From patchwork Sun Oct 13 18:54:57 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13834028 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 40D87CF2579 for ; Sun, 13 Oct 2024 18:58:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=GbZ+4AfljpB6Mob7lVDrAx0dHSaVOpAjB7zGVS+eC1Y=; b=w7ajQzqdyZZsSOAStL88vBqkNA gYPUTm7/vpGuq5mzKGMurJL8BpcBEd4RSK+BnurYICITzJ0zby93k/filqDh67Y3pZWxu0oPh6iZ2 9MeqFSDHgKctvHG1ubOeCMEDHkMiFtzGLUXxxjKpEgWyqGdIH/GdOJHOqMs4b60KKejd7GX5gCnod y23GY6kvOnTCyiNa85QR8rwHazUjui7bb8TyLWGkh2Ecp3Xt0bFklqm4KlUZSrT/q/NbAKNQiSOq5 /rCdqVOR0xZIFu4j2tHPVD+KdEq4ks80JYvZ1nGvqPSRlHaLwrmJPBO/cgfjBi03gvmZnGvcEc3RL QEt05qSA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1t03nM-000000035BV-280I; Sun, 13 Oct 2024 18:58:24 +0000 Received: from mail-ej1-x631.google.com ([2a00:1450:4864:20::631]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1t03kc-000000034Xz-3ZFZ; Sun, 13 Oct 2024 18:55:36 +0000 Received: by mail-ej1-x631.google.com with SMTP id a640c23a62f3a-a9963e47b69so570259966b.1; Sun, 13 Oct 2024 11:55:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1728845733; x=1729450533; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=GbZ+4AfljpB6Mob7lVDrAx0dHSaVOpAjB7zGVS+eC1Y=; b=GL45tKWrxshfBGXbhw2tpDuMBz7JSJhHjPS5DnRvub0gCGblMfh1yR0QGGxqcYOkfv 0kUy0DcP4TgBd5yPjLWUrIJcITeH3EkE3bBYKw0OksqyqWjlWXWMGt8jdJyb8TLC9rOE 7lOiluXVo3h3lGp+cHt456DgX8gv+JR93jpUieHBVgkjiWYXOPxrszowNbi0Dp4F5GS/ 5VxF6VqRDeFM9R3ceTFwVmcu++sdHk1Xo0M9aiYXi88JGR34nioG0HKTWD4qUNW3IYhF HyGcj4vftH/h5/2c6oQQvkKd1YCJPlo3Zj2o+c4XOPlZcC0g3PY3z+CHL3/9Zt02BBMQ un8g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728845733; x=1729450533; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=GbZ+4AfljpB6Mob7lVDrAx0dHSaVOpAjB7zGVS+eC1Y=; b=o38zIR6wzDx9cVx19pqDoV1S3TscZXvlF5zxQEOUIKTbCDfS9Mq38/Z40EBcy9824V DJ2ZkTIlWCPZgX0dMaMlwrs+/aUAoZtKvcHXau+/8LAFwkeILfoAYMWvKdBqwiU0FHPB 4gWTaJFSrDid52D63+DIoB3qMHZ50o7wfrLEa/uNeG0LoAUVQ5nRp6RNufRO+zOcXZ+M qLO16uy10YFjJx09LdEBRc5h9F1Aknba30ayKSa2HpP4ccwxfTtgu411bvDsjO72QANf DLFjTmlDTQ9JFa26wsCT7ueLi1eXO03kcXZzphwUaEac5c6T4uduX6yFhzOWURiY4VHo dypQ== X-Forwarded-Encrypted: i=1; AJvYcCV/jl40jSQxoB4w4ypXjjepqhPKSXAjclJz3Kp8A2BukQayvq/m8er5Wh5XL7CiQQUD//jIewuAHkF+gCKfDjc=@lists.infradead.org, AJvYcCVNWGJb4qEfHx/8H8AM5bQsYlSw+qMEI27onMKVQ0NbHeO7dsb8Vmw9pUSZul+bHX+4wJOIhIKVQPEFQ2uuIjuk@lists.infradead.org X-Gm-Message-State: AOJu0YxkwN/4LnqMt+W+wnIV7Y09YBAj/pe6GX4aekqeRB5C7DXtut08 EpQUi8Oa1j1zvaC16VD/0pv4OqN2nCcWB4pftkDkXFG/qKo1ZqfJ X-Google-Smtp-Source: AGHT+IHBwmUQlNXjLHzouwP3A/HnrJ9ShbIZ6PYI3ty3qPemvkmnTevcw0/QiFnh3+dIcw+vQiViIw== X-Received: by 2002:a17:907:d1a:b0:a9a:72c:f36f with SMTP id a640c23a62f3a-a9a072cf878mr239291766b.50.1728845732725; Sun, 13 Oct 2024 11:55:32 -0700 (PDT) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-a9a12d384b9sm13500866b.172.2024.10.13.11.55.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 13 Oct 2024 11:55:32 -0700 (PDT) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Pablo Neira Ayuso , Jozsef Kadlecsik , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Jiri Pirko , Sebastian Andrzej Siewior , Lorenzo Bianconi , "Frank Wunderlich" , Daniel Golle , Eric Woudstra Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org Subject: [PATCH RFC v1 net-next 01/12] netfilter: nf_flow_table_offload: Add nf_flow_encap_push() for xmit direct Date: Sun, 13 Oct 2024 20:54:57 +0200 Message-ID: <20241013185509.4430-2-ericwouds@gmail.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20241013185509.4430-1-ericwouds@gmail.com> References: <20241013185509.4430-1-ericwouds@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20241013_115534_915539_C5AB6D02 X-CRM114-Status: GOOD ( 19.31 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Loosely based on wenxu's patches: "nf_flow_table_offload: offload the vlan/PPPoE encap in the flowtable". Fixed double vlan and pppoe packets, almost entirely rewriting the patch. After this patch, it is possible to transmit packets in the fastpath with outgoing encaps, without using vlan- and/or pppoe-devices. This makes it possible to use more different kinds of network setups. For example, when bridge tagging is used to egress vlan tagged packets using the forward fastpath. Another example is passing 802.1q tagged packets through a bridge using the bridge fastpath. This also makes the software fastpath process more similar to the hardware offloaded fastpath process, where encaps are also pushed. After applying this patch, always info->outdev = info->hw_outdev, so the netfilter code can be further cleaned up by removing: * hw_outdev from struct nft_forward_info * out.hw_ifindex from struct nf_flow_route * out.hw_ifidx from struct flow_offload_tuple Signed-off-by: Eric Woudstra --- net/netfilter/nf_flow_table_ip.c | 96 +++++++++++++++++++++++++++++++- net/netfilter/nft_flow_offload.c | 6 +- 2 files changed, 96 insertions(+), 6 deletions(-) diff --git a/net/netfilter/nf_flow_table_ip.c b/net/netfilter/nf_flow_table_ip.c index 98edcaa37b38..9221ddb6f07a 100644 --- a/net/netfilter/nf_flow_table_ip.c +++ b/net/netfilter/nf_flow_table_ip.c @@ -302,6 +302,92 @@ static bool nf_flow_skb_encap_protocol(struct sk_buff *skb, __be16 proto, return false; } +static inline int nf_flow_vlan_inner_push(struct sk_buff *skb, __be16 proto, u16 id) +{ + struct vlan_hdr *vhdr; + + if (skb_cow_head(skb, VLAN_HLEN)) + return -1; + + __skb_push(skb, VLAN_HLEN); + skb_reset_network_header(skb); + + vhdr = (struct vlan_hdr *)(skb->data); + vhdr->h_vlan_TCI = htons(id); + vhdr->h_vlan_encapsulated_proto = skb->protocol; + skb->protocol = proto; + + return 0; +} + +static inline int nf_flow_ppoe_push(struct sk_buff *skb, u16 id) +{ + struct ppp_hdr { + struct pppoe_hdr hdr; + __be16 proto; + } *ph; + int data_len = skb->len + 2; + __be16 proto; + + if (skb_cow_head(skb, PPPOE_SES_HLEN)) + return -1; + + if (skb->protocol == htons(ETH_P_IP)) + proto = htons(PPP_IP); + else if (skb->protocol == htons(ETH_P_IPV6)) + proto = htons(PPP_IPV6); + else + return -1; + + __skb_push(skb, PPPOE_SES_HLEN); + skb_reset_network_header(skb); + + ph = (struct ppp_hdr *)(skb->data); + ph->hdr.ver = 1; + ph->hdr.type = 1; + ph->hdr.code = 0; + ph->hdr.sid = htons(id); + ph->hdr.length = htons(data_len); + ph->proto = proto; + skb->protocol = htons(ETH_P_PPP_SES); + + return 0; +} + +static int nf_flow_encap_push(struct sk_buff *skb, + struct flow_offload_tuple_rhash *tuplehash, + unsigned short *type) +{ + int i = 0, ret = 0; + + if (!tuplehash->tuple.encap_num) + return 0; + + if (tuplehash->tuple.encap[i].proto == htons(ETH_P_8021Q) || + tuplehash->tuple.encap[i].proto == htons(ETH_P_8021AD)) { + __vlan_hwaccel_put_tag(skb, tuplehash->tuple.encap[i].proto, + tuplehash->tuple.encap[i].id); + i++; + if (i >= tuplehash->tuple.encap_num) + return 0; + } + + switch (tuplehash->tuple.encap[i].proto) { + case htons(ETH_P_8021Q): + *type = ETH_P_8021Q; + ret = nf_flow_vlan_inner_push(skb, + tuplehash->tuple.encap[i].proto, + tuplehash->tuple.encap[i].id); + break; + case htons(ETH_P_PPP_SES): + *type = ETH_P_PPP_SES; + ret = nf_flow_ppoe_push(skb, + tuplehash->tuple.encap[i].id); + break; + } + return ret; +} + static void nf_flow_encap_pop(struct sk_buff *skb, struct flow_offload_tuple_rhash *tuplehash) { @@ -331,6 +417,7 @@ static void nf_flow_encap_pop(struct sk_buff *skb, static unsigned int nf_flow_queue_xmit(struct net *net, struct sk_buff *skb, const struct flow_offload_tuple_rhash *tuplehash, + struct flow_offload_tuple_rhash *other_tuplehash, unsigned short type) { struct net_device *outdev; @@ -339,6 +426,9 @@ static unsigned int nf_flow_queue_xmit(struct net *net, struct sk_buff *skb, if (!outdev) return NF_DROP; + if (nf_flow_encap_push(skb, other_tuplehash, &type) < 0) + return NF_DROP; + skb->dev = outdev; dev_hard_header(skb, skb->dev, type, tuplehash->tuple.out.h_dest, tuplehash->tuple.out.h_source, skb->len); @@ -458,7 +548,8 @@ nf_flow_offload_ip_hook(void *priv, struct sk_buff *skb, ret = NF_STOLEN; break; case FLOW_OFFLOAD_XMIT_DIRECT: - ret = nf_flow_queue_xmit(state->net, skb, tuplehash, ETH_P_IP); + ret = nf_flow_queue_xmit(state->net, skb, tuplehash, + &flow->tuplehash[!dir], ETH_P_IP); if (ret == NF_DROP) flow_offload_teardown(flow); break; @@ -753,7 +844,8 @@ nf_flow_offload_ipv6_hook(void *priv, struct sk_buff *skb, ret = NF_STOLEN; break; case FLOW_OFFLOAD_XMIT_DIRECT: - ret = nf_flow_queue_xmit(state->net, skb, tuplehash, ETH_P_IPV6); + ret = nf_flow_queue_xmit(state->net, skb, tuplehash, + &flow->tuplehash[!dir], ETH_P_IPV6); if (ret == NF_DROP) flow_offload_teardown(flow); break; diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index e8f800788c4a..bb15aa55e6fb 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -124,13 +124,12 @@ static void nft_dev_path_info(const struct net_device_path_stack *stack, info->indev = NULL; break; } - if (!info->outdev) - info->outdev = path->dev; info->encap[info->num_encaps].id = path->encap.id; info->encap[info->num_encaps].proto = path->encap.proto; info->num_encaps++; if (path->type == DEV_PATH_PPPOE) memcpy(info->h_dest, path->encap.h_dest, ETH_ALEN); + info->xmit_type = FLOW_OFFLOAD_XMIT_DIRECT; break; case DEV_PATH_BRIDGE: if (is_zero_ether_addr(info->h_source)) @@ -158,8 +157,7 @@ static void nft_dev_path_info(const struct net_device_path_stack *stack, break; } } - if (!info->outdev) - info->outdev = info->indev; + info->outdev = info->indev; info->hw_outdev = info->indev; From patchwork Sun Oct 13 18:54:58 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13834029 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 98303CF2576 for ; Sun, 13 Oct 2024 18:59:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=pfUb9HJ+s1GLLmxcujXBQ1+8qs5ZhQwuVS6uJsoTo/c=; b=c3xxM6tnXXOXqE9dWDnwiQe2Cl +b9KiO9N6ewDIyfqM03xuDGfyWhsvqpYblM/lY57XJsNsvIPT0De0yvMHOPou14ms6kCwobUkEI+L hhsxnNTXPcdrbeFxedzgqo5lh7BkXvg1rj/eRA349VHRnVj/blKeY8dhFO82kqO63b/1TSgsKaEch DgegYBBJJzezt/tf2qwx62iNZ6LJ9cDoQH0DlKyWW4jXqaYW1W5m1X3Hvn9R/1T1mC+tdGMUbjaBr NyJRwOYVwidCNXOBfcSSutiFYe47V+zeRx9zTkPPhYwl1jpR9Zm2oLlb5iovhc6x7ve6zBotMcbhA fl5A03Jw==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1t03oh-000000035Un-1i37; Sun, 13 Oct 2024 18:59:47 +0000 Received: from mail-ej1-x62a.google.com ([2a00:1450:4864:20::62a]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1t03kd-000000034Y8-45vG; Sun, 13 Oct 2024 18:55:37 +0000 Received: by mail-ej1-x62a.google.com with SMTP id a640c23a62f3a-a994cd82a3bso529004166b.2; Sun, 13 Oct 2024 11:55:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1728845734; x=1729450534; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=pfUb9HJ+s1GLLmxcujXBQ1+8qs5ZhQwuVS6uJsoTo/c=; b=KIzX0WpKhF5fxODZyuF//67Sw+AB8xNI1E71a5KEx29oGQqwBxkZ8m91nwggj0Y2UP vGsrvdOe059ivc1feiHpr2mEOx/gsZxkmLQkfDu/MJLrqbAeT1aeCIUbiTZSn/qsF80m rJxy/tSrTi60kDIn7R3ZQZ/DmHmCqzn5ghMwX3AQkRC8v9rOqvsQwfhFr2wFMhbTZR8f lJsJKCgc3spMdren1Aj4Mg2D2EYvkGxEPmmvbvYF8YpojHpopmYvSHHZ23uxvJyIdvLq fcpZWY20cPYOAFgle2EJb9x6Lh9gnhDavp6RJoOfNXmbpeLS5WOz3++uTBJ/aa8PsMVe Besg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728845734; x=1729450534; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=pfUb9HJ+s1GLLmxcujXBQ1+8qs5ZhQwuVS6uJsoTo/c=; b=D68ucnzuKoQ82zndnzcEKIVvQZk6utdiMxrAi101wLUHhsjaY4qNfvzYypIEH4lSPT uoT2to1+1RmI/B66/1rHH5OlowKd1ybV3l2M50r9wJTLsNiP7nc9qItfkrwHxKlBsiQA FhKOjtD8C/9FYMx8w+hmtfsjSh1YlFMkDDGZsDv2J4yFBCwgvcQygNcC/lGjmHehf8tp c7jC+6lGN1jLFkAn/3oTlG1krqVDZgCQnIYtCCW5Qi5Jam2TiwXMGe1nw/Ml3bDHL33j DBTYY7EReJeww8OsPOWdZ+R8zYhSKWEDR3Xsj6IKwg+ixJSzDUtLu99PAt7aPHAyrk+D MNBQ== X-Forwarded-Encrypted: i=1; AJvYcCUMiVBDZAVhRxTUA8Aq1hDr0GlLgunYW4rj8/7olBW7WmPak287M8s340YZ3pY8a7TniArJRZpZPsjeQ9qBW6DS@lists.infradead.org, AJvYcCWAzfZi9pLEnk0itIfP0wRlsG0CIziS3u2vLUX1GWCBFYX/48r9zq0QytFKCEj69MrZzuxuMiVINPSh2OuU2Y8=@lists.infradead.org X-Gm-Message-State: AOJu0YxHIsQGV/k4N6fJAXNA45bQCHr2xTxYuOayZusahnvO/PEUQ1Aq soNbX5pqxJeCF5gm0CXxeq/bhD2laZuaNKuaiwMxtF7t+P9x/YHW X-Google-Smtp-Source: AGHT+IH+8DzpaIYRj4WDn5wY606h6B8yn6VPFaENvcSZa4TDlxRT2Jmn8BI4I5TivbHspBA60sKu/Q== X-Received: by 2002:a17:907:6d14:b0:a8d:5472:b591 with SMTP id a640c23a62f3a-a99b93a86b0mr765431566b.5.1728845734027; Sun, 13 Oct 2024 11:55:34 -0700 (PDT) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-a9a12d384b9sm13500866b.172.2024.10.13.11.55.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 13 Oct 2024 11:55:33 -0700 (PDT) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Pablo Neira Ayuso , Jozsef Kadlecsik , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Jiri Pirko , Sebastian Andrzej Siewior , Lorenzo Bianconi , "Frank Wunderlich" , Daniel Golle , Eric Woudstra Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org Subject: [PATCH RFC v1 net-next 02/12] netfilter: bridge: Add conntrack double vlan and pppoe Date: Sun, 13 Oct 2024 20:54:58 +0200 Message-ID: <20241013185509.4430-3-ericwouds@gmail.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20241013185509.4430-1-ericwouds@gmail.com> References: <20241013185509.4430-1-ericwouds@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20241013_115536_036022_200E12D0 X-CRM114-Status: GOOD ( 13.47 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org This adds the capability to conntrack 802.1ad, QinQ, PPPoE and PPPoE-in-Q packets that are passing a bridge. Signed-off-by: Eric Woudstra Signed-off-by: Vladimir Oltean --- net/bridge/netfilter/nf_conntrack_bridge.c | 86 ++++++++++++++++++---- 1 file changed, 73 insertions(+), 13 deletions(-) diff --git a/net/bridge/netfilter/nf_conntrack_bridge.c b/net/bridge/netfilter/nf_conntrack_bridge.c index 816bb0fde718..fb2f79396aa0 100644 --- a/net/bridge/netfilter/nf_conntrack_bridge.c +++ b/net/bridge/netfilter/nf_conntrack_bridge.c @@ -241,56 +241,116 @@ static unsigned int nf_ct_bridge_pre(void *priv, struct sk_buff *skb, const struct nf_hook_state *state) { struct nf_hook_state bridge_state = *state; + __be16 outer_proto, inner_proto; enum ip_conntrack_info ctinfo; + int ret, offset = 0; struct nf_conn *ct; - u32 len; - int ret; + u32 len, data_len; ct = nf_ct_get(skb, &ctinfo); if ((ct && !nf_ct_is_template(ct)) || ctinfo == IP_CT_UNTRACKED) return NF_ACCEPT; + switch (skb->protocol) { + case htons(ETH_P_PPP_SES): + struct ppp_hdr { + struct pppoe_hdr hdr; + __be16 proto; + } *ph = (struct ppp_hdr *)(skb->data); + + data_len = ntohs(ph->hdr.length) - 2; + offset = PPPOE_SES_HLEN; + outer_proto = skb->protocol; + switch (ph->proto) { + case htons(PPP_IP): + inner_proto = htons(ETH_P_IP); + break; + case htons(PPP_IPV6): + inner_proto = htons(ETH_P_IPV6); + break; + default: + return NF_ACCEPT; + } + break; + case htons(ETH_P_8021Q): + struct vlan_hdr *vhdr = (struct vlan_hdr *)(skb->data); + + data_len = 0xffffffff; + offset = VLAN_HLEN; + outer_proto = skb->protocol; + inner_proto = vhdr->h_vlan_encapsulated_proto; + break; + default: + data_len = 0xffffffff; + break; + } + + if (offset) { + switch (inner_proto) { + case htons(ETH_P_IP): + case htons(ETH_P_IPV6): + if (!pskb_may_pull(skb, offset)) + return NF_ACCEPT; + skb_pull_rcsum(skb, offset); + skb_reset_network_header(skb); + skb->protocol = inner_proto; + break; + default: + return NF_ACCEPT; + } + } + + ret = NF_ACCEPT; switch (skb->protocol) { case htons(ETH_P_IP): if (!pskb_may_pull(skb, sizeof(struct iphdr))) - return NF_ACCEPT; + goto do_not_track; len = skb_ip_totlen(skb); + if (data_len < len) + len = data_len; if (pskb_trim_rcsum(skb, len)) - return NF_ACCEPT; + goto do_not_track; if (nf_ct_br_ip_check(skb)) - return NF_ACCEPT; + goto do_not_track; bridge_state.pf = NFPROTO_IPV4; ret = nf_ct_br_defrag4(skb, &bridge_state); break; case htons(ETH_P_IPV6): if (!pskb_may_pull(skb, sizeof(struct ipv6hdr))) - return NF_ACCEPT; + goto do_not_track; len = sizeof(struct ipv6hdr) + ntohs(ipv6_hdr(skb)->payload_len); + if (data_len < len) + len = data_len; if (pskb_trim_rcsum(skb, len)) - return NF_ACCEPT; + goto do_not_track; if (nf_ct_br_ipv6_check(skb)) - return NF_ACCEPT; + goto do_not_track; bridge_state.pf = NFPROTO_IPV6; ret = nf_ct_br_defrag6(skb, &bridge_state); break; default: nf_ct_set(skb, NULL, IP_CT_UNTRACKED); - return NF_ACCEPT; + goto do_not_track; } - if (ret != NF_ACCEPT) - return ret; + if (ret == NF_ACCEPT) + ret = nf_conntrack_in(skb, &bridge_state); - return nf_conntrack_in(skb, &bridge_state); +do_not_track: + if (offset) { + skb_push_rcsum(skb, offset); + skb_reset_network_header(skb); + skb->protocol = outer_proto; + } + return ret; } - static unsigned int nf_ct_bridge_in(void *priv, struct sk_buff *skb, const struct nf_hook_state *state) { From patchwork Sun Oct 13 18:54:59 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13834030 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 956D3CF2576 for ; Sun, 13 Oct 2024 19:01:23 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=Qi0AlNa47OjnLX+zdNkH8pnYspHiUC9rPn7VlkLtCao=; b=2V/Qem14iskPWlbHOFrpovkMpT JDldbyeFponNPSCCUsiAXaDs6g8m9Z6OsHBxH8c5hJsnYVJ883idOHhaiEUaM/dgSj55nMf01m+US ukl3kFVkZON/IF+3NNGoziwTienZQ9gLDOQqaSmsOWyvjQBBts8XLvipNshBrlSZGI1YTU4KUugIQ 0jCjQR0BFLZzuIhXbRt4o8ZZYL2iRmyoBBQUQkykG2YQh1OvtkAC5fU9OVbp9vj1GorP3r9EviJI/ JXeF+uK82T4hMI1SUlGdc5R2Tyb4BPjG65I4MJFANPBNz8rNAsWbtnB6nB4genqiE2u2oXgTFnSGS 3tTXoP3Q==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1t03q4-000000035kk-1D6w; Sun, 13 Oct 2024 19:01:12 +0000 Received: from mail-ej1-x62c.google.com ([2a00:1450:4864:20::62c]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1t03kf-000000034Yc-2Ixz; Sun, 13 Oct 2024 18:55:39 +0000 Received: by mail-ej1-x62c.google.com with SMTP id a640c23a62f3a-a99d1b7b5f5so240947466b.0; Sun, 13 Oct 2024 11:55:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1728845736; x=1729450536; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Qi0AlNa47OjnLX+zdNkH8pnYspHiUC9rPn7VlkLtCao=; b=BGKZHjBVFYINb203U1CSV6H3jsQUQ+Y4cmR2x153TGNO/mbDdtuL+4uZiKPPFIZIn/ m/lEmly5CBhqm1gARd8r+g1+1uBfaBHCwGEe/tHfHLmzDWtjP4SLS+jLUkhP4Cjj+hkb XzQxf+2fWia6ntXbtIAXfi5QXjO8VQYhokkwgLVGmbher81RifhL0GBRNG9COQ0GO1aZ nge27BfuaYFxm8wfmwy3JSEI1uA5oylUkLx3gbjzVGKfGjWbF13Z9RS8C/axKzkH+MEI JTKPin3qUIY90acEy4KJ/ps3/BEJLiXfCzppOZvRK5ltAxDLJNO5KYuIBmGXndi/jqpg wDjQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728845736; x=1729450536; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Qi0AlNa47OjnLX+zdNkH8pnYspHiUC9rPn7VlkLtCao=; b=TomJ8s0DFsLlE7Bzp7tV278GOKznq5AENwZsL9Mk45iCPQl3UrfBWEULOzmXBcieuk MnEU9w1AlOM4FSF2tFbtDeMs46VQeL6xdQsjmDAj28NmtB9ELdNItkHBP3SEDhh+d0uS PrucziC7lQhgqIBSsQ94y4BG3a4L8IrZfalZM578Vb8O5rHi3Gb1xZBBdrfcmc6kEjuY xnMWelHQlZtTkkqv6/bzJoIu4MNd/Pzrcz4b41zktjYrKU/vR72/PnIE2N7PgpizICOT JGQUw3S7VRx0dkj28Mr4Ne9cb2pCaBLfgtB23/hQZLg/hEfgUyq0jqfVvP586o5ooqOo 1bHA== X-Forwarded-Encrypted: i=1; AJvYcCVXi11wYluS84IU30Bm3HYAPj2iC3AL/utnln3d8CAArIHVO9m+LAYWBpLOfIxt9n3um4C34RJzUeKXFINy6iA=@lists.infradead.org, AJvYcCX90PyUWR6eTLvqU9njlPM21NYxpMjl+9hGQO0Wbug1BYf9ckf0tNumeOz8vVUqH3d2lnrUgGvATeGQDqeYmHES@lists.infradead.org X-Gm-Message-State: AOJu0YzUO0uZHdZc0fcePiVhK93a8QHYBtsHSrIgA7rL2CZHR1MI4JOI Fyh/XY9sdZZzJWv0aTM+wuiXDJB7CcvY/68Ie24hsXqnNSuh8miJ X-Google-Smtp-Source: AGHT+IHVDWLkh2asCKPkqAFL6v1zfW7f+2znEwYnsBE2sJ/tzUwV2TxOCxBYdSzOWLcdLwlQKhvF3w== X-Received: by 2002:a17:907:2da4:b0:a99:ffb5:1db6 with SMTP id a640c23a62f3a-a99ffb55507mr289530366b.24.1728845735564; Sun, 13 Oct 2024 11:55:35 -0700 (PDT) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-a9a12d384b9sm13500866b.172.2024.10.13.11.55.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 13 Oct 2024 11:55:35 -0700 (PDT) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Pablo Neira Ayuso , Jozsef Kadlecsik , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Jiri Pirko , Sebastian Andrzej Siewior , Lorenzo Bianconi , "Frank Wunderlich" , Daniel Golle , Eric Woudstra Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org Subject: [PATCH RFC v1 net-next 03/12] netfilter: nft_chain_filter: Add bridge double vlan and pppoe Date: Sun, 13 Oct 2024 20:54:59 +0200 Message-ID: <20241013185509.4430-4-ericwouds@gmail.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20241013185509.4430-1-ericwouds@gmail.com> References: <20241013185509.4430-1-ericwouds@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20241013_115537_616820_573C87A7 X-CRM114-Status: GOOD ( 11.64 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org This adds the capability to evaluate 802.1ad, QinQ, PPPoE and PPPoE-in-Q packets in the bridge filter chain. Signed-off-by: Eric Woudstra --- net/netfilter/nft_chain_filter.c | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/net/netfilter/nft_chain_filter.c b/net/netfilter/nft_chain_filter.c index 7010541fcca6..91aa3fa43d31 100644 --- a/net/netfilter/nft_chain_filter.c +++ b/net/netfilter/nft_chain_filter.c @@ -232,11 +232,27 @@ nft_do_chain_bridge(void *priv, struct sk_buff *skb, const struct nf_hook_state *state) { + struct ethhdr *ethh = eth_hdr(skb); struct nft_pktinfo pkt; + int thoff; nft_set_pktinfo(&pkt, skb, state); - switch (eth_hdr(skb)->h_proto) { + switch (ethh->h_proto) { + case htons(ETH_P_PPP_SES): + thoff = PPPOE_SES_HLEN; + ethh += thoff; + break; + case htons(ETH_P_8021Q): + thoff = VLAN_HLEN; + ethh += thoff; + break; + default: + thoff = 0; + break; + } + + switch (ethh->h_proto) { case htons(ETH_P_IP): nft_set_pktinfo_ipv4_validate(&pkt); break; @@ -248,6 +264,8 @@ nft_do_chain_bridge(void *priv, break; } + pkt.thoff += thoff; + return nft_do_chain(&pkt, priv); } From patchwork Sun Oct 13 18:55:00 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13834031 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 7145DCF2579 for ; Sun, 13 Oct 2024 19:02:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=RADunMSsDBQJOkeIT+sKpwp5kwpbWqG3OFvDFge3gsI=; b=clTROYOJZkBk8/PKE55Gjj0HYz J+ZlJYW1S6f15aLXQBysTGtIzlzYE65eaFsY/Q/WGX9F4hff+iN1f780wg4C+YL8fuAnfvl8glyik atDDK6kEEMxBoECPeTvVffqon9bBeePhVxyRqB8QibkNVYoIDvlQPZfx8usK3cfq1/T54s2gQkgr0 0rEsovsiWQHl1Y7HuDUnZj51XhNVO7KFpwQA96lQ5+xhP3DTWHYk6P6dzpUpwsyOaTxxX8bggM0UB tQrot7Yxc+N4ZNgYPvcUet1WIpdtRBTj+Aq/hkKdOZhPJ54ecVtCoC2XXs2t4C6IUF9znlB18BwIR bv3zQthw==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1t03rO-000000035tB-3wC6; Sun, 13 Oct 2024 19:02:34 +0000 Received: from mail-ej1-x62e.google.com ([2a00:1450:4864:20::62e]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1t03kg-000000034Z0-48Ag; Sun, 13 Oct 2024 18:55:40 +0000 Received: by mail-ej1-x62e.google.com with SMTP id a640c23a62f3a-a9a0ef5179dso34925066b.1; Sun, 13 Oct 2024 11:55:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1728845737; x=1729450537; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=RADunMSsDBQJOkeIT+sKpwp5kwpbWqG3OFvDFge3gsI=; b=hn2F0GWvS7ysfbht/Bwe/Qt6hQc5Gbl6QWW7yD030vF0wzA+2LmSwZAcKiKBepEfYN Z1ktXMKoq0S3vqvHnHzCKWHW2fDgE1QZ56VFr+Fm0ByfmWWKToBTH/GFVyNEteJSts9p 5m8BjVh/XusWuPTigeJ4R6GsefPZl3OEq7b02xwoxLGZ5ZTlyifdauQa2I8AOMpWDMI4 0RCyCxNIARrEHtPtLHqJTt1O7h+zrIwSR1dcSHdQfojOMOSpZK0S6k+sqQTfWqHUPHIa Apt5PyKQ01s38I/AIs0Sl/Y2ft436xkbkj/Wu10wE4dWOaV4N3l0LWVs3gngv+xfd4h0 ahrg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728845737; x=1729450537; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=RADunMSsDBQJOkeIT+sKpwp5kwpbWqG3OFvDFge3gsI=; b=ACuwbolk5OknU9lxxQr2zbthE29N5FjV9oomckYUKZwbEHIO7+0HVoxncsvQ9fVvFZ K4jXIWhE4CPZ03BhRFs/LuWF/zqaWhGQeeGzAmPXcOpnDDRWmXTxmW/VXhGZIabOpAGl pnxugmw6bciUcjNfIf5eBrzCqMmjxlkHrSTtupfRVu7jU5kRWmxDQbilro/I4o+Y4Coc RZCbhj6zYyDvnZ5aqrGCpUYUeRtOlzW04OWsoPt6PuvDejjVnj5KYPmczAHT4PRUuGv/ /WsxzeuIksc38riq1O+v6GV4Tt8dNfEK1sU/oFKGi+rGNVS6twzACNFro2+8/piJYRWv +jBw== X-Forwarded-Encrypted: i=1; AJvYcCUKGwTH5Oi3zIbjaGRMqvefhDPYlvxp2m7m7D6lNFa8t1/U7NtZvNBW3kgUFxdY1ZUtQ62qrG4ulIHsSbVhlzfb@lists.infradead.org, AJvYcCVCZeznyjSWw2xWkcENQj81roBBb8GkXgK4IUOCwv6kecVd3WDVR+Rw+BmwWc1+3+yhZrO17hT73+jqv7+yHPE=@lists.infradead.org X-Gm-Message-State: AOJu0YxsBtD0mf63/z7dzNozUbIPmGj7FXDGIxk3jk5/FqNkwvij2Gnv jJucBkkjEtabBYA1gqX2A9+WSxti3poZrBd4QvtXrmsG0ZbxCKUh X-Google-Smtp-Source: AGHT+IEWUZNp7HCnVh3j+0U2jm4O/rsy5kDbUxyRD+CLZEqkudsSqyQJlj+0O92gLyoS4IpxQ9txiQ== X-Received: by 2002:a17:906:c14c:b0:a99:4ba9:c965 with SMTP id a640c23a62f3a-a99b9585b7amr898083266b.44.1728845736991; Sun, 13 Oct 2024 11:55:36 -0700 (PDT) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-a9a12d384b9sm13500866b.172.2024.10.13.11.55.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 13 Oct 2024 11:55:36 -0700 (PDT) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Pablo Neira Ayuso , Jozsef Kadlecsik , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Jiri Pirko , Sebastian Andrzej Siewior , Lorenzo Bianconi , "Frank Wunderlich" , Daniel Golle , Eric Woudstra Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org Subject: [PATCH RFC v1 net-next 04/12] bridge: br_vlan_fill_forward_path_pvid: Add port to port Date: Sun, 13 Oct 2024 20:55:00 +0200 Message-ID: <20241013185509.4430-5-ericwouds@gmail.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20241013185509.4430-1-ericwouds@gmail.com> References: <20241013185509.4430-1-ericwouds@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20241013_115539_076091_1C54C144 X-CRM114-Status: GOOD ( 12.66 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Lookup vlan group from bridge port, if it is passed as argument. Signed-off-by: Eric Woudstra --- net/bridge/br_private.h | 1 + net/bridge/br_vlan.c | 6 +++++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/net/bridge/br_private.h b/net/bridge/br_private.h index d4bedc87b1d8..8da7798f9368 100644 --- a/net/bridge/br_private.h +++ b/net/bridge/br_private.h @@ -1581,6 +1581,7 @@ bool br_vlan_can_enter_range(const struct net_bridge_vlan *v_curr, const struct net_bridge_vlan *range_end); void br_vlan_fill_forward_path_pvid(struct net_bridge *br, + struct net_bridge_port *p, struct net_device_path_ctx *ctx, struct net_device_path *path); int br_vlan_fill_forward_path_mode(struct net_bridge *br, diff --git a/net/bridge/br_vlan.c b/net/bridge/br_vlan.c index 9c2fffb827ab..1830d7d617cd 100644 --- a/net/bridge/br_vlan.c +++ b/net/bridge/br_vlan.c @@ -1441,6 +1441,7 @@ int br_vlan_get_pvid_rcu(const struct net_device *dev, u16 *p_pvid) EXPORT_SYMBOL_GPL(br_vlan_get_pvid_rcu); void br_vlan_fill_forward_path_pvid(struct net_bridge *br, + struct net_bridge_port *p, struct net_device_path_ctx *ctx, struct net_device_path *path) { @@ -1453,7 +1454,10 @@ void br_vlan_fill_forward_path_pvid(struct net_bridge *br, if (!br_opt_get(br, BROPT_VLAN_ENABLED)) return; - vg = br_vlan_group(br); + if (p) + vg = nbp_vlan_group(p); + else + vg = br_vlan_group(br); if (idx >= 0 && ctx->vlan[idx].proto == br->vlan_proto) { From patchwork Sun Oct 13 18:55:01 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13834032 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id BB79DCF2579 for ; Sun, 13 Oct 2024 19:04:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=OLdtf9AkfZZtftPmO+QTmZhKFxRRSQewBGWvAuWXxX0=; b=4RxHKJ4NCITO9g7DdceWU9B7Nj 9TAWrn695xpZ9OkRycfnAw9yyFoPDi8oMuU5ZczujhxSv3U51I4ZHT908WqNFM+4/IXb1A27t1Zx0 YC0huuPZe8vhTBb/JZyZ99eVLkNjXkHuISjAq/0gHAIjrCIRW2gmJE6rg8URnxq8QIBmLDUD2xbTE ugqqZTRB2JDxrsunRV1zNTKeKKAubway9CmqfKVvy78kXl91lkf8V+wE6TMq5ioIfeQKGP62JZjH9 ZpzMQXy0EnzXqZ1XInnO8JEyeFJCnq8j4J7rppenOL8F/MlBWgfWuUbcOwv37BmDtL8WQaw2Iy90N 7F1vfOmA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1t03sm-0000000362I-2Tvb; Sun, 13 Oct 2024 19:04:00 +0000 Received: from mail-ej1-x633.google.com ([2a00:1450:4864:20::633]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1t03kj-000000034ZY-1NrV; Sun, 13 Oct 2024 18:55:42 +0000 Received: by mail-ej1-x633.google.com with SMTP id a640c23a62f3a-a99ea294480so159782966b.2; Sun, 13 Oct 2024 11:55:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1728845739; x=1729450539; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=OLdtf9AkfZZtftPmO+QTmZhKFxRRSQewBGWvAuWXxX0=; b=b0ao2SQPI6t/KSVRWJyPFnIqPSBYJfGPXewn9/gU+Wi7OPEEujdSX2ISx7ggjXG6V5 za5kLg4GBcVBh0mvVKZusDGNluDgMP6ohxG6poBvZpiGuIUPiKyFt8gGUM+Gl0EzKcdk hQYg9DMqcSj+NwSN9+aObNKU2XMG/cBU2ETWAsxhogbdF/GEloCETwv7z9q91+kYSYDL YpyZ0ask+1bpo6wvaJAsyWA9HbCDx4ROURD+i1XKCryFSYbzu1VgTqpHVPN3U6MU6Dnr 0A7w/6eNVtKVdfduHrJkYr+tBUrafOVCmavqqpozGSdYdfJ17ELOYUd1hccRLQbwB/I5 rq5g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728845739; x=1729450539; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=OLdtf9AkfZZtftPmO+QTmZhKFxRRSQewBGWvAuWXxX0=; b=TP/hmoFVBxlIey3RnG1xDjqXdCIK7sQ3K78iafkS3jKYunTiiJ/xOREyp3uIsWZebG wFLXD+6EaFNsE+LT8BT2KbLDdZNTayC85rL0pgf/kr++dHLY+WbsaA84FKnRpL+4lQxu R8Go4X06zv1HtIOqHY5nBmrNGk2+IYnFEIijGyky8xYIyH5FV8xqFQ3/GuBPeer9VFBe vZNoJnCcIg9t4lN2un2SSfwJ0nT4FRGYUH06oDcwD6bkhyR2CiUrvLYEm2A+qwK+SZ0A sDZ1xkn+QxfAxjUNdi+jFA6+sMZPTd+ZEzSySGGrbhrMDHXrUWGtM848PjnRVX1hluEf Cw/A== X-Forwarded-Encrypted: i=1; AJvYcCU7BgV1vBy+Fo4pz4Pf63QRv4jiJs6SsiniPUQqk/+wUgbKlH4+hr0leZSmXLjSnpA9JaFaPdtOr0wJ9szqBjo=@lists.infradead.org, AJvYcCWGv1ryJNqjTSjEvlJrcCiyIWO2sUAW4ILsoMMhwKz1RvQDrk7qhaVegHV1vxgtX0SW7s4vT8UrZUMy5U38iIre@lists.infradead.org X-Gm-Message-State: AOJu0YzcYTG/XYTWO+z01b/KOUO2Qxm/BiXW/eYyHyL6TzrqNvLOuhuU goQ7pjmGQNBANAGxkjlkBGBDZvq6ks7mzq+8dT2y9wCPTrA1BISP X-Google-Smtp-Source: AGHT+IFGmTnwONoCtYAAkw85QCQZ49i2r3KEyVZKqIg/rOT96DkANV9Cgr1YZGISZ8fGwYKHbFWZBA== X-Received: by 2002:a05:6402:51cd:b0:5c9:492c:f7fa with SMTP id 4fb4d7f45d1cf-5c95ac09939mr9913132a12.1.1728845739130; Sun, 13 Oct 2024 11:55:39 -0700 (PDT) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-a9a12d384b9sm13500866b.172.2024.10.13.11.55.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 13 Oct 2024 11:55:37 -0700 (PDT) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Pablo Neira Ayuso , Jozsef Kadlecsik , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Jiri Pirko , Sebastian Andrzej Siewior , Lorenzo Bianconi , "Frank Wunderlich" , Daniel Golle , Eric Woudstra Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org Subject: [PATCH RFC v1 net-next 05/12] bridge: br_fill_forward_path add port to port Date: Sun, 13 Oct 2024 20:55:01 +0200 Message-ID: <20241013185509.4430-6-ericwouds@gmail.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20241013185509.4430-1-ericwouds@gmail.com> References: <20241013185509.4430-1-ericwouds@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20241013_115541_388207_CC5FCAF8 X-CRM114-Status: GOOD ( 12.72 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org If handed a bridge port, use the bridge master to fill the forward path. Signed-off-by: Eric Woudstra --- net/bridge/br_device.c | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/net/bridge/br_device.c b/net/bridge/br_device.c index 26b79feb385d..e242e091b4a6 100644 --- a/net/bridge/br_device.c +++ b/net/bridge/br_device.c @@ -384,15 +384,25 @@ static int br_fill_forward_path(struct net_device_path_ctx *ctx, struct net_device_path *path) { struct net_bridge_fdb_entry *f; - struct net_bridge_port *dst; + struct net_bridge_port *src, *dst; + struct net_device *br_dev; struct net_bridge *br; - if (netif_is_bridge_port(ctx->dev)) - return -1; + if (netif_is_bridge_port(ctx->dev)) { + br_dev = netdev_master_upper_dev_get_rcu((struct net_device *)ctx->dev); + if (!br_dev) + return -1; + + br = netdev_priv(br_dev); - br = netdev_priv(ctx->dev); + src = br_port_get_rcu(ctx->dev); - br_vlan_fill_forward_path_pvid(br, ctx, path); + br_vlan_fill_forward_path_pvid(br, src, ctx, path); + } else { + br = netdev_priv(ctx->dev); + + br_vlan_fill_forward_path_pvid(br, NULL, ctx, path); + } f = br_fdb_find_rcu(br, ctx->daddr, path->bridge.vlan_id); if (!f) From patchwork Sun Oct 13 18:55:02 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13834033 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 6BCBACF2576 for ; Sun, 13 Oct 2024 19:05:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=4/jTDX+7O0s0C1nzOWVEkFl+nOrYzHK0gi2J/aQ3w10=; b=y+xI+qvtuIykhzAAzAiODEKSua B8wz1pmIOrIKM8JXANKQZORwdvB+1GvwGjI9DcYe2ovaxYXJtufCuUp2cnNauZ44SOUUoEOB9tBKl HWHXQtdAwzHAeJ2yus19W5QbV61e6I7EkdFZnOwpRWyGsPfAR+gchAgJVqBVMvdQos2TDrVEOjHWH L4GOKniNFqf/POT3X4SMAr2NrZUoRi08cnpGzdvQqZOe/YfftbTK+E8dWgAXfl1BvLoFUSMFGm59B ZrtzLhD8oH7RpEJZ/jxAih4cQQbkrlol0QHZqdk3sNJK37bZ7KccaDIjsrF9C11gDhwmaY3VaeV6v FP9gYZKg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1t03u7-00000003695-1kPW; Sun, 13 Oct 2024 19:05:23 +0000 Received: from mail-ej1-x630.google.com ([2a00:1450:4864:20::630]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1t03kk-000000034Zj-1Uaz; Sun, 13 Oct 2024 18:55:44 +0000 Received: by mail-ej1-x630.google.com with SMTP id a640c23a62f3a-a9944c4d5d4so524625166b.0; Sun, 13 Oct 2024 11:55:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1728845740; x=1729450540; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=4/jTDX+7O0s0C1nzOWVEkFl+nOrYzHK0gi2J/aQ3w10=; b=NHpuVOD0SodI+JzDziOxaDohwF8AlGMMnuKzdAF4KDMyEJQpyrUfC7Fu+BY1P0448g 2f3bmw6ulyLHAOB2M1P5h4k9jYmUgs6LVKTq1xNVoWyeKNemyGesCQYPa7hDej27wWwP aV1nHlfpcLGGnJ/X3NOtCEl0eTiKrsbsTTa0VECfMG5rjc1jZpK3VolCaEco8X/HchNe KwK8iHD5faHErL0x1pMctVlJDIIsFe0Rd2Cro7FU3PuqS423m1ernt0SrSyvcyAqL5ps xTV5knyI0iiPQmqUFH98miObPFbfHv+OjdhuGEAcW0F9Ox0lRuBMoP6i+Fur37jrCQHb 7Geg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728845740; x=1729450540; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=4/jTDX+7O0s0C1nzOWVEkFl+nOrYzHK0gi2J/aQ3w10=; b=Cz/hDZ8fH5qcvSj05T6jDFDSocgYnu73qG2nAjW+DXxUK+KtpdK8GW8ZzQ7ZQbWeFe lj21TQplhLEgxGHUaDIJOwVgL80DKlZbFTOfu7wLHdo0SQgCiK3E/7gLRhfU72dn+xtr 7gI/eM//QVV1h/kLbGeKMUv31uUsCO6T3P5K/O4BEO8qPexTNvJkp4paIoBfjJOMtOfj h86t1cFnw9y+2ulHaVa6wiSBKnKQKMy5MJFFyKFrsko0ACs1SFXPxQq6D6cZoGfxAwzs USeUKed0h0mDtvIDwlqV5JFJMIiSrTWeOx1FVMo+3E5w3rWbWGRTdwayvA+MXf3s5+bZ +Nqw== X-Forwarded-Encrypted: i=1; AJvYcCU76zVr5pclwABwSxGODK5Uc+kNwztQrk4GWQNtY3oLx+maS9kpoA/H48p4nXUSspPAAx2MVNoFMkykqMQrRYc=@lists.infradead.org, AJvYcCUwgQyfZd3Jpk1SUW7oFVfoYzsTtARfNplYFqUtPp7VOK/wtBeoGqnuG68gGlVcaEGimXixjeRFZsa75Ehsm6AK@lists.infradead.org X-Gm-Message-State: AOJu0Yx94n4XcDbz0iz2XDQBxysEBsAo9GIFlMYzdXZWzfFtDVkGC7K4 cWmgn703FuEXQewHsufo58HLbVR9XcqB0ECzGynp8gRGEg9Df/ot X-Google-Smtp-Source: AGHT+IF5ckEcH2Maqlc37cAezXjDdy5PfJSuqGGD7BCfFPOKEOulLZNTMAaU6eD/aTsuVoJCroKnXA== X-Received: by 2002:a17:907:7b9e:b0:a9a:11cf:2a73 with SMTP id a640c23a62f3a-a9a11cf3a9fmr36014066b.64.1728845740471; Sun, 13 Oct 2024 11:55:40 -0700 (PDT) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-a9a12d384b9sm13500866b.172.2024.10.13.11.55.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 13 Oct 2024 11:55:39 -0700 (PDT) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Pablo Neira Ayuso , Jozsef Kadlecsik , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Jiri Pirko , Sebastian Andrzej Siewior , Lorenzo Bianconi , "Frank Wunderlich" , Daniel Golle , Eric Woudstra Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org Subject: [PATCH RFC v1 net-next 06/12] net: core: dev: Add dev_fill_bridge_path() Date: Sun, 13 Oct 2024 20:55:02 +0200 Message-ID: <20241013185509.4430-7-ericwouds@gmail.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20241013185509.4430-1-ericwouds@gmail.com> References: <20241013185509.4430-1-ericwouds@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20241013_115542_415492_89049988 X-CRM114-Status: GOOD ( 16.93 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org New function dev_fill_bridge_path(), similar to dev_fill_forward_path(). It handles starting from a bridge port instead of the bridge master. The structures ctx and nft_forward_info need to be already filled in with the (vlan) encaps. Signed-off-by: Eric Woudstra --- include/linux/netdevice.h | 2 + net/core/dev.c | 77 ++++++++++++++++++++++++++++++++------- 2 files changed, 66 insertions(+), 13 deletions(-) diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h index e87b5e488325..9d80f650345e 100644 --- a/include/linux/netdevice.h +++ b/include/linux/netdevice.h @@ -3069,6 +3069,8 @@ void dev_remove_offload(struct packet_offload *po); int dev_get_iflink(const struct net_device *dev); int dev_fill_metadata_dst(struct net_device *dev, struct sk_buff *skb); +int dev_fill_bridge_path(struct net_device_path_ctx *ctx, + struct net_device_path_stack *stack); int dev_fill_forward_path(const struct net_device *dev, const u8 *daddr, struct net_device_path_stack *stack); struct net_device *__dev_get_by_flags(struct net *net, unsigned short flags, diff --git a/net/core/dev.c b/net/core/dev.c index cd479f5f22f6..49959c4904fc 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -713,44 +713,95 @@ static struct net_device_path *dev_fwd_path(struct net_device_path_stack *stack) return &stack->path[k]; } -int dev_fill_forward_path(const struct net_device *dev, const u8 *daddr, - struct net_device_path_stack *stack) +static int dev_fill_forward_path_common(struct net_device_path_ctx *ctx, + struct net_device_path_stack *stack) { const struct net_device *last_dev; - struct net_device_path_ctx ctx = { - .dev = dev, - }; struct net_device_path *path; int ret = 0; - memcpy(ctx.daddr, daddr, sizeof(ctx.daddr)); - stack->num_paths = 0; - while (ctx.dev && ctx.dev->netdev_ops->ndo_fill_forward_path) { - last_dev = ctx.dev; + while (ctx->dev && ctx->dev->netdev_ops->ndo_fill_forward_path) { + last_dev = ctx->dev; path = dev_fwd_path(stack); if (!path) return -1; memset(path, 0, sizeof(struct net_device_path)); - ret = ctx.dev->netdev_ops->ndo_fill_forward_path(&ctx, path); + ret = ctx->dev->netdev_ops->ndo_fill_forward_path(ctx, path); if (ret < 0) return -1; - if (WARN_ON_ONCE(last_dev == ctx.dev)) + if (WARN_ON_ONCE(last_dev == ctx->dev)) return -1; } - if (!ctx.dev) + if (!ctx->dev) return ret; path = dev_fwd_path(stack); if (!path) return -1; path->type = DEV_PATH_ETHERNET; - path->dev = ctx.dev; + path->dev = ctx->dev; + + return ret; +} + +int dev_fill_bridge_path(struct net_device_path_ctx *ctx, + struct net_device_path_stack *stack) +{ + const struct net_device *last_dev, *br_dev; + struct net_device_path *path; + int ret = 0; + + stack->num_paths = 0; + + if (!ctx->dev || !netif_is_bridge_port(ctx->dev)) + return -1; + + br_dev = netdev_master_upper_dev_get_rcu((struct net_device *)ctx->dev); + if (!br_dev || !br_dev->netdev_ops->ndo_fill_forward_path) + return -1; + + last_dev = ctx->dev; + path = dev_fwd_path(stack); + if (!path) + return -1; + + memset(path, 0, sizeof(struct net_device_path)); + ret = br_dev->netdev_ops->ndo_fill_forward_path(ctx, path); + if (ret < 0) + return -1; + + if (!ctx->dev || WARN_ON_ONCE(last_dev == ctx->dev)) + return -1; + + if (!netif_is_bridge_master(ctx->dev)) + return dev_fill_forward_path_common(ctx, stack); + + path = dev_fwd_path(stack); + if (!path) + return -1; + path->type = DEV_PATH_ETHERNET; + path->dev = ctx->dev; return ret; } +EXPORT_SYMBOL_GPL(dev_fill_bridge_path); + +int dev_fill_forward_path(const struct net_device *dev, const u8 *daddr, + struct net_device_path_stack *stack) +{ + struct net_device_path_ctx ctx = { + .dev = dev, + }; + + memcpy(ctx.daddr, daddr, sizeof(ctx.daddr)); + + stack->num_paths = 0; + + return dev_fill_forward_path_common(&ctx, stack); +} EXPORT_SYMBOL_GPL(dev_fill_forward_path); /** From patchwork Sun Oct 13 18:55:03 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13834034 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id C190FCF2576 for ; Sun, 13 Oct 2024 19:06:59 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=pdMZzUqlItAKYCipC8R7CKRW4bj0To7qOhyuRvVgeD0=; b=A2dNixew9UT0q0usiRMTIIxP4P 4/WNjORoG2BaURCv5A3eyk5JhPNe1qfLn/GeIv1KkNU5jXHw4GZM6v/jbGXpRM7iLgiKS6nnc2Hye w1iJgg3JkEs5D3xY3D+g83USGoFjHzjJcLgkhMSdsCTfev/bWDCOkYeLjhaDEF+z5KFyKXgIkGpgy EBdCLedxPx8kDzCzYInSrlSnYyw3ed5DrrSwsZjR82y1gX03ltknxdyRTF6e5C8RjSxzHyzOc4oRC 4SRlDQU8ImGkQqV2j/aGaiZcLpdcTk5chVPkbfrQJPQXHPVYV9tsLQH2ac7TfygSERwyJC+GMfScX VfSisc0Q==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1t03vU-000000036NG-40eF; Sun, 13 Oct 2024 19:06:48 +0000 Received: from mail-ej1-x634.google.com ([2a00:1450:4864:20::634]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1t03kl-000000034aF-47R5; Sun, 13 Oct 2024 18:55:45 +0000 Received: by mail-ej1-x634.google.com with SMTP id a640c23a62f3a-a99f629a7aaso157398266b.1; Sun, 13 Oct 2024 11:55:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1728845742; x=1729450542; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=pdMZzUqlItAKYCipC8R7CKRW4bj0To7qOhyuRvVgeD0=; b=TBfynMoyvolvYPyy9NuXTpLPjJP0AW9yIE4q0aVK6MAlqtbjygMdlc9oEkerBT2P0/ 8g0etae/EL3DjUf0E6ysKibxeuoxM8YhNeTW8wiKXDNSLiXr8iJTPTclPaqF+cak6L/b RNUZD+T7eBwV/GHAULezTsLhGYpBUWFtIUgaqbSDaah/VDIDolxcsUlatK7vx/ezbYhC BqA/PlAJluxKFyXtm2ZPQZgJfzwjupZG0e0pGpbd7bpF2WT02q81/H245iCDHdZyJFYe P8qz/XAIs4JR6wb8XHRyzz/8jtIWC4HXxoLb+c18NTqcwahJRo40ugqXbSJ8SitrnJTi wOtQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728845742; x=1729450542; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=pdMZzUqlItAKYCipC8R7CKRW4bj0To7qOhyuRvVgeD0=; b=lgHhEZchQLumkTGJWy/RXFgadpqoweKxPOb0kqpeUbfgDSYRgRsyx/mrDNXH/4SIcb r5/+fIcrNN5GpEZXrnXb1TlKEAfuyRzECgLngZvAXIKIVQbXJa7d2NMs4oqalaylXqaU sc1Qt+pQbl0GrUxSfJcfWB3sLAMzvxxZNzHGVhq/iLjtRGlNpxb/9vxXmA9PURBD9DMn EkKggQlHsJPcSvr2Kv2aiIMb6jCAoVwt5N/PtYgcztvLp0jvxKUmJc8HO/1orkGw/ZmW dji7XHd3f4T9GOsVtdkdRfxvQmTKkc2IzwNfk83ayKVYqfbkc40/KohFwwrABnbHe8jP bkCg== X-Forwarded-Encrypted: i=1; AJvYcCWAeU/Y3kwYiXlReNhXKOgiiGaQK857qqmlDHlZODP8LJgE4ruYv65rbZs8S8sFQJc7AM0sHPPIGO6+3Prb59Y=@lists.infradead.org, AJvYcCXa5si7wYam35W8/fqUW9LYuPXvApFGuhvz//4aD7qgVnDhGYqD9j2CqtySGeltsvnhaTlL1bp9lwCVzrwSCSfC@lists.infradead.org X-Gm-Message-State: AOJu0Yxg+ptGaARQX9yFzDF2DDT67gyEFWXnGEHCXIHxEbWibMmg3zMy o5/wxe2OC62pXBN6DTnoXwbq5FogqVtA8N/00yrDObJzl349dsQV X-Google-Smtp-Source: AGHT+IFAKa7QLMgLrXfCGsTWPmLzzuX6LnZofD0LKyRsV4PvoJ/AEQnOQ8iMsxyM5aGIRLuo2u2udQ== X-Received: by 2002:a17:906:c10d:b0:a8d:43c5:9a16 with SMTP id a640c23a62f3a-a99b8775be2mr661651566b.6.1728845741903; Sun, 13 Oct 2024 11:55:41 -0700 (PDT) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-a9a12d384b9sm13500866b.172.2024.10.13.11.55.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 13 Oct 2024 11:55:41 -0700 (PDT) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Pablo Neira Ayuso , Jozsef Kadlecsik , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Jiri Pirko , Sebastian Andrzej Siewior , Lorenzo Bianconi , "Frank Wunderlich" , Daniel Golle , Eric Woudstra Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org Subject: [PATCH RFC v1 net-next 07/12] netfilter :nf_flow_table_offload: Add nf_flow_rule_bridge() Date: Sun, 13 Oct 2024 20:55:03 +0200 Message-ID: <20241013185509.4430-8-ericwouds@gmail.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20241013185509.4430-1-ericwouds@gmail.com> References: <20241013185509.4430-1-ericwouds@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20241013_115544_045748_B9E6C44B X-CRM114-Status: GOOD ( 10.20 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Add nf_flow_rule_bridge(). It only calls the common rule and adds the redirect. Signed-off-by: Eric Woudstra --- include/net/netfilter/nf_flow_table.h | 3 +++ net/netfilter/nf_flow_table_offload.c | 13 +++++++++++++ 2 files changed, 16 insertions(+) diff --git a/include/net/netfilter/nf_flow_table.h b/include/net/netfilter/nf_flow_table.h index b63d53bb9dd6..568019a3898a 100644 --- a/include/net/netfilter/nf_flow_table.h +++ b/include/net/netfilter/nf_flow_table.h @@ -341,6 +341,9 @@ void nf_flow_table_offload_flush_cleanup(struct nf_flowtable *flowtable); int nf_flow_table_offload_setup(struct nf_flowtable *flowtable, struct net_device *dev, enum flow_block_command cmd); +int nf_flow_rule_bridge(struct net *net, struct flow_offload *flow, + enum flow_offload_tuple_dir dir, + struct nf_flow_rule *flow_rule); int nf_flow_rule_route_ipv4(struct net *net, struct flow_offload *flow, enum flow_offload_tuple_dir dir, struct nf_flow_rule *flow_rule); diff --git a/net/netfilter/nf_flow_table_offload.c b/net/netfilter/nf_flow_table_offload.c index e06bc36f49fe..5543ce03a196 100644 --- a/net/netfilter/nf_flow_table_offload.c +++ b/net/netfilter/nf_flow_table_offload.c @@ -679,6 +679,19 @@ nf_flow_rule_route_common(struct net *net, const struct flow_offload *flow, return 0; } +int nf_flow_rule_bridge(struct net *net, struct flow_offload *flow, + enum flow_offload_tuple_dir dir, + struct nf_flow_rule *flow_rule) +{ + if (nf_flow_rule_route_common(net, flow, dir, flow_rule) < 0) + return -1; + + flow_offload_redirect(net, flow, dir, flow_rule); + + return 0; +} +EXPORT_SYMBOL_GPL(nf_flow_rule_bridge); + int nf_flow_rule_route_ipv4(struct net *net, struct flow_offload *flow, enum flow_offload_tuple_dir dir, struct nf_flow_rule *flow_rule) From patchwork Sun Oct 13 18:55:04 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13834035 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 334FECF2576 for ; Sun, 13 Oct 2024 19:08:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=D6bOSx9F0JYNp5qomZcy7h/raSRvVGKNY4mEoIJa6U4=; b=Aae3hNs3eAd+uUlUm4y3v3iMtA p6WiJyve4aiQtMd+lNN4fKgu3N2j2PXj8vxf6ZmlGSkofauh/YZggBirRmYPRA3ByGJXmnREOAswm c3x1oerEOxT+jT/ArXSOC+bLnXY1+VmKxw9rRjDh5a/QPtqarVFSeBLWiqoRrl9inAce2KDxYKZnB +O/Dc2OOveJODGNK/OuqLuibFSP7cQjjh5a+4hh+GPkyDJt4b0mK3xXFBU+cIab8pTbETLob4MASi yr55lz+yG5qLxQAHVIzHfZOAockad6EAqv0qPjimrUARPlwUV5C0sHhfH1Wvl3VjGBIM9gWE+I8Dk Qm4ni7fw==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1t03wp-000000036W7-0oRS; Sun, 13 Oct 2024 19:08:11 +0000 Received: from mail-ej1-x62a.google.com ([2a00:1450:4864:20::62a]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1t03km-000000034aP-2m1u; Sun, 13 Oct 2024 18:55:46 +0000 Received: by mail-ej1-x62a.google.com with SMTP id a640c23a62f3a-a9944c4d5d4so524628066b.0; Sun, 13 Oct 2024 11:55:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1728845743; x=1729450543; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=D6bOSx9F0JYNp5qomZcy7h/raSRvVGKNY4mEoIJa6U4=; b=nndX1SrV8ZBYB72JLjnQjUIXx31Mp7yLJUI0XSNVSaTNZWkwm112SnmOWHWc93DUlF WauB8NsvTxU0oTmROhzusztHSiiY5Y7YRA0pBb5kHK7UVXHdq0v7zNgd1s0l5EDMC80u nFc2kRWtn6cHoSC/eG5oq6ZTycLzDAYc9u12mZf/kisahwO1r9lWI8DyllozLhGXdJDt rWoJu4nu3we+ka6Ydk6LQDUx9jDQrysU3i7Dpnj2NyURriLkNxG43isZ625UZ5GUnI+0 1+plmyH3KBh3y0mvzE0b0V52NAeOF9U5IEOTr5Zx6XwG/Rzfa89PRo8aCKGCwlzUyb3l h1IQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728845743; x=1729450543; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=D6bOSx9F0JYNp5qomZcy7h/raSRvVGKNY4mEoIJa6U4=; b=LriJnrxEC0d1PIvCRVjlMpVbMvbCDyz97QwYZcf/xYdNzqhQCLFikQZXzmB7Mhg50v zvHnlEka8dyT1VFCv/ezhUNUsJz4+dLUBjsp1ZtNjeVfII2pdhtjr4zJ8uKRe98HkmEK pa/t13e4ODjqKatoGQENjRhJVg1uqnbL8CaFB5h96DcKXGx8ND4CY3dxZeA4g7YceYtg hVj2rA22pczSuleOLbwTGu0gsqdrrVF/W3psYz2Gilb3dYqRRR0EKq3gm4hkxFzQ/1WW BI/xfp+IRuukD9FE7JyxNGn6gr5D7T9euw2zO0BS16uI2OO4K+Hvp6bvIxyTGGYJM1wh RrFg== X-Forwarded-Encrypted: i=1; AJvYcCV+nlN2aCGwmfaZoLz0qZwllH1YO62C5UqHKVJLG3EcjPiljKmfn0G4lYo9eKdowPNHcAr/hOpJh/Md1ElIWzs=@lists.infradead.org, AJvYcCW2eIO9h4GWB4j0eTKoU7kqhodS6vAPNG/pY7WcD2F3KUeXUUZjB3KjlW+51rpdV4Pk/ZCfGc4+NBHMxAZsicWc@lists.infradead.org X-Gm-Message-State: AOJu0YxHZ774/72b4bfCJjq/svuTtPVzlhfmtYxYu3LDAqshPae3oxn5 4WSzZIdfSzdPSWBHdRPQ43Ly6cSIUsev4XhO8m5SuIW9PNJbnHgk X-Google-Smtp-Source: AGHT+IHvTGJJwOKJ7kLklzvX+Gh+CAxx5/4phzgEMN5pvFmXb1du5QSwwE/bUW/IN4TfeZh8VQTOOg== X-Received: by 2002:a17:907:d01:b0:a8d:6648:813f with SMTP id a640c23a62f3a-a99b93239cemr785241466b.3.1728845743054; Sun, 13 Oct 2024 11:55:43 -0700 (PDT) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-a9a12d384b9sm13500866b.172.2024.10.13.11.55.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 13 Oct 2024 11:55:42 -0700 (PDT) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Pablo Neira Ayuso , Jozsef Kadlecsik , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Jiri Pirko , Sebastian Andrzej Siewior , Lorenzo Bianconi , "Frank Wunderlich" , Daniel Golle , Eric Woudstra Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org Subject: [PATCH RFC v1 net-next 08/12] netfilter: nf_flow_table_inet: Add nf_flowtable_type flowtable_bridge Date: Sun, 13 Oct 2024 20:55:04 +0200 Message-ID: <20241013185509.4430-9-ericwouds@gmail.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20241013185509.4430-1-ericwouds@gmail.com> References: <20241013185509.4430-1-ericwouds@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20241013_115544_749260_C05432C5 X-CRM114-Status: GOOD ( 11.66 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org This will allow a flowtable to be added to the nft bridge family. Signed-off-by: Eric Woudstra --- net/netfilter/nf_flow_table_inet.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/net/netfilter/nf_flow_table_inet.c b/net/netfilter/nf_flow_table_inet.c index b0f199171932..80b238196f29 100644 --- a/net/netfilter/nf_flow_table_inet.c +++ b/net/netfilter/nf_flow_table_inet.c @@ -65,6 +65,16 @@ static int nf_flow_rule_route_inet(struct net *net, return err; } +static struct nf_flowtable_type flowtable_bridge = { + .family = NFPROTO_BRIDGE, + .init = nf_flow_table_init, + .setup = nf_flow_table_offload_setup, + .action = nf_flow_rule_bridge, + .free = nf_flow_table_free, + .hook = nf_flow_offload_inet_hook, + .owner = THIS_MODULE, +}; + static struct nf_flowtable_type flowtable_inet = { .family = NFPROTO_INET, .init = nf_flow_table_init, @@ -97,6 +107,7 @@ static struct nf_flowtable_type flowtable_ipv6 = { static int __init nf_flow_inet_module_init(void) { + nft_register_flowtable_type(&flowtable_bridge); nft_register_flowtable_type(&flowtable_ipv4); nft_register_flowtable_type(&flowtable_ipv6); nft_register_flowtable_type(&flowtable_inet); @@ -109,6 +120,7 @@ static void __exit nf_flow_inet_module_exit(void) nft_unregister_flowtable_type(&flowtable_inet); nft_unregister_flowtable_type(&flowtable_ipv6); nft_unregister_flowtable_type(&flowtable_ipv4); + nft_unregister_flowtable_type(&flowtable_bridge); } module_init(nf_flow_inet_module_init); @@ -118,5 +130,6 @@ MODULE_LICENSE("GPL"); MODULE_AUTHOR("Pablo Neira Ayuso "); MODULE_ALIAS_NF_FLOWTABLE(AF_INET); MODULE_ALIAS_NF_FLOWTABLE(AF_INET6); +MODULE_ALIAS_NF_FLOWTABLE(AF_BRIDGE); MODULE_ALIAS_NF_FLOWTABLE(1); /* NFPROTO_INET */ MODULE_DESCRIPTION("Netfilter flow table mixed IPv4/IPv6 module"); From patchwork Sun Oct 13 18:55:05 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13834036 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 3A2A4CF2576 for ; Sun, 13 Oct 2024 19:09:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=3I/LHRTPLqJJONKYwwXQsldQo/OPnYwvoagC0qSu+YY=; b=qKSIzGUsrKusVfKLx8sOOYR2y7 M6GuefZRfAqBdw+s7sgzAyNSd4158SPac/s7Nk69fQp9xZ43wNthSMhgcxLVsGTVnSQyxXYJ7p1yT r1tJgT2h5YQc9jch9IulgcLVA22odLiB7H4XEDrsxds4Kh0uJLHAZ33ExrYWlfbbK/LaW2zV0DKmG Kyq5AMOBHIN9xUwqgs+oq2AtkCF5dowBmQGgmmP8SyWRb8bGNrOQyC9QR6ge2f18li2v+y9dhe6QZ 5lT3SSHP+k+yUMi5//ksI6CdvJO4iGSaJjzSEDpp3k1yGLFPMin81g3W/sxSkeQr3VyW9XZv0KbUg Xj17hl5A==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1t03y9-000000036cJ-3ry5; Sun, 13 Oct 2024 19:09:33 +0000 Received: from mail-ej1-x636.google.com ([2a00:1450:4864:20::636]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1t03ko-000000034bS-0SRW; Sun, 13 Oct 2024 18:55:47 +0000 Received: by mail-ej1-x636.google.com with SMTP id a640c23a62f3a-a991fedbd04so357449766b.3; Sun, 13 Oct 2024 11:55:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1728845744; x=1729450544; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=3I/LHRTPLqJJONKYwwXQsldQo/OPnYwvoagC0qSu+YY=; b=WstSTWlBjdU5EEBUow/qWivSG9IwrUjnM9R89i2+E46CuKmDXYFl7IiTV37qxmOvMg lyf82yAqtGsbk0NehWGPGJelJpLd2cP8UtiC1QBbENKBoljpC8DYJuy/FLwm+3gtzMI8 11Xmn5BF0axGVb58cAXBJDM0LEgBWVrSzlsGg1fTatWWy2/UnRNo2TulTSWnEYbepUex yO+Fis2QbBKVCC/q44vd5mJlLRgIfs32hI0JnUST0DDV4CHneOCoBY4oNXHGuzHRkYMD ZpVEHGCr+bBxtQse3otCYibv2F0OznjMbUFjgy0FZaxcu9aecFg9q5FmXJ8o18y5zl5U WaUw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728845744; x=1729450544; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=3I/LHRTPLqJJONKYwwXQsldQo/OPnYwvoagC0qSu+YY=; b=NwJceU+ge+v5Bs9FIH/4Rv3Uzhx+XqH0eVWIjqNZHYiGYWOAy4x6kuFfKdNdXwUU2C eMuF3xZ0yEzoXc5pCrFaYyVH0d6m+40eO49B9J0RTGlcOw5BXUqM9IkNp339qGTTaYQQ 1kUVgMN/neWT9LSauFPVWlyGY7zkHuZ7iEcqgJpGMy5TY6QnBG4S7DPvg8Zebqq6LmjB mRMUGNyr5nBMo7vRb1/D9ZN5yZt4n468HNJfOwr3+6dZ+tVfjPuMT+U6YSe+CWj1X16x pZKZ5j/UUJvsTPcPLY9aC4t7LWJmxbNcGY6uVO2GxMPfdABS0cl+Cfqd1phUQusRj+eX 8jGA== X-Forwarded-Encrypted: i=1; AJvYcCVP6roOZRyCqXErC9YW+OdpEITecSypj7vcnvqeFEChdcPhAm/I7iYFgPFw9d1TcIuoz7AaAtk8OtEdwP27v2g=@lists.infradead.org, AJvYcCXUAqcxTXcju9TBOia1BjixYjlqKHMlAsksYf5oY7dyLkET9Eyx5ZJMVSc8fR/M8UH5B5t+wAor8F3VJqHZ20ZW@lists.infradead.org X-Gm-Message-State: AOJu0YyZa4x4gInA43AhwE8LtkXPDO9EsHrhGVndSrxScRssJAig+TeC W4EULoCp0PvthfGYf6mJ4aWVHeA/drjEqd9Kr+v084Sj8aI3CyLQ X-Google-Smtp-Source: AGHT+IEK/qY7kO3EuTXV/jRfrEbLu6Bs8uGBQ+icVQCx2B6S9pRxxPh+utvTvacXCNe8KWGJaLv35w== X-Received: by 2002:a05:6402:26d1:b0:5c5:da5e:68e with SMTP id 4fb4d7f45d1cf-5c95ac09876mr10710253a12.3.1728845744129; Sun, 13 Oct 2024 11:55:44 -0700 (PDT) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-a9a12d384b9sm13500866b.172.2024.10.13.11.55.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 13 Oct 2024 11:55:43 -0700 (PDT) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Pablo Neira Ayuso , Jozsef Kadlecsik , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Jiri Pirko , Sebastian Andrzej Siewior , Lorenzo Bianconi , "Frank Wunderlich" , Daniel Golle , Eric Woudstra Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org Subject: [PATCH RFC v1 net-next 09/12] netfilter: nft_flow_offload: Add NFPROTO_BRIDGE to validate Date: Sun, 13 Oct 2024 20:55:05 +0200 Message-ID: <20241013185509.4430-10-ericwouds@gmail.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20241013185509.4430-1-ericwouds@gmail.com> References: <20241013185509.4430-1-ericwouds@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20241013_115546_166953_F9E7B66E X-CRM114-Status: GOOD ( 10.91 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Need to add NFPROTO_BRIDGE to nft_flow_offload_validate() to support the bridge-fastpath. Signed-off-by: Eric Woudstra --- net/netfilter/nft_flow_offload.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index bb15aa55e6fb..6719a810e9b5 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -421,7 +421,8 @@ static int nft_flow_offload_validate(const struct nft_ctx *ctx, if (ctx->family != NFPROTO_IPV4 && ctx->family != NFPROTO_IPV6 && - ctx->family != NFPROTO_INET) + ctx->family != NFPROTO_INET && + ctx->family != NFPROTO_BRIDGE) return -EOPNOTSUPP; return nft_chain_validate_hooks(ctx->chain, hook_mask); From patchwork Sun Oct 13 18:55:06 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13834039 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id F15BDCF2576 for ; Sun, 13 Oct 2024 19:14:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=9DH9O06Lp64TibMF8pahG9IPkhLX3XCOl3DriGpuFd0=; b=plqb5k4AYNF8vqyEJhrjqfFoN4 ab69VD4Y1zSCla/EkKVUqjGd5L9VsiAz7ONfRH6zPc0YQx9hxEvDDuKWniusszW+kr2KXYLu4CxLT TjLmBzFJA8SDYhYahOwgLpfwohdT6bWafxef2jEBEYT/MsVR1r9aFgQARjCHr6g/wyhSi7TtcfvAo WDN+NSS0XJ4zcyqV54AXUxtb/96To70e5+FtT8jKZBpUBB/2ZKwKcbmKLnJH1CyZ6P5TMlkH4GeFh 7oESD/Gjpldke8ucGrrGmYakhCHvvZf3d1oJl8adfIa0Dx6BlaRuBjzFEGe5qoWRIrLqoGzRBEvDR g/Vf6X6w==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1t042R-000000036zA-0Ji9; Sun, 13 Oct 2024 19:13:59 +0000 Received: from mail-ed1-x533.google.com ([2a00:1450:4864:20::533]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1t03kp-000000034bs-1lR1; Sun, 13 Oct 2024 18:55:48 +0000 Received: by mail-ed1-x533.google.com with SMTP id 4fb4d7f45d1cf-5c97c7852e8so432497a12.1; Sun, 13 Oct 2024 11:55:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1728845746; x=1729450546; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=9DH9O06Lp64TibMF8pahG9IPkhLX3XCOl3DriGpuFd0=; b=KwuEPAMZKQoi1AyB9+YUNKS/kGD0dZA4X3p6xZvQbSheqHUckvWVAudEQRBp9eQnLd R1akaLJWI9CJUrvX/hFqwWpeZyOIOW6xuab1w1J8YAVEJt40uYyF/svq01ULdrh52uVE qHlmO2KDES+G9A5EPmLWSCXxK/Qcp8K/9+wMo8uZGP6EMFN4AFG1F9jIYaXdTAesEggM 42Spuq8mD8e15EIeM39w/Dli1HEe1dN27SmTLakunBGZQz6w2PFMMGqYLJrW8SPPGNva 35XA0C08zhLePMfw3qN1BC40feYjw0HPyxM/nYPLlRt3U4igv/0G5PBzuJwW0E7qcISU DCfg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728845746; x=1729450546; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=9DH9O06Lp64TibMF8pahG9IPkhLX3XCOl3DriGpuFd0=; b=rruYY6BOVdWOEoJF9lVJ9sOtM84Y/f2MjTE2Xrxj750m44td/iq1v+fnjYtIp3tltZ 2l9c3rOVgfKUBj2cTxgAlQxMq5woZ8gTA9m2IZAdDh8w43sJYYKctPx3YfAXvbxuG6OF KGlYM2zSfnUkySy3vXKNeDcNqXsGyNmfpg93O1GfaOR9MMNo/4lVgT1JwUhMi0/Sc1U2 p7PAPsvBYC38XITt8Xe5ox9Ky961SzGQnBmQJ/hCdM7tA+0iDe683p6ApIsnXedUtztd A9xMkNJ4cvnpNEVvC9Dz7lkHgrjLRPv8P9H2fCROILdKR9pgGn6Jp3x1AJ2KWJisvvlg DNnQ== X-Forwarded-Encrypted: i=1; AJvYcCWXFpaOarPWpaDxcffrfrn+8g+cLnJ5sX8tiGABivM5KOSBtoARQ5YZymU2RaBADAGIt4xo7NYM8GdOXT1Av20=@lists.infradead.org, AJvYcCXMfUrFlt+Nasysdj8x1tJDozuVle6JYUD103iJqjQwtEvBxeGc53qmjOnNuVALrf+uRC9a6wKOqKd5k4an3Xzh@lists.infradead.org X-Gm-Message-State: AOJu0Yy4HjEL3EWlZ4L7Cho7qigPFUzNleLDMAFrP2WeTBmzr35noDCu l0FQAaoRMnuJRm9Aftd7951CVQd+LdPVkLB9cH1LwMjPTnZTgenF X-Google-Smtp-Source: AGHT+IF3e958cm6WfptQrjYwvw+8nY6U3EWzISV9aoZ2s8HNdWFDat+7mlGlek7WSgxj3fgwgQWR5g== X-Received: by 2002:a17:907:7f12:b0:a99:f945:8776 with SMTP id a640c23a62f3a-a99f94588c4mr336725266b.24.1728845745513; Sun, 13 Oct 2024 11:55:45 -0700 (PDT) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-a9a12d384b9sm13500866b.172.2024.10.13.11.55.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 13 Oct 2024 11:55:45 -0700 (PDT) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Pablo Neira Ayuso , Jozsef Kadlecsik , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Jiri Pirko , Sebastian Andrzej Siewior , Lorenzo Bianconi , "Frank Wunderlich" , Daniel Golle , Eric Woudstra Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org Subject: [PATCH RFC v1 net-next 10/12] netfilter: nft_flow_offload: Add DEV_PATH_MTK_WDMA to nft_dev_path_info() Date: Sun, 13 Oct 2024 20:55:06 +0200 Message-ID: <20241013185509.4430-11-ericwouds@gmail.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20241013185509.4430-1-ericwouds@gmail.com> References: <20241013185509.4430-1-ericwouds@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20241013_115547_499227_3197A528 X-CRM114-Status: GOOD ( 12.62 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org In case of using mediatek wireless, in nft_dev_fill_forward_path(), the forward path is filled, ending with mediatek wlan1. Because DEV_PATH_MTK_WDMA is unknown inside nft_dev_path_info() it returns with info.indev = NULL. Then nft_dev_forward_path() returns without setting the direct transmit parameters. This results in a neighbor transmit, and direct transmit not possible. But we want to use it for flow between bridged interfaces. So this patch adds DEV_PATH_MTK_WDMA to nft_dev_path_info() and makes direct transmission possible. Signed-off-by: Eric Woudstra --- net/netfilter/nft_flow_offload.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index 6719a810e9b5..2923286d475e 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -106,6 +106,7 @@ static void nft_dev_path_info(const struct net_device_path_stack *stack, switch (path->type) { case DEV_PATH_ETHERNET: case DEV_PATH_DSA: + case DEV_PATH_MTK_WDMA: case DEV_PATH_VLAN: case DEV_PATH_PPPOE: info->indev = path->dev; @@ -114,7 +115,7 @@ static void nft_dev_path_info(const struct net_device_path_stack *stack, if (path->type == DEV_PATH_ETHERNET) break; - if (path->type == DEV_PATH_DSA) { + if (path->type == DEV_PATH_DSA || path->type == DEV_PATH_MTK_WDMA) { i = stack->num_paths; break; } From patchwork Sun Oct 13 18:55:07 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13834037 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id C7CAFCF2579 for ; Sun, 13 Oct 2024 19:11:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=/wvQCHOWWIW7US3Y24oFxpAEUoI5Ll0qD/qvu+rx8QE=; b=4458NyhDP3o6yRVDdwvi9+1xo3 U71ZSwroLL0gxWSUt79uIjE26wZ13QuLL3z5SbzcfDWGQIgxH4Vt2Ef5e9lRhTTpcVi8c0g/7gj+X xcwhQ0/U4nEtHzQmKXc4aDeCxK2rPIVRWPi2m7edRI6J8PtUSHxf4pu434j0drALQ1TAyfpv27zub XdwpuVOG9xzCcBum04gqITOaCMiX1ZrFtl0MiFolysDMxCgCeas2kLthIqd2nCRKFjUxrJgNtUCbA q/hJYRkeBe9T2/yzMaXt+xXRSIAur0GFHEH5U3FB9/RH1jHlnZxxw5breTco2mn2tf8tzuNosxPVd jil6Slkg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1t03zl-000000036lX-2BMP; Sun, 13 Oct 2024 19:11:13 +0000 Received: from mail-ej1-x636.google.com ([2a00:1450:4864:20::636]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1t03kq-000000034cY-1JhF; Sun, 13 Oct 2024 18:55:50 +0000 Received: by mail-ej1-x636.google.com with SMTP id a640c23a62f3a-a99ffeea60bso108393966b.3; Sun, 13 Oct 2024 11:55:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1728845747; x=1729450547; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=/wvQCHOWWIW7US3Y24oFxpAEUoI5Ll0qD/qvu+rx8QE=; b=Ris191bUauvVukcXLLC5UHc0dk0yAW+UyOAxYvtK+lv1akaz5hZ98E3WnnpvefhGTC ysxUUHAK00pUdzwckjSZDPRPmQ0INltro4LCrvMxVrYZZUOO8gwQFnnBzX2XeX2mDHb4 2uxDl5fdjyx54PYQShI34imrHHCUUjwElKb98uIWKa7B56rfe5vrX0AoEVy72ym+7niA bTEBOLGwSY+PYlyfz/NXjwHl35wV0uES7Le/FbewE9lz0KmZHfFcuHQOlhOqy+xA5Eu6 kdaAg6ktcY25ZHW8UbLSjNWDdYKwcuv1sSeI12X7LbwbZe94Jv6o7l/Zh7BRyYFL+A7u DBXg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728845747; x=1729450547; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=/wvQCHOWWIW7US3Y24oFxpAEUoI5Ll0qD/qvu+rx8QE=; b=u6Smhwx3tL8IxW+g4EA4t1wiDywaeBfq+L06rMS8YQLUgkRfLGhzu9eYJ1rXPAW4Z3 Vk2nOQ2QP3dikSQxO9DJoGDAdUz3CliX6+Vgc50utilbrdO/e6XjU68UaiREdU9JFyG6 9ulErVmsHYu4oy6ngrKL5kCcBnFtUzSjnD52eQ4eB5iHD7S1tuGsnfjIZHU/DvlsY0SI U9e8sTwyRFxkLksObRJSDrYaDo88ETtxNCUyaVU/l574yhfGaw2qnCPcDnbBriRAW99r 8Jc/YRubjo1t2GDTdtb0s1zeprd22n9cEZIJaBv6ky24wna8ucbOutll4asKnLHO0Y/h 7POg== X-Forwarded-Encrypted: i=1; AJvYcCUS+jTgM44vBMcczhh1LVqvFgDWeqqSonjz7suvcipTlE4tPktYqg6SVDbSN7u2TSFerZsDwv4pjyysmO6u8PWT@lists.infradead.org, AJvYcCVlcbGpr2QNrlMkhkSgj1uHojDCLsE/BGRQqxsGfXOBcZlc1+VzDQM9agdDBYW0jKDf9HoWA1DT9Ym3UCqRKL0=@lists.infradead.org X-Gm-Message-State: AOJu0YzaoW4BVqosS7dPHmQTAYI0ONI8mW1A3sHh8eqi2kH4G88C/lX7 A5gqgpM1lAy9khXnwvhEHpOJkcJz9IzdxNo26BkkMFNzI5OFh6Vv X-Google-Smtp-Source: AGHT+IFcMh7X7AR/VKEwvdjIeYhwzK2WvA/EYBgn+NK/HakHY1UTKH1K6wSO2SOJbW3fWApGJV4UEA== X-Received: by 2002:a17:907:6d27:b0:a99:b592:edba with SMTP id a640c23a62f3a-a99b93a7d8amr743812866b.1.1728845746819; Sun, 13 Oct 2024 11:55:46 -0700 (PDT) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-a9a12d384b9sm13500866b.172.2024.10.13.11.55.45 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 13 Oct 2024 11:55:46 -0700 (PDT) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Pablo Neira Ayuso , Jozsef Kadlecsik , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Jiri Pirko , Sebastian Andrzej Siewior , Lorenzo Bianconi , "Frank Wunderlich" , Daniel Golle , Eric Woudstra Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org Subject: [PATCH RFC v1 net-next 11/12] bridge: br_vlan_fill_forward_path_mode no _UNTAG_HW for dsa Date: Sun, 13 Oct 2024 20:55:07 +0200 Message-ID: <20241013185509.4430-12-ericwouds@gmail.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20241013185509.4430-1-ericwouds@gmail.com> References: <20241013185509.4430-1-ericwouds@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20241013_115548_392945_1EB73DA2 X-CRM114-Status: GOOD ( 17.67 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org In network setup as below: fastpath bypass .----------------------------------------. / \ | IP - forwarding | | / \ v | / wan ... | / | | | | | brlan.1 | | | +-------------------------------+ | | vlan 1 | | | | | | brlan (vlan-filtering) | | | +---------------+ | | | DSA-SWITCH | | | vlan 1 | | | | to | | | | untagged 1 vlan 1 | | +---------------+---------------+ . / \ ----->wlan1 lan0 . . . ^ ^ vlan 1 tagged packets untagged packets Now that DEV_PATH_MTK_WDMA is added to nft_dev_path_info() the forward path is filled also when ending with the mediatek wlan1, info.indev not NULL now in nft_dev_forward_path(). This results in a direct transmit instead of a neighbor transmit. This is how it should be, But this fails. br_vlan_fill_forward_path_mode() sets DEV_PATH_BR_VLAN_UNTAG_HW when filling in from brlan.1 towards wlan1. But it should be set to DEV_PATH_BR_VLAN_UNTAG in this case. Using BR_VLFLAG_ADDED_BY_SWITCHDEV is not correct. The dsa switchdev adds it as a foreign port. Use BR_VLFLAG_TAGGING_BY_SWITCHDEV to make sure DEV_PATH_BR_VLAN_UNTAG is set when there is a dsa-switch inside the bridge. Signed-off-by: Eric Woudstra --- net/bridge/br_private.h | 1 + net/bridge/br_vlan.c | 18 +++++++++++++++++- 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/net/bridge/br_private.h b/net/bridge/br_private.h index 8da7798f9368..7d427214cc7c 100644 --- a/net/bridge/br_private.h +++ b/net/bridge/br_private.h @@ -180,6 +180,7 @@ enum { BR_VLFLAG_MCAST_ENABLED = BIT(2), BR_VLFLAG_GLOBAL_MCAST_ENABLED = BIT(3), BR_VLFLAG_NEIGH_SUPPRESS_ENABLED = BIT(4), + BR_VLFLAG_TAGGING_BY_SWITCHDEV = BIT(5), }; /** diff --git a/net/bridge/br_vlan.c b/net/bridge/br_vlan.c index 1830d7d617cd..b7877724b969 100644 --- a/net/bridge/br_vlan.c +++ b/net/bridge/br_vlan.c @@ -3,6 +3,7 @@ #include #include #include +#include #include #include "br_private.h" @@ -100,6 +101,19 @@ static void __vlan_flags_commit(struct net_bridge_vlan *v, u16 flags) __vlan_flags_update(v, flags, true); } +static inline bool br_vlan_tagging_by_switchdev(struct net_bridge *br) +{ +#if IS_ENABLED(CONFIG_NET_DSA) + struct net_bridge_port *p; + + list_for_each_entry(p, &br->port_list, list) { + if (dsa_user_dev_check(p->dev)) + return false; + } +#endif + return true; +} + static int __vlan_vid_add(struct net_device *dev, struct net_bridge *br, struct net_bridge_vlan *v, u16 flags, struct netlink_ext_ack *extack) @@ -113,6 +127,8 @@ static int __vlan_vid_add(struct net_device *dev, struct net_bridge *br, if (err == -EOPNOTSUPP) return vlan_vid_add(dev, br->vlan_proto, v->vid); v->priv_flags |= BR_VLFLAG_ADDED_BY_SWITCHDEV; + if (br_vlan_tagging_by_switchdev(br)) + v->priv_flags |= BR_VLFLAG_TAGGING_BY_SWITCHDEV; return err; } @@ -1491,7 +1507,7 @@ int br_vlan_fill_forward_path_mode(struct net_bridge *br, if (path->bridge.vlan_mode == DEV_PATH_BR_VLAN_TAG) path->bridge.vlan_mode = DEV_PATH_BR_VLAN_KEEP; - else if (v->priv_flags & BR_VLFLAG_ADDED_BY_SWITCHDEV) + else if (v->priv_flags & BR_VLFLAG_TAGGING_BY_SWITCHDEV) path->bridge.vlan_mode = DEV_PATH_BR_VLAN_UNTAG_HW; else path->bridge.vlan_mode = DEV_PATH_BR_VLAN_UNTAG; From patchwork Sun Oct 13 18:55:08 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13834038 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 65EB0CF2576 for ; Sun, 13 Oct 2024 19:12:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=nXqA2N6PSdeku8lbnGk/r0H6SHXM5r8C6mfKewggPXk=; b=yJkh1XbH9rmhQjOCgOC3/aQtKZ JoGSW4owNepOX/zfm71lE8CMMd4EssR1OdHYwGaxbtcU2gNVkTV1Ss7jI9kp0f38rlgrWebCgiBdk XKLf6bgffDZmmlSBrXDNvpYRMeqMeluS2eeB+NbaVHPq6u27oaKMWOk1WO+SA3eAo0iZ/IEvJNhF8 xqsP4fVFte9iqljD5ZFE4TUr/mB7vd8QLO9+Yw85/ld2EnpjQsgBFbTWFFbidRPQ9K1CCWAzxVvTg lgPl92IT0MVF9aJQXlV5Gx6NbOcIyydKm7YBqrONqk3oezPdxXZFOi3nirvAqV8hFb34YFuwVliif lL+D7ICA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1t0417-000000036su-03qD; Sun, 13 Oct 2024 19:12:37 +0000 Received: from mail-ej1-x62b.google.com ([2a00:1450:4864:20::62b]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1t03ks-000000034dM-14D4; Sun, 13 Oct 2024 18:55:52 +0000 Received: by mail-ej1-x62b.google.com with SMTP id a640c23a62f3a-a99ffeea60bso108395966b.3; Sun, 13 Oct 2024 11:55:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1728845748; x=1729450548; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=nXqA2N6PSdeku8lbnGk/r0H6SHXM5r8C6mfKewggPXk=; b=Rte0WCRuTrXrl12If67/AGZ52xHsO7HJN4OI48ESAu4fiN4NiajB2pil7QpcNYxnzC dHgH6RUPf2+TnWjsCco5S4pQEysV2nfSTmHl/4I3F5olA6Z5wyox6uFjk17VpS+HMIs4 MwQNdpXepsSY4ucESszrU0fcHUHA9ZNYbopi4/xLoCeIzBy6DxTcNTA3DzkF3obeoyLj umZI5XmPKbSugNywVOwaTmpGkJHQj4+Vji57yKZgIA5RH7XS0GKenha5W6+cw0l8CocQ clujgyUSwaAOZctLYvO+XWPdipgRhFgjEauEZhNfDNvIg06rAOcv5xt7Wv4yHZA/qZrb 1wLg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728845748; x=1729450548; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=nXqA2N6PSdeku8lbnGk/r0H6SHXM5r8C6mfKewggPXk=; b=reHhoI3a07RGjpkr7/MJ31dRkZeBcFb0iqMJnT0x7ghIGJqa2OSrjOpRzbIM5viIMQ 2tKmdKDyuN1eNrZVx7vycVSwiQ8Lhfe0M7snMB0WvYCUh54BdTUUPSsuHTf9N7CPomHJ 14j7PyJ0hU32VBqZUflxrodzWf8V5RsdHU2Z1/KjOOkpy/aCGwJVRV+HUAM3Q7RDG54c cMnBpcuJuiu4A6NaZjCL0sH0ZMGPDC0JdFcqjujVIh16Uv62eb65Zqa7c2o+lc6Ufo/n dX+UNkdoagU+d/Pvrxo0Wb74qBQEsIxBgNq38qN7oUDyDKk0tNRehVStvkVa8OK57RFP vxtQ== X-Forwarded-Encrypted: i=1; AJvYcCWycg9vLYJkoSq7s6Poyx6pf/aTc6pllMlvmhi5+txuNSIVNroNG5d5YnE9HhtOfqQsNcAgFlWY/2GSaJOzlK4=@lists.infradead.org, AJvYcCXFSh066bxhMDG4kyMvMuf8wlKOU+ksdCUsmodYuHNS7X6pNgq1b934oVwK/lQdndOaugaAOU4ok2dE4Q2/m4K4@lists.infradead.org X-Gm-Message-State: AOJu0YxjZONC5pgX/DYKMb3iNak5H2Cbc+UjbNIY3pa7rxqewDbgeeWF hAY6Gki3LxWtFblKer0pJwyRUO3pZcIyK4mjQARbjFLEyiP9jRu7 X-Google-Smtp-Source: AGHT+IGDRNNl2WNHKk/RQYIt3X3ZUbDBl2cG/u3cyrPOyqik2hRlsXTDnJIYfMk+W8sAqccVFejf5w== X-Received: by 2002:a17:906:6a0f:b0:a9a:196:fc29 with SMTP id a640c23a62f3a-a9a0196fee5mr289924666b.61.1728845748194; Sun, 13 Oct 2024 11:55:48 -0700 (PDT) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-a9a12d384b9sm13500866b.172.2024.10.13.11.55.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 13 Oct 2024 11:55:47 -0700 (PDT) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Pablo Neira Ayuso , Jozsef Kadlecsik , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Jiri Pirko , Sebastian Andrzej Siewior , Lorenzo Bianconi , "Frank Wunderlich" , Daniel Golle , Eric Woudstra Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org Subject: [PATCH RFC v1 net-next 12/12] netfilter: nft_flow_offload: Add bridgeflow to nft_flow_offload_eval() Date: Sun, 13 Oct 2024 20:55:08 +0200 Message-ID: <20241013185509.4430-13-ericwouds@gmail.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20241013185509.4430-1-ericwouds@gmail.com> References: <20241013185509.4430-1-ericwouds@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20241013_115550_320377_C85DF09A X-CRM114-Status: GOOD ( 18.82 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Edit nft_flow_offload_eval() to make it possible to handle a flowtable of the nft bridge family. Use nft_flow_offload_bridge_init() to fill the flow tuples. It uses nft_dev_fill_bridge_path() in each direction. Signed-off-by: Eric Woudstra --- net/netfilter/nft_flow_offload.c | 142 +++++++++++++++++++++++++++++-- 1 file changed, 137 insertions(+), 5 deletions(-) diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index 2923286d475e..bd4850691baa 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -184,6 +184,129 @@ static bool nft_flowtable_find_dev(const struct net_device *dev, return found; } +static int nft_dev_fill_bridge_path(struct flow_offload *flow, + struct nft_flowtable *ft, + const struct nft_pktinfo *pkt, + enum ip_conntrack_dir dir, + const struct net_device *src_dev, + const struct net_device *dst_dev, + unsigned char *src_ha, + unsigned char *dst_ha) +{ + struct flow_offload_tuple_rhash *th = flow->tuplehash; + struct net_device_path_stack stack; + struct net_device_path_ctx ctx = {}; + struct nft_forward_info info = {}; + int i, j = 0; + + for (i = th[dir].tuple.encap_num - 1; i >= 0 ; i--) { + if (info.num_encaps >= NF_FLOW_TABLE_ENCAP_MAX) + return -1; + info.encap[info.num_encaps].id = th[dir].tuple.encap[i].id; + info.encap[info.num_encaps].proto = th[dir].tuple.encap[i].proto; + info.num_encaps++; + + if (th[dir].tuple.encap[i].proto == htons(ETH_P_PPP_SES)) + continue; + + if (ctx.num_vlans >= NET_DEVICE_PATH_VLAN_MAX) + return -1; + ctx.vlan[ctx.num_vlans].id = th[dir].tuple.encap[i].id; + ctx.vlan[ctx.num_vlans].proto = th[dir].tuple.encap[i].proto; + ctx.num_vlans++; + } + ctx.dev = src_dev; + ether_addr_copy(ctx.daddr, dst_ha); + + if (dev_fill_bridge_path(&ctx, &stack) < 0) + return -1; + + nft_dev_path_info(&stack, &info, dst_ha, &ft->data); + + if (!info.indev || info.indev != dst_dev) + return -1; + + th[!dir].tuple.iifidx = info.indev->ifindex; + for (i = info.num_encaps - 1; i >= 0; i--) { + th[!dir].tuple.encap[j].id = info.encap[i].id; + th[!dir].tuple.encap[j].proto = info.encap[i].proto; + if (info.ingress_vlans & BIT(i)) + th[!dir].tuple.in_vlan_ingress |= BIT(j); + j++; + } + th[!dir].tuple.encap_num = info.num_encaps; + + th[dir].tuple.mtu = dst_dev->mtu; + ether_addr_copy(th[dir].tuple.out.h_source, src_ha); + ether_addr_copy(th[dir].tuple.out.h_dest, dst_ha); + th[dir].tuple.out.ifidx = info.outdev->ifindex; + th[dir].tuple.out.hw_ifidx = info.hw_outdev->ifindex; + th[dir].tuple.xmit_type = FLOW_OFFLOAD_XMIT_DIRECT; + + return 0; +} + +static int nft_flow_offload_bridge_init(struct flow_offload *flow, + const struct nft_pktinfo *pkt, + enum ip_conntrack_dir dir, + struct nft_flowtable *ft) +{ + struct ethhdr *eth = eth_hdr(pkt->skb); + struct flow_offload_tuple *tuple; + const struct net_device *out_dev; + const struct net_device *in_dev; + int err, i = 0; + + in_dev = nft_in(pkt); + if (!in_dev || !nft_flowtable_find_dev(in_dev, ft)) + return -1; + + out_dev = nft_out(pkt); + if (!out_dev || !nft_flowtable_find_dev(out_dev, ft)) + return -1; + + tuple = &flow->tuplehash[!dir].tuple; + + if (skb_vlan_tag_present(pkt->skb)) { + tuple->encap[i].id = skb_vlan_tag_get(pkt->skb); + tuple->encap[i].proto = pkt->skb->vlan_proto; + i++; + } + switch (pkt->skb->protocol) { + case htons(ETH_P_8021Q): + struct vlan_hdr *vhdr; + + vhdr = (struct vlan_hdr *)skb_network_header(pkt->skb); + tuple->encap[i].id = ntohs(vhdr->h_vlan_TCI); + tuple->encap[i].proto = pkt->skb->protocol; + i++; + break; + case htons(ETH_P_PPP_SES): + struct pppoe_hdr *phdr; + + phdr = (struct pppoe_hdr *)skb_network_header(pkt->skb); + tuple->encap[i].id = ntohs(phdr->sid); + tuple->encap[i].proto = pkt->skb->protocol; + i++; + break; + } + tuple->encap_num = i; + + err = nft_dev_fill_bridge_path(flow, ft, pkt, !dir, out_dev, in_dev, + eth->h_dest, eth->h_source); + if (err < 0) + return err; + + memset(tuple->encap, 0, sizeof(tuple->encap)); + + err = nft_dev_fill_bridge_path(flow, ft, pkt, dir, in_dev, out_dev, + eth->h_source, eth->h_dest); + if (err < 0) + return err; + + return 0; +} + static void nft_dev_forward_path(struct nf_flow_route *route, const struct nf_conn *ct, enum ip_conntrack_dir dir, @@ -294,6 +417,7 @@ static void nft_flow_offload_eval(const struct nft_expr *expr, { struct nft_flow_offload *priv = nft_expr_priv(expr); struct nf_flowtable *flowtable = &priv->flowtable->data; + bool routing = (flowtable->type->family != NFPROTO_BRIDGE); struct tcphdr _tcph, *tcph = NULL; struct nf_flow_route route = {}; enum ip_conntrack_info ctinfo; @@ -347,14 +471,20 @@ static void nft_flow_offload_eval(const struct nft_expr *expr, goto out; dir = CTINFO2DIR(ctinfo); - if (nft_flow_route(pkt, ct, &route, dir, priv->flowtable) < 0) - goto err_flow_route; + if (routing) { + if (nft_flow_route(pkt, ct, &route, dir, priv->flowtable) < 0) + goto err_flow_route; + } flow = flow_offload_alloc(ct); if (!flow) goto err_flow_alloc; - flow_offload_route_init(flow, &route); + if (routing) + flow_offload_route_init(flow, &route); + else + if (nft_flow_offload_bridge_init(flow, pkt, dir, priv->flowtable) < 0) + goto err_flow_route; if (tcph) { ct->proto.tcp.seen[0].flags |= IP_CT_TCP_FLAG_BE_LIBERAL; @@ -407,8 +537,10 @@ static void nft_flow_offload_eval(const struct nft_expr *expr, err_flow_add: flow_offload_free(flow); err_flow_alloc: - dst_release(route.tuple[dir].dst); - dst_release(route.tuple[!dir].dst); + if (routing) { + dst_release(route.tuple[dir].dst); + dst_release(route.tuple[!dir].dst); + } err_flow_route: clear_bit(IPS_OFFLOAD_BIT, &ct->status); out: