[rh7,09/11] net: ipv4: listified version of ip_rcv

Details

Message ID	20180910153940.22827-10-aryabinin@virtuozzo.com
State	New
Series	"Backort of "Handle multiple received packets at each stage""
Headers	show Delivered-To: criupatchwork@gmail.com Received-SPF: pass (google.com: domain of devel-bounces@openvz.org designates 185.231.241.50 as permitted sender) client-ip=185.231.241.50; From: Andrey Ryabinin <aryabinin@virtuozzo.com> To: devel@openvz.org Date: Mon, 10 Sep 2018 18:39:38 +0300 Message-Id: <20180910153940.22827-10-aryabinin@virtuozzo.com> In-Reply-To: <20180910153940.22827-1-aryabinin@virtuozzo.com> References: <20180910153940.22827-1-aryabinin@virtuozzo.com> MIME-Version: 1.0 SpamDiagnosticOutput: 1:0 X-Microsoft-Exchange-Diagnostics: 1; DB7PR08MB3258; 7:DRIS/pH3VP7nTLn2pVG8b5fkFOYHT685ga9ruV0auJRq5ExX04/nMwcQTEc+G2fKUAqYSS7E5FXO6nXeCOPvzGATcTHfPJboq180EsxMiO7MbO7d6D9vevtACXOehjeiChlxYY3m3kiNNYcfU9Ru2pmSWlrX8gdwV20dUYxxAPo3wlEM1ftMa5zuH7owG/8lBlsVD0T/p///izlp/wGhtxs8LRyLGhpYY6kto3PkYPwnhz0YxaYL6UXmb3WHJwqE; 20:kwpQLUkw479b5fsH8PssqxXc2ya8r0nS3opfch/bxGJ2U2ACerCXIFmwSIGfhO37KH2avo6PEyC5THCKCUDr0n72qRMFppAMkbdFTRqU0icp7BCQyzDFAtlQcsINxyaC8BVsuM1j9pSDTgLi9ZNh7yLqSnYFps8HozsW8VWYw3I= Subject: [Devel] [PATCH rh7 09/11] net: ipv4: listified version of ip_rcv Precedence: list Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: devel-bounces@openvz.org Errors-To: devel-bounces@openvz.org

Message ID

20180910153940.22827-10-aryabinin@virtuozzo.com

State

New

Series

"Backort of "Handle multiple received packets at each stage""

Headers

show

Delivered-To: criupatchwork@gmail.com
Received: from gmail-imap.l.google.com [74.125.128.109]
	by patchwork.criu.org with IMAP (fetchmail-6.3.26)
	for <root@localhost> (single-drop);
	Mon, 10 Sep 2018 17:42:19 +0200 (CEST)
Received: by 2002:a6b:25cb:0:0:0:0:0 with SMTP id l194-v6csp2904894iol; Mon,
	10 Sep 2018 08:42:06 -0700 (PDT)
X-Google-Smtp-Source: ANB0VdYedVWtKSKxfL3f0qNg+CdSB9RrYHY1+iUN9o8wQ3fXCFHrir/f7iG++s1R7BCe+sNKXFfO
X-Received: by 2002:a62:cec6:: with SMTP id
	y189-v6mr24267792pfg.140.1536594126007;
	Mon, 10 Sep 2018 08:42:06 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1536594125; cv=none; d=google.com;
	s=arc-20160816;
	b=tVTQvpxeIUaofYvnHvFLwinYes9Hkqv7fFEEfUmEJZfY6Lw72wmdE1WdQYpuazgBJ2
	fDEgEKFTZ0sa/SCodvAHkydTKgSMMlCc0DMXVBLzvuu81Cna89afHQN6iDyRx5JHoPa+
	7GS9+QPKVo5F0QhUDW4csb8jJ4SoP4uqHy9UemBbn0uYNG8U8y2e0ok/6fkAnj2dNGvt
	YZhlSaKcZ4/wNs8fuFcmJ1lJqgqeO8YSmol/0/WgTYYj2bbDjH1MnyFsig0vkIL7o14B
	6QO74HBb5FJ5PB7GWDp1Yhyuaqg+DfFboWvtHSaVnNUNpCSZZtpl1KiuiDk/7b9Sid8C
	eqUQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
	s=arc-20160816;
	h=errors-to:sender:content-transfer-encoding:list-subscribe:list-help
	:list-post:list-archive:list-unsubscribe:list-id:precedence:subject
	:spamdiagnosticoutput:mime-version:references:in-reply-to:message-id
	:date:to:from; bh=HTB1HI+7qJ4eCgqw3rMikYNNybNrEQD/TBHZ287Z7/U=;
	b=ewfNCFxjtvXkttbS8cQXGTr9oA/7DcHCJBUUIzUPlpa3gM3JJM0DCdrQhfjNN+jT5c
	TpoKquJQhm3/NNkR9AQi8hDHpdcuy/DKx4qxOGKbiD2e2tdBzqL9cnD7DZFvefMd9+0y
	OidC9E269SfN87UYaOeXJ0UODIqwAyvmiPbYjLIY/8YzjQ+/04iByr4GuUtfhpI2N/jt
	ansf1/p/IAQxZxBBccVjsfb3EKvWyrFv0dUpK3CQWZx+FnJgAJ06HnTDwcw2JCLsHVGo
	QIlLQyAvnkThnOkrOIUQoeZ+4meds3qJxgauFB/0/lgQlomWcCRFfqtjO8/04/P+An6v
	AyVw==
ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain
	of devel-bounces@openvz.org designates
	185.231.241.50 as permitted sender)
	smtp.mailfrom=devel-bounces@openvz.org;
	dmarc=fail (p=NONE sp=NONE dis=NONE)
	header.from=virtuozzo.com
Return-Path: <devel-bounces@openvz.org>
Received: from mail.openvz.org (mail.openvz.org. [185.231.241.50]) by
	mx.google.com with ESMTPS id
	l2-v6si17365343pgb.417.2018.09.10.08.42.04
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Mon, 10 Sep 2018 08:42:05 -0700 (PDT)
Received-SPF: pass (google.com: domain of devel-bounces@openvz.org designates
	185.231.241.50 as permitted sender) client-ip=185.231.241.50;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of
	devel-bounces@openvz.org designates 185.231.241.50 as permitted
	sender) smtp.mailfrom=devel-bounces@openvz.org;
	dmarc=fail (p=NONE sp=NONE dis=NONE)
	header.from=virtuozzo.com
Received: from localhost.localdomain (localhost [127.0.0.1]) by
	mail.openvz.org (8.14.4/8.14.4) with ESMTP id w8AFe4oS024879;
	Mon, 10 Sep 2018 18:40:04 +0300
Received: from EUR02-HE1-obe.outbound.protection.outlook.com
	(mail-he1eur02lp0181.outbound.protection.outlook.com
	[213.199.180.181]) by
	mail.openvz.org (8.14.4/8.14.4) with ESMTP id w8AFdWM1024764 for
	<devel@openvz.org>; Mon, 10 Sep 2018 18:39:36 +0300
Authentication-Results: openvz.org; dkim=none (message not signed)
	header.d=none; openvz.org;
	dmarc=none action=none header.from=virtuozzo.com; 
Received: from i7.sw.ru (185.231.240.5) by
	DB7PR08MB3258.eurprd08.prod.outlook.com (2603:10a6:5:1f::20) with
	Microsoft SMTP Server (version=TLS1_2,
	cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
	15.20.1122.17; Mon, 10 Sep 2018 15:39:35 +0000
From: Andrey Ryabinin <aryabinin@virtuozzo.com>
To: devel@openvz.org
Date: Mon, 10 Sep 2018 18:39:38 +0300
Message-Id: <20180910153940.22827-10-aryabinin@virtuozzo.com>
X-Mailer: git-send-email 2.16.4
In-Reply-To: <20180910153940.22827-1-aryabinin@virtuozzo.com>
References: <20180910153940.22827-1-aryabinin@virtuozzo.com>
MIME-Version: 1.0
X-Originating-IP: [185.231.240.5]
X-ClientProxiedBy: LO2P265CA0071.GBRP265.PROD.OUTLOOK.COM
	(2603:10a6:600:60::35) To DB7PR08MB3258.eurprd08.prod.outlook.com
	(2603:10a6:5:1f::20)
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: a5c36722-a8c2-46df-e2ff-08d617339c82
X-Microsoft-Antispam: BCL:0; PCL:0;
	RULEID:(7020095)(4652040)(8989137)(5600074)(711020)(2017052603328)(7153060)(7193020);
	SRVR:DB7PR08MB3258;
X-Microsoft-Exchange-Diagnostics: 1; DB7PR08MB3258;
	3:HYUbwEBss6p5sXZSdhjeA2QxvyRENEu3aKS7zdZeftlepD4xZRsjuxik9IePHTqUryVCsVD3QTEHvNAeina+/xDxtDDVSJbLVW5naijqvyCZmyaucxBBgt3X6OTKTYzK+3lXeVzS3Opogx1rOydVwcchlLBgDxxA/hyDK/c+2zOoyFOqHiFDZl6nQteKFojW1wwm/hx4sS0Gw6KhKuHem927Xe/MhwNUKWFya4ybKZ3YQsbvB/DFj5IgLE/QndpR;
	25:nvGy8UuD7TpNLIUTFkWwUc277XFVDuCYxqhJR58wNpX877baA8gp3WOaNjfSOaqy/5nH/L7idXOvyTVX22NL1bNN10lLEL7VQmS2xIePWYMNqS9PcKvFgAKxP4mRA/+Cx0fQVgFnOI4o5qa3YUYkwKVwD0T3LJnwyOCbrEPZ66+xmR1zCJ5WFewHsOZS7MZDhQIqQjnMJLaz8eL+Ro4hTd/eOpedhzIqiwbdT9nV/Oy5rKtnhIDvE9s0JLV3Up/OzfCICuzL2BUipeyRzu2TXHWLDvHYBcUef4cD4lWw+3Wp9oKYgD3qu3fXolOztQ53zvk10WyFBsURfI6ib9Darg==;
	31:lPGpUSWBquFsAWZBmPJLxFi1wJ7IXSmaiUEnY0mbESP6yAWxA9nZzKAIOStV2O+929/DEKLMOIy2KJ3wCClepqTEmtE3XtOoeySWvIk0ksOiNlSQ6z8Syr7yL+KIJzjNWt0ZDP7L/GaHOdPNj51yo0aP6GGhL2DnygJAmnL1S+yooN/6dhjTIc+WES+/nJGT2kERmylc67IRYu3Tp5MJXeYMo4TGDKvAaRCafIgRdSU=
X-MS-TrafficTypeDiagnostic: DB7PR08MB3258:
X-LD-Processed: 0bc7f26d-0264-416e-a6fc-8352af79c58f,ExtAddr
X-Microsoft-Exchange-Diagnostics: 1; DB7PR08MB3258;
	20:qM08LQ5xbcdnD5y4qTYF3efjJJmdlk0qPez94+15JZWjbnwBMN/PIKswPNj8c51bX+6KirXtRkg8kl0H8iaxLI4WfkzR8GKcGuoHhpmVabA+vm8C/jbimZiYFH3rEw9cbX12Z6lu0Es0fP0FE7sQgEcwYCjnIR9dLTAtJp1TUK6SgjlGO+SzFb2j52U+8MEkHStfuroh078stPgrZgJt4pN3YOwF9CG+75ySajpB5rWsw9Z1y19msAmsayJRfkW95VWbE8Mp3BfGbUrGDRPnrkl6yZaDdOJyWSgF/iiATCzeBMwUDtWKjthBLAEOBjgw86EVL5+yIxhGe2jFHYozLQpoOI8130iA6zNTrzxIqNRUM2+JdG31fAXbvUgsONLNyT0VwSGSHh0ioXs+ZQsQdRfZ/O/S6EYR9ijm9bwvM+is6bdm10LC8jK9F1rBqhCHTaPtjLy4j+KwjLyBKLwo7/W0TY2+CrqNUww7BuoTaf9qmLC5lJMF0QPHdeI527GK;
	4:5ggwzi4xt+9Z8ELm2G+y7auKgptc5DsCXJ2kFwPmBwdo4kOKoBStmiA/dOox89YoIwQboBJnachu3zQ45yDYioIfOZfXa46QuPNpUp5PpdJe/VjalgEWP87Ypd1GMGwkQqvL9bg0hjC/Nb6V3U2PNtu2jseKzbWPnNdmQv7r91Jpl9HI+4RSkQb7i3vZ3rzJYK0ufFgYOCA4METCWg1oj3LF/kzE5P6GZFUeNY5G3NbqkRcUkNYBGEK+8UT2oRWf+9BakruzwsDH4UpC0s1zWFw7+NYPHpupcvcT10dusGdhROwE+aOX925BSxktycOJ
X-Exchange-Antispam-Report-Test: UriScan:(215187933766430);
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0;
	RULEID:(9101524173)(20180801055)(2401047)(8121501046)(823300264)(823320095)(93006095)(93001095)(10201501046)(3002001)(3231311)(944501410)(52105095)(201708071742011)(7699050);
	SRVR:DB7PR08MB3258; BCL:0; PCL:0; RULEID:; SRVR:DB7PR08MB3258;
X-Forefront-Antispam-Report: SFV:SKI; SFS:; DIR:INB; SFP:; SCL:-1;
	SRVR:DB7PR08MB3258; H:i7.sw.ru; FPR:; SPF:None; LANG:en;
X-Microsoft-Exchange-Diagnostics: 1; DB7PR08MB3258;
	23:hIlK7cudvTMuHacwV4h1yAieczdvPPDoqPZxrybBgXaKMrD63IWdENGZH3tukWILUVKIN7NHYpum3uWwXX0CYHboqRqp+rMKv6VguFrlKJpAyak4KVHMVACQmMM0D1APLhsXUMpRIfAz1R5BXTEW3w==;
	6:Z9aOMyKbb82T+kSPP82krhLUBuliAqpblMY1dWQo1EqBL1dTqdS6LkeQMh65pBh6cnwCsbta53L315OMf0a5wLtkRiGWy7ZYO5PiRQPSVBOBTxwzqVhzTEXQmahir6jXBOSZAylwMVd7jDXqP/V0St0zkRGVF6tnJEC1K1Fk7uP6m+8pCcwI5TgWDPIVhOUect4mT3z5a+eQcpycw6E6gddeRpBrmQ7MvjBbCWxJrgWe3ETmdVpiAU9E4+HAMMCgT5rCOLhOqnbWJxb7hxYEdQdP7sv1A7zaaLfyxk9H6yOrFRz9fu0okOLpUNgAMEiyCYDeUGdul7PBT192kvQj6jrcYGUEZM3vMBjQh1+nJwBmqZIilfV1zxyPdNPR/F3uSltfALlubBGniPda7rdUk0AOQgjHZ0iz0rA/ScTnbgudCfi+4XqwNM5xvtxhZUJ8k4tjLAfHHeF56jkcnwBjLw==;
	5:Ta0tyI0zY4yoCuGILoHyR8GMiRVvPhAT56RGlgr1ubeCjKVevoqRzsJgjjlOMMnIf2GZZoCqxt9RR3QhQZKhK5WYyv9hbljduo+gjsVBlrebl7zUiFjXXJCGmzP4ZYffZD5rNQEYrPFCkznFS/EzfOW7orwJU7ajWvLtmI8Hoi8=
X-Microsoft-Antispam-Message-Info: fGqrC3Z5/lNWKQHM6bPdV/k6rIVhw7hWPbUkD8ipe8zMkLqMRj5M2GrlFAHSiJ6Yj02b0LkrrTKV83r2UgJzvI+BLUj4zfRHF7dG6xrZwDU2WnQNM6tfD7v6/rynm7DOSEfPuwYECpzVj4109dWIU+aw/cCt0jVjm5TCE0/HUy1mNpL47KhI78WEDqeiKOZB2v2chQkM7qT/a8w92vkQKr97WQdFaPgVJehGNnhwyGsI46Q+U/qq6O9pa1NuHnOnenIA9iXk1JfhiX7qNnsbcNbIFh5W1aQAQhfKvHntEMkLupf4sj628zGh7Dx3b/jStDOhWm7BhL8oo9fZCQzQBSYQYQgzKF7OIoHo5sh9D2c=
SpamDiagnosticOutput: 1:0
X-Microsoft-Exchange-Diagnostics: 1; DB7PR08MB3258;
	7:DRIS/pH3VP7nTLn2pVG8b5fkFOYHT685ga9ruV0auJRq5ExX04/nMwcQTEc+G2fKUAqYSS7E5FXO6nXeCOPvzGATcTHfPJboq180EsxMiO7MbO7d6D9vevtACXOehjeiChlxYY3m3kiNNYcfU9Ru2pmSWlrX8gdwV20dUYxxAPo3wlEM1ftMa5zuH7owG/8lBlsVD0T/p///izlp/wGhtxs8LRyLGhpYY6kto3PkYPwnhz0YxaYL6UXmb3WHJwqE;
	20:kwpQLUkw479b5fsH8PssqxXc2ya8r0nS3opfch/bxGJ2U2ACerCXIFmwSIGfhO37KH2avo6PEyC5THCKCUDr0n72qRMFppAMkbdFTRqU0icp7BCQyzDFAtlQcsINxyaC8BVsuM1j9pSDTgLi9ZNh7yLqSnYFps8HozsW8VWYw3I=
X-OriginatorOrg: virtuozzo.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Sep 2018 15:39:35.2192
	(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: a5c36722-a8c2-46df-e2ff-08d617339c82
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 0bc7f26d-0264-416e-a6fc-8352af79c58f
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB7PR08MB3258
X-MS-Exchange-CrossPremises-OriginalClientIPAddress: 185.231.240.5
X-MS-Exchange-CrossPremises-AuthSource: DB7PR08MB3258.eurprd08.prod.outlook.com
X-MS-Exchange-CrossPremises-AuthAs: Internal
X-MS-Exchange-CrossPremises-AuthMechanism: 06
X-MS-Exchange-CrossPremises-TransportTrafficType: Email
X-MS-Exchange-CrossPremises-TransportTrafficSubType: 
X-MS-Exchange-CrossPremises-SCL: -1
X-MS-Exchange-CrossPremises-Antispam-ScanContext: DIR:Originating; SFV:SKI; 
	SKIP:0;
X-MS-Exchange-CrossPremises-Processed-By-Journaling: Journal Agent
X-OrganizationHeadersPreserved: DB7PR08MB3258.eurprd08.prod.outlook.com
Subject: [Devel] [PATCH rh7 09/11] net: ipv4: listified version of ip_rcv
X-BeenThere: devel@openvz.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OpenVZ development <devel.openvz.org>
List-Unsubscribe: <https://lists.openvz.org/mailman/options/devel>,
	<mailto:devel-request@openvz.org?subject=unsubscribe>
List-Archive: <http://lists.openvz.org/pipermail/devel/>
List-Post: <mailto:devel@openvz.org>
List-Help: <mailto:devel-request@openvz.org?subject=help>
List-Subscribe: <https://lists.openvz.org/mailman/listinfo/devel>,
	<mailto:devel-request@openvz.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: devel-bounces@openvz.org
Errors-To: devel-bounces@openvz.org

Commit Message

Andrey Ryabinin Sept. 10, 2018, 3:39 p.m.

From: Edward Cree <ecree@solarflare.com>

Also involved adding a way to run a netfilter hook over a list of packets.
 Rather than attempting to make netfilter know about lists (which would be
 a major project in itself) we just let it call the regular okfn (in this
 case ip_rcv_finish()) for any packets it steals, and have it give us back
 a list of packets it's synchronously accepted (which normally NF_HOOK
 would automatically call okfn() on, but we want to be able to potentially
 pass the list to a listified version of okfn().)
The netfilter hooks themselves are indirect calls that still happen per-
 packet (see nf_hook_entry_hookfn()), but again, changing that can be left
 for future work.

There is potential for out-of-order receives if the netfilter hook ends up
 synchronously stealing packets, as they will be processed before any
 accepts earlier in the list.  However, it was already possible for an
 asynchronous accept to cause out-of-order receives, so presumably this is
 considered OK.

Signed-off-by: Edward Cree <ecree@solarflare.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

https://jira.sw.ru/browse/PSBM-88420
(cherry picked from commit 17266ee939849cb095ed7dd9edbec4162172226b)
Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
---
 include/linux/netdevice.h |  3 ++
 include/linux/netfilter.h | 23 ++++++++++++++
 include/net/ip.h          |  2 ++
 net/core/dev.c            |  8 +++--
 net/ipv4/af_inet.c        |  1 +
 net/ipv4/ip_input.c       | 80 ++++++++++++++++++++++++++++++++++++++++-------
 6 files changed, 102 insertions(+), 15 deletions(-)

Patch hide | download patch | download mbox

diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
index 8c9a76d3282b..b0ceda91664c 100644
--- a/include/linux/netdevice.h
+++ b/include/linux/netdevice.h
@@ -2367,6 +2367,9 @@  struct packet_type {
 					 struct net_device *,
 					 struct packet_type *,
 					 struct net_device *);
+	void			(*list_func) (struct list_head *,
+					      struct packet_type *,
+					      struct net_device *);
 	bool			(*id_match)(struct packet_type *ptype,
 					    struct sock *sk);
 	void			*af_packet_priv;
diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h
index f395cc327280..aa356a89224d 100644
--- a/include/linux/netfilter.h
+++ b/include/linux/netfilter.h
@@ -249,6 +249,20 @@  NF_HOOK(uint8_t pf, unsigned int hook, struct sock *sk, struct sk_buff *skb,
 	return NF_HOOK_THRESH(pf, hook, sk, skb, in, out, okfn, INT_MIN);
 }
 
+static inline void
+NF_HOOK_LIST(uint8_t pf, unsigned int hook, struct net *net, struct sock *sk,
+	     struct list_head *head, struct net_device *in, struct net_device *out,
+	     int (*okfn)(struct sock *, struct sk_buff *))
+{
+	struct sk_buff *skb, *next;
+
+	list_for_each_entry_safe(skb, next, head, list) {
+		int ret = nf_hook(pf, hook, sk, skb, in, out, okfn);
+		if (ret != 1)
+			list_del(&skb->list);
+	}
+}
+
 /* Call setsockopt() */
 int nf_setsockopt(struct sock *sk, u_int8_t pf, int optval, char __user *opt,
 		  unsigned int len);
@@ -357,6 +371,15 @@  static inline int nf_hook_thresh(u_int8_t pf, unsigned int hook,
 {
 	return okfn(sk, skb);
 }
+
+static inline void
+NF_HOOK_LIST(uint8_t pf, unsigned int hook, struct net *net, struct sock *sk,
+	     struct list_head *head, struct net_device *in, struct net_device *out,
+	     int (*okfn)(struct net *, struct sock *, struct sk_buff *))
+{
+	/* nothing to do */
+}
+
 static inline int nf_hook(u_int8_t pf, unsigned int hook, struct sock *sk,
 			  struct sk_buff *skb, struct net_device *indev,
 			  struct net_device *outdev,
diff --git a/include/net/ip.h b/include/net/ip.h
index 3a1d98067d58..03f7c90d12f9 100644
--- a/include/net/ip.h
+++ b/include/net/ip.h
@@ -105,6 +105,8 @@  int ip_build_and_send_pkt(struct sk_buff *skb, struct sock *sk,
 			  struct ip_options_rcu *opt);
 int ip_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt,
 	   struct net_device *orig_dev);
+void ip_list_rcv(struct list_head *head, struct packet_type *pt,
+		 struct net_device *orig_dev);
 int ip_local_deliver(struct sk_buff *skb);
 int ip_mr_input(struct sk_buff *skb);
 int ip_output(struct sock *sk, struct sk_buff *skb);
diff --git a/net/core/dev.c b/net/core/dev.c
index c621e6644f18..0ab07300c15b 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -4206,9 +4206,11 @@  static inline void __netif_receive_skb_list_ptype(struct list_head *head,
 		return;
 	if (list_empty(head))
 		return;
-
-	list_for_each_entry_safe(skb, next, head, list)
-		pt_prev->func(skb, skb->dev, pt_prev, orig_dev);
+	if (pt_prev->list_func != NULL)
+		pt_prev->list_func(head, pt_prev, orig_dev);
+	else
+		list_for_each_entry_safe(skb, next, head, list)
+			pt_prev->func(skb, skb->dev, pt_prev, orig_dev);
 }
 
 static void __netif_receive_skb_list_core(struct list_head *head, bool pfmemalloc)
diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
index d94bb84c5644..34b597793f47 100644
--- a/net/ipv4/af_inet.c
+++ b/net/ipv4/af_inet.c
@@ -1683,6 +1683,7 @@  fs_initcall(ipv4_offload_init);
 static struct packet_type ip_packet_type __read_mostly = {
 	.type = cpu_to_be16(ETH_P_IP),
 	.func = ip_rcv,
+	.list_func = ip_list_rcv,
 };
 
 static int __init inet_init(void)
diff --git a/net/ipv4/ip_input.c b/net/ipv4/ip_input.c
index 2b97550ccea1..0f50a08e5464 100644
--- a/net/ipv4/ip_input.c
+++ b/net/ipv4/ip_input.c
@@ -381,7 +381,7 @@  static int ip_rcv_finish(struct sock *sk, struct sk_buff *skb)
 /*
  * 	Main IP Receive routine.
  */
-int ip_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt, struct net_device *orig_dev)
+static struct sk_buff *ip_rcv_core(struct sk_buff *skb, struct net *net)
 {
 	const struct iphdr *iph;
 	u32 len;
@@ -393,10 +393,10 @@  int ip_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt,
 		goto drop;
 
 
-	IP_UPD_PO_STATS_BH(dev_net(dev), IPSTATS_MIB_IN, skb->len);
+	IP_UPD_PO_STATS_BH(net, IPSTATS_MIB_IN, skb->len);
 
 	if ((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL) {
-		IP_INC_STATS_BH(dev_net(dev), IPSTATS_MIB_INDISCARDS);
+		IP_INC_STATS_BH(net, IPSTATS_MIB_INDISCARDS);
 		goto out;
 	}
 
@@ -422,7 +422,7 @@  int ip_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt,
 	BUILD_BUG_ON(IPSTATS_MIB_ECT1PKTS != IPSTATS_MIB_NOECTPKTS + INET_ECN_ECT_1);
 	BUILD_BUG_ON(IPSTATS_MIB_ECT0PKTS != IPSTATS_MIB_NOECTPKTS + INET_ECN_ECT_0);
 	BUILD_BUG_ON(IPSTATS_MIB_CEPKTS != IPSTATS_MIB_NOECTPKTS + INET_ECN_CE);
-	IP_ADD_STATS_BH(dev_net(dev),
+	IP_ADD_STATS_BH(net,
 			IPSTATS_MIB_NOECTPKTS + (iph->tos & INET_ECN_MASK),
 			max_t(unsigned short, 1, skb_shinfo(skb)->gso_segs));
 
@@ -436,7 +436,7 @@  int ip_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt,
 
 	len = ntohs(iph->tot_len);
 	if (skb->len < len) {
-		IP_INC_STATS_BH(dev_net(dev), IPSTATS_MIB_INTRUNCATEDPKTS);
+		IP_INC_STATS_BH(net, IPSTATS_MIB_INTRUNCATEDPKTS);
 		goto drop;
 	} else if (len < (iph->ihl*4))
 		goto inhdr_error;
@@ -446,7 +446,7 @@  int ip_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt,
 	 * Note this now means skb->len holds ntohs(iph->tot_len).
 	 */
 	if (pskb_trim_rcsum(skb, len)) {
-		IP_INC_STATS_BH(dev_net(dev), IPSTATS_MIB_INDISCARDS);
+		IP_INC_STATS_BH(net, IPSTATS_MIB_INDISCARDS);
 		goto drop;
 	}
 
@@ -458,16 +458,72 @@  int ip_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt,
 	/* Must drop socket now because of tproxy. */
 	skb_orphan(skb);
 
-	return NF_HOOK(NFPROTO_IPV4, NF_INET_PRE_ROUTING, NULL, skb,
-		       dev, NULL,
-		       ip_rcv_finish);
+	return skb;
 
 csum_error:
-	IP_INC_STATS_BH(dev_net(dev), IPSTATS_MIB_CSUMERRORS);
+	IP_INC_STATS_BH(net, IPSTATS_MIB_CSUMERRORS);
 inhdr_error:
-	IP_INC_STATS_BH(dev_net(dev), IPSTATS_MIB_INHDRERRORS);
+	IP_INC_STATS_BH(net, IPSTATS_MIB_INHDRERRORS);
 drop:
 	kfree_skb(skb);
 out:
-	return NET_RX_DROP;
+	return NULL;
+}
+
+/*
+ * IP receive entry point
+ */
+int ip_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt,
+	   struct net_device *orig_dev)
+{
+	struct net *net = dev_net(dev);
+
+	skb = ip_rcv_core(skb, net);
+	if (skb == NULL)
+		return NET_RX_DROP;
+	return NF_HOOK(NFPROTO_IPV4, NF_INET_PRE_ROUTING,
+		       NULL, skb, dev, NULL,
+		       ip_rcv_finish);
+}
+
+static void ip_sublist_rcv(struct list_head *head, struct net_device *dev,
+			   struct net *net)
+{
+	struct sk_buff *skb, *next;
+
+	NF_HOOK_LIST(NFPROTO_IPV4, NF_INET_PRE_ROUTING, net, NULL,
+		     head, dev, NULL, ip_rcv_finish);
+	list_for_each_entry_safe(skb, next, head, list)
+		ip_rcv_finish(NULL, skb);
+}
+
+/* Receive a list of IP packets */
+void ip_list_rcv(struct list_head *head, struct packet_type *pt,
+		 struct net_device *orig_dev)
+{
+	struct net_device *curr_dev = NULL;
+	struct net *curr_net = NULL;
+	struct sk_buff *skb, *next;
+	struct list_head sublist;
+
+	list_for_each_entry_safe(skb, next, head, list) {
+		struct net_device *dev = skb->dev;
+		struct net *net = dev_net(dev);
+
+		skb = ip_rcv_core(skb, net);
+		if (skb == NULL)
+			continue;
+
+		if (curr_dev != dev || curr_net != net) {
+			/* dispatch old sublist */
+			list_cut_before(&sublist, head, &skb->list);
+			if (!list_empty(&sublist))
+				ip_sublist_rcv(&sublist, dev, net);
+			/* start new sublist */
+			curr_dev = dev;
+			curr_net = net;
+		}
+	}
+	/* dispatch final sublist */
+	ip_sublist_rcv(head, curr_dev, curr_net);
 }