mirror of
https://github.com/qosmio/nss-packages.git
synced 2025-12-18 01:01:43 +00:00
204 lines
8.2 KiB
Diff
204 lines
8.2 KiB
Diff
From 6103e80ad89775eee55a97c8f8e07e9f2ac7d332 Mon Sep 17 00:00:00 2001
|
|
From: Bit Thief <bitthief@protonmail.ch>
|
|
Date: Tue, 4 Apr 2023 05:43:43 +0300
|
|
Subject: [PATCH] frontends: drop use of static be_liberal and no_window_check
|
|
|
|
---
|
|
frontends/nss/ecm_nss_ported_ipv4.c | 22 ++++++++--------------
|
|
frontends/nss/ecm_nss_ported_ipv6.c | 20 +++++++-------------
|
|
frontends/sfe/ecm_sfe_ported_ipv4.c | 22 ++++++++--------------
|
|
frontends/sfe/ecm_sfe_ported_ipv6.c | 22 ++++++++--------------
|
|
4 files changed, 31 insertions(+), 55 deletions(-)
|
|
|
|
diff --git a/frontends/nss/ecm_nss_ported_ipv4.c b/frontends/nss/ecm_nss_ported_ipv4.c
|
|
index 6375b6b..ed9c10b 100644
|
|
--- a/frontends/nss/ecm_nss_ported_ipv4.c
|
|
+++ b/frontends/nss/ecm_nss_ported_ipv4.c
|
|
@@ -125,14 +125,6 @@ struct ecm_nss_ported_ipv4_connection_instance {
|
|
static int ecm_nss_ported_ipv4_accelerated_count[ECM_NSS_PORTED_IPV4_PROTO_MAX] = {0};
|
|
/* Array of Number of TCP and UDP connections currently offloaded */
|
|
|
|
-/*
|
|
- * Expose what should be a static flag in the TCP connection tracker.
|
|
- */
|
|
-#ifdef ECM_OPENWRT_SUPPORT
|
|
-extern int nf_ct_tcp_no_window_check;
|
|
-#endif
|
|
-extern int nf_ct_tcp_be_liberal;
|
|
-
|
|
/*
|
|
* ecm_nss_ported_ipv4_connection_callback()
|
|
* Callback for handling create ack/nack calls.
|
|
@@ -372,6 +364,12 @@ static void ecm_nss_ported_ipv4_connection_accelerate(struct ecm_front_end_conne
|
|
uint8_t dest_mac_xlate[ETH_ALEN];
|
|
ecm_db_direction_t ecm_dir;
|
|
ecm_front_end_acceleration_mode_t result_mode;
|
|
+ struct nf_tcp_net *tn;
|
|
+
|
|
+ if (ct) {
|
|
+ struct net *net = nf_ct_net(ct);
|
|
+ tn = nf_tcp_pernet(net);
|
|
+ }
|
|
|
|
DEBUG_CHECK_MAGIC(npci, ECM_NSS_PORTED_IPV4_CONNECTION_INSTANCE_MAGIC, "%px: magic failed", npci);
|
|
|
|
@@ -1235,12 +1233,8 @@ static void ecm_nss_ported_ipv4_connection_accelerate(struct ecm_front_end_conne
|
|
nircm->tcp_rule.return_max_window = ct->proto.tcp.seen[return_dir].td_maxwin;
|
|
nircm->tcp_rule.return_end = ct->proto.tcp.seen[return_dir].td_end;
|
|
nircm->tcp_rule.return_max_end = ct->proto.tcp.seen[return_dir].td_maxend;
|
|
-#ifdef ECM_OPENWRT_SUPPORT
|
|
- if (nf_ct_tcp_be_liberal || nf_ct_tcp_no_window_check
|
|
-#else
|
|
- if (nf_ct_tcp_be_liberal
|
|
-#endif
|
|
- || (ct->proto.tcp.seen[flow_dir].flags & IP_CT_TCP_FLAG_BE_LIBERAL)
|
|
+ if (tn->tcp_be_liberal
|
|
+ || (ct->proto.tcp.seen[flow_dir].flags & IP_CT_TCP_FLAG_BE_LIBERAL)
|
|
|| (ct->proto.tcp.seen[return_dir].flags & IP_CT_TCP_FLAG_BE_LIBERAL)) {
|
|
nircm->rule_flags |= NSS_IPV4_RULE_CREATE_FLAG_NO_SEQ_CHECK;
|
|
}
|
|
diff --git a/frontends/nss/ecm_nss_ported_ipv6.c b/frontends/nss/ecm_nss_ported_ipv6.c
|
|
index 1be8a58..3062c12 100644
|
|
--- a/frontends/nss/ecm_nss_ported_ipv6.c
|
|
+++ b/frontends/nss/ecm_nss_ported_ipv6.c
|
|
@@ -125,14 +125,6 @@ struct ecm_nss_ported_ipv6_connection_instance {
|
|
static int ecm_nss_ported_ipv6_accelerated_count[ECM_NSS_PORTED_IPV6_PROTO_MAX] = {0};
|
|
/* Array of Number of TCP and UDP connections currently offloaded */
|
|
|
|
-/*
|
|
- * Expose what should be a static flag in the TCP connection tracker.
|
|
- */
|
|
-#ifdef ECM_OPENWRT_SUPPORT
|
|
-extern int nf_ct_tcp_no_window_check;
|
|
-#endif
|
|
-extern int nf_ct_tcp_be_liberal;
|
|
-
|
|
/*
|
|
* ecm_nss_ported_ipv6_connection_callback()
|
|
* Callback for handling create ack/nack calls.
|
|
@@ -376,6 +368,12 @@ static void ecm_nss_ported_ipv6_connection_accelerate(struct ecm_front_end_conne
|
|
ip_addr_t src_ip;
|
|
ip_addr_t dest_ip;
|
|
ecm_front_end_acceleration_mode_t result_mode;
|
|
+ struct nf_tcp_net *tn;
|
|
+
|
|
+ if (ct) {
|
|
+ struct net *net = nf_ct_net(ct);
|
|
+ tn = nf_tcp_pernet(net);
|
|
+ }
|
|
|
|
DEBUG_CHECK_MAGIC(npci, ECM_NSS_PORTED_IPV6_CONNECTION_INSTANCE_MAGIC, "%px: magic failed", npci);
|
|
|
|
@@ -1161,11 +1159,7 @@ static void ecm_nss_ported_ipv6_connection_accelerate(struct ecm_front_end_conne
|
|
nircm->tcp_rule.return_max_window = ct->proto.tcp.seen[return_dir].td_maxwin;
|
|
nircm->tcp_rule.return_end = ct->proto.tcp.seen[return_dir].td_end;
|
|
nircm->tcp_rule.return_max_end = ct->proto.tcp.seen[return_dir].td_maxend;
|
|
-#ifdef ECM_OPENWRT_SUPPORT
|
|
- if (nf_ct_tcp_be_liberal || nf_ct_tcp_no_window_check
|
|
-#else
|
|
- if (nf_ct_tcp_be_liberal
|
|
-#endif
|
|
+ if (tn->tcp_be_liberal
|
|
|| (ct->proto.tcp.seen[flow_dir].flags & IP_CT_TCP_FLAG_BE_LIBERAL)
|
|
|| (ct->proto.tcp.seen[return_dir].flags & IP_CT_TCP_FLAG_BE_LIBERAL)) {
|
|
nircm->rule_flags |= NSS_IPV6_RULE_CREATE_FLAG_NO_SEQ_CHECK;
|
|
diff --git a/frontends/sfe/ecm_sfe_ported_ipv4.c b/frontends/sfe/ecm_sfe_ported_ipv4.c
|
|
index 6e375f8..e5ae593 100644
|
|
--- a/frontends/sfe/ecm_sfe_ported_ipv4.c
|
|
+++ b/frontends/sfe/ecm_sfe_ported_ipv4.c
|
|
@@ -123,14 +123,6 @@ struct ecm_sfe_ported_ipv4_connection_instance {
|
|
static int ecm_sfe_ported_ipv4_accelerated_count[ECM_SFE_PORTED_IPV4_PROTO_MAX] = {0};
|
|
/* Array of Number of TCP and UDP connections currently offloaded */
|
|
|
|
-/*
|
|
- * Expose what should be a static flag in the TCP connection tracker.
|
|
- */
|
|
-#ifdef ECM_OPENWRT_SUPPORT
|
|
-extern int nf_ct_tcp_no_window_check;
|
|
-#endif
|
|
-extern int nf_ct_tcp_be_liberal;
|
|
-
|
|
/*
|
|
* ecm_sfe_ported_ipv4_get_stats_bitmap()
|
|
* Get bit map
|
|
@@ -357,9 +357,15 @@ static void ecm_sfe_ported_ipv4_connecti
|
|
uint8_t dest_mac_xlate[ETH_ALEN];
|
|
ecm_db_direction_t ecm_dir;
|
|
ecm_front_end_acceleration_mode_t result_mode;
|
|
+ struct nf_tcp_net *tn;
|
|
uint32_t l2_accel_bits = (ECM_SFE_COMMON_FLOW_L2_ACCEL_ALLOWED | ECM_SFE_COMMON_RETURN_L2_ACCEL_ALLOWED);
|
|
ecm_sfe_common_l2_accel_check_callback_t l2_accel_check;
|
|
|
|
+ if (ct) {
|
|
+ struct net *net = nf_ct_net(ct);
|
|
+ tn = nf_tcp_pernet(net);
|
|
+ }
|
|
+
|
|
DEBUG_CHECK_MAGIC(feci, ECM_FRONT_END_CONNECTION_INSTANCE_MAGIC, "%px: magic failed", feci);
|
|
|
|
/*
|
|
@@ -1332,11 +1330,7 @@ static void ecm_sfe_ported_ipv4_connection_accelerate(struct ecm_front_end_conne
|
|
nircm->tcp_rule.return_max_window = ct->proto.tcp.seen[return_dir].td_maxwin;
|
|
nircm->tcp_rule.return_end = ct->proto.tcp.seen[return_dir].td_end;
|
|
nircm->tcp_rule.return_max_end = ct->proto.tcp.seen[return_dir].td_maxend;
|
|
-#ifdef ECM_OPENWRT_SUPPORT
|
|
- if (nf_ct_tcp_be_liberal || nf_ct_tcp_no_window_check
|
|
-#else
|
|
- if (nf_ct_tcp_be_liberal
|
|
-#endif
|
|
+ if (tn->tcp_be_liberal
|
|
|| (ct->proto.tcp.seen[flow_dir].flags & IP_CT_TCP_FLAG_BE_LIBERAL)
|
|
|| (ct->proto.tcp.seen[return_dir].flags & IP_CT_TCP_FLAG_BE_LIBERAL)) {
|
|
nircm->rule_flags |= SFE_RULE_CREATE_FLAG_NO_SEQ_CHECK;
|
|
diff --git a/frontends/sfe/ecm_sfe_ported_ipv6.c b/frontends/sfe/ecm_sfe_ported_ipv6.c
|
|
index f1885aa..4a6fdbd 100644
|
|
--- a/frontends/sfe/ecm_sfe_ported_ipv6.c
|
|
+++ b/frontends/sfe/ecm_sfe_ported_ipv6.c
|
|
@@ -124,14 +124,6 @@ struct ecm_sfe_ported_ipv6_connection_instance {
|
|
static int ecm_sfe_ported_ipv6_accelerated_count[ECM_SFE_PORTED_IPV6_PROTO_MAX] = {0};
|
|
/* Array of Number of TCP and UDP connections currently offloaded */
|
|
|
|
-/*
|
|
- * Expose what should be a static flag in the TCP connection tracker.
|
|
- */
|
|
-#ifdef ECM_OPENWRT_SUPPORT
|
|
-extern int nf_ct_tcp_no_window_check;
|
|
-#endif
|
|
-extern int nf_ct_tcp_be_liberal;
|
|
-
|
|
/*
|
|
* ecm_sfe_ported_ipv6_get_stats_bitmap()
|
|
* Get bit map
|
|
@@ -361,9 +361,15 @@ static void ecm_sfe_ported_ipv6_connecti
|
|
ip_addr_t src_ip;
|
|
ip_addr_t dest_ip;
|
|
ecm_front_end_acceleration_mode_t result_mode;
|
|
- uint32_t l2_accel_bits = (ECM_SFE_COMMON_FLOW_L2_ACCEL_ALLOWED | ECM_SFE_COMMON_RETURN_L2_ACCEL_ALLOWED);
|
|
+ struct nf_tcp_net *tn;
|
|
+ uint32_t l2_accel_bits = (ECM_SFE_COMMON_FLOW_L2_ACCEL_ALLOWED | ECM_SFE_COMMON_RETURN_L2_ACCEL_ALLOWED);
|
|
ecm_sfe_common_l2_accel_check_callback_t l2_accel_check;
|
|
|
|
+ if (ct) {
|
|
+ struct net *net = nf_ct_net(ct);
|
|
+ tn = nf_tcp_pernet(net);
|
|
+ }
|
|
+
|
|
DEBUG_CHECK_MAGIC(feci, ECM_FRONT_END_CONNECTION_INSTANCE_MAGIC, "%px: magic failed", feci);
|
|
|
|
/*
|
|
@@ -1292,11 +1290,7 @@ static void ecm_sfe_ported_ipv6_connection_accelerate(struct ecm_front_end_conne
|
|
nircm->tcp_rule.return_max_window = ct->proto.tcp.seen[return_dir].td_maxwin;
|
|
nircm->tcp_rule.return_end = ct->proto.tcp.seen[return_dir].td_end;
|
|
nircm->tcp_rule.return_max_end = ct->proto.tcp.seen[return_dir].td_maxend;
|
|
-#ifdef ECM_OPENWRT_SUPPORT
|
|
- if (nf_ct_tcp_be_liberal || nf_ct_tcp_no_window_check
|
|
-#else
|
|
- if (nf_ct_tcp_be_liberal
|
|
-#endif
|
|
+ if (tn->tcp_be_liberal
|
|
|| (ct->proto.tcp.seen[flow_dir].flags & IP_CT_TCP_FLAG_BE_LIBERAL)
|
|
|| (ct->proto.tcp.seen[return_dir].flags & IP_CT_TCP_FLAG_BE_LIBERAL)) {
|
|
nircm->rule_flags |= SFE_RULE_CREATE_FLAG_NO_SEQ_CHECK;
|
|
--
|
|
2.40.0
|