From: Holger Eitzenberger <holger@eitzenberger.org>
To: netfilter-devel@vger.kernel.org
Subject: [PATCH v2 1/3] NFQUEUE: introduce CPU fanout
Date: Sat, 23 Mar 2013 21:04:03 +0100 [thread overview]
Message-ID: <20130323200607.689360263@eitzenberger.org> (raw)
In-Reply-To: 20130323200402.209591997@eitzenberger.org
[-- Attachment #1: net-next/NFQUEUE-cpu-fanout.diff --]
[-- Type: text/plain, Size: 2694 bytes --]
The 'flags' are folded into _v2 'bypass'.
Signed-off-by: Holger Eitzenberger <holger@eitzenberger.org>
Index: net-next/include/uapi/linux/netfilter/xt_NFQUEUE.h
===================================================================
--- net-next.orig/include/uapi/linux/netfilter/xt_NFQUEUE.h 2013-03-23 18:08:11.000000000 +0100
+++ net-next/include/uapi/linux/netfilter/xt_NFQUEUE.h 2013-03-23 19:00:54.000000000 +0100
@@ -26,4 +26,13 @@
__u16 bypass;
};
+struct xt_NFQ_info_v3 {
+ __u16 queuenum;
+ __u16 queues_total;
+ __u16 flags;
+#define NFQ_FLAG_BYPASS 0x01 /* for compatibility with v2 */
+#define NFQ_FLAG_CPU_FANOUT 0x02 /* use current CPU (no hashing) */
+#define NFQ_FLAG_MASK 0x03
+};
+
#endif /* _XT_NFQ_TARGET_H */
Index: net-next/net/netfilter/xt_NFQUEUE.c
===================================================================
--- net-next.orig/net/netfilter/xt_NFQUEUE.c 2013-03-23 18:08:11.000000000 +0100
+++ net-next/net/netfilter/xt_NFQUEUE.c 2013-03-23 19:01:11.000000000 +0100
@@ -108,7 +108,7 @@
static int nfqueue_tg_check(const struct xt_tgchk_param *par)
{
- const struct xt_NFQ_info_v2 *info = par->targinfo;
+ const struct xt_NFQ_info_v3 *info = par->targinfo;
u32 maxid;
if (unlikely(!rnd_inited)) {
@@ -125,11 +125,39 @@
info->queues_total, maxid);
return -ERANGE;
}
- if (par->target->revision == 2 && info->bypass > 1)
+ if (par->target->revision == 2 && info->flags > 1)
return -EINVAL;
+ if (par->target->revision == 3 && info->flags & ~NFQ_FLAG_MASK)
+ return -EINVAL;
+
return 0;
}
+static unsigned int
+nfqueue_tg_v3(struct sk_buff *skb, const struct xt_action_param *par)
+{
+ const struct xt_NFQ_info_v3 *info = par->targinfo;
+ u32 queue = info->queuenum;
+
+ if (info->queues_total > 1) {
+ if (info->flags & NFQ_FLAG_CPU_FANOUT) {
+ int cpu = smp_processor_id();
+
+ queue = info->queuenum + cpu % info->queues_total;
+ } else {
+ if (par->family == NFPROTO_IPV4)
+ queue = (((u64) hash_v4(skb) * info->queues_total) >>
+ 32) + queue;
+#if IS_ENABLED(CONFIG_IP6_NF_IPTABLES)
+ else if (par->family == NFPROTO_IPV6)
+ queue = (((u64) hash_v6(skb) * info->queues_total) >>
+ 32) + queue;
+#endif
+ }
+ }
+ return NF_QUEUE_NR(queue);
+}
+
static struct xt_target nfqueue_tg_reg[] __read_mostly = {
{
.name = "NFQUEUE",
@@ -156,6 +184,15 @@
.targetsize = sizeof(struct xt_NFQ_info_v2),
.me = THIS_MODULE,
},
+ {
+ .name = "NFQUEUE",
+ .revision = 3,
+ .family = NFPROTO_UNSPEC,
+ .checkentry = nfqueue_tg_check,
+ .target = nfqueue_tg_v3,
+ .targetsize = sizeof(struct xt_NFQ_info_v3),
+ .me = THIS_MODULE,
+ },
};
static int __init nfqueue_tg_init(void)
next prev parent reply other threads:[~2013-03-23 20:06 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-03-23 20:04 [PATCH v2 0/3] NFQUEUE: introduce CPU fanout Holger Eitzenberger
2013-03-23 20:04 ` Holger Eitzenberger [this message]
2013-04-01 23:26 ` [PATCH v2 1/3] " Pablo Neira Ayuso
2013-03-23 20:04 ` [PATCH v2 2/3] NFQUEUE: coalesce IPv4 and IPv6 hashing Holger Eitzenberger
2013-04-01 23:26 ` Pablo Neira Ayuso
2013-03-23 20:04 ` [PATCH v2 3/3] NFQUEUE: add --queue-cpu-fanout parameter Holger Eitzenberger
2013-04-01 23:29 ` Pablo Neira Ayuso
2013-04-02 10:35 ` Holger Eitzenberger
2013-04-02 11:26 ` Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130323200607.689360263@eitzenberger.org \
--to=holger@eitzenberger.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).