From patchwork Tue Jan 7 09:05:18 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13928511 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id ACA1CE77197 for ; Tue, 7 Jan 2025 09:08:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=Baj5jGYp4+wV8/iAbfAoST2ANmEn8FK5eb8xxUvDBwU=; b=Z0okzK3YRuq787sgxOAdZaQBA/ 7vookTTTjlFz3crI4mbXCRLBG5vBL53QFjNiC/dZV8QceQcO6VSbX9jre4Rdj15pyQFsGaLUPxERJ u0WOnxfBj3M9riVfuWH47ndpHZDpljbnOi2MJAAYuqLr6JNw6MPc1SjIE8r5hIh+M5rbS1MQxtoac Zr/3z+JtlogXH2BZzrsdHRnHjyGZOAifwQR163VylQwLrM4vxQM+begM7DB48qAl0Sp+b7SUrIKip Zbh0nVGKL2OW0ZW3fR9Gpxdz6ylGBgTnvTGN6DMhps0QhMskPeo/KsHGfN6s9QqSeY9d8bo2M7OR0 OWBx5VJw==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1tV5Zg-000000043M7-27mf; Tue, 07 Jan 2025 09:08:32 +0000 Received: from mail-ed1-x52e.google.com ([2a00:1450:4864:20::52e]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1tV5XJ-000000042Uq-1DAp; Tue, 07 Jan 2025 09:06:07 +0000 Received: by mail-ed1-x52e.google.com with SMTP id 4fb4d7f45d1cf-5d437235769so7498452a12.2; Tue, 07 Jan 2025 01:06:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1736240763; x=1736845563; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Baj5jGYp4+wV8/iAbfAoST2ANmEn8FK5eb8xxUvDBwU=; b=WLfLBooO+yKDL9V4nxHusOKISK1uOvEzVKq6wnRaVCNkJK/qRbgqNTL/uTcT/pccgC w82aZ7TIkgZGnnzozC6xXd6eOL8yjYTO5jSIMKdCAQQX2XYmXFKNSgMpSwHhCiKyQbdb 9hAmh4e5y+4Wj8fnBkkO9sNZbRtdHcjHkLSE/bP6sNEQm1d4rmUBXYAgQHsKbiIU1cH/ U7y2Gt8F/PL0mtHIhHH0+7HzAJ3dAnBTQVplAKxc/0Y4z7YYiNJQBSSZ3m1LUVEHuzEe XUL99LMRhr/5s4HTIt/tRBtQUoLUxDs1Gx+6eNDDzKj8L0LJGBW0hVTYBQ/yA+U1g6Mh ORlg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736240763; x=1736845563; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Baj5jGYp4+wV8/iAbfAoST2ANmEn8FK5eb8xxUvDBwU=; b=Q7sYjK/cxI2yJAUbTtNhZbmSjPuDehvaCu61NoUoi22M4UPUhJbAdwyUXhS2pTXsTw p/xGzEugi5kehiFGDR86D6xTNnCuAjDqcyyyG8x9F+NkARwt/ny/uTKeGDZxrig0BscR Gz84vtttJNRatr7J09X7HkujQaeySbm1gucCpJhnJWzo8onTn2U93nD23A9YBvYvOYYL ZA8hwmBhuT6xZettxEBtez+kevdbn5u3oOjxbwgbJAbOzDSZbLpj3CsiLvbXmACmcdJX qgmGtv+3hg5zKBeYncHIDEpy6pubKGc4daqgNLgnoDhF7M+jEfVY4N9DE5rbr26tw/IB lxKg== X-Forwarded-Encrypted: i=1; AJvYcCUXwKOpXkeE8itrdKUgr2u2EuxY6ymMHvjcrgAzngMEhm4MvOSmgq1wdNLddgYfuwSoD6GpHlib16m8f63bl4El@lists.infradead.org, AJvYcCXOGXUWJVo+Qvi/7K9bta4h7YRZ63rLFeQGEGFSQtBIBHDDPx2B30DDhy2U0kwE+8pvSKZt/+Cu3SyJEsLh5DI=@lists.infradead.org X-Gm-Message-State: AOJu0Yz+fTA53mZszC7KaPZ683Fps5KHE73UUF0YJO9SraacT/SWOtfl F5c1ZcYAZbBe2mMv2cpw0ym1pSLiq5h67qR7UoRdFvi7qs1qq86P X-Gm-Gg: ASbGncsZ34PMdEqM8dHXWF1xMGY0xjWvOZWGrVPyTDlD2fZh8hJXrUCH1DakWHaxCNV THhaNj31kXrnKNmk2llZy8VagFtsDX9ffBLmoZnN2+ZvfWR45hQBRt01DpTYnGwQYM8Bi6poN6F MIcG+nbuxwIWSsJtoUHwb3FOIUc3xW3lELPVgd93esA88bSgKtoqjkI5pj8RaWl+L+5r8rYF4yy WlxC1ZN0WYJtVBYQpWk2UuFXzBZsYYTtSMmTvJqvJEErDBgZF6WYhLfL1V7EYl1N7PZdP84N3ik pI+WJR+8M+K8HheFxKCVgj1nA2gBxqkhPU35wIbwMI200MTA5ytMN3P4TgsjuTitAHel9PfgKA= = X-Google-Smtp-Source: AGHT+IGihPZMtS/7pXngAOgxYVuDDIwJt5WjccXPIqnlanSAU8Lk5fvkBSWIEuChNszzwsLuG6qs6Q== X-Received: by 2002:a05:6402:5253:b0:5d0:aa2d:6eee with SMTP id 4fb4d7f45d1cf-5d81ddf7fb6mr57942245a12.26.1736240762612; Tue, 07 Jan 2025 01:06:02 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5d80676f3f9sm24005333a12.23.2025.01.07.01.06.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Jan 2025 01:06:02 -0800 (PST) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Andrew Lunn , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , David Ahern , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH v4 net-next 01/13] netfilter: nf_flow_table_offload: Add nf_flow_encap_push() for xmit direct Date: Tue, 7 Jan 2025 10:05:18 +0100 Message-ID: <20250107090530.5035-2-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250107090530.5035-1-ericwouds@gmail.com> References: <20250107090530.5035-1-ericwouds@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250107_010605_328615_1F253E00 X-CRM114-Status: GOOD ( 19.84 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Loosely based on wenxu's patches: "nf_flow_table_offload: offload the vlan/PPPoE encap in the flowtable". Fixed double vlan and pppoe packets, almost entirely rewriting the patch. After this patch, it is possible to transmit packets in the fastpath with outgoing encaps, without using vlan- and/or pppoe-devices. This makes it possible to use more different kinds of network setups. For example, when bridge tagging is used to egress vlan tagged packets using the forward fastpath. Another example is passing 802.1q tagged packets through a bridge using the bridge fastpath. This also makes the software fastpath process more similar to the hardware offloaded fastpath process, where encaps are also pushed. After applying this patch, always info->outdev = info->hw_outdev, so the netfilter code can be further cleaned up by removing: * hw_outdev from struct nft_forward_info * out.hw_ifindex from struct nf_flow_route * out.hw_ifidx from struct flow_offload_tuple Signed-off-by: Eric Woudstra --- net/netfilter/nf_flow_table_ip.c | 96 +++++++++++++++++++++++++++++++- net/netfilter/nft_flow_offload.c | 6 +- 2 files changed, 96 insertions(+), 6 deletions(-) diff --git a/net/netfilter/nf_flow_table_ip.c b/net/netfilter/nf_flow_table_ip.c index 98edcaa37b38..290d8e10d85b 100644 --- a/net/netfilter/nf_flow_table_ip.c +++ b/net/netfilter/nf_flow_table_ip.c @@ -302,6 +302,92 @@ static bool nf_flow_skb_encap_protocol(struct sk_buff *skb, __be16 proto, return false; } +static int nf_flow_vlan_inner_push(struct sk_buff *skb, __be16 proto, u16 id) +{ + struct vlan_hdr *vhdr; + + if (skb_cow_head(skb, VLAN_HLEN)) + return -1; + + __skb_push(skb, VLAN_HLEN); + skb_reset_network_header(skb); + + vhdr = (struct vlan_hdr *)(skb->data); + vhdr->h_vlan_TCI = htons(id); + vhdr->h_vlan_encapsulated_proto = skb->protocol; + skb->protocol = proto; + + return 0; +} + +static int nf_flow_ppoe_push(struct sk_buff *skb, u16 id) +{ + struct ppp_hdr { + struct pppoe_hdr hdr; + __be16 proto; + } *ph; + int data_len = skb->len + 2; + __be16 proto; + + if (skb_cow_head(skb, PPPOE_SES_HLEN)) + return -1; + + if (skb->protocol == htons(ETH_P_IP)) + proto = htons(PPP_IP); + else if (skb->protocol == htons(ETH_P_IPV6)) + proto = htons(PPP_IPV6); + else + return -1; + + __skb_push(skb, PPPOE_SES_HLEN); + skb_reset_network_header(skb); + + ph = (struct ppp_hdr *)(skb->data); + ph->hdr.ver = 1; + ph->hdr.type = 1; + ph->hdr.code = 0; + ph->hdr.sid = htons(id); + ph->hdr.length = htons(data_len); + ph->proto = proto; + skb->protocol = htons(ETH_P_PPP_SES); + + return 0; +} + +static int nf_flow_encap_push(struct sk_buff *skb, + struct flow_offload_tuple_rhash *tuplehash, + unsigned short *type) +{ + int i = 0, ret = 0; + + if (!tuplehash->tuple.encap_num) + return 0; + + if (tuplehash->tuple.encap[i].proto == htons(ETH_P_8021Q) || + tuplehash->tuple.encap[i].proto == htons(ETH_P_8021AD)) { + __vlan_hwaccel_put_tag(skb, tuplehash->tuple.encap[i].proto, + tuplehash->tuple.encap[i].id); + i++; + if (i >= tuplehash->tuple.encap_num) + return 0; + } + + switch (tuplehash->tuple.encap[i].proto) { + case htons(ETH_P_8021Q): + *type = ETH_P_8021Q; + ret = nf_flow_vlan_inner_push(skb, + tuplehash->tuple.encap[i].proto, + tuplehash->tuple.encap[i].id); + break; + case htons(ETH_P_PPP_SES): + *type = ETH_P_PPP_SES; + ret = nf_flow_ppoe_push(skb, + tuplehash->tuple.encap[i].id); + break; + } + return ret; +} + static void nf_flow_encap_pop(struct sk_buff *skb, struct flow_offload_tuple_rhash *tuplehash) { @@ -331,6 +417,7 @@ static void nf_flow_encap_pop(struct sk_buff *skb, static unsigned int nf_flow_queue_xmit(struct net *net, struct sk_buff *skb, const struct flow_offload_tuple_rhash *tuplehash, + struct flow_offload_tuple_rhash *other_tuplehash, unsigned short type) { struct net_device *outdev; @@ -339,6 +426,9 @@ static unsigned int nf_flow_queue_xmit(struct net *net, struct sk_buff *skb, if (!outdev) return NF_DROP; + if (nf_flow_encap_push(skb, other_tuplehash, &type) < 0) + return NF_DROP; + skb->dev = outdev; dev_hard_header(skb, skb->dev, type, tuplehash->tuple.out.h_dest, tuplehash->tuple.out.h_source, skb->len); @@ -458,7 +548,8 @@ nf_flow_offload_ip_hook(void *priv, struct sk_buff *skb, ret = NF_STOLEN; break; case FLOW_OFFLOAD_XMIT_DIRECT: - ret = nf_flow_queue_xmit(state->net, skb, tuplehash, ETH_P_IP); + ret = nf_flow_queue_xmit(state->net, skb, tuplehash, + &flow->tuplehash[!dir], ETH_P_IP); if (ret == NF_DROP) flow_offload_teardown(flow); break; @@ -753,7 +844,8 @@ nf_flow_offload_ipv6_hook(void *priv, struct sk_buff *skb, ret = NF_STOLEN; break; case FLOW_OFFLOAD_XMIT_DIRECT: - ret = nf_flow_queue_xmit(state->net, skb, tuplehash, ETH_P_IPV6); + ret = nf_flow_queue_xmit(state->net, skb, tuplehash, + &flow->tuplehash[!dir], ETH_P_IPV6); if (ret == NF_DROP) flow_offload_teardown(flow); break; diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index 7b84d8d3469c..cdf1771906b8 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -124,13 +124,12 @@ static void nft_dev_path_info(const struct net_device_path_stack *stack, info->indev = NULL; break; } - if (!info->outdev) - info->outdev = path->dev; info->encap[info->num_encaps].id = path->encap.id; info->encap[info->num_encaps].proto = path->encap.proto; info->num_encaps++; if (path->type == DEV_PATH_PPPOE) memcpy(info->h_dest, path->encap.h_dest, ETH_ALEN); + info->xmit_type = FLOW_OFFLOAD_XMIT_DIRECT; break; case DEV_PATH_BRIDGE: if (is_zero_ether_addr(info->h_source)) @@ -158,8 +157,7 @@ static void nft_dev_path_info(const struct net_device_path_stack *stack, break; } } - if (!info->outdev) - info->outdev = info->indev; + info->outdev = info->indev; info->hw_outdev = info->indev; From patchwork Tue Jan 7 09:05:19 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13928516 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 4FE12E77197 for ; Tue, 7 Jan 2025 09:10:01 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=k+WwlYEDG0HLvBd8VAnV5F5MIiHlMD5bJhzWof6nBUU=; b=zTioqtDQTQs/LrNNQ+gCu5Leol f5+lDEQUJr92KckuWW+5p81woJo6DCHjZFZZQC0NpIbN6aXFciXY3dF6E+Jf8OpmJTc9wH1/hWZeP QetWdAecHWw2MhABBkcDbi+T8M/Bt2L4O/uiuK67UcrCaGruziZvk/RU2McLzJIAN3fFwKrngst23 anqRFe0gO3+C8vp+Znv8pGR8XtHwcPp73Adxf4V/sGewC7KcJ2y0V6cpMRSbOm2b7C+e06tTBd+ix zZkjD9XAyDhasIWFpsGJ+8TQPi505+tbmyd/EVnAt1PVdXqUEarAlcAHLveC3pycKxZL6oF1q6uDJ NzBKgVuw==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1tV5ar-000000043iF-25N5; Tue, 07 Jan 2025 09:09:45 +0000 Received: from mail-ed1-x533.google.com ([2a00:1450:4864:20::533]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1tV5XK-000000042VI-1qS5; Tue, 07 Jan 2025 09:06:08 +0000 Received: by mail-ed1-x533.google.com with SMTP id 4fb4d7f45d1cf-5d96944401dso412644a12.0; Tue, 07 Jan 2025 01:06:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1736240764; x=1736845564; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=k+WwlYEDG0HLvBd8VAnV5F5MIiHlMD5bJhzWof6nBUU=; b=Kv5CXnKrBXcwuKbJjSba96oL4/aDen42G6Gd5eMd9i1AsEp9F2Ib+84oPw19ncKh4a N4k1waDDHUlC/UTjuI5FyAMAsAxe45JiPP4iOslMfbiFRAJBUWANaV6uwtkAGBciNzlg /az8d3AouMzC62pPLP36M/6+wdkdufhq/bLIZOmDSBk6tuZaGfvP4OuG8O6aUTNMEF2j TN9oW+FEcydhRPCGGrjPhiKafBnZvUb93oQqbi6VSdPB85O/0DG6Fyojycoyo/xRwuJr CflZWuMkm1Su+8sr1MfSM9gD2GelSVH+JMwF/5t5pm1B8ysrjzBGqN9MUIYNiNql+yYt yHzA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736240764; x=1736845564; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=k+WwlYEDG0HLvBd8VAnV5F5MIiHlMD5bJhzWof6nBUU=; b=f/WYmLeg2psjj+nEWKU7tY5NJsNHrXK/+zg2RKNykqoXECXK2WnP1hB2IUpGX/8cHj qKUS8KpUqlX3e2u/F5pV8K8M0R2kFfdiQ4LA4qJ03k6WBrNazdH1ZxGaZlPxCpeBKL0E N0JrEi/HExIALJZ099I9ZEosQFdHVN9NT8nEuHVY3x+bI5mL1FObfMbBXEL8lA9rfwXc mRtz6AImw6J6e7BvOOfaAU8Ee2/vwxTZ0cntAA6eBTYKjQqK3mQy3Ov9AFce4m/TMGSO sgZmaYoEqH4vOUp7IAvTTb0E7/9rCDKlJ1Ny6z8W/Q0aZ4nU+NC0fb3hpDIMG5ncRmLI eyRg== X-Forwarded-Encrypted: i=1; AJvYcCXBkxhMd9LavMpWeMoRmeRXFBrM7WU1r+fNro05sXLtxVrVSyGTGhe7wI5xAFndFW4FRZEKTKToYhkVywa614vA@lists.infradead.org, AJvYcCXZE1eE3q15WwsOlEhxtFDHnRwfOvW7wupP0EohjdTs+coZ9WzT72g5ChICHz3njmn+X86iNHGenRwmr74ZL4Q=@lists.infradead.org X-Gm-Message-State: AOJu0YwKWCV0a33oR5J/Mu4MOO5LG8tuvr6Gf14Ywdmt394agMrW1cIG uKwK++OLMy+KHXmJHaWoWIgoue0GatRbz8lbwastQaXVmd5+GfCg X-Gm-Gg: ASbGncvWUBUzw3/Xw77M5EceqHIwnPWDd3Fhw95YLY+CTNSm1ni+TYmCu31pIQOFmJU ux73XK1ygi57AYWybUVcpLXVDDbeULAHHX9HMQsyUOTRrmzgjlliSD97wECfTdooNvM+i+jcnd0 r+T7+kDl0uKKlMPiLdPiPIqDxRV8BARVarzo1Z89xXBE41DHe3s5SosKy+XhuGl/B+3p6xfF7za QX3RCRqL8vvObYAZNJTm5h9C3bNxfpU2olGHDf+DHiDzVEmZahOf1gwvjRkZ3/p4WPiDH4MoN+f baKJUd4m99is/0gi5qTCYYTyGd2sBDg/P5J04HCQhT1jmMGEW3gVU984FPydNqqPLXiq8QkO3A= = X-Google-Smtp-Source: AGHT+IE84iozQuTG7YLPXSHPMUD1Jp0Hd82dBIjkAMjnqzFh19j2OWr5/GOeKdXGrKNPV87nRB5Drg== X-Received: by 2002:a05:6402:524d:b0:5d2:723c:a57e with SMTP id 4fb4d7f45d1cf-5d81ddacfeemr57802207a12.16.1736240763963; Tue, 07 Jan 2025 01:06:03 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5d80676f3f9sm24005333a12.23.2025.01.07.01.06.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Jan 2025 01:06:03 -0800 (PST) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Andrew Lunn , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , David Ahern , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH v4 net-next 02/13] netfilter: bridge: Add conntrack double vlan and pppoe Date: Tue, 7 Jan 2025 10:05:19 +0100 Message-ID: <20250107090530.5035-3-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250107090530.5035-1-ericwouds@gmail.com> References: <20250107090530.5035-1-ericwouds@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250107_010606_476903_C5F732BF X-CRM114-Status: GOOD ( 14.16 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org This adds the capability to conntrack 802.1ad, QinQ, PPPoE and PPPoE-in-Q packets that are passing a bridge. Signed-off-by: Eric Woudstra --- net/bridge/netfilter/nf_conntrack_bridge.c | 88 ++++++++++++++++++---- 1 file changed, 75 insertions(+), 13 deletions(-) diff --git a/net/bridge/netfilter/nf_conntrack_bridge.c b/net/bridge/netfilter/nf_conntrack_bridge.c index 816bb0fde718..31e2bcd71735 100644 --- a/net/bridge/netfilter/nf_conntrack_bridge.c +++ b/net/bridge/netfilter/nf_conntrack_bridge.c @@ -241,56 +241,118 @@ static unsigned int nf_ct_bridge_pre(void *priv, struct sk_buff *skb, const struct nf_hook_state *state) { struct nf_hook_state bridge_state = *state; + __be16 outer_proto, inner_proto; enum ip_conntrack_info ctinfo; + int ret, offset = 0; struct nf_conn *ct; - u32 len; - int ret; + u32 len, data_len; ct = nf_ct_get(skb, &ctinfo); if ((ct && !nf_ct_is_template(ct)) || ctinfo == IP_CT_UNTRACKED) return NF_ACCEPT; + switch (skb->protocol) { + case htons(ETH_P_PPP_SES): { + struct ppp_hdr { + struct pppoe_hdr hdr; + __be16 proto; + } *ph = (struct ppp_hdr *)(skb->data); + + data_len = ntohs(ph->hdr.length) - 2; + offset = PPPOE_SES_HLEN; + outer_proto = skb->protocol; + switch (ph->proto) { + case htons(PPP_IP): + inner_proto = htons(ETH_P_IP); + break; + case htons(PPP_IPV6): + inner_proto = htons(ETH_P_IPV6); + break; + default: + return NF_ACCEPT; + } + break; + } + case htons(ETH_P_8021Q): { + struct vlan_hdr *vhdr = (struct vlan_hdr *)(skb->data); + + data_len = 0xffffffff; + offset = VLAN_HLEN; + outer_proto = skb->protocol; + inner_proto = vhdr->h_vlan_encapsulated_proto; + break; + } + default: + data_len = 0xffffffff; + break; + } + + if (offset) { + switch (inner_proto) { + case htons(ETH_P_IP): + case htons(ETH_P_IPV6): + if (!pskb_may_pull(skb, offset)) + return NF_ACCEPT; + skb_pull_rcsum(skb, offset); + skb_reset_network_header(skb); + skb->protocol = inner_proto; + break; + default: + return NF_ACCEPT; + } + } + + ret = NF_ACCEPT; switch (skb->protocol) { case htons(ETH_P_IP): if (!pskb_may_pull(skb, sizeof(struct iphdr))) - return NF_ACCEPT; + goto do_not_track; len = skb_ip_totlen(skb); + if (data_len < len) + len = data_len; if (pskb_trim_rcsum(skb, len)) - return NF_ACCEPT; + goto do_not_track; if (nf_ct_br_ip_check(skb)) - return NF_ACCEPT; + goto do_not_track; bridge_state.pf = NFPROTO_IPV4; ret = nf_ct_br_defrag4(skb, &bridge_state); break; case htons(ETH_P_IPV6): if (!pskb_may_pull(skb, sizeof(struct ipv6hdr))) - return NF_ACCEPT; + goto do_not_track; len = sizeof(struct ipv6hdr) + ntohs(ipv6_hdr(skb)->payload_len); + if (data_len < len) + len = data_len; if (pskb_trim_rcsum(skb, len)) - return NF_ACCEPT; + goto do_not_track; if (nf_ct_br_ipv6_check(skb)) - return NF_ACCEPT; + goto do_not_track; bridge_state.pf = NFPROTO_IPV6; ret = nf_ct_br_defrag6(skb, &bridge_state); break; default: nf_ct_set(skb, NULL, IP_CT_UNTRACKED); - return NF_ACCEPT; + goto do_not_track; } - if (ret != NF_ACCEPT) - return ret; + if (ret == NF_ACCEPT) + ret = nf_conntrack_in(skb, &bridge_state); - return nf_conntrack_in(skb, &bridge_state); +do_not_track: + if (offset) { + skb_push_rcsum(skb, offset); + skb_reset_network_header(skb); + skb->protocol = outer_proto; + } + return ret; } - static unsigned int nf_ct_bridge_in(void *priv, struct sk_buff *skb, const struct nf_hook_state *state) { From patchwork Tue Jan 7 09:05:20 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13928518 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id F40B6E77197 for ; Tue, 7 Jan 2025 09:12:23 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=BKIHos904u/55jjyV61JBBioSUFkR0jZBzN6/oqpIaY=; b=CcrSw68HcZZcvwAZnBifJz/EV9 gCnDDYfFeLDJ4Vs6UN3bYtcjKTnr4VHTFwp6NVbsS6tCZc3zwArzTqpEco+8NCprVLEAGPGW+QSFb Y3Tnt0BIkaZDphjnH+ZoEX7P/8Ks6FultnMVMm1uA9jddAXS5MuI8NYlMHaCu2dLsFWFefLApxrZp pmbAAKqjjndBuxO3w+q3NxkxLgR67WCFXDwqshArl9h45fb5gUiPTCGLe2jB0W2I5aa9pHgX6QKV9 27iLfNaGW8GM9pGgPm+N6pNANKE0rhhuzGanTKf7EIn1Y8wQabQBtE1viBaJ64NYXFwWh8n2DAlRu MD4Kmc1g==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1tV5dB-000000044HT-3SdD; Tue, 07 Jan 2025 09:12:09 +0000 Received: from mail-ed1-x532.google.com ([2a00:1450:4864:20::532]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1tV5XL-000000042W9-2bo6; Tue, 07 Jan 2025 09:06:12 +0000 Received: by mail-ed1-x532.google.com with SMTP id 4fb4d7f45d1cf-5d3e8f64d5dso27508613a12.3; Tue, 07 Jan 2025 01:06:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1736240765; x=1736845565; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=BKIHos904u/55jjyV61JBBioSUFkR0jZBzN6/oqpIaY=; b=IkSSws9pSNODzjafKU+HI95Je8ABuPORPMObqiNjmZ6s3h47vL85952cShVkHGBjYX MI0T0AxChllc4qHlUz+lERAEqFiPuBgI7eOeX+r73mhdG9mAnvo1xxP1K6+e5TVweSUP XzupAbBHRHSJSPbTmBZZ1f0YOCSdgcf4JZFO62wsypSk6jyK67OG907A8BmW+wi/Bcfr T02B59Yvuf9P1O+INEemuMAcfC7kjfW8wr1PWen0HDV5nwSVxujuRtVEKxoMdt18TYKd pdM4LfLkYGg9D34cZh1Qjru2qTMq1NIIXEw+nIXNEP9hUwuJ3fqex5632RCebhVzhQIc IYLw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736240765; x=1736845565; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=BKIHos904u/55jjyV61JBBioSUFkR0jZBzN6/oqpIaY=; b=F6rxI6kb3jjNzdjZt/5PTNR4OUS/vzXxZ2wvfJezZxkZgFom4OMJQPSR0qGZMAdciZ Eord6nBs+2UHhzGTZvqJoB78Ze70MqzaYDqhEiLh1vjQvN1PqoSepiB6zXznlbCUtLOu jAIQ8MEMy9fPH7tZvtdKY+tvYKwPs6jsMh+wNIiSXKSWb5yEh3mWqCuXgUTiquMI3ro2 888L+7u3U1Ys4CumT4l+bRdfibRuy/8tGbZPPTMG76O9PC0hJSyQVxvp5usb26arcb/8 4vCNCqsdyUZbnA1yukDizJ2gZPW/MYn5rq4qOENFlJeYFSwSgYQFHI9gTCWz27K2uahK JYFg== X-Forwarded-Encrypted: i=1; AJvYcCWfzXR67nFAP5YHNLbUZloxlG+J3A234smdle0Ol2hsYW3Py+axKVF2wWVsI62+KVAsKrsEM8exDpk0xj63ZI80@lists.infradead.org, AJvYcCXTwTVHEqzPjKFK83CZ3mLIa5cgpbUSZuR+Hhxj29dzNfdRccwvgzP9eooHkitBHmfgLQwt0RnhRdE1MfanO2g=@lists.infradead.org X-Gm-Message-State: AOJu0YyqkUtEpRekdnzDjBVEz5x7EIZRjUC47OSaTMiwfIgC4oBg2cQV CGwShihLghVOSLQXFFP7cPuhc4IAcwbuLzYsO64i1dNstUASJd9J X-Gm-Gg: ASbGncvLBq3YJ6LRi3qpidflG33grC4D0T093EJw8XjcXyMsktj2owXHuP+nbbiHhRQ Gncr5GzYweQAofS2DqcSOoT9wQ1CPU3Uol/pn0bRKEURtjW/9e5eQvZ5dW0SvLsylN2SJTs+uOw 8niFf6akep/gzFCQgfQIHybwTubfJsTc+SXjEtJPnL7M4Pc/6afoc4Q9ls0pM9kmqIqxcQdVHkM d2mMWVTaPLtRnWCbMvzL2ZFECkPRBX3I7WJMMgrdCRpzIQGNEfAmSRGhbuyvQ3gqO0VwPtZGSRV 7x1WtJTELcm1m4fVkBvid7xAGlsGzfN6E0p9qApukcgygtLxbjahs1ZJ1jWMpHTzsQSQiZXvCA= = X-Google-Smtp-Source: AGHT+IF9Q6hAjeuuV+Dr+SGY25DZC7a14teg1xdkg9BFE9rkMwMad+u2nsuZglYNPKcORNXEsZ1PbA== X-Received: by 2002:a05:6402:2315:b0:5d4:320:ee66 with SMTP id 4fb4d7f45d1cf-5d81de5d419mr44287641a12.31.1736240765137; Tue, 07 Jan 2025 01:06:05 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5d80676f3f9sm24005333a12.23.2025.01.07.01.06.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Jan 2025 01:06:04 -0800 (PST) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Andrew Lunn , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , David Ahern , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH v4 net-next 03/13] netfilter: nft_chain_filter: Add bridge double vlan and pppoe Date: Tue, 7 Jan 2025 10:05:20 +0100 Message-ID: <20250107090530.5035-4-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250107090530.5035-1-ericwouds@gmail.com> References: <20250107090530.5035-1-ericwouds@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250107_010607_660172_65C807E3 X-CRM114-Status: GOOD ( 12.29 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org This adds the capability to evaluate 802.1ad, QinQ, PPPoE and PPPoE-in-Q packets in the bridge filter chain. Signed-off-by: Eric Woudstra --- net/netfilter/nft_chain_filter.c | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/net/netfilter/nft_chain_filter.c b/net/netfilter/nft_chain_filter.c index 7010541fcca6..91aa3fa43d31 100644 --- a/net/netfilter/nft_chain_filter.c +++ b/net/netfilter/nft_chain_filter.c @@ -232,11 +232,27 @@ nft_do_chain_bridge(void *priv, struct sk_buff *skb, const struct nf_hook_state *state) { + struct ethhdr *ethh = eth_hdr(skb); struct nft_pktinfo pkt; + int thoff; nft_set_pktinfo(&pkt, skb, state); - switch (eth_hdr(skb)->h_proto) { + switch (ethh->h_proto) { + case htons(ETH_P_PPP_SES): + thoff = PPPOE_SES_HLEN; + ethh += thoff; + break; + case htons(ETH_P_8021Q): + thoff = VLAN_HLEN; + ethh += thoff; + break; + default: + thoff = 0; + break; + } + + switch (ethh->h_proto) { case htons(ETH_P_IP): nft_set_pktinfo_ipv4_validate(&pkt); break; @@ -248,6 +264,8 @@ nft_do_chain_bridge(void *priv, break; } + pkt.thoff += thoff; + return nft_do_chain(&pkt, priv); } From patchwork Tue Jan 7 09:05:21 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13928517 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 10FA4E77197 for ; Tue, 7 Jan 2025 09:11:11 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=inK7YfAKbOx/gvsqH8JrlXFRxeSCmPFOnUoO4T3PkD0=; b=qS9l43pPHUG/+TnkCxgsIWaNZR Br0IP0URMNyU2kzoEN4cXByo23nWAW+n3mWpov9vClzhrZC6yaUZTaX1RXvbxKZkm14MQk/U8eO/X if+yklxqPyEwc0viDMvcxogab5BReewgPEKbK94uh7hGEAr6L3PHy48M4JOEpLDB1cY+WKbLvT6E2 R7q2gigEg74GZoZFn6xmLMmv+fQt1/l9raYYSC3cNfVYPjA8l4hQrgnydzEl+ndltN6SRYptSneot arK71+hs+bUKcMME4kD4yB9JmnsqUv1q0n01xeD7l82bLjHR6Kd8Iwz+xh6JhIWZd/5doeCGguUvQ rgVTZivg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1tV5c1-0000000442P-2IXP; Tue, 07 Jan 2025 09:10:57 +0000 Received: from mail-ej1-x62f.google.com ([2a00:1450:4864:20::62f]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1tV5XM-000000042Wt-3XZG; Tue, 07 Jan 2025 09:06:10 +0000 Received: by mail-ej1-x62f.google.com with SMTP id a640c23a62f3a-aaeec07b705so1745660266b.2; Tue, 07 Jan 2025 01:06:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1736240767; x=1736845567; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=inK7YfAKbOx/gvsqH8JrlXFRxeSCmPFOnUoO4T3PkD0=; b=BkBxx+ve8Vs2CXi7vI6FEJyIUSpnSwXBIVOwEfObaEdXdAP1culrkTAAGrI9ZgCpHw sOgSQ8RQGluySD0pnnvzFds/K7dG/SWjrKambEJRLea8ZNyHSAKQMEWQdmq4P487i6Qv SQM1N9bM24usZPWMdgizE8cRgv0fo8m3wSHhjujpL6g9nrjo0tQKt4GKBc/Xrj1B04Fo 7fB3pNBYtn891DPorEKYnx4lzV/ttvhCG0GM7k6VmuUiheEi89nVBnVoQr/BQ0tehZG5 /g1N1Iw6KQJcqH/6coWDwqXDtiI1WmqFQ5OYGOWbloPq8LLQ/GOr9cOsZo4YIHxqr3Gt vctQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736240767; x=1736845567; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=inK7YfAKbOx/gvsqH8JrlXFRxeSCmPFOnUoO4T3PkD0=; b=QOGB9zqD9JJdPWz7KfAoYdqVdRDRYk5/mO2U54rKb3yC/JSF1sY0Kc9krqcZRV3JgT sXYxVr1i8wsPwxxGJS86m1KfYrxASvfKc9LtQW3Gp359JH6AbngvtHikJzmelPEkOvXc QIcdISef1E4PCPOtTew5OZzQW+rLGbxSCyDsd3lGhPbPfiEn9LhZ/R0WPh13PLRMmy+L 9VV1az7xet9dzSx2BF9xdcMcADW2iHQp4NlYo+z0ZBvK0CDgtfRZqwbVJfuadGN2/FwY uhJ6uZJzBg3PqyKdRP0854lgGSVSRd8IwUU+1qwLqiaYMwfX6HiNabocFghySpjKd7Ah 9x9g== X-Forwarded-Encrypted: i=1; AJvYcCUv0oCp1H4Zfhja7Rv6SrmvadznMQy2XkgyN7HsvlEdLi+1OhIAIggFcwdo6Zj3M5sCou8TzxAQH1eLMeAp23w=@lists.infradead.org, AJvYcCV2CH0T+OiqCzH+X4MZ3B5MLVmO1ojxGCVzKllIpwZbL1VGDQK6zHf97A6zKE2G9wtuAsaUIlT933beUg7ZCiK1@lists.infradead.org X-Gm-Message-State: AOJu0YzB5sK2bzWxV1avnAhAJQTKM6mnRFuesenHYdYhS+uojE/p5muj GNg2TW5F8EWy+sL7ZfY54MERj4Nl5fvyI7SL/mCTdXVPTAKo6h0Q X-Gm-Gg: ASbGncs7FO/nAi+hGi1lX1KxdKuk3CtQzAc6lXAXfCIy4IJII2LZDUPuoYlr1YLjhK4 Oh0kFuxfdoy1MubruCTWzzQyfWlfVomijJPujoOfK62T555gz3e+5DLzoZz/1uqvwtYAtS15ZDG 5DpSdNqpGkzl6q+Vrj1J+elXbspmCyYHh0gMfmBWdsPaUY9V4fMQfCI0nldgY5eGVaExLx8tOj8 un53BvTuE2BrMoeEWEy9cmqTsJcuFuI0vca9Mnr+5+EsE8KmFnIFROTVm4xFEePFsRD/rhyBQ3N ByiTaRi695d4snBSBJWEzx50HcOYL7VCVFa60H0ZWmPwoQraPKWDE35cUswoikaddAMykch+Nw= = X-Google-Smtp-Source: AGHT+IHrdDy9A9gTXFzVem5TTKGvqrwcwaAGIG1kmAOtqGfBDbimoZPMTBSrG7qD5IXkUnDJ5cWKBA== X-Received: by 2002:a17:907:1c1e:b0:aab:9268:2626 with SMTP id a640c23a62f3a-aac2cf5063fmr6251574966b.25.1736240766425; Tue, 07 Jan 2025 01:06:06 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5d80676f3f9sm24005333a12.23.2025.01.07.01.06.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Jan 2025 01:06:05 -0800 (PST) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Andrew Lunn , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , David Ahern , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH v4 net-next 04/13] bridge: Add filling forward path from port to port Date: Tue, 7 Jan 2025 10:05:21 +0100 Message-ID: <20250107090530.5035-5-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250107090530.5035-1-ericwouds@gmail.com> References: <20250107090530.5035-1-ericwouds@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250107_010608_880034_92F835DA X-CRM114-Status: GOOD ( 16.54 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org If a port is passed as argument instead of the master, then: At br_fill_forward_path(): find the master and use it to fill the forward path. At br_vlan_fill_forward_path_pvid(): lookup vlan group from port instead. Signed-off-by: Eric Woudstra --- net/bridge/br_device.c | 19 ++++++++++++++----- net/bridge/br_private.h | 2 ++ net/bridge/br_vlan.c | 6 +++++- 3 files changed, 21 insertions(+), 6 deletions(-) diff --git a/net/bridge/br_device.c b/net/bridge/br_device.c index 0ab4613aa07a..c7646afc8b96 100644 --- a/net/bridge/br_device.c +++ b/net/bridge/br_device.c @@ -383,16 +383,25 @@ static int br_del_slave(struct net_device *dev, struct net_device *slave_dev) static int br_fill_forward_path(struct net_device_path_ctx *ctx, struct net_device_path *path) { + struct net_bridge_port *src, *dst; struct net_bridge_fdb_entry *f; - struct net_bridge_port *dst; struct net_bridge *br; - if (netif_is_bridge_port(ctx->dev)) - return -1; + if (netif_is_bridge_port(ctx->dev)) { + struct net_device *br_dev; + + br_dev = netdev_master_upper_dev_get_rcu((struct net_device *)ctx->dev); + if (!br_dev) + return -1; - br = netdev_priv(ctx->dev); + src = br_port_get_rcu(ctx->dev); + br = netdev_priv(br_dev); + } else { + src = NULL; + br = netdev_priv(ctx->dev); + } - br_vlan_fill_forward_path_pvid(br, ctx, path); + br_vlan_fill_forward_path_pvid(br, src, ctx, path); f = br_fdb_find_rcu(br, ctx->daddr, path->bridge.vlan_id); if (!f) diff --git a/net/bridge/br_private.h b/net/bridge/br_private.h index 29d6ec45cf41..94603c64fb63 100644 --- a/net/bridge/br_private.h +++ b/net/bridge/br_private.h @@ -1584,6 +1584,7 @@ bool br_vlan_can_enter_range(const struct net_bridge_vlan *v_curr, const struct net_bridge_vlan *range_end); void br_vlan_fill_forward_path_pvid(struct net_bridge *br, + struct net_bridge_port *p, struct net_device_path_ctx *ctx, struct net_device_path *path); int br_vlan_fill_forward_path_mode(struct net_bridge *br, @@ -1753,6 +1754,7 @@ static inline int nbp_get_num_vlan_infos(struct net_bridge_port *p, } static inline void br_vlan_fill_forward_path_pvid(struct net_bridge *br, + struct net_bridge_port *p, struct net_device_path_ctx *ctx, struct net_device_path *path) { diff --git a/net/bridge/br_vlan.c b/net/bridge/br_vlan.c index d9a69ec9affe..07dae3655c26 100644 --- a/net/bridge/br_vlan.c +++ b/net/bridge/br_vlan.c @@ -1441,6 +1441,7 @@ int br_vlan_get_pvid_rcu(const struct net_device *dev, u16 *p_pvid) EXPORT_SYMBOL_GPL(br_vlan_get_pvid_rcu); void br_vlan_fill_forward_path_pvid(struct net_bridge *br, + struct net_bridge_port *p, struct net_device_path_ctx *ctx, struct net_device_path *path) { @@ -1453,7 +1454,10 @@ void br_vlan_fill_forward_path_pvid(struct net_bridge *br, if (!br_opt_get(br, BROPT_VLAN_ENABLED)) return; - vg = br_vlan_group(br); + if (p) + vg = nbp_vlan_group(p); + else + vg = br_vlan_group(br); if (idx >= 0 && ctx->vlan[idx].proto == br->vlan_proto) { From patchwork Tue Jan 7 09:05:22 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13928519 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 1AB23E77197 for ; Tue, 7 Jan 2025 09:13:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=Nrwgi24+JwpSHmI0m5MVBAM3u5qvCwn+TDjEgeV2UcI=; b=cWifbACtHPyp6qxzY40xwo7v+/ TuQEFZHJ0D5qv8mcpjgbDog2TJJ85PYtz4KINgg3CDohayaBCQeoDD+uISJtoYSU+GFlu7nx1gRQw dCXYKh2gf6D2b9ipgPcBC+4dRqofRYqMv2jRmUh+wua5SXIRoUFhzq7Nx8fFz6QLfioBTUZvdqjPv Tjt4rOu1YWqz7dwdjZ+44UwjwCTnuI24xbr82I6p/hy/tLO5kKLp/wx5qTXtjXMvsWYoyEx2ie2rZ v3dHaZsUlqGsjuyKPfAi3NHv/YZwVmzTxxX3vU9WcHCJWDXCtIKRct2nXHjHfeN3I5Wo7bKCWey1v +f0I56Wg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1tV5eL-000000044R9-34Ds; Tue, 07 Jan 2025 09:13:21 +0000 Received: from mail-ed1-x531.google.com ([2a00:1450:4864:20::531]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1tV5XO-000000042YM-47oB; Tue, 07 Jan 2025 09:06:14 +0000 Received: by mail-ed1-x531.google.com with SMTP id 4fb4d7f45d1cf-5d3d479b1e6so21924144a12.2; Tue, 07 Jan 2025 01:06:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1736240769; x=1736845569; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Nrwgi24+JwpSHmI0m5MVBAM3u5qvCwn+TDjEgeV2UcI=; b=Ld4S2bSOhxNVBAEUfZJmC6Wth4/2+2Mj3CjzgL+PKz84SEcddFpxeBywyeI1kEZaaL L/xmAGcu/hUBhGrglDbJ7DOcaaGduRkr5NnbHZ01p8aMtb/pvQVmaHzyzTJ0CpcCvWwT WoxuRq/vQ/r8tlmp+s1Awat9dFEKrTR4LoEazvGx9SwD7MfRb/4E8UFaq9KHE3f2tW9E 710tOQuWfK1VdY85MEyBl6MAZaSNPSFi7Nx6hAzHyS2pLxZwXw7FszyEiwMZGg21iJ0R 5GA/vQ6nhvXlUus+eIST7uv7yUr0dKSOOiVDFhLyOr9EAARVblbuTArF9KPe+Xc4tfVN /q1A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736240769; x=1736845569; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Nrwgi24+JwpSHmI0m5MVBAM3u5qvCwn+TDjEgeV2UcI=; b=LWUuHr0ZFTNLiVctII4hqDR4KIj3BP8mQMSylmJFJPuDtU7GNxR/nav4EgXdUGEBWG zJYfA1rVzwwWrkfht4IHgq/K1BH057Eeax4yJgqeBgY4cJakXwVPkuKVqwsT8561/qd7 mqsocVfaqisVFAxT2D1Q2ohglwZ4vVn+0MDgJ9+Ap0RWSt0al1NBkXUDK5SQMwbMeMsM anUI9XZzDB55rMsoyDtM7p9OS5eY7W/1iW/RFQ+gmRXS3Rpz6ryPY4UXeK0z07UjZ6PS s+/SXixbSwup0bCV5fwHuecuQKYHrrMPLkZuEpDQziGtraYPH3Cw3H0b/0jHpC7Hej3J ZtAg== X-Forwarded-Encrypted: i=1; AJvYcCUfKLPQm1kWV6CL83QDoU4SW6z6NwAsD4FOIvyS4J20ZsmnCXVlun9gUFWdRoXgUaOGBR1fwojQ3Y0hDed8Yvun@lists.infradead.org, AJvYcCW/kpKoORxmfs3ZFHCDtDDr35UwXU6v5aghtU0V/ptshZ03TSbacy/gUYCt+BuE26tYSHgYKY1M2gvoHeZFIec=@lists.infradead.org X-Gm-Message-State: AOJu0YwjVsl1FXKXL3OMdyyw+vcjgkfNdFpzppFUsIoArR31vjeA8yjE PfIzq4XU8q8CkoVwcfoRctdRiR6bA3UvUTkkbXJMTpvmXeOeeYyA X-Gm-Gg: ASbGncvedF3jsm7qhoMLG+x3KrwS77q37+f2zAXCLzE+q+XgWfEwuZ1NMemuULbVlOi VuT4owzcw3ZVeUQMpaaTRoC/T8wygWKzV9iuU/7RuaXzDWCXnMgu9zrSnNZDl/Nzx8Z322nKDln 0aoGGOpyErI1/TAKlKt53O6+TspA5nU9ZgRyaA43JZlheNOZVQgCvUAvVfEymWZM2Xr4jdoq3HN J0YTV7U94oD0/b3/sdkSsJqT6Q/GY1cERZET162k46Wn/aZ1SDdeJDIC9dKQKJ0afOoD0AJ/GTU Ob0qneXMSq1B3U1Q7OMI2MYIsq0K/w5pQvuJSPojJDgiU4ujo1NQaRaMzXVRZ45fSGqMuXD0bQ= = X-Google-Smtp-Source: AGHT+IGuixhYjL4SuyghMfzPKIs9WMN7N2be7FgjYC3LBKQ+ZlOzUPBDz9qqDNyF0KSv3KcGoiKbCA== X-Received: by 2002:a05:6402:40c9:b0:5d1:1064:326a with SMTP id 4fb4d7f45d1cf-5d81ddbf672mr139428959a12.15.1736240768590; Tue, 07 Jan 2025 01:06:08 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5d80676f3f9sm24005333a12.23.2025.01.07.01.06.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Jan 2025 01:06:07 -0800 (PST) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Andrew Lunn , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , David Ahern , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH v4 net-next 05/13] net: core: dev: Add dev_fill_bridge_path() Date: Tue, 7 Jan 2025 10:05:22 +0100 Message-ID: <20250107090530.5035-6-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250107090530.5035-1-ericwouds@gmail.com> References: <20250107090530.5035-1-ericwouds@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250107_010611_036263_48B7501C X-CRM114-Status: GOOD ( 17.28 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org New function dev_fill_bridge_path(), similar to dev_fill_forward_path(). It handles starting from a bridge port instead of the bridge master. The structures ctx and nft_forward_info need to be already filled in with the (vlan) encaps. Signed-off-by: Eric Woudstra --- include/linux/netdevice.h | 2 ++ net/core/dev.c | 66 +++++++++++++++++++++++++++++++-------- 2 files changed, 55 insertions(+), 13 deletions(-) diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h index 2593019ad5b1..7d66a73b880c 100644 --- a/include/linux/netdevice.h +++ b/include/linux/netdevice.h @@ -3187,6 +3187,8 @@ void dev_remove_offload(struct packet_offload *po); int dev_get_iflink(const struct net_device *dev); int dev_fill_metadata_dst(struct net_device *dev, struct sk_buff *skb); +int dev_fill_bridge_path(struct net_device_path_ctx *ctx, + struct net_device_path_stack *stack); int dev_fill_forward_path(const struct net_device *dev, const u8 *daddr, struct net_device_path_stack *stack); struct net_device *__dev_get_by_flags(struct net *net, unsigned short flags, diff --git a/net/core/dev.c b/net/core/dev.c index e7223972b9aa..f41b159ee9c5 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -713,44 +713,84 @@ static struct net_device_path *dev_fwd_path(struct net_device_path_stack *stack) return &stack->path[k]; } -int dev_fill_forward_path(const struct net_device *dev, const u8 *daddr, - struct net_device_path_stack *stack) +static int dev_fill_forward_path_common(struct net_device_path_ctx *ctx, + struct net_device_path_stack *stack) { const struct net_device *last_dev; - struct net_device_path_ctx ctx = { - .dev = dev, - }; struct net_device_path *path; int ret = 0; - memcpy(ctx.daddr, daddr, sizeof(ctx.daddr)); - stack->num_paths = 0; - while (ctx.dev && ctx.dev->netdev_ops->ndo_fill_forward_path) { - last_dev = ctx.dev; + while (ctx->dev && ctx->dev->netdev_ops->ndo_fill_forward_path) { + last_dev = ctx->dev; path = dev_fwd_path(stack); if (!path) return -1; memset(path, 0, sizeof(struct net_device_path)); - ret = ctx.dev->netdev_ops->ndo_fill_forward_path(&ctx, path); + ret = ctx->dev->netdev_ops->ndo_fill_forward_path(ctx, path); if (ret < 0) return -1; - if (WARN_ON_ONCE(last_dev == ctx.dev)) + if (WARN_ON_ONCE(last_dev == ctx->dev)) return -1; } - if (!ctx.dev) + if (!ctx->dev) return ret; path = dev_fwd_path(stack); if (!path) return -1; path->type = DEV_PATH_ETHERNET; - path->dev = ctx.dev; + path->dev = ctx->dev; return ret; } + +int dev_fill_bridge_path(struct net_device_path_ctx *ctx, + struct net_device_path_stack *stack) +{ + const struct net_device *last_dev, *br_dev; + struct net_device_path *path; + + stack->num_paths = 0; + + if (!ctx->dev || !netif_is_bridge_port(ctx->dev)) + return -1; + + br_dev = netdev_master_upper_dev_get_rcu((struct net_device *)ctx->dev); + if (!br_dev || !br_dev->netdev_ops->ndo_fill_forward_path) + return -1; + + last_dev = ctx->dev; + path = dev_fwd_path(stack); + if (!path) + return -1; + + memset(path, 0, sizeof(struct net_device_path)); + if (br_dev->netdev_ops->ndo_fill_forward_path(ctx, path) < 0) + return -1; + + if (!ctx->dev || WARN_ON_ONCE(last_dev == ctx->dev)) + return -1; + + return dev_fill_forward_path_common(ctx, stack); +} +EXPORT_SYMBOL_GPL(dev_fill_bridge_path); + +int dev_fill_forward_path(const struct net_device *dev, const u8 *daddr, + struct net_device_path_stack *stack) +{ + struct net_device_path_ctx ctx = { + .dev = dev, + }; + + memcpy(ctx.daddr, daddr, sizeof(ctx.daddr)); + + stack->num_paths = 0; + + return dev_fill_forward_path_common(&ctx, stack); +} EXPORT_SYMBOL_GPL(dev_fill_forward_path); /** From patchwork Tue Jan 7 09:05:23 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13928527 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id CC348E77197 for ; Tue, 7 Jan 2025 09:14:47 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=0IPV+/btLneRoSo5HiyXyxa4AsB3fEttv56AKWcCbic=; b=otM+68YGgndjDR63xbN6ZN5Z/C zu+Weea9py0JUgIgXWh4zOV8Ap2tb9kvVvYeF94zuUJ2+n98srvF1uKGAe09JQCKSuspvDmU4+RZ2 i3yu/FFiuhr9Ylu0S06T3LFaVFG/Gn0Be1d+3tIcRHBFX39tn2xlXk+ljD9BTgnDTRZnC/NbITV5K 7cGcAxjQ8JVlFDWkBWziPch12acEgV4ia4r1PVro/IjEZjcuQ3Ui8YPJ8M2WKGSj1hdQMJxYCIoNA TC6aunszGwLojRXkN3vfs2R6wBP8ZPqhFO3Psxdjq7lB/tGBdfI9+x9evc69fJnwlnDXV06UBCPEG UV/Z/pTw==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1tV5fV-000000044cR-1VlC; Tue, 07 Jan 2025 09:14:33 +0000 Received: from mail-ed1-x529.google.com ([2a00:1450:4864:20::529]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1tV5XQ-000000042YX-0BXQ; Tue, 07 Jan 2025 09:06:15 +0000 Received: by mail-ed1-x529.google.com with SMTP id 4fb4d7f45d1cf-5d3f57582a2so28917119a12.1; Tue, 07 Jan 2025 01:06:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1736240770; x=1736845570; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=0IPV+/btLneRoSo5HiyXyxa4AsB3fEttv56AKWcCbic=; b=LUHFLIdWrQkEozWcCKCC15mP4zn7XR00xXfSrySrKp+PwxPGz37RWSi3hnRYXu79cg M4QbL2Q6hCH8yJRJf/vhh4WPikJtrjo0k8qxRCicgY9th/I3YCIZ1ZW02MpsAn36N6kS YEZStTAcrDUm74U5icsi04K7YrddqckQv7m0iT4IfClaWJN80IKzoAYhi/STkMRWrXRh EjYJqc5+Spr81nwZ81WPOaYmSSljYGwnQlifGLk8aoaYc6rt6YfuDwgM8JhxqiNcGdnG iTBOUbxnhUXoQVM4KF0rEV/KFimWiPz6S9M4+9L8fDb5CogEAz1RZJarcocoYf35e21i ZnZw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736240770; x=1736845570; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=0IPV+/btLneRoSo5HiyXyxa4AsB3fEttv56AKWcCbic=; b=pKvIeIZ4tPwCe1gZuyO6EJtanBGZtcXvoMOnddeq9HkbrQWJrUTHy028o2RlDD0guu ecSWUZ9ZTRo7mDTJK78yT14/fR/XqE/YQEArrRvY7e3HSW/Ppkv+tdsiL3VzqT7pRf9y 4uKT5DtZwYpTulM+LN7EDbHjf06d6yt9A85BsFLjZcjjw4fAgxa+GGiBHluR29bEJwAx YI3SJBU0U6oWYIX7Mtuxp3IgnHTuUdzAW7cZ3A+wg2ItFwgcvXVYoJgOUDt9wQ8TGhOb fsiofGaZOOJbVZcgwpeYD280M9L/zZzjHzXiH7zucdFb/qDX3KWFmbA93iWMaWAQxpx9 2cjQ== X-Forwarded-Encrypted: i=1; AJvYcCUTf0/HMkp1xQdvnSG2FjIEzXv+D45mY0wFiQSraLPYGvpPRiSmwaiInxteRVwCTKGqYWc3dGs+LG1ApcVh/zQ=@lists.infradead.org, AJvYcCXx4KzEbVCw3VCHR6XpAAUMG5zEx5rmStlQRQusQlDqYm/H/t/mB1Eb2B4MdeYD1YbOak8pE9n68wDF8ENc6UgK@lists.infradead.org X-Gm-Message-State: AOJu0YwX9emHyh7xBnPl9N2Uh0YovFfqk+J2PDrVDCT6fHyM5HR5PmjQ u/t9orLNLeqJnMpQbzwVM9VExPNbc3QKc0VVw6MGtDiYjRZmkERu X-Gm-Gg: ASbGnct7jMu9fvAWq2fW9tPIZtgm+0i3yxPVOX66PO4FVOnxmi/QcG/NyWMVfx7r4LB EajkACu2uZvkZysVS8JNpuSmBYfEiv5pvunA6W5IRPLIVu4GZ03rouamXO0SWloKP3rbs8k0Psc ccACxmgicMUYp2z43BgsOvTNxd5GthS6dP3iOC/jM8uw4sNNaGFiL8ZaPBM9e1jMNlG/9VhIhJG mv7r8P4sWT737H8O8OP4J3k2zR788mxGZw8Zi4PA5bw9wueHT3zPxD0cAhTLq/APF06ygOwKlMq Tm9upU1gVzyuzwnlbOXkIgsUlFqwgdAKPqPY0XrwAdv/UpxUER8OMgIXx5mR66FCw5OGN98+jA= = X-Google-Smtp-Source: AGHT+IGuwqZCeoYTDAlGotcMA4hMjnDwkRNwCsaQvYcPeOTdVvTuTBvdK5LwWWAVBu+HrkBFOHXWUg== X-Received: by 2002:a05:6402:26d1:b0:5d3:e9fd:9a16 with SMTP id 4fb4d7f45d1cf-5d95e916b32mr1930324a12.12.1736240769741; Tue, 07 Jan 2025 01:06:09 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5d80676f3f9sm24005333a12.23.2025.01.07.01.06.08 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Jan 2025 01:06:09 -0800 (PST) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Andrew Lunn , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , David Ahern , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH v4 net-next 06/13] netfilter :nf_flow_table_offload: Add nf_flow_rule_bridge() Date: Tue, 7 Jan 2025 10:05:23 +0100 Message-ID: <20250107090530.5035-7-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250107090530.5035-1-ericwouds@gmail.com> References: <20250107090530.5035-1-ericwouds@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250107_010612_081604_FAACA328 X-CRM114-Status: GOOD ( 10.84 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Add nf_flow_rule_bridge(). It only calls the common rule and adds the redirect. Signed-off-by: Eric Woudstra --- include/net/netfilter/nf_flow_table.h | 3 +++ net/netfilter/nf_flow_table_offload.c | 13 +++++++++++++ 2 files changed, 16 insertions(+) diff --git a/include/net/netfilter/nf_flow_table.h b/include/net/netfilter/nf_flow_table.h index b63d53bb9dd6..568019a3898a 100644 --- a/include/net/netfilter/nf_flow_table.h +++ b/include/net/netfilter/nf_flow_table.h @@ -341,6 +341,9 @@ void nf_flow_table_offload_flush_cleanup(struct nf_flowtable *flowtable); int nf_flow_table_offload_setup(struct nf_flowtable *flowtable, struct net_device *dev, enum flow_block_command cmd); +int nf_flow_rule_bridge(struct net *net, struct flow_offload *flow, + enum flow_offload_tuple_dir dir, + struct nf_flow_rule *flow_rule); int nf_flow_rule_route_ipv4(struct net *net, struct flow_offload *flow, enum flow_offload_tuple_dir dir, struct nf_flow_rule *flow_rule); diff --git a/net/netfilter/nf_flow_table_offload.c b/net/netfilter/nf_flow_table_offload.c index e06bc36f49fe..5543ce03a196 100644 --- a/net/netfilter/nf_flow_table_offload.c +++ b/net/netfilter/nf_flow_table_offload.c @@ -679,6 +679,19 @@ nf_flow_rule_route_common(struct net *net, const struct flow_offload *flow, return 0; } +int nf_flow_rule_bridge(struct net *net, struct flow_offload *flow, + enum flow_offload_tuple_dir dir, + struct nf_flow_rule *flow_rule) +{ + if (nf_flow_rule_route_common(net, flow, dir, flow_rule) < 0) + return -1; + + flow_offload_redirect(net, flow, dir, flow_rule); + + return 0; +} +EXPORT_SYMBOL_GPL(nf_flow_rule_bridge); + int nf_flow_rule_route_ipv4(struct net *net, struct flow_offload *flow, enum flow_offload_tuple_dir dir, struct nf_flow_rule *flow_rule) From patchwork Tue Jan 7 09:05:24 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13928528 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 8CC44E77197 for ; Tue, 7 Jan 2025 09:16:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=pk+qY6px5gG3FxqwFvW1Op3xt7LAoxtK3/4BHj1Cflg=; b=AMmzycLJLBlBCl1beTWdBkIIh6 hEB1CUUcgNes4zFAgQbVYXHzuoR6EXwmdxEfJKjm8bWlm5wZzKkFwk8ReQM2vRBAXGLK/CHGRTtRY VyX60U61MGkqhh9+Csy25t1CQYEKoJRgomNR8yMfozzGGSIZn9tM59xp2Dzg5WSwH7UkoPCe63hld 8Vuh3GLWqgLqCe2aaR4BsEoOMVlPZcBcE4hlfVpnKCy7Rr8Yn9FTM+eEZ9eE0ht1VhXpOu63xyOWr c+SKK3MMYCtDcFi2pW8aFRsaCCJGq+75v47mArClWZqVbE0ZcaZ17EXKub57/ciSKmuaMaQ0hmKZn lQrVQKBg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1tV5gf-000000044p1-2gFu; Tue, 07 Jan 2025 09:15:45 +0000 Received: from mail-ed1-x52a.google.com ([2a00:1450:4864:20::52a]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1tV5XR-000000042Zg-49l2; Tue, 07 Jan 2025 09:06:15 +0000 Received: by mail-ed1-x52a.google.com with SMTP id 4fb4d7f45d1cf-5d3e6274015so27119005a12.0; Tue, 07 Jan 2025 01:06:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1736240772; x=1736845572; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=pk+qY6px5gG3FxqwFvW1Op3xt7LAoxtK3/4BHj1Cflg=; b=JXNJ1Pnyhlhh+B22TMjdaM/c1mVt/5MIWTNxNjU9LaH0vcScLeSCHVsb2X4y3Bt/pm jeNE8N3fR2qjtJBY6xxSFbJLcRFhKEzWchVVtbUk7VDYe2+uGhh5ikWuh4D5qpSfvKCL J+g/ta94dMpTvBP5QzZtbqpGKg8g+oTS7N227TA+2O6Duzhr86N45MMqcQ81spkGrtyn VcnJbw+Ugq9p1pERrBMCagZEw/wEPfkhdrc6EYOxS9i+kRiPwYwzg/MC0T0MSCBChBiK sMPl+wsIIiPAJ9AIsKrRMFq5lld/Ps8WVt2xKWwxKmtKCQF2hVrpm8iMzSEECrC75Tea BC6g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736240772; x=1736845572; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=pk+qY6px5gG3FxqwFvW1Op3xt7LAoxtK3/4BHj1Cflg=; b=UCh0Vs8oTeMPOUVtExhn1YM0QeZ7MZpco8vKweFi3uAp3/Ha4IxMzyaBAXAequUdzE zThtcnuaa+0kg1apd54eA8kYxjJsstsy+d3DyTELvvwSR5vW3B2JVO8gGP/2FFGvl6nL hElgZB/Sw/rCcEf6mC/U3KQGxKRc0aoAUi4YFJ5KiOuozB9+0Y3WsBPtMnjhhUxYBQNi 29I8lyayV9oQWr4cqCwX2iNjYdcsQ358VDrcRHEu0Wlb8bte1HYAskpk3TatBkY5EWCl WbZxVBbyhkc9LMPIrgZIm5R/ANpZRMHEF4qqX5pXS/PFOYZXY8zxSR9QQ2SFGCaHgF9Z dV1w== X-Forwarded-Encrypted: i=1; AJvYcCU6NXeeIBQ8lg1lKCsJygIAiHeOgTb3fPSHbV8a/vIczXppFtV2lQoiWzvOO+OjcAZ9QLwLXM4/CYC9jhTQNq9U@lists.infradead.org, AJvYcCVzkhK7n5FhCQbUkG7pq7PqpvfGX0EU/HTjPU4PKnYRXiah/CmZXY4T9FBli8SVRufdb3mF+0P88Mpl4eb5fcM=@lists.infradead.org X-Gm-Message-State: AOJu0YzWdPYW4B+unwPdrj5xXgveJc5AQ1vHrTqE+uCZg4Zzl/Dkf3yi FPVZ2pDEKeAd+AjYc4CPPDqHFQwOHQaL6t0KaQN+38x+S1DaNAt2 X-Gm-Gg: ASbGncv/lVDq8le1YnXnOsSXoGCGTRQbR6lH18HXe1H/JaFKEbOZGAV6d7EH6BFfsaI O6KsZh70FsE+8ZfoTQb4m8nAkUq/2Rsx5GMO38hnOhAvQzE2kT4rxKbo/uEXoO+h3AIljhAt1hk r28sTQIGaa/Azx+0rLPHqdrm2lZ2dnOzT2QXMKQjHcYLRyuzyRQtrQqZVw5BGDgBuWeFpHi4zQ8 2NZ8RP/QfZmDb22wEZJJNunisCUE5vmNn31uvlUUnf0nv37EQt+Zyl4zr/4CyCmKkZQeFB63DXl z3Lfjyo0+/HiTQkalQiG9zFugChgWajWc6rR55UMY+Y+ffzmsQwoYVE1kCRrb5kSW8Yi/0/ovw= = X-Google-Smtp-Source: AGHT+IHcdg7P37o5nMvJ75yJzAoKxUItlEfQvHhKvQ23cSiQG4/81rp2XgnxG7pSjApH8tUEJOEr7g== X-Received: by 2002:a05:6402:35c7:b0:5d2:728f:d5f8 with SMTP id 4fb4d7f45d1cf-5d81de16998mr67591761a12.27.1736240771891; Tue, 07 Jan 2025 01:06:11 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5d80676f3f9sm24005333a12.23.2025.01.07.01.06.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Jan 2025 01:06:11 -0800 (PST) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Andrew Lunn , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , David Ahern , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH v4 net-next 07/13] netfilter: nf_flow_table_inet: Add nf_flowtable_type flowtable_bridge Date: Tue, 7 Jan 2025 10:05:24 +0100 Message-ID: <20250107090530.5035-8-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250107090530.5035-1-ericwouds@gmail.com> References: <20250107090530.5035-1-ericwouds@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250107_010614_027085_FB42868C X-CRM114-Status: GOOD ( 12.30 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org This will allow a flowtable to be added to the nft bridge family. Signed-off-by: Eric Woudstra --- net/netfilter/nf_flow_table_inet.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/net/netfilter/nf_flow_table_inet.c b/net/netfilter/nf_flow_table_inet.c index b0f199171932..80b238196f29 100644 --- a/net/netfilter/nf_flow_table_inet.c +++ b/net/netfilter/nf_flow_table_inet.c @@ -65,6 +65,16 @@ static int nf_flow_rule_route_inet(struct net *net, return err; } +static struct nf_flowtable_type flowtable_bridge = { + .family = NFPROTO_BRIDGE, + .init = nf_flow_table_init, + .setup = nf_flow_table_offload_setup, + .action = nf_flow_rule_bridge, + .free = nf_flow_table_free, + .hook = nf_flow_offload_inet_hook, + .owner = THIS_MODULE, +}; + static struct nf_flowtable_type flowtable_inet = { .family = NFPROTO_INET, .init = nf_flow_table_init, @@ -97,6 +107,7 @@ static struct nf_flowtable_type flowtable_ipv6 = { static int __init nf_flow_inet_module_init(void) { + nft_register_flowtable_type(&flowtable_bridge); nft_register_flowtable_type(&flowtable_ipv4); nft_register_flowtable_type(&flowtable_ipv6); nft_register_flowtable_type(&flowtable_inet); @@ -109,6 +120,7 @@ static void __exit nf_flow_inet_module_exit(void) nft_unregister_flowtable_type(&flowtable_inet); nft_unregister_flowtable_type(&flowtable_ipv6); nft_unregister_flowtable_type(&flowtable_ipv4); + nft_unregister_flowtable_type(&flowtable_bridge); } module_init(nf_flow_inet_module_init); @@ -118,5 +130,6 @@ MODULE_LICENSE("GPL"); MODULE_AUTHOR("Pablo Neira Ayuso "); MODULE_ALIAS_NF_FLOWTABLE(AF_INET); MODULE_ALIAS_NF_FLOWTABLE(AF_INET6); +MODULE_ALIAS_NF_FLOWTABLE(AF_BRIDGE); MODULE_ALIAS_NF_FLOWTABLE(1); /* NFPROTO_INET */ MODULE_DESCRIPTION("Netfilter flow table mixed IPv4/IPv6 module"); From patchwork Tue Jan 7 09:05:25 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13928529 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id DA611E77197 for ; Tue, 7 Jan 2025 09:17:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=dC3jhTj5HQrnKJfxc0SY/ZIZuFArZD9eLZZ+JbLbIJI=; b=JoASphrBX71biEWldGHX1gSxj+ Hf/660lVv5sRQEc0AKJpsQxOrSA6k33twsS/u39xP4eiK9jzGi/PXQIFz5PwYIWD7o1s7RXiX7Alt hdD0fb+IAXtydiJj1rqyGUA8IkWCREl1AyG6QVN5HL3OuG2bfqzVvKZKs1c4ir6IrVPJ0B9ty9Ybb 75TAEV2RUZ21I7dGSy9C7htKAONTFkpwOJ6Y/0VdZpjpBKVPdREZ7t2s4+6IRFuEpjqPOvVJXqAot JAhDtn1wecEEEi07QvbHuSD+AHojRhs3nYqyw+YVrOhOIdb6zpmIiWKPGmut1QKKRR6AI94AF+EVW XeaRymNw==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1tV5hp-0000000456j-1Urj; Tue, 07 Jan 2025 09:16:57 +0000 Received: from mail-ed1-x532.google.com ([2a00:1450:4864:20::532]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1tV5XS-000000042a6-37jS; Tue, 07 Jan 2025 09:06:15 +0000 Received: by mail-ed1-x532.google.com with SMTP id 4fb4d7f45d1cf-5d3e829ff44so30453430a12.0; Tue, 07 Jan 2025 01:06:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1736240773; x=1736845573; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=dC3jhTj5HQrnKJfxc0SY/ZIZuFArZD9eLZZ+JbLbIJI=; b=m8ytBSBil77Ch/tY2p3SO13HJtdC5XpELsL5pIh6Bc+TCyNAQRX8+8kBJsJVn583zs Zs4mBB3iZX8OqtClzTdavQ8GDzPWfjXrsyDCQNHo++rnXkMnFtbteYEoFRd3okmq+AKE SJAIkGenQXlguQkl3Jg40X5XXQb8eG/MMiWYl7kIlgOUbx9T/6XrSxuAT1paKU6gtzll GnjPDuG8tG1sxsoC6DyZNWuPDLrOFaZptEIn0rgRZD9uQcyTmgIVK6kuk73diMGQ6Aqj p/oG1C8YLsh0MJO3PWj0AD9sxI1t/Sy11hQpjRO7mXD4abMVCSWuC48N64SvGWCa3edC 2/Hg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736240773; x=1736845573; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=dC3jhTj5HQrnKJfxc0SY/ZIZuFArZD9eLZZ+JbLbIJI=; b=piWT57CC5QSw3fAUC8sVujma/ot3BY8xd3AlbHDjuWX1CxjtuBQVu8sB9x/B6IYrGF i6M/jeVdef+CPdMB6PjXr2DqZXFnwoNbmLdxOb5O91twGlLKsUEXwT8Zd530OUweSDwy BMFDRIefZ8IKK0UHJSkZV4tEuFUTuWIB4nPelfEbPMpDo/AhrcFdf8e7z2YNbWJ0/e4D jafUdmc7Vrc6B7qQE22garbjx3B2QruKxxprGD85ZAk1yeG4syOcdnfDuVwHi2F/p3IR kltjHI0o2PhDhbIkhdgbBdxrZBsPGfU9sHVN8/cQaGfHgTb8R21u6yZka/ayK254Wqqc +C+Q== X-Forwarded-Encrypted: i=1; AJvYcCUIX/Nif1YNMy0qcLbQbfjMtATtDQyrIfVPtNMJh/i35penbBfPrOOJePTtULR9PVbww+7+pwO8/SBD7ljEQVI=@lists.infradead.org, AJvYcCVdWgpK1Ss2hKJVdHDnRE2Iztpd426WjRFG0lVtVHBpKg/sLn8aVZoGFZCsv0FoRTsKYeUAIIM0I9IuVUp/xGvT@lists.infradead.org X-Gm-Message-State: AOJu0Yw5o49KAsKnKLWpedlNQioH4oOuP5JpjngKtHC8s4Dck63mTIU4 TyaKNDX6atwWS/Ac78UX6xp8GHgcPokiwHh5bcP6YEQQv1xJyiuY X-Gm-Gg: ASbGncsZH6P+1C7nDgYRm3sxSckhFCjoJINLzT0aOohiBxJUSkNwoqzMXDGJxspFmPw oW8BoWR3NdsFyEj3e39AFFW5bmdcae+kgIlIt3uwFOqboOeozs+X4ezsz1Laosmz7JIPI94sM33 75Eb9Abo3edU/6fGA3KZ5/3lQuCs4X/2egX7dmKtmYvleIXeOwUEoRrqdDjMVS1OH/sf2JwxQS8 EuHIhRiMeZ5MVWDUTe5amX7YzQ3NBEGGiwqBGbFGG0GrPnUu2ruVBjfcednVIhRG316+SpUPY+t gysGGf1vlBTmCSfG3NpZba8+0F3aqr3T5bLINlmc3V+pac6VnFbXw9W+vyWB5r/AWt9koMS06g= = X-Google-Smtp-Source: AGHT+IGPm33fBqlSag/h/JxGM9QbnBBO/F6XspmD/3+zFhonYQ/Vf8Fd540DJY6vH70es8P0d2HC8A== X-Received: by 2002:a05:6402:1f4f:b0:5d8:8292:5674 with SMTP id 4fb4d7f45d1cf-5d95e8d541dmr2197749a12.7.1736240773221; Tue, 07 Jan 2025 01:06:13 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5d80676f3f9sm24005333a12.23.2025.01.07.01.06.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Jan 2025 01:06:12 -0800 (PST) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Andrew Lunn , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , David Ahern , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH v4 net-next 08/13] netfilter: nft_flow_offload: Add NFPROTO_BRIDGE to validate Date: Tue, 7 Jan 2025 10:05:25 +0100 Message-ID: <20250107090530.5035-9-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250107090530.5035-1-ericwouds@gmail.com> References: <20250107090530.5035-1-ericwouds@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250107_010614_787273_8985D16E X-CRM114-Status: GOOD ( 11.65 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Need to add NFPROTO_BRIDGE to nft_flow_offload_validate() to support the bridge-fastpath. Signed-off-by: Eric Woudstra --- net/netfilter/nft_flow_offload.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index cdf1771906b8..cce4c5980ed5 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -421,7 +421,8 @@ static int nft_flow_offload_validate(const struct nft_ctx *ctx, if (ctx->family != NFPROTO_IPV4 && ctx->family != NFPROTO_IPV6 && - ctx->family != NFPROTO_INET) + ctx->family != NFPROTO_INET && + ctx->family != NFPROTO_BRIDGE) return -EOPNOTSUPP; return nft_chain_validate_hooks(ctx->chain, hook_mask); From patchwork Tue Jan 7 09:05:26 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13928530 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id C4077E77197 for ; Tue, 7 Jan 2025 09:18:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=XtgyJTf0nGEQy8dIgfNuKn9dKl89pMTFI5gYmniF26o=; b=S9nPS692HimSXv3ynshaJadxi7 p1kIJZglblE/nSmwzSxfz2n32qTlB/Qrn4uF7yBZ3aIAdFKqjeQp9ku+Y4bRkOw0xU9JEXXnnBgJP jwEfrhUumG0Gld4xQ2upFtfDlEHupZ4DxeXEjCu8fdrEOgrlE6/QgDZnHK2n2I5xiUeE7vh7U2wV+ 0efyP9Wqainp78abcxy+VbkSPPPMPo2JPb8ksTz7gS9fT+jE43OQupzjHammHIgtCDOT/wfCaDAYq j/lOYuqMW6bIM6rW+joj+dq2TFe4BIpgNQyJfK7B2mId3+WqMqiHfVUOl2mIpl6C43O3amZvmynOz q2IxNX7A==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1tV5iz-000000045It-19et; Tue, 07 Jan 2025 09:18:09 +0000 Received: from mail-ed1-x52c.google.com ([2a00:1450:4864:20::52c]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1tV5XU-000000042b3-06xT; Tue, 07 Jan 2025 09:06:17 +0000 Received: by mail-ed1-x52c.google.com with SMTP id 4fb4d7f45d1cf-5d3d2a30afcso28327393a12.3; Tue, 07 Jan 2025 01:06:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1736240775; x=1736845575; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=XtgyJTf0nGEQy8dIgfNuKn9dKl89pMTFI5gYmniF26o=; b=PP9GzGa1TNZIHLOHgdPlLrUYE73wNx7578Jm3utribv2D7lhCqLzx2Ymk4+/tVkFGJ /yMX9P4QLjFAtIAJpmqZ7jVQrvayB0waY+OT4cvGQ0dYQkIozKq0MpdxODWhXTlyEoug 2gVbi9xhozQbQfA+nxmVz5LqPFtsaftDnB8jv6Rgq4zG0+lyZNlKnaOapeBPMCaPt3W3 cbM96Cran8Zn/eqXRAACW2fU0SmxsqcLRspZQdKslSoBDsghptr0y4zkOL82pGoebE5h QDy56IBkfrD730Z4iehHMi4gs87Cp+RQlLdk950mrw1nslTeWNrvxCcT6rkLHiqwxU3m 5Wfg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736240775; x=1736845575; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=XtgyJTf0nGEQy8dIgfNuKn9dKl89pMTFI5gYmniF26o=; b=VUXYZh/vIttxfLOeMK69MglCCtwk8N/8RomJgPg8SGKYF5gUQZ5GliXmoZ/2aZvPre 0cdfe72GFR8W3uLjOrbKA90LgU2dtKKeVxGyffOKVN95UhiSlO/+7BO5mgZMhIc/DRc8 1yLH2YkMpygjTC2eQV0saX7DM4WaSJabqT96Jt4v5UQZ9jyp0WIDK7DV/l3hXzr3lkHn 9coomntwZAXe7dc2/KOof+hd7qIA1czMOsh3V2VI2j1PphyCamW4lNh5kuRbVSZJORxQ uwUopU373fZikdvpgs3brXtrFlvUDPH0SJdwTOeS4vJ0B3qLWSINJIwn6WAKp/SSPraJ XH8Q== X-Forwarded-Encrypted: i=1; AJvYcCU3SBJQFdPwwWH3zF6qNiTfx+onskbGeEZ/oA47FTIVyxbPiYaCpVu2+eqVDDBbw+AyvsynkoSnE6AowtAN/Vg=@lists.infradead.org, AJvYcCV49jrMsHBNmvW2SVKetmgm3XzSF3D2DULKVxNrJJc7hjuIjiRfJu4Msa1LhCZh0I6fmlGQ0cBJTqrKFkPUhuXp@lists.infradead.org X-Gm-Message-State: AOJu0YxX3bI4dxJfO0l7upIyMGj0X4bcQR0aANyUaZf21A4KwLUKZCzD gjh2nMWJNtNVt5Ta4Sd5DllsDSTuc8nPs0EF6by+gPVvXblcL78e2Z+cdXKp X-Gm-Gg: ASbGnctIynj+gAu/CjKYo3VJ6QrYjvIF0ZYfvTF74ymWVvqPqvUT7zQEC6J6PwlRIEo VIzee7YMJ3jLIcrBbZtVSMJIzL9QTzLk7W80yCt663Qpu5QOEWffcC7lRj+gZO2zxYCGtgaLovp ceaS76OZzQUgbe9oUkENdXcKlEHHXXr2wc5x+Gq9ipIEIwQGtPwOC8/owyzwiN2bydcb7ZpUY02 aFsU7vfMaohNg7FGOYtaY1qSLfoCbFeewSWjbALTFZMMocWozC2SFVsxBBJG2/lhdo9bCyZXnZL yiHO3fk8TRYNj+SNAP9gyExzFR4NFzWktyoEDI0iXiLxpEPmkHOf65I22CUFwqQZ7OmcfnPrlQ= = X-Google-Smtp-Source: AGHT+IHPxz9+uiCIXoSR9CoE/bJwFf3R4legPNbuUxKWFljvSeICAglSfIzYagTrY05Gf+jTQUtRFg== X-Received: by 2002:a50:cb8c:0:b0:5d9:a61:e7c9 with SMTP id 4fb4d7f45d1cf-5d90a61e843mr14049402a12.20.1736240774460; Tue, 07 Jan 2025 01:06:14 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5d80676f3f9sm24005333a12.23.2025.01.07.01.06.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Jan 2025 01:06:14 -0800 (PST) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Andrew Lunn , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , David Ahern , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH v4 net-next 09/13] netfilter: nft_flow_offload: Add DEV_PATH_MTK_WDMA to nft_dev_path_info() Date: Tue, 7 Jan 2025 10:05:26 +0100 Message-ID: <20250107090530.5035-10-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250107090530.5035-1-ericwouds@gmail.com> References: <20250107090530.5035-1-ericwouds@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250107_010616_065307_A78D1A21 X-CRM114-Status: GOOD ( 12.93 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org In case of using mediatek wireless, in nft_dev_fill_forward_path(), the forward path is filled, ending with mediatek wlan1. Because DEV_PATH_MTK_WDMA is unknown inside nft_dev_path_info() it returns with info.indev = NULL. Then nft_dev_forward_path() returns without setting the direct transmit parameters. This results in a neighbor transmit, and direct transmit not possible. But we want to use it for flow between bridged interfaces. So this patch adds DEV_PATH_MTK_WDMA to nft_dev_path_info() and makes direct transmission possible. Signed-off-by: Eric Woudstra --- net/netfilter/nft_flow_offload.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index cce4c5980ed5..f7c2692ff3f2 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -106,6 +106,7 @@ static void nft_dev_path_info(const struct net_device_path_stack *stack, switch (path->type) { case DEV_PATH_ETHERNET: case DEV_PATH_DSA: + case DEV_PATH_MTK_WDMA: case DEV_PATH_VLAN: case DEV_PATH_PPPOE: info->indev = path->dev; @@ -118,6 +119,10 @@ static void nft_dev_path_info(const struct net_device_path_stack *stack, i = stack->num_paths; break; } + if (path->type == DEV_PATH_MTK_WDMA) { + i = stack->num_paths; + break; + } /* DEV_PATH_VLAN and DEV_PATH_PPPOE */ if (info->num_encaps >= NF_FLOW_TABLE_ENCAP_MAX) { From patchwork Tue Jan 7 09:05:27 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13928539 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id EA6E6E77197 for ; Tue, 7 Jan 2025 09:19:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=BztZ0cfqRt9dxay4EdRKv7PmLiYD1WDU1Ehk6gLPnTE=; b=tRK1MQ/gYiI2X5ySUId7HUvTwv 1ZV7BQnJ4ZECZf2ZcCY1gpFfVhkyofbz7mAXY8WRJO2LV75hPmRUhuutaNaVGdiPe+D9vuik9ELFt jt2oAl6HgQa6eVbE7mK9B7s699EKTA/l47hrTKV2h7Mm2Ny798bOr2IAi0kbaI+ldj6SNbXhCu4KJ PepToNYA8tjjOUUDMz4LEJ4JBEEUex320q63ujVejTGaV6iRQw5SGAJ1jD903V4z1819+4wd4uG/R tjkf9wXbgcWytj3SYLJggd+2YNmqNCdcNCULlOzmDlJpB7eRsdWd20ZF50ARAz6FcxJmv75tUsnqp ZfTafq8Q==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1tV5kA-000000045Xt-0iUV; Tue, 07 Jan 2025 09:19:22 +0000 Received: from mail-ed1-x529.google.com ([2a00:1450:4864:20::529]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1tV5XW-000000042cT-0nun; Tue, 07 Jan 2025 09:06:19 +0000 Received: by mail-ed1-x529.google.com with SMTP id 4fb4d7f45d1cf-5d88c355e0dso8454659a12.0; Tue, 07 Jan 2025 01:06:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1736240777; x=1736845577; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=BztZ0cfqRt9dxay4EdRKv7PmLiYD1WDU1Ehk6gLPnTE=; b=Smn5jBAYIHm1mKfbi7RO7JeMlXoComv1GjsEYwYOGZNmf84MmHvAJPj3zMtOUptuuA X+/verSiNKjlNvHSJHDNUvhFClK6WBKH/7mfpCTuYzMqk70UlPk9V3VljMC6z8NYSBJU UwD1bs6T7qAZLwtdvx2/QrEKbsCbevFK4p6DoFw+nmT117zyt43XBy8mQqZpB6Wc1ZQW Lcs3aT2Y7cViwjWdecsALp6myXo2Y65abFioXm9sshaOfJTTZZpv9LHPp2r6j9cGAwjf dQQYX4Wf9kd1QzVmv1v00gpOmeCHZgYJzsEVnhf/P38bQBo6h6RFX8BmPNgBCPEiAXns YUDg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736240777; x=1736845577; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=BztZ0cfqRt9dxay4EdRKv7PmLiYD1WDU1Ehk6gLPnTE=; b=qD8MfzopGP7+8hdqDgeBvn7X2xPB2lIbHxPUf/DeE5B+KlvX93lycSxKE/7vbdC6MH C7uuaWE3/pjELXJc6BPA+W+Wj3HVhXNqmj1zHrsjpCNML1qCR4vdkvxzGVWZ+5dbuDCy bKOi1qt9S+Io8LT8FiEYTHprJaeMSIDu3sE9XuV5sZWox5Mnt7i5fLAy2SBartX8xMN1 +a9gv4yOnHwqcKWghdc3wz/BwGgaja8m5ph8O2c4aaXk6w1cL9qgo32SgXhdSK3h5oa5 XSwwaUjk3p80zK1JydvJQuNwzknY0Syd5Nmdz9s5nHmcD1qagryTt+9Ji2FqCnHKDzID GCHA== X-Forwarded-Encrypted: i=1; AJvYcCVZ2bl+sJ6f66VgdXjR39qpAw2ZFSQed4KdWO/YD8tV4AY5RKFE2SWZ/BEDmGgVx7eLb1YvNZVCEURPejlaIr0=@lists.infradead.org, AJvYcCVeo39KrsMfTAEXteJ7U4ziUx6ZdqRNxgos2dIkJXP0ZOl4CM7SNSk0dpEGnANGcsECruNIZnyhTmeIxxeduLh7@lists.infradead.org X-Gm-Message-State: AOJu0YzDLH8vgQ553Z8EeWrWldiTlzpB4JB/U1kHiNRCVy3SH+n0Bwzw UZvUR4scXf2IUoaviK44/0VNwo8BjjgzwfhwxHY2fOI6Bwi5vnUY X-Gm-Gg: ASbGncu/g5qahEYmLcCUt4NG4cPve5ux8AJcPihmnF+QYf5+wLm20TszsDK+TbrC67V GJFP8uHH+tCqQhC5tkzC6B1+MSfUTW4guvcv/GFFB1e4SOtizmljylbWEAAr05i3uoIE53g7bp3 /7BEzsLi4YFrBHTp/f59eqoRZWnt8hDCIvxPrq67FjJMhQkk2Ns98m977RCAdiKPU9FbFXedaxn a66SSd/9YKXgiiQvPWFvU7vEVVktG5hsd7b7swsB84NLztESHdiRuDDmS6eaINnbFX777Pnvsx5 VnxXPhaC3cOW7NWzWYWMor0VmyTSKZib3vS/EjihPssJDfxr9pGpBVDR1547UiKg/OSM6el91A= = X-Google-Smtp-Source: AGHT+IEMDL6I9+h+aUrnAuxFNluD15rn5fjLxiMza8iUCfO2DRYtl2bUPleLH8zIiEcHnLjnMReziQ== X-Received: by 2002:a05:6402:5253:b0:5d0:aa2d:6eee with SMTP id 4fb4d7f45d1cf-5d81ddf7fb6mr57943041a12.26.1736240776693; Tue, 07 Jan 2025 01:06:16 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5d80676f3f9sm24005333a12.23.2025.01.07.01.06.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Jan 2025 01:06:16 -0800 (PST) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Andrew Lunn , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , David Ahern , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH v4 net-next 10/13] netfilter: nft_flow_offload: No ingress_vlan forward info for dsa user port Date: Tue, 7 Jan 2025 10:05:27 +0100 Message-ID: <20250107090530.5035-11-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250107090530.5035-1-ericwouds@gmail.com> References: <20250107090530.5035-1-ericwouds@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250107_010618_230684_20141019 X-CRM114-Status: GOOD ( 11.25 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org The bitfield info->ingress_vlans and correcponding vlan encap are used for a switchdev user port. However, they should not be set for a dsa user port. Signed-off-by: Eric Woudstra --- net/netfilter/nft_flow_offload.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index f7c2692ff3f2..387e5574c31f 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -117,6 +117,11 @@ static void nft_dev_path_info(const struct net_device_path_stack *stack, break; if (path->type == DEV_PATH_DSA) { i = stack->num_paths; + if (!info->num_encaps || + !(info->ingress_vlans & BIT(info->num_encaps - 1))) + break; + info->num_encaps--; + info->ingress_vlans &= ~BIT(info->num_encaps - 1); break; } if (path->type == DEV_PATH_MTK_WDMA) { From patchwork Tue Jan 7 09:05:28 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13928540 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 325EDE77197 for ; Tue, 7 Jan 2025 09:21:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=c9/TvKRPWpgFkI5Z6u1yRjdyakFY+K8HugvLg1dhslU=; b=TYQCdFIqt5TWaAw8cBMHQaRgF2 Gpflrax5AEYKtaJasKm6E5fFVbGAdvgk6DNQzgx3ohR9Vi2b86RWJmmR/fm+dfWmy5BpgEN18RExh REdcdjJ0w64HSkPFicH2xQtaQ9zPIhPJDhxwSfjFHS9N9ecejm79s6wjB6lcyhg1qIbSoY3hiq3nr pR3Gb7Ey8f8dSaE5jEEm42McR17FOCChsrf9lhNDvN3xWKV4CUHlw+VNIz+M4URmBzOQP+QBWOk0H PypC3TwvLMtBQvjaTMjr9aV99HIYb8wlHJIwKiRxEhYEdX26rxPT2cSvJN5SMSP7aF4OCZV+inRro oYdsNp0g==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1tV5lT-000000045ly-0aDb; Tue, 07 Jan 2025 09:20:43 +0000 Received: from mail-ej1-x636.google.com ([2a00:1450:4864:20::636]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1tV5XY-000000042dg-0c2p; Tue, 07 Jan 2025 09:06:21 +0000 Received: by mail-ej1-x636.google.com with SMTP id a640c23a62f3a-aa67333f7d2so2236048566b.0; Tue, 07 Jan 2025 01:06:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1736240778; x=1736845578; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=c9/TvKRPWpgFkI5Z6u1yRjdyakFY+K8HugvLg1dhslU=; b=nKcUDwY6Q2L6W5/ZJEeV7JU8JZQnTBUaUNKchki8Q9fpIfE8ZxsSUhJaDjzZ7HWJnV QLu81JgIEW+QSYY7wvai054088wgDs9C7/aBbwWCSkWPmw7V/fdxi496QWuZSRN0g8sh 6WLZXDAUiU12r6Ia5qNhbyB65vpx/DOKM0CIz6ciopGP84ocbgGbAm+IbqyibrBLLBE6 Ea3GMXlOmtuKWDTp4ixdvOWvtaLM8Lk3JHOZOI8Na7dMF1wUP8zUmnkdwyTNvhG4X97P axO4IxYK/DlV58BwBr1nnCqoCVDYLwQQ9EY44NrX2PmSSs+PaGf0hScqflx7mSI+jYa0 Eh2w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736240778; x=1736845578; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=c9/TvKRPWpgFkI5Z6u1yRjdyakFY+K8HugvLg1dhslU=; b=TmWDEbK6s1iYpRLjTjHOGIEbBKBWzq/z2Z7VAS/pH9w6ltqxrpgWPqVG2rx1QRX+fL SjhWC4Jcj7DSBqndXwl2iYMtDVCbLhlnfY8jhWSSB9BAFkitIoOf1Wti6tMOUFv9A7q8 dDb7ixgpeOm0RWv0GAW2fwto24jxXHg2HeVpOsPiUbh09TAYJ18k/k8gFynVB9W6CocM xmTUcceMehLT6CeA5lthEyFoTs/v7ms2SCAcq1ULdDkohJw/d00DqZ08JnrxQc2opfqv l2JO4Gtxmx5YpwQ5/z+96uy3AYg93bcPaKBnFF0f0O5+GBoNI5Ip6cYr0vMLfxX4Fo5+ 9QfQ== X-Forwarded-Encrypted: i=1; AJvYcCULfbj1Bgav6X+iBdVFP2Nm/DYa5Mei+kh0qP2MPzpK9UKyWl3mDQYHcnHeZ6G82MA3JtCT22FJIpJNChwFqg0=@lists.infradead.org, AJvYcCWz0qELniuwBBSjXpQjKpWQlZQyPvK7LA3w+GJQlFDbaMBmtpmRmhs++2ryPU1MMnRihhATJ+7pIBxpyy1/XQiG@lists.infradead.org X-Gm-Message-State: AOJu0YzhFFNBn3LJd+ogAKM1O7N24nSPRtxIBSmeIqz2bTriJ1CRNxgQ qNBo/XUoiBOnm0Y+7g2hNCYU8aaFM3xdLByL2Vh4g9+lP9YHmITS X-Gm-Gg: ASbGncsP6vyfdHoYyIufF2V+NG9PkB/YfweRRCrzmVDWNBQlK6TBf9QTbj7WM7Cp/wZ /JltxJEwKVRp9MQ1dYS9e21RahlHmWwg/119oeW6sGlPnB44yDGv5/DGk8sXHtkAJLP1NIXCn4q 1bHGfUXgYFNxuJwM1mgR4hYWLT5P+CiBwoHoD1phqgyYBVo6D5TN44bHMhxmxQ8/2r6luB9aywz XsOgmaCPm9erCQ2uz+KGcrZbarkrrVhsR2ehx3V7JP6EpS8RX1BrVFs1xxEw0CBrQ2tEaBF6hzY o1pCwK9RWBtXYAKZH4EUj1q79J0MpKGyuof74KC05lSp9kr2g6az/BgiNC8asnetdw0k6dfvCA= = X-Google-Smtp-Source: AGHT+IHdVy6Qh1qZGtVgd8n+OJxf5iK/E+S3j6UfqiQPaQRG6QNZMxXigkGNUkGK3KdZcEdkCWqhIg== X-Received: by 2002:a17:907:9304:b0:aaf:c27e:12e9 with SMTP id a640c23a62f3a-aafc27e141emr1105602266b.14.1736240777946; Tue, 07 Jan 2025 01:06:17 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5d80676f3f9sm24005333a12.23.2025.01.07.01.06.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Jan 2025 01:06:17 -0800 (PST) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Andrew Lunn , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , David Ahern , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH v4 net-next 11/13] bridge: No DEV_PATH_BR_VLAN_UNTAG_HW for dsa foreign Date: Tue, 7 Jan 2025 10:05:28 +0100 Message-ID: <20250107090530.5035-12-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250107090530.5035-1-ericwouds@gmail.com> References: <20250107090530.5035-1-ericwouds@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250107_010620_196594_2168050A X-CRM114-Status: GOOD ( 21.84 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org In network setup as below: fastpath bypass .----------------------------------------. / \ | IP - forwarding | | / \ v | / wan ... | / | | | | | brlan.1 | | | +-------------------------------+ | | vlan 1 | | | | | | brlan (vlan-filtering) | | | +---------------+ | | | DSA-SWITCH | | | vlan 1 | | | | to | | | | untagged 1 vlan 1 | | +---------------+---------------+ . / \ ----->wlan1 lan0 . . . ^ ^ vlan 1 tagged packets untagged packets br_vlan_fill_forward_path_mode() sets DEV_PATH_BR_VLAN_UNTAG_HW when filling in from brlan.1 towards wlan1. But it should be set to DEV_PATH_BR_VLAN_UNTAG in this case. Using BR_VLFLAG_ADDED_BY_SWITCHDEV is not correct. The dsa switchdev adds it as a foreign port. The same problem for all foreignly added dsa vlans on the bridge. First add the vlan, trying only native devices. If this fails, we know this may be a vlan from a foreign device. Use BR_VLFLAG_TAGGING_BY_SWITCHDEV to make sure DEV_PATH_BR_VLAN_UNTAG_HW is set only when there if no foreign device involved. Signed-off-by: Eric Woudstra --- include/net/switchdev.h | 1 + net/bridge/br_private.h | 10 ++++++++++ net/bridge/br_switchdev.c | 15 +++++++++++++++ net/bridge/br_vlan.c | 7 ++++++- net/switchdev/switchdev.c | 2 +- 5 files changed, 33 insertions(+), 2 deletions(-) diff --git a/include/net/switchdev.h b/include/net/switchdev.h index 8346b0d29542..ee500706496b 100644 --- a/include/net/switchdev.h +++ b/include/net/switchdev.h @@ -15,6 +15,7 @@ #define SWITCHDEV_F_NO_RECURSE BIT(0) #define SWITCHDEV_F_SKIP_EOPNOTSUPP BIT(1) #define SWITCHDEV_F_DEFER BIT(2) +#define SWITCHDEV_F_NO_FOREIGN BIT(3) enum switchdev_attr_id { SWITCHDEV_ATTR_ID_UNDEFINED, diff --git a/net/bridge/br_private.h b/net/bridge/br_private.h index 94603c64fb63..f60a7bb7af26 100644 --- a/net/bridge/br_private.h +++ b/net/bridge/br_private.h @@ -180,6 +180,7 @@ enum { BR_VLFLAG_MCAST_ENABLED = BIT(2), BR_VLFLAG_GLOBAL_MCAST_ENABLED = BIT(3), BR_VLFLAG_NEIGH_SUPPRESS_ENABLED = BIT(4), + BR_VLFLAG_TAGGING_BY_SWITCHDEV = BIT(5), }; /** @@ -2184,6 +2185,8 @@ void br_switchdev_mdb_notify(struct net_device *dev, int type); int br_switchdev_port_vlan_add(struct net_device *dev, u16 vid, u16 flags, bool changed, struct netlink_ext_ack *extack); +int br_switchdev_port_vlan_no_foreign_add(struct net_device *dev, u16 vid, u16 flags, + bool changed, struct netlink_ext_ack *extack); int br_switchdev_port_vlan_del(struct net_device *dev, u16 vid); void br_switchdev_init(struct net_bridge *br); @@ -2267,6 +2270,13 @@ static inline int br_switchdev_port_vlan_add(struct net_device *dev, u16 vid, return -EOPNOTSUPP; } +static inline int br_switchdev_port_vlan_no_foreign_add(struct net_device *dev, u16 vid, + u16 flags, bool changed, + struct netlink_ext_ack *extack) +{ + return -EOPNOTSUPP; +} + static inline int br_switchdev_port_vlan_del(struct net_device *dev, u16 vid) { return -EOPNOTSUPP; diff --git a/net/bridge/br_switchdev.c b/net/bridge/br_switchdev.c index 7b41ee8740cb..efa7a055b8f9 100644 --- a/net/bridge/br_switchdev.c +++ b/net/bridge/br_switchdev.c @@ -187,6 +187,21 @@ int br_switchdev_port_vlan_add(struct net_device *dev, u16 vid, u16 flags, return switchdev_port_obj_add(dev, &v.obj, extack); } +int br_switchdev_port_vlan_no_foreign_add(struct net_device *dev, u16 vid, u16 flags, + bool changed, struct netlink_ext_ack *extack) +{ + struct switchdev_obj_port_vlan v = { + .obj.orig_dev = dev, + .obj.id = SWITCHDEV_OBJ_ID_PORT_VLAN, + .obj.flags = SWITCHDEV_F_NO_FOREIGN, + .flags = flags, + .vid = vid, + .changed = changed, + }; + + return switchdev_port_obj_add(dev, &v.obj, extack); +} + int br_switchdev_port_vlan_del(struct net_device *dev, u16 vid) { struct switchdev_obj_port_vlan v = { diff --git a/net/bridge/br_vlan.c b/net/bridge/br_vlan.c index 07dae3655c26..3e50adaf8e1b 100644 --- a/net/bridge/br_vlan.c +++ b/net/bridge/br_vlan.c @@ -109,6 +109,11 @@ static int __vlan_vid_add(struct net_device *dev, struct net_bridge *br, /* Try switchdev op first. In case it is not supported, fallback to * 8021q add. */ + err = br_switchdev_port_vlan_no_foreign_add(dev, v->vid, flags, false, extack); + if (err != -EOPNOTSUPP) { + v->priv_flags |= BR_VLFLAG_ADDED_BY_SWITCHDEV | BR_VLFLAG_TAGGING_BY_SWITCHDEV; + return err; + } err = br_switchdev_port_vlan_add(dev, v->vid, flags, false, extack); if (err == -EOPNOTSUPP) return vlan_vid_add(dev, br->vlan_proto, v->vid); @@ -1491,7 +1496,7 @@ int br_vlan_fill_forward_path_mode(struct net_bridge *br, if (path->bridge.vlan_mode == DEV_PATH_BR_VLAN_TAG) path->bridge.vlan_mode = DEV_PATH_BR_VLAN_KEEP; - else if (v->priv_flags & BR_VLFLAG_ADDED_BY_SWITCHDEV) + else if (v->priv_flags & BR_VLFLAG_TAGGING_BY_SWITCHDEV) path->bridge.vlan_mode = DEV_PATH_BR_VLAN_UNTAG_HW; else path->bridge.vlan_mode = DEV_PATH_BR_VLAN_UNTAG; diff --git a/net/switchdev/switchdev.c b/net/switchdev/switchdev.c index 6488ead9e464..c48f66643e99 100644 --- a/net/switchdev/switchdev.c +++ b/net/switchdev/switchdev.c @@ -749,7 +749,7 @@ static int __switchdev_handle_port_obj_add(struct net_device *dev, /* Event is neither on a bridge nor a LAG. Check whether it is on an * interface that is in a bridge with us. */ - if (!foreign_dev_check_cb) + if (!foreign_dev_check_cb || port_obj_info->obj->flags & SWITCHDEV_F_NO_FOREIGN) return err; br = netdev_master_upper_dev_get(dev); From patchwork Tue Jan 7 09:05:29 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13928541 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 81F5EE77197 for ; Tue, 7 Jan 2025 09:22:11 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=ElntuwObyWWTXWyk0nhZUVrAyxwm6+3uBHbEuscDHA0=; b=B9Gh5V95dpCSTL7PhY6eaMVlzy ZQNRiJDQ2nSWpB1i78ab/dkwSp5fwXAGVMRYafZNh3Mng1JMa3dTh3BR1yCp6MW9qcGR7qVPG6ibG UbIGZVDGagytV+3d4D9I6P/BbXvJzUzG5p9VrQ4yM1tqvghqYPezlPAdMlop8O18AD9StkUwjGvi3 9VEuwe/Ii9a4JVXRx5Cstp0XGe7Qy1L68OVDyx3ry2/z51hVP4TMCaHMGWFtGRia0zfrcHV0Z7VYZ gYWcLUIrlhgOJ/CevihKxj2LBPuqxjYrsHnu+TycfbZvPkgaU9xV9Go32SZu41p9OjOpBwDnjXWlj V/EsOGEA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1tV5mf-0000000463l-1nZr; Tue, 07 Jan 2025 09:21:57 +0000 Received: from mail-ed1-x52d.google.com ([2a00:1450:4864:20::52d]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1tV5XZ-000000042e4-0Rg4; Tue, 07 Jan 2025 09:06:22 +0000 Received: by mail-ed1-x52d.google.com with SMTP id 4fb4d7f45d1cf-5d3d479b1e6so21924418a12.2; Tue, 07 Jan 2025 01:06:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1736240779; x=1736845579; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=ElntuwObyWWTXWyk0nhZUVrAyxwm6+3uBHbEuscDHA0=; b=Nt1vlpsuovKcdYCve3xssPDRSS/dOTHdsoyAWhj6sgPgaRFIXGAjTaF7dZ8idTzT1i OenxAxSJnk1/ZAD2+B85JLcFl6dgrnzg1F0cyUxreJGf9JMrB15VwaDuJKtBUW7MQrNy KzLaLwusRtPKlHAmYe8/XAqazfoqCLQ0MdzC4QvxTkk5Ufeca20MLMyy7ztBNbjdRoA1 BkmP4Evkf9V/MOjy5omnq/qcrQwoo5l9KhHR4IP8/A0szA23+rQRVAt0rWvSA1HErFfO 5/gkIRYwFVbutun5lCtT9P0C22tuuGAzVU9708HCH2wodC8xIpX/vMpBiYBN72YOfzqj /DAg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736240779; x=1736845579; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ElntuwObyWWTXWyk0nhZUVrAyxwm6+3uBHbEuscDHA0=; b=rdJM1And5DxxyAmWICrd/UNiXnOzm1J+pgZI/KDTgwv+Gz8rDl2daWWvfcQ8ZTigcH zMJlbZ7z/H0azZY5c+1OIUWJwIMZdG1ZEYsLJo4KKzmAUPRTO05d72tvVZLAxp3XQvQQ nd9Yo0hfDOrbfGPQlZBv6/JG54cq44WZTdgqMb4RKK+OKc6JJLAKC2xQ6fr3FT3ZCAQP hW1IS3C/OTTAMw/EYiammSqQo6NXHWYIQ+ifIjE+OF4/Iyh9Pu5EtKFelcxdBE90P99f zfloMAqUGlqVmDWqePT/0263GK/EpJqzIKLX4d0CD1MUXMSu/hknXOGvkBT8vcyb8KNU JQtw== X-Forwarded-Encrypted: i=1; AJvYcCURXY1gH8TtUGn0ixpfYxr49fIkF37M6EcmvladuWvpw5L+/77lBKsxQzrSG2nBQgrn14+rj3jDrp+YICtXeLA=@lists.infradead.org, AJvYcCVyy57l2sPp9Tgz87UilyQZVCANo693s9rkCjDrDepwvOA4+Ni/80ETNILLCfwe3HO9EeLkyrf9V7z2hsR3WxDZ@lists.infradead.org X-Gm-Message-State: AOJu0YwVv3Mj6iTFotcPjODk98hWQvhBnTrBJ+3tS9IYKgdI5nnrXXgf sIqZ3fMMFM55Ww1nVE2lg3CjcWDzyRrXSbKXqJsD74ShNzmwZKYP X-Gm-Gg: ASbGncsXjjdOzkJcfSEnJwa5UBIdUymq5FRGUhPOdJguQv1YkwuR7en4QXOH+fOJiil WxJiepAfK2QD1MdEGd6ruxFhIHipGVIwdLKBX375XyKtXx934ZJ95rmza0n8TYDGhTx7SKu9J9E CW75e/GdqawFkbX0sGq4Ckk4uUzuaX7ekl2YzqO30fSCiR1RznKKtbc8khHK8DsRXOdoAmCHtWw +B/Oho3dud8ja5BwartTpQT3HWz4Ka4a0hMaB2e6s06Ye93SGzlbT6EZB9UmQuvsg5Pb9RCS6gD htoEJpSIrDX6MjXLjJ4sQkZ6uLx8zW8ozr7l84JbUShsfUvhZgD2SoBEpX/cNtUnV66NogdNfA= = X-Google-Smtp-Source: AGHT+IGt7vXeWi8jtx2prBY+YfADkXQQ34zgfUpIHrQ42iesCfqHcrSyvvrAit9+d72yO+NjyUOXkA== X-Received: by 2002:a05:6402:210f:b0:5d0:cfad:f71 with SMTP id 4fb4d7f45d1cf-5d81de1c921mr140645365a12.32.1736240779167; Tue, 07 Jan 2025 01:06:19 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5d80676f3f9sm24005333a12.23.2025.01.07.01.06.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Jan 2025 01:06:18 -0800 (PST) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Andrew Lunn , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , David Ahern , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH v4 net-next 12/13] bridge: Introduce DEV_PATH_BR_VLAN_KEEP_HW for bridge-fastpath Date: Tue, 7 Jan 2025 10:05:29 +0100 Message-ID: <20250107090530.5035-13-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250107090530.5035-1-ericwouds@gmail.com> References: <20250107090530.5035-1-ericwouds@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250107_010621_144514_3506D146 X-CRM114-Status: GOOD ( 15.55 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org This patch introduces DEV_PATH_BR_VLAN_KEEP_HW. It is needed in the bridge fastpath for switchdevs supporting SWITCHDEV_OBJ_ID_PORT_VLAN. It is similar to DEV_PATH_BR_VLAN_TAG, with the correcponding bit in ingress_vlans set. In the forward fastpath it is not needed. Signed-off-by: Eric Woudstra --- include/linux/netdevice.h | 1 + net/bridge/br_device.c | 4 ++++ net/bridge/br_vlan.c | 18 +++++++++++------- net/netfilter/nft_flow_offload.c | 3 +++ 4 files changed, 19 insertions(+), 7 deletions(-) diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h index 7d66a73b880c..cf754ebb19df 100644 --- a/include/linux/netdevice.h +++ b/include/linux/netdevice.h @@ -871,6 +871,7 @@ struct net_device_path { DEV_PATH_BR_VLAN_TAG, DEV_PATH_BR_VLAN_UNTAG, DEV_PATH_BR_VLAN_UNTAG_HW, + DEV_PATH_BR_VLAN_KEEP_HW, } vlan_mode; u16 vlan_id; __be16 vlan_proto; diff --git a/net/bridge/br_device.c b/net/bridge/br_device.c index c7646afc8b96..112fd8556217 100644 --- a/net/bridge/br_device.c +++ b/net/bridge/br_device.c @@ -430,6 +430,10 @@ static int br_fill_forward_path(struct net_device_path_ctx *ctx, case DEV_PATH_BR_VLAN_UNTAG: ctx->num_vlans--; break; + case DEV_PATH_BR_VLAN_KEEP_HW: + if (!src) + path->bridge.vlan_mode = DEV_PATH_BR_VLAN_KEEP; + break; case DEV_PATH_BR_VLAN_KEEP: break; } diff --git a/net/bridge/br_vlan.c b/net/bridge/br_vlan.c index 3e50adaf8e1b..8ac1a7a22b2e 100644 --- a/net/bridge/br_vlan.c +++ b/net/bridge/br_vlan.c @@ -1494,13 +1494,17 @@ int br_vlan_fill_forward_path_mode(struct net_bridge *br, if (!(v->flags & BRIDGE_VLAN_INFO_UNTAGGED)) return 0; - if (path->bridge.vlan_mode == DEV_PATH_BR_VLAN_TAG) - path->bridge.vlan_mode = DEV_PATH_BR_VLAN_KEEP; - else if (v->priv_flags & BR_VLFLAG_TAGGING_BY_SWITCHDEV) - path->bridge.vlan_mode = DEV_PATH_BR_VLAN_UNTAG_HW; - else - path->bridge.vlan_mode = DEV_PATH_BR_VLAN_UNTAG; - + if (path->bridge.vlan_mode == DEV_PATH_BR_VLAN_TAG) { + if (v->priv_flags & BR_VLFLAG_TAGGING_BY_SWITCHDEV) + path->bridge.vlan_mode = DEV_PATH_BR_VLAN_KEEP_HW; + else + path->bridge.vlan_mode = DEV_PATH_BR_VLAN_KEEP; + } else { + if (v->priv_flags & BR_VLFLAG_TAGGING_BY_SWITCHDEV) + path->bridge.vlan_mode = DEV_PATH_BR_VLAN_UNTAG_HW; + else + path->bridge.vlan_mode = DEV_PATH_BR_VLAN_UNTAG; + } return 0; } diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index 387e5574c31f..ed0e9b499971 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -149,6 +149,9 @@ static void nft_dev_path_info(const struct net_device_path_stack *stack, case DEV_PATH_BR_VLAN_UNTAG_HW: info->ingress_vlans |= BIT(info->num_encaps - 1); break; + case DEV_PATH_BR_VLAN_KEEP_HW: + info->ingress_vlans |= BIT(info->num_encaps); + fallthrough; case DEV_PATH_BR_VLAN_TAG: info->encap[info->num_encaps].id = path->bridge.vlan_id; info->encap[info->num_encaps].proto = path->bridge.vlan_proto; From patchwork Tue Jan 7 09:05:30 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13928542 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id A46BDE77197 for ; Tue, 7 Jan 2025 09:23:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=kjMfgZPTOt1wzklPxYQo1KoCry3saUouaCrKRGjXlrM=; b=so8DoasATh41qHd/Yh3N5XQKhO 6n/UyTxLP6t5kLmHAhL7MGo53CxnabIWtsWMIHpigGIbFxnJgaXSQdyFFpH2o8o8mjb428o/zc0/E hWoXSzzyc4fzFKmcDe3uAPUAa12hlVnAc3e3GgHnLCAhce56BVi4jq14ewD9xskYmbWTKp4p/MZ0h foHd5nuUPqJRMzF9fpRRcHj3x7AvFgso75bstVcRskecBq09OLu9cq6zyLIX7kXBTz3XcZpTOEhYb 6qUk8Bkd7TTwB9z5jSAqJUSQy6kqMnvuqrEp7ljyHlTwAJu+2ySOKfSx1C2GgvQwNFaASRO5c/sB6 gghPTOYQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1tV5np-000000046IQ-1NA6; Tue, 07 Jan 2025 09:23:09 +0000 Received: from mail-ed1-x52f.google.com ([2a00:1450:4864:20::52f]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1tV5Xb-000000042f8-0ecK; Tue, 07 Jan 2025 09:06:24 +0000 Received: by mail-ed1-x52f.google.com with SMTP id 4fb4d7f45d1cf-5d3ecae02beso19266428a12.0; Tue, 07 Jan 2025 01:06:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1736240781; x=1736845581; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=kjMfgZPTOt1wzklPxYQo1KoCry3saUouaCrKRGjXlrM=; b=BemHxRCGoi+sT0M5joXtsFSr6fdlaVwozsWS7WQjb0UvZfHDuuZl6blJZmsm7nQiyD DKyBCj73m7lJ8lDe8yeFasTlvXqj3Tu7Pg3zylLV3Tqey1+ZuamJ/69v3WrJsbuzJYXF VPph0EZOuNhQWob/Em5ZEKQMgDb+Cr5eNllHBI4AveLF/iRWlsSlia97IcN0KKYEqGOZ 2p7J89VDL3PRim2nBXJYEsOGQq75F9HMlzv8A/T8m6M81dVZBUDVCpTxmwmNHFMFNjqy I8xOD5ShcsTUrr6Ryg5IbeufiniRFQUqh7pVeVO40vkJ00s87VYp3M+jx02srl69Bqit wASg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736240781; x=1736845581; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=kjMfgZPTOt1wzklPxYQo1KoCry3saUouaCrKRGjXlrM=; b=LK3d+py9jM7IEg3KSbaISW/zSWsfK1/Z0NotrikLt5wa/s4R8LyG6GTBVYEanDjg5/ j73ew1WPOgc7PKMLgUUBN8HD8+Il603bofVJnHAlocHXABTrnR6XT6/Vtydb2zq++zLa 4k48mXl09fIM27lR34jCI5t0Qr858XimzILeUicoI5pFKAWAs2CNYtlMB2tJStijHUtN byhfSFTb2h4K7jDYIxLUrJC2DOI1zshroOvtF/nzmEVjGyawXxl6qo3IFoZuQJFZ63dA Xo67WJDlhJ6hoCo1011zp3U5tYtyG+hrpGTzXZ6B00CuDviKvt1XUmd9WYzz7+UrsTlF zH4Q== X-Forwarded-Encrypted: i=1; AJvYcCU4V9edywCnWdY/LVq97aZYy2BYIKn5ufvlwVlRoM6syJ4sk8zB+4996t55hKXjK1DfkDVr3/rpESaPG/mNKm3p@lists.infradead.org, AJvYcCUtCP+siBQ96p9eyfHDts74DYMZl1wYewtACElFhqJ69IMxQYUNxkjy6nLKH1K1gs/mBE2UVFlfXCCG3AaZ9Lk=@lists.infradead.org X-Gm-Message-State: AOJu0YyS33wG9qktRRNGcmYLLvX2/XUTO4hcGi5JEVYyE4g/YE202m3Q sSmvjcW7Mm4QUMCRaZeMm3UBLz3hc54NCYfxpdYx51lVG9UH66xu X-Gm-Gg: ASbGnctR+8q48nmVLWGNA1bG5HOfvUAIzE9YW3RGM3yTeTVn4RITa9LIjs94s/gnsOd p/TLQLObWY1KWiLAk5b3EQhE4RRVS2C4iNDaREshYNsFQ/RCwr3wkoF+Yx8B3SRx/l62iTmrQG0 cXtYMXhlIWCoqCG4fc/dtkfM1ntz+E62PeFKvScOBOFZljXyod4OLX/THS5TMs9U+Eb7s44vX3b JVfNZK8xwh0Ih49joIhWf787PdjkCC2aDs0emXoE3aonsDTIBp8+m3NK/r3oCkjT7eR2DTBfXxl 97GxqEypkZY/DkgoXEljX22erEOU26VDQPBl3xRe3xojg1OQFdukA0ljrRiwQ0mg3mT+8cUujg= = X-Google-Smtp-Source: AGHT+IEZgOPUuG7xbszfCT298CU/i252/FBQIVsTD95aponqU63zDuW03UcIkUyIYtVMFWqIiCMCcQ== X-Received: by 2002:a05:6402:26c3:b0:5d6:37e9:8a93 with SMTP id 4fb4d7f45d1cf-5d81dd5e95amr53938837a12.2.1736240781203; Tue, 07 Jan 2025 01:06:21 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5d80676f3f9sm24005333a12.23.2025.01.07.01.06.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Jan 2025 01:06:19 -0800 (PST) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Andrew Lunn , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , David Ahern , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH v4 net-next 13/13] netfilter: nft_flow_offload: Add bridgeflow to nft_flow_offload_eval() Date: Tue, 7 Jan 2025 10:05:30 +0100 Message-ID: <20250107090530.5035-14-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250107090530.5035-1-ericwouds@gmail.com> References: <20250107090530.5035-1-ericwouds@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250107_010623_194019_0ADDB931 X-CRM114-Status: GOOD ( 19.35 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Edit nft_flow_offload_eval() to make it possible to handle a flowtable of the nft bridge family. Use nft_flow_offload_bridge_init() to fill the flow tuples. It uses nft_dev_fill_bridge_path() in each direction. Signed-off-by: Eric Woudstra --- net/netfilter/nft_flow_offload.c | 144 +++++++++++++++++++++++++++++-- 1 file changed, 139 insertions(+), 5 deletions(-) diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index ed0e9b499971..b17a3ef79852 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -196,6 +196,131 @@ static bool nft_flowtable_find_dev(const struct net_device *dev, return found; } +static int nft_dev_fill_bridge_path(struct flow_offload *flow, + struct nft_flowtable *ft, + const struct nft_pktinfo *pkt, + enum ip_conntrack_dir dir, + const struct net_device *src_dev, + const struct net_device *dst_dev, + unsigned char *src_ha, + unsigned char *dst_ha) +{ + struct flow_offload_tuple_rhash *th = flow->tuplehash; + struct net_device_path_stack stack; + struct net_device_path_ctx ctx = {}; + struct nft_forward_info info = {}; + int i, j = 0; + + for (i = th[dir].tuple.encap_num - 1; i >= 0 ; i--) { + if (info.num_encaps >= NF_FLOW_TABLE_ENCAP_MAX) + return -1; + + if (th[dir].tuple.in_vlan_ingress & BIT(i)) + continue; + + info.encap[info.num_encaps].id = th[dir].tuple.encap[i].id; + info.encap[info.num_encaps].proto = th[dir].tuple.encap[i].proto; + info.num_encaps++; + + if (th[dir].tuple.encap[i].proto == htons(ETH_P_PPP_SES)) + continue; + + if (ctx.num_vlans >= NET_DEVICE_PATH_VLAN_MAX) + return -1; + ctx.vlan[ctx.num_vlans].id = th[dir].tuple.encap[i].id; + ctx.vlan[ctx.num_vlans].proto = th[dir].tuple.encap[i].proto; + ctx.num_vlans++; + } + ctx.dev = src_dev; + ether_addr_copy(ctx.daddr, dst_ha); + + if (dev_fill_bridge_path(&ctx, &stack) < 0) + return -1; + + nft_dev_path_info(&stack, &info, dst_ha, &ft->data); + + if (!info.indev || info.indev != dst_dev) + return -1; + + th[!dir].tuple.iifidx = info.indev->ifindex; + for (i = info.num_encaps - 1; i >= 0; i--) { + th[!dir].tuple.encap[j].id = info.encap[i].id; + th[!dir].tuple.encap[j].proto = info.encap[i].proto; + if (info.ingress_vlans & BIT(i)) + th[!dir].tuple.in_vlan_ingress |= BIT(j); + j++; + } + th[!dir].tuple.encap_num = info.num_encaps; + + th[dir].tuple.mtu = dst_dev->mtu; + ether_addr_copy(th[dir].tuple.out.h_source, src_ha); + ether_addr_copy(th[dir].tuple.out.h_dest, dst_ha); + th[dir].tuple.out.ifidx = info.outdev->ifindex; + th[dir].tuple.out.hw_ifidx = info.hw_outdev->ifindex; + th[dir].tuple.xmit_type = FLOW_OFFLOAD_XMIT_DIRECT; + + return 0; +} + +static int nft_flow_offload_bridge_init(struct flow_offload *flow, + const struct nft_pktinfo *pkt, + enum ip_conntrack_dir dir, + struct nft_flowtable *ft) +{ + struct ethhdr *eth = eth_hdr(pkt->skb); + struct flow_offload_tuple *tuple; + const struct net_device *out_dev; + const struct net_device *in_dev; + struct pppoe_hdr *phdr; + struct vlan_hdr *vhdr; + int err, i = 0; + + in_dev = nft_in(pkt); + if (!in_dev || !nft_flowtable_find_dev(in_dev, ft)) + return -1; + + out_dev = nft_out(pkt); + if (!out_dev || !nft_flowtable_find_dev(out_dev, ft)) + return -1; + + tuple = &flow->tuplehash[!dir].tuple; + + if (skb_vlan_tag_present(pkt->skb)) { + tuple->encap[i].id = skb_vlan_tag_get(pkt->skb); + tuple->encap[i].proto = pkt->skb->vlan_proto; + i++; + } + switch (pkt->skb->protocol) { + case htons(ETH_P_8021Q): + vhdr = (struct vlan_hdr *)skb_network_header(pkt->skb); + tuple->encap[i].id = ntohs(vhdr->h_vlan_TCI); + tuple->encap[i].proto = pkt->skb->protocol; + i++; + break; + case htons(ETH_P_PPP_SES): + phdr = (struct pppoe_hdr *)skb_network_header(pkt->skb); + tuple->encap[i].id = ntohs(phdr->sid); + tuple->encap[i].proto = pkt->skb->protocol; + i++; + break; + } + tuple->encap_num = i; + + err = nft_dev_fill_bridge_path(flow, ft, pkt, !dir, out_dev, in_dev, + eth->h_dest, eth->h_source); + if (err < 0) + return err; + + memset(tuple->encap, 0, sizeof(tuple->encap)); + + err = nft_dev_fill_bridge_path(flow, ft, pkt, dir, in_dev, out_dev, + eth->h_source, eth->h_dest); + if (err < 0) + return err; + + return 0; +} + static void nft_dev_forward_path(struct nf_flow_route *route, const struct nf_conn *ct, enum ip_conntrack_dir dir, @@ -306,6 +431,7 @@ static void nft_flow_offload_eval(const struct nft_expr *expr, { struct nft_flow_offload *priv = nft_expr_priv(expr); struct nf_flowtable *flowtable = &priv->flowtable->data; + bool routing = (flowtable->type->family != NFPROTO_BRIDGE); struct tcphdr _tcph, *tcph = NULL; struct nf_flow_route route = {}; enum ip_conntrack_info ctinfo; @@ -359,14 +485,20 @@ static void nft_flow_offload_eval(const struct nft_expr *expr, goto out; dir = CTINFO2DIR(ctinfo); - if (nft_flow_route(pkt, ct, &route, dir, priv->flowtable) < 0) - goto err_flow_route; + if (routing) { + if (nft_flow_route(pkt, ct, &route, dir, priv->flowtable) < 0) + goto err_flow_route; + } flow = flow_offload_alloc(ct); if (!flow) goto err_flow_alloc; - flow_offload_route_init(flow, &route); + if (routing) + flow_offload_route_init(flow, &route); + else + if (nft_flow_offload_bridge_init(flow, pkt, dir, priv->flowtable) < 0) + goto err_flow_route; if (tcph) { ct->proto.tcp.seen[0].flags |= IP_CT_TCP_FLAG_BE_LIBERAL; @@ -419,8 +551,10 @@ static void nft_flow_offload_eval(const struct nft_expr *expr, err_flow_add: flow_offload_free(flow); err_flow_alloc: - dst_release(route.tuple[dir].dst); - dst_release(route.tuple[!dir].dst); + if (routing) { + dst_release(route.tuple[dir].dst); + dst_release(route.tuple[!dir].dst); + } err_flow_route: clear_bit(IPS_OFFLOAD_BIT, &ct->status); out: