This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, master has been updated via 4ba4645d12a5fb9b92b653ae282a1b65418f181e (commit) via b3ce3510ad207c9fb04c825a0a242aefed79bee7 (commit) via e4d242da4ae1074b75d5d45eeb16061ba178f6c4 (commit) via 615bf6e0f08b3e201f89d9d8e102daf81a307804 (commit) via 76bf53db8bfb5d2188e1aef82b89cff8cae74dd7 (commit) via 6f07564242a75187efc721850604e201df17f335 (commit) via 1e35eeac5963a1dc42ef378edffda138b5e333ed (commit) via fc09b98296c8ec85e60c2756c60785404103fae8 (commit) via 4b5aa973936a7c1b038aa74ff1b9a50172155e3b (commit) via 7d770777e046fd46a04a1e7c9894b15682fd124b (commit) via afe23fbb52ff8a27b34df2bb21c6c39b5ceec817 (commit) via 8d6b654369dc34fb5cce90c0bae2eb6b5826b55f (commit) via 951a9f9ba0e4c2b80b8a2db5101c6fee57ea274e (commit) via 50ed363e893b37749d8ad516766c7bb829c085b8 (commit) via 677c1f47d7613f109021dbeac0f280149b4ccca4 (commit) via 96f16b8501d921cb4b879f3f027d5bc3dfdfb53b (commit) via 0dfb3984d0c56164dc25dd1a9d1e2213da0aa142 (commit) via c37af2f0046d5e9d19397cd51d3320f11b9cd647 (commit) from 3670ac56221ae9697d2ca3c873ce9d7b798bd256 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 4ba4645d12a5fb9b92b653ae282a1b65418f181e Author: Matthias Fischer matthias.fischer@ipfire.org Date: Thu Oct 17 13:29:57 2019 +0200
bind: Update to 9.11.12
For details see: https://downloads.isc.org/isc/bind9/9.11.12/RELEASE-NOTES-bind-9.11.12.html
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit b3ce3510ad207c9fb04c825a0a242aefed79bee7 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Oct 17 16:01:10 2019 +0000
grub: Build after Python is available
The build sometimes aborted because python was not found when Grub was being built for EFI.
Fixes: #12209 Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit e4d242da4ae1074b75d5d45eeb16061ba178f6c4 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Mon Oct 21 19:00:19 2019 +0000
Revert "Revert "core137: Remove imq0 and unload imq module after QoS has been stopped""
This reverts commit 39c4ed442714451e380d45c9837547a081a80f6f.
commit 615bf6e0f08b3e201f89d9d8e102daf81a307804 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Oct 21 20:45:39 2019 +0200
QoS: Delete more unused iptables commands
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 76bf53db8bfb5d2188e1aef82b89cff8cae74dd7 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Oct 21 20:45:37 2019 +0200
QoS: Drop support for setting TOS bits per class
This is useless since no ISP will evaluate those settings any more and it has a rather large impact on throughput.
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 6f07564242a75187efc721850604e201df17f335 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Oct 21 20:45:38 2019 +0200
QoS: No longer set TOS bits for ACK packets
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 1e35eeac5963a1dc42ef378edffda138b5e333ed Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Oct 21 20:45:36 2019 +0200
QoS: Remove some IPsec rules which never worked
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit fc09b98296c8ec85e60c2756c60785404103fae8 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Oct 21 20:45:35 2019 +0200
QoS: Classify incoming traffic in PREROUTING
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 4b5aa973936a7c1b038aa74ff1b9a50172155e3b Author: Daniel Weismüller daniel.weismueller@ipfire.org Date: Mon Oct 21 20:45:34 2019 +0200
QoS: Use CONNMARK to mark connections in connection tracking
This patch modifies the connection tracking in that ways that it sets a connection mark which will be retrieved when a packet is being redirected to the IFB interface.
This way, we can use classification without having the packet being sent through iptables first.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Daniel Weismüller daniel.weismueller@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 7d770777e046fd46a04a1e7c9894b15682fd124b Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Oct 21 20:45:33 2019 +0200
Revert "Make IMQ Switchable between PREROUTING and POSTROUTING"
This reverts commit 88b8ffac6b258e7b7687eb26111134bf435e23ca.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit afe23fbb52ff8a27b34df2bb21c6c39b5ceec817 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Oct 21 20:45:32 2019 +0200
QoS: Drop support for subclasses
This feature was never properly implemented and the UI was dead
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Daniel Weismüller daniel.weismueller@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 8d6b654369dc34fb5cce90c0bae2eb6b5826b55f Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Oct 21 20:45:31 2019 +0200
QoS: Suppress an error message when cleaning up from previous runs
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Daniel Weismüller daniel.weismueller@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 951a9f9ba0e4c2b80b8a2db5101c6fee57ea274e Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Oct 21 20:45:30 2019 +0200
linux+iptables: Drop support for IMQ
This is no longer needed since we are using IFB now
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Daniel Weismüller daniel.weismueller@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 50ed363e893b37749d8ad516766c7bb829c085b8 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Oct 21 20:45:29 2019 +0200
QoS: Do not delete egress qdisc after classes have been created
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Daniel Weismüller daniel.weismueller@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 677c1f47d7613f109021dbeac0f280149b4ccca4 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Oct 21 20:45:28 2019 +0200
QoS: Start qosd immediately
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Daniel Weismüller daniel.weismueller@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 96f16b8501d921cb4b879f3f027d5bc3dfdfb53b Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Oct 21 20:45:27 2019 +0200
QoS: Tidy up qdiscs after QoS is being stopped
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Daniel Weismüller daniel.weismueller@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 0dfb3984d0c56164dc25dd1a9d1e2213da0aa142 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Oct 21 20:45:26 2019 +0200
QoS: Use Intermediate Functional Block
This is an alternative implementation to the Intermediate Queuing Device (IMQ) which is an out-of-tree kernel patch and has been criticised for being slow, especially with mutliple processors.
IFB is part of the mainline kernel and a lot less code.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Daniel Weismüller daniel.weismueller@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit c37af2f0046d5e9d19397cd51d3320f11b9cd647 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Oct 21 20:45:25 2019 +0200
QoS: Do not manually load iptables modules
This should not be necessary and causes the script to wait for two seconds.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Daniel Weismüller daniel.weismueller@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
-----------------------------------------------------------------------
Summary of changes: config/kernel/kernel.config.aarch64-ipfire | 7 - .../kernel/kernel.config.armv5tel-ipfire-kirkwood | 7 - config/kernel/kernel.config.armv5tel-ipfire-multi | 7 - config/kernel/kernel.config.i586-ipfire | 7 - config/kernel/kernel.config.i586-ipfire-pae | 7 - config/kernel/kernel.config.x86_64-ipfire | 7 - config/qos/makeqosscripts.pl | 226 +-- config/rootfiles/common/aarch64/linux | 13 - config/rootfiles/common/armv5tel/linux-kirkwood | 13 - config/rootfiles/common/armv5tel/linux-multi | 13 - config/rootfiles/common/bind | 8 +- config/rootfiles/common/i586/linux | 13 - config/rootfiles/common/iptables | 1 - config/rootfiles/common/x86_64/linux | 13 - config/rootfiles/core/137/update.sh | 6 + config/rootfiles/packages/linux-pae | 13 - doc/language_issues.de | 4 + doc/language_issues.en | 4 - doc/language_issues.es | 4 + doc/language_issues.fr | 4 + doc/language_issues.it | 4 + doc/language_issues.nl | 4 + doc/language_issues.pl | 4 + doc/language_issues.ru | 4 + doc/language_issues.tr | 4 + html/cgi-bin/qos.cgi | 209 --- lfs/bind | 4 +- lfs/iptables | 3 - lfs/linux | 3 - make.sh | 6 +- src/patches/iptables-1.4.12-IMQ-test4.diff | 141 -- src/patches/linux/linux-4.14-imq.diff | 1759 -------------------- 32 files changed, 73 insertions(+), 2449 deletions(-) delete mode 100644 src/patches/iptables-1.4.12-IMQ-test4.diff delete mode 100644 src/patches/linux/linux-4.14-imq.diff
Difference in files: diff --git a/config/kernel/kernel.config.aarch64-ipfire b/config/kernel/kernel.config.aarch64-ipfire index e263041a8..778b05a9a 100644 --- a/config/kernel/kernel.config.aarch64-ipfire +++ b/config/kernel/kernel.config.aarch64-ipfire @@ -908,7 +908,6 @@ CONFIG_NETFILTER_XT_TARGET_HMARK=m CONFIG_NETFILTER_XT_TARGET_IDLETIMER=m CONFIG_NETFILTER_XT_TARGET_LED=m CONFIG_NETFILTER_XT_TARGET_LOG=m -CONFIG_NETFILTER_XT_TARGET_IMQ=m CONFIG_NETFILTER_XT_TARGET_MARK=m CONFIG_NETFILTER_XT_NAT=m CONFIG_NETFILTER_XT_TARGET_NETMAP=m @@ -1992,12 +1991,6 @@ CONFIG_NETCONSOLE=m CONFIG_NETCONSOLE_DYNAMIC=y CONFIG_NETPOLL=y CONFIG_NET_POLL_CONTROLLER=y -CONFIG_IMQ=m -# CONFIG_IMQ_BEHAVIOR_AA is not set -CONFIG_IMQ_BEHAVIOR_AB=y -# CONFIG_IMQ_BEHAVIOR_BA is not set -# CONFIG_IMQ_BEHAVIOR_BB is not set -CONFIG_IMQ_NUM_DEVS=2 CONFIG_TUN=m CONFIG_TAP=m # CONFIG_TUN_VNET_CROSS_LE is not set diff --git a/config/kernel/kernel.config.armv5tel-ipfire-kirkwood b/config/kernel/kernel.config.armv5tel-ipfire-kirkwood index 35af2a984..fcbac3bcd 100644 --- a/config/kernel/kernel.config.armv5tel-ipfire-kirkwood +++ b/config/kernel/kernel.config.armv5tel-ipfire-kirkwood @@ -894,7 +894,6 @@ CONFIG_NETFILTER_XT_TARGET_HMARK=m CONFIG_NETFILTER_XT_TARGET_IDLETIMER=m CONFIG_NETFILTER_XT_TARGET_LED=m CONFIG_NETFILTER_XT_TARGET_LOG=m -CONFIG_NETFILTER_XT_TARGET_IMQ=m CONFIG_NETFILTER_XT_TARGET_MARK=m CONFIG_NETFILTER_XT_NAT=m CONFIG_NETFILTER_XT_TARGET_NETMAP=m @@ -1955,12 +1954,6 @@ CONFIG_NETCONSOLE=m CONFIG_NETCONSOLE_DYNAMIC=y CONFIG_NETPOLL=y CONFIG_NET_POLL_CONTROLLER=y -CONFIG_IMQ=m -# CONFIG_IMQ_BEHAVIOR_AA is not set -CONFIG_IMQ_BEHAVIOR_AB=y -# CONFIG_IMQ_BEHAVIOR_BA is not set -# CONFIG_IMQ_BEHAVIOR_BB is not set -CONFIG_IMQ_NUM_DEVS=2 CONFIG_TUN=m CONFIG_TAP=m # CONFIG_TUN_VNET_CROSS_LE is not set diff --git a/config/kernel/kernel.config.armv5tel-ipfire-multi b/config/kernel/kernel.config.armv5tel-ipfire-multi index e3be55bf5..fc74eb142 100644 --- a/config/kernel/kernel.config.armv5tel-ipfire-multi +++ b/config/kernel/kernel.config.armv5tel-ipfire-multi @@ -1166,7 +1166,6 @@ CONFIG_NETFILTER_XT_TARGET_HMARK=m CONFIG_NETFILTER_XT_TARGET_IDLETIMER=m CONFIG_NETFILTER_XT_TARGET_LED=m CONFIG_NETFILTER_XT_TARGET_LOG=m -CONFIG_NETFILTER_XT_TARGET_IMQ=m CONFIG_NETFILTER_XT_TARGET_MARK=m CONFIG_NETFILTER_XT_NAT=m CONFIG_NETFILTER_XT_TARGET_NETMAP=m @@ -2263,12 +2262,6 @@ CONFIG_NETCONSOLE=m CONFIG_NETCONSOLE_DYNAMIC=y CONFIG_NETPOLL=y CONFIG_NET_POLL_CONTROLLER=y -CONFIG_IMQ=m -# CONFIG_IMQ_BEHAVIOR_AA is not set -CONFIG_IMQ_BEHAVIOR_AB=y -# CONFIG_IMQ_BEHAVIOR_BA is not set -# CONFIG_IMQ_BEHAVIOR_BB is not set -CONFIG_IMQ_NUM_DEVS=2 CONFIG_TUN=m CONFIG_TAP=m # CONFIG_TUN_VNET_CROSS_LE is not set diff --git a/config/kernel/kernel.config.i586-ipfire b/config/kernel/kernel.config.i586-ipfire index 726e2fe03..4eaae6f74 100644 --- a/config/kernel/kernel.config.i586-ipfire +++ b/config/kernel/kernel.config.i586-ipfire @@ -1102,7 +1102,6 @@ CONFIG_NETFILTER_XT_TARGET_HMARK=m CONFIG_NETFILTER_XT_TARGET_IDLETIMER=m CONFIG_NETFILTER_XT_TARGET_LED=m CONFIG_NETFILTER_XT_TARGET_LOG=m -CONFIG_NETFILTER_XT_TARGET_IMQ=m CONFIG_NETFILTER_XT_TARGET_MARK=m CONFIG_NETFILTER_XT_NAT=m CONFIG_NETFILTER_XT_TARGET_NETMAP=m @@ -2171,12 +2170,6 @@ CONFIG_NETCONSOLE=m CONFIG_NETCONSOLE_DYNAMIC=y CONFIG_NETPOLL=y CONFIG_NET_POLL_CONTROLLER=y -CONFIG_IMQ=m -# CONFIG_IMQ_BEHAVIOR_AA is not set -CONFIG_IMQ_BEHAVIOR_AB=y -# CONFIG_IMQ_BEHAVIOR_BA is not set -# CONFIG_IMQ_BEHAVIOR_BB is not set -CONFIG_IMQ_NUM_DEVS=2 CONFIG_TUN=m CONFIG_TAP=m # CONFIG_TUN_VNET_CROSS_LE is not set diff --git a/config/kernel/kernel.config.i586-ipfire-pae b/config/kernel/kernel.config.i586-ipfire-pae index 4a61ff534..526adbbcb 100644 --- a/config/kernel/kernel.config.i586-ipfire-pae +++ b/config/kernel/kernel.config.i586-ipfire-pae @@ -1120,7 +1120,6 @@ CONFIG_NETFILTER_XT_TARGET_HMARK=m CONFIG_NETFILTER_XT_TARGET_IDLETIMER=m CONFIG_NETFILTER_XT_TARGET_LED=m CONFIG_NETFILTER_XT_TARGET_LOG=m -CONFIG_NETFILTER_XT_TARGET_IMQ=m CONFIG_NETFILTER_XT_TARGET_MARK=m CONFIG_NETFILTER_XT_NAT=m CONFIG_NETFILTER_XT_TARGET_NETMAP=m @@ -2191,12 +2190,6 @@ CONFIG_NETCONSOLE=m CONFIG_NETCONSOLE_DYNAMIC=y CONFIG_NETPOLL=y CONFIG_NET_POLL_CONTROLLER=y -CONFIG_IMQ=m -# CONFIG_IMQ_BEHAVIOR_AA is not set -CONFIG_IMQ_BEHAVIOR_AB=y -# CONFIG_IMQ_BEHAVIOR_BA is not set -# CONFIG_IMQ_BEHAVIOR_BB is not set -CONFIG_IMQ_NUM_DEVS=2 CONFIG_TUN=m CONFIG_TAP=m # CONFIG_TUN_VNET_CROSS_LE is not set diff --git a/config/kernel/kernel.config.x86_64-ipfire b/config/kernel/kernel.config.x86_64-ipfire index da87dce2d..c9563234e 100644 --- a/config/kernel/kernel.config.x86_64-ipfire +++ b/config/kernel/kernel.config.x86_64-ipfire @@ -1094,7 +1094,6 @@ CONFIG_NETFILTER_XT_TARGET_HMARK=m CONFIG_NETFILTER_XT_TARGET_IDLETIMER=m CONFIG_NETFILTER_XT_TARGET_LED=m CONFIG_NETFILTER_XT_TARGET_LOG=m -CONFIG_NETFILTER_XT_TARGET_IMQ=m CONFIG_NETFILTER_XT_TARGET_MARK=m CONFIG_NETFILTER_XT_NAT=y CONFIG_NETFILTER_XT_TARGET_NETMAP=m @@ -2148,12 +2147,6 @@ CONFIG_NETCONSOLE=m CONFIG_NETCONSOLE_DYNAMIC=y CONFIG_NETPOLL=y CONFIG_NET_POLL_CONTROLLER=y -CONFIG_IMQ=m -# CONFIG_IMQ_BEHAVIOR_AA is not set -CONFIG_IMQ_BEHAVIOR_AB=y -# CONFIG_IMQ_BEHAVIOR_BA is not set -# CONFIG_IMQ_BEHAVIOR_BB is not set -CONFIG_IMQ_NUM_DEVS=2 CONFIG_TUN=m CONFIG_TAP=m # CONFIG_TUN_VNET_CROSS_LE is not set diff --git a/config/qos/makeqosscripts.pl b/config/qos/makeqosscripts.pl index cddfa2772..1a5d01d52 100644 --- a/config/qos/makeqosscripts.pl +++ b/config/qos/makeqosscripts.pl @@ -35,26 +35,22 @@ my $errormessage = ""; my $c = ""; my $direntry = ""; my $classentry = ""; -my $subclassentry = ""; my $l7ruleentry = ""; my $portruleentry = ""; my $tosruleentry = ""; my @tmp = (); my @classes = (); -my @subclasses = (); my @l7rules = (); my @portrules = (); my @tosrules = (); my @tmpline = (); my @classline = (); -my @subclassline = (); my @tosruleline = (); my @l7ruleline = (); my @portruleline = (); my @proto = (); my %selected= () ; my $classfile = "/var/ipfire/qos/classes"; -my $subclassfile = "/var/ipfire/qos/subclasses"; my $level7file = "/var/ipfire/qos/level7config"; my $portfile = "/var/ipfire/qos/portconfig"; my $tosfile = "/var/ipfire/qos/tosconfig"; @@ -75,16 +71,12 @@ $qossettings{'RED_DEV'} = `cat /var/ipfire/red/iface`; $qossettings{'IMQ_DEV'} = 'imq0'; $qossettings{'TOS'} = ''; $qossettings{'VALID'} = 'yes'; -$qossettings{'IMQ_MODE'} = 'PREROUTING';
&General::readhash("${General::swroot}/qos/settings", %qossettings);
open( FILE, "< $classfile" ) or die "Unable to read $classfile"; @classes = <FILE>; close FILE; -open( FILE, "< $subclassfile" ) or die "Unable to read $subclassfile"; -@subclasses = <FILE>; -close FILE; open( FILE, "< $level7file" ) or die "Unable to read $level7file"; @l7rules = <FILE>; close FILE; @@ -142,7 +134,6 @@ case "$1" in echo "[iptables]" iptables -t mangle -n -L QOS-OUT -v -x 2> /dev/null iptables -t mangle -n -L QOS-INC -v -x 2> /dev/null - iptables -t mangle -n -L QOS-TOS -v -x 2> /dev/null exit 0 ;; esac @@ -191,27 +182,6 @@ foreach $classentry (sort @classes) print "\n"; } } -foreach $subclassentry (sort @subclasses) { - @subclassline = split( /;/, $subclassentry ); - if ($qossettings{'RED_DEV'} eq $subclassline[0]) { - $qossettings{'DEVICE'} = $subclassline[0]; - $qossettings{'CLASS'} = $subclassline[1]; - $qossettings{'SCLASS'} = $subclassline[2]; - $qossettings{'SPRIO'} = $subclassline[3]; - $qossettings{'SRATE'} = $subclassline[4]; - $qossettings{'SCEIL'} = $subclassline[5]; - $qossettings{'SBURST'} = $subclassline[6]; - $qossettings{'SCBURST'} = $subclassline[7]; - print "\ttc class add dev $qossettings{'DEVICE'} parent 1:$qossettings{'CLASS'} classid 1:$qossettings{'SCLASS'} htb rate $qossettings{'SRATE'}kbit ceil $qossettings{'SCEIL'}kbit prio $qossettings{'SPRIO'} "; - if ($qossettings{'SBURST'} > 0) { - print "burst $qossettings{'SBURST'}k "; - } - if (($qossettings{'SCBURST'} ne '') && ($qossettings{'SCBURST'} ne 0)) { - print "cburst $qossettings{'CBURST'}k"; - } - print "\n"; - } -}
print "\n\t### ATTACH QDISC TO LEAF CLASSES\n"; foreach $classentry (sort @classes) @@ -223,14 +193,6 @@ foreach $classentry (sort @classes) print "\ttc qdisc add dev $qossettings{'DEVICE'} parent 1:$qossettings{'CLASS'} handle $qossettings{'CLASS'}: fq_codel $fqcodel_options\n"; } } -foreach $subclassentry (sort @subclasses) { - @subclassline = split( /;/, $subclassentry ); - if ($qossettings{'RED_DEV'} eq $subclassline[0]) { - $qossettings{'DEVICE'} = $subclassline[0]; - $qossettings{'SCLASS'} = $subclassline[2]; - print "\ttc qdisc add dev $qossettings{'DEVICE'} parent 1:$qossettings{'SCLASS'} handle $qossettings{'SCLASS'}: fq_codel $fqcodel_options\n"; - } -} print "\n\t### FILTER TRAFFIC INTO CLASSES\n"; foreach $classentry (sort @classes) { @@ -241,15 +203,6 @@ foreach $classentry (sort @classes) print "\ttc filter add dev $qossettings{'DEVICE'} parent 1:0 prio 0 protocol ip handle $qossettings{'CLASS'} fw flowid 1:$qossettings{'CLASS'}\n"; } } -foreach $subclassentry (sort @subclasses) { - @subclassline = split( /;/, $subclassentry ); - if ($qossettings{'RED_DEV'} eq $subclassline[0]) { - $qossettings{'DEVICE'} = $subclassline[0]; - $qossettings{'CLASS'} = $subclassline[1]; - $qossettings{'SCLASS'} = $subclassline[2]; - print "\ttc filter add dev $qossettings{'DEVICE'} parent 1:0 prio 0 protocol ip handle $qossettings{'SCLASS'} fw flowid 1:$qossettings{'SCLASS'}\n"; - } -} print <<END
### add l7-filter to PREROUTING chain to see all traffic @@ -257,42 +210,33 @@ print <<END
### ADD QOS-OUT CHAIN TO THE MANGLE TABLE IN IPTABLES iptables -t mangle -N QOS-OUT - iptables -t mangle -N QOS-TOS iptables -t mangle -I POSTROUTING -o $qossettings{'RED_DEV'} -j QOS-OUT - iptables -t mangle -A POSTROUTING -o $qossettings{'RED_DEV'} -j QOS-TOS
### Don't change mark on traffic for the ipsec tunnel iptables -t mangle -A QOS-OUT -m mark --mark 50 -j RETURN
### MARK ACKs - iptables -t mangle -A QOS-OUT -p tcp --tcp-flags SYN,RST SYN -j TOS --set-tos 4 iptables -t mangle -A QOS-OUT -p tcp --tcp-flags SYN,RST SYN -j MARK --set-mark $qossettings{'ACK'} iptables -t mangle -A QOS-OUT -p tcp --tcp-flags SYN,RST SYN -j RETURN
iptables -t mangle -A QOS-OUT -p icmp -m length --length 40:100 -j MARK --set-mark $qossettings{'ACK'} iptables -t mangle -A QOS-OUT -p icmp -m length --length 40:100 -j RETURN
- iptables -t mangle -A QOS-OUT -p tcp --syn -m length --length 40:68 -j TOS --set-tos 4 iptables -t mangle -A QOS-OUT -p tcp --syn -m length --length 40:68 -j MARK --set-mark $qossettings{'ACK'} iptables -t mangle -A QOS-OUT -p tcp --syn -m length --length 40:68 -j RETURN
- iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL SYN,ACK -m length --length 40:68 -j TOS --set-tos 4 iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL SYN,ACK -m length --length 40:68 -j MARK --set-mark $qossettings{'ACK'} iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL SYN,ACK -m length --length 40:68 -j RETURN
- iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL ACK -m length --length 40:100 -j TOS --set-tos 4 iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL ACK -m length --length 40:100 -j MARK --set-mark $qossettings{'ACK'} iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL ACK -m length --length 40:100 -j RETURN
- iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL RST -j TOS --set-tos 4 iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL RST -j MARK --set-mark $qossettings{'ACK'} iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL RST -j RETURN
- iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL ACK,RST -j TOS --set-tos 4 iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL ACK,RST -j MARK --set-mark $qossettings{'ACK'} iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL ACK,RST -j RETURN
- iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL ACK,FIN -j TOS --set-tos 4 iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL ACK,FIN -j MARK --set-mark $qossettings{'ACK'} iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL ACK,FIN -j RETURN
@@ -406,14 +350,20 @@ print <<END ### $qossettings{'IMQ_DEV'} ###
+ tc qdisc del dev $qossettings{'RED_DEV'} ingress >/dev/null 2>&1 + tc qdisc add dev $qossettings{'RED_DEV'} handle ffff: ingress + ### BRING UP $qossettings{'IMQ_DEV'} - if [ `lsmod | grep -q ipt_IMQ` ]; then - insmod ipt_IMQ - sleep 2 + if [ ! -d "/sys/class/net/$qossettings{'IMQ_DEV'}" ]; then + ip link add name $qossettings{'IMQ_DEV'} type ifb fi - modprobe imq numdevs=1 numqueues=$(grep -c "^processor" /proc/cpuinfo || echo 1) + ip link set $qossettings{'IMQ_DEV'} up
+ tc filter add dev $qossettings{'RED_DEV'} parent ffff: protocol all u32 match u32 0 0 \ + action connmark \ + action mirred egress redirect dev $qossettings{'IMQ_DEV'} + ### ADD HTB QDISC FOR $qossettings{'IMQ_DEV'} tc qdisc del dev $qossettings{'IMQ_DEV'} root >/dev/null 2>&1 tc qdisc add dev $qossettings{'IMQ_DEV'} root handle 2: htb default $qossettings{'DEFCLASS_INC'} @@ -445,27 +395,6 @@ foreach $classentry (sort @classes) print "\n"; } } -foreach $subclassentry (sort @subclasses) { - @subclassline = split( /;/, $subclassentry ); - if ($qossettings{'IMQ_DEV'} eq $subclassline[0]) { - $qossettings{'DEVICE'} = $subclassline[0]; - $qossettings{'CLASS'} = $subclassline[1]; - $qossettings{'SCLASS'} = $subclassline[2]; - $qossettings{'SPRIO'} = $subclassline[3]; - $qossettings{'SRATE'} = $subclassline[4]; - $qossettings{'SCEIL'} = $subclassline[5]; - $qossettings{'SBURST'} = $subclassline[6]; - $qossettings{'SCBURST'} = $subclassline[7]; - print "\ttc class add dev $qossettings{'DEVICE'} parent 2:$qossettings{'CLASS'} classid 2:$qossettings{'SCLASS'} htb rate $qossettings{'SRATE'}kbit ceil $qossettings{'SCEIL'}kbit prio $qossettings{'SPRIO'} "; - if ($qossettings{'SBURST'} > 0) { - print "burst $qossettings{'SBURST'}k "; - } - if (($qossettings{'SCBURST'} ne '') && ($qossettings{'SCBURST'} ne 0)) { - print "cburst $qossettings{'CBURST'}k"; - } - print "\n"; - } -}
print "\n\t### ATTACH QDISC TO LEAF CLASSES\n"; foreach $classentry (sort @classes) @@ -477,14 +406,6 @@ foreach $classentry (sort @classes) print "\ttc qdisc add dev $qossettings{'DEVICE'} parent 2:$qossettings{'CLASS'} handle $qossettings{'CLASS'}: fq_codel $fqcodel_options\n"; } } -foreach $subclassentry (sort @subclasses) { - @subclassline = split( /;/, $subclassentry ); - if ($qossettings{'IMQ_DEV'} eq $subclassline[0]) { - $qossettings{'DEVICE'} = $subclassline[0]; - $qossettings{'SCLASS'} = $subclassline[2]; - print "\ttc qdisc add dev $qossettings{'DEVICE'} parent 2:$qossettings{'SCLASS'} handle $qossettings{'SCLASS'}: fq_codel $fqcodel_options\n"; - } -} print "\n\t### FILTER TRAFFIC INTO CLASSES\n"; foreach $classentry (sort @classes) { @@ -495,51 +416,18 @@ foreach $classentry (sort @classes) print "\ttc filter add dev $qossettings{'DEVICE'} parent 2:0 prio 0 protocol ip handle $qossettings{'CLASS'} fw flowid 2:$qossettings{'CLASS'}\n"; } } -foreach $subclassentry (sort @subclasses) { - @subclassline = split( /;/, $subclassentry ); - if ($qossettings{'IMQ_DEV'} eq $subclassline[0]) { - $qossettings{'DEVICE'} = $subclassline[0]; - $qossettings{'CLASS'} = $subclassline[1]; - $qossettings{'SCLASS'} = $subclassline[2]; - print "\ttc filter add dev $qossettings{'DEVICE'} parent 2:0 prio 0 protocol ip handle $qossettings{'SCLASS'} fw flowid 2:$qossettings{'SCLASS'}\n"; - } -} - -if ( $qossettings{'IMQ_MODE'} eq 'POSTROUTING' ) -{ print <<END
### ADD QOS-INC CHAIN TO THE MANGLE TABLE IN IPTABLES iptables -t mangle -N QOS-INC - iptables -t mangle -A POSTROUTING -i $qossettings{'RED_DEV'} -p ah -j RETURN - iptables -t mangle -A POSTROUTING -i $qossettings{'RED_DEV'} -p esp -j RETURN - iptables -t mangle -A POSTROUTING -i $qossettings{'RED_DEV'} -p ip -j RETURN - iptables -t mangle -A POSTROUTING -m mark ! --mark 0 ! -o $qossettings{'RED_DEV'} -j IMQ --todev 0 - iptables -t mangle -I FORWARD -i $qossettings{'RED_DEV'} -j QOS-INC - iptables -t mangle -A FORWARD -i $qossettings{'RED_DEV'} -j QOS-TOS - - ### SET TOS -END -; -} -else -{ -print <<END + iptables -t mangle -A PREROUTING -i $qossettings{'RED_DEV'} -j QOS-INC
- ### ADD QOS-INC CHAIN TO THE MANGLE TABLE IN IPTABLES - iptables -t mangle -N QOS-INC - iptables -t mangle -A PREROUTING -i $qossettings{'RED_DEV'} -p ah -j RETURN - iptables -t mangle -A PREROUTING -i $qossettings{'RED_DEV'} -p esp -j RETURN - iptables -t mangle -A PREROUTING -i $qossettings{'RED_DEV'} -p ip -j RETURN - iptables -t mangle -A PREROUTING -i $qossettings{'RED_DEV'} -j IMQ --todev 0 - iptables -t mangle -I PREROUTING -i $qossettings{'RED_DEV'} -j QOS-INC - iptables -t mangle -A PREROUTING -i $qossettings{'RED_DEV'} -j QOS-TOS + # If the packet is already marked, then skip the processing + iptables -t mangle -A QOS-INC -m mark ! --mark 0 -j RETURN
### SET TOS END ; -} - foreach $tosruleentry (sort @tosrules) { @tosruleline = split( /;/, $tosruleentry ); @@ -547,8 +435,7 @@ END $qossettings{'TOS'} = abs $tosruleline[2] * 2; if ( $tosruleline[1] eq $qossettings{'IMQ_DEV'} ) { - print "\tiptables -t mangle -A QOS-INC -m tos --tos $qossettings{'TOS'} -j MARK --set-mark $qossettings{'CLASS'}\n"; - print "\tiptables -t mangle -A QOS-INC -m tos --tos $qossettings{'TOS'} -j RETURN\n"; + print "\tiptables -t mangle -A QOS-INC -m mark --mark 0 -m tos --tos $qossettings{'TOS'} -j MARK --set-mark $qossettings{'CLASS'}\n"; }
} @@ -566,7 +453,7 @@ print "\n\t### SET PORT-RULES\n"; $qossettings{'QPORT'} = $portruleline[4]; $qossettings{'DIP'} = $portruleline[5]; $qossettings{'DPORT'} = $portruleline[6]; - print "\tiptables -t mangle -A QOS-INC "; + print "\tiptables -t mangle -A QOS-INC -m mark --mark 0 "; if ($qossettings{'QIP'} ne ''){ print "-s $qossettings{'QIP'} "; } @@ -584,24 +471,6 @@ print "\n\t### SET PORT-RULES\n"; print "--dport $qossettings{'DPORT'} "; } print "-j MARK --set-mark $qossettings{'CLASS'}\n"; - print "\tiptables -t mangle -A QOS-INC "; - if ($qossettings{'QIP'} ne ''){ - print "-s $qossettings{'QIP'} "; - } - if ($qossettings{'DIP'} ne ''){ - print "-d $qossettings{'DIP'} "; - } - print "-p $qossettings{'PPROT'} "; -# if (($qossettings{'QPORT'} ne '') || ($qossettings{'DPORT'} ne '')){ -# print "-m multiport "; -# } - if ($qossettings{'QPORT'} ne ''){ - print "--sport $qossettings{'QPORT'} "; - } - if ($qossettings{'DPORT'} ne ''){ - print "--dport $qossettings{'DPORT'} "; - } - print "-j RETURN\n\n"; } }
@@ -620,7 +489,7 @@ END $qossettings{'L7PROT'} = $l7ruleline[2]; $qossettings{'QIP'} = $l7ruleline[3]; $qossettings{'DIP'} = $l7ruleline[4]; - print "\tiptables -t mangle -A QOS-INC "; + print "\tiptables -t mangle -A QOS-INC -m mark --mark 0 "; if ($qossettings{'QIP'} ne ''){ print "-s $qossettings{'QIP'} "; } @@ -628,14 +497,6 @@ END print "-d $qossettings{'DIP'} "; } print "-m layer7 --l7dir /etc/l7-protocols/protocols --l7proto $qossettings{'L7PROT'} -j MARK --set-mark $qossettings{'CLASS'}\n"; - print "\tiptables -t mangle -A QOS-INC "; - if ($qossettings{'QIP'} ne ''){ - print "-s $qossettings{'QIP'} "; - } - if ($qossettings{'DIP'} ne ''){ - print "-d $qossettings{'DIP'} "; - } - print "-m layer7 --l7dir /etc/l7-protocols/protocols --l7proto $qossettings{'L7PROT'} -j RETURN\n"; } }
@@ -643,36 +504,12 @@ print <<END ### REDUNDANT: SET ALL NONMARKED PACKETS TO DEFAULT CLASS iptables -t mangle -A QOS-INC -m mark --mark 0 -j MARK --set-mark $qossettings{'DEFCLASS_INC'}
- ### SETTING TOS BITS -END -; - foreach $classentry (sort @classes) - { - @classline = split( /;/, $classentry ); - $qossettings{'CLASS'} = $classline[1]; - $qossettings{'TOS'} = abs $classline[7] * 2; - if ($qossettings{'TOS'} ne "0") { - print "\tiptables -t mangle -A QOS-TOS -m mark --mark $qossettings{'CLASS'} -j TOS --set-tos $qossettings{'TOS'}\n"; - print "\tiptables -t mangle -A QOS-TOS -m mark --mark $qossettings{'CLASS'} -j RETURN\n"; - } - } - foreach $subclassentry (sort @subclasses) - { - @subclassline = split( /;/, $subclassentry ); - $qossettings{'SUBCLASS'} = $subclassline[1]; - $qossettings{'TOS'} = $subclassline[8]; - $qossettings{'TOS'} = abs $qossettings{'TOS'} * 2; - if ($qossettings{'TOS'} ne "0") { - print "\tiptables -t mangle -A QOS-TOS -m mark --mark $qossettings{'SUBCLASS'} -j TOS --set-tos $qossettings{'TOS'}\n"; - print "\tiptables -t mangle -A QOS-TOS -m mark --mark $qossettings{'SUBCLASS'} -j RETURN\n"; - } - } - -print <<END + # Save mark in connection tracking + iptables -t mangle -A QOS-INC -j CONNMARK --save-mark
## STARTING COLLECTOR - ( sleep 10 && /usr/local/bin/qosd $qossettings{'RED_DEV'} >/dev/null 2>&1) & - ( sleep 10 && /usr/local/bin/qosd $qossettings{'IMQ_DEV'} >/dev/null 2>&1) & + /usr/local/bin/qosd $qossettings{'RED_DEV'} >/dev/null 2>&1 + /usr/local/bin/qosd $qossettings{'IMQ_DEV'} >/dev/null 2>&1
for i in $(ls $RRDLOG/class_*.rrd); do rrdtool update $i $(date +%s): 2>/dev/null @@ -684,36 +521,25 @@ print <<END clear|stop) ### RESET EVERYTHING TO A KNOWN STATE killall qosd >/dev/null 2>&1 - (sleep 3 && killall -9 qosd &>/dev/null) & + # DELETE QDISCS tc qdisc del dev $qossettings{'RED_DEV'} root >/dev/null 2>&1 + tc qdisc del dev $qossettings{'RED_DEV'} ingress >/dev/null 2>&1 tc qdisc add root dev $qossettings{'RED_DEV'} fq_codel >/dev/null 2>&1 tc qdisc del dev $qossettings{'IMQ_DEV'} root >/dev/null 2>&1 + tc qdisc del dev $qossettings{'IMQ_DEV'} ingress >/dev/null 2>&1 tc qdisc add root dev $qossettings{'IMQ_DEV'} fq_codel >/dev/null 2>&1 # STOP IMQ-DEVICE ip link set $qossettings{'IMQ_DEV'} down >/dev/null 2>&1 - iptables -t mangle --delete POSTROUTING -i $qossettings{'RED_DEV'} -p ah -j RETURN >/dev/null 2>&1 - iptables -t mangle --delete POSTROUTING -i $qossettings{'RED_DEV'} -p esp -j RETURN >/dev/null 2>&1 - iptables -t mangle --delete POSTROUTING -i $qossettings{'RED_DEV'} -p ip -j RETURN >/dev/null 2>&1 - iptables -t mangle --delete PREROUTING -i $qossettings{'RED_DEV'} -p ah -j RETURN >/dev/null 2>&1 - iptables -t mangle --delete PREROUTING -i $qossettings{'RED_DEV'} -p esp -j RETURN >/dev/null 2>&1 - iptables -t mangle --delete PREROUTING -i $qossettings{'RED_DEV'} -p ip -j RETURN >/dev/null 2>&1 - iptables -t mangle --delete POSTROUTING -m mark ! --mark 0 ! -o $qossettings{'RED_DEV'} -j IMQ --todev 0 >/dev/null 2>&1 - iptables -t mangle --delete PREROUTING -i $qossettings{'RED_DEV'} -j IMQ --todev 0 >/dev/null 2>&1 - # rmmod imq # this crash on 2.6.25.xx + ip link del $qossettings{'IMQ_DEV'} >/dev/null 2>&1 + # REMOVE & FLUSH CHAINS iptables -t mangle --delete POSTROUTING -o $qossettings{'RED_DEV'} -j QOS-OUT >/dev/null 2>&1 - iptables -t mangle --delete POSTROUTING -o $qossettings{'RED_DEV'} -j QOS-TOS >/dev/null 2>&1 + iptables -t mangle --delete PREROUTING -i $qossettings{'RED_DEV'} -j QOS-INC >/dev/null 2>&1 iptables -t mangle --flush QOS-OUT >/dev/null 2>&1 iptables -t mangle --delete-chain QOS-OUT >/dev/null 2>&1 - iptables -t mangle --delete FORWARD -i $qossettings{'RED_DEV'} -j QOS-INC >/dev/null 2>&1 - iptables -t mangle --delete FORWARD -i $qossettings{'RED_DEV'} -j QOS-TOS >/dev/null 2>&1 - iptables -t mangle --delete PREROUTING -i $qossettings{'RED_DEV'} -j QOS-INC >/dev/null 2>&1 - iptables -t mangle --delete PREROUTING -i $qossettings{'RED_DEV'} -j QOS-TOS >/dev/null 2>&1 iptables -t mangle --flush QOS-INC >/dev/null 2>&1 iptables -t mangle --delete-chain QOS-INC >/dev/null 2>&1 - iptables -t mangle --flush QOS-TOS >/dev/null 2>&1 - iptables -t mangle --delete-chain QOS-TOS >/dev/null 2>&1 # remove l7-filter iptables -t mangle --delete PREROUTING -m layer7 --l7proto unset
diff --git a/config/rootfiles/common/aarch64/linux b/config/rootfiles/common/aarch64/linux index 0451cadcd..d8e93542d 100644 --- a/config/rootfiles/common/aarch64/linux +++ b/config/rootfiles/common/aarch64/linux @@ -7648,12 +7648,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/config/illegal #lib/modules/KVER-ipfire/build/include/config/illegal/pointer #lib/modules/KVER-ipfire/build/include/config/illegal/pointer/value.h -#lib/modules/KVER-ipfire/build/include/config/imq -#lib/modules/KVER-ipfire/build/include/config/imq.h -#lib/modules/KVER-ipfire/build/include/config/imq/behavior -#lib/modules/KVER-ipfire/build/include/config/imq/behavior/ab.h -#lib/modules/KVER-ipfire/build/include/config/imq/num -#lib/modules/KVER-ipfire/build/include/config/imq/num/devs.h #lib/modules/KVER-ipfire/build/include/config/inet #lib/modules/KVER-ipfire/build/include/config/inet.h #lib/modules/KVER-ipfire/build/include/config/inet/ah.h @@ -8793,7 +8787,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/hl.h #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/hmark.h #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/idletimer.h -#lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/imq.h #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/led.h #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/log.h #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/mark.h @@ -12157,7 +12150,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/linux/iio/triggered_event.h #lib/modules/KVER-ipfire/build/include/linux/iio/types.h #lib/modules/KVER-ipfire/build/include/linux/ima.h -#lib/modules/KVER-ipfire/build/include/linux/imq.h #lib/modules/KVER-ipfire/build/include/linux/imx-media.h #lib/modules/KVER-ipfire/build/include/linux/in.h #lib/modules/KVER-ipfire/build/include/linux/in6.h @@ -12770,7 +12762,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/linux/netfilter/nfnetlink.h #lib/modules/KVER-ipfire/build/include/linux/netfilter/nfnetlink_acct.h #lib/modules/KVER-ipfire/build/include/linux/netfilter/x_tables.h -#lib/modules/KVER-ipfire/build/include/linux/netfilter/xt_IMQ.h #lib/modules/KVER-ipfire/build/include/linux/netfilter/xt_hashlimit.h #lib/modules/KVER-ipfire/build/include/linux/netfilter/xt_physdev.h #lib/modules/KVER-ipfire/build/include/linux/netfilter_arp @@ -12784,11 +12775,9 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv4 #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv4.h #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv4/ip_tables.h -#lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv4/ipt_IMQ.h #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv6 #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv6.h #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv6/ip6_tables.h -#lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv6/ip6t_IMQ.h #lib/modules/KVER-ipfire/build/include/linux/netlink.h #lib/modules/KVER-ipfire/build/include/linux/netpoll.h #lib/modules/KVER-ipfire/build/include/linux/nfs.h @@ -18482,7 +18471,6 @@ lib/modules/KVER-ipfire/kernel #lib/modules/KVER-ipfire/kernel/drivers/net/ethernet/wiznet/w5300.ko.xz #lib/modules/KVER-ipfire/kernel/drivers/net/geneve.ko.xz #lib/modules/KVER-ipfire/kernel/drivers/net/ifb.ko.xz -#lib/modules/KVER-ipfire/kernel/drivers/net/imq.ko.xz #lib/modules/KVER-ipfire/kernel/drivers/net/ipvlan #lib/modules/KVER-ipfire/kernel/drivers/net/ipvlan/ipvlan.ko.xz #lib/modules/KVER-ipfire/kernel/drivers/net/ipvlan/ipvtap.ko.xz @@ -19450,7 +19438,6 @@ lib/modules/KVER-ipfire/kernel #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_HL.ko.xz #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_HMARK.ko.xz #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_IDLETIMER.ko.xz -#lib/modules/KVER-ipfire/kernel/net/netfilter/xt_IMQ.ko.xz #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_LED.ko.xz #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_LOG.ko.xz #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_NETMAP.ko.xz diff --git a/config/rootfiles/common/armv5tel/linux-kirkwood b/config/rootfiles/common/armv5tel/linux-kirkwood index 78d0050de..2269896d8 100644 --- a/config/rootfiles/common/armv5tel/linux-kirkwood +++ b/config/rootfiles/common/armv5tel/linux-kirkwood @@ -7370,12 +7370,6 @@ boot/vmlinuz-KVER-ipfire-kirkwood #lib/modules/KVER-ipfire-kirkwood/build/include/config/iio/kfifo #lib/modules/KVER-ipfire-kirkwood/build/include/config/iio/kfifo/buf.h #lib/modules/KVER-ipfire-kirkwood/build/include/config/iio/trigger.h -#lib/modules/KVER-ipfire-kirkwood/build/include/config/imq -#lib/modules/KVER-ipfire-kirkwood/build/include/config/imq.h -#lib/modules/KVER-ipfire-kirkwood/build/include/config/imq/behavior -#lib/modules/KVER-ipfire-kirkwood/build/include/config/imq/behavior/ab.h -#lib/modules/KVER-ipfire-kirkwood/build/include/config/imq/num -#lib/modules/KVER-ipfire-kirkwood/build/include/config/imq/num/devs.h #lib/modules/KVER-ipfire-kirkwood/build/include/config/inet #lib/modules/KVER-ipfire-kirkwood/build/include/config/inet.h #lib/modules/KVER-ipfire-kirkwood/build/include/config/inet/ah.h @@ -8455,7 +8449,6 @@ boot/vmlinuz-KVER-ipfire-kirkwood #lib/modules/KVER-ipfire-kirkwood/build/include/config/netfilter/xt/target/hl.h #lib/modules/KVER-ipfire-kirkwood/build/include/config/netfilter/xt/target/hmark.h #lib/modules/KVER-ipfire-kirkwood/build/include/config/netfilter/xt/target/idletimer.h -#lib/modules/KVER-ipfire-kirkwood/build/include/config/netfilter/xt/target/imq.h #lib/modules/KVER-ipfire-kirkwood/build/include/config/netfilter/xt/target/led.h #lib/modules/KVER-ipfire-kirkwood/build/include/config/netfilter/xt/target/log.h #lib/modules/KVER-ipfire-kirkwood/build/include/config/netfilter/xt/target/mark.h @@ -11454,7 +11447,6 @@ boot/vmlinuz-KVER-ipfire-kirkwood #lib/modules/KVER-ipfire-kirkwood/build/include/linux/iio/triggered_event.h #lib/modules/KVER-ipfire-kirkwood/build/include/linux/iio/types.h #lib/modules/KVER-ipfire-kirkwood/build/include/linux/ima.h -#lib/modules/KVER-ipfire-kirkwood/build/include/linux/imq.h #lib/modules/KVER-ipfire-kirkwood/build/include/linux/imx-media.h #lib/modules/KVER-ipfire-kirkwood/build/include/linux/in.h #lib/modules/KVER-ipfire-kirkwood/build/include/linux/in6.h @@ -12067,7 +12059,6 @@ boot/vmlinuz-KVER-ipfire-kirkwood #lib/modules/KVER-ipfire-kirkwood/build/include/linux/netfilter/nfnetlink.h #lib/modules/KVER-ipfire-kirkwood/build/include/linux/netfilter/nfnetlink_acct.h #lib/modules/KVER-ipfire-kirkwood/build/include/linux/netfilter/x_tables.h -#lib/modules/KVER-ipfire-kirkwood/build/include/linux/netfilter/xt_IMQ.h #lib/modules/KVER-ipfire-kirkwood/build/include/linux/netfilter/xt_hashlimit.h #lib/modules/KVER-ipfire-kirkwood/build/include/linux/netfilter/xt_physdev.h #lib/modules/KVER-ipfire-kirkwood/build/include/linux/netfilter_arp @@ -12081,11 +12072,9 @@ boot/vmlinuz-KVER-ipfire-kirkwood #lib/modules/KVER-ipfire-kirkwood/build/include/linux/netfilter_ipv4 #lib/modules/KVER-ipfire-kirkwood/build/include/linux/netfilter_ipv4.h #lib/modules/KVER-ipfire-kirkwood/build/include/linux/netfilter_ipv4/ip_tables.h -#lib/modules/KVER-ipfire-kirkwood/build/include/linux/netfilter_ipv4/ipt_IMQ.h #lib/modules/KVER-ipfire-kirkwood/build/include/linux/netfilter_ipv6 #lib/modules/KVER-ipfire-kirkwood/build/include/linux/netfilter_ipv6.h #lib/modules/KVER-ipfire-kirkwood/build/include/linux/netfilter_ipv6/ip6_tables.h -#lib/modules/KVER-ipfire-kirkwood/build/include/linux/netfilter_ipv6/ip6t_IMQ.h #lib/modules/KVER-ipfire-kirkwood/build/include/linux/netlink.h #lib/modules/KVER-ipfire-kirkwood/build/include/linux/netpoll.h #lib/modules/KVER-ipfire-kirkwood/build/include/linux/nfs.h @@ -17461,7 +17450,6 @@ lib/modules/KVER-ipfire-kirkwood/kernel #lib/modules/KVER-ipfire-kirkwood/kernel/drivers/net/ethernet/rocker/rocker.ko.xz #lib/modules/KVER-ipfire-kirkwood/kernel/drivers/net/geneve.ko.xz #lib/modules/KVER-ipfire-kirkwood/kernel/drivers/net/ifb.ko.xz -#lib/modules/KVER-ipfire-kirkwood/kernel/drivers/net/imq.ko.xz #lib/modules/KVER-ipfire-kirkwood/kernel/drivers/net/ipvlan #lib/modules/KVER-ipfire-kirkwood/kernel/drivers/net/ipvlan/ipvlan.ko.xz #lib/modules/KVER-ipfire-kirkwood/kernel/drivers/net/ipvlan/ipvtap.ko.xz @@ -18392,7 +18380,6 @@ lib/modules/KVER-ipfire-kirkwood/kernel #lib/modules/KVER-ipfire-kirkwood/kernel/net/netfilter/xt_HL.ko.xz #lib/modules/KVER-ipfire-kirkwood/kernel/net/netfilter/xt_HMARK.ko.xz #lib/modules/KVER-ipfire-kirkwood/kernel/net/netfilter/xt_IDLETIMER.ko.xz -#lib/modules/KVER-ipfire-kirkwood/kernel/net/netfilter/xt_IMQ.ko.xz #lib/modules/KVER-ipfire-kirkwood/kernel/net/netfilter/xt_LED.ko.xz #lib/modules/KVER-ipfire-kirkwood/kernel/net/netfilter/xt_LOG.ko.xz #lib/modules/KVER-ipfire-kirkwood/kernel/net/netfilter/xt_NETMAP.ko.xz diff --git a/config/rootfiles/common/armv5tel/linux-multi b/config/rootfiles/common/armv5tel/linux-multi index 08a5f601c..1e7a090d9 100644 --- a/config/rootfiles/common/armv5tel/linux-multi +++ b/config/rootfiles/common/armv5tel/linux-multi @@ -8353,12 +8353,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire-multi/build/include/config/iio/kfifo #lib/modules/KVER-ipfire-multi/build/include/config/iio/kfifo/buf.h #lib/modules/KVER-ipfire-multi/build/include/config/iio/trigger.h -#lib/modules/KVER-ipfire-multi/build/include/config/imq -#lib/modules/KVER-ipfire-multi/build/include/config/imq.h -#lib/modules/KVER-ipfire-multi/build/include/config/imq/behavior -#lib/modules/KVER-ipfire-multi/build/include/config/imq/behavior/ab.h -#lib/modules/KVER-ipfire-multi/build/include/config/imq/num -#lib/modules/KVER-ipfire-multi/build/include/config/imq/num/devs.h #lib/modules/KVER-ipfire-multi/build/include/config/imx #lib/modules/KVER-ipfire-multi/build/include/config/imx/dma.h #lib/modules/KVER-ipfire-multi/build/include/config/imx/gpcv2.h @@ -9588,7 +9582,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire-multi/build/include/config/netfilter/xt/target/hl.h #lib/modules/KVER-ipfire-multi/build/include/config/netfilter/xt/target/hmark.h #lib/modules/KVER-ipfire-multi/build/include/config/netfilter/xt/target/idletimer.h -#lib/modules/KVER-ipfire-multi/build/include/config/netfilter/xt/target/imq.h #lib/modules/KVER-ipfire-multi/build/include/config/netfilter/xt/target/led.h #lib/modules/KVER-ipfire-multi/build/include/config/netfilter/xt/target/log.h #lib/modules/KVER-ipfire-multi/build/include/config/netfilter/xt/target/mark.h @@ -13192,7 +13185,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire-multi/build/include/linux/iio/triggered_event.h #lib/modules/KVER-ipfire-multi/build/include/linux/iio/types.h #lib/modules/KVER-ipfire-multi/build/include/linux/ima.h -#lib/modules/KVER-ipfire-multi/build/include/linux/imq.h #lib/modules/KVER-ipfire-multi/build/include/linux/imx-media.h #lib/modules/KVER-ipfire-multi/build/include/linux/in.h #lib/modules/KVER-ipfire-multi/build/include/linux/in6.h @@ -13805,7 +13797,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire-multi/build/include/linux/netfilter/nfnetlink.h #lib/modules/KVER-ipfire-multi/build/include/linux/netfilter/nfnetlink_acct.h #lib/modules/KVER-ipfire-multi/build/include/linux/netfilter/x_tables.h -#lib/modules/KVER-ipfire-multi/build/include/linux/netfilter/xt_IMQ.h #lib/modules/KVER-ipfire-multi/build/include/linux/netfilter/xt_hashlimit.h #lib/modules/KVER-ipfire-multi/build/include/linux/netfilter/xt_physdev.h #lib/modules/KVER-ipfire-multi/build/include/linux/netfilter_arp @@ -13819,11 +13810,9 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire-multi/build/include/linux/netfilter_ipv4 #lib/modules/KVER-ipfire-multi/build/include/linux/netfilter_ipv4.h #lib/modules/KVER-ipfire-multi/build/include/linux/netfilter_ipv4/ip_tables.h -#lib/modules/KVER-ipfire-multi/build/include/linux/netfilter_ipv4/ipt_IMQ.h #lib/modules/KVER-ipfire-multi/build/include/linux/netfilter_ipv6 #lib/modules/KVER-ipfire-multi/build/include/linux/netfilter_ipv6.h #lib/modules/KVER-ipfire-multi/build/include/linux/netfilter_ipv6/ip6_tables.h -#lib/modules/KVER-ipfire-multi/build/include/linux/netfilter_ipv6/ip6t_IMQ.h #lib/modules/KVER-ipfire-multi/build/include/linux/netlink.h #lib/modules/KVER-ipfire-multi/build/include/linux/netpoll.h #lib/modules/KVER-ipfire-multi/build/include/linux/nfs.h @@ -19598,7 +19587,6 @@ lib/modules/KVER-ipfire-multi/kernel #lib/modules/KVER-ipfire-multi/kernel/drivers/net/ethernet/wiznet/w5300.ko.xz #lib/modules/KVER-ipfire-multi/kernel/drivers/net/geneve.ko.xz #lib/modules/KVER-ipfire-multi/kernel/drivers/net/ifb.ko.xz -#lib/modules/KVER-ipfire-multi/kernel/drivers/net/imq.ko.xz #lib/modules/KVER-ipfire-multi/kernel/drivers/net/ipvlan #lib/modules/KVER-ipfire-multi/kernel/drivers/net/ipvlan/ipvlan.ko.xz #lib/modules/KVER-ipfire-multi/kernel/drivers/net/ipvlan/ipvtap.ko.xz @@ -20588,7 +20576,6 @@ lib/modules/KVER-ipfire-multi/kernel #lib/modules/KVER-ipfire-multi/kernel/net/netfilter/xt_HL.ko.xz #lib/modules/KVER-ipfire-multi/kernel/net/netfilter/xt_HMARK.ko.xz #lib/modules/KVER-ipfire-multi/kernel/net/netfilter/xt_IDLETIMER.ko.xz -#lib/modules/KVER-ipfire-multi/kernel/net/netfilter/xt_IMQ.ko.xz #lib/modules/KVER-ipfire-multi/kernel/net/netfilter/xt_LED.ko.xz #lib/modules/KVER-ipfire-multi/kernel/net/netfilter/xt_LOG.ko.xz #lib/modules/KVER-ipfire-multi/kernel/net/netfilter/xt_NETMAP.ko.xz diff --git a/config/rootfiles/common/bind b/config/rootfiles/common/bind index 6f90b879b..ff44473aa 100644 --- a/config/rootfiles/common/bind +++ b/config/rootfiles/common/bind @@ -272,11 +272,11 @@ usr/lib/libbind9.so.161.0.3 #usr/lib/libdns.la #usr/lib/libdns.so usr/lib/libdns.so.1107 -usr/lib/libdns.so.1107.0.1 +usr/lib/libdns.so.1107.0.2 #usr/lib/libisc.la #usr/lib/libisc.so usr/lib/libisc.so.1100 -usr/lib/libisc.so.1100.3.1 +usr/lib/libisc.so.1100.3.2 #usr/lib/libisccc.la #usr/lib/libisccc.so usr/lib/libisccc.so.161 @@ -284,11 +284,11 @@ usr/lib/libisccc.so.161.0.1 #usr/lib/libisccfg.la #usr/lib/libisccfg.so usr/lib/libisccfg.so.163 -usr/lib/libisccfg.so.163.0.2 +usr/lib/libisccfg.so.163.0.3 #usr/lib/liblwres.la #usr/lib/liblwres.so usr/lib/liblwres.so.161 -usr/lib/liblwres.so.161.0.1 +usr/lib/liblwres.so.161.0.2 #usr/share/man/man1/dig.1 #usr/share/man/man1/host.1 #usr/share/man/man1/nslookup.1 diff --git a/config/rootfiles/common/i586/linux b/config/rootfiles/common/i586/linux index 1a1ca83a7..1fe01233f 100644 --- a/config/rootfiles/common/i586/linux +++ b/config/rootfiles/common/i586/linux @@ -8187,12 +8187,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/config/illegal #lib/modules/KVER-ipfire/build/include/config/illegal/pointer #lib/modules/KVER-ipfire/build/include/config/illegal/pointer/value.h -#lib/modules/KVER-ipfire/build/include/config/imq -#lib/modules/KVER-ipfire/build/include/config/imq.h -#lib/modules/KVER-ipfire/build/include/config/imq/behavior -#lib/modules/KVER-ipfire/build/include/config/imq/behavior/ab.h -#lib/modules/KVER-ipfire/build/include/config/imq/num -#lib/modules/KVER-ipfire/build/include/config/imq/num/devs.h #lib/modules/KVER-ipfire/build/include/config/inet #lib/modules/KVER-ipfire/build/include/config/inet.h #lib/modules/KVER-ipfire/build/include/config/inet/ah.h @@ -9472,7 +9466,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/hl.h #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/hmark.h #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/idletimer.h -#lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/imq.h #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/led.h #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/log.h #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/mark.h @@ -13456,7 +13449,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/linux/iio/triggered_event.h #lib/modules/KVER-ipfire/build/include/linux/iio/types.h #lib/modules/KVER-ipfire/build/include/linux/ima.h -#lib/modules/KVER-ipfire/build/include/linux/imq.h #lib/modules/KVER-ipfire/build/include/linux/imx-media.h #lib/modules/KVER-ipfire/build/include/linux/in.h #lib/modules/KVER-ipfire/build/include/linux/in6.h @@ -14069,7 +14061,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/linux/netfilter/nfnetlink.h #lib/modules/KVER-ipfire/build/include/linux/netfilter/nfnetlink_acct.h #lib/modules/KVER-ipfire/build/include/linux/netfilter/x_tables.h -#lib/modules/KVER-ipfire/build/include/linux/netfilter/xt_IMQ.h #lib/modules/KVER-ipfire/build/include/linux/netfilter/xt_hashlimit.h #lib/modules/KVER-ipfire/build/include/linux/netfilter/xt_physdev.h #lib/modules/KVER-ipfire/build/include/linux/netfilter_arp @@ -14083,11 +14074,9 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv4 #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv4.h #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv4/ip_tables.h -#lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv4/ipt_IMQ.h #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv6 #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv6.h #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv6/ip6_tables.h -#lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv6/ip6t_IMQ.h #lib/modules/KVER-ipfire/build/include/linux/netlink.h #lib/modules/KVER-ipfire/build/include/linux/netpoll.h #lib/modules/KVER-ipfire/build/include/linux/nfs.h @@ -20196,7 +20185,6 @@ lib/modules/KVER-ipfire/kernel #lib/modules/KVER-ipfire/kernel/drivers/net/hyperv #lib/modules/KVER-ipfire/kernel/drivers/net/hyperv/hv_netvsc.ko.xz #lib/modules/KVER-ipfire/kernel/drivers/net/ifb.ko.xz -#lib/modules/KVER-ipfire/kernel/drivers/net/imq.ko.xz #lib/modules/KVER-ipfire/kernel/drivers/net/ipvlan #lib/modules/KVER-ipfire/kernel/drivers/net/ipvlan/ipvlan.ko.xz #lib/modules/KVER-ipfire/kernel/drivers/net/ipvlan/ipvtap.ko.xz @@ -21531,7 +21519,6 @@ lib/modules/KVER-ipfire/kernel #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_HL.ko.xz #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_HMARK.ko.xz #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_IDLETIMER.ko.xz -#lib/modules/KVER-ipfire/kernel/net/netfilter/xt_IMQ.ko.xz #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_LED.ko.xz #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_LOG.ko.xz #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_NETMAP.ko.xz diff --git a/config/rootfiles/common/iptables b/config/rootfiles/common/iptables index 389518646..0f8f1cf8c 100644 --- a/config/rootfiles/common/iptables +++ b/config/rootfiles/common/iptables @@ -64,7 +64,6 @@ lib/xtables/libxt_CT.so lib/xtables/libxt_DSCP.so lib/xtables/libxt_HMARK.so lib/xtables/libxt_IDLETIMER.so -lib/xtables/libxt_IMQ.so lib/xtables/libxt_LED.so lib/xtables/libxt_MARK.so lib/xtables/libxt_NFLOG.so diff --git a/config/rootfiles/common/x86_64/linux b/config/rootfiles/common/x86_64/linux index 755d7627a..68f907faa 100644 --- a/config/rootfiles/common/x86_64/linux +++ b/config/rootfiles/common/x86_64/linux @@ -8265,12 +8265,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/config/illegal #lib/modules/KVER-ipfire/build/include/config/illegal/pointer #lib/modules/KVER-ipfire/build/include/config/illegal/pointer/value.h -#lib/modules/KVER-ipfire/build/include/config/imq -#lib/modules/KVER-ipfire/build/include/config/imq.h -#lib/modules/KVER-ipfire/build/include/config/imq/behavior -#lib/modules/KVER-ipfire/build/include/config/imq/behavior/ab.h -#lib/modules/KVER-ipfire/build/include/config/imq/num -#lib/modules/KVER-ipfire/build/include/config/imq/num/devs.h #lib/modules/KVER-ipfire/build/include/config/inet #lib/modules/KVER-ipfire/build/include/config/inet.h #lib/modules/KVER-ipfire/build/include/config/inet/ah.h @@ -9529,7 +9523,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/hl.h #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/hmark.h #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/idletimer.h -#lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/imq.h #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/led.h #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/log.h #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/mark.h @@ -13471,7 +13464,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/linux/iio/triggered_event.h #lib/modules/KVER-ipfire/build/include/linux/iio/types.h #lib/modules/KVER-ipfire/build/include/linux/ima.h -#lib/modules/KVER-ipfire/build/include/linux/imq.h #lib/modules/KVER-ipfire/build/include/linux/imx-media.h #lib/modules/KVER-ipfire/build/include/linux/in.h #lib/modules/KVER-ipfire/build/include/linux/in6.h @@ -14084,7 +14076,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/linux/netfilter/nfnetlink.h #lib/modules/KVER-ipfire/build/include/linux/netfilter/nfnetlink_acct.h #lib/modules/KVER-ipfire/build/include/linux/netfilter/x_tables.h -#lib/modules/KVER-ipfire/build/include/linux/netfilter/xt_IMQ.h #lib/modules/KVER-ipfire/build/include/linux/netfilter/xt_hashlimit.h #lib/modules/KVER-ipfire/build/include/linux/netfilter/xt_physdev.h #lib/modules/KVER-ipfire/build/include/linux/netfilter_arp @@ -14098,11 +14089,9 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv4 #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv4.h #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv4/ip_tables.h -#lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv4/ipt_IMQ.h #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv6 #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv6.h #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv6/ip6_tables.h -#lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv6/ip6t_IMQ.h #lib/modules/KVER-ipfire/build/include/linux/netlink.h #lib/modules/KVER-ipfire/build/include/linux/netpoll.h #lib/modules/KVER-ipfire/build/include/linux/nfs.h @@ -20209,7 +20198,6 @@ lib/modules/KVER-ipfire/kernel #lib/modules/KVER-ipfire/kernel/drivers/net/hyperv #lib/modules/KVER-ipfire/kernel/drivers/net/hyperv/hv_netvsc.ko.xz #lib/modules/KVER-ipfire/kernel/drivers/net/ifb.ko.xz -#lib/modules/KVER-ipfire/kernel/drivers/net/imq.ko.xz #lib/modules/KVER-ipfire/kernel/drivers/net/ipvlan #lib/modules/KVER-ipfire/kernel/drivers/net/ipvlan/ipvlan.ko.xz #lib/modules/KVER-ipfire/kernel/drivers/net/ipvlan/ipvtap.ko.xz @@ -21522,7 +21510,6 @@ lib/modules/KVER-ipfire/kernel #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_HL.ko.xz #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_HMARK.ko.xz #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_IDLETIMER.ko.xz -#lib/modules/KVER-ipfire/kernel/net/netfilter/xt_IMQ.ko.xz #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_LED.ko.xz #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_LOG.ko.xz #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_NETMAP.ko.xz diff --git a/config/rootfiles/core/137/update.sh b/config/rootfiles/core/137/update.sh index f2e83fc77..5b0e6982f 100644 --- a/config/rootfiles/core/137/update.sh +++ b/config/rootfiles/core/137/update.sh @@ -82,6 +82,12 @@ rm -rf /lib/modules
# Stop services
+# Delete imq0 if it is still present after QoS has been stopped +if [ -d "/sys/class/net/imq0" ]; then + ip link del dev imq0 + modprobe -r imq +fi + # Extract files extract_files
diff --git a/config/rootfiles/packages/linux-pae b/config/rootfiles/packages/linux-pae index 590595828..f3966ce75 100644 --- a/config/rootfiles/packages/linux-pae +++ b/config/rootfiles/packages/linux-pae @@ -8189,12 +8189,6 @@ boot/vmlinuz-KVER-ipfire-pae #lib/modules/KVER-ipfire-pae/build/include/config/illegal #lib/modules/KVER-ipfire-pae/build/include/config/illegal/pointer #lib/modules/KVER-ipfire-pae/build/include/config/illegal/pointer/value.h -#lib/modules/KVER-ipfire-pae/build/include/config/imq -#lib/modules/KVER-ipfire-pae/build/include/config/imq.h -#lib/modules/KVER-ipfire-pae/build/include/config/imq/behavior -#lib/modules/KVER-ipfire-pae/build/include/config/imq/behavior/ab.h -#lib/modules/KVER-ipfire-pae/build/include/config/imq/num -#lib/modules/KVER-ipfire-pae/build/include/config/imq/num/devs.h #lib/modules/KVER-ipfire-pae/build/include/config/inet #lib/modules/KVER-ipfire-pae/build/include/config/inet.h #lib/modules/KVER-ipfire-pae/build/include/config/inet/ah.h @@ -9474,7 +9468,6 @@ boot/vmlinuz-KVER-ipfire-pae #lib/modules/KVER-ipfire-pae/build/include/config/netfilter/xt/target/hl.h #lib/modules/KVER-ipfire-pae/build/include/config/netfilter/xt/target/hmark.h #lib/modules/KVER-ipfire-pae/build/include/config/netfilter/xt/target/idletimer.h -#lib/modules/KVER-ipfire-pae/build/include/config/netfilter/xt/target/imq.h #lib/modules/KVER-ipfire-pae/build/include/config/netfilter/xt/target/led.h #lib/modules/KVER-ipfire-pae/build/include/config/netfilter/xt/target/log.h #lib/modules/KVER-ipfire-pae/build/include/config/netfilter/xt/target/mark.h @@ -13526,7 +13519,6 @@ boot/vmlinuz-KVER-ipfire-pae #lib/modules/KVER-ipfire-pae/build/include/linux/iio/triggered_event.h #lib/modules/KVER-ipfire-pae/build/include/linux/iio/types.h #lib/modules/KVER-ipfire-pae/build/include/linux/ima.h -#lib/modules/KVER-ipfire-pae/build/include/linux/imq.h #lib/modules/KVER-ipfire-pae/build/include/linux/imx-media.h #lib/modules/KVER-ipfire-pae/build/include/linux/in.h #lib/modules/KVER-ipfire-pae/build/include/linux/in6.h @@ -14139,7 +14131,6 @@ boot/vmlinuz-KVER-ipfire-pae #lib/modules/KVER-ipfire-pae/build/include/linux/netfilter/nfnetlink.h #lib/modules/KVER-ipfire-pae/build/include/linux/netfilter/nfnetlink_acct.h #lib/modules/KVER-ipfire-pae/build/include/linux/netfilter/x_tables.h -#lib/modules/KVER-ipfire-pae/build/include/linux/netfilter/xt_IMQ.h #lib/modules/KVER-ipfire-pae/build/include/linux/netfilter/xt_hashlimit.h #lib/modules/KVER-ipfire-pae/build/include/linux/netfilter/xt_physdev.h #lib/modules/KVER-ipfire-pae/build/include/linux/netfilter_arp @@ -14153,11 +14144,9 @@ boot/vmlinuz-KVER-ipfire-pae #lib/modules/KVER-ipfire-pae/build/include/linux/netfilter_ipv4 #lib/modules/KVER-ipfire-pae/build/include/linux/netfilter_ipv4.h #lib/modules/KVER-ipfire-pae/build/include/linux/netfilter_ipv4/ip_tables.h -#lib/modules/KVER-ipfire-pae/build/include/linux/netfilter_ipv4/ipt_IMQ.h #lib/modules/KVER-ipfire-pae/build/include/linux/netfilter_ipv6 #lib/modules/KVER-ipfire-pae/build/include/linux/netfilter_ipv6.h #lib/modules/KVER-ipfire-pae/build/include/linux/netfilter_ipv6/ip6_tables.h -#lib/modules/KVER-ipfire-pae/build/include/linux/netfilter_ipv6/ip6t_IMQ.h #lib/modules/KVER-ipfire-pae/build/include/linux/netlink.h #lib/modules/KVER-ipfire-pae/build/include/linux/netpoll.h #lib/modules/KVER-ipfire-pae/build/include/linux/nfs.h @@ -20267,7 +20256,6 @@ lib/modules/KVER-ipfire-pae/kernel #lib/modules/KVER-ipfire-pae/kernel/drivers/net/hyperv #lib/modules/KVER-ipfire-pae/kernel/drivers/net/hyperv/hv_netvsc.ko.xz #lib/modules/KVER-ipfire-pae/kernel/drivers/net/ifb.ko.xz -#lib/modules/KVER-ipfire-pae/kernel/drivers/net/imq.ko.xz #lib/modules/KVER-ipfire-pae/kernel/drivers/net/ipvlan #lib/modules/KVER-ipfire-pae/kernel/drivers/net/ipvlan/ipvlan.ko.xz #lib/modules/KVER-ipfire-pae/kernel/drivers/net/ipvlan/ipvtap.ko.xz @@ -21618,7 +21606,6 @@ lib/modules/KVER-ipfire-pae/kernel #lib/modules/KVER-ipfire-pae/kernel/net/netfilter/xt_HL.ko.xz #lib/modules/KVER-ipfire-pae/kernel/net/netfilter/xt_HMARK.ko.xz #lib/modules/KVER-ipfire-pae/kernel/net/netfilter/xt_IDLETIMER.ko.xz -#lib/modules/KVER-ipfire-pae/kernel/net/netfilter/xt_IMQ.ko.xz #lib/modules/KVER-ipfire-pae/kernel/net/netfilter/xt_LED.ko.xz #lib/modules/KVER-ipfire-pae/kernel/net/netfilter/xt_LOG.ko.xz #lib/modules/KVER-ipfire-pae/kernel/net/netfilter/xt_NETMAP.ko.xz diff --git a/doc/language_issues.de b/doc/language_issues.de index 412efdc47..61b1c8078 100644 --- a/doc/language_issues.de +++ b/doc/language_issues.de @@ -30,6 +30,7 @@ WARNING: translation string unused: Queuelenght WARNING: translation string unused: Remote IP WARNING: translation string unused: Remote VPN IP WARNING: translation string unused: Resolv +WARNING: translation string unused: Subclass WARNING: translation string unused: TOS Bits WARNING: translation string unused: Verbose WARNING: translation string unused: access allowed @@ -39,6 +40,7 @@ WARNING: translation string unused: add cron WARNING: translation string unused: add network WARNING: translation string unused: add new ovpn WARNING: translation string unused: add service +WARNING: translation string unused: add subclass WARNING: translation string unused: add xtaccess WARNING: translation string unused: add-route WARNING: translation string unused: addon @@ -140,6 +142,7 @@ WARNING: translation string unused: ccd maxclients WARNING: translation string unused: cfg restart WARNING: translation string unused: check for net traffic update WARNING: translation string unused: choose config +WARNING: translation string unused: class in use WARNING: translation string unused: clear cache WARNING: translation string unused: compression WARNING: translation string unused: connect @@ -548,6 +551,7 @@ WARNING: translation string unused: proxy no proxy extend WARNING: translation string unused: proxy no proxy local WARNING: translation string unused: proxy port WARNING: translation string unused: psk +WARNING: translation string unused: qos add subclass WARNING: translation string unused: reboot ask WARNING: translation string unused: reboot question WARNING: translation string unused: reboot schedule diff --git a/doc/language_issues.en b/doc/language_issues.en index 9ca53b50a..3581a688a 100644 --- a/doc/language_issues.en +++ b/doc/language_issues.en @@ -80,7 +80,6 @@ WARNING: untranslated string: Scan for Files = Scan for files WARNING: untranslated string: Scan for Songs = unknown string WARNING: untranslated string: Scan from Directory = Scan from directory WARNING: untranslated string: Set time on boot = Force setting the system clock on boot -WARNING: untranslated string: Subclass = Subclass WARNING: untranslated string: TOS Rule = TOS-Rule WARNING: untranslated string: TOS rule = TOS rule WARNING: untranslated string: The class number does not match the specified interface. = The class number does not match the specified interface. @@ -107,7 +106,6 @@ WARNING: untranslated string: add new alias = Add a new alias WARNING: untranslated string: add new lease = Add a new fixed lease WARNING: untranslated string: add printer = Add printer WARNING: untranslated string: add share = Add share -WARNING: untranslated string: add subclass = Add subclass WARNING: untranslated string: add user = Add user WARNING: untranslated string: added from dhcp lease list = Added from DHCP lease list WARNING: untranslated string: addons = Addons @@ -465,7 +463,6 @@ WARNING: untranslated string: check all = Check all WARNING: untranslated string: check vpn lr = Check WARNING: untranslated string: cipher = Encryption: WARNING: untranslated string: city = City -WARNING: untranslated string: class in use = The class is already in use. WARNING: untranslated string: clear playlist = Empty playlist WARNING: untranslated string: clenabled = Provide time to local network WARNING: untranslated string: click to disable = Enabled (click to disable) @@ -1517,7 +1514,6 @@ WARNING: untranslated string: proxy reports weekly = Weekly reports WARNING: untranslated string: ptr = PTR WARNING: untranslated string: pulse = Pulse WARNING: untranslated string: pulse dial = Pulse dial: -WARNING: untranslated string: qos add subclass = Add subclass WARNING: untranslated string: qos enter bandwidths = You will need to enter your downstream and upstream bandwidth! WARNING: untranslated string: qos graphs = Qos Graphs WARNING: untranslated string: qos warning = The rule <strong>must</strong> be saved, otherwise it will be discarded! diff --git a/doc/language_issues.es b/doc/language_issues.es index 2af165d6b..a4c5bf1f5 100644 --- a/doc/language_issues.es +++ b/doc/language_issues.es @@ -9,6 +9,7 @@ WARNING: translation string unused: Queuelenght WARNING: translation string unused: Remote IP WARNING: translation string unused: Remote VPN IP WARNING: translation string unused: Resolv +WARNING: translation string unused: Subclass WARNING: translation string unused: TOS Bits WARNING: translation string unused: Verbose WARNING: translation string unused: access allowed @@ -18,6 +19,7 @@ WARNING: translation string unused: add cron WARNING: translation string unused: add network WARNING: translation string unused: add new ovpn WARNING: translation string unused: add service +WARNING: translation string unused: add subclass WARNING: translation string unused: add xtaccess WARNING: translation string unused: add-route WARNING: translation string unused: admin user password has been changed @@ -129,6 +131,7 @@ WARNING: translation string unused: cfg restart WARNING: translation string unused: check for net traffic update WARNING: translation string unused: choose config WARNING: translation string unused: choose media +WARNING: translation string unused: class in use WARNING: translation string unused: clear cache WARNING: translation string unused: compression WARNING: translation string unused: connect @@ -475,6 +478,7 @@ WARNING: translation string unused: proxy no proxy extend WARNING: translation string unused: proxy no proxy local WARNING: translation string unused: proxy port WARNING: translation string unused: psk +WARNING: translation string unused: qos add subclass WARNING: translation string unused: quick control WARNING: translation string unused: reboot ask WARNING: translation string unused: reboot question diff --git a/doc/language_issues.fr b/doc/language_issues.fr index f48d65a80..3d657059f 100644 --- a/doc/language_issues.fr +++ b/doc/language_issues.fr @@ -31,6 +31,7 @@ WARNING: translation string unused: Queuelenght WARNING: translation string unused: Remote IP WARNING: translation string unused: Remote VPN IP WARNING: translation string unused: Resolv +WARNING: translation string unused: Subclass WARNING: translation string unused: TOS Bits WARNING: translation string unused: Verbose WARNING: translation string unused: access allowed @@ -40,6 +41,7 @@ WARNING: translation string unused: add cron WARNING: translation string unused: add network WARNING: translation string unused: add new ovpn WARNING: translation string unused: add service +WARNING: translation string unused: add subclass WARNING: translation string unused: add xtaccess WARNING: translation string unused: add-route WARNING: translation string unused: admin user password has been changed @@ -159,6 +161,7 @@ WARNING: translation string unused: cfg restart WARNING: translation string unused: check for net traffic update WARNING: translation string unused: choose config WARNING: translation string unused: choose media +WARNING: translation string unused: class in use WARNING: translation string unused: clear cache WARNING: translation string unused: compression WARNING: translation string unused: connect @@ -577,6 +580,7 @@ WARNING: translation string unused: proxy no proxy extend WARNING: translation string unused: proxy no proxy local WARNING: translation string unused: proxy port WARNING: translation string unused: psk +WARNING: translation string unused: qos add subclass WARNING: translation string unused: quick control WARNING: translation string unused: reboot ask WARNING: translation string unused: reboot question diff --git a/doc/language_issues.it b/doc/language_issues.it index 59c649954..973a7c12c 100644 --- a/doc/language_issues.it +++ b/doc/language_issues.it @@ -10,6 +10,7 @@ WARNING: translation string unused: Queuelenght WARNING: translation string unused: Remote IP WARNING: translation string unused: Remote VPN IP WARNING: translation string unused: Resolv +WARNING: translation string unused: Subclass WARNING: translation string unused: TOS Bits WARNING: translation string unused: Verbose WARNING: translation string unused: access allowed @@ -19,6 +20,7 @@ WARNING: translation string unused: add cron WARNING: translation string unused: add network WARNING: translation string unused: add new ovpn WARNING: translation string unused: add service +WARNING: translation string unused: add subclass WARNING: translation string unused: add xtaccess WARNING: translation string unused: add-route WARNING: translation string unused: admin user password has been changed @@ -137,6 +139,7 @@ WARNING: translation string unused: cfg restart WARNING: translation string unused: check for net traffic update WARNING: translation string unused: choose config WARNING: translation string unused: choose media +WARNING: translation string unused: class in use WARNING: translation string unused: clear cache WARNING: translation string unused: compression WARNING: translation string unused: connect @@ -552,6 +555,7 @@ WARNING: translation string unused: proxy no proxy extend WARNING: translation string unused: proxy no proxy local WARNING: translation string unused: proxy port WARNING: translation string unused: psk +WARNING: translation string unused: qos add subclass WARNING: translation string unused: quick control WARNING: translation string unused: reboot ask WARNING: translation string unused: reboot question diff --git a/doc/language_issues.nl b/doc/language_issues.nl index 836745e5a..2d5e06726 100644 --- a/doc/language_issues.nl +++ b/doc/language_issues.nl @@ -10,6 +10,7 @@ WARNING: translation string unused: Queuelenght WARNING: translation string unused: Remote IP WARNING: translation string unused: Remote VPN IP WARNING: translation string unused: Resolv +WARNING: translation string unused: Subclass WARNING: translation string unused: TOS Bits WARNING: translation string unused: Verbose WARNING: translation string unused: access allowed @@ -19,6 +20,7 @@ WARNING: translation string unused: add cron WARNING: translation string unused: add network WARNING: translation string unused: add new ovpn WARNING: translation string unused: add service +WARNING: translation string unused: add subclass WARNING: translation string unused: add xtaccess WARNING: translation string unused: add-route WARNING: translation string unused: admin user password has been changed @@ -136,6 +138,7 @@ WARNING: translation string unused: cfg restart WARNING: translation string unused: check for net traffic update WARNING: translation string unused: choose config WARNING: translation string unused: choose media +WARNING: translation string unused: class in use WARNING: translation string unused: clear cache WARNING: translation string unused: compression WARNING: translation string unused: connect @@ -547,6 +550,7 @@ WARNING: translation string unused: proxy no proxy extend WARNING: translation string unused: proxy no proxy local WARNING: translation string unused: proxy port WARNING: translation string unused: psk +WARNING: translation string unused: qos add subclass WARNING: translation string unused: quick control WARNING: translation string unused: reboot ask WARNING: translation string unused: reboot question diff --git a/doc/language_issues.pl b/doc/language_issues.pl index 2af165d6b..a4c5bf1f5 100644 --- a/doc/language_issues.pl +++ b/doc/language_issues.pl @@ -9,6 +9,7 @@ WARNING: translation string unused: Queuelenght WARNING: translation string unused: Remote IP WARNING: translation string unused: Remote VPN IP WARNING: translation string unused: Resolv +WARNING: translation string unused: Subclass WARNING: translation string unused: TOS Bits WARNING: translation string unused: Verbose WARNING: translation string unused: access allowed @@ -18,6 +19,7 @@ WARNING: translation string unused: add cron WARNING: translation string unused: add network WARNING: translation string unused: add new ovpn WARNING: translation string unused: add service +WARNING: translation string unused: add subclass WARNING: translation string unused: add xtaccess WARNING: translation string unused: add-route WARNING: translation string unused: admin user password has been changed @@ -129,6 +131,7 @@ WARNING: translation string unused: cfg restart WARNING: translation string unused: check for net traffic update WARNING: translation string unused: choose config WARNING: translation string unused: choose media +WARNING: translation string unused: class in use WARNING: translation string unused: clear cache WARNING: translation string unused: compression WARNING: translation string unused: connect @@ -475,6 +478,7 @@ WARNING: translation string unused: proxy no proxy extend WARNING: translation string unused: proxy no proxy local WARNING: translation string unused: proxy port WARNING: translation string unused: psk +WARNING: translation string unused: qos add subclass WARNING: translation string unused: quick control WARNING: translation string unused: reboot ask WARNING: translation string unused: reboot question diff --git a/doc/language_issues.ru b/doc/language_issues.ru index b904157b1..06e68dfd3 100644 --- a/doc/language_issues.ru +++ b/doc/language_issues.ru @@ -10,6 +10,7 @@ WARNING: translation string unused: Queuelenght WARNING: translation string unused: Remote IP WARNING: translation string unused: Remote VPN IP WARNING: translation string unused: Resolv +WARNING: translation string unused: Subclass WARNING: translation string unused: TOS Bits WARNING: translation string unused: Verbose WARNING: translation string unused: access allowed @@ -19,6 +20,7 @@ WARNING: translation string unused: add cron WARNING: translation string unused: add network WARNING: translation string unused: add new ovpn WARNING: translation string unused: add service +WARNING: translation string unused: add subclass WARNING: translation string unused: add xtaccess WARNING: translation string unused: add-route WARNING: translation string unused: admin user password has been changed @@ -130,6 +132,7 @@ WARNING: translation string unused: cfg restart WARNING: translation string unused: check for net traffic update WARNING: translation string unused: choose config WARNING: translation string unused: choose media +WARNING: translation string unused: class in use WARNING: translation string unused: clear cache WARNING: translation string unused: compression WARNING: translation string unused: connect @@ -478,6 +481,7 @@ WARNING: translation string unused: proxy no proxy extend WARNING: translation string unused: proxy no proxy local WARNING: translation string unused: proxy port WARNING: translation string unused: psk +WARNING: translation string unused: qos add subclass WARNING: translation string unused: quick control WARNING: translation string unused: reboot ask WARNING: translation string unused: reboot question diff --git a/doc/language_issues.tr b/doc/language_issues.tr index cf773d8cb..5bbf9a1b5 100644 --- a/doc/language_issues.tr +++ b/doc/language_issues.tr @@ -31,6 +31,7 @@ WARNING: translation string unused: Queuelenght WARNING: translation string unused: Remote IP WARNING: translation string unused: Remote VPN IP WARNING: translation string unused: Resolv +WARNING: translation string unused: Subclass WARNING: translation string unused: TOS Bits WARNING: translation string unused: Verbose WARNING: translation string unused: access allowed @@ -40,6 +41,7 @@ WARNING: translation string unused: add cron WARNING: translation string unused: add network WARNING: translation string unused: add new ovpn WARNING: translation string unused: add service +WARNING: translation string unused: add subclass WARNING: translation string unused: add xtaccess WARNING: translation string unused: add-route WARNING: translation string unused: admin user password has been changed @@ -159,6 +161,7 @@ WARNING: translation string unused: cfg restart WARNING: translation string unused: check for net traffic update WARNING: translation string unused: choose config WARNING: translation string unused: choose media +WARNING: translation string unused: class in use WARNING: translation string unused: clear cache WARNING: translation string unused: compression WARNING: translation string unused: connect @@ -580,6 +583,7 @@ WARNING: translation string unused: proxy no proxy extend WARNING: translation string unused: proxy no proxy local WARNING: translation string unused: proxy port WARNING: translation string unused: psk +WARNING: translation string unused: qos add subclass WARNING: translation string unused: quick control WARNING: translation string unused: reboot ask WARNING: translation string unused: reboot question diff --git a/html/cgi-bin/qos.cgi b/html/cgi-bin/qos.cgi index b7af11204..8211a3ca0 100644 --- a/html/cgi-bin/qos.cgi +++ b/html/cgi-bin/qos.cgi @@ -38,19 +38,16 @@ my $errormessage = ""; my $c = ""; my $direntry = ""; my $classentry = ""; -my $subclassentry = ""; my $l7ruleentry = ""; my $portruleentry = ""; my $tosruleentry = ""; my @tmp = (); my @classes = (); -my @subclasses = (); my @l7rules = (); my @portrules = (); my @tosrules = (); my @tmpline = (); my @classline = (); -my @subclassline = (); my @l7ruleline = (); my @portruleline = (); my @tosruleline = (); @@ -58,7 +55,6 @@ my @proto = (); my %selected= (); my @checked = (); my $classfile = "/var/ipfire/qos/classes"; -my $subclassfile = "/var/ipfire/qos/subclasses"; my $level7file = "/var/ipfire/qos/level7config"; my $portfile = "/var/ipfire/qos/portconfig"; my $tosfile = "/var/ipfire/qos/tosconfig"; @@ -85,7 +81,6 @@ $qossettings{'IMQ_DEV_SEL'} = ''; $qossettings{'PRIO'} = ''; $qossettings{'SPD'} = ''; $qossettings{'CLASS'} = ''; -$qossettings{'SCLASS'} = ''; $qossettings{'QPORT'} = ''; $qossettings{'DPORT'} = ''; $qossettings{'QIP'} = ''; @@ -98,7 +93,6 @@ $qossettings{'MAXBWDTH'} = ''; $qossettings{'BURST'} = ''; $qossettings{'CBURST'} = ''; $qossettings{'DOCLASS'} = ''; -$qossettings{'DOSCLASS'} = ''; $qossettings{'DOLEVEL7'} = ''; $qossettings{'DOPORT'} = ''; $qossettings{'CLASS'} = ''; @@ -194,60 +188,12 @@ elsif ($qossettings{'DOCLASS'} eq $Lang::tr{'delete'}) } } close FILE; - open( FILE, "< $subclassfile" ) or die "Unable to read $classfile"; - @tmp = <FILE>; - close FILE; - open( FILE, "> $subclassfile" ) or die "Unable to write $classfile"; - foreach $subclassentry (sort @tmp) - { - @tmpline = split( /;/, $subclassentry ); - if ( $tmpline[1] ne $qossettings{'CLASS'} ) - { - print FILE $subclassentry; - } - } - close FILE; $message = "$Lang::tr{'Class'} $qossettings{'CLASS'} $Lang::tr{'Class was deleted'}"; }
############################################################################################################################ ############################################################################################################################
-if ($qossettings{'DOSCLASS'} eq $Lang::tr{'save'}) -{ - &validsubclass(); - &validminbwdth(); - if ( $qossettings{'VALID'} eq 'yes' ) { - open( FILE, ">> $subclassfile" ) or die "Unable to write $subclassfile"; - print FILE <<END -$qossettings{'DEVICE'};$qossettings{'CLASS'};$qossettings{'SCLASS'};$qossettings{'PRIO'};$qossettings{'MINBWDTH'};$qossettings{'MAXBWDTH'};$qossettings{'BURST'};$qossettings{'CBURST'};$qossettings{'TOS'}; -END -; - close FILE; - } else { - $qossettings{'ACTION'} = $Lang::tr{'qos add subclass'}; - } -} elsif ($qossettings{'DOSCLASS'} eq $Lang::tr{'delete'}) -{ - open( FILE, "< $subclassfile" ) or die "Unable to read $classfile"; - @tmp = <FILE>; - close FILE; - open( FILE, "> $subclassfile" ) or die "Unable to write $classfile"; - foreach $subclassentry (sort @tmp) - { - @tmpline = split( /;/, $subclassentry ); - if ( $tmpline[2] ne $qossettings{'CLASS'} ) - { - print FILE $subclassentry; - } - } - close FILE; - $message = "$Lang::tr{'Subclass'} $qossettings{'CLASS'} $Lang::tr{'was deleted'}."; -} - -############################################################################################################################ -############################################################################################################################ - if ($qossettings{'DOLEVEL7'} eq $Lang::tr{'save'}) { if ( $qossettings{'QIP'} ne '' ) { @@ -612,13 +558,6 @@ elsif ($qossettings{'ACTION'} eq $Lang::tr{'parentclass add'} ) &Header::closepage(); exit } -elsif ($qossettings{'ACTION'} eq $Lang::tr{'qos add subclass'}) -{ - &subclass(); - &Header::closebigbox(); - &Header::closepage(); - exit -} elsif ($qossettings{'ACTION'} eq $Lang::tr{'Add Rule'}) { &Header::openbox('100%', 'center', $Lang::tr{'Add Rule'}); @@ -944,18 +883,6 @@ END <tr><td width='33%' align='right'>Ceilburst: <td width='33%' align='left'><input type='text' size='20' name='CBURST' maxlength='8' value="$qossettings{'CBURST'}" /> <td width='33%' align='center'> -END -; - $selected{'TOS'}{$qossettings{'TOS'}} = "selected='selected'"; -print <<END - <tr><td width='33%' align='right'>TOS-Bit: - <td width='33%' align='left'><select name='TOS'> - <option value='0' $selected{'TOS'}{'0'}>$Lang::tr{'disabled'} (0)</option> - <option value='8' $selected{'TOS'}{'8'}>$Lang::tr{'min delay'} (8)</option> - <option value='4' $selected{'TOS'}{'4'}>$Lang::tr{'max throughput'} (4)</option> - <option value='2' $selected{'TOS'}{'2'}>$Lang::tr{'max reliability'} (2)</option> - <option value='1' $selected{'TOS'}{'1'}>$Lang::tr{'min costs'} (1)</option></select> - <td width='33%' align='center'> <tr><td width='33%' align='right'>$Lang::tr{'remark'}: <td width='66%' colspan='2' align='left'><input type='text' name='REMARK' size='40' maxlength='40' value="$qossettings{'REMARK'}" /> <tr><td width='33%' align='right'><img src='/blob.gif' alt='*' /> $Lang::tr{'required field'} @@ -967,81 +894,6 @@ END &Header::closebox(); }
-sub subclass { - &Header::openbox('100%', 'center', $Lang::tr{'Subclass'}); - print <<END - <form method='post' action='$ENV{'SCRIPT_NAME'}'> - <table width='66%'> -END -; - if ( $message ne "" ) { - print "<tr><td colspan='3' align='center'>$message"; - } - print <<END - <tr><td colspan='3' width='100%'>$Lang::tr{'current class'}: $qossettings{'CLASS'} - <tr><td width='100%' colspan='3'>$Lang::tr{'enter data'} - <tr><td width='33%' align='right'>$Lang::tr{'Subclass'}:<td width='33%' align='left'><select name='SCLASS'> -END -; - if ($qossettings{'CLASS'} >= 100 && $qossettings{'CLASS'} < 121) { - $qossettings{'DEVICE'} = $qossettings{'RED_DEV'}; - for ( $c = 1000 ; $c <= 1020 ; $c++ ) - { - if ( $qossettings{'SCLASS'} ne $c ) - { print "<option value='$c'>$c</option>\n"; } - else { print "<option selected value='$c'>$c</option>\n"; } - } - } elsif ($qossettings{'CLASS'} >= 200 && $qossettings{'CLASS'} < 221) { - $qossettings{'DEVICE'} = $qossettings{'IMQ_DEV'}; - for ( $c = 2000 ; $c <= 2020 ; $c++ ) - { - if ( $qossettings{'SCLASS'} ne $c ) - { print "<option value='$c'>$c</option>\n"; } - else { print "<option selected value='$c'>$c</option>\n"; } - } - } - print <<END - </select> - <td width='33%' align='center'> - <tr><td width='33%' align='right'>$Lang::tr{'priority'}:<td width='33%' align='left'><select name='PRIO'> -END -; - for ( $c = 1 ; $c <= 7 ; $c++ ) - { - if ( $qossettings{'PRIO'} ne $c ) - { print "<option value='$c'>$c</option>\n"; } - else { print "<option selected value='$c'>$c</option>\n"; } - } - print <<END - <td width='33%' align='center'> - <tr><td width='33%' align='right'>$Lang::tr{'guaranteed bandwith'}: - <td width='33%' align='left'><input type='text' name='MINBWDTH' maxlength='8' required='1' value="$qossettings{'MINBWDTH'}" /> - <td width='33%' align='center'> - <tr><td width='33%' align='right'>$Lang::tr{'max bandwith'}: - <td width='33%' align='left'><input type='text' name='MAXBWDTH' maxlength='8' required='1' value="$qossettings{'MAXBWDTH'}" /> - <td width='33%' align='center'> - <tr><td width='33%' align='right'>Burst: - <td width='33%' align='left'><input type='text' name='BURST' maxlength='8' value="$qossettings{'BURST'}" /> - <td width='33%' align='center'> - <tr><td width='33%' align='right'>Ceilburst: - <td width='33%' align='left'><input type='text' name='CBURST' maxlength='8' value="$qossettings{'CBURST'}" /> - <td width='33%' align='center'> - <tr><td width='33%' align='right'>TOS-Bit: - <td width='33%' align='left'><select name='TOS'> - <option value='0'>$Lang::tr{'disabled'} (0)</option> - <option value='8'>$Lang::tr{'min delay'} (8)</option> - <option value='4'>$Lang::tr{'max throughput'} (4)</option> - <option value='2'>$Lang::tr{'max reliability'} (2)</option> - <option value='1'>$Lang::tr{'min costs'} (1)</option></select> - <td width='33%' align='center'><input type='hidden' name='CLASS' value="$qossettings{'CLASS'}" /> - <input type='hidden' name='DEVICE' value="$qossettings{'DEVICE'}" /> - <input type='submit' name='DOSCLASS' value='$Lang::tr{'save'}' /> <input type='reset' value='$Lang::tr{'reset'}' /> - </table></form> -END -; - &Header::closebox(); -} - sub level7rule { &Header::openbox('100%', 'center', $Lang::tr{'Level7 Rule'}); print <<END @@ -1164,9 +1016,6 @@ sub showclasses { @classes = <FILE>; close FILE; if (@classes) { - open( FILE, "< $subclassfile" ) or die "Unable to read $subclassfile"; - @subclasses = <FILE>; - close FILE; open( FILE, "< $level7file" ) or die "Unable to read $level7file"; @l7rules = <FILE>; close FILE; @@ -1203,11 +1052,6 @@ sub showclasses { <td align='center' bgcolor='$color{'color22'}'>$classline[7]</td> <td align='right' bgcolor='$color{'color22'}'> <table border='0'><tr> - <td><form method='post' action='$ENV{'SCRIPT_NAME'}'> - <input type='hidden' name='CLASS' value='$classline[1]' /> - <input type='hidden' name='ACTION' value='$Lang::tr{'qos add subclass'}' /> - <input type='image' alt='$Lang::tr{'add subclass'}' title='$Lang::tr{'add subclass'}' src='/images/addblue.gif' /> - </form> <td><form method='post' action='$ENV{'SCRIPT_NAME'}'> <input type='hidden' name='CLASS' value='$classline[1]' /> <input type='hidden' name='ACTION' value='$Lang::tr{'Add Rule'}' /> @@ -1386,41 +1230,6 @@ END } END ; - foreach $subclassentry (sort @subclasses) - { - @subclassline = split( /;/, $subclassentry ); - if ( $subclassline[1] eq $classline[1] ) { - print <<END - <tr><td align='center' bgcolor='#FAFAFA'>$Lang::tr{'Subclass'}: - <td align='center' bgcolor='#FAFAFA'>$subclassline[2] - <td align='center' bgcolor='#FAFAFA'>$subclassline[3] - <td align='center' bgcolor='#FAFAFA'>$subclassline[4] - <td align='center' bgcolor='#FAFAFA'>$subclassline[5] - <td align='center' bgcolor='#FAFAFA'>$subclassline[6] - <td align='center' bgcolor='#FAFAFA'>$subclassline[7] - <td align='center' bgcolor='#FAFAFA'>$subclassline[8] - <td align='right' bgcolor='#FAFAFA'> - <table border='0'><tr> - <td><form method='post' action='$ENV{'SCRIPT_NAME'}'> - <input type='hidden' name='CLASS' value='$subclassline[2]' /> - <input type='hidden' name='ACTION' value='$Lang::tr{'Add Rule'}' /> - <input type='image' alt='$Lang::tr{'Add Rule'}' title='$Lang::tr{'Add Rule'}' src='/images/addgreen.gif' /> - </form> - <td><form method='post' action='$ENV{'SCRIPT_NAME'}'> - <input type='hidden' name='CLASS' value='$subclassline[2]' /> - <input type='hidden' name='DOSCLASS' value='$Lang::tr{'edit'}' /> - <input type='image' alt='$Lang::tr{'edit'}' title='$Lang::tr{'edit'}' src='/images/edit.gif' /> - </form> - <td><form method='post' action='$ENV{'SCRIPT_NAME'}'> - <input type='hidden' name='CLASS' value='$subclassline[2]' /> - <input type='hidden' name='DOSCLASS' value='$Lang::tr{'delete'}' /> - <input type='image' alt='$Lang::tr{'delete'}' title='$Lang::tr{'delete'}' src='/images/delete.gif' /> - </form> - </table> -END -; - } - } print <<END </table> END @@ -1488,21 +1297,3 @@ sub validclass { } } } - -sub validsubclass { - if ( $qossettings{'VALID'} eq 'yes' ) { - open( FILE, "< $subclassfile" ) or die "Unable to read $subclassfile"; - @tmp = <FILE>; - close FILE; - foreach $subclassentry (sort @tmp) - { - @tmpline = split( /;/, $subclassentry ); - if ( $tmpline[2] eq $qossettings{'SCLASS'} ) - { - $qossettings{'VALID'} = 'no'; - $message = "$Lang::tr{'class in use'}"; - last - } - } - } -} diff --git a/lfs/bind b/lfs/bind index b90d2da4e..edc3014f6 100644 --- a/lfs/bind +++ b/lfs/bind @@ -25,7 +25,7 @@
include Config
-VER = 9.11.11 +VER = 9.11.12
THISAPP = bind-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -43,7 +43,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 5b4a301aa97387db81352f7466bac161 +$(DL_FILE)_MD5 = e6a55dcacc852bad9c5970c405383ea0
install : $(TARGET)
diff --git a/lfs/iptables b/lfs/iptables index b91e41797..e2012ecb6 100644 --- a/lfs/iptables +++ b/lfs/iptables @@ -79,9 +79,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && cp -vf $(DIR_SRC)/netfilter-layer7-v2.23/iptables-1.4.3forward-for-kernel-2.6.20forward/* \ ./extensions/
- # imq - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/iptables-1.4.12-IMQ-test4.diff - cd $(DIR_APP) && ./configure \ --prefix=/usr \ --libdir=/lib \ diff --git a/lfs/linux b/lfs/linux index 36f2d0ac2..c8bcdbb97 100644 --- a/lfs/linux +++ b/lfs/linux @@ -118,9 +118,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
ln -svf linux-$(VER) $(DIR_SRC)/linux
- # Linux Intermediate Queueing Device - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-4.14-imq.diff - # Layer7-patch cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-4.14-layer7.patch
diff --git a/make.sh b/make.sh index ea9cbc10c..170b16504 100755 --- a/make.sh +++ b/make.sh @@ -1132,9 +1132,6 @@ buildipfire() { lfsmake2 lvm2 lfsmake2 multipath-tools lfsmake2 freetype - lfsmake2 grub - lfsmake2 efivar - lfsmake2 efibootmgr lfsmake2 libmnl lfsmake2 libnfnetlink lfsmake2 libnetfilter_queue @@ -1222,6 +1219,9 @@ buildipfire() { lfsmake2 libffi lfsmake2 python lfsmake2 python3 + lfsmake2 grub + lfsmake2 efivar + lfsmake2 efibootmgr lfsmake2 ca-certificates lfsmake2 fireinfo lfsmake2 libnet diff --git a/src/patches/iptables-1.4.12-IMQ-test4.diff b/src/patches/iptables-1.4.12-IMQ-test4.diff deleted file mode 100644 index 5ce17e1b4..000000000 --- a/src/patches/iptables-1.4.12-IMQ-test4.diff +++ /dev/null @@ -1,141 +0,0 @@ -diff -Naur iptables-1.4.12.1/extensions/libxt_IMQ.c iptables-1.4.12.1-imq/extensions/libxt_IMQ.c ---- iptables-1.4.12.1/extensions/libxt_IMQ.c 1970-01-01 02:00:00.000000000 +0200 -+++ iptables-1.4.12.1-imq/extensions/libxt_IMQ.c 2011-09-30 13:53:21.000000000 +0300 -@@ -0,0 +1,105 @@ -+/* Shared library add-on to iptables to add IMQ target support. */ -+#include <stdio.h> -+#include <string.h> -+#include <stdlib.h> -+#include <getopt.h> -+ -+#include <xtables.h> -+#include <linux/netfilter/x_tables.h> -+#include <linux/netfilter/xt_IMQ.h> -+ -+/* Function which prints out usage message. */ -+static void IMQ_help(void) -+{ -+ printf( -+"IMQ target options:\n" -+" --todev <N> enqueue to imq<N>, defaults to 0\n"); -+ -+} -+ -+static struct option IMQ_opts[] = { -+ { "todev", 1, 0, '1' }, -+ { 0 } -+}; -+ -+/* Initialize the target. */ -+static void IMQ_init(struct xt_entry_target *t) -+{ -+ struct xt_imq_info *mr = (struct xt_imq_info*)t->data; -+ -+ mr->todev = 0; -+} -+ -+/* Function which parses command options; returns true if it -+ ate an option */ -+static int IMQ_parse(int c, char **argv, int invert, unsigned int *flags, -+ const void *entry, struct xt_entry_target **target) -+{ -+ struct xt_imq_info *mr = (struct xt_imq_info*)(*target)->data; -+ -+ switch(c) { -+ case '1': -+/* if (xtables_check_inverse(optarg, &invert, NULL, 0, argv)) -+ xtables_error(PARAMETER_PROBLEM, -+ "Unexpected `!' after --todev"); -+*/ -+ mr->todev=atoi(optarg); -+ break; -+ -+ default: -+ return 0; -+ } -+ return 1; -+} -+ -+/* Prints out the targinfo. */ -+static void IMQ_print(const void *ip, -+ const struct xt_entry_target *target, -+ int numeric) -+{ -+ struct xt_imq_info *mr = (struct xt_imq_info*)target->data; -+ -+ printf("IMQ: todev %u ", mr->todev); -+} -+ -+/* Saves the union ipt_targinfo in parsable form to stdout. */ -+static void IMQ_save(const void *ip, const struct xt_entry_target *target) -+{ -+ struct xt_imq_info *mr = (struct xt_imq_info*)target->data; -+ -+ printf(" --todev %u", mr->todev); -+} -+ -+static struct xtables_target imq_target = { -+ .name = "IMQ", -+ .version = XTABLES_VERSION, -+ .family = NFPROTO_IPV4, -+ .size = XT_ALIGN(sizeof(struct xt_imq_info)), -+ .userspacesize = XT_ALIGN(sizeof(struct xt_imq_info)), -+ .help = IMQ_help, -+ .init = IMQ_init, -+ .parse = IMQ_parse, -+ .print = IMQ_print, -+ .save = IMQ_save, -+ .extra_opts = IMQ_opts, -+}; -+ -+static struct xtables_target imq_target6 = { -+ .name = "IMQ", -+ .version = XTABLES_VERSION, -+ .family = NFPROTO_IPV6, -+ .size = XT_ALIGN(sizeof(struct xt_imq_info)), -+ .userspacesize = XT_ALIGN(sizeof(struct xt_imq_info)), -+ .help = IMQ_help, -+ .init = IMQ_init, -+ .parse = IMQ_parse, -+ .print = IMQ_print, -+ .save = IMQ_save, -+ .extra_opts = IMQ_opts, -+}; -+ -+// void __attribute((constructor)) nf_ext_init(void){ -+void _init(void){ -+ xtables_register_target(&imq_target); -+ xtables_register_target(&imq_target6); -+} -diff -Naur iptables-1.4.12.1/extensions/libxt_IMQ.man iptables-1.4.12.1-imq/extensions/libxt_IMQ.man ---- iptables-1.4.12.1/extensions/libxt_IMQ.man 1970-01-01 02:00:00.000000000 +0200 -+++ iptables-1.4.12.1-imq/extensions/libxt_IMQ.man 2011-09-30 13:53:21.000000000 +0300 -@@ -0,0 +1,15 @@ -+This target is used to redirect the traffic to the IMQ driver and you can apply -+QoS rules like HTB or CBQ. -+For example you can select only traffic comming from a specific interface or -+is going out on a specific interface. -+Also it permits to capture the traffic BEFORE NAT in the case of outgoing traffic -+or AFTER NAT in the case of incomming traffic. -+.TP -+\fB--to-dev\fP \fIvalue\fP -+Set the IMQ interface where to send this traffic -+.TP -+Example: -+.TP -+Redirect incomming traffic from interface eth0 to imq0 and outgoing traffic to imq1: -+iptables -t mangle -A FORWARD -i eth0 -j IMQ --to-dev 0 -+iptables -t mangle -A FORWARD -o eth0 -j IMQ --to-dev 1 -diff -Naur iptables-1.4.12.1/include/linux/netfilter/xt_IMQ.h iptables-1.4.12.1-imq/include/linux/netfilter/xt_IMQ.h ---- iptables-1.4.12.1/include/linux/netfilter/xt_IMQ.h 1970-01-01 02:00:00.000000000 +0200 -+++ iptables-1.4.12.1-imq/include/linux/netfilter/xt_IMQ.h 2011-09-30 13:53:21.000000000 +0300 -@@ -0,0 +1,9 @@ -+#ifndef _XT_IMQ_H -+#define _XT_IMQ_H -+ -+struct xt_imq_info { -+ unsigned int todev; /* target imq device */ -+}; -+ -+#endif /* _XT_IMQ_H */ -+ diff --git a/src/patches/linux/linux-4.14-imq.diff b/src/patches/linux/linux-4.14-imq.diff deleted file mode 100644 index 0281bf6e4..000000000 --- a/src/patches/linux/linux-4.14-imq.diff +++ /dev/null @@ -1,1759 +0,0 @@ -diff -Naupr linux-4.14_orig/drivers/net/imq.c linux-4.14/drivers/net/imq.c ---- linux-4.14_orig/drivers/net/imq.c 1970-01-01 07:00:00.000000000 +0700 -+++ linux-4.14/drivers/net/imq.c 2017-11-13 11:46:45.844089945 +0700 -@@ -0,0 +1,962 @@ -+/* -+ * Pseudo-driver for the intermediate queue device. -+ * -+ * This program is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU General Public License -+ * as published by the Free Software Foundation; either version -+ * 2 of the License, or (at your option) any later version. -+ * -+ * Authors: Patrick McHardy, kaber@trash.net -+ * -+ * The first version was written by Martin Devera, devik@cdi.cz -+ * -+ * See Credits.txt -+ */ -+ -+#include <linux/module.h> -+#include <linux/kernel.h> -+#include <linux/moduleparam.h> -+#include <linux/list.h> -+#include <linux/skbuff.h> -+#include <linux/netdevice.h> -+#include <linux/etherdevice.h> -+#include <linux/rtnetlink.h> -+#include <linux/if_arp.h> -+#include <linux/netfilter.h> -+#include <linux/netfilter_ipv4.h> -+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) -+#include <linux/netfilter_ipv6.h> -+#endif -+#include <linux/imq.h> -+#include <net/pkt_sched.h> -+#include <net/netfilter/nf_queue.h> -+#include <net/sock.h> -+#include <linux/ip.h> -+#include <linux/ipv6.h> -+#include <linux/if_vlan.h> -+#include <linux/if_pppox.h> -+#include <net/ip.h> -+#include <net/ipv6.h> -+ -+static int imq_nf_queue(struct nf_queue_entry *entry, unsigned queue_num); -+ -+static nf_hookfn imq_nf_hook; -+ -+static struct nf_hook_ops imq_ops[] = { -+ { -+ /* imq_ingress_ipv4 */ -+ .hook = imq_nf_hook, -+ .pf = PF_INET, -+ .hooknum = NF_INET_PRE_ROUTING, -+#if defined(CONFIG_IMQ_BEHAVIOR_BA) || defined(CONFIG_IMQ_BEHAVIOR_BB) -+ .priority = NF_IP_PRI_MANGLE + 1, -+#else -+ .priority = NF_IP_PRI_NAT_DST + 1, -+#endif -+ }, -+ { -+ /* imq_egress_ipv4 */ -+ .hook = imq_nf_hook, -+ .pf = PF_INET, -+ .hooknum = NF_INET_POST_ROUTING, -+#if defined(CONFIG_IMQ_BEHAVIOR_AA) || defined(CONFIG_IMQ_BEHAVIOR_BA) -+ .priority = NF_IP_PRI_LAST, -+#else -+ .priority = NF_IP_PRI_NAT_SRC - 1, -+#endif -+ }, -+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) -+ { -+ /* imq_ingress_ipv6 */ -+ .hook = imq_nf_hook, -+ .pf = PF_INET6, -+ .hooknum = NF_INET_PRE_ROUTING, -+#if defined(CONFIG_IMQ_BEHAVIOR_BA) || defined(CONFIG_IMQ_BEHAVIOR_BB) -+ .priority = NF_IP6_PRI_MANGLE + 1, -+#else -+ .priority = NF_IP6_PRI_NAT_DST + 1, -+#endif -+ }, -+ { -+ /* imq_egress_ipv6 */ -+ .hook = imq_nf_hook, -+ .pf = PF_INET6, -+ .hooknum = NF_INET_POST_ROUTING, -+#if defined(CONFIG_IMQ_BEHAVIOR_AA) || defined(CONFIG_IMQ_BEHAVIOR_BA) -+ .priority = NF_IP6_PRI_LAST, -+#else -+ .priority = NF_IP6_PRI_NAT_SRC - 1, -+#endif -+ }, -+#endif -+}; -+ -+#if defined(CONFIG_IMQ_NUM_DEVS) -+static int numdevs = CONFIG_IMQ_NUM_DEVS; -+#else -+static int numdevs = IMQ_MAX_DEVS; -+#endif -+ -+static struct net_device *imq_devs_cache[IMQ_MAX_DEVS]; -+ -+#define IMQ_MAX_QUEUES 32 -+static int numqueues = 1; -+static u32 imq_hashrnd; -+static int imq_dev_accurate_stats = 1; -+ -+static inline __be16 pppoe_proto(const struct sk_buff *skb) -+{ -+ return *((__be16 *)(skb_mac_header(skb) + ETH_HLEN + -+ sizeof(struct pppoe_hdr))); -+} -+ -+static u16 imq_hash(struct net_device *dev, struct sk_buff *skb) -+{ -+ unsigned int pull_len; -+ u16 protocol = skb->protocol; -+ u32 addr1, addr2; -+ u32 hash, ihl = 0; -+ union { -+ u16 in16[2]; -+ u32 in32; -+ } ports; -+ u8 ip_proto; -+ -+ pull_len = 0; -+ -+recheck: -+ switch (protocol) { -+ case htons(ETH_P_8021Q): { -+ if (unlikely(skb_pull(skb, VLAN_HLEN) == NULL)) -+ goto other; -+ -+ pull_len += VLAN_HLEN; -+ skb->network_header += VLAN_HLEN; -+ -+ protocol = vlan_eth_hdr(skb)->h_vlan_encapsulated_proto; -+ goto recheck; -+ } -+ -+ case htons(ETH_P_PPP_SES): { -+ if (unlikely(skb_pull(skb, PPPOE_SES_HLEN) == NULL)) -+ goto other; -+ -+ pull_len += PPPOE_SES_HLEN; -+ skb->network_header += PPPOE_SES_HLEN; -+ -+ protocol = pppoe_proto(skb); -+ goto recheck; -+ } -+ -+ case htons(ETH_P_IP): { -+ const struct iphdr *iph = ip_hdr(skb); -+ -+ if (unlikely(!pskb_may_pull(skb, sizeof(struct iphdr)))) -+ goto other; -+ -+ addr1 = iph->daddr; -+ addr2 = iph->saddr; -+ -+ ip_proto = !(ip_hdr(skb)->frag_off & htons(IP_MF | IP_OFFSET)) ? -+ iph->protocol : 0; -+ ihl = ip_hdrlen(skb); -+ -+ break; -+ } -+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) -+ case htons(ETH_P_IPV6): { -+ const struct ipv6hdr *iph = ipv6_hdr(skb); -+ __be16 fo = 0; -+ -+ if (unlikely(!pskb_may_pull(skb, sizeof(struct ipv6hdr)))) -+ goto other; -+ -+ addr1 = iph->daddr.s6_addr32[3]; -+ addr2 = iph->saddr.s6_addr32[3]; -+ ihl = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr), &ip_proto, -+ &fo); -+ if (unlikely(ihl < 0)) -+ goto other; -+ -+ break; -+ } -+#endif -+ default: -+other: -+ if (pull_len != 0) { -+ skb_push(skb, pull_len); -+ skb->network_header -= pull_len; -+ } -+ -+ return (u16)(ntohs(protocol) % dev->real_num_tx_queues); -+ } -+ -+ if (addr1 > addr2) -+ swap(addr1, addr2); -+ -+ switch (ip_proto) { -+ case IPPROTO_TCP: -+ case IPPROTO_UDP: -+ case IPPROTO_DCCP: -+ case IPPROTO_ESP: -+ case IPPROTO_AH: -+ case IPPROTO_SCTP: -+ case IPPROTO_UDPLITE: { -+ if (likely(skb_copy_bits(skb, ihl, &ports.in32, 4) >= 0)) { -+ if (ports.in16[0] > ports.in16[1]) -+ swap(ports.in16[0], ports.in16[1]); -+ break; -+ } -+ /* fall-through */ -+ } -+ default: -+ ports.in32 = 0; -+ break; -+ } -+ -+ if (pull_len != 0) { -+ skb_push(skb, pull_len); -+ skb->network_header -= pull_len; -+ } -+ -+ hash = jhash_3words(addr1, addr2, ports.in32, imq_hashrnd ^ ip_proto); -+ -+ return (u16)(((u64)hash * dev->real_num_tx_queues) >> 32); -+} -+ -+static inline bool sk_tx_queue_recorded(struct sock *sk) -+{ -+ return (sk_tx_queue_get(sk) >= 0); -+} -+ -+static struct netdev_queue *imq_select_queue(struct net_device *dev, -+ struct sk_buff *skb) -+{ -+ u16 queue_index = 0; -+ u32 hash; -+ -+ if (likely(dev->real_num_tx_queues == 1)) -+ goto out; -+ -+ /* IMQ can be receiving ingress or engress packets. */ -+ -+ /* Check first for if rx_queue is set */ -+ if (skb_rx_queue_recorded(skb)) { -+ queue_index = skb_get_rx_queue(skb); -+ goto out; -+ } -+ -+ /* Check if socket has tx_queue set */ -+ if (sk_tx_queue_recorded(skb->sk)) { -+ queue_index = sk_tx_queue_get(skb->sk); -+ goto out; -+ } -+ -+ /* Try use socket hash */ -+ if (skb->sk && skb->sk->sk_hash) { -+ hash = skb->sk->sk_hash; -+ queue_index = -+ (u16)(((u64)hash * dev->real_num_tx_queues) >> 32); -+ goto out; -+ } -+ -+ /* Generate hash from packet data */ -+ queue_index = imq_hash(dev, skb); -+ -+out: -+ if (unlikely(queue_index >= dev->real_num_tx_queues)) -+ queue_index = (u16)((u32)queue_index % dev->real_num_tx_queues); -+ -+ skb_set_queue_mapping(skb, queue_index); -+ return netdev_get_tx_queue(dev, queue_index); -+} -+ -+static struct net_device_stats *imq_get_stats(struct net_device *dev) -+{ -+ return &dev->stats; -+} -+ -+/* called for packets kfree'd in qdiscs at places other than enqueue */ -+static void imq_skb_destructor(struct sk_buff *skb) -+{ -+ struct nf_queue_entry *entry = skb->nf_queue_entry; -+ -+ skb->nf_queue_entry = NULL; -+ -+ if (entry) { -+ nf_queue_entry_release_refs(entry); -+ kfree(entry); -+ } -+ -+ skb_restore_cb(skb); /* kfree backup */ -+} -+ -+static void imq_done_check_queue_mapping(struct sk_buff *skb, -+ struct net_device *dev) -+{ -+ unsigned int queue_index; -+ -+ /* Don't let queue_mapping be left too large after exiting IMQ */ -+ if (likely(skb->dev != dev && skb->dev != NULL)) { -+ queue_index = skb_get_queue_mapping(skb); -+ if (unlikely(queue_index >= skb->dev->real_num_tx_queues)) { -+ queue_index = (u16)((u32)queue_index % -+ skb->dev->real_num_tx_queues); -+ skb_set_queue_mapping(skb, queue_index); -+ } -+ } else { -+ /* skb->dev was IMQ device itself or NULL, be on safe side and -+ * just clear queue mapping. -+ */ -+ skb_set_queue_mapping(skb, 0); -+ } -+} -+ -+static netdev_tx_t imq_dev_xmit(struct sk_buff *skb, struct net_device *dev) -+{ -+ struct nf_queue_entry *entry = skb->nf_queue_entry; -+ -+ rcu_read_lock(); -+ -+ skb->nf_queue_entry = NULL; -+ netif_trans_update(dev); -+ -+ dev->stats.tx_bytes += skb->len; -+ dev->stats.tx_packets++; -+ -+ if (unlikely(entry == NULL)) { -+ /* We don't know what is going on here.. packet is queued for -+ * imq device, but (probably) not by us. -+ * -+ * If this packet was not send here by imq_nf_queue(), then -+ * skb_save_cb() was not used and skb_free() should not show: -+ * WARNING: IMQ: kfree_skb: skb->cb_next:.. -+ * and/or -+ * WARNING: IMQ: kfree_skb: skb->nf_queue_entry... -+ * -+ * However if this message is shown, then IMQ is somehow broken -+ * and you should report this to linuximq.net. -+ */ -+ -+ /* imq_dev_xmit is black hole that eats all packets, report that -+ * we eat this packet happily and increase dropped counters. -+ */ -+ -+ dev->stats.tx_dropped++; -+ dev_kfree_skb(skb); -+ -+ rcu_read_unlock(); -+ return NETDEV_TX_OK; -+ } -+ -+ skb_restore_cb(skb); /* restore skb->cb */ -+ -+ skb->imq_flags = 0; -+ skb->destructor = NULL; -+ -+ imq_done_check_queue_mapping(skb, dev); -+ -+ nf_reinject(entry, NF_ACCEPT); -+ -+ rcu_read_unlock(); -+ return NETDEV_TX_OK; -+} -+ -+static struct net_device *get_imq_device_by_index(int index) -+{ -+ struct net_device *dev = NULL; -+ struct net *net; -+ char buf[8]; -+ -+ /* get device by name and cache result */ -+ snprintf(buf, sizeof(buf), "imq%d", index); -+ -+ /* Search device from all namespaces. */ -+ for_each_net(net) { -+ dev = dev_get_by_name(net, buf); -+ if (dev) -+ break; -+ } -+ -+ if (WARN_ON_ONCE(dev == NULL)) { -+ /* IMQ device not found. Exotic config? */ -+ return ERR_PTR(-ENODEV); -+ } -+ -+ imq_devs_cache[index] = dev; -+ dev_put(dev); -+ -+ return dev; -+} -+ -+static struct nf_queue_entry *nf_queue_entry_dup(struct nf_queue_entry *e) -+{ -+ struct nf_queue_entry *entry = kmemdup(e, e->size, GFP_ATOMIC); -+ if (entry) { -+ nf_queue_entry_get_refs(entry); -+ return entry; -+ } -+ return NULL; -+} -+ -+#ifdef CONFIG_BRIDGE_NETFILTER -+/* When called from bridge netfilter, skb->data must point to MAC header -+ * before calling skb_gso_segment(). Else, original MAC header is lost -+ * and segmented skbs will be sent to wrong destination. -+ */ -+static void nf_bridge_adjust_skb_data(struct sk_buff *skb) -+{ -+ if (skb->nf_bridge) -+ __skb_push(skb, skb->network_header - skb->mac_header); -+} -+ -+static void nf_bridge_adjust_segmented_data(struct sk_buff *skb) -+{ -+ if (skb->nf_bridge) -+ __skb_pull(skb, skb->network_header - skb->mac_header); -+} -+#else -+#define nf_bridge_adjust_skb_data(s) do {} while (0) -+#define nf_bridge_adjust_segmented_data(s) do {} while (0) -+#endif -+ -+static void free_entry(struct nf_queue_entry *entry) -+{ -+ nf_queue_entry_release_refs(entry); -+ kfree(entry); -+} -+ -+static int __imq_nf_queue(struct nf_queue_entry *entry, struct net_device *dev); -+ -+static int __imq_nf_queue_gso(struct nf_queue_entry *entry, -+ struct net_device *dev, struct sk_buff *skb) -+{ -+ int ret = -ENOMEM; -+ struct nf_queue_entry *entry_seg; -+ -+ nf_bridge_adjust_segmented_data(skb); -+ -+ if (skb->next == NULL) { /* last packet, no need to copy entry */ -+ struct sk_buff *gso_skb = entry->skb; -+ entry->skb = skb; -+ ret = __imq_nf_queue(entry, dev); -+ if (ret) -+ entry->skb = gso_skb; -+ return ret; -+ } -+ -+ skb->next = NULL; -+ -+ entry_seg = nf_queue_entry_dup(entry); -+ if (entry_seg) { -+ entry_seg->skb = skb; -+ ret = __imq_nf_queue(entry_seg, dev); -+ if (ret) -+ free_entry(entry_seg); -+ } -+ return ret; -+} -+ -+static int imq_nf_queue(struct nf_queue_entry *entry, unsigned queue_num) -+{ -+ struct sk_buff *skb, *segs; -+ struct net_device *dev; -+ unsigned int queued; -+ int index, retval, err; -+ -+ index = entry->skb->imq_flags & IMQ_F_IFMASK; -+ if (unlikely(index > numdevs - 1)) { -+ if (net_ratelimit()) -+ pr_warn("IMQ: invalid device specified, highest is %u\n", -+ numdevs - 1); -+ retval = -EINVAL; -+ goto out_no_dev; -+ } -+ -+ /* check for imq device by index from cache */ -+ dev = imq_devs_cache[index]; -+ if (unlikely(!dev)) { -+ dev = get_imq_device_by_index(index); -+ if (IS_ERR(dev)) { -+ retval = PTR_ERR(dev); -+ goto out_no_dev; -+ } -+ } -+ -+ if (unlikely(!(dev->flags & IFF_UP))) { -+ entry->skb->imq_flags = 0; -+ retval = -ECANCELED; -+ goto out_no_dev; -+ } -+ -+ /* Since 3.10.x, GSO handling moved here as result of upstream commit -+ * a5fedd43d5f6c94c71053a66e4c3d2e35f1731a2 (netfilter: move -+ * skb_gso_segment into nfnetlink_queue module). -+ * -+ * Following code replicates the gso handling from -+ * 'net/netfilter/nfnetlink_queue_core.c':nfqnl_enqueue_packet(). -+ */ -+ -+ skb = entry->skb; -+ -+ switch (entry->state.pf) { -+ case NFPROTO_IPV4: -+ skb->protocol = htons(ETH_P_IP); -+ break; -+ case NFPROTO_IPV6: -+ skb->protocol = htons(ETH_P_IPV6); -+ break; -+ } -+ -+ if (!skb_is_gso(entry->skb)) -+ return __imq_nf_queue(entry, dev); -+ -+ nf_bridge_adjust_skb_data(skb); -+ segs = skb_gso_segment(skb, 0); -+ /* Does not use PTR_ERR to limit the number of error codes that can be -+ * returned by nf_queue. For instance, callers rely on -ECANCELED to -+ * mean 'ignore this hook'. -+ */ -+ err = -ENOBUFS; -+ if (IS_ERR(segs)) -+ goto out_err; -+ queued = 0; -+ err = 0; -+ do { -+ struct sk_buff *nskb = segs->next; -+ if (nskb && nskb->next) -+ nskb->cb_next = NULL; -+ if (err == 0) -+ err = __imq_nf_queue_gso(entry, dev, segs); -+ if (err == 0) -+ queued++; -+ else -+ kfree_skb(segs); -+ segs = nskb; -+ } while (segs); -+ -+ if (queued) { -+ if (err) /* some segments are already queued */ -+ free_entry(entry); -+ kfree_skb(skb); -+ return 0; -+ } -+ -+out_err: -+ nf_bridge_adjust_segmented_data(skb); -+ retval = err; -+out_no_dev: -+ return retval; -+} -+ -+static int __imq_nf_queue(struct nf_queue_entry *entry, struct net_device *dev) -+{ -+ struct sk_buff *skb_orig, *skb, *skb_shared, *skb_popd; -+ struct Qdisc *q; -+ struct sk_buff *to_free = NULL; -+ struct netdev_queue *txq; -+ spinlock_t *root_lock; -+ int users; -+ int retval = -EINVAL; -+ unsigned int orig_queue_index; -+ -+ dev->last_rx = jiffies; -+ -+ skb = entry->skb; -+ skb_orig = NULL; -+ -+ /* skb has owner? => make clone */ -+ if (unlikely(skb->destructor)) { -+ skb_orig = skb; -+ skb = skb_clone(skb, GFP_ATOMIC); -+ if (unlikely(!skb)) { -+ retval = -ENOMEM; -+ goto out; -+ } -+ skb->cb_next = NULL; -+ entry->skb = skb; -+ } -+ -+ dev->stats.rx_bytes += skb->len; -+ dev->stats.rx_packets++; -+ -+ if (!skb->dev) { -+ /* skb->dev == NULL causes problems, try the find cause. */ -+ if (net_ratelimit()) { -+ dev_warn(&dev->dev, -+ "received packet with skb->dev == NULL\n"); -+ dump_stack(); -+ } -+ -+ skb->dev = dev; -+ } -+ -+ /* Disables softirqs for lock below */ -+ rcu_read_lock_bh(); -+ -+ /* Multi-queue selection */ -+ orig_queue_index = skb_get_queue_mapping(skb); -+ txq = imq_select_queue(dev, skb); -+ -+ q = rcu_dereference(txq->qdisc); -+ if (unlikely(!q->enqueue)) -+ goto packet_not_eaten_by_imq_dev; -+ -+ skb->nf_queue_entry = entry; -+ root_lock = qdisc_lock(q); -+ spin_lock(root_lock); -+ -+ users = refcount_read(&skb->users); -+ -+ skb_shared = skb_get(skb); /* increase reference count by one */ -+ -+ /* backup skb->cb, as qdisc layer will overwrite it */ -+ skb_save_cb(skb_shared); -+ qdisc_enqueue_root(skb_shared, q, &to_free); /* might kfree_skb */ -+ if (likely(refcount_read(&skb_shared->users) == users + 1)) { -+ bool validate; -+ -+ kfree_skb(skb_shared); /* decrease reference count by one */ -+ -+ skb->destructor = &imq_skb_destructor; -+ -+ skb_popd = qdisc_dequeue_skb(q, &validate); -+ -+ /* cloned? */ -+ if (unlikely(skb_orig)) -+ kfree_skb(skb_orig); /* free original */ -+ -+ spin_unlock(root_lock); -+ -+#if 0 -+ /* schedule qdisc dequeue */ -+ __netif_schedule(q); -+#else -+ if (likely(skb_popd)) { -+ /* Note that we validate skb (GSO, checksum, ...) outside of locks */ -+ if (validate) -+ skb_popd = validate_xmit_skb_list(skb_popd, dev); -+ -+ if (skb_popd) { -+ int dummy_ret; -+ int cpu = smp_processor_id(); /* ok because BHs are off */ -+ -+ txq = skb_get_tx_queue(dev, skb_popd); -+ /* -+ IMQ device will not be frozen or stoped, and it always be successful. -+ So we need not check its status and return value to accelerate. -+ */ -+ if (imq_dev_accurate_stats && txq->xmit_lock_owner != cpu) { -+ HARD_TX_LOCK(dev, txq, cpu); -+ if (!netif_xmit_frozen_or_stopped(txq)) { -+ dev_hard_start_xmit(skb_popd, dev, txq, &dummy_ret); -+ } -+ HARD_TX_UNLOCK(dev, txq); -+ } else { -+ if (!netif_xmit_frozen_or_stopped(txq)) { -+ dev_hard_start_xmit(skb_popd, dev, txq, &dummy_ret); -+ } -+ } -+ } -+ } else { -+ /* No ready skb, then schedule it */ -+ __netif_schedule(q); -+ } -+#endif -+ rcu_read_unlock_bh(); -+ retval = 0; -+ goto out; -+ } else { -+ skb_restore_cb(skb_shared); /* restore skb->cb */ -+ skb->nf_queue_entry = NULL; -+ /* -+ * qdisc dropped packet and decreased skb reference count of -+ * skb, so we don't really want to and try refree as that would -+ * actually destroy the skb. -+ */ -+ spin_unlock(root_lock); -+ goto packet_not_eaten_by_imq_dev; -+ } -+ -+packet_not_eaten_by_imq_dev: -+ skb_set_queue_mapping(skb, orig_queue_index); -+ rcu_read_unlock_bh(); -+ -+ /* cloned? restore original */ -+ if (unlikely(skb_orig)) { -+ kfree_skb(skb); -+ entry->skb = skb_orig; -+ } -+ retval = -1; -+out: -+ if (unlikely(to_free)) { -+ kfree_skb_list(to_free); -+ } -+ return retval; -+} -+static unsigned int imq_nf_hook(void *priv, -+ struct sk_buff *skb, -+ const struct nf_hook_state *state) -+{ -+ return (skb->imq_flags & IMQ_F_ENQUEUE) ? NF_IMQ_QUEUE : NF_ACCEPT; -+} -+ -+static int imq_close(struct net_device *dev) -+{ -+ netif_stop_queue(dev); -+ return 0; -+} -+ -+static int imq_open(struct net_device *dev) -+{ -+ netif_start_queue(dev); -+ return 0; -+} -+ -+static struct device_type imq_device_type = { -+ .name = "imq", -+}; -+ -+static const struct net_device_ops imq_netdev_ops = { -+ .ndo_open = imq_open, -+ .ndo_stop = imq_close, -+ .ndo_start_xmit = imq_dev_xmit, -+ .ndo_get_stats = imq_get_stats, -+}; -+ -+static void imq_setup(struct net_device *dev) -+{ -+ dev->netdev_ops = &imq_netdev_ops; -+ dev->type = ARPHRD_VOID; -+ dev->mtu = 16000; /* too small? */ -+ dev->tx_queue_len = 11000; /* too big? */ -+ dev->flags = IFF_NOARP; -+ dev->features = NETIF_F_SG | NETIF_F_FRAGLIST | -+ NETIF_F_GSO | NETIF_F_HW_CSUM | -+ NETIF_F_HIGHDMA; -+ dev->priv_flags &= ~(IFF_XMIT_DST_RELEASE | -+ IFF_TX_SKB_SHARING); -+} -+ -+static int imq_validate(struct nlattr *tb[], struct nlattr *data[], -+ struct netlink_ext_ack *extack) -+{ -+ int ret = 0; -+ -+ if (tb[IFLA_ADDRESS]) { -+ if (nla_len(tb[IFLA_ADDRESS]) != ETH_ALEN) { -+ ret = -EINVAL; -+ goto end; -+ } -+ if (!is_valid_ether_addr(nla_data(tb[IFLA_ADDRESS]))) { -+ ret = -EADDRNOTAVAIL; -+ goto end; -+ } -+ } -+ return 0; -+end: -+ pr_warn("IMQ: imq_validate failed (%d)\n", ret); -+ return ret; -+} -+ -+static struct rtnl_link_ops imq_link_ops __read_mostly = { -+ .kind = "imq", -+ .priv_size = 0, -+ .setup = imq_setup, -+ .validate = imq_validate, -+}; -+ -+static const struct nf_queue_handler imq_nfqh = { -+ .outfn = imq_nf_queue, -+}; -+ -+static int __net_init imq_nf_register(struct net *net) -+{ -+ return nf_register_net_hooks(net, imq_ops, -+ ARRAY_SIZE(imq_ops)); -+}; -+ -+static void __net_exit imq_nf_unregister(struct net *net) -+{ -+ nf_unregister_net_hooks(net, imq_ops, -+ ARRAY_SIZE(imq_ops)); -+}; -+ -+static struct pernet_operations imq_net_ops = { -+ .init = imq_nf_register, -+ .exit = imq_nf_unregister, -+}; -+ -+static int __net_init imq_init_hooks(void) -+{ -+ int ret; -+ nf_register_queue_imq_handler(&imq_nfqh); -+ -+ ret = register_pernet_subsys(&imq_net_ops); -+ if (ret < 0) -+ nf_unregister_queue_imq_handler(); -+ -+ return ret; -+} -+ -+#ifdef CONFIG_LOCKDEP -+ static struct lock_class_key imq_netdev_addr_lock_key; -+ -+ static void __init imq_dev_set_lockdep_one(struct net_device *dev, -+ struct netdev_queue *txq, void *arg) -+ { -+ /* -+ * the IMQ transmit locks can be taken recursively, -+ * for example with one IMQ rule for input- and one for -+ * output network devices in iptables! -+ * until we find a better solution ignore them. -+ */ -+ lockdep_set_novalidate_class(&txq->_xmit_lock); -+ } -+ -+ static void imq_dev_set_lockdep_class(struct net_device *dev) -+ { -+ lockdep_set_class_and_name(&dev->addr_list_lock, -+ &imq_netdev_addr_lock_key, "_xmit_addr_IMQ"); -+ netdev_for_each_tx_queue(dev, imq_dev_set_lockdep_one, NULL); -+} -+#else -+ static inline void imq_dev_set_lockdep_class(struct net_device *dev) -+ { -+ } -+#endif -+ -+static int __init imq_init_one(int index) -+{ -+ struct net_device *dev; -+ int ret; -+ -+ dev = alloc_netdev_mq(0, "imq%d", NET_NAME_UNKNOWN, imq_setup, numqueues); -+ if (!dev) -+ return -ENOMEM; -+ -+ ret = dev_alloc_name(dev, dev->name); -+ if (ret < 0) -+ goto fail; -+ -+ dev->rtnl_link_ops = &imq_link_ops; -+ SET_NETDEV_DEVTYPE(dev, &imq_device_type); -+ ret = register_netdevice(dev); -+ if (ret < 0) -+ goto fail; -+ -+ imq_dev_set_lockdep_class(dev); -+ -+ return 0; -+fail: -+ free_netdev(dev); -+ return ret; -+} -+ -+static int __init imq_init_devs(void) -+{ -+ int err, i; -+ -+ if (numdevs < 1 || numdevs > IMQ_MAX_DEVS) { -+ pr_err("IMQ: numdevs has to be betweed 1 and %u\n", -+ IMQ_MAX_DEVS); -+ return -EINVAL; -+ } -+ -+ if (numqueues < 1 || numqueues > IMQ_MAX_QUEUES) { -+ pr_err("IMQ: numqueues has to be betweed 1 and %u\n", -+ IMQ_MAX_QUEUES); -+ return -EINVAL; -+ } -+ -+ get_random_bytes(&imq_hashrnd, sizeof(imq_hashrnd)); -+ -+ rtnl_lock(); -+ err = __rtnl_link_register(&imq_link_ops); -+ -+ for (i = 0; i < numdevs && !err; i++) -+ err = imq_init_one(i); -+ -+ if (err) { -+ __rtnl_link_unregister(&imq_link_ops); -+ memset(imq_devs_cache, 0, sizeof(imq_devs_cache)); -+ } -+ rtnl_unlock(); -+ -+ return err; -+} -+ -+static int __init imq_init_module(void) -+{ -+ int err; -+ -+#if defined(CONFIG_IMQ_NUM_DEVS) -+ BUILD_BUG_ON(CONFIG_IMQ_NUM_DEVS > 16); -+ BUILD_BUG_ON(CONFIG_IMQ_NUM_DEVS < 2); -+ BUILD_BUG_ON(CONFIG_IMQ_NUM_DEVS - 1 > IMQ_F_IFMASK); -+#endif -+ -+ err = imq_init_devs(); -+ if (err) { -+ pr_err("IMQ: Error trying imq_init_devs(net)\n"); -+ return err; -+ } -+ -+ err = imq_init_hooks(); -+ if (err) { -+ pr_err(KERN_ERR "IMQ: Error trying imq_init_hooks()\n"); -+ rtnl_link_unregister(&imq_link_ops); -+ memset(imq_devs_cache, 0, sizeof(imq_devs_cache)); -+ return err; -+ } -+ -+ pr_info("IMQ driver loaded successfully. (numdevs = %d, numqueues = %d, imq_dev_accurate_stats = %d)\n", -+ numdevs, numqueues, imq_dev_accurate_stats); -+ -+#if defined(CONFIG_IMQ_BEHAVIOR_BA) || defined(CONFIG_IMQ_BEHAVIOR_BB) -+ pr_info("\tHooking IMQ before NAT on PREROUTING.\n"); -+#else -+ pr_info("\tHooking IMQ after NAT on PREROUTING.\n"); -+#endif -+#if defined(CONFIG_IMQ_BEHAVIOR_AB) || defined(CONFIG_IMQ_BEHAVIOR_BB) -+ pr_info("\tHooking IMQ before NAT on POSTROUTING.\n"); -+#else -+ pr_info("\tHooking IMQ after NAT on POSTROUTING.\n"); -+#endif -+ -+ return 0; -+} -+ -+static void __exit imq_unhook(void) -+{ -+ unregister_pernet_subsys(&imq_net_ops); -+ nf_unregister_queue_imq_handler(); -+} -+ -+static void __exit imq_cleanup_devs(void) -+{ -+ rtnl_link_unregister(&imq_link_ops); -+ memset(imq_devs_cache, 0, sizeof(imq_devs_cache)); -+} -+ -+static void __exit imq_exit_module(void) -+{ -+ imq_unhook(); -+ imq_cleanup_devs(); -+ pr_info("IMQ driver unloaded successfully.\n"); -+} -+ -+module_init(imq_init_module); -+module_exit(imq_exit_module); -+ -+module_param(numdevs, int, 0); -+module_param(numqueues, int, 0); -+module_param(imq_dev_accurate_stats, int, 0); -+MODULE_PARM_DESC(numdevs, "number of IMQ devices (how many imq* devices will be created)"); -+MODULE_PARM_DESC(numqueues, "number of queues per IMQ device"); -+MODULE_PARM_DESC(imq_dev_accurate_stats, "Notify if need the accurate imq device stats"); -+ -+MODULE_AUTHOR("https://github.com/imq/linuximq"); -+MODULE_DESCRIPTION("Pseudo-driver for the intermediate queue device. See https://github.com/imq/linuximq/wiki for more information."); -+MODULE_LICENSE("GPL"); -+MODULE_ALIAS_RTNL_LINK("imq"); -diff -Naupr linux-4.14_orig/drivers/net/Kconfig linux-4.14/drivers/net/Kconfig ---- linux-4.14_orig/drivers/net/Kconfig 2017-11-13 01:46:13.000000000 +0700 -+++ linux-4.14/drivers/net/Kconfig 2017-11-13 11:46:45.844089945 +0700 -@@ -277,6 +277,125 @@ config RIONET_RX_SIZE - depends on RIONET - default "128" - -+config IMQ -+ tristate "IMQ (intermediate queueing device) support" -+ depends on NETDEVICES && NETFILTER -+ ---help--- -+ The IMQ device(s) is used as placeholder for QoS queueing -+ disciplines. Every packet entering/leaving the IP stack can be -+ directed through the IMQ device where it's enqueued/dequeued to the -+ attached qdisc. This allows you to treat network devices as classes -+ and distribute bandwidth among them. Iptables is used to specify -+ through which IMQ device, if any, packets travel. -+ -+ More information at: https://github.com/imq/linuximq -+ -+ To compile this driver as a module, choose M here: the module -+ will be called imq. If unsure, say N. -+ -+choice -+ prompt "IMQ behavior (PRE/POSTROUTING)" -+ depends on IMQ -+ default IMQ_BEHAVIOR_AB -+ help -+ This setting defines how IMQ behaves in respect to its -+ hooking in PREROUTING and POSTROUTING. -+ -+ IMQ can work in any of the following ways: -+ -+ PREROUTING | POSTROUTING -+ -----------------|------------------- -+ #1 After NAT | After NAT -+ #2 After NAT | Before NAT -+ #3 Before NAT | After NAT -+ #4 Before NAT | Before NAT -+ -+ The default behavior is to hook before NAT on PREROUTING -+ and after NAT on POSTROUTING (#3). -+ -+ This settings are specially usefull when trying to use IMQ -+ to shape NATed clients. -+ -+ More information can be found at: https://github.com/imq/linuximq -+ -+ If not sure leave the default settings alone. -+ -+config IMQ_BEHAVIOR_AA -+ bool "IMQ AA" -+ help -+ This setting defines how IMQ behaves in respect to its -+ hooking in PREROUTING and POSTROUTING. -+ -+ Choosing this option will make IMQ hook like this: -+ -+ PREROUTING: After NAT -+ POSTROUTING: After NAT -+ -+ More information can be found at: https://github.com/imq/linuximq -+ -+ If not sure leave the default settings alone. -+ -+config IMQ_BEHAVIOR_AB -+ bool "IMQ AB" -+ help -+ This setting defines how IMQ behaves in respect to its -+ hooking in PREROUTING and POSTROUTING. -+ -+ Choosing this option will make IMQ hook like this: -+ -+ PREROUTING: After NAT -+ POSTROUTING: Before NAT -+ -+ More information can be found at: https://github.com/imq/linuximq -+ -+ If not sure leave the default settings alone. -+ -+config IMQ_BEHAVIOR_BA -+ bool "IMQ BA" -+ help -+ This setting defines how IMQ behaves in respect to its -+ hooking in PREROUTING and POSTROUTING. -+ -+ Choosing this option will make IMQ hook like this: -+ -+ PREROUTING: Before NAT -+ POSTROUTING: After NAT -+ -+ More information can be found at: https://github.com/imq/linuximq -+ -+ If not sure leave the default settings alone. -+ -+config IMQ_BEHAVIOR_BB -+ bool "IMQ BB" -+ help -+ This setting defines how IMQ behaves in respect to its -+ hooking in PREROUTING and POSTROUTING. -+ -+ Choosing this option will make IMQ hook like this: -+ -+ PREROUTING: Before NAT -+ POSTROUTING: Before NAT -+ -+ More information can be found at: https://github.com/imq/linuximq -+ -+ If not sure leave the default settings alone. -+ -+endchoice -+ -+config IMQ_NUM_DEVS -+ int "Number of IMQ devices" -+ range 2 16 -+ depends on IMQ -+ default "16" -+ help -+ This setting defines how many IMQ devices will be created. -+ -+ The default value is 16. -+ -+ More information can be found at: https://github.com/imq/linuximq -+ -+ If not sure leave the default settings alone. -+ - config TUN - tristate "Universal TUN/TAP device driver support" - depends on INET -diff -Naupr linux-4.14_orig/drivers/net/Makefile linux-4.14/drivers/net/Makefile ---- linux-4.14_orig/drivers/net/Makefile 2017-11-13 01:46:13.000000000 +0700 -+++ linux-4.14/drivers/net/Makefile 2017-11-13 11:46:45.844089945 +0700 -@@ -13,6 +13,7 @@ obj-$(CONFIG_DUMMY) += dummy.o - obj-$(CONFIG_EQUALIZER) += eql.o - obj-$(CONFIG_IFB) += ifb.o - obj-$(CONFIG_MACSEC) += macsec.o -+obj-$(CONFIG_IMQ) += imq.o - obj-$(CONFIG_MACVLAN) += macvlan.o - obj-$(CONFIG_MACVTAP) += macvtap.o - obj-$(CONFIG_MII) += mii.o -diff -Naupr linux-4.14_orig/include/linux/imq.h linux-4.14/include/linux/imq.h ---- linux-4.14_orig/include/linux/imq.h 1970-01-01 07:00:00.000000000 +0700 -+++ linux-4.14/include/linux/imq.h 2017-11-13 11:46:45.844089945 +0700 -@@ -0,0 +1,13 @@ -+#ifndef _IMQ_H -+#define _IMQ_H -+ -+/* IFMASK (16 device indexes, 0 to 15) and flag(s) fit in 5 bits */ -+#define IMQ_F_BITS 5 -+ -+#define IMQ_F_IFMASK 0x0f -+#define IMQ_F_ENQUEUE 0x10 -+ -+#define IMQ_MAX_DEVS (IMQ_F_IFMASK + 1) -+ -+#endif /* _IMQ_H */ -+ -diff -Naupr linux-4.14_orig/include/linux/netdevice.h linux-4.14/include/linux/netdevice.h ---- linux-4.14_orig/include/linux/netdevice.h 2017-11-13 01:46:13.000000000 +0700 -+++ linux-4.14/include/linux/netdevice.h 2017-11-13 11:46:45.844089945 +0700 -@@ -1771,6 +1771,11 @@ struct net_device { - /* - * Cache lines mostly used on receive path (including eth_type_trans()) - */ -+ -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ unsigned long last_rx; -+#endif -+ - /* Interface address info used in eth_type_trans() */ - unsigned char *dev_addr; - -@@ -3631,6 +3636,19 @@ static inline void netif_tx_unlock_bh(st - } \ - } - -+#define HARD_TX_LOCK_BH(dev, txq) { \ -+ if ((dev->features & NETIF_F_LLTX) == 0) { \ -+ __netif_tx_lock_bh(txq); \ -+ } \ -+} -+ -+#define HARD_TX_UNLOCK_BH(dev, txq) { \ -+ if ((dev->features & NETIF_F_LLTX) == 0) { \ -+ __netif_tx_unlock_bh(txq); \ -+ } \ -+} -+ -+ - static inline void netif_tx_disable(struct net_device *dev) - { - unsigned int i; -diff -Naupr linux-4.14_orig/include/linux/netfilter/xt_IMQ.h linux-4.14/include/linux/netfilter/xt_IMQ.h ---- linux-4.14_orig/include/linux/netfilter/xt_IMQ.h 1970-01-01 07:00:00.000000000 +0700 -+++ linux-4.14/include/linux/netfilter/xt_IMQ.h 2017-11-13 11:46:45.847423298 +0700 -@@ -0,0 +1,9 @@ -+#ifndef _XT_IMQ_H -+#define _XT_IMQ_H -+ -+struct xt_imq_info { -+ unsigned int todev; /* target imq device */ -+}; -+ -+#endif /* _XT_IMQ_H */ -+ -diff -Naupr linux-4.14_orig/include/linux/netfilter_ipv4/ipt_IMQ.h linux-4.14/include/linux/netfilter_ipv4/ipt_IMQ.h ---- linux-4.14_orig/include/linux/netfilter_ipv4/ipt_IMQ.h 1970-01-01 07:00:00.000000000 +0700 -+++ linux-4.14/include/linux/netfilter_ipv4/ipt_IMQ.h 2017-11-13 11:46:45.847423298 +0700 -@@ -0,0 +1,10 @@ -+#ifndef _IPT_IMQ_H -+#define _IPT_IMQ_H -+ -+/* Backwards compatibility for old userspace */ -+#include <linux/netfilter/xt_IMQ.h> -+ -+#define ipt_imq_info xt_imq_info -+ -+#endif /* _IPT_IMQ_H */ -+ -diff -Naupr linux-4.14_orig/include/linux/netfilter_ipv6/ip6t_IMQ.h linux-4.14/include/linux/netfilter_ipv6/ip6t_IMQ.h ---- linux-4.14_orig/include/linux/netfilter_ipv6/ip6t_IMQ.h 1970-01-01 07:00:00.000000000 +0700 -+++ linux-4.14/include/linux/netfilter_ipv6/ip6t_IMQ.h 2017-11-13 11:46:45.847423298 +0700 -@@ -0,0 +1,10 @@ -+#ifndef _IP6T_IMQ_H -+#define _IP6T_IMQ_H -+ -+/* Backwards compatibility for old userspace */ -+#include <linux/netfilter/xt_IMQ.h> -+ -+#define ip6t_imq_info xt_imq_info -+ -+#endif /* _IP6T_IMQ_H */ -+ -diff -Naupr linux-4.14_orig/include/linux/skbuff.h linux-4.14/include/linux/skbuff.h ---- linux-4.14_orig/include/linux/skbuff.h 2017-11-13 01:46:13.000000000 +0700 -+++ linux-4.14/include/linux/skbuff.h 2017-11-13 11:46:45.847423298 +0700 -@@ -41,6 +41,10 @@ - #include <linux/in6.h> - #include <linux/if_packet.h> - #include <net/flow.h> -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+#include <linux/imq.h> -+#endif -+ - - /* The interface for checksum offload between the stack and networking drivers - * is as follows... -@@ -581,7 +585,7 @@ typedef unsigned int sk_buff_data_t; - typedef unsigned char *sk_buff_data_t; - #endif - --/** -+/** - * struct sk_buff - socket buffer - * @next: Next buffer in list - * @prev: Previous buffer in list -@@ -684,6 +688,9 @@ struct sk_buff { - * first. This is owned by whoever has the skb queued ATM. - */ - char cb[48] __aligned(8); -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ void *cb_next; -+#endif - - unsigned long _skb_refdst; - void (*destructor)(struct sk_buff *skb); -@@ -693,6 +700,9 @@ struct sk_buff { - #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) - unsigned long _nfct; - #endif -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ struct nf_queue_entry *nf_queue_entry; -+#endif - #if IS_ENABLED(CONFIG_BRIDGE_NETFILTER) - struct nf_bridge_info *nf_bridge; - #endif -@@ -772,6 +782,9 @@ struct sk_buff { - #ifdef CONFIG_NET_SWITCHDEV - __u8 offload_fwd_mark:1; - #endif -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ __u8 imq_flags:IMQ_F_BITS; -+#endif - #ifdef CONFIG_NET_CLS_ACT - __u8 tc_skip_classify:1; - __u8 tc_at_ingress:1; -@@ -870,7 +883,7 @@ static inline bool skb_pfmemalloc(const - */ - static inline struct dst_entry *skb_dst(const struct sk_buff *skb) - { -- /* If refdst was not refcounted, check we still are in a -+ /* If refdst was not refcounted, check we still are in a - * rcu_read_lock section - */ - WARN_ON((skb->_skb_refdst & SKB_DST_NOREF) && -@@ -960,6 +973,12 @@ void skb_tx_error(struct sk_buff *skb); - void consume_skb(struct sk_buff *skb); - void __consume_stateless_skb(struct sk_buff *skb); - void __kfree_skb(struct sk_buff *skb); -+ -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+int skb_save_cb(struct sk_buff *skb); -+int skb_restore_cb(struct sk_buff *skb); -+#endif -+ - extern struct kmem_cache *skbuff_head_cache; - - void kfree_skb_partial(struct sk_buff *skb, bool head_stolen); -@@ -3785,8 +3804,12 @@ static inline void __nf_copy(struct sk_b - dst->_nfct = src->_nfct; - nf_conntrack_get(skb_nfct(src)); - #endif -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ dst->imq_flags = src->imq_flags; -+ dst->nf_queue_entry = src->nf_queue_entry; -+#endif - #if IS_ENABLED(CONFIG_BRIDGE_NETFILTER) -- dst->nf_bridge = src->nf_bridge; -+ dst->nf_bridge = src->nf_bridge; - nf_bridge_get(src->nf_bridge); - #endif - #if IS_ENABLED(CONFIG_NETFILTER_XT_TARGET_TRACE) || defined(CONFIG_NF_TABLES) -diff -Naupr linux-4.14_orig/include/net/netfilter/nf_queue.h linux-4.14/include/net/netfilter/nf_queue.h ---- linux-4.14_orig/include/net/netfilter/nf_queue.h 2017-11-13 01:46:13.000000000 +0700 -+++ linux-4.14/include/net/netfilter/nf_queue.h 2017-11-13 11:46:45.847423298 +0700 -@@ -31,6 +31,12 @@ struct nf_queue_handler { - void nf_register_queue_handler(struct net *net, const struct nf_queue_handler *qh); - void nf_unregister_queue_handler(struct net *net); - void nf_reinject(struct nf_queue_entry *entry, unsigned int verdict); -+void nf_queue_entry_release_refs(struct nf_queue_entry *entry); -+ -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+void nf_register_queue_imq_handler(const struct nf_queue_handler *qh); -+void nf_unregister_queue_imq_handler(void); -+#endif - - void nf_queue_entry_get_refs(struct nf_queue_entry *entry); - void nf_queue_entry_release_refs(struct nf_queue_entry *entry); -diff -Naupr linux-4.14_orig/include/net/pkt_sched.h linux-4.14/include/net/pkt_sched.h ---- linux-4.14_orig/include/net/pkt_sched.h 2017-11-13 01:46:13.000000000 +0700 -+++ linux-4.14/include/net/pkt_sched.h 2017-11-13 11:46:45.850756651 +0700 -@@ -109,6 +109,8 @@ int sch_direct_xmit(struct sk_buff *skb, - - void __qdisc_run(struct Qdisc *q); - -+struct sk_buff *qdisc_dequeue_skb(struct Qdisc *q, bool *validate); -+ - static inline void qdisc_run(struct Qdisc *q) - { - if (qdisc_run_begin(q)) -diff -Naupr linux-4.14_orig/include/net/sch_generic.h linux-4.14/include/net/sch_generic.h ---- linux-4.14_orig/include/net/sch_generic.h 2017-11-13 01:46:13.000000000 +0700 -+++ linux-4.14/include/net/sch_generic.h 2017-11-13 11:46:45.850756651 +0700 -@@ -567,6 +567,13 @@ static inline int qdisc_enqueue(struct s - return sch->enqueue(skb, sch, to_free); - } - -+static inline int qdisc_enqueue_root(struct sk_buff *skb, struct Qdisc *sch, -+ struct sk_buff **to_free) -+{ -+ qdisc_skb_cb(skb)->pkt_len = skb->len; -+ return qdisc_enqueue(skb, sch, to_free) & NET_XMIT_MASK; -+} -+ - static inline bool qdisc_is_percpu_stats(const struct Qdisc *q) - { - return q->flags & TCQ_F_CPUSTATS; -diff -Naupr linux-4.14_orig/include/uapi/linux/netfilter.h linux-4.14/include/uapi/linux/netfilter.h ---- linux-4.14_orig/include/uapi/linux/netfilter.h 2017-11-13 01:46:13.000000000 +0700 -+++ linux-4.14/include/uapi/linux/netfilter.h 2017-11-13 11:46:45.850756651 +0700 -@@ -14,7 +14,8 @@ - #define NF_QUEUE 3 - #define NF_REPEAT 4 - #define NF_STOP 5 /* Deprecated, for userspace nf_queue compatibility. */ --#define NF_MAX_VERDICT NF_STOP -+#define NF_IMQ_QUEUE 6 -+#define NF_MAX_VERDICT NF_IMQ_QUEUE - - /* we overload the higher bits for encoding auxiliary data such as the queue - * number or errno values. Not nice, but better than additional function -diff -Naupr linux-4.14_orig/net/core/dev.c linux-4.14/net/core/dev.c ---- linux-4.14_orig/net/core/dev.c 2017-11-13 01:46:13.000000000 +0700 -+++ linux-4.14/net/core/dev.c 2017-11-13 11:46:45.854090004 +0700 -@@ -143,6 +143,9 @@ - #include <linux/hrtimer.h> - #include <linux/netfilter_ingress.h> - #include <linux/crash_dump.h> -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+#include <linux/imq.h> -+#endif - #include <linux/sctp.h> - #include <net/udp_tunnel.h> - -@@ -2971,7 +2974,12 @@ static int xmit_one(struct sk_buff *skb, - unsigned int len; - int rc; - -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ if ((!list_empty(&ptype_all) || !list_empty(&dev->ptype_all)) && -+ !(skb->imq_flags & IMQ_F_ENQUEUE)) -+#else - if (!list_empty(&ptype_all) || !list_empty(&dev->ptype_all)) -+#endif - dev_queue_xmit_nit(skb, dev); - - len = skb->len; -@@ -3010,6 +3018,8 @@ out: - return skb; - } - -+EXPORT_SYMBOL_GPL(dev_hard_start_xmit); -+ - static struct sk_buff *validate_xmit_vlan(struct sk_buff *skb, - netdev_features_t features) - { -diff -Naupr linux-4.14_orig/net/core/skbuff.c linux-4.14/net/core/skbuff.c ---- linux-4.14_orig/net/core/skbuff.c 2017-11-13 01:46:13.000000000 +0700 -+++ linux-4.14/net/core/skbuff.c 2017-11-13 11:46:45.854090004 +0700 -@@ -82,6 +82,87 @@ struct kmem_cache *skbuff_head_cache __r - static struct kmem_cache *skbuff_fclone_cache __read_mostly; - int sysctl_max_skb_frags __read_mostly = MAX_SKB_FRAGS; - EXPORT_SYMBOL(sysctl_max_skb_frags); -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+static struct kmem_cache *skbuff_cb_store_cache __read_mostly; -+#endif -+ -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+/* Control buffer save/restore for IMQ devices */ -+struct skb_cb_table { -+ char cb[48] __aligned(8); -+ void *cb_next; -+ atomic_t refcnt; -+}; -+ -+static DEFINE_SPINLOCK(skb_cb_store_lock); -+ -+int skb_save_cb(struct sk_buff *skb) -+{ -+ struct skb_cb_table *next; -+ -+ next = kmem_cache_alloc(skbuff_cb_store_cache, GFP_ATOMIC); -+ if (!next) -+ return -ENOMEM; -+ -+ BUILD_BUG_ON(sizeof(skb->cb) != sizeof(next->cb)); -+ -+ memcpy(next->cb, skb->cb, sizeof(skb->cb)); -+ next->cb_next = skb->cb_next; -+ -+ atomic_set(&next->refcnt, 1); -+ -+ skb->cb_next = next; -+ return 0; -+} -+EXPORT_SYMBOL(skb_save_cb); -+ -+int skb_restore_cb(struct sk_buff *skb) -+{ -+ struct skb_cb_table *next; -+ -+ if (!skb->cb_next) -+ return 0; -+ -+ next = skb->cb_next; -+ -+ BUILD_BUG_ON(sizeof(skb->cb) != sizeof(next->cb)); -+ -+ memcpy(skb->cb, next->cb, sizeof(skb->cb)); -+ skb->cb_next = next->cb_next; -+ -+ spin_lock(&skb_cb_store_lock); -+ -+ if (atomic_dec_and_test(&next->refcnt)) -+ kmem_cache_free(skbuff_cb_store_cache, next); -+ -+ spin_unlock(&skb_cb_store_lock); -+ -+ return 0; -+} -+EXPORT_SYMBOL(skb_restore_cb); -+ -+static void skb_copy_stored_cb(struct sk_buff * , const struct sk_buff * ) __attribute__ ((unused)); -+static void skb_copy_stored_cb(struct sk_buff *new, const struct sk_buff *__old) -+{ -+ struct skb_cb_table *next; -+ struct sk_buff *old; -+ -+ if (!__old->cb_next) { -+ new->cb_next = NULL; -+ return; -+ } -+ -+ spin_lock(&skb_cb_store_lock); -+ -+ old = (struct sk_buff *)__old; -+ -+ next = old->cb_next; -+ atomic_inc(&next->refcnt); -+ new->cb_next = next; -+ -+ spin_unlock(&skb_cb_store_lock); -+} -+#endif - - /** - * skb_panic - private function for out-of-line support -@@ -615,6 +696,28 @@ void skb_release_head_state(struct sk_bu - WARN_ON(in_irq()); - skb->destructor(skb); - } -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ /* -+ * This should not happen. When it does, avoid memleak by restoring -+ * the chain of cb-backups. -+ */ -+ while (skb->cb_next != NULL) { -+ if (net_ratelimit()) -+ pr_warn("IMQ: kfree_skb: skb->cb_next: %08x\n", -+ (unsigned int)(uintptr_t)skb->cb_next); -+ -+ skb_restore_cb(skb); -+ } -+ /* -+ * This should not happen either, nf_queue_entry is nullified in -+ * imq_dev_xmit(). If we have non-NULL nf_queue_entry then we are -+ * leaking entry pointers, maybe memory. We don't know if this is -+ * pointer to already freed memory, or should this be freed. -+ * If this happens we need to add refcounting, etc for nf_queue_entry. -+ */ -+ if (skb->nf_queue_entry && net_ratelimit()) -+ pr_warn("%s\n", "IMQ: kfree_skb: skb->nf_queue_entry != NULL"); -+#endif - #if IS_ENABLED(CONFIG_NF_CONNTRACK) - nf_conntrack_put(skb_nfct(skb)); - #endif -@@ -804,6 +907,10 @@ static void __copy_skb_header(struct sk_ - new->sp = secpath_get(old->sp); - #endif - __nf_copy(new, old, false); -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ new->cb_next = NULL; -+ /*skb_copy_stored_cb(new, old);*/ -+#endif - - /* Note : this field could be in headers_start/headers_end section - * It is not yet because we do not want to have a 16 bit hole -@@ -3902,6 +4009,13 @@ void __init skb_init(void) - 0, - SLAB_HWCACHE_ALIGN|SLAB_PANIC, - NULL); -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ skbuff_cb_store_cache = kmem_cache_create("skbuff_cb_store_cache", -+ sizeof(struct skb_cb_table), -+ 0, -+ SLAB_HWCACHE_ALIGN|SLAB_PANIC, -+ NULL); -+#endif - } - - static int -diff -Naupr linux-4.14_orig/net/netfilter/core.c linux-4.14/net/netfilter/core.c ---- linux-4.14_orig/net/netfilter/core.c 2017-11-13 01:46:13.000000000 +0700 -+++ linux-4.14/net/netfilter/core.c 2017-11-13 14:16:05.896850774 +0700 -@@ -474,6 +474,11 @@ int nf_hook_slow(struct sk_buff *skb, st - if (ret == 0) - ret = -EPERM; - return ret; -+ case NF_IMQ_QUEUE: -+ ret = nf_queue(skb, state, e, s, verdict); -+ if (ret == -ECANCELED) -+ continue; -+ return ret; - case NF_QUEUE: - ret = nf_queue(skb, state, e, s, verdict); - if (ret == 1) -diff -Naupr linux-4.14_orig/net/netfilter/Kconfig linux-4.14/net/netfilter/Kconfig ---- linux-4.14_orig/net/netfilter/Kconfig 2017-11-13 01:46:13.000000000 +0700 -+++ linux-4.14/net/netfilter/Kconfig 2017-11-13 11:46:45.857423358 +0700 -@@ -867,6 +867,18 @@ config NETFILTER_XT_TARGET_LOG - - To compile it as a module, choose M here. If unsure, say N. - -+config NETFILTER_XT_TARGET_IMQ -+ tristate '"IMQ" target support' -+ depends on NETFILTER_XTABLES -+ depends on IP_NF_MANGLE || IP6_NF_MANGLE -+ select IMQ -+ default m if NETFILTER_ADVANCED=n -+ help -+ This option adds a `IMQ' target which is used to specify if and -+ to which imq device packets should get enqueued/dequeued. -+ -+ To compile it as a module, choose M here. If unsure, say N. -+ - config NETFILTER_XT_TARGET_MARK - tristate '"MARK" target support' - depends on NETFILTER_ADVANCED -diff -Naupr linux-4.14_orig/net/netfilter/Makefile linux-4.14/net/netfilter/Makefile ---- linux-4.14_orig/net/netfilter/Makefile 2017-11-13 01:46:13.000000000 +0700 -+++ linux-4.14/net/netfilter/Makefile 2017-11-13 11:46:45.857423358 +0700 -@@ -125,6 +125,7 @@ obj-$(CONFIG_NETFILTER_XT_TARGET_CT) += - obj-$(CONFIG_NETFILTER_XT_TARGET_DSCP) += xt_DSCP.o - obj-$(CONFIG_NETFILTER_XT_TARGET_HL) += xt_HL.o - obj-$(CONFIG_NETFILTER_XT_TARGET_HMARK) += xt_HMARK.o -+obj-$(CONFIG_NETFILTER_XT_TARGET_IMQ) += xt_IMQ.o - obj-$(CONFIG_NETFILTER_XT_TARGET_LED) += xt_LED.o - obj-$(CONFIG_NETFILTER_XT_TARGET_LOG) += xt_LOG.o - obj-$(CONFIG_NETFILTER_XT_TARGET_NETMAP) += xt_NETMAP.o -diff -Naupr linux-4.14_orig/net/netfilter/nf_queue.c linux-4.14/net/netfilter/nf_queue.c ---- linux-4.14_orig/net/netfilter/nf_queue.c 2017-11-13 01:46:13.000000000 +0700 -+++ linux-4.14/net/netfilter/nf_queue.c 2017-11-13 14:25:21.436864671 +0700 -@@ -1,4 +1,4 @@ --/* -+ /* - * Rusty Russell (C)2000 -- This code is GPL. - * Patrick McHardy (c) 2006-2012 - */ -@@ -27,6 +27,23 @@ - * receives, no matter what. - */ - -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+static const struct nf_queue_handler __rcu *queue_imq_handler __read_mostly; -+ -+void nf_register_queue_imq_handler(const struct nf_queue_handler *qh) -+{ -+ rcu_assign_pointer(queue_imq_handler, qh); -+} -+EXPORT_SYMBOL_GPL(nf_register_queue_imq_handler); -+ -+void nf_unregister_queue_imq_handler(void) -+{ -+ RCU_INIT_POINTER(queue_imq_handler, NULL); -+ synchronize_rcu(); -+} -+EXPORT_SYMBOL_GPL(nf_unregister_queue_imq_handler); -+#endif -+ - /* return EBUSY when somebody else is registered, return EEXIST if the - * same handler is registered, return 0 in case of success. */ - void nf_register_queue_handler(struct net *net, const struct nf_queue_handler *qh) -@@ -113,16 +130,29 @@ EXPORT_SYMBOL_GPL(nf_queue_nf_hook_drop) - - static int __nf_queue(struct sk_buff *skb, const struct nf_hook_state *state, - const struct nf_hook_entries *entries, -- unsigned int index, unsigned int queuenum) -+ unsigned int index, unsigned int verdict) - { - int status = -ENOENT; - struct nf_queue_entry *entry = NULL; - const struct nf_afinfo *afinfo; - const struct nf_queue_handler *qh; - struct net *net = state->net; -+ unsigned int queuetype = verdict & NF_VERDICT_MASK; -+ unsigned int queuenum = verdict >> NF_VERDICT_QBITS; - - /* QUEUE == DROP if no one is waiting, to be safe. */ -- qh = rcu_dereference(net->nf.queue_handler); -+ -+ if (queuetype == NF_IMQ_QUEUE) { -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ qh = rcu_dereference(queue_imq_handler); -+#else -+ BUG(); -+ goto err_unlock; -+#endif -+ } else { -+ qh = rcu_dereference(net->nf.queue_handler); -+ } -+ - if (!qh) { - status = -ESRCH; - goto err; -@@ -169,8 +199,16 @@ int nf_queue(struct sk_buff *skb, struct - { - int ret; - -- ret = __nf_queue(skb, state, entries, index, verdict >> NF_VERDICT_QBITS); -+ ret = __nf_queue(skb, state, entries, index, verdict); - if (ret < 0) { -+ -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ /* IMQ Bypass */ -+ if (ret == -ECANCELED && skb->imq_flags == 0) { -+ return 1; -+ } -+#endif -+ - if (ret == -ESRCH && - (verdict & NF_VERDICT_FLAG_QUEUE_BYPASS)) - return 1; -@@ -256,6 +294,7 @@ next_hook: - local_bh_enable(); - break; - case NF_QUEUE: -+ case NF_IMQ_QUEUE: - err = nf_queue(skb, &entry->state, hooks, i, verdict); - if (err == 1) - goto next_hook; -diff -Naupr linux-4.14_orig/net/netfilter/xt_IMQ.c linux-4.14/net/netfilter/xt_IMQ.c ---- linux-4.14_orig/net/netfilter/xt_IMQ.c 1970-01-01 07:00:00.000000000 +0700 -+++ linux-4.14/net/netfilter/xt_IMQ.c 2017-11-13 11:46:45.857423358 +0700 -@@ -0,0 +1,72 @@ -+/* -+ * This target marks packets to be enqueued to an imq device -+ */ -+#include <linux/module.h> -+#include <linux/skbuff.h> -+#include <linux/netfilter/x_tables.h> -+#include <linux/netfilter/xt_IMQ.h> -+#include <linux/imq.h> -+ -+static unsigned int imq_target(struct sk_buff *pskb, -+ const struct xt_action_param *par) -+{ -+ const struct xt_imq_info *mr = par->targinfo; -+ -+ pskb->imq_flags = (mr->todev & IMQ_F_IFMASK) | IMQ_F_ENQUEUE; -+ -+ return XT_CONTINUE; -+} -+ -+static int imq_checkentry(const struct xt_tgchk_param *par) -+{ -+ struct xt_imq_info *mr = par->targinfo; -+ -+ if (mr->todev > IMQ_MAX_DEVS - 1) { -+ pr_warn("IMQ: invalid device specified, highest is %u\n", -+ IMQ_MAX_DEVS - 1); -+ return -EINVAL; -+ } -+ -+ return 0; -+} -+ -+static struct xt_target xt_imq_reg[] __read_mostly = { -+ { -+ .name = "IMQ", -+ .family = AF_INET, -+ .checkentry = imq_checkentry, -+ .target = imq_target, -+ .targetsize = sizeof(struct xt_imq_info), -+ .table = "mangle", -+ .me = THIS_MODULE -+ }, -+ { -+ .name = "IMQ", -+ .family = AF_INET6, -+ .checkentry = imq_checkentry, -+ .target = imq_target, -+ .targetsize = sizeof(struct xt_imq_info), -+ .table = "mangle", -+ .me = THIS_MODULE -+ }, -+}; -+ -+static int __init imq_init(void) -+{ -+ return xt_register_targets(xt_imq_reg, ARRAY_SIZE(xt_imq_reg)); -+} -+ -+static void __exit imq_fini(void) -+{ -+ xt_unregister_targets(xt_imq_reg, ARRAY_SIZE(xt_imq_reg)); -+} -+ -+module_init(imq_init); -+module_exit(imq_fini); -+ -+MODULE_AUTHOR("https://github.com/imq/linuximq"); -+MODULE_DESCRIPTION("Pseudo-driver for the intermediate queue device. See https://github.com/imq/linuximq/wiki for more information."); -+MODULE_LICENSE("GPL"); -+MODULE_ALIAS("ipt_IMQ"); -+MODULE_ALIAS("ip6t_IMQ"); -+ -diff -Naupr linux-4.14_orig/net/sched/sch_generic.c linux-4.14/net/sched/sch_generic.c ---- linux-4.14_orig/net/sched/sch_generic.c 2017-11-13 01:46:13.000000000 +0700 -+++ linux-4.14/net/sched/sch_generic.c 2017-11-13 11:46:45.857423358 +0700 -@@ -158,6 +158,14 @@ trace: - return skb; - } - -+struct sk_buff *qdisc_dequeue_skb(struct Qdisc *q, bool *validate) -+{ -+ int packets; -+ -+ return dequeue_skb(q, validate, &packets); -+} -+EXPORT_SYMBOL(qdisc_dequeue_skb); -+ - /* - * Transmit possibly several skbs, and handle the return status as - * required. Owning running seqcount bit guarantees that
hooks/post-receive -- IPFire 2.x development tree