From dadef1694ddd0361eef3bf7365c53aacc3ee29cd Mon Sep 17 00:00:00 2001 From: CN_SZTL Date: Sat, 28 Nov 2020 20:59:28 +0800 Subject: [PATCH] linux: rework shortcut-fe on kernel 4.9 Signed-off-by: CN_SZTL --- ...k-events-support-multiple-registrant.patch | 155 ++++-------------- 1 file changed, 34 insertions(+), 121 deletions(-) diff --git a/target/linux/generic/hack-4.9/952-net-conntrack-events-support-multiple-registrant.patch b/target/linux/generic/hack-4.9/952-net-conntrack-events-support-multiple-registrant.patch index 8d584c63d9..028d331ef1 100644 --- a/target/linux/generic/hack-4.9/952-net-conntrack-events-support-multiple-registrant.patch +++ b/target/linux/generic/hack-4.9/952-net-conntrack-events-support-multiple-registrant.patch @@ -22,25 +22,18 @@ Signed-off-by: Zhi Chen --- a/include/net/netfilter/nf_conntrack_ecache.h +++ b/include/net/netfilter/nf_conntrack_ecache.h -@@ -70,6 +70,10 @@ struct nf_ct_event { +@@ -70,6 +70,11 @@ struct nf_ct_event { int report; }; +#ifdef CONFIG_NF_CONNTRACK_CHAIN_EVENTS -+extern int nf_conntrack_register_notifier(struct net *net, struct notifier_block *nb); -+extern int nf_conntrack_unregister_notifier(struct net *net, struct notifier_block *nb); -+#else ++extern int nf_conntrack_register_chain_notifier(struct net *net, struct notifier_block *nb); ++extern int nf_conntrack_unregister_chain_notifier(struct net *net, struct notifier_block *nb); ++#endif ++ struct nf_ct_event_notifier { int (*fcn)(unsigned int events, struct nf_ct_event *item); }; -@@ -78,6 +82,7 @@ int nf_conntrack_register_notifier(struc - struct nf_ct_event_notifier *nb); - void nf_conntrack_unregister_notifier(struct net *net, - struct nf_ct_event_notifier *nb); -+#endif - - void nf_ct_deliver_cached_events(struct nf_conn *ct); - int nf_conntrack_eventmask_report(unsigned int eventmask, struct nf_conn *ct, @@ -86,11 +91,13 @@ int nf_conntrack_eventmask_report(unsign static inline void nf_conntrack_event_cache(enum ip_conntrack_events event, struct nf_conn *ct) @@ -84,18 +77,16 @@ Signed-off-by: Zhi Chen } --- a/include/net/netns/conntrack.h +++ b/include/net/netns/conntrack.h -@@ -86,7 +86,11 @@ struct netns_ct { +@@ -86,6 +86,9 @@ struct netns_ct { struct ct_pcpu __percpu *pcpu_lists; struct ip_conntrack_stat __percpu *stat; +#ifdef CONFIG_NF_CONNTRACK_CHAIN_EVENTS + struct atomic_notifier_head nf_conntrack_chain; -+#else - struct nf_ct_event_notifier __rcu *nf_conntrack_event_cb; +#endif + struct nf_ct_event_notifier __rcu *nf_conntrack_event_cb; struct nf_exp_event_notifier __rcu *nf_expect_event_cb; struct nf_ip_net nf_ct_proto; - #if defined(CONFIG_NF_CONNTRACK_LABELS) --- a/net/netfilter/Kconfig +++ b/net/netfilter/Kconfig @@ -136,6 +136,14 @@ config NF_CONNTRACK_TIMEOUT @@ -138,143 +129,65 @@ Signed-off-by: Zhi Chen #include #include #include -@@ -117,6 +120,38 @@ static void ecache_work(struct work_stru - schedule_delayed_work(&ctnet->ecache_dwork, delay); - } +@@ -186,7 +189,11 @@ void nf_ct_deliver_cached_events(struct + rcu_read_lock(); + notify = rcu_dereference(net->ct.nf_conntrack_event_cb); +#ifdef CONFIG_NF_CONNTRACK_CHAIN_EVENTS -+int -+nf_conntrack_eventmask_report(unsigned int eventmask, -+ struct nf_conn *ct, -+ u32 portid, -+ int report) -+{ -+ struct nf_conntrack_ecache *e; -+ struct net *net = nf_ct_net(ct); -+ -+ e = nf_ct_ecache_find(ct); -+ if (e == NULL) -+ return 0; -+ -+ if (nf_ct_is_confirmed(ct)) { -+ struct nf_ct_event item = { -+ .ct = ct, -+ .portid = e->portid ? e->portid : portid, -+ .report = report -+ }; -+ /* This is a resent of a destroy event? If so, skip missed */ -+ unsigned long missed = e->portid ? 0 : e->missed; -+ -+ if (!((eventmask | missed) & e->ctmask)) -+ return 0; -+ -+ atomic_notifier_call_chain(&net->ct.nf_conntrack_chain, eventmask | missed, &item); -+ } -+ -+ return 0; -+} ++ if ((notify == NULL) && !rcu_dereference_raw(net->ct.nf_conntrack_chain.head)) +#else - int nf_conntrack_eventmask_report(unsigned int eventmask, struct nf_conn *ct, - u32 portid, int report) - { -@@ -171,10 +206,52 @@ out_unlock: - rcu_read_unlock(); - return ret; - } + if (notify == NULL) +#endif - EXPORT_SYMBOL_GPL(nf_conntrack_eventmask_report); + goto out_unlock; + + e = nf_ct_ecache_find(ct); +@@ -210,7 +217,16 @@ void nf_ct_deliver_cached_events(struct + item.portid = 0; + item.report = 0; - /* deliver cached events and clear cache entry - must be called with locally - * disabled softirqs */ +#ifdef CONFIG_NF_CONNTRACK_CHAIN_EVENTS -+void nf_ct_deliver_cached_events(struct nf_conn *ct) -+{ -+ unsigned long events, missed; -+ struct nf_conntrack_ecache *e; -+ struct nf_ct_event item; -+ struct net *net = nf_ct_net(ct); -+ -+ e = nf_ct_ecache_find(ct); -+ if (e == NULL) -+ return; -+ -+ events = xchg(&e->cache, 0); -+ -+ if (!nf_ct_is_confirmed(ct) || nf_ct_is_dying(ct) || !events) -+ return; -+ -+ /* We make a copy of the missed event cache without taking -+ * the lock, thus we may send missed events twice. However, -+ * this does not harm and it happens very rarely. */ -+ missed = e->missed; -+ -+ if (!((events | missed) & e->ctmask)) -+ return; -+ -+ item.ct = ct; -+ item.portid = 0; -+ item.report = 0; -+ -+ atomic_notifier_call_chain(&net->ct.nf_conntrack_chain, ++ ret = atomic_notifier_call_chain(&net->ct.nf_conntrack_chain, + events | missed, + &item); + -+ if (likely(!missed)) -+ return; -+ -+ spin_lock_bh(&ct->lock); -+ e->missed &= ~missed; -+ spin_unlock_bh(&ct->lock); -+} ++ if (notify != NULL) ++ ret = notify->fcn(events | missed, &item); +#else - void nf_ct_deliver_cached_events(struct nf_conn *ct) - { - struct net *net = nf_ct_net(ct); -@@ -225,6 +302,7 @@ void nf_ct_deliver_cached_events(struct - out_unlock: - rcu_read_unlock(); - } + ret = notify->fcn(events | missed, &item); +#endif - EXPORT_SYMBOL_GPL(nf_ct_deliver_cached_events); - void nf_ct_expect_event_report(enum ip_conntrack_expect_events event, -@@ -257,6 +335,12 @@ out_unlock: + if (likely(ret >= 0 && !missed)) + goto out_unlock; +@@ -257,6 +273,14 @@ out_unlock: rcu_read_unlock(); } +#ifdef CONFIG_NF_CONNTRACK_CHAIN_EVENTS -+int nf_conntrack_register_notifier(struct net *net, struct notifier_block *nb) ++int nf_conntrack_register_chain_notifier(struct net *net, struct notifier_block *nb) +{ + return atomic_notifier_chain_register(&net->ct.nf_conntrack_chain, nb); +} -+#else ++EXPORT_SYMBOL_GPL(nf_conntrack_register_chain_notifier); ++#endif ++ int nf_conntrack_register_notifier(struct net *net, struct nf_ct_event_notifier *new) { -@@ -277,8 +361,15 @@ out_unlock: - mutex_unlock(&nf_ct_ecache_mutex); - return ret; +@@ -279,6 +303,14 @@ out_unlock: } -+#endif EXPORT_SYMBOL_GPL(nf_conntrack_register_notifier); +#ifdef CONFIG_NF_CONNTRACK_CHAIN_EVENTS -+int nf_conntrack_unregister_notifier(struct net *net, struct notifier_block *nb) ++int nf_conntrack_unregister_chain_notifier(struct net *net, struct notifier_block *nb) +{ + return atomic_notifier_chain_unregister(&net->ct.nf_conntrack_chain, nb); +} -+#else ++EXPORT_SYMBOL_GPL(nf_conntrack_unregister_chain_notifier); ++#endif ++ void nf_conntrack_unregister_notifier(struct net *net, struct nf_ct_event_notifier *new) { -@@ -292,6 +383,7 @@ void nf_conntrack_unregister_notifier(st - mutex_unlock(&nf_ct_ecache_mutex); - /* synchronize_rcu() is called from ctnetlink_exit. */ - } -+#endif - EXPORT_SYMBOL_GPL(nf_conntrack_unregister_notifier); - - int nf_ct_expect_register_notifier(struct net *net, --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c @@ -28,6 +28,11 @@