From patchwork Mon Oct 14 16:46:11 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Tremer X-Patchwork-Id: 2502 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 46sPbH2PBNz42j9 for ; Mon, 14 Oct 2019 16:46:35 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail02.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 46sPbG6V9Pz2p3; Mon, 14 Oct 2019 16:46:34 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 46sPbG4mHmz2ypv; Mon, 14 Oct 2019 16:46:34 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 46sPbD5vjkz2y2r for ; Mon, 14 Oct 2019 16:46:32 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPSA id 46sPbD3JJ2z2Nq; Mon, 14 Oct 2019 16:46:32 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=201909ed25519; t=1571071592; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=RZBb2jPJvp2FmlzJr/9W2OhyD3bgIIu7UtV25/L8g7g=; b=3tSKG+HWtJBjZlDRGxUW2TgvMiGh6AdhIenPGGB5A7oWdt7pQxILehcIEM4GPlFMUMkI+J 1q1ESOXC8srIP8CQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=201909rsa; t=1571071592; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=RZBb2jPJvp2FmlzJr/9W2OhyD3bgIIu7UtV25/L8g7g=; b=XgNP4MCsy7sdsQJS4km1fnqyEkakDOvIhL50khNFek45ikPUR3Ke/Nay0U1vA3OeVxk0mI mcLzyuCa7bL87OP6uPYFnXmKsCLBNKmmES0XTfDyQ0zYgd+3w2nUD2u2Rw1YOQdkBoXh5l XhSxcomBokHpFOmHUMI9Pul/DEDTcLuNyQiISBpBVV/oyPia4cHNGk6EDZbszGw2wfHDdr SzUjzNMyS5VOXGlDog3sMhDIqooucQh2B6xoWdsdK1o0lXuFB6VbDY5OEafaeww6HI55um ttBdn54w5OjUIFzzqAmHs1pc9FAV7G10AsjayEIJWKxp8lQgbT4g0MeoSctQNA== From: Michael Tremer To: development@lists.ipfire.org Subject: [PATCH 01/17] QoS: Do not manually load iptables modules Date: Mon, 14 Oct 2019 16:46:11 +0000 Message-Id: <20191014164627.18516-1-michael.tremer@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Michael Tremer Errors-To: development-bounces@lists.ipfire.org Sender: "Development" This should not be necessary and causes the script to wait for two seconds. Signed-off-by: Michael Tremer --- config/qos/makeqosscripts.pl | 4 ---- 1 file changed, 4 deletions(-) diff --git a/config/qos/makeqosscripts.pl b/config/qos/makeqosscripts.pl index bc460db92..f799b74a5 100644 --- a/config/qos/makeqosscripts.pl +++ b/config/qos/makeqosscripts.pl @@ -407,10 +407,6 @@ print < X-Patchwork-Id: 2503 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 46sPbJ1rMJz42jH for ; Mon, 14 Oct 2019 16:46:36 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail02.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 46sPbH3Qknz2dF; Mon, 14 Oct 2019 16:46:35 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 46sPbH0rl4z2yr0; Mon, 14 Oct 2019 16:46:35 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 46sPbD6yN3z2y4F for ; Mon, 14 Oct 2019 16:46:32 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPSA id 46sPbD5kB9z2dF; Mon, 14 Oct 2019 16:46:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=201909rsa; t=1571071592; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=j6ieuwZMhRE4kVzosDHjvaHLkpretsyCWrMHl23SbkU=; b=ARz69ZicFhFJn3+ACT3SjQt9ywvcOE1a+3kUc75eCkDdjywUUyMiTcQ61GDJxUo1s5qIkj esy067cvPymCe+w2SelXadGxtX7i2gqzToJwn7dgva/w62aFPhDCXMXIqEtxd+7xV0CVR/ 6bldQ/onPdU/qCFQTDT+9uO49/LY/9sLGrP1uh/BwVUykhjY4EuRdx+Q/rkG5n2a8hF70j 5Kzemnw5lm9v1ELJk08dRt5MSwBOd7HNL7OMXguhjOQ1mewrw9a5hbNOHLfFkI9g0obawa OSoSnk+/gl2kacaZcn986nqoTIL/tHnwG3D0wp8BFeepkUEyWGmven+V582Ubw== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=201909ed25519; t=1571071592; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=j6ieuwZMhRE4kVzosDHjvaHLkpretsyCWrMHl23SbkU=; b=xXgcgAizdKZoUCdi71hCwbyvvfkA8Nk6BKeigYsJiPlDHz+wgddfWB552GWY8MF+6MmD2f dZvo0De1WAl+0eAw== From: Michael Tremer To: development@lists.ipfire.org Subject: [PATCH 02/17] QoS: Use Intermediate Functional Block Date: Mon, 14 Oct 2019 16:46:12 +0000 Message-Id: <20191014164627.18516-2-michael.tremer@ipfire.org> In-Reply-To: <20191014164627.18516-1-michael.tremer@ipfire.org> References: <20191014164627.18516-1-michael.tremer@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Michael Tremer Errors-To: development-bounces@lists.ipfire.org Sender: "Development" This is an alternative implementation to the Intermediate Queuing Device (IMQ) which is an out-of-tree kernel patch and has been criticised for being slow, especially with mutliple processors. IFB is part of the mainline kernel and a lot less code. Signed-off-by: Michael Tremer --- config/qos/makeqosscripts.pl | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/config/qos/makeqosscripts.pl b/config/qos/makeqosscripts.pl index f799b74a5..b2ceb5773 100644 --- a/config/qos/makeqosscripts.pl +++ b/config/qos/makeqosscripts.pl @@ -406,10 +406,22 @@ print </dev/null 2>&1 tc qdisc add dev $qossettings{'IMQ_DEV'} root handle 2: htb default $qossettings{'DEFCLASS_INC'} @@ -510,7 +522,6 @@ print </dev/null 2>&1 # STOP IMQ-DEVICE ip link set $qossettings{'IMQ_DEV'} down >/dev/null 2>&1 + + # REMOVE & FLUSH CHAINS iptables -t mangle --delete POSTROUTING -i $qossettings{'RED_DEV'} -p ah -j RETURN >/dev/null 2>&1 iptables -t mangle --delete POSTROUTING -i $qossettings{'RED_DEV'} -p esp -j RETURN >/dev/null 2>&1 iptables -t mangle --delete POSTROUTING -i $qossettings{'RED_DEV'} -p ip -j RETURN >/dev/null 2>&1 iptables -t mangle --delete PREROUTING -i $qossettings{'RED_DEV'} -p ah -j RETURN >/dev/null 2>&1 iptables -t mangle --delete PREROUTING -i $qossettings{'RED_DEV'} -p esp -j RETURN >/dev/null 2>&1 iptables -t mangle --delete PREROUTING -i $qossettings{'RED_DEV'} -p ip -j RETURN >/dev/null 2>&1 - iptables -t mangle --delete POSTROUTING -m mark ! --mark 0 ! -o $qossettings{'RED_DEV'} -j IMQ --todev 0 >/dev/null 2>&1 - iptables -t mangle --delete PREROUTING -i $qossettings{'RED_DEV'} -j IMQ --todev 0 >/dev/null 2>&1 - # rmmod imq # this crash on 2.6.25.xx - # REMOVE & FLUSH CHAINS iptables -t mangle --delete POSTROUTING -o $qossettings{'RED_DEV'} -j QOS-OUT >/dev/null 2>&1 iptables -t mangle --delete POSTROUTING -o $qossettings{'RED_DEV'} -j QOS-TOS >/dev/null 2>&1 iptables -t mangle --flush QOS-OUT >/dev/null 2>&1 From patchwork Mon Oct 14 16:46:13 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Tremer X-Patchwork-Id: 2504 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 46sPbK0lz9z42jJ for ; Mon, 14 Oct 2019 16:46:37 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail02.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 46sPbH5l0lz2v0; Mon, 14 Oct 2019 16:46:35 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 46sPbH4L6nz2yqw; Mon, 14 Oct 2019 16:46:35 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 46sPbF0TPVz2yCb for ; Mon, 14 Oct 2019 16:46:33 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPSA id 46sPbD6XjJz2lQ; Mon, 14 Oct 2019 16:46:32 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=201909ed25519; t=1571071592; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=m0UoekGOxv9mOh25dcQeClQXz19wGbckQQbJ/ukZCpE=; b=HxbTMyGLA+c32O805bjvILv5Bi3Y9s8i3TSvDXe/7uIRtjc/WUHQHvx87mWUczWCu/LfHK KTvxgdHY1D5b8mAQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=201909rsa; t=1571071592; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=m0UoekGOxv9mOh25dcQeClQXz19wGbckQQbJ/ukZCpE=; b=dL8Anax08lm6/ZXTuuagbAFgk4hLQ/fu6KG+E3UVoAn2ZJhqbzoQlE4vyFv3y9DXEqsfxs uGIBDTQzfiZVGQ7O8go8TZckQd9fIDALlUIEDU/6BjPeC7pHG06VWCUM+DoOIUY+I9dNKi uXu7YVlB5X4AZdBmuCsnaF7vi4UR72whjuoxU9mlgLg6UnoFNTr9ScgW+99LXo3C/nOoDq caeXcqoxWWbVs1DxqmCKAPPWPO0P4I0EOcNPnv0rJ/vshn9ZOv++XYQHAWNzdMlMopG47t ofgV6KzuSY6jxTXB56sdBxfpUHldxcmbEQgZPpPtzkSi10FXWnmbFo6ou/6+uw== From: Michael Tremer To: development@lists.ipfire.org Subject: [PATCH 03/17] Revert "Make IMQ Switchable between PREROUTING and POSTROUTING" Date: Mon, 14 Oct 2019 16:46:13 +0000 Message-Id: <20191014164627.18516-3-michael.tremer@ipfire.org> In-Reply-To: <20191014164627.18516-1-michael.tremer@ipfire.org> References: <20191014164627.18516-1-michael.tremer@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Michael Tremer Errors-To: development-bounces@lists.ipfire.org Sender: "Development" This reverts commit 88b8ffac6b258e7b7687eb26111134bf435e23ca. Signed-off-by: Michael Tremer --- config/qos/makeqosscripts.pl | 28 ++-------------------------- 1 file changed, 2 insertions(+), 26 deletions(-) diff --git a/config/qos/makeqosscripts.pl b/config/qos/makeqosscripts.pl index b2ceb5773..d327ddf1a 100644 --- a/config/qos/makeqosscripts.pl +++ b/config/qos/makeqosscripts.pl @@ -75,7 +75,6 @@ $qossettings{'RED_DEV'} = `cat /var/ipfire/red/iface`; $qossettings{'IMQ_DEV'} = 'imq0'; $qossettings{'TOS'} = ''; $qossettings{'VALID'} = 'yes'; -$qossettings{'IMQ_MODE'} = 'PREROUTING'; &General::readhash("${General::swroot}/qos/settings", \%qossettings); @@ -512,9 +511,6 @@ foreach $subclassentry (sort @subclasses) { print "\ttc filter add dev $qossettings{'DEVICE'} parent 2:0 prio 0 protocol ip handle $qossettings{'SCLASS'} fw flowid 2:$qossettings{'SCLASS'}\n"; } } - -if ( $qossettings{'IMQ_MODE'} eq 'POSTROUTING' ) -{ print </dev/null 2>&1 iptables -t mangle --flush QOS-OUT >/dev/null 2>&1 iptables -t mangle --delete-chain QOS-OUT >/dev/null 2>&1 - iptables -t mangle --delete FORWARD -i $qossettings{'RED_DEV'} -j QOS-INC >/dev/null 2>&1 - iptables -t mangle --delete FORWARD -i $qossettings{'RED_DEV'} -j QOS-TOS >/dev/null 2>&1 - iptables -t mangle --delete PREROUTING -i $qossettings{'RED_DEV'} -j QOS-INC >/dev/null 2>&1 - iptables -t mangle --delete PREROUTING -i $qossettings{'RED_DEV'} -j QOS-TOS >/dev/null 2>&1 + iptables -t mangle --delete FORWARD -i $qossettings{'RED_DEV'} -j QOS-INC + iptables -t mangle --delete FORWARD -i $qossettings{'RED_DEV'} -j QOS-TOS iptables -t mangle --flush QOS-INC >/dev/null 2>&1 iptables -t mangle --delete-chain QOS-INC >/dev/null 2>&1 iptables -t mangle --flush QOS-TOS >/dev/null 2>&1 From patchwork Mon Oct 14 16:46:14 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Tremer X-Patchwork-Id: 2505 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 46sPbL5fP7z42j9 for ; Mon, 14 Oct 2019 16:46:38 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail02.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 46sPbJ28Mdz2vF; Mon, 14 Oct 2019 16:46:36 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 46sPbH6FwZz2yk2; Mon, 14 Oct 2019 16:46:35 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 46sPbF1772z2yf3 for ; Mon, 14 Oct 2019 16:46:33 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPSA id 46sPbF0CFvz2lf; Mon, 14 Oct 2019 16:46:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=201909rsa; t=1571071593; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=8Cb0ZLhN5u4ZS0uQxN5rMvyoKGXiCeEWQO9I4+gAFCk=; b=ifQ9yJpxE0VkB63vcGgNtyVVVMcU5Ll6O2/Sdc8SxZA6llv953RWb54VgtTgHW3J4fC9X/ gMLDOkc/w6eMWW3p/CHni6KqV+8xJ8sq4UGt79HNbs+JtUsg0KwmUhfH31j6/h7gpgnBGF pAJ/DTyKlW+TEbrdXdhUyWFV9IHPT5NAzJspGpqDpSzRthNwvlV8Iv6gwmkQt9fVf51/yi 81wsgz6NGPDjnGujvh380kX+/rAKdScA9paSjkC2NEjj1qv//L2+9eAi+bVdWBzfdqlgGu lgS0OE8QMBzMnrcg95KBDCW5n/oVVddmTwj9nsYgelakvjdDQdYXZx3Gnr2ilg== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=201909ed25519; t=1571071593; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=8Cb0ZLhN5u4ZS0uQxN5rMvyoKGXiCeEWQO9I4+gAFCk=; b=iQBW/N1Z7P165KrdHS80vWXmejPy53cHNdA/2I2m6ssd82toWioEfOXsXGUKBBEUFRdGKz 1SPTAtXVGvJKvGDw== From: Michael Tremer To: development@lists.ipfire.org Subject: [PATCH 04/17] QoS: Tidy up qdiscs after QoS is being stopped Date: Mon, 14 Oct 2019 16:46:14 +0000 Message-Id: <20191014164627.18516-4-michael.tremer@ipfire.org> In-Reply-To: <20191014164627.18516-1-michael.tremer@ipfire.org> References: <20191014164627.18516-1-michael.tremer@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Michael Tremer Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Signed-off-by: Michael Tremer --- config/qos/makeqosscripts.pl | 3 +++ 1 file changed, 3 insertions(+) diff --git a/config/qos/makeqosscripts.pl b/config/qos/makeqosscripts.pl index d327ddf1a..33359c1f5 100644 --- a/config/qos/makeqosscripts.pl +++ b/config/qos/makeqosscripts.pl @@ -671,11 +671,14 @@ print </dev/null) & # DELETE QDISCS tc qdisc del dev $qossettings{'RED_DEV'} root >/dev/null 2>&1 + tc qdisc del dev $qossettings{'RED_DEV'} ingress >/dev/null 2>&1 tc qdisc add root dev $qossettings{'RED_DEV'} fq_codel >/dev/null 2>&1 tc qdisc del dev $qossettings{'IMQ_DEV'} root >/dev/null 2>&1 + tc qdisc del dev $qossettings{'IMQ_DEV'} ingress >/dev/null 2>&1 tc qdisc add root dev $qossettings{'IMQ_DEV'} fq_codel >/dev/null 2>&1 # STOP IMQ-DEVICE ip link set $qossettings{'IMQ_DEV'} down >/dev/null 2>&1 + ip link del $qossettings{'IMQ_DEV'} >/dev/null 2>&1 # REMOVE & FLUSH CHAINS iptables -t mangle --delete POSTROUTING -i $qossettings{'RED_DEV'} -p ah -j RETURN >/dev/null 2>&1 From patchwork Mon Oct 14 16:46:15 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Tremer X-Patchwork-Id: 2506 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 46sPbM38KJz42jH for ; Mon, 14 Oct 2019 16:46:39 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail02.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 46sPbJ55Jbz38w; Mon, 14 Oct 2019 16:46:36 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 46sPbJ3GwKz2ydV; Mon, 14 Oct 2019 16:46:36 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 46sPbF1wRDz2y2r for ; Mon, 14 Oct 2019 16:46:33 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPSA id 46sPbF0xY0z2nF; Mon, 14 Oct 2019 16:46:33 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=201909ed25519; t=1571071593; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=F+BrOG/FVqOnHRE18Fn4f6evYFQ8GC8E5q5hK1vM/F4=; b=SgYeAl+aWpqG2rK317sQJ3tVrXHbBucULY6NFKjCrI79tdW7RZPFN0DD9jFP3chP69pOXD rZe3cp4FpZPY9SCA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=201909rsa; t=1571071593; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=F+BrOG/FVqOnHRE18Fn4f6evYFQ8GC8E5q5hK1vM/F4=; b=TYdiuDTbvwekyGei1y1/7A9ynyCtQyyAz6QaqkBW14zihn+t/9iaV8yeoDl3EhDcJi9qHp XSDnB9UzJNaKBu2XPZl9cUMYbYeZ3EvVk7zwCwAOkYMCGD2XswSZNOOPqNeZGk9AVU8Gzi M4HnvCHfx+8aXW9FWAhgWKsbjPLqg2h2bpd/TvobCZxEWA3+EjZF7u0GWukbHlTlkoQXWD gbcRDvYpCeeFAYB4eWwBrak8KRxkBOFEo1pd013GCi2ItRLmqt90alHTqz1fvKuGoGsOG8 39gBnPgZH6kdqhA4YkZG43qxU9L0f9SXRWIKeAUwOPXWEzjryGHEyF6qgz4x3A== From: Michael Tremer To: development@lists.ipfire.org Subject: [PATCH 05/17] QoS: Process incoming packets in PREROUTING only Date: Mon, 14 Oct 2019 16:46:15 +0000 Message-Id: <20191014164627.18516-5-michael.tremer@ipfire.org> In-Reply-To: <20191014164627.18516-1-michael.tremer@ipfire.org> References: <20191014164627.18516-1-michael.tremer@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Michael Tremer Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Signed-off-by: Michael Tremer --- config/qos/makeqosscripts.pl | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/config/qos/makeqosscripts.pl b/config/qos/makeqosscripts.pl index 33359c1f5..9cbb9cafa 100644 --- a/config/qos/makeqosscripts.pl +++ b/config/qos/makeqosscripts.pl @@ -515,11 +515,11 @@ print </dev/null 2>&1 iptables -t mangle --delete POSTROUTING -o $qossettings{'RED_DEV'} -j QOS-OUT >/dev/null 2>&1 iptables -t mangle --delete POSTROUTING -o $qossettings{'RED_DEV'} -j QOS-TOS >/dev/null 2>&1 + iptables -t mangle --delete PREROUTING -i $qossettings{'RED_DEV'} -j QOS-INC >/dev/null 2>&1 + iptables -t mangle --delete PREROUTING -i $qossettings{'RED_DEV'} -j QOS-TOS >/dev/null 2>&1 iptables -t mangle --flush QOS-OUT >/dev/null 2>&1 iptables -t mangle --delete-chain QOS-OUT >/dev/null 2>&1 - iptables -t mangle --delete FORWARD -i $qossettings{'RED_DEV'} -j QOS-INC - iptables -t mangle --delete FORWARD -i $qossettings{'RED_DEV'} -j QOS-TOS iptables -t mangle --flush QOS-INC >/dev/null 2>&1 iptables -t mangle --delete-chain QOS-INC >/dev/null 2>&1 iptables -t mangle --flush QOS-TOS >/dev/null 2>&1 From patchwork Mon Oct 14 16:46:16 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Tremer X-Patchwork-Id: 2507 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 46sPbP0JDZz42j9 for ; Mon, 14 Oct 2019 16:46:41 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail02.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 46sPbK38k6z3D8; Mon, 14 Oct 2019 16:46:37 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 46sPbK01NJz2yf3; Mon, 14 Oct 2019 16:46:37 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 46sPbF2fwJz2y4F for ; Mon, 14 Oct 2019 16:46:33 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPSA id 46sPbF1jqCz2p3; Mon, 14 Oct 2019 16:46:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=201909rsa; t=1571071593; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=LEmY/3RhseWu5DeOj9rpf5AxjlE7whDs/tOafqbvTr4=; b=Ryt4lYXTTngDvT3zpHtxlHY2GbOD6tNv+EOjVxMFaBkNg8BnDTKlOkzCZBebwQrzPx2jcF JO5QK1Au7XdI/bL0O3CCoPrrf545/uJGLJgW3LTqr08K3EF3CcNY6J+fc7fQ3REY9dewzx OtZOZe00bSbtU97e/C1o7VRHYmtsoQRHWcQ6wvysPOkqyrarHCKmFcpOBt8quaVV3hsYW4 zQ+EWlUNVyxNXsAfMEkrlNMEP2hspW5Y26ssSOY9LaU7d2sD/Vy9t1YU2D6LpL8eQ8unHi Yji0rOTYp8A97W3ErK+tZCm8jVQPAHkpuvU4Wh08v+zUFSn2TuQqkeWT551FUw== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=201909ed25519; t=1571071593; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=LEmY/3RhseWu5DeOj9rpf5AxjlE7whDs/tOafqbvTr4=; b=JS/kSC5P4TpE3vaA5p+zpIhM2QztP9YQEqNFKpghxVitiXjvRqaFeRFuPrUULEQGQYDboz 0kK9LG7Ckdz0xsCQ== From: Michael Tremer To: development@lists.ipfire.org Subject: [PATCH 06/17] QoS: Silence RRD tool warnings Date: Mon, 14 Oct 2019 16:46:16 +0000 Message-Id: <20191014164627.18516-6-michael.tremer@ipfire.org> In-Reply-To: <20191014164627.18516-1-michael.tremer@ipfire.org> References: <20191014164627.18516-1-michael.tremer@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Michael Tremer Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Signed-off-by: Michael Tremer --- config/qos/makeqosscripts.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/qos/makeqosscripts.pl b/config/qos/makeqosscripts.pl index 9cbb9cafa..92b2d9e77 100644 --- a/config/qos/makeqosscripts.pl +++ b/config/qos/makeqosscripts.pl @@ -659,7 +659,7 @@ print </dev/null 2>&1) & for i in \$(ls \$RRDLOG/class_*.rrd); do - rrdtool update \$i \$(date +%s): + rrdtool update \$i \$(date +%s): 2>/dev/null done echo "Quality of Service was successfully started!" From patchwork Mon Oct 14 16:46:17 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Tremer X-Patchwork-Id: 2509 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 46sPbR313Jz42j9 for ; Mon, 14 Oct 2019 16:46:43 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail02.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 46sPbL306rz3RK; Mon, 14 Oct 2019 16:46:38 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 46sPbL1ShSz2yk2; Mon, 14 Oct 2019 16:46:38 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 46sPbF3R8hz2yj6 for ; Mon, 14 Oct 2019 16:46:33 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPSA id 46sPbF2SRJz2p4; Mon, 14 Oct 2019 16:46:33 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=201909ed25519; t=1571071593; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ekDRd273mxPNr4Ee9LJYTwdBt14lwQFEaPYqL1OQFtA=; b=SwC5igJVKVvzusbvhQnAlR9fvTO2wrAUi5hiXOFp36kS1B13U0AHCzBLon9dFSjTZ9SGMM ElvirKVKsSBl1pDA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=201909rsa; t=1571071593; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ekDRd273mxPNr4Ee9LJYTwdBt14lwQFEaPYqL1OQFtA=; b=hJJkgkh5ppbJrQeymgy2e6LxHxpErxHP+QnID1H5MZMRBDlk57tvRMus9GYajbpE++J0y2 +oGMSj8m6km4gF+kpcHcpp3xDxstiwkUzXG+aDODyPest1TgfRT0+t6mvgd0gXrkNPJmvh Nu5UVZbIOZJEBRBESGQx+5j4WOv6GpTgQKgWegECXa5zc3ukX/vuI3jqOVadEptSfW++82 lS1Pi93rPQ3TzgMnh93Q2EjMK1UzNGVCU1K3WDeblw7L9wje1oqjZFXcdofiV25GH4K85v vagZ2fZJaU/R4jYENkFHpshQkrfzY3KXij8bRLs8+NSOrH2l6FMtJLbgxr+ZYw== From: Michael Tremer To: development@lists.ipfire.org Subject: [PATCH 07/17] QoS: Start qosd immediately Date: Mon, 14 Oct 2019 16:46:17 +0000 Message-Id: <20191014164627.18516-7-michael.tremer@ipfire.org> In-Reply-To: <20191014164627.18516-1-michael.tremer@ipfire.org> References: <20191014164627.18516-1-michael.tremer@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Michael Tremer Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Signed-off-by: Michael Tremer --- config/qos/makeqosscripts.pl | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/config/qos/makeqosscripts.pl b/config/qos/makeqosscripts.pl index 92b2d9e77..70eadf17b 100644 --- a/config/qos/makeqosscripts.pl +++ b/config/qos/makeqosscripts.pl @@ -655,8 +655,8 @@ END print </dev/null 2>&1) & - ( sleep 10 && /usr/local/bin/qosd $qossettings{'IMQ_DEV'} >/dev/null 2>&1) & + /usr/local/bin/qosd $qossettings{'RED_DEV'} >/dev/null 2>&1 + /usr/local/bin/qosd $qossettings{'IMQ_DEV'} >/dev/null 2>&1 for i in \$(ls \$RRDLOG/class_*.rrd); do rrdtool update \$i \$(date +%s): 2>/dev/null @@ -668,7 +668,7 @@ print </dev/null 2>&1 - (sleep 3 && killall -9 qosd &>/dev/null) & + # DELETE QDISCS tc qdisc del dev $qossettings{'RED_DEV'} root >/dev/null 2>&1 tc qdisc del dev $qossettings{'RED_DEV'} ingress >/dev/null 2>&1 From patchwork Mon Oct 14 16:46:18 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Tremer X-Patchwork-Id: 2508 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 46sPbQ17LLz42jH for ; Mon, 14 Oct 2019 16:46:42 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail02.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 46sPbK6G7vz3HX; Mon, 14 Oct 2019 16:46:37 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 46sPbK4Y1kz2y2r; Mon, 14 Oct 2019 16:46:37 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 46sPbF4Tzgz2yCb for ; Mon, 14 Oct 2019 16:46:33 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPSA id 46sPbF3Fb8z2Nq; Mon, 14 Oct 2019 16:46:33 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=201909ed25519; t=1571071593; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Hh2RdWU2WIit/mHGB0eeaF0PA23kwkVXlCXaG/oEQIA=; b=6vDR6kWPvxDcWoijQWAZPgl76HiMhP5Oq7wsGfnilgnoQxTVR/xcAw7i0eFo70AVGP4gjp OGkal0sUIrwYGEDw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=201909rsa; t=1571071593; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Hh2RdWU2WIit/mHGB0eeaF0PA23kwkVXlCXaG/oEQIA=; b=Y8NQUpEy/2N5mLa/PU9xb+JyMXQ0Fq3EuC+s8K8JruudMPJsdI0yHaOAE63PsueQhg5ll5 0T8kcuTvcH+yetsL/szikgiu9oc7QJljiUpDBl9yWHkR4l2GwnXGCE6Ogj+UEUIDPxjrhf ee7xRyASNPgknKuN6TKieXQWiL2eSDLfcQDHwvuoR+Sidx8Muhk+XfYBsswpg0kqR3EBMq D1eac/ZwPcqiDyQQtTezrrNNr4Mp364LOL6+R6Jjvv7uqJIXwYJrqI/vbtjLQIn8hZfvvh Do1kcz3t2gdR/DD98Tn5PhQG2LoRYNcj4xkdUc1qKc06pnj3jaEimNKCd7otcQ== From: Michael Tremer To: development@lists.ipfire.org Subject: [PATCH 08/17] QoS: Do not delete egress qdisc after classes have been created Date: Mon, 14 Oct 2019 16:46:18 +0000 Message-Id: <20191014164627.18516-8-michael.tremer@ipfire.org> In-Reply-To: <20191014164627.18516-1-michael.tremer@ipfire.org> References: <20191014164627.18516-1-michael.tremer@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Michael Tremer Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Signed-off-by: Michael Tremer --- config/qos/makeqosscripts.pl | 1 - 1 file changed, 1 deletion(-) diff --git a/config/qos/makeqosscripts.pl b/config/qos/makeqosscripts.pl index 70eadf17b..386a6bffe 100644 --- a/config/qos/makeqosscripts.pl +++ b/config/qos/makeqosscripts.pl @@ -405,7 +405,6 @@ print < X-Patchwork-Id: 2510 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 46sPbS18nFz42jH for ; Mon, 14 Oct 2019 16:46:44 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail02.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 46sPbM2RxNz2v2; Mon, 14 Oct 2019 16:46:39 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 46sPbM13x3z2yjw; Mon, 14 Oct 2019 16:46:39 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 46sPbG1RMMz2yk0 for ; Mon, 14 Oct 2019 16:46:34 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPSA id 46sPbF42jFz2dF; Mon, 14 Oct 2019 16:46:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=201909rsa; t=1571071593; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=VeetDfEe2SMbgK/gaoVk3HpQfs4Age4xiQQLlBQh4Pg=; b=E6LM/w2smGMRb4aheJKBVku6DgG6YgujABQPIaBLuws0OBKfGSUEsFCzBXfY54Wwxo1s9C 5WxXLXAvuhEOFHQmmieI0/NNcr54aT37+Rh1dReTV21BS4C/hx8YAW/t83oNbYlp8VMdGs zOFTPHguRGwKdNvJjb7E+vtLU5s1FrPzBuCmkzm+1AdnHd8lTr4Oqa0DqAZ5dIApvtbuSz 6/EGL0M3lVrttoSAlASOYf6vBnFJxrMcfy9VqRf4DKm1ZJhKqbzarrIZZ7C6ug2W9D3VwK o7FmhbCzelv0ygYicv70tA21YPHGNAlcrOdXpbisE7ElMGVeOhXrNFEGTiQpBg== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=201909ed25519; t=1571071593; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=VeetDfEe2SMbgK/gaoVk3HpQfs4Age4xiQQLlBQh4Pg=; b=IP2AFBO5OXUo7brzk9IaFuGaYIjQe1R/EbDJc8s6EVTaz0wP4hhXUSY232S5vtNWOBFBiu lwj06hC3yYmlbcAg== From: Michael Tremer To: development@lists.ipfire.org Subject: [PATCH 09/17] linux+iptables: Drop support for IMQ Date: Mon, 14 Oct 2019 16:46:19 +0000 Message-Id: <20191014164627.18516-9-michael.tremer@ipfire.org> In-Reply-To: <20191014164627.18516-1-michael.tremer@ipfire.org> References: <20191014164627.18516-1-michael.tremer@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Michael Tremer Errors-To: development-bounces@lists.ipfire.org Sender: "Development" This is no longer needed since we are using IFB now Signed-off-by: Michael Tremer --- config/kernel/kernel.config.aarch64-ipfire | 7 - .../kernel.config.armv5tel-ipfire-kirkwood | 7 - .../kernel.config.armv5tel-ipfire-multi | 7 - config/kernel/kernel.config.i586-ipfire | 7 - config/kernel/kernel.config.i586-ipfire-pae | 7 - config/kernel/kernel.config.x86_64-ipfire | 7 - config/rootfiles/common/aarch64/linux | 13 - .../rootfiles/common/armv5tel/linux-kirkwood | 13 - config/rootfiles/common/armv5tel/linux-multi | 13 - config/rootfiles/common/i586/linux | 13 - config/rootfiles/common/iptables | 1 - config/rootfiles/common/x86_64/linux | 13 - config/rootfiles/packages/linux-pae | 13 - lfs/iptables | 3 - lfs/linux | 3 - src/patches/iptables-1.4.12-IMQ-test4.diff | 141 -- src/patches/linux/linux-4.14-imq.diff | 1759 ----------------- 17 files changed, 2027 deletions(-) delete mode 100644 src/patches/iptables-1.4.12-IMQ-test4.diff delete mode 100644 src/patches/linux/linux-4.14-imq.diff diff --git a/config/kernel/kernel.config.aarch64-ipfire b/config/kernel/kernel.config.aarch64-ipfire index f9a73b850..e4634855c 100644 --- a/config/kernel/kernel.config.aarch64-ipfire +++ b/config/kernel/kernel.config.aarch64-ipfire @@ -908,7 +908,6 @@ CONFIG_NETFILTER_XT_TARGET_HMARK=m CONFIG_NETFILTER_XT_TARGET_IDLETIMER=m CONFIG_NETFILTER_XT_TARGET_LED=m CONFIG_NETFILTER_XT_TARGET_LOG=m -CONFIG_NETFILTER_XT_TARGET_IMQ=m CONFIG_NETFILTER_XT_TARGET_MARK=m CONFIG_NETFILTER_XT_NAT=m CONFIG_NETFILTER_XT_TARGET_NETMAP=m @@ -1992,12 +1991,6 @@ CONFIG_NETCONSOLE=m CONFIG_NETCONSOLE_DYNAMIC=y CONFIG_NETPOLL=y CONFIG_NET_POLL_CONTROLLER=y -CONFIG_IMQ=m -# CONFIG_IMQ_BEHAVIOR_AA is not set -CONFIG_IMQ_BEHAVIOR_AB=y -# CONFIG_IMQ_BEHAVIOR_BA is not set -# CONFIG_IMQ_BEHAVIOR_BB is not set -CONFIG_IMQ_NUM_DEVS=2 CONFIG_TUN=m CONFIG_TAP=m # CONFIG_TUN_VNET_CROSS_LE is not set diff --git a/config/kernel/kernel.config.armv5tel-ipfire-kirkwood b/config/kernel/kernel.config.armv5tel-ipfire-kirkwood index b133a6d8c..b07ee985d 100644 --- a/config/kernel/kernel.config.armv5tel-ipfire-kirkwood +++ b/config/kernel/kernel.config.armv5tel-ipfire-kirkwood @@ -894,7 +894,6 @@ CONFIG_NETFILTER_XT_TARGET_HMARK=m CONFIG_NETFILTER_XT_TARGET_IDLETIMER=m CONFIG_NETFILTER_XT_TARGET_LED=m CONFIG_NETFILTER_XT_TARGET_LOG=m -CONFIG_NETFILTER_XT_TARGET_IMQ=m CONFIG_NETFILTER_XT_TARGET_MARK=m CONFIG_NETFILTER_XT_NAT=m CONFIG_NETFILTER_XT_TARGET_NETMAP=m @@ -1955,12 +1954,6 @@ CONFIG_NETCONSOLE=m CONFIG_NETCONSOLE_DYNAMIC=y CONFIG_NETPOLL=y CONFIG_NET_POLL_CONTROLLER=y -CONFIG_IMQ=m -# CONFIG_IMQ_BEHAVIOR_AA is not set -CONFIG_IMQ_BEHAVIOR_AB=y -# CONFIG_IMQ_BEHAVIOR_BA is not set -# CONFIG_IMQ_BEHAVIOR_BB is not set -CONFIG_IMQ_NUM_DEVS=2 CONFIG_TUN=m CONFIG_TAP=m # CONFIG_TUN_VNET_CROSS_LE is not set diff --git a/config/kernel/kernel.config.armv5tel-ipfire-multi b/config/kernel/kernel.config.armv5tel-ipfire-multi index c7cc2ec25..5185e0e7e 100644 --- a/config/kernel/kernel.config.armv5tel-ipfire-multi +++ b/config/kernel/kernel.config.armv5tel-ipfire-multi @@ -1166,7 +1166,6 @@ CONFIG_NETFILTER_XT_TARGET_HMARK=m CONFIG_NETFILTER_XT_TARGET_IDLETIMER=m CONFIG_NETFILTER_XT_TARGET_LED=m CONFIG_NETFILTER_XT_TARGET_LOG=m -CONFIG_NETFILTER_XT_TARGET_IMQ=m CONFIG_NETFILTER_XT_TARGET_MARK=m CONFIG_NETFILTER_XT_NAT=m CONFIG_NETFILTER_XT_TARGET_NETMAP=m @@ -2263,12 +2262,6 @@ CONFIG_NETCONSOLE=m CONFIG_NETCONSOLE_DYNAMIC=y CONFIG_NETPOLL=y CONFIG_NET_POLL_CONTROLLER=y -CONFIG_IMQ=m -# CONFIG_IMQ_BEHAVIOR_AA is not set -CONFIG_IMQ_BEHAVIOR_AB=y -# CONFIG_IMQ_BEHAVIOR_BA is not set -# CONFIG_IMQ_BEHAVIOR_BB is not set -CONFIG_IMQ_NUM_DEVS=2 CONFIG_TUN=m CONFIG_TAP=m # CONFIG_TUN_VNET_CROSS_LE is not set diff --git a/config/kernel/kernel.config.i586-ipfire b/config/kernel/kernel.config.i586-ipfire index e149ccdec..fd8b7a9fe 100644 --- a/config/kernel/kernel.config.i586-ipfire +++ b/config/kernel/kernel.config.i586-ipfire @@ -1102,7 +1102,6 @@ CONFIG_NETFILTER_XT_TARGET_HMARK=m CONFIG_NETFILTER_XT_TARGET_IDLETIMER=m CONFIG_NETFILTER_XT_TARGET_LED=m CONFIG_NETFILTER_XT_TARGET_LOG=m -CONFIG_NETFILTER_XT_TARGET_IMQ=m CONFIG_NETFILTER_XT_TARGET_MARK=m CONFIG_NETFILTER_XT_NAT=m CONFIG_NETFILTER_XT_TARGET_NETMAP=m @@ -2171,12 +2170,6 @@ CONFIG_NETCONSOLE=m CONFIG_NETCONSOLE_DYNAMIC=y CONFIG_NETPOLL=y CONFIG_NET_POLL_CONTROLLER=y -CONFIG_IMQ=m -# CONFIG_IMQ_BEHAVIOR_AA is not set -CONFIG_IMQ_BEHAVIOR_AB=y -# CONFIG_IMQ_BEHAVIOR_BA is not set -# CONFIG_IMQ_BEHAVIOR_BB is not set -CONFIG_IMQ_NUM_DEVS=2 CONFIG_TUN=m CONFIG_TAP=m # CONFIG_TUN_VNET_CROSS_LE is not set diff --git a/config/kernel/kernel.config.i586-ipfire-pae b/config/kernel/kernel.config.i586-ipfire-pae index eb2e87453..49f9d7dad 100644 --- a/config/kernel/kernel.config.i586-ipfire-pae +++ b/config/kernel/kernel.config.i586-ipfire-pae @@ -1120,7 +1120,6 @@ CONFIG_NETFILTER_XT_TARGET_HMARK=m CONFIG_NETFILTER_XT_TARGET_IDLETIMER=m CONFIG_NETFILTER_XT_TARGET_LED=m CONFIG_NETFILTER_XT_TARGET_LOG=m -CONFIG_NETFILTER_XT_TARGET_IMQ=m CONFIG_NETFILTER_XT_TARGET_MARK=m CONFIG_NETFILTER_XT_NAT=m CONFIG_NETFILTER_XT_TARGET_NETMAP=m @@ -2191,12 +2190,6 @@ CONFIG_NETCONSOLE=m CONFIG_NETCONSOLE_DYNAMIC=y CONFIG_NETPOLL=y CONFIG_NET_POLL_CONTROLLER=y -CONFIG_IMQ=m -# CONFIG_IMQ_BEHAVIOR_AA is not set -CONFIG_IMQ_BEHAVIOR_AB=y -# CONFIG_IMQ_BEHAVIOR_BA is not set -# CONFIG_IMQ_BEHAVIOR_BB is not set -CONFIG_IMQ_NUM_DEVS=2 CONFIG_TUN=m CONFIG_TAP=m # CONFIG_TUN_VNET_CROSS_LE is not set diff --git a/config/kernel/kernel.config.x86_64-ipfire b/config/kernel/kernel.config.x86_64-ipfire index 618a52f5b..7f345d65c 100644 --- a/config/kernel/kernel.config.x86_64-ipfire +++ b/config/kernel/kernel.config.x86_64-ipfire @@ -1094,7 +1094,6 @@ CONFIG_NETFILTER_XT_TARGET_HMARK=m CONFIG_NETFILTER_XT_TARGET_IDLETIMER=m CONFIG_NETFILTER_XT_TARGET_LED=m CONFIG_NETFILTER_XT_TARGET_LOG=m -CONFIG_NETFILTER_XT_TARGET_IMQ=m CONFIG_NETFILTER_XT_TARGET_MARK=m CONFIG_NETFILTER_XT_NAT=y CONFIG_NETFILTER_XT_TARGET_NETMAP=m @@ -2148,12 +2147,6 @@ CONFIG_NETCONSOLE=m CONFIG_NETCONSOLE_DYNAMIC=y CONFIG_NETPOLL=y CONFIG_NET_POLL_CONTROLLER=y -CONFIG_IMQ=m -# CONFIG_IMQ_BEHAVIOR_AA is not set -CONFIG_IMQ_BEHAVIOR_AB=y -# CONFIG_IMQ_BEHAVIOR_BA is not set -# CONFIG_IMQ_BEHAVIOR_BB is not set -CONFIG_IMQ_NUM_DEVS=2 CONFIG_TUN=m CONFIG_TAP=m # CONFIG_TUN_VNET_CROSS_LE is not set diff --git a/config/rootfiles/common/aarch64/linux b/config/rootfiles/common/aarch64/linux index 0451cadcd..d8e93542d 100644 --- a/config/rootfiles/common/aarch64/linux +++ b/config/rootfiles/common/aarch64/linux @@ -7648,12 +7648,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/config/illegal #lib/modules/KVER-ipfire/build/include/config/illegal/pointer #lib/modules/KVER-ipfire/build/include/config/illegal/pointer/value.h -#lib/modules/KVER-ipfire/build/include/config/imq -#lib/modules/KVER-ipfire/build/include/config/imq.h -#lib/modules/KVER-ipfire/build/include/config/imq/behavior -#lib/modules/KVER-ipfire/build/include/config/imq/behavior/ab.h -#lib/modules/KVER-ipfire/build/include/config/imq/num -#lib/modules/KVER-ipfire/build/include/config/imq/num/devs.h #lib/modules/KVER-ipfire/build/include/config/inet #lib/modules/KVER-ipfire/build/include/config/inet.h #lib/modules/KVER-ipfire/build/include/config/inet/ah.h @@ -8793,7 +8787,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/hl.h #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/hmark.h #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/idletimer.h -#lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/imq.h #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/led.h #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/log.h #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/mark.h @@ -12157,7 +12150,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/linux/iio/triggered_event.h #lib/modules/KVER-ipfire/build/include/linux/iio/types.h #lib/modules/KVER-ipfire/build/include/linux/ima.h -#lib/modules/KVER-ipfire/build/include/linux/imq.h #lib/modules/KVER-ipfire/build/include/linux/imx-media.h #lib/modules/KVER-ipfire/build/include/linux/in.h #lib/modules/KVER-ipfire/build/include/linux/in6.h @@ -12770,7 +12762,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/linux/netfilter/nfnetlink.h #lib/modules/KVER-ipfire/build/include/linux/netfilter/nfnetlink_acct.h #lib/modules/KVER-ipfire/build/include/linux/netfilter/x_tables.h -#lib/modules/KVER-ipfire/build/include/linux/netfilter/xt_IMQ.h #lib/modules/KVER-ipfire/build/include/linux/netfilter/xt_hashlimit.h #lib/modules/KVER-ipfire/build/include/linux/netfilter/xt_physdev.h #lib/modules/KVER-ipfire/build/include/linux/netfilter_arp @@ -12784,11 +12775,9 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv4 #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv4.h #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv4/ip_tables.h -#lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv4/ipt_IMQ.h #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv6 #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv6.h #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv6/ip6_tables.h -#lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv6/ip6t_IMQ.h #lib/modules/KVER-ipfire/build/include/linux/netlink.h #lib/modules/KVER-ipfire/build/include/linux/netpoll.h #lib/modules/KVER-ipfire/build/include/linux/nfs.h @@ -18482,7 +18471,6 @@ lib/modules/KVER-ipfire/kernel #lib/modules/KVER-ipfire/kernel/drivers/net/ethernet/wiznet/w5300.ko.xz #lib/modules/KVER-ipfire/kernel/drivers/net/geneve.ko.xz #lib/modules/KVER-ipfire/kernel/drivers/net/ifb.ko.xz -#lib/modules/KVER-ipfire/kernel/drivers/net/imq.ko.xz #lib/modules/KVER-ipfire/kernel/drivers/net/ipvlan #lib/modules/KVER-ipfire/kernel/drivers/net/ipvlan/ipvlan.ko.xz #lib/modules/KVER-ipfire/kernel/drivers/net/ipvlan/ipvtap.ko.xz @@ -19450,7 +19438,6 @@ lib/modules/KVER-ipfire/kernel #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_HL.ko.xz #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_HMARK.ko.xz #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_IDLETIMER.ko.xz -#lib/modules/KVER-ipfire/kernel/net/netfilter/xt_IMQ.ko.xz #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_LED.ko.xz #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_LOG.ko.xz #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_NETMAP.ko.xz diff --git a/config/rootfiles/common/armv5tel/linux-kirkwood b/config/rootfiles/common/armv5tel/linux-kirkwood index 78d0050de..2269896d8 100644 --- a/config/rootfiles/common/armv5tel/linux-kirkwood +++ b/config/rootfiles/common/armv5tel/linux-kirkwood @@ -7370,12 +7370,6 @@ boot/vmlinuz-KVER-ipfire-kirkwood #lib/modules/KVER-ipfire-kirkwood/build/include/config/iio/kfifo #lib/modules/KVER-ipfire-kirkwood/build/include/config/iio/kfifo/buf.h #lib/modules/KVER-ipfire-kirkwood/build/include/config/iio/trigger.h -#lib/modules/KVER-ipfire-kirkwood/build/include/config/imq -#lib/modules/KVER-ipfire-kirkwood/build/include/config/imq.h -#lib/modules/KVER-ipfire-kirkwood/build/include/config/imq/behavior -#lib/modules/KVER-ipfire-kirkwood/build/include/config/imq/behavior/ab.h -#lib/modules/KVER-ipfire-kirkwood/build/include/config/imq/num -#lib/modules/KVER-ipfire-kirkwood/build/include/config/imq/num/devs.h #lib/modules/KVER-ipfire-kirkwood/build/include/config/inet #lib/modules/KVER-ipfire-kirkwood/build/include/config/inet.h #lib/modules/KVER-ipfire-kirkwood/build/include/config/inet/ah.h @@ -8455,7 +8449,6 @@ boot/vmlinuz-KVER-ipfire-kirkwood #lib/modules/KVER-ipfire-kirkwood/build/include/config/netfilter/xt/target/hl.h #lib/modules/KVER-ipfire-kirkwood/build/include/config/netfilter/xt/target/hmark.h #lib/modules/KVER-ipfire-kirkwood/build/include/config/netfilter/xt/target/idletimer.h -#lib/modules/KVER-ipfire-kirkwood/build/include/config/netfilter/xt/target/imq.h #lib/modules/KVER-ipfire-kirkwood/build/include/config/netfilter/xt/target/led.h #lib/modules/KVER-ipfire-kirkwood/build/include/config/netfilter/xt/target/log.h #lib/modules/KVER-ipfire-kirkwood/build/include/config/netfilter/xt/target/mark.h @@ -11454,7 +11447,6 @@ boot/vmlinuz-KVER-ipfire-kirkwood #lib/modules/KVER-ipfire-kirkwood/build/include/linux/iio/triggered_event.h #lib/modules/KVER-ipfire-kirkwood/build/include/linux/iio/types.h #lib/modules/KVER-ipfire-kirkwood/build/include/linux/ima.h -#lib/modules/KVER-ipfire-kirkwood/build/include/linux/imq.h #lib/modules/KVER-ipfire-kirkwood/build/include/linux/imx-media.h #lib/modules/KVER-ipfire-kirkwood/build/include/linux/in.h #lib/modules/KVER-ipfire-kirkwood/build/include/linux/in6.h @@ -12067,7 +12059,6 @@ boot/vmlinuz-KVER-ipfire-kirkwood #lib/modules/KVER-ipfire-kirkwood/build/include/linux/netfilter/nfnetlink.h #lib/modules/KVER-ipfire-kirkwood/build/include/linux/netfilter/nfnetlink_acct.h #lib/modules/KVER-ipfire-kirkwood/build/include/linux/netfilter/x_tables.h -#lib/modules/KVER-ipfire-kirkwood/build/include/linux/netfilter/xt_IMQ.h #lib/modules/KVER-ipfire-kirkwood/build/include/linux/netfilter/xt_hashlimit.h #lib/modules/KVER-ipfire-kirkwood/build/include/linux/netfilter/xt_physdev.h #lib/modules/KVER-ipfire-kirkwood/build/include/linux/netfilter_arp @@ -12081,11 +12072,9 @@ boot/vmlinuz-KVER-ipfire-kirkwood #lib/modules/KVER-ipfire-kirkwood/build/include/linux/netfilter_ipv4 #lib/modules/KVER-ipfire-kirkwood/build/include/linux/netfilter_ipv4.h #lib/modules/KVER-ipfire-kirkwood/build/include/linux/netfilter_ipv4/ip_tables.h -#lib/modules/KVER-ipfire-kirkwood/build/include/linux/netfilter_ipv4/ipt_IMQ.h #lib/modules/KVER-ipfire-kirkwood/build/include/linux/netfilter_ipv6 #lib/modules/KVER-ipfire-kirkwood/build/include/linux/netfilter_ipv6.h #lib/modules/KVER-ipfire-kirkwood/build/include/linux/netfilter_ipv6/ip6_tables.h -#lib/modules/KVER-ipfire-kirkwood/build/include/linux/netfilter_ipv6/ip6t_IMQ.h #lib/modules/KVER-ipfire-kirkwood/build/include/linux/netlink.h #lib/modules/KVER-ipfire-kirkwood/build/include/linux/netpoll.h #lib/modules/KVER-ipfire-kirkwood/build/include/linux/nfs.h @@ -17461,7 +17450,6 @@ lib/modules/KVER-ipfire-kirkwood/kernel #lib/modules/KVER-ipfire-kirkwood/kernel/drivers/net/ethernet/rocker/rocker.ko.xz #lib/modules/KVER-ipfire-kirkwood/kernel/drivers/net/geneve.ko.xz #lib/modules/KVER-ipfire-kirkwood/kernel/drivers/net/ifb.ko.xz -#lib/modules/KVER-ipfire-kirkwood/kernel/drivers/net/imq.ko.xz #lib/modules/KVER-ipfire-kirkwood/kernel/drivers/net/ipvlan #lib/modules/KVER-ipfire-kirkwood/kernel/drivers/net/ipvlan/ipvlan.ko.xz #lib/modules/KVER-ipfire-kirkwood/kernel/drivers/net/ipvlan/ipvtap.ko.xz @@ -18392,7 +18380,6 @@ lib/modules/KVER-ipfire-kirkwood/kernel #lib/modules/KVER-ipfire-kirkwood/kernel/net/netfilter/xt_HL.ko.xz #lib/modules/KVER-ipfire-kirkwood/kernel/net/netfilter/xt_HMARK.ko.xz #lib/modules/KVER-ipfire-kirkwood/kernel/net/netfilter/xt_IDLETIMER.ko.xz -#lib/modules/KVER-ipfire-kirkwood/kernel/net/netfilter/xt_IMQ.ko.xz #lib/modules/KVER-ipfire-kirkwood/kernel/net/netfilter/xt_LED.ko.xz #lib/modules/KVER-ipfire-kirkwood/kernel/net/netfilter/xt_LOG.ko.xz #lib/modules/KVER-ipfire-kirkwood/kernel/net/netfilter/xt_NETMAP.ko.xz diff --git a/config/rootfiles/common/armv5tel/linux-multi b/config/rootfiles/common/armv5tel/linux-multi index 08a5f601c..1e7a090d9 100644 --- a/config/rootfiles/common/armv5tel/linux-multi +++ b/config/rootfiles/common/armv5tel/linux-multi @@ -8353,12 +8353,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire-multi/build/include/config/iio/kfifo #lib/modules/KVER-ipfire-multi/build/include/config/iio/kfifo/buf.h #lib/modules/KVER-ipfire-multi/build/include/config/iio/trigger.h -#lib/modules/KVER-ipfire-multi/build/include/config/imq -#lib/modules/KVER-ipfire-multi/build/include/config/imq.h -#lib/modules/KVER-ipfire-multi/build/include/config/imq/behavior -#lib/modules/KVER-ipfire-multi/build/include/config/imq/behavior/ab.h -#lib/modules/KVER-ipfire-multi/build/include/config/imq/num -#lib/modules/KVER-ipfire-multi/build/include/config/imq/num/devs.h #lib/modules/KVER-ipfire-multi/build/include/config/imx #lib/modules/KVER-ipfire-multi/build/include/config/imx/dma.h #lib/modules/KVER-ipfire-multi/build/include/config/imx/gpcv2.h @@ -9588,7 +9582,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire-multi/build/include/config/netfilter/xt/target/hl.h #lib/modules/KVER-ipfire-multi/build/include/config/netfilter/xt/target/hmark.h #lib/modules/KVER-ipfire-multi/build/include/config/netfilter/xt/target/idletimer.h -#lib/modules/KVER-ipfire-multi/build/include/config/netfilter/xt/target/imq.h #lib/modules/KVER-ipfire-multi/build/include/config/netfilter/xt/target/led.h #lib/modules/KVER-ipfire-multi/build/include/config/netfilter/xt/target/log.h #lib/modules/KVER-ipfire-multi/build/include/config/netfilter/xt/target/mark.h @@ -13192,7 +13185,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire-multi/build/include/linux/iio/triggered_event.h #lib/modules/KVER-ipfire-multi/build/include/linux/iio/types.h #lib/modules/KVER-ipfire-multi/build/include/linux/ima.h -#lib/modules/KVER-ipfire-multi/build/include/linux/imq.h #lib/modules/KVER-ipfire-multi/build/include/linux/imx-media.h #lib/modules/KVER-ipfire-multi/build/include/linux/in.h #lib/modules/KVER-ipfire-multi/build/include/linux/in6.h @@ -13805,7 +13797,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire-multi/build/include/linux/netfilter/nfnetlink.h #lib/modules/KVER-ipfire-multi/build/include/linux/netfilter/nfnetlink_acct.h #lib/modules/KVER-ipfire-multi/build/include/linux/netfilter/x_tables.h -#lib/modules/KVER-ipfire-multi/build/include/linux/netfilter/xt_IMQ.h #lib/modules/KVER-ipfire-multi/build/include/linux/netfilter/xt_hashlimit.h #lib/modules/KVER-ipfire-multi/build/include/linux/netfilter/xt_physdev.h #lib/modules/KVER-ipfire-multi/build/include/linux/netfilter_arp @@ -13819,11 +13810,9 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire-multi/build/include/linux/netfilter_ipv4 #lib/modules/KVER-ipfire-multi/build/include/linux/netfilter_ipv4.h #lib/modules/KVER-ipfire-multi/build/include/linux/netfilter_ipv4/ip_tables.h -#lib/modules/KVER-ipfire-multi/build/include/linux/netfilter_ipv4/ipt_IMQ.h #lib/modules/KVER-ipfire-multi/build/include/linux/netfilter_ipv6 #lib/modules/KVER-ipfire-multi/build/include/linux/netfilter_ipv6.h #lib/modules/KVER-ipfire-multi/build/include/linux/netfilter_ipv6/ip6_tables.h -#lib/modules/KVER-ipfire-multi/build/include/linux/netfilter_ipv6/ip6t_IMQ.h #lib/modules/KVER-ipfire-multi/build/include/linux/netlink.h #lib/modules/KVER-ipfire-multi/build/include/linux/netpoll.h #lib/modules/KVER-ipfire-multi/build/include/linux/nfs.h @@ -19598,7 +19587,6 @@ lib/modules/KVER-ipfire-multi/kernel #lib/modules/KVER-ipfire-multi/kernel/drivers/net/ethernet/wiznet/w5300.ko.xz #lib/modules/KVER-ipfire-multi/kernel/drivers/net/geneve.ko.xz #lib/modules/KVER-ipfire-multi/kernel/drivers/net/ifb.ko.xz -#lib/modules/KVER-ipfire-multi/kernel/drivers/net/imq.ko.xz #lib/modules/KVER-ipfire-multi/kernel/drivers/net/ipvlan #lib/modules/KVER-ipfire-multi/kernel/drivers/net/ipvlan/ipvlan.ko.xz #lib/modules/KVER-ipfire-multi/kernel/drivers/net/ipvlan/ipvtap.ko.xz @@ -20588,7 +20576,6 @@ lib/modules/KVER-ipfire-multi/kernel #lib/modules/KVER-ipfire-multi/kernel/net/netfilter/xt_HL.ko.xz #lib/modules/KVER-ipfire-multi/kernel/net/netfilter/xt_HMARK.ko.xz #lib/modules/KVER-ipfire-multi/kernel/net/netfilter/xt_IDLETIMER.ko.xz -#lib/modules/KVER-ipfire-multi/kernel/net/netfilter/xt_IMQ.ko.xz #lib/modules/KVER-ipfire-multi/kernel/net/netfilter/xt_LED.ko.xz #lib/modules/KVER-ipfire-multi/kernel/net/netfilter/xt_LOG.ko.xz #lib/modules/KVER-ipfire-multi/kernel/net/netfilter/xt_NETMAP.ko.xz diff --git a/config/rootfiles/common/i586/linux b/config/rootfiles/common/i586/linux index 1a1ca83a7..1fe01233f 100644 --- a/config/rootfiles/common/i586/linux +++ b/config/rootfiles/common/i586/linux @@ -8187,12 +8187,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/config/illegal #lib/modules/KVER-ipfire/build/include/config/illegal/pointer #lib/modules/KVER-ipfire/build/include/config/illegal/pointer/value.h -#lib/modules/KVER-ipfire/build/include/config/imq -#lib/modules/KVER-ipfire/build/include/config/imq.h -#lib/modules/KVER-ipfire/build/include/config/imq/behavior -#lib/modules/KVER-ipfire/build/include/config/imq/behavior/ab.h -#lib/modules/KVER-ipfire/build/include/config/imq/num -#lib/modules/KVER-ipfire/build/include/config/imq/num/devs.h #lib/modules/KVER-ipfire/build/include/config/inet #lib/modules/KVER-ipfire/build/include/config/inet.h #lib/modules/KVER-ipfire/build/include/config/inet/ah.h @@ -9472,7 +9466,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/hl.h #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/hmark.h #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/idletimer.h -#lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/imq.h #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/led.h #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/log.h #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/mark.h @@ -13456,7 +13449,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/linux/iio/triggered_event.h #lib/modules/KVER-ipfire/build/include/linux/iio/types.h #lib/modules/KVER-ipfire/build/include/linux/ima.h -#lib/modules/KVER-ipfire/build/include/linux/imq.h #lib/modules/KVER-ipfire/build/include/linux/imx-media.h #lib/modules/KVER-ipfire/build/include/linux/in.h #lib/modules/KVER-ipfire/build/include/linux/in6.h @@ -14069,7 +14061,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/linux/netfilter/nfnetlink.h #lib/modules/KVER-ipfire/build/include/linux/netfilter/nfnetlink_acct.h #lib/modules/KVER-ipfire/build/include/linux/netfilter/x_tables.h -#lib/modules/KVER-ipfire/build/include/linux/netfilter/xt_IMQ.h #lib/modules/KVER-ipfire/build/include/linux/netfilter/xt_hashlimit.h #lib/modules/KVER-ipfire/build/include/linux/netfilter/xt_physdev.h #lib/modules/KVER-ipfire/build/include/linux/netfilter_arp @@ -14083,11 +14074,9 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv4 #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv4.h #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv4/ip_tables.h -#lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv4/ipt_IMQ.h #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv6 #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv6.h #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv6/ip6_tables.h -#lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv6/ip6t_IMQ.h #lib/modules/KVER-ipfire/build/include/linux/netlink.h #lib/modules/KVER-ipfire/build/include/linux/netpoll.h #lib/modules/KVER-ipfire/build/include/linux/nfs.h @@ -20196,7 +20185,6 @@ lib/modules/KVER-ipfire/kernel #lib/modules/KVER-ipfire/kernel/drivers/net/hyperv #lib/modules/KVER-ipfire/kernel/drivers/net/hyperv/hv_netvsc.ko.xz #lib/modules/KVER-ipfire/kernel/drivers/net/ifb.ko.xz -#lib/modules/KVER-ipfire/kernel/drivers/net/imq.ko.xz #lib/modules/KVER-ipfire/kernel/drivers/net/ipvlan #lib/modules/KVER-ipfire/kernel/drivers/net/ipvlan/ipvlan.ko.xz #lib/modules/KVER-ipfire/kernel/drivers/net/ipvlan/ipvtap.ko.xz @@ -21531,7 +21519,6 @@ lib/modules/KVER-ipfire/kernel #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_HL.ko.xz #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_HMARK.ko.xz #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_IDLETIMER.ko.xz -#lib/modules/KVER-ipfire/kernel/net/netfilter/xt_IMQ.ko.xz #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_LED.ko.xz #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_LOG.ko.xz #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_NETMAP.ko.xz diff --git a/config/rootfiles/common/iptables b/config/rootfiles/common/iptables index 389518646..0f8f1cf8c 100644 --- a/config/rootfiles/common/iptables +++ b/config/rootfiles/common/iptables @@ -64,7 +64,6 @@ lib/xtables/libxt_CT.so lib/xtables/libxt_DSCP.so lib/xtables/libxt_HMARK.so lib/xtables/libxt_IDLETIMER.so -lib/xtables/libxt_IMQ.so lib/xtables/libxt_LED.so lib/xtables/libxt_MARK.so lib/xtables/libxt_NFLOG.so diff --git a/config/rootfiles/common/x86_64/linux b/config/rootfiles/common/x86_64/linux index 755d7627a..68f907faa 100644 --- a/config/rootfiles/common/x86_64/linux +++ b/config/rootfiles/common/x86_64/linux @@ -8265,12 +8265,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/config/illegal #lib/modules/KVER-ipfire/build/include/config/illegal/pointer #lib/modules/KVER-ipfire/build/include/config/illegal/pointer/value.h -#lib/modules/KVER-ipfire/build/include/config/imq -#lib/modules/KVER-ipfire/build/include/config/imq.h -#lib/modules/KVER-ipfire/build/include/config/imq/behavior -#lib/modules/KVER-ipfire/build/include/config/imq/behavior/ab.h -#lib/modules/KVER-ipfire/build/include/config/imq/num -#lib/modules/KVER-ipfire/build/include/config/imq/num/devs.h #lib/modules/KVER-ipfire/build/include/config/inet #lib/modules/KVER-ipfire/build/include/config/inet.h #lib/modules/KVER-ipfire/build/include/config/inet/ah.h @@ -9529,7 +9523,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/hl.h #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/hmark.h #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/idletimer.h -#lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/imq.h #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/led.h #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/log.h #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/mark.h @@ -13471,7 +13464,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/linux/iio/triggered_event.h #lib/modules/KVER-ipfire/build/include/linux/iio/types.h #lib/modules/KVER-ipfire/build/include/linux/ima.h -#lib/modules/KVER-ipfire/build/include/linux/imq.h #lib/modules/KVER-ipfire/build/include/linux/imx-media.h #lib/modules/KVER-ipfire/build/include/linux/in.h #lib/modules/KVER-ipfire/build/include/linux/in6.h @@ -14084,7 +14076,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/linux/netfilter/nfnetlink.h #lib/modules/KVER-ipfire/build/include/linux/netfilter/nfnetlink_acct.h #lib/modules/KVER-ipfire/build/include/linux/netfilter/x_tables.h -#lib/modules/KVER-ipfire/build/include/linux/netfilter/xt_IMQ.h #lib/modules/KVER-ipfire/build/include/linux/netfilter/xt_hashlimit.h #lib/modules/KVER-ipfire/build/include/linux/netfilter/xt_physdev.h #lib/modules/KVER-ipfire/build/include/linux/netfilter_arp @@ -14098,11 +14089,9 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv4 #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv4.h #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv4/ip_tables.h -#lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv4/ipt_IMQ.h #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv6 #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv6.h #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv6/ip6_tables.h -#lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv6/ip6t_IMQ.h #lib/modules/KVER-ipfire/build/include/linux/netlink.h #lib/modules/KVER-ipfire/build/include/linux/netpoll.h #lib/modules/KVER-ipfire/build/include/linux/nfs.h @@ -20209,7 +20198,6 @@ lib/modules/KVER-ipfire/kernel #lib/modules/KVER-ipfire/kernel/drivers/net/hyperv #lib/modules/KVER-ipfire/kernel/drivers/net/hyperv/hv_netvsc.ko.xz #lib/modules/KVER-ipfire/kernel/drivers/net/ifb.ko.xz -#lib/modules/KVER-ipfire/kernel/drivers/net/imq.ko.xz #lib/modules/KVER-ipfire/kernel/drivers/net/ipvlan #lib/modules/KVER-ipfire/kernel/drivers/net/ipvlan/ipvlan.ko.xz #lib/modules/KVER-ipfire/kernel/drivers/net/ipvlan/ipvtap.ko.xz @@ -21522,7 +21510,6 @@ lib/modules/KVER-ipfire/kernel #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_HL.ko.xz #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_HMARK.ko.xz #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_IDLETIMER.ko.xz -#lib/modules/KVER-ipfire/kernel/net/netfilter/xt_IMQ.ko.xz #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_LED.ko.xz #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_LOG.ko.xz #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_NETMAP.ko.xz diff --git a/config/rootfiles/packages/linux-pae b/config/rootfiles/packages/linux-pae index 590595828..f3966ce75 100644 --- a/config/rootfiles/packages/linux-pae +++ b/config/rootfiles/packages/linux-pae @@ -8189,12 +8189,6 @@ boot/vmlinuz-KVER-ipfire-pae #lib/modules/KVER-ipfire-pae/build/include/config/illegal #lib/modules/KVER-ipfire-pae/build/include/config/illegal/pointer #lib/modules/KVER-ipfire-pae/build/include/config/illegal/pointer/value.h -#lib/modules/KVER-ipfire-pae/build/include/config/imq -#lib/modules/KVER-ipfire-pae/build/include/config/imq.h -#lib/modules/KVER-ipfire-pae/build/include/config/imq/behavior -#lib/modules/KVER-ipfire-pae/build/include/config/imq/behavior/ab.h -#lib/modules/KVER-ipfire-pae/build/include/config/imq/num -#lib/modules/KVER-ipfire-pae/build/include/config/imq/num/devs.h #lib/modules/KVER-ipfire-pae/build/include/config/inet #lib/modules/KVER-ipfire-pae/build/include/config/inet.h #lib/modules/KVER-ipfire-pae/build/include/config/inet/ah.h @@ -9474,7 +9468,6 @@ boot/vmlinuz-KVER-ipfire-pae #lib/modules/KVER-ipfire-pae/build/include/config/netfilter/xt/target/hl.h #lib/modules/KVER-ipfire-pae/build/include/config/netfilter/xt/target/hmark.h #lib/modules/KVER-ipfire-pae/build/include/config/netfilter/xt/target/idletimer.h -#lib/modules/KVER-ipfire-pae/build/include/config/netfilter/xt/target/imq.h #lib/modules/KVER-ipfire-pae/build/include/config/netfilter/xt/target/led.h #lib/modules/KVER-ipfire-pae/build/include/config/netfilter/xt/target/log.h #lib/modules/KVER-ipfire-pae/build/include/config/netfilter/xt/target/mark.h @@ -13526,7 +13519,6 @@ boot/vmlinuz-KVER-ipfire-pae #lib/modules/KVER-ipfire-pae/build/include/linux/iio/triggered_event.h #lib/modules/KVER-ipfire-pae/build/include/linux/iio/types.h #lib/modules/KVER-ipfire-pae/build/include/linux/ima.h -#lib/modules/KVER-ipfire-pae/build/include/linux/imq.h #lib/modules/KVER-ipfire-pae/build/include/linux/imx-media.h #lib/modules/KVER-ipfire-pae/build/include/linux/in.h #lib/modules/KVER-ipfire-pae/build/include/linux/in6.h @@ -14139,7 +14131,6 @@ boot/vmlinuz-KVER-ipfire-pae #lib/modules/KVER-ipfire-pae/build/include/linux/netfilter/nfnetlink.h #lib/modules/KVER-ipfire-pae/build/include/linux/netfilter/nfnetlink_acct.h #lib/modules/KVER-ipfire-pae/build/include/linux/netfilter/x_tables.h -#lib/modules/KVER-ipfire-pae/build/include/linux/netfilter/xt_IMQ.h #lib/modules/KVER-ipfire-pae/build/include/linux/netfilter/xt_hashlimit.h #lib/modules/KVER-ipfire-pae/build/include/linux/netfilter/xt_physdev.h #lib/modules/KVER-ipfire-pae/build/include/linux/netfilter_arp @@ -14153,11 +14144,9 @@ boot/vmlinuz-KVER-ipfire-pae #lib/modules/KVER-ipfire-pae/build/include/linux/netfilter_ipv4 #lib/modules/KVER-ipfire-pae/build/include/linux/netfilter_ipv4.h #lib/modules/KVER-ipfire-pae/build/include/linux/netfilter_ipv4/ip_tables.h -#lib/modules/KVER-ipfire-pae/build/include/linux/netfilter_ipv4/ipt_IMQ.h #lib/modules/KVER-ipfire-pae/build/include/linux/netfilter_ipv6 #lib/modules/KVER-ipfire-pae/build/include/linux/netfilter_ipv6.h #lib/modules/KVER-ipfire-pae/build/include/linux/netfilter_ipv6/ip6_tables.h -#lib/modules/KVER-ipfire-pae/build/include/linux/netfilter_ipv6/ip6t_IMQ.h #lib/modules/KVER-ipfire-pae/build/include/linux/netlink.h #lib/modules/KVER-ipfire-pae/build/include/linux/netpoll.h #lib/modules/KVER-ipfire-pae/build/include/linux/nfs.h @@ -20267,7 +20256,6 @@ lib/modules/KVER-ipfire-pae/kernel #lib/modules/KVER-ipfire-pae/kernel/drivers/net/hyperv #lib/modules/KVER-ipfire-pae/kernel/drivers/net/hyperv/hv_netvsc.ko.xz #lib/modules/KVER-ipfire-pae/kernel/drivers/net/ifb.ko.xz -#lib/modules/KVER-ipfire-pae/kernel/drivers/net/imq.ko.xz #lib/modules/KVER-ipfire-pae/kernel/drivers/net/ipvlan #lib/modules/KVER-ipfire-pae/kernel/drivers/net/ipvlan/ipvlan.ko.xz #lib/modules/KVER-ipfire-pae/kernel/drivers/net/ipvlan/ipvtap.ko.xz @@ -21618,7 +21606,6 @@ lib/modules/KVER-ipfire-pae/kernel #lib/modules/KVER-ipfire-pae/kernel/net/netfilter/xt_HL.ko.xz #lib/modules/KVER-ipfire-pae/kernel/net/netfilter/xt_HMARK.ko.xz #lib/modules/KVER-ipfire-pae/kernel/net/netfilter/xt_IDLETIMER.ko.xz -#lib/modules/KVER-ipfire-pae/kernel/net/netfilter/xt_IMQ.ko.xz #lib/modules/KVER-ipfire-pae/kernel/net/netfilter/xt_LED.ko.xz #lib/modules/KVER-ipfire-pae/kernel/net/netfilter/xt_LOG.ko.xz #lib/modules/KVER-ipfire-pae/kernel/net/netfilter/xt_NETMAP.ko.xz diff --git a/lfs/iptables b/lfs/iptables index b91e41797..e2012ecb6 100644 --- a/lfs/iptables +++ b/lfs/iptables @@ -79,9 +79,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && cp -vf $(DIR_SRC)/netfilter-layer7-v2.23/iptables-1.4.3forward-for-kernel-2.6.20forward/* \ ./extensions/ - # imq - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/iptables-1.4.12-IMQ-test4.diff - cd $(DIR_APP) && ./configure \ --prefix=/usr \ --libdir=/lib \ diff --git a/lfs/linux b/lfs/linux index dbf9fe194..677e9afed 100644 --- a/lfs/linux +++ b/lfs/linux @@ -118,9 +118,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) ln -svf linux-$(VER) $(DIR_SRC)/linux - # Linux Intermediate Queueing Device - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-4.14-imq.diff - # Layer7-patch cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-4.14-layer7.patch diff --git a/src/patches/iptables-1.4.12-IMQ-test4.diff b/src/patches/iptables-1.4.12-IMQ-test4.diff deleted file mode 100644 index 5ce17e1b4..000000000 --- a/src/patches/iptables-1.4.12-IMQ-test4.diff +++ /dev/null @@ -1,141 +0,0 @@ -diff -Naur iptables-1.4.12.1/extensions/libxt_IMQ.c iptables-1.4.12.1-imq/extensions/libxt_IMQ.c ---- iptables-1.4.12.1/extensions/libxt_IMQ.c 1970-01-01 02:00:00.000000000 +0200 -+++ iptables-1.4.12.1-imq/extensions/libxt_IMQ.c 2011-09-30 13:53:21.000000000 +0300 -@@ -0,0 +1,105 @@ -+/* Shared library add-on to iptables to add IMQ target support. */ -+#include -+#include -+#include -+#include -+ -+#include -+#include -+#include -+ -+/* Function which prints out usage message. */ -+static void IMQ_help(void) -+{ -+ printf( -+"IMQ target options:\n" -+" --todev enqueue to imq, defaults to 0\n"); -+ -+} -+ -+static struct option IMQ_opts[] = { -+ { "todev", 1, 0, '1' }, -+ { 0 } -+}; -+ -+/* Initialize the target. */ -+static void IMQ_init(struct xt_entry_target *t) -+{ -+ struct xt_imq_info *mr = (struct xt_imq_info*)t->data; -+ -+ mr->todev = 0; -+} -+ -+/* Function which parses command options; returns true if it -+ ate an option */ -+static int IMQ_parse(int c, char **argv, int invert, unsigned int *flags, -+ const void *entry, struct xt_entry_target **target) -+{ -+ struct xt_imq_info *mr = (struct xt_imq_info*)(*target)->data; -+ -+ switch(c) { -+ case '1': -+/* if (xtables_check_inverse(optarg, &invert, NULL, 0, argv)) -+ xtables_error(PARAMETER_PROBLEM, -+ "Unexpected `!' after --todev"); -+*/ -+ mr->todev=atoi(optarg); -+ break; -+ -+ default: -+ return 0; -+ } -+ return 1; -+} -+ -+/* Prints out the targinfo. */ -+static void IMQ_print(const void *ip, -+ const struct xt_entry_target *target, -+ int numeric) -+{ -+ struct xt_imq_info *mr = (struct xt_imq_info*)target->data; -+ -+ printf("IMQ: todev %u ", mr->todev); -+} -+ -+/* Saves the union ipt_targinfo in parsable form to stdout. */ -+static void IMQ_save(const void *ip, const struct xt_entry_target *target) -+{ -+ struct xt_imq_info *mr = (struct xt_imq_info*)target->data; -+ -+ printf(" --todev %u", mr->todev); -+} -+ -+static struct xtables_target imq_target = { -+ .name = "IMQ", -+ .version = XTABLES_VERSION, -+ .family = NFPROTO_IPV4, -+ .size = XT_ALIGN(sizeof(struct xt_imq_info)), -+ .userspacesize = XT_ALIGN(sizeof(struct xt_imq_info)), -+ .help = IMQ_help, -+ .init = IMQ_init, -+ .parse = IMQ_parse, -+ .print = IMQ_print, -+ .save = IMQ_save, -+ .extra_opts = IMQ_opts, -+}; -+ -+static struct xtables_target imq_target6 = { -+ .name = "IMQ", -+ .version = XTABLES_VERSION, -+ .family = NFPROTO_IPV6, -+ .size = XT_ALIGN(sizeof(struct xt_imq_info)), -+ .userspacesize = XT_ALIGN(sizeof(struct xt_imq_info)), -+ .help = IMQ_help, -+ .init = IMQ_init, -+ .parse = IMQ_parse, -+ .print = IMQ_print, -+ .save = IMQ_save, -+ .extra_opts = IMQ_opts, -+}; -+ -+// void __attribute((constructor)) nf_ext_init(void){ -+void _init(void){ -+ xtables_register_target(&imq_target); -+ xtables_register_target(&imq_target6); -+} -diff -Naur iptables-1.4.12.1/extensions/libxt_IMQ.man iptables-1.4.12.1-imq/extensions/libxt_IMQ.man ---- iptables-1.4.12.1/extensions/libxt_IMQ.man 1970-01-01 02:00:00.000000000 +0200 -+++ iptables-1.4.12.1-imq/extensions/libxt_IMQ.man 2011-09-30 13:53:21.000000000 +0300 -@@ -0,0 +1,15 @@ -+This target is used to redirect the traffic to the IMQ driver and you can apply -+QoS rules like HTB or CBQ. -+For example you can select only traffic comming from a specific interface or -+is going out on a specific interface. -+Also it permits to capture the traffic BEFORE NAT in the case of outgoing traffic -+or AFTER NAT in the case of incomming traffic. -+.TP -+\fB\-\-to\-dev\fP \fIvalue\fP -+Set the IMQ interface where to send this traffic -+.TP -+Example: -+.TP -+Redirect incomming traffic from interface eth0 to imq0 and outgoing traffic to imq1: -+iptables \-t mangle \-A FORWARD \-i eth0 \-j IMQ \-\-to\-dev 0 -+iptables \-t mangle \-A FORWARD \-o eth0 \-j IMQ \-\-to\-dev 1 -diff -Naur iptables-1.4.12.1/include/linux/netfilter/xt_IMQ.h iptables-1.4.12.1-imq/include/linux/netfilter/xt_IMQ.h ---- iptables-1.4.12.1/include/linux/netfilter/xt_IMQ.h 1970-01-01 02:00:00.000000000 +0200 -+++ iptables-1.4.12.1-imq/include/linux/netfilter/xt_IMQ.h 2011-09-30 13:53:21.000000000 +0300 -@@ -0,0 +1,9 @@ -+#ifndef _XT_IMQ_H -+#define _XT_IMQ_H -+ -+struct xt_imq_info { -+ unsigned int todev; /* target imq device */ -+}; -+ -+#endif /* _XT_IMQ_H */ -+ diff --git a/src/patches/linux/linux-4.14-imq.diff b/src/patches/linux/linux-4.14-imq.diff deleted file mode 100644 index 0281bf6e4..000000000 --- a/src/patches/linux/linux-4.14-imq.diff +++ /dev/null @@ -1,1759 +0,0 @@ -diff -Naupr linux-4.14_orig/drivers/net/imq.c linux-4.14/drivers/net/imq.c ---- linux-4.14_orig/drivers/net/imq.c 1970-01-01 07:00:00.000000000 +0700 -+++ linux-4.14/drivers/net/imq.c 2017-11-13 11:46:45.844089945 +0700 -@@ -0,0 +1,962 @@ -+/* -+ * Pseudo-driver for the intermediate queue device. -+ * -+ * This program is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU General Public License -+ * as published by the Free Software Foundation; either version -+ * 2 of the License, or (at your option) any later version. -+ * -+ * Authors: Patrick McHardy, -+ * -+ * The first version was written by Martin Devera, -+ * -+ * See Credits.txt -+ */ -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) -+#include -+#endif -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+ -+static int imq_nf_queue(struct nf_queue_entry *entry, unsigned queue_num); -+ -+static nf_hookfn imq_nf_hook; -+ -+static struct nf_hook_ops imq_ops[] = { -+ { -+ /* imq_ingress_ipv4 */ -+ .hook = imq_nf_hook, -+ .pf = PF_INET, -+ .hooknum = NF_INET_PRE_ROUTING, -+#if defined(CONFIG_IMQ_BEHAVIOR_BA) || defined(CONFIG_IMQ_BEHAVIOR_BB) -+ .priority = NF_IP_PRI_MANGLE + 1, -+#else -+ .priority = NF_IP_PRI_NAT_DST + 1, -+#endif -+ }, -+ { -+ /* imq_egress_ipv4 */ -+ .hook = imq_nf_hook, -+ .pf = PF_INET, -+ .hooknum = NF_INET_POST_ROUTING, -+#if defined(CONFIG_IMQ_BEHAVIOR_AA) || defined(CONFIG_IMQ_BEHAVIOR_BA) -+ .priority = NF_IP_PRI_LAST, -+#else -+ .priority = NF_IP_PRI_NAT_SRC - 1, -+#endif -+ }, -+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) -+ { -+ /* imq_ingress_ipv6 */ -+ .hook = imq_nf_hook, -+ .pf = PF_INET6, -+ .hooknum = NF_INET_PRE_ROUTING, -+#if defined(CONFIG_IMQ_BEHAVIOR_BA) || defined(CONFIG_IMQ_BEHAVIOR_BB) -+ .priority = NF_IP6_PRI_MANGLE + 1, -+#else -+ .priority = NF_IP6_PRI_NAT_DST + 1, -+#endif -+ }, -+ { -+ /* imq_egress_ipv6 */ -+ .hook = imq_nf_hook, -+ .pf = PF_INET6, -+ .hooknum = NF_INET_POST_ROUTING, -+#if defined(CONFIG_IMQ_BEHAVIOR_AA) || defined(CONFIG_IMQ_BEHAVIOR_BA) -+ .priority = NF_IP6_PRI_LAST, -+#else -+ .priority = NF_IP6_PRI_NAT_SRC - 1, -+#endif -+ }, -+#endif -+}; -+ -+#if defined(CONFIG_IMQ_NUM_DEVS) -+static int numdevs = CONFIG_IMQ_NUM_DEVS; -+#else -+static int numdevs = IMQ_MAX_DEVS; -+#endif -+ -+static struct net_device *imq_devs_cache[IMQ_MAX_DEVS]; -+ -+#define IMQ_MAX_QUEUES 32 -+static int numqueues = 1; -+static u32 imq_hashrnd; -+static int imq_dev_accurate_stats = 1; -+ -+static inline __be16 pppoe_proto(const struct sk_buff *skb) -+{ -+ return *((__be16 *)(skb_mac_header(skb) + ETH_HLEN + -+ sizeof(struct pppoe_hdr))); -+} -+ -+static u16 imq_hash(struct net_device *dev, struct sk_buff *skb) -+{ -+ unsigned int pull_len; -+ u16 protocol = skb->protocol; -+ u32 addr1, addr2; -+ u32 hash, ihl = 0; -+ union { -+ u16 in16[2]; -+ u32 in32; -+ } ports; -+ u8 ip_proto; -+ -+ pull_len = 0; -+ -+recheck: -+ switch (protocol) { -+ case htons(ETH_P_8021Q): { -+ if (unlikely(skb_pull(skb, VLAN_HLEN) == NULL)) -+ goto other; -+ -+ pull_len += VLAN_HLEN; -+ skb->network_header += VLAN_HLEN; -+ -+ protocol = vlan_eth_hdr(skb)->h_vlan_encapsulated_proto; -+ goto recheck; -+ } -+ -+ case htons(ETH_P_PPP_SES): { -+ if (unlikely(skb_pull(skb, PPPOE_SES_HLEN) == NULL)) -+ goto other; -+ -+ pull_len += PPPOE_SES_HLEN; -+ skb->network_header += PPPOE_SES_HLEN; -+ -+ protocol = pppoe_proto(skb); -+ goto recheck; -+ } -+ -+ case htons(ETH_P_IP): { -+ const struct iphdr *iph = ip_hdr(skb); -+ -+ if (unlikely(!pskb_may_pull(skb, sizeof(struct iphdr)))) -+ goto other; -+ -+ addr1 = iph->daddr; -+ addr2 = iph->saddr; -+ -+ ip_proto = !(ip_hdr(skb)->frag_off & htons(IP_MF | IP_OFFSET)) ? -+ iph->protocol : 0; -+ ihl = ip_hdrlen(skb); -+ -+ break; -+ } -+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) -+ case htons(ETH_P_IPV6): { -+ const struct ipv6hdr *iph = ipv6_hdr(skb); -+ __be16 fo = 0; -+ -+ if (unlikely(!pskb_may_pull(skb, sizeof(struct ipv6hdr)))) -+ goto other; -+ -+ addr1 = iph->daddr.s6_addr32[3]; -+ addr2 = iph->saddr.s6_addr32[3]; -+ ihl = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr), &ip_proto, -+ &fo); -+ if (unlikely(ihl < 0)) -+ goto other; -+ -+ break; -+ } -+#endif -+ default: -+other: -+ if (pull_len != 0) { -+ skb_push(skb, pull_len); -+ skb->network_header -= pull_len; -+ } -+ -+ return (u16)(ntohs(protocol) % dev->real_num_tx_queues); -+ } -+ -+ if (addr1 > addr2) -+ swap(addr1, addr2); -+ -+ switch (ip_proto) { -+ case IPPROTO_TCP: -+ case IPPROTO_UDP: -+ case IPPROTO_DCCP: -+ case IPPROTO_ESP: -+ case IPPROTO_AH: -+ case IPPROTO_SCTP: -+ case IPPROTO_UDPLITE: { -+ if (likely(skb_copy_bits(skb, ihl, &ports.in32, 4) >= 0)) { -+ if (ports.in16[0] > ports.in16[1]) -+ swap(ports.in16[0], ports.in16[1]); -+ break; -+ } -+ /* fall-through */ -+ } -+ default: -+ ports.in32 = 0; -+ break; -+ } -+ -+ if (pull_len != 0) { -+ skb_push(skb, pull_len); -+ skb->network_header -= pull_len; -+ } -+ -+ hash = jhash_3words(addr1, addr2, ports.in32, imq_hashrnd ^ ip_proto); -+ -+ return (u16)(((u64)hash * dev->real_num_tx_queues) >> 32); -+} -+ -+static inline bool sk_tx_queue_recorded(struct sock *sk) -+{ -+ return (sk_tx_queue_get(sk) >= 0); -+} -+ -+static struct netdev_queue *imq_select_queue(struct net_device *dev, -+ struct sk_buff *skb) -+{ -+ u16 queue_index = 0; -+ u32 hash; -+ -+ if (likely(dev->real_num_tx_queues == 1)) -+ goto out; -+ -+ /* IMQ can be receiving ingress or engress packets. */ -+ -+ /* Check first for if rx_queue is set */ -+ if (skb_rx_queue_recorded(skb)) { -+ queue_index = skb_get_rx_queue(skb); -+ goto out; -+ } -+ -+ /* Check if socket has tx_queue set */ -+ if (sk_tx_queue_recorded(skb->sk)) { -+ queue_index = sk_tx_queue_get(skb->sk); -+ goto out; -+ } -+ -+ /* Try use socket hash */ -+ if (skb->sk && skb->sk->sk_hash) { -+ hash = skb->sk->sk_hash; -+ queue_index = -+ (u16)(((u64)hash * dev->real_num_tx_queues) >> 32); -+ goto out; -+ } -+ -+ /* Generate hash from packet data */ -+ queue_index = imq_hash(dev, skb); -+ -+out: -+ if (unlikely(queue_index >= dev->real_num_tx_queues)) -+ queue_index = (u16)((u32)queue_index % dev->real_num_tx_queues); -+ -+ skb_set_queue_mapping(skb, queue_index); -+ return netdev_get_tx_queue(dev, queue_index); -+} -+ -+static struct net_device_stats *imq_get_stats(struct net_device *dev) -+{ -+ return &dev->stats; -+} -+ -+/* called for packets kfree'd in qdiscs at places other than enqueue */ -+static void imq_skb_destructor(struct sk_buff *skb) -+{ -+ struct nf_queue_entry *entry = skb->nf_queue_entry; -+ -+ skb->nf_queue_entry = NULL; -+ -+ if (entry) { -+ nf_queue_entry_release_refs(entry); -+ kfree(entry); -+ } -+ -+ skb_restore_cb(skb); /* kfree backup */ -+} -+ -+static void imq_done_check_queue_mapping(struct sk_buff *skb, -+ struct net_device *dev) -+{ -+ unsigned int queue_index; -+ -+ /* Don't let queue_mapping be left too large after exiting IMQ */ -+ if (likely(skb->dev != dev && skb->dev != NULL)) { -+ queue_index = skb_get_queue_mapping(skb); -+ if (unlikely(queue_index >= skb->dev->real_num_tx_queues)) { -+ queue_index = (u16)((u32)queue_index % -+ skb->dev->real_num_tx_queues); -+ skb_set_queue_mapping(skb, queue_index); -+ } -+ } else { -+ /* skb->dev was IMQ device itself or NULL, be on safe side and -+ * just clear queue mapping. -+ */ -+ skb_set_queue_mapping(skb, 0); -+ } -+} -+ -+static netdev_tx_t imq_dev_xmit(struct sk_buff *skb, struct net_device *dev) -+{ -+ struct nf_queue_entry *entry = skb->nf_queue_entry; -+ -+ rcu_read_lock(); -+ -+ skb->nf_queue_entry = NULL; -+ netif_trans_update(dev); -+ -+ dev->stats.tx_bytes += skb->len; -+ dev->stats.tx_packets++; -+ -+ if (unlikely(entry == NULL)) { -+ /* We don't know what is going on here.. packet is queued for -+ * imq device, but (probably) not by us. -+ * -+ * If this packet was not send here by imq_nf_queue(), then -+ * skb_save_cb() was not used and skb_free() should not show: -+ * WARNING: IMQ: kfree_skb: skb->cb_next:.. -+ * and/or -+ * WARNING: IMQ: kfree_skb: skb->nf_queue_entry... -+ * -+ * However if this message is shown, then IMQ is somehow broken -+ * and you should report this to linuximq.net. -+ */ -+ -+ /* imq_dev_xmit is black hole that eats all packets, report that -+ * we eat this packet happily and increase dropped counters. -+ */ -+ -+ dev->stats.tx_dropped++; -+ dev_kfree_skb(skb); -+ -+ rcu_read_unlock(); -+ return NETDEV_TX_OK; -+ } -+ -+ skb_restore_cb(skb); /* restore skb->cb */ -+ -+ skb->imq_flags = 0; -+ skb->destructor = NULL; -+ -+ imq_done_check_queue_mapping(skb, dev); -+ -+ nf_reinject(entry, NF_ACCEPT); -+ -+ rcu_read_unlock(); -+ return NETDEV_TX_OK; -+} -+ -+static struct net_device *get_imq_device_by_index(int index) -+{ -+ struct net_device *dev = NULL; -+ struct net *net; -+ char buf[8]; -+ -+ /* get device by name and cache result */ -+ snprintf(buf, sizeof(buf), "imq%d", index); -+ -+ /* Search device from all namespaces. */ -+ for_each_net(net) { -+ dev = dev_get_by_name(net, buf); -+ if (dev) -+ break; -+ } -+ -+ if (WARN_ON_ONCE(dev == NULL)) { -+ /* IMQ device not found. Exotic config? */ -+ return ERR_PTR(-ENODEV); -+ } -+ -+ imq_devs_cache[index] = dev; -+ dev_put(dev); -+ -+ return dev; -+} -+ -+static struct nf_queue_entry *nf_queue_entry_dup(struct nf_queue_entry *e) -+{ -+ struct nf_queue_entry *entry = kmemdup(e, e->size, GFP_ATOMIC); -+ if (entry) { -+ nf_queue_entry_get_refs(entry); -+ return entry; -+ } -+ return NULL; -+} -+ -+#ifdef CONFIG_BRIDGE_NETFILTER -+/* When called from bridge netfilter, skb->data must point to MAC header -+ * before calling skb_gso_segment(). Else, original MAC header is lost -+ * and segmented skbs will be sent to wrong destination. -+ */ -+static void nf_bridge_adjust_skb_data(struct sk_buff *skb) -+{ -+ if (skb->nf_bridge) -+ __skb_push(skb, skb->network_header - skb->mac_header); -+} -+ -+static void nf_bridge_adjust_segmented_data(struct sk_buff *skb) -+{ -+ if (skb->nf_bridge) -+ __skb_pull(skb, skb->network_header - skb->mac_header); -+} -+#else -+#define nf_bridge_adjust_skb_data(s) do {} while (0) -+#define nf_bridge_adjust_segmented_data(s) do {} while (0) -+#endif -+ -+static void free_entry(struct nf_queue_entry *entry) -+{ -+ nf_queue_entry_release_refs(entry); -+ kfree(entry); -+} -+ -+static int __imq_nf_queue(struct nf_queue_entry *entry, struct net_device *dev); -+ -+static int __imq_nf_queue_gso(struct nf_queue_entry *entry, -+ struct net_device *dev, struct sk_buff *skb) -+{ -+ int ret = -ENOMEM; -+ struct nf_queue_entry *entry_seg; -+ -+ nf_bridge_adjust_segmented_data(skb); -+ -+ if (skb->next == NULL) { /* last packet, no need to copy entry */ -+ struct sk_buff *gso_skb = entry->skb; -+ entry->skb = skb; -+ ret = __imq_nf_queue(entry, dev); -+ if (ret) -+ entry->skb = gso_skb; -+ return ret; -+ } -+ -+ skb->next = NULL; -+ -+ entry_seg = nf_queue_entry_dup(entry); -+ if (entry_seg) { -+ entry_seg->skb = skb; -+ ret = __imq_nf_queue(entry_seg, dev); -+ if (ret) -+ free_entry(entry_seg); -+ } -+ return ret; -+} -+ -+static int imq_nf_queue(struct nf_queue_entry *entry, unsigned queue_num) -+{ -+ struct sk_buff *skb, *segs; -+ struct net_device *dev; -+ unsigned int queued; -+ int index, retval, err; -+ -+ index = entry->skb->imq_flags & IMQ_F_IFMASK; -+ if (unlikely(index > numdevs - 1)) { -+ if (net_ratelimit()) -+ pr_warn("IMQ: invalid device specified, highest is %u\n", -+ numdevs - 1); -+ retval = -EINVAL; -+ goto out_no_dev; -+ } -+ -+ /* check for imq device by index from cache */ -+ dev = imq_devs_cache[index]; -+ if (unlikely(!dev)) { -+ dev = get_imq_device_by_index(index); -+ if (IS_ERR(dev)) { -+ retval = PTR_ERR(dev); -+ goto out_no_dev; -+ } -+ } -+ -+ if (unlikely(!(dev->flags & IFF_UP))) { -+ entry->skb->imq_flags = 0; -+ retval = -ECANCELED; -+ goto out_no_dev; -+ } -+ -+ /* Since 3.10.x, GSO handling moved here as result of upstream commit -+ * a5fedd43d5f6c94c71053a66e4c3d2e35f1731a2 (netfilter: move -+ * skb_gso_segment into nfnetlink_queue module). -+ * -+ * Following code replicates the gso handling from -+ * 'net/netfilter/nfnetlink_queue_core.c':nfqnl_enqueue_packet(). -+ */ -+ -+ skb = entry->skb; -+ -+ switch (entry->state.pf) { -+ case NFPROTO_IPV4: -+ skb->protocol = htons(ETH_P_IP); -+ break; -+ case NFPROTO_IPV6: -+ skb->protocol = htons(ETH_P_IPV6); -+ break; -+ } -+ -+ if (!skb_is_gso(entry->skb)) -+ return __imq_nf_queue(entry, dev); -+ -+ nf_bridge_adjust_skb_data(skb); -+ segs = skb_gso_segment(skb, 0); -+ /* Does not use PTR_ERR to limit the number of error codes that can be -+ * returned by nf_queue. For instance, callers rely on -ECANCELED to -+ * mean 'ignore this hook'. -+ */ -+ err = -ENOBUFS; -+ if (IS_ERR(segs)) -+ goto out_err; -+ queued = 0; -+ err = 0; -+ do { -+ struct sk_buff *nskb = segs->next; -+ if (nskb && nskb->next) -+ nskb->cb_next = NULL; -+ if (err == 0) -+ err = __imq_nf_queue_gso(entry, dev, segs); -+ if (err == 0) -+ queued++; -+ else -+ kfree_skb(segs); -+ segs = nskb; -+ } while (segs); -+ -+ if (queued) { -+ if (err) /* some segments are already queued */ -+ free_entry(entry); -+ kfree_skb(skb); -+ return 0; -+ } -+ -+out_err: -+ nf_bridge_adjust_segmented_data(skb); -+ retval = err; -+out_no_dev: -+ return retval; -+} -+ -+static int __imq_nf_queue(struct nf_queue_entry *entry, struct net_device *dev) -+{ -+ struct sk_buff *skb_orig, *skb, *skb_shared, *skb_popd; -+ struct Qdisc *q; -+ struct sk_buff *to_free = NULL; -+ struct netdev_queue *txq; -+ spinlock_t *root_lock; -+ int users; -+ int retval = -EINVAL; -+ unsigned int orig_queue_index; -+ -+ dev->last_rx = jiffies; -+ -+ skb = entry->skb; -+ skb_orig = NULL; -+ -+ /* skb has owner? => make clone */ -+ if (unlikely(skb->destructor)) { -+ skb_orig = skb; -+ skb = skb_clone(skb, GFP_ATOMIC); -+ if (unlikely(!skb)) { -+ retval = -ENOMEM; -+ goto out; -+ } -+ skb->cb_next = NULL; -+ entry->skb = skb; -+ } -+ -+ dev->stats.rx_bytes += skb->len; -+ dev->stats.rx_packets++; -+ -+ if (!skb->dev) { -+ /* skb->dev == NULL causes problems, try the find cause. */ -+ if (net_ratelimit()) { -+ dev_warn(&dev->dev, -+ "received packet with skb->dev == NULL\n"); -+ dump_stack(); -+ } -+ -+ skb->dev = dev; -+ } -+ -+ /* Disables softirqs for lock below */ -+ rcu_read_lock_bh(); -+ -+ /* Multi-queue selection */ -+ orig_queue_index = skb_get_queue_mapping(skb); -+ txq = imq_select_queue(dev, skb); -+ -+ q = rcu_dereference(txq->qdisc); -+ if (unlikely(!q->enqueue)) -+ goto packet_not_eaten_by_imq_dev; -+ -+ skb->nf_queue_entry = entry; -+ root_lock = qdisc_lock(q); -+ spin_lock(root_lock); -+ -+ users = refcount_read(&skb->users); -+ -+ skb_shared = skb_get(skb); /* increase reference count by one */ -+ -+ /* backup skb->cb, as qdisc layer will overwrite it */ -+ skb_save_cb(skb_shared); -+ qdisc_enqueue_root(skb_shared, q, &to_free); /* might kfree_skb */ -+ if (likely(refcount_read(&skb_shared->users) == users + 1)) { -+ bool validate; -+ -+ kfree_skb(skb_shared); /* decrease reference count by one */ -+ -+ skb->destructor = &imq_skb_destructor; -+ -+ skb_popd = qdisc_dequeue_skb(q, &validate); -+ -+ /* cloned? */ -+ if (unlikely(skb_orig)) -+ kfree_skb(skb_orig); /* free original */ -+ -+ spin_unlock(root_lock); -+ -+#if 0 -+ /* schedule qdisc dequeue */ -+ __netif_schedule(q); -+#else -+ if (likely(skb_popd)) { -+ /* Note that we validate skb (GSO, checksum, ...) outside of locks */ -+ if (validate) -+ skb_popd = validate_xmit_skb_list(skb_popd, dev); -+ -+ if (skb_popd) { -+ int dummy_ret; -+ int cpu = smp_processor_id(); /* ok because BHs are off */ -+ -+ txq = skb_get_tx_queue(dev, skb_popd); -+ /* -+ IMQ device will not be frozen or stoped, and it always be successful. -+ So we need not check its status and return value to accelerate. -+ */ -+ if (imq_dev_accurate_stats && txq->xmit_lock_owner != cpu) { -+ HARD_TX_LOCK(dev, txq, cpu); -+ if (!netif_xmit_frozen_or_stopped(txq)) { -+ dev_hard_start_xmit(skb_popd, dev, txq, &dummy_ret); -+ } -+ HARD_TX_UNLOCK(dev, txq); -+ } else { -+ if (!netif_xmit_frozen_or_stopped(txq)) { -+ dev_hard_start_xmit(skb_popd, dev, txq, &dummy_ret); -+ } -+ } -+ } -+ } else { -+ /* No ready skb, then schedule it */ -+ __netif_schedule(q); -+ } -+#endif -+ rcu_read_unlock_bh(); -+ retval = 0; -+ goto out; -+ } else { -+ skb_restore_cb(skb_shared); /* restore skb->cb */ -+ skb->nf_queue_entry = NULL; -+ /* -+ * qdisc dropped packet and decreased skb reference count of -+ * skb, so we don't really want to and try refree as that would -+ * actually destroy the skb. -+ */ -+ spin_unlock(root_lock); -+ goto packet_not_eaten_by_imq_dev; -+ } -+ -+packet_not_eaten_by_imq_dev: -+ skb_set_queue_mapping(skb, orig_queue_index); -+ rcu_read_unlock_bh(); -+ -+ /* cloned? restore original */ -+ if (unlikely(skb_orig)) { -+ kfree_skb(skb); -+ entry->skb = skb_orig; -+ } -+ retval = -1; -+out: -+ if (unlikely(to_free)) { -+ kfree_skb_list(to_free); -+ } -+ return retval; -+} -+static unsigned int imq_nf_hook(void *priv, -+ struct sk_buff *skb, -+ const struct nf_hook_state *state) -+{ -+ return (skb->imq_flags & IMQ_F_ENQUEUE) ? NF_IMQ_QUEUE : NF_ACCEPT; -+} -+ -+static int imq_close(struct net_device *dev) -+{ -+ netif_stop_queue(dev); -+ return 0; -+} -+ -+static int imq_open(struct net_device *dev) -+{ -+ netif_start_queue(dev); -+ return 0; -+} -+ -+static struct device_type imq_device_type = { -+ .name = "imq", -+}; -+ -+static const struct net_device_ops imq_netdev_ops = { -+ .ndo_open = imq_open, -+ .ndo_stop = imq_close, -+ .ndo_start_xmit = imq_dev_xmit, -+ .ndo_get_stats = imq_get_stats, -+}; -+ -+static void imq_setup(struct net_device *dev) -+{ -+ dev->netdev_ops = &imq_netdev_ops; -+ dev->type = ARPHRD_VOID; -+ dev->mtu = 16000; /* too small? */ -+ dev->tx_queue_len = 11000; /* too big? */ -+ dev->flags = IFF_NOARP; -+ dev->features = NETIF_F_SG | NETIF_F_FRAGLIST | -+ NETIF_F_GSO | NETIF_F_HW_CSUM | -+ NETIF_F_HIGHDMA; -+ dev->priv_flags &= ~(IFF_XMIT_DST_RELEASE | -+ IFF_TX_SKB_SHARING); -+} -+ -+static int imq_validate(struct nlattr *tb[], struct nlattr *data[], -+ struct netlink_ext_ack *extack) -+{ -+ int ret = 0; -+ -+ if (tb[IFLA_ADDRESS]) { -+ if (nla_len(tb[IFLA_ADDRESS]) != ETH_ALEN) { -+ ret = -EINVAL; -+ goto end; -+ } -+ if (!is_valid_ether_addr(nla_data(tb[IFLA_ADDRESS]))) { -+ ret = -EADDRNOTAVAIL; -+ goto end; -+ } -+ } -+ return 0; -+end: -+ pr_warn("IMQ: imq_validate failed (%d)\n", ret); -+ return ret; -+} -+ -+static struct rtnl_link_ops imq_link_ops __read_mostly = { -+ .kind = "imq", -+ .priv_size = 0, -+ .setup = imq_setup, -+ .validate = imq_validate, -+}; -+ -+static const struct nf_queue_handler imq_nfqh = { -+ .outfn = imq_nf_queue, -+}; -+ -+static int __net_init imq_nf_register(struct net *net) -+{ -+ return nf_register_net_hooks(net, imq_ops, -+ ARRAY_SIZE(imq_ops)); -+}; -+ -+static void __net_exit imq_nf_unregister(struct net *net) -+{ -+ nf_unregister_net_hooks(net, imq_ops, -+ ARRAY_SIZE(imq_ops)); -+}; -+ -+static struct pernet_operations imq_net_ops = { -+ .init = imq_nf_register, -+ .exit = imq_nf_unregister, -+}; -+ -+static int __net_init imq_init_hooks(void) -+{ -+ int ret; -+ nf_register_queue_imq_handler(&imq_nfqh); -+ -+ ret = register_pernet_subsys(&imq_net_ops); -+ if (ret < 0) -+ nf_unregister_queue_imq_handler(); -+ -+ return ret; -+} -+ -+#ifdef CONFIG_LOCKDEP -+ static struct lock_class_key imq_netdev_addr_lock_key; -+ -+ static void __init imq_dev_set_lockdep_one(struct net_device *dev, -+ struct netdev_queue *txq, void *arg) -+ { -+ /* -+ * the IMQ transmit locks can be taken recursively, -+ * for example with one IMQ rule for input- and one for -+ * output network devices in iptables! -+ * until we find a better solution ignore them. -+ */ -+ lockdep_set_novalidate_class(&txq->_xmit_lock); -+ } -+ -+ static void imq_dev_set_lockdep_class(struct net_device *dev) -+ { -+ lockdep_set_class_and_name(&dev->addr_list_lock, -+ &imq_netdev_addr_lock_key, "_xmit_addr_IMQ"); -+ netdev_for_each_tx_queue(dev, imq_dev_set_lockdep_one, NULL); -+} -+#else -+ static inline void imq_dev_set_lockdep_class(struct net_device *dev) -+ { -+ } -+#endif -+ -+static int __init imq_init_one(int index) -+{ -+ struct net_device *dev; -+ int ret; -+ -+ dev = alloc_netdev_mq(0, "imq%d", NET_NAME_UNKNOWN, imq_setup, numqueues); -+ if (!dev) -+ return -ENOMEM; -+ -+ ret = dev_alloc_name(dev, dev->name); -+ if (ret < 0) -+ goto fail; -+ -+ dev->rtnl_link_ops = &imq_link_ops; -+ SET_NETDEV_DEVTYPE(dev, &imq_device_type); -+ ret = register_netdevice(dev); -+ if (ret < 0) -+ goto fail; -+ -+ imq_dev_set_lockdep_class(dev); -+ -+ return 0; -+fail: -+ free_netdev(dev); -+ return ret; -+} -+ -+static int __init imq_init_devs(void) -+{ -+ int err, i; -+ -+ if (numdevs < 1 || numdevs > IMQ_MAX_DEVS) { -+ pr_err("IMQ: numdevs has to be betweed 1 and %u\n", -+ IMQ_MAX_DEVS); -+ return -EINVAL; -+ } -+ -+ if (numqueues < 1 || numqueues > IMQ_MAX_QUEUES) { -+ pr_err("IMQ: numqueues has to be betweed 1 and %u\n", -+ IMQ_MAX_QUEUES); -+ return -EINVAL; -+ } -+ -+ get_random_bytes(&imq_hashrnd, sizeof(imq_hashrnd)); -+ -+ rtnl_lock(); -+ err = __rtnl_link_register(&imq_link_ops); -+ -+ for (i = 0; i < numdevs && !err; i++) -+ err = imq_init_one(i); -+ -+ if (err) { -+ __rtnl_link_unregister(&imq_link_ops); -+ memset(imq_devs_cache, 0, sizeof(imq_devs_cache)); -+ } -+ rtnl_unlock(); -+ -+ return err; -+} -+ -+static int __init imq_init_module(void) -+{ -+ int err; -+ -+#if defined(CONFIG_IMQ_NUM_DEVS) -+ BUILD_BUG_ON(CONFIG_IMQ_NUM_DEVS > 16); -+ BUILD_BUG_ON(CONFIG_IMQ_NUM_DEVS < 2); -+ BUILD_BUG_ON(CONFIG_IMQ_NUM_DEVS - 1 > IMQ_F_IFMASK); -+#endif -+ -+ err = imq_init_devs(); -+ if (err) { -+ pr_err("IMQ: Error trying imq_init_devs(net)\n"); -+ return err; -+ } -+ -+ err = imq_init_hooks(); -+ if (err) { -+ pr_err(KERN_ERR "IMQ: Error trying imq_init_hooks()\n"); -+ rtnl_link_unregister(&imq_link_ops); -+ memset(imq_devs_cache, 0, sizeof(imq_devs_cache)); -+ return err; -+ } -+ -+ pr_info("IMQ driver loaded successfully. (numdevs = %d, numqueues = %d, imq_dev_accurate_stats = %d)\n", -+ numdevs, numqueues, imq_dev_accurate_stats); -+ -+#if defined(CONFIG_IMQ_BEHAVIOR_BA) || defined(CONFIG_IMQ_BEHAVIOR_BB) -+ pr_info("\tHooking IMQ before NAT on PREROUTING.\n"); -+#else -+ pr_info("\tHooking IMQ after NAT on PREROUTING.\n"); -+#endif -+#if defined(CONFIG_IMQ_BEHAVIOR_AB) || defined(CONFIG_IMQ_BEHAVIOR_BB) -+ pr_info("\tHooking IMQ before NAT on POSTROUTING.\n"); -+#else -+ pr_info("\tHooking IMQ after NAT on POSTROUTING.\n"); -+#endif -+ -+ return 0; -+} -+ -+static void __exit imq_unhook(void) -+{ -+ unregister_pernet_subsys(&imq_net_ops); -+ nf_unregister_queue_imq_handler(); -+} -+ -+static void __exit imq_cleanup_devs(void) -+{ -+ rtnl_link_unregister(&imq_link_ops); -+ memset(imq_devs_cache, 0, sizeof(imq_devs_cache)); -+} -+ -+static void __exit imq_exit_module(void) -+{ -+ imq_unhook(); -+ imq_cleanup_devs(); -+ pr_info("IMQ driver unloaded successfully.\n"); -+} -+ -+module_init(imq_init_module); -+module_exit(imq_exit_module); -+ -+module_param(numdevs, int, 0); -+module_param(numqueues, int, 0); -+module_param(imq_dev_accurate_stats, int, 0); -+MODULE_PARM_DESC(numdevs, "number of IMQ devices (how many imq* devices will be created)"); -+MODULE_PARM_DESC(numqueues, "number of queues per IMQ device"); -+MODULE_PARM_DESC(imq_dev_accurate_stats, "Notify if need the accurate imq device stats"); -+ -+MODULE_AUTHOR("https://github.com/imq/linuximq"); -+MODULE_DESCRIPTION("Pseudo-driver for the intermediate queue device. See https://github.com/imq/linuximq/wiki for more information."); -+MODULE_LICENSE("GPL"); -+MODULE_ALIAS_RTNL_LINK("imq"); -diff -Naupr linux-4.14_orig/drivers/net/Kconfig linux-4.14/drivers/net/Kconfig ---- linux-4.14_orig/drivers/net/Kconfig 2017-11-13 01:46:13.000000000 +0700 -+++ linux-4.14/drivers/net/Kconfig 2017-11-13 11:46:45.844089945 +0700 -@@ -277,6 +277,125 @@ config RIONET_RX_SIZE - depends on RIONET - default "128" - -+config IMQ -+ tristate "IMQ (intermediate queueing device) support" -+ depends on NETDEVICES && NETFILTER -+ ---help--- -+ The IMQ device(s) is used as placeholder for QoS queueing -+ disciplines. Every packet entering/leaving the IP stack can be -+ directed through the IMQ device where it's enqueued/dequeued to the -+ attached qdisc. This allows you to treat network devices as classes -+ and distribute bandwidth among them. Iptables is used to specify -+ through which IMQ device, if any, packets travel. -+ -+ More information at: https://github.com/imq/linuximq -+ -+ To compile this driver as a module, choose M here: the module -+ will be called imq. If unsure, say N. -+ -+choice -+ prompt "IMQ behavior (PRE/POSTROUTING)" -+ depends on IMQ -+ default IMQ_BEHAVIOR_AB -+ help -+ This setting defines how IMQ behaves in respect to its -+ hooking in PREROUTING and POSTROUTING. -+ -+ IMQ can work in any of the following ways: -+ -+ PREROUTING | POSTROUTING -+ -----------------|------------------- -+ #1 After NAT | After NAT -+ #2 After NAT | Before NAT -+ #3 Before NAT | After NAT -+ #4 Before NAT | Before NAT -+ -+ The default behavior is to hook before NAT on PREROUTING -+ and after NAT on POSTROUTING (#3). -+ -+ This settings are specially usefull when trying to use IMQ -+ to shape NATed clients. -+ -+ More information can be found at: https://github.com/imq/linuximq -+ -+ If not sure leave the default settings alone. -+ -+config IMQ_BEHAVIOR_AA -+ bool "IMQ AA" -+ help -+ This setting defines how IMQ behaves in respect to its -+ hooking in PREROUTING and POSTROUTING. -+ -+ Choosing this option will make IMQ hook like this: -+ -+ PREROUTING: After NAT -+ POSTROUTING: After NAT -+ -+ More information can be found at: https://github.com/imq/linuximq -+ -+ If not sure leave the default settings alone. -+ -+config IMQ_BEHAVIOR_AB -+ bool "IMQ AB" -+ help -+ This setting defines how IMQ behaves in respect to its -+ hooking in PREROUTING and POSTROUTING. -+ -+ Choosing this option will make IMQ hook like this: -+ -+ PREROUTING: After NAT -+ POSTROUTING: Before NAT -+ -+ More information can be found at: https://github.com/imq/linuximq -+ -+ If not sure leave the default settings alone. -+ -+config IMQ_BEHAVIOR_BA -+ bool "IMQ BA" -+ help -+ This setting defines how IMQ behaves in respect to its -+ hooking in PREROUTING and POSTROUTING. -+ -+ Choosing this option will make IMQ hook like this: -+ -+ PREROUTING: Before NAT -+ POSTROUTING: After NAT -+ -+ More information can be found at: https://github.com/imq/linuximq -+ -+ If not sure leave the default settings alone. -+ -+config IMQ_BEHAVIOR_BB -+ bool "IMQ BB" -+ help -+ This setting defines how IMQ behaves in respect to its -+ hooking in PREROUTING and POSTROUTING. -+ -+ Choosing this option will make IMQ hook like this: -+ -+ PREROUTING: Before NAT -+ POSTROUTING: Before NAT -+ -+ More information can be found at: https://github.com/imq/linuximq -+ -+ If not sure leave the default settings alone. -+ -+endchoice -+ -+config IMQ_NUM_DEVS -+ int "Number of IMQ devices" -+ range 2 16 -+ depends on IMQ -+ default "16" -+ help -+ This setting defines how many IMQ devices will be created. -+ -+ The default value is 16. -+ -+ More information can be found at: https://github.com/imq/linuximq -+ -+ If not sure leave the default settings alone. -+ - config TUN - tristate "Universal TUN/TAP device driver support" - depends on INET -diff -Naupr linux-4.14_orig/drivers/net/Makefile linux-4.14/drivers/net/Makefile ---- linux-4.14_orig/drivers/net/Makefile 2017-11-13 01:46:13.000000000 +0700 -+++ linux-4.14/drivers/net/Makefile 2017-11-13 11:46:45.844089945 +0700 -@@ -13,6 +13,7 @@ obj-$(CONFIG_DUMMY) += dummy.o - obj-$(CONFIG_EQUALIZER) += eql.o - obj-$(CONFIG_IFB) += ifb.o - obj-$(CONFIG_MACSEC) += macsec.o -+obj-$(CONFIG_IMQ) += imq.o - obj-$(CONFIG_MACVLAN) += macvlan.o - obj-$(CONFIG_MACVTAP) += macvtap.o - obj-$(CONFIG_MII) += mii.o -diff -Naupr linux-4.14_orig/include/linux/imq.h linux-4.14/include/linux/imq.h ---- linux-4.14_orig/include/linux/imq.h 1970-01-01 07:00:00.000000000 +0700 -+++ linux-4.14/include/linux/imq.h 2017-11-13 11:46:45.844089945 +0700 -@@ -0,0 +1,13 @@ -+#ifndef _IMQ_H -+#define _IMQ_H -+ -+/* IFMASK (16 device indexes, 0 to 15) and flag(s) fit in 5 bits */ -+#define IMQ_F_BITS 5 -+ -+#define IMQ_F_IFMASK 0x0f -+#define IMQ_F_ENQUEUE 0x10 -+ -+#define IMQ_MAX_DEVS (IMQ_F_IFMASK + 1) -+ -+#endif /* _IMQ_H */ -+ -diff -Naupr linux-4.14_orig/include/linux/netdevice.h linux-4.14/include/linux/netdevice.h ---- linux-4.14_orig/include/linux/netdevice.h 2017-11-13 01:46:13.000000000 +0700 -+++ linux-4.14/include/linux/netdevice.h 2017-11-13 11:46:45.844089945 +0700 -@@ -1771,6 +1771,11 @@ struct net_device { - /* - * Cache lines mostly used on receive path (including eth_type_trans()) - */ -+ -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ unsigned long last_rx; -+#endif -+ - /* Interface address info used in eth_type_trans() */ - unsigned char *dev_addr; - -@@ -3631,6 +3636,19 @@ static inline void netif_tx_unlock_bh(st - } \ - } - -+#define HARD_TX_LOCK_BH(dev, txq) { \ -+ if ((dev->features & NETIF_F_LLTX) == 0) { \ -+ __netif_tx_lock_bh(txq); \ -+ } \ -+} -+ -+#define HARD_TX_UNLOCK_BH(dev, txq) { \ -+ if ((dev->features & NETIF_F_LLTX) == 0) { \ -+ __netif_tx_unlock_bh(txq); \ -+ } \ -+} -+ -+ - static inline void netif_tx_disable(struct net_device *dev) - { - unsigned int i; -diff -Naupr linux-4.14_orig/include/linux/netfilter/xt_IMQ.h linux-4.14/include/linux/netfilter/xt_IMQ.h ---- linux-4.14_orig/include/linux/netfilter/xt_IMQ.h 1970-01-01 07:00:00.000000000 +0700 -+++ linux-4.14/include/linux/netfilter/xt_IMQ.h 2017-11-13 11:46:45.847423298 +0700 -@@ -0,0 +1,9 @@ -+#ifndef _XT_IMQ_H -+#define _XT_IMQ_H -+ -+struct xt_imq_info { -+ unsigned int todev; /* target imq device */ -+}; -+ -+#endif /* _XT_IMQ_H */ -+ -diff -Naupr linux-4.14_orig/include/linux/netfilter_ipv4/ipt_IMQ.h linux-4.14/include/linux/netfilter_ipv4/ipt_IMQ.h ---- linux-4.14_orig/include/linux/netfilter_ipv4/ipt_IMQ.h 1970-01-01 07:00:00.000000000 +0700 -+++ linux-4.14/include/linux/netfilter_ipv4/ipt_IMQ.h 2017-11-13 11:46:45.847423298 +0700 -@@ -0,0 +1,10 @@ -+#ifndef _IPT_IMQ_H -+#define _IPT_IMQ_H -+ -+/* Backwards compatibility for old userspace */ -+#include -+ -+#define ipt_imq_info xt_imq_info -+ -+#endif /* _IPT_IMQ_H */ -+ -diff -Naupr linux-4.14_orig/include/linux/netfilter_ipv6/ip6t_IMQ.h linux-4.14/include/linux/netfilter_ipv6/ip6t_IMQ.h ---- linux-4.14_orig/include/linux/netfilter_ipv6/ip6t_IMQ.h 1970-01-01 07:00:00.000000000 +0700 -+++ linux-4.14/include/linux/netfilter_ipv6/ip6t_IMQ.h 2017-11-13 11:46:45.847423298 +0700 -@@ -0,0 +1,10 @@ -+#ifndef _IP6T_IMQ_H -+#define _IP6T_IMQ_H -+ -+/* Backwards compatibility for old userspace */ -+#include -+ -+#define ip6t_imq_info xt_imq_info -+ -+#endif /* _IP6T_IMQ_H */ -+ -diff -Naupr linux-4.14_orig/include/linux/skbuff.h linux-4.14/include/linux/skbuff.h ---- linux-4.14_orig/include/linux/skbuff.h 2017-11-13 01:46:13.000000000 +0700 -+++ linux-4.14/include/linux/skbuff.h 2017-11-13 11:46:45.847423298 +0700 -@@ -41,6 +41,10 @@ - #include - #include - #include -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+#include -+#endif -+ - - /* The interface for checksum offload between the stack and networking drivers - * is as follows... -@@ -581,7 +585,7 @@ typedef unsigned int sk_buff_data_t; - typedef unsigned char *sk_buff_data_t; - #endif - --/** -+/** - * struct sk_buff - socket buffer - * @next: Next buffer in list - * @prev: Previous buffer in list -@@ -684,6 +688,9 @@ struct sk_buff { - * first. This is owned by whoever has the skb queued ATM. - */ - char cb[48] __aligned(8); -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ void *cb_next; -+#endif - - unsigned long _skb_refdst; - void (*destructor)(struct sk_buff *skb); -@@ -693,6 +700,9 @@ struct sk_buff { - #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) - unsigned long _nfct; - #endif -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ struct nf_queue_entry *nf_queue_entry; -+#endif - #if IS_ENABLED(CONFIG_BRIDGE_NETFILTER) - struct nf_bridge_info *nf_bridge; - #endif -@@ -772,6 +782,9 @@ struct sk_buff { - #ifdef CONFIG_NET_SWITCHDEV - __u8 offload_fwd_mark:1; - #endif -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ __u8 imq_flags:IMQ_F_BITS; -+#endif - #ifdef CONFIG_NET_CLS_ACT - __u8 tc_skip_classify:1; - __u8 tc_at_ingress:1; -@@ -870,7 +883,7 @@ static inline bool skb_pfmemalloc(const - */ - static inline struct dst_entry *skb_dst(const struct sk_buff *skb) - { -- /* If refdst was not refcounted, check we still are in a -+ /* If refdst was not refcounted, check we still are in a - * rcu_read_lock section - */ - WARN_ON((skb->_skb_refdst & SKB_DST_NOREF) && -@@ -960,6 +973,12 @@ void skb_tx_error(struct sk_buff *skb); - void consume_skb(struct sk_buff *skb); - void __consume_stateless_skb(struct sk_buff *skb); - void __kfree_skb(struct sk_buff *skb); -+ -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+int skb_save_cb(struct sk_buff *skb); -+int skb_restore_cb(struct sk_buff *skb); -+#endif -+ - extern struct kmem_cache *skbuff_head_cache; - - void kfree_skb_partial(struct sk_buff *skb, bool head_stolen); -@@ -3785,8 +3804,12 @@ static inline void __nf_copy(struct sk_b - dst->_nfct = src->_nfct; - nf_conntrack_get(skb_nfct(src)); - #endif -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ dst->imq_flags = src->imq_flags; -+ dst->nf_queue_entry = src->nf_queue_entry; -+#endif - #if IS_ENABLED(CONFIG_BRIDGE_NETFILTER) -- dst->nf_bridge = src->nf_bridge; -+ dst->nf_bridge = src->nf_bridge; - nf_bridge_get(src->nf_bridge); - #endif - #if IS_ENABLED(CONFIG_NETFILTER_XT_TARGET_TRACE) || defined(CONFIG_NF_TABLES) -diff -Naupr linux-4.14_orig/include/net/netfilter/nf_queue.h linux-4.14/include/net/netfilter/nf_queue.h ---- linux-4.14_orig/include/net/netfilter/nf_queue.h 2017-11-13 01:46:13.000000000 +0700 -+++ linux-4.14/include/net/netfilter/nf_queue.h 2017-11-13 11:46:45.847423298 +0700 -@@ -31,6 +31,12 @@ struct nf_queue_handler { - void nf_register_queue_handler(struct net *net, const struct nf_queue_handler *qh); - void nf_unregister_queue_handler(struct net *net); - void nf_reinject(struct nf_queue_entry *entry, unsigned int verdict); -+void nf_queue_entry_release_refs(struct nf_queue_entry *entry); -+ -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+void nf_register_queue_imq_handler(const struct nf_queue_handler *qh); -+void nf_unregister_queue_imq_handler(void); -+#endif - - void nf_queue_entry_get_refs(struct nf_queue_entry *entry); - void nf_queue_entry_release_refs(struct nf_queue_entry *entry); -diff -Naupr linux-4.14_orig/include/net/pkt_sched.h linux-4.14/include/net/pkt_sched.h ---- linux-4.14_orig/include/net/pkt_sched.h 2017-11-13 01:46:13.000000000 +0700 -+++ linux-4.14/include/net/pkt_sched.h 2017-11-13 11:46:45.850756651 +0700 -@@ -109,6 +109,8 @@ int sch_direct_xmit(struct sk_buff *skb, - - void __qdisc_run(struct Qdisc *q); - -+struct sk_buff *qdisc_dequeue_skb(struct Qdisc *q, bool *validate); -+ - static inline void qdisc_run(struct Qdisc *q) - { - if (qdisc_run_begin(q)) -diff -Naupr linux-4.14_orig/include/net/sch_generic.h linux-4.14/include/net/sch_generic.h ---- linux-4.14_orig/include/net/sch_generic.h 2017-11-13 01:46:13.000000000 +0700 -+++ linux-4.14/include/net/sch_generic.h 2017-11-13 11:46:45.850756651 +0700 -@@ -567,6 +567,13 @@ static inline int qdisc_enqueue(struct s - return sch->enqueue(skb, sch, to_free); - } - -+static inline int qdisc_enqueue_root(struct sk_buff *skb, struct Qdisc *sch, -+ struct sk_buff **to_free) -+{ -+ qdisc_skb_cb(skb)->pkt_len = skb->len; -+ return qdisc_enqueue(skb, sch, to_free) & NET_XMIT_MASK; -+} -+ - static inline bool qdisc_is_percpu_stats(const struct Qdisc *q) - { - return q->flags & TCQ_F_CPUSTATS; -diff -Naupr linux-4.14_orig/include/uapi/linux/netfilter.h linux-4.14/include/uapi/linux/netfilter.h ---- linux-4.14_orig/include/uapi/linux/netfilter.h 2017-11-13 01:46:13.000000000 +0700 -+++ linux-4.14/include/uapi/linux/netfilter.h 2017-11-13 11:46:45.850756651 +0700 -@@ -14,7 +14,8 @@ - #define NF_QUEUE 3 - #define NF_REPEAT 4 - #define NF_STOP 5 /* Deprecated, for userspace nf_queue compatibility. */ --#define NF_MAX_VERDICT NF_STOP -+#define NF_IMQ_QUEUE 6 -+#define NF_MAX_VERDICT NF_IMQ_QUEUE - - /* we overload the higher bits for encoding auxiliary data such as the queue - * number or errno values. Not nice, but better than additional function -diff -Naupr linux-4.14_orig/net/core/dev.c linux-4.14/net/core/dev.c ---- linux-4.14_orig/net/core/dev.c 2017-11-13 01:46:13.000000000 +0700 -+++ linux-4.14/net/core/dev.c 2017-11-13 11:46:45.854090004 +0700 -@@ -143,6 +143,9 @@ - #include - #include - #include -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+#include -+#endif - #include - #include - -@@ -2971,7 +2974,12 @@ static int xmit_one(struct sk_buff *skb, - unsigned int len; - int rc; - -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ if ((!list_empty(&ptype_all) || !list_empty(&dev->ptype_all)) && -+ !(skb->imq_flags & IMQ_F_ENQUEUE)) -+#else - if (!list_empty(&ptype_all) || !list_empty(&dev->ptype_all)) -+#endif - dev_queue_xmit_nit(skb, dev); - - len = skb->len; -@@ -3010,6 +3018,8 @@ out: - return skb; - } - -+EXPORT_SYMBOL_GPL(dev_hard_start_xmit); -+ - static struct sk_buff *validate_xmit_vlan(struct sk_buff *skb, - netdev_features_t features) - { -diff -Naupr linux-4.14_orig/net/core/skbuff.c linux-4.14/net/core/skbuff.c ---- linux-4.14_orig/net/core/skbuff.c 2017-11-13 01:46:13.000000000 +0700 -+++ linux-4.14/net/core/skbuff.c 2017-11-13 11:46:45.854090004 +0700 -@@ -82,6 +82,87 @@ struct kmem_cache *skbuff_head_cache __r - static struct kmem_cache *skbuff_fclone_cache __read_mostly; - int sysctl_max_skb_frags __read_mostly = MAX_SKB_FRAGS; - EXPORT_SYMBOL(sysctl_max_skb_frags); -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+static struct kmem_cache *skbuff_cb_store_cache __read_mostly; -+#endif -+ -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+/* Control buffer save/restore for IMQ devices */ -+struct skb_cb_table { -+ char cb[48] __aligned(8); -+ void *cb_next; -+ atomic_t refcnt; -+}; -+ -+static DEFINE_SPINLOCK(skb_cb_store_lock); -+ -+int skb_save_cb(struct sk_buff *skb) -+{ -+ struct skb_cb_table *next; -+ -+ next = kmem_cache_alloc(skbuff_cb_store_cache, GFP_ATOMIC); -+ if (!next) -+ return -ENOMEM; -+ -+ BUILD_BUG_ON(sizeof(skb->cb) != sizeof(next->cb)); -+ -+ memcpy(next->cb, skb->cb, sizeof(skb->cb)); -+ next->cb_next = skb->cb_next; -+ -+ atomic_set(&next->refcnt, 1); -+ -+ skb->cb_next = next; -+ return 0; -+} -+EXPORT_SYMBOL(skb_save_cb); -+ -+int skb_restore_cb(struct sk_buff *skb) -+{ -+ struct skb_cb_table *next; -+ -+ if (!skb->cb_next) -+ return 0; -+ -+ next = skb->cb_next; -+ -+ BUILD_BUG_ON(sizeof(skb->cb) != sizeof(next->cb)); -+ -+ memcpy(skb->cb, next->cb, sizeof(skb->cb)); -+ skb->cb_next = next->cb_next; -+ -+ spin_lock(&skb_cb_store_lock); -+ -+ if (atomic_dec_and_test(&next->refcnt)) -+ kmem_cache_free(skbuff_cb_store_cache, next); -+ -+ spin_unlock(&skb_cb_store_lock); -+ -+ return 0; -+} -+EXPORT_SYMBOL(skb_restore_cb); -+ -+static void skb_copy_stored_cb(struct sk_buff * , const struct sk_buff * ) __attribute__ ((unused)); -+static void skb_copy_stored_cb(struct sk_buff *new, const struct sk_buff *__old) -+{ -+ struct skb_cb_table *next; -+ struct sk_buff *old; -+ -+ if (!__old->cb_next) { -+ new->cb_next = NULL; -+ return; -+ } -+ -+ spin_lock(&skb_cb_store_lock); -+ -+ old = (struct sk_buff *)__old; -+ -+ next = old->cb_next; -+ atomic_inc(&next->refcnt); -+ new->cb_next = next; -+ -+ spin_unlock(&skb_cb_store_lock); -+} -+#endif - - /** - * skb_panic - private function for out-of-line support -@@ -615,6 +696,28 @@ void skb_release_head_state(struct sk_bu - WARN_ON(in_irq()); - skb->destructor(skb); - } -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ /* -+ * This should not happen. When it does, avoid memleak by restoring -+ * the chain of cb-backups. -+ */ -+ while (skb->cb_next != NULL) { -+ if (net_ratelimit()) -+ pr_warn("IMQ: kfree_skb: skb->cb_next: %08x\n", -+ (unsigned int)(uintptr_t)skb->cb_next); -+ -+ skb_restore_cb(skb); -+ } -+ /* -+ * This should not happen either, nf_queue_entry is nullified in -+ * imq_dev_xmit(). If we have non-NULL nf_queue_entry then we are -+ * leaking entry pointers, maybe memory. We don't know if this is -+ * pointer to already freed memory, or should this be freed. -+ * If this happens we need to add refcounting, etc for nf_queue_entry. -+ */ -+ if (skb->nf_queue_entry && net_ratelimit()) -+ pr_warn("%s\n", "IMQ: kfree_skb: skb->nf_queue_entry != NULL"); -+#endif - #if IS_ENABLED(CONFIG_NF_CONNTRACK) - nf_conntrack_put(skb_nfct(skb)); - #endif -@@ -804,6 +907,10 @@ static void __copy_skb_header(struct sk_ - new->sp = secpath_get(old->sp); - #endif - __nf_copy(new, old, false); -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ new->cb_next = NULL; -+ /*skb_copy_stored_cb(new, old);*/ -+#endif - - /* Note : this field could be in headers_start/headers_end section - * It is not yet because we do not want to have a 16 bit hole -@@ -3902,6 +4009,13 @@ void __init skb_init(void) - 0, - SLAB_HWCACHE_ALIGN|SLAB_PANIC, - NULL); -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ skbuff_cb_store_cache = kmem_cache_create("skbuff_cb_store_cache", -+ sizeof(struct skb_cb_table), -+ 0, -+ SLAB_HWCACHE_ALIGN|SLAB_PANIC, -+ NULL); -+#endif - } - - static int -diff -Naupr linux-4.14_orig/net/netfilter/core.c linux-4.14/net/netfilter/core.c ---- linux-4.14_orig/net/netfilter/core.c 2017-11-13 01:46:13.000000000 +0700 -+++ linux-4.14/net/netfilter/core.c 2017-11-13 14:16:05.896850774 +0700 -@@ -474,6 +474,11 @@ int nf_hook_slow(struct sk_buff *skb, st - if (ret == 0) - ret = -EPERM; - return ret; -+ case NF_IMQ_QUEUE: -+ ret = nf_queue(skb, state, e, s, verdict); -+ if (ret == -ECANCELED) -+ continue; -+ return ret; - case NF_QUEUE: - ret = nf_queue(skb, state, e, s, verdict); - if (ret == 1) -diff -Naupr linux-4.14_orig/net/netfilter/Kconfig linux-4.14/net/netfilter/Kconfig ---- linux-4.14_orig/net/netfilter/Kconfig 2017-11-13 01:46:13.000000000 +0700 -+++ linux-4.14/net/netfilter/Kconfig 2017-11-13 11:46:45.857423358 +0700 -@@ -867,6 +867,18 @@ config NETFILTER_XT_TARGET_LOG - - To compile it as a module, choose M here. If unsure, say N. - -+config NETFILTER_XT_TARGET_IMQ -+ tristate '"IMQ" target support' -+ depends on NETFILTER_XTABLES -+ depends on IP_NF_MANGLE || IP6_NF_MANGLE -+ select IMQ -+ default m if NETFILTER_ADVANCED=n -+ help -+ This option adds a `IMQ' target which is used to specify if and -+ to which imq device packets should get enqueued/dequeued. -+ -+ To compile it as a module, choose M here. If unsure, say N. -+ - config NETFILTER_XT_TARGET_MARK - tristate '"MARK" target support' - depends on NETFILTER_ADVANCED -diff -Naupr linux-4.14_orig/net/netfilter/Makefile linux-4.14/net/netfilter/Makefile ---- linux-4.14_orig/net/netfilter/Makefile 2017-11-13 01:46:13.000000000 +0700 -+++ linux-4.14/net/netfilter/Makefile 2017-11-13 11:46:45.857423358 +0700 -@@ -125,6 +125,7 @@ obj-$(CONFIG_NETFILTER_XT_TARGET_CT) += - obj-$(CONFIG_NETFILTER_XT_TARGET_DSCP) += xt_DSCP.o - obj-$(CONFIG_NETFILTER_XT_TARGET_HL) += xt_HL.o - obj-$(CONFIG_NETFILTER_XT_TARGET_HMARK) += xt_HMARK.o -+obj-$(CONFIG_NETFILTER_XT_TARGET_IMQ) += xt_IMQ.o - obj-$(CONFIG_NETFILTER_XT_TARGET_LED) += xt_LED.o - obj-$(CONFIG_NETFILTER_XT_TARGET_LOG) += xt_LOG.o - obj-$(CONFIG_NETFILTER_XT_TARGET_NETMAP) += xt_NETMAP.o -diff -Naupr linux-4.14_orig/net/netfilter/nf_queue.c linux-4.14/net/netfilter/nf_queue.c ---- linux-4.14_orig/net/netfilter/nf_queue.c 2017-11-13 01:46:13.000000000 +0700 -+++ linux-4.14/net/netfilter/nf_queue.c 2017-11-13 14:25:21.436864671 +0700 -@@ -1,4 +1,4 @@ --/* -+ /* - * Rusty Russell (C)2000 -- This code is GPL. - * Patrick McHardy (c) 2006-2012 - */ -@@ -27,6 +27,23 @@ - * receives, no matter what. - */ - -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+static const struct nf_queue_handler __rcu *queue_imq_handler __read_mostly; -+ -+void nf_register_queue_imq_handler(const struct nf_queue_handler *qh) -+{ -+ rcu_assign_pointer(queue_imq_handler, qh); -+} -+EXPORT_SYMBOL_GPL(nf_register_queue_imq_handler); -+ -+void nf_unregister_queue_imq_handler(void) -+{ -+ RCU_INIT_POINTER(queue_imq_handler, NULL); -+ synchronize_rcu(); -+} -+EXPORT_SYMBOL_GPL(nf_unregister_queue_imq_handler); -+#endif -+ - /* return EBUSY when somebody else is registered, return EEXIST if the - * same handler is registered, return 0 in case of success. */ - void nf_register_queue_handler(struct net *net, const struct nf_queue_handler *qh) -@@ -113,16 +130,29 @@ EXPORT_SYMBOL_GPL(nf_queue_nf_hook_drop) - - static int __nf_queue(struct sk_buff *skb, const struct nf_hook_state *state, - const struct nf_hook_entries *entries, -- unsigned int index, unsigned int queuenum) -+ unsigned int index, unsigned int verdict) - { - int status = -ENOENT; - struct nf_queue_entry *entry = NULL; - const struct nf_afinfo *afinfo; - const struct nf_queue_handler *qh; - struct net *net = state->net; -+ unsigned int queuetype = verdict & NF_VERDICT_MASK; -+ unsigned int queuenum = verdict >> NF_VERDICT_QBITS; - - /* QUEUE == DROP if no one is waiting, to be safe. */ -- qh = rcu_dereference(net->nf.queue_handler); -+ -+ if (queuetype == NF_IMQ_QUEUE) { -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ qh = rcu_dereference(queue_imq_handler); -+#else -+ BUG(); -+ goto err_unlock; -+#endif -+ } else { -+ qh = rcu_dereference(net->nf.queue_handler); -+ } -+ - if (!qh) { - status = -ESRCH; - goto err; -@@ -169,8 +199,16 @@ int nf_queue(struct sk_buff *skb, struct - { - int ret; - -- ret = __nf_queue(skb, state, entries, index, verdict >> NF_VERDICT_QBITS); -+ ret = __nf_queue(skb, state, entries, index, verdict); - if (ret < 0) { -+ -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ /* IMQ Bypass */ -+ if (ret == -ECANCELED && skb->imq_flags == 0) { -+ return 1; -+ } -+#endif -+ - if (ret == -ESRCH && - (verdict & NF_VERDICT_FLAG_QUEUE_BYPASS)) - return 1; -@@ -256,6 +294,7 @@ next_hook: - local_bh_enable(); - break; - case NF_QUEUE: -+ case NF_IMQ_QUEUE: - err = nf_queue(skb, &entry->state, hooks, i, verdict); - if (err == 1) - goto next_hook; -diff -Naupr linux-4.14_orig/net/netfilter/xt_IMQ.c linux-4.14/net/netfilter/xt_IMQ.c ---- linux-4.14_orig/net/netfilter/xt_IMQ.c 1970-01-01 07:00:00.000000000 +0700 -+++ linux-4.14/net/netfilter/xt_IMQ.c 2017-11-13 11:46:45.857423358 +0700 -@@ -0,0 +1,72 @@ -+/* -+ * This target marks packets to be enqueued to an imq device -+ */ -+#include -+#include -+#include -+#include -+#include -+ -+static unsigned int imq_target(struct sk_buff *pskb, -+ const struct xt_action_param *par) -+{ -+ const struct xt_imq_info *mr = par->targinfo; -+ -+ pskb->imq_flags = (mr->todev & IMQ_F_IFMASK) | IMQ_F_ENQUEUE; -+ -+ return XT_CONTINUE; -+} -+ -+static int imq_checkentry(const struct xt_tgchk_param *par) -+{ -+ struct xt_imq_info *mr = par->targinfo; -+ -+ if (mr->todev > IMQ_MAX_DEVS - 1) { -+ pr_warn("IMQ: invalid device specified, highest is %u\n", -+ IMQ_MAX_DEVS - 1); -+ return -EINVAL; -+ } -+ -+ return 0; -+} -+ -+static struct xt_target xt_imq_reg[] __read_mostly = { -+ { -+ .name = "IMQ", -+ .family = AF_INET, -+ .checkentry = imq_checkentry, -+ .target = imq_target, -+ .targetsize = sizeof(struct xt_imq_info), -+ .table = "mangle", -+ .me = THIS_MODULE -+ }, -+ { -+ .name = "IMQ", -+ .family = AF_INET6, -+ .checkentry = imq_checkentry, -+ .target = imq_target, -+ .targetsize = sizeof(struct xt_imq_info), -+ .table = "mangle", -+ .me = THIS_MODULE -+ }, -+}; -+ -+static int __init imq_init(void) -+{ -+ return xt_register_targets(xt_imq_reg, ARRAY_SIZE(xt_imq_reg)); -+} -+ -+static void __exit imq_fini(void) -+{ -+ xt_unregister_targets(xt_imq_reg, ARRAY_SIZE(xt_imq_reg)); -+} -+ -+module_init(imq_init); -+module_exit(imq_fini); -+ -+MODULE_AUTHOR("https://github.com/imq/linuximq"); -+MODULE_DESCRIPTION("Pseudo-driver for the intermediate queue device. See https://github.com/imq/linuximq/wiki for more information."); -+MODULE_LICENSE("GPL"); -+MODULE_ALIAS("ipt_IMQ"); -+MODULE_ALIAS("ip6t_IMQ"); -+ -diff -Naupr linux-4.14_orig/net/sched/sch_generic.c linux-4.14/net/sched/sch_generic.c ---- linux-4.14_orig/net/sched/sch_generic.c 2017-11-13 01:46:13.000000000 +0700 -+++ linux-4.14/net/sched/sch_generic.c 2017-11-13 11:46:45.857423358 +0700 -@@ -158,6 +158,14 @@ trace: - return skb; - } - -+struct sk_buff *qdisc_dequeue_skb(struct Qdisc *q, bool *validate) -+{ -+ int packets; -+ -+ return dequeue_skb(q, validate, &packets); -+} -+EXPORT_SYMBOL(qdisc_dequeue_skb); -+ - /* - * Transmit possibly several skbs, and handle the return status as - * required. Owning running seqcount bit guarantees that From patchwork Mon Oct 14 16:46:20 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Tremer X-Patchwork-Id: 2511 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 46sPbV2F55z42j9 for ; Mon, 14 Oct 2019 16:46:46 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail02.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 46sPbM5G9Yz3Tr; Mon, 14 Oct 2019 16:46:39 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 46sPbM4BMTz2yjw; Mon, 14 Oct 2019 16:46:39 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 46sPbG26hMz2yfS for ; Mon, 14 Oct 2019 16:46:34 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPSA id 46sPbG1DC8z2lQ; Mon, 14 Oct 2019 16:46:34 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=201909ed25519; t=1571071594; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=aF4sOGHE6sDpRb1gjonMap8pTF+CScVdcDpAIi47G5w=; b=lW0v3E5sI0B/Hl3ihLrw+ghCWxHOvysw4Y3QbDSfBwI/j8DNzNdl1NHwaJRMeNpAsuId6E E7PFeIhL2pwPuZAg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=201909rsa; t=1571071594; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=aF4sOGHE6sDpRb1gjonMap8pTF+CScVdcDpAIi47G5w=; b=XZZeH0lh5RZXG/QlD2b7ubaXZf51ICKEuNJbnI4OydHNW+aG5V95qJvrVVvOAYQ2Ilrz7w TEUnbjZiIyZV/CTJcx6c16goPWgyZdwnj+833X/FTDGxeMYyOOUuuWvRCgDmMPUuC3WZ+J 3sjN5xV7BI94FhVpetfjSs44l4U3WgA5iByMP8/AIdp3xcoKzJOqWgmW5MkptQGCQtwdtD 1lGbbjr8D11k8UK6yffIkbZOcd9NtfOnFCHq3t0Gm092mtNEy1N00yyNDCyoO+EsjwiRNq q7XFkajCg4L2poGIrQYXULidJ4L8FlOiMR+gIRkrIGiW6KUm+lJXNNlzO66MUA== From: Michael Tremer To: development@lists.ipfire.org Subject: [PATCH 10/17] QoS: Suppress an error message when cleaning up from previous runs Date: Mon, 14 Oct 2019 16:46:20 +0000 Message-Id: <20191014164627.18516-10-michael.tremer@ipfire.org> In-Reply-To: <20191014164627.18516-1-michael.tremer@ipfire.org> References: <20191014164627.18516-1-michael.tremer@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Michael Tremer Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Signed-off-by: Michael Tremer --- config/qos/makeqosscripts.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/qos/makeqosscripts.pl b/config/qos/makeqosscripts.pl index 386a6bffe..f2c969371 100644 --- a/config/qos/makeqosscripts.pl +++ b/config/qos/makeqosscripts.pl @@ -405,7 +405,7 @@ print </dev/null 2>&1 tc qdisc add dev $qossettings{'RED_DEV'} handle ffff: ingress ### BRING UP $qossettings{'IMQ_DEV'} From patchwork Mon Oct 14 16:46:21 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Tremer X-Patchwork-Id: 2512 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 46sPbV3dTsz42jH for ; Mon, 14 Oct 2019 16:46:46 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail02.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 46sPbN0rmyz3V1; Mon, 14 Oct 2019 16:46:40 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 46sPbM6ZWsz2y4F; Mon, 14 Oct 2019 16:46:39 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 46sPbG2wz6z2yjb for ; Mon, 14 Oct 2019 16:46:34 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPSA id 46sPbG1w5Gz2Nq; Mon, 14 Oct 2019 16:46:34 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=201909ed25519; t=1571071594; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Asz8j31umxaGmXFUHHB85pIK9YKZq+OuocpYDEJ/dEc=; b=LeaDFuEz2C8VG6co4BV17zmaqL2DRI4QLhqah7wTVHFGDBdxanDy95iPw00Wc4m9PBA5JQ KHoaBqetSMwuDrAA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=201909rsa; t=1571071594; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Asz8j31umxaGmXFUHHB85pIK9YKZq+OuocpYDEJ/dEc=; b=azV69vl1I7NcIj/1+1JOYicBmLkuUVW7rOuFlZDHnycMcJ2MLNPZveJkNgp5knxCqLecxp QAai3h+x3rXgHEUJAhOL/aR1i6P7q0ovfM1EL0hkSh/WHru9d2SIp9dxzaDQCXXbXVyD8Q 41U3Vv0q/qEHBVnOYpYbwDc747NtuUl0k+1ejAj5tAq1kZUtjMa0GVhIYQPLTvZKCXTO4m hNSEe+uYZ77j24WgZ5Jds8hSjQhxqR+aAB84mDP/WZCw0LCDzDNsLbID1C5o1EwUzdFzu5 XMPM/a9AhSTZJJXVg9Ui8BQY4g8RBfhwNPoxniF6irowsGhrzW7ZcAkFTmoNOw== From: Michael Tremer To: development@lists.ipfire.org Subject: [PATCH 11/17] QoS: Move packet classification to FORWARD chain for ingress Date: Mon, 14 Oct 2019 16:46:21 +0000 Message-Id: <20191014164627.18516-11-michael.tremer@ipfire.org> In-Reply-To: <20191014164627.18516-1-michael.tremer@ipfire.org> References: <20191014164627.18516-1-michael.tremer@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Michael Tremer Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Signed-off-by: Michael Tremer --- config/qos/makeqosscripts.pl | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/config/qos/makeqosscripts.pl b/config/qos/makeqosscripts.pl index f2c969371..1d6930baa 100644 --- a/config/qos/makeqosscripts.pl +++ b/config/qos/makeqosscripts.pl @@ -251,9 +251,6 @@ foreach $subclassentry (sort @subclasses) { } print </dev/null 2>&1 iptables -t mangle --delete POSTROUTING -o $qossettings{'RED_DEV'} -j QOS-OUT >/dev/null 2>&1 iptables -t mangle --delete POSTROUTING -o $qossettings{'RED_DEV'} -j QOS-TOS >/dev/null 2>&1 - iptables -t mangle --delete PREROUTING -i $qossettings{'RED_DEV'} -j QOS-INC >/dev/null 2>&1 - iptables -t mangle --delete PREROUTING -i $qossettings{'RED_DEV'} -j QOS-TOS >/dev/null 2>&1 + iptables -t mangle --delete FORWARD -i $qossettings{'RED_DEV'} -j QOS-INC >/dev/null 2>&1 + iptables -t mangle --delete FORWARD -i $qossettings{'RED_DEV'} -j QOS-TOS >/dev/null 2>&1 iptables -t mangle --flush QOS-OUT >/dev/null 2>&1 iptables -t mangle --delete-chain QOS-OUT >/dev/null 2>&1 iptables -t mangle --flush QOS-INC >/dev/null 2>&1 iptables -t mangle --delete-chain QOS-INC >/dev/null 2>&1 iptables -t mangle --flush QOS-TOS >/dev/null 2>&1 iptables -t mangle --delete-chain QOS-TOS >/dev/null 2>&1 - # remove l7-filter - iptables -t mangle --delete PREROUTING -m layer7 --l7proto unset rmmod sch_htb >/dev/null 2>&1 From patchwork Mon Oct 14 16:46:22 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Tremer X-Patchwork-Id: 2513 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 46sPbW3n2rz42jJ for ; Mon, 14 Oct 2019 16:46:47 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail02.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 46sPbN34rGz2lf; Mon, 14 Oct 2019 16:46:40 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 46sPbN1XJ2z2ydx; Mon, 14 Oct 2019 16:46:40 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 46sPbG3yJyz2yqs for ; Mon, 14 Oct 2019 16:46:34 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPSA id 46sPbG2lCXz2lf; Mon, 14 Oct 2019 16:46:34 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=201909ed25519; t=1571071594; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Ha0Gp0RvUfxzSAW14/nqRjK04jx1Xfrr2NE+iJIcfpw=; b=B4fatPwjkhQQuAJYOFxP/XHF7Qah+SGit5AFDV82+U1e2+lXZmXiewE/1tvKVRfFHO5yMo WHYEKfHt63NniSDg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=201909rsa; t=1571071594; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Ha0Gp0RvUfxzSAW14/nqRjK04jx1Xfrr2NE+iJIcfpw=; b=Qr6dVWUKAcMrguSGk5xYmSZuW6+37B+WkpMVCfivgZsEJkU0Rq1pCv+iX12yAnE7Mpd0EI aGcBG04SP+RilQTIuS5asVPihoOburAXBbIl8+ITOhNLUeojMTFRIkQjpqNH6vh95crhLt V8HuR+kDuU+c+/X/ovJzDx8srRaeMWLGvpO/S1Phc2F/bfutr49SV9Cg7CqOmRKAotbmqM MA1guEmGl9Z/nfAkEfN8g8F9DKEyQSLwCEmsGzG8faRtGHPjJv3BVuD8P9TojRxg9Ujc0s QFRPU1kx1S1i7jSaG77f89HgkSZQt9IJZ6ZwJN/iUJqiNcOTvAv0E5GCr9MM+w== From: Michael Tremer To: development@lists.ipfire.org Subject: [PATCH 12/17] QoS: Use CLASSIFY iptables target instead of MARK Date: Mon, 14 Oct 2019 16:46:22 +0000 Message-Id: <20191014164627.18516-12-michael.tremer@ipfire.org> In-Reply-To: <20191014164627.18516-1-michael.tremer@ipfire.org> References: <20191014164627.18516-1-michael.tremer@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Michael Tremer Errors-To: development-bounces@lists.ipfire.org Sender: "Development" We have been running into loads of conflicts by using MARK for various components on the OS (suricata, IPsec, QoS, ...) which was sometimes hard to resolve. iptables comes with a target which directly sorts packets into the correct class which results in less code and not using the mark. Signed-off-by: Michael Tremer --- config/qos/makeqosscripts.pl | 41 ++++++++++++++---------------------- 1 file changed, 16 insertions(+), 25 deletions(-) diff --git a/config/qos/makeqosscripts.pl b/config/qos/makeqosscripts.pl index 1d6930baa..7d680151b 100644 --- a/config/qos/makeqosscripts.pl +++ b/config/qos/makeqosscripts.pl @@ -262,34 +262,34 @@ print </dev/null 2>&1 # REMOVE & FLUSH CHAINS - iptables -t mangle --delete POSTROUTING -i $qossettings{'RED_DEV'} -p ah -j RETURN >/dev/null 2>&1 - iptables -t mangle --delete POSTROUTING -i $qossettings{'RED_DEV'} -p esp -j RETURN >/dev/null 2>&1 - iptables -t mangle --delete POSTROUTING -i $qossettings{'RED_DEV'} -p ip -j RETURN >/dev/null 2>&1 - iptables -t mangle --delete PREROUTING -i $qossettings{'RED_DEV'} -p ah -j RETURN >/dev/null 2>&1 - iptables -t mangle --delete PREROUTING -i $qossettings{'RED_DEV'} -p esp -j RETURN >/dev/null 2>&1 - iptables -t mangle --delete PREROUTING -i $qossettings{'RED_DEV'} -p ip -j RETURN >/dev/null 2>&1 iptables -t mangle --delete POSTROUTING -o $qossettings{'RED_DEV'} -j QOS-OUT >/dev/null 2>&1 iptables -t mangle --delete POSTROUTING -o $qossettings{'RED_DEV'} -j QOS-TOS >/dev/null 2>&1 iptables -t mangle --delete FORWARD -i $qossettings{'RED_DEV'} -j QOS-INC >/dev/null 2>&1 From patchwork Mon Oct 14 16:46:23 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Tremer X-Patchwork-Id: 2514 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 46sPbX54r9z42j9 for ; Mon, 14 Oct 2019 16:46:48 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail02.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 46sPbP0fqXz3VR; Mon, 14 Oct 2019 16:46:41 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 46sPbN6CyPz2yfS; Mon, 14 Oct 2019 16:46:40 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 46sPbG4rjHz2yr0 for ; Mon, 14 Oct 2019 16:46:34 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPSA id 46sPbG3lRdz2JY; Mon, 14 Oct 2019 16:46:34 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=201909ed25519; t=1571071594; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=iVuYUbw+0NXdixpWAURBDzV10qTdmnlRp96VAzBpbis=; b=Ape2RV3XPG1OukxiRyu7dYaqLLPs3Ed1/xmv5wrd6ZuNaa1bn+M4KrQu0QsGCvJL3R5BxZ aaJZesTMlEaaXIBQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=201909rsa; t=1571071594; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=iVuYUbw+0NXdixpWAURBDzV10qTdmnlRp96VAzBpbis=; b=h5mSSswoEFJ8z1qkfGfzmwC5USlNUnzmFVW6CCTzNNXS7V5FNHwQ13QkG4DSqKHL9Nov6k vQERDnyucyTT/e9IqVPhKQalWZMRWUwWvi8COhAi9a2lRMFihOCzv8dUB4fQhyRHRyJEvd UTjWPd8ExCx8L6Y43hjGF7ybD+v/3J5AOsdZi84Z+SHMTUrBycIp3RaPD5UZpY5d4BDYD4 N929C2M/Tk8u5uQIO4XFdKQuFy6WMIpKovG1cfPpTELluRL/8W4mlaL3v0bMOJkVWYZXJZ eAMYsxPLsZIJkM7beuP0py9gynM0DNYY6etNdvPk25dmanXF8pDqkiAfVCO6KQ== From: Michael Tremer To: development@lists.ipfire.org Subject: [PATCH 13/17] QoS: Drop tc filter rules to move marked packets into the correct class Date: Mon, 14 Oct 2019 16:46:23 +0000 Message-Id: <20191014164627.18516-13-michael.tremer@ipfire.org> In-Reply-To: <20191014164627.18516-1-michael.tremer@ipfire.org> References: <20191014164627.18516-1-michael.tremer@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Michael Tremer Errors-To: development-bounces@lists.ipfire.org Sender: "Development" This is no longer necessary since we are now using CLASSIFY Signed-off-by: Michael Tremer --- config/qos/makeqosscripts.pl | 47 +----------------------------------- 1 file changed, 1 insertion(+), 46 deletions(-) diff --git a/config/qos/makeqosscripts.pl b/config/qos/makeqosscripts.pl index 7d680151b..f73fe2938 100644 --- a/config/qos/makeqosscripts.pl +++ b/config/qos/makeqosscripts.pl @@ -131,12 +131,6 @@ case "\$1" in tc -s class show dev $qossettings{'IMQ_DEV'} exit 0 ;; - filter) - echo "[filter]" - tc -s filter show dev $qossettings{'RED_DEV'} - tc -s filter show dev $qossettings{'IMQ_DEV'} - exit 0 - ;; iptables) echo "[iptables]" iptables -t mangle -n -L QOS-OUT -v -x 2> /dev/null @@ -147,7 +141,6 @@ case "\$1" in esac \$0 \$1 qdisc \$0 \$1 class - \$0 \$1 filter \$0 \$1 iptables exit 0 ;; @@ -230,25 +223,6 @@ foreach $subclassentry (sort @subclasses) { print "\ttc qdisc add dev $qossettings{'DEVICE'} parent 1:$qossettings{'SCLASS'} handle $qossettings{'SCLASS'}: fq_codel $fqcodel_options\n"; } } -print "\n\t### FILTER TRAFFIC INTO CLASSES\n"; -foreach $classentry (sort @classes) -{ - @classline = split( /\;/, $classentry ); - if ($qossettings{'RED_DEV'} eq $classline[0]) { - $qossettings{'DEVICE'} = $classline[0]; - $qossettings{'CLASS'} = $classline[1]; - print "\ttc filter add dev $qossettings{'DEVICE'} parent 1:0 prio 0 protocol ip handle $qossettings{'CLASS'} fw flowid 1:$qossettings{'CLASS'}\n"; - } -} -foreach $subclassentry (sort @subclasses) { - @subclassline = split( /\;/, $subclassentry ); - if ($qossettings{'RED_DEV'} eq $subclassline[0]) { - $qossettings{'DEVICE'} = $subclassline[0]; - $qossettings{'CLASS'} = $subclassline[1]; - $qossettings{'SCLASS'} = $subclassline[2]; - print "\ttc filter add dev $qossettings{'DEVICE'} parent 1:0 prio 0 protocol ip handle $qossettings{'SCLASS'} fw flowid 1:$qossettings{'SCLASS'}\n"; - } -} print < X-Patchwork-Id: 2515 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 46sPbZ14lMz42j9 for ; Mon, 14 Oct 2019 16:46:50 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail02.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 46sPbP3XsYz3Wv; Mon, 14 Oct 2019 16:46:41 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 46sPbP27hNz2yfL; Mon, 14 Oct 2019 16:46:41 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 46sPbG6cdyz2yqw for ; Mon, 14 Oct 2019 16:46:34 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPSA id 46sPbG4jvnz2dF; Mon, 14 Oct 2019 16:46:34 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=201909ed25519; t=1571071594; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=AhkPDEbjlGjp28S4DTE3q40v/4p/IBI+XdlZJz/z5cY=; b=M+nSYzo5g9ls+mIObHwsM9nHuwqDgAKSf8CEw3HA/rbMtmeM7gRNfEyL4FCUp58KPxYwN5 iMwQzht9iTsGQPCw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=201909rsa; t=1571071594; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=AhkPDEbjlGjp28S4DTE3q40v/4p/IBI+XdlZJz/z5cY=; b=AWQtTgnMjFm4T7sl4tKUyfAB3IsluXXJqu+rFNpxIsvIV917a4lAXtdIXeloD9JyMFIBn2 Uyc345aqkw6c3uaFatFkQCnhjH2WBNb3xoW3tDOKRO90O9pvwDug9boagVom7FeJgQTvo+ TRkImbasRx2DawffmrvEmmZByH35mgwA4On+df4vhhdFn5mIF1R/IlOJc4gtX8vdzn2LEi qeeiwhQlaH7gLX9+rTnvVxZYkfUYxjx9C+EB+X9FKNBsqsNLSbWbke+SQ8siqf/Z/IjfaA +SkZ+w3JtiYIDQGvrWmftHgnubVxhaMcmTa2nnMaELA6/UxDrtMhYg2D+5mVgw== From: Michael Tremer To: development@lists.ipfire.org Subject: [PATCH 14/17] QoS: Drop support for subclasses Date: Mon, 14 Oct 2019 16:46:24 +0000 Message-Id: <20191014164627.18516-14-michael.tremer@ipfire.org> In-Reply-To: <20191014164627.18516-1-michael.tremer@ipfire.org> References: <20191014164627.18516-1-michael.tremer@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Michael Tremer Errors-To: development-bounces@lists.ipfire.org Sender: "Development" This feature was never properly implemented and the UI was dead Signed-off-by: Michael Tremer --- config/qos/makeqosscripts.pl | 77 -------------- doc/language_issues.de | 4 + doc/language_issues.en | 4 - doc/language_issues.es | 4 + doc/language_issues.fr | 4 + doc/language_issues.it | 4 + doc/language_issues.nl | 4 + doc/language_issues.pl | 4 + doc/language_issues.ru | 4 + doc/language_issues.tr | 4 + html/cgi-bin/qos.cgi | 197 ----------------------------------- 11 files changed, 32 insertions(+), 278 deletions(-) diff --git a/config/qos/makeqosscripts.pl b/config/qos/makeqosscripts.pl index f73fe2938..9a57aad28 100644 --- a/config/qos/makeqosscripts.pl +++ b/config/qos/makeqosscripts.pl @@ -35,26 +35,22 @@ my $errormessage = ""; my $c = ""; my $direntry = ""; my $classentry = ""; -my $subclassentry = ""; my $l7ruleentry = ""; my $portruleentry = ""; my $tosruleentry = ""; my @tmp = (); my @classes = (); -my @subclasses = (); my @l7rules = (); my @portrules = (); my @tosrules = (); my @tmpline = (); my @classline = (); -my @subclassline = (); my @tosruleline = (); my @l7ruleline = (); my @portruleline = (); my @proto = (); my %selected= () ; my $classfile = "/var/ipfire/qos/classes"; -my $subclassfile = "/var/ipfire/qos/subclasses"; my $level7file = "/var/ipfire/qos/level7config"; my $portfile = "/var/ipfire/qos/portconfig"; my $tosfile = "/var/ipfire/qos/tosconfig"; @@ -81,9 +77,6 @@ $qossettings{'VALID'} = 'yes'; open( FILE, "< $classfile" ) or die "Unable to read $classfile"; @classes = ; close FILE; -open( FILE, "< $subclassfile" ) or die "Unable to read $subclassfile"; -@subclasses = ; -close FILE; open( FILE, "< $level7file" ) or die "Unable to read $level7file"; @l7rules = ; close FILE; @@ -183,27 +176,6 @@ foreach $classentry (sort @classes) print "\n"; } } -foreach $subclassentry (sort @subclasses) { - @subclassline = split( /\;/, $subclassentry ); - if ($qossettings{'RED_DEV'} eq $subclassline[0]) { - $qossettings{'DEVICE'} = $subclassline[0]; - $qossettings{'CLASS'} = $subclassline[1]; - $qossettings{'SCLASS'} = $subclassline[2]; - $qossettings{'SPRIO'} = $subclassline[3]; - $qossettings{'SRATE'} = $subclassline[4]; - $qossettings{'SCEIL'} = $subclassline[5]; - $qossettings{'SBURST'} = $subclassline[6]; - $qossettings{'SCBURST'} = $subclassline[7]; - print "\ttc class add dev $qossettings{'DEVICE'} parent 1:$qossettings{'CLASS'} classid 1:$qossettings{'SCLASS'} htb rate $qossettings{'SRATE'}kbit ceil $qossettings{'SCEIL'}kbit prio $qossettings{'SPRIO'} "; - if ($qossettings{'SBURST'} > 0) { - print "burst $qossettings{'SBURST'}k "; - } - if (($qossettings{'SCBURST'} ne '') && ($qossettings{'SCBURST'} ne 0)) { - print "cburst $qossettings{'CBURST'}k"; - } - print "\n"; - } -} print "\n\t### ATTACH QDISC TO LEAF CLASSES\n"; foreach $classentry (sort @classes) @@ -215,14 +187,6 @@ foreach $classentry (sort @classes) print "\ttc qdisc add dev $qossettings{'DEVICE'} parent 1:$qossettings{'CLASS'} handle $qossettings{'CLASS'}: fq_codel $fqcodel_options\n"; } } -foreach $subclassentry (sort @subclasses) { - @subclassline = split( /\;/, $subclassentry ); - if ($qossettings{'RED_DEV'} eq $subclassline[0]) { - $qossettings{'DEVICE'} = $subclassline[0]; - $qossettings{'SCLASS'} = $subclassline[2]; - print "\ttc qdisc add dev $qossettings{'DEVICE'} parent 1:$qossettings{'SCLASS'} handle $qossettings{'SCLASS'}: fq_codel $fqcodel_options\n"; - } -} print < 0) { - print "burst $qossettings{'SBURST'}k "; - } - if (($qossettings{'SCBURST'} ne '') && ($qossettings{'SCBURST'} ne 0)) { - print "cburst $qossettings{'CBURST'}k"; - } - print "\n"; - } -} print "\n\t### ATTACH QDISC TO LEAF CLASSES\n"; foreach $classentry (sort @classes) @@ -453,15 +396,6 @@ foreach $classentry (sort @classes) print "\ttc qdisc add dev $qossettings{'DEVICE'} parent 2:$qossettings{'CLASS'} handle $qossettings{'CLASS'}: fq_codel $fqcodel_options\n"; } } -foreach $subclassentry (sort @subclasses) { - @subclassline = split( /\;/, $subclassentry ); - if ($qossettings{'IMQ_DEV'} eq $subclassline[0]) { - $qossettings{'DEVICE'} = $subclassline[0]; - $qossettings{'SCLASS'} = $subclassline[2]; - print "\ttc qdisc add dev $qossettings{'DEVICE'} parent 2:$qossettings{'SCLASS'} handle $qossettings{'SCLASS'}: fq_codel $fqcodel_options\n"; - } -} - print <must be saved, otherwise it will be discarded! diff --git a/doc/language_issues.es b/doc/language_issues.es index 2af165d6b..a4c5bf1f5 100644 --- a/doc/language_issues.es +++ b/doc/language_issues.es @@ -9,6 +9,7 @@ WARNING: translation string unused: Queuelenght WARNING: translation string unused: Remote IP WARNING: translation string unused: Remote VPN IP WARNING: translation string unused: Resolv +WARNING: translation string unused: Subclass WARNING: translation string unused: TOS Bits WARNING: translation string unused: Verbose WARNING: translation string unused: access allowed @@ -18,6 +19,7 @@ WARNING: translation string unused: add cron WARNING: translation string unused: add network WARNING: translation string unused: add new ovpn WARNING: translation string unused: add service +WARNING: translation string unused: add subclass WARNING: translation string unused: add xtaccess WARNING: translation string unused: add-route WARNING: translation string unused: admin user password has been changed @@ -129,6 +131,7 @@ WARNING: translation string unused: cfg restart WARNING: translation string unused: check for net traffic update WARNING: translation string unused: choose config WARNING: translation string unused: choose media +WARNING: translation string unused: class in use WARNING: translation string unused: clear cache WARNING: translation string unused: compression WARNING: translation string unused: connect @@ -475,6 +478,7 @@ WARNING: translation string unused: proxy no proxy extend WARNING: translation string unused: proxy no proxy local WARNING: translation string unused: proxy port WARNING: translation string unused: psk +WARNING: translation string unused: qos add subclass WARNING: translation string unused: quick control WARNING: translation string unused: reboot ask WARNING: translation string unused: reboot question diff --git a/doc/language_issues.fr b/doc/language_issues.fr index f48d65a80..3d657059f 100644 --- a/doc/language_issues.fr +++ b/doc/language_issues.fr @@ -31,6 +31,7 @@ WARNING: translation string unused: Queuelenght WARNING: translation string unused: Remote IP WARNING: translation string unused: Remote VPN IP WARNING: translation string unused: Resolv +WARNING: translation string unused: Subclass WARNING: translation string unused: TOS Bits WARNING: translation string unused: Verbose WARNING: translation string unused: access allowed @@ -40,6 +41,7 @@ WARNING: translation string unused: add cron WARNING: translation string unused: add network WARNING: translation string unused: add new ovpn WARNING: translation string unused: add service +WARNING: translation string unused: add subclass WARNING: translation string unused: add xtaccess WARNING: translation string unused: add-route WARNING: translation string unused: admin user password has been changed @@ -159,6 +161,7 @@ WARNING: translation string unused: cfg restart WARNING: translation string unused: check for net traffic update WARNING: translation string unused: choose config WARNING: translation string unused: choose media +WARNING: translation string unused: class in use WARNING: translation string unused: clear cache WARNING: translation string unused: compression WARNING: translation string unused: connect @@ -577,6 +580,7 @@ WARNING: translation string unused: proxy no proxy extend WARNING: translation string unused: proxy no proxy local WARNING: translation string unused: proxy port WARNING: translation string unused: psk +WARNING: translation string unused: qos add subclass WARNING: translation string unused: quick control WARNING: translation string unused: reboot ask WARNING: translation string unused: reboot question diff --git a/doc/language_issues.it b/doc/language_issues.it index 59c649954..973a7c12c 100644 --- a/doc/language_issues.it +++ b/doc/language_issues.it @@ -10,6 +10,7 @@ WARNING: translation string unused: Queuelenght WARNING: translation string unused: Remote IP WARNING: translation string unused: Remote VPN IP WARNING: translation string unused: Resolv +WARNING: translation string unused: Subclass WARNING: translation string unused: TOS Bits WARNING: translation string unused: Verbose WARNING: translation string unused: access allowed @@ -19,6 +20,7 @@ WARNING: translation string unused: add cron WARNING: translation string unused: add network WARNING: translation string unused: add new ovpn WARNING: translation string unused: add service +WARNING: translation string unused: add subclass WARNING: translation string unused: add xtaccess WARNING: translation string unused: add-route WARNING: translation string unused: admin user password has been changed @@ -137,6 +139,7 @@ WARNING: translation string unused: cfg restart WARNING: translation string unused: check for net traffic update WARNING: translation string unused: choose config WARNING: translation string unused: choose media +WARNING: translation string unused: class in use WARNING: translation string unused: clear cache WARNING: translation string unused: compression WARNING: translation string unused: connect @@ -552,6 +555,7 @@ WARNING: translation string unused: proxy no proxy extend WARNING: translation string unused: proxy no proxy local WARNING: translation string unused: proxy port WARNING: translation string unused: psk +WARNING: translation string unused: qos add subclass WARNING: translation string unused: quick control WARNING: translation string unused: reboot ask WARNING: translation string unused: reboot question diff --git a/doc/language_issues.nl b/doc/language_issues.nl index 836745e5a..2d5e06726 100644 --- a/doc/language_issues.nl +++ b/doc/language_issues.nl @@ -10,6 +10,7 @@ WARNING: translation string unused: Queuelenght WARNING: translation string unused: Remote IP WARNING: translation string unused: Remote VPN IP WARNING: translation string unused: Resolv +WARNING: translation string unused: Subclass WARNING: translation string unused: TOS Bits WARNING: translation string unused: Verbose WARNING: translation string unused: access allowed @@ -19,6 +20,7 @@ WARNING: translation string unused: add cron WARNING: translation string unused: add network WARNING: translation string unused: add new ovpn WARNING: translation string unused: add service +WARNING: translation string unused: add subclass WARNING: translation string unused: add xtaccess WARNING: translation string unused: add-route WARNING: translation string unused: admin user password has been changed @@ -136,6 +138,7 @@ WARNING: translation string unused: cfg restart WARNING: translation string unused: check for net traffic update WARNING: translation string unused: choose config WARNING: translation string unused: choose media +WARNING: translation string unused: class in use WARNING: translation string unused: clear cache WARNING: translation string unused: compression WARNING: translation string unused: connect @@ -547,6 +550,7 @@ WARNING: translation string unused: proxy no proxy extend WARNING: translation string unused: proxy no proxy local WARNING: translation string unused: proxy port WARNING: translation string unused: psk +WARNING: translation string unused: qos add subclass WARNING: translation string unused: quick control WARNING: translation string unused: reboot ask WARNING: translation string unused: reboot question diff --git a/doc/language_issues.pl b/doc/language_issues.pl index 2af165d6b..a4c5bf1f5 100644 --- a/doc/language_issues.pl +++ b/doc/language_issues.pl @@ -9,6 +9,7 @@ WARNING: translation string unused: Queuelenght WARNING: translation string unused: Remote IP WARNING: translation string unused: Remote VPN IP WARNING: translation string unused: Resolv +WARNING: translation string unused: Subclass WARNING: translation string unused: TOS Bits WARNING: translation string unused: Verbose WARNING: translation string unused: access allowed @@ -18,6 +19,7 @@ WARNING: translation string unused: add cron WARNING: translation string unused: add network WARNING: translation string unused: add new ovpn WARNING: translation string unused: add service +WARNING: translation string unused: add subclass WARNING: translation string unused: add xtaccess WARNING: translation string unused: add-route WARNING: translation string unused: admin user password has been changed @@ -129,6 +131,7 @@ WARNING: translation string unused: cfg restart WARNING: translation string unused: check for net traffic update WARNING: translation string unused: choose config WARNING: translation string unused: choose media +WARNING: translation string unused: class in use WARNING: translation string unused: clear cache WARNING: translation string unused: compression WARNING: translation string unused: connect @@ -475,6 +478,7 @@ WARNING: translation string unused: proxy no proxy extend WARNING: translation string unused: proxy no proxy local WARNING: translation string unused: proxy port WARNING: translation string unused: psk +WARNING: translation string unused: qos add subclass WARNING: translation string unused: quick control WARNING: translation string unused: reboot ask WARNING: translation string unused: reboot question diff --git a/doc/language_issues.ru b/doc/language_issues.ru index b904157b1..06e68dfd3 100644 --- a/doc/language_issues.ru +++ b/doc/language_issues.ru @@ -10,6 +10,7 @@ WARNING: translation string unused: Queuelenght WARNING: translation string unused: Remote IP WARNING: translation string unused: Remote VPN IP WARNING: translation string unused: Resolv +WARNING: translation string unused: Subclass WARNING: translation string unused: TOS Bits WARNING: translation string unused: Verbose WARNING: translation string unused: access allowed @@ -19,6 +20,7 @@ WARNING: translation string unused: add cron WARNING: translation string unused: add network WARNING: translation string unused: add new ovpn WARNING: translation string unused: add service +WARNING: translation string unused: add subclass WARNING: translation string unused: add xtaccess WARNING: translation string unused: add-route WARNING: translation string unused: admin user password has been changed @@ -130,6 +132,7 @@ WARNING: translation string unused: cfg restart WARNING: translation string unused: check for net traffic update WARNING: translation string unused: choose config WARNING: translation string unused: choose media +WARNING: translation string unused: class in use WARNING: translation string unused: clear cache WARNING: translation string unused: compression WARNING: translation string unused: connect @@ -478,6 +481,7 @@ WARNING: translation string unused: proxy no proxy extend WARNING: translation string unused: proxy no proxy local WARNING: translation string unused: proxy port WARNING: translation string unused: psk +WARNING: translation string unused: qos add subclass WARNING: translation string unused: quick control WARNING: translation string unused: reboot ask WARNING: translation string unused: reboot question diff --git a/doc/language_issues.tr b/doc/language_issues.tr index cf773d8cb..5bbf9a1b5 100644 --- a/doc/language_issues.tr +++ b/doc/language_issues.tr @@ -31,6 +31,7 @@ WARNING: translation string unused: Queuelenght WARNING: translation string unused: Remote IP WARNING: translation string unused: Remote VPN IP WARNING: translation string unused: Resolv +WARNING: translation string unused: Subclass WARNING: translation string unused: TOS Bits WARNING: translation string unused: Verbose WARNING: translation string unused: access allowed @@ -40,6 +41,7 @@ WARNING: translation string unused: add cron WARNING: translation string unused: add network WARNING: translation string unused: add new ovpn WARNING: translation string unused: add service +WARNING: translation string unused: add subclass WARNING: translation string unused: add xtaccess WARNING: translation string unused: add-route WARNING: translation string unused: admin user password has been changed @@ -159,6 +161,7 @@ WARNING: translation string unused: cfg restart WARNING: translation string unused: check for net traffic update WARNING: translation string unused: choose config WARNING: translation string unused: choose media +WARNING: translation string unused: class in use WARNING: translation string unused: clear cache WARNING: translation string unused: compression WARNING: translation string unused: connect @@ -580,6 +583,7 @@ WARNING: translation string unused: proxy no proxy extend WARNING: translation string unused: proxy no proxy local WARNING: translation string unused: proxy port WARNING: translation string unused: psk +WARNING: translation string unused: qos add subclass WARNING: translation string unused: quick control WARNING: translation string unused: reboot ask WARNING: translation string unused: reboot question diff --git a/html/cgi-bin/qos.cgi b/html/cgi-bin/qos.cgi index b7af11204..320eef67d 100644 --- a/html/cgi-bin/qos.cgi +++ b/html/cgi-bin/qos.cgi @@ -38,19 +38,16 @@ my $errormessage = ""; my $c = ""; my $direntry = ""; my $classentry = ""; -my $subclassentry = ""; my $l7ruleentry = ""; my $portruleentry = ""; my $tosruleentry = ""; my @tmp = (); my @classes = (); -my @subclasses = (); my @l7rules = (); my @portrules = (); my @tosrules = (); my @tmpline = (); my @classline = (); -my @subclassline = (); my @l7ruleline = (); my @portruleline = (); my @tosruleline = (); @@ -58,7 +55,6 @@ my @proto = (); my %selected= (); my @checked = (); my $classfile = "/var/ipfire/qos/classes"; -my $subclassfile = "/var/ipfire/qos/subclasses"; my $level7file = "/var/ipfire/qos/level7config"; my $portfile = "/var/ipfire/qos/portconfig"; my $tosfile = "/var/ipfire/qos/tosconfig"; @@ -85,7 +81,6 @@ $qossettings{'IMQ_DEV_SEL'} = ''; $qossettings{'PRIO'} = ''; $qossettings{'SPD'} = ''; $qossettings{'CLASS'} = ''; -$qossettings{'SCLASS'} = ''; $qossettings{'QPORT'} = ''; $qossettings{'DPORT'} = ''; $qossettings{'QIP'} = ''; @@ -98,7 +93,6 @@ $qossettings{'MAXBWDTH'} = ''; $qossettings{'BURST'} = ''; $qossettings{'CBURST'} = ''; $qossettings{'DOCLASS'} = ''; -$qossettings{'DOSCLASS'} = ''; $qossettings{'DOLEVEL7'} = ''; $qossettings{'DOPORT'} = ''; $qossettings{'CLASS'} = ''; @@ -194,60 +188,12 @@ elsif ($qossettings{'DOCLASS'} eq $Lang::tr{'delete'}) } } close FILE; - open( FILE, "< $subclassfile" ) or die "Unable to read $classfile"; - @tmp = ; - close FILE; - open( FILE, "> $subclassfile" ) or die "Unable to write $classfile"; - foreach $subclassentry (sort @tmp) - { - @tmpline = split( /\;/, $subclassentry ); - if ( $tmpline[1] ne $qossettings{'CLASS'} ) - { - print FILE $subclassentry; - } - } - close FILE; $message = "$Lang::tr{'Class'} $qossettings{'CLASS'} $Lang::tr{'Class was deleted'}"; } ############################################################################################################################ ############################################################################################################################ -if ($qossettings{'DOSCLASS'} eq $Lang::tr{'save'}) -{ - &validsubclass(); - &validminbwdth(); - if ( $qossettings{'VALID'} eq 'yes' ) { - open( FILE, ">> $subclassfile" ) or die "Unable to write $subclassfile"; - print FILE <; - close FILE; - open( FILE, "> $subclassfile" ) or die "Unable to write $classfile"; - foreach $subclassentry (sort @tmp) - { - @tmpline = split( /\;/, $subclassentry ); - if ( $tmpline[2] ne $qossettings{'CLASS'} ) - { - print FILE $subclassentry; - } - } - close FILE; - $message = "$Lang::tr{'Subclass'} $qossettings{'CLASS'} $Lang::tr{'was deleted'}."; -} - -############################################################################################################################ -############################################################################################################################ - if ($qossettings{'DOLEVEL7'} eq $Lang::tr{'save'}) { if ( $qossettings{'QIP'} ne '' ) { @@ -612,13 +558,6 @@ elsif ($qossettings{'ACTION'} eq $Lang::tr{'parentclass add'} ) &Header::closepage(); exit } -elsif ($qossettings{'ACTION'} eq $Lang::tr{'qos add subclass'}) -{ - &subclass(); - &Header::closebigbox(); - &Header::closepage(); - exit -} elsif ($qossettings{'ACTION'} eq $Lang::tr{'Add Rule'}) { &Header::openbox('100%', 'center', $Lang::tr{'Add Rule'}); @@ -967,81 +906,6 @@ END &Header::closebox(); } -sub subclass { - &Header::openbox('100%', 'center', $Lang::tr{'Subclass'}); - print < - -END -; - if ( $message ne "" ) { - print "
$message"; - } - print <$Lang::tr{'current class'}: $qossettings{'CLASS'} -
$Lang::tr{'enter data'} -
$Lang::tr{'Subclass'}:  -
$Lang::tr{'priority'}:
$Lang::tr{'guaranteed bandwith'}: - -   -
$Lang::tr{'max bandwith'}: - -   -
Burst: - -   -
Ceilburst: - -   -
TOS-Bit: - - - -   -
-END -; - &Header::closebox(); -} - sub level7rule { &Header::openbox('100%', 'center', $Lang::tr{'Level7 Rule'}); print <; close FILE; if (@classes) { - open( FILE, "< $subclassfile" ) or die "Unable to read $subclassfile"; - @subclasses = ; - close FILE; open( FILE, "< $level7file" ) or die "Unable to read $level7file"; @l7rules = ; close FILE; @@ -1203,11 +1064,6 @@ sub showclasses { $classline[7] -
- - - -
@@ -1386,41 +1242,6 @@ END } END ; - foreach $subclassentry (sort @subclasses) - { - @subclassline = split( /\;/, $subclassentry ); - if ( $subclassline[1] eq $classline[1] ) { - print <
$Lang::tr{'Subclass'}: - $subclassline[2] - $subclassline[3] - $subclassline[4] - $subclassline[5] - $subclassline[6] - $subclassline[7] - $subclassline[8] - - -
- - - - -
- - - -
-
- - - -
-
-END -; - } - } print < END @@ -1488,21 +1309,3 @@ sub validclass { } } } - -sub validsubclass { - if ( $qossettings{'VALID'} eq 'yes' ) { - open( FILE, "< $subclassfile" ) or die "Unable to read $subclassfile"; - @tmp = ; - close FILE; - foreach $subclassentry (sort @tmp) - { - @tmpline = split( /\;/, $subclassentry ); - if ( $tmpline[2] eq $qossettings{'SCLASS'} ) - { - $qossettings{'VALID'} = 'no'; - $message = "$Lang::tr{'class in use'}"; - last - } - } - } -} From patchwork Mon Oct 14 16:46:25 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Tremer X-Patchwork-Id: 2518 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 46sPbd2sY8z42jJ for ; Mon, 14 Oct 2019 16:46:53 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail02.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 46sPbQ1bY1z3dt; Mon, 14 Oct 2019 16:46:42 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 46sPbP6gHPz2y2r; Mon, 14 Oct 2019 16:46:41 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 46sPbH0VMRz2yr9 for ; Mon, 14 Oct 2019 16:46:35 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPSA id 46sPbG6Rcgz2lQ; Mon, 14 Oct 2019 16:46:34 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=201909ed25519; t=1571071594; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=jDXuYLXCZlT7A2P5J6875eaz6U2hj+kAP7IAEKIksfo=; b=RPbYbNGKHFaMkduz86GT3RhibroFDlCpNFHlcxnauJxiZDbCLwI1QQf4uZK/S4fcgR4FGD BdhcPcoclvO5eTDQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=201909rsa; t=1571071594; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=jDXuYLXCZlT7A2P5J6875eaz6U2hj+kAP7IAEKIksfo=; b=YBNBNcn1nLo/Qg2j5pVqHdEPGkNuVdm+HnJn662+159q1z7QE6gQqqq/1WGY/kl+UEAeva h3NW5l487d2zQswlSUSkue2wUe8HsW3+fPqh9mukxru9dxbgAzF+Qqtj3uzUguPZx+iOhR CPFvY3tJFtLtBhpRkxAI1bTxXjpVbKEfsY4FNPJn/ZBVORG/kGw88TUPmcmgYV8mnyx0/n 2NClB6W5Bp1jfpa7Y9NN5tOP5lY43nlr68pdjnSICO4ucAvGMDHOdH++nKYZwhXiabhz7k 3nX1TDLqds7nSLNOCxBtw5lhNl8PV+zhjDHe3j84ksgXI148j7qQBkOUgLdDZw== From: Michael Tremer To: development@lists.ipfire.org Subject: [PATCH 15/17] QoS: Drop support for setting TOS bits per class Date: Mon, 14 Oct 2019 16:46:25 +0000 Message-Id: <20191014164627.18516-15-michael.tremer@ipfire.org> In-Reply-To: <20191014164627.18516-1-michael.tremer@ipfire.org> References: <20191014164627.18516-1-michael.tremer@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Michael Tremer Errors-To: development-bounces@lists.ipfire.org Sender: "Development" This is useless since no ISP will evaluate those settings any more and it has a rather large impact on throughput. Signed-off-by: Michael Tremer --- config/qos/makeqosscripts.pl | 24 ------------------------ html/cgi-bin/qos.cgi | 12 ------------ 2 files changed, 36 deletions(-) diff --git a/config/qos/makeqosscripts.pl b/config/qos/makeqosscripts.pl index 9a57aad28..4f66b20b4 100644 --- a/config/qos/makeqosscripts.pl +++ b/config/qos/makeqosscripts.pl @@ -128,7 +128,6 @@ case "\$1" in echo "[iptables]" iptables -t mangle -n -L QOS-OUT -v -x 2> /dev/null iptables -t mangle -n -L QOS-INC -v -x 2> /dev/null - iptables -t mangle -n -L QOS-TOS -v -x 2> /dev/null exit 0 ;; esac @@ -191,9 +190,7 @@ print </dev/null 2>&1 /usr/local/bin/qosd $qossettings{'IMQ_DEV'} >/dev/null 2>&1 @@ -553,15 +533,11 @@ print </dev/null 2>&1 - iptables -t mangle --delete POSTROUTING -o $qossettings{'RED_DEV'} -j QOS-TOS >/dev/null 2>&1 iptables -t mangle --delete FORWARD -i $qossettings{'RED_DEV'} -j QOS-INC >/dev/null 2>&1 - iptables -t mangle --delete FORWARD -i $qossettings{'RED_DEV'} -j QOS-TOS >/dev/null 2>&1 iptables -t mangle --flush QOS-OUT >/dev/null 2>&1 iptables -t mangle --delete-chain QOS-OUT >/dev/null 2>&1 iptables -t mangle --flush QOS-INC >/dev/null 2>&1 iptables -t mangle --delete-chain QOS-INC >/dev/null 2>&1 - iptables -t mangle --flush QOS-TOS >/dev/null 2>&1 - iptables -t mangle --delete-chain QOS-TOS >/dev/null 2>&1 rmmod sch_htb >/dev/null 2>&1 diff --git a/html/cgi-bin/qos.cgi b/html/cgi-bin/qos.cgi index 320eef67d..8211a3ca0 100644 --- a/html/cgi-bin/qos.cgi +++ b/html/cgi-bin/qos.cgi @@ -883,18 +883,6 @@ END
Ceilburst:   -END -; - $selected{'TOS'}{$qossettings{'TOS'}} = "selected='selected'"; -print <TOS-Bit: - -  
$Lang::tr{'remark'}:
* $Lang::tr{'required field'} From patchwork Mon Oct 14 16:46:26 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Tremer X-Patchwork-Id: 2517 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 46sPbd1H0Wz42jH for ; Mon, 14 Oct 2019 16:46:53 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail02.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 46sPbP6Ljzz3T6; Mon, 14 Oct 2019 16:46:41 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 46sPbP4l0Dz2yfS; Mon, 14 Oct 2019 16:46:41 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 46sPbH1WjGz2ypv for ; Mon, 14 Oct 2019 16:46:35 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPSA id 46sPbH0JRXz2qW; Mon, 14 Oct 2019 16:46:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=201909rsa; t=1571071595; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=e0V59AXSsr0Rf1DnpC8AG6pUF3m+KjDVscJSmoROAv4=; b=BnuLXpqaZUbSozF9gUF9s4t0IYKExHaPONtIDmgFPUuxzsY/j92zYwOxWsZ5Zt45UTsmF6 zIDqci8n0AdkZsw/HJBSnGfqKti22+ZoaWuFnO8SfOS61CpMHQHQ1gQD2ciH6XkDrP1UcD iIVQMY1YSlcKRUsWNO9UIbeTJUBHqogBB1F32WnuWS/3KKZ8G/nLBM6K4ThVXXEH+U7cXU 3sCkH0o6Q974BUg7gdjWrbkf/YoJBox6CeQ7BL6m3QhAlExMKNWwNxIw3WqV+UdErfLmi4 n/Eo20pYLDlw+8AE+59vrLWAcfiQvopJvzGGwmh8Net4O1Ix3wC4ziDZAzLb2w== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=201909ed25519; t=1571071595; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=e0V59AXSsr0Rf1DnpC8AG6pUF3m+KjDVscJSmoROAv4=; b=ow0ZEn0V1e82b0bUYoMq5lf3v2VCiPW9w1QmGUK0gENAydB/GvwybkJWJCMSyFZiRc1Rd/ ccgHsrSrulQPJyCg== From: Michael Tremer To: development@lists.ipfire.org Subject: [PATCH 16/17] QoS: No longer set TOS bits for ACK packets Date: Mon, 14 Oct 2019 16:46:26 +0000 Message-Id: <20191014164627.18516-16-michael.tremer@ipfire.org> In-Reply-To: <20191014164627.18516-1-michael.tremer@ipfire.org> References: <20191014164627.18516-1-michael.tremer@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Michael Tremer Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Signed-off-by: Michael Tremer --- config/qos/makeqosscripts.pl | 7 ------- 1 file changed, 7 deletions(-) diff --git a/config/qos/makeqosscripts.pl b/config/qos/makeqosscripts.pl index 4f66b20b4..934976a23 100644 --- a/config/qos/makeqosscripts.pl +++ b/config/qos/makeqosscripts.pl @@ -196,34 +196,27 @@ print < X-Patchwork-Id: 2516 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 46sPbc41Pqz42j9 for ; Mon, 14 Oct 2019 16:46:52 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail02.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 46sPbQ3vJTz3f1; Mon, 14 Oct 2019 16:46:42 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 46sPbQ1cTpz2yFb; Mon, 14 Oct 2019 16:46:42 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 46sPbH3N2Qz2yf3 for ; Mon, 14 Oct 2019 16:46:35 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPSA id 46sPbH1L5vz2lf; Mon, 14 Oct 2019 16:46:35 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=201909ed25519; t=1571071595; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=2iS4Mn8MYe8EOUFlNQ1EgZYmqDkPhyP8fwOlkIX+nuo=; b=iKPBqFx2CAbAWzqsFMc/ZM7PLFKzzKbcH0d7/gn+b6CP3Hy9ejy8ldM+Gn4VlcLyoKt0a7 T4W6hZ7bI5p8I3DQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=201909rsa; t=1571071595; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=2iS4Mn8MYe8EOUFlNQ1EgZYmqDkPhyP8fwOlkIX+nuo=; b=GPQMevGe8XIce6qSoMkdVUTe1U6MOS8eLkCUpbuuCkjPwghDf8a8L20hafgzlNxKdJMYq7 LKHUrXqPeYxPs5ksSspbMqY/f6p/GsYfN1GErnDwl6MCi4Et/GjU55dNKCHrsxPQB1w/41 pdWcUFejknixx3ucMXvMMvg7kyKZ/7WdGMMkhiiaMitAR3hBUVLmFTyg1cBC/2lUB50kyb p5jgSGfKC/VDnW2mnlO1azmvv4jRZ50jX4BKxzT+gm4DTCkMKYzKei7DjHokT3nol7HnxP Kghj5qnZVgpdE9WurQCiP9RhABFG7H+VRcQDLnuXUFuhen1Tn2rl51b+jrHEcQ== From: Michael Tremer To: development@lists.ipfire.org Subject: [PATCH 17/17] QoS: Increase queue size and quantum for fq_codel Date: Mon, 14 Oct 2019 16:46:27 +0000 Message-Id: <20191014164627.18516-17-michael.tremer@ipfire.org> In-Reply-To: <20191014164627.18516-1-michael.tremer@ipfire.org> References: <20191014164627.18516-1-michael.tremer@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Michael Tremer Errors-To: development-bounces@lists.ipfire.org Sender: "Development" This optimises the QoS to process more bandwidth. The limit variable sets the maximum number of packets in the queue which was regularly exceeded on fast connections with the old setting. This now allows up to 10G of data transfer and is set to the default of fq_codel. Quantum sets how many bytes can be read from the queue per iteration. This is now set to the default again, which is the size of an Ethernet frame including its header. Signed-off-by: Michael Tremer --- config/qos/makeqosscripts.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/qos/makeqosscripts.pl b/config/qos/makeqosscripts.pl index 934976a23..ff4cbcb12 100644 --- a/config/qos/makeqosscripts.pl +++ b/config/qos/makeqosscripts.pl @@ -54,7 +54,7 @@ my $classfile = "/var/ipfire/qos/classes"; my $level7file = "/var/ipfire/qos/level7config"; my $portfile = "/var/ipfire/qos/portconfig"; my $tosfile = "/var/ipfire/qos/tosconfig"; -my $fqcodel_options = "limit 800 quantum 500"; +my $fqcodel_options = "limit 10240 quantum 1514"; &General::readhash("${General::swroot}/ethernet/settings", \%netsettings);