5536c2039e
Renamed patches to keep their original numbering from codelinaro.org Fixed minor bugs and added support for the qca-nss-drv-l2tpv2 module
144 lines
4.6 KiB
Diff
144 lines
4.6 KiB
Diff
From 9e984fe0cbc5e1ec616f52f1964cc0b4e158138a Mon Sep 17 00:00:00 2001
|
|
From: Murat Sezgin <quic_msezgin@quicinc.com>
|
|
Date: Thu, 11 May 2023 11:54:05 -0700
|
|
Subject: [PATCH 352/500] net: Add DSCP remarking feature for HW acceleration.
|
|
|
|
DSCP remarking is an advanced QoS feature of acceleration
|
|
engine. With this feature it is possible to set the accelerated
|
|
eggress packets' DSCP values with iptables command.
|
|
|
|
Change-Id: I7fa8d8a2a87b66b262d54e25f22e9eedd665c456
|
|
Signed-off-by: Murat Sezgin <msezgin@codeaurora.org>
|
|
Signed-off-by: Murat Sezgin <quic_msezgin@quicinc.com>
|
|
---
|
|
include/net/netfilter/nf_conntrack_extend.h | 3 +++
|
|
net/netfilter/Kconfig | 7 ++++++
|
|
net/netfilter/Makefile | 1 +
|
|
net/netfilter/nf_conntrack_core.c | 6 +++++
|
|
net/netfilter/xt_DSCP.c | 27 ++++++++++++++++++++-
|
|
5 files changed, 43 insertions(+), 1 deletion(-)
|
|
|
|
--- a/include/net/netfilter/nf_conntrack_extend.h
|
|
+++ b/include/net/netfilter/nf_conntrack_extend.h
|
|
@@ -31,6 +31,9 @@ enum nf_ct_ext_id {
|
|
#if IS_ENABLED(CONFIG_NET_ACT_CT)
|
|
NF_CT_EXT_ACT_CT,
|
|
#endif
|
|
+#ifdef CONFIG_NF_CONNTRACK_DSCPREMARK_EXT
|
|
+ NF_CT_EXT_DSCPREMARK,
|
|
+#endif
|
|
NF_CT_EXT_NUM,
|
|
};
|
|
|
|
--- a/net/netfilter/Kconfig
|
|
+++ b/net/netfilter/Kconfig
|
|
@@ -174,6 +174,13 @@ config NF_CONNTRACK_TIMEOUT
|
|
|
|
If unsure, say `N'.
|
|
|
|
+config NF_CONNTRACK_DSCPREMARK_EXT
|
|
+ bool 'Connection tracking extension for dscp remark target'
|
|
+ depends on NETFILTER_ADVANCED
|
|
+ help
|
|
+ This option enables support for connection tracking extension
|
|
+ for dscp remark.
|
|
+
|
|
config NF_CONNTRACK_TIMESTAMP
|
|
bool 'Connection tracking timestamping'
|
|
depends on NETFILTER_ADVANCED
|
|
--- a/net/netfilter/Makefile
|
|
+++ b/net/netfilter/Makefile
|
|
@@ -20,6 +20,7 @@ nf_conntrack-$(CONFIG_DEBUG_INFO_BTF_MOD
|
|
else ifeq ($(CONFIG_NF_CONNTRACK),y)
|
|
nf_conntrack-$(CONFIG_DEBUG_INFO_BTF) += nf_conntrack_bpf.o
|
|
endif
|
|
+nf_conntrack-$(CONFIG_NF_CONNTRACK_DSCPREMARK_EXT) += nf_conntrack_dscpremark_ext.o
|
|
|
|
obj-$(CONFIG_NETFILTER) = netfilter.o
|
|
obj-$(CONFIG_NETFILTER_BPF_LINK) += nf_bpf_link.o
|
|
--- a/net/netfilter/nf_conntrack_core.c
|
|
+++ b/net/netfilter/nf_conntrack_core.c
|
|
@@ -45,6 +45,9 @@
|
|
#include <net/netfilter/nf_conntrack_zones.h>
|
|
#include <net/netfilter/nf_conntrack_timestamp.h>
|
|
#include <net/netfilter/nf_conntrack_timeout.h>
|
|
+#ifdef CONFIG_NF_CONNTRACK_DSCPREMARK_EXT
|
|
+#include <net/netfilter/nf_conntrack_dscpremark_ext.h>
|
|
+#endif
|
|
#include <net/netfilter/nf_conntrack_labels.h>
|
|
#include <net/netfilter/nf_conntrack_synproxy.h>
|
|
#include <net/netfilter/nf_nat.h>
|
|
@@ -1740,6 +1743,9 @@ init_conntrack(struct net *net, struct n
|
|
nf_ct_acct_ext_add(ct, GFP_ATOMIC);
|
|
nf_ct_tstamp_ext_add(ct, GFP_ATOMIC);
|
|
nf_ct_labels_ext_add(ct);
|
|
+#ifdef CONFIG_NF_CONNTRACK_DSCPREMARK_EXT
|
|
+ nf_ct_dscpremark_ext_add(ct, GFP_ATOMIC);
|
|
+#endif
|
|
|
|
#ifdef CONFIG_NF_CONNTRACK_EVENTS
|
|
ecache = tmpl ? nf_ct_ecache_find(tmpl) : NULL;
|
|
--- a/net/netfilter/xt_DSCP.c
|
|
+++ b/net/netfilter/xt_DSCP.c
|
|
@@ -15,6 +15,9 @@
|
|
|
|
#include <linux/netfilter/x_tables.h>
|
|
#include <linux/netfilter/xt_DSCP.h>
|
|
+#ifdef CONFIG_NF_CONNTRACK_DSCPREMARK_EXT
|
|
+#include <net/netfilter/nf_conntrack_dscpremark_ext.h>
|
|
+#endif
|
|
|
|
MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>");
|
|
MODULE_DESCRIPTION("Xtables: DSCP/TOS field modification");
|
|
@@ -31,6 +34,10 @@ dscp_tg(struct sk_buff *skb, const struc
|
|
{
|
|
const struct xt_DSCP_info *dinfo = par->targinfo;
|
|
u_int8_t dscp = ipv4_get_dsfield(ip_hdr(skb)) >> XT_DSCP_SHIFT;
|
|
+#ifdef CONFIG_NF_CONNTRACK_DSCPREMARK_EXT
|
|
+ struct nf_conn *ct;
|
|
+ enum ip_conntrack_info ctinfo;
|
|
+#endif
|
|
|
|
if (dscp != dinfo->dscp) {
|
|
if (skb_ensure_writable(skb, sizeof(struct iphdr)))
|
|
@@ -39,6 +46,13 @@ dscp_tg(struct sk_buff *skb, const struc
|
|
ipv4_change_dsfield(ip_hdr(skb), XT_DSCP_ECN_MASK,
|
|
dinfo->dscp << XT_DSCP_SHIFT);
|
|
|
|
+#ifdef CONFIG_NF_CONNTRACK_DSCPREMARK_EXT
|
|
+ ct = nf_ct_get(skb, &ctinfo);
|
|
+ if (!ct)
|
|
+ return XT_CONTINUE;
|
|
+
|
|
+ nf_conntrack_dscpremark_ext_set_dscp_rule_valid(ct);
|
|
+#endif
|
|
}
|
|
return XT_CONTINUE;
|
|
}
|
|
@@ -48,13 +62,24 @@ dscp_tg6(struct sk_buff *skb, const stru
|
|
{
|
|
const struct xt_DSCP_info *dinfo = par->targinfo;
|
|
u_int8_t dscp = ipv6_get_dsfield(ipv6_hdr(skb)) >> XT_DSCP_SHIFT;
|
|
-
|
|
+#ifdef CONFIG_NF_CONNTRACK_DSCPREMARK_EXT
|
|
+ struct nf_conn *ct;
|
|
+ enum ip_conntrack_info ctinfo;
|
|
+#endif
|
|
if (dscp != dinfo->dscp) {
|
|
if (skb_ensure_writable(skb, sizeof(struct ipv6hdr)))
|
|
return NF_DROP;
|
|
|
|
ipv6_change_dsfield(ipv6_hdr(skb), XT_DSCP_ECN_MASK,
|
|
dinfo->dscp << XT_DSCP_SHIFT);
|
|
+
|
|
+#ifdef CONFIG_NF_CONNTRACK_DSCPREMARK_EXT
|
|
+ ct = nf_ct_get(skb, &ctinfo);
|
|
+ if (!ct)
|
|
+ return XT_CONTINUE;
|
|
+
|
|
+ nf_conntrack_dscpremark_ext_set_dscp_rule_valid(ct);
|
|
+#endif
|
|
}
|
|
return XT_CONTINUE;
|
|
}
|