|
|
@@ -1,6 +1,183 @@
|
|
|
+
|
|
|
+
|
|
|
+---
|
|
|
+
|
|
|
+ drivers/net/Kconfig | 123 ++++++++
|
|
|
+ drivers/net/Makefile | 1
|
|
|
+ drivers/net/imq.c | 474 +++++++++++++++++++++++++++++++
|
|
|
+ include/linux/imq.h | 9 +
|
|
|
+ include/linux/netfilter_ipv4/ipt_IMQ.h | 8 +
|
|
|
+ include/linux/netfilter_ipv6/ip6t_IMQ.h | 8 +
|
|
|
+ include/linux/skbuff.h | 8 +
|
|
|
+ net/core/dev.c | 9 +
|
|
|
+ net/ipv4/netfilter/Kconfig | 11 +
|
|
|
+ net/ipv4/netfilter/Makefile | 1
|
|
|
+ net/ipv4/netfilter/ipt_IMQ.c | 69 +++++
|
|
|
+ net/ipv6/netfilter/Kconfig | 9 +
|
|
|
+ net/ipv6/netfilter/Makefile | 1
|
|
|
+ net/ipv6/netfilter/ip6t_IMQ.c | 69 +++++
|
|
|
+ net/sched/sch_generic.c | 1
|
|
|
+ 15 files changed, 800 insertions(+), 1 deletions(-)
|
|
|
+ create mode 100644 drivers/net/imq.c
|
|
|
+ create mode 100644 include/linux/imq.h
|
|
|
+ create mode 100644 include/linux/netfilter_ipv4/ipt_IMQ.h
|
|
|
+ create mode 100644 include/linux/netfilter_ipv6/ip6t_IMQ.h
|
|
|
+ create mode 100644 net/ipv4/netfilter/ipt_IMQ.c
|
|
|
+ create mode 100644 net/ipv6/netfilter/ip6t_IMQ.c
|
|
|
+
|
|
|
+
|
|
|
+diff --git a/drivers/net/Kconfig b/drivers/net/Kconfig
|
|
|
+index 3a0b20a..05c51e7 100644
|
|
|
+--- a/drivers/net/Kconfig
|
|
|
++++ b/drivers/net/Kconfig
|
|
|
+@@ -117,6 +117,129 @@ config EQUALIZER
|
|
|
+ To compile this driver as a module, choose M here: the module
|
|
|
+ will be called eql. If unsure, say N.
|
|
|
+
|
|
|
++config IMQ
|
|
|
++ tristate "IMQ (intermediate queueing device) support"
|
|
|
++ depends on NETDEVICES && NETFILTER
|
|
|
++ ---help---
|
|
|
++ The IMQ device(s) is used as placeholder for QoS queueing
|
|
|
++ disciplines. Every packet entering/leaving the IP stack can be
|
|
|
++ directed through the IMQ device where it's enqueued/dequeued to the
|
|
|
++ attached qdisc. This allows you to treat network devices as classes
|
|
|
++ and distribute bandwidth among them. Iptables is used to specify
|
|
|
++ through which IMQ device, if any, packets travel.
|
|
|
++
|
|
|
++ More information at: http://www.linuximq.net/
|
|
|
++
|
|
|
++ To compile this driver as a module, choose M here: the module
|
|
|
++ will be called imq. If unsure, say N.
|
|
|
++
|
|
|
++choice
|
|
|
++ prompt "IMQ behavior (PRE/POSTROUTING)"
|
|
|
++ depends on IMQ
|
|
|
++ default IMQ_BEHAVIOR_BB
|
|
|
++ help
|
|
|
++
|
|
|
++ This settings defines how IMQ behaves in respect to its
|
|
|
++ hooking in PREROUTING and POSTROUTING.
|
|
|
++
|
|
|
++ IMQ can work in any of the following ways:
|
|
|
++
|
|
|
++ PREROUTING | POSTROUTING
|
|
|
++ -----------------|-------------------
|
|
|
++ #1 After NAT | After NAT
|
|
|
++ #2 After NAT | Before NAT
|
|
|
++ #3 Before NAT | After NAT
|
|
|
++ #4 Before NAT | Before NAT
|
|
|
++
|
|
|
++ The default behavior is to hook before NAT on PREROUTING
|
|
|
++ and after NAT on POSTROUTING (#3).
|
|
|
++
|
|
|
++ This settings are specially usefull when trying to use IMQ
|
|
|
++ to shape NATed clients.
|
|
|
++
|
|
|
++ More information can be found at: www.linuximq.net
|
|
|
++
|
|
|
++ If not sure leave the default settings alone.
|
|
|
++
|
|
|
++config IMQ_BEHAVIOR_AA
|
|
|
++ bool "IMQ AA"
|
|
|
++ help
|
|
|
++ This settings defines how IMQ behaves in respect to its
|
|
|
++ hooking in PREROUTING and POSTROUTING.
|
|
|
++
|
|
|
++ Choosing this option will make IMQ hook like this:
|
|
|
++
|
|
|
++ PREROUTING: After NAT
|
|
|
++ POSTROUTING: After NAT
|
|
|
++
|
|
|
++ More information can be found at: www.linuximq.net
|
|
|
++
|
|
|
++ If not sure leave the default settings alone.
|
|
|
++
|
|
|
++config IMQ_BEHAVIOR_AB
|
|
|
++ bool "IMQ AB"
|
|
|
++ help
|
|
|
++ This settings defines how IMQ behaves in respect to its
|
|
|
++ hooking in PREROUTING and POSTROUTING.
|
|
|
++
|
|
|
++ Choosing this option will make IMQ hook like this:
|
|
|
++
|
|
|
++ PREROUTING: After NAT
|
|
|
++ POSTROUTING: Before NAT
|
|
|
++
|
|
|
++ More information can be found at: www.linuximq.net
|
|
|
++
|
|
|
++ If not sure leave the default settings alone.
|
|
|
++
|
|
|
++config IMQ_BEHAVIOR_BA
|
|
|
++ bool "IMQ BA"
|
|
|
++ help
|
|
|
++ This settings defines how IMQ behaves in respect to its
|
|
|
++ hooking in PREROUTING and POSTROUTING.
|
|
|
++
|
|
|
++ Choosing this option will make IMQ hook like this:
|
|
|
++
|
|
|
++ PREROUTING: Before NAT
|
|
|
++ POSTROUTING: After NAT
|
|
|
++
|
|
|
++ More information can be found at: www.linuximq.net
|
|
|
++
|
|
|
++ If not sure leave the default settings alone.
|
|
|
++
|
|
|
++config IMQ_BEHAVIOR_BB
|
|
|
++ bool "IMQ BB"
|
|
|
++ help
|
|
|
++ This settings defines how IMQ behaves in respect to its
|
|
|
++ hooking in PREROUTING and POSTROUTING.
|
|
|
++
|
|
|
++ Choosing this option will make IMQ hook like this:
|
|
|
++
|
|
|
++ PREROUTING: Before NAT
|
|
|
++ POSTROUTING: Before NAT
|
|
|
++
|
|
|
++ More information can be found at: www.linuximq.net
|
|
|
++
|
|
|
++ If not sure leave the default settings alone.
|
|
|
++
|
|
|
++endchoice
|
|
|
++
|
|
|
++config IMQ_NUM_DEVS
|
|
|
++
|
|
|
++ int "Number of IMQ devices"
|
|
|
++ range 2 16
|
|
|
++ depends on IMQ
|
|
|
++ default "16"
|
|
|
++ help
|
|
|
++
|
|
|
++ This settings defines how many IMQ devices will be
|
|
|
++ created.
|
|
|
++
|
|
|
++ The default value is 16.
|
|
|
++
|
|
|
++ More information can be found at: www.linuximq.net
|
|
|
++
|
|
|
++ If not sure leave the default settings alone.
|
|
|
++
|
|
|
+ config TUN
|
|
|
+ tristate "Universal TUN/TAP device driver support"
|
|
|
+ select CRC32
|
|
|
+diff --git a/drivers/net/Makefile b/drivers/net/Makefile
|
|
|
+index 3b1ea32..17d0575 100644
|
|
|
+--- a/drivers/net/Makefile
|
|
|
++++ b/drivers/net/Makefile
|
|
|
+@@ -143,6 +143,7 @@ obj-$(CONFIG_SLHC) += slhc.o
|
|
|
+ obj-$(CONFIG_XEN_NETDEV_FRONTEND) += xen-netfront.o
|
|
|
+
|
|
|
+ obj-$(CONFIG_DUMMY) += dummy.o
|
|
|
++obj-$(CONFIG_IMQ) += imq.o
|
|
|
+ obj-$(CONFIG_IFB) += ifb.o
|
|
|
+ obj-$(CONFIG_MACVLAN) += macvlan.o
|
|
|
+ obj-$(CONFIG_DE600) += de600.o
|
|
|
+diff --git a/drivers/net/imq.c b/drivers/net/imq.c
|
|
|
+new file mode 100644
|
|
|
+index 0000000..47c31b4
|
|
|
--- /dev/null
|
|
|
+++ b/drivers/net/imq.c
|
|
|
-@@ -0,0 +1,464 @@
|
|
|
+@@ -0,0 +1,474 @@
|
|
|
+/*
|
|
|
+ * Pseudo-driver for the intermediate queue device.
|
|
|
+ *
|
|
|
@@ -54,6 +231,9 @@
|
|
|
+ * qdisc_restart() and moved qdisc_run() to tasklet to avoid
|
|
|
+ * recursive locking. (Jussi Kivilinna)
|
|
|
+ *
|
|
|
++ * 2008/06/14 - New initialization routines to fix 'rmmod' not
|
|
|
++ * working anymore. Used code from ifb.c (Jussi Kivilinna)
|
|
|
++ *
|
|
|
+ *
|
|
|
+ * More info at: http://www.linuximq.net/ (Andre Correa)
|
|
|
+ */
|
|
|
@@ -134,10 +314,10 @@
|
|
|
+#if defined(CONFIG_IMQ_NUM_DEVS)
|
|
|
+static unsigned int numdevs = CONFIG_IMQ_NUM_DEVS;
|
|
|
+#else
|
|
|
-+static unsigned int numdevs = 16;
|
|
|
++static unsigned int numdevs = IMQ_MAX_DEVS;
|
|
|
+#endif
|
|
|
+
|
|
|
-+static struct net_device *imq_devs;
|
|
|
++static struct net_device *imq_devs_cache[IMQ_MAX_DEVS];
|
|
|
+
|
|
|
+static struct net_device_stats *imq_get_stats(struct net_device *dev)
|
|
|
+{
|
|
|
@@ -183,7 +363,23 @@
|
|
|
+ if (index > numdevs)
|
|
|
+ return -1;
|
|
|
+
|
|
|
-+ dev = imq_devs + index;
|
|
|
++ /* check for imq device by index from cache */
|
|
|
++ dev = imq_devs_cache[index];
|
|
|
++ if (!dev) {
|
|
|
++ char buf[8];
|
|
|
++
|
|
|
++ /* get device by name and cache result */
|
|
|
++ snprintf(buf, sizeof(buf), "imq%d", index);
|
|
|
++ dev = dev_get_by_name(&init_net, buf);
|
|
|
++ if (!dev) {
|
|
|
++ /* not found ?!*/
|
|
|
++ BUG();
|
|
|
++ return -1;
|
|
|
++ }
|
|
|
++
|
|
|
++ imq_devs_cache[index] = dev;
|
|
|
++ }
|
|
|
++
|
|
|
+ priv = netdev_priv(dev);
|
|
|
+ if (!(dev->flags & IFF_UP)) {
|
|
|
+ entry->skb->imq_flags = 0;
|
|
|
@@ -213,11 +409,9 @@
|
|
|
+ ret = 0;
|
|
|
+ }
|
|
|
+ }
|
|
|
-+
|
|
|
-+ spin_unlock_bh(&dev->queue_lock);
|
|
|
-+
|
|
|
+ if (!test_and_set_bit(1, &priv->tasklet_pending))
|
|
|
+ tasklet_schedule(&priv->tasklet);
|
|
|
++ spin_unlock_bh(&dev->queue_lock);
|
|
|
+
|
|
|
+ if (skb2)
|
|
|
+ kfree_skb(ret ? entry->skb : skb2);
|
|
|
@@ -237,9 +431,8 @@
|
|
|
+
|
|
|
+ spin_lock(&dev->queue_lock);
|
|
|
+ qdisc_run(dev);
|
|
|
-+ spin_unlock(&dev->queue_lock);
|
|
|
-+
|
|
|
+ clear_bit(1, &priv->tasklet_pending);
|
|
|
++ spin_unlock(&dev->queue_lock);
|
|
|
+}
|
|
|
+
|
|
|
+static unsigned int imq_nf_hook(unsigned int hook, struct sk_buff *pskb,
|
|
|
@@ -273,6 +466,24 @@
|
|
|
+ return 0;
|
|
|
+}
|
|
|
+
|
|
|
++static void imq_setup(struct net_device *dev)
|
|
|
++{
|
|
|
++ dev->hard_start_xmit = imq_dev_xmit;
|
|
|
++ dev->open = imq_open;
|
|
|
++ dev->get_stats = imq_get_stats;
|
|
|
++ dev->stop = imq_close;
|
|
|
++ dev->type = ARPHRD_VOID;
|
|
|
++ dev->mtu = 16000;
|
|
|
++ dev->tx_queue_len = 11000;
|
|
|
++ dev->flags = IFF_NOARP;
|
|
|
++}
|
|
|
++
|
|
|
++static struct rtnl_link_ops imq_link_ops __read_mostly = {
|
|
|
++ .kind = "imq",
|
|
|
++ .priv_size = sizeof(struct imq_private),
|
|
|
++ .setup = imq_setup,
|
|
|
++};
|
|
|
++
|
|
|
+static int __init imq_init_hooks(void)
|
|
|
+{
|
|
|
+ int err;
|
|
|
@@ -321,45 +532,33 @@
|
|
|
+ return err;
|
|
|
+}
|
|
|
+
|
|
|
-+static void __exit imq_unhook(void)
|
|
|
++static int __init imq_init_one(int index)
|
|
|
+{
|
|
|
-+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
|
|
|
-+ nf_unregister_hook(&imq_ingress_ipv6);
|
|
|
-+ nf_unregister_hook(&imq_egress_ipv6);
|
|
|
-+ nf_unregister_queue_handler(PF_INET6, &nfqh);
|
|
|
-+#endif
|
|
|
-+ nf_unregister_hook(&imq_ingress_ipv4);
|
|
|
-+ nf_unregister_hook(&imq_egress_ipv4);
|
|
|
-+ nf_unregister_queue_handler(PF_INET, &nfqh);
|
|
|
-+}
|
|
|
-+
|
|
|
-+static int __init imq_dev_init(struct net_device *dev)
|
|
|
-+{
|
|
|
-+ dev->hard_start_xmit = imq_dev_xmit;
|
|
|
-+ dev->open = imq_open;
|
|
|
-+ dev->get_stats = imq_get_stats;
|
|
|
-+ dev->stop = imq_close;
|
|
|
-+ dev->type = ARPHRD_VOID;
|
|
|
-+ dev->mtu = 16000;
|
|
|
-+ dev->tx_queue_len = 11000;
|
|
|
-+ dev->flags = IFF_NOARP;
|
|
|
++ struct net_device *dev;
|
|
|
++ int ret;
|
|
|
+
|
|
|
-+ dev->priv = kzalloc(sizeof(struct imq_private), GFP_KERNEL);
|
|
|
-+ if (dev->priv == NULL)
|
|
|
++ dev = alloc_netdev(sizeof(struct imq_private), "imq%d", imq_setup);
|
|
|
++ if (!dev)
|
|
|
+ return -ENOMEM;
|
|
|
+
|
|
|
-+ return 0;
|
|
|
-+}
|
|
|
++ ret = dev_alloc_name(dev, dev->name);
|
|
|
++ if (ret < 0)
|
|
|
++ goto fail;
|
|
|
+
|
|
|
-+static void imq_dev_uninit(struct net_device *dev)
|
|
|
-+{
|
|
|
-+ kfree(dev->priv);
|
|
|
++ dev->rtnl_link_ops = &imq_link_ops;
|
|
|
++ ret = register_netdevice(dev);
|
|
|
++ if (ret < 0)
|
|
|
++ goto fail;
|
|
|
++
|
|
|
++ return 0;
|
|
|
++fail:
|
|
|
++ free_netdev(dev);
|
|
|
++ return ret;
|
|
|
+}
|
|
|
+
|
|
|
-+static int __init imq_init_devs(struct net *net)
|
|
|
++static int __init imq_init_devs(void)
|
|
|
+{
|
|
|
-+ struct net_device *dev;
|
|
|
-+ int i, j;
|
|
|
++ int err, i;
|
|
|
+
|
|
|
+ if (!numdevs || numdevs > IMQ_MAX_DEVS) {
|
|
|
+ printk(KERN_ERR "IMQ: numdevs has to be betweed 1 and %u\n",
|
|
|
@@ -367,48 +566,26 @@
|
|
|
+ return -EINVAL;
|
|
|
+ }
|
|
|
+
|
|
|
-+ imq_devs = kzalloc(sizeof(struct net_device) * numdevs, GFP_KERNEL);
|
|
|
-+ if (!imq_devs)
|
|
|
-+ return -ENOMEM;
|
|
|
-+
|
|
|
-+ /* we start counting at zero */
|
|
|
-+ j = numdevs - 1;
|
|
|
++ rtnl_lock();
|
|
|
++ err = __rtnl_link_register(&imq_link_ops);
|
|
|
+
|
|
|
-+ for (i = 0, dev = imq_devs; i <= j; i++, dev++) {
|
|
|
-+ strcpy(dev->name, "imq%d");
|
|
|
-+ dev->init = imq_dev_init;
|
|
|
-+ dev->uninit = imq_dev_uninit;
|
|
|
-+ dev->nd_net = net;
|
|
|
++ for (i = 0; i < numdevs && !err; i++)
|
|
|
++ err = imq_init_one(i);
|
|
|
+
|
|
|
-+ if (register_netdev(dev) < 0)
|
|
|
-+ goto err_register;
|
|
|
++ if (err) {
|
|
|
++ __rtnl_link_unregister(&imq_link_ops);
|
|
|
++ memset(imq_devs_cache, 0, sizeof(imq_devs_cache));
|
|
|
+ }
|
|
|
-+ printk(KERN_INFO "IMQ starting with %u devices...\n", numdevs);
|
|
|
-+ return 0;
|
|
|
-+
|
|
|
-+err_register:
|
|
|
-+ for (; i; i--)
|
|
|
-+ unregister_netdev(--dev);
|
|
|
-+ kfree(imq_devs);
|
|
|
-+ return -EIO;
|
|
|
-+}
|
|
|
-+
|
|
|
-+static void imq_cleanup_devs(void)
|
|
|
-+{
|
|
|
-+ int i;
|
|
|
-+ struct net_device *dev = imq_devs;
|
|
|
-+
|
|
|
-+ for (i = 0; i <= numdevs; i++)
|
|
|
-+ unregister_netdev(dev++);
|
|
|
++ rtnl_unlock();
|
|
|
+
|
|
|
-+ kfree(imq_devs);
|
|
|
++ return err;
|
|
|
+}
|
|
|
+
|
|
|
-+static __net_init int imq_init_module(struct net *net)
|
|
|
++static int __init imq_init_module(void)
|
|
|
+{
|
|
|
+ int err;
|
|
|
+
|
|
|
-+ err = imq_init_devs(net);
|
|
|
++ err = imq_init_devs();
|
|
|
+ if (err) {
|
|
|
+ printk(KERN_ERR "IMQ: Error trying imq_init_devs(net)\n");
|
|
|
+ return err;
|
|
|
@@ -417,7 +594,8 @@
|
|
|
+ err = imq_init_hooks();
|
|
|
+ if (err) {
|
|
|
+ printk(KERN_ERR "IMQ: Error trying imq_init_hooks()\n");
|
|
|
-+ imq_cleanup_devs();
|
|
|
++ rtnl_link_unregister(&imq_link_ops);
|
|
|
++ memset(imq_devs_cache, 0, sizeof(imq_devs_cache));
|
|
|
+ return err;
|
|
|
+ }
|
|
|
+
|
|
|
@@ -437,25 +615,33 @@
|
|
|
+ return 0;
|
|
|
+}
|
|
|
+
|
|
|
-+static __net_exit void imq_exit_module(struct net *net)
|
|
|
++static void __exit imq_unhook(void)
|
|
|
+{
|
|
|
-+ imq_unhook();
|
|
|
-+ imq_cleanup_devs();
|
|
|
-+ printk(KERN_INFO "IMQ driver unloaded successfully.\n");
|
|
|
++#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
|
|
|
++ nf_unregister_hook(&imq_ingress_ipv6);
|
|
|
++ nf_unregister_hook(&imq_egress_ipv6);
|
|
|
++ nf_unregister_queue_handler(PF_INET6, &nfqh);
|
|
|
++#endif
|
|
|
++ nf_unregister_hook(&imq_ingress_ipv4);
|
|
|
++ nf_unregister_hook(&imq_egress_ipv4);
|
|
|
++ nf_unregister_queue_handler(PF_INET, &nfqh);
|
|
|
+}
|
|
|
+
|
|
|
-+static struct pernet_operations __net_initdata imq_net_ops = {
|
|
|
-+ .init = imq_init_module,
|
|
|
-+ .exit = imq_exit_module,
|
|
|
-+};
|
|
|
++static void __exit imq_cleanup_devs(void)
|
|
|
++{
|
|
|
++ rtnl_link_unregister(&imq_link_ops);
|
|
|
++ memset(imq_devs_cache, 0, sizeof(imq_devs_cache));
|
|
|
++}
|
|
|
+
|
|
|
-+static int __init imq_init(void)
|
|
|
++static void __exit imq_exit_module(void)
|
|
|
+{
|
|
|
-+ return register_pernet_device(&imq_net_ops);
|
|
|
++ imq_unhook();
|
|
|
++ imq_cleanup_devs();
|
|
|
++ printk(KERN_INFO "IMQ driver unloaded successfully.\n");
|
|
|
+}
|
|
|
+
|
|
|
-+module_init(imq_init);
|
|
|
-+/*module_exit(imq_cleanup_module);*/
|
|
|
++module_init(imq_init_module);
|
|
|
++module_exit(imq_exit_module);
|
|
|
+
|
|
|
+module_param(numdevs, int, 0);
|
|
|
+MODULE_PARM_DESC(numdevs, "number of IMQ devices (how many imq* devices will "
|
|
|
@@ -464,149 +650,11 @@
|
|
|
+MODULE_DESCRIPTION("Pseudo-driver for the intermediate queue device. See "
|
|
|
+ "http://www.linuximq.net/ for more information.");
|
|
|
+MODULE_LICENSE("GPL");
|
|
|
++MODULE_ALIAS_RTNL_LINK("imq");
|
|
|
+
|
|
|
---- a/drivers/net/Kconfig
|
|
|
-+++ b/drivers/net/Kconfig
|
|
|
-@@ -117,6 +117,129 @@
|
|
|
- To compile this driver as a module, choose M here: the module
|
|
|
- will be called eql. If unsure, say N.
|
|
|
-
|
|
|
-+config IMQ
|
|
|
-+ tristate "IMQ (intermediate queueing device) support"
|
|
|
-+ depends on NETDEVICES && NETFILTER
|
|
|
-+ ---help---
|
|
|
-+ The IMQ device(s) is used as placeholder for QoS queueing
|
|
|
-+ disciplines. Every packet entering/leaving the IP stack can be
|
|
|
-+ directed through the IMQ device where it's enqueued/dequeued to the
|
|
|
-+ attached qdisc. This allows you to treat network devices as classes
|
|
|
-+ and distribute bandwidth among them. Iptables is used to specify
|
|
|
-+ through which IMQ device, if any, packets travel.
|
|
|
-+
|
|
|
-+ More information at: http://www.linuximq.net/
|
|
|
-+
|
|
|
-+ To compile this driver as a module, choose M here: the module
|
|
|
-+ will be called imq. If unsure, say N.
|
|
|
-+
|
|
|
-+choice
|
|
|
-+ prompt "IMQ behavior (PRE/POSTROUTING)"
|
|
|
-+ depends on IMQ
|
|
|
-+ default IMQ_BEHAVIOR_BB
|
|
|
-+ help
|
|
|
-+
|
|
|
-+ This settings defines how IMQ behaves in respect to its
|
|
|
-+ hooking in PREROUTING and POSTROUTING.
|
|
|
-+
|
|
|
-+ IMQ can work in any of the following ways:
|
|
|
-+
|
|
|
-+ PREROUTING | POSTROUTING
|
|
|
-+ -----------------|-------------------
|
|
|
-+ #1 After NAT | After NAT
|
|
|
-+ #2 After NAT | Before NAT
|
|
|
-+ #3 Before NAT | After NAT
|
|
|
-+ #4 Before NAT | Before NAT
|
|
|
-+
|
|
|
-+ The default behavior is to hook before NAT on PREROUTING
|
|
|
-+ and after NAT on POSTROUTING (#3).
|
|
|
-+
|
|
|
-+ This settings are specially usefull when trying to use IMQ
|
|
|
-+ to shape NATed clients.
|
|
|
-+
|
|
|
-+ More information can be found at: www.linuximq.net
|
|
|
-+
|
|
|
-+ If not sure leave the default settings alone.
|
|
|
-+
|
|
|
-+config IMQ_BEHAVIOR_AA
|
|
|
-+ bool "IMQ AA"
|
|
|
-+ help
|
|
|
-+ This settings defines how IMQ behaves in respect to its
|
|
|
-+ hooking in PREROUTING and POSTROUTING.
|
|
|
-+
|
|
|
-+ Choosing this option will make IMQ hook like this:
|
|
|
-+
|
|
|
-+ PREROUTING: After NAT
|
|
|
-+ POSTROUTING: After NAT
|
|
|
-+
|
|
|
-+ More information can be found at: www.linuximq.net
|
|
|
-+
|
|
|
-+ If not sure leave the default settings alone.
|
|
|
-+
|
|
|
-+config IMQ_BEHAVIOR_AB
|
|
|
-+ bool "IMQ AB"
|
|
|
-+ help
|
|
|
-+ This settings defines how IMQ behaves in respect to its
|
|
|
-+ hooking in PREROUTING and POSTROUTING.
|
|
|
-+
|
|
|
-+ Choosing this option will make IMQ hook like this:
|
|
|
-+
|
|
|
-+ PREROUTING: After NAT
|
|
|
-+ POSTROUTING: Before NAT
|
|
|
-+
|
|
|
-+ More information can be found at: www.linuximq.net
|
|
|
-+
|
|
|
-+ If not sure leave the default settings alone.
|
|
|
-+
|
|
|
-+config IMQ_BEHAVIOR_BA
|
|
|
-+ bool "IMQ BA"
|
|
|
-+ help
|
|
|
-+ This settings defines how IMQ behaves in respect to its
|
|
|
-+ hooking in PREROUTING and POSTROUTING.
|
|
|
-+
|
|
|
-+ Choosing this option will make IMQ hook like this:
|
|
|
-+
|
|
|
-+ PREROUTING: Before NAT
|
|
|
-+ POSTROUTING: After NAT
|
|
|
-+
|
|
|
-+ More information can be found at: www.linuximq.net
|
|
|
-+
|
|
|
-+ If not sure leave the default settings alone.
|
|
|
-+
|
|
|
-+config IMQ_BEHAVIOR_BB
|
|
|
-+ bool "IMQ BB"
|
|
|
-+ help
|
|
|
-+ This settings defines how IMQ behaves in respect to its
|
|
|
-+ hooking in PREROUTING and POSTROUTING.
|
|
|
-+
|
|
|
-+ Choosing this option will make IMQ hook like this:
|
|
|
-+
|
|
|
-+ PREROUTING: Before NAT
|
|
|
-+ POSTROUTING: Before NAT
|
|
|
-+
|
|
|
-+ More information can be found at: www.linuximq.net
|
|
|
-+
|
|
|
-+ If not sure leave the default settings alone.
|
|
|
-+
|
|
|
-+endchoice
|
|
|
-+
|
|
|
-+config IMQ_NUM_DEVS
|
|
|
-+
|
|
|
-+ int "Number of IMQ devices"
|
|
|
-+ range 2 16
|
|
|
-+ depends on IMQ
|
|
|
-+ default "16"
|
|
|
-+ help
|
|
|
-+
|
|
|
-+ This settings defines how many IMQ devices will be
|
|
|
-+ created.
|
|
|
-+
|
|
|
-+ The default value is 16.
|
|
|
-+
|
|
|
-+ More information can be found at: www.linuximq.net
|
|
|
-+
|
|
|
-+ If not sure leave the default settings alone.
|
|
|
-+
|
|
|
- config TUN
|
|
|
- tristate "Universal TUN/TAP device driver support"
|
|
|
- select CRC32
|
|
|
---- a/drivers/net/Makefile
|
|
|
-+++ b/drivers/net/Makefile
|
|
|
-@@ -143,6 +143,7 @@
|
|
|
- obj-$(CONFIG_XEN_NETDEV_FRONTEND) += xen-netfront.o
|
|
|
-
|
|
|
- obj-$(CONFIG_DUMMY) += dummy.o
|
|
|
-+obj-$(CONFIG_IMQ) += imq.o
|
|
|
- obj-$(CONFIG_IFB) += ifb.o
|
|
|
- obj-$(CONFIG_MACVLAN) += macvlan.o
|
|
|
- obj-$(CONFIG_DE600) += de600.o
|
|
|
+diff --git a/include/linux/imq.h b/include/linux/imq.h
|
|
|
+new file mode 100644
|
|
|
+index 0000000..1447c4e
|
|
|
--- /dev/null
|
|
|
+++ b/include/linux/imq.h
|
|
|
@@ -0,0 +1,9 @@
|
|
|
@@ -619,6 +667,9 @@
|
|
|
+#define IMQ_F_ENQUEUE 0x80
|
|
|
+
|
|
|
+#endif /* _IMQ_H */
|
|
|
+diff --git a/include/linux/netfilter_ipv4/ipt_IMQ.h b/include/linux/netfilter_ipv4/ipt_IMQ.h
|
|
|
+new file mode 100644
|
|
|
+index 0000000..a304991
|
|
|
--- /dev/null
|
|
|
+++ b/include/linux/netfilter_ipv4/ipt_IMQ.h
|
|
|
@@ -0,0 +1,8 @@
|
|
|
@@ -630,6 +681,9 @@
|
|
|
+};
|
|
|
+
|
|
|
+#endif /* _IPT_IMQ_H */
|
|
|
+diff --git a/include/linux/netfilter_ipv6/ip6t_IMQ.h b/include/linux/netfilter_ipv6/ip6t_IMQ.h
|
|
|
+new file mode 100644
|
|
|
+index 0000000..605f549
|
|
|
--- /dev/null
|
|
|
+++ b/include/linux/netfilter_ipv6/ip6t_IMQ.h
|
|
|
@@ -0,0 +1,8 @@
|
|
|
@@ -641,9 +695,11 @@
|
|
|
+};
|
|
|
+
|
|
|
+#endif /* _IP6T_IMQ_H */
|
|
|
+diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
|
|
|
+index bbd8d00..f7d6f7e 100644
|
|
|
--- a/include/linux/skbuff.h
|
|
|
+++ b/include/linux/skbuff.h
|
|
|
-@@ -296,6 +296,10 @@
|
|
|
+@@ -296,6 +296,10 @@ struct sk_buff {
|
|
|
struct nf_conntrack *nfct;
|
|
|
struct sk_buff *nfct_reasm;
|
|
|
#endif
|
|
|
@@ -654,7 +710,7 @@
|
|
|
#ifdef CONFIG_BRIDGE_NETFILTER
|
|
|
struct nf_bridge_info *nf_bridge;
|
|
|
#endif
|
|
|
-@@ -1736,6 +1740,10 @@
|
|
|
+@@ -1736,6 +1740,10 @@ static inline void __nf_copy(struct sk_buff *dst, const struct sk_buff *src)
|
|
|
dst->nfct_reasm = src->nfct_reasm;
|
|
|
nf_conntrack_get_reasm(src->nfct_reasm);
|
|
|
#endif
|
|
|
@@ -665,6 +721,8 @@
|
|
|
#ifdef CONFIG_BRIDGE_NETFILTER
|
|
|
dst->nf_bridge = src->nf_bridge;
|
|
|
nf_bridge_get(src->nf_bridge);
|
|
|
+diff --git a/net/core/dev.c b/net/core/dev.c
|
|
|
+index 460e7f9..094838b 100644
|
|
|
--- a/net/core/dev.c
|
|
|
+++ b/net/core/dev.c
|
|
|
@@ -95,6 +95,9 @@
|
|
|
@@ -677,7 +735,7 @@
|
|
|
#include <linux/proc_fs.h>
|
|
|
#include <linux/seq_file.h>
|
|
|
#include <linux/stat.h>
|
|
|
-@@ -1537,7 +1540,11 @@
|
|
|
+@@ -1537,7 +1540,11 @@ static int dev_gso_segment(struct sk_buff *skb)
|
|
|
int dev_hard_start_xmit(struct sk_buff *skb, struct net_device *dev)
|
|
|
{
|
|
|
if (likely(!skb->next)) {
|
|
|
@@ -690,6 +748,43 @@
|
|
|
dev_queue_xmit_nit(skb, dev);
|
|
|
|
|
|
if (netif_needs_gso(dev, skb)) {
|
|
|
+diff --git a/net/ipv4/netfilter/Kconfig b/net/ipv4/netfilter/Kconfig
|
|
|
+index 9a077cb..3bde19b 100644
|
|
|
+--- a/net/ipv4/netfilter/Kconfig
|
|
|
++++ b/net/ipv4/netfilter/Kconfig
|
|
|
+@@ -123,6 +123,17 @@ config IP_NF_FILTER
|
|
|
+
|
|
|
+ To compile it as a module, choose M here. If unsure, say N.
|
|
|
+
|
|
|
++config IP_NF_TARGET_IMQ
|
|
|
++ tristate "IMQ target support"
|
|
|
++ depends on IP_NF_MANGLE
|
|
|
++ help
|
|
|
++ This option adds a `IMQ' target which is used to specify if and
|
|
|
++ to which IMQ device packets should get enqueued/dequeued.
|
|
|
++
|
|
|
++ For more information visit: http://www.linuximq.net/
|
|
|
++
|
|
|
++ To compile it as a module, choose M here. If unsure, say N.
|
|
|
++
|
|
|
+ config IP_NF_TARGET_REJECT
|
|
|
+ tristate "REJECT target support"
|
|
|
+ depends on IP_NF_FILTER
|
|
|
+diff --git a/net/ipv4/netfilter/Makefile b/net/ipv4/netfilter/Makefile
|
|
|
+index 0c7dc78..7617528 100644
|
|
|
+--- a/net/ipv4/netfilter/Makefile
|
|
|
++++ b/net/ipv4/netfilter/Makefile
|
|
|
+@@ -51,6 +51,7 @@ obj-$(CONFIG_IP_NF_MATCH_TTL) += ipt_ttl.o
|
|
|
+ obj-$(CONFIG_IP_NF_TARGET_CLUSTERIP) += ipt_CLUSTERIP.o
|
|
|
+ obj-$(CONFIG_IP_NF_TARGET_ECN) += ipt_ECN.o
|
|
|
+ obj-$(CONFIG_IP_NF_TARGET_LOG) += ipt_LOG.o
|
|
|
++obj-$(CONFIG_IP_NF_TARGET_IMQ) += ipt_IMQ.o
|
|
|
+ obj-$(CONFIG_IP_NF_TARGET_MASQUERADE) += ipt_MASQUERADE.o
|
|
|
+ obj-$(CONFIG_IP_NF_TARGET_NETMAP) += ipt_NETMAP.o
|
|
|
+ obj-$(CONFIG_IP_NF_TARGET_REDIRECT) += ipt_REDIRECT.o
|
|
|
+diff --git a/net/ipv4/netfilter/ipt_IMQ.c b/net/ipv4/netfilter/ipt_IMQ.c
|
|
|
+new file mode 100644
|
|
|
+index 0000000..cda69a4
|
|
|
--- /dev/null
|
|
|
+++ b/net/ipv4/netfilter/ipt_IMQ.c
|
|
|
@@ -0,0 +1,69 @@
|
|
|
@@ -709,7 +804,7 @@
|
|
|
+ const struct xt_target *target,
|
|
|
+ const void *targinfo)
|
|
|
+{
|
|
|
-+ struct ipt_imq_info *mr = (struct ipt_imq_info*)targinfo;
|
|
|
++ struct ipt_imq_info *mr = (struct ipt_imq_info *)targinfo;
|
|
|
+
|
|
|
+ pskb->imq_flags = mr->todev | IMQ_F_ENQUEUE;
|
|
|
+
|
|
|
@@ -724,7 +819,7 @@
|
|
|
+{
|
|
|
+ struct ipt_imq_info *mr;
|
|
|
+
|
|
|
-+ mr = (struct ipt_imq_info*)targinfo;
|
|
|
++ mr = (struct ipt_imq_info *)targinfo;
|
|
|
+
|
|
|
+ if (mr->todev > IMQ_MAX_DEVS) {
|
|
|
+ printk(KERN_WARNING
|
|
|
@@ -762,36 +857,41 @@
|
|
|
+MODULE_AUTHOR("http://www.linuximq.net");
|
|
|
+MODULE_DESCRIPTION("Pseudo-driver for the intermediate queue device. See http://www.linuximq.net/ for more information.");
|
|
|
+MODULE_LICENSE("GPL");
|
|
|
---- a/net/ipv4/netfilter/Kconfig
|
|
|
-+++ b/net/ipv4/netfilter/Kconfig
|
|
|
-@@ -145,6 +145,17 @@
|
|
|
+diff --git a/net/ipv6/netfilter/Kconfig b/net/ipv6/netfilter/Kconfig
|
|
|
+index 6cae547..3b3b610 100644
|
|
|
+--- a/net/ipv6/netfilter/Kconfig
|
|
|
++++ b/net/ipv6/netfilter/Kconfig
|
|
|
+@@ -179,6 +179,15 @@ config IP6_NF_MANGLE
|
|
|
|
|
|
To compile it as a module, choose M here. If unsure, say N.
|
|
|
|
|
|
-+config IP_NF_TARGET_IMQ
|
|
|
-+ tristate "IMQ target support"
|
|
|
-+ depends on IP_NF_MANGLE
|
|
|
-+ help
|
|
|
-+ This option adds a `IMQ' target which is used to specify if and
|
|
|
-+ to which IMQ device packets should get enqueued/dequeued.
|
|
|
-+
|
|
|
-+ For more information visit: http://www.linuximq.net/
|
|
|
++config IP6_NF_TARGET_IMQ
|
|
|
++ tristate "IMQ target support"
|
|
|
++ depends on IP6_NF_MANGLE
|
|
|
++ help
|
|
|
++ This option adds a `IMQ' target which is used to specify if and
|
|
|
++ to which imq device packets should get enqueued/dequeued.
|
|
|
+
|
|
|
-+ To compile it as a module, choose M here. If unsure, say N.
|
|
|
++ To compile it as a module, choose M here. If unsure, say N.
|
|
|
+
|
|
|
- config IP_NF_TARGET_REJECT
|
|
|
- tristate "REJECT target support"
|
|
|
- depends on IP_NF_FILTER
|
|
|
---- a/net/ipv4/netfilter/Makefile
|
|
|
-+++ b/net/ipv4/netfilter/Makefile
|
|
|
-@@ -55,6 +55,7 @@
|
|
|
- obj-$(CONFIG_IP_NF_TARGET_CLUSTERIP) += ipt_CLUSTERIP.o
|
|
|
- obj-$(CONFIG_IP_NF_TARGET_ECN) += ipt_ECN.o
|
|
|
- obj-$(CONFIG_IP_NF_TARGET_LOG) += ipt_LOG.o
|
|
|
-+obj-$(CONFIG_IP_NF_TARGET_IMQ) += ipt_IMQ.o
|
|
|
- obj-$(CONFIG_IP_NF_TARGET_MASQUERADE) += ipt_MASQUERADE.o
|
|
|
- obj-$(CONFIG_IP_NF_TARGET_NETMAP) += ipt_NETMAP.o
|
|
|
- obj-$(CONFIG_IP_NF_TARGET_REDIRECT) += ipt_REDIRECT.o
|
|
|
+ config IP6_NF_TARGET_HL
|
|
|
+ tristate 'HL (hoplimit) target support'
|
|
|
+ depends on IP6_NF_MANGLE
|
|
|
+diff --git a/net/ipv6/netfilter/Makefile b/net/ipv6/netfilter/Makefile
|
|
|
+index fbf2c14..dcfe80b 100644
|
|
|
+--- a/net/ipv6/netfilter/Makefile
|
|
|
++++ b/net/ipv6/netfilter/Makefile
|
|
|
+@@ -6,6 +6,7 @@
|
|
|
+ obj-$(CONFIG_IP6_NF_IPTABLES) += ip6_tables.o
|
|
|
+ obj-$(CONFIG_IP6_NF_FILTER) += ip6table_filter.o
|
|
|
+ obj-$(CONFIG_IP6_NF_MANGLE) += ip6table_mangle.o
|
|
|
++obj-$(CONFIG_IP6_NF_TARGET_IMQ) += ip6t_IMQ.o
|
|
|
+ obj-$(CONFIG_IP6_NF_QUEUE) += ip6_queue.o
|
|
|
+ obj-$(CONFIG_IP6_NF_RAW) += ip6table_raw.o
|
|
|
+
|
|
|
+diff --git a/net/ipv6/netfilter/ip6t_IMQ.c b/net/ipv6/netfilter/ip6t_IMQ.c
|
|
|
+new file mode 100644
|
|
|
+index 0000000..5cf7b72
|
|
|
--- /dev/null
|
|
|
+++ b/net/ipv6/netfilter/ip6t_IMQ.c
|
|
|
@@ -0,0 +1,69 @@
|
|
|
@@ -811,7 +911,7 @@
|
|
|
+ const struct xt_target *target,
|
|
|
+ const void *targinfo)
|
|
|
+{
|
|
|
-+ struct ip6t_imq_info *mr = (struct ip6t_imq_info*)targinfo;
|
|
|
++ struct ip6t_imq_info *mr = (struct ip6t_imq_info *)targinfo;
|
|
|
+
|
|
|
+ pskb->imq_flags = mr->todev | IMQ_F_ENQUEUE;
|
|
|
+
|
|
|
@@ -826,7 +926,7 @@
|
|
|
+{
|
|
|
+ struct ip6t_imq_info *mr;
|
|
|
+
|
|
|
-+ mr = (struct ip6t_imq_info*)targinfo;
|
|
|
++ mr = (struct ip6t_imq_info *)targinfo;
|
|
|
+
|
|
|
+ if (mr->todev > IMQ_MAX_DEVS) {
|
|
|
+ printk(KERN_WARNING
|
|
|
@@ -864,37 +964,11 @@
|
|
|
+MODULE_AUTHOR("http://www.linuximq.net");
|
|
|
+MODULE_DESCRIPTION("Pseudo-driver for the intermediate queue device. See http://www.linuximq.net/ for more information.");
|
|
|
+MODULE_LICENSE("GPL");
|
|
|
---- a/net/ipv6/netfilter/Kconfig
|
|
|
-+++ b/net/ipv6/netfilter/Kconfig
|
|
|
-@@ -179,6 +179,15 @@
|
|
|
-
|
|
|
- To compile it as a module, choose M here. If unsure, say N.
|
|
|
-
|
|
|
-+config IP6_NF_TARGET_IMQ
|
|
|
-+ tristate "IMQ target support"
|
|
|
-+ depends on IP6_NF_MANGLE
|
|
|
-+ help
|
|
|
-+ This option adds a `IMQ' target which is used to specify if and
|
|
|
-+ to which imq device packets should get enqueued/dequeued.
|
|
|
-+
|
|
|
-+ To compile it as a module, choose M here. If unsure, say N.
|
|
|
-+
|
|
|
- config IP6_NF_TARGET_HL
|
|
|
- tristate 'HL (hoplimit) target support'
|
|
|
- depends on IP6_NF_MANGLE
|
|
|
---- a/net/ipv6/netfilter/Makefile
|
|
|
-+++ b/net/ipv6/netfilter/Makefile
|
|
|
-@@ -6,6 +6,7 @@
|
|
|
- obj-$(CONFIG_IP6_NF_IPTABLES) += ip6_tables.o
|
|
|
- obj-$(CONFIG_IP6_NF_FILTER) += ip6table_filter.o
|
|
|
- obj-$(CONFIG_IP6_NF_MANGLE) += ip6table_mangle.o
|
|
|
-+obj-$(CONFIG_IP6_NF_TARGET_IMQ) += ip6t_IMQ.o
|
|
|
- obj-$(CONFIG_IP6_NF_QUEUE) += ip6_queue.o
|
|
|
- obj-$(CONFIG_IP6_NF_RAW) += ip6table_raw.o
|
|
|
-
|
|
|
+diff --git a/net/sched/sch_generic.c b/net/sched/sch_generic.c
|
|
|
+index b741618..dcb916e 100644
|
|
|
--- a/net/sched/sch_generic.c
|
|
|
+++ b/net/sched/sch_generic.c
|
|
|
-@@ -203,6 +203,7 @@
|
|
|
+@@ -203,6 +203,7 @@ void __qdisc_run(struct net_device *dev)
|
|
|
|
|
|
clear_bit(__LINK_STATE_QDISC_RUNNING, &dev->state);
|
|
|
}
|
Gabor Juhos