diff options
-rw-r--r-- | target/linux/generic-2.6/patches-2.6.25/150-netfilter_imq.patch | 652 | ||||
-rw-r--r-- | target/linux/generic-2.6/patches-2.6.26/150-netfilter_imq.patch | 608 |
2 files changed, 686 insertions, 574 deletions
diff --git a/target/linux/generic-2.6/patches-2.6.25/150-netfilter_imq.patch b/target/linux/generic-2.6/patches-2.6.25/150-netfilter_imq.patch index fbe2d91de..1524be12f 100644 --- a/target/linux/generic-2.6/patches-2.6.25/150-netfilter_imq.patch +++ b/target/linux/generic-2.6/patches-2.6.25/150-netfilter_imq.patch @@ -1,6 +1,183 @@ + + +--- + + drivers/net/Kconfig | 123 ++++++++ + drivers/net/Makefile | 1 + drivers/net/imq.c | 474 +++++++++++++++++++++++++++++++ + include/linux/imq.h | 9 + + include/linux/netfilter_ipv4/ipt_IMQ.h | 8 + + include/linux/netfilter_ipv6/ip6t_IMQ.h | 8 + + include/linux/skbuff.h | 8 + + net/core/dev.c | 9 + + net/ipv4/netfilter/Kconfig | 11 + + net/ipv4/netfilter/Makefile | 1 + net/ipv4/netfilter/ipt_IMQ.c | 69 +++++ + net/ipv6/netfilter/Kconfig | 9 + + net/ipv6/netfilter/Makefile | 1 + net/ipv6/netfilter/ip6t_IMQ.c | 69 +++++ + net/sched/sch_generic.c | 1 + 15 files changed, 800 insertions(+), 1 deletions(-) + create mode 100644 drivers/net/imq.c + create mode 100644 include/linux/imq.h + create mode 100644 include/linux/netfilter_ipv4/ipt_IMQ.h + create mode 100644 include/linux/netfilter_ipv6/ip6t_IMQ.h + create mode 100644 net/ipv4/netfilter/ipt_IMQ.c + create mode 100644 net/ipv6/netfilter/ip6t_IMQ.c + + +diff --git a/drivers/net/Kconfig b/drivers/net/Kconfig +index 3a0b20a..05c51e7 100644 +--- a/drivers/net/Kconfig ++++ b/drivers/net/Kconfig +@@ -117,6 +117,129 @@ config EQUALIZER + To compile this driver as a module, choose M here: the module + will be called eql. If unsure, say N. + ++config IMQ ++ tristate "IMQ (intermediate queueing device) support" ++ depends on NETDEVICES && NETFILTER ++ ---help--- ++ The IMQ device(s) is used as placeholder for QoS queueing ++ disciplines. Every packet entering/leaving the IP stack can be ++ directed through the IMQ device where it's enqueued/dequeued to the ++ attached qdisc. This allows you to treat network devices as classes ++ and distribute bandwidth among them. Iptables is used to specify ++ through which IMQ device, if any, packets travel. ++ ++ More information at: http://www.linuximq.net/ ++ ++ To compile this driver as a module, choose M here: the module ++ will be called imq. If unsure, say N. ++ ++choice ++ prompt "IMQ behavior (PRE/POSTROUTING)" ++ depends on IMQ ++ default IMQ_BEHAVIOR_BB ++ help ++ ++ This settings defines how IMQ behaves in respect to its ++ hooking in PREROUTING and POSTROUTING. ++ ++ IMQ can work in any of the following ways: ++ ++ PREROUTING | POSTROUTING ++ -----------------|------------------- ++ #1 After NAT | After NAT ++ #2 After NAT | Before NAT ++ #3 Before NAT | After NAT ++ #4 Before NAT | Before NAT ++ ++ The default behavior is to hook before NAT on PREROUTING ++ and after NAT on POSTROUTING (#3). ++ ++ This settings are specially usefull when trying to use IMQ ++ to shape NATed clients. ++ ++ More information can be found at: www.linuximq.net ++ ++ If not sure leave the default settings alone. ++ ++config IMQ_BEHAVIOR_AA ++ bool "IMQ AA" ++ help ++ This settings defines how IMQ behaves in respect to its ++ hooking in PREROUTING and POSTROUTING. ++ ++ Choosing this option will make IMQ hook like this: ++ ++ PREROUTING: After NAT ++ POSTROUTING: After NAT ++ ++ More information can be found at: www.linuximq.net ++ ++ If not sure leave the default settings alone. ++ ++config IMQ_BEHAVIOR_AB ++ bool "IMQ AB" ++ help ++ This settings defines how IMQ behaves in respect to its ++ hooking in PREROUTING and POSTROUTING. ++ ++ Choosing this option will make IMQ hook like this: ++ ++ PREROUTING: After NAT ++ POSTROUTING: Before NAT ++ ++ More information can be found at: www.linuximq.net ++ ++ If not sure leave the default settings alone. ++ ++config IMQ_BEHAVIOR_BA ++ bool "IMQ BA" ++ help ++ This settings defines how IMQ behaves in respect to its ++ hooking in PREROUTING and POSTROUTING. ++ ++ Choosing this option will make IMQ hook like this: ++ ++ PREROUTING: Before NAT ++ POSTROUTING: After NAT ++ ++ More information can be found at: www.linuximq.net ++ ++ If not sure leave the default settings alone. ++ ++config IMQ_BEHAVIOR_BB ++ bool "IMQ BB" ++ help ++ This settings defines how IMQ behaves in respect to its ++ hooking in PREROUTING and POSTROUTING. ++ ++ Choosing this option will make IMQ hook like this: ++ ++ PREROUTING: Before NAT ++ POSTROUTING: Before NAT ++ ++ More information can be found at: www.linuximq.net ++ ++ If not sure leave the default settings alone. ++ ++endchoice ++ ++config IMQ_NUM_DEVS ++ ++ int "Number of IMQ devices" ++ range 2 16 ++ depends on IMQ ++ default "16" ++ help ++ ++ This settings defines how many IMQ devices will be ++ created. ++ ++ The default value is 16. ++ ++ More information can be found at: www.linuximq.net ++ ++ If not sure leave the default settings alone. ++ + config TUN + tristate "Universal TUN/TAP device driver support" + select CRC32 +diff --git a/drivers/net/Makefile b/drivers/net/Makefile +index 3b1ea32..17d0575 100644 +--- a/drivers/net/Makefile ++++ b/drivers/net/Makefile +@@ -143,6 +143,7 @@ obj-$(CONFIG_SLHC) += slhc.o + obj-$(CONFIG_XEN_NETDEV_FRONTEND) += xen-netfront.o + + obj-$(CONFIG_DUMMY) += dummy.o ++obj-$(CONFIG_IMQ) += imq.o + obj-$(CONFIG_IFB) += ifb.o + obj-$(CONFIG_MACVLAN) += macvlan.o + obj-$(CONFIG_DE600) += de600.o +diff --git a/drivers/net/imq.c b/drivers/net/imq.c +new file mode 100644 +index 0000000..47c31b4 --- /dev/null +++ b/drivers/net/imq.c -@@ -0,0 +1,464 @@ +@@ -0,0 +1,474 @@ +/* + * Pseudo-driver for the intermediate queue device. + * @@ -54,6 +231,9 @@ + * qdisc_restart() and moved qdisc_run() to tasklet to avoid + * recursive locking. (Jussi Kivilinna) + * ++ * 2008/06/14 - New initialization routines to fix 'rmmod' not ++ * working anymore. Used code from ifb.c (Jussi Kivilinna) ++ * + * + * More info at: http://www.linuximq.net/ (Andre Correa) + */ @@ -134,10 +314,10 @@ +#if defined(CONFIG_IMQ_NUM_DEVS) +static unsigned int numdevs = CONFIG_IMQ_NUM_DEVS; +#else -+static unsigned int numdevs = 16; ++static unsigned int numdevs = IMQ_MAX_DEVS; +#endif + -+static struct net_device *imq_devs; ++static struct net_device *imq_devs_cache[IMQ_MAX_DEVS]; + +static struct net_device_stats *imq_get_stats(struct net_device *dev) +{ @@ -183,7 +363,23 @@ + if (index > numdevs) + return -1; + -+ dev = imq_devs + index; ++ /* check for imq device by index from cache */ ++ dev = imq_devs_cache[index]; ++ if (!dev) { ++ char buf[8]; ++ ++ /* get device by name and cache result */ ++ snprintf(buf, sizeof(buf), "imq%d", index); ++ dev = dev_get_by_name(&init_net, buf); ++ if (!dev) { ++ /* not found ?!*/ ++ BUG(); ++ return -1; ++ } ++ ++ imq_devs_cache[index] = dev; ++ } ++ + priv = netdev_priv(dev); + if (!(dev->flags & IFF_UP)) { + entry->skb->imq_flags = 0; @@ -213,11 +409,9 @@ + ret = 0; + } + } -+ -+ spin_unlock_bh(&dev->queue_lock); -+ + if (!test_and_set_bit(1, &priv->tasklet_pending)) + tasklet_schedule(&priv->tasklet); ++ spin_unlock_bh(&dev->queue_lock); + + if (skb2) + kfree_skb(ret ? entry->skb : skb2); @@ -237,9 +431,8 @@ + + spin_lock(&dev->queue_lock); + qdisc_run(dev); -+ spin_unlock(&dev->queue_lock); -+ + clear_bit(1, &priv->tasklet_pending); ++ spin_unlock(&dev->queue_lock); +} + +static unsigned int imq_nf_hook(unsigned int hook, struct sk_buff *pskb, @@ -273,6 +466,24 @@ + return 0; +} + ++static void imq_setup(struct net_device *dev) ++{ ++ dev->hard_start_xmit = imq_dev_xmit; ++ dev->open = imq_open; ++ dev->get_stats = imq_get_stats; ++ dev->stop = imq_close; ++ dev->type = ARPHRD_VOID; ++ dev->mtu = 16000; ++ dev->tx_queue_len = 11000; ++ dev->flags = IFF_NOARP; ++} ++ ++static struct rtnl_link_ops imq_link_ops __read_mostly = { ++ .kind = "imq", ++ .priv_size = sizeof(struct imq_private), ++ .setup = imq_setup, ++}; ++ +static int __init imq_init_hooks(void) +{ + int err; @@ -321,45 +532,33 @@ + return err; +} + -+static void __exit imq_unhook(void) ++static int __init imq_init_one(int index) +{ -+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) -+ nf_unregister_hook(&imq_ingress_ipv6); -+ nf_unregister_hook(&imq_egress_ipv6); -+ nf_unregister_queue_handler(PF_INET6, &nfqh); -+#endif -+ nf_unregister_hook(&imq_ingress_ipv4); -+ nf_unregister_hook(&imq_egress_ipv4); -+ nf_unregister_queue_handler(PF_INET, &nfqh); -+} -+ -+static int __init imq_dev_init(struct net_device *dev) -+{ -+ dev->hard_start_xmit = imq_dev_xmit; -+ dev->open = imq_open; -+ dev->get_stats = imq_get_stats; -+ dev->stop = imq_close; -+ dev->type = ARPHRD_VOID; -+ dev->mtu = 16000; -+ dev->tx_queue_len = 11000; -+ dev->flags = IFF_NOARP; ++ struct net_device *dev; ++ int ret; + -+ dev->priv = kzalloc(sizeof(struct imq_private), GFP_KERNEL); -+ if (dev->priv == NULL) ++ dev = alloc_netdev(sizeof(struct imq_private), "imq%d", imq_setup); ++ if (!dev) + return -ENOMEM; + -+ return 0; -+} ++ ret = dev_alloc_name(dev, dev->name); ++ if (ret < 0) ++ goto fail; + -+static void imq_dev_uninit(struct net_device *dev) -+{ -+ kfree(dev->priv); ++ dev->rtnl_link_ops = &imq_link_ops; ++ ret = register_netdevice(dev); ++ if (ret < 0) ++ goto fail; ++ ++ return 0; ++fail: ++ free_netdev(dev); ++ return ret; +} + -+static int __init imq_init_devs(struct net *net) ++static int __init imq_init_devs(void) +{ -+ struct net_device *dev; -+ int i, j; ++ int err, i; + + if (!numdevs || numdevs > IMQ_MAX_DEVS) { + printk(KERN_ERR "IMQ: numdevs has to be betweed 1 and %u\n", @@ -367,48 +566,26 @@ + return -EINVAL; + } + -+ imq_devs = kzalloc(sizeof(struct net_device) * numdevs, GFP_KERNEL); -+ if (!imq_devs) -+ return -ENOMEM; -+ -+ /* we start counting at zero */ -+ j = numdevs - 1; ++ rtnl_lock(); ++ err = __rtnl_link_register(&imq_link_ops); + -+ for (i = 0, dev = imq_devs; i <= j; i++, dev++) { -+ strcpy(dev->name, "imq%d"); -+ dev->init = imq_dev_init; -+ dev->uninit = imq_dev_uninit; -+ dev->nd_net = net; ++ for (i = 0; i < numdevs && !err; i++) ++ err = imq_init_one(i); + -+ if (register_netdev(dev) < 0) -+ goto err_register; ++ if (err) { ++ __rtnl_link_unregister(&imq_link_ops); ++ memset(imq_devs_cache, 0, sizeof(imq_devs_cache)); + } -+ printk(KERN_INFO "IMQ starting with %u devices...\n", numdevs); -+ return 0; -+ -+err_register: -+ for (; i; i--) -+ unregister_netdev(--dev); -+ kfree(imq_devs); -+ return -EIO; -+} -+ -+static void imq_cleanup_devs(void) -+{ -+ int i; -+ struct net_device *dev = imq_devs; -+ -+ for (i = 0; i <= numdevs; i++) -+ unregister_netdev(dev++); ++ rtnl_unlock(); + -+ kfree(imq_devs); ++ return err; +} + -+static __net_init int imq_init_module(struct net *net) ++static int __init imq_init_module(void) +{ + int err; + -+ err = imq_init_devs(net); ++ err = imq_init_devs(); + if (err) { + printk(KERN_ERR "IMQ: Error trying imq_init_devs(net)\n"); + return err; @@ -417,7 +594,8 @@ + err = imq_init_hooks(); + if (err) { + printk(KERN_ERR "IMQ: Error trying imq_init_hooks()\n"); -+ imq_cleanup_devs(); ++ rtnl_link_unregister(&imq_link_ops); ++ memset(imq_devs_cache, 0, sizeof(imq_devs_cache)); + return err; + } + @@ -437,25 +615,33 @@ + return 0; +} + -+static __net_exit void imq_exit_module(struct net *net) ++static void __exit imq_unhook(void) +{ -+ imq_unhook(); -+ imq_cleanup_devs(); -+ printk(KERN_INFO "IMQ driver unloaded successfully.\n"); ++#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) ++ nf_unregister_hook(&imq_ingress_ipv6); ++ nf_unregister_hook(&imq_egress_ipv6); ++ nf_unregister_queue_handler(PF_INET6, &nfqh); ++#endif ++ nf_unregister_hook(&imq_ingress_ipv4); ++ nf_unregister_hook(&imq_egress_ipv4); ++ nf_unregister_queue_handler(PF_INET, &nfqh); +} + -+static struct pernet_operations __net_initdata imq_net_ops = { -+ .init = imq_init_module, -+ .exit = imq_exit_module, -+}; ++static void __exit imq_cleanup_devs(void) ++{ ++ rtnl_link_unregister(&imq_link_ops); ++ memset(imq_devs_cache, 0, sizeof(imq_devs_cache)); ++} + -+static int __init imq_init(void) ++static void __exit imq_exit_module(void) +{ -+ return register_pernet_device(&imq_net_ops); ++ imq_unhook(); ++ imq_cleanup_devs(); ++ printk(KERN_INFO "IMQ driver unloaded successfully.\n"); +} + -+module_init(imq_init); -+/*module_exit(imq_cleanup_module);*/ ++module_init(imq_init_module); ++module_exit(imq_exit_module); + +module_param(numdevs, int, 0); +MODULE_PARM_DESC(numdevs, "number of IMQ devices (how many imq* devices will " @@ -464,149 +650,11 @@ +MODULE_DESCRIPTION("Pseudo-driver for the intermediate queue device. See " + "http://www.linuximq.net/ for more information."); +MODULE_LICENSE("GPL"); ++MODULE_ALIAS_RTNL_LINK("imq"); + ---- a/drivers/net/Kconfig -+++ b/drivers/net/Kconfig -@@ -117,6 +117,129 @@ - To compile this driver as a module, choose M here: the module - will be called eql. If unsure, say N. - -+config IMQ -+ tristate "IMQ (intermediate queueing device) support" -+ depends on NETDEVICES && NETFILTER -+ ---help--- -+ The IMQ device(s) is used as placeholder for QoS queueing -+ disciplines. Every packet entering/leaving the IP stack can be -+ directed through the IMQ device where it's enqueued/dequeued to the -+ attached qdisc. This allows you to treat network devices as classes -+ and distribute bandwidth among them. Iptables is used to specify -+ through which IMQ device, if any, packets travel. -+ -+ More information at: http://www.linuximq.net/ -+ -+ To compile this driver as a module, choose M here: the module -+ will be called imq. If unsure, say N. -+ -+choice -+ prompt "IMQ behavior (PRE/POSTROUTING)" -+ depends on IMQ -+ default IMQ_BEHAVIOR_BB -+ help -+ -+ This settings defines how IMQ behaves in respect to its -+ hooking in PREROUTING and POSTROUTING. -+ -+ IMQ can work in any of the following ways: -+ -+ PREROUTING | POSTROUTING -+ -----------------|------------------- -+ #1 After NAT | After NAT -+ #2 After NAT | Before NAT -+ #3 Before NAT | After NAT -+ #4 Before NAT | Before NAT -+ -+ The default behavior is to hook before NAT on PREROUTING -+ and after NAT on POSTROUTING (#3). -+ -+ This settings are specially usefull when trying to use IMQ -+ to shape NATed clients. -+ -+ More information can be found at: www.linuximq.net -+ -+ If not sure leave the default settings alone. -+ -+config IMQ_BEHAVIOR_AA -+ bool "IMQ AA" -+ help -+ This settings defines how IMQ behaves in respect to its -+ hooking in PREROUTING and POSTROUTING. -+ -+ Choosing this option will make IMQ hook like this: -+ -+ PREROUTING: After NAT -+ POSTROUTING: After NAT -+ -+ More information can be found at: www.linuximq.net -+ -+ If not sure leave the default settings alone. -+ -+config IMQ_BEHAVIOR_AB -+ bool "IMQ AB" -+ help -+ This settings defines how IMQ behaves in respect to its -+ hooking in PREROUTING and POSTROUTING. -+ -+ Choosing this option will make IMQ hook like this: -+ -+ PREROUTING: After NAT -+ POSTROUTING: Before NAT -+ -+ More information can be found at: www.linuximq.net -+ -+ If not sure leave the default settings alone. -+ -+config IMQ_BEHAVIOR_BA -+ bool "IMQ BA" -+ help -+ This settings defines how IMQ behaves in respect to its -+ hooking in PREROUTING and POSTROUTING. -+ -+ Choosing this option will make IMQ hook like this: -+ -+ PREROUTING: Before NAT -+ POSTROUTING: After NAT -+ -+ More information can be found at: www.linuximq.net -+ -+ If not sure leave the default settings alone. -+ -+config IMQ_BEHAVIOR_BB -+ bool "IMQ BB" -+ help -+ This settings defines how IMQ behaves in respect to its -+ hooking in PREROUTING and POSTROUTING. -+ -+ Choosing this option will make IMQ hook like this: -+ -+ PREROUTING: Before NAT -+ POSTROUTING: Before NAT -+ -+ More information can be found at: www.linuximq.net -+ -+ If not sure leave the default settings alone. -+ -+endchoice -+ -+config IMQ_NUM_DEVS -+ -+ int "Number of IMQ devices" -+ range 2 16 -+ depends on IMQ -+ default "16" -+ help -+ -+ This settings defines how many IMQ devices will be -+ created. -+ -+ The default value is 16. -+ -+ More information can be found at: www.linuximq.net -+ -+ If not sure leave the default settings alone. -+ - config TUN - tristate "Universal TUN/TAP device driver support" - select CRC32 ---- a/drivers/net/Makefile -+++ b/drivers/net/Makefile -@@ -143,6 +143,7 @@ - obj-$(CONFIG_XEN_NETDEV_FRONTEND) += xen-netfront.o - - obj-$(CONFIG_DUMMY) += dummy.o -+obj-$(CONFIG_IMQ) += imq.o - obj-$(CONFIG_IFB) += ifb.o - obj-$(CONFIG_MACVLAN) += macvlan.o - obj-$(CONFIG_DE600) += de600.o +diff --git a/include/linux/imq.h b/include/linux/imq.h +new file mode 100644 +index 0000000..1447c4e --- /dev/null +++ b/include/linux/imq.h @@ -0,0 +1,9 @@ @@ -619,6 +667,9 @@ +#define IMQ_F_ENQUEUE 0x80 + +#endif /* _IMQ_H */ +diff --git a/include/linux/netfilter_ipv4/ipt_IMQ.h b/include/linux/netfilter_ipv4/ipt_IMQ.h +new file mode 100644 +index 0000000..a304991 --- /dev/null +++ b/include/linux/netfilter_ipv4/ipt_IMQ.h @@ -0,0 +1,8 @@ @@ -630,6 +681,9 @@ +}; + +#endif /* _IPT_IMQ_H */ +diff --git a/include/linux/netfilter_ipv6/ip6t_IMQ.h b/include/linux/netfilter_ipv6/ip6t_IMQ.h +new file mode 100644 +index 0000000..605f549 --- /dev/null +++ b/include/linux/netfilter_ipv6/ip6t_IMQ.h @@ -0,0 +1,8 @@ @@ -641,9 +695,11 @@ +}; + +#endif /* _IP6T_IMQ_H */ +diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h +index bbd8d00..f7d6f7e 100644 --- a/include/linux/skbuff.h +++ b/include/linux/skbuff.h -@@ -296,6 +296,10 @@ +@@ -296,6 +296,10 @@ struct sk_buff { struct nf_conntrack *nfct; struct sk_buff *nfct_reasm; #endif @@ -654,7 +710,7 @@ #ifdef CONFIG_BRIDGE_NETFILTER struct nf_bridge_info *nf_bridge; #endif -@@ -1736,6 +1740,10 @@ +@@ -1736,6 +1740,10 @@ static inline void __nf_copy(struct sk_buff *dst, const struct sk_buff *src) dst->nfct_reasm = src->nfct_reasm; nf_conntrack_get_reasm(src->nfct_reasm); #endif @@ -665,6 +721,8 @@ #ifdef CONFIG_BRIDGE_NETFILTER dst->nf_bridge = src->nf_bridge; nf_bridge_get(src->nf_bridge); +diff --git a/net/core/dev.c b/net/core/dev.c +index 460e7f9..094838b 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -95,6 +95,9 @@ @@ -677,7 +735,7 @@ #include <linux/proc_fs.h> #include <linux/seq_file.h> #include <linux/stat.h> -@@ -1537,7 +1540,11 @@ +@@ -1537,7 +1540,11 @@ static int dev_gso_segment(struct sk_buff *skb) int dev_hard_start_xmit(struct sk_buff *skb, struct net_device *dev) { if (likely(!skb->next)) { @@ -690,6 +748,43 @@ dev_queue_xmit_nit(skb, dev); if (netif_needs_gso(dev, skb)) { +diff --git a/net/ipv4/netfilter/Kconfig b/net/ipv4/netfilter/Kconfig +index 9a077cb..3bde19b 100644 +--- a/net/ipv4/netfilter/Kconfig ++++ b/net/ipv4/netfilter/Kconfig +@@ -123,6 +123,17 @@ config IP_NF_FILTER + + To compile it as a module, choose M here. If unsure, say N. + ++config IP_NF_TARGET_IMQ ++ tristate "IMQ target support" ++ depends on IP_NF_MANGLE ++ help ++ This option adds a `IMQ' target which is used to specify if and ++ to which IMQ device packets should get enqueued/dequeued. ++ ++ For more information visit: http://www.linuximq.net/ ++ ++ To compile it as a module, choose M here. If unsure, say N. ++ + config IP_NF_TARGET_REJECT + tristate "REJECT target support" + depends on IP_NF_FILTER +diff --git a/net/ipv4/netfilter/Makefile b/net/ipv4/netfilter/Makefile +index 0c7dc78..7617528 100644 +--- a/net/ipv4/netfilter/Makefile ++++ b/net/ipv4/netfilter/Makefile +@@ -51,6 +51,7 @@ obj-$(CONFIG_IP_NF_MATCH_TTL) += ipt_ttl.o + obj-$(CONFIG_IP_NF_TARGET_CLUSTERIP) += ipt_CLUSTERIP.o + obj-$(CONFIG_IP_NF_TARGET_ECN) += ipt_ECN.o + obj-$(CONFIG_IP_NF_TARGET_LOG) += ipt_LOG.o ++obj-$(CONFIG_IP_NF_TARGET_IMQ) += ipt_IMQ.o + obj-$(CONFIG_IP_NF_TARGET_MASQUERADE) += ipt_MASQUERADE.o + obj-$(CONFIG_IP_NF_TARGET_NETMAP) += ipt_NETMAP.o + obj-$(CONFIG_IP_NF_TARGET_REDIRECT) += ipt_REDIRECT.o +diff --git a/net/ipv4/netfilter/ipt_IMQ.c b/net/ipv4/netfilter/ipt_IMQ.c +new file mode 100644 +index 0000000..cda69a4 --- /dev/null +++ b/net/ipv4/netfilter/ipt_IMQ.c @@ -0,0 +1,69 @@ @@ -709,7 +804,7 @@ + const struct xt_target *target, + const void *targinfo) +{ -+ struct ipt_imq_info *mr = (struct ipt_imq_info*)targinfo; ++ struct ipt_imq_info *mr = (struct ipt_imq_info *)targinfo; + + pskb->imq_flags = mr->todev | IMQ_F_ENQUEUE; + @@ -724,7 +819,7 @@ +{ + struct ipt_imq_info *mr; + -+ mr = (struct ipt_imq_info*)targinfo; ++ mr = (struct ipt_imq_info *)targinfo; + + if (mr->todev > IMQ_MAX_DEVS) { + printk(KERN_WARNING @@ -762,36 +857,41 @@ +MODULE_AUTHOR("http://www.linuximq.net"); +MODULE_DESCRIPTION("Pseudo-driver for the intermediate queue device. See http://www.linuximq.net/ for more information."); +MODULE_LICENSE("GPL"); ---- a/net/ipv4/netfilter/Kconfig -+++ b/net/ipv4/netfilter/Kconfig -@@ -145,6 +145,17 @@ +diff --git a/net/ipv6/netfilter/Kconfig b/net/ipv6/netfilter/Kconfig +index 6cae547..3b3b610 100644 +--- a/net/ipv6/netfilter/Kconfig ++++ b/net/ipv6/netfilter/Kconfig +@@ -179,6 +179,15 @@ config IP6_NF_MANGLE To compile it as a module, choose M here. If unsure, say N. -+config IP_NF_TARGET_IMQ -+ tristate "IMQ target support" -+ depends on IP_NF_MANGLE -+ help -+ This option adds a `IMQ' target which is used to specify if and -+ to which IMQ device packets should get enqueued/dequeued. -+ -+ For more information visit: http://www.linuximq.net/ ++config IP6_NF_TARGET_IMQ ++ tristate "IMQ target support" ++ depends on IP6_NF_MANGLE ++ help ++ This option adds a `IMQ' target which is used to specify if and ++ to which imq device packets should get enqueued/dequeued. + -+ To compile it as a module, choose M here. If unsure, say N. ++ To compile it as a module, choose M here. If unsure, say N. + - config IP_NF_TARGET_REJECT - tristate "REJECT target support" - depends on IP_NF_FILTER ---- a/net/ipv4/netfilter/Makefile -+++ b/net/ipv4/netfilter/Makefile -@@ -55,6 +55,7 @@ - obj-$(CONFIG_IP_NF_TARGET_CLUSTERIP) += ipt_CLUSTERIP.o - obj-$(CONFIG_IP_NF_TARGET_ECN) += ipt_ECN.o - obj-$(CONFIG_IP_NF_TARGET_LOG) += ipt_LOG.o -+obj-$(CONFIG_IP_NF_TARGET_IMQ) += ipt_IMQ.o - obj-$(CONFIG_IP_NF_TARGET_MASQUERADE) += ipt_MASQUERADE.o - obj-$(CONFIG_IP_NF_TARGET_NETMAP) += ipt_NETMAP.o - obj-$(CONFIG_IP_NF_TARGET_REDIRECT) += ipt_REDIRECT.o + config IP6_NF_TARGET_HL + tristate 'HL (hoplimit) target support' + depends on IP6_NF_MANGLE +diff --git a/net/ipv6/netfilter/Makefile b/net/ipv6/netfilter/Makefile +index fbf2c14..dcfe80b 100644 +--- a/net/ipv6/netfilter/Makefile ++++ b/net/ipv6/netfilter/Makefile +@@ -6,6 +6,7 @@ + obj-$(CONFIG_IP6_NF_IPTABLES) += ip6_tables.o + obj-$(CONFIG_IP6_NF_FILTER) += ip6table_filter.o + obj-$(CONFIG_IP6_NF_MANGLE) += ip6table_mangle.o ++obj-$(CONFIG_IP6_NF_TARGET_IMQ) += ip6t_IMQ.o + obj-$(CONFIG_IP6_NF_QUEUE) += ip6_queue.o + obj-$(CONFIG_IP6_NF_RAW) += ip6table_raw.o + +diff --git a/net/ipv6/netfilter/ip6t_IMQ.c b/net/ipv6/netfilter/ip6t_IMQ.c +new file mode 100644 +index 0000000..5cf7b72 --- /dev/null +++ b/net/ipv6/netfilter/ip6t_IMQ.c @@ -0,0 +1,69 @@ @@ -811,7 +911,7 @@ + const struct xt_target *target, + const void *targinfo) +{ -+ struct ip6t_imq_info *mr = (struct ip6t_imq_info*)targinfo; ++ struct ip6t_imq_info *mr = (struct ip6t_imq_info *)targinfo; + + pskb->imq_flags = mr->todev | IMQ_F_ENQUEUE; + @@ -826,7 +926,7 @@ +{ + struct ip6t_imq_info *mr; + -+ mr = (struct ip6t_imq_info*)targinfo; ++ mr = (struct ip6t_imq_info *)targinfo; + + if (mr->todev > IMQ_MAX_DEVS) { + printk(KERN_WARNING @@ -864,37 +964,11 @@ +MODULE_AUTHOR("http://www.linuximq.net"); +MODULE_DESCRIPTION("Pseudo-driver for the intermediate queue device. See http://www.linuximq.net/ for more information."); +MODULE_LICENSE("GPL"); ---- a/net/ipv6/netfilter/Kconfig -+++ b/net/ipv6/netfilter/Kconfig -@@ -179,6 +179,15 @@ - - To compile it as a module, choose M here. If unsure, say N. - -+config IP6_NF_TARGET_IMQ -+ tristate "IMQ target support" -+ depends on IP6_NF_MANGLE -+ help -+ This option adds a `IMQ' target which is used to specify if and -+ to which imq device packets should get enqueued/dequeued. -+ -+ To compile it as a module, choose M here. If unsure, say N. -+ - config IP6_NF_TARGET_HL - tristate 'HL (hoplimit) target support' - depends on IP6_NF_MANGLE ---- a/net/ipv6/netfilter/Makefile -+++ b/net/ipv6/netfilter/Makefile -@@ -6,6 +6,7 @@ - obj-$(CONFIG_IP6_NF_IPTABLES) += ip6_tables.o - obj-$(CONFIG_IP6_NF_FILTER) += ip6table_filter.o - obj-$(CONFIG_IP6_NF_MANGLE) += ip6table_mangle.o -+obj-$(CONFIG_IP6_NF_TARGET_IMQ) += ip6t_IMQ.o - obj-$(CONFIG_IP6_NF_QUEUE) += ip6_queue.o - obj-$(CONFIG_IP6_NF_RAW) += ip6table_raw.o - +diff --git a/net/sched/sch_generic.c b/net/sched/sch_generic.c +index b741618..dcb916e 100644 --- a/net/sched/sch_generic.c +++ b/net/sched/sch_generic.c -@@ -203,6 +203,7 @@ +@@ -203,6 +203,7 @@ void __qdisc_run(struct net_device *dev) clear_bit(__LINK_STATE_QDISC_RUNNING, &dev->state); } diff --git a/target/linux/generic-2.6/patches-2.6.26/150-netfilter_imq.patch b/target/linux/generic-2.6/patches-2.6.26/150-netfilter_imq.patch index 542c54ebb..c99a30d23 100644 --- a/target/linux/generic-2.6/patches-2.6.26/150-netfilter_imq.patch +++ b/target/linux/generic-2.6/patches-2.6.26/150-netfilter_imq.patch @@ -1,6 +1,176 @@ + + +--- + + drivers/net/Kconfig | 123 ++++++++ + drivers/net/Makefile | 1 + drivers/net/imq.c | 474 +++++++++++++++++++++++++++++++ + include/linux/imq.h | 9 + + include/linux/netfilter_ipv4/ipt_IMQ.h | 8 + + include/linux/netfilter_ipv6/ip6t_IMQ.h | 8 + + include/linux/skbuff.h | 8 + + net/core/dev.c | 9 + + net/ipv4/netfilter/Kconfig | 11 + + net/ipv4/netfilter/Makefile | 1 + net/ipv4/netfilter/ipt_IMQ.c | 69 +++++ + net/ipv6/netfilter/Kconfig | 9 + + net/ipv6/netfilter/Makefile | 1 + net/ipv6/netfilter/ip6t_IMQ.c | 69 +++++ + net/sched/sch_generic.c | 1 + 15 files changed, 800 insertions(+), 1 deletions(-) + create mode 100644 drivers/net/imq.c + create mode 100644 include/linux/imq.h + create mode 100644 include/linux/netfilter_ipv4/ipt_IMQ.h + create mode 100644 include/linux/netfilter_ipv6/ip6t_IMQ.h + create mode 100644 net/ipv4/netfilter/ipt_IMQ.c + create mode 100644 net/ipv6/netfilter/ip6t_IMQ.c + + +--- a/drivers/net/Kconfig ++++ b/drivers/net/Kconfig +@@ -117,6 +117,129 @@ + To compile this driver as a module, choose M here: the module + will be called eql. If unsure, say N. + ++config IMQ ++ tristate "IMQ (intermediate queueing device) support" ++ depends on NETDEVICES && NETFILTER ++ ---help--- ++ The IMQ device(s) is used as placeholder for QoS queueing ++ disciplines. Every packet entering/leaving the IP stack can be ++ directed through the IMQ device where it's enqueued/dequeued to the ++ attached qdisc. This allows you to treat network devices as classes ++ and distribute bandwidth among them. Iptables is used to specify ++ through which IMQ device, if any, packets travel. ++ ++ More information at: http://www.linuximq.net/ ++ ++ To compile this driver as a module, choose M here: the module ++ will be called imq. If unsure, say N. ++ ++choice ++ prompt "IMQ behavior (PRE/POSTROUTING)" ++ depends on IMQ ++ default IMQ_BEHAVIOR_BB ++ help ++ ++ This settings defines how IMQ behaves in respect to its ++ hooking in PREROUTING and POSTROUTING. ++ ++ IMQ can work in any of the following ways: ++ ++ PREROUTING | POSTROUTING ++ -----------------|------------------- ++ #1 After NAT | After NAT ++ #2 After NAT | Before NAT ++ #3 Before NAT | After NAT ++ #4 Before NAT | Before NAT ++ ++ The default behavior is to hook before NAT on PREROUTING ++ and after NAT on POSTROUTING (#3). ++ ++ This settings are specially usefull when trying to use IMQ ++ to shape NATed clients. ++ ++ More information can be found at: www.linuximq.net ++ ++ If not sure leave the default settings alone. ++ ++config IMQ_BEHAVIOR_AA ++ bool "IMQ AA" ++ help ++ This settings defines how IMQ behaves in respect to its ++ hooking in PREROUTING and POSTROUTING. ++ ++ Choosing this option will make IMQ hook like this: ++ ++ PREROUTING: After NAT ++ POSTROUTING: After NAT ++ ++ More information can be found at: www.linuximq.net ++ ++ If not sure leave the default settings alone. ++ ++config IMQ_BEHAVIOR_AB ++ bool "IMQ AB" ++ help ++ This settings defines how IMQ behaves in respect to its ++ hooking in PREROUTING and POSTROUTING. ++ ++ Choosing this option will make IMQ hook like this: ++ ++ PREROUTING: After NAT ++ POSTROUTING: Before NAT ++ ++ More information can be found at: www.linuximq.net ++ ++ If not sure leave the default settings alone. ++ ++config IMQ_BEHAVIOR_BA ++ bool "IMQ BA" ++ help ++ This settings defines how IMQ behaves in respect to its ++ hooking in PREROUTING and POSTROUTING. ++ ++ Choosing this option will make IMQ hook like this: ++ ++ PREROUTING: Before NAT ++ POSTROUTING: After NAT ++ ++ More information can be found at: www.linuximq.net ++ ++ If not sure leave the default settings alone. ++ ++config IMQ_BEHAVIOR_BB ++ bool "IMQ BB" ++ help ++ This settings defines how IMQ behaves in respect to its ++ hooking in PREROUTING and POSTROUTING. ++ ++ Choosing this option will make IMQ hook like this: ++ ++ PREROUTING: Before NAT ++ POSTROUTING: Before NAT ++ ++ More information can be found at: www.linuximq.net ++ ++ If not sure leave the default settings alone. ++ ++endchoice ++ ++config IMQ_NUM_DEVS ++ ++ int "Number of IMQ devices" ++ range 2 16 ++ depends on IMQ ++ default "16" ++ help ++ ++ This settings defines how many IMQ devices will be ++ created. ++ ++ The default value is 16. ++ ++ More information can be found at: www.linuximq.net ++ ++ If not sure leave the default settings alone. ++ + config TUN + tristate "Universal TUN/TAP device driver support" + select CRC32 +--- a/drivers/net/Makefile ++++ b/drivers/net/Makefile +@@ -142,6 +142,7 @@ + obj-$(CONFIG_XEN_NETDEV_FRONTEND) += xen-netfront.o + + obj-$(CONFIG_DUMMY) += dummy.o ++obj-$(CONFIG_IMQ) += imq.o + obj-$(CONFIG_IFB) += ifb.o + obj-$(CONFIG_MACVLAN) += macvlan.o + obj-$(CONFIG_DE600) += de600.o --- /dev/null +++ b/drivers/net/imq.c -@@ -0,0 +1,464 @@ +@@ -0,0 +1,474 @@ +/* + * Pseudo-driver for the intermediate queue device. + * @@ -54,6 +224,9 @@ + * qdisc_restart() and moved qdisc_run() to tasklet to avoid + * recursive locking. (Jussi Kivilinna) + * ++ * 2008/06/14 - New initialization routines to fix 'rmmod' not ++ * working anymore. Used code from ifb.c (Jussi Kivilinna) ++ * + * + * More info at: http://www.linuximq.net/ (Andre Correa) + */ @@ -134,10 +307,10 @@ +#if defined(CONFIG_IMQ_NUM_DEVS) +static unsigned int numdevs = CONFIG_IMQ_NUM_DEVS; +#else -+static unsigned int numdevs = 16; ++static unsigned int numdevs = IMQ_MAX_DEVS; +#endif + -+static struct net_device *imq_devs; ++static struct net_device *imq_devs_cache[IMQ_MAX_DEVS]; + +static struct net_device_stats *imq_get_stats(struct net_device *dev) +{ @@ -183,7 +356,23 @@ + if (index > numdevs) + return -1; + -+ dev = imq_devs + index; ++ /* check for imq device by index from cache */ ++ dev = imq_devs_cache[index]; ++ if (!dev) { ++ char buf[8]; ++ ++ /* get device by name and cache result */ ++ snprintf(buf, sizeof(buf), "imq%d", index); ++ dev = dev_get_by_name(&init_net, buf); ++ if (!dev) { ++ /* not found ?!*/ ++ BUG(); ++ return -1; ++ } ++ ++ imq_devs_cache[index] = dev; ++ } ++ + priv = netdev_priv(dev); + if (!(dev->flags & IFF_UP)) { + entry->skb->imq_flags = 0; @@ -213,11 +402,9 @@ + ret = 0; + } + } -+ -+ spin_unlock_bh(&dev->queue_lock); -+ + if (!test_and_set_bit(1, &priv->tasklet_pending)) + tasklet_schedule(&priv->tasklet); ++ spin_unlock_bh(&dev->queue_lock); + + if (skb2) + kfree_skb(ret ? entry->skb : skb2); @@ -237,9 +424,8 @@ + + spin_lock(&dev->queue_lock); + qdisc_run(dev); -+ spin_unlock(&dev->queue_lock); -+ + clear_bit(1, &priv->tasklet_pending); ++ spin_unlock(&dev->queue_lock); +} + +static unsigned int imq_nf_hook(unsigned int hook, struct sk_buff *pskb, @@ -273,6 +459,24 @@ + return 0; +} + ++static void imq_setup(struct net_device *dev) ++{ ++ dev->hard_start_xmit = imq_dev_xmit; ++ dev->open = imq_open; ++ dev->get_stats = imq_get_stats; ++ dev->stop = imq_close; ++ dev->type = ARPHRD_VOID; ++ dev->mtu = 16000; ++ dev->tx_queue_len = 11000; ++ dev->flags = IFF_NOARP; ++} ++ ++static struct rtnl_link_ops imq_link_ops __read_mostly = { ++ .kind = "imq", ++ .priv_size = sizeof(struct imq_private), ++ .setup = imq_setup, ++}; ++ +static int __init imq_init_hooks(void) +{ + int err; @@ -321,45 +525,33 @@ + return err; +} + -+static void __exit imq_unhook(void) -+{ -+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) -+ nf_unregister_hook(&imq_ingress_ipv6); -+ nf_unregister_hook(&imq_egress_ipv6); -+ nf_unregister_queue_handler(PF_INET6, &nfqh); -+#endif -+ nf_unregister_hook(&imq_ingress_ipv4); -+ nf_unregister_hook(&imq_egress_ipv4); -+ nf_unregister_queue_handler(PF_INET, &nfqh); -+} -+ -+static int __init imq_dev_init(struct net_device *dev) ++static int __init imq_init_one(int index) +{ -+ dev->hard_start_xmit = imq_dev_xmit; -+ dev->open = imq_open; -+ dev->get_stats = imq_get_stats; -+ dev->stop = imq_close; -+ dev->type = ARPHRD_VOID; -+ dev->mtu = 16000; -+ dev->tx_queue_len = 11000; -+ dev->flags = IFF_NOARP; ++ struct net_device *dev; ++ int ret; + -+ dev->priv = kzalloc(sizeof(struct imq_private), GFP_KERNEL); -+ if (dev->priv == NULL) ++ dev = alloc_netdev(sizeof(struct imq_private), "imq%d", imq_setup); ++ if (!dev) + return -ENOMEM; + -+ return 0; -+} ++ ret = dev_alloc_name(dev, dev->name); ++ if (ret < 0) ++ goto fail; + -+static void imq_dev_uninit(struct net_device *dev) -+{ -+ kfree(dev->priv); ++ dev->rtnl_link_ops = &imq_link_ops; ++ ret = register_netdevice(dev); ++ if (ret < 0) ++ goto fail; ++ ++ return 0; ++fail: ++ free_netdev(dev); ++ return ret; +} + -+static int __init imq_init_devs(struct net *net) ++static int __init imq_init_devs(void) +{ -+ struct net_device *dev; -+ int i, j; ++ int err, i; + + if (!numdevs || numdevs > IMQ_MAX_DEVS) { + printk(KERN_ERR "IMQ: numdevs has to be betweed 1 and %u\n", @@ -367,48 +559,26 @@ + return -EINVAL; + } + -+ imq_devs = kzalloc(sizeof(struct net_device) * numdevs, GFP_KERNEL); -+ if (!imq_devs) -+ return -ENOMEM; -+ -+ /* we start counting at zero */ -+ j = numdevs - 1; ++ rtnl_lock(); ++ err = __rtnl_link_register(&imq_link_ops); + -+ for (i = 0, dev = imq_devs; i <= j; i++, dev++) { -+ strcpy(dev->name, "imq%d"); -+ dev->init = imq_dev_init; -+ dev->uninit = imq_dev_uninit; -+ dev->nd_net = net; ++ for (i = 0; i < numdevs && !err; i++) ++ err = imq_init_one(i); + -+ if (register_netdev(dev) < 0) -+ goto err_register; ++ if (err) { ++ __rtnl_link_unregister(&imq_link_ops); ++ memset(imq_devs_cache, 0, sizeof(imq_devs_cache)); + } -+ printk(KERN_INFO "IMQ starting with %u devices...\n", numdevs); -+ return 0; ++ rtnl_unlock(); + -+err_register: -+ for (; i; i--) -+ unregister_netdev(--dev); -+ kfree(imq_devs); -+ return -EIO; -+} -+ -+static void imq_cleanup_devs(void) -+{ -+ int i; -+ struct net_device *dev = imq_devs; -+ -+ for (i = 0; i <= numdevs; i++) -+ unregister_netdev(dev++); -+ -+ kfree(imq_devs); ++ return err; +} + -+static __net_init int imq_init_module(struct net *net) ++static int __init imq_init_module(void) +{ + int err; + -+ err = imq_init_devs(net); ++ err = imq_init_devs(); + if (err) { + printk(KERN_ERR "IMQ: Error trying imq_init_devs(net)\n"); + return err; @@ -417,7 +587,8 @@ + err = imq_init_hooks(); + if (err) { + printk(KERN_ERR "IMQ: Error trying imq_init_hooks()\n"); -+ imq_cleanup_devs(); ++ rtnl_link_unregister(&imq_link_ops); ++ memset(imq_devs_cache, 0, sizeof(imq_devs_cache)); + return err; + } + @@ -437,25 +608,33 @@ + return 0; +} + -+static __net_exit void imq_exit_module(struct net *net) ++static void __exit imq_unhook(void) +{ -+ imq_unhook(); -+ imq_cleanup_devs(); -+ printk(KERN_INFO "IMQ driver unloaded successfully.\n"); ++#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) ++ nf_unregister_hook(&imq_ingress_ipv6); ++ nf_unregister_hook(&imq_egress_ipv6); ++ nf_unregister_queue_handler(PF_INET6, &nfqh); ++#endif ++ nf_unregister_hook(&imq_ingress_ipv4); ++ nf_unregister_hook(&imq_egress_ipv4); ++ nf_unregister_queue_handler(PF_INET, &nfqh); +} + -+static struct pernet_operations __net_initdata imq_net_ops = { -+ .init = imq_init_module, -+ .exit = imq_exit_module, -+}; ++static void __exit imq_cleanup_devs(void) ++{ ++ rtnl_link_unregister(&imq_link_ops); ++ memset(imq_devs_cache, 0, sizeof(imq_devs_cache)); ++} + -+static int __init imq_init(void) ++static void __exit imq_exit_module(void) +{ -+ return register_pernet_device(&imq_net_ops); ++ imq_unhook(); ++ imq_cleanup_devs(); ++ printk(KERN_INFO "IMQ driver unloaded successfully.\n"); +} + -+module_init(imq_init); -+/*module_exit(imq_cleanup_module);*/ ++module_init(imq_init_module); ++module_exit(imq_exit_module); + +module_param(numdevs, int, 0); +MODULE_PARM_DESC(numdevs, "number of IMQ devices (how many imq* devices will " @@ -464,149 +643,8 @@ +MODULE_DESCRIPTION("Pseudo-driver for the intermediate queue device. See " + "http://www.linuximq.net/ for more information."); +MODULE_LICENSE("GPL"); ++MODULE_ALIAS_RTNL_LINK("imq"); + ---- a/drivers/net/Kconfig -+++ b/drivers/net/Kconfig -@@ -117,6 +117,129 @@ - To compile this driver as a module, choose M here: the module - will be called eql. If unsure, say N. - -+config IMQ -+ tristate "IMQ (intermediate queueing device) support" -+ depends on NETDEVICES && NETFILTER -+ ---help--- -+ The IMQ device(s) is used as placeholder for QoS queueing -+ disciplines. Every packet entering/leaving the IP stack can be -+ directed through the IMQ device where it's enqueued/dequeued to the -+ attached qdisc. This allows you to treat network devices as classes -+ and distribute bandwidth among them. Iptables is used to specify -+ through which IMQ device, if any, packets travel. -+ -+ More information at: http://www.linuximq.net/ -+ -+ To compile this driver as a module, choose M here: the module -+ will be called imq. If unsure, say N. -+ -+choice -+ prompt "IMQ behavior (PRE/POSTROUTING)" -+ depends on IMQ -+ default IMQ_BEHAVIOR_BB -+ help -+ -+ This settings defines how IMQ behaves in respect to its -+ hooking in PREROUTING and POSTROUTING. -+ -+ IMQ can work in any of the following ways: -+ -+ PREROUTING | POSTROUTING -+ -----------------|------------------- -+ #1 After NAT | After NAT -+ #2 After NAT | Before NAT -+ #3 Before NAT | After NAT -+ #4 Before NAT | Before NAT -+ -+ The default behavior is to hook before NAT on PREROUTING -+ and after NAT on POSTROUTING (#3). -+ -+ This settings are specially usefull when trying to use IMQ -+ to shape NATed clients. -+ -+ More information can be found at: www.linuximq.net -+ -+ If not sure leave the default settings alone. -+ -+config IMQ_BEHAVIOR_AA -+ bool "IMQ AA" -+ help -+ This settings defines how IMQ behaves in respect to its -+ hooking in PREROUTING and POSTROUTING. -+ -+ Choosing this option will make IMQ hook like this: -+ -+ PREROUTING: After NAT -+ POSTROUTING: After NAT -+ -+ More information can be found at: www.linuximq.net -+ -+ If not sure leave the default settings alone. -+ -+config IMQ_BEHAVIOR_AB -+ bool "IMQ AB" -+ help -+ This settings defines how IMQ behaves in respect to its -+ hooking in PREROUTING and POSTROUTING. -+ -+ Choosing this option will make IMQ hook like this: -+ -+ PREROUTING: After NAT -+ POSTROUTING: Before NAT -+ -+ More information can be found at: www.linuximq.net -+ -+ If not sure leave the default settings alone. -+ -+config IMQ_BEHAVIOR_BA -+ bool "IMQ BA" -+ help -+ This settings defines how IMQ behaves in respect to its -+ hooking in PREROUTING and POSTROUTING. -+ -+ Choosing this option will make IMQ hook like this: -+ -+ PREROUTING: Before NAT -+ POSTROUTING: After NAT -+ -+ More information can be found at: www.linuximq.net -+ -+ If not sure leave the default settings alone. -+ -+config IMQ_BEHAVIOR_BB -+ bool "IMQ BB" -+ help -+ This settings defines how IMQ behaves in respect to its -+ hooking in PREROUTING and POSTROUTING. -+ -+ Choosing this option will make IMQ hook like this: -+ -+ PREROUTING: Before NAT -+ POSTROUTING: Before NAT -+ -+ More information can be found at: www.linuximq.net -+ -+ If not sure leave the default settings alone. -+ -+endchoice -+ -+config IMQ_NUM_DEVS -+ -+ int "Number of IMQ devices" -+ range 2 16 -+ depends on IMQ -+ default "16" -+ help -+ -+ This settings defines how many IMQ devices will be -+ created. -+ -+ The default value is 16. -+ -+ More information can be found at: www.linuximq.net -+ -+ If not sure leave the default settings alone. -+ - config TUN - tristate "Universal TUN/TAP device driver support" - select CRC32 ---- a/drivers/net/Makefile -+++ b/drivers/net/Makefile -@@ -142,6 +142,7 @@ - obj-$(CONFIG_XEN_NETDEV_FRONTEND) += xen-netfront.o - - obj-$(CONFIG_DUMMY) += dummy.o -+obj-$(CONFIG_IMQ) += imq.o - obj-$(CONFIG_IFB) += ifb.o - obj-$(CONFIG_MACVLAN) += macvlan.o - obj-$(CONFIG_DE600) += de600.o --- /dev/null +++ b/include/linux/imq.h @@ -0,0 +1,9 @@ @@ -690,6 +728,36 @@ dev_queue_xmit_nit(skb, dev); if (netif_needs_gso(dev, skb)) { +--- a/net/ipv4/netfilter/Kconfig ++++ b/net/ipv4/netfilter/Kconfig +@@ -145,6 +145,17 @@ + + To compile it as a module, choose M here. If unsure, say N. + ++config IP_NF_TARGET_IMQ ++ tristate "IMQ target support" ++ depends on IP_NF_MANGLE ++ help ++ This option adds a `IMQ' target which is used to specify if and ++ to which IMQ device packets should get enqueued/dequeued. ++ ++ For more information visit: http://www.linuximq.net/ ++ ++ To compile it as a module, choose M here. If unsure, say N. ++ + config IP_NF_TARGET_REJECT + tristate "REJECT target support" + depends on IP_NF_FILTER +--- a/net/ipv4/netfilter/Makefile ++++ b/net/ipv4/netfilter/Makefile +@@ -58,6 +58,7 @@ + obj-$(CONFIG_IP_NF_TARGET_CLUSTERIP) += ipt_CLUSTERIP.o + obj-$(CONFIG_IP_NF_TARGET_ECN) += ipt_ECN.o + obj-$(CONFIG_IP_NF_TARGET_LOG) += ipt_LOG.o ++obj-$(CONFIG_IP_NF_TARGET_IMQ) += ipt_IMQ.o + obj-$(CONFIG_IP_NF_TARGET_MASQUERADE) += ipt_MASQUERADE.o + obj-$(CONFIG_IP_NF_TARGET_NETMAP) += ipt_NETMAP.o + obj-$(CONFIG_IP_NF_TARGET_REDIRECT) += ipt_REDIRECT.o --- /dev/null +++ b/net/ipv4/netfilter/ipt_IMQ.c @@ -0,0 +1,69 @@ @@ -709,7 +777,7 @@ + const struct xt_target *target, + const void *targinfo) +{ -+ struct ipt_imq_info *mr = (struct ipt_imq_info*)targinfo; ++ struct ipt_imq_info *mr = (struct ipt_imq_info *)targinfo; + + pskb->imq_flags = mr->todev | IMQ_F_ENQUEUE; + @@ -724,7 +792,7 @@ +{ + struct ipt_imq_info *mr; + -+ mr = (struct ipt_imq_info*)targinfo; ++ mr = (struct ipt_imq_info *)targinfo; + + if (mr->todev > IMQ_MAX_DEVS) { + printk(KERN_WARNING @@ -762,36 +830,34 @@ +MODULE_AUTHOR("http://www.linuximq.net"); +MODULE_DESCRIPTION("Pseudo-driver for the intermediate queue device. See http://www.linuximq.net/ for more information."); +MODULE_LICENSE("GPL"); ---- a/net/ipv4/netfilter/Kconfig -+++ b/net/ipv4/netfilter/Kconfig -@@ -145,6 +145,17 @@ +--- a/net/ipv6/netfilter/Kconfig ++++ b/net/ipv6/netfilter/Kconfig +@@ -179,6 +179,15 @@ To compile it as a module, choose M here. If unsure, say N. -+config IP_NF_TARGET_IMQ -+ tristate "IMQ target support" -+ depends on IP_NF_MANGLE -+ help -+ This option adds a `IMQ' target which is used to specify if and -+ to which IMQ device packets should get enqueued/dequeued. -+ -+ For more information visit: http://www.linuximq.net/ ++config IP6_NF_TARGET_IMQ ++ tristate "IMQ target support" ++ depends on IP6_NF_MANGLE ++ help ++ This option adds a `IMQ' target which is used to specify if and ++ to which imq device packets should get enqueued/dequeued. + -+ To compile it as a module, choose M here. If unsure, say N. ++ To compile it as a module, choose M here. If unsure, say N. + - config IP_NF_TARGET_REJECT - tristate "REJECT target support" - depends on IP_NF_FILTER ---- a/net/ipv4/netfilter/Makefile -+++ b/net/ipv4/netfilter/Makefile -@@ -58,6 +58,7 @@ - obj-$(CONFIG_IP_NF_TARGET_CLUSTERIP) += ipt_CLUSTERIP.o - obj-$(CONFIG_IP_NF_TARGET_ECN) += ipt_ECN.o - obj-$(CONFIG_IP_NF_TARGET_LOG) += ipt_LOG.o -+obj-$(CONFIG_IP_NF_TARGET_IMQ) += ipt_IMQ.o - obj-$(CONFIG_IP_NF_TARGET_MASQUERADE) += ipt_MASQUERADE.o - obj-$(CONFIG_IP_NF_TARGET_NETMAP) += ipt_NETMAP.o - obj-$(CONFIG_IP_NF_TARGET_REDIRECT) += ipt_REDIRECT.o + config IP6_NF_TARGET_HL + tristate 'HL (hoplimit) target support' + depends on IP6_NF_MANGLE +--- a/net/ipv6/netfilter/Makefile ++++ b/net/ipv6/netfilter/Makefile +@@ -6,6 +6,7 @@ + obj-$(CONFIG_IP6_NF_IPTABLES) += ip6_tables.o + obj-$(CONFIG_IP6_NF_FILTER) += ip6table_filter.o + obj-$(CONFIG_IP6_NF_MANGLE) += ip6table_mangle.o ++obj-$(CONFIG_IP6_NF_TARGET_IMQ) += ip6t_IMQ.o + obj-$(CONFIG_IP6_NF_QUEUE) += ip6_queue.o + obj-$(CONFIG_IP6_NF_RAW) += ip6table_raw.o + --- /dev/null +++ b/net/ipv6/netfilter/ip6t_IMQ.c @@ -0,0 +1,69 @@ @@ -811,7 +877,7 @@ + const struct xt_target *target, + const void *targinfo) +{ -+ struct ip6t_imq_info *mr = (struct ip6t_imq_info*)targinfo; ++ struct ip6t_imq_info *mr = (struct ip6t_imq_info *)targinfo; + + pskb->imq_flags = mr->todev | IMQ_F_ENQUEUE; + @@ -826,7 +892,7 @@ +{ + struct ip6t_imq_info *mr; + -+ mr = (struct ip6t_imq_info*)targinfo; ++ mr = (struct ip6t_imq_info *)targinfo; + + if (mr->todev > IMQ_MAX_DEVS) { + printk(KERN_WARNING @@ -864,34 +930,6 @@ +MODULE_AUTHOR("http://www.linuximq.net"); +MODULE_DESCRIPTION("Pseudo-driver for the intermediate queue device. See http://www.linuximq.net/ for more information."); +MODULE_LICENSE("GPL"); ---- a/net/ipv6/netfilter/Kconfig -+++ b/net/ipv6/netfilter/Kconfig -@@ -179,6 +179,15 @@ - - To compile it as a module, choose M here. If unsure, say N. - -+config IP6_NF_TARGET_IMQ -+ tristate "IMQ target support" -+ depends on IP6_NF_MANGLE -+ help -+ This option adds a `IMQ' target which is used to specify if and -+ to which imq device packets should get enqueued/dequeued. -+ -+ To compile it as a module, choose M here. If unsure, say N. -+ - config IP6_NF_TARGET_HL - tristate 'HL (hoplimit) target support' - depends on IP6_NF_MANGLE ---- a/net/ipv6/netfilter/Makefile -+++ b/net/ipv6/netfilter/Makefile -@@ -6,6 +6,7 @@ - obj-$(CONFIG_IP6_NF_IPTABLES) += ip6_tables.o - obj-$(CONFIG_IP6_NF_FILTER) += ip6table_filter.o - obj-$(CONFIG_IP6_NF_MANGLE) += ip6table_mangle.o -+obj-$(CONFIG_IP6_NF_TARGET_IMQ) += ip6t_IMQ.o - obj-$(CONFIG_IP6_NF_QUEUE) += ip6_queue.o - obj-$(CONFIG_IP6_NF_RAW) += ip6table_raw.o - --- a/net/sched/sch_generic.c +++ b/net/sched/sch_generic.c @@ -203,6 +203,7 @@ |