--- a/ecm_classifier_default.c +++ b/ecm_classifier_default.c @@ -42,7 +42,6 @@ #include #include #include -#include #include #include #include --- a/ecm_classifier_dscp.c +++ b/ecm_classifier_dscp.c @@ -41,7 +41,6 @@ #include #include #include -#include #include #include #include --- a/ecm_classifier_hyfi.c +++ b/ecm_classifier_hyfi.c @@ -41,7 +41,6 @@ #include #include #include -#include #include #include #include --- a/ecm_classifier_nl.c +++ b/ecm_classifier_nl.c @@ -41,7 +41,6 @@ #include #include #include -#include #if (LINUX_VERSION_CODE <= KERNEL_VERSION(4, 2, 0)) #include #else @@ -146,12 +145,42 @@ static struct genl_multicast_group ecm_c }, }; +static int ecm_classifier_nl_genl_msg_ACCEL(struct sk_buff *skb, struct genl_info *info); +static int ecm_classifier_nl_genl_msg_DUMP(struct sk_buff *skb, struct netlink_callback *cb); + +/* + * Generic Netlink message-to-handler mapping + */ +static struct genl_ops ecm_cl_nl_genl_ops[] = { + { + .cmd = ECM_CL_NL_GENL_CMD_ACCEL, + .flags = 0, + .doit = ecm_classifier_nl_genl_msg_ACCEL, + .dumpit = NULL, + }, + { + .cmd = ECM_CL_NL_GENL_CMD_ACCEL_OK, + .flags = 0, + .doit = NULL, + .dumpit = ecm_classifier_nl_genl_msg_DUMP, + }, + { + .cmd = ECM_CL_NL_GENL_CMD_CONNECTION_CLOSED, + .flags = 0, + .doit = NULL, + .dumpit = ecm_classifier_nl_genl_msg_DUMP, + }, +}; + static struct genl_family ecm_cl_nl_genl_family = { - .id = GENL_ID_GENERATE, .hdrsize = 0, .name = ECM_CL_NL_GENL_NAME, .version = ECM_CL_NL_GENL_VERSION, .maxattr = ECM_CL_NL_GENL_ATTR_MAX, + .ops = ecm_cl_nl_genl_ops, + .n_ops = ARRAY_SIZE(ecm_cl_nl_genl_ops), + .mcgrps = ecm_cl_nl_genl_mcgrp, + .n_mcgrps = ARRAY_SIZE(ecm_cl_nl_genl_mcgrp), }; /* @@ -215,12 +244,7 @@ ecm_classifier_nl_send_genl_msg(enum ECM return ret; } - ret = genlmsg_end(skb, msg_head); - if (ret < 0) { - DEBUG_WARN("failed to finalize genl msg: %d\n", ret); - nlmsg_free(skb); - return ret; - } + genlmsg_end(skb, msg_head); /* genlmsg_multicast frees the skb in both success and error cases */ #if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 13, 0) @@ -1377,85 +1401,14 @@ static struct file_operations ecm_classi .write = ecm_classifier_nl_set_command, }; -/* - * Generic Netlink attr checking policies - */ -static struct nla_policy -ecm_cl_nl_genl_policy[ECM_CL_NL_GENL_ATTR_COUNT] = { - [ECM_CL_NL_GENL_ATTR_TUPLE] = { - .type = NLA_UNSPEC, - .len = sizeof(struct ecm_cl_nl_genl_attr_tuple), }, -}; - -/* - * Generic Netlink message-to-handler mapping - */ -static struct genl_ops ecm_cl_nl_genl_ops[] = { - { - .cmd = ECM_CL_NL_GENL_CMD_ACCEL, - .flags = 0, - .policy = ecm_cl_nl_genl_policy, - .doit = ecm_classifier_nl_genl_msg_ACCEL, - .dumpit = NULL, - }, - { - .cmd = ECM_CL_NL_GENL_CMD_ACCEL_OK, - .flags = 0, - .policy = ecm_cl_nl_genl_policy, - .doit = NULL, - .dumpit = ecm_classifier_nl_genl_msg_DUMP, - }, - { - .cmd = ECM_CL_NL_GENL_CMD_CONNECTION_CLOSED, - .flags = 0, - .policy = ecm_cl_nl_genl_policy, - .doit = NULL, - .dumpit = ecm_classifier_nl_genl_msg_DUMP, - }, -}; - static int ecm_classifier_nl_register_genl(void) { int result; -#if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 13, 0) - result = genl_register_family_with_ops_groups(&ecm_cl_nl_genl_family, - ecm_cl_nl_genl_ops, - ecm_cl_nl_genl_mcgrp); - if (result != 0) { - DEBUG_ERROR("failed to register genl ops: %d\n", result); - return result; - } -#else result = genl_register_family(&ecm_cl_nl_genl_family); - if (result != 0) { + if (result != 0) DEBUG_ERROR("failed to register genl family: %d\n", result); - goto err1; - } - - result = genl_register_ops(&ecm_cl_nl_genl_family, - ecm_cl_nl_genl_ops); - if (result != 0) { - DEBUG_ERROR("failed to register genl ops: %d\n", result); - goto err2; - } - - result = genl_register_mc_group(&ecm_cl_nl_genl_family, - ecm_cl_nl_genl_mcgrp); - if (result != 0) { - DEBUG_ERROR("failed to register genl multicast group: %d\n", - result); - goto err3; - } - - return 0; -err3: - genl_unregister_ops(&ecm_cl_nl_genl_family, ecm_cl_nl_genl_ops); -err2: - genl_unregister_family(&ecm_cl_nl_genl_family); -err1: -#endif return result; } --- a/ecm_classifier_pcc.c +++ b/ecm_classifier_pcc.c @@ -49,7 +49,6 @@ #include #include #include -#include #include #include #include --- a/ecm_conntrack_notifier.c +++ b/ecm_conntrack_notifier.c @@ -51,7 +51,6 @@ #include #include #include -#include #include #include #include @@ -345,14 +344,6 @@ static int ecm_conntrack_event(unsigned return NOTIFY_DONE; } - /* - * Special untracked connection is not monitored - */ - if (ct == &nf_conntrack_untracked) { - DEBUG_TRACE("Fake connection event - ignoring\n"); - return NOTIFY_DONE; - } - /* * Only interested if this is IPv4 or IPv6. */ --- a/ecm_db/ecm_db.c +++ b/ecm_db/ecm_db.c @@ -42,7 +42,6 @@ #include #include #include -#include #include #include #include --- a/ecm_db/ecm_db_connection.c +++ b/ecm_db/ecm_db_connection.c @@ -41,7 +41,6 @@ #include #include #include -#include #include #include #include --- a/ecm_db/ecm_db_host.c +++ b/ecm_db/ecm_db_host.c @@ -41,7 +41,6 @@ #include #include #include -#include #include #include #include --- a/ecm_db/ecm_db_iface.c +++ b/ecm_db/ecm_db_iface.c @@ -41,7 +41,6 @@ #include #include #include -#include #include #include #include --- a/ecm_db/ecm_db_listener.c +++ b/ecm_db/ecm_db_listener.c @@ -41,7 +41,6 @@ #include #include #include -#include #include #include #include --- a/ecm_db/ecm_db_mapping.c +++ b/ecm_db/ecm_db_mapping.c @@ -41,7 +41,6 @@ #include #include #include -#include #include #include #include --- a/ecm_db/ecm_db_multicast.c +++ b/ecm_db/ecm_db_multicast.c @@ -42,7 +42,6 @@ #include #include #include -#include #include #include #include --- a/ecm_db/ecm_db_node.c +++ b/ecm_db/ecm_db_node.c @@ -41,7 +41,6 @@ #include #include #include -#include #include #include #include --- a/ecm_db/ecm_db_timer.c +++ b/ecm_db/ecm_db_timer.c @@ -42,7 +42,6 @@ #include #include #include -#include #include #include #include @@ -387,7 +386,7 @@ EXPORT_SYMBOL(ecm_db_time_get); * Manage expiration of connections * NOTE: This is softirq context */ -static void ecm_db_timer_callback(unsigned long data) +static void ecm_db_timer_callback(struct timer_list *arg) { uint32_t timer; @@ -425,9 +424,7 @@ void ecm_db_timer_init(void) /* * Set a timer to manage cleanup of expired connections */ - init_timer(&ecm_db_timer); - ecm_db_timer.function = ecm_db_timer_callback; - ecm_db_timer.data = 0; + timer_setup(&ecm_db_timer, ecm_db_timer_callback, 0); ecm_db_timer.expires = jiffies + HZ; add_timer(&ecm_db_timer); --- a/ecm_interface.c +++ b/ecm_interface.c @@ -66,7 +66,6 @@ #include #include #include -#include #include #include #include @@ -537,7 +536,7 @@ static bool ecm_interface_find_gateway_ipv4(ip_addr_t addr, ip_addr_t gw_addr) return false; } - ECM_NIN4_ADDR_TO_IP_ADDR(gw_addr, rt->rt_gateway) + ECM_NIN4_ADDR_TO_IP_ADDR(gw_addr, rt->rt_gw4) ecm_interface_route_release(&ecm_rt); return true; } @@ -596,7 +595,7 @@ static bool ecm_interface_mac_addr_get_ipv4(ip_addr_t addr, uint8_t *mac_addr, b if (rt->rt_uses_gateway || (rt->rt_flags & RTF_GATEWAY)) { #endif *on_link = false; - ECM_NIN4_ADDR_TO_IP_ADDR(gw_addr, rt->rt_gateway) + ECM_NIN4_ADDR_TO_IP_ADDR(gw_addr, rt->rt_gw4) } else { *on_link = true; } @@ -1003,7 +1002,7 @@ static bool ecm_interface_find_route_by_addr_ipv6(ip_addr_t addr, struct ecm_int * Get a route to the given IP address, this will allow us to also find the interface * it is using to communicate with that IP address. */ - ecm_rt->rt.rtv6 = rt6_lookup(&init_net, &naddr, NULL, 0, 0); + ecm_rt->rt.rtv6 = rt6_lookup(&init_net, &naddr, NULL, 0, NULL, 0); if (!ecm_rt->rt.rtv6) { DEBUG_TRACE("No output route to: " ECM_IP_ADDR_OCTAL_FMT "\n", ECM_IP_ADDR_TO_OCTAL(addr)); return NULL; @@ -1077,7 +1076,7 @@ void ecm_interface_send_neighbour_solicitation(struct net_device *dev, ip_addr_t /* * Find the route entry */ - rt6i = rt6_lookup(netf, &dst_addr, NULL, 0, 0); + rt6i = rt6_lookup(netf, &dst_addr, NULL, 0, NULL, 0); if (!rt6i) { DEBUG_TRACE("IPv6 Route lookup failure for destination IPv6 address " ECM_IP_ADDR_OCTAL_FMT "\n", ECM_IP_ADDR_TO_OCTAL(addr)); return; @@ -1104,7 +1103,7 @@ void ecm_interface_send_neighbour_solicitation(struct net_device *dev, ip_addr_t #if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 4, 0)) ndisc_send_ns(dev, neigh, &dst_addr, &mc_dst_addr, &src_addr); #else - ndisc_send_ns(dev, &dst_addr, &mc_dst_addr, &src_addr); + ndisc_send_ns(dev, &dst_addr, &mc_dst_addr, &src_addr, 0); #endif neigh_release(neigh); dst_release(&rt6i->dst); @@ -1194,7 +1193,7 @@ struct neighbour *ecm_interface_ipv6_neigh_get(ip_addr_t addr) struct in6_addr ipv6_addr; ECM_IP_ADDR_TO_NIN6_ADDR(ipv6_addr, addr); - rt = rt6_lookup(&init_net, &ipv6_addr, NULL, 0, 0); + rt = rt6_lookup(&init_net, &ipv6_addr, NULL, 0, NULL, 0); if (!rt) { return NULL; } @@ -1220,7 +1219,7 @@ bool ecm_interface_is_pptp(struct sk_buff *skb, const struct net_device *out) * skip first pass of l2tp/pptp tunnel encapsulated traffic */ if (out->type == ARPHRD_PPP) { - if (out->priv_flags & IFF_PPP_PPTP) { + if (out->priv_flags_qca_ecm & IFF_QCA_ECM_PPP_PPTP) { return true; } } @@ -1231,7 +1230,7 @@ bool ecm_interface_is_pptp(struct sk_buff *skb, const struct net_device *out) } if (in->type == ARPHRD_PPP) { - if (in->priv_flags & IFF_PPP_PPTP) { + if (in->priv_flags_qca_ecm & IFF_QCA_ECM_PPP_PPTP) { dev_put(in); return true; } @@ -1256,10 +1255,10 @@ bool ecm_interface_is_l2tp_packet_by_version(struct sk_buff *skb, const struct n switch (ver) { case 2: - flag = IFF_PPP_L2TPV2; + flag = IFF_QCA_ECM_PPP_L2TPV2; break; case 3: - flag = IFF_PPP_L2TPV3; + flag = IFF_QCA_ECM_PPP_L2TPV3; break; default: break; @@ -1268,10 +1267,8 @@ bool ecm_interface_is_l2tp_packet_by_version(struct sk_buff *skb, const struct n /* * skip first pass of l2tp/pptp tunnel encapsulated traffic */ - if (out->type == ARPHRD_PPP) { - if (out->priv_flags & flag) { - return true; - } + if (out->priv_flags_qca_ecm & flag) { + return true; } in = dev_get_by_index(&init_net, skb->skb_iif); @@ -1279,11 +1276,9 @@ bool ecm_interface_is_l2tp_packet_by_version(struct sk_buff *skb, const struct n return true; } - if (in->type == ARPHRD_PPP) { - if (in->priv_flags & flag) { - dev_put(in); - return true; - } + if (out->priv_flags_qca_ecm & flag) { + dev_put(in); + return true; } dev_put(in); @@ -1304,11 +1299,9 @@ bool ecm_interface_is_l2tp_pptp(struct sk_buff *skb, const struct net_device *ou /* * skip first pass of l2tp/pptp tunnel encapsulated traffic */ - if (out->type == ARPHRD_PPP) { - if (out->priv_flags & (IFF_PPP_L2TPV2 | IFF_PPP_L2TPV3 | - IFF_PPP_PPTP)) { - return true; - } + if (out->priv_flags_qca_ecm & (IFF_QCA_ECM_PPP_L2TPV2 | IFF_QCA_ECM_PPP_L2TPV3 | + IFF_QCA_ECM_PPP_PPTP)) { + return true; } in = dev_get_by_index(&init_net, skb->skb_iif); @@ -1316,12 +1309,10 @@ bool ecm_interface_is_l2tp_pptp(struct sk_buff *skb, const struct net_device *ou return true; } - if (in->type == ARPHRD_PPP) { - if (in->priv_flags & (IFF_PPP_L2TPV2 | IFF_PPP_L2TPV3 | - IFF_PPP_PPTP)) { - dev_put(in); - return true; - } + if (out->priv_flags_qca_ecm & (IFF_QCA_ECM_PPP_L2TPV2 | IFF_QCA_ECM_PPP_L2TPV3 | + IFF_QCA_ECM_PPP_PPTP)) { + dev_put(in); + return true; } dev_put(in); @@ -2416,7 +2407,7 @@ struct ecm_db_iface_instance *ecm_interface_establish_and_ref(struct ecm_front_e /* * GRE TAP? */ - if (dev->priv_flags & (IFF_GRE_V4_TAP | IFF_GRE_V6_TAP)) { + if (dev->priv_flags_qca_ecm & (IFF_QCA_ECM_GRE_V4_TAP | IFF_QCA_ECM_GRE_V6_TAP)) { interface_type = feci->ae_interface_type_get(feci, dev); ae_interface_num = feci->ae_interface_number_by_dev_type_get(dev, interface_type); @@ -2680,7 +2671,7 @@ identifier_update: /* * OVPN Tunnel? */ - if ((dev_type == ARPHRD_NONE) && (dev->priv_flags & IFF_TUN_TAP)) { + if ((dev_type == ARPHRD_NONE) && (dev->priv_flags_qca_ecm & IFF_QCA_ECM_TUN_TAP)) { struct net_device *tun_dev = NULL; ip_addr_t saddr, daddr; @@ -2746,7 +2737,7 @@ identifier_update: * ppp_is_multilink() and ppp_hold_channels() which acquire same lock */ - if ((dev->priv_flags & IFF_PPP_L2TPV2) && ppp_is_xmit_locked(dev)) { + if ((dev->priv_flags_qca_ecm & IFF_QCA_ECM_PPP_L2TPV2) && ppp_is_xmit_locked(dev)) { if (skb && (skb->skb_iif == dev->ifindex)) { struct pppol2tp_common_addr info; @@ -2804,7 +2795,7 @@ identifier_update: #endif #ifdef ECM_INTERFACE_PPTP_ENABLE - if ((protocol == IPPROTO_GRE) && skb && v4_hdr && (dev->priv_flags & IFF_PPP_PPTP)) { + if ((protocol == IPPROTO_GRE) && skb && v4_hdr && (dev->priv_flags_qca_ecm & IFF_QCA_ECM_PPP_PPTP)) { struct gre_hdr_pptp *gre_hdr; uint16_t proto; int ret; @@ -3972,7 +3963,7 @@ int32_t ecm_interface_heirarchy_construct(struct ecm_front_end_connection_instan if (((ip_version == 4) && (protocol == IPPROTO_IPV6)) || ((ip_version == 6) && (protocol == IPPROTO_IPIP)) || (protocol == IPPROTO_GRE) || - ((given_dest_dev->type == ARPHRD_NONE) && (given_dest_dev->priv_flags & IFF_TUN_TAP))) { + ((given_dest_dev->type == ARPHRD_NONE) && (given_dest_dev->priv_flags_qca_ecm & IFF_QCA_ECM_TUN_TAP))) { dev_put(dest_dev); dest_dev = given_dest_dev; if (dest_dev) { @@ -3991,7 +3982,7 @@ int32_t ecm_interface_heirarchy_construct(struct ecm_front_end_connection_instan /* * if the address is a local address and indev=l2tp. */ - if ((given_src_dev->type == ARPHRD_PPP) && (given_src_dev->priv_flags & IFF_PPP_L2TPV2) && ppp_is_xmit_locked(given_src_dev)) { + if ((given_src_dev->type == ARPHRD_PPP) && (given_src_dev->priv_flags_qca_ecm & IFF_QCA_ECM_PPP_L2TPV2) && ppp_is_xmit_locked(given_src_dev)) { dev_put(dest_dev); dest_dev = given_dest_dev; if (dest_dev) { @@ -4005,7 +3996,7 @@ int32_t ecm_interface_heirarchy_construct(struct ecm_front_end_connection_instan /* * if the address is a local address and indev=PPTP. */ - if (protocol == IPPROTO_GRE && given_dest_dev && (given_dest_dev->priv_flags & IFF_PPP_PPTP)){ + if (protocol == IPPROTO_GRE && given_dest_dev && (given_dest_dev->priv_flags_qca_ecm & IFF_QCA_ECM_PPP_PPTP)){ dev_put(dest_dev); dest_dev = given_dest_dev; if (dest_dev) { @@ -4054,7 +4045,7 @@ int32_t ecm_interface_heirarchy_construct(struct ecm_front_end_connection_instan if (((ip_version == 4) && (protocol == IPPROTO_IPV6)) || ((ip_version == 6) && (protocol == IPPROTO_IPIP)) || (protocol == IPPROTO_GRE) || - ((given_src_dev->type == ARPHRD_NONE) && (given_src_dev->priv_flags & IFF_TUN_TAP))) { + ((given_src_dev->type == ARPHRD_NONE) && (given_src_dev->priv_flags_qca_ecm & IFF_QCA_ECM_TUN_TAP))) { dev_put(src_dev); src_dev = given_src_dev; if (src_dev) { @@ -4504,7 +4495,7 @@ lag_success: /* * OVPN ? */ - if ((dest_dev_type == ARPHRD_NONE) && (dest_dev->priv_flags & IFF_TUN_TAP)) { + if ((dest_dev_type == ARPHRD_NONE) && (dest_dev->priv_flags_qca_ecm & IFF_QCA_ECM_TUN_TAP)) { DEBUG_TRACE("Net device: %p is OVPN, device name: %s\n", dest_dev, dest_dev->name); break; } @@ -4523,7 +4514,7 @@ lag_success: DEBUG_TRACE("%p: Net device: %p is PPP\n", feci, dest_dev); #ifdef ECM_INTERFACE_L2TPV2_ENABLE - if ((given_src_dev->priv_flags & IFF_PPP_L2TPV2) && ppp_is_xmit_locked(given_src_dev)) { + if ((given_src_dev->priv_flags_qca_ecm & IFF_QCA_ECM_PPP_L2TPV2) && ppp_is_xmit_locked(given_src_dev)) { if (skb->skb_iif == dest_dev->ifindex) { DEBUG_TRACE("%p: Net device: %p PPP channel is PPPoL2TPV2\n", feci, dest_dev); break; @@ -4532,7 +4523,7 @@ lag_success: #endif #ifdef ECM_INTERFACE_PPTP_ENABLE - if (protocol == IPPROTO_GRE && dest_dev && (dest_dev->priv_flags & IFF_PPP_PPTP)) { + if (protocol == IPPROTO_GRE && dest_dev && (dest_dev->priv_flags_qca_ecm & IFF_QCA_ECM_PPP_PPTP)) { DEBUG_TRACE("%p: Net device: %p PPP channel is PPTP\n", feci, dest_dev); break; } @@ -4798,7 +4789,7 @@ int32_t ecm_interface_multicast_from_heirarchy_construct(struct ecm_front_end_co /* * if the address is a local address and indev=l2tp. */ - if ((given_src_dev->type == ARPHRD_PPP) && (given_src_dev->priv_flags & IFF_PPP_L2TPV2) && ppp_is_xmit_locked(given_src_dev)) { + if ((given_src_dev->type == ARPHRD_PPP) && (given_src_dev->priv_flags_qca_ecm & IFF_QCA_ECM_PPP_L2TPV2) && ppp_is_xmit_locked(given_src_dev)) { dev_put(dest_dev); dest_dev = given_dest_dev; if (dest_dev) { @@ -5265,7 +5256,7 @@ int32_t ecm_interface_multicast_from_heirarchy_construct(struct ecm_front_end_co DEBUG_TRACE("Net device: %p is PPP\n", dest_dev); #ifdef ECM_INTERFACE_L2TPV2_ENABLE - if ((given_src_dev->priv_flags & IFF_PPP_L2TPV2) && ppp_is_xmit_locked(given_src_dev)) { + if ((given_src_dev->priv_flags_qca_ecm & IFF_QCA_ECM_PPP_L2TPV2) && ppp_is_xmit_locked(given_src_dev)) { if (skb->skb_iif == dest_dev->ifindex) { DEBUG_TRACE("Net device: %p PPP channel is PPPoL2TPV2\n", dest_dev); break; @@ -6520,7 +6511,7 @@ static int ecm_interface_wifi_event_rx(struct socket *sock, struct sockaddr_nl * #endif oldfs = get_fs(); set_fs(KERNEL_DS); - size = sock_recvmsg(sock, &msg, len, msg.msg_flags); + size = sock_recvmsg(sock, &msg, msg.msg_flags); set_fs(oldfs); return size; @@ -6609,7 +6600,7 @@ int ecm_interface_wifi_event_stop(void) } DEBUG_INFO("kill ecm_interface_wifi_event thread\n"); - force_sig(SIGKILL, __ewn.thread); + send_sig(SIGKILL, __ewn.thread, 1); err = kthread_stop(__ewn.thread); __ewn.thread = NULL; --- a/ecm_tracker.c +++ b/ecm_tracker.c @@ -43,7 +43,6 @@ #include #include #include -#include #include #include #include --- a/ecm_tracker_datagram.c +++ b/ecm_tracker_datagram.c @@ -43,7 +43,6 @@ #include #include #include -#include #include #include #include --- a/ecm_tracker_tcp.c +++ b/ecm_tracker_tcp.c @@ -43,7 +43,6 @@ #include #include #include -#include #include #include #include @@ -1143,7 +1142,7 @@ static bool ecm_tracker_tcp_extract_mss( const u8 *hash_location; tcp_parse_options(skb, &opt_rx, &hash_location, 0); #elif (LINUX_VERSION_CODE >= KERNEL_VERSION(3,10,0)) - tcp_parse_options(skb, &opt_rx, 0, NULL); + tcp_parse_options(&init_net, skb, &opt_rx, 0, NULL); #else #error "Unsupported kernel version for tcp_parse_options()" #endif --- a/ecm_tracker_udp.c +++ b/ecm_tracker_udp.c @@ -43,7 +43,6 @@ #include #include #include -#include #include #include #include --- a/frontends/ecm_front_end_ipv4.c +++ b/frontends/ecm_front_end_ipv4.c @@ -215,7 +215,7 @@ bool ecm_front_end_ipv4_interface_constr * behind a gateway. */ DEBUG_TRACE("Gateway address will be looked up overwrite the rt_dst_addr\n"); - ECM_NIN4_ADDR_TO_IP_ADDR(rt_dst_addr, rt->rt_gateway) + ECM_NIN4_ADDR_TO_IP_ADDR(rt_dst_addr, rt->rt_gw4) gateway = true; } --- a/frontends/include/ecm_front_end_common.h +++ b/frontends/include/ecm_front_end_common.h @@ -98,13 +98,6 @@ static inline bool ecm_front_end_acceler return false; } - if (unlikely(nf_ct_is_untracked(ct))) { - /* - * Untracked traffic certainly can't be accelerated. - */ - return true; - } - #if (LINUX_VERSION_CODE <= KERNEL_VERSION(3, 6, 0)) acct = nf_conn_acct_find(ct); #else --- a/frontends/nss/ecm_nss_bond_notifier.c +++ b/frontends/nss/ecm_nss_bond_notifier.c @@ -52,7 +52,6 @@ #include #include #include -#include #include #include #include --- a/frontends/nss/ecm_nss_common.h +++ b/frontends/nss/ecm_nss_common.h @@ -144,7 +144,7 @@ static inline int32_t ecm_nss_common_get_interface_type(struct ecm_front_end_con /* * If device is not GRETAP then return NONE. */ - if (!(dev->priv_flags & (IFF_GRE_V4_TAP | IFF_GRE_V6_TAP))) { + if (!(dev->priv_flags_qca_ecm & (IFF_QCA_ECM_GRE_V4_TAP | IFF_QCA_ECM_GRE_V6_TAP))) { break; } #endif --- a/frontends/nss/ecm_nss_ipv4.c +++ b/frontends/nss/ecm_nss_ipv4.c @@ -48,7 +48,6 @@ #include #include #include -#include #if (LINUX_VERSION_CODE <= KERNEL_VERSION(4, 2, 0)) #include #else @@ -1053,7 +1052,7 @@ static unsigned int ecm_nss_ipv4_ip_process(struct net_device *out_dev, struct n * If any of the input or output interface is a GRE V4 TAP/TUN interface * we can continue to accelerate it. */ - if ((in_dev->priv_flags & IFF_GRE_V4_TAP) || (out_dev->priv_flags & IFF_GRE_V4_TAP)) { + if ((in_dev->priv_flags_qca_ecm & IFF_QCA_ECM_GRE_V4_TAP) || (out_dev->priv_flags_qca_ecm & IFF_QCA_ECM_GRE_V4_TAP)) { #ifndef ECM_INTERFACE_GRE_TAP_ENABLE DEBUG_TRACE("GRE TAP acceleration is disabled\n"); return NF_ACCEPT; @@ -1082,7 +1081,7 @@ static unsigned int ecm_nss_ipv4_ip_process(struct net_device *out_dev, struct n reply_tuple.dst.u3.ip = orig_tuple.src.u3.ip; sender = ECM_TRACKER_SENDER_TYPE_SRC; } else { - if (unlikely(ct == &nf_conntrack_untracked)) { + if (unlikely(ctinfo == IP_CT_UNTRACKED)) { DEBUG_TRACE("%p: ct: untracked\n", skb); return NF_ACCEPT; } @@ -2097,7 +2096,6 @@ sync_conntrack: } ct = nf_ct_tuplehash_to_ctrack(h); - NF_CT_ASSERT(ct->timeout.data == (unsigned long)ct); DEBUG_TRACE("%p: NSS Sync: conntrack connection\n", ct); ecm_front_end_flow_and_return_directions_get(ct, flow_ip, 4, &flow_dir, &return_dir); @@ -2108,7 +2106,7 @@ sync_conntrack: */ if (!test_bit(IPS_FIXED_TIMEOUT_BIT, &ct->status)) { spin_lock_bh(&ct->lock); - ct->timeout.expires += delta_jiffies; + ct->timeout += delta_jiffies; spin_unlock_bh(&ct->lock); } @@ -2166,17 +2164,15 @@ sync_conntrack: u_int64_t reply_pkts = atomic64_read(&acct[IP_CT_DIR_REPLY].packets); if (reply_pkts != 0) { - struct nf_conntrack_l4proto *l4proto; unsigned int *timeouts; set_bit(IPS_SEEN_REPLY_BIT, &ct->status); set_bit(IPS_ASSURED_BIT, &ct->status); - l4proto = __nf_ct_l4proto_find(AF_INET, IPPROTO_UDP); - timeouts = nf_ct_timeout_lookup(&init_net, ct, l4proto); + timeouts = nf_ct_timeout_lookup(ct); spin_lock_bh(&ct->lock); - ct->timeout.expires = jiffies + timeouts[UDP_CT_REPLIED]; + ct->timeout = jiffies + timeouts[UDP_CT_REPLIED]; spin_unlock_bh(&ct->lock); } } @@ -2690,7 +2686,8 @@ int ecm_nss_ipv4_init(struct dentry *dentry) /* * Register netfilter hooks */ - result = nf_register_hooks(ecm_nss_ipv4_netfilter_hooks, ARRAY_SIZE(ecm_nss_ipv4_netfilter_hooks)); + result = nf_register_net_hooks(&init_net, ecm_nss_ipv4_netfilter_hooks, \ + ARRAY_SIZE(ecm_nss_ipv4_netfilter_hooks)); if (result < 0) { DEBUG_ERROR("Can't register netfilter hooks.\n"); nss_ipv4_notify_unregister(); @@ -2702,8 +2699,8 @@ int ecm_nss_ipv4_init(struct dentry *dentry) if (result < 0) { DEBUG_ERROR("Failed to init ecm ipv4 multicast frontend\n"); nss_ipv4_notify_unregister(); - nf_unregister_hooks(ecm_nss_ipv4_netfilter_hooks, - ARRAY_SIZE(ecm_nss_ipv4_netfilter_hooks)); + nf_unregister_net_hooks(&init_net, ecm_nss_ipv4_netfilter_hooks, + ARRAY_SIZE(ecm_nss_ipv4_netfilter_hooks)); goto task_cleanup; } #endif @@ -2714,8 +2711,8 @@ int ecm_nss_ipv4_init(struct dentry *dentry) #ifdef ECM_MULTICAST_ENABLE ecm_nss_multicast_ipv4_exit(); #endif - nf_unregister_hooks(ecm_nss_ipv4_netfilter_hooks, - ARRAY_SIZE(ecm_nss_ipv4_netfilter_hooks)); + nf_unregister_net_hooks(&init_net, ecm_nss_ipv4_netfilter_hooks, + ARRAY_SIZE(ecm_nss_ipv4_netfilter_hooks)); goto task_cleanup; } @@ -2742,8 +2739,8 @@ void ecm_nss_ipv4_exit(void) /* * Stop the network stack hooks */ - nf_unregister_hooks(ecm_nss_ipv4_netfilter_hooks, - ARRAY_SIZE(ecm_nss_ipv4_netfilter_hooks)); + nf_unregister_net_hooks(&init_net, ecm_nss_ipv4_netfilter_hooks, + ARRAY_SIZE(ecm_nss_ipv4_netfilter_hooks)); /* * Unregister from the Linux NSS Network driver --- a/frontends/nss/ecm_nss_ipv6.c +++ b/frontends/nss/ecm_nss_ipv6.c @@ -51,7 +51,6 @@ #include #include #include -#include #if (LINUX_VERSION_CODE <= KERNEL_VERSION(4, 2, 0)) #include #else @@ -1035,7 +1034,7 @@ static unsigned int ecm_nss_ipv6_ip_process(struct net_device *out_dev, struct n * If any of the input or output interface is a GRE V4 TAP/TUN interface * we can continue to accelerate it. */ - if ((in_dev->priv_flags & IFF_GRE_V4_TAP) || (out_dev->priv_flags & IFF_GRE_V4_TAP)) { + if ((in_dev->priv_flags_qca_ecm & IFF_QCA_ECM_GRE_V4_TAP) || (out_dev->priv_flags_qca_ecm & IFF_QCA_ECM_GRE_V4_TAP)) { #ifndef ECM_INTERFACE_GRE_TAP_ENABLE DEBUG_TRACE("GRE TAP acceleration is disabled\n"); return NF_ACCEPT; @@ -1064,7 +1063,7 @@ static unsigned int ecm_nss_ipv6_ip_process(struct net_device *out_dev, struct n ECM_IP_ADDR_TO_NIN6_ADDR(reply_tuple.dst.u3.in6, ip_hdr.src_addr); sender = ECM_TRACKER_SENDER_TYPE_SRC; } else { - if (unlikely(ct == &nf_conntrack_untracked)) { + if (unlikely(ctinfo == IP_CT_UNTRACKED)) { DEBUG_TRACE("%p: ct: untracked\n", skb); return NF_ACCEPT; } @@ -1809,7 +1808,6 @@ sync_conntrack: } ct = nf_ct_tuplehash_to_ctrack(h); - NF_CT_ASSERT(ct->timeout.data == (unsigned long)ct); DEBUG_TRACE("%p: NSS Sync: conntrack connection\n", ct); ecm_front_end_flow_and_return_directions_get(ct, flow_ip, 6, &flow_dir, &return_dir); @@ -1820,7 +1818,7 @@ sync_conntrack: */ if (!test_bit(IPS_FIXED_TIMEOUT_BIT, &ct->status)) { spin_lock_bh(&ct->lock); - ct->timeout.expires += delta_jiffies; + ct->timeout += delta_jiffies; spin_unlock_bh(&ct->lock); } @@ -1878,17 +1876,15 @@ sync_conntrack: u_int64_t reply_pkts = atomic64_read(&acct[IP_CT_DIR_REPLY].packets); if (reply_pkts != 0) { - struct nf_conntrack_l4proto *l4proto; unsigned int *timeouts; set_bit(IPS_SEEN_REPLY_BIT, &ct->status); set_bit(IPS_ASSURED_BIT, &ct->status); - l4proto = __nf_ct_l4proto_find(AF_INET6, IPPROTO_UDP); - timeouts = nf_ct_timeout_lookup(&init_net, ct, l4proto); + timeouts = nf_ct_timeout_lookup(ct); spin_lock_bh(&ct->lock); - ct->timeout.expires = jiffies + timeouts[UDP_CT_REPLIED]; + ct->timeout = jiffies + timeouts[UDP_CT_REPLIED]; spin_unlock_bh(&ct->lock); } } @@ -2402,7 +2398,7 @@ int ecm_nss_ipv6_init(struct dentry *dentry) /* * Register netfilter hooks */ - result = nf_register_hooks(ecm_nss_ipv6_netfilter_hooks, ARRAY_SIZE(ecm_nss_ipv6_netfilter_hooks)); + result = nf_register_net_hooks(&init_net, ecm_nss_ipv6_netfilter_hooks, ARRAY_SIZE(ecm_nss_ipv6_netfilter_hooks)); if (result < 0) { DEBUG_ERROR("Can't register netfilter hooks.\n"); nss_ipv6_notify_unregister(); @@ -2414,8 +2410,8 @@ int ecm_nss_ipv6_init(struct dentry *dentry) if (result < 0) { DEBUG_ERROR("Failed to init ecm ipv6 multicast frontend\n"); nss_ipv6_notify_unregister(); - nf_unregister_hooks(ecm_nss_ipv6_netfilter_hooks, - ARRAY_SIZE(ecm_nss_ipv6_netfilter_hooks)); + nf_unregister_net_hooks(&init_net, ecm_nss_ipv6_netfilter_hooks, + ARRAY_SIZE(ecm_nss_ipv6_netfilter_hooks)); goto task_cleanup; } #endif @@ -2426,8 +2422,8 @@ int ecm_nss_ipv6_init(struct dentry *dentry) #ifdef ECM_MULTICAST_ENABLE ecm_nss_multicast_ipv6_exit(); #endif - nf_unregister_hooks(ecm_nss_ipv6_netfilter_hooks, - ARRAY_SIZE(ecm_nss_ipv6_netfilter_hooks)); + nf_unregister_net_hooks(&init_net, ecm_nss_ipv6_netfilter_hooks, + ARRAY_SIZE(ecm_nss_ipv6_netfilter_hooks)); goto task_cleanup; } @@ -2453,8 +2449,8 @@ void ecm_nss_ipv6_exit(void) /* * Stop the network stack hooks */ - nf_unregister_hooks(ecm_nss_ipv6_netfilter_hooks, - ARRAY_SIZE(ecm_nss_ipv6_netfilter_hooks)); + nf_unregister_net_hooks(&init_net, ecm_nss_ipv6_netfilter_hooks, + ARRAY_SIZE(ecm_nss_ipv6_netfilter_hooks)); /* * Unregister from the Linux NSS Network driver --- a/frontends/nss/ecm_nss_multicast_ipv4.c +++ b/frontends/nss/ecm_nss_multicast_ipv4.c @@ -50,7 +50,6 @@ #include #include #include -#include #include #include #include --- a/frontends/nss/ecm_nss_multicast_ipv6.c +++ b/frontends/nss/ecm_nss_multicast_ipv6.c @@ -51,7 +51,6 @@ #include #include #include -#include #include #include #include --- a/frontends/nss/ecm_nss_non_ported_ipv4.c +++ b/frontends/nss/ecm_nss_non_ported_ipv4.c @@ -47,7 +47,6 @@ #include #include #include -#include #include #include #include @@ -640,7 +639,7 @@ static void ecm_nss_non_ported_ipv4_connection_accelerate(struct ecm_front_end_c #ifdef ECM_INTERFACE_GRE_TAP_ENABLE dev = dev_get_by_index(&init_net, ecm_db_iface_interface_identifier_get(ii)); if (dev) { - if (dev->priv_flags & IFF_GRE_V4_TAP) { + if (dev->priv_flags_qca_ecm & IFF_QCA_ECM_GRE_V4_TAP) { /* * Clear QOS_VALID to prevent outer rule from overwriting * inner flow's QoS classification. --- a/frontends/nss/ecm_nss_non_ported_ipv6.c +++ b/frontends/nss/ecm_nss_non_ported_ipv6.c @@ -47,7 +47,6 @@ #include #include #include -#include #include #include #include @@ -548,7 +547,7 @@ static void ecm_nss_non_ported_ipv6_connection_accelerate(struct ecm_front_end_c #ifdef ECM_INTERFACE_GRE_TAP_ENABLE dev = dev_get_by_index(&init_net, ecm_db_iface_interface_identifier_get(ii)); if (dev) { - if (dev->priv_flags & IFF_GRE_V6_TAP) { + if (dev->priv_flags_qca_ecm & IFF_QCA_ECM_GRE_V6_TAP) { /* * Clear QOS_VALID to prevent outer rule from overwriting * inner flow's QoS classification. --- a/frontends/nss/ecm_nss_ported_ipv4.c +++ b/frontends/nss/ecm_nss_ported_ipv4.c @@ -47,7 +47,6 @@ #include #include #include -#include #include #include #include --- a/frontends/nss/ecm_nss_ported_ipv6.c +++ b/frontends/nss/ecm_nss_ported_ipv6.c @@ -47,7 +47,6 @@ #include #include #include -#include #include #include #include @@ -1996,7 +1995,7 @@ unsigned int ecm_nss_ported_ipv6_process /* * Deny acceleration for L2TP-over-UDP tunnel */ - if ((in_dev->priv_flags & IFF_PPP_L2TPV2) && ppp_is_xmit_locked(in_dev)) { + if ((in_dev->priv_flags_qca_ecm & IFF_QCA_ECM_PPP_L2TPV2) && ppp_is_xmit_locked(in_dev)) { DEBUG_TRACE("Skip packets for L2TP tunnel in skb %p\n", skb); can_accel = false; } --- a/frontends/sfe/ecm_sfe_ipv4.c +++ b/frontends/sfe/ecm_sfe_ipv4.c @@ -47,7 +47,6 @@ #include #include #include -#include #if (LINUX_VERSION_CODE <= KERNEL_VERSION(4, 2, 0)) #include #else @@ -746,7 +745,8 @@ static unsigned int ecm_sfe_ipv4_ip_proc * If skb_dst(skb)->xfrm is not null, packet is to be encrypted by ipsec, we can't accelerate it. * If skb->sp is not null, packet is decrypted by ipsec. We only accelerate it when configuration didn't reject ipsec. */ - if (unlikely((skb_dst(skb) && skb_dst(skb)->xfrm) || (ecm_sfe_ipv4_reject_acceleration_for_ipsec && skb->sp))) { + if (unlikely((skb_dst(skb) && skb_dst(skb)->xfrm) || \ + (ecm_sfe_ipv4_reject_acceleration_for_ipsec && skb_ext_exist(skb, SKB_EXT_SEC_PATH)))) { DEBUG_TRACE("skip local ipsec flows\n"); return NF_ACCEPT; } @@ -762,7 +762,7 @@ static unsigned int ecm_sfe_ipv4_ip_process(struct net_device *out_dev, struct n reply_tuple.dst.u3.ip = orig_tuple.src.u3.ip; sender = ECM_TRACKER_SENDER_TYPE_SRC; } else { - if (unlikely(ct == &nf_conntrack_untracked)) { + if (unlikely(ctinfo == IP_CT_UNTRACKED)) { DEBUG_TRACE("%p: ct: untracked\n", skb); return NF_ACCEPT; } @@ -1531,7 +1526,6 @@ sync_conntrack: } ct = nf_ct_tuplehash_to_ctrack(h); - NF_CT_ASSERT(ct->timeout.data == (unsigned long)ct); DEBUG_TRACE("%p: SFE Sync: conntrack connection\n", ct); ecm_front_end_flow_and_return_directions_get(ct, flow_ip, 4, &flow_dir, &return_dir); @@ -1551,7 +1545,7 @@ sync_conntrack: delta_jiffies = ((sync->inc_ticks * HZ) + (MSEC_PER_SEC / 2)) / MSEC_PER_SEC; spin_lock_bh(&ct->lock); - ct->timeout.expires += delta_jiffies; + ct->timeout += delta_jiffies; spin_unlock_bh(&ct->lock); } @@ -1609,17 +1603,15 @@ sync_conntrack: u_int64_t reply_pkts = atomic64_read(&acct[IP_CT_DIR_REPLY].packets); if (reply_pkts != 0) { - struct nf_conntrack_l4proto *l4proto; unsigned int *timeouts; set_bit(IPS_SEEN_REPLY_BIT, &ct->status); set_bit(IPS_ASSURED_BIT, &ct->status); - l4proto = __nf_ct_l4proto_find(AF_INET, IPPROTO_UDP); - timeouts = nf_ct_timeout_lookup(&init_net, ct, l4proto); + timeouts = nf_ct_timeout_lookup(ct); spin_lock_bh(&ct->lock); - ct->timeout.expires = jiffies + timeouts[UDP_CT_REPLIED]; + ct->timeout = jiffies + timeouts[UDP_CT_REPLIED]; spin_unlock_bh(&ct->lock); } } @@ -1901,7 +1893,7 @@ int ecm_sfe_ipv4_init(struct dentry *den /* * Register netfilter hooks */ - result = nf_register_hooks(ecm_sfe_ipv4_netfilter_hooks, ARRAY_SIZE(ecm_sfe_ipv4_netfilter_hooks)); + result = nf_register_net_hooks(&init_net, ecm_sfe_ipv4_netfilter_hooks, ARRAY_SIZE(ecm_sfe_ipv4_netfilter_hooks)); if (result < 0) { DEBUG_ERROR("Can't register netfilter hooks.\n"); sfe_drv_ipv4_notify_unregister(); @@ -1934,8 +1926,8 @@ void ecm_sfe_ipv4_exit(void) /* * Stop the network stack hooks */ - nf_unregister_hooks(ecm_sfe_ipv4_netfilter_hooks, - ARRAY_SIZE(ecm_sfe_ipv4_netfilter_hooks)); + nf_unregister_net_hooks(&init_net, ecm_sfe_ipv4_netfilter_hooks, + ARRAY_SIZE(ecm_sfe_ipv4_netfilter_hooks)); /* * Unregister from the simulated sfe driver --- a/frontends/sfe/ecm_sfe_ipv6.c +++ b/frontends/sfe/ecm_sfe_ipv6.c @@ -51,7 +51,6 @@ #include #include #include -#include #if (LINUX_VERSION_CODE <= KERNEL_VERSION(4, 2, 0)) #include #else @@ -714,7 +713,8 @@ static unsigned int ecm_sfe_ipv6_ip_proc * If skb_dst(skb)->xfrm is not null, packet is to be encrypted by ipsec, we can't accelerate it. * If skb->sp is not null, packet is decrypted by ipsec. We only accelerate it when configuration didn't reject ipsec. */ - if (unlikely((skb_dst(skb) && skb_dst(skb)->xfrm) || (ecm_sfe_ipv6_reject_acceleration_for_ipsec && skb->sp))) { + if (unlikely((skb_dst(skb) && skb_dst(skb)->xfrm) || \ + (ecm_sfe_ipv6_reject_acceleration_for_ipsec && skb_ext_exist(skb, SKB_EXT_SEC_PATH)))) { DEBUG_TRACE("skip local ipsec flows\n"); return NF_ACCEPT; } @@ -733,7 +733,7 @@ static unsigned int ecm_sfe_ipv6_ip_proc ECM_IP_ADDR_TO_NIN6_ADDR(reply_tuple.dst.u3.in6, ip_hdr.src_addr); sender = ECM_TRACKER_SENDER_TYPE_SRC; } else { - if (unlikely(ct == &nf_conntrack_untracked)) { + if (unlikely(ctinfo == IP_CT_UNTRACKED)) { DEBUG_TRACE("%p: ct: untracked\n", skb); return NF_ACCEPT; } @@ -1255,7 +1255,6 @@ sync_conntrack: } ct = nf_ct_tuplehash_to_ctrack(h); - NF_CT_ASSERT(ct->timeout.data == (unsigned long)ct); DEBUG_TRACE("%p: SFE Sync: conntrack connection\n", ct); ecm_front_end_flow_and_return_directions_get(ct, flow_ip, 6, &flow_dir, &return_dir); @@ -1275,7 +1274,7 @@ sync_conntrack: delta_jiffies = ((sync->inc_ticks * HZ) + (MSEC_PER_SEC / 2)) / MSEC_PER_SEC; spin_lock_bh(&ct->lock); - ct->timeout.expires += delta_jiffies; + ct->timeout += delta_jiffies; spin_unlock_bh(&ct->lock); } #if (LINUX_VERSION_CODE <= KERNEL_VERSION(3,6,0)) @@ -1332,17 +1331,15 @@ sync_conntrack: u_int64_t reply_pkts = atomic64_read(&acct[IP_CT_DIR_REPLY].packets); if (reply_pkts != 0) { - struct nf_conntrack_l4proto *l4proto; unsigned int *timeouts; set_bit(IPS_SEEN_REPLY_BIT, &ct->status); set_bit(IPS_ASSURED_BIT, &ct->status); - l4proto = __nf_ct_l4proto_find(AF_INET6, IPPROTO_UDP); - timeouts = nf_ct_timeout_lookup(&init_net, ct, l4proto); + timeouts = nf_ct_timeout_lookup(ct); spin_lock_bh(&ct->lock); - ct->timeout.expires = jiffies + timeouts[UDP_CT_REPLIED]; + ct->timeout = jiffies + timeouts[UDP_CT_REPLIED]; spin_unlock_bh(&ct->lock); } } @@ -1624,7 +1621,7 @@ int ecm_sfe_ipv6_init(struct dentry *den /* * Register netfilter hooks */ - result = nf_register_hooks(ecm_sfe_ipv6_netfilter_hooks, ARRAY_SIZE(ecm_sfe_ipv6_netfilter_hooks)); + result = nf_register_net_hooks(&init_net, ecm_sfe_ipv6_netfilter_hooks, ARRAY_SIZE(ecm_sfe_ipv6_netfilter_hooks)); if (result < 0) { DEBUG_ERROR("Can't register netfilter hooks.\n"); sfe_drv_ipv6_notify_unregister(); @@ -1656,8 +1653,8 @@ void ecm_sfe_ipv6_exit(void) /* * Stop the network stack hooks */ - nf_unregister_hooks(ecm_sfe_ipv6_netfilter_hooks, - ARRAY_SIZE(ecm_sfe_ipv6_netfilter_hooks)); + nf_unregister_net_hooks(&init_net, ecm_sfe_ipv6_netfilter_hooks, + ARRAY_SIZE(ecm_sfe_ipv6_netfilter_hooks)); /* * Unregister from the Linux SFE Network driver --- a/frontends/sfe/ecm_sfe_non_ported_ipv4.c +++ b/frontends/sfe/ecm_sfe_non_ported_ipv4.c @@ -46,7 +46,6 @@ #include #include #include -#include #include #include #include @@ -1829,7 +1828,7 @@ unsigned int ecm_sfe_non_ported_ipv4_pro /* * Packet has been decrypted by ipsec, mark it in connection. */ - if (unlikely(skb->sp)) { + if (unlikely(skb_ext_exist(skb, SKB_EXT_SEC_PATH))) { ((struct ecm_sfe_non_ported_ipv4_connection_instance *)feci)->flow_ipsec_state = ECM_SFE_IPSEC_STATE_WAS_DECRYPTED; ((struct ecm_sfe_non_ported_ipv4_connection_instance *)feci)->return_ipsec_state = ECM_SFE_IPSEC_STATE_TO_ENCRYPT; } --- a/frontends/sfe/ecm_sfe_non_ported_ipv6.c +++ b/frontends/sfe/ecm_sfe_non_ported_ipv6.c @@ -47,7 +47,6 @@ #include #include #include -#include #include #include #include @@ -1710,7 +1709,7 @@ unsigned int ecm_sfe_non_ported_ipv6_pro /* * Packet has been decrypted by ipsec, mark it in connection. */ - if (unlikely(skb->sp)) { + if (unlikely(skb_ext_exist(skb, SKB_EXT_SEC_PATH))) { ((struct ecm_sfe_non_ported_ipv6_connection_instance *)feci)->flow_ipsec_state = ECM_SFE_IPSEC_STATE_WAS_DECRYPTED; ((struct ecm_sfe_non_ported_ipv6_connection_instance *)feci)->return_ipsec_state = ECM_SFE_IPSEC_STATE_TO_ENCRYPT; } --- a/frontends/sfe/ecm_sfe_ported_ipv4.c +++ b/frontends/sfe/ecm_sfe_ported_ipv4.c @@ -46,7 +46,6 @@ #include #include #include -#include #include #include #include @@ -2053,7 +2052,7 @@ unsigned int ecm_sfe_ported_ipv4_process /* * Packet has been decrypted by ipsec, mark it in connection. */ - if (unlikely(skb->sp)) { + if (unlikely(skb_ext_exist(skb, SKB_EXT_SEC_PATH))) { ((struct ecm_sfe_ported_ipv4_connection_instance *)feci)->flow_ipsec_state = ECM_SFE_IPSEC_STATE_WAS_DECRYPTED; ((struct ecm_sfe_ported_ipv4_connection_instance *)feci)->return_ipsec_state = ECM_SFE_IPSEC_STATE_TO_ENCRYPT; } --- a/frontends/sfe/ecm_sfe_ported_ipv6.c +++ b/frontends/sfe/ecm_sfe_ported_ipv6.c @@ -47,7 +47,6 @@ #include #include #include -#include #include #include #include @@ -1826,7 +1825,7 @@ unsigned int ecm_sfe_ported_ipv6_process /* * Deny acceleration for L2TP-over-UDP tunnel */ - if ((in_dev->priv_flags & IFF_PPP_L2TPV2) && ppp_is_xmit_locked(in_dev)) { + if ((in_dev->priv_flags_qca_ecm & IFF_QCA_ECM_PPP_L2TPV2) && ppp_is_xmit_locked(in_dev)) { DEBUG_TRACE("Skip packets for L2TP tunnel in skb %p\n", skb); can_accel = false; } @@ -1958,7 +1957,7 @@ unsigned int ecm_sfe_ported_ipv6_process /* * Packet has been decrypted by ipsec, mark it in connection. */ - if (unlikely(skb->sp)) { + if (unlikely(skb_ext_exist(skb, SKB_EXT_SEC_PATH))) { ((struct ecm_sfe_ported_ipv6_connection_instance *)feci)->flow_ipsec_state = ECM_SFE_IPSEC_STATE_WAS_DECRYPTED; ((struct ecm_sfe_ported_ipv6_connection_instance *)feci)->return_ipsec_state = ECM_SFE_IPSEC_STATE_TO_ENCRYPT; }