From patchwork Tue Jan 7 09:05:18 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13928494 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id DFB0DE77197 for ; Tue, 7 Jan 2025 09:08:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=Baj5jGYp4+wV8/iAbfAoST2ANmEn8FK5eb8xxUvDBwU=; b=Sz3hMWhWjvau+9TSL1ej5cdh1X KP1rR4hapLGny3JEVgY0L0p84xobd1Q83uLBl+SNW9lJ3M/BzdURVD9ZqmTQwNUypqSL0u3mmEaKz KllV77USQbnLJwD9SuxAnzJnzOYvRBMetfyKthGFGs49ViuJIlp+ibUcll4l9VyE+2HMoemf9qp5X uHW9y/l1o0qpNRlbqQUb7Cm5G7esBKHNdX9UM8dYu/xCW376lmZ9LbPK4DANTAdicqOw0rmNUnW3g w3gTU8Xu3ZXflsWG//0WzYjcLp3a9uEo8eehVXgyDo0SRVUH2YklzpyRDXaZxn5H/L20IO/QJAdGc fEnPoxCg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1tV5Zh-000000043MX-016K; Tue, 07 Jan 2025 09:08:33 +0000 Received: from mail-ed1-x52e.google.com ([2a00:1450:4864:20::52e]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1tV5XJ-000000042Uq-1DAp; Tue, 07 Jan 2025 09:06:07 +0000 Received: by mail-ed1-x52e.google.com with SMTP id 4fb4d7f45d1cf-5d437235769so7498452a12.2; Tue, 07 Jan 2025 01:06:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1736240763; x=1736845563; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Baj5jGYp4+wV8/iAbfAoST2ANmEn8FK5eb8xxUvDBwU=; b=WLfLBooO+yKDL9V4nxHusOKISK1uOvEzVKq6wnRaVCNkJK/qRbgqNTL/uTcT/pccgC w82aZ7TIkgZGnnzozC6xXd6eOL8yjYTO5jSIMKdCAQQX2XYmXFKNSgMpSwHhCiKyQbdb 9hAmh4e5y+4Wj8fnBkkO9sNZbRtdHcjHkLSE/bP6sNEQm1d4rmUBXYAgQHsKbiIU1cH/ U7y2Gt8F/PL0mtHIhHH0+7HzAJ3dAnBTQVplAKxc/0Y4z7YYiNJQBSSZ3m1LUVEHuzEe XUL99LMRhr/5s4HTIt/tRBtQUoLUxDs1Gx+6eNDDzKj8L0LJGBW0hVTYBQ/yA+U1g6Mh ORlg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736240763; x=1736845563; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Baj5jGYp4+wV8/iAbfAoST2ANmEn8FK5eb8xxUvDBwU=; b=Q7sYjK/cxI2yJAUbTtNhZbmSjPuDehvaCu61NoUoi22M4UPUhJbAdwyUXhS2pTXsTw p/xGzEugi5kehiFGDR86D6xTNnCuAjDqcyyyG8x9F+NkARwt/ny/uTKeGDZxrig0BscR Gz84vtttJNRatr7J09X7HkujQaeySbm1gucCpJhnJWzo8onTn2U93nD23A9YBvYvOYYL ZA8hwmBhuT6xZettxEBtez+kevdbn5u3oOjxbwgbJAbOzDSZbLpj3CsiLvbXmACmcdJX qgmGtv+3hg5zKBeYncHIDEpy6pubKGc4daqgNLgnoDhF7M+jEfVY4N9DE5rbr26tw/IB lxKg== X-Forwarded-Encrypted: i=1; AJvYcCUXwKOpXkeE8itrdKUgr2u2EuxY6ymMHvjcrgAzngMEhm4MvOSmgq1wdNLddgYfuwSoD6GpHlib16m8f63bl4El@lists.infradead.org, AJvYcCXOGXUWJVo+Qvi/7K9bta4h7YRZ63rLFeQGEGFSQtBIBHDDPx2B30DDhy2U0kwE+8pvSKZt/+Cu3SyJEsLh5DI=@lists.infradead.org X-Gm-Message-State: AOJu0Yz+fTA53mZszC7KaPZ683Fps5KHE73UUF0YJO9SraacT/SWOtfl F5c1ZcYAZbBe2mMv2cpw0ym1pSLiq5h67qR7UoRdFvi7qs1qq86P X-Gm-Gg: ASbGncsZ34PMdEqM8dHXWF1xMGY0xjWvOZWGrVPyTDlD2fZh8hJXrUCH1DakWHaxCNV THhaNj31kXrnKNmk2llZy8VagFtsDX9ffBLmoZnN2+ZvfWR45hQBRt01DpTYnGwQYM8Bi6poN6F MIcG+nbuxwIWSsJtoUHwb3FOIUc3xW3lELPVgd93esA88bSgKtoqjkI5pj8RaWl+L+5r8rYF4yy WlxC1ZN0WYJtVBYQpWk2UuFXzBZsYYTtSMmTvJqvJEErDBgZF6WYhLfL1V7EYl1N7PZdP84N3ik pI+WJR+8M+K8HheFxKCVgj1nA2gBxqkhPU35wIbwMI200MTA5ytMN3P4TgsjuTitAHel9PfgKA= = X-Google-Smtp-Source: AGHT+IGihPZMtS/7pXngAOgxYVuDDIwJt5WjccXPIqnlanSAU8Lk5fvkBSWIEuChNszzwsLuG6qs6Q== X-Received: by 2002:a05:6402:5253:b0:5d0:aa2d:6eee with SMTP id 4fb4d7f45d1cf-5d81ddf7fb6mr57942245a12.26.1736240762612; Tue, 07 Jan 2025 01:06:02 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5d80676f3f9sm24005333a12.23.2025.01.07.01.06.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Jan 2025 01:06:02 -0800 (PST) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Andrew Lunn , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , David Ahern , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH v4 net-next 01/13] netfilter: nf_flow_table_offload: Add nf_flow_encap_push() for xmit direct Date: Tue, 7 Jan 2025 10:05:18 +0100 Message-ID: <20250107090530.5035-2-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250107090530.5035-1-ericwouds@gmail.com> References: <20250107090530.5035-1-ericwouds@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250107_010605_328615_1F253E00 X-CRM114-Status: GOOD ( 19.84 ) X-BeenThere: linux-mediatek@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Linux-mediatek" Errors-To: linux-mediatek-bounces+linux-mediatek=archiver.kernel.org@lists.infradead.org Loosely based on wenxu's patches: "nf_flow_table_offload: offload the vlan/PPPoE encap in the flowtable". Fixed double vlan and pppoe packets, almost entirely rewriting the patch. After this patch, it is possible to transmit packets in the fastpath with outgoing encaps, without using vlan- and/or pppoe-devices. This makes it possible to use more different kinds of network setups. For example, when bridge tagging is used to egress vlan tagged packets using the forward fastpath. Another example is passing 802.1q tagged packets through a bridge using the bridge fastpath. This also makes the software fastpath process more similar to the hardware offloaded fastpath process, where encaps are also pushed. After applying this patch, always info->outdev = info->hw_outdev, so the netfilter code can be further cleaned up by removing: * hw_outdev from struct nft_forward_info * out.hw_ifindex from struct nf_flow_route * out.hw_ifidx from struct flow_offload_tuple Signed-off-by: Eric Woudstra --- net/netfilter/nf_flow_table_ip.c | 96 +++++++++++++++++++++++++++++++- net/netfilter/nft_flow_offload.c | 6 +- 2 files changed, 96 insertions(+), 6 deletions(-) diff --git a/net/netfilter/nf_flow_table_ip.c b/net/netfilter/nf_flow_table_ip.c index 98edcaa37b38..290d8e10d85b 100644 --- a/net/netfilter/nf_flow_table_ip.c +++ b/net/netfilter/nf_flow_table_ip.c @@ -302,6 +302,92 @@ static bool nf_flow_skb_encap_protocol(struct sk_buff *skb, __be16 proto, return false; } +static int nf_flow_vlan_inner_push(struct sk_buff *skb, __be16 proto, u16 id) +{ + struct vlan_hdr *vhdr; + + if (skb_cow_head(skb, VLAN_HLEN)) + return -1; + + __skb_push(skb, VLAN_HLEN); + skb_reset_network_header(skb); + + vhdr = (struct vlan_hdr *)(skb->data); + vhdr->h_vlan_TCI = htons(id); + vhdr->h_vlan_encapsulated_proto = skb->protocol; + skb->protocol = proto; + + return 0; +} + +static int nf_flow_ppoe_push(struct sk_buff *skb, u16 id) +{ + struct ppp_hdr { + struct pppoe_hdr hdr; + __be16 proto; + } *ph; + int data_len = skb->len + 2; + __be16 proto; + + if (skb_cow_head(skb, PPPOE_SES_HLEN)) + return -1; + + if (skb->protocol == htons(ETH_P_IP)) + proto = htons(PPP_IP); + else if (skb->protocol == htons(ETH_P_IPV6)) + proto = htons(PPP_IPV6); + else + return -1; + + __skb_push(skb, PPPOE_SES_HLEN); + skb_reset_network_header(skb); + + ph = (struct ppp_hdr *)(skb->data); + ph->hdr.ver = 1; + ph->hdr.type = 1; + ph->hdr.code = 0; + ph->hdr.sid = htons(id); + ph->hdr.length = htons(data_len); + ph->proto = proto; + skb->protocol = htons(ETH_P_PPP_SES); + + return 0; +} + +static int nf_flow_encap_push(struct sk_buff *skb, + struct flow_offload_tuple_rhash *tuplehash, + unsigned short *type) +{ + int i = 0, ret = 0; + + if (!tuplehash->tuple.encap_num) + return 0; + + if (tuplehash->tuple.encap[i].proto == htons(ETH_P_8021Q) || + tuplehash->tuple.encap[i].proto == htons(ETH_P_8021AD)) { + __vlan_hwaccel_put_tag(skb, tuplehash->tuple.encap[i].proto, + tuplehash->tuple.encap[i].id); + i++; + if (i >= tuplehash->tuple.encap_num) + return 0; + } + + switch (tuplehash->tuple.encap[i].proto) { + case htons(ETH_P_8021Q): + *type = ETH_P_8021Q; + ret = nf_flow_vlan_inner_push(skb, + tuplehash->tuple.encap[i].proto, + tuplehash->tuple.encap[i].id); + break; + case htons(ETH_P_PPP_SES): + *type = ETH_P_PPP_SES; + ret = nf_flow_ppoe_push(skb, + tuplehash->tuple.encap[i].id); + break; + } + return ret; +} + static void nf_flow_encap_pop(struct sk_buff *skb, struct flow_offload_tuple_rhash *tuplehash) { @@ -331,6 +417,7 @@ static void nf_flow_encap_pop(struct sk_buff *skb, static unsigned int nf_flow_queue_xmit(struct net *net, struct sk_buff *skb, const struct flow_offload_tuple_rhash *tuplehash, + struct flow_offload_tuple_rhash *other_tuplehash, unsigned short type) { struct net_device *outdev; @@ -339,6 +426,9 @@ static unsigned int nf_flow_queue_xmit(struct net *net, struct sk_buff *skb, if (!outdev) return NF_DROP; + if (nf_flow_encap_push(skb, other_tuplehash, &type) < 0) + return NF_DROP; + skb->dev = outdev; dev_hard_header(skb, skb->dev, type, tuplehash->tuple.out.h_dest, tuplehash->tuple.out.h_source, skb->len); @@ -458,7 +548,8 @@ nf_flow_offload_ip_hook(void *priv, struct sk_buff *skb, ret = NF_STOLEN; break; case FLOW_OFFLOAD_XMIT_DIRECT: - ret = nf_flow_queue_xmit(state->net, skb, tuplehash, ETH_P_IP); + ret = nf_flow_queue_xmit(state->net, skb, tuplehash, + &flow->tuplehash[!dir], ETH_P_IP); if (ret == NF_DROP) flow_offload_teardown(flow); break; @@ -753,7 +844,8 @@ nf_flow_offload_ipv6_hook(void *priv, struct sk_buff *skb, ret = NF_STOLEN; break; case FLOW_OFFLOAD_XMIT_DIRECT: - ret = nf_flow_queue_xmit(state->net, skb, tuplehash, ETH_P_IPV6); + ret = nf_flow_queue_xmit(state->net, skb, tuplehash, + &flow->tuplehash[!dir], ETH_P_IPV6); if (ret == NF_DROP) flow_offload_teardown(flow); break; diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index 7b84d8d3469c..cdf1771906b8 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -124,13 +124,12 @@ static void nft_dev_path_info(const struct net_device_path_stack *stack, info->indev = NULL; break; } - if (!info->outdev) - info->outdev = path->dev; info->encap[info->num_encaps].id = path->encap.id; info->encap[info->num_encaps].proto = path->encap.proto; info->num_encaps++; if (path->type == DEV_PATH_PPPOE) memcpy(info->h_dest, path->encap.h_dest, ETH_ALEN); + info->xmit_type = FLOW_OFFLOAD_XMIT_DIRECT; break; case DEV_PATH_BRIDGE: if (is_zero_ether_addr(info->h_source)) @@ -158,8 +157,7 @@ static void nft_dev_path_info(const struct net_device_path_stack *stack, break; } } - if (!info->outdev) - info->outdev = info->indev; + info->outdev = info->indev; info->hw_outdev = info->indev; From patchwork Tue Jan 7 09:05:19 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13928513 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id C9471E77197 for ; Tue, 7 Jan 2025 09:09:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=k+WwlYEDG0HLvBd8VAnV5F5MIiHlMD5bJhzWof6nBUU=; b=VBDV+3cB0dD6xTWd9Ge3Hmvfuw fHPpe5IkHNgSryFje78SCe/hHGYSvUKaM/gJ70BjsfpAcwh9w44N4Xx14iS2bxS2YtMATy5NjUgYy fqYfpysZfrGOnl16BxaXIi1kOZYFSAKF0pqTWxkrN6mDxLYVUlYxGe3ekcWgAXOkALSXbAdnJqPMz clTdD9h/UdP800x6z095rcVv3mQCQfOEovT9GNBhZIhe6zg6JSUAaqo8etY5F/6FSMFkcInAYrb2q 1WEy5maxgrc2sSjEZ2TFlsx9T2h9zBhYlQecjxwWswIwvKYZOvBiZqvEBEKsXtlEUVjgb6s+2cQFK rFZYX7zw==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1tV5ar-000000043iZ-495k; Tue, 07 Jan 2025 09:09:45 +0000 Received: from mail-ed1-x533.google.com ([2a00:1450:4864:20::533]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1tV5XK-000000042VI-1qS5; Tue, 07 Jan 2025 09:06:08 +0000 Received: by mail-ed1-x533.google.com with SMTP id 4fb4d7f45d1cf-5d96944401dso412644a12.0; Tue, 07 Jan 2025 01:06:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1736240764; x=1736845564; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=k+WwlYEDG0HLvBd8VAnV5F5MIiHlMD5bJhzWof6nBUU=; b=Kv5CXnKrBXcwuKbJjSba96oL4/aDen42G6Gd5eMd9i1AsEp9F2Ib+84oPw19ncKh4a N4k1waDDHUlC/UTjuI5FyAMAsAxe45JiPP4iOslMfbiFRAJBUWANaV6uwtkAGBciNzlg /az8d3AouMzC62pPLP36M/6+wdkdufhq/bLIZOmDSBk6tuZaGfvP4OuG8O6aUTNMEF2j TN9oW+FEcydhRPCGGrjPhiKafBnZvUb93oQqbi6VSdPB85O/0DG6Fyojycoyo/xRwuJr CflZWuMkm1Su+8sr1MfSM9gD2GelSVH+JMwF/5t5pm1B8ysrjzBGqN9MUIYNiNql+yYt yHzA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736240764; x=1736845564; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=k+WwlYEDG0HLvBd8VAnV5F5MIiHlMD5bJhzWof6nBUU=; b=f/WYmLeg2psjj+nEWKU7tY5NJsNHrXK/+zg2RKNykqoXECXK2WnP1hB2IUpGX/8cHj qKUS8KpUqlX3e2u/F5pV8K8M0R2kFfdiQ4LA4qJ03k6WBrNazdH1ZxGaZlPxCpeBKL0E N0JrEi/HExIALJZ099I9ZEosQFdHVN9NT8nEuHVY3x+bI5mL1FObfMbBXEL8lA9rfwXc mRtz6AImw6J6e7BvOOfaAU8Ee2/vwxTZ0cntAA6eBTYKjQqK3mQy3Ov9AFce4m/TMGSO sgZmaYoEqH4vOUp7IAvTTb0E7/9rCDKlJ1Ny6z8W/Q0aZ4nU+NC0fb3hpDIMG5ncRmLI eyRg== X-Forwarded-Encrypted: i=1; AJvYcCXBkxhMd9LavMpWeMoRmeRXFBrM7WU1r+fNro05sXLtxVrVSyGTGhe7wI5xAFndFW4FRZEKTKToYhkVywa614vA@lists.infradead.org, AJvYcCXZE1eE3q15WwsOlEhxtFDHnRwfOvW7wupP0EohjdTs+coZ9WzT72g5ChICHz3njmn+X86iNHGenRwmr74ZL4Q=@lists.infradead.org X-Gm-Message-State: AOJu0YwKWCV0a33oR5J/Mu4MOO5LG8tuvr6Gf14Ywdmt394agMrW1cIG uKwK++OLMy+KHXmJHaWoWIgoue0GatRbz8lbwastQaXVmd5+GfCg X-Gm-Gg: ASbGncvWUBUzw3/Xw77M5EceqHIwnPWDd3Fhw95YLY+CTNSm1ni+TYmCu31pIQOFmJU ux73XK1ygi57AYWybUVcpLXVDDbeULAHHX9HMQsyUOTRrmzgjlliSD97wECfTdooNvM+i+jcnd0 r+T7+kDl0uKKlMPiLdPiPIqDxRV8BARVarzo1Z89xXBE41DHe3s5SosKy+XhuGl/B+3p6xfF7za QX3RCRqL8vvObYAZNJTm5h9C3bNxfpU2olGHDf+DHiDzVEmZahOf1gwvjRkZ3/p4WPiDH4MoN+f baKJUd4m99is/0gi5qTCYYTyGd2sBDg/P5J04HCQhT1jmMGEW3gVU984FPydNqqPLXiq8QkO3A= = X-Google-Smtp-Source: AGHT+IE84iozQuTG7YLPXSHPMUD1Jp0Hd82dBIjkAMjnqzFh19j2OWr5/GOeKdXGrKNPV87nRB5Drg== X-Received: by 2002:a05:6402:524d:b0:5d2:723c:a57e with SMTP id 4fb4d7f45d1cf-5d81ddacfeemr57802207a12.16.1736240763963; Tue, 07 Jan 2025 01:06:03 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5d80676f3f9sm24005333a12.23.2025.01.07.01.06.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Jan 2025 01:06:03 -0800 (PST) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Andrew Lunn , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , David Ahern , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH v4 net-next 02/13] netfilter: bridge: Add conntrack double vlan and pppoe Date: Tue, 7 Jan 2025 10:05:19 +0100 Message-ID: <20250107090530.5035-3-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250107090530.5035-1-ericwouds@gmail.com> References: <20250107090530.5035-1-ericwouds@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250107_010606_476903_C5F732BF X-CRM114-Status: GOOD ( 14.16 ) X-BeenThere: linux-mediatek@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Linux-mediatek" Errors-To: linux-mediatek-bounces+linux-mediatek=archiver.kernel.org@lists.infradead.org This adds the capability to conntrack 802.1ad, QinQ, PPPoE and PPPoE-in-Q packets that are passing a bridge. Signed-off-by: Eric Woudstra --- net/bridge/netfilter/nf_conntrack_bridge.c | 88 ++++++++++++++++++---- 1 file changed, 75 insertions(+), 13 deletions(-) diff --git a/net/bridge/netfilter/nf_conntrack_bridge.c b/net/bridge/netfilter/nf_conntrack_bridge.c index 816bb0fde718..31e2bcd71735 100644 --- a/net/bridge/netfilter/nf_conntrack_bridge.c +++ b/net/bridge/netfilter/nf_conntrack_bridge.c @@ -241,56 +241,118 @@ static unsigned int nf_ct_bridge_pre(void *priv, struct sk_buff *skb, const struct nf_hook_state *state) { struct nf_hook_state bridge_state = *state; + __be16 outer_proto, inner_proto; enum ip_conntrack_info ctinfo; + int ret, offset = 0; struct nf_conn *ct; - u32 len; - int ret; + u32 len, data_len; ct = nf_ct_get(skb, &ctinfo); if ((ct && !nf_ct_is_template(ct)) || ctinfo == IP_CT_UNTRACKED) return NF_ACCEPT; + switch (skb->protocol) { + case htons(ETH_P_PPP_SES): { + struct ppp_hdr { + struct pppoe_hdr hdr; + __be16 proto; + } *ph = (struct ppp_hdr *)(skb->data); + + data_len = ntohs(ph->hdr.length) - 2; + offset = PPPOE_SES_HLEN; + outer_proto = skb->protocol; + switch (ph->proto) { + case htons(PPP_IP): + inner_proto = htons(ETH_P_IP); + break; + case htons(PPP_IPV6): + inner_proto = htons(ETH_P_IPV6); + break; + default: + return NF_ACCEPT; + } + break; + } + case htons(ETH_P_8021Q): { + struct vlan_hdr *vhdr = (struct vlan_hdr *)(skb->data); + + data_len = 0xffffffff; + offset = VLAN_HLEN; + outer_proto = skb->protocol; + inner_proto = vhdr->h_vlan_encapsulated_proto; + break; + } + default: + data_len = 0xffffffff; + break; + } + + if (offset) { + switch (inner_proto) { + case htons(ETH_P_IP): + case htons(ETH_P_IPV6): + if (!pskb_may_pull(skb, offset)) + return NF_ACCEPT; + skb_pull_rcsum(skb, offset); + skb_reset_network_header(skb); + skb->protocol = inner_proto; + break; + default: + return NF_ACCEPT; + } + } + + ret = NF_ACCEPT; switch (skb->protocol) { case htons(ETH_P_IP): if (!pskb_may_pull(skb, sizeof(struct iphdr))) - return NF_ACCEPT; + goto do_not_track; len = skb_ip_totlen(skb); + if (data_len < len) + len = data_len; if (pskb_trim_rcsum(skb, len)) - return NF_ACCEPT; + goto do_not_track; if (nf_ct_br_ip_check(skb)) - return NF_ACCEPT; + goto do_not_track; bridge_state.pf = NFPROTO_IPV4; ret = nf_ct_br_defrag4(skb, &bridge_state); break; case htons(ETH_P_IPV6): if (!pskb_may_pull(skb, sizeof(struct ipv6hdr))) - return NF_ACCEPT; + goto do_not_track; len = sizeof(struct ipv6hdr) + ntohs(ipv6_hdr(skb)->payload_len); + if (data_len < len) + len = data_len; if (pskb_trim_rcsum(skb, len)) - return NF_ACCEPT; + goto do_not_track; if (nf_ct_br_ipv6_check(skb)) - return NF_ACCEPT; + goto do_not_track; bridge_state.pf = NFPROTO_IPV6; ret = nf_ct_br_defrag6(skb, &bridge_state); break; default: nf_ct_set(skb, NULL, IP_CT_UNTRACKED); - return NF_ACCEPT; + goto do_not_track; } - if (ret != NF_ACCEPT) - return ret; + if (ret == NF_ACCEPT) + ret = nf_conntrack_in(skb, &bridge_state); - return nf_conntrack_in(skb, &bridge_state); +do_not_track: + if (offset) { + skb_push_rcsum(skb, offset); + skb_reset_network_header(skb); + skb->protocol = outer_proto; + } + return ret; } - static unsigned int nf_ct_bridge_in(void *priv, struct sk_buff *skb, const struct nf_hook_state *state) { From patchwork Tue Jan 7 09:05:20 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13928515 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 42F81E77197 for ; Tue, 7 Jan 2025 09:12:11 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=BKIHos904u/55jjyV61JBBioSUFkR0jZBzN6/oqpIaY=; b=VWvU2iZ7bU8cdOwL91Bpxi/WT2 hzQ/eyJZJdPPLDquh8g0XYRX3QfeZjegLHnIuojsQSsMoz3IyO2TLlz8iZc0waYkmnoOJ6QcA4n+R IpdyFUvIszcCt0YPEwxpX9ZYGHBXlIV79EpDOyzVw91hRs2k3eOrGK5clO3Ii79d4/AcJ1N/SZvig 5K1zkvrb+HW4kq0jjf1wpD0aipVki/2shlKOesPF+h+/TrxIaBR+YEkQymIfsuAv+/N3FDfByDJlQ 2lKpet7lqLvwx7AE+EZg0WzUTXwwfoPJUmf7Sds2P5la2apFtOozRByCSZ4vaYATgS/tbZbjr8OaF mpEK5whw==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1tV5dC-000000044Hj-1Kn7; Tue, 07 Jan 2025 09:12:10 +0000 Received: from mail-ed1-x532.google.com ([2a00:1450:4864:20::532]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1tV5XL-000000042W9-2bo6; Tue, 07 Jan 2025 09:06:12 +0000 Received: by mail-ed1-x532.google.com with SMTP id 4fb4d7f45d1cf-5d3e8f64d5dso27508613a12.3; Tue, 07 Jan 2025 01:06:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1736240765; x=1736845565; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=BKIHos904u/55jjyV61JBBioSUFkR0jZBzN6/oqpIaY=; b=IkSSws9pSNODzjafKU+HI95Je8ABuPORPMObqiNjmZ6s3h47vL85952cShVkHGBjYX MI0T0AxChllc4qHlUz+lERAEqFiPuBgI7eOeX+r73mhdG9mAnvo1xxP1K6+e5TVweSUP XzupAbBHRHSJSPbTmBZZ1f0YOCSdgcf4JZFO62wsypSk6jyK67OG907A8BmW+wi/Bcfr T02B59Yvuf9P1O+INEemuMAcfC7kjfW8wr1PWen0HDV5nwSVxujuRtVEKxoMdt18TYKd pdM4LfLkYGg9D34cZh1Qjru2qTMq1NIIXEw+nIXNEP9hUwuJ3fqex5632RCebhVzhQIc IYLw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736240765; x=1736845565; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=BKIHos904u/55jjyV61JBBioSUFkR0jZBzN6/oqpIaY=; b=F6rxI6kb3jjNzdjZt/5PTNR4OUS/vzXxZ2wvfJezZxkZgFom4OMJQPSR0qGZMAdciZ Eord6nBs+2UHhzGTZvqJoB78Ze70MqzaYDqhEiLh1vjQvN1PqoSepiB6zXznlbCUtLOu jAIQ8MEMy9fPH7tZvtdKY+tvYKwPs6jsMh+wNIiSXKSWb5yEh3mWqCuXgUTiquMI3ro2 888L+7u3U1Ys4CumT4l+bRdfibRuy/8tGbZPPTMG76O9PC0hJSyQVxvp5usb26arcb/8 4vCNCqsdyUZbnA1yukDizJ2gZPW/MYn5rq4qOENFlJeYFSwSgYQFHI9gTCWz27K2uahK JYFg== X-Forwarded-Encrypted: i=1; AJvYcCWfzXR67nFAP5YHNLbUZloxlG+J3A234smdle0Ol2hsYW3Py+axKVF2wWVsI62+KVAsKrsEM8exDpk0xj63ZI80@lists.infradead.org, AJvYcCXTwTVHEqzPjKFK83CZ3mLIa5cgpbUSZuR+Hhxj29dzNfdRccwvgzP9eooHkitBHmfgLQwt0RnhRdE1MfanO2g=@lists.infradead.org X-Gm-Message-State: AOJu0YyqkUtEpRekdnzDjBVEz5x7EIZRjUC47OSaTMiwfIgC4oBg2cQV CGwShihLghVOSLQXFFP7cPuhc4IAcwbuLzYsO64i1dNstUASJd9J X-Gm-Gg: ASbGncvLBq3YJ6LRi3qpidflG33grC4D0T093EJw8XjcXyMsktj2owXHuP+nbbiHhRQ Gncr5GzYweQAofS2DqcSOoT9wQ1CPU3Uol/pn0bRKEURtjW/9e5eQvZ5dW0SvLsylN2SJTs+uOw 8niFf6akep/gzFCQgfQIHybwTubfJsTc+SXjEtJPnL7M4Pc/6afoc4Q9ls0pM9kmqIqxcQdVHkM d2mMWVTaPLtRnWCbMvzL2ZFECkPRBX3I7WJMMgrdCRpzIQGNEfAmSRGhbuyvQ3gqO0VwPtZGSRV 7x1WtJTELcm1m4fVkBvid7xAGlsGzfN6E0p9qApukcgygtLxbjahs1ZJ1jWMpHTzsQSQiZXvCA= = X-Google-Smtp-Source: AGHT+IF9Q6hAjeuuV+Dr+SGY25DZC7a14teg1xdkg9BFE9rkMwMad+u2nsuZglYNPKcORNXEsZ1PbA== X-Received: by 2002:a05:6402:2315:b0:5d4:320:ee66 with SMTP id 4fb4d7f45d1cf-5d81de5d419mr44287641a12.31.1736240765137; Tue, 07 Jan 2025 01:06:05 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5d80676f3f9sm24005333a12.23.2025.01.07.01.06.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Jan 2025 01:06:04 -0800 (PST) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Andrew Lunn , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , David Ahern , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH v4 net-next 03/13] netfilter: nft_chain_filter: Add bridge double vlan and pppoe Date: Tue, 7 Jan 2025 10:05:20 +0100 Message-ID: <20250107090530.5035-4-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250107090530.5035-1-ericwouds@gmail.com> References: <20250107090530.5035-1-ericwouds@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250107_010607_660172_65C807E3 X-CRM114-Status: GOOD ( 12.29 ) X-BeenThere: linux-mediatek@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Linux-mediatek" Errors-To: linux-mediatek-bounces+linux-mediatek=archiver.kernel.org@lists.infradead.org This adds the capability to evaluate 802.1ad, QinQ, PPPoE and PPPoE-in-Q packets in the bridge filter chain. Signed-off-by: Eric Woudstra --- net/netfilter/nft_chain_filter.c | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/net/netfilter/nft_chain_filter.c b/net/netfilter/nft_chain_filter.c index 7010541fcca6..91aa3fa43d31 100644 --- a/net/netfilter/nft_chain_filter.c +++ b/net/netfilter/nft_chain_filter.c @@ -232,11 +232,27 @@ nft_do_chain_bridge(void *priv, struct sk_buff *skb, const struct nf_hook_state *state) { + struct ethhdr *ethh = eth_hdr(skb); struct nft_pktinfo pkt; + int thoff; nft_set_pktinfo(&pkt, skb, state); - switch (eth_hdr(skb)->h_proto) { + switch (ethh->h_proto) { + case htons(ETH_P_PPP_SES): + thoff = PPPOE_SES_HLEN; + ethh += thoff; + break; + case htons(ETH_P_8021Q): + thoff = VLAN_HLEN; + ethh += thoff; + break; + default: + thoff = 0; + break; + } + + switch (ethh->h_proto) { case htons(ETH_P_IP): nft_set_pktinfo_ipv4_validate(&pkt); break; @@ -248,6 +264,8 @@ nft_do_chain_bridge(void *priv, break; } + pkt.thoff += thoff; + return nft_do_chain(&pkt, priv); } From patchwork Tue Jan 7 09:05:21 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13928514 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id ECADFE77197 for ; Tue, 7 Jan 2025 09:10:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=inK7YfAKbOx/gvsqH8JrlXFRxeSCmPFOnUoO4T3PkD0=; b=j8+vRrnKJw1jPN9MkUmQ1VKEAm 6f5qSTMZxMH2+JkB9MoNh4Gt1hojXRN0Vu8pZ2jKDi9Iat7HwuRI2i10Rco+hzFb/ONeKvlFGPn1G 8bGI6m1cjrDbuBASAGByEtnBzPRKFW0U36+ByGztAM9wuA5aEzHmJ35YKamui1d8v+d2Qrbm0e3dG WXmOtLYdnILtEL+YcFfqs/Sv7sFUEvMnmMSW0k9dxW/UNGAv4En7Rfc/Q6k82f8HzmXs3PgH2+Z/7 hgHWYtqFSQY87xqN4xNGdUb8JPne8VKgGeSp1ZE9RzSbNSKLGIEZRpM3gIkpOy7W9MoQFT/aQiDjz 92XvjAKA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1tV5c2-0000000442w-0Oc8; Tue, 07 Jan 2025 09:10:58 +0000 Received: from mail-ej1-x62f.google.com ([2a00:1450:4864:20::62f]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1tV5XM-000000042Wt-3XZG; Tue, 07 Jan 2025 09:06:10 +0000 Received: by mail-ej1-x62f.google.com with SMTP id a640c23a62f3a-aaeec07b705so1745660266b.2; Tue, 07 Jan 2025 01:06:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1736240767; x=1736845567; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=inK7YfAKbOx/gvsqH8JrlXFRxeSCmPFOnUoO4T3PkD0=; b=BkBxx+ve8Vs2CXi7vI6FEJyIUSpnSwXBIVOwEfObaEdXdAP1culrkTAAGrI9ZgCpHw sOgSQ8RQGluySD0pnnvzFds/K7dG/SWjrKambEJRLea8ZNyHSAKQMEWQdmq4P487i6Qv SQM1N9bM24usZPWMdgizE8cRgv0fo8m3wSHhjujpL6g9nrjo0tQKt4GKBc/Xrj1B04Fo 7fB3pNBYtn891DPorEKYnx4lzV/ttvhCG0GM7k6VmuUiheEi89nVBnVoQr/BQ0tehZG5 /g1N1Iw6KQJcqH/6coWDwqXDtiI1WmqFQ5OYGOWbloPq8LLQ/GOr9cOsZo4YIHxqr3Gt vctQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736240767; x=1736845567; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=inK7YfAKbOx/gvsqH8JrlXFRxeSCmPFOnUoO4T3PkD0=; b=QOGB9zqD9JJdPWz7KfAoYdqVdRDRYk5/mO2U54rKb3yC/JSF1sY0Kc9krqcZRV3JgT sXYxVr1i8wsPwxxGJS86m1KfYrxASvfKc9LtQW3Gp359JH6AbngvtHikJzmelPEkOvXc QIcdISef1E4PCPOtTew5OZzQW+rLGbxSCyDsd3lGhPbPfiEn9LhZ/R0WPh13PLRMmy+L 9VV1az7xet9dzSx2BF9xdcMcADW2iHQp4NlYo+z0ZBvK0CDgtfRZqwbVJfuadGN2/FwY uhJ6uZJzBg3PqyKdRP0854lgGSVSRd8IwUU+1qwLqiaYMwfX6HiNabocFghySpjKd7Ah 9x9g== X-Forwarded-Encrypted: i=1; AJvYcCUv0oCp1H4Zfhja7Rv6SrmvadznMQy2XkgyN7HsvlEdLi+1OhIAIggFcwdo6Zj3M5sCou8TzxAQH1eLMeAp23w=@lists.infradead.org, AJvYcCV2CH0T+OiqCzH+X4MZ3B5MLVmO1ojxGCVzKllIpwZbL1VGDQK6zHf97A6zKE2G9wtuAsaUIlT933beUg7ZCiK1@lists.infradead.org X-Gm-Message-State: AOJu0YzB5sK2bzWxV1avnAhAJQTKM6mnRFuesenHYdYhS+uojE/p5muj GNg2TW5F8EWy+sL7ZfY54MERj4Nl5fvyI7SL/mCTdXVPTAKo6h0Q X-Gm-Gg: ASbGncs7FO/nAi+hGi1lX1KxdKuk3CtQzAc6lXAXfCIy4IJII2LZDUPuoYlr1YLjhK4 Oh0kFuxfdoy1MubruCTWzzQyfWlfVomijJPujoOfK62T555gz3e+5DLzoZz/1uqvwtYAtS15ZDG 5DpSdNqpGkzl6q+Vrj1J+elXbspmCyYHh0gMfmBWdsPaUY9V4fMQfCI0nldgY5eGVaExLx8tOj8 un53BvTuE2BrMoeEWEy9cmqTsJcuFuI0vca9Mnr+5+EsE8KmFnIFROTVm4xFEePFsRD/rhyBQ3N ByiTaRi695d4snBSBJWEzx50HcOYL7VCVFa60H0ZWmPwoQraPKWDE35cUswoikaddAMykch+Nw= = X-Google-Smtp-Source: AGHT+IHrdDy9A9gTXFzVem5TTKGvqrwcwaAGIG1kmAOtqGfBDbimoZPMTBSrG7qD5IXkUnDJ5cWKBA== X-Received: by 2002:a17:907:1c1e:b0:aab:9268:2626 with SMTP id a640c23a62f3a-aac2cf5063fmr6251574966b.25.1736240766425; Tue, 07 Jan 2025 01:06:06 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5d80676f3f9sm24005333a12.23.2025.01.07.01.06.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Jan 2025 01:06:05 -0800 (PST) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Andrew Lunn , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , David Ahern , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH v4 net-next 04/13] bridge: Add filling forward path from port to port Date: Tue, 7 Jan 2025 10:05:21 +0100 Message-ID: <20250107090530.5035-5-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250107090530.5035-1-ericwouds@gmail.com> References: <20250107090530.5035-1-ericwouds@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250107_010608_880034_92F835DA X-CRM114-Status: GOOD ( 16.54 ) X-BeenThere: linux-mediatek@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Linux-mediatek" Errors-To: linux-mediatek-bounces+linux-mediatek=archiver.kernel.org@lists.infradead.org If a port is passed as argument instead of the master, then: At br_fill_forward_path(): find the master and use it to fill the forward path. At br_vlan_fill_forward_path_pvid(): lookup vlan group from port instead. Signed-off-by: Eric Woudstra --- net/bridge/br_device.c | 19 ++++++++++++++----- net/bridge/br_private.h | 2 ++ net/bridge/br_vlan.c | 6 +++++- 3 files changed, 21 insertions(+), 6 deletions(-) diff --git a/net/bridge/br_device.c b/net/bridge/br_device.c index 0ab4613aa07a..c7646afc8b96 100644 --- a/net/bridge/br_device.c +++ b/net/bridge/br_device.c @@ -383,16 +383,25 @@ static int br_del_slave(struct net_device *dev, struct net_device *slave_dev) static int br_fill_forward_path(struct net_device_path_ctx *ctx, struct net_device_path *path) { + struct net_bridge_port *src, *dst; struct net_bridge_fdb_entry *f; - struct net_bridge_port *dst; struct net_bridge *br; - if (netif_is_bridge_port(ctx->dev)) - return -1; + if (netif_is_bridge_port(ctx->dev)) { + struct net_device *br_dev; + + br_dev = netdev_master_upper_dev_get_rcu((struct net_device *)ctx->dev); + if (!br_dev) + return -1; - br = netdev_priv(ctx->dev); + src = br_port_get_rcu(ctx->dev); + br = netdev_priv(br_dev); + } else { + src = NULL; + br = netdev_priv(ctx->dev); + } - br_vlan_fill_forward_path_pvid(br, ctx, path); + br_vlan_fill_forward_path_pvid(br, src, ctx, path); f = br_fdb_find_rcu(br, ctx->daddr, path->bridge.vlan_id); if (!f) diff --git a/net/bridge/br_private.h b/net/bridge/br_private.h index 29d6ec45cf41..94603c64fb63 100644 --- a/net/bridge/br_private.h +++ b/net/bridge/br_private.h @@ -1584,6 +1584,7 @@ bool br_vlan_can_enter_range(const struct net_bridge_vlan *v_curr, const struct net_bridge_vlan *range_end); void br_vlan_fill_forward_path_pvid(struct net_bridge *br, + struct net_bridge_port *p, struct net_device_path_ctx *ctx, struct net_device_path *path); int br_vlan_fill_forward_path_mode(struct net_bridge *br, @@ -1753,6 +1754,7 @@ static inline int nbp_get_num_vlan_infos(struct net_bridge_port *p, } static inline void br_vlan_fill_forward_path_pvid(struct net_bridge *br, + struct net_bridge_port *p, struct net_device_path_ctx *ctx, struct net_device_path *path) { diff --git a/net/bridge/br_vlan.c b/net/bridge/br_vlan.c index d9a69ec9affe..07dae3655c26 100644 --- a/net/bridge/br_vlan.c +++ b/net/bridge/br_vlan.c @@ -1441,6 +1441,7 @@ int br_vlan_get_pvid_rcu(const struct net_device *dev, u16 *p_pvid) EXPORT_SYMBOL_GPL(br_vlan_get_pvid_rcu); void br_vlan_fill_forward_path_pvid(struct net_bridge *br, + struct net_bridge_port *p, struct net_device_path_ctx *ctx, struct net_device_path *path) { @@ -1453,7 +1454,10 @@ void br_vlan_fill_forward_path_pvid(struct net_bridge *br, if (!br_opt_get(br, BROPT_VLAN_ENABLED)) return; - vg = br_vlan_group(br); + if (p) + vg = nbp_vlan_group(p); + else + vg = br_vlan_group(br); if (idx >= 0 && ctx->vlan[idx].proto == br->vlan_proto) { From patchwork Tue Jan 7 09:05:22 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13928521 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id B363BE77197 for ; Tue, 7 Jan 2025 09:14:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=Nrwgi24+JwpSHmI0m5MVBAM3u5qvCwn+TDjEgeV2UcI=; b=Jd37qpqAFgvpZKECFilX5iVKxS XwF1lOW7JgSnDkdtPLoxKZiN8E/XDR7pQivEoVrbaIsn1eWh7FhbCZYEyk8MIJ07NQojtm8pFhWRd qfilOu0UqMCyson0NQt2PdSgN/UWYMe4TmMKo8hb26ZZ1T5RdK0cm93kzaCzu1s9zMWrxvwF2Z/qa PbWH3eZ0OdFRjAi//rdwRALdgJ2LR0/VUW7F92R8HtIC50sRMcq1S9xdcJPpn5RjWH9WOUWW+ldAO kz+c1zeyM6FSGBQsHvM0F5n195ph53xrUfW4o89gzxl3UqxapePRS+3N9vcQ9aKZ4RnfsaYoxI6i3 0TGKboAA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1tV5fV-000000044cV-3ZaY; Tue, 07 Jan 2025 09:14:33 +0000 Received: from mail-ed1-x531.google.com ([2a00:1450:4864:20::531]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1tV5XO-000000042YM-47oB; Tue, 07 Jan 2025 09:06:14 +0000 Received: by mail-ed1-x531.google.com with SMTP id 4fb4d7f45d1cf-5d3d479b1e6so21924144a12.2; Tue, 07 Jan 2025 01:06:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1736240769; x=1736845569; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Nrwgi24+JwpSHmI0m5MVBAM3u5qvCwn+TDjEgeV2UcI=; b=Ld4S2bSOhxNVBAEUfZJmC6Wth4/2+2Mj3CjzgL+PKz84SEcddFpxeBywyeI1kEZaaL L/xmAGcu/hUBhGrglDbJ7DOcaaGduRkr5NnbHZ01p8aMtb/pvQVmaHzyzTJ0CpcCvWwT WoxuRq/vQ/r8tlmp+s1Awat9dFEKrTR4LoEazvGx9SwD7MfRb/4E8UFaq9KHE3f2tW9E 710tOQuWfK1VdY85MEyBl6MAZaSNPSFi7Nx6hAzHyS2pLxZwXw7FszyEiwMZGg21iJ0R 5GA/vQ6nhvXlUus+eIST7uv7yUr0dKSOOiVDFhLyOr9EAARVblbuTArF9KPe+Xc4tfVN /q1A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736240769; x=1736845569; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Nrwgi24+JwpSHmI0m5MVBAM3u5qvCwn+TDjEgeV2UcI=; b=LWUuHr0ZFTNLiVctII4hqDR4KIj3BP8mQMSylmJFJPuDtU7GNxR/nav4EgXdUGEBWG zJYfA1rVzwwWrkfht4IHgq/K1BH057Eeax4yJgqeBgY4cJakXwVPkuKVqwsT8561/qd7 mqsocVfaqisVFAxT2D1Q2ohglwZ4vVn+0MDgJ9+Ap0RWSt0al1NBkXUDK5SQMwbMeMsM anUI9XZzDB55rMsoyDtM7p9OS5eY7W/1iW/RFQ+gmRXS3Rpz6ryPY4UXeK0z07UjZ6PS s+/SXixbSwup0bCV5fwHuecuQKYHrrMPLkZuEpDQziGtraYPH3Cw3H0b/0jHpC7Hej3J ZtAg== X-Forwarded-Encrypted: i=1; AJvYcCUfKLPQm1kWV6CL83QDoU4SW6z6NwAsD4FOIvyS4J20ZsmnCXVlun9gUFWdRoXgUaOGBR1fwojQ3Y0hDed8Yvun@lists.infradead.org, AJvYcCW/kpKoORxmfs3ZFHCDtDDr35UwXU6v5aghtU0V/ptshZ03TSbacy/gUYCt+BuE26tYSHgYKY1M2gvoHeZFIec=@lists.infradead.org X-Gm-Message-State: AOJu0YwjVsl1FXKXL3OMdyyw+vcjgkfNdFpzppFUsIoArR31vjeA8yjE PfIzq4XU8q8CkoVwcfoRctdRiR6bA3UvUTkkbXJMTpvmXeOeeYyA X-Gm-Gg: ASbGncvedF3jsm7qhoMLG+x3KrwS77q37+f2zAXCLzE+q+XgWfEwuZ1NMemuULbVlOi VuT4owzcw3ZVeUQMpaaTRoC/T8wygWKzV9iuU/7RuaXzDWCXnMgu9zrSnNZDl/Nzx8Z322nKDln 0aoGGOpyErI1/TAKlKt53O6+TspA5nU9ZgRyaA43JZlheNOZVQgCvUAvVfEymWZM2Xr4jdoq3HN J0YTV7U94oD0/b3/sdkSsJqT6Q/GY1cERZET162k46Wn/aZ1SDdeJDIC9dKQKJ0afOoD0AJ/GTU Ob0qneXMSq1B3U1Q7OMI2MYIsq0K/w5pQvuJSPojJDgiU4ujo1NQaRaMzXVRZ45fSGqMuXD0bQ= = X-Google-Smtp-Source: AGHT+IGuixhYjL4SuyghMfzPKIs9WMN7N2be7FgjYC3LBKQ+ZlOzUPBDz9qqDNyF0KSv3KcGoiKbCA== X-Received: by 2002:a05:6402:40c9:b0:5d1:1064:326a with SMTP id 4fb4d7f45d1cf-5d81ddbf672mr139428959a12.15.1736240768590; Tue, 07 Jan 2025 01:06:08 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5d80676f3f9sm24005333a12.23.2025.01.07.01.06.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Jan 2025 01:06:07 -0800 (PST) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Andrew Lunn , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , David Ahern , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH v4 net-next 05/13] net: core: dev: Add dev_fill_bridge_path() Date: Tue, 7 Jan 2025 10:05:22 +0100 Message-ID: <20250107090530.5035-6-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250107090530.5035-1-ericwouds@gmail.com> References: <20250107090530.5035-1-ericwouds@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250107_010611_036263_48B7501C X-CRM114-Status: GOOD ( 17.28 ) X-BeenThere: linux-mediatek@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Linux-mediatek" Errors-To: linux-mediatek-bounces+linux-mediatek=archiver.kernel.org@lists.infradead.org New function dev_fill_bridge_path(), similar to dev_fill_forward_path(). It handles starting from a bridge port instead of the bridge master. The structures ctx and nft_forward_info need to be already filled in with the (vlan) encaps. Signed-off-by: Eric Woudstra --- include/linux/netdevice.h | 2 ++ net/core/dev.c | 66 +++++++++++++++++++++++++++++++-------- 2 files changed, 55 insertions(+), 13 deletions(-) diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h index 2593019ad5b1..7d66a73b880c 100644 --- a/include/linux/netdevice.h +++ b/include/linux/netdevice.h @@ -3187,6 +3187,8 @@ void dev_remove_offload(struct packet_offload *po); int dev_get_iflink(const struct net_device *dev); int dev_fill_metadata_dst(struct net_device *dev, struct sk_buff *skb); +int dev_fill_bridge_path(struct net_device_path_ctx *ctx, + struct net_device_path_stack *stack); int dev_fill_forward_path(const struct net_device *dev, const u8 *daddr, struct net_device_path_stack *stack); struct net_device *__dev_get_by_flags(struct net *net, unsigned short flags, diff --git a/net/core/dev.c b/net/core/dev.c index e7223972b9aa..f41b159ee9c5 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -713,44 +713,84 @@ static struct net_device_path *dev_fwd_path(struct net_device_path_stack *stack) return &stack->path[k]; } -int dev_fill_forward_path(const struct net_device *dev, const u8 *daddr, - struct net_device_path_stack *stack) +static int dev_fill_forward_path_common(struct net_device_path_ctx *ctx, + struct net_device_path_stack *stack) { const struct net_device *last_dev; - struct net_device_path_ctx ctx = { - .dev = dev, - }; struct net_device_path *path; int ret = 0; - memcpy(ctx.daddr, daddr, sizeof(ctx.daddr)); - stack->num_paths = 0; - while (ctx.dev && ctx.dev->netdev_ops->ndo_fill_forward_path) { - last_dev = ctx.dev; + while (ctx->dev && ctx->dev->netdev_ops->ndo_fill_forward_path) { + last_dev = ctx->dev; path = dev_fwd_path(stack); if (!path) return -1; memset(path, 0, sizeof(struct net_device_path)); - ret = ctx.dev->netdev_ops->ndo_fill_forward_path(&ctx, path); + ret = ctx->dev->netdev_ops->ndo_fill_forward_path(ctx, path); if (ret < 0) return -1; - if (WARN_ON_ONCE(last_dev == ctx.dev)) + if (WARN_ON_ONCE(last_dev == ctx->dev)) return -1; } - if (!ctx.dev) + if (!ctx->dev) return ret; path = dev_fwd_path(stack); if (!path) return -1; path->type = DEV_PATH_ETHERNET; - path->dev = ctx.dev; + path->dev = ctx->dev; return ret; } + +int dev_fill_bridge_path(struct net_device_path_ctx *ctx, + struct net_device_path_stack *stack) +{ + const struct net_device *last_dev, *br_dev; + struct net_device_path *path; + + stack->num_paths = 0; + + if (!ctx->dev || !netif_is_bridge_port(ctx->dev)) + return -1; + + br_dev = netdev_master_upper_dev_get_rcu((struct net_device *)ctx->dev); + if (!br_dev || !br_dev->netdev_ops->ndo_fill_forward_path) + return -1; + + last_dev = ctx->dev; + path = dev_fwd_path(stack); + if (!path) + return -1; + + memset(path, 0, sizeof(struct net_device_path)); + if (br_dev->netdev_ops->ndo_fill_forward_path(ctx, path) < 0) + return -1; + + if (!ctx->dev || WARN_ON_ONCE(last_dev == ctx->dev)) + return -1; + + return dev_fill_forward_path_common(ctx, stack); +} +EXPORT_SYMBOL_GPL(dev_fill_bridge_path); + +int dev_fill_forward_path(const struct net_device *dev, const u8 *daddr, + struct net_device_path_stack *stack) +{ + struct net_device_path_ctx ctx = { + .dev = dev, + }; + + memcpy(ctx.daddr, daddr, sizeof(ctx.daddr)); + + stack->num_paths = 0; + + return dev_fill_forward_path_common(&ctx, stack); +} EXPORT_SYMBOL_GPL(dev_fill_forward_path); /** From patchwork Tue Jan 7 09:05:23 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13928522 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id EC1E4E77199 for ; Tue, 7 Jan 2025 09:14:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=0IPV+/btLneRoSo5HiyXyxa4AsB3fEttv56AKWcCbic=; b=vKFe1FTMMP9Gb4Pft64q/jp1+y pKpgHivHFRGDRzIhevafXQMOeK0q158wBSvkrJcGyTce3bPW4Hd6fHdr4eUvy8P5FvkU1++wpUPev tDU4EEeX9qUxlwqBGuyERigOQ8AMyC14hZbpXxzY9CsHsFcoTa6YYO6TFaV1nvE/EGpNOJkt88lR3 pzh36wiGkkHy7Gh910QDEwfstjGEOcMyPI4Oi9+3khe19JezTfR5fSzonI/O9ZS0mfIKrYZ+sNhBy mmxHq10M4ARpOXS5RiYMaeYvKliFt9RaoPWAJD1QIa7Il2Yl0/9uiLwzg0Pm6qnVyutjJWfw5YdcS zNDRiLTA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1tV5fW-000000044cr-0d6J; Tue, 07 Jan 2025 09:14:34 +0000 Received: from mail-ed1-x529.google.com ([2a00:1450:4864:20::529]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1tV5XQ-000000042YX-0BXQ; Tue, 07 Jan 2025 09:06:15 +0000 Received: by mail-ed1-x529.google.com with SMTP id 4fb4d7f45d1cf-5d3f57582a2so28917119a12.1; Tue, 07 Jan 2025 01:06:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1736240770; x=1736845570; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=0IPV+/btLneRoSo5HiyXyxa4AsB3fEttv56AKWcCbic=; b=LUHFLIdWrQkEozWcCKCC15mP4zn7XR00xXfSrySrKp+PwxPGz37RWSi3hnRYXu79cg M4QbL2Q6hCH8yJRJf/vhh4WPikJtrjo0k8qxRCicgY9th/I3YCIZ1ZW02MpsAn36N6kS YEZStTAcrDUm74U5icsi04K7YrddqckQv7m0iT4IfClaWJN80IKzoAYhi/STkMRWrXRh EjYJqc5+Spr81nwZ81WPOaYmSSljYGwnQlifGLk8aoaYc6rt6YfuDwgM8JhxqiNcGdnG iTBOUbxnhUXoQVM4KF0rEV/KFimWiPz6S9M4+9L8fDb5CogEAz1RZJarcocoYf35e21i ZnZw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736240770; x=1736845570; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=0IPV+/btLneRoSo5HiyXyxa4AsB3fEttv56AKWcCbic=; b=pKvIeIZ4tPwCe1gZuyO6EJtanBGZtcXvoMOnddeq9HkbrQWJrUTHy028o2RlDD0guu ecSWUZ9ZTRo7mDTJK78yT14/fR/XqE/YQEArrRvY7e3HSW/Ppkv+tdsiL3VzqT7pRf9y 4uKT5DtZwYpTulM+LN7EDbHjf06d6yt9A85BsFLjZcjjw4fAgxa+GGiBHluR29bEJwAx YI3SJBU0U6oWYIX7Mtuxp3IgnHTuUdzAW7cZ3A+wg2ItFwgcvXVYoJgOUDt9wQ8TGhOb fsiofGaZOOJbVZcgwpeYD280M9L/zZzjHzXiH7zucdFb/qDX3KWFmbA93iWMaWAQxpx9 2cjQ== X-Forwarded-Encrypted: i=1; AJvYcCUTf0/HMkp1xQdvnSG2FjIEzXv+D45mY0wFiQSraLPYGvpPRiSmwaiInxteRVwCTKGqYWc3dGs+LG1ApcVh/zQ=@lists.infradead.org, AJvYcCXx4KzEbVCw3VCHR6XpAAUMG5zEx5rmStlQRQusQlDqYm/H/t/mB1Eb2B4MdeYD1YbOak8pE9n68wDF8ENc6UgK@lists.infradead.org X-Gm-Message-State: AOJu0YwX9emHyh7xBnPl9N2Uh0YovFfqk+J2PDrVDCT6fHyM5HR5PmjQ u/t9orLNLeqJnMpQbzwVM9VExPNbc3QKc0VVw6MGtDiYjRZmkERu X-Gm-Gg: ASbGnct7jMu9fvAWq2fW9tPIZtgm+0i3yxPVOX66PO4FVOnxmi/QcG/NyWMVfx7r4LB EajkACu2uZvkZysVS8JNpuSmBYfEiv5pvunA6W5IRPLIVu4GZ03rouamXO0SWloKP3rbs8k0Psc ccACxmgicMUYp2z43BgsOvTNxd5GthS6dP3iOC/jM8uw4sNNaGFiL8ZaPBM9e1jMNlG/9VhIhJG mv7r8P4sWT737H8O8OP4J3k2zR788mxGZw8Zi4PA5bw9wueHT3zPxD0cAhTLq/APF06ygOwKlMq Tm9upU1gVzyuzwnlbOXkIgsUlFqwgdAKPqPY0XrwAdv/UpxUER8OMgIXx5mR66FCw5OGN98+jA= = X-Google-Smtp-Source: AGHT+IGuwqZCeoYTDAlGotcMA4hMjnDwkRNwCsaQvYcPeOTdVvTuTBvdK5LwWWAVBu+HrkBFOHXWUg== X-Received: by 2002:a05:6402:26d1:b0:5d3:e9fd:9a16 with SMTP id 4fb4d7f45d1cf-5d95e916b32mr1930324a12.12.1736240769741; Tue, 07 Jan 2025 01:06:09 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5d80676f3f9sm24005333a12.23.2025.01.07.01.06.08 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Jan 2025 01:06:09 -0800 (PST) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Andrew Lunn , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , David Ahern , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH v4 net-next 06/13] netfilter :nf_flow_table_offload: Add nf_flow_rule_bridge() Date: Tue, 7 Jan 2025 10:05:23 +0100 Message-ID: <20250107090530.5035-7-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250107090530.5035-1-ericwouds@gmail.com> References: <20250107090530.5035-1-ericwouds@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250107_010612_081604_FAACA328 X-CRM114-Status: GOOD ( 10.84 ) X-BeenThere: linux-mediatek@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Linux-mediatek" Errors-To: linux-mediatek-bounces+linux-mediatek=archiver.kernel.org@lists.infradead.org Add nf_flow_rule_bridge(). It only calls the common rule and adds the redirect. Signed-off-by: Eric Woudstra --- include/net/netfilter/nf_flow_table.h | 3 +++ net/netfilter/nf_flow_table_offload.c | 13 +++++++++++++ 2 files changed, 16 insertions(+) diff --git a/include/net/netfilter/nf_flow_table.h b/include/net/netfilter/nf_flow_table.h index b63d53bb9dd6..568019a3898a 100644 --- a/include/net/netfilter/nf_flow_table.h +++ b/include/net/netfilter/nf_flow_table.h @@ -341,6 +341,9 @@ void nf_flow_table_offload_flush_cleanup(struct nf_flowtable *flowtable); int nf_flow_table_offload_setup(struct nf_flowtable *flowtable, struct net_device *dev, enum flow_block_command cmd); +int nf_flow_rule_bridge(struct net *net, struct flow_offload *flow, + enum flow_offload_tuple_dir dir, + struct nf_flow_rule *flow_rule); int nf_flow_rule_route_ipv4(struct net *net, struct flow_offload *flow, enum flow_offload_tuple_dir dir, struct nf_flow_rule *flow_rule); diff --git a/net/netfilter/nf_flow_table_offload.c b/net/netfilter/nf_flow_table_offload.c index e06bc36f49fe..5543ce03a196 100644 --- a/net/netfilter/nf_flow_table_offload.c +++ b/net/netfilter/nf_flow_table_offload.c @@ -679,6 +679,19 @@ nf_flow_rule_route_common(struct net *net, const struct flow_offload *flow, return 0; } +int nf_flow_rule_bridge(struct net *net, struct flow_offload *flow, + enum flow_offload_tuple_dir dir, + struct nf_flow_rule *flow_rule) +{ + if (nf_flow_rule_route_common(net, flow, dir, flow_rule) < 0) + return -1; + + flow_offload_redirect(net, flow, dir, flow_rule); + + return 0; +} +EXPORT_SYMBOL_GPL(nf_flow_rule_bridge); + int nf_flow_rule_route_ipv4(struct net *net, struct flow_offload *flow, enum flow_offload_tuple_dir dir, struct nf_flow_rule *flow_rule) From patchwork Tue Jan 7 09:05:24 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13928523 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 3483EE77198 for ; Tue, 7 Jan 2025 09:15:47 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=pk+qY6px5gG3FxqwFvW1Op3xt7LAoxtK3/4BHj1Cflg=; b=dj/wXJ4hdZ+ljCKiHUzO4CdWnY Se1EOzkuvR9D7iihioQ7Tdy9PLI2zlFIVGX6ozeLszksSZu3zqknLDSEv1G0h16k9fNH0VXZ+FBuG Knaj+RGo2zqtsi2D7OuIFD4YhDBSneURPSulLSqTLN0BYLxNepbNYJCr4mMkjlXsQcuz9B5V3Ykd/ Cznvlk0SJieIc5XpvfS8MRlKlEr/hmepBYUG3qZlX2Q7JPId74avXAedigz4GrZhdygc452nBi9+8 8guRd8pMjDODT2B/joEfOx83rVNCKpd6hEzB+iYuJS4zsg+Wgq1rC0SF6KUGDprhUzN2qGJLbYi1Q ge39TY3w==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1tV5gg-000000044pA-0Zu5; Tue, 07 Jan 2025 09:15:46 +0000 Received: from mail-ed1-x52a.google.com ([2a00:1450:4864:20::52a]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1tV5XR-000000042Zg-49l2; Tue, 07 Jan 2025 09:06:15 +0000 Received: by mail-ed1-x52a.google.com with SMTP id 4fb4d7f45d1cf-5d3e6274015so27119005a12.0; Tue, 07 Jan 2025 01:06:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1736240772; x=1736845572; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=pk+qY6px5gG3FxqwFvW1Op3xt7LAoxtK3/4BHj1Cflg=; b=JXNJ1Pnyhlhh+B22TMjdaM/c1mVt/5MIWTNxNjU9LaH0vcScLeSCHVsb2X4y3Bt/pm jeNE8N3fR2qjtJBY6xxSFbJLcRFhKEzWchVVtbUk7VDYe2+uGhh5ikWuh4D5qpSfvKCL J+g/ta94dMpTvBP5QzZtbqpGKg8g+oTS7N227TA+2O6Duzhr86N45MMqcQ81spkGrtyn VcnJbw+Ugq9p1pERrBMCagZEw/wEPfkhdrc6EYOxS9i+kRiPwYwzg/MC0T0MSCBChBiK sMPl+wsIIiPAJ9AIsKrRMFq5lld/Ps8WVt2xKWwxKmtKCQF2hVrpm8iMzSEECrC75Tea BC6g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736240772; x=1736845572; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=pk+qY6px5gG3FxqwFvW1Op3xt7LAoxtK3/4BHj1Cflg=; b=UCh0Vs8oTeMPOUVtExhn1YM0QeZ7MZpco8vKweFi3uAp3/Ha4IxMzyaBAXAequUdzE zThtcnuaa+0kg1apd54eA8kYxjJsstsy+d3DyTELvvwSR5vW3B2JVO8gGP/2FFGvl6nL hElgZB/Sw/rCcEf6mC/U3KQGxKRc0aoAUi4YFJ5KiOuozB9+0Y3WsBPtMnjhhUxYBQNi 29I8lyayV9oQWr4cqCwX2iNjYdcsQ358VDrcRHEu0Wlb8bte1HYAskpk3TatBkY5EWCl WbZxVBbyhkc9LMPIrgZIm5R/ANpZRMHEF4qqX5pXS/PFOYZXY8zxSR9QQ2SFGCaHgF9Z dV1w== X-Forwarded-Encrypted: i=1; AJvYcCU6NXeeIBQ8lg1lKCsJygIAiHeOgTb3fPSHbV8a/vIczXppFtV2lQoiWzvOO+OjcAZ9QLwLXM4/CYC9jhTQNq9U@lists.infradead.org, AJvYcCVzkhK7n5FhCQbUkG7pq7PqpvfGX0EU/HTjPU4PKnYRXiah/CmZXY4T9FBli8SVRufdb3mF+0P88Mpl4eb5fcM=@lists.infradead.org X-Gm-Message-State: AOJu0YzWdPYW4B+unwPdrj5xXgveJc5AQ1vHrTqE+uCZg4Zzl/Dkf3yi FPVZ2pDEKeAd+AjYc4CPPDqHFQwOHQaL6t0KaQN+38x+S1DaNAt2 X-Gm-Gg: ASbGncv/lVDq8le1YnXnOsSXoGCGTRQbR6lH18HXe1H/JaFKEbOZGAV6d7EH6BFfsaI O6KsZh70FsE+8ZfoTQb4m8nAkUq/2Rsx5GMO38hnOhAvQzE2kT4rxKbo/uEXoO+h3AIljhAt1hk r28sTQIGaa/Azx+0rLPHqdrm2lZ2dnOzT2QXMKQjHcYLRyuzyRQtrQqZVw5BGDgBuWeFpHi4zQ8 2NZ8RP/QfZmDb22wEZJJNunisCUE5vmNn31uvlUUnf0nv37EQt+Zyl4zr/4CyCmKkZQeFB63DXl z3Lfjyo0+/HiTQkalQiG9zFugChgWajWc6rR55UMY+Y+ffzmsQwoYVE1kCRrb5kSW8Yi/0/ovw= = X-Google-Smtp-Source: AGHT+IHcdg7P37o5nMvJ75yJzAoKxUItlEfQvHhKvQ23cSiQG4/81rp2XgnxG7pSjApH8tUEJOEr7g== X-Received: by 2002:a05:6402:35c7:b0:5d2:728f:d5f8 with SMTP id 4fb4d7f45d1cf-5d81de16998mr67591761a12.27.1736240771891; Tue, 07 Jan 2025 01:06:11 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5d80676f3f9sm24005333a12.23.2025.01.07.01.06.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Jan 2025 01:06:11 -0800 (PST) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Andrew Lunn , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , David Ahern , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH v4 net-next 07/13] netfilter: nf_flow_table_inet: Add nf_flowtable_type flowtable_bridge Date: Tue, 7 Jan 2025 10:05:24 +0100 Message-ID: <20250107090530.5035-8-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250107090530.5035-1-ericwouds@gmail.com> References: <20250107090530.5035-1-ericwouds@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250107_010614_027085_FB42868C X-CRM114-Status: GOOD ( 12.30 ) X-BeenThere: linux-mediatek@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Linux-mediatek" Errors-To: linux-mediatek-bounces+linux-mediatek=archiver.kernel.org@lists.infradead.org This will allow a flowtable to be added to the nft bridge family. Signed-off-by: Eric Woudstra --- net/netfilter/nf_flow_table_inet.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/net/netfilter/nf_flow_table_inet.c b/net/netfilter/nf_flow_table_inet.c index b0f199171932..80b238196f29 100644 --- a/net/netfilter/nf_flow_table_inet.c +++ b/net/netfilter/nf_flow_table_inet.c @@ -65,6 +65,16 @@ static int nf_flow_rule_route_inet(struct net *net, return err; } +static struct nf_flowtable_type flowtable_bridge = { + .family = NFPROTO_BRIDGE, + .init = nf_flow_table_init, + .setup = nf_flow_table_offload_setup, + .action = nf_flow_rule_bridge, + .free = nf_flow_table_free, + .hook = nf_flow_offload_inet_hook, + .owner = THIS_MODULE, +}; + static struct nf_flowtable_type flowtable_inet = { .family = NFPROTO_INET, .init = nf_flow_table_init, @@ -97,6 +107,7 @@ static struct nf_flowtable_type flowtable_ipv6 = { static int __init nf_flow_inet_module_init(void) { + nft_register_flowtable_type(&flowtable_bridge); nft_register_flowtable_type(&flowtable_ipv4); nft_register_flowtable_type(&flowtable_ipv6); nft_register_flowtable_type(&flowtable_inet); @@ -109,6 +120,7 @@ static void __exit nf_flow_inet_module_exit(void) nft_unregister_flowtable_type(&flowtable_inet); nft_unregister_flowtable_type(&flowtable_ipv6); nft_unregister_flowtable_type(&flowtable_ipv4); + nft_unregister_flowtable_type(&flowtable_bridge); } module_init(nf_flow_inet_module_init); @@ -118,5 +130,6 @@ MODULE_LICENSE("GPL"); MODULE_AUTHOR("Pablo Neira Ayuso "); MODULE_ALIAS_NF_FLOWTABLE(AF_INET); MODULE_ALIAS_NF_FLOWTABLE(AF_INET6); +MODULE_ALIAS_NF_FLOWTABLE(AF_BRIDGE); MODULE_ALIAS_NF_FLOWTABLE(1); /* NFPROTO_INET */ MODULE_DESCRIPTION("Netfilter flow table mixed IPv4/IPv6 module"); From patchwork Tue Jan 7 09:05:25 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13928524 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id A96F1E77198 for ; Tue, 7 Jan 2025 09:16:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=dC3jhTj5HQrnKJfxc0SY/ZIZuFArZD9eLZZ+JbLbIJI=; b=BRITDJqHFPD4uHet2hFlsges07 U0VayBvfldZzWy748hV9/uoGG7uwxLl9r/AU4YEFX7A0m455nQCU8By8dqop+hPFYSU9pbvPRymDE K8xfvtYh3I1ghxRiWbM+7+W1JeQNPneAiTli22nepBRAoasS4aXjJkJdQPr/Bae+Je+/Ks2FeYyFZ Ej6aO5xBbRIbvf2SNxtZzjxr+kujD5OW1XB4Dkz57vlybqT+iR2BjbbJJ2o+HI9NkDJ5JGK8STpWd JdHBUPooIEkXeY/Pqm+eCSIJO9IeImRMqgnmxwqvdBaRpMhgdXTC/gBSlmQW+e9tGHc1qJWOKppPb Lmc5yO7A==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1tV5hp-0000000456u-3VPe; Tue, 07 Jan 2025 09:16:57 +0000 Received: from mail-ed1-x532.google.com ([2a00:1450:4864:20::532]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1tV5XS-000000042a6-37jS; Tue, 07 Jan 2025 09:06:15 +0000 Received: by mail-ed1-x532.google.com with SMTP id 4fb4d7f45d1cf-5d3e829ff44so30453430a12.0; Tue, 07 Jan 2025 01:06:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1736240773; x=1736845573; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=dC3jhTj5HQrnKJfxc0SY/ZIZuFArZD9eLZZ+JbLbIJI=; b=m8ytBSBil77Ch/tY2p3SO13HJtdC5XpELsL5pIh6Bc+TCyNAQRX8+8kBJsJVn583zs Zs4mBB3iZX8OqtClzTdavQ8GDzPWfjXrsyDCQNHo++rnXkMnFtbteYEoFRd3okmq+AKE SJAIkGenQXlguQkl3Jg40X5XXQb8eG/MMiWYl7kIlgOUbx9T/6XrSxuAT1paKU6gtzll GnjPDuG8tG1sxsoC6DyZNWuPDLrOFaZptEIn0rgRZD9uQcyTmgIVK6kuk73diMGQ6Aqj p/oG1C8YLsh0MJO3PWj0AD9sxI1t/Sy11hQpjRO7mXD4abMVCSWuC48N64SvGWCa3edC 2/Hg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736240773; x=1736845573; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=dC3jhTj5HQrnKJfxc0SY/ZIZuFArZD9eLZZ+JbLbIJI=; b=piWT57CC5QSw3fAUC8sVujma/ot3BY8xd3AlbHDjuWX1CxjtuBQVu8sB9x/B6IYrGF i6M/jeVdef+CPdMB6PjXr2DqZXFnwoNbmLdxOb5O91twGlLKsUEXwT8Zd530OUweSDwy BMFDRIefZ8IKK0UHJSkZV4tEuFUTuWIB4nPelfEbPMpDo/AhrcFdf8e7z2YNbWJ0/e4D jafUdmc7Vrc6B7qQE22garbjx3B2QruKxxprGD85ZAk1yeG4syOcdnfDuVwHi2F/p3IR kltjHI0o2PhDhbIkhdgbBdxrZBsPGfU9sHVN8/cQaGfHgTb8R21u6yZka/ayK254Wqqc +C+Q== X-Forwarded-Encrypted: i=1; AJvYcCUIX/Nif1YNMy0qcLbQbfjMtATtDQyrIfVPtNMJh/i35penbBfPrOOJePTtULR9PVbww+7+pwO8/SBD7ljEQVI=@lists.infradead.org, AJvYcCVdWgpK1Ss2hKJVdHDnRE2Iztpd426WjRFG0lVtVHBpKg/sLn8aVZoGFZCsv0FoRTsKYeUAIIM0I9IuVUp/xGvT@lists.infradead.org X-Gm-Message-State: AOJu0Yw5o49KAsKnKLWpedlNQioH4oOuP5JpjngKtHC8s4Dck63mTIU4 TyaKNDX6atwWS/Ac78UX6xp8GHgcPokiwHh5bcP6YEQQv1xJyiuY X-Gm-Gg: ASbGncsZH6P+1C7nDgYRm3sxSckhFCjoJINLzT0aOohiBxJUSkNwoqzMXDGJxspFmPw oW8BoWR3NdsFyEj3e39AFFW5bmdcae+kgIlIt3uwFOqboOeozs+X4ezsz1Laosmz7JIPI94sM33 75Eb9Abo3edU/6fGA3KZ5/3lQuCs4X/2egX7dmKtmYvleIXeOwUEoRrqdDjMVS1OH/sf2JwxQS8 EuHIhRiMeZ5MVWDUTe5amX7YzQ3NBEGGiwqBGbFGG0GrPnUu2ruVBjfcednVIhRG316+SpUPY+t gysGGf1vlBTmCSfG3NpZba8+0F3aqr3T5bLINlmc3V+pac6VnFbXw9W+vyWB5r/AWt9koMS06g= = X-Google-Smtp-Source: AGHT+IGPm33fBqlSag/h/JxGM9QbnBBO/F6XspmD/3+zFhonYQ/Vf8Fd540DJY6vH70es8P0d2HC8A== X-Received: by 2002:a05:6402:1f4f:b0:5d8:8292:5674 with SMTP id 4fb4d7f45d1cf-5d95e8d541dmr2197749a12.7.1736240773221; Tue, 07 Jan 2025 01:06:13 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5d80676f3f9sm24005333a12.23.2025.01.07.01.06.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Jan 2025 01:06:12 -0800 (PST) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Andrew Lunn , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , David Ahern , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH v4 net-next 08/13] netfilter: nft_flow_offload: Add NFPROTO_BRIDGE to validate Date: Tue, 7 Jan 2025 10:05:25 +0100 Message-ID: <20250107090530.5035-9-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250107090530.5035-1-ericwouds@gmail.com> References: <20250107090530.5035-1-ericwouds@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250107_010614_787273_8985D16E X-CRM114-Status: GOOD ( 11.65 ) X-BeenThere: linux-mediatek@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Linux-mediatek" Errors-To: linux-mediatek-bounces+linux-mediatek=archiver.kernel.org@lists.infradead.org Need to add NFPROTO_BRIDGE to nft_flow_offload_validate() to support the bridge-fastpath. Signed-off-by: Eric Woudstra --- net/netfilter/nft_flow_offload.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index cdf1771906b8..cce4c5980ed5 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -421,7 +421,8 @@ static int nft_flow_offload_validate(const struct nft_ctx *ctx, if (ctx->family != NFPROTO_IPV4 && ctx->family != NFPROTO_IPV6 && - ctx->family != NFPROTO_INET) + ctx->family != NFPROTO_INET && + ctx->family != NFPROTO_BRIDGE) return -EOPNOTSUPP; return nft_chain_validate_hooks(ctx->chain, hook_mask); From patchwork Tue Jan 7 09:05:26 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13928525 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 8E692E77197 for ; Tue, 7 Jan 2025 09:18:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=XtgyJTf0nGEQy8dIgfNuKn9dKl89pMTFI5gYmniF26o=; b=IQ4492G6EoiZnvVng9ub/YOzQS zXT+g6qDqRrJVUif2yz18ZVXJsgguu703jFWZUtjSWX3fV3Ha9AdSfB1cZWNUGSVB2fbBrxHSZIeR WLmOBhH2pQpfGQw3aDCxJMVD572TgF60uF9Eri4aYmA3QLsaCPgmM1y9IJOnVjzG+IzcLG8nza9X+ BcF2pI9F9q4LNvG98fQ4+dodiwlBAHk7eqYZLVtjTzjYFZuTYPI5cSFhzc77klgT8ndwIxRr/QWN6 vC6etme9cFtlMp8wz2MueI43Z8wxCU0nid87nOfGryrHxt4aY6BC5TQD3C09g667prrZuWPYyjKdf /0/8Yl8w==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1tV5iz-000000045JC-3C6C; Tue, 07 Jan 2025 09:18:09 +0000 Received: from mail-ed1-x52c.google.com ([2a00:1450:4864:20::52c]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1tV5XU-000000042b3-06xT; Tue, 07 Jan 2025 09:06:17 +0000 Received: by mail-ed1-x52c.google.com with SMTP id 4fb4d7f45d1cf-5d3d2a30afcso28327393a12.3; Tue, 07 Jan 2025 01:06:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1736240775; x=1736845575; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=XtgyJTf0nGEQy8dIgfNuKn9dKl89pMTFI5gYmniF26o=; b=PP9GzGa1TNZIHLOHgdPlLrUYE73wNx7578Jm3utribv2D7lhCqLzx2Ymk4+/tVkFGJ /yMX9P4QLjFAtIAJpmqZ7jVQrvayB0waY+OT4cvGQ0dYQkIozKq0MpdxODWhXTlyEoug 2gVbi9xhozQbQfA+nxmVz5LqPFtsaftDnB8jv6Rgq4zG0+lyZNlKnaOapeBPMCaPt3W3 cbM96Cran8Zn/eqXRAACW2fU0SmxsqcLRspZQdKslSoBDsghptr0y4zkOL82pGoebE5h QDy56IBkfrD730Z4iehHMi4gs87Cp+RQlLdk950mrw1nslTeWNrvxCcT6rkLHiqwxU3m 5Wfg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736240775; x=1736845575; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=XtgyJTf0nGEQy8dIgfNuKn9dKl89pMTFI5gYmniF26o=; b=VUXYZh/vIttxfLOeMK69MglCCtwk8N/8RomJgPg8SGKYF5gUQZ5GliXmoZ/2aZvPre 0cdfe72GFR8W3uLjOrbKA90LgU2dtKKeVxGyffOKVN95UhiSlO/+7BO5mgZMhIc/DRc8 1yLH2YkMpygjTC2eQV0saX7DM4WaSJabqT96Jt4v5UQZ9jyp0WIDK7DV/l3hXzr3lkHn 9coomntwZAXe7dc2/KOof+hd7qIA1czMOsh3V2VI2j1PphyCamW4lNh5kuRbVSZJORxQ uwUopU373fZikdvpgs3brXtrFlvUDPH0SJdwTOeS4vJ0B3qLWSINJIwn6WAKp/SSPraJ XH8Q== X-Forwarded-Encrypted: i=1; AJvYcCU3SBJQFdPwwWH3zF6qNiTfx+onskbGeEZ/oA47FTIVyxbPiYaCpVu2+eqVDDBbw+AyvsynkoSnE6AowtAN/Vg=@lists.infradead.org, AJvYcCV49jrMsHBNmvW2SVKetmgm3XzSF3D2DULKVxNrJJc7hjuIjiRfJu4Msa1LhCZh0I6fmlGQ0cBJTqrKFkPUhuXp@lists.infradead.org X-Gm-Message-State: AOJu0YxX3bI4dxJfO0l7upIyMGj0X4bcQR0aANyUaZf21A4KwLUKZCzD gjh2nMWJNtNVt5Ta4Sd5DllsDSTuc8nPs0EF6by+gPVvXblcL78e2Z+cdXKp X-Gm-Gg: ASbGnctIynj+gAu/CjKYo3VJ6QrYjvIF0ZYfvTF74ymWVvqPqvUT7zQEC6J6PwlRIEo VIzee7YMJ3jLIcrBbZtVSMJIzL9QTzLk7W80yCt663Qpu5QOEWffcC7lRj+gZO2zxYCGtgaLovp ceaS76OZzQUgbe9oUkENdXcKlEHHXXr2wc5x+Gq9ipIEIwQGtPwOC8/owyzwiN2bydcb7ZpUY02 aFsU7vfMaohNg7FGOYtaY1qSLfoCbFeewSWjbALTFZMMocWozC2SFVsxBBJG2/lhdo9bCyZXnZL yiHO3fk8TRYNj+SNAP9gyExzFR4NFzWktyoEDI0iXiLxpEPmkHOf65I22CUFwqQZ7OmcfnPrlQ= = X-Google-Smtp-Source: AGHT+IHPxz9+uiCIXoSR9CoE/bJwFf3R4legPNbuUxKWFljvSeICAglSfIzYagTrY05Gf+jTQUtRFg== X-Received: by 2002:a50:cb8c:0:b0:5d9:a61:e7c9 with SMTP id 4fb4d7f45d1cf-5d90a61e843mr14049402a12.20.1736240774460; Tue, 07 Jan 2025 01:06:14 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5d80676f3f9sm24005333a12.23.2025.01.07.01.06.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Jan 2025 01:06:14 -0800 (PST) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Andrew Lunn , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , David Ahern , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH v4 net-next 09/13] netfilter: nft_flow_offload: Add DEV_PATH_MTK_WDMA to nft_dev_path_info() Date: Tue, 7 Jan 2025 10:05:26 +0100 Message-ID: <20250107090530.5035-10-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250107090530.5035-1-ericwouds@gmail.com> References: <20250107090530.5035-1-ericwouds@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250107_010616_065307_A78D1A21 X-CRM114-Status: GOOD ( 12.93 ) X-BeenThere: linux-mediatek@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Linux-mediatek" Errors-To: linux-mediatek-bounces+linux-mediatek=archiver.kernel.org@lists.infradead.org In case of using mediatek wireless, in nft_dev_fill_forward_path(), the forward path is filled, ending with mediatek wlan1. Because DEV_PATH_MTK_WDMA is unknown inside nft_dev_path_info() it returns with info.indev = NULL. Then nft_dev_forward_path() returns without setting the direct transmit parameters. This results in a neighbor transmit, and direct transmit not possible. But we want to use it for flow between bridged interfaces. So this patch adds DEV_PATH_MTK_WDMA to nft_dev_path_info() and makes direct transmission possible. Signed-off-by: Eric Woudstra --- net/netfilter/nft_flow_offload.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index cce4c5980ed5..f7c2692ff3f2 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -106,6 +106,7 @@ static void nft_dev_path_info(const struct net_device_path_stack *stack, switch (path->type) { case DEV_PATH_ETHERNET: case DEV_PATH_DSA: + case DEV_PATH_MTK_WDMA: case DEV_PATH_VLAN: case DEV_PATH_PPPOE: info->indev = path->dev; @@ -118,6 +119,10 @@ static void nft_dev_path_info(const struct net_device_path_stack *stack, i = stack->num_paths; break; } + if (path->type == DEV_PATH_MTK_WDMA) { + i = stack->num_paths; + break; + } /* DEV_PATH_VLAN and DEV_PATH_PPPOE */ if (info->num_encaps >= NF_FLOW_TABLE_ENCAP_MAX) { From patchwork Tue Jan 7 09:05:27 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13928534 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 91837E77197 for ; Tue, 7 Jan 2025 09:19:23 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=BztZ0cfqRt9dxay4EdRKv7PmLiYD1WDU1Ehk6gLPnTE=; b=zBEN9rcWsSZuPHKS1eol8urqv3 7Z9M/OZWMMcrSVA3+c/0mtLetaMIngGvIYnPxzzwYXz3ws7SsWvBwNIjOQVnC72+iFfCm5YZWzMxU /K7MtJwKw2WJJxfRA7yiveisBc5skHcz844gAITftLzUjax9eUj9MSfqFTtYg7+hVNUfbeFRsYjCW wp0IMpXjqijGbsxWP+8Zn++dveAafGlIOqF6MONxFUd5CjQdhEMzzbUVONKprd2pgxDSWMcn7HqfY f48UrlWaPu9gMdRpJnvOOLCE24mLYpYACeIj59fOZr6JTsqQ3d8esGru58T7UI5P8gZ762QpZaIMv RQ2A+Z4g==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1tV5kA-000000045Xz-2qRZ; Tue, 07 Jan 2025 09:19:22 +0000 Received: from mail-ed1-x529.google.com ([2a00:1450:4864:20::529]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1tV5XW-000000042cT-0nun; Tue, 07 Jan 2025 09:06:19 +0000 Received: by mail-ed1-x529.google.com with SMTP id 4fb4d7f45d1cf-5d88c355e0dso8454659a12.0; Tue, 07 Jan 2025 01:06:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1736240777; x=1736845577; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=BztZ0cfqRt9dxay4EdRKv7PmLiYD1WDU1Ehk6gLPnTE=; b=Smn5jBAYIHm1mKfbi7RO7JeMlXoComv1GjsEYwYOGZNmf84MmHvAJPj3zMtOUptuuA X+/verSiNKjlNvHSJHDNUvhFClK6WBKH/7mfpCTuYzMqk70UlPk9V3VljMC6z8NYSBJU UwD1bs6T7qAZLwtdvx2/QrEKbsCbevFK4p6DoFw+nmT117zyt43XBy8mQqZpB6Wc1ZQW Lcs3aT2Y7cViwjWdecsALp6myXo2Y65abFioXm9sshaOfJTTZZpv9LHPp2r6j9cGAwjf dQQYX4Wf9kd1QzVmv1v00gpOmeCHZgYJzsEVnhf/P38bQBo6h6RFX8BmPNgBCPEiAXns YUDg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736240777; x=1736845577; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=BztZ0cfqRt9dxay4EdRKv7PmLiYD1WDU1Ehk6gLPnTE=; b=qD8MfzopGP7+8hdqDgeBvn7X2xPB2lIbHxPUf/DeE5B+KlvX93lycSxKE/7vbdC6MH C7uuaWE3/pjELXJc6BPA+W+Wj3HVhXNqmj1zHrsjpCNML1qCR4vdkvxzGVWZ+5dbuDCy bKOi1qt9S+Io8LT8FiEYTHprJaeMSIDu3sE9XuV5sZWox5Mnt7i5fLAy2SBartX8xMN1 +a9gv4yOnHwqcKWghdc3wz/BwGgaja8m5ph8O2c4aaXk6w1cL9qgo32SgXhdSK3h5oa5 XSwwaUjk3p80zK1JydvJQuNwzknY0Syd5Nmdz9s5nHmcD1qagryTt+9Ji2FqCnHKDzID GCHA== X-Forwarded-Encrypted: i=1; AJvYcCVZ2bl+sJ6f66VgdXjR39qpAw2ZFSQed4KdWO/YD8tV4AY5RKFE2SWZ/BEDmGgVx7eLb1YvNZVCEURPejlaIr0=@lists.infradead.org, AJvYcCVeo39KrsMfTAEXteJ7U4ziUx6ZdqRNxgos2dIkJXP0ZOl4CM7SNSk0dpEGnANGcsECruNIZnyhTmeIxxeduLh7@lists.infradead.org X-Gm-Message-State: AOJu0YzDLH8vgQ553Z8EeWrWldiTlzpB4JB/U1kHiNRCVy3SH+n0Bwzw UZvUR4scXf2IUoaviK44/0VNwo8BjjgzwfhwxHY2fOI6Bwi5vnUY X-Gm-Gg: ASbGncu/g5qahEYmLcCUt4NG4cPve5ux8AJcPihmnF+QYf5+wLm20TszsDK+TbrC67V GJFP8uHH+tCqQhC5tkzC6B1+MSfUTW4guvcv/GFFB1e4SOtizmljylbWEAAr05i3uoIE53g7bp3 /7BEzsLi4YFrBHTp/f59eqoRZWnt8hDCIvxPrq67FjJMhQkk2Ns98m977RCAdiKPU9FbFXedaxn a66SSd/9YKXgiiQvPWFvU7vEVVktG5hsd7b7swsB84NLztESHdiRuDDmS6eaINnbFX777Pnvsx5 VnxXPhaC3cOW7NWzWYWMor0VmyTSKZib3vS/EjihPssJDfxr9pGpBVDR1547UiKg/OSM6el91A= = X-Google-Smtp-Source: AGHT+IEMDL6I9+h+aUrnAuxFNluD15rn5fjLxiMza8iUCfO2DRYtl2bUPleLH8zIiEcHnLjnMReziQ== X-Received: by 2002:a05:6402:5253:b0:5d0:aa2d:6eee with SMTP id 4fb4d7f45d1cf-5d81ddf7fb6mr57943041a12.26.1736240776693; Tue, 07 Jan 2025 01:06:16 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5d80676f3f9sm24005333a12.23.2025.01.07.01.06.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Jan 2025 01:06:16 -0800 (PST) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Andrew Lunn , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , David Ahern , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH v4 net-next 10/13] netfilter: nft_flow_offload: No ingress_vlan forward info for dsa user port Date: Tue, 7 Jan 2025 10:05:27 +0100 Message-ID: <20250107090530.5035-11-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250107090530.5035-1-ericwouds@gmail.com> References: <20250107090530.5035-1-ericwouds@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250107_010618_230684_20141019 X-CRM114-Status: GOOD ( 11.25 ) X-BeenThere: linux-mediatek@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Linux-mediatek" Errors-To: linux-mediatek-bounces+linux-mediatek=archiver.kernel.org@lists.infradead.org The bitfield info->ingress_vlans and correcponding vlan encap are used for a switchdev user port. However, they should not be set for a dsa user port. Signed-off-by: Eric Woudstra --- net/netfilter/nft_flow_offload.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index f7c2692ff3f2..387e5574c31f 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -117,6 +117,11 @@ static void nft_dev_path_info(const struct net_device_path_stack *stack, break; if (path->type == DEV_PATH_DSA) { i = stack->num_paths; + if (!info->num_encaps || + !(info->ingress_vlans & BIT(info->num_encaps - 1))) + break; + info->num_encaps--; + info->ingress_vlans &= ~BIT(info->num_encaps - 1); break; } if (path->type == DEV_PATH_MTK_WDMA) { From patchwork Tue Jan 7 09:05:28 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13928535 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 8786CE77197 for ; Tue, 7 Jan 2025 09:20:44 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=c9/TvKRPWpgFkI5Z6u1yRjdyakFY+K8HugvLg1dhslU=; b=ZWfXgqyxua2Ag0il6QFN6ylScB oboPJNqgzoWz6PBg6LkDMnup+y86zMEFIdZQG9U7zCUCZUuJdy/3MqBvTV1rTNTHfRF+QDxO8H0Vt Q7ev4EpKP8Auzvb1UkSEa6SYMxhVQPVoI8q6o5TU7u5hRVeJ8jznphwB2SR1e1fM07Poy4Ec9b0an ZdMV9wnS7WIPvpM/401FGVsBx0JIkGvLrZ0Fqo+SIufINv1DHz0YKf9nBaScKqXT3jAazyIKKhg1L 9D9fD0KjsuswAMX8wCKL1HmthX8SmPg370r+jApNMxkbk2422QhSb6lKU5X+QLpDtTcOViWAEBFs1 d4RsLsUw==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1tV5lT-000000045mE-2h82; Tue, 07 Jan 2025 09:20:43 +0000 Received: from mail-ej1-x636.google.com ([2a00:1450:4864:20::636]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1tV5XY-000000042dg-0c2p; Tue, 07 Jan 2025 09:06:21 +0000 Received: by mail-ej1-x636.google.com with SMTP id a640c23a62f3a-aa67333f7d2so2236048566b.0; Tue, 07 Jan 2025 01:06:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1736240778; x=1736845578; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=c9/TvKRPWpgFkI5Z6u1yRjdyakFY+K8HugvLg1dhslU=; b=nKcUDwY6Q2L6W5/ZJEeV7JU8JZQnTBUaUNKchki8Q9fpIfE8ZxsSUhJaDjzZ7HWJnV QLu81JgIEW+QSYY7wvai054088wgDs9C7/aBbwWCSkWPmw7V/fdxi496QWuZSRN0g8sh 6WLZXDAUiU12r6Ia5qNhbyB65vpx/DOKM0CIz6ciopGP84ocbgGbAm+IbqyibrBLLBE6 Ea3GMXlOmtuKWDTp4ixdvOWvtaLM8Lk3JHOZOI8Na7dMF1wUP8zUmnkdwyTNvhG4X97P axO4IxYK/DlV58BwBr1nnCqoCVDYLwQQ9EY44NrX2PmSSs+PaGf0hScqflx7mSI+jYa0 Eh2w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736240778; x=1736845578; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=c9/TvKRPWpgFkI5Z6u1yRjdyakFY+K8HugvLg1dhslU=; b=TmWDEbK6s1iYpRLjTjHOGIEbBKBWzq/z2Z7VAS/pH9w6ltqxrpgWPqVG2rx1QRX+fL SjhWC4Jcj7DSBqndXwl2iYMtDVCbLhlnfY8jhWSSB9BAFkitIoOf1Wti6tMOUFv9A7q8 dDb7ixgpeOm0RWv0GAW2fwto24jxXHg2HeVpOsPiUbh09TAYJ18k/k8gFynVB9W6CocM xmTUcceMehLT6CeA5lthEyFoTs/v7ms2SCAcq1ULdDkohJw/d00DqZ08JnrxQc2opfqv l2JO4Gtxmx5YpwQ5/z+96uy3AYg93bcPaKBnFF0f0O5+GBoNI5Ip6cYr0vMLfxX4Fo5+ 9QfQ== X-Forwarded-Encrypted: i=1; AJvYcCULfbj1Bgav6X+iBdVFP2Nm/DYa5Mei+kh0qP2MPzpK9UKyWl3mDQYHcnHeZ6G82MA3JtCT22FJIpJNChwFqg0=@lists.infradead.org, AJvYcCWz0qELniuwBBSjXpQjKpWQlZQyPvK7LA3w+GJQlFDbaMBmtpmRmhs++2ryPU1MMnRihhATJ+7pIBxpyy1/XQiG@lists.infradead.org X-Gm-Message-State: AOJu0YzhFFNBn3LJd+ogAKM1O7N24nSPRtxIBSmeIqz2bTriJ1CRNxgQ qNBo/XUoiBOnm0Y+7g2hNCYU8aaFM3xdLByL2Vh4g9+lP9YHmITS X-Gm-Gg: ASbGncsP6vyfdHoYyIufF2V+NG9PkB/YfweRRCrzmVDWNBQlK6TBf9QTbj7WM7Cp/wZ /JltxJEwKVRp9MQ1dYS9e21RahlHmWwg/119oeW6sGlPnB44yDGv5/DGk8sXHtkAJLP1NIXCn4q 1bHGfUXgYFNxuJwM1mgR4hYWLT5P+CiBwoHoD1phqgyYBVo6D5TN44bHMhxmxQ8/2r6luB9aywz XsOgmaCPm9erCQ2uz+KGcrZbarkrrVhsR2ehx3V7JP6EpS8RX1BrVFs1xxEw0CBrQ2tEaBF6hzY o1pCwK9RWBtXYAKZH4EUj1q79J0MpKGyuof74KC05lSp9kr2g6az/BgiNC8asnetdw0k6dfvCA= = X-Google-Smtp-Source: AGHT+IHdVy6Qh1qZGtVgd8n+OJxf5iK/E+S3j6UfqiQPaQRG6QNZMxXigkGNUkGK3KdZcEdkCWqhIg== X-Received: by 2002:a17:907:9304:b0:aaf:c27e:12e9 with SMTP id a640c23a62f3a-aafc27e141emr1105602266b.14.1736240777946; Tue, 07 Jan 2025 01:06:17 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5d80676f3f9sm24005333a12.23.2025.01.07.01.06.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Jan 2025 01:06:17 -0800 (PST) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Andrew Lunn , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , David Ahern , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH v4 net-next 11/13] bridge: No DEV_PATH_BR_VLAN_UNTAG_HW for dsa foreign Date: Tue, 7 Jan 2025 10:05:28 +0100 Message-ID: <20250107090530.5035-12-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250107090530.5035-1-ericwouds@gmail.com> References: <20250107090530.5035-1-ericwouds@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250107_010620_196594_2168050A X-CRM114-Status: GOOD ( 21.84 ) X-BeenThere: linux-mediatek@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Linux-mediatek" Errors-To: linux-mediatek-bounces+linux-mediatek=archiver.kernel.org@lists.infradead.org In network setup as below: fastpath bypass .----------------------------------------. / \ | IP - forwarding | | / \ v | / wan ... | / | | | | | brlan.1 | | | +-------------------------------+ | | vlan 1 | | | | | | brlan (vlan-filtering) | | | +---------------+ | | | DSA-SWITCH | | | vlan 1 | | | | to | | | | untagged 1 vlan 1 | | +---------------+---------------+ . / \ ----->wlan1 lan0 . . . ^ ^ vlan 1 tagged packets untagged packets br_vlan_fill_forward_path_mode() sets DEV_PATH_BR_VLAN_UNTAG_HW when filling in from brlan.1 towards wlan1. But it should be set to DEV_PATH_BR_VLAN_UNTAG in this case. Using BR_VLFLAG_ADDED_BY_SWITCHDEV is not correct. The dsa switchdev adds it as a foreign port. The same problem for all foreignly added dsa vlans on the bridge. First add the vlan, trying only native devices. If this fails, we know this may be a vlan from a foreign device. Use BR_VLFLAG_TAGGING_BY_SWITCHDEV to make sure DEV_PATH_BR_VLAN_UNTAG_HW is set only when there if no foreign device involved. Signed-off-by: Eric Woudstra --- include/net/switchdev.h | 1 + net/bridge/br_private.h | 10 ++++++++++ net/bridge/br_switchdev.c | 15 +++++++++++++++ net/bridge/br_vlan.c | 7 ++++++- net/switchdev/switchdev.c | 2 +- 5 files changed, 33 insertions(+), 2 deletions(-) diff --git a/include/net/switchdev.h b/include/net/switchdev.h index 8346b0d29542..ee500706496b 100644 --- a/include/net/switchdev.h +++ b/include/net/switchdev.h @@ -15,6 +15,7 @@ #define SWITCHDEV_F_NO_RECURSE BIT(0) #define SWITCHDEV_F_SKIP_EOPNOTSUPP BIT(1) #define SWITCHDEV_F_DEFER BIT(2) +#define SWITCHDEV_F_NO_FOREIGN BIT(3) enum switchdev_attr_id { SWITCHDEV_ATTR_ID_UNDEFINED, diff --git a/net/bridge/br_private.h b/net/bridge/br_private.h index 94603c64fb63..f60a7bb7af26 100644 --- a/net/bridge/br_private.h +++ b/net/bridge/br_private.h @@ -180,6 +180,7 @@ enum { BR_VLFLAG_MCAST_ENABLED = BIT(2), BR_VLFLAG_GLOBAL_MCAST_ENABLED = BIT(3), BR_VLFLAG_NEIGH_SUPPRESS_ENABLED = BIT(4), + BR_VLFLAG_TAGGING_BY_SWITCHDEV = BIT(5), }; /** @@ -2184,6 +2185,8 @@ void br_switchdev_mdb_notify(struct net_device *dev, int type); int br_switchdev_port_vlan_add(struct net_device *dev, u16 vid, u16 flags, bool changed, struct netlink_ext_ack *extack); +int br_switchdev_port_vlan_no_foreign_add(struct net_device *dev, u16 vid, u16 flags, + bool changed, struct netlink_ext_ack *extack); int br_switchdev_port_vlan_del(struct net_device *dev, u16 vid); void br_switchdev_init(struct net_bridge *br); @@ -2267,6 +2270,13 @@ static inline int br_switchdev_port_vlan_add(struct net_device *dev, u16 vid, return -EOPNOTSUPP; } +static inline int br_switchdev_port_vlan_no_foreign_add(struct net_device *dev, u16 vid, + u16 flags, bool changed, + struct netlink_ext_ack *extack) +{ + return -EOPNOTSUPP; +} + static inline int br_switchdev_port_vlan_del(struct net_device *dev, u16 vid) { return -EOPNOTSUPP; diff --git a/net/bridge/br_switchdev.c b/net/bridge/br_switchdev.c index 7b41ee8740cb..efa7a055b8f9 100644 --- a/net/bridge/br_switchdev.c +++ b/net/bridge/br_switchdev.c @@ -187,6 +187,21 @@ int br_switchdev_port_vlan_add(struct net_device *dev, u16 vid, u16 flags, return switchdev_port_obj_add(dev, &v.obj, extack); } +int br_switchdev_port_vlan_no_foreign_add(struct net_device *dev, u16 vid, u16 flags, + bool changed, struct netlink_ext_ack *extack) +{ + struct switchdev_obj_port_vlan v = { + .obj.orig_dev = dev, + .obj.id = SWITCHDEV_OBJ_ID_PORT_VLAN, + .obj.flags = SWITCHDEV_F_NO_FOREIGN, + .flags = flags, + .vid = vid, + .changed = changed, + }; + + return switchdev_port_obj_add(dev, &v.obj, extack); +} + int br_switchdev_port_vlan_del(struct net_device *dev, u16 vid) { struct switchdev_obj_port_vlan v = { diff --git a/net/bridge/br_vlan.c b/net/bridge/br_vlan.c index 07dae3655c26..3e50adaf8e1b 100644 --- a/net/bridge/br_vlan.c +++ b/net/bridge/br_vlan.c @@ -109,6 +109,11 @@ static int __vlan_vid_add(struct net_device *dev, struct net_bridge *br, /* Try switchdev op first. In case it is not supported, fallback to * 8021q add. */ + err = br_switchdev_port_vlan_no_foreign_add(dev, v->vid, flags, false, extack); + if (err != -EOPNOTSUPP) { + v->priv_flags |= BR_VLFLAG_ADDED_BY_SWITCHDEV | BR_VLFLAG_TAGGING_BY_SWITCHDEV; + return err; + } err = br_switchdev_port_vlan_add(dev, v->vid, flags, false, extack); if (err == -EOPNOTSUPP) return vlan_vid_add(dev, br->vlan_proto, v->vid); @@ -1491,7 +1496,7 @@ int br_vlan_fill_forward_path_mode(struct net_bridge *br, if (path->bridge.vlan_mode == DEV_PATH_BR_VLAN_TAG) path->bridge.vlan_mode = DEV_PATH_BR_VLAN_KEEP; - else if (v->priv_flags & BR_VLFLAG_ADDED_BY_SWITCHDEV) + else if (v->priv_flags & BR_VLFLAG_TAGGING_BY_SWITCHDEV) path->bridge.vlan_mode = DEV_PATH_BR_VLAN_UNTAG_HW; else path->bridge.vlan_mode = DEV_PATH_BR_VLAN_UNTAG; diff --git a/net/switchdev/switchdev.c b/net/switchdev/switchdev.c index 6488ead9e464..c48f66643e99 100644 --- a/net/switchdev/switchdev.c +++ b/net/switchdev/switchdev.c @@ -749,7 +749,7 @@ static int __switchdev_handle_port_obj_add(struct net_device *dev, /* Event is neither on a bridge nor a LAG. Check whether it is on an * interface that is in a bridge with us. */ - if (!foreign_dev_check_cb) + if (!foreign_dev_check_cb || port_obj_info->obj->flags & SWITCHDEV_F_NO_FOREIGN) return err; br = netdev_master_upper_dev_get(dev); From patchwork Tue Jan 7 09:05:29 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13928536 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id C25AEE77199 for ; Tue, 7 Jan 2025 09:21:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=ElntuwObyWWTXWyk0nhZUVrAyxwm6+3uBHbEuscDHA0=; b=TYOCTjRU9iKnG2y44Cw0CzTeAS EjL30Kzvj2qU6ugqIMJpCjVaf9+d0LGRpIIBihiNsjtZaZ4JdLKW94gFwVd3i2IbDoWFvgOKWE8sK 4CqO9/Sf6ZURRgkk7l373H5aWtDHuAG7vZRLUyHngo1OyXqVTHgMiWLUuJpR/hUnDzE8tblUD1RLC 7ZnufbU0lEYmpgHDJgzS5ysWtA+yJ+t11vCvHwERaygy6Ce++/91zENikcEQRGSjJXqS/ZPuKEq0i yxctSUrYWQDsKfv3xDd4q7qQei1ztHIb1ZGrdgg2IRyuM+Q0N86qo5ZqYvrEtT7c3Wo1rExXFPW1L JHtG3qUQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1tV5mf-00000004641-3rBO; Tue, 07 Jan 2025 09:21:57 +0000 Received: from mail-ed1-x52d.google.com ([2a00:1450:4864:20::52d]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1tV5XZ-000000042e4-0Rg4; Tue, 07 Jan 2025 09:06:22 +0000 Received: by mail-ed1-x52d.google.com with SMTP id 4fb4d7f45d1cf-5d3d479b1e6so21924418a12.2; Tue, 07 Jan 2025 01:06:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1736240779; x=1736845579; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=ElntuwObyWWTXWyk0nhZUVrAyxwm6+3uBHbEuscDHA0=; b=Nt1vlpsuovKcdYCve3xssPDRSS/dOTHdsoyAWhj6sgPgaRFIXGAjTaF7dZ8idTzT1i OenxAxSJnk1/ZAD2+B85JLcFl6dgrnzg1F0cyUxreJGf9JMrB15VwaDuJKtBUW7MQrNy KzLaLwusRtPKlHAmYe8/XAqazfoqCLQ0MdzC4QvxTkk5Ufeca20MLMyy7ztBNbjdRoA1 BkmP4Evkf9V/MOjy5omnq/qcrQwoo5l9KhHR4IP8/A0szA23+rQRVAt0rWvSA1HErFfO 5/gkIRYwFVbutun5lCtT9P0C22tuuGAzVU9708HCH2wodC8xIpX/vMpBiYBN72YOfzqj /DAg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736240779; x=1736845579; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ElntuwObyWWTXWyk0nhZUVrAyxwm6+3uBHbEuscDHA0=; b=rdJM1And5DxxyAmWICrd/UNiXnOzm1J+pgZI/KDTgwv+Gz8rDl2daWWvfcQ8ZTigcH zMJlbZ7z/H0azZY5c+1OIUWJwIMZdG1ZEYsLJo4KKzmAUPRTO05d72tvVZLAxp3XQvQQ nd9Yo0hfDOrbfGPQlZBv6/JG54cq44WZTdgqMb4RKK+OKc6JJLAKC2xQ6fr3FT3ZCAQP hW1IS3C/OTTAMw/EYiammSqQo6NXHWYIQ+ifIjE+OF4/Iyh9Pu5EtKFelcxdBE90P99f zfloMAqUGlqVmDWqePT/0263GK/EpJqzIKLX4d0CD1MUXMSu/hknXOGvkBT8vcyb8KNU JQtw== X-Forwarded-Encrypted: i=1; AJvYcCURXY1gH8TtUGn0ixpfYxr49fIkF37M6EcmvladuWvpw5L+/77lBKsxQzrSG2nBQgrn14+rj3jDrp+YICtXeLA=@lists.infradead.org, AJvYcCVyy57l2sPp9Tgz87UilyQZVCANo693s9rkCjDrDepwvOA4+Ni/80ETNILLCfwe3HO9EeLkyrf9V7z2hsR3WxDZ@lists.infradead.org X-Gm-Message-State: AOJu0YwVv3Mj6iTFotcPjODk98hWQvhBnTrBJ+3tS9IYKgdI5nnrXXgf sIqZ3fMMFM55Ww1nVE2lg3CjcWDzyRrXSbKXqJsD74ShNzmwZKYP X-Gm-Gg: ASbGncsXjjdOzkJcfSEnJwa5UBIdUymq5FRGUhPOdJguQv1YkwuR7en4QXOH+fOJiil WxJiepAfK2QD1MdEGd6ruxFhIHipGVIwdLKBX375XyKtXx934ZJ95rmza0n8TYDGhTx7SKu9J9E CW75e/GdqawFkbX0sGq4Ckk4uUzuaX7ekl2YzqO30fSCiR1RznKKtbc8khHK8DsRXOdoAmCHtWw +B/Oho3dud8ja5BwartTpQT3HWz4Ka4a0hMaB2e6s06Ye93SGzlbT6EZB9UmQuvsg5Pb9RCS6gD htoEJpSIrDX6MjXLjJ4sQkZ6uLx8zW8ozr7l84JbUShsfUvhZgD2SoBEpX/cNtUnV66NogdNfA= = X-Google-Smtp-Source: AGHT+IGt7vXeWi8jtx2prBY+YfADkXQQ34zgfUpIHrQ42iesCfqHcrSyvvrAit9+d72yO+NjyUOXkA== X-Received: by 2002:a05:6402:210f:b0:5d0:cfad:f71 with SMTP id 4fb4d7f45d1cf-5d81de1c921mr140645365a12.32.1736240779167; Tue, 07 Jan 2025 01:06:19 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5d80676f3f9sm24005333a12.23.2025.01.07.01.06.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Jan 2025 01:06:18 -0800 (PST) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Andrew Lunn , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , David Ahern , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH v4 net-next 12/13] bridge: Introduce DEV_PATH_BR_VLAN_KEEP_HW for bridge-fastpath Date: Tue, 7 Jan 2025 10:05:29 +0100 Message-ID: <20250107090530.5035-13-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250107090530.5035-1-ericwouds@gmail.com> References: <20250107090530.5035-1-ericwouds@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250107_010621_144514_3506D146 X-CRM114-Status: GOOD ( 15.55 ) X-BeenThere: linux-mediatek@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Linux-mediatek" Errors-To: linux-mediatek-bounces+linux-mediatek=archiver.kernel.org@lists.infradead.org This patch introduces DEV_PATH_BR_VLAN_KEEP_HW. It is needed in the bridge fastpath for switchdevs supporting SWITCHDEV_OBJ_ID_PORT_VLAN. It is similar to DEV_PATH_BR_VLAN_TAG, with the correcponding bit in ingress_vlans set. In the forward fastpath it is not needed. Signed-off-by: Eric Woudstra --- include/linux/netdevice.h | 1 + net/bridge/br_device.c | 4 ++++ net/bridge/br_vlan.c | 18 +++++++++++------- net/netfilter/nft_flow_offload.c | 3 +++ 4 files changed, 19 insertions(+), 7 deletions(-) diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h index 7d66a73b880c..cf754ebb19df 100644 --- a/include/linux/netdevice.h +++ b/include/linux/netdevice.h @@ -871,6 +871,7 @@ struct net_device_path { DEV_PATH_BR_VLAN_TAG, DEV_PATH_BR_VLAN_UNTAG, DEV_PATH_BR_VLAN_UNTAG_HW, + DEV_PATH_BR_VLAN_KEEP_HW, } vlan_mode; u16 vlan_id; __be16 vlan_proto; diff --git a/net/bridge/br_device.c b/net/bridge/br_device.c index c7646afc8b96..112fd8556217 100644 --- a/net/bridge/br_device.c +++ b/net/bridge/br_device.c @@ -430,6 +430,10 @@ static int br_fill_forward_path(struct net_device_path_ctx *ctx, case DEV_PATH_BR_VLAN_UNTAG: ctx->num_vlans--; break; + case DEV_PATH_BR_VLAN_KEEP_HW: + if (!src) + path->bridge.vlan_mode = DEV_PATH_BR_VLAN_KEEP; + break; case DEV_PATH_BR_VLAN_KEEP: break; } diff --git a/net/bridge/br_vlan.c b/net/bridge/br_vlan.c index 3e50adaf8e1b..8ac1a7a22b2e 100644 --- a/net/bridge/br_vlan.c +++ b/net/bridge/br_vlan.c @@ -1494,13 +1494,17 @@ int br_vlan_fill_forward_path_mode(struct net_bridge *br, if (!(v->flags & BRIDGE_VLAN_INFO_UNTAGGED)) return 0; - if (path->bridge.vlan_mode == DEV_PATH_BR_VLAN_TAG) - path->bridge.vlan_mode = DEV_PATH_BR_VLAN_KEEP; - else if (v->priv_flags & BR_VLFLAG_TAGGING_BY_SWITCHDEV) - path->bridge.vlan_mode = DEV_PATH_BR_VLAN_UNTAG_HW; - else - path->bridge.vlan_mode = DEV_PATH_BR_VLAN_UNTAG; - + if (path->bridge.vlan_mode == DEV_PATH_BR_VLAN_TAG) { + if (v->priv_flags & BR_VLFLAG_TAGGING_BY_SWITCHDEV) + path->bridge.vlan_mode = DEV_PATH_BR_VLAN_KEEP_HW; + else + path->bridge.vlan_mode = DEV_PATH_BR_VLAN_KEEP; + } else { + if (v->priv_flags & BR_VLFLAG_TAGGING_BY_SWITCHDEV) + path->bridge.vlan_mode = DEV_PATH_BR_VLAN_UNTAG_HW; + else + path->bridge.vlan_mode = DEV_PATH_BR_VLAN_UNTAG; + } return 0; } diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index 387e5574c31f..ed0e9b499971 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -149,6 +149,9 @@ static void nft_dev_path_info(const struct net_device_path_stack *stack, case DEV_PATH_BR_VLAN_UNTAG_HW: info->ingress_vlans |= BIT(info->num_encaps - 1); break; + case DEV_PATH_BR_VLAN_KEEP_HW: + info->ingress_vlans |= BIT(info->num_encaps); + fallthrough; case DEV_PATH_BR_VLAN_TAG: info->encap[info->num_encaps].id = path->bridge.vlan_id; info->encap[info->num_encaps].proto = path->bridge.vlan_proto; From patchwork Tue Jan 7 09:05:30 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13928537 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id E536AE77197 for ; Tue, 7 Jan 2025 09:23:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=kjMfgZPTOt1wzklPxYQo1KoCry3saUouaCrKRGjXlrM=; b=S8E5Fc7RpEeF4KS3v7mpMM+Uas fvx0x7/VG/jroIk1YQPutmBEpTws6O8S5+gmXqk7u8mUODnnjUHW6kZTFKnfABeWJMY5JTImR3plt e8NMWCAXPS4EXH5HCqONaPYtSxoZ3MMsWx6xf+95dBCFEoUKu5OeC4WUziSL8Q3swo3g/XXVnt6vd KjuOdnLftoENvEWGMqIJWz/FrxvBJfRhP5dzgKx2QR5Zl6wka7GND/Kd1y3QGsc5+c0AbHClt9z1Z Y6fiFbCs7R479C+WUQto9mOahnJEIzMFtkb/FRMX+Bn3l03+tw1HSEVLmY/0jUvDe9707wKEIrsbd QYSJFMtg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1tV5np-000000046Il-42N6; Tue, 07 Jan 2025 09:23:09 +0000 Received: from mail-ed1-x52f.google.com ([2a00:1450:4864:20::52f]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1tV5Xb-000000042f8-0ecK; Tue, 07 Jan 2025 09:06:24 +0000 Received: by mail-ed1-x52f.google.com with SMTP id 4fb4d7f45d1cf-5d3ecae02beso19266428a12.0; Tue, 07 Jan 2025 01:06:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1736240781; x=1736845581; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=kjMfgZPTOt1wzklPxYQo1KoCry3saUouaCrKRGjXlrM=; b=BemHxRCGoi+sT0M5joXtsFSr6fdlaVwozsWS7WQjb0UvZfHDuuZl6blJZmsm7nQiyD DKyBCj73m7lJ8lDe8yeFasTlvXqj3Tu7Pg3zylLV3Tqey1+ZuamJ/69v3WrJsbuzJYXF VPph0EZOuNhQWob/Em5ZEKQMgDb+Cr5eNllHBI4AveLF/iRWlsSlia97IcN0KKYEqGOZ 2p7J89VDL3PRim2nBXJYEsOGQq75F9HMlzv8A/T8m6M81dVZBUDVCpTxmwmNHFMFNjqy I8xOD5ShcsTUrr6Ryg5IbeufiniRFQUqh7pVeVO40vkJ00s87VYp3M+jx02srl69Bqit wASg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736240781; x=1736845581; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=kjMfgZPTOt1wzklPxYQo1KoCry3saUouaCrKRGjXlrM=; b=LK3d+py9jM7IEg3KSbaISW/zSWsfK1/Z0NotrikLt5wa/s4R8LyG6GTBVYEanDjg5/ j73ew1WPOgc7PKMLgUUBN8HD8+Il603bofVJnHAlocHXABTrnR6XT6/Vtydb2zq++zLa 4k48mXl09fIM27lR34jCI5t0Qr858XimzILeUicoI5pFKAWAs2CNYtlMB2tJStijHUtN byhfSFTb2h4K7jDYIxLUrJC2DOI1zshroOvtF/nzmEVjGyawXxl6qo3IFoZuQJFZ63dA Xo67WJDlhJ6hoCo1011zp3U5tYtyG+hrpGTzXZ6B00CuDviKvt1XUmd9WYzz7+UrsTlF zH4Q== X-Forwarded-Encrypted: i=1; AJvYcCU4V9edywCnWdY/LVq97aZYy2BYIKn5ufvlwVlRoM6syJ4sk8zB+4996t55hKXjK1DfkDVr3/rpESaPG/mNKm3p@lists.infradead.org, AJvYcCUtCP+siBQ96p9eyfHDts74DYMZl1wYewtACElFhqJ69IMxQYUNxkjy6nLKH1K1gs/mBE2UVFlfXCCG3AaZ9Lk=@lists.infradead.org X-Gm-Message-State: AOJu0YyS33wG9qktRRNGcmYLLvX2/XUTO4hcGi5JEVYyE4g/YE202m3Q sSmvjcW7Mm4QUMCRaZeMm3UBLz3hc54NCYfxpdYx51lVG9UH66xu X-Gm-Gg: ASbGnctR+8q48nmVLWGNA1bG5HOfvUAIzE9YW3RGM3yTeTVn4RITa9LIjs94s/gnsOd p/TLQLObWY1KWiLAk5b3EQhE4RRVS2C4iNDaREshYNsFQ/RCwr3wkoF+Yx8B3SRx/l62iTmrQG0 cXtYMXhlIWCoqCG4fc/dtkfM1ntz+E62PeFKvScOBOFZljXyod4OLX/THS5TMs9U+Eb7s44vX3b JVfNZK8xwh0Ih49joIhWf787PdjkCC2aDs0emXoE3aonsDTIBp8+m3NK/r3oCkjT7eR2DTBfXxl 97GxqEypkZY/DkgoXEljX22erEOU26VDQPBl3xRe3xojg1OQFdukA0ljrRiwQ0mg3mT+8cUujg= = X-Google-Smtp-Source: AGHT+IEZgOPUuG7xbszfCT298CU/i252/FBQIVsTD95aponqU63zDuW03UcIkUyIYtVMFWqIiCMCcQ== X-Received: by 2002:a05:6402:26c3:b0:5d6:37e9:8a93 with SMTP id 4fb4d7f45d1cf-5d81dd5e95amr53938837a12.2.1736240781203; Tue, 07 Jan 2025 01:06:21 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5d80676f3f9sm24005333a12.23.2025.01.07.01.06.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Jan 2025 01:06:19 -0800 (PST) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Andrew Lunn , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , David Ahern , Sebastian Andrzej Siewior , Lorenzo Bianconi , Joe Damato , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, Eric Woudstra Subject: [PATCH v4 net-next 13/13] netfilter: nft_flow_offload: Add bridgeflow to nft_flow_offload_eval() Date: Tue, 7 Jan 2025 10:05:30 +0100 Message-ID: <20250107090530.5035-14-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250107090530.5035-1-ericwouds@gmail.com> References: <20250107090530.5035-1-ericwouds@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250107_010623_194019_0ADDB931 X-CRM114-Status: GOOD ( 19.35 ) X-BeenThere: linux-mediatek@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Linux-mediatek" Errors-To: linux-mediatek-bounces+linux-mediatek=archiver.kernel.org@lists.infradead.org Edit nft_flow_offload_eval() to make it possible to handle a flowtable of the nft bridge family. Use nft_flow_offload_bridge_init() to fill the flow tuples. It uses nft_dev_fill_bridge_path() in each direction. Signed-off-by: Eric Woudstra --- net/netfilter/nft_flow_offload.c | 144 +++++++++++++++++++++++++++++-- 1 file changed, 139 insertions(+), 5 deletions(-) diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index ed0e9b499971..b17a3ef79852 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -196,6 +196,131 @@ static bool nft_flowtable_find_dev(const struct net_device *dev, return found; } +static int nft_dev_fill_bridge_path(struct flow_offload *flow, + struct nft_flowtable *ft, + const struct nft_pktinfo *pkt, + enum ip_conntrack_dir dir, + const struct net_device *src_dev, + const struct net_device *dst_dev, + unsigned char *src_ha, + unsigned char *dst_ha) +{ + struct flow_offload_tuple_rhash *th = flow->tuplehash; + struct net_device_path_stack stack; + struct net_device_path_ctx ctx = {}; + struct nft_forward_info info = {}; + int i, j = 0; + + for (i = th[dir].tuple.encap_num - 1; i >= 0 ; i--) { + if (info.num_encaps >= NF_FLOW_TABLE_ENCAP_MAX) + return -1; + + if (th[dir].tuple.in_vlan_ingress & BIT(i)) + continue; + + info.encap[info.num_encaps].id = th[dir].tuple.encap[i].id; + info.encap[info.num_encaps].proto = th[dir].tuple.encap[i].proto; + info.num_encaps++; + + if (th[dir].tuple.encap[i].proto == htons(ETH_P_PPP_SES)) + continue; + + if (ctx.num_vlans >= NET_DEVICE_PATH_VLAN_MAX) + return -1; + ctx.vlan[ctx.num_vlans].id = th[dir].tuple.encap[i].id; + ctx.vlan[ctx.num_vlans].proto = th[dir].tuple.encap[i].proto; + ctx.num_vlans++; + } + ctx.dev = src_dev; + ether_addr_copy(ctx.daddr, dst_ha); + + if (dev_fill_bridge_path(&ctx, &stack) < 0) + return -1; + + nft_dev_path_info(&stack, &info, dst_ha, &ft->data); + + if (!info.indev || info.indev != dst_dev) + return -1; + + th[!dir].tuple.iifidx = info.indev->ifindex; + for (i = info.num_encaps - 1; i >= 0; i--) { + th[!dir].tuple.encap[j].id = info.encap[i].id; + th[!dir].tuple.encap[j].proto = info.encap[i].proto; + if (info.ingress_vlans & BIT(i)) + th[!dir].tuple.in_vlan_ingress |= BIT(j); + j++; + } + th[!dir].tuple.encap_num = info.num_encaps; + + th[dir].tuple.mtu = dst_dev->mtu; + ether_addr_copy(th[dir].tuple.out.h_source, src_ha); + ether_addr_copy(th[dir].tuple.out.h_dest, dst_ha); + th[dir].tuple.out.ifidx = info.outdev->ifindex; + th[dir].tuple.out.hw_ifidx = info.hw_outdev->ifindex; + th[dir].tuple.xmit_type = FLOW_OFFLOAD_XMIT_DIRECT; + + return 0; +} + +static int nft_flow_offload_bridge_init(struct flow_offload *flow, + const struct nft_pktinfo *pkt, + enum ip_conntrack_dir dir, + struct nft_flowtable *ft) +{ + struct ethhdr *eth = eth_hdr(pkt->skb); + struct flow_offload_tuple *tuple; + const struct net_device *out_dev; + const struct net_device *in_dev; + struct pppoe_hdr *phdr; + struct vlan_hdr *vhdr; + int err, i = 0; + + in_dev = nft_in(pkt); + if (!in_dev || !nft_flowtable_find_dev(in_dev, ft)) + return -1; + + out_dev = nft_out(pkt); + if (!out_dev || !nft_flowtable_find_dev(out_dev, ft)) + return -1; + + tuple = &flow->tuplehash[!dir].tuple; + + if (skb_vlan_tag_present(pkt->skb)) { + tuple->encap[i].id = skb_vlan_tag_get(pkt->skb); + tuple->encap[i].proto = pkt->skb->vlan_proto; + i++; + } + switch (pkt->skb->protocol) { + case htons(ETH_P_8021Q): + vhdr = (struct vlan_hdr *)skb_network_header(pkt->skb); + tuple->encap[i].id = ntohs(vhdr->h_vlan_TCI); + tuple->encap[i].proto = pkt->skb->protocol; + i++; + break; + case htons(ETH_P_PPP_SES): + phdr = (struct pppoe_hdr *)skb_network_header(pkt->skb); + tuple->encap[i].id = ntohs(phdr->sid); + tuple->encap[i].proto = pkt->skb->protocol; + i++; + break; + } + tuple->encap_num = i; + + err = nft_dev_fill_bridge_path(flow, ft, pkt, !dir, out_dev, in_dev, + eth->h_dest, eth->h_source); + if (err < 0) + return err; + + memset(tuple->encap, 0, sizeof(tuple->encap)); + + err = nft_dev_fill_bridge_path(flow, ft, pkt, dir, in_dev, out_dev, + eth->h_source, eth->h_dest); + if (err < 0) + return err; + + return 0; +} + static void nft_dev_forward_path(struct nf_flow_route *route, const struct nf_conn *ct, enum ip_conntrack_dir dir, @@ -306,6 +431,7 @@ static void nft_flow_offload_eval(const struct nft_expr *expr, { struct nft_flow_offload *priv = nft_expr_priv(expr); struct nf_flowtable *flowtable = &priv->flowtable->data; + bool routing = (flowtable->type->family != NFPROTO_BRIDGE); struct tcphdr _tcph, *tcph = NULL; struct nf_flow_route route = {}; enum ip_conntrack_info ctinfo; @@ -359,14 +485,20 @@ static void nft_flow_offload_eval(const struct nft_expr *expr, goto out; dir = CTINFO2DIR(ctinfo); - if (nft_flow_route(pkt, ct, &route, dir, priv->flowtable) < 0) - goto err_flow_route; + if (routing) { + if (nft_flow_route(pkt, ct, &route, dir, priv->flowtable) < 0) + goto err_flow_route; + } flow = flow_offload_alloc(ct); if (!flow) goto err_flow_alloc; - flow_offload_route_init(flow, &route); + if (routing) + flow_offload_route_init(flow, &route); + else + if (nft_flow_offload_bridge_init(flow, pkt, dir, priv->flowtable) < 0) + goto err_flow_route; if (tcph) { ct->proto.tcp.seen[0].flags |= IP_CT_TCP_FLAG_BE_LIBERAL; @@ -419,8 +551,10 @@ static void nft_flow_offload_eval(const struct nft_expr *expr, err_flow_add: flow_offload_free(flow); err_flow_alloc: - dst_release(route.tuple[dir].dst); - dst_release(route.tuple[!dir].dst); + if (routing) { + dst_release(route.tuple[dir].dst); + dst_release(route.tuple[!dir].dst); + } err_flow_route: clear_bit(IPS_OFFLOAD_BIT, &ct->status); out: