From patchwork Tue Feb 25 20:16:03 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13990740 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-ed1-f51.google.com (mail-ed1-f51.google.com [209.85.208.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A358E152196; Tue, 25 Feb 2025 20:16:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.51 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740514590; cv=none; b=uZTy4WgyTE2oEgQLDYi/CqUe3+g0lAvIOVfnGjmAU9OZGEjHbfRnFWKexhNuLCFpZVol9d3b3qfmD0Fx9hS3vPS9MwTaUYdxzD00ejTl7BShIgLTncSS8omB7wXc1Q78uQlRssstIikoFEaZlCAa5AUR7NOt3K3HNUFoFsYmQlo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740514590; c=relaxed/simple; bh=wMUZpUs1MP0v4aGWSuV5DzAXHNdRlbpPAoNl+5GV7TA=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=iGG2mk/agb+z1DIe/zlVdfkv3SKVCRruqAmURQl5yt3UKszkFUaO2zhPCrSdgxrca1QzfY39U+DvFgQo8g2g+ZejFJpjUS05AWlm8jB8VXE7ZkMt/SDrbDyI7eLCQim2JE5QSS2XaGbLCksfRktStHUBatpO6vVL7siVmeCDFY4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=g+L673Ul; arc=none smtp.client-ip=209.85.208.51 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="g+L673Ul" Received: by mail-ed1-f51.google.com with SMTP id 4fb4d7f45d1cf-5ded46f323fso8429620a12.1; Tue, 25 Feb 2025 12:16:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1740514587; x=1741119387; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=VGr0DGFtdF9vUQZNuQxbjKzErqMA9pCa8F2vVWAZr6U=; b=g+L673UlXwDm7XRwbFf024SFjNqD3AVQc1BtpKLL3ZoLOs2gLOYc/iCzjn3vFFA4RW rQCzBtk47az2+LE6ZGLmL4/K9c6fR+huIN8MYN85dYITvzspg8+q7Sy/B9OyF062IbiX DVLjToF4eAE2zqqqJ2pom057PE23SnlzxGGgmS2wLmvFR3dVzfqx5ojm5mEbZzQMoH+Y 8nmQzg1h+KOIyCUs8yyCefEOnD06theNUvqEl7QSiDUhgPrLnkSCDiFXDxrFRoGAgxR2 gAs0+gZ+OE+85V7JHzOw/73ztQz4ztlW5meKv6/Mh41QFY141gqJv+HTPdyVz+CR5lDX oD1Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740514587; x=1741119387; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=VGr0DGFtdF9vUQZNuQxbjKzErqMA9pCa8F2vVWAZr6U=; b=EBRRbxLMvy77E/48GybXP7FdE1aiwQPDmvLZuEFhZ1qHFpbcv9ZG5jkcoSPkBpqmzs raMgspNlCBiuLnhE3a/3u6AMY8KyqX0pQzbYbRVnjGYmKQVEQXghTDeY3dgPyBn0XKHw lHn7bqYs/ViquyHez0acojv77M5KeLjnIZLAOByE56GNZLFy3Na/gI7JHnO9NYe6c5nh tKeacoRXD1XyQ3jsRPnqS+rGZfAjycKtsRbHeb8uxQSEZFV1iSgiZcznFU25fvvtUjoP g+LN/5BUmArto71IRkA8Kps3fptQRYZqqEmeRSjBJ+dAoM4pQACdhrfEWmM/dPPG7H58 pMvg== X-Forwarded-Encrypted: i=1; AJvYcCVo8ZR6Vkssmz0GYh42UMuR4oxk55NXomwg2MhAB9Bx75UsCR3HaRV8/NegToj3bEaMFDHzN7SExx7nAtAJ5TnE@vger.kernel.org, AJvYcCWS1PwZt5YKFulMv0lg7hGS1CI7X4ZKB6uiGHoKis3ubxdXSd0OQxGd2Rygqh1HUZVwqjHmfBwQXAE8ftk=@vger.kernel.org X-Gm-Message-State: AOJu0Yyd++CbOK0qWrMDGjymGAZ/1HpEfvecS4pmhhYDNAZicK7fw/t+ pSW5C+QUPAh2qLyU4QopJuB/+LIx0zy6pufH2G/wNE9/YZ4eXBAurcQacYYH X-Gm-Gg: ASbGncsAau9g716bvOdDGIEjuCN2M93I7hRrveD0RVmBxQ4Oyp2mR9SAAsYzuBX+V/8 /aqYk2tvvDJK3fX65MlA3cVtfOhJDFKLsjabsFqWCGzppi1+Bb4aJGsl8bb+iwu1M5KD2PTZ+Ld 1Cdv6nXWB5z267/12n1GgJgjd8X5pknUSVZ2lCLI/gwoDj7PU+KQ+k+mr8CGszUiWcKivOfv0qg ovgYYPJg/mDZ3BQyGfEpKgK1sQKIQ1uc/tA5aOQZzAjjih4xYSgEL5vn4AOY8W/jzOOzae+GBOC TwhKERfJgDUTXqjjrdXs0I5YWDMclgH8ZT3ffRgbcJT4fOr8/45p+FDiucV8YVwIR8zsSSGLxeQ FdZfRy+irYaBkCh8lsgYi7DJIKd9hc+wM2P5MVu12n+Y= X-Google-Smtp-Source: AGHT+IG7sLxHYiybRWl9YJCo5iA5Z9C/AE9Kvx3ntJoO+nw0ZthDGzLRup7krhlAo4HpsCIa/bhOBA== X-Received: by 2002:a17:906:30d4:b0:ab7:e3cb:ca81 with SMTP id a640c23a62f3a-abeeee9faefmr52882166b.30.1740514586548; Tue, 25 Feb 2025 12:16:26 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-abed201218fsm194319666b.104.2025.02.25.12.16.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 25 Feb 2025 12:16:26 -0800 (PST) From: Eric Woudstra To: Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH v7 net-next 01/14] netfilter: nf_flow_table_offload: Add nf_flow_encap_push() for xmit direct Date: Tue, 25 Feb 2025 21:16:03 +0100 Message-ID: <20250225201616.21114-2-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250225201616.21114-1-ericwouds@gmail.com> References: <20250225201616.21114-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org Loosely based on wenxu's patches: "nf_flow_table_offload: offload the vlan/PPPoE encap in the flowtable". Fixed double vlan and pppoe packets, almost entirely rewriting the patch. After this patch, it is possible to transmit packets in the fastpath with outgoing encaps, without using vlan- and/or pppoe-devices. This makes it possible to use more different kinds of network setups. For example, when bridge tagging is used to egress vlan tagged packets using the forward fastpath. Another example is passing 802.1q tagged packets through a bridge using the bridge fastpath. This also makes the software fastpath process more similar to the hardware offloaded fastpath process, where encaps are also pushed. After applying this patch, always info->outdev = info->hw_outdev, so the netfilter code can be further cleaned up by removing: * hw_outdev from struct nft_forward_info * out.hw_ifindex from struct nf_flow_route * out.hw_ifidx from struct flow_offload_tuple Reviewed-by: Nikolay Aleksandrov Signed-off-by: Eric Woudstra --- net/netfilter/nf_flow_table_ip.c | 96 +++++++++++++++++++++++++++++++- net/netfilter/nft_flow_offload.c | 6 +- 2 files changed, 96 insertions(+), 6 deletions(-) diff --git a/net/netfilter/nf_flow_table_ip.c b/net/netfilter/nf_flow_table_ip.c index 8cd4cf7ae211..d0c3c459c4d2 100644 --- a/net/netfilter/nf_flow_table_ip.c +++ b/net/netfilter/nf_flow_table_ip.c @@ -306,6 +306,92 @@ static bool nf_flow_skb_encap_protocol(struct sk_buff *skb, __be16 proto, return false; } +static int nf_flow_vlan_inner_push(struct sk_buff *skb, __be16 proto, u16 id) +{ + struct vlan_hdr *vhdr; + + if (skb_cow_head(skb, VLAN_HLEN)) + return -1; + + __skb_push(skb, VLAN_HLEN); + skb_reset_network_header(skb); + + vhdr = (struct vlan_hdr *)(skb->data); + vhdr->h_vlan_TCI = htons(id); + vhdr->h_vlan_encapsulated_proto = skb->protocol; + skb->protocol = proto; + + return 0; +} + +static int nf_flow_ppoe_push(struct sk_buff *skb, u16 id) +{ + struct ppp_hdr { + struct pppoe_hdr hdr; + __be16 proto; + } *ph; + int data_len = skb->len + 2; + __be16 proto; + + if (skb_cow_head(skb, PPPOE_SES_HLEN)) + return -1; + + if (skb->protocol == htons(ETH_P_IP)) + proto = htons(PPP_IP); + else if (skb->protocol == htons(ETH_P_IPV6)) + proto = htons(PPP_IPV6); + else + return -1; + + __skb_push(skb, PPPOE_SES_HLEN); + skb_reset_network_header(skb); + + ph = (struct ppp_hdr *)(skb->data); + ph->hdr.ver = 1; + ph->hdr.type = 1; + ph->hdr.code = 0; + ph->hdr.sid = htons(id); + ph->hdr.length = htons(data_len); + ph->proto = proto; + skb->protocol = htons(ETH_P_PPP_SES); + + return 0; +} + +static int nf_flow_encap_push(struct sk_buff *skb, + struct flow_offload_tuple_rhash *tuplehash, + unsigned short *type) +{ + int i = 0, ret = 0; + + if (!tuplehash->tuple.encap_num) + return 0; + + if (tuplehash->tuple.encap[i].proto == htons(ETH_P_8021Q) || + tuplehash->tuple.encap[i].proto == htons(ETH_P_8021AD)) { + __vlan_hwaccel_put_tag(skb, tuplehash->tuple.encap[i].proto, + tuplehash->tuple.encap[i].id); + i++; + if (i >= tuplehash->tuple.encap_num) + return 0; + } + + switch (tuplehash->tuple.encap[i].proto) { + case htons(ETH_P_8021Q): + *type = ETH_P_8021Q; + ret = nf_flow_vlan_inner_push(skb, + tuplehash->tuple.encap[i].proto, + tuplehash->tuple.encap[i].id); + break; + case htons(ETH_P_PPP_SES): + *type = ETH_P_PPP_SES; + ret = nf_flow_ppoe_push(skb, + tuplehash->tuple.encap[i].id); + break; + } + return ret; +} + static void nf_flow_encap_pop(struct sk_buff *skb, struct flow_offload_tuple_rhash *tuplehash) { @@ -335,6 +421,7 @@ static void nf_flow_encap_pop(struct sk_buff *skb, static unsigned int nf_flow_queue_xmit(struct net *net, struct sk_buff *skb, const struct flow_offload_tuple_rhash *tuplehash, + struct flow_offload_tuple_rhash *other_tuplehash, unsigned short type) { struct net_device *outdev; @@ -343,6 +430,9 @@ static unsigned int nf_flow_queue_xmit(struct net *net, struct sk_buff *skb, if (!outdev) return NF_DROP; + if (nf_flow_encap_push(skb, other_tuplehash, &type) < 0) + return NF_DROP; + skb->dev = outdev; dev_hard_header(skb, skb->dev, type, tuplehash->tuple.out.h_dest, tuplehash->tuple.out.h_source, skb->len); @@ -462,7 +552,8 @@ nf_flow_offload_ip_hook(void *priv, struct sk_buff *skb, ret = NF_STOLEN; break; case FLOW_OFFLOAD_XMIT_DIRECT: - ret = nf_flow_queue_xmit(state->net, skb, tuplehash, ETH_P_IP); + ret = nf_flow_queue_xmit(state->net, skb, tuplehash, + &flow->tuplehash[!dir], ETH_P_IP); if (ret == NF_DROP) flow_offload_teardown(flow); break; @@ -757,7 +848,8 @@ nf_flow_offload_ipv6_hook(void *priv, struct sk_buff *skb, ret = NF_STOLEN; break; case FLOW_OFFLOAD_XMIT_DIRECT: - ret = nf_flow_queue_xmit(state->net, skb, tuplehash, ETH_P_IPV6); + ret = nf_flow_queue_xmit(state->net, skb, tuplehash, + &flow->tuplehash[!dir], ETH_P_IPV6); if (ret == NF_DROP) flow_offload_teardown(flow); break; diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index 46a6d280b09c..b4baee519e18 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -124,13 +124,12 @@ static void nft_dev_path_info(const struct net_device_path_stack *stack, info->indev = NULL; break; } - if (!info->outdev) - info->outdev = path->dev; info->encap[info->num_encaps].id = path->encap.id; info->encap[info->num_encaps].proto = path->encap.proto; info->num_encaps++; if (path->type == DEV_PATH_PPPOE) memcpy(info->h_dest, path->encap.h_dest, ETH_ALEN); + info->xmit_type = FLOW_OFFLOAD_XMIT_DIRECT; break; case DEV_PATH_BRIDGE: if (is_zero_ether_addr(info->h_source)) @@ -158,8 +157,7 @@ static void nft_dev_path_info(const struct net_device_path_stack *stack, break; } } - if (!info->outdev) - info->outdev = info->indev; + info->outdev = info->indev; info->hw_outdev = info->indev; From patchwork Tue Feb 25 20:16:04 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13990742 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-ed1-f44.google.com (mail-ed1-f44.google.com [209.85.208.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4FC1B1624FA; Tue, 25 Feb 2025 20:16:29 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.44 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740514592; cv=none; b=CKWbrUwgJf0EKTkuTn5B7dbalMxYejjqDjL6y6hPhEIHkX3rGPdgNC30ZiHLb+sZTTswE9mR4AehpEbij41GxEY3bh3AsYszmvjRTBun1SPjNn3IK6CuJchndh621OW/kYQcM79SXcxrpMBo0lP8V2abF3cXiEOH7GIY4lXW35E= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740514592; c=relaxed/simple; bh=G4AeYP9zNF3PKma7qNeEx/0jubqtWO3LgYnYYjWH/PA=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=AsF47WFztK+Ons/9YFKAnJU2AnSUjuA7XaOxa1jx5bH4cvgPysISr7GnVdCwN0p9Q45yOG7JWWFK19Tcf7xTe2yDdfrBvZy7nPxbV8/j/8OSJo9XU/N160HmfWUJ7YcoMhx0MnujpHEoDG5rOYEzNFXEc20DFAYOVmBp2QnUAMw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=EKyHJUhZ; arc=none smtp.client-ip=209.85.208.44 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="EKyHJUhZ" Received: by mail-ed1-f44.google.com with SMTP id 4fb4d7f45d1cf-5deb956aa5eso8394872a12.2; Tue, 25 Feb 2025 12:16:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1740514588; x=1741119388; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=h3xV3TA0ockrC7/s5OEcRj/pNoR8pLIoTTKhN2eYQLw=; b=EKyHJUhZcRijeMn5dz8a1wtyHjlUyaiuZ09iHCFz33jTLPqOE4Pz45MARKrZ/EEaRc qhRwjlIzr5dDVfhEzBSASZYWebv6epzWTq+Mm0IoXXXg03TSo3y/Cn/ZDWONasJaQcf7 /v+p4jjwUkKW3cfew4epqbY6bTp0Do+9pi8RGrk/ragy803mqrh0Q5V6CBDlfrakOBok lv9LgG6GIyMW7GtJiMSIAJFKZI1MsB4RdjK/9CCIQs6UoTYqn8zS+cu/gwyRDxC+0x28 6VcHsr4PrG4qJc2+PtEYypKqNJeUfN3kTxzpe70VDN9sUOwBEnD2DOEbAdYLBhuqnE+w ID7A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740514588; x=1741119388; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=h3xV3TA0ockrC7/s5OEcRj/pNoR8pLIoTTKhN2eYQLw=; b=eShtgifWqN+Y6cLG46h4kqt+sD3GQktVqz7vyOUBWPCj1FfTeZOSw/Pz5b40uDsRq0 FIauZwDY/NpU9lWb4XRo5SBag/tS174A/05THlszCjKmT+PVSMLo/CPXWwekrVWGFqLa JMBHeBOy0njbnOTKa8xRW4aBXielBBo+vh2sBOXWK0QZ0lo+vTokelONAaNdWJHeCyI3 UpfubhpJQJuKASND+yrJWjhR80BTi0w4ScL1UDzIduOjnGhBIdel0n3UaKUVxYlb3ZsZ QZEgW+sHRwrRH3SptzHDgO8oHm+h8HghwDJMjllQlIskq+QLGlOdWva1xqdEq8Kty705 cisQ== X-Forwarded-Encrypted: i=1; AJvYcCWQNbI2jcIZODelqNtd9P/0d6GQzuokI5VU0ZUMvNoV8pDb4Vmuy452RSrDiW+vl6YcLyxNtJsMHPFxZqU=@vger.kernel.org, AJvYcCX0pTXEYJxm8IrGJR8VsBU7gC2cJXjtUq/rlnVtGcXwVkmwndXM2lPAAq+j067wz9Lvgwo36fEJ+xl6XkjeiGMm@vger.kernel.org X-Gm-Message-State: AOJu0YyouK2nWmzyjs37HMLBw3DDrusOdoY84e+uqgzprIV8vUpum1O8 gpd1atMtUjxvQePwd3EnFgrqiV10NZ/GTJ4AsTjC30wJovAjFxs7 X-Gm-Gg: ASbGncuqiBvT4nU0yZ2owKVlKAgoydiDY3rsYVo8NAyo9umF8GG5MT85xUYkHji6U5b SNdOTyGuq3icicWZ0shSXy8XTk+m70F6lIoI6fG5kMgc8CtdzeyRKcfnIXOy8OhEx3i0U8yhXb8 N48SEBh/XNAVfscvXcLbFU3VMpS3fPcL2WvFRiGaxDK6kLjDPG7UPx5db8zsWEEwp57luy7wCXz 6sXlwaULfLtfxM4TUJkIDQZexDztXTiKQ6Loo9xjlqbfQH3JN//M/AvoXR56CGsuVB/044i7Nan RuYadpI7zW0dO7I1enHbBtlsWQyCdVM5HiSw6wOqqiztS5TRlr05eK9BpdDT14E9LFdnyopw+OC BMlMk6YgIYzq12E2zuRQyn2+TY9d5oxgNCNQmP1zk3TI= X-Google-Smtp-Source: AGHT+IFi5xh5+qQVymlO946K7Lt3PSU8gs3AiUL8uPpi5lpGCGAduFw1hnHU+RygxLF/r/WZYXOsOg== X-Received: by 2002:a05:6402:2812:b0:5df:25e8:26d2 with SMTP id 4fb4d7f45d1cf-5e444853ee3mr10719586a12.5.1740514588315; Tue, 25 Feb 2025 12:16:28 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-abed201218fsm194319666b.104.2025.02.25.12.16.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 25 Feb 2025 12:16:28 -0800 (PST) From: Eric Woudstra To: Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH v7 net-next 02/14] netfilter: flow: remove hw_outdev, out.hw_ifindex and out.hw_ifidx Date: Tue, 25 Feb 2025 21:16:04 +0100 Message-ID: <20250225201616.21114-3-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250225201616.21114-1-ericwouds@gmail.com> References: <20250225201616.21114-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org Now always info->outdev == info->hw_outdev, so the netfilter code can be further cleaned up by removing: * hw_outdev from struct nft_forward_info * out.hw_ifindex from struct nf_flow_route * out.hw_ifidx from struct flow_offload_tuple Reviewed-by: Nikolay Aleksandrov Signed-off-by: Eric Woudstra --- include/net/netfilter/nf_flow_table.h | 2 -- net/netfilter/nf_flow_table_core.c | 1 - net/netfilter/nf_flow_table_offload.c | 2 +- net/netfilter/nft_flow_offload.c | 4 ---- 4 files changed, 1 insertion(+), 8 deletions(-) diff --git a/include/net/netfilter/nf_flow_table.h b/include/net/netfilter/nf_flow_table.h index d711642e78b5..4ab32fb61865 100644 --- a/include/net/netfilter/nf_flow_table.h +++ b/include/net/netfilter/nf_flow_table.h @@ -145,7 +145,6 @@ struct flow_offload_tuple { }; struct { u32 ifidx; - u32 hw_ifidx; u8 h_source[ETH_ALEN]; u8 h_dest[ETH_ALEN]; } out; @@ -211,7 +210,6 @@ struct nf_flow_route { } in; struct { u32 ifindex; - u32 hw_ifindex; u8 h_source[ETH_ALEN]; u8 h_dest[ETH_ALEN]; } out; diff --git a/net/netfilter/nf_flow_table_core.c b/net/netfilter/nf_flow_table_core.c index 9d8361526f82..1e5d3735c028 100644 --- a/net/netfilter/nf_flow_table_core.c +++ b/net/netfilter/nf_flow_table_core.c @@ -127,7 +127,6 @@ static int flow_offload_fill_route(struct flow_offload *flow, memcpy(flow_tuple->out.h_source, route->tuple[dir].out.h_source, ETH_ALEN); flow_tuple->out.ifidx = route->tuple[dir].out.ifindex; - flow_tuple->out.hw_ifidx = route->tuple[dir].out.hw_ifindex; dst_release(dst); break; case FLOW_OFFLOAD_XMIT_XFRM: diff --git a/net/netfilter/nf_flow_table_offload.c b/net/netfilter/nf_flow_table_offload.c index e06bc36f49fe..d8f7bfd60ac6 100644 --- a/net/netfilter/nf_flow_table_offload.c +++ b/net/netfilter/nf_flow_table_offload.c @@ -555,7 +555,7 @@ static void flow_offload_redirect(struct net *net, switch (this_tuple->xmit_type) { case FLOW_OFFLOAD_XMIT_DIRECT: this_tuple = &flow->tuplehash[dir].tuple; - ifindex = this_tuple->out.hw_ifidx; + ifindex = this_tuple->out.ifidx; break; case FLOW_OFFLOAD_XMIT_NEIGH: other_tuple = &flow->tuplehash[!dir].tuple; diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index b4baee519e18..5ef2f4ba7ab8 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -80,7 +80,6 @@ static int nft_dev_fill_forward_path(const struct nf_flow_route *route, struct nft_forward_info { const struct net_device *indev; const struct net_device *outdev; - const struct net_device *hw_outdev; struct id { __u16 id; __be16 proto; @@ -159,8 +158,6 @@ static void nft_dev_path_info(const struct net_device_path_stack *stack, } info->outdev = info->indev; - info->hw_outdev = info->indev; - if (nf_flowtable_hw_offload(flowtable) && nft_is_valid_ether_device(info->indev)) info->xmit_type = FLOW_OFFLOAD_XMIT_DIRECT; @@ -212,7 +209,6 @@ static void nft_dev_forward_path(struct nf_flow_route *route, memcpy(route->tuple[dir].out.h_source, info.h_source, ETH_ALEN); memcpy(route->tuple[dir].out.h_dest, info.h_dest, ETH_ALEN); route->tuple[dir].out.ifindex = info.outdev->ifindex; - route->tuple[dir].out.hw_ifindex = info.hw_outdev->ifindex; route->tuple[dir].xmit_type = info.xmit_type; } } From patchwork Tue Feb 25 20:16:05 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13990743 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-ej1-f44.google.com (mail-ej1-f44.google.com [209.85.218.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6674320F08F; Tue, 25 Feb 2025 20:16:31 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.44 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740514593; cv=none; b=L6jQWw8dI+KH0vuZHj0Y9Ot1CFjog9FuznPQtgU1+BIIUBlBvyHGtjggbhkcpeZeLcGDT+tW2MtZLvG9dVeEq2oAgHpaPLmgNLnbWOEgLJA9xpv7RKEazHbeNsDxeYo94mI5Fp3ICgEL9D6pfQgNNLo1y/tZ1Z+nRPruz5hYViM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740514593; c=relaxed/simple; bh=Cv52Ysjt2lko9sBWDja1ONZ3DhITuFZz/l5ensZZgPc=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=CNbPI4tLMX/Bv7dumReqnmU0joSwe5UyL7uAJ9lgtVtu1uUAG1M2ryOHk7y2Kmn0qR1/KYOVeIum55B68XAkABJWB+IMuTeWKPNEGkmTlhsbg0mUJh1wZfBBMydu/E9NaUxpfp3vaE9WcWc8h27/7CzWaKHYW1ETbG6oGQhPJkI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=irGhNR9d; arc=none smtp.client-ip=209.85.218.44 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="irGhNR9d" Received: by mail-ej1-f44.google.com with SMTP id a640c23a62f3a-ab771575040so31020166b.1; Tue, 25 Feb 2025 12:16:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1740514590; x=1741119390; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=+rhlCg4/52AHm6e8tJsmpQptNUxepmsLI5spztxpn6c=; b=irGhNR9dLR4WQMiaKS0Zkp+iRxzVhhLr7z6HGdsfPlxa0kvV4q3/MDpUbkDCVTSz4p OpEGHmmlCQ2NVxC9/QAkiUmSsMnEDdHIWVjWNAB9S03d1xfkj1y3zn1tfvegaYVNVx+5 Mh+myZ2MXf2wJ4NXSjrrFqUyTYcwxVqmOgZLfhF/4j/z6gEwiE7H16Qx5LH1xKMbYzqj euPlHoJxVjbw9i6glE8u/PD4LQZaKM/4sUYKtcEJiKYODst6MhwPgVsvh6Ckq/q9hSlN MJFTNZbal8jWvn4U5oOdyxtc8MMJV4vZtcrxxV61PkmzuDMDzS7iZPHkb+rfm31yCrXp 6rrQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740514590; x=1741119390; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=+rhlCg4/52AHm6e8tJsmpQptNUxepmsLI5spztxpn6c=; b=Qe72ei3puMsm2VinRIfqehsT75EONw6iPlQuWbZlNoeQrG4SktfXje9flIiST6RHxu uEv4Yn/qBYVXE37pSqSd+0UMHyC7PSbdsVbgqkXey2Y3B3vuHTq22q8hL/1a2CVJkFKO le4BA2kSD1Yw5zXhd76vqJWrXVjSOZPjkKeeLU2iXw7kdGdZEVGlVU8D7e0XsYc8/k4b 3ZLf5M3kTaYZcVarNqR6jKzluQnUsQsUQqVIAOdCjWGJZF1ZjnWanNPopOs8Cq61db7q RzzZHAwj7GeCuyEgFy0Oq9yZAQBfERcS36spFJBA2X10DX26NPS8YrVQ1mDSV2ovy8Li NOEg== X-Forwarded-Encrypted: i=1; AJvYcCUZzQx1HuT3RBPgwG2W8qb/mTaDozFt/riJ4EBisRUPykKLnBMrSA1P5sOwMOIYxnk2x0ei57H99+XWqYUJdTFh@vger.kernel.org, AJvYcCVfB//yu4eKoylk3fqzVqXDFmsqkfJvmkHybTTL8RvJtVsvJtQiccXGKAtEbJyIWty42EGw4jcrG/r837c=@vger.kernel.org X-Gm-Message-State: AOJu0Yx2np7mtXPEBWAqHB2Dy2/GBew0bR89QpuyuNL6H4VyNhCXeyn/ MysVxQXtt8azdcx1gd3OH6ljj6yzykymJdOaVChOTu9OMz+MJa5d X-Gm-Gg: ASbGncvW3ZXLCPmplHf9I9S2vKjp/9pXCFIeSqb2CujAGwt9jhVtEp8SEP0EWVB11Is vMzrbjQ3PCm2wD3w0TY8IZqwA6NnuT3ZT6ESTIu3NYV2hZ4K6ZliOj5tQjvqF9wiIFR36q+ax0J CjmxWQH7+2muXamc7xX0SipOlDOmb/j2BZHD5w5Y18hyHpy3WSDowDU9hT7dtDblVTjvH83dZTh 9iWNIPEkKk7s+GR6KTNToBQdgT+73EJuUZQTXT/kDjYnyBuHytUg/ElGACgZ0PD3CGIHqUbHTWQ sYednT1KIfgPf34c1gWqm7sYa0Z1FX1cFX/qCLvo5H9YkQLuepTiWQzYmxZVJ1NUEzS+w+iAvp7 JQixEVWme/KKAgik/f2gUer0OSIokegALYdv/U4lf3e4= X-Google-Smtp-Source: AGHT+IGjYzWXLvnzGLyEXex+ETYVw5Q0C/1jRBzHoDa33wNIkf6eiEa2/vyA43CLHzQ2U9WVtqxm+Q== X-Received: by 2002:a17:907:780e:b0:ab7:798:e16e with SMTP id a640c23a62f3a-abc0ae91168mr1674875466b.15.1740514589399; Tue, 25 Feb 2025 12:16:29 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-abed201218fsm194319666b.104.2025.02.25.12.16.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 25 Feb 2025 12:16:29 -0800 (PST) From: Eric Woudstra To: Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH v7 net-next 03/14] netfilter: bridge: Add conntrack double vlan and pppoe Date: Tue, 25 Feb 2025 21:16:05 +0100 Message-ID: <20250225201616.21114-4-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250225201616.21114-1-ericwouds@gmail.com> References: <20250225201616.21114-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org This adds the capability to conntrack 802.1ad, QinQ, PPPoE and PPPoE-in-Q packets that are passing a bridge. Signed-off-by: Eric Woudstra --- net/bridge/netfilter/nf_conntrack_bridge.c | 83 ++++++++++++++++++---- 1 file changed, 71 insertions(+), 12 deletions(-) diff --git a/net/bridge/netfilter/nf_conntrack_bridge.c b/net/bridge/netfilter/nf_conntrack_bridge.c index 816bb0fde718..4b4e3751fb13 100644 --- a/net/bridge/netfilter/nf_conntrack_bridge.c +++ b/net/bridge/netfilter/nf_conntrack_bridge.c @@ -242,53 +242,112 @@ static unsigned int nf_ct_bridge_pre(void *priv, struct sk_buff *skb, { struct nf_hook_state bridge_state = *state; enum ip_conntrack_info ctinfo; + int ret, offset = 0; struct nf_conn *ct; - u32 len; - int ret; + __be16 outer_proto; + u32 len, data_len; ct = nf_ct_get(skb, &ctinfo); if ((ct && !nf_ct_is_template(ct)) || ctinfo == IP_CT_UNTRACKED) return NF_ACCEPT; + switch (skb->protocol) { + case htons(ETH_P_PPP_SES): { + struct ppp_hdr { + struct pppoe_hdr hdr; + __be16 proto; + } *ph; + + offset = PPPOE_SES_HLEN; + if (!pskb_may_pull(skb, offset)) + return NF_ACCEPT; + outer_proto = skb->protocol; + ph = (struct ppp_hdr *)(skb->data); + switch (ph->proto) { + case htons(PPP_IP): + skb->protocol = htons(ETH_P_IP); + break; + case htons(PPP_IPV6): + skb->protocol = htons(ETH_P_IPV6); + break; + default: + nf_ct_set(skb, NULL, IP_CT_UNTRACKED); + return NF_ACCEPT; + } + data_len = ntohs(ph->hdr.length) - 2; + skb_pull_rcsum(skb, offset); + skb_reset_network_header(skb); + break; + } + case htons(ETH_P_8021Q): { + struct vlan_hdr *vhdr; + + offset = VLAN_HLEN; + if (!pskb_may_pull(skb, offset)) + return NF_ACCEPT; + outer_proto = skb->protocol; + vhdr = (struct vlan_hdr *)(skb->data); + skb->protocol = vhdr->h_vlan_encapsulated_proto; + data_len = U32_MAX; + skb_pull_rcsum(skb, offset); + skb_reset_network_header(skb); + break; + } + default: + data_len = U32_MAX; + break; + } + + ret = NF_ACCEPT; switch (skb->protocol) { case htons(ETH_P_IP): if (!pskb_may_pull(skb, sizeof(struct iphdr))) - return NF_ACCEPT; + goto do_not_track; len = skb_ip_totlen(skb); + if (data_len < len) + len = data_len; if (pskb_trim_rcsum(skb, len)) - return NF_ACCEPT; + goto do_not_track; if (nf_ct_br_ip_check(skb)) - return NF_ACCEPT; + goto do_not_track; bridge_state.pf = NFPROTO_IPV4; ret = nf_ct_br_defrag4(skb, &bridge_state); break; case htons(ETH_P_IPV6): if (!pskb_may_pull(skb, sizeof(struct ipv6hdr))) - return NF_ACCEPT; + goto do_not_track; len = sizeof(struct ipv6hdr) + ntohs(ipv6_hdr(skb)->payload_len); + if (data_len < len) + len = data_len; if (pskb_trim_rcsum(skb, len)) - return NF_ACCEPT; + goto do_not_track; if (nf_ct_br_ipv6_check(skb)) - return NF_ACCEPT; + goto do_not_track; bridge_state.pf = NFPROTO_IPV6; ret = nf_ct_br_defrag6(skb, &bridge_state); break; default: nf_ct_set(skb, NULL, IP_CT_UNTRACKED); - return NF_ACCEPT; + goto do_not_track; } - if (ret != NF_ACCEPT) - return ret; + if (ret == NF_ACCEPT) + ret = nf_conntrack_in(skb, &bridge_state); - return nf_conntrack_in(skb, &bridge_state); +do_not_track: + if (offset) { + skb_push_rcsum(skb, offset); + skb_reset_network_header(skb); + skb->protocol = outer_proto; + } + return ret; } static unsigned int nf_ct_bridge_in(void *priv, struct sk_buff *skb, From patchwork Tue Feb 25 20:16:06 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13990744 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-ej1-f48.google.com (mail-ej1-f48.google.com [209.85.218.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 68EC82116E6; Tue, 25 Feb 2025 20:16:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.48 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740514594; cv=none; b=Gj8V5yEJUmvasbL5O7RBrIcpZcbE1yspnXPCpY6ExgqHl3PnFQym5h6XaZwAwnIW2zFugqpvKcWgP85v/F/OgP3wQm9z/tIvIHjY+AwTKujYNv+YME9eKFEInFxoVrUQ2fRGofSb0PzCmnyMlclDtzeNZOv+fM43zH/OyT7Ej6I= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740514594; c=relaxed/simple; bh=WOvVk2IW6QUSaxpGvpwW6W6ywpdv9Y60/i896yobQ+k=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=OqYAuQLUiJhvsSedNmQDS4i/ksRNFbIq7wlUjXmsNwm6z9psqEqW7mGQIODYmxfdZb9/TemEs5AtTqCoOHdKu+9a7ENPLZVyxQZmgNmvqfci9dLgMyIoSymD2jruNKJ6LmTy5M4oOAGpmfvwQFWKVE4ADoddxK7nMtR33zANXEw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=bmWT4eXz; arc=none smtp.client-ip=209.85.218.48 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="bmWT4eXz" Received: by mail-ej1-f48.google.com with SMTP id a640c23a62f3a-abb999658fbso748648866b.3; Tue, 25 Feb 2025 12:16:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1740514591; x=1741119391; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=ukwtTV0ExXBJKM7v4LhbJXSMG6hQJqW8GgzzDxNF23M=; b=bmWT4eXz0R2eU4sxb5KkIKVawwEnWHx2DbMBGTKI78E/6EOU5tnKv7lDybJtCbawGU g5CYrFv5xLAfNDyyplr4KzE0auV0O2bL9iS1fqCrTOw+lcz+QurhW9ruqq1xLMn0RbnK 6zVsof32aTd1Rdkx9Kl/1oBecZJSN3g5m24PbKjGmezUeByF4FUvq0GJtaN+ZZsZo4BA VIFtXcwGdgViAVBPHIF1+7ayPWX3tk4MmBd3dOwZMmzkgzNWi1DtICGjWrYNUR3SEbyO 734b7McrjFIH/VHG7Yo/J/4yIBkzk2/lawTKjmBRXVfa6u++H1H/OdxQrKxNlJi1Zr/2 YcRg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740514591; x=1741119391; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ukwtTV0ExXBJKM7v4LhbJXSMG6hQJqW8GgzzDxNF23M=; b=sHpKtGiYeDrHdNUEryceD9U0UjxtWGPRCHg6J2d1PSC6007ASYtgC+5WnpTHB9iFHA 2Fl0/EnLIoaKSTFXMDGoRdMeSIWOyZBgbvSdXpQPIVUuubhYH5PAeF7L67CqT2pp4muo kYVsG3dLSRs4O5jrsOdafQYtsh0nmFqSWdgxTdqxgbRWjQSCN7CqVFhOFNl7Ks9J5u4n P9GvPzYCSaale03abDKkVdTqRyH9T6ySRD1Defr1mO2UzngqYPdPIrcTKmWux8nm0hZY NYMZ90nkC7eJ0VTHjIUn0VPOJvUnnrDtJ5EPYXgTjRZZNUzvdGWK9HZbjozgM3MptJuY sX5g== X-Forwarded-Encrypted: i=1; AJvYcCXLjN0qdfL4kB7QB0KVw/m09ovmKtafWmAS+q0HWmGdtnKAwGq+Pzg01VUE6zPhu3RT03X+lwIQ51RB1woReUBM@vger.kernel.org, AJvYcCXwAiw7LKMtKJ5WNwfLWxHTHpAYgp1gCwys3pbbX7jd5sqdkTBUjjZ3X4s+Jxc+NTND0hXauSWU8eIQNvE=@vger.kernel.org X-Gm-Message-State: AOJu0YyCQmTR77gj1GVJZCkqJ1oB3tBNS7/8rXzlatBLp5YHyLn5UQdD YefC+cnSyocfX3NqY1vMWbelcATQMpyufNucd2ZYh9uATIckOBqZ X-Gm-Gg: ASbGncssC4CMSpS3Z+FULz4UBdwgRGwkDbutJp3mOlcg7XGKN3yOtUeiJ747+VLonEP lt/iIdEknjWbiEN+dvXgzunC/J/GtvN/Fi9GcdS/W6JIo61ty/fMadVmv8S1u9ljlfxHpsXhNVQ pdQA4PFOW5LZYsoEllVLxzJ6A/YVXo5bCCPSfmPGnbNeSmtXT40C6rPokXreD9oempPXCNARM0r W4aQe12jc8IKJkT0u65DGQ+t2vvCppJcuY6ZlTsGaGW8uz1hISt2BsxlLkDhRZOlPtv9M2fKTJi hKtJ70NgoK19VaWURrJkadVwc3xjR7BHmqFLiL1ExxMybcVyVGH/mkOFDlrJSaOFvP4uwYs4dao SHKUPvYLiXZqI5ZXdC6Pk4K4N5PRA1t6MQrVdMWRMGto= X-Google-Smtp-Source: AGHT+IFELKJeBL47E24AYBhFNQB8kxvH4OvNCfLa7OLiE5g3zAvMls9N3TtS1GIRuC8kJEKI8Wmk4Q== X-Received: by 2002:a05:6402:210d:b0:5df:6a:54ea with SMTP id 4fb4d7f45d1cf-5e4457abbc9mr11921566a12.11.1740514590457; Tue, 25 Feb 2025 12:16:30 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-abed201218fsm194319666b.104.2025.02.25.12.16.29 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 25 Feb 2025 12:16:30 -0800 (PST) From: Eric Woudstra To: Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH v7 net-next 04/14] netfilter: nft_chain_filter: Add bridge double vlan and pppoe Date: Tue, 25 Feb 2025 21:16:06 +0100 Message-ID: <20250225201616.21114-5-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250225201616.21114-1-ericwouds@gmail.com> References: <20250225201616.21114-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org This adds the capability to evaluate 802.1ad, QinQ, PPPoE and PPPoE-in-Q packets in the bridge filter chain. Reviewed-by: Nikolay Aleksandrov Signed-off-by: Eric Woudstra --- net/netfilter/nft_chain_filter.c | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/net/netfilter/nft_chain_filter.c b/net/netfilter/nft_chain_filter.c index 19a553550c76..7c7080c1a67d 100644 --- a/net/netfilter/nft_chain_filter.c +++ b/net/netfilter/nft_chain_filter.c @@ -232,11 +232,27 @@ nft_do_chain_bridge(void *priv, struct sk_buff *skb, const struct nf_hook_state *state) { + struct ethhdr *ethh = eth_hdr(skb); struct nft_pktinfo pkt; + int thoff; nft_set_pktinfo(&pkt, skb, state); - switch (eth_hdr(skb)->h_proto) { + switch (ethh->h_proto) { + case htons(ETH_P_PPP_SES): + thoff = PPPOE_SES_HLEN; + ethh += thoff; + break; + case htons(ETH_P_8021Q): + thoff = VLAN_HLEN; + ethh += thoff; + break; + default: + thoff = 0; + break; + } + + switch (ethh->h_proto) { case htons(ETH_P_IP): nft_set_pktinfo_ipv4_validate(&pkt); break; @@ -248,6 +264,8 @@ nft_do_chain_bridge(void *priv, break; } + pkt.thoff += thoff; + return nft_do_chain(&pkt, priv); } From patchwork Tue Feb 25 20:16:07 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13990746 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-ej1-f51.google.com (mail-ej1-f51.google.com [209.85.218.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6C852211A20; Tue, 25 Feb 2025 20:16:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.51 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740514596; cv=none; b=Th+jPc78TvSz3yzQVURNgrQdFKL7bvdfehBNcheraoGJyb2LtiiOe5GXpZXcE6wraao/fhfJGrw+34DIH2FUzaJH/d51ygX/XAs33PhvKxmcUcr38Gz7GqPNNEfb81mdBvEVmMMxhKNBH1CSyy1p+ytJs4JASLFnRGH+2CQtt8s= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740514596; c=relaxed/simple; bh=sq5lC5Lgg2lgUcbphMYliAhopUKVFEXA0PcFARtTXys=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=O8yxNkESyTyIU7AHD93u9FDL0RM+RL99gY6+HW1PNcVe8D8CkxyXTIcXOZw+0OIZ7p8+v5D+MwemHAE3u/v8CAAIQdJu+tx16vREX7wW8Y8GHkYTwBC1QXQFhHavXCuV78zL8QQjesSefgxeVXK5yTOnvjA+EMpOPlSuWz+QwYE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=a7LniAQI; arc=none smtp.client-ip=209.85.218.51 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="a7LniAQI" Received: by mail-ej1-f51.google.com with SMTP id a640c23a62f3a-abbec6a0bfeso943884466b.2; Tue, 25 Feb 2025 12:16:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1740514592; x=1741119392; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=glD7coNk2GO9/l1adKLN+uo1Xfh2D3YWudU7CjoMsSA=; b=a7LniAQIIErUHfo75Vh2GH0GOCy+lZe73c/HsxGDO6TOTUegqzm2cqU2BOwN3UwbU1 lVJbTnlGD+edpal7mO8rC5nICggD2m9sfrTMgWG2pxqnsRc8OaY+6GpaKAVk2EreH33N K0pHZLOSMizQuTHauxOz91nMkGEC41Hg+MLGCkN86UXma/0f1rTG324uzcbhKFQ88IZx cCpDCsFbQG1bM1OBalMByWLtU49Z2tIIDyLb+6cKQrPsf3yKijE81KeMajJn4rcQqDkE paQpfYeiG7yormEb2P6cC0ciyXOJxFAcIeF/UP5jkKT95odXbmiPF/nTUjX97jdkdGbp Q5ZQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740514592; x=1741119392; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=glD7coNk2GO9/l1adKLN+uo1Xfh2D3YWudU7CjoMsSA=; b=C5fz6AEfiCNJbQ4vB/BzB88L54Ysu3dJOlhQPZVdlmeyef9qTMIo4t09aCpy2wOaFH B4S1OyBWgUznObQePD5yMr7dSnG+tEM0yADPLwvKM3nJX2UvOqUNW8EKHnR9RzqM2cKc dk+3R//RCFcypFDpzDnLZZjvTsK/3qPJNGrO9WdDslzt4QBwYR4KBu6ZZZWTS9UJHi7a QrIZt/Jpq4kgOrb1l8mkbpvi3kwsXEWuxF0Jy7i8+WImR6pOo860LaIZhVW2dOs/sUkP JMjyxvB2nBbQyapaVP7pu0LhtMnZ7TJQ3gMCIohJbdQ4/lqmPN24y1Fd1BQ2BvypCw+n ++6g== X-Forwarded-Encrypted: i=1; AJvYcCW4eQsFfnyb25QwHwiiFmZLa6Us6h+39W45OahFIvvlzjTLqwhhpHvKjVh5NT8fTjnGa+wea7GCm+XJXfk=@vger.kernel.org, AJvYcCXDp5aP6lQ41I+laz3YckvRZ+b+ggJMxCP48pMzvuHrwqzzhASqQ3FrBNltPqMiorC/GfQrPUDxbiF6NzaJinNw@vger.kernel.org X-Gm-Message-State: AOJu0YxJhONtj3XU1a8kTf1MtV6terqjEmZK/1V+lqCDOJ1lz58Nvd96 cvAbMcwxknYAHpyR8RaiFfYcTantr6d4BJ2yXn2k4v24YX5x8pzU X-Gm-Gg: ASbGncvjL7w2D2CyB0P8gfxZk8d4Gy7XSaYQkZDDqtLR0rfSdeURyAIY/mboU3qGgi/ cs/Pgr1XIMU5V8q+XgD9BPQZRO0A+wVOTBQprF5NcASXnjIa+14GLR8GJkTWdkRpmr+icd+YPgH Tft4YHkQJuNoilnwIO/+1z25Sb8JcGaixDg3cZBMX5dvclkxTt+ZVPU7TLPT/sm3HfsdYZ9pkPW d4fK1H5w9L7Gkw1Vu3fTIaxkudaRkABSGB9Q72WitSTWgb5HsfuZulZqwugd44tkFioW1AzVLCF mA2Ty2zViVBPrlI0YbJPfR98Nq5TDsbkQ9ZEMxhm0P9PpTbb/ooal7n7cSRJeBPM7YnFV2Qy8nS MJIItqZ6GAGw/Q22F6zRhiBOW2GinEtd5EGLzUA6i2yk= X-Google-Smtp-Source: AGHT+IEjvw2ycbh6O1a2xVehSVYNCqn405b5ejvhuSsYBKJJvxe4gk715VpktRuefN5csP8lyNYY2Q== X-Received: by 2002:a17:907:3da7:b0:ab7:98e8:dcd4 with SMTP id a640c23a62f3a-abc09a097c7mr1694058566b.20.1740514591509; Tue, 25 Feb 2025 12:16:31 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-abed201218fsm194319666b.104.2025.02.25.12.16.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 25 Feb 2025 12:16:31 -0800 (PST) From: Eric Woudstra To: Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH v7 net-next 05/14] bridge: Add filling forward path from port to port Date: Tue, 25 Feb 2025 21:16:07 +0100 Message-ID: <20250225201616.21114-6-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250225201616.21114-1-ericwouds@gmail.com> References: <20250225201616.21114-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org If a port is passed as argument instead of the master, then: At br_fill_forward_path(): find the master and use it to fill the forward path. At br_vlan_fill_forward_path_pvid(): lookup vlan group from port instead. Changed call to br_vlan_group() into br_vlan_group_rcu() while at it. Acked-by: Nikolay Aleksandrov Signed-off-by: Eric Woudstra --- net/bridge/br_device.c | 19 ++++++++++++++----- net/bridge/br_private.h | 2 ++ net/bridge/br_vlan.c | 6 +++++- 3 files changed, 21 insertions(+), 6 deletions(-) diff --git a/net/bridge/br_device.c b/net/bridge/br_device.c index 0ab4613aa07a..c7646afc8b96 100644 --- a/net/bridge/br_device.c +++ b/net/bridge/br_device.c @@ -383,16 +383,25 @@ static int br_del_slave(struct net_device *dev, struct net_device *slave_dev) static int br_fill_forward_path(struct net_device_path_ctx *ctx, struct net_device_path *path) { + struct net_bridge_port *src, *dst; struct net_bridge_fdb_entry *f; - struct net_bridge_port *dst; struct net_bridge *br; - if (netif_is_bridge_port(ctx->dev)) - return -1; + if (netif_is_bridge_port(ctx->dev)) { + struct net_device *br_dev; + + br_dev = netdev_master_upper_dev_get_rcu((struct net_device *)ctx->dev); + if (!br_dev) + return -1; - br = netdev_priv(ctx->dev); + src = br_port_get_rcu(ctx->dev); + br = netdev_priv(br_dev); + } else { + src = NULL; + br = netdev_priv(ctx->dev); + } - br_vlan_fill_forward_path_pvid(br, ctx, path); + br_vlan_fill_forward_path_pvid(br, src, ctx, path); f = br_fdb_find_rcu(br, ctx->daddr, path->bridge.vlan_id); if (!f) diff --git a/net/bridge/br_private.h b/net/bridge/br_private.h index 1054b8a88edc..a0b950390a16 100644 --- a/net/bridge/br_private.h +++ b/net/bridge/br_private.h @@ -1584,6 +1584,7 @@ bool br_vlan_can_enter_range(const struct net_bridge_vlan *v_curr, const struct net_bridge_vlan *range_end); void br_vlan_fill_forward_path_pvid(struct net_bridge *br, + struct net_bridge_port *p, struct net_device_path_ctx *ctx, struct net_device_path *path); int br_vlan_fill_forward_path_mode(struct net_bridge *br, @@ -1753,6 +1754,7 @@ static inline int nbp_get_num_vlan_infos(struct net_bridge_port *p, } static inline void br_vlan_fill_forward_path_pvid(struct net_bridge *br, + struct net_bridge_port *p, struct net_device_path_ctx *ctx, struct net_device_path *path) { diff --git a/net/bridge/br_vlan.c b/net/bridge/br_vlan.c index d9a69ec9affe..a18c7da12ebd 100644 --- a/net/bridge/br_vlan.c +++ b/net/bridge/br_vlan.c @@ -1441,6 +1441,7 @@ int br_vlan_get_pvid_rcu(const struct net_device *dev, u16 *p_pvid) EXPORT_SYMBOL_GPL(br_vlan_get_pvid_rcu); void br_vlan_fill_forward_path_pvid(struct net_bridge *br, + struct net_bridge_port *p, struct net_device_path_ctx *ctx, struct net_device_path *path) { @@ -1453,7 +1454,10 @@ void br_vlan_fill_forward_path_pvid(struct net_bridge *br, if (!br_opt_get(br, BROPT_VLAN_ENABLED)) return; - vg = br_vlan_group(br); + if (p) + vg = nbp_vlan_group_rcu(p); + else + vg = br_vlan_group_rcu(br); if (idx >= 0 && ctx->vlan[idx].proto == br->vlan_proto) { From patchwork Tue Feb 25 20:16:08 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13990745 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-ej1-f43.google.com (mail-ej1-f43.google.com [209.85.218.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9027921325B; Tue, 25 Feb 2025 20:16:34 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.43 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740514596; cv=none; b=kIYEqZvuHR3o5Hj3/ezK0PsCxniGovbTbU8V7WhJiRuiK5kzEPU4G+plVvFWYO5ZKroHVyqUhpUsHKbKe16R2eKWw6/slLguSiK6mU1zBekyubEsTuDKXUUqsTqvUoYAZhNHa/wzVg2NRtamzjboZkg5zZeMcQPpXXibW4V7uMA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740514596; c=relaxed/simple; bh=QIhn2y3kyisjmJYCyWM38qUrYkbqfd1KGtAA3NxVqc0=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=PI2/8yKz5TYPHKMTAawmsnYA1c6Jc9vP4c61vkTBX13R4kYDDGjHqBF2YpCwNvAhUnFeVwVP/Et0/B117vE9Pc14u6Kr2ufUak6NcXddEZX6pNrMFQXyAIdVJmRLkpQD6LTc+WD016rM2W4B+7JH7mRT6a/0YiMF/IvrzTooQIc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=U8HQmIQX; arc=none smtp.client-ip=209.85.218.43 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="U8HQmIQX" Received: by mail-ej1-f43.google.com with SMTP id a640c23a62f3a-abec925a135so231014266b.0; Tue, 25 Feb 2025 12:16:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1740514593; x=1741119393; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=vgvvO4mRAt67HclOcho5/or4Z9zLgPRzxsVdNZtTjYg=; b=U8HQmIQXVQAPKJLfHM9Y7V3rqufBDBNcUlA9ecqcC6bwGEvvQjB+TDbrME/xqbG61o HqY4waeRJSDnSU2Zr2/clvmpn+uiILSAMmwd5HGHA8+DijM8fOqs/i4mVgZddXmwvL/p CTv25fXzLsBh//Nyw1qGTnbomOdEYJS0ldN8G+HfC7PcHWzi2DXSv596JJPV/q0tmWDp r5p1FRFMXN8rxJbqOliR0wz3Nbib3pC80tWS3PnevH2S8HySNThmup1yP2lO1RiT3z7D fsWeFAuarmoIMH4pYR4mjNEKcqTIvIwpF593VHn3kpfAVOo1qXApN7fdQxRMqvZWoP+M 1HFQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740514593; x=1741119393; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=vgvvO4mRAt67HclOcho5/or4Z9zLgPRzxsVdNZtTjYg=; b=vpun+HKi/3DydUK3tRqaeA/xMw7gTa84hmm4YtWEWssIMwD2bx83FRdePw9pUmfM1d 1GXDvFXqxAWcA3LpNlPZcfq4hfKOifE6ZcnF3+mrONy4h4V43/rVusT0ejzUSDhwmsqh PvCa+E3WNTGiYUmHEawRH7a7RGXmZ/gzu55t2csz4lmkTqWKsx1KidHsuXvMNqBF9afL NI8KA0jP3Ge0F4atwb6sgoeeoVTzXueKGNx2+YmPl8qXvzJ/cURRqMW6T5PVGgf42ddX pQP7y/YcS5vnxr/m89UWKTdM43IQ4tC5+eToZpAgvQqgC6wU9jbDOTX/8frag+02B+HZ ELUw== X-Forwarded-Encrypted: i=1; AJvYcCUQGzJyYeQXeEltfdPP8N98hWOJqMSgyhgwRi8P2YP1ypFnpaePFUCg0cD60uNrZ2xHi0jpFWLr7uP0ll8=@vger.kernel.org, AJvYcCUqvJlt6SF4e3J4P7F4KnBziWRerjZOfqrQ5pjfmJhaPIJ0u2m02xAro+/1YzV/nCDPaeYjl0uQsFbxH/wrfVoU@vger.kernel.org X-Gm-Message-State: AOJu0YyqIWlUaAGGtLUoVGYQksVsbI8mtM8ZrI/hyL+ooE6kf0TVTDq0 tYfhYoCIkdoa0Kr57yKBJxPX6WP6bO7r1SrMEj87z4+XIeexsE8K X-Gm-Gg: ASbGnctHSD2/jLVpw3VBwVBWbM/YgAwiw5BGBdYK803UZvRi3OVvHQRK/gi6Hb6Kj4A DaZgkabG9MuJAuJnJjd7hZ0zCS6STSg7QNBUK6/EtGcNYzJamHvzvsHSemUK3UI0bkI02TTQayY ADRrS9x4KWcw/NbQvywUPKVMI8RfTAMFhSvr/dUIEsX2cnTIR7J4He4v0uk6jaoOeoI9ZFJ/azO VxvWzixL2pjs7qA1C3vU2F1F1G3ecKW6iwHX7HT6O5+9EnsFpoNW/ltwPn0gIbkVLqRHKSZuvB5 PfX1NkmdC69dVqmJKr68qbrgKhlATz+ChMPX3EtuBE+63dYvfz2zLVkhYtBXpT58Q1h33porp+N w9d7FNVEgA3DXm/2S6NnbP2bIelSDl/LgUGiAo3/fxLE= X-Google-Smtp-Source: AGHT+IHYa/rnJMcG6bw4DaLIqU4PpMQ2X1tUCpndBeXitg+IOobUcH2l24ISv9vbXMdXY/Di07mP4g== X-Received: by 2002:a17:906:31d1:b0:abb:e95e:f2c3 with SMTP id a640c23a62f3a-abeeef4216amr55910166b.41.1740514592646; Tue, 25 Feb 2025 12:16:32 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-abed201218fsm194319666b.104.2025.02.25.12.16.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 25 Feb 2025 12:16:32 -0800 (PST) From: Eric Woudstra To: Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH v7 net-next 06/14] net: core: dev: Add dev_fill_bridge_path() Date: Tue, 25 Feb 2025 21:16:08 +0100 Message-ID: <20250225201616.21114-7-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250225201616.21114-1-ericwouds@gmail.com> References: <20250225201616.21114-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org New function dev_fill_bridge_path(), similar to dev_fill_forward_path(). It handles starting from a bridge port instead of the bridge master. The structures ctx and nft_forward_info need to be already filled in with the (vlan) encaps. Reviewed-by: Nikolay Aleksandrov Signed-off-by: Eric Woudstra --- include/linux/netdevice.h | 2 ++ net/core/dev.c | 66 +++++++++++++++++++++++++++++++-------- 2 files changed, 55 insertions(+), 13 deletions(-) diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h index 9a387d456592..695445927598 100644 --- a/include/linux/netdevice.h +++ b/include/linux/netdevice.h @@ -3289,6 +3289,8 @@ void dev_remove_offload(struct packet_offload *po); int dev_get_iflink(const struct net_device *dev); int dev_fill_metadata_dst(struct net_device *dev, struct sk_buff *skb); +int dev_fill_bridge_path(struct net_device_path_ctx *ctx, + struct net_device_path_stack *stack); int dev_fill_forward_path(const struct net_device *dev, const u8 *daddr, struct net_device_path_stack *stack); struct net_device *__dev_get_by_flags(struct net *net, unsigned short flags, diff --git a/net/core/dev.c b/net/core/dev.c index 18064be6cf3e..d5f4fae840a2 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -714,44 +714,84 @@ static struct net_device_path *dev_fwd_path(struct net_device_path_stack *stack) return &stack->path[k]; } -int dev_fill_forward_path(const struct net_device *dev, const u8 *daddr, - struct net_device_path_stack *stack) +static int dev_fill_forward_path_common(struct net_device_path_ctx *ctx, + struct net_device_path_stack *stack) { const struct net_device *last_dev; - struct net_device_path_ctx ctx = { - .dev = dev, - }; struct net_device_path *path; int ret = 0; - memcpy(ctx.daddr, daddr, sizeof(ctx.daddr)); - stack->num_paths = 0; - while (ctx.dev && ctx.dev->netdev_ops->ndo_fill_forward_path) { - last_dev = ctx.dev; + while (ctx->dev && ctx->dev->netdev_ops->ndo_fill_forward_path) { + last_dev = ctx->dev; path = dev_fwd_path(stack); if (!path) return -1; memset(path, 0, sizeof(struct net_device_path)); - ret = ctx.dev->netdev_ops->ndo_fill_forward_path(&ctx, path); + ret = ctx->dev->netdev_ops->ndo_fill_forward_path(ctx, path); if (ret < 0) return -1; - if (WARN_ON_ONCE(last_dev == ctx.dev)) + if (WARN_ON_ONCE(last_dev == ctx->dev)) return -1; } - if (!ctx.dev) + if (!ctx->dev) return ret; path = dev_fwd_path(stack); if (!path) return -1; path->type = DEV_PATH_ETHERNET; - path->dev = ctx.dev; + path->dev = ctx->dev; return ret; } + +int dev_fill_bridge_path(struct net_device_path_ctx *ctx, + struct net_device_path_stack *stack) +{ + const struct net_device *last_dev, *br_dev; + struct net_device_path *path; + + stack->num_paths = 0; + + if (!ctx->dev || !netif_is_bridge_port(ctx->dev)) + return -1; + + br_dev = netdev_master_upper_dev_get_rcu((struct net_device *)ctx->dev); + if (!br_dev || !br_dev->netdev_ops->ndo_fill_forward_path) + return -1; + + last_dev = ctx->dev; + path = dev_fwd_path(stack); + if (!path) + return -1; + + memset(path, 0, sizeof(struct net_device_path)); + if (br_dev->netdev_ops->ndo_fill_forward_path(ctx, path) < 0) + return -1; + + if (!ctx->dev || WARN_ON_ONCE(last_dev == ctx->dev)) + return -1; + + return dev_fill_forward_path_common(ctx, stack); +} +EXPORT_SYMBOL_GPL(dev_fill_bridge_path); + +int dev_fill_forward_path(const struct net_device *dev, const u8 *daddr, + struct net_device_path_stack *stack) +{ + struct net_device_path_ctx ctx = { + .dev = dev, + }; + + memcpy(ctx.daddr, daddr, sizeof(ctx.daddr)); + + stack->num_paths = 0; + + return dev_fill_forward_path_common(&ctx, stack); +} EXPORT_SYMBOL_GPL(dev_fill_forward_path); /* must be called under rcu_read_lock(), as we dont take a reference */ From patchwork Tue Feb 25 20:16:09 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13990747 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-ej1-f44.google.com (mail-ej1-f44.google.com [209.85.218.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8AAED213E68; Tue, 25 Feb 2025 20:16:35 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.44 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740514597; cv=none; b=lyYlpev+u7jmiPxh2GF0lCgbzh/9e2yrCMyqqflAucYP9qhRiY1diZ/aDtR50/kBTqtGM5bZaKUuRLPgzQ5Tgx2GgngOv8+TtjZQN/poIP2+B7VnhMN25QONZCbi9lYist92l7Oa+TAAG1q2m8Hce3PH3r9Bw61lFNgvhGgOfu4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740514597; c=relaxed/simple; bh=p1IsKiAxwq12F2MM7ABxyO6mLj6RlYFe8Yg33MCLfXU=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=K+KLBfgMtpf2fKO0Jcu8xISHC0BZTF5M4LovO6i7i2sSX0MkS8ubrTOv/hh8p+OxMC0X5yB2vO/gJPZ6phHyClv+1dyEBwIWCEc6R+rSv4iAzvzMwGbS0F4ikDj9q7P0QGQzwtemeHEKh/nXJxi4YHQTF5YhroXnH+QUvamId24= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=hNxuQPhT; arc=none smtp.client-ip=209.85.218.44 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="hNxuQPhT" Received: by mail-ej1-f44.google.com with SMTP id a640c23a62f3a-aaf0f1adef8so365536966b.3; Tue, 25 Feb 2025 12:16:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1740514594; x=1741119394; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=MAJ1+kbz8lZ4YwPg+OV3VOfAm0Jd01XhEIX1QeYwh3U=; b=hNxuQPhTriJvA6L3DNkP/R366SqsUBBakZc26kJzoAqDPhqP4iaV/PRQbm2+OrEM60 tWwZ2sf9wGW3hLboM24/fakDotXaqjZplR7KX8Y8rrLHGsaBzqo4wmP+29p3KoKbgI/l jOALh1gQNEWpXc/Vb9rsqkY+IDd7pl9JGBrDH+opgHpSjyMnvplGpChLTrsX44M0jgx1 M1ZJ0hj2nB7uc4O4bMTJLuD9s4OGlMHQEC4Y673IM4iAfDo+sjn4I1ELV5PC6VGojZ2l LxmEbeugOMMdXlibjXZeEFj3io7CMk7oIdiiaAhAApLONuqGjfbNr2MxLv0v1J2z3r8/ hXzw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740514594; x=1741119394; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=MAJ1+kbz8lZ4YwPg+OV3VOfAm0Jd01XhEIX1QeYwh3U=; b=I+Hde2Wml+2j65AM88IIinalyrTDwuvWrYqPscL4vfCNkC65CwqVu+AUe/FymdSCVH v843EJnADkVnj13IURMzDsw8ZjQ/pqmgadBDA4Fmd92QZ+GJJgxBHdRbJ4MCj/TtC/iM uKmpprj/jEDgCxvUsSwoS2f3iDT1iWVW4tUkrtNaotUzy61ilaMrurWB9etxavsHTnvb h2yUpNrTNTYDbiKztT1gsAc564GwFVnBzZuRKTa2B00Ij39MaxsnzfdJUpxRh3/sUy/g ENX8rCsZJG39iStI1nZNcvcH2GLNUIdJav7LICyVg3ZcQ5gFoIJE2Stxx1++JtuIDKCn wt6w== X-Forwarded-Encrypted: i=1; AJvYcCWIbfZeztauBN7xqf8Blu+HODKhLXjXkLx2fNe1l4hZSYNKk8GTOl0HC/uFbmVZx+WVIsqd+myW9AE4z9lCChYU@vger.kernel.org, AJvYcCX1ypRzkQYuzJU2GnrOQH7ZeEpyBKrg0LsROnA+jhkAbh1fVExGPImDs4rNwCh7v5N3QlgFSQLtkQoRNfc=@vger.kernel.org X-Gm-Message-State: AOJu0YxGsSbIUtKXmPCr/P1uDq4hEqwjhKcT/rKShWFSiaj/qkJmBWFm Zsj9JXqraOb9HClm7jIwl87M3JqTKawYW+wA2ugC6dHUthuQL0/d X-Gm-Gg: ASbGncu3SrckbpBw3nC/BsRrlmP/rFQkwwyF81TJwdibdk2KB26AJo4/notTtVWfyxq mji253q6gTdCJh2nUw55Vfe44m/gNyP1Ot378Az9C7fMl3tKifm/5uPDK+wrgKL6aE8SSL9vTh4 PqwXj8CGZExusTtCVjUzDNfsPqKxHU1JSNtr5nkPc4inn2VgSKmr5eJz1jQ/ujsfwJ1him19vJP SpnmaeMBONh7v2VbDQ5Q92rAj/KtIc7jPSlMbzN1WNueq1OzjXMn6xYexEAkzCJ3M50QRmW+Pqz 3gZj6x4DXN68m/SpYFYt2MyPeUmLe/N/wc2AUg93xNsTcmALxeIzU8E2i14ZkHax+/FKa67KbwV wmKYP5EZ2aLnCjbdy9jNvfRkVy6eo8pYVCoQLOcA5T/8= X-Google-Smtp-Source: AGHT+IEwV1DfGXJRPjYjfUai9IFb7gVR/sM912MZVVj4qwykjTK4A5haj0vlM9CKbuHOZqsSxaDDSQ== X-Received: by 2002:a17:906:3181:b0:abe:ea93:2ca3 with SMTP id a640c23a62f3a-abeeedfd836mr54526066b.29.1740514593664; Tue, 25 Feb 2025 12:16:33 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-abed201218fsm194319666b.104.2025.02.25.12.16.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 25 Feb 2025 12:16:33 -0800 (PST) From: Eric Woudstra To: Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH v7 net-next 07/14] netfilter :nf_flow_table_offload: Add nf_flow_rule_bridge() Date: Tue, 25 Feb 2025 21:16:09 +0100 Message-ID: <20250225201616.21114-8-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250225201616.21114-1-ericwouds@gmail.com> References: <20250225201616.21114-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org Add nf_flow_rule_bridge(). It only calls the common rule and adds the redirect. Reviewed-by: Nikolay Aleksandrov Signed-off-by: Eric Woudstra --- include/net/netfilter/nf_flow_table.h | 3 +++ net/netfilter/nf_flow_table_offload.c | 13 +++++++++++++ 2 files changed, 16 insertions(+) diff --git a/include/net/netfilter/nf_flow_table.h b/include/net/netfilter/nf_flow_table.h index 4ab32fb61865..a7f5d6166088 100644 --- a/include/net/netfilter/nf_flow_table.h +++ b/include/net/netfilter/nf_flow_table.h @@ -340,6 +340,9 @@ void nf_flow_table_offload_flush_cleanup(struct nf_flowtable *flowtable); int nf_flow_table_offload_setup(struct nf_flowtable *flowtable, struct net_device *dev, enum flow_block_command cmd); +int nf_flow_rule_bridge(struct net *net, struct flow_offload *flow, + enum flow_offload_tuple_dir dir, + struct nf_flow_rule *flow_rule); int nf_flow_rule_route_ipv4(struct net *net, struct flow_offload *flow, enum flow_offload_tuple_dir dir, struct nf_flow_rule *flow_rule); diff --git a/net/netfilter/nf_flow_table_offload.c b/net/netfilter/nf_flow_table_offload.c index d8f7bfd60ac6..3cc30ebfa6ff 100644 --- a/net/netfilter/nf_flow_table_offload.c +++ b/net/netfilter/nf_flow_table_offload.c @@ -679,6 +679,19 @@ nf_flow_rule_route_common(struct net *net, const struct flow_offload *flow, return 0; } +int nf_flow_rule_bridge(struct net *net, struct flow_offload *flow, + enum flow_offload_tuple_dir dir, + struct nf_flow_rule *flow_rule) +{ + if (nf_flow_rule_route_common(net, flow, dir, flow_rule) < 0) + return -1; + + flow_offload_redirect(net, flow, dir, flow_rule); + + return 0; +} +EXPORT_SYMBOL_GPL(nf_flow_rule_bridge); + int nf_flow_rule_route_ipv4(struct net *net, struct flow_offload *flow, enum flow_offload_tuple_dir dir, struct nf_flow_rule *flow_rule) From patchwork Tue Feb 25 20:16:10 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13990749 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-ej1-f51.google.com (mail-ej1-f51.google.com [209.85.218.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8F44C1EA7E5; Tue, 25 Feb 2025 20:16:36 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.51 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740514599; cv=none; b=PeVcgkQsplMESYc+RfMtkxAamYg0KUzg4BDfdbkmor6/XbcP9bNK2BB8m4XaO8OzeO09fM9TeAFHhSTYCAJ7C53SID0bNRMSJhVK22ej+OUkn9Fazx2nEFZe7aap7540Wlt/9L5OlngN+s1FpnQZt8P03E6QUrS/V0F69JFdiEE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740514599; c=relaxed/simple; bh=AihhYJGwJTJyObdFZSI/rxytC55wEnFe8EzDy7l8A+0=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=sYyyHC21iYDppyzjPow99tJOkq8HLRFMF+iBy3nWuvze1aMevyi6LvYYNOG7DIHaxoDpoqIErxc/NFQtkJ9/Uz/2KgGW0qamYvyNuOTunMfMa1xZWYKdFetuFUEWg/d1v6JAiSuJr9DFc1BqdFJOwapxjF7yh0FzpSoG1P8IS1M= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=lD+zungb; arc=none smtp.client-ip=209.85.218.51 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="lD+zungb" Received: by mail-ej1-f51.google.com with SMTP id a640c23a62f3a-abb7f539c35so1171742666b.1; Tue, 25 Feb 2025 12:16:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1740514595; x=1741119395; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=6/OfFtkDCpNUsNNnB4udxCcQxzWSEZIHYYoj3YjYWKw=; b=lD+zungbhxNk7qDmVyyHtMprmtekP8uw7HK0kouHUl0WX9wOghALmj+Dy0kTk7zAnK 8rM5ec1bFlP+KCfSiH0gymvYvDRkNaAXFwFxAODr2yW55NUr3Boc5kuE/G/z1vRhybOF wBD00XxAlFBJId15mg20DFb/MXTDwJSJ6AzO9nl6yNvGcCAZsi4vqrytNaAnY3d0extw KPswjU4hvDxQY6UAgLtlndKRCv8yAXBERI5gOhOLORuolrzDa0GhDfTTrK5D0nfvNaqG M8wxpP5mAgmZkkfUmlRLePs/AvSaWSqjqVISfxvFUsDgwM5ZaQ1ZHcjjPyuObXs8zYOW yB5w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740514595; x=1741119395; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=6/OfFtkDCpNUsNNnB4udxCcQxzWSEZIHYYoj3YjYWKw=; b=WmvzmBfbX3rAY/Jwuu0qSEpzGOFMvztjp7E7o3kDUAhoeVKJJIT2miFnUZuaEZMevh XxmRmBx2Tezs1iM40tag3LBFvZFt1KndYby1VPj0xIxU+Y0hKBEN1lkjnUf5SQK3g8qv yGuzN5kBc0D0wI4kuXvuPAJTXYw9PUlE+lynckEi/6CeyHO3CMIp9zAkCKCJ2JVF1tw8 zPH92EDqeV3YaRjdcRudyUim4OtmdCJ75QqNZ7hJmPvqwQO2rBPZI/lqigAyDbZ76Mz0 zBlHmAHL0uKOA1HZMYod6JelfdR3GEoAqFopHOtJV61EkthP1121pKVHEiv/MTrWY1yT hA/A== X-Forwarded-Encrypted: i=1; AJvYcCVMWfWAx+fMYOQVbDDmvCq8BVfanKzFiXbvC0WSWtc25XLntIlld6VERaHqgKl5754K00f/MwRAczJmU+QZGE+a@vger.kernel.org, AJvYcCWgu1PG8kQfXwstEtF+s1qvp+xSa1nPM+H628yaroTXhvEf0BSH0b/PmP0E2i3CcAFSOnj+EguQUYGCWAg=@vger.kernel.org X-Gm-Message-State: AOJu0YwBASvugI4hSJhpnCmxXwkZ+QLGEqIfQSqOHQ4qHe/kVpmIZpd1 uR4dfM0+VWmVt5uPEzlGn6Mx+K6oL/ey2NjZ3NxeAPrjuYV3vuy7 X-Gm-Gg: ASbGnctEfYqLMDtR57yzIGsXJyO9nBvxAyCiLWcyEoZCo4dBTHk/U4TEh14tMOU2tww MlLDN69KWP9biVbYpZrVUf/7H44lMnlmfOwV546OuaanNFDseIJDYbwxt/yeqJcEiLqE1ArKV3g JjrXIQRfpdK1axlwjfRA0SViouizLy9wOwW8gz6Low90tX1CI8Ax9BoHGng+DxfXjdBThxBmPIw hBGi7w/vGS6fg/J11Mq1nFH5G6QzVtPBhKpNmw23/rpAuUZD7l8lwEjjNKmcveHaqCCS3J8QsYA +nq5hF9QSzpYNEMeIWkV3OHIkTS0liXqHdLDB6T3zJZYKVdtiK/3mqI2bi4w6SBIaNuq4/rhvII abu60VTWuqoD6Rve+4ScK0LJie/2q6QGWOhwxgpoIhrQ= X-Google-Smtp-Source: AGHT+IGqtwnhdQCtSmqLRlPPBdMfue3nuq7Am6Qo/bcDgts/ZRrpNQ6gtoEj1aOcPx9OCd4I+DxgEQ== X-Received: by 2002:a17:907:1ca4:b0:ab6:d575:9540 with SMTP id a640c23a62f3a-abed1076c86mr522915866b.50.1740514594765; Tue, 25 Feb 2025 12:16:34 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-abed201218fsm194319666b.104.2025.02.25.12.16.33 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 25 Feb 2025 12:16:34 -0800 (PST) From: Eric Woudstra To: Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH v7 net-next 08/14] netfilter: nf_flow_table_inet: Add nf_flowtable_type flowtable_bridge Date: Tue, 25 Feb 2025 21:16:10 +0100 Message-ID: <20250225201616.21114-9-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250225201616.21114-1-ericwouds@gmail.com> References: <20250225201616.21114-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org This will allow a flowtable to be added to the nft bridge family. Reviewed-by: Nikolay Aleksandrov Signed-off-by: Eric Woudstra --- net/netfilter/nf_flow_table_inet.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/net/netfilter/nf_flow_table_inet.c b/net/netfilter/nf_flow_table_inet.c index b0f199171932..80b238196f29 100644 --- a/net/netfilter/nf_flow_table_inet.c +++ b/net/netfilter/nf_flow_table_inet.c @@ -65,6 +65,16 @@ static int nf_flow_rule_route_inet(struct net *net, return err; } +static struct nf_flowtable_type flowtable_bridge = { + .family = NFPROTO_BRIDGE, + .init = nf_flow_table_init, + .setup = nf_flow_table_offload_setup, + .action = nf_flow_rule_bridge, + .free = nf_flow_table_free, + .hook = nf_flow_offload_inet_hook, + .owner = THIS_MODULE, +}; + static struct nf_flowtable_type flowtable_inet = { .family = NFPROTO_INET, .init = nf_flow_table_init, @@ -97,6 +107,7 @@ static struct nf_flowtable_type flowtable_ipv6 = { static int __init nf_flow_inet_module_init(void) { + nft_register_flowtable_type(&flowtable_bridge); nft_register_flowtable_type(&flowtable_ipv4); nft_register_flowtable_type(&flowtable_ipv6); nft_register_flowtable_type(&flowtable_inet); @@ -109,6 +120,7 @@ static void __exit nf_flow_inet_module_exit(void) nft_unregister_flowtable_type(&flowtable_inet); nft_unregister_flowtable_type(&flowtable_ipv6); nft_unregister_flowtable_type(&flowtable_ipv4); + nft_unregister_flowtable_type(&flowtable_bridge); } module_init(nf_flow_inet_module_init); @@ -118,5 +130,6 @@ MODULE_LICENSE("GPL"); MODULE_AUTHOR("Pablo Neira Ayuso "); MODULE_ALIAS_NF_FLOWTABLE(AF_INET); MODULE_ALIAS_NF_FLOWTABLE(AF_INET6); +MODULE_ALIAS_NF_FLOWTABLE(AF_BRIDGE); MODULE_ALIAS_NF_FLOWTABLE(1); /* NFPROTO_INET */ MODULE_DESCRIPTION("Netfilter flow table mixed IPv4/IPv6 module"); From patchwork Tue Feb 25 20:16:11 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13990748 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-ej1-f44.google.com (mail-ej1-f44.google.com [209.85.218.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AC1F4215179; Tue, 25 Feb 2025 20:16:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.44 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740514599; cv=none; b=hEDu2te2iAVRMP0OfYE7v97xwrHaKw86T9QrR2dczVbhwlBzfv4cLXO1mto6MseMShRrGVDyfssRjKzex8O3lpZMEFGBCVCi34jNbkyXiAZRR1C6hhRdr+37V4XRYtEi60b+eh5lhR6yZP98cZH33d9DpJkdfrrYbFVsTp/uN5U= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740514599; c=relaxed/simple; bh=Vja1w1A/Wnz062ttT6Bt+MXuQBy3cdFVFTFu9bvZ8Ag=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=lqiePzd1Nal21RwIY9wk59YlHJTb6S4FmJ6sydy/ur24VlkUsflZuKlm4SG1fkXA0KUvuG27/DRHcLnNSNzk13zUoSFO3gRyEnR3fWOhGaTQTZbJWLpSkDHaoooxITk08rUHWgWqIU02pcGWuSTah1DOv4lmGigsjf2iTsLdPUc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=Q+bWoZfW; arc=none smtp.client-ip=209.85.218.44 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="Q+bWoZfW" Received: by mail-ej1-f44.google.com with SMTP id a640c23a62f3a-abb75200275so962807266b.3; Tue, 25 Feb 2025 12:16:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1740514596; x=1741119396; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Gr1wMzwLJ3r114jkr+fSh/N13xzOYrfc9OnXbfM4Z7I=; b=Q+bWoZfWr2sPJocVwfZ4R8UPvc44ySZOu8qRnf750Pn7prhYko/krV5Whumt/GYvjU CIo2OjWNgYedtC+YyR0qagKFrymOxHjfXeDBIaiaFXvGkkwG2jiYuGwbOQZV0sw3clhK Ki0dJgMGHK7Fw2ZURHn+jbjtb3wTwultzHKekax46qUF+nf2IquyGPWtb+5OgyF3UTVC MFeTYV7StGYt7DSu4wesnSFeYXDlRfoNzqhRuyqpSPu3GUEa+eoG8mHh/lr/ofgPU5fb GLxsUq3ARZdIqiAeSIaE0EQrbnB3p/+2CTl/xzlA5EGZ6e05Obw1csrvDLRjeDWsKldT K71Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740514596; x=1741119396; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Gr1wMzwLJ3r114jkr+fSh/N13xzOYrfc9OnXbfM4Z7I=; b=R6UhEW3MeOLULzG2xDpubLUUlK+Z5gJikjWQdD5E8Kr7yJdnU+xpwkgVyGHbJN4nqJ Fv5F5xjmA5taaXWLyhjrKLpa2CZsQpYDo2/psiwTzJwZy0YzFWVGvqAmmItyzBiAlbzf qGPJ5z//caxNRCwGDQuV4xAkx3YHmK2dx1aO0iTbExDeUqdxg8SJybQXKXQZKmkzzZ+t bdKXU/hZprD1JKmdmUNKDoB9T8tb3bFN6EKQmUKISulZtRkK8l94PlU4ijFlfhkwtu0m s4gXF1Uh3UvGvA3u3hfvhUffLpOpJRuTfKwhcH+IWLtmSpogxIvIZmigZLe1GTY7+E9q ztWA== X-Forwarded-Encrypted: i=1; AJvYcCUHzWiECqG0XXeKVXh1kA4L4w7Dbm8J6ILd43q/LqbfMxFAxCo3mTwmnQoIQxv+lD/ktPsYIRMO8+F53ms=@vger.kernel.org, AJvYcCW2eNhhh/JpYrOrjJ2JvQSV8CVJ3+nek54mvl27wtp9AFlMjfuei+F4uP0SoWH4A1kd8dxK62tr27UYwVX90J36@vger.kernel.org X-Gm-Message-State: AOJu0Yw1JdJCjB7mkI4nS3NJPkWaVSTeTVEdbaNEK2pqy7AxVGzDZQyD EzHqnWMeD2opp9a9AlFglZ6EAmgMRTniJaZyWmJmI+MvPVhsjd4m X-Gm-Gg: ASbGncuIejMD0FNcJ1LIM1n/B2ZWCXdxN3WOfMQ3hrRNg7eKqVrYYpx4LLpN5cBd44F R7DywkuBTCgINQ3If7tNsLXG6YV/Z+KkrQstWdhpgwp8SxCTI/ukmGYmFnWBVIbjG7aw23nnaq3 T6TlEypA4D4RNaWdXJiJb1KfOwpBnuF4rYQlmqTKmO+2hU48m52PBsv87iOQd89SmkEbpwJiTMz 7uQ7tSsiSFBokduTizS4yB9q/iBBeR49SH29Q5j025AIIwV+q/ERNIXYkTU8O5soxFb489AY20q GpvEmA4pu3b5nArCFCaGFXdKKSvF0GuedGx0P7XwfIrF4vEgy6YnrTufULr82MUsuOdpTkzsYj7 ZU1YNuOVMkJfZGKHqSGS6lb/h0j4CloWTPwYIoOb2Wvs= X-Google-Smtp-Source: AGHT+IFQrPMr/zga3A1PXJqgdsJBXZ3US5klRSnZht6r010E2CvDfRMDZ8BFvHY6Z6/b4s4s1eKUxw== X-Received: by 2002:a17:906:30c4:b0:abe:ea7e:d1af with SMTP id a640c23a62f3a-abeea7ed9e3mr122695566b.50.1740514595791; Tue, 25 Feb 2025 12:16:35 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-abed201218fsm194319666b.104.2025.02.25.12.16.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 25 Feb 2025 12:16:35 -0800 (PST) From: Eric Woudstra To: Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH v7 net-next 09/14] netfilter: nft_flow_offload: Add NFPROTO_BRIDGE to validate Date: Tue, 25 Feb 2025 21:16:11 +0100 Message-ID: <20250225201616.21114-10-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250225201616.21114-1-ericwouds@gmail.com> References: <20250225201616.21114-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org Need to add NFPROTO_BRIDGE to nft_flow_offload_validate() to support the bridge-fastpath. Reviewed-by: Nikolay Aleksandrov Signed-off-by: Eric Woudstra --- net/netfilter/nft_flow_offload.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index 5ef2f4ba7ab8..323c531c7046 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -421,7 +421,8 @@ static int nft_flow_offload_validate(const struct nft_ctx *ctx, if (ctx->family != NFPROTO_IPV4 && ctx->family != NFPROTO_IPV6 && - ctx->family != NFPROTO_INET) + ctx->family != NFPROTO_INET && + ctx->family != NFPROTO_BRIDGE) return -EOPNOTSUPP; return nft_chain_validate_hooks(ctx->chain, hook_mask); From patchwork Tue Feb 25 20:16:12 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13990751 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-ej1-f45.google.com (mail-ej1-f45.google.com [209.85.218.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1689921578A; Tue, 25 Feb 2025 20:16:38 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.45 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740514602; cv=none; b=etggu6ul3CV8mNuWuGA9KZ24wLaCOjoTJOCHRMM598FkWM71SAJCfADmJtqDo8H70IPCBkqJSjq65g2aU+KefOXNpatrFPJDe1kvMFyUVJncZNknd81cbVkuvcv53JH/DAI1D5ptOHUG57Uc5ZlcBNk9f2beFVQ3RMxvI3+HwuU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740514602; c=relaxed/simple; bh=Xf5mlATXYp8EYoXU9a3w+XGI157o2p4WZAmB5ikh7tM=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Wmh4nq1sPX2FjrXJ8ou8gK9KuMxh9wdAvTG5wPvtLLcYDKh7+sAxOPr3H3lwZygRDI9J9I7duFRMecmI9uaxKrPiBhA2y2zLTgFKUvfmP1onF9cxGo+budeFjbufq2yDmd/Z86+jPEUHDTUnpTvIbGBzl8p5uCDau7TlP1T5+j4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=idCeSiBz; arc=none smtp.client-ip=209.85.218.45 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="idCeSiBz" Received: by mail-ej1-f45.google.com with SMTP id a640c23a62f3a-abbb12bea54so1038174566b.0; Tue, 25 Feb 2025 12:16:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1740514597; x=1741119397; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=mNvAyhAv6GepxNEYkCskllQBVi38mrCeZ4SsbbR7WSY=; b=idCeSiBzuzKiqwPiJtOWl5S+b4bRt5HGLA4SzsVFqAGiox5Npa1KPrMMjxBJAe9/WL Q6/5d7JKezdYiWo5sMg9m80cAX+4o6EJTzewJJhWa5bKC+63xHPfMohSYfuVuzaTy+Zx gnpSvrs1fUHIW28dsKDvHxCOBJShuSYKb7BN+AqcU+j0uNaXGRJ9ZewK7oYNSYBVYiZE dpZrbGnGahw+UcsXNj+5iD3q/LbQdvpdgF76QjHp3JmBWcIUxpFvmXpbOk8Q0TRX0WPc qfkW6+CMAFB07ihBwfzVJj1XCurV2hFhh+grsPAh6whPx+sUKMtIrnvxXcJy80HbFfrK WKsg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740514597; x=1741119397; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=mNvAyhAv6GepxNEYkCskllQBVi38mrCeZ4SsbbR7WSY=; b=ShEwbMqmBPiouQjPcUIAMmkOGsv+t7NAN5fCfC9moZzKKz7cf6aGizi2Bxq1nHnG8M aEaFyEwbJ8z7UwI5yLAbspJx5s82MRENrpCdUnpZ8Uqk/iKy77bpDs4OwMBPJMe888xM xHWra8XuXFcOIwI7gO2kMFND2tL+F9rr+/6bwR31HXPA5U372WZX3dFGqJx5pWBZknp4 CL+FgOFMfiIa5/QUPgcms5F459IXO8zlbFJ99ZaQdg2JVJglNuhMTLU4AshyXyONSw0B zGbhiv8cSCSGNtDjSpGrbn/iBDsueOb/jEYv5CDU79w4bTn69FK/qx9RhHB+8Ux1vwNc /3AQ== X-Forwarded-Encrypted: i=1; AJvYcCWxtahtp6wByESae9iG3kSNdCd4CXEVK4imFaUu0+u35DK5pYfxNsjzX7gJqa47X3sEi9x48UEUb3+/Nv/kV7Zd@vger.kernel.org, AJvYcCX54v8tM8egwVo5yLenSWu0HQhdSGkqvoN0z8CPr/sE6H9HfmCnTQwsiZaQzCAt9ea/lMbFmNsuYj+P6pk=@vger.kernel.org X-Gm-Message-State: AOJu0Yw0cAtCUTOFdwJPB1+dJU81IwY5DxBmggKUYJvWWnu5de+ZCNDp hDwHyWjLrmh3iA72RQAImmYqRZD43jQuafVN7UT7V2iEhUfHgCO2 X-Gm-Gg: ASbGnct/AwbRUlug8hFyARo01qFt3RTwJw3EKsZtzXPMnt147I3gmOhu4ri3xcA6InU 1yp+8Bro9WA84TXzD3lQRroy9AzSaGlXxmsL/NpwHEBUz7gHTAXCmw84dXXQ2guPRV2KsV+TNfe kBq+/iLCu2yOwuwYgHynNLzg5WVy3bC5Hfl20MmEB1u4XA+H8yslvaYaDyTCtuB7V/Dv0x9cucI FeoGne6CciCIfbJ17XIXcTuahfujAHkdFuoNT2x5+D66cMwPYzW/3BtXM10rwZ+ghTJrNOvZPoN gRKlnWrNItlPhCht9+YXEeBFBow1RkbIUlJGs2u5a2OLxsPnPt9KqcKdBWa72VvAr8EIC5GKFJo hRz3u5Bg5KPBWD4ekvqIfMYnuPgHej+wY4NlNBIMvngc= X-Google-Smtp-Source: AGHT+IGxUdijvIUHSsavOxjOEGtqnGWOKkNqobQSxe06Fq+xOGdhhx0QApPI1c+j5z6WHzO8JVwaLA== X-Received: by 2002:a17:907:1ca4:b0:ab6:d575:9540 with SMTP id a640c23a62f3a-abed1076c86mr522925566b.50.1740514597100; Tue, 25 Feb 2025 12:16:37 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-abed201218fsm194319666b.104.2025.02.25.12.16.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 25 Feb 2025 12:16:36 -0800 (PST) From: Eric Woudstra To: Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH v7 net-next 10/14] netfilter: nft_flow_offload: Add DEV_PATH_MTK_WDMA to nft_dev_path_info() Date: Tue, 25 Feb 2025 21:16:12 +0100 Message-ID: <20250225201616.21114-11-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250225201616.21114-1-ericwouds@gmail.com> References: <20250225201616.21114-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org In case of using mediatek wireless, in nft_dev_fill_forward_path(), the forward path is filled, ending with mediatek wlan1. Because DEV_PATH_MTK_WDMA is unknown inside nft_dev_path_info() it returns with info.indev = NULL. Then nft_dev_forward_path() returns without setting the direct transmit parameters. This results in a neighbor transmit, and direct transmit not possible. But we want to use it for flow between bridged interfaces. So this patch adds DEV_PATH_MTK_WDMA to nft_dev_path_info() and makes direct transmission possible. Signed-off-by: Eric Woudstra --- net/netfilter/nft_flow_offload.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index 323c531c7046..b9e6d9e6df66 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -105,6 +105,7 @@ static void nft_dev_path_info(const struct net_device_path_stack *stack, switch (path->type) { case DEV_PATH_ETHERNET: case DEV_PATH_DSA: + case DEV_PATH_MTK_WDMA: case DEV_PATH_VLAN: case DEV_PATH_PPPOE: info->indev = path->dev; @@ -117,6 +118,10 @@ static void nft_dev_path_info(const struct net_device_path_stack *stack, i = stack->num_paths; break; } + if (path->type == DEV_PATH_MTK_WDMA) { + i = stack->num_paths; + break; + } /* DEV_PATH_VLAN and DEV_PATH_PPPOE */ if (info->num_encaps >= NF_FLOW_TABLE_ENCAP_MAX) { From patchwork Tue Feb 25 20:16:13 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13990750 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-ej1-f43.google.com (mail-ej1-f43.google.com [209.85.218.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 02E95216E19; Tue, 25 Feb 2025 20:16:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.43 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740514601; cv=none; b=XRh+mWWQ477nmrGjmCd6CpeqWciOWE28qCm5Uf/2FUa6jn2eNW+WLBFvc4IPB3vVRuS+N+ipTVxT0WPdEJWSsbF4uIN8S9/AOlUGg6mIgdlxhR0DA9LXMJdG81J5ExvAINrEAe5+kTMqC6ghXkGlNmfmJY5z1Vef0nNyXjg+mw0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740514601; c=relaxed/simple; bh=8dcYAV0MonhKL6O5x+ptHAAw+fbiOOhKssEKku03mBc=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=dOPX083GIbswfNpXOemS4WyonKS9EXgdDOckprl8RPTatgHCpSXPPcbnY6W5tRk+7RYHagrVsMUjgIEc1gPu/ejog/hjlyT5TJsh/q8ccCv/Anoe9KFkJBJvQhslkz5Uqst3koglV2kRrkV1xnMZV6Yh5T7bNAfGGIxnMlRmLg8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=T3K+Lcfz; arc=none smtp.client-ip=209.85.218.43 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="T3K+Lcfz" Received: by mail-ej1-f43.google.com with SMTP id a640c23a62f3a-abb7f539c35so1171754166b.1; Tue, 25 Feb 2025 12:16:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1740514598; x=1741119398; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=BVAkTZii1Gy4XRugZsnKaWDIV+1UdUIxS1E1wVQkwnU=; b=T3K+Lcfzq+mAH1mKU3oTt/XVqp6whIVz00Mlv0eU3f8xkYIH6zpQSCxHEGhD9jVy2D sXpIQeRQ+v0YKBrlER0eWbYOhdGklOJSl++lOQopRQRcAzPoRs80RZaOAZBPQOmXXh8P aBPqQSaERhIls3X2AJBaeptKldkQyM7qm0DCgqHgO8GRo2wVgAJrgZFyvCl6h1Gni5IN hqLs151iz8DDoD9B58hRnKyISNocbfOdwWk74lRVz5q/fuMoJCyqZhu53b+LizEVOtvT ABtHow/XZUA3PeZE7KGB9x8PINaZFEKcRtzxpv7kf/mT7fSafZfk/x1+6ruXSOhao5hE vZPA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740514598; x=1741119398; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=BVAkTZii1Gy4XRugZsnKaWDIV+1UdUIxS1E1wVQkwnU=; b=kRcV6glHqQxXVI2N6jTIWaA9KDRt6xJ5rw8P5uv+684zOhcUwzmb175ZBw5f4uq8tP FEtDOhukXyQnXxyYtd68Ma8s4yfVI3cJXxMmamBu5ydWlJ+eDPr/SSa2ck8HfAg9H5UE dbjBl234bXbvBV/a+8QKbLSiqVyj5YDt9W/tsIkpu3twSQlu0vvEZj9GxGATxnmsTxVG IMURPU7gYMH6GFdPeUNj21s/ACBJMEhCR1Jwam8yZpQjdmFg6nDQvjU2DNNE3GHHaHrs 7kQGWS/Q0RK5Wpd5DRHrQfgtsIEgo608ZQYfaLj4N33mGmnrwK8bUwbREc442c6I4XJ+ FWbg== X-Forwarded-Encrypted: i=1; AJvYcCVNLjL1fJRhhEHsZl2KheQo9y8zGVYjnQGDjKmn+0al5pGsm2tJqVhxIyNgqgiVMhxGxTFyQcG0Y3ZW6OjZ5Hwu@vger.kernel.org, AJvYcCW9cpj/KKL4X8mE9vEy/aYpEEvFFV6PyKxbR6qIjYGxwZjycyWSH/dgNqg5RgCFcHfaCG4Hc1+Rkbu8o3Q=@vger.kernel.org X-Gm-Message-State: AOJu0YzNRxAvtGNkBkK1SwmjGTIhiL/68RHyjFLBzreZ7AFoNKpm76KE 0aJyoJQXIVsB0rlJQ62zZ9afFoLdeZvRyi35g+TJZGrzg7ljYejC X-Gm-Gg: ASbGncuN0ISWQYAEX+Op0ISjKbYDMa/RJMzQl6LcAfVd2Nd8u8p3jG2mOBRXXK8O7fy RceQikOMd+Md2t6SeKbhqh/xJy2BPWMpilKKxjNAYIJ0/G3JLZPj9Fv/pIL8bOayqN3+hnryqAH IMPBF6AI/F7GCumr5BDYyhDlSoPrQagDPZsjdwkq4uxZxdW3MqWGPbouf5kLUJ3v9kByiGiDTuI K3eIUctYrmmElx6YR+1r0oJS1zI6zZegdt4VEfKj+gHk/xvuOtEtOCkMZm6uUhbydbKpoF+NX4+ qtrMcCQLQgLyHyVBQ8XEt0n2AINjHdHMEZDDXVbCnmRpNpfhLnmBdxwgI6smNElNpdXf2lCH11f f+I0a9nZFRb2S7sOJhPl7rwp93pKU3R3cW0gtMe4RgzM= X-Google-Smtp-Source: AGHT+IFK/xb0AH8q2XIcdgGFCG2/1S/vlx3qUjtu2T+2XCeJrxRROpGepkKKWsPoi8GIWtQoo7ZUrw== X-Received: by 2002:a17:906:a952:b0:abe:eebf:ae54 with SMTP id a640c23a62f3a-abeeebfc352mr51844866b.20.1740514598236; Tue, 25 Feb 2025 12:16:38 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-abed201218fsm194319666b.104.2025.02.25.12.16.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 25 Feb 2025 12:16:37 -0800 (PST) From: Eric Woudstra To: Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH v7 net-next 11/14] netfilter: nft_flow_offload: No ingress_vlan forward info for dsa user port Date: Tue, 25 Feb 2025 21:16:13 +0100 Message-ID: <20250225201616.21114-12-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250225201616.21114-1-ericwouds@gmail.com> References: <20250225201616.21114-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org The bitfield info->ingress_vlans and corresponding vlan encap are used for a switchdev user port. However, they should not be set for a dsa user port. Reviewed-by: Nikolay Aleksandrov Signed-off-by: Eric Woudstra --- net/netfilter/nft_flow_offload.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index b9e6d9e6df66..c95fad495460 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -116,6 +116,11 @@ static void nft_dev_path_info(const struct net_device_path_stack *stack, break; if (path->type == DEV_PATH_DSA) { i = stack->num_paths; + if (!info->num_encaps || + !(info->ingress_vlans & BIT(info->num_encaps - 1))) + break; + info->num_encaps--; + info->ingress_vlans &= ~BIT(info->num_encaps - 1); break; } if (path->type == DEV_PATH_MTK_WDMA) { From patchwork Tue Feb 25 20:16:14 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13990752 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-ej1-f44.google.com (mail-ej1-f44.google.com [209.85.218.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3B5D120E70B; Tue, 25 Feb 2025 20:16:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.44 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740514603; cv=none; b=BjpVMei3KS5z3anWILRded4sPtiOmeQPnVtEhpd4sVo1713rsnBYERWKXhCpxpBD13pbSehj7OxEuZugi8hJE3j2ipVeefLxO/wzkGNqzRnY8fzzNlBxegV8ranGpcLfN16iiOLQQS3Bt0qWeRC+3CbKwYSjbDddwL2qJ+K0PAk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740514603; c=relaxed/simple; bh=7mcwChSKiCve0A+5TUtOf0dA+ljFl2navKj3ueTAL1M=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=YL6gTsN83yMUjc3DN1QIYvRfJUkIUsiebzLn8HM8Ev256WsMpD39PBagAuZdGvoLmBp0HCtIJht3Vbi7136ETko6b1kXOu2KldbMvuptLQe310Ea4G12EWOLVtS+G8WznK0DGkyWiG1fDK2pCwNlNUOmINqrCT99+r9XDAdhcfA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=ggBubvwl; arc=none smtp.client-ip=209.85.218.44 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="ggBubvwl" Received: by mail-ej1-f44.google.com with SMTP id a640c23a62f3a-ab78e6edb99so857086266b.2; Tue, 25 Feb 2025 12:16:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1740514599; x=1741119399; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=KGHKkM4qxKd9EB0pt79Yst8lznP4qD+tbsrDkGhaAL8=; b=ggBubvwlvZR1ekGkmmEndA+MhbKIemXofD9kEMffGIsHCK6vW+Nk6yboAvO57H73fv Op6opgHP5CT9daPsbRgbeGlHUo8zE02oS3EYKiaduD+cHAIJcB1uvd/Z63ca+ROfPcPW OzLKId+j3kGnf4xW8uUu8mBDghePhicRdNFU9X35TEdqp1mJuEdDfxZplJ+O/F9hJu1v 5926ZisQaUhwrqsoWOToAbCITyZ8D1ifrCar28fxBfSU2qDCk2AzRhWrioUSEpJpUBdl bCCvmNwhwo5cz67Cmr7UTEMN+SMvL8tgVdu3mNOe5S6syQgvfkaaHimOO05CTshCkgtj rzhg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740514599; x=1741119399; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=KGHKkM4qxKd9EB0pt79Yst8lznP4qD+tbsrDkGhaAL8=; b=RBuPSlQM2J+dTidkWa19VqHRgYn65EHqqtqjRknREohKOG54UwepjyqeCo/rCWyh/v +P54w2iTuO/Y4EPeEDkCV4v4aElwaoMo1yxad4dw6vIRs2bL21Dbt6ryY8/E0Av0G57f W5uZq3IR0eGe72WGXYAdFUw8AyV1oj6Ovxs8REICG3i75ZeNz/5S+zWXOXZ1B36M336M DHkgLnG2Yk5Kje0lyzY/689dp9LOFc3rLxSw9G+o5RLLjvm6BRR0Zk9YRa188GVSwv4Q 5iWb7qDbrop2CLsjk/hVJFnG4MygfpnN4AFBc+0JzXWmG2JA0PZ9IOKLCmzfO/w/Bc30 6Klg== X-Forwarded-Encrypted: i=1; AJvYcCW52vvthVpyzS7moPdZQfdHmXg+2U6tyfVSrIU2aNcsmnFtE63JOZELQ6YESn4Pz+I/1gKYLtUMe62cyS8=@vger.kernel.org, AJvYcCWfZeRaZR4dkqIhEvEnH8Szfue18q+3TpdpoHrkOIjDPTJMCU7HtJYC/y5Rij4thBDUFYfjVuwEuJLblyUg5CBz@vger.kernel.org X-Gm-Message-State: AOJu0YwS8NEaIKFu7jwXiSKftDwPCgezrnGgyuI1GZzbIi5T7XZfmfXs rQGkYMWPf3IPxZgFcT7dgDRbdGZ6rtLJ6O8yrCmMZF85HjbH1EP2 X-Gm-Gg: ASbGncu6LGSTsM7kFSwHyZ3wq+Di8L8/BHBf/hTJmFlAwFwdhg+I/5GMsPGEL7LG99X EG1BCx4OsQHQpoXn6emm6PzdIdbTz2GVTIEy7/SWj2SjO/camjdgodIf8lPmbw/IM4XS8kp0vX9 9WS7Rj9avyciNyn+uJvqKzieyWB3pow1O0RtNJHLVT4OiWlFrIlBSMdHmtxNqGdi3hyp9vrnQMB TA4D3qsd5GzhzDojOyX883UvBjl5DaoZ1a0OwVmbJNFO2r3e4ilZXmWoh2wB18HF9eE7kxc/4pn eI8Riuozb7qB8Z6HR1Szcz+NXqpelQou+/kBK4GLAG1wrTJpmQSxB4fnWBFGwoM/liZxAjJCku+ 9Ac3HkLtDTKlJhT9V1uYx+eSngMnOyiO5Ol8SGqDIv/s= X-Google-Smtp-Source: AGHT+IGi2J/TnVCJd90qLZXF9lqOCTre926lpkEhBqqXbPwSB79k3fejjuPTlF2AD8MG8+y85aZBLg== X-Received: by 2002:a17:907:da0:b0:abe:cee1:6a9 with SMTP id a640c23a62f3a-abeeef36315mr55361166b.43.1740514599361; Tue, 25 Feb 2025 12:16:39 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-abed201218fsm194319666b.104.2025.02.25.12.16.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 25 Feb 2025 12:16:39 -0800 (PST) From: Eric Woudstra To: Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH v7 net-next 12/14] bridge: No DEV_PATH_BR_VLAN_UNTAG_HW for dsa foreign Date: Tue, 25 Feb 2025 21:16:14 +0100 Message-ID: <20250225201616.21114-13-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250225201616.21114-1-ericwouds@gmail.com> References: <20250225201616.21114-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org In network setup as below: fastpath bypass .----------------------------------------. / \ | IP - forwarding | | / \ v | / wan ... | / | | | | | brlan.1 | | | +-------------------------------+ | | vlan 1 | | | | | | brlan (vlan-filtering) | | | +---------------+ | | | DSA-SWITCH | | | vlan 1 | | | | to | | | | untagged 1 vlan 1 | | +---------------+---------------+ . / \ ----->wlan1 lan0 . . . ^ ^ vlan 1 tagged packets untagged packets br_vlan_fill_forward_path_mode() sets DEV_PATH_BR_VLAN_UNTAG_HW when filling in from brlan.1 towards wlan1. But it should be set to DEV_PATH_BR_VLAN_UNTAG in this case. Using BR_VLFLAG_ADDED_BY_SWITCHDEV is not correct. The dsa switchdev adds it as a foreign port. The same problem for all foreignly added dsa vlans on the bridge. First add the vlan, trying only native devices. If this fails, we know this may be a vlan from a foreign device. Use BR_VLFLAG_TAGGING_BY_SWITCHDEV to make sure DEV_PATH_BR_VLAN_UNTAG_HW is set only when there if no foreign device involved. Acked-by: Nikolay Aleksandrov Signed-off-by: Eric Woudstra --- include/net/switchdev.h | 1 + net/bridge/br_private.h | 10 ++++++++++ net/bridge/br_switchdev.c | 15 +++++++++++++++ net/bridge/br_vlan.c | 7 ++++++- net/switchdev/switchdev.c | 2 +- 5 files changed, 33 insertions(+), 2 deletions(-) diff --git a/include/net/switchdev.h b/include/net/switchdev.h index 8346b0d29542..ee500706496b 100644 --- a/include/net/switchdev.h +++ b/include/net/switchdev.h @@ -15,6 +15,7 @@ #define SWITCHDEV_F_NO_RECURSE BIT(0) #define SWITCHDEV_F_SKIP_EOPNOTSUPP BIT(1) #define SWITCHDEV_F_DEFER BIT(2) +#define SWITCHDEV_F_NO_FOREIGN BIT(3) enum switchdev_attr_id { SWITCHDEV_ATTR_ID_UNDEFINED, diff --git a/net/bridge/br_private.h b/net/bridge/br_private.h index a0b950390a16..b950db453d8d 100644 --- a/net/bridge/br_private.h +++ b/net/bridge/br_private.h @@ -180,6 +180,7 @@ enum { BR_VLFLAG_MCAST_ENABLED = BIT(2), BR_VLFLAG_GLOBAL_MCAST_ENABLED = BIT(3), BR_VLFLAG_NEIGH_SUPPRESS_ENABLED = BIT(4), + BR_VLFLAG_TAGGING_BY_SWITCHDEV = BIT(5), }; /** @@ -2184,6 +2185,8 @@ void br_switchdev_mdb_notify(struct net_device *dev, int type); int br_switchdev_port_vlan_add(struct net_device *dev, u16 vid, u16 flags, bool changed, struct netlink_ext_ack *extack); +int br_switchdev_port_vlan_no_foreign_add(struct net_device *dev, u16 vid, u16 flags, + bool changed, struct netlink_ext_ack *extack); int br_switchdev_port_vlan_del(struct net_device *dev, u16 vid); void br_switchdev_init(struct net_bridge *br); @@ -2267,6 +2270,13 @@ static inline int br_switchdev_port_vlan_add(struct net_device *dev, u16 vid, return -EOPNOTSUPP; } +static inline int br_switchdev_port_vlan_no_foreign_add(struct net_device *dev, u16 vid, + u16 flags, bool changed, + struct netlink_ext_ack *extack) +{ + return -EOPNOTSUPP; +} + static inline int br_switchdev_port_vlan_del(struct net_device *dev, u16 vid) { return -EOPNOTSUPP; diff --git a/net/bridge/br_switchdev.c b/net/bridge/br_switchdev.c index 7b41ee8740cb..efa7a055b8f9 100644 --- a/net/bridge/br_switchdev.c +++ b/net/bridge/br_switchdev.c @@ -187,6 +187,21 @@ int br_switchdev_port_vlan_add(struct net_device *dev, u16 vid, u16 flags, return switchdev_port_obj_add(dev, &v.obj, extack); } +int br_switchdev_port_vlan_no_foreign_add(struct net_device *dev, u16 vid, u16 flags, + bool changed, struct netlink_ext_ack *extack) +{ + struct switchdev_obj_port_vlan v = { + .obj.orig_dev = dev, + .obj.id = SWITCHDEV_OBJ_ID_PORT_VLAN, + .obj.flags = SWITCHDEV_F_NO_FOREIGN, + .flags = flags, + .vid = vid, + .changed = changed, + }; + + return switchdev_port_obj_add(dev, &v.obj, extack); +} + int br_switchdev_port_vlan_del(struct net_device *dev, u16 vid) { struct switchdev_obj_port_vlan v = { diff --git a/net/bridge/br_vlan.c b/net/bridge/br_vlan.c index a18c7da12ebd..aea94d401a30 100644 --- a/net/bridge/br_vlan.c +++ b/net/bridge/br_vlan.c @@ -109,6 +109,11 @@ static int __vlan_vid_add(struct net_device *dev, struct net_bridge *br, /* Try switchdev op first. In case it is not supported, fallback to * 8021q add. */ + err = br_switchdev_port_vlan_no_foreign_add(dev, v->vid, flags, false, extack); + if (err != -EOPNOTSUPP) { + v->priv_flags |= BR_VLFLAG_ADDED_BY_SWITCHDEV | BR_VLFLAG_TAGGING_BY_SWITCHDEV; + return err; + } err = br_switchdev_port_vlan_add(dev, v->vid, flags, false, extack); if (err == -EOPNOTSUPP) return vlan_vid_add(dev, br->vlan_proto, v->vid); @@ -1491,7 +1496,7 @@ int br_vlan_fill_forward_path_mode(struct net_bridge *br, if (path->bridge.vlan_mode == DEV_PATH_BR_VLAN_TAG) path->bridge.vlan_mode = DEV_PATH_BR_VLAN_KEEP; - else if (v->priv_flags & BR_VLFLAG_ADDED_BY_SWITCHDEV) + else if (v->priv_flags & BR_VLFLAG_TAGGING_BY_SWITCHDEV) path->bridge.vlan_mode = DEV_PATH_BR_VLAN_UNTAG_HW; else path->bridge.vlan_mode = DEV_PATH_BR_VLAN_UNTAG; diff --git a/net/switchdev/switchdev.c b/net/switchdev/switchdev.c index 6488ead9e464..c48f66643e99 100644 --- a/net/switchdev/switchdev.c +++ b/net/switchdev/switchdev.c @@ -749,7 +749,7 @@ static int __switchdev_handle_port_obj_add(struct net_device *dev, /* Event is neither on a bridge nor a LAG. Check whether it is on an * interface that is in a bridge with us. */ - if (!foreign_dev_check_cb) + if (!foreign_dev_check_cb || port_obj_info->obj->flags & SWITCHDEV_F_NO_FOREIGN) return err; br = netdev_master_upper_dev_get(dev); From patchwork Tue Feb 25 20:16:15 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13990753 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-ed1-f47.google.com (mail-ed1-f47.google.com [209.85.208.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5410221930C; Tue, 25 Feb 2025 20:16:42 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.47 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740514604; cv=none; b=A7Kcyr0QOz8Wd811tMHrMB5UV4da8hhhdNV3P84xoTn1fcf6zgAakn5MNveA2CyD1stw2Qsuv3M5tDjVGSCZwrViney2l8QHbFxvLsGsY7pO436811dT8zjbrDAhSDJJu9QtOO+GHsE5uRrw5TLiQe+tyJdNEvqKfO/e7BJFIZo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740514604; c=relaxed/simple; bh=1+de0DPWCMsSJ95CqVzExQJhx0fjAqUotezYoUhDTKQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=mcZQRtqzwz62PfYVbnE4flmJH6D+KCuc1xA+172eV77NsktToB8nr4vNqpQMgJoIMRbo54u0pdYB+z7/n/edShEYemWFhaEZHfqWzRLXS4AUqjqBsFU1Nq82VcSfic1QhWFAC6szyS0kw5g/7zXYUNIXJZWDVgcM0rDgrClkVNU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=RqU3UFND; arc=none smtp.client-ip=209.85.208.47 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="RqU3UFND" Received: by mail-ed1-f47.google.com with SMTP id 4fb4d7f45d1cf-5e02eba02e8so8210121a12.0; Tue, 25 Feb 2025 12:16:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1740514601; x=1741119401; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=lqvEEiGjtfCg1O2c4wJsc9rlXi5oFjjuoYnCbbZ/cQM=; b=RqU3UFNDlzgBF6orq9BOqDCgb/9HDpL/j79ZlLq8TIPaqAls3yePd7F5n08OQ5hpEy ey1zLTZbp6Jyumoy4EJxjsDfZQicdbYAwoKYvmnHTVtM5zbuIg8e7hf4294CJ54j+0li TS0tN1N70BpgML4t97aiPvNH6CyTNc+0OoGSHBNFWpeRo5bLXTJQtjbBwMqDXjQJyVgn LR5TE6knXOHrJkRRN0SvCdQK4kS/hqZ5gc9rk/mhsDA91LSaQP8YdKn6Z/HFVPlNZ+5r DeG435FY1q1URd4O+bs1kmm/MioyTs3NN5X6OTN2D5Ew72xUuXqcpR1TMCdgQ58cMjKl myow== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740514601; x=1741119401; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=lqvEEiGjtfCg1O2c4wJsc9rlXi5oFjjuoYnCbbZ/cQM=; b=iPcS3EpioOngtwPWjngaf5H7/nDZKi6LcFXiEGt4GJ18hhbAyCdc97+z3gDoJQSGcg A4NNAo4HS8a6uFRuzkT6eJMHO1mKR0ndWLjSNBweMcot70u78p9GPtEurIzCUHWX+4As nS3IXgNTOsFuSmHIgu4zuAJ6Z87g2B1PUJHsnuOwzhE6vQa8JJi8+1XLNnWFm+/IfAEk iBT3bm0XWgZmcAf8tZmT6pKZf0vNY+OwyOtwHge5JtpOGDq8M8WXcenEYryWXrbu5JXO vQ0IwmqDc9pIgUrLl9+hxaMJS1CLL8LFT4azg2ezPnCyCsn2CkvKmd88qQmmZuP8cRAe wx1g== X-Forwarded-Encrypted: i=1; AJvYcCWERYQ5a1UtUjFYUbblA9Zf0EsY4Wsw9pnhxzsed+2E+Z2LI+NrGZ1CmwCQtipgAn+iZbDYg1q75LlixmSsaHET@vger.kernel.org, AJvYcCWiMaX3phvQfHSiuQcqhRXqgMCS7D32V5JB4+j87sWeLGKZujtrung21Djgb6LQ9B+GjK+M+rjVYRmYZnM=@vger.kernel.org X-Gm-Message-State: AOJu0Yx+kSd9Gm6VjWwSKvKScBl9TjosmSmIlapDWXRauBBvKgr10iYO N6eXVi7HG0rqB9KVlVpYq6VaA0XTmXW0PuLNUUDxjBNKb+bL+/2S X-Gm-Gg: ASbGncvag7bvexTvi+cbftzmB78+BC8hcU5bdiCTJddqgJbJGxpDEA1bNT5QLRF5IDq G/flO2b9ftvpULHOtAlJQdDVBzOXFx8SvEo/dVJiYcbpZkOdnB3mzeXr4gS8rUsqjMmGqUY/JBW FwDLIsqSE3M2Uf9YMQwxKG5yaID4cmdQVnYFQqRu6BqRdExWMZeBLwYMGd6yXrWFIwEeSByIb+i vLEl37KalwZ+CLOxHtcrSTmMXo8B2ilhRPc5R5CWm7ebrrZs0nzHyFxdMZyoQWhCSP38zJjyXSa OCovn6ExUtYLFMDNCVMRZaoHBMGwu7WAXekK6+0phqFc4avRpq4A6AXrDnkH3NNKraqHGQUuQnN XQ+OQSfm6M385C7DMPBSZHz7isYhhlJXM+11lRL/q2fQ= X-Google-Smtp-Source: AGHT+IHhGusG5BMLrTa3hM8cjvDcEm75Lf8vLAMleB4CleirSzLNiv+mlxD0ehZbqG9bpzWHQ5wVQQ== X-Received: by 2002:a17:907:3e0d:b0:abb:b209:aba7 with SMTP id a640c23a62f3a-abeeedcf3bbmr43896266b.26.1740514600495; Tue, 25 Feb 2025 12:16:40 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-abed201218fsm194319666b.104.2025.02.25.12.16.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 25 Feb 2025 12:16:40 -0800 (PST) From: Eric Woudstra To: Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH v7 net-next 13/14] bridge: Introduce DEV_PATH_BR_VLAN_KEEP_HW for bridge-fastpath Date: Tue, 25 Feb 2025 21:16:15 +0100 Message-ID: <20250225201616.21114-14-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250225201616.21114-1-ericwouds@gmail.com> References: <20250225201616.21114-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org This patch introduces DEV_PATH_BR_VLAN_KEEP_HW. It is needed in the bridge fastpath for switchdevs supporting SWITCHDEV_OBJ_ID_PORT_VLAN. It is similar to DEV_PATH_BR_VLAN_TAG, with the correcponding bit in ingress_vlans set. In the forward fastpath it is not needed. Acked-by: Nikolay Aleksandrov Signed-off-by: Eric Woudstra --- include/linux/netdevice.h | 1 + net/bridge/br_device.c | 4 ++++ net/bridge/br_vlan.c | 18 +++++++++++------- net/netfilter/nft_flow_offload.c | 3 +++ 4 files changed, 19 insertions(+), 7 deletions(-) diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h index 695445927598..9ac7142ee493 100644 --- a/include/linux/netdevice.h +++ b/include/linux/netdevice.h @@ -869,6 +869,7 @@ struct net_device_path { DEV_PATH_BR_VLAN_TAG, DEV_PATH_BR_VLAN_UNTAG, DEV_PATH_BR_VLAN_UNTAG_HW, + DEV_PATH_BR_VLAN_KEEP_HW, } vlan_mode; u16 vlan_id; __be16 vlan_proto; diff --git a/net/bridge/br_device.c b/net/bridge/br_device.c index c7646afc8b96..112fd8556217 100644 --- a/net/bridge/br_device.c +++ b/net/bridge/br_device.c @@ -430,6 +430,10 @@ static int br_fill_forward_path(struct net_device_path_ctx *ctx, case DEV_PATH_BR_VLAN_UNTAG: ctx->num_vlans--; break; + case DEV_PATH_BR_VLAN_KEEP_HW: + if (!src) + path->bridge.vlan_mode = DEV_PATH_BR_VLAN_KEEP; + break; case DEV_PATH_BR_VLAN_KEEP: break; } diff --git a/net/bridge/br_vlan.c b/net/bridge/br_vlan.c index aea94d401a30..114d47d5f90f 100644 --- a/net/bridge/br_vlan.c +++ b/net/bridge/br_vlan.c @@ -1494,13 +1494,17 @@ int br_vlan_fill_forward_path_mode(struct net_bridge *br, if (!(v->flags & BRIDGE_VLAN_INFO_UNTAGGED)) return 0; - if (path->bridge.vlan_mode == DEV_PATH_BR_VLAN_TAG) - path->bridge.vlan_mode = DEV_PATH_BR_VLAN_KEEP; - else if (v->priv_flags & BR_VLFLAG_TAGGING_BY_SWITCHDEV) - path->bridge.vlan_mode = DEV_PATH_BR_VLAN_UNTAG_HW; - else - path->bridge.vlan_mode = DEV_PATH_BR_VLAN_UNTAG; - + if (path->bridge.vlan_mode == DEV_PATH_BR_VLAN_TAG) { + if (v->priv_flags & BR_VLFLAG_TAGGING_BY_SWITCHDEV) + path->bridge.vlan_mode = DEV_PATH_BR_VLAN_KEEP_HW; + else + path->bridge.vlan_mode = DEV_PATH_BR_VLAN_KEEP; + } else { + if (v->priv_flags & BR_VLFLAG_TAGGING_BY_SWITCHDEV) + path->bridge.vlan_mode = DEV_PATH_BR_VLAN_UNTAG_HW; + else + path->bridge.vlan_mode = DEV_PATH_BR_VLAN_UNTAG; + } return 0; } diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index c95fad495460..c0c310c569cd 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -148,6 +148,9 @@ static void nft_dev_path_info(const struct net_device_path_stack *stack, case DEV_PATH_BR_VLAN_UNTAG_HW: info->ingress_vlans |= BIT(info->num_encaps - 1); break; + case DEV_PATH_BR_VLAN_KEEP_HW: + info->ingress_vlans |= BIT(info->num_encaps); + fallthrough; case DEV_PATH_BR_VLAN_TAG: info->encap[info->num_encaps].id = path->bridge.vlan_id; info->encap[info->num_encaps].proto = path->bridge.vlan_proto; From patchwork Tue Feb 25 20:16:16 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13990754 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-ej1-f54.google.com (mail-ej1-f54.google.com [209.85.218.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 97E3721B9D2; Tue, 25 Feb 2025 20:16:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.54 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740514606; cv=none; b=tMNghqtRiXNADQhPHbouXhx9MuUaX7fDMb5p2JKIS7tefCaecrpkKvip5LD0JkUFDj8+EZlxtE/6T9PBtHc7Q0mBHeLS3LV9SLjWpbptq8+BoZn2Iybzcmd/IX0+Gms2qxhG/oTM80wPAHkF7JKgnuNg6GGngzgYo0z3Mu2pO3I= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740514606; c=relaxed/simple; bh=ao9814Zv6bDQnM5yUC6g/RI939BnwcO/605XslPLDVA=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=csapvVm59sn26bcfvFg0ID8EtPUe8TJ2INC/2xEbEMBF5yxChZTkWJq7LtoklzhedliEVBe+Jlu/T9yVlQmE7fec60Em6KilMt5eS9tauUMHhp8LQq3uV4WVdqp7yI4JTN+1SXHacGMe0xhL5TD0CC5EXJ41Iq+/4Y8ZfEGBG5c= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=j96eEWMO; arc=none smtp.client-ip=209.85.218.54 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="j96eEWMO" Received: by mail-ej1-f54.google.com with SMTP id a640c23a62f3a-abbdf897503so36715266b.0; Tue, 25 Feb 2025 12:16:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1740514602; x=1741119402; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=E8P5h61gnv0DfF0R+vjh2CpjgGHUfjM4UjNVV+Pbc34=; b=j96eEWMOP3Phcf13bSY4u+bwGrMWS1lGwamp6Tvq6aCnnaKY6AssBb3XkjXgjxlYJ3 CcbOJEyuAsKsGhHzAPY1+uqHGkHPCSUHo4Hvs8ZwWceLnaal3uIppwnrqSOeajv8qVG6 yxLn6cyZaTSqcC0ht/PKYJ5tn9l+N+a28TM6uXUTc6E/vFVvTzeXPzIx5uiDIV2WGb8q 0GVuM7ZEsutqzP4un2j2S1EdDMDTvBGS5HECl3iZwPEh+a7jE0P8bZTbY/cxPxqvRu8F aNcULP7D+pQFgRGC+xNJGOiSWzuw9ateJ2qvt++UM8wFgjsU1I4JsGewjD3JRtFeOy1w eZuA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740514602; x=1741119402; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=E8P5h61gnv0DfF0R+vjh2CpjgGHUfjM4UjNVV+Pbc34=; b=ONLXv2VSagVcRzIuYteyQ91tag+80GM4v+RpBk0adTPjua1WWOqo+9XxO9PJhZNhTC h+E0oHUA2kPI5JJkhDsAsca7nsaHmjL+4jVwlgIvWgVCVqY1BjG5GdZmq0IaT+4cRSZj 26omvEva4lrf7K9yAWm70atdhqBpdfbso+7+t/i27re0DXlO6scwW5A8ny4t7389Ch1y LN4knOTC+IeiFg9+s5aqCo9LHJzCCxj5Q+qH3iGoWBqJ6mFAhtZ1GNFd191TehUNluSP QXlFpkLL0p43tDftULckTaAzggGAXwGzhfuTVunrZKSfOmzFGplVDqzOVJONQnO2fsgc ODXw== X-Forwarded-Encrypted: i=1; AJvYcCWtII5GEjv0j9w2si7qUvywLOafuENoFCCoBJFi5aTmPGF3JS74iEHaf51I3xC7WwmTdYfM3LdYqlAOSXY=@vger.kernel.org, AJvYcCX3r5ihwKSOC5tHscGKG+m0gFVb25Ax6+dJo7HcTrNOTCBFq0gNVnnHLUcQTpAD0kJF+tJ8WaTN8GatXhWj6lcN@vger.kernel.org X-Gm-Message-State: AOJu0YwAKwCvZKYhSxM9HHN96+0yKTK4abaGCQtpAHPjxRbIK+DRPQpN gvwS61dmoZJ9ixdA1p/k6zT2ABgp3Z8o/mxFaQzl6dcL3lCgA1cI X-Gm-Gg: ASbGncs0M9p/4ojLiQsVY287VxVdbqiAVU+fkE7gW5blngTucYO2zPV2eInpFN1xxsR NVnylsQg5VZfnIaplOi4z2TtfCzdCJgEkOWrAUBvaWyGenffWUFedat6QV+NXXVvfqTXZVK5C0P odKjB+2W9dTXHzTJZuq5lM/Z7W/iY1NfDx7ufiRIktmfYRhZPXqE/Z6Aj9Aok0qmY8zqs5yJPex pGrVANILjM6SrMUm1iYexp6asB/F/om6rO+Sc400Vr/DWSzLN8yDQIfQlR46oEQJ01kIq9Vq0Xi Yx3kisvNqMTgWqXQZKLdol5HBQtXNNVGuE7Z8xBpdkcKdl/4bsfO7xwVGbTfzHmih7R2v6pFRj3 S8r3B3hnpowfto1jBnqbxcU9pbiZqkrAPx+o/sgawzh0= X-Google-Smtp-Source: AGHT+IErCNHvUEetSRKi2Fz/dRzAsZ4C8dWcnPsAPVqwFDmd0GWTebWBy4vbvP5wLftQ4Gc/RXx2yA== X-Received: by 2002:a17:907:7fa4:b0:aba:e1eb:1a90 with SMTP id a640c23a62f3a-abc0abb3bb2mr2093020566b.0.1740514601742; Tue, 25 Feb 2025 12:16:41 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-abed201218fsm194319666b.104.2025.02.25.12.16.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 25 Feb 2025 12:16:41 -0800 (PST) From: Eric Woudstra To: Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH v7 net-next 14/14] netfilter: nft_flow_offload: Add bridgeflow to nft_flow_offload_eval() Date: Tue, 25 Feb 2025 21:16:16 +0100 Message-ID: <20250225201616.21114-15-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250225201616.21114-1-ericwouds@gmail.com> References: <20250225201616.21114-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org Edit nft_flow_offload_eval() to make it possible to handle a flowtable of the nft bridge family. Use nft_flow_offload_bridge_init() to fill the flow tuples. It uses nft_dev_fill_bridge_path() in each direction. Signed-off-by: Eric Woudstra --- net/netfilter/nft_flow_offload.c | 142 +++++++++++++++++++++++++++++-- 1 file changed, 137 insertions(+), 5 deletions(-) diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index c0c310c569cd..03a0b5f7e8d2 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -193,6 +193,128 @@ static bool nft_flowtable_find_dev(const struct net_device *dev, return found; } +static int nft_dev_fill_bridge_path(struct flow_offload *flow, + struct nft_flowtable *ft, + enum ip_conntrack_dir dir, + const struct net_device *src_dev, + const struct net_device *dst_dev, + unsigned char *src_ha, + unsigned char *dst_ha) +{ + struct flow_offload_tuple_rhash *th = flow->tuplehash; + struct net_device_path_ctx ctx = {}; + struct net_device_path_stack stack; + struct nft_forward_info info = {}; + int i, j = 0; + + for (i = th[dir].tuple.encap_num - 1; i >= 0 ; i--) { + if (info.num_encaps >= NF_FLOW_TABLE_ENCAP_MAX) + return -1; + + if (th[dir].tuple.in_vlan_ingress & BIT(i)) + continue; + + info.encap[info.num_encaps].id = th[dir].tuple.encap[i].id; + info.encap[info.num_encaps].proto = th[dir].tuple.encap[i].proto; + info.num_encaps++; + + if (th[dir].tuple.encap[i].proto == htons(ETH_P_PPP_SES)) + continue; + + if (ctx.num_vlans >= NET_DEVICE_PATH_VLAN_MAX) + return -1; + ctx.vlan[ctx.num_vlans].id = th[dir].tuple.encap[i].id; + ctx.vlan[ctx.num_vlans].proto = th[dir].tuple.encap[i].proto; + ctx.num_vlans++; + } + ctx.dev = src_dev; + ether_addr_copy(ctx.daddr, dst_ha); + + if (dev_fill_bridge_path(&ctx, &stack) < 0) + return -1; + + nft_dev_path_info(&stack, &info, dst_ha, &ft->data); + + if (!info.indev || info.indev != dst_dev) + return -1; + + th[!dir].tuple.iifidx = info.indev->ifindex; + for (i = info.num_encaps - 1; i >= 0; i--) { + th[!dir].tuple.encap[j].id = info.encap[i].id; + th[!dir].tuple.encap[j].proto = info.encap[i].proto; + if (info.ingress_vlans & BIT(i)) + th[!dir].tuple.in_vlan_ingress |= BIT(j); + j++; + } + th[!dir].tuple.encap_num = info.num_encaps; + + th[dir].tuple.mtu = dst_dev->mtu; + ether_addr_copy(th[dir].tuple.out.h_source, src_ha); + ether_addr_copy(th[dir].tuple.out.h_dest, dst_ha); + th[dir].tuple.out.ifidx = info.outdev->ifindex; + th[dir].tuple.xmit_type = FLOW_OFFLOAD_XMIT_DIRECT; + + return 0; +} + +static int nft_flow_offload_bridge_init(struct flow_offload *flow, + const struct nft_pktinfo *pkt, + enum ip_conntrack_dir dir, + struct nft_flowtable *ft) +{ + const struct net_device *in_dev, *out_dev; + struct ethhdr *eth = eth_hdr(pkt->skb); + struct flow_offload_tuple *tuple; + struct pppoe_hdr *phdr; + struct vlan_hdr *vhdr; + int err, i = 0; + + in_dev = nft_in(pkt); + if (!in_dev || !nft_flowtable_find_dev(in_dev, ft)) + return -1; + + out_dev = nft_out(pkt); + if (!out_dev || !nft_flowtable_find_dev(out_dev, ft)) + return -1; + + tuple = &flow->tuplehash[!dir].tuple; + + if (skb_vlan_tag_present(pkt->skb)) { + tuple->encap[i].id = skb_vlan_tag_get(pkt->skb); + tuple->encap[i].proto = pkt->skb->vlan_proto; + i++; + } + switch (pkt->skb->protocol) { + case htons(ETH_P_8021Q): + vhdr = (struct vlan_hdr *)skb_network_header(pkt->skb); + tuple->encap[i].id = ntohs(vhdr->h_vlan_TCI); + tuple->encap[i].proto = pkt->skb->protocol; + i++; + break; + case htons(ETH_P_PPP_SES): + phdr = (struct pppoe_hdr *)skb_network_header(pkt->skb); + tuple->encap[i].id = ntohs(phdr->sid); + tuple->encap[i].proto = pkt->skb->protocol; + i++; + break; + } + tuple->encap_num = i; + + err = nft_dev_fill_bridge_path(flow, ft, !dir, out_dev, in_dev, + eth->h_dest, eth->h_source); + if (err < 0) + return err; + + memset(tuple->encap, 0, sizeof(tuple->encap)); + + err = nft_dev_fill_bridge_path(flow, ft, dir, in_dev, out_dev, + eth->h_source, eth->h_dest); + if (err < 0) + return err; + + return 0; +} + static void nft_dev_forward_path(struct nf_flow_route *route, const struct nf_conn *ct, enum ip_conntrack_dir dir, @@ -311,6 +433,7 @@ static void nft_flow_offload_eval(const struct nft_expr *expr, { struct nft_flow_offload *priv = nft_expr_priv(expr); struct nf_flowtable *flowtable = &priv->flowtable->data; + bool routing = flowtable->type->family != NFPROTO_BRIDGE; struct tcphdr _tcph, *tcph = NULL; struct nf_flow_route route = {}; enum ip_conntrack_info ctinfo; @@ -364,14 +487,21 @@ static void nft_flow_offload_eval(const struct nft_expr *expr, goto out; dir = CTINFO2DIR(ctinfo); - if (nft_flow_route(pkt, ct, &route, dir, priv->flowtable) < 0) - goto err_flow_route; + if (routing) { + if (nft_flow_route(pkt, ct, &route, dir, priv->flowtable) < 0) + goto err_flow_route; + } flow = flow_offload_alloc(ct); if (!flow) goto err_flow_alloc; - flow_offload_route_init(flow, &route); + if (routing) + flow_offload_route_init(flow, &route); + else + if (nft_flow_offload_bridge_init(flow, pkt, dir, priv->flowtable) < 0) + goto err_flow_add; + if (tcph) flow_offload_ct_tcp(ct); @@ -419,8 +549,10 @@ static void nft_flow_offload_eval(const struct nft_expr *expr, err_flow_add: flow_offload_free(flow); err_flow_alloc: - dst_release(route.tuple[dir].dst); - dst_release(route.tuple[!dir].dst); + if (routing) { + dst_release(route.tuple[dir].dst); + dst_release(route.tuple[!dir].dst); + } err_flow_route: clear_bit(IPS_OFFLOAD_BIT, &ct->status); out: