From patchwork Wed Mar 5 10:29:35 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 14002466 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id F1FAFC19F32 for ; Wed, 5 Mar 2025 11:07:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=UWSHNbB5JKEbeWuUj8vjDFfUx12Bd6PhpeoYLsDsQTU=; b=ZdRde0pAjtgnCyuUxgTmBYXJrX Ib9+4gbkhwdwAH9yz+fnAP9RFiXWm36c7bkMAhBskz1qR9q4HK3cxEofZjrL1gmgkzDAX6g0MJwrP 7XLJTxTPRNANgrXxFLqsAHBFyT7UhMSsbTqLSapNOnGfjAYflYHCVtVqz7ohRQwISyKLL5UWTfRsM c90AOSoK++SEB8bvc5U+vxAusXJxPKErn9iB/ZXac07us0zaT+dPjtM5LNtrsbqIpQ720JPMoud9j hOiipsUuIw7YuChUjSZnEnJO3GmAkbL1NfkOCDsT8Kr/O8A2E6j3AK2XgV5NMd2k1R6DfnkOebR6p L8n+Zdog==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1tpmad-00000007nkN-43hR; Wed, 05 Mar 2025 11:07:03 +0000 Received: from casper.infradead.org ([2001:8b0:10b:1236::1]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1tpm0v-00000007gQy-2Svw; Wed, 05 Mar 2025 10:30:09 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=Content-Transfer-Encoding:MIME-Version: References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From:Sender:Reply-To: Content-Type:Content-ID:Content-Description; bh=UWSHNbB5JKEbeWuUj8vjDFfUx12Bd6PhpeoYLsDsQTU=; b=n1ok5mW3h7wYGpzuhX8DhL2cwz ll/CSLQMN3igK3OkCWwlUdNgZmmEy39PB6SH4jpwMVmPf1oy4kbjnXtPkJQC7gq+7PiD5QDB49qgS JbRHCqJadPfjPrLT66dN5t7IvzPIvZHP9fQPC54Nnw+dyq1D0AD4fu6ipMnaM9BNe5AUTEu1RG7Dt ddgl7y0sMPA0FKSGqNdmMyeyNoVPzNdGjvQpae+iktKYVwsX3NRH3j+IfTsQKljc3IvJLLBusCy5M 0lWxTVI1khsRDwYrNSInmcG2t8CIevT0zDFbGF4qbwrHXsK7MU20t6kPv+OggULQQmBx11PYZBFz8 cFsT8f3Q==; Received: from mail-ej1-x62f.google.com ([2a00:1450:4864:20::62f]) by casper.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1tpm0s-00000005Ioj-2XnU; Wed, 05 Mar 2025 10:30:08 +0000 Received: by mail-ej1-x62f.google.com with SMTP id a640c23a62f3a-abf48293ad0so699086666b.0; Wed, 05 Mar 2025 02:30:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1741170604; x=1741775404; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=UWSHNbB5JKEbeWuUj8vjDFfUx12Bd6PhpeoYLsDsQTU=; b=GeDRfkXLW9xfh71Pvz13c32s0n1C6141kJb/wGxKLNdMXnkRb4jl+7AIid0I2KO/NQ sWC2fyDRLpjPNMFrsfbbA1nK9x3kPxZvEdK54qHXD3lt/KrMl0DbJW2xw0RGr0NgJ8GD o+pssmNz35vp/mC6NH8+8d7ACddKzzVvkMrxGo39CSF+Bs/JsMhvnPmcJFokDkjIInJ1 D6ua/s80tNGP2JLB2TTKcKGBlfso36p/p5w3iqm4YdP8qsJuurjpzx5bR9yV35ANVP1V ohzrYosj9uLfyTofchu5gnlPxK8g8Icb3N1z1UYYwAeaTAawwkNHmvjwksdOkOqdLZbS D+Lw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1741170604; x=1741775404; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=UWSHNbB5JKEbeWuUj8vjDFfUx12Bd6PhpeoYLsDsQTU=; b=MQwnzQtwBGIhzgUZ88n9zv6BJs9Tpm0GR8WsNrERTOh7N3xQCLw5M++2MwMBgAlLZ4 QcO106cdsOXefDsf/WRJr66fVcSUXVQwW/AKDhaj+5mAue121+sRrRYxFKqehTh5fGgk cNepgAagd4+8u4fnUivfOLquslrhaznLmA4qYm1eEDFZtJSBWUJ6yZaKZMp9Bj2dFS+d ACwv1LZ3EL3nS+yg3moPWirhjzwPv+6w5J0XqDbHvVXwqJN3VrACaQu8QiObqXRHpRy8 cuwVWcGTIr1b8l/RXhAi4iGaqmyvQo1CjtKfH9ZRtXuyYeSbXQAWDJkqRPNVQ4GcxFxp M9Mw== X-Forwarded-Encrypted: i=1; AJvYcCUIJH+t9RZRv69sxM354ae+Wjlyr6gipTQK7+uy+ZCp8RlMwutnJd2GaZqbYs/yewatr7RM3jqce+n8oqgrFMdA@lists.infradead.org, AJvYcCW7Ye2sE+P97iBsERi061OyXPEHGup2Ar8ItTxbiuGAqqz18Po9Rc47tniOMaPReScMbxrBfHjLx0bEYeXm/ak=@lists.infradead.org X-Gm-Message-State: AOJu0YzCf3Nl5a5ZRrRw/JNcdTN1tj9yYzk3B8BP5+pzXgmuwBSgps8g 5NdsrQ6I6i/SLalRtmQvxDEri/SBNI3IE2jIhJ8fz9Iu6vGCQemu X-Gm-Gg: ASbGncvToIOkWeI6RvXtGXN7MtIbl9m2iaqcJUYQel9UP1DMU7savmNdbxIVMCvV4OG FIaNQWegfaBy5Zvu6xANlI0k4YbTZ1N8GGdFim0ToExWNohjJNKm+E6NXj1bejgn/p6gUmQ0Txx SC28ckbYdmpywhI9xsZmIqKDiK3qPpXAljf+6eZJV0wEaxLKfoFy4f2b/O3q9stiLqzPtCGpyEQ SFzYeM0jHEyroLrkwsQCzEd7hjTbNBTVoGqqUZh1YR6EAoAAjqPlW+WdTuHFU4qG5shnqn4C8TJ 7/sZC348Nt+JxqObMoKYiVLihMcUBD5T8dhLrVgc5Y44dQTlnBw0/or8ohy+FneEuttT9y+2gFy ++JprraQGsqQp8pz/MfgKSj6TTsSIjZ7mprr3xn4iXN+VTH2Un0awZPp7I2fhGw== X-Google-Smtp-Source: AGHT+IFmOl+znPOCyIBVoWXbUGUsHEWWessyONqSdjDiGli0zSAoB+kKDiPnSaw44bEm0nFmaT3VhQ== X-Received: by 2002:a17:907:3f0a:b0:ac1:ddaa:2c03 with SMTP id a640c23a62f3a-ac20d036458mr300465466b.0.1741170603887; Wed, 05 Mar 2025 02:30:03 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-ac1f7161a4esm247154266b.161.2025.03.05.02.30.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 05 Mar 2025 02:30:03 -0800 (PST) From: Eric Woudstra To: Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Ahmed Zaki , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, linux-hardening@vger.kernel.org, Kees Cook , "Gustavo A. R. Silva" , Eric Woudstra Subject: [PATCH v9 nf 01/15] net: pppoe: avoid zero-length arrays in struct pppoe_hdr Date: Wed, 5 Mar 2025 11:29:35 +0100 Message-ID: <20250305102949.16370-2-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250305102949.16370-1-ericwouds@gmail.com> References: <20250305102949.16370-1-ericwouds@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250305_103006_920286_2342849E X-CRM114-Status: GOOD ( 12.86 ) X-BeenThere: linux-mediatek@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Linux-mediatek" Errors-To: linux-mediatek-bounces+linux-mediatek=archiver.kernel.org@lists.infradead.org Jakub Kicinski suggested following patch: W=1 C=1 GCC build gives us: net/bridge/netfilter/nf_conntrack_bridge.c: note: in included file (through ../include/linux/if_pppox.h, ../include/uapi/linux/netfilter_bridge.h, ../include/linux/netfilter_bridge.h): include/uapi/linux/if_pppox.h: 153:29: warning: array of flexible structures It doesn't like that hdr has a zero-length array which overlaps proto. The kernel code doesn't currently need those arrays. PPPoE connection is functional after applying this patch. Reviewed-by: Nikolay Aleksandrov Signed-off-by: Eric Woudstra --- drivers/net/ppp/pppoe.c | 2 +- include/uapi/linux/if_pppox.h | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/net/ppp/pppoe.c b/drivers/net/ppp/pppoe.c index 68e631718ab0..17946af6a8cf 100644 --- a/drivers/net/ppp/pppoe.c +++ b/drivers/net/ppp/pppoe.c @@ -882,7 +882,7 @@ static int pppoe_sendmsg(struct socket *sock, struct msghdr *m, skb->protocol = cpu_to_be16(ETH_P_PPP_SES); ph = skb_put(skb, total_len + sizeof(struct pppoe_hdr)); - start = (char *)&ph->tag[0]; + start = (char *)ph + sizeof(*ph); error = memcpy_from_msg(start, m, total_len); if (error < 0) { diff --git a/include/uapi/linux/if_pppox.h b/include/uapi/linux/if_pppox.h index 9abd80dcc46f..29b804aa7474 100644 --- a/include/uapi/linux/if_pppox.h +++ b/include/uapi/linux/if_pppox.h @@ -122,7 +122,9 @@ struct sockaddr_pppol2tpv3in6 { struct pppoe_tag { __be16 tag_type; __be16 tag_len; +#ifndef __KERNEL__ char tag_data[]; +#endif } __attribute__ ((packed)); /* Tag identifiers */ @@ -150,7 +152,9 @@ struct pppoe_hdr { __u8 code; __be16 sid; __be16 length; +#ifndef __KERNEL__ struct pppoe_tag tag[]; +#endif } __packed; /* Length of entire PPPoE + PPP header */ From patchwork Wed Mar 5 10:29:36 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 14002460 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id DBE52C282E3 for ; Wed, 5 Mar 2025 11:05:26 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=VGr0DGFtdF9vUQZNuQxbjKzErqMA9pCa8F2vVWAZr6U=; b=Cj8jmoA5y3s9/FI0uwnyChoR2c ZIjVgG+4n+I7NM+IdJ6+tiLno+cTZgZWYcHcy8uSSO5NlJz5oZ2ofe5qR2K7XDsGN8KutLtIgKiPK lNu4+Ialfz5auB1HikB7HlkjHM/oV+6i3DMxaPXGoe1UQTZpxG+PZuXqSnECiGK9F2Nv2IH+KemuE Nndlq1qzzh7Nq76s4CTfeK9P8QRRECOBQcbjNvW/U9bZB4M4lv+KUaMZOxDi5v5zpyBsgAmnnBUeE 8ysrXhLUx+FD8K3wLDdUXjii8Zp/OdGBh069uSPhLq1DtnPM/pMvR2GUPlnmLbQHC9xRXJ/wTKqH7 3PFoZYQA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1tpmZ3-00000007nQ1-42hm; Wed, 05 Mar 2025 11:05:25 +0000 Received: from mail-ej1-x629.google.com ([2a00:1450:4864:20::629]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1tpm0t-00000007gQ3-3tET; Wed, 05 Mar 2025 10:30:09 +0000 Received: by mail-ej1-x629.google.com with SMTP id a640c23a62f3a-abf42913e95so727794166b.2; Wed, 05 Mar 2025 02:30:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1741170606; x=1741775406; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=VGr0DGFtdF9vUQZNuQxbjKzErqMA9pCa8F2vVWAZr6U=; b=Xr4bASO0EHCloGoY2L7EgT/k6Bvbw5liGMbZjyN4ZA+YseE6xY95TAsNrwdaKatBpC WxY//ljUvBdMAhKgmBU2kLuorWIeanelCtxWFmVumZIii39+XkcHs2pNTPpMYBgNulVr GvfXMazJllVZv7SQ3X7BuKXY/2WKjZ2fQSpaiGxik+uDAaiTTzcKvSr+HbfWctGUKrVK t0iGa8ar8H1pVA9Vb2TuGtwZb6mz2e38x4tCh4ygNUMaFqAodBd6N2WpNzgidIlNt2z6 Tj9iV0REI7Zm7+mCDXsIv1isezC4XhyGBhpUUqEXuFb7NpTy32wRXDjHx/UoAZ+OrlC2 VBxQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1741170606; x=1741775406; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=VGr0DGFtdF9vUQZNuQxbjKzErqMA9pCa8F2vVWAZr6U=; b=N1p0jT4PXQ2bZQLJluG/lHTT4W9hWySFEvkziJDb1DAdt4c8IOkOKYlYk0L1NW/Wej PwE1EJFkf7C0r1iSAW4xhqDOIZxz4ke7R8fIJ6IV3N4zV4pALH2jFMp8yFUOTykUiBI+ laR80G2L0ANUlZ4s5R2HoApi53mtsadTnwO0t2rUqc7BNwhLKUo4PtDaJom0Wbn5nf4J cgIxkljlf8G299NyMLzFPDkycj5qkDjYT4e47npOGVujpZ2qzXB2JTNXJUWsqO/9GuFp OFgIar4FQFpcSUm3d0vU/lvFYuLY+h8thipkmbKYjWZjuaqjASl7mLQ4QHjIkXR8qpId Bb4Q== X-Forwarded-Encrypted: i=1; AJvYcCVxNkZyO87088j80vqFsofBOCIcE6aA1BVXfFsLZBINrX6dwMGeT3hRR/N8APQ3sAQbnSjjrbGLUrulo8PaTX0=@lists.infradead.org, AJvYcCWbAQCGJh1cosNEfW7L1T+lYtKBZevrdjS7gGuV/OFqeHfiKG5HgvkQFox6MZqstrDF3Wnk1yPp9Z7aAy1ytan4@lists.infradead.org X-Gm-Message-State: AOJu0Yzt3GubSSilPLvvGivycU24ZUajQu2+PaBvwZUmUYZ39zFv4pz4 al3XaFbOjomxttd+K7souIA2g7mfWVGXzySNLUMcENm0bjQ6Q1Ee X-Gm-Gg: ASbGncvm2xypXfHTuMdOnjVAo2lE7/gpjuq4KAwRDpJ+zyMWP1Zg9ayVewY2faieUTe bLkM9ec7qhZF9JZo+2lZIGUg9A/5A4UBjh8R0EdOMPSixtZTLyP3CLIBLHnq7J2au6HkHh8sZUC Zg/ynTj9kT9m1qo2hBlFP4L6vXldACwnsAi+VNjFJHcoRHRQebtsPjFchuEcj0ABVMfwNHhYwEu BwhZI69ZugnMQHqRqo+ZZ/DFr1zhK3czuBhL6cNp5A3wW0DuvXawI0HB5i8Lm4FaLaP0Wc5mt4n UnSVzXzH/EmAYLFyTwkxsi+bPcNNxufvuoLJsdXyUSEyQaB5D1U63qh+1W3vlQMvHAdsAvyqS7k STRhL5OIsrRoqcsVEc5kuDdB5QN2PCSd8yahijjhEEy95jkeLjgYRFnuWBr4yUg== X-Google-Smtp-Source: AGHT+IHy767DUvvq2GdNzFTZgEtw2mmlhPb8tvwjOW0NV0rTz/8fH6TDIbFvmbmwfZNkQ6dAvscC7w== X-Received: by 2002:a17:907:7e8b:b0:ac1:ea5c:8711 with SMTP id a640c23a62f3a-ac20d97e6cfmr241289466b.1.1741170605663; Wed, 05 Mar 2025 02:30:05 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-ac1f7161a4esm247154266b.161.2025.03.05.02.30.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 05 Mar 2025 02:30:04 -0800 (PST) From: Eric Woudstra To: Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Ahmed Zaki , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, linux-hardening@vger.kernel.org, Kees Cook , "Gustavo A. R. Silva" , Eric Woudstra Subject: [PATCH v9 nf 02/15] netfilter: nf_flow_table_offload: Add nf_flow_encap_push() for xmit direct Date: Wed, 5 Mar 2025 11:29:36 +0100 Message-ID: <20250305102949.16370-3-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250305102949.16370-1-ericwouds@gmail.com> References: <20250305102949.16370-1-ericwouds@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250305_023007_994969_C41F8ADD X-CRM114-Status: GOOD ( 19.79 ) X-BeenThere: linux-mediatek@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Linux-mediatek" Errors-To: linux-mediatek-bounces+linux-mediatek=archiver.kernel.org@lists.infradead.org Loosely based on wenxu's patches: "nf_flow_table_offload: offload the vlan/PPPoE encap in the flowtable". Fixed double vlan and pppoe packets, almost entirely rewriting the patch. After this patch, it is possible to transmit packets in the fastpath with outgoing encaps, without using vlan- and/or pppoe-devices. This makes it possible to use more different kinds of network setups. For example, when bridge tagging is used to egress vlan tagged packets using the forward fastpath. Another example is passing 802.1q tagged packets through a bridge using the bridge fastpath. This also makes the software fastpath process more similar to the hardware offloaded fastpath process, where encaps are also pushed. After applying this patch, always info->outdev = info->hw_outdev, so the netfilter code can be further cleaned up by removing: * hw_outdev from struct nft_forward_info * out.hw_ifindex from struct nf_flow_route * out.hw_ifidx from struct flow_offload_tuple Reviewed-by: Nikolay Aleksandrov Signed-off-by: Eric Woudstra --- net/netfilter/nf_flow_table_ip.c | 96 +++++++++++++++++++++++++++++++- net/netfilter/nft_flow_offload.c | 6 +- 2 files changed, 96 insertions(+), 6 deletions(-) diff --git a/net/netfilter/nf_flow_table_ip.c b/net/netfilter/nf_flow_table_ip.c index 8cd4cf7ae211..d0c3c459c4d2 100644 --- a/net/netfilter/nf_flow_table_ip.c +++ b/net/netfilter/nf_flow_table_ip.c @@ -306,6 +306,92 @@ static bool nf_flow_skb_encap_protocol(struct sk_buff *skb, __be16 proto, return false; } +static int nf_flow_vlan_inner_push(struct sk_buff *skb, __be16 proto, u16 id) +{ + struct vlan_hdr *vhdr; + + if (skb_cow_head(skb, VLAN_HLEN)) + return -1; + + __skb_push(skb, VLAN_HLEN); + skb_reset_network_header(skb); + + vhdr = (struct vlan_hdr *)(skb->data); + vhdr->h_vlan_TCI = htons(id); + vhdr->h_vlan_encapsulated_proto = skb->protocol; + skb->protocol = proto; + + return 0; +} + +static int nf_flow_ppoe_push(struct sk_buff *skb, u16 id) +{ + struct ppp_hdr { + struct pppoe_hdr hdr; + __be16 proto; + } *ph; + int data_len = skb->len + 2; + __be16 proto; + + if (skb_cow_head(skb, PPPOE_SES_HLEN)) + return -1; + + if (skb->protocol == htons(ETH_P_IP)) + proto = htons(PPP_IP); + else if (skb->protocol == htons(ETH_P_IPV6)) + proto = htons(PPP_IPV6); + else + return -1; + + __skb_push(skb, PPPOE_SES_HLEN); + skb_reset_network_header(skb); + + ph = (struct ppp_hdr *)(skb->data); + ph->hdr.ver = 1; + ph->hdr.type = 1; + ph->hdr.code = 0; + ph->hdr.sid = htons(id); + ph->hdr.length = htons(data_len); + ph->proto = proto; + skb->protocol = htons(ETH_P_PPP_SES); + + return 0; +} + +static int nf_flow_encap_push(struct sk_buff *skb, + struct flow_offload_tuple_rhash *tuplehash, + unsigned short *type) +{ + int i = 0, ret = 0; + + if (!tuplehash->tuple.encap_num) + return 0; + + if (tuplehash->tuple.encap[i].proto == htons(ETH_P_8021Q) || + tuplehash->tuple.encap[i].proto == htons(ETH_P_8021AD)) { + __vlan_hwaccel_put_tag(skb, tuplehash->tuple.encap[i].proto, + tuplehash->tuple.encap[i].id); + i++; + if (i >= tuplehash->tuple.encap_num) + return 0; + } + + switch (tuplehash->tuple.encap[i].proto) { + case htons(ETH_P_8021Q): + *type = ETH_P_8021Q; + ret = nf_flow_vlan_inner_push(skb, + tuplehash->tuple.encap[i].proto, + tuplehash->tuple.encap[i].id); + break; + case htons(ETH_P_PPP_SES): + *type = ETH_P_PPP_SES; + ret = nf_flow_ppoe_push(skb, + tuplehash->tuple.encap[i].id); + break; + } + return ret; +} + static void nf_flow_encap_pop(struct sk_buff *skb, struct flow_offload_tuple_rhash *tuplehash) { @@ -335,6 +421,7 @@ static void nf_flow_encap_pop(struct sk_buff *skb, static unsigned int nf_flow_queue_xmit(struct net *net, struct sk_buff *skb, const struct flow_offload_tuple_rhash *tuplehash, + struct flow_offload_tuple_rhash *other_tuplehash, unsigned short type) { struct net_device *outdev; @@ -343,6 +430,9 @@ static unsigned int nf_flow_queue_xmit(struct net *net, struct sk_buff *skb, if (!outdev) return NF_DROP; + if (nf_flow_encap_push(skb, other_tuplehash, &type) < 0) + return NF_DROP; + skb->dev = outdev; dev_hard_header(skb, skb->dev, type, tuplehash->tuple.out.h_dest, tuplehash->tuple.out.h_source, skb->len); @@ -462,7 +552,8 @@ nf_flow_offload_ip_hook(void *priv, struct sk_buff *skb, ret = NF_STOLEN; break; case FLOW_OFFLOAD_XMIT_DIRECT: - ret = nf_flow_queue_xmit(state->net, skb, tuplehash, ETH_P_IP); + ret = nf_flow_queue_xmit(state->net, skb, tuplehash, + &flow->tuplehash[!dir], ETH_P_IP); if (ret == NF_DROP) flow_offload_teardown(flow); break; @@ -757,7 +848,8 @@ nf_flow_offload_ipv6_hook(void *priv, struct sk_buff *skb, ret = NF_STOLEN; break; case FLOW_OFFLOAD_XMIT_DIRECT: - ret = nf_flow_queue_xmit(state->net, skb, tuplehash, ETH_P_IPV6); + ret = nf_flow_queue_xmit(state->net, skb, tuplehash, + &flow->tuplehash[!dir], ETH_P_IPV6); if (ret == NF_DROP) flow_offload_teardown(flow); break; diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index 46a6d280b09c..b4baee519e18 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -124,13 +124,12 @@ static void nft_dev_path_info(const struct net_device_path_stack *stack, info->indev = NULL; break; } - if (!info->outdev) - info->outdev = path->dev; info->encap[info->num_encaps].id = path->encap.id; info->encap[info->num_encaps].proto = path->encap.proto; info->num_encaps++; if (path->type == DEV_PATH_PPPOE) memcpy(info->h_dest, path->encap.h_dest, ETH_ALEN); + info->xmit_type = FLOW_OFFLOAD_XMIT_DIRECT; break; case DEV_PATH_BRIDGE: if (is_zero_ether_addr(info->h_source)) @@ -158,8 +157,7 @@ static void nft_dev_path_info(const struct net_device_path_stack *stack, break; } } - if (!info->outdev) - info->outdev = info->indev; + info->outdev = info->indev; info->hw_outdev = info->indev; From patchwork Wed Mar 5 10:29:37 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 14002467 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 14097C19F32 for ; Wed, 5 Mar 2025 11:08:42 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=h3xV3TA0ockrC7/s5OEcRj/pNoR8pLIoTTKhN2eYQLw=; b=hsFMNkJrhwmsJLFLhkdzU0iZWz VRUvewlpB2E9Qo1CbMHFR1/ion9MxyoyP3zl7ntIyrtmyxADYf+7/lL8E2wrq269F6YuSXDZ9hpUz ElaRynaCZpDtOmTGJePz+lMGYK9WA6UiI2Wijy1Za5kZMYGZUXsAUL+60/67zr5GWlnpakn2ygOCY BHSJe9cEBmLl9OSyfYLdHqJrewhLN1H6L0kHhNnXguKFMMHVmyvYAVZKDucJyyGecyyvPfIWG3rRy KdTYsSzv4ULFOoi0zHyR1h1TF0bE5DctTGi3HCxKFdDfMYejH1ulZBOFUYSIkODa+VXSzkjBkqNrh 0UMQ8q0w==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1tpmcD-00000007nzq-0TaX; Wed, 05 Mar 2025 11:08:41 +0000 Received: from casper.infradead.org ([2001:8b0:10b:1236::1]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1tpm0y-00000007gRk-0qy9; Wed, 05 Mar 2025 10:30:12 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=Content-Transfer-Encoding:MIME-Version: References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From:Sender:Reply-To: Content-Type:Content-ID:Content-Description; bh=h3xV3TA0ockrC7/s5OEcRj/pNoR8pLIoTTKhN2eYQLw=; b=HexuGPujvtpNEaOhWVhWPsEBuM U6hpjBDkeS5GSXh9AZ8dwkeDcFxdMASLiutRMaCd/mlIfeOHyDZdjGhnIP0UofySQ/wS2zRE/qbiE lF1cGz3mY36ai4pHJQumoBPA/xt7TCYWDskDRkcuqNifA43TGC6he8Jqpi1XYZx/TCYUH2tdLHv2v 6J3/JylQ3cYvQM3Oq5ldBB8pqM6K6jteg4yhxYALlg541WQueAAfIG0fj7xzV0aQzbePPVQ0NtUDY 54JHoPIS03hJFzkGOXL7dqq/TVhTfR7zjt2OjV8vwZVWRUMEMgJIxZJ9eSUIHWR5rChDnSDqinSsT f0zc9e3A==; Received: from mail-ed1-x52d.google.com ([2a00:1450:4864:20::52d]) by casper.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1tpm0v-00000005IpK-1pej; Wed, 05 Mar 2025 10:30:11 +0000 Received: by mail-ed1-x52d.google.com with SMTP id 4fb4d7f45d1cf-5e5491eb37dso5638211a12.0; Wed, 05 Mar 2025 02:30:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1741170607; x=1741775407; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=h3xV3TA0ockrC7/s5OEcRj/pNoR8pLIoTTKhN2eYQLw=; b=hT+p/5GnS56IRIdTcn57Vs08g/tNVdfPSVp/zOYE38yYdUsUw2YMoive1BB0UDJoa7 gx9liqAMAcrhhhw+vQMcZoqaFNVkgj2lUblULsrJ0/jxcuimjFLWrvU7i24cNsClP/rY 9iCXZMl7TSPJrZgwdt8V6zoq5N1kfleQA4vuIofoMTHrYQNjx98WrhJJ7bpfrDw4+q+f 8XGd9X2JBOdn83ljhZTB3s8yHGW50bwJAam3nMEz4Xc4SrP3+yzzQv2ds8RuXx6mn6HS 7ooqjhJXtmN0ldosYTrbzJbmjAz/t03A43OMc/0FjbfW55nxWVp6k+OvxmrSjCJSYy/c +jog== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1741170607; x=1741775407; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=h3xV3TA0ockrC7/s5OEcRj/pNoR8pLIoTTKhN2eYQLw=; b=VCaLsFK+2pSsf0myzR11/XRB5rfWK81XZeznx8H5YKj2EATcSYomsMkPkiCoxthAL3 rVRf1+NQMMeNaSvxWpM42UyhEa3Crq/65CiOB3A2mkdZ6KcC3ZpJz58aJ+/F97clKgTX z5TtlJs2DPJwAB5RZpybwgbepb+aPP8e6P4XWwh+daY2oNtngsNqIimbFjqrPNNjFdAL 7IqKFTJknOkNknzLcgLxAIaYdrnSkdrswKExSOHHgU3GuMQ3zNCoD8lSfRSsfbwgn/X/ C0yGyJW3Pa9HCW7bBLMHJCEdox897MHMrYeWQTd7Fe5mN8gPSEOpoq8fJbpjYuTu3PBY TbPw== X-Forwarded-Encrypted: i=1; AJvYcCWMYMNalilr+jLZUi2JhGE4vLCypY/iZKIms8qPF/kRVO4c7iGJR95ZftQ9KdD69xFD63G0e03ZXHHyLAN9Evg=@lists.infradead.org, AJvYcCX3twvh1uIxZclg9nFKX2hnFtHkVG8/24nm/AOcAsYlFi7ERssQ2mZPOo6R5p2eHGQRBaTGWC7mLFryVogVe0rL@lists.infradead.org X-Gm-Message-State: AOJu0YyR1G2zx4fobyD+MpuE6N1gPcV4rJdeW5zbRa19S5SwcVH65DdL 7q55K+OeYcQNFLP+NWn0KkA72sszSJo8aBcDIYiNVXdaH6yuBIAG X-Gm-Gg: ASbGnctZUbvPleNADbSgLFBX66cvMT2ppjgiUzNCbvfM95qHjmV9mzz5VuPOXn4OokO Jox09ethR2r0HUw1UAj4xVCGdIihyce/tlrwnovBBZ6aenxEBdEJtr6cHrnomaHzcCz3sxgiJbK X+2LmnkZlF8PKAim34obcJOYClp3bkvYI5F9btcRm1ReQvvkKxlXgzzD40w5mylYe6Ux6a1JppK M6V7zGzA1KA5K92iTRRCI7snpbgFIwKcnXm7j0t51yUaqIBkjNCJU2ktU14VEPvScc+BANW2x2U vMWglai0PckebPD2YSmLuxQizGWx+/Kj7xW6IHn83/2cxkwX8cBQrCHxoVVsDE+f9CKq0o8Uk/L ieJqsUBqI8naXUitX2edAD6/vlu8Tmw8wamDQMp3jmHVPk9uBsO9oWL2es3WXbQ== X-Google-Smtp-Source: AGHT+IFiJqR8AW9q4B4jV0oBAldSkpb3Cory3PfYPngFhkXoybiZBDs5zVQJdJ8Lft/VnBuwHJUAJQ== X-Received: by 2002:a17:907:8b97:b0:abf:4892:b6ea with SMTP id a640c23a62f3a-ac20db37c07mr294449866b.25.1741170606779; Wed, 05 Mar 2025 02:30:06 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-ac1f7161a4esm247154266b.161.2025.03.05.02.30.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 05 Mar 2025 02:30:06 -0800 (PST) From: Eric Woudstra To: Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Ahmed Zaki , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, linux-hardening@vger.kernel.org, Kees Cook , "Gustavo A. R. Silva" , Eric Woudstra Subject: [PATCH v9 nf 03/15] netfilter: flow: remove hw_outdev, out.hw_ifindex and out.hw_ifidx Date: Wed, 5 Mar 2025 11:29:37 +0100 Message-ID: <20250305102949.16370-4-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250305102949.16370-1-ericwouds@gmail.com> References: <20250305102949.16370-1-ericwouds@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250305_103009_488371_8E8165B4 X-CRM114-Status: GOOD ( 12.53 ) X-BeenThere: linux-mediatek@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Linux-mediatek" Errors-To: linux-mediatek-bounces+linux-mediatek=archiver.kernel.org@lists.infradead.org Now always info->outdev == info->hw_outdev, so the netfilter code can be further cleaned up by removing: * hw_outdev from struct nft_forward_info * out.hw_ifindex from struct nf_flow_route * out.hw_ifidx from struct flow_offload_tuple Reviewed-by: Nikolay Aleksandrov Signed-off-by: Eric Woudstra --- include/net/netfilter/nf_flow_table.h | 2 -- net/netfilter/nf_flow_table_core.c | 1 - net/netfilter/nf_flow_table_offload.c | 2 +- net/netfilter/nft_flow_offload.c | 4 ---- 4 files changed, 1 insertion(+), 8 deletions(-) diff --git a/include/net/netfilter/nf_flow_table.h b/include/net/netfilter/nf_flow_table.h index d711642e78b5..4ab32fb61865 100644 --- a/include/net/netfilter/nf_flow_table.h +++ b/include/net/netfilter/nf_flow_table.h @@ -145,7 +145,6 @@ struct flow_offload_tuple { }; struct { u32 ifidx; - u32 hw_ifidx; u8 h_source[ETH_ALEN]; u8 h_dest[ETH_ALEN]; } out; @@ -211,7 +210,6 @@ struct nf_flow_route { } in; struct { u32 ifindex; - u32 hw_ifindex; u8 h_source[ETH_ALEN]; u8 h_dest[ETH_ALEN]; } out; diff --git a/net/netfilter/nf_flow_table_core.c b/net/netfilter/nf_flow_table_core.c index 9d8361526f82..1e5d3735c028 100644 --- a/net/netfilter/nf_flow_table_core.c +++ b/net/netfilter/nf_flow_table_core.c @@ -127,7 +127,6 @@ static int flow_offload_fill_route(struct flow_offload *flow, memcpy(flow_tuple->out.h_source, route->tuple[dir].out.h_source, ETH_ALEN); flow_tuple->out.ifidx = route->tuple[dir].out.ifindex; - flow_tuple->out.hw_ifidx = route->tuple[dir].out.hw_ifindex; dst_release(dst); break; case FLOW_OFFLOAD_XMIT_XFRM: diff --git a/net/netfilter/nf_flow_table_offload.c b/net/netfilter/nf_flow_table_offload.c index e06bc36f49fe..d8f7bfd60ac6 100644 --- a/net/netfilter/nf_flow_table_offload.c +++ b/net/netfilter/nf_flow_table_offload.c @@ -555,7 +555,7 @@ static void flow_offload_redirect(struct net *net, switch (this_tuple->xmit_type) { case FLOW_OFFLOAD_XMIT_DIRECT: this_tuple = &flow->tuplehash[dir].tuple; - ifindex = this_tuple->out.hw_ifidx; + ifindex = this_tuple->out.ifidx; break; case FLOW_OFFLOAD_XMIT_NEIGH: other_tuple = &flow->tuplehash[!dir].tuple; diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index b4baee519e18..5ef2f4ba7ab8 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -80,7 +80,6 @@ static int nft_dev_fill_forward_path(const struct nf_flow_route *route, struct nft_forward_info { const struct net_device *indev; const struct net_device *outdev; - const struct net_device *hw_outdev; struct id { __u16 id; __be16 proto; @@ -159,8 +158,6 @@ static void nft_dev_path_info(const struct net_device_path_stack *stack, } info->outdev = info->indev; - info->hw_outdev = info->indev; - if (nf_flowtable_hw_offload(flowtable) && nft_is_valid_ether_device(info->indev)) info->xmit_type = FLOW_OFFLOAD_XMIT_DIRECT; @@ -212,7 +209,6 @@ static void nft_dev_forward_path(struct nf_flow_route *route, memcpy(route->tuple[dir].out.h_source, info.h_source, ETH_ALEN); memcpy(route->tuple[dir].out.h_dest, info.h_dest, ETH_ALEN); route->tuple[dir].out.ifindex = info.outdev->ifindex; - route->tuple[dir].out.hw_ifindex = info.hw_outdev->ifindex; route->tuple[dir].xmit_type = info.xmit_type; } } From patchwork Wed Mar 5 10:29:38 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 14002541 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 27A01C282EC for ; Wed, 5 Mar 2025 12:18:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=pWKZKslFax2kV4u5PDGKsv4N0lJQ1f1k8yO/foh+po0=; b=PTeOKLeT0X/o3KTnonniu0Ue6W DJR7pYRiV/NLZ9jB6WClqilw53kDy59mSUjLiA/jH0V96Wse6Uco6FPh/OgQYAu3B2ICnsPVeSK8W awZoii5X3Zu5gL+5L3tOthzgI/T2W0QSo9PUwsi/G8wvbwQv7ZHK7F2dyQ+8ywJ41bfng7S1s4UB4 T8WVd9roOFomGVrepYkVcMhM+N5NaFBC0hEbN8bKk/hIgo78sF7nlDEBcgqY6Odt1IJcwXAB5cq4R hLtTP0TLavx3OtimxIkUhcuQntDgLQEd3o6upoAigdK+0RbOIRTS59HY3jqZL0ekq2nC5VHyfBROR gg7BhLBw==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1tpnhw-00000007zRG-3n6h; Wed, 05 Mar 2025 12:18:40 +0000 Received: from mail-ej1-f43.google.com ([209.85.218.43]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1tpm0w-00000007gRA-2ioV; Wed, 05 Mar 2025 10:30:12 +0000 Received: by mail-ej1-f43.google.com with SMTP id a640c23a62f3a-abf538f7be0so689972466b.3; Wed, 05 Mar 2025 02:30:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1741170608; x=1741775408; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=pWKZKslFax2kV4u5PDGKsv4N0lJQ1f1k8yO/foh+po0=; b=DcBzk9JV5udoRe/2CafleVMcKfF/JiwT3ivn6pvH2oJmwaSQePw+CkrbVxC9xz5OkN GmxwedNUFK5aPCUyCynnBdKI27UutRL77W/RLEXDEWsb2pfAHHAzQoHTRQz8NXJO1qb0 ZOT/xs+2jkxB32mSQ1yAzl0nyGH4BzN3UkdmvwD7rOYgyoFCGeTOccuW/+WmzbE6GszK XOvFXubpsNEgbxFnIwLNyDx4CUJx5TITZ9r6WpmBYi21OoJAU+S7tbUd7LxIRo5Wh0xs Gv7mxi5VWUOSWkTZp4mBoK/7RPiMdx9nZnLFzusdm2R96ZCU5JffAXpTLigRK2J1H1OS +d2Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1741170608; x=1741775408; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=pWKZKslFax2kV4u5PDGKsv4N0lJQ1f1k8yO/foh+po0=; b=FFLecyAUOX18V52IxRJEbQk57pXjW1lcvExF/pn65GAVGaafQE+Qj8irhfPjvd7k9t B6OL15fLhMg+qK8pbzu95CybFmI/Hu9t6JbgaOH4Wa86fHRov3BFV/kBj57w49i2rzXF nc4GHCsbu6Z+143NBEmCxiuOY72V/Ud+4mr6xxE8sKS8ulZJHoik+1DVGRqwwNsvo+Qo 0aL4lTjMDoctR+QM8anU35ECAkBLfLwwypZ8LrODnlOmLAiy8dv68w8Cg5GxsNhs41s+ 8s9/MMGx4XgOmamEvE6dZbkg9jDdN8ZweDxExBBI6OdjXuujd7gUhfrURDg4YTbygcwz Wmaw== X-Forwarded-Encrypted: i=1; AJvYcCVqMBtUJF7frL/UnGJUuAsYMuTHnMOCDqpzDLOmwYInbJP+yi5NY0uJsKnLwk4W7gdkWidhbLj4hopKVJBk6Ig=@lists.infradead.org, AJvYcCWMvat5+29+NLFEz8Vv2Yi9awk7H8Zc+y1KJz1Te8jCLTGWT8L4TPJUVxiXAvQYcUV0ilEp2WJnoPuuoPq5K4Qe@lists.infradead.org X-Gm-Message-State: AOJu0Yy1PkhoHT5OXHcA/9C1wQWI4ApavCRC4SJ4XxVuXt6GUueCkKrm SAnIuVBB0cJNAXXqDBSpdGdat7oNZc6n2vXlt1L23q8qCMPkUVI2 X-Gm-Gg: ASbGnctIwgh3oA6hqcBOPS9jOgj4sRl5j4IBsFierm8pE3PSNIkSqUQT3f84hinapwE Q90wuDokT8MTflVmJC9CYz52uGQ0QQq6a9KacwCw9Xy9RokqAITjhobxHOuJy3XW+6F92OX6eF2 h0DcOQ4e+q66e7zdSXzyUcVrE5Wj54JyATHwbDkQWXdMrlxuytRmAwrvmQUX7dIr1dR6o8o2xjJ jAjIMoxoooAEu9EFDV8W2xrkGN1yg/LxWOJ+mYRPw320o0kq2Jkfkmis3abbbgVTyaZsaU+FcEE FMLpLhGCGcdCgtDZbxYvIf2lTfCbTyYkgNSC2+B4iQ5zTeqcqH14okyuuCAZ08cA7UYxalID3JX zvEgqUuGDXZvLyIPCSfE9tmW+9lW/g2R/F6W1dXTBWH/n8HrM9PuEe1yQCE8/Bw== X-Google-Smtp-Source: AGHT+IFexB2RNevlxHvMPAf8/WCLTLQ9IXmSXZbmZFMdhkY06Emnzf/hwS2/XrsP0oxSe3vo0bLssw== X-Received: by 2002:a17:907:3f15:b0:ac1:509:79b1 with SMTP id a640c23a62f3a-ac20d8bc9a1mr236165766b.20.1741170608493; Wed, 05 Mar 2025 02:30:08 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-ac1f7161a4esm247154266b.161.2025.03.05.02.30.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 05 Mar 2025 02:30:07 -0800 (PST) From: Eric Woudstra To: Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Ahmed Zaki , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, linux-hardening@vger.kernel.org, Kees Cook , "Gustavo A. R. Silva" , Eric Woudstra Subject: [PATCH v9 nf 04/15] netfilter: bridge: Add conntrack double vlan and pppoe Date: Wed, 5 Mar 2025 11:29:38 +0100 Message-ID: <20250305102949.16370-5-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250305102949.16370-1-ericwouds@gmail.com> References: <20250305102949.16370-1-ericwouds@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250305_023010_690581_2A85012B X-CRM114-Status: GOOD ( 14.25 ) X-BeenThere: linux-mediatek@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Linux-mediatek" Errors-To: linux-mediatek-bounces+linux-mediatek=archiver.kernel.org@lists.infradead.org This adds the capability to conntrack 802.1ad, QinQ, PPPoE and PPPoE-in-Q packets that are passing a bridge. Reviewed-by: Nikolay Aleksandrov Signed-off-by: Eric Woudstra --- net/bridge/netfilter/nf_conntrack_bridge.c | 83 ++++++++++++++++++---- 1 file changed, 71 insertions(+), 12 deletions(-) diff --git a/net/bridge/netfilter/nf_conntrack_bridge.c b/net/bridge/netfilter/nf_conntrack_bridge.c index 816bb0fde718..4b4e3751fb13 100644 --- a/net/bridge/netfilter/nf_conntrack_bridge.c +++ b/net/bridge/netfilter/nf_conntrack_bridge.c @@ -242,53 +242,112 @@ static unsigned int nf_ct_bridge_pre(void *priv, struct sk_buff *skb, { struct nf_hook_state bridge_state = *state; enum ip_conntrack_info ctinfo; + int ret, offset = 0; struct nf_conn *ct; - u32 len; - int ret; + __be16 outer_proto; + u32 len, data_len; ct = nf_ct_get(skb, &ctinfo); if ((ct && !nf_ct_is_template(ct)) || ctinfo == IP_CT_UNTRACKED) return NF_ACCEPT; + switch (skb->protocol) { + case htons(ETH_P_PPP_SES): { + struct ppp_hdr { + struct pppoe_hdr hdr; + __be16 proto; + } *ph; + + offset = PPPOE_SES_HLEN; + if (!pskb_may_pull(skb, offset)) + return NF_ACCEPT; + outer_proto = skb->protocol; + ph = (struct ppp_hdr *)(skb->data); + switch (ph->proto) { + case htons(PPP_IP): + skb->protocol = htons(ETH_P_IP); + break; + case htons(PPP_IPV6): + skb->protocol = htons(ETH_P_IPV6); + break; + default: + nf_ct_set(skb, NULL, IP_CT_UNTRACKED); + return NF_ACCEPT; + } + data_len = ntohs(ph->hdr.length) - 2; + skb_pull_rcsum(skb, offset); + skb_reset_network_header(skb); + break; + } + case htons(ETH_P_8021Q): { + struct vlan_hdr *vhdr; + + offset = VLAN_HLEN; + if (!pskb_may_pull(skb, offset)) + return NF_ACCEPT; + outer_proto = skb->protocol; + vhdr = (struct vlan_hdr *)(skb->data); + skb->protocol = vhdr->h_vlan_encapsulated_proto; + data_len = U32_MAX; + skb_pull_rcsum(skb, offset); + skb_reset_network_header(skb); + break; + } + default: + data_len = U32_MAX; + break; + } + + ret = NF_ACCEPT; switch (skb->protocol) { case htons(ETH_P_IP): if (!pskb_may_pull(skb, sizeof(struct iphdr))) - return NF_ACCEPT; + goto do_not_track; len = skb_ip_totlen(skb); + if (data_len < len) + len = data_len; if (pskb_trim_rcsum(skb, len)) - return NF_ACCEPT; + goto do_not_track; if (nf_ct_br_ip_check(skb)) - return NF_ACCEPT; + goto do_not_track; bridge_state.pf = NFPROTO_IPV4; ret = nf_ct_br_defrag4(skb, &bridge_state); break; case htons(ETH_P_IPV6): if (!pskb_may_pull(skb, sizeof(struct ipv6hdr))) - return NF_ACCEPT; + goto do_not_track; len = sizeof(struct ipv6hdr) + ntohs(ipv6_hdr(skb)->payload_len); + if (data_len < len) + len = data_len; if (pskb_trim_rcsum(skb, len)) - return NF_ACCEPT; + goto do_not_track; if (nf_ct_br_ipv6_check(skb)) - return NF_ACCEPT; + goto do_not_track; bridge_state.pf = NFPROTO_IPV6; ret = nf_ct_br_defrag6(skb, &bridge_state); break; default: nf_ct_set(skb, NULL, IP_CT_UNTRACKED); - return NF_ACCEPT; + goto do_not_track; } - if (ret != NF_ACCEPT) - return ret; + if (ret == NF_ACCEPT) + ret = nf_conntrack_in(skb, &bridge_state); - return nf_conntrack_in(skb, &bridge_state); +do_not_track: + if (offset) { + skb_push_rcsum(skb, offset); + skb_reset_network_header(skb); + skb->protocol = outer_proto; + } + return ret; } static unsigned int nf_ct_bridge_in(void *priv, struct sk_buff *skb, From patchwork Wed Mar 5 10:29:39 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 14002468 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id E7F1BC282E3 for ; Wed, 5 Mar 2025 11:10:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=ukwtTV0ExXBJKM7v4LhbJXSMG6hQJqW8GgzzDxNF23M=; b=iGsEyBhvq1UERqqJDIcfxgfKaT ueYA98UVshCFWEfipVDeW6WKVT8Oh4uWIgtGp/eboIlDqVhyX62tfAbcbQmm1nZNmunAxF6nylLfL jzgcCmlBwuytUuMsraLzZeC7WWReiUF1wC6nYaIJZWM+ZSX5cRFFtDTFtkTF5JjHXINXc5EkU8i4t nMnmEF4lEezMab3dEOiD8F0pCM3gCwlcx+DtIBQ6Yd6qx11o9jyy98RJTao2js55RRRzFPBjhL8NN qRwVtcLKRfh+yDbw5IZQKhmYxsekIFrYORXodymm1Y6X9Af5G1r0Svv5kKDatMrVDWdB5b1E7JqLc oZcdVy5Q==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1tpmdn-00000007oPx-0GwA; Wed, 05 Mar 2025 11:10:19 +0000 Received: from mail-ej1-x636.google.com ([2a00:1450:4864:20::636]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1tpm0x-00000007gRP-2OOb; Wed, 05 Mar 2025 10:30:12 +0000 Received: by mail-ej1-x636.google.com with SMTP id a640c23a62f3a-ac1f5157c90so291427866b.0; Wed, 05 Mar 2025 02:30:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1741170610; x=1741775410; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=ukwtTV0ExXBJKM7v4LhbJXSMG6hQJqW8GgzzDxNF23M=; b=BPofwgjLiHD+aFrGOfZHuPRSSufS2OSF9PLBD/Y07wGueS6OKtu7dFTVDFS4e5145G 3Cb3qvVQQNZZNblo+TNKQAz4O+V+/akvgRmfzSLCFqs+U7siAWR5A5OqCiEad2i5+HR4 Z3mze9WJe3voC2cyzcMmjT/AzCiqnz+wRrN0+7ET3mNn2ZQaTJtn93faEuuVD/JTJa1F LLG6xei84Zn6J2rXE4FnbHNcbH2Mk/Oe80D4E6B/8jQnprCR8kHfc8GujbYs4Ba2O2ej iwdnWwrTOp5uMC5D6G7zcHcoOaFZHBzRQf7yFng3TKTr5z8NA/sUhgikkAM8PWtZWxzY 8tlg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1741170610; x=1741775410; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ukwtTV0ExXBJKM7v4LhbJXSMG6hQJqW8GgzzDxNF23M=; b=p0Jn9HUKYz5Hb7hgNNVzDV1R+aoGaWHpWHTUUVJIbQnDESaPwnA/AyvUEPlS3j5vsG p7e/pXQj+BW1Y3cEcntqjCxSXVtUJi592UHg8jOPIfWxYs+PYSvJaxRafh1agblYRafW 2i9ABOzReR0KCsB//ZFKJc2oIs1E2Z+T7OfjZEDSGfMPKpo+fL67IvlveJAFehvRWR3O VK1CUJOOw/LwAkko+aV0UFIn0FEj4pc/3EosBtkxKYcwBLkvdrBepLSvkdvrwgziejAl vOR8gwqQmNc7EBQRzXfEHuZf7DgXNX97ObP2u8ZHKxV7CHDChTseIGhzJjRWl+OjoaH/ eMrQ== X-Forwarded-Encrypted: i=1; AJvYcCUOHqOlRQvssS+l8zZFxK3svOWc/ZqiZPZkHteUIj+8JWTtO2fRDoLppMEN6UlZ5jXR7jIxzVjPTsPIRz264Tk=@lists.infradead.org, AJvYcCVTveet5CTBwWKEQsnXv08yOv13fxx2e4Pa2PiUSguRiCNBPmnHJf1qZaGusbf7S/RLsPviZJlehaWAEHAYAqbc@lists.infradead.org X-Gm-Message-State: AOJu0YwvvHkI8nwsb836yeWUZAMSBvym8WinMjawZTdL8nMNvd5eA4Vc y3A2RWz6KKy8C7f9jmvC3xLtOMxbBvF2MdEfQAaWfjaQUeQsb5V3 X-Gm-Gg: ASbGnct2Ct8qKNxCzfoeU8mCrrsgew2K8d2LOQUthxQmSrdzETj/u2iKj5T3FeoAMdy UZcbGA6hAxmQJqsdC5CHrdaBdUNUEAYM9sZIvOoQ6BCtl0/Ypcfmx10aQnUETwzGhkL0g0P9kho iWjz9s/0hNs40kqDIbreMSrIxhKdVBvMxwAyaA8YhgFkF+dbDkiCxGTMNPo9vaUTAcO6KqtFzrI V+r7Hs/Mp38xbPwrVGTCBeKfOLp+t1VECQJzSBgOmyU378lhy0foGq9Ytfpi91GuAk9WVpREfdU 4JdtAijhC5UHzktP4GtEIFJhx0SvjbPpWD8pGCQEKJXr58b+9d2ZkpG4KtCaI54MPCg9gxfTo/P HZk/R7qeu7ojapFfMAGN/RkFnNnxQs+8reGrOZDw9YgN6vNmGfPgGGU7Htmiq8w== X-Google-Smtp-Source: AGHT+IHxPPtoLfRPnCkh6koJ/eG/1JnXDYqS7eXulrdGgVMhsQC/yU7G5LKQ+8CrzPKHzBnta10/cQ== X-Received: by 2002:a17:906:d54c:b0:abf:6f37:57df with SMTP id a640c23a62f3a-ac20e03ab40mr291110966b.51.1741170609587; Wed, 05 Mar 2025 02:30:09 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-ac1f7161a4esm247154266b.161.2025.03.05.02.30.08 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 05 Mar 2025 02:30:09 -0800 (PST) From: Eric Woudstra To: Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Ahmed Zaki , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, linux-hardening@vger.kernel.org, Kees Cook , "Gustavo A. R. Silva" , Eric Woudstra Subject: [PATCH v9 nf 05/15] netfilter: nft_chain_filter: Add bridge double vlan and pppoe Date: Wed, 5 Mar 2025 11:29:39 +0100 Message-ID: <20250305102949.16370-6-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250305102949.16370-1-ericwouds@gmail.com> References: <20250305102949.16370-1-ericwouds@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250305_023011_608552_0F2FCD29 X-CRM114-Status: GOOD ( 12.15 ) X-BeenThere: linux-mediatek@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Linux-mediatek" Errors-To: linux-mediatek-bounces+linux-mediatek=archiver.kernel.org@lists.infradead.org This adds the capability to evaluate 802.1ad, QinQ, PPPoE and PPPoE-in-Q packets in the bridge filter chain. Reviewed-by: Nikolay Aleksandrov Signed-off-by: Eric Woudstra --- net/netfilter/nft_chain_filter.c | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/net/netfilter/nft_chain_filter.c b/net/netfilter/nft_chain_filter.c index 19a553550c76..7c7080c1a67d 100644 --- a/net/netfilter/nft_chain_filter.c +++ b/net/netfilter/nft_chain_filter.c @@ -232,11 +232,27 @@ nft_do_chain_bridge(void *priv, struct sk_buff *skb, const struct nf_hook_state *state) { + struct ethhdr *ethh = eth_hdr(skb); struct nft_pktinfo pkt; + int thoff; nft_set_pktinfo(&pkt, skb, state); - switch (eth_hdr(skb)->h_proto) { + switch (ethh->h_proto) { + case htons(ETH_P_PPP_SES): + thoff = PPPOE_SES_HLEN; + ethh += thoff; + break; + case htons(ETH_P_8021Q): + thoff = VLAN_HLEN; + ethh += thoff; + break; + default: + thoff = 0; + break; + } + + switch (ethh->h_proto) { case htons(ETH_P_IP): nft_set_pktinfo_ipv4_validate(&pkt); break; @@ -248,6 +264,8 @@ nft_do_chain_bridge(void *priv, break; } + pkt.thoff += thoff; + return nft_do_chain(&pkt, priv); } From patchwork Wed Mar 5 10:29:40 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 14002475 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 4F3B7C19F32 for ; Wed, 5 Mar 2025 11:13:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=IM1kXQjhThZXDzCIWTKLQoY0aGhS2pSnBiHrFmA8ll0=; b=OjIPAzNGL7s2IzhC6VdkAYCoiL I/uUce6B8mI7V7JmBhFOGIFE27sUaTfsC/aHSI7es0qe5vF+9cMCCtibcPWSHKvXMb0vt7EHZPwoE FwQjhH5fsHqkLn78v3rZZBxVMnHy6sFpt4cAEMJYcOvQt8uaV+pz59WuYsABECiJqSMcsy4KSwY4/ 15F4JgO+6w2weXmYf/gj3vfWjSrogkC41OpG/zQ2ib+gFc2YyKT+Mi/evPlf3JlZd7E6eoKaaQ7Lj wT6BBrfR3CLMfoKXKjYGgvoWa3dAcQm6lHPf6Jgu9jelY/V0d37IY3DwCY+o8EaPnptnl6NYuNc0P Ak9tv6Cw==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1tpmgw-00000007oxk-1Rhn; Wed, 05 Mar 2025 11:13:34 +0000 Received: from mail-ej1-f45.google.com ([209.85.218.45]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1tpm0z-00000007gS5-0qb9; Wed, 05 Mar 2025 10:30:14 +0000 Received: by mail-ej1-f45.google.com with SMTP id a640c23a62f3a-ab744d5e567so121603766b.1; Wed, 05 Mar 2025 02:30:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1741170611; x=1741775411; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=IM1kXQjhThZXDzCIWTKLQoY0aGhS2pSnBiHrFmA8ll0=; b=gQJnojnjoU9XTltkLd3u3YV71NIVXu3Q6TjiF6HOPpjkr2EnzpbgUw2YIBuI/9se0b uSpiWgMykW4CcoQSCdupZmd/7DAKjXUo5kBfdTBcqFJM/tDI1EEGYo1icWSZrmremCy0 Ms1ctH1dDVLN2PVqwittNQxqcD13GXyB9b+Q8lUTI+vQKoJ2OfKA8iIQB+2lEkds1hIC tDdDQGInuKO9jQAe5UfkwbFQ17VGeRg46vUwlSfRlDjDRmPVdfZ9pLciBYu0hxo2cczU ydu0pvw2E4AhLk7XmifG7a0EWaI+CsgE3r7/R/44y42AYy3qZsW4Hx9nUDq+G/kwuyBL 5GSA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1741170611; x=1741775411; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=IM1kXQjhThZXDzCIWTKLQoY0aGhS2pSnBiHrFmA8ll0=; b=tBIwEadE678KepcsmpS7U1QIqXhuSnDM0TyFYdWx1yYyXXfelZn/Eu0v4ey8ecjX4l zjVaE05U0hOChFKRTiz5CBG2hUWvzWtX7CVDAHTh4szbw/KcvQwqMOZyiNz35y0YgzLE 3LG2HP3lAnwMA0BTkEV+rxkO++a0AjCa1D4vM9Bfga08UJo8yZOkz9ae1b1inxhGEFn/ nLTCo1kIhuEbD+NuyDYfqcIv9jkd/21+9VoOjXC0rzygiHb73gz5YrNS7ggh6FE3+M9y U1d2d4u/WhE7s9bV4JfdN2UMzsxCvXyP+a+oN5Gf2ah/5ISwlLjEvikl2/uy/DqpEdty 2mTg== X-Forwarded-Encrypted: i=1; AJvYcCUN5gSyVqGnZOeNkfOuJ0ArzHHvdwDUZlhaSC8suqOUw1UwSk59+lKOw1fN7IakgNflMJhYGTzyUKlM+v6kyLI=@lists.infradead.org, AJvYcCUhezU6qkdCh4ydYeIyIM065k24t9JlC8FSf9nFr5OoAvP041TZCeXHKmk2cpUKRHWAFVLqAtb68SEsaGgYCZML@lists.infradead.org X-Gm-Message-State: AOJu0YyAI34swKyg0PMX4HeNnw8MQslNHUz3yjpOT/elkqHezAYKZExB 0zaX9+nj+zNBtblTN2rKNTb63GB0ps2f1NCYjki46LVtv/t/R3aI X-Gm-Gg: ASbGncvHn5bfk4NU4o1mbXZs3k/HMYvYGUthqkVNE53sIehGk2W2I7492PCSyca2DUv 7S7jg/OauLucalAGg5f0dTz2tmi/FiS+nVhXVdfi8zuyfBrVGF5NEx97xbokBs60Z4L2NbuJtC7 X+V+Il4CT3jWnfr+8jEXxe97VLxEDR22X7bdDBkietl/x18t3PnrkyPUMLxCrCfcTsKFVtCIDNy C8DSDTNNIgieG2H3ha6O83ZUFHH2AalUhJZWocvbVbG5rJd3ECLfMteLqAeK/YLAz49RgDG2hHP ZCLBPlzlhLSdBLi0KZQ9455QMFFxTJ28sWq/w06fBGR1Xh0YIrNRhE3qnnnSbgloIy9v+fumvt6 +7TD5+Yxb61VSAbmxK3zZLvJUdZQIAYVDcEA+nytLCStvpgsNEPm1AWmbQcAvYw== X-Google-Smtp-Source: AGHT+IGUiR/Ewb64RsvjGNeJXBn0Ed+9S8empXfVW8h4ZmJBkjiI9NUn/Px8AChfgHjCFcCWMHNHpA== X-Received: by 2002:a17:907:3f9c:b0:ac1:e08c:6ac8 with SMTP id a640c23a62f3a-ac20ecf947emr220727966b.2.1741170610822; Wed, 05 Mar 2025 02:30:10 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-ac1f7161a4esm247154266b.161.2025.03.05.02.30.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 05 Mar 2025 02:30:10 -0800 (PST) From: Eric Woudstra To: Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Ahmed Zaki , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, linux-hardening@vger.kernel.org, Kees Cook , "Gustavo A. R. Silva" , Eric Woudstra Subject: [PATCH v9 nf 06/15] bridge: Add filling forward path from port to port Date: Wed, 5 Mar 2025 11:29:40 +0100 Message-ID: <20250305102949.16370-7-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250305102949.16370-1-ericwouds@gmail.com> References: <20250305102949.16370-1-ericwouds@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250305_023013_250973_E3C444C3 X-CRM114-Status: GOOD ( 16.62 ) X-BeenThere: linux-mediatek@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Linux-mediatek" Errors-To: linux-mediatek-bounces+linux-mediatek=archiver.kernel.org@lists.infradead.org If a port is passed as argument instead of the master, then: At br_fill_forward_path(): find the master and use it to fill the forward path. At br_vlan_fill_forward_path_pvid(): lookup vlan group from port instead. Changed call to br_vlan_group() into br_vlan_group_rcu() while at it. Acked-by: Nikolay Aleksandrov Signed-off-by: Eric Woudstra --- net/bridge/br_device.c | 19 ++++++++++++++----- net/bridge/br_private.h | 2 ++ net/bridge/br_vlan.c | 6 +++++- 3 files changed, 21 insertions(+), 6 deletions(-) diff --git a/net/bridge/br_device.c b/net/bridge/br_device.c index 9d8c72ed01ab..02eb23e8aab8 100644 --- a/net/bridge/br_device.c +++ b/net/bridge/br_device.c @@ -383,16 +383,25 @@ static int br_del_slave(struct net_device *dev, struct net_device *slave_dev) static int br_fill_forward_path(struct net_device_path_ctx *ctx, struct net_device_path *path) { + struct net_bridge_port *src, *dst; struct net_bridge_fdb_entry *f; - struct net_bridge_port *dst; struct net_bridge *br; - if (netif_is_bridge_port(ctx->dev)) - return -1; + if (netif_is_bridge_port(ctx->dev)) { + struct net_device *br_dev; + + br_dev = netdev_master_upper_dev_get_rcu((struct net_device *)ctx->dev); + if (!br_dev) + return -1; - br = netdev_priv(ctx->dev); + src = br_port_get_rcu(ctx->dev); + br = netdev_priv(br_dev); + } else { + src = NULL; + br = netdev_priv(ctx->dev); + } - br_vlan_fill_forward_path_pvid(br, ctx, path); + br_vlan_fill_forward_path_pvid(br, src, ctx, path); f = br_fdb_find_rcu(br, ctx->daddr, path->bridge.vlan_id); if (!f) diff --git a/net/bridge/br_private.h b/net/bridge/br_private.h index 1054b8a88edc..a0b950390a16 100644 --- a/net/bridge/br_private.h +++ b/net/bridge/br_private.h @@ -1584,6 +1584,7 @@ bool br_vlan_can_enter_range(const struct net_bridge_vlan *v_curr, const struct net_bridge_vlan *range_end); void br_vlan_fill_forward_path_pvid(struct net_bridge *br, + struct net_bridge_port *p, struct net_device_path_ctx *ctx, struct net_device_path *path); int br_vlan_fill_forward_path_mode(struct net_bridge *br, @@ -1753,6 +1754,7 @@ static inline int nbp_get_num_vlan_infos(struct net_bridge_port *p, } static inline void br_vlan_fill_forward_path_pvid(struct net_bridge *br, + struct net_bridge_port *p, struct net_device_path_ctx *ctx, struct net_device_path *path) { diff --git a/net/bridge/br_vlan.c b/net/bridge/br_vlan.c index d9a69ec9affe..a18c7da12ebd 100644 --- a/net/bridge/br_vlan.c +++ b/net/bridge/br_vlan.c @@ -1441,6 +1441,7 @@ int br_vlan_get_pvid_rcu(const struct net_device *dev, u16 *p_pvid) EXPORT_SYMBOL_GPL(br_vlan_get_pvid_rcu); void br_vlan_fill_forward_path_pvid(struct net_bridge *br, + struct net_bridge_port *p, struct net_device_path_ctx *ctx, struct net_device_path *path) { @@ -1453,7 +1454,10 @@ void br_vlan_fill_forward_path_pvid(struct net_bridge *br, if (!br_opt_get(br, BROPT_VLAN_ENABLED)) return; - vg = br_vlan_group(br); + if (p) + vg = nbp_vlan_group_rcu(p); + else + vg = br_vlan_group_rcu(br); if (idx >= 0 && ctx->vlan[idx].proto == br->vlan_proto) { From patchwork Wed Mar 5 10:29:41 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 14002478 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 268DDC19F32 for ; Wed, 5 Mar 2025 11:19:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=XruRHgHNa4U+aD5EhN/5bdzeM8wMLCsm+ZTeJKtfedw=; b=K/ycSVMJOyWtBZUrI8DRues/V/ /9NeGUomxvBpwR7Rt9Pm4fvZE0DaOFSrbyy6zMTnSWD0sVb8cjw5EEFhB5l0FRzLug4CjXyChnTdJ iIhclciq+qqNVR//TgC4XIw6Gv8MFHDX1rYIVRA7y29CJZOG40GKVPRM9jQC5k9RUd3sc7lfAt81e F7ZzZQzh929wvoO4WXnTr9xdoDgRkFgDNJQYM2kdun3PKiIIPjRtRp2e0S3ANBVxrE3/ZW47P3yir 1+hjedHvxJB66u595jlIWhULVGSFg+lN2nCU9QHL5WoztCz7rvpy/tn8bvBelbQ9rwMJzlPbANrrI iWSdZDTQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1tpmmB-00000007pev-1LjO; Wed, 05 Mar 2025 11:18:59 +0000 Received: from desiato.infradead.org ([2001:8b0:10b:1:d65d:64ff:fe57:4e05]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1tpm14-00000007gUS-27Xe; Wed, 05 Mar 2025 10:30:18 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=desiato.20200630; h=Content-Transfer-Encoding:MIME-Version :References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From:Sender:Reply-To: Content-Type:Content-ID:Content-Description; bh=XruRHgHNa4U+aD5EhN/5bdzeM8wMLCsm+ZTeJKtfedw=; b=JdlTAMkNwgUrYAWaY29GMELe9Y 85hNrSnj4qmy+9qDYZVJec4KL+NVyVoRfC/ecViJB+NLOzTNmXYJ9Isf0cXEVmPt1NE/VTjhZ9874 +q089CdAya5HBY5+CazaEUk0n5lCB7pOUWqtvbLiWpzULlwFGJBgIy54gwoI61joNfRZNAHXMJCuR YzmvpDuVoqL6/Yx9mtrJA/6qXShF68rckdjcjM5K+EerJ/oFXnSByecdxHBs9B4BhHX9jzakMtOJB mg1hVueVFELT+eoTboFJdyXHvAc6ysLIZBYIMfRuwWsto5HPn6SnymS3bIvLuPvpaHsBXNuCh6sNq 9+jH3VVQ==; Received: from mail-ed1-x531.google.com ([2a00:1450:4864:20::531]) by desiato.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1tpm11-00000000TCD-2Vub; Wed, 05 Mar 2025 10:30:17 +0000 Received: by mail-ed1-x531.google.com with SMTP id 4fb4d7f45d1cf-5e52c1c3599so5637931a12.2; Wed, 05 Mar 2025 02:30:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1741170612; x=1741775412; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=XruRHgHNa4U+aD5EhN/5bdzeM8wMLCsm+ZTeJKtfedw=; b=KN/PZRYjktYFOocDouVhL53r3NlU3AoPlTJ5GTFCv8wrzkn/rJhgdJQR/7c5i7w35k JLWA/n4i6hv4vMz1iiAaLOCZEuxPTLlwSJvT3VMjPUexf8KxkZAkamwimDgWKOvoESC7 wNVpliniW2qhser8gTECzw9l+kR5jwQv5NmCLSv0u/NzC+xHmR4m/zfagoxrANTJYnSs jq4/NTyNoV6C1sObrMTgCBr+NKSwlAEFtmeqdT9kk0qLQTnEJgdK7jsj9jCCZTApj1nr xF9dOQoMl/6YiABh6Esi3V3WRBPoEP4nP6r8ErfE8v7pUamPv4X7QFrhCOxFZxck8qTc jy1Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1741170612; x=1741775412; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=XruRHgHNa4U+aD5EhN/5bdzeM8wMLCsm+ZTeJKtfedw=; b=atzdBwEx9PVgiPeI5TCcot1oNXjjZYUYPZB0lg8o6W5FB9JQnzj8qMCuB73gd9VXC9 TQSobYeZ1jXA3Q464o+MGH+mqyhYSLMKd4TvM+uJMbEX+KWY7l3z9S7SGoEFEn++0Y4f GdQq08Jn5aefdC8duzttgIEvSkAZOzLz0o+5yXKWKZEM2c2Oji2Jwb0Qq2IHyoi8DdRC pK1XHwrRq+CPzRJH+wmWot49KfF3Kqzb3R/GsLgOzXjzcZPB/QGq14uHDUVduKIIiXGW Pi4+NQgVACrievc241v60kREbKJK0Y6aLGpwiVMPRCmPhWPtKN4WpmE70dOvIXSuWQT+ 2AJw== X-Forwarded-Encrypted: i=1; AJvYcCWdgxKrZcp9lVw7Dtu2zy1xc+AFBtoBJDh5DLybz0+FyUDZDB3EeHIfZrPJ9ogmDE/xVvyX7XzyiARuhWijLncp@lists.infradead.org, AJvYcCX/q2TX/qraa2fvT+W8I3ieZhEtlb9rk7wwPGslqPvDzV137Y1dpTKgu7z91MEUQ4fvbyou3e3TogRMVs42hCs=@lists.infradead.org X-Gm-Message-State: AOJu0Yxt8WY8+r6OwPmz9d9euJoCywK3M5Y/CRA/WJZ1js4Lpu10k9WS 7ZdazVYEB63Si8T/fMnqmbNL63X+acLvhrdYKkgzpohJyot+brEn X-Gm-Gg: ASbGnct6SOrO7072XSKBNtJhyleRLjfZOOEVA6g7PcaxmEEVlHHRLEyF4OMRAQUrPnD JEF2kMTLnkjFbJjeihTa3MC9gNFrgQ3CoWSWcsg5Bz7O3jr+ODynyOogi2QEEEisoHqwkgePJ8m LoV+SnixZe1ENRH8L8MaujokR5cWR4a5HegeBWL9mkWpndDv6IPUTtyMCHeDLX6L7xH09ymgUL2 xiT850qcNMEco7hhjBo/ungZ+aTjjrrWrRx3w5M97I0pbg3dEVFSmjPZbuZxv5pxs/8jmoUIS3M rhvfNTVEerXxsgrBTS1kuouMHKgs9WZHGqcvzJQa9iSXkd6r3o4+c/EMI7et/hdhkYCGyFxj/yz Md/bOzKEKwf5GAbhj1obbCYZBDIjczc2L8vLb2CZ2g5Wxy4WyIx7eQ9SoKJB+FA== X-Google-Smtp-Source: AGHT+IGWn08A2DSO8MVNqGyk+bS/v/k3a0mXwDhZkKNPGgmv7Ei/GzcOqONoOScVVDEII0Mp72AZ4Q== X-Received: by 2002:a17:907:1c84:b0:ac2:473:7f35 with SMTP id a640c23a62f3a-ac20e03dcc8mr267370466b.55.1741170612157; Wed, 05 Mar 2025 02:30:12 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-ac1f7161a4esm247154266b.161.2025.03.05.02.30.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 05 Mar 2025 02:30:11 -0800 (PST) From: Eric Woudstra To: Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Ahmed Zaki , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, linux-hardening@vger.kernel.org, Kees Cook , "Gustavo A. R. Silva" , Eric Woudstra Subject: [PATCH v9 nf 07/15] net: core: dev: Add dev_fill_bridge_path() Date: Wed, 5 Mar 2025 11:29:41 +0100 Message-ID: <20250305102949.16370-8-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250305102949.16370-1-ericwouds@gmail.com> References: <20250305102949.16370-1-ericwouds@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250305_103015_732148_A82BAE73 X-CRM114-Status: GOOD ( 17.45 ) X-BeenThere: linux-mediatek@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Linux-mediatek" Errors-To: linux-mediatek-bounces+linux-mediatek=archiver.kernel.org@lists.infradead.org New function dev_fill_bridge_path(), similar to dev_fill_forward_path(). It handles starting from a bridge port instead of the bridge master. The structures ctx and nft_forward_info need to be already filled in with the (vlan) encaps. Reviewed-by: Nikolay Aleksandrov Signed-off-by: Eric Woudstra --- include/linux/netdevice.h | 2 ++ net/core/dev.c | 66 +++++++++++++++++++++++++++++++-------- 2 files changed, 55 insertions(+), 13 deletions(-) diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h index 7ab86ec228b7..81cdad85d9f1 100644 --- a/include/linux/netdevice.h +++ b/include/linux/netdevice.h @@ -3318,6 +3318,8 @@ void dev_remove_offload(struct packet_offload *po); int dev_get_iflink(const struct net_device *dev); int dev_fill_metadata_dst(struct net_device *dev, struct sk_buff *skb); +int dev_fill_bridge_path(struct net_device_path_ctx *ctx, + struct net_device_path_stack *stack); int dev_fill_forward_path(const struct net_device *dev, const u8 *daddr, struct net_device_path_stack *stack); struct net_device *__dev_get_by_flags(struct net *net, unsigned short flags, diff --git a/net/core/dev.c b/net/core/dev.c index 2dc705604509..d0810f052d3a 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -714,44 +714,84 @@ static struct net_device_path *dev_fwd_path(struct net_device_path_stack *stack) return &stack->path[k]; } -int dev_fill_forward_path(const struct net_device *dev, const u8 *daddr, - struct net_device_path_stack *stack) +static int dev_fill_forward_path_common(struct net_device_path_ctx *ctx, + struct net_device_path_stack *stack) { const struct net_device *last_dev; - struct net_device_path_ctx ctx = { - .dev = dev, - }; struct net_device_path *path; int ret = 0; - memcpy(ctx.daddr, daddr, sizeof(ctx.daddr)); - stack->num_paths = 0; - while (ctx.dev && ctx.dev->netdev_ops->ndo_fill_forward_path) { - last_dev = ctx.dev; + while (ctx->dev && ctx->dev->netdev_ops->ndo_fill_forward_path) { + last_dev = ctx->dev; path = dev_fwd_path(stack); if (!path) return -1; memset(path, 0, sizeof(struct net_device_path)); - ret = ctx.dev->netdev_ops->ndo_fill_forward_path(&ctx, path); + ret = ctx->dev->netdev_ops->ndo_fill_forward_path(ctx, path); if (ret < 0) return -1; - if (WARN_ON_ONCE(last_dev == ctx.dev)) + if (WARN_ON_ONCE(last_dev == ctx->dev)) return -1; } - if (!ctx.dev) + if (!ctx->dev) return ret; path = dev_fwd_path(stack); if (!path) return -1; path->type = DEV_PATH_ETHERNET; - path->dev = ctx.dev; + path->dev = ctx->dev; return ret; } + +int dev_fill_bridge_path(struct net_device_path_ctx *ctx, + struct net_device_path_stack *stack) +{ + const struct net_device *last_dev, *br_dev; + struct net_device_path *path; + + stack->num_paths = 0; + + if (!ctx->dev || !netif_is_bridge_port(ctx->dev)) + return -1; + + br_dev = netdev_master_upper_dev_get_rcu((struct net_device *)ctx->dev); + if (!br_dev || !br_dev->netdev_ops->ndo_fill_forward_path) + return -1; + + last_dev = ctx->dev; + path = dev_fwd_path(stack); + if (!path) + return -1; + + memset(path, 0, sizeof(struct net_device_path)); + if (br_dev->netdev_ops->ndo_fill_forward_path(ctx, path) < 0) + return -1; + + if (!ctx->dev || WARN_ON_ONCE(last_dev == ctx->dev)) + return -1; + + return dev_fill_forward_path_common(ctx, stack); +} +EXPORT_SYMBOL_GPL(dev_fill_bridge_path); + +int dev_fill_forward_path(const struct net_device *dev, const u8 *daddr, + struct net_device_path_stack *stack) +{ + struct net_device_path_ctx ctx = { + .dev = dev, + }; + + memcpy(ctx.daddr, daddr, sizeof(ctx.daddr)); + + stack->num_paths = 0; + + return dev_fill_forward_path_common(&ctx, stack); +} EXPORT_SYMBOL_GPL(dev_fill_forward_path); /* must be called under rcu_read_lock(), as we dont take a reference */ From patchwork Wed Mar 5 10:29:42 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 14002542 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 44E50C282E3 for ; Wed, 5 Mar 2025 12:18:42 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=MAJ1+kbz8lZ4YwPg+OV3VOfAm0Jd01XhEIX1QeYwh3U=; b=IWhGwsxaGeMkQes5Mt1OLdCE6S sos/Bwb7wPvy+WII3AvHD1xbVM/A+Uu3eKUU85QxRLj2IsMm1IeV1dnQsYUak8JeXw+pSbxOUb/vg BjWPIp3EGvczPt2WSWJUoar3GDve0AgBBUQNLbfVuUZFIgcoGLPLoTRYukoP3A4yTh9vzCjQxy8XU cGNgJoCIUP5erHE8QPhyYcMLUnhF4dR5jAfY/+E7TtkwCyxYLBXcoTxVpRQPmgvuO5v3I06wTlw54 QVpkwRLdp7iPInwvk68XAgGqPXHcjyPAa+MB1ZSWy7gbfWk8UbDYlyEcnHsd6G7bReZuv3SVpvsuu NJuOd+Lw==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1tpnhx-00000007zSJ-49ga; Wed, 05 Mar 2025 12:18:41 +0000 Received: from mail-ed1-x52a.google.com ([2a00:1450:4864:20::52a]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1tpm11-00000007gTJ-10Lp; Wed, 05 Mar 2025 10:30:16 +0000 Received: by mail-ed1-x52a.google.com with SMTP id 4fb4d7f45d1cf-5e058ca6806so10953167a12.3; Wed, 05 Mar 2025 02:30:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1741170613; x=1741775413; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=MAJ1+kbz8lZ4YwPg+OV3VOfAm0Jd01XhEIX1QeYwh3U=; b=TwoitJDFWfwqTdJgPuuSejmYk3lSrygONh5QeUrW3ru4hnmLmPzZiTjiH0YreDenrn YFDtCXb0RMU+z9JZIDXBUbh91f1uWcgk47h0+cyshpfmSoKb+66rkjtHulcFXCRjWEVI kAZlEYTp1hXddh+vQuJq6/vzl5+oinUVIGYpIjkRXTC0pKcGqaaw2MKp/itsv6TNRF2g 7RODzKScLNx4+019eDbp/zSewoc7HpR/tAS0sXnx8nZJDIyZ5xtyUWi5O8HzGDcayXLu FPpZFFViZVlBzdZHnDGlVZIMQWwUOCBte6SslHNk2mZ3dNRuj3rqSz3DYcIbF5J7F7/8 Ejag== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1741170613; x=1741775413; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=MAJ1+kbz8lZ4YwPg+OV3VOfAm0Jd01XhEIX1QeYwh3U=; b=R8IhQwY1S7kW7s91TluhkR7wzJBH0sSCd76zCL0d/SD1hPabYJcTDWNAKUdNHTFtKl 0QNgJ02HYIgUyOq5rMAdi/KJET8Q0Euv+qQ0H8Kp3EI0K5y0TDtBCPcZGJELBHmqbBkG iHKCTDdmvHUGHVZOBtbdOJd7Fpz6v72vlMoe5WLmQFiU/GTfyLka6HPlp5ur0Lgrtbog roAtPE2I++IkmydRiom3H4cmAeFLkfMQ6lA7ZQ9WQAD+oeY56ZCZUl6rTXLFGqGb9d/8 vEaj3pxPfotq0Y+CaQVz/tup8o4lm98gvDIRuCiCvsdPyl1P9eZtfeYGZLqP2+4IngEK 4XTA== X-Forwarded-Encrypted: i=1; AJvYcCU5w7yF4jmr1bURaYgtppI0efF9puvNhgOsMY7IqPDzaqW+F0h9fuNRQXFCED+bTHJMzTspoL1fA4ofYEolhMTs@lists.infradead.org, AJvYcCWtQCUFz71Tnc224TRcP1sUOC2wMHTqW5SguAhuJRT7/Xagned9p0ADYLpPUth93XqDukb6kv2NOU3VZA5Lw3k=@lists.infradead.org X-Gm-Message-State: AOJu0YxGQ8S+vzGNjbiOr6w/wBHrmoWNMnPVxSTMx3sQy4E450H8c53w 9Bhp4NaPZvRTu347AyEnAOO9nnfvR6VIdS3DSQ1RH8pfZNr1NP15 X-Gm-Gg: ASbGncuWIhMF3sMipNLTIUiDEMj7mW+XiuqENh+AdWOLVzc2XWh0zWLsOPaLhq/cmCl 2SBCkyfmBCOM0pVFwL6imz3DmJHOs8MQFlgoUJxao9FVRcUcGAyf48+r7ZaqMtXPu7vqgykVkfQ jdw0ceZ84EwvVnmJMk9eiB5ZsWwUjvjxBVRSGbxW1ba93G+CXBSVn0Ngr3k2s9fueYr+gtkbOn+ S4fOsRMbKP/onFgr6RTLHQoROFRA2wWaTLjVQnIw23bxcnhiU0Ym6BIlbPGPaWHVFfdvUsrFNOa eK3mYpUFaaP0AEpDTB6LoVRUpw5xiFKPESOunv93uXd3oGFf/ILWicAwr7sOpc6xtQM8d9Rct7Z 7K1COFM1as3X72mYrU54xftQHJ/snwL0fAw6G+aSLB26DkdPMTRI79FvFiAM49Q== X-Google-Smtp-Source: AGHT+IHkGwcjTfVbXx6eVRlSW1bPJWg7ABfB6LE3pcI1ePV03v0+a0Kiykk4HhykJH2czK6vrMyHQg== X-Received: by 2002:a17:907:8b9a:b0:ac2:c1e:dff0 with SMTP id a640c23a62f3a-ac20dac2643mr219805866b.19.1741170613297; Wed, 05 Mar 2025 02:30:13 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-ac1f7161a4esm247154266b.161.2025.03.05.02.30.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 05 Mar 2025 02:30:12 -0800 (PST) From: Eric Woudstra To: Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Ahmed Zaki , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, linux-hardening@vger.kernel.org, Kees Cook , "Gustavo A. R. Silva" , Eric Woudstra Subject: [PATCH v9 nf 08/15] netfilter :nf_flow_table_offload: Add nf_flow_rule_bridge() Date: Wed, 5 Mar 2025 11:29:42 +0100 Message-ID: <20250305102949.16370-9-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250305102949.16370-1-ericwouds@gmail.com> References: <20250305102949.16370-1-ericwouds@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250305_023015_295474_A0CB07B8 X-CRM114-Status: GOOD ( 10.61 ) X-BeenThere: linux-mediatek@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Linux-mediatek" Errors-To: linux-mediatek-bounces+linux-mediatek=archiver.kernel.org@lists.infradead.org Add nf_flow_rule_bridge(). It only calls the common rule and adds the redirect. Reviewed-by: Nikolay Aleksandrov Signed-off-by: Eric Woudstra --- include/net/netfilter/nf_flow_table.h | 3 +++ net/netfilter/nf_flow_table_offload.c | 13 +++++++++++++ 2 files changed, 16 insertions(+) diff --git a/include/net/netfilter/nf_flow_table.h b/include/net/netfilter/nf_flow_table.h index 4ab32fb61865..a7f5d6166088 100644 --- a/include/net/netfilter/nf_flow_table.h +++ b/include/net/netfilter/nf_flow_table.h @@ -340,6 +340,9 @@ void nf_flow_table_offload_flush_cleanup(struct nf_flowtable *flowtable); int nf_flow_table_offload_setup(struct nf_flowtable *flowtable, struct net_device *dev, enum flow_block_command cmd); +int nf_flow_rule_bridge(struct net *net, struct flow_offload *flow, + enum flow_offload_tuple_dir dir, + struct nf_flow_rule *flow_rule); int nf_flow_rule_route_ipv4(struct net *net, struct flow_offload *flow, enum flow_offload_tuple_dir dir, struct nf_flow_rule *flow_rule); diff --git a/net/netfilter/nf_flow_table_offload.c b/net/netfilter/nf_flow_table_offload.c index d8f7bfd60ac6..3cc30ebfa6ff 100644 --- a/net/netfilter/nf_flow_table_offload.c +++ b/net/netfilter/nf_flow_table_offload.c @@ -679,6 +679,19 @@ nf_flow_rule_route_common(struct net *net, const struct flow_offload *flow, return 0; } +int nf_flow_rule_bridge(struct net *net, struct flow_offload *flow, + enum flow_offload_tuple_dir dir, + struct nf_flow_rule *flow_rule) +{ + if (nf_flow_rule_route_common(net, flow, dir, flow_rule) < 0) + return -1; + + flow_offload_redirect(net, flow, dir, flow_rule); + + return 0; +} +EXPORT_SYMBOL_GPL(nf_flow_rule_bridge); + int nf_flow_rule_route_ipv4(struct net *net, struct flow_offload *flow, enum flow_offload_tuple_dir dir, struct nf_flow_rule *flow_rule) From patchwork Wed Mar 5 10:29:43 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 14002711 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 35FDDC19F32 for ; Wed, 5 Mar 2025 13:33:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=6/OfFtkDCpNUsNNnB4udxCcQxzWSEZIHYYoj3YjYWKw=; b=d+RYL66pcV03+dnRjtrSBIzsNG w5TfAHJ3H32+ox/XiuxpQP8Yp0pxzkPvjX1e3yaSI4oREHcDZLY+ai4EzsQe6Ih70Uh/HSEknW1iW PLd7Be7R5Rc/sKMIkgeW9H+diOUnOFe4XlvOxmN2k5SccqZtAqZCRL/TdIfciClVOYAJbKkaisIus QyRl3WlVV6dT7toGdeHNmu8cDKNycEZgxjWlQmkH+4Ay6fiksXOrkjx6bJp6n9zUb6V/fQZ7XZ2Y9 B+5RcwU0MtssPeHqxbKqqgVs67E+mV+dgi2H9Yxtr6BTGKfAj2igxwMbQEM1AcYkbhOUggHLZvPEM DUGv4djA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1tposW-00000008Cat-44Dl; Wed, 05 Mar 2025 13:33:40 +0000 Received: from mail-ej1-x62f.google.com ([2a00:1450:4864:20::62f]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1tpm12-00000007gTm-2PzZ; Wed, 05 Mar 2025 10:30:17 +0000 Received: by mail-ej1-x62f.google.com with SMTP id a640c23a62f3a-aaec111762bso1221726166b.2; Wed, 05 Mar 2025 02:30:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1741170615; x=1741775415; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=6/OfFtkDCpNUsNNnB4udxCcQxzWSEZIHYYoj3YjYWKw=; b=faCcyBdykmJnZQX56xtRGrtkdYowMl8J0eN7fDOZOy51wdQga/aNMtcrJjrWgPPirw QAra1ZWtdn2uMyDFJUovE0CUszqfVhFLQNVN6CAhNErOCtRAjmOGJYN5SGTyOvFYNMyl thyuRS/e24/3Wv9G84/NIPFbkZF5K9/wKvqOomRKddsGo6IaRKo22BJk2kXvw9INK/cu zg9qGxs2G5B9ALUoAGLlRLgsZ/nX/wUCImGRDiy8nQbwQrY4Hs0jB00VZvmYJ1ZbHnxV e5fAwYr4aZ6K+M5aXJ2EH35+SDxxhJ5NZBamg1sjH0CC/wGZgsBSox0PtBgZ7rwwwCaA K7vw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1741170615; x=1741775415; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=6/OfFtkDCpNUsNNnB4udxCcQxzWSEZIHYYoj3YjYWKw=; b=fbugmmgbDi2gv6Le5bVW83mEYCRZI/yrdEruJImr+J7SNwWWjx5hOPgPQUMNJWtsLk UNtYPcHRUBjzxwcUc3ko0ExUTh1f7xtF7Xjhh3/E24HX3gHCjffQJckyVhOTd9u7hYYS EjP7xox9mpIUbS+eBQ3yhlTI5ACI49Uj/d3Kx5KGaGzUyDZZCQXkhE6B6XSBFwRV8B5P QOz7IRDC9UWK98l0a8+7i8OHmEhEOIR1KRrmfk8gh6T5eRjpiZBOLEOzK+MASkCR8xH5 wtkAeocQJ+DCr5FI74CoJpz5PN4zCfKWHbRHOt4JIgVo2IdTvm0GoyZYLDLthttA+qmD Uj6w== X-Forwarded-Encrypted: i=1; AJvYcCVn6v37qDs07q7A3TmDGL5guO6rrUg6g4Hhw5DKcLa+lwKp91s3U0o2vFa9QV9pwv118aOGMPQ+Fpv1CG17iYw=@lists.infradead.org, AJvYcCVy18JRwUYvNz/egR/CoKy00Yx/WZ2s2J4sIG7hfnNLuOxP4ofS8lj9TyzENgx7iNNaxNQxVhgpLbEApqS9pRS9@lists.infradead.org X-Gm-Message-State: AOJu0Yya7KNMtQtrfwKtQVpCfDH4gCePVfZlw+o3l2GmA4jmL+Gri2YC TEzHZ/UWfXTgItZlNo8/Xe5xNmn1fVGNxLKY94Ceet4wYtHdYHcl X-Gm-Gg: ASbGncu8krKtKyXlT401QVhZ3+MsafoWEpo6adMSPnQ7rWqdPZdLy4lEaw/Z2mjHwSb v91dE1YllmvvgzWkSZSlfUiCIcwCLWtvlnQ3PWhj1T8kuiLa5YnTaMeeCxhMSiGTGKb8l5OlzkO 9DNgdAZHg9lkCv5nv9Z2Ru+9achy2GofqWqGd+uvfH0zLDthOZYtIigYG6qGqICf2pW7Z6YdUJb 5xazxGqupZw0ZaryMY5dTurdBmnXhuhvo5xLaHKWqymSyiGtTLsd7SMJwnB+Na2b/jsJmxSt4Dk RyVeFn0jl4NXSECuAQZCfSCvR35H4E5vAXRi+fMpQzfX35d2Klj/1MgiqR1mrcMb4J74l3Qo9Ax VtGpgKM44chavsn9OM3Jn4cEdGQTEdkAbg+t59xVQ5nO/MIuSZDcXyX8F3zM7JQ== X-Google-Smtp-Source: AGHT+IE4FBEQwtKjza4fXvfpF7ocHLI/77Iaa2ed5/2y+GnUe2UR6+/DugyKaB64GhmbWBt7MA+dgw== X-Received: by 2002:a17:907:9726:b0:ac1:da09:5d32 with SMTP id a640c23a62f3a-ac20d84621cmr283526366b.6.1741170614628; Wed, 05 Mar 2025 02:30:14 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-ac1f7161a4esm247154266b.161.2025.03.05.02.30.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 05 Mar 2025 02:30:14 -0800 (PST) From: Eric Woudstra To: Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Ahmed Zaki , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, linux-hardening@vger.kernel.org, Kees Cook , "Gustavo A. R. Silva" , Eric Woudstra Subject: [PATCH v9 nf 09/15] netfilter: nf_flow_table_inet: Add nf_flowtable_type flowtable_bridge Date: Wed, 5 Mar 2025 11:29:43 +0100 Message-ID: <20250305102949.16370-10-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250305102949.16370-1-ericwouds@gmail.com> References: <20250305102949.16370-1-ericwouds@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250305_023016_612982_2DEEAC26 X-CRM114-Status: GOOD ( 12.07 ) X-BeenThere: linux-mediatek@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Linux-mediatek" Errors-To: linux-mediatek-bounces+linux-mediatek=archiver.kernel.org@lists.infradead.org This will allow a flowtable to be added to the nft bridge family. Reviewed-by: Nikolay Aleksandrov Signed-off-by: Eric Woudstra --- net/netfilter/nf_flow_table_inet.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/net/netfilter/nf_flow_table_inet.c b/net/netfilter/nf_flow_table_inet.c index b0f199171932..80b238196f29 100644 --- a/net/netfilter/nf_flow_table_inet.c +++ b/net/netfilter/nf_flow_table_inet.c @@ -65,6 +65,16 @@ static int nf_flow_rule_route_inet(struct net *net, return err; } +static struct nf_flowtable_type flowtable_bridge = { + .family = NFPROTO_BRIDGE, + .init = nf_flow_table_init, + .setup = nf_flow_table_offload_setup, + .action = nf_flow_rule_bridge, + .free = nf_flow_table_free, + .hook = nf_flow_offload_inet_hook, + .owner = THIS_MODULE, +}; + static struct nf_flowtable_type flowtable_inet = { .family = NFPROTO_INET, .init = nf_flow_table_init, @@ -97,6 +107,7 @@ static struct nf_flowtable_type flowtable_ipv6 = { static int __init nf_flow_inet_module_init(void) { + nft_register_flowtable_type(&flowtable_bridge); nft_register_flowtable_type(&flowtable_ipv4); nft_register_flowtable_type(&flowtable_ipv6); nft_register_flowtable_type(&flowtable_inet); @@ -109,6 +120,7 @@ static void __exit nf_flow_inet_module_exit(void) nft_unregister_flowtable_type(&flowtable_inet); nft_unregister_flowtable_type(&flowtable_ipv6); nft_unregister_flowtable_type(&flowtable_ipv4); + nft_unregister_flowtable_type(&flowtable_bridge); } module_init(nf_flow_inet_module_init); @@ -118,5 +130,6 @@ MODULE_LICENSE("GPL"); MODULE_AUTHOR("Pablo Neira Ayuso "); MODULE_ALIAS_NF_FLOWTABLE(AF_INET); MODULE_ALIAS_NF_FLOWTABLE(AF_INET6); +MODULE_ALIAS_NF_FLOWTABLE(AF_BRIDGE); MODULE_ALIAS_NF_FLOWTABLE(1); /* NFPROTO_INET */ MODULE_DESCRIPTION("Netfilter flow table mixed IPv4/IPv6 module"); From patchwork Wed Mar 5 10:29:44 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 14002479 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 8F1ADC282E3 for ; Wed, 5 Mar 2025 11:19:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=Gr1wMzwLJ3r114jkr+fSh/N13xzOYrfc9OnXbfM4Z7I=; b=ftfao9E298Um5/ZeRrLWQ9AzPF YkR8rd4IsMhMrhxGjRF0iftG4JYcNa18zJ8/1+QKNYSnWWDt9XpSsm+ZShco84uEf6Is7TShkZNO/ WFPSeFexMwDgiFUOfqpYmHL6uvyswlY41gTOsoXy/95Op8uGh2XpTY4VaUBzw/eS9wXkGDOVjah8z DB+cvgNI190U5mHf82pyxb+5/Jtpz2rvIzQAD6A1HEluj2kgu84pGu0hGOszgodWQ/OsCmIhIOUm9 dYwsQ6gMCYYz8gkc4WltKbgut0lyQO/ke5mJZXHREIyWDc5yLEn/8++3MhQfg/pi1yy0ozbrJyGDJ pSerbuaw==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1tpmmB-00000007pfG-39Xb; Wed, 05 Mar 2025 11:18:59 +0000 Received: from mail-ej1-x62e.google.com ([2a00:1450:4864:20::62e]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1tpm13-00000007gTs-21ZV; Wed, 05 Mar 2025 10:30:18 +0000 Received: by mail-ej1-x62e.google.com with SMTP id a640c23a62f3a-abfe7b5fbe8so439079766b.0; Wed, 05 Mar 2025 02:30:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1741170616; x=1741775416; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Gr1wMzwLJ3r114jkr+fSh/N13xzOYrfc9OnXbfM4Z7I=; b=kGDxTEB4tZhlrLiVjcOqRDPyj8DlxroW7b5wp/otCP1s31n/ZH5wZeJ9L+B443KKPF 6HQbJzyXzWg7LdumC42as99IzMql4LhlqoBeBSarHFK3iicrYEDjD3FmJLlKkwiEq4X+ mTcA4rVgrp4OCkwbfYanZuVnuZqq48cvVsCDFl/4pxR0wfi8z309qLiEoB/dAqT0bnw8 qOOD+QLlJwyxr2Nv6FXVBx3huno+votJ1y9TTrMoxg6baWfFBC4BgbI/XY94y8oRDPu7 vozNdJhhKFOz1yMJ9j8RQSkYng2T7l6qwL++n0zCENO9gOZhRGIg58RIZ+xtNE7hTT4T cPZw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1741170616; x=1741775416; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Gr1wMzwLJ3r114jkr+fSh/N13xzOYrfc9OnXbfM4Z7I=; b=aZ7+3TBlSBDNGTy77IkjywzJMMYzLvN5fkZvTpvtWzp2FZmwLUTBIWpvAcV6RPqIJ2 1uy4S41br33cXiLAMgHzFg8tiCXuhIPD3SOZe5wGCBur5JauKdb6DBErNtr/36Zf9aAL D+9P1MOtLnDuS9mqJS+2R21fIUas8+RbK4prBSBE6HxXDcDfvqSJ26P9pH1QRWexO83T 62c5t8tmPKke8ylglt/VL1M6YVqQS8wKeRkHKuMd56nCrPHY38MEpHRsl5cMKc1Wp+Qb 1a1uSdkdWX5J7gduwBTmMiYx1OaOeG4k7Ti+FSPmj4xsiwH6zFSBudGGVQFG485SUH+y y1VQ== X-Forwarded-Encrypted: i=1; AJvYcCVl/Ygu3dbVa0qbkHj0HprEkXbLW11A8K3fe+PCfTB3IIeHCMk3J5gL0RZL2L50FGSFY8luWYoGriRNr/qIA1w=@lists.infradead.org, AJvYcCXjzc41C/qO9x90fpDuGJSSShYjjl2FcywEcHXYHkYeCmFC6pa/hI5m0lBZ494L32+KqsREpvH1gTGcwtVLoMOX@lists.infradead.org X-Gm-Message-State: AOJu0YweI9DClxP/ajfpJvwv/pCNCn5VZGoEDfPNXdCKGyOaguURbese zbyE2t/SP/hTQP3Rndm4H45VMfXfLzGM6qrg5lrPMp7lzkI0DI3T X-Gm-Gg: ASbGnct58uCArtjUwGK8DjszL4qE7jK76k7jM+/dU4dTPy20UXM/FJwk3MgdWMtcQfd xUbbYo5jFVRpvQdbB+5M4Bb2J4FJE5whxSVQgZiuvhqNEHTh5wE2u7/yRD4W7A+Kd20ojGGucy+ WRwPhGJJljJS2LkkWlttKyXjS53JXqVQSBsiDI1IzjfsSXoJxf44fBdmyLhWkxprY/GfawvQCJx uLxayfK3p4Q4WZQhuXOfQrn8/UgqPKcbLoHsQiQFFyf7QuTDw7CwZn7IhRPyqu9l8jSjjPMFON1 UtWzidF91aNfyXlKQMlL2RdpzT/rh69BGMel2JWl6OnJp5+6i7DelvA9nBlQJUdingDdV9BRhYI DZ/j6rNl6S/IHy9VGPnXx6DhDqR3X1FuLSzLpOH+0TDbXjCDywqWv6ONFlX+Ddg== X-Google-Smtp-Source: AGHT+IEs4xR9pD9LIK2nl03zhbpQIh0Gipd81ijJP6mFjuSVofHY5Sl1xp/UlJ1W/hq6f/T3nlJWzg== X-Received: by 2002:a05:6402:2688:b0:5e4:9348:72e3 with SMTP id 4fb4d7f45d1cf-5e59f47f008mr5076173a12.21.1741170615734; Wed, 05 Mar 2025 02:30:15 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-ac1f7161a4esm247154266b.161.2025.03.05.02.30.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 05 Mar 2025 02:30:15 -0800 (PST) From: Eric Woudstra To: Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Ahmed Zaki , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, linux-hardening@vger.kernel.org, Kees Cook , "Gustavo A. R. Silva" , Eric Woudstra Subject: [PATCH v9 nf 10/15] netfilter: nft_flow_offload: Add NFPROTO_BRIDGE to validate Date: Wed, 5 Mar 2025 11:29:44 +0100 Message-ID: <20250305102949.16370-11-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250305102949.16370-1-ericwouds@gmail.com> References: <20250305102949.16370-1-ericwouds@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250305_023017_541336_20658E3F X-CRM114-Status: GOOD ( 11.48 ) X-BeenThere: linux-mediatek@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Linux-mediatek" Errors-To: linux-mediatek-bounces+linux-mediatek=archiver.kernel.org@lists.infradead.org Need to add NFPROTO_BRIDGE to nft_flow_offload_validate() to support the bridge-fastpath. Reviewed-by: Nikolay Aleksandrov Signed-off-by: Eric Woudstra --- net/netfilter/nft_flow_offload.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index 5ef2f4ba7ab8..323c531c7046 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -421,7 +421,8 @@ static int nft_flow_offload_validate(const struct nft_ctx *ctx, if (ctx->family != NFPROTO_IPV4 && ctx->family != NFPROTO_IPV6 && - ctx->family != NFPROTO_INET) + ctx->family != NFPROTO_INET && + ctx->family != NFPROTO_BRIDGE) return -EOPNOTSUPP; return nft_chain_validate_hooks(ctx->chain, hook_mask); From patchwork Wed Mar 5 10:29:45 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 14002480 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 3B3C7C19F32 for ; Wed, 5 Mar 2025 11:20:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=ZIyBMmpEX16BmxV1lcAMHYOSL+4ClOY5xXpYYnXA1xg=; b=JW07gjmZN47DcXq+J7jeEjPhJm azBKKICoRP7320bEdzW8JVtYQrZE/FcH8DANJETZAS75LzHTosuFP+Qk4pKZmjjX9w01T1GEe4G1Y Tr/NXYbIWImWaeQplQa9LWJFqRMI6gTKxl4J2TSU1Xl0DuWc3OZmBCzjynELDsJSbwZEqvLDnVHUW c5Et6mbVuSLxqyTJrGFkEXRrI+gWpXmPPSrrAW1K53ePcUOreJhwYe1zEZnATqKV33EZQeixhULRs AVnAzNn+lEaAqRVDHU/P59m9BZ8wbUc2qulQmgsfXOp3jenVE+9KVwucrXckz4JWon7+aa6Qvk3t8 o1d+pCPA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1tpmno-00000007q45-1QBK; Wed, 05 Mar 2025 11:20:40 +0000 Received: from mail-ed1-f43.google.com ([209.85.208.43]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1tpm15-00000007gUc-0OlR; Wed, 05 Mar 2025 10:30:20 +0000 Received: by mail-ed1-f43.google.com with SMTP id 4fb4d7f45d1cf-5e033c2f106so7777220a12.3; Wed, 05 Mar 2025 02:30:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1741170617; x=1741775417; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=ZIyBMmpEX16BmxV1lcAMHYOSL+4ClOY5xXpYYnXA1xg=; b=cU7Hj+4RywUJE2Smc7RDD5o3xo37j0VttwSC0QOQ0EJe/ybaw79aLaVWxnTKYWhKMb PDeq2GAKBZKEmh65QegvTm0hk6TnG0EaMpKDUSWqrXuuNMo2oS4Nb1RaqXev0l4yTr6B 2dogUH3GjJQMJ6VVkEWba6yDAusb+pFja3TXXZcOM+2yNq10e6OIrWyhkSEPBV2jf7j1 Z7C2gj24eDA8ZhadE9jiSOiUCZhXcKgkJYICaotLKdwFcnwk5OESJdRxa6Gh8+p/PuyO Tyy4gOyesUCKInpbjY0AfykPNm5fdhiS32KrtfeG0fflRRX+kgVuJCGfgevBwuPKvXPv shRA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1741170617; x=1741775417; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ZIyBMmpEX16BmxV1lcAMHYOSL+4ClOY5xXpYYnXA1xg=; b=Og5D4/GaAaQiEWvJF/E+qhHNhjxVq6ijS3BOlQ/gNS7rHb25cb1gVcN3sFamSUKmWJ auvF40vOoYyMt1nybE066D6Shtg40Lor0jdTEaypoxOK//Jr6T4IcUracsBSnQhK42rZ ZfJiFOjjo0x0DlGbGy62UP0grPcU3B5QdCKgOeEuJZ8eSZTIGFiY2dkckemk/qFPlQnL LmmpZLj1ETggfVTtllm1ThHfGl0I7mr5aNlk8CSzjVNWG3vrXXZ5Azw18f8ztIPggR64 /HW8sZP2morsakpjd7mVu6iinViKOJhLJuUC1RKbX1JLvl5F4C6bCVkI399sF09sEoyp NQtQ== X-Forwarded-Encrypted: i=1; AJvYcCVBeq71q1I9sBYAHr975zNDlUorER0wXuJU0QPr9+0RoTC6nX3DoBxcVmZ4xGjbuNasWdqHRdnsnEDlChtqMZ4H@lists.infradead.org, AJvYcCVP4H8MTOVlDx6H9t1dyb0Ki0uyM4GWoR+RD3B2eWbYJWz62mBJQ4+UHcIQp7MTQdi8UJC1H7+TothnVH5xZu8=@lists.infradead.org X-Gm-Message-State: AOJu0YwvBJtcz924sDT2NAiWpahxvVCzz5lsL4HIcKmJA8tz7+Gt8rwE P+SHBaW59nC2R8FloTwZDXEEOBDznjIQOStkUk/OeojowzpHwUmO X-Gm-Gg: ASbGncu6XjAVXRZ5LAbJCsPTUfamM2wdUMbt4neHuSrGB+Gj3lKo4JTri3FeL9VXTsp jYEGcH/zof9QakudnP/H+bvYm4CTnpIWnS4/DnP8k+nqjQDWKvINbCht6s8LcPUj/w8iFUz2yoA MqngTvYhO6LaKZdROFhaIfHkCwDq9JpSyw3/tWZE+lYaLV3kUkJMMFS1vx4ZEZvWSYrrzjAYMu0 NPzVx6XiiRafdwM/ljCLxtvaaKbw4XR+q4gXj9R/S0p/ct+zaG4AQPRJQ5d6VSpQDvVN98W+r/h B+UfQZcmY1mH8CkagGpVsKCuwYJ1vh4qcFsgpoui1jbN5J7UhNSjhf+Wa/nuXZu+CpZ5cD2tcjr RaVLryocWPwOR8ibsUr5d6SdLS+Hw0Hj15NqNlyzI+r4ZlWef2XMSXzfByyT1RA== X-Google-Smtp-Source: AGHT+IFpDcHd77fpjokL8xxmcGiwz3SLhwhSLzmlQa1UAPVTwjRjFufxV/YyrDHwyugNXvXH+p5hhQ== X-Received: by 2002:a05:6402:5109:b0:5e0:8b68:e2c3 with SMTP id 4fb4d7f45d1cf-5e59f4b6e02mr6129743a12.29.1741170616901; Wed, 05 Mar 2025 02:30:16 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-ac1f7161a4esm247154266b.161.2025.03.05.02.30.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 05 Mar 2025 02:30:16 -0800 (PST) From: Eric Woudstra To: Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Ahmed Zaki , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, linux-hardening@vger.kernel.org, Kees Cook , "Gustavo A. R. Silva" , Eric Woudstra Subject: [PATCH v9 nf 11/15] netfilter: nft_flow_offload: Add DEV_PATH_MTK_WDMA to nft_dev_path_info() Date: Wed, 5 Mar 2025 11:29:45 +0100 Message-ID: <20250305102949.16370-12-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250305102949.16370-1-ericwouds@gmail.com> References: <20250305102949.16370-1-ericwouds@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250305_023019_147337_4B14F415 X-CRM114-Status: GOOD ( 12.88 ) X-BeenThere: linux-mediatek@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Linux-mediatek" Errors-To: linux-mediatek-bounces+linux-mediatek=archiver.kernel.org@lists.infradead.org In case of using mediatek wireless, in nft_dev_fill_forward_path(), the forward path is filled, ending with mediatek wlan1. Because DEV_PATH_MTK_WDMA is unknown inside nft_dev_path_info() it returns with info.indev = NULL. Then nft_dev_forward_path() returns without setting the direct transmit parameters. This results in a neighbor transmit, and direct transmit not possible. But we want to use it for flow between bridged interfaces. So this patch adds DEV_PATH_MTK_WDMA to nft_dev_path_info() and makes direct transmission possible. Reviewed-by: Nikolay Aleksandrov Signed-off-by: Eric Woudstra --- net/netfilter/nft_flow_offload.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index 323c531c7046..b9e6d9e6df66 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -105,6 +105,7 @@ static void nft_dev_path_info(const struct net_device_path_stack *stack, switch (path->type) { case DEV_PATH_ETHERNET: case DEV_PATH_DSA: + case DEV_PATH_MTK_WDMA: case DEV_PATH_VLAN: case DEV_PATH_PPPOE: info->indev = path->dev; @@ -117,6 +118,10 @@ static void nft_dev_path_info(const struct net_device_path_stack *stack, i = stack->num_paths; break; } + if (path->type == DEV_PATH_MTK_WDMA) { + i = stack->num_paths; + break; + } /* DEV_PATH_VLAN and DEV_PATH_PPPOE */ if (info->num_encaps >= NF_FLOW_TABLE_ENCAP_MAX) { From patchwork Wed Mar 5 10:29:46 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 14002855 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 2806EC19F32 for ; Wed, 5 Mar 2025 14:48:43 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=BVAkTZii1Gy4XRugZsnKaWDIV+1UdUIxS1E1wVQkwnU=; b=lFejz8EszmjOIBWDaoaWp0YVec /kYlVKvt4TmCfQjFy829jWLvIRRQNkMd4jRRDM3NgMYFiHjVZVtF26qwrg7nwX8lkiPkPVGhXc2dV pAHfDy0t7vkISIGcKGT9zgnblyBr7H4WyWAw9e67pRNS+j6REmNovJ3e99Mjg1XbfaSxr4Eakps48 dnU2SAIbNz/DTpxBHUTBAiGCK40Mx3YSaBy/0g9RmvuHGKBRe8327+x5pPqJITF0owMCUVd0haX7Y GXcgDXEsMC1eLyA6BoLK6p05i4IioNxyFyMWKeY5Rky4lcZ7Gh/U47KcWDMfr7hmPttMYk49HELdE QHV7e7UA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1tpq38-00000008P5q-3D37; Wed, 05 Mar 2025 14:48:42 +0000 Received: from mail-ed1-f45.google.com ([209.85.208.45]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1tpm16-00000007gVS-0Yqy; Wed, 05 Mar 2025 10:30:21 +0000 Received: by mail-ed1-f45.google.com with SMTP id 4fb4d7f45d1cf-5e549af4927so5419273a12.2; Wed, 05 Mar 2025 02:30:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1741170618; x=1741775418; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=BVAkTZii1Gy4XRugZsnKaWDIV+1UdUIxS1E1wVQkwnU=; b=i/qQEzz+MD1jpY7OmkJloAIk5eMKDdM2ckmbV+WzE9VQMqqLlJC4jUidWxf2yOnlUp 3Xj5/bjqZBlMl6squt7fJGQ0Lh7jPv5aB4KLqA9ky5R/UlfP/fUddDlAIcyhfLy6ZFmW cirFczk/u1SVl4MCypwDm3/ErMQ4kMUtWtGOu6S6NK3rLmuBHDwEzy8dktNaPUToBlQr GDgazX+km5L18+HKul1t3Woqw127uZmJbTn+iKxAfAjH0dYIsu5ESbaEu1c7oQribLwh urkKxPoYcGOVCCD4Dq79KTj4Rz3bij7zf69NS4QnJfSvSGEfvGSyy0t+XyfoOCaiB5cq OHpw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1741170618; x=1741775418; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=BVAkTZii1Gy4XRugZsnKaWDIV+1UdUIxS1E1wVQkwnU=; b=Jo/+2EHtIhjPh91ZWlir9GGHNaTvU8VTHxnHNOUvkAQJkcQ3IljgrRo39Y2uZI/RrM ySKQ3o/TCNii0qe2FC0WhGJ1nqrM9GHRpzTkXkLZ32BUU/M2eVXZgCkohaVwnEYNQNWm bBzH57VnL6t6V/GmFsVlrBM85VkE8ZhHl6xYpxk9ASsDGTiczakVsDXIBO5w31wpVajp sr7UgJI1972EH5B+gvTbqKAKdeM+BlFbeE9QueafC/WIS7TahIry1iMZYvAFC3QUwu0O F2KdIiOJ6I6y/5s+zRXi7zucZqdEEG6XHe4QjKbwnrj5D4bpK7zQfUFc1oAROnwQ2wIB jMtw== X-Forwarded-Encrypted: i=1; AJvYcCUPvW00c1XLfusbAJb/Havi5M5jCmO+MwzEZyINho67URuUkMLlCnqfFu+iCQayA02hh1bXuzMKfZHwWJYXXdA=@lists.infradead.org, AJvYcCXJoUMCdNFgGl9Jeet0SEyEWDVjCLigi2DWJEp5/JBofvUCHRa3YwURZHTCpK2UIYJhXsPlRJfvlIp/2A6Ej9yf@lists.infradead.org X-Gm-Message-State: AOJu0YyXDWbkgPyC93Hq1hf87h/I3zjxiIDqJfy1zK3Lyu+jAzcTee50 BgocqyGby5vOZL/EceIqp5z6uBWNfH7FzwmO9vMScS45V9YSYnMI X-Gm-Gg: ASbGncshVBPtDZ4mpkTR4/8WpHGTzqpPD1HB/SNgYN+czI55j3sgAY8ghfoVpmJIRmJ T40LEAGUmQMBAyp3gI15txKNlba8hyvlGazuQCLI5ESxMsyW/q3Beuy9imS/q3+SvMw7aHTDEGI M38qsqEvZE6TrFJAQxS9fPLQW2bN39FHwQKTGN31bqZlwClSrw+Y9UHejoVftRkgMiyK24ly8XG OK2c/HTluUjoWYsrNL3UjUEEZvninD9mFm0A6NZz1yHtvtD31opIc61X8+BMIeliBv2L2gH3V/c Nq5OUOtOg6lrcYoXK3rY6Z3yGwRVDdc/Dnfx3X6lO185k3OZXWr8j8tZDl1OvTP7zSESBs65Z0G aNsfnyTIH5onpbW1CWtGiQyWTVzdpi6cbMnBY7fMWmBaM1ct09cHPO/MYEZBpYw== X-Google-Smtp-Source: AGHT+IH76j7PuSAp246zNAO/9bTEHz/TOOLWKA15shLvAnk2YElCcj8yD7y6QikO3QGYtioJiV2+DA== X-Received: by 2002:a17:907:6e8f:b0:abf:663b:22c2 with SMTP id a640c23a62f3a-ac20db005edmr280954166b.51.1741170618037; Wed, 05 Mar 2025 02:30:18 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-ac1f7161a4esm247154266b.161.2025.03.05.02.30.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 05 Mar 2025 02:30:17 -0800 (PST) From: Eric Woudstra To: Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Ahmed Zaki , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, linux-hardening@vger.kernel.org, Kees Cook , "Gustavo A. R. Silva" , Eric Woudstra Subject: [PATCH v9 nf 12/15] netfilter: nft_flow_offload: No ingress_vlan forward info for dsa user port Date: Wed, 5 Mar 2025 11:29:46 +0100 Message-ID: <20250305102949.16370-13-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250305102949.16370-1-ericwouds@gmail.com> References: <20250305102949.16370-1-ericwouds@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250305_023020_193391_734CE537 X-CRM114-Status: GOOD ( 11.31 ) X-BeenThere: linux-mediatek@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Linux-mediatek" Errors-To: linux-mediatek-bounces+linux-mediatek=archiver.kernel.org@lists.infradead.org The bitfield info->ingress_vlans and corresponding vlan encap are used for a switchdev user port. However, they should not be set for a dsa user port. Reviewed-by: Nikolay Aleksandrov Signed-off-by: Eric Woudstra --- net/netfilter/nft_flow_offload.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index b9e6d9e6df66..c95fad495460 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -116,6 +116,11 @@ static void nft_dev_path_info(const struct net_device_path_stack *stack, break; if (path->type == DEV_PATH_DSA) { i = stack->num_paths; + if (!info->num_encaps || + !(info->ingress_vlans & BIT(info->num_encaps - 1))) + break; + info->num_encaps--; + info->ingress_vlans &= ~BIT(info->num_encaps - 1); break; } if (path->type == DEV_PATH_MTK_WDMA) { From patchwork Wed Mar 5 10:29:47 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 14002489 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id E82CFC282E3 for ; Wed, 5 Mar 2025 11:25:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=KGHKkM4qxKd9EB0pt79Yst8lznP4qD+tbsrDkGhaAL8=; b=CtObTaSe8Q+pUDFFgQr1jznPpN 5BNUr7nL8nFNUtcjda/e/Utc7VI6v34Kry4ZobYp3xjCAEvS0ZdzpsnHh+nylR54UbHauhyA4r+lI uK0QPG339WPjhuVkA1ug5wRLcEWAVoz/hRpc3U7ZNLiL8/w2+RifMqHKxs/Y1cHM6LKhSounpXlbT ggz7WDm424EKfkrNR1GiDc0QiDBL3Y0CPqlb6WJc840a+GrHe2Ua7j/Hm3diLiQjTi+K1YgoTklvL NNLQF/r2Hg6GTBIAa5u61mmJp1TF/N8M3NQpTLK7NX0L2dCT7AVEcIdjlW37CvIWZJCKxY2dy4mVB ksYOdimA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1tpmsV-00000007qkZ-0CFj; Wed, 05 Mar 2025 11:25:31 +0000 Received: from desiato.infradead.org ([2001:8b0:10b:1:d65d:64ff:fe57:4e05]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1tpm19-00000007gX8-3CEt; Wed, 05 Mar 2025 10:30:23 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=desiato.20200630; h=Content-Transfer-Encoding:MIME-Version :References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From:Sender:Reply-To: Content-Type:Content-ID:Content-Description; bh=KGHKkM4qxKd9EB0pt79Yst8lznP4qD+tbsrDkGhaAL8=; b=naJ/Usc4Yrid4dtemwsw1We+Nq IFo2AngbAFd1cvoUQMEDalqu3vPs60ZVRyDlLWFchV7t89dTX1TYxu/Dwbij46gIlNbAueagertxA 8mqgm0f4zFcyX9OvvSRwLWHRVkydMVOHKX7IBsVOBf+0xLSbpQPk1iploljStWgthC9wCeRMlhspT gdImShShw+UjgivkSMvHIGHqUdQe2UmNNo6MTVTBU8uWDC0y0raYDEPJQsWvbsGHSgwddeGZc1iOs /EmKQHh+nnk4a49iq1Uf3LQkalX3p6TOrjb9ecGHRVDz9ywsNs6QomFFRes++XJGJoMhy/WWiFWVV WkHMghJA==; Received: from mail-ej1-x62b.google.com ([2a00:1450:4864:20::62b]) by desiato.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1tpm16-00000000TCW-3iMg; Wed, 05 Mar 2025 10:30:22 +0000 Received: by mail-ej1-x62b.google.com with SMTP id a640c23a62f3a-abf518748cbso753690066b.2; Wed, 05 Mar 2025 02:30:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1741170619; x=1741775419; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=KGHKkM4qxKd9EB0pt79Yst8lznP4qD+tbsrDkGhaAL8=; b=PvqhwzoEyhj7z7nYp+HL15TQC1mtLBAPe6sxMT1mEs1DJuWWaiuMwQpe7DSab52+r/ MxftNmc0Skurjos9wTBQ23oUeZ00v9ZehHkAPefWG6FwuZXIdOJuB/OC/0Tp6gBhEWae y9B3Dxd115PKKmzyVWhWrtkAn3gF/nMk6mPdljLY5prDcmqy4f0Z3bZYNh2fvmhLUrX3 3a+BUOIghaxh8nT1toDp2uZUoCTRMYXRUzQiU9UvKpCs27qy7fAVB71ikCOmv/xxLybr h02DMVg/uWCmsyOmXfECfYVrGOUeQcLCryeLL2qQiMsFxFo49VboOyT/lnI2PfTo6XSM hSRw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1741170619; x=1741775419; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=KGHKkM4qxKd9EB0pt79Yst8lznP4qD+tbsrDkGhaAL8=; b=GEdpoYch19OCFBTvABimrdn6fmFlqjFh8MPnw0BCst90ytq2lCHMC5HI+x/zs3xHFO gzY/iGmq/7cp9od9eumuWczZreUI6/paOSisy20hbhYgyVUzXdR6zeOpd5/hwMKvTEXH AumZAWFsvNQLYXvouW83k4PLR3p7mzE6dYOvHLI6scR5g4z0X1lGg3LRc8ATty7Sq8ly 00zAGWyPNSJqH7uzkdvHSxfxiYSuvO1B7LqWPzonSFELPvedgSbX8FO0DYOi7hD0a/qH vd+o6UATStVviVwc7cw7y6E4Wsx4HbUs1DMNy15kzvJtuD/fPZjY+ZV+dTRgYbAcCQ5C 3aUg== X-Forwarded-Encrypted: i=1; AJvYcCU1bYtGq9XwNqTSld8EcTlkfH3mrG+8GGAr7qJwVorAP2/W3gLiyMgFpDCj2xzCH1dv4j2b+aEgEA1qlJMXDa4=@lists.infradead.org, AJvYcCU4xCSCBdQ66FfZwUNZJ2s+fazz3lHxMRu3mcGff+haUlfqVCDpKYuWpXAMUz1nhcE73fSz/mOAOttwQDRwiFP0@lists.infradead.org X-Gm-Message-State: AOJu0YwwB2FA5KtgyM8FXfKapOLbnGqm102HxqRSMzddzZZb2ph4vxaJ 2uZ7hNSW+8PMvPb6ZK48xKG3mXV1n5L8c1ipW8EsQ1nkl4VlliN6 X-Gm-Gg: ASbGnctWh4iqa1VVu0QXA2bcIykDGv3dnE1MrPL13snIOE5WcqStsbqGUHcnHGK9B8n iYc8Z1Ehfpwt3CBh/AtvpKJYBl3k+NxhFDhSHG77hNNNncILBigjw2KWRpwUVZ5ku3KHEyRegb1 p2ec7SiCol5/f1WK+qGzxiiQMX364CyZAIuqFsp8Y3wQ9nBCoSX4+oo1SNqJaBvuBFag6efAR8r 5lHMEgbjrlqe2TTaaPmW5YwDgRwhiglSOScT0ISVmXRsjYkUdYm/h92bhqPN9K62O2M9bn93/r+ QyDwYMwZKDM8MmbXm4KTvkDRHTjJSpsnh/ERS/ls3gVpR2JhxIA2jC7A3AZEk76jx2ccvOsDm4z nB3NE4eTHvutLwFKnfp3ORvD3UHqlAStzI1JdbwWULIbJaHMK+oEIJOqcM/LZpw== X-Google-Smtp-Source: AGHT+IGoN/CtSWTsLPGno4XdCpNX/tKcNpIlnQot0PcYBnAP4+pW8eJWUnu6a4Iy0Es/1rYM255M5w== X-Received: by 2002:a17:907:da8:b0:ac1:ebfe:fd90 with SMTP id a640c23a62f3a-ac20d845965mr280745166b.1.1741170619182; Wed, 05 Mar 2025 02:30:19 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-ac1f7161a4esm247154266b.161.2025.03.05.02.30.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 05 Mar 2025 02:30:18 -0800 (PST) From: Eric Woudstra To: Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Ahmed Zaki , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, linux-hardening@vger.kernel.org, Kees Cook , "Gustavo A. R. Silva" , Eric Woudstra Subject: [PATCH v9 nf 13/15] bridge: No DEV_PATH_BR_VLAN_UNTAG_HW for dsa foreign Date: Wed, 5 Mar 2025 11:29:47 +0100 Message-ID: <20250305102949.16370-14-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250305102949.16370-1-ericwouds@gmail.com> References: <20250305102949.16370-1-ericwouds@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250305_103021_059778_C6238752 X-CRM114-Status: GOOD ( 21.64 ) X-BeenThere: linux-mediatek@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Linux-mediatek" Errors-To: linux-mediatek-bounces+linux-mediatek=archiver.kernel.org@lists.infradead.org In network setup as below: fastpath bypass .----------------------------------------. / \ | IP - forwarding | | / \ v | / wan ... | / | | | | | brlan.1 | | | +-------------------------------+ | | vlan 1 | | | | | | brlan (vlan-filtering) | | | +---------------+ | | | DSA-SWITCH | | | vlan 1 | | | | to | | | | untagged 1 vlan 1 | | +---------------+---------------+ . / \ ----->wlan1 lan0 . . . ^ ^ vlan 1 tagged packets untagged packets br_vlan_fill_forward_path_mode() sets DEV_PATH_BR_VLAN_UNTAG_HW when filling in from brlan.1 towards wlan1. But it should be set to DEV_PATH_BR_VLAN_UNTAG in this case. Using BR_VLFLAG_ADDED_BY_SWITCHDEV is not correct. The dsa switchdev adds it as a foreign port. The same problem for all foreignly added dsa vlans on the bridge. First add the vlan, trying only native devices. If this fails, we know this may be a vlan from a foreign device. Use BR_VLFLAG_TAGGING_BY_SWITCHDEV to make sure DEV_PATH_BR_VLAN_UNTAG_HW is set only when there if no foreign device involved. Acked-by: Nikolay Aleksandrov Signed-off-by: Eric Woudstra --- include/net/switchdev.h | 1 + net/bridge/br_private.h | 10 ++++++++++ net/bridge/br_switchdev.c | 15 +++++++++++++++ net/bridge/br_vlan.c | 7 ++++++- net/switchdev/switchdev.c | 2 +- 5 files changed, 33 insertions(+), 2 deletions(-) diff --git a/include/net/switchdev.h b/include/net/switchdev.h index 8346b0d29542..ee500706496b 100644 --- a/include/net/switchdev.h +++ b/include/net/switchdev.h @@ -15,6 +15,7 @@ #define SWITCHDEV_F_NO_RECURSE BIT(0) #define SWITCHDEV_F_SKIP_EOPNOTSUPP BIT(1) #define SWITCHDEV_F_DEFER BIT(2) +#define SWITCHDEV_F_NO_FOREIGN BIT(3) enum switchdev_attr_id { SWITCHDEV_ATTR_ID_UNDEFINED, diff --git a/net/bridge/br_private.h b/net/bridge/br_private.h index a0b950390a16..b950db453d8d 100644 --- a/net/bridge/br_private.h +++ b/net/bridge/br_private.h @@ -180,6 +180,7 @@ enum { BR_VLFLAG_MCAST_ENABLED = BIT(2), BR_VLFLAG_GLOBAL_MCAST_ENABLED = BIT(3), BR_VLFLAG_NEIGH_SUPPRESS_ENABLED = BIT(4), + BR_VLFLAG_TAGGING_BY_SWITCHDEV = BIT(5), }; /** @@ -2184,6 +2185,8 @@ void br_switchdev_mdb_notify(struct net_device *dev, int type); int br_switchdev_port_vlan_add(struct net_device *dev, u16 vid, u16 flags, bool changed, struct netlink_ext_ack *extack); +int br_switchdev_port_vlan_no_foreign_add(struct net_device *dev, u16 vid, u16 flags, + bool changed, struct netlink_ext_ack *extack); int br_switchdev_port_vlan_del(struct net_device *dev, u16 vid); void br_switchdev_init(struct net_bridge *br); @@ -2267,6 +2270,13 @@ static inline int br_switchdev_port_vlan_add(struct net_device *dev, u16 vid, return -EOPNOTSUPP; } +static inline int br_switchdev_port_vlan_no_foreign_add(struct net_device *dev, u16 vid, + u16 flags, bool changed, + struct netlink_ext_ack *extack) +{ + return -EOPNOTSUPP; +} + static inline int br_switchdev_port_vlan_del(struct net_device *dev, u16 vid) { return -EOPNOTSUPP; diff --git a/net/bridge/br_switchdev.c b/net/bridge/br_switchdev.c index 7b41ee8740cb..efa7a055b8f9 100644 --- a/net/bridge/br_switchdev.c +++ b/net/bridge/br_switchdev.c @@ -187,6 +187,21 @@ int br_switchdev_port_vlan_add(struct net_device *dev, u16 vid, u16 flags, return switchdev_port_obj_add(dev, &v.obj, extack); } +int br_switchdev_port_vlan_no_foreign_add(struct net_device *dev, u16 vid, u16 flags, + bool changed, struct netlink_ext_ack *extack) +{ + struct switchdev_obj_port_vlan v = { + .obj.orig_dev = dev, + .obj.id = SWITCHDEV_OBJ_ID_PORT_VLAN, + .obj.flags = SWITCHDEV_F_NO_FOREIGN, + .flags = flags, + .vid = vid, + .changed = changed, + }; + + return switchdev_port_obj_add(dev, &v.obj, extack); +} + int br_switchdev_port_vlan_del(struct net_device *dev, u16 vid) { struct switchdev_obj_port_vlan v = { diff --git a/net/bridge/br_vlan.c b/net/bridge/br_vlan.c index a18c7da12ebd..aea94d401a30 100644 --- a/net/bridge/br_vlan.c +++ b/net/bridge/br_vlan.c @@ -109,6 +109,11 @@ static int __vlan_vid_add(struct net_device *dev, struct net_bridge *br, /* Try switchdev op first. In case it is not supported, fallback to * 8021q add. */ + err = br_switchdev_port_vlan_no_foreign_add(dev, v->vid, flags, false, extack); + if (err != -EOPNOTSUPP) { + v->priv_flags |= BR_VLFLAG_ADDED_BY_SWITCHDEV | BR_VLFLAG_TAGGING_BY_SWITCHDEV; + return err; + } err = br_switchdev_port_vlan_add(dev, v->vid, flags, false, extack); if (err == -EOPNOTSUPP) return vlan_vid_add(dev, br->vlan_proto, v->vid); @@ -1491,7 +1496,7 @@ int br_vlan_fill_forward_path_mode(struct net_bridge *br, if (path->bridge.vlan_mode == DEV_PATH_BR_VLAN_TAG) path->bridge.vlan_mode = DEV_PATH_BR_VLAN_KEEP; - else if (v->priv_flags & BR_VLFLAG_ADDED_BY_SWITCHDEV) + else if (v->priv_flags & BR_VLFLAG_TAGGING_BY_SWITCHDEV) path->bridge.vlan_mode = DEV_PATH_BR_VLAN_UNTAG_HW; else path->bridge.vlan_mode = DEV_PATH_BR_VLAN_UNTAG; diff --git a/net/switchdev/switchdev.c b/net/switchdev/switchdev.c index 6488ead9e464..c48f66643e99 100644 --- a/net/switchdev/switchdev.c +++ b/net/switchdev/switchdev.c @@ -749,7 +749,7 @@ static int __switchdev_handle_port_obj_add(struct net_device *dev, /* Event is neither on a bridge nor a LAG. Check whether it is on an * interface that is in a bridge with us. */ - if (!foreign_dev_check_cb) + if (!foreign_dev_check_cb || port_obj_info->obj->flags & SWITCHDEV_F_NO_FOREIGN) return err; br = netdev_master_upper_dev_get(dev); From patchwork Wed Mar 5 10:29:48 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 14002488 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 8D183C19F32 for ; Wed, 5 Mar 2025 11:23:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=rqdSTt2FRKV/rdzSsxvtYL3VjKNAZZPUvxCgkaQgdZ4=; b=jdnJGm8khselsksZ+tQ4sjNDrQ 1yqNGtBHJ28jrmwyYoAzwde+J3+EkVb4L0rO6UQym4oCaEtc1dOh076TY+ZT2LrSBLdzQX31LAG4P 5j+/HnvEpJJiPoIdFm9MrMMtj5XijVL3SJ+hoYmOd9lkx1zKELl1FSUrRzJprgFhy42IGsCQg/0VA oHySBU6RKsBj4wQ4PEkJhdhaerraBLL1DhK8o8gjjAXgBsitXWbzHh5jAl1mODGl3m2cYMjqK8Q5X eeO9ymeVJAYUbymTqhoArZwZgEzqQQt5s/U80TyUr402cnqXfhh8+L/AQMGlmPCZIc/xElS9mm9tw DjZy3RHA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1tpmqw-00000007qUl-2lyg; Wed, 05 Mar 2025 11:23:54 +0000 Received: from mail-ej1-x632.google.com ([2a00:1450:4864:20::632]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1tpm18-00000007gWM-03J1; Wed, 05 Mar 2025 10:30:23 +0000 Received: by mail-ej1-x632.google.com with SMTP id a640c23a62f3a-ac21c5d0ea0so34049066b.2; Wed, 05 Mar 2025 02:30:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1741170620; x=1741775420; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=rqdSTt2FRKV/rdzSsxvtYL3VjKNAZZPUvxCgkaQgdZ4=; b=jj2Py1YFIAOn2vlECFFF5zMwaJkUO/A1QegRklW1qAS1Y7Wg7TzQm5RZQYczJQHqXJ qgANfuEsaXANXcir1Wp/PGDNyGfteGIm3BfssTGvAg3EGSYvGVP1k/vns+f/BYXV0M7/ dkseoi8KcX3kjtPeLTB/HKem5JdYOP0rW2Z4J5JDkVk9OVaBlsQ/tKUnwk2Xbr1heUiJ lvn2VdN4nWsV3s+FlLSL71jlJS8D609wO2BJw/JXBaTLsMIeLlbmKsyd22Ak5pCVq7WH 2W8JVBDlGwzKJPxc1ZRfyI5j6WH17NmyO93jdXcvNu23d9zN64DOt7x1xe8ZMt8BE+ES qHVQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1741170620; x=1741775420; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=rqdSTt2FRKV/rdzSsxvtYL3VjKNAZZPUvxCgkaQgdZ4=; b=HnwwrhUqCczeGrm5pVetNQsx3j5O+14PE0PN+Wg8jClWzumoZdAMdrKP3TUYpDI4tA NlS1ihUjT1QtwRewXK7q75u5Uo+dRLkXzU4UAsMqdM+bE8nTgpL7jkm3q0YXMxynsf83 ExguibNsvkCwRD7Gu+dol0Z7f3LJUOkcf3yIpnHrKvat1Bqray7hVQXWMBZXfOk61X/V gH7lLsJqD6UoATwh8s+gbSrZ8TotsPK6jp+LkrqiqNKaYIzYqE6ID17FEMHJw5mLSDpD DXQoYzSGlzAPGKStd+SWSo1x8qL5RQVXensF2zhtGOA1Cr6/55S6XzryhQTQzDdTZPKX pOBg== X-Forwarded-Encrypted: i=1; AJvYcCUtN6BfR2w/VlDobi4vECROCoK2AF2C04k9NzNNcM5/SBKF03zBA/Wla08P0XwQFIBt4GIKBgwRhjMIIwM4YT8=@lists.infradead.org, AJvYcCUxFIKxLmqhWQMccUaGB6Gn4Qc3V76k6M69yMtllUOFkGS/b4WZWNw/yhkGcUtqg4BRIchYY3RYnoXIhBxmcYbA@lists.infradead.org X-Gm-Message-State: AOJu0Yw3+i6J8tnXOYr5qS7IR7kPpDSmRE1EU23mUzMv1PruAU/K/XQe tpe/VDV9zWqTxjhParBefMOam/vXhGwBMA+xJvFtH7UsUmgpcScU X-Gm-Gg: ASbGnctMubo2On886s+earo7wRGLepH4JUEMlAfVo6URB2tJvNLjuk5VOg9rdQQLzRz zOuuOJpn1/5ePjc+/z+AsUEzYcGD89xGs74IhydaRAfemWsujjZek7ittjS4cNnNeDD5h6sCifc Xut6N4rYpDinm2UZ4H1lvmOizcriJMqvtvR1mdSDTobX+mSxyXVSRLZuqwHt82zSdoZKs+ZxveJ NI8lvXBDjwk0HkaysvpfWpt43YLLb362BH29pNRe8m3kxIrRUB+hnEr1kVntyHum37R1935JrXs Ti6rSqQE23lxrAyzUYIsR3Bv78dymcu1jypqdVhaFOFcUVbf1ql4CG+1z5m7+BKfcqjGq4EoyGd BesmOPeKlTfQtZfcmjnAbKEWD2iT+/8FtFpgKNJdi9L1xiVAJfA3i103WpvUL4w== X-Google-Smtp-Source: AGHT+IEyEAbGkolCRetfSsPG/N4aNUq3eQAwNjiWAcgniXnsiF//es41+w34cXFkZ+c7lQRDgQiBdA== X-Received: by 2002:a05:6402:274a:b0:5e4:92ca:34d0 with SMTP id 4fb4d7f45d1cf-5e59f47f014mr5890447a12.20.1741170620303; Wed, 05 Mar 2025 02:30:20 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-ac1f7161a4esm247154266b.161.2025.03.05.02.30.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 05 Mar 2025 02:30:19 -0800 (PST) From: Eric Woudstra To: Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Ahmed Zaki , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, linux-hardening@vger.kernel.org, Kees Cook , "Gustavo A. R. Silva" , Eric Woudstra Subject: [PATCH v9 nf 14/15] bridge: Introduce DEV_PATH_BR_VLAN_KEEP_HW for bridge-fastpath Date: Wed, 5 Mar 2025 11:29:48 +0100 Message-ID: <20250305102949.16370-15-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250305102949.16370-1-ericwouds@gmail.com> References: <20250305102949.16370-1-ericwouds@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250305_023022_049319_778C887A X-CRM114-Status: GOOD ( 15.52 ) X-BeenThere: linux-mediatek@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Linux-mediatek" Errors-To: linux-mediatek-bounces+linux-mediatek=archiver.kernel.org@lists.infradead.org This patch introduces DEV_PATH_BR_VLAN_KEEP_HW. It is needed in the bridge fastpath for switchdevs supporting SWITCHDEV_OBJ_ID_PORT_VLAN. It is similar to DEV_PATH_BR_VLAN_TAG, with the correcponding bit in ingress_vlans set. In the forward fastpath it is not needed. Acked-by: Nikolay Aleksandrov Signed-off-by: Eric Woudstra --- include/linux/netdevice.h | 1 + net/bridge/br_device.c | 4 ++++ net/bridge/br_vlan.c | 18 +++++++++++------- net/netfilter/nft_flow_offload.c | 3 +++ 4 files changed, 19 insertions(+), 7 deletions(-) diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h index 81cdad85d9f1..1e2f519e8802 100644 --- a/include/linux/netdevice.h +++ b/include/linux/netdevice.h @@ -887,6 +887,7 @@ struct net_device_path { DEV_PATH_BR_VLAN_TAG, DEV_PATH_BR_VLAN_UNTAG, DEV_PATH_BR_VLAN_UNTAG_HW, + DEV_PATH_BR_VLAN_KEEP_HW, } vlan_mode; u16 vlan_id; __be16 vlan_proto; diff --git a/net/bridge/br_device.c b/net/bridge/br_device.c index 02eb23e8aab8..55c64a1d2758 100644 --- a/net/bridge/br_device.c +++ b/net/bridge/br_device.c @@ -430,6 +430,10 @@ static int br_fill_forward_path(struct net_device_path_ctx *ctx, case DEV_PATH_BR_VLAN_UNTAG: ctx->num_vlans--; break; + case DEV_PATH_BR_VLAN_KEEP_HW: + if (!src) + path->bridge.vlan_mode = DEV_PATH_BR_VLAN_KEEP; + break; case DEV_PATH_BR_VLAN_KEEP: break; } diff --git a/net/bridge/br_vlan.c b/net/bridge/br_vlan.c index aea94d401a30..114d47d5f90f 100644 --- a/net/bridge/br_vlan.c +++ b/net/bridge/br_vlan.c @@ -1494,13 +1494,17 @@ int br_vlan_fill_forward_path_mode(struct net_bridge *br, if (!(v->flags & BRIDGE_VLAN_INFO_UNTAGGED)) return 0; - if (path->bridge.vlan_mode == DEV_PATH_BR_VLAN_TAG) - path->bridge.vlan_mode = DEV_PATH_BR_VLAN_KEEP; - else if (v->priv_flags & BR_VLFLAG_TAGGING_BY_SWITCHDEV) - path->bridge.vlan_mode = DEV_PATH_BR_VLAN_UNTAG_HW; - else - path->bridge.vlan_mode = DEV_PATH_BR_VLAN_UNTAG; - + if (path->bridge.vlan_mode == DEV_PATH_BR_VLAN_TAG) { + if (v->priv_flags & BR_VLFLAG_TAGGING_BY_SWITCHDEV) + path->bridge.vlan_mode = DEV_PATH_BR_VLAN_KEEP_HW; + else + path->bridge.vlan_mode = DEV_PATH_BR_VLAN_KEEP; + } else { + if (v->priv_flags & BR_VLFLAG_TAGGING_BY_SWITCHDEV) + path->bridge.vlan_mode = DEV_PATH_BR_VLAN_UNTAG_HW; + else + path->bridge.vlan_mode = DEV_PATH_BR_VLAN_UNTAG; + } return 0; } diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index c95fad495460..c0c310c569cd 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -148,6 +148,9 @@ static void nft_dev_path_info(const struct net_device_path_stack *stack, case DEV_PATH_BR_VLAN_UNTAG_HW: info->ingress_vlans |= BIT(info->num_encaps - 1); break; + case DEV_PATH_BR_VLAN_KEEP_HW: + info->ingress_vlans |= BIT(info->num_encaps); + fallthrough; case DEV_PATH_BR_VLAN_TAG: info->encap[info->num_encaps].id = path->bridge.vlan_id; info->encap[info->num_encaps].proto = path->bridge.vlan_proto; From patchwork Wed Mar 5 10:29:49 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 14002856 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 138B6C282E5 for ; Wed, 5 Mar 2025 14:48:44 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=zyT2Mi/6pyGYcArKqE9jEC5bRVJkRpNfVbm3I9wiTzQ=; b=c+HFlql8oI/8EdzNqlQh50Q7Fm JMoyrcDenznsXrJaCOOanpTPrjoMPhzIoTKMuQ310IH8lzZQrPb94d4aITLg2Jh6utRAYPfPK+SsT neHNEXh1DjMPhNmvTAhQmsKEeJL8nSzHtnY1cZ4sDrXzjGqHlKxcZr4Zo4o0nYPszT0RU1nhmbVH1 wl2cmLTIODOqcmsjzdWcyD1oCFtyhAzaHPzN8RDOxJ+0g913oNhfPbfisVqWFBBO1HEDp9aZ+71mJ YZ5SBY05dUkFq3XddDzSzLtPI7DZznfmvRkhi0zLK6vnxqQ8dD1Cxfg5POTSLIErkg+qQA65/O2JV Jz0v2Ccg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1tpq39-00000008P70-3KUO; Wed, 05 Mar 2025 14:48:43 +0000 Received: from mail-ej1-x62f.google.com ([2a00:1450:4864:20::62f]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1tpm19-00000007gWs-0Fkt; Wed, 05 Mar 2025 10:30:24 +0000 Received: by mail-ej1-x62f.google.com with SMTP id a640c23a62f3a-aaf900cc7fbso1210723366b.3; Wed, 05 Mar 2025 02:30:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1741170622; x=1741775422; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=zyT2Mi/6pyGYcArKqE9jEC5bRVJkRpNfVbm3I9wiTzQ=; b=Ot4fyXsnD+Cbefz1IHPs+6LFaBCu3+GV/oU8fZvUj/+BcHV86WTrM4dqPPzBQjnoIn CafCXw+x0xUp+RQ070TfMSo9nmh9X3H2/xzPif4lOsLLPrM8VbCVxSOKCFn5bGit7Gpm au+Qz9AcUMf/V5pB3Fjm4UmF64OsQHZ2xWztB6Mub9EcRF4j+iwSQVuj5dgysRiAT4x1 2aCzfU4/RBNgvNEfDz65Wm9imwo09QNVEI8pNRVkU+CYPRszLOgnKYZmwmqiSaldO7db 452NcE6gYZ85atDhKLhS2aj5baoLSj7nCGmJXm0NjDAdGx4zD9YLt+aYq5wCx9KUUOoJ Ibqw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1741170622; x=1741775422; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=zyT2Mi/6pyGYcArKqE9jEC5bRVJkRpNfVbm3I9wiTzQ=; b=JStJFT60hujpnXn5mh6cN659nOuiCQ87AQYdMPQ7kRfjM3w3pBxtyyFLXyfvCjdXkJ yObiQlD8fQo9VnP3FrV3LAMV0cqSTagiX6hcS2bGhZiSN6kmCFGD8ucgZaUJsw67t1m1 TjvM2zIw9Gwr2wS2VO9AKWolaiXvXFeJr0BHudhXT3K+9QyuQU8hB9a6WhkuKWgw63ly 9pdJ3nZb249p8/j8FFAW3jWAa4sUvxWLvDwWGdU5JkeKel165W9OoIY2NDmkhFni6RFA QlaRI0cSDrhc/igE8ZIjo/YJIINtB+3qSf6YrgUnh0IImP7ED/PeC4kKRf8qjsu4LkcG EW+Q== X-Forwarded-Encrypted: i=1; AJvYcCUEZnQnBBY85FamQEBU3LU/O+qlKggyuu2rSLjOSDvCLvJJ/H2lIW2FhWoqyGn5EGEDGso4lypmnQaVE0H5ZAwL@lists.infradead.org, AJvYcCUTOQWtfNe7GNTi3SXFrW9QTtK8yCadrEKZffVBM5EbQcB9XgfAyPd6ZEmNka8t3jwGCCtJl0Nb5IvFIKPprfU=@lists.infradead.org X-Gm-Message-State: AOJu0YzJzHUkwyC+ekAxuD7szyGnb7fpyGZITGhEgJruD7QNtqeorsZz 5Vx1ed8Hg1jD/HTtSn6X4fAuvL3SdStuWCRARrQpT1hNL+VcI55D X-Gm-Gg: ASbGncuyIFx3sgVJPIRRSmzELbcJb/02DOYXuw4pA5gIqm8GhTc6NdHzlIsszcqQehu tKRgbmEArHEuuH2t7SnXb4fLH6aH3VMLDR/Czs0PgB3PGMWrwtdsGyIm2BOLoiHzFrbHNLNq57z 5V0EstxyvFZOCcSvqAgY7MAfbDxsRMM0OSHUTsfgTBwbzIMg1/5MGEIIUgvS+yoSp9Gl0HLAHK8 s5cd4ShrBRVvM6Z9aaK3F00p2FCQgH2jRbyZJM4LEqEPVbm5pJpBGfxJ+Q5hcPHnjnaTadml53W X7DLKXx8R4UvMBUEt2ZKSAQZaVvq1PvGxZV/AUxfh7LQEDdpl66b/rRMpY04ohPZwFng2c6ZOQH dl/Xt66HmI3uVEgkc87Qh+vn7LN6g85w6bxtJzh7y8xr23SBjXcg3B99y/70hWw== X-Google-Smtp-Source: AGHT+IEYoyIO/7Ua8QChf7dL+PueD75+tHKS8ttknXnuhde+EClQAHkSCbndwT05/pBTf0yKshUXyA== X-Received: by 2002:a17:907:7dab:b0:ac0:9b39:32aa with SMTP id a640c23a62f3a-ac20d8bd056mr192767866b.23.1741170621433; Wed, 05 Mar 2025 02:30:21 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-ac1f7161a4esm247154266b.161.2025.03.05.02.30.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 05 Mar 2025 02:30:21 -0800 (PST) From: Eric Woudstra To: Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Ahmed Zaki , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, linux-hardening@vger.kernel.org, Kees Cook , "Gustavo A. R. Silva" , Eric Woudstra Subject: [PATCH v9 nf 15/15] netfilter: nft_flow_offload: Add bridgeflow to nft_flow_offload_eval() Date: Wed, 5 Mar 2025 11:29:49 +0100 Message-ID: <20250305102949.16370-16-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250305102949.16370-1-ericwouds@gmail.com> References: <20250305102949.16370-1-ericwouds@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250305_023023_159240_E503B1B9 X-CRM114-Status: GOOD ( 19.45 ) X-BeenThere: linux-mediatek@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Linux-mediatek" Errors-To: linux-mediatek-bounces+linux-mediatek=archiver.kernel.org@lists.infradead.org Edit nft_flow_offload_eval() to make it possible to handle a flowtable of the nft bridge family. Use nft_flow_offload_bridge_init() to fill the flow tuples. It uses nft_dev_fill_bridge_path() in each direction. Reviewed-by: Nikolay Aleksandrov Signed-off-by: Eric Woudstra --- net/netfilter/nft_flow_offload.c | 142 +++++++++++++++++++++++++++++-- 1 file changed, 137 insertions(+), 5 deletions(-) diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index c0c310c569cd..03a0b5f7e8d2 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -193,6 +193,128 @@ static bool nft_flowtable_find_dev(const struct net_device *dev, return found; } +static int nft_dev_fill_bridge_path(struct flow_offload *flow, + struct nft_flowtable *ft, + enum ip_conntrack_dir dir, + const struct net_device *src_dev, + const struct net_device *dst_dev, + unsigned char *src_ha, + unsigned char *dst_ha) +{ + struct flow_offload_tuple_rhash *th = flow->tuplehash; + struct net_device_path_ctx ctx = {}; + struct net_device_path_stack stack; + struct nft_forward_info info = {}; + int i, j = 0; + + for (i = th[dir].tuple.encap_num - 1; i >= 0 ; i--) { + if (info.num_encaps >= NF_FLOW_TABLE_ENCAP_MAX) + return -1; + + if (th[dir].tuple.in_vlan_ingress & BIT(i)) + continue; + + info.encap[info.num_encaps].id = th[dir].tuple.encap[i].id; + info.encap[info.num_encaps].proto = th[dir].tuple.encap[i].proto; + info.num_encaps++; + + if (th[dir].tuple.encap[i].proto == htons(ETH_P_PPP_SES)) + continue; + + if (ctx.num_vlans >= NET_DEVICE_PATH_VLAN_MAX) + return -1; + ctx.vlan[ctx.num_vlans].id = th[dir].tuple.encap[i].id; + ctx.vlan[ctx.num_vlans].proto = th[dir].tuple.encap[i].proto; + ctx.num_vlans++; + } + ctx.dev = src_dev; + ether_addr_copy(ctx.daddr, dst_ha); + + if (dev_fill_bridge_path(&ctx, &stack) < 0) + return -1; + + nft_dev_path_info(&stack, &info, dst_ha, &ft->data); + + if (!info.indev || info.indev != dst_dev) + return -1; + + th[!dir].tuple.iifidx = info.indev->ifindex; + for (i = info.num_encaps - 1; i >= 0; i--) { + th[!dir].tuple.encap[j].id = info.encap[i].id; + th[!dir].tuple.encap[j].proto = info.encap[i].proto; + if (info.ingress_vlans & BIT(i)) + th[!dir].tuple.in_vlan_ingress |= BIT(j); + j++; + } + th[!dir].tuple.encap_num = info.num_encaps; + + th[dir].tuple.mtu = dst_dev->mtu; + ether_addr_copy(th[dir].tuple.out.h_source, src_ha); + ether_addr_copy(th[dir].tuple.out.h_dest, dst_ha); + th[dir].tuple.out.ifidx = info.outdev->ifindex; + th[dir].tuple.xmit_type = FLOW_OFFLOAD_XMIT_DIRECT; + + return 0; +} + +static int nft_flow_offload_bridge_init(struct flow_offload *flow, + const struct nft_pktinfo *pkt, + enum ip_conntrack_dir dir, + struct nft_flowtable *ft) +{ + const struct net_device *in_dev, *out_dev; + struct ethhdr *eth = eth_hdr(pkt->skb); + struct flow_offload_tuple *tuple; + struct pppoe_hdr *phdr; + struct vlan_hdr *vhdr; + int err, i = 0; + + in_dev = nft_in(pkt); + if (!in_dev || !nft_flowtable_find_dev(in_dev, ft)) + return -1; + + out_dev = nft_out(pkt); + if (!out_dev || !nft_flowtable_find_dev(out_dev, ft)) + return -1; + + tuple = &flow->tuplehash[!dir].tuple; + + if (skb_vlan_tag_present(pkt->skb)) { + tuple->encap[i].id = skb_vlan_tag_get(pkt->skb); + tuple->encap[i].proto = pkt->skb->vlan_proto; + i++; + } + switch (pkt->skb->protocol) { + case htons(ETH_P_8021Q): + vhdr = (struct vlan_hdr *)skb_network_header(pkt->skb); + tuple->encap[i].id = ntohs(vhdr->h_vlan_TCI); + tuple->encap[i].proto = pkt->skb->protocol; + i++; + break; + case htons(ETH_P_PPP_SES): + phdr = (struct pppoe_hdr *)skb_network_header(pkt->skb); + tuple->encap[i].id = ntohs(phdr->sid); + tuple->encap[i].proto = pkt->skb->protocol; + i++; + break; + } + tuple->encap_num = i; + + err = nft_dev_fill_bridge_path(flow, ft, !dir, out_dev, in_dev, + eth->h_dest, eth->h_source); + if (err < 0) + return err; + + memset(tuple->encap, 0, sizeof(tuple->encap)); + + err = nft_dev_fill_bridge_path(flow, ft, dir, in_dev, out_dev, + eth->h_source, eth->h_dest); + if (err < 0) + return err; + + return 0; +} + static void nft_dev_forward_path(struct nf_flow_route *route, const struct nf_conn *ct, enum ip_conntrack_dir dir, @@ -311,6 +433,7 @@ static void nft_flow_offload_eval(const struct nft_expr *expr, { struct nft_flow_offload *priv = nft_expr_priv(expr); struct nf_flowtable *flowtable = &priv->flowtable->data; + bool routing = flowtable->type->family != NFPROTO_BRIDGE; struct tcphdr _tcph, *tcph = NULL; struct nf_flow_route route = {}; enum ip_conntrack_info ctinfo; @@ -364,14 +487,21 @@ static void nft_flow_offload_eval(const struct nft_expr *expr, goto out; dir = CTINFO2DIR(ctinfo); - if (nft_flow_route(pkt, ct, &route, dir, priv->flowtable) < 0) - goto err_flow_route; + if (routing) { + if (nft_flow_route(pkt, ct, &route, dir, priv->flowtable) < 0) + goto err_flow_route; + } flow = flow_offload_alloc(ct); if (!flow) goto err_flow_alloc; - flow_offload_route_init(flow, &route); + if (routing) + flow_offload_route_init(flow, &route); + else + if (nft_flow_offload_bridge_init(flow, pkt, dir, priv->flowtable) < 0) + goto err_flow_add; + if (tcph) flow_offload_ct_tcp(ct); @@ -419,8 +549,10 @@ static void nft_flow_offload_eval(const struct nft_expr *expr, err_flow_add: flow_offload_free(flow); err_flow_alloc: - dst_release(route.tuple[dir].dst); - dst_release(route.tuple[!dir].dst); + if (routing) { + dst_release(route.tuple[dir].dst); + dst_release(route.tuple[!dir].dst); + } err_flow_route: clear_bit(IPS_OFFLOAD_BIT, &ct->status); out: