos/makeqosscripts.pl +++ b/config/qos/makeqosscripts.pl @@ -35,22 +35,26 @@ my $errormessage = ""; my $c = ""; my $direntry = ""; my $classentry = ""; +my $subclassentry = ""; my $l7ruleentry = ""; my $portruleentry = ""; my $tosruleentry = ""; my @tmp = (); my @classes = (); +my @subclasses = (); my @l7rules = (); my @portrules = (); my @tosrules = (); my @tmpline = (); my @classline = (); +my @subclassline = (); my @tosruleline = (); my @l7ruleline = (); my @portruleline = (); my @proto = (); my %selected= () ; my $classfile = "/var/ipfire/qos/classes"; +my $subclassfile = "/var/ipfire/qos/subclasses"; my $level7file = "/var/ipfire/qos/level7config"; my $portfile = "/var/ipfire/qos/portconfig"; my $tosfile = "/var/ipfire/qos/tosconfig"; @@ -71,12 +75,16 @@ $qossettings{'RED_DEV'} = `cat /var/ipfire/red/iface`; $qossettings{'IMQ_DEV'} = 'imq0'; $qossettings{'TOS'} = ''; $qossettings{'VALID'} = 'yes'; +$qossettings{'IMQ_MODE'} = 'PREROUTING';
&General::readhash("${General::swroot}/qos/settings", %qossettings);
open( FILE, "< $classfile" ) or die "Unable to read $classfile"; @classes = <FILE>; close FILE; +open( FILE, "< $subclassfile" ) or die "Unable to read $subclassfile"; +@subclasses = <FILE>; +close FILE; open( FILE, "< $level7file" ) or die "Unable to read $level7file"; @l7rules = <FILE>; close FILE; @@ -124,15 +132,23 @@ case "$1" in tc -s class show dev $qossettings{'IMQ_DEV'} exit 0 ;; + filter) + echo "[filter]" + tc -s filter show dev $qossettings{'RED_DEV'} + tc -s filter show dev $qossettings{'IMQ_DEV'} + exit 0 + ;; iptables) echo "[iptables]" iptables -t mangle -n -L QOS-OUT -v -x 2> /dev/null iptables -t mangle -n -L QOS-INC -v -x 2> /dev/null + iptables -t mangle -n -L QOS-TOS -v -x 2> /dev/null exit 0 ;; esac $0 $1 qdisc $0 $1 class + $0 $1 filter $0 $1 iptables exit 0 ;; @@ -175,6 +191,27 @@ foreach $classentry (sort @classes) print "\n"; } } +foreach $subclassentry (sort @subclasses) { + @subclassline = split( /;/, $subclassentry ); + if ($qossettings{'RED_DEV'} eq $subclassline[0]) { + $qossettings{'DEVICE'} = $subclassline[0]; + $qossettings{'CLASS'} = $subclassline[1]; + $qossettings{'SCLASS'} = $subclassline[2]; + $qossettings{'SPRIO'} = $subclassline[3]; + $qossettings{'SRATE'} = $subclassline[4]; + $qossettings{'SCEIL'} = $subclassline[5]; + $qossettings{'SBURST'} = $subclassline[6]; + $qossettings{'SCBURST'} = $subclassline[7]; + print "\ttc class add dev $qossettings{'DEVICE'} parent 1:$qossettings{'CLASS'} classid 1:$qossettings{'SCLASS'} htb rate $qossettings{'SRATE'}kbit ceil $qossettings{'SCEIL'}kbit prio $qossettings{'SPRIO'} "; + if ($qossettings{'SBURST'} > 0) { + print "burst $qossettings{'SBURST'}k "; + } + if (($qossettings{'SCBURST'} ne '') && ($qossettings{'SCBURST'} ne 0)) { + print "cburst $qossettings{'CBURST'}k"; + } + print "\n"; + } +}
print "\n\t### ATTACH QDISC TO LEAF CLASSES\n"; foreach $classentry (sort @classes) @@ -186,38 +223,77 @@ foreach $classentry (sort @classes) print "\ttc qdisc add dev $qossettings{'DEVICE'} parent 1:$qossettings{'CLASS'} handle $qossettings{'CLASS'}: fq_codel $fqcodel_options\n"; } } +foreach $subclassentry (sort @subclasses) { + @subclassline = split( /;/, $subclassentry ); + if ($qossettings{'RED_DEV'} eq $subclassline[0]) { + $qossettings{'DEVICE'} = $subclassline[0]; + $qossettings{'SCLASS'} = $subclassline[2]; + print "\ttc qdisc add dev $qossettings{'DEVICE'} parent 1:$qossettings{'SCLASS'} handle $qossettings{'SCLASS'}: fq_codel $fqcodel_options\n"; + } +} +print "\n\t### FILTER TRAFFIC INTO CLASSES\n"; +foreach $classentry (sort @classes) +{ + @classline = split( /;/, $classentry ); + if ($qossettings{'RED_DEV'} eq $classline[0]) { + $qossettings{'DEVICE'} = $classline[0]; + $qossettings{'CLASS'} = $classline[1]; + print "\ttc filter add dev $qossettings{'DEVICE'} parent 1:0 prio 0 protocol ip handle $qossettings{'CLASS'} fw flowid 1:$qossettings{'CLASS'}\n"; + } +} +foreach $subclassentry (sort @subclasses) { + @subclassline = split( /;/, $subclassentry ); + if ($qossettings{'RED_DEV'} eq $subclassline[0]) { + $qossettings{'DEVICE'} = $subclassline[0]; + $qossettings{'CLASS'} = $subclassline[1]; + $qossettings{'SCLASS'} = $subclassline[2]; + print "\ttc filter add dev $qossettings{'DEVICE'} parent 1:0 prio 0 protocol ip handle $qossettings{'SCLASS'} fw flowid 1:$qossettings{'SCLASS'}\n"; + } +} print <<END
+ ### add l7-filter to PREROUTING chain to see all traffic + iptables -t mangle -A PREROUTING -m layer7 --l7proto unset + ### ADD QOS-OUT CHAIN TO THE MANGLE TABLE IN IPTABLES iptables -t mangle -N QOS-OUT + iptables -t mangle -N QOS-TOS iptables -t mangle -I POSTROUTING -o $qossettings{'RED_DEV'} -j QOS-OUT + iptables -t mangle -A POSTROUTING -o $qossettings{'RED_DEV'} -j QOS-TOS
### Don't change mark on traffic for the ipsec tunnel iptables -t mangle -A QOS-OUT -m mark --mark 50 -j RETURN
### MARK ACKs - iptables -t mangle -A QOS-OUT -p tcp --tcp-flags SYN,RST SYN -j CLASSIFY --set-class 1:$qossettings{'ACK'} + iptables -t mangle -A QOS-OUT -p tcp --tcp-flags SYN,RST SYN -j TOS --set-tos 4 + iptables -t mangle -A QOS-OUT -p tcp --tcp-flags SYN,RST SYN -j MARK --set-mark $qossettings{'ACK'} iptables -t mangle -A QOS-OUT -p tcp --tcp-flags SYN,RST SYN -j RETURN
- iptables -t mangle -A QOS-OUT -p icmp -m length --length 40:100 -j CLASSIFY --set-class 1:$qossettings{'ACK'} + iptables -t mangle -A QOS-OUT -p icmp -m length --length 40:100 -j MARK --set-mark $qossettings{'ACK'} iptables -t mangle -A QOS-OUT -p icmp -m length --length 40:100 -j RETURN
- iptables -t mangle -A QOS-OUT -p tcp --syn -m length --length 40:68 -j CLASSIFY --set-class 1:$qossettings{'ACK'} + iptables -t mangle -A QOS-OUT -p tcp --syn -m length --length 40:68 -j TOS --set-tos 4 + iptables -t mangle -A QOS-OUT -p tcp --syn -m length --length 40:68 -j MARK --set-mark $qossettings{'ACK'} iptables -t mangle -A QOS-OUT -p tcp --syn -m length --length 40:68 -j RETURN
- iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL SYN,ACK -m length --length 40:68 -j CLASSIFY --set-class 1:$qossettings{'ACK'} + iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL SYN,ACK -m length --length 40:68 -j TOS --set-tos 4 + iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL SYN,ACK -m length --length 40:68 -j MARK --set-mark $qossettings{'ACK'} iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL SYN,ACK -m length --length 40:68 -j RETURN
- iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL ACK -m length --length 40:100 -j CLASSIFY --set-class 1:$qossettings{'ACK'} + iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL ACK -m length --length 40:100 -j TOS --set-tos 4 + iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL ACK -m length --length 40:100 -j MARK --set-mark $qossettings{'ACK'} iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL ACK -m length --length 40:100 -j RETURN
- iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL RST -j CLASSIFY --set-class 1:$qossettings{'ACK'} + iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL RST -j TOS --set-tos 4 + iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL RST -j MARK --set-mark $qossettings{'ACK'} iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL RST -j RETURN
- iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL ACK,RST -j CLASSIFY --set-class 1:$qossettings{'ACK'} + iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL ACK,RST -j TOS --set-tos 4 + iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL ACK,RST -j MARK --set-mark $qossettings{'ACK'} iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL ACK,RST -j RETURN
- iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL ACK,FIN -j CLASSIFY --set-class 1:$qossettings{'ACK'} + iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL ACK,FIN -j TOS --set-tos 4 + iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL ACK,FIN -j MARK --set-mark $qossettings{'ACK'} iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL ACK,FIN -j RETURN
### SET TOS @@ -230,7 +306,7 @@ END $qossettings{'TOS'} = abs $tosruleline[2] * 2; if ( $tosruleline[1] eq $qossettings{'RED_DEV'} ) { - print "\tiptables -t mangle -A QOS-OUT -m tos --tos $qossettings{'TOS'} -j CLASSIFY --set-class 1:$qossettings{'CLASS'}\n"; + print "\tiptables -t mangle -A QOS-OUT -m tos --tos $qossettings{'TOS'} -j MARK --set-mark $qossettings{'CLASS'}\n"; print "\tiptables -t mangle -A QOS-OUT -m tos --tos $qossettings{'TOS'} -j RETURN\n"; } } @@ -265,7 +341,7 @@ print "\n\t### SET PORT-RULES\n"; if ($qossettings{'DPORT'} ne ''){ print "--dport $qossettings{'DPORT'} "; } - print "-j CLASSIFY --set-class 1:$qossettings{'CLASS'}\n"; + print "-j MARK --set-mark $qossettings{'CLASS'}\n"; print "\tiptables -t mangle -A QOS-OUT "; if ($qossettings{'QIP'} ne ''){ print "-s $qossettings{'QIP'} "; @@ -286,6 +362,7 @@ print "\n\t### SET PORT-RULES\n"; print "-j RETURN\n\n"; } } + print <<END
### SET LEVEL7-RULES @@ -308,7 +385,7 @@ END if ($qossettings{'DIP'} ne ''){ print "-d $qossettings{'DIP'} "; } - print "-m layer7 --l7dir /etc/l7-protocols/protocols --l7proto $qossettings{'L7PROT'} -j CLASSIFY --set-class 1:$qossettings{'CLASS'}\n"; + print "-m layer7 --l7dir /etc/l7-protocols/protocols --l7proto $qossettings{'L7PROT'} -j MARK --set-mark $qossettings{'CLASS'}\n"; print "\tiptables -t mangle -A QOS-OUT "; if ($qossettings{'QIP'} ne ''){ print "-s $qossettings{'QIP'} "; @@ -323,27 +400,20 @@ END print <<END
### REDUNDANT: SET ALL NONMARKED PACKETS TO DEFAULT CLASS - iptables -t mangle -A QOS-OUT -j CLASSIFY --set-class 1:$qossettings{'DEFCLASS_OUT'} + iptables -t mangle -A QOS-OUT -m mark --mark 0 -j MARK --set-mark $qossettings{'DEFCLASS_OUT'}
### ### $qossettings{'IMQ_DEV'} ###
- tc qdisc del dev $qossettings{'RED_DEV'} ingress >/dev/null 2>&1 - tc qdisc add dev $qossettings{'RED_DEV'} handle ffff: ingress - ### BRING UP $qossettings{'IMQ_DEV'} - if [ ! -d "/sys/class/net/$qossettings{'IMQ_DEV'}" ]; then - ip link add name $qossettings{'IMQ_DEV'} type ifb + if [ `lsmod | grep -q ipt_IMQ` ]; then + insmod ipt_IMQ + sleep 2 fi - - #tc qdisc del dev $qossettings{'IMQ_DEV'} root - #tc qdisc del dev $qossettings{'IMQ_DEV'} ingress + modprobe imq numdevs=1 numqueues=$(grep -c "^processor" /proc/cpuinfo || echo 1) ip link set $qossettings{'IMQ_DEV'} up
- tc filter add dev $qossettings{'RED_DEV'} parent ffff: protocol all u32 match u32 0 0 \ - action mirred egress redirect dev $qossettings{'IMQ_DEV'} - ### ADD HTB QDISC FOR $qossettings{'IMQ_DEV'} tc qdisc del dev $qossettings{'IMQ_DEV'} root >/dev/null 2>&1 tc qdisc add dev $qossettings{'IMQ_DEV'} root handle 2: htb default $qossettings{'DEFCLASS_INC'} @@ -375,6 +445,27 @@ foreach $classentry (sort @classes) print "\n"; } } +foreach $subclassentry (sort @subclasses) { + @subclassline = split( /;/, $subclassentry ); + if ($qossettings{'IMQ_DEV'} eq $subclassline[0]) { + $qossettings{'DEVICE'} = $subclassline[0]; + $qossettings{'CLASS'} = $subclassline[1]; + $qossettings{'SCLASS'} = $subclassline[2]; + $qossettings{'SPRIO'} = $subclassline[3]; + $qossettings{'SRATE'} = $subclassline[4]; + $qossettings{'SCEIL'} = $subclassline[5]; + $qossettings{'SBURST'} = $subclassline[6]; + $qossettings{'SCBURST'} = $subclassline[7]; + print "\ttc class add dev $qossettings{'DEVICE'} parent 2:$qossettings{'CLASS'} classid 2:$qossettings{'SCLASS'} htb rate $qossettings{'SRATE'}kbit ceil $qossettings{'SCEIL'}kbit prio $qossettings{'SPRIO'} "; + if ($qossettings{'SBURST'} > 0) { + print "burst $qossettings{'SBURST'}k "; + } + if (($qossettings{'SCBURST'} ne '') && ($qossettings{'SCBURST'} ne 0)) { + print "cburst $qossettings{'CBURST'}k"; + } + print "\n"; + } +}
print "\n\t### ATTACH QDISC TO LEAF CLASSES\n"; foreach $classentry (sort @classes) @@ -386,15 +477,69 @@ foreach $classentry (sort @classes) print "\ttc qdisc add dev $qossettings{'DEVICE'} parent 2:$qossettings{'CLASS'} handle $qossettings{'CLASS'}: fq_codel $fqcodel_options\n"; } } +foreach $subclassentry (sort @subclasses) { + @subclassline = split( /;/, $subclassentry ); + if ($qossettings{'IMQ_DEV'} eq $subclassline[0]) { + $qossettings{'DEVICE'} = $subclassline[0]; + $qossettings{'SCLASS'} = $subclassline[2]; + print "\ttc qdisc add dev $qossettings{'DEVICE'} parent 2:$qossettings{'SCLASS'} handle $qossettings{'SCLASS'}: fq_codel $fqcodel_options\n"; + } +} +print "\n\t### FILTER TRAFFIC INTO CLASSES\n"; +foreach $classentry (sort @classes) +{ + @classline = split( /;/, $classentry ); + if ($qossettings{'IMQ_DEV'} eq $classline[0]) { + $qossettings{'DEVICE'} = $classline[0]; + $qossettings{'CLASS'} = $classline[1]; + print "\ttc filter add dev $qossettings{'DEVICE'} parent 2:0 prio 0 protocol ip handle $qossettings{'CLASS'} fw flowid 2:$qossettings{'CLASS'}\n"; + } +} +foreach $subclassentry (sort @subclasses) { + @subclassline = split( /;/, $subclassentry ); + if ($qossettings{'IMQ_DEV'} eq $subclassline[0]) { + $qossettings{'DEVICE'} = $subclassline[0]; + $qossettings{'CLASS'} = $subclassline[1]; + $qossettings{'SCLASS'} = $subclassline[2]; + print "\ttc filter add dev $qossettings{'DEVICE'} parent 2:0 prio 0 protocol ip handle $qossettings{'SCLASS'} fw flowid 2:$qossettings{'SCLASS'}\n"; + } +} + +if ( $qossettings{'IMQ_MODE'} eq 'POSTROUTING' ) +{ +print <<END + + ### ADD QOS-INC CHAIN TO THE MANGLE TABLE IN IPTABLES + iptables -t mangle -N QOS-INC + iptables -t mangle -A POSTROUTING -i $qossettings{'RED_DEV'} -p ah -j RETURN + iptables -t mangle -A POSTROUTING -i $qossettings{'RED_DEV'} -p esp -j RETURN + iptables -t mangle -A POSTROUTING -i $qossettings{'RED_DEV'} -p ip -j RETURN + iptables -t mangle -A POSTROUTING -m mark ! --mark 0 ! -o $qossettings{'RED_DEV'} -j IMQ --todev 0 + iptables -t mangle -I FORWARD -i $qossettings{'RED_DEV'} -j QOS-INC + iptables -t mangle -A FORWARD -i $qossettings{'RED_DEV'} -j QOS-TOS + + ### SET TOS +END +; +} +else +{ print <<END
### ADD QOS-INC CHAIN TO THE MANGLE TABLE IN IPTABLES iptables -t mangle -N QOS-INC - iptables -t mangle -A FORWARD -i $qossettings{'RED_DEV'} -j QOS-INC + iptables -t mangle -A PREROUTING -i $qossettings{'RED_DEV'} -p ah -j RETURN + iptables -t mangle -A PREROUTING -i $qossettings{'RED_DEV'} -p esp -j RETURN + iptables -t mangle -A PREROUTING -i $qossettings{'RED_DEV'} -p ip -j RETURN + iptables -t mangle -A PREROUTING -i $qossettings{'RED_DEV'} -j IMQ --todev 0 + iptables -t mangle -I PREROUTING -i $qossettings{'RED_DEV'} -j QOS-INC + iptables -t mangle -A PREROUTING -i $qossettings{'RED_DEV'} -j QOS-TOS
### SET TOS END ; +} + foreach $tosruleentry (sort @tosrules) { @tosruleline = split( /;/, $tosruleentry ); @@ -402,7 +547,7 @@ END $qossettings{'TOS'} = abs $tosruleline[2] * 2; if ( $tosruleline[1] eq $qossettings{'IMQ_DEV'} ) { - print "\tiptables -t mangle -A QOS-INC -m tos --tos $qossettings{'TOS'} -j CLASSIFY --set-class 2:$qossettings{'CLASS'}\n"; + print "\tiptables -t mangle -A QOS-INC -m tos --tos $qossettings{'TOS'} -j MARK --set-mark $qossettings{'CLASS'}\n"; print "\tiptables -t mangle -A QOS-INC -m tos --tos $qossettings{'TOS'} -j RETURN\n"; }
@@ -438,7 +583,7 @@ print "\n\t### SET PORT-RULES\n"; if ($qossettings{'DPORT'} ne ''){ print "--dport $qossettings{'DPORT'} "; } - print "-j CLASSIFY --set-class 2:$qossettings{'CLASS'}\n"; + print "-j MARK --set-mark $qossettings{'CLASS'}\n"; print "\tiptables -t mangle -A QOS-INC "; if ($qossettings{'QIP'} ne ''){ print "-s $qossettings{'QIP'} "; @@ -482,7 +627,7 @@ END if ($qossettings{'DIP'} ne ''){ print "-d $qossettings{'DIP'} "; } - print "-m layer7 --l7dir /etc/l7-protocols/protocols --l7proto $qossettings{'L7PROT'} -j CLASSIFY --set-class 2:$qossettings{'CLASS'}\n"; + print "-m layer7 --l7dir /etc/l7-protocols/protocols --l7proto $qossettings{'L7PROT'} -j MARK --set-mark $qossettings{'CLASS'}\n"; print "\tiptables -t mangle -A QOS-INC "; if ($qossettings{'QIP'} ne ''){ print "-s $qossettings{'QIP'} "; @@ -496,11 +641,38 @@ END
print <<END ### REDUNDANT: SET ALL NONMARKED PACKETS TO DEFAULT CLASS - iptables -t mangle -A QOS-INC -j CLASSIFY --set-class 2:$qossettings{'DEFCLASS_INC'} + iptables -t mangle -A QOS-INC -m mark --mark 0 -j MARK --set-mark $qossettings{'DEFCLASS_INC'} + + ### SETTING TOS BITS +END +; + foreach $classentry (sort @classes) + { + @classline = split( /;/, $classentry ); + $qossettings{'CLASS'} = $classline[1]; + $qossettings{'TOS'} = abs $classline[7] * 2; + if ($qossettings{'TOS'} ne "0") { + print "\tiptables -t mangle -A QOS-TOS -m mark --mark $qossettings{'CLASS'} -j TOS --set-tos $qossettings{'TOS'}\n"; + print "\tiptables -t mangle -A QOS-TOS -m mark --mark $qossettings{'CLASS'} -j RETURN\n"; + } + } + foreach $subclassentry (sort @subclasses) + { + @subclassline = split( /;/, $subclassentry ); + $qossettings{'SUBCLASS'} = $subclassline[1]; + $qossettings{'TOS'} = $subclassline[8]; + $qossettings{'TOS'} = abs $qossettings{'TOS'} * 2; + if ($qossettings{'TOS'} ne "0") { + print "\tiptables -t mangle -A QOS-TOS -m mark --mark $qossettings{'SUBCLASS'} -j TOS --set-tos $qossettings{'TOS'}\n"; + print "\tiptables -t mangle -A QOS-TOS -m mark --mark $qossettings{'SUBCLASS'} -j RETURN\n"; + } + } + +print <<END
## STARTING COLLECTOR - /usr/local/bin/qosd $qossettings{'RED_DEV'} >/dev/null 2>&1 - /usr/local/bin/qosd $qossettings{'IMQ_DEV'} >/dev/null 2>&1 + ( sleep 10 && /usr/local/bin/qosd $qossettings{'RED_DEV'} >/dev/null 2>&1) & + ( sleep 10 && /usr/local/bin/qosd $qossettings{'IMQ_DEV'} >/dev/null 2>&1) &
for i in $(ls $RRDLOG/class_*.rrd); do rrdtool update $i $(date +%s): 2>/dev/null @@ -512,25 +684,38 @@ print <<END clear|stop) ### RESET EVERYTHING TO A KNOWN STATE killall qosd >/dev/null 2>&1 - + (sleep 3 && killall -9 qosd &>/dev/null) & # DELETE QDISCS tc qdisc del dev $qossettings{'RED_DEV'} root >/dev/null 2>&1 - tc qdisc del dev $qossettings{'RED_DEV'} ingress >/dev/null 2>&1 tc qdisc add root dev $qossettings{'RED_DEV'} fq_codel >/dev/null 2>&1 tc qdisc del dev $qossettings{'IMQ_DEV'} root >/dev/null 2>&1 - tc qdisc del dev $qossettings{'IMQ_DEV'} ingress >/dev/null 2>&1 tc qdisc add root dev $qossettings{'IMQ_DEV'} fq_codel >/dev/null 2>&1 # STOP IMQ-DEVICE ip link set $qossettings{'IMQ_DEV'} down >/dev/null 2>&1 - ip link del $qossettings{'IMQ_DEV'} >/dev/null 2>&1 - + iptables -t mangle --delete POSTROUTING -i $qossettings{'RED_DEV'} -p ah -j RETURN >/dev/null 2>&1 + iptables -t mangle --delete POSTROUTING -i $qossettings{'RED_DEV'} -p esp -j RETURN >/dev/null 2>&1 + iptables -t mangle --delete POSTROUTING -i $qossettings{'RED_DEV'} -p ip -j RETURN >/dev/null 2>&1 + iptables -t mangle --delete PREROUTING -i $qossettings{'RED_DEV'} -p ah -j RETURN >/dev/null 2>&1 + iptables -t mangle --delete PREROUTING -i $qossettings{'RED_DEV'} -p esp -j RETURN >/dev/null 2>&1 + iptables -t mangle --delete PREROUTING -i $qossettings{'RED_DEV'} -p ip -j RETURN >/dev/null 2>&1 + iptables -t mangle --delete POSTROUTING -m mark ! --mark 0 ! -o $qossettings{'RED_DEV'} -j IMQ --todev 0 >/dev/null 2>&1 + iptables -t mangle --delete PREROUTING -i $qossettings{'RED_DEV'} -j IMQ --todev 0 >/dev/null 2>&1 + # rmmod imq # this crash on 2.6.25.xx # REMOVE & FLUSH CHAINS iptables -t mangle --delete POSTROUTING -o $qossettings{'RED_DEV'} -j QOS-OUT >/dev/null 2>&1 - iptables -t mangle --delete FORWARD -i $qossettings{'RED_DEV'} -j QOS-INC >/dev/null 2>&1 + iptables -t mangle --delete POSTROUTING -o $qossettings{'RED_DEV'} -j QOS-TOS >/dev/null 2>&1 iptables -t mangle --flush QOS-OUT >/dev/null 2>&1 iptables -t mangle --delete-chain QOS-OUT >/dev/null 2>&1 + iptables -t mangle --delete FORWARD -i $qossettings{'RED_DEV'} -j QOS-INC >/dev/null 2>&1 + iptables -t mangle --delete FORWARD -i $qossettings{'RED_DEV'} -j QOS-TOS >/dev/null 2>&1 + iptables -t mangle --delete PREROUTING -i $qossettings{'RED_DEV'} -j QOS-INC >/dev/null 2>&1 + iptables -t mangle --delete PREROUTING -i $qossettings{'RED_DEV'} -j QOS-TOS >/dev/null 2>&1 iptables -t mangle --flush QOS-INC >/dev/null 2>&1 iptables -t mangle --delete-chain QOS-INC >/dev/null 2>&1 + iptables -t mangle --flush QOS-TOS >/dev/null 2>&1 + iptables -t mangle --delete-chain QOS-TOS >/dev/null 2>&1 + # remove l7-filter + iptables -t mangle --delete PREROUTING -m layer7 --l7proto unset
rmmod sch_htb >/dev/null 2>&1
diff --git a/config/rootfiles/common/aarch64/linux b/config/rootfiles/common/aarch64/linux index d8e93542d..0451cadcd 100644 --- a/config/rootfiles/common/aarch64/linux +++ b/config/rootfiles/common/aarch64/linux @@ -7648,6 +7648,12 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/config/illegal #lib/modules/KVER-ipfire/build/include/config/illegal/pointer #lib/modules/KVER-ipfire/build/include/config/illegal/pointer/value.h +#lib/modules/KVER-ipfire/build/include/config/imq +#lib/modules/KVER-ipfire/build/include/config/imq.h +#lib/modules/KVER-ipfire/build/include/config/imq/behavior +#lib/modules/KVER-ipfire/build/include/config/imq/behavior/ab.h +#lib/modules/KVER-ipfire/build/include/config/imq/num +#lib/modules/KVER-ipfire/build/include/config/imq/num/devs.h #lib/modules/KVER-ipfire/build/include/config/inet #lib/modules/KVER-ipfire/build/include/config/inet.h #lib/modules/KVER-ipfire/build/include/config/inet/ah.h @@ -8787,6 +8793,7 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/hl.h #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/hmark.h #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/idletimer.h +#lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/imq.h #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/led.h #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/log.h #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/mark.h @@ -12150,6 +12157,7 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/linux/iio/triggered_event.h #lib/modules/KVER-ipfire/build/include/linux/iio/types.h #lib/modules/KVER-ipfire/build/include/linux/ima.h +#lib/modules/KVER-ipfire/build/include/linux/imq.h #lib/modules/KVER-ipfire/build/include/linux/imx-media.h #lib/modules/KVER-ipfire/build/include/linux/in.h #lib/modules/KVER-ipfire/build/include/linux/in6.h @@ -12762,6 +12770,7 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/linux/netfilter/nfnetlink.h #lib/modules/KVER-ipfire/build/include/linux/netfilter/nfnetlink_acct.h #lib/modules/KVER-ipfire/build/include/linux/netfilter/x_tables.h +#lib/modules/KVER-ipfire/build/include/linux/netfilter/xt_IMQ.h #lib/modules/KVER-ipfire/build/include/linux/netfilter/xt_hashlimit.h #lib/modules/KVER-ipfire/build/include/linux/netfilter/xt_physdev.h #lib/modules/KVER-ipfire/build/include/linux/netfilter_arp @@ -12775,9 +12784,11 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv4 #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv4.h #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv4/ip_tables.h +#lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv4/ipt_IMQ.h #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv6 #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv6.h #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv6/ip6_tables.h +#lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv6/ip6t_IMQ.h #lib/modules/KVER-ipfire/build/include/linux/netlink.h #lib/modules/KVER-ipfire/build/include/linux/netpoll.h #lib/modules/KVER-ipfire/build/include/linux/nfs.h @@ -18471,6 +18482,7 @@ lib/modules/KVER-ipfire/kernel #lib/modules/KVER-ipfire/kernel/drivers/net/ethernet/wiznet/w5300.ko.xz #lib/modules/KVER-ipfire/kernel/drivers/net/geneve.ko.xz #lib/modules/KVER-ipfire/kernel/drivers/net/ifb.ko.xz +#lib/modules/KVER-ipfire/kernel/drivers/net/imq.ko.xz #lib/modules/KVER-ipfire/kernel/drivers/net/ipvlan #lib/modules/KVER-ipfire/kernel/drivers/net/ipvlan/ipvlan.ko.xz #lib/modules/KVER-ipfire/kernel/drivers/net/ipvlan/ipvtap.ko.xz @@ -19438,6 +19450,7 @@ lib/modules/KVER-ipfire/kernel #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_HL.ko.xz #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_HMARK.ko.xz #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_IDLETIMER.ko.xz +#lib/modules/KVER-ipfire/kernel/net/netfilter/xt_IMQ.ko.xz #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_LED.ko.xz #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_LOG.ko.xz #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_NETMAP.ko.xz diff --git a/config/rootfiles/common/armv5tel/linux-kirkwood b/config/rootfiles/common/armv5tel/linux-kirkwood index 2269896d8..78d0050de 100644 --- a/config/rootfiles/common/armv5tel/linux-kirkwood +++ b/config/rootfiles/common/armv5tel/linux-kirkwood @@ -7370,6 +7370,12 @@ boot/vmlinuz-KVER-ipfire-kirkwood #lib/modules/KVER-ipfire-kirkwood/build/include/config/iio/kfifo #lib/modules/KVER-ipfire-kirkwood/build/include/config/iio/kfifo/buf.h #lib/modules/KVER-ipfire-kirkwood/build/include/config/iio/trigger.h +#lib/modules/KVER-ipfire-kirkwood/build/include/config/imq +#lib/modules/KVER-ipfire-kirkwood/build/include/config/imq.h +#lib/modules/KVER-ipfire-kirkwood/build/include/config/imq/behavior +#lib/modules/KVER-ipfire-kirkwood/build/include/config/imq/behavior/ab.h +#lib/modules/KVER-ipfire-kirkwood/build/include/config/imq/num +#lib/modules/KVER-ipfire-kirkwood/build/include/config/imq/num/devs.h #lib/modules/KVER-ipfire-kirkwood/build/include/config/inet #lib/modules/KVER-ipfire-kirkwood/build/include/config/inet.h #lib/modules/KVER-ipfire-kirkwood/build/include/config/inet/ah.h @@ -8449,6 +8455,7 @@ boot/vmlinuz-KVER-ipfire-kirkwood #lib/modules/KVER-ipfire-kirkwood/build/include/config/netfilter/xt/target/hl.h #lib/modules/KVER-ipfire-kirkwood/build/include/config/netfilter/xt/target/hmark.h #lib/modules/KVER-ipfire-kirkwood/build/include/config/netfilter/xt/target/idletimer.h +#lib/modules/KVER-ipfire-kirkwood/build/include/config/netfilter/xt/target/imq.h #lib/modules/KVER-ipfire-kirkwood/build/include/config/netfilter/xt/target/led.h #lib/modules/KVER-ipfire-kirkwood/build/include/config/netfilter/xt/target/log.h #lib/modules/KVER-ipfire-kirkwood/build/include/config/netfilter/xt/target/mark.h @@ -11447,6 +11454,7 @@ boot/vmlinuz-KVER-ipfire-kirkwood #lib/modules/KVER-ipfire-kirkwood/build/include/linux/iio/triggered_event.h #lib/modules/KVER-ipfire-kirkwood/build/include/linux/iio/types.h #lib/modules/KVER-ipfire-kirkwood/build/include/linux/ima.h +#lib/modules/KVER-ipfire-kirkwood/build/include/linux/imq.h #lib/modules/KVER-ipfire-kirkwood/build/include/linux/imx-media.h #lib/modules/KVER-ipfire-kirkwood/build/include/linux/in.h #lib/modules/KVER-ipfire-kirkwood/build/include/linux/in6.h @@ -12059,6 +12067,7 @@ boot/vmlinuz-KVER-ipfire-kirkwood #lib/modules/KVER-ipfire-kirkwood/build/include/linux/netfilter/nfnetlink.h #lib/modules/KVER-ipfire-kirkwood/build/include/linux/netfilter/nfnetlink_acct.h #lib/modules/KVER-ipfire-kirkwood/build/include/linux/netfilter/x_tables.h +#lib/modules/KVER-ipfire-kirkwood/build/include/linux/netfilter/xt_IMQ.h #lib/modules/KVER-ipfire-kirkwood/build/include/linux/netfilter/xt_hashlimit.h #lib/modules/KVER-ipfire-kirkwood/build/include/linux/netfilter/xt_physdev.h #lib/modules/KVER-ipfire-kirkwood/build/include/linux/netfilter_arp @@ -12072,9 +12081,11 @@ boot/vmlinuz-KVER-ipfire-kirkwood #lib/modules/KVER-ipfire-kirkwood/build/include/linux/netfilter_ipv4 #lib/modules/KVER-ipfire-kirkwood/build/include/linux/netfilter_ipv4.h #lib/modules/KVER-ipfire-kirkwood/build/include/linux/netfilter_ipv4/ip_tables.h +#lib/modules/KVER-ipfire-kirkwood/build/include/linux/netfilter_ipv4/ipt_IMQ.h #lib/modules/KVER-ipfire-kirkwood/build/include/linux/netfilter_ipv6 #lib/modules/KVER-ipfire-kirkwood/build/include/linux/netfilter_ipv6.h #lib/modules/KVER-ipfire-kirkwood/build/include/linux/netfilter_ipv6/ip6_tables.h +#lib/modules/KVER-ipfire-kirkwood/build/include/linux/netfilter_ipv6/ip6t_IMQ.h #lib/modules/KVER-ipfire-kirkwood/build/include/linux/netlink.h #lib/modules/KVER-ipfire-kirkwood/build/include/linux/netpoll.h #lib/modules/KVER-ipfire-kirkwood/build/include/linux/nfs.h @@ -17450,6 +17461,7 @@ lib/modules/KVER-ipfire-kirkwood/kernel #lib/modules/KVER-ipfire-kirkwood/kernel/drivers/net/ethernet/rocker/rocker.ko.xz #lib/modules/KVER-ipfire-kirkwood/kernel/drivers/net/geneve.ko.xz #lib/modules/KVER-ipfire-kirkwood/kernel/drivers/net/ifb.ko.xz +#lib/modules/KVER-ipfire-kirkwood/kernel/drivers/net/imq.ko.xz #lib/modules/KVER-ipfire-kirkwood/kernel/drivers/net/ipvlan #lib/modules/KVER-ipfire-kirkwood/kernel/drivers/net/ipvlan/ipvlan.ko.xz #lib/modules/KVER-ipfire-kirkwood/kernel/drivers/net/ipvlan/ipvtap.ko.xz @@ -18380,6 +18392,7 @@ lib/modules/KVER-ipfire-kirkwood/kernel #lib/modules/KVER-ipfire-kirkwood/kernel/net/netfilter/xt_HL.ko.xz #lib/modules/KVER-ipfire-kirkwood/kernel/net/netfilter/xt_HMARK.ko.xz #lib/modules/KVER-ipfire-kirkwood/kernel/net/netfilter/xt_IDLETIMER.ko.xz +#lib/modules/KVER-ipfire-kirkwood/kernel/net/netfilter/xt_IMQ.ko.xz #lib/modules/KVER-ipfire-kirkwood/kernel/net/netfilter/xt_LED.ko.xz #lib/modules/KVER-ipfire-kirkwood/kernel/net/netfilter/xt_LOG.ko.xz #lib/modules/KVER-ipfire-kirkwood/kernel/net/netfilter/xt_NETMAP.ko.xz diff --git a/config/rootfiles/common/armv5tel/linux-multi b/config/rootfiles/common/armv5tel/linux-multi index 1e7a090d9..08a5f601c 100644 --- a/config/rootfiles/common/armv5tel/linux-multi +++ b/config/rootfiles/common/armv5tel/linux-multi @@ -8353,6 +8353,12 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire-multi/build/include/config/iio/kfifo #lib/modules/KVER-ipfire-multi/build/include/config/iio/kfifo/buf.h #lib/modules/KVER-ipfire-multi/build/include/config/iio/trigger.h +#lib/modules/KVER-ipfire-multi/build/include/config/imq +#lib/modules/KVER-ipfire-multi/build/include/config/imq.h +#lib/modules/KVER-ipfire-multi/build/include/config/imq/behavior +#lib/modules/KVER-ipfire-multi/build/include/config/imq/behavior/ab.h +#lib/modules/KVER-ipfire-multi/build/include/config/imq/num +#lib/modules/KVER-ipfire-multi/build/include/config/imq/num/devs.h #lib/modules/KVER-ipfire-multi/build/include/config/imx #lib/modules/KVER-ipfire-multi/build/include/config/imx/dma.h #lib/modules/KVER-ipfire-multi/build/include/config/imx/gpcv2.h @@ -9582,6 +9588,7 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire-multi/build/include/config/netfilter/xt/target/hl.h #lib/modules/KVER-ipfire-multi/build/include/config/netfilter/xt/target/hmark.h #lib/modules/KVER-ipfire-multi/build/include/config/netfilter/xt/target/idletimer.h +#lib/modules/KVER-ipfire-multi/build/include/config/netfilter/xt/target/imq.h #lib/modules/KVER-ipfire-multi/build/include/config/netfilter/xt/target/led.h #lib/modules/KVER-ipfire-multi/build/include/config/netfilter/xt/target/log.h #lib/modules/KVER-ipfire-multi/build/include/config/netfilter/xt/target/mark.h @@ -13185,6 +13192,7 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire-multi/build/include/linux/iio/triggered_event.h #lib/modules/KVER-ipfire-multi/build/include/linux/iio/types.h #lib/modules/KVER-ipfire-multi/build/include/linux/ima.h +#lib/modules/KVER-ipfire-multi/build/include/linux/imq.h #lib/modules/KVER-ipfire-multi/build/include/linux/imx-media.h #lib/modules/KVER-ipfire-multi/build/include/linux/in.h #lib/modules/KVER-ipfire-multi/build/include/linux/in6.h @@ -13797,6 +13805,7 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire-multi/build/include/linux/netfilter/nfnetlink.h #lib/modules/KVER-ipfire-multi/build/include/linux/netfilter/nfnetlink_acct.h #lib/modules/KVER-ipfire-multi/build/include/linux/netfilter/x_tables.h +#lib/modules/KVER-ipfire-multi/build/include/linux/netfilter/xt_IMQ.h #lib/modules/KVER-ipfire-multi/build/include/linux/netfilter/xt_hashlimit.h #lib/modules/KVER-ipfire-multi/build/include/linux/netfilter/xt_physdev.h #lib/modules/KVER-ipfire-multi/build/include/linux/netfilter_arp @@ -13810,9 +13819,11 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire-multi/build/include/linux/netfilter_ipv4 #lib/modules/KVER-ipfire-multi/build/include/linux/netfilter_ipv4.h #lib/modules/KVER-ipfire-multi/build/include/linux/netfilter_ipv4/ip_tables.h +#lib/modules/KVER-ipfire-multi/build/include/linux/netfilter_ipv4/ipt_IMQ.h #lib/modules/KVER-ipfire-multi/build/include/linux/netfilter_ipv6 #lib/modules/KVER-ipfire-multi/build/include/linux/netfilter_ipv6.h #lib/modules/KVER-ipfire-multi/build/include/linux/netfilter_ipv6/ip6_tables.h +#lib/modules/KVER-ipfire-multi/build/include/linux/netfilter_ipv6/ip6t_IMQ.h #lib/modules/KVER-ipfire-multi/build/include/linux/netlink.h #lib/modules/KVER-ipfire-multi/build/include/linux/netpoll.h #lib/modules/KVER-ipfire-multi/build/include/linux/nfs.h @@ -19587,6 +19598,7 @@ lib/modules/KVER-ipfire-multi/kernel #lib/modules/KVER-ipfire-multi/kernel/drivers/net/ethernet/wiznet/w5300.ko.xz #lib/modules/KVER-ipfire-multi/kernel/drivers/net/geneve.ko.xz #lib/modules/KVER-ipfire-multi/kernel/drivers/net/ifb.ko.xz +#lib/modules/KVER-ipfire-multi/kernel/drivers/net/imq.ko.xz #lib/modules/KVER-ipfire-multi/kernel/drivers/net/ipvlan #lib/modules/KVER-ipfire-multi/kernel/drivers/net/ipvlan/ipvlan.ko.xz #lib/modules/KVER-ipfire-multi/kernel/drivers/net/ipvlan/ipvtap.ko.xz @@ -20576,6 +20588,7 @@ lib/modules/KVER-ipfire-multi/kernel #lib/modules/KVER-ipfire-multi/kernel/net/netfilter/xt_HL.ko.xz #lib/modules/KVER-ipfire-multi/kernel/net/netfilter/xt_HMARK.ko.xz #lib/modules/KVER-ipfire-multi/kernel/net/netfilter/xt_IDLETIMER.ko.xz +#lib/modules/KVER-ipfire-multi/kernel/net/netfilter/xt_IMQ.ko.xz #lib/modules/KVER-ipfire-multi/kernel/net/netfilter/xt_LED.ko.xz #lib/modules/KVER-ipfire-multi/kernel/net/netfilter/xt_LOG.ko.xz #lib/modules/KVER-ipfire-multi/kernel/net/netfilter/xt_NETMAP.ko.xz diff --git a/config/rootfiles/common/i586/linux b/config/rootfiles/common/i586/linux index 1fe01233f..1a1ca83a7 100644 --- a/config/rootfiles/common/i586/linux +++ b/config/rootfiles/common/i586/linux @@ -8187,6 +8187,12 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/config/illegal #lib/modules/KVER-ipfire/build/include/config/illegal/pointer #lib/modules/KVER-ipfire/build/include/config/illegal/pointer/value.h +#lib/modules/KVER-ipfire/build/include/config/imq +#lib/modules/KVER-ipfire/build/include/config/imq.h +#lib/modules/KVER-ipfire/build/include/config/imq/behavior +#lib/modules/KVER-ipfire/build/include/config/imq/behavior/ab.h +#lib/modules/KVER-ipfire/build/include/config/imq/num +#lib/modules/KVER-ipfire/build/include/config/imq/num/devs.h #lib/modules/KVER-ipfire/build/include/config/inet #lib/modules/KVER-ipfire/build/include/config/inet.h #lib/modules/KVER-ipfire/build/include/config/inet/ah.h @@ -9466,6 +9472,7 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/hl.h #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/hmark.h #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/idletimer.h +#lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/imq.h #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/led.h #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/log.h #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/mark.h @@ -13449,6 +13456,7 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/linux/iio/triggered_event.h #lib/modules/KVER-ipfire/build/include/linux/iio/types.h #lib/modules/KVER-ipfire/build/include/linux/ima.h +#lib/modules/KVER-ipfire/build/include/linux/imq.h #lib/modules/KVER-ipfire/build/include/linux/imx-media.h #lib/modules/KVER-ipfire/build/include/linux/in.h #lib/modules/KVER-ipfire/build/include/linux/in6.h @@ -14061,6 +14069,7 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/linux/netfilter/nfnetlink.h #lib/modules/KVER-ipfire/build/include/linux/netfilter/nfnetlink_acct.h #lib/modules/KVER-ipfire/build/include/linux/netfilter/x_tables.h +#lib/modules/KVER-ipfire/build/include/linux/netfilter/xt_IMQ.h #lib/modules/KVER-ipfire/build/include/linux/netfilter/xt_hashlimit.h #lib/modules/KVER-ipfire/build/include/linux/netfilter/xt_physdev.h #lib/modules/KVER-ipfire/build/include/linux/netfilter_arp @@ -14074,9 +14083,11 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv4 #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv4.h #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv4/ip_tables.h +#lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv4/ipt_IMQ.h #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv6 #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv6.h #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv6/ip6_tables.h +#lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv6/ip6t_IMQ.h #lib/modules/KVER-ipfire/build/include/linux/netlink.h #lib/modules/KVER-ipfire/build/include/linux/netpoll.h #lib/modules/KVER-ipfire/build/include/linux/nfs.h @@ -20185,6 +20196,7 @@ lib/modules/KVER-ipfire/kernel #lib/modules/KVER-ipfire/kernel/drivers/net/hyperv #lib/modules/KVER-ipfire/kernel/drivers/net/hyperv/hv_netvsc.ko.xz #lib/modules/KVER-ipfire/kernel/drivers/net/ifb.ko.xz +#lib/modules/KVER-ipfire/kernel/drivers/net/imq.ko.xz #lib/modules/KVER-ipfire/kernel/drivers/net/ipvlan #lib/modules/KVER-ipfire/kernel/drivers/net/ipvlan/ipvlan.ko.xz #lib/modules/KVER-ipfire/kernel/drivers/net/ipvlan/ipvtap.ko.xz @@ -21519,6 +21531,7 @@ lib/modules/KVER-ipfire/kernel #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_HL.ko.xz #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_HMARK.ko.xz #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_IDLETIMER.ko.xz +#lib/modules/KVER-ipfire/kernel/net/netfilter/xt_IMQ.ko.xz #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_LED.ko.xz #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_LOG.ko.xz #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_NETMAP.ko.xz diff --git a/config/rootfiles/common/iptables b/config/rootfiles/common/iptables index 0f8f1cf8c..389518646 100644 --- a/config/rootfiles/common/iptables +++ b/config/rootfiles/common/iptables @@ -64,6 +64,7 @@ lib/xtables/libxt_CT.so lib/xtables/libxt_DSCP.so lib/xtables/libxt_HMARK.so lib/xtables/libxt_IDLETIMER.so +lib/xtables/libxt_IMQ.so lib/xtables/libxt_LED.so lib/xtables/libxt_MARK.so lib/xtables/libxt_NFLOG.so diff --git a/config/rootfiles/common/x86_64/linux b/config/rootfiles/common/x86_64/linux index 68f907faa..755d7627a 100644 --- a/config/rootfiles/common/x86_64/linux +++ b/config/rootfiles/common/x86_64/linux @@ -8265,6 +8265,12 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/config/illegal #lib/modules/KVER-ipfire/build/include/config/illegal/pointer #lib/modules/KVER-ipfire/build/include/config/illegal/pointer/value.h +#lib/modules/KVER-ipfire/build/include/config/imq +#lib/modules/KVER-ipfire/build/include/config/imq.h +#lib/modules/KVER-ipfire/build/include/config/imq/behavior +#lib/modules/KVER-ipfire/build/include/config/imq/behavior/ab.h +#lib/modules/KVER-ipfire/build/include/config/imq/num +#lib/modules/KVER-ipfire/build/include/config/imq/num/devs.h #lib/modules/KVER-ipfire/build/include/config/inet #lib/modules/KVER-ipfire/build/include/config/inet.h #lib/modules/KVER-ipfire/build/include/config/inet/ah.h @@ -9523,6 +9529,7 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/hl.h #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/hmark.h #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/idletimer.h +#lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/imq.h #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/led.h #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/log.h #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/mark.h @@ -13464,6 +13471,7 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/linux/iio/triggered_event.h #lib/modules/KVER-ipfire/build/include/linux/iio/types.h #lib/modules/KVER-ipfire/build/include/linux/ima.h +#lib/modules/KVER-ipfire/build/include/linux/imq.h #lib/modules/KVER-ipfire/build/include/linux/imx-media.h #lib/modules/KVER-ipfire/build/include/linux/in.h #lib/modules/KVER-ipfire/build/include/linux/in6.h @@ -14076,6 +14084,7 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/linux/netfilter/nfnetlink.h #lib/modules/KVER-ipfire/build/include/linux/netfilter/nfnetlink_acct.h #lib/modules/KVER-ipfire/build/include/linux/netfilter/x_tables.h +#lib/modules/KVER-ipfire/build/include/linux/netfilter/xt_IMQ.h #lib/modules/KVER-ipfire/build/include/linux/netfilter/xt_hashlimit.h #lib/modules/KVER-ipfire/build/include/linux/netfilter/xt_physdev.h #lib/modules/KVER-ipfire/build/include/linux/netfilter_arp @@ -14089,9 +14098,11 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv4 #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv4.h #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv4/ip_tables.h +#lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv4/ipt_IMQ.h #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv6 #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv6.h #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv6/ip6_tables.h +#lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv6/ip6t_IMQ.h #lib/modules/KVER-ipfire/build/include/linux/netlink.h #lib/modules/KVER-ipfire/build/include/linux/netpoll.h #lib/modules/KVER-ipfire/build/include/linux/nfs.h @@ -20198,6 +20209,7 @@ lib/modules/KVER-ipfire/kernel #lib/modules/KVER-ipfire/kernel/drivers/net/hyperv #lib/modules/KVER-ipfire/kernel/drivers/net/hyperv/hv_netvsc.ko.xz #lib/modules/KVER-ipfire/kernel/drivers/net/ifb.ko.xz +#lib/modules/KVER-ipfire/kernel/drivers/net/imq.ko.xz #lib/modules/KVER-ipfire/kernel/drivers/net/ipvlan #lib/modules/KVER-ipfire/kernel/drivers/net/ipvlan/ipvlan.ko.xz #lib/modules/KVER-ipfire/kernel/drivers/net/ipvlan/ipvtap.ko.xz @@ -21510,6 +21522,7 @@ lib/modules/KVER-ipfire/kernel #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_HL.ko.xz #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_HMARK.ko.xz #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_IDLETIMER.ko.xz +#lib/modules/KVER-ipfire/kernel/net/netfilter/xt_IMQ.ko.xz #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_LED.ko.xz #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_LOG.ko.xz #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_NETMAP.ko.xz diff --git a/config/rootfiles/packages/linux-pae b/config/rootfiles/packages/linux-pae index f3966ce75..590595828 100644 --- a/config/rootfiles/packages/linux-pae +++ b/config/rootfiles/packages/linux-pae @@ -8189,6 +8189,12 @@ boot/vmlinuz-KVER-ipfire-pae #lib/modules/KVER-ipfire-pae/build/include/config/illegal #lib/modules/KVER-ipfire-pae/build/include/config/illegal/pointer #lib/modules/KVER-ipfire-pae/build/include/config/illegal/pointer/value.h +#lib/modules/KVER-ipfire-pae/build/include/config/imq +#lib/modules/KVER-ipfire-pae/build/include/config/imq.h +#lib/modules/KVER-ipfire-pae/build/include/config/imq/behavior +#lib/modules/KVER-ipfire-pae/build/include/config/imq/behavior/ab.h +#lib/modules/KVER-ipfire-pae/build/include/config/imq/num +#lib/modules/KVER-ipfire-pae/build/include/config/imq/num/devs.h #lib/modules/KVER-ipfire-pae/build/include/config/inet #lib/modules/KVER-ipfire-pae/build/include/config/inet.h #lib/modules/KVER-ipfire-pae/build/include/config/inet/ah.h @@ -9468,6 +9474,7 @@ boot/vmlinuz-KVER-ipfire-pae #lib/modules/KVER-ipfire-pae/build/include/config/netfilter/xt/target/hl.h #lib/modules/KVER-ipfire-pae/build/include/config/netfilter/xt/target/hmark.h #lib/modules/KVER-ipfire-pae/build/include/config/netfilter/xt/target/idletimer.h +#lib/modules/KVER-ipfire-pae/build/include/config/netfilter/xt/target/imq.h #lib/modules/KVER-ipfire-pae/build/include/config/netfilter/xt/target/led.h #lib/modules/KVER-ipfire-pae/build/include/config/netfilter/xt/target/log.h #lib/modules/KVER-ipfire-pae/build/include/config/netfilter/xt/target/mark.h @@ -13519,6 +13526,7 @@ boot/vmlinuz-KVER-ipfire-pae #lib/modules/KVER-ipfire-pae/build/include/linux/iio/triggered_event.h #lib/modules/KVER-ipfire-pae/build/include/linux/iio/types.h #lib/modules/KVER-ipfire-pae/build/include/linux/ima.h +#lib/modules/KVER-ipfire-pae/build/include/linux/imq.h #lib/modules/KVER-ipfire-pae/build/include/linux/imx-media.h #lib/modules/KVER-ipfire-pae/build/include/linux/in.h #lib/modules/KVER-ipfire-pae/build/include/linux/in6.h @@ -14131,6 +14139,7 @@ boot/vmlinuz-KVER-ipfire-pae #lib/modules/KVER-ipfire-pae/build/include/linux/netfilter/nfnetlink.h #lib/modules/KVER-ipfire-pae/build/include/linux/netfilter/nfnetlink_acct.h #lib/modules/KVER-ipfire-pae/build/include/linux/netfilter/x_tables.h +#lib/modules/KVER-ipfire-pae/build/include/linux/netfilter/xt_IMQ.h #lib/modules/KVER-ipfire-pae/build/include/linux/netfilter/xt_hashlimit.h #lib/modules/KVER-ipfire-pae/build/include/linux/netfilter/xt_physdev.h #lib/modules/KVER-ipfire-pae/build/include/linux/netfilter_arp @@ -14144,9 +14153,11 @@ boot/vmlinuz-KVER-ipfire-pae #lib/modules/KVER-ipfire-pae/build/include/linux/netfilter_ipv4 #lib/modules/KVER-ipfire-pae/build/include/linux/netfilter_ipv4.h #lib/modules/KVER-ipfire-pae/build/include/linux/netfilter_ipv4/ip_tables.h +#lib/modules/KVER-ipfire-pae/build/include/linux/netfilter_ipv4/ipt_IMQ.h #lib/modules/KVER-ipfire-pae/build/include/linux/netfilter_ipv6 #lib/modules/KVER-ipfire-pae/build/include/linux/netfilter_ipv6.h #lib/modules/KVER-ipfire-pae/build/include/linux/netfilter_ipv6/ip6_tables.h +#lib/modules/KVER-ipfire-pae/build/include/linux/netfilter_ipv6/ip6t_IMQ.h #lib/modules/KVER-ipfire-pae/build/include/linux/netlink.h #lib/modules/KVER-ipfire-pae/build/include/linux/netpoll.h #lib/modules/KVER-ipfire-pae/build/include/linux/nfs.h @@ -20256,6 +20267,7 @@ lib/modules/KVER-ipfire-pae/kernel #lib/modules/KVER-ipfire-pae/kernel/drivers/net/hyperv #lib/modules/KVER-ipfire-pae/kernel/drivers/net/hyperv/hv_netvsc.ko.xz #lib/modules/KVER-ipfire-pae/kernel/drivers/net/ifb.ko.xz +#lib/modules/KVER-ipfire-pae/kernel/drivers/net/imq.ko.xz #lib/modules/KVER-ipfire-pae/kernel/drivers/net/ipvlan #lib/modules/KVER-ipfire-pae/kernel/drivers/net/ipvlan/ipvlan.ko.xz #lib/modules/KVER-ipfire-pae/kernel/drivers/net/ipvlan/ipvtap.ko.xz @@ -21606,6 +21618,7 @@ lib/modules/KVER-ipfire-pae/kernel #lib/modules/KVER-ipfire-pae/kernel/net/netfilter/xt_HL.ko.xz #lib/modules/KVER-ipfire-pae/kernel/net/netfilter/xt_HMARK.ko.xz #lib/modules/KVER-ipfire-pae/kernel/net/netfilter/xt_IDLETIMER.ko.xz +#lib/modules/KVER-ipfire-pae/kernel/net/netfilter/xt_IMQ.ko.xz #lib/modules/KVER-ipfire-pae/kernel/net/netfilter/xt_LED.ko.xz #lib/modules/KVER-ipfire-pae/kernel/net/netfilter/xt_LOG.ko.xz #lib/modules/KVER-ipfire-pae/kernel/net/netfilter/xt_NETMAP.ko.xz diff --git a/doc/language_issues.de b/doc/language_issues.de index 61b1c8078..412efdc47 100644 --- a/doc/language_issues.de +++ b/doc/language_issues.de @@ -30,7 +30,6 @@ WARNING: translation string unused: Queuelenght WARNING: translation string unused: Remote IP WARNING: translation string unused: Remote VPN IP WARNING: translation string unused: Resolv -WARNING: translation string unused: Subclass WARNING: translation string unused: TOS Bits WARNING: translation string unused: Verbose WARNING: translation string unused: access allowed @@ -40,7 +39,6 @@ WARNING: translation string unused: add cron WARNING: translation string unused: add network WARNING: translation string unused: add new ovpn WARNING: translation string unused: add service -WARNING: translation string unused: add subclass WARNING: translation string unused: add xtaccess WARNING: translation string unused: add-route WARNING: translation string unused: addon @@ -142,7 +140,6 @@ WARNING: translation string unused: ccd maxclients WARNING: translation string unused: cfg restart WARNING: translation string unused: check for net traffic update WARNING: translation string unused: choose config -WARNING: translation string unused: class in use WARNING: translation string unused: clear cache WARNING: translation string unused: compression WARNING: translation string unused: connect @@ -551,7 +548,6 @@ WARNING: translation string unused: proxy no proxy extend WARNING: translation string unused: proxy no proxy local WARNING: translation string unused: proxy port WARNING: translation string unused: psk -WARNING: translation string unused: qos add subclass WARNING: translation string unused: reboot ask WARNING: translation string unused: reboot question WARNING: translation string unused: reboot schedule diff --git a/doc/language_issues.en b/doc/language_issues.en index 3581a688a..9ca53b50a 100644 --- a/doc/language_issues.en +++ b/doc/language_issues.en @@ -80,6 +80,7 @@ WARNING: untranslated string: Scan for Files = Scan for files WARNING: untranslated string: Scan for Songs = unknown string WARNING: untranslated string: Scan from Directory = Scan from directory WARNING: untranslated string: Set time on boot = Force setting the system clock on boot +WARNING: untranslated string: Subclass = Subclass WARNING: untranslated string: TOS Rule = TOS-Rule WARNING: untranslated string: TOS rule = TOS rule WARNING: untranslated string: The class number does not match the specified interface. = The class number does not match the specified interface. @@ -106,6 +107,7 @@ WARNING: untranslated string: add new alias = Add a new alias WARNING: untranslated string: add new lease = Add a new fixed lease WARNING: untranslated string: add printer = Add printer WARNING: untranslated string: add share = Add share +WARNING: untranslated string: add subclass = Add subclass WARNING: untranslated string: add user = Add user WARNING: untranslated string: added from dhcp lease list = Added from DHCP lease list WARNING: untranslated string: addons = Addons @@ -463,6 +465,7 @@ WARNING: untranslated string: check all = Check all WARNING: untranslated string: check vpn lr = Check WARNING: untranslated string: cipher = Encryption: WARNING: untranslated string: city = City +WARNING: untranslated string: class in use = The class is already in use. WARNING: untranslated string: clear playlist = Empty playlist WARNING: untranslated string: clenabled = Provide time to local network WARNING: untranslated string: click to disable = Enabled (click to disable) @@ -1514,6 +1517,7 @@ WARNING: untranslated string: proxy reports weekly = Weekly reports WARNING: untranslated string: ptr = PTR WARNING: untranslated string: pulse = Pulse WARNING: untranslated string: pulse dial = Pulse dial: +WARNING: untranslated string: qos add subclass = Add subclass WARNING: untranslated string: qos enter bandwidths = You will need to enter your downstream and upstream bandwidth! WARNING: untranslated string: qos graphs = Qos Graphs WARNING: untranslated string: qos warning = The rule <strong>must</strong> be saved, otherwise it will be discarded! diff --git a/doc/language_issues.es b/doc/language_issues.es index a4c5bf1f5..2af165d6b 100644 --- a/doc/language_issues.es +++ b/doc/language_issues.es @@ -9,7 +9,6 @@ WARNING: translation string unused: Queuelenght WARNING: translation string unused: Remote IP WARNING: translation string unused: Remote VPN IP WARNING: translation string unused: Resolv -WARNING: translation string unused: Subclass WARNING: translation string unused: TOS Bits WARNING: translation string unused: Verbose WARNING: translation string unused: access allowed @@ -19,7 +18,6 @@ WARNING: translation string unused: add cron WARNING: translation string unused: add network WARNING: translation string unused: add new ovpn WARNING: translation string unused: add service -WARNING: translation string unused: add subclass WARNING: translation string unused: add xtaccess WARNING: translation string unused: add-route WARNING: translation string unused: admin user password has been changed @@ -131,7 +129,6 @@ WARNING: translation string unused: cfg restart WARNING: translation string unused: check for net traffic update WARNING: translation string unused: choose config WARNING: translation string unused: choose media -WARNING: translation string unused: class in use WARNING: translation string unused: clear cache WARNING: translation string unused: compression WARNING: translation string unused: connect @@ -478,7 +475,6 @@ WARNING: translation string unused: proxy no proxy extend WARNING: translation string unused: proxy no proxy local WARNING: translation string unused: proxy port WARNING: translation string unused: psk -WARNING: translation string unused: qos add subclass WARNING: translation string unused: quick control WARNING: translation string unused: reboot ask WARNING: translation string unused: reboot question diff --git a/doc/language_issues.fr b/doc/language_issues.fr index 3d657059f..f48d65a80 100644 --- a/doc/language_issues.fr +++ b/doc/language_issues.fr @@ -31,7 +31,6 @@ WARNING: translation string unused: Queuelenght WARNING: translation string unused: Remote IP WARNING: translation string unused: Remote VPN IP WARNING: translation string unused: Resolv -WARNING: translation string unused: Subclass WARNING: translation string unused: TOS Bits WARNING: translation string unused: Verbose WARNING: translation string unused: access allowed @@ -41,7 +40,6 @@ WARNING: translation string unused: add cron WARNING: translation string unused: add network WARNING: translation string unused: add new ovpn WARNING: translation string unused: add service -WARNING: translation string unused: add subclass WARNING: translation string unused: add xtaccess WARNING: translation string unused: add-route WARNING: translation string unused: admin user password has been changed @@ -161,7 +159,6 @@ WARNING: translation string unused: cfg restart WARNING: translation string unused: check for net traffic update WARNING: translation string unused: choose config WARNING: translation string unused: choose media -WARNING: translation string unused: class in use WARNING: translation string unused: clear cache WARNING: translation string unused: compression WARNING: translation string unused: connect @@ -580,7 +577,6 @@ WARNING: translation string unused: proxy no proxy extend WARNING: translation string unused: proxy no proxy local WARNING: translation string unused: proxy port WARNING: translation string unused: psk -WARNING: translation string unused: qos add subclass WARNING: translation string unused: quick control WARNING: translation string unused: reboot ask WARNING: translation string unused: reboot question diff --git a/doc/language_issues.it b/doc/language_issues.it index 973a7c12c..59c649954 100644 --- a/doc/language_issues.it +++ b/doc/language_issues.it @@ -10,7 +10,6 @@ WARNING: translation string unused: Queuelenght WARNING: translation string unused: Remote IP WARNING: translation string unused: Remote VPN IP WARNING: translation string unused: Resolv -WARNING: translation string unused: Subclass WARNING: translation string unused: TOS Bits WARNING: translation string unused: Verbose WARNING: translation string unused: access allowed @@ -20,7 +19,6 @@ WARNING: translation string unused: add cron WARNING: translation string unused: add network WARNING: translation string unused: add new ovpn WARNING: translation string unused: add service -WARNING: translation string unused: add subclass WARNING: translation string unused: add xtaccess WARNING: translation string unused: add-route WARNING: translation string unused: admin user password has been changed @@ -139,7 +137,6 @@ WARNING: translation string unused: cfg restart WARNING: translation string unused: check for net traffic update WARNING: translation string unused: choose config WARNING: translation string unused: choose media -WARNING: translation string unused: class in use WARNING: translation string unused: clear cache WARNING: translation string unused: compression WARNING: translation string unused: connect @@ -555,7 +552,6 @@ WARNING: translation string unused: proxy no proxy extend WARNING: translation string unused: proxy no proxy local WARNING: translation string unused: proxy port WARNING: translation string unused: psk -WARNING: translation string unused: qos add subclass WARNING: translation string unused: quick control WARNING: translation string unused: reboot ask WARNING: translation string unused: reboot question diff --git a/doc/language_issues.nl b/doc/language_issues.nl index 2d5e06726..836745e5a 100644 --- a/doc/language_issues.nl +++ b/doc/language_issues.nl @@ -10,7 +10,6 @@ WARNING: translation string unused: Queuelenght WARNING: translation string unused: Remote IP WARNING: translation string unused: Remote VPN IP WARNING: translation string unused: Resolv -WARNING: translation string unused: Subclass WARNING: translation string unused: TOS Bits WARNING: translation string unused: Verbose WARNING: translation string unused: access allowed @@ -20,7 +19,6 @@ WARNING: translation string unused: add cron WARNING: translation string unused: add network WARNING: translation string unused: add new ovpn WARNING: translation string unused: add service -WARNING: translation string unused: add subclass WARNING: translation string unused: add xtaccess WARNING: translation string unused: add-route WARNING: translation string unused: admin user password has been changed @@ -138,7 +136,6 @@ WARNING: translation string unused: cfg restart WARNING: translation string unused: check for net traffic update WARNING: translation string unused: choose config WARNING: translation string unused: choose media -WARNING: translation string unused: class in use WARNING: translation string unused: clear cache WARNING: translation string unused: compression WARNING: translation string unused: connect @@ -550,7 +547,6 @@ WARNING: translation string unused: proxy no proxy extend WARNING: translation string unused: proxy no proxy local WARNING: translation string unused: proxy port WARNING: translation string unused: psk -WARNING: translation string unused: qos add subclass WARNING: translation string unused: quick control WARNING: translation string unused: reboot ask WARNING: translation string unused: reboot question diff --git a/doc/language_issues.pl b/doc/language_issues.pl index a4c5bf1f5..2af165d6b 100644 --- a/doc/language_issues.pl +++ b/doc/language_issues.pl @@ -9,7 +9,6 @@ WARNING: translation string unused: Queuelenght WARNING: translation string unused: Remote IP WARNING: translation string unused: Remote VPN IP WARNING: translation string unused: Resolv -WARNING: translation string unused: Subclass WARNING: translation string unused: TOS Bits WARNING: translation string unused: Verbose WARNING: translation string unused: access allowed @@ -19,7 +18,6 @@ WARNING: translation string unused: add cron WARNING: translation string unused: add network WARNING: translation string unused: add new ovpn WARNING: translation string unused: add service -WARNING: translation string unused: add subclass WARNING: translation string unused: add xtaccess WARNING: translation string unused: add-route WARNING: translation string unused: admin user password has been changed @@ -131,7 +129,6 @@ WARNING: translation string unused: cfg restart WARNING: translation string unused: check for net traffic update WARNING: translation string unused: choose config WARNING: translation string unused: choose media -WARNING: translation string unused: class in use WARNING: translation string unused: clear cache WARNING: translation string unused: compression WARNING: translation string unused: connect @@ -478,7 +475,6 @@ WARNING: translation string unused: proxy no proxy extend WARNING: translation string unused: proxy no proxy local WARNING: translation string unused: proxy port WARNING: translation string unused: psk -WARNING: translation string unused: qos add subclass WARNING: translation string unused: quick control WARNING: translation string unused: reboot ask WARNING: translation string unused: reboot question diff --git a/doc/language_issues.ru b/doc/language_issues.ru index 06e68dfd3..b904157b1 100644 --- a/doc/language_issues.ru +++ b/doc/language_issues.ru @@ -10,7 +10,6 @@ WARNING: translation string unused: Queuelenght WARNING: translation string unused: Remote IP WARNING: translation string unused: Remote VPN IP WARNING: translation string unused: Resolv -WARNING: translation string unused: Subclass WARNING: translation string unused: TOS Bits WARNING: translation string unused: Verbose WARNING: translation string unused: access allowed @@ -20,7 +19,6 @@ WARNING: translation string unused: add cron WARNING: translation string unused: add network WARNING: translation string unused: add new ovpn WARNING: translation string unused: add service -WARNING: translation string unused: add subclass WARNING: translation string unused: add xtaccess WARNING: translation string unused: add-route WARNING: translation string unused: admin user password has been changed @@ -132,7 +130,6 @@ WARNING: translation string unused: cfg restart WARNING: translation string unused: check for net traffic update WARNING: translation string unused: choose config WARNING: translation string unused: choose media -WARNING: translation string unused: class in use WARNING: translation string unused: clear cache WARNING: translation string unused: compression WARNING: translation string unused: connect @@ -481,7 +478,6 @@ WARNING: translation string unused: proxy no proxy extend WARNING: translation string unused: proxy no proxy local WARNING: translation string unused: proxy port WARNING: translation string unused: psk -WARNING: translation string unused: qos add subclass WARNING: translation string unused: quick control WARNING: translation string unused: reboot ask WARNING: translation string unused: reboot question diff --git a/doc/language_issues.tr b/doc/language_issues.tr index 5bbf9a1b5..cf773d8cb 100644 --- a/doc/language_issues.tr +++ b/doc/language_issues.tr @@ -31,7 +31,6 @@ WARNING: translation string unused: Queuelenght WARNING: translation string unused: Remote IP WARNING: translation string unused: Remote VPN IP WARNING: translation string unused: Resolv -WARNING: translation string unused: Subclass WARNING: translation string unused: TOS Bits WARNING: translation string unused: Verbose WARNING: translation string unused: access allowed @@ -41,7 +40,6 @@ WARNING: translation string unused: add cron WARNING: translation string unused: add network WARNING: translation string unused: add new ovpn WARNING: translation string unused: add service -WARNING: translation string unused: add subclass WARNING: translation string unused: add xtaccess WARNING: translation string unused: add-route WARNING: translation string unused: admin user password has been changed @@ -161,7 +159,6 @@ WARNING: translation string unused: cfg restart WARNING: translation string unused: check for net traffic update WARNING: translation string unused: choose config WARNING: translation string unused: choose media -WARNING: translation string unused: class in use WARNING: translation string unused: clear cache WARNING: translation string unused: compression WARNING: translation string unused: connect @@ -583,7 +580,6 @@ WARNING: translation string unused: proxy no proxy extend WARNING: translation string unused: proxy no proxy local WARNING: translation string unused: proxy port WARNING: translation string unused: psk -WARNING: translation string unused: qos add subclass WARNING: translation string unused: quick control WARNING: translation string unused: reboot ask WARNING: translation string unused: reboot question diff --git a/html/cgi-bin/qos.cgi b/html/cgi-bin/qos.cgi index 8211a3ca0..b7af11204 100644 --- a/html/cgi-bin/qos.cgi +++ b/html/cgi-bin/qos.cgi @@ -38,16 +38,19 @@ my $errormessage = ""; my $c = ""; my $direntry = ""; my $classentry = ""; +my $subclassentry = ""; my $l7ruleentry = ""; my $portruleentry = ""; my $tosruleentry = ""; my @tmp = (); my @classes = (); +my @subclasses = (); my @l7rules = (); my @portrules = (); my @tosrules = (); my @tmpline = (); my @classline = (); +my @subclassline = (); my @l7ruleline = (); my @portruleline = (); my @tosruleline = (); @@ -55,6 +58,7 @@ my @proto = (); my %selected= (); my @checked = (); my $classfile = "/var/ipfire/qos/classes"; +my $subclassfile = "/var/ipfire/qos/subclasses"; my $level7file = "/var/ipfire/qos/level7config"; my $portfile = "/var/ipfire/qos/portconfig"; my $tosfile = "/var/ipfire/qos/tosconfig"; @@ -81,6 +85,7 @@ $qossettings{'IMQ_DEV_SEL'} = ''; $qossettings{'PRIO'} = ''; $qossettings{'SPD'} = ''; $qossettings{'CLASS'} = ''; +$qossettings{'SCLASS'} = ''; $qossettings{'QPORT'} = ''; $qossettings{'DPORT'} = ''; $qossettings{'QIP'} = ''; @@ -93,6 +98,7 @@ $qossettings{'MAXBWDTH'} = ''; $qossettings{'BURST'} = ''; $qossettings{'CBURST'} = ''; $qossettings{'DOCLASS'} = ''; +$qossettings{'DOSCLASS'} = ''; $qossettings{'DOLEVEL7'} = ''; $qossettings{'DOPORT'} = ''; $qossettings{'CLASS'} = ''; @@ -188,12 +194,60 @@ elsif ($qossettings{'DOCLASS'} eq $Lang::tr{'delete'}) } } close FILE; + open( FILE, "< $subclassfile" ) or die "Unable to read $classfile"; + @tmp = <FILE>; + close FILE; + open( FILE, "> $subclassfile" ) or die "Unable to write $classfile"; + foreach $subclassentry (sort @tmp) + { + @tmpline = split( /;/, $subclassentry ); + if ( $tmpline[1] ne $qossettings{'CLASS'} ) + { + print FILE $subclassentry; + } + } + close FILE; $message = "$Lang::tr{'Class'} $qossettings{'CLASS'} $Lang::tr{'Class was deleted'}"; }
############################################################################################################################ ############################################################################################################################
+if ($qossettings{'DOSCLASS'} eq $Lang::tr{'save'}) +{ + &validsubclass(); + &validminbwdth(); + if ( $qossettings{'VALID'} eq 'yes' ) { + open( FILE, ">> $subclassfile" ) or die "Unable to write $subclassfile"; + print FILE <<END +$qossettings{'DEVICE'};$qossettings{'CLASS'};$qossettings{'SCLASS'};$qossettings{'PRIO'};$qossettings{'MINBWDTH'};$qossettings{'MAXBWDTH'};$qossettings{'BURST'};$qossettings{'CBURST'};$qossettings{'TOS'}; +END +; + close FILE; + } else { + $qossettings{'ACTION'} = $Lang::tr{'qos add subclass'}; + } +} elsif ($qossettings{'DOSCLASS'} eq $Lang::tr{'delete'}) +{ + open( FILE, "< $subclassfile" ) or die "Unable to read $classfile"; + @tmp = <FILE>; + close FILE; + open( FILE, "> $subclassfile" ) or die "Unable to write $classfile"; + foreach $subclassentry (sort @tmp) + { + @tmpline = split( /;/, $subclassentry ); + if ( $tmpline[2] ne $qossettings{'CLASS'} ) + { + print FILE $subclassentry; + } + } + close FILE; + $message = "$Lang::tr{'Subclass'} $qossettings{'CLASS'} $Lang::tr{'was deleted'}."; +} + +############################################################################################################################ +############################################################################################################################ + if ($qossettings{'DOLEVEL7'} eq $Lang::tr{'save'}) { if ( $qossettings{'QIP'} ne '' ) { @@ -558,6 +612,13 @@ elsif ($qossettings{'ACTION'} eq $Lang::tr{'parentclass add'} ) &Header::closepage(); exit } +elsif ($qossettings{'ACTION'} eq $Lang::tr{'qos add subclass'}) +{ + &subclass(); + &Header::closebigbox(); + &Header::closepage(); + exit +} elsif ($qossettings{'ACTION'} eq $Lang::tr{'Add Rule'}) { &Header::openbox('100%', 'center', $Lang::tr{'Add Rule'}); @@ -883,6 +944,18 @@ END <tr><td width='33%' align='right'>Ceilburst: <td width='33%' align='left'><input type='text' size='20' name='CBURST' maxlength='8' value="$qossettings{'CBURST'}" /> <td width='33%' align='center'> +END +; + $selected{'TOS'}{$qossettings{'TOS'}} = "selected='selected'"; +print <<END + <tr><td width='33%' align='right'>TOS-Bit: + <td width='33%' align='left'><select name='TOS'> + <option value='0' $selected{'TOS'}{'0'}>$Lang::tr{'disabled'} (0)</option> + <option value='8' $selected{'TOS'}{'8'}>$Lang::tr{'min delay'} (8)</option> + <option value='4' $selected{'TOS'}{'4'}>$Lang::tr{'max throughput'} (4)</option> + <option value='2' $selected{'TOS'}{'2'}>$Lang::tr{'max reliability'} (2)</option> + <option value='1' $selected{'TOS'}{'1'}>$Lang::tr{'min costs'} (1)</option></select> + <td width='33%' align='center'> <tr><td width='33%' align='right'>$Lang::tr{'remark'}: <td width='66%' colspan='2' align='left'><input type='text' name='REMARK' size='40' maxlength='40' value="$qossettings{'REMARK'}" /> <tr><td width='33%' align='right'><img src='/blob.gif' alt='*' /> $Lang::tr{'required field'} @@ -894,6 +967,81 @@ END &Header::closebox(); }
+sub subclass { + &Header::openbox('100%', 'center', $Lang::tr{'Subclass'}); + print <<END + <form method='post' action='$ENV{'SCRIPT_NAME'}'> + <table width='66%'> +END +; + if ( $message ne "" ) { + print "<tr><td colspan='3' align='center'>$message"; + } + print <<END + <tr><td colspan='3' width='100%'>$Lang::tr{'current class'}: $qossettings{'CLASS'} + <tr><td width='100%' colspan='3'>$Lang::tr{'enter data'} + <tr><td width='33%' align='right'>$Lang::tr{'Subclass'}:<td width='33%' align='left'><select name='SCLASS'> +END +; + if ($qossettings{'CLASS'} >= 100 && $qossettings{'CLASS'} < 121) { + $qossettings{'DEVICE'} = $qossettings{'RED_DEV'}; + for ( $c = 1000 ; $c <= 1020 ; $c++ ) + { + if ( $qossettings{'SCLASS'} ne $c ) + { print "<option value='$c'>$c</option>\n"; } + else { print "<option selected value='$c'>$c</option>\n"; } + } + } elsif ($qossettings{'CLASS'} >= 200 && $qossettings{'CLASS'} < 221) { + $qossettings{'DEVICE'} = $qossettings{'IMQ_DEV'}; + for ( $c = 2000 ; $c <= 2020 ; $c++ ) + { + if ( $qossettings{'SCLASS'} ne $c ) + { print "<option value='$c'>$c</option>\n"; } + else { print "<option selected value='$c'>$c</option>\n"; } + } + } + print <<END + </select> + <td width='33%' align='center'> + <tr><td width='33%' align='right'>$Lang::tr{'priority'}:<td width='33%' align='left'><select name='PRIO'> +END +; + for ( $c = 1 ; $c <= 7 ; $c++ ) + { + if ( $qossettings{'PRIO'} ne $c ) + { print "<option value='$c'>$c</option>\n"; } + else { print "<option selected value='$c'>$c</option>\n"; } + } + print <<END + <td width='33%' align='center'> + <tr><td width='33%' align='right'>$Lang::tr{'guaranteed bandwith'}: + <td width='33%' align='left'><input type='text' name='MINBWDTH' maxlength='8' required='1' value="$qossettings{'MINBWDTH'}" /> + <td width='33%' align='center'> + <tr><td width='33%' align='right'>$Lang::tr{'max bandwith'}: + <td width='33%' align='left'><input type='text' name='MAXBWDTH' maxlength='8' required='1' value="$qossettings{'MAXBWDTH'}" /> + <td width='33%' align='center'> + <tr><td width='33%' align='right'>Burst: + <td width='33%' align='left'><input type='text' name='BURST' maxlength='8' value="$qossettings{'BURST'}" /> + <td width='33%' align='center'> + <tr><td width='33%' align='right'>Ceilburst: + <td width='33%' align='left'><input type='text' name='CBURST' maxlength='8' value="$qossettings{'CBURST'}" /> + <td width='33%' align='center'> + <tr><td width='33%' align='right'>TOS-Bit: + <td width='33%' align='left'><select name='TOS'> + <option value='0'>$Lang::tr{'disabled'} (0)</option> + <option value='8'>$Lang::tr{'min delay'} (8)</option> + <option value='4'>$Lang::tr{'max throughput'} (4)</option> + <option value='2'>$Lang::tr{'max reliability'} (2)</option> + <option value='1'>$Lang::tr{'min costs'} (1)</option></select> + <td width='33%' align='center'><input type='hidden' name='CLASS' value="$qossettings{'CLASS'}" /> + <input type='hidden' name='DEVICE' value="$qossettings{'DEVICE'}" /> + <input type='submit' name='DOSCLASS' value='$Lang::tr{'save'}' /> <input type='reset' value='$Lang::tr{'reset'}' /> + </table></form> +END +; + &Header::closebox(); +} + sub level7rule { &Header::openbox('100%', 'center', $Lang::tr{'Level7 Rule'}); print <<END @@ -1016,6 +1164,9 @@ sub showclasses { @classes = <FILE>; close FILE; if (@classes) { + open( FILE, "< $subclassfile" ) or die "Unable to read $subclassfile"; + @subclasses = <FILE>; + close FILE; open( FILE, "< $level7file" ) or die "Unable to read $level7file"; @l7rules = <FILE>; close FILE; @@ -1052,6 +1203,11 @@ sub showclasses { <td align='center' bgcolor='$color{'color22'}'>$classline[7]</td> <td align='right' bgcolor='$color{'color22'}'> <table border='0'><tr> + <td><form method='post' action='$ENV{'SCRIPT_NAME'}'> + <input type='hidden' name='CLASS' value='$classline[1]' /> + <input type='hidden' name='ACTION' value='$Lang::tr{'qos add subclass'}' /> + <input type='image' alt='$Lang::tr{'add subclass'}' title='$Lang::tr{'add subclass'}' src='/images/addblue.gif' /> + </form> <td><form method='post' action='$ENV{'SCRIPT_NAME'}'> <input type='hidden' name='CLASS' value='$classline[1]' /> <input type='hidden' name='ACTION' value='$Lang::tr{'Add Rule'}' /> @@ -1230,6 +1386,41 @@ END } END ; + foreach $subclassentry (sort @subclasses) + { + @subclassline = split( /;/, $subclassentry ); + if ( $subclassline[1] eq $classline[1] ) { + print <<END + <tr><td align='center' bgcolor='#FAFAFA'>$Lang::tr{'Subclass'}: + <td align='center' bgcolor='#FAFAFA'>$subclassline[2] + <td align='center' bgcolor='#FAFAFA'>$subclassline[3] + <td align='center' bgcolor='#FAFAFA'>$subclassline[4] + <td align='center' bgcolor='#FAFAFA'>$subclassline[5] + <td align='center' bgcolor='#FAFAFA'>$subclassline[6] + <td align='center' bgcolor='#FAFAFA'>$subclassline[7] + <td align='center' bgcolor='#FAFAFA'>$subclassline[8] + <td align='right' bgcolor='#FAFAFA'> + <table border='0'><tr> + <td><form method='post' action='$ENV{'SCRIPT_NAME'}'> + <input type='hidden' name='CLASS' value='$subclassline[2]' /> + <input type='hidden' name='ACTION' value='$Lang::tr{'Add Rule'}' /> + <input type='image' alt='$Lang::tr{'Add Rule'}' title='$Lang::tr{'Add Rule'}' src='/images/addgreen.gif' /> + </form> + <td><form method='post' action='$ENV{'SCRIPT_NAME'}'> + <input type='hidden' name='CLASS' value='$subclassline[2]' /> + <input type='hidden' name='DOSCLASS' value='$Lang::tr{'edit'}' /> + <input type='image' alt='$Lang::tr{'edit'}' title='$Lang::tr{'edit'}' src='/images/edit.gif' /> + </form> + <td><form method='post' action='$ENV{'SCRIPT_NAME'}'> + <input type='hidden' name='CLASS' value='$subclassline[2]' /> + <input type='hidden' name='DOSCLASS' value='$Lang::tr{'delete'}' /> + <input type='image' alt='$Lang::tr{'delete'}' title='$Lang::tr{'delete'}' src='/images/delete.gif' /> + </form> + </table> +END +; + } + } print <<END </table> END @@ -1297,3 +1488,21 @@ sub validclass { } } } + +sub validsubclass { + if ( $qossettings{'VALID'} eq 'yes' ) { + open( FILE, "< $subclassfile" ) or die "Unable to read $subclassfile"; + @tmp = <FILE>; + close FILE; + foreach $subclassentry (sort @tmp) + { + @tmpline = split( /;/, $subclassentry ); + if ( $tmpline[2] eq $qossettings{'SCLASS'} ) + { + $qossettings{'VALID'} = 'no'; + $message = "$Lang::tr{'class in use'}"; + last + } + } + } +} diff --git a/lfs/iptables b/lfs/iptables index e2012ecb6..b91e41797 100644 --- a/lfs/iptables +++ b/lfs/iptables @@ -79,6 +79,9 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && cp -vf $(DIR_SRC)/netfilter-layer7-v2.23/iptables-1.4.3forward-for-kernel-2.6.20forward/* \ ./extensions/
+ # imq + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/iptables-1.4.12-IMQ-test4.diff + cd $(DIR_APP) && ./configure \ --prefix=/usr \ --libdir=/lib \ diff --git a/lfs/linux b/lfs/linux index c8bcdbb97..36f2d0ac2 100644 --- a/lfs/linux +++ b/lfs/linux @@ -118,6 +118,9 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
ln -svf linux-$(VER) $(DIR_SRC)/linux
+ # Linux Intermediate Queueing Device + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-4.14-imq.diff + # Layer7-patch cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-4.14-layer7.patch
diff --git a/src/patches/iptables-1.4.12-IMQ-test4.diff b/src/patches/iptables-1.4.12-IMQ-test4.diff new file mode 100644 index 000000000..5ce17e1b4 --- /dev/null +++ b/src/patches/iptables-1.4.12-IMQ-test4.diff @@ -0,0 +1,141 @@ +diff -Naur iptables-1.4.12.1/extensions/libxt_IMQ.c iptables-1.4.12.1-imq/extensions/libxt_IMQ.c +--- iptables-1.4.12.1/extensions/libxt_IMQ.c 1970-01-01 02:00:00.000000000 +0200 ++++ iptables-1.4.12.1-imq/extensions/libxt_IMQ.c 2011-09-30 13:53:21.000000000 +0300 +@@ -0,0 +1,105 @@ ++/* Shared library add-on to iptables to add IMQ target support. */ ++#include <stdio.h> ++#include <string.h> ++#include <stdlib.h> ++#include <getopt.h> ++ ++#include <xtables.h> ++#include <linux/netfilter/x_tables.h> ++#include <linux/netfilter/xt_IMQ.h> ++ ++/* Function which prints out usage message. */ ++static void IMQ_help(void) ++{ ++ printf( ++"IMQ target options:\n" ++" --todev <N> enqueue to imq<N>, defaults to 0\n"); ++ ++} ++ ++static struct option IMQ_opts[] = { ++ { "todev", 1, 0, '1' }, ++ { 0 } ++}; ++ ++/* Initialize the target. */ ++static void IMQ_init(struct xt_entry_target *t) ++{ ++ struct xt_imq_info *mr = (struct xt_imq_info*)t->data; ++ ++ mr->todev = 0; ++} ++ ++/* Function which parses command options; returns true if it ++ ate an option */ ++static int IMQ_parse(int c, char **argv, int invert, unsigned int *flags, ++ const void *entry, struct xt_entry_target **target) ++{ ++ struct xt_imq_info *mr = (struct xt_imq_info*)(*target)->data; ++ ++ switch(c) { ++ case '1': ++/* if (xtables_check_inverse(optarg, &invert, NULL, 0, argv)) ++ xtables_error(PARAMETER_PROBLEM, ++ "Unexpected `!' after --todev"); ++*/ ++ mr->todev=atoi(optarg); ++ break; ++ ++ default: ++ return 0; ++ } ++ return 1; ++} ++ ++/* Prints out the targinfo. */ ++static void IMQ_print(const void *ip, ++ const struct xt_entry_target *target, ++ int numeric) ++{ ++ struct xt_imq_info *mr = (struct xt_imq_info*)target->data; ++ ++ printf("IMQ: todev %u ", mr->todev); ++} ++ ++/* Saves the union ipt_targinfo in parsable form to stdout. */ ++static void IMQ_save(const void *ip, const struct xt_entry_target *target) ++{ ++ struct xt_imq_info *mr = (struct xt_imq_info*)target->data; ++ ++ printf(" --todev %u", mr->todev); ++} ++ ++static struct xtables_target imq_target = { ++ .name = "IMQ", ++ .version = XTABLES_VERSION, ++ .family = NFPROTO_IPV4, ++ .size = XT_ALIGN(sizeof(struct xt_imq_info)), ++ .userspacesize = XT_ALIGN(sizeof(struct xt_imq_info)), ++ .help = IMQ_help, ++ .init = IMQ_init, ++ .parse = IMQ_parse, ++ .print = IMQ_print, ++ .save = IMQ_save, ++ .extra_opts = IMQ_opts, ++}; ++ ++static struct xtables_target imq_target6 = { ++ .name = "IMQ", ++ .version = XTABLES_VERSION, ++ .family = NFPROTO_IPV6, ++ .size = XT_ALIGN(sizeof(struct xt_imq_info)), ++ .userspacesize = XT_ALIGN(sizeof(struct xt_imq_info)), ++ .help = IMQ_help, ++ .init = IMQ_init, ++ .parse = IMQ_parse, ++ .print = IMQ_print, ++ .save = IMQ_save, ++ .extra_opts = IMQ_opts, ++}; ++ ++// void __attribute((constructor)) nf_ext_init(void){ ++void _init(void){ ++ xtables_register_target(&imq_target); ++ xtables_register_target(&imq_target6); ++} +diff -Naur iptables-1.4.12.1/extensions/libxt_IMQ.man iptables-1.4.12.1-imq/extensions/libxt_IMQ.man +--- iptables-1.4.12.1/extensions/libxt_IMQ.man 1970-01-01 02:00:00.000000000 +0200 ++++ iptables-1.4.12.1-imq/extensions/libxt_IMQ.man 2011-09-30 13:53:21.000000000 +0300 +@@ -0,0 +1,15 @@ ++This target is used to redirect the traffic to the IMQ driver and you can apply ++QoS rules like HTB or CBQ. ++For example you can select only traffic comming from a specific interface or ++is going out on a specific interface. ++Also it permits to capture the traffic BEFORE NAT in the case of outgoing traffic ++or AFTER NAT in the case of incomming traffic. ++.TP ++\fB--to-dev\fP \fIvalue\fP ++Set the IMQ interface where to send this traffic ++.TP ++Example: ++.TP ++Redirect incomming traffic from interface eth0 to imq0 and outgoing traffic to imq1: ++iptables -t mangle -A FORWARD -i eth0 -j IMQ --to-dev 0 ++iptables -t mangle -A FORWARD -o eth0 -j IMQ --to-dev 1 +diff -Naur iptables-1.4.12.1/include/linux/netfilter/xt_IMQ.h iptables-1.4.12.1-imq/include/linux/netfilter/xt_IMQ.h +--- iptables-1.4.12.1/include/linux/netfilter/xt_IMQ.h 1970-01-01 02:00:00.000000000 +0200 ++++ iptables-1.4.12.1-imq/include/linux/netfilter/xt_IMQ.h 2011-09-30 13:53:21.000000000 +0300 +@@ -0,0 +1,9 @@ ++#ifndef _XT_IMQ_H ++#define _XT_IMQ_H ++ ++struct xt_imq_info { ++ unsigned int todev; /* target imq device */ ++}; ++ ++#endif /* _XT_IMQ_H */ ++ diff --git a/src/patches/linux/linux-4.14-imq.diff b/src/patches/linux/linux-4.14-imq.diff new file mode 100644 index 000000000..0281bf6e4 --- /dev/null +++ b/src/patches/linux/linux-4.14-imq.diff @@ -0,0 +1,1759 @@ +diff -Naupr linux-4.14_orig/drivers/net/imq.c linux-4.14/drivers/net/imq.c +--- linux-4.14_orig/drivers/net/imq.c 1970-01-01 07:00:00.000000000 +0700 ++++ linux-4.14/drivers/net/imq.c 2017-11-13 11:46:45.844089945 +0700 +@@ -0,0 +1,962 @@ ++/* ++ * Pseudo-driver for the intermediate queue device. ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public License ++ * as published by the Free Software Foundation; either version ++ * 2 of the License, or (at your option) any later version. ++ * ++ * Authors: Patrick McHardy, kaber@trash.net ++ * ++ * The first version was written by Martin Devera, devik@cdi.cz ++ * ++ * See Credits.txt ++ */ ++ ++#include <linux/module.h> ++#include <linux/kernel.h> ++#include <linux/moduleparam.h> ++#include <linux/list.h> ++#include <linux/skbuff.h> ++#include <linux/netdevice.h> ++#include <linux/etherdevice.h> ++#include <linux/rtnetlink.h> ++#include <linux/if_arp.h> ++#include <linux/netfilter.h> ++#include <linux/netfilter_ipv4.h> ++#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) ++#include <linux/netfilter_ipv6.h> ++#endif ++#include <linux/imq.h> ++#include <net/pkt_sched.h> ++#include <net/netfilter/nf_queue.h> ++#include <net/sock.h> ++#include <linux/ip.h> ++#include <linux/ipv6.h> ++#include <linux/if_vlan.h> ++#include <linux/if_pppox.h> ++#include <net/ip.h> ++#include <net/ipv6.h> ++ ++static int imq_nf_queue(struct nf_queue_entry *entry, unsigned queue_num); ++ ++static nf_hookfn imq_nf_hook; ++ ++static struct nf_hook_ops imq_ops[] = { ++ { ++ /* imq_ingress_ipv4 */ ++ .hook = imq_nf_hook, ++ .pf = PF_INET, ++ .hooknum = NF_INET_PRE_ROUTING, ++#if defined(CONFIG_IMQ_BEHAVIOR_BA) || defined(CONFIG_IMQ_BEHAVIOR_BB) ++ .priority = NF_IP_PRI_MANGLE + 1, ++#else ++ .priority = NF_IP_PRI_NAT_DST + 1, ++#endif ++ }, ++ { ++ /* imq_egress_ipv4 */ ++ .hook = imq_nf_hook, ++ .pf = PF_INET, ++ .hooknum = NF_INET_POST_ROUTING, ++#if defined(CONFIG_IMQ_BEHAVIOR_AA) || defined(CONFIG_IMQ_BEHAVIOR_BA) ++ .priority = NF_IP_PRI_LAST, ++#else ++ .priority = NF_IP_PRI_NAT_SRC - 1, ++#endif ++ }, ++#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) ++ { ++ /* imq_ingress_ipv6 */ ++ .hook = imq_nf_hook, ++ .pf = PF_INET6, ++ .hooknum = NF_INET_PRE_ROUTING, ++#if defined(CONFIG_IMQ_BEHAVIOR_BA) || defined(CONFIG_IMQ_BEHAVIOR_BB) ++ .priority = NF_IP6_PRI_MANGLE + 1, ++#else ++ .priority = NF_IP6_PRI_NAT_DST + 1, ++#endif ++ }, ++ { ++ /* imq_egress_ipv6 */ ++ .hook = imq_nf_hook, ++ .pf = PF_INET6, ++ .hooknum = NF_INET_POST_ROUTING, ++#if defined(CONFIG_IMQ_BEHAVIOR_AA) || defined(CONFIG_IMQ_BEHAVIOR_BA) ++ .priority = NF_IP6_PRI_LAST, ++#else ++ .priority = NF_IP6_PRI_NAT_SRC - 1, ++#endif ++ }, ++#endif ++}; ++ ++#if defined(CONFIG_IMQ_NUM_DEVS) ++static int numdevs = CONFIG_IMQ_NUM_DEVS; ++#else ++static int numdevs = IMQ_MAX_DEVS; ++#endif ++ ++static struct net_device *imq_devs_cache[IMQ_MAX_DEVS]; ++ ++#define IMQ_MAX_QUEUES 32 ++static int numqueues = 1; ++static u32 imq_hashrnd; ++static int imq_dev_accurate_stats = 1; ++ ++static inline __be16 pppoe_proto(const struct sk_buff *skb) ++{ ++ return *((__be16 *)(skb_mac_header(skb) + ETH_HLEN + ++ sizeof(struct pppoe_hdr))); ++} ++ ++static u16 imq_hash(struct net_device *dev, struct sk_buff *skb) ++{ ++ unsigned int pull_len; ++ u16 protocol = skb->protocol; ++ u32 addr1, addr2; ++ u32 hash, ihl = 0; ++ union { ++ u16 in16[2]; ++ u32 in32; ++ } ports; ++ u8 ip_proto; ++ ++ pull_len = 0; ++ ++recheck: ++ switch (protocol) { ++ case htons(ETH_P_8021Q): { ++ if (unlikely(skb_pull(skb, VLAN_HLEN) == NULL)) ++ goto other; ++ ++ pull_len += VLAN_HLEN; ++ skb->network_header += VLAN_HLEN; ++ ++ protocol = vlan_eth_hdr(skb)->h_vlan_encapsulated_proto; ++ goto recheck; ++ } ++ ++ case htons(ETH_P_PPP_SES): { ++ if (unlikely(skb_pull(skb, PPPOE_SES_HLEN) == NULL)) ++ goto other; ++ ++ pull_len += PPPOE_SES_HLEN; ++ skb->network_header += PPPOE_SES_HLEN; ++ ++ protocol = pppoe_proto(skb); ++ goto recheck; ++ } ++ ++ case htons(ETH_P_IP): { ++ const struct iphdr *iph = ip_hdr(skb); ++ ++ if (unlikely(!pskb_may_pull(skb, sizeof(struct iphdr)))) ++ goto other; ++ ++ addr1 = iph->daddr; ++ addr2 = iph->saddr; ++ ++ ip_proto = !(ip_hdr(skb)->frag_off & htons(IP_MF | IP_OFFSET)) ? ++ iph->protocol : 0; ++ ihl = ip_hdrlen(skb); ++ ++ break; ++ } ++#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) ++ case htons(ETH_P_IPV6): { ++ const struct ipv6hdr *iph = ipv6_hdr(skb); ++ __be16 fo = 0; ++ ++ if (unlikely(!pskb_may_pull(skb, sizeof(struct ipv6hdr)))) ++ goto other; ++ ++ addr1 = iph->daddr.s6_addr32[3]; ++ addr2 = iph->saddr.s6_addr32[3]; ++ ihl = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr), &ip_proto, ++ &fo); ++ if (unlikely(ihl < 0)) ++ goto other; ++ ++ break; ++ } ++#endif ++ default: ++other: ++ if (pull_len != 0) { ++ skb_push(skb, pull_len); ++ skb->network_header -= pull_len; ++ } ++ ++ return (u16)(ntohs(protocol) % dev->real_num_tx_queues); ++ } ++ ++ if (addr1 > addr2) ++ swap(addr1, addr2); ++ ++ switch (ip_proto) { ++ case IPPROTO_TCP: ++ case IPPROTO_UDP: ++ case IPPROTO_DCCP: ++ case IPPROTO_ESP: ++ case IPPROTO_AH: ++ case IPPROTO_SCTP: ++ case IPPROTO_UDPLITE: { ++ if (likely(skb_copy_bits(skb, ihl, &ports.in32, 4) >= 0)) { ++ if (ports.in16[0] > ports.in16[1]) ++ swap(ports.in16[0], ports.in16[1]); ++ break; ++ } ++ /* fall-through */ ++ } ++ default: ++ ports.in32 = 0; ++ break; ++ } ++ ++ if (pull_len != 0) { ++ skb_push(skb, pull_len); ++ skb->network_header -= pull_len; ++ } ++ ++ hash = jhash_3words(addr1, addr2, ports.in32, imq_hashrnd ^ ip_proto); ++ ++ return (u16)(((u64)hash * dev->real_num_tx_queues) >> 32); ++} ++ ++static inline bool sk_tx_queue_recorded(struct sock *sk) ++{ ++ return (sk_tx_queue_get(sk) >= 0); ++} ++ ++static struct netdev_queue *imq_select_queue(struct net_device *dev, ++ struct sk_buff *skb) ++{ ++ u16 queue_index = 0; ++ u32 hash; ++ ++ if (likely(dev->real_num_tx_queues == 1)) ++ goto out; ++ ++ /* IMQ can be receiving ingress or engress packets. */ ++ ++ /* Check first for if rx_queue is set */ ++ if (skb_rx_queue_recorded(skb)) { ++ queue_index = skb_get_rx_queue(skb); ++ goto out; ++ } ++ ++ /* Check if socket has tx_queue set */ ++ if (sk_tx_queue_recorded(skb->sk)) { ++ queue_index = sk_tx_queue_get(skb->sk); ++ goto out; ++ } ++ ++ /* Try use socket hash */ ++ if (skb->sk && skb->sk->sk_hash) { ++ hash = skb->sk->sk_hash; ++ queue_index = ++ (u16)(((u64)hash * dev->real_num_tx_queues) >> 32); ++ goto out; ++ } ++ ++ /* Generate hash from packet data */ ++ queue_index = imq_hash(dev, skb); ++ ++out: ++ if (unlikely(queue_index >= dev->real_num_tx_queues)) ++ queue_index = (u16)((u32)queue_index % dev->real_num_tx_queues); ++ ++ skb_set_queue_mapping(skb, queue_index); ++ return netdev_get_tx_queue(dev, queue_index); ++} ++ ++static struct net_device_stats *imq_get_stats(struct net_device *dev) ++{ ++ return &dev->stats; ++} ++ ++/* called for packets kfree'd in qdiscs at places other than enqueue */ ++static void imq_skb_destructor(struct sk_buff *skb) ++{ ++ struct nf_queue_entry *entry = skb->nf_queue_entry; ++ ++ skb->nf_queue_entry = NULL; ++ ++ if (entry) { ++ nf_queue_entry_release_refs(entry); ++ kfree(entry); ++ } ++ ++ skb_restore_cb(skb); /* kfree backup */ ++} ++ ++static void imq_done_check_queue_mapping(struct sk_buff *skb, ++ struct net_device *dev) ++{ ++ unsigned int queue_index; ++ ++ /* Don't let queue_mapping be left too large after exiting IMQ */ ++ if (likely(skb->dev != dev && skb->dev != NULL)) { ++ queue_index = skb_get_queue_mapping(skb); ++ if (unlikely(queue_index >= skb->dev->real_num_tx_queues)) { ++ queue_index = (u16)((u32)queue_index % ++ skb->dev->real_num_tx_queues); ++ skb_set_queue_mapping(skb, queue_index); ++ } ++ } else { ++ /* skb->dev was IMQ device itself or NULL, be on safe side and ++ * just clear queue mapping. ++ */ ++ skb_set_queue_mapping(skb, 0); ++ } ++} ++ ++static netdev_tx_t imq_dev_xmit(struct sk_buff *skb, struct net_device *dev) ++{ ++ struct nf_queue_entry *entry = skb->nf_queue_entry; ++ ++ rcu_read_lock(); ++ ++ skb->nf_queue_entry = NULL; ++ netif_trans_update(dev); ++ ++ dev->stats.tx_bytes += skb->len; ++ dev->stats.tx_packets++; ++ ++ if (unlikely(entry == NULL)) { ++ /* We don't know what is going on here.. packet is queued for ++ * imq device, but (probably) not by us. ++ * ++ * If this packet was not send here by imq_nf_queue(), then ++ * skb_save_cb() was not used and skb_free() should not show: ++ * WARNING: IMQ: kfree_skb: skb->cb_next:.. ++ * and/or ++ * WARNING: IMQ: kfree_skb: skb->nf_queue_entry... ++ * ++ * However if this message is shown, then IMQ is somehow broken ++ * and you should report this to linuximq.net. ++ */ ++ ++ /* imq_dev_xmit is black hole that eats all packets, report that ++ * we eat this packet happily and increase dropped counters. ++ */ ++ ++ dev->stats.tx_dropped++; ++ dev_kfree_skb(skb); ++ ++ rcu_read_unlock(); ++ return NETDEV_TX_OK; ++ } ++ ++ skb_restore_cb(skb); /* restore skb->cb */ ++ ++ skb->imq_flags = 0; ++ skb->destructor = NULL; ++ ++ imq_done_check_queue_mapping(skb, dev); ++ ++ nf_reinject(entry, NF_ACCEPT); ++ ++ rcu_read_unlock(); ++ return NETDEV_TX_OK; ++} ++ ++static struct net_device *get_imq_device_by_index(int index) ++{ ++ struct net_device *dev = NULL; ++ struct net *net; ++ char buf[8]; ++ ++ /* get device by name and cache result */ ++ snprintf(buf, sizeof(buf), "imq%d", index); ++ ++ /* Search device from all namespaces. */ ++ for_each_net(net) { ++ dev = dev_get_by_name(net, buf); ++ if (dev) ++ break; ++ } ++ ++ if (WARN_ON_ONCE(dev == NULL)) { ++ /* IMQ device not found. Exotic config? */ ++ return ERR_PTR(-ENODEV); ++ } ++ ++ imq_devs_cache[index] = dev; ++ dev_put(dev); ++ ++ return dev; ++} ++ ++static struct nf_queue_entry *nf_queue_entry_dup(struct nf_queue_entry *e) ++{ ++ struct nf_queue_entry *entry = kmemdup(e, e->size, GFP_ATOMIC); ++ if (entry) { ++ nf_queue_entry_get_refs(entry); ++ return entry; ++ } ++ return NULL; ++} ++ ++#ifdef CONFIG_BRIDGE_NETFILTER ++/* When called from bridge netfilter, skb->data must point to MAC header ++ * before calling skb_gso_segment(). Else, original MAC header is lost ++ * and segmented skbs will be sent to wrong destination. ++ */ ++static void nf_bridge_adjust_skb_data(struct sk_buff *skb) ++{ ++ if (skb->nf_bridge) ++ __skb_push(skb, skb->network_header - skb->mac_header); ++} ++ ++static void nf_bridge_adjust_segmented_data(struct sk_buff *skb) ++{ ++ if (skb->nf_bridge) ++ __skb_pull(skb, skb->network_header - skb->mac_header); ++} ++#else ++#define nf_bridge_adjust_skb_data(s) do {} while (0) ++#define nf_bridge_adjust_segmented_data(s) do {} while (0) ++#endif ++ ++static void free_entry(struct nf_queue_entry *entry) ++{ ++ nf_queue_entry_release_refs(entry); ++ kfree(entry); ++} ++ ++static int __imq_nf_queue(struct nf_queue_entry *entry, struct net_device *dev); ++ ++static int __imq_nf_queue_gso(struct nf_queue_entry *entry, ++ struct net_device *dev, struct sk_buff *skb) ++{ ++ int ret = -ENOMEM; ++ struct nf_queue_entry *entry_seg; ++ ++ nf_bridge_adjust_segmented_data(skb); ++ ++ if (skb->next == NULL) { /* last packet, no need to copy entry */ ++ struct sk_buff *gso_skb = entry->skb; ++ entry->skb = skb; ++ ret = __imq_nf_queue(entry, dev); ++ if (ret) ++ entry->skb = gso_skb; ++ return ret; ++ } ++ ++ skb->next = NULL; ++ ++ entry_seg = nf_queue_entry_dup(entry); ++ if (entry_seg) { ++ entry_seg->skb = skb; ++ ret = __imq_nf_queue(entry_seg, dev); ++ if (ret) ++ free_entry(entry_seg); ++ } ++ return ret; ++} ++ ++static int imq_nf_queue(struct nf_queue_entry *entry, unsigned queue_num) ++{ ++ struct sk_buff *skb, *segs; ++ struct net_device *dev; ++ unsigned int queued; ++ int index, retval, err; ++ ++ index = entry->skb->imq_flags & IMQ_F_IFMASK; ++ if (unlikely(index > numdevs - 1)) { ++ if (net_ratelimit()) ++ pr_warn("IMQ: invalid device specified, highest is %u\n", ++ numdevs - 1); ++ retval = -EINVAL; ++ goto out_no_dev; ++ } ++ ++ /* check for imq device by index from cache */ ++ dev = imq_devs_cache[index]; ++ if (unlikely(!dev)) { ++ dev = get_imq_device_by_index(index); ++ if (IS_ERR(dev)) { ++ retval = PTR_ERR(dev); ++ goto out_no_dev; ++ } ++ } ++ ++ if (unlikely(!(dev->flags & IFF_UP))) { ++ entry->skb->imq_flags = 0; ++ retval = -ECANCELED; ++ goto out_no_dev; ++ } ++ ++ /* Since 3.10.x, GSO handling moved here as result of upstream commit ++ * a5fedd43d5f6c94c71053a66e4c3d2e35f1731a2 (netfilter: move ++ * skb_gso_segment into nfnetlink_queue module). ++ * ++ * Following code replicates the gso handling from ++ * 'net/netfilter/nfnetlink_queue_core.c':nfqnl_enqueue_packet(). ++ */ ++ ++ skb = entry->skb; ++ ++ switch (entry->state.pf) { ++ case NFPROTO_IPV4: ++ skb->protocol = htons(ETH_P_IP); ++ break; ++ case NFPROTO_IPV6: ++ skb->protocol = htons(ETH_P_IPV6); ++ break; ++ } ++ ++ if (!skb_is_gso(entry->skb)) ++ return __imq_nf_queue(entry, dev); ++ ++ nf_bridge_adjust_skb_data(skb); ++ segs = skb_gso_segment(skb, 0); ++ /* Does not use PTR_ERR to limit the number of error codes that can be ++ * returned by nf_queue. For instance, callers rely on -ECANCELED to ++ * mean 'ignore this hook'. ++ */ ++ err = -ENOBUFS; ++ if (IS_ERR(segs)) ++ goto out_err; ++ queued = 0; ++ err = 0; ++ do { ++ struct sk_buff *nskb = segs->next; ++ if (nskb && nskb->next) ++ nskb->cb_next = NULL; ++ if (err == 0) ++ err = __imq_nf_queue_gso(entry, dev, segs); ++ if (err == 0) ++ queued++; ++ else ++ kfree_skb(segs); ++ segs = nskb; ++ } while (segs); ++ ++ if (queued) { ++ if (err) /* some segments are already queued */ ++ free_entry(entry); ++ kfree_skb(skb); ++ return 0; ++ } ++ ++out_err: ++ nf_bridge_adjust_segmented_data(skb); ++ retval = err; ++out_no_dev: ++ return retval; ++} ++ ++static int __imq_nf_queue(struct nf_queue_entry *entry, struct net_device *dev) ++{ ++ struct sk_buff *skb_orig, *skb, *skb_shared, *skb_popd; ++ struct Qdisc *q; ++ struct sk_buff *to_free = NULL; ++ struct netdev_queue *txq; ++ spinlock_t *root_lock; ++ int users; ++ int retval = -EINVAL; ++ unsigned int orig_queue_index; ++ ++ dev->last_rx = jiffies; ++ ++ skb = entry->skb; ++ skb_orig = NULL; ++ ++ /* skb has owner? => make clone */ ++ if (unlikely(skb->destructor)) { ++ skb_orig = skb; ++ skb = skb_clone(skb, GFP_ATOMIC); ++ if (unlikely(!skb)) { ++ retval = -ENOMEM; ++ goto out; ++ } ++ skb->cb_next = NULL; ++ entry->skb = skb; ++ } ++ ++ dev->stats.rx_bytes += skb->len; ++ dev->stats.rx_packets++; ++ ++ if (!skb->dev) { ++ /* skb->dev == NULL causes problems, try the find cause. */ ++ if (net_ratelimit()) { ++ dev_warn(&dev->dev, ++ "received packet with skb->dev == NULL\n"); ++ dump_stack(); ++ } ++ ++ skb->dev = dev; ++ } ++ ++ /* Disables softirqs for lock below */ ++ rcu_read_lock_bh(); ++ ++ /* Multi-queue selection */ ++ orig_queue_index = skb_get_queue_mapping(skb); ++ txq = imq_select_queue(dev, skb); ++ ++ q = rcu_dereference(txq->qdisc); ++ if (unlikely(!q->enqueue)) ++ goto packet_not_eaten_by_imq_dev; ++ ++ skb->nf_queue_entry = entry; ++ root_lock = qdisc_lock(q); ++ spin_lock(root_lock); ++ ++ users = refcount_read(&skb->users); ++ ++ skb_shared = skb_get(skb); /* increase reference count by one */ ++ ++ /* backup skb->cb, as qdisc layer will overwrite it */ ++ skb_save_cb(skb_shared); ++ qdisc_enqueue_root(skb_shared, q, &to_free); /* might kfree_skb */ ++ if (likely(refcount_read(&skb_shared->users) == users + 1)) { ++ bool validate; ++ ++ kfree_skb(skb_shared); /* decrease reference count by one */ ++ ++ skb->destructor = &imq_skb_destructor; ++ ++ skb_popd = qdisc_dequeue_skb(q, &validate); ++ ++ /* cloned? */ ++ if (unlikely(skb_orig)) ++ kfree_skb(skb_orig); /* free original */ ++ ++ spin_unlock(root_lock); ++ ++#if 0 ++ /* schedule qdisc dequeue */ ++ __netif_schedule(q); ++#else ++ if (likely(skb_popd)) { ++ /* Note that we validate skb (GSO, checksum, ...) outside of locks */ ++ if (validate) ++ skb_popd = validate_xmit_skb_list(skb_popd, dev); ++ ++ if (skb_popd) { ++ int dummy_ret; ++ int cpu = smp_processor_id(); /* ok because BHs are off */ ++ ++ txq = skb_get_tx_queue(dev, skb_popd); ++ /* ++ IMQ device will not be frozen or stoped, and it always be successful. ++ So we need not check its status and return value to accelerate. ++ */ ++ if (imq_dev_accurate_stats && txq->xmit_lock_owner != cpu) { ++ HARD_TX_LOCK(dev, txq, cpu); ++ if (!netif_xmit_frozen_or_stopped(txq)) { ++ dev_hard_start_xmit(skb_popd, dev, txq, &dummy_ret); ++ } ++ HARD_TX_UNLOCK(dev, txq); ++ } else { ++ if (!netif_xmit_frozen_or_stopped(txq)) { ++ dev_hard_start_xmit(skb_popd, dev, txq, &dummy_ret); ++ } ++ } ++ } ++ } else { ++ /* No ready skb, then schedule it */ ++ __netif_schedule(q); ++ } ++#endif ++ rcu_read_unlock_bh(); ++ retval = 0; ++ goto out; ++ } else { ++ skb_restore_cb(skb_shared); /* restore skb->cb */ ++ skb->nf_queue_entry = NULL; ++ /* ++ * qdisc dropped packet and decreased skb reference count of ++ * skb, so we don't really want to and try refree as that would ++ * actually destroy the skb. ++ */ ++ spin_unlock(root_lock); ++ goto packet_not_eaten_by_imq_dev; ++ } ++ ++packet_not_eaten_by_imq_dev: ++ skb_set_queue_mapping(skb, orig_queue_index); ++ rcu_read_unlock_bh(); ++ ++ /* cloned? restore original */ ++ if (unlikely(skb_orig)) { ++ kfree_skb(skb); ++ entry->skb = skb_orig; ++ } ++ retval = -1; ++out: ++ if (unlikely(to_free)) { ++ kfree_skb_list(to_free); ++ } ++ return retval; ++} ++static unsigned int imq_nf_hook(void *priv, ++ struct sk_buff *skb, ++ const struct nf_hook_state *state) ++{ ++ return (skb->imq_flags & IMQ_F_ENQUEUE) ? NF_IMQ_QUEUE : NF_ACCEPT; ++} ++ ++static int imq_close(struct net_device *dev) ++{ ++ netif_stop_queue(dev); ++ return 0; ++} ++ ++static int imq_open(struct net_device *dev) ++{ ++ netif_start_queue(dev); ++ return 0; ++} ++ ++static struct device_type imq_device_type = { ++ .name = "imq", ++}; ++ ++static const struct net_device_ops imq_netdev_ops = { ++ .ndo_open = imq_open, ++ .ndo_stop = imq_close, ++ .ndo_start_xmit = imq_dev_xmit, ++ .ndo_get_stats = imq_get_stats, ++}; ++ ++static void imq_setup(struct net_device *dev) ++{ ++ dev->netdev_ops = &imq_netdev_ops; ++ dev->type = ARPHRD_VOID; ++ dev->mtu = 16000; /* too small? */ ++ dev->tx_queue_len = 11000; /* too big? */ ++ dev->flags = IFF_NOARP; ++ dev->features = NETIF_F_SG | NETIF_F_FRAGLIST | ++ NETIF_F_GSO | NETIF_F_HW_CSUM | ++ NETIF_F_HIGHDMA; ++ dev->priv_flags &= ~(IFF_XMIT_DST_RELEASE | ++ IFF_TX_SKB_SHARING); ++} ++ ++static int imq_validate(struct nlattr *tb[], struct nlattr *data[], ++ struct netlink_ext_ack *extack) ++{ ++ int ret = 0; ++ ++ if (tb[IFLA_ADDRESS]) { ++ if (nla_len(tb[IFLA_ADDRESS]) != ETH_ALEN) { ++ ret = -EINVAL; ++ goto end; ++ } ++ if (!is_valid_ether_addr(nla_data(tb[IFLA_ADDRESS]))) { ++ ret = -EADDRNOTAVAIL; ++ goto end; ++ } ++ } ++ return 0; ++end: ++ pr_warn("IMQ: imq_validate failed (%d)\n", ret); ++ return ret; ++} ++ ++static struct rtnl_link_ops imq_link_ops __read_mostly = { ++ .kind = "imq", ++ .priv_size = 0, ++ .setup = imq_setup, ++ .validate = imq_validate, ++}; ++ ++static const struct nf_queue_handler imq_nfqh = { ++ .outfn = imq_nf_queue, ++}; ++ ++static int __net_init imq_nf_register(struct net *net) ++{ ++ return nf_register_net_hooks(net, imq_ops, ++ ARRAY_SIZE(imq_ops)); ++}; ++ ++static void __net_exit imq_nf_unregister(struct net *net) ++{ ++ nf_unregister_net_hooks(net, imq_ops, ++ ARRAY_SIZE(imq_ops)); ++}; ++ ++static struct pernet_operations imq_net_ops = { ++ .init = imq_nf_register, ++ .exit = imq_nf_unregister, ++}; ++ ++static int __net_init imq_init_hooks(void) ++{ ++ int ret; ++ nf_register_queue_imq_handler(&imq_nfqh); ++ ++ ret = register_pernet_subsys(&imq_net_ops); ++ if (ret < 0) ++ nf_unregister_queue_imq_handler(); ++ ++ return ret; ++} ++ ++#ifdef CONFIG_LOCKDEP ++ static struct lock_class_key imq_netdev_addr_lock_key; ++ ++ static void __init imq_dev_set_lockdep_one(struct net_device *dev, ++ struct netdev_queue *txq, void *arg) ++ { ++ /* ++ * the IMQ transmit locks can be taken recursively, ++ * for example with one IMQ rule for input- and one for ++ * output network devices in iptables! ++ * until we find a better solution ignore them. ++ */ ++ lockdep_set_novalidate_class(&txq->_xmit_lock); ++ } ++ ++ static void imq_dev_set_lockdep_class(struct net_device *dev) ++ { ++ lockdep_set_class_and_name(&dev->addr_list_lock, ++ &imq_netdev_addr_lock_key, "_xmit_addr_IMQ"); ++ netdev_for_each_tx_queue(dev, imq_dev_set_lockdep_one, NULL); ++} ++#else ++ static inline void imq_dev_set_lockdep_class(struct net_device *dev) ++ { ++ } ++#endif ++ ++static int __init imq_init_one(int index) ++{ ++ struct net_device *dev; ++ int ret; ++ ++ dev = alloc_netdev_mq(0, "imq%d", NET_NAME_UNKNOWN, imq_setup, numqueues); ++ if (!dev) ++ return -ENOMEM; ++ ++ ret = dev_alloc_name(dev, dev->name); ++ if (ret < 0) ++ goto fail; ++ ++ dev->rtnl_link_ops = &imq_link_ops; ++ SET_NETDEV_DEVTYPE(dev, &imq_device_type); ++ ret = register_netdevice(dev); ++ if (ret < 0) ++ goto fail; ++ ++ imq_dev_set_lockdep_class(dev); ++ ++ return 0; ++fail: ++ free_netdev(dev); ++ return ret; ++} ++ ++static int __init imq_init_devs(void) ++{ ++ int err, i; ++ ++ if (numdevs < 1 || numdevs > IMQ_MAX_DEVS) { ++ pr_err("IMQ: numdevs has to be betweed 1 and %u\n", ++ IMQ_MAX_DEVS); ++ return -EINVAL; ++ } ++ ++ if (numqueues < 1 || numqueues > IMQ_MAX_QUEUES) { ++ pr_err("IMQ: numqueues has to be betweed 1 and %u\n", ++ IMQ_MAX_QUEUES); ++ return -EINVAL; ++ } ++ ++ get_random_bytes(&imq_hashrnd, sizeof(imq_hashrnd)); ++ ++ rtnl_lock(); ++ err = __rtnl_link_register(&imq_link_ops); ++ ++ for (i = 0; i < numdevs && !err; i++) ++ err = imq_init_one(i); ++ ++ if (err) { ++ __rtnl_link_unregister(&imq_link_ops); ++ memset(imq_devs_cache, 0, sizeof(imq_devs_cache)); ++ } ++ rtnl_unlock(); ++ ++ return err; ++} ++ ++static int __init imq_init_module(void) ++{ ++ int err; ++ ++#if defined(CONFIG_IMQ_NUM_DEVS) ++ BUILD_BUG_ON(CONFIG_IMQ_NUM_DEVS > 16); ++ BUILD_BUG_ON(CONFIG_IMQ_NUM_DEVS < 2); ++ BUILD_BUG_ON(CONFIG_IMQ_NUM_DEVS - 1 > IMQ_F_IFMASK); ++#endif ++ ++ err = imq_init_devs(); ++ if (err) { ++ pr_err("IMQ: Error trying imq_init_devs(net)\n"); ++ return err; ++ } ++ ++ err = imq_init_hooks(); ++ if (err) { ++ pr_err(KERN_ERR "IMQ: Error trying imq_init_hooks()\n"); ++ rtnl_link_unregister(&imq_link_ops); ++ memset(imq_devs_cache, 0, sizeof(imq_devs_cache)); ++ return err; ++ } ++ ++ pr_info("IMQ driver loaded successfully. (numdevs = %d, numqueues = %d, imq_dev_accurate_stats = %d)\n", ++ numdevs, numqueues, imq_dev_accurate_stats); ++ ++#if defined(CONFIG_IMQ_BEHAVIOR_BA) || defined(CONFIG_IMQ_BEHAVIOR_BB) ++ pr_info("\tHooking IMQ before NAT on PREROUTING.\n"); ++#else ++ pr_info("\tHooking IMQ after NAT on PREROUTING.\n"); ++#endif ++#if defined(CONFIG_IMQ_BEHAVIOR_AB) || defined(CONFIG_IMQ_BEHAVIOR_BB) ++ pr_info("\tHooking IMQ before NAT on POSTROUTING.\n"); ++#else ++ pr_info("\tHooking IMQ after NAT on POSTROUTING.\n"); ++#endif ++ ++ return 0; ++} ++ ++static void __exit imq_unhook(void) ++{ ++ unregister_pernet_subsys(&imq_net_ops); ++ nf_unregister_queue_imq_handler(); ++} ++ ++static void __exit imq_cleanup_devs(void) ++{ ++ rtnl_link_unregister(&imq_link_ops); ++ memset(imq_devs_cache, 0, sizeof(imq_devs_cache)); ++} ++ ++static void __exit imq_exit_module(void) ++{ ++ imq_unhook(); ++ imq_cleanup_devs(); ++ pr_info("IMQ driver unloaded successfully.\n"); ++} ++ ++module_init(imq_init_module); ++module_exit(imq_exit_module); ++ ++module_param(numdevs, int, 0); ++module_param(numqueues, int, 0); ++module_param(imq_dev_accurate_stats, int, 0); ++MODULE_PARM_DESC(numdevs, "number of IMQ devices (how many imq* devices will be created)"); ++MODULE_PARM_DESC(numqueues, "number of queues per IMQ device"); ++MODULE_PARM_DESC(imq_dev_accurate_stats, "Notify if need the accurate imq device stats"); ++ ++MODULE_AUTHOR("https://github.com/imq/linuximq"); ++MODULE_DESCRIPTION("Pseudo-driver for the intermediate queue device. See https://github.com/imq/linuximq/wiki for more information."); ++MODULE_LICENSE("GPL"); ++MODULE_ALIAS_RTNL_LINK("imq"); +diff -Naupr linux-4.14_orig/drivers/net/Kconfig linux-4.14/drivers/net/Kconfig +--- linux-4.14_orig/drivers/net/Kconfig 2017-11-13 01:46:13.000000000 +0700 ++++ linux-4.14/drivers/net/Kconfig 2017-11-13 11:46:45.844089945 +0700 +@@ -277,6 +277,125 @@ config RIONET_RX_SIZE + depends on RIONET + default "128" + ++config IMQ ++ tristate "IMQ (intermediate queueing device) support" ++ depends on NETDEVICES && NETFILTER ++ ---help--- ++ The IMQ device(s) is used as placeholder for QoS queueing ++ disciplines. Every packet entering/leaving the IP stack can be ++ directed through the IMQ device where it's enqueued/dequeued to the ++ attached qdisc. This allows you to treat network devices as classes ++ and distribute bandwidth among them. Iptables is used to specify ++ through which IMQ device, if any, packets travel. ++ ++ More information at: https://github.com/imq/linuximq ++ ++ To compile this driver as a module, choose M here: the module ++ will be called imq. If unsure, say N. ++ ++choice ++ prompt "IMQ behavior (PRE/POSTROUTING)" ++ depends on IMQ ++ default IMQ_BEHAVIOR_AB ++ help ++ This setting defines how IMQ behaves in respect to its ++ hooking in PREROUTING and POSTROUTING. ++ ++ IMQ can work in any of the following ways: ++ ++ PREROUTING | POSTROUTING ++ -----------------|------------------- ++ #1 After NAT | After NAT ++ #2 After NAT | Before NAT ++ #3 Before NAT | After NAT ++ #4 Before NAT | Before NAT ++ ++ The default behavior is to hook before NAT on PREROUTING ++ and after NAT on POSTROUTING (#3). ++ ++ This settings are specially usefull when trying to use IMQ ++ to shape NATed clients. ++ ++ More information can be found at: https://github.com/imq/linuximq ++ ++ If not sure leave the default settings alone. ++ ++config IMQ_BEHAVIOR_AA ++ bool "IMQ AA" ++ help ++ This setting defines how IMQ behaves in respect to its ++ hooking in PREROUTING and POSTROUTING. ++ ++ Choosing this option will make IMQ hook like this: ++ ++ PREROUTING: After NAT ++ POSTROUTING: After NAT ++ ++ More information can be found at: https://github.com/imq/linuximq ++ ++ If not sure leave the default settings alone. ++ ++config IMQ_BEHAVIOR_AB ++ bool "IMQ AB" ++ help ++ This setting defines how IMQ behaves in respect to its ++ hooking in PREROUTING and POSTROUTING. ++ ++ Choosing this option will make IMQ hook like this: ++ ++ PREROUTING: After NAT ++ POSTROUTING: Before NAT ++ ++ More information can be found at: https://github.com/imq/linuximq ++ ++ If not sure leave the default settings alone. ++ ++config IMQ_BEHAVIOR_BA ++ bool "IMQ BA" ++ help ++ This setting defines how IMQ behaves in respect to its ++ hooking in PREROUTING and POSTROUTING. ++ ++ Choosing this option will make IMQ hook like this: ++ ++ PREROUTING: Before NAT ++ POSTROUTING: After NAT ++ ++ More information can be found at: https://github.com/imq/linuximq ++ ++ If not sure leave the default settings alone. ++ ++config IMQ_BEHAVIOR_BB ++ bool "IMQ BB" ++ help ++ This setting defines how IMQ behaves in respect to its ++ hooking in PREROUTING and POSTROUTING. ++ ++ Choosing this option will make IMQ hook like this: ++ ++ PREROUTING: Before NAT ++ POSTROUTING: Before NAT ++ ++ More information can be found at: https://github.com/imq/linuximq ++ ++ If not sure leave the default settings alone. ++ ++endchoice ++ ++config IMQ_NUM_DEVS ++ int "Number of IMQ devices" ++ range 2 16 ++ depends on IMQ ++ default "16" ++ help ++ This setting defines how many IMQ devices will be created. ++ ++ The default value is 16. ++ ++ More information can be found at: https://github.com/imq/linuximq ++ ++ If not sure leave the default settings alone. ++ + config TUN + tristate "Universal TUN/TAP device driver support" + depends on INET +diff -Naupr linux-4.14_orig/drivers/net/Makefile linux-4.14/drivers/net/Makefile +--- linux-4.14_orig/drivers/net/Makefile 2017-11-13 01:46:13.000000000 +0700 ++++ linux-4.14/drivers/net/Makefile 2017-11-13 11:46:45.844089945 +0700 +@@ -13,6 +13,7 @@ obj-$(CONFIG_DUMMY) += dummy.o + obj-$(CONFIG_EQUALIZER) += eql.o + obj-$(CONFIG_IFB) += ifb.o + obj-$(CONFIG_MACSEC) += macsec.o ++obj-$(CONFIG_IMQ) += imq.o + obj-$(CONFIG_MACVLAN) += macvlan.o + obj-$(CONFIG_MACVTAP) += macvtap.o + obj-$(CONFIG_MII) += mii.o +diff -Naupr linux-4.14_orig/include/linux/imq.h linux-4.14/include/linux/imq.h +--- linux-4.14_orig/include/linux/imq.h 1970-01-01 07:00:00.000000000 +0700 ++++ linux-4.14/include/linux/imq.h 2017-11-13 11:46:45.844089945 +0700 +@@ -0,0 +1,13 @@ ++#ifndef _IMQ_H ++#define _IMQ_H ++ ++/* IFMASK (16 device indexes, 0 to 15) and flag(s) fit in 5 bits */ ++#define IMQ_F_BITS 5 ++ ++#define IMQ_F_IFMASK 0x0f ++#define IMQ_F_ENQUEUE 0x10 ++ ++#define IMQ_MAX_DEVS (IMQ_F_IFMASK + 1) ++ ++#endif /* _IMQ_H */ ++ +diff -Naupr linux-4.14_orig/include/linux/netdevice.h linux-4.14/include/linux/netdevice.h +--- linux-4.14_orig/include/linux/netdevice.h 2017-11-13 01:46:13.000000000 +0700 ++++ linux-4.14/include/linux/netdevice.h 2017-11-13 11:46:45.844089945 +0700 +@@ -1771,6 +1771,11 @@ struct net_device { + /* + * Cache lines mostly used on receive path (including eth_type_trans()) + */ ++ ++#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) ++ unsigned long last_rx; ++#endif ++ + /* Interface address info used in eth_type_trans() */ + unsigned char *dev_addr; + +@@ -3631,6 +3636,19 @@ static inline void netif_tx_unlock_bh(st + } \ + } + ++#define HARD_TX_LOCK_BH(dev, txq) { \ ++ if ((dev->features & NETIF_F_LLTX) == 0) { \ ++ __netif_tx_lock_bh(txq); \ ++ } \ ++} ++ ++#define HARD_TX_UNLOCK_BH(dev, txq) { \ ++ if ((dev->features & NETIF_F_LLTX) == 0) { \ ++ __netif_tx_unlock_bh(txq); \ ++ } \ ++} ++ ++ + static inline void netif_tx_disable(struct net_device *dev) + { + unsigned int i; +diff -Naupr linux-4.14_orig/include/linux/netfilter/xt_IMQ.h linux-4.14/include/linux/netfilter/xt_IMQ.h +--- linux-4.14_orig/include/linux/netfilter/xt_IMQ.h 1970-01-01 07:00:00.000000000 +0700 ++++ linux-4.14/include/linux/netfilter/xt_IMQ.h 2017-11-13 11:46:45.847423298 +0700 +@@ -0,0 +1,9 @@ ++#ifndef _XT_IMQ_H ++#define _XT_IMQ_H ++ ++struct xt_imq_info { ++ unsigned int todev; /* target imq device */ ++}; ++ ++#endif /* _XT_IMQ_H */ ++ +diff -Naupr linux-4.14_orig/include/linux/netfilter_ipv4/ipt_IMQ.h linux-4.14/include/linux/netfilter_ipv4/ipt_IMQ.h +--- linux-4.14_orig/include/linux/netfilter_ipv4/ipt_IMQ.h 1970-01-01 07:00:00.000000000 +0700 ++++ linux-4.14/include/linux/netfilter_ipv4/ipt_IMQ.h 2017-11-13 11:46:45.847423298 +0700 +@@ -0,0 +1,10 @@ ++#ifndef _IPT_IMQ_H ++#define _IPT_IMQ_H ++ ++/* Backwards compatibility for old userspace */ ++#include <linux/netfilter/xt_IMQ.h> ++ ++#define ipt_imq_info xt_imq_info ++ ++#endif /* _IPT_IMQ_H */ ++ +diff -Naupr linux-4.14_orig/include/linux/netfilter_ipv6/ip6t_IMQ.h linux-4.14/include/linux/netfilter_ipv6/ip6t_IMQ.h +--- linux-4.14_orig/include/linux/netfilter_ipv6/ip6t_IMQ.h 1970-01-01 07:00:00.000000000 +0700 ++++ linux-4.14/include/linux/netfilter_ipv6/ip6t_IMQ.h 2017-11-13 11:46:45.847423298 +0700 +@@ -0,0 +1,10 @@ ++#ifndef _IP6T_IMQ_H ++#define _IP6T_IMQ_H ++ ++/* Backwards compatibility for old userspace */ ++#include <linux/netfilter/xt_IMQ.h> ++ ++#define ip6t_imq_info xt_imq_info ++ ++#endif /* _IP6T_IMQ_H */ ++ +diff -Naupr linux-4.14_orig/include/linux/skbuff.h linux-4.14/include/linux/skbuff.h +--- linux-4.14_orig/include/linux/skbuff.h 2017-11-13 01:46:13.000000000 +0700 ++++ linux-4.14/include/linux/skbuff.h 2017-11-13 11:46:45.847423298 +0700 +@@ -41,6 +41,10 @@ + #include <linux/in6.h> + #include <linux/if_packet.h> + #include <net/flow.h> ++#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) ++#include <linux/imq.h> ++#endif ++ + + /* The interface for checksum offload between the stack and networking drivers + * is as follows... +@@ -581,7 +585,7 @@ typedef unsigned int sk_buff_data_t; + typedef unsigned char *sk_buff_data_t; + #endif + +-/** ++/** + * struct sk_buff - socket buffer + * @next: Next buffer in list + * @prev: Previous buffer in list +@@ -684,6 +688,9 @@ struct sk_buff { + * first. This is owned by whoever has the skb queued ATM. + */ + char cb[48] __aligned(8); ++#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) ++ void *cb_next; ++#endif + + unsigned long _skb_refdst; + void (*destructor)(struct sk_buff *skb); +@@ -693,6 +700,9 @@ struct sk_buff { + #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) + unsigned long _nfct; + #endif ++#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) ++ struct nf_queue_entry *nf_queue_entry; ++#endif + #if IS_ENABLED(CONFIG_BRIDGE_NETFILTER) + struct nf_bridge_info *nf_bridge; + #endif +@@ -772,6 +782,9 @@ struct sk_buff { + #ifdef CONFIG_NET_SWITCHDEV + __u8 offload_fwd_mark:1; + #endif ++#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) ++ __u8 imq_flags:IMQ_F_BITS; ++#endif + #ifdef CONFIG_NET_CLS_ACT + __u8 tc_skip_classify:1; + __u8 tc_at_ingress:1; +@@ -870,7 +883,7 @@ static inline bool skb_pfmemalloc(const + */ + static inline struct dst_entry *skb_dst(const struct sk_buff *skb) + { +- /* If refdst was not refcounted, check we still are in a ++ /* If refdst was not refcounted, check we still are in a + * rcu_read_lock section + */ + WARN_ON((skb->_skb_refdst & SKB_DST_NOREF) && +@@ -960,6 +973,12 @@ void skb_tx_error(struct sk_buff *skb); + void consume_skb(struct sk_buff *skb); + void __consume_stateless_skb(struct sk_buff *skb); + void __kfree_skb(struct sk_buff *skb); ++ ++#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) ++int skb_save_cb(struct sk_buff *skb); ++int skb_restore_cb(struct sk_buff *skb); ++#endif ++ + extern struct kmem_cache *skbuff_head_cache; + + void kfree_skb_partial(struct sk_buff *skb, bool head_stolen); +@@ -3785,8 +3804,12 @@ static inline void __nf_copy(struct sk_b + dst->_nfct = src->_nfct; + nf_conntrack_get(skb_nfct(src)); + #endif ++#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) ++ dst->imq_flags = src->imq_flags; ++ dst->nf_queue_entry = src->nf_queue_entry; ++#endif + #if IS_ENABLED(CONFIG_BRIDGE_NETFILTER) +- dst->nf_bridge = src->nf_bridge; ++ dst->nf_bridge = src->nf_bridge; + nf_bridge_get(src->nf_bridge); + #endif + #if IS_ENABLED(CONFIG_NETFILTER_XT_TARGET_TRACE) || defined(CONFIG_NF_TABLES) +diff -Naupr linux-4.14_orig/include/net/netfilter/nf_queue.h linux-4.14/include/net/netfilter/nf_queue.h +--- linux-4.14_orig/include/net/netfilter/nf_queue.h 2017-11-13 01:46:13.000000000 +0700 ++++ linux-4.14/include/net/netfilter/nf_queue.h 2017-11-13 11:46:45.847423298 +0700 +@@ -31,6 +31,12 @@ struct nf_queue_handler { + void nf_register_queue_handler(struct net *net, const struct nf_queue_handler *qh); + void nf_unregister_queue_handler(struct net *net); + void nf_reinject(struct nf_queue_entry *entry, unsigned int verdict); ++void nf_queue_entry_release_refs(struct nf_queue_entry *entry); ++ ++#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) ++void nf_register_queue_imq_handler(const struct nf_queue_handler *qh); ++void nf_unregister_queue_imq_handler(void); ++#endif + + void nf_queue_entry_get_refs(struct nf_queue_entry *entry); + void nf_queue_entry_release_refs(struct nf_queue_entry *entry); +diff -Naupr linux-4.14_orig/include/net/pkt_sched.h linux-4.14/include/net/pkt_sched.h +--- linux-4.14_orig/include/net/pkt_sched.h 2017-11-13 01:46:13.000000000 +0700 ++++ linux-4.14/include/net/pkt_sched.h 2017-11-13 11:46:45.850756651 +0700 +@@ -109,6 +109,8 @@ int sch_direct_xmit(struct sk_buff *skb, + + void __qdisc_run(struct Qdisc *q); + ++struct sk_buff *qdisc_dequeue_skb(struct Qdisc *q, bool *validate); ++ + static inline void qdisc_run(struct Qdisc *q) + { + if (qdisc_run_begin(q)) +diff -Naupr linux-4.14_orig/include/net/sch_generic.h linux-4.14/include/net/sch_generic.h +--- linux-4.14_orig/include/net/sch_generic.h 2017-11-13 01:46:13.000000000 +0700 ++++ linux-4.14/include/net/sch_generic.h 2017-11-13 11:46:45.850756651 +0700 +@@ -567,6 +567,13 @@ static inline int qdisc_enqueue(struct s + return sch->enqueue(skb, sch, to_free); + } + ++static inline int qdisc_enqueue_root(struct sk_buff *skb, struct Qdisc *sch, ++ struct sk_buff **to_free) ++{ ++ qdisc_skb_cb(skb)->pkt_len = skb->len; ++ return qdisc_enqueue(skb, sch, to_free) & NET_XMIT_MASK; ++} ++ + static inline bool qdisc_is_percpu_stats(const struct Qdisc *q) + { + return q->flags & TCQ_F_CPUSTATS; +diff -Naupr linux-4.14_orig/include/uapi/linux/netfilter.h linux-4.14/include/uapi/linux/netfilter.h +--- linux-4.14_orig/include/uapi/linux/netfilter.h 2017-11-13 01:46:13.000000000 +0700 ++++ linux-4.14/include/uapi/linux/netfilter.h 2017-11-13 11:46:45.850756651 +0700 +@@ -14,7 +14,8 @@ + #define NF_QUEUE 3 + #define NF_REPEAT 4 + #define NF_STOP 5 /* Deprecated, for userspace nf_queue compatibility. */ +-#define NF_MAX_VERDICT NF_STOP ++#define NF_IMQ_QUEUE 6 ++#define NF_MAX_VERDICT NF_IMQ_QUEUE + + /* we overload the higher bits for encoding auxiliary data such as the queue + * number or errno values. Not nice, but better than additional function +diff -Naupr linux-4.14_orig/net/core/dev.c linux-4.14/net/core/dev.c +--- linux-4.14_orig/net/core/dev.c 2017-11-13 01:46:13.000000000 +0700 ++++ linux-4.14/net/core/dev.c 2017-11-13 11:46:45.854090004 +0700 +@@ -143,6 +143,9 @@ + #include <linux/hrtimer.h> + #include <linux/netfilter_ingress.h> + #include <linux/crash_dump.h> ++#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) ++#include <linux/imq.h> ++#endif + #include <linux/sctp.h> + #include <net/udp_tunnel.h> + +@@ -2971,7 +2974,12 @@ static int xmit_one(struct sk_buff *skb, + unsigned int len; + int rc; + ++#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) ++ if ((!list_empty(&ptype_all) || !list_empty(&dev->ptype_all)) && ++ !(skb->imq_flags & IMQ_F_ENQUEUE)) ++#else + if (!list_empty(&ptype_all) || !list_empty(&dev->ptype_all)) ++#endif + dev_queue_xmit_nit(skb, dev); + + len = skb->len; +@@ -3010,6 +3018,8 @@ out: + return skb; + } + ++EXPORT_SYMBOL_GPL(dev_hard_start_xmit); ++ + static struct sk_buff *validate_xmit_vlan(struct sk_buff *skb, + netdev_features_t features) + { +diff -Naupr linux-4.14_orig/net/core/skbuff.c linux-4.14/net/core/skbuff.c +--- linux-4.14_orig/net/core/skbuff.c 2017-11-13 01:46:13.000000000 +0700 ++++ linux-4.14/net/core/skbuff.c 2017-11-13 11:46:45.854090004 +0700 +@@ -82,6 +82,87 @@ struct kmem_cache *skbuff_head_cache __r + static struct kmem_cache *skbuff_fclone_cache __read_mostly; + int sysctl_max_skb_frags __read_mostly = MAX_SKB_FRAGS; + EXPORT_SYMBOL(sysctl_max_skb_frags); ++#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) ++static struct kmem_cache *skbuff_cb_store_cache __read_mostly; ++#endif ++ ++#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) ++/* Control buffer save/restore for IMQ devices */ ++struct skb_cb_table { ++ char cb[48] __aligned(8); ++ void *cb_next; ++ atomic_t refcnt; ++}; ++ ++static DEFINE_SPINLOCK(skb_cb_store_lock); ++ ++int skb_save_cb(struct sk_buff *skb) ++{ ++ struct skb_cb_table *next; ++ ++ next = kmem_cache_alloc(skbuff_cb_store_cache, GFP_ATOMIC); ++ if (!next) ++ return -ENOMEM; ++ ++ BUILD_BUG_ON(sizeof(skb->cb) != sizeof(next->cb)); ++ ++ memcpy(next->cb, skb->cb, sizeof(skb->cb)); ++ next->cb_next = skb->cb_next; ++ ++ atomic_set(&next->refcnt, 1); ++ ++ skb->cb_next = next; ++ return 0; ++} ++EXPORT_SYMBOL(skb_save_cb); ++ ++int skb_restore_cb(struct sk_buff *skb) ++{ ++ struct skb_cb_table *next; ++ ++ if (!skb->cb_next) ++ return 0; ++ ++ next = skb->cb_next; ++ ++ BUILD_BUG_ON(sizeof(skb->cb) != sizeof(next->cb)); ++ ++ memcpy(skb->cb, next->cb, sizeof(skb->cb)); ++ skb->cb_next = next->cb_next; ++ ++ spin_lock(&skb_cb_store_lock); ++ ++ if (atomic_dec_and_test(&next->refcnt)) ++ kmem_cache_free(skbuff_cb_store_cache, next); ++ ++ spin_unlock(&skb_cb_store_lock); ++ ++ return 0; ++} ++EXPORT_SYMBOL(skb_restore_cb); ++ ++static void skb_copy_stored_cb(struct sk_buff * , const struct sk_buff * ) __attribute__ ((unused)); ++static void skb_copy_stored_cb(struct sk_buff *new, const struct sk_buff *__old) ++{ ++ struct skb_cb_table *next; ++ struct sk_buff *old; ++ ++ if (!__old->cb_next) { ++ new->cb_next = NULL; ++ return; ++ } ++ ++ spin_lock(&skb_cb_store_lock); ++ ++ old = (struct sk_buff *)__old; ++ ++ next = old->cb_next; ++ atomic_inc(&next->refcnt); ++ new->cb_next = next; ++ ++ spin_unlock(&skb_cb_store_lock); ++} ++#endif + + /** + * skb_panic - private function for out-of-line support +@@ -615,6 +696,28 @@ void skb_release_head_state(struct sk_bu + WARN_ON(in_irq()); + skb->destructor(skb); + } ++#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) ++ /* ++ * This should not happen. When it does, avoid memleak by restoring ++ * the chain of cb-backups. ++ */ ++ while (skb->cb_next != NULL) { ++ if (net_ratelimit()) ++ pr_warn("IMQ: kfree_skb: skb->cb_next: %08x\n", ++ (unsigned int)(uintptr_t)skb->cb_next); ++ ++ skb_restore_cb(skb); ++ } ++ /* ++ * This should not happen either, nf_queue_entry is nullified in ++ * imq_dev_xmit(). If we have non-NULL nf_queue_entry then we are ++ * leaking entry pointers, maybe memory. We don't know if this is ++ * pointer to already freed memory, or should this be freed. ++ * If this happens we need to add refcounting, etc for nf_queue_entry. ++ */ ++ if (skb->nf_queue_entry && net_ratelimit()) ++ pr_warn("%s\n", "IMQ: kfree_skb: skb->nf_queue_entry != NULL"); ++#endif + #if IS_ENABLED(CONFIG_NF_CONNTRACK) + nf_conntrack_put(skb_nfct(skb)); + #endif +@@ -804,6 +907,10 @@ static void __copy_skb_header(struct sk_ + new->sp = secpath_get(old->sp); + #endif + __nf_copy(new, old, false); ++#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) ++ new->cb_next = NULL; ++ /*skb_copy_stored_cb(new, old);*/ ++#endif + + /* Note : this field could be in headers_start/headers_end section + * It is not yet because we do not want to have a 16 bit hole +@@ -3902,6 +4009,13 @@ void __init skb_init(void) + 0, + SLAB_HWCACHE_ALIGN|SLAB_PANIC, + NULL); ++#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) ++ skbuff_cb_store_cache = kmem_cache_create("skbuff_cb_store_cache", ++ sizeof(struct skb_cb_table), ++ 0, ++ SLAB_HWCACHE_ALIGN|SLAB_PANIC, ++ NULL); ++#endif + } + + static int +diff -Naupr linux-4.14_orig/net/netfilter/core.c linux-4.14/net/netfilter/core.c +--- linux-4.14_orig/net/netfilter/core.c 2017-11-13 01:46:13.000000000 +0700 ++++ linux-4.14/net/netfilter/core.c 2017-11-13 14:16:05.896850774 +0700 +@@ -474,6 +474,11 @@ int nf_hook_slow(struct sk_buff *skb, st + if (ret == 0) + ret = -EPERM; + return ret; ++ case NF_IMQ_QUEUE: ++ ret = nf_queue(skb, state, e, s, verdict); ++ if (ret == -ECANCELED) ++ continue; ++ return ret; + case NF_QUEUE: + ret = nf_queue(skb, state, e, s, verdict); + if (ret == 1) +diff -Naupr linux-4.14_orig/net/netfilter/Kconfig linux-4.14/net/netfilter/Kconfig +--- linux-4.14_orig/net/netfilter/Kconfig 2017-11-13 01:46:13.000000000 +0700 ++++ linux-4.14/net/netfilter/Kconfig 2017-11-13 11:46:45.857423358 +0700 +@@ -867,6 +867,18 @@ config NETFILTER_XT_TARGET_LOG + + To compile it as a module, choose M here. If unsure, say N. + ++config NETFILTER_XT_TARGET_IMQ ++ tristate '"IMQ" target support' ++ depends on NETFILTER_XTABLES ++ depends on IP_NF_MANGLE || IP6_NF_MANGLE ++ select IMQ ++ default m if NETFILTER_ADVANCED=n ++ help ++ This option adds a `IMQ' target which is used to specify if and ++ to which imq device packets should get enqueued/dequeued. ++ ++ To compile it as a module, choose M here. If unsure, say N. ++ + config NETFILTER_XT_TARGET_MARK + tristate '"MARK" target support' + depends on NETFILTER_ADVANCED +diff -Naupr linux-4.14_orig/net/netfilter/Makefile linux-4.14/net/netfilter/Makefile +--- linux-4.14_orig/net/netfilter/Makefile 2017-11-13 01:46:13.000000000 +0700 ++++ linux-4.14/net/netfilter/Makefile 2017-11-13 11:46:45.857423358 +0700 +@@ -125,6 +125,7 @@ obj-$(CONFIG_NETFILTER_XT_TARGET_CT) += + obj-$(CONFIG_NETFILTER_XT_TARGET_DSCP) += xt_DSCP.o + obj-$(CONFIG_NETFILTER_XT_TARGET_HL) += xt_HL.o + obj-$(CONFIG_NETFILTER_XT_TARGET_HMARK) += xt_HMARK.o ++obj-$(CONFIG_NETFILTER_XT_TARGET_IMQ) += xt_IMQ.o + obj-$(CONFIG_NETFILTER_XT_TARGET_LED) += xt_LED.o + obj-$(CONFIG_NETFILTER_XT_TARGET_LOG) += xt_LOG.o + obj-$(CONFIG_NETFILTER_XT_TARGET_NETMAP) += xt_NETMAP.o +diff -Naupr linux-4.14_orig/net/netfilter/nf_queue.c linux-4.14/net/netfilter/nf_queue.c +--- linux-4.14_orig/net/netfilter/nf_queue.c 2017-11-13 01:46:13.000000000 +0700 ++++ linux-4.14/net/netfilter/nf_queue.c 2017-11-13 14:25:21.436864671 +0700 +@@ -1,4 +1,4 @@ +-/* ++ /* + * Rusty Russell (C)2000 -- This code is GPL. + * Patrick McHardy (c) 2006-2012 + */ +@@ -27,6 +27,23 @@ + * receives, no matter what. + */ + ++#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) ++static const struct nf_queue_handler __rcu *queue_imq_handler __read_mostly; ++ ++void nf_register_queue_imq_handler(const struct nf_queue_handler *qh) ++{ ++ rcu_assign_pointer(queue_imq_handler, qh); ++} ++EXPORT_SYMBOL_GPL(nf_register_queue_imq_handler); ++ ++void nf_unregister_queue_imq_handler(void) ++{ ++ RCU_INIT_POINTER(queue_imq_handler, NULL); ++ synchronize_rcu(); ++} ++EXPORT_SYMBOL_GPL(nf_unregister_queue_imq_handler); ++#endif ++ + /* return EBUSY when somebody else is registered, return EEXIST if the + * same handler is registered, return 0 in case of success. */ + void nf_register_queue_handler(struct net *net, const struct nf_queue_handler *qh) +@@ -113,16 +130,29 @@ EXPORT_SYMBOL_GPL(nf_queue_nf_hook_drop) + + static int __nf_queue(struct sk_buff *skb, const struct nf_hook_state *state, + const struct nf_hook_entries *entries, +- unsigned int index, unsigned int queuenum) ++ unsigned int index, unsigned int verdict) + { + int status = -ENOENT; + struct nf_queue_entry *entry = NULL; + const struct nf_afinfo *afinfo; + const struct nf_queue_handler *qh; + struct net *net = state->net; ++ unsigned int queuetype = verdict & NF_VERDICT_MASK; ++ unsigned int queuenum = verdict >> NF_VERDICT_QBITS; + + /* QUEUE == DROP if no one is waiting, to be safe. */ +- qh = rcu_dereference(net->nf.queue_handler); ++ ++ if (queuetype == NF_IMQ_QUEUE) { ++#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) ++ qh = rcu_dereference(queue_imq_handler); ++#else ++ BUG(); ++ goto err_unlock; ++#endif ++ } else { ++ qh = rcu_dereference(net->nf.queue_handler); ++ } ++ + if (!qh) { + status = -ESRCH; + goto err; +@@ -169,8 +199,16 @@ int nf_queue(struct sk_buff *skb, struct + { + int ret; + +- ret = __nf_queue(skb, state, entries, index, verdict >> NF_VERDICT_QBITS); ++ ret = __nf_queue(skb, state, entries, index, verdict); + if (ret < 0) { ++ ++#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) ++ /* IMQ Bypass */ ++ if (ret == -ECANCELED && skb->imq_flags == 0) { ++ return 1; ++ } ++#endif ++ + if (ret == -ESRCH && + (verdict & NF_VERDICT_FLAG_QUEUE_BYPASS)) + return 1; +@@ -256,6 +294,7 @@ next_hook: + local_bh_enable(); + break; + case NF_QUEUE: ++ case NF_IMQ_QUEUE: + err = nf_queue(skb, &entry->state, hooks, i, verdict); + if (err == 1) + goto next_hook; +diff -Naupr linux-4.14_orig/net/netfilter/xt_IMQ.c linux-4.14/net/netfilter/xt_IMQ.c +--- linux-4.14_orig/net/netfilter/xt_IMQ.c 1970-01-01 07:00:00.000000000 +0700 ++++ linux-4.14/net/netfilter/xt_IMQ.c 2017-11-13 11:46:45.857423358 +0700 +@@ -0,0 +1,72 @@ ++/* ++ * This target marks packets to be enqueued to an imq device ++ */ ++#include <linux/module.h> ++#include <linux/skbuff.h> ++#include <linux/netfilter/x_tables.h> ++#include <linux/netfilter/xt_IMQ.h> ++#include <linux/imq.h> ++ ++static unsigned int imq_target(struct sk_buff *pskb, ++ const struct xt_action_param *par) ++{ ++ const struct xt_imq_info *mr = par->targinfo; ++ ++ pskb->imq_flags = (mr->todev & IMQ_F_IFMASK) | IMQ_F_ENQUEUE; ++ ++ return XT_CONTINUE; ++} ++ ++static int imq_checkentry(const struct xt_tgchk_param *par) ++{ ++ struct xt_imq_info *mr = par->targinfo; ++ ++ if (mr->todev > IMQ_MAX_DEVS - 1) { ++ pr_warn("IMQ: invalid device specified, highest is %u\n", ++ IMQ_MAX_DEVS - 1); ++ return -EINVAL; ++ } ++ ++ return 0; ++} ++ ++static struct xt_target xt_imq_reg[] __read_mostly = { ++ { ++ .name = "IMQ", ++ .family = AF_INET, ++ .checkentry = imq_checkentry, ++ .target = imq_target, ++ .targetsize = sizeof(struct xt_imq_info), ++ .table = "mangle", ++ .me = THIS_MODULE ++ }, ++ { ++ .name = "IMQ", ++ .family = AF_INET6, ++ .checkentry = imq_checkentry, ++ .target = imq_target, ++ .targetsize = sizeof(struct xt_imq_info), ++ .table = "mangle", ++ .me = THIS_MODULE ++ }, ++}; ++ ++static int __init imq_init(void) ++{ ++ return xt_register_targets(xt_imq_reg, ARRAY_SIZE(xt_imq_reg)); ++} ++ ++static void __exit imq_fini(void) ++{ ++ xt_unregister_targets(xt_imq_reg, ARRAY_SIZE(xt_imq_reg)); ++} ++ ++module_init(imq_init); ++module_exit(imq_fini); ++ ++MODULE_AUTHOR("https://github.com/imq/linuximq"); ++MODULE_DESCRIPTION("Pseudo-driver for the intermediate queue device. See https://github.com/imq/linuximq/wiki for more information."); ++MODULE_LICENSE("GPL"); ++MODULE_ALIAS("ipt_IMQ"); ++MODULE_ALIAS("ip6t_IMQ"); ++ +diff -Naupr linux-4.14_orig/net/sched/sch_generic.c linux-4.14/net/sched/sch_generic.c +--- linux-4.14_orig/net/sched/sch_generic.c 2017-11-13 01:46:13.000000000 +0700 ++++ linux-4.14/net/sched/sch_generic.c 2017-11-13 11:46:45.857423358 +0700 +@@ -158,6 +158,14 @@ trace: + return skb; + } + ++struct sk_buff *qdisc_dequeue_skb(struct Qdisc *q, bool *validate) ++{ ++ int packets; ++ ++ return dequeue_skb(q, validate, &packets); ++} ++EXPORT_SYMBOL(qdisc_dequeue_skb); ++ + /* + * Transmit possibly several skbs, and handle the return status as + * required. Owning running seqcount bit guarantees that
hooks/post-receive -- IPFire 2.x development tree