[oweals/openwrt.git] / target / linux / generic-2.6 / patches-2.6.25 / 150-netfilter_imq.patch

---

 drivers/net/Kconfig                     |  123 ++++++++
 drivers/net/Makefile                    |    1 
 drivers/net/imq.c                       |  474 +++++++++++++++++++++++++++++++
 include/linux/imq.h                     |    9 +
 include/linux/netfilter_ipv4/ipt_IMQ.h  |    8 +
 include/linux/netfilter_ipv6/ip6t_IMQ.h |    8 +
 include/linux/skbuff.h                  |    8 +
 net/core/dev.c                          |    9 +
 net/ipv4/netfilter/Kconfig              |   11 +
 net/ipv4/netfilter/Makefile             |    1 
 net/ipv4/netfilter/ipt_IMQ.c            |   69 +++++
 net/ipv6/netfilter/Kconfig              |    9 +
 net/ipv6/netfilter/Makefile             |    1 
 net/ipv6/netfilter/ip6t_IMQ.c           |   69 +++++
 net/sched/sch_generic.c                 |    1 
 15 files changed, 800 insertions(+), 1 deletions(-)
 create mode 100644 drivers/net/imq.c
 create mode 100644 include/linux/imq.h
 create mode 100644 include/linux/netfilter_ipv4/ipt_IMQ.h
 create mode 100644 include/linux/netfilter_ipv6/ip6t_IMQ.h
 create mode 100644 net/ipv4/netfilter/ipt_IMQ.c
 create mode 100644 net/ipv6/netfilter/ip6t_IMQ.c


diff --git a/drivers/net/Kconfig b/drivers/net/Kconfig
index 3a0b20a..05c51e7 100644
--- a/drivers/net/Kconfig
+++ b/drivers/net/Kconfig
@@ -117,6 +117,129 @@ config EQUALIZER
          To compile this driver as a module, choose M here: the module
          will be called eql.  If unsure, say N.
 
+config IMQ
+       tristate "IMQ (intermediate queueing device) support"
+       depends on NETDEVICES && NETFILTER
+       ---help---
+         The IMQ device(s) is used as placeholder for QoS queueing
+         disciplines. Every packet entering/leaving the IP stack can be
+         directed through the IMQ device where it's enqueued/dequeued to the
+         attached qdisc. This allows you to treat network devices as classes
+         and distribute bandwidth among them. Iptables is used to specify
+         through which IMQ device, if any, packets travel.
+
+         More information at: http://www.linuximq.net/
+
+         To compile this driver as a module, choose M here: the module
+         will be called imq.  If unsure, say N.
+
+choice
+       prompt "IMQ behavior (PRE/POSTROUTING)"
+       depends on IMQ
+       default IMQ_BEHAVIOR_BB
+       help
+
+               This settings defines how IMQ behaves in respect to its
+               hooking in PREROUTING and POSTROUTING.
+
+               IMQ can work in any of the following ways:
+
+                   PREROUTING   |      POSTROUTING
+               -----------------|-------------------
+               #1  After NAT    |      After NAT
+               #2  After NAT    |      Before NAT
+               #3  Before NAT   |      After NAT
+               #4  Before NAT   |      Before NAT
+
+               The default behavior is to hook before NAT on PREROUTING
+               and after NAT on POSTROUTING (#3).
+
+               This settings are specially usefull when trying to use IMQ
+               to shape NATed clients.
+
+               More information can be found at: www.linuximq.net
+
+               If not sure leave the default settings alone.
+
+config IMQ_BEHAVIOR_AA
+       bool "IMQ AA"
+       help
+               This settings defines how IMQ behaves in respect to its
+               hooking in PREROUTING and POSTROUTING.
+
+               Choosing this option will make IMQ hook like this:
+
+               PREROUTING:   After NAT
+               POSTROUTING:  After NAT
+
+               More information can be found at: www.linuximq.net
+
+               If not sure leave the default settings alone.
+
+config IMQ_BEHAVIOR_AB
+       bool "IMQ AB"
+       help
+               This settings defines how IMQ behaves in respect to its
+               hooking in PREROUTING and POSTROUTING.
+
+               Choosing this option will make IMQ hook like this:
+
+               PREROUTING:   After NAT
+               POSTROUTING:  Before NAT
+
+               More information can be found at: www.linuximq.net
+
+               If not sure leave the default settings alone.
+
+config IMQ_BEHAVIOR_BA
+       bool "IMQ BA"
+       help
+               This settings defines how IMQ behaves in respect to its
+               hooking in PREROUTING and POSTROUTING.
+
+               Choosing this option will make IMQ hook like this:
+
+               PREROUTING:   Before NAT
+               POSTROUTING:  After NAT
+
+               More information can be found at: www.linuximq.net
+
+               If not sure leave the default settings alone.
+
+config IMQ_BEHAVIOR_BB
+       bool "IMQ BB"
+       help
+               This settings defines how IMQ behaves in respect to its
+               hooking in PREROUTING and POSTROUTING.
+
+               Choosing this option will make IMQ hook like this:
+
+               PREROUTING:   Before NAT
+               POSTROUTING:  Before NAT
+
+               More information can be found at: www.linuximq.net
+
+               If not sure leave the default settings alone.
+
+endchoice
+
+config IMQ_NUM_DEVS
+
+       int "Number of IMQ devices"
+       range 2 16
+       depends on IMQ
+       default "16"
+       help
+
+               This settings defines how many IMQ devices will be
+               created.
+
+               The default value is 16.
+
+               More information can be found at: www.linuximq.net
+
+               If not sure leave the default settings alone.
+
 config TUN
        tristate "Universal TUN/TAP device driver support"
        select CRC32
diff --git a/drivers/net/Makefile b/drivers/net/Makefile
index 3b1ea32..17d0575 100644
--- a/drivers/net/Makefile
+++ b/drivers/net/Makefile
@@ -143,6 +143,7 @@ obj-$(CONFIG_SLHC) += slhc.o
 obj-$(CONFIG_XEN_NETDEV_FRONTEND) += xen-netfront.o
 
 obj-$(CONFIG_DUMMY) += dummy.o
+obj-$(CONFIG_IMQ) += imq.o
 obj-$(CONFIG_IFB) += ifb.o
 obj-$(CONFIG_MACVLAN) += macvlan.o
 obj-$(CONFIG_DE600) += de600.o
diff --git a/drivers/net/imq.c b/drivers/net/imq.c
new file mode 100644
index 0000000..47c31b4
--- /dev/null
+++ b/drivers/net/imq.c
@@ -0,0 +1,474 @@
+/*
+ *             Pseudo-driver for the intermediate queue device.
+ *
+ *             This program is free software; you can redistribute it and/or
+ *             modify it under the terms of the GNU General Public License
+ *             as published by the Free Software Foundation; either version
+ *             2 of the License, or (at your option) any later version.
+ *
+ * Authors:    Patrick McHardy, <kaber@trash.net>
+ *
+ *            The first version was written by Martin Devera, <devik@cdi.cz>
+ *
+ * Credits:    Jan Rafaj <imq2t@cedric.vabo.cz>
+ *              - Update patch to 2.4.21
+ *             Sebastian Strollo <sstrollo@nortelnetworks.com>
+ *              - Fix "Dead-loop on netdevice imq"-issue
+ *             Marcel Sebek <sebek64@post.cz>
+ *              - Update to 2.6.2-rc1
+ *
+ *            After some time of inactivity there is a group taking care
+ *            of IMQ again: http://www.linuximq.net
+ *
+ *
+ *            2004/06/30 - New version of IMQ patch to kernels <=2.6.7
+ *             including the following changes:
+ *
+ *            - Correction of ipv6 support "+"s issue (Hasso Tepper)
+ *            - Correction of imq_init_devs() issue that resulted in
+ *            kernel OOPS unloading IMQ as module (Norbert Buchmuller)
+ *            - Addition of functionality to choose number of IMQ devices
+ *            during kernel config (Andre Correa)
+ *            - Addition of functionality to choose how IMQ hooks on
+ *            PRE and POSTROUTING (after or before NAT) (Andre Correa)
+ *            - Cosmetic corrections (Norbert Buchmuller) (Andre Correa)
+ *
+ *
+ *             2005/12/16 - IMQ versions between 2.6.7 and 2.6.13 were
+ *             released with almost no problems. 2.6.14-x was released
+ *             with some important changes: nfcache was removed; After
+ *             some weeks of trouble we figured out that some IMQ fields
+ *             in skb were missing in skbuff.c - skb_clone and copy_skb_header.
+ *             These functions are correctly patched by this new patch version.
+ *
+ *             Thanks for all who helped to figure out all the problems with
+ *             2.6.14.x: Patrick McHardy, Rune Kock, VeNoMouS, Max CtRiX,
+ *             Kevin Shanahan, Richard Lucassen, Valery Dachev (hopefully
+ *             I didn't forget anybody). I apologize again for my lack of time.
+ *
+ *
+ *             2008/06/07 - Changed imq.c to use qdisc_run() instead of
+ *             qdisc_restart() and moved qdisc_run() to tasklet to avoid
+ *             recursive locking. (Jussi Kivilinna)
+ *
+ *             2008/06/14 - New initialization routines to fix 'rmmod' not
+ *             working anymore. Used code from ifb.c (Jussi Kivilinna)
+ *
+ *
+ *             More info at: http://www.linuximq.net/ (Andre Correa)
+ */
+
+#include <linux/module.h>
+#include <linux/kernel.h>
+#include <linux/moduleparam.h>
+#include <linux/skbuff.h>
+#include <linux/netdevice.h>
+#include <linux/rtnetlink.h>
+#include <linux/if_arp.h>
+#include <linux/netfilter.h>
+#include <linux/netfilter_ipv4.h>
+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
+       #include <linux/netfilter_ipv6.h>
+#endif
+#include <linux/imq.h>
+#include <net/pkt_sched.h>
+#include <net/netfilter/nf_queue.h>
+
+struct imq_private {
+       struct tasklet_struct tasklet;
+       int tasklet_pending;
+};
+
+static nf_hookfn imq_nf_hook;
+
+static struct nf_hook_ops imq_ingress_ipv4 = {
+       .hook           = imq_nf_hook,
+       .owner          = THIS_MODULE,
+       .pf             = PF_INET,
+       .hooknum        = NF_INET_PRE_ROUTING,
+#if defined(CONFIG_IMQ_BEHAVIOR_BA) || defined(CONFIG_IMQ_BEHAVIOR_BB)
+       .priority       = NF_IP_PRI_MANGLE + 1
+#else
+       .priority       = NF_IP_PRI_NAT_DST + 1
+#endif
+};
+
+static struct nf_hook_ops imq_egress_ipv4 = {
+       .hook           = imq_nf_hook,
+       .owner          = THIS_MODULE,
+       .pf             = PF_INET,
+       .hooknum        = NF_INET_POST_ROUTING,
+#if defined(CONFIG_IMQ_BEHAVIOR_AA) || defined(CONFIG_IMQ_BEHAVIOR_BA)
+       .priority       = NF_IP_PRI_LAST
+#else
+       .priority       = NF_IP_PRI_NAT_SRC - 1
+#endif
+};
+
+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
+static struct nf_hook_ops imq_ingress_ipv6 = {
+       .hook           = imq_nf_hook,
+       .owner          = THIS_MODULE,
+       .pf             = PF_INET6,
+       .hooknum        = NF_INET_PRE_ROUTING,
+#if defined(CONFIG_IMQ_BEHAVIOR_BA) || defined(CONFIG_IMQ_BEHAVIOR_BB)
+       .priority       = NF_IP6_PRI_MANGLE + 1
+#else
+       .priority       = NF_IP6_PRI_NAT_DST + 1
+#endif
+};
+
+static struct nf_hook_ops imq_egress_ipv6 = {
+       .hook           = imq_nf_hook,
+       .owner          = THIS_MODULE,
+       .pf             = PF_INET6,
+       .hooknum        = NF_INET_POST_ROUTING,
+#if defined(CONFIG_IMQ_BEHAVIOR_AA) || defined(CONFIG_IMQ_BEHAVIOR_BA)
+       .priority       = NF_IP6_PRI_LAST
+#else
+       .priority       = NF_IP6_PRI_NAT_SRC - 1
+#endif
+};
+#endif
+
+#if defined(CONFIG_IMQ_NUM_DEVS)
+static unsigned int numdevs = CONFIG_IMQ_NUM_DEVS;
+#else
+static unsigned int numdevs = IMQ_MAX_DEVS;
+#endif
+
+static struct net_device *imq_devs_cache[IMQ_MAX_DEVS];
+
+static struct net_device_stats *imq_get_stats(struct net_device *dev)
+{
+       return &dev->stats;
+}
+
+/* called for packets kfree'd in qdiscs at places other than enqueue */
+static void imq_skb_destructor(struct sk_buff *skb)
+{
+       struct nf_queue_entry *entry = skb->nf_queue_entry;
+
+       if (entry) {
+               if (entry->indev)
+                       dev_put(entry->indev);
+               if (entry->outdev)
+                       dev_put(entry->outdev);
+               kfree(entry);
+       }
+}
+
+static int imq_dev_xmit(struct sk_buff *skb, struct net_device *dev)
+{
+       dev->stats.tx_bytes += skb->len;
+       dev->stats.tx_packets++;
+
+       skb->imq_flags = 0;
+       skb->destructor = NULL;
+
+       dev->trans_start = jiffies;
+       nf_reinject(skb->nf_queue_entry, NF_ACCEPT);
+       return 0;
+}
+
+static int imq_nf_queue(struct nf_queue_entry *entry, unsigned queue_num)
+{
+       struct net_device *dev;
+       struct imq_private *priv;
+       struct sk_buff *skb2 = NULL;
+       struct Qdisc *q;
+       unsigned int index = entry->skb->imq_flags & IMQ_F_IFMASK;
+       int ret = -1;
+
+       if (index > numdevs)
+               return -1;
+
+       /* check for imq device by index from cache */
+       dev = imq_devs_cache[index];
+       if (!dev) {
+               char buf[8];
+
+               /* get device by name and cache result */
+               snprintf(buf, sizeof(buf), "imq%d", index);
+               dev = dev_get_by_name(&init_net, buf);
+               if (!dev) {
+                       /* not found ?!*/
+                       BUG();
+                       return -1;
+               }
+
+               imq_devs_cache[index] = dev;
+       }
+
+       priv = netdev_priv(dev);
+       if (!(dev->flags & IFF_UP)) {
+               entry->skb->imq_flags = 0;
+               nf_reinject(entry, NF_ACCEPT);
+               return 0;
+       }
+       dev->last_rx = jiffies;
+
+       if (entry->skb->destructor) {
+               skb2 = entry->skb;
+               entry->skb = skb_clone(entry->skb, GFP_ATOMIC);
+               if (!entry->skb)
+                       return -1;
+       }
+       entry->skb->nf_queue_entry = entry;
+
+       dev->stats.rx_bytes += entry->skb->len;
+       dev->stats.rx_packets++;
+
+       spin_lock_bh(&dev->queue_lock);
+       q = dev->qdisc;
+       if (q->enqueue) {
+               q->enqueue(skb_get(entry->skb), q);
+               if (skb_shared(entry->skb)) {
+                       entry->skb->destructor = imq_skb_destructor;
+                       kfree_skb(entry->skb);
+                       ret = 0;
+               }
+       }
+       if (!test_and_set_bit(1, &priv->tasklet_pending))
+               tasklet_schedule(&priv->tasklet);
+       spin_unlock_bh(&dev->queue_lock);
+
+       if (skb2)
+               kfree_skb(ret ? entry->skb : skb2);
+
+       return ret;
+}
+
+static struct nf_queue_handler nfqh = {
+       .name  = "imq",
+       .outfn = imq_nf_queue,
+};
+
+static void qdisc_run_tasklet(unsigned long arg)
+{
+       struct net_device *dev = (struct net_device *)arg;
+       struct imq_private *priv = netdev_priv(dev);
+
+       spin_lock(&dev->queue_lock);
+       qdisc_run(dev);
+       clear_bit(1, &priv->tasklet_pending);
+       spin_unlock(&dev->queue_lock);
+}
+
+static unsigned int imq_nf_hook(unsigned int hook, struct sk_buff *pskb,
+                               const struct net_device *indev,
+                               const struct net_device *outdev,
+                               int (*okfn)(struct sk_buff *))
+{
+       if (pskb->imq_flags & IMQ_F_ENQUEUE)
+               return NF_QUEUE;
+
+       return NF_ACCEPT;
+}
+
+static int imq_close(struct net_device *dev)
+{
+       struct imq_private *priv = netdev_priv(dev);
+
+       tasklet_kill(&priv->tasklet);
+       netif_stop_queue(dev);
+
+       return 0;
+}
+
+static int imq_open(struct net_device *dev)
+{
+       struct imq_private *priv = netdev_priv(dev);
+
+       tasklet_init(&priv->tasklet, qdisc_run_tasklet, (unsigned long)dev);
+       netif_start_queue(dev);
+
+       return 0;
+}
+
+static void imq_setup(struct net_device *dev)
+{
+       dev->hard_start_xmit    = imq_dev_xmit;
+       dev->open               = imq_open;
+       dev->get_stats          = imq_get_stats;
+       dev->stop               = imq_close;
+       dev->type               = ARPHRD_VOID;
+       dev->mtu                = 16000;
+       dev->tx_queue_len       = 11000;
+       dev->flags              = IFF_NOARP;
+}
+
+static struct rtnl_link_ops imq_link_ops __read_mostly = {
+       .kind           = "imq",
+       .priv_size      = sizeof(struct imq_private),
+       .setup          = imq_setup,
+};
+
+static int __init imq_init_hooks(void)
+{
+       int err;
+
+       err = nf_register_queue_handler(PF_INET, &nfqh);
+       if (err)
+               goto err1;
+
+       err = nf_register_hook(&imq_ingress_ipv4);
+       if (err)
+               goto err2;
+
+       err = nf_register_hook(&imq_egress_ipv4);
+       if (err)
+               goto err3;
+
+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
+       err = nf_register_queue_handler(PF_INET6, &nfqh);
+       if (err)
+               goto err4;
+
+       err = nf_register_hook(&imq_ingress_ipv6);
+       if (err)
+               goto err5;
+
+       err = nf_register_hook(&imq_egress_ipv6);
+       if (err)
+               goto err6;
+#endif
+
+       return 0;
+
+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
+err6:
+       nf_unregister_hook(&imq_ingress_ipv6);
+err5:
+       nf_unregister_queue_handler(PF_INET6, &nfqh);
+err4:
+       nf_unregister_hook(&imq_egress_ipv4);
+#endif
+err3:
+       nf_unregister_hook(&imq_ingress_ipv4);
+err2:
+       nf_unregister_queue_handler(PF_INET, &nfqh);
+err1:
+       return err;
+}
+
+static int __init imq_init_one(int index)
+{
+       struct net_device *dev;
+       int ret;
+
+       dev = alloc_netdev(sizeof(struct imq_private), "imq%d", imq_setup);
+       if (!dev)
+               return -ENOMEM;
+
+       ret = dev_alloc_name(dev, dev->name);
+       if (ret < 0)
+               goto fail;
+
+       dev->rtnl_link_ops = &imq_link_ops;
+       ret = register_netdevice(dev);
+       if (ret < 0)
+               goto fail;
+
+       return 0;
+fail:
+       free_netdev(dev);
+       return ret;
+}
+
+static int __init imq_init_devs(void)
+{
+       int err, i;
+
+       if (!numdevs || numdevs > IMQ_MAX_DEVS) {
+               printk(KERN_ERR "IMQ: numdevs has to be betweed 1 and %u\n",
+                      IMQ_MAX_DEVS);
+               return -EINVAL;
+       }
+
+       rtnl_lock();
+       err = __rtnl_link_register(&imq_link_ops);
+
+       for (i = 0; i < numdevs && !err; i++)
+               err = imq_init_one(i);
+
+       if (err) {
+               __rtnl_link_unregister(&imq_link_ops);
+               memset(imq_devs_cache, 0, sizeof(imq_devs_cache));
+       }
+       rtnl_unlock();
+
+       return err;
+}
+
+static int __init imq_init_module(void)
+{
+       int err;
+
+       err = imq_init_devs();
+       if (err) {
+               printk(KERN_ERR "IMQ: Error trying imq_init_devs(net)\n");
+               return err;
+       }
+
+       err = imq_init_hooks();
+       if (err) {
+               printk(KERN_ERR "IMQ: Error trying imq_init_hooks()\n");
+               rtnl_link_unregister(&imq_link_ops);
+               memset(imq_devs_cache, 0, sizeof(imq_devs_cache));
+               return err;
+       }
+
+       printk(KERN_INFO "IMQ driver loaded successfully.\n");
+
+#if defined(CONFIG_IMQ_BEHAVIOR_BA) || defined(CONFIG_IMQ_BEHAVIOR_BB)
+       printk(KERN_INFO "\tHooking IMQ before NAT on PREROUTING.\n");
+#else
+       printk(KERN_INFO "\tHooking IMQ after NAT on PREROUTING.\n");
+#endif
+#if defined(CONFIG_IMQ_BEHAVIOR_AB) || defined(CONFIG_IMQ_BEHAVIOR_BB)
+       printk(KERN_INFO "\tHooking IMQ before NAT on POSTROUTING.\n");
+#else
+       printk(KERN_INFO "\tHooking IMQ after NAT on POSTROUTING.\n");
+#endif
+
+       return 0;
+}
+
+static void __exit imq_unhook(void)
+{
+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
+       nf_unregister_hook(&imq_ingress_ipv6);
+       nf_unregister_hook(&imq_egress_ipv6);
+       nf_unregister_queue_handler(PF_INET6, &nfqh);
+#endif
+       nf_unregister_hook(&imq_ingress_ipv4);
+       nf_unregister_hook(&imq_egress_ipv4);
+       nf_unregister_queue_handler(PF_INET, &nfqh);
+}
+
+static void __exit imq_cleanup_devs(void)
+{
+       rtnl_link_unregister(&imq_link_ops);
+       memset(imq_devs_cache, 0, sizeof(imq_devs_cache));
+}
+
+static void __exit imq_exit_module(void)
+{
+       imq_unhook();
+       imq_cleanup_devs();
+       printk(KERN_INFO "IMQ driver unloaded successfully.\n");
+}
+
+module_init(imq_init_module);
+module_exit(imq_exit_module);
+
+module_param(numdevs, int, 0);
+MODULE_PARM_DESC(numdevs, "number of IMQ devices (how many imq* devices will "
+                       "be created)");
+MODULE_AUTHOR("http://www.linuximq.net");
+MODULE_DESCRIPTION("Pseudo-driver for the intermediate queue device. See "
+                       "http://www.linuximq.net/ for more information.");
+MODULE_LICENSE("GPL");
+MODULE_ALIAS_RTNL_LINK("imq");
+
diff --git a/include/linux/imq.h b/include/linux/imq.h
new file mode 100644
index 0000000..1447c4e
--- /dev/null
+++ b/include/linux/imq.h
@@ -0,0 +1,9 @@
+#ifndef _IMQ_H
+#define _IMQ_H
+
+#define IMQ_MAX_DEVS   16
+
+#define IMQ_F_IFMASK   0x7f
+#define IMQ_F_ENQUEUE  0x80
+
+#endif /* _IMQ_H */
diff --git a/include/linux/netfilter_ipv4/ipt_IMQ.h b/include/linux/netfilter_ipv4/ipt_IMQ.h
new file mode 100644
index 0000000..a304991
--- /dev/null
+++ b/include/linux/netfilter_ipv4/ipt_IMQ.h
@@ -0,0 +1,8 @@
+#ifndef _IPT_IMQ_H
+#define _IPT_IMQ_H
+
+struct ipt_imq_info {
+       unsigned int todev;     /* target imq device */
+};
+
+#endif /* _IPT_IMQ_H */
diff --git a/include/linux/netfilter_ipv6/ip6t_IMQ.h b/include/linux/netfilter_ipv6/ip6t_IMQ.h
new file mode 100644
index 0000000..605f549
--- /dev/null
+++ b/include/linux/netfilter_ipv6/ip6t_IMQ.h
@@ -0,0 +1,8 @@
+#ifndef _IP6T_IMQ_H
+#define _IP6T_IMQ_H
+
+struct ip6t_imq_info {
+       unsigned int todev;     /* target imq device */
+};
+
+#endif /* _IP6T_IMQ_H */
diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
index bbd8d00..f7d6f7e 100644
--- a/include/linux/skbuff.h
+++ b/include/linux/skbuff.h
@@ -296,6 +296,10 @@ struct sk_buff {
        struct nf_conntrack     *nfct;
        struct sk_buff          *nfct_reasm;
 #endif
+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE)
+       unsigned char                   imq_flags;
+       struct nf_queue_entry   *nf_queue_entry;
+#endif
 #ifdef CONFIG_BRIDGE_NETFILTER
        struct nf_bridge_info   *nf_bridge;
 #endif
@@ -1736,6 +1740,10 @@ static inline void __nf_copy(struct sk_buff *dst, const struct sk_buff *src)
        dst->nfct_reasm = src->nfct_reasm;
        nf_conntrack_get_reasm(src->nfct_reasm);
 #endif
+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE)
+       dst->imq_flags = src->imq_flags;
+       dst->nf_queue_entry = src->nf_queue_entry;
+#endif
 #ifdef CONFIG_BRIDGE_NETFILTER
        dst->nf_bridge  = src->nf_bridge;
        nf_bridge_get(src->nf_bridge);
diff --git a/net/core/dev.c b/net/core/dev.c
index 460e7f9..094838b 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -95,6 +95,9 @@
 #include <net/net_namespace.h>
 #include <net/sock.h>
 #include <linux/rtnetlink.h>
+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE)
+#include <linux/imq.h>
+#endif
 #include <linux/proc_fs.h>
 #include <linux/seq_file.h>
 #include <linux/stat.h>
@@ -1537,7 +1540,11 @@ static int dev_gso_segment(struct sk_buff *skb)
 int dev_hard_start_xmit(struct sk_buff *skb, struct net_device *dev)
 {
        if (likely(!skb->next)) {
-               if (!list_empty(&ptype_all))
+               if (!list_empty(&ptype_all)
+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE)
+                   && !(skb->imq_flags & IMQ_F_ENQUEUE)
+#endif
+                   )
                        dev_queue_xmit_nit(skb, dev);
 
                if (netif_needs_gso(dev, skb)) {
diff --git a/net/ipv4/netfilter/Kconfig b/net/ipv4/netfilter/Kconfig
index 9a077cb..3bde19b 100644
--- a/net/ipv4/netfilter/Kconfig
+++ b/net/ipv4/netfilter/Kconfig
@@ -123,6 +123,17 @@ config IP_NF_FILTER
 
          To compile it as a module, choose M here.  If unsure, say N.
 
+config IP_NF_TARGET_IMQ
+       tristate "IMQ target support"
+       depends on IP_NF_MANGLE
+       help
+         This option adds a `IMQ' target which is used to specify if and
+         to which IMQ device packets should get enqueued/dequeued.
+
+        For more information visit: http://www.linuximq.net/
+
+         To compile it as a module, choose M here.  If unsure, say N.
+
 config IP_NF_TARGET_REJECT
        tristate "REJECT target support"
        depends on IP_NF_FILTER
diff --git a/net/ipv4/netfilter/Makefile b/net/ipv4/netfilter/Makefile
index 0c7dc78..7617528 100644
--- a/net/ipv4/netfilter/Makefile
+++ b/net/ipv4/netfilter/Makefile
@@ -51,6 +51,7 @@ obj-$(CONFIG_IP_NF_MATCH_TTL) += ipt_ttl.o
 obj-$(CONFIG_IP_NF_TARGET_CLUSTERIP) += ipt_CLUSTERIP.o
 obj-$(CONFIG_IP_NF_TARGET_ECN) += ipt_ECN.o
 obj-$(CONFIG_IP_NF_TARGET_LOG) += ipt_LOG.o
+obj-$(CONFIG_IP_NF_TARGET_IMQ) += ipt_IMQ.o
 obj-$(CONFIG_IP_NF_TARGET_MASQUERADE) += ipt_MASQUERADE.o
 obj-$(CONFIG_IP_NF_TARGET_NETMAP) += ipt_NETMAP.o
 obj-$(CONFIG_IP_NF_TARGET_REDIRECT) += ipt_REDIRECT.o
diff --git a/net/ipv4/netfilter/ipt_IMQ.c b/net/ipv4/netfilter/ipt_IMQ.c
new file mode 100644
index 0000000..cda69a4
--- /dev/null
+++ b/net/ipv4/netfilter/ipt_IMQ.c
@@ -0,0 +1,69 @@
+/*
+ * This target marks packets to be enqueued to an imq device
+ */
+#include <linux/module.h>
+#include <linux/skbuff.h>
+#include <linux/netfilter_ipv4/ip_tables.h>
+#include <linux/netfilter_ipv4/ipt_IMQ.h>
+#include <linux/imq.h>
+
+static unsigned int imq_target(struct sk_buff *pskb,
+                              const struct net_device *in,
+                              const struct net_device *out,
+                              unsigned int hooknum,
+                              const struct xt_target *target,
+                              const void *targinfo)
+{
+       struct ipt_imq_info *mr = (struct ipt_imq_info *)targinfo;
+
+       pskb->imq_flags = mr->todev | IMQ_F_ENQUEUE;
+
+       return XT_CONTINUE;
+}
+
+static bool imq_checkentry(const char *tablename,
+                         const void *e,
+                         const struct xt_target *target,
+                         void *targinfo,
+                         unsigned int hook_mask)
+{
+       struct ipt_imq_info *mr;
+
+       mr = (struct ipt_imq_info *)targinfo;
+
+       if (mr->todev > IMQ_MAX_DEVS) {
+               printk(KERN_WARNING
+                      "IMQ: invalid device specified, highest is %u\n",
+                      IMQ_MAX_DEVS);
+               return 0;
+       }
+
+       return 1;
+}
+
+static struct xt_target ipt_imq_reg = {
+       .name           = "IMQ",
+       .family         = AF_INET,
+       .target         = imq_target,
+       .targetsize     = sizeof(struct ipt_imq_info),
+       .checkentry     = imq_checkentry,
+       .me             = THIS_MODULE,
+       .table          = "mangle"
+};
+
+static int __init init(void)
+{
+       return xt_register_target(&ipt_imq_reg);
+}
+
+static void __exit fini(void)
+{
+       xt_unregister_target(&ipt_imq_reg);
+}
+
+module_init(init);
+module_exit(fini);
+
+MODULE_AUTHOR("http://www.linuximq.net");
+MODULE_DESCRIPTION("Pseudo-driver for the intermediate queue device. See http://www.linuximq.net/ for more information.");
+MODULE_LICENSE("GPL");
diff --git a/net/ipv6/netfilter/Kconfig b/net/ipv6/netfilter/Kconfig
index 6cae547..3b3b610 100644
--- a/net/ipv6/netfilter/Kconfig
+++ b/net/ipv6/netfilter/Kconfig
@@ -179,6 +179,15 @@ config IP6_NF_MANGLE
 
          To compile it as a module, choose M here.  If unsure, say N.
 
+config IP6_NF_TARGET_IMQ
+       tristate "IMQ target support"
+       depends on IP6_NF_MANGLE
+       help
+          This option adds a `IMQ' target which is used to specify if and
+          to which imq device packets should get enqueued/dequeued.
+
+          To compile it as a module, choose M here.  If unsure, say N.
+
 config IP6_NF_TARGET_HL
        tristate  'HL (hoplimit) target support'
        depends on IP6_NF_MANGLE
diff --git a/net/ipv6/netfilter/Makefile b/net/ipv6/netfilter/Makefile
index fbf2c14..dcfe80b 100644
--- a/net/ipv6/netfilter/Makefile
+++ b/net/ipv6/netfilter/Makefile
@@ -6,6 +6,7 @@
 obj-$(CONFIG_IP6_NF_IPTABLES) += ip6_tables.o
 obj-$(CONFIG_IP6_NF_FILTER) += ip6table_filter.o
 obj-$(CONFIG_IP6_NF_MANGLE) += ip6table_mangle.o
+obj-$(CONFIG_IP6_NF_TARGET_IMQ) += ip6t_IMQ.o
 obj-$(CONFIG_IP6_NF_QUEUE) += ip6_queue.o
 obj-$(CONFIG_IP6_NF_RAW) += ip6table_raw.o
 
diff --git a/net/ipv6/netfilter/ip6t_IMQ.c b/net/ipv6/netfilter/ip6t_IMQ.c
new file mode 100644
index 0000000..5cf7b72
--- /dev/null
+++ b/net/ipv6/netfilter/ip6t_IMQ.c
@@ -0,0 +1,69 @@
+/*
+ * This target marks packets to be enqueued to an imq device
+ */
+#include <linux/module.h>
+#include <linux/skbuff.h>
+#include <linux/netfilter_ipv6/ip6_tables.h>
+#include <linux/netfilter_ipv6/ip6t_IMQ.h>
+#include <linux/imq.h>
+
+static unsigned int imq_target(struct sk_buff *pskb,
+                              const struct net_device *in,
+                              const struct net_device *out,
+                              unsigned int hooknum,
+                              const struct xt_target *target,
+                              const void *targinfo)
+{
+       struct ip6t_imq_info *mr = (struct ip6t_imq_info *)targinfo;
+
+       pskb->imq_flags = mr->todev | IMQ_F_ENQUEUE;
+
+       return XT_CONTINUE;
+}
+
+static bool imq_checkentry(const char *tablename,
+                         const void *entry,
+                         const struct xt_target *target,
+                         void *targinfo,
+                         unsigned int hook_mask)
+{
+       struct ip6t_imq_info *mr;
+
+       mr = (struct ip6t_imq_info *)targinfo;
+
+       if (mr->todev > IMQ_MAX_DEVS) {
+               printk(KERN_WARNING
+                      "IMQ: invalid device specified, highest is %u\n",
+                      IMQ_MAX_DEVS);
+               return 0;
+       }
+
+       return 1;
+}
+
+static struct xt_target ip6t_imq_reg = {
+       .name           = "IMQ",
+       .family         = AF_INET6,
+       .target         = imq_target,
+       .targetsize     = sizeof(struct ip6t_imq_info),
+       .table          = "mangle",
+       .checkentry     = imq_checkentry,
+       .me             = THIS_MODULE
+};
+
+static int __init init(void)
+{
+       return xt_register_target(&ip6t_imq_reg);
+}
+
+static void __exit fini(void)
+{
+       xt_unregister_target(&ip6t_imq_reg);
+}
+
+module_init(init);
+module_exit(fini);
+
+MODULE_AUTHOR("http://www.linuximq.net");
+MODULE_DESCRIPTION("Pseudo-driver for the intermediate queue device. See http://www.linuximq.net/ for more information.");
+MODULE_LICENSE("GPL");
diff --git a/net/sched/sch_generic.c b/net/sched/sch_generic.c
index b741618..dcb916e 100644
--- a/net/sched/sch_generic.c
+++ b/net/sched/sch_generic.c
@@ -203,6 +203,7 @@ void __qdisc_run(struct net_device *dev)
 
        clear_bit(__LINK_STATE_QDISC_RUNNING, &dev->state);
 }
+EXPORT_SYMBOL(__qdisc_run);
 
 static void dev_watchdog(unsigned long arg)
 {