| Message ID | 20220506131841.3177-2-nbd@nbd.name (mailing list archive) |
|---|---|
| State | Superseded |
| Delegated to: | Netdev Maintainers |
| Headers | show |
| Series | [1/4] netfilter: flowtable: fix excessive hw offload attempts after failure | expand |
Series LGTM. Would you repost adding Fixes: tag and target nf tree? Thanks. On Fri, May 06, 2022 at 03:18:39PM +0200, Felix Fietkau wrote: > The dst entry does not contain a valid hardware address, so skip the lookup > in order to avoid running into errors here. > The proper hardware address is filled in from nft_dev_path_info > > Signed-off-by: Felix Fietkau <nbd@nbd.name> > --- > net/netfilter/nft_flow_offload.c | 22 +++++++++++++--------- > 1 file changed, 13 insertions(+), 9 deletions(-) > > diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c > index 900d48c810a1..d88de26aad75 100644 > --- a/net/netfilter/nft_flow_offload.c > +++ b/net/netfilter/nft_flow_offload.c > @@ -36,6 +36,15 @@ static void nft_default_forward_path(struct nf_flow_route *route, > route->tuple[dir].xmit_type = nft_xmit_type(dst_cache); > } > > +static bool nft_is_valid_ether_device(const struct net_device *dev) > +{ > + if (!dev || (dev->flags & IFF_LOOPBACK) || dev->type != ARPHRD_ETHER || > + dev->addr_len != ETH_ALEN || !is_valid_ether_addr(dev->dev_addr)) > + return false; > + > + return true; > +} > + > static int nft_dev_fill_forward_path(const struct nf_flow_route *route, > const struct dst_entry *dst_cache, > const struct nf_conn *ct, > @@ -47,6 +56,9 @@ static int nft_dev_fill_forward_path(const struct nf_flow_route *route, > struct neighbour *n; > u8 nud_state; > > + if (!nft_is_valid_ether_device(dev)) > + goto out; > + > n = dst_neigh_lookup(dst_cache, daddr); > if (!n) > return -1; > @@ -60,6 +72,7 @@ static int nft_dev_fill_forward_path(const struct nf_flow_route *route, > if (!(nud_state & NUD_VALID)) > return -1; > > +out: > return dev_fill_forward_path(dev, ha, stack); > } > > @@ -78,15 +91,6 @@ struct nft_forward_info { > enum flow_offload_xmit_type xmit_type; > }; > > -static bool nft_is_valid_ether_device(const struct net_device *dev) > -{ > - if (!dev || (dev->flags & IFF_LOOPBACK) || dev->type != ARPHRD_ETHER || > - dev->addr_len != ETH_ALEN || !is_valid_ether_addr(dev->dev_addr)) > - return false; > - > - return true; > -} > - > static void nft_dev_path_info(const struct net_device_path_stack *stack, > struct nft_forward_info *info, > unsigned char *ha, struct nf_flowtable *flowtable) > -- > 2.35.1 >
On 09.05.22 08:26, Pablo Neira Ayuso wrote: > Series LGTM. > > Would you repost adding Fixes: tag and target nf tree? > > Thanks. Sent. Please note that this will require a fixup when it gets merged into -next, since the mtk_ppe_offload code is affected by the ndo_fill_forward_path related api change. - Felix
diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index 900d48c810a1..d88de26aad75 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -36,6 +36,15 @@ static void nft_default_forward_path(struct nf_flow_route *route, route->tuple[dir].xmit_type = nft_xmit_type(dst_cache); } +static bool nft_is_valid_ether_device(const struct net_device *dev) +{ + if (!dev || (dev->flags & IFF_LOOPBACK) || dev->type != ARPHRD_ETHER || + dev->addr_len != ETH_ALEN || !is_valid_ether_addr(dev->dev_addr)) + return false; + + return true; +} + static int nft_dev_fill_forward_path(const struct nf_flow_route *route, const struct dst_entry *dst_cache, const struct nf_conn *ct, @@ -47,6 +56,9 @@ static int nft_dev_fill_forward_path(const struct nf_flow_route *route, struct neighbour *n; u8 nud_state; + if (!nft_is_valid_ether_device(dev)) + goto out; + n = dst_neigh_lookup(dst_cache, daddr); if (!n) return -1; @@ -60,6 +72,7 @@ static int nft_dev_fill_forward_path(const struct nf_flow_route *route, if (!(nud_state & NUD_VALID)) return -1; +out: return dev_fill_forward_path(dev, ha, stack); } @@ -78,15 +91,6 @@ struct nft_forward_info { enum flow_offload_xmit_type xmit_type; }; -static bool nft_is_valid_ether_device(const struct net_device *dev) -{ - if (!dev || (dev->flags & IFF_LOOPBACK) || dev->type != ARPHRD_ETHER || - dev->addr_len != ETH_ALEN || !is_valid_ether_addr(dev->dev_addr)) - return false; - - return true; -} - static void nft_dev_path_info(const struct net_device_path_stack *stack, struct nft_forward_info *info, unsigned char *ha, struct nf_flowtable *flowtable)
The dst entry does not contain a valid hardware address, so skip the lookup in order to avoid running into errors here. The proper hardware address is filled in from nft_dev_path_info Signed-off-by: Felix Fietkau <nbd@nbd.name> --- net/netfilter/nft_flow_offload.c | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-)