[git.ipfire.org] IPFire 2.x development tree branch, fifteen, updated. e39ac92dd298fee0e546638c36f568978398a5f1 - IPFire-SCM

9 Dec 2013

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, fifteen has been updated
       via  e39ac92dd298fee0e546638c36f568978398a5f1 (commit)
       via  be33adfb3d958259695d8b8ce2803181fbf78be2 (commit)
      from  50ce309b6ab17dc61648e7d6654117d5e1661cd7 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit e39ac92dd298fee0e546638c36f568978398a5f1
Merge: be33adf 50ce309
Author: Arne Fitzenreiter arne_f@ipfire.org
Date:   Mon Dec 9 17:13:34 2013 +0100
Merge branch 'fifteen' of ssh://git.ipfire.org/pub/git/ipfire-2.x into fifteen
commit be33adfb3d958259695d8b8ce2803181fbf78be2
Author: Arne Fitzenreiter arne_f@ipfire.org
Date:   Mon Dec 9 17:10:59 2013 +0100
kernel: update to 3.10.23.
-----------------------------------------------------------------------
Summary of changes:
 lfs/linux                                          |  10 +-
 ...mq_kernel3.10.patch => imq_kernel3.10.23.patch} | 136 ++++++++++-----------
 2 files changed, 73 insertions(+), 73 deletions(-)
 rename src/patches/{imq_kernel3.10.patch => imq_kernel3.10.23.patch} (98%)
Difference in files:

diff --git a/lfs/linux b/lfs/linux
index 1a9f770..5d43087 100644
--- a/lfs/linux
+++ b/lfs/linux
@@ -24,10 +24,10 @@
include Config
-VER        = 3.10.22
+VER        = 3.10.23
RPI_PATCHES = linux-3.10.10-grsec-c1af7c6
-GRS_PATCHES = grsecurity-2.9.1-3.10.22-ipfire1.patch.xz
+GRS_PATCHES = grsecurity-2.9.1-3.10.23-ipfire1.patch.xz
THISAPP    = linux-$(VER)
 DL_FILE    = linux-$(VER).tar.xz
@@ -74,9 +74,9 @@ $(DL_FILE)				= $(URL_IPFIRE)/$(DL_FILE)
 rpi-patches-$(RPI_PATCHES).patch.xz	= $(URL_IPFIRE)/rpi-patches-$(RPI_PATCHES).patch.xz
 $(GRS_PATCHES)				= $(URL_IPFIRE)/$(GRS_PATCHES)
-$(DL_FILE)_MD5				= d2b030e809d0f03d2d6ddfcc5108d641
+$(DL_FILE)_MD5				= 94cb4721ea83c0366b109258b3b1308c
 rpi-patches-$(RPI_PATCHES).patch.xz_MD5	= f55981853573236069db5ad9fb7a4bd9
-$(GRS_PATCHES)_MD5			= 2fe9cf094b9069918f66b2b1895431eb
+$(GRS_PATCHES)_MD5			= 7a97383d2dd9dc85cc72af723e4734bb
install : $(TARGET)
@@ -112,7 +112,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
    ln -svf linux-$(VER) $(DIR_SRC)/linux
# Linux Intermediate Queueing Device
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/imq_kernel3.10.patch
+	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/imq_kernel3.10.23.patch
# ipp2p 0.8.2-ipfire
    cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-3.10-ipp2p-0.8.2-ipfire.patch
diff --git a/src/patches/imq_kernel3.10.23.patch b/src/patches/imq_kernel3.10.23.patch
new file mode 100644
index 0000000..9ee85e7
--- /dev/null
+++ b/src/patches/imq_kernel3.10.23.patch
@@ -0,0 +1,1568 @@
+diff -uNr linux-3.9.1/drivers/net/imq.c linux-3.9.1-imqmq/drivers/net/imq.c
+--- linux-3.9.1/drivers/net/imq.c	1970-01-01 02:00:00.000000000 +0200
++++ linux-3.9.1-imqmq/drivers/net/imq.c	2013-05-08 17:30:41.715552053 +0300
+@@ -0,0 +1,861 @@
++/*
++ *             Pseudo-driver for the intermediate queue device.
++ *
++ *             This program is free software; you can redistribute it and/or
++ *             modify it under the terms of the GNU General Public License
++ *             as published by the Free Software Foundation; either version
++ *             2 of the License, or (at your option) any later version.
++ *
++ * Authors:    Patrick McHardy, kaber@trash.net
++ *
++ *            The first version was written by Martin Devera, devik@cdi.cz
++ *
++ * Credits:    Jan Rafaj imq2t@cedric.vabo.cz
++ *              - Update patch to 2.4.21
++ *             Sebastian Strollo sstrollo@nortelnetworks.com
++ *              - Fix "Dead-loop on netdevice imq"-issue
++ *             Marcel Sebek sebek64@post.cz
++ *              - Update to 2.6.2-rc1
++ *
++ *	       After some time of inactivity there is a group taking care
++ *	       of IMQ again: http://www.linuximq.net
++ *
++ *
++ *	       2004/06/30 - New version of IMQ patch to kernels <=2.6.7
++ *             including the following changes:
++ *
++ *	       - Correction of ipv6 support "+"s issue (Hasso Tepper)
++ *	       - Correction of imq_init_devs() issue that resulted in
++ *	       kernel OOPS unloading IMQ as module (Norbert Buchmuller)
++ *	       - Addition of functionality to choose number of IMQ devices
++ *	       during kernel config (Andre Correa)
++ *	       - Addition of functionality to choose how IMQ hooks on
++ *	       PRE and POSTROUTING (after or before NAT) (Andre Correa)
++ *	       - Cosmetic corrections (Norbert Buchmuller) (Andre Correa)
++ *
++ *
++ *             2005/12/16 - IMQ versions between 2.6.7 and 2.6.13 were
++ *             released with almost no problems. 2.6.14-x was released
++ *             with some important changes: nfcache was removed; After
++ *             some weeks of trouble we figured out that some IMQ fields
++ *             in skb were missing in skbuff.c - skb_clone and copy_skb_header.
++ *             These functions are correctly patched by this new patch version.
++ *
++ *             Thanks for all who helped to figure out all the problems with
++ *             2.6.14.x: Patrick McHardy, Rune Kock, VeNoMouS, Max CtRiX,
++ *             Kevin Shanahan, Richard Lucassen, Valery Dachev (hopefully
++ *             I didn't forget anybody). I apologize again for my lack of time.
++ *
++ *
++ *             2008/06/17 - 2.6.25 - Changed imq.c to use qdisc_run() instead
++ *             of qdisc_restart() and moved qdisc_run() to tasklet to avoid
++ *             recursive locking. New initialization routines to fix 'rmmod' not
++ *             working anymore. Used code from ifb.c. (Jussi Kivilinna)
++ *
++ *             2008/08/06 - 2.6.26 - (JK)
++ *              - Replaced tasklet with 'netif_schedule()'.
++ *              - Cleaned up and added comments for imq_nf_queue().
++ *
++ *             2009/04/12
++ *              - Add skb_save_cb/skb_restore_cb helper functions for backuping
++ *                control buffer. This is needed because qdisc-layer on kernels
++ *                2.6.27 and newer overwrite control buffer. (Jussi Kivilinna)
++ *              - Add better locking for IMQ device. Hopefully this will solve
++ *                SMP issues. (Jussi Kivilinna)
++ *              - Port to 2.6.27
++ *              - Port to 2.6.28
++ *              - Port to 2.6.29 + fix rmmod not working
++ *
++ *             2009/04/20 - (Jussi Kivilinna)
++ *              - Use netdevice feature flags to avoid extra packet handling
++ *                by core networking layer and possibly increase performance.
++ *
++ *             2009/09/26 - (Jussi Kivilinna)
++ *              - Add imq_nf_reinject_lockless to fix deadlock with
++ *                imq_nf_queue/imq_nf_reinject.
++ *
++ *             2009/12/08 - (Jussi Kivilinna)
++ *              - Port to 2.6.32
++ *              - Add check for skb->nf_queue_entry==NULL in imq_dev_xmit()
++ *              - Also add better error checking for skb->nf_queue_entry usage
++ *
++ *             2010/02/25 - (Jussi Kivilinna)
++ *              - Port to 2.6.33
++ *
++ *             2010/08/15 - (Jussi Kivilinna)
++ *              - Port to 2.6.35
++ *              - Simplify hook registration by using nf_register_hooks.
++ *              - nf_reinject doesn't need spinlock around it, therefore remove
++ *                imq_nf_reinject function. Other nf_reinject users protect
++ *                their own data with spinlock. With IMQ however all data is
++ *                needed is stored per skbuff, so no locking is needed.
++ *              - Changed IMQ to use 'separate' NF_IMQ_QUEUE instead of
++ *                NF_QUEUE, this allows working coexistance of IMQ and other
++ *                NF_QUEUE users.
++ *              - Make IMQ multi-queue. Number of IMQ device queues can be
++ *                increased with 'numqueues' module parameters. Default number
++ *                of queues is 1, in other words by default IMQ works as
++ *                single-queue device. Multi-queue selection is based on
++ *                IFB multi-queue patch by Changli Gao xiaosuo@gmail.com.
++ *
++ *             2011/03/18 - (Jussi Kivilinna)
++ *              - Port to 2.6.38
++ *
++ *             2011/07/12 - (syoder89@gmail.com)
++ *              - Crash fix that happens when the receiving interface has more
++ *                than one queue (add missing skb_set_queue_mapping in
++ *                imq_select_queue).
++ *
++ *             2011/07/26 - (Jussi Kivilinna)
++ *              - Add queue mapping checks for packets exiting IMQ.
++ *              - Port to 3.0
++ *
++ *             2011/08/16 - (Jussi Kivilinna)
++ *              - Clear IFF_TX_SKB_SHARING flag that was added for linux 3.0.2
++ *
++ *             2011/11/03 - Germano Michel germanomichel@gmail.com
++ *              - Fix IMQ for net namespaces
++ *
++ *             2011/11/04 - Jussi Kivilinna jussi.kivilinna@mbnet.fi
++ *              - Port to 3.1
++ *              - Clean-up, move 'get imq device pointer by imqX name' to
++ *                separate function from imq_nf_queue().
++ *
++ *             2012/01/05 - Jussi Kivilinna jussi.kivilinna@mbnet.fi
++ *              - Port to 3.2
++ *
++ *             2012/03/19 - Jussi Kivilinna jussi.kivilinna@mbnet.fi
++ *              - Port to 3.3
++ *
++ *             2012/12/12 - Jussi Kivilinna jussi.kivilinna@mbnet.fi
++ *              - Port to 3.7
++ *              - Fix checkpatch.pl warnings
++ *
++ *	       Also, many thanks to pablo Sebastian Greco for making the initial
++ *	       patch and to those who helped the testing.
++ *
++ *             More info at: http://www.linuximq.net/ (Andre Correa)
++ */
++
++#include <linux/module.h>
++#include <linux/kernel.h>
++#include <linux/moduleparam.h>
++#include <linux/list.h>
++#include <linux/skbuff.h>
++#include <linux/netdevice.h>
++#include <linux/etherdevice.h>
++#include <linux/rtnetlink.h>
++#include <linux/if_arp.h>
++#include <linux/netfilter.h>
++#include <linux/netfilter_ipv4.h>
++#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
++	#include <linux/netfilter_ipv6.h>
++#endif
++#include <linux/imq.h>
++#include <net/pkt_sched.h>
++#include <net/netfilter/nf_queue.h>
++#include <net/sock.h>
++#include <linux/ip.h>
++#include <linux/ipv6.h>
++#include <linux/if_vlan.h>
++#include <linux/if_pppox.h>
++#include <net/ip.h>
++#include <net/ipv6.h>
++
++static int imq_nf_queue(struct nf_queue_entry *entry, unsigned int queue_num);
++
++static nf_hookfn imq_nf_hook;
++
++static struct nf_hook_ops imq_ops[] = {
++	{
++	/* imq_ingress_ipv4 */
++		.hook		= imq_nf_hook,
++		.owner		= THIS_MODULE,
++		.pf		= PF_INET,
++		.hooknum	= NF_INET_PRE_ROUTING,
++#if defined(CONFIG_IMQ_BEHAVIOR_BA) || defined(CONFIG_IMQ_BEHAVIOR_BB)
++		.priority	= NF_IP_PRI_MANGLE + 1,
++#else
++		.priority	= NF_IP_PRI_NAT_DST + 1,
++#endif
++	},
++	{
++	/* imq_egress_ipv4 */
++		.hook		= imq_nf_hook,
++		.owner		= THIS_MODULE,
++		.pf		= PF_INET,
++		.hooknum	= NF_INET_POST_ROUTING,
++#if defined(CONFIG_IMQ_BEHAVIOR_AA) || defined(CONFIG_IMQ_BEHAVIOR_BA)
++		.priority	= NF_IP_PRI_LAST,
++#else
++		.priority	= NF_IP_PRI_NAT_SRC - 1,
++#endif
++	},
++#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
++	{
++	/* imq_ingress_ipv6 */
++		.hook		= imq_nf_hook,
++		.owner		= THIS_MODULE,
++		.pf		= PF_INET6,
++		.hooknum	= NF_INET_PRE_ROUTING,
++#if defined(CONFIG_IMQ_BEHAVIOR_BA) || defined(CONFIG_IMQ_BEHAVIOR_BB)
++		.priority	= NF_IP6_PRI_MANGLE + 1,
++#else
++		.priority	= NF_IP6_PRI_NAT_DST + 1,
++#endif
++	},
++	{
++	/* imq_egress_ipv6 */
++		.hook		= imq_nf_hook,
++		.owner		= THIS_MODULE,
++		.pf		= PF_INET6,
++		.hooknum	= NF_INET_POST_ROUTING,
++#if defined(CONFIG_IMQ_BEHAVIOR_AA) || defined(CONFIG_IMQ_BEHAVIOR_BA)
++		.priority	= NF_IP6_PRI_LAST,
++#else
++		.priority	= NF_IP6_PRI_NAT_SRC - 1,
++#endif
++	},
++#endif
++};
++
++#if defined(CONFIG_IMQ_NUM_DEVS)
++static int numdevs = CONFIG_IMQ_NUM_DEVS;
++#else
++static int numdevs = IMQ_MAX_DEVS;
++#endif
++
++static struct net_device *imq_devs_cache[IMQ_MAX_DEVS];
++
++#define IMQ_MAX_QUEUES 32
++static int numqueues = 1;
++static u32 imq_hashrnd;
++
++static inline __be16 pppoe_proto(const struct sk_buff *skb)
++{
++	return *((__be16 *)(skb_mac_header(skb) + ETH_HLEN +
++			sizeof(struct pppoe_hdr)));
++}
++
++static u16 imq_hash(struct net_device *dev, struct sk_buff *skb)
++{
++	unsigned int pull_len;
++	u16 protocol = skb->protocol;
++	u32 addr1, addr2;
++	u32 hash, ihl = 0;
++	union {
++		u16 in16[2];
++		u32 in32;
++	} ports;
++	u8 ip_proto;
++
++	pull_len = 0;
++
++recheck:
++	switch (protocol) {
++	case htons(ETH_P_8021Q): {
++		if (unlikely(skb_pull(skb, VLAN_HLEN) == NULL))
++			goto other;
++
++		pull_len += VLAN_HLEN;
++		skb->network_header += VLAN_HLEN;
++
++		protocol = vlan_eth_hdr(skb)->h_vlan_encapsulated_proto;
++		goto recheck;
++	}
++
++	case htons(ETH_P_PPP_SES): {
++		if (unlikely(skb_pull(skb, PPPOE_SES_HLEN) == NULL))
++			goto other;
++
++		pull_len += PPPOE_SES_HLEN;
++		skb->network_header += PPPOE_SES_HLEN;
++
++		protocol = pppoe_proto(skb);
++		goto recheck;
++	}
++
++	case htons(ETH_P_IP): {
++		const struct iphdr *iph = ip_hdr(skb);
++
++		if (unlikely(!pskb_may_pull(skb, sizeof(struct iphdr))))
++			goto other;
++
++		addr1 = iph->daddr;
++		addr2 = iph->saddr;
++
++		ip_proto = !(ip_hdr(skb)->frag_off & htons(IP_MF | IP_OFFSET)) ?
++				 iph->protocol : 0;
++		ihl = ip_hdrlen(skb);
++
++		break;
++	}
++#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
++	case htons(ETH_P_IPV6): {
++		const struct ipv6hdr *iph = ipv6_hdr(skb);
++		__be16 fo = 0;
++
++		if (unlikely(!pskb_may_pull(skb, sizeof(struct ipv6hdr))))
++			goto other;
++
++		addr1 = iph->daddr.s6_addr32[3];
++		addr2 = iph->saddr.s6_addr32[3];
++		ihl = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr), &ip_proto,
++				       &fo);
++		if (unlikely(ihl < 0))
++			goto other;
++
++		break;
++	}
++#endif
++	default:
++other:
++		if (pull_len != 0) {
++			skb_push(skb, pull_len);
++			skb->network_header -= pull_len;
++		}
++
++		return (u16)(ntohs(protocol) % dev->real_num_tx_queues);
++	}
++
++	if (addr1 > addr2)
++		swap(addr1, addr2);
++
++	switch (ip_proto) {
++	case IPPROTO_TCP:
++	case IPPROTO_UDP:
++	case IPPROTO_DCCP:
++	case IPPROTO_ESP:
++	case IPPROTO_AH:
++	case IPPROTO_SCTP:
++	case IPPROTO_UDPLITE: {
++		if (likely(skb_copy_bits(skb, ihl, &ports.in32, 4) >= 0)) {
++			if (ports.in16[0] > ports.in16[1])
++				swap(ports.in16[0], ports.in16[1]);
++			break;
++		}
++		/* fall-through */
++	}
++	default:
++		ports.in32 = 0;
++		break;
++	}
++
++	if (pull_len != 0) {
++		skb_push(skb, pull_len);
++		skb->network_header -= pull_len;
++	}
++
++	hash = jhash_3words(addr1, addr2, ports.in32, imq_hashrnd ^ ip_proto);
++
++	return (u16)(((u64)hash * dev->real_num_tx_queues) >> 32);
++}
++
++static inline bool sk_tx_queue_recorded(struct sock *sk)
++{
++	return (sk_tx_queue_get(sk) >= 0);
++}
++
++static struct netdev_queue *imq_select_queue(struct net_device *dev,
++						struct sk_buff *skb)
++{
++	u16 queue_index = 0;
++	u32 hash;
++
++	if (likely(dev->real_num_tx_queues == 1))
++		goto out;
++
++	/* IMQ can be receiving ingress or engress packets. */
++
++	/* Check first for if rx_queue is set */
++	if (skb_rx_queue_recorded(skb)) {
++		queue_index = skb_get_rx_queue(skb);
++		goto out;
++	}
++
++	/* Check if socket has tx_queue set */
++	if (sk_tx_queue_recorded(skb->sk)) {
++		queue_index = sk_tx_queue_get(skb->sk);
++		goto out;
++	}
++
++	/* Try use socket hash */
++	if (skb->sk && skb->sk->sk_hash) {
++		hash = skb->sk->sk_hash;
++		queue_index =
++			(u16)(((u64)hash * dev->real_num_tx_queues) >> 32);
++		goto out;
++	}
++
++	/* Generate hash from packet data */
++	queue_index = imq_hash(dev, skb);
++
++out:
++	if (unlikely(queue_index >= dev->real_num_tx_queues))
++		queue_index = (u16)((u32)queue_index % dev->real_num_tx_queues);
++
++	skb_set_queue_mapping(skb, queue_index);
++	return netdev_get_tx_queue(dev, queue_index);
++}
++
++static struct net_device_stats *imq_get_stats(struct net_device *dev)
++{
++	return &dev->stats;
++}
++
++/* called for packets kfree'd in qdiscs at places other than enqueue */
++static void imq_skb_destructor(struct sk_buff *skb)
++{
++	struct nf_queue_entry *entry = skb->nf_queue_entry;
++
++	skb->nf_queue_entry = NULL;
++
++	if (entry) {
++		nf_queue_entry_release_refs(entry);
++		kfree(entry);
++	}
++
++	skb_restore_cb(skb); /* kfree backup */
++}
++
++static void imq_done_check_queue_mapping(struct sk_buff *skb,
++					 struct net_device *dev)
++{
++	unsigned int queue_index;
++
++	/* Don't let queue_mapping be left too large after exiting IMQ */
++	if (likely(skb->dev != dev && skb->dev != NULL)) {
++		queue_index = skb_get_queue_mapping(skb);
++		if (unlikely(queue_index >= skb->dev->real_num_tx_queues)) {
++			queue_index = (u16)((u32)queue_index %
++						skb->dev->real_num_tx_queues);
++			skb_set_queue_mapping(skb, queue_index);
++		}
++	} else {
++		/* skb->dev was IMQ device itself or NULL, be on safe side and
++		 * just clear queue mapping.
++		 */
++		skb_set_queue_mapping(skb, 0);
++	}
++}
++
++static netdev_tx_t imq_dev_xmit(struct sk_buff *skb, struct net_device *dev)
++{
++	struct nf_queue_entry *entry = skb->nf_queue_entry;
++
++	skb->nf_queue_entry = NULL;
++	dev->trans_start = jiffies;
++
++	dev->stats.tx_bytes += skb->len;
++	dev->stats.tx_packets++;
++
++	if (unlikely(entry == NULL)) {
++		/* We don't know what is going on here.. packet is queued for
++		 * imq device, but (probably) not by us.
++		 *
++		 * If this packet was not send here by imq_nf_queue(), then
++		 * skb_save_cb() was not used and skb_free() should not show:
++		 *   WARNING: IMQ: kfree_skb: skb->cb_next:..
++		 * and/or
++		 *   WARNING: IMQ: kfree_skb: skb->nf_queue_entry...
++		 *
++		 * However if this message is shown, then IMQ is somehow broken
++		 * and you should report this to linuximq.net.
++		 */
++
++		/* imq_dev_xmit is black hole that eats all packets, report that
++		 * we eat this packet happily and increase dropped counters.
++		 */
++
++		dev->stats.tx_dropped++;
++		dev_kfree_skb(skb);
++
++		return NETDEV_TX_OK;
++	}
++
++	skb_restore_cb(skb); /* restore skb->cb */
++
++	skb->imq_flags = 0;
++	skb->destructor = NULL;
++
++	imq_done_check_queue_mapping(skb, dev);
++
++	nf_reinject(entry, NF_ACCEPT);
++
++	return NETDEV_TX_OK;
++}
++
++static struct net_device *get_imq_device_by_index(int index)
++{
++	struct net_device *dev = NULL;
++	struct net *net;
++	char buf[8];
++
++	/* get device by name and cache result */
++	snprintf(buf, sizeof(buf), "imq%d", index);
++
++	/* Search device from all namespaces. */
++	for_each_net(net) {
++		dev = dev_get_by_name(net, buf);
++		if (dev)
++			break;
++	}
++
++	if (WARN_ON_ONCE(dev == NULL)) {
++		/* IMQ device not found. Exotic config? */
++		return ERR_PTR(-ENODEV);
++	}
++
++	imq_devs_cache[index] = dev;
++	dev_put(dev);
++
++	return dev;
++}
++
++static int imq_nf_queue(struct nf_queue_entry *entry, unsigned int queue_num)
++{
++	struct net_device *dev;
++	struct sk_buff *skb_orig, *skb, *skb_shared;
++	struct Qdisc *q;
++	struct netdev_queue *txq;
++	spinlock_t *root_lock;
++	int users, index;
++	int retval = -EINVAL;
++	unsigned int orig_queue_index;
++
++	index = entry->skb->imq_flags & IMQ_F_IFMASK;
++	if (unlikely(index > numdevs - 1)) {
++		if (net_ratelimit())
++			pr_warn("IMQ: invalid device specified, highest is %u\n",
++				numdevs - 1);
++		retval = -EINVAL;
++		goto out;
++	}
++
++	/* check for imq device by index from cache */
++	dev = imq_devs_cache[index];
++	if (unlikely(!dev)) {
++		dev = get_imq_device_by_index(index);
++		if (IS_ERR(dev)) {
++			retval = PTR_ERR(dev);
++			goto out;
++		}
++	}
++
++	if (unlikely(!(dev->flags & IFF_UP))) {
++		entry->skb->imq_flags = 0;
++		nf_reinject(entry, NF_ACCEPT);
++		retval = 0;
++		goto out;
++	}
++	dev->last_rx = jiffies;
++
++	skb = entry->skb;
++	skb_orig = NULL;
++
++	/* skb has owner? => make clone */
++	if (unlikely(skb->destructor)) {
++		skb_orig = skb;
++		skb = skb_clone(skb, GFP_ATOMIC);
++		if (unlikely(!skb)) {
++			retval = -ENOMEM;
++			goto out;
++		}
++		entry->skb = skb;
++	}
++
++	skb->nf_queue_entry = entry;
++
++	dev->stats.rx_bytes += skb->len;
++	dev->stats.rx_packets++;
++
++	if (!skb->dev) {
++		/* skb->dev == NULL causes problems, try the find cause. */
++		if (net_ratelimit()) {
++			dev_warn(&dev->dev,
++				 "received packet with skb->dev == NULL\n");
++			dump_stack();
++		}
++
++		skb->dev = dev;
++	}
++
++	/* Disables softirqs for lock below */
++	rcu_read_lock_bh();
++
++	/* Multi-queue selection */
++	orig_queue_index = skb_get_queue_mapping(skb);
++	txq = imq_select_queue(dev, skb);
++
++	q = rcu_dereference(txq->qdisc);
++	if (unlikely(!q->enqueue))
++		goto packet_not_eaten_by_imq_dev;
++
++	root_lock = qdisc_lock(q);
++	spin_lock(root_lock);
++
++	users = atomic_read(&skb->users);
++
++	skb_shared = skb_get(skb); /* increase reference count by one */
++
++	/* backup skb->cb, as qdisc layer will overwrite it */
++	skb_save_cb(skb_shared);
++	qdisc_enqueue_root(skb_shared, q); /* might kfree_skb */
++
++	if (likely(atomic_read(&skb_shared->users) == users + 1)) {
++		kfree_skb(skb_shared); /* decrease reference count by one */
++
++		skb->destructor = &imq_skb_destructor;
++
++		/* cloned? */
++		if (unlikely(skb_orig))
++			kfree_skb(skb_orig); /* free original */
++
++		spin_unlock(root_lock);
++		rcu_read_unlock_bh();
++
++		/* schedule qdisc dequeue */
++		__netif_schedule(q);
++
++		retval = 0;
++		goto out;
++	} else {
++		skb_restore_cb(skb_shared); /* restore skb->cb */
++		skb->nf_queue_entry = NULL;
++		/*
++		 * qdisc dropped packet and decreased skb reference count of
++		 * skb, so we don't really want to and try refree as that would
++		 * actually destroy the skb.
++		 */
++		spin_unlock(root_lock);
++		goto packet_not_eaten_by_imq_dev;
++	}
++
++packet_not_eaten_by_imq_dev:
++	skb_set_queue_mapping(skb, orig_queue_index);
++	rcu_read_unlock_bh();
++
++	/* cloned? restore original */
++	if (unlikely(skb_orig)) {
++		kfree_skb(skb);
++		entry->skb = skb_orig;
++	}
++	retval = -1;
++out:
++	return retval;
++}
++
++static unsigned int imq_nf_hook(unsigned int hook, struct sk_buff *pskb,
++				const struct net_device *indev,
++				const struct net_device *outdev,
++				int (*okfn)(struct sk_buff *))
++{
++	return (pskb->imq_flags & IMQ_F_ENQUEUE) ? NF_IMQ_QUEUE : NF_ACCEPT;
++}
++
++static int imq_close(struct net_device *dev)
++{
++	netif_stop_queue(dev);
++	return 0;
++}
++
++static int imq_open(struct net_device *dev)
++{
++	netif_start_queue(dev);
++	return 0;
++}
++
++static const struct net_device_ops imq_netdev_ops = {
++	.ndo_open		= imq_open,
++	.ndo_stop		= imq_close,
++	.ndo_start_xmit		= imq_dev_xmit,
++	.ndo_get_stats		= imq_get_stats,
++};
++
++static void imq_setup(struct net_device *dev)
++{
++	dev->netdev_ops		= &imq_netdev_ops;
++	dev->type		= ARPHRD_VOID;
++	dev->mtu		= 16000; /* too small? */
++	dev->tx_queue_len	= 11000; /* too big? */
++	dev->flags		= IFF_NOARP;
++	dev->features		= NETIF_F_SG | NETIF_F_FRAGLIST |
++				  NETIF_F_GSO | NETIF_F_HW_CSUM |
++				  NETIF_F_HIGHDMA;
++	dev->priv_flags		&= ~(IFF_XMIT_DST_RELEASE |
++				     IFF_TX_SKB_SHARING);
++}
++
++static int imq_validate(struct nlattr *tb[], struct nlattr *data[])
++{
++	int ret = 0;
++
++	if (tb[IFLA_ADDRESS]) {
++		if (nla_len(tb[IFLA_ADDRESS]) != ETH_ALEN) {
++			ret = -EINVAL;
++			goto end;
++		}
++		if (!is_valid_ether_addr(nla_data(tb[IFLA_ADDRESS]))) {
++			ret = -EADDRNOTAVAIL;
++			goto end;
++		}
++	}
++	return 0;
++end:
++	pr_warn("IMQ: imq_validate failed (%d)\n", ret);
++	return ret;
++}
++
++static struct rtnl_link_ops imq_link_ops __read_mostly = {
++	.kind		= "imq",
++	.priv_size	= 0,
++	.setup		= imq_setup,
++	.validate	= imq_validate,
++};
++
++static const struct nf_queue_handler imq_nfqh = {
++	.outfn = imq_nf_queue,
++};
++
++static int __init imq_init_hooks(void)
++{
++	int ret;
++
++	nf_register_queue_imq_handler(&imq_nfqh);
++
++	ret = nf_register_hooks(imq_ops, ARRAY_SIZE(imq_ops));
++	if (ret < 0)
++		nf_unregister_queue_imq_handler();
++
++	return ret;
++}
++
++static int __init imq_init_one(int index)
++{
++	struct net_device *dev;
++	int ret;
++
++	dev = alloc_netdev_mq(0, "imq%d", imq_setup, numqueues);
++	if (!dev)
++		return -ENOMEM;
++
++	ret = dev_alloc_name(dev, dev->name);
++	if (ret < 0)
++		goto fail;
++
++	dev->rtnl_link_ops = &imq_link_ops;
++	ret = register_netdevice(dev);
++	if (ret < 0)
++		goto fail;
++
++	return 0;
++fail:
++	free_netdev(dev);
++	return ret;
++}
++
++static int __init imq_init_devs(void)
++{
++	int err, i;
++
++	if (numdevs < 1 || numdevs > IMQ_MAX_DEVS) {
++		pr_err("IMQ: numdevs has to be betweed 1 and %u\n",
++		       IMQ_MAX_DEVS);
++		return -EINVAL;
++	}
++
++	if (numqueues < 1 || numqueues > IMQ_MAX_QUEUES) {
++		pr_err("IMQ: numqueues has to be betweed 1 and %u\n",
++		       IMQ_MAX_QUEUES);
++		return -EINVAL;
++	}
++
++	get_random_bytes(&imq_hashrnd, sizeof(imq_hashrnd));
++
++	rtnl_lock();
++	err = __rtnl_link_register(&imq_link_ops);
++
++	for (i = 0; i < numdevs && !err; i++)
++		err = imq_init_one(i);
++
++	if (err) {
++		__rtnl_link_unregister(&imq_link_ops);
++		memset(imq_devs_cache, 0, sizeof(imq_devs_cache));
++	}
++	rtnl_unlock();
++
++	return err;
++}
++
++static int __init imq_init_module(void)
++{
++	int err;
++
++#if defined(CONFIG_IMQ_NUM_DEVS)
++	BUILD_BUG_ON(CONFIG_IMQ_NUM_DEVS > 16);
++	BUILD_BUG_ON(CONFIG_IMQ_NUM_DEVS < 2);
++	BUILD_BUG_ON(CONFIG_IMQ_NUM_DEVS - 1 > IMQ_F_IFMASK);
++#endif
++
++	err = imq_init_devs();
++	if (err) {
++		pr_err("IMQ: Error trying imq_init_devs(net)\n");
++		return err;
++	}
++
++	err = imq_init_hooks();
++	if (err) {
++		pr_err(KERN_ERR "IMQ: Error trying imq_init_hooks()\n");
++		rtnl_link_unregister(&imq_link_ops);
++		memset(imq_devs_cache, 0, sizeof(imq_devs_cache));
++		return err;
++	}
++
++	pr_info("IMQ driver loaded successfully. (numdevs = %d, numqueues = %d)\n",
++		numdevs, numqueues);
++
++#if defined(CONFIG_IMQ_BEHAVIOR_BA) || defined(CONFIG_IMQ_BEHAVIOR_BB)
++	pr_info("\tHooking IMQ before NAT on PREROUTING.\n");
++#else
++	pr_info("\tHooking IMQ after NAT on PREROUTING.\n");
++#endif
++#if defined(CONFIG_IMQ_BEHAVIOR_AB) || defined(CONFIG_IMQ_BEHAVIOR_BB)
++	pr_info("\tHooking IMQ before NAT on POSTROUTING.\n");
++#else
++	pr_info("\tHooking IMQ after NAT on POSTROUTING.\n");
++#endif
++
++	return 0;
++}
++
++static void __exit imq_unhook(void)
++{
++	nf_unregister_hooks(imq_ops, ARRAY_SIZE(imq_ops));
++	nf_unregister_queue_imq_handler();
++}
++
++static void __exit imq_cleanup_devs(void)
++{
++	rtnl_link_unregister(&imq_link_ops);
++	memset(imq_devs_cache, 0, sizeof(imq_devs_cache));
++}
++
++static void __exit imq_exit_module(void)
++{
++	imq_unhook();
++	imq_cleanup_devs();
++	pr_info("IMQ driver unloaded successfully.\n");
++}
++
++module_init(imq_init_module);
++module_exit(imq_exit_module);
++
++module_param(numdevs, int, 0);
++module_param(numqueues, int, 0);
++MODULE_PARM_DESC(numdevs, "number of IMQ devices (how many imq* devices will be created)");
++MODULE_PARM_DESC(numqueues, "number of queues per IMQ device");
++MODULE_AUTHOR("http://www.linuximq.net");
++MODULE_DESCRIPTION("Pseudo-driver for the intermediate queue device. See http://www.linuximq.net/ for more information.");
++MODULE_LICENSE("GPL");
++MODULE_ALIAS_RTNL_LINK("imq");
++
+diff -uNr linux-3.9.1/drivers/net/Kconfig linux-3.9.1-imqmq/drivers/net/Kconfig
+--- linux-3.9.1/drivers/net/Kconfig	2013-05-08 06:58:03.000000000 +0300
++++ linux-3.9.1-imqmq/drivers/net/Kconfig	2013-05-08 17:30:29.011952562 +0300
+@@ -206,6 +206,125 @@
+ 	depends on RIONET
+ 	default "128"
+ 
++config IMQ
++	tristate "IMQ (intermediate queueing device) support"
++	depends on NETDEVICES && NETFILTER
++	---help---
++	  The IMQ device(s) is used as placeholder for QoS queueing
++	  disciplines. Every packet entering/leaving the IP stack can be
++	  directed through the IMQ device where it's enqueued/dequeued to the
++	  attached qdisc. This allows you to treat network devices as classes
++	  and distribute bandwidth among them. Iptables is used to specify
++	  through which IMQ device, if any, packets travel.
++
++	  More information at: http://www.linuximq.net/
++
++	  To compile this driver as a module, choose M here: the module
++	  will be called imq.  If unsure, say N.
++
++choice
++	prompt "IMQ behavior (PRE/POSTROUTING)"
++	depends on IMQ
++	default IMQ_BEHAVIOR_AB
++	help
++	  This setting defines how IMQ behaves in respect to its
++	  hooking in PREROUTING and POSTROUTING.
++
++	  IMQ can work in any of the following ways:
++
++	      PREROUTING   |      POSTROUTING
++	  -----------------|-------------------
++	  #1  After NAT    |      After NAT
++	  #2  After NAT    |      Before NAT
++	  #3  Before NAT   |      After NAT
++	  #4  Before NAT   |      Before NAT
++
++	  The default behavior is to hook before NAT on PREROUTING
++	  and after NAT on POSTROUTING (#3).
++
++	  This settings are specially usefull when trying to use IMQ
++	  to shape NATed clients.
++
++	  More information can be found at: www.linuximq.net
++
++	  If not sure leave the default settings alone.
++
++config IMQ_BEHAVIOR_AA
++	bool "IMQ AA"
++	help
++	  This setting defines how IMQ behaves in respect to its
++	  hooking in PREROUTING and POSTROUTING.
++
++	  Choosing this option will make IMQ hook like this:
++
++	  PREROUTING:   After NAT
++	  POSTROUTING:  After NAT
++
++	  More information can be found at: www.linuximq.net
++
++	  If not sure leave the default settings alone.
++
++config IMQ_BEHAVIOR_AB
++	bool "IMQ AB"
++	help
++	  This setting defines how IMQ behaves in respect to its
++	  hooking in PREROUTING and POSTROUTING.
++
++	  Choosing this option will make IMQ hook like this:
++
++	  PREROUTING:   After NAT
++	  POSTROUTING:  Before NAT
++
++	  More information can be found at: www.linuximq.net
++
++	  If not sure leave the default settings alone.
++
++config IMQ_BEHAVIOR_BA
++	bool "IMQ BA"
++	help
++	  This setting defines how IMQ behaves in respect to its
++	  hooking in PREROUTING and POSTROUTING.
++
++	  Choosing this option will make IMQ hook like this:
++
++	  PREROUTING:   Before NAT
++	  POSTROUTING:  After NAT
++
++	  More information can be found at: www.linuximq.net
++
++	  If not sure leave the default settings alone.
++
++config IMQ_BEHAVIOR_BB
++	bool "IMQ BB"
++	help
++	  This setting defines how IMQ behaves in respect to its
++	  hooking in PREROUTING and POSTROUTING.
++
++	  Choosing this option will make IMQ hook like this:
++
++	  PREROUTING:   Before NAT
++	  POSTROUTING:  Before NAT
++
++	  More information can be found at: www.linuximq.net
++
++	  If not sure leave the default settings alone.
++
++endchoice
++
++config IMQ_NUM_DEVS
++	int "Number of IMQ devices"
++	range 2 16
++	depends on IMQ
++	default "16"
++	help
++	  This setting defines how many IMQ devices will be created.
++
++	  The default value is 16.
++
++	  More information can be found at: www.linuximq.net
++
++	  If not sure leave the default settings alone.
++
+ config TUN
+ 	tristate "Universal TUN/TAP device driver support"
+ 	select CRC32
+diff -uNr linux-3.9.1/drivers/net/Makefile linux-3.9.1-imqmq/drivers/net/Makefile
+--- linux-3.9.1/drivers/net/Makefile	2013-05-08 06:58:03.000000000 +0300
++++ linux-3.9.1-imqmq/drivers/net/Makefile	2013-05-08 17:30:29.011952562 +0300
+@@ -9,6 +9,7 @@
+ obj-$(CONFIG_DUMMY) += dummy.o
+ obj-$(CONFIG_EQUALIZER) += eql.o
+ obj-$(CONFIG_IFB) += ifb.o
++obj-$(CONFIG_IMQ) += imq.o
+ obj-$(CONFIG_MACVLAN) += macvlan.o
+ obj-$(CONFIG_MACVTAP) += macvtap.o
+ obj-$(CONFIG_MII) += mii.o
+diff -uNr linux-3.9.1/include/linux/imq.h linux-3.9.1-imqmq/include/linux/imq.h
+--- linux-3.9.1/include/linux/imq.h	1970-01-01 02:00:00.000000000 +0200
++++ linux-3.9.1-imqmq/include/linux/imq.h	2013-05-08 17:30:29.011952562 +0300
+@@ -0,0 +1,13 @@
++#ifndef _IMQ_H
++#define _IMQ_H
++
++/* IFMASK (16 device indexes, 0 to 15) and flag(s) fit in 5 bits */
++#define IMQ_F_BITS	5
++
++#define IMQ_F_IFMASK	0x0f
++#define IMQ_F_ENQUEUE	0x10
++
++#define IMQ_MAX_DEVS	(IMQ_F_IFMASK + 1)
++
++#endif /* _IMQ_H */
++
+diff -uNr linux-3.9.1/include/linux/netfilter/xt_IMQ.h linux-3.9.1-imqmq/include/linux/netfilter/xt_IMQ.h
+--- linux-3.9.1/include/linux/netfilter/xt_IMQ.h	1970-01-01 02:00:00.000000000 +0200
++++ linux-3.9.1-imqmq/include/linux/netfilter/xt_IMQ.h	2013-05-08 17:30:29.011952562 +0300
+@@ -0,0 +1,9 @@
++#ifndef _XT_IMQ_H
++#define _XT_IMQ_H
++
++struct xt_imq_info {
++	unsigned int todev;     /* target imq device */
++};
++
++#endif /* _XT_IMQ_H */
++
+diff -uNr linux-3.9.1/include/linux/netfilter_ipv4/ipt_IMQ.h linux-3.9.1-imqmq/include/linux/netfilter_ipv4/ipt_IMQ.h
+--- linux-3.9.1/include/linux/netfilter_ipv4/ipt_IMQ.h	1970-01-01 02:00:00.000000000 +0200
++++ linux-3.9.1-imqmq/include/linux/netfilter_ipv4/ipt_IMQ.h	2013-05-08 17:30:29.011952562 +0300
+@@ -0,0 +1,10 @@
++#ifndef _IPT_IMQ_H
++#define _IPT_IMQ_H
++
++/* Backwards compatibility for old userspace */
++#include <linux/netfilter/xt_IMQ.h>
++
++#define ipt_imq_info xt_imq_info
++
++#endif /* _IPT_IMQ_H */
++
+diff -uNr linux-3.9.1/include/linux/netfilter_ipv6/ip6t_IMQ.h linux-3.9.1-imqmq/include/linux/netfilter_ipv6/ip6t_IMQ.h
+--- linux-3.9.1/include/linux/netfilter_ipv6/ip6t_IMQ.h	1970-01-01 02:00:00.000000000 +0200
++++ linux-3.9.1-imqmq/include/linux/netfilter_ipv6/ip6t_IMQ.h	2013-05-08 17:30:29.011952562 +0300
+@@ -0,0 +1,10 @@
++#ifndef _IP6T_IMQ_H
++#define _IP6T_IMQ_H
++
++/* Backwards compatibility for old userspace */
++#include <linux/netfilter/xt_IMQ.h>
++
++#define ip6t_imq_info xt_imq_info
++
++#endif /* _IP6T_IMQ_H */
++
+diff -uNr linux-3.9.1/include/net/netfilter/nf_queue.h linux-3.9.1-imqmq/include/net/netfilter/nf_queue.h
+--- linux-3.9.1/include/net/netfilter/nf_queue.h	2013-05-08 06:58:03.000000000 +0300
++++ linux-3.9.1-imqmq/include/net/netfilter/nf_queue.h	2013-05-08 17:30:29.015285965 +0300
+@@ -26,5 +26,11 @@
+ void nf_register_queue_handler(const struct nf_queue_handler *qh);
+ void nf_unregister_queue_handler(void);
+ extern void nf_reinject(struct nf_queue_entry *entry, unsigned int verdict);
++extern void nf_queue_entry_release_refs(struct nf_queue_entry *entry);
++
++#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE)
++extern void nf_register_queue_imq_handler(const struct nf_queue_handler *qh);
++extern void nf_unregister_queue_imq_handler(void);
++#endif
+ 
+ #endif /* _NF_QUEUE_H */
+diff -uNr linux-3.9.1/include/uapi/linux/netfilter.h linux-3.9.1-imqmq/include/uapi/linux/netfilter.h
+--- linux-3.9.1/include/uapi/linux/netfilter.h	2013-05-08 06:58:03.000000000 +0300
++++ linux-3.9.1-imqmq/include/uapi/linux/netfilter.h	2013-05-08 17:30:29.015285965 +0300
+@@ -13,7 +13,8 @@
+ #define NF_QUEUE 3
+ #define NF_REPEAT 4
+ #define NF_STOP 5
+-#define NF_MAX_VERDICT NF_STOP
++#define NF_IMQ_QUEUE 6
++#define NF_MAX_VERDICT NF_IMQ_QUEUE
+ 
+ /* we overload the higher bits for encoding auxiliary data such as the queue
+  * number or errno values. Not nice, but better than additional function
+diff -uNr linux-3.9.1/net/core/dev.c linux-3.9.1-imqmq/net/core/dev.c
+--- linux-3.9.1/net/core/dev.c	2013-05-08 06:58:03.000000000 +0300
++++ linux-3.9.1-imqmq/net/core/dev.c	2013-05-08 17:30:29.018619368 +0300
+@@ -129,6 +129,9 @@
+ #include <linux/inetdevice.h>
+ #include <linux/cpu_rmap.h>
+ #include <linux/static_key.h>
++#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE)
++#include <linux/imq.h>
++#endif
+ 
+ #include "net-sysfs.h"
+ 
+@@ -2529,7 +2532,12 @@
+ 			}
+ 		}
+ 
++#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE)
++		if (!list_empty(&ptype_all) &&
++					!(skb->imq_flags & IMQ_F_ENQUEUE))
++#else
+ 		if (!list_empty(&ptype_all))
++#endif
+ 			dev_queue_xmit_nit(skb, dev);
+ 
+ 		skb_len = skb->len;
+diff -uNr linux-3.9.1/net/core/skbuff.c linux-3.9.1-imqmq/net/core/skbuff.c
+--- linux-3.9.1/net/core/skbuff.c	2013-05-08 06:58:03.000000000 +0300
++++ linux-3.9.1-imqmq/net/core/skbuff.c	2013-05-08 17:30:29.021952772 +0300
+@@ -73,6 +73,9 @@
+ 
+ struct kmem_cache *skbuff_head_cache __read_mostly;
+ static struct kmem_cache *skbuff_fclone_cache __read_mostly;
++#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE)
++static struct kmem_cache *skbuff_cb_store_cache __read_mostly;
++#endif
+ 
+ static void sock_pipe_buf_release(struct pipe_inode_info *pipe,
+ 				  struct pipe_buffer *buf)
+@@ -92,6 +95,82 @@
+ 	return 1;
+ }
+ 
++#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE)
++/* Control buffer save/restore for IMQ devices */
++struct skb_cb_table {
++	char			cb[48] __aligned(8);
++	void			*cb_next;
++	atomic_t		refcnt;
++};
++
++static DEFINE_SPINLOCK(skb_cb_store_lock);
++
++int skb_save_cb(struct sk_buff *skb)
++{
++	struct skb_cb_table *next;
++
++	next = kmem_cache_alloc(skbuff_cb_store_cache, GFP_ATOMIC);
++	if (!next)
++		return -ENOMEM;
++
++	BUILD_BUG_ON(sizeof(skb->cb) != sizeof(next->cb));
++
++	memcpy(next->cb, skb->cb, sizeof(skb->cb));
++	next->cb_next = skb->cb_next;
++
++	atomic_set(&next->refcnt, 1);
++
++	skb->cb_next = next;
++	return 0;
++}
++EXPORT_SYMBOL(skb_save_cb);
++
++int skb_restore_cb(struct sk_buff *skb)
++{
++	struct skb_cb_table *next;
++
++	if (!skb->cb_next)
++		return 0;
++
++	next = skb->cb_next;
++
++	BUILD_BUG_ON(sizeof(skb->cb) != sizeof(next->cb));
++
++	memcpy(skb->cb, next->cb, sizeof(skb->cb));
++	skb->cb_next = next->cb_next;
++
++	spin_lock(&skb_cb_store_lock);
++
++	if (atomic_dec_and_test(&next->refcnt))
++		kmem_cache_free(skbuff_cb_store_cache, next);
++
++	spin_unlock(&skb_cb_store_lock);
++
++	return 0;
++}
++EXPORT_SYMBOL(skb_restore_cb);
++
++static void skb_copy_stored_cb(struct sk_buff *new, const struct sk_buff *__old)
++{
++	struct skb_cb_table *next;
++	struct sk_buff *old;
++
++	if (!__old->cb_next) {
++		new->cb_next = NULL;
++		return;
++	}
++
++	spin_lock(&skb_cb_store_lock);
++
++	old = (struct sk_buff *)__old;
++
++	next = old->cb_next;
++	atomic_inc(&next->refcnt);
++	new->cb_next = next;
++
++	spin_unlock(&skb_cb_store_lock);
++}
++#endif
+ 
+ /* Pipe buffer operations for a socket. */
+ static const struct pipe_buf_operations sock_pipe_buf_ops = {
+@@ -562,6 +641,28 @@
+ 		WARN_ON(in_irq());
+ 		skb->destructor(skb);
+ 	}
++#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE)
++	/*
++	 * This should not happen. When it does, avoid memleak by restoring
++	 * the chain of cb-backups.
++	 */
++	while (skb->cb_next != NULL) {
++		if (net_ratelimit())
++			pr_warn("IMQ: kfree_skb: skb->cb_next: %08x\n",
++				(unsigned int)skb->cb_next);
++
++		skb_restore_cb(skb);
++	}
++	/*
++	 * This should not happen either, nf_queue_entry is nullified in
++	 * imq_dev_xmit(). If we have non-NULL nf_queue_entry then we are
++	 * leaking entry pointers, maybe memory. We don't know if this is
++	 * pointer to already freed memory, or should this be freed.
++	 * If this happens we need to add refcounting, etc for nf_queue_entry.
++	 */
++	if (skb->nf_queue_entry && net_ratelimit())
++		pr_warn("%s\n", "IMQ: kfree_skb: skb->nf_queue_entry != NULL");
++#endif
+ #if IS_ENABLED(CONFIG_NF_CONNTRACK)
+ 	nf_conntrack_put(skb->nfct);
+ #endif
+@@ -683,6 +784,9 @@
+ 	new->sp			= secpath_get(old->sp);
+ #endif
+ 	memcpy(new->cb, old->cb, sizeof(old->cb));
++#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE)
++	skb_copy_stored_cb(new, old);
++#endif
+ 	new->csum		= old->csum;
+ 	new->local_df		= old->local_df;
+ 	new->pkt_type		= old->pkt_type;
+@@ -3053,6 +3157,13 @@
+ 						0,
+ 						SLAB_HWCACHE_ALIGN|SLAB_PANIC,
+ 						NULL);
++#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE)
++	skbuff_cb_store_cache = kmem_cache_create("skbuff_cb_store_cache",
++						  sizeof(struct skb_cb_table),
++						  0,
++						  SLAB_HWCACHE_ALIGN|SLAB_PANIC,
++						  NULL);
++#endif
+ }
+ 
+ /**
+diff -uNr linux-3.9.1/net/ipv6/ip6_output.c linux-3.9.1-imqmq/net/ipv6/ip6_output.c
+--- linux-3.9.1/net/ipv6/ip6_output.c	2013-05-08 06:58:03.000000000 +0300
++++ linux-3.9.1-imqmq/net/ipv6/ip6_output.c	2013-05-08 17:30:29.021952772 +0300
+@@ -89,9 +89,6 @@
+ 	struct in6_addr *nexthop;
+ 	int ret;
+ 
+-	skb->protocol = htons(ETH_P_IPV6);
+-	skb->dev = dev;
+-
+ 	if (ipv6_addr_is_multicast(&ipv6_hdr(skb)->daddr)) {
+ 		struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb));
+ 
+@@ -167,6 +164,13 @@
+ 		return 0;
+ 	}
+ 
++	/*
++	 * IMQ-patch: moved setting skb->dev and skb->protocol from
++	 * ip6_finish_output2 to fix crashing at netif_skb_features().
++	 */
++	skb->protocol = htons(ETH_P_IPV6);
++	skb->dev = dev;
++
+ 	return NF_HOOK_COND(NFPROTO_IPV6, NF_INET_POST_ROUTING, skb, NULL, dev,
+ 			    ip6_finish_output,
+ 			    !(IP6CB(skb)->flags & IP6SKB_REROUTED));
+diff -uNr linux-3.9.1/net/netfilter/core.c linux-3.9.1-imqmq/net/netfilter/core.c
+--- linux-3.9.1/net/netfilter/core.c	2013-05-08 06:58:03.000000000 +0300
++++ linux-3.9.1-imqmq/net/netfilter/core.c	2013-05-08 17:30:29.025286174 +0300
+@@ -188,9 +188,11 @@
+ 		ret = NF_DROP_GETERR(verdict);
+ 		if (ret == 0)
+ 			ret = -EPERM;
+-	} else if ((verdict & NF_VERDICT_MASK) == NF_QUEUE) {
++	} else if ((verdict & NF_VERDICT_MASK) == NF_QUEUE ||
++		   (verdict & NF_VERDICT_MASK) == NF_IMQ_QUEUE) {
+ 		int err = nf_queue(skb, elem, pf, hook, indev, outdev, okfn,
+-						verdict >> NF_VERDICT_QBITS);
++						verdict >> NF_VERDICT_QBITS,
++						verdict & NF_VERDICT_MASK);
+ 		if (err < 0) {
+ 			if (err == -ECANCELED)
+ 				goto next_hook;
+diff -uNr linux-3.9.1/net/netfilter/Kconfig linux-3.9.1-imqmq/net/netfilter/Kconfig
+--- linux-3.9.1/net/netfilter/Kconfig	2013-05-08 06:58:03.000000000 +0300
++++ linux-3.9.1-imqmq/net/netfilter/Kconfig	2013-05-08 17:30:29.025286174 +0300
+@@ -641,6 +641,18 @@
+ 
+ 	  To compile it as a module, choose M here.  If unsure, say N.
+ 
++config NETFILTER_XT_TARGET_IMQ
++        tristate '"IMQ" target support'
++	depends on NETFILTER_XTABLES
++	depends on IP_NF_MANGLE || IP6_NF_MANGLE
++	select IMQ
++	default m if NETFILTER_ADVANCED=n
++        help
++          This option adds a `IMQ' target which is used to specify if and
++          to which imq device packets should get enqueued/dequeued.
++
++          To compile it as a module, choose M here.  If unsure, say N.
++
+ config NETFILTER_XT_TARGET_MARK
+ 	tristate '"MARK" target support'
+ 	depends on NETFILTER_ADVANCED
+diff -uNr linux-3.9.1/net/netfilter/Makefile linux-3.9.1-imqmq/net/netfilter/Makefile
+--- linux-3.9.1/net/netfilter/Makefile	2013-05-08 06:58:03.000000000 +0300
++++ linux-3.9.1-imqmq/net/netfilter/Makefile	2013-05-08 17:30:29.025286174 +0300
+@@ -82,6 +82,7 @@
+ obj-$(CONFIG_NETFILTER_XT_TARGET_DSCP) += xt_DSCP.o
+ obj-$(CONFIG_NETFILTER_XT_TARGET_HL) += xt_HL.o
+ obj-$(CONFIG_NETFILTER_XT_TARGET_HMARK) += xt_HMARK.o
++obj-$(CONFIG_NETFILTER_XT_TARGET_IMQ) += xt_IMQ.o
+ obj-$(CONFIG_NETFILTER_XT_TARGET_LED) += xt_LED.o
+ obj-$(CONFIG_NETFILTER_XT_TARGET_LOG) += xt_LOG.o
+ obj-$(CONFIG_NETFILTER_XT_TARGET_NETMAP) += xt_NETMAP.o
+diff -uNr linux-3.9.1/net/netfilter/nf_internals.h linux-3.9.1-imqmq/net/netfilter/nf_internals.h
+--- linux-3.9.1/net/netfilter/nf_internals.h	2013-05-08 06:58:03.000000000 +0300
++++ linux-3.9.1-imqmq/net/netfilter/nf_internals.h	2013-05-08 17:30:29.025286174 +0300
+@@ -29,7 +29,7 @@
+ 		    struct net_device *indev,
+ 		    struct net_device *outdev,
+ 		    int (*okfn)(struct sk_buff *),
+-		    unsigned int queuenum);
++		    unsigned int queuenum, unsigned int queuetype);
+ extern int __init netfilter_queue_init(void);
+ 
+ /* nf_log.c */
+diff -uNr linux-3.9.1/net/netfilter/nf_queue.c linux-3.9.1-imqmq/net/netfilter/nf_queue.c
+--- linux-3.9.1/net/netfilter/nf_queue.c	2013-05-08 06:58:03.000000000 +0300
++++ linux-3.9.1-imqmq/net/netfilter/nf_queue.c	2013-05-08 17:30:29.025286174 +0300
+@@ -22,6 +22,23 @@
+  */
+ static const struct nf_queue_handler __rcu *queue_handler __read_mostly;
+ 
++#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE)
++static const struct nf_queue_handler __rcu *queue_imq_handler __read_mostly;
++
++void nf_register_queue_imq_handler(const struct nf_queue_handler *qh)
++{
++	rcu_assign_pointer(queue_imq_handler, qh);
++}
++EXPORT_SYMBOL_GPL(nf_register_queue_imq_handler);
++
++void nf_unregister_queue_imq_handler(void)
++{
++	RCU_INIT_POINTER(queue_imq_handler, NULL);
++	synchronize_rcu();
++}
++EXPORT_SYMBOL_GPL(nf_unregister_queue_imq_handler);
++#endif
++
+ /* return EBUSY when somebody else is registered, return EEXIST if the
+  * same handler is registered, return 0 in case of success. */
+ void nf_register_queue_handler(const struct nf_queue_handler *qh)
+@@ -71,7 +89,8 @@
+ 		      struct net_device *indev,
+ 		      struct net_device *outdev,
+ 		      int (*okfn)(struct sk_buff *),
+-		      unsigned int queuenum)
++		      unsigned int queuenum,
++		      unsigned int queuetype)
+ {
+ 	int status = -ENOENT;
+ 	struct nf_queue_entry *entry = NULL;
+@@ -85,7 +104,17 @@
+ 	/* QUEUE == DROP if no one is waiting, to be safe. */
+ 	rcu_read_lock();
+ 
+-	qh = rcu_dereference(queue_handler);
++	if (queuetype == NF_IMQ_QUEUE) {
++#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE)
++		qh = rcu_dereference(queue_imq_handler);
++#else
++		BUG();
++		goto err_unlock;
++#endif
++	} else {
++		qh = rcu_dereference(queue_handler);
++	}
++
+ 	if (!qh) {
+ 		status = -ESRCH;
+ 		goto err_unlock;
+@@ -233,9 +261,11 @@
+ 		local_bh_enable();
+ 		break;
+ 	case NF_QUEUE:
++	case NF_IMQ_QUEUE:
+ 		err = nf_queue(skb, elem, entry->pf, entry->hook,
+ 				entry->indev, entry->outdev, entry->okfn,
+-				verdict >> NF_VERDICT_QBITS);
++				verdict >> NF_VERDICT_QBITS,
++				verdict & NF_VERDICT_MASK);
+ 		if (err < 0) {
+ 			if (err == -ECANCELED)
+ 				goto next_hook;
+diff -uNr linux-3.9.1/net/netfilter/xt_IMQ.c linux-3.9.1-imqmq/net/netfilter/xt_IMQ.c
+--- linux-3.9.1/net/netfilter/xt_IMQ.c	1970-01-01 02:00:00.000000000 +0200
++++ linux-3.9.1-imqmq/net/netfilter/xt_IMQ.c	2013-05-08 17:30:29.025286174 +0300
+@@ -0,0 +1,72 @@
++/*
++ * This target marks packets to be enqueued to an imq device
++ */
++#include <linux/module.h>
++#include <linux/skbuff.h>
++#include <linux/netfilter/x_tables.h>
++#include <linux/netfilter/xt_IMQ.h>
++#include <linux/imq.h>
++
++static unsigned int imq_target(struct sk_buff *pskb,
++				const struct xt_action_param *par)
++{
++	const struct xt_imq_info *mr = par->targinfo;
++
++	pskb->imq_flags = (mr->todev & IMQ_F_IFMASK) | IMQ_F_ENQUEUE;
++
++	return XT_CONTINUE;
++}
++
++static int imq_checkentry(const struct xt_tgchk_param *par)
++{
++	struct xt_imq_info *mr = par->targinfo;
++
++	if (mr->todev > IMQ_MAX_DEVS - 1) {
++		pr_warn("IMQ: invalid device specified, highest is %u\n",
++			IMQ_MAX_DEVS - 1);
++		return -EINVAL;
++	}
++
++	return 0;
++}
++
++static struct xt_target xt_imq_reg[] __read_mostly = {
++	{
++		.name           = "IMQ",
++		.family		= AF_INET,
++		.checkentry     = imq_checkentry,
++		.target         = imq_target,
++		.targetsize	= sizeof(struct xt_imq_info),
++		.table		= "mangle",
++		.me             = THIS_MODULE
++	},
++	{
++		.name           = "IMQ",
++		.family		= AF_INET6,
++		.checkentry     = imq_checkentry,
++		.target         = imq_target,
++		.targetsize	= sizeof(struct xt_imq_info),
++		.table		= "mangle",
++		.me             = THIS_MODULE
++	},
++};
++
++static int __init imq_init(void)
++{
++	return xt_register_targets(xt_imq_reg, ARRAY_SIZE(xt_imq_reg));
++}
++
++static void __exit imq_fini(void)
++{
++	xt_unregister_targets(xt_imq_reg, ARRAY_SIZE(xt_imq_reg));
++}
++
++module_init(imq_init);
++module_exit(imq_fini);
++
++MODULE_AUTHOR("http://www.linuximq.net");
++MODULE_DESCRIPTION("Pseudo-driver for the intermediate queue device. See http://www.linuximq.net/ for more information.");
++MODULE_LICENSE("GPL");
++MODULE_ALIAS("ipt_IMQ");
++MODULE_ALIAS("ip6t_IMQ");
++
+diff -uNr linux-3.10.23/include/linux/skbuff.h linux-3.10.23-imqmq/include/linux/skbuff.h
+--- linux-3.10.23/include/linux/skbuff.h	2013-12-08 17:17:21.000000000 +0100
++++ linux-3.10.23-imqmq/include/linux/skbuff.h	2013-12-09 15:49:26.329991968 +0100
+@@ -33,6 +33,9 @@
+ #include <linux/dma-mapping.h>
+ #include <linux/netdev_features.h>
+ #include <net/flow_keys.h>
++#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE)
++#include <linux/imq.h>
++#endif
+ 
+ /* Don't change this without changing skb_csum_unnecessary! */
+ #define CHECKSUM_NONE 0
+@@ -414,6 +417,9 @@
+ 	 * first. This is owned by whoever has the skb queued ATM.
+ 	 */
+ 	char			cb[48] __aligned(8);
++#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE)
++	void			*cb_next;
++#endif
+ 
+ 	unsigned long		_skb_refdst;
+ #ifdef CONFIG_XFRM
+@@ -449,6 +455,9 @@
+ #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
+ 	struct nf_conntrack	*nfct;
+ #endif
++#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE)
++	struct nf_queue_entry	*nf_queue_entry;
++#endif
+ #ifdef CONFIG_BRIDGE_NETFILTER
+ 	struct nf_bridge_info	*nf_bridge;
+ #endif
+@@ -488,6 +497,10 @@
+ 	/* 7/9 bit hole (depending on ndisc_nodetype presence) */
+ 	kmemcheck_bitfield_end(flags2);
+ 
++#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE)
++	__u8			imq_flags:IMQ_F_BITS;
++#endif
++
+ #ifdef CONFIG_NET_DMA
+ 	dma_cookie_t		dma_cookie;
+ #endif
+@@ -617,6 +630,12 @@
+ 	return (struct rtable *)skb_dst(skb);
+ }
+ 
++
++#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE)
++extern int skb_save_cb(struct sk_buff *skb);
++extern int skb_restore_cb(struct sk_buff *skb);
++#endif
++
+ extern void kfree_skb(struct sk_buff *skb);
+ extern void kfree_skb_list(struct sk_buff *segs);
+ extern void skb_tx_error(struct sk_buff *skb);
+@@ -2730,6 +2749,10 @@
+ 	nf_conntrack_get(src->nfct);
+ 	dst->nfctinfo = src->nfctinfo;
+ #endif
++#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE)
++	dst->imq_flags = src->imq_flags;
++	dst->nf_queue_entry = src->nf_queue_entry;
++#endif
+ #ifdef CONFIG_BRIDGE_NETFILTER
+ 	dst->nf_bridge  = src->nf_bridge;
+ 	nf_bridge_get(src->nf_bridge);
diff --git a/src/patches/imq_kernel3.10.patch b/src/patches/imq_kernel3.10.patch
deleted file mode 100644
index e98bdc5..0000000
--- a/src/patches/imq_kernel3.10.patch
+++ /dev/null
@@ -1,1568 +0,0 @@
-diff -uNr linux-3.9.1/drivers/net/imq.c linux-3.9.1-imqmq/drivers/net/imq.c
---- linux-3.9.1/drivers/net/imq.c	1970-01-01 02:00:00.000000000 +0200
-+++ linux-3.9.1-imqmq/drivers/net/imq.c	2013-05-08 17:30:41.715552053 +0300
-@@ -0,0 +1,861 @@
-+/*
-+ *             Pseudo-driver for the intermediate queue device.
-+ *
-+ *             This program is free software; you can redistribute it and/or
-+ *             modify it under the terms of the GNU General Public License
-+ *             as published by the Free Software Foundation; either version
-+ *             2 of the License, or (at your option) any later version.
-+ *
-+ * Authors:    Patrick McHardy, kaber@trash.net
-+ *
-+ *            The first version was written by Martin Devera, devik@cdi.cz
-+ *
-+ * Credits:    Jan Rafaj imq2t@cedric.vabo.cz
-+ *              - Update patch to 2.4.21
-+ *             Sebastian Strollo sstrollo@nortelnetworks.com
-+ *              - Fix "Dead-loop on netdevice imq"-issue
-+ *             Marcel Sebek sebek64@post.cz
-+ *              - Update to 2.6.2-rc1
-+ *
-+ *	       After some time of inactivity there is a group taking care
-+ *	       of IMQ again: http://www.linuximq.net
-+ *
-+ *
-+ *	       2004/06/30 - New version of IMQ patch to kernels <=2.6.7
-+ *             including the following changes:
-+ *
-+ *	       - Correction of ipv6 support "+"s issue (Hasso Tepper)
-+ *	       - Correction of imq_init_devs() issue that resulted in
-+ *	       kernel OOPS unloading IMQ as module (Norbert Buchmuller)
-+ *	       - Addition of functionality to choose number of IMQ devices
-+ *	       during kernel config (Andre Correa)
-+ *	       - Addition of functionality to choose how IMQ hooks on
-+ *	       PRE and POSTROUTING (after or before NAT) (Andre Correa)
-+ *	       - Cosmetic corrections (Norbert Buchmuller) (Andre Correa)
-+ *
-+ *
-+ *             2005/12/16 - IMQ versions between 2.6.7 and 2.6.13 were
-+ *             released with almost no problems. 2.6.14-x was released
-+ *             with some important changes: nfcache was removed; After
-+ *             some weeks of trouble we figured out that some IMQ fields
-+ *             in skb were missing in skbuff.c - skb_clone and copy_skb_header.
-+ *             These functions are correctly patched by this new patch version.
-+ *
-+ *             Thanks for all who helped to figure out all the problems with
-+ *             2.6.14.x: Patrick McHardy, Rune Kock, VeNoMouS, Max CtRiX,
-+ *             Kevin Shanahan, Richard Lucassen, Valery Dachev (hopefully
-+ *             I didn't forget anybody). I apologize again for my lack of time.
-+ *
-+ *
-+ *             2008/06/17 - 2.6.25 - Changed imq.c to use qdisc_run() instead
-+ *             of qdisc_restart() and moved qdisc_run() to tasklet to avoid
-+ *             recursive locking. New initialization routines to fix 'rmmod' not
-+ *             working anymore. Used code from ifb.c. (Jussi Kivilinna)
-+ *
-+ *             2008/08/06 - 2.6.26 - (JK)
-+ *              - Replaced tasklet with 'netif_schedule()'.
-+ *              - Cleaned up and added comments for imq_nf_queue().
-+ *
-+ *             2009/04/12
-+ *              - Add skb_save_cb/skb_restore_cb helper functions for backuping
-+ *                control buffer. This is needed because qdisc-layer on kernels
-+ *                2.6.27 and newer overwrite control buffer. (Jussi Kivilinna)
-+ *              - Add better locking for IMQ device. Hopefully this will solve
-+ *                SMP issues. (Jussi Kivilinna)
-+ *              - Port to 2.6.27
-+ *              - Port to 2.6.28
-+ *              - Port to 2.6.29 + fix rmmod not working
-+ *
-+ *             2009/04/20 - (Jussi Kivilinna)
-+ *              - Use netdevice feature flags to avoid extra packet handling
-+ *                by core networking layer and possibly increase performance.
-+ *
-+ *             2009/09/26 - (Jussi Kivilinna)
-+ *              - Add imq_nf_reinject_lockless to fix deadlock with
-+ *                imq_nf_queue/imq_nf_reinject.
-+ *
-+ *             2009/12/08 - (Jussi Kivilinna)
-+ *              - Port to 2.6.32
-+ *              - Add check for skb->nf_queue_entry==NULL in imq_dev_xmit()
-+ *              - Also add better error checking for skb->nf_queue_entry usage
-+ *
-+ *             2010/02/25 - (Jussi Kivilinna)
-+ *              - Port to 2.6.33
-+ *
-+ *             2010/08/15 - (Jussi Kivilinna)
-+ *              - Port to 2.6.35
-+ *              - Simplify hook registration by using nf_register_hooks.
-+ *              - nf_reinject doesn't need spinlock around it, therefore remove
-+ *                imq_nf_reinject function. Other nf_reinject users protect
-+ *                their own data with spinlock. With IMQ however all data is
-+ *                needed is stored per skbuff, so no locking is needed.
-+ *              - Changed IMQ to use 'separate' NF_IMQ_QUEUE instead of
-+ *                NF_QUEUE, this allows working coexistance of IMQ and other
-+ *                NF_QUEUE users.
-+ *              - Make IMQ multi-queue. Number of IMQ device queues can be
-+ *                increased with 'numqueues' module parameters. Default number
-+ *                of queues is 1, in other words by default IMQ works as
-+ *                single-queue device. Multi-queue selection is based on
-+ *                IFB multi-queue patch by Changli Gao xiaosuo@gmail.com.
-+ *
-+ *             2011/03/18 - (Jussi Kivilinna)
-+ *              - Port to 2.6.38
-+ *
-+ *             2011/07/12 - (syoder89@gmail.com)
-+ *              - Crash fix that happens when the receiving interface has more
-+ *                than one queue (add missing skb_set_queue_mapping in
-+ *                imq_select_queue).
-+ *
-+ *             2011/07/26 - (Jussi Kivilinna)
-+ *              - Add queue mapping checks for packets exiting IMQ.
-+ *              - Port to 3.0
-+ *
-+ *             2011/08/16 - (Jussi Kivilinna)
-+ *              - Clear IFF_TX_SKB_SHARING flag that was added for linux 3.0.2
-+ *
-+ *             2011/11/03 - Germano Michel germanomichel@gmail.com
-+ *              - Fix IMQ for net namespaces
-+ *
-+ *             2011/11/04 - Jussi Kivilinna jussi.kivilinna@mbnet.fi
-+ *              - Port to 3.1
-+ *              - Clean-up, move 'get imq device pointer by imqX name' to
-+ *                separate function from imq_nf_queue().
-+ *
-+ *             2012/01/05 - Jussi Kivilinna jussi.kivilinna@mbnet.fi
-+ *              - Port to 3.2
-+ *
-+ *             2012/03/19 - Jussi Kivilinna jussi.kivilinna@mbnet.fi
-+ *              - Port to 3.3
-+ *
-+ *             2012/12/12 - Jussi Kivilinna jussi.kivilinna@mbnet.fi
-+ *              - Port to 3.7
-+ *              - Fix checkpatch.pl warnings
-+ *
-+ *	       Also, many thanks to pablo Sebastian Greco for making the initial
-+ *	       patch and to those who helped the testing.
-+ *
-+ *             More info at: http://www.linuximq.net/ (Andre Correa)
-+ */
-+
-+#include <linux/module.h>
-+#include <linux/kernel.h>
-+#include <linux/moduleparam.h>
-+#include <linux/list.h>
-+#include <linux/skbuff.h>
-+#include <linux/netdevice.h>
-+#include <linux/etherdevice.h>
-+#include <linux/rtnetlink.h>
-+#include <linux/if_arp.h>
-+#include <linux/netfilter.h>
-+#include <linux/netfilter_ipv4.h>
-+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
-+	#include <linux/netfilter_ipv6.h>
-+#endif
-+#include <linux/imq.h>
-+#include <net/pkt_sched.h>
-+#include <net/netfilter/nf_queue.h>
-+#include <net/sock.h>
-+#include <linux/ip.h>
-+#include <linux/ipv6.h>
-+#include <linux/if_vlan.h>
-+#include <linux/if_pppox.h>
-+#include <net/ip.h>
-+#include <net/ipv6.h>
-+
-+static int imq_nf_queue(struct nf_queue_entry *entry, unsigned int queue_num);
-+
-+static nf_hookfn imq_nf_hook;
-+
-+static struct nf_hook_ops imq_ops[] = {
-+	{
-+	/* imq_ingress_ipv4 */
-+		.hook		= imq_nf_hook,
-+		.owner		= THIS_MODULE,
-+		.pf		= PF_INET,
-+		.hooknum	= NF_INET_PRE_ROUTING,
-+#if defined(CONFIG_IMQ_BEHAVIOR_BA) || defined(CONFIG_IMQ_BEHAVIOR_BB)
-+		.priority	= NF_IP_PRI_MANGLE + 1,
-+#else
-+		.priority	= NF_IP_PRI_NAT_DST + 1,
-+#endif
-+	},
-+	{
-+	/* imq_egress_ipv4 */
-+		.hook		= imq_nf_hook,
-+		.owner		= THIS_MODULE,
-+		.pf		= PF_INET,
-+		.hooknum	= NF_INET_POST_ROUTING,
-+#if defined(CONFIG_IMQ_BEHAVIOR_AA) || defined(CONFIG_IMQ_BEHAVIOR_BA)
-+		.priority	= NF_IP_PRI_LAST,
-+#else
-+		.priority	= NF_IP_PRI_NAT_SRC - 1,
-+#endif
-+	},
-+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
-+	{
-+	/* imq_ingress_ipv6 */
-+		.hook		= imq_nf_hook,
-+		.owner		= THIS_MODULE,
-+		.pf		= PF_INET6,
-+		.hooknum	= NF_INET_PRE_ROUTING,
-+#if defined(CONFIG_IMQ_BEHAVIOR_BA) || defined(CONFIG_IMQ_BEHAVIOR_BB)
-+		.priority	= NF_IP6_PRI_MANGLE + 1,
-+#else
-+		.priority	= NF_IP6_PRI_NAT_DST + 1,
-+#endif
-+	},
-+	{
-+	/* imq_egress_ipv6 */
-+		.hook		= imq_nf_hook,
-+		.owner		= THIS_MODULE,
-+		.pf		= PF_INET6,
-+		.hooknum	= NF_INET_POST_ROUTING,
-+#if defined(CONFIG_IMQ_BEHAVIOR_AA) || defined(CONFIG_IMQ_BEHAVIOR_BA)
-+		.priority	= NF_IP6_PRI_LAST,
-+#else
-+		.priority	= NF_IP6_PRI_NAT_SRC - 1,
-+#endif
-+	},
-+#endif
-+};
-+
-+#if defined(CONFIG_IMQ_NUM_DEVS)
-+static int numdevs = CONFIG_IMQ_NUM_DEVS;
-+#else
-+static int numdevs = IMQ_MAX_DEVS;
-+#endif
-+
-+static struct net_device *imq_devs_cache[IMQ_MAX_DEVS];
-+
-+#define IMQ_MAX_QUEUES 32
-+static int numqueues = 1;
-+static u32 imq_hashrnd;
-+
-+static inline __be16 pppoe_proto(const struct sk_buff *skb)
-+{
-+	return *((__be16 *)(skb_mac_header(skb) + ETH_HLEN +
-+			sizeof(struct pppoe_hdr)));
-+}
-+
-+static u16 imq_hash(struct net_device *dev, struct sk_buff *skb)
-+{
-+	unsigned int pull_len;
-+	u16 protocol = skb->protocol;
-+	u32 addr1, addr2;
-+	u32 hash, ihl = 0;
-+	union {
-+		u16 in16[2];
-+		u32 in32;
-+	} ports;
-+	u8 ip_proto;
-+
-+	pull_len = 0;
-+
-+recheck:
-+	switch (protocol) {
-+	case htons(ETH_P_8021Q): {
-+		if (unlikely(skb_pull(skb, VLAN_HLEN) == NULL))
-+			goto other;
-+
-+		pull_len += VLAN_HLEN;
-+		skb->network_header += VLAN_HLEN;
-+
-+		protocol = vlan_eth_hdr(skb)->h_vlan_encapsulated_proto;
-+		goto recheck;
-+	}
-+
-+	case htons(ETH_P_PPP_SES): {
-+		if (unlikely(skb_pull(skb, PPPOE_SES_HLEN) == NULL))
-+			goto other;
-+
-+		pull_len += PPPOE_SES_HLEN;
-+		skb->network_header += PPPOE_SES_HLEN;
-+
-+		protocol = pppoe_proto(skb);
-+		goto recheck;
-+	}
-+
-+	case htons(ETH_P_IP): {
-+		const struct iphdr *iph = ip_hdr(skb);
-+
-+		if (unlikely(!pskb_may_pull(skb, sizeof(struct iphdr))))
-+			goto other;
-+
-+		addr1 = iph->daddr;
-+		addr2 = iph->saddr;
-+
-+		ip_proto = !(ip_hdr(skb)->frag_off & htons(IP_MF | IP_OFFSET)) ?
-+				 iph->protocol : 0;
-+		ihl = ip_hdrlen(skb);
-+
-+		break;
-+	}
-+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
-+	case htons(ETH_P_IPV6): {
-+		const struct ipv6hdr *iph = ipv6_hdr(skb);
-+		__be16 fo = 0;
-+
-+		if (unlikely(!pskb_may_pull(skb, sizeof(struct ipv6hdr))))
-+			goto other;
-+
-+		addr1 = iph->daddr.s6_addr32[3];
-+		addr2 = iph->saddr.s6_addr32[3];
-+		ihl = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr), &ip_proto,
-+				       &fo);
-+		if (unlikely(ihl < 0))
-+			goto other;
-+
-+		break;
-+	}
-+#endif
-+	default:
-+other:
-+		if (pull_len != 0) {
-+			skb_push(skb, pull_len);
-+			skb->network_header -= pull_len;
-+		}
-+
-+		return (u16)(ntohs(protocol) % dev->real_num_tx_queues);
-+	}
-+
-+	if (addr1 > addr2)
-+		swap(addr1, addr2);
-+
-+	switch (ip_proto) {
-+	case IPPROTO_TCP:
-+	case IPPROTO_UDP:
-+	case IPPROTO_DCCP:
-+	case IPPROTO_ESP:
-+	case IPPROTO_AH:
-+	case IPPROTO_SCTP:
-+	case IPPROTO_UDPLITE: {
-+		if (likely(skb_copy_bits(skb, ihl, &ports.in32, 4) >= 0)) {
-+			if (ports.in16[0] > ports.in16[1])
-+				swap(ports.in16[0], ports.in16[1]);
-+			break;
-+		}
-+		/* fall-through */
-+	}
-+	default:
-+		ports.in32 = 0;
-+		break;
-+	}
-+
-+	if (pull_len != 0) {
-+		skb_push(skb, pull_len);
-+		skb->network_header -= pull_len;
-+	}
-+
-+	hash = jhash_3words(addr1, addr2, ports.in32, imq_hashrnd ^ ip_proto);
-+
-+	return (u16)(((u64)hash * dev->real_num_tx_queues) >> 32);
-+}
-+
-+static inline bool sk_tx_queue_recorded(struct sock *sk)
-+{
-+	return (sk_tx_queue_get(sk) >= 0);
-+}
-+
-+static struct netdev_queue *imq_select_queue(struct net_device *dev,
-+						struct sk_buff *skb)
-+{
-+	u16 queue_index = 0;
-+	u32 hash;
-+
-+	if (likely(dev->real_num_tx_queues == 1))
-+		goto out;
-+
-+	/* IMQ can be receiving ingress or engress packets. */
-+
-+	/* Check first for if rx_queue is set */
-+	if (skb_rx_queue_recorded(skb)) {
-+		queue_index = skb_get_rx_queue(skb);
-+		goto out;
-+	}
-+
-+	/* Check if socket has tx_queue set */
-+	if (sk_tx_queue_recorded(skb->sk)) {
-+		queue_index = sk_tx_queue_get(skb->sk);
-+		goto out;
-+	}
-+
-+	/* Try use socket hash */
-+	if (skb->sk && skb->sk->sk_hash) {
-+		hash = skb->sk->sk_hash;
-+		queue_index =
-+			(u16)(((u64)hash * dev->real_num_tx_queues) >> 32);
-+		goto out;
-+	}
-+
-+	/* Generate hash from packet data */
-+	queue_index = imq_hash(dev, skb);
-+
-+out:
-+	if (unlikely(queue_index >= dev->real_num_tx_queues))
-+		queue_index = (u16)((u32)queue_index % dev->real_num_tx_queues);
-+
-+	skb_set_queue_mapping(skb, queue_index);
-+	return netdev_get_tx_queue(dev, queue_index);
-+}
-+
-+static struct net_device_stats *imq_get_stats(struct net_device *dev)
-+{
-+	return &dev->stats;
-+}
-+
-+/* called for packets kfree'd in qdiscs at places other than enqueue */
-+static void imq_skb_destructor(struct sk_buff *skb)
-+{
-+	struct nf_queue_entry *entry = skb->nf_queue_entry;
-+
-+	skb->nf_queue_entry = NULL;
-+
-+	if (entry) {
-+		nf_queue_entry_release_refs(entry);
-+		kfree(entry);
-+	}
-+
-+	skb_restore_cb(skb); /* kfree backup */
-+}
-+
-+static void imq_done_check_queue_mapping(struct sk_buff *skb,
-+					 struct net_device *dev)
-+{
-+	unsigned int queue_index;
-+
-+	/* Don't let queue_mapping be left too large after exiting IMQ */
-+	if (likely(skb->dev != dev && skb->dev != NULL)) {
-+		queue_index = skb_get_queue_mapping(skb);
-+		if (unlikely(queue_index >= skb->dev->real_num_tx_queues)) {
-+			queue_index = (u16)((u32)queue_index %
-+						skb->dev->real_num_tx_queues);
-+			skb_set_queue_mapping(skb, queue_index);
-+		}
-+	} else {
-+		/* skb->dev was IMQ device itself or NULL, be on safe side and
-+		 * just clear queue mapping.
-+		 */
-+		skb_set_queue_mapping(skb, 0);
-+	}
-+}
-+
-+static netdev_tx_t imq_dev_xmit(struct sk_buff *skb, struct net_device *dev)
-+{
-+	struct nf_queue_entry *entry = skb->nf_queue_entry;
-+
-+	skb->nf_queue_entry = NULL;
-+	dev->trans_start = jiffies;
-+
-+	dev->stats.tx_bytes += skb->len;
-+	dev->stats.tx_packets++;
-+
-+	if (unlikely(entry == NULL)) {
-+		/* We don't know what is going on here.. packet is queued for
-+		 * imq device, but (probably) not by us.
-+		 *
-+		 * If this packet was not send here by imq_nf_queue(), then
-+		 * skb_save_cb() was not used and skb_free() should not show:
-+		 *   WARNING: IMQ: kfree_skb: skb->cb_next:..
-+		 * and/or
-+		 *   WARNING: IMQ: kfree_skb: skb->nf_queue_entry...
-+		 *
-+		 * However if this message is shown, then IMQ is somehow broken
-+		 * and you should report this to linuximq.net.
-+		 */
-+
-+		/* imq_dev_xmit is black hole that eats all packets, report that
-+		 * we eat this packet happily and increase dropped counters.
-+		 */
-+
-+		dev->stats.tx_dropped++;
-+		dev_kfree_skb(skb);
-+
-+		return NETDEV_TX_OK;
-+	}
-+
-+	skb_restore_cb(skb); /* restore skb->cb */
-+
-+	skb->imq_flags = 0;
-+	skb->destructor = NULL;
-+
-+	imq_done_check_queue_mapping(skb, dev);
-+
-+	nf_reinject(entry, NF_ACCEPT);
-+
-+	return NETDEV_TX_OK;
-+}
-+
-+static struct net_device *get_imq_device_by_index(int index)
-+{
-+	struct net_device *dev = NULL;
-+	struct net *net;
-+	char buf[8];
-+
-+	/* get device by name and cache result */
-+	snprintf(buf, sizeof(buf), "imq%d", index);
-+
-+	/* Search device from all namespaces. */
-+	for_each_net(net) {
-+		dev = dev_get_by_name(net, buf);
-+		if (dev)
-+			break;
-+	}
-+
-+	if (WARN_ON_ONCE(dev == NULL)) {
-+		/* IMQ device not found. Exotic config? */
-+		return ERR_PTR(-ENODEV);
-+	}
-+
-+	imq_devs_cache[index] = dev;
-+	dev_put(dev);
-+
-+	return dev;
-+}
-+
-+static int imq_nf_queue(struct nf_queue_entry *entry, unsigned int queue_num)
-+{
-+	struct net_device *dev;
-+	struct sk_buff *skb_orig, *skb, *skb_shared;
-+	struct Qdisc *q;
-+	struct netdev_queue *txq;
-+	spinlock_t *root_lock;
-+	int users, index;
-+	int retval = -EINVAL;
-+	unsigned int orig_queue_index;
-+
-+	index = entry->skb->imq_flags & IMQ_F_IFMASK;
-+	if (unlikely(index > numdevs - 1)) {
-+		if (net_ratelimit())
-+			pr_warn("IMQ: invalid device specified, highest is %u\n",
-+				numdevs - 1);
-+		retval = -EINVAL;
-+		goto out;
-+	}
-+
-+	/* check for imq device by index from cache */
-+	dev = imq_devs_cache[index];
-+	if (unlikely(!dev)) {
-+		dev = get_imq_device_by_index(index);
-+		if (IS_ERR(dev)) {
-+			retval = PTR_ERR(dev);
-+			goto out;
-+		}
-+	}
-+
-+	if (unlikely(!(dev->flags & IFF_UP))) {
-+		entry->skb->imq_flags = 0;
-+		nf_reinject(entry, NF_ACCEPT);
-+		retval = 0;
-+		goto out;
-+	}
-+	dev->last_rx = jiffies;
-+
-+	skb = entry->skb;
-+	skb_orig = NULL;
-+
-+	/* skb has owner? => make clone */
-+	if (unlikely(skb->destructor)) {
-+		skb_orig = skb;
-+		skb = skb_clone(skb, GFP_ATOMIC);
-+		if (unlikely(!skb)) {
-+			retval = -ENOMEM;
-+			goto out;
-+		}
-+		entry->skb = skb;
-+	}
-+
-+	skb->nf_queue_entry = entry;
-+
-+	dev->stats.rx_bytes += skb->len;
-+	dev->stats.rx_packets++;
-+
-+	if (!skb->dev) {
-+		/* skb->dev == NULL causes problems, try the find cause. */
-+		if (net_ratelimit()) {
-+			dev_warn(&dev->dev,
-+				 "received packet with skb->dev == NULL\n");
-+			dump_stack();
-+		}
-+
-+		skb->dev = dev;
-+	}
-+
-+	/* Disables softirqs for lock below */
-+	rcu_read_lock_bh();
-+
-+	/* Multi-queue selection */
-+	orig_queue_index = skb_get_queue_mapping(skb);
-+	txq = imq_select_queue(dev, skb);
-+
-+	q = rcu_dereference(txq->qdisc);
-+	if (unlikely(!q->enqueue))
-+		goto packet_not_eaten_by_imq_dev;
-+
-+	root_lock = qdisc_lock(q);
-+	spin_lock(root_lock);
-+
-+	users = atomic_read(&skb->users);
-+
-+	skb_shared = skb_get(skb); /* increase reference count by one */
-+
-+	/* backup skb->cb, as qdisc layer will overwrite it */
-+	skb_save_cb(skb_shared);
-+	qdisc_enqueue_root(skb_shared, q); /* might kfree_skb */
-+
-+	if (likely(atomic_read(&skb_shared->users) == users + 1)) {
-+		kfree_skb(skb_shared); /* decrease reference count by one */
-+
-+		skb->destructor = &imq_skb_destructor;
-+
-+		/* cloned? */
-+		if (unlikely(skb_orig))
-+			kfree_skb(skb_orig); /* free original */
-+
-+		spin_unlock(root_lock);
-+		rcu_read_unlock_bh();
-+
-+		/* schedule qdisc dequeue */
-+		__netif_schedule(q);
-+
-+		retval = 0;
-+		goto out;
-+	} else {
-+		skb_restore_cb(skb_shared); /* restore skb->cb */
-+		skb->nf_queue_entry = NULL;
-+		/*
-+		 * qdisc dropped packet and decreased skb reference count of
-+		 * skb, so we don't really want to and try refree as that would
-+		 * actually destroy the skb.
-+		 */
-+		spin_unlock(root_lock);
-+		goto packet_not_eaten_by_imq_dev;
-+	}
-+
-+packet_not_eaten_by_imq_dev:
-+	skb_set_queue_mapping(skb, orig_queue_index);
-+	rcu_read_unlock_bh();
-+
-+	/* cloned? restore original */
-+	if (unlikely(skb_orig)) {
-+		kfree_skb(skb);
-+		entry->skb = skb_orig;
-+	}
-+	retval = -1;
-+out:
-+	return retval;
-+}
-+
-+static unsigned int imq_nf_hook(unsigned int hook, struct sk_buff *pskb,
-+				const struct net_device *indev,
-+				const struct net_device *outdev,
-+				int (*okfn)(struct sk_buff *))
-+{
-+	return (pskb->imq_flags & IMQ_F_ENQUEUE) ? NF_IMQ_QUEUE : NF_ACCEPT;
-+}
-+
-+static int imq_close(struct net_device *dev)
-+{
-+	netif_stop_queue(dev);
-+	return 0;
-+}
-+
-+static int imq_open(struct net_device *dev)
-+{
-+	netif_start_queue(dev);
-+	return 0;
-+}
-+
-+static const struct net_device_ops imq_netdev_ops = {
-+	.ndo_open		= imq_open,
-+	.ndo_stop		= imq_close,
-+	.ndo_start_xmit		= imq_dev_xmit,
-+	.ndo_get_stats		= imq_get_stats,
-+};
-+
-+static void imq_setup(struct net_device *dev)
-+{
-+	dev->netdev_ops		= &imq_netdev_ops;
-+	dev->type		= ARPHRD_VOID;
-+	dev->mtu		= 16000; /* too small? */
-+	dev->tx_queue_len	= 11000; /* too big? */
-+	dev->flags		= IFF_NOARP;
-+	dev->features		= NETIF_F_SG | NETIF_F_FRAGLIST |
-+				  NETIF_F_GSO | NETIF_F_HW_CSUM |
-+				  NETIF_F_HIGHDMA;
-+	dev->priv_flags		&= ~(IFF_XMIT_DST_RELEASE |
-+				     IFF_TX_SKB_SHARING);
-+}
-+
-+static int imq_validate(struct nlattr *tb[], struct nlattr *data[])
-+{
-+	int ret = 0;
-+
-+	if (tb[IFLA_ADDRESS]) {
-+		if (nla_len(tb[IFLA_ADDRESS]) != ETH_ALEN) {
-+			ret = -EINVAL;
-+			goto end;
-+		}
-+		if (!is_valid_ether_addr(nla_data(tb[IFLA_ADDRESS]))) {
-+			ret = -EADDRNOTAVAIL;
-+			goto end;
-+		}
-+	}
-+	return 0;
-+end:
-+	pr_warn("IMQ: imq_validate failed (%d)\n", ret);
-+	return ret;
-+}
-+
-+static struct rtnl_link_ops imq_link_ops __read_mostly = {
-+	.kind		= "imq",
-+	.priv_size	= 0,
-+	.setup		= imq_setup,
-+	.validate	= imq_validate,
-+};
-+
-+static const struct nf_queue_handler imq_nfqh = {
-+	.outfn = imq_nf_queue,
-+};
-+
-+static int __init imq_init_hooks(void)
-+{
-+	int ret;
-+
-+	nf_register_queue_imq_handler(&imq_nfqh);
-+
-+	ret = nf_register_hooks(imq_ops, ARRAY_SIZE(imq_ops));
-+	if (ret < 0)
-+		nf_unregister_queue_imq_handler();
-+
-+	return ret;
-+}
-+
-+static int __init imq_init_one(int index)
-+{
-+	struct net_device *dev;
-+	int ret;
-+
-+	dev = alloc_netdev_mq(0, "imq%d", imq_setup, numqueues);
-+	if (!dev)
-+		return -ENOMEM;
-+
-+	ret = dev_alloc_name(dev, dev->name);
-+	if (ret < 0)
-+		goto fail;
-+
-+	dev->rtnl_link_ops = &imq_link_ops;
-+	ret = register_netdevice(dev);
-+	if (ret < 0)
-+		goto fail;
-+
-+	return 0;
-+fail:
-+	free_netdev(dev);
-+	return ret;
-+}
-+
-+static int __init imq_init_devs(void)
-+{
-+	int err, i;
-+
-+	if (numdevs < 1 || numdevs > IMQ_MAX_DEVS) {
-+		pr_err("IMQ: numdevs has to be betweed 1 and %u\n",
-+		       IMQ_MAX_DEVS);
-+		return -EINVAL;
-+	}
-+
-+	if (numqueues < 1 || numqueues > IMQ_MAX_QUEUES) {
-+		pr_err("IMQ: numqueues has to be betweed 1 and %u\n",
-+		       IMQ_MAX_QUEUES);
-+		return -EINVAL;
-+	}
-+
-+	get_random_bytes(&imq_hashrnd, sizeof(imq_hashrnd));
-+
-+	rtnl_lock();
-+	err = __rtnl_link_register(&imq_link_ops);
-+
-+	for (i = 0; i < numdevs && !err; i++)
-+		err = imq_init_one(i);
-+
-+	if (err) {
-+		__rtnl_link_unregister(&imq_link_ops);
-+		memset(imq_devs_cache, 0, sizeof(imq_devs_cache));
-+	}
-+	rtnl_unlock();
-+
-+	return err;
-+}
-+
-+static int __init imq_init_module(void)
-+{
-+	int err;
-+
-+#if defined(CONFIG_IMQ_NUM_DEVS)
-+	BUILD_BUG_ON(CONFIG_IMQ_NUM_DEVS > 16);
-+	BUILD_BUG_ON(CONFIG_IMQ_NUM_DEVS < 2);
-+	BUILD_BUG_ON(CONFIG_IMQ_NUM_DEVS - 1 > IMQ_F_IFMASK);
-+#endif
-+
-+	err = imq_init_devs();
-+	if (err) {
-+		pr_err("IMQ: Error trying imq_init_devs(net)\n");
-+		return err;
-+	}
-+
-+	err = imq_init_hooks();
-+	if (err) {
-+		pr_err(KERN_ERR "IMQ: Error trying imq_init_hooks()\n");
-+		rtnl_link_unregister(&imq_link_ops);
-+		memset(imq_devs_cache, 0, sizeof(imq_devs_cache));
-+		return err;
-+	}
-+
-+	pr_info("IMQ driver loaded successfully. (numdevs = %d, numqueues = %d)\n",
-+		numdevs, numqueues);
-+
-+#if defined(CONFIG_IMQ_BEHAVIOR_BA) || defined(CONFIG_IMQ_BEHAVIOR_BB)
-+	pr_info("\tHooking IMQ before NAT on PREROUTING.\n");
-+#else
-+	pr_info("\tHooking IMQ after NAT on PREROUTING.\n");
-+#endif
-+#if defined(CONFIG_IMQ_BEHAVIOR_AB) || defined(CONFIG_IMQ_BEHAVIOR_BB)
-+	pr_info("\tHooking IMQ before NAT on POSTROUTING.\n");
-+#else
-+	pr_info("\tHooking IMQ after NAT on POSTROUTING.\n");
-+#endif
-+
-+	return 0;
-+}
-+
-+static void __exit imq_unhook(void)
-+{
-+	nf_unregister_hooks(imq_ops, ARRAY_SIZE(imq_ops));
-+	nf_unregister_queue_imq_handler();
-+}
-+
-+static void __exit imq_cleanup_devs(void)
-+{
-+	rtnl_link_unregister(&imq_link_ops);
-+	memset(imq_devs_cache, 0, sizeof(imq_devs_cache));
-+}
-+
-+static void __exit imq_exit_module(void)
-+{
-+	imq_unhook();
-+	imq_cleanup_devs();
-+	pr_info("IMQ driver unloaded successfully.\n");
-+}
-+
-+module_init(imq_init_module);
-+module_exit(imq_exit_module);
-+
-+module_param(numdevs, int, 0);
-+module_param(numqueues, int, 0);
-+MODULE_PARM_DESC(numdevs, "number of IMQ devices (how many imq* devices will be created)");
-+MODULE_PARM_DESC(numqueues, "number of queues per IMQ device");
-+MODULE_AUTHOR("http://www.linuximq.net");
-+MODULE_DESCRIPTION("Pseudo-driver for the intermediate queue device. See http://www.linuximq.net/ for more information.");
-+MODULE_LICENSE("GPL");
-+MODULE_ALIAS_RTNL_LINK("imq");
-+
-diff -uNr linux-3.9.1/drivers/net/Kconfig linux-3.9.1-imqmq/drivers/net/Kconfig
---- linux-3.9.1/drivers/net/Kconfig	2013-05-08 06:58:03.000000000 +0300
-+++ linux-3.9.1-imqmq/drivers/net/Kconfig	2013-05-08 17:30:29.011952562 +0300
-@@ -206,6 +206,125 @@
- 	depends on RIONET
- 	default "128"
- 
-+config IMQ
-+	tristate "IMQ (intermediate queueing device) support"
-+	depends on NETDEVICES && NETFILTER
-+	---help---
-+	  The IMQ device(s) is used as placeholder for QoS queueing
-+	  disciplines. Every packet entering/leaving the IP stack can be
-+	  directed through the IMQ device where it's enqueued/dequeued to the
-+	  attached qdisc. This allows you to treat network devices as classes
-+	  and distribute bandwidth among them. Iptables is used to specify
-+	  through which IMQ device, if any, packets travel.
-+
-+	  More information at: http://www.linuximq.net/
-+
-+	  To compile this driver as a module, choose M here: the module
-+	  will be called imq.  If unsure, say N.
-+
-+choice
-+	prompt "IMQ behavior (PRE/POSTROUTING)"
-+	depends on IMQ
-+	default IMQ_BEHAVIOR_AB
-+	help
-+	  This setting defines how IMQ behaves in respect to its
-+	  hooking in PREROUTING and POSTROUTING.
-+
-+	  IMQ can work in any of the following ways:
-+
-+	      PREROUTING   |      POSTROUTING
-+	  -----------------|-------------------
-+	  #1  After NAT    |      After NAT
-+	  #2  After NAT    |      Before NAT
-+	  #3  Before NAT   |      After NAT
-+	  #4  Before NAT   |      Before NAT
-+
-+	  The default behavior is to hook before NAT on PREROUTING
-+	  and after NAT on POSTROUTING (#3).
-+
-+	  This settings are specially usefull when trying to use IMQ
-+	  to shape NATed clients.
-+
-+	  More information can be found at: www.linuximq.net
-+
-+	  If not sure leave the default settings alone.
-+
-+config IMQ_BEHAVIOR_AA
-+	bool "IMQ AA"
-+	help
-+	  This setting defines how IMQ behaves in respect to its
-+	  hooking in PREROUTING and POSTROUTING.
-+
-+	  Choosing this option will make IMQ hook like this:
-+
-+	  PREROUTING:   After NAT
-+	  POSTROUTING:  After NAT
-+
-+	  More information can be found at: www.linuximq.net
-+
-+	  If not sure leave the default settings alone.
-+
-+config IMQ_BEHAVIOR_AB
-+	bool "IMQ AB"
-+	help
-+	  This setting defines how IMQ behaves in respect to its
-+	  hooking in PREROUTING and POSTROUTING.
-+
-+	  Choosing this option will make IMQ hook like this:
-+
-+	  PREROUTING:   After NAT
-+	  POSTROUTING:  Before NAT
-+
-+	  More information can be found at: www.linuximq.net
-+
-+	  If not sure leave the default settings alone.
-+
-+config IMQ_BEHAVIOR_BA
-+	bool "IMQ BA"
-+	help
-+	  This setting defines how IMQ behaves in respect to its
-+	  hooking in PREROUTING and POSTROUTING.
-+
-+	  Choosing this option will make IMQ hook like this:
-+
-+	  PREROUTING:   Before NAT
-+	  POSTROUTING:  After NAT
-+
-+	  More information can be found at: www.linuximq.net
-+
-+	  If not sure leave the default settings alone.
-+
-+config IMQ_BEHAVIOR_BB
-+	bool "IMQ BB"
-+	help
-+	  This setting defines how IMQ behaves in respect to its
-+	  hooking in PREROUTING and POSTROUTING.
-+
-+	  Choosing this option will make IMQ hook like this:
-+
-+	  PREROUTING:   Before NAT
-+	  POSTROUTING:  Before NAT
-+
-+	  More information can be found at: www.linuximq.net
-+
-+	  If not sure leave the default settings alone.
-+
-+endchoice
-+
-+config IMQ_NUM_DEVS
-+	int "Number of IMQ devices"
-+	range 2 16
-+	depends on IMQ
-+	default "16"
-+	help
-+	  This setting defines how many IMQ devices will be created.
-+
-+	  The default value is 16.
-+
-+	  More information can be found at: www.linuximq.net
-+
-+	  If not sure leave the default settings alone.
-+
- config TUN
- 	tristate "Universal TUN/TAP device driver support"
- 	select CRC32
-diff -uNr linux-3.9.1/drivers/net/Makefile linux-3.9.1-imqmq/drivers/net/Makefile
---- linux-3.9.1/drivers/net/Makefile	2013-05-08 06:58:03.000000000 +0300
-+++ linux-3.9.1-imqmq/drivers/net/Makefile	2013-05-08 17:30:29.011952562 +0300
-@@ -9,6 +9,7 @@
- obj-$(CONFIG_DUMMY) += dummy.o
- obj-$(CONFIG_EQUALIZER) += eql.o
- obj-$(CONFIG_IFB) += ifb.o
-+obj-$(CONFIG_IMQ) += imq.o
- obj-$(CONFIG_MACVLAN) += macvlan.o
- obj-$(CONFIG_MACVTAP) += macvtap.o
- obj-$(CONFIG_MII) += mii.o
-diff -uNr linux-3.9.1/include/linux/imq.h linux-3.9.1-imqmq/include/linux/imq.h
---- linux-3.9.1/include/linux/imq.h	1970-01-01 02:00:00.000000000 +0200
-+++ linux-3.9.1-imqmq/include/linux/imq.h	2013-05-08 17:30:29.011952562 +0300
-@@ -0,0 +1,13 @@
-+#ifndef _IMQ_H
-+#define _IMQ_H
-+
-+/* IFMASK (16 device indexes, 0 to 15) and flag(s) fit in 5 bits */
-+#define IMQ_F_BITS	5
-+
-+#define IMQ_F_IFMASK	0x0f
-+#define IMQ_F_ENQUEUE	0x10
-+
-+#define IMQ_MAX_DEVS	(IMQ_F_IFMASK + 1)
-+
-+#endif /* _IMQ_H */
-+
-diff -uNr linux-3.9.1/include/linux/netfilter/xt_IMQ.h linux-3.9.1-imqmq/include/linux/netfilter/xt_IMQ.h
---- linux-3.9.1/include/linux/netfilter/xt_IMQ.h	1970-01-01 02:00:00.000000000 +0200
-+++ linux-3.9.1-imqmq/include/linux/netfilter/xt_IMQ.h	2013-05-08 17:30:29.011952562 +0300
-@@ -0,0 +1,9 @@
-+#ifndef _XT_IMQ_H
-+#define _XT_IMQ_H
-+
-+struct xt_imq_info {
-+	unsigned int todev;     /* target imq device */
-+};
-+
-+#endif /* _XT_IMQ_H */
-+
-diff -uNr linux-3.9.1/include/linux/netfilter_ipv4/ipt_IMQ.h linux-3.9.1-imqmq/include/linux/netfilter_ipv4/ipt_IMQ.h
---- linux-3.9.1/include/linux/netfilter_ipv4/ipt_IMQ.h	1970-01-01 02:00:00.000000000 +0200
-+++ linux-3.9.1-imqmq/include/linux/netfilter_ipv4/ipt_IMQ.h	2013-05-08 17:30:29.011952562 +0300
-@@ -0,0 +1,10 @@
-+#ifndef _IPT_IMQ_H
-+#define _IPT_IMQ_H
-+
-+/* Backwards compatibility for old userspace */
-+#include <linux/netfilter/xt_IMQ.h>
-+
-+#define ipt_imq_info xt_imq_info
-+
-+#endif /* _IPT_IMQ_H */
-+
-diff -uNr linux-3.9.1/include/linux/netfilter_ipv6/ip6t_IMQ.h linux-3.9.1-imqmq/include/linux/netfilter_ipv6/ip6t_IMQ.h
---- linux-3.9.1/include/linux/netfilter_ipv6/ip6t_IMQ.h	1970-01-01 02:00:00.000000000 +0200
-+++ linux-3.9.1-imqmq/include/linux/netfilter_ipv6/ip6t_IMQ.h	2013-05-08 17:30:29.011952562 +0300
-@@ -0,0 +1,10 @@
-+#ifndef _IP6T_IMQ_H
-+#define _IP6T_IMQ_H
-+
-+/* Backwards compatibility for old userspace */
-+#include <linux/netfilter/xt_IMQ.h>
-+
-+#define ip6t_imq_info xt_imq_info
-+
-+#endif /* _IP6T_IMQ_H */
-+
-diff -uNr linux-3.9.1/include/linux/skbuff.h linux-3.9.1-imqmq/include/linux/skbuff.h
---- linux-3.9.1/include/linux/skbuff.h	2013-05-08 06:58:03.000000000 +0300
-+++ linux-3.9.1-imqmq/include/linux/skbuff.h	2013-05-08 17:30:29.015285965 +0300
-@@ -32,6 +32,9 @@
- #include <linux/dma-mapping.h>
- #include <linux/netdev_features.h>
- #include <net/flow_keys.h>
-+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE)
-+#include <linux/imq.h>
-+#endif
- 
- /* Don't change this without changing skb_csum_unnecessary! */
- #define CHECKSUM_NONE 0
-@@ -415,6 +418,9 @@
- 	 * first. This is owned by whoever has the skb queued ATM.
- 	 */
- 	char			cb[48] __aligned(8);
-+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE)
-+	void			*cb_next;
-+#endif
- 
- 	unsigned long		_skb_refdst;
- #ifdef CONFIG_XFRM
-@@ -453,6 +459,9 @@
- #ifdef NET_SKBUFF_NF_DEFRAG_NEEDED
- 	struct sk_buff		*nfct_reasm;
- #endif
-+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE)
-+	struct nf_queue_entry	*nf_queue_entry;
-+#endif
- #ifdef CONFIG_BRIDGE_NETFILTER
- 	struct nf_bridge_info	*nf_bridge;
- #endif
-@@ -491,6 +500,10 @@
- 	/* 7/9 bit hole (depending on ndisc_nodetype presence) */
- 	kmemcheck_bitfield_end(flags2);
- 
-+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE)
-+	__u8			imq_flags:IMQ_F_BITS;
-+#endif
-+
- #ifdef CONFIG_NET_DMA
- 	dma_cookie_t		dma_cookie;
- #endif
-@@ -586,6 +599,12 @@
- 	return (struct rtable *)skb_dst(skb);
- }
- 
-+
-+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE)
-+extern int skb_save_cb(struct sk_buff *skb);
-+extern int skb_restore_cb(struct sk_buff *skb);
-+#endif
-+
- extern void kfree_skb(struct sk_buff *skb);
- extern void skb_tx_error(struct sk_buff *skb);
- extern void consume_skb(struct sk_buff *skb);
-@@ -2662,6 +2681,10 @@
- 	dst->nfct_reasm = src->nfct_reasm;
- 	nf_conntrack_get_reasm(src->nfct_reasm);
- #endif
-+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE)
-+	dst->imq_flags = src->imq_flags;
-+	dst->nf_queue_entry = src->nf_queue_entry;
-+#endif
- #ifdef CONFIG_BRIDGE_NETFILTER
- 	dst->nf_bridge  = src->nf_bridge;
- 	nf_bridge_get(src->nf_bridge);
-diff -uNr linux-3.9.1/include/net/netfilter/nf_queue.h linux-3.9.1-imqmq/include/net/netfilter/nf_queue.h
---- linux-3.9.1/include/net/netfilter/nf_queue.h	2013-05-08 06:58:03.000000000 +0300
-+++ linux-3.9.1-imqmq/include/net/netfilter/nf_queue.h	2013-05-08 17:30:29.015285965 +0300
-@@ -26,5 +26,11 @@
- void nf_register_queue_handler(const struct nf_queue_handler *qh);
- void nf_unregister_queue_handler(void);
- extern void nf_reinject(struct nf_queue_entry *entry, unsigned int verdict);
-+extern void nf_queue_entry_release_refs(struct nf_queue_entry *entry);
-+
-+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE)
-+extern void nf_register_queue_imq_handler(const struct nf_queue_handler *qh);
-+extern void nf_unregister_queue_imq_handler(void);
-+#endif
- 
- #endif /* _NF_QUEUE_H */
-diff -uNr linux-3.9.1/include/uapi/linux/netfilter.h linux-3.9.1-imqmq/include/uapi/linux/netfilter.h
---- linux-3.9.1/include/uapi/linux/netfilter.h	2013-05-08 06:58:03.000000000 +0300
-+++ linux-3.9.1-imqmq/include/uapi/linux/netfilter.h	2013-05-08 17:30:29.015285965 +0300
-@@ -13,7 +13,8 @@
- #define NF_QUEUE 3
- #define NF_REPEAT 4
- #define NF_STOP 5
--#define NF_MAX_VERDICT NF_STOP
-+#define NF_IMQ_QUEUE 6
-+#define NF_MAX_VERDICT NF_IMQ_QUEUE
- 
- /* we overload the higher bits for encoding auxiliary data such as the queue
-  * number or errno values. Not nice, but better than additional function
-diff -uNr linux-3.9.1/net/core/dev.c linux-3.9.1-imqmq/net/core/dev.c
---- linux-3.9.1/net/core/dev.c	2013-05-08 06:58:03.000000000 +0300
-+++ linux-3.9.1-imqmq/net/core/dev.c	2013-05-08 17:30:29.018619368 +0300
-@@ -129,6 +129,9 @@
- #include <linux/inetdevice.h>
- #include <linux/cpu_rmap.h>
- #include <linux/static_key.h>
-+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE)
-+#include <linux/imq.h>
-+#endif
- 
- #include "net-sysfs.h"
- 
-@@ -2529,7 +2532,12 @@
- 			}
- 		}
- 
-+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE)
-+		if (!list_empty(&ptype_all) &&
-+					!(skb->imq_flags & IMQ_F_ENQUEUE))
-+#else
- 		if (!list_empty(&ptype_all))
-+#endif
- 			dev_queue_xmit_nit(skb, dev);
- 
- 		skb_len = skb->len;
-diff -uNr linux-3.9.1/net/core/skbuff.c linux-3.9.1-imqmq/net/core/skbuff.c
---- linux-3.9.1/net/core/skbuff.c	2013-05-08 06:58:03.000000000 +0300
-+++ linux-3.9.1-imqmq/net/core/skbuff.c	2013-05-08 17:30:29.021952772 +0300
-@@ -73,6 +73,9 @@
- 
- struct kmem_cache *skbuff_head_cache __read_mostly;
- static struct kmem_cache *skbuff_fclone_cache __read_mostly;
-+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE)
-+static struct kmem_cache *skbuff_cb_store_cache __read_mostly;
-+#endif
- 
- static void sock_pipe_buf_release(struct pipe_inode_info *pipe,
- 				  struct pipe_buffer *buf)
-@@ -92,6 +95,82 @@
- 	return 1;
- }
- 
-+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE)
-+/* Control buffer save/restore for IMQ devices */
-+struct skb_cb_table {
-+	char			cb[48] __aligned(8);
-+	void			*cb_next;
-+	atomic_t		refcnt;
-+};
-+
-+static DEFINE_SPINLOCK(skb_cb_store_lock);
-+
-+int skb_save_cb(struct sk_buff *skb)
-+{
-+	struct skb_cb_table *next;
-+
-+	next = kmem_cache_alloc(skbuff_cb_store_cache, GFP_ATOMIC);
-+	if (!next)
-+		return -ENOMEM;
-+
-+	BUILD_BUG_ON(sizeof(skb->cb) != sizeof(next->cb));
-+
-+	memcpy(next->cb, skb->cb, sizeof(skb->cb));
-+	next->cb_next = skb->cb_next;
-+
-+	atomic_set(&next->refcnt, 1);
-+
-+	skb->cb_next = next;
-+	return 0;
-+}
-+EXPORT_SYMBOL(skb_save_cb);
-+
-+int skb_restore_cb(struct sk_buff *skb)
-+{
-+	struct skb_cb_table *next;
-+
-+	if (!skb->cb_next)
-+		return 0;
-+
-+	next = skb->cb_next;
-+
-+	BUILD_BUG_ON(sizeof(skb->cb) != sizeof(next->cb));
-+
-+	memcpy(skb->cb, next->cb, sizeof(skb->cb));
-+	skb->cb_next = next->cb_next;
-+
-+	spin_lock(&skb_cb_store_lock);
-+
-+	if (atomic_dec_and_test(&next->refcnt))
-+		kmem_cache_free(skbuff_cb_store_cache, next);
-+
-+	spin_unlock(&skb_cb_store_lock);
-+
-+	return 0;
-+}
-+EXPORT_SYMBOL(skb_restore_cb);
-+
-+static void skb_copy_stored_cb(struct sk_buff *new, const struct sk_buff *__old)
-+{
-+	struct skb_cb_table *next;
-+	struct sk_buff *old;
-+
-+	if (!__old->cb_next) {
-+		new->cb_next = NULL;
-+		return;
-+	}
-+
-+	spin_lock(&skb_cb_store_lock);
-+
-+	old = (struct sk_buff *)__old;
-+
-+	next = old->cb_next;
-+	atomic_inc(&next->refcnt);
-+	new->cb_next = next;
-+
-+	spin_unlock(&skb_cb_store_lock);
-+}
-+#endif
- 
- /* Pipe buffer operations for a socket. */
- static const struct pipe_buf_operations sock_pipe_buf_ops = {
-@@ -562,6 +641,28 @@
- 		WARN_ON(in_irq());
- 		skb->destructor(skb);
- 	}
-+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE)
-+	/*
-+	 * This should not happen. When it does, avoid memleak by restoring
-+	 * the chain of cb-backups.
-+	 */
-+	while (skb->cb_next != NULL) {
-+		if (net_ratelimit())
-+			pr_warn("IMQ: kfree_skb: skb->cb_next: %08x\n",
-+				(unsigned int)skb->cb_next);
-+
-+		skb_restore_cb(skb);
-+	}
-+	/*
-+	 * This should not happen either, nf_queue_entry is nullified in
-+	 * imq_dev_xmit(). If we have non-NULL nf_queue_entry then we are
-+	 * leaking entry pointers, maybe memory. We don't know if this is
-+	 * pointer to already freed memory, or should this be freed.
-+	 * If this happens we need to add refcounting, etc for nf_queue_entry.
-+	 */
-+	if (skb->nf_queue_entry && net_ratelimit())
-+		pr_warn("%s\n", "IMQ: kfree_skb: skb->nf_queue_entry != NULL");
-+#endif
- #if IS_ENABLED(CONFIG_NF_CONNTRACK)
- 	nf_conntrack_put(skb->nfct);
- #endif
-@@ -683,6 +784,9 @@
- 	new->sp			= secpath_get(old->sp);
- #endif
- 	memcpy(new->cb, old->cb, sizeof(old->cb));
-+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE)
-+	skb_copy_stored_cb(new, old);
-+#endif
- 	new->csum		= old->csum;
- 	new->local_df		= old->local_df;
- 	new->pkt_type		= old->pkt_type;
-@@ -3053,6 +3157,13 @@
- 						0,
- 						SLAB_HWCACHE_ALIGN|SLAB_PANIC,
- 						NULL);
-+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE)
-+	skbuff_cb_store_cache = kmem_cache_create("skbuff_cb_store_cache",
-+						  sizeof(struct skb_cb_table),
-+						  0,
-+						  SLAB_HWCACHE_ALIGN|SLAB_PANIC,
-+						  NULL);
-+#endif
- }
- 
- /**
-diff -uNr linux-3.9.1/net/ipv6/ip6_output.c linux-3.9.1-imqmq/net/ipv6/ip6_output.c
---- linux-3.9.1/net/ipv6/ip6_output.c	2013-05-08 06:58:03.000000000 +0300
-+++ linux-3.9.1-imqmq/net/ipv6/ip6_output.c	2013-05-08 17:30:29.021952772 +0300
-@@ -89,9 +89,6 @@
- 	struct in6_addr *nexthop;
- 	int ret;
- 
--	skb->protocol = htons(ETH_P_IPV6);
--	skb->dev = dev;
--
- 	if (ipv6_addr_is_multicast(&ipv6_hdr(skb)->daddr)) {
- 		struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb));
- 
-@@ -167,6 +164,13 @@
- 		return 0;
- 	}
- 
-+	/*
-+	 * IMQ-patch: moved setting skb->dev and skb->protocol from
-+	 * ip6_finish_output2 to fix crashing at netif_skb_features().
-+	 */
-+	skb->protocol = htons(ETH_P_IPV6);
-+	skb->dev = dev;
-+
- 	return NF_HOOK_COND(NFPROTO_IPV6, NF_INET_POST_ROUTING, skb, NULL, dev,
- 			    ip6_finish_output,
- 			    !(IP6CB(skb)->flags & IP6SKB_REROUTED));
-diff -uNr linux-3.9.1/net/netfilter/core.c linux-3.9.1-imqmq/net/netfilter/core.c
---- linux-3.9.1/net/netfilter/core.c	2013-05-08 06:58:03.000000000 +0300
-+++ linux-3.9.1-imqmq/net/netfilter/core.c	2013-05-08 17:30:29.025286174 +0300
-@@ -188,9 +188,11 @@
- 		ret = NF_DROP_GETERR(verdict);
- 		if (ret == 0)
- 			ret = -EPERM;
--	} else if ((verdict & NF_VERDICT_MASK) == NF_QUEUE) {
-+	} else if ((verdict & NF_VERDICT_MASK) == NF_QUEUE ||
-+		   (verdict & NF_VERDICT_MASK) == NF_IMQ_QUEUE) {
- 		int err = nf_queue(skb, elem, pf, hook, indev, outdev, okfn,
--						verdict >> NF_VERDICT_QBITS);
-+						verdict >> NF_VERDICT_QBITS,
-+						verdict & NF_VERDICT_MASK);
- 		if (err < 0) {
- 			if (err == -ECANCELED)
- 				goto next_hook;
-diff -uNr linux-3.9.1/net/netfilter/Kconfig linux-3.9.1-imqmq/net/netfilter/Kconfig
---- linux-3.9.1/net/netfilter/Kconfig	2013-05-08 06:58:03.000000000 +0300
-+++ linux-3.9.1-imqmq/net/netfilter/Kconfig	2013-05-08 17:30:29.025286174 +0300
-@@ -641,6 +641,18 @@
- 
- 	  To compile it as a module, choose M here.  If unsure, say N.
- 
-+config NETFILTER_XT_TARGET_IMQ
-+        tristate '"IMQ" target support'
-+	depends on NETFILTER_XTABLES
-+	depends on IP_NF_MANGLE || IP6_NF_MANGLE
-+	select IMQ
-+	default m if NETFILTER_ADVANCED=n
-+        help
-+          This option adds a `IMQ' target which is used to specify if and
-+          to which imq device packets should get enqueued/dequeued.
-+
-+          To compile it as a module, choose M here.  If unsure, say N.
-+
- config NETFILTER_XT_TARGET_MARK
- 	tristate '"MARK" target support'
- 	depends on NETFILTER_ADVANCED
-diff -uNr linux-3.9.1/net/netfilter/Makefile linux-3.9.1-imqmq/net/netfilter/Makefile
---- linux-3.9.1/net/netfilter/Makefile	2013-05-08 06:58:03.000000000 +0300
-+++ linux-3.9.1-imqmq/net/netfilter/Makefile	2013-05-08 17:30:29.025286174 +0300
-@@ -82,6 +82,7 @@
- obj-$(CONFIG_NETFILTER_XT_TARGET_DSCP) += xt_DSCP.o
- obj-$(CONFIG_NETFILTER_XT_TARGET_HL) += xt_HL.o
- obj-$(CONFIG_NETFILTER_XT_TARGET_HMARK) += xt_HMARK.o
-+obj-$(CONFIG_NETFILTER_XT_TARGET_IMQ) += xt_IMQ.o
- obj-$(CONFIG_NETFILTER_XT_TARGET_LED) += xt_LED.o
- obj-$(CONFIG_NETFILTER_XT_TARGET_LOG) += xt_LOG.o
- obj-$(CONFIG_NETFILTER_XT_TARGET_NETMAP) += xt_NETMAP.o
-diff -uNr linux-3.9.1/net/netfilter/nf_internals.h linux-3.9.1-imqmq/net/netfilter/nf_internals.h
---- linux-3.9.1/net/netfilter/nf_internals.h	2013-05-08 06:58:03.000000000 +0300
-+++ linux-3.9.1-imqmq/net/netfilter/nf_internals.h	2013-05-08 17:30:29.025286174 +0300
-@@ -29,7 +29,7 @@
- 		    struct net_device *indev,
- 		    struct net_device *outdev,
- 		    int (*okfn)(struct sk_buff *),
--		    unsigned int queuenum);
-+		    unsigned int queuenum, unsigned int queuetype);
- extern int __init netfilter_queue_init(void);
- 
- /* nf_log.c */
-diff -uNr linux-3.9.1/net/netfilter/nf_queue.c linux-3.9.1-imqmq/net/netfilter/nf_queue.c
---- linux-3.9.1/net/netfilter/nf_queue.c	2013-05-08 06:58:03.000000000 +0300
-+++ linux-3.9.1-imqmq/net/netfilter/nf_queue.c	2013-05-08 17:30:29.025286174 +0300
-@@ -22,6 +22,23 @@
-  */
- static const struct nf_queue_handler __rcu *queue_handler __read_mostly;
- 
-+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE)
-+static const struct nf_queue_handler __rcu *queue_imq_handler __read_mostly;
-+
-+void nf_register_queue_imq_handler(const struct nf_queue_handler *qh)
-+{
-+	rcu_assign_pointer(queue_imq_handler, qh);
-+}
-+EXPORT_SYMBOL_GPL(nf_register_queue_imq_handler);
-+
-+void nf_unregister_queue_imq_handler(void)
-+{
-+	RCU_INIT_POINTER(queue_imq_handler, NULL);
-+	synchronize_rcu();
-+}
-+EXPORT_SYMBOL_GPL(nf_unregister_queue_imq_handler);
-+#endif
-+
- /* return EBUSY when somebody else is registered, return EEXIST if the
-  * same handler is registered, return 0 in case of success. */
- void nf_register_queue_handler(const struct nf_queue_handler *qh)
-@@ -71,7 +89,8 @@
- 		      struct net_device *indev,
- 		      struct net_device *outdev,
- 		      int (*okfn)(struct sk_buff *),
--		      unsigned int queuenum)
-+		      unsigned int queuenum,
-+		      unsigned int queuetype)
- {
- 	int status = -ENOENT;
- 	struct nf_queue_entry *entry = NULL;
-@@ -85,7 +104,17 @@
- 	/* QUEUE == DROP if no one is waiting, to be safe. */
- 	rcu_read_lock();
- 
--	qh = rcu_dereference(queue_handler);
-+	if (queuetype == NF_IMQ_QUEUE) {
-+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE)
-+		qh = rcu_dereference(queue_imq_handler);
-+#else
-+		BUG();
-+		goto err_unlock;
-+#endif
-+	} else {
-+		qh = rcu_dereference(queue_handler);
-+	}
-+
- 	if (!qh) {
- 		status = -ESRCH;
- 		goto err_unlock;
-@@ -233,9 +261,11 @@
- 		local_bh_enable();
- 		break;
- 	case NF_QUEUE:
-+	case NF_IMQ_QUEUE:
- 		err = nf_queue(skb, elem, entry->pf, entry->hook,
- 				entry->indev, entry->outdev, entry->okfn,
--				verdict >> NF_VERDICT_QBITS);
-+				verdict >> NF_VERDICT_QBITS,
-+				verdict & NF_VERDICT_MASK);
- 		if (err < 0) {
- 			if (err == -ECANCELED)
- 				goto next_hook;
-diff -uNr linux-3.9.1/net/netfilter/xt_IMQ.c linux-3.9.1-imqmq/net/netfilter/xt_IMQ.c
---- linux-3.9.1/net/netfilter/xt_IMQ.c	1970-01-01 02:00:00.000000000 +0200
-+++ linux-3.9.1-imqmq/net/netfilter/xt_IMQ.c	2013-05-08 17:30:29.025286174 +0300
-@@ -0,0 +1,72 @@
-+/*
-+ * This target marks packets to be enqueued to an imq device
-+ */
-+#include <linux/module.h>
-+#include <linux/skbuff.h>
-+#include <linux/netfilter/x_tables.h>
-+#include <linux/netfilter/xt_IMQ.h>
-+#include <linux/imq.h>
-+
-+static unsigned int imq_target(struct sk_buff *pskb,
-+				const struct xt_action_param *par)
-+{
-+	const struct xt_imq_info *mr = par->targinfo;
-+
-+	pskb->imq_flags = (mr->todev & IMQ_F_IFMASK) | IMQ_F_ENQUEUE;
-+
-+	return XT_CONTINUE;
-+}
-+
-+static int imq_checkentry(const struct xt_tgchk_param *par)
-+{
-+	struct xt_imq_info *mr = par->targinfo;
-+
-+	if (mr->todev > IMQ_MAX_DEVS - 1) {
-+		pr_warn("IMQ: invalid device specified, highest is %u\n",
-+			IMQ_MAX_DEVS - 1);
-+		return -EINVAL;
-+	}
-+
-+	return 0;
-+}
-+
-+static struct xt_target xt_imq_reg[] __read_mostly = {
-+	{
-+		.name           = "IMQ",
-+		.family		= AF_INET,
-+		.checkentry     = imq_checkentry,
-+		.target         = imq_target,
-+		.targetsize	= sizeof(struct xt_imq_info),
-+		.table		= "mangle",
-+		.me             = THIS_MODULE
-+	},
-+	{
-+		.name           = "IMQ",
-+		.family		= AF_INET6,
-+		.checkentry     = imq_checkentry,
-+		.target         = imq_target,
-+		.targetsize	= sizeof(struct xt_imq_info),
-+		.table		= "mangle",
-+		.me             = THIS_MODULE
-+	},
-+};
-+
-+static int __init imq_init(void)
-+{
-+	return xt_register_targets(xt_imq_reg, ARRAY_SIZE(xt_imq_reg));
-+}
-+
-+static void __exit imq_fini(void)
-+{
-+	xt_unregister_targets(xt_imq_reg, ARRAY_SIZE(xt_imq_reg));
-+}
-+
-+module_init(imq_init);
-+module_exit(imq_fini);
-+
-+MODULE_AUTHOR("http://www.linuximq.net");
-+MODULE_DESCRIPTION("Pseudo-driver for the intermediate queue device. See http://www.linuximq.net/ for more information.");
-+MODULE_LICENSE("GPL");
-+MODULE_ALIAS("ipt_IMQ");
-+MODULE_ALIAS("ip6t_IMQ");
-+
hooks/post-receive
--
IPFire 2.x development tree

    