From patchwork Sun Feb 9 11:10:21 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13966776 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-ej1-f47.google.com (mail-ej1-f47.google.com [209.85.218.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 999B51925AF; Sun, 9 Feb 2025 11:10:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.47 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739099448; cv=none; b=R9FpPRVwP1+taAfkfrZYI9glMVM2dMb5PSmdbWc9tJNLxr6L/aM1V3y1U4gHlkH4fxSbWOqzInwJuo0tcfe3ELr+FNnXOpwBqi1iVyorjW9hkhwy5edlYGHMbvLMyB/QJN4feyCunKx5/IhQKIrJilO1yaYn/PBS6dVVwQsFxNw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739099448; c=relaxed/simple; bh=6qTrGKDXayYgForfimYFbs5dKUPB0f6H2/utl8/7J6k=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=UZq3sg4Wyb2k+vltRrlwPahif7ttyynsTfPhkP66UgUs38QnFe1UwhvI5FmHv3MOF8BXqN5brfovZO7zbPoMTAi39i7tdA3qeMD4O15m7PTR5j5CuK5QlKlr1UVUaYEYW3OPyTgUfwGt7Vlu+fx/EQEWdJW23Kk6NjgfXYjwFi0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=HKYA5EbY; arc=none smtp.client-ip=209.85.218.47 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="HKYA5EbY" Received: by mail-ej1-f47.google.com with SMTP id a640c23a62f3a-aaeec07b705so564553666b.2; Sun, 09 Feb 2025 03:10:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1739099445; x=1739704245; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Jv+cLmILsq6/Q63wf4VLe/fU0JLiD7L+ZSaxXE2WQYo=; b=HKYA5EbYwz6QtPiU+IaVB1HdvUamUIxo4+yYSDxiGE2t6sngoYzstCAa79xqvg5wn7 HncMS/l3Ue7oB24OOmBLUMgWZa3E5IvnCMEHoiQkV+4X3nOTAyHrRp4Zm54WoFMHEJnw PEmIrBrQiwJV56N6D92jZZI/3zIpzeCviqTWsrjbcapVI3GRwMb3FoS0v98++D5EbpUN PPNSaa1KiGil4Kdb3gfjIaVI2r8rWE7g62wAe6tP2arYJnGygr72dq3b5b2qKTgIVFYS P+ng/I0mkmfURCFG3wwa2867ooMVyfhgo03YR/JvzvCJY6hZvCtk9P8d93ewDAcOLzU0 6R8w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1739099445; x=1739704245; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Jv+cLmILsq6/Q63wf4VLe/fU0JLiD7L+ZSaxXE2WQYo=; b=Bmy7rTGF6quABEMogF5Zain4uWzNn1aiyYD6GFn/T8ubEW2J6HAV9LbHWjb6mu/jd9 QfPiyZ9gz7/nunyKc5kUVKpk7J/8+8Ulce8wIyhIaaYh6k4s8xwMBv094ygpNoXo6qtC mhTp/sN8nJSHDxxCv+ePAuNYjSuCgQBQwbO1uK+IDdQztvIN6AmbQzObcJZqB9LGGVlk 2jsslc4PZtIRltFNsY8OXrpMPtJvnVoILL4c8g2F0O7k4zfJ6PVPAxod3SGCG/niKLIe 4I1SI3AtVEw5QGugNH0L518S+cpyQArviAEjNBbILcBka9BF+3Mka6RA+gLsBtafVsZc ttYA== X-Forwarded-Encrypted: i=1; AJvYcCU/6CR2ZVhzGanR9DUfetMAZNLOFfadi14a/ZgvhqyTnMDAvzAauhn8hF1SRERhbtmJutO4qrj4+5a4EOc=@vger.kernel.org, AJvYcCW9DS/gk387SMH2H2TR4lJ2Wzjqf+RtGmKB1kHiU3OEsGH9ZLcyWrgWU3EFqjXOOkSPOvVnQZXQS1txjt3YRB5V@vger.kernel.org X-Gm-Message-State: AOJu0YwTEJN8Xci6Ry/KhMS3Ic0MVQsE8jmG0kH7Ac8jYndrGYlfCIus +H0PH2xH1TVhb5c9ejsxAS8YARPQDtZJaUOSv9QfcpNR39q48mnM X-Gm-Gg: ASbGnctW+KAr4PZeUe/i0Hy9B3D0qeCp6iFf//GitQGB8kHASOILdKi+s4C3gNja8Ya kCNNXxQ1NAYFBZ9/Eievxe09q0ClzPFRdtCT9L045u34sI4q3XkP86by26IvLQkJRV2STKzCDmf teFENRuLesw5yz1Xg7lRl6TtzrYZo7VQu7MX5OZ1mPRhdkd5c1TlJCaZ8/LM7Gvn4d881YZylAd Ug1GiOf57uwn5YKNLC166TRpSn4sgOxnZ6v7CMZMV5X6F5BOVOFsAAa3O4dZmut2ijMaXfv3+/w mLw2ofSo2DElVwkEd/Q35pcjC0ISxKo8FTz9nuNKo1ZqJrbrT4tCfKEyrXqU5dG30OxrduQB+/k KQrfwZFYCEPCK1E73CcWE/wvy2rG3042R X-Google-Smtp-Source: AGHT+IFXYULiROmtF4EyTfGufju+UjViGw3XLxQmSmt9lA2TpOAIjz2H8Xb5sfx3OKtKl9zdly0ehQ== X-Received: by 2002:a17:906:3586:b0:ab7:97ca:e8f6 with SMTP id a640c23a62f3a-ab797caed01mr570807566b.54.1739099443030; Sun, 09 Feb 2025 03:10:43 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-ab79afc7452sm357516366b.163.2025.02.09.03.10.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 09 Feb 2025 03:10:42 -0800 (PST) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Andrew Lunn , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH v6 net-next 01/14] netfilter: nf_flow_table_offload: Add nf_flow_encap_push() for xmit direct Date: Sun, 9 Feb 2025 12:10:21 +0100 Message-ID: <20250209111034.241571-2-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250209111034.241571-1-ericwouds@gmail.com> References: <20250209111034.241571-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org Loosely based on wenxu's patches: "nf_flow_table_offload: offload the vlan/PPPoE encap in the flowtable". Fixed double vlan and pppoe packets, almost entirely rewriting the patch. After this patch, it is possible to transmit packets in the fastpath with outgoing encaps, without using vlan- and/or pppoe-devices. This makes it possible to use more different kinds of network setups. For example, when bridge tagging is used to egress vlan tagged packets using the forward fastpath. Another example is passing 802.1q tagged packets through a bridge using the bridge fastpath. This also makes the software fastpath process more similar to the hardware offloaded fastpath process, where encaps are also pushed. After applying this patch, always info->outdev = info->hw_outdev, so the netfilter code can be further cleaned up by removing: * hw_outdev from struct nft_forward_info * out.hw_ifindex from struct nf_flow_route * out.hw_ifidx from struct flow_offload_tuple Reviewed-by: Nikolay Aleksandrov Signed-off-by: Eric Woudstra --- net/netfilter/nf_flow_table_ip.c | 96 +++++++++++++++++++++++++++++++- net/netfilter/nft_flow_offload.c | 6 +- 2 files changed, 96 insertions(+), 6 deletions(-) diff --git a/net/netfilter/nf_flow_table_ip.c b/net/netfilter/nf_flow_table_ip.c index 97c6eb8847a0..b9292eb40907 100644 --- a/net/netfilter/nf_flow_table_ip.c +++ b/net/netfilter/nf_flow_table_ip.c @@ -306,6 +306,92 @@ static bool nf_flow_skb_encap_protocol(struct sk_buff *skb, __be16 proto, return false; } +static int nf_flow_vlan_inner_push(struct sk_buff *skb, __be16 proto, u16 id) +{ + struct vlan_hdr *vhdr; + + if (skb_cow_head(skb, VLAN_HLEN)) + return -1; + + __skb_push(skb, VLAN_HLEN); + skb_reset_network_header(skb); + + vhdr = (struct vlan_hdr *)(skb->data); + vhdr->h_vlan_TCI = htons(id); + vhdr->h_vlan_encapsulated_proto = skb->protocol; + skb->protocol = proto; + + return 0; +} + +static int nf_flow_ppoe_push(struct sk_buff *skb, u16 id) +{ + struct ppp_hdr { + struct pppoe_hdr hdr; + __be16 proto; + } *ph; + int data_len = skb->len + 2; + __be16 proto; + + if (skb_cow_head(skb, PPPOE_SES_HLEN)) + return -1; + + if (skb->protocol == htons(ETH_P_IP)) + proto = htons(PPP_IP); + else if (skb->protocol == htons(ETH_P_IPV6)) + proto = htons(PPP_IPV6); + else + return -1; + + __skb_push(skb, PPPOE_SES_HLEN); + skb_reset_network_header(skb); + + ph = (struct ppp_hdr *)(skb->data); + ph->hdr.ver = 1; + ph->hdr.type = 1; + ph->hdr.code = 0; + ph->hdr.sid = htons(id); + ph->hdr.length = htons(data_len); + ph->proto = proto; + skb->protocol = htons(ETH_P_PPP_SES); + + return 0; +} + +static int nf_flow_encap_push(struct sk_buff *skb, + struct flow_offload_tuple_rhash *tuplehash, + unsigned short *type) +{ + int i = 0, ret = 0; + + if (!tuplehash->tuple.encap_num) + return 0; + + if (tuplehash->tuple.encap[i].proto == htons(ETH_P_8021Q) || + tuplehash->tuple.encap[i].proto == htons(ETH_P_8021AD)) { + __vlan_hwaccel_put_tag(skb, tuplehash->tuple.encap[i].proto, + tuplehash->tuple.encap[i].id); + i++; + if (i >= tuplehash->tuple.encap_num) + return 0; + } + + switch (tuplehash->tuple.encap[i].proto) { + case htons(ETH_P_8021Q): + *type = ETH_P_8021Q; + ret = nf_flow_vlan_inner_push(skb, + tuplehash->tuple.encap[i].proto, + tuplehash->tuple.encap[i].id); + break; + case htons(ETH_P_PPP_SES): + *type = ETH_P_PPP_SES; + ret = nf_flow_ppoe_push(skb, + tuplehash->tuple.encap[i].id); + break; + } + return ret; +} + static void nf_flow_encap_pop(struct sk_buff *skb, struct flow_offload_tuple_rhash *tuplehash) { @@ -335,6 +421,7 @@ static void nf_flow_encap_pop(struct sk_buff *skb, static unsigned int nf_flow_queue_xmit(struct net *net, struct sk_buff *skb, const struct flow_offload_tuple_rhash *tuplehash, + struct flow_offload_tuple_rhash *other_tuplehash, unsigned short type) { struct net_device *outdev; @@ -343,6 +430,9 @@ static unsigned int nf_flow_queue_xmit(struct net *net, struct sk_buff *skb, if (!outdev) return NF_DROP; + if (nf_flow_encap_push(skb, other_tuplehash, &type) < 0) + return NF_DROP; + skb->dev = outdev; dev_hard_header(skb, skb->dev, type, tuplehash->tuple.out.h_dest, tuplehash->tuple.out.h_source, skb->len); @@ -464,7 +554,8 @@ nf_flow_offload_ip_hook(void *priv, struct sk_buff *skb, ret = NF_STOLEN; break; case FLOW_OFFLOAD_XMIT_DIRECT: - ret = nf_flow_queue_xmit(state->net, skb, tuplehash, ETH_P_IP); + ret = nf_flow_queue_xmit(state->net, skb, tuplehash, + &flow->tuplehash[!dir], ETH_P_IP); if (ret == NF_DROP) flow_offload_teardown(flow); break; @@ -761,7 +852,8 @@ nf_flow_offload_ipv6_hook(void *priv, struct sk_buff *skb, ret = NF_STOLEN; break; case FLOW_OFFLOAD_XMIT_DIRECT: - ret = nf_flow_queue_xmit(state->net, skb, tuplehash, ETH_P_IPV6); + ret = nf_flow_queue_xmit(state->net, skb, tuplehash, + &flow->tuplehash[!dir], ETH_P_IPV6); if (ret == NF_DROP) flow_offload_teardown(flow); break; diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index 46a6d280b09c..b4baee519e18 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -124,13 +124,12 @@ static void nft_dev_path_info(const struct net_device_path_stack *stack, info->indev = NULL; break; } - if (!info->outdev) - info->outdev = path->dev; info->encap[info->num_encaps].id = path->encap.id; info->encap[info->num_encaps].proto = path->encap.proto; info->num_encaps++; if (path->type == DEV_PATH_PPPOE) memcpy(info->h_dest, path->encap.h_dest, ETH_ALEN); + info->xmit_type = FLOW_OFFLOAD_XMIT_DIRECT; break; case DEV_PATH_BRIDGE: if (is_zero_ether_addr(info->h_source)) @@ -158,8 +157,7 @@ static void nft_dev_path_info(const struct net_device_path_stack *stack, break; } } - if (!info->outdev) - info->outdev = info->indev; + info->outdev = info->indev; info->hw_outdev = info->indev; From patchwork Sun Feb 9 11:10:22 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13966777 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-ed1-f45.google.com (mail-ed1-f45.google.com [209.85.208.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 78160192D87; Sun, 9 Feb 2025 11:10:47 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.45 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739099449; cv=none; b=YJIUgKqWItoFK2RU8a1OarpfOpvgVUtc0t16fQEfsmlSiPrVTyyufwRuNe+P17COtn2+7WeC8jzFGYKwmtUb4NesUXkqfmV76bKxWwIM/ithBJkCgg5BNOKvaLTXqXp0CnsjAaux9VdcpYMW3MmZ0WqKuo+7oEHKR+7NbpdoD/0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739099449; c=relaxed/simple; bh=G4AeYP9zNF3PKma7qNeEx/0jubqtWO3LgYnYYjWH/PA=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=raKszrtp3slOZrI9p7V4QwlabYX+9zL/L/8zKZe+jtSb7hiip0mz0pZYxH/MVCoEfYRpesiyU3Ev5H14gVFjY4INefDE3XMQqQDJIaVCsLo70vzJJowEEUdMJL3hjjzH0BB3C1cweDtkrT8rrA4ZgeCkZ51jmY8SWIVJcS/1ikQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=DRa7BazD; arc=none smtp.client-ip=209.85.208.45 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="DRa7BazD" Received: by mail-ed1-f45.google.com with SMTP id 4fb4d7f45d1cf-5de7519e5a7so282257a12.2; Sun, 09 Feb 2025 03:10:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1739099446; x=1739704246; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=h3xV3TA0ockrC7/s5OEcRj/pNoR8pLIoTTKhN2eYQLw=; b=DRa7BazDpEgYjDHg9FuhufYxj9dqB7l82v+ujl5fNxdNYnt4xsSrREQL/hnjtJNXYA WXS0f/nsje64XPURdcx10FqNuiR/qY3qoAZYUNNR9C+lDZ3aonI+wdyR9BeeeKsPtKw6 skWjsLVtpIBiyK+m5ZIXlkzDcIP9iOAYDTI7gyxNcQVRFVRle8eIcmGHJSvW1ncG5KeB jwMjjnua78FDWWrNT/89S3vTHd0GXAJRd81TrlKstVk6jGntPIY9pVvglm8otgEPaVzR xuKJAhlihc0cfVaJJRzfZQIZOHos1aROoqW89hcfyOVvIV6hWYg5hTFiPm7ysFxAu2ls iZ/Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1739099446; x=1739704246; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=h3xV3TA0ockrC7/s5OEcRj/pNoR8pLIoTTKhN2eYQLw=; b=UbsIPtB7bmIn+4gNbx79a+AHXiPoliGilfaG9gf/GQWCgl+94Mb3FohSfRMbb1q4a7 2QCixNrvYiwKm0c7nQprcFYEphpe6qstJ48qWCSGJbe7FdYzRgTuFbM1R2HH4qX93OZ0 BBZ3sS7NbaBDoHlrWFbKc0IAaM+Ef+405tCcfX2liK45Spwy3xfoA5Sms68KQDYril2P 3AMf4Le98QHQ1sU/HzvFo53hZItOPFrr6Y89B4DqPMhKK25pLsLAEfI2PMPVqR+eK/+A JgzRheWqoPxXmfdbmOl+xGmB4KLuE2AHH9KcpWJblUoMRnUkf00fw4QdW/KRmPkNudFb kw2A== X-Forwarded-Encrypted: i=1; AJvYcCX/pRTmrmRQ/PjvRxINfeq430vn7AlDP2/XJdKk3pIGgmv87hYkjHl8IORxGCEN8Pi5TFXGPUfbR2/eoX8=@vger.kernel.org, AJvYcCXno3sNvs4Iz7obZqdMfG8PM8EEGgX/ngAn1Gc2IwODTpHFqfog1hfjiy71R4vPTHx89XqzI2cdiesjHyWhALAz@vger.kernel.org X-Gm-Message-State: AOJu0YwcCMgHWE+NN1M1QN5/bfx5u4/k3M/8T5glbP0WA+ZHgYGPvjG1 9cRCJnL1f3ilz6bXp0KqTAYfY51JxyKtZKOo2b92fcG5PUhMr5Vb X-Gm-Gg: ASbGncvbNNIMQoq+IFhPdOA7QIKZef+VbsO8iNuSDm7jwNDOLjN2+0QJ4WUlUKJgx9k L5S+Pi9ZaUoLGUOhFAErVtKpZlAa6YLcPyqyo9w0Dgh8l6deXQGnTugzLeoSrG4eCy2nRMCe7I6 yGThmkIJGAAqUsyJl3lOiYLNBMTMTD2M/wZ9fnWw0IT65nlNoDtSwkpcZvdOdnVZGoX+oPsidE9 czHtuv5YevMycoVH231j/+07SM8W0BxPERGsdFcSN1ocAqncjfP5c+Ol13J9zt+cCDn0yQhsl3c 6LAWAmgTFKfK1tO3PG5s7ELqhTb9czBIWPxYenpTerfFBTMMdMaPZR2RtuePGdVoV0N2ZBjYyaQ 2BmJkCdjwn4Zoi5BR2mMEtqBoZiYDZqZF X-Google-Smtp-Source: AGHT+IGgn06hMTlVvi9pNiIOCGf289zNj88FfDXoxW/6B8WNNLYcdoNWmCMQN1J0/mTfbfKOoidTdg== X-Received: by 2002:a17:906:4fd6:b0:aab:d7ef:d44 with SMTP id a640c23a62f3a-ab789aecd06mr902224966b.24.1739099445427; Sun, 09 Feb 2025 03:10:45 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-ab79afc7452sm357516366b.163.2025.02.09.03.10.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 09 Feb 2025 03:10:44 -0800 (PST) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Andrew Lunn , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH v6 net-next 02/14] netfilter: flow: remove hw_outdev, out.hw_ifindex and out.hw_ifidx Date: Sun, 9 Feb 2025 12:10:22 +0100 Message-ID: <20250209111034.241571-3-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250209111034.241571-1-ericwouds@gmail.com> References: <20250209111034.241571-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org Now always info->outdev == info->hw_outdev, so the netfilter code can be further cleaned up by removing: * hw_outdev from struct nft_forward_info * out.hw_ifindex from struct nf_flow_route * out.hw_ifidx from struct flow_offload_tuple Reviewed-by: Nikolay Aleksandrov Signed-off-by: Eric Woudstra --- include/net/netfilter/nf_flow_table.h | 2 -- net/netfilter/nf_flow_table_core.c | 1 - net/netfilter/nf_flow_table_offload.c | 2 +- net/netfilter/nft_flow_offload.c | 4 ---- 4 files changed, 1 insertion(+), 8 deletions(-) diff --git a/include/net/netfilter/nf_flow_table.h b/include/net/netfilter/nf_flow_table.h index d711642e78b5..4ab32fb61865 100644 --- a/include/net/netfilter/nf_flow_table.h +++ b/include/net/netfilter/nf_flow_table.h @@ -145,7 +145,6 @@ struct flow_offload_tuple { }; struct { u32 ifidx; - u32 hw_ifidx; u8 h_source[ETH_ALEN]; u8 h_dest[ETH_ALEN]; } out; @@ -211,7 +210,6 @@ struct nf_flow_route { } in; struct { u32 ifindex; - u32 hw_ifindex; u8 h_source[ETH_ALEN]; u8 h_dest[ETH_ALEN]; } out; diff --git a/net/netfilter/nf_flow_table_core.c b/net/netfilter/nf_flow_table_core.c index 9d8361526f82..1e5d3735c028 100644 --- a/net/netfilter/nf_flow_table_core.c +++ b/net/netfilter/nf_flow_table_core.c @@ -127,7 +127,6 @@ static int flow_offload_fill_route(struct flow_offload *flow, memcpy(flow_tuple->out.h_source, route->tuple[dir].out.h_source, ETH_ALEN); flow_tuple->out.ifidx = route->tuple[dir].out.ifindex; - flow_tuple->out.hw_ifidx = route->tuple[dir].out.hw_ifindex; dst_release(dst); break; case FLOW_OFFLOAD_XMIT_XFRM: diff --git a/net/netfilter/nf_flow_table_offload.c b/net/netfilter/nf_flow_table_offload.c index e06bc36f49fe..d8f7bfd60ac6 100644 --- a/net/netfilter/nf_flow_table_offload.c +++ b/net/netfilter/nf_flow_table_offload.c @@ -555,7 +555,7 @@ static void flow_offload_redirect(struct net *net, switch (this_tuple->xmit_type) { case FLOW_OFFLOAD_XMIT_DIRECT: this_tuple = &flow->tuplehash[dir].tuple; - ifindex = this_tuple->out.hw_ifidx; + ifindex = this_tuple->out.ifidx; break; case FLOW_OFFLOAD_XMIT_NEIGH: other_tuple = &flow->tuplehash[!dir].tuple; diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index b4baee519e18..5ef2f4ba7ab8 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -80,7 +80,6 @@ static int nft_dev_fill_forward_path(const struct nf_flow_route *route, struct nft_forward_info { const struct net_device *indev; const struct net_device *outdev; - const struct net_device *hw_outdev; struct id { __u16 id; __be16 proto; @@ -159,8 +158,6 @@ static void nft_dev_path_info(const struct net_device_path_stack *stack, } info->outdev = info->indev; - info->hw_outdev = info->indev; - if (nf_flowtable_hw_offload(flowtable) && nft_is_valid_ether_device(info->indev)) info->xmit_type = FLOW_OFFLOAD_XMIT_DIRECT; @@ -212,7 +209,6 @@ static void nft_dev_forward_path(struct nf_flow_route *route, memcpy(route->tuple[dir].out.h_source, info.h_source, ETH_ALEN); memcpy(route->tuple[dir].out.h_dest, info.h_dest, ETH_ALEN); route->tuple[dir].out.ifindex = info.outdev->ifindex; - route->tuple[dir].out.hw_ifindex = info.hw_outdev->ifindex; route->tuple[dir].xmit_type = info.xmit_type; } } From patchwork Sun Feb 9 11:10:23 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13966778 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-ed1-f53.google.com (mail-ed1-f53.google.com [209.85.208.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EFCC8199FC5; Sun, 9 Feb 2025 11:10:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.53 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739099451; cv=none; b=NZYQMTZsNTQpbaJaNPHReTNeU1liYjZqVNoqdOeIlIO4llsdQ4In3RcdWM4HW+kNFahDwc9Al1ID4q1eC7VYbA3iYjIGdmGsrEds1Fx98a4yyYtqJ95nZqkzKrHd5PZQx8AhFQe/89I9whkXy+DECFDp0yBZTsrbWKQ4CpZ33ok= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739099451; c=relaxed/simple; bh=Cv52Ysjt2lko9sBWDja1ONZ3DhITuFZz/l5ensZZgPc=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=mBrApA5Lc4rScvlTkilq13BmebXC2kkGAg0/6ggcClacGc/DaeN8W/xx5gnyGxcfCZbU9coo5lNi2YHgLHKCQP13FiVy48JdRyvJ0pJ/5I/8rX4wNTzwN9sHjSV8XWDNPFzzGsAI2EKjzy7jc+cuz0cb83ZpnJgviILlzapLMxc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=Ru+AxV68; arc=none smtp.client-ip=209.85.208.53 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="Ru+AxV68" Received: by mail-ed1-f53.google.com with SMTP id 4fb4d7f45d1cf-5dc89df7eccso6916723a12.3; Sun, 09 Feb 2025 03:10:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1739099447; x=1739704247; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=+rhlCg4/52AHm6e8tJsmpQptNUxepmsLI5spztxpn6c=; b=Ru+AxV68dLHK/GavfUk3WLVjLd+9qjbxWooaD6Vqzl/Gh71FQjdvs/iL0WXCa7Roo0 MDpQY05uRM+C0TnEFbqgUIIDJxKX7nj4KAv4hjyNQKuu184sw9Iyg12CgBnethXiYJ67 b31gx9c7S+T/qqu0E/Ro31/KidTMv+TzldzyJRpsd15INZia/8qilXy4w29WBHOSEgKr QUieRixhQiuoETQYVoa56fCegn32MxW7h9oEwQge700jRVpe5Rq6vQDq8Qt49xx/1FX+ GBmYE9kPSikc/JYJT5jFNRj62A/UZfWfhL/+x1IyjJT8x0Q7Vk+nHM07WFZlLYVr7zDk I3UQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1739099447; x=1739704247; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=+rhlCg4/52AHm6e8tJsmpQptNUxepmsLI5spztxpn6c=; b=gJHFr8CmhO7supRsQW0evup9mktC6nK3MC7Nt8Zyk3X+OHOWjLlSeQ+1Z2R/0+VuF2 DnzOmZseQuHnHlwh4rDT3Yy6SmtgJqvEUmBMWCwNM8STUtMgrh2SBFXYd16PP7CzCoPP R6u01x+xOlPax6IZ3Ma58GVDZt3+ja9DvSpQu/fmliekEAWYzljT9zjzbQzQ1Gsvmjli stIlpre74J/SRc+SagZfpvo6z+uygOkcCpvCLTJ7WVku3mgDrumGj4ciPLlHnT1dSfGa 0fN74UzSnbOBeWOEXG0Ox7V2y7sbYcwLN5WLKhQtW2QelPL+05ejBbw6Dj/1pHOjzh3a LikA== X-Forwarded-Encrypted: i=1; AJvYcCVxw6rwK/7/hBWZunP6ZDLhiE9JJwR+CD844bUxa7LFKN0JFZdZqJ7F1635l9LBl5pYMZTvykOpK2tEVWE=@vger.kernel.org, AJvYcCX5u8lrk+xjfDzfdKqAvFRKchJ0hG/2ImizilaNmzx2Xcybwkjlo/4Pgwcvk4oKn8Iln9GxclcsfZ+Z13l4FEhO@vger.kernel.org X-Gm-Message-State: AOJu0Yz3PTTKHx98rJA0o/oHeVPcoMZzTn440OiNEl6lhAkag8dTo8gJ 8W0lU1DoAvbD5XL8rN4JfdFsgjdOB5e70Ws/Hnu4CCHG3M/2d81y X-Gm-Gg: ASbGncv2OmmwDQAoHsecEwA/2HJKy1R+BOjD+wjwIkWV31dkUArMIbJBJYUcs4d8QWZ 72aOHqg6wNw6xc/jgd1TklToXkTpW2MegNXrvggNkm1OT1PAxaP340hGjaxvNeP5xwazgBufxZh Ec3vRDYh/PxtC5rM3ERJaJLVtDvA1lVPE9UIVrUoO66Zm21Fxp8Gu4fnKSmpnNcJ8gvJNHfH6YF hPwWGXdgjJOotwRJe8cUg6N6qt6XfQm24GmxCLJURf0cMfvaXErLQzWh+mADOwf2srfOtcVKs8V PhtdeYBT5AVjRXIxuGpB6nJ4I3Sqf9rtVG5Fx5KHw2enzdMYOd9cvwHTs99jNJu94Jemfm4srPy qTefj2m5VIyrI6PMokNdVHN+LOmwbdTL4 X-Google-Smtp-Source: AGHT+IEJGx8wQoo1dMKGJULnbHYNaXYTUKaNfqX5z4+uVPE/Bt8Onuv1jKMr9kAQ8Pgh/X+AOmc+8w== X-Received: by 2002:a17:907:c04:b0:ab7:e71:adb5 with SMTP id a640c23a62f3a-ab789cbe4f0mr1245719366b.35.1739099447174; Sun, 09 Feb 2025 03:10:47 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-ab79afc7452sm357516366b.163.2025.02.09.03.10.45 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 09 Feb 2025 03:10:46 -0800 (PST) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Andrew Lunn , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH v6 net-next 03/14] netfilter: bridge: Add conntrack double vlan and pppoe Date: Sun, 9 Feb 2025 12:10:23 +0100 Message-ID: <20250209111034.241571-4-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250209111034.241571-1-ericwouds@gmail.com> References: <20250209111034.241571-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org This adds the capability to conntrack 802.1ad, QinQ, PPPoE and PPPoE-in-Q packets that are passing a bridge. Signed-off-by: Eric Woudstra --- net/bridge/netfilter/nf_conntrack_bridge.c | 83 ++++++++++++++++++---- 1 file changed, 71 insertions(+), 12 deletions(-) diff --git a/net/bridge/netfilter/nf_conntrack_bridge.c b/net/bridge/netfilter/nf_conntrack_bridge.c index 816bb0fde718..4b4e3751fb13 100644 --- a/net/bridge/netfilter/nf_conntrack_bridge.c +++ b/net/bridge/netfilter/nf_conntrack_bridge.c @@ -242,53 +242,112 @@ static unsigned int nf_ct_bridge_pre(void *priv, struct sk_buff *skb, { struct nf_hook_state bridge_state = *state; enum ip_conntrack_info ctinfo; + int ret, offset = 0; struct nf_conn *ct; - u32 len; - int ret; + __be16 outer_proto; + u32 len, data_len; ct = nf_ct_get(skb, &ctinfo); if ((ct && !nf_ct_is_template(ct)) || ctinfo == IP_CT_UNTRACKED) return NF_ACCEPT; + switch (skb->protocol) { + case htons(ETH_P_PPP_SES): { + struct ppp_hdr { + struct pppoe_hdr hdr; + __be16 proto; + } *ph; + + offset = PPPOE_SES_HLEN; + if (!pskb_may_pull(skb, offset)) + return NF_ACCEPT; + outer_proto = skb->protocol; + ph = (struct ppp_hdr *)(skb->data); + switch (ph->proto) { + case htons(PPP_IP): + skb->protocol = htons(ETH_P_IP); + break; + case htons(PPP_IPV6): + skb->protocol = htons(ETH_P_IPV6); + break; + default: + nf_ct_set(skb, NULL, IP_CT_UNTRACKED); + return NF_ACCEPT; + } + data_len = ntohs(ph->hdr.length) - 2; + skb_pull_rcsum(skb, offset); + skb_reset_network_header(skb); + break; + } + case htons(ETH_P_8021Q): { + struct vlan_hdr *vhdr; + + offset = VLAN_HLEN; + if (!pskb_may_pull(skb, offset)) + return NF_ACCEPT; + outer_proto = skb->protocol; + vhdr = (struct vlan_hdr *)(skb->data); + skb->protocol = vhdr->h_vlan_encapsulated_proto; + data_len = U32_MAX; + skb_pull_rcsum(skb, offset); + skb_reset_network_header(skb); + break; + } + default: + data_len = U32_MAX; + break; + } + + ret = NF_ACCEPT; switch (skb->protocol) { case htons(ETH_P_IP): if (!pskb_may_pull(skb, sizeof(struct iphdr))) - return NF_ACCEPT; + goto do_not_track; len = skb_ip_totlen(skb); + if (data_len < len) + len = data_len; if (pskb_trim_rcsum(skb, len)) - return NF_ACCEPT; + goto do_not_track; if (nf_ct_br_ip_check(skb)) - return NF_ACCEPT; + goto do_not_track; bridge_state.pf = NFPROTO_IPV4; ret = nf_ct_br_defrag4(skb, &bridge_state); break; case htons(ETH_P_IPV6): if (!pskb_may_pull(skb, sizeof(struct ipv6hdr))) - return NF_ACCEPT; + goto do_not_track; len = sizeof(struct ipv6hdr) + ntohs(ipv6_hdr(skb)->payload_len); + if (data_len < len) + len = data_len; if (pskb_trim_rcsum(skb, len)) - return NF_ACCEPT; + goto do_not_track; if (nf_ct_br_ipv6_check(skb)) - return NF_ACCEPT; + goto do_not_track; bridge_state.pf = NFPROTO_IPV6; ret = nf_ct_br_defrag6(skb, &bridge_state); break; default: nf_ct_set(skb, NULL, IP_CT_UNTRACKED); - return NF_ACCEPT; + goto do_not_track; } - if (ret != NF_ACCEPT) - return ret; + if (ret == NF_ACCEPT) + ret = nf_conntrack_in(skb, &bridge_state); - return nf_conntrack_in(skb, &bridge_state); +do_not_track: + if (offset) { + skb_push_rcsum(skb, offset); + skb_reset_network_header(skb); + skb->protocol = outer_proto; + } + return ret; } static unsigned int nf_ct_bridge_in(void *priv, struct sk_buff *skb, From patchwork Sun Feb 9 11:10:24 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13966779 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-ej1-f52.google.com (mail-ej1-f52.google.com [209.85.218.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BAAEB1A9B27; Sun, 9 Feb 2025 11:10:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.52 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739099452; cv=none; b=gGYhyX2dpttBKUJdNVX4yC6tO8ALfb3eLeVWCnlUrXlrGEGW+5Hop1aOAD0qi8G9cXHPrhknQkC0Eyz1TxMLFVYZbsPq8/gZuXa9lJwhfj8uu9Gy7P8su7zB6tuBXZo2VZETsH4ubfthZk3RlTHqykMZ7xWq1FxHkXtGXcrCl6g= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739099452; c=relaxed/simple; bh=WOvVk2IW6QUSaxpGvpwW6W6ywpdv9Y60/i896yobQ+k=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=X4z7MHhLqiwXkBZ+o2j1aacf3S/P+BA3TURl9p4X+EDLzESIE8sZkxR3Hi9bn78UknP9BiqHwsG+rohLTdsrQ/aEtNVe2d8xDX0WGurEO4LcvFNNXnFGtWtIQRDElrCAuDvdOXBnzNsSYvcVc5VyyiaxW3n0/V2xzQfKHnEKJqU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=DauT4Krk; arc=none smtp.client-ip=209.85.218.52 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="DauT4Krk" Received: by mail-ej1-f52.google.com with SMTP id a640c23a62f3a-ab77e266c71so471178966b.2; Sun, 09 Feb 2025 03:10:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1739099449; x=1739704249; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=ukwtTV0ExXBJKM7v4LhbJXSMG6hQJqW8GgzzDxNF23M=; b=DauT4KrkVrV6NwHizVLsWVHaeNc1w68DOWSLfoFb064b2HWpgUEc2+O8RQSHtn2FBi 8zs/B2XvXMjqTxtq5L8shX5xnPo5Ej29VPWNS7LNlZQO/wpazfxtebbMMmrKAmeSkc95 SwwWgbVHPQeqR4oqKF8m/HmI6/6MzC6NuF3URCPAZR5RiYa/mYNYtZBO6JLLpQFmZZIc EPUdIMWPW3Rif/zXMYYMrpN8RRLY7KI2CAd4AIYgvkGda/Zfnm973wHvB62eiirbb+Qg sZstbACKlo2lqh0a4uEey3i6nFwXSWP8MTa5Qi9AZ+9F1CvKYWuWuJTAdIftpv2wZX2d lysA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1739099449; x=1739704249; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ukwtTV0ExXBJKM7v4LhbJXSMG6hQJqW8GgzzDxNF23M=; b=TqD4nxwr0WhPnL26y9hfCRmV4T62kWAfGIPRwX8ftFSMSdIy8gCjmYWFKJ9dUfEk9P ApMMvVAvu4PHW4tMBobcWvegDYCDRfOFg+Fc37pOIsv4PjBiP7DeKD88I1IQ/wAkaCVs xFmRh1ZHnzAmDOXi9eoQv9Si+MAQDMey5LOatLdaqDZwlz1UxADdAiwWOKGJCC2LTRJr 8bK61zccsOIU5uUsqEjnbIjyn2c8+9mXJpvEf7864G1DPDz5vkS39SHc3Qrxhfz+ZOAv KKv2qQZaYYz5MnA2bpZcOTC4YZEFUNViXklca+kQNI/Li9pFeBkPIVmqnBzHocDbHXT0 rxNA== X-Forwarded-Encrypted: i=1; AJvYcCVEMTIDn7I4aXIpVKUw+u8JxzDTygHwLTth3sFKJaWHIq26ZxSpK4isA+AHYWHdnvMrG7imTNMTvMd/J712fCcL@vger.kernel.org, AJvYcCXNY9CzV0OznGmyZ9ZRVcCpBdMmWAVOYSzE6Sc/PiiciBeZ4i8a88HtVoowS8crgFo5GwdUlkBIXPjPD2Y=@vger.kernel.org X-Gm-Message-State: AOJu0YxZOzI7quRHLhA8MTDTYpNqGPxxz3VfyZ4EJBoPH3Wfq6kmMhJM 43M3DyrjFEPlwW6nZI4E/miDtGWFr2B4h3KgzE2PG4ftSbyEJSTp X-Gm-Gg: ASbGncu3PiI+RzH4Z7GF0ZQaVPpOEw1WvVIohjc1q8X/zfFTfTeiDNX+MaGEYYGnBT6 h6+L+umW+L+imTimKbzUUXLdrXoa2Lmfl1PJMnRm2ujGitGnjA3au0/U7hJcIijf2TCE8oGEnzq CVBwVKKu18BLXzYsqzc7++lNc0oBa+xgEfaGz9ZTqczewF7DuzShIKIhj8i4zOI8AdqN6DD6DXn 8wupLHqKR0h4nEbvQgfwTeOkyZXLsGNbrgwBv1Np60kIopD8OvIJkOKyBn6AGiJahPlGJZUwqUI LWzfDlcDTP20m8IwLT5MXzwBauzL8IDkNbK3iR0JYCtK+F3Ks8XYn3XxmXtGjQeUdLpNWWmcSG7 Lw8S1+Q73X/+ZJ6TPda1EztNE4fxOExWR X-Google-Smtp-Source: AGHT+IFQ0RozlZVD0Ur8OeqIX9zHHE/nY2BIcLmW4b68G+IKqL2kYQbbZ+HNgEJWAQaRsfBoOg4giA== X-Received: by 2002:a17:907:7f08:b0:aae:fd36:f511 with SMTP id a640c23a62f3a-ab789d3431bmr1087121966b.47.1739099448924; Sun, 09 Feb 2025 03:10:48 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-ab79afc7452sm357516366b.163.2025.02.09.03.10.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 09 Feb 2025 03:10:48 -0800 (PST) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Andrew Lunn , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH v6 net-next 04/14] netfilter: nft_chain_filter: Add bridge double vlan and pppoe Date: Sun, 9 Feb 2025 12:10:24 +0100 Message-ID: <20250209111034.241571-5-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250209111034.241571-1-ericwouds@gmail.com> References: <20250209111034.241571-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org This adds the capability to evaluate 802.1ad, QinQ, PPPoE and PPPoE-in-Q packets in the bridge filter chain. Reviewed-by: Nikolay Aleksandrov Signed-off-by: Eric Woudstra --- net/netfilter/nft_chain_filter.c | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/net/netfilter/nft_chain_filter.c b/net/netfilter/nft_chain_filter.c index 19a553550c76..7c7080c1a67d 100644 --- a/net/netfilter/nft_chain_filter.c +++ b/net/netfilter/nft_chain_filter.c @@ -232,11 +232,27 @@ nft_do_chain_bridge(void *priv, struct sk_buff *skb, const struct nf_hook_state *state) { + struct ethhdr *ethh = eth_hdr(skb); struct nft_pktinfo pkt; + int thoff; nft_set_pktinfo(&pkt, skb, state); - switch (eth_hdr(skb)->h_proto) { + switch (ethh->h_proto) { + case htons(ETH_P_PPP_SES): + thoff = PPPOE_SES_HLEN; + ethh += thoff; + break; + case htons(ETH_P_8021Q): + thoff = VLAN_HLEN; + ethh += thoff; + break; + default: + thoff = 0; + break; + } + + switch (ethh->h_proto) { case htons(ETH_P_IP): nft_set_pktinfo_ipv4_validate(&pkt); break; @@ -248,6 +264,8 @@ nft_do_chain_bridge(void *priv, break; } + pkt.thoff += thoff; + return nft_do_chain(&pkt, priv); } From patchwork Sun Feb 9 11:10:25 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13966780 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-ed1-f54.google.com (mail-ed1-f54.google.com [209.85.208.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2F96A1B415A; Sun, 9 Feb 2025 11:10:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.54 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739099454; cv=none; b=n/DJVEXPwtYasHE/yKRiSn5DgX4siBIXm+cBKnsmu158l1UTq/NuW+Te5lkzGIa+pIEA35pGp6DTnVuxsVhaEfQX4GmjqkZsWHNIK4LruPwgEQNrTgnbp6Wxd4+OQSw0bEbPOYPS72VFMBqR+bS/Zl2IVJeKWmm7pUuJ1D4fk3U= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739099454; c=relaxed/simple; bh=oDg0CWzMV9qkL+Ci3hmfiS7ejFTJ/cSsU5uRIUUNHBo=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=qFC/flyTOiwez4DpFMknCjYgITbRDXqQc6QO4m6sIn7ju3qQoYxWDuNF9Q/8g5+6Z9poJJdrYaCbPoHdYo7vnCwPj2RAtfUOReqjHcd0WVTBSc03sdO6oJDWcuSmDxZEfrrlp6x6oobfuJu5RdbE23ayxC/O73GRa/t2Xxp2XuM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=B50+NtBo; arc=none smtp.client-ip=209.85.208.54 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="B50+NtBo" Received: by mail-ed1-f54.google.com with SMTP id 4fb4d7f45d1cf-5de4d4adac9so3861348a12.3; Sun, 09 Feb 2025 03:10:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1739099451; x=1739704251; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=u4xHwXg6EmPjQs4unBR1swhwZyfltEqvFEeKEtV+1dA=; b=B50+NtBoBXhjFcHLMWtsUU8JF0S0CjcU/4nVGzARFFE4KF93eK4vzichroI1Je2/nc N95hefYqvXDfJ8VBR0MRBC7rDQlzb0m6GhLRbhSLbErVIQVX+/wMpThXBDHitbIHfa2y XSSbR62TheVDNVBT6Bj0UW8Omoc9K1qJhPeviC8b44Bz+Ffr568w5x7giixvSG8/yADz Hqo9jpqCoN653pJUjtr7woVTQQbrCA4OkpBg8b2cy9kOEhnoo+pmu2fKW4KxMpyVFNpl rV0Ay9btgT1CvSMse5u0b7BqDoJHQSijQWikzArSce1n7BTwdivlb4eicIuw/XHOv6zR faQQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1739099451; x=1739704251; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=u4xHwXg6EmPjQs4unBR1swhwZyfltEqvFEeKEtV+1dA=; b=EmvfJHu71NxF9MHJUIm8tK044nmD+X8Pn5IKGawKy8F/TN3etsxtCV8cVakU0TAWqO 3dXju6tYI7yCpU/NhWN0OWCpK6wa1VzrZblxzkkfRqK/inPlvSoj9LgS8Qjwkn94uT9u sbeCjSWniTkclgCXGDe0IoZusFQ851rOjZX/7dWsyOEhugK/RnsLT1snACDm0SBvsxT/ vjJGuWgfXTgnEd5uWVzrOenG7d4IS1tFIU3YCVx/xEHGULUQ9yF7OkTaX2+xj7+vwANk UzExpFOSlM+gsF25/s7EdzppbgiTWo1xG5nszOVx7zfsOqJL16NHM1f9khIY3jgHYpYu GIzg== X-Forwarded-Encrypted: i=1; AJvYcCUonKZ/Qo1g7ir/rLsM4QTFCE1u6KHDe5ZJJYw4V2CPIBdlsRk0omkVcuJlIYAmA91wbJo9tcQNIRHw/0R9GTvp@vger.kernel.org, AJvYcCVXXR/Qw6unHFfNWOk1BatFaQM+I3WKUxTN1chNGGcLN2c5gpiBf86s8+RMwD1Dd5IGyl6chf4pOWVUdoQ=@vger.kernel.org X-Gm-Message-State: AOJu0Yx647BwCU7mdPpAFRT8Cc8iGou4hJ5ptjmP0NMxqn8xOWf2JJvy 7w5QXnCC5y2ST2fCS/4rHsZ2XfZiIukTnZyCTYSNNoM1x1cPY2Oo X-Gm-Gg: ASbGnctNUbC3cLR5tKGmNK/08BICIdDEl1hBIuuk0P9WnQ91/tnWJ+AhQ8mM4WoG8gT N/sLWGmx6PhrzAeunQUzoE6zCHgfKSw4b7sndCGBYnhy3b0arSrqC4wg0pFS+hNLGFotfqYS01B VMwy9O6WK1DRm7xBF3TTX2TMVxBdQ9R9mp5bkhYXMmfzHnGG5YuVdqd6NZWPKxg4BRLmQfvsEMx Dd+re3MPRhYEbXuUrSN9jwYQftdb+0hg0xlobBJ/mNC5Jt5bss5mzQYaqdYjuNw8WkrtUVND3E0 mNITiH0WbO9Kt7xlUSxoW20HWc4fiBhp1z27npkQmeHn8e3CZBgwBV0D785M+ZcLN42bEbBQxoW wQkCtA4h8df5Qfdx+TTRJtyy/xAP7fbZb X-Google-Smtp-Source: AGHT+IGqAcPNkOC3T2w/JTV+drwdUFB600X7DdmAkY02Ru++v+0yQjzJWGShHhhfTBkgM87Q9bKjbw== X-Received: by 2002:a17:907:3da4:b0:ab7:b422:c075 with SMTP id a640c23a62f3a-ab7b422d13fmr154639366b.23.1739099451247; Sun, 09 Feb 2025 03:10:51 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-ab79afc7452sm357516366b.163.2025.02.09.03.10.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 09 Feb 2025 03:10:50 -0800 (PST) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Andrew Lunn , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH v6 net-next 05/14] bridge: Add filling forward path from port to port Date: Sun, 9 Feb 2025 12:10:25 +0100 Message-ID: <20250209111034.241571-6-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250209111034.241571-1-ericwouds@gmail.com> References: <20250209111034.241571-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org If a port is passed as argument instead of the master, then: At br_fill_forward_path(): find the master and use it to fill the forward path. At br_vlan_fill_forward_path_pvid(): lookup vlan group from port instead. Acked-by: Nikolay Aleksandrov Signed-off-by: Eric Woudstra --- net/bridge/br_device.c | 19 ++++++++++++++----- net/bridge/br_private.h | 2 ++ net/bridge/br_vlan.c | 6 +++++- 3 files changed, 21 insertions(+), 6 deletions(-) diff --git a/net/bridge/br_device.c b/net/bridge/br_device.c index 0ab4613aa07a..c7646afc8b96 100644 --- a/net/bridge/br_device.c +++ b/net/bridge/br_device.c @@ -383,16 +383,25 @@ static int br_del_slave(struct net_device *dev, struct net_device *slave_dev) static int br_fill_forward_path(struct net_device_path_ctx *ctx, struct net_device_path *path) { + struct net_bridge_port *src, *dst; struct net_bridge_fdb_entry *f; - struct net_bridge_port *dst; struct net_bridge *br; - if (netif_is_bridge_port(ctx->dev)) - return -1; + if (netif_is_bridge_port(ctx->dev)) { + struct net_device *br_dev; + + br_dev = netdev_master_upper_dev_get_rcu((struct net_device *)ctx->dev); + if (!br_dev) + return -1; - br = netdev_priv(ctx->dev); + src = br_port_get_rcu(ctx->dev); + br = netdev_priv(br_dev); + } else { + src = NULL; + br = netdev_priv(ctx->dev); + } - br_vlan_fill_forward_path_pvid(br, ctx, path); + br_vlan_fill_forward_path_pvid(br, src, ctx, path); f = br_fdb_find_rcu(br, ctx->daddr, path->bridge.vlan_id); if (!f) diff --git a/net/bridge/br_private.h b/net/bridge/br_private.h index 1054b8a88edc..a0b950390a16 100644 --- a/net/bridge/br_private.h +++ b/net/bridge/br_private.h @@ -1584,6 +1584,7 @@ bool br_vlan_can_enter_range(const struct net_bridge_vlan *v_curr, const struct net_bridge_vlan *range_end); void br_vlan_fill_forward_path_pvid(struct net_bridge *br, + struct net_bridge_port *p, struct net_device_path_ctx *ctx, struct net_device_path *path); int br_vlan_fill_forward_path_mode(struct net_bridge *br, @@ -1753,6 +1754,7 @@ static inline int nbp_get_num_vlan_infos(struct net_bridge_port *p, } static inline void br_vlan_fill_forward_path_pvid(struct net_bridge *br, + struct net_bridge_port *p, struct net_device_path_ctx *ctx, struct net_device_path *path) { diff --git a/net/bridge/br_vlan.c b/net/bridge/br_vlan.c index d9a69ec9affe..07dae3655c26 100644 --- a/net/bridge/br_vlan.c +++ b/net/bridge/br_vlan.c @@ -1441,6 +1441,7 @@ int br_vlan_get_pvid_rcu(const struct net_device *dev, u16 *p_pvid) EXPORT_SYMBOL_GPL(br_vlan_get_pvid_rcu); void br_vlan_fill_forward_path_pvid(struct net_bridge *br, + struct net_bridge_port *p, struct net_device_path_ctx *ctx, struct net_device_path *path) { @@ -1453,7 +1454,10 @@ void br_vlan_fill_forward_path_pvid(struct net_bridge *br, if (!br_opt_get(br, BROPT_VLAN_ENABLED)) return; - vg = br_vlan_group(br); + if (p) + vg = nbp_vlan_group(p); + else + vg = br_vlan_group(br); if (idx >= 0 && ctx->vlan[idx].proto == br->vlan_proto) { From patchwork Sun Feb 9 11:10:26 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13966781 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-ed1-f54.google.com (mail-ed1-f54.google.com [209.85.208.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D01B01B6CF1; Sun, 9 Feb 2025 11:10:54 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.54 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739099456; cv=none; b=le9KarTPKFQoJKuS1wSuP1YM0sDgSwnVnmxx/tHNbzbvzXWHuGQ+XD/UtrQ94da/AyPCj7I3UHxP2Fv77mOBV00ozC+SLBbcTUFq75aftpaxlBgRiU84bkN/VxcwzG0qp8aqL1YLvG+GYYn0aOJhZD6s5Ed8icy43VdQmnGT3O4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739099456; c=relaxed/simple; bh=jL4m9THywe+Y+ySsb+WjfJWIbmxM5647af+Ndr34Ui4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=FSl3N0LfSwF7llqHGnu/FhH7lexkX4PAW3bvPPXVZN5gX+4vRT1Lukds7xKaRCYPxdwv6WLAfwKVOD3B/dYQQ34AS+Gjx9CX4CKKxR9Zjb495VYqwYoIfHmsrOj27phfjytHCgjUc9CiAO5xUsGxzfq5RZK3ue24HZFXZANBqkM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=hCxQxQJ2; arc=none smtp.client-ip=209.85.208.54 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="hCxQxQJ2" Received: by mail-ed1-f54.google.com with SMTP id 4fb4d7f45d1cf-5dccc90a52eso5947023a12.0; Sun, 09 Feb 2025 03:10:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1739099453; x=1739704253; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=fiV2XWtkfGXlde1QnvjR6tvTdGG2fr19IqREO8Jjig4=; b=hCxQxQJ2/VB3nnChEqUR/REd53InKr3Omtkl2NZpSRAkAJT1LiB8kzhuy/2Qhmmi+f 9pOeEFak3R1tX+v+PnYrH6EUkts7yv++FVmBW5XkDotH7LQD0VBv+K/kdqUrLOj7tWgS RSBGT/t3u0i+/InOxVpQUg0Vq/JkyKqlzHtcQE/7AFR7t+Fmph+EvR0y0PEsEjGgr70a TV8Y9421fg84D2E5TC7Fko/sSuIs11ltVr3lsY/Mkxi10vZPJPJ/J/G6XCp7wLTwCsZq g0CpgoyPv4AnvdRsFM6OIhX8KbpihEfsXa/si05eHm9eOpkWaiIa34L8OrPZ3Ob5oPBq k9Ng== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1739099453; x=1739704253; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=fiV2XWtkfGXlde1QnvjR6tvTdGG2fr19IqREO8Jjig4=; b=k9iVt23YP+J9lB9e8p/Gf202a0BDTKIOf11H7aJjpia/TWhjRgOdUx5KNMtkeDeCu+ nnfSKEz2/Ie7OrfPfsKGohOW2XAydkdutRb/3G2Qxw7mjnX6T1J/9Qe91H23Ojl589MH BJumM/YmpKuClthLT39m9J3nMCAEHIoTrpZy2/2R8u80kh+p5EtVJs226jx3Oc8lidmP xeOkwkNrKt4viOJZXB+k70wa1dfOihfPinAm7jb0pigv9PvSLWalZ9gK6U88D61JBo+u gmH8czFPaND9kS00CeBmMbu0OTljpFYw0j6he5G2CQO8ujIDcwfhY/mOnUnOh9mUtk2U EWLA== X-Forwarded-Encrypted: i=1; AJvYcCU+OVx6tTPiJwf/9n6+zTOpaptVhTfhQu/APgDgzFHf5mg9vYL+DDPObaY0iZZxZ/I+qVXGtKmx9InU8Q8=@vger.kernel.org, AJvYcCVKN289KQ9h5ijEPpLg3B37xwc5+X+VtULfKDHL9NQzs+DITnuo3+GM4Pz2fksOKSt05fRKUqJLgOt+D+9P08fI@vger.kernel.org X-Gm-Message-State: AOJu0YzVV9n4zw9lqU9OKKjDr2CShl1/dEpTfDAzHV+vZ3Yqepn62Xkg eP8aLr6cy+vBHfDaIOtzCedqOLXSgfosVyyUP3aCLoFX9661POI/ X-Gm-Gg: ASbGncuHRwC/Z0fpYmR4TkZoVH7MS6404GvCLEhk6f6PqOUVT8odFP09HybkZrcVKeQ pq2+grmupliFjxXEK1i2ZO/mRKm8URinFUA5EMdGO1d9zRyFJpPogGe1jcrTNpKBFPciJlxhTCE 4sGlbbiQd3Z03yC9LRm9TvxcSx08K1HGP00fqtQ6gu28r3AQTT90F7BwttXdEpVM2dY7EYFVi0r 1BplBjKpOiNnE/Gb6uHAj0BfDxNP5OYBaT4sQxOXs0o1GRHTiiaDLKsoINkU/4f8Bgv+d30iAEj is5T+YJw5nsihqjXCxgNPZs7Mhs/Ggy2SPGvC8BSbv2YLouBNorsI3BZ0ayDeQ0qX+fhtNTm8uw h+ThWIorb8VSenZbgEDuUdV1NuVdWkvXQ X-Google-Smtp-Source: AGHT+IEmLnqa0nGSLzn3hjiFdgZfX9hAmJ8z1fc9klOPfXuoZo6FdGrvL+huNkWGACzBiYRhNwKTyw== X-Received: by 2002:a17:907:6d16:b0:ab7:3e27:ff04 with SMTP id a640c23a62f3a-ab789a9f58bmr979157866b.3.1739099452941; Sun, 09 Feb 2025 03:10:52 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-ab79afc7452sm357516366b.163.2025.02.09.03.10.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 09 Feb 2025 03:10:52 -0800 (PST) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Andrew Lunn , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH v6 net-next 06/14] net: core: dev: Add dev_fill_bridge_path() Date: Sun, 9 Feb 2025 12:10:26 +0100 Message-ID: <20250209111034.241571-7-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250209111034.241571-1-ericwouds@gmail.com> References: <20250209111034.241571-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org New function dev_fill_bridge_path(), similar to dev_fill_forward_path(). It handles starting from a bridge port instead of the bridge master. The structures ctx and nft_forward_info need to be already filled in with the (vlan) encaps. Reviewed-by: Nikolay Aleksandrov Signed-off-by: Eric Woudstra --- include/linux/netdevice.h | 2 ++ net/core/dev.c | 66 +++++++++++++++++++++++++++++++-------- 2 files changed, 55 insertions(+), 13 deletions(-) diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h index 5429581f2299..9f925dc3d1d1 100644 --- a/include/linux/netdevice.h +++ b/include/linux/netdevice.h @@ -3281,6 +3281,8 @@ void dev_remove_offload(struct packet_offload *po); int dev_get_iflink(const struct net_device *dev); int dev_fill_metadata_dst(struct net_device *dev, struct sk_buff *skb); +int dev_fill_bridge_path(struct net_device_path_ctx *ctx, + struct net_device_path_stack *stack); int dev_fill_forward_path(const struct net_device *dev, const u8 *daddr, struct net_device_path_stack *stack); struct net_device *__dev_get_by_flags(struct net *net, unsigned short flags, diff --git a/net/core/dev.c b/net/core/dev.c index d5ab9a4b318e..70d767cb8bc9 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -714,44 +714,84 @@ static struct net_device_path *dev_fwd_path(struct net_device_path_stack *stack) return &stack->path[k]; } -int dev_fill_forward_path(const struct net_device *dev, const u8 *daddr, - struct net_device_path_stack *stack) +static int dev_fill_forward_path_common(struct net_device_path_ctx *ctx, + struct net_device_path_stack *stack) { const struct net_device *last_dev; - struct net_device_path_ctx ctx = { - .dev = dev, - }; struct net_device_path *path; int ret = 0; - memcpy(ctx.daddr, daddr, sizeof(ctx.daddr)); - stack->num_paths = 0; - while (ctx.dev && ctx.dev->netdev_ops->ndo_fill_forward_path) { - last_dev = ctx.dev; + while (ctx->dev && ctx->dev->netdev_ops->ndo_fill_forward_path) { + last_dev = ctx->dev; path = dev_fwd_path(stack); if (!path) return -1; memset(path, 0, sizeof(struct net_device_path)); - ret = ctx.dev->netdev_ops->ndo_fill_forward_path(&ctx, path); + ret = ctx->dev->netdev_ops->ndo_fill_forward_path(ctx, path); if (ret < 0) return -1; - if (WARN_ON_ONCE(last_dev == ctx.dev)) + if (WARN_ON_ONCE(last_dev == ctx->dev)) return -1; } - if (!ctx.dev) + if (!ctx->dev) return ret; path = dev_fwd_path(stack); if (!path) return -1; path->type = DEV_PATH_ETHERNET; - path->dev = ctx.dev; + path->dev = ctx->dev; return ret; } + +int dev_fill_bridge_path(struct net_device_path_ctx *ctx, + struct net_device_path_stack *stack) +{ + const struct net_device *last_dev, *br_dev; + struct net_device_path *path; + + stack->num_paths = 0; + + if (!ctx->dev || !netif_is_bridge_port(ctx->dev)) + return -1; + + br_dev = netdev_master_upper_dev_get_rcu((struct net_device *)ctx->dev); + if (!br_dev || !br_dev->netdev_ops->ndo_fill_forward_path) + return -1; + + last_dev = ctx->dev; + path = dev_fwd_path(stack); + if (!path) + return -1; + + memset(path, 0, sizeof(struct net_device_path)); + if (br_dev->netdev_ops->ndo_fill_forward_path(ctx, path) < 0) + return -1; + + if (!ctx->dev || WARN_ON_ONCE(last_dev == ctx->dev)) + return -1; + + return dev_fill_forward_path_common(ctx, stack); +} +EXPORT_SYMBOL_GPL(dev_fill_bridge_path); + +int dev_fill_forward_path(const struct net_device *dev, const u8 *daddr, + struct net_device_path_stack *stack) +{ + struct net_device_path_ctx ctx = { + .dev = dev, + }; + + memcpy(ctx.daddr, daddr, sizeof(ctx.daddr)); + + stack->num_paths = 0; + + return dev_fill_forward_path_common(&ctx, stack); +} EXPORT_SYMBOL_GPL(dev_fill_forward_path); /* must be called under rcu_read_lock(), as we dont take a reference */ From patchwork Sun Feb 9 11:10:27 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13966782 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-ej1-f44.google.com (mail-ej1-f44.google.com [209.85.218.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 885771B87E8; Sun, 9 Feb 2025 11:10:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.44 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739099458; cv=none; b=cOeoqe7mE/jNWA6kRR9Vupgw2ZCqk9qEkx+8d2Wa5r9I4J8Oq3oslOVxD2dY7NJ/ZLVGLOioMDQHHxmauTxyi9RnTY2y5HEIJCqFQ5lIBcnQpOqgKKOl0wEnw+xsnze+sQnZ5Ibcom1N1ZeoFCgqcpR+vooZNQVoeGDE+deMUgU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739099458; c=relaxed/simple; bh=p1IsKiAxwq12F2MM7ABxyO6mLj6RlYFe8Yg33MCLfXU=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=s2Ldh9JpzRaz0rzfTt3GgrnA4K2elyvU9Xpm4dySUc9UyPmwKwLT6UMWJg299gVjKNO3ZhKtX9f5mT3U7JdWgLwi2GafFZX1hTjtwBpcNy92g5aYUNFkDdxC4ICbOuYcDTLKnw+B9MPxhlyqtHyb3Xved0ejU3Mp52VGFz9eGYo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=LPWJ5sPY; arc=none smtp.client-ip=209.85.218.44 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="LPWJ5sPY" Received: by mail-ej1-f44.google.com with SMTP id a640c23a62f3a-ab795eba976so272539066b.0; Sun, 09 Feb 2025 03:10:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1739099455; x=1739704255; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=MAJ1+kbz8lZ4YwPg+OV3VOfAm0Jd01XhEIX1QeYwh3U=; b=LPWJ5sPYeTE81tJtU0twoWqbA9tUcDLHeNd+JAIeaSt/FHzrKKFXj0Gi3YmMYlWhkq AliTo3QySQh37SlYhTKAOf9/2gKRlF1PsCXKl0UTlkL8qezyzQc6afRiTqidaF2UCYRQ XJzjqwHOnWzMQTpVqttugnv08b1n78paoUE6AeuSglcF8vfTITM5iUXCe7nQHHieYYkv mDDBxhme2mTeWmXRmYGRvDJqxfN3jqPmaJMJv83taM1xMtJxe2zXpjMiedxJU5rv1Pz/ pRuCUybn+Ufii3JOATfmqnXamQh0A4bbd+RFWtqTfuDJmkxn15rk2XgmLVaPI6c1VIv/ zeQA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1739099455; x=1739704255; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=MAJ1+kbz8lZ4YwPg+OV3VOfAm0Jd01XhEIX1QeYwh3U=; b=VQxhLv7Lk0TUm+fflT1Adny6IQbK7hejPY6MrscBXVQsBdamSo5ff+PWAfppzl0yAD SDNKjVW0gTmHB2brVdVbwarXvrnAB/DkhaLES64cabY0fEWOLSQcYOrl+C4osSWdKQN0 GAyJWDRMgc7OgvV9NM38mH+A1PVX9LW2LkJLmoO75LvwgP8f8xxlDoDFBmhHdNfoNk26 uKwi4uYPFOg1BPca+r+op0M/3p++2n+igKMVBp8Mrm4wZdGHc/BAonytz4X219oPYk5h EjAu+RpfN1t33HGwClIlkbwljZ+4PmHOhUCJGlyPpfbfjrpSmzSChh9Lrgv/WcYpSc4t NNCA== X-Forwarded-Encrypted: i=1; AJvYcCV6Gabm0yaG5MPYgZBZwUegMg7M4pqy7JQxoqIZZLSqEE4PwGAYx3b+a+vlZyHuqWXSkNblw/0t1waZhvc=@vger.kernel.org, AJvYcCWFRSciFVX0aTI2Yi08HDzok0/CMn7JceIWN0Ku8g5U5SoApvB2mwhfICNPxv5Fem1wxTfF5MBpsVx1hmp4BEbO@vger.kernel.org X-Gm-Message-State: AOJu0YxS2FW1dI4xg1CZl5i8v/hcgFVH0hR52XGsZbmUx+UR1Qz1ACwX nTJwnI3KT1DLRSkcHAbf3ee3veCqUqcubZmY+moopF7bJCo92HUsOlxzY/SA X-Gm-Gg: ASbGnctMeF1sZOuBlvP8rL76f2DXrWvp90QUiviKubw+hRedK1L1BUfTuYTg+1uaMmM 5pQ7EDKjFcECnn2066WMNSuT4Hc7e5JbZHkcpBbNzU0QxwnGtjtvSWL1YfDNRD2frWmV1V7YQIe gpGwF709yc8uFoNy3wEICAz3uEKBVtYkwbaUH2H2WALRxV+EIuDd4r63S6X5NoVP+6WHr55SRD+ LIlQnD3zQEafqW133oxko3R7vXGGmlZ9/waLR9QTdhLgu/SYJea0UhkDGpe/sXIp7T3neRi2Azo P4Agi794T1bOciYo2IhexXacc1IaPnnKzfhXJzgytr6Mw0IxR+rXPUFVMXQh5XbjZlF7JabC73O wxUtHaFrYXldogzEDPAHugc0WfycTqUTO X-Google-Smtp-Source: AGHT+IETHQR7T52RBo2+4AcJP5+zLkS5jFUxhqgYRmiNsDGC4K0ZODmmfPCzwNhYWr95O8KmQOhA2A== X-Received: by 2002:a17:907:ca0a:b0:ab7:a318:611e with SMTP id a640c23a62f3a-ab7a3186356mr452158166b.18.1739099454708; Sun, 09 Feb 2025 03:10:54 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-ab79afc7452sm357516366b.163.2025.02.09.03.10.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 09 Feb 2025 03:10:53 -0800 (PST) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Andrew Lunn , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH v6 net-next 07/14] netfilter :nf_flow_table_offload: Add nf_flow_rule_bridge() Date: Sun, 9 Feb 2025 12:10:27 +0100 Message-ID: <20250209111034.241571-8-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250209111034.241571-1-ericwouds@gmail.com> References: <20250209111034.241571-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org Add nf_flow_rule_bridge(). It only calls the common rule and adds the redirect. Reviewed-by: Nikolay Aleksandrov Signed-off-by: Eric Woudstra --- include/net/netfilter/nf_flow_table.h | 3 +++ net/netfilter/nf_flow_table_offload.c | 13 +++++++++++++ 2 files changed, 16 insertions(+) diff --git a/include/net/netfilter/nf_flow_table.h b/include/net/netfilter/nf_flow_table.h index 4ab32fb61865..a7f5d6166088 100644 --- a/include/net/netfilter/nf_flow_table.h +++ b/include/net/netfilter/nf_flow_table.h @@ -340,6 +340,9 @@ void nf_flow_table_offload_flush_cleanup(struct nf_flowtable *flowtable); int nf_flow_table_offload_setup(struct nf_flowtable *flowtable, struct net_device *dev, enum flow_block_command cmd); +int nf_flow_rule_bridge(struct net *net, struct flow_offload *flow, + enum flow_offload_tuple_dir dir, + struct nf_flow_rule *flow_rule); int nf_flow_rule_route_ipv4(struct net *net, struct flow_offload *flow, enum flow_offload_tuple_dir dir, struct nf_flow_rule *flow_rule); diff --git a/net/netfilter/nf_flow_table_offload.c b/net/netfilter/nf_flow_table_offload.c index d8f7bfd60ac6..3cc30ebfa6ff 100644 --- a/net/netfilter/nf_flow_table_offload.c +++ b/net/netfilter/nf_flow_table_offload.c @@ -679,6 +679,19 @@ nf_flow_rule_route_common(struct net *net, const struct flow_offload *flow, return 0; } +int nf_flow_rule_bridge(struct net *net, struct flow_offload *flow, + enum flow_offload_tuple_dir dir, + struct nf_flow_rule *flow_rule) +{ + if (nf_flow_rule_route_common(net, flow, dir, flow_rule) < 0) + return -1; + + flow_offload_redirect(net, flow, dir, flow_rule); + + return 0; +} +EXPORT_SYMBOL_GPL(nf_flow_rule_bridge); + int nf_flow_rule_route_ipv4(struct net *net, struct flow_offload *flow, enum flow_offload_tuple_dir dir, struct nf_flow_rule *flow_rule) From patchwork Sun Feb 9 11:10:28 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13966783 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-ej1-f51.google.com (mail-ej1-f51.google.com [209.85.218.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 38D6C190072; Sun, 9 Feb 2025 11:10:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.51 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739099460; cv=none; b=WimoBYdqNkNiC16Irhq27ow/9XJ4ab7XnPX2XY54BEXmYxvrnV1ccWVnGy82N692QqY85iAeQu+m56CodMVIsuf2I0T56lIV6EEmaMTcL0EcXud8OmkzOBC8yX+Sq2YfFVOEQvvbyyns9K6LJsSYScd8M28Yet0ehkI0NCNn128= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739099460; c=relaxed/simple; bh=AihhYJGwJTJyObdFZSI/rxytC55wEnFe8EzDy7l8A+0=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=JfUDjW2zseL6cYnz1w4NRGMaombXGPbXEeECpWG3PCBU0msAaOqPj+UOK3r89p2SeMvtTLpuLTjFuQYMYqoovoUp+AF3zsD6D9RNDnInhz1VeHq3CC5yzhP3bXxr6gtk4aPB0wamOEEHpmLLTAMvEg6KW+GpqoGbX5mrzCfZ0TE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=hr9dowNV; arc=none smtp.client-ip=209.85.218.51 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="hr9dowNV" Received: by mail-ej1-f51.google.com with SMTP id a640c23a62f3a-ab7430e27b2so674062066b.3; Sun, 09 Feb 2025 03:10:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1739099456; x=1739704256; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=6/OfFtkDCpNUsNNnB4udxCcQxzWSEZIHYYoj3YjYWKw=; b=hr9dowNVVBtsGmJcMrMcY4x0vt8/cFhaUshgKeq+Aa4LRENbxMY1wGoYEEysdgNRF0 TLTSuZLujdUOOEmLv6E4qLBjbIjayBIsEDf8Wi1TdGqI4D4OY8gcr2bM+LiwlY7ayeKB StLB0+nua/r8mXm5X1XcESWro8rGQf3UZWEEyJ7Io5bNoAY5NqKRSkZMRwanGOzNkbjl 9rESffqCNarc6leBEaszGFXmEB19OGEASeneIYbhiQpP59+m8IsSr03JuGGSqW6n7UQy 0D9koYxYGlLyBuS95yWpmxwL4DTPvvt85xBgndi2z9u9jyUHjdtCqaJ1DjbCT8ord5Ti 0BjQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1739099456; x=1739704256; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=6/OfFtkDCpNUsNNnB4udxCcQxzWSEZIHYYoj3YjYWKw=; b=QdvfFv89f/2Tzv4nR3myJhwQ10sboS/vgkHXYKQ5XBV6jwImg6PAIgmW+O51+kUEzQ ORsYkhatYgJrHGJDnY0lME0JucY2i09DFvi9CY498PDHCfhLwZtBF8rbFUxjHJxsWpRL Mnw6MAeY8DMEj/Ir+zCzdCiJALFK1ma8NsyPEWj9igci1mHRM7SmD7UL/xN5KhhbXgHM XWbSD+GezB2VO8HB64IahrgoTdM64JkYMTqx/L7BwER/VSw0g23jQ97xWZZCMbcb/R1v nFncvJxaDcDotawRfXF0Bt2mmP9xkgtKeCT+xz/Sb+20whtF24qBh6jEpFCCW5ocfB/I nF4Q== X-Forwarded-Encrypted: i=1; AJvYcCWMlvdcSKJBD3YiSDhdTD4GzXXPRNygM/cuoZux+fjLDv/H8pYA5AUg+XbDll0juAH4plE82+sxSWE/Rz0=@vger.kernel.org, AJvYcCXCHkVACvWht4bNmkPh2jJmFcyiiaqV93CxpUW+xv+GPrx8BHvDv5RT2wtfl8myQhsDeKeLko3NPy1gsCQ6HX+Z@vger.kernel.org X-Gm-Message-State: AOJu0YyzxrubCpYAyqD7x6jlJeTMh2TuTjcLh8gCg/joweyxtmPk2Gah V+KGIGZglPf/zCvYakZJ71ibdQVTZ2vBf+ePe2zYi2eLOmlxK1l8 X-Gm-Gg: ASbGncur80fvNO6KFA11CD62ZuB4AZ25qjEM2kOpsLJr2Okfk7CT95Pv30Auyqh+1ZW 5A7HT4iH3OH1soYR6VesJKmIdgKWG033LXQdTfE7epTye4BWfb7zsPxASZFryfSSaxJFqFOe5NF ADb5uPAzccpHSo3NpAgCJ/Ttq3VriZXZQysRpiu1OK4tINnjM+XNtaoGhC0jmrRZ8Z9zjwvQV7r L0HAEn76SFuWmXrjr2pUixuhi7gG0db2cecIBjio537UYjpO3XGWu50/aJbr6wCanpKeTC//PhF 2FIfMP2jAJ56Exh2W2aVTgodFpyzPHIxT2DlHj94f6i45/P3F4J/3kFg7CY5wrRPx5hyXmJnTyN q8qPQ9DFdaWtNXOrLAXLsNJBldYWail6M X-Google-Smtp-Source: AGHT+IF7fuTwyISchVVytHDMJeeoIfh3ZpQJUt8rRdvlwIphExmlssHSJ85LTIMEOJAJqtrSBebVEg== X-Received: by 2002:a17:906:31cf:b0:ab7:8fcd:1f1b with SMTP id a640c23a62f3a-ab78fcd2196mr966938266b.7.1739099456462; Sun, 09 Feb 2025 03:10:56 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-ab79afc7452sm357516366b.163.2025.02.09.03.10.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 09 Feb 2025 03:10:56 -0800 (PST) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Andrew Lunn , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH v6 net-next 08/14] netfilter: nf_flow_table_inet: Add nf_flowtable_type flowtable_bridge Date: Sun, 9 Feb 2025 12:10:28 +0100 Message-ID: <20250209111034.241571-9-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250209111034.241571-1-ericwouds@gmail.com> References: <20250209111034.241571-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org This will allow a flowtable to be added to the nft bridge family. Reviewed-by: Nikolay Aleksandrov Signed-off-by: Eric Woudstra --- net/netfilter/nf_flow_table_inet.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/net/netfilter/nf_flow_table_inet.c b/net/netfilter/nf_flow_table_inet.c index b0f199171932..80b238196f29 100644 --- a/net/netfilter/nf_flow_table_inet.c +++ b/net/netfilter/nf_flow_table_inet.c @@ -65,6 +65,16 @@ static int nf_flow_rule_route_inet(struct net *net, return err; } +static struct nf_flowtable_type flowtable_bridge = { + .family = NFPROTO_BRIDGE, + .init = nf_flow_table_init, + .setup = nf_flow_table_offload_setup, + .action = nf_flow_rule_bridge, + .free = nf_flow_table_free, + .hook = nf_flow_offload_inet_hook, + .owner = THIS_MODULE, +}; + static struct nf_flowtable_type flowtable_inet = { .family = NFPROTO_INET, .init = nf_flow_table_init, @@ -97,6 +107,7 @@ static struct nf_flowtable_type flowtable_ipv6 = { static int __init nf_flow_inet_module_init(void) { + nft_register_flowtable_type(&flowtable_bridge); nft_register_flowtable_type(&flowtable_ipv4); nft_register_flowtable_type(&flowtable_ipv6); nft_register_flowtable_type(&flowtable_inet); @@ -109,6 +120,7 @@ static void __exit nf_flow_inet_module_exit(void) nft_unregister_flowtable_type(&flowtable_inet); nft_unregister_flowtable_type(&flowtable_ipv6); nft_unregister_flowtable_type(&flowtable_ipv4); + nft_unregister_flowtable_type(&flowtable_bridge); } module_init(nf_flow_inet_module_init); @@ -118,5 +130,6 @@ MODULE_LICENSE("GPL"); MODULE_AUTHOR("Pablo Neira Ayuso "); MODULE_ALIAS_NF_FLOWTABLE(AF_INET); MODULE_ALIAS_NF_FLOWTABLE(AF_INET6); +MODULE_ALIAS_NF_FLOWTABLE(AF_BRIDGE); MODULE_ALIAS_NF_FLOWTABLE(1); /* NFPROTO_INET */ MODULE_DESCRIPTION("Netfilter flow table mixed IPv4/IPv6 module"); From patchwork Sun Feb 9 11:10:29 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13966784 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-ej1-f46.google.com (mail-ej1-f46.google.com [209.85.218.46]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5012D1BD9E6; Sun, 9 Feb 2025 11:10:59 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.46 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739099461; cv=none; b=H+k2B+batIOZRlWI33AQcGCwABolh9Kp+5n3rhJqm6xHsZy6X7QTMp0dpQC9VATAMTZti2Luu/TCVQxsEXuND2AjhlyMTRznU3ywyErJ4I+W5S3yGozSitSC7GQUkoFxMrN/Hb6A62jaxU/jIydJKQF1R8sW/7FkwAQGkFiKvVY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739099461; c=relaxed/simple; bh=Vja1w1A/Wnz062ttT6Bt+MXuQBy3cdFVFTFu9bvZ8Ag=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=FkBvWYibCbv6bIpNXR+KZNIvYLrh5eLPRaO8qIciPTXCItCi+kxjP5ckdATPji7EKG3X1yKj9i3SkMi0DMm6D8w6NcEQdk1gtLoGT09ND7h8WNytDhF3qxEfr8wnOgWqRnCHEY6HI46jUaTFQWsPUKn1PGX60i7qDnxnCzd5mNg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=UL2AgNgi; arc=none smtp.client-ip=209.85.218.46 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="UL2AgNgi" Received: by mail-ej1-f46.google.com with SMTP id a640c23a62f3a-ab7800d3939so516119366b.2; Sun, 09 Feb 2025 03:10:59 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1739099458; x=1739704258; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Gr1wMzwLJ3r114jkr+fSh/N13xzOYrfc9OnXbfM4Z7I=; b=UL2AgNgiZ+DZIb4wnWOXQ9HuCAbNfYHcXdSdcMWOtjlpGYRLn+HVK/jbBTG8xjj6j4 QDu+r4WLI3FH53FahnKQ78zf8b84zXC6AN5b/5f1ZS3T+Vg0vN2ADVZjvWibDRvcXiKv VdVYWMrB3iPSPbR5HJJS4+ZidB14vezaNyLOvAphoTwJK4ySrEhjBhC9cxDw9ZbA1Fbq BPT0peJl4HLxKYqEURZYuVSgGnpr71FGNj3wyBEqamSoFIFYX1uYl8yWUNB/wQs2LsNx y7I53G+M59t/VDiYetmNOc/c+F+KGwATr0Bu25QuZIJhyvm+h+5SUws7Txd8QfIslFUu 41rg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1739099458; x=1739704258; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Gr1wMzwLJ3r114jkr+fSh/N13xzOYrfc9OnXbfM4Z7I=; b=ORSCgQwI6o4k80ZKHuBq60/0APsPSUbEPirg13h4mOf9mQ54j9jW039azNLFnC+zgE 5xrgk3YxMtaQeQxD7LgzR4SG34ZTU2EutXP91Oijn+queq1KhwxTecHMomqQTZpM0tcQ VpLsZv8QtJ78X+UIKB9tyhoVtr+OL5mvqPCuSLLz1XYuMKMf5TxALwSdjXp9kjpZlLAB S03bsoSyRSs7fNw+/mfGLJWpK6P/YWDEkfTJnfKN2Os80JQOWSfWTenfJiBSzCFSXsiu rpf4qPGPh201iLHj+m8gYhpujZZzCTMGlFlwEDyxXMD/AkxhZLkVbpk3qUo+WOaKg4Tf e+yA== X-Forwarded-Encrypted: i=1; AJvYcCWpKRWemBKpKaK/TNBPytcvwjs1X0C21EzX1AVULyIOY3GGL79UJZXVVWWU3SHtdsxsbLyRQDcfUaQycxI=@vger.kernel.org, AJvYcCXw7K3hsyoYdyBWNWG9S3zpSU7FW0C82N5/T3plTpE3hu3cKGRRn6eHPCj4K2GPh9/JRsuwV+k9GB+OPPZOU99D@vger.kernel.org X-Gm-Message-State: AOJu0Yw/97rxJ9CFWilbgZ9QcMffeTk+J7cH2vtjmL01drWJeYDuRnUq Q3LrXqxG0NDDsuudyTG8pNtMVec/E54ImTf35edfViUtlg1ErfnK X-Gm-Gg: ASbGncshcRMi0UybfdC3FV7QRnaJghFC8fZqYDCb3KUtzM8kpFUjKvI/USLEB3iSBUV w1idhHiC7aun7EnwR3aISyGx0zaHutJ39M2tuOaIAA65pLQ0WoMNLtSGvgC78dTPhxJdLGAfeLQ S6rHUCrH/AWuxAkWsB+GQ2Rg3ndLfD15uBO0iwCCVG8eWZa/qMSQAQkukpmg/Yw0hFci5Mu9PPb kG1Qu05KISZfAOtGeC89gOMRYa5irnC2zv72KhKpug1/RpwN6XO4QtFM3imvMjC1ex5R9L+moMF C+qbykG7io7nA7YnJMlx3JSnjxwQK5sVJVep8306S0+2OsPOyGglP5YZxn+1p/+1Qtg/Ll9AJiw BKcHdtwVC+QDVCeWOeDGNpeVbT7UWniM1 X-Google-Smtp-Source: AGHT+IFLIZqtdyB586XGL7BZF3ltsD3dhHx63zKrEdsvwLszqHVFUdLBJLGnB6J6lNIv2VbhyBQi/A== X-Received: by 2002:a17:907:2d91:b0:ab2:b863:b7fa with SMTP id a640c23a62f3a-ab789c1ce64mr946683266b.44.1739099457511; Sun, 09 Feb 2025 03:10:57 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-ab79afc7452sm357516366b.163.2025.02.09.03.10.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 09 Feb 2025 03:10:57 -0800 (PST) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Andrew Lunn , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH v6 net-next 09/14] netfilter: nft_flow_offload: Add NFPROTO_BRIDGE to validate Date: Sun, 9 Feb 2025 12:10:29 +0100 Message-ID: <20250209111034.241571-10-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250209111034.241571-1-ericwouds@gmail.com> References: <20250209111034.241571-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org Need to add NFPROTO_BRIDGE to nft_flow_offload_validate() to support the bridge-fastpath. Reviewed-by: Nikolay Aleksandrov Signed-off-by: Eric Woudstra --- net/netfilter/nft_flow_offload.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index 5ef2f4ba7ab8..323c531c7046 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -421,7 +421,8 @@ static int nft_flow_offload_validate(const struct nft_ctx *ctx, if (ctx->family != NFPROTO_IPV4 && ctx->family != NFPROTO_IPV6 && - ctx->family != NFPROTO_INET) + ctx->family != NFPROTO_INET && + ctx->family != NFPROTO_BRIDGE) return -EOPNOTSUPP; return nft_chain_validate_hooks(ctx->chain, hook_mask); From patchwork Sun Feb 9 11:10:30 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13966785 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-ej1-f46.google.com (mail-ej1-f46.google.com [209.85.218.46]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 171741C1AB6; Sun, 9 Feb 2025 11:11:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.46 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739099464; cv=none; b=IIwie14tWVrA8S3+XegIzROAu7e2xET4T3XmpUa+5OkCHfIvXwqxl0zP6naJukMUi4OAFJv9dp5CVK1URHHlo0kWhK0K4um5lc0nZ6zGDbXB35g2IFlKK83somgdfztHAPtXn+I27EgahF+4NxMWBDK+dqokyCMC1xYVI0rP86A= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739099464; c=relaxed/simple; bh=Xf5mlATXYp8EYoXU9a3w+XGI157o2p4WZAmB5ikh7tM=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=N0rrf87lfybMUR1m7OF04N5DIjmDZzuALnFYw+5sRjNtcisHTFvPu5JVwjIskRrjU1tNRB3gGnBVctnz+0rZ1L/KKizS2pIJKBN0f1UvlbmIP6id/wdjIaM8MFaXDzDjw12G+a6BM/LPQFg/nDC3WgUm+e5j9bHg0kI1+W/7xsw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=Tpt+wjsv; arc=none smtp.client-ip=209.85.218.46 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="Tpt+wjsv" Received: by mail-ej1-f46.google.com with SMTP id a640c23a62f3a-ab7157cf352so885998566b.0; Sun, 09 Feb 2025 03:11:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1739099459; x=1739704259; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=mNvAyhAv6GepxNEYkCskllQBVi38mrCeZ4SsbbR7WSY=; b=Tpt+wjsvZPQZseFgPpKAWw/mxdBW/GP3dfXnX/u35gNgRovRLnqnJVwrQYxM8YglJI avdiw8miVaYGM61YHn/R0pzxtnSYdRwET2DaiakoHep4moxWFWLsRBeti4WefNgxL/eq wYlh2Q4ttR/jmBS5fTUtjWiBslH3Szi482kyKqWEg3r6fDZ/9yJ2y8f6VQBE98Mxyov9 0quQC8xmeFXJNAEen6rB8tw9lxD81mzcqBKTFqcvkkJA5YxAW0w/bo0B6rfq+LWQRic1 2B1kh/cSFBPU8nlW4IjPLs/9iem9a6EcRoxzCFmXRFGyCZcqAs6wy3SVkcdllM66xEdP mM8w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1739099459; x=1739704259; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=mNvAyhAv6GepxNEYkCskllQBVi38mrCeZ4SsbbR7WSY=; b=Pp7IkpvJJgFfqmdXlI/nZPRjjVrXTVgvr7Dr8lG+OdFWGlo5W/3yHGhIOE9Maii0UO 9bYuyHyGzJEKZPx1DD+GpfT8AkiAQ9XR17F0qh4e7ZWq7tIKVNZUCeRkDCSus+HkBwos LfLGABSs3ypHvXtZOHcFWPfTxpkSRxf6xvJIaa2c7hnBnkC2zuAUeiCOz0yn8CtYe0EM IbHOr8XQAfLfTt1gk31t6g3eyfiiGCc5XLMkTUPhQuXdq42lqrNghOufxKdGT5kFaAg1 X5QZz4o29KQZM8AOTyAvL15F+10TzMsKaIr94RGsmG1az+wWavpb0qTZdhn/2ZE/TCKZ Jvwg== X-Forwarded-Encrypted: i=1; AJvYcCUKdIDCRwZ5k75LA6J7cXnmQKHcOcY7W4hFp9L+2DRJ+wBc3E20p0BI//4e1qZk0WXq6OLVfl4zv6sKWtcjITUu@vger.kernel.org, AJvYcCW6SDX3V16yP7cegQDdS/LnR11sNHMW1/kg4XE8gRwTPpuNkuv6ygR/bNxdRIwkVJFItyrJQr1k6OBcEAk=@vger.kernel.org X-Gm-Message-State: AOJu0YyObD9EZw/r0mXlqJB8Dub+x3lrWf9wjkWpAt3fbIyGZu2UQ9VS QSg6j2I/Rn/hO/xDwNN0vm2k9Q+u3eZPmC+SOF/b5AP+HQ4SZ60I X-Gm-Gg: ASbGncse87ZmbHXvo0mh46wFaw61gc+8TKB8080ZDNaYxYte2Pry+qQTUIUaCH6ZqQH oI0GTIZnofA4ceNNBEBOhR6YdICto/F516FpnaFyor/QZyMfBZaNSCYf4G0hsIqe3Q0rtqx/oYk XuUGHiAWgt9HEv1AEuGZaNJZ7lXJsWvGANSn1QIKvUj4U0skM66wr3Qd4OOY8imwgmZF52gV5Zs PocIxhGo7sQspBU4D4QJOnpdMwplWr5xew6lRXGOemabT1ENkLrIAusKmpa2RXWwOQP6ky4GdrQ NEQPoKTY8CRbCDzAflUbnle7dtbdoxIDIF059XAWUHz1oIRazBcUDqKPH2xbcLD6TmoZjAjcizj U1cYxXXdoSFjE/H1uHraLgBC+8YAs6VIZ X-Google-Smtp-Source: AGHT+IFJaFbx7ete5KJozyvNC8/oWulX5RI94rWh7h2VsoTHF0Lp2lI///kU0TTT1M4WqEm7capUsA== X-Received: by 2002:a17:907:9719:b0:ab2:f255:59f5 with SMTP id a640c23a62f3a-ab789b4a40dmr1114278166b.16.1739099459229; Sun, 09 Feb 2025 03:10:59 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-ab79afc7452sm357516366b.163.2025.02.09.03.10.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 09 Feb 2025 03:10:58 -0800 (PST) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Andrew Lunn , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH v6 net-next 10/14] netfilter: nft_flow_offload: Add DEV_PATH_MTK_WDMA to nft_dev_path_info() Date: Sun, 9 Feb 2025 12:10:30 +0100 Message-ID: <20250209111034.241571-11-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250209111034.241571-1-ericwouds@gmail.com> References: <20250209111034.241571-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org In case of using mediatek wireless, in nft_dev_fill_forward_path(), the forward path is filled, ending with mediatek wlan1. Because DEV_PATH_MTK_WDMA is unknown inside nft_dev_path_info() it returns with info.indev = NULL. Then nft_dev_forward_path() returns without setting the direct transmit parameters. This results in a neighbor transmit, and direct transmit not possible. But we want to use it for flow between bridged interfaces. So this patch adds DEV_PATH_MTK_WDMA to nft_dev_path_info() and makes direct transmission possible. Signed-off-by: Eric Woudstra --- net/netfilter/nft_flow_offload.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index 323c531c7046..b9e6d9e6df66 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -105,6 +105,7 @@ static void nft_dev_path_info(const struct net_device_path_stack *stack, switch (path->type) { case DEV_PATH_ETHERNET: case DEV_PATH_DSA: + case DEV_PATH_MTK_WDMA: case DEV_PATH_VLAN: case DEV_PATH_PPPOE: info->indev = path->dev; @@ -117,6 +118,10 @@ static void nft_dev_path_info(const struct net_device_path_stack *stack, i = stack->num_paths; break; } + if (path->type == DEV_PATH_MTK_WDMA) { + i = stack->num_paths; + break; + } /* DEV_PATH_VLAN and DEV_PATH_PPPOE */ if (info->num_encaps >= NF_FLOW_TABLE_ENCAP_MAX) { From patchwork Sun Feb 9 11:10:31 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13966786 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-ej1-f44.google.com (mail-ej1-f44.google.com [209.85.218.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5AD611C4A20; Sun, 9 Feb 2025 11:11:03 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.44 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739099465; cv=none; b=dqMJIsDkA0fRUSoyW6rGUCfk6bYCdXawCf6RaDvTvINlUPh2jxTVH+O1+RLPxgJ9N5pcpUJE2Fw2Z5SyKXc7enNPJJL0Ft5dvXVdv+88qXTqho41DW6nOJbUDrAe/xNR86Iwo9/sy20D5BdF63jnbMZaojek6dtkFd8NKuo5mqs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739099465; c=relaxed/simple; bh=eot2qzjFYblE5xeGOIs0eZ0Yx1RMdl3bwN0jHhnk9xM=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=DgS6eFtFxCqUFl1R3agR7OGvIJ2M9LsW42hMNk4tZ5Qt297HIDbE4gzbKmLuZcy4kWX6wtDImG5KtTAFQf+zccF9WNq6DSeQwu9v4wKOF16OgH2R7l/dqIOLv9ZYauMuqcPYlsYAoW81822TNF7B8OWzAn6tdhz1AWnQDqXE49g= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=gAYzIKIB; arc=none smtp.client-ip=209.85.218.44 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="gAYzIKIB" Received: by mail-ej1-f44.google.com with SMTP id a640c23a62f3a-ab7c14b880dso303866b.1; Sun, 09 Feb 2025 03:11:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1739099462; x=1739704262; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=x342s989e3SqEpDprSMMdkIM/WvPO0edPGoockwe0Ec=; b=gAYzIKIBQj5NfeIIS5cS1Vj+8PZSWQstYg3Yi1Y5WOudOmO+nODICJMK0zID/s/uTk cmppT+usqansBT3NWoJrE/IPdTBP9ow4ZA7oZjD0ru2yTs7LhtXW9ZUL6tS8qjQcCMQA wXojlKdbu9Rjg+DtWseCu+DxG059qCu5MtFAm8hIoGk7cvubSUaE1ndOdXnuS25NF7XS K9dnq1QnSndsngU7t7VV3IaYFh3HE42ben4fUjB2OKm6wa0Oh0+nYE+NCcuG16rTcyDO bt6TEudqTxbmoM/LQcN/kPOtjVQ8vQEHQ5KuB66yqAqqtYKo4ByZ/UWYwF+SvAQBoR+S xmRQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1739099462; x=1739704262; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=x342s989e3SqEpDprSMMdkIM/WvPO0edPGoockwe0Ec=; b=k5xXamO2TX8I/BTKy/Z5HTV4rxleNoQ0NuB+6nMhAMRtlrpWVbBZNVr729T5PdNP4G tKoNFUpJSXWmG9HORXlyD33sBXWEClNo0aj254MpVDyF/uhe31dRoxJHNH9oE7uoNDf8 0vhptFn2MBfCQ3hXA1S8IF3cLamUmCZq9hBJQtkvPQ/y4WHOAJ7EnQu6mrzCSvixUSkf F3vUpeSZPca/ZwKi9T7SFXAGY1nDv3QQNEySPT+d+kaCXIahdz6ej2Cw7O2Qti87WOkU 6qnxd2VHEZygOAzj5RyzCGDiCTZMwty0ly0M28KpA5xGW9+EYLjww485Ov2fFTNvCL89 dsRA== X-Forwarded-Encrypted: i=1; AJvYcCUyaMtl1HiRWU3RLxeJ3zoDSbWjLBoTZNVc85GTeCK9njtweZlbV7gguupNBkZLnuN5tUmDUX9OaHENuKY=@vger.kernel.org, AJvYcCVFZflMDZC3uG4F27NDSHStrwWx0AnrTOPzeZrp/UP2wCoRArzLdfkofCMjxVv7mmKGXxmBqZ00vYC+JG1rncQu@vger.kernel.org X-Gm-Message-State: AOJu0YxONs9+xvCiTsjLoYSe2HSvTtiCMK1Uu4MxVCNvNlTG4Mxuv/ij 5a3g2knS3Y5I+5B99O2NTUqmPtrurgobe9PyRkkqkZGszq9EWl4a X-Gm-Gg: ASbGncvvitLuqNqkpJkVnvAss/offN25srotRJYyN3x6eKwu2qSzixYiUuPpM5ZH2qd qOgHQozSsHE2EgdgFBtyu59LoRMZYHVJ+xGDL4ZbUghsjny4lZiJOHZzg5PON0NGLJEIeujJ3rI Wideua1Aiv0vgkg3can7LtbAn2i9r6h9VvwfdG+nxLSuJsEFu08jwXLvjN/1wOZj6UVU+M0sd6g KOUdKVrY32YYYDW9g2bMk2L3fW1YQaeYVuf+IZCQ5eu2Ywybp7YQARbJitxWKgB8SY4WlKkCFHE 7gWt8Ol9yhysSvc/fTWXLzIlQpBczYRg298xjpHyC+E7L1aBUlm21R5drg1x7rBjhJf6YUtfXGS hwN6engEaEim78+qXEhAp1FXQRYWLVxIj X-Google-Smtp-Source: AGHT+IGzFOqbzdxNGu8XFTKkecQMR7PLLsHBIzTQkjtLs9gLGZn/h4ghB6cukLwFR4KP5Q7Rs/NF3g== X-Received: by 2002:a17:907:c283:b0:aa6:66eb:9c06 with SMTP id a640c23a62f3a-ab789a9be1fmr1119975466b.5.1739099461657; Sun, 09 Feb 2025 03:11:01 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-ab79afc7452sm357516366b.163.2025.02.09.03.10.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 09 Feb 2025 03:11:00 -0800 (PST) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Andrew Lunn , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH v6 net-next 11/14] netfilter: nft_flow_offload: No ingress_vlan forward info for dsa user port Date: Sun, 9 Feb 2025 12:10:31 +0100 Message-ID: <20250209111034.241571-12-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250209111034.241571-1-ericwouds@gmail.com> References: <20250209111034.241571-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org The bitfield info->ingress_vlans and correcponding vlan encap are used for a switchdev user port. However, they should not be set for a dsa user port. Reviewed-by: Nikolay Aleksandrov Signed-off-by: Eric Woudstra --- net/netfilter/nft_flow_offload.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index b9e6d9e6df66..c95fad495460 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -116,6 +116,11 @@ static void nft_dev_path_info(const struct net_device_path_stack *stack, break; if (path->type == DEV_PATH_DSA) { i = stack->num_paths; + if (!info->num_encaps || + !(info->ingress_vlans & BIT(info->num_encaps - 1))) + break; + info->num_encaps--; + info->ingress_vlans &= ~BIT(info->num_encaps - 1); break; } if (path->type == DEV_PATH_MTK_WDMA) { From patchwork Sun Feb 9 11:10:32 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13966787 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-ej1-f46.google.com (mail-ej1-f46.google.com [209.85.218.46]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 281481C5D70; Sun, 9 Feb 2025 11:11:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.46 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739099467; cv=none; b=av4nh8hlWP/cbTSvkoMCsI5ZPaAPn3bcfDT9a+9pacLqmEQW4Qsxf6nfxjvdY6maaRbeBTajzoOA3djU20GsNQLQKbCEDwisMQEeSK63AjwUcbAv8ge8tuXV8HaePBqOLS0NneuO+T7GoNj8iL1Gu/xXaPih6mCKq1dIMaW+mpk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739099467; c=relaxed/simple; bh=Alfhc9EKIQsDXuu7DZ4Xsbu+TvBOZrz4+p4TjWnkxMw=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Udk3p7HfC6U5vheqezu5Pqo9pwKNelBBbkC7QZiQcwbC55mJxuDic8l1ZHdr1oXXNr69WqngaX7kR4vXxABC2IO6afbflnW5WSXA1B4G7fCD+y4mYA7nf0fHCCVJFMACY1PkG+cbx1hYL66x5OEiaN1uqhBnVyQc91EMD20INmI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=md+eB7Ov; arc=none smtp.client-ip=209.85.218.46 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="md+eB7Ov" Received: by mail-ej1-f46.google.com with SMTP id a640c23a62f3a-aaf900cc7fbso592600266b.3; Sun, 09 Feb 2025 03:11:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1739099464; x=1739704264; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=MLFyWCTCUD6FnAh+KZFSquDAE29p8xniCarl03N5Ju8=; b=md+eB7Ovb2dKPtIcUU3fFnsTy0/n6VJzgRzkhOYgc2HGvmEbqO8/IKk1H31wwNmJsW jwiyuBoVjhFa1Y9g0/0qHRR3J4ZrUTQgZa4DzThhUJDRMbttTu5id5QUmOcnuCWpZRcK cIrHW/3cez8PPpmk15qwdNwnQvCc3+hVSxoaAKAGdLoMObjJs5S3jUCFPVvRWZO1cLvI OUEEvBWFBOPNYJ16ROo9i1v8VBjAC/DmUiQ/R0SO3yGGgC0CYfq7GeD1RIcMaH5lr+kr ZtBG4noNGPN1vi9nRBNeS/yz89txzGjw6Ihj+FBtZSVfXPeYKkgX2Ri58LboXwv4WLku h0qA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1739099464; x=1739704264; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=MLFyWCTCUD6FnAh+KZFSquDAE29p8xniCarl03N5Ju8=; b=e+WAF/Ir3hSShADrX6u+7mZQ0MmtgwkTNNc48yE+AIPsYj/4qh4T8jhJaHsgYSi/cq AZEua05So6jgJhYDvoKs5/YdBmWf1uA8bf6caQusO+zZxqzW53rQtvywqECENOeEhOaN LYkaZhzr0QTBPo7n1hbPjdw3YO8z60kB7Fk+RUb939YCNtQLD9H7WvKQgdDw2LonlM8e zwNe17qoGNEoTId3zKlQD574elOmuDMlu2P7DjTgZz7sf2xBhrppM0r2PSy6Tpe7UUye lppi6B79V0QNjZCK5wAqGN/VdD6uPkYzvCgdbzMPan5hxvS5ens5WBhRThCFcfFOR4Ad 5V+A== X-Forwarded-Encrypted: i=1; AJvYcCU8fyo/MvuohG2VbsKXhbOdBVzv4Z9JQEV8S4rKMoP1PwgLE/TE3zYsKxfAOZn3c3B4OD/WFQw8mrgsff9QaQf/@vger.kernel.org, AJvYcCV551Q+Ps0W+7lHb8Lhp+W1UC5v84Mp+qS591fynjXVDUetcwloX3ahFXfO1eE9w39Pc1jJoLdEXUQNejM=@vger.kernel.org X-Gm-Message-State: AOJu0YzoeLMYgZZBNvW8gaMVwYJ9r4C3hYQhDMkxba6r31rj62nkVSuH GcqlIK21wn2MMh8x9+9u6TwKuFj9Ul5+pHu298VBzaV9heAAaqqS X-Gm-Gg: ASbGnctSxkL3LUp/60jN/uuO0ghfr3c6dH0hEl+tvbtXBmP6uSL5FMgHK8t3fxpxjDQ ObCQGk8kS10DJL9EQy7fzv0Z4iJIjH38Yfn9bMxcsBV0wm3QQorEh31wGvEwJV5F6OH+W5rS4fA m+2G7y1X/wYDOezM1pDZJHWKVnTOJm7J1isspvme9O+WeaQQqPue0Y+X/mee9U5Q1szf5FlDA1Z b2gVwzv7zLsOTZA2UBoYiR1+lUe4pg+0+NMb36O+gfonKQDnPvqEh+PO6Zf5tFb1JLh6tsnaxh8 4H7Ff6BuBoJA0NRG95OV4ndCO0SAa9CqKdd7GL9TbsHUAAyXQiPIv6MCZrAWFLUttkWXsK341w6 TtF8dR6RzXdrh3kIpNnbdKwDKElH0k5to X-Google-Smtp-Source: AGHT+IGN8/DQL79zfdxqO4LqCoTnCvHIJd2uCvtrisnz+3oFM0ZFwhG8ZkytPuFS7pOFlrgKVEXQFA== X-Received: by 2002:a17:907:7f8c:b0:ab7:a48e:baad with SMTP id a640c23a62f3a-ab7a48ecc06mr470923266b.4.1739099463484; Sun, 09 Feb 2025 03:11:03 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-ab79afc7452sm357516366b.163.2025.02.09.03.11.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 09 Feb 2025 03:11:03 -0800 (PST) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Andrew Lunn , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH v6 net-next 12/14] bridge: No DEV_PATH_BR_VLAN_UNTAG_HW for dsa foreign Date: Sun, 9 Feb 2025 12:10:32 +0100 Message-ID: <20250209111034.241571-13-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250209111034.241571-1-ericwouds@gmail.com> References: <20250209111034.241571-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org In network setup as below: fastpath bypass .----------------------------------------. / \ | IP - forwarding | | / \ v | / wan ... | / | | | | | brlan.1 | | | +-------------------------------+ | | vlan 1 | | | | | | brlan (vlan-filtering) | | | +---------------+ | | | DSA-SWITCH | | | vlan 1 | | | | to | | | | untagged 1 vlan 1 | | +---------------+---------------+ . / \ ----->wlan1 lan0 . . . ^ ^ vlan 1 tagged packets untagged packets br_vlan_fill_forward_path_mode() sets DEV_PATH_BR_VLAN_UNTAG_HW when filling in from brlan.1 towards wlan1. But it should be set to DEV_PATH_BR_VLAN_UNTAG in this case. Using BR_VLFLAG_ADDED_BY_SWITCHDEV is not correct. The dsa switchdev adds it as a foreign port. The same problem for all foreignly added dsa vlans on the bridge. First add the vlan, trying only native devices. If this fails, we know this may be a vlan from a foreign device. Use BR_VLFLAG_TAGGING_BY_SWITCHDEV to make sure DEV_PATH_BR_VLAN_UNTAG_HW is set only when there if no foreign device involved. Acked-by: Nikolay Aleksandrov Signed-off-by: Eric Woudstra --- include/net/switchdev.h | 1 + net/bridge/br_private.h | 10 ++++++++++ net/bridge/br_switchdev.c | 15 +++++++++++++++ net/bridge/br_vlan.c | 7 ++++++- net/switchdev/switchdev.c | 2 +- 5 files changed, 33 insertions(+), 2 deletions(-) diff --git a/include/net/switchdev.h b/include/net/switchdev.h index 8346b0d29542..ee500706496b 100644 --- a/include/net/switchdev.h +++ b/include/net/switchdev.h @@ -15,6 +15,7 @@ #define SWITCHDEV_F_NO_RECURSE BIT(0) #define SWITCHDEV_F_SKIP_EOPNOTSUPP BIT(1) #define SWITCHDEV_F_DEFER BIT(2) +#define SWITCHDEV_F_NO_FOREIGN BIT(3) enum switchdev_attr_id { SWITCHDEV_ATTR_ID_UNDEFINED, diff --git a/net/bridge/br_private.h b/net/bridge/br_private.h index a0b950390a16..b950db453d8d 100644 --- a/net/bridge/br_private.h +++ b/net/bridge/br_private.h @@ -180,6 +180,7 @@ enum { BR_VLFLAG_MCAST_ENABLED = BIT(2), BR_VLFLAG_GLOBAL_MCAST_ENABLED = BIT(3), BR_VLFLAG_NEIGH_SUPPRESS_ENABLED = BIT(4), + BR_VLFLAG_TAGGING_BY_SWITCHDEV = BIT(5), }; /** @@ -2184,6 +2185,8 @@ void br_switchdev_mdb_notify(struct net_device *dev, int type); int br_switchdev_port_vlan_add(struct net_device *dev, u16 vid, u16 flags, bool changed, struct netlink_ext_ack *extack); +int br_switchdev_port_vlan_no_foreign_add(struct net_device *dev, u16 vid, u16 flags, + bool changed, struct netlink_ext_ack *extack); int br_switchdev_port_vlan_del(struct net_device *dev, u16 vid); void br_switchdev_init(struct net_bridge *br); @@ -2267,6 +2270,13 @@ static inline int br_switchdev_port_vlan_add(struct net_device *dev, u16 vid, return -EOPNOTSUPP; } +static inline int br_switchdev_port_vlan_no_foreign_add(struct net_device *dev, u16 vid, + u16 flags, bool changed, + struct netlink_ext_ack *extack) +{ + return -EOPNOTSUPP; +} + static inline int br_switchdev_port_vlan_del(struct net_device *dev, u16 vid) { return -EOPNOTSUPP; diff --git a/net/bridge/br_switchdev.c b/net/bridge/br_switchdev.c index 7b41ee8740cb..efa7a055b8f9 100644 --- a/net/bridge/br_switchdev.c +++ b/net/bridge/br_switchdev.c @@ -187,6 +187,21 @@ int br_switchdev_port_vlan_add(struct net_device *dev, u16 vid, u16 flags, return switchdev_port_obj_add(dev, &v.obj, extack); } +int br_switchdev_port_vlan_no_foreign_add(struct net_device *dev, u16 vid, u16 flags, + bool changed, struct netlink_ext_ack *extack) +{ + struct switchdev_obj_port_vlan v = { + .obj.orig_dev = dev, + .obj.id = SWITCHDEV_OBJ_ID_PORT_VLAN, + .obj.flags = SWITCHDEV_F_NO_FOREIGN, + .flags = flags, + .vid = vid, + .changed = changed, + }; + + return switchdev_port_obj_add(dev, &v.obj, extack); +} + int br_switchdev_port_vlan_del(struct net_device *dev, u16 vid) { struct switchdev_obj_port_vlan v = { diff --git a/net/bridge/br_vlan.c b/net/bridge/br_vlan.c index 07dae3655c26..3e50adaf8e1b 100644 --- a/net/bridge/br_vlan.c +++ b/net/bridge/br_vlan.c @@ -109,6 +109,11 @@ static int __vlan_vid_add(struct net_device *dev, struct net_bridge *br, /* Try switchdev op first. In case it is not supported, fallback to * 8021q add. */ + err = br_switchdev_port_vlan_no_foreign_add(dev, v->vid, flags, false, extack); + if (err != -EOPNOTSUPP) { + v->priv_flags |= BR_VLFLAG_ADDED_BY_SWITCHDEV | BR_VLFLAG_TAGGING_BY_SWITCHDEV; + return err; + } err = br_switchdev_port_vlan_add(dev, v->vid, flags, false, extack); if (err == -EOPNOTSUPP) return vlan_vid_add(dev, br->vlan_proto, v->vid); @@ -1491,7 +1496,7 @@ int br_vlan_fill_forward_path_mode(struct net_bridge *br, if (path->bridge.vlan_mode == DEV_PATH_BR_VLAN_TAG) path->bridge.vlan_mode = DEV_PATH_BR_VLAN_KEEP; - else if (v->priv_flags & BR_VLFLAG_ADDED_BY_SWITCHDEV) + else if (v->priv_flags & BR_VLFLAG_TAGGING_BY_SWITCHDEV) path->bridge.vlan_mode = DEV_PATH_BR_VLAN_UNTAG_HW; else path->bridge.vlan_mode = DEV_PATH_BR_VLAN_UNTAG; diff --git a/net/switchdev/switchdev.c b/net/switchdev/switchdev.c index 6488ead9e464..c48f66643e99 100644 --- a/net/switchdev/switchdev.c +++ b/net/switchdev/switchdev.c @@ -749,7 +749,7 @@ static int __switchdev_handle_port_obj_add(struct net_device *dev, /* Event is neither on a bridge nor a LAG. Check whether it is on an * interface that is in a bridge with us. */ - if (!foreign_dev_check_cb) + if (!foreign_dev_check_cb || port_obj_info->obj->flags & SWITCHDEV_F_NO_FOREIGN) return err; br = netdev_master_upper_dev_get(dev); From patchwork Sun Feb 9 11:10:33 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13966788 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-ej1-f47.google.com (mail-ej1-f47.google.com [209.85.218.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DE9E11CAA70; Sun, 9 Feb 2025 11:11:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.47 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739099468; cv=none; b=KalW6AN4ftf4lqzuIf2ywWTH1w1N/s6cqu9oYfOT7o3tKgGBM//UHFi/bAz09MQtaiiYMbpfPOTbyMS4OsGbXtfOeWiCl4KZEiN3RUFw60xg5Zmppg+fMb5AViUWwonLmDnh6t+6fQx/ODpQLx/t0/eFP/8tZPLQCiNjcev4PBM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739099468; c=relaxed/simple; bh=XZoyPUjQN/+20T26Lym986aR6M2k2HvcTymZcYiPB2M=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=kUZTcOL5UyzK7XYe8OEUMuBl/Uzm/hhtz4FKqOWfidbLEWE8OCY77qnV9uqL63UeVfEpoGeC9DKL6zURZxGOLn5tV2CSPIyyChz6MZSo2yWPcpGnfGkC8N2ZsGqKINvT3u/kDxXYgjqrVzdR5uubt/QXTr94l6ODoC7siH3gZm4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=XKJg2BrM; arc=none smtp.client-ip=209.85.218.47 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="XKJg2BrM" Received: by mail-ej1-f47.google.com with SMTP id a640c23a62f3a-ab7a862c937so133537366b.3; Sun, 09 Feb 2025 03:11:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1739099465; x=1739704265; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=21wGozzdg/kg90PQGRE5o7in49y5R5W2VgpxxyORYJo=; b=XKJg2BrMAERt4/YK2CkPsmxuYhd5hSVVN0b9tGUIt4pBlaW6tnCkKv5SZgumeM7cme Gola0/9XjKqyZzNsyAse892wEntZzp4z7vbREsD001w14F56iYFC7rX3cB7Vd8BGCEKt uEwkOVOhFgB0fQJjR9B7EhVMG/01/2bbFap22r+yTgRQqv2KMZMxqq36liOueWbyk8Kd 1nN3Z+hTWbK5hGw1woxOJbdsxm8hRy6qlmNBqfXBK1CRmHl00y7dvh5nWObi2ugss2Ms tgnAW0yAe1et3cSIgFDSee8GkLlUrpuVEYoolrrtL0i2GX87mzZgOVfJLV3OoFb7snB3 dSEg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1739099465; x=1739704265; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=21wGozzdg/kg90PQGRE5o7in49y5R5W2VgpxxyORYJo=; b=l/o1lr7OIQ5fKrY4bnXKO7YRVoP45gJiKMXMTsHi88VmCa9XBGxeItLZ6OMcLLybA7 kZCB9c9yplXsTL4vsWrJvFXZe2yFpaBLNoMj6CQvhBiijdYt+nXUZVG9jBYl7T3uwV51 KzXSCWnIykNBO5uBCXsDswfKWmVOuaBUDD4joGAHwlPrV74sfb2tc8gUo5RMeFwtEAVB 7hTA53MgPIy5k1EmFokAgKQ/tLpeq9wuIbg2HAMOuQYAsojwAxHibn4DPStmHy908JTq 4c/aOFkbUmZq191OSRATncyMDo+7zQ2mT8ikwut6uV9m6xg8ALBF2fIpgTnWMdskv7uL I/wQ== X-Forwarded-Encrypted: i=1; AJvYcCXQJg7V+1lcxf5WdGPQywupN/hiAcFdJUB/l5J+UPaS4By+jNWKvaZerk5c5VViYj5KcAJLCudeii/y/U/Gdvry@vger.kernel.org, AJvYcCXZ3nu1uVBymQGWvrA4XtzAOLjXL+FhallGeEIfzNYdKMCRZ39CU1rmEdEXTtfmkhEliv9MdWJenZEWvnA=@vger.kernel.org X-Gm-Message-State: AOJu0Yw2eF1mQs8a+SXIv/DNKNx0IeeC8Dz/QnUpJwpmNiS6KVPc/aA6 Tq0WmUAAOAbBFQeSb//bREsNVn519DpLjS6gYdZFL6+PG16q+DGL X-Gm-Gg: ASbGncsNkoYioRvxP+aijCu9Vd/f4Bg+9vEjtPPqk55a36OrUxzq1RDxboMV+SF7euT DSeNOgz1PvbdjEDZzHqykRm+6f4pEITFuC6RjARxWe5MI2wGHYxLLSUmYAIKurLBfpTen5f9xcY F6rCCPZi4PdiS9mcikMZ+uyOv8QSlSEdFlKQdffuE8jO7bVI4vFWlleGZwBUrnJxgJ12Jhu0MCk bqmGzKu/pYtQ4AYywD//rhJRdQjceNobaOBZ0f61FNgZb93JyuZujkpEgvmjmY7CXFoJcqrctc2 ktxnKixAeLvgQu3JyCwllMxe3I5LyqWuTfFAH9Zo6EAvbEODdJiiVKtxAa13xaFrYr8dAJBELe9 b57g7dUfepbaQmo+Zel/3PgEwgWwVd8xE X-Google-Smtp-Source: AGHT+IFCN56S7YNhxymBxkzw1XBWVzH4BKvgunr9+9DooHHAtJHeUPUaPpWkQeeGjmJ70qNtwfqBzw== X-Received: by 2002:a17:907:60c9:b0:ab7:bf2f:422e with SMTP id a640c23a62f3a-ab7bf2f54cemr32650866b.27.1739099465160; Sun, 09 Feb 2025 03:11:05 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-ab79afc7452sm357516366b.163.2025.02.09.03.11.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 09 Feb 2025 03:11:04 -0800 (PST) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Andrew Lunn , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH v6 net-next 13/14] bridge: Introduce DEV_PATH_BR_VLAN_KEEP_HW for bridge-fastpath Date: Sun, 9 Feb 2025 12:10:33 +0100 Message-ID: <20250209111034.241571-14-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250209111034.241571-1-ericwouds@gmail.com> References: <20250209111034.241571-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org This patch introduces DEV_PATH_BR_VLAN_KEEP_HW. It is needed in the bridge fastpath for switchdevs supporting SWITCHDEV_OBJ_ID_PORT_VLAN. It is similar to DEV_PATH_BR_VLAN_TAG, with the correcponding bit in ingress_vlans set. In the forward fastpath it is not needed. Acked-by: Nikolay Aleksandrov Signed-off-by: Eric Woudstra --- include/linux/netdevice.h | 1 + net/bridge/br_device.c | 4 ++++ net/bridge/br_vlan.c | 18 +++++++++++------- net/netfilter/nft_flow_offload.c | 3 +++ 4 files changed, 19 insertions(+), 7 deletions(-) diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h index 9f925dc3d1d1..923dbfc589ba 100644 --- a/include/linux/netdevice.h +++ b/include/linux/netdevice.h @@ -869,6 +869,7 @@ struct net_device_path { DEV_PATH_BR_VLAN_TAG, DEV_PATH_BR_VLAN_UNTAG, DEV_PATH_BR_VLAN_UNTAG_HW, + DEV_PATH_BR_VLAN_KEEP_HW, } vlan_mode; u16 vlan_id; __be16 vlan_proto; diff --git a/net/bridge/br_device.c b/net/bridge/br_device.c index c7646afc8b96..112fd8556217 100644 --- a/net/bridge/br_device.c +++ b/net/bridge/br_device.c @@ -430,6 +430,10 @@ static int br_fill_forward_path(struct net_device_path_ctx *ctx, case DEV_PATH_BR_VLAN_UNTAG: ctx->num_vlans--; break; + case DEV_PATH_BR_VLAN_KEEP_HW: + if (!src) + path->bridge.vlan_mode = DEV_PATH_BR_VLAN_KEEP; + break; case DEV_PATH_BR_VLAN_KEEP: break; } diff --git a/net/bridge/br_vlan.c b/net/bridge/br_vlan.c index 3e50adaf8e1b..8ac1a7a22b2e 100644 --- a/net/bridge/br_vlan.c +++ b/net/bridge/br_vlan.c @@ -1494,13 +1494,17 @@ int br_vlan_fill_forward_path_mode(struct net_bridge *br, if (!(v->flags & BRIDGE_VLAN_INFO_UNTAGGED)) return 0; - if (path->bridge.vlan_mode == DEV_PATH_BR_VLAN_TAG) - path->bridge.vlan_mode = DEV_PATH_BR_VLAN_KEEP; - else if (v->priv_flags & BR_VLFLAG_TAGGING_BY_SWITCHDEV) - path->bridge.vlan_mode = DEV_PATH_BR_VLAN_UNTAG_HW; - else - path->bridge.vlan_mode = DEV_PATH_BR_VLAN_UNTAG; - + if (path->bridge.vlan_mode == DEV_PATH_BR_VLAN_TAG) { + if (v->priv_flags & BR_VLFLAG_TAGGING_BY_SWITCHDEV) + path->bridge.vlan_mode = DEV_PATH_BR_VLAN_KEEP_HW; + else + path->bridge.vlan_mode = DEV_PATH_BR_VLAN_KEEP; + } else { + if (v->priv_flags & BR_VLFLAG_TAGGING_BY_SWITCHDEV) + path->bridge.vlan_mode = DEV_PATH_BR_VLAN_UNTAG_HW; + else + path->bridge.vlan_mode = DEV_PATH_BR_VLAN_UNTAG; + } return 0; } diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index c95fad495460..c0c310c569cd 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -148,6 +148,9 @@ static void nft_dev_path_info(const struct net_device_path_stack *stack, case DEV_PATH_BR_VLAN_UNTAG_HW: info->ingress_vlans |= BIT(info->num_encaps - 1); break; + case DEV_PATH_BR_VLAN_KEEP_HW: + info->ingress_vlans |= BIT(info->num_encaps); + fallthrough; case DEV_PATH_BR_VLAN_TAG: info->encap[info->num_encaps].id = path->bridge.vlan_id; info->encap[info->num_encaps].proto = path->bridge.vlan_proto; From patchwork Sun Feb 9 11:10:34 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13966789 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-ej1-f54.google.com (mail-ej1-f54.google.com [209.85.218.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C21751D5170; Sun, 9 Feb 2025 11:11:08 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.54 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739099470; cv=none; b=P+R35y6hJj8dSZupunppmTAd+LxZ8RTPt5vlR/4LckX8nnAUNkFLuUdLrf7gewC5FW+mI0+RCaixtb4QjB1Ouo11IjMHkTPXbl3/qD/IJnbSpVEeqn+hg/2NY18Cd1LS+o3Uhlp1V5loZ3zhSWPHZ+CiSp1fn/62pYWvLXAaquw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739099470; c=relaxed/simple; bh=ao9814Zv6bDQnM5yUC6g/RI939BnwcO/605XslPLDVA=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=P844k/4H9dXUwEsqWRBCHpZqY5S8TMnPUZDC4t7bBFWUNYI2q8cdXemfmWC6vZaxh9ayt9ArfuRLQExDTpbUOU4wSSNcZHLXHa61yZ0Z1OrXIH0rrubfIy4V8BYC7Cy+iIlg00IzToWujZqR8j0SLWW8TGwc0jGK/AxJH77jLw4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=CZ9jrClh; arc=none smtp.client-ip=209.85.218.54 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="CZ9jrClh" Received: by mail-ej1-f54.google.com with SMTP id a640c23a62f3a-aa67ac42819so542794366b.0; Sun, 09 Feb 2025 03:11:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1739099467; x=1739704267; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=E8P5h61gnv0DfF0R+vjh2CpjgGHUfjM4UjNVV+Pbc34=; b=CZ9jrClh7emwIoGqQJCitj5g4kozIQpdMiwPA9CUcFSRvJzjdoF0uhurtG/C3h9+ES tF8ZoAOkrSnyRd05gofR3udpKq2sQypWEhwmugKBZAz3pvMyNrHdCSwLvAWpNaxKJqFI W+zMJOwwBEGe79ISz6ioU3INBeU70PbHOJma3CFPmwDPJLAe4rNWQ2EXjGhwSc2jyAh7 qgjXOA84lK4VlG7YEQg+yOddNVM13+2kb8tnUWIkwvlHc9clo3/+1HQvxJSF3Gu4RbgW DJBpst2VcYyo9l/gxtRBVA+/oLxYGLk3Yr1oG2LckzYnZj20OXCFDCrbCbIciqSwL0Os N4BA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1739099467; x=1739704267; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=E8P5h61gnv0DfF0R+vjh2CpjgGHUfjM4UjNVV+Pbc34=; b=PqM0fOjMNgoN3ummX1eewEg5cz8Qrw//+Buqi7xPkEBsUH04mE28BBSqxeyZspXSml ejp/QYdtOZVzn4m8z4nb9n/WUFfyy5uMqP5Ar/OZLrK2WWJ1w8jPuWnDpEl7j/spmj/X Wh9mk6O1joBAXjBDVgOAsP4BvzdPGxkkqlv24rqW5GW2oZdEnuJI64dfZ0inJz7nYEYm fxEOip3dfexRazXXfMsfIbjJxW1kiu1CEfq3pYLNGH+WmeKvoZCQYAz34NZcOgn6klP2 eT9Mi7/vFeQO+fxel5BgevqX2tLv0/Ry393CnZlPMtjAJ2Oley/LNMe4/GV/Tm13nMO+ mifQ== X-Forwarded-Encrypted: i=1; AJvYcCWgImOblH7HZ3y5wgyFH2r8TNp9yH8ltm7m3iCsagu25hMgnQfgaMufukH1pMAZiDyX8ttCI+T/hTz5qujsvyOe@vger.kernel.org, AJvYcCXVj8VFk+gsl3GyfuoSlVhlJ22IccM91CwwZFvY/YoMbghkwvgiGQFEfjE3niwOEI7Z4K7SQihZ6i6juDU=@vger.kernel.org X-Gm-Message-State: AOJu0Yw1RJJTLAQFBdXc3/431tkneeKABLJsqcjDiVWnMJW0pELwX4l4 mpr14i2Pafj9Rs4CiQfqWY4z+fx0cwH+fpfsfj1ZdVnnmgoMnrx0 X-Gm-Gg: ASbGncvMD+t75n9HNkDmY6HBA1xmeGvfiW9IKXBsbOAVSMHxilibE6xtBqYOjrv+Nx3 L8w5XXk1XJfJE3LtOQmleM7w34yKLXdvVc97guj2ILISdZibLMsYmq2h9W/xCEqOH2e+UOlEOzH 3d7eYRaHFIYZ9CcEHDnWdMPPUNn44+kbjF6NrqJVwaACNJdja66Ds1gcc9cq7v9TvDnrMfMXugr H4onazLQg8YY6h0o1go3F5dOqoxpWK6sChmV0nCugtOmYI5CsMThe1usNeZ1QTytCcnFQ+msnL4 OL+fXeDBYEcDmUfZiBRQqJT1lo+qB0Us/heKsEIH5WbFWaiv6FD3ZRn9/REObRYmobapFP9YsEA p1IixrR8Yl0xzABKtl5hPhKkYv7H6wnEH X-Google-Smtp-Source: AGHT+IGZRF6k7gUou0armnQJpdzdTVsxQVaZTHzDyoIUAwWtfIpjPHiTBin2asf2/t+io5MqclVHSQ== X-Received: by 2002:a17:907:971e:b0:ab7:a1a4:8da4 with SMTP id a640c23a62f3a-ab7a1a49004mr506860966b.33.1739099466925; Sun, 09 Feb 2025 03:11:06 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-ab79afc7452sm357516366b.163.2025.02.09.03.11.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 09 Feb 2025 03:11:05 -0800 (PST) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Andrew Lunn , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH v6 net-next 14/14] netfilter: nft_flow_offload: Add bridgeflow to nft_flow_offload_eval() Date: Sun, 9 Feb 2025 12:10:34 +0100 Message-ID: <20250209111034.241571-15-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250209111034.241571-1-ericwouds@gmail.com> References: <20250209111034.241571-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org Edit nft_flow_offload_eval() to make it possible to handle a flowtable of the nft bridge family. Use nft_flow_offload_bridge_init() to fill the flow tuples. It uses nft_dev_fill_bridge_path() in each direction. Signed-off-by: Eric Woudstra --- net/netfilter/nft_flow_offload.c | 142 +++++++++++++++++++++++++++++-- 1 file changed, 137 insertions(+), 5 deletions(-) diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index c0c310c569cd..03a0b5f7e8d2 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -193,6 +193,128 @@ static bool nft_flowtable_find_dev(const struct net_device *dev, return found; } +static int nft_dev_fill_bridge_path(struct flow_offload *flow, + struct nft_flowtable *ft, + enum ip_conntrack_dir dir, + const struct net_device *src_dev, + const struct net_device *dst_dev, + unsigned char *src_ha, + unsigned char *dst_ha) +{ + struct flow_offload_tuple_rhash *th = flow->tuplehash; + struct net_device_path_ctx ctx = {}; + struct net_device_path_stack stack; + struct nft_forward_info info = {}; + int i, j = 0; + + for (i = th[dir].tuple.encap_num - 1; i >= 0 ; i--) { + if (info.num_encaps >= NF_FLOW_TABLE_ENCAP_MAX) + return -1; + + if (th[dir].tuple.in_vlan_ingress & BIT(i)) + continue; + + info.encap[info.num_encaps].id = th[dir].tuple.encap[i].id; + info.encap[info.num_encaps].proto = th[dir].tuple.encap[i].proto; + info.num_encaps++; + + if (th[dir].tuple.encap[i].proto == htons(ETH_P_PPP_SES)) + continue; + + if (ctx.num_vlans >= NET_DEVICE_PATH_VLAN_MAX) + return -1; + ctx.vlan[ctx.num_vlans].id = th[dir].tuple.encap[i].id; + ctx.vlan[ctx.num_vlans].proto = th[dir].tuple.encap[i].proto; + ctx.num_vlans++; + } + ctx.dev = src_dev; + ether_addr_copy(ctx.daddr, dst_ha); + + if (dev_fill_bridge_path(&ctx, &stack) < 0) + return -1; + + nft_dev_path_info(&stack, &info, dst_ha, &ft->data); + + if (!info.indev || info.indev != dst_dev) + return -1; + + th[!dir].tuple.iifidx = info.indev->ifindex; + for (i = info.num_encaps - 1; i >= 0; i--) { + th[!dir].tuple.encap[j].id = info.encap[i].id; + th[!dir].tuple.encap[j].proto = info.encap[i].proto; + if (info.ingress_vlans & BIT(i)) + th[!dir].tuple.in_vlan_ingress |= BIT(j); + j++; + } + th[!dir].tuple.encap_num = info.num_encaps; + + th[dir].tuple.mtu = dst_dev->mtu; + ether_addr_copy(th[dir].tuple.out.h_source, src_ha); + ether_addr_copy(th[dir].tuple.out.h_dest, dst_ha); + th[dir].tuple.out.ifidx = info.outdev->ifindex; + th[dir].tuple.xmit_type = FLOW_OFFLOAD_XMIT_DIRECT; + + return 0; +} + +static int nft_flow_offload_bridge_init(struct flow_offload *flow, + const struct nft_pktinfo *pkt, + enum ip_conntrack_dir dir, + struct nft_flowtable *ft) +{ + const struct net_device *in_dev, *out_dev; + struct ethhdr *eth = eth_hdr(pkt->skb); + struct flow_offload_tuple *tuple; + struct pppoe_hdr *phdr; + struct vlan_hdr *vhdr; + int err, i = 0; + + in_dev = nft_in(pkt); + if (!in_dev || !nft_flowtable_find_dev(in_dev, ft)) + return -1; + + out_dev = nft_out(pkt); + if (!out_dev || !nft_flowtable_find_dev(out_dev, ft)) + return -1; + + tuple = &flow->tuplehash[!dir].tuple; + + if (skb_vlan_tag_present(pkt->skb)) { + tuple->encap[i].id = skb_vlan_tag_get(pkt->skb); + tuple->encap[i].proto = pkt->skb->vlan_proto; + i++; + } + switch (pkt->skb->protocol) { + case htons(ETH_P_8021Q): + vhdr = (struct vlan_hdr *)skb_network_header(pkt->skb); + tuple->encap[i].id = ntohs(vhdr->h_vlan_TCI); + tuple->encap[i].proto = pkt->skb->protocol; + i++; + break; + case htons(ETH_P_PPP_SES): + phdr = (struct pppoe_hdr *)skb_network_header(pkt->skb); + tuple->encap[i].id = ntohs(phdr->sid); + tuple->encap[i].proto = pkt->skb->protocol; + i++; + break; + } + tuple->encap_num = i; + + err = nft_dev_fill_bridge_path(flow, ft, !dir, out_dev, in_dev, + eth->h_dest, eth->h_source); + if (err < 0) + return err; + + memset(tuple->encap, 0, sizeof(tuple->encap)); + + err = nft_dev_fill_bridge_path(flow, ft, dir, in_dev, out_dev, + eth->h_source, eth->h_dest); + if (err < 0) + return err; + + return 0; +} + static void nft_dev_forward_path(struct nf_flow_route *route, const struct nf_conn *ct, enum ip_conntrack_dir dir, @@ -311,6 +433,7 @@ static void nft_flow_offload_eval(const struct nft_expr *expr, { struct nft_flow_offload *priv = nft_expr_priv(expr); struct nf_flowtable *flowtable = &priv->flowtable->data; + bool routing = flowtable->type->family != NFPROTO_BRIDGE; struct tcphdr _tcph, *tcph = NULL; struct nf_flow_route route = {}; enum ip_conntrack_info ctinfo; @@ -364,14 +487,21 @@ static void nft_flow_offload_eval(const struct nft_expr *expr, goto out; dir = CTINFO2DIR(ctinfo); - if (nft_flow_route(pkt, ct, &route, dir, priv->flowtable) < 0) - goto err_flow_route; + if (routing) { + if (nft_flow_route(pkt, ct, &route, dir, priv->flowtable) < 0) + goto err_flow_route; + } flow = flow_offload_alloc(ct); if (!flow) goto err_flow_alloc; - flow_offload_route_init(flow, &route); + if (routing) + flow_offload_route_init(flow, &route); + else + if (nft_flow_offload_bridge_init(flow, pkt, dir, priv->flowtable) < 0) + goto err_flow_add; + if (tcph) flow_offload_ct_tcp(ct); @@ -419,8 +549,10 @@ static void nft_flow_offload_eval(const struct nft_expr *expr, err_flow_add: flow_offload_free(flow); err_flow_alloc: - dst_release(route.tuple[dir].dst); - dst_release(route.tuple[!dir].dst); + if (routing) { + dst_release(route.tuple[dir].dst); + dst_release(route.tuple[!dir].dst); + } err_flow_route: clear_bit(IPS_OFFLOAD_BIT, &ct->status); out: