From patchwork Thu Feb 3 11:59:39 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Toshiaki Makita X-Patchwork-Id: 12734067 X-Patchwork-Delegate: kuba@kernel.org Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8666BC433FE for ; Thu, 3 Feb 2022 12:00:24 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1350373AbiBCMAX (ORCPT ); Thu, 3 Feb 2022 07:00:23 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51818 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1350369AbiBCMAW (ORCPT ); Thu, 3 Feb 2022 07:00:22 -0500 Received: from mail-pl1-x631.google.com (mail-pl1-x631.google.com [IPv6:2607:f8b0:4864:20::631]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E2560C06173D; Thu, 3 Feb 2022 04:00:22 -0800 (PST) Received: by mail-pl1-x631.google.com with SMTP id l13so1939568plg.9; Thu, 03 Feb 2022 04:00:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=D+QcOf27G0AKCegHYxDyR6taGGMQc+Nv1nDTQ5yZ2VM=; b=YXBfOxZPElSf/LHgSTF5ycZCfkjl72C6pO7v+1/qedquGVbWYYWQg5xch9Osc3VOVP FC0JAafrbiXx8qU9rvWMQ1uVJhJVEL8O6PXUiJPcfyQIlZw3WmVtropHn3ZCYzTHfIpt XzS8yHQknvwd3q3BWAUS04ifJR/AjQi0aKRuUP/xzU+GHTVlPzYeSU72A5fwA5Gaqw3g 9PvNBNX4a+fsehpDNGiMqVKZ2PnA435VWor/8UR4hsqLHO7cVzgbkN5SI7zujGI2jleA khs+HUvhgpEYO+VLgH2c+ZxAEbmCHcoB8VO3IzfU/VL2MaaiLAxNOGrnRo+x6xjSMG6V n40w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=D+QcOf27G0AKCegHYxDyR6taGGMQc+Nv1nDTQ5yZ2VM=; b=KQfYS4iGt3PABWgNUlxZBHGzbGhoLCJBUBIIzYu8xGXF/gN/haYvnE0ZCg3sz5HXSP FCQOpwiLCdQWslVbhkpkYEJ8HW+dfE9UnNy2k9kp4izN56oia7FfQLjUMI+wMGkdZok5 UZKm9uY4lyRQhgEBhEbvZiPdKVm/hOsq8QEXQJtWQfBdsZr+LQLRrV0XBYKppKX/Rztt vReT1TGpw43aDAD9+DcT/dKNdkTllC3TUO1xq96tE7bV3jBCu8+WQt+k6p74ayeKXgZA qhvtPf3R1gIhvQELw+ZWHn8rdXFVHRvdB4wYj2usPlYXQV/lqTaywFE5d3LY6TEThUTD Qaiw== X-Gm-Message-State: AOAM530zQObl/eixre10Pl/Vu7mnTIqazgt/1K3IG6TKUVCP1OQ76csy ry15QmYlqGP723XvDIuzfp4= X-Google-Smtp-Source: ABdhPJzDvhBJICD0+IJfAWr+RRHRN0UiGlMtI6G9ghCiB1oeUvZ4moY3KsSLrZh+CQz+F4NEbFAg/g== X-Received: by 2002:a17:902:ce92:: with SMTP id f18mr5270090plg.166.1643889622390; Thu, 03 Feb 2022 04:00:22 -0800 (PST) Received: from e30-rocky8.kern.oss.ntt.co.jp ([222.151.198.97]) by smtp.gmail.com with ESMTPSA id f12sm16506697pfc.70.2022.02.03.04.00.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 03 Feb 2022 04:00:22 -0800 (PST) From: Toshiaki Makita To: "David S. Miller" , "Jakub Kicinski" , "Saeed Mahameed" , "Jamal Hadi Salim" , "Cong Wang" , "Jiri Pirko" , "Pablo Neira Ayuso" , "Jozsef Kadlecsik" , "Florian Westphal" Cc: Toshiaki Makita , netdev@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, Paul Blakey Subject: [PATCH net-next 1/3] netfilter: flowtable: Support GRE Date: Thu, 3 Feb 2022 20:59:39 +0900 Message-Id: <20220203115941.3107572-2-toshiaki.makita1@gmail.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20220203115941.3107572-1-toshiaki.makita1@gmail.com> References: <20220203115941.3107572-1-toshiaki.makita1@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org X-Patchwork-Delegate: kuba@kernel.org Support GREv0 without NAT. Signed-off-by: Toshiaki Makita --- net/netfilter/nf_flow_table_core.c | 10 +++++-- net/netfilter/nf_flow_table_ip.c | 54 ++++++++++++++++++++++++++++------- net/netfilter/nf_flow_table_offload.c | 19 +++++++----- net/netfilter/nft_flow_offload.c | 13 +++++++++ 4 files changed, 77 insertions(+), 19 deletions(-) diff --git a/net/netfilter/nf_flow_table_core.c b/net/netfilter/nf_flow_table_core.c index b90eca7..e66a375 100644 --- a/net/netfilter/nf_flow_table_core.c +++ b/net/netfilter/nf_flow_table_core.c @@ -39,8 +39,14 @@ ft->l3proto = ctt->src.l3num; ft->l4proto = ctt->dst.protonum; - ft->src_port = ctt->src.u.tcp.port; - ft->dst_port = ctt->dst.u.tcp.port; + + switch (ctt->dst.protonum) { + case IPPROTO_TCP: + case IPPROTO_UDP: + ft->src_port = ctt->src.u.tcp.port; + ft->dst_port = ctt->dst.u.tcp.port; + break; + } } struct flow_offload *flow_offload_alloc(struct nf_conn *ct) diff --git a/net/netfilter/nf_flow_table_ip.c b/net/netfilter/nf_flow_table_ip.c index 889cf88..48e2f58 100644 --- a/net/netfilter/nf_flow_table_ip.c +++ b/net/netfilter/nf_flow_table_ip.c @@ -172,6 +172,7 @@ static int nf_flow_tuple_ip(struct sk_buff *skb, const struct net_device *dev, struct flow_ports *ports; unsigned int thoff; struct iphdr *iph; + u8 ipproto; if (!pskb_may_pull(skb, sizeof(*iph) + offset)) return -1; @@ -185,13 +186,19 @@ static int nf_flow_tuple_ip(struct sk_buff *skb, const struct net_device *dev, thoff += offset; - switch (iph->protocol) { + ipproto = iph->protocol; + switch (ipproto) { case IPPROTO_TCP: *hdrsize = sizeof(struct tcphdr); break; case IPPROTO_UDP: *hdrsize = sizeof(struct udphdr); break; +#ifdef CONFIG_NF_CT_PROTO_GRE + case IPPROTO_GRE: + *hdrsize = sizeof(struct gre_base_hdr); + break; +#endif default: return -1; } @@ -202,15 +209,25 @@ static int nf_flow_tuple_ip(struct sk_buff *skb, const struct net_device *dev, if (!pskb_may_pull(skb, thoff + *hdrsize)) return -1; + if (ipproto == IPPROTO_GRE) { + struct gre_base_hdr *greh; + + greh = (struct gre_base_hdr *)(skb_network_header(skb) + thoff); + if ((greh->flags & GRE_VERSION) != GRE_VERSION_0) + return -1; + } + iph = (struct iphdr *)(skb_network_header(skb) + offset); - ports = (struct flow_ports *)(skb_network_header(skb) + thoff); tuple->src_v4.s_addr = iph->saddr; tuple->dst_v4.s_addr = iph->daddr; - tuple->src_port = ports->source; - tuple->dst_port = ports->dest; + if (ipproto == IPPROTO_TCP || ipproto == IPPROTO_UDP) { + ports = (struct flow_ports *)(skb_network_header(skb) + thoff); + tuple->src_port = ports->source; + tuple->dst_port = ports->dest; + } tuple->l3proto = AF_INET; - tuple->l4proto = iph->protocol; + tuple->l4proto = ipproto; tuple->iifidx = dev->ifindex; nf_flow_tuple_encap(skb, tuple); @@ -521,6 +538,7 @@ static int nf_flow_tuple_ipv6(struct sk_buff *skb, const struct net_device *dev, struct flow_ports *ports; struct ipv6hdr *ip6h; unsigned int thoff; + u8 nexthdr; thoff = sizeof(*ip6h) + offset; if (!pskb_may_pull(skb, thoff)) @@ -528,13 +546,19 @@ static int nf_flow_tuple_ipv6(struct sk_buff *skb, const struct net_device *dev, ip6h = (struct ipv6hdr *)(skb_network_header(skb) + offset); - switch (ip6h->nexthdr) { + nexthdr = ip6h->nexthdr; + switch (nexthdr) { case IPPROTO_TCP: *hdrsize = sizeof(struct tcphdr); break; case IPPROTO_UDP: *hdrsize = sizeof(struct udphdr); break; +#ifdef CONFIG_NF_CT_PROTO_GRE + case IPPROTO_GRE: + *hdrsize = sizeof(struct gre_base_hdr); + break; +#endif default: return -1; } @@ -545,15 +569,25 @@ static int nf_flow_tuple_ipv6(struct sk_buff *skb, const struct net_device *dev, if (!pskb_may_pull(skb, thoff + *hdrsize)) return -1; + if (nexthdr == IPPROTO_GRE) { + struct gre_base_hdr *greh; + + greh = (struct gre_base_hdr *)(skb_network_header(skb) + thoff); + if ((greh->flags & GRE_VERSION) != GRE_VERSION_0) + return -1; + } + ip6h = (struct ipv6hdr *)(skb_network_header(skb) + offset); - ports = (struct flow_ports *)(skb_network_header(skb) + thoff); tuple->src_v6 = ip6h->saddr; tuple->dst_v6 = ip6h->daddr; - tuple->src_port = ports->source; - tuple->dst_port = ports->dest; + if (nexthdr == IPPROTO_TCP || nexthdr == IPPROTO_UDP) { + ports = (struct flow_ports *)(skb_network_header(skb) + thoff); + tuple->src_port = ports->source; + tuple->dst_port = ports->dest; + } tuple->l3proto = AF_INET6; - tuple->l4proto = ip6h->nexthdr; + tuple->l4proto = nexthdr; tuple->iifidx = dev->ifindex; nf_flow_tuple_encap(skb, tuple); diff --git a/net/netfilter/nf_flow_table_offload.c b/net/netfilter/nf_flow_table_offload.c index b561e0a..9b81080 100644 --- a/net/netfilter/nf_flow_table_offload.c +++ b/net/netfilter/nf_flow_table_offload.c @@ -170,6 +170,7 @@ static int nf_flow_rule_match(struct nf_flow_match *match, match->dissector.used_keys |= BIT(FLOW_DISSECTOR_KEY_TCP); break; case IPPROTO_UDP: + case IPPROTO_GRE: break; default: return -EOPNOTSUPP; @@ -178,15 +179,19 @@ static int nf_flow_rule_match(struct nf_flow_match *match, key->basic.ip_proto = tuple->l4proto; mask->basic.ip_proto = 0xff; - key->tp.src = tuple->src_port; - mask->tp.src = 0xffff; - key->tp.dst = tuple->dst_port; - mask->tp.dst = 0xffff; - match->dissector.used_keys |= BIT(FLOW_DISSECTOR_KEY_META) | BIT(FLOW_DISSECTOR_KEY_CONTROL) | - BIT(FLOW_DISSECTOR_KEY_BASIC) | - BIT(FLOW_DISSECTOR_KEY_PORTS); + BIT(FLOW_DISSECTOR_KEY_BASIC); + + if (tuple->l4proto == IPPROTO_TCP || tuple->l4proto == IPPROTO_UDP) { + key->tp.src = tuple->src_port; + mask->tp.src = 0xffff; + key->tp.dst = tuple->dst_port; + mask->tp.dst = 0xffff; + + match->dissector.used_keys |= BIT(FLOW_DISSECTOR_KEY_PORTS); + } + return 0; } diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index 0af34ad..731b5d8 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -298,6 +298,19 @@ static void nft_flow_offload_eval(const struct nft_expr *expr, break; case IPPROTO_UDP: break; +#ifdef CONFIG_NF_CT_PROTO_GRE + case IPPROTO_GRE: { + struct nf_conntrack_tuple *tuple; + + if (ct->status & IPS_NAT_MASK) + goto out; + tuple = &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple; + /* No support for GRE v1 */ + if (tuple->src.u.gre.key || tuple->dst.u.gre.key) + goto out; + break; + } +#endif default: goto out; } From patchwork Thu Feb 3 11:59:40 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Toshiaki Makita X-Patchwork-Id: 12734068 X-Patchwork-Delegate: kuba@kernel.org Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 98B52C433EF for ; Thu, 3 Feb 2022 12:00:29 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1350368AbiBCMA1 (ORCPT ); Thu, 3 Feb 2022 07:00:27 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51836 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231817AbiBCMA0 (ORCPT ); Thu, 3 Feb 2022 07:00:26 -0500 Received: from mail-pl1-x636.google.com (mail-pl1-x636.google.com [IPv6:2607:f8b0:4864:20::636]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3290DC06173B; Thu, 3 Feb 2022 04:00:26 -0800 (PST) Received: by mail-pl1-x636.google.com with SMTP id j16so1955902plx.4; Thu, 03 Feb 2022 04:00:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=/58ZWb/Iv5GS0MWB+kxPvMl58xYsr2tKtsiFsskxVhA=; b=kDSMbjwpYhqLjomXvrVglmceH7yt/Q5mQ8UKQU6/C4ktOM0RUY4wWIcx7b5aW408sG zXrOnkBc9JwklsGwyxdaKQXKE/n5gDfRT9mzvgWpr0f0tWFFZVMkCvEriKwQICl+I4ob Qail59NdGKIbDUCUtHSNfe6SqSabDho8DhPj6GxxKCjhVRQX6XRswLcx8OC5XuyXgxaP M3evReRkbmGmjCBgpz+NtspuLUlxFOl28CpxKVIEobAljVsOQm0m4Wuz4FjhiLQbNIPm PMIYvxR+DmyBIzTJZbKrzGn8uvCjpMB8Ue11i6QJI7Buf7UVKDBaTcXhO4EbgSMVwl8P D4sg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=/58ZWb/Iv5GS0MWB+kxPvMl58xYsr2tKtsiFsskxVhA=; b=C5vQef9Qbf/GNb/CxWiV8a3caMeqsfA2VTkoRyEXR+TKI0yYzMFzVQDrgNkc3CtZVx 1OtTLf0cFZ0bQfuYbmyAr7ObrEMv53CGhG/UuYYas+gJx8x4BCmVWA0lXsWD/fjGkVTU m/qZnpX7kJbTJQbEjOu1Mdp/8u2OBLh5LGr3xN2F24ojd1dlgoYDDH6tUP3DGQGlZtYR rEe5MsPMMysQTZsG0s0SXf3q2ycbP0CzRTahEMCYUNkgUaSYNcv7Q1j2vjSzt7WfQWSQ /UeKkuEzD1t77QtQiVdvZudxW4RLkn1Qw1g0yk86aZWLZmFDSeGmRRMWoE0vXsl+kTNI zoaQ== X-Gm-Message-State: AOAM532aZRX44MlyCH1Owtj5TSXTMDcV5+kDY7RBEYLtUgBe1cc1GBwp dCUt7UZnddaXZ5jlwAgzcvQ= X-Google-Smtp-Source: ABdhPJwjAfFLI6JUHTa4TFFRwq2L2qWF/uTTF1NABiklHpOWO5npxSqblK1t6XbWNWlnaF8wgq9kjA== X-Received: by 2002:a17:902:b403:: with SMTP id x3mr22545067plr.61.1643889625707; Thu, 03 Feb 2022 04:00:25 -0800 (PST) Received: from e30-rocky8.kern.oss.ntt.co.jp ([222.151.198.97]) by smtp.gmail.com with ESMTPSA id f12sm16506697pfc.70.2022.02.03.04.00.22 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 03 Feb 2022 04:00:25 -0800 (PST) From: Toshiaki Makita To: "David S. Miller" , "Jakub Kicinski" , "Saeed Mahameed" , "Jamal Hadi Salim" , "Cong Wang" , "Jiri Pirko" , "Pablo Neira Ayuso" , "Jozsef Kadlecsik" , "Florian Westphal" Cc: Toshiaki Makita , netdev@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, Paul Blakey Subject: [PATCH net-next 2/3] act_ct: Support GRE offload Date: Thu, 3 Feb 2022 20:59:40 +0900 Message-Id: <20220203115941.3107572-3-toshiaki.makita1@gmail.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20220203115941.3107572-1-toshiaki.makita1@gmail.com> References: <20220203115941.3107572-1-toshiaki.makita1@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org X-Patchwork-Delegate: kuba@kernel.org Support GREv0 without NAT. Signed-off-by: Toshiaki Makita Acked-by: Paul Blakey status & IPS_NAT_MASK) + return; + tuple = &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple; + /* No support for GRE v1 */ + if (tuple->src.u.gre.key || tuple->dst.u.gre.key) + return; + break; + } +#endif default: return; } @@ -440,6 +453,8 @@ static void tcf_ct_flow_table_process_conn(struct tcf_ct_flow_table *ct_ft, struct flow_ports *ports; unsigned int thoff; struct iphdr *iph; + size_t hdrsize; + u8 ipproto; if (!pskb_network_may_pull(skb, sizeof(*iph))) return false; @@ -451,29 +466,49 @@ static void tcf_ct_flow_table_process_conn(struct tcf_ct_flow_table *ct_ft, unlikely(thoff != sizeof(struct iphdr))) return false; - if (iph->protocol != IPPROTO_TCP && - iph->protocol != IPPROTO_UDP) + ipproto = iph->protocol; + switch (ipproto) { + case IPPROTO_TCP: + hdrsize = sizeof(struct tcphdr); + break; + case IPPROTO_UDP: + hdrsize = sizeof(*ports); + break; +#ifdef CONFIG_NF_CT_PROTO_GRE + case IPPROTO_GRE: + hdrsize = sizeof(struct gre_base_hdr); + break; +#endif + default: return false; + } if (iph->ttl <= 1) return false; - if (!pskb_network_may_pull(skb, iph->protocol == IPPROTO_TCP ? - thoff + sizeof(struct tcphdr) : - thoff + sizeof(*ports))) + if (!pskb_network_may_pull(skb, thoff + hdrsize)) return false; iph = ip_hdr(skb); - if (iph->protocol == IPPROTO_TCP) + if (ipproto == IPPROTO_TCP) { *tcph = (void *)(skb_network_header(skb) + thoff); + } else if (ipproto == IPPROTO_GRE) { + struct gre_base_hdr *greh; + + greh = (struct gre_base_hdr *)(skb_network_header(skb) + thoff); + if ((greh->flags & GRE_VERSION) != GRE_VERSION_0) + return false; + } - ports = (struct flow_ports *)(skb_network_header(skb) + thoff); tuple->src_v4.s_addr = iph->saddr; tuple->dst_v4.s_addr = iph->daddr; - tuple->src_port = ports->source; - tuple->dst_port = ports->dest; + if (ipproto == IPPROTO_TCP || ipproto == IPPROTO_UDP) { + ports = (struct flow_ports *)(skb_network_header(skb) + thoff); + tuple->src_port = ports->source; + tuple->dst_port = ports->dest; + } tuple->l3proto = AF_INET; - tuple->l4proto = iph->protocol; + tuple->l4proto = ipproto; return true; } @@ -486,36 +521,58 @@ static void tcf_ct_flow_table_process_conn(struct tcf_ct_flow_table *ct_ft, struct flow_ports *ports; struct ipv6hdr *ip6h; unsigned int thoff; + size_t hdrsize; + u8 nexthdr; if (!pskb_network_may_pull(skb, sizeof(*ip6h))) return false; ip6h = ipv6_hdr(skb); + thoff = sizeof(*ip6h); - if (ip6h->nexthdr != IPPROTO_TCP && - ip6h->nexthdr != IPPROTO_UDP) - return false; + nexthdr = ip6h->nexthdr; + switch (nexthdr) { + case IPPROTO_TCP: + hdrsize = sizeof(struct tcphdr); + break; + case IPPROTO_UDP: + hdrsize = sizeof(*ports); + break; +#ifdef CONFIG_NF_CT_PROTO_GRE + case IPPROTO_GRE: + hdrsize = sizeof(struct gre_base_hdr); + break; +#endif + default: + return -1; + } if (ip6h->hop_limit <= 1) return false; - thoff = sizeof(*ip6h); - if (!pskb_network_may_pull(skb, ip6h->nexthdr == IPPROTO_TCP ? - thoff + sizeof(struct tcphdr) : - thoff + sizeof(*ports))) + if (!pskb_network_may_pull(skb, thoff + hdrsize)) return false; ip6h = ipv6_hdr(skb); - if (ip6h->nexthdr == IPPROTO_TCP) + if (nexthdr == IPPROTO_TCP) { *tcph = (void *)(skb_network_header(skb) + thoff); + } else if (nexthdr == IPPROTO_GRE) { + struct gre_base_hdr *greh; + + greh = (struct gre_base_hdr *)(skb_network_header(skb) + thoff); + if ((greh->flags & GRE_VERSION) != GRE_VERSION_0) + return false; + } - ports = (struct flow_ports *)(skb_network_header(skb) + thoff); tuple->src_v6 = ip6h->saddr; tuple->dst_v6 = ip6h->daddr; - tuple->src_port = ports->source; - tuple->dst_port = ports->dest; + if (nexthdr == IPPROTO_TCP || nexthdr == IPPROTO_UDP) { + ports = (struct flow_ports *)(skb_network_header(skb) + thoff); + tuple->src_port = ports->source; + tuple->dst_port = ports->dest; + } tuple->l3proto = AF_INET6; - tuple->l4proto = ip6h->nexthdr; + tuple->l4proto = nexthdr; return true; } From patchwork Thu Feb 3 11:59:41 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Toshiaki Makita X-Patchwork-Id: 12734069 X-Patchwork-Delegate: kuba@kernel.org Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E7C95C433EF for ; Thu, 3 Feb 2022 12:00:43 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1350369AbiBCMAm (ORCPT ); Thu, 3 Feb 2022 07:00:42 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51850 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1350365AbiBCMA3 (ORCPT ); Thu, 3 Feb 2022 07:00:29 -0500 Received: from mail-pg1-x52d.google.com (mail-pg1-x52d.google.com [IPv6:2607:f8b0:4864:20::52d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 61FE8C061714; Thu, 3 Feb 2022 04:00:29 -0800 (PST) Received: by mail-pg1-x52d.google.com with SMTP id d186so2084319pgc.9; Thu, 03 Feb 2022 04:00:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=3yzQdnp6hIr3Gf3mJOVKEBUzI+A+dvxPGyrCfuhesHQ=; b=eZJ5Duttf+LiLSOFgmo4wo235FS0ZkODlITXB8uU3/mnNT10fXFFZ0HmptjseMbPZE PoF9WrLF2mHrht2cvXnrevTR+Ve8St1zV2O32Bea8aH13uGflxeNqtIkwU9NmJLhOq3a eZ1DRPHx5OT97CVDqvnJEJpVXnnA0/occvdX18M/VMtnMsOqtMrA34BK1sToV8xf1GxE BD2v7iJARJs9JNtg/9sseteIbIF9UUcsDjpERwZCzD0EcQ0XjV62npFJYLd/wQcLHcBC DBNAowk0KEmbgXHslo3ogNEyq0sjDTcLEA/Va04+3YeveCmqxSyjN0VmjN50WNb8FgEe yoRw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=3yzQdnp6hIr3Gf3mJOVKEBUzI+A+dvxPGyrCfuhesHQ=; b=V5Gu6Ok5Vk59laqxP1LRARQFKzPUChRs1swdI9NbKSJ83whL9F7TviHiEevUfDpkd/ vWsMYXokfj+NiCAqZ60+VWgOdQmne8eFwMP2KJ+g8Ut07afWhseo3TjuQLFpXAZDtm6X hix9b+94fchFyLLNXFp4ARV/jd1chfEdydTfWmd7mMRAwrCAJeMyhk3LXt2qlz0zITPw 2huG6GWGkMuMKlEkzbdCHtJIjJWMvwqWHZKIALRZCvy7eHl6KepORzlQZY9mTZzxUrwE ldPfAm2HF2jZs5bYmZp0mDTTLxB0gt9548FWGyjHR+aCGohvkI1TrgWn04UKJbWPUH5/ 50xw== X-Gm-Message-State: AOAM5334P0o86lA/G877EeVbzH0dm2x8f7JpHIeJBtLyHEzoakOKMlLp YA1cZ2MCIT1csnRdjlzroI8= X-Google-Smtp-Source: ABdhPJwJUM6ekp22lbgG63ir8D/NHUuy6WG1cvz8sJNxae0WBLQCYS5UXPL2uLIkMUhNaAkuFEME2A== X-Received: by 2002:a63:4182:: with SMTP id o124mr27728165pga.479.1643889628948; Thu, 03 Feb 2022 04:00:28 -0800 (PST) Received: from e30-rocky8.kern.oss.ntt.co.jp ([222.151.198.97]) by smtp.gmail.com with ESMTPSA id f12sm16506697pfc.70.2022.02.03.04.00.25 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 03 Feb 2022 04:00:28 -0800 (PST) From: Toshiaki Makita To: "David S. Miller" , "Jakub Kicinski" , "Saeed Mahameed" , "Jamal Hadi Salim" , "Cong Wang" , "Jiri Pirko" , "Pablo Neira Ayuso" , "Jozsef Kadlecsik" , "Florian Westphal" Cc: Toshiaki Makita , netdev@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, Paul Blakey Subject: [PATCH net-next 3/3] net/mlx5: Support GRE conntrack offload Date: Thu, 3 Feb 2022 20:59:41 +0900 Message-Id: <20220203115941.3107572-4-toshiaki.makita1@gmail.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20220203115941.3107572-1-toshiaki.makita1@gmail.com> References: <20220203115941.3107572-1-toshiaki.makita1@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org X-Patchwork-Delegate: kuba@kernel.org Support GREv0 without NAT. Signed-off-by: Toshiaki Makita Acked-by: Paul Blakey --- drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c b/drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c index 0f4d3b9d..465643c 100644 --- a/drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c +++ b/drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c @@ -258,7 +258,8 @@ struct mlx5_ct_entry { return -EOPNOTSUPP; } } else { - return -EOPNOTSUPP; + if (tuple->ip_proto != IPPROTO_GRE) + return -EOPNOTSUPP; } return 0; @@ -807,7 +808,11 @@ struct mlx5_ct_entry { attr->dest_chain = 0; attr->dest_ft = mlx5e_tc_post_act_get_ft(ct_priv->post_act); attr->ft = nat ? ct_priv->ct_nat : ct_priv->ct; - attr->outer_match_level = MLX5_MATCH_L4; + if (entry->tuple.ip_proto == IPPROTO_TCP || + entry->tuple.ip_proto == IPPROTO_UDP) + attr->outer_match_level = MLX5_MATCH_L4; + else + attr->outer_match_level = MLX5_MATCH_L3; attr->counter = entry->counter->counter; attr->flags |= MLX5_ATTR_FLAG_NO_IN_PORT; if (ct_priv->ns_type == MLX5_FLOW_NAMESPACE_FDB) @@ -1224,16 +1229,20 @@ static void mlx5_tc_ct_entry_del_work(struct work_struct *work) struct flow_keys flow_keys; skb_reset_network_header(skb); - skb_flow_dissect_flow_keys(skb, &flow_keys, 0); + skb_flow_dissect_flow_keys(skb, &flow_keys, FLOW_DISSECTOR_F_STOP_BEFORE_ENCAP); tuple->zone = zone; if (flow_keys.basic.ip_proto != IPPROTO_TCP && - flow_keys.basic.ip_proto != IPPROTO_UDP) + flow_keys.basic.ip_proto != IPPROTO_UDP && + flow_keys.basic.ip_proto != IPPROTO_GRE) return false; - tuple->port.src = flow_keys.ports.src; - tuple->port.dst = flow_keys.ports.dst; + if (flow_keys.basic.ip_proto == IPPROTO_TCP || + flow_keys.basic.ip_proto == IPPROTO_UDP) { + tuple->port.src = flow_keys.ports.src; + tuple->port.dst = flow_keys.ports.dst; + } tuple->n_proto = flow_keys.basic.n_proto; tuple->ip_proto = flow_keys.basic.ip_proto;