From patchwork Tue Dec 10 09:44:49 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13901155 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-ed1-f41.google.com (mail-ed1-f41.google.com [209.85.208.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DDD9178F36; Tue, 10 Dec 2024 09:46:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.41 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733823976; cv=none; b=FVnuyaknJkj7f5G0HMUaE4QypDkyBFKsTcDqhYIVqxL6VWoBCbCi4JxhRtKRa0IYUU0JOAk6vy9fgk1Z6vn5ni9N9ETrfjDBi9/zOnC0x5rjadTQuhZvR60PlpI2bQtpQWvWFr3dY2NMEDb6zan5bqf13Xc5CPQ90v3JU+4T03I= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733823976; c=relaxed/simple; bh=Coh7dA4NZN0wC8ukUEBEVleZPuWCkMhm3t7ip8PSPUo=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=DCqBXqzGUgka9aJCOqNTkVdC+eTSV3NhdwhAlwrG1ERqao4RYhEpioQgQWO9/AEhz/KUEN/z1v6J1c3O4vWwRV/8n9ZtLLmxfmI4FYh8jNo1suGcLH4f9KssFtWMWt1q5RvU1Tm+VeUHrwclcdT3clKT3p48dhmJ3ZLijdrxgag= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=QEx2QKVm; arc=none smtp.client-ip=209.85.208.41 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="QEx2QKVm" Received: by mail-ed1-f41.google.com with SMTP id 4fb4d7f45d1cf-5d3d14336f0so6017275a12.3; Tue, 10 Dec 2024 01:46:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1733823973; x=1734428773; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Baj5jGYp4+wV8/iAbfAoST2ANmEn8FK5eb8xxUvDBwU=; b=QEx2QKVmKxfey8D44GatcYZloXUT1biqLMA7RAnKcr6mdxH2nnJW2Uhkte+93Dl+8H BNeDIqyaZOt81/o2X6JPkf/DqGBSFgPcPsbFnJPSLC01J/3MSenqfBTnzXp93yZlgw3+ UGB+IN5LX05H/JWNP9bCXRXpHQ833hHzTV5yCicCz6OHOwL7Xvjp0YXp2DKXK5FIwiki JfRKDaoXw1mnKgjUvOWs9aTOApexUsKBziGrC4Aan5PvMvg6XdNxkNmb3ZTZtv+ApxeS jOWlm1+vwUETFU1Kly/tjPQHWlxlgd0TH8/4F40nrzEnODIp+Ujbq9e1i3LsXYXYdl9x DBMA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733823973; x=1734428773; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Baj5jGYp4+wV8/iAbfAoST2ANmEn8FK5eb8xxUvDBwU=; b=NB+yMuxK7/XGe0IF6wO32uFV37iBWHwV88Hhv6sLvpAGKnE0ipYBsPGVkR/Xvmiwe9 lwdqWr1xkkjNjKyh+X7byIExpZP27fqDRswKrLdrXmtA0kJEL/LKhSYPzMyjBKSYdspQ 0TdHMHEmdAa/B95xvPs83+AVBGssbP+Mda+mpLSnN9Nqiq7tqyT+vW2/anANzo1QNiXi Zzwpe779j6zQKKKNhfBCjpejXL8UYYqf+tqUpVwDqvl2LlqpkJPUwQmgilK1ZyjZX+aJ KGmxLyuh8uEPjY8uioX5jyaZZwvbtz8Cr9NfSijWoAOVke1l990nQhppMgL62w2nRc2W 2Wbw== X-Forwarded-Encrypted: i=1; AJvYcCUDGrzxBBEulqZP9UAxiUnVS1vjNwgztR+buGm5UNpxijdgOu+DyDLqL4GR6CfilikfS3UwNLYbN/TSqlE=@vger.kernel.org, AJvYcCXreIg5LA2Dwt1iiv1B28NGMgjwWbHSV5e1zXqNGsihWX152NlizCAo7cFWQh4kPGLmkdccOzcrWt+uTZ4w4FZh@vger.kernel.org X-Gm-Message-State: AOJu0YyHQ6jnAc0c2n0DFYt/cxmBe2MCZg4XJtTznNEv45jOjniJGWMV kxnlsG69/z2uQ4Yhii8gjsRPM0hibdbb0hnDTZ0rK9Hue47oiiV2 X-Gm-Gg: ASbGncu4DRzat/cQcDTITPcwN1zmQUA41IhCLQPnb+ztExHVPbemkvgdnxrfKJv6ydA i6fv6iDqqkaNu4O5s1oZF6Yd27HX7tNDl3Dj2qJ/R5z77qXFsrExqbBxRcOonlmUFqvaIiLmvEV gwjsZcQvnv2EzATuXj4Xd3kfzfPs0zQ/jUs5ouorUoo0GXqH7lWqk/z4XGfxD8Wbao9lChtWWAE +eA43532orUrk8crkl/MLNPIGAhTlF8p5ENZ3KyQIqtuiRUYX46aBi5lUaNGAudGcY2Etg5p1I4 6bLXYaGut+ueWCva6Je4IuBAdu6nZMQgG/BAz0NGj8YHKp38HqwVcAmoV5SxeqiZTTcdzwM= X-Google-Smtp-Source: AGHT+IHKdE8bXe8IMSV2wZCfAqbK8hBoc5nXAt4+RtU2iWTR2cHV5c46LmMZ/phJZQ7EkHH6eDKNXw== X-Received: by 2002:a05:6402:2807:b0:5d0:c67e:e26c with SMTP id 4fb4d7f45d1cf-5d41852f135mr4854517a12.10.1733823973031; Tue, 10 Dec 2024 01:46:13 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5d14b609e56sm7313936a12.40.2024.12.10.01.46.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 10 Dec 2024 01:46:12 -0800 (PST) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Andrew Lunn , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , David Ahern , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH RFC v3 net-next 01/13] netfilter: nf_flow_table_offload: Add nf_flow_encap_push() for xmit direct Date: Tue, 10 Dec 2024 10:44:49 +0100 Message-ID: <20241210094501.3069-2-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20241210094501.3069-1-ericwouds@gmail.com> References: <20241210094501.3069-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org X-Patchwork-State: RFC Loosely based on wenxu's patches: "nf_flow_table_offload: offload the vlan/PPPoE encap in the flowtable". Fixed double vlan and pppoe packets, almost entirely rewriting the patch. After this patch, it is possible to transmit packets in the fastpath with outgoing encaps, without using vlan- and/or pppoe-devices. This makes it possible to use more different kinds of network setups. For example, when bridge tagging is used to egress vlan tagged packets using the forward fastpath. Another example is passing 802.1q tagged packets through a bridge using the bridge fastpath. This also makes the software fastpath process more similar to the hardware offloaded fastpath process, where encaps are also pushed. After applying this patch, always info->outdev = info->hw_outdev, so the netfilter code can be further cleaned up by removing: * hw_outdev from struct nft_forward_info * out.hw_ifindex from struct nf_flow_route * out.hw_ifidx from struct flow_offload_tuple Signed-off-by: Eric Woudstra --- net/netfilter/nf_flow_table_ip.c | 96 +++++++++++++++++++++++++++++++- net/netfilter/nft_flow_offload.c | 6 +- 2 files changed, 96 insertions(+), 6 deletions(-) diff --git a/net/netfilter/nf_flow_table_ip.c b/net/netfilter/nf_flow_table_ip.c index 98edcaa37b38..290d8e10d85b 100644 --- a/net/netfilter/nf_flow_table_ip.c +++ b/net/netfilter/nf_flow_table_ip.c @@ -302,6 +302,92 @@ static bool nf_flow_skb_encap_protocol(struct sk_buff *skb, __be16 proto, return false; } +static int nf_flow_vlan_inner_push(struct sk_buff *skb, __be16 proto, u16 id) +{ + struct vlan_hdr *vhdr; + + if (skb_cow_head(skb, VLAN_HLEN)) + return -1; + + __skb_push(skb, VLAN_HLEN); + skb_reset_network_header(skb); + + vhdr = (struct vlan_hdr *)(skb->data); + vhdr->h_vlan_TCI = htons(id); + vhdr->h_vlan_encapsulated_proto = skb->protocol; + skb->protocol = proto; + + return 0; +} + +static int nf_flow_ppoe_push(struct sk_buff *skb, u16 id) +{ + struct ppp_hdr { + struct pppoe_hdr hdr; + __be16 proto; + } *ph; + int data_len = skb->len + 2; + __be16 proto; + + if (skb_cow_head(skb, PPPOE_SES_HLEN)) + return -1; + + if (skb->protocol == htons(ETH_P_IP)) + proto = htons(PPP_IP); + else if (skb->protocol == htons(ETH_P_IPV6)) + proto = htons(PPP_IPV6); + else + return -1; + + __skb_push(skb, PPPOE_SES_HLEN); + skb_reset_network_header(skb); + + ph = (struct ppp_hdr *)(skb->data); + ph->hdr.ver = 1; + ph->hdr.type = 1; + ph->hdr.code = 0; + ph->hdr.sid = htons(id); + ph->hdr.length = htons(data_len); + ph->proto = proto; + skb->protocol = htons(ETH_P_PPP_SES); + + return 0; +} + +static int nf_flow_encap_push(struct sk_buff *skb, + struct flow_offload_tuple_rhash *tuplehash, + unsigned short *type) +{ + int i = 0, ret = 0; + + if (!tuplehash->tuple.encap_num) + return 0; + + if (tuplehash->tuple.encap[i].proto == htons(ETH_P_8021Q) || + tuplehash->tuple.encap[i].proto == htons(ETH_P_8021AD)) { + __vlan_hwaccel_put_tag(skb, tuplehash->tuple.encap[i].proto, + tuplehash->tuple.encap[i].id); + i++; + if (i >= tuplehash->tuple.encap_num) + return 0; + } + + switch (tuplehash->tuple.encap[i].proto) { + case htons(ETH_P_8021Q): + *type = ETH_P_8021Q; + ret = nf_flow_vlan_inner_push(skb, + tuplehash->tuple.encap[i].proto, + tuplehash->tuple.encap[i].id); + break; + case htons(ETH_P_PPP_SES): + *type = ETH_P_PPP_SES; + ret = nf_flow_ppoe_push(skb, + tuplehash->tuple.encap[i].id); + break; + } + return ret; +} + static void nf_flow_encap_pop(struct sk_buff *skb, struct flow_offload_tuple_rhash *tuplehash) { @@ -331,6 +417,7 @@ static void nf_flow_encap_pop(struct sk_buff *skb, static unsigned int nf_flow_queue_xmit(struct net *net, struct sk_buff *skb, const struct flow_offload_tuple_rhash *tuplehash, + struct flow_offload_tuple_rhash *other_tuplehash, unsigned short type) { struct net_device *outdev; @@ -339,6 +426,9 @@ static unsigned int nf_flow_queue_xmit(struct net *net, struct sk_buff *skb, if (!outdev) return NF_DROP; + if (nf_flow_encap_push(skb, other_tuplehash, &type) < 0) + return NF_DROP; + skb->dev = outdev; dev_hard_header(skb, skb->dev, type, tuplehash->tuple.out.h_dest, tuplehash->tuple.out.h_source, skb->len); @@ -458,7 +548,8 @@ nf_flow_offload_ip_hook(void *priv, struct sk_buff *skb, ret = NF_STOLEN; break; case FLOW_OFFLOAD_XMIT_DIRECT: - ret = nf_flow_queue_xmit(state->net, skb, tuplehash, ETH_P_IP); + ret = nf_flow_queue_xmit(state->net, skb, tuplehash, + &flow->tuplehash[!dir], ETH_P_IP); if (ret == NF_DROP) flow_offload_teardown(flow); break; @@ -753,7 +844,8 @@ nf_flow_offload_ipv6_hook(void *priv, struct sk_buff *skb, ret = NF_STOLEN; break; case FLOW_OFFLOAD_XMIT_DIRECT: - ret = nf_flow_queue_xmit(state->net, skb, tuplehash, ETH_P_IPV6); + ret = nf_flow_queue_xmit(state->net, skb, tuplehash, + &flow->tuplehash[!dir], ETH_P_IPV6); if (ret == NF_DROP) flow_offload_teardown(flow); break; diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index 7b84d8d3469c..cdf1771906b8 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -124,13 +124,12 @@ static void nft_dev_path_info(const struct net_device_path_stack *stack, info->indev = NULL; break; } - if (!info->outdev) - info->outdev = path->dev; info->encap[info->num_encaps].id = path->encap.id; info->encap[info->num_encaps].proto = path->encap.proto; info->num_encaps++; if (path->type == DEV_PATH_PPPOE) memcpy(info->h_dest, path->encap.h_dest, ETH_ALEN); + info->xmit_type = FLOW_OFFLOAD_XMIT_DIRECT; break; case DEV_PATH_BRIDGE: if (is_zero_ether_addr(info->h_source)) @@ -158,8 +157,7 @@ static void nft_dev_path_info(const struct net_device_path_stack *stack, break; } } - if (!info->outdev) - info->outdev = info->indev; + info->outdev = info->indev; info->hw_outdev = info->indev; From patchwork Tue Dec 10 09:44:50 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13901156 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-ed1-f49.google.com (mail-ed1-f49.google.com [209.85.208.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 02003210F57; Tue, 10 Dec 2024 09:46:16 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.49 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733823979; cv=none; b=ZvZgV7/Zc7OVlxoveTZX5iQhSBMBrrDO4KBDPD6xPbJjswz7fkqMwP5rM2OW9e0OdBWsBtfjW4VuJmwzgAJMCVXv4faDNFgVxZPrHqGIYQfEv46LY8DuwLuTzdAtXgu/NuhXKZd0lQg4En0o1RmYGIv81T0QD/WX9N8Lk+njEt8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733823979; c=relaxed/simple; bh=EiUlqjqcyycmVQh/cReUaNfMFD5MK6JvPeuoOO/UWjE=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=aggJ9BAeLDdr6yWnfKpqxeUfGIXdiHrBX2i5q4FUfMbgYIF3wIiKJiNjs7A08/xWQmA461mVZ7nUHqIf7IRprEG/6eXAIqwHJJE0wq/chYZr6qY7sWauuwudIeMF+SVSbzkMKe7wFEE/bmgKEsOPHBDdUkYFhjk/3CVcBzJHnG0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=CtWZLFi/; arc=none smtp.client-ip=209.85.208.49 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="CtWZLFi/" Received: by mail-ed1-f49.google.com with SMTP id 4fb4d7f45d1cf-5d3f28a4fccso2842556a12.2; Tue, 10 Dec 2024 01:46:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1733823975; x=1734428775; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=k+WwlYEDG0HLvBd8VAnV5F5MIiHlMD5bJhzWof6nBUU=; b=CtWZLFi/mVN6RzwoaQ6UIMblar+1UtvjdiDOpfNrFX/g+npAk4O7dJEeNnhvkYUNfc NE+IWuP1zgX5eL4kwpCdj5SvgPAubivXpq4NVtCNCB5LsA8RQeIsfbXghtICijJ92IGl W6teiWeJ5MnbIlhGcK4sQGeaeFQ40P/yICRVPeCzE89h4bgEaKGTRBdZvfW1mn0RtEi9 SEdqvzhiWksZ3Lpp0OlH9b/w/Nlw53OdGuqSFxlsDayCeRYCdUz1eL5dBEC3yGz6nLmE InyAe5E+hEMVkdZPVNvCHl/x22KJP8dAciYh6y7+mAzzutsAnVAsIRFmizMADop3NZCB /mhQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733823975; x=1734428775; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=k+WwlYEDG0HLvBd8VAnV5F5MIiHlMD5bJhzWof6nBUU=; b=UrvEP1ouPHQ5fUOUYmDSegHi1k7ebkJmn7rkltVoIc0hXBYLtV/0iB3mZP7z2OOSm2 +eIr79ulN6+c38VxXD+9HlNdoMARYweYqC1vvRfpHghbBEzb3kCmWXTSw+9p28d/S28R EO9PZ3q/TVobziVCSs4IVN/QtNcavabvcgSSM+Axw/jH0WW58nI4eE9bYLMvX2JQrwcH MUp1fbury5+l3HdSumJ4jwu11bCtVI9nIH5ZqUG/gzHpx8Icb/b7AjMBxw9eXsEPwWUy fr+1wnw/qVNMO1LlKj/M3Z1BqfcTMhz7hf8vnqvcdLs9WjhqtcHqGZG4Uv9qVKjhu4Xk r6nQ== X-Forwarded-Encrypted: i=1; AJvYcCU6GrQaM61HZ6lq8teVqfNU89hnBwmdqtEM22XW3/m4bIRUskAxDFCEiANTG/ge4djGaAvl7s1YG6teTXzSfSie@vger.kernel.org, AJvYcCUycLC7tK2+C9abCYkqLlBmQLLPgWWaDWDq+P1Uwo87FTz/nR+Jlzt8clnpKi9FGDIIbs6A80mGHirgW98=@vger.kernel.org X-Gm-Message-State: AOJu0Yy7KLrbZxKtgWM8tvZP8W50nsczWmici4DSc0Iger/ZMvjt4KhZ NdaxH8FIZ5qwF6QCUt4xT9/HATLUSEJKXgqmclpJDlOraKzpX8Iu X-Gm-Gg: ASbGncuUk5mcYJ0unfddt8gAgzwjoTizfp9tQQALmlLw+dttI1gbGOGVkcEo0aXqG2G Mf44W5Ux2A6xxQ4noeke08+Nxi2EzdMHK3k+ksrFPXGM3SCxGguIUX5wQugz509Kv0R/CIkbcwc Xciex9QAFc2NElkquwN0VvweMx906FNQSrt82WyOSjleEd7hbFuOJqewsPHtsPS2tKCmtJN6U/4 pqGc3mZBIDDsHgGMyXXyHyw5XJRkgX0lum73VkAkYVPSCM+axj3FDLss/F0Qrwz+s+/D2F92pGX t2dgct0ruzY01Qn1SH0PsODmvWiSSJdKV0EI0IzaNBjbZ1AVH/VmcbYDXxJqZfBpkeby8kg= X-Google-Smtp-Source: AGHT+IFN3njHf4zlSvRJy82iqOt9EgBaVK0pDLpNl3FfM/NqTtRAx0hFLhBw6GAH1TXoonBsNWdlBA== X-Received: by 2002:a05:6402:2550:b0:5d0:bf4a:3dfe with SMTP id 4fb4d7f45d1cf-5d3be7f01e6mr14645479a12.23.1733823975128; Tue, 10 Dec 2024 01:46:15 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5d14b609e56sm7313936a12.40.2024.12.10.01.46.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 10 Dec 2024 01:46:13 -0800 (PST) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Andrew Lunn , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , David Ahern , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH RFC v3 net-next 02/13] netfilter: bridge: Add conntrack double vlan and pppoe Date: Tue, 10 Dec 2024 10:44:50 +0100 Message-ID: <20241210094501.3069-3-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20241210094501.3069-1-ericwouds@gmail.com> References: <20241210094501.3069-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org X-Patchwork-State: RFC This adds the capability to conntrack 802.1ad, QinQ, PPPoE and PPPoE-in-Q packets that are passing a bridge. Signed-off-by: Eric Woudstra --- net/bridge/netfilter/nf_conntrack_bridge.c | 88 ++++++++++++++++++---- 1 file changed, 75 insertions(+), 13 deletions(-) diff --git a/net/bridge/netfilter/nf_conntrack_bridge.c b/net/bridge/netfilter/nf_conntrack_bridge.c index 816bb0fde718..31e2bcd71735 100644 --- a/net/bridge/netfilter/nf_conntrack_bridge.c +++ b/net/bridge/netfilter/nf_conntrack_bridge.c @@ -241,56 +241,118 @@ static unsigned int nf_ct_bridge_pre(void *priv, struct sk_buff *skb, const struct nf_hook_state *state) { struct nf_hook_state bridge_state = *state; + __be16 outer_proto, inner_proto; enum ip_conntrack_info ctinfo; + int ret, offset = 0; struct nf_conn *ct; - u32 len; - int ret; + u32 len, data_len; ct = nf_ct_get(skb, &ctinfo); if ((ct && !nf_ct_is_template(ct)) || ctinfo == IP_CT_UNTRACKED) return NF_ACCEPT; + switch (skb->protocol) { + case htons(ETH_P_PPP_SES): { + struct ppp_hdr { + struct pppoe_hdr hdr; + __be16 proto; + } *ph = (struct ppp_hdr *)(skb->data); + + data_len = ntohs(ph->hdr.length) - 2; + offset = PPPOE_SES_HLEN; + outer_proto = skb->protocol; + switch (ph->proto) { + case htons(PPP_IP): + inner_proto = htons(ETH_P_IP); + break; + case htons(PPP_IPV6): + inner_proto = htons(ETH_P_IPV6); + break; + default: + return NF_ACCEPT; + } + break; + } + case htons(ETH_P_8021Q): { + struct vlan_hdr *vhdr = (struct vlan_hdr *)(skb->data); + + data_len = 0xffffffff; + offset = VLAN_HLEN; + outer_proto = skb->protocol; + inner_proto = vhdr->h_vlan_encapsulated_proto; + break; + } + default: + data_len = 0xffffffff; + break; + } + + if (offset) { + switch (inner_proto) { + case htons(ETH_P_IP): + case htons(ETH_P_IPV6): + if (!pskb_may_pull(skb, offset)) + return NF_ACCEPT; + skb_pull_rcsum(skb, offset); + skb_reset_network_header(skb); + skb->protocol = inner_proto; + break; + default: + return NF_ACCEPT; + } + } + + ret = NF_ACCEPT; switch (skb->protocol) { case htons(ETH_P_IP): if (!pskb_may_pull(skb, sizeof(struct iphdr))) - return NF_ACCEPT; + goto do_not_track; len = skb_ip_totlen(skb); + if (data_len < len) + len = data_len; if (pskb_trim_rcsum(skb, len)) - return NF_ACCEPT; + goto do_not_track; if (nf_ct_br_ip_check(skb)) - return NF_ACCEPT; + goto do_not_track; bridge_state.pf = NFPROTO_IPV4; ret = nf_ct_br_defrag4(skb, &bridge_state); break; case htons(ETH_P_IPV6): if (!pskb_may_pull(skb, sizeof(struct ipv6hdr))) - return NF_ACCEPT; + goto do_not_track; len = sizeof(struct ipv6hdr) + ntohs(ipv6_hdr(skb)->payload_len); + if (data_len < len) + len = data_len; if (pskb_trim_rcsum(skb, len)) - return NF_ACCEPT; + goto do_not_track; if (nf_ct_br_ipv6_check(skb)) - return NF_ACCEPT; + goto do_not_track; bridge_state.pf = NFPROTO_IPV6; ret = nf_ct_br_defrag6(skb, &bridge_state); break; default: nf_ct_set(skb, NULL, IP_CT_UNTRACKED); - return NF_ACCEPT; + goto do_not_track; } - if (ret != NF_ACCEPT) - return ret; + if (ret == NF_ACCEPT) + ret = nf_conntrack_in(skb, &bridge_state); - return nf_conntrack_in(skb, &bridge_state); +do_not_track: + if (offset) { + skb_push_rcsum(skb, offset); + skb_reset_network_header(skb); + skb->protocol = outer_proto; + } + return ret; } - static unsigned int nf_ct_bridge_in(void *priv, struct sk_buff *skb, const struct nf_hook_state *state) { From patchwork Tue Dec 10 09:44:51 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13901157 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-ed1-f42.google.com (mail-ed1-f42.google.com [209.85.208.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 55DF8212D67; Tue, 10 Dec 2024 09:46:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.42 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733823981; cv=none; b=B04ZClgq/6XKOXzj7R8lW2bdXXFajn6VKgSkhaHLdi4OnRtjb/nwh+uBnGnpJPXDddJivGOpTjDtv2tIV6m021tdjsLCB4zuXkUgR3aon8waEYqc3Uq+JYU3/AO2unr7fAMu8lPu+c5JftykOJz8mxTOFzZN/M/SxONP+lMAsjQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733823981; c=relaxed/simple; bh=PpWhu6geevy6hVriSMI3jM+oaAQ6lslz7ZRk1SJTcoA=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=iBlF5DTee1UD1/QKFBcYon5ro2eWDkWePcSfHSGTP9eYYUXDCZR5yDWktuQp7QIkqxQdXctQdZfxJELL0zDc0sAFsPHEkmu+OPmdbQALC1Ffmb3+ZnziJONjPys0JAG056DlQI8iGVUxgNjBKp1UObRAyKROmXgv4tomYpWf7nw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=khkBgGzK; arc=none smtp.client-ip=209.85.208.42 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="khkBgGzK" Received: by mail-ed1-f42.google.com with SMTP id 4fb4d7f45d1cf-5d3e9a88793so4005289a12.1; Tue, 10 Dec 2024 01:46:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1733823977; x=1734428777; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=BKIHos904u/55jjyV61JBBioSUFkR0jZBzN6/oqpIaY=; b=khkBgGzK60LQcRAqBLerUKrKg3TlfLFapSIwTzKdniZ3NmxOIAwwBE9ItUltv/Uk2q bXHdJhWf43TfxxHKQy0XmuwgU3ZF8JkYrP9vfwynFN1JDfuO3GcSRECn4ywz03mOfPJ2 17pSgFgxAHKrygvlOeVq4XLzvqIrqGtotlrGa/YeZXrzMzlv9aqWiYgxH+xej6OOrC1J /F609KlpIR7fFfj82xKt86AhY+bgSjYMvSGmpS06YRLfWaI9r4NfTXmgX/CzdujVyJjt cHqpRlIBIeMyg3VYIG/nyjB1BfEmQsbYO6Ib0KGR4Q6Lz53nxkBevyq5i/HlBCcxl6i7 wr8g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733823977; x=1734428777; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=BKIHos904u/55jjyV61JBBioSUFkR0jZBzN6/oqpIaY=; b=LNB7cGoDsNrLIfkQAYm3aVHRfgavKt354JUzTyNksEO5xPEuvyQJlLW1RGOttM9f3e 3f0qTr/E95EzxoI/bNRvkjJ/PdZGMXD5S+sRNBFkWRZALDLxlO+kvqnK6pcnHBeFtNcw xP3KDJZDAZkOxXwUXrgQp/aVB+oqyVdVAFAd2YVmlHYH6Wsppdb7huLMpkYrvQJsJtno tIPYe1FjuD7UR1KgDrzeQXbh7d8h3rM5TdfjLlKxb/Wwcrgq/TFwr3jGHIRSHYHDiPGz gh6p2SfXhmS4kpQrDMpfYqhkEMeTWOtLAWNq19wJIw4i373lHf8jx7dcxvDR2NUGmckl Lr/Q== X-Forwarded-Encrypted: i=1; AJvYcCXIHyeN4UWMqSGDIMX5e31zDaRIjgnVOdoTbwxSevNP6nkZOpHlUaL/g1G8WI4e75guV2N3+lkM7E+kFYQvzjSG@vger.kernel.org, AJvYcCXt6QzrG2TIR0pxe9rPh6VZMe5921c9JxYAhlU7VRvkbeThnItyOqCWJhH8chjMIS/f/QlQddYVesffMDg=@vger.kernel.org X-Gm-Message-State: AOJu0YzukxwKxqS8wpHOmAaVmpN/ZScAllqpMF2KuLQN27rZ/WG/Bj4p +j5k5QIiuvDlsgHc1Du8YXIYFudg+zeSpwGKExJWb3zpZIAdW2GZ X-Gm-Gg: ASbGncsdDXlBHe2QjGVuiqcyRAdkjYvH8bvSdyMu8ERC+BysUIyBINdJHbFCgTXg5P6 ujl34vI+OdD2jRMrqDKI6Y71VK+NFs0xegEF5+N/sMjxxNx6KBUvCbgxfmZlYElCG8gZJT1cqcL uIPFZUYxislaUrg0UDQtbZDh+XCLsEH5y/n3BhU+alcRcmZ/usj8bX1vtE/LEfQ6QzW6/rMs7UP hK5TvmswqXpOfGlCSS5h1ln8Kah2mcRV0WcsdDOWMavSL5fNBWOAQD+cko7aNkD8u7B3C62ltp8 cQR1WEwQAWlHktA0izSZfev0sGUvbw/295+bAQpOcboZBBvZwomA+pqdodVQPSYDtRhh8Us= X-Google-Smtp-Source: AGHT+IEEUrkGtJfTGOQCwFkl/sxLKxNiujiQKGJAvLJ8Ua0u8uaifo2lDidZZxTSL8EGmSiw468ajg== X-Received: by 2002:a05:6402:13d1:b0:5d3:cd5b:64da with SMTP id 4fb4d7f45d1cf-5d4185f81d8mr3897445a12.23.1733823976507; Tue, 10 Dec 2024 01:46:16 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5d14b609e56sm7313936a12.40.2024.12.10.01.46.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 10 Dec 2024 01:46:16 -0800 (PST) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Andrew Lunn , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , David Ahern , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH RFC v3 net-next 03/13] netfilter: nft_chain_filter: Add bridge double vlan and pppoe Date: Tue, 10 Dec 2024 10:44:51 +0100 Message-ID: <20241210094501.3069-4-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20241210094501.3069-1-ericwouds@gmail.com> References: <20241210094501.3069-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org X-Patchwork-State: RFC This adds the capability to evaluate 802.1ad, QinQ, PPPoE and PPPoE-in-Q packets in the bridge filter chain. Signed-off-by: Eric Woudstra --- net/netfilter/nft_chain_filter.c | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/net/netfilter/nft_chain_filter.c b/net/netfilter/nft_chain_filter.c index 7010541fcca6..91aa3fa43d31 100644 --- a/net/netfilter/nft_chain_filter.c +++ b/net/netfilter/nft_chain_filter.c @@ -232,11 +232,27 @@ nft_do_chain_bridge(void *priv, struct sk_buff *skb, const struct nf_hook_state *state) { + struct ethhdr *ethh = eth_hdr(skb); struct nft_pktinfo pkt; + int thoff; nft_set_pktinfo(&pkt, skb, state); - switch (eth_hdr(skb)->h_proto) { + switch (ethh->h_proto) { + case htons(ETH_P_PPP_SES): + thoff = PPPOE_SES_HLEN; + ethh += thoff; + break; + case htons(ETH_P_8021Q): + thoff = VLAN_HLEN; + ethh += thoff; + break; + default: + thoff = 0; + break; + } + + switch (ethh->h_proto) { case htons(ETH_P_IP): nft_set_pktinfo_ipv4_validate(&pkt); break; @@ -248,6 +264,8 @@ nft_do_chain_bridge(void *priv, break; } + pkt.thoff += thoff; + return nft_do_chain(&pkt, priv); } From patchwork Tue Dec 10 09:44:52 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13901158 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-ej1-f50.google.com (mail-ej1-f50.google.com [209.85.218.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BD8C7212D93; Tue, 10 Dec 2024 09:46:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.50 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733823981; cv=none; b=KkQzdr5w9DklLnY9McecsMbpa1uIWs//bu+U5gqjfhz0lU8WicNL1Q8L3blggWRcWIsDxKazst4GfVG1k7NW7MCnm78KRecQ7StmQ0tK3U/3NzdgC8dw02cJpX66Eexi5TkyF8diWDWZcf8eMd/9kJ2hu85rWgyvALH+t0w/SxA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733823981; c=relaxed/simple; bh=8FDg8XDgxLrQXtngh8SnXV87g84Jre2hDTtrxRNL4i8=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Xwf0txwKE/srst60oilS2zV+fxLgE4fy0FmG02k3fPM42NRKkpX43YOr7GaKUAOx9RI8KSz77YiPGyrjRMj6Eg9gaIXRFbx9k91LNBbVHNfj7mPedvdhPfcVPioQsNnKHS0Ma54otwsohw2SalK8XqyQU8uEbUJnKgBFyp3+kwE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=XIBzcml8; arc=none smtp.client-ip=209.85.218.50 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="XIBzcml8" Received: by mail-ej1-f50.google.com with SMTP id a640c23a62f3a-aa67333f7d2so369349266b.0; Tue, 10 Dec 2024 01:46:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1733823978; x=1734428778; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=uFNROVzPiBTZyVVUJmIxiKujmgCuTGia69D/U8CcyUs=; b=XIBzcml8NsTi+aYDbssj33oTe9pqQDJKdbFRPgD//eJOVpOgH40sHApS51RYhzi/IP nhKtZKgU8Mue0e+ytdzdftkQ+p+yFT5Q34a25XOIhW+lq5Pllb1CKuv485aDOrqa7gqO T8nrfn4ahOv0llUFLnA4rCEfeVPYeWVEzLLscUoof0etosVntxV9E9B3OfBUYXBdI6eh mZVXpH4i6Qpi1YH9oF2UaQYkgv2/fcaktzuJqpgsHhHV2y7MuxzAcr7YStGAvykh7QWQ LT2syv+AGKzAGzidnbaiLZmv1uBcLxjggeSbX+eBmCIJ/ZxA0AYJK+x4epwg2HzUTUy3 ocfw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733823978; x=1734428778; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=uFNROVzPiBTZyVVUJmIxiKujmgCuTGia69D/U8CcyUs=; b=bORWXGPSPXIquvq23sShmMRZSeSsZ5N5Ggw332eDwK4d8/2tbdERHRbXoQ2IVPetmG 0orKzfbU1pbfi2cmgC2NSf/YTHamn8S7Fd+W84t0NIg7u5pnv3YjAS+rQ3oLx8/pXRB+ shRT+rEMmOYBbLF4bPdpfKOWgtoBLP9oaIyxuhDgH81+BhxUw0od7OUCozwo22JSuFxE mGlUCprdaJuNLAbTLhqNSqhztkz2uRlI/QU74CVQIlAaL1wxwh8Albj9KaKyWWWU+EWH +u//Q2sijFrSze3Rp0vk8h/xVoeMuTmQQwVIyB5N6LJMkGO4H8KKj+K9PSSWRu1prpSU WqTA== X-Forwarded-Encrypted: i=1; AJvYcCUQzeC91cLrQRkbEA4ZNT8JT03c4+BZDYMBM3NxBMrZnKhYJBZuqVOOItfvXaBpuqRlMY6i4G19k23iHgBuPpfU@vger.kernel.org, AJvYcCXxNEbBuGYoj/uMFdfSK4q3KtBuJcW4VjY61wTq3OxWWU1Zv0k5jFv1pGt3L9RLQQb+w31Kz9LXSZEG1JM=@vger.kernel.org X-Gm-Message-State: AOJu0YzVtTXY2Wnjxi0vyD3k+wK7d+YZh8F3VFbNHlQhiI+Lghp4ulrg /DF3yE227yql6JinAumfzCF+GdYElTNl2/vv9mPIZp4JT6Zshu8s X-Gm-Gg: ASbGncuppZ1Hir9YBcb8TWM68at2nvcMZbX2yCQy67WHyxaxdU747aQ02Ds8ORbdpd9 roQVOpRnoLmsqW0i3RJ7bu8RZF/fE/zLcfuu+bguIPTlGWJzVYCqoV4a2+WxJgLmjQxrAViH9tN 43Sv4UrUOtYRUw3dfLvp3PqmjTHpXqUx81EU1/yHiuC0P/06BfVtqnwhzmcAiuOTgds//bMLtT8 ydYqJ82+hEXF1JRTlif+4goUhfhaH90C5Zliy924dZvT/Z3xBZoB+wH8sxSlH78J1QXVC1O3GBj kd12eFG4p/EapsLY7/K8a8hi1rAq4bO24ZOeNV3ZJ0ZW9VXQPmUT0J2EzZMRzfssKgblJSw= X-Google-Smtp-Source: AGHT+IFck8FUe0I7ZA5vL7ViiiUaUyfpC35SDzrKqWUIlH6m1Fs13klQNmleCULSsIKK4sGjlxJe1g== X-Received: by 2002:a17:906:3292:b0:aa6:967c:9aaf with SMTP id a640c23a62f3a-aa69ce44445mr361784266b.50.1733823977712; Tue, 10 Dec 2024 01:46:17 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5d14b609e56sm7313936a12.40.2024.12.10.01.46.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 10 Dec 2024 01:46:17 -0800 (PST) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Andrew Lunn , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , David Ahern , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH RFC v3 net-next 04/13] bridge: Add filling forward path from port to port Date: Tue, 10 Dec 2024 10:44:52 +0100 Message-ID: <20241210094501.3069-5-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20241210094501.3069-1-ericwouds@gmail.com> References: <20241210094501.3069-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org X-Patchwork-State: RFC If a port is passed as argument instead of the master, then: At br_fill_forward_path(): find the master and use it to fill the forward path. At br_vlan_fill_forward_path_pvid(): lookup vlan group from port instead. Signed-off-by: Eric Woudstra --- net/bridge/br_device.c | 19 ++++++++++++++----- net/bridge/br_private.h | 2 ++ net/bridge/br_vlan.c | 6 +++++- 3 files changed, 21 insertions(+), 6 deletions(-) diff --git a/net/bridge/br_device.c b/net/bridge/br_device.c index 0ab4613aa07a..c7646afc8b96 100644 --- a/net/bridge/br_device.c +++ b/net/bridge/br_device.c @@ -383,16 +383,25 @@ static int br_del_slave(struct net_device *dev, struct net_device *slave_dev) static int br_fill_forward_path(struct net_device_path_ctx *ctx, struct net_device_path *path) { + struct net_bridge_port *src, *dst; struct net_bridge_fdb_entry *f; - struct net_bridge_port *dst; struct net_bridge *br; - if (netif_is_bridge_port(ctx->dev)) - return -1; + if (netif_is_bridge_port(ctx->dev)) { + struct net_device *br_dev; + + br_dev = netdev_master_upper_dev_get_rcu((struct net_device *)ctx->dev); + if (!br_dev) + return -1; - br = netdev_priv(ctx->dev); + src = br_port_get_rcu(ctx->dev); + br = netdev_priv(br_dev); + } else { + src = NULL; + br = netdev_priv(ctx->dev); + } - br_vlan_fill_forward_path_pvid(br, ctx, path); + br_vlan_fill_forward_path_pvid(br, src, ctx, path); f = br_fdb_find_rcu(br, ctx->daddr, path->bridge.vlan_id); if (!f) diff --git a/net/bridge/br_private.h b/net/bridge/br_private.h index 9853cfbb9d14..046d7b04771f 100644 --- a/net/bridge/br_private.h +++ b/net/bridge/br_private.h @@ -1581,6 +1581,7 @@ bool br_vlan_can_enter_range(const struct net_bridge_vlan *v_curr, const struct net_bridge_vlan *range_end); void br_vlan_fill_forward_path_pvid(struct net_bridge *br, + struct net_bridge_port *p, struct net_device_path_ctx *ctx, struct net_device_path *path); int br_vlan_fill_forward_path_mode(struct net_bridge *br, @@ -1750,6 +1751,7 @@ static inline int nbp_get_num_vlan_infos(struct net_bridge_port *p, } static inline void br_vlan_fill_forward_path_pvid(struct net_bridge *br, + struct net_bridge_port *p, struct net_device_path_ctx *ctx, struct net_device_path *path) { diff --git a/net/bridge/br_vlan.c b/net/bridge/br_vlan.c index 89f51ea4cabe..2ea1e2ff4676 100644 --- a/net/bridge/br_vlan.c +++ b/net/bridge/br_vlan.c @@ -1441,6 +1441,7 @@ int br_vlan_get_pvid_rcu(const struct net_device *dev, u16 *p_pvid) EXPORT_SYMBOL_GPL(br_vlan_get_pvid_rcu); void br_vlan_fill_forward_path_pvid(struct net_bridge *br, + struct net_bridge_port *p, struct net_device_path_ctx *ctx, struct net_device_path *path) { @@ -1453,7 +1454,10 @@ void br_vlan_fill_forward_path_pvid(struct net_bridge *br, if (!br_opt_get(br, BROPT_VLAN_ENABLED)) return; - vg = br_vlan_group(br); + if (p) + vg = nbp_vlan_group(p); + else + vg = br_vlan_group(br); if (idx >= 0 && ctx->vlan[idx].proto == br->vlan_proto) { From patchwork Tue Dec 10 09:44:53 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13901159 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-ed1-f44.google.com (mail-ed1-f44.google.com [209.85.208.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 56FE8223E7B; Tue, 10 Dec 2024 09:46:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.44 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733823983; cv=none; b=Y7dj5LDU9Ai1WuXeNzen1hElVx5WuYtCKeKLOjJ9GL0gM//2efBFltR0BtfKEWqeU6h6+qZracgcShjLFpk+5Gv3q6FnNlkJObvnY/rMWvNJwhZiymVbDJl3PEQnlbgUu/FR2YsNo1f2LVTQnYNA6X1Fxi222ChpOMd6hBK4Y2w= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733823983; c=relaxed/simple; bh=jNdmUtmmLWwn9rk4yVMKaaPoDxyz2/GusjoWrAJe5NQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=aOMEWAFp53SWg8LGLGD1M34MhWWKbbB74FuPJ01oWqeCCB0irI2YbJGD8Kf1B0XTynYoPWNsLS+WfSIuH+XkIM0PS+EONv2zfSoWazRMKybSoo5Eabi7gG5Ty4L17MNreKsgSPXP8BAZUmbowiiIQ8+yYCLV2NNapG+4kJtIGZY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=L8HLweZs; arc=none smtp.client-ip=209.85.208.44 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="L8HLweZs" Received: by mail-ed1-f44.google.com with SMTP id 4fb4d7f45d1cf-5d3d14336f0so6017442a12.3; Tue, 10 Dec 2024 01:46:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1733823979; x=1734428779; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=sgr56AJOAsne10L7JfWzoylFaIhH9l45zqgX/3P/NmA=; b=L8HLweZsFoUucWX5DQUGUBG9XXY2x+z4eNGUZCjMnEw86mSbjmEePeU0uyOj8yiH+d DOwEdB/254RjjAKXwxTIzmU0eCNX/5qMWR2/6EtF6bcJtYrGGkjrYnX3KNkaFJZCGADg FSWXqGCCrZju2rSW9AydsrilYZeZkV8jxZ5czu9Z0biGT+136qZhQUyL1EYO4drJ3WoN uUuzTcXuup62k9ixjz3Og01BMsOIb/yOF6sOEWoZi++XVW/pvgQtIuXKHUVTFJs34v1J G0jmRCx//gX2oq37tvf/xmCXujaubi66hOJQXQSrDWJgdtZbGYNQ1waM1V6QOYSoGoL2 HtFg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733823979; x=1734428779; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=sgr56AJOAsne10L7JfWzoylFaIhH9l45zqgX/3P/NmA=; b=NI1ARqIIFPg4YIvbSCYS7MDPa/IeEKDRtP9Cuu6ethk4OgUhPJu48FS8nvg1ZKfAXS ab/yyD+MP0XtsAzkrffcWGg822gb8FfkZx54j1GtrhXkY60fbagH5ld8xgYClFHdf2uU kLeMvSN1O/345MKBU04tv4IIEXH+lw8PiIVLz7Qfhh/PfJB4BLwGRt0DCLwNLcOFjI+H NeqJ1Mdm7w+kmn+gXssoteWL0KXlqX87Xqn+FFiTZpkahVlUVgrMOY2nUD5rGKNathLV XcZNm37Eo+bMUFHxV2EtIvaNC0iDI5g7DAlG5bcfumeSjqB3GT2KQ0Nt0KtIQvV+Gibl uKfg== X-Forwarded-Encrypted: i=1; AJvYcCU1GxwtRUO+xLXaR2cALQlSkanjUT95JNdPw2CMhrgCkGliVDy/KvCRwPg9eLwrieowTaZ6yqN2f9Eid58=@vger.kernel.org, AJvYcCXoo3IpGP5JVFQRE6nKk5qGTheTz0nUgy+AGqFZAm1EHFgULpR2PnotghipjNYofsI3f4C5DVtEgK8FptxnlPv7@vger.kernel.org X-Gm-Message-State: AOJu0YwiHpgyZMS42zRpNuebgeG4ruVeMtYWyUPjHdHRDbmzAaJPp1Xw UJbqyfAYgurjoZGRWTFDhdIgwV0Zk/EorFfReZGHnyV2YLIeHIpP X-Gm-Gg: ASbGncs2negClnEcsnkf1vKlmX4zaWMI2ifAZotKA/DU9bUfZo44v6lF4z0/mIRhBtx /kMuRRYlSu+nJapAJBbp4ikau6sb3PLad0kTb6aa4cAj7Ppn0hpYKcqlKwFCrCIh3eH2u2cxjP/ eEEsYBSCu/Sqie3c1ug0AWnD8zfCyaIVG/srh5mkT+5zczzIKdFFisDE/n84DeVU3+P5T/r4YvZ tFUgUp3xj4rUAFT3SJl6//PrsuVnvNJoR2GoK76pBy+9pJMynzuzWJGsHu7clMZ+QGeckg5S7OI A742xMbAyx0zMHMIYGRQn6ek4paOVylfHG6IAQZABABN86ITHNNkx3jy2OnxW6fcE7wnUzI= X-Google-Smtp-Source: AGHT+IGZmVUxUDExEwI2I/Wt1QDwE1SDwE0IGYTeBPK1ELBKPlastjt+1dn458EDLOHgXMoYKOhzNA== X-Received: by 2002:a05:6402:3484:b0:5d1:2440:9b05 with SMTP id 4fb4d7f45d1cf-5d41862e405mr4691296a12.28.1733823979183; Tue, 10 Dec 2024 01:46:19 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5d14b609e56sm7313936a12.40.2024.12.10.01.46.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 10 Dec 2024 01:46:18 -0800 (PST) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Andrew Lunn , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , David Ahern , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH RFC v3 net-next 05/13] net: core: dev: Add dev_fill_bridge_path() Date: Tue, 10 Dec 2024 10:44:53 +0100 Message-ID: <20241210094501.3069-6-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20241210094501.3069-1-ericwouds@gmail.com> References: <20241210094501.3069-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org X-Patchwork-State: RFC New function dev_fill_bridge_path(), similar to dev_fill_forward_path(). It handles starting from a bridge port instead of the bridge master. The structures ctx and nft_forward_info need to be already filled in with the (vlan) encaps. Signed-off-by: Eric Woudstra --- include/linux/netdevice.h | 2 ++ net/core/dev.c | 66 +++++++++++++++++++++++++++++++-------- 2 files changed, 55 insertions(+), 13 deletions(-) diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h index 135105441681..6dbc442f9706 100644 --- a/include/linux/netdevice.h +++ b/include/linux/netdevice.h @@ -3183,6 +3183,8 @@ void dev_remove_offload(struct packet_offload *po); int dev_get_iflink(const struct net_device *dev); int dev_fill_metadata_dst(struct net_device *dev, struct sk_buff *skb); +int dev_fill_bridge_path(struct net_device_path_ctx *ctx, + struct net_device_path_stack *stack); int dev_fill_forward_path(const struct net_device *dev, const u8 *daddr, struct net_device_path_stack *stack); struct net_device *__dev_get_by_flags(struct net *net, unsigned short flags, diff --git a/net/core/dev.c b/net/core/dev.c index c7f3dea3e0eb..01dc51abe7e8 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -713,44 +713,84 @@ static struct net_device_path *dev_fwd_path(struct net_device_path_stack *stack) return &stack->path[k]; } -int dev_fill_forward_path(const struct net_device *dev, const u8 *daddr, - struct net_device_path_stack *stack) +static int dev_fill_forward_path_common(struct net_device_path_ctx *ctx, + struct net_device_path_stack *stack) { const struct net_device *last_dev; - struct net_device_path_ctx ctx = { - .dev = dev, - }; struct net_device_path *path; int ret = 0; - memcpy(ctx.daddr, daddr, sizeof(ctx.daddr)); - stack->num_paths = 0; - while (ctx.dev && ctx.dev->netdev_ops->ndo_fill_forward_path) { - last_dev = ctx.dev; + while (ctx->dev && ctx->dev->netdev_ops->ndo_fill_forward_path) { + last_dev = ctx->dev; path = dev_fwd_path(stack); if (!path) return -1; memset(path, 0, sizeof(struct net_device_path)); - ret = ctx.dev->netdev_ops->ndo_fill_forward_path(&ctx, path); + ret = ctx->dev->netdev_ops->ndo_fill_forward_path(ctx, path); if (ret < 0) return -1; - if (WARN_ON_ONCE(last_dev == ctx.dev)) + if (WARN_ON_ONCE(last_dev == ctx->dev)) return -1; } - if (!ctx.dev) + if (!ctx->dev) return ret; path = dev_fwd_path(stack); if (!path) return -1; path->type = DEV_PATH_ETHERNET; - path->dev = ctx.dev; + path->dev = ctx->dev; return ret; } + +int dev_fill_bridge_path(struct net_device_path_ctx *ctx, + struct net_device_path_stack *stack) +{ + const struct net_device *last_dev, *br_dev; + struct net_device_path *path; + + stack->num_paths = 0; + + if (!ctx->dev || !netif_is_bridge_port(ctx->dev)) + return -1; + + br_dev = netdev_master_upper_dev_get_rcu((struct net_device *)ctx->dev); + if (!br_dev || !br_dev->netdev_ops->ndo_fill_forward_path) + return -1; + + last_dev = ctx->dev; + path = dev_fwd_path(stack); + if (!path) + return -1; + + memset(path, 0, sizeof(struct net_device_path)); + if (br_dev->netdev_ops->ndo_fill_forward_path(ctx, path) < 0) + return -1; + + if (!ctx->dev || WARN_ON_ONCE(last_dev == ctx->dev)) + return -1; + + return dev_fill_forward_path_common(ctx, stack); +} +EXPORT_SYMBOL_GPL(dev_fill_bridge_path); + +int dev_fill_forward_path(const struct net_device *dev, const u8 *daddr, + struct net_device_path_stack *stack) +{ + struct net_device_path_ctx ctx = { + .dev = dev, + }; + + memcpy(ctx.daddr, daddr, sizeof(ctx.daddr)); + + stack->num_paths = 0; + + return dev_fill_forward_path_common(&ctx, stack); +} EXPORT_SYMBOL_GPL(dev_fill_forward_path); /** From patchwork Tue Dec 10 09:44:54 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13901160 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-ed1-f52.google.com (mail-ed1-f52.google.com [209.85.208.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4EED7223E9D; Tue, 10 Dec 2024 09:46:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.52 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733823984; cv=none; b=fRRYeOYXlBppgltN9H3QgWjWQC5uhme7KZu2MXL8xFhEZcDr0aGvAOWuwts3PkdbYArcGh0OX/eR/KJerQuHJ5pwxuYTi0rNqNVHszBbh/Ad4ujW+bY6J9NP9HBgKz2P65n3VT7d/OunWqxFWm2fEAJSUe79Imr+831TxRD4FME= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733823984; c=relaxed/simple; bh=BvqBAh9vpYpaQZe3zOQxhCXX2RDxLCUEfBQIamImBGc=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=SBw4+cJEjNvcUbvobdfgfDGzERUbxnRy0dCcdALyC1gc8Ne90GhkDwNLD/+Q37+3muVrlBkehl/vvs/obCCTE2Uzrw81bwc4AwGWbqY8ze3y+BBw85YwyD5A4JOh5ppLXi2bGGsPixUxYz7af1bTPK08sQxHIwZk6AXsrX8bZlk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=Dv/sQd9G; arc=none smtp.client-ip=209.85.208.52 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="Dv/sQd9G" Received: by mail-ed1-f52.google.com with SMTP id 4fb4d7f45d1cf-5d3cf094768so5869348a12.0; Tue, 10 Dec 2024 01:46:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1733823981; x=1734428781; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=0IPV+/btLneRoSo5HiyXyxa4AsB3fEttv56AKWcCbic=; b=Dv/sQd9Gu11k1gjKOTyC/HO5DoB94W8WMnexylqqEkgTK3QNx5SBamkAb4y0gjMAy3 hvKCwarHEyi6qbkuuIuD0A9gzTPwvUKMZVyDRFp741Ovgb37zIly/Gi7fJmd2f8XQ9MS g4hPhBxwT6LtnPfcOcCKnGLq1TbZ1u3wgi1Pn0FUG/EKG5OhOs4NGgszQXevP6PIrK0M 06YaCIJvdI4EuKt12IOqrNJNx8PmZm3biMzlYXU7giLxp1ilppjLhPwwyxG3oXbcl+jt k+jFAaZMbAE2V1YcO7gF3xR44PWp4kGCFtmt1/TMQOPjrDS8ccePlwHv+0/5Ejx5KQEN Ed/Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733823981; x=1734428781; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=0IPV+/btLneRoSo5HiyXyxa4AsB3fEttv56AKWcCbic=; b=adv4FIBMlO2MdrLRmfcfpV273ycN7QT8aUMnE5KbVJybNil0RB5UMwoc6nC7++1q1c UC3XO8pbUnvo5KMCdWvg3LQCJXcXq01OIOG5qnDEnXkMhw7J95i70XM7yG0YeruaKM97 2InP8iuhl+IWGOvUjKd2i76OG3hH0tpnqJFKx5nDkB5mQO9+Bd9e7r4HzKXYj/EalFVj dIzLm+wnO4JJyhVWY2wn3EaKKHzUNGcwpPT1K70hCJUL1Ev+OE3TMqnGxGBZy4nP8Oeg BYoOVQB07OOEE7bsIttKi14yWRYOLuflNKQKXyrG3Zf5Wm28o61ZKapwtYOik66NrpYm VtHQ== X-Forwarded-Encrypted: i=1; AJvYcCUwr1FQamRASHjb2hkIxAN6pwEFKjecn9u0nIZvyGxqY0xywYNrbpX2t912QJ3ENBcnkEanPGY+4vPWEqs=@vger.kernel.org, AJvYcCXjlnHE4pl7Y59If2gjkHc9+UAInAy5cITujKH680webmC0iYYSRH4KU/wsbQSKKV0kdORVHbzS1BuJTosf/zjg@vger.kernel.org X-Gm-Message-State: AOJu0YyEL/KIvPVEO8kgo5MTQWf8MUB+qxYBtMh75FykdL+MnlXP83Na amSHTXJikY+vylBn+uu2RHEHewq3REMeneTO7xKflC/eM0jbuL3U X-Gm-Gg: ASbGncsBORwIz2cbNchaWplTdPekN/iNrYindkwm4oGQh728qI62s4PgoRm+wwGdysu 61A5zyQtEgovy9oBzp2HRbdiUpkASUsKzDBX+dLvyVNOOL4T9PzXfGMS67oGIxsJGsL1wZtoEFH aCdHxx56UpRXzBVSpPXr64vyItZ+P2qvEDMvrGrxENC7HFQfVG4Zjjvq98VpsFfCV65q+OJR1vB 78kOdVylONQbCCywML/mVPVIm6NsBs9+SzJaaiJ60/6xVeQHvjruU2/ia+5L3KIBb1P7EmHDeO4 8O6M/WJJoG/Hh0E2UOKwbFDPRu9JJsemodkB8xDd3V7nc27WUASstTGLvA4vgVaexE+L3u0= X-Google-Smtp-Source: AGHT+IFjT0LuXJIh1LnKJhzqy9wN2HFcOfLo9WVivfUzaooRucqnpDZPHXE4LF68gVbRTOO3lAb8JA== X-Received: by 2002:a05:6402:42ca:b0:5cf:c97c:8206 with SMTP id 4fb4d7f45d1cf-5d4185f8686mr4106270a12.25.1733823980513; Tue, 10 Dec 2024 01:46:20 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5d14b609e56sm7313936a12.40.2024.12.10.01.46.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 10 Dec 2024 01:46:20 -0800 (PST) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Andrew Lunn , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , David Ahern , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH RFC v3 net-next 06/13] netfilter :nf_flow_table_offload: Add nf_flow_rule_bridge() Date: Tue, 10 Dec 2024 10:44:54 +0100 Message-ID: <20241210094501.3069-7-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20241210094501.3069-1-ericwouds@gmail.com> References: <20241210094501.3069-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org X-Patchwork-State: RFC Add nf_flow_rule_bridge(). It only calls the common rule and adds the redirect. Signed-off-by: Eric Woudstra --- include/net/netfilter/nf_flow_table.h | 3 +++ net/netfilter/nf_flow_table_offload.c | 13 +++++++++++++ 2 files changed, 16 insertions(+) diff --git a/include/net/netfilter/nf_flow_table.h b/include/net/netfilter/nf_flow_table.h index b63d53bb9dd6..568019a3898a 100644 --- a/include/net/netfilter/nf_flow_table.h +++ b/include/net/netfilter/nf_flow_table.h @@ -341,6 +341,9 @@ void nf_flow_table_offload_flush_cleanup(struct nf_flowtable *flowtable); int nf_flow_table_offload_setup(struct nf_flowtable *flowtable, struct net_device *dev, enum flow_block_command cmd); +int nf_flow_rule_bridge(struct net *net, struct flow_offload *flow, + enum flow_offload_tuple_dir dir, + struct nf_flow_rule *flow_rule); int nf_flow_rule_route_ipv4(struct net *net, struct flow_offload *flow, enum flow_offload_tuple_dir dir, struct nf_flow_rule *flow_rule); diff --git a/net/netfilter/nf_flow_table_offload.c b/net/netfilter/nf_flow_table_offload.c index e06bc36f49fe..5543ce03a196 100644 --- a/net/netfilter/nf_flow_table_offload.c +++ b/net/netfilter/nf_flow_table_offload.c @@ -679,6 +679,19 @@ nf_flow_rule_route_common(struct net *net, const struct flow_offload *flow, return 0; } +int nf_flow_rule_bridge(struct net *net, struct flow_offload *flow, + enum flow_offload_tuple_dir dir, + struct nf_flow_rule *flow_rule) +{ + if (nf_flow_rule_route_common(net, flow, dir, flow_rule) < 0) + return -1; + + flow_offload_redirect(net, flow, dir, flow_rule); + + return 0; +} +EXPORT_SYMBOL_GPL(nf_flow_rule_bridge); + int nf_flow_rule_route_ipv4(struct net *net, struct flow_offload *flow, enum flow_offload_tuple_dir dir, struct nf_flow_rule *flow_rule) From patchwork Tue Dec 10 09:44:55 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13901161 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-ed1-f53.google.com (mail-ed1-f53.google.com [209.85.208.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 39A66212D67; Tue, 10 Dec 2024 09:46:25 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.53 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733823987; cv=none; b=pex0NGPYSA3JVTjSHXp08iQkOxHO9m6VtwIFhACF5l4dS5+pf2x9Aw7iFKu+Rfr8GYAOTBX+iaC3o/m+i7XLAwQ90TcRjjRBhgcPQz/OPbFrknwGD+osMfKqDTuEAacTbe1V7Wr8ng13hhBw3WpK0OlW+Fl9X8kN80uRWKqAYjY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733823987; c=relaxed/simple; bh=Xmg/u/sY6eLFrKn3iN8YG2bBcM9CQwqTudcQRkmzqU4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=a+8Vu1fVwBL5tjLW/rbCv09YuIgrGR87wQG1wqp5EMufWge0DS+XEYAinDSBzbGIEkUZvkGbSt4Op2ECNAkR2f0U49iZrm7zOHRrjb61AyALL9uY0MTSRXaBS2SDP3Yay8QmVzIWBMacmoYQBdVXJrrrTHSDHspKOeDikl6YgMw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=FvwY5rnS; arc=none smtp.client-ip=209.85.208.53 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="FvwY5rnS" Received: by mail-ed1-f53.google.com with SMTP id 4fb4d7f45d1cf-5d34030ebb2so7106062a12.1; Tue, 10 Dec 2024 01:46:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1733823983; x=1734428783; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=pk+qY6px5gG3FxqwFvW1Op3xt7LAoxtK3/4BHj1Cflg=; b=FvwY5rnSqqPHWNtMJrIF/NYUV+Xn1clSz93f8jSdzHy1wruqOQfHG1bdfP314j9LWf 0WbYmIMPSH6xWaFlxfU2rtzKMo+n2xi1nMIpsfARJjjtE4hzNGJH090D40Ca8TAAndYw QWQuklkT7bkT/MoaWibcdLWJSGDQUPDETmB8zBKBlqrGrOcJLZBBu89b4NTo10rF63qw 3VUUEFrTrIfX1xNFf9ZzGdZg08XT24HpPq3FR00PjWOktBazgYwnH9rafnZWdK2ouGkj hUYxIRAjMYKTH4B8iLSxdJ57XJ9q0CAJdztRGVnY4TlszJ9gvM54FtRcJZgue0aWEFlo Z7oQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733823983; x=1734428783; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=pk+qY6px5gG3FxqwFvW1Op3xt7LAoxtK3/4BHj1Cflg=; b=MKjtUHdfCjwbwvi+wlPaGnFsWpwEJj2E//R1WZSnI04eDCYV0fRL8JBBnFg4bhyXEy XFfxddPL0kPGyKnJxdg2mKWpJjD426/ELxA2CmXMh3KZwO9QZnRLa/VGyx+pP931iU6N k+houUr8PxIk+eF/yhBKbUQWZ68Bb0UoWy9IrNrAc36EwSv2cu4UKsWuUl/SvlhWN+uO xDNpi9FUSFZZeiGtsORWnjMvConrew6luUYm3x6Ux8MoSXDB6tk7ElTEln5x33B0i9ZB kvOyFP/flnxa/ty7bFMxXb47GtYE0YwPXwbKbmMECFpkCBlEWm8VmYWtEHndc4Amg3+7 rPqw== X-Forwarded-Encrypted: i=1; AJvYcCWGzI1fXxsnwqZEa9R3k/RAIkTQd2o8thOKstYVIOoGib5sAwZOCgDW6AObP4iur0/J8EkvuShSVyTk5GE=@vger.kernel.org, AJvYcCWyPfmU6WyDSek9NzWw73PKgr2c3rapUbsL+tQT6iFmNKBTU6Ufcvv4vlf/jE75rNhPRBYpDx/S0sLdmlk8Y08j@vger.kernel.org X-Gm-Message-State: AOJu0Yy1w9eu+a30dkMCH3MysMWjhFxa35yaRpq/4MY6Sr+IxX9NqKN3 q2ft4Fu6fS9smLhmDp09VzdnkSY0nUdpB+7Jj0puB03OgoTm5w4H X-Gm-Gg: ASbGnctaHX7l4tAAMZLCXBX+CE0D87FAYEQpWoFPqBu2SH99rxIB/JBfv15W011F4K3 UBUcxX/QSvg8CHU2KiGnQ+lh9mQ6xPR39bFHAhgRNJ1SDmqNmSyCXp0iRoIVy0olxIUJD91kBC1 4xTCO6ABqybWzgZfIJ//CINMN8ZutQjBQo40n8BVnhxE9+wsQcv2PcfLfm/D8WWdkZBNXEdXS7j 5aYBbujglFflj88e7YYB0d1Cj20h7jq5YiMLTSlE8hmpHHJctCuOMLTr+FcyIjsQVRil7CyzhaS 4EvdYMPll/EvswgTMqrkJ/qmsgIa530fNC5SfWiInCQyyNxii4aWb6QJvTw4KmjWGCfYfMM= X-Google-Smtp-Source: AGHT+IH4EN2bl4nM1hM4vW3lNE4AbT4jAUoKGNPh+jpctdHbiWVvzXPjIW3iNo8T8bSk3yNngjltIA== X-Received: by 2002:a05:6402:3484:b0:5d1:2440:9b05 with SMTP id 4fb4d7f45d1cf-5d41862e405mr4691569a12.28.1733823983340; Tue, 10 Dec 2024 01:46:23 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5d14b609e56sm7313936a12.40.2024.12.10.01.46.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 10 Dec 2024 01:46:22 -0800 (PST) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Andrew Lunn , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , David Ahern , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH RFC v3 net-next 07/13] netfilter: nf_flow_table_inet: Add nf_flowtable_type flowtable_bridge Date: Tue, 10 Dec 2024 10:44:55 +0100 Message-ID: <20241210094501.3069-8-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20241210094501.3069-1-ericwouds@gmail.com> References: <20241210094501.3069-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org X-Patchwork-State: RFC This will allow a flowtable to be added to the nft bridge family. Signed-off-by: Eric Woudstra --- net/netfilter/nf_flow_table_inet.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/net/netfilter/nf_flow_table_inet.c b/net/netfilter/nf_flow_table_inet.c index b0f199171932..80b238196f29 100644 --- a/net/netfilter/nf_flow_table_inet.c +++ b/net/netfilter/nf_flow_table_inet.c @@ -65,6 +65,16 @@ static int nf_flow_rule_route_inet(struct net *net, return err; } +static struct nf_flowtable_type flowtable_bridge = { + .family = NFPROTO_BRIDGE, + .init = nf_flow_table_init, + .setup = nf_flow_table_offload_setup, + .action = nf_flow_rule_bridge, + .free = nf_flow_table_free, + .hook = nf_flow_offload_inet_hook, + .owner = THIS_MODULE, +}; + static struct nf_flowtable_type flowtable_inet = { .family = NFPROTO_INET, .init = nf_flow_table_init, @@ -97,6 +107,7 @@ static struct nf_flowtable_type flowtable_ipv6 = { static int __init nf_flow_inet_module_init(void) { + nft_register_flowtable_type(&flowtable_bridge); nft_register_flowtable_type(&flowtable_ipv4); nft_register_flowtable_type(&flowtable_ipv6); nft_register_flowtable_type(&flowtable_inet); @@ -109,6 +120,7 @@ static void __exit nf_flow_inet_module_exit(void) nft_unregister_flowtable_type(&flowtable_inet); nft_unregister_flowtable_type(&flowtable_ipv6); nft_unregister_flowtable_type(&flowtable_ipv4); + nft_unregister_flowtable_type(&flowtable_bridge); } module_init(nf_flow_inet_module_init); @@ -118,5 +130,6 @@ MODULE_LICENSE("GPL"); MODULE_AUTHOR("Pablo Neira Ayuso "); MODULE_ALIAS_NF_FLOWTABLE(AF_INET); MODULE_ALIAS_NF_FLOWTABLE(AF_INET6); +MODULE_ALIAS_NF_FLOWTABLE(AF_BRIDGE); MODULE_ALIAS_NF_FLOWTABLE(1); /* NFPROTO_INET */ MODULE_DESCRIPTION("Netfilter flow table mixed IPv4/IPv6 module"); From patchwork Tue Dec 10 09:44:56 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13901162 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-ed1-f49.google.com (mail-ed1-f49.google.com [209.85.208.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4C6072343BD; Tue, 10 Dec 2024 09:46:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.49 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733823989; cv=none; b=NOUbrDnJDzWakxm+7bY4hi2FSvj1CbA4WrRxOE0xQfAjiIm27bZVoYbH6uytHnjrSLX3AM97BBcUFUEBN8Sud/g7ZJT8uPqxtcBvvXztCdeyGKlQ5Ic/DMFZE4wAhnfIzA4qzR7tNx3kWy/o38uVpNtQ9fHq4rk6TERC/NUNSGU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733823989; c=relaxed/simple; bh=dxwgF+fYRk3V5G96b0Vv6EygsfQSyTWaswg0nQK3KaA=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=SHZticgRsJZK2pZh0jly2dIEsZ6Z6I5smk8peoJTv3Cla67iYPwz1aRkMmZ2ii860MV865ig0B/OmNWmtr02KW5gOhxcVHSetgizUIp9mnXTNzLFKdCTrwLpxtdjriYgMNRF6Fg7JpBg8iCXNpfWW4HyiCmd6wP9Gq3WVNxLOpU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=hU/VO5An; arc=none smtp.client-ip=209.85.208.49 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="hU/VO5An" Received: by mail-ed1-f49.google.com with SMTP id 4fb4d7f45d1cf-5d41848901bso2136224a12.0; Tue, 10 Dec 2024 01:46:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1733823986; x=1734428786; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=dC3jhTj5HQrnKJfxc0SY/ZIZuFArZD9eLZZ+JbLbIJI=; b=hU/VO5AnDVGZElUuymSpcwJvtBKnPXzZV6y4lIZM8ExJu1NWkM8aXclBtZJyOAyAhA wkc/akMWhsVgSdozgG+AQctUYWm2OndQ/Jt04Cf+OvasaVs89CFviR3YR0C1IYfEWOBv gPTxMx/G8y/kFw6jE+Nw+VR2r7QegUEimMPQM33BjCJH/X2HYb5oweyisSjUTCrXm6uZ t0Vt8cnkzn7UBJI8uwCnAurJtZa2CcbZUJggu2z0PnEjhTNfCTo7SaCwSCWazI/f3fHV m482WH+OnYG2pHULW1dbbCp3o6zpmlxyZkodCQIroh3ozZV17m/ZFQN//wfgYRBUCZ7z MkTw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733823986; x=1734428786; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=dC3jhTj5HQrnKJfxc0SY/ZIZuFArZD9eLZZ+JbLbIJI=; b=j2rppKLW5fo6SasYNk/BMG973pRG5gEeAUB5cgupIIZRsEuPmisSdDR9Qyh1WbSXNQ niw3wF3WqJWBq0Z9bzk1IGsQn4PASufMDsZqAZ53SshNUEkN0am5oXZngkxozsAAk7TL hMUShOBGq+d+pW9FE6vYMtWpkppwXEcXz6GSV+O4JCPL8w2doWj+h/ChX6SJNsFx9ggK 0zGT7IV1liaDuFRW4kxoNHRVoHDEAdCn1RqhZEHjyJw/4aEsZk1ZlPyBg6wo+Hv+jLqv zwwjlZ6Z7Vuz3ttAjWD0Y37DIqHDdJKDbPhIKwGc1dKdLlhIWETEnzlFjeh3q79zs6WN PKTQ== X-Forwarded-Encrypted: i=1; AJvYcCX3zUU/qCa9khUYjLJCdKhWUqORVFiW8CbwJf79dRNSmLtuSpIHkUpl1z3/DzhypmEtyQtn6Po0XkjMBTkWHCc8@vger.kernel.org, AJvYcCXcfHEjAHAvT0IzussNrlo/jOiTWxXLTFQbUDmXtYravQg9iU7MwJ/gWyz5Re5YhIeAedcAd1Qy3m8MBJo=@vger.kernel.org X-Gm-Message-State: AOJu0Yyo2H8sr5GyXDvWsvEoS5bWazzeqSqTrxfh2X+e5CnpjudfX8nx DduP19+oc1oYneYyTADiCTRjAsUeAOGItMRPD68qwt7DimNrJk5k X-Gm-Gg: ASbGncszWrRNfZ+sLIbfeuCggp635BMysnRWa1Ew1cOqwQfd8BPkUHdkB8aXK7zBpR8 RAjU42I8oh6JwxViOpu87p6qEBcKFXvlrGaky4lAj0gdkMQSZiq6RONpfD5ovYDWxDyCyPJISDc G+/xWjBHHHGh6siVFKsF8R3nEkoCXKYE89ig1pqVxf1M4Vr45mzyGyYjeqSovATJ2+5Pxo+Jks1 ECLLpef5NcbNEf7KOWT6+epOjNFVSuZdiMNdRyZe/oroR+02ag/gr6lQclkzF86Q4tLAm5TiCoH dHDWCfxh3PGjt9wirzj/pdrd1Xj0Taxjb7LepNpV8G3VeiAoAnh42nAlTG7lR1UKm1EbJhM= X-Google-Smtp-Source: AGHT+IHlX9+SooPSE590CjcBy1PCTK3BSd2T3uvELFXCE//zwA+1O6qm8MPbAI3EXqA1jn0vY/Q71w== X-Received: by 2002:a05:6402:1f8c:b0:5d4:1c66:d783 with SMTP id 4fb4d7f45d1cf-5d41d3dd1c0mr2691977a12.0.1733823986474; Tue, 10 Dec 2024 01:46:26 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5d14b609e56sm7313936a12.40.2024.12.10.01.46.23 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 10 Dec 2024 01:46:25 -0800 (PST) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Andrew Lunn , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , David Ahern , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH RFC v3 net-next 08/13] netfilter: nft_flow_offload: Add NFPROTO_BRIDGE to validate Date: Tue, 10 Dec 2024 10:44:56 +0100 Message-ID: <20241210094501.3069-9-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20241210094501.3069-1-ericwouds@gmail.com> References: <20241210094501.3069-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org X-Patchwork-State: RFC Need to add NFPROTO_BRIDGE to nft_flow_offload_validate() to support the bridge-fastpath. Signed-off-by: Eric Woudstra --- net/netfilter/nft_flow_offload.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index cdf1771906b8..cce4c5980ed5 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -421,7 +421,8 @@ static int nft_flow_offload_validate(const struct nft_ctx *ctx, if (ctx->family != NFPROTO_IPV4 && ctx->family != NFPROTO_IPV6 && - ctx->family != NFPROTO_INET) + ctx->family != NFPROTO_INET && + ctx->family != NFPROTO_BRIDGE) return -EOPNOTSUPP; return nft_chain_validate_hooks(ctx->chain, hook_mask); From patchwork Tue Dec 10 09:44:57 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13901163 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-ed1-f45.google.com (mail-ed1-f45.google.com [209.85.208.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 87A232343DA; Tue, 10 Dec 2024 09:46:29 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.45 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733823991; cv=none; b=Mtjv0/YB10H6qSKUn0r51URicmBTYHsgvIgicGRADtH2O4tq0hTsEVAHQlvwqofyncfbQsm6AFtDrS/AtdxpTK49lNrI+ziGELOK4sL891JVdydFCI37LSOCPlxyUzTReP1AKwKHrsXhoqbUldyjqg8ir4Ek0fe/OZ61xx3l4rU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733823991; c=relaxed/simple; bh=maNLh6FFLEFZWq9gMrHdXn5flUbXY1gxWqNWlBJHOOc=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=HptuXMzFduelGUdPv3Wh/B7Ux/e6cijdYYWHitGwJE3veXvQSmFBiht+SO37kJ46ApHyY36q9HoT3kDe+upKjH23YDn6R7WEThCWHT6RhbuZpDXxYWonMq+oXEwZ51iDIMe+G1HrAC6HwikXYLG1k4TYrBUZwLXeOJ+Q1kskpQE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=Rb8tybR/; arc=none smtp.client-ip=209.85.208.45 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="Rb8tybR/" Received: by mail-ed1-f45.google.com with SMTP id 4fb4d7f45d1cf-5cf6f804233so6690607a12.2; Tue, 10 Dec 2024 01:46:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1733823988; x=1734428788; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=XtgyJTf0nGEQy8dIgfNuKn9dKl89pMTFI5gYmniF26o=; b=Rb8tybR/sKrRVEAClgniHmsATeW8Sa3/KkljDsFsBzz4+9a7Gd3X/Odf7H9XI3buQ2 2hnHBIqe+tvqFVKnpQdT2BdGHcLvsQ7UDiS1qYQ5H20QNqLuoqaGFLWq0twaTJoPSjJc /SoITM86p6gedqEGn5VTGlDwW1CyhuLB6uxpU03+q8+z3QYlcAZgB30cG93FGRbEe1m+ FAyJlo64rUpe7MqAP4urkUzcCH4wwKK8S90jnw/04q2a64yG2Kd3DSlnZMwg1QDguHpL omz2XDSEtX/P9fHSmLNGeZ9RY4HWindJMyGyvrBxfjxQ8/DIGYCV/CjZhPXfSLnQNigQ ffbw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733823988; x=1734428788; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=XtgyJTf0nGEQy8dIgfNuKn9dKl89pMTFI5gYmniF26o=; b=KLwSUusQZ7gamUus7DVCq3vO2TB5gPc5VMQeNVVtdfz08u6xb/Mr9UW0k0uAb0qtMN t/TKk2NTpQ8jNnhu7U1ZL7esXxgqUi65nMv50XQnj49MAJccO67tuvFd2qTd0CeIysWT 7160dp9v7iclzFUH6sd7Q+TdhqNC1Jea8CmpiKYh17ltESF2Et4uj317FBZzdfz/VmRA i1hY7YVKzwMcZE7paKI3fPlrc7hybfGaZf6AaNTjyXiVaLr/5Z4T7fl41vgK46UnMv6y 1ZGznCcVscK/KhCrSkDGAiipBPWiuneOQpD+4e8KWLH2PSE0nOaHtVEddOKSO7U6M0Cc f54g== X-Forwarded-Encrypted: i=1; AJvYcCVfyH2mXUObkbzIQe4TpRFPcFfEIYrzUHHGYPgHATDzw9yUBKFzkQxJJidX4v4kpHAn3sgqYG9Pof2+1VSL6E1I@vger.kernel.org, AJvYcCXwGprZDgl9U089qThMPmxRqUgAWAsFDHaaLU4cTfu306vJiwbAP0ljTVDorTdz6xhIVJR8kHghONQwW8k=@vger.kernel.org X-Gm-Message-State: AOJu0YxlN13U7XjhvZ2KfIRQ4ObXTS6LQKhsJlff8bZNHdNz/vvZpkto 6yv13PnXIEhKCZvirxK9maU3FZEbjevRZKCkRrJ3y4qYpsFjd69o X-Gm-Gg: ASbGncuKTP67vx7Z3KW8ZTyAzRBk4k2IRNLWWRiph1ljTTYAsb0Cvm0B5ptHOQgx1Du 1oShRx61y0PilI5hqx5CTBRAD4HeOSSyjv5g7LifOE46A3hg9vw38JamEGMAaORWpMQaD5MmI8n DA1xr57AsqxTfDZQ1GiEvs+197lqBt1U6nXFCwGtFfjH2X0DS0d1rqhFVtAWVYU8Tnh0vRxQA3g XdoB12VKvgOORT9ZItJ/eI9Wj9C7QOvqtyyGGdelIGUBoGea4pU6cXE993+h4BPDO3cfzdKcVtn YlJFHESMtRkqsqPbHnxYJYCPnHyUP7QIAWayOedXTQJOOWe1zmQoXF7J6gnVOpQAVYOx/lM= X-Google-Smtp-Source: AGHT+IHMIuAkwd6n+zMlbqGssJrA/sOKUAdIFcZ0GUQzc6T7cPFdzuPhW1u/ZoZsTEDW+OJzrhPxJg== X-Received: by 2002:a05:6402:4403:b0:5d2:7270:6135 with SMTP id 4fb4d7f45d1cf-5d41863c5c4mr4611870a12.33.1733823987762; Tue, 10 Dec 2024 01:46:27 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5d14b609e56sm7313936a12.40.2024.12.10.01.46.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 10 Dec 2024 01:46:27 -0800 (PST) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Andrew Lunn , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , David Ahern , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH RFC v3 net-next 09/13] netfilter: nft_flow_offload: Add DEV_PATH_MTK_WDMA to nft_dev_path_info() Date: Tue, 10 Dec 2024 10:44:57 +0100 Message-ID: <20241210094501.3069-10-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20241210094501.3069-1-ericwouds@gmail.com> References: <20241210094501.3069-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org X-Patchwork-State: RFC In case of using mediatek wireless, in nft_dev_fill_forward_path(), the forward path is filled, ending with mediatek wlan1. Because DEV_PATH_MTK_WDMA is unknown inside nft_dev_path_info() it returns with info.indev = NULL. Then nft_dev_forward_path() returns without setting the direct transmit parameters. This results in a neighbor transmit, and direct transmit not possible. But we want to use it for flow between bridged interfaces. So this patch adds DEV_PATH_MTK_WDMA to nft_dev_path_info() and makes direct transmission possible. Signed-off-by: Eric Woudstra --- net/netfilter/nft_flow_offload.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index cce4c5980ed5..f7c2692ff3f2 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -106,6 +106,7 @@ static void nft_dev_path_info(const struct net_device_path_stack *stack, switch (path->type) { case DEV_PATH_ETHERNET: case DEV_PATH_DSA: + case DEV_PATH_MTK_WDMA: case DEV_PATH_VLAN: case DEV_PATH_PPPOE: info->indev = path->dev; @@ -118,6 +119,10 @@ static void nft_dev_path_info(const struct net_device_path_stack *stack, i = stack->num_paths; break; } + if (path->type == DEV_PATH_MTK_WDMA) { + i = stack->num_paths; + break; + } /* DEV_PATH_VLAN and DEV_PATH_PPPOE */ if (info->num_encaps >= NF_FLOW_TABLE_ENCAP_MAX) { From patchwork Tue Dec 10 09:44:58 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13901164 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-ed1-f51.google.com (mail-ed1-f51.google.com [209.85.208.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 04A8C22E9E3; Tue, 10 Dec 2024 09:46:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.51 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733823992; cv=none; b=KI8HqDJ/yibM7eWGh8FLxQtMWB1rnKprGydy88Ry+N2wRAdXigK1mPzzyTe6vacr4xSXpxcXT2IutRcIbsombtRD0zjGy+sH6lHLUdNrbSm1q4grwzyNFzw4LdJGFN0NEMLAzTRABH47JtjvADWYIpGVCuX/23Isj84cSMSquSE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733823992; c=relaxed/simple; bh=dbAGsONnKRZzlx83jeLRPcTwW8qS9zwjqCZyp+6J28s=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=D8TtPVN5sxPAadEopa7GUmTs9dmw1ImtvNFF+23ikaGRRY67NaYjUg3zwIg16uMzNBFRDd1yeTjtkKzUQZRlvZgnsz4k/yyGEcvIdRkWJzeCvvVDE7uHQrWb7nsEqWmULhflL6z3hnk96EknllVsW/CrnOGlj0PgcbmnoW6EkOY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=Wq9YlrBX; arc=none smtp.client-ip=209.85.208.51 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="Wq9YlrBX" Received: by mail-ed1-f51.google.com with SMTP id 4fb4d7f45d1cf-5d41848901bso2136294a12.0; Tue, 10 Dec 2024 01:46:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1733823989; x=1734428789; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=BztZ0cfqRt9dxay4EdRKv7PmLiYD1WDU1Ehk6gLPnTE=; b=Wq9YlrBXe/xWtGOW9hSm+3krz2JwWsIXeZ0J9XXiUurdjmCC7qP3sC+afUv1K45MqE fwVbqk4cpfydCejFzgquP+zEaow9KbmVTRbu1S3k6QDTyizZvSnkK4qIAwD30YKCelSh vlD2nyKNyZE9ZufJdhXN6m5OvWzDf85lKnEEK4uC8NIzmDUasnJXpePo0rAVfSn2tA/4 BBVivgh/6wAEnpGAsR9VkDEyWudvRyMgtH1KOzXf20+wL5YI4NIvxYfsW/hr4JNtDuED DCfxrHliY/PSfVTVUzodKzBXtJahDeyJMHcQv+KZUJQ1ia7C6IfUktBgPgPhcDyYwtVc VSaA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733823989; x=1734428789; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=BztZ0cfqRt9dxay4EdRKv7PmLiYD1WDU1Ehk6gLPnTE=; b=jm7w83zeLZreBVslWS4urv2GgGfxVoQADjnmw/98vnqK0DPNPGGvmhMFmQ3vMKWIjO QmjZV+Kc8U2ffLIYrfu7M9HgZWoHdug+xJruiXpJVdPwWuMAdLNN+CoRU7FPTK3u9O3j uATEPOHvQKj81d02/1X0/BZMIFrRSPiMh9v/+mRGPw4ihWqEniuJtwL0IHLb65BuKIpW VYv6h4Wl+omPL6gzMqzJdHIs3gwfYhtfvvjrm8bXEUTWdStY3Z6j1xdjhbKtdGqI53Wh ukpDLQYmvI7jDQFP9cvvUCjr0ZkG/IvjDfUbb6U6VN9r8QJuxsWxigpA0+OEFMBH5VBX Zj/A== X-Forwarded-Encrypted: i=1; AJvYcCWoMHyy+qM1a2yotvwhebQW8JfF06iDGKXoPJoHa50a7SshF5aKwtgtf4YcOKLaopgkKKnBIrnXfo2zXFs=@vger.kernel.org, AJvYcCXTV554gWZMj8PklJYcUKP8l3q3nVVVZ6BQqZjYSL3PACdNeOSr1spydidS1mKgOdGrsRw0SGSQ2CpF7ieppgbt@vger.kernel.org X-Gm-Message-State: AOJu0Yxz1FaPc9FoOrOR6+LEmaflWdV1S9CAeyJYY79SG12hUg7DF4rd A8zl53OVAVFLFA2m/9j3Lqh6QnI4AuQerEEIUokfW1kPzAtI+Epz X-Gm-Gg: ASbGncu8LIjggp3ImqY2lfCOGPlkLxDLqq29ajp7nG+w8LgZaN9M2P47aHYF2sVlDiS 1xIxppr6U5O4o9eqgyzSuTLO7Xjjw8HI+SsqBcrzT6uswBfttR+GNOPoJrZiIh0nH6e/fSVtxPu mbXg41DSoook4h6rX4ydBbYqIz+Ajy45HHVkEGS3jop3R1WAbuaTA66PesHUr9Fpkq5MrCeUr3m nzy6FfOdz5y71rJ6GpsxKb2FOjz2wChL6VQu79Qw+aOBFyXmBfzFVEFRsUoAhpjixG8CgN5vCr7 kdHK0sAnlZjN1ggwkrOHFAiVs4qsiuzJn6PhgVHK/Pp9SRwV0S3w44Z4crHZJqa4bhaEUtk= X-Google-Smtp-Source: AGHT+IFyTeE5viLWDV5JNS3lSXCPHMg3QwwF9F8vVIQIRSBON1JTkjS6u5VFo+SMdaaFOV+dkCijqQ== X-Received: by 2002:a05:6402:524e:b0:5d0:e461:68e6 with SMTP id 4fb4d7f45d1cf-5d41e36d2acmr2440521a12.17.1733823989216; Tue, 10 Dec 2024 01:46:29 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5d14b609e56sm7313936a12.40.2024.12.10.01.46.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 10 Dec 2024 01:46:28 -0800 (PST) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Andrew Lunn , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , David Ahern , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH RFC v3 net-next 10/13] netfilter: nft_flow_offload: No ingress_vlan forward info for dsa user port Date: Tue, 10 Dec 2024 10:44:58 +0100 Message-ID: <20241210094501.3069-11-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20241210094501.3069-1-ericwouds@gmail.com> References: <20241210094501.3069-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org X-Patchwork-State: RFC The bitfield info->ingress_vlans and correcponding vlan encap are used for a switchdev user port. However, they should not be set for a dsa user port. Signed-off-by: Eric Woudstra --- net/netfilter/nft_flow_offload.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index f7c2692ff3f2..387e5574c31f 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -117,6 +117,11 @@ static void nft_dev_path_info(const struct net_device_path_stack *stack, break; if (path->type == DEV_PATH_DSA) { i = stack->num_paths; + if (!info->num_encaps || + !(info->ingress_vlans & BIT(info->num_encaps - 1))) + break; + info->num_encaps--; + info->ingress_vlans &= ~BIT(info->num_encaps - 1); break; } if (path->type == DEV_PATH_MTK_WDMA) { From patchwork Tue Dec 10 09:44:59 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13901165 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-ed1-f53.google.com (mail-ed1-f53.google.com [209.85.208.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 33E1722EA08; Tue, 10 Dec 2024 09:46:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.53 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733823994; cv=none; b=eB1izgkJ0EroJmmn08fN3wkKbz7qKb0ZQpuTR6HmrKnwRALdGXziFh8jmccVfjcy44fPrlVtyoTIGi4FqFlSu8VW9kep6LqG10KGhrJFBzOd+aWNmQzrs6I5I76e5Z66WRMKo8eNKGlEgG6eYGTFNsd58p+MWoEREOUEMGdjv0o= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733823994; c=relaxed/simple; bh=tgwl5hJEeOVWQcf7svSV1qIIw1wgqpljGacINCwz7T8=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Mcd+EvLEp7J9eokiL/p72QzFnRJVuS2wpPSX/hi6zCoeF5JvD1SFEobYANmTnOHU4J4om6QtqAy2VZ/PuMXaL/sUTVz2dAA6d+YNlrXEV69HWpyKVp8dI16TTI+2abzskyJtI1yB5Gf9p2hv6G7FxfhGVk17LcuEmn0wY50q5ig= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=Y+04PRXD; arc=none smtp.client-ip=209.85.208.53 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="Y+04PRXD" Received: by mail-ed1-f53.google.com with SMTP id 4fb4d7f45d1cf-5d3e9a88793so4005639a12.1; Tue, 10 Dec 2024 01:46:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1733823990; x=1734428790; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=eVgPo7GP+w/iXTNTv43Xh832Ytqh3LElKKcl5avl2EQ=; b=Y+04PRXDaJqMaULLymzLljhOGVWuLCQsLUNvSJEv/e+uby3nf6hwo1ORGQb6uIL83Y p+eoI500rs7Op69oIz38X4s3DMgnHFMNLlnNmeLBRlkp3/J8tKCUMTTLUFsnkF2amCBi y8OA1e0a4GM8ANqhPQWhewcG8ufR1HplICvXkdkgVSerQER+AYEEUoL8A13hIBvt4zpC xX8gi0Vz+FMn/6i1ndSDVyNBt8dnMKX0gXXbzYyXlMsi7NwMU8MD7olVbtMZ5j0tUCA5 dglWhTpnKj2MxRxhThsrB8WDb2H2W3dNU2uy8HLxYQ2bEczpVGpTBcfUGNUNXrqFTt92 /cDA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733823990; x=1734428790; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=eVgPo7GP+w/iXTNTv43Xh832Ytqh3LElKKcl5avl2EQ=; b=nFpR17ZdqizdH84PM545ENiIXH/twgkMA+W92gZdTXLD9QZhz1OXWBh4B7WO2ajxtW YTqkl0Kt6ZFzhEDIC4/o/lrNvWX6HBPvfikmQMfbNdw34yAberg9iffNbrKuxbAzj3UT sK19b8ebK7ajCuoveS+GWgCDQuWqsTW2g6RgymdT5EnBSRSBhvT3TXa1+D/VEpZvwsOb TDvWTRV+hgwc1Hs9gQu/D5a9s1VoLReHQcbEL7wKhSCiRZ9XYuGP33Ux6FM6poWoFCoL X4ejxclEiSSVwZfE9LqmyvIUUYse8AMxY5ytxXJqEUKRKKYgvxX07YheFT3sf9TcspD2 ysBw== X-Forwarded-Encrypted: i=1; AJvYcCV9ysGzzhitT0f1YjFPFOVtn89G7MJLCFZq3LurXSh7b7XKRMVOrx0a3jbnpmq98b3UoBqYO1atP5LIalo=@vger.kernel.org, AJvYcCW3DZxxyDhUbTEfdv9/Kz19ZW9Yo4NFoXsHV0i0jxzoNepQ5/bwEHpI6FWaP4nLu5R3EEpd/cXozcbu4Nx+Y4cU@vger.kernel.org X-Gm-Message-State: AOJu0Yx9RgxqiU8pqLpBxiFzsjnMsisurRMBuxhWxG086AoTHbJ2VOwG s9mp/UhuAjUP7aLyDjQ0GjOeXyFwm4t8qBzSW9nQsc/tgx3BPpbg X-Gm-Gg: ASbGncvhEqA8q4bRy8aI76CFqQDwAiFZ5maQj4I+z9JT0gKJSvCan2XQD7e4B+AdS8/ Q3KkWyqh82YMr2Jyplz3YNNegMz57rVDWGKmiEblHcjpDoZHvixpc+JiCKoUzf5Bf3MziGJfD8S RyfnD3G6S3vfAAE91s9WPnBsz45zNmnbYNSSQW5BcBL4gIsDAJERisLadDNSW559E3kH6YoXAD+ Q7NyGvCDEp/3iN5y8zgiz2VAkj8jlOHHK7c+gKmb1lORPxR6u4Mmz5YV9rvRsXje0kBdjXwCdHT YyDZVdcJMc8edsYHIJDZvbhNyynQB9XZAE0mzqIGEk5sjHH6yn1LkyfhyVB7PHdKAI7gaeU= X-Google-Smtp-Source: AGHT+IG1ns72s5lAxuFqutU6jXgQGW+b3pj0eqZhJSim1Ie1bmEH6QQg6S3iFkPF3upMCtFud8XANA== X-Received: by 2002:a05:6402:51d1:b0:5d2:723c:a559 with SMTP id 4fb4d7f45d1cf-5d418531cf1mr3562560a12.10.1733823990457; Tue, 10 Dec 2024 01:46:30 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5d14b609e56sm7313936a12.40.2024.12.10.01.46.29 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 10 Dec 2024 01:46:30 -0800 (PST) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Andrew Lunn , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , David Ahern , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH RFC v3 net-next 11/13] bridge: No DEV_PATH_BR_VLAN_UNTAG_HW for dsa foreign Date: Tue, 10 Dec 2024 10:44:59 +0100 Message-ID: <20241210094501.3069-12-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20241210094501.3069-1-ericwouds@gmail.com> References: <20241210094501.3069-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org X-Patchwork-State: RFC In network setup as below: fastpath bypass .----------------------------------------. / \ | IP - forwarding | | / \ v | / wan ... | / | | | | | brlan.1 | | | +-------------------------------+ | | vlan 1 | | | | | | brlan (vlan-filtering) | | | +---------------+ | | | DSA-SWITCH | | | vlan 1 | | | | to | | | | untagged 1 vlan 1 | | +---------------+---------------+ . / \ ----->wlan1 lan0 . . . ^ ^ vlan 1 tagged packets untagged packets br_vlan_fill_forward_path_mode() sets DEV_PATH_BR_VLAN_UNTAG_HW when filling in from brlan.1 towards wlan1. But it should be set to DEV_PATH_BR_VLAN_UNTAG in this case. Using BR_VLFLAG_ADDED_BY_SWITCHDEV is not correct. The dsa switchdev adds it as a foreign port. The same problem for all foreignly added dsa vlans on the bridge. First add the vlan, trying only native devices. If this fails, we know this may be a vlan from a foreign device. Use BR_VLFLAG_TAGGING_BY_SWITCHDEV to make sure DEV_PATH_BR_VLAN_UNTAG_HW is set only when there if no foreign device involved. Signed-off-by: Eric Woudstra --- include/net/switchdev.h | 1 + net/bridge/br_private.h | 3 +++ net/bridge/br_switchdev.c | 15 +++++++++++++++ net/bridge/br_vlan.c | 7 ++++++- net/switchdev/switchdev.c | 2 +- 5 files changed, 26 insertions(+), 2 deletions(-) diff --git a/include/net/switchdev.h b/include/net/switchdev.h index 8346b0d29542..ee500706496b 100644 --- a/include/net/switchdev.h +++ b/include/net/switchdev.h @@ -15,6 +15,7 @@ #define SWITCHDEV_F_NO_RECURSE BIT(0) #define SWITCHDEV_F_SKIP_EOPNOTSUPP BIT(1) #define SWITCHDEV_F_DEFER BIT(2) +#define SWITCHDEV_F_NO_FOREIGN BIT(3) enum switchdev_attr_id { SWITCHDEV_ATTR_ID_UNDEFINED, diff --git a/net/bridge/br_private.h b/net/bridge/br_private.h index 046d7b04771f..977285925422 100644 --- a/net/bridge/br_private.h +++ b/net/bridge/br_private.h @@ -180,6 +180,7 @@ enum { BR_VLFLAG_MCAST_ENABLED = BIT(2), BR_VLFLAG_GLOBAL_MCAST_ENABLED = BIT(3), BR_VLFLAG_NEIGH_SUPPRESS_ENABLED = BIT(4), + BR_VLFLAG_TAGGING_BY_SWITCHDEV = BIT(5), }; /** @@ -2175,6 +2176,8 @@ void br_switchdev_mdb_notify(struct net_device *dev, int type); int br_switchdev_port_vlan_add(struct net_device *dev, u16 vid, u16 flags, bool changed, struct netlink_ext_ack *extack); +int br_switchdev_port_vlan_no_foreign_add(struct net_device *dev, u16 vid, u16 flags, + bool changed, struct netlink_ext_ack *extack); int br_switchdev_port_vlan_del(struct net_device *dev, u16 vid); void br_switchdev_init(struct net_bridge *br); diff --git a/net/bridge/br_switchdev.c b/net/bridge/br_switchdev.c index 7b41ee8740cb..efa7a055b8f9 100644 --- a/net/bridge/br_switchdev.c +++ b/net/bridge/br_switchdev.c @@ -187,6 +187,21 @@ int br_switchdev_port_vlan_add(struct net_device *dev, u16 vid, u16 flags, return switchdev_port_obj_add(dev, &v.obj, extack); } +int br_switchdev_port_vlan_no_foreign_add(struct net_device *dev, u16 vid, u16 flags, + bool changed, struct netlink_ext_ack *extack) +{ + struct switchdev_obj_port_vlan v = { + .obj.orig_dev = dev, + .obj.id = SWITCHDEV_OBJ_ID_PORT_VLAN, + .obj.flags = SWITCHDEV_F_NO_FOREIGN, + .flags = flags, + .vid = vid, + .changed = changed, + }; + + return switchdev_port_obj_add(dev, &v.obj, extack); +} + int br_switchdev_port_vlan_del(struct net_device *dev, u16 vid) { struct switchdev_obj_port_vlan v = { diff --git a/net/bridge/br_vlan.c b/net/bridge/br_vlan.c index 2ea1e2ff4676..0decce5d586a 100644 --- a/net/bridge/br_vlan.c +++ b/net/bridge/br_vlan.c @@ -109,6 +109,11 @@ static int __vlan_vid_add(struct net_device *dev, struct net_bridge *br, /* Try switchdev op first. In case it is not supported, fallback to * 8021q add. */ + err = br_switchdev_port_vlan_no_foreign_add(dev, v->vid, flags, false, extack); + if (err != -EOPNOTSUPP) { + v->priv_flags |= BR_VLFLAG_ADDED_BY_SWITCHDEV | BR_VLFLAG_TAGGING_BY_SWITCHDEV; + return err; + } err = br_switchdev_port_vlan_add(dev, v->vid, flags, false, extack); if (err == -EOPNOTSUPP) return vlan_vid_add(dev, br->vlan_proto, v->vid); @@ -1491,7 +1496,7 @@ int br_vlan_fill_forward_path_mode(struct net_bridge *br, if (path->bridge.vlan_mode == DEV_PATH_BR_VLAN_TAG) path->bridge.vlan_mode = DEV_PATH_BR_VLAN_KEEP; - else if (v->priv_flags & BR_VLFLAG_ADDED_BY_SWITCHDEV) + else if (v->priv_flags & BR_VLFLAG_TAGGING_BY_SWITCHDEV) path->bridge.vlan_mode = DEV_PATH_BR_VLAN_UNTAG_HW; else path->bridge.vlan_mode = DEV_PATH_BR_VLAN_UNTAG; diff --git a/net/switchdev/switchdev.c b/net/switchdev/switchdev.c index 6488ead9e464..c48f66643e99 100644 --- a/net/switchdev/switchdev.c +++ b/net/switchdev/switchdev.c @@ -749,7 +749,7 @@ static int __switchdev_handle_port_obj_add(struct net_device *dev, /* Event is neither on a bridge nor a LAG. Check whether it is on an * interface that is in a bridge with us. */ - if (!foreign_dev_check_cb) + if (!foreign_dev_check_cb || port_obj_info->obj->flags & SWITCHDEV_F_NO_FOREIGN) return err; br = netdev_master_upper_dev_get(dev); From patchwork Tue Dec 10 09:45:00 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13901166 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-ed1-f44.google.com (mail-ed1-f44.google.com [209.85.208.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8995922FDE1; Tue, 10 Dec 2024 09:46:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.44 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733823996; cv=none; b=Mz2UKwVbZ81QgV5yHTeN9WpapfxIdXQbRTac6otbsbY9ePwzqtFjygr9FGkr5z5n58kyWA1R01gGvGdOa8kviMDoXCnQmmUEY4HSr785oOy1dX3TXLKpq/BtO3swGLKLNSxJ+csABRsJUfvvkw0+7MZVjGvhw6aHB6tqV42Elpk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733823996; c=relaxed/simple; bh=EaIKx/03ovm33+b5A1CjjkA5NFKzVRl39Rov2VA2iBM=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=gYSKGTFUwaUQR8JJTNZHdiyCc4IgYU7tB/32vbMqaer+3Fds8EYLwXOAbG6PT9Bb3dZgH86m/9v/Ur3MSWH0oaKsOVanCwGjO4Y2Chxoec0slRj+jXYykIj6FBIcYLyuslAo7lnR8x7NAVU+xd5FsRcTgv3eb2/z4/Xe9G2dL8M= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=IBj5GZDJ; arc=none smtp.client-ip=209.85.208.44 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="IBj5GZDJ" Received: by mail-ed1-f44.google.com with SMTP id 4fb4d7f45d1cf-5cecbddb574so6903345a12.1; Tue, 10 Dec 2024 01:46:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1733823992; x=1734428792; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=CFsTTuW6zvJV2/j0dvEGRR2IPJ0CE10zFwh/NOpRTtg=; b=IBj5GZDJXFbX/2btzNcSbfjCIXy+ALKGIR+7MP3uLo7gJDJgNXLyp/JxY7j3O1fAX7 agbrzg0FcC9M8p0BDQ0/73KX637sv7dM/IWkU96ZStgQVSlggaH4nRFsgqKETGQk3/oB 8R5E0WokMX993BfSjnPP5v/unrHdPw32wN76HtVNtukFfLCRGIULd/YwqwlTkEs9rQr0 7PgcQAT8k48fuSTwfRBTM3N0J4xGUSabzEZYt9mXZnLOWeRh0lz5rIzauiT0KA7BwWe9 j41sseMbQYA4AYPoH1R4JYkjfhyCRm6FGFUnyA+9LylSptn119nsQbG7EQDXNuQKey1x JZoA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733823992; x=1734428792; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=CFsTTuW6zvJV2/j0dvEGRR2IPJ0CE10zFwh/NOpRTtg=; b=hPUn7bMVKDGVg03qscIOokY/SvZdMl1k/42JOhknioPQrAMa6ubj00C6PREwK7jnlb +YeOwWfE6QBvJ8X92UEdOtLy80I4JQTScaOHtJRGSuPDKaiO+eYquB8DMaeHj4Tt0Nq9 ZiTw5Izw6H4h/E4H0SoF+Vi4GSNYYi377Yd/uk+inBEzzzPlSdgvTwHYQEmqMNMa1WIU zZEprQshRWPRA2G2GCYiUTWxkGXXSZenJIndK4wvsH5FiRnLVIqXhL/Rwh92kcPOh1aV /R/zgSjij/E0bUgPQasPvIwl1cstkhfMYH6tk9qwqMvUJKxDwtg7r93qoBD8ctaNx2eM yobg== X-Forwarded-Encrypted: i=1; AJvYcCUmrfcYbE4Dr6CQh0gSFVhLlKb34anUd1XnM8Sa4j5LOI45sPtxKS08Bke39DYaLVKyHJaEHCc/S9HSL4M=@vger.kernel.org, AJvYcCVzOw+x+IxisEJQ3+1IZy96+8gOtp7GPwXElb7OwCn8gjaqLtTgK7a9k1mhDHQDX7tjc909UGxa4qvrxfuztHTt@vger.kernel.org X-Gm-Message-State: AOJu0Yy9cKbc2Ww77RAbRXlG6LdaFmvhtzHNuUeU5txogqBazNaNSLBJ 5311++QW38BNeqMGcZC5JyFsvk0d3DvK4gXnk2fxPYcS3YxjhBVu X-Gm-Gg: ASbGncuqKwzbGqbmam2oU+wWfoa3gvb+cUx4VGKE/dY95CjXB81APZYBkg6n0c80Hs8 LJOg50o3EztJ9uiId2WX/Sc/rJdLwSnkvi1G57qCik/lz/DPMPXgdpnmAwI2ryQMln5WwndGNYI a1/igq3oMhUQ5O0g02B+rK+6knx1TZh+UkloIgJwCsuN5wWw4SWI92xVvjI54rEzOiNIhlNyQro 3nkBM6krNdrC1GRtIiSUZy3WM1oF4ulhu/jbNqQKRguu3pNxSRa4KZF8SRQf9lfl/21/0a8e/H6 8oAP45sJb68vkkUSzm8pPnOwRJa8woC5XcCKV81IpsROUGK354/VkA5Bdv5ryMY4ilPNwH8= X-Google-Smtp-Source: AGHT+IGoxFgsuKE4ejuRzVCEJrbEw9zjzZMSxooOe80MGRVJD8eFS/tnxR2FJpuGaoBio2IEBDhCgA== X-Received: by 2002:a50:9fae:0:b0:5d3:cff5:634f with SMTP id 4fb4d7f45d1cf-5d3cff563a7mr12659584a12.24.1733823991675; Tue, 10 Dec 2024 01:46:31 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5d14b609e56sm7313936a12.40.2024.12.10.01.46.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 10 Dec 2024 01:46:31 -0800 (PST) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Andrew Lunn , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , David Ahern , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH RFC v3 net-next 12/13] bridge: Introduce DEV_PATH_BR_VLAN_KEEP_HW for bridge-fastpath Date: Tue, 10 Dec 2024 10:45:00 +0100 Message-ID: <20241210094501.3069-13-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20241210094501.3069-1-ericwouds@gmail.com> References: <20241210094501.3069-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org X-Patchwork-State: RFC This patch introduces DEV_PATH_BR_VLAN_KEEP_HW. It is needed in the bridge fastpath for switchdevs supporting SWITCHDEV_OBJ_ID_PORT_VLAN. It is similar to DEV_PATH_BR_VLAN_TAG, with the correcponding bit in ingress_vlans set. In the forward fastpath it is not needed. Signed-off-by: Eric Woudstra --- include/linux/netdevice.h | 1 + net/bridge/br_device.c | 4 ++++ net/bridge/br_vlan.c | 18 +++++++++++------- net/netfilter/nft_flow_offload.c | 3 +++ 4 files changed, 19 insertions(+), 7 deletions(-) diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h index 6dbc442f9706..8be40145c1d9 100644 --- a/include/linux/netdevice.h +++ b/include/linux/netdevice.h @@ -870,6 +870,7 @@ struct net_device_path { DEV_PATH_BR_VLAN_TAG, DEV_PATH_BR_VLAN_UNTAG, DEV_PATH_BR_VLAN_UNTAG_HW, + DEV_PATH_BR_VLAN_KEEP_HW, } vlan_mode; u16 vlan_id; __be16 vlan_proto; diff --git a/net/bridge/br_device.c b/net/bridge/br_device.c index c7646afc8b96..112fd8556217 100644 --- a/net/bridge/br_device.c +++ b/net/bridge/br_device.c @@ -430,6 +430,10 @@ static int br_fill_forward_path(struct net_device_path_ctx *ctx, case DEV_PATH_BR_VLAN_UNTAG: ctx->num_vlans--; break; + case DEV_PATH_BR_VLAN_KEEP_HW: + if (!src) + path->bridge.vlan_mode = DEV_PATH_BR_VLAN_KEEP; + break; case DEV_PATH_BR_VLAN_KEEP: break; } diff --git a/net/bridge/br_vlan.c b/net/bridge/br_vlan.c index 0decce5d586a..6a2ca7a5854d 100644 --- a/net/bridge/br_vlan.c +++ b/net/bridge/br_vlan.c @@ -1494,13 +1494,17 @@ int br_vlan_fill_forward_path_mode(struct net_bridge *br, if (!(v->flags & BRIDGE_VLAN_INFO_UNTAGGED)) return 0; - if (path->bridge.vlan_mode == DEV_PATH_BR_VLAN_TAG) - path->bridge.vlan_mode = DEV_PATH_BR_VLAN_KEEP; - else if (v->priv_flags & BR_VLFLAG_TAGGING_BY_SWITCHDEV) - path->bridge.vlan_mode = DEV_PATH_BR_VLAN_UNTAG_HW; - else - path->bridge.vlan_mode = DEV_PATH_BR_VLAN_UNTAG; - + if (path->bridge.vlan_mode == DEV_PATH_BR_VLAN_TAG) { + if (v->priv_flags & BR_VLFLAG_TAGGING_BY_SWITCHDEV) + path->bridge.vlan_mode = DEV_PATH_BR_VLAN_KEEP_HW; + else + path->bridge.vlan_mode = DEV_PATH_BR_VLAN_KEEP; + } else { + if (v->priv_flags & BR_VLFLAG_TAGGING_BY_SWITCHDEV) + path->bridge.vlan_mode = DEV_PATH_BR_VLAN_UNTAG_HW; + else + path->bridge.vlan_mode = DEV_PATH_BR_VLAN_UNTAG; + } return 0; } diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index 387e5574c31f..ed0e9b499971 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -149,6 +149,9 @@ static void nft_dev_path_info(const struct net_device_path_stack *stack, case DEV_PATH_BR_VLAN_UNTAG_HW: info->ingress_vlans |= BIT(info->num_encaps - 1); break; + case DEV_PATH_BR_VLAN_KEEP_HW: + info->ingress_vlans |= BIT(info->num_encaps); + fallthrough; case DEV_PATH_BR_VLAN_TAG: info->encap[info->num_encaps].id = path->bridge.vlan_id; info->encap[info->num_encaps].proto = path->bridge.vlan_proto; From patchwork Tue Dec 10 09:45:01 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13901167 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-ed1-f51.google.com (mail-ed1-f51.google.com [209.85.208.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9199123D408; Tue, 10 Dec 2024 09:46:36 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.51 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733823998; cv=none; b=c17xqyggpKBwt84CdrT7LCrSPNh7Q9OTUmzn2LrT8+jUJ/GL2JoPeQJ2QhOo82suUWBkkZLMA03S1dAMSA5QNGWSTE/WxN9q7s1SEtcB8bgvzYMo/aCzRW0xFZ7yPi5hpZp9LtFRGerya2d3AIT8wsUzEo5b3aLMwpIFSexcTR4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733823998; c=relaxed/simple; bh=53JGUH2pR8oX8Xp8+Xw+36LGxxviOGdtjx+fvNsDyms=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=lTkSpQSUa81Ik1hvKTYZIVfL0NWCuiFCjVEXfEApQWGLT6SikIm09+QuBnReg+E9AYpnVc9CcKZPk2LDPPumuLjDT/ok/cvGZ4ABWJE+d6broIjk6ndRJ972Buvi6QR913C0yRznkN2bkKMCz7c0CS7OyYOnIUedDxfpPhsIISs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=NPtf2hJm; arc=none smtp.client-ip=209.85.208.51 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="NPtf2hJm" Received: by mail-ed1-f51.google.com with SMTP id 4fb4d7f45d1cf-5d3ecae02beso3176556a12.0; Tue, 10 Dec 2024 01:46:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1733823995; x=1734428795; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=kjMfgZPTOt1wzklPxYQo1KoCry3saUouaCrKRGjXlrM=; b=NPtf2hJm33sdfs5FhNapzTmBIbeEEb0oiZ2inIGbcIAvwrSnraPcGPKz5wLKNC0kcj KexCCL3ElbhaUyotMWiwXSu+F5EWWjldhio2I3JirkTyDpJf3KfGvQqcmz2hU/BVldaE jpJsBhRJ8oxFJg2WYBSp7BTpGvKXzl+fqrWTtN1E+NHdwvCbx7o8xUjGYQB/alAMj1ee MDNK/j36gl7Xsv4SUKckIRPqK8x3NmxhP9ZveN50Ji20KPzStwjFuBbMPqLb2/36gj54 J0ESHKwPtm3rZ13QOlEoZFElWsJ0RVNgNb8izbhGt+m+rDud5UR/6A2qXQgw+r4ieiij fcfQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733823995; x=1734428795; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=kjMfgZPTOt1wzklPxYQo1KoCry3saUouaCrKRGjXlrM=; b=wLjGNGwKqZZ0c1SQXvZlXTQ1zuFAOVGW4DC4pWLG8NwgCFFUVyfOS4LOWOZ1a0La64 AZBajMFtBMK/SqdleCy+QYQ1yJqyTNFlGUHi44B0hFhRNS/Q8+Ug4isQB9iXOMm5TTQt z1cnY7rh1ITilvIQYGEGScyrG4ClgsldkF3qVj2qPCXq3abzuqRtVDbsLmcON03BV7Ma 4MjmbA3AfpJSqbzk3VyaioUZAwtq9z5AVkp6jaOBa9jVZl4J5JF10GuYLfWFN61C2ioR MFyXDhAaFNmBNgkVPIox1P3cujcwTcZTP2C5OfezS+DoSKIqO3iSHao91gGvfe5SOLRa 4zgA== X-Forwarded-Encrypted: i=1; AJvYcCUm1MP5J4EAI+KmbVVBFot3trR6MjZ75w+fxiyUg8u9tUHcC/ECdUkyRm4JNOA+nmKOrzk22EY+ZrdhgYsaRsHr@vger.kernel.org, AJvYcCVhON/99rrvaYbv2qr1eiP+x2JJOQBk/azccuVH3f4bIWM539C8DXs7R/B9DmwlabR74sStAQM5SwZzOh0=@vger.kernel.org X-Gm-Message-State: AOJu0Yy+c+uvWF5B0FyaIBANkuvpZ5dQ94q1FlXb4HOVOyJOZSTkrI5r HWqi7Lsqqns0DtRo4hiifyv6NOEDMLTOs3IU6+4lTC518yFZoFxe X-Gm-Gg: ASbGncvU35zOb+wABbCiJfBO+SPONFhJbwSf1KuxqUYZqulwATmFOputD/baOxRO/0R FsYY9J43jHSunXsbGTZ0bqHqmH+11hGPhGrccumV4wgAqLhX0eLJYNx3CYYCvgIf4foewLBR5I0 CelYqTLbExghluMhdYHF4FGvOnBY3AFFSvZu23b+hyEDzoR1jHkRkLXBQsvC7xegdPXfpVu7yx8 5jWwzshMMROb7lb6pSGBTmv1rEXR4w0mYMebYkdKfePFCPIebdETTGQ6O4y4IljWrdq+GjRTUIB T35vuo7lRAP59fYeKxk23/RGqxNzDT2XjOMFwmaLr/gJ11w2/MS3nHdHveMlbeOdv3ECKOA= X-Google-Smtp-Source: AGHT+IFAu59kegmItDpMGH7TM0Tzld+Gwydm4Aw22u8I6s2WTgEkJzLS/k6ir2kKhoX3eegXigdJOA== X-Received: by 2002:a05:6402:51cb:b0:5d2:7346:3ecb with SMTP id 4fb4d7f45d1cf-5d3be69d3admr15117186a12.12.1733823994692; Tue, 10 Dec 2024 01:46:34 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5d14b609e56sm7313936a12.40.2024.12.10.01.46.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 10 Dec 2024 01:46:33 -0800 (PST) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Andrew Lunn , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , David Ahern , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH RFC v3 net-next 13/13] netfilter: nft_flow_offload: Add bridgeflow to nft_flow_offload_eval() Date: Tue, 10 Dec 2024 10:45:01 +0100 Message-ID: <20241210094501.3069-14-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20241210094501.3069-1-ericwouds@gmail.com> References: <20241210094501.3069-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org X-Patchwork-State: RFC Edit nft_flow_offload_eval() to make it possible to handle a flowtable of the nft bridge family. Use nft_flow_offload_bridge_init() to fill the flow tuples. It uses nft_dev_fill_bridge_path() in each direction. Signed-off-by: Eric Woudstra --- net/netfilter/nft_flow_offload.c | 144 +++++++++++++++++++++++++++++-- 1 file changed, 139 insertions(+), 5 deletions(-) diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index ed0e9b499971..b17a3ef79852 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -196,6 +196,131 @@ static bool nft_flowtable_find_dev(const struct net_device *dev, return found; } +static int nft_dev_fill_bridge_path(struct flow_offload *flow, + struct nft_flowtable *ft, + const struct nft_pktinfo *pkt, + enum ip_conntrack_dir dir, + const struct net_device *src_dev, + const struct net_device *dst_dev, + unsigned char *src_ha, + unsigned char *dst_ha) +{ + struct flow_offload_tuple_rhash *th = flow->tuplehash; + struct net_device_path_stack stack; + struct net_device_path_ctx ctx = {}; + struct nft_forward_info info = {}; + int i, j = 0; + + for (i = th[dir].tuple.encap_num - 1; i >= 0 ; i--) { + if (info.num_encaps >= NF_FLOW_TABLE_ENCAP_MAX) + return -1; + + if (th[dir].tuple.in_vlan_ingress & BIT(i)) + continue; + + info.encap[info.num_encaps].id = th[dir].tuple.encap[i].id; + info.encap[info.num_encaps].proto = th[dir].tuple.encap[i].proto; + info.num_encaps++; + + if (th[dir].tuple.encap[i].proto == htons(ETH_P_PPP_SES)) + continue; + + if (ctx.num_vlans >= NET_DEVICE_PATH_VLAN_MAX) + return -1; + ctx.vlan[ctx.num_vlans].id = th[dir].tuple.encap[i].id; + ctx.vlan[ctx.num_vlans].proto = th[dir].tuple.encap[i].proto; + ctx.num_vlans++; + } + ctx.dev = src_dev; + ether_addr_copy(ctx.daddr, dst_ha); + + if (dev_fill_bridge_path(&ctx, &stack) < 0) + return -1; + + nft_dev_path_info(&stack, &info, dst_ha, &ft->data); + + if (!info.indev || info.indev != dst_dev) + return -1; + + th[!dir].tuple.iifidx = info.indev->ifindex; + for (i = info.num_encaps - 1; i >= 0; i--) { + th[!dir].tuple.encap[j].id = info.encap[i].id; + th[!dir].tuple.encap[j].proto = info.encap[i].proto; + if (info.ingress_vlans & BIT(i)) + th[!dir].tuple.in_vlan_ingress |= BIT(j); + j++; + } + th[!dir].tuple.encap_num = info.num_encaps; + + th[dir].tuple.mtu = dst_dev->mtu; + ether_addr_copy(th[dir].tuple.out.h_source, src_ha); + ether_addr_copy(th[dir].tuple.out.h_dest, dst_ha); + th[dir].tuple.out.ifidx = info.outdev->ifindex; + th[dir].tuple.out.hw_ifidx = info.hw_outdev->ifindex; + th[dir].tuple.xmit_type = FLOW_OFFLOAD_XMIT_DIRECT; + + return 0; +} + +static int nft_flow_offload_bridge_init(struct flow_offload *flow, + const struct nft_pktinfo *pkt, + enum ip_conntrack_dir dir, + struct nft_flowtable *ft) +{ + struct ethhdr *eth = eth_hdr(pkt->skb); + struct flow_offload_tuple *tuple; + const struct net_device *out_dev; + const struct net_device *in_dev; + struct pppoe_hdr *phdr; + struct vlan_hdr *vhdr; + int err, i = 0; + + in_dev = nft_in(pkt); + if (!in_dev || !nft_flowtable_find_dev(in_dev, ft)) + return -1; + + out_dev = nft_out(pkt); + if (!out_dev || !nft_flowtable_find_dev(out_dev, ft)) + return -1; + + tuple = &flow->tuplehash[!dir].tuple; + + if (skb_vlan_tag_present(pkt->skb)) { + tuple->encap[i].id = skb_vlan_tag_get(pkt->skb); + tuple->encap[i].proto = pkt->skb->vlan_proto; + i++; + } + switch (pkt->skb->protocol) { + case htons(ETH_P_8021Q): + vhdr = (struct vlan_hdr *)skb_network_header(pkt->skb); + tuple->encap[i].id = ntohs(vhdr->h_vlan_TCI); + tuple->encap[i].proto = pkt->skb->protocol; + i++; + break; + case htons(ETH_P_PPP_SES): + phdr = (struct pppoe_hdr *)skb_network_header(pkt->skb); + tuple->encap[i].id = ntohs(phdr->sid); + tuple->encap[i].proto = pkt->skb->protocol; + i++; + break; + } + tuple->encap_num = i; + + err = nft_dev_fill_bridge_path(flow, ft, pkt, !dir, out_dev, in_dev, + eth->h_dest, eth->h_source); + if (err < 0) + return err; + + memset(tuple->encap, 0, sizeof(tuple->encap)); + + err = nft_dev_fill_bridge_path(flow, ft, pkt, dir, in_dev, out_dev, + eth->h_source, eth->h_dest); + if (err < 0) + return err; + + return 0; +} + static void nft_dev_forward_path(struct nf_flow_route *route, const struct nf_conn *ct, enum ip_conntrack_dir dir, @@ -306,6 +431,7 @@ static void nft_flow_offload_eval(const struct nft_expr *expr, { struct nft_flow_offload *priv = nft_expr_priv(expr); struct nf_flowtable *flowtable = &priv->flowtable->data; + bool routing = (flowtable->type->family != NFPROTO_BRIDGE); struct tcphdr _tcph, *tcph = NULL; struct nf_flow_route route = {}; enum ip_conntrack_info ctinfo; @@ -359,14 +485,20 @@ static void nft_flow_offload_eval(const struct nft_expr *expr, goto out; dir = CTINFO2DIR(ctinfo); - if (nft_flow_route(pkt, ct, &route, dir, priv->flowtable) < 0) - goto err_flow_route; + if (routing) { + if (nft_flow_route(pkt, ct, &route, dir, priv->flowtable) < 0) + goto err_flow_route; + } flow = flow_offload_alloc(ct); if (!flow) goto err_flow_alloc; - flow_offload_route_init(flow, &route); + if (routing) + flow_offload_route_init(flow, &route); + else + if (nft_flow_offload_bridge_init(flow, pkt, dir, priv->flowtable) < 0) + goto err_flow_route; if (tcph) { ct->proto.tcp.seen[0].flags |= IP_CT_TCP_FLAG_BE_LIBERAL; @@ -419,8 +551,10 @@ static void nft_flow_offload_eval(const struct nft_expr *expr, err_flow_add: flow_offload_free(flow); err_flow_alloc: - dst_release(route.tuple[dir].dst); - dst_release(route.tuple[!dir].dst); + if (routing) { + dst_release(route.tuple[dir].dst); + dst_release(route.tuple[!dir].dst); + } err_flow_route: clear_bit(IPS_OFFLOAD_BIT, &ct->status); out: