shortcut-fe: rework netfilter conntrack notification (coolsnowwolf#5760)

The original patch over rode the nf_conntrack_un/register_notifier API, which will break other modules relying on the API. Reworked the notification APIs to play nice with others. Also avoid to touch the code of fullcone nat. Co-authored-by: quarkysg <[email protected]>
zzsonyzz12 · Nov 10, 2020 · 5323b53 · 5323b53
1 parent 047d6ea
commit 5323b53
Show file tree

Hide file tree

Showing 9 changed files with 418 additions and 384 deletions.
diff --git a/package/lean/fast-classifier/Makefile b/package/lean/fast-classifier/Makefile
@@ -49,7 +49,7 @@ Example user space program that communicates with fast
 classifier kernel module
 endef
 
-SFE_MAKE_OPTS:=SFE_SUPPORT_IPV6=n
+SFE_MAKE_OPTS:=SFE_SUPPORT_IPV6=y
 
 define Build/Compile/kmod
 	+$(MAKE) $(PKG_JOBS) -C "$(LINUX_DIR)" $(strip $(SFE_MAKE_OPTS)) \

diff --git a/package/lean/fast-classifier/src/fast-classifier.c b/package/lean/fast-classifier/src/fast-classifier.c
@@ -346,13 +346,11 @@ static bool fast_classifier_find_dev_and_mac_addr(struct sk_buff *skb, sfe_ip_ad
 
 		dst = (struct dst_entry *)rt;
 	} else {
-#ifdef SFE_SUPPORT_IPV6
 #if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 17, 0))
 		rt6 = rt6_lookup(&init_net, (struct in6_addr *)addr->ip6, 0, 0, NULL, 0);
 #else
 		rt6 = rt6_lookup(&init_net, (struct in6_addr *)addr->ip6, 0, 0, 0);
 #endif /*KERNEL_VERSION(4, 17, 0)*/
-#endif
 		if (!rt6) {
 			goto ret_fail;
 		}
@@ -1809,10 +1807,12 @@ static int __init fast_classifier_init(void)
 		goto exit3;
 	}
 
-#ifdef CONFIG_NF_CONNTRACK_EVENTS
 	/*
 	 * Register a notifier hook to get fast notifications of expired connections.
 	 */
+#ifdef CONFIG_NF_CONNTRACK_CHAIN_EVENTS
+	result = nf_conntrack_register_chain_notifier(&init_net, &fast_classifier_conntrack_notifier);
+#else
 	result = nf_conntrack_register_notifier(&init_net, &fast_classifier_conntrack_notifier);
 	if (result < 0) {
 		DEBUG_ERROR("can't register nf notifier hook: %d\n", result);
@@ -1879,7 +1879,11 @@ static int __init fast_classifier_init(void)
 
 exit5:
 #ifdef CONFIG_NF_CONNTRACK_EVENTS
+#ifdef CONFIG_NF_CONNTRACK_CHAIN_EVENTS
+	nf_conntrack_unregister_chain_notifier(&init_net, &fast_classifier_conntrack_notifier);
+#else
 	nf_conntrack_unregister_notifier(&init_net, &fast_classifier_conntrack_notifier);
+#endif
 
 exit4:
 #endif
@@ -1947,8 +1951,11 @@ static void __exit fast_classifier_exit(void)
 	}
 
 #ifdef CONFIG_NF_CONNTRACK_EVENTS
+#ifdef CONFIG_NF_CONNTRACK_CHAIN_EVENTS
+	nf_conntrack_unregister_chain_notifier(&init_net, &fast_classifier_conntrack_notifier);
+#else
 	nf_conntrack_unregister_notifier(&init_net, &fast_classifier_conntrack_notifier);
-
+#endif
 #endif
 	nf_unregister_net_hooks(&init_net, fast_classifier_ops_post_routing, ARRAY_SIZE(fast_classifier_ops_post_routing));
 

diff --git a/package/lean/shortcut-fe/Makefile b/package/lean/shortcut-fe/Makefile
@@ -19,18 +19,13 @@ PKG_RELEASE:=2
 
 include $(INCLUDE_DIR)/package.mk
 
-SFE_SUPPORT_IPV6=n
 define KernelPackage/shortcut-fe
   SECTION:=kernel
   CATEGORY:=Kernel modules
   SUBMENU:=Network Support
   DEPENDS:=
   TITLE:=Kernel driver for SFE
-ifeq (${SFE_SUPPORT_IPV6},y)
   FILES:=$(PKG_BUILD_DIR)/shortcut-fe.ko $(PKG_BUILD_DIR)/shortcut-fe-ipv6.ko
-else
-  FILES:=$(PKG_BUILD_DIR)/shortcut-fe.ko
-endif
   KCONFIG:=CONFIG_NF_CONNTRACK_EVENTS=y \
 	   CONFIG_NF_CONNTRACK_TIMEOUT=y \
 	   CONFIG_SHORTCUT_FE=y \
@@ -43,8 +38,6 @@ Shortcut is an in-Linux-kernel IP packet forwarding engine.
 endef
 
 define KernelPackage/shortcut-fe/install
-	$(INSTALL_DIR) $(1)/etc/init.d
-	$(INSTALL_BIN) ./files/etc/init.d/shortcut-fe $(1)/etc/init.d
 	$(INSTALL_DIR) $(1)/usr/bin
 	$(INSTALL_BIN) ./files/usr/bin/sfe_dump $(1)/usr/bin
 endef
@@ -63,23 +56,15 @@ define KernelPackage/shortcut-fe-cm/Description
 Simple connection manager for the Shortcut forwarding engine.
 endef
 
-
-ifeq (${SFE_SUPPORT_IPV6},y)
-	EXTRA_CFLAGS+=-DSFE_SUPPORT_IPV6
-        ISV6=SFE_SUPPORT_IPV6=1
-else
-	ISV6=SFE_SUPPORT_IPV6=""
-endif
-
-
+EXTRA_CFLAGS+=-DSFE_SUPPORT_IPV6
 
 define Build/Compile
 	+$(MAKE) $(PKG_JOBS) -C "$(LINUX_DIR)" \
 		$(KERNEL_MAKE_FLAGS) \
 		$(PKG_MAKE_FLAGS) \
 		M="$(PKG_BUILD_DIR)" \
 		EXTRA_CFLAGS="$(EXTRA_CFLAGS)" \
-		${ISV6}	\
+		SFE_SUPPORT_IPV6=1 \
 		modules
 endef
 

diff --git a/package/lean/shortcut-fe/files/etc/init.d/shortcut-fe b/package/lean/shortcut-fe/files/etc/init.d/shortcut-fe
diff --git a/package/lean/shortcut-fe/src/sfe_cm.c b/package/lean/shortcut-fe/src/sfe_cm.c
@@ -1049,7 +1049,7 @@ static int __init sfe_cm_init(void)
 	 */
 #ifdef CONFIG_NF_CONNTRACK_EVENTS
 #ifdef CONFIG_NF_CONNTRACK_CHAIN_EVENTS
-	(void)nf_conntrack_register_notifier(&init_net, &sfe_cm_conntrack_notifier);
+	(void)nf_conntrack_register_chain_notifier(&init_net, &sfe_cm_conntrack_notifier);
 #else
 	result = nf_conntrack_register_notifier(&init_net, &sfe_cm_conntrack_notifier);
 	if (result < 0) {
@@ -1123,8 +1123,11 @@ static void __exit sfe_cm_exit(void)
 	sfe_ipv6_destroy_all_rules_for_dev(NULL);
 
 #ifdef CONFIG_NF_CONNTRACK_EVENTS
+#ifdef CONFIG_NF_CONNTRACK_CHAIN_EVENTS
+	nf_conntrack_unregister_chain_notifier(&init_net, &sfe_cm_conntrack_notifier);
+#else
 	nf_conntrack_unregister_notifier(&init_net, &sfe_cm_conntrack_notifier);
-
+#endif
 #endif
 	nf_unregister_net_hooks(&init_net, sfe_cm_ops_post_routing, ARRAY_SIZE(sfe_cm_ops_post_routing));