From patchwork Tue Jan 7 09:05:18 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13928496 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-ed1-f50.google.com (mail-ed1-f50.google.com [209.85.208.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B11281DFDBB; Tue, 7 Jan 2025 09:06:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.50 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736240767; cv=none; b=ZuxOqNpSUTAClhBjmBS1tV5BDzpJ0ztiQl/Up11rLjlXwD+ruKHibgtuYQHyRFP+W/4MPS/F5WfpykjQXRYof0+zB3BownTtvzPRjW1X6W7lx2gtdz26YkVsrIy0ku4hwEj2Fj21Kjzs7IhY/0iBcgiPucrqZjNtVqf6rtsY5UM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736240767; c=relaxed/simple; bh=Coh7dA4NZN0wC8ukUEBEVleZPuWCkMhm3t7ip8PSPUo=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=DyXfzZ5vUI1ECg3EFUkmXE4BUKDYe2ACH3DJEzCCyz8Sd7UbmFJ9E4mIgxdrOfA2j+UyecWwe7E4ifQ8jSlStxDEIikggSzYX+1E4VJWvuE337yPxM/1f4Gk4OL58Yi3xnug/raOSig8lTQe/2u+UKCEyPyio6YdaRERgSOATRM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=BlRTO8DJ; arc=none smtp.client-ip=209.85.208.50 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="BlRTO8DJ" Received: by mail-ed1-f50.google.com with SMTP id 4fb4d7f45d1cf-5d437235769so7498451a12.2; Tue, 07 Jan 2025 01:06:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1736240763; x=1736845563; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Baj5jGYp4+wV8/iAbfAoST2ANmEn8FK5eb8xxUvDBwU=; b=BlRTO8DJ2jceEyQv09qJVrR8lkzzdtV+sCp7evOpsQC24Z3ffdfW/7B1KvPf0/+JLa ANUMWUyClqjfg2rlVaWM2qfeGczuFhIkl4LnAK5V7Ax5nojqqQ6n2v3lbHatIUsL8uQ8 JAQD9nfp71zGZCUrVvEjBFFouPnOGM4XV35u83sHv6LZAtOcun2mOddNT8YOfAHlvjaJ grYXCr3NnovvWY1Dx4njkRMw5+3SlRaqUeQBwE9VX0w/UiGqLHUIh0f0xe0ZQrv9bGxC EISaeehtC8qZzz6iUbNbEueE/d6IFOGxG8dmR0G+iYF/q/8MuhT+pmxpjWEsYTZ3UO8v UH0A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736240763; x=1736845563; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Baj5jGYp4+wV8/iAbfAoST2ANmEn8FK5eb8xxUvDBwU=; b=JsgcIrZ1ZXrRNb4qBDOWAkMbm30UT9oOkTU1cJDgqMzOWSbG/3WqHymFjuDtr0Ds4C CYKnxNrKA9jSWQBueUMrlIKvwwgOEujQpWx+EpdtZYZERp1QvYpE84QBURbVd25ZDE90 XgQ0d7v6zSNqnACmzqQoM445XQO1MzYdxmJtldFHsjqUU2pX/0b4pYa4b/9qhPxtyDn3 f/1/4zZpgUqiWVrs2RIX0BHbhPXuYvomOzyU/CQHAd/mCHvlykMilf8UKej/GCBeAbyz l4F+0lRoCTiAT/h/dLZQ1E3/jjBODGg9CqIVzeVCalE6QLRiGR81FOdQSBNHdiexs5II OzPA== X-Forwarded-Encrypted: i=1; AJvYcCUXXpl2mJq5fTL2xPZ4hhL4b2+CePlTVs/5pN3OdF2PfTp/oYmsh5R3SCrKfZpOo0dKf6Wnj7GCVWkLIQN1EDhd@vger.kernel.org, AJvYcCVU3F6age/ZCelI2TWN5eE1yF0BBMcWcAYtIzujI+3SUx7Omkpzc7u8v41oQ1HoJxDjr86pXrbjG/HT5mE=@vger.kernel.org X-Gm-Message-State: AOJu0Yz3dnVCtQL5JqDNfmN7IuzaSq4DlxAGl92jhPiARIqlL96eXIuq TlClCrh8s08yxpg/Y1icV4dMyl6AZmQJEiMrNGObXbpKCLTgf63f X-Gm-Gg: ASbGncuTSYlGZ1ecipH/2f4eTSS5sIAREd92OemjYXOEcNJre+8f5GqZf7C+jJdVK/E ZdCwSzdEjmCS77a9CXe0GpN5SwhiNd9AFTDhAZce8EOJkoVo4wcwb1TpD6HaiSvWSIWDPuEJmaM MGLO0W0KWjCxIInntV9tjZKK/G09hDmVrrjbU4Ch9h18IS2FOwwMXC0uuENiZaUBdmKvKcm6GdM dCcCGUVpZjQpu4yBjxyWiSSrLqi+PO4YSjFmYqtB48lXxzN8H7fEAMkl0hwpybnTGtSRn1IAob/ MERaInrIxuc6kH419dEe+VtQzaZM79o6uOdtNV3JKYXsYW6iDOW/F/WQrX7NqBILamiZnvOv5w= = X-Google-Smtp-Source: AGHT+IGihPZMtS/7pXngAOgxYVuDDIwJt5WjccXPIqnlanSAU8Lk5fvkBSWIEuChNszzwsLuG6qs6Q== X-Received: by 2002:a05:6402:5253:b0:5d0:aa2d:6eee with SMTP id 4fb4d7f45d1cf-5d81ddf7fb6mr57942245a12.26.1736240762612; Tue, 07 Jan 2025 01:06:02 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5d80676f3f9sm24005333a12.23.2025.01.07.01.06.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Jan 2025 01:06:02 -0800 (PST) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Andrew Lunn , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , David Ahern , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH v4 net-next 01/13] netfilter: nf_flow_table_offload: Add nf_flow_encap_push() for xmit direct Date: Tue, 7 Jan 2025 10:05:18 +0100 Message-ID: <20250107090530.5035-2-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250107090530.5035-1-ericwouds@gmail.com> References: <20250107090530.5035-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org Loosely based on wenxu's patches: "nf_flow_table_offload: offload the vlan/PPPoE encap in the flowtable". Fixed double vlan and pppoe packets, almost entirely rewriting the patch. After this patch, it is possible to transmit packets in the fastpath with outgoing encaps, without using vlan- and/or pppoe-devices. This makes it possible to use more different kinds of network setups. For example, when bridge tagging is used to egress vlan tagged packets using the forward fastpath. Another example is passing 802.1q tagged packets through a bridge using the bridge fastpath. This also makes the software fastpath process more similar to the hardware offloaded fastpath process, where encaps are also pushed. After applying this patch, always info->outdev = info->hw_outdev, so the netfilter code can be further cleaned up by removing: * hw_outdev from struct nft_forward_info * out.hw_ifindex from struct nf_flow_route * out.hw_ifidx from struct flow_offload_tuple Signed-off-by: Eric Woudstra --- net/netfilter/nf_flow_table_ip.c | 96 +++++++++++++++++++++++++++++++- net/netfilter/nft_flow_offload.c | 6 +- 2 files changed, 96 insertions(+), 6 deletions(-) diff --git a/net/netfilter/nf_flow_table_ip.c b/net/netfilter/nf_flow_table_ip.c index 98edcaa37b38..290d8e10d85b 100644 --- a/net/netfilter/nf_flow_table_ip.c +++ b/net/netfilter/nf_flow_table_ip.c @@ -302,6 +302,92 @@ static bool nf_flow_skb_encap_protocol(struct sk_buff *skb, __be16 proto, return false; } +static int nf_flow_vlan_inner_push(struct sk_buff *skb, __be16 proto, u16 id) +{ + struct vlan_hdr *vhdr; + + if (skb_cow_head(skb, VLAN_HLEN)) + return -1; + + __skb_push(skb, VLAN_HLEN); + skb_reset_network_header(skb); + + vhdr = (struct vlan_hdr *)(skb->data); + vhdr->h_vlan_TCI = htons(id); + vhdr->h_vlan_encapsulated_proto = skb->protocol; + skb->protocol = proto; + + return 0; +} + +static int nf_flow_ppoe_push(struct sk_buff *skb, u16 id) +{ + struct ppp_hdr { + struct pppoe_hdr hdr; + __be16 proto; + } *ph; + int data_len = skb->len + 2; + __be16 proto; + + if (skb_cow_head(skb, PPPOE_SES_HLEN)) + return -1; + + if (skb->protocol == htons(ETH_P_IP)) + proto = htons(PPP_IP); + else if (skb->protocol == htons(ETH_P_IPV6)) + proto = htons(PPP_IPV6); + else + return -1; + + __skb_push(skb, PPPOE_SES_HLEN); + skb_reset_network_header(skb); + + ph = (struct ppp_hdr *)(skb->data); + ph->hdr.ver = 1; + ph->hdr.type = 1; + ph->hdr.code = 0; + ph->hdr.sid = htons(id); + ph->hdr.length = htons(data_len); + ph->proto = proto; + skb->protocol = htons(ETH_P_PPP_SES); + + return 0; +} + +static int nf_flow_encap_push(struct sk_buff *skb, + struct flow_offload_tuple_rhash *tuplehash, + unsigned short *type) +{ + int i = 0, ret = 0; + + if (!tuplehash->tuple.encap_num) + return 0; + + if (tuplehash->tuple.encap[i].proto == htons(ETH_P_8021Q) || + tuplehash->tuple.encap[i].proto == htons(ETH_P_8021AD)) { + __vlan_hwaccel_put_tag(skb, tuplehash->tuple.encap[i].proto, + tuplehash->tuple.encap[i].id); + i++; + if (i >= tuplehash->tuple.encap_num) + return 0; + } + + switch (tuplehash->tuple.encap[i].proto) { + case htons(ETH_P_8021Q): + *type = ETH_P_8021Q; + ret = nf_flow_vlan_inner_push(skb, + tuplehash->tuple.encap[i].proto, + tuplehash->tuple.encap[i].id); + break; + case htons(ETH_P_PPP_SES): + *type = ETH_P_PPP_SES; + ret = nf_flow_ppoe_push(skb, + tuplehash->tuple.encap[i].id); + break; + } + return ret; +} + static void nf_flow_encap_pop(struct sk_buff *skb, struct flow_offload_tuple_rhash *tuplehash) { @@ -331,6 +417,7 @@ static void nf_flow_encap_pop(struct sk_buff *skb, static unsigned int nf_flow_queue_xmit(struct net *net, struct sk_buff *skb, const struct flow_offload_tuple_rhash *tuplehash, + struct flow_offload_tuple_rhash *other_tuplehash, unsigned short type) { struct net_device *outdev; @@ -339,6 +426,9 @@ static unsigned int nf_flow_queue_xmit(struct net *net, struct sk_buff *skb, if (!outdev) return NF_DROP; + if (nf_flow_encap_push(skb, other_tuplehash, &type) < 0) + return NF_DROP; + skb->dev = outdev; dev_hard_header(skb, skb->dev, type, tuplehash->tuple.out.h_dest, tuplehash->tuple.out.h_source, skb->len); @@ -458,7 +548,8 @@ nf_flow_offload_ip_hook(void *priv, struct sk_buff *skb, ret = NF_STOLEN; break; case FLOW_OFFLOAD_XMIT_DIRECT: - ret = nf_flow_queue_xmit(state->net, skb, tuplehash, ETH_P_IP); + ret = nf_flow_queue_xmit(state->net, skb, tuplehash, + &flow->tuplehash[!dir], ETH_P_IP); if (ret == NF_DROP) flow_offload_teardown(flow); break; @@ -753,7 +844,8 @@ nf_flow_offload_ipv6_hook(void *priv, struct sk_buff *skb, ret = NF_STOLEN; break; case FLOW_OFFLOAD_XMIT_DIRECT: - ret = nf_flow_queue_xmit(state->net, skb, tuplehash, ETH_P_IPV6); + ret = nf_flow_queue_xmit(state->net, skb, tuplehash, + &flow->tuplehash[!dir], ETH_P_IPV6); if (ret == NF_DROP) flow_offload_teardown(flow); break; diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index 7b84d8d3469c..cdf1771906b8 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -124,13 +124,12 @@ static void nft_dev_path_info(const struct net_device_path_stack *stack, info->indev = NULL; break; } - if (!info->outdev) - info->outdev = path->dev; info->encap[info->num_encaps].id = path->encap.id; info->encap[info->num_encaps].proto = path->encap.proto; info->num_encaps++; if (path->type == DEV_PATH_PPPOE) memcpy(info->h_dest, path->encap.h_dest, ETH_ALEN); + info->xmit_type = FLOW_OFFLOAD_XMIT_DIRECT; break; case DEV_PATH_BRIDGE: if (is_zero_ether_addr(info->h_source)) @@ -158,8 +157,7 @@ static void nft_dev_path_info(const struct net_device_path_stack *stack, break; } } - if (!info->outdev) - info->outdev = info->indev; + info->outdev = info->indev; info->hw_outdev = info->indev; From patchwork Tue Jan 7 09:05:19 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13928499 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-ed1-f41.google.com (mail-ed1-f41.google.com [209.85.208.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C3B891E378C; Tue, 7 Jan 2025 09:06:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.41 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736240771; cv=none; b=g/18M6XZdZWXPTYz7J3PYtlCmuiLmORLE4UWHeaE5tPsVn+sdzvX2EUb51dljGpPA7Qma+xEWMd0vw1C9fGLOht5kL87vWvPUZosUd8bBLb/lpXQdbJ/tSJPWAGmR3Ffcs3ilz2hdC8aMnQgoum+vHZVmVRVDwqoGGyc4rfkRLU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736240771; c=relaxed/simple; bh=EiUlqjqcyycmVQh/cReUaNfMFD5MK6JvPeuoOO/UWjE=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=BIKC9xoNZ6SrQsI4vyg6WO8QecJbJHvHnP403f65uDQWbyHOGwstrxU3/DURATGVG4iY3a1rxZWKpIVORAsbuOKuW/mZ2olGdrgkqq1IV3Xry6D2xlOdEH3dH9N7QsyeBaw35idTFCFEOAhf9ED9K9H55Ft+FYohKNgOdsrAbO8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=bciSA5Vf; arc=none smtp.client-ip=209.85.208.41 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="bciSA5Vf" Received: by mail-ed1-f41.google.com with SMTP id 4fb4d7f45d1cf-5d647d5df90so11559608a12.2; Tue, 07 Jan 2025 01:06:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1736240764; x=1736845564; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=k+WwlYEDG0HLvBd8VAnV5F5MIiHlMD5bJhzWof6nBUU=; b=bciSA5Vf8OmUTv3Slz/gpPSUzrgzGdfrh7SaF1ZXAymjOepaRL/u9R2zTzZcKDcmH5 MkXm8eSxaU60rj48QJQQNHfbJMTObp9WwKaVlqNUa2ImuuXzNkKsFM+adVZgLHtLWOxn UMp6RzKpT57giI/lfY/hoKV2e6ZsG2BxdyEWziePqtCAL78gmIdP2ePve9/rGg7JWkyw 4iQJLulwf3RLqdi02YAWXDQKqyqche00wg9FHotMlwe0f2JJ5a5pOMG7vFXhWdRZZP/Z E1JXnJaSQ2I4lwwYAmIPH0F+yilKKGYZQnB1gHZN9pyhgkqsptnCAuuleVmN+y2H4Z4i N1Cw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736240764; x=1736845564; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=k+WwlYEDG0HLvBd8VAnV5F5MIiHlMD5bJhzWof6nBUU=; b=fCcujFkdytMtpdcPwzam9588FC4hA2SKO/+aUrrAv6RvSxMq8Rm1KruxkOK+6YcBP2 m94m2To4/I+rcuHTAcO3FIo7IKww38q6R01FUpj4S7U9EIBrv7dITzYEpFgmFyvU3xQV 1X/5Cl9ia2g0bK2cZWmrtW+r8SY3EE7lM7/XcfIkGlkaYWU7JSd/cF1Z004u3gXACfgV ckSRvfiWsJwZ4ZuMYwHZpVSnATeFqyt5Blt3+wjiCRCIf8ahNTxmrZG/BWsDasAcdOAK gk/oBsPQA4G/WppU85NJe+eVBpfPbUG/yixCYJRyNXbG9SyvHNVUOfU0uaqU9HKw+H2j JMYQ== X-Forwarded-Encrypted: i=1; AJvYcCVhExsB70lDHJiozNDS0tO+XR1DDg2XNduGuatEjxHxYvaPtDZsg5hXK3PEevZit31p9uvWkXtu7qh5BL80xyzY@vger.kernel.org, AJvYcCWoRti1W8+IANtmPl7K8WUC8WgXqB67Lbjw7WLiUvB9kF7at3aPTUfzP7Hxz8OEASkInQ4l3KE+B80XeRA=@vger.kernel.org X-Gm-Message-State: AOJu0YxXkKvCweOtsq8yQhwlPu8hEJONv0OdKVljfHBmPPIb2HbaGV7e 50j2M38/fm/Yr73S06JK89Xns9IDQPihKRlCix2vBrj42+RpytbR X-Gm-Gg: ASbGncu2LDA8HH22svaQnWClYRX1Bz5MxQQpfn3q+YZ93yjaFlWIU9ubROYKiIhH8AY qYkwsbm3f3eMLDztuuc1eeWgkDjH8buEDoc7IfHWi0MA7+DFd+xqo6+kIL7C0U6M96fdB6g1W9X uXY0dyrdVZc+LFm1CihqZDeBDw2V2wOReYiWJvqHajM2izo07piQ393ZpQXqxEd63gJgogi5eMx TXx+kFdD5Ksk8HtgMthrBo+cu+9g+3KwCeqouC9ZuokZvpZ8DOQEDoaZmloCkzr5+sATZ3hUAI1 YJkIMSo0N/YW/qqtwOsH4CHxVwD68wvw3PSSX5fYlDZhgEsAozVvWLF6/XDxBGhZBNgdVkY8HQ= = X-Google-Smtp-Source: AGHT+IE84iozQuTG7YLPXSHPMUD1Jp0Hd82dBIjkAMjnqzFh19j2OWr5/GOeKdXGrKNPV87nRB5Drg== X-Received: by 2002:a05:6402:524d:b0:5d2:723c:a57e with SMTP id 4fb4d7f45d1cf-5d81ddacfeemr57802207a12.16.1736240763963; Tue, 07 Jan 2025 01:06:03 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5d80676f3f9sm24005333a12.23.2025.01.07.01.06.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Jan 2025 01:06:03 -0800 (PST) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Andrew Lunn , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , David Ahern , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH v4 net-next 02/13] netfilter: bridge: Add conntrack double vlan and pppoe Date: Tue, 7 Jan 2025 10:05:19 +0100 Message-ID: <20250107090530.5035-3-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250107090530.5035-1-ericwouds@gmail.com> References: <20250107090530.5035-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org This adds the capability to conntrack 802.1ad, QinQ, PPPoE and PPPoE-in-Q packets that are passing a bridge. Signed-off-by: Eric Woudstra --- net/bridge/netfilter/nf_conntrack_bridge.c | 88 ++++++++++++++++++---- 1 file changed, 75 insertions(+), 13 deletions(-) diff --git a/net/bridge/netfilter/nf_conntrack_bridge.c b/net/bridge/netfilter/nf_conntrack_bridge.c index 816bb0fde718..31e2bcd71735 100644 --- a/net/bridge/netfilter/nf_conntrack_bridge.c +++ b/net/bridge/netfilter/nf_conntrack_bridge.c @@ -241,56 +241,118 @@ static unsigned int nf_ct_bridge_pre(void *priv, struct sk_buff *skb, const struct nf_hook_state *state) { struct nf_hook_state bridge_state = *state; + __be16 outer_proto, inner_proto; enum ip_conntrack_info ctinfo; + int ret, offset = 0; struct nf_conn *ct; - u32 len; - int ret; + u32 len, data_len; ct = nf_ct_get(skb, &ctinfo); if ((ct && !nf_ct_is_template(ct)) || ctinfo == IP_CT_UNTRACKED) return NF_ACCEPT; + switch (skb->protocol) { + case htons(ETH_P_PPP_SES): { + struct ppp_hdr { + struct pppoe_hdr hdr; + __be16 proto; + } *ph = (struct ppp_hdr *)(skb->data); + + data_len = ntohs(ph->hdr.length) - 2; + offset = PPPOE_SES_HLEN; + outer_proto = skb->protocol; + switch (ph->proto) { + case htons(PPP_IP): + inner_proto = htons(ETH_P_IP); + break; + case htons(PPP_IPV6): + inner_proto = htons(ETH_P_IPV6); + break; + default: + return NF_ACCEPT; + } + break; + } + case htons(ETH_P_8021Q): { + struct vlan_hdr *vhdr = (struct vlan_hdr *)(skb->data); + + data_len = 0xffffffff; + offset = VLAN_HLEN; + outer_proto = skb->protocol; + inner_proto = vhdr->h_vlan_encapsulated_proto; + break; + } + default: + data_len = 0xffffffff; + break; + } + + if (offset) { + switch (inner_proto) { + case htons(ETH_P_IP): + case htons(ETH_P_IPV6): + if (!pskb_may_pull(skb, offset)) + return NF_ACCEPT; + skb_pull_rcsum(skb, offset); + skb_reset_network_header(skb); + skb->protocol = inner_proto; + break; + default: + return NF_ACCEPT; + } + } + + ret = NF_ACCEPT; switch (skb->protocol) { case htons(ETH_P_IP): if (!pskb_may_pull(skb, sizeof(struct iphdr))) - return NF_ACCEPT; + goto do_not_track; len = skb_ip_totlen(skb); + if (data_len < len) + len = data_len; if (pskb_trim_rcsum(skb, len)) - return NF_ACCEPT; + goto do_not_track; if (nf_ct_br_ip_check(skb)) - return NF_ACCEPT; + goto do_not_track; bridge_state.pf = NFPROTO_IPV4; ret = nf_ct_br_defrag4(skb, &bridge_state); break; case htons(ETH_P_IPV6): if (!pskb_may_pull(skb, sizeof(struct ipv6hdr))) - return NF_ACCEPT; + goto do_not_track; len = sizeof(struct ipv6hdr) + ntohs(ipv6_hdr(skb)->payload_len); + if (data_len < len) + len = data_len; if (pskb_trim_rcsum(skb, len)) - return NF_ACCEPT; + goto do_not_track; if (nf_ct_br_ipv6_check(skb)) - return NF_ACCEPT; + goto do_not_track; bridge_state.pf = NFPROTO_IPV6; ret = nf_ct_br_defrag6(skb, &bridge_state); break; default: nf_ct_set(skb, NULL, IP_CT_UNTRACKED); - return NF_ACCEPT; + goto do_not_track; } - if (ret != NF_ACCEPT) - return ret; + if (ret == NF_ACCEPT) + ret = nf_conntrack_in(skb, &bridge_state); - return nf_conntrack_in(skb, &bridge_state); +do_not_track: + if (offset) { + skb_push_rcsum(skb, offset); + skb_reset_network_header(skb); + skb->protocol = outer_proto; + } + return ret; } - static unsigned int nf_ct_bridge_in(void *priv, struct sk_buff *skb, const struct nf_hook_state *state) { From patchwork Tue Jan 7 09:05:20 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13928497 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-ed1-f44.google.com (mail-ed1-f44.google.com [209.85.208.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1C8451E3769; Tue, 7 Jan 2025 09:06:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.44 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736240769; cv=none; b=lITbBMWIdy4k5ZDQLd79I4G36IrmbGG/0cuI5RJ76/PbNXur5y+ZqfeAH0PmwVtsXMC/M6EgovV3G00YNQLOHs3a+bNUbViMiC6A6oCguZt7Ifk8HMOESgA8QZ49sJ12oWss/Hb16y5m+FLQuUz9hVyiMYiqr4TcqWHYR4waNXo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736240769; c=relaxed/simple; bh=PpWhu6geevy6hVriSMI3jM+oaAQ6lslz7ZRk1SJTcoA=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ddzneO4vh0m2VEmJXvOy3576gUcqRhMw4S1gKgU/Mhy3IpGr5dMY9Hmo9a5jxMzr/D+TcTQogavlrRZZEpHlqw4SETG8KRy20it/LcrZobffzUJPWnsTDnzA6Avh1aistwwjcwVEGYhrjasTInzPH6k9rPM7Z/rjRsJLTVuzEaQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=kfNtifoa; arc=none smtp.client-ip=209.85.208.44 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="kfNtifoa" Received: by mail-ed1-f44.google.com with SMTP id 4fb4d7f45d1cf-5d414b8af7bso30380410a12.0; Tue, 07 Jan 2025 01:06:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1736240765; x=1736845565; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=BKIHos904u/55jjyV61JBBioSUFkR0jZBzN6/oqpIaY=; b=kfNtifoacDI6ToHAH302yyPrGKL6dvpFSYyLEojyhB9uIkvP8mHTlYgcKyuS/f2Xqq hWlr+arNHIJztz8SrMgh5WowzOTPR3dIGAUSoEn5T/xKuv2gNvhLMEGUrQReEk8aSxoc jIw/TB6bqFGZQdazY5rBRpzIxMKcX5D9oUq8FU0omDGVFW8mNJhNhrzb8lQMzos/IbPi Zp0cqaLEMzbbymPSjOMG+b5zBQHyFK8YrqLSonjTaF1wz9szD/8OtCr/lKANVldKPnAK Vqr7DPEL3afTxdSh9hSoFOTNDmZ43rBDpDqzZWRIKIaQG74cL0VlhgNtclIZp32+ffWy rMCA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736240765; x=1736845565; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=BKIHos904u/55jjyV61JBBioSUFkR0jZBzN6/oqpIaY=; b=s889h8GeVaZXj+rnY4csTy8YveRsNWWJcPYsWzXy2NDDaVBZL/vRlHUP/+gneuSjCL 3IuvVFU/oPALp/ZGxlMRAYb251LYm2BK6K/Gg6oenDZI6opZ88+v461PiJnD8iGhw4DH b71wU47dd8i67dyAS7AOZtf/2Y1FFfIqiTjh0XR3dyJNyVMw1XtmhkcLMVq1Tm7ai6+F 2q8uQbQ1VomGw83LrRnOQbHQrgepkCBqXuXZX80B7em6w75VBWjgtDTmxRzHsDxyFcVB cARai1qw3xjcu0oe7vawnq6LI3BsHQcTWk50YJyM+EBS/O/FyRv/RuWOiAoU8zITGl1S JnUw== X-Forwarded-Encrypted: i=1; AJvYcCXDh08hlW+5Gb0vwEt0g1vZAQEhwOW21m6XZ8LkBZjEx/w9fJ3ZvPjBgeNWt0QLD6EXd0X1Gi0VJlQIRdk=@vger.kernel.org, AJvYcCXQKBSX0IwOIVvOQVEa0nabqvbsrBivtLSSd5kokDva9vdUf7dzb/c+pYkTKluexcsfFG/7PBGiq5WytfeW5uRW@vger.kernel.org X-Gm-Message-State: AOJu0Yyyg42p7CDErDtMGMZ3eX9hcYF9KsOa0+Q93DJ1LpMtyfESnPgV HgJSbFFC4hmRuKI7oPFtCV0vW1IT9XI2lNQ5wQCPNqFG1hJu3yR8 X-Gm-Gg: ASbGncvNpaIJRdboJA5x8fT1Vlk1gXBoKVw4hfQivGT1QaG1/IgWf9fAg54/styIynw oUNjVMAEnGPK/YBdPHbUEpiLK8D5YXAIpTeV+mOn2JmmZCP8gLbDxRTPjwQPN3VyVMA+M8/RsOy d/xcUC594NScf7qbaPL8iHmFy2IAJeQ2Uac9hQXXPi9aGyQ76ICsDUsuHwHddGfQa9k7UJ5GXPJ F6f4Kxh0rXU4X98qgmyH57zvwSdnBb01X5seAup++sc8G9atGDE04zMo9xmdVCyvcBgpSOmWNTg XkF45leH9Pm48uvop9D2LmXi76e1p9yhp03EozFCtmSfeyGWnH+i1I3hYZD8AtqtL1tCMiZahQ= = X-Google-Smtp-Source: AGHT+IF9Q6hAjeuuV+Dr+SGY25DZC7a14teg1xdkg9BFE9rkMwMad+u2nsuZglYNPKcORNXEsZ1PbA== X-Received: by 2002:a05:6402:2315:b0:5d4:320:ee66 with SMTP id 4fb4d7f45d1cf-5d81de5d419mr44287641a12.31.1736240765137; Tue, 07 Jan 2025 01:06:05 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5d80676f3f9sm24005333a12.23.2025.01.07.01.06.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Jan 2025 01:06:04 -0800 (PST) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Andrew Lunn , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , David Ahern , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH v4 net-next 03/13] netfilter: nft_chain_filter: Add bridge double vlan and pppoe Date: Tue, 7 Jan 2025 10:05:20 +0100 Message-ID: <20250107090530.5035-4-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250107090530.5035-1-ericwouds@gmail.com> References: <20250107090530.5035-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org This adds the capability to evaluate 802.1ad, QinQ, PPPoE and PPPoE-in-Q packets in the bridge filter chain. Signed-off-by: Eric Woudstra --- net/netfilter/nft_chain_filter.c | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/net/netfilter/nft_chain_filter.c b/net/netfilter/nft_chain_filter.c index 7010541fcca6..91aa3fa43d31 100644 --- a/net/netfilter/nft_chain_filter.c +++ b/net/netfilter/nft_chain_filter.c @@ -232,11 +232,27 @@ nft_do_chain_bridge(void *priv, struct sk_buff *skb, const struct nf_hook_state *state) { + struct ethhdr *ethh = eth_hdr(skb); struct nft_pktinfo pkt; + int thoff; nft_set_pktinfo(&pkt, skb, state); - switch (eth_hdr(skb)->h_proto) { + switch (ethh->h_proto) { + case htons(ETH_P_PPP_SES): + thoff = PPPOE_SES_HLEN; + ethh += thoff; + break; + case htons(ETH_P_8021Q): + thoff = VLAN_HLEN; + ethh += thoff; + break; + default: + thoff = 0; + break; + } + + switch (ethh->h_proto) { case htons(ETH_P_IP): nft_set_pktinfo_ipv4_validate(&pkt); break; @@ -248,6 +264,8 @@ nft_do_chain_bridge(void *priv, break; } + pkt.thoff += thoff; + return nft_do_chain(&pkt, priv); } From patchwork Tue Jan 7 09:05:21 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13928498 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-ej1-f49.google.com (mail-ej1-f49.google.com [209.85.218.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 615F11E3DC6; Tue, 7 Jan 2025 09:06:08 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.49 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736240770; cv=none; b=eDDJ+czmzcv04ku/xeZIRF2w8clsegBzvk7YoDh3aAt1E/UZTG5Ogkkh0cDfU3pyJRNbMQiSr8L2bCB1Gb4TFbXQjgs9/tEemlA95L4WMndG8v5QAL4VAiSx5uAlXfXgVGwSgYkInlDBq99qVCGSgsVz6X6j0ePlKCl1v3NlQDw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736240770; c=relaxed/simple; bh=mCdJorupZbFaQ3ucEHtHHKn4v/RNMnVY9IhyUnZPOss=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=IR9FeRwH70Z6elSBTVwRJ3EOjIhysKXU4JNCk7/hGMPM+0GbuMl6t8eUTgl0WhoRBlXORNewGAMs031MX2tyhKalzWtwA14JHLlSKpdXfP9CWl2jtyx3KfvivU6AKNZvzWRbyxx6L1IktNANl/KLaipbvz5A3UW4AFSkLZmkH20= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=dHs5HuCv; arc=none smtp.client-ip=209.85.218.49 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="dHs5HuCv" Received: by mail-ej1-f49.google.com with SMTP id a640c23a62f3a-aa67333f7d2so2236011266b.0; Tue, 07 Jan 2025 01:06:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1736240767; x=1736845567; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=inK7YfAKbOx/gvsqH8JrlXFRxeSCmPFOnUoO4T3PkD0=; b=dHs5HuCv8s7JFD9zVnl1qkcGjiO0Ks0z2sT/M5EAFcBXt3KqdUk3I8l2lpGJ9Xd2mx WwcU0Npu/pXN9Fbjd0c+uupK19vjUJ3nzXQI7+cxbnNxtFql1xzZcTOTh6Ic7q7DXt9b 3H+avUaSClXMUmaU8NBLAsBakUZOy2qEppANgtZpzrzQOEJ9TKSBKOj/OSzdTkDqAu4a di63NxqtauK47iqLa0wUoN/PRrREf6aLjviM5OOkMLU9icVm00nyTlzqMmQ+mjaDfrHc +kr0j+8w8ZesSvukQ4rrqhAcohU5XSa7IUwdMoh1NyhTeQwbt30ZetizvPHd7X7P1ISP qIVQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736240767; x=1736845567; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=inK7YfAKbOx/gvsqH8JrlXFRxeSCmPFOnUoO4T3PkD0=; b=Ne3JpDKNEG+5eXn1EpWeeUjgeRe694FHm/McSiImRjx0XDdO5cMaBA++oy5DvJtqWy Hd3Vz2Z2bwe+mjRUJDzjbROr3op6GsSH8XLrVBcMWA+KprbGVM6anNE2sP+AqJQxpvn2 roRiWdK6sHLTfvakWO6IHCXf77sRyWRw0KVmp1XvHYIYt2+PhArl8NgYY6O0mUMqT0LF tNIBaEcF0Syv0+kxo9TpbAfTThUmXK1RcDkDTUh7WJTqusyPg3a9lJl/Sy3Rjqf6kENa t5CoVuUE1MT+HwzsOz3LjrOjK9iGD6ECnhRDjbw10MZAQQd2Z2n79Jwz0dHT1Y/faYfx VyxA== X-Forwarded-Encrypted: i=1; AJvYcCWm75z7mOAFg8LdvlObk/6WCNHlzDqmR5VNhtlX4KF2blZwVbFhdBNBQ43ja0LTrCAgC15HWEoP/HWRAoc54wNN@vger.kernel.org, AJvYcCXCjsMi6ScHiG+TXrG4MriGGJ3cyrtr0zt70PH3z2DAa654i5HPELSDtSzIW0xw8NArSblZoP1e3r07pWE=@vger.kernel.org X-Gm-Message-State: AOJu0YzlZb9d6uvwkioxmtn0cja2h7DGDGYFBdOB2CJT9rBsB6lYtfAd MtwgX5oaSgWzmNLokvMDWcMl2eJwxC0AR3vV1hs8fhbmfMFFySet X-Gm-Gg: ASbGncv0yiyHFyJ4whjTuEGFq8JlMnW5KnEEoOo/Mt9XcZI4CmmKWCAjNHI70erxbXv PTfeFYu0/dJOoz0Y2d4hTb+hzA8wB6R4K4SyLSLeCMGn9FnBdAcWryR4ZrSLJKECqSWmz7ytOgA cLBbGP1OO5BB2+loVGnArCNeANy2fbExa9azqfJklO5Z1h1TwSvZ1lf3NqjJQuKqAgRN0YA02GX qoDVzKEsXs9E3YpzwD6HcbM+S3+DoeSswjWYs+aGZ9Sr7v2pRQJHKQiZxD8ddGz8eX3chcyz8Wx qGOY3LCb2sgoUWewjN+UoAF82kuuTRoYsvtGr3JRqg5iM8UQVKbZlz/Ku+64nhDGTC/R0N0Uog= = X-Google-Smtp-Source: AGHT+IHrdDy9A9gTXFzVem5TTKGvqrwcwaAGIG1kmAOtqGfBDbimoZPMTBSrG7qD5IXkUnDJ5cWKBA== X-Received: by 2002:a17:907:1c1e:b0:aab:9268:2626 with SMTP id a640c23a62f3a-aac2cf5063fmr6251574966b.25.1736240766425; Tue, 07 Jan 2025 01:06:06 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5d80676f3f9sm24005333a12.23.2025.01.07.01.06.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Jan 2025 01:06:05 -0800 (PST) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Andrew Lunn , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , David Ahern , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH v4 net-next 04/13] bridge: Add filling forward path from port to port Date: Tue, 7 Jan 2025 10:05:21 +0100 Message-ID: <20250107090530.5035-5-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250107090530.5035-1-ericwouds@gmail.com> References: <20250107090530.5035-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org If a port is passed as argument instead of the master, then: At br_fill_forward_path(): find the master and use it to fill the forward path. At br_vlan_fill_forward_path_pvid(): lookup vlan group from port instead. Signed-off-by: Eric Woudstra --- net/bridge/br_device.c | 19 ++++++++++++++----- net/bridge/br_private.h | 2 ++ net/bridge/br_vlan.c | 6 +++++- 3 files changed, 21 insertions(+), 6 deletions(-) diff --git a/net/bridge/br_device.c b/net/bridge/br_device.c index 0ab4613aa07a..c7646afc8b96 100644 --- a/net/bridge/br_device.c +++ b/net/bridge/br_device.c @@ -383,16 +383,25 @@ static int br_del_slave(struct net_device *dev, struct net_device *slave_dev) static int br_fill_forward_path(struct net_device_path_ctx *ctx, struct net_device_path *path) { + struct net_bridge_port *src, *dst; struct net_bridge_fdb_entry *f; - struct net_bridge_port *dst; struct net_bridge *br; - if (netif_is_bridge_port(ctx->dev)) - return -1; + if (netif_is_bridge_port(ctx->dev)) { + struct net_device *br_dev; + + br_dev = netdev_master_upper_dev_get_rcu((struct net_device *)ctx->dev); + if (!br_dev) + return -1; - br = netdev_priv(ctx->dev); + src = br_port_get_rcu(ctx->dev); + br = netdev_priv(br_dev); + } else { + src = NULL; + br = netdev_priv(ctx->dev); + } - br_vlan_fill_forward_path_pvid(br, ctx, path); + br_vlan_fill_forward_path_pvid(br, src, ctx, path); f = br_fdb_find_rcu(br, ctx->daddr, path->bridge.vlan_id); if (!f) diff --git a/net/bridge/br_private.h b/net/bridge/br_private.h index 29d6ec45cf41..94603c64fb63 100644 --- a/net/bridge/br_private.h +++ b/net/bridge/br_private.h @@ -1584,6 +1584,7 @@ bool br_vlan_can_enter_range(const struct net_bridge_vlan *v_curr, const struct net_bridge_vlan *range_end); void br_vlan_fill_forward_path_pvid(struct net_bridge *br, + struct net_bridge_port *p, struct net_device_path_ctx *ctx, struct net_device_path *path); int br_vlan_fill_forward_path_mode(struct net_bridge *br, @@ -1753,6 +1754,7 @@ static inline int nbp_get_num_vlan_infos(struct net_bridge_port *p, } static inline void br_vlan_fill_forward_path_pvid(struct net_bridge *br, + struct net_bridge_port *p, struct net_device_path_ctx *ctx, struct net_device_path *path) { diff --git a/net/bridge/br_vlan.c b/net/bridge/br_vlan.c index d9a69ec9affe..07dae3655c26 100644 --- a/net/bridge/br_vlan.c +++ b/net/bridge/br_vlan.c @@ -1441,6 +1441,7 @@ int br_vlan_get_pvid_rcu(const struct net_device *dev, u16 *p_pvid) EXPORT_SYMBOL_GPL(br_vlan_get_pvid_rcu); void br_vlan_fill_forward_path_pvid(struct net_bridge *br, + struct net_bridge_port *p, struct net_device_path_ctx *ctx, struct net_device_path *path) { @@ -1453,7 +1454,10 @@ void br_vlan_fill_forward_path_pvid(struct net_bridge *br, if (!br_opt_get(br, BROPT_VLAN_ENABLED)) return; - vg = br_vlan_group(br); + if (p) + vg = nbp_vlan_group(p); + else + vg = br_vlan_group(br); if (idx >= 0 && ctx->vlan[idx].proto == br->vlan_proto) { From patchwork Tue Jan 7 09:05:22 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13928500 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-ed1-f52.google.com (mail-ed1-f52.google.com [209.85.208.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 90FFF1E47BC; Tue, 7 Jan 2025 09:06:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.52 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736240772; cv=none; b=JNyAQitixbq03Slr8VRNvlWFBQkzQfHcrLtIVZyfzpXCqW5mlHeoB+9cWIWEiPq42UuZZzL+bL647hT6oDDtgwMeca0Akcjz4VNcGIjGV4AB7j3nl1O9mSjeUZi/lTLDKVRyg5N4NkuyXpi1jARpxe4HdbnNOyW+ro5/IQ/NrXA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736240772; c=relaxed/simple; bh=7XmbWDndSEvs88PZzlZNFxYNYD1e9bNkx2NqAzllkzY=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=KMHpmdx9O/qSxywtnWVsXCOu0byoTXfbPIqBkHJyoSeCSN/BQWNxN2Y39gTreoRxcA0odKp0HaPUN6q6b1A0CRpgvgMxXqTROqVRTIS9Wh7C5cBUYklSjWikyujlwKjtt5+SwIA1bv96DeizzGoFqMsOF2BZ3ci0XMnSewW548k= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=XtjNUfdl; arc=none smtp.client-ip=209.85.208.52 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="XtjNUfdl" Received: by mail-ed1-f52.google.com with SMTP id 4fb4d7f45d1cf-5d3f28881d6so22742677a12.1; Tue, 07 Jan 2025 01:06:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1736240769; x=1736845569; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Nrwgi24+JwpSHmI0m5MVBAM3u5qvCwn+TDjEgeV2UcI=; b=XtjNUfdlhXs/HwxeGVf7SmkP9IO3QRT9OnHuPeJzlZ6RLrO5Zff+yyzW/RfRkrgtHz 9mTKWu4fcXT8wIe4YXEsZb45kL4lsPRqdNYjE0WQnK36J9itH+oU6iHihJH4orJwX1zO I/bdLGoSj2xMk2TBeZUqm6riK2jImndQD05esYa4O+M5LXRNOb6o5KFJU1rZq9lMXyOS yU8xoNQ38Dz+eOkkX7x/cSYzux5h4kmUdE9qgCw8VzAU7ZAC45LfGf6CbNQdFOnu1pMD aooXilDeetbbm6GIX6NmRDclPgCUW6zRJELYNC5PIQMzSDCbbSI2fg/RsAL5I2D3EUeG UHKg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736240769; x=1736845569; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Nrwgi24+JwpSHmI0m5MVBAM3u5qvCwn+TDjEgeV2UcI=; b=IMlLXARXh13Puo9vJyqw2EOLxh4sRoNps933Gq1p0lapZqxcqiYvyu9etgIPwcHgU6 lKx1GPfWQWQD0bVWRgXf9k6N9fKEkXghEr4Gl0qQs4BwhBcKRiAIp9lVTk0VPqoY8kjP e5XcGYRB5CZNDwfcpvExm47i8GDGBc1zPY09OTqtsisu+tG2o7XenpZ2Z92wsC3c4Kg0 C7M2ij9xEVG/wfmgbs3ZiRzGFt21J4Zq/XDJC+szCH7lAMQ9plFFsYYTgXXH+9gh6ONT wkoWehvO9te9czuOEDEvOukKymkAdDLqfTf88AqrR+qp3uoyNDIrxw0bZyd0sML+tL8J nv9g== X-Forwarded-Encrypted: i=1; AJvYcCU7QEyGojgG8n/tKDyzCNk3EWAtgDH83oh2G9Yg1aKY2nQYWg0E0kcsZVX6R7RT5uloZsbinbDejtqRaT3O7wby@vger.kernel.org, AJvYcCWMT9CeDXfeuNYMs2ppRGnbaDZ3LTUavj6MKOl+spTrwPNhIa/tWwtasHO2nxVRa/OTxXXc6uv4Sei4qog=@vger.kernel.org X-Gm-Message-State: AOJu0YzrZk8WXRcpptIrfg+8SVcXDw/rgnokGWpojNtlB/c7oN9DYAoo zcid9AyD/p0EQzJ5Lvv7nTWFeUafz3JpZLJ6AJzjuni1OhIySDWc X-Gm-Gg: ASbGncss+13GtuALqmqvb7UfPsCVh917uhN3a4tNX716rgV0BdG/+tnybt/AMWJeXgF rwTlJL/A+nTip4ukHBFhMObC9yRfXpKvsi5S/lnS2L2HhtW1k9kiHH23u49sFKDTx0JSEVvQnSq 6/z1XWTgE1RFEsPmkSw2hXhustO9Rczf3oe9P+omTni6ktAOZ25xyQLtd38C9jyuNtU6L/kdplr zWxMOJeSn02BSj72ektUw5LmERz/fSmRzTCmh+Mv+ENnORqhqwnNsf5kJp/Afn0vkLbZYu/U00N cnKmUVuh73KbKw6YPk1gsKZ9HDUUDbbJxsmSuN6s3P2sRm51aFi2G8ryz+KdvqlAcA/UjFIr1g= = X-Google-Smtp-Source: AGHT+IGuixhYjL4SuyghMfzPKIs9WMN7N2be7FgjYC3LBKQ+ZlOzUPBDz9qqDNyF0KSv3KcGoiKbCA== X-Received: by 2002:a05:6402:40c9:b0:5d1:1064:326a with SMTP id 4fb4d7f45d1cf-5d81ddbf672mr139428959a12.15.1736240768590; Tue, 07 Jan 2025 01:06:08 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5d80676f3f9sm24005333a12.23.2025.01.07.01.06.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Jan 2025 01:06:07 -0800 (PST) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Andrew Lunn , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , David Ahern , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH v4 net-next 05/13] net: core: dev: Add dev_fill_bridge_path() Date: Tue, 7 Jan 2025 10:05:22 +0100 Message-ID: <20250107090530.5035-6-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250107090530.5035-1-ericwouds@gmail.com> References: <20250107090530.5035-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org New function dev_fill_bridge_path(), similar to dev_fill_forward_path(). It handles starting from a bridge port instead of the bridge master. The structures ctx and nft_forward_info need to be already filled in with the (vlan) encaps. Signed-off-by: Eric Woudstra --- include/linux/netdevice.h | 2 ++ net/core/dev.c | 66 +++++++++++++++++++++++++++++++-------- 2 files changed, 55 insertions(+), 13 deletions(-) diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h index 2593019ad5b1..7d66a73b880c 100644 --- a/include/linux/netdevice.h +++ b/include/linux/netdevice.h @@ -3187,6 +3187,8 @@ void dev_remove_offload(struct packet_offload *po); int dev_get_iflink(const struct net_device *dev); int dev_fill_metadata_dst(struct net_device *dev, struct sk_buff *skb); +int dev_fill_bridge_path(struct net_device_path_ctx *ctx, + struct net_device_path_stack *stack); int dev_fill_forward_path(const struct net_device *dev, const u8 *daddr, struct net_device_path_stack *stack); struct net_device *__dev_get_by_flags(struct net *net, unsigned short flags, diff --git a/net/core/dev.c b/net/core/dev.c index e7223972b9aa..f41b159ee9c5 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -713,44 +713,84 @@ static struct net_device_path *dev_fwd_path(struct net_device_path_stack *stack) return &stack->path[k]; } -int dev_fill_forward_path(const struct net_device *dev, const u8 *daddr, - struct net_device_path_stack *stack) +static int dev_fill_forward_path_common(struct net_device_path_ctx *ctx, + struct net_device_path_stack *stack) { const struct net_device *last_dev; - struct net_device_path_ctx ctx = { - .dev = dev, - }; struct net_device_path *path; int ret = 0; - memcpy(ctx.daddr, daddr, sizeof(ctx.daddr)); - stack->num_paths = 0; - while (ctx.dev && ctx.dev->netdev_ops->ndo_fill_forward_path) { - last_dev = ctx.dev; + while (ctx->dev && ctx->dev->netdev_ops->ndo_fill_forward_path) { + last_dev = ctx->dev; path = dev_fwd_path(stack); if (!path) return -1; memset(path, 0, sizeof(struct net_device_path)); - ret = ctx.dev->netdev_ops->ndo_fill_forward_path(&ctx, path); + ret = ctx->dev->netdev_ops->ndo_fill_forward_path(ctx, path); if (ret < 0) return -1; - if (WARN_ON_ONCE(last_dev == ctx.dev)) + if (WARN_ON_ONCE(last_dev == ctx->dev)) return -1; } - if (!ctx.dev) + if (!ctx->dev) return ret; path = dev_fwd_path(stack); if (!path) return -1; path->type = DEV_PATH_ETHERNET; - path->dev = ctx.dev; + path->dev = ctx->dev; return ret; } + +int dev_fill_bridge_path(struct net_device_path_ctx *ctx, + struct net_device_path_stack *stack) +{ + const struct net_device *last_dev, *br_dev; + struct net_device_path *path; + + stack->num_paths = 0; + + if (!ctx->dev || !netif_is_bridge_port(ctx->dev)) + return -1; + + br_dev = netdev_master_upper_dev_get_rcu((struct net_device *)ctx->dev); + if (!br_dev || !br_dev->netdev_ops->ndo_fill_forward_path) + return -1; + + last_dev = ctx->dev; + path = dev_fwd_path(stack); + if (!path) + return -1; + + memset(path, 0, sizeof(struct net_device_path)); + if (br_dev->netdev_ops->ndo_fill_forward_path(ctx, path) < 0) + return -1; + + if (!ctx->dev || WARN_ON_ONCE(last_dev == ctx->dev)) + return -1; + + return dev_fill_forward_path_common(ctx, stack); +} +EXPORT_SYMBOL_GPL(dev_fill_bridge_path); + +int dev_fill_forward_path(const struct net_device *dev, const u8 *daddr, + struct net_device_path_stack *stack) +{ + struct net_device_path_ctx ctx = { + .dev = dev, + }; + + memcpy(ctx.daddr, daddr, sizeof(ctx.daddr)); + + stack->num_paths = 0; + + return dev_fill_forward_path_common(&ctx, stack); +} EXPORT_SYMBOL_GPL(dev_fill_forward_path); /** From patchwork Tue Jan 7 09:05:23 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13928501 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-ed1-f48.google.com (mail-ed1-f48.google.com [209.85.208.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9C49D1E493F; Tue, 7 Jan 2025 09:06:11 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.48 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736240773; cv=none; b=P0NXeIiRYsZ3r3txgVhNcKV/kANSt8/LqRVrYwSIrtY2VgOOinHMWsq4tWiiW/KDahVgDjQVSHg/cEufjCtKSF4JkgE+WqMkBU8FQTZ4kZZDPgJA1PtlibijB7uwC4qI2fujJIG/UGuxF4zOwzcXgmtiB8FNH1+7udw5wl3OkQE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736240773; c=relaxed/simple; bh=BvqBAh9vpYpaQZe3zOQxhCXX2RDxLCUEfBQIamImBGc=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=X4y6EfGNST7EP+SC1qk8iBs2j5EeOjHz2kxye/8ZwXulPXtoH+JJsTtZ5ZpvRK4UAvAtSRMseJq+WvJAaJ1OHnhMEipR6OhgOsFKId5PtOmMn+1TeDiB2IHPukpfFY6Cfy0DPMQiO9s4PymMsbnXEpeR0TrUFy9EsAGyB0Eekqs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=HVnxlqHu; arc=none smtp.client-ip=209.85.208.48 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="HVnxlqHu" Received: by mail-ed1-f48.google.com with SMTP id 4fb4d7f45d1cf-5d3dce16a3dso27117885a12.1; Tue, 07 Jan 2025 01:06:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1736240770; x=1736845570; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=0IPV+/btLneRoSo5HiyXyxa4AsB3fEttv56AKWcCbic=; b=HVnxlqHuYatQR2U8JSU66TbGh250Wo3H4JJI0BnjKKVC7yWKR38rwNW6Mc8NqOso3+ hKs0CzEGfcwL7nLV9z1PGO6rJpBAmgEtQA/R05IL1BG3Rve0SNQRXpLlkw4js8REFa3T 5ol2kfuLGg3m0ci1cH3B8c9CWIAUTR0tir08F1GFWMby6TZp751M0O+UsdReGR8zet8V fxtmM+INviAwGzWFxleNT4uvRb6MGo9w0++ibQPqzFEyW2HPyLD0TmBI2e9TmcKXvaGS gm2WfoezaFMkjG6dtTm3zkaICbfWLZQc51KC2GPgPr9YY8oyhzcLNhYUxeDRf78F8O2b ZKmQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736240770; x=1736845570; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=0IPV+/btLneRoSo5HiyXyxa4AsB3fEttv56AKWcCbic=; b=pHROv9CDe+bzBjzplW9UmOzLgxMdgnmYt2FAwPgR+zo/3sTNd9bkmm1F3dX2suEWZu CGtDs+EQurOYe8YeN2fo2BgsbOW/PWTs+7IXTIS0BBFIywNtqZjS9yScKV2J8Vy0IOB/ FcnS1CBazX/Rd/whsJk+eGtppbQhIIMiTCD9yDG+FK/Z9eM+pSmr/bJxzzqP5s/hujW3 c0pNmIN3ssFNvRabnU/HfQwLvQoEvOAWK9nQl72p5Qg76jM5y4ucYXHJ/xefn1IESD2l xZxvQTQsSRMYXucz2IQC4UoI8AY776TGIZMJSH4bxnBeoQ/aRtoVQBWn/0ftg5hMeGlK Sw+A== X-Forwarded-Encrypted: i=1; AJvYcCU/902lzqKhFxTR7/CB5QJmQ8nKFIiKrq3tGJ9Z06CeOATsgQFltrwT4i4g7T3XO8dHxFv5ujdLjWa67En1y/9+@vger.kernel.org, AJvYcCW59c5xM40XVKQflqWzCZS/9eu19vQLrtV/tnnBqt6rGv7e5Cxmi74acuh4oHQnxDhfx0wXT0sZKBKbJC4=@vger.kernel.org X-Gm-Message-State: AOJu0YxZbQuXfVJ3Y1y+lCy4k67FH+OLs4QK3u5cUVbQQKxkIKPgH/7I Ct6hbDSBEnEtcAG7rDWoCpxtx7c/hP4gHL91EOjDRw33cd1kJ5H6 X-Gm-Gg: ASbGncsoHbKw7sazdyvGnzqCsoxUGRWLtyD5YHYLR1CUrAxaPaDSsecni2mvgyetpJC ++wdNIrlczhLIRUpeyaC3RHmbiumS6nkf009xVcHi0ID7ps5tRFlXj8obL6wxpN++GfA0PTM6bI beg/Wu9i/0kt12Ckk/TjVvZTs1Kf1tSxpVk2+yGPYkszw5KZEJqwoZeDHKFwb7vLtgwLzviVWSc nyYl4AOzxT0ZQhXt3awjZdjH63Cs60rrOhnUVumOMlPP85Wwb5nNlOQkf3twPnwo58RbzgC2DYx /mtAsinDiz8jLTgVpuKZJZyEeWELui8zjgfhR/wn1xBid10U/u4EVMcqoF+a19jRlj19VM80Lg= = X-Google-Smtp-Source: AGHT+IGuwqZCeoYTDAlGotcMA4hMjnDwkRNwCsaQvYcPeOTdVvTuTBvdK5LwWWAVBu+HrkBFOHXWUg== X-Received: by 2002:a05:6402:26d1:b0:5d3:e9fd:9a16 with SMTP id 4fb4d7f45d1cf-5d95e916b32mr1930324a12.12.1736240769741; Tue, 07 Jan 2025 01:06:09 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5d80676f3f9sm24005333a12.23.2025.01.07.01.06.08 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Jan 2025 01:06:09 -0800 (PST) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Andrew Lunn , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , David Ahern , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH v4 net-next 06/13] netfilter :nf_flow_table_offload: Add nf_flow_rule_bridge() Date: Tue, 7 Jan 2025 10:05:23 +0100 Message-ID: <20250107090530.5035-7-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250107090530.5035-1-ericwouds@gmail.com> References: <20250107090530.5035-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org Add nf_flow_rule_bridge(). It only calls the common rule and adds the redirect. Signed-off-by: Eric Woudstra --- include/net/netfilter/nf_flow_table.h | 3 +++ net/netfilter/nf_flow_table_offload.c | 13 +++++++++++++ 2 files changed, 16 insertions(+) diff --git a/include/net/netfilter/nf_flow_table.h b/include/net/netfilter/nf_flow_table.h index b63d53bb9dd6..568019a3898a 100644 --- a/include/net/netfilter/nf_flow_table.h +++ b/include/net/netfilter/nf_flow_table.h @@ -341,6 +341,9 @@ void nf_flow_table_offload_flush_cleanup(struct nf_flowtable *flowtable); int nf_flow_table_offload_setup(struct nf_flowtable *flowtable, struct net_device *dev, enum flow_block_command cmd); +int nf_flow_rule_bridge(struct net *net, struct flow_offload *flow, + enum flow_offload_tuple_dir dir, + struct nf_flow_rule *flow_rule); int nf_flow_rule_route_ipv4(struct net *net, struct flow_offload *flow, enum flow_offload_tuple_dir dir, struct nf_flow_rule *flow_rule); diff --git a/net/netfilter/nf_flow_table_offload.c b/net/netfilter/nf_flow_table_offload.c index e06bc36f49fe..5543ce03a196 100644 --- a/net/netfilter/nf_flow_table_offload.c +++ b/net/netfilter/nf_flow_table_offload.c @@ -679,6 +679,19 @@ nf_flow_rule_route_common(struct net *net, const struct flow_offload *flow, return 0; } +int nf_flow_rule_bridge(struct net *net, struct flow_offload *flow, + enum flow_offload_tuple_dir dir, + struct nf_flow_rule *flow_rule) +{ + if (nf_flow_rule_route_common(net, flow, dir, flow_rule) < 0) + return -1; + + flow_offload_redirect(net, flow, dir, flow_rule); + + return 0; +} +EXPORT_SYMBOL_GPL(nf_flow_rule_bridge); + int nf_flow_rule_route_ipv4(struct net *net, struct flow_offload *flow, enum flow_offload_tuple_dir dir, struct nf_flow_rule *flow_rule) From patchwork Tue Jan 7 09:05:24 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13928503 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-ej1-f52.google.com (mail-ej1-f52.google.com [209.85.218.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B5C711E4937; Tue, 7 Jan 2025 09:06:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.52 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736240777; cv=none; b=auGcBJn/mLXdUrwICtEsXwJHBA/iryqU8Ih5oUDCiwYd0WyXYTb1aslAKoMJDHGu+TnQvv0lEfjttTf9qYPeY8wfvYAztYuRqHAlwb6a2bZfpe4YiA6T2FBvcu5FDCODFT8Tlz2efPJBld75sq8G5pmxsztyXGXvTVfk3ZwwhWI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736240777; c=relaxed/simple; bh=Xmg/u/sY6eLFrKn3iN8YG2bBcM9CQwqTudcQRkmzqU4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=K/gqrEJ53BkXMsxvko/X8v33pNFszEQpY37sucP1v6oOyCnV0S3N1kJxaqobJtUJilwv7raASalqwlKoTkpU5zABrUiuMclo0Fs4mrtb+/bqlFJ+3preWbFKNbirodNDizAW+cxIJ/mkyyiDoEzz35QIt/BSNOeqFTU3yxI4XjM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=eqvW4nhs; arc=none smtp.client-ip=209.85.218.52 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="eqvW4nhs" Received: by mail-ej1-f52.google.com with SMTP id a640c23a62f3a-aa6c0d1833eso3181670566b.1; Tue, 07 Jan 2025 01:06:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1736240772; x=1736845572; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=pk+qY6px5gG3FxqwFvW1Op3xt7LAoxtK3/4BHj1Cflg=; b=eqvW4nhssbGcYHRcGefSru9E9gQCOww2HALbaLnZl/B3+P/up4koW1/W2sAnyBl2oq MEWK1TmLgfoL41D8A3NnicFsiwkP0snydje2HQZYgsw6CapjOXmUXlex3D2DtDAWhmUk N2YrSB96pgbeJIC2R9DdxPWj8lYZk8la3SUWZrHD0WI6pxfWJ/IkK3XYPPqsOGa2Bm1r NmCSBgqXDP4j2kHkT6S0k0hpQbabyeWbTHNbAF04LoUgpSKtmqC1BMAE3RBhiLiRxpG1 QkVGjG60sAPgSTODANVcDTO60Iat6ToJ/3pHEjmbQV08ko4NXnRxMrssppUsyNHsLh6Z gjoA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736240772; x=1736845572; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=pk+qY6px5gG3FxqwFvW1Op3xt7LAoxtK3/4BHj1Cflg=; b=n9qPzYgItGcFdvcvibZtRbvXd+5neW6pu6RhF7eGloM+qXcxIR92r0CzmsUUtJwZiW VEuO40tzCG/Ol6wddX5cbxv6lvyagvRax0zdSIjlz+NzMMwhGWuLZiwGXbH1JRLqopiw B6KoOIQaXlRzgAlRag0OSTddZbrW/jE6i8jySxdhT8okd0Mv1m4LBciRtnSW1vO0r0ce b0/gbk+GfOTFOEHqldWQb0XX8g/RFV7ujdk5IdPs0j83tySp8uMfeIPH4egPzHCwInyi BpFgV8Upi8W6p7uZoI/sR4bZGWd6Jybrbt/XNzC7VyKbjXu3fIQ0N9pV0/WjxDcwUuWn 9ACg== X-Forwarded-Encrypted: i=1; AJvYcCU55/c0c8IwN4o45mhvGnYeC46Zk9pq1RIUgJb7/1l/kd4G9Qzt+oyWaOZW6Dp2hR+ijw2NjUC2SXk18Gfu2MZ2@vger.kernel.org, AJvYcCWkOwkSQAXdpAW6Ejn5RmQSHdx/1EJG0xPN1onf46lYq7oEFXN0FH0VkrWiLv8fvei5xffFQ6/zrxIwPY0=@vger.kernel.org X-Gm-Message-State: AOJu0YxMG4XnEhkWlO5XkL3wOeh2cE/GpJv0WoIWX+U0CJKaosjTCPQU WqQLHtuJOnnDpxhTRfk62fxzzPo/LjAW06jg6oQD906rfSdf+NCH X-Gm-Gg: ASbGnctjfp3pkPIIzQPi0eZDlyqBOOOZwObbB+k3SdewOPCAERgVneSRl4UmSUff94w 73TxUyQ7NTfzvRjv2obnyLC0FO13OjcpU7jlwe8r6cJXdYQ+QLtKEso7sOJgE6r869MxjCBwBci 0Vm5rXCwdLWsrGBVsh76wYg/DskMDdt2yp5J/A58lqas2rwh/dBWXUaZhAq02rJ6HHPS9+mIHsB sH/J7Uqn6kWs5v8ndelMUpKpCGC8dKB2RnvuJUkvkcCeEy5aJbWKfptlNZqfPK75GNNkKwnMq5B weYokvKXz6Ibk6ZeLvtLUzDUVQpO76x0Q0KSOYgdZbxqjK+C5t5n5VU3dFUeKrEiwYCldhppPQ= = X-Google-Smtp-Source: AGHT+IHcdg7P37o5nMvJ75yJzAoKxUItlEfQvHhKvQ23cSiQG4/81rp2XgnxG7pSjApH8tUEJOEr7g== X-Received: by 2002:a05:6402:35c7:b0:5d2:728f:d5f8 with SMTP id 4fb4d7f45d1cf-5d81de16998mr67591761a12.27.1736240771891; Tue, 07 Jan 2025 01:06:11 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5d80676f3f9sm24005333a12.23.2025.01.07.01.06.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Jan 2025 01:06:11 -0800 (PST) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Andrew Lunn , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , David Ahern , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH v4 net-next 07/13] netfilter: nf_flow_table_inet: Add nf_flowtable_type flowtable_bridge Date: Tue, 7 Jan 2025 10:05:24 +0100 Message-ID: <20250107090530.5035-8-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250107090530.5035-1-ericwouds@gmail.com> References: <20250107090530.5035-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org This will allow a flowtable to be added to the nft bridge family. Signed-off-by: Eric Woudstra --- net/netfilter/nf_flow_table_inet.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/net/netfilter/nf_flow_table_inet.c b/net/netfilter/nf_flow_table_inet.c index b0f199171932..80b238196f29 100644 --- a/net/netfilter/nf_flow_table_inet.c +++ b/net/netfilter/nf_flow_table_inet.c @@ -65,6 +65,16 @@ static int nf_flow_rule_route_inet(struct net *net, return err; } +static struct nf_flowtable_type flowtable_bridge = { + .family = NFPROTO_BRIDGE, + .init = nf_flow_table_init, + .setup = nf_flow_table_offload_setup, + .action = nf_flow_rule_bridge, + .free = nf_flow_table_free, + .hook = nf_flow_offload_inet_hook, + .owner = THIS_MODULE, +}; + static struct nf_flowtable_type flowtable_inet = { .family = NFPROTO_INET, .init = nf_flow_table_init, @@ -97,6 +107,7 @@ static struct nf_flowtable_type flowtable_ipv6 = { static int __init nf_flow_inet_module_init(void) { + nft_register_flowtable_type(&flowtable_bridge); nft_register_flowtable_type(&flowtable_ipv4); nft_register_flowtable_type(&flowtable_ipv6); nft_register_flowtable_type(&flowtable_inet); @@ -109,6 +120,7 @@ static void __exit nf_flow_inet_module_exit(void) nft_unregister_flowtable_type(&flowtable_inet); nft_unregister_flowtable_type(&flowtable_ipv6); nft_unregister_flowtable_type(&flowtable_ipv4); + nft_unregister_flowtable_type(&flowtable_bridge); } module_init(nf_flow_inet_module_init); @@ -118,5 +130,6 @@ MODULE_LICENSE("GPL"); MODULE_AUTHOR("Pablo Neira Ayuso "); MODULE_ALIAS_NF_FLOWTABLE(AF_INET); MODULE_ALIAS_NF_FLOWTABLE(AF_INET6); +MODULE_ALIAS_NF_FLOWTABLE(AF_BRIDGE); MODULE_ALIAS_NF_FLOWTABLE(1); /* NFPROTO_INET */ MODULE_DESCRIPTION("Netfilter flow table mixed IPv4/IPv6 module"); From patchwork Tue Jan 7 09:05:25 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13928502 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-ed1-f49.google.com (mail-ed1-f49.google.com [209.85.208.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 38FE71E9B31; Tue, 7 Jan 2025 09:06:15 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.49 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736240777; cv=none; b=SLx2SlIfj9VSnHSxq33IJ8NPuL3X3g8TFLgmLLuenBb/WuPXhIUtzTsD+QSktvj9wgRvU/gSC7sivQM7H3D+Jq+/DH96GBze38afvQkeZpfzoAuY/P5gJyjKGRCFhu05ZkWp4zgX7JW/AndhgcoZRMcxnvtg8lJAYt+Gw/1SPXE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736240777; c=relaxed/simple; bh=dxwgF+fYRk3V5G96b0Vv6EygsfQSyTWaswg0nQK3KaA=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=UnjtH3UH8XW6zS7mcACLXhXHaM2tUO2VanyPyqBvp9qEPajS2jxWhoPPRzy6zz3ozH3m8j0sVwVCgqaP2h1gEtlY6YW05TuX8x/JqE1VToTt24kDl40KqycUe+a691DQAkAfkZoL6Nx673ptITzoSVH7eYG34jbJR+fE/8KBdo4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=CX1ePOdk; arc=none smtp.client-ip=209.85.208.49 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="CX1ePOdk" Received: by mail-ed1-f49.google.com with SMTP id 4fb4d7f45d1cf-5d41848901bso29788239a12.0; Tue, 07 Jan 2025 01:06:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1736240773; x=1736845573; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=dC3jhTj5HQrnKJfxc0SY/ZIZuFArZD9eLZZ+JbLbIJI=; b=CX1ePOdkYpSYghZl33edVOGANIZ3BCpJ1XqkLWCNK0/mA+jfwNsDT59CjKo7N5MP17 47XCGY2RryNtu+Kwqa+zfuKxhY3rkmlmCD7fykIEGMiVXe5k09pOYOVTud0Hy94vorJo Etl4RZdPX6QFNwZsGA+Db/sLNRBcRm9spScRThfgr21GXFTnuvXcb56Q5mIlN/Fu9v+A nK30kUQ6iVJ5cIjlX8FDlUFr5fgApiCDwdee12Y+pkHFQkJdTN09R3/3PU4zw1zPawYq +fW5C+LGN14EzQIkfzUmUFz198T73dwo8bz9cQIm8pqkNJMLbDwOt/R4yXvcilPjbnYg A9Cg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736240773; x=1736845573; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=dC3jhTj5HQrnKJfxc0SY/ZIZuFArZD9eLZZ+JbLbIJI=; b=Stf1FYMT8PYjZOcZZu4H1ee3+Zdcp8CnOJ2IDfqlb6UrxoGds7biRXyv5zfUUCUBd9 RcugHmi09no9GxdJHLrnjmZ1mq5Hl5IJm5cjA95Wvu8UlmWMDttJlzETGyaLEj+HQF3I LzT3q3S/xCEMEU3/HI4gUhf5Gf1Q6BHA6QHJkCoJ5s+kyuvt8oGAWq13tt6598ap4ah4 Zl7T0sskwrl2TKlUy4l2jPMFuSg/Vq5MlTauiow1tTGtINtO67qR3yQltF3yww04opWC SO0UClbsHckIQq4Saq1rF/DSQEN8uzPPb+ctr5GlbAHhgzg0HN7FGAoWwzmMv+eAPU+t jI6Q== X-Forwarded-Encrypted: i=1; AJvYcCUNIDtzZMFE2OTYOmi9LMg4fh2SDzOMHvAVuZKiYma9DRC18loNI6iBiuP9SG8Kk7UrICIF/Mta7c4gHfoZVizO@vger.kernel.org, AJvYcCW0ogQtfmZXui+t6fQDgV8Iu4d2LLGquqhYBXUgCSipZyRSux0jtHkXgkCHBB1Txt63NJBm8UJvMUCKqjQ=@vger.kernel.org X-Gm-Message-State: AOJu0Yz6rOE1Vlkdbs30cs5B5wFX7K1m0loa2Z/DNSH7rLtYsEhth9Zn tF0UqSBdzcPShjTEEu3+qLlHovwTZZjjCZyKA9fEnUzDfmIPwlhw X-Gm-Gg: ASbGncvYizIdiBwhjNe6adTaes4MiGzDl3KEVbm1vvwiNNw3SzKDsZdyZ16eG4pdR/2 NsCTIrtLm3Myzygx/NzCJQGjeFd6yc0UgMO6bGl1kwAc5hQvxZi9/vTirLsZ3Yfu9dlqME5ciyZ /Q/X+a2hJULjNzFlrqUkjTWmrBZDRaRCtBMOyNWY9TU2LtVDsMxg4cm8ko0BN5qR4Xq9nVdhR4l kcFjtOW2ANlkwhv9vLL3FP3lGPX0vBzvJ/xGlWhlYq0Rg7BOopmKWTDE3jWylOCN5NTeOTpRm+1 LhfiJPfryouKmiZZa/i0w7TCOb4Olu1Elz9meue+I7rG5l8L6LeSvbEIv/e1rWt0EK+F9H7H+Q= = X-Google-Smtp-Source: AGHT+IGPm33fBqlSag/h/JxGM9QbnBBO/F6XspmD/3+zFhonYQ/Vf8Fd540DJY6vH70es8P0d2HC8A== X-Received: by 2002:a05:6402:1f4f:b0:5d8:8292:5674 with SMTP id 4fb4d7f45d1cf-5d95e8d541dmr2197749a12.7.1736240773221; Tue, 07 Jan 2025 01:06:13 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5d80676f3f9sm24005333a12.23.2025.01.07.01.06.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Jan 2025 01:06:12 -0800 (PST) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Andrew Lunn , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , David Ahern , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH v4 net-next 08/13] netfilter: nft_flow_offload: Add NFPROTO_BRIDGE to validate Date: Tue, 7 Jan 2025 10:05:25 +0100 Message-ID: <20250107090530.5035-9-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250107090530.5035-1-ericwouds@gmail.com> References: <20250107090530.5035-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org Need to add NFPROTO_BRIDGE to nft_flow_offload_validate() to support the bridge-fastpath. Signed-off-by: Eric Woudstra --- net/netfilter/nft_flow_offload.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index cdf1771906b8..cce4c5980ed5 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -421,7 +421,8 @@ static int nft_flow_offload_validate(const struct nft_ctx *ctx, if (ctx->family != NFPROTO_IPV4 && ctx->family != NFPROTO_IPV6 && - ctx->family != NFPROTO_INET) + ctx->family != NFPROTO_INET && + ctx->family != NFPROTO_BRIDGE) return -EOPNOTSUPP; return nft_chain_validate_hooks(ctx->chain, hook_mask); From patchwork Tue Jan 7 09:05:26 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13928504 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-ed1-f50.google.com (mail-ed1-f50.google.com [209.85.208.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5DD1B1E1C1A; Tue, 7 Jan 2025 09:06:16 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.50 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736240778; cv=none; b=uZiGaxRDpzSplTxLhoeVYBb8diVEYMXf6Wb7+5VbgGaPp88BWLIbpN9lJvcAXcrM17bu3K8VQkikw6GSME+sI9PB/EVTsMT3oi+NLxaM5lrpqgXddT+gpocuL82TIzCdylRW9kUmFCQghLyF1VefxNVqy59l05ri2fwH3Z1ACXY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736240778; c=relaxed/simple; bh=maNLh6FFLEFZWq9gMrHdXn5flUbXY1gxWqNWlBJHOOc=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Qa7wUbg8JSVsOOtAIwECDUQQzMd2awwGeKqIQvjqCKpUTNrW4Qh5XTt+rBKdM1X4FqmWPivBfFMpBFR32d9X3vIyGhsGdB8U4QOJ7ALycOjR3sEfBN0n2lDOvmjrG8Tb7q98X5f2T+ZJLCzle/Eg2EUz1nQJkDbY4otnnTxmwGA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=PW48o7e5; arc=none smtp.client-ip=209.85.208.50 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="PW48o7e5" Received: by mail-ed1-f50.google.com with SMTP id 4fb4d7f45d1cf-5d3e6274015so27119048a12.0; Tue, 07 Jan 2025 01:06:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1736240775; x=1736845575; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=XtgyJTf0nGEQy8dIgfNuKn9dKl89pMTFI5gYmniF26o=; b=PW48o7e5OtMp2yraKDrotdDc4dJ33gzVqJtqb+Z2hyzZSWTJWaOW4fzhc4P6DGfw8t GwFrFVeXWqC1KUb7mbN6asLrwFQqD45vaJU6U71KwwkwZeUp6osZJKZ0QkHGJg82qIoq 03oyFbcL1S8e0B+I0zY3/IydNrqbfjCsMah7UjmOGHgd7kXRFTgol1mCIrLGdOIMg7TC p94oYbiM/U5jBMgHUPn578O5fajKM0VcYd6PSPArfMyWy7kt7rU3s1QgobUxldJ8NPB6 otjnMZBFh7Oz4Q1z8rV1FXLD9njpMsNFhdNW7cw34/gmIHD70hjT+rzVIMfoNhOZ9YV3 Th6w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736240775; x=1736845575; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=XtgyJTf0nGEQy8dIgfNuKn9dKl89pMTFI5gYmniF26o=; b=efW/mrOHb90JGip5LT696F1A8woqPYiriob6QZovbQCwuYOT48/ntXy3IDN3V2yDVT iSc0vu2g/jmyqXKOmu/LzLkwHVYqthMnAkb+dw5CNRK3gHkJ2uPKaoWX7W9wdYpVu/sc vehVBnSdXQiNkzyCidayAlpwE+mR32EC5+tnhDhLMa1GhF6lmw1AQwqpFaExPLjDJ6i5 ar+BzzoO2Qw8nQnDN4NyqRO7nFlIL00dtTEF4ji2weqecxjqNddcVTOjs5HdoJdcZbYm gM0J9YlmRBgG1zCaYmSlrWD11Siy9tASnxEAp1FexQ6k1eDO/5u1E/NjYVRJTqUh276R Ml9A== X-Forwarded-Encrypted: i=1; AJvYcCVK3u+DDqA7zuWWz+KqDH0FtrDmKaeR3YCRQa/+gNxs6KFinyI9m83kWadq8R2GvVrhaROCyYqxNxQ0LSd4K3sx@vger.kernel.org, AJvYcCVZvCWdAtyBGIAGUPdZ1YeMq7km92fWQHtPHFSMRXZe8QEla5wkPX/fCK1AxNyuQb7UhmwNBn09sV0sC8w=@vger.kernel.org X-Gm-Message-State: AOJu0YwkI77D6dLW67j74JbwglXUqRSc4pNtoRpE2wofngP3/SKe+ARA oxvtG1wrQeCkxdu11Ll41uVvioyts77ze7lwjWvWr0SYBIRgZZ6O X-Gm-Gg: ASbGncu8y9RaVFGRNvlATCtWm66F3IGgeoCHs3kM2iIOYswTZndphr85QA7uiKB0+un +r5qRk/Qcv/1vhAGmXxpzzC+5frJ150EWh2NGZ9x/XcXrGNrALx79VqqprmXcAAXmU+ZNZPokKy CaSzahQMK0NulOUBstJhM6Bn7wLH9DtV600welgcIDDKz5daBrN+/QwZ989Ij2INE5A58ReFB8+ 55A8tq6GnL6gQFinSD12M1s7jAJfYCbrhfSLEwEB7Eij1OxE1Cxv1FUibTpBFtNTVlD+64HlZf8 lrUHxYzJfrZtUx/JGJldi7wvAYSuEv1W8fVb5YNFFymVOaNZDui24O/z34Er1LPl6ttrLEtL2A= = X-Google-Smtp-Source: AGHT+IHPxz9+uiCIXoSR9CoE/bJwFf3R4legPNbuUxKWFljvSeICAglSfIzYagTrY05Gf+jTQUtRFg== X-Received: by 2002:a50:cb8c:0:b0:5d9:a61:e7c9 with SMTP id 4fb4d7f45d1cf-5d90a61e843mr14049402a12.20.1736240774460; Tue, 07 Jan 2025 01:06:14 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5d80676f3f9sm24005333a12.23.2025.01.07.01.06.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Jan 2025 01:06:14 -0800 (PST) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Andrew Lunn , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , David Ahern , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH v4 net-next 09/13] netfilter: nft_flow_offload: Add DEV_PATH_MTK_WDMA to nft_dev_path_info() Date: Tue, 7 Jan 2025 10:05:26 +0100 Message-ID: <20250107090530.5035-10-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250107090530.5035-1-ericwouds@gmail.com> References: <20250107090530.5035-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org In case of using mediatek wireless, in nft_dev_fill_forward_path(), the forward path is filled, ending with mediatek wlan1. Because DEV_PATH_MTK_WDMA is unknown inside nft_dev_path_info() it returns with info.indev = NULL. Then nft_dev_forward_path() returns without setting the direct transmit parameters. This results in a neighbor transmit, and direct transmit not possible. But we want to use it for flow between bridged interfaces. So this patch adds DEV_PATH_MTK_WDMA to nft_dev_path_info() and makes direct transmission possible. Signed-off-by: Eric Woudstra --- net/netfilter/nft_flow_offload.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index cce4c5980ed5..f7c2692ff3f2 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -106,6 +106,7 @@ static void nft_dev_path_info(const struct net_device_path_stack *stack, switch (path->type) { case DEV_PATH_ETHERNET: case DEV_PATH_DSA: + case DEV_PATH_MTK_WDMA: case DEV_PATH_VLAN: case DEV_PATH_PPPOE: info->indev = path->dev; @@ -118,6 +119,10 @@ static void nft_dev_path_info(const struct net_device_path_stack *stack, i = stack->num_paths; break; } + if (path->type == DEV_PATH_MTK_WDMA) { + i = stack->num_paths; + break; + } /* DEV_PATH_VLAN and DEV_PATH_PPPOE */ if (info->num_encaps >= NF_FLOW_TABLE_ENCAP_MAX) { From patchwork Tue Jan 7 09:05:27 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13928505 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-ed1-f45.google.com (mail-ed1-f45.google.com [209.85.208.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 037BE1E3770; Tue, 7 Jan 2025 09:06:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.45 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736240781; cv=none; b=CEWkVIE7Q5CB76ti80LsxLCDQ8yZ44MRx0U7pKiPU7IJBJoGjDRQgyXioZSpxF1deVONCpJn0kPMVJchCpR5itvcKtMTfMMYcnemihlkxDkFePAAELMWijwt2XBp5XDiYF2SkZQnR0u81mkG7KV5CPWVG+TmCbsiU5fFUwnpHWM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736240781; c=relaxed/simple; bh=dbAGsONnKRZzlx83jeLRPcTwW8qS9zwjqCZyp+6J28s=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=g/9gdNgtmlex0xhY63icG7j9qcE0GINl6iRFsulbQHPNRTi17yAkhMC2qBbYt+ouXACurp/wi2qkxh7NKsfORyyx5PNubWU5wZ9NByCHpp2CYO+rwe/TcWN5pSLFJHs6+8MHgydCoKPNWH8k9IAuxN7PrGDG0UkIl7SzwjwvxpI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=ngVLpnKH; arc=none smtp.client-ip=209.85.208.45 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="ngVLpnKH" Received: by mail-ed1-f45.google.com with SMTP id 4fb4d7f45d1cf-5d3d14336f0so7465020a12.3; Tue, 07 Jan 2025 01:06:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1736240777; x=1736845577; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=BztZ0cfqRt9dxay4EdRKv7PmLiYD1WDU1Ehk6gLPnTE=; b=ngVLpnKHbFXNkRCDd9ATImdHzBtzFws297/bIyf1ONNWsyt2Uno4E/nQrovcc6iJxb lajTW1YJNbqMg0tYdF89Z+8/mrdT2q+Y+QZecz/kKJLcp/fmX8k55JwLU8RpJdkYgtFJ +hFvZXykTuGwBTALbGUG1IIHiVpE5ZUiBhu0Q6P5bP4pEOKj8w2JxUSWJAd0vrde22wC mdKVzMCt7DjTBeDXmozidUIzMSfjzVSZPgGIOVSBZ6FI6VzxQkJoi/8xqD9HfPDlaujK nSbW85wgHxZRg4rHNyZd/PZKBX2kULwk1y+P6LlFEdEy5IB65t5ygq+M8/kXVKUquYbl aemA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736240777; x=1736845577; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=BztZ0cfqRt9dxay4EdRKv7PmLiYD1WDU1Ehk6gLPnTE=; b=aQHfREHXsvRP+veR1kmUEb7ExLcEfYRnqSe6Uu+GudzWNN3h4/CbT6yUsF0m7PIjaz +ClXwmSwn5EAOEcZq4KFogulocYGcIL9rl/v+i/gugAsq7BJTYa3bPa4l8a8PLvNfruy Ou0uOF2161DgkezWpvn+zNwmBDk23V3Y8qNzco5vsQ7BMfnJD7lG46V1rrChCPjH+d35 uuRPF35Pkrucnt4M9sPWvwBvEdZBtMFBzHlIx8XuZwhO5FQTUYnzbn6gDTPAcpXjdzYs EbaF6zh6rX1dlTOFPzMd3SZCRTCtI+ThxP2wU0hjAm3q9FyIelWxj7TBLMUdVdaLYKpy 89BA== X-Forwarded-Encrypted: i=1; AJvYcCU0KNgvFL1QUAoghzlAsVV/mlLRCC3Id7vCgx5CHg/2Oz5c+PjKzJI7Sp5X4NqJnLVqLnvSx8HM22TV4NM=@vger.kernel.org, AJvYcCXjRyXc8KIj/sHSZYyWZvN8TVs/SpwYetHmP+bygjoR+Yef6yPdY3/S9PHYML1bdS9YWZsxNhAzMUBkvq7sji68@vger.kernel.org X-Gm-Message-State: AOJu0Yw8vG+Dnquch33BMuhmXN0puEjcwvtQymxF30B3juaLGD434ERo MV0XBGkbqjFoSBmmPQq8ZMTnhI2EBqpfBKHbamwaGIMne85JYn/0 X-Gm-Gg: ASbGnct0FhYsQOnTChvffNfz2oRBGFZ0ZZTPTl2DaVvOlQDG+fDyzyfdiGbIJOtd6bu hEcmA19MB4AGvf8DzPzl9FvcvT3r/44jwoc6GjROxrKNXXEUs1bdd1v6nBEBqkluZJIOLoCNw8U VzVnLKFsFaupISHvze0IPNlUBkW/l7MJ6lz5DdQsCMiqAm2SC0WvVAAYBR/KZAMbhNisznfuCw6 DaZk2RBfc7AteHBQH1IzmN49RuHX3EmbfGfmhPylcG9MWByNm3BJHjyzmKbhGlxmlouBXZVw973 jZmb4Oy1GRiPKW9036S7qtPt2SHGO9s7coKZJ5DluPI6tbdDV5EUQNY5Zgh94CWOv1BVPIIq5g= = X-Google-Smtp-Source: AGHT+IEMDL6I9+h+aUrnAuxFNluD15rn5fjLxiMza8iUCfO2DRYtl2bUPleLH8zIiEcHnLjnMReziQ== X-Received: by 2002:a05:6402:5253:b0:5d0:aa2d:6eee with SMTP id 4fb4d7f45d1cf-5d81ddf7fb6mr57943041a12.26.1736240776693; Tue, 07 Jan 2025 01:06:16 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5d80676f3f9sm24005333a12.23.2025.01.07.01.06.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Jan 2025 01:06:16 -0800 (PST) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Andrew Lunn , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , David Ahern , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH v4 net-next 10/13] netfilter: nft_flow_offload: No ingress_vlan forward info for dsa user port Date: Tue, 7 Jan 2025 10:05:27 +0100 Message-ID: <20250107090530.5035-11-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250107090530.5035-1-ericwouds@gmail.com> References: <20250107090530.5035-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org The bitfield info->ingress_vlans and correcponding vlan encap are used for a switchdev user port. However, they should not be set for a dsa user port. Signed-off-by: Eric Woudstra --- net/netfilter/nft_flow_offload.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index f7c2692ff3f2..387e5574c31f 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -117,6 +117,11 @@ static void nft_dev_path_info(const struct net_device_path_stack *stack, break; if (path->type == DEV_PATH_DSA) { i = stack->num_paths; + if (!info->num_encaps || + !(info->ingress_vlans & BIT(info->num_encaps - 1))) + break; + info->num_encaps--; + info->ingress_vlans &= ~BIT(info->num_encaps - 1); break; } if (path->type == DEV_PATH_MTK_WDMA) { From patchwork Tue Jan 7 09:05:28 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13928507 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-ej1-f54.google.com (mail-ej1-f54.google.com [209.85.218.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0A9A41EE7DF; Tue, 7 Jan 2025 09:06:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.54 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736240784; cv=none; b=WXtxj5Mt7Mw6RZWmXWTDwMF9zYxC9UDLwYCiCgNBFY8Ea1NB+uWL+jK1aQ0FTY4RZSEcTKhBER3N6hHJN80PPUUeYjE7E3fC/TwNuURF6L3BBkxB2ZKMFLmJCoqcP2tZYVjnY9ZAoO/T2N5omWCAZuGBtVnP0AzvyQIvUX/UtSc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736240784; c=relaxed/simple; bh=HatO8o2t8hOjMXOG7SdN9eW8i9smGPaf05kEwn4y+GQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=IO90bMYBVnzfz4Zg9uS5NiUHZsj755LjwVCSF/ibTmuNIufnn/LLMQqgWgM2NoOEFw06tCDIohIvUssrMvmQfIWhe37Udk6gbJPhW37w2xkWGiOz+LcrTVJC41qgL536Bj5OEfrrroiKSoqyPsDWkKSUjPU6jG8hlWLyGShC1UQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=BE2IwmdC; arc=none smtp.client-ip=209.85.218.54 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="BE2IwmdC" Received: by mail-ej1-f54.google.com with SMTP id a640c23a62f3a-a9e44654ae3so2550110066b.1; Tue, 07 Jan 2025 01:06:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1736240778; x=1736845578; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=c9/TvKRPWpgFkI5Z6u1yRjdyakFY+K8HugvLg1dhslU=; b=BE2IwmdCGyheThGvgzfI8jCmkteQRdvW1xfOImS1i3ROCR+oy1lQB44wn3bkGk/z6V AtwTqbS/uxX5RqQezKkae/L/CA9bLDfSiYoy9IjM3II88HSpWyZQbQK+9W2kb7Bm91nS pxM4ViXsSx+6gt32404aszTm82U4+eroHUHHiWlvER54ZBRRBGyr34QkZnZU5AokMlx9 WLWQ29KGnYOxJJ2bklEeFQ3DQBVc7h6w+3Js86cfjygrH/AokxQluRxKYhFEp3XXTAsQ yt3rIMvelTpLIfd0vFKt3C8HcoGadhG7kqJA2T6l198Wp3UA8+t8XYVjOp5U6QCz2UL/ VqCA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736240778; x=1736845578; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=c9/TvKRPWpgFkI5Z6u1yRjdyakFY+K8HugvLg1dhslU=; b=n6h2DrZIzWZx524x0bzMl/axwyms6AqO0J9yawGyXpGwnD+fL95509p1on3m4Zqxfq FwOkBavEkF1U/AY7j3CDv7Rjw/HPXDOOI5JrF/rENNQHVM5eibvQ+Sj0z+TJy/nL+FLF v0wJ4Dv5r47oWvIHEk7MmHZMtb28TdCe2exttULnqQXEyKC6ofc1XQc2mA4atKKNM98x EkXG3ZHVkVv7AIMKSZyghi9DTQAnNBFx6mC2IrKnRNuTaGtQk846CAPlP1BBzVp6KzaL vDT2c1sJhA5SooBaZYmpcmHs3sjBGWE6ZIpF2vTAkns9RheBsDXY2Z+iZU+8qBhPV9yJ 2d/A== X-Forwarded-Encrypted: i=1; AJvYcCUPutNioYaeJ3hxnC52EZ36N2Gy7WkFGyXhPDu/P2fJ2vB8FLC23p5jVmkaZB43hx9l4QrBU0XhcXikR34=@vger.kernel.org, AJvYcCWD/p+Ry/hBOTEAFUx3BSDul3Wd5TaMV810MRTu/Bab71lvP+VYqYv83b1KT3vFZpXK6vSN+IQFMqucpU+UJNsN@vger.kernel.org X-Gm-Message-State: AOJu0YwgA51JJ8wjGpgMbdXNglS2TVlPKiSNzk+s3jSkQUA4/u4RzSG6 WqQjTQq3bt0/6iruRfmjuNFN5M3TTQ4Vz2+cjEp6WorYCXAjCBnp X-Gm-Gg: ASbGnctCBRSYfNwaKQgkEsyANfkSy7zU2y1yWaDdLCzoiERJ8KwTZYnbfB9hp2SSIJr KPM+XmlJ5ck+/LVYWRH2lgvF3y+VLkvG5LSdFPX8NTZA4YE7zxiThVZy2hOWaUFQZLedOjgtlsW B8WHdZfdC6WR0aqryTu4/w7PZEqMY38IUo8Gm1tUMtahwoS6JVl4D1RFiHw1tumVN1xDFhzeWQj 2Bn/xlK9u08NeF16ru83yZCoHmBFAe/Ksmw2o5Kxp/cArn7KYHiChUFT3VMjisRg87fRPPbxwOL rZYHv9Ne03RIGmPDtMtWn2nIzYZNEyBMK7CX3j8RaSoRDawAMurk+AhbGdLpAb7E3vot4w+jpQ= = X-Google-Smtp-Source: AGHT+IHdVy6Qh1qZGtVgd8n+OJxf5iK/E+S3j6UfqiQPaQRG6QNZMxXigkGNUkGK3KdZcEdkCWqhIg== X-Received: by 2002:a17:907:9304:b0:aaf:c27e:12e9 with SMTP id a640c23a62f3a-aafc27e141emr1105602266b.14.1736240777946; Tue, 07 Jan 2025 01:06:17 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5d80676f3f9sm24005333a12.23.2025.01.07.01.06.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Jan 2025 01:06:17 -0800 (PST) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Andrew Lunn , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , David Ahern , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH v4 net-next 11/13] bridge: No DEV_PATH_BR_VLAN_UNTAG_HW for dsa foreign Date: Tue, 7 Jan 2025 10:05:28 +0100 Message-ID: <20250107090530.5035-12-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250107090530.5035-1-ericwouds@gmail.com> References: <20250107090530.5035-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org In network setup as below: fastpath bypass .----------------------------------------. / \ | IP - forwarding | | / \ v | / wan ... | / | | | | | brlan.1 | | | +-------------------------------+ | | vlan 1 | | | | | | brlan (vlan-filtering) | | | +---------------+ | | | DSA-SWITCH | | | vlan 1 | | | | to | | | | untagged 1 vlan 1 | | +---------------+---------------+ . / \ ----->wlan1 lan0 . . . ^ ^ vlan 1 tagged packets untagged packets br_vlan_fill_forward_path_mode() sets DEV_PATH_BR_VLAN_UNTAG_HW when filling in from brlan.1 towards wlan1. But it should be set to DEV_PATH_BR_VLAN_UNTAG in this case. Using BR_VLFLAG_ADDED_BY_SWITCHDEV is not correct. The dsa switchdev adds it as a foreign port. The same problem for all foreignly added dsa vlans on the bridge. First add the vlan, trying only native devices. If this fails, we know this may be a vlan from a foreign device. Use BR_VLFLAG_TAGGING_BY_SWITCHDEV to make sure DEV_PATH_BR_VLAN_UNTAG_HW is set only when there if no foreign device involved. Signed-off-by: Eric Woudstra --- include/net/switchdev.h | 1 + net/bridge/br_private.h | 10 ++++++++++ net/bridge/br_switchdev.c | 15 +++++++++++++++ net/bridge/br_vlan.c | 7 ++++++- net/switchdev/switchdev.c | 2 +- 5 files changed, 33 insertions(+), 2 deletions(-) diff --git a/include/net/switchdev.h b/include/net/switchdev.h index 8346b0d29542..ee500706496b 100644 --- a/include/net/switchdev.h +++ b/include/net/switchdev.h @@ -15,6 +15,7 @@ #define SWITCHDEV_F_NO_RECURSE BIT(0) #define SWITCHDEV_F_SKIP_EOPNOTSUPP BIT(1) #define SWITCHDEV_F_DEFER BIT(2) +#define SWITCHDEV_F_NO_FOREIGN BIT(3) enum switchdev_attr_id { SWITCHDEV_ATTR_ID_UNDEFINED, diff --git a/net/bridge/br_private.h b/net/bridge/br_private.h index 94603c64fb63..f60a7bb7af26 100644 --- a/net/bridge/br_private.h +++ b/net/bridge/br_private.h @@ -180,6 +180,7 @@ enum { BR_VLFLAG_MCAST_ENABLED = BIT(2), BR_VLFLAG_GLOBAL_MCAST_ENABLED = BIT(3), BR_VLFLAG_NEIGH_SUPPRESS_ENABLED = BIT(4), + BR_VLFLAG_TAGGING_BY_SWITCHDEV = BIT(5), }; /** @@ -2184,6 +2185,8 @@ void br_switchdev_mdb_notify(struct net_device *dev, int type); int br_switchdev_port_vlan_add(struct net_device *dev, u16 vid, u16 flags, bool changed, struct netlink_ext_ack *extack); +int br_switchdev_port_vlan_no_foreign_add(struct net_device *dev, u16 vid, u16 flags, + bool changed, struct netlink_ext_ack *extack); int br_switchdev_port_vlan_del(struct net_device *dev, u16 vid); void br_switchdev_init(struct net_bridge *br); @@ -2267,6 +2270,13 @@ static inline int br_switchdev_port_vlan_add(struct net_device *dev, u16 vid, return -EOPNOTSUPP; } +static inline int br_switchdev_port_vlan_no_foreign_add(struct net_device *dev, u16 vid, + u16 flags, bool changed, + struct netlink_ext_ack *extack) +{ + return -EOPNOTSUPP; +} + static inline int br_switchdev_port_vlan_del(struct net_device *dev, u16 vid) { return -EOPNOTSUPP; diff --git a/net/bridge/br_switchdev.c b/net/bridge/br_switchdev.c index 7b41ee8740cb..efa7a055b8f9 100644 --- a/net/bridge/br_switchdev.c +++ b/net/bridge/br_switchdev.c @@ -187,6 +187,21 @@ int br_switchdev_port_vlan_add(struct net_device *dev, u16 vid, u16 flags, return switchdev_port_obj_add(dev, &v.obj, extack); } +int br_switchdev_port_vlan_no_foreign_add(struct net_device *dev, u16 vid, u16 flags, + bool changed, struct netlink_ext_ack *extack) +{ + struct switchdev_obj_port_vlan v = { + .obj.orig_dev = dev, + .obj.id = SWITCHDEV_OBJ_ID_PORT_VLAN, + .obj.flags = SWITCHDEV_F_NO_FOREIGN, + .flags = flags, + .vid = vid, + .changed = changed, + }; + + return switchdev_port_obj_add(dev, &v.obj, extack); +} + int br_switchdev_port_vlan_del(struct net_device *dev, u16 vid) { struct switchdev_obj_port_vlan v = { diff --git a/net/bridge/br_vlan.c b/net/bridge/br_vlan.c index 07dae3655c26..3e50adaf8e1b 100644 --- a/net/bridge/br_vlan.c +++ b/net/bridge/br_vlan.c @@ -109,6 +109,11 @@ static int __vlan_vid_add(struct net_device *dev, struct net_bridge *br, /* Try switchdev op first. In case it is not supported, fallback to * 8021q add. */ + err = br_switchdev_port_vlan_no_foreign_add(dev, v->vid, flags, false, extack); + if (err != -EOPNOTSUPP) { + v->priv_flags |= BR_VLFLAG_ADDED_BY_SWITCHDEV | BR_VLFLAG_TAGGING_BY_SWITCHDEV; + return err; + } err = br_switchdev_port_vlan_add(dev, v->vid, flags, false, extack); if (err == -EOPNOTSUPP) return vlan_vid_add(dev, br->vlan_proto, v->vid); @@ -1491,7 +1496,7 @@ int br_vlan_fill_forward_path_mode(struct net_bridge *br, if (path->bridge.vlan_mode == DEV_PATH_BR_VLAN_TAG) path->bridge.vlan_mode = DEV_PATH_BR_VLAN_KEEP; - else if (v->priv_flags & BR_VLFLAG_ADDED_BY_SWITCHDEV) + else if (v->priv_flags & BR_VLFLAG_TAGGING_BY_SWITCHDEV) path->bridge.vlan_mode = DEV_PATH_BR_VLAN_UNTAG_HW; else path->bridge.vlan_mode = DEV_PATH_BR_VLAN_UNTAG; diff --git a/net/switchdev/switchdev.c b/net/switchdev/switchdev.c index 6488ead9e464..c48f66643e99 100644 --- a/net/switchdev/switchdev.c +++ b/net/switchdev/switchdev.c @@ -749,7 +749,7 @@ static int __switchdev_handle_port_obj_add(struct net_device *dev, /* Event is neither on a bridge nor a LAG. Check whether it is on an * interface that is in a bridge with us. */ - if (!foreign_dev_check_cb) + if (!foreign_dev_check_cb || port_obj_info->obj->flags & SWITCHDEV_F_NO_FOREIGN) return err; br = netdev_master_upper_dev_get(dev); From patchwork Tue Jan 7 09:05:29 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13928506 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-ed1-f41.google.com (mail-ed1-f41.google.com [209.85.208.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 07B111E377A; Tue, 7 Jan 2025 09:06:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.41 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736240783; cv=none; b=uv4LL7uIHrie3HNpH873w9EmMMyMaPzjCPzc3WKGlx6SOrZlSYwvF/iu0ya+zri2wF6+x/9OZaujwXCptqbzymKcQWfRtHInZB+7Zsfn5VvjA2aOOeBmS/iAHIhzkrXoExRp1reVJi0vDMvW7PI2rmvVQXFpjsiyLgabhOrXN70= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736240783; c=relaxed/simple; bh=fNXC6p1bCW+M/ZEhva8GTHTSh+ddIIBQnzEoEEizoog=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ch+Jyk0gF5wQPTEXMn39QN4l26AZ4V2BPpPnLTWvayaP3w01bn1T9RSQbO2JQ4CovrbX8OvTpq6I6TLdTlxxvVptLh1uS0kp2YiYwFl8HL4DwVunMrkpn40ejdp5+9sOG/nR2c1pHZ06xnoOipseMaYuDhL0Z3rApMb8mXnpNYo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=AFDFLODX; arc=none smtp.client-ip=209.85.208.41 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="AFDFLODX" Received: by mail-ed1-f41.google.com with SMTP id 4fb4d7f45d1cf-5d7e527becaso25989170a12.3; Tue, 07 Jan 2025 01:06:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1736240779; x=1736845579; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=ElntuwObyWWTXWyk0nhZUVrAyxwm6+3uBHbEuscDHA0=; b=AFDFLODXFhN4fjLVwVCb6VKvvdxMY/jC/iqkKb8O+7f1pAWYxWOaME8hXseJ0U5SOA 1uCC6SJmvvjlUWbdzWbZq1c9vg28cI5bHtzYwQaf7RmGVOC+nrRq9XlfJUnn3r72k/S5 j1/P80MzFs4E/q9nqsbxZkbfx/Wa72L1S5uSwjZ2OGMXfZns/pKGmheyzZxLbncor3T5 5ds3kvxt4uCdxpUnoFLb4hg5RQT0P8BPFEMdgBM5HReK+uwe3xC+MA/AdHbrkr1Ptkny tswh7dwXalZjgAIgXYB2D0Uu9npW9RwaD9MnvcsAv5k6CCo4yKlwWdnsyG+19/SBvqGl wucw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736240779; x=1736845579; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ElntuwObyWWTXWyk0nhZUVrAyxwm6+3uBHbEuscDHA0=; b=QJHXv44JXecCNjIUeqPikUfwG76hlJ1WwUiD0Gq/OZdx4Q35VwqiOKpFu1RwADc6jp lhsCri9QIW8+LpTapZJQyJy36iesRR3R+x4okRgtdnLcSc8DtpO3j5UBpl3wXPpEkipY 9mi9Rws+4jJBlB7bHof+w6+0ApHT9h6EcrKMJckBj8pa0B/gVw+NolGgccGFbAJsaoOW YHvVGeRTsVNPikdwuzviAy8LoIvHAEP0nZ+2KguhSjd/ekJUiVWijtEIe1o5ervZ8GKD vvMEVJhZiEPzzdNlV39GHeoWLBvFp0WTTFKm3gTBsJ5SV5A74Cp4d1QX64y7RZRqkeg+ CBoA== X-Forwarded-Encrypted: i=1; AJvYcCUzTGQPuZdxBsJjgL2VPeJfJo0ZMy0n8JHYrM/5xXIz/4/+6irWON2EbEVnl+GY7POltzbe75fp2vV4EDg=@vger.kernel.org, AJvYcCXk6TjxhdBXl3dUaK2h+w5BvrpJpIkJ17uscRj53bQ1V0rduW+DCNuoVd1dCBcyxG+tISVQcDYKLnGAAi//fK52@vger.kernel.org X-Gm-Message-State: AOJu0YxQAb+pKeL2CGgV34iB7/XE5sWF0GF+rL72rex8o7ZzOG5aYPHE YnwcvNXyDD//dIDiNlLF8WkihuO4HG2K3FXpbl4dr6H1AqmSbqPK X-Gm-Gg: ASbGncsH1mdT95BaWIj1TZVePogzpo/QuP10DwOmZdxVXXSnNm+Rt85CQt93m1MGWjr ncOjThORRrThUFcolHdfYtVgVQ+sRb9nTj0fQ8o64nRkIEAfr6ITa0C/zIpjsZzSHUXG9sDBrEU +uOcIkMg1KZu7nLdlD9mG5YzPHYO8mlZ7WY1FskNMeUTQFa7agMSbaBe/reuE3hrtD/kc5ZJ1Zr bBa0qB73pJlusWx6oFFztLxF78DwQvvKXz+DStCfKL/IKHqvKgBAkPn7WsMGR3ADuXH82SElat6 9cRoen1+b5cWihvGIsG3P/XzjFSKHK25Xrna08leo5fa9sE0/3ZUy0QROEE385NJ/r9732qhgg= = X-Google-Smtp-Source: AGHT+IGt7vXeWi8jtx2prBY+YfADkXQQ34zgfUpIHrQ42iesCfqHcrSyvvrAit9+d72yO+NjyUOXkA== X-Received: by 2002:a05:6402:210f:b0:5d0:cfad:f71 with SMTP id 4fb4d7f45d1cf-5d81de1c921mr140645365a12.32.1736240779167; Tue, 07 Jan 2025 01:06:19 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5d80676f3f9sm24005333a12.23.2025.01.07.01.06.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Jan 2025 01:06:18 -0800 (PST) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Andrew Lunn , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , David Ahern , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH v4 net-next 12/13] bridge: Introduce DEV_PATH_BR_VLAN_KEEP_HW for bridge-fastpath Date: Tue, 7 Jan 2025 10:05:29 +0100 Message-ID: <20250107090530.5035-13-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250107090530.5035-1-ericwouds@gmail.com> References: <20250107090530.5035-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org This patch introduces DEV_PATH_BR_VLAN_KEEP_HW. It is needed in the bridge fastpath for switchdevs supporting SWITCHDEV_OBJ_ID_PORT_VLAN. It is similar to DEV_PATH_BR_VLAN_TAG, with the correcponding bit in ingress_vlans set. In the forward fastpath it is not needed. Signed-off-by: Eric Woudstra --- include/linux/netdevice.h | 1 + net/bridge/br_device.c | 4 ++++ net/bridge/br_vlan.c | 18 +++++++++++------- net/netfilter/nft_flow_offload.c | 3 +++ 4 files changed, 19 insertions(+), 7 deletions(-) diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h index 7d66a73b880c..cf754ebb19df 100644 --- a/include/linux/netdevice.h +++ b/include/linux/netdevice.h @@ -871,6 +871,7 @@ struct net_device_path { DEV_PATH_BR_VLAN_TAG, DEV_PATH_BR_VLAN_UNTAG, DEV_PATH_BR_VLAN_UNTAG_HW, + DEV_PATH_BR_VLAN_KEEP_HW, } vlan_mode; u16 vlan_id; __be16 vlan_proto; diff --git a/net/bridge/br_device.c b/net/bridge/br_device.c index c7646afc8b96..112fd8556217 100644 --- a/net/bridge/br_device.c +++ b/net/bridge/br_device.c @@ -430,6 +430,10 @@ static int br_fill_forward_path(struct net_device_path_ctx *ctx, case DEV_PATH_BR_VLAN_UNTAG: ctx->num_vlans--; break; + case DEV_PATH_BR_VLAN_KEEP_HW: + if (!src) + path->bridge.vlan_mode = DEV_PATH_BR_VLAN_KEEP; + break; case DEV_PATH_BR_VLAN_KEEP: break; } diff --git a/net/bridge/br_vlan.c b/net/bridge/br_vlan.c index 3e50adaf8e1b..8ac1a7a22b2e 100644 --- a/net/bridge/br_vlan.c +++ b/net/bridge/br_vlan.c @@ -1494,13 +1494,17 @@ int br_vlan_fill_forward_path_mode(struct net_bridge *br, if (!(v->flags & BRIDGE_VLAN_INFO_UNTAGGED)) return 0; - if (path->bridge.vlan_mode == DEV_PATH_BR_VLAN_TAG) - path->bridge.vlan_mode = DEV_PATH_BR_VLAN_KEEP; - else if (v->priv_flags & BR_VLFLAG_TAGGING_BY_SWITCHDEV) - path->bridge.vlan_mode = DEV_PATH_BR_VLAN_UNTAG_HW; - else - path->bridge.vlan_mode = DEV_PATH_BR_VLAN_UNTAG; - + if (path->bridge.vlan_mode == DEV_PATH_BR_VLAN_TAG) { + if (v->priv_flags & BR_VLFLAG_TAGGING_BY_SWITCHDEV) + path->bridge.vlan_mode = DEV_PATH_BR_VLAN_KEEP_HW; + else + path->bridge.vlan_mode = DEV_PATH_BR_VLAN_KEEP; + } else { + if (v->priv_flags & BR_VLFLAG_TAGGING_BY_SWITCHDEV) + path->bridge.vlan_mode = DEV_PATH_BR_VLAN_UNTAG_HW; + else + path->bridge.vlan_mode = DEV_PATH_BR_VLAN_UNTAG; + } return 0; } diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index 387e5574c31f..ed0e9b499971 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -149,6 +149,9 @@ static void nft_dev_path_info(const struct net_device_path_stack *stack, case DEV_PATH_BR_VLAN_UNTAG_HW: info->ingress_vlans |= BIT(info->num_encaps - 1); break; + case DEV_PATH_BR_VLAN_KEEP_HW: + info->ingress_vlans |= BIT(info->num_encaps); + fallthrough; case DEV_PATH_BR_VLAN_TAG: info->encap[info->num_encaps].id = path->bridge.vlan_id; info->encap[info->num_encaps].proto = path->bridge.vlan_proto; From patchwork Tue Jan 7 09:05:30 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13928508 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-ed1-f50.google.com (mail-ed1-f50.google.com [209.85.208.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1C7171E3775; Tue, 7 Jan 2025 09:06:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.50 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736240785; cv=none; b=bq6YS9/logu5/9CcYO/4Vh/0O6jfCGsUD4DpjWyHrBBPqKR+g8+ME4eMFI0vusn4yFhBknNbyuy53Jn8/ytcEpTlOGYQcKL6Ri+0S1p6ByGE2pMdAPCZktIX9RDEqzvhyFLPp3Rff7Z4/bz18DdZOW1A9COnPHjiyVCLMTKsrOA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736240785; c=relaxed/simple; bh=53JGUH2pR8oX8Xp8+Xw+36LGxxviOGdtjx+fvNsDyms=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=u/94Zai9q3YyQO+mTdH4jonpVEnH94+JgjFP6jmLBaawB4987WW0cBACutGecftCBnahkIwx7Db7rcgIY54op0ZTkdFMqLKrS78R25MXJT7yAC9lRyCC77kg2J9wsqQnLW+c8nOY5blipDjS/6epKH0atIw4zlcSP3mwZw2tXik= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=eunsjwsK; arc=none smtp.client-ip=209.85.208.50 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="eunsjwsK" Received: by mail-ed1-f50.google.com with SMTP id 4fb4d7f45d1cf-5d90a5581fcso8268425a12.1; Tue, 07 Jan 2025 01:06:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1736240781; x=1736845581; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=kjMfgZPTOt1wzklPxYQo1KoCry3saUouaCrKRGjXlrM=; b=eunsjwsKK+0zNsMZzTNQuxY5ebbVEe5Ex62rOp4WFXdJHqEekueMwhUuuo3ZExCmPS P4tjzlHvQNhAVPZ8TTqaoq0HazIdifsojT7FWoUse9SodCuD/k9JI9gY2AN3/Q9xrQgP oGOW54QWWsEd5idCx+QIre2SGSZGWt2QKv4r+iCXwTHqx5maj/RhvY6GwOIHHigzM1u2 c+SHgK85tAYrbLNru7ifOhzHd2tEzcmKXULVY7tXsGVGzxuE+hy68ViotWIjYE58+vVV izoF2j9sLwJkIN8lgGYguDAFSMdtnqYZOuz6oC77Be3y2h0g0icY57sAboIvurj2JG0I Lntw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736240781; x=1736845581; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=kjMfgZPTOt1wzklPxYQo1KoCry3saUouaCrKRGjXlrM=; b=spUUPaRnzuI1m3Ur9KOI+MJMXPWAmfUFTFULkGxAiM7cjviOvqWLvQsRHfKF/9tIzQ q5Svd14fDZW0EtiSjNJa9YdqycRdAQk35ykX1XYayct7a4JSwalnBKAsFFjVRhszhtg4 DyDOh4ONMuI6xpvIohJiI49H3k/Ydzk9qIdn8Lx24bx1dN7rgxVHJ5fnU0CM2E6r2Aqy 9rNU50Ls3H45th5WObLuD2XKFR4q+xugmkWy7GD82JgCpmfUty0mkVEiD+ZdykZkLR8A BlnxA22Ohfdkinyn9DuV5zdGJoqyT9a0VwdvlssPGSyZYj13BY7hZRBzmcby3t7D3je1 E1bQ== X-Forwarded-Encrypted: i=1; AJvYcCVx5kfkKahtTHPLDOGfIasgcdZ08fD6S+ZIyS9q4T/gJXJ5UX3YM+E2eqsRHfEFb+Rika2OawjbjkrMwGF5GHTp@vger.kernel.org, AJvYcCX+92CWNCfec+BNbxBoS+6bEEOGI/R3Xvwhw/ffXlp7KRR6YLUFKOqI0BBIHyXZ9T8IjOVEbXr+V9rJoA8=@vger.kernel.org X-Gm-Message-State: AOJu0YzKsfwBSNsvX0tWZkId/LZbHj+pC3k6Y1mclEzKWlF08L1olpZ9 RHldsHgVC76HxwqDYKT4n+g4pXIjyQp83XinHbdfWreuznbCrnlG X-Gm-Gg: ASbGncvpesD5sdmZxcrP+kp37YQFHVLXhv68BtbDZ5mRSAMxILSeQ4b9Piy1MFgsY91 22CSZGPmCpovJwH8l+Mg87vkr94WE6tXwlYm9e8VuFt9JciEuVOXvg2/JR6JNMHcGLZCpV5yq9g uWntsPoSCsNFehUeCpz1QYRCu10eCsBQCKoAjgWtfz0r8moDFK941n+5jzKvb0+maNbr4sJVTQ7 94pL5gIDUaOF4cPywzJy5+D8TU00/S1xAPYcyF0NdrknAYNjXxw/uh6UdIxSDntlKzrEySNYy5x 4ji9Eoa2e+MhKod9P31UlwhuhfUPiRLFHL8UZPVRGgBulRX4TEJQYw0l/AK9YOKoXPwYxQGiGw= = X-Google-Smtp-Source: AGHT+IEZgOPUuG7xbszfCT298CU/i252/FBQIVsTD95aponqU63zDuW03UcIkUyIYtVMFWqIiCMCcQ== X-Received: by 2002:a05:6402:26c3:b0:5d6:37e9:8a93 with SMTP id 4fb4d7f45d1cf-5d81dd5e95amr53938837a12.2.1736240781203; Tue, 07 Jan 2025 01:06:21 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5d80676f3f9sm24005333a12.23.2025.01.07.01.06.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Jan 2025 01:06:19 -0800 (PST) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Andrew Lunn , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , David Ahern , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH v4 net-next 13/13] netfilter: nft_flow_offload: Add bridgeflow to nft_flow_offload_eval() Date: Tue, 7 Jan 2025 10:05:30 +0100 Message-ID: <20250107090530.5035-14-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250107090530.5035-1-ericwouds@gmail.com> References: <20250107090530.5035-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org Edit nft_flow_offload_eval() to make it possible to handle a flowtable of the nft bridge family. Use nft_flow_offload_bridge_init() to fill the flow tuples. It uses nft_dev_fill_bridge_path() in each direction. Signed-off-by: Eric Woudstra --- net/netfilter/nft_flow_offload.c | 144 +++++++++++++++++++++++++++++-- 1 file changed, 139 insertions(+), 5 deletions(-) diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index ed0e9b499971..b17a3ef79852 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -196,6 +196,131 @@ static bool nft_flowtable_find_dev(const struct net_device *dev, return found; } +static int nft_dev_fill_bridge_path(struct flow_offload *flow, + struct nft_flowtable *ft, + const struct nft_pktinfo *pkt, + enum ip_conntrack_dir dir, + const struct net_device *src_dev, + const struct net_device *dst_dev, + unsigned char *src_ha, + unsigned char *dst_ha) +{ + struct flow_offload_tuple_rhash *th = flow->tuplehash; + struct net_device_path_stack stack; + struct net_device_path_ctx ctx = {}; + struct nft_forward_info info = {}; + int i, j = 0; + + for (i = th[dir].tuple.encap_num - 1; i >= 0 ; i--) { + if (info.num_encaps >= NF_FLOW_TABLE_ENCAP_MAX) + return -1; + + if (th[dir].tuple.in_vlan_ingress & BIT(i)) + continue; + + info.encap[info.num_encaps].id = th[dir].tuple.encap[i].id; + info.encap[info.num_encaps].proto = th[dir].tuple.encap[i].proto; + info.num_encaps++; + + if (th[dir].tuple.encap[i].proto == htons(ETH_P_PPP_SES)) + continue; + + if (ctx.num_vlans >= NET_DEVICE_PATH_VLAN_MAX) + return -1; + ctx.vlan[ctx.num_vlans].id = th[dir].tuple.encap[i].id; + ctx.vlan[ctx.num_vlans].proto = th[dir].tuple.encap[i].proto; + ctx.num_vlans++; + } + ctx.dev = src_dev; + ether_addr_copy(ctx.daddr, dst_ha); + + if (dev_fill_bridge_path(&ctx, &stack) < 0) + return -1; + + nft_dev_path_info(&stack, &info, dst_ha, &ft->data); + + if (!info.indev || info.indev != dst_dev) + return -1; + + th[!dir].tuple.iifidx = info.indev->ifindex; + for (i = info.num_encaps - 1; i >= 0; i--) { + th[!dir].tuple.encap[j].id = info.encap[i].id; + th[!dir].tuple.encap[j].proto = info.encap[i].proto; + if (info.ingress_vlans & BIT(i)) + th[!dir].tuple.in_vlan_ingress |= BIT(j); + j++; + } + th[!dir].tuple.encap_num = info.num_encaps; + + th[dir].tuple.mtu = dst_dev->mtu; + ether_addr_copy(th[dir].tuple.out.h_source, src_ha); + ether_addr_copy(th[dir].tuple.out.h_dest, dst_ha); + th[dir].tuple.out.ifidx = info.outdev->ifindex; + th[dir].tuple.out.hw_ifidx = info.hw_outdev->ifindex; + th[dir].tuple.xmit_type = FLOW_OFFLOAD_XMIT_DIRECT; + + return 0; +} + +static int nft_flow_offload_bridge_init(struct flow_offload *flow, + const struct nft_pktinfo *pkt, + enum ip_conntrack_dir dir, + struct nft_flowtable *ft) +{ + struct ethhdr *eth = eth_hdr(pkt->skb); + struct flow_offload_tuple *tuple; + const struct net_device *out_dev; + const struct net_device *in_dev; + struct pppoe_hdr *phdr; + struct vlan_hdr *vhdr; + int err, i = 0; + + in_dev = nft_in(pkt); + if (!in_dev || !nft_flowtable_find_dev(in_dev, ft)) + return -1; + + out_dev = nft_out(pkt); + if (!out_dev || !nft_flowtable_find_dev(out_dev, ft)) + return -1; + + tuple = &flow->tuplehash[!dir].tuple; + + if (skb_vlan_tag_present(pkt->skb)) { + tuple->encap[i].id = skb_vlan_tag_get(pkt->skb); + tuple->encap[i].proto = pkt->skb->vlan_proto; + i++; + } + switch (pkt->skb->protocol) { + case htons(ETH_P_8021Q): + vhdr = (struct vlan_hdr *)skb_network_header(pkt->skb); + tuple->encap[i].id = ntohs(vhdr->h_vlan_TCI); + tuple->encap[i].proto = pkt->skb->protocol; + i++; + break; + case htons(ETH_P_PPP_SES): + phdr = (struct pppoe_hdr *)skb_network_header(pkt->skb); + tuple->encap[i].id = ntohs(phdr->sid); + tuple->encap[i].proto = pkt->skb->protocol; + i++; + break; + } + tuple->encap_num = i; + + err = nft_dev_fill_bridge_path(flow, ft, pkt, !dir, out_dev, in_dev, + eth->h_dest, eth->h_source); + if (err < 0) + return err; + + memset(tuple->encap, 0, sizeof(tuple->encap)); + + err = nft_dev_fill_bridge_path(flow, ft, pkt, dir, in_dev, out_dev, + eth->h_source, eth->h_dest); + if (err < 0) + return err; + + return 0; +} + static void nft_dev_forward_path(struct nf_flow_route *route, const struct nf_conn *ct, enum ip_conntrack_dir dir, @@ -306,6 +431,7 @@ static void nft_flow_offload_eval(const struct nft_expr *expr, { struct nft_flow_offload *priv = nft_expr_priv(expr); struct nf_flowtable *flowtable = &priv->flowtable->data; + bool routing = (flowtable->type->family != NFPROTO_BRIDGE); struct tcphdr _tcph, *tcph = NULL; struct nf_flow_route route = {}; enum ip_conntrack_info ctinfo; @@ -359,14 +485,20 @@ static void nft_flow_offload_eval(const struct nft_expr *expr, goto out; dir = CTINFO2DIR(ctinfo); - if (nft_flow_route(pkt, ct, &route, dir, priv->flowtable) < 0) - goto err_flow_route; + if (routing) { + if (nft_flow_route(pkt, ct, &route, dir, priv->flowtable) < 0) + goto err_flow_route; + } flow = flow_offload_alloc(ct); if (!flow) goto err_flow_alloc; - flow_offload_route_init(flow, &route); + if (routing) + flow_offload_route_init(flow, &route); + else + if (nft_flow_offload_bridge_init(flow, pkt, dir, priv->flowtable) < 0) + goto err_flow_route; if (tcph) { ct->proto.tcp.seen[0].flags |= IP_CT_TCP_FLAG_BE_LIBERAL; @@ -419,8 +551,10 @@ static void nft_flow_offload_eval(const struct nft_expr *expr, err_flow_add: flow_offload_free(flow); err_flow_alloc: - dst_release(route.tuple[dir].dst); - dst_release(route.tuple[!dir].dst); + if (routing) { + dst_release(route.tuple[dir].dst); + dst_release(route.tuple[!dir].dst); + } err_flow_route: clear_bit(IPS_OFFLOAD_BIT, &ct->status); out: