From patchwork Tue Feb 4 19:49:08 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13959723 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-ed1-f54.google.com (mail-ed1-f54.google.com [209.85.208.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A42E02045A8; Tue, 4 Feb 2025 19:49:54 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.54 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738698596; cv=none; b=Ik11jFBwY2FuIvKGxIIsStMW3gcB2IfgOffGWhZhmaml/ajewCU6Afj/BbG+mbJpwGgAccklEb0xIteeXUGiRKr43wouA3p02XYjJjFa8r6yAIRtIJmAocwj494X/cYlO0ZSG3ySQUV8emR946ngNopNsYgJhv/icyGNaz63Oa8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738698596; c=relaxed/simple; bh=jj+6jSg8JF3C6intFaFxIzdcdeBYc/cQYtbR7BRIziI=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Bi5zPRqtzGdarQEeAQ6ThsWUf13YM17LX4BgrE1OqEavrOwciao1S6w+8TZwC0Xp/2dYHI3KS1Duy+HTm7SNU/pj2NIFvuKYkL3Z47eC/vnuqr9QnOeDgZuQjXn4BRo+niYz6UTUa2lUX8/mxITdcccZJq8PWW2014VSNEGnrSQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=ZMeDHjmT; arc=none smtp.client-ip=209.85.208.54 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="ZMeDHjmT" Received: by mail-ed1-f54.google.com with SMTP id 4fb4d7f45d1cf-5dca4521b95so5679328a12.0; Tue, 04 Feb 2025 11:49:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1738698593; x=1739303393; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=hReqSOryWSBxLxcCjPL69wHXkkJ0+0vpCdAHzzOtlNo=; b=ZMeDHjmTUPE40nVa0IvuHHLrewrNvQXqr0sEKbWWnfOqLFHXC8oKHEw2leqdawFr6v 4+HuZBvZSLRX4MvIndbfCFLu+pvN0sf9oSMcTksrOLt6cf8WIkzuz/kB4vuCkiNIosPw DFuCe6QIsc3SUGV3IbQYwwwrf/rhhou/QX2Ft4z7mlR1/G+kffMPEbtFJmkPua/UG/Qb xuxzKsb95ZED8IDfa6urivmAY3sHimJiM5eJ8Z+bSR+WPMGYgKupAkfsGMsl3CPxpSfw XloNndhbzk7KE4t1xLB1bwXeX63hof990N2Sif1c7t1DBMb0wIier51NDC721pfkl6c4 0kzg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1738698593; x=1739303393; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=hReqSOryWSBxLxcCjPL69wHXkkJ0+0vpCdAHzzOtlNo=; b=dZ6q6blRNZx3cuUQZrddef1BHGu4V3ve094ojiZc61okUglwTfUxjz/ueuZruTuGQC nTwdYFqaTa4PU4HNc/Sr3mfjUQeNUOZjjoY3LbMgzQ9Y/ZpQ84Boh9P/aW4fYMybE8pc MQw4duNenHqjJ2+mNJFCM6y6x6HJPhzaUtA9bXvsKdAnyDUdU4MCHysuYww+k99Ckq8L AUnmsrXSPZnrypMCOhbiVuHlzKpvOoGRQzfsA+Uhs+iDyrBiHliimT3yBChEbnZAQnmH /QVfKdJvhaYqK7LxCehjc6jqduXEXRW/apbV+oO7+KmLFQr7AyAu6WsN6/X5SQiscG/s DlTg== X-Forwarded-Encrypted: i=1; AJvYcCUuHQq8kLDjBU6wr+WbfOUUEqu7IguOdcLIGvIFg8sXMo4R+BJK8JVulayylhrTjyxUjXhMVcyrecT1ZUc=@vger.kernel.org, AJvYcCVBq6ITzw3HBJPuYINVLVVHoovmnwe+nYy6yiVtKfe2g6kkOIL8cbFNWdgV3+Y/dLotqF763tKg9eU/6iobVQvy@vger.kernel.org X-Gm-Message-State: AOJu0YwNnAMMzIqK1PEgA+BvFE/TTts5MpIWytSC8jPPkKWpysWxy80U 3z2TttvcU7I8lqRiqU7UQPTR1wX9QJeH8DZSa2zn9LMUf49xX2Q2 X-Gm-Gg: ASbGnctFNyOF/9kgh0ogABPg4GYWDQHtKqVWuMqoS7z3Nbgb5hg6M7DBAkgiCjHdnJ+ Bv38E3s0pgTTImFM5vBhc7zloS79SXsFrfEp8ZdJ0QsMr0TXxR1vlJBg4J10iLY3GKUvnMylyUg hNOjBPOjW3gkyrlSbM9ZwXpryrRwHts6UrMPDceNYzJfTedob0deqeqs9otd2LMFuWlmrmpRpJl zX23x7S4L+egq7qZn7vOTDeQAtkmnDB8B+uaHD3MEChJF0WKKnahZ9Wfjl5ZVMH4ojH34Net3xd GVqfQ35zGCM5zEFOTXqTYl3BLvVcAp9R2bbc/kxofr341xg2xgUyfRzhjMsG/jDnMDFfQ1Q8am3 FxRbdzhCtbjoxuCHMq8XopByfuT6mTlL5 X-Google-Smtp-Source: AGHT+IGtVUW9tbXkyeQh+dXG56PVOCAX6Na2o6XwACfLwRut5izfY5IpER9JhHtUBftowoAmLl2eWA== X-Received: by 2002:a17:907:94c5:b0:aa6:8e9e:1b5 with SMTP id a640c23a62f3a-ab6cfc872f7mr2875947766b.3.1738698592608; Tue, 04 Feb 2025 11:49:52 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-ab6e4a5635bsm964684466b.164.2025.02.04.11.49.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 04 Feb 2025 11:49:52 -0800 (PST) From: Eric Woudstra To: Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH v5 net-next 01/14] netfilter: nf_flow_table_offload: Add nf_flow_encap_push() for xmit direct Date: Tue, 4 Feb 2025 20:49:08 +0100 Message-ID: <20250204194921.46692-2-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250204194921.46692-1-ericwouds@gmail.com> References: <20250204194921.46692-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org Loosely based on wenxu's patches: "nf_flow_table_offload: offload the vlan/PPPoE encap in the flowtable". Fixed double vlan and pppoe packets, almost entirely rewriting the patch. After this patch, it is possible to transmit packets in the fastpath with outgoing encaps, without using vlan- and/or pppoe-devices. This makes it possible to use more different kinds of network setups. For example, when bridge tagging is used to egress vlan tagged packets using the forward fastpath. Another example is passing 802.1q tagged packets through a bridge using the bridge fastpath. This also makes the software fastpath process more similar to the hardware offloaded fastpath process, where encaps are also pushed. After applying this patch, always info->outdev = info->hw_outdev, so the netfilter code can be further cleaned up by removing: * hw_outdev from struct nft_forward_info * out.hw_ifindex from struct nf_flow_route * out.hw_ifidx from struct flow_offload_tuple Signed-off-by: Eric Woudstra --- net/netfilter/nf_flow_table_ip.c | 96 +++++++++++++++++++++++++++++++- net/netfilter/nft_flow_offload.c | 6 +- 2 files changed, 96 insertions(+), 6 deletions(-) diff --git a/net/netfilter/nf_flow_table_ip.c b/net/netfilter/nf_flow_table_ip.c index 97c6eb8847a0..b9292eb40907 100644 --- a/net/netfilter/nf_flow_table_ip.c +++ b/net/netfilter/nf_flow_table_ip.c @@ -306,6 +306,92 @@ static bool nf_flow_skb_encap_protocol(struct sk_buff *skb, __be16 proto, return false; } +static int nf_flow_vlan_inner_push(struct sk_buff *skb, __be16 proto, u16 id) +{ + struct vlan_hdr *vhdr; + + if (skb_cow_head(skb, VLAN_HLEN)) + return -1; + + __skb_push(skb, VLAN_HLEN); + skb_reset_network_header(skb); + + vhdr = (struct vlan_hdr *)(skb->data); + vhdr->h_vlan_TCI = htons(id); + vhdr->h_vlan_encapsulated_proto = skb->protocol; + skb->protocol = proto; + + return 0; +} + +static int nf_flow_ppoe_push(struct sk_buff *skb, u16 id) +{ + struct ppp_hdr { + struct pppoe_hdr hdr; + __be16 proto; + } *ph; + int data_len = skb->len + 2; + __be16 proto; + + if (skb_cow_head(skb, PPPOE_SES_HLEN)) + return -1; + + if (skb->protocol == htons(ETH_P_IP)) + proto = htons(PPP_IP); + else if (skb->protocol == htons(ETH_P_IPV6)) + proto = htons(PPP_IPV6); + else + return -1; + + __skb_push(skb, PPPOE_SES_HLEN); + skb_reset_network_header(skb); + + ph = (struct ppp_hdr *)(skb->data); + ph->hdr.ver = 1; + ph->hdr.type = 1; + ph->hdr.code = 0; + ph->hdr.sid = htons(id); + ph->hdr.length = htons(data_len); + ph->proto = proto; + skb->protocol = htons(ETH_P_PPP_SES); + + return 0; +} + +static int nf_flow_encap_push(struct sk_buff *skb, + struct flow_offload_tuple_rhash *tuplehash, + unsigned short *type) +{ + int i = 0, ret = 0; + + if (!tuplehash->tuple.encap_num) + return 0; + + if (tuplehash->tuple.encap[i].proto == htons(ETH_P_8021Q) || + tuplehash->tuple.encap[i].proto == htons(ETH_P_8021AD)) { + __vlan_hwaccel_put_tag(skb, tuplehash->tuple.encap[i].proto, + tuplehash->tuple.encap[i].id); + i++; + if (i >= tuplehash->tuple.encap_num) + return 0; + } + + switch (tuplehash->tuple.encap[i].proto) { + case htons(ETH_P_8021Q): + *type = ETH_P_8021Q; + ret = nf_flow_vlan_inner_push(skb, + tuplehash->tuple.encap[i].proto, + tuplehash->tuple.encap[i].id); + break; + case htons(ETH_P_PPP_SES): + *type = ETH_P_PPP_SES; + ret = nf_flow_ppoe_push(skb, + tuplehash->tuple.encap[i].id); + break; + } + return ret; +} + static void nf_flow_encap_pop(struct sk_buff *skb, struct flow_offload_tuple_rhash *tuplehash) { @@ -335,6 +421,7 @@ static void nf_flow_encap_pop(struct sk_buff *skb, static unsigned int nf_flow_queue_xmit(struct net *net, struct sk_buff *skb, const struct flow_offload_tuple_rhash *tuplehash, + struct flow_offload_tuple_rhash *other_tuplehash, unsigned short type) { struct net_device *outdev; @@ -343,6 +430,9 @@ static unsigned int nf_flow_queue_xmit(struct net *net, struct sk_buff *skb, if (!outdev) return NF_DROP; + if (nf_flow_encap_push(skb, other_tuplehash, &type) < 0) + return NF_DROP; + skb->dev = outdev; dev_hard_header(skb, skb->dev, type, tuplehash->tuple.out.h_dest, tuplehash->tuple.out.h_source, skb->len); @@ -464,7 +554,8 @@ nf_flow_offload_ip_hook(void *priv, struct sk_buff *skb, ret = NF_STOLEN; break; case FLOW_OFFLOAD_XMIT_DIRECT: - ret = nf_flow_queue_xmit(state->net, skb, tuplehash, ETH_P_IP); + ret = nf_flow_queue_xmit(state->net, skb, tuplehash, + &flow->tuplehash[!dir], ETH_P_IP); if (ret == NF_DROP) flow_offload_teardown(flow); break; @@ -761,7 +852,8 @@ nf_flow_offload_ipv6_hook(void *priv, struct sk_buff *skb, ret = NF_STOLEN; break; case FLOW_OFFLOAD_XMIT_DIRECT: - ret = nf_flow_queue_xmit(state->net, skb, tuplehash, ETH_P_IPV6); + ret = nf_flow_queue_xmit(state->net, skb, tuplehash, + &flow->tuplehash[!dir], ETH_P_IPV6); if (ret == NF_DROP) flow_offload_teardown(flow); break; diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index 46a6d280b09c..b4baee519e18 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -124,13 +124,12 @@ static void nft_dev_path_info(const struct net_device_path_stack *stack, info->indev = NULL; break; } - if (!info->outdev) - info->outdev = path->dev; info->encap[info->num_encaps].id = path->encap.id; info->encap[info->num_encaps].proto = path->encap.proto; info->num_encaps++; if (path->type == DEV_PATH_PPPOE) memcpy(info->h_dest, path->encap.h_dest, ETH_ALEN); + info->xmit_type = FLOW_OFFLOAD_XMIT_DIRECT; break; case DEV_PATH_BRIDGE: if (is_zero_ether_addr(info->h_source)) @@ -158,8 +157,7 @@ static void nft_dev_path_info(const struct net_device_path_stack *stack, break; } } - if (!info->outdev) - info->outdev = info->indev; + info->outdev = info->indev; info->hw_outdev = info->indev; From patchwork Tue Feb 4 19:49:09 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13959724 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-ej1-f42.google.com (mail-ej1-f42.google.com [209.85.218.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E377F2185BC; Tue, 4 Feb 2025 19:49:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.42 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738698597; cv=none; b=F4cnW5SZw6FZBDiLOF4bksNfBRtqlXHdFyQW3lQ967fNuWa6p3YsoZmc9IdobmEKSiWY0xHaTXV+4vMcJ97u5GQ+1CJSEq/h6C7MLCL9OALQxIkdgU5ulzjsLAxpflKy0SZUtx28kkwEIZVK0mmPLIQcHQu2qW5MHT2GvQFCK5U= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738698597; c=relaxed/simple; bh=rTY7nGpwAt/CvtxcIfBc/CESYzTMIKrQGo6gR2WwnRA=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=B4CPtYS6NbXTf/hOLatxQX9Df1w+nbVXpnUIP7vubmFwFlwDKlSMUjSI2iaoqHfR7+1svmbA/aHCDDuFikXOCTJDxNV5tTXjSAoHtLdiDIDb/5ufou+FiZORnXLr5y5/dqGH6dK/iZ84FFxUtoXbL76BJycRcce8HNb2utnx0bE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=gfebafZ6; arc=none smtp.client-ip=209.85.218.42 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="gfebafZ6" Received: by mail-ej1-f42.google.com with SMTP id a640c23a62f3a-ab34a170526so950432866b.0; Tue, 04 Feb 2025 11:49:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1738698594; x=1739303394; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=uYHS436MhCvQPNlHTWPNiRlg7kt4orCDQn4NLGRznHk=; b=gfebafZ6XGTXuvDTyxOesfOgCgn5nlUd1oytAPMkh7pJthXWTEzhC9hXbjFbTsIPzB d6PB9rJsX2U6X7eKV93n/fxz28ZF31EB+Lnrw3vSfs5Q39GC38p5T1rt7E4n8LdSIDfF t+XmLO3xFGeP+/Ts6cbNoqncqmlOsVU6d6zHdFJ/PjElddBolHeVV58X5ScmWLQoEVxl +b8ezSWLOpC8UgWcuGnF8AFvBOCp7SimObpIV46BJOm2F9OkBxjoahKEjiMibAz+mtsW iTSV40FD13nHXfg8gZUKxKCnQcgzU7jhQvpnYnUqX9G2wRXrQxHehqLb1qtFHYDetZAg x8DQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1738698594; x=1739303394; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=uYHS436MhCvQPNlHTWPNiRlg7kt4orCDQn4NLGRznHk=; b=FIPtyA0LQlO4QtyDtCx4m1h9jHJ5VjhS5jn+EVwIeq+kWjbP5JTtzxujp2oQyqtna0 DfRJuKkmIqWdotLAJ08/byAb8A5Y6gROJq1KQ8FvsJz31P7mpFgH/2rc1HnhlqLzdj8M jiejw8h9ukiu7aj3QwBKRxVAMEmtzY1AEUYJ9I28xAzIcC2a/NvgbSMlrhBckZGi1PKc s/fjTrK2tBoj5mCxZRW5zW7pb+cQoc+SYkaKy7GA1w4bHZu2JiXTgr+fPDYmj9WOF3OI Q8W8MamF6vLi05OVxD5ZNvlY/8v28tQIgJ0Jyl4uL2hCa7d0d+kwSF2U9vT3Xq4UdIyu 5jEg== X-Forwarded-Encrypted: i=1; AJvYcCWPuMjZVVerJhtyXHotC7UQW0oD7hcIg254hYtemQbO8jt0V0PDT7Zvf5h1e/BhBgyzP0hzv352tqn5S3BAIHot@vger.kernel.org, AJvYcCX+zXHYcJ8edXW3vKweHgRA3R4ALUPE59nmrsOZKDg6lWEc96a6A9P6k9k2DNDWQYWop+AZ+itp+iRCFWo=@vger.kernel.org X-Gm-Message-State: AOJu0YxcVKmc3vFLGUNGTsSCSbYUeAaub1t/ixD/X9a87v+yCtsGXo7N aoGPkaDFxjyatHIBRum25zOug0MUZ49WIPb1HQCrZlPZ7LtrUo3V X-Gm-Gg: ASbGncubaa+Bc8VB6IL4tpoIN4rmnt2nqBcXrYt1uaKYPB0jr5Q2puDPCiSrsNqNFfG buR1ykHyHdmvt6++jAgR1wdSobt/4d4fQcrNBN+9UTFj2npkKhmyijy0PTUV/L1hTNtpidXe1eB WokcUz9dI5cyZx/ZzpbMoSuOe4f2Z7ix8holZA52eJrrIhiFb6aXg8v56q9tm8Rv3XfjAkmGhsI O/KkNw/EKJFlUNQg+Zh2AE4sD7i3m5CQX932pncnVPIp1y30vIbTebTCky9bA9TXN4hpwXa0nXP lcqzYhREVpAleWljM+k+nLhcwgQurQdWzNYyyI5TYX1iMJEtx8eoftcw9VIJMJAHRoQZXC28rwH HpBj91S+itdKb+cvwJOIq6Aq8iY6+qSpT X-Google-Smtp-Source: AGHT+IFfJwb9MQyefWJ9mzFYp2BV5PmqGkhxPrYjuZLqNPTns6xWOMQoNOZAbpkulbWsZqH9uAZmRw== X-Received: by 2002:a17:906:1691:b0:ab6:d686:de7 with SMTP id a640c23a62f3a-ab6d6860fc7mr2382446866b.44.1738698593832; Tue, 04 Feb 2025 11:49:53 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-ab6e4a5635bsm964684466b.164.2025.02.04.11.49.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 04 Feb 2025 11:49:53 -0800 (PST) From: Eric Woudstra To: Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH v5 net-next 02/14] netfilter: flow: remove hw_outdev, out.hw_ifindex and out.hw_ifidx Date: Tue, 4 Feb 2025 20:49:09 +0100 Message-ID: <20250204194921.46692-3-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250204194921.46692-1-ericwouds@gmail.com> References: <20250204194921.46692-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org Now always info->outdev == info->hw_outdev, so the netfilter code can be further cleaned up by removing: * hw_outdev from struct nft_forward_info * out.hw_ifindex from struct nf_flow_route * out.hw_ifidx from struct flow_offload_tuple Signed-off-by: Eric Woudstra --- include/net/netfilter/nf_flow_table.h | 2 -- net/netfilter/nf_flow_table_core.c | 1 - net/netfilter/nf_flow_table_offload.c | 2 +- net/netfilter/nft_flow_offload.c | 4 ---- 4 files changed, 1 insertion(+), 8 deletions(-) diff --git a/include/net/netfilter/nf_flow_table.h b/include/net/netfilter/nf_flow_table.h index d711642e78b5..4ab32fb61865 100644 --- a/include/net/netfilter/nf_flow_table.h +++ b/include/net/netfilter/nf_flow_table.h @@ -145,7 +145,6 @@ struct flow_offload_tuple { }; struct { u32 ifidx; - u32 hw_ifidx; u8 h_source[ETH_ALEN]; u8 h_dest[ETH_ALEN]; } out; @@ -211,7 +210,6 @@ struct nf_flow_route { } in; struct { u32 ifindex; - u32 hw_ifindex; u8 h_source[ETH_ALEN]; u8 h_dest[ETH_ALEN]; } out; diff --git a/net/netfilter/nf_flow_table_core.c b/net/netfilter/nf_flow_table_core.c index 9d8361526f82..1e5d3735c028 100644 --- a/net/netfilter/nf_flow_table_core.c +++ b/net/netfilter/nf_flow_table_core.c @@ -127,7 +127,6 @@ static int flow_offload_fill_route(struct flow_offload *flow, memcpy(flow_tuple->out.h_source, route->tuple[dir].out.h_source, ETH_ALEN); flow_tuple->out.ifidx = route->tuple[dir].out.ifindex; - flow_tuple->out.hw_ifidx = route->tuple[dir].out.hw_ifindex; dst_release(dst); break; case FLOW_OFFLOAD_XMIT_XFRM: diff --git a/net/netfilter/nf_flow_table_offload.c b/net/netfilter/nf_flow_table_offload.c index e06bc36f49fe..d8f7bfd60ac6 100644 --- a/net/netfilter/nf_flow_table_offload.c +++ b/net/netfilter/nf_flow_table_offload.c @@ -555,7 +555,7 @@ static void flow_offload_redirect(struct net *net, switch (this_tuple->xmit_type) { case FLOW_OFFLOAD_XMIT_DIRECT: this_tuple = &flow->tuplehash[dir].tuple; - ifindex = this_tuple->out.hw_ifidx; + ifindex = this_tuple->out.ifidx; break; case FLOW_OFFLOAD_XMIT_NEIGH: other_tuple = &flow->tuplehash[!dir].tuple; diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index b4baee519e18..5ef2f4ba7ab8 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -80,7 +80,6 @@ static int nft_dev_fill_forward_path(const struct nf_flow_route *route, struct nft_forward_info { const struct net_device *indev; const struct net_device *outdev; - const struct net_device *hw_outdev; struct id { __u16 id; __be16 proto; @@ -159,8 +158,6 @@ static void nft_dev_path_info(const struct net_device_path_stack *stack, } info->outdev = info->indev; - info->hw_outdev = info->indev; - if (nf_flowtable_hw_offload(flowtable) && nft_is_valid_ether_device(info->indev)) info->xmit_type = FLOW_OFFLOAD_XMIT_DIRECT; @@ -212,7 +209,6 @@ static void nft_dev_forward_path(struct nf_flow_route *route, memcpy(route->tuple[dir].out.h_source, info.h_source, ETH_ALEN); memcpy(route->tuple[dir].out.h_dest, info.h_dest, ETH_ALEN); route->tuple[dir].out.ifindex = info.outdev->ifindex; - route->tuple[dir].out.hw_ifindex = info.hw_outdev->ifindex; route->tuple[dir].xmit_type = info.xmit_type; } } From patchwork Tue Feb 4 19:49:10 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13959725 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-ed1-f51.google.com (mail-ed1-f51.google.com [209.85.208.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E9970219A8E; Tue, 4 Feb 2025 19:49:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.51 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738698598; cv=none; b=UPZ05eASVqtEpEYSzGe9PG7vLDdfiuEX6aVtKcf03kQHhUNSvQF/UDJ8Ut9iJwua401FaiyD5R/9H6BCWWCelwjkjZdPdSKHImr+h33NCebRQTsvoZHi8+0ZTmAb3RAibz4j3KH8E5XBgVrkQ93rxOIlCKo6pcbjNxXYohpPrfw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738698598; c=relaxed/simple; bh=RF5LvDCYnydj6qn0qJH84ZScpLNAa8mIOdNORjie3so=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=uVij8qMxSVSljbR9MSL2HdDOlUVcz6bHWM9NyvYBYA2bs97K6vHa2vKSxwoQK+yBhEqpdWv+w85UKHtuWuZVtIEcBd0fiVqZD80JSmH3SNfsp7HvNfzq/vIXxkLk7jbUZjCztT2w89JE3rjpjTuXIffnN7XrDLEC2Fv8pnjj1M8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=U6UICgnr; arc=none smtp.client-ip=209.85.208.51 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="U6UICgnr" Received: by mail-ed1-f51.google.com with SMTP id 4fb4d7f45d1cf-5da12292b67so9829867a12.3; Tue, 04 Feb 2025 11:49:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1738698595; x=1739303395; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=ib9AvLEqJNS6gnJbPJClceeQRzwP8bycAwF1f+d+KWA=; b=U6UICgnrkh7I3OeLBj9H8CS5+b0abihuiPAaF3QbtBTRBRib7Z4jN6ve6WT1973dw1 SpUXn4Tq8HmdsEE1d0CM0FB53t3G6wzEdPvqZ9KB6+kFC5YYJk00q8WUnws4ZCkTN3lu ZGedvaAqjpwiWXmrvqD91ZMKrBt78SeeLZVEUD2SKIluIv7ehlzljZo68n/sAx6jZcB8 dgm4NJwp5XMsPEIeBVCZrZl8Byo7GJrrG5ru7DCYsiKAINNwmh70aRQzvkVRgYJT/59u SVsTvNLG7nNcNo3MJyQuQno8zIhrSf0Y+GS8y0xFrb04/s+rJrqCIbChefwTXfJprnG4 YxjA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1738698595; x=1739303395; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ib9AvLEqJNS6gnJbPJClceeQRzwP8bycAwF1f+d+KWA=; b=YU1HHGWuRmVmDpucP5UN2cWFsazpliAzzKZGmPgAg2JhaU3yoav3cbVBZobZen3cq5 VMoEWsAyPRv8KfKzIE6YjrCuVO8/iDsdsijHMeoByyRk9is/e+dofNc5NFKgryGC1OnA 6ziE2yeXKRFOn2b4qXQz5fYlvLDb3CBqXk92ksaAGn/QfwO9PNrArdUBxz2b0N/n0VEl EsZdngaG8VaDogt3pwgvy1tG+Tz6SFAXQUpTdCG/gqVKJ0mBThxqsLWQgMAggOO2aYTv jhm6K90Gz+jEz79Ly9bxkt9qpPpV41L8xgqSMF0wMhkc/epXZh6PXmuuJltEEO2C1ptS nKww== X-Forwarded-Encrypted: i=1; AJvYcCVQ+iEbjJzPj6U0psucGJePudCtxqOBV2PHfOU0hWGR1L/UXXCuaCMgZ3hFg3xuMxDwJRnw5srMVK7uC6UnTDop@vger.kernel.org, AJvYcCVRN5wLkBaeQkIEXwYGjDeLsYC9z2xnLCFERpu9LBwAhV2ekKrFKLEOhIVGnnQ+5/0uWA+NLtB4NuRyCTQ=@vger.kernel.org X-Gm-Message-State: AOJu0YzkdVXnfMJFxlWejtYMasUu82vU70FPkQsWCS+m9vaPMEkJU5FD ydNNB98+yk6ITw7mKlnDQ4qw2b/U89p1N0Hwyg1Tl11r+kxgd1zk X-Gm-Gg: ASbGncugUUClQbwjHMR/s07L6ynA/0YsFrMtjvB6HrYriioehCM3ea6xbxr/8EGSKVJ iLYFAWBuyxAKznWfQd3VvffR8lyDov56TyLxzJkizF4p5C62iokTJnqOfRks/zWPc1Vh5mIYza3 qh0c7qGajenQRmk7800w3zbUJv/flzausDkHfboeSgGoQujVsTo40ykGNgBHCBgODRtrbzjzeO7 e3Dxrp6OOWzU3sfZMuXyxG19cWwzOVhgn0OyFiX05q/4XuhVGOnR6bsyc/WubGNXHy4I5/ySL1Q wagxCdGZGMx/J3/T27zpEJK6saJiz/8cxNTPQoq6BqEsOCFfCryU4gvwpRWxHVMW4dFLJomNGac NLk0snK34bAw22jdgwKCbr91beY5t8Kwt X-Google-Smtp-Source: AGHT+IGf3IkwvSSJoKILC1ANmqlMUZbmn5SVVf78+zzm+WJ3NpPA8bAAleXtOAgaw/lW6KLqcZmgsA== X-Received: by 2002:a05:6402:4604:b0:5d0:9054:b119 with SMTP id 4fb4d7f45d1cf-5dcdb762aaamr643520a12.21.1738698594982; Tue, 04 Feb 2025 11:49:54 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-ab6e4a5635bsm964684466b.164.2025.02.04.11.49.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 04 Feb 2025 11:49:54 -0800 (PST) From: Eric Woudstra To: Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH v5 net-next 03/14] netfilter: bridge: Add conntrack double vlan and pppoe Date: Tue, 4 Feb 2025 20:49:10 +0100 Message-ID: <20250204194921.46692-4-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250204194921.46692-1-ericwouds@gmail.com> References: <20250204194921.46692-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org This adds the capability to conntrack 802.1ad, QinQ, PPPoE and PPPoE-in-Q packets that are passing a bridge. Signed-off-by: Eric Woudstra --- net/bridge/netfilter/nf_conntrack_bridge.c | 81 ++++++++++++++++++---- 1 file changed, 69 insertions(+), 12 deletions(-) diff --git a/net/bridge/netfilter/nf_conntrack_bridge.c b/net/bridge/netfilter/nf_conntrack_bridge.c index 816bb0fde718..6411bfb53fad 100644 --- a/net/bridge/netfilter/nf_conntrack_bridge.c +++ b/net/bridge/netfilter/nf_conntrack_bridge.c @@ -242,53 +242,110 @@ static unsigned int nf_ct_bridge_pre(void *priv, struct sk_buff *skb, { struct nf_hook_state bridge_state = *state; enum ip_conntrack_info ctinfo; + int ret, offset = 0; struct nf_conn *ct; - u32 len; - int ret; + __be16 outer_proto; + u32 len, data_len; ct = nf_ct_get(skb, &ctinfo); if ((ct && !nf_ct_is_template(ct)) || ctinfo == IP_CT_UNTRACKED) return NF_ACCEPT; + switch (skb->protocol) { + case htons(ETH_P_PPP_SES): { + struct ppp_hdr { + struct pppoe_hdr hdr; + __be16 proto; + } *ph = (struct ppp_hdr *)(skb->data); + + offset = PPPOE_SES_HLEN; + if (!pskb_may_pull(skb, offset)) + return NF_ACCEPT; + outer_proto = skb->protocol; + switch (ph->proto) { + case htons(PPP_IP): + skb->protocol = htons(ETH_P_IP); + break; + case htons(PPP_IPV6): + skb->protocol = htons(ETH_P_IPV6); + break; + default: + nf_ct_set(skb, NULL, IP_CT_UNTRACKED); + return NF_ACCEPT; + } + data_len = ntohs(ph->hdr.length) - 2; + skb_pull_rcsum(skb, offset); + skb_reset_network_header(skb); + break; + } + case htons(ETH_P_8021Q): { + struct vlan_hdr *vhdr = (struct vlan_hdr *)(skb->data); + + offset = VLAN_HLEN; + if (!pskb_may_pull(skb, offset)) + return NF_ACCEPT; + outer_proto = skb->protocol; + skb->protocol = vhdr->h_vlan_encapsulated_proto; + data_len = U32_MAX; + skb_pull_rcsum(skb, offset); + skb_reset_network_header(skb); + break; + } + default: + data_len = U32_MAX; + break; + } + + ret = NF_ACCEPT; switch (skb->protocol) { case htons(ETH_P_IP): if (!pskb_may_pull(skb, sizeof(struct iphdr))) - return NF_ACCEPT; + goto do_not_track; len = skb_ip_totlen(skb); + if (data_len < len) + len = data_len; if (pskb_trim_rcsum(skb, len)) - return NF_ACCEPT; + goto do_not_track; if (nf_ct_br_ip_check(skb)) - return NF_ACCEPT; + goto do_not_track; bridge_state.pf = NFPROTO_IPV4; ret = nf_ct_br_defrag4(skb, &bridge_state); break; case htons(ETH_P_IPV6): if (!pskb_may_pull(skb, sizeof(struct ipv6hdr))) - return NF_ACCEPT; + goto do_not_track; len = sizeof(struct ipv6hdr) + ntohs(ipv6_hdr(skb)->payload_len); + if (data_len < len) + len = data_len; if (pskb_trim_rcsum(skb, len)) - return NF_ACCEPT; + goto do_not_track; if (nf_ct_br_ipv6_check(skb)) - return NF_ACCEPT; + goto do_not_track; bridge_state.pf = NFPROTO_IPV6; ret = nf_ct_br_defrag6(skb, &bridge_state); break; default: nf_ct_set(skb, NULL, IP_CT_UNTRACKED); - return NF_ACCEPT; + goto do_not_track; } - if (ret != NF_ACCEPT) - return ret; + if (ret == NF_ACCEPT) + ret = nf_conntrack_in(skb, &bridge_state); - return nf_conntrack_in(skb, &bridge_state); +do_not_track: + if (offset) { + skb_push_rcsum(skb, offset); + skb_reset_network_header(skb); + skb->protocol = outer_proto; + } + return ret; } static unsigned int nf_ct_bridge_in(void *priv, struct sk_buff *skb, From patchwork Tue Feb 4 19:49:11 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13959726 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-ej1-f50.google.com (mail-ej1-f50.google.com [209.85.218.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3609621A436; Tue, 4 Feb 2025 19:49:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.50 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738698600; cv=none; b=szQ5i+hq6g1De6nFI0oWf1HbvZ87F3iSkNSxJ7aymL2sN+qSHYkO1VfVtevMdudJPesMvs5jz/N8z2LxCrpvkYY46HxXbVXk52zkm3kuxtjU4cOpspXT5KoFdMiTrnoIqTvU0yU0PrOrrIAtrFlX8cfmnJmK0UsVsq5S/UiVw78= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738698600; c=relaxed/simple; bh=jB4CLuNpjbTGQnMeQ4Tsv0ptAlvhyNfXsNUxXknTJVM=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ubJv03kOf3dps8X2WpBs/lNYTHuN/2CrFLQaCpnuioEAU6DeTP/kKwaP0ptQw/I0grnrq8vGSsUkKIjbAnyjVBNnHD77H7xxoXj+z+Walca/1VcQhsNIIHL/2Pd0/cTRJ0T/b/7ijuRQCashn6px8ABzhd52XX5f4OEVn7rzpDI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=Fp+pq4bx; arc=none smtp.client-ip=209.85.218.50 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="Fp+pq4bx" Received: by mail-ej1-f50.google.com with SMTP id a640c23a62f3a-aaeec07b705so1010160866b.2; Tue, 04 Feb 2025 11:49:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1738698596; x=1739303396; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=kkGaA4c7zu7TuRSY1s83dH0+lqC3nn6Z4nZphc3xrDs=; b=Fp+pq4bxXHsPjusnrfmdJdVEbPhPtyB3gOxsXbLpj9ZsX6K3YVldiBdMzwLKJqtP8i Qrb8eYQ+nZ6mAY1berIvRPgtOJyT27fzs0Iy7Tp7Gc+tAe5mSrfkOKHYGERQmkzIEbML KDKMlB67tpJqYBZJ0jL9D7rOvhQM72Q6jk6J/mleH6pbnYGGa6F1aKchVR7ix7ZB/Nfz KYc6aC9nXRxYEFerlaWpHylzQ/qehL1UMWkj7f8qc7GzhHqWBlFmNej0+weFOfUP6d9t Mmi+thopkQT5xyWyN1YAp8Gupt66ovZyHMt2ZiBtFGwq5tuVR/26DdBKsoDYmrSugnpA LUiA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1738698596; x=1739303396; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=kkGaA4c7zu7TuRSY1s83dH0+lqC3nn6Z4nZphc3xrDs=; b=tF63METhZtzqNZSq858Qie431Ev6fwgOxCEob0CN2D7sSV0AilQWH87uMs6uk3XVXN CMx1aPaxlzPzUgLUX5A5CHBEBOwg8kOuYZGpFUPY8jzxPlWvCJQfaW0Scg38rAteiV/u kv6IKYuZTKxSpv0X3v1rePbocZCvQM4QHHFakwOEjwjio9mIhXhoBeQMT4e+O0ulJKz5 ZNvJENNEnmIu0zKUnm/bfjyxJOn3IQSLel5Jm86icCE6tjIbDn8hZiJKfN3rmwX/o0SQ TtkOq4Aqj3bxdosa8iHpIID1vZhXHbHOhFfzBgEYkj00v1bQ6e+hyBN+ZPGsBxYFgz1m 8X1w== X-Forwarded-Encrypted: i=1; AJvYcCW/dZSU+G688+hmiLgiAr+bx0Q9owW0BpRO+62g7SkHzlxELPQa8pv9AY6AUIjBSzZeah3Yu5OTUvli+Ek=@vger.kernel.org, AJvYcCWEOxZoRFjM7K8x0eRiBfivu2bQlT1YwlUoqYa0YhGvMiYdybvoWw1kvNngi1EMggEGKWW0ILb/95FbpduFvj4s@vger.kernel.org X-Gm-Message-State: AOJu0YwRJ4h4q5fnVuOKfh/uX8O0gewMuVHVgHgABItPHvLGDhrcZUZW tp2rZzn+gUaoC58uqz7Vtq6n0nvlEIEhwyjXizWnIWcQZwzHWxUY X-Gm-Gg: ASbGncumppoOkUjKKD0kS43JOHfXbwLHgwGZSafMRh9Tn8LwAgb2WvjeV1x8M2A+FHq DaJE3artKRA4Sy3g/j1uU8O0uVcU/M8lA5FV7bjd2Vei+OAoYzB9i10Y5HaQtRZUucVs9YCwPCU ClxU114PmLaklNO64WMkeVOOznuTmiEzwPajStXKefyYkGmUi7oAJHmIc/2EkMClsa4Ji+oIVYh cKCyubbNGOeCt3vftgOejk5eronUGNBElDuI0zLn87PNf3BPv5OiHI9SKAKQ4QpqhFvuZAOWQNq W8Tpr4ukrOzo8fK1Po8t87WC7ZxvANS615P/r8kGlC2ftXY26/qDfTKMicYLc/UOqNnJx6FFHl7 kVKljNqz5/nJnWVGzLQEMgtWY7k2gScKo X-Google-Smtp-Source: AGHT+IGs4CC5gM167ZayoImsZp06NKQRfeGwh8m9DaNw+WB4zUAYvUsoKlU1KSkyxVdKrRT1PS7NMw== X-Received: by 2002:a17:907:944c:b0:aa6:7220:f12f with SMTP id a640c23a62f3a-ab6cfce5fdfmr2766061766b.18.1738698596201; Tue, 04 Feb 2025 11:49:56 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-ab6e4a5635bsm964684466b.164.2025.02.04.11.49.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 04 Feb 2025 11:49:55 -0800 (PST) From: Eric Woudstra To: Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH v5 net-next 04/14] netfilter: nft_chain_filter: Add bridge double vlan and pppoe Date: Tue, 4 Feb 2025 20:49:11 +0100 Message-ID: <20250204194921.46692-5-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250204194921.46692-1-ericwouds@gmail.com> References: <20250204194921.46692-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org This adds the capability to evaluate 802.1ad, QinQ, PPPoE and PPPoE-in-Q packets in the bridge filter chain. Signed-off-by: Eric Woudstra --- net/netfilter/nft_chain_filter.c | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/net/netfilter/nft_chain_filter.c b/net/netfilter/nft_chain_filter.c index 19a553550c76..7c7080c1a67d 100644 --- a/net/netfilter/nft_chain_filter.c +++ b/net/netfilter/nft_chain_filter.c @@ -232,11 +232,27 @@ nft_do_chain_bridge(void *priv, struct sk_buff *skb, const struct nf_hook_state *state) { + struct ethhdr *ethh = eth_hdr(skb); struct nft_pktinfo pkt; + int thoff; nft_set_pktinfo(&pkt, skb, state); - switch (eth_hdr(skb)->h_proto) { + switch (ethh->h_proto) { + case htons(ETH_P_PPP_SES): + thoff = PPPOE_SES_HLEN; + ethh += thoff; + break; + case htons(ETH_P_8021Q): + thoff = VLAN_HLEN; + ethh += thoff; + break; + default: + thoff = 0; + break; + } + + switch (ethh->h_proto) { case htons(ETH_P_IP): nft_set_pktinfo_ipv4_validate(&pkt); break; @@ -248,6 +264,8 @@ nft_do_chain_bridge(void *priv, break; } + pkt.thoff += thoff; + return nft_do_chain(&pkt, priv); } From patchwork Tue Feb 4 19:49:12 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13959727 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-ed1-f45.google.com (mail-ed1-f45.google.com [209.85.208.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6C36C21ADB9; Tue, 4 Feb 2025 19:49:59 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.45 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738698601; cv=none; b=Jw/hd1o0a7PwW+tKLEoRu1k7vuO+y0/24XLZKcN1inv9HW0jY/i22MZ6TkkJVamF/qR4c42fJccWYtjw1897PWXJzdVXLma7+29V9l0WYPuopOTI7y4RQWmwW05gtLkzfSopDzygurqf9lkuh9WgWM6UcdnUsZ+opbUe+1hVC5A= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738698601; c=relaxed/simple; bh=7hjVfCkns+vqQFnGF8Q7jWozdhbMtX7RB8eHdAqvruU=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=YOb+wA1o51lEOi8ATRUEV1yJ8Epned6qad/IPD6apeF2f6dKpHPvHsK3RSEjJtwRI3B5AqQ6FYLlouEM3lphnUD+wT10F0MGIQgLEUsRKmc1dHSn55DTfuWNVLI4+i62K4f+9sckn3Q3qWDPjhRQzArtGDzFiydXb/biGrM2c9k= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=XrN15Fe7; arc=none smtp.client-ip=209.85.208.45 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="XrN15Fe7" Received: by mail-ed1-f45.google.com with SMTP id 4fb4d7f45d1cf-5dcdb56c9d3so164728a12.0; Tue, 04 Feb 2025 11:49:59 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1738698598; x=1739303398; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=nsPCevqpueBx6GSFI4rD1h7XgDDvXf62bnEByGQFocw=; b=XrN15Fe75cGf6RaTyO+9GoRkdSz2HqqzZ/3DGfYBb+G2y/pnye/J6RKf8QhkI5DpZD zj2Q/lwXvQ2UAqHAaQsl59bc4fubcZsgTK5BTIyCSWEdJL2BOcIil8N/0P20JPmzzROU eVpQTAFTTPCYvBFyi2viahuw8nc6s0z4GX6jM/FR2nfrg5Hf8LPwJ8Jm7cvvhV6szmUE DLhuKMeXU7K6kYKjbPSESvTuVCMlKFVXN96W4yML4kWwKt+HvllnbT5+MXqZFbdib5uv donrNvYjJdTcNcVN3vAlp46cx4mKpMQ20L4dNacnfTJKiuCJp3i3peR60Zk1mHFD5J4s NG7A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1738698598; x=1739303398; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=nsPCevqpueBx6GSFI4rD1h7XgDDvXf62bnEByGQFocw=; b=P7T2NyeXLpbIGuCSa/imfTwKXjQmERxqJnZFF+4u0rJPGDDP1qeyy6wh31ig9TG8wc EFiP9PozW2Ozkh95aJciAxjaIeRnjlvFK28dyljRq0BIcA5/TbwPUdI7FhhOHxRqjZuZ brkl+UW7xKkay+o47jrD4r6YOEvT+ShcgE1Wl4fleZkx1NC7RSNMl3xcGOQMBlu8Y5qs wkNVS00MxWyMpWFF1RsZVNAb+9ztWmB9FFKIpSdSZRu++prOMbz8+Kiujm8Zfzjn4bak jmTZ5jKBxjHXXsXkOibL0UgKDQ4oz46FzbIKx5fnqbSLduJ7vGKgnWp9PVYw2sgJU0bo IkGQ== X-Forwarded-Encrypted: i=1; AJvYcCUQ+y70DxCQFJxRyQ9FmAay4VA8ift3IQUdQRCqTOLPim4caYd/HWZ7FaKNssIVHqVBlQYlfyLj8VzA+ec=@vger.kernel.org, AJvYcCX4oKqEiPDILu0vG0oE0MMervFEQcw+4crkc3uNVi+N3NImuvChSzMPL3G3LtDSmd6wYNLgTQiVMKXJeuw2HwgM@vger.kernel.org X-Gm-Message-State: AOJu0Yxns3ZdO9opcDhYlgF4t2CobGNgCXUV6PXvFN4rZunPkHyrRjrH Tn5CfnhunN+yF9Sxkl5jTnuh7ksmxhPRTlr6PtQwiDhj0/KvPqLD X-Gm-Gg: ASbGncuWI4q+trfVWuIWx9/0WC8ONNU0fBlvNOPmeCVHdJhw1x+ULuEKlaDbv0qmFhW 2Nqu0BUbVz8Iq1U4XQKxSRLKqTUAFsRxCX8MBg1mKAKaegC/IGZOMH55NxMB7n73kz+zCITy9gK 4DmzsDKEqAidUDlyEm8Pg3FAz3uko01M26jGV++SrIWlJFBKaW+DiKATmqRa133v+3foKqppyTE nH5znZTsOAsSnWWYxN1C+SF2DxEWAb/QLlBjeRL1z5NZx4qztilmAbMEtpWo29g3dNSOOPS4q1K mjXjgJvNmNxTV+hbD+wAfyPrEvm2EGAWtjv6xAubf9X85Y+GZq8STZ7LR8IJO3yoX+YLYnTQwsS qpqXX2YSg/oMjYN0zB+/7FPnnUrW0yUeH X-Google-Smtp-Source: AGHT+IGsvAO6yB125nXkOzzJQ5/yZRvVQfJ0zTUKb3SHTgAx94hlT9r32V6YfG08Gq0AwS0+7SB3aw== X-Received: by 2002:a05:6402:42ca:b0:5dc:caab:9447 with SMTP id 4fb4d7f45d1cf-5dcdb7297ffmr798822a12.18.1738698597522; Tue, 04 Feb 2025 11:49:57 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-ab6e4a5635bsm964684466b.164.2025.02.04.11.49.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 04 Feb 2025 11:49:57 -0800 (PST) From: Eric Woudstra To: Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH v5 net-next 05/14] bridge: Add filling forward path from port to port Date: Tue, 4 Feb 2025 20:49:12 +0100 Message-ID: <20250204194921.46692-6-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250204194921.46692-1-ericwouds@gmail.com> References: <20250204194921.46692-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org If a port is passed as argument instead of the master, then: At br_fill_forward_path(): find the master and use it to fill the forward path. At br_vlan_fill_forward_path_pvid(): lookup vlan group from port instead. Signed-off-by: Eric Woudstra --- net/bridge/br_device.c | 19 ++++++++++++++----- net/bridge/br_private.h | 2 ++ net/bridge/br_vlan.c | 6 +++++- 3 files changed, 21 insertions(+), 6 deletions(-) diff --git a/net/bridge/br_device.c b/net/bridge/br_device.c index 0ab4613aa07a..c7646afc8b96 100644 --- a/net/bridge/br_device.c +++ b/net/bridge/br_device.c @@ -383,16 +383,25 @@ static int br_del_slave(struct net_device *dev, struct net_device *slave_dev) static int br_fill_forward_path(struct net_device_path_ctx *ctx, struct net_device_path *path) { + struct net_bridge_port *src, *dst; struct net_bridge_fdb_entry *f; - struct net_bridge_port *dst; struct net_bridge *br; - if (netif_is_bridge_port(ctx->dev)) - return -1; + if (netif_is_bridge_port(ctx->dev)) { + struct net_device *br_dev; + + br_dev = netdev_master_upper_dev_get_rcu((struct net_device *)ctx->dev); + if (!br_dev) + return -1; - br = netdev_priv(ctx->dev); + src = br_port_get_rcu(ctx->dev); + br = netdev_priv(br_dev); + } else { + src = NULL; + br = netdev_priv(ctx->dev); + } - br_vlan_fill_forward_path_pvid(br, ctx, path); + br_vlan_fill_forward_path_pvid(br, src, ctx, path); f = br_fdb_find_rcu(br, ctx->daddr, path->bridge.vlan_id); if (!f) diff --git a/net/bridge/br_private.h b/net/bridge/br_private.h index 1054b8a88edc..a0b950390a16 100644 --- a/net/bridge/br_private.h +++ b/net/bridge/br_private.h @@ -1584,6 +1584,7 @@ bool br_vlan_can_enter_range(const struct net_bridge_vlan *v_curr, const struct net_bridge_vlan *range_end); void br_vlan_fill_forward_path_pvid(struct net_bridge *br, + struct net_bridge_port *p, struct net_device_path_ctx *ctx, struct net_device_path *path); int br_vlan_fill_forward_path_mode(struct net_bridge *br, @@ -1753,6 +1754,7 @@ static inline int nbp_get_num_vlan_infos(struct net_bridge_port *p, } static inline void br_vlan_fill_forward_path_pvid(struct net_bridge *br, + struct net_bridge_port *p, struct net_device_path_ctx *ctx, struct net_device_path *path) { diff --git a/net/bridge/br_vlan.c b/net/bridge/br_vlan.c index d9a69ec9affe..07dae3655c26 100644 --- a/net/bridge/br_vlan.c +++ b/net/bridge/br_vlan.c @@ -1441,6 +1441,7 @@ int br_vlan_get_pvid_rcu(const struct net_device *dev, u16 *p_pvid) EXPORT_SYMBOL_GPL(br_vlan_get_pvid_rcu); void br_vlan_fill_forward_path_pvid(struct net_bridge *br, + struct net_bridge_port *p, struct net_device_path_ctx *ctx, struct net_device_path *path) { @@ -1453,7 +1454,10 @@ void br_vlan_fill_forward_path_pvid(struct net_bridge *br, if (!br_opt_get(br, BROPT_VLAN_ENABLED)) return; - vg = br_vlan_group(br); + if (p) + vg = nbp_vlan_group(p); + else + vg = br_vlan_group(br); if (idx >= 0 && ctx->vlan[idx].proto == br->vlan_proto) { From patchwork Tue Feb 4 19:49:13 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13959728 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-ej1-f54.google.com (mail-ej1-f54.google.com [209.85.218.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A3C5121B8F8; Tue, 4 Feb 2025 19:50:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.54 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738698602; cv=none; b=CmtDmFY+n1vVnpzYgJPfOvOAP0qzM3ffH/aB6NAQ3W6UoAlrVciqoaPp1L1A66EtsW3jO845oafUoT5DYxFfoj0Pxy6MVPvZh6HZ+1GiSZ7UwnPSrryEQfaWk0/IrnXSLmp0bweAzyXRnxSrWErt1U9zpNkfVGTWL2fX2uMQAlU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738698602; c=relaxed/simple; bh=jJ2Iimr6BJxlql197Mio9R5mbZtVtZjj3TNAmttbndo=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=No39b7eYtj2VoxJo8MQQe3BPD4dTcFvwi3wJzWXLZqbV0gS/5q7q97fV3Xah/zqPV5ucf4msitsqLcL0ZAGM6TroFH/ITF1f0EnSr8O7FBxio8+aSj6z6ukSkAwtpnGSQcF39QD+SzQZvlizFIAQuBDSVqST1yQzHu9LwTDjmFg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=CD6YS8aL; arc=none smtp.client-ip=209.85.218.54 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="CD6YS8aL" Received: by mail-ej1-f54.google.com with SMTP id a640c23a62f3a-ab7430e27b2so340558566b.3; Tue, 04 Feb 2025 11:50:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1738698599; x=1739303399; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=CaTNlLcx8N/VOWeG8N/sMwOA19H7daJ4VH5LDcsIDAY=; b=CD6YS8aLU6+CJIWel9tSisuwvcXYuOKAfMp/gVdTnG1PBTp/yKakAMT+hkA5AkHCMZ QmSiq0OGltw4WMaAgb3AofEqAgFjqQbuJrF78csOi3gGN/ZyB5lcAHFL9Zwui27HvGc0 sNmY0DR05C+DJCJjQaRGzyMNvTqKLgZ4m5T3Yfdca/89OdqGDOj1EsMX9KxTwh2ZnZWi R57BMEiZ+KeorlyqmwaWfax0OJf41n7wB+WyFZRBO84UA+B3gi6kLcM+pidn9zhVoNCO L7b7L3SZAwVY092dri0GrFn+NzVMC/NDPkfbceO7ksrVNK7D106ExyeOtKZTQn05hz7g Te3A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1738698599; x=1739303399; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=CaTNlLcx8N/VOWeG8N/sMwOA19H7daJ4VH5LDcsIDAY=; b=lTh+aVgXmiCT7n6/fc7ZdSDJQOebC12ctc/6JTUHD02qfHphJqg9BRJsT8LKRcwUO+ 3yAcvSnHxz+kxpzUXMjKE1/FBHfPmrC1xMIjMIsw+G+0+mMZ4I9FiQP3cOF9LCXkHDUE cYbpP0OQX65UDv3rfCfWyICqrUN6L6ME0XBXFrvC8nMYUGVveQ0Afi8YJPv6ei6j96vw frj+8aY6W3fX1AcozoZZIG904gr1BGenzc/+2DKh/3I8er6fJ85y47MjhfhzjYI9wXTA u8rntDWWaXejEasGV0GTbr6KqN5nW9ZVKgs3WuQNPJUx18aLkkWG6yopN9kltM2SAI28 Jfkw== X-Forwarded-Encrypted: i=1; AJvYcCU3ZlyrLMOSzKQakBLOSDDrJkPKJAFahuvVGBVjdtQLuSJ99Y6DGORUfa8ifmmugXuqQg1gKhSV+fzYzLE=@vger.kernel.org, AJvYcCVYsUi0jJvKjvPoHpDziXb+ITPm3r+gX3VpfC6WrJQadK8N8c89fvuRIS60bajGgl7ZICVkY4fWT6LDHyVlJX10@vger.kernel.org X-Gm-Message-State: AOJu0Yx7IVvsLC8VPa0s9Zk/kNkqqn/6oZ5Leii6z34ocC6t9QHkA768 pA7PoLPXlGNQMG9ESvYCovq2JZN20/xZU9vEIJs4QpJniaq3c4dt X-Gm-Gg: ASbGncvAFnwFzy+118e/Fc6ZZ9d2eMmE57k+JHujvtJAdNDm5Jg3P+vP0Q8GHcbkpzf 0wfoTB3aDgvOn6K+xSVpCViWY+GaPZbXWuP/xhRd8UorifNRveBfSYAp9jb3XcXzk1NsSecrvOI nXbJf1Y18/xpqFHgjGG61XfCIRGo1LG9HkesF0l0dmwf+3iPR53jSTb0PJXqb+Ne51nbgdSdMY/ zugaYsexVOD/CM18oOpf347r1AD7M4fzQLQ3LCPWtxVHQXOD+0eAZ3ai8CxB58HDmlqvueZoiD8 pk2gnbmSANzZLajPpLaRrNU9Ot1VC5Dj+KAinYkCdfeXJpl/7YG8J+HhTscGwRvJ1h+473A5b1t /blEeS5iDzV0OX3s3bgQ2Zpu+bcTmETCN X-Google-Smtp-Source: AGHT+IEn1JUbmSDDmV4FTAJZUTLPh7UPgcV8aDhV23EvUqrbyMWgBZiKGFEz4RZTiOX9pR12aKTGfQ== X-Received: by 2002:a17:907:3f8f:b0:ab6:61cb:ced2 with SMTP id a640c23a62f3a-ab6cfcc6f27mr3006053266b.9.1738698598722; Tue, 04 Feb 2025 11:49:58 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-ab6e4a5635bsm964684466b.164.2025.02.04.11.49.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 04 Feb 2025 11:49:58 -0800 (PST) From: Eric Woudstra To: Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH v5 net-next 06/14] net: core: dev: Add dev_fill_bridge_path() Date: Tue, 4 Feb 2025 20:49:13 +0100 Message-ID: <20250204194921.46692-7-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250204194921.46692-1-ericwouds@gmail.com> References: <20250204194921.46692-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org New function dev_fill_bridge_path(), similar to dev_fill_forward_path(). It handles starting from a bridge port instead of the bridge master. The structures ctx and nft_forward_info need to be already filled in with the (vlan) encaps. Signed-off-by: Eric Woudstra --- include/linux/netdevice.h | 2 ++ net/core/dev.c | 66 +++++++++++++++++++++++++++++++-------- 2 files changed, 55 insertions(+), 13 deletions(-) diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h index 2a59034a5fa2..872235e30629 100644 --- a/include/linux/netdevice.h +++ b/include/linux/netdevice.h @@ -3280,6 +3280,8 @@ void dev_remove_offload(struct packet_offload *po); int dev_get_iflink(const struct net_device *dev); int dev_fill_metadata_dst(struct net_device *dev, struct sk_buff *skb); +int dev_fill_bridge_path(struct net_device_path_ctx *ctx, + struct net_device_path_stack *stack); int dev_fill_forward_path(const struct net_device *dev, const u8 *daddr, struct net_device_path_stack *stack); struct net_device *__dev_get_by_flags(struct net *net, unsigned short flags, diff --git a/net/core/dev.c b/net/core/dev.c index c0021cbd28fc..179f738f80d2 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -713,44 +713,84 @@ static struct net_device_path *dev_fwd_path(struct net_device_path_stack *stack) return &stack->path[k]; } -int dev_fill_forward_path(const struct net_device *dev, const u8 *daddr, - struct net_device_path_stack *stack) +static int dev_fill_forward_path_common(struct net_device_path_ctx *ctx, + struct net_device_path_stack *stack) { const struct net_device *last_dev; - struct net_device_path_ctx ctx = { - .dev = dev, - }; struct net_device_path *path; int ret = 0; - memcpy(ctx.daddr, daddr, sizeof(ctx.daddr)); - stack->num_paths = 0; - while (ctx.dev && ctx.dev->netdev_ops->ndo_fill_forward_path) { - last_dev = ctx.dev; + while (ctx->dev && ctx->dev->netdev_ops->ndo_fill_forward_path) { + last_dev = ctx->dev; path = dev_fwd_path(stack); if (!path) return -1; memset(path, 0, sizeof(struct net_device_path)); - ret = ctx.dev->netdev_ops->ndo_fill_forward_path(&ctx, path); + ret = ctx->dev->netdev_ops->ndo_fill_forward_path(ctx, path); if (ret < 0) return -1; - if (WARN_ON_ONCE(last_dev == ctx.dev)) + if (WARN_ON_ONCE(last_dev == ctx->dev)) return -1; } - if (!ctx.dev) + if (!ctx->dev) return ret; path = dev_fwd_path(stack); if (!path) return -1; path->type = DEV_PATH_ETHERNET; - path->dev = ctx.dev; + path->dev = ctx->dev; return ret; } + +int dev_fill_bridge_path(struct net_device_path_ctx *ctx, + struct net_device_path_stack *stack) +{ + const struct net_device *last_dev, *br_dev; + struct net_device_path *path; + + stack->num_paths = 0; + + if (!ctx->dev || !netif_is_bridge_port(ctx->dev)) + return -1; + + br_dev = netdev_master_upper_dev_get_rcu((struct net_device *)ctx->dev); + if (!br_dev || !br_dev->netdev_ops->ndo_fill_forward_path) + return -1; + + last_dev = ctx->dev; + path = dev_fwd_path(stack); + if (!path) + return -1; + + memset(path, 0, sizeof(struct net_device_path)); + if (br_dev->netdev_ops->ndo_fill_forward_path(ctx, path) < 0) + return -1; + + if (!ctx->dev || WARN_ON_ONCE(last_dev == ctx->dev)) + return -1; + + return dev_fill_forward_path_common(ctx, stack); +} +EXPORT_SYMBOL_GPL(dev_fill_bridge_path); + +int dev_fill_forward_path(const struct net_device *dev, const u8 *daddr, + struct net_device_path_stack *stack) +{ + struct net_device_path_ctx ctx = { + .dev = dev, + }; + + memcpy(ctx.daddr, daddr, sizeof(ctx.daddr)); + + stack->num_paths = 0; + + return dev_fill_forward_path_common(&ctx, stack); +} EXPORT_SYMBOL_GPL(dev_fill_forward_path); /* must be called under rcu_read_lock(), as we dont take a reference */ From patchwork Tue Feb 4 19:49:14 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13959729 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-ej1-f53.google.com (mail-ej1-f53.google.com [209.85.218.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DC04521C18C; Tue, 4 Feb 2025 19:50:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.53 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738698603; cv=none; b=bBfhDFr56RddUmdavRgNm+g3blSDPqCKieFA9qAngduBPChLFQys9pBxmVosyFsFgRj3Uast5tI0grfH/lSLaIw9XXhBfM+3+hva0XsvuStlElXAuZL2tNEAuP/uWMzfIl3XrD4b0xM3bgtLKsDreMGUCnO72RUK76QqamsNOAM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738698603; c=relaxed/simple; bh=o5uKTl7le41zF9aDebFQ5O7fq0HuDrigyuv2o5ox/jo=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=crVL9NZwKeTHT+g0jQMtRcUpOHhMx2c5SuCeYdbBnb7bbBh11g8gwBXgRo9kmtUlFnVInOhRxwHEB34YtDlz7xEeFz/quRVPeJksn0FEC54/sLvgOpV2c4XGB0jCI9PdSJfOOs3GhvCTTeDFy+y4gDwMvzNiIJtAeIYNT3f9hpU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=DwIzHFrs; arc=none smtp.client-ip=209.85.218.53 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="DwIzHFrs" Received: by mail-ej1-f53.google.com with SMTP id a640c23a62f3a-aafc9d75f8bso1195056166b.2; Tue, 04 Feb 2025 11:50:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1738698600; x=1739303400; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=8xE+ROyc/mcQ2fBT7crVscR/jU0rSEqZAJgDthtdCdc=; b=DwIzHFrsguT0XdoB8Rc+3eWY7IzqaacemW4Jk0cEPLnEQ0pWMfpXgT0AaQOOXR5X0w lJgFMe3qJwwTUvx/GeRpLontw5Sq/eemkbFizZq2DIJmfmp68VFLyYow/i3B35VzEiUx 75u+34S+/KDUakgPSpNtb+ElSFViokpd9yTEeZXrxnnrdT+zAHhunUkME+zIm6T739nZ o72HiTc+iTZ3BH/YxWJnMdyl/ts2NUOLcuTHlhNMEzGx1OrPo91B/aykdD9Pgi6WcyGo uuBcmntLtAF5rJeojktKMcwsB6WL0O8QZpKDIW8/mM79f/M1ub9BpGS5pp3ANaH4ZmuW JEig== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1738698600; x=1739303400; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=8xE+ROyc/mcQ2fBT7crVscR/jU0rSEqZAJgDthtdCdc=; b=s1MkU2BK1l+ZmUEgKgzsbwrTUjirgng2lUJxEOyR97tsXGLlfOipqK6z3/tozEpFpZ pBh3iV1xuAMRloqWNrU70iILae7odJmUC42YNvacAf7mtHl4HsO9UbqlHPTGywBrBJZ3 fIL8HI+KyHLAkL54cQT34Oi8wEjTsyN/Y0L3T0Q/Y2WFwxkTG5aTkTcXrfUvQzq1kk7k 1x0qlfxLWhuj+C0+BgRx9ZS5Dzcl/RYSUk2OyrpPIV0e+i5iqQ0JzGpNl9LK3LpagY/g hVtQir9O4yDLSQdLIO2mgy2MS2s7V5MsKlvDPg7cq62JGtBOK+jn4PiPPKIj06PGESvI C0Xg== X-Forwarded-Encrypted: i=1; AJvYcCUbghfPBmj5DyUu9uOtrtzQyQmiIOONd3/1OU16bojqANh5gXep3AIlKg73DJEQdy/MhmI3iu0/XwWRhgfDGuvU@vger.kernel.org, AJvYcCUozsNaYg+ytc/ni8KNzWWf+5pqO8pYU6c81wPy2gQqIwoIubjqOI2EqbLlj6h6E61c0fUbxzcRF4oFkU4=@vger.kernel.org X-Gm-Message-State: AOJu0Yzu1ag6uZaXXSZTxAYF47ZD38f+khTUDHz11reunJrLHHA25Eyj xcsnf7b4BHjeIlzWsYcoaWm/QDN9r8wWikZpzlM/D+OotuLQGwM+ X-Gm-Gg: ASbGnctdx8WKmIfZA1l+ykoz3Wpk/loyc/fUW4CbSw999A0kzX3aGvJXPP1BKV4UqXn 9fRFM7KD98t4lUWJ+fz9jqnWObd1iNW5FqrYcSyNA1ckJhTrET5L7jOMFcTkvP5HJpTX4BfGxge n/soXvQXIM3HAPr0m2YDDSgFldUudyO7Dl2gjN1HTk4bx1TmBysA8YCDM+kH9e+KdCyC3urYjWV pOT+5X7iPX0eR+VYYRBghccrsyOEAgymC7Aa+1Tpe323pp19Q1vw6R6bfXFrzhxjzba3bbrmwQp 60VQMjOZM9syXPauJXviHJjAwfRd7OkpgYfK6ELXNAvb1S80Z2nadSE6gz4nhSYlEh9GFgQkAsz v71OV8gNyzQdQ4cGLsTHA2w+t83bMM4sZ X-Google-Smtp-Source: AGHT+IGHC1MVQan6DyAcHVPJFsYpMQ/lz7RSHxdEh7BdqhTUwrDVwvLIusKNv2NoZZcDS32oCD5V0A== X-Received: by 2002:a17:907:3d8d:b0:aa6:9503:aa73 with SMTP id a640c23a62f3a-ab6cfdc5f5cmr3418392666b.51.1738698599948; Tue, 04 Feb 2025 11:49:59 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-ab6e4a5635bsm964684466b.164.2025.02.04.11.49.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 04 Feb 2025 11:49:59 -0800 (PST) From: Eric Woudstra To: Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH v5 net-next 07/14] netfilter :nf_flow_table_offload: Add nf_flow_rule_bridge() Date: Tue, 4 Feb 2025 20:49:14 +0100 Message-ID: <20250204194921.46692-8-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250204194921.46692-1-ericwouds@gmail.com> References: <20250204194921.46692-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org Add nf_flow_rule_bridge(). It only calls the common rule and adds the redirect. Signed-off-by: Eric Woudstra --- include/net/netfilter/nf_flow_table.h | 3 +++ net/netfilter/nf_flow_table_offload.c | 13 +++++++++++++ 2 files changed, 16 insertions(+) diff --git a/include/net/netfilter/nf_flow_table.h b/include/net/netfilter/nf_flow_table.h index 4ab32fb61865..a7f5d6166088 100644 --- a/include/net/netfilter/nf_flow_table.h +++ b/include/net/netfilter/nf_flow_table.h @@ -340,6 +340,9 @@ void nf_flow_table_offload_flush_cleanup(struct nf_flowtable *flowtable); int nf_flow_table_offload_setup(struct nf_flowtable *flowtable, struct net_device *dev, enum flow_block_command cmd); +int nf_flow_rule_bridge(struct net *net, struct flow_offload *flow, + enum flow_offload_tuple_dir dir, + struct nf_flow_rule *flow_rule); int nf_flow_rule_route_ipv4(struct net *net, struct flow_offload *flow, enum flow_offload_tuple_dir dir, struct nf_flow_rule *flow_rule); diff --git a/net/netfilter/nf_flow_table_offload.c b/net/netfilter/nf_flow_table_offload.c index d8f7bfd60ac6..3cc30ebfa6ff 100644 --- a/net/netfilter/nf_flow_table_offload.c +++ b/net/netfilter/nf_flow_table_offload.c @@ -679,6 +679,19 @@ nf_flow_rule_route_common(struct net *net, const struct flow_offload *flow, return 0; } +int nf_flow_rule_bridge(struct net *net, struct flow_offload *flow, + enum flow_offload_tuple_dir dir, + struct nf_flow_rule *flow_rule) +{ + if (nf_flow_rule_route_common(net, flow, dir, flow_rule) < 0) + return -1; + + flow_offload_redirect(net, flow, dir, flow_rule); + + return 0; +} +EXPORT_SYMBOL_GPL(nf_flow_rule_bridge); + int nf_flow_rule_route_ipv4(struct net *net, struct flow_offload *flow, enum flow_offload_tuple_dir dir, struct nf_flow_rule *flow_rule) From patchwork Tue Feb 4 19:49:15 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13959730 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-ej1-f46.google.com (mail-ej1-f46.google.com [209.85.218.46]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D841B21C9F8; Tue, 4 Feb 2025 19:50:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.46 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738698605; cv=none; b=BoCCwi4t+/BqvDGIBBcwjT9jp1csMdUNhuIcD0jbbv/nyu8LNiywsGJMeQFeyoQ9N+8x77w3UJ4yLCSjqZLglvRn4oK3dwx30I6qFDpI0abrxqX1Nz8L7IVfpSvRaAg6cb76D1BRkbaAdfZqo5VwCqp4DJrBw0TZXK7pIPgaXXI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738698605; c=relaxed/simple; bh=Xmg/u/sY6eLFrKn3iN8YG2bBcM9CQwqTudcQRkmzqU4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Qs4cugfb/IfVt4YuVGi41WBdhAbRGMXxW2Y97z7DHN2I6uS6Dc2jnesBHTPfNRBUny0sZIF4muCYDop7aefGbhyQNSsgDfrFoP1KipDlss2A0xo5Ejol09aCoKgKVAXIORtb+3KpTSUqImGfSl9hnEaCacrpeysgsmx7rzxnjIc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=a0P0aXWi; arc=none smtp.client-ip=209.85.218.46 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="a0P0aXWi" Received: by mail-ej1-f46.google.com with SMTP id a640c23a62f3a-ab74ecfdae4so142928766b.2; Tue, 04 Feb 2025 11:50:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1738698601; x=1739303401; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=pk+qY6px5gG3FxqwFvW1Op3xt7LAoxtK3/4BHj1Cflg=; b=a0P0aXWi46cnXHXjWr4XhG9fgJV1F/GvpR0OFIkh8HvGGLdN1gtoGH4XXF1/hv3ujO vewv9prDXE9EQfwG4FOz2MNMMeR1jwqlq5lzZiAe9iwNGBXEl3A08Ha64rbOfHkYsAiq 1QfQvKpWuKkzka4fltVVo0ApvKgDwIyIB/4bJd18RZD92ok2/4shEBcEDjiWxyr7IfCO 8La254MHx4bTcjr6yn7YiUfJ3Es54FZLiyNJbZco9YG22+pVgauHHU1YL/CGlzkFAaKO 0IDzCeLKCTL3J1pKuDFXxuaGhMCiDL/upo3fyEkl0eoEE9bpdZwIpSGjrasz3vZZImwp ARnA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1738698601; x=1739303401; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=pk+qY6px5gG3FxqwFvW1Op3xt7LAoxtK3/4BHj1Cflg=; b=eYbZXfgAciHSovJQstlOvhdrmXvELiV1+RiRadS0W8woIZtUM+bZ06TfuMSZEhY8au h3qUnpI8FxU0sBvSedQ9CSD4Lp4vOIsDMrtLRqknIJtSDNarN94g1CL2WbogSo+ICBnP rk6FTOXIRG3z6uLfmJKuEo2Nu+EuOc0rbWMYHhfaO6gfTT1nOGkP0wiQMRerbByzZolH ZDhWkD7HMnMpa/SfRPa13DVQA47g+/Arif4kWmM58HVLeV6i1+INNgpLe6Y4odpuTU5Z aHGpjbLz1fR63uJVLRbmhWdW3NhjttztfaIFwpaqOae9fH7DVT3s4tAEIjd+hf8Spxrz /s1w== X-Forwarded-Encrypted: i=1; AJvYcCVs7V3FB8xas2M3yd1miMOuHh8mniloHFEclnUZ/l2WVg80pIur/DoJsD0/4q1WQXg7qoP2nRzP1AHKvug=@vger.kernel.org, AJvYcCWwnxqVZ+LvufqVMBJn7MEpA1h9H0eQ4meKz+esUJLlHfu82/6ELWbq+IfvSmQ8rjXbx+AAPOSg+J6SunqALscL@vger.kernel.org X-Gm-Message-State: AOJu0Yz8aUHWAZSx9RbgTx1lV0oZhNdVgFopYbnIvoXsXtatWtLiNefa Q9AQ6/Ry4WtgfvmC9LLYxXBZGWHa8UTuDKOoNWHFa7nYnR2bbHo7 X-Gm-Gg: ASbGncsZg6Xlc/0rsa9BH+Y4nlbt0lc+MCUEw67KvTUKgC+s2oNfBUIP6WyVRFAc/+z a1HzUHDOKZJhJ3ozJR4WAD2JhSaTLiC8ncDuQpFu5V44wZA7+KTSH4NTdTHyf31jJEhuajqAf3r RPIpLgxwK2uQi0PFHO2Su5MXfS3+4S+XHSE0vWGY8z4ygCfKdFooVHyWaGTtplauUbh8riU8Ikw DOCU8MqtBi5uChSXf17aL/O5VUhh97MleoMwaCp6tr5VeXgPcrRuMdyOZsbJRG12sIoEkzLx3jO oWPk708Y2IsFrPIdd/CpmI7wZ/qMHEaGrs5lSUjc7HgXEc5oUnEDuvtlCIzX3VDw4+xL74YH7MZ Qw52jkRLPhB3YnQ42Dfrlycp8u6JW+/N5 X-Google-Smtp-Source: AGHT+IEajcS3ZyEn4iy3BF71r5OWuaA3wC0VPy1tuH9m7gdyTO3QjqxLaSnyY8eDmuFb6ii+jRnHzw== X-Received: by 2002:a17:907:3f11:b0:ab2:d721:ed92 with SMTP id a640c23a62f3a-ab6cfdbe5a4mr2881889066b.45.1738698601046; Tue, 04 Feb 2025 11:50:01 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-ab6e4a5635bsm964684466b.164.2025.02.04.11.50.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 04 Feb 2025 11:50:00 -0800 (PST) From: Eric Woudstra To: Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH v5 net-next 08/14] netfilter: nf_flow_table_inet: Add nf_flowtable_type flowtable_bridge Date: Tue, 4 Feb 2025 20:49:15 +0100 Message-ID: <20250204194921.46692-9-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250204194921.46692-1-ericwouds@gmail.com> References: <20250204194921.46692-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org This will allow a flowtable to be added to the nft bridge family. Signed-off-by: Eric Woudstra --- net/netfilter/nf_flow_table_inet.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/net/netfilter/nf_flow_table_inet.c b/net/netfilter/nf_flow_table_inet.c index b0f199171932..80b238196f29 100644 --- a/net/netfilter/nf_flow_table_inet.c +++ b/net/netfilter/nf_flow_table_inet.c @@ -65,6 +65,16 @@ static int nf_flow_rule_route_inet(struct net *net, return err; } +static struct nf_flowtable_type flowtable_bridge = { + .family = NFPROTO_BRIDGE, + .init = nf_flow_table_init, + .setup = nf_flow_table_offload_setup, + .action = nf_flow_rule_bridge, + .free = nf_flow_table_free, + .hook = nf_flow_offload_inet_hook, + .owner = THIS_MODULE, +}; + static struct nf_flowtable_type flowtable_inet = { .family = NFPROTO_INET, .init = nf_flow_table_init, @@ -97,6 +107,7 @@ static struct nf_flowtable_type flowtable_ipv6 = { static int __init nf_flow_inet_module_init(void) { + nft_register_flowtable_type(&flowtable_bridge); nft_register_flowtable_type(&flowtable_ipv4); nft_register_flowtable_type(&flowtable_ipv6); nft_register_flowtable_type(&flowtable_inet); @@ -109,6 +120,7 @@ static void __exit nf_flow_inet_module_exit(void) nft_unregister_flowtable_type(&flowtable_inet); nft_unregister_flowtable_type(&flowtable_ipv6); nft_unregister_flowtable_type(&flowtable_ipv4); + nft_unregister_flowtable_type(&flowtable_bridge); } module_init(nf_flow_inet_module_init); @@ -118,5 +130,6 @@ MODULE_LICENSE("GPL"); MODULE_AUTHOR("Pablo Neira Ayuso "); MODULE_ALIAS_NF_FLOWTABLE(AF_INET); MODULE_ALIAS_NF_FLOWTABLE(AF_INET6); +MODULE_ALIAS_NF_FLOWTABLE(AF_BRIDGE); MODULE_ALIAS_NF_FLOWTABLE(1); /* NFPROTO_INET */ MODULE_DESCRIPTION("Netfilter flow table mixed IPv4/IPv6 module"); From patchwork Tue Feb 4 19:49:16 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13959731 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-ej1-f46.google.com (mail-ej1-f46.google.com [209.85.218.46]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5BC8F21D001; Tue, 4 Feb 2025 19:50:03 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.46 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738698606; cv=none; b=ViaVLCym9TfFjdwAy4J2BivPNLSs5QNJrd5Qhr8Mpo2hRJbp86RkjXwDUe1HP6jNfN0iRDRycIcoh8LSXdez81vbmOycY+s7LbQPhYnufdnGF2S8tPNo7Mwke0un8e1H+wztUhmZZoCphoJUYoWPakia4JM5HhxhG5dpyVE4n54= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738698606; c=relaxed/simple; bh=30vB1mNe4s/jWwmqRCrvbxpqeV4vu0iBchGE3vNDSNk=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=F46z0MawZdCpTP78af9qe/vi5YP4K813w7gwkp6OX5DjTN9ayhFIZW+wrGauO1px2/w8Bf9sieS/+Siv4RX2Y+cUD3c/3gQ7e+iTEKk2ZM/D1QWGEcwdb1B0mVTQMJsHsKzOqdYVSDfhu9Zu4REHRqYpCYfwDM9wD1lH88qsKi8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=VOSY0iDR; arc=none smtp.client-ip=209.85.218.46 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="VOSY0iDR" Received: by mail-ej1-f46.google.com with SMTP id a640c23a62f3a-ab7515df1faso176698666b.2; Tue, 04 Feb 2025 11:50:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1738698602; x=1739303402; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=KfNQ5cmnsawBulJakMMTQobb95EzKwEtX4OwcNbEVcc=; b=VOSY0iDRDF4LijR/4o/huudKPRPEayKOhsLnCdugGOLkPLzQ5nLSlnkmozFNmf+7qU vk8ivRC/6ukElQm2uvZezjoS5kYon2xMy5FtUjrwMK7mgWuTQ+vv7g0AhI4FpoAv0Eso PK8I2uUCTf+OQ2djSNf6HF2+McFQHBZkNm+YQmJLdCvvxKP3Z0jImny6vz4uSY0YxmhA u7UA4AV26kEC8399kYh19e1P+kAunMSyoBdrXWzaRlz3d7wek5RD5Wgx7mDMdh5t22bS KSn49cTduuQwJ6W6xmb/RqPVSTF8QOCk4QrXoqbhTsXuiHnM539W60PGH6J5fEA83LBs euqg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1738698602; x=1739303402; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=KfNQ5cmnsawBulJakMMTQobb95EzKwEtX4OwcNbEVcc=; b=nNL4FXHuJ00NVtVAkChGUQx8hHtVmJsdRaTXcRZlyJN2t59ZNpsG2v1npMizTq8ZA2 IiUsbqsW7O7eTg7okZpTMPgi43pBp5xbvWskp/1Fg53TrcF3tWfsaj2pkqtcjDju9aFz ucW85l4wvCv/IMZGyckiqvQqTLyx30DekOYL7fvgWcN5o6TnvRrsQtMu5qrzUD1bzcZL XvS7z3pgrcZ8JvVECMA0N3nW/e1aU8YKBb87ZAWmnXXWe5P2x9lo+9zHKYsQb9XHjHA4 kJ13IaTbklW4d85IkraKnWF/8Q9OzZwSMOe3gFGMnL7fvljW8r7SXAkp4XfWBIQxwmF7 7UCg== X-Forwarded-Encrypted: i=1; AJvYcCW76mSmZyqGiSMwEXuw/KMRkZ6EQBFTED1tkAimrM+vf+589gU9rBpHXwP+ioUpgYp1RDucr6O3Gc6Cazk=@vger.kernel.org, AJvYcCWNW2PKcuEVdFwdEKELD1n+nXpcilalZ/W6e0tCxVZxswRewG5eAWeLWGhEBOoCC6V8fQr7+BK2P2czFOWmWKPy@vger.kernel.org X-Gm-Message-State: AOJu0YwA3+sAg5J6PEeQiTqAh9o7jP0Brkormpm74XpA6MLrNGX/msJf yfOa8PIMxKRRlNj8vrZ/QfQa6l78/cMJroyIM2dr/E4Zu/9hP62R X-Gm-Gg: ASbGncu13k/pbNqV+Z8441O8hnGKSJ75qKnYccZOxLA9NiA8O0s80exjlaDRk7iAYid YiTyF6ms8gI2GF7F6knZEB8s5DBl9dcRCP6G7H+qFWbdSWgPvxU3M4B0OKeM6U7XoQCVF8fUW7/ AiZBWIwryfSlQbHxxtw2Uc0UlDJGQSs/MlRg/79NbKkMfmZwk8CyGtAtWP7ulva9CcTFbykDRdr xORA/RWJtWzBxFP/nvFXGyhHui9C1ps80b56VnQDYJmakOoO3LcxEQdlRwZPoNGdSe9tVp/eVeI DeKW5Z8OuFiAwhSoHlCzc819SJndh4bhFxBmLoLbW9PuuwsiKAx26oSRHkl94UkwZz29RAH0u/E Oe7mna/QuPaVI0kYZP5lqFD9ApLFs8IEp X-Google-Smtp-Source: AGHT+IF0i6wSQMkgrmjCQzY0taa6wuEGcCy7CIK6oAwJpMPmap+r+O5XJX2h9JbKqG9hmQnHQyXFmA== X-Received: by 2002:a17:907:c0d:b0:aab:c78c:a705 with SMTP id a640c23a62f3a-ab6cfe41079mr2625537666b.52.1738698602307; Tue, 04 Feb 2025 11:50:02 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-ab6e4a5635bsm964684466b.164.2025.02.04.11.50.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 04 Feb 2025 11:50:02 -0800 (PST) From: Eric Woudstra To: Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH v5 net-next 09/14] netfilter: nft_flow_offload: Add NFPROTO_BRIDGE to validate Date: Tue, 4 Feb 2025 20:49:16 +0100 Message-ID: <20250204194921.46692-10-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250204194921.46692-1-ericwouds@gmail.com> References: <20250204194921.46692-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org Need to add NFPROTO_BRIDGE to nft_flow_offload_validate() to support the bridge-fastpath. Signed-off-by: Eric Woudstra --- net/netfilter/nft_flow_offload.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index 5ef2f4ba7ab8..323c531c7046 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -421,7 +421,8 @@ static int nft_flow_offload_validate(const struct nft_ctx *ctx, if (ctx->family != NFPROTO_IPV4 && ctx->family != NFPROTO_IPV6 && - ctx->family != NFPROTO_INET) + ctx->family != NFPROTO_INET && + ctx->family != NFPROTO_BRIDGE) return -EOPNOTSUPP; return nft_chain_validate_hooks(ctx->chain, hook_mask); From patchwork Tue Feb 4 19:49:17 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13959732 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-ej1-f54.google.com (mail-ej1-f54.google.com [209.85.218.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 874F322069E; Tue, 4 Feb 2025 19:50:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.54 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738698608; cv=none; b=dWCBQkNGOpwLMhe8pDbJoo1dhSGSS5kz4CWTkIabj5ICNrSzQhGrXjjxZMiv/qHKr3BuwWaIhfSmQ6MUOovNDH93hqIm0jD1HmjgKeumWOtPGiBaATbXHOcCBBuj1prnnYtJzTZhYFJFrFV+/dcXe7EWP7QCwcOolTO+KgEQ8u4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738698608; c=relaxed/simple; bh=Xf5mlATXYp8EYoXU9a3w+XGI157o2p4WZAmB5ikh7tM=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=hhFy0PfJZHvOBeMBobJuoWUeGKS51bv8uzxDItuhPVCX8zwVgJAAOHs2fhsghb+m7qZmMtw75xbBvRj3bgWosQQAnKsynABfTn6I4e/5TVSTGVtCwsCi0M7gaYUcprcBNNtUCRera5HLyiq8Sf3NzwyYb7UGLaQ+arniilCsfLw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=Wj/D84lV; arc=none smtp.client-ip=209.85.218.54 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="Wj/D84lV" Received: by mail-ej1-f54.google.com with SMTP id a640c23a62f3a-ab7515df1faso176702566b.2; Tue, 04 Feb 2025 11:50:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1738698604; x=1739303404; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=mNvAyhAv6GepxNEYkCskllQBVi38mrCeZ4SsbbR7WSY=; b=Wj/D84lVwge5N4IUDldx9tnW+XLgN4Yi6N/mge0Dk+6brzwoy8Up61X9IdVHZLycsd YIMJJmdcZG56cCiHUmit3DQ9DDAKMR94w5NGGyOaggZNNN8Q1b+6j3RUL+AbvAlmTA0S dVOP9EOxbhxiCjto9bfEKH0acBkfMp4s6sFX+Y4h60tNS4TITyfGvX8KUHoZVDERCTf9 n9EZKBY5pB3/so7HRfnx6P7u7/pTKeGGLQEmSYSS4cnknWIFV4/ihI9t8LjBpQY9d2e5 fd87T8odBPB4sTp7N8WPVaBDEUTM0Xl0OlzmXmTs925YGkGDg2IX8Hqi74Pqmvp1ke12 Y7QQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1738698604; x=1739303404; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=mNvAyhAv6GepxNEYkCskllQBVi38mrCeZ4SsbbR7WSY=; b=ZwNcs2Rx1uot6SKbwcIZNfFCQEJ2X65LjORyOTCPbGQIK1X2/kp+mCqnvQE5KkEjc9 H3yUoOYdeJCyc0lXP+M5GInKAG6Vx9qbQDORuuRo7bsqqfoA6z+bt2y+M5INNiMho1/t 2fmks7TC+8eoANhzoIsaG9HButgagMaqItykZnfY/OOVQ8fpRWRjO6qgDVoyT3Zq776L skOihXOznMaPa2d+ols6PjeAuwYoTFC6H6liNkhGg6O/jOcLLV4sGtvIfPnTUHzKFrjN 9zu8zGA5fV+X0MkrvDWkaBMbBy3djmEKhcJsmAGeLuae2Pxk7MnZG/Frz9ZQtb2x7D/F d0Kw== X-Forwarded-Encrypted: i=1; AJvYcCVFhRlFs7v5htrN8SNoVfx8+VBi34gtEMarzffgY8B9IeuiajxQGewXqikL8hNQ318QCGbEGG4PLbwOlfg=@vger.kernel.org, AJvYcCVM6t5aukSUlIk+AWOm/MEYhVQFfREGwWfe5aQwPsgOSvcNv2OAJ9S0eQ16y44X1oJsKfkjWmPrTxCtUrbpx1vx@vger.kernel.org X-Gm-Message-State: AOJu0YwLFxX80CNKOPAv58v3X5aXL22tyyJdGT5g4xtebfrydNS4vMSi n6JCtQlmhN1qcyEeCJrXZCkKexrgxoNzlESP8FExASe/ZMyyOj83 X-Gm-Gg: ASbGncsV0s9TAWDlsSNQ4XGTq2AT1bJZVUMxyoNSftNZk5OQzOSO2swr0e3IyV+EwLA hMGPRi79jiLcZpMOXze0FE0A7yy3U6wB1vIqoKCZ9qqbtlj8IZzs/dZtM0m+bWQ6oF7/1CGNNEo nvClU8/YPGnrFvX2xy6MlnEbcfknXicjBNeMMD/i13+8JwC5JcAmvnzoH5GM4/ME70jpzvAT2U1 CqMdNh4HGMyms1K8BQJziJHvmgkghRXJy5Mk0KNfFgX1+4rgHoJ6c2S/HjbB5GSMD3VYughxyXc gwCJOL+NpJqPxiM1bQMZ7FtUX2RraZIKD5hdMLIUyuB7hEuvsRdJ2LH1Oxth09W3/ne0/dUOdwc HvySme9qESa6s9E5mM/uvm2taYW3pYLIY X-Google-Smtp-Source: AGHT+IF3Pc3NKrXdQnXqPQwcc/aC4MWpA9WJONMBdLCJSxY43xKupXfl7aBElhm4x8MYzyDeLkdj+A== X-Received: by 2002:a17:907:3f20:b0:ab6:dc00:e2e8 with SMTP id a640c23a62f3a-ab6dc010668mr2925881766b.3.1738698603538; Tue, 04 Feb 2025 11:50:03 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-ab6e4a5635bsm964684466b.164.2025.02.04.11.50.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 04 Feb 2025 11:50:03 -0800 (PST) From: Eric Woudstra To: Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH v5 net-next 10/14] netfilter: nft_flow_offload: Add DEV_PATH_MTK_WDMA to nft_dev_path_info() Date: Tue, 4 Feb 2025 20:49:17 +0100 Message-ID: <20250204194921.46692-11-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250204194921.46692-1-ericwouds@gmail.com> References: <20250204194921.46692-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org In case of using mediatek wireless, in nft_dev_fill_forward_path(), the forward path is filled, ending with mediatek wlan1. Because DEV_PATH_MTK_WDMA is unknown inside nft_dev_path_info() it returns with info.indev = NULL. Then nft_dev_forward_path() returns without setting the direct transmit parameters. This results in a neighbor transmit, and direct transmit not possible. But we want to use it for flow between bridged interfaces. So this patch adds DEV_PATH_MTK_WDMA to nft_dev_path_info() and makes direct transmission possible. Signed-off-by: Eric Woudstra --- net/netfilter/nft_flow_offload.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index 323c531c7046..b9e6d9e6df66 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -105,6 +105,7 @@ static void nft_dev_path_info(const struct net_device_path_stack *stack, switch (path->type) { case DEV_PATH_ETHERNET: case DEV_PATH_DSA: + case DEV_PATH_MTK_WDMA: case DEV_PATH_VLAN: case DEV_PATH_PPPOE: info->indev = path->dev; @@ -117,6 +118,10 @@ static void nft_dev_path_info(const struct net_device_path_stack *stack, i = stack->num_paths; break; } + if (path->type == DEV_PATH_MTK_WDMA) { + i = stack->num_paths; + break; + } /* DEV_PATH_VLAN and DEV_PATH_PPPOE */ if (info->num_encaps >= NF_FLOW_TABLE_ENCAP_MAX) { From patchwork Tue Feb 4 19:49:18 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13959733 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-ej1-f44.google.com (mail-ej1-f44.google.com [209.85.218.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 914352206A4; Tue, 4 Feb 2025 19:50:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.44 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738698608; cv=none; b=LRPxSR5Og4fqs3GapggZQw1IaTVb3PUaBxOKk9Zhg8T1go8TQrZUxQhvA0JJ5fnx48pEuO/hFst+yGDq4CB8x8zpoM/BQZaqg3rmn9a3BRTJyJrJmzcKPGQifsV56Z0t3DrlnFhsQNmlqb5R4rSYE01TUTx7GaNzBYiQC8Ju+YI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738698608; c=relaxed/simple; bh=wW6RAS7gIB9YtaeLFy71mruTN24ozacnHEEpdyTAFDM=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=uJJMCs5D/4IwJB8mDzEReE8GBTS/ohlT1lhzZpN1hY1J7LRA4oe2iPkujmW7b5jezvwLduw/vUFkZ2lwPq8Tddprzb9u4BwwIZfng15woB/UHtLKERDXhu+jD7m3kvqBRiVUmqfTVytC7DpgdB7nwvDUJNPraGEjAJOqgh3GuV4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=inuDbSWj; arc=none smtp.client-ip=209.85.218.44 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="inuDbSWj" Received: by mail-ej1-f44.google.com with SMTP id a640c23a62f3a-aaf57c2e0beso1216213366b.3; Tue, 04 Feb 2025 11:50:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1738698605; x=1739303405; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=kADY7+7zs3VYeS9qt3VMln59cnXFpf9BaZ+2EYseZ2I=; b=inuDbSWjy9lxV9vfmh8BZoqkoSKR2grZk2fucUjEtEhI7IsPXMWH1TJYFDJcZfHuPe BheG7rTpE4YmRnhZ967ZXpwqirCnlcO+ey1dnV8ONmD9J2Qy/5lzpdO9K4kMB8aq/HX6 sqNjX2jV/oJ9laVBoi3Ew8kpZPddTSQgt+01eRYihugN48CDEnBzo8sJ5oxXRMNQvKqs rTqz3VgDYzuWy294p5pvj6FRmnEZNkEwI+GcMi2FDAimpHfcl6J6n3t2ed13XlTNYPoV F9vIHBjwDM88GihnGhvcMEFw6JuC6h/+vhiD0rXhqLLz/KWFZpG21QESxEpO/bfmaKpY HmeA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1738698605; x=1739303405; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=kADY7+7zs3VYeS9qt3VMln59cnXFpf9BaZ+2EYseZ2I=; b=uAN/YXCvlEEv0PMFTziab1okjgslqeItCOOJLvUutPwAiNQlbxGI/hgOzifNayXq6Z j2pqck+tEuJpa+5iZlb06bQt2mqvkpU+NhFXOOZxiGK7oIB1jJhtK8NyFpWhGLUvAKrN wFSNsll7eCoTTjp/BlFhc3MF3uauUKBGjf9jvFOknSH9xGAZRauGRvdtOvdDCLvBzlXz Wk/YRu1BaxgUxBEPM+dfXMLU/pZwhVwpqFLcac2+L3f8SQ/7PXgkX5GBP2T4f4xKxUw7 FlQLjkvrCh1ZTuu9WWS83/xXHJJfbhX3Y4aI7xSYCGMWLsfyryUAX+kamhwRgrUKzobd +/Lw== X-Forwarded-Encrypted: i=1; AJvYcCWyfBM6TmjmoKDnM+SYDclLqm1L5lasEmqDsvNFzgJ5l0UiSPxZrJcNX+T+1hslM7cUSde3ghqBH3lWZe8=@vger.kernel.org, AJvYcCX7eWrkO6NBuRGIHGrBuOK8J1OU6C4V2tJNLu6orO+miTtjnBPeX3apq9ZvuzfQW/PlEwdgBUCImipWi9Qz8kFp@vger.kernel.org X-Gm-Message-State: AOJu0YwJ1p2wY2PK+JyjIBJ4k6aBamz+XVOIxkaXd/9815DWwOu6/Bkh DSqoCmh1RHAPqqjosBEfJHSsO+ISaxtbE/stqGcppvon+rMzdDMy X-Gm-Gg: ASbGncupQcYabIgrWX/12Cac7ub5hkBzHK2wqcIvgyf25d+R/durz4B12ytrPAxQwRS XMsuARSswz1vhkVY7hx77RHllmRGIdG1+q4qZcvFmGrA+1n+UhEGOudbYlZrtqQGGXpq/Ft/xiI 7wknpgaga86gPl5yHoi9wX9E07AV+Bf6EB3kiShrqDXa5S5sb3d3Cjz6InLGE9LflP/UY6M3mna aR3ozmoLqomr11DoFXBmWbEmXZ5mKLvq9qTHo5hTa8Coqpj1cC0cV19aOSUBj3BG1YOvfyczLqu V/mnVPM+PETaZSYDYOudxF8lfDhtAUS8e1WTwxcCBkof507Ji/ivap80opDMDAiBDSxPzhsytDj sDrQ1Ym2yuu08FXxBRSK+vczGhL2AVNXB X-Google-Smtp-Source: AGHT+IH3HgcqoQXvsnACIc49AeekhK/1g6HjbR0l0xWDGPW12A6kFCC7xX3W36OSBC5BU9r+MqXOrg== X-Received: by 2002:a17:907:2d8b:b0:ab6:621a:f87e with SMTP id a640c23a62f3a-ab6cfda41e1mr3469521966b.41.1738698604888; Tue, 04 Feb 2025 11:50:04 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-ab6e4a5635bsm964684466b.164.2025.02.04.11.50.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 04 Feb 2025 11:50:04 -0800 (PST) From: Eric Woudstra To: Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH v5 net-next 11/14] netfilter: nft_flow_offload: No ingress_vlan forward info for dsa user port Date: Tue, 4 Feb 2025 20:49:18 +0100 Message-ID: <20250204194921.46692-12-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250204194921.46692-1-ericwouds@gmail.com> References: <20250204194921.46692-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org The bitfield info->ingress_vlans and correcponding vlan encap are used for a switchdev user port. However, they should not be set for a dsa user port. Signed-off-by: Eric Woudstra --- net/netfilter/nft_flow_offload.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index b9e6d9e6df66..c95fad495460 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -116,6 +116,11 @@ static void nft_dev_path_info(const struct net_device_path_stack *stack, break; if (path->type == DEV_PATH_DSA) { i = stack->num_paths; + if (!info->num_encaps || + !(info->ingress_vlans & BIT(info->num_encaps - 1))) + break; + info->num_encaps--; + info->ingress_vlans &= ~BIT(info->num_encaps - 1); break; } if (path->type == DEV_PATH_MTK_WDMA) { From patchwork Tue Feb 4 19:49:19 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13959734 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-ej1-f42.google.com (mail-ej1-f42.google.com [209.85.218.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6F1B9221DA8; Tue, 4 Feb 2025 19:50:08 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.42 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738698610; cv=none; b=n+huP2P5Ky5i8YUBn+ejxprNFOx9rGTisROsr23iZ3NpGQL2JwrBWyXpT4Ta2I3EBC+sYjkQoLoUBV9wBcv6P7gqRHDrzAltQ36IiLSDe9fxc21bjPpp961Czq1GkfWVZPqhaQbtKb3r4SyOXw78JeLStZ26PvTErRyhpdNPqDc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738698610; c=relaxed/simple; bh=39VIFP4D9IbEeeXq8mnl1kvP9hcTbyFYvum8SqlkFMw=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=cpur3tUPKM3g54BQdxlsfr5DxIZ6DQOb95W+BOmKQ0FOcwitOrw0CiTtO15IAM7lrC+i27y/Is0RN7HdWduDi/vdLN+pXxpTd/iVC+UcDbcItmQ3vzHewG6taCuBuGTustnXoZd4wgKbBOUDJDik2wpwYlekEpwm8fDKBstGT7c= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=nmEQyiEV; arc=none smtp.client-ip=209.85.218.42 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="nmEQyiEV" Received: by mail-ej1-f42.google.com with SMTP id a640c23a62f3a-ab6ed8a5a04so1003160366b.3; Tue, 04 Feb 2025 11:50:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1738698607; x=1739303407; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=ywfhqy65gecHUZNjOnVj4qWLVObwqyLJf6dZ8Q6nRgU=; b=nmEQyiEVxU/wIYPv8a0nxpSiOfeSvqBs5DFl0OHWCfOOVu1pUGf8XYZvOP1uUX6mVi J8W1i4omx5Rao1tJgnUl4YkZEAHu9Z4xm3nFVjJj3tqYsu5/Bcm4XsS+eMT7DnBOKDsl fRKgN4oBCgrknNavSFi/WkV1GS/jZmLcpmKpo+Z4smVjAw/BJdnZwCbI82d4ZqpTd7O5 S/K3KLdjOKlygU1upAkPuKDJudsZFhHzwP5a1mMMdoHVvM8uqTUD9jwGAdZZhUZAtwuA UGlelPtEWwT6PQRBZJ0/77KUvDVXbsB80ikfhxJocyRCvn68hzJxI3WfSYiItKHeZq+x l5lg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1738698607; x=1739303407; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ywfhqy65gecHUZNjOnVj4qWLVObwqyLJf6dZ8Q6nRgU=; b=BJmCUY6E+iFL3lXdTnLxmJtNuP29Tzg+wCYDFCIc30EUsv+FftbNiDvcVsi5dsnoyO EXM/SRFgNpCM8RD0prVCgBphibbxK7P5NpJLcRHKGaDDEiuFID26dX2NY9P2NRSr/xYe ReSgLy2IzLE6CQoVsrkRQvr9fWODnYEzOHkFLK1BgKWtr0voWKBiHycOV7ZTGPRkzuv0 ygHoAM1Acnqqd2pxSZZS1zlLIv9aYTjfOgt34Aa2X2EP3VVfrCGU4WNwqBVE+lOLH80r oq0ALIbU8X+JVrfRGO/koZmp5rizdXYHpU4IaMk3aEKt5z5AWqIjSf0jn9DGyIrHIe6H 2HZg== X-Forwarded-Encrypted: i=1; AJvYcCXwzC0viviI18tLdC4iPF1NXBFLDKArHvqrIfmM6mejlmJuUpkP9khSW/ZI3JPAOYOMN4+6zRBq7EE161d9UwFN@vger.kernel.org, AJvYcCXzV5aezMFihce5aWfgIvyC+RyBoCe34i1Zu/k6gTGiq4S1pJ0Ihn6IVJa9Tyk3Z5UKLvQTmBJM+vOlzCQ=@vger.kernel.org X-Gm-Message-State: AOJu0YxQKlG0pSnO2xZJh90+hKa9ZJsxwr4vv0G0yZ8CvhPhzfkHPWBF YevafuGTH1/eFvUrbLcdRM+LLMiy5cGxFV2SziNGrOJlWbnDNWwK X-Gm-Gg: ASbGncsmfHL1tp70AMZoIig6l31+3WR5GxeH6ipbhLswUoveeXsGjFbFdu5x6L/ch1B BjYMAjX6W80nxJnVSbKZVjNMV8gj66sOXYA6QHW4A5wTn3vVYJRIO1ce7DIQ/6IkxX+bV/68nm8 cLCDJdtk/yDUOc3iqI+QIEQDwz4R/FgT1qj5tAfkxd8gZtm5WZBiktiYpVwrivCb04wZAeZZDLP MqNDskLkg/90InDP1bSUWdiK35C5BS5SdbiW4dGuucoEFZsJcrRlFrXay6i2s4gmLnL7+MMX/ax hfBhwA/sankiY0mPdPTKVgXQvTKSk21FrZjcFCqMziFVYaoctXN60NamXo82LvheVIFzOKZULl8 8GEZ0kxIegqIspVTx1LbHBc4IzSx//MNg X-Google-Smtp-Source: AGHT+IGsgydU2KJZsQJKjW2M6pU0tBQARxBwA2aC5NBjQPJ77IzmtjFUycypBk8vhFGyrZ07vWPvDQ== X-Received: by 2002:a17:907:94d5:b0:ab7:590a:7759 with SMTP id a640c23a62f3a-ab7590a7769mr193968666b.33.1738698606582; Tue, 04 Feb 2025 11:50:06 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-ab6e4a5635bsm964684466b.164.2025.02.04.11.50.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 04 Feb 2025 11:50:06 -0800 (PST) From: Eric Woudstra To: Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH v5 net-next 12/14] bridge: No DEV_PATH_BR_VLAN_UNTAG_HW for dsa foreign Date: Tue, 4 Feb 2025 20:49:19 +0100 Message-ID: <20250204194921.46692-13-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250204194921.46692-1-ericwouds@gmail.com> References: <20250204194921.46692-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org In network setup as below: fastpath bypass .----------------------------------------. / \ | IP - forwarding | | / \ v | / wan ... | / | | | | | brlan.1 | | | +-------------------------------+ | | vlan 1 | | | | | | brlan (vlan-filtering) | | | +---------------+ | | | DSA-SWITCH | | | vlan 1 | | | | to | | | | untagged 1 vlan 1 | | +---------------+---------------+ . / \ ----->wlan1 lan0 . . . ^ ^ vlan 1 tagged packets untagged packets br_vlan_fill_forward_path_mode() sets DEV_PATH_BR_VLAN_UNTAG_HW when filling in from brlan.1 towards wlan1. But it should be set to DEV_PATH_BR_VLAN_UNTAG in this case. Using BR_VLFLAG_ADDED_BY_SWITCHDEV is not correct. The dsa switchdev adds it as a foreign port. The same problem for all foreignly added dsa vlans on the bridge. First add the vlan, trying only native devices. If this fails, we know this may be a vlan from a foreign device. Use BR_VLFLAG_TAGGING_BY_SWITCHDEV to make sure DEV_PATH_BR_VLAN_UNTAG_HW is set only when there if no foreign device involved. Signed-off-by: Eric Woudstra --- include/net/switchdev.h | 1 + net/bridge/br_private.h | 10 ++++++++++ net/bridge/br_switchdev.c | 15 +++++++++++++++ net/bridge/br_vlan.c | 7 ++++++- net/switchdev/switchdev.c | 2 +- 5 files changed, 33 insertions(+), 2 deletions(-) diff --git a/include/net/switchdev.h b/include/net/switchdev.h index 8346b0d29542..ee500706496b 100644 --- a/include/net/switchdev.h +++ b/include/net/switchdev.h @@ -15,6 +15,7 @@ #define SWITCHDEV_F_NO_RECURSE BIT(0) #define SWITCHDEV_F_SKIP_EOPNOTSUPP BIT(1) #define SWITCHDEV_F_DEFER BIT(2) +#define SWITCHDEV_F_NO_FOREIGN BIT(3) enum switchdev_attr_id { SWITCHDEV_ATTR_ID_UNDEFINED, diff --git a/net/bridge/br_private.h b/net/bridge/br_private.h index a0b950390a16..b950db453d8d 100644 --- a/net/bridge/br_private.h +++ b/net/bridge/br_private.h @@ -180,6 +180,7 @@ enum { BR_VLFLAG_MCAST_ENABLED = BIT(2), BR_VLFLAG_GLOBAL_MCAST_ENABLED = BIT(3), BR_VLFLAG_NEIGH_SUPPRESS_ENABLED = BIT(4), + BR_VLFLAG_TAGGING_BY_SWITCHDEV = BIT(5), }; /** @@ -2184,6 +2185,8 @@ void br_switchdev_mdb_notify(struct net_device *dev, int type); int br_switchdev_port_vlan_add(struct net_device *dev, u16 vid, u16 flags, bool changed, struct netlink_ext_ack *extack); +int br_switchdev_port_vlan_no_foreign_add(struct net_device *dev, u16 vid, u16 flags, + bool changed, struct netlink_ext_ack *extack); int br_switchdev_port_vlan_del(struct net_device *dev, u16 vid); void br_switchdev_init(struct net_bridge *br); @@ -2267,6 +2270,13 @@ static inline int br_switchdev_port_vlan_add(struct net_device *dev, u16 vid, return -EOPNOTSUPP; } +static inline int br_switchdev_port_vlan_no_foreign_add(struct net_device *dev, u16 vid, + u16 flags, bool changed, + struct netlink_ext_ack *extack) +{ + return -EOPNOTSUPP; +} + static inline int br_switchdev_port_vlan_del(struct net_device *dev, u16 vid) { return -EOPNOTSUPP; diff --git a/net/bridge/br_switchdev.c b/net/bridge/br_switchdev.c index 7b41ee8740cb..efa7a055b8f9 100644 --- a/net/bridge/br_switchdev.c +++ b/net/bridge/br_switchdev.c @@ -187,6 +187,21 @@ int br_switchdev_port_vlan_add(struct net_device *dev, u16 vid, u16 flags, return switchdev_port_obj_add(dev, &v.obj, extack); } +int br_switchdev_port_vlan_no_foreign_add(struct net_device *dev, u16 vid, u16 flags, + bool changed, struct netlink_ext_ack *extack) +{ + struct switchdev_obj_port_vlan v = { + .obj.orig_dev = dev, + .obj.id = SWITCHDEV_OBJ_ID_PORT_VLAN, + .obj.flags = SWITCHDEV_F_NO_FOREIGN, + .flags = flags, + .vid = vid, + .changed = changed, + }; + + return switchdev_port_obj_add(dev, &v.obj, extack); +} + int br_switchdev_port_vlan_del(struct net_device *dev, u16 vid) { struct switchdev_obj_port_vlan v = { diff --git a/net/bridge/br_vlan.c b/net/bridge/br_vlan.c index 07dae3655c26..3e50adaf8e1b 100644 --- a/net/bridge/br_vlan.c +++ b/net/bridge/br_vlan.c @@ -109,6 +109,11 @@ static int __vlan_vid_add(struct net_device *dev, struct net_bridge *br, /* Try switchdev op first. In case it is not supported, fallback to * 8021q add. */ + err = br_switchdev_port_vlan_no_foreign_add(dev, v->vid, flags, false, extack); + if (err != -EOPNOTSUPP) { + v->priv_flags |= BR_VLFLAG_ADDED_BY_SWITCHDEV | BR_VLFLAG_TAGGING_BY_SWITCHDEV; + return err; + } err = br_switchdev_port_vlan_add(dev, v->vid, flags, false, extack); if (err == -EOPNOTSUPP) return vlan_vid_add(dev, br->vlan_proto, v->vid); @@ -1491,7 +1496,7 @@ int br_vlan_fill_forward_path_mode(struct net_bridge *br, if (path->bridge.vlan_mode == DEV_PATH_BR_VLAN_TAG) path->bridge.vlan_mode = DEV_PATH_BR_VLAN_KEEP; - else if (v->priv_flags & BR_VLFLAG_ADDED_BY_SWITCHDEV) + else if (v->priv_flags & BR_VLFLAG_TAGGING_BY_SWITCHDEV) path->bridge.vlan_mode = DEV_PATH_BR_VLAN_UNTAG_HW; else path->bridge.vlan_mode = DEV_PATH_BR_VLAN_UNTAG; diff --git a/net/switchdev/switchdev.c b/net/switchdev/switchdev.c index 6488ead9e464..c48f66643e99 100644 --- a/net/switchdev/switchdev.c +++ b/net/switchdev/switchdev.c @@ -749,7 +749,7 @@ static int __switchdev_handle_port_obj_add(struct net_device *dev, /* Event is neither on a bridge nor a LAG. Check whether it is on an * interface that is in a bridge with us. */ - if (!foreign_dev_check_cb) + if (!foreign_dev_check_cb || port_obj_info->obj->flags & SWITCHDEV_F_NO_FOREIGN) return err; br = netdev_master_upper_dev_get(dev); From patchwork Tue Feb 4 19:49:20 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13959735 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-ej1-f54.google.com (mail-ej1-f54.google.com [209.85.218.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 67756218EA2; Tue, 4 Feb 2025 19:50:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.54 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738698613; cv=none; b=DyLF8ThiOSEg0YSZgU5kGNp1q91Hd3ZO2iRl3cS2AwHMVov0e9RlDoP0uN4Si21QUz9RVkGlfqiT4+QJWc6RqlkcKw/8+iWa6cuOTDEwC6nZ+QmefRKE5Ge21lzy6O00bx0i1YDbku7VbX/SgB0Iz9Ob1A6INOIKrYukACgqBlg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738698613; c=relaxed/simple; bh=EMFBUpkmd5COgfTIlW8tvi9/f+9voyjto4Z8+2IBLWU=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ejynbUvHJ8kqoWuvp1E/hPc4Ez923qbHgY5ZBnBL5ky90/poYPv3X3JKrBjkOpfaVJBFCkyG36waY/B7a04oxgglU1+NtoQDjvz09/gqW6j3Knd836a2lxkj3mWcM+WM+zf5dKRTEZvlGxS0dFXSBkWmruIZjcjhuRBEJaPFVjc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=lN6w6bnp; arc=none smtp.client-ip=209.85.218.54 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="lN6w6bnp" Received: by mail-ej1-f54.google.com with SMTP id a640c23a62f3a-ab74ecfdae4so142944966b.2; Tue, 04 Feb 2025 11:50:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1738698609; x=1739303409; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=//RthvClo4JzPeEnG1PywSOoZnVfBt6m8pYgKggGTpU=; b=lN6w6bnpjqKCBdet/OSaB8z/osYrgNGaFGmSkHo3I6vzvS3RP89P+PoKN0hfMZ+eaM lT/1/JFg8di+ob2RdHYDZW+YjfrbjcI23f/BOyC89vX5OzvOsaYMD8Ur4uwONuqcGI+z ZzhAeX0y6xetFGMAahoLn8289O607oSIPHthbFWHuJIj047Kbe04LkXj+d0Kq2o9B5AS 7Bo9dTnXfP3ZL8EJz4bq9KScRCcRGgYTl7YRH7jrKUavFpS+vmiPL5fDHMlbLStE31FM oy4PhUXsgwm5BBHfE8tlJ2Sq1315CUAfXNHJaoo76x4867fPSEMBEHhJ7LTkXMCQ2Vk+ Qq/Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1738698609; x=1739303409; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=//RthvClo4JzPeEnG1PywSOoZnVfBt6m8pYgKggGTpU=; b=QS1xkQRRRsLGpaj2GDnpyxIFL/ujTT5tLtCCmSO76w4IhcU3JJm5aYt8G4MSjSCme5 nCXml6wB4joKXD+1e251gyiWQync4Ui5MfCgRZURnvQzzQVM1DPIAgBmoan1IGm/OZEz tnBD895hpLgp446YHeYgcm5zFo58z3/0sVDaihgZkDBC1u5wOoJ8iSiCwXN5lukzsnBw YIP/brWkBgjBYCpwm2eZE6N6dxFJqQdhXp6JGy3wY9YjB1ttM+NyEXtACMc/uTuyvulI 39JGKcvlRwv1DlB543Uc+PGgZFSlK4umIvk6f7ekUh0gVrt5+gMiR70Bhrq9FoYAKMjy p/MA== X-Forwarded-Encrypted: i=1; AJvYcCUpq3c0AN0KVv5qdFli6TdlDYdd7BrOB9MiSxY2j+U0gpkogZl2nSuOEuo8vu7JFpOEkVM+gP7iwvLZwZXcld4W@vger.kernel.org, AJvYcCVvsHSxEC2Q8fnsHUglbEeDq8LQL7J6nCEumSbQzneUg3ZeyBTJYhHUeUUjZLcdzyWi1Kui3/GLaqsZnQA=@vger.kernel.org X-Gm-Message-State: AOJu0Yxp++EMZ5JUhrRaLpv837V9hCwvKe/o9zy6x6f5/SWcLXer2dQc yyFOVA6MRazqK0YdxeCg1Hjsdrj0b9AufQ2vb1/2jr7uw3PgWD8q X-Gm-Gg: ASbGncsd8hNW0qielPNokFq9Npvxr5DkRnhd3hxX8oiga+2+HXfmN1kANqxNXEFNW5d U29Rgt9gWA92p/6eR6LCSftHS5mKStX0wjhVQ/4vpfCclJIwS/pY/DBH5gC0DWCokbWv/MBoRW7 2WTaKjsOA8icXVTEg5h2d2CxHtjaVkKxjTmx0zZ7rPS17GhvX0SG8a01qIrpGIklH8Vq2olTyHB t1L3GgZoC3QrkEj2ZSwbWOZ7i8TjY/3qtegq5hUwf3FljmU+KoxcfbsOnJV7cP4M1sP6OsCZg9p zMxy2HFsJtonunz3IvFiEVhKtjv4hzxcoAq5UyOSppE9v0KWxRGT9uBaQ/wyVmgtJlK8ZKovf4C pB3MIqBa9z5NUDww5RywNyESojNSXLiWt X-Google-Smtp-Source: AGHT+IGt/6VgWu/uR4UpsMkru0toFiQ+1d3xhaiHmAvPsdOeeBceqic1mQLjOAWdzpkUw3jzvfdFrQ== X-Received: by 2002:a17:907:9714:b0:ab6:621e:7587 with SMTP id a640c23a62f3a-ab6cfcb3a0amr3155424666b.4.1738698608664; Tue, 04 Feb 2025 11:50:08 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-ab6e4a5635bsm964684466b.164.2025.02.04.11.50.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 04 Feb 2025 11:50:08 -0800 (PST) From: Eric Woudstra To: Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH v5 net-next 13/14] bridge: Introduce DEV_PATH_BR_VLAN_KEEP_HW for bridge-fastpath Date: Tue, 4 Feb 2025 20:49:20 +0100 Message-ID: <20250204194921.46692-14-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250204194921.46692-1-ericwouds@gmail.com> References: <20250204194921.46692-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org This patch introduces DEV_PATH_BR_VLAN_KEEP_HW. It is needed in the bridge fastpath for switchdevs supporting SWITCHDEV_OBJ_ID_PORT_VLAN. It is similar to DEV_PATH_BR_VLAN_TAG, with the correcponding bit in ingress_vlans set. In the forward fastpath it is not needed. Signed-off-by: Eric Woudstra --- include/linux/netdevice.h | 1 + net/bridge/br_device.c | 4 ++++ net/bridge/br_vlan.c | 18 +++++++++++------- net/netfilter/nft_flow_offload.c | 3 +++ 4 files changed, 19 insertions(+), 7 deletions(-) diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h index 872235e30629..5a7b0843dfad 100644 --- a/include/linux/netdevice.h +++ b/include/linux/netdevice.h @@ -868,6 +868,7 @@ struct net_device_path { DEV_PATH_BR_VLAN_TAG, DEV_PATH_BR_VLAN_UNTAG, DEV_PATH_BR_VLAN_UNTAG_HW, + DEV_PATH_BR_VLAN_KEEP_HW, } vlan_mode; u16 vlan_id; __be16 vlan_proto; diff --git a/net/bridge/br_device.c b/net/bridge/br_device.c index c7646afc8b96..112fd8556217 100644 --- a/net/bridge/br_device.c +++ b/net/bridge/br_device.c @@ -430,6 +430,10 @@ static int br_fill_forward_path(struct net_device_path_ctx *ctx, case DEV_PATH_BR_VLAN_UNTAG: ctx->num_vlans--; break; + case DEV_PATH_BR_VLAN_KEEP_HW: + if (!src) + path->bridge.vlan_mode = DEV_PATH_BR_VLAN_KEEP; + break; case DEV_PATH_BR_VLAN_KEEP: break; } diff --git a/net/bridge/br_vlan.c b/net/bridge/br_vlan.c index 3e50adaf8e1b..8ac1a7a22b2e 100644 --- a/net/bridge/br_vlan.c +++ b/net/bridge/br_vlan.c @@ -1494,13 +1494,17 @@ int br_vlan_fill_forward_path_mode(struct net_bridge *br, if (!(v->flags & BRIDGE_VLAN_INFO_UNTAGGED)) return 0; - if (path->bridge.vlan_mode == DEV_PATH_BR_VLAN_TAG) - path->bridge.vlan_mode = DEV_PATH_BR_VLAN_KEEP; - else if (v->priv_flags & BR_VLFLAG_TAGGING_BY_SWITCHDEV) - path->bridge.vlan_mode = DEV_PATH_BR_VLAN_UNTAG_HW; - else - path->bridge.vlan_mode = DEV_PATH_BR_VLAN_UNTAG; - + if (path->bridge.vlan_mode == DEV_PATH_BR_VLAN_TAG) { + if (v->priv_flags & BR_VLFLAG_TAGGING_BY_SWITCHDEV) + path->bridge.vlan_mode = DEV_PATH_BR_VLAN_KEEP_HW; + else + path->bridge.vlan_mode = DEV_PATH_BR_VLAN_KEEP; + } else { + if (v->priv_flags & BR_VLFLAG_TAGGING_BY_SWITCHDEV) + path->bridge.vlan_mode = DEV_PATH_BR_VLAN_UNTAG_HW; + else + path->bridge.vlan_mode = DEV_PATH_BR_VLAN_UNTAG; + } return 0; } diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index c95fad495460..c0c310c569cd 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -148,6 +148,9 @@ static void nft_dev_path_info(const struct net_device_path_stack *stack, case DEV_PATH_BR_VLAN_UNTAG_HW: info->ingress_vlans |= BIT(info->num_encaps - 1); break; + case DEV_PATH_BR_VLAN_KEEP_HW: + info->ingress_vlans |= BIT(info->num_encaps); + fallthrough; case DEV_PATH_BR_VLAN_TAG: info->encap[info->num_encaps].id = path->bridge.vlan_id; info->encap[info->num_encaps].proto = path->bridge.vlan_proto; From patchwork Tue Feb 4 19:49:21 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13959736 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-ej1-f43.google.com (mail-ej1-f43.google.com [209.85.218.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CBB6E223337; Tue, 4 Feb 2025 19:50:11 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.43 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738698613; cv=none; b=RHDSKNElBwJCL0ahWnzDB7KG5xQdrgBrfWimR67OhDBbJWlXwZtQuL7gYtWUDRePPwRclcQ9qeM91RTIEKjJ+M2a2WjKapkCA34emCL27XzNqLW0ylSZ2dKK6O39pAErm9BQwRm+jNOY5/KSSw+VoRkjFljSQZ1NFMKbUjAzxbA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738698613; c=relaxed/simple; bh=ao9814Zv6bDQnM5yUC6g/RI939BnwcO/605XslPLDVA=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=LW7DEdflfc2vTf6qZNtq7cOJm9mrm9oj1Qmy/QLGU/6kISgo7a4y65ZGNqQJBtIr95IjRkNDe6yjTfGHIBU9sg2OYuyX+7lzF9J6IxVAP7MrRmMNV1WRBqMKRbHcGifa5+Q8Tq25TMU+NzKsPAaWPp4pA5Z+pb+nbi/SaEGXnbI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=gc0nDU+a; arc=none smtp.client-ip=209.85.218.43 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="gc0nDU+a" Received: by mail-ej1-f43.google.com with SMTP id a640c23a62f3a-ab744d5e567so28155766b.1; Tue, 04 Feb 2025 11:50:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1738698610; x=1739303410; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=E8P5h61gnv0DfF0R+vjh2CpjgGHUfjM4UjNVV+Pbc34=; b=gc0nDU+afkZPGuzHAE+0yqen/TmJfxECt/pK1wk6xGBSizh8ybU9W3P942hPIUw8gL uRPSHTgZZOWKX7c5zKPKRiXPSFA7WgCY5rQe7HREdK1G85Fp+K0YBSj9/SDGYvUb1gfQ xXZUTKKHBL0mUDnU4IiIegHHaVVsWlGpcYBoPiC5jqXFkR3BMvQfSXhqP09ExOlkn5g8 Xuoo0/pgdLwtN4dpp4hhW7Hx3rmmc2N0BYvykzHfE0CTkI+qXU6ZCBzRhtAqC0UYxRnF H+bvwziJAazsmubA3V5ivq7ZnDGAzgW9R8znKgFOFzbgZeqKiV7f63OPkj4FX51pKN6P 8FpA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1738698610; x=1739303410; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=E8P5h61gnv0DfF0R+vjh2CpjgGHUfjM4UjNVV+Pbc34=; b=uBHuq/S3tsoi9kTmlrcpHtyGtjMdmUT/Tgcx/Uz11hn+B1yuqGm911gH6VXFiLf/k2 YSYl3oR77ANBTspfyLyS/SsI9rjax2oo1/x+3Chfmxu/OEymM5etkNqH4CEK8x+YleTB tnrL24xqt1227ONC/D706gcxVJckYbH9e0X3d1CXeak/OK9ASW9Gj+FXYOB0zF/vkk1h HHKJbOodfpuoi+2mJFbOpYpqPHXDxaekKKVnCcw6+O/uEknbB0EFHkQ4uMqa/YzwcnKQ llRvRIG+uT0G4TlFND7gD7bI8SfP82l7pZRkk0sTxb9spm6pAsEX/z29X+r2QgjeIYdq gGNQ== X-Forwarded-Encrypted: i=1; AJvYcCUCC+nVBvNMSeORRFaxc0Bj+2rSL9hfgydDgnkEVW2gRJ5EJQRjucIPyxqvUuKDGDZvhKqnbCgNCV+KICc=@vger.kernel.org, AJvYcCXEp3KiOXbzTQmGdK4rdBJEp9oOeESdneUFHePQuuQ02QkWKXg5Y1FZiz1OTK4guEjWsDhK6z/aDbFgLcjc9d9w@vger.kernel.org X-Gm-Message-State: AOJu0Yy6DRetSs1eJaO6nMBXt/oxlJnhf9/Yr6pj7tDhypoVOrcxebj3 aP5Ay8vKJnsgvZN6xUP3ydZuW7syfro9z3/04c9vTzrWTVe9+4Zb X-Gm-Gg: ASbGncs0bWcvAWfVNDSTq3r21bxNVi2tyC/GdXv6TdK+qS2qJA8IA7OXtdLwYqeWEJD EWRDRy8rhSYmVxipz79xGz8GTNGWSd3Lk+JhGo0S7yjfBbsrIb8FMD53HIqVVIjm1HynYgEk374 b5jQXg2jipzgAyWZE4iN+6hSGFCL4TBLRyj8todlSS9bnneuQi6GKBMfY1N+UAroi9f2IhMdgSm JlkbywaaAvtyAG1nARTXifR3eCb4e5xvPQNg0k+Bd4e2KHcD4timwdXxm7R78tHPB7ANjLmq8Lt kT4L6ediv7nJ2eJ5YHvBIRdN47EmAbWUgPnGLL6p+pl0GdXPw7KqvebnYxrOcRqbXiLRLXETjR/ VmS/ZFZmMv7ejU0Z0exy2iVuXxjkqtodB X-Google-Smtp-Source: AGHT+IEaPWaX8cpFgoktU0XxOZBCl8fVUKiJfRfuUx0hZEzWqrcdoDVy6k8mIpAoqS72uk21QIlM+g== X-Received: by 2002:a17:907:6d23:b0:ab6:8bb8:af2e with SMTP id a640c23a62f3a-ab75d481861mr16287166b.26.1738698609919; Tue, 04 Feb 2025 11:50:09 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-ab6e4a5635bsm964684466b.164.2025.02.04.11.50.08 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 04 Feb 2025 11:50:09 -0800 (PST) From: Eric Woudstra To: Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH v5 net-next 14/14] netfilter: nft_flow_offload: Add bridgeflow to nft_flow_offload_eval() Date: Tue, 4 Feb 2025 20:49:21 +0100 Message-ID: <20250204194921.46692-15-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250204194921.46692-1-ericwouds@gmail.com> References: <20250204194921.46692-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org Edit nft_flow_offload_eval() to make it possible to handle a flowtable of the nft bridge family. Use nft_flow_offload_bridge_init() to fill the flow tuples. It uses nft_dev_fill_bridge_path() in each direction. Signed-off-by: Eric Woudstra --- net/netfilter/nft_flow_offload.c | 142 +++++++++++++++++++++++++++++-- 1 file changed, 137 insertions(+), 5 deletions(-) diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index c0c310c569cd..03a0b5f7e8d2 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -193,6 +193,128 @@ static bool nft_flowtable_find_dev(const struct net_device *dev, return found; } +static int nft_dev_fill_bridge_path(struct flow_offload *flow, + struct nft_flowtable *ft, + enum ip_conntrack_dir dir, + const struct net_device *src_dev, + const struct net_device *dst_dev, + unsigned char *src_ha, + unsigned char *dst_ha) +{ + struct flow_offload_tuple_rhash *th = flow->tuplehash; + struct net_device_path_ctx ctx = {}; + struct net_device_path_stack stack; + struct nft_forward_info info = {}; + int i, j = 0; + + for (i = th[dir].tuple.encap_num - 1; i >= 0 ; i--) { + if (info.num_encaps >= NF_FLOW_TABLE_ENCAP_MAX) + return -1; + + if (th[dir].tuple.in_vlan_ingress & BIT(i)) + continue; + + info.encap[info.num_encaps].id = th[dir].tuple.encap[i].id; + info.encap[info.num_encaps].proto = th[dir].tuple.encap[i].proto; + info.num_encaps++; + + if (th[dir].tuple.encap[i].proto == htons(ETH_P_PPP_SES)) + continue; + + if (ctx.num_vlans >= NET_DEVICE_PATH_VLAN_MAX) + return -1; + ctx.vlan[ctx.num_vlans].id = th[dir].tuple.encap[i].id; + ctx.vlan[ctx.num_vlans].proto = th[dir].tuple.encap[i].proto; + ctx.num_vlans++; + } + ctx.dev = src_dev; + ether_addr_copy(ctx.daddr, dst_ha); + + if (dev_fill_bridge_path(&ctx, &stack) < 0) + return -1; + + nft_dev_path_info(&stack, &info, dst_ha, &ft->data); + + if (!info.indev || info.indev != dst_dev) + return -1; + + th[!dir].tuple.iifidx = info.indev->ifindex; + for (i = info.num_encaps - 1; i >= 0; i--) { + th[!dir].tuple.encap[j].id = info.encap[i].id; + th[!dir].tuple.encap[j].proto = info.encap[i].proto; + if (info.ingress_vlans & BIT(i)) + th[!dir].tuple.in_vlan_ingress |= BIT(j); + j++; + } + th[!dir].tuple.encap_num = info.num_encaps; + + th[dir].tuple.mtu = dst_dev->mtu; + ether_addr_copy(th[dir].tuple.out.h_source, src_ha); + ether_addr_copy(th[dir].tuple.out.h_dest, dst_ha); + th[dir].tuple.out.ifidx = info.outdev->ifindex; + th[dir].tuple.xmit_type = FLOW_OFFLOAD_XMIT_DIRECT; + + return 0; +} + +static int nft_flow_offload_bridge_init(struct flow_offload *flow, + const struct nft_pktinfo *pkt, + enum ip_conntrack_dir dir, + struct nft_flowtable *ft) +{ + const struct net_device *in_dev, *out_dev; + struct ethhdr *eth = eth_hdr(pkt->skb); + struct flow_offload_tuple *tuple; + struct pppoe_hdr *phdr; + struct vlan_hdr *vhdr; + int err, i = 0; + + in_dev = nft_in(pkt); + if (!in_dev || !nft_flowtable_find_dev(in_dev, ft)) + return -1; + + out_dev = nft_out(pkt); + if (!out_dev || !nft_flowtable_find_dev(out_dev, ft)) + return -1; + + tuple = &flow->tuplehash[!dir].tuple; + + if (skb_vlan_tag_present(pkt->skb)) { + tuple->encap[i].id = skb_vlan_tag_get(pkt->skb); + tuple->encap[i].proto = pkt->skb->vlan_proto; + i++; + } + switch (pkt->skb->protocol) { + case htons(ETH_P_8021Q): + vhdr = (struct vlan_hdr *)skb_network_header(pkt->skb); + tuple->encap[i].id = ntohs(vhdr->h_vlan_TCI); + tuple->encap[i].proto = pkt->skb->protocol; + i++; + break; + case htons(ETH_P_PPP_SES): + phdr = (struct pppoe_hdr *)skb_network_header(pkt->skb); + tuple->encap[i].id = ntohs(phdr->sid); + tuple->encap[i].proto = pkt->skb->protocol; + i++; + break; + } + tuple->encap_num = i; + + err = nft_dev_fill_bridge_path(flow, ft, !dir, out_dev, in_dev, + eth->h_dest, eth->h_source); + if (err < 0) + return err; + + memset(tuple->encap, 0, sizeof(tuple->encap)); + + err = nft_dev_fill_bridge_path(flow, ft, dir, in_dev, out_dev, + eth->h_source, eth->h_dest); + if (err < 0) + return err; + + return 0; +} + static void nft_dev_forward_path(struct nf_flow_route *route, const struct nf_conn *ct, enum ip_conntrack_dir dir, @@ -311,6 +433,7 @@ static void nft_flow_offload_eval(const struct nft_expr *expr, { struct nft_flow_offload *priv = nft_expr_priv(expr); struct nf_flowtable *flowtable = &priv->flowtable->data; + bool routing = flowtable->type->family != NFPROTO_BRIDGE; struct tcphdr _tcph, *tcph = NULL; struct nf_flow_route route = {}; enum ip_conntrack_info ctinfo; @@ -364,14 +487,21 @@ static void nft_flow_offload_eval(const struct nft_expr *expr, goto out; dir = CTINFO2DIR(ctinfo); - if (nft_flow_route(pkt, ct, &route, dir, priv->flowtable) < 0) - goto err_flow_route; + if (routing) { + if (nft_flow_route(pkt, ct, &route, dir, priv->flowtable) < 0) + goto err_flow_route; + } flow = flow_offload_alloc(ct); if (!flow) goto err_flow_alloc; - flow_offload_route_init(flow, &route); + if (routing) + flow_offload_route_init(flow, &route); + else + if (nft_flow_offload_bridge_init(flow, pkt, dir, priv->flowtable) < 0) + goto err_flow_add; + if (tcph) flow_offload_ct_tcp(ct); @@ -419,8 +549,10 @@ static void nft_flow_offload_eval(const struct nft_expr *expr, err_flow_add: flow_offload_free(flow); err_flow_alloc: - dst_release(route.tuple[dir].dst); - dst_release(route.tuple[!dir].dst); + if (routing) { + dst_release(route.tuple[dir].dst); + dst_release(route.tuple[!dir].dst); + } err_flow_route: clear_bit(IPS_OFFLOAD_BIT, &ct->status); out: