From patchwork Fri Feb 28 20:15:19 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13997099 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 97302C282C6 for ; Fri, 28 Feb 2025 20:27:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=fA9Vmw88RokN6ZVcNFAMZ81OI6e/RLQJpo3MGu4wt9I=; b=BRYtSUZtpiLQVUBA9gks4A3UoE uDGJaoLqSbCwdk1gV+5d+YIfzkanNNo/RNLkcolXOp4Sqk8k5UNv2lyNHnoYW1c+jGgSR2dSyOkRo wOZXu65wyQWXRdSp70zvlfwqNbWoAtp8PFQjotbKqFmPn67H0QZ+Ev4yKwGhco67mLvluEh8QaGOd +X/z8nKijPzgtfAqFFgd8o+ah3zItF8ZKUklI1uqg/fpiPOdAdopf3ic2QvO+YrMM6a5dCTMJLWuf kvOLw1NpiBWI/9+4eg9ujsHy/r/cp2i7cyKLm6lstPNc/+0q6aw+/lJBrrqjLmPTV/R6ErDNbitF9 nbikY20Q==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1to6xf-0000000CbVM-3R3I; Fri, 28 Feb 2025 20:27:55 +0000 Received: from mail-ej1-x635.google.com ([2a00:1450:4864:20::635]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1to6mR-0000000CYGG-3775; Fri, 28 Feb 2025 20:16:20 +0000 Received: by mail-ej1-x635.google.com with SMTP id a640c23a62f3a-ab78e6edb99so341972466b.2; Fri, 28 Feb 2025 12:16:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1740773778; x=1741378578; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=fA9Vmw88RokN6ZVcNFAMZ81OI6e/RLQJpo3MGu4wt9I=; b=C1l/6Ala0om43XPz4RON2It3MM9JpIf6Fe4qO8HVciS2vKF+BReXeY8kkUvDhRRlrk svreS5cniqHfr0+lZyfgzADJ4FK7mIYI7DSx4TiGVXVQAewHo0FH/OyeKJjEzxycsjsJ x6vQnth91H9lW04K3yauxBdrRC7ijFWxz+1emPI6h1GC8/jolMGKB2b0/aVGj7XDlmsa xUWJwaeZrDPryk98wDPJCATP01pIW5Hv7AjxNH9GrYEpdbhONg9t1H7fH7Es+XkV0b6r en2shkf9ISNnYKBFaq0F1WOs2FJLX3rnEsvINELXsLo7UXeLGzwGCuBgEEgomRr5y/2x E65Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740773778; x=1741378578; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=fA9Vmw88RokN6ZVcNFAMZ81OI6e/RLQJpo3MGu4wt9I=; b=KBo0/vQfyJIYbX2aOvqHpRTOdyVZNWj2foIldBy6dI2sDJRVXP33LuNnMgYdlRxJgQ hsi0OyVrBB0LNlSRKrizLCSGkeRJJdLKFxKZ/J+u8Fsphh5wsML6/ni3jlurWWk7EbXN 9zC7WpqRGQ8a55CQJ4WM1HY3CGFWSELenD9M1SxY6iB1fTtEGfVQPog0E4PdlgYWvnn+ //8ePU+OhmXNz4I6qdhRqp/pmo+gV2MDjoFBpoR3W0TaulVh7xOV/JnSLRiTlw/Lbgoy P1LcFmo79iCBRGVaJwC9qVt6kyWUQtcjY30mCmG+RLTBPusQh4XcrcqvoTJndtFnj3tj EXEA== X-Forwarded-Encrypted: i=1; AJvYcCXFGgQebpLew/4oh3WQhLaEUtI25hZux8V1+qtOZbUstXizPzyinOKObVU4gzkC0Cn3T8JM2r7/3K1UuOCi8eUI@lists.infradead.org, AJvYcCXtGBrsyPjwLZ/Ui3PMRHjcGO95B0Z2kBSd4wm6gdJUdPD1hs416naAbPB2948rUxFXtl69QDFe1HQ+CVeMwps=@lists.infradead.org X-Gm-Message-State: AOJu0YyLU+dEaTeJWI0f2rRDid45Wp5Ct5TmyBRx+DFfTBNpmtqy2Kgl G5Rg1y+Mtj2kiLMS9MMYAQro3lWAMM0RJJyqkTljv2EOU3aBYp6N X-Gm-Gg: ASbGnctK8WEKbi/0blz6Qeq4t3x9VOha1FWDeFkRuxmZZzFy17bouTOR1Ji1GcPE4YQ DUxAfDKZlL3Kwb1y7wYzkvYsSFy94IiyUJ56tQQJ4AKCeJFGFHPzLgF9y7i2Paw/6umYBNgraWl p1rAOQyLp6lcRbqm+FGcAEexEgCQD2p9aychzICLoNRxkCTa29IVJHqli2aN1StnM6g9LgjRbec jXL1LpnbluQm+TasMrLdhTIL1R5rIQfOFmUhnoKzQJtDRs2yIZNb4nNpC4xHQm8gRI4DRsJJwEL RnByEc+rcOJzScvNor4k7loC/kFUQRTp1rzeldRSma5qCWcalvHTv6aH7HMVbOyNZqYijs4kqmI BLOvYYMVdhn1LHlfSVR8T87OL5XoVzDjySJAzu4AEhHk= X-Google-Smtp-Source: AGHT+IG9CXfC9QShMuEkr891X2vbkzQ2uh+igw8zIKBPddpTAHKgNLtJZSPLkYYg96Gm41ClW4AX7A== X-Received: by 2002:a17:907:3206:b0:abe:e981:f152 with SMTP id a640c23a62f3a-abf265a2a06mr522572366b.37.1740773777757; Fri, 28 Feb 2025 12:16:17 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-abf0c755c66sm340812666b.136.2025.02.28.12.16.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 28 Feb 2025 12:16:17 -0800 (PST) From: Eric Woudstra To: Michal Ostrowski , Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Ahmed Zaki , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, linux-hardening@vger.kernel.org, Kees Cook , "Gustavo A. R. Silva" , Eric Woudstra Subject: [PATCH v8 net-next 01/15] net: pppoe: avoid zero-length arrays in struct pppoe_hdr Date: Fri, 28 Feb 2025 21:15:19 +0100 Message-ID: <20250228201533.23836-2-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250228201533.23836-1-ericwouds@gmail.com> References: <20250228201533.23836-1-ericwouds@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250228_121619_779334_48B5F610 X-CRM114-Status: GOOD ( 13.99 ) X-BeenThere: linux-mediatek@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Linux-mediatek" Errors-To: linux-mediatek-bounces+linux-mediatek=archiver.kernel.org@lists.infradead.org Jakub Kicinski suggested following patch: W=1 C=1 GCC build gives us: net/bridge/netfilter/nf_conntrack_bridge.c: note: in included file (through ../include/linux/if_pppox.h, ../include/uapi/linux/netfilter_bridge.h, ../include/linux/netfilter_bridge.h): include/uapi/linux/if_pppox.h: 153:29: warning: array of flexible structures It doesn't like that hdr has a zero-length array which overlaps proto. The kernel code doesn't currently need those arrays. PPPoE connection is functional after applying this patch. Signed-off-by: Eric Woudstra --- drivers/net/ppp/pppoe.c | 2 +- include/uapi/linux/if_pppox.h | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/net/ppp/pppoe.c b/drivers/net/ppp/pppoe.c index 2ea4f4890d23..cb86b78de429 100644 --- a/drivers/net/ppp/pppoe.c +++ b/drivers/net/ppp/pppoe.c @@ -881,7 +881,7 @@ static int pppoe_sendmsg(struct socket *sock, struct msghdr *m, skb->protocol = cpu_to_be16(ETH_P_PPP_SES); ph = skb_put(skb, total_len + sizeof(struct pppoe_hdr)); - start = (char *)&ph->tag[0]; + start = (char *)ph + sizeof(*ph); error = memcpy_from_msg(start, m, total_len); if (error < 0) { diff --git a/include/uapi/linux/if_pppox.h b/include/uapi/linux/if_pppox.h index 9abd80dcc46f..29b804aa7474 100644 --- a/include/uapi/linux/if_pppox.h +++ b/include/uapi/linux/if_pppox.h @@ -122,7 +122,9 @@ struct sockaddr_pppol2tpv3in6 { struct pppoe_tag { __be16 tag_type; __be16 tag_len; +#ifndef __KERNEL__ char tag_data[]; +#endif } __attribute__ ((packed)); /* Tag identifiers */ @@ -150,7 +152,9 @@ struct pppoe_hdr { __u8 code; __be16 sid; __be16 length; +#ifndef __KERNEL__ struct pppoe_tag tag[]; +#endif } __packed; /* Length of entire PPPoE + PPP header */ From patchwork Fri Feb 28 20:15:20 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13997100 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id EA7D4C282C6 for ; Fri, 28 Feb 2025 20:28:06 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=VGr0DGFtdF9vUQZNuQxbjKzErqMA9pCa8F2vVWAZr6U=; b=NNhy7l9PL/qtJXlY+4+38LOYSv hr3J3Ih7Bi/nan1dgfXVmzdt5pCYMMK73gAgfa5Oqk90ENgL27dbchwHNmqNa2Pu3bYO10CokPUv5 zzjph0gLpv+wsQJOxLSI3IV8mhlZiAXpaeDtcH5HgmEjA5LbtZDmZ1KpfT8CmqKWtGjvD5k3DzJCF 1xBFogtjO77uCcWdhK68MdrivQQTxEMc/jG2riAyEenPbnkJqikQJC/kwOPznyNfEKPUWuGyAVNZn HxQyYyGP5XNXQca/LMbkt8+YW2RVZLQ50PDMnijfZHW95FUpb8DIfsBUYu9/nghiHEumamw2wQ9Kc S57js1Ww==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1to6xq-0000000CbXr-0XxW; Fri, 28 Feb 2025 20:28:06 +0000 Received: from mail-ej1-x62d.google.com ([2a00:1450:4864:20::62d]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1to6mT-0000000CYH7-0YLs; Fri, 28 Feb 2025 20:16:22 +0000 Received: by mail-ej1-x62d.google.com with SMTP id a640c23a62f3a-ab771575040so642978066b.1; Fri, 28 Feb 2025 12:16:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1740773779; x=1741378579; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=VGr0DGFtdF9vUQZNuQxbjKzErqMA9pCa8F2vVWAZr6U=; b=d8VXEV/bWrHqlQr6FtJF9I+w4/vSmGafM7uU+HbSQOd/LEMCkHKFJZS8DkCFpkSRNG DSsVyVQmxrvuvhQ180bS6Zy/tekgFT9njXM9DnJhqEsvpUd7B3tVgQ5iDiDCqumw/yWK BvDnS9iwZUwbXT6oGjLMesElYW3ix45k0TgAknlo3xkBNsGncDczSwQDOB9yCZcOvKh0 cQxicHpT8YJ1JC+DyHEE1Ot4YzMzoC6B5dhlL8hBiW5QSMHrsiLcuL+zNqHNygXgNBxl RE1aCGETixleWW0KUHiPguudRaf/0QCTxZGJfD6QBZfZqjlHSYZVzB0IStN/569vj0hT sXuw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740773779; x=1741378579; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=VGr0DGFtdF9vUQZNuQxbjKzErqMA9pCa8F2vVWAZr6U=; b=l0HzHwxvNK7T2Pn0mprJ9COwzILTrQ+tyLRAGzQdH/e49cS+BMQmIaz1skgWhvChfK qffB1o/KgfZpjSpBZvRk0axHdQ9O6yC/VS0oeKGXF41ZrrB2dAw3ryjwcX1vEupUlv18 RtHR6GpFDKNrMzxIzyzMT/WhlPPsysJo0JdwT0HuBdlGygUIeoSMyKE+I4fHQarE40Bo IKVKBnGgAl+ZCGB5+yyHbCSOsVPpvCChpJyJztlYmltroqZereDnpWYCBS2tQMiYz1y0 r+N+urAP54Xhrkk70X3tRs8uhjaKsKmY1I/drDIV9J7OSjtgNJFFDm7DFw2qbGuzadfk hgmA== X-Forwarded-Encrypted: i=1; AJvYcCUXEpUlUhoQOddg0K5CwFwtlLXcCJmfKvLDOhLCSSdOaPrPpdrlhs1LywApyeGavltmr3Mna0Q7FE1z78aq2p4=@lists.infradead.org, AJvYcCVdiWUpY+rHZb2lAJhkjYF8YrpSufpmnxhouzEy9B1qKFClNTSYySHMkfQdCGbbWN1jv9GqOgiqDweXNtxmEvTa@lists.infradead.org X-Gm-Message-State: AOJu0Ywyt7VKkifST/ZqoQo+UIQHLOU9tnSWCZDoj+amNUeO/kw1hf0k N8TA7gK56D4uPIqIyrsC2DjhM7hFmkmehlLsQbMklw1+vqTm+o35 X-Gm-Gg: ASbGncvPtNjRxjqzUkaqc0S8Z4UfcGfAW2FIW54DA/QGeLF4aK2UeLD5VBnA8LLf4MO RFdFKNPPxV3sSuFQXNR3NEWVIJBW6MDqoIEOoqGgSNgKPjQQa6DTst2RM/sG2rOrJzQOECN0U0f NSNttSIGj06Z0ZgtKgpgVKuXlnxkR/YFOM3vSQ0OBr/qH9dOJCkE83X9CbcZZMBfu/+mBh7O6gt M7HJhRkdGE0tpuCG9RQwgUUndumPtDfFzvuGAETC8aCEx67sUrsRu/WHUliH/MeUuF+NI1u/Emx AD1xMyUXSYTVpUv9Be7B/XcLE94gIul5PnRsy8oJ+6iHPdrXiofnTcK5zq+SRg8PVTunV+vlfOV sgs1weQCWqB8kGcRtv/FHDx86JNX599eBTEnO6vCTJww= X-Google-Smtp-Source: AGHT+IFSsO0D6FLoaTBr5CsWmwmRlLw+sSkoUxgYwd46U2pqe5KcLEx75Cg5UhavDa3o6cjGcNQ8Ug== X-Received: by 2002:a17:907:a4c7:b0:abb:af33:d0ac with SMTP id a640c23a62f3a-abf0605eec7mr944542066b.16.1740773779092; Fri, 28 Feb 2025 12:16:19 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-abf0c755c66sm340812666b.136.2025.02.28.12.16.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 28 Feb 2025 12:16:18 -0800 (PST) From: Eric Woudstra To: Michal Ostrowski , Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Ahmed Zaki , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, linux-hardening@vger.kernel.org, Kees Cook , "Gustavo A. R. Silva" , Eric Woudstra Subject: [PATCH v8 net-next 02/15] netfilter: nf_flow_table_offload: Add nf_flow_encap_push() for xmit direct Date: Fri, 28 Feb 2025 21:15:20 +0100 Message-ID: <20250228201533.23836-3-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250228201533.23836-1-ericwouds@gmail.com> References: <20250228201533.23836-1-ericwouds@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250228_121621_177680_3E9218E0 X-CRM114-Status: GOOD ( 19.71 ) X-BeenThere: linux-mediatek@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Linux-mediatek" Errors-To: linux-mediatek-bounces+linux-mediatek=archiver.kernel.org@lists.infradead.org Loosely based on wenxu's patches: "nf_flow_table_offload: offload the vlan/PPPoE encap in the flowtable". Fixed double vlan and pppoe packets, almost entirely rewriting the patch. After this patch, it is possible to transmit packets in the fastpath with outgoing encaps, without using vlan- and/or pppoe-devices. This makes it possible to use more different kinds of network setups. For example, when bridge tagging is used to egress vlan tagged packets using the forward fastpath. Another example is passing 802.1q tagged packets through a bridge using the bridge fastpath. This also makes the software fastpath process more similar to the hardware offloaded fastpath process, where encaps are also pushed. After applying this patch, always info->outdev = info->hw_outdev, so the netfilter code can be further cleaned up by removing: * hw_outdev from struct nft_forward_info * out.hw_ifindex from struct nf_flow_route * out.hw_ifidx from struct flow_offload_tuple Reviewed-by: Nikolay Aleksandrov Signed-off-by: Eric Woudstra --- net/netfilter/nf_flow_table_ip.c | 96 +++++++++++++++++++++++++++++++- net/netfilter/nft_flow_offload.c | 6 +- 2 files changed, 96 insertions(+), 6 deletions(-) diff --git a/net/netfilter/nf_flow_table_ip.c b/net/netfilter/nf_flow_table_ip.c index 8cd4cf7ae211..d0c3c459c4d2 100644 --- a/net/netfilter/nf_flow_table_ip.c +++ b/net/netfilter/nf_flow_table_ip.c @@ -306,6 +306,92 @@ static bool nf_flow_skb_encap_protocol(struct sk_buff *skb, __be16 proto, return false; } +static int nf_flow_vlan_inner_push(struct sk_buff *skb, __be16 proto, u16 id) +{ + struct vlan_hdr *vhdr; + + if (skb_cow_head(skb, VLAN_HLEN)) + return -1; + + __skb_push(skb, VLAN_HLEN); + skb_reset_network_header(skb); + + vhdr = (struct vlan_hdr *)(skb->data); + vhdr->h_vlan_TCI = htons(id); + vhdr->h_vlan_encapsulated_proto = skb->protocol; + skb->protocol = proto; + + return 0; +} + +static int nf_flow_ppoe_push(struct sk_buff *skb, u16 id) +{ + struct ppp_hdr { + struct pppoe_hdr hdr; + __be16 proto; + } *ph; + int data_len = skb->len + 2; + __be16 proto; + + if (skb_cow_head(skb, PPPOE_SES_HLEN)) + return -1; + + if (skb->protocol == htons(ETH_P_IP)) + proto = htons(PPP_IP); + else if (skb->protocol == htons(ETH_P_IPV6)) + proto = htons(PPP_IPV6); + else + return -1; + + __skb_push(skb, PPPOE_SES_HLEN); + skb_reset_network_header(skb); + + ph = (struct ppp_hdr *)(skb->data); + ph->hdr.ver = 1; + ph->hdr.type = 1; + ph->hdr.code = 0; + ph->hdr.sid = htons(id); + ph->hdr.length = htons(data_len); + ph->proto = proto; + skb->protocol = htons(ETH_P_PPP_SES); + + return 0; +} + +static int nf_flow_encap_push(struct sk_buff *skb, + struct flow_offload_tuple_rhash *tuplehash, + unsigned short *type) +{ + int i = 0, ret = 0; + + if (!tuplehash->tuple.encap_num) + return 0; + + if (tuplehash->tuple.encap[i].proto == htons(ETH_P_8021Q) || + tuplehash->tuple.encap[i].proto == htons(ETH_P_8021AD)) { + __vlan_hwaccel_put_tag(skb, tuplehash->tuple.encap[i].proto, + tuplehash->tuple.encap[i].id); + i++; + if (i >= tuplehash->tuple.encap_num) + return 0; + } + + switch (tuplehash->tuple.encap[i].proto) { + case htons(ETH_P_8021Q): + *type = ETH_P_8021Q; + ret = nf_flow_vlan_inner_push(skb, + tuplehash->tuple.encap[i].proto, + tuplehash->tuple.encap[i].id); + break; + case htons(ETH_P_PPP_SES): + *type = ETH_P_PPP_SES; + ret = nf_flow_ppoe_push(skb, + tuplehash->tuple.encap[i].id); + break; + } + return ret; +} + static void nf_flow_encap_pop(struct sk_buff *skb, struct flow_offload_tuple_rhash *tuplehash) { @@ -335,6 +421,7 @@ static void nf_flow_encap_pop(struct sk_buff *skb, static unsigned int nf_flow_queue_xmit(struct net *net, struct sk_buff *skb, const struct flow_offload_tuple_rhash *tuplehash, + struct flow_offload_tuple_rhash *other_tuplehash, unsigned short type) { struct net_device *outdev; @@ -343,6 +430,9 @@ static unsigned int nf_flow_queue_xmit(struct net *net, struct sk_buff *skb, if (!outdev) return NF_DROP; + if (nf_flow_encap_push(skb, other_tuplehash, &type) < 0) + return NF_DROP; + skb->dev = outdev; dev_hard_header(skb, skb->dev, type, tuplehash->tuple.out.h_dest, tuplehash->tuple.out.h_source, skb->len); @@ -462,7 +552,8 @@ nf_flow_offload_ip_hook(void *priv, struct sk_buff *skb, ret = NF_STOLEN; break; case FLOW_OFFLOAD_XMIT_DIRECT: - ret = nf_flow_queue_xmit(state->net, skb, tuplehash, ETH_P_IP); + ret = nf_flow_queue_xmit(state->net, skb, tuplehash, + &flow->tuplehash[!dir], ETH_P_IP); if (ret == NF_DROP) flow_offload_teardown(flow); break; @@ -757,7 +848,8 @@ nf_flow_offload_ipv6_hook(void *priv, struct sk_buff *skb, ret = NF_STOLEN; break; case FLOW_OFFLOAD_XMIT_DIRECT: - ret = nf_flow_queue_xmit(state->net, skb, tuplehash, ETH_P_IPV6); + ret = nf_flow_queue_xmit(state->net, skb, tuplehash, + &flow->tuplehash[!dir], ETH_P_IPV6); if (ret == NF_DROP) flow_offload_teardown(flow); break; diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index 46a6d280b09c..b4baee519e18 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -124,13 +124,12 @@ static void nft_dev_path_info(const struct net_device_path_stack *stack, info->indev = NULL; break; } - if (!info->outdev) - info->outdev = path->dev; info->encap[info->num_encaps].id = path->encap.id; info->encap[info->num_encaps].proto = path->encap.proto; info->num_encaps++; if (path->type == DEV_PATH_PPPOE) memcpy(info->h_dest, path->encap.h_dest, ETH_ALEN); + info->xmit_type = FLOW_OFFLOAD_XMIT_DIRECT; break; case DEV_PATH_BRIDGE: if (is_zero_ether_addr(info->h_source)) @@ -158,8 +157,7 @@ static void nft_dev_path_info(const struct net_device_path_stack *stack, break; } } - if (!info->outdev) - info->outdev = info->indev; + info->outdev = info->indev; info->hw_outdev = info->indev; From patchwork Fri Feb 28 20:15:21 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13997101 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 36210C282D0 for ; Fri, 28 Feb 2025 20:28:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=h3xV3TA0ockrC7/s5OEcRj/pNoR8pLIoTTKhN2eYQLw=; b=mrV7fmmzWLHwvBkdWiU0Lmuhrz lxpw46FgialhOcizkacdCv72UdHMYy/8znNDOK+xHGkRvNfJ7HqtiT62KqCU43r+rpRkqQ1CiCuHN nw68pWpivk7ry6EH8RpRHeV+EWVjyoaDzMMwN+ObZyDDzQANEpjxR6CBkEjBY5gOd6LlNWdL1ySjJ 2XfKKjwBBsH4IophkI75zD4sNYR2j16MNcoAPj+GufwubzKWKhrr1GgnSShmOEvARdv5dT0FiwkwM GbmLoyxtvzqGo+lds3TKRyT7TwPTSr9cfaMTQLdO0w0IdwpuzNmtdG66lVFrMO0nAeBkCTCl/fCCu pvx4nXyg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1to6y0-0000000Cbac-1pkc; Fri, 28 Feb 2025 20:28:16 +0000 Received: from mail-ej1-x629.google.com ([2a00:1450:4864:20::629]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1to6mT-0000000CYHy-3iXi; Fri, 28 Feb 2025 20:16:22 +0000 Received: by mail-ej1-x629.google.com with SMTP id a640c23a62f3a-abee54ae370so357715266b.3; Fri, 28 Feb 2025 12:16:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1740773780; x=1741378580; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=h3xV3TA0ockrC7/s5OEcRj/pNoR8pLIoTTKhN2eYQLw=; b=aXag8VbfvbL7fwGwo1x1bWHjst9AQaYRLYkBattUnOgfNRtlN9OiiukFYGExtYP6Ca 7kYrSGuIy33cCZvSvsx/TvzBFiWABL7Iaj9NtyLY+R1kPCSrzEXZio5s+DQ2PM3xo/AR DXyY7jr9fm055adx0wI/3yZp/h3i3MMMLHrasBU48j0cF52/W8rvTZY4+81p3p1DlUVX I15zkBUMjA6Sj8aU/we+/zUJyGjNw4cxaHYurO6r+OwDxIIcjZpc/ha4+HzGLtqzOIAt a0u5Tbz/HV1CznND3Xy+F6+4q5GwibaMjBC+APqQf6vBK12p+6LpHD7UctTYNBFVg31Z 7FPQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740773780; x=1741378580; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=h3xV3TA0ockrC7/s5OEcRj/pNoR8pLIoTTKhN2eYQLw=; b=lt8MPhR0il7nSkCSm6QddfLG0CFeA6HrG8XAfwAQ8CtLCL8d9X/Q1wnwWcCeo3gGyt KAolBhEw2xo5H3pGNT09wS19mHLKFo4Qnj3DdJRJ6e/20KDu82xEFGIPxwQHzwpnIZp6 2K8W4dfNq7gJ/gwoK2HMW1Ho0e9O1ncW+/b3iyBg4SlWWdkF0SeBloCXiVSv/QL2gFNJ slwMSERlD9Gvperj56t1u+s3JOGJwHSu0S84jTr9+gkXX4YEXRQ3/AlLxTcD90rxChV3 3oL4Ddm6Lhb/f2VYpUd6KfIabx/TdxLPPzZsXUVHo9sMv0d08OlGbKE1lqDJO8FtE7y9 y9FQ== X-Forwarded-Encrypted: i=1; AJvYcCVmnVYwIBK9FJYwBbCl8nu313OHau568UMZT/Vs6Rh+COyV7+2yHh4q7L9HEcCH78MCzqHIPL67ccsdW8YH3DFi@lists.infradead.org, AJvYcCWEKvHWofhO/fxh+SedSoxxSV+8LmRf4dodRJ218YTUoJGt+L9mYEEU1jQV1LQuudueMWXPgaTJVRxpT2ITihU=@lists.infradead.org X-Gm-Message-State: AOJu0YxqvaGXZZC6hrCH5aLnBufTIS8RsN9OTK11dJEjkkBKsGck3mWE wrnqvDMCeqe4ESaTb9E686Id5LrIPRJfqdwak+/uxhqkSEs0ksBF X-Gm-Gg: ASbGncvyIrGuPoyT9Y+GUf7NhYJXxxkK/lpOWkCznFUjKaP11u6pLbJBddPF26PVrQl TGwSv+RA2Kq/+Io7fdDebr6ZlIoLCOH6gs17HM7RwNEGG7x14Jn92N1EucroNNduEvJzzsqq14e 3KTttdzk/8SxVVbByVh7mRu2Raerm07r6qCmr5MrgiC3JOA8f16V8N513aTQVY5iTs55FZHK1YZ 1c3OzAkO/va1Rz0YM032CXjZ1NuJ7bsXkp8NmrUnvyx102VKCfaMFVQB+TKzZIaQWuc/u9EqlsX xcMpNLFgrWBKhJDwVkqtul2bWpAYn2NexEkdNXTbaezBoX/P6uq0LqTVq86q2HTYFmpOXfZXdqx jsFfqgJXXmMDEzqnLIgn+n0duN4N09ZDo034gj0Mv4jQ= X-Google-Smtp-Source: AGHT+IEiUtc0XSpuKyIKeLozoVWm4Sd50Qjo2FMlO/4dpvxhs03yVO3P9mswx5jt1Mq2Z2AMyoPXJw== X-Received: by 2002:a17:907:9408:b0:abf:19ac:76d with SMTP id a640c23a62f3a-abf269b9a91mr541954866b.51.1740773780345; Fri, 28 Feb 2025 12:16:20 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-abf0c755c66sm340812666b.136.2025.02.28.12.16.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 28 Feb 2025 12:16:19 -0800 (PST) From: Eric Woudstra To: Michal Ostrowski , Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Ahmed Zaki , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, linux-hardening@vger.kernel.org, Kees Cook , "Gustavo A. R. Silva" , Eric Woudstra Subject: [PATCH v8 net-next 03/15] netfilter: flow: remove hw_outdev, out.hw_ifindex and out.hw_ifidx Date: Fri, 28 Feb 2025 21:15:21 +0100 Message-ID: <20250228201533.23836-4-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250228201533.23836-1-ericwouds@gmail.com> References: <20250228201533.23836-1-ericwouds@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250228_121621_935751_981A4D35 X-CRM114-Status: GOOD ( 14.85 ) X-BeenThere: linux-mediatek@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Linux-mediatek" Errors-To: linux-mediatek-bounces+linux-mediatek=archiver.kernel.org@lists.infradead.org Now always info->outdev == info->hw_outdev, so the netfilter code can be further cleaned up by removing: * hw_outdev from struct nft_forward_info * out.hw_ifindex from struct nf_flow_route * out.hw_ifidx from struct flow_offload_tuple Reviewed-by: Nikolay Aleksandrov Signed-off-by: Eric Woudstra --- include/net/netfilter/nf_flow_table.h | 2 -- net/netfilter/nf_flow_table_core.c | 1 - net/netfilter/nf_flow_table_offload.c | 2 +- net/netfilter/nft_flow_offload.c | 4 ---- 4 files changed, 1 insertion(+), 8 deletions(-) diff --git a/include/net/netfilter/nf_flow_table.h b/include/net/netfilter/nf_flow_table.h index d711642e78b5..4ab32fb61865 100644 --- a/include/net/netfilter/nf_flow_table.h +++ b/include/net/netfilter/nf_flow_table.h @@ -145,7 +145,6 @@ struct flow_offload_tuple { }; struct { u32 ifidx; - u32 hw_ifidx; u8 h_source[ETH_ALEN]; u8 h_dest[ETH_ALEN]; } out; @@ -211,7 +210,6 @@ struct nf_flow_route { } in; struct { u32 ifindex; - u32 hw_ifindex; u8 h_source[ETH_ALEN]; u8 h_dest[ETH_ALEN]; } out; diff --git a/net/netfilter/nf_flow_table_core.c b/net/netfilter/nf_flow_table_core.c index 9d8361526f82..1e5d3735c028 100644 --- a/net/netfilter/nf_flow_table_core.c +++ b/net/netfilter/nf_flow_table_core.c @@ -127,7 +127,6 @@ static int flow_offload_fill_route(struct flow_offload *flow, memcpy(flow_tuple->out.h_source, route->tuple[dir].out.h_source, ETH_ALEN); flow_tuple->out.ifidx = route->tuple[dir].out.ifindex; - flow_tuple->out.hw_ifidx = route->tuple[dir].out.hw_ifindex; dst_release(dst); break; case FLOW_OFFLOAD_XMIT_XFRM: diff --git a/net/netfilter/nf_flow_table_offload.c b/net/netfilter/nf_flow_table_offload.c index e06bc36f49fe..d8f7bfd60ac6 100644 --- a/net/netfilter/nf_flow_table_offload.c +++ b/net/netfilter/nf_flow_table_offload.c @@ -555,7 +555,7 @@ static void flow_offload_redirect(struct net *net, switch (this_tuple->xmit_type) { case FLOW_OFFLOAD_XMIT_DIRECT: this_tuple = &flow->tuplehash[dir].tuple; - ifindex = this_tuple->out.hw_ifidx; + ifindex = this_tuple->out.ifidx; break; case FLOW_OFFLOAD_XMIT_NEIGH: other_tuple = &flow->tuplehash[!dir].tuple; diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index b4baee519e18..5ef2f4ba7ab8 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -80,7 +80,6 @@ static int nft_dev_fill_forward_path(const struct nf_flow_route *route, struct nft_forward_info { const struct net_device *indev; const struct net_device *outdev; - const struct net_device *hw_outdev; struct id { __u16 id; __be16 proto; @@ -159,8 +158,6 @@ static void nft_dev_path_info(const struct net_device_path_stack *stack, } info->outdev = info->indev; - info->hw_outdev = info->indev; - if (nf_flowtable_hw_offload(flowtable) && nft_is_valid_ether_device(info->indev)) info->xmit_type = FLOW_OFFLOAD_XMIT_DIRECT; @@ -212,7 +209,6 @@ static void nft_dev_forward_path(struct nf_flow_route *route, memcpy(route->tuple[dir].out.h_source, info.h_source, ETH_ALEN); memcpy(route->tuple[dir].out.h_dest, info.h_dest, ETH_ALEN); route->tuple[dir].out.ifindex = info.outdev->ifindex; - route->tuple[dir].out.hw_ifindex = info.hw_outdev->ifindex; route->tuple[dir].xmit_type = info.xmit_type; } } From patchwork Fri Feb 28 20:15:22 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13997102 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id E1C4EC282C6 for ; Fri, 28 Feb 2025 20:28:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=+rhlCg4/52AHm6e8tJsmpQptNUxepmsLI5spztxpn6c=; b=NtJQmZuX6d2Yit+KtBbYDjLmdr bFxICsAm+j43RtcFu01HtmnIch8YGGBSS4uw9S+COuG6KlRjVPAaQuFGBiicMCgX9F9VaBo1Witfw nZe+eO3isrjr2foKiFZ5wzopsLmXLSCyTQ2y9sM24B/RKDQ/HQw7bCqLs1em0UwMju8e+ZLuc493b itYBgi4GF7DHscYydi9DrzH9L/UEYtB6wc+TOOtyMg8OZOioczjlpfvsMKRc+dbp234JF7haOkVVv tMbtU/iayDWM6zU8HuwTflfjQl5uDwY95rQhB98cp7YhFsEfA7eltsk7kE3upn1TugKozCjzhmOd8 sgtnIeew==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1to6yB-0000000Cbeh-0AVX; Fri, 28 Feb 2025 20:28:27 +0000 Received: from mail-ej1-x636.google.com ([2a00:1450:4864:20::636]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1to6mV-0000000CYIa-2Lfl; Fri, 28 Feb 2025 20:16:24 +0000 Received: by mail-ej1-x636.google.com with SMTP id a640c23a62f3a-abbac134a19so382821566b.0; Fri, 28 Feb 2025 12:16:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1740773782; x=1741378582; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=+rhlCg4/52AHm6e8tJsmpQptNUxepmsLI5spztxpn6c=; b=nQLu5eYs50+PuJA9GYQa6THup2jMper7ooTXTlyPwhINjJdAeSbfFA4HGrZ5x8cd+4 qxmZeJbsT+/pgNYqswxeX7J+bNNinH2eZmxzujyBbHnRUcdcaIlCU7KUdy39ZnNe5vmC N4EeQuR69eWtepbTBgjRD0wq5UHHzwCBl2N+M2vxky4fmQvFsYExVn+qNtCXF/OvIsGZ gNX2E/LNgEWR8PiybVC5jgB3kD8rCds5c7MHDVrXIMdWkWYv/Kn14YP65jMzRpsHmRm1 v3u6/lbdRSQ/kPj8DH7dCIlnCDqEo4fr6+GKdb2m4cYpydwrOiDIs9nIzR1ZY4pPbscm 8dXA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740773782; x=1741378582; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=+rhlCg4/52AHm6e8tJsmpQptNUxepmsLI5spztxpn6c=; b=utycOAmrYrhGY/uUvW6P1yxeTcqzhwjJXKiPoPFq4DsFobnnvCHyMIs5f/G7h949kf 0sXDMHSgytrK/uUq036S5mFSrP5AC5jj8fjaVOIvB3oP9iRG4Zhi+fQJnNrM3K87Oogx c0W1BoCpieTTO+W8TP7N1IuyhxomjBxAbZdAaVB9WUFPsDu1YhcFoZNzbC6vS9PUcnoY 4diLzsCYe3OL5OuJ1cetrL2b1XzH4H5GdkNX7tk973kgoG/UVlxDcbHofLzS93mrMshm VsRT5k8TTy9nxideUWzSfTVWKWxzI62GEv9qK9ntXi5XhX2QR3rjmvr9adNgBTC+DmoM kCEA== X-Forwarded-Encrypted: i=1; AJvYcCUFFV/2iD/FNKDjZaKpAH4dr0zIDEAWq1IfICtBhex4h5CbVsQZVL42rj3Zw9BWi1V8OfDcgL0kgVq7sL/LFTHb@lists.infradead.org, AJvYcCXtJL4c4qHpuuXTNQ2ya0g/eE3+35mAyQz4mtG8iSko5eyvhYK2URQTf9mjWX+5ze/H/U6508deYSDe9wRrepw=@lists.infradead.org X-Gm-Message-State: AOJu0YxKhwIOU5Cw8sDmlr6FqjeD+b6LFOM/8RcVIhfuvCpRjTAZc7ED 8eTNFkvW2yZRWQoL339C7+yoAsDSdjrvcQ9I9x2GGyC+spFMa51Z X-Gm-Gg: ASbGncs8/+KIkniVUy3rxOd2u3oQGchz7EFrBfncUDnkZup/SjKp9JegOcLVZ7HZN8k ezCAK7iX8aBbzXwmvPn2SNBtpsqnLCC9xPny3e4WxBJ+Ufx0gkgJ1FneMOdJKt0g1iyiXpqbX6d f7E/CGJHsYnMDDFIZtFFZjt4wyaDZWPdlR2LFg2xlLDFVQq8FAxw+ZzHtR6rP+T3TL7vl1tSpFa CwGRgFCcqBzC2/Wxd1AYgeQh0H9db2EXahZU8b1AghTrD0OPtuLMyGrlUfdF7axTqhzdY7Jsxf8 LyOXF0mYzFX8A4D2SwAl+ePm1eBh7W5JxOMnT+NBkStXJPukxJD4fPD9Qhq8SwD6TUQZdRVNyIw 6J5nb9DHK3ZmAqM1tMPXo/RS4YBe3KYLzOk2qLMPmhwk= X-Google-Smtp-Source: AGHT+IGiUhgcy0UU2Q21kNRFUyXsV4EZ5JKfRHYY7rLJLVAwzjlILW+HrVFwXhJC9gDCOjiMIMoAKA== X-Received: by 2002:a17:907:2d90:b0:ab7:8930:5669 with SMTP id a640c23a62f3a-abf25fbb482mr535437266b.18.1740773781534; Fri, 28 Feb 2025 12:16:21 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-abf0c755c66sm340812666b.136.2025.02.28.12.16.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 28 Feb 2025 12:16:21 -0800 (PST) From: Eric Woudstra To: Michal Ostrowski , Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Ahmed Zaki , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, linux-hardening@vger.kernel.org, Kees Cook , "Gustavo A. R. Silva" , Eric Woudstra Subject: [PATCH v8 net-next 04/15] netfilter: bridge: Add conntrack double vlan and pppoe Date: Fri, 28 Feb 2025 21:15:22 +0100 Message-ID: <20250228201533.23836-5-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250228201533.23836-1-ericwouds@gmail.com> References: <20250228201533.23836-1-ericwouds@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250228_121623_595755_D523DE9C X-CRM114-Status: GOOD ( 14.03 ) X-BeenThere: linux-mediatek@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Linux-mediatek" Errors-To: linux-mediatek-bounces+linux-mediatek=archiver.kernel.org@lists.infradead.org This adds the capability to conntrack 802.1ad, QinQ, PPPoE and PPPoE-in-Q packets that are passing a bridge. Signed-off-by: Eric Woudstra --- net/bridge/netfilter/nf_conntrack_bridge.c | 83 ++++++++++++++++++---- 1 file changed, 71 insertions(+), 12 deletions(-) diff --git a/net/bridge/netfilter/nf_conntrack_bridge.c b/net/bridge/netfilter/nf_conntrack_bridge.c index 816bb0fde718..4b4e3751fb13 100644 --- a/net/bridge/netfilter/nf_conntrack_bridge.c +++ b/net/bridge/netfilter/nf_conntrack_bridge.c @@ -242,53 +242,112 @@ static unsigned int nf_ct_bridge_pre(void *priv, struct sk_buff *skb, { struct nf_hook_state bridge_state = *state; enum ip_conntrack_info ctinfo; + int ret, offset = 0; struct nf_conn *ct; - u32 len; - int ret; + __be16 outer_proto; + u32 len, data_len; ct = nf_ct_get(skb, &ctinfo); if ((ct && !nf_ct_is_template(ct)) || ctinfo == IP_CT_UNTRACKED) return NF_ACCEPT; + switch (skb->protocol) { + case htons(ETH_P_PPP_SES): { + struct ppp_hdr { + struct pppoe_hdr hdr; + __be16 proto; + } *ph; + + offset = PPPOE_SES_HLEN; + if (!pskb_may_pull(skb, offset)) + return NF_ACCEPT; + outer_proto = skb->protocol; + ph = (struct ppp_hdr *)(skb->data); + switch (ph->proto) { + case htons(PPP_IP): + skb->protocol = htons(ETH_P_IP); + break; + case htons(PPP_IPV6): + skb->protocol = htons(ETH_P_IPV6); + break; + default: + nf_ct_set(skb, NULL, IP_CT_UNTRACKED); + return NF_ACCEPT; + } + data_len = ntohs(ph->hdr.length) - 2; + skb_pull_rcsum(skb, offset); + skb_reset_network_header(skb); + break; + } + case htons(ETH_P_8021Q): { + struct vlan_hdr *vhdr; + + offset = VLAN_HLEN; + if (!pskb_may_pull(skb, offset)) + return NF_ACCEPT; + outer_proto = skb->protocol; + vhdr = (struct vlan_hdr *)(skb->data); + skb->protocol = vhdr->h_vlan_encapsulated_proto; + data_len = U32_MAX; + skb_pull_rcsum(skb, offset); + skb_reset_network_header(skb); + break; + } + default: + data_len = U32_MAX; + break; + } + + ret = NF_ACCEPT; switch (skb->protocol) { case htons(ETH_P_IP): if (!pskb_may_pull(skb, sizeof(struct iphdr))) - return NF_ACCEPT; + goto do_not_track; len = skb_ip_totlen(skb); + if (data_len < len) + len = data_len; if (pskb_trim_rcsum(skb, len)) - return NF_ACCEPT; + goto do_not_track; if (nf_ct_br_ip_check(skb)) - return NF_ACCEPT; + goto do_not_track; bridge_state.pf = NFPROTO_IPV4; ret = nf_ct_br_defrag4(skb, &bridge_state); break; case htons(ETH_P_IPV6): if (!pskb_may_pull(skb, sizeof(struct ipv6hdr))) - return NF_ACCEPT; + goto do_not_track; len = sizeof(struct ipv6hdr) + ntohs(ipv6_hdr(skb)->payload_len); + if (data_len < len) + len = data_len; if (pskb_trim_rcsum(skb, len)) - return NF_ACCEPT; + goto do_not_track; if (nf_ct_br_ipv6_check(skb)) - return NF_ACCEPT; + goto do_not_track; bridge_state.pf = NFPROTO_IPV6; ret = nf_ct_br_defrag6(skb, &bridge_state); break; default: nf_ct_set(skb, NULL, IP_CT_UNTRACKED); - return NF_ACCEPT; + goto do_not_track; } - if (ret != NF_ACCEPT) - return ret; + if (ret == NF_ACCEPT) + ret = nf_conntrack_in(skb, &bridge_state); - return nf_conntrack_in(skb, &bridge_state); +do_not_track: + if (offset) { + skb_push_rcsum(skb, offset); + skb_reset_network_header(skb); + skb->protocol = outer_proto; + } + return ret; } static unsigned int nf_ct_bridge_in(void *priv, struct sk_buff *skb, From patchwork Fri Feb 28 20:15:23 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13997103 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 3E8D4C282C5 for ; Fri, 28 Feb 2025 20:28:38 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=ukwtTV0ExXBJKM7v4LhbJXSMG6hQJqW8GgzzDxNF23M=; b=RqsczCfXMK4xSv4UjAHHItNBAy P0mA/h9MHrQ4oXHVXQzMC4VyU2o+R62igz8OVH7oJv0kobn55Mh1L0/dVCd4teOaj/9H0PfaZCaAi 8ZBczJSMKxTUVvCMKAtyFe/tHvDQGefIHYE42CYeC4Ko2/oB0ZfT4WWsgmbWKeXwcHhOUO33tTyKB 1rUsuQZWpNpStmGGdm8Kaq9lcGwhiudt6Y8jO4nZVHD8TUZmzizM6zqJEhBwacPbtsbfWXE0Zz2CR XDP58JwSTicJtcgBgkFJXhGtk1BnIeYe40yjHnpxsGwwStLhNBA4FasvkmmzX9RmqBQXkJKoMsijz uea/XNlw==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1to6yL-0000000Cbhk-1X4R; Fri, 28 Feb 2025 20:28:37 +0000 Received: from mail-ej1-x634.google.com ([2a00:1450:4864:20::634]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1to6mW-0000000CYJ6-2lL9; Fri, 28 Feb 2025 20:16:25 +0000 Received: by mail-ej1-x634.google.com with SMTP id a640c23a62f3a-aaec61d0f65so517565966b.1; Fri, 28 Feb 2025 12:16:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1740773783; x=1741378583; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=ukwtTV0ExXBJKM7v4LhbJXSMG6hQJqW8GgzzDxNF23M=; b=cs8rBBJCyy2XQpW7n0rhXTpWskepqRMOSzcj90mvduVWdgr67Eud3nkBsknP7IAwnh c6FH6LmF32j2QUqkF1oe3ihqUzyKQxOYKm5H7oXuyEDhGbbvrSqGHFzJW8bcW40OYWl8 U5kitEKHbnCUMp1lmIqmUEtrGzpn5QQnz1zzpcBlWlAwNbnQKLF/BRLo5I+VhTJ2ec9E 3o0A3ffwOc9kReEKQroZHt1lJfFcIzl1At2QcpSDFve9QUq0KCUvsfr38Y1KZnawAbgx 95X04D+HBE1HW5UxO90dBv8GLVC8PiyL2EMHYjui6PRc1Ad7mmOtzLqE/h8pUH/dJWV+ t9kw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740773783; x=1741378583; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ukwtTV0ExXBJKM7v4LhbJXSMG6hQJqW8GgzzDxNF23M=; b=CNPtvFt4NF+oNuegmhlcEkBD9O3fDOgYftrujTWH+e541HIm/4I0xHTzBbzerifo2u JUNEvsJqfyiY4o6Ip17CzN1lZzhADLPgQXz9bmDINTP1ya3/dn4/cazVBchda0CAfHvI U+J8TpE1zEbTipoV4+/uKjTEi3irEHCX3RfiSS97L9vHzfdl0ZeTTOsotouJhYXvhUS3 TC1C93nNUO6c5jj17JJc0jJQtOFPt1e4uMJP/YzJvjWRibPwKF/7X7YXKipEnee5pwIG RIhc4NnTS5LkkNvkNWAHlqYy8k4D4lMm8t8huUGzubWnXnWiYwcQZICdujnMhy7I3DB1 4nUw== X-Forwarded-Encrypted: i=1; AJvYcCWnA7QOj2G1oV4BrxwuuZD4GZMnb+UXyAIxb6EVRhX2oAUo9AmXqjYcRJWPO4LOnqRqXvH18/1G8uQ4TxuWeZKT@lists.infradead.org, AJvYcCXbsgd0V3vbe2dEeGDuD+mZN2LneWbEcLYq+F5xQhU5zeBcRgf+0HJVK4eIixgPpMbHi9tWb5F25NmDTtQ5ISM=@lists.infradead.org X-Gm-Message-State: AOJu0YzZsTrfjbxXeW5ImTAa5+UvcTSXPnYXzScKIWM3debvOClqU4+R Om+5gnc6jFCJIryQiDd1SPvHhBmB5PGxW5PWp1LqwZy+xjygF83U X-Gm-Gg: ASbGnctj5NlqwydE1HUOx9ZQILX14qGxMo+Yw2blhwWDLC0pBetSFeV2bD6t/3cAr9v svGeFZnanh4Ecwdhy9gfa+Ol4HjnH7tPk09Vmr0ZFsaZ7sn3HAMZD4K7gT1c/eCDNYc+C7KqCzi BeT38rqm56m9EHcH/4kpbKoBtk1ncVtjyY3aBwmUWfcsgu21ELEzOGafqkdpQd44/varvS9fbCn MDW8mNQqC2hjajaE8UBrPo+ktibgBmxL2hTHUVIJzBWPRDCiBznLYaLKBs9ita/rLM1zUfo8ON1 ghsfKWee5FqgsZijKOhl+UntBPl8qzypfgi1XUgtp8S8Llwg1q4iBSFeRguyJ30e9B7oDUGWiZr 4YnSpJRvMrH+mymSYa+IEEdOzSsSVrszl4OclA3XkA4I= X-Google-Smtp-Source: AGHT+IFuUzdbgaD/IFSs5QLipx4iHpbTunJtFdHt4pWJCQ/QSyvZEmN8DMfkaEXDfQkozt/2Pfk6qg== X-Received: by 2002:a17:906:6a05:b0:abf:16f8:5190 with SMTP id a640c23a62f3a-abf26822611mr449155566b.44.1740773782957; Fri, 28 Feb 2025 12:16:22 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-abf0c755c66sm340812666b.136.2025.02.28.12.16.21 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 28 Feb 2025 12:16:22 -0800 (PST) From: Eric Woudstra To: Michal Ostrowski , Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Ahmed Zaki , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, linux-hardening@vger.kernel.org, Kees Cook , "Gustavo A. R. Silva" , Eric Woudstra Subject: [PATCH v8 net-next 05/15] netfilter: nft_chain_filter: Add bridge double vlan and pppoe Date: Fri, 28 Feb 2025 21:15:23 +0100 Message-ID: <20250228201533.23836-6-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250228201533.23836-1-ericwouds@gmail.com> References: <20250228201533.23836-1-ericwouds@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250228_121624_700350_25BDC263 X-CRM114-Status: GOOD ( 11.88 ) X-BeenThere: linux-mediatek@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Linux-mediatek" Errors-To: linux-mediatek-bounces+linux-mediatek=archiver.kernel.org@lists.infradead.org This adds the capability to evaluate 802.1ad, QinQ, PPPoE and PPPoE-in-Q packets in the bridge filter chain. Reviewed-by: Nikolay Aleksandrov Signed-off-by: Eric Woudstra --- net/netfilter/nft_chain_filter.c | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/net/netfilter/nft_chain_filter.c b/net/netfilter/nft_chain_filter.c index 19a553550c76..7c7080c1a67d 100644 --- a/net/netfilter/nft_chain_filter.c +++ b/net/netfilter/nft_chain_filter.c @@ -232,11 +232,27 @@ nft_do_chain_bridge(void *priv, struct sk_buff *skb, const struct nf_hook_state *state) { + struct ethhdr *ethh = eth_hdr(skb); struct nft_pktinfo pkt; + int thoff; nft_set_pktinfo(&pkt, skb, state); - switch (eth_hdr(skb)->h_proto) { + switch (ethh->h_proto) { + case htons(ETH_P_PPP_SES): + thoff = PPPOE_SES_HLEN; + ethh += thoff; + break; + case htons(ETH_P_8021Q): + thoff = VLAN_HLEN; + ethh += thoff; + break; + default: + thoff = 0; + break; + } + + switch (ethh->h_proto) { case htons(ETH_P_IP): nft_set_pktinfo_ipv4_validate(&pkt); break; @@ -248,6 +264,8 @@ nft_do_chain_bridge(void *priv, break; } + pkt.thoff += thoff; + return nft_do_chain(&pkt, priv); } From patchwork Fri Feb 28 20:15:24 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13997104 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id D4356C282C6 for ; Fri, 28 Feb 2025 20:28:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=glD7coNk2GO9/l1adKLN+uo1Xfh2D3YWudU7CjoMsSA=; b=cjUrS13gnAPovKnwdAsKZ8Mtck KNepGJnctpGD1x+j1AVfJDYzibyIjpuYHAjKXQaFdP+GRUWH64A5XxZLnoyrr3ke0om+wNNandpA+ WNCvrJdzWpfDgE8Ec1LqKfCwyWT94r9FoM9mui0NKpIkdYq175N419+CqTbdf6Bqw5n6uTHZKU+GY QCOEEn3vBlxM/olKCkKhiRu9xvghrG8dpQuk5IAcGF1+151IoET25/ZxYxbFZftosrm/f1X0kPE9F fW4n3lA6NcP6mBIs8cNiwgKg8AacEriEba6kC1FRg8BMjHbfu2+dMEUXnhT+zHJ0qo4GYgcuHinDt dbBkcwZA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1to6yg-0000000Cblc-05BW; Fri, 28 Feb 2025 20:28:58 +0000 Received: from mail-ej1-x62a.google.com ([2a00:1450:4864:20::62a]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1to6mX-0000000CYJg-3waD; Fri, 28 Feb 2025 20:16:27 +0000 Received: by mail-ej1-x62a.google.com with SMTP id a640c23a62f3a-aaecf50578eso481652366b.2; Fri, 28 Feb 2025 12:16:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1740773784; x=1741378584; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=glD7coNk2GO9/l1adKLN+uo1Xfh2D3YWudU7CjoMsSA=; b=W2DJw3C0FKfg6dadBoiwvVUCnY4VYmX2SUn4+32/roD2pXdczqSv4Omr1DtLLTDT/F 36agXKuw2DltPYYEf6DYnLumSV2xJxcZvwdeVMZq/cyLzap6MyfJ6nQRnmorgJff+ycH nmfy6xUTgVx3se5YcDae5EVK9F08ES0jABvUHusSX5FstVeBO/b23k9wqQ4RIwD6Rcsx /QUvc5T8p1U+vxB8Fab3o/PnX3h+X971sPwNIXrEAvkv0s3DIjimGqQoOSF4c4UYxYxy XWo+YSFdvZ6+QFJq+4HvoD3X0NjPYX4PFYmDRqWJft4Z5KZIsKHnMIrpvNXs0KBGsLbN +RiQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740773784; x=1741378584; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=glD7coNk2GO9/l1adKLN+uo1Xfh2D3YWudU7CjoMsSA=; b=QoVnbWlqpa4vnxbUJ+bLwwi6tBdiqlvTuEEFa3sB+7YIDhE+E0puFtGyyBxC2/W7kV 7hvHiI529gIIlZGxjFUc/NLSxJhtWa+NTtlJpEoOED+sbBxM0VVShMu5hIqyUZlfe2sn 0W1yi6rX0AOe1oi/a6cqXEbUHdlcnvs1ErHz7+TG32N3wG/IGhIEwMTXwwyRy5my3xYk /kKdaRRW2rAmGXlVx4aifMm3u+hUds6XjDBdI25FHlf5RWFmsOvNGkCBKBFjExn7G0+B ACTH5z3mFtVYQehxFEIgVDaVNmVWPDRzOje3duwA4n5Ju4xCXOcY0KflgyLoJLIXn1Pd IT3g== X-Forwarded-Encrypted: i=1; AJvYcCWHbzyDR7DDH0loDA/CbglfBgkr7k3x1QezHuJXzwfMOykXKlqI5iP35eppO8oB/yGZ4W4bunzjpstjSNtsZqw=@lists.infradead.org, AJvYcCXicJSvslCtJ9gFLw7Un2z9pqTxGKsK9f2vMuPRmpYFEYGqVZjW2NEQU7dbRZ9fns60sIK003GRhV1XXdpXxctj@lists.infradead.org X-Gm-Message-State: AOJu0YxGFRcGwEQvj7/HXFgVc1Y+FDejwPyWhn/ispH5inOCN7A5uB7m Vd5J4r2GUQzwEnWA0SaIuuDx0aOExCHYFLXqO+0ySLKwAG4ZQ+Ur X-Gm-Gg: ASbGnctBA3hAWm4+VjXrl0JFsrQyZF/m4Qrx8Cz9xIJIubRjseMZ4KEAeRhUQJa4BL8 BNZ2CdhzLttZ6igh22lfFhO2ET9N3onZyoqXU8qq/OrV4WenIbyhSSNc/f+tgFpVfqU8/73SGAF TspR4iMKQ2ZEhVKV+jBq9K/c8HotpLIV1H8DAGqxddcOL1UsICsJ167jpFOy5ZcpQpAebAZSnxa PH6w6lQrZAKYLkZldS+T9xNS+B1abe1eqp2sb6lIgnSm7Sbbb+tm6vNFBFxZjIhJ9EnsbNPJtme 9X1RPzp47JqKsA6VfCo+/whzE7Y/4RzcxRIeY9FLZVgAKkalzr7NxKgBPOLhPSiLGLVua6ugqVi 1g8B2VOdR3QTMzOnZN55Xf7GcKwfjkDHTyFeAdHqlCa0= X-Google-Smtp-Source: AGHT+IEkD4+S63CdkvFhMcDqcuwDe3gQEzkaBi0DoNz6EL4MylQGJKFnzY2Wc6+ZXTl1u9JBQtGaYA== X-Received: by 2002:a17:907:7f27:b0:abe:fa17:12e0 with SMTP id a640c23a62f3a-abf25f8dd1dmr472704766b.11.1740773784160; Fri, 28 Feb 2025 12:16:24 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-abf0c755c66sm340812666b.136.2025.02.28.12.16.23 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 28 Feb 2025 12:16:23 -0800 (PST) From: Eric Woudstra To: Michal Ostrowski , Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Ahmed Zaki , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, linux-hardening@vger.kernel.org, Kees Cook , "Gustavo A. R. Silva" , Eric Woudstra Subject: [PATCH v8 net-next 06/15] bridge: Add filling forward path from port to port Date: Fri, 28 Feb 2025 21:15:24 +0100 Message-ID: <20250228201533.23836-7-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250228201533.23836-1-ericwouds@gmail.com> References: <20250228201533.23836-1-ericwouds@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250228_121625_978502_FBE462E5 X-CRM114-Status: GOOD ( 16.39 ) X-BeenThere: linux-mediatek@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Linux-mediatek" Errors-To: linux-mediatek-bounces+linux-mediatek=archiver.kernel.org@lists.infradead.org If a port is passed as argument instead of the master, then: At br_fill_forward_path(): find the master and use it to fill the forward path. At br_vlan_fill_forward_path_pvid(): lookup vlan group from port instead. Changed call to br_vlan_group() into br_vlan_group_rcu() while at it. Acked-by: Nikolay Aleksandrov Signed-off-by: Eric Woudstra --- net/bridge/br_device.c | 19 ++++++++++++++----- net/bridge/br_private.h | 2 ++ net/bridge/br_vlan.c | 6 +++++- 3 files changed, 21 insertions(+), 6 deletions(-) diff --git a/net/bridge/br_device.c b/net/bridge/br_device.c index 0ab4613aa07a..c7646afc8b96 100644 --- a/net/bridge/br_device.c +++ b/net/bridge/br_device.c @@ -383,16 +383,25 @@ static int br_del_slave(struct net_device *dev, struct net_device *slave_dev) static int br_fill_forward_path(struct net_device_path_ctx *ctx, struct net_device_path *path) { + struct net_bridge_port *src, *dst; struct net_bridge_fdb_entry *f; - struct net_bridge_port *dst; struct net_bridge *br; - if (netif_is_bridge_port(ctx->dev)) - return -1; + if (netif_is_bridge_port(ctx->dev)) { + struct net_device *br_dev; + + br_dev = netdev_master_upper_dev_get_rcu((struct net_device *)ctx->dev); + if (!br_dev) + return -1; - br = netdev_priv(ctx->dev); + src = br_port_get_rcu(ctx->dev); + br = netdev_priv(br_dev); + } else { + src = NULL; + br = netdev_priv(ctx->dev); + } - br_vlan_fill_forward_path_pvid(br, ctx, path); + br_vlan_fill_forward_path_pvid(br, src, ctx, path); f = br_fdb_find_rcu(br, ctx->daddr, path->bridge.vlan_id); if (!f) diff --git a/net/bridge/br_private.h b/net/bridge/br_private.h index 1054b8a88edc..a0b950390a16 100644 --- a/net/bridge/br_private.h +++ b/net/bridge/br_private.h @@ -1584,6 +1584,7 @@ bool br_vlan_can_enter_range(const struct net_bridge_vlan *v_curr, const struct net_bridge_vlan *range_end); void br_vlan_fill_forward_path_pvid(struct net_bridge *br, + struct net_bridge_port *p, struct net_device_path_ctx *ctx, struct net_device_path *path); int br_vlan_fill_forward_path_mode(struct net_bridge *br, @@ -1753,6 +1754,7 @@ static inline int nbp_get_num_vlan_infos(struct net_bridge_port *p, } static inline void br_vlan_fill_forward_path_pvid(struct net_bridge *br, + struct net_bridge_port *p, struct net_device_path_ctx *ctx, struct net_device_path *path) { diff --git a/net/bridge/br_vlan.c b/net/bridge/br_vlan.c index d9a69ec9affe..a18c7da12ebd 100644 --- a/net/bridge/br_vlan.c +++ b/net/bridge/br_vlan.c @@ -1441,6 +1441,7 @@ int br_vlan_get_pvid_rcu(const struct net_device *dev, u16 *p_pvid) EXPORT_SYMBOL_GPL(br_vlan_get_pvid_rcu); void br_vlan_fill_forward_path_pvid(struct net_bridge *br, + struct net_bridge_port *p, struct net_device_path_ctx *ctx, struct net_device_path *path) { @@ -1453,7 +1454,10 @@ void br_vlan_fill_forward_path_pvid(struct net_bridge *br, if (!br_opt_get(br, BROPT_VLAN_ENABLED)) return; - vg = br_vlan_group(br); + if (p) + vg = nbp_vlan_group_rcu(p); + else + vg = br_vlan_group_rcu(br); if (idx >= 0 && ctx->vlan[idx].proto == br->vlan_proto) { From patchwork Fri Feb 28 20:15:25 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13997105 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 559BFC282C5 for ; Fri, 28 Feb 2025 20:30:44 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=ADjft9sIJBXUW7LiNylDurA6RPlyGDF8xbXsxbaW9C4=; b=Ymht44zARY1F9Du6b1m4ETiFo2 SO02DikKq1qUvlcQ2z8kssEeDKxM51OiEsohyQThlgOJnDzgJSphV01ehp8T9U7p35oQnEvvYp2qb L+B95gGpdYTfiB8euylLtuM/dyT1eLHU3G+CPJMrPv3Dd4MZrSolDKFn958tNQc+mK099OaPOr6/A 7AfJ2n6O5+h+HwmAnLfDEyNZJERcHswEjhkz11y9NyHt7uMSi4SSdPw4PiP7lXYTxfjP7H9mg5cRh 0sdiUwPyGasW2noEjUfZ+ns0mstnrwWKTq44NP3KoYuJxVLV9hO+MJbWfP4EweBmBNs/hKbE7TwOq OchcNGiw==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1to70N-0000000Cc7c-2CkZ; Fri, 28 Feb 2025 20:30:43 +0000 Received: from mail-ej1-x631.google.com ([2a00:1450:4864:20::631]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1to6ma-0000000CYKo-1g7q; Fri, 28 Feb 2025 20:16:29 +0000 Received: by mail-ej1-x631.google.com with SMTP id a640c23a62f3a-abee54ae370so357731166b.3; Fri, 28 Feb 2025 12:16:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1740773787; x=1741378587; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=ADjft9sIJBXUW7LiNylDurA6RPlyGDF8xbXsxbaW9C4=; b=K8o+vcIuB9JsEIn8G73miAslwIj2CwJxxY7Y0aUsY0kYuMoNoK9E4lU3KlPyH7uhgk YvB9TVNM8uOHRjK8c9nbYLlcPT1R38QZhUCc6y/72eVxZxKmaXYfvC0hiYV0iv3WZzZ2 ua2M7aKH+YU9f4o9Ly+DW61nPQTdwfGT/d0An/igjABC59TF1zQMEFHkEZBj+Dgi0VYD OCac6KimOsxRcRXnJgn195EtMrKWDM2DIHv7m5PdfF5s426WRtJwTCz+Njl+DRGk4dwj yYxtT7SSbuuRF+HbsCFGuQy3xyn//6E96GucLsTeQzYfP0qjuJqWta5HvZx8TBBSS4mA LSgA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740773787; x=1741378587; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ADjft9sIJBXUW7LiNylDurA6RPlyGDF8xbXsxbaW9C4=; b=go0rIHf9XkfSceTdVnBcrbR4QyJeNwTT5g1Sr29K2X5JSh8ksgPP5ljXKVJCg/TTuc Aq9i8fRvw0xRPcmVJMz85iCWzek9qURiMlSa2aGhvgjNZFXC578xT9+pB47NlL/VlloQ bHhy7jaPFqmCOyrWKCTEv8kTKlYbUYY4gUcrAHbYbpE83Di1L3B+cLIeCTpvEla2uADC kPwalHoNUurz6XJTAfo4H0tCl/vdHIShVs04xcS3RL2+RFE0LO4UM+UYB7LeOVy0T5Xr pQ2CcHyTCh9zNItxDQ7Zz+xWteja/BWqkl3/vsiGbMf5iVjn29kO/cmjQzA0xVI++jjp HGrw== X-Forwarded-Encrypted: i=1; AJvYcCVBgVnqqzXnPpPSZdpdbBAr0j8ORxUtLZXhrLztMVgM3vt81rEbrvh+tPaTO2Iz9lEuzvzKj8XXx/0/k6HL6ga1@lists.infradead.org, AJvYcCWB573iYmxIM8b+uE4lvjhsDYkbqwiRs4LvsBlh7hmlqystNoANxVIsj0Dd79vOgs4bRc5GNFY2RnEWz0axQ0k=@lists.infradead.org X-Gm-Message-State: AOJu0YwzsBxyV+MaGQDbCvhkVF4tY+yfBywO8iLXD6DXnikN7kcCG+Lj oQRWyNO69TECnXWFC/jua4+yLRHAj8ItrFtR83cTWOgNoQ6EeQxo X-Gm-Gg: ASbGncsVvgmt+TxnGs60V9O5SfhV1BfvhF+VlXY5qJ4jx+Yu/3r2Fpnjq26j5ijHZfC x85mSNmE3HpG9QVXrt8M5tBzqdrId4uhGrui/QZzZcb33MOHY4jHGPh4TCdjqI+cGVLAvuVnxqD FcZJn2DBZ9Pw2Lo1TiAlQrNnumrli0mXq7Zdx5ofUmbXkTU4yHvvwz42URgPFhUciyoTxPmeFW9 MWZ2bmSyq6glNO1bK1DzOd4wBHlwCISnGc6rsQKgQrRtRxtSe0572/Jdxgxe3S1NWu1L3D8EQlU cS8689Dh7XMhMtT6FdSePvTsh0LjuT6HrkuiRNkAf+WDEBcjZFx38ea9muEA9IXiKnpjkbagwM2 pR5X/ypVlq8OlBVgmrJMGjA3PR8yibzb7ZsTCf8ddU1s= X-Google-Smtp-Source: AGHT+IHZr8MBH5e/es5RLH+VA5k1rbbZb9+gMcTnsziiL+DoKdJyx6FLpgBr4j4inN9U+45blgw9TQ== X-Received: by 2002:a17:907:3e8b:b0:abf:1386:fcad with SMTP id a640c23a62f3a-abf261fba23mr582057466b.10.1740773786500; Fri, 28 Feb 2025 12:16:26 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-abf0c755c66sm340812666b.136.2025.02.28.12.16.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 28 Feb 2025 12:16:25 -0800 (PST) From: Eric Woudstra To: Michal Ostrowski , Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Ahmed Zaki , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, linux-hardening@vger.kernel.org, Kees Cook , "Gustavo A. R. Silva" , Eric Woudstra Subject: [PATCH v8 net-next 07/15] net: core: dev: Add dev_fill_bridge_path() Date: Fri, 28 Feb 2025 21:15:25 +0100 Message-ID: <20250228201533.23836-8-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250228201533.23836-1-ericwouds@gmail.com> References: <20250228201533.23836-1-ericwouds@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250228_121628_437796_4C31511D X-CRM114-Status: GOOD ( 17.34 ) X-BeenThere: linux-mediatek@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Linux-mediatek" Errors-To: linux-mediatek-bounces+linux-mediatek=archiver.kernel.org@lists.infradead.org New function dev_fill_bridge_path(), similar to dev_fill_forward_path(). It handles starting from a bridge port instead of the bridge master. The structures ctx and nft_forward_info need to be already filled in with the (vlan) encaps. Reviewed-by: Nikolay Aleksandrov Signed-off-by: Eric Woudstra --- include/linux/netdevice.h | 2 ++ net/core/dev.c | 66 +++++++++++++++++++++++++++++++-------- 2 files changed, 55 insertions(+), 13 deletions(-) diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h index 26a0c4e4d963..2ee53478d9f0 100644 --- a/include/linux/netdevice.h +++ b/include/linux/netdevice.h @@ -3318,6 +3318,8 @@ void dev_remove_offload(struct packet_offload *po); int dev_get_iflink(const struct net_device *dev); int dev_fill_metadata_dst(struct net_device *dev, struct sk_buff *skb); +int dev_fill_bridge_path(struct net_device_path_ctx *ctx, + struct net_device_path_stack *stack); int dev_fill_forward_path(const struct net_device *dev, const u8 *daddr, struct net_device_path_stack *stack); struct net_device *__dev_get_by_flags(struct net *net, unsigned short flags, diff --git a/net/core/dev.c b/net/core/dev.c index d6d68a2d2355..467f98f6ba51 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -714,44 +714,84 @@ static struct net_device_path *dev_fwd_path(struct net_device_path_stack *stack) return &stack->path[k]; } -int dev_fill_forward_path(const struct net_device *dev, const u8 *daddr, - struct net_device_path_stack *stack) +static int dev_fill_forward_path_common(struct net_device_path_ctx *ctx, + struct net_device_path_stack *stack) { const struct net_device *last_dev; - struct net_device_path_ctx ctx = { - .dev = dev, - }; struct net_device_path *path; int ret = 0; - memcpy(ctx.daddr, daddr, sizeof(ctx.daddr)); - stack->num_paths = 0; - while (ctx.dev && ctx.dev->netdev_ops->ndo_fill_forward_path) { - last_dev = ctx.dev; + while (ctx->dev && ctx->dev->netdev_ops->ndo_fill_forward_path) { + last_dev = ctx->dev; path = dev_fwd_path(stack); if (!path) return -1; memset(path, 0, sizeof(struct net_device_path)); - ret = ctx.dev->netdev_ops->ndo_fill_forward_path(&ctx, path); + ret = ctx->dev->netdev_ops->ndo_fill_forward_path(ctx, path); if (ret < 0) return -1; - if (WARN_ON_ONCE(last_dev == ctx.dev)) + if (WARN_ON_ONCE(last_dev == ctx->dev)) return -1; } - if (!ctx.dev) + if (!ctx->dev) return ret; path = dev_fwd_path(stack); if (!path) return -1; path->type = DEV_PATH_ETHERNET; - path->dev = ctx.dev; + path->dev = ctx->dev; return ret; } + +int dev_fill_bridge_path(struct net_device_path_ctx *ctx, + struct net_device_path_stack *stack) +{ + const struct net_device *last_dev, *br_dev; + struct net_device_path *path; + + stack->num_paths = 0; + + if (!ctx->dev || !netif_is_bridge_port(ctx->dev)) + return -1; + + br_dev = netdev_master_upper_dev_get_rcu((struct net_device *)ctx->dev); + if (!br_dev || !br_dev->netdev_ops->ndo_fill_forward_path) + return -1; + + last_dev = ctx->dev; + path = dev_fwd_path(stack); + if (!path) + return -1; + + memset(path, 0, sizeof(struct net_device_path)); + if (br_dev->netdev_ops->ndo_fill_forward_path(ctx, path) < 0) + return -1; + + if (!ctx->dev || WARN_ON_ONCE(last_dev == ctx->dev)) + return -1; + + return dev_fill_forward_path_common(ctx, stack); +} +EXPORT_SYMBOL_GPL(dev_fill_bridge_path); + +int dev_fill_forward_path(const struct net_device *dev, const u8 *daddr, + struct net_device_path_stack *stack) +{ + struct net_device_path_ctx ctx = { + .dev = dev, + }; + + memcpy(ctx.daddr, daddr, sizeof(ctx.daddr)); + + stack->num_paths = 0; + + return dev_fill_forward_path_common(&ctx, stack); +} EXPORT_SYMBOL_GPL(dev_fill_forward_path); /* must be called under rcu_read_lock(), as we dont take a reference */ From patchwork Fri Feb 28 20:15:26 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13997110 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 4ED68C282CD for ; Fri, 28 Feb 2025 20:32:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=MAJ1+kbz8lZ4YwPg+OV3VOfAm0Jd01XhEIX1QeYwh3U=; b=MBDCNnQfzGHBtAf1fXrg/nXwee u6j8rCTPwlBQdFWvUXgCjajE08fAq0DxJL7A3I9K5gWxUHfybOapRzQQuIS6bEr+zbW/h9NwIpSgp 0q4NrknLyV0MhfzIZyZdL1nLrOHE3gp1oWl7PUglGom4PO3/YCzI6anSPA3KL6Nl05kmqcUulMA2r LIjzGKOqilbRmQdJpccLHj+S+T1kDPTTx6pgvlnA1Oi28BS7GWl6APmKYYVwYvMu4h33mxqO4910k 917pu9MLshgDvqn5KViXpEpClScfvZzhxgQgB/CS6edgq/4uBT1pqvGNY7MMs2rPYn+UJab9FMHIj QOjqAasw==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1to71t-0000000CcOf-1sv7; Fri, 28 Feb 2025 20:32:17 +0000 Received: from mail-ed1-x536.google.com ([2a00:1450:4864:20::536]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1to6mb-0000000CYLC-3UsX; Fri, 28 Feb 2025 20:16:30 +0000 Received: by mail-ed1-x536.google.com with SMTP id 4fb4d7f45d1cf-5dedd4782c6so4657184a12.3; Fri, 28 Feb 2025 12:16:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1740773788; x=1741378588; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=MAJ1+kbz8lZ4YwPg+OV3VOfAm0Jd01XhEIX1QeYwh3U=; b=eqlwf95DA90ou4KJDYI7sYD7H/lAgjXSomVos3ERk5eaGUZCwZcfmEflIR5OY+k+BN 84f4JF32IBSFkLWSdSx0V6O7vjTa9zyhZcaW2tIkqqhMa/PI8DlWRtiNFI5eFL4WbwqY 9nZzn90UwSSH8BtGlkaT4D36NbrbH2DSc8unc1fb8A31OEm3Db7PIAjASyFVkz7DTUWx bPCL614/6UJZjiW21a8PlOSSpH14q+IGAyVsn9GroWIniLSGKNAdSacL0ulCe5niTJ/s VFPeClptAzDscsqznCwyli24YTpWNrm5k1w++bgRyswlr+gzEhDlY6mrHpVR3Wj6Dhab DRoQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740773788; x=1741378588; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=MAJ1+kbz8lZ4YwPg+OV3VOfAm0Jd01XhEIX1QeYwh3U=; b=QRvfTA/4xb9FeayxARWEKuuJosF5THNndI+pNodUMBijVupR12TU/x24OXET1LBn7j GbI9d/AnKYG3TV55nBvpcyLWof4Z+gQTbQBpKluLLwion7smh2f+1wCxqcbnTDdHY5kX lNtlu9F8rKYz68+SjELETFT5cp2Yvgcipttl0q1KU66ycMpnEsMkWaSzu3OtajaEXx5N fWD7Zgy6A/4jHJKqcl+LlQRzExTyG7pozIPALRRs6OyvhmsyID1sxx8r8Lo36pHugnSo 0KXLzfJY0edcKsAn8wULAAso72MkdakUXECSEJUVWNbuYX2DmlbmtU/0Aq+Pg6iBVdNf kEZg== X-Forwarded-Encrypted: i=1; AJvYcCVULPbGRsKAkURSzfAf4mmfA46+zJtOIgtu8d8oE52gYhXyRvRHDm4D7c+xd1YtkA9x1mMC2PHtBroynVu3ZqA=@lists.infradead.org, AJvYcCWyt/l1QLgLF6ex7YUWj4SoP3b4l7dTzgqAgxWs1bdVFQgnTYnbHTtMf5eA8Q5bUCJyp3xd6SqKxGG1AebcOLL/@lists.infradead.org X-Gm-Message-State: AOJu0YxHKsmTcaSzTmnYP2PvbLXXL9zv7dhAKzeUJwDaUhU9HEKHqerU ykVaSwFMVVFR/wC/3HE3rGmTnBpoO5Sx3GsPgZUTI4H22SzU3DWZ X-Gm-Gg: ASbGncte7I6okoInpwOjGq9V6SIfelhBoO7G3qFmx807PX3xqL1xHb9w/qBMlC6znF5 dJ1kbyzRy8dFicJCjsWHnQf+TiYV9p+Pgj5qLl+ToCtOhxYmIC1o7rQ3+IkIj7BUiDMf6GH7HoM Jx+6NXY+ix2vBH6p7VmAqiPZjpiTyWmQENROQa2/ganV2x5XTngBCYZRpuGLxQkuCIUkxsYIo5p aIMvhYi6k07g6tO72T8Xk/xjff1JJxAmBYt9jLnLhuPXN7/npb3c+uvznR1xuyEvZ3V4rFiR9if N22OCfXCiXhiUkLxxWgQ3bKneW4zgn0Xyt1U0K0SMc6SZgdxffRuRzhMrQHARJaCTFqUy8/lQ3e PoF3Al6T9KiBL970xjRF3mQfJZCFClzDliZZuDwm5cTU= X-Google-Smtp-Source: AGHT+IF4o1r+k6+nG0zNGywKeKcizMy8Myj40MpWCdBkkMqspA1rSJwU0RPTkMPYXpO+ucJWx86obg== X-Received: by 2002:a17:907:3e0e:b0:abb:b12b:e103 with SMTP id a640c23a62f3a-abf26218d27mr558296766b.34.1740773787937; Fri, 28 Feb 2025 12:16:27 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-abf0c755c66sm340812666b.136.2025.02.28.12.16.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 28 Feb 2025 12:16:27 -0800 (PST) From: Eric Woudstra To: Michal Ostrowski , Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Ahmed Zaki , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, linux-hardening@vger.kernel.org, Kees Cook , "Gustavo A. R. Silva" , Eric Woudstra Subject: [PATCH v8 net-next 08/15] netfilter :nf_flow_table_offload: Add nf_flow_rule_bridge() Date: Fri, 28 Feb 2025 21:15:26 +0100 Message-ID: <20250228201533.23836-9-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250228201533.23836-1-ericwouds@gmail.com> References: <20250228201533.23836-1-ericwouds@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250228_121629_869957_88441C8F X-CRM114-Status: GOOD ( 10.45 ) X-BeenThere: linux-mediatek@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Linux-mediatek" Errors-To: linux-mediatek-bounces+linux-mediatek=archiver.kernel.org@lists.infradead.org Add nf_flow_rule_bridge(). It only calls the common rule and adds the redirect. Reviewed-by: Nikolay Aleksandrov Signed-off-by: Eric Woudstra --- include/net/netfilter/nf_flow_table.h | 3 +++ net/netfilter/nf_flow_table_offload.c | 13 +++++++++++++ 2 files changed, 16 insertions(+) diff --git a/include/net/netfilter/nf_flow_table.h b/include/net/netfilter/nf_flow_table.h index 4ab32fb61865..a7f5d6166088 100644 --- a/include/net/netfilter/nf_flow_table.h +++ b/include/net/netfilter/nf_flow_table.h @@ -340,6 +340,9 @@ void nf_flow_table_offload_flush_cleanup(struct nf_flowtable *flowtable); int nf_flow_table_offload_setup(struct nf_flowtable *flowtable, struct net_device *dev, enum flow_block_command cmd); +int nf_flow_rule_bridge(struct net *net, struct flow_offload *flow, + enum flow_offload_tuple_dir dir, + struct nf_flow_rule *flow_rule); int nf_flow_rule_route_ipv4(struct net *net, struct flow_offload *flow, enum flow_offload_tuple_dir dir, struct nf_flow_rule *flow_rule); diff --git a/net/netfilter/nf_flow_table_offload.c b/net/netfilter/nf_flow_table_offload.c index d8f7bfd60ac6..3cc30ebfa6ff 100644 --- a/net/netfilter/nf_flow_table_offload.c +++ b/net/netfilter/nf_flow_table_offload.c @@ -679,6 +679,19 @@ nf_flow_rule_route_common(struct net *net, const struct flow_offload *flow, return 0; } +int nf_flow_rule_bridge(struct net *net, struct flow_offload *flow, + enum flow_offload_tuple_dir dir, + struct nf_flow_rule *flow_rule) +{ + if (nf_flow_rule_route_common(net, flow, dir, flow_rule) < 0) + return -1; + + flow_offload_redirect(net, flow, dir, flow_rule); + + return 0; +} +EXPORT_SYMBOL_GPL(nf_flow_rule_bridge); + int nf_flow_rule_route_ipv4(struct net *net, struct flow_offload *flow, enum flow_offload_tuple_dir dir, struct nf_flow_rule *flow_rule) From patchwork Fri Feb 28 20:15:27 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13997111 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 4337BC282C6 for ; Fri, 28 Feb 2025 20:33:52 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=6/OfFtkDCpNUsNNnB4udxCcQxzWSEZIHYYoj3YjYWKw=; b=HXqZ5k+S0s4qjgVDk0hk0SQfuk b1GSYtAVIBovyldsBpU78+XGYwdV9a39Pc4nf5jofFNGl/tb2bFxi/wBCz9p+JyK8ZRtCyOaK00TG wAMox0d5mDEq5iA4/HdkMmXDw4iZdYfFKU9EsfPF0rcRN6UDnEYoeFWqpDaBt79vYNm5TN9M+mvMs TN9qCBDboeFhmN6rClHxC15T0bECNiwp4Aaj1XauzpRQ/WRsm7aB5HYGPeVC+sadQm/RMmKRvyvIc MaZm2Iuc/aBYHpHuuGdBLEBk0sqwF59zX4wBA9RXRpy+3q4Hu8ZJdIXM2ML9hYwiBcMdcejHPH9a2 Hs3uqadw==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1to73P-0000000Cca9-1mec; Fri, 28 Feb 2025 20:33:51 +0000 Received: from mail-ej1-x62a.google.com ([2a00:1450:4864:20::62a]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1to6mc-0000000CYLy-3iTJ; Fri, 28 Feb 2025 20:16:32 +0000 Received: by mail-ej1-x62a.google.com with SMTP id a640c23a62f3a-abbec6a0bfeso392493166b.2; Fri, 28 Feb 2025 12:16:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1740773789; x=1741378589; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=6/OfFtkDCpNUsNNnB4udxCcQxzWSEZIHYYoj3YjYWKw=; b=c8yXZPzYRMBjb7XXciFZwkSekdfFMYLIm07Ku0jdd97QII1JHuc+Eiw5/8zUFfen8o 4mvFMCPgfD4BA573lZEJTfMPydp/IfER5iKKQjcQKw5TRix9OHO7f1MnSxGXTFiqiju2 fCqGh7UbvIEjuBbooakwnIyh8b1YucJOlLY5MTWkJpej/xfJEy0/P3Wk4h7lAJbAN01e C3ypLw6c+Y0A6lBLglBBdtY3R9O1yfmHoyZtGB65rVsUg0qxdHZN6DTBIf6G5HwyBqqh vNOGS3wXPwD2zuyq/7J3bvk/ZUAcvmyE7cMKaj+38FbeJXNWpZk9fd/Hx7RVXT19FZ5f iVrA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740773789; x=1741378589; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=6/OfFtkDCpNUsNNnB4udxCcQxzWSEZIHYYoj3YjYWKw=; b=L+8rAzeYL45k6JbUduhjTlCQnxukaBifL9N+xXG1pl2gIS2L4V/V0nm1UrgzvkIsVa E8Wtm/svbrPfmoiOJbp3+yEH9oZLCOeUg+O3KP8axpFKtwVadJ+i0K82dfzA9Wicki/Y EPC4nh7anauLdDx07zT3MEV9K3ZZDOCmh+gBqtlAvxjis5B5B5bAW9awkcR3iySvEM8B +4VQjT9eTf97PGNj5esGT0jVGsgU6mJFXLrHVZ1jNN7VY8f6VmecuJkPB4NJsk+P2Zk3 V2ZWXBrToMwku6jYZmXTcpvM8zzm76oRQ/gU1JyYL0qdwfNHw7fMmAss2m2Qugfqy0o/ SXYA== X-Forwarded-Encrypted: i=1; AJvYcCUNjJck1ymDUi81T1yms69c0MUigAn48X0kBW4v8HHzR75iS2nLOYuqZ5b+hyzoXeXnfxySyTZ94H1vJM6vo7bk@lists.infradead.org, AJvYcCWglyYnEPobFlk9OlzTsf61WL04pOoVmLWbadAnvzXXx4lT0auvwlAD5rfZMsqUZioR6nzsfIe4MwJetauLGGo=@lists.infradead.org X-Gm-Message-State: AOJu0YwmOLOFGuLo0VO3SBfDUIXdpNtXcM4iNJp3s9fgcOb6WvdSbPEH Wnt2rnl/MWpBk3EnzrGR3Oxhgz2j8kncfJdXannRFIgNZRjzkbHI X-Gm-Gg: ASbGncuK84qYqW/x7s4gSGS45ljfji5bh0RNQlFybov5twsgzkjem9IjpX97Ur6EJI7 /q5abbXh8Ih8/do4+lCOpv7lRlpUsOwU2n8XesOnhcPZlx24LvRinzXpajA7NHQZ3exYE0D69BY sIcZHBx3dcw/4+uzZZNWEmBIp3v2b/VKiOJ13PyvgKujZ+CJfySxHsCRqgw0j1vK6EF6xiY6Obm 9lNPWg+r7QKtyf8uZKempNsdOFMgJCQbwKqepD/QduH9zORsdNCq3SPCEpkC5ggGjNSn6Ol6z3S fBwHKpbvBvAweg0pWyqVa/pJYaCHBWR8ITEq2mKsSOfDmmeZtv/rLvyUs3pS+WLaWe/PqmE1TTh V6SZDPT4Mp8t0eVGGMU8qImzGlLOKC4mcimBy8IlRqO6vj5mXbg0dCHm9QudR5Q== X-Google-Smtp-Source: AGHT+IEQAXatFYtUv180Nd/vAAtHbNFD7uOybxHOrydax27b/c3kzdKVO8+x7rEp/205E7ETT5lLSg== X-Received: by 2002:a17:907:9620:b0:abe:f8c0:c1ab with SMTP id a640c23a62f3a-abf265d3be4mr498901466b.46.1740773789267; Fri, 28 Feb 2025 12:16:29 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-abf0c755c66sm340812666b.136.2025.02.28.12.16.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 28 Feb 2025 12:16:28 -0800 (PST) From: Eric Woudstra To: Michal Ostrowski , Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Ahmed Zaki , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, linux-hardening@vger.kernel.org, Kees Cook , "Gustavo A. R. Silva" , Eric Woudstra Subject: [PATCH v8 net-next 09/15] netfilter: nf_flow_table_inet: Add nf_flowtable_type flowtable_bridge Date: Fri, 28 Feb 2025 21:15:27 +0100 Message-ID: <20250228201533.23836-10-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250228201533.23836-1-ericwouds@gmail.com> References: <20250228201533.23836-1-ericwouds@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250228_121630_922256_AE62F9F6 X-CRM114-Status: GOOD ( 11.91 ) X-BeenThere: linux-mediatek@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Linux-mediatek" Errors-To: linux-mediatek-bounces+linux-mediatek=archiver.kernel.org@lists.infradead.org This will allow a flowtable to be added to the nft bridge family. Reviewed-by: Nikolay Aleksandrov Signed-off-by: Eric Woudstra --- net/netfilter/nf_flow_table_inet.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/net/netfilter/nf_flow_table_inet.c b/net/netfilter/nf_flow_table_inet.c index b0f199171932..80b238196f29 100644 --- a/net/netfilter/nf_flow_table_inet.c +++ b/net/netfilter/nf_flow_table_inet.c @@ -65,6 +65,16 @@ static int nf_flow_rule_route_inet(struct net *net, return err; } +static struct nf_flowtable_type flowtable_bridge = { + .family = NFPROTO_BRIDGE, + .init = nf_flow_table_init, + .setup = nf_flow_table_offload_setup, + .action = nf_flow_rule_bridge, + .free = nf_flow_table_free, + .hook = nf_flow_offload_inet_hook, + .owner = THIS_MODULE, +}; + static struct nf_flowtable_type flowtable_inet = { .family = NFPROTO_INET, .init = nf_flow_table_init, @@ -97,6 +107,7 @@ static struct nf_flowtable_type flowtable_ipv6 = { static int __init nf_flow_inet_module_init(void) { + nft_register_flowtable_type(&flowtable_bridge); nft_register_flowtable_type(&flowtable_ipv4); nft_register_flowtable_type(&flowtable_ipv6); nft_register_flowtable_type(&flowtable_inet); @@ -109,6 +120,7 @@ static void __exit nf_flow_inet_module_exit(void) nft_unregister_flowtable_type(&flowtable_inet); nft_unregister_flowtable_type(&flowtable_ipv6); nft_unregister_flowtable_type(&flowtable_ipv4); + nft_unregister_flowtable_type(&flowtable_bridge); } module_init(nf_flow_inet_module_init); @@ -118,5 +130,6 @@ MODULE_LICENSE("GPL"); MODULE_AUTHOR("Pablo Neira Ayuso "); MODULE_ALIAS_NF_FLOWTABLE(AF_INET); MODULE_ALIAS_NF_FLOWTABLE(AF_INET6); +MODULE_ALIAS_NF_FLOWTABLE(AF_BRIDGE); MODULE_ALIAS_NF_FLOWTABLE(1); /* NFPROTO_INET */ MODULE_DESCRIPTION("Netfilter flow table mixed IPv4/IPv6 module"); From patchwork Fri Feb 28 20:15:28 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13997112 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id CB4F7C282C5 for ; Fri, 28 Feb 2025 20:35:25 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=Gr1wMzwLJ3r114jkr+fSh/N13xzOYrfc9OnXbfM4Z7I=; b=3pY1F3jY3qbp+bJb7/hmcJxzo8 IH/EFrDH0XKK/RKDfcy1Nj3tOmAYg8MOGY5ur8v+6k0KZZ4WFmEQ14HKNZm/s9GXy+M1SzFRekVb1 eZuyU9urux86FTL2jAND/7NIDdwTTcTvavzLZn105+4DT+ipM7LMK/EAOKFgGGAysKNbBSH72sMnG N1BaYTB2rgy8ABoZpahmN5t9FAwAMM58pQw0Tumzl9FMhRRvmrlgJLv3dSeP0UrBxxxtCAJmBgeKb 8qYGlF/8q3tGVYHk7UZgbx9KpyZ46HKm8EkCOPXyEFs3ZfJCKolE9rtxC0ouYFvU8u28C6YcvNmnB k7XIZZBg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1to74u-0000000CcmI-3w2t; Fri, 28 Feb 2025 20:35:24 +0000 Received: from mail-ej1-x631.google.com ([2a00:1450:4864:20::631]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1to6me-0000000CYN1-0Xmp; Fri, 28 Feb 2025 20:16:33 +0000 Received: by mail-ej1-x631.google.com with SMTP id a640c23a62f3a-aaec111762bso445610466b.2; Fri, 28 Feb 2025 12:16:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1740773791; x=1741378591; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Gr1wMzwLJ3r114jkr+fSh/N13xzOYrfc9OnXbfM4Z7I=; b=eAhPdJ9kDqH2+mJcHBqQijbskDBwoZKsOsGF+Z3GKZp0yyrKUrAmL4CbUviq6XpTKp S9XDIhknke8Lm5XO8gR9RjofoJ2GUFPlO4i/wpb0z3kZGwLvAoki2rCZniel3A/6yyUb 8O4LxW76aX6JtG7BE0GzQlP1V0/uvxqI+qfF3xJBSlSCDSKOskeKvZG4LOYt41BsY+l4 e+oUaVEvlHU8uYV5W9fgTKeKzuhKZOavsLBt+7ApYuBB+2xPvHRzjRRY/FJQkLzsceZY uc/r7YeOiGrp4O/DsT5gI9faVVfEaleXR84UNqMB/a9MIBNa72S8uacJc4r5GsFP/hZ6 VqxQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740773791; x=1741378591; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Gr1wMzwLJ3r114jkr+fSh/N13xzOYrfc9OnXbfM4Z7I=; b=p7syLzjM/sgsjlAP+XFfEeCp4iwppYr+4LVP4zQOoFYLjgeAs60A4nf/tz1JxxkjZw 4z9A4TQ598rJvm5F/l9cP+hXwdAErPK0yfVHMwBcwA29IKArm3AVyu8b73gn4sQe6vdt Djih2PFNFnqZGTvrsBj4KRSOQFujZxZ+yMIzbfIZBeIm+/EWL+RfLRO0kMGZfMbzesVU HjmPgHGhbQqAMEea9av+2sPRtmd/iTeN9a/o0b7EoZRACbAl/oGJ2o1miAexoJEwIeke JQt5oWWwKSA8b12yEpK48yIXSX6a+izU6VvF2BtWKpFTA5X1M4NxN+QPYK3wzqvoG4PJ SAOw== X-Forwarded-Encrypted: i=1; AJvYcCWk3Qw1GvyJYiPtLMZLZ2LR6DnpM9Oo+cOH8qfD6r6nFKtIKNU7Iz0QGTc0MMHeWfOaf+wTNXWrq0I/2TpzIZQl@lists.infradead.org, AJvYcCXx0WgMUNcoi0cJSYnkk564M5B22qVxAkwYOzJiWlJX8QN97ZQx+vMmxtZGZBI3ZyySaAS87AaXDSBLjsKN5Ow=@lists.infradead.org X-Gm-Message-State: AOJu0YzuNlHqC4jg0RXW8UdRkIu7+70oBbaRaTKtoVU3YaGyqdmpbjYZ oXvCxNYrLxyjKbz6uC6hnljCsNpvOXaJrgCo07JfrQRD8XdWrCYsXkbgytXJ X-Gm-Gg: ASbGncv57kceu6QvvlUU2OGgarSUnhKZn92RVqsqpK3Hk2BzwUM6n+HWyoYZrdPwqL1 AapBFfaWSaNXpt6UrHSqlTnUsgFpsUuY9pOTotQ/2IKTGxx3rj4VsHHDl7lav9wjTNwTFy5KWZO pfg75gf0tLNoOA55lz6xfo5omYj5ePmT8bzIEEyDL3FBI78IeZnfhukPa2YR/K1ijUTDvAgKDmP j430kWfrZW/sENKQzeMMypSLGIg4gL8tA1F3E+XeleAzrVlv5QdqVnjDxlxjNhvyABHNwDJGa7u BsF15E/eKL5JfIb0UNm9ffsp/v0/buVNzHHQElM3VPPaZN+ewkqYgP3LjVg6wXnSuaYmiynrMFh bBVEfwsdjpUZJF4EbfUIhpqgx7125Ix9R0TN+VXTHV0Q= X-Google-Smtp-Source: AGHT+IGIlmp0gTErSS4DfDNJ2k0q+U7DXk7nnE8hCWt5GhbV6qmR8RoCNHygavxB4lOMiFfar//Acg== X-Received: by 2002:a17:907:3fa4:b0:ab6:d7c5:124 with SMTP id a640c23a62f3a-abf265e8ed2mr386410966b.43.1740773790747; Fri, 28 Feb 2025 12:16:30 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-abf0c755c66sm340812666b.136.2025.02.28.12.16.29 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 28 Feb 2025 12:16:30 -0800 (PST) From: Eric Woudstra To: Michal Ostrowski , Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Ahmed Zaki , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, linux-hardening@vger.kernel.org, Kees Cook , "Gustavo A. R. Silva" , Eric Woudstra Subject: [PATCH v8 net-next 10/15] netfilter: nft_flow_offload: Add NFPROTO_BRIDGE to validate Date: Fri, 28 Feb 2025 21:15:28 +0100 Message-ID: <20250228201533.23836-11-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250228201533.23836-1-ericwouds@gmail.com> References: <20250228201533.23836-1-ericwouds@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250228_121632_170898_8D5B1D60 X-CRM114-Status: GOOD ( 11.33 ) X-BeenThere: linux-mediatek@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Linux-mediatek" Errors-To: linux-mediatek-bounces+linux-mediatek=archiver.kernel.org@lists.infradead.org Need to add NFPROTO_BRIDGE to nft_flow_offload_validate() to support the bridge-fastpath. Reviewed-by: Nikolay Aleksandrov Signed-off-by: Eric Woudstra --- net/netfilter/nft_flow_offload.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index 5ef2f4ba7ab8..323c531c7046 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -421,7 +421,8 @@ static int nft_flow_offload_validate(const struct nft_ctx *ctx, if (ctx->family != NFPROTO_IPV4 && ctx->family != NFPROTO_IPV6 && - ctx->family != NFPROTO_INET) + ctx->family != NFPROTO_INET && + ctx->family != NFPROTO_BRIDGE) return -EOPNOTSUPP; return nft_chain_validate_hooks(ctx->chain, hook_mask); From patchwork Fri Feb 28 20:15:29 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13997117 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id CDFDAC282C5 for ; Fri, 28 Feb 2025 20:36:59 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=mNvAyhAv6GepxNEYkCskllQBVi38mrCeZ4SsbbR7WSY=; b=XGyMMMJOiUQU/BdJzxd77FPC1E geK1V/KvHn2lT6+FhdjNaBbp8fBXAdEd0SWKSH5LRrLTujtGvvLlG0JdV0C1wKociH+r9QqVbugtY 1a/6ehoCiX3aAv0ndg5GfZw6syjwn1YeHZICS57P626e7a5IwBKgI3X04cpxtLVExTKmq3XLi5e4g gU95AaXuW7YV9IFU0bKxpEtB5lJnWOADWZa3qjgXID+Ffl+DtnItHJmN/vB2bhBLdI1QhYzdYYTkm vmHx0NTCMiv1QOE6YXtgOCQYghHSjMZXep361xjM44vfBW0ixwlyuljHApVZ+7YMnF9ApV1zliUbw LCDbumnQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1to76Q-0000000CcyB-42UJ; Fri, 28 Feb 2025 20:36:58 +0000 Received: from mail-ej1-x62a.google.com ([2a00:1450:4864:20::62a]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1to6mf-0000000CYNq-2IyC; Fri, 28 Feb 2025 20:16:34 +0000 Received: by mail-ej1-x62a.google.com with SMTP id a640c23a62f3a-abf45d8db04so88073466b.1; Fri, 28 Feb 2025 12:16:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1740773792; x=1741378592; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=mNvAyhAv6GepxNEYkCskllQBVi38mrCeZ4SsbbR7WSY=; b=l7/esM6j4YVKvNEI2qzDVb3ysoHQm2ayNlexu2GeF/y4XjX3FmLQgd34movBloCiwy 6CjaVhfrg8yba9ntghIXYzqqTIH8KnWuu1ng3e3rXN3icv+sGKH7kySrwTSHyGG/o+oH 9NscffLfB6SD0Dw7ovhaDqs2NxdB3b72EgwEbVzlkShW/nl5krxCR1vnmFqaxcffzvED 1ktyB7hgOufuC8DEQN+wsQLKqkVZZ1WgC+6h4l8/vXAwf0jxroQ1Siu9BpFc5XIF+098 ENAN3NNcHRRAPK0T5x31mPIqKoQOgUDRJ+69LH2kZRCxrUj+ot99AvTqauv2OXtHHppP QHnw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740773792; x=1741378592; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=mNvAyhAv6GepxNEYkCskllQBVi38mrCeZ4SsbbR7WSY=; b=qsMcANEENaGwo4qlbUzgxRvuBDoPLXcG4v2BZvgbwub6+1A6OaTm+54w6pEfurQJOa iBpLTBU4WRTggSQFG++2H84U/rmh419sr34slpk4qqzpXWpi444eOwhcH76EfQb7ZJlE N1UsljtbtJiCUkYMuszAUqlrOAZuxX/Mr8iKNS6q+Zf09ryWPNmoBClfhhzWSZiAq0Mf 4BcYo2tvAyY32pi45lAadQZhri3EZpS/F0o+rMFjqXs7lVSv6fvizaCv8thqUZb4hfkS zkHPQJC7Su8UMbM2O8L96MY2kTlvNW0s3Dbra4lR5Hp6/4NeG9U48DT2YKKKF0CIHdDO pfYw== X-Forwarded-Encrypted: i=1; AJvYcCV5YnTwf3NEwcjLpwbM5YPo+jFsg6jmbN+AqT1RXKaELsUR1ry/UolB6i+psHISauN0F6xSkC081/adpVXt6LN1@lists.infradead.org, AJvYcCWQMDmYr07DVK3ngdVJwO6z77RTZ/OGcwEPH9/NoFfAxG+oNWdJjrJj9EFXNcH8dqYclu/w9qtC2U2FfKPEtZ8=@lists.infradead.org X-Gm-Message-State: AOJu0Yy7X7hMKPmj8E+lNFekOPwlsZSaiEaaYUW+Xq7Am+Yw+pafPW08 awFOn7/idvJf2nPzQ9HcWtYNthK+Twh1+hgmBJHbnUDQ7yXj2fFW X-Gm-Gg: ASbGncssGUKFr2oeaD9H6Dk6VgPh5XPSviCBTAx6MQxb7h5ERov21elBKGWegyihER7 BNNSTyiYyvNjVgWxkyYEkIzDaDXWwOOe0qOm7e4RHc+Ti8iCez4hOPhDxYfy4j71yNyMD0N30yL 5h8rflb7q3f8PnqXyVzwOkZrjmq9f+QC9GhlNzzW4p+2Jwq0yakbq4F1sMLiRiTw76WL813RLDf UGF/B2KzxCII4T9zjEkXkdym2sO4T/NuLTQYfwLpNRh0GJuG3AEgD+DXRzqEqKLPuabLi6tBQNV jjzTT/IRbryGo+3YeYAqy9nw/JmemxgYE8Qn3L9zhoEd6ReLq97VkGr6dFCy8cIatmD3WE+X4WY ay7sy7hM6yVRASv5R9Kcjm4D1pg0RIDxVjJlNGfzd0bQ= X-Google-Smtp-Source: AGHT+IGNTRuqBcd8nLuNsVuXSGF1sIcXELw3HlP5Nzemzcrdv1EtIzMkCBIzwqYM1NbqtT6g+Vprpw== X-Received: by 2002:a17:907:9484:b0:abb:b136:a402 with SMTP id a640c23a62f3a-abf26424829mr486626566b.18.1740773792060; Fri, 28 Feb 2025 12:16:32 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-abf0c755c66sm340812666b.136.2025.02.28.12.16.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 28 Feb 2025 12:16:31 -0800 (PST) From: Eric Woudstra To: Michal Ostrowski , Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Ahmed Zaki , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, linux-hardening@vger.kernel.org, Kees Cook , "Gustavo A. R. Silva" , Eric Woudstra Subject: [PATCH v8 net-next 11/15] netfilter: nft_flow_offload: Add DEV_PATH_MTK_WDMA to nft_dev_path_info() Date: Fri, 28 Feb 2025 21:15:29 +0100 Message-ID: <20250228201533.23836-12-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250228201533.23836-1-ericwouds@gmail.com> References: <20250228201533.23836-1-ericwouds@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250228_121633_586425_6D7AA48D X-CRM114-Status: GOOD ( 12.72 ) X-BeenThere: linux-mediatek@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Linux-mediatek" Errors-To: linux-mediatek-bounces+linux-mediatek=archiver.kernel.org@lists.infradead.org In case of using mediatek wireless, in nft_dev_fill_forward_path(), the forward path is filled, ending with mediatek wlan1. Because DEV_PATH_MTK_WDMA is unknown inside nft_dev_path_info() it returns with info.indev = NULL. Then nft_dev_forward_path() returns without setting the direct transmit parameters. This results in a neighbor transmit, and direct transmit not possible. But we want to use it for flow between bridged interfaces. So this patch adds DEV_PATH_MTK_WDMA to nft_dev_path_info() and makes direct transmission possible. Signed-off-by: Eric Woudstra --- net/netfilter/nft_flow_offload.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index 323c531c7046..b9e6d9e6df66 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -105,6 +105,7 @@ static void nft_dev_path_info(const struct net_device_path_stack *stack, switch (path->type) { case DEV_PATH_ETHERNET: case DEV_PATH_DSA: + case DEV_PATH_MTK_WDMA: case DEV_PATH_VLAN: case DEV_PATH_PPPOE: info->indev = path->dev; @@ -117,6 +118,10 @@ static void nft_dev_path_info(const struct net_device_path_stack *stack, i = stack->num_paths; break; } + if (path->type == DEV_PATH_MTK_WDMA) { + i = stack->num_paths; + break; + } /* DEV_PATH_VLAN and DEV_PATH_PPPOE */ if (info->num_encaps >= NF_FLOW_TABLE_ENCAP_MAX) { From patchwork Fri Feb 28 20:15:30 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13997118 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id A820AC282C5 for ; Fri, 28 Feb 2025 20:38:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=BVAkTZii1Gy4XRugZsnKaWDIV+1UdUIxS1E1wVQkwnU=; b=lkVbDSSR+4xB6bJhz5SMUdETDH ZWVHaEiM7QyiKKC5qSe1R5sVjNBw6h5mmB627ID9tIdeKr6nd7VDRwokaRho7znWBgPvlw6h8/NK4 fWZGMIrtOU33FTD/KXYqNdxTks83VB4bHcQoOVOHLm/ekTwQVAT+HsZyPKk88jSsYFr3t9E2SP0ae UYciZMVrKIMEVUGc7RjZOhqOqAIhUreQr5b4/pjOApdd1XoDvojQEvGpDtERlEklAdjDcKoyrzvsn WxGfoe+t96P4Ukvfgcqm6eN0xIWUGr0yxVG9thB7Y01S0YU6ZWkXwG3Ngh15bVWr0HThIZQSUd5X4 TrjkToZg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1to77v-0000000CdEn-3d13; Fri, 28 Feb 2025 20:38:31 +0000 Received: from mail-ej1-x633.google.com ([2a00:1450:4864:20::633]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1to6mh-0000000CYOw-139U; Fri, 28 Feb 2025 20:16:36 +0000 Received: by mail-ej1-x633.google.com with SMTP id a640c23a62f3a-abf4b376f2fso37979666b.3; Fri, 28 Feb 2025 12:16:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1740773793; x=1741378593; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=BVAkTZii1Gy4XRugZsnKaWDIV+1UdUIxS1E1wVQkwnU=; b=NCigfeh+KJ48+K3rUZksDUooBDHGDp+t+y9Pen2vk5TzHtZmnWOZd4RIIRlbOYdiua TvIP0ny2R98JpUTcawD2uZzjrhftU4Oppifek8V9E1KO8UYKj+oHZjTILqxkCDyelsTV rtwQyIr7gD/VAJDTs66JEQKdwYs2PIR6/cYBbo1t/BxF+gZYRFpD1ddthjap0Lh5ZzQa zW7QDNNrzv7BbL7pLD3JvijMUfdwfbQg6wbY9jzwXKy8xFeycaq3BJtrCOz1c65Ru/9I MzB9gqv5ZQ4MfoAjvX0jwawPpfyC0wZ8IjFDsLMdh4jqUoA8EJV9hm5YPawPzGAbKlev xqIQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740773793; x=1741378593; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=BVAkTZii1Gy4XRugZsnKaWDIV+1UdUIxS1E1wVQkwnU=; b=OloKZ/qMX3f820ZDITn5M/lFLCQlM6FfwFKk9CsCWrBjNJVY28AUoxFyqhbT4ERzYX /IwuCV+FzMADUqyL5ouHHVRqeYrJmFdLILVF3eQIXbr8ldhy1+idDbcYDqB6OqryHEHj YX+Y0v+ufsnpbqkcLS7ZUuLQCVxIhQiQF89jjalXcNv/HOf2+YVXtkmXKmM4WzVQXXjj +mr60eh0pGX6T8S77BJvcKjvYE3ixOmcaAhEf61GkP/mu3ZTRNzEkww2lWKVQG4n9X/3 jn6P0JdZ1BVXO4qZCrcVixVlpW0RVouUlE8+Ax8oNKluYXgQ9v6Q8OfpG9Rklq0BzS49 UgBg== X-Forwarded-Encrypted: i=1; AJvYcCWC+6Gjg8ohENIyecrl1IaSLvjG7XtGHmWPrSZytR5z7eNK5r+7a3oCMyXEmZwME008Qf5R83Wi9oefz5Sciwws@lists.infradead.org, AJvYcCXYmjUqUar4g384RgmR6bCA68IN5BkBIZkmfKuIhy32/FQBtmKgsUMMkizE68FOdXUINpHgJwT5RFCMabt0Lj4=@lists.infradead.org X-Gm-Message-State: AOJu0YyNZ2RcjC1NuGa2LM495RYbx1ApLcHlq4fCW0/kpdSGb8wnMAxf IUKK8vgIfpyYZv5wqk5X2XajIGTZ/ibi1TblJOjRh41sXFRc2ROL X-Gm-Gg: ASbGncslL62Qc9sMchg6+28BLpAgtTPS0/rsbNFLgv37DXB4m9RE3nbqkxEInEyUvPU JkNlu07FxAbLn/I+1AAuZr/FbtfFcp6cEZPO0sQCQRVJTMjjI0noBlX/9mjFWJ1bhCN4HMK3BAR JHXFrSOKLx9KE3VqVuefS38G96RnT9vvKHx0oU/zpxPNFEXzplDNn4nGMYz973e8GAKdtQpxt71 tzTDgMbzX28Ozftu/8o9TxZ4gt6N2k39hSqJCBbgysSzEG0f+xO9BV+mM9aMoINvFxn4flRfHOA IUEJMp85O4dpAeXVXEJX0v62P6T6iQb5fRnKFBmS/7puKopvo54JzA2IsUUcEbHOkfpoJtiFrDW HARq5o66VAKCz9MNxeeyMn/hRlhUjEsnZteGn99t908d9TgvHJE4cJPudecHFMQ== X-Google-Smtp-Source: AGHT+IHTNHcim7XN7hH9c7Sh5FIEX168d0fQlddgi57248KaGuR3JKO3W8QVJ0D+qGDqKD6MfYoZMQ== X-Received: by 2002:a17:907:6d04:b0:abc:29e3:f453 with SMTP id a640c23a62f3a-abf261f2fd0mr480274566b.33.1740773793400; Fri, 28 Feb 2025 12:16:33 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-abf0c755c66sm340812666b.136.2025.02.28.12.16.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 28 Feb 2025 12:16:32 -0800 (PST) From: Eric Woudstra To: Michal Ostrowski , Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Ahmed Zaki , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, linux-hardening@vger.kernel.org, Kees Cook , "Gustavo A. R. Silva" , Eric Woudstra Subject: [PATCH v8 net-next 12/15] netfilter: nft_flow_offload: No ingress_vlan forward info for dsa user port Date: Fri, 28 Feb 2025 21:15:30 +0100 Message-ID: <20250228201533.23836-13-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250228201533.23836-1-ericwouds@gmail.com> References: <20250228201533.23836-1-ericwouds@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250228_121635_287335_0F05DF69 X-CRM114-Status: GOOD ( 11.32 ) X-BeenThere: linux-mediatek@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Linux-mediatek" Errors-To: linux-mediatek-bounces+linux-mediatek=archiver.kernel.org@lists.infradead.org The bitfield info->ingress_vlans and corresponding vlan encap are used for a switchdev user port. However, they should not be set for a dsa user port. Reviewed-by: Nikolay Aleksandrov Signed-off-by: Eric Woudstra --- net/netfilter/nft_flow_offload.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index b9e6d9e6df66..c95fad495460 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -116,6 +116,11 @@ static void nft_dev_path_info(const struct net_device_path_stack *stack, break; if (path->type == DEV_PATH_DSA) { i = stack->num_paths; + if (!info->num_encaps || + !(info->ingress_vlans & BIT(info->num_encaps - 1))) + break; + info->num_encaps--; + info->ingress_vlans &= ~BIT(info->num_encaps - 1); break; } if (path->type == DEV_PATH_MTK_WDMA) { From patchwork Fri Feb 28 20:15:31 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13997119 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id A45C6C282C5 for ; Fri, 28 Feb 2025 20:40:06 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=KGHKkM4qxKd9EB0pt79Yst8lznP4qD+tbsrDkGhaAL8=; b=Ad9k4KgwZjRDtvdZ53VuW5t3Q8 x5FrEwfD1wn8cMiWR6+AC47F2R7GjSv7I6Lw0cqpWss77B6J7ftRK1HqMfgLzq8QkxEH7CoQZTgxF 0PJKHuoI6/+TW6cb6MKd4E9EW1Ty3r9IjvNTBoDBFUdbgX0O90xLMHYBmrG/2hZ6ep7IrSMfE9v0n 0vwf68GPCRN4mrpTPmP9Tz46rhUZ+MtpvWj0u6dQbqV7HQ2qJOqZZ9sEVH5gwK3mpmhdSdQ7j/GQq MEf4rsOZQvy5aCL8+Qp50E965wqH9EyJSRXiqEYwpeFkZ/Ifd62NJks/jb2jP4zDC0S1b+ndxZoWb idvnznvg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1to79R-0000000CdVM-3L8B; Fri, 28 Feb 2025 20:40:05 +0000 Received: from mail-ed1-x532.google.com ([2a00:1450:4864:20::532]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1to6mi-0000000CYPR-2BL2; Fri, 28 Feb 2025 20:16:37 +0000 Received: by mail-ed1-x532.google.com with SMTP id 4fb4d7f45d1cf-5e4d3f92250so2690300a12.1; Fri, 28 Feb 2025 12:16:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1740773795; x=1741378595; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=KGHKkM4qxKd9EB0pt79Yst8lznP4qD+tbsrDkGhaAL8=; b=CtMUsdAHMX2s8xdTep+7HlYRWB6vZYEg/3JK5RGoGYA3nhJTsUfpSDoK/vKPajK0/f 8Dy5AwX6D/mB9b6mhS9abHSLGBFnxy1tBnDB0zdIdKK9TlmAQw/I6ikZSROvHS7M4ncM AahU4hQKf5Z3cOPYqkH4en2U9IlFgnMWUyHe/qruCaoqxeQzOI7evFVJYIlriBkYkLe7 W8OXALxo/+YJGSqi1sIqiRLksFDcbKlz12aHRys6tl76rOy7gbAcZwioeBRV2OEQyBkB zPharjWkx9qDalZThN48E/TawnB/aAxiONy/xwic4NgQ3nh+y6A36uSXoGnbLbe3fk7X dnmg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740773795; x=1741378595; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=KGHKkM4qxKd9EB0pt79Yst8lznP4qD+tbsrDkGhaAL8=; b=LvqFr7UxVetmDhsXNU9TsOpFK6ZsnpkxjjrmRmJnjMpZvRryB6Zax7YQi72/0rKy4s 1XBQQ+dADLr7vN2q5Sl2bXZM2OLwBZ92OdG8E/NFeQp3N3TI++Cpqrmqx2MABJZFuqer 1FPP0+asRxddByi/bL2GyhfXhMLalTaC9tJ3j0MzbJmWcYT4ThcOfNNTgwEoICu9MlR4 wVJ6Q2VyHjiLWtK+WTAyMWM8Fli1jvPJbVSJ+N14cAXeKXVgSz28sUbXpyKxlAYoTF2V yzfa5T6Yb+ewqVRp0B/cC3dUXr18DWlEJcTmYX+EJ3CaNMx2B2HT56QtkVzp8xXnMm3p OqfQ== X-Forwarded-Encrypted: i=1; AJvYcCVV/a0AOkM2Jyr77JBq2Tau+e8OkqYTUWpr7eJqzWqyypR5D0BQQyaURa/eFuMHQGsy2vn8t80iqmkj8rZsP08=@lists.infradead.org, AJvYcCW9hRSLpD9FOWtcD9tqnE/+M/mS+a9lMKh1T83+kM37SuumfFGB3vkbVp++j2NynoihEDuIqZhOVwdLP+Fz9Jb2@lists.infradead.org X-Gm-Message-State: AOJu0YyltVa+N/TVwkjC7wPUgVD1eVIQBfpb9YqK1Gw5k4vNkoYNGndS XG30tCY8n55Z6izgc9GyrDZ/Z6Rh0FpNi4D3uvVEy94abMSL/UpG X-Gm-Gg: ASbGnctWKdTNzMbd5dTibM1dAcFzztc2zw5QTCSrRmuHyLPs4hddkkdhmrxTsY1514r TsPG3YleuH6YhU1T6+dxvQ2bOw5r2vJT5U7Yq/J2pGWVUn4kW4lVFGhrXNiZfemN8fS1UBbApgs +QNARsU5qCQ5Vmn8h1wkH+0JvrAYH10k7s0bc8drznuf6PtP19J3IpDSTcGXU8SezQ5OHh6YJk4 bDyniG34D0+gZZtwwl8oAceOY5vN7t+X2QyNkiezPvmxAtsFvSZ6Y/fNAcekXq84awrzDVP0y+A LBDuBCGQGEy9YxByM5lNP9r4h71U1HqpzimZ6tfGWEes4FjbhUaFiayCvpz2L3Xi6ON5N9fNPEs unc6SJsAU5opI7xifqqWjOzXiwRKd8qlr+Q5lgfPHEj8= X-Google-Smtp-Source: AGHT+IEkQhpenLsv9Nobf0wiiAys0Z5V5MCyZxZmQpmyL4y9KNHC8I8jD08d28fmF8UGgHnRX7Un0w== X-Received: by 2002:a17:907:9408:b0:abf:19ac:76d with SMTP id a640c23a62f3a-abf269b9a91mr542028566b.51.1740773794665; Fri, 28 Feb 2025 12:16:34 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-abf0c755c66sm340812666b.136.2025.02.28.12.16.33 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 28 Feb 2025 12:16:34 -0800 (PST) From: Eric Woudstra To: Michal Ostrowski , Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Ahmed Zaki , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, linux-hardening@vger.kernel.org, Kees Cook , "Gustavo A. R. Silva" , Eric Woudstra Subject: [PATCH v8 net-next 13/15] bridge: No DEV_PATH_BR_VLAN_UNTAG_HW for dsa foreign Date: Fri, 28 Feb 2025 21:15:31 +0100 Message-ID: <20250228201533.23836-14-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250228201533.23836-1-ericwouds@gmail.com> References: <20250228201533.23836-1-ericwouds@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250228_121636_558496_BBFA3C98 X-CRM114-Status: GOOD ( 21.49 ) X-BeenThere: linux-mediatek@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Linux-mediatek" Errors-To: linux-mediatek-bounces+linux-mediatek=archiver.kernel.org@lists.infradead.org In network setup as below: fastpath bypass .----------------------------------------. / \ | IP - forwarding | | / \ v | / wan ... | / | | | | | brlan.1 | | | +-------------------------------+ | | vlan 1 | | | | | | brlan (vlan-filtering) | | | +---------------+ | | | DSA-SWITCH | | | vlan 1 | | | | to | | | | untagged 1 vlan 1 | | +---------------+---------------+ . / \ ----->wlan1 lan0 . . . ^ ^ vlan 1 tagged packets untagged packets br_vlan_fill_forward_path_mode() sets DEV_PATH_BR_VLAN_UNTAG_HW when filling in from brlan.1 towards wlan1. But it should be set to DEV_PATH_BR_VLAN_UNTAG in this case. Using BR_VLFLAG_ADDED_BY_SWITCHDEV is not correct. The dsa switchdev adds it as a foreign port. The same problem for all foreignly added dsa vlans on the bridge. First add the vlan, trying only native devices. If this fails, we know this may be a vlan from a foreign device. Use BR_VLFLAG_TAGGING_BY_SWITCHDEV to make sure DEV_PATH_BR_VLAN_UNTAG_HW is set only when there if no foreign device involved. Acked-by: Nikolay Aleksandrov Signed-off-by: Eric Woudstra --- include/net/switchdev.h | 1 + net/bridge/br_private.h | 10 ++++++++++ net/bridge/br_switchdev.c | 15 +++++++++++++++ net/bridge/br_vlan.c | 7 ++++++- net/switchdev/switchdev.c | 2 +- 5 files changed, 33 insertions(+), 2 deletions(-) diff --git a/include/net/switchdev.h b/include/net/switchdev.h index 8346b0d29542..ee500706496b 100644 --- a/include/net/switchdev.h +++ b/include/net/switchdev.h @@ -15,6 +15,7 @@ #define SWITCHDEV_F_NO_RECURSE BIT(0) #define SWITCHDEV_F_SKIP_EOPNOTSUPP BIT(1) #define SWITCHDEV_F_DEFER BIT(2) +#define SWITCHDEV_F_NO_FOREIGN BIT(3) enum switchdev_attr_id { SWITCHDEV_ATTR_ID_UNDEFINED, diff --git a/net/bridge/br_private.h b/net/bridge/br_private.h index a0b950390a16..b950db453d8d 100644 --- a/net/bridge/br_private.h +++ b/net/bridge/br_private.h @@ -180,6 +180,7 @@ enum { BR_VLFLAG_MCAST_ENABLED = BIT(2), BR_VLFLAG_GLOBAL_MCAST_ENABLED = BIT(3), BR_VLFLAG_NEIGH_SUPPRESS_ENABLED = BIT(4), + BR_VLFLAG_TAGGING_BY_SWITCHDEV = BIT(5), }; /** @@ -2184,6 +2185,8 @@ void br_switchdev_mdb_notify(struct net_device *dev, int type); int br_switchdev_port_vlan_add(struct net_device *dev, u16 vid, u16 flags, bool changed, struct netlink_ext_ack *extack); +int br_switchdev_port_vlan_no_foreign_add(struct net_device *dev, u16 vid, u16 flags, + bool changed, struct netlink_ext_ack *extack); int br_switchdev_port_vlan_del(struct net_device *dev, u16 vid); void br_switchdev_init(struct net_bridge *br); @@ -2267,6 +2270,13 @@ static inline int br_switchdev_port_vlan_add(struct net_device *dev, u16 vid, return -EOPNOTSUPP; } +static inline int br_switchdev_port_vlan_no_foreign_add(struct net_device *dev, u16 vid, + u16 flags, bool changed, + struct netlink_ext_ack *extack) +{ + return -EOPNOTSUPP; +} + static inline int br_switchdev_port_vlan_del(struct net_device *dev, u16 vid) { return -EOPNOTSUPP; diff --git a/net/bridge/br_switchdev.c b/net/bridge/br_switchdev.c index 7b41ee8740cb..efa7a055b8f9 100644 --- a/net/bridge/br_switchdev.c +++ b/net/bridge/br_switchdev.c @@ -187,6 +187,21 @@ int br_switchdev_port_vlan_add(struct net_device *dev, u16 vid, u16 flags, return switchdev_port_obj_add(dev, &v.obj, extack); } +int br_switchdev_port_vlan_no_foreign_add(struct net_device *dev, u16 vid, u16 flags, + bool changed, struct netlink_ext_ack *extack) +{ + struct switchdev_obj_port_vlan v = { + .obj.orig_dev = dev, + .obj.id = SWITCHDEV_OBJ_ID_PORT_VLAN, + .obj.flags = SWITCHDEV_F_NO_FOREIGN, + .flags = flags, + .vid = vid, + .changed = changed, + }; + + return switchdev_port_obj_add(dev, &v.obj, extack); +} + int br_switchdev_port_vlan_del(struct net_device *dev, u16 vid) { struct switchdev_obj_port_vlan v = { diff --git a/net/bridge/br_vlan.c b/net/bridge/br_vlan.c index a18c7da12ebd..aea94d401a30 100644 --- a/net/bridge/br_vlan.c +++ b/net/bridge/br_vlan.c @@ -109,6 +109,11 @@ static int __vlan_vid_add(struct net_device *dev, struct net_bridge *br, /* Try switchdev op first. In case it is not supported, fallback to * 8021q add. */ + err = br_switchdev_port_vlan_no_foreign_add(dev, v->vid, flags, false, extack); + if (err != -EOPNOTSUPP) { + v->priv_flags |= BR_VLFLAG_ADDED_BY_SWITCHDEV | BR_VLFLAG_TAGGING_BY_SWITCHDEV; + return err; + } err = br_switchdev_port_vlan_add(dev, v->vid, flags, false, extack); if (err == -EOPNOTSUPP) return vlan_vid_add(dev, br->vlan_proto, v->vid); @@ -1491,7 +1496,7 @@ int br_vlan_fill_forward_path_mode(struct net_bridge *br, if (path->bridge.vlan_mode == DEV_PATH_BR_VLAN_TAG) path->bridge.vlan_mode = DEV_PATH_BR_VLAN_KEEP; - else if (v->priv_flags & BR_VLFLAG_ADDED_BY_SWITCHDEV) + else if (v->priv_flags & BR_VLFLAG_TAGGING_BY_SWITCHDEV) path->bridge.vlan_mode = DEV_PATH_BR_VLAN_UNTAG_HW; else path->bridge.vlan_mode = DEV_PATH_BR_VLAN_UNTAG; diff --git a/net/switchdev/switchdev.c b/net/switchdev/switchdev.c index 6488ead9e464..c48f66643e99 100644 --- a/net/switchdev/switchdev.c +++ b/net/switchdev/switchdev.c @@ -749,7 +749,7 @@ static int __switchdev_handle_port_obj_add(struct net_device *dev, /* Event is neither on a bridge nor a LAG. Check whether it is on an * interface that is in a bridge with us. */ - if (!foreign_dev_check_cb) + if (!foreign_dev_check_cb || port_obj_info->obj->flags & SWITCHDEV_F_NO_FOREIGN) return err; br = netdev_master_upper_dev_get(dev); From patchwork Fri Feb 28 20:15:32 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13997123 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id ECE69C282C5 for ; Fri, 28 Feb 2025 20:41:40 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=h2oeCJos5+VWLjM6O6Ww7CfUdtvRNnO3dpetsG6O99c=; b=0MB1WraRhc4tx3X3R2d4T+8EF5 mQoURo+UD92YdwmpvYxFzSTsTyjqR9I8F7vu/N4kcWn+1g9giaC7tfAfny2N1s+5qqqVaDJtCf5OH lU/RRq+XMKftWZXfzA6w6a7vRzSfB+fUOVrKSM29lenXxZLORKzpRisiod03DI7m4XXXa1lCof7Az 3OUVBKHzGsScWaSCBmEeI/HvaOTEuRwMb9QIxqO9iPAArO9ZO/Mc5sBW1EELw3EzlnAMvDTl/Lst2 EX54dJuIpCJQDuAzNnidYDzw/DcBUnPApbTPuGibj3HjZEOJM+mKSvQHH6LrMB4qKP+wVptmAPL5+ g9UPu4PQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1to7Ay-0000000Cdi1-0FRd; Fri, 28 Feb 2025 20:41:40 +0000 Received: from mail-ed1-x532.google.com ([2a00:1450:4864:20::532]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1to6mj-0000000CYQ9-23TX; Fri, 28 Feb 2025 20:16:38 +0000 Received: by mail-ed1-x532.google.com with SMTP id 4fb4d7f45d1cf-5dc89df7eccso3976158a12.3; Fri, 28 Feb 2025 12:16:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1740773796; x=1741378596; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=h2oeCJos5+VWLjM6O6Ww7CfUdtvRNnO3dpetsG6O99c=; b=FVt3B7lm3V9J93Tas0COhFcluqYEns3vYx1QVMJqTh+Dxx8UoeL+FOklxgNUViy6sz aaccdT2V7wmHhyQZJRmgr0itJyaMkbkv0ahQwhhmqdTTZpEkrNv39QRZq4W8iKweqi8Y MwdhpttJHy4i88tMOBjq9N0nJ0AJSeBfCnMyojb6LdNAxxm+5aFUTuOLk/t8i0vmeV3S dy/72pxEF+N0prr2eMT0qSvv11JGPLt57+5qZ699UBpicnilq3zytaDtWCSPNqjyi291 1YgjGyPFHrnvA7WP2DBFpR97lVEATSkaCMRohTGYaa287mSg9l8ZZ0m+WRJ841hSjDoh f0lg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740773796; x=1741378596; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=h2oeCJos5+VWLjM6O6Ww7CfUdtvRNnO3dpetsG6O99c=; b=mskGfATQD+/z0BMuGkbX4Vx2p//ALC/Lo+GvgdMVLUELBySZht4A1TjGCa74XtU6Qp L29AkYV/mFoL8iunDqKyjDBLMbME7IUmr8sxGgDKAeevi1jrtqYdatIhiUu8mXwldPYW Ou/CHcj4kE9Dp0tNcDj5tVsk4jyWjw+WHbTKcACecJx2W8Nm/jlnCS8GANwq953gI7PE bxHYb2vyd3bXV3Ne5T10Ev/F4VUczN+BzYEjYqynhv/ThPX804ZhGsZxx+cBvsCJnftr m2WURsPBdGEXnvcO5nnxiZbSgyOmGyJq+fsA7yEYx1hBWhcthbSCwA5t2gGKay8wijVf Tnfw== X-Forwarded-Encrypted: i=1; AJvYcCVG/jb7owmGQ/HxZkYi/WRiR9x01NeK1xEJJFevGrV3qNnzfKgUfrc2N7zlQ+K9/UOWV/pksPBLleq38zD89yk=@lists.infradead.org, AJvYcCWruoJML8Gx54a4Tr7hbG1bPLFGmPOGdTHHPWoG/RzTeLRI7nKrLfPt7kw30nbdvssqCneuBiD+kvofnr/YJ6Gb@lists.infradead.org X-Gm-Message-State: AOJu0YyN40ymqApBn2VDhHGfl9416XD/soxAze/lFhlZ4m/h8ibhBTHN MpDf6qcbXwKMPiq59gV4Xrsrn395Qs/B0OjpfCniwqwzEWtj9SyU X-Gm-Gg: ASbGncsy4vUsDnaIwLrjBSJBh9myumn5oR6rHG+luEKkQP/MBe1YeipPZT2JGdZ0grE Uf6aWfaDvKAhGZXLD+rlZ0R2JHOGMKMtV55gSV31L3H6S55WVC/L33kKIyOldserGHh7K5mEuOg JUZ6CDRu+eVq3zAkVAKBDiXxYEdS4rdCCxTxBkOJkM0RMpBiIisPynaGeX3uNhHHV4cfxDMuovu spMz0PPGvs5J+wSm/cSm7SDFXhVaeFIqbcHnBFv25JKTWECmjhBHYkX/3szHoWD8Da25H85KTv+ 4X3V+ami39D3m0Gi2RiRz/IhaDcvVu2Y/aJCBGQ1A1EgkPF/q9+DQrj3VPBafBa6x/oi+gjiGzN CiT4f/4Q2xcZu9ScwLnBMpqbhvobGY5dnzZ9jCtbBdZ0= X-Google-Smtp-Source: AGHT+IGRd37BcugXvRzWetE0RiFp1sspn48cYfwa0XVMvCj+hDeBReablJgdaX0T/5erZICf63Pa2A== X-Received: by 2002:a17:907:7f91:b0:ab7:c358:2fec with SMTP id a640c23a62f3a-abf25da05d8mr559746666b.5.1740773795955; Fri, 28 Feb 2025 12:16:35 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-abf0c755c66sm340812666b.136.2025.02.28.12.16.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 28 Feb 2025 12:16:35 -0800 (PST) From: Eric Woudstra To: Michal Ostrowski , Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Ahmed Zaki , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, linux-hardening@vger.kernel.org, Kees Cook , "Gustavo A. R. Silva" , Eric Woudstra Subject: [PATCH v8 net-next 14/15] bridge: Introduce DEV_PATH_BR_VLAN_KEEP_HW for bridge-fastpath Date: Fri, 28 Feb 2025 21:15:32 +0100 Message-ID: <20250228201533.23836-15-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250228201533.23836-1-ericwouds@gmail.com> References: <20250228201533.23836-1-ericwouds@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250228_121637_529273_8E38D452 X-CRM114-Status: GOOD ( 15.37 ) X-BeenThere: linux-mediatek@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Linux-mediatek" Errors-To: linux-mediatek-bounces+linux-mediatek=archiver.kernel.org@lists.infradead.org This patch introduces DEV_PATH_BR_VLAN_KEEP_HW. It is needed in the bridge fastpath for switchdevs supporting SWITCHDEV_OBJ_ID_PORT_VLAN. It is similar to DEV_PATH_BR_VLAN_TAG, with the correcponding bit in ingress_vlans set. In the forward fastpath it is not needed. Acked-by: Nikolay Aleksandrov Signed-off-by: Eric Woudstra --- include/linux/netdevice.h | 1 + net/bridge/br_device.c | 4 ++++ net/bridge/br_vlan.c | 18 +++++++++++------- net/netfilter/nft_flow_offload.c | 3 +++ 4 files changed, 19 insertions(+), 7 deletions(-) diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h index 2ee53478d9f0..17d82e4632dd 100644 --- a/include/linux/netdevice.h +++ b/include/linux/netdevice.h @@ -887,6 +887,7 @@ struct net_device_path { DEV_PATH_BR_VLAN_TAG, DEV_PATH_BR_VLAN_UNTAG, DEV_PATH_BR_VLAN_UNTAG_HW, + DEV_PATH_BR_VLAN_KEEP_HW, } vlan_mode; u16 vlan_id; __be16 vlan_proto; diff --git a/net/bridge/br_device.c b/net/bridge/br_device.c index c7646afc8b96..112fd8556217 100644 --- a/net/bridge/br_device.c +++ b/net/bridge/br_device.c @@ -430,6 +430,10 @@ static int br_fill_forward_path(struct net_device_path_ctx *ctx, case DEV_PATH_BR_VLAN_UNTAG: ctx->num_vlans--; break; + case DEV_PATH_BR_VLAN_KEEP_HW: + if (!src) + path->bridge.vlan_mode = DEV_PATH_BR_VLAN_KEEP; + break; case DEV_PATH_BR_VLAN_KEEP: break; } diff --git a/net/bridge/br_vlan.c b/net/bridge/br_vlan.c index aea94d401a30..114d47d5f90f 100644 --- a/net/bridge/br_vlan.c +++ b/net/bridge/br_vlan.c @@ -1494,13 +1494,17 @@ int br_vlan_fill_forward_path_mode(struct net_bridge *br, if (!(v->flags & BRIDGE_VLAN_INFO_UNTAGGED)) return 0; - if (path->bridge.vlan_mode == DEV_PATH_BR_VLAN_TAG) - path->bridge.vlan_mode = DEV_PATH_BR_VLAN_KEEP; - else if (v->priv_flags & BR_VLFLAG_TAGGING_BY_SWITCHDEV) - path->bridge.vlan_mode = DEV_PATH_BR_VLAN_UNTAG_HW; - else - path->bridge.vlan_mode = DEV_PATH_BR_VLAN_UNTAG; - + if (path->bridge.vlan_mode == DEV_PATH_BR_VLAN_TAG) { + if (v->priv_flags & BR_VLFLAG_TAGGING_BY_SWITCHDEV) + path->bridge.vlan_mode = DEV_PATH_BR_VLAN_KEEP_HW; + else + path->bridge.vlan_mode = DEV_PATH_BR_VLAN_KEEP; + } else { + if (v->priv_flags & BR_VLFLAG_TAGGING_BY_SWITCHDEV) + path->bridge.vlan_mode = DEV_PATH_BR_VLAN_UNTAG_HW; + else + path->bridge.vlan_mode = DEV_PATH_BR_VLAN_UNTAG; + } return 0; } diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index c95fad495460..c0c310c569cd 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -148,6 +148,9 @@ static void nft_dev_path_info(const struct net_device_path_stack *stack, case DEV_PATH_BR_VLAN_UNTAG_HW: info->ingress_vlans |= BIT(info->num_encaps - 1); break; + case DEV_PATH_BR_VLAN_KEEP_HW: + info->ingress_vlans |= BIT(info->num_encaps); + fallthrough; case DEV_PATH_BR_VLAN_TAG: info->encap[info->num_encaps].id = path->bridge.vlan_id; info->encap[info->num_encaps].proto = path->bridge.vlan_proto; From patchwork Fri Feb 28 20:15:33 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13997124 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id F218AC282C6 for ; Fri, 28 Feb 2025 20:43:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=E8P5h61gnv0DfF0R+vjh2CpjgGHUfjM4UjNVV+Pbc34=; b=qbIAc63M2bekRhQ9NqGfhUmbnZ Ii3D9h+oolo57PYgimJLJI1pFZV+WZKgccGTcCZ/dc8tlx9SRwkoZgIm4r7lLvhFbsh5EuDvw1XAK Jg4nH8W+KQeBVmLr2c4uvMfAR8jS+1gonhAj7QAWj4IbRHNVUnZ+yw3vWqblKcvnqLGIUC5Q40uFm AxkxtU+h5/wNevkmIrSJtWnR3WEL/rxSFbKSjsCrIeTWt2uOufoMQblWT77SP4yXzUDHyfUt72qye X15jmoNefF1ri6DHA9luASzf2YajJV0JRY1+TIcgafCC6eQW1/C8ZBhwuayAmGtBrhj0OBaWhu3Zw 1Jo0hrgg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1to7CT-0000000Cdqk-0Y2M; Fri, 28 Feb 2025 20:43:13 +0000 Received: from mail-ed1-x533.google.com ([2a00:1450:4864:20::533]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1to6ml-0000000CYSJ-1pXc; Fri, 28 Feb 2025 20:16:40 +0000 Received: by mail-ed1-x533.google.com with SMTP id 4fb4d7f45d1cf-5e0b70fb1daso4155425a12.1; Fri, 28 Feb 2025 12:16:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1740773798; x=1741378598; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=E8P5h61gnv0DfF0R+vjh2CpjgGHUfjM4UjNVV+Pbc34=; b=axdwo+WhpDoN6yd74PrWseAoEt2kn6LJxrbe4FMzLBFJGQRVImD+NONCjf6Ry/s/m/ odzV0iJm3j7ceuV0uBu/JJ3o3txxjiNHB1JCLNxRvFPEcMM7fdBUwpxypjkEf1GMdkBB JmL5E2Y4Q8zNht3szDFiq71RGUdqjnhog4Nt4cn1oK6edAkKYlxwzodhx1ATVXDg0lBd PKo4G+ijQH/7piGkIxHm1TeUsp0vVQgl/T/SAZETrHpem4yBf4whndn+ElMz+vg/QP/G 38Tgceb035q051toMyI/puQz1Oz0QNjWuCIXi/UybwMYisfR8QOFEKWt/MBPZGXQ6zX1 Y3NA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740773798; x=1741378598; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=E8P5h61gnv0DfF0R+vjh2CpjgGHUfjM4UjNVV+Pbc34=; b=PIWvA7Oq3b/OfpGUHSwa5mCQYmMzt1wED2JhXe1qT1Tl0NEe99OBfDphdSfBHy5Bem RzYeyLSniFWaOtUuMOPLWFKaJLpA1Y2jPA7nLZsyEcl1SkZDmQwXkXWKhqB6Z8Ei2xd2 QyBm5/5tT8unMV4mJgT0KKXQ9p0nNV7YJzSyhl1XLsRZGU4lv7a2XJLlxm3bvPvo1xtI tHu3AmDeBYjcvGvqcWOEzFNTmvwIwDJ28wxBEuUSWD+HR09htruTqnfcbXQx7FBJRM/6 ZH3gHale/0CAD+/YtOhYdDM1GuSEb7CGoveiqwBbd2lry6nfzGxJaQ1gXGJ0NKp4Qx6h IT2A== X-Forwarded-Encrypted: i=1; AJvYcCXKjstPt4CvUhSVMC67G4a9xKgmJiSwDsGfnE9bEWxvCrMvAl1M8ox4WrkrOXq3hqnW50NZLQB0kw0IWlMHC4c=@lists.infradead.org, AJvYcCXxXjvAOLEeW0onzWWV19Evmfa7Mw5LuLkJ9nwIxmrDkGKc2cprqiNc23cJK1agCiBVI3MnF26xXlrktEGAwQ/X@lists.infradead.org X-Gm-Message-State: AOJu0Yzstx3dCjFSjBtyykKmX/4SJ8lY5woAvKxGRf43oVF2Y59fVKnw yZpIE1/2PAkzTEq0Xzee/iEt2MIpNN9s3BsUJrK0h/uG25HgGDEO X-Gm-Gg: ASbGncugaE+JNMzizjhxQVjE6ndwkJBLncvX2lnhf8UaH+TRaL0iiLiZxtWaw2wcqxN kfqGNeEGLGQCSVB8xyxOlLPDWGgmRedig53SuMEZh1ZLEOE0QE+ADcScvRTw6pgUxtfsdAx6eFb M7+AWD96SkdZWk0SHHp/KmQvnBJvPTC4eUw10WSxSMN2DuSpWXwYSDrw4OqvDm5F4rdrSWxdHhI cfJQHVQ31ky2bbudjNMbQDY/sreqaKaVLTD6tG8aBON4EKrJJ5TZOCap5t83huncoZFazTpRWpx RUtIktKlNzJjlKSI1JRE36pLIWwv/mxtb9YTL17NjN39jzhBGzDfIjkD27CdOu5rDVm6vqLJ7/u QQOSBYM9VeKAB9L3BYNssGI6idjPTa3wc+xyv5QttBfA= X-Google-Smtp-Source: AGHT+IFlmpbX1AaUedxm3P9O6u/RxXNPrF5Q2YDXimBGRC0W9OM/QT4gLwBWJH0mD9PJXhq7sPrRTA== X-Received: by 2002:a17:907:a642:b0:ab7:eff8:f92e with SMTP id a640c23a62f3a-abf25fa93afmr512343166b.21.1740773797389; Fri, 28 Feb 2025 12:16:37 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-abf0c755c66sm340812666b.136.2025.02.28.12.16.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 28 Feb 2025 12:16:36 -0800 (PST) From: Eric Woudstra To: Michal Ostrowski , Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Ahmed Zaki , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, linux-hardening@vger.kernel.org, Kees Cook , "Gustavo A. R. Silva" , Eric Woudstra Subject: [PATCH v8 net-next 15/15] netfilter: nft_flow_offload: Add bridgeflow to nft_flow_offload_eval() Date: Fri, 28 Feb 2025 21:15:33 +0100 Message-ID: <20250228201533.23836-16-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250228201533.23836-1-ericwouds@gmail.com> References: <20250228201533.23836-1-ericwouds@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250228_121639_477143_2963CF72 X-CRM114-Status: GOOD ( 19.14 ) X-BeenThere: linux-mediatek@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Linux-mediatek" Errors-To: linux-mediatek-bounces+linux-mediatek=archiver.kernel.org@lists.infradead.org Edit nft_flow_offload_eval() to make it possible to handle a flowtable of the nft bridge family. Use nft_flow_offload_bridge_init() to fill the flow tuples. It uses nft_dev_fill_bridge_path() in each direction. Signed-off-by: Eric Woudstra --- net/netfilter/nft_flow_offload.c | 142 +++++++++++++++++++++++++++++-- 1 file changed, 137 insertions(+), 5 deletions(-) diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index c0c310c569cd..03a0b5f7e8d2 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -193,6 +193,128 @@ static bool nft_flowtable_find_dev(const struct net_device *dev, return found; } +static int nft_dev_fill_bridge_path(struct flow_offload *flow, + struct nft_flowtable *ft, + enum ip_conntrack_dir dir, + const struct net_device *src_dev, + const struct net_device *dst_dev, + unsigned char *src_ha, + unsigned char *dst_ha) +{ + struct flow_offload_tuple_rhash *th = flow->tuplehash; + struct net_device_path_ctx ctx = {}; + struct net_device_path_stack stack; + struct nft_forward_info info = {}; + int i, j = 0; + + for (i = th[dir].tuple.encap_num - 1; i >= 0 ; i--) { + if (info.num_encaps >= NF_FLOW_TABLE_ENCAP_MAX) + return -1; + + if (th[dir].tuple.in_vlan_ingress & BIT(i)) + continue; + + info.encap[info.num_encaps].id = th[dir].tuple.encap[i].id; + info.encap[info.num_encaps].proto = th[dir].tuple.encap[i].proto; + info.num_encaps++; + + if (th[dir].tuple.encap[i].proto == htons(ETH_P_PPP_SES)) + continue; + + if (ctx.num_vlans >= NET_DEVICE_PATH_VLAN_MAX) + return -1; + ctx.vlan[ctx.num_vlans].id = th[dir].tuple.encap[i].id; + ctx.vlan[ctx.num_vlans].proto = th[dir].tuple.encap[i].proto; + ctx.num_vlans++; + } + ctx.dev = src_dev; + ether_addr_copy(ctx.daddr, dst_ha); + + if (dev_fill_bridge_path(&ctx, &stack) < 0) + return -1; + + nft_dev_path_info(&stack, &info, dst_ha, &ft->data); + + if (!info.indev || info.indev != dst_dev) + return -1; + + th[!dir].tuple.iifidx = info.indev->ifindex; + for (i = info.num_encaps - 1; i >= 0; i--) { + th[!dir].tuple.encap[j].id = info.encap[i].id; + th[!dir].tuple.encap[j].proto = info.encap[i].proto; + if (info.ingress_vlans & BIT(i)) + th[!dir].tuple.in_vlan_ingress |= BIT(j); + j++; + } + th[!dir].tuple.encap_num = info.num_encaps; + + th[dir].tuple.mtu = dst_dev->mtu; + ether_addr_copy(th[dir].tuple.out.h_source, src_ha); + ether_addr_copy(th[dir].tuple.out.h_dest, dst_ha); + th[dir].tuple.out.ifidx = info.outdev->ifindex; + th[dir].tuple.xmit_type = FLOW_OFFLOAD_XMIT_DIRECT; + + return 0; +} + +static int nft_flow_offload_bridge_init(struct flow_offload *flow, + const struct nft_pktinfo *pkt, + enum ip_conntrack_dir dir, + struct nft_flowtable *ft) +{ + const struct net_device *in_dev, *out_dev; + struct ethhdr *eth = eth_hdr(pkt->skb); + struct flow_offload_tuple *tuple; + struct pppoe_hdr *phdr; + struct vlan_hdr *vhdr; + int err, i = 0; + + in_dev = nft_in(pkt); + if (!in_dev || !nft_flowtable_find_dev(in_dev, ft)) + return -1; + + out_dev = nft_out(pkt); + if (!out_dev || !nft_flowtable_find_dev(out_dev, ft)) + return -1; + + tuple = &flow->tuplehash[!dir].tuple; + + if (skb_vlan_tag_present(pkt->skb)) { + tuple->encap[i].id = skb_vlan_tag_get(pkt->skb); + tuple->encap[i].proto = pkt->skb->vlan_proto; + i++; + } + switch (pkt->skb->protocol) { + case htons(ETH_P_8021Q): + vhdr = (struct vlan_hdr *)skb_network_header(pkt->skb); + tuple->encap[i].id = ntohs(vhdr->h_vlan_TCI); + tuple->encap[i].proto = pkt->skb->protocol; + i++; + break; + case htons(ETH_P_PPP_SES): + phdr = (struct pppoe_hdr *)skb_network_header(pkt->skb); + tuple->encap[i].id = ntohs(phdr->sid); + tuple->encap[i].proto = pkt->skb->protocol; + i++; + break; + } + tuple->encap_num = i; + + err = nft_dev_fill_bridge_path(flow, ft, !dir, out_dev, in_dev, + eth->h_dest, eth->h_source); + if (err < 0) + return err; + + memset(tuple->encap, 0, sizeof(tuple->encap)); + + err = nft_dev_fill_bridge_path(flow, ft, dir, in_dev, out_dev, + eth->h_source, eth->h_dest); + if (err < 0) + return err; + + return 0; +} + static void nft_dev_forward_path(struct nf_flow_route *route, const struct nf_conn *ct, enum ip_conntrack_dir dir, @@ -311,6 +433,7 @@ static void nft_flow_offload_eval(const struct nft_expr *expr, { struct nft_flow_offload *priv = nft_expr_priv(expr); struct nf_flowtable *flowtable = &priv->flowtable->data; + bool routing = flowtable->type->family != NFPROTO_BRIDGE; struct tcphdr _tcph, *tcph = NULL; struct nf_flow_route route = {}; enum ip_conntrack_info ctinfo; @@ -364,14 +487,21 @@ static void nft_flow_offload_eval(const struct nft_expr *expr, goto out; dir = CTINFO2DIR(ctinfo); - if (nft_flow_route(pkt, ct, &route, dir, priv->flowtable) < 0) - goto err_flow_route; + if (routing) { + if (nft_flow_route(pkt, ct, &route, dir, priv->flowtable) < 0) + goto err_flow_route; + } flow = flow_offload_alloc(ct); if (!flow) goto err_flow_alloc; - flow_offload_route_init(flow, &route); + if (routing) + flow_offload_route_init(flow, &route); + else + if (nft_flow_offload_bridge_init(flow, pkt, dir, priv->flowtable) < 0) + goto err_flow_add; + if (tcph) flow_offload_ct_tcp(ct); @@ -419,8 +549,10 @@ static void nft_flow_offload_eval(const struct nft_expr *expr, err_flow_add: flow_offload_free(flow); err_flow_alloc: - dst_release(route.tuple[dir].dst); - dst_release(route.tuple[!dir].dst); + if (routing) { + dst_release(route.tuple[dir].dst); + dst_release(route.tuple[!dir].dst); + } err_flow_route: clear_bit(IPS_OFFLOAD_BIT, &ct->status); out: