From patchwork Tue Nov 19 10:18:53 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13879576 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-lj1-f175.google.com (mail-lj1-f175.google.com [209.85.208.175]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1A28A1C1F08; Tue, 19 Nov 2024 10:19:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.175 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732011564; cv=none; b=OicW28SjpxsiM+0GgwS+MpU93Pk5nQ2ukYc4Os6sDGDkh1gxZw876zazsTNc2tYaFXYOy5whTOq2WBGZPN2snxy0KXOxegsGZk4cGTSGh8IkAScQS5BkKkFSWpyJcTePt7p2cD8uwTzrSeo9I4M4UsdkNhAjyAvKfOBsna4zTwk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732011564; c=relaxed/simple; bh=9z7HmZ9CNEJAudwjNyb1ZSYmkdB/Xiw+2DDVHpucNKc=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=oJaSfNM2F5w9hOkjB+BJplq9SDd+ITBFBvz28lM63fQaLtqCiGTFEF3JQjiE8nTe7MadGJ95/+VMB6fUI1JDS7nqwOuies4QaoZhJ7YsaY2R07noxgBhnEROYZJH49r5T+7XanrU75KlJkKj+jjXmV0TmL8bUXtsNg9htXkKuCk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=HwVPooDX; arc=none smtp.client-ip=209.85.208.175 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="HwVPooDX" Received: by mail-lj1-f175.google.com with SMTP id 38308e7fff4ca-2fb4af0b6beso42479991fa.3; Tue, 19 Nov 2024 02:19:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1732011560; x=1732616360; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=s2v4wvRWn+02yrqYzk8I6pei4Ps2LL08kCWalGaFo8k=; b=HwVPooDXskUfmm5uS6mJAccEntCayZOrXLkGCzV6lxMD+nRCsjnoQhjmGpzmxAJ/Ri GqjhLBbg6DKj98UEw5SGewchZb6Tb0Y2lE1+u6W9GTBgezrYGGR7COPTiavSUzkbbiMN N4wTR3/7AnuhznumldXtjfhGTICnX4WKTpiwecAH/n/ALg+W7a4VNNyBNvbb3HNmaDG6 RLYSk0sPvQx8RRHZGjKU2V06X8QTfQxfUn0rFwcZaQuVdQVOiD6ljJ//sxhVWWNbD87n d01W50yxM8TuCIFRI5yx0Y5hLaK/RbULujxbNuPRHOkUlcKd0W4oQf+4c5+/iaTeRUcK R9lg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732011560; x=1732616360; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=s2v4wvRWn+02yrqYzk8I6pei4Ps2LL08kCWalGaFo8k=; b=LX5agv7ZU7/Vtfe5WlOk/NM1ufvQdYw7QEOkliiTPTu0AiA6YU8vSzhcaKIO+PYOmQ w7JxbEmM9IVT3fOfwzy57UDuNKHszeGt4lhL8U+QTVs4glqyTEubJU+2ue2MMmARhAPN vt2G9GKmBwxWyTJuuQcokzDPiwSB+1ly46ILDwVU75Bxy0hKMjo7aFg1qoCtdPqnsWIS CLV5oKzAskk6B+EeigIiAttFISbuHc4SyvKVqkRe9grLm8Tp9SS2rrfn1taHUT4RJy7G Dt6RqUeu7HXgpnmdzQkk1Hv+5yi2TouvvEZgnKQLAdjNuQL4KejfMTE3kDE/ePKnScSE HsJQ== X-Forwarded-Encrypted: i=1; AJvYcCWUdwUw040Szr5nHjA241kRwhkLxyYxUcuxhp4+MwgDABbO1Q8r8lA+8cYPZtNqvlxvgfa3vQJKBBvMav2pRvSg@vger.kernel.org, AJvYcCX7eGqkEEgbbIwNzogi8ercfuyUUo24swvQkJrbEvXjUVQqglp5w7tPnB6smqwTPNuNmDwdlFUtNAsFA8s=@vger.kernel.org X-Gm-Message-State: AOJu0Yxkk2hNeQ3GPWY4gVvQz5+/E3gE78dH/LhOkok9rDxYSngN4tYg fkOoKdvL2GuS8IxbWIWSoKEKutO7Gogyi6pyoSkBeGhOvW7YTFcO X-Google-Smtp-Source: AGHT+IGcc52t0JYl62z5La9vrUnqdLe/7x1g/27aiQFVRTEFc3y9IAb/0I8BdS4CAvP5pPR+qlUj7A== X-Received: by 2002:a2e:a592:0:b0:2fb:4f8e:efd with SMTP id 38308e7fff4ca-2ff606db22emr127527371fa.32.1732011559809; Tue, 19 Nov 2024 02:19:19 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-aa20e081574sm634875566b.179.2024.11.19.02.19.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 19 Nov 2024 02:19:19 -0800 (PST) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Andrew Lunn , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , David Ahern , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH RFC v2 net-next 01/14] netfilter: nf_flow_table_offload: Add nf_flow_encap_push() for xmit direct Date: Tue, 19 Nov 2024 11:18:53 +0100 Message-ID: <20241119101906.862680-2-ericwouds@gmail.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20241119101906.862680-1-ericwouds@gmail.com> References: <20241119101906.862680-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org X-Patchwork-State: RFC Loosely based on wenxu's patches: "nf_flow_table_offload: offload the vlan/PPPoE encap in the flowtable". Fixed double vlan and pppoe packets, almost entirely rewriting the patch. After this patch, it is possible to transmit packets in the fastpath with outgoing encaps, without using vlan- and/or pppoe-devices. This makes it possible to use more different kinds of network setups. For example, when bridge tagging is used to egress vlan tagged packets using the forward fastpath. Another example is passing 802.1q tagged packets through a bridge using the bridge fastpath. This also makes the software fastpath process more similar to the hardware offloaded fastpath process, where encaps are also pushed. After applying this patch, always info->outdev = info->hw_outdev, so the netfilter code can be further cleaned up by removing: * hw_outdev from struct nft_forward_info * out.hw_ifindex from struct nf_flow_route * out.hw_ifidx from struct flow_offload_tuple Signed-off-by: Eric Woudstra --- net/netfilter/nf_flow_table_ip.c | 96 +++++++++++++++++++++++++++++++- net/netfilter/nft_flow_offload.c | 6 +- 2 files changed, 96 insertions(+), 6 deletions(-) diff --git a/net/netfilter/nf_flow_table_ip.c b/net/netfilter/nf_flow_table_ip.c index 98edcaa37b38..290d8e10d85b 100644 --- a/net/netfilter/nf_flow_table_ip.c +++ b/net/netfilter/nf_flow_table_ip.c @@ -302,6 +302,92 @@ static bool nf_flow_skb_encap_protocol(struct sk_buff *skb, __be16 proto, return false; } +static int nf_flow_vlan_inner_push(struct sk_buff *skb, __be16 proto, u16 id) +{ + struct vlan_hdr *vhdr; + + if (skb_cow_head(skb, VLAN_HLEN)) + return -1; + + __skb_push(skb, VLAN_HLEN); + skb_reset_network_header(skb); + + vhdr = (struct vlan_hdr *)(skb->data); + vhdr->h_vlan_TCI = htons(id); + vhdr->h_vlan_encapsulated_proto = skb->protocol; + skb->protocol = proto; + + return 0; +} + +static int nf_flow_ppoe_push(struct sk_buff *skb, u16 id) +{ + struct ppp_hdr { + struct pppoe_hdr hdr; + __be16 proto; + } *ph; + int data_len = skb->len + 2; + __be16 proto; + + if (skb_cow_head(skb, PPPOE_SES_HLEN)) + return -1; + + if (skb->protocol == htons(ETH_P_IP)) + proto = htons(PPP_IP); + else if (skb->protocol == htons(ETH_P_IPV6)) + proto = htons(PPP_IPV6); + else + return -1; + + __skb_push(skb, PPPOE_SES_HLEN); + skb_reset_network_header(skb); + + ph = (struct ppp_hdr *)(skb->data); + ph->hdr.ver = 1; + ph->hdr.type = 1; + ph->hdr.code = 0; + ph->hdr.sid = htons(id); + ph->hdr.length = htons(data_len); + ph->proto = proto; + skb->protocol = htons(ETH_P_PPP_SES); + + return 0; +} + +static int nf_flow_encap_push(struct sk_buff *skb, + struct flow_offload_tuple_rhash *tuplehash, + unsigned short *type) +{ + int i = 0, ret = 0; + + if (!tuplehash->tuple.encap_num) + return 0; + + if (tuplehash->tuple.encap[i].proto == htons(ETH_P_8021Q) || + tuplehash->tuple.encap[i].proto == htons(ETH_P_8021AD)) { + __vlan_hwaccel_put_tag(skb, tuplehash->tuple.encap[i].proto, + tuplehash->tuple.encap[i].id); + i++; + if (i >= tuplehash->tuple.encap_num) + return 0; + } + + switch (tuplehash->tuple.encap[i].proto) { + case htons(ETH_P_8021Q): + *type = ETH_P_8021Q; + ret = nf_flow_vlan_inner_push(skb, + tuplehash->tuple.encap[i].proto, + tuplehash->tuple.encap[i].id); + break; + case htons(ETH_P_PPP_SES): + *type = ETH_P_PPP_SES; + ret = nf_flow_ppoe_push(skb, + tuplehash->tuple.encap[i].id); + break; + } + return ret; +} + static void nf_flow_encap_pop(struct sk_buff *skb, struct flow_offload_tuple_rhash *tuplehash) { @@ -331,6 +417,7 @@ static void nf_flow_encap_pop(struct sk_buff *skb, static unsigned int nf_flow_queue_xmit(struct net *net, struct sk_buff *skb, const struct flow_offload_tuple_rhash *tuplehash, + struct flow_offload_tuple_rhash *other_tuplehash, unsigned short type) { struct net_device *outdev; @@ -339,6 +426,9 @@ static unsigned int nf_flow_queue_xmit(struct net *net, struct sk_buff *skb, if (!outdev) return NF_DROP; + if (nf_flow_encap_push(skb, other_tuplehash, &type) < 0) + return NF_DROP; + skb->dev = outdev; dev_hard_header(skb, skb->dev, type, tuplehash->tuple.out.h_dest, tuplehash->tuple.out.h_source, skb->len); @@ -458,7 +548,8 @@ nf_flow_offload_ip_hook(void *priv, struct sk_buff *skb, ret = NF_STOLEN; break; case FLOW_OFFLOAD_XMIT_DIRECT: - ret = nf_flow_queue_xmit(state->net, skb, tuplehash, ETH_P_IP); + ret = nf_flow_queue_xmit(state->net, skb, tuplehash, + &flow->tuplehash[!dir], ETH_P_IP); if (ret == NF_DROP) flow_offload_teardown(flow); break; @@ -753,7 +844,8 @@ nf_flow_offload_ipv6_hook(void *priv, struct sk_buff *skb, ret = NF_STOLEN; break; case FLOW_OFFLOAD_XMIT_DIRECT: - ret = nf_flow_queue_xmit(state->net, skb, tuplehash, ETH_P_IPV6); + ret = nf_flow_queue_xmit(state->net, skb, tuplehash, + &flow->tuplehash[!dir], ETH_P_IPV6); if (ret == NF_DROP) flow_offload_teardown(flow); break; diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index 7b84d8d3469c..cdf1771906b8 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -124,13 +124,12 @@ static void nft_dev_path_info(const struct net_device_path_stack *stack, info->indev = NULL; break; } - if (!info->outdev) - info->outdev = path->dev; info->encap[info->num_encaps].id = path->encap.id; info->encap[info->num_encaps].proto = path->encap.proto; info->num_encaps++; if (path->type == DEV_PATH_PPPOE) memcpy(info->h_dest, path->encap.h_dest, ETH_ALEN); + info->xmit_type = FLOW_OFFLOAD_XMIT_DIRECT; break; case DEV_PATH_BRIDGE: if (is_zero_ether_addr(info->h_source)) @@ -158,8 +157,7 @@ static void nft_dev_path_info(const struct net_device_path_stack *stack, break; } } - if (!info->outdev) - info->outdev = info->indev; + info->outdev = info->indev; info->hw_outdev = info->indev; From patchwork Tue Nov 19 10:18:54 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13879577 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-ed1-f50.google.com (mail-ed1-f50.google.com [209.85.208.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 492301C3026; Tue, 19 Nov 2024 10:19:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.50 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732011565; cv=none; b=DYvDX2QHANyQHuo8KCkg6z8cwsHQH5oiM0KSWE8IuWdlS9tjZNT2szM9hpnBUsdIC8RHYEeUZQnEqYxodebhRD13X2bTOXCvz5dnzKY8UXJiBzzxsGCFeAsuP5elNbYYv+oI+zOfisvcO4L3Js+fuyxyqBhIn8nF6alY0LED6Tw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732011565; c=relaxed/simple; bh=83pWBM1L3wuX+9WaP0J2+M1bEpthmK4o/ZZMjoR1Pug=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=SbWkgrDatAcTONo1QPVH0+7hO9/pWpvg2MbwMyOQfk4jWSqIWz9kMP0LDZYnZ7w9RFlDIhMevFRhWWOVVqBSmnRfmS/xSFLh3IJ5otBAbc48uO3qems6FZBqCau8LDVr7ruN6WrWFvtD8qxZFwtQjQE/sXVEhhnffyH3nsM0N5I= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=MoJl/xvG; arc=none smtp.client-ip=209.85.208.50 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="MoJl/xvG" Received: by mail-ed1-f50.google.com with SMTP id 4fb4d7f45d1cf-5cefa22e9d5so928739a12.3; Tue, 19 Nov 2024 02:19:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1732011562; x=1732616362; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=33FGTDxVghKRUjvQxe8n+i0NIxSacmlAlP2N6q7e0cg=; b=MoJl/xvGfBr2s99uV2RVCaem/wx90dV9YC7wOMfHN0zQQ2Kc1tBtJpi81s3ou74o5Z JEeAC4GxYmH74qIYM9Y72gCWFRarjCzks5f5Boa+ncfO/CbLLI8bNPqBPDsjCVlQtp8A BZozzZCC7k8nPm5dVhUAcXoHFdxoQWDVB27GGNz9J0JCtD39fWPrI9Ban2LSLPo0PeAX f0jRVM4Z3DAhhSp8TO55+Wb76b47mirjzXwb9af/J2w73/GKsX/TQAzeVVaJ1KZsKXrx nReI9grLLSv4iWMVU4b/WNUbpFtBo3DFSEf4gWuLt6BI6iEQNiWdI2zhW8E9UkSpmkU1 27Fw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732011562; x=1732616362; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=33FGTDxVghKRUjvQxe8n+i0NIxSacmlAlP2N6q7e0cg=; b=f+9q0g+WocSXduEszgzY0/CcyWjhaSwfODA2er+v1tvaKG0Ey4oZcbff6MtufYo/Ag ErsXUifqdaREyO2zxuC5A4nSIFil7nJ10lrZ725RgaE0wb7w+d8jkWlKpWXjwcD94uYu vyF4vLtooMHUsZOXRw2oaZHmM6WWnMhrIvsIICX76+R3iTJ0VV+A5elQ92CR5QZOG8od G+FCH8aCnZyB06rPAQ/k9xCSrjvKLMIL7gcBslYu5HRRuOiFIdLBeeK9z0FqPT28lbmA YkPN+id54fNpnjD3KhlKZbKQV2bfP+y5OaJVnaTa1uH+QVTeVsXNy40hsz5sqb4wWLNr 4yUw== X-Forwarded-Encrypted: i=1; AJvYcCXXdUm9G+AFFySGdEhCKxtxFw6qwq6YsTM2GWsDgJrGYwq4FI0uWOD2IZbD939iHT/fyBXc6TYY9DeFTDouFLPG@vger.kernel.org, AJvYcCXjHLj46JI1L5VBHwUbMX4iOxePgwnuQ0VtiQFpGCHORkt2hmX6OhntgqllwYM+b5z0FTRE8oDm0OuEjyw=@vger.kernel.org X-Gm-Message-State: AOJu0Yz+DuA8w70FUsm6pPMRBOeyxGmwfT7PBgiEhjD2nFOxmRhhgz05 1aOPNkpbRa7z3VWwILA0B4ECTFPfNxbXE7GJS9HtwUJiLweGzOd2 X-Google-Smtp-Source: AGHT+IHK3RPvVbNkL0ulMmObg1fv6oLItSdSeQYUnbTgITRiDHxNBFC5utDs26XSVr92XJ7sV7zGaQ== X-Received: by 2002:a17:907:96ac:b0:a9a:6477:bd03 with SMTP id a640c23a62f3a-aa483525d3dmr1598769866b.38.1732011561338; Tue, 19 Nov 2024 02:19:21 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-aa20e081574sm634875566b.179.2024.11.19.02.19.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 19 Nov 2024 02:19:20 -0800 (PST) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Andrew Lunn , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , David Ahern , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH RFC v2 net-next 02/14] netfilter: bridge: Add conntrack double vlan and pppoe Date: Tue, 19 Nov 2024 11:18:54 +0100 Message-ID: <20241119101906.862680-3-ericwouds@gmail.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20241119101906.862680-1-ericwouds@gmail.com> References: <20241119101906.862680-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org X-Patchwork-State: RFC This adds the capability to conntrack 802.1ad, QinQ, PPPoE and PPPoE-in-Q packets that are passing a bridge. Signed-off-by: Eric Woudstra --- net/bridge/netfilter/nf_conntrack_bridge.c | 88 ++++++++++++++++++---- 1 file changed, 75 insertions(+), 13 deletions(-) diff --git a/net/bridge/netfilter/nf_conntrack_bridge.c b/net/bridge/netfilter/nf_conntrack_bridge.c index 816bb0fde718..31e2bcd71735 100644 --- a/net/bridge/netfilter/nf_conntrack_bridge.c +++ b/net/bridge/netfilter/nf_conntrack_bridge.c @@ -241,56 +241,118 @@ static unsigned int nf_ct_bridge_pre(void *priv, struct sk_buff *skb, const struct nf_hook_state *state) { struct nf_hook_state bridge_state = *state; + __be16 outer_proto, inner_proto; enum ip_conntrack_info ctinfo; + int ret, offset = 0; struct nf_conn *ct; - u32 len; - int ret; + u32 len, data_len; ct = nf_ct_get(skb, &ctinfo); if ((ct && !nf_ct_is_template(ct)) || ctinfo == IP_CT_UNTRACKED) return NF_ACCEPT; + switch (skb->protocol) { + case htons(ETH_P_PPP_SES): { + struct ppp_hdr { + struct pppoe_hdr hdr; + __be16 proto; + } *ph = (struct ppp_hdr *)(skb->data); + + data_len = ntohs(ph->hdr.length) - 2; + offset = PPPOE_SES_HLEN; + outer_proto = skb->protocol; + switch (ph->proto) { + case htons(PPP_IP): + inner_proto = htons(ETH_P_IP); + break; + case htons(PPP_IPV6): + inner_proto = htons(ETH_P_IPV6); + break; + default: + return NF_ACCEPT; + } + break; + } + case htons(ETH_P_8021Q): { + struct vlan_hdr *vhdr = (struct vlan_hdr *)(skb->data); + + data_len = 0xffffffff; + offset = VLAN_HLEN; + outer_proto = skb->protocol; + inner_proto = vhdr->h_vlan_encapsulated_proto; + break; + } + default: + data_len = 0xffffffff; + break; + } + + if (offset) { + switch (inner_proto) { + case htons(ETH_P_IP): + case htons(ETH_P_IPV6): + if (!pskb_may_pull(skb, offset)) + return NF_ACCEPT; + skb_pull_rcsum(skb, offset); + skb_reset_network_header(skb); + skb->protocol = inner_proto; + break; + default: + return NF_ACCEPT; + } + } + + ret = NF_ACCEPT; switch (skb->protocol) { case htons(ETH_P_IP): if (!pskb_may_pull(skb, sizeof(struct iphdr))) - return NF_ACCEPT; + goto do_not_track; len = skb_ip_totlen(skb); + if (data_len < len) + len = data_len; if (pskb_trim_rcsum(skb, len)) - return NF_ACCEPT; + goto do_not_track; if (nf_ct_br_ip_check(skb)) - return NF_ACCEPT; + goto do_not_track; bridge_state.pf = NFPROTO_IPV4; ret = nf_ct_br_defrag4(skb, &bridge_state); break; case htons(ETH_P_IPV6): if (!pskb_may_pull(skb, sizeof(struct ipv6hdr))) - return NF_ACCEPT; + goto do_not_track; len = sizeof(struct ipv6hdr) + ntohs(ipv6_hdr(skb)->payload_len); + if (data_len < len) + len = data_len; if (pskb_trim_rcsum(skb, len)) - return NF_ACCEPT; + goto do_not_track; if (nf_ct_br_ipv6_check(skb)) - return NF_ACCEPT; + goto do_not_track; bridge_state.pf = NFPROTO_IPV6; ret = nf_ct_br_defrag6(skb, &bridge_state); break; default: nf_ct_set(skb, NULL, IP_CT_UNTRACKED); - return NF_ACCEPT; + goto do_not_track; } - if (ret != NF_ACCEPT) - return ret; + if (ret == NF_ACCEPT) + ret = nf_conntrack_in(skb, &bridge_state); - return nf_conntrack_in(skb, &bridge_state); +do_not_track: + if (offset) { + skb_push_rcsum(skb, offset); + skb_reset_network_header(skb); + skb->protocol = outer_proto; + } + return ret; } - static unsigned int nf_ct_bridge_in(void *priv, struct sk_buff *skb, const struct nf_hook_state *state) { From patchwork Tue Nov 19 10:18:55 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13879578 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-ej1-f53.google.com (mail-ej1-f53.google.com [209.85.218.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A165C1C3F0B; Tue, 19 Nov 2024 10:19:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.53 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732011566; cv=none; b=MCXXJEYzex/rPhyACORoceO6yTLngY/jouVFe5HmiC+1BkOD0TWoSMXEekxTmwlNXf5Ad3kouFKhHzYR1JOzlp/8/pzRqRyJXttq9/IDvLvprgAY4xeBPs8wQt2y41wEjpKY3rCHMrFNeLx8glP3AtudsaixnzMFT2tjIiLp+74= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732011566; c=relaxed/simple; bh=poTP47yQdf4khdC+9ijtITarQAaptxBJXapnWT/Y6lA=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=dscHgIAfBgr3ufql3gvMvVl8abUXh2EV79uk1ywJOw2ofpjL1BFE/Mlfciu/6hwDtEo1eg+RFmiFRazfRvZaScmAsin9tjG7HqfmbhS0o0vLqd20MNa05ya2ZHMr34sKVdrhyFWbKOhYIGY6Ne90FhJ+YP2l9tUR2ka7ghJJD8s= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=JkuZZY8n; arc=none smtp.client-ip=209.85.218.53 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="JkuZZY8n" Received: by mail-ej1-f53.google.com with SMTP id a640c23a62f3a-a9a6acac4c3so124347466b.0; Tue, 19 Nov 2024 02:19:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1732011563; x=1732616363; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Qi0AlNa47OjnLX+zdNkH8pnYspHiUC9rPn7VlkLtCao=; b=JkuZZY8nlkNATi7t4XJcGdcxZjOdl1rcaEX6/cYWt1uHfFPQAT7s0/HTJCm+ZmiSz1 EYSvz3SyV8sqBlF8x8XhCK0OQVQeg9pDQZ5IJ1GLCvxRLfx7Im2sPU8QL/sG1Sz/vlWg 7eluH5kAqJw4mr4xQmC/zTAlgssyAcTdNnOiRabQG1DfZuJQ2+v7KWKxB6N0F1BOLfeA n7TwKGrVZ0fohvMKC5F8OmltV36jwP0+652uqbBJd0WFjjlVt2cbUIJPY0beWOSnSuky 9uIw1HBXkL8YXCVuAYkR2fZiJJBKpvOyrOVelUyjHa7Aic2vON9XYj2odg/pFdtLc2T/ v2tw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732011563; x=1732616363; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Qi0AlNa47OjnLX+zdNkH8pnYspHiUC9rPn7VlkLtCao=; b=dkGV4qDs48WrKYjYpwIvd9xzJdOuNdjl0vsaxbfn50g550c/gHFFtE1yWoFuE4+OUY NCoRP2BMC9BYNeLeo0KXcJVmkSau+dEJf3Tl6Mh5+oc1GJKz7nup9gpqyx0kmWs46fFW QwtqZ9Wd3elwCdOGtdm1CaHXlYZE7HvFIeSpRgKRtZ3rHjP2nD1FOlESl686GfTiR9Z0 TukEgyug97icpxNi4pVe5S28j4TgpXmD7KhAHr3mhjDLnRc0HFjkGLK2VFsX4C0kqknn 61wrFMZS6Y/I4sVJ/0gVxjAyluOqaydxWsVOEPmJdTVogmqNhXJ+DJreZVz93sY6QvvE 4n1Q== X-Forwarded-Encrypted: i=1; AJvYcCViffyyvCYPI7RN3fiTAwDCmm8RlOV9oComm/815+4FTc6nFP/A4CQ4HfI7zrSShti1MDbClB4YdFnuuSFa1FTV@vger.kernel.org, AJvYcCXbMuDXaIeln1/QgWWLRqsBahbRVm1JEguv326cVTWzd+TzRql7JPPhZVy27h/lkcwo6HXRd0xHLrVVpYA=@vger.kernel.org X-Gm-Message-State: AOJu0YyolCODXl5zFFLZ6JgVNr5ZKydzjm3btiTh3d8ufrYD4jp2Gv0U OMSfb8MkBEtSkoNddbeFYZr/IQgIGYxdKyK4qEuQMlo/NXq9fUjq X-Google-Smtp-Source: AGHT+IFgtvvx9QxVfYb+i/eHHWDw6v24GqRwyxuBvltZN8tRLFnZjBJN+NHnVp7SFNVLDR7NZlEVpg== X-Received: by 2002:a17:907:96ab:b0:a99:ec3c:15cd with SMTP id a640c23a62f3a-aa483552e2amr1511647266b.54.1732011562657; Tue, 19 Nov 2024 02:19:22 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-aa20e081574sm634875566b.179.2024.11.19.02.19.21 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 19 Nov 2024 02:19:22 -0800 (PST) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Andrew Lunn , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , David Ahern , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH RFC v2 net-next 03/14] netfilter: nft_chain_filter: Add bridge double vlan and pppoe Date: Tue, 19 Nov 2024 11:18:55 +0100 Message-ID: <20241119101906.862680-4-ericwouds@gmail.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20241119101906.862680-1-ericwouds@gmail.com> References: <20241119101906.862680-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org X-Patchwork-State: RFC This adds the capability to evaluate 802.1ad, QinQ, PPPoE and PPPoE-in-Q packets in the bridge filter chain. Signed-off-by: Eric Woudstra --- net/netfilter/nft_chain_filter.c | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/net/netfilter/nft_chain_filter.c b/net/netfilter/nft_chain_filter.c index 7010541fcca6..91aa3fa43d31 100644 --- a/net/netfilter/nft_chain_filter.c +++ b/net/netfilter/nft_chain_filter.c @@ -232,11 +232,27 @@ nft_do_chain_bridge(void *priv, struct sk_buff *skb, const struct nf_hook_state *state) { + struct ethhdr *ethh = eth_hdr(skb); struct nft_pktinfo pkt; + int thoff; nft_set_pktinfo(&pkt, skb, state); - switch (eth_hdr(skb)->h_proto) { + switch (ethh->h_proto) { + case htons(ETH_P_PPP_SES): + thoff = PPPOE_SES_HLEN; + ethh += thoff; + break; + case htons(ETH_P_8021Q): + thoff = VLAN_HLEN; + ethh += thoff; + break; + default: + thoff = 0; + break; + } + + switch (ethh->h_proto) { case htons(ETH_P_IP): nft_set_pktinfo_ipv4_validate(&pkt); break; @@ -248,6 +264,8 @@ nft_do_chain_bridge(void *priv, break; } + pkt.thoff += thoff; + return nft_do_chain(&pkt, priv); } From patchwork Tue Nov 19 10:18:56 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13879579 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-lj1-f180.google.com (mail-lj1-f180.google.com [209.85.208.180]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2524A1C3F26; Tue, 19 Nov 2024 10:19:25 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.180 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732011567; cv=none; b=bfx3wyjj8pdwhIC4BGQ+hVdltpYUYyxmZRwrYT7GoXn6G1PAmWPA0+fIwdIzP7G442LN3OlTVIKPiCkFsX3CMbDDyD56YXH82pKL5pWUgCCAcZg/6AtWdRJ+UjSfn3L1+ouJsMl1hY0qmIFr0lvwKfKHMGuoWQP47J+yWyRSo5o= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732011567; c=relaxed/simple; bh=A+ii9hUcM8wU9eVI2sIlc9PYLGj/teoItXOMkBbxNzg=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ff1dFUn0Ej/7ie2BZdKRgDEC2N0nHu5N5vhnXcbGt6mdWaFFTniaHLNewZpK+dHrNs08dPueGTViMFelCF0muoSyl/eCjdcQJG2MHq4aANZKvXiXpwMd2u7sUmmQ0SQfuL/Ln5MsICBQdl0fcfK4+kxp7dO6uuaE1OXTqG1GwaQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=CDP/9psz; arc=none smtp.client-ip=209.85.208.180 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="CDP/9psz" Received: by mail-lj1-f180.google.com with SMTP id 38308e7fff4ca-2feeb1e8edfso39290401fa.1; Tue, 19 Nov 2024 02:19:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1732011564; x=1732616364; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=oNtMqpfiZ8j9VP8YeMgt8jDUBPMHbCQx5OGfeubdb70=; b=CDP/9pszOYe+KA+oTe5dBDEwWJD25NiC26+IT6YMgjmksIJ2IL/ydIKIJ3YWVCBB9t PjYq/6Cg6s0b0IqfKIOOThrDlLAgTgva962vs/YKBIzwHkZ0KyTFw+7wwbygu/F6SPHc TruEjzbzgPRylZptg3AEk8qHG/Y6XDBRuWsSKCLs64nR482Khk3N9Yi/ndDMVE0Dt9zo AEz75UpboX3+BpCyCP0aODSlxo92PRidqJ+adFoQtTyN3BoCfAEvq5TPdXh2P9a2vSsc kR6UikCLcIvnSbw450h5rY2h8YaL2BXwrJu7l/RPh9E3/NU/1cMEKd7Cj6DceDltQbPj ingA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732011564; x=1732616364; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=oNtMqpfiZ8j9VP8YeMgt8jDUBPMHbCQx5OGfeubdb70=; b=p2YC2Z4J+lH7xIfeoNmrEMKUlsHxtWJR2IAG/I/ZlEj++9Oyav01eolfcwNmRJqBOp MQhg0yAe3jd92BUAZoKvF0h8YI50igWaxk3GlRXep6/Svc8GhE98kRo6NQ0FkqKP5rMe SiHhwVk7TAVF/02gKYG+a6UNUYFkYqXVrg1pM3Jy9Hv25acbgj1lhR1IMPVDnkR7qF7I dXD3OT3JqjGas6KlU/ER5LW1NrKr7zYkj0dPiP4v9j2rDIiysFWSB0UvE55sfr16nCGR Oh733PkiGzyqEOAZNhZKb0SktlgVmLg8wLqkfETag2KEJoivIEMZ9SZYpD9c6xL2oqB0 AjVw== X-Forwarded-Encrypted: i=1; AJvYcCWCo7grrIFvcR1iCmKLCT2HQ2Gma9y6qFo+X4laYEj50+KT3NKz7kX3QryB5EcVxOcr7BNlNI3kdNnQg40DyCff@vger.kernel.org, AJvYcCXw/uorQ7foDiaHvgci3Dq/FscnvYDc9Err1UWOrhecnI6FiwmFauMvfQrpFstXvpUjNvwMzEh6YhOPOL4=@vger.kernel.org X-Gm-Message-State: AOJu0YzT8P8xXjRAvCx2cXjdOOOhz4/M8k5wV2+rfZ7NVwdiypJjFO63 dMoNsfWbqueIQMnhVccS6ZBN3Tk17WQTSsnVlWLx1NMEWYDC71KS X-Google-Smtp-Source: AGHT+IHPphanLQvn1smAWqmqpsVVY1N5Pj6CCsoY8pRu0n0GdFTRRvOQ87pUfg0ubCpmZuXrqQ7tJQ== X-Received: by 2002:a2e:a9a9:0:b0:2fa:c0c2:d311 with SMTP id 38308e7fff4ca-2ff60610642mr89237351fa.5.1732011563899; Tue, 19 Nov 2024 02:19:23 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-aa20e081574sm634875566b.179.2024.11.19.02.19.22 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 19 Nov 2024 02:19:23 -0800 (PST) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Andrew Lunn , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , David Ahern , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH RFC v2 net-next 04/14] bridge: br_vlan_fill_forward_path_pvid: Add port to port Date: Tue, 19 Nov 2024 11:18:56 +0100 Message-ID: <20241119101906.862680-5-ericwouds@gmail.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20241119101906.862680-1-ericwouds@gmail.com> References: <20241119101906.862680-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org X-Patchwork-State: RFC Lookup vlan group from bridge port, if it is passed as argument. Signed-off-by: Eric Woudstra --- net/bridge/br_private.h | 2 ++ net/bridge/br_vlan.c | 6 +++++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/net/bridge/br_private.h b/net/bridge/br_private.h index 9853cfbb9d14..046d7b04771f 100644 --- a/net/bridge/br_private.h +++ b/net/bridge/br_private.h @@ -1581,6 +1581,7 @@ bool br_vlan_can_enter_range(const struct net_bridge_vlan *v_curr, const struct net_bridge_vlan *range_end); void br_vlan_fill_forward_path_pvid(struct net_bridge *br, + struct net_bridge_port *p, struct net_device_path_ctx *ctx, struct net_device_path *path); int br_vlan_fill_forward_path_mode(struct net_bridge *br, @@ -1750,6 +1751,7 @@ static inline int nbp_get_num_vlan_infos(struct net_bridge_port *p, } static inline void br_vlan_fill_forward_path_pvid(struct net_bridge *br, + struct net_bridge_port *p, struct net_device_path_ctx *ctx, struct net_device_path *path) { diff --git a/net/bridge/br_vlan.c b/net/bridge/br_vlan.c index 89f51ea4cabe..2ea1e2ff4676 100644 --- a/net/bridge/br_vlan.c +++ b/net/bridge/br_vlan.c @@ -1441,6 +1441,7 @@ int br_vlan_get_pvid_rcu(const struct net_device *dev, u16 *p_pvid) EXPORT_SYMBOL_GPL(br_vlan_get_pvid_rcu); void br_vlan_fill_forward_path_pvid(struct net_bridge *br, + struct net_bridge_port *p, struct net_device_path_ctx *ctx, struct net_device_path *path) { @@ -1453,7 +1454,10 @@ void br_vlan_fill_forward_path_pvid(struct net_bridge *br, if (!br_opt_get(br, BROPT_VLAN_ENABLED)) return; - vg = br_vlan_group(br); + if (p) + vg = nbp_vlan_group(p); + else + vg = br_vlan_group(br); if (idx >= 0 && ctx->vlan[idx].proto == br->vlan_proto) { From patchwork Tue Nov 19 10:18:57 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13879580 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-lj1-f178.google.com (mail-lj1-f178.google.com [209.85.208.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4470C1C57AD; Tue, 19 Nov 2024 10:19:27 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.178 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732011568; cv=none; b=QEnuydzonCrbWreFAhOEXvp03Y0fz8aPmBIQ3KosXatlOtgryFZBiaYPUoE+xqyZz4I7GB/gMcfF+487BqDq9RUhGZiSdN18JKRS574DRvWoBL+Hjz7A1Xl30TyCUyPQ4u/hki58pFBtNJPIObrRoe4jmz6INVHjje1p7BCjbNI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732011568; c=relaxed/simple; bh=KS/BSXKwODiNlM345SD1MVSJzHQruZ4MhHPY3AhQs7o=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=XvylM0Urp/b1003nPAB5I7OkuTdERsGMyHVJ6O0nsezd2IdeVmHv0ZppUOLBav24TUe+qwM2HZILosr7bOG20/tA6tJUPVFudQgd7KQhmNJGaLGkW+V0X2mxcSo6aRBiyh8M0EzlEklmWktdaduknEzqm3KPiUO6LF6xBzwawys= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=bwSdhvbA; arc=none smtp.client-ip=209.85.208.178 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="bwSdhvbA" Received: by mail-lj1-f178.google.com with SMTP id 38308e7fff4ca-2fb4af0b6beso42481771fa.3; Tue, 19 Nov 2024 02:19:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1732011565; x=1732616365; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=3IFIJoTYk6YKRTRNHwxftMTYmZfYo4cB7iVfLaoFmHE=; b=bwSdhvbAOBVz1Z4od4PC1RHthKX0VofA2W3HVQoSTn6R+yfreHNuyUbE0g3FvGVyRV MWMaFVLTdpXKplCqldy9muVoEBSFNW5FeSuA1pjncTGKlKXh6NIXpo03yjAp8JDInhcy XdOUApEGnW1c0ik7MKH2aE43MTkW5cZjq2xC1mbAPZ98CXqT2Md9Ckr/NF/bl89zZyyo HlXtsN1JoL1WJAkZ/1lFxoT/42gmnEIywThzF+NPLNgt/UK0yjimO3eUU8XN2SBEenR3 BFZoLoJNRqGrEhKkMnzuVAsRdJ8wcXwICVH6kOYGUWafKHrZbLN9ZMjvZ/eeyXLd8WG1 4VnQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732011565; x=1732616365; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=3IFIJoTYk6YKRTRNHwxftMTYmZfYo4cB7iVfLaoFmHE=; b=QPHRmxmIhOHI2OXXtL6xAnaiAFicaiczF4Ux1TyrYco+5BPoSdd+su7E+Lc/RIMvI2 WSFtlgFd56GWCHILCqdX8DSXHAgA7A69tcDD4dRAQe1Bz26kSHFK+g/vdqWkuZuiUA00 P8wrRHxKodAjvwNdLoOJZhp/CkFuYHvps1UTh9Cgn3U9OyLpd5OWJHTiSpAAjKXBz9WH 9YBKMpdNLCgWaa7QKHJ3JrSz5baUqOHydPpcJWlBD0A5qyTIr2jPrTh53sglLMmS071S RniNY9F2UmdxckJs4cAUDOy3DDZ0YWv5h04be0Mva3KUDP0GAsxkRlArLa0X6/1drJHj Qi0w== X-Forwarded-Encrypted: i=1; AJvYcCUaPJpnEqKIMMmgWH6jOBVVHmBFn/iobJo2i5yb4zfgpW93oCyz9hCg61ibwXymqld/8cHlJTR+nj8k49M=@vger.kernel.org, AJvYcCX+McHztXOM3W2DFhfesnAwQEvW5XTXdHU9fhQq+lWqh2/4du1hQ9igVNtqOH0Rg91x8V0+AMWXjsYhonPsh4Ga@vger.kernel.org X-Gm-Message-State: AOJu0YxLhz5rRZMQCA1yRlQClSEtPR4FH2QgF+VmtDZKv2k70VY0jke8 IoAFeO2/uE9DnvBu+Dv4MRUSZieaovW3MaZf6gI96Q6ymiaYuCmg X-Google-Smtp-Source: AGHT+IHnkAmZBG6E9wO/q7BJvCC5UomYmpRer3uAt1HmEjIcUorcDjARLDEPuztshHFwg7HC5D+dGA== X-Received: by 2002:a05:6512:32c9:b0:52e:fa5f:b6a7 with SMTP id 2adb3069b0e04-53dab29e907mr9290473e87.13.1732011565255; Tue, 19 Nov 2024 02:19:25 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-aa20e081574sm634875566b.179.2024.11.19.02.19.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 19 Nov 2024 02:19:24 -0800 (PST) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Andrew Lunn , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , David Ahern , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH RFC v2 net-next 05/14] bridge: br_fill_forward_path add port to port Date: Tue, 19 Nov 2024 11:18:57 +0100 Message-ID: <20241119101906.862680-6-ericwouds@gmail.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20241119101906.862680-1-ericwouds@gmail.com> References: <20241119101906.862680-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org X-Patchwork-State: RFC If handed a bridge port, use the bridge master to fill the forward path. Signed-off-by: Eric Woudstra --- net/bridge/br_device.c | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/net/bridge/br_device.c b/net/bridge/br_device.c index 0ab4613aa07a..c7646afc8b96 100644 --- a/net/bridge/br_device.c +++ b/net/bridge/br_device.c @@ -383,16 +383,25 @@ static int br_del_slave(struct net_device *dev, struct net_device *slave_dev) static int br_fill_forward_path(struct net_device_path_ctx *ctx, struct net_device_path *path) { + struct net_bridge_port *src, *dst; struct net_bridge_fdb_entry *f; - struct net_bridge_port *dst; struct net_bridge *br; - if (netif_is_bridge_port(ctx->dev)) - return -1; + if (netif_is_bridge_port(ctx->dev)) { + struct net_device *br_dev; + + br_dev = netdev_master_upper_dev_get_rcu((struct net_device *)ctx->dev); + if (!br_dev) + return -1; - br = netdev_priv(ctx->dev); + src = br_port_get_rcu(ctx->dev); + br = netdev_priv(br_dev); + } else { + src = NULL; + br = netdev_priv(ctx->dev); + } - br_vlan_fill_forward_path_pvid(br, ctx, path); + br_vlan_fill_forward_path_pvid(br, src, ctx, path); f = br_fdb_find_rcu(br, ctx->daddr, path->bridge.vlan_id); if (!f) From patchwork Tue Nov 19 10:18:58 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13879581 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-ed1-f53.google.com (mail-ed1-f53.google.com [209.85.208.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 621A61C75ED; Tue, 19 Nov 2024 10:19:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.53 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732011570; cv=none; b=fi8zaYfDKCVig2f6r4STMuK+zf/JD3kR4BkkArbeSfaCoqz79nBjpTX2GC7If7zes2M0KcY6d4JCwfuytrRG/pzKvWiSyrA+imIWG58a8qaCnmdcKpoAH/5ZQkIdFkSv4KKiQC6301KLJlQLhrYmyQPn41l1ovV8gbb/W4kT7Ns= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732011570; c=relaxed/simple; bh=DLGTszneUOBEBDZLWCnm870CxbqkcNe11Y1L1eWSarQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=IsPRFeZIa5EbdK0yIop9nZQzCPT5LOgf+kKH/TYKAy4FHOft7nDHF+rRpnOVVqIsoQAhXw7oSsgaQioXTQxyuERLlMn8agcZQRYbIx7kqFOHgu5K3vHg+df0/FPRClbQfDyvl2rRMvFAbU6DVTciuPFmMxhBdjezjnSk2rdZUuo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=Xoy9y+UX; arc=none smtp.client-ip=209.85.208.53 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="Xoy9y+UX" Received: by mail-ed1-f53.google.com with SMTP id 4fb4d7f45d1cf-5cfd2978f95so2085269a12.0; Tue, 19 Nov 2024 02:19:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1732011567; x=1732616367; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=UhjXvlF/z+0rM6u5ozJqSa6SbSygSBJ+zrfQOupSHO8=; b=Xoy9y+UXrs4PwdFi0yszhpWAEbV4KhUfZCYtTbx2n9unBP9QTH99OJqBBJUzhpql88 Hdrt4ABXilCsd7BtF7sZPU13lpmLggroZ0bxBFyrs6ZbaUdsf4ELvL6MrPXSA/7FkA2k iOqyLqt493bdEuFrQThmLRxi1bN+Q2ICcmIkidaHCXUzHv+ekEQm+GshAaNR4Fr6ICAh qhK8WEKdXZ2jlGWGz35gQMD44Uffrh8VIOqj3h7KE6rF0qs37ylcodSawDUbSwi45ike P02M960S6re2vp49oeL3l0C1TPk+czRDC4Vce0PXhGBrGdDqGD5JvUDDvmLn3YzXC9qn 5FbA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732011567; x=1732616367; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=UhjXvlF/z+0rM6u5ozJqSa6SbSygSBJ+zrfQOupSHO8=; b=Qsd+yFfMCPpPPiOzVGsqibnZOoTasij8QGlnk9/tz1aGyucBiGHe+4h6Zawb8GW67y q4nkjSESFLF7uREpALHWmtzz7vB1sqAzudUrksT2vKYtdHsJszrxNvvnwI6a0rfw8W1Q b+g30j1CGZD4ZHyVrn7DeOZSPBCMIn3lA7bWEVhM+c4yRvsOhS/rn0uB/0xbdBCG2cii D8VJUB4fI13v+SHWdGBElLle6M9p10SBPcjlPvZjSRni6i86R/mTn9qemR3ke2NXoi+0 Xp8gMDS909lxMHXnPqXlL0kBlxoa3LjirzMpStgWM4G5Mp7sbESul+IlVgGRLUdHs1Ze tyOA== X-Forwarded-Encrypted: i=1; AJvYcCUMBNw68vKs+Y2sIGUIORzp0C8JGXFoXhgSP3w3+pEw/WXVAcVH15PR2mtbxbdrZK5b5Gj/c/g3ZQ1kLf5V5OPY@vger.kernel.org, AJvYcCXoP/F35r5MW5X3SRrexVBwcv2cag3zC17g3JXzl7QztfPGxWTo/PWLVsp476stUkMF8tv4FvJDca+yKm4=@vger.kernel.org X-Gm-Message-State: AOJu0Yw9lAbwGWSlURQtvAWAEr4u3BHZNiN87oxjORAtsLaFXEWyzgQQ hnqmZ7Wr/edZpQ489RrRtRNAAUSlzVmR87IuaK/oFYFHplUDf9yU X-Google-Smtp-Source: AGHT+IGzB93ZeO7pNN+fEomEYrj7b7jdCBNk8D+nmWW0jpw6ZssNgDprYV1yl7YzBLGgZvsa4c/n+g== X-Received: by 2002:a17:907:9303:b0:a9e:d417:c725 with SMTP id a640c23a62f3a-aa4833e8fe9mr1613209266b.3.1732011566595; Tue, 19 Nov 2024 02:19:26 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-aa20e081574sm634875566b.179.2024.11.19.02.19.25 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 19 Nov 2024 02:19:26 -0800 (PST) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Andrew Lunn , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , David Ahern , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH RFC v2 net-next 06/14] net: core: dev: Add dev_fill_bridge_path() Date: Tue, 19 Nov 2024 11:18:58 +0100 Message-ID: <20241119101906.862680-7-ericwouds@gmail.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20241119101906.862680-1-ericwouds@gmail.com> References: <20241119101906.862680-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org X-Patchwork-State: RFC New function dev_fill_bridge_path(), similar to dev_fill_forward_path(). It handles starting from a bridge port instead of the bridge master. The structures ctx and nft_forward_info need to be already filled in with the (vlan) encaps. Signed-off-by: Eric Woudstra --- include/linux/netdevice.h | 2 ++ net/core/dev.c | 66 +++++++++++++++++++++++++++++++-------- 2 files changed, 55 insertions(+), 13 deletions(-) diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h index ecc686409161..15923d177f9e 100644 --- a/include/linux/netdevice.h +++ b/include/linux/netdevice.h @@ -3143,6 +3143,8 @@ void dev_remove_offload(struct packet_offload *po); int dev_get_iflink(const struct net_device *dev); int dev_fill_metadata_dst(struct net_device *dev, struct sk_buff *skb); +int dev_fill_bridge_path(struct net_device_path_ctx *ctx, + struct net_device_path_stack *stack); int dev_fill_forward_path(const struct net_device *dev, const u8 *daddr, struct net_device_path_stack *stack); struct net_device *__dev_get_by_flags(struct net *net, unsigned short flags, diff --git a/net/core/dev.c b/net/core/dev.c index 13d00fc10f55..f44752e916b0 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -713,44 +713,84 @@ static struct net_device_path *dev_fwd_path(struct net_device_path_stack *stack) return &stack->path[k]; } -int dev_fill_forward_path(const struct net_device *dev, const u8 *daddr, - struct net_device_path_stack *stack) +static int dev_fill_forward_path_common(struct net_device_path_ctx *ctx, + struct net_device_path_stack *stack) { const struct net_device *last_dev; - struct net_device_path_ctx ctx = { - .dev = dev, - }; struct net_device_path *path; int ret = 0; - memcpy(ctx.daddr, daddr, sizeof(ctx.daddr)); - stack->num_paths = 0; - while (ctx.dev && ctx.dev->netdev_ops->ndo_fill_forward_path) { - last_dev = ctx.dev; + while (ctx->dev && ctx->dev->netdev_ops->ndo_fill_forward_path) { + last_dev = ctx->dev; path = dev_fwd_path(stack); if (!path) return -1; memset(path, 0, sizeof(struct net_device_path)); - ret = ctx.dev->netdev_ops->ndo_fill_forward_path(&ctx, path); + ret = ctx->dev->netdev_ops->ndo_fill_forward_path(ctx, path); if (ret < 0) return -1; - if (WARN_ON_ONCE(last_dev == ctx.dev)) + if (WARN_ON_ONCE(last_dev == ctx->dev)) return -1; } - if (!ctx.dev) + if (!ctx->dev) return ret; path = dev_fwd_path(stack); if (!path) return -1; path->type = DEV_PATH_ETHERNET; - path->dev = ctx.dev; + path->dev = ctx->dev; return ret; } + +int dev_fill_bridge_path(struct net_device_path_ctx *ctx, + struct net_device_path_stack *stack) +{ + const struct net_device *last_dev, *br_dev; + struct net_device_path *path; + + stack->num_paths = 0; + + if (!ctx->dev || !netif_is_bridge_port(ctx->dev)) + return -1; + + br_dev = netdev_master_upper_dev_get_rcu((struct net_device *)ctx->dev); + if (!br_dev || !br_dev->netdev_ops->ndo_fill_forward_path) + return -1; + + last_dev = ctx->dev; + path = dev_fwd_path(stack); + if (!path) + return -1; + + memset(path, 0, sizeof(struct net_device_path)); + if (br_dev->netdev_ops->ndo_fill_forward_path(ctx, path) < 0) + return -1; + + if (!ctx->dev || WARN_ON_ONCE(last_dev == ctx->dev)) + return -1; + + return dev_fill_forward_path_common(ctx, stack); +} +EXPORT_SYMBOL_GPL(dev_fill_bridge_path); + +int dev_fill_forward_path(const struct net_device *dev, const u8 *daddr, + struct net_device_path_stack *stack) +{ + struct net_device_path_ctx ctx = { + .dev = dev, + }; + + memcpy(ctx.daddr, daddr, sizeof(ctx.daddr)); + + stack->num_paths = 0; + + return dev_fill_forward_path_common(&ctx, stack); +} EXPORT_SYMBOL_GPL(dev_fill_forward_path); /** From patchwork Tue Nov 19 10:18:59 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13879582 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-ej1-f53.google.com (mail-ej1-f53.google.com [209.85.218.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B2DEB1C8788; Tue, 19 Nov 2024 10:19:29 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.53 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732011571; cv=none; b=kbp40kMGaCq1QmL3bvl8teNSsJb/pVsaSEJZwxd+2WJjt5KlhB6XZk+3QZr4yJt+qmmJ9y4bcRX+ILaOASE5YCcZ4/uLsJUiB1FFPlPXeU/Mp1jqPvknR5H1z86e8f2rVK4qf1QwTqdfZVfa2Cf8z72vyiSjQntaSj8Gn8LtRV0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732011571; c=relaxed/simple; bh=hGsEEgBwVWVwF5UUBIOEi5WjCie3Q/gi9JKsnhC1X8o=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=mpJ+BSFNcJFyyBHsoskF1l+IrP9+eMXu6wJfV7BxaT33SN+ARmBXX1AUuJkJI1bHWBbu5qlupyhPJPa5PAwvphnD5TyStP1iuAlFoVYWEhUMbani07fWuoMsPermMj0fp0qIpMdG2v03c7D13Ft3Dz8OGQnskp2KxetVtqPj9/M= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=k26TVJxM; arc=none smtp.client-ip=209.85.218.53 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="k26TVJxM" Received: by mail-ej1-f53.google.com with SMTP id a640c23a62f3a-a9ed0ec0e92so428322166b.0; Tue, 19 Nov 2024 02:19:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1732011568; x=1732616368; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=pdMZzUqlItAKYCipC8R7CKRW4bj0To7qOhyuRvVgeD0=; b=k26TVJxMPo9ZClnhJPAOrtPZ+FxuVwFiERkyuo9dFjoYWEHVU36MqI52iQ52dJ5Vg6 1arS03Yt7KJXFq2/9q3fLmn8ZqD3RZ0lkSMHgsokm+SyuEvGKHH8r2Djq1ddASr+zRTy YCz4l/yWAUbgunpE99o2upVRASHILyquGWYU+Ln3hykBSR0uqFUwrhF1/OOagUiknnyf DhrD/HVWEh8N9c/h7qrzIBKueXqi9VNDFqGcrRvpgol3HeEth+CyCCJ2PxoldeCNekxj WPALGD58GYGQ0bjA2jZrpgZLJczrkPeNe1MWleOmMfq1QEB98ZwAZ7QQaT9uvcf0dHCw nkyA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732011568; x=1732616368; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=pdMZzUqlItAKYCipC8R7CKRW4bj0To7qOhyuRvVgeD0=; b=r1didY5WTsYF/nWKwlk7h8mxniIkVTsT8SWPbWy5dImmyIFSmLozUxV7gXAx6xnFXp /S2Rka32mLvNQX3OAOfDQyTxPY0Pgzf5SQkL/BEFtNdSLN0NGYo+4JhAJJaPy65r6fFf pbvPqC6V9G9rYxOpO1w1gExMF4SOL1cpjeuOxzll6BVBLSUYjFNcW/+jCYtJyDvTzk73 gnzXVdtjd29ORmiiujUMVMokUOnxERHeNaKrHErlTzdDOY2FeDX76Z8E4/hB34ttxiwf WnYDQWnw6ofvdNiEQ02+tk9tH5ynm+oFW9MFrSCGviQ0x99vKN2oz/4CGqYgwRyWmix0 WVqA== X-Forwarded-Encrypted: i=1; AJvYcCV5VuYySnED1Vq3J1YRO6FmPHANJzewrzxwQiaq2tEuacFcGpUJiKnbR8dNdSF6M5sCt/Fa0x0JwRq1Abt9aX+I@vger.kernel.org, AJvYcCW7oJD8TELvcJnfmMlfEDT6do5YCX/9iP4t91dnHK7Ty8qEV71meKCQH+qOO6yVglRU12uvRPfXw7X2MJ0=@vger.kernel.org X-Gm-Message-State: AOJu0YzVkThk3hFTh3IjoJjtkxrPFU2MhWINMZVMctsZtBQtDgQcTdwJ ftdYFyxnD/CBUVLgQHFXQ94z/Ir/PJDaKEpX61RXRJK7qHkDTkz+ X-Google-Smtp-Source: AGHT+IE5L4vgeqmlwvDR/7799c7w2L3XGWClbNm8n2h6VzOovB3/FqcYwFKbh7Ag4naigGnLrOKLJg== X-Received: by 2002:a17:907:7f88:b0:a9a:7f84:93e3 with SMTP id a640c23a62f3a-aa48341a1c8mr1497903766b.14.1732011567950; Tue, 19 Nov 2024 02:19:27 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-aa20e081574sm634875566b.179.2024.11.19.02.19.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 19 Nov 2024 02:19:27 -0800 (PST) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Andrew Lunn , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , David Ahern , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH RFC v2 net-next 07/14] netfilter :nf_flow_table_offload: Add nf_flow_rule_bridge() Date: Tue, 19 Nov 2024 11:18:59 +0100 Message-ID: <20241119101906.862680-8-ericwouds@gmail.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20241119101906.862680-1-ericwouds@gmail.com> References: <20241119101906.862680-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org X-Patchwork-State: RFC Add nf_flow_rule_bridge(). It only calls the common rule and adds the redirect. Signed-off-by: Eric Woudstra --- include/net/netfilter/nf_flow_table.h | 3 +++ net/netfilter/nf_flow_table_offload.c | 13 +++++++++++++ 2 files changed, 16 insertions(+) diff --git a/include/net/netfilter/nf_flow_table.h b/include/net/netfilter/nf_flow_table.h index b63d53bb9dd6..568019a3898a 100644 --- a/include/net/netfilter/nf_flow_table.h +++ b/include/net/netfilter/nf_flow_table.h @@ -341,6 +341,9 @@ void nf_flow_table_offload_flush_cleanup(struct nf_flowtable *flowtable); int nf_flow_table_offload_setup(struct nf_flowtable *flowtable, struct net_device *dev, enum flow_block_command cmd); +int nf_flow_rule_bridge(struct net *net, struct flow_offload *flow, + enum flow_offload_tuple_dir dir, + struct nf_flow_rule *flow_rule); int nf_flow_rule_route_ipv4(struct net *net, struct flow_offload *flow, enum flow_offload_tuple_dir dir, struct nf_flow_rule *flow_rule); diff --git a/net/netfilter/nf_flow_table_offload.c b/net/netfilter/nf_flow_table_offload.c index e06bc36f49fe..5543ce03a196 100644 --- a/net/netfilter/nf_flow_table_offload.c +++ b/net/netfilter/nf_flow_table_offload.c @@ -679,6 +679,19 @@ nf_flow_rule_route_common(struct net *net, const struct flow_offload *flow, return 0; } +int nf_flow_rule_bridge(struct net *net, struct flow_offload *flow, + enum flow_offload_tuple_dir dir, + struct nf_flow_rule *flow_rule) +{ + if (nf_flow_rule_route_common(net, flow, dir, flow_rule) < 0) + return -1; + + flow_offload_redirect(net, flow, dir, flow_rule); + + return 0; +} +EXPORT_SYMBOL_GPL(nf_flow_rule_bridge); + int nf_flow_rule_route_ipv4(struct net *net, struct flow_offload *flow, enum flow_offload_tuple_dir dir, struct nf_flow_rule *flow_rule) From patchwork Tue Nov 19 10:19:00 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13879583 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-ej1-f45.google.com (mail-ej1-f45.google.com [209.85.218.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DF3511C9B97; Tue, 19 Nov 2024 10:19:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.45 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732011572; cv=none; b=POPYCXQSPoUjWnciFDekrB72maPXQzFUqd1akr3FM5Wejlb++Jt9Sjkn57gPBWJnSDvNoLQPKk8M5nEARLMztsRCj6Okh+Uei8YqeS9EOnry67J7fAEG2qzEWVNdqbJxgDQES0cIhvAlTq+sJcDc2e36To6uZO1iXSM7aze5XUI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732011572; c=relaxed/simple; bh=lJyh0xDXdmHktWavY1MmbrQ/vBL7nLzt7QdbMKOj4K8=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ER1jI2tTBk4uOHr6l+nNLFTLhsuXp2g6fTDHwzXTUD5ODynZSIT6R7okA0nt07891iukMys1RgqRtBd96xGlNIjxyJWrhbSqveQMojSRBG/7m8paTo+CYn7sowADqV+ThFvFZP13v8wbu/dnDosP1k8EqcR1OKgJpSlUqprgSYI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=PM2hNU1z; arc=none smtp.client-ip=209.85.218.45 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="PM2hNU1z" Received: by mail-ej1-f45.google.com with SMTP id a640c23a62f3a-a9ec86a67feso137165266b.1; Tue, 19 Nov 2024 02:19:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1732011569; x=1732616369; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=D6bOSx9F0JYNp5qomZcy7h/raSRvVGKNY4mEoIJa6U4=; b=PM2hNU1zustoIXeTQ0u3SsnPW52LGEmDhe85a0IDlKJLoIgG47kVopF8rKPftIks8E 6egz5QcBEKghugesxg6H9Yvu9tgEcR8U5ijDIQZZ2Cc01fyUiHbFtl6GMc9XT0HG/WmC skVrttHEuQjC2uIPHFgmSPPnJlSLSYzpNrWU3xi87wsfaqGTLYGkbnhfX5ghrRy6/FpH QXOAKVoCltxtdpxgr098IRpfZTw1wBY7+JNNAoujN6dGE5KcbS/EDjLHqilRgD1TWiiQ Qb2dmAoY/S+klSws6CoGfgVx39I2sopCA9rAAkI+lwooM1lZSx4D70JhK4mDh6B0zpFb UDBw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732011569; x=1732616369; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=D6bOSx9F0JYNp5qomZcy7h/raSRvVGKNY4mEoIJa6U4=; b=V8s5x8FP/VpZnyNsVsOGI5W9acYZOQ3J/KSNCC8FvHBaR4lNNyNQ1i3mwIB9taC1gu MHOlGsIpnJU+wVaWbOTZEcnvaGNRm+v3vCw0YJOdOIlm9mtN4VGiBZMyrlbLYXcoRp1/ d+3AXhTyMySscr+FFFUy18As71Ogqoq41qSJf/+tYZAWvoznhWDi+wjS822dBjkJ3GXh rSvSFGxo35l1z8W+1PVxA71JLWQFe4OrNLGQO3s7YVUyvqThgo9TFHCkhkcRgFW2dRm8 +Qy9LSuzuZ9YdC0JdIsKc9gktBEpigthTe9juPS3H8TMCaDIc1qMaB3miN+Kll+wCpbU GPZg== X-Forwarded-Encrypted: i=1; AJvYcCU+N/4rju3t4mwWImBgV6gyaLPg3tKS4QKfD5sRfRKJgZprV0FKvUGq7BMqf1sy2xTfoVwQ3l1s3VqkkkYCn9rf@vger.kernel.org, AJvYcCVt+/aIGt1fuG3FG2SIaYVCIKk3nYtA/Ex+NkfJZAaKH2v3rJTwtyUFm+LCatjl1Ng3a1W1oAybogwOhy8=@vger.kernel.org X-Gm-Message-State: AOJu0YwnKgemkUSza8Q7WPw1qxy8zTOikYssja41dIpx7ik+C80UHMmu mljXtBMkoRLJdfwNk/PwfRQtwtmXLROkGTV1xz+eC03s4TCUII6K X-Google-Smtp-Source: AGHT+IG4oWs8UOYUh0SfCm6s9PZ7edWvV+3g/BCD/rQGn8EB4n9k2Znl8dCuVvZlTq+Io1pQtKbeBw== X-Received: by 2002:a17:907:2682:b0:a99:fa01:2b72 with SMTP id a640c23a62f3a-aa483489f31mr1130230666b.33.1732011569157; Tue, 19 Nov 2024 02:19:29 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-aa20e081574sm634875566b.179.2024.11.19.02.19.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 19 Nov 2024 02:19:28 -0800 (PST) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Andrew Lunn , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , David Ahern , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH RFC v2 net-next 08/14] netfilter: nf_flow_table_inet: Add nf_flowtable_type flowtable_bridge Date: Tue, 19 Nov 2024 11:19:00 +0100 Message-ID: <20241119101906.862680-9-ericwouds@gmail.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20241119101906.862680-1-ericwouds@gmail.com> References: <20241119101906.862680-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org X-Patchwork-State: RFC This will allow a flowtable to be added to the nft bridge family. Signed-off-by: Eric Woudstra --- net/netfilter/nf_flow_table_inet.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/net/netfilter/nf_flow_table_inet.c b/net/netfilter/nf_flow_table_inet.c index b0f199171932..80b238196f29 100644 --- a/net/netfilter/nf_flow_table_inet.c +++ b/net/netfilter/nf_flow_table_inet.c @@ -65,6 +65,16 @@ static int nf_flow_rule_route_inet(struct net *net, return err; } +static struct nf_flowtable_type flowtable_bridge = { + .family = NFPROTO_BRIDGE, + .init = nf_flow_table_init, + .setup = nf_flow_table_offload_setup, + .action = nf_flow_rule_bridge, + .free = nf_flow_table_free, + .hook = nf_flow_offload_inet_hook, + .owner = THIS_MODULE, +}; + static struct nf_flowtable_type flowtable_inet = { .family = NFPROTO_INET, .init = nf_flow_table_init, @@ -97,6 +107,7 @@ static struct nf_flowtable_type flowtable_ipv6 = { static int __init nf_flow_inet_module_init(void) { + nft_register_flowtable_type(&flowtable_bridge); nft_register_flowtable_type(&flowtable_ipv4); nft_register_flowtable_type(&flowtable_ipv6); nft_register_flowtable_type(&flowtable_inet); @@ -109,6 +120,7 @@ static void __exit nf_flow_inet_module_exit(void) nft_unregister_flowtable_type(&flowtable_inet); nft_unregister_flowtable_type(&flowtable_ipv6); nft_unregister_flowtable_type(&flowtable_ipv4); + nft_unregister_flowtable_type(&flowtable_bridge); } module_init(nf_flow_inet_module_init); @@ -118,5 +130,6 @@ MODULE_LICENSE("GPL"); MODULE_AUTHOR("Pablo Neira Ayuso "); MODULE_ALIAS_NF_FLOWTABLE(AF_INET); MODULE_ALIAS_NF_FLOWTABLE(AF_INET6); +MODULE_ALIAS_NF_FLOWTABLE(AF_BRIDGE); MODULE_ALIAS_NF_FLOWTABLE(1); /* NFPROTO_INET */ MODULE_DESCRIPTION("Netfilter flow table mixed IPv4/IPv6 module"); From patchwork Tue Nov 19 10:19:01 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13879584 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-lf1-f43.google.com (mail-lf1-f43.google.com [209.85.167.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6CCB41C9EBD; Tue, 19 Nov 2024 10:19:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.167.43 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732011574; cv=none; b=Y5xAxkyOA/YCEibgz9j2tqGim+PnUriQ8wsklIsvrYpAL4yscbpO/z1uNo2Bx+qY8DAnCLqS70qmpg24a7l2gV31NEttymAIcBa8wHpLLHgxc9qCK8j8AU9msMz8uyd2WIk7MyhT7Tlx075r1VYnAjeP/BXT5YdvURVjqO816Mo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732011574; c=relaxed/simple; bh=0I6T/24QZkHjB/L8wZWMgXSyBUqTbRPz+vAmJSwHL+A=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Wop8B9YTBkFsuQEupsWjnV4TgWrxxenesJvu3Brr12GyNF1ZSX7JncKkdNOQAvG5IdBB6DRzHJqCNunHZn8d2sTk+Dq/yz4A882JPeXCVt/VnPBwH3xrdrt/KZ3Y/jPzMajtT9vzsnjXicpbawDeZHzhTm3mL933f/w4+V+9wFk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=foJpRkro; arc=none smtp.client-ip=209.85.167.43 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="foJpRkro" Received: by mail-lf1-f43.google.com with SMTP id 2adb3069b0e04-53da353eb2eso4502405e87.3; Tue, 19 Nov 2024 02:19:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1732011570; x=1732616370; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=3u3z/3aqnlj2QKTkwMuuz0nzsflPHuugQE1+9CzpwS8=; b=foJpRkrom9hYyiADMEEqkh3+QqgSPBcyJGBvBSfaLlTkfHWlYP5UkTagylPKaVLg9u 2MPiYA8nX2OBbNU3KVJpwvqItr6ffxqjJJl19jkQrH/KO0HgwjzhjYPv0+0gUgcPuHvh SALwuLPtuEFf2E2Mz7NKrRuRPi3990F0j+u5Z56GgtjKzzdsdVNRdTo0eTqaY+vKmWEt EI3jC4mgQPqYrqcVd+RhWs5NmCuzQtQ0RajhoTjSTRxisI3ZJk7bk5eVyzvt3ZnwhKEL Bfj1INadBLCpw5LLd3UJtJQii+t2PvTxqnU+05Ve8wZloONLok8Zh2OtmGdAnIjedTpp tgxQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732011570; x=1732616370; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=3u3z/3aqnlj2QKTkwMuuz0nzsflPHuugQE1+9CzpwS8=; b=YT4OF3OFBW2VJZJ11Cs59FP9+ZIajRapNX4BJGkpHnemzQp2PZfy/DX/YUp/TgCQvX WaPOK66ZrtHo89HS0Y0K65YcWWmXNVjWsv1SJ6TKVBlI/lIBM6Rn9hAp8mTyFo/A710E bZpV1MESXRcuTzaW2/NLpMFST7+lXn5wM+XRvxl3DuVkfTkjaVIcr9lE7HSUc0SdeV6R DiOcb33ye/YSj6HG24Y3L2Fw8E9Ee6Zlw4sBBkk5x7rZrlhv3AW8fbYqZKTjV0tyjECV /afJxVS+GohaGe1UgMCvO5jwX5xhfOxUzu4Rz4m5CUAcEBLbnX4FVXQ0HHACnuZ6TqRC Ri8w== X-Forwarded-Encrypted: i=1; AJvYcCXut+iEc0VmkNtJNZK+PdYYRQrSbrHQQTuKfs8M/RVuKNL7ocy/g+zUu3qETr8RcqeOO+7SOEmPZvnPf/QX4a+v@vger.kernel.org, AJvYcCXxrrUqgeD9AjsYwwk5A9xWCuqNzypdpHU0nPEWzmxXGKjw9aRkzkF1tbDfaDqYw7zLslGGzHQ0tYFmYJQ=@vger.kernel.org X-Gm-Message-State: AOJu0YxCJXBZ74SI4JAtffmBGAsHKkwmHBfsIDCyU5PU5S/kHAo+mOeE TAzQ9PD5UlnpaFmS8fUg3eku4QeNwnve8AhfhlcKnwWcXzKgwqYA4yUI5OEA X-Google-Smtp-Source: AGHT+IGkiRcx+4ntGYaz++MVtIBeL1R2ddFZ1Ewy1ZLQRMvnRephj/zyQ1UBYhWvJx/x9a4afZDUfw== X-Received: by 2002:a05:6512:3044:b0:533:c9d:a01f with SMTP id 2adb3069b0e04-53dab29527fmr10641351e87.4.1732011570368; Tue, 19 Nov 2024 02:19:30 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-aa20e081574sm634875566b.179.2024.11.19.02.19.29 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 19 Nov 2024 02:19:29 -0800 (PST) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Andrew Lunn , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , David Ahern , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH RFC v2 net-next 09/14] netfilter: nft_flow_offload: Add NFPROTO_BRIDGE to validate Date: Tue, 19 Nov 2024 11:19:01 +0100 Message-ID: <20241119101906.862680-10-ericwouds@gmail.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20241119101906.862680-1-ericwouds@gmail.com> References: <20241119101906.862680-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org X-Patchwork-State: RFC Need to add NFPROTO_BRIDGE to nft_flow_offload_validate() to support the bridge-fastpath. Signed-off-by: Eric Woudstra --- net/netfilter/nft_flow_offload.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index cdf1771906b8..cce4c5980ed5 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -421,7 +421,8 @@ static int nft_flow_offload_validate(const struct nft_ctx *ctx, if (ctx->family != NFPROTO_IPV4 && ctx->family != NFPROTO_IPV6 && - ctx->family != NFPROTO_INET) + ctx->family != NFPROTO_INET && + ctx->family != NFPROTO_BRIDGE) return -EOPNOTSUPP; return nft_chain_validate_hooks(ctx->chain, hook_mask); From patchwork Tue Nov 19 10:19:02 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13879585 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-ej1-f51.google.com (mail-ej1-f51.google.com [209.85.218.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 57F1E1C2333; Tue, 19 Nov 2024 10:19:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.51 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732011575; cv=none; b=km4VNcnaMiGHfjdX7chGO3dU9sv+ohXHoar75Cy+yX5qkapHEm/mvcLPQL15xg7z/I8M8tHD8/nePLm2Ip93sofTbxca2l2lDKJKyEHqNRVwjj7vCgF/dDV4BI9Z5MF72gArY+h9G0NAwwTH+lw4AgtV8YDlCJs2pC9n90wUNuo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732011575; c=relaxed/simple; bh=5bbk0K1/fjGvxV6GV681ZpzYw97eAPaanPHpn6ynzog=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=W+HgaV2Tt2STIxXyMmblrRF8xP1LvoeBzodskGx6VY+KXKp44S/toUgiWk3WL78t0QQOjc+/kNvdUzSBb/V9hJ8VbeUugLFejkpfKVBA1b0Ak02lE5vezcx5rx8vxBTuK1BQzNsGNayAk7fha960u2nZ6iHtNAzzYk+W6S4M1gs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=La4gB6VP; arc=none smtp.client-ip=209.85.218.51 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="La4gB6VP" Received: by mail-ej1-f51.google.com with SMTP id a640c23a62f3a-aa4d257eb68so49136666b.0; Tue, 19 Nov 2024 02:19:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1732011572; x=1732616372; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=85S0Wgk4R14tSlRD4buKO5TXxTAg6c1gFU6+LoW44DQ=; b=La4gB6VPvcKn2yDNzN2P8QcJ52D6pmNsTkS3Tm4R3e0F3AgYmS4iwVd2SY0fa2KtJo IdznXwYJ/C39HV5H9wuigeWbOcM6tnlBhWEHOfpzbQCumP3T6JYjbpi1XSWbsBPeeYCi WdLCLPfX+2FNV3miOpmUncQQEMfw7ZijMmMAte0RbiBRs7rQT+nhjf/RDLUP6FYSqvvl SY14GBRJqTMUvjFRh9fOQrsZyHUXXvQ6koBypX6RM2sl4Fs1bWyP4oWfxE+cPrTwX4rp dqr3svuRPTRybatL/bsvWmECZUOHFIwKHNROxaSiTrYF+VSzy0MKW06tS6bv27QbK8Af YvpQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732011572; x=1732616372; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=85S0Wgk4R14tSlRD4buKO5TXxTAg6c1gFU6+LoW44DQ=; b=uIQy6yZQqlKicnszlkaFrzyKDV2ojNjaoswdYxZi748eQdJuZz8htvlfHkuIlHowYk P/4Pq/yZ9hmLhxhrns5AZxHBKMKkZJah16S8y/aYU04fS/pPOR5UsDw1z1ckdUQs1Rxt 7eeJjJPj+iTFVgimJTer+40KS8SYb4lRYI3kZIcOQ3RrMG0njK1KXKdYrmLRE0WkIGm8 5+F95Bon+nl3gcMAl5iDQEvzIYAeXCJEOHgaQBFcJyI0YW7h/ZWYP2XfLUeFq3LIigHT PD/0VwH0w9pLM36zSVvAR3LB7fKh+bI6Um7tTdt9fwJqTUfQwEd+JW/5ATtd2Zt4xVmz FU7Q== X-Forwarded-Encrypted: i=1; AJvYcCVSBlUJgiTbxahIELdkVXq7gFJz6zI4Z2Fl9sPyaZvtxGJEaT5f9UVq9hzO2nsoxDJQWKwmB67TjofbXU0=@vger.kernel.org, AJvYcCXjtSBji6fERyWSwyD4f7NJHPG0XL/azzV/BuBI4+63LObZh7ZJi8NzYVySTNkIHpN9SZ69LvZaGyjb/+HUJFJr@vger.kernel.org X-Gm-Message-State: AOJu0YyBMSpdWxn/U4bx9yHZT7A9yU+AeBJ0CEzjK7Cf1dT1cS73Pbyj mARHyIe98XsJ5aep/wyEqMLgav8eIS7/aPDYCOwPXcUGhc6ysk5U X-Google-Smtp-Source: AGHT+IGzVDghd+HHCKlijYAqrFFNL9wIfOoTroQPxMyDYa4idVXMvA5nnKPnghWyNvh8dPU7HPTv9w== X-Received: by 2002:a17:906:dac7:b0:a99:fcbe:c96b with SMTP id a640c23a62f3a-aa4c7f2c8fcmr220655966b.25.1732011571689; Tue, 19 Nov 2024 02:19:31 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-aa20e081574sm634875566b.179.2024.11.19.02.19.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 19 Nov 2024 02:19:31 -0800 (PST) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Andrew Lunn , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , David Ahern , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH RFC v2 net-next 10/14] netfilter: nft_flow_offload: Add DEV_PATH_MTK_WDMA to nft_dev_path_info() Date: Tue, 19 Nov 2024 11:19:02 +0100 Message-ID: <20241119101906.862680-11-ericwouds@gmail.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20241119101906.862680-1-ericwouds@gmail.com> References: <20241119101906.862680-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org X-Patchwork-State: RFC In case of using mediatek wireless, in nft_dev_fill_forward_path(), the forward path is filled, ending with mediatek wlan1. Because DEV_PATH_MTK_WDMA is unknown inside nft_dev_path_info() it returns with info.indev = NULL. Then nft_dev_forward_path() returns without setting the direct transmit parameters. This results in a neighbor transmit, and direct transmit not possible. But we want to use it for flow between bridged interfaces. So this patch adds DEV_PATH_MTK_WDMA to nft_dev_path_info() and makes direct transmission possible. Signed-off-by: Eric Woudstra --- net/netfilter/nft_flow_offload.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index cce4c5980ed5..f7c2692ff3f2 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -106,6 +106,7 @@ static void nft_dev_path_info(const struct net_device_path_stack *stack, switch (path->type) { case DEV_PATH_ETHERNET: case DEV_PATH_DSA: + case DEV_PATH_MTK_WDMA: case DEV_PATH_VLAN: case DEV_PATH_PPPOE: info->indev = path->dev; @@ -118,6 +119,10 @@ static void nft_dev_path_info(const struct net_device_path_stack *stack, i = stack->num_paths; break; } + if (path->type == DEV_PATH_MTK_WDMA) { + i = stack->num_paths; + break; + } /* DEV_PATH_VLAN and DEV_PATH_PPPOE */ if (info->num_encaps >= NF_FLOW_TABLE_ENCAP_MAX) { From patchwork Tue Nov 19 10:19:03 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13879586 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-ej1-f44.google.com (mail-ej1-f44.google.com [209.85.218.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7F7F81CB310; Tue, 19 Nov 2024 10:19:34 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.44 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732011576; cv=none; b=Q2F6yf8n5hSQXkNk1+G0lpCh7m9z/llQnigtNyqkbDPd+Mwxmn2bxHYtpKrKTpLuGbwLqZg6cmBteNTiMzsyUFfk8o66KuKJ6OuDjOgwCSBSB0q7r/HHl/eU6ofYSTzokfBrjNjAm33sD1LxV+cmdI384e6pTyBGtDmOB99PDno= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732011576; c=relaxed/simple; bh=GNLJPUhMBWyFF5GnV1Oixa6YaHBEl+LkKP7TDsLQLcs=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=R5mL/NRAmZrnq4eZD6eVDlqyqGdzF11oZPWtvouzKZ5cLT7IdYLzKpPR15t70BwU+NwHk87dy2V2TQS8AFAz6wyx/yGtKlAuK1gR0vJ8hPpcefoqCxxlwWMRfMl5Tr4lrxy36pQVwo9uH5ljLplr8gVoRgtsLrB713YNWLrlshE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=a9IpbxSI; arc=none smtp.client-ip=209.85.218.44 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="a9IpbxSI" Received: by mail-ej1-f44.google.com with SMTP id a640c23a62f3a-a9ec86a67feso137176866b.1; Tue, 19 Nov 2024 02:19:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1732011573; x=1732616373; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Kd7MVftOQ+4b1SqBzhiH//oS0+6ChrCs4gWAypG7zyc=; b=a9IpbxSID4oqSk6P6pdCYx0m2fXdb01BhbPKVp5LB/pE3JdMXGgyREwv6+FZaFoeNv oAmEz89jnV0ngiMsnIjmEq+Bn0HOnNnxFkuCxYd8vnpms5hzUBvmiXTazKarf4FIph29 gol33sPoDO5fw9novuOD/aO6kKnMZ0EvEKr1ERWBFxeuLGMUeLV+Fbw+28WouK89cJIT oM/PucwADW7HpnCS5JWLxYQvO6Gsike2y7PYhhviQArOEin8UsyiwhAAK4xURKFzGe3Q HSonLlHfvD6xdxMLTUqNvGXZhMTn6uiQkkZXCSgVqfwNDusoTpaGb79Qdr0KHBtX1kFg 7cGw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732011573; x=1732616373; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Kd7MVftOQ+4b1SqBzhiH//oS0+6ChrCs4gWAypG7zyc=; b=ETJgxDm575ElqxMRcGUD5uLlpIa3CfpJ4NiH/2yPqNbqSQvYJ2+ESL8lKw3QtKb2O+ qsC6IvTxhRH8NhwtYyOK5YHbfsH1o+uZQaX0W3sl4Q0GbVUUjSfPNQaHBmIXc8k7qlmM klJ65FtxEGikIV4BkWPr2Uo4VAsfGm+DWL1o04plaqjau0yYdot3XRYLFbiKFC/4GgPi hh3jR8x66uKaz7UYJUP5tZZb6RuTnA9R8Kq6xdyrMmx2CY6+UunHsTeo7UA+MO75DyKC UTyjtKCEBQpj6/GJHpdvNESSnO/5+5TijEbdwgD8JNo7P/e6J4T3qRqsCxPxCIApxpgU ODdw== X-Forwarded-Encrypted: i=1; AJvYcCUgGDX9l9dkfZoz4EIjS8wk3bYjsenSKO5PtP6mJXgsm2spySE9lNsDjJIdoCWfDAsgt7xYNkM1CzqQWfw=@vger.kernel.org, AJvYcCUz/cD808H4ElD9i4BB8K9QbL7QEGzXYwAJbCFQ4tVwjRkoy771z1Q0By+VAIFOu0o+8O0pB9St5AAKssAdfPBv@vger.kernel.org X-Gm-Message-State: AOJu0YxGK7SB/gxEB/XCjyNSyGxrdXQ19xS5GCvXnmLblNZRGl2Vdua/ q7DAvhKVnMSh0FLuXD5kqjWgL4fxKxUEmUxw8TxEjc6YpiESp3qn X-Google-Smtp-Source: AGHT+IF5+KL0F1ms3SncUyr2N9wLbMEErdK4tEsHN/IWbmagzPDJ/Hm22ZABIXpU1FMVLbP7YJ4tcw== X-Received: by 2002:a17:907:a0e:b0:a9a:4d1:c628 with SMTP id a640c23a62f3a-aa48352c0f5mr1451198666b.45.1732011572868; Tue, 19 Nov 2024 02:19:32 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-aa20e081574sm634875566b.179.2024.11.19.02.19.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 19 Nov 2024 02:19:32 -0800 (PST) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Andrew Lunn , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , David Ahern , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH RFC v2 net-next 11/14] netfilter: nft_flow_offload: No ingress_vlan forward info for dsa user port Date: Tue, 19 Nov 2024 11:19:03 +0100 Message-ID: <20241119101906.862680-12-ericwouds@gmail.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20241119101906.862680-1-ericwouds@gmail.com> References: <20241119101906.862680-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org X-Patchwork-State: RFC The bitfield info->ingress_vlans and correcponding vlan encap are used for a switchdev user port. However, they should not be set for a dsa user port. Signed-off-by: Eric Woudstra --- net/netfilter/nft_flow_offload.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index f7c2692ff3f2..387e5574c31f 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -117,6 +117,11 @@ static void nft_dev_path_info(const struct net_device_path_stack *stack, break; if (path->type == DEV_PATH_DSA) { i = stack->num_paths; + if (!info->num_encaps || + !(info->ingress_vlans & BIT(info->num_encaps - 1))) + break; + info->num_encaps--; + info->ingress_vlans &= ~BIT(info->num_encaps - 1); break; } if (path->type == DEV_PATH_MTK_WDMA) { From patchwork Tue Nov 19 10:19:04 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13879587 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-ej1-f54.google.com (mail-ej1-f54.google.com [209.85.218.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D3CF41CB50D; Tue, 19 Nov 2024 10:19:35 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.54 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732011577; cv=none; b=ibzbki5lS8/gAlkNlugdacHu5rFgipzAVkS7g31/vy+vYQuVZ4mTHFbH+J+c67a0Xpj6GDrZgdbuFXCCf9AS3OKU8O9gTkiHTrcm8+/mdXUO/7HT73Q9l/DdPT+RD6Bx90BxxJNEzh3xbSM9S1SZYMiSgta+xiSjOX4fNc8Amwc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732011577; c=relaxed/simple; bh=E2mPktW4wL0uSe0js7TIX+fvCn8bpYhpCdTSnyhA70M=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=PHfcFvAwykjQnlYPkPfzymJUSMIzUwrqXi5muHcVs50k8WuF/x/kni47JDFkEZgU9voI6fuwxoL9W5vrEg+GQIWBU6cFJx+dMcpY2ILSNJsrzaTE1pfVf3SNSdPTWkco8WnysxR7ict//Bu9koGHVGcv1nFFAitwvumcx39sQ5E= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=JuowTcX0; arc=none smtp.client-ip=209.85.218.54 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="JuowTcX0" Received: by mail-ej1-f54.google.com with SMTP id a640c23a62f3a-aa4b439c5e8so346469866b.2; Tue, 19 Nov 2024 02:19:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1732011574; x=1732616374; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=iRAtb8ene+/sz4LQnXwEVfer/8Rq7ZF+bD6/DZ4QZnU=; b=JuowTcX0i1zWzPvHa+bHuoZFxNcI19Hti2Lts/Rqm49kg2ihgLBLOrD2WZUJEcII9z 9RY2efT+kNwVU59bPBrni5V7Mi5IHS9QPYqu7Z+5x77bYLD54n+lYNjTgelyOO692pBa mR3sulP+xTOMbsxnjBSNYcHggNmYRAZWbnue8c3xl0NrbaAky1NQ4bclTRNrLQvm0Puw RUTrXEWWJYNsB1WbnxDxacQzpmuom6iH/+KzKv6hSFEUcFhIGAY0ECUc7a6uHON39Zml votCTdCW9QZJ1GQUwq5rHQc9MPm0AT7mGCbfwKb/HO5WfdqajTJzilIqenBMcStN7Js6 /qTQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732011574; x=1732616374; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=iRAtb8ene+/sz4LQnXwEVfer/8Rq7ZF+bD6/DZ4QZnU=; b=FfiKUjj1Sh22L+2QaOOzkY1Vv2GoKHTGkslkSaKJfamHB26Qa1lHtI5XWrsJ0llvrj 0nS/mrQFGAl1ICbZlJCYH/DY4Ay9cPw1sIVz5NMTjV5X4D0eF/qzM7Fx76Sra5enqQZb oD9agyGyvFQUZ8TQcp1Q3LDwit9AGpdwkN5z7l6Y3eq41STePzLUD9+LCnhLx7qjoMi2 z2e++EfUmpu46tncQFe6R7Htm/KfH79Ysyv5Q2gX5fMoKDt3TeLShC2AGymQbDhfrGgN CU1Oq2WMnAPLHZpXAPnjtkZXXYAzLJxxQW0qc6sLkb9U/Ua0rYItGM0jLmZ4igzjb7vP DugQ== X-Forwarded-Encrypted: i=1; AJvYcCVWF8SEOIlLcMGRslMJjkfrCTzDoD+BRkiuF9b1/xCabe67RV9zoKIGqBTbHWnYt50W0pLf3c1g0/VXDq4=@vger.kernel.org, AJvYcCW6tD2+MINe1k0UB//EIVq2im3NOehAKjtbuJupCjBpDHStrkW6CuYLSMfK11klNs2QyKTbOYF7u5tPA+thuWUD@vger.kernel.org X-Gm-Message-State: AOJu0YwhD0KUVGAHt+/q+ijgRXA8fPFpWXl9hgLQTReKZsoqLVhhDMIH qRMfHyryr+c/fRgau8quxH0HbpclwWMOywjE884aZzbKtKIJ7+Yc X-Google-Smtp-Source: AGHT+IGSdzD5FB5lSzDOWRwk05h9KQwL4lMjDIm3lR195Fp/caQ3LhVr0XgClAvYQhvSqXEJ92m6RA== X-Received: by 2002:a17:907:9344:b0:a9e:8612:f201 with SMTP id a640c23a62f3a-aa483555dd8mr1451247266b.59.1732011574083; Tue, 19 Nov 2024 02:19:34 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-aa20e081574sm634875566b.179.2024.11.19.02.19.33 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 19 Nov 2024 02:19:33 -0800 (PST) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Andrew Lunn , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , David Ahern , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH RFC v2 net-next 12/14] bridge: No DEV_PATH_BR_VLAN_UNTAG_HW for dsa foreign Date: Tue, 19 Nov 2024 11:19:04 +0100 Message-ID: <20241119101906.862680-13-ericwouds@gmail.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20241119101906.862680-1-ericwouds@gmail.com> References: <20241119101906.862680-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org X-Patchwork-State: RFC In network setup as below: fastpath bypass .----------------------------------------. / \ | IP - forwarding | | / \ v | / wan ... | / | | | | | brlan.1 | | | +-------------------------------+ | | vlan 1 | | | | | | brlan (vlan-filtering) | | | +---------------+ | | | DSA-SWITCH | | | vlan 1 | | | | to | | | | untagged 1 vlan 1 | | +---------------+---------------+ . / \ ----->wlan1 lan0 . . . ^ ^ vlan 1 tagged packets untagged packets br_vlan_fill_forward_path_mode() sets DEV_PATH_BR_VLAN_UNTAG_HW when filling in from brlan.1 towards wlan1. But it should be set to DEV_PATH_BR_VLAN_UNTAG in this case. Using BR_VLFLAG_ADDED_BY_SWITCHDEV is not correct. The dsa switchdev adds it as a foreign port. The same problem for all foreignly added dsa vlans on the bridge. First add the vlan, trying only native devices. If this fails, we know this may be a vlan from a foreign device. Use BR_VLFLAG_TAGGING_BY_SWITCHDEV to make sure DEV_PATH_BR_VLAN_UNTAG_HW is set only when there if no foreign device involved. Signed-off-by: Eric Woudstra --- include/net/switchdev.h | 1 + net/bridge/br_private.h | 3 +++ net/bridge/br_switchdev.c | 15 +++++++++++++++ net/bridge/br_vlan.c | 7 ++++++- net/switchdev/switchdev.c | 2 +- 5 files changed, 26 insertions(+), 2 deletions(-) diff --git a/include/net/switchdev.h b/include/net/switchdev.h index 8346b0d29542..ee500706496b 100644 --- a/include/net/switchdev.h +++ b/include/net/switchdev.h @@ -15,6 +15,7 @@ #define SWITCHDEV_F_NO_RECURSE BIT(0) #define SWITCHDEV_F_SKIP_EOPNOTSUPP BIT(1) #define SWITCHDEV_F_DEFER BIT(2) +#define SWITCHDEV_F_NO_FOREIGN BIT(3) enum switchdev_attr_id { SWITCHDEV_ATTR_ID_UNDEFINED, diff --git a/net/bridge/br_private.h b/net/bridge/br_private.h index 046d7b04771f..977285925422 100644 --- a/net/bridge/br_private.h +++ b/net/bridge/br_private.h @@ -180,6 +180,7 @@ enum { BR_VLFLAG_MCAST_ENABLED = BIT(2), BR_VLFLAG_GLOBAL_MCAST_ENABLED = BIT(3), BR_VLFLAG_NEIGH_SUPPRESS_ENABLED = BIT(4), + BR_VLFLAG_TAGGING_BY_SWITCHDEV = BIT(5), }; /** @@ -2175,6 +2176,8 @@ void br_switchdev_mdb_notify(struct net_device *dev, int type); int br_switchdev_port_vlan_add(struct net_device *dev, u16 vid, u16 flags, bool changed, struct netlink_ext_ack *extack); +int br_switchdev_port_vlan_no_foreign_add(struct net_device *dev, u16 vid, u16 flags, + bool changed, struct netlink_ext_ack *extack); int br_switchdev_port_vlan_del(struct net_device *dev, u16 vid); void br_switchdev_init(struct net_bridge *br); diff --git a/net/bridge/br_switchdev.c b/net/bridge/br_switchdev.c index 7b41ee8740cb..efa7a055b8f9 100644 --- a/net/bridge/br_switchdev.c +++ b/net/bridge/br_switchdev.c @@ -187,6 +187,21 @@ int br_switchdev_port_vlan_add(struct net_device *dev, u16 vid, u16 flags, return switchdev_port_obj_add(dev, &v.obj, extack); } +int br_switchdev_port_vlan_no_foreign_add(struct net_device *dev, u16 vid, u16 flags, + bool changed, struct netlink_ext_ack *extack) +{ + struct switchdev_obj_port_vlan v = { + .obj.orig_dev = dev, + .obj.id = SWITCHDEV_OBJ_ID_PORT_VLAN, + .obj.flags = SWITCHDEV_F_NO_FOREIGN, + .flags = flags, + .vid = vid, + .changed = changed, + }; + + return switchdev_port_obj_add(dev, &v.obj, extack); +} + int br_switchdev_port_vlan_del(struct net_device *dev, u16 vid) { struct switchdev_obj_port_vlan v = { diff --git a/net/bridge/br_vlan.c b/net/bridge/br_vlan.c index 2ea1e2ff4676..0decce5d586a 100644 --- a/net/bridge/br_vlan.c +++ b/net/bridge/br_vlan.c @@ -109,6 +109,11 @@ static int __vlan_vid_add(struct net_device *dev, struct net_bridge *br, /* Try switchdev op first. In case it is not supported, fallback to * 8021q add. */ + err = br_switchdev_port_vlan_no_foreign_add(dev, v->vid, flags, false, extack); + if (err != -EOPNOTSUPP) { + v->priv_flags |= BR_VLFLAG_ADDED_BY_SWITCHDEV | BR_VLFLAG_TAGGING_BY_SWITCHDEV; + return err; + } err = br_switchdev_port_vlan_add(dev, v->vid, flags, false, extack); if (err == -EOPNOTSUPP) return vlan_vid_add(dev, br->vlan_proto, v->vid); @@ -1491,7 +1496,7 @@ int br_vlan_fill_forward_path_mode(struct net_bridge *br, if (path->bridge.vlan_mode == DEV_PATH_BR_VLAN_TAG) path->bridge.vlan_mode = DEV_PATH_BR_VLAN_KEEP; - else if (v->priv_flags & BR_VLFLAG_ADDED_BY_SWITCHDEV) + else if (v->priv_flags & BR_VLFLAG_TAGGING_BY_SWITCHDEV) path->bridge.vlan_mode = DEV_PATH_BR_VLAN_UNTAG_HW; else path->bridge.vlan_mode = DEV_PATH_BR_VLAN_UNTAG; diff --git a/net/switchdev/switchdev.c b/net/switchdev/switchdev.c index 6488ead9e464..c48f66643e99 100644 --- a/net/switchdev/switchdev.c +++ b/net/switchdev/switchdev.c @@ -749,7 +749,7 @@ static int __switchdev_handle_port_obj_add(struct net_device *dev, /* Event is neither on a bridge nor a LAG. Check whether it is on an * interface that is in a bridge with us. */ - if (!foreign_dev_check_cb) + if (!foreign_dev_check_cb || port_obj_info->obj->flags & SWITCHDEV_F_NO_FOREIGN) return err; br = netdev_master_upper_dev_get(dev); From patchwork Tue Nov 19 10:19:05 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13879588 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-ej1-f53.google.com (mail-ej1-f53.google.com [209.85.218.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3611D1CB9EC; Tue, 19 Nov 2024 10:19:36 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.53 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732011578; cv=none; b=t9eZH4Q6YmG/c81WincLlWPByYKs7ZCCekZDgjpPzQLjNjXvDZ70XBY9VJ321Lzjdw/KqAnhDG8CfC5T5VLELwt3cUig6lmESyxsuCHfuZY0UjArSjF+YhLX3LYexFxQXZ2/CTzX4JV7pmBrBU5w6Vo+nnLCDysRFF/UbZuG0JE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732011578; c=relaxed/simple; bh=kQluY0HS8gO4d1CbWsgjmFEIcn/3ew4ST0okyTuF1QA=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=lPTU5d83Epa0/wRK5R5jqEtJ/030zgMStmxrTQCpHs9xdb5UQZoYgg7EFYE30X5gHdapk8bejqjRqyY1EkKXRwYAa0QFUwHBeLiKu1qaGSgv1jQ8Xkf+qHZxEXjHzU4WQbWPQ5doQBT+N33GNnDd5UrHroybLlBvbvBLCPg7frA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=OuqUdPL9; arc=none smtp.client-ip=209.85.218.53 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="OuqUdPL9" Received: by mail-ej1-f53.google.com with SMTP id a640c23a62f3a-a9f1c590ecdso722510866b.1; Tue, 19 Nov 2024 02:19:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1732011575; x=1732616375; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=v/vUWoqxNIyzC+NeQY2banTy2Lb/YnflO4/5JFbURlo=; b=OuqUdPL9zgxZH/UfkdMEnMU2hVfueUwmDSJYV6gD9atYR7RNWr+edmSPnSLL9AVNMf /AIRC5mXYzfTuNPxd1J7+kbvPtrbIV5YBeM+1DWY2hwAB2MFmxOufcIAGd/NDy5lZRy+ PWe5Xun0cCQhvi4N42xxBCxqZy42l9jUgCOYWiCf0+Bstn5xIcwbghGc/8SPWKbvy4Hs fXCYoDCaJqE5E80lOu1Mh11y51+CqnmJ47WOhABXX64KrouOV971LgxeZ3B1cu8R00B5 7gfyQ3oywIv5GY1mjCP58am+6B4UsjmbaCp2sqRiSyiUiF3NT4Ljw3BxNnfQREhB2eNl ZrHA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732011575; x=1732616375; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=v/vUWoqxNIyzC+NeQY2banTy2Lb/YnflO4/5JFbURlo=; b=Fokbpy7u8/VxJfuOOhEopo3qWKvZ7zErL8yqIsGehgyVCCs6CXkIo0wrl+aIuCbYJ4 62p/sqhMQLDfGpvWVnF5J+aUf2/XW1gbKpiTIREVmQY38nsnuY0bjMY/UINhDfVL0OIj f5VoSgyxq7F7A5kGKWkJJbrCZtmiXrVkvE5V3D8qxXYRR2yuaek8CYWoB5l2UxJlQ/Gf 7ge1gD0GJHKQEs4En5AEsHikJME1Fri2uB/y3kwSVlRcLmNDnJ4sOvGmccI/Vt1aN+JL ocrGq8v6Hsdrh2n3D6o2VSdkuO0Lp2bm4OazyQsKhXv+rAYRYiTAUO3nJjjQozF/k5OL 7kFQ== X-Forwarded-Encrypted: i=1; AJvYcCXLvR6RyAPe937GkJ656joFsVVONqjjqY95Y5JAI1adjc7KnQI2JqX+7ZWPtuaG4tbgc98guHYDq9z5JCoQHFbx@vger.kernel.org, AJvYcCXiCLgtBeS+0hLbJtQgwnVvPmmqgN00rrmwlPgTxVPXYp/TPpkWqxwCPhXKOZKnhHl5sU6gGT79cuNWHBw=@vger.kernel.org X-Gm-Message-State: AOJu0YxaGe4gJ9xeA2bhoF+eH8M/lz2b0WX9p0KuaPOG7AdnP8r22IGh nc+SG6CI2Pb34R+dYGf12z1q2xwWsLuv4TKgR7cSzdISEdB6f8lF X-Google-Smtp-Source: AGHT+IGpNp2EcDD7KUg0ypC4A+lKeGJDHv/zRaEDzsK/LGdNlutzMURqa+xe7vSUguB7L7JU3yrxXg== X-Received: by 2002:a17:907:70e:b0:a9a:533b:56e3 with SMTP id a640c23a62f3a-aa483454466mr1479164366b.26.1732011575326; Tue, 19 Nov 2024 02:19:35 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-aa20e081574sm634875566b.179.2024.11.19.02.19.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 19 Nov 2024 02:19:35 -0800 (PST) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Andrew Lunn , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , David Ahern , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH RFC v2 net-next 13/14] bridge: Introduce DEV_PATH_BR_VLAN_KEEP_HW for bridge-fastpath Date: Tue, 19 Nov 2024 11:19:05 +0100 Message-ID: <20241119101906.862680-14-ericwouds@gmail.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20241119101906.862680-1-ericwouds@gmail.com> References: <20241119101906.862680-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org X-Patchwork-State: RFC This patch introduces DEV_PATH_BR_VLAN_KEEP_HW. It is needed in the bridge fastpath for switchdevs supporting SWITCHDEV_OBJ_ID_PORT_VLAN. It is similar to DEV_PATH_BR_VLAN_TAG, with the correcponding bit in ingress_vlans set. In the forward fastpath it is not needed. Signed-off-by: Eric Woudstra --- include/linux/netdevice.h | 1 + net/bridge/br_device.c | 4 ++++ net/bridge/br_vlan.c | 18 +++++++++++------- net/netfilter/nft_flow_offload.c | 3 +++ 4 files changed, 19 insertions(+), 7 deletions(-) diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h index 15923d177f9e..3bd5c7b45460 100644 --- a/include/linux/netdevice.h +++ b/include/linux/netdevice.h @@ -870,6 +870,7 @@ struct net_device_path { DEV_PATH_BR_VLAN_TAG, DEV_PATH_BR_VLAN_UNTAG, DEV_PATH_BR_VLAN_UNTAG_HW, + DEV_PATH_BR_VLAN_KEEP_HW, } vlan_mode; u16 vlan_id; __be16 vlan_proto; diff --git a/net/bridge/br_device.c b/net/bridge/br_device.c index c7646afc8b96..112fd8556217 100644 --- a/net/bridge/br_device.c +++ b/net/bridge/br_device.c @@ -430,6 +430,10 @@ static int br_fill_forward_path(struct net_device_path_ctx *ctx, case DEV_PATH_BR_VLAN_UNTAG: ctx->num_vlans--; break; + case DEV_PATH_BR_VLAN_KEEP_HW: + if (!src) + path->bridge.vlan_mode = DEV_PATH_BR_VLAN_KEEP; + break; case DEV_PATH_BR_VLAN_KEEP: break; } diff --git a/net/bridge/br_vlan.c b/net/bridge/br_vlan.c index 0decce5d586a..6a2ca7a5854d 100644 --- a/net/bridge/br_vlan.c +++ b/net/bridge/br_vlan.c @@ -1494,13 +1494,17 @@ int br_vlan_fill_forward_path_mode(struct net_bridge *br, if (!(v->flags & BRIDGE_VLAN_INFO_UNTAGGED)) return 0; - if (path->bridge.vlan_mode == DEV_PATH_BR_VLAN_TAG) - path->bridge.vlan_mode = DEV_PATH_BR_VLAN_KEEP; - else if (v->priv_flags & BR_VLFLAG_TAGGING_BY_SWITCHDEV) - path->bridge.vlan_mode = DEV_PATH_BR_VLAN_UNTAG_HW; - else - path->bridge.vlan_mode = DEV_PATH_BR_VLAN_UNTAG; - + if (path->bridge.vlan_mode == DEV_PATH_BR_VLAN_TAG) { + if (v->priv_flags & BR_VLFLAG_TAGGING_BY_SWITCHDEV) + path->bridge.vlan_mode = DEV_PATH_BR_VLAN_KEEP_HW; + else + path->bridge.vlan_mode = DEV_PATH_BR_VLAN_KEEP; + } else { + if (v->priv_flags & BR_VLFLAG_TAGGING_BY_SWITCHDEV) + path->bridge.vlan_mode = DEV_PATH_BR_VLAN_UNTAG_HW; + else + path->bridge.vlan_mode = DEV_PATH_BR_VLAN_UNTAG; + } return 0; } diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index 387e5574c31f..ed0e9b499971 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -149,6 +149,9 @@ static void nft_dev_path_info(const struct net_device_path_stack *stack, case DEV_PATH_BR_VLAN_UNTAG_HW: info->ingress_vlans |= BIT(info->num_encaps - 1); break; + case DEV_PATH_BR_VLAN_KEEP_HW: + info->ingress_vlans |= BIT(info->num_encaps); + fallthrough; case DEV_PATH_BR_VLAN_TAG: info->encap[info->num_encaps].id = path->bridge.vlan_id; info->encap[info->num_encaps].proto = path->bridge.vlan_proto; From patchwork Tue Nov 19 10:19:06 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13879589 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-ej1-f51.google.com (mail-ej1-f51.google.com [209.85.218.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4ABFB1CBE97; Tue, 19 Nov 2024 10:19:38 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.51 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732011580; cv=none; b=EOPdv0OpTZXjySrFs6hqqUH6Z7YE456CXAIa+au8S6p2IQ3+qA8n/tjwFvCbPvHEgKqe0cCy14KtPpF4FNLstvHIo8xiiNqDjy1UWq1puUTM42EhirC8PNpKmE2BUhmcCS9LdneVdP6xytTe41ZWgdYMjWe29fzfQhG3W7HJdgs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732011580; c=relaxed/simple; bh=h2EDobtYGuZ0p694lv+rpbiRRIT5cXJ238jQIT1Juig=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=i7B2uhN3BL2NZLoe7kv81fN2B9A0i3wln8CI7usMsIgbdenl346PBQalyaUsAjDClcStmX1ExZb4oFmvgueY2SWI7iq5U6UXCAnlqgk0OGfvWo4ouvdXdVqimrDi2jic1P4CJqCXIzrTtzEybbv6s8ia5BAN1jPOLRlNQfYfmzU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=khDWNxpR; arc=none smtp.client-ip=209.85.218.51 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="khDWNxpR" Received: by mail-ej1-f51.google.com with SMTP id a640c23a62f3a-a9a6acac4c3so124380866b.0; Tue, 19 Nov 2024 02:19:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1732011577; x=1732616377; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=93tHMoq61etCefqeI7/L8ZHaQMS3jaPhjtyND24xOo0=; b=khDWNxpRgDPYX6faCdFzCZ10sVTDzBTUxBsH0tLabXCy+yNGYSE0Dh/OrM6po8oOO5 OBlkbjx9s7xQg+dH4tjbcIbZ4you12sHjHJi+p0eUhPpV+6VhalnOQz000/f0dWpoAOz 1A1g3TDOoCjfxe9h+IPiJjyXxI7LH2ivK7dBVb+dT4zCQ3wsgzCOwTyhOKYQLSuG1YnJ exnofe25/I439t8ABBSzLifKi/YpBwPLpQQv6QUV+eGAnMY/zv+Q5LUJuvo/zdmn7i5t dZ5/S9PMfCTZ7s0qGwPwhuRfPZLW7mscAVLK52ydBEC/x2HlplTRna6jK1ZH42/LAVod jjDg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732011577; x=1732616377; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=93tHMoq61etCefqeI7/L8ZHaQMS3jaPhjtyND24xOo0=; b=wExuLVUx7OHrqcr3l4iNp0Us7QzzMtat/W5rOifRwsd49QnOns0hzxkg3Tk1XAbC0K EOhrkK6bTKdA/bX9/r4kf5BPvISedhwKhtlOSZZYXDqzFW6v5d3C9ssn+tB0hvf/gxvV V40ATos+CljfIdhbeBHrz2+L0I9LLjm9oRh1dMF/fkT9SzWnZQMo6v+lySsc+ttUCwAw kPzDKzfYspB3nAgB/RitxfJlRjJafMUuHFxQ1Q/B0FTt1HF4hJhgtmMwo18mjMm9MVIx cINNi4PmKVwioBaCKnfULfU78zNKHI0BoMjRF0VRR8Vj4Unn+/cpr63zwB6LGWFGnEeO 0/Hw== X-Forwarded-Encrypted: i=1; AJvYcCUQX/nl2WCcNws1wb3+cuYfitaFE3e/b1C1cvizDqExGWXKxWdxqfAZegtjvSc3OQZ0rk6c+gtMCeVHtpI=@vger.kernel.org, AJvYcCV1dxs1b7y5LfPXXgDq/yJcr2QtzVKvI12CzTCkKQ0VSXDBzJwifMORXN1wYfGOMmrg5pkQoXeOLD0zV1CaY5fq@vger.kernel.org X-Gm-Message-State: AOJu0Yxw36Fuf2yReNVcdheGkCrlnoyNVDPIYytPNe3Gp70WJuF5EV0k xzIReAfg3hEQvZJ2m+rfSCYlLt96hFfas1WD4nh+5FVAwMajQhVx X-Google-Smtp-Source: AGHT+IHFjm7z288du+sLPkPh9NWZ67RgYD8wK05AuA3EyPac75+11d1DSFwwXFLi3Yq64iVpPPRciw== X-Received: by 2002:a17:907:a4e:b0:a99:c9a4:a4d5 with SMTP id a640c23a62f3a-aa483482762mr1446252966b.29.1732011576580; Tue, 19 Nov 2024 02:19:36 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-aa20e081574sm634875566b.179.2024.11.19.02.19.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 19 Nov 2024 02:19:36 -0800 (PST) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Andrew Lunn , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , David Ahern , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH RFC v2 net-next 14/14] netfilter: nft_flow_offload: Add bridgeflow to nft_flow_offload_eval() Date: Tue, 19 Nov 2024 11:19:06 +0100 Message-ID: <20241119101906.862680-15-ericwouds@gmail.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20241119101906.862680-1-ericwouds@gmail.com> References: <20241119101906.862680-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org X-Patchwork-State: RFC Edit nft_flow_offload_eval() to make it possible to handle a flowtable of the nft bridge family. Use nft_flow_offload_bridge_init() to fill the flow tuples. It uses nft_dev_fill_bridge_path() in each direction. Signed-off-by: Eric Woudstra --- net/netfilter/nft_flow_offload.c | 144 +++++++++++++++++++++++++++++-- 1 file changed, 139 insertions(+), 5 deletions(-) diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index ed0e9b499971..b17a3ef79852 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -196,6 +196,131 @@ static bool nft_flowtable_find_dev(const struct net_device *dev, return found; } +static int nft_dev_fill_bridge_path(struct flow_offload *flow, + struct nft_flowtable *ft, + const struct nft_pktinfo *pkt, + enum ip_conntrack_dir dir, + const struct net_device *src_dev, + const struct net_device *dst_dev, + unsigned char *src_ha, + unsigned char *dst_ha) +{ + struct flow_offload_tuple_rhash *th = flow->tuplehash; + struct net_device_path_stack stack; + struct net_device_path_ctx ctx = {}; + struct nft_forward_info info = {}; + int i, j = 0; + + for (i = th[dir].tuple.encap_num - 1; i >= 0 ; i--) { + if (info.num_encaps >= NF_FLOW_TABLE_ENCAP_MAX) + return -1; + + if (th[dir].tuple.in_vlan_ingress & BIT(i)) + continue; + + info.encap[info.num_encaps].id = th[dir].tuple.encap[i].id; + info.encap[info.num_encaps].proto = th[dir].tuple.encap[i].proto; + info.num_encaps++; + + if (th[dir].tuple.encap[i].proto == htons(ETH_P_PPP_SES)) + continue; + + if (ctx.num_vlans >= NET_DEVICE_PATH_VLAN_MAX) + return -1; + ctx.vlan[ctx.num_vlans].id = th[dir].tuple.encap[i].id; + ctx.vlan[ctx.num_vlans].proto = th[dir].tuple.encap[i].proto; + ctx.num_vlans++; + } + ctx.dev = src_dev; + ether_addr_copy(ctx.daddr, dst_ha); + + if (dev_fill_bridge_path(&ctx, &stack) < 0) + return -1; + + nft_dev_path_info(&stack, &info, dst_ha, &ft->data); + + if (!info.indev || info.indev != dst_dev) + return -1; + + th[!dir].tuple.iifidx = info.indev->ifindex; + for (i = info.num_encaps - 1; i >= 0; i--) { + th[!dir].tuple.encap[j].id = info.encap[i].id; + th[!dir].tuple.encap[j].proto = info.encap[i].proto; + if (info.ingress_vlans & BIT(i)) + th[!dir].tuple.in_vlan_ingress |= BIT(j); + j++; + } + th[!dir].tuple.encap_num = info.num_encaps; + + th[dir].tuple.mtu = dst_dev->mtu; + ether_addr_copy(th[dir].tuple.out.h_source, src_ha); + ether_addr_copy(th[dir].tuple.out.h_dest, dst_ha); + th[dir].tuple.out.ifidx = info.outdev->ifindex; + th[dir].tuple.out.hw_ifidx = info.hw_outdev->ifindex; + th[dir].tuple.xmit_type = FLOW_OFFLOAD_XMIT_DIRECT; + + return 0; +} + +static int nft_flow_offload_bridge_init(struct flow_offload *flow, + const struct nft_pktinfo *pkt, + enum ip_conntrack_dir dir, + struct nft_flowtable *ft) +{ + struct ethhdr *eth = eth_hdr(pkt->skb); + struct flow_offload_tuple *tuple; + const struct net_device *out_dev; + const struct net_device *in_dev; + struct pppoe_hdr *phdr; + struct vlan_hdr *vhdr; + int err, i = 0; + + in_dev = nft_in(pkt); + if (!in_dev || !nft_flowtable_find_dev(in_dev, ft)) + return -1; + + out_dev = nft_out(pkt); + if (!out_dev || !nft_flowtable_find_dev(out_dev, ft)) + return -1; + + tuple = &flow->tuplehash[!dir].tuple; + + if (skb_vlan_tag_present(pkt->skb)) { + tuple->encap[i].id = skb_vlan_tag_get(pkt->skb); + tuple->encap[i].proto = pkt->skb->vlan_proto; + i++; + } + switch (pkt->skb->protocol) { + case htons(ETH_P_8021Q): + vhdr = (struct vlan_hdr *)skb_network_header(pkt->skb); + tuple->encap[i].id = ntohs(vhdr->h_vlan_TCI); + tuple->encap[i].proto = pkt->skb->protocol; + i++; + break; + case htons(ETH_P_PPP_SES): + phdr = (struct pppoe_hdr *)skb_network_header(pkt->skb); + tuple->encap[i].id = ntohs(phdr->sid); + tuple->encap[i].proto = pkt->skb->protocol; + i++; + break; + } + tuple->encap_num = i; + + err = nft_dev_fill_bridge_path(flow, ft, pkt, !dir, out_dev, in_dev, + eth->h_dest, eth->h_source); + if (err < 0) + return err; + + memset(tuple->encap, 0, sizeof(tuple->encap)); + + err = nft_dev_fill_bridge_path(flow, ft, pkt, dir, in_dev, out_dev, + eth->h_source, eth->h_dest); + if (err < 0) + return err; + + return 0; +} + static void nft_dev_forward_path(struct nf_flow_route *route, const struct nf_conn *ct, enum ip_conntrack_dir dir, @@ -306,6 +431,7 @@ static void nft_flow_offload_eval(const struct nft_expr *expr, { struct nft_flow_offload *priv = nft_expr_priv(expr); struct nf_flowtable *flowtable = &priv->flowtable->data; + bool routing = (flowtable->type->family != NFPROTO_BRIDGE); struct tcphdr _tcph, *tcph = NULL; struct nf_flow_route route = {}; enum ip_conntrack_info ctinfo; @@ -359,14 +485,20 @@ static void nft_flow_offload_eval(const struct nft_expr *expr, goto out; dir = CTINFO2DIR(ctinfo); - if (nft_flow_route(pkt, ct, &route, dir, priv->flowtable) < 0) - goto err_flow_route; + if (routing) { + if (nft_flow_route(pkt, ct, &route, dir, priv->flowtable) < 0) + goto err_flow_route; + } flow = flow_offload_alloc(ct); if (!flow) goto err_flow_alloc; - flow_offload_route_init(flow, &route); + if (routing) + flow_offload_route_init(flow, &route); + else + if (nft_flow_offload_bridge_init(flow, pkt, dir, priv->flowtable) < 0) + goto err_flow_route; if (tcph) { ct->proto.tcp.seen[0].flags |= IP_CT_TCP_FLAG_BE_LIBERAL; @@ -419,8 +551,10 @@ static void nft_flow_offload_eval(const struct nft_expr *expr, err_flow_add: flow_offload_free(flow); err_flow_alloc: - dst_release(route.tuple[dir].dst); - dst_release(route.tuple[!dir].dst); + if (routing) { + dst_release(route.tuple[dir].dst); + dst_release(route.tuple[!dir].dst); + } err_flow_route: clear_bit(IPS_OFFLOAD_BIT, &ct->status); out: