diff --git a/apply_newip.sh b/apply_newip.sh index f3ae8fd9c71ab82b7783209793ff3faa13062aad..b8cf28cdc091ef7eb5a865a42d96cc4977e71b9c 100644 --- a/apply_newip.sh +++ b/apply_newip.sh @@ -12,33 +12,49 @@ OHOS_SOURCE_ROOT=$1 KERNEL_BUILD_ROOT=$2 PRODUCT_NAME=$3 KERNEL_VERSION=$4 +NEWIP_SOURCE_ROOT=$OHOS_SOURCE_ROOT/foundation/communication/sfc/newip -PATCH_FILE=$OHOS_SOURCE_ROOT/foundation/communication/sfc/newip/patches/$KERNEL_VERSION/newip.patch -PRODUCT_SWITCH=$OHOS_SOURCE_ROOT/foundation/communication/sfc/newip/patches/$PRODUCT_NAME.flag function main() { - if [ ! -f $PATCH_FILE ]; then - echo "newip not supportted!kernel=$KERNEL_VERSION!" - return; - fi - if [ ! -f $PRODUCT_SWITCH ]; then - echo "newip not supportted!product=$PRODUCT_NAME!" - return; - fi - - - cd $KERNEL_BUILD_ROOT - echo "patch for newip..." - patch -p1 < $PATCH_FILE - - cp -R $OHOS_SOURCE_ROOT/foundation/communication/sfc/newip/code/linux/net/newip net/ - cp -arfL $OHOS_SOURCE_ROOT/foundation/communication/sfc/newip/code/linux/include/* include/ - - cp -arfL $OHOS_SOURCE_ROOT/foundation/communication/sfc/newip/code/common/*.h net/newip/ - cp -arfL $OHOS_SOURCE_ROOT/foundation/communication/sfc/newip/code/common/*.c net/newip/ - ln -s -f $KERNEL_BUILD_ROOT/net/newip/nip_addr.h $KERNEL_BUILD_ROOT/include/uapi/linux/nip_addr.h + cd $KERNEL_BUILD_ROOT - cd - + ln -s -f $NEWIP_SOURCE_ROOT/code/linux/include/linux/newip_route.h $KERNEL_BUILD_ROOT/include/linux/newip_route.h + ln -s -f $NEWIP_SOURCE_ROOT/code/linux/include/linux/nip.h $KERNEL_BUILD_ROOT/include/linux/nip.h + ln -s -f $NEWIP_SOURCE_ROOT/code/linux/include/linux/nip_icmp.h $KERNEL_BUILD_ROOT/include/linux/nip_icmp.h + + ln -s -f $NEWIP_SOURCE_ROOT/code/linux/include/net/netns/nip.h $KERNEL_BUILD_ROOT/include/net/netns/nip.h + ln -s -f $NEWIP_SOURCE_ROOT/code/linux/include/net/flow_nip.h $KERNEL_BUILD_ROOT/include/net/flow_nip.h + ln -s -f $NEWIP_SOURCE_ROOT/code/linux/include/net/if_ninet.h $KERNEL_BUILD_ROOT/include/net/if_ninet.h + ln -s -f $NEWIP_SOURCE_ROOT/code/linux/include/net/ninet_connection_sock.h $KERNEL_BUILD_ROOT/include/net/ninet_connection_sock.h + ln -s -f $NEWIP_SOURCE_ROOT/code/linux/include/net/ninet_hashtables.h $KERNEL_BUILD_ROOT/include/net/ninet_hashtables.h + ln -s -f $NEWIP_SOURCE_ROOT/code/linux/include/net/nip.h $KERNEL_BUILD_ROOT/include/net/nip.h + ln -s -f $NEWIP_SOURCE_ROOT/code/linux/include/net/nip_addrconf.h $KERNEL_BUILD_ROOT/include/net/nip_addrconf.h + ln -s -f $NEWIP_SOURCE_ROOT/code/linux/include/net/nip_fib.h $KERNEL_BUILD_ROOT/include/net/nip_fib.h + ln -s -f $NEWIP_SOURCE_ROOT/code/linux/include/net/nip_route.h $KERNEL_BUILD_ROOT/include/net/nip_route.h + ln -s -f $NEWIP_SOURCE_ROOT/code/linux/include/net/nip_udp.h $KERNEL_BUILD_ROOT/include/net/nip_udp.h + ln -s -f $NEWIP_SOURCE_ROOT/code/linux/include/net/nndisc.h $KERNEL_BUILD_ROOT/include/net/nndisc.h + ln -s -f $NEWIP_SOURCE_ROOT/code/linux/include/net/tcp_nip.h $KERNEL_BUILD_ROOT/include/net/tcp_nip.h + ln -s -f $NEWIP_SOURCE_ROOT/code/linux/include/net/transp_nip.h $KERNEL_BUILD_ROOT/include/net/transp_nip.h + + ln -s -f $NEWIP_SOURCE_ROOT/code/linux/include/uapi/linux/newip_route.h $KERNEL_BUILD_ROOT/include/uapi/linux/newip_route.h + ln -s -f $NEWIP_SOURCE_ROOT/code/linux/include/uapi/linux/nip.h $KERNEL_BUILD_ROOT/include/uapi/linux/nip.h + ln -s -f $NEWIP_SOURCE_ROOT/code/linux/include/uapi/linux/nip_icmp.h $KERNEL_BUILD_ROOT/include/uapi/linux/nip_icmp.h + + ln -s -f $NEWIP_SOURCE_ROOT/code/linux/net/newip $KERNEL_BUILD_ROOT/net + ln -s -f $NEWIP_SOURCE_ROOT/code/common/nip_addr.c $KERNEL_BUILD_ROOT/net/newip/nip_addr.c + ln -s -f $NEWIP_SOURCE_ROOT/code/common/nip_addr.h $KERNEL_BUILD_ROOT/net/newip/nip_addr.h + ln -s -f $NEWIP_SOURCE_ROOT/code/common/nip_addr.h $KERNEL_BUILD_ROOT/include/uapi/linux/nip_addr.h + ln -s -f $NEWIP_SOURCE_ROOT/code/common/nip_checksum.c $KERNEL_BUILD_ROOT/net/newip/nip_checksum.c + ln -s -f $NEWIP_SOURCE_ROOT/code/common/nip_checksum.h $KERNEL_BUILD_ROOT/net/newip/nip_checksum.h + ln -s -f $NEWIP_SOURCE_ROOT/code/common/nip_hdr_decap.c $KERNEL_BUILD_ROOT/net/newip/nip_hdr_decap.c + ln -s -f $NEWIP_SOURCE_ROOT/code/common/nip_hdr_encap.c $KERNEL_BUILD_ROOT/net/newip/nip_hdr_encap.c + ln -s -f $NEWIP_SOURCE_ROOT/code/common/nip_hdr.h $KERNEL_BUILD_ROOT/net/newip/nip_hdr.h + ln -s -f $NEWIP_SOURCE_ROOT/code/common/nip_addr.c $KERNEL_BUILD_ROOT/net/newip/nip_addr.c + ln -s -f $NEWIP_SOURCE_ROOT/code/common/nip_addr.c $KERNEL_BUILD_ROOT/net/newip/nip_addr.c + ln -s -f $NEWIP_SOURCE_ROOT/code/common/nip_addr.c $KERNEL_BUILD_ROOT/net/newip/nip_addr.c + ln -s -f $NEWIP_SOURCE_ROOT/code/common/nip_addr.c $KERNEL_BUILD_ROOT/net/newip/nip_addr.c + + cd - } main diff --git a/code/common/nip_addr.h b/code/common/nip_addr.h index 68f8de95cff204863022fcc4ead1afb9cc4d23ed..a9139b13010377843e8d934bddbd2923302306f9 100644 --- a/code/common/nip_addr.h +++ b/code/common/nip_addr.h @@ -98,6 +98,7 @@ struct nip_addr { unsigned char bitlen; /* The address length is in bit (not byte) */ struct nip_addr_field v; }; + #pragma pack() enum nip_index { diff --git a/code/linux/include/linux/nip.h b/code/linux/include/linux/nip.h index 1ef0a8a799b484c4aba0c1172a4419c034d397db..a80d8b305e5b2d4a8630e7b7677c52168bf0fce5 100644 --- a/code/linux/include/linux/nip.h +++ b/code/linux/include/linux/nip.h @@ -3,6 +3,7 @@ * Copyright (c) 2022 Huawei Device Co., Ltd. * * Based on include/linux/ipv6.h + * Based on include/net/sock.h */ #ifndef _NIP_H #define _NIP_H @@ -12,6 +13,16 @@ #include #include +#define ETH_P_NEWIP 0xEADD /* NIP */ + +/* struct sock_common __sk_common */ +#define sk_nip_daddr __sk_common.nip_daddr +#define sk_nip_rcv_saddr __sk_common.nip_rcv_saddr + +/* struct request_sock req */ +#define ir_nip_rmt_addr req.__req_common.nip_daddr +#define ir_nip_loc_addr req.__req_common.nip_rcv_saddr + struct nip_devconf { __s32 forwarding; __s32 mtu; diff --git a/code/linux/include/net/ninet_hashtables.h b/code/linux/include/net/ninet_hashtables.h index 3d959faa0e4ad7a0d9274accf61c489fd717b418..8171e0153af4a900d33553767349aae6b5c9aeae 100644 --- a/code/linux/include/net/ninet_hashtables.h +++ b/code/linux/include/net/ninet_hashtables.h @@ -108,5 +108,14 @@ static inline struct sock *__ninet_lookup_skb(struct inet_hashinfo *hashinfo, int ninet_hash_connect(struct inet_timewait_death_row *death_row, struct sock *sk); +u64 secure_newip_port_ephemeral(const __be32 *saddr, const __be32 *daddr, + __be16 dport); +__u32 secure_tcp_nip_sequence_number(const __be32 *saddr, const __be32 *daddr, + __be16 sport, __be16 dport); + +u32 ninet_ehashfn(const struct net *net, + const struct nip_addr *laddr, const u16 lport, + const struct nip_addr *faddr, const __be16 fport); + #endif /* IS_ENABLED(CONFIG_NEWIP) */ #endif /* _NINET_HASHTABLES_H */ diff --git a/code/linux/include/net/nip.h b/code/linux/include/net/nip.h index e8c1400f775ba8059373b9971f6a3aea4c35ecc8..ecc146971f5a9e7534cee7e5f9adb873a28e0d2e 100644 --- a/code/linux/include/net/nip.h +++ b/code/linux/include/net/nip.h @@ -132,6 +132,12 @@ int nip_getsockopt(struct sock *sk, int level, /* functions defined in nip_addrconf.c */ int nip_addrconf_get_ifaddr(struct net *net, unsigned int cmd, void __user *arg); +bool nip_rcv_saddr_equal(const struct nip_addr *sk1_rcv_saddr, + const struct nip_addr *sk2_rcv_saddr, + bool sk2_isnewip, + bool match_sk1_wildcard, + bool match_sk2_wildcard); + void nip_dbg(const char *fmt, ...); #define DEBUG(format, ...) nip_dbg(format, ##__VA_ARGS__) diff --git a/code/linux/include/net/nip_addrconf.h b/code/linux/include/net/nip_addrconf.h index 16214b414cdcfe49da631c46e9ad75b8d8f2296a..664a4feabaa2f611080fc437ec4091843a88679c 100644 --- a/code/linux/include/net/nip_addrconf.h +++ b/code/linux/include/net/nip_addrconf.h @@ -18,6 +18,8 @@ #define NIN_ADDR_HSIZE_SHIFT (4) #define NIN_ADDR_HSIZE (1 << NIN_ADDR_HSIZE_SHIFT) +#define DST_HOST 0x0001 /* NIP */ + int nip_addrconf_add_ifaddr(struct net *net, void __user *arg); int nip_addrconf_del_ifaddr(struct net *net, void __user *arg); diff --git a/code/linux/include/net/tcp_nip.h b/code/linux/include/net/tcp_nip.h index 7c9cf4f77055efb67d0ab8ec1fe9890eb95a0db0..f2927a472b6d6326a97408ef394174f78a667207 100644 --- a/code/linux/include/net/tcp_nip.h +++ b/code/linux/include/net/tcp_nip.h @@ -10,6 +10,7 @@ * Definitions for the NewIP TCP module. * * Based on include/net/tcp.h + * Based on include/linux/tcp.h */ #ifndef _TCP_NIP_H #define _TCP_NIP_H @@ -63,6 +64,9 @@ extern struct proto tcp_nip_prot; #define TCP_NIP_WINDOW_MAX 65535U +#define TCP_NIP_WRITE_TIMER_DEFERRED (TCP_MTU_REDUCED_DEFERRED + 1) +#define TCP_NIP_DELACK_TIMER_DEFERRED (TCP_NIP_WRITE_TIMER_DEFERRED + 1) + /* init */ int tcp_nip_init(void); void tcp_nip_exit(void); diff --git a/code/linux/net/newip/Kconfig b/code/linux/net/newip/Kconfig index 06cbebb5ca92bc50b48793891edd162bc55c5d87..5e40c13d9256b053d8b233932c6a07a0cbb7517d 100644 --- a/code/linux/net/newip/Kconfig +++ b/code/linux/net/newip/Kconfig @@ -8,7 +8,7 @@ # NewIP as module will cause a CRASH if you try to unload it menuconfig NEWIP tristate "The NewIP protocol" - default y + default n help Support for NewIP. diff --git a/code/linux/net/newip/ninet_hashtables.c b/code/linux/net/newip/ninet_hashtables.c index aca0ec4eec91b2492278b3f412895a6d4b8a298d..0a7353edebd1c5851a40b4b18c2d0f8727cca70c 100644 --- a/code/linux/net/newip/ninet_hashtables.c +++ b/code/linux/net/newip/ninet_hashtables.c @@ -13,6 +13,7 @@ * Based on net/ipv6/inet6_hashtables.c * Based on include/net/ip.h * Based on include/net/ipv6.h + * Based on net/core/secure_seq.c */ #include #include @@ -23,6 +24,70 @@ #include #include +static siphash_key_t net_secret __read_mostly; + +static __always_inline void net_secret_init(void) +{ + net_get_random_once(&net_secret, sizeof(net_secret)); +} + +#ifdef CONFIG_INET +static u32 seq_scale(u32 seq) +{ + /* As close as possible to RFC 793, which + * suggests using a 250 kHz clock. + * Further reading shows this assumes 2 Mb/s networks. + * For 10 Mb/s Ethernet, a 1 MHz clock is appropriate. + * For 10 Gb/s Ethernet, a 1 GHz clock should be ok, but + * we also need to limit the resolution so that the u32 seq + * overlaps less than one time per MSL (2 minutes). + * Choosing a clock of 64 ns period is OK. (period of 274 s) + */ + return seq + (ktime_get_real_ns() >> 6); +} +#endif + +__u32 secure_tcp_nip_sequence_number(const __be32 *saddr, const __be32 *daddr, + __be16 sport, __be16 dport) +{ + const struct { + struct nip_addr saddr; + struct nip_addr daddr; + __be16 sport; + __be16 dport; + } __aligned(SIPHASH_ALIGNMENT) combined = { + .saddr = *(struct nip_addr *)saddr, + .daddr = *(struct nip_addr *)daddr, + .sport = sport, + .dport = dport, + }; + u32 hash; + + net_secret_init(); + hash = siphash(&combined, offsetofend(typeof(combined), dport), + &net_secret); + return seq_scale(hash); +} +EXPORT_SYMBOL_GPL(secure_tcp_nip_sequence_number); + +u64 secure_newip_port_ephemeral(const __be32 *saddr, const __be32 *daddr, + __be16 dport) +{ + const struct { + struct nip_addr saddr; + struct nip_addr daddr; + __be16 dport; + } __aligned(SIPHASH_ALIGNMENT) combined = { + .saddr = *(struct nip_addr *)saddr, + .daddr = *(struct nip_addr *)daddr, + .dport = dport, + }; + net_secret_init(); + return siphash(&combined, offsetofend(typeof(combined), dport), + &net_secret); +} +EXPORT_SYMBOL_GPL(secure_newip_port_ephemeral); + static inline u32 nip_portaddr_hash(const struct net *net, const struct nip_addr *saddr, unsigned int port) diff --git a/code/linux/net/newip/nip_addrconf.c b/code/linux/net/newip/nip_addrconf.c index 7db4e49a7d4809de975a2d1435db91a544169e5a..db671bff79bdfd14461bc5bfa0e72219f7434d6f 100644 --- a/code/linux/net/newip/nip_addrconf.c +++ b/code/linux/net/newip/nip_addrconf.c @@ -58,6 +58,28 @@ static struct nip_devconf newip_devconf_dflt __read_mostly = { .ignore_routes_with_linkdown = 0, }; +/* only match New IP sock + * match_sk*_wildcard == true: NIP_ADDR_ANY equals to any New IP addresses + * + * match_sk*_wildcard == false: addresses must be exactly the same, i.e. + * NIP_ADDR_ANY only equals to NIP_ADDR_ANY + */ +bool nip_rcv_saddr_equal(const struct nip_addr *sk1_rcv_saddr, + const struct nip_addr *sk2_rcv_saddr, + bool sk2_isnewip, + bool match_sk1_wildcard, + bool match_sk2_wildcard) +{ + if (!sk2_isnewip) + return false; + if (nip_addr_eq(sk1_rcv_saddr, sk2_rcv_saddr)) + return true; + return (match_sk1_wildcard && + nip_addr_eq(sk1_rcv_saddr, &nip_any_addr)) || + (match_sk2_wildcard && + nip_addr_eq(sk2_rcv_saddr, &nip_any_addr)); +} + /* Check if link is ready: is it up and is a valid qdisc available */ static inline bool nip_addrconf_link_ready(const struct net_device *dev) { diff --git a/code/linux/net/newip/tcp_nip.c b/code/linux/net/newip/tcp_nip.c index 3d27c37c8510277843e5d2e5ebb1d5c3a31c6ac2..2bfd1167895ec4392573773dab70ecb8a51d1e0a 100644 --- a/code/linux/net/newip/tcp_nip.c +++ b/code/linux/net/newip/tcp_nip.c @@ -457,7 +457,7 @@ static int tcp_nip_send_synack(const struct sock *sk, struct dst_entry *dst, static void tcp_nip_reqsk_destructor(struct request_sock *req) { - kfree_skb(inet_rsk(req)->nip_pktopts); + ; } struct request_sock_ops tcp_nip_request_sock_ops __read_mostly = { diff --git a/code/linux/net/newip/tcp_nip_input.c b/code/linux/net/newip/tcp_nip_input.c index d817f754e58fcf6be8ad642dcf7544ac097a6836..2aecc7ed06cae97cd92c2d1997745f2af2d06d91 100644 --- a/code/linux/net/newip/tcp_nip_input.c +++ b/code/linux/net/newip/tcp_nip_input.c @@ -482,7 +482,6 @@ struct request_sock *ninet_reqsk_alloc(const struct request_sock_ops *ops, struct inet_request_sock *ireq = inet_rsk(req); ireq->ireq_opt = NULL; - ireq->nip_pktopts = NULL; atomic64_set(&ireq->ir_cookie, 0); ireq->ireq_state = TCP_NEW_SYN_RECV; write_pnet(&ireq->ireq_net, sock_net(sk_listener)); diff --git a/patches/hispark_taurus_standard.flag b/patches/hispark_taurus_standard.flag deleted file mode 100644 index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..0000000000000000000000000000000000000000 diff --git a/patches/linux-5.10/newip.patch b/patches/linux-5.10/newip.patch deleted file mode 100644 index 197fb6d4bfd9fd74a81c991c9e22b146aabb79ee..0000000000000000000000000000000000000000 --- a/patches/linux-5.10/newip.patch +++ /dev/null @@ -1,491 +0,0 @@ -diff -Naur old/include/linux/netdevice.h new/include/linux/netdevice.h ---- old/include/linux/netdevice.h 2022-08-23 10:45:41.521257329 +0800 -+++ new/include/linux/netdevice.h 2022-08-23 10:45:41.561257329 +0800 -@@ -2016,6 +2016,9 @@ - struct dn_dev __rcu *dn_ptr; - #endif - struct inet6_dev __rcu *ip6_ptr; -+#if IS_ENABLED(CONFIG_NEWIP) -+ struct ninet_dev __rcu *nip_ptr; /* NIP */ -+#endif - #if IS_ENABLED(CONFIG_AX25) - void *ax25_ptr; - #endif -diff -Naur old/include/linux/socket.h new/include/linux/socket.h ---- old/include/linux/socket.h 2022-08-23 10:45:41.521257329 +0800 -+++ new/include/linux/socket.h 2022-08-23 10:45:41.561257329 +0800 -@@ -223,8 +223,8 @@ - * reuses AF_INET address family - */ - #define AF_XDP 44 /* XDP sockets */ -- --#define AF_MAX 45 /* For now.. */ -+#define AF_NINET 45 /* NIP */ -+#define AF_MAX 46 /* For now.. */ - - /* Protocol families, same as address families. */ - #define PF_UNSPEC AF_UNSPEC -@@ -274,6 +274,7 @@ - #define PF_QIPCRTR AF_QIPCRTR - #define PF_SMC AF_SMC - #define PF_XDP AF_XDP -+#define PF_NINET AF_NINET /* NIP */ - #define PF_MAX AF_MAX - - /* Maximum queue length specifiable by listen. */ -diff -Naur old/include/linux/tcp.h new/include/linux/tcp.h ---- old/include/linux/tcp.h 2022-08-23 10:45:41.531257329 +0800 -+++ new/include/linux/tcp.h 2022-08-23 10:45:41.561257329 +0800 -@@ -317,6 +317,9 @@ - - /* OOO segments go in this rbtree. Socket lock must be held. */ - struct rb_root out_of_order_queue; -+#ifdef CONFIG_NEWIP -+ struct sk_buff *nip_out_of_order_queue; /* NIP */ -+#endif - struct sk_buff *ooo_last_skb; /* cache rb_last(out_of_order_queue) */ - - /* SACKs data, these 2 need to be together (see tcp_options_write) */ -@@ -412,6 +415,22 @@ - */ - struct request_sock __rcu *fastopen_rsk; - struct saved_syn *saved_syn; -+ -+#ifdef CONFIG_NEWIP -+/* newip tcp retrans */ -+ u32 ack_retrans_num; -+ u32 ack_retrans_seq; -+ u32 nip_ssthresh; -+ u32 nip_ssthresh_reset; -+ bool nip_keepalive_enable; -+ u32 idle_ka_probes_out; -+ u32 nip_keepalive_out; -+ u32 last_rcv_nxt; -+ u32 dup_ack_cnt; -+ u32 keepalive_time_bak; -+ u32 keepalive_probes_bak; -+ u32 keepalive_intvl_bak; -+#endif - }; - - enum tsq_enum { -@@ -423,6 +442,10 @@ - TCP_MTU_REDUCED_DEFERRED, /* tcp_v{4|6}_err() could not call - * tcp_v{4|6}_mtu_reduced() - */ -+#ifdef CONFIG_NEWIP -+ TCP_NIP_WRITE_TIMER_DEFERRED, /* NIP */ -+ TCP_NIP_DELACK_TIMER_DEFERRED, /* NIP */ -+#endif - }; - - enum tsq_flags { -diff -Naur old/include/net/dst.h new/include/net/dst.h ---- old/include/net/dst.h 2022-08-23 10:45:41.531257329 +0800 -+++ new/include/net/dst.h 2022-08-23 10:45:41.561257329 +0800 -@@ -35,6 +35,8 @@ - int (*output)(struct net *net, struct sock *sk, struct sk_buff *skb); - - unsigned short flags; -+ -+#define DST_HOST 0x0001 /* NIP */ - #define DST_NOXFRM 0x0002 - #define DST_NOPOLICY 0x0004 - #define DST_NOCOUNT 0x0008 -diff -Naur old/include/net/inet_hashtables.h new/include/net/inet_hashtables.h ---- old/include/net/inet_hashtables.h 2022-08-23 10:45:41.531257329 +0800 -+++ new/include/net/inet_hashtables.h 2022-08-23 10:45:41.561257329 +0800 -@@ -83,6 +83,9 @@ - #if IS_ENABLED(CONFIG_IPV6) - struct in6_addr fast_v6_rcv_saddr; - #endif -+#if IS_ENABLED(CONFIG_NEWIP) -+ struct nip_addr fast_nip_rcv_saddr; -+#endif - __be32 fast_rcv_saddr; - unsigned short fast_sk_family; - bool fast_ipv6_only; -@@ -402,6 +405,13 @@ - const struct in6_addr *laddr, const u16 lport, - const struct in6_addr *faddr, const __be16 fport); - -+#ifdef CONFIG_NEWIP -+/* NIP */ -+u32 ninet_ehashfn(const struct net *net, -+ const struct nip_addr *laddr, const u16 lport, -+ const struct nip_addr *faddr, const __be16 fport); -+#endif -+ - static inline void sk_daddr_set(struct sock *sk, __be32 addr) - { - sk->sk_daddr = addr; /* alias of inet_daddr */ -diff -Naur old/include/net/inet_sock.h new/include/net/inet_sock.h ---- old/include/net/inet_sock.h 2022-08-23 10:45:41.531257329 +0800 -+++ new/include/net/inet_sock.h 2022-08-23 10:45:41.561257329 +0800 -@@ -73,6 +73,10 @@ - #define ir_rmt_port req.__req_common.skc_dport - #define ir_v6_rmt_addr req.__req_common.skc_v6_daddr - #define ir_v6_loc_addr req.__req_common.skc_v6_rcv_saddr -+ -+#define ir_nip_rmt_addr req.__req_common.nip_daddr /* NIP */ -+#define ir_nip_loc_addr req.__req_common.nip_rcv_saddr /* NIP */ -+ - #define ir_iif req.__req_common.skc_bound_dev_if - #define ir_cookie req.__req_common.skc_cookie - #define ireq_net req.__req_common.skc_net -@@ -97,6 +101,12 @@ - struct sk_buff *pktopts; - }; - #endif -+#if IS_ENABLED(CONFIG_NEWIP) -+ /* NIP */ -+ struct { -+ struct sk_buff *nip_pktopts; -+ }; -+#endif - }; - }; - -diff -Naur old/include/net/neighbour.h new/include/net/neighbour.h ---- old/include/net/neighbour.h 2022-08-23 10:45:41.531257329 +0800 -+++ new/include/net/neighbour.h 2022-08-23 10:45:41.571257329 +0800 -@@ -232,6 +232,9 @@ - NEIGH_ARP_TABLE = 0, - NEIGH_ND_TABLE = 1, - NEIGH_DN_TABLE = 2, -+#ifdef CONFIG_NEWIP -+ NEIGH_NND_TABLE = 3, /* NIP */ -+#endif - NEIGH_NR_TABLES, - NEIGH_LINK_TABLE = NEIGH_NR_TABLES /* Pseudo table for neigh_xmit */ - }; -diff -Naur old/include/net/net_namespace.h new/include/net/net_namespace.h ---- old/include/net/net_namespace.h 2022-08-23 10:45:41.531257329 +0800 -+++ new/include/net/net_namespace.h 2022-08-23 10:45:41.571257329 +0800 -@@ -38,6 +38,9 @@ - #include - #include - #include -+#ifdef CONFIG_NEWIP -+#include -+#endif - - struct user_namespace; - struct proc_dir_entry; -@@ -127,6 +130,9 @@ - #if IS_ENABLED(CONFIG_IPV6) - struct netns_ipv6 ipv6; - #endif -+#if IS_ENABLED(CONFIG_NEWIP) -+ struct netns_newip newip; /* NIP */ -+#endif - #if IS_ENABLED(CONFIG_IEEE802154_6LOWPAN) - struct netns_ieee802154_lowpan ieee802154_lowpan; - #endif -diff -Naur old/include/net/secure_seq.h new/include/net/secure_seq.h ---- old/include/net/secure_seq.h 2022-08-23 10:45:41.531257329 +0800 -+++ new/include/net/secure_seq.h 2022-08-23 10:45:41.571257329 +0800 -@@ -19,4 +19,11 @@ - u64 secure_dccpv6_sequence_number(__be32 *saddr, __be32 *daddr, - __be16 sport, __be16 dport); - -+#ifdef CONFIG_NEWIP -+/* NIP */ -+u64 secure_newip_port_ephemeral(const __be32 *saddr, const __be32 *daddr, -+ __be16 dport); -+__u32 secure_tcp_nip_sequence_number(const __be32 *saddr, const __be32 *daddr, -+ __be16 sport, __be16 dport); -+#endif - #endif /* _NET_SECURE_SEQ */ -diff -Naur old/include/net/sock.h new/include/net/sock.h ---- old/include/net/sock.h 2022-08-23 10:45:41.541257329 +0800 -+++ new/include/net/sock.h 2022-08-23 10:45:41.571257329 +0800 -@@ -68,6 +68,9 @@ - #include - #include - #include -+#ifdef CONFIG_NEWIP -+#include -+#endif - - /* - * This structure really needs to be cleaned up. -@@ -202,6 +205,11 @@ - struct in6_addr skc_v6_rcv_saddr; - #endif - -+#if IS_ENABLED(CONFIG_NEWIP) -+ struct nip_addr nip_daddr; /* NIP */ -+ struct nip_addr nip_rcv_saddr; /* NIP */ -+#endif -+ - atomic64_t skc_cookie; - - /* following fields are padding to force -@@ -379,6 +387,8 @@ - #define sk_net __sk_common.skc_net - #define sk_v6_daddr __sk_common.skc_v6_daddr - #define sk_v6_rcv_saddr __sk_common.skc_v6_rcv_saddr -+#define sk_nip_daddr __sk_common.nip_daddr /* NIP */ -+#define sk_nip_rcv_saddr __sk_common.nip_rcv_saddr /* NIP */ - #define sk_cookie __sk_common.skc_cookie - #define sk_incoming_cpu __sk_common.skc_incoming_cpu - #define sk_flags __sk_common.skc_flags -diff -Naur old/include/net/tcp.h new/include/net/tcp.h ---- old/include/net/tcp.h 2022-08-23 10:45:41.541257329 +0800 -+++ new/include/net/tcp.h 2022-08-23 10:45:41.571257329 +0800 -@@ -40,7 +40,9 @@ - #include - #include - #include -- -+#ifdef CONFIG_NEWIP -+#include /* NIP */ -+#endif - #include - #include - #include -@@ -869,6 +871,9 @@ - #if IS_ENABLED(CONFIG_IPV6) - struct inet6_skb_parm h6; - #endif -+#if IS_ENABLED(CONFIG_NEWIP) -+ struct ninet_skb_parm hnip; /* NIP */ -+#endif - } header; /* For incoming skbs */ - struct { - __u32 flags; -diff -Naur old/include/uapi/linux/if_ether.h new/include/uapi/linux/if_ether.h ---- old/include/uapi/linux/if_ether.h 2022-08-23 10:45:41.541257329 +0800 -+++ new/include/uapi/linux/if_ether.h 2022-08-23 10:45:41.571257329 +0800 -@@ -72,6 +72,7 @@ - #define ETH_P_ERSPAN 0x88BE /* ERSPAN type II */ - #define ETH_P_IPX 0x8137 /* IPX over DIX */ - #define ETH_P_IPV6 0x86DD /* IPv6 over bluebook */ -+#define ETH_P_NEWIP 0xEADD /* NIP */ - #define ETH_P_PAUSE 0x8808 /* IEEE Pause frames. See 802.3 31B */ - #define ETH_P_SLOW 0x8809 /* Slow Protocol. See 802.3ad 43B */ - #define ETH_P_WCCP 0x883E /* Web-cache coordination protocol -diff -Naur old/net/Kconfig new/net/Kconfig ---- old/net/Kconfig 2022-08-23 10:45:41.551257329 +0800 -+++ new/net/Kconfig 2022-08-23 10:45:41.581257329 +0800 -@@ -93,6 +93,7 @@ - if INET - source "net/ipv4/Kconfig" - source "net/ipv6/Kconfig" -+source "net/newip/Kconfig" - source "net/netlabel/Kconfig" - source "net/mptcp/Kconfig" - -diff -Naur old/net/Makefile new/net/Makefile ---- old/net/Makefile 2022-08-23 10:45:41.551257329 +0800 -+++ new/net/Makefile 2022-08-23 10:45:41.581257329 +0800 -@@ -20,6 +20,7 @@ - obj-$(CONFIG_XFRM) += xfrm/ - obj-$(CONFIG_UNIX_SCM) += unix/ - obj-$(CONFIG_NET) += ipv6/ -+obj-$(CONFIG_NET) += newip/ - obj-$(CONFIG_BPFILTER) += bpfilter/ - obj-$(CONFIG_PACKET) += packet/ - obj-$(CONFIG_NET_KEY) += key/ -diff -Naur old/net/core/neighbour.c new/net/core/neighbour.c ---- old/net/core/neighbour.c 2022-08-23 10:45:41.541257329 +0800 -+++ new/net/core/neighbour.c 2022-08-23 10:45:41.571257329 +0800 -@@ -1778,6 +1778,11 @@ - case AF_DECnet: - tbl = neigh_tables[NEIGH_DN_TABLE]; - break; -+#ifdef CONFIG_NEWIP -+ case AF_NINET: /* NIP */ -+ tbl = neigh_tables[NEIGH_NND_TABLE]; -+ break; -+#endif - } - - return tbl; -diff -Naur old/net/core/secure_seq.c new/net/core/secure_seq.c ---- old/net/core/secure_seq.c 2022-08-23 10:45:41.541257329 +0800 -+++ new/net/core/secure_seq.c 2022-08-23 10:45:41.571257329 +0800 -@@ -151,6 +151,51 @@ - EXPORT_SYMBOL_GPL(secure_ipv4_port_ephemeral); - #endif - -+#ifdef CONFIG_NEWIP -+/* NIP */ -+__u32 secure_tcp_nip_sequence_number(const __be32 *saddr, const __be32 *daddr, -+ __be16 sport, __be16 dport) -+{ -+ const struct { -+ struct nip_addr saddr; -+ struct nip_addr daddr; -+ __be16 sport; -+ __be16 dport; -+ } __aligned(SIPHASH_ALIGNMENT) combined = { -+ .saddr = *(struct nip_addr *)saddr, -+ .daddr = *(struct nip_addr *)daddr, -+ .sport = sport, -+ .dport = dport, -+ }; -+ u32 hash; -+ -+ net_secret_init(); -+ hash = siphash(&combined, offsetofend(typeof(combined), dport), -+ &net_secret); -+ return seq_scale(hash); -+} -+EXPORT_SYMBOL_GPL(secure_tcp_nip_sequence_number); -+ -+/* NIP */ -+u64 secure_newip_port_ephemeral(const __be32 *saddr, const __be32 *daddr, -+ __be16 dport) -+{ -+ const struct { -+ struct nip_addr saddr; -+ struct nip_addr daddr; -+ __be16 dport; -+ } __aligned(SIPHASH_ALIGNMENT) combined = { -+ .saddr = *(struct nip_addr *)saddr, -+ .daddr = *(struct nip_addr *)daddr, -+ .dport = dport, -+ }; -+ net_secret_init(); -+ return siphash(&combined, offsetofend(typeof(combined), dport), -+ &net_secret); -+} -+EXPORT_SYMBOL_GPL(secure_newip_port_ephemeral); -+#endif -+ - #if IS_ENABLED(CONFIG_IP_DCCP) - u64 secure_dccp_sequence_number(__be32 saddr, __be32 daddr, - __be16 sport, __be16 dport) -diff -Naur old/net/ipv4/inet_connection_sock.c new/net/ipv4/inet_connection_sock.c ---- old/net/ipv4/inet_connection_sock.c 2022-08-23 10:45:41.541257329 +0800 -+++ new/net/ipv4/inet_connection_sock.c 2022-08-23 10:45:41.571257329 +0800 -@@ -22,7 +22,34 @@ - #include - #include - #include -+#if IS_ENABLED(CONFIG_NEWIP) -+#include -+#include -+#endif - -+#if IS_ENABLED(CONFIG_NEWIP) -+/* only match New IP sock -+ * match_sk*_wildcard == true: NIP_ADDR_ANY equals to any New IP addresses -+ * -+ * match_sk*_wildcard == false: addresses must be exactly the same, i.e. -+ * NIP_ADDR_ANY only equals to NIP_ADDR_ANY -+ */ -+static bool nip_rcv_saddr_equal(const struct nip_addr *sk1_rcv_saddr, -+ const struct nip_addr *sk2_rcv_saddr, -+ bool sk2_isnewip, -+ bool match_sk1_wildcard, -+ bool match_sk2_wildcard) -+{ -+ if (!sk2_isnewip) -+ return false; -+ if (nip_addr_eq(sk1_rcv_saddr, sk2_rcv_saddr)) -+ return true; -+ return (match_sk1_wildcard && -+ nip_addr_eq(sk1_rcv_saddr, &nip_any_addr)) || -+ (match_sk2_wildcard && -+ nip_addr_eq(sk2_rcv_saddr, &nip_any_addr)); -+} -+#endif - #if IS_ENABLED(CONFIG_IPV6) - /* match_sk*_wildcard == true: IPV6_ADDR_ANY equals to any IPv6 addresses - * if IPv6 only, and any IPv4 addresses -@@ -102,6 +129,16 @@ - match_wildcard, - match_wildcard); - #endif -+ -+#if IS_ENABLED(CONFIG_NEWIP) -+ if (sk->sk_family == AF_NINET) -+ return nip_rcv_saddr_equal(&sk->sk_nip_rcv_saddr, -+ &sk2->sk_nip_rcv_saddr, -+ sk2->sk_family == AF_NINET, -+ match_wildcard, -+ match_wildcard); -+#endif -+ - return ipv4_rcv_saddr_equal(sk->sk_rcv_saddr, sk2->sk_rcv_saddr, - ipv6_only_sock(sk2), match_wildcard, - match_wildcard); -@@ -292,6 +329,13 @@ - tb->fast_ipv6_only, - ipv6_only_sock(sk), true, false); - #endif -+#if IS_ENABLED(CONFIG_NEWIP) -+ if (tb->fast_sk_family == AF_NINET) -+ return nip_rcv_saddr_equal(&tb->fast_nip_rcv_saddr, -+ &sk->sk_nip_rcv_saddr, -+ sk->sk_family == AF_NINET, -+ true, false); -+#endif - return ipv4_rcv_saddr_equal(tb->fast_rcv_saddr, sk->sk_rcv_saddr, - ipv6_only_sock(sk), true, false); - } -@@ -313,6 +357,9 @@ - #if IS_ENABLED(CONFIG_IPV6) - tb->fast_v6_rcv_saddr = sk->sk_v6_rcv_saddr; - #endif -+#if IS_ENABLED(CONFIG_NEWIP) -+ tb->fast_nip_rcv_saddr = sk->sk_nip_rcv_saddr; -+#endif - } else { - tb->fastreuseport = 0; - } -@@ -340,6 +387,9 @@ - #if IS_ENABLED(CONFIG_IPV6) - tb->fast_v6_rcv_saddr = sk->sk_v6_rcv_saddr; - #endif -+#if IS_ENABLED(CONFIG_NEWIP) -+ tb->fast_nip_rcv_saddr = sk->sk_nip_rcv_saddr; -+#endif - } - } else { - tb->fastreuseport = 0; -diff -Naur old/net/ipv4/inet_hashtables.c new/net/ipv4/inet_hashtables.c ---- old/net/ipv4/inet_hashtables.c 2022-08-23 10:45:41.541257329 +0800 -+++ new/net/ipv4/inet_hashtables.c 2022-08-23 10:45:41.581257329 +0800 -@@ -52,6 +52,15 @@ - &sk->sk_v6_rcv_saddr, sk->sk_num, - &sk->sk_v6_daddr, sk->sk_dport); - #endif -+ -+#if IS_ENABLED(CONFIG_NEWIP) -+ /* NIP */ -+ if (sk->sk_family == AF_NINET) -+ return ninet_ehashfn(sock_net(sk), -+ &sk->sk_nip_rcv_saddr, sk->sk_num, -+ &sk->sk_nip_daddr, sk->sk_dport); -+#endif -+ - return inet_ehashfn(sock_net(sk), - sk->sk_rcv_saddr, sk->sk_num, - sk->sk_daddr, sk->sk_dport); -diff -Naur old/security/selinux/hooks.c new/security/selinux/hooks.c ---- old/security/selinux/hooks.c 2022-08-23 10:45:41.551257329 +0800 -+++ new/security/selinux/hooks.c 2022-08-23 10:45:41.581257329 +0800 -@@ -1271,7 +1271,7 @@ - return SECCLASS_SMC_SOCKET; - case PF_XDP: - return SECCLASS_XDP_SOCKET; --#if PF_MAX > 45 -+#if PF_MAX > 46 - #error New address family defined, please update this function. - #endif - } -diff -Naur old/security/selinux/include/classmap.h new/security/selinux/include/classmap.h ---- old/security/selinux/include/classmap.h 2022-08-23 10:45:41.551257329 +0800 -+++ new/security/selinux/include/classmap.h 2022-08-23 10:45:41.581257329 +0800 -@@ -253,6 +253,6 @@ - { NULL } - }; - --#if PF_MAX > 45 -+#if PF_MAX > 46 - #error New address family defined, please update secclass_map. - #endif diff --git a/patches/rk3568.flag b/patches/rk3568.flag deleted file mode 100644 index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..0000000000000000000000000000000000000000