From patchwork Fri Feb 28 20:15:19 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13997134 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 54E12C282C5 for ; Fri, 28 Feb 2025 21:04:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=fA9Vmw88RokN6ZVcNFAMZ81OI6e/RLQJpo3MGu4wt9I=; b=jlyaWkaO5KlthtrQ2s/QHQYXNx eYzWy5QR7WOILdCE8Tcilu+80d1Az0YdGdiQ0fexQSYh2dOGNvlrIYzfQr7oKU0OhyQrjE/AYI65z w7/zJGZF4+QzHdNKIcG33oLRL9PMNUBx6liwK6vjhN+KRq61xQPmyAcrWkvGica3BQPzJEIkqiLSb cF+bk9ZHzbTbR/+1jXhu7JAsPPtn9UhbSSM6W445i2GCu8ogLGPj9SUaiSW7yMdQb/cKq44x9ppmE vs5O8idOSWPmSEDXfdesqjkmO3pENdlsaQkBJ0GB25Cui9sQkS7IXAOg7weY44zs/bX6WCAdqRAMw z/BDwzwQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1to7WT-0000000Cfv4-381s; Fri, 28 Feb 2025 21:03:53 +0000 Received: from mail-ej1-x635.google.com ([2a00:1450:4864:20::635]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1to6mR-0000000CYGG-3775; Fri, 28 Feb 2025 20:16:20 +0000 Received: by mail-ej1-x635.google.com with SMTP id a640c23a62f3a-ab78e6edb99so341972466b.2; Fri, 28 Feb 2025 12:16:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1740773778; x=1741378578; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=fA9Vmw88RokN6ZVcNFAMZ81OI6e/RLQJpo3MGu4wt9I=; b=C1l/6Ala0om43XPz4RON2It3MM9JpIf6Fe4qO8HVciS2vKF+BReXeY8kkUvDhRRlrk svreS5cniqHfr0+lZyfgzADJ4FK7mIYI7DSx4TiGVXVQAewHo0FH/OyeKJjEzxycsjsJ x6vQnth91H9lW04K3yauxBdrRC7ijFWxz+1emPI6h1GC8/jolMGKB2b0/aVGj7XDlmsa xUWJwaeZrDPryk98wDPJCATP01pIW5Hv7AjxNH9GrYEpdbhONg9t1H7fH7Es+XkV0b6r en2shkf9ISNnYKBFaq0F1WOs2FJLX3rnEsvINELXsLo7UXeLGzwGCuBgEEgomRr5y/2x E65Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740773778; x=1741378578; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=fA9Vmw88RokN6ZVcNFAMZ81OI6e/RLQJpo3MGu4wt9I=; b=KBo0/vQfyJIYbX2aOvqHpRTOdyVZNWj2foIldBy6dI2sDJRVXP33LuNnMgYdlRxJgQ hsi0OyVrBB0LNlSRKrizLCSGkeRJJdLKFxKZ/J+u8Fsphh5wsML6/ni3jlurWWk7EbXN 9zC7WpqRGQ8a55CQJ4WM1HY3CGFWSELenD9M1SxY6iB1fTtEGfVQPog0E4PdlgYWvnn+ //8ePU+OhmXNz4I6qdhRqp/pmo+gV2MDjoFBpoR3W0TaulVh7xOV/JnSLRiTlw/Lbgoy P1LcFmo79iCBRGVaJwC9qVt6kyWUQtcjY30mCmG+RLTBPusQh4XcrcqvoTJndtFnj3tj EXEA== X-Forwarded-Encrypted: i=1; AJvYcCXFGgQebpLew/4oh3WQhLaEUtI25hZux8V1+qtOZbUstXizPzyinOKObVU4gzkC0Cn3T8JM2r7/3K1UuOCi8eUI@lists.infradead.org, AJvYcCXtGBrsyPjwLZ/Ui3PMRHjcGO95B0Z2kBSd4wm6gdJUdPD1hs416naAbPB2948rUxFXtl69QDFe1HQ+CVeMwps=@lists.infradead.org X-Gm-Message-State: AOJu0YyLU+dEaTeJWI0f2rRDid45Wp5Ct5TmyBRx+DFfTBNpmtqy2Kgl G5Rg1y+Mtj2kiLMS9MMYAQro3lWAMM0RJJyqkTljv2EOU3aBYp6N X-Gm-Gg: ASbGnctK8WEKbi/0blz6Qeq4t3x9VOha1FWDeFkRuxmZZzFy17bouTOR1Ji1GcPE4YQ DUxAfDKZlL3Kwb1y7wYzkvYsSFy94IiyUJ56tQQJ4AKCeJFGFHPzLgF9y7i2Paw/6umYBNgraWl p1rAOQyLp6lcRbqm+FGcAEexEgCQD2p9aychzICLoNRxkCTa29IVJHqli2aN1StnM6g9LgjRbec jXL1LpnbluQm+TasMrLdhTIL1R5rIQfOFmUhnoKzQJtDRs2yIZNb4nNpC4xHQm8gRI4DRsJJwEL RnByEc+rcOJzScvNor4k7loC/kFUQRTp1rzeldRSma5qCWcalvHTv6aH7HMVbOyNZqYijs4kqmI BLOvYYMVdhn1LHlfSVR8T87OL5XoVzDjySJAzu4AEhHk= X-Google-Smtp-Source: AGHT+IG9CXfC9QShMuEkr891X2vbkzQ2uh+igw8zIKBPddpTAHKgNLtJZSPLkYYg96Gm41ClW4AX7A== X-Received: by 2002:a17:907:3206:b0:abe:e981:f152 with SMTP id a640c23a62f3a-abf265a2a06mr522572366b.37.1740773777757; Fri, 28 Feb 2025 12:16:17 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-abf0c755c66sm340812666b.136.2025.02.28.12.16.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 28 Feb 2025 12:16:17 -0800 (PST) From: Eric Woudstra To: Michal Ostrowski , Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Ahmed Zaki , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, linux-hardening@vger.kernel.org, Kees Cook , "Gustavo A. R. Silva" , Eric Woudstra Subject: [PATCH v8 net-next 01/15] net: pppoe: avoid zero-length arrays in struct pppoe_hdr Date: Fri, 28 Feb 2025 21:15:19 +0100 Message-ID: <20250228201533.23836-2-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250228201533.23836-1-ericwouds@gmail.com> References: <20250228201533.23836-1-ericwouds@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250228_121619_779334_48B5F610 X-CRM114-Status: GOOD ( 13.99 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Jakub Kicinski suggested following patch: W=1 C=1 GCC build gives us: net/bridge/netfilter/nf_conntrack_bridge.c: note: in included file (through ../include/linux/if_pppox.h, ../include/uapi/linux/netfilter_bridge.h, ../include/linux/netfilter_bridge.h): include/uapi/linux/if_pppox.h: 153:29: warning: array of flexible structures It doesn't like that hdr has a zero-length array which overlaps proto. The kernel code doesn't currently need those arrays. PPPoE connection is functional after applying this patch. Signed-off-by: Eric Woudstra --- drivers/net/ppp/pppoe.c | 2 +- include/uapi/linux/if_pppox.h | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/net/ppp/pppoe.c b/drivers/net/ppp/pppoe.c index 2ea4f4890d23..cb86b78de429 100644 --- a/drivers/net/ppp/pppoe.c +++ b/drivers/net/ppp/pppoe.c @@ -881,7 +881,7 @@ static int pppoe_sendmsg(struct socket *sock, struct msghdr *m, skb->protocol = cpu_to_be16(ETH_P_PPP_SES); ph = skb_put(skb, total_len + sizeof(struct pppoe_hdr)); - start = (char *)&ph->tag[0]; + start = (char *)ph + sizeof(*ph); error = memcpy_from_msg(start, m, total_len); if (error < 0) { diff --git a/include/uapi/linux/if_pppox.h b/include/uapi/linux/if_pppox.h index 9abd80dcc46f..29b804aa7474 100644 --- a/include/uapi/linux/if_pppox.h +++ b/include/uapi/linux/if_pppox.h @@ -122,7 +122,9 @@ struct sockaddr_pppol2tpv3in6 { struct pppoe_tag { __be16 tag_type; __be16 tag_len; +#ifndef __KERNEL__ char tag_data[]; +#endif } __attribute__ ((packed)); /* Tag identifiers */ @@ -150,7 +152,9 @@ struct pppoe_hdr { __u8 code; __be16 sid; __be16 length; +#ifndef __KERNEL__ struct pppoe_tag tag[]; +#endif } __packed; /* Length of entire PPPoE + PPP header */ From patchwork Fri Feb 28 20:15:20 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13997135 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id EB246C282C5 for ; Fri, 28 Feb 2025 21:05:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=VGr0DGFtdF9vUQZNuQxbjKzErqMA9pCa8F2vVWAZr6U=; b=EBFQ3/p8zhfPz0zRQjuZgBZ5c/ etIpD0/Iwnz/Aa1oE0FMv2x5XShbHTaUw14xyyaYeBkuLuGt6OX34rotiP84ymFuxAumDUvTv7ffg cq7B5QgNqYCFkwy3esWksJqQSVKpqWBeJYRAHaIXp3dGOWN1cleYVw9yHadGC68QLmGvDBoW11aWU eF89g9cPANaIzNgBdpZX4kuAQD/ZYm1+AE3uy0cs0tztsYHvf1SSLMWo1NfWWjzdQO44MkLJpXNuX sBzMAxAAlhCIjgFdBCbrdpgDVcbWrNOdV9LG0zAZ/1UwwWaZogrIMu6c6nHzRCaoQVqSr6JRkxAYh 5XWgj29g==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1to7Xz-0000000Cg0i-1Z2v; Fri, 28 Feb 2025 21:05:27 +0000 Received: from mail-ej1-x62d.google.com ([2a00:1450:4864:20::62d]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1to6mT-0000000CYH7-0YLs; Fri, 28 Feb 2025 20:16:22 +0000 Received: by mail-ej1-x62d.google.com with SMTP id a640c23a62f3a-ab771575040so642978066b.1; Fri, 28 Feb 2025 12:16:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1740773779; x=1741378579; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=VGr0DGFtdF9vUQZNuQxbjKzErqMA9pCa8F2vVWAZr6U=; b=d8VXEV/bWrHqlQr6FtJF9I+w4/vSmGafM7uU+HbSQOd/LEMCkHKFJZS8DkCFpkSRNG DSsVyVQmxrvuvhQ180bS6Zy/tekgFT9njXM9DnJhqEsvpUd7B3tVgQ5iDiDCqumw/yWK BvDnS9iwZUwbXT6oGjLMesElYW3ix45k0TgAknlo3xkBNsGncDczSwQDOB9yCZcOvKh0 cQxicHpT8YJ1JC+DyHEE1Ot4YzMzoC6B5dhlL8hBiW5QSMHrsiLcuL+zNqHNygXgNBxl RE1aCGETixleWW0KUHiPguudRaf/0QCTxZGJfD6QBZfZqjlHSYZVzB0IStN/569vj0hT sXuw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740773779; x=1741378579; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=VGr0DGFtdF9vUQZNuQxbjKzErqMA9pCa8F2vVWAZr6U=; b=l0HzHwxvNK7T2Pn0mprJ9COwzILTrQ+tyLRAGzQdH/e49cS+BMQmIaz1skgWhvChfK qffB1o/KgfZpjSpBZvRk0axHdQ9O6yC/VS0oeKGXF41ZrrB2dAw3ryjwcX1vEupUlv18 RtHR6GpFDKNrMzxIzyzMT/WhlPPsysJo0JdwT0HuBdlGygUIeoSMyKE+I4fHQarE40Bo IKVKBnGgAl+ZCGB5+yyHbCSOsVPpvCChpJyJztlYmltroqZereDnpWYCBS2tQMiYz1y0 r+N+urAP54Xhrkk70X3tRs8uhjaKsKmY1I/drDIV9J7OSjtgNJFFDm7DFw2qbGuzadfk hgmA== X-Forwarded-Encrypted: i=1; AJvYcCUXEpUlUhoQOddg0K5CwFwtlLXcCJmfKvLDOhLCSSdOaPrPpdrlhs1LywApyeGavltmr3Mna0Q7FE1z78aq2p4=@lists.infradead.org, AJvYcCVdiWUpY+rHZb2lAJhkjYF8YrpSufpmnxhouzEy9B1qKFClNTSYySHMkfQdCGbbWN1jv9GqOgiqDweXNtxmEvTa@lists.infradead.org X-Gm-Message-State: AOJu0Ywyt7VKkifST/ZqoQo+UIQHLOU9tnSWCZDoj+amNUeO/kw1hf0k N8TA7gK56D4uPIqIyrsC2DjhM7hFmkmehlLsQbMklw1+vqTm+o35 X-Gm-Gg: ASbGncvPtNjRxjqzUkaqc0S8Z4UfcGfAW2FIW54DA/QGeLF4aK2UeLD5VBnA8LLf4MO RFdFKNPPxV3sSuFQXNR3NEWVIJBW6MDqoIEOoqGgSNgKPjQQa6DTst2RM/sG2rOrJzQOECN0U0f NSNttSIGj06Z0ZgtKgpgVKuXlnxkR/YFOM3vSQ0OBr/qH9dOJCkE83X9CbcZZMBfu/+mBh7O6gt M7HJhRkdGE0tpuCG9RQwgUUndumPtDfFzvuGAETC8aCEx67sUrsRu/WHUliH/MeUuF+NI1u/Emx AD1xMyUXSYTVpUv9Be7B/XcLE94gIul5PnRsy8oJ+6iHPdrXiofnTcK5zq+SRg8PVTunV+vlfOV sgs1weQCWqB8kGcRtv/FHDx86JNX599eBTEnO6vCTJww= X-Google-Smtp-Source: AGHT+IFSsO0D6FLoaTBr5CsWmwmRlLw+sSkoUxgYwd46U2pqe5KcLEx75Cg5UhavDa3o6cjGcNQ8Ug== X-Received: by 2002:a17:907:a4c7:b0:abb:af33:d0ac with SMTP id a640c23a62f3a-abf0605eec7mr944542066b.16.1740773779092; Fri, 28 Feb 2025 12:16:19 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-abf0c755c66sm340812666b.136.2025.02.28.12.16.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 28 Feb 2025 12:16:18 -0800 (PST) From: Eric Woudstra To: Michal Ostrowski , Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Ahmed Zaki , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, linux-hardening@vger.kernel.org, Kees Cook , "Gustavo A. R. Silva" , Eric Woudstra Subject: [PATCH v8 net-next 02/15] netfilter: nf_flow_table_offload: Add nf_flow_encap_push() for xmit direct Date: Fri, 28 Feb 2025 21:15:20 +0100 Message-ID: <20250228201533.23836-3-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250228201533.23836-1-ericwouds@gmail.com> References: <20250228201533.23836-1-ericwouds@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250228_121621_177680_3E9218E0 X-CRM114-Status: GOOD ( 19.71 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Loosely based on wenxu's patches: "nf_flow_table_offload: offload the vlan/PPPoE encap in the flowtable". Fixed double vlan and pppoe packets, almost entirely rewriting the patch. After this patch, it is possible to transmit packets in the fastpath with outgoing encaps, without using vlan- and/or pppoe-devices. This makes it possible to use more different kinds of network setups. For example, when bridge tagging is used to egress vlan tagged packets using the forward fastpath. Another example is passing 802.1q tagged packets through a bridge using the bridge fastpath. This also makes the software fastpath process more similar to the hardware offloaded fastpath process, where encaps are also pushed. After applying this patch, always info->outdev = info->hw_outdev, so the netfilter code can be further cleaned up by removing: * hw_outdev from struct nft_forward_info * out.hw_ifindex from struct nf_flow_route * out.hw_ifidx from struct flow_offload_tuple Reviewed-by: Nikolay Aleksandrov Signed-off-by: Eric Woudstra --- net/netfilter/nf_flow_table_ip.c | 96 +++++++++++++++++++++++++++++++- net/netfilter/nft_flow_offload.c | 6 +- 2 files changed, 96 insertions(+), 6 deletions(-) diff --git a/net/netfilter/nf_flow_table_ip.c b/net/netfilter/nf_flow_table_ip.c index 8cd4cf7ae211..d0c3c459c4d2 100644 --- a/net/netfilter/nf_flow_table_ip.c +++ b/net/netfilter/nf_flow_table_ip.c @@ -306,6 +306,92 @@ static bool nf_flow_skb_encap_protocol(struct sk_buff *skb, __be16 proto, return false; } +static int nf_flow_vlan_inner_push(struct sk_buff *skb, __be16 proto, u16 id) +{ + struct vlan_hdr *vhdr; + + if (skb_cow_head(skb, VLAN_HLEN)) + return -1; + + __skb_push(skb, VLAN_HLEN); + skb_reset_network_header(skb); + + vhdr = (struct vlan_hdr *)(skb->data); + vhdr->h_vlan_TCI = htons(id); + vhdr->h_vlan_encapsulated_proto = skb->protocol; + skb->protocol = proto; + + return 0; +} + +static int nf_flow_ppoe_push(struct sk_buff *skb, u16 id) +{ + struct ppp_hdr { + struct pppoe_hdr hdr; + __be16 proto; + } *ph; + int data_len = skb->len + 2; + __be16 proto; + + if (skb_cow_head(skb, PPPOE_SES_HLEN)) + return -1; + + if (skb->protocol == htons(ETH_P_IP)) + proto = htons(PPP_IP); + else if (skb->protocol == htons(ETH_P_IPV6)) + proto = htons(PPP_IPV6); + else + return -1; + + __skb_push(skb, PPPOE_SES_HLEN); + skb_reset_network_header(skb); + + ph = (struct ppp_hdr *)(skb->data); + ph->hdr.ver = 1; + ph->hdr.type = 1; + ph->hdr.code = 0; + ph->hdr.sid = htons(id); + ph->hdr.length = htons(data_len); + ph->proto = proto; + skb->protocol = htons(ETH_P_PPP_SES); + + return 0; +} + +static int nf_flow_encap_push(struct sk_buff *skb, + struct flow_offload_tuple_rhash *tuplehash, + unsigned short *type) +{ + int i = 0, ret = 0; + + if (!tuplehash->tuple.encap_num) + return 0; + + if (tuplehash->tuple.encap[i].proto == htons(ETH_P_8021Q) || + tuplehash->tuple.encap[i].proto == htons(ETH_P_8021AD)) { + __vlan_hwaccel_put_tag(skb, tuplehash->tuple.encap[i].proto, + tuplehash->tuple.encap[i].id); + i++; + if (i >= tuplehash->tuple.encap_num) + return 0; + } + + switch (tuplehash->tuple.encap[i].proto) { + case htons(ETH_P_8021Q): + *type = ETH_P_8021Q; + ret = nf_flow_vlan_inner_push(skb, + tuplehash->tuple.encap[i].proto, + tuplehash->tuple.encap[i].id); + break; + case htons(ETH_P_PPP_SES): + *type = ETH_P_PPP_SES; + ret = nf_flow_ppoe_push(skb, + tuplehash->tuple.encap[i].id); + break; + } + return ret; +} + static void nf_flow_encap_pop(struct sk_buff *skb, struct flow_offload_tuple_rhash *tuplehash) { @@ -335,6 +421,7 @@ static void nf_flow_encap_pop(struct sk_buff *skb, static unsigned int nf_flow_queue_xmit(struct net *net, struct sk_buff *skb, const struct flow_offload_tuple_rhash *tuplehash, + struct flow_offload_tuple_rhash *other_tuplehash, unsigned short type) { struct net_device *outdev; @@ -343,6 +430,9 @@ static unsigned int nf_flow_queue_xmit(struct net *net, struct sk_buff *skb, if (!outdev) return NF_DROP; + if (nf_flow_encap_push(skb, other_tuplehash, &type) < 0) + return NF_DROP; + skb->dev = outdev; dev_hard_header(skb, skb->dev, type, tuplehash->tuple.out.h_dest, tuplehash->tuple.out.h_source, skb->len); @@ -462,7 +552,8 @@ nf_flow_offload_ip_hook(void *priv, struct sk_buff *skb, ret = NF_STOLEN; break; case FLOW_OFFLOAD_XMIT_DIRECT: - ret = nf_flow_queue_xmit(state->net, skb, tuplehash, ETH_P_IP); + ret = nf_flow_queue_xmit(state->net, skb, tuplehash, + &flow->tuplehash[!dir], ETH_P_IP); if (ret == NF_DROP) flow_offload_teardown(flow); break; @@ -757,7 +848,8 @@ nf_flow_offload_ipv6_hook(void *priv, struct sk_buff *skb, ret = NF_STOLEN; break; case FLOW_OFFLOAD_XMIT_DIRECT: - ret = nf_flow_queue_xmit(state->net, skb, tuplehash, ETH_P_IPV6); + ret = nf_flow_queue_xmit(state->net, skb, tuplehash, + &flow->tuplehash[!dir], ETH_P_IPV6); if (ret == NF_DROP) flow_offload_teardown(flow); break; diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index 46a6d280b09c..b4baee519e18 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -124,13 +124,12 @@ static void nft_dev_path_info(const struct net_device_path_stack *stack, info->indev = NULL; break; } - if (!info->outdev) - info->outdev = path->dev; info->encap[info->num_encaps].id = path->encap.id; info->encap[info->num_encaps].proto = path->encap.proto; info->num_encaps++; if (path->type == DEV_PATH_PPPOE) memcpy(info->h_dest, path->encap.h_dest, ETH_ALEN); + info->xmit_type = FLOW_OFFLOAD_XMIT_DIRECT; break; case DEV_PATH_BRIDGE: if (is_zero_ether_addr(info->h_source)) @@ -158,8 +157,7 @@ static void nft_dev_path_info(const struct net_device_path_stack *stack, break; } } - if (!info->outdev) - info->outdev = info->indev; + info->outdev = info->indev; info->hw_outdev = info->indev; From patchwork Fri Feb 28 20:15:21 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13997137 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 425E1C282C5 for ; Fri, 28 Feb 2025 21:07:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=h3xV3TA0ockrC7/s5OEcRj/pNoR8pLIoTTKhN2eYQLw=; b=4iA0rrY6PVy5ANkwsLIZaOFejn N8gblw88afQL0DAlZG2dlNHobxP5Uv4+3krd8Qywmmx+fiKgdHbCEWf/NfGOjDl45OTCyM8UCobV0 BL5LoMirHg0O1xqd8GhF1cZC7I+6m6ZPd04jmx74QIAAr31qkI/x4F/IjtchojHWHRGkfgyaZH2vK oBS3PA1rpVqu23egIapxuvM5PAPmJHfv2h+/qjvUc5WHupy1qPJNnPrK+jgt6faSPCh2nlwIfjFGG ZaXog3i7JOMlfsMmlo8azgizzzWr19aGlgVs5qLMHpSAUV0A+Sk7wYvjTrPGu2JpA5Nl9muQRpsP2 gbcxkisA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1to7ZV-0000000Cg7u-0N7t; Fri, 28 Feb 2025 21:07:01 +0000 Received: from mail-ej1-x629.google.com ([2a00:1450:4864:20::629]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1to6mT-0000000CYHy-3iXi; Fri, 28 Feb 2025 20:16:22 +0000 Received: by mail-ej1-x629.google.com with SMTP id a640c23a62f3a-abee54ae370so357715266b.3; Fri, 28 Feb 2025 12:16:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1740773780; x=1741378580; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=h3xV3TA0ockrC7/s5OEcRj/pNoR8pLIoTTKhN2eYQLw=; b=aXag8VbfvbL7fwGwo1x1bWHjst9AQaYRLYkBattUnOgfNRtlN9OiiukFYGExtYP6Ca 7kYrSGuIy33cCZvSvsx/TvzBFiWABL7Iaj9NtyLY+R1kPCSrzEXZio5s+DQ2PM3xo/AR DXyY7jr9fm055adx0wI/3yZp/h3i3MMMLHrasBU48j0cF52/W8rvTZY4+81p3p1DlUVX I15zkBUMjA6Sj8aU/we+/zUJyGjNw4cxaHYurO6r+OwDxIIcjZpc/ha4+HzGLtqzOIAt a0u5Tbz/HV1CznND3Xy+F6+4q5GwibaMjBC+APqQf6vBK12p+6LpHD7UctTYNBFVg31Z 7FPQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740773780; x=1741378580; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=h3xV3TA0ockrC7/s5OEcRj/pNoR8pLIoTTKhN2eYQLw=; b=lt8MPhR0il7nSkCSm6QddfLG0CFeA6HrG8XAfwAQ8CtLCL8d9X/Q1wnwWcCeo3gGyt KAolBhEw2xo5H3pGNT09wS19mHLKFo4Qnj3DdJRJ6e/20KDu82xEFGIPxwQHzwpnIZp6 2K8W4dfNq7gJ/gwoK2HMW1Ho0e9O1ncW+/b3iyBg4SlWWdkF0SeBloCXiVSv/QL2gFNJ slwMSERlD9Gvperj56t1u+s3JOGJwHSu0S84jTr9+gkXX4YEXRQ3/AlLxTcD90rxChV3 3oL4Ddm6Lhb/f2VYpUd6KfIabx/TdxLPPzZsXUVHo9sMv0d08OlGbKE1lqDJO8FtE7y9 y9FQ== X-Forwarded-Encrypted: i=1; AJvYcCVmnVYwIBK9FJYwBbCl8nu313OHau568UMZT/Vs6Rh+COyV7+2yHh4q7L9HEcCH78MCzqHIPL67ccsdW8YH3DFi@lists.infradead.org, AJvYcCWEKvHWofhO/fxh+SedSoxxSV+8LmRf4dodRJ218YTUoJGt+L9mYEEU1jQV1LQuudueMWXPgaTJVRxpT2ITihU=@lists.infradead.org X-Gm-Message-State: AOJu0YxqvaGXZZC6hrCH5aLnBufTIS8RsN9OTK11dJEjkkBKsGck3mWE wrnqvDMCeqe4ESaTb9E686Id5LrIPRJfqdwak+/uxhqkSEs0ksBF X-Gm-Gg: ASbGncvyIrGuPoyT9Y+GUf7NhYJXxxkK/lpOWkCznFUjKaP11u6pLbJBddPF26PVrQl TGwSv+RA2Kq/+Io7fdDebr6ZlIoLCOH6gs17HM7RwNEGG7x14Jn92N1EucroNNduEvJzzsqq14e 3KTttdzk/8SxVVbByVh7mRu2Raerm07r6qCmr5MrgiC3JOA8f16V8N513aTQVY5iTs55FZHK1YZ 1c3OzAkO/va1Rz0YM032CXjZ1NuJ7bsXkp8NmrUnvyx102VKCfaMFVQB+TKzZIaQWuc/u9EqlsX xcMpNLFgrWBKhJDwVkqtul2bWpAYn2NexEkdNXTbaezBoX/P6uq0LqTVq86q2HTYFmpOXfZXdqx jsFfqgJXXmMDEzqnLIgn+n0duN4N09ZDo034gj0Mv4jQ= X-Google-Smtp-Source: AGHT+IEiUtc0XSpuKyIKeLozoVWm4Sd50Qjo2FMlO/4dpvxhs03yVO3P9mswx5jt1Mq2Z2AMyoPXJw== X-Received: by 2002:a17:907:9408:b0:abf:19ac:76d with SMTP id a640c23a62f3a-abf269b9a91mr541954866b.51.1740773780345; Fri, 28 Feb 2025 12:16:20 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-abf0c755c66sm340812666b.136.2025.02.28.12.16.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 28 Feb 2025 12:16:19 -0800 (PST) From: Eric Woudstra To: Michal Ostrowski , Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Ahmed Zaki , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, linux-hardening@vger.kernel.org, Kees Cook , "Gustavo A. R. Silva" , Eric Woudstra Subject: [PATCH v8 net-next 03/15] netfilter: flow: remove hw_outdev, out.hw_ifindex and out.hw_ifidx Date: Fri, 28 Feb 2025 21:15:21 +0100 Message-ID: <20250228201533.23836-4-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250228201533.23836-1-ericwouds@gmail.com> References: <20250228201533.23836-1-ericwouds@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250228_121621_935751_981A4D35 X-CRM114-Status: GOOD ( 14.85 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Now always info->outdev == info->hw_outdev, so the netfilter code can be further cleaned up by removing: * hw_outdev from struct nft_forward_info * out.hw_ifindex from struct nf_flow_route * out.hw_ifidx from struct flow_offload_tuple Reviewed-by: Nikolay Aleksandrov Signed-off-by: Eric Woudstra --- include/net/netfilter/nf_flow_table.h | 2 -- net/netfilter/nf_flow_table_core.c | 1 - net/netfilter/nf_flow_table_offload.c | 2 +- net/netfilter/nft_flow_offload.c | 4 ---- 4 files changed, 1 insertion(+), 8 deletions(-) diff --git a/include/net/netfilter/nf_flow_table.h b/include/net/netfilter/nf_flow_table.h index d711642e78b5..4ab32fb61865 100644 --- a/include/net/netfilter/nf_flow_table.h +++ b/include/net/netfilter/nf_flow_table.h @@ -145,7 +145,6 @@ struct flow_offload_tuple { }; struct { u32 ifidx; - u32 hw_ifidx; u8 h_source[ETH_ALEN]; u8 h_dest[ETH_ALEN]; } out; @@ -211,7 +210,6 @@ struct nf_flow_route { } in; struct { u32 ifindex; - u32 hw_ifindex; u8 h_source[ETH_ALEN]; u8 h_dest[ETH_ALEN]; } out; diff --git a/net/netfilter/nf_flow_table_core.c b/net/netfilter/nf_flow_table_core.c index 9d8361526f82..1e5d3735c028 100644 --- a/net/netfilter/nf_flow_table_core.c +++ b/net/netfilter/nf_flow_table_core.c @@ -127,7 +127,6 @@ static int flow_offload_fill_route(struct flow_offload *flow, memcpy(flow_tuple->out.h_source, route->tuple[dir].out.h_source, ETH_ALEN); flow_tuple->out.ifidx = route->tuple[dir].out.ifindex; - flow_tuple->out.hw_ifidx = route->tuple[dir].out.hw_ifindex; dst_release(dst); break; case FLOW_OFFLOAD_XMIT_XFRM: diff --git a/net/netfilter/nf_flow_table_offload.c b/net/netfilter/nf_flow_table_offload.c index e06bc36f49fe..d8f7bfd60ac6 100644 --- a/net/netfilter/nf_flow_table_offload.c +++ b/net/netfilter/nf_flow_table_offload.c @@ -555,7 +555,7 @@ static void flow_offload_redirect(struct net *net, switch (this_tuple->xmit_type) { case FLOW_OFFLOAD_XMIT_DIRECT: this_tuple = &flow->tuplehash[dir].tuple; - ifindex = this_tuple->out.hw_ifidx; + ifindex = this_tuple->out.ifidx; break; case FLOW_OFFLOAD_XMIT_NEIGH: other_tuple = &flow->tuplehash[!dir].tuple; diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index b4baee519e18..5ef2f4ba7ab8 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -80,7 +80,6 @@ static int nft_dev_fill_forward_path(const struct nf_flow_route *route, struct nft_forward_info { const struct net_device *indev; const struct net_device *outdev; - const struct net_device *hw_outdev; struct id { __u16 id; __be16 proto; @@ -159,8 +158,6 @@ static void nft_dev_path_info(const struct net_device_path_stack *stack, } info->outdev = info->indev; - info->hw_outdev = info->indev; - if (nf_flowtable_hw_offload(flowtable) && nft_is_valid_ether_device(info->indev)) info->xmit_type = FLOW_OFFLOAD_XMIT_DIRECT; @@ -212,7 +209,6 @@ static void nft_dev_forward_path(struct nf_flow_route *route, memcpy(route->tuple[dir].out.h_source, info.h_source, ETH_ALEN); memcpy(route->tuple[dir].out.h_dest, info.h_dest, ETH_ALEN); route->tuple[dir].out.ifindex = info.outdev->ifindex; - route->tuple[dir].out.hw_ifindex = info.hw_outdev->ifindex; route->tuple[dir].xmit_type = info.xmit_type; } } From patchwork Fri Feb 28 20:15:22 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13997138 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 2C8B6C282C5 for ; Fri, 28 Feb 2025 21:08:42 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=+rhlCg4/52AHm6e8tJsmpQptNUxepmsLI5spztxpn6c=; b=B4CGnIGqwolBXgPRWs+Tf97dSi 91Ha7Ofryq0Cb0hYuPRAgD9JnyeEc++YsNJHmay0Y3RigjCzJxdBRfRf/qMpDfm2KkriMgNbKNVnZ fijy2ykkmVn4uQmwFaPkgajrRWWpVTP1+CGmHHjOFMKPy+DmPdfEGjeDat5Cew5PrV4UGaKrKUmn0 WBvp1GcO6AJIyPujxGZhYfgIaweNu8P4SBmEpd+qciv2J4DVEyLTY70k7fc7VDkcCvyPkUJDeLN5S 6M6gubFqq3YmkaQla6CIBrCrKUN4RBAswfXh63ovObvU8XJUPzaPE4om8qEecx7g5mfaCQ8P9T1YN wPvXxsMg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1to7b0-0000000CgFq-34Ls; Fri, 28 Feb 2025 21:08:34 +0000 Received: from mail-ej1-x636.google.com ([2a00:1450:4864:20::636]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1to6mV-0000000CYIa-2Lfl; Fri, 28 Feb 2025 20:16:24 +0000 Received: by mail-ej1-x636.google.com with SMTP id a640c23a62f3a-abbac134a19so382821566b.0; Fri, 28 Feb 2025 12:16:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1740773782; x=1741378582; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=+rhlCg4/52AHm6e8tJsmpQptNUxepmsLI5spztxpn6c=; b=nQLu5eYs50+PuJA9GYQa6THup2jMper7ooTXTlyPwhINjJdAeSbfFA4HGrZ5x8cd+4 qxmZeJbsT+/pgNYqswxeX7J+bNNinH2eZmxzujyBbHnRUcdcaIlCU7KUdy39ZnNe5vmC N4EeQuR69eWtepbTBgjRD0wq5UHHzwCBl2N+M2vxky4fmQvFsYExVn+qNtCXF/OvIsGZ gNX2E/LNgEWR8PiybVC5jgB3kD8rCds5c7MHDVrXIMdWkWYv/Kn14YP65jMzRpsHmRm1 v3u6/lbdRSQ/kPj8DH7dCIlnCDqEo4fr6+GKdb2m4cYpydwrOiDIs9nIzR1ZY4pPbscm 8dXA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740773782; x=1741378582; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=+rhlCg4/52AHm6e8tJsmpQptNUxepmsLI5spztxpn6c=; b=utycOAmrYrhGY/uUvW6P1yxeTcqzhwjJXKiPoPFq4DsFobnnvCHyMIs5f/G7h949kf 0sXDMHSgytrK/uUq036S5mFSrP5AC5jj8fjaVOIvB3oP9iRG4Zhi+fQJnNrM3K87Oogx c0W1BoCpieTTO+W8TP7N1IuyhxomjBxAbZdAaVB9WUFPsDu1YhcFoZNzbC6vS9PUcnoY 4diLzsCYe3OL5OuJ1cetrL2b1XzH4H5GdkNX7tk973kgoG/UVlxDcbHofLzS93mrMshm VsRT5k8TTy9nxideUWzSfTVWKWxzI62GEv9qK9ntXi5XhX2QR3rjmvr9adNgBTC+DmoM kCEA== X-Forwarded-Encrypted: i=1; AJvYcCUFFV/2iD/FNKDjZaKpAH4dr0zIDEAWq1IfICtBhex4h5CbVsQZVL42rj3Zw9BWi1V8OfDcgL0kgVq7sL/LFTHb@lists.infradead.org, AJvYcCXtJL4c4qHpuuXTNQ2ya0g/eE3+35mAyQz4mtG8iSko5eyvhYK2URQTf9mjWX+5ze/H/U6508deYSDe9wRrepw=@lists.infradead.org X-Gm-Message-State: AOJu0YxKhwIOU5Cw8sDmlr6FqjeD+b6LFOM/8RcVIhfuvCpRjTAZc7ED 8eTNFkvW2yZRWQoL339C7+yoAsDSdjrvcQ9I9x2GGyC+spFMa51Z X-Gm-Gg: ASbGncs8/+KIkniVUy3rxOd2u3oQGchz7EFrBfncUDnkZup/SjKp9JegOcLVZ7HZN8k ezCAK7iX8aBbzXwmvPn2SNBtpsqnLCC9xPny3e4WxBJ+Ufx0gkgJ1FneMOdJKt0g1iyiXpqbX6d f7E/CGJHsYnMDDFIZtFFZjt4wyaDZWPdlR2LFg2xlLDFVQq8FAxw+ZzHtR6rP+T3TL7vl1tSpFa CwGRgFCcqBzC2/Wxd1AYgeQh0H9db2EXahZU8b1AghTrD0OPtuLMyGrlUfdF7axTqhzdY7Jsxf8 LyOXF0mYzFX8A4D2SwAl+ePm1eBh7W5JxOMnT+NBkStXJPukxJD4fPD9Qhq8SwD6TUQZdRVNyIw 6J5nb9DHK3ZmAqM1tMPXo/RS4YBe3KYLzOk2qLMPmhwk= X-Google-Smtp-Source: AGHT+IGiUhgcy0UU2Q21kNRFUyXsV4EZ5JKfRHYY7rLJLVAwzjlILW+HrVFwXhJC9gDCOjiMIMoAKA== X-Received: by 2002:a17:907:2d90:b0:ab7:8930:5669 with SMTP id a640c23a62f3a-abf25fbb482mr535437266b.18.1740773781534; Fri, 28 Feb 2025 12:16:21 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-abf0c755c66sm340812666b.136.2025.02.28.12.16.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 28 Feb 2025 12:16:21 -0800 (PST) From: Eric Woudstra To: Michal Ostrowski , Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Ahmed Zaki , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, linux-hardening@vger.kernel.org, Kees Cook , "Gustavo A. R. Silva" , Eric Woudstra Subject: [PATCH v8 net-next 04/15] netfilter: bridge: Add conntrack double vlan and pppoe Date: Fri, 28 Feb 2025 21:15:22 +0100 Message-ID: <20250228201533.23836-5-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250228201533.23836-1-ericwouds@gmail.com> References: <20250228201533.23836-1-ericwouds@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250228_121623_595755_D523DE9C X-CRM114-Status: GOOD ( 14.03 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org This adds the capability to conntrack 802.1ad, QinQ, PPPoE and PPPoE-in-Q packets that are passing a bridge. Signed-off-by: Eric Woudstra --- net/bridge/netfilter/nf_conntrack_bridge.c | 83 ++++++++++++++++++---- 1 file changed, 71 insertions(+), 12 deletions(-) diff --git a/net/bridge/netfilter/nf_conntrack_bridge.c b/net/bridge/netfilter/nf_conntrack_bridge.c index 816bb0fde718..4b4e3751fb13 100644 --- a/net/bridge/netfilter/nf_conntrack_bridge.c +++ b/net/bridge/netfilter/nf_conntrack_bridge.c @@ -242,53 +242,112 @@ static unsigned int nf_ct_bridge_pre(void *priv, struct sk_buff *skb, { struct nf_hook_state bridge_state = *state; enum ip_conntrack_info ctinfo; + int ret, offset = 0; struct nf_conn *ct; - u32 len; - int ret; + __be16 outer_proto; + u32 len, data_len; ct = nf_ct_get(skb, &ctinfo); if ((ct && !nf_ct_is_template(ct)) || ctinfo == IP_CT_UNTRACKED) return NF_ACCEPT; + switch (skb->protocol) { + case htons(ETH_P_PPP_SES): { + struct ppp_hdr { + struct pppoe_hdr hdr; + __be16 proto; + } *ph; + + offset = PPPOE_SES_HLEN; + if (!pskb_may_pull(skb, offset)) + return NF_ACCEPT; + outer_proto = skb->protocol; + ph = (struct ppp_hdr *)(skb->data); + switch (ph->proto) { + case htons(PPP_IP): + skb->protocol = htons(ETH_P_IP); + break; + case htons(PPP_IPV6): + skb->protocol = htons(ETH_P_IPV6); + break; + default: + nf_ct_set(skb, NULL, IP_CT_UNTRACKED); + return NF_ACCEPT; + } + data_len = ntohs(ph->hdr.length) - 2; + skb_pull_rcsum(skb, offset); + skb_reset_network_header(skb); + break; + } + case htons(ETH_P_8021Q): { + struct vlan_hdr *vhdr; + + offset = VLAN_HLEN; + if (!pskb_may_pull(skb, offset)) + return NF_ACCEPT; + outer_proto = skb->protocol; + vhdr = (struct vlan_hdr *)(skb->data); + skb->protocol = vhdr->h_vlan_encapsulated_proto; + data_len = U32_MAX; + skb_pull_rcsum(skb, offset); + skb_reset_network_header(skb); + break; + } + default: + data_len = U32_MAX; + break; + } + + ret = NF_ACCEPT; switch (skb->protocol) { case htons(ETH_P_IP): if (!pskb_may_pull(skb, sizeof(struct iphdr))) - return NF_ACCEPT; + goto do_not_track; len = skb_ip_totlen(skb); + if (data_len < len) + len = data_len; if (pskb_trim_rcsum(skb, len)) - return NF_ACCEPT; + goto do_not_track; if (nf_ct_br_ip_check(skb)) - return NF_ACCEPT; + goto do_not_track; bridge_state.pf = NFPROTO_IPV4; ret = nf_ct_br_defrag4(skb, &bridge_state); break; case htons(ETH_P_IPV6): if (!pskb_may_pull(skb, sizeof(struct ipv6hdr))) - return NF_ACCEPT; + goto do_not_track; len = sizeof(struct ipv6hdr) + ntohs(ipv6_hdr(skb)->payload_len); + if (data_len < len) + len = data_len; if (pskb_trim_rcsum(skb, len)) - return NF_ACCEPT; + goto do_not_track; if (nf_ct_br_ipv6_check(skb)) - return NF_ACCEPT; + goto do_not_track; bridge_state.pf = NFPROTO_IPV6; ret = nf_ct_br_defrag6(skb, &bridge_state); break; default: nf_ct_set(skb, NULL, IP_CT_UNTRACKED); - return NF_ACCEPT; + goto do_not_track; } - if (ret != NF_ACCEPT) - return ret; + if (ret == NF_ACCEPT) + ret = nf_conntrack_in(skb, &bridge_state); - return nf_conntrack_in(skb, &bridge_state); +do_not_track: + if (offset) { + skb_push_rcsum(skb, offset); + skb_reset_network_header(skb); + skb->protocol = outer_proto; + } + return ret; } static unsigned int nf_ct_bridge_in(void *priv, struct sk_buff *skb, From patchwork Fri Feb 28 20:15:23 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13997139 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id B0988C282C6 for ; Fri, 28 Feb 2025 21:10:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=ukwtTV0ExXBJKM7v4LhbJXSMG6hQJqW8GgzzDxNF23M=; b=pwQVwObFJP9lLS4EMUGTgg1siV 1cXo8m8BaM7Pt4jFn/prK7AyguE469act7mpwZ7vVCuTQiOfj9hCEpM8UIah7kbyI3orm1A5kNrOM s1YBVIu7lCu+RrM6m1aAsde1BFfo44t6vIfbUsrlfuJeapjARA1gp13nhIGcnPOS4RyXnNEUITyOM 23AF5Pl51hpAeECpL9T1CjjtqSFKfZtbafZdYYBeRXwwYDppH+HsVq7l5+HFIDbDcm7EbIWK0LSKJ Ltj1KCQSakjEcExaTItT9rsjqhQMnoNBn0FK2BREZMODD/OsEU5xU6P8whNJKzT7h3TQpAtbw7Ijc mDI7nKZA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1to7cW-0000000CgNu-1YlQ; Fri, 28 Feb 2025 21:10:08 +0000 Received: from mail-ej1-x634.google.com ([2a00:1450:4864:20::634]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1to6mW-0000000CYJ6-2lL9; Fri, 28 Feb 2025 20:16:25 +0000 Received: by mail-ej1-x634.google.com with SMTP id a640c23a62f3a-aaec61d0f65so517565966b.1; Fri, 28 Feb 2025 12:16:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1740773783; x=1741378583; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=ukwtTV0ExXBJKM7v4LhbJXSMG6hQJqW8GgzzDxNF23M=; b=cs8rBBJCyy2XQpW7n0rhXTpWskepqRMOSzcj90mvduVWdgr67Eud3nkBsknP7IAwnh c6FH6LmF32j2QUqkF1oe3ihqUzyKQxOYKm5H7oXuyEDhGbbvrSqGHFzJW8bcW40OYWl8 U5kitEKHbnCUMp1lmIqmUEtrGzpn5QQnz1zzpcBlWlAwNbnQKLF/BRLo5I+VhTJ2ec9E 3o0A3ffwOc9kReEKQroZHt1lJfFcIzl1At2QcpSDFve9QUq0KCUvsfr38Y1KZnawAbgx 95X04D+HBE1HW5UxO90dBv8GLVC8PiyL2EMHYjui6PRc1Ad7mmOtzLqE/h8pUH/dJWV+ t9kw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740773783; x=1741378583; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ukwtTV0ExXBJKM7v4LhbJXSMG6hQJqW8GgzzDxNF23M=; b=CNPtvFt4NF+oNuegmhlcEkBD9O3fDOgYftrujTWH+e541HIm/4I0xHTzBbzerifo2u JUNEvsJqfyiY4o6Ip17CzN1lZzhADLPgQXz9bmDINTP1ya3/dn4/cazVBchda0CAfHvI U+J8TpE1zEbTipoV4+/uKjTEi3irEHCX3RfiSS97L9vHzfdl0ZeTTOsotouJhYXvhUS3 TC1C93nNUO6c5jj17JJc0jJQtOFPt1e4uMJP/YzJvjWRibPwKF/7X7YXKipEnee5pwIG RIhc4NnTS5LkkNvkNWAHlqYy8k4D4lMm8t8huUGzubWnXnWiYwcQZICdujnMhy7I3DB1 4nUw== X-Forwarded-Encrypted: i=1; AJvYcCWnA7QOj2G1oV4BrxwuuZD4GZMnb+UXyAIxb6EVRhX2oAUo9AmXqjYcRJWPO4LOnqRqXvH18/1G8uQ4TxuWeZKT@lists.infradead.org, AJvYcCXbsgd0V3vbe2dEeGDuD+mZN2LneWbEcLYq+F5xQhU5zeBcRgf+0HJVK4eIixgPpMbHi9tWb5F25NmDTtQ5ISM=@lists.infradead.org X-Gm-Message-State: AOJu0YzZsTrfjbxXeW5ImTAa5+UvcTSXPnYXzScKIWM3debvOClqU4+R Om+5gnc6jFCJIryQiDd1SPvHhBmB5PGxW5PWp1LqwZy+xjygF83U X-Gm-Gg: ASbGnctj5NlqwydE1HUOx9ZQILX14qGxMo+Yw2blhwWDLC0pBetSFeV2bD6t/3cAr9v svGeFZnanh4Ecwdhy9gfa+Ol4HjnH7tPk09Vmr0ZFsaZ7sn3HAMZD4K7gT1c/eCDNYc+C7KqCzi BeT38rqm56m9EHcH/4kpbKoBtk1ncVtjyY3aBwmUWfcsgu21ELEzOGafqkdpQd44/varvS9fbCn MDW8mNQqC2hjajaE8UBrPo+ktibgBmxL2hTHUVIJzBWPRDCiBznLYaLKBs9ita/rLM1zUfo8ON1 ghsfKWee5FqgsZijKOhl+UntBPl8qzypfgi1XUgtp8S8Llwg1q4iBSFeRguyJ30e9B7oDUGWiZr 4YnSpJRvMrH+mymSYa+IEEdOzSsSVrszl4OclA3XkA4I= X-Google-Smtp-Source: AGHT+IFuUzdbgaD/IFSs5QLipx4iHpbTunJtFdHt4pWJCQ/QSyvZEmN8DMfkaEXDfQkozt/2Pfk6qg== X-Received: by 2002:a17:906:6a05:b0:abf:16f8:5190 with SMTP id a640c23a62f3a-abf26822611mr449155566b.44.1740773782957; Fri, 28 Feb 2025 12:16:22 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-abf0c755c66sm340812666b.136.2025.02.28.12.16.21 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 28 Feb 2025 12:16:22 -0800 (PST) From: Eric Woudstra To: Michal Ostrowski , Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Ahmed Zaki , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, linux-hardening@vger.kernel.org, Kees Cook , "Gustavo A. R. Silva" , Eric Woudstra Subject: [PATCH v8 net-next 05/15] netfilter: nft_chain_filter: Add bridge double vlan and pppoe Date: Fri, 28 Feb 2025 21:15:23 +0100 Message-ID: <20250228201533.23836-6-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250228201533.23836-1-ericwouds@gmail.com> References: <20250228201533.23836-1-ericwouds@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250228_121624_700350_25BDC263 X-CRM114-Status: GOOD ( 11.88 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org This adds the capability to evaluate 802.1ad, QinQ, PPPoE and PPPoE-in-Q packets in the bridge filter chain. Reviewed-by: Nikolay Aleksandrov Signed-off-by: Eric Woudstra --- net/netfilter/nft_chain_filter.c | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/net/netfilter/nft_chain_filter.c b/net/netfilter/nft_chain_filter.c index 19a553550c76..7c7080c1a67d 100644 --- a/net/netfilter/nft_chain_filter.c +++ b/net/netfilter/nft_chain_filter.c @@ -232,11 +232,27 @@ nft_do_chain_bridge(void *priv, struct sk_buff *skb, const struct nf_hook_state *state) { + struct ethhdr *ethh = eth_hdr(skb); struct nft_pktinfo pkt; + int thoff; nft_set_pktinfo(&pkt, skb, state); - switch (eth_hdr(skb)->h_proto) { + switch (ethh->h_proto) { + case htons(ETH_P_PPP_SES): + thoff = PPPOE_SES_HLEN; + ethh += thoff; + break; + case htons(ETH_P_8021Q): + thoff = VLAN_HLEN; + ethh += thoff; + break; + default: + thoff = 0; + break; + } + + switch (ethh->h_proto) { case htons(ETH_P_IP): nft_set_pktinfo_ipv4_validate(&pkt); break; @@ -248,6 +264,8 @@ nft_do_chain_bridge(void *priv, break; } + pkt.thoff += thoff; + return nft_do_chain(&pkt, priv); } From patchwork Fri Feb 28 20:15:24 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13997130 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 1DDEBC282C5 for ; Fri, 28 Feb 2025 20:53:09 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=glD7coNk2GO9/l1adKLN+uo1Xfh2D3YWudU7CjoMsSA=; b=JNjPwiHRP3vlijc2AcGCqjQPdN AdorW0AE75HZYMwL/chVt2TnQchI/vh9kt/KA7hKVfbwp+Mv69s/0145629MwXObANsbddWzQsVCF bSg8SCZ0o1yqy1Oh573PWsa+MJPFyR9J8aRNArjHn1pDKTyAwXqI0J4L+gQArEjR3nIbiIme8qsy1 bLyUL9X+r4WyRQfEAC3/DM60pgzSUMkY4LABx2mMUUdbMIoyEAh/LW0YW6cPhxJhrWuWFSxTzBUTQ X5UARco8YHLKAMPZyGIj3NyMUG8YGBhTc/+kGd/WRKLTyWZ2yNG6qOnXPpdUGtvIHHsuAYj4PKpDx StHASdIA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1to7Lv-0000000CetO-3Vna; Fri, 28 Feb 2025 20:52:59 +0000 Received: from mail-ej1-x62a.google.com ([2a00:1450:4864:20::62a]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1to6mX-0000000CYJg-3waD; Fri, 28 Feb 2025 20:16:27 +0000 Received: by mail-ej1-x62a.google.com with SMTP id a640c23a62f3a-aaecf50578eso481652366b.2; Fri, 28 Feb 2025 12:16:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1740773784; x=1741378584; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=glD7coNk2GO9/l1adKLN+uo1Xfh2D3YWudU7CjoMsSA=; b=W2DJw3C0FKfg6dadBoiwvVUCnY4VYmX2SUn4+32/roD2pXdczqSv4Omr1DtLLTDT/F 36agXKuw2DltPYYEf6DYnLumSV2xJxcZvwdeVMZq/cyLzap6MyfJ6nQRnmorgJff+ycH nmfy6xUTgVx3se5YcDae5EVK9F08ES0jABvUHusSX5FstVeBO/b23k9wqQ4RIwD6Rcsx /QUvc5T8p1U+vxB8Fab3o/PnX3h+X971sPwNIXrEAvkv0s3DIjimGqQoOSF4c4UYxYxy XWo+YSFdvZ6+QFJq+4HvoD3X0NjPYX4PFYmDRqWJft4Z5KZIsKHnMIrpvNXs0KBGsLbN +RiQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740773784; x=1741378584; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=glD7coNk2GO9/l1adKLN+uo1Xfh2D3YWudU7CjoMsSA=; b=QoVnbWlqpa4vnxbUJ+bLwwi6tBdiqlvTuEEFa3sB+7YIDhE+E0puFtGyyBxC2/W7kV 7hvHiI529gIIlZGxjFUc/NLSxJhtWa+NTtlJpEoOED+sbBxM0VVShMu5hIqyUZlfe2sn 0W1yi6rX0AOe1oi/a6cqXEbUHdlcnvs1ErHz7+TG32N3wG/IGhIEwMTXwwyRy5my3xYk /kKdaRRW2rAmGXlVx4aifMm3u+hUds6XjDBdI25FHlf5RWFmsOvNGkCBKBFjExn7G0+B ACTH5z3mFtVYQehxFEIgVDaVNmVWPDRzOje3duwA4n5Ju4xCXOcY0KflgyLoJLIXn1Pd IT3g== X-Forwarded-Encrypted: i=1; AJvYcCWHbzyDR7DDH0loDA/CbglfBgkr7k3x1QezHuJXzwfMOykXKlqI5iP35eppO8oB/yGZ4W4bunzjpstjSNtsZqw=@lists.infradead.org, AJvYcCXicJSvslCtJ9gFLw7Un2z9pqTxGKsK9f2vMuPRmpYFEYGqVZjW2NEQU7dbRZ9fns60sIK003GRhV1XXdpXxctj@lists.infradead.org X-Gm-Message-State: AOJu0YxGFRcGwEQvj7/HXFgVc1Y+FDejwPyWhn/ispH5inOCN7A5uB7m Vd5J4r2GUQzwEnWA0SaIuuDx0aOExCHYFLXqO+0ySLKwAG4ZQ+Ur X-Gm-Gg: ASbGnctBA3hAWm4+VjXrl0JFsrQyZF/m4Qrx8Cz9xIJIubRjseMZ4KEAeRhUQJa4BL8 BNZ2CdhzLttZ6igh22lfFhO2ET9N3onZyoqXU8qq/OrV4WenIbyhSSNc/f+tgFpVfqU8/73SGAF TspR4iMKQ2ZEhVKV+jBq9K/c8HotpLIV1H8DAGqxddcOL1UsICsJ167jpFOy5ZcpQpAebAZSnxa PH6w6lQrZAKYLkZldS+T9xNS+B1abe1eqp2sb6lIgnSm7Sbbb+tm6vNFBFxZjIhJ9EnsbNPJtme 9X1RPzp47JqKsA6VfCo+/whzE7Y/4RzcxRIeY9FLZVgAKkalzr7NxKgBPOLhPSiLGLVua6ugqVi 1g8B2VOdR3QTMzOnZN55Xf7GcKwfjkDHTyFeAdHqlCa0= X-Google-Smtp-Source: AGHT+IEkD4+S63CdkvFhMcDqcuwDe3gQEzkaBi0DoNz6EL4MylQGJKFnzY2Wc6+ZXTl1u9JBQtGaYA== X-Received: by 2002:a17:907:7f27:b0:abe:fa17:12e0 with SMTP id a640c23a62f3a-abf25f8dd1dmr472704766b.11.1740773784160; Fri, 28 Feb 2025 12:16:24 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-abf0c755c66sm340812666b.136.2025.02.28.12.16.23 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 28 Feb 2025 12:16:23 -0800 (PST) From: Eric Woudstra To: Michal Ostrowski , Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Ahmed Zaki , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, linux-hardening@vger.kernel.org, Kees Cook , "Gustavo A. R. Silva" , Eric Woudstra Subject: [PATCH v8 net-next 06/15] bridge: Add filling forward path from port to port Date: Fri, 28 Feb 2025 21:15:24 +0100 Message-ID: <20250228201533.23836-7-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250228201533.23836-1-ericwouds@gmail.com> References: <20250228201533.23836-1-ericwouds@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250228_121625_978502_FBE462E5 X-CRM114-Status: GOOD ( 16.39 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org If a port is passed as argument instead of the master, then: At br_fill_forward_path(): find the master and use it to fill the forward path. At br_vlan_fill_forward_path_pvid(): lookup vlan group from port instead. Changed call to br_vlan_group() into br_vlan_group_rcu() while at it. Acked-by: Nikolay Aleksandrov Signed-off-by: Eric Woudstra --- net/bridge/br_device.c | 19 ++++++++++++++----- net/bridge/br_private.h | 2 ++ net/bridge/br_vlan.c | 6 +++++- 3 files changed, 21 insertions(+), 6 deletions(-) diff --git a/net/bridge/br_device.c b/net/bridge/br_device.c index 0ab4613aa07a..c7646afc8b96 100644 --- a/net/bridge/br_device.c +++ b/net/bridge/br_device.c @@ -383,16 +383,25 @@ static int br_del_slave(struct net_device *dev, struct net_device *slave_dev) static int br_fill_forward_path(struct net_device_path_ctx *ctx, struct net_device_path *path) { + struct net_bridge_port *src, *dst; struct net_bridge_fdb_entry *f; - struct net_bridge_port *dst; struct net_bridge *br; - if (netif_is_bridge_port(ctx->dev)) - return -1; + if (netif_is_bridge_port(ctx->dev)) { + struct net_device *br_dev; + + br_dev = netdev_master_upper_dev_get_rcu((struct net_device *)ctx->dev); + if (!br_dev) + return -1; - br = netdev_priv(ctx->dev); + src = br_port_get_rcu(ctx->dev); + br = netdev_priv(br_dev); + } else { + src = NULL; + br = netdev_priv(ctx->dev); + } - br_vlan_fill_forward_path_pvid(br, ctx, path); + br_vlan_fill_forward_path_pvid(br, src, ctx, path); f = br_fdb_find_rcu(br, ctx->daddr, path->bridge.vlan_id); if (!f) diff --git a/net/bridge/br_private.h b/net/bridge/br_private.h index 1054b8a88edc..a0b950390a16 100644 --- a/net/bridge/br_private.h +++ b/net/bridge/br_private.h @@ -1584,6 +1584,7 @@ bool br_vlan_can_enter_range(const struct net_bridge_vlan *v_curr, const struct net_bridge_vlan *range_end); void br_vlan_fill_forward_path_pvid(struct net_bridge *br, + struct net_bridge_port *p, struct net_device_path_ctx *ctx, struct net_device_path *path); int br_vlan_fill_forward_path_mode(struct net_bridge *br, @@ -1753,6 +1754,7 @@ static inline int nbp_get_num_vlan_infos(struct net_bridge_port *p, } static inline void br_vlan_fill_forward_path_pvid(struct net_bridge *br, + struct net_bridge_port *p, struct net_device_path_ctx *ctx, struct net_device_path *path) { diff --git a/net/bridge/br_vlan.c b/net/bridge/br_vlan.c index d9a69ec9affe..a18c7da12ebd 100644 --- a/net/bridge/br_vlan.c +++ b/net/bridge/br_vlan.c @@ -1441,6 +1441,7 @@ int br_vlan_get_pvid_rcu(const struct net_device *dev, u16 *p_pvid) EXPORT_SYMBOL_GPL(br_vlan_get_pvid_rcu); void br_vlan_fill_forward_path_pvid(struct net_bridge *br, + struct net_bridge_port *p, struct net_device_path_ctx *ctx, struct net_device_path *path) { @@ -1453,7 +1454,10 @@ void br_vlan_fill_forward_path_pvid(struct net_bridge *br, if (!br_opt_get(br, BROPT_VLAN_ENABLED)) return; - vg = br_vlan_group(br); + if (p) + vg = nbp_vlan_group_rcu(p); + else + vg = br_vlan_group_rcu(br); if (idx >= 0 && ctx->vlan[idx].proto == br->vlan_proto) { From patchwork Fri Feb 28 20:15:25 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13997106 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 66F6FC282C5 for ; Fri, 28 Feb 2025 20:30:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=ADjft9sIJBXUW7LiNylDurA6RPlyGDF8xbXsxbaW9C4=; b=DMIgsjra1bHMLMu/IkDn7lifLm b/NjrbhUjwRBkw5wEvgGTflbYBDI6UyhL4BSW/fhUIQfwTVHaVnOadZFP6/dy38I8qzsx0nxbhKK6 ixk/5ObxWH0uabvMNt5GuCK1VQhu/srOaN+V1ypYqNSxp/jv0kbeUE3jUKO9ND/SB6KP7/hiynZa+ MVslGPFRMTV1e/6tfr4qGRS8/iL91v5jjwcEbY1ywgNvi+jcD0XgpEgqcrxrQ758hcmQsDVv9/xMj 1ggt4Bjw4M343ojeFaRND+N2vvHOBZKZ5EnygsdkaXQCZ676YGwm6Z/sMJze2BAjqRk5Q5NOJFcF0 ZPCizZkQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1to70N-0000000Cc7J-05vO; Fri, 28 Feb 2025 20:30:43 +0000 Received: from mail-ej1-x631.google.com ([2a00:1450:4864:20::631]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1to6ma-0000000CYKo-1g7q; Fri, 28 Feb 2025 20:16:29 +0000 Received: by mail-ej1-x631.google.com with SMTP id a640c23a62f3a-abee54ae370so357731166b.3; Fri, 28 Feb 2025 12:16:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1740773787; x=1741378587; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=ADjft9sIJBXUW7LiNylDurA6RPlyGDF8xbXsxbaW9C4=; b=K8o+vcIuB9JsEIn8G73miAslwIj2CwJxxY7Y0aUsY0kYuMoNoK9E4lU3KlPyH7uhgk YvB9TVNM8uOHRjK8c9nbYLlcPT1R38QZhUCc6y/72eVxZxKmaXYfvC0hiYV0iv3WZzZ2 ua2M7aKH+YU9f4o9Ly+DW61nPQTdwfGT/d0An/igjABC59TF1zQMEFHkEZBj+Dgi0VYD OCac6KimOsxRcRXnJgn195EtMrKWDM2DIHv7m5PdfF5s426WRtJwTCz+Njl+DRGk4dwj yYxtT7SSbuuRF+HbsCFGuQy3xyn//6E96GucLsTeQzYfP0qjuJqWta5HvZx8TBBSS4mA LSgA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740773787; x=1741378587; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ADjft9sIJBXUW7LiNylDurA6RPlyGDF8xbXsxbaW9C4=; b=go0rIHf9XkfSceTdVnBcrbR4QyJeNwTT5g1Sr29K2X5JSh8ksgPP5ljXKVJCg/TTuc Aq9i8fRvw0xRPcmVJMz85iCWzek9qURiMlSa2aGhvgjNZFXC578xT9+pB47NlL/VlloQ bHhy7jaPFqmCOyrWKCTEv8kTKlYbUYY4gUcrAHbYbpE83Di1L3B+cLIeCTpvEla2uADC kPwalHoNUurz6XJTAfo4H0tCl/vdHIShVs04xcS3RL2+RFE0LO4UM+UYB7LeOVy0T5Xr pQ2CcHyTCh9zNItxDQ7Zz+xWteja/BWqkl3/vsiGbMf5iVjn29kO/cmjQzA0xVI++jjp HGrw== X-Forwarded-Encrypted: i=1; AJvYcCVBgVnqqzXnPpPSZdpdbBAr0j8ORxUtLZXhrLztMVgM3vt81rEbrvh+tPaTO2Iz9lEuzvzKj8XXx/0/k6HL6ga1@lists.infradead.org, AJvYcCWB573iYmxIM8b+uE4lvjhsDYkbqwiRs4LvsBlh7hmlqystNoANxVIsj0Dd79vOgs4bRc5GNFY2RnEWz0axQ0k=@lists.infradead.org X-Gm-Message-State: AOJu0YwzsBxyV+MaGQDbCvhkVF4tY+yfBywO8iLXD6DXnikN7kcCG+Lj oQRWyNO69TECnXWFC/jua4+yLRHAj8ItrFtR83cTWOgNoQ6EeQxo X-Gm-Gg: ASbGncsVvgmt+TxnGs60V9O5SfhV1BfvhF+VlXY5qJ4jx+Yu/3r2Fpnjq26j5ijHZfC x85mSNmE3HpG9QVXrt8M5tBzqdrId4uhGrui/QZzZcb33MOHY4jHGPh4TCdjqI+cGVLAvuVnxqD FcZJn2DBZ9Pw2Lo1TiAlQrNnumrli0mXq7Zdx5ofUmbXkTU4yHvvwz42URgPFhUciyoTxPmeFW9 MWZ2bmSyq6glNO1bK1DzOd4wBHlwCISnGc6rsQKgQrRtRxtSe0572/Jdxgxe3S1NWu1L3D8EQlU cS8689Dh7XMhMtT6FdSePvTsh0LjuT6HrkuiRNkAf+WDEBcjZFx38ea9muEA9IXiKnpjkbagwM2 pR5X/ypVlq8OlBVgmrJMGjA3PR8yibzb7ZsTCf8ddU1s= X-Google-Smtp-Source: AGHT+IHZr8MBH5e/es5RLH+VA5k1rbbZb9+gMcTnsziiL+DoKdJyx6FLpgBr4j4inN9U+45blgw9TQ== X-Received: by 2002:a17:907:3e8b:b0:abf:1386:fcad with SMTP id a640c23a62f3a-abf261fba23mr582057466b.10.1740773786500; Fri, 28 Feb 2025 12:16:26 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-abf0c755c66sm340812666b.136.2025.02.28.12.16.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 28 Feb 2025 12:16:25 -0800 (PST) From: Eric Woudstra To: Michal Ostrowski , Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Ahmed Zaki , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, linux-hardening@vger.kernel.org, Kees Cook , "Gustavo A. R. Silva" , Eric Woudstra Subject: [PATCH v8 net-next 07/15] net: core: dev: Add dev_fill_bridge_path() Date: Fri, 28 Feb 2025 21:15:25 +0100 Message-ID: <20250228201533.23836-8-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250228201533.23836-1-ericwouds@gmail.com> References: <20250228201533.23836-1-ericwouds@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250228_121628_437796_4C31511D X-CRM114-Status: GOOD ( 17.34 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org New function dev_fill_bridge_path(), similar to dev_fill_forward_path(). It handles starting from a bridge port instead of the bridge master. The structures ctx and nft_forward_info need to be already filled in with the (vlan) encaps. Reviewed-by: Nikolay Aleksandrov Signed-off-by: Eric Woudstra --- include/linux/netdevice.h | 2 ++ net/core/dev.c | 66 +++++++++++++++++++++++++++++++-------- 2 files changed, 55 insertions(+), 13 deletions(-) diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h index 26a0c4e4d963..2ee53478d9f0 100644 --- a/include/linux/netdevice.h +++ b/include/linux/netdevice.h @@ -3318,6 +3318,8 @@ void dev_remove_offload(struct packet_offload *po); int dev_get_iflink(const struct net_device *dev); int dev_fill_metadata_dst(struct net_device *dev, struct sk_buff *skb); +int dev_fill_bridge_path(struct net_device_path_ctx *ctx, + struct net_device_path_stack *stack); int dev_fill_forward_path(const struct net_device *dev, const u8 *daddr, struct net_device_path_stack *stack); struct net_device *__dev_get_by_flags(struct net *net, unsigned short flags, diff --git a/net/core/dev.c b/net/core/dev.c index d6d68a2d2355..467f98f6ba51 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -714,44 +714,84 @@ static struct net_device_path *dev_fwd_path(struct net_device_path_stack *stack) return &stack->path[k]; } -int dev_fill_forward_path(const struct net_device *dev, const u8 *daddr, - struct net_device_path_stack *stack) +static int dev_fill_forward_path_common(struct net_device_path_ctx *ctx, + struct net_device_path_stack *stack) { const struct net_device *last_dev; - struct net_device_path_ctx ctx = { - .dev = dev, - }; struct net_device_path *path; int ret = 0; - memcpy(ctx.daddr, daddr, sizeof(ctx.daddr)); - stack->num_paths = 0; - while (ctx.dev && ctx.dev->netdev_ops->ndo_fill_forward_path) { - last_dev = ctx.dev; + while (ctx->dev && ctx->dev->netdev_ops->ndo_fill_forward_path) { + last_dev = ctx->dev; path = dev_fwd_path(stack); if (!path) return -1; memset(path, 0, sizeof(struct net_device_path)); - ret = ctx.dev->netdev_ops->ndo_fill_forward_path(&ctx, path); + ret = ctx->dev->netdev_ops->ndo_fill_forward_path(ctx, path); if (ret < 0) return -1; - if (WARN_ON_ONCE(last_dev == ctx.dev)) + if (WARN_ON_ONCE(last_dev == ctx->dev)) return -1; } - if (!ctx.dev) + if (!ctx->dev) return ret; path = dev_fwd_path(stack); if (!path) return -1; path->type = DEV_PATH_ETHERNET; - path->dev = ctx.dev; + path->dev = ctx->dev; return ret; } + +int dev_fill_bridge_path(struct net_device_path_ctx *ctx, + struct net_device_path_stack *stack) +{ + const struct net_device *last_dev, *br_dev; + struct net_device_path *path; + + stack->num_paths = 0; + + if (!ctx->dev || !netif_is_bridge_port(ctx->dev)) + return -1; + + br_dev = netdev_master_upper_dev_get_rcu((struct net_device *)ctx->dev); + if (!br_dev || !br_dev->netdev_ops->ndo_fill_forward_path) + return -1; + + last_dev = ctx->dev; + path = dev_fwd_path(stack); + if (!path) + return -1; + + memset(path, 0, sizeof(struct net_device_path)); + if (br_dev->netdev_ops->ndo_fill_forward_path(ctx, path) < 0) + return -1; + + if (!ctx->dev || WARN_ON_ONCE(last_dev == ctx->dev)) + return -1; + + return dev_fill_forward_path_common(ctx, stack); +} +EXPORT_SYMBOL_GPL(dev_fill_bridge_path); + +int dev_fill_forward_path(const struct net_device *dev, const u8 *daddr, + struct net_device_path_stack *stack) +{ + struct net_device_path_ctx ctx = { + .dev = dev, + }; + + memcpy(ctx.daddr, daddr, sizeof(ctx.daddr)); + + stack->num_paths = 0; + + return dev_fill_forward_path_common(&ctx, stack); +} EXPORT_SYMBOL_GPL(dev_fill_forward_path); /* must be called under rcu_read_lock(), as we dont take a reference */ From patchwork Fri Feb 28 20:15:26 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13997113 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 9A399C282C5 for ; Fri, 28 Feb 2025 20:32:26 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=MAJ1+kbz8lZ4YwPg+OV3VOfAm0Jd01XhEIX1QeYwh3U=; b=3ehXRVysptb33Ke3DeCsOevx10 UbKtPD0YqLyIWKvSYAu7cAhbOFZb3kAJSxv8AAIsJe83R6gUpx38j370IH8OplDEB0jqtyWwZw2cs x7ud6wxznWRwvmLFtHonum3Js6xWUYGQsibe5zwe6LHkYnEwKhE5XIjQlKDFXlgfgp8EPRyhw5dib PqmyjfKFPhNzqLNwtu2BVBfxwCxG5fuxlZ+sd7CD2hnxLVeyHxlqykbh7RvK6CmY1s71uDSuJUhsU ZZX3uvDTFGooIPNne5G2BX3EBA1Hql1MQSDZZKgr55/2qlM8cvu0Bd40WGjx3kMirpqhi8nTFi2T1 xd/E+oqQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1to71s-0000000CcOM-3zNQ; Fri, 28 Feb 2025 20:32:16 +0000 Received: from mail-ed1-x536.google.com ([2a00:1450:4864:20::536]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1to6mb-0000000CYLC-3UsX; Fri, 28 Feb 2025 20:16:30 +0000 Received: by mail-ed1-x536.google.com with SMTP id 4fb4d7f45d1cf-5dedd4782c6so4657184a12.3; Fri, 28 Feb 2025 12:16:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1740773788; x=1741378588; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=MAJ1+kbz8lZ4YwPg+OV3VOfAm0Jd01XhEIX1QeYwh3U=; b=eqlwf95DA90ou4KJDYI7sYD7H/lAgjXSomVos3ERk5eaGUZCwZcfmEflIR5OY+k+BN 84f4JF32IBSFkLWSdSx0V6O7vjTa9zyhZcaW2tIkqqhMa/PI8DlWRtiNFI5eFL4WbwqY 9nZzn90UwSSH8BtGlkaT4D36NbrbH2DSc8unc1fb8A31OEm3Db7PIAjASyFVkz7DTUWx bPCL614/6UJZjiW21a8PlOSSpH14q+IGAyVsn9GroWIniLSGKNAdSacL0ulCe5niTJ/s VFPeClptAzDscsqznCwyli24YTpWNrm5k1w++bgRyswlr+gzEhDlY6mrHpVR3Wj6Dhab DRoQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740773788; x=1741378588; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=MAJ1+kbz8lZ4YwPg+OV3VOfAm0Jd01XhEIX1QeYwh3U=; b=QRvfTA/4xb9FeayxARWEKuuJosF5THNndI+pNodUMBijVupR12TU/x24OXET1LBn7j GbI9d/AnKYG3TV55nBvpcyLWof4Z+gQTbQBpKluLLwion7smh2f+1wCxqcbnTDdHY5kX lNtlu9F8rKYz68+SjELETFT5cp2Yvgcipttl0q1KU66ycMpnEsMkWaSzu3OtajaEXx5N fWD7Zgy6A/4jHJKqcl+LlQRzExTyG7pozIPALRRs6OyvhmsyID1sxx8r8Lo36pHugnSo 0KXLzfJY0edcKsAn8wULAAso72MkdakUXECSEJUVWNbuYX2DmlbmtU/0Aq+Pg6iBVdNf kEZg== X-Forwarded-Encrypted: i=1; AJvYcCVULPbGRsKAkURSzfAf4mmfA46+zJtOIgtu8d8oE52gYhXyRvRHDm4D7c+xd1YtkA9x1mMC2PHtBroynVu3ZqA=@lists.infradead.org, AJvYcCWyt/l1QLgLF6ex7YUWj4SoP3b4l7dTzgqAgxWs1bdVFQgnTYnbHTtMf5eA8Q5bUCJyp3xd6SqKxGG1AebcOLL/@lists.infradead.org X-Gm-Message-State: AOJu0YxHKsmTcaSzTmnYP2PvbLXXL9zv7dhAKzeUJwDaUhU9HEKHqerU ykVaSwFMVVFR/wC/3HE3rGmTnBpoO5Sx3GsPgZUTI4H22SzU3DWZ X-Gm-Gg: ASbGncte7I6okoInpwOjGq9V6SIfelhBoO7G3qFmx807PX3xqL1xHb9w/qBMlC6znF5 dJ1kbyzRy8dFicJCjsWHnQf+TiYV9p+Pgj5qLl+ToCtOhxYmIC1o7rQ3+IkIj7BUiDMf6GH7HoM Jx+6NXY+ix2vBH6p7VmAqiPZjpiTyWmQENROQa2/ganV2x5XTngBCYZRpuGLxQkuCIUkxsYIo5p aIMvhYi6k07g6tO72T8Xk/xjff1JJxAmBYt9jLnLhuPXN7/npb3c+uvznR1xuyEvZ3V4rFiR9if N22OCfXCiXhiUkLxxWgQ3bKneW4zgn0Xyt1U0K0SMc6SZgdxffRuRzhMrQHARJaCTFqUy8/lQ3e PoF3Al6T9KiBL970xjRF3mQfJZCFClzDliZZuDwm5cTU= X-Google-Smtp-Source: AGHT+IF4o1r+k6+nG0zNGywKeKcizMy8Myj40MpWCdBkkMqspA1rSJwU0RPTkMPYXpO+ucJWx86obg== X-Received: by 2002:a17:907:3e0e:b0:abb:b12b:e103 with SMTP id a640c23a62f3a-abf26218d27mr558296766b.34.1740773787937; Fri, 28 Feb 2025 12:16:27 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-abf0c755c66sm340812666b.136.2025.02.28.12.16.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 28 Feb 2025 12:16:27 -0800 (PST) From: Eric Woudstra To: Michal Ostrowski , Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Ahmed Zaki , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, linux-hardening@vger.kernel.org, Kees Cook , "Gustavo A. R. Silva" , Eric Woudstra Subject: [PATCH v8 net-next 08/15] netfilter :nf_flow_table_offload: Add nf_flow_rule_bridge() Date: Fri, 28 Feb 2025 21:15:26 +0100 Message-ID: <20250228201533.23836-9-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250228201533.23836-1-ericwouds@gmail.com> References: <20250228201533.23836-1-ericwouds@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250228_121629_869957_88441C8F X-CRM114-Status: GOOD ( 10.45 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Add nf_flow_rule_bridge(). It only calls the common rule and adds the redirect. Reviewed-by: Nikolay Aleksandrov Signed-off-by: Eric Woudstra --- include/net/netfilter/nf_flow_table.h | 3 +++ net/netfilter/nf_flow_table_offload.c | 13 +++++++++++++ 2 files changed, 16 insertions(+) diff --git a/include/net/netfilter/nf_flow_table.h b/include/net/netfilter/nf_flow_table.h index 4ab32fb61865..a7f5d6166088 100644 --- a/include/net/netfilter/nf_flow_table.h +++ b/include/net/netfilter/nf_flow_table.h @@ -340,6 +340,9 @@ void nf_flow_table_offload_flush_cleanup(struct nf_flowtable *flowtable); int nf_flow_table_offload_setup(struct nf_flowtable *flowtable, struct net_device *dev, enum flow_block_command cmd); +int nf_flow_rule_bridge(struct net *net, struct flow_offload *flow, + enum flow_offload_tuple_dir dir, + struct nf_flow_rule *flow_rule); int nf_flow_rule_route_ipv4(struct net *net, struct flow_offload *flow, enum flow_offload_tuple_dir dir, struct nf_flow_rule *flow_rule); diff --git a/net/netfilter/nf_flow_table_offload.c b/net/netfilter/nf_flow_table_offload.c index d8f7bfd60ac6..3cc30ebfa6ff 100644 --- a/net/netfilter/nf_flow_table_offload.c +++ b/net/netfilter/nf_flow_table_offload.c @@ -679,6 +679,19 @@ nf_flow_rule_route_common(struct net *net, const struct flow_offload *flow, return 0; } +int nf_flow_rule_bridge(struct net *net, struct flow_offload *flow, + enum flow_offload_tuple_dir dir, + struct nf_flow_rule *flow_rule) +{ + if (nf_flow_rule_route_common(net, flow, dir, flow_rule) < 0) + return -1; + + flow_offload_redirect(net, flow, dir, flow_rule); + + return 0; +} +EXPORT_SYMBOL_GPL(nf_flow_rule_bridge); + int nf_flow_rule_route_ipv4(struct net *net, struct flow_offload *flow, enum flow_offload_tuple_dir dir, struct nf_flow_rule *flow_rule) From patchwork Fri Feb 28 20:15:27 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13997114 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 5CA71C282C5 for ; Fri, 28 Feb 2025 20:33:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=6/OfFtkDCpNUsNNnB4udxCcQxzWSEZIHYYoj3YjYWKw=; b=gOUR/rcmwx9uFDS5ybjgY7pBT8 jCZNBSc4A3fhaIEYoI80AIUPWr065TAs5zRSKguM7VUcgB5tCKBG7qyHCHNZ7f+wz6rfEdIOrrDpE adDX+PcDOwznVhyhZIreiIsy3YA/OtD8oKAyfVgbCiX/D6hxATZzlR2xzqe9LBmgohqvOlbUE7aZG rI4wJl/BMtcefBJWp+iS8qBDxm5IorrdFy2hArzC0ozQUxzhCBsOHGA2kfoWvNxSOmtk2P6Mi8J2U irsL0dkjdVjBmkvb6F6dPj9jlg6vgbHrrIxfr5MljIcqRRFshhdHplnp0x8YrTWw/6qSs1LTpMu8w oubtZNsA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1to73O-0000000CcZs-3tIs; Fri, 28 Feb 2025 20:33:50 +0000 Received: from mail-ej1-x62a.google.com ([2a00:1450:4864:20::62a]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1to6mc-0000000CYLy-3iTJ; Fri, 28 Feb 2025 20:16:32 +0000 Received: by mail-ej1-x62a.google.com with SMTP id a640c23a62f3a-abbec6a0bfeso392493166b.2; Fri, 28 Feb 2025 12:16:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1740773789; x=1741378589; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=6/OfFtkDCpNUsNNnB4udxCcQxzWSEZIHYYoj3YjYWKw=; b=c8yXZPzYRMBjb7XXciFZwkSekdfFMYLIm07Ku0jdd97QII1JHuc+Eiw5/8zUFfen8o 4mvFMCPgfD4BA573lZEJTfMPydp/IfER5iKKQjcQKw5TRix9OHO7f1MnSxGXTFiqiju2 fCqGh7UbvIEjuBbooakwnIyh8b1YucJOlLY5MTWkJpej/xfJEy0/P3Wk4h7lAJbAN01e C3ypLw6c+Y0A6lBLglBBdtY3R9O1yfmHoyZtGB65rVsUg0qxdHZN6DTBIf6G5HwyBqqh vNOGS3wXPwD2zuyq/7J3bvk/ZUAcvmyE7cMKaj+38FbeJXNWpZk9fd/Hx7RVXT19FZ5f iVrA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740773789; x=1741378589; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=6/OfFtkDCpNUsNNnB4udxCcQxzWSEZIHYYoj3YjYWKw=; b=L+8rAzeYL45k6JbUduhjTlCQnxukaBifL9N+xXG1pl2gIS2L4V/V0nm1UrgzvkIsVa E8Wtm/svbrPfmoiOJbp3+yEH9oZLCOeUg+O3KP8axpFKtwVadJ+i0K82dfzA9Wicki/Y EPC4nh7anauLdDx07zT3MEV9K3ZZDOCmh+gBqtlAvxjis5B5B5bAW9awkcR3iySvEM8B +4VQjT9eTf97PGNj5esGT0jVGsgU6mJFXLrHVZ1jNN7VY8f6VmecuJkPB4NJsk+P2Zk3 V2ZWXBrToMwku6jYZmXTcpvM8zzm76oRQ/gU1JyYL0qdwfNHw7fMmAss2m2Qugfqy0o/ SXYA== X-Forwarded-Encrypted: i=1; AJvYcCUNjJck1ymDUi81T1yms69c0MUigAn48X0kBW4v8HHzR75iS2nLOYuqZ5b+hyzoXeXnfxySyTZ94H1vJM6vo7bk@lists.infradead.org, AJvYcCWglyYnEPobFlk9OlzTsf61WL04pOoVmLWbadAnvzXXx4lT0auvwlAD5rfZMsqUZioR6nzsfIe4MwJetauLGGo=@lists.infradead.org X-Gm-Message-State: AOJu0YwmOLOFGuLo0VO3SBfDUIXdpNtXcM4iNJp3s9fgcOb6WvdSbPEH Wnt2rnl/MWpBk3EnzrGR3Oxhgz2j8kncfJdXannRFIgNZRjzkbHI X-Gm-Gg: ASbGncuK84qYqW/x7s4gSGS45ljfji5bh0RNQlFybov5twsgzkjem9IjpX97Ur6EJI7 /q5abbXh8Ih8/do4+lCOpv7lRlpUsOwU2n8XesOnhcPZlx24LvRinzXpajA7NHQZ3exYE0D69BY sIcZHBx3dcw/4+uzZZNWEmBIp3v2b/VKiOJ13PyvgKujZ+CJfySxHsCRqgw0j1vK6EF6xiY6Obm 9lNPWg+r7QKtyf8uZKempNsdOFMgJCQbwKqepD/QduH9zORsdNCq3SPCEpkC5ggGjNSn6Ol6z3S fBwHKpbvBvAweg0pWyqVa/pJYaCHBWR8ITEq2mKsSOfDmmeZtv/rLvyUs3pS+WLaWe/PqmE1TTh V6SZDPT4Mp8t0eVGGMU8qImzGlLOKC4mcimBy8IlRqO6vj5mXbg0dCHm9QudR5Q== X-Google-Smtp-Source: AGHT+IEQAXatFYtUv180Nd/vAAtHbNFD7uOybxHOrydax27b/c3kzdKVO8+x7rEp/205E7ETT5lLSg== X-Received: by 2002:a17:907:9620:b0:abe:f8c0:c1ab with SMTP id a640c23a62f3a-abf265d3be4mr498901466b.46.1740773789267; Fri, 28 Feb 2025 12:16:29 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-abf0c755c66sm340812666b.136.2025.02.28.12.16.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 28 Feb 2025 12:16:28 -0800 (PST) From: Eric Woudstra To: Michal Ostrowski , Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Ahmed Zaki , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, linux-hardening@vger.kernel.org, Kees Cook , "Gustavo A. R. Silva" , Eric Woudstra Subject: [PATCH v8 net-next 09/15] netfilter: nf_flow_table_inet: Add nf_flowtable_type flowtable_bridge Date: Fri, 28 Feb 2025 21:15:27 +0100 Message-ID: <20250228201533.23836-10-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250228201533.23836-1-ericwouds@gmail.com> References: <20250228201533.23836-1-ericwouds@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250228_121630_922256_AE62F9F6 X-CRM114-Status: GOOD ( 11.91 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org This will allow a flowtable to be added to the nft bridge family. Reviewed-by: Nikolay Aleksandrov Signed-off-by: Eric Woudstra --- net/netfilter/nf_flow_table_inet.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/net/netfilter/nf_flow_table_inet.c b/net/netfilter/nf_flow_table_inet.c index b0f199171932..80b238196f29 100644 --- a/net/netfilter/nf_flow_table_inet.c +++ b/net/netfilter/nf_flow_table_inet.c @@ -65,6 +65,16 @@ static int nf_flow_rule_route_inet(struct net *net, return err; } +static struct nf_flowtable_type flowtable_bridge = { + .family = NFPROTO_BRIDGE, + .init = nf_flow_table_init, + .setup = nf_flow_table_offload_setup, + .action = nf_flow_rule_bridge, + .free = nf_flow_table_free, + .hook = nf_flow_offload_inet_hook, + .owner = THIS_MODULE, +}; + static struct nf_flowtable_type flowtable_inet = { .family = NFPROTO_INET, .init = nf_flow_table_init, @@ -97,6 +107,7 @@ static struct nf_flowtable_type flowtable_ipv6 = { static int __init nf_flow_inet_module_init(void) { + nft_register_flowtable_type(&flowtable_bridge); nft_register_flowtable_type(&flowtable_ipv4); nft_register_flowtable_type(&flowtable_ipv6); nft_register_flowtable_type(&flowtable_inet); @@ -109,6 +120,7 @@ static void __exit nf_flow_inet_module_exit(void) nft_unregister_flowtable_type(&flowtable_inet); nft_unregister_flowtable_type(&flowtable_ipv6); nft_unregister_flowtable_type(&flowtable_ipv4); + nft_unregister_flowtable_type(&flowtable_bridge); } module_init(nf_flow_inet_module_init); @@ -118,5 +130,6 @@ MODULE_LICENSE("GPL"); MODULE_AUTHOR("Pablo Neira Ayuso "); MODULE_ALIAS_NF_FLOWTABLE(AF_INET); MODULE_ALIAS_NF_FLOWTABLE(AF_INET6); +MODULE_ALIAS_NF_FLOWTABLE(AF_BRIDGE); MODULE_ALIAS_NF_FLOWTABLE(1); /* NFPROTO_INET */ MODULE_DESCRIPTION("Netfilter flow table mixed IPv4/IPv6 module"); From patchwork Fri Feb 28 20:15:28 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13997115 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 05AD4C282C5 for ; Fri, 28 Feb 2025 20:35:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=Gr1wMzwLJ3r114jkr+fSh/N13xzOYrfc9OnXbfM4Z7I=; b=P3HhUk/AdNb/cn5hmwFz2wl9W3 378o7zrLI2wIMVLp1ymjGHrMffGMfLstY/PMxTjuKCQwxxxW9loz4TTTlP+LdH4TiR42Ba6kZ93Ou yMj/EgUlir3YaUp2mh8fDA/3uXEDhGJzMCPRusnLs3oL+SocYh9keDc7IfIdyhm7KRJqq063rsZdN r0aFZuRUJ4MCKgdm2nLCrvzBcJCYjEqNndSVeUGGXvT0PubRTTFWD1nEyeY+aFzT7/VT2r/nEJFVY rmPxQCti9CMAu60UulzeVAML/y5Q8oSFd34eiOMns/c9K+O0DaRVr1vzWq6NevzJmHaOr7raQY6Zz vdJDRzkg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1to74u-0000000Ccm4-1r4W; Fri, 28 Feb 2025 20:35:24 +0000 Received: from mail-ej1-x631.google.com ([2a00:1450:4864:20::631]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1to6me-0000000CYN1-0Xmp; Fri, 28 Feb 2025 20:16:33 +0000 Received: by mail-ej1-x631.google.com with SMTP id a640c23a62f3a-aaec111762bso445610466b.2; Fri, 28 Feb 2025 12:16:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1740773791; x=1741378591; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Gr1wMzwLJ3r114jkr+fSh/N13xzOYrfc9OnXbfM4Z7I=; b=eAhPdJ9kDqH2+mJcHBqQijbskDBwoZKsOsGF+Z3GKZp0yyrKUrAmL4CbUviq6XpTKp S9XDIhknke8Lm5XO8gR9RjofoJ2GUFPlO4i/wpb0z3kZGwLvAoki2rCZniel3A/6yyUb 8O4LxW76aX6JtG7BE0GzQlP1V0/uvxqI+qfF3xJBSlSCDSKOskeKvZG4LOYt41BsY+l4 e+oUaVEvlHU8uYV5W9fgTKeKzuhKZOavsLBt+7ApYuBB+2xPvHRzjRRY/FJQkLzsceZY uc/r7YeOiGrp4O/DsT5gI9faVVfEaleXR84UNqMB/a9MIBNa72S8uacJc4r5GsFP/hZ6 VqxQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740773791; x=1741378591; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Gr1wMzwLJ3r114jkr+fSh/N13xzOYrfc9OnXbfM4Z7I=; b=p7syLzjM/sgsjlAP+XFfEeCp4iwppYr+4LVP4zQOoFYLjgeAs60A4nf/tz1JxxkjZw 4z9A4TQ598rJvm5F/l9cP+hXwdAErPK0yfVHMwBcwA29IKArm3AVyu8b73gn4sQe6vdt Djih2PFNFnqZGTvrsBj4KRSOQFujZxZ+yMIzbfIZBeIm+/EWL+RfLRO0kMGZfMbzesVU HjmPgHGhbQqAMEea9av+2sPRtmd/iTeN9a/o0b7EoZRACbAl/oGJ2o1miAexoJEwIeke JQt5oWWwKSA8b12yEpK48yIXSX6a+izU6VvF2BtWKpFTA5X1M4NxN+QPYK3wzqvoG4PJ SAOw== X-Forwarded-Encrypted: i=1; AJvYcCWk3Qw1GvyJYiPtLMZLZ2LR6DnpM9Oo+cOH8qfD6r6nFKtIKNU7Iz0QGTc0MMHeWfOaf+wTNXWrq0I/2TpzIZQl@lists.infradead.org, AJvYcCXx0WgMUNcoi0cJSYnkk564M5B22qVxAkwYOzJiWlJX8QN97ZQx+vMmxtZGZBI3ZyySaAS87AaXDSBLjsKN5Ow=@lists.infradead.org X-Gm-Message-State: AOJu0YzuNlHqC4jg0RXW8UdRkIu7+70oBbaRaTKtoVU3YaGyqdmpbjYZ oXvCxNYrLxyjKbz6uC6hnljCsNpvOXaJrgCo07JfrQRD8XdWrCYsXkbgytXJ X-Gm-Gg: ASbGncv57kceu6QvvlUU2OGgarSUnhKZn92RVqsqpK3Hk2BzwUM6n+HWyoYZrdPwqL1 AapBFfaWSaNXpt6UrHSqlTnUsgFpsUuY9pOTotQ/2IKTGxx3rj4VsHHDl7lav9wjTNwTFy5KWZO pfg75gf0tLNoOA55lz6xfo5omYj5ePmT8bzIEEyDL3FBI78IeZnfhukPa2YR/K1ijUTDvAgKDmP j430kWfrZW/sENKQzeMMypSLGIg4gL8tA1F3E+XeleAzrVlv5QdqVnjDxlxjNhvyABHNwDJGa7u BsF15E/eKL5JfIb0UNm9ffsp/v0/buVNzHHQElM3VPPaZN+ewkqYgP3LjVg6wXnSuaYmiynrMFh bBVEfwsdjpUZJF4EbfUIhpqgx7125Ix9R0TN+VXTHV0Q= X-Google-Smtp-Source: AGHT+IGIlmp0gTErSS4DfDNJ2k0q+U7DXk7nnE8hCWt5GhbV6qmR8RoCNHygavxB4lOMiFfar//Acg== X-Received: by 2002:a17:907:3fa4:b0:ab6:d7c5:124 with SMTP id a640c23a62f3a-abf265e8ed2mr386410966b.43.1740773790747; Fri, 28 Feb 2025 12:16:30 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-abf0c755c66sm340812666b.136.2025.02.28.12.16.29 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 28 Feb 2025 12:16:30 -0800 (PST) From: Eric Woudstra To: Michal Ostrowski , Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Ahmed Zaki , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, linux-hardening@vger.kernel.org, Kees Cook , "Gustavo A. R. Silva" , Eric Woudstra Subject: [PATCH v8 net-next 10/15] netfilter: nft_flow_offload: Add NFPROTO_BRIDGE to validate Date: Fri, 28 Feb 2025 21:15:28 +0100 Message-ID: <20250228201533.23836-11-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250228201533.23836-1-ericwouds@gmail.com> References: <20250228201533.23836-1-ericwouds@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250228_121632_170898_8D5B1D60 X-CRM114-Status: GOOD ( 11.33 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Need to add NFPROTO_BRIDGE to nft_flow_offload_validate() to support the bridge-fastpath. Reviewed-by: Nikolay Aleksandrov Signed-off-by: Eric Woudstra --- net/netfilter/nft_flow_offload.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index 5ef2f4ba7ab8..323c531c7046 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -421,7 +421,8 @@ static int nft_flow_offload_validate(const struct nft_ctx *ctx, if (ctx->family != NFPROTO_IPV4 && ctx->family != NFPROTO_IPV6 && - ctx->family != NFPROTO_INET) + ctx->family != NFPROTO_INET && + ctx->family != NFPROTO_BRIDGE) return -EOPNOTSUPP; return nft_chain_validate_hooks(ctx->chain, hook_mask); From patchwork Fri Feb 28 20:15:29 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13997120 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id B35A8C282C6 for ; Fri, 28 Feb 2025 20:37:06 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=mNvAyhAv6GepxNEYkCskllQBVi38mrCeZ4SsbbR7WSY=; b=0eZt+KkfO8vMrwrfU2XYIFaHql qWuliYJ/8ftCs6i+zRUhBeSfF24Kp/dtRLrAhNg+ZkFxvCWG5EglIlZXlXFKhHyur3gDB9RXr17hO Re27BBXIrqJi6utPp24+tse6b1LrsafQRZpXNue3hgG+fXocW8RITcy3Rg0gdCS39NfZQKoSvk34E k67vFpGrsFf2X7xcONOH2eBxyzE+bO6arHIHN69j2gwFxrHODgLL03pMVmzqW6Zz1LlKzpzuqgDF0 1LgqMpUY6bRv50noAg10i/ZvPYNm9nxRBgcj5biUn45+vY4n6mdlLFWhGtkCu3Wv5RQkxWdlvRCnz j4tR/5dA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1to76Q-0000000Ccy3-1xPs; Fri, 28 Feb 2025 20:36:58 +0000 Received: from mail-ej1-x62a.google.com ([2a00:1450:4864:20::62a]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1to6mf-0000000CYNq-2IyC; Fri, 28 Feb 2025 20:16:34 +0000 Received: by mail-ej1-x62a.google.com with SMTP id a640c23a62f3a-abf45d8db04so88073466b.1; Fri, 28 Feb 2025 12:16:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1740773792; x=1741378592; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=mNvAyhAv6GepxNEYkCskllQBVi38mrCeZ4SsbbR7WSY=; b=l7/esM6j4YVKvNEI2qzDVb3ysoHQm2ayNlexu2GeF/y4XjX3FmLQgd34movBloCiwy 6CjaVhfrg8yba9ntghIXYzqqTIH8KnWuu1ng3e3rXN3icv+sGKH7kySrwTSHyGG/o+oH 9NscffLfB6SD0Dw7ovhaDqs2NxdB3b72EgwEbVzlkShW/nl5krxCR1vnmFqaxcffzvED 1ktyB7hgOufuC8DEQN+wsQLKqkVZZ1WgC+6h4l8/vXAwf0jxroQ1Siu9BpFc5XIF+098 ENAN3NNcHRRAPK0T5x31mPIqKoQOgUDRJ+69LH2kZRCxrUj+ot99AvTqauv2OXtHHppP QHnw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740773792; x=1741378592; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=mNvAyhAv6GepxNEYkCskllQBVi38mrCeZ4SsbbR7WSY=; b=qsMcANEENaGwo4qlbUzgxRvuBDoPLXcG4v2BZvgbwub6+1A6OaTm+54w6pEfurQJOa iBpLTBU4WRTggSQFG++2H84U/rmh419sr34slpk4qqzpXWpi444eOwhcH76EfQb7ZJlE N1UsljtbtJiCUkYMuszAUqlrOAZuxX/Mr8iKNS6q+Zf09ryWPNmoBClfhhzWSZiAq0Mf 4BcYo2tvAyY32pi45lAadQZhri3EZpS/F0o+rMFjqXs7lVSv6fvizaCv8thqUZb4hfkS zkHPQJC7Su8UMbM2O8L96MY2kTlvNW0s3Dbra4lR5Hp6/4NeG9U48DT2YKKKF0CIHdDO pfYw== X-Forwarded-Encrypted: i=1; AJvYcCV5YnTwf3NEwcjLpwbM5YPo+jFsg6jmbN+AqT1RXKaELsUR1ry/UolB6i+psHISauN0F6xSkC081/adpVXt6LN1@lists.infradead.org, AJvYcCWQMDmYr07DVK3ngdVJwO6z77RTZ/OGcwEPH9/NoFfAxG+oNWdJjrJj9EFXNcH8dqYclu/w9qtC2U2FfKPEtZ8=@lists.infradead.org X-Gm-Message-State: AOJu0Yy7X7hMKPmj8E+lNFekOPwlsZSaiEaaYUW+Xq7Am+Yw+pafPW08 awFOn7/idvJf2nPzQ9HcWtYNthK+Twh1+hgmBJHbnUDQ7yXj2fFW X-Gm-Gg: ASbGncssGUKFr2oeaD9H6Dk6VgPh5XPSviCBTAx6MQxb7h5ERov21elBKGWegyihER7 BNNSTyiYyvNjVgWxkyYEkIzDaDXWwOOe0qOm7e4RHc+Ti8iCez4hOPhDxYfy4j71yNyMD0N30yL 5h8rflb7q3f8PnqXyVzwOkZrjmq9f+QC9GhlNzzW4p+2Jwq0yakbq4F1sMLiRiTw76WL813RLDf UGF/B2KzxCII4T9zjEkXkdym2sO4T/NuLTQYfwLpNRh0GJuG3AEgD+DXRzqEqKLPuabLi6tBQNV jjzTT/IRbryGo+3YeYAqy9nw/JmemxgYE8Qn3L9zhoEd6ReLq97VkGr6dFCy8cIatmD3WE+X4WY ay7sy7hM6yVRASv5R9Kcjm4D1pg0RIDxVjJlNGfzd0bQ= X-Google-Smtp-Source: AGHT+IGNTRuqBcd8nLuNsVuXSGF1sIcXELw3HlP5Nzemzcrdv1EtIzMkCBIzwqYM1NbqtT6g+Vprpw== X-Received: by 2002:a17:907:9484:b0:abb:b136:a402 with SMTP id a640c23a62f3a-abf26424829mr486626566b.18.1740773792060; Fri, 28 Feb 2025 12:16:32 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-abf0c755c66sm340812666b.136.2025.02.28.12.16.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 28 Feb 2025 12:16:31 -0800 (PST) From: Eric Woudstra To: Michal Ostrowski , Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Ahmed Zaki , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, linux-hardening@vger.kernel.org, Kees Cook , "Gustavo A. R. Silva" , Eric Woudstra Subject: [PATCH v8 net-next 11/15] netfilter: nft_flow_offload: Add DEV_PATH_MTK_WDMA to nft_dev_path_info() Date: Fri, 28 Feb 2025 21:15:29 +0100 Message-ID: <20250228201533.23836-12-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250228201533.23836-1-ericwouds@gmail.com> References: <20250228201533.23836-1-ericwouds@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250228_121633_586425_6D7AA48D X-CRM114-Status: GOOD ( 12.72 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org In case of using mediatek wireless, in nft_dev_fill_forward_path(), the forward path is filled, ending with mediatek wlan1. Because DEV_PATH_MTK_WDMA is unknown inside nft_dev_path_info() it returns with info.indev = NULL. Then nft_dev_forward_path() returns without setting the direct transmit parameters. This results in a neighbor transmit, and direct transmit not possible. But we want to use it for flow between bridged interfaces. So this patch adds DEV_PATH_MTK_WDMA to nft_dev_path_info() and makes direct transmission possible. Signed-off-by: Eric Woudstra --- net/netfilter/nft_flow_offload.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index 323c531c7046..b9e6d9e6df66 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -105,6 +105,7 @@ static void nft_dev_path_info(const struct net_device_path_stack *stack, switch (path->type) { case DEV_PATH_ETHERNET: case DEV_PATH_DSA: + case DEV_PATH_MTK_WDMA: case DEV_PATH_VLAN: case DEV_PATH_PPPOE: info->indev = path->dev; @@ -117,6 +118,10 @@ static void nft_dev_path_info(const struct net_device_path_stack *stack, i = stack->num_paths; break; } + if (path->type == DEV_PATH_MTK_WDMA) { + i = stack->num_paths; + break; + } /* DEV_PATH_VLAN and DEV_PATH_PPPOE */ if (info->num_encaps >= NF_FLOW_TABLE_ENCAP_MAX) { From patchwork Fri Feb 28 20:15:30 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13997121 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 3F649C282C5 for ; Fri, 28 Feb 2025 20:38:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=BVAkTZii1Gy4XRugZsnKaWDIV+1UdUIxS1E1wVQkwnU=; b=ONgn5dYfNT6lFKXGOCaeVLlKTu VCtq57qnA2feYKMsQYc2DCndY14A+RFhKanQhN97KfCV/7iuYme9BGR9s2Xj+gnobMSZxl6exxFIO pKtm0h0V/R3yxLc+hsqFeS6R8hBxDFNvArg5Nj3pafZAXY6b8EyQziB7ene65XQqw1zISi54yMhUt o1T0lYA1XGndBt+EwB7Gr011hLGsfUETCs25tOSVFYZ/PiWgErleqke4gcKzExCLCOyDG4Tdz/3dQ chGnVq+/y9P2Fy4o+4Sd3u3XP2GecShWQDH/L3w4FGKWgvJ68Vh6J/32Ks9r1dqDh2Ll0QtnXZ21y 7d1C7FYQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1to77v-0000000CdEV-1cd9; Fri, 28 Feb 2025 20:38:31 +0000 Received: from mail-ej1-x633.google.com ([2a00:1450:4864:20::633]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1to6mh-0000000CYOw-139U; Fri, 28 Feb 2025 20:16:36 +0000 Received: by mail-ej1-x633.google.com with SMTP id a640c23a62f3a-abf4b376f2fso37979666b.3; Fri, 28 Feb 2025 12:16:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1740773793; x=1741378593; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=BVAkTZii1Gy4XRugZsnKaWDIV+1UdUIxS1E1wVQkwnU=; b=NCigfeh+KJ48+K3rUZksDUooBDHGDp+t+y9Pen2vk5TzHtZmnWOZd4RIIRlbOYdiua TvIP0ny2R98JpUTcawD2uZzjrhftU4Oppifek8V9E1KO8UYKj+oHZjTILqxkCDyelsTV rtwQyIr7gD/VAJDTs66JEQKdwYs2PIR6/cYBbo1t/BxF+gZYRFpD1ddthjap0Lh5ZzQa zW7QDNNrzv7BbL7pLD3JvijMUfdwfbQg6wbY9jzwXKy8xFeycaq3BJtrCOz1c65Ru/9I MzB9gqv5ZQ4MfoAjvX0jwawPpfyC0wZ8IjFDsLMdh4jqUoA8EJV9hm5YPawPzGAbKlev xqIQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740773793; x=1741378593; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=BVAkTZii1Gy4XRugZsnKaWDIV+1UdUIxS1E1wVQkwnU=; b=OloKZ/qMX3f820ZDITn5M/lFLCQlM6FfwFKk9CsCWrBjNJVY28AUoxFyqhbT4ERzYX /IwuCV+FzMADUqyL5ouHHVRqeYrJmFdLILVF3eQIXbr8ldhy1+idDbcYDqB6OqryHEHj YX+Y0v+ufsnpbqkcLS7ZUuLQCVxIhQiQF89jjalXcNv/HOf2+YVXtkmXKmM4WzVQXXjj +mr60eh0pGX6T8S77BJvcKjvYE3ixOmcaAhEf61GkP/mu3ZTRNzEkww2lWKVQG4n9X/3 jn6P0JdZ1BVXO4qZCrcVixVlpW0RVouUlE8+Ax8oNKluYXgQ9v6Q8OfpG9Rklq0BzS49 UgBg== X-Forwarded-Encrypted: i=1; AJvYcCWC+6Gjg8ohENIyecrl1IaSLvjG7XtGHmWPrSZytR5z7eNK5r+7a3oCMyXEmZwME008Qf5R83Wi9oefz5Sciwws@lists.infradead.org, AJvYcCXYmjUqUar4g384RgmR6bCA68IN5BkBIZkmfKuIhy32/FQBtmKgsUMMkizE68FOdXUINpHgJwT5RFCMabt0Lj4=@lists.infradead.org X-Gm-Message-State: AOJu0YyNZ2RcjC1NuGa2LM495RYbx1ApLcHlq4fCW0/kpdSGb8wnMAxf IUKK8vgIfpyYZv5wqk5X2XajIGTZ/ibi1TblJOjRh41sXFRc2ROL X-Gm-Gg: ASbGncslL62Qc9sMchg6+28BLpAgtTPS0/rsbNFLgv37DXB4m9RE3nbqkxEInEyUvPU JkNlu07FxAbLn/I+1AAuZr/FbtfFcp6cEZPO0sQCQRVJTMjjI0noBlX/9mjFWJ1bhCN4HMK3BAR JHXFrSOKLx9KE3VqVuefS38G96RnT9vvKHx0oU/zpxPNFEXzplDNn4nGMYz973e8GAKdtQpxt71 tzTDgMbzX28Ozftu/8o9TxZ4gt6N2k39hSqJCBbgysSzEG0f+xO9BV+mM9aMoINvFxn4flRfHOA IUEJMp85O4dpAeXVXEJX0v62P6T6iQb5fRnKFBmS/7puKopvo54JzA2IsUUcEbHOkfpoJtiFrDW HARq5o66VAKCz9MNxeeyMn/hRlhUjEsnZteGn99t908d9TgvHJE4cJPudecHFMQ== X-Google-Smtp-Source: AGHT+IHTNHcim7XN7hH9c7Sh5FIEX168d0fQlddgi57248KaGuR3JKO3W8QVJ0D+qGDqKD6MfYoZMQ== X-Received: by 2002:a17:907:6d04:b0:abc:29e3:f453 with SMTP id a640c23a62f3a-abf261f2fd0mr480274566b.33.1740773793400; Fri, 28 Feb 2025 12:16:33 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-abf0c755c66sm340812666b.136.2025.02.28.12.16.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 28 Feb 2025 12:16:32 -0800 (PST) From: Eric Woudstra To: Michal Ostrowski , Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Ahmed Zaki , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, linux-hardening@vger.kernel.org, Kees Cook , "Gustavo A. R. Silva" , Eric Woudstra Subject: [PATCH v8 net-next 12/15] netfilter: nft_flow_offload: No ingress_vlan forward info for dsa user port Date: Fri, 28 Feb 2025 21:15:30 +0100 Message-ID: <20250228201533.23836-13-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250228201533.23836-1-ericwouds@gmail.com> References: <20250228201533.23836-1-ericwouds@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250228_121635_287335_0F05DF69 X-CRM114-Status: GOOD ( 11.32 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org The bitfield info->ingress_vlans and corresponding vlan encap are used for a switchdev user port. However, they should not be set for a dsa user port. Reviewed-by: Nikolay Aleksandrov Signed-off-by: Eric Woudstra --- net/netfilter/nft_flow_offload.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index b9e6d9e6df66..c95fad495460 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -116,6 +116,11 @@ static void nft_dev_path_info(const struct net_device_path_stack *stack, break; if (path->type == DEV_PATH_DSA) { i = stack->num_paths; + if (!info->num_encaps || + !(info->ingress_vlans & BIT(info->num_encaps - 1))) + break; + info->num_encaps--; + info->ingress_vlans &= ~BIT(info->num_encaps - 1); break; } if (path->type == DEV_PATH_MTK_WDMA) { From patchwork Fri Feb 28 20:15:31 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13997122 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id BCFBDC282C6 for ; Fri, 28 Feb 2025 20:40:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=KGHKkM4qxKd9EB0pt79Yst8lznP4qD+tbsrDkGhaAL8=; b=vkU0oGXlRX20yzwzVREQN7xNSQ DMkEydYafnZVp+mZcPC91BvQ87Hn104elkoIq0j4Re5rBibiStfu9PzFDxZyUMhlMt9JJC4YY7Fgt GTLeqrejT693kF49SIPN7gG34fTOxFK3XR+mNApHGIvcowjTXmzH2979liy6rPRUqvSZMlplI0YRt XCwuAV/nl+v3iDvha+un0jYrkxgWLFCe18PoNX9rYLWneqd2/lNhawFm+ez5e6g3kuIx6aGkvv1Sy ISMZHNv3wvH9oOk3NooXgNnPqyjV4m/+t1xY8ka64HfKC1rFNobAm/f2Gqt6O15Gc86hwLCk8M+xt mjK7RtDQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1to79R-0000000CdVH-1LWk; Fri, 28 Feb 2025 20:40:05 +0000 Received: from mail-ed1-x532.google.com ([2a00:1450:4864:20::532]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1to6mi-0000000CYPR-2BL2; Fri, 28 Feb 2025 20:16:37 +0000 Received: by mail-ed1-x532.google.com with SMTP id 4fb4d7f45d1cf-5e4d3f92250so2690300a12.1; Fri, 28 Feb 2025 12:16:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1740773795; x=1741378595; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=KGHKkM4qxKd9EB0pt79Yst8lznP4qD+tbsrDkGhaAL8=; b=CtMUsdAHMX2s8xdTep+7HlYRWB6vZYEg/3JK5RGoGYA3nhJTsUfpSDoK/vKPajK0/f 8Dy5AwX6D/mB9b6mhS9abHSLGBFnxy1tBnDB0zdIdKK9TlmAQw/I6ikZSROvHS7M4ncM AahU4hQKf5Z3cOPYqkH4en2U9IlFgnMWUyHe/qruCaoqxeQzOI7evFVJYIlriBkYkLe7 W8OXALxo/+YJGSqi1sIqiRLksFDcbKlz12aHRys6tl76rOy7gbAcZwioeBRV2OEQyBkB zPharjWkx9qDalZThN48E/TawnB/aAxiONy/xwic4NgQ3nh+y6A36uSXoGnbLbe3fk7X dnmg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740773795; x=1741378595; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=KGHKkM4qxKd9EB0pt79Yst8lznP4qD+tbsrDkGhaAL8=; b=LvqFr7UxVetmDhsXNU9TsOpFK6ZsnpkxjjrmRmJnjMpZvRryB6Zax7YQi72/0rKy4s 1XBQQ+dADLr7vN2q5Sl2bXZM2OLwBZ92OdG8E/NFeQp3N3TI++Cpqrmqx2MABJZFuqer 1FPP0+asRxddByi/bL2GyhfXhMLalTaC9tJ3j0MzbJmWcYT4ThcOfNNTgwEoICu9MlR4 wVJ6Q2VyHjiLWtK+WTAyMWM8Fli1jvPJbVSJ+N14cAXeKXVgSz28sUbXpyKxlAYoTF2V yzfa5T6Yb+ewqVRp0B/cC3dUXr18DWlEJcTmYX+EJ3CaNMx2B2HT56QtkVzp8xXnMm3p OqfQ== X-Forwarded-Encrypted: i=1; AJvYcCVV/a0AOkM2Jyr77JBq2Tau+e8OkqYTUWpr7eJqzWqyypR5D0BQQyaURa/eFuMHQGsy2vn8t80iqmkj8rZsP08=@lists.infradead.org, AJvYcCW9hRSLpD9FOWtcD9tqnE/+M/mS+a9lMKh1T83+kM37SuumfFGB3vkbVp++j2NynoihEDuIqZhOVwdLP+Fz9Jb2@lists.infradead.org X-Gm-Message-State: AOJu0YyltVa+N/TVwkjC7wPUgVD1eVIQBfpb9YqK1Gw5k4vNkoYNGndS XG30tCY8n55Z6izgc9GyrDZ/Z6Rh0FpNi4D3uvVEy94abMSL/UpG X-Gm-Gg: ASbGnctWKdTNzMbd5dTibM1dAcFzztc2zw5QTCSrRmuHyLPs4hddkkdhmrxTsY1514r TsPG3YleuH6YhU1T6+dxvQ2bOw5r2vJT5U7Yq/J2pGWVUn4kW4lVFGhrXNiZfemN8fS1UBbApgs +QNARsU5qCQ5Vmn8h1wkH+0JvrAYH10k7s0bc8drznuf6PtP19J3IpDSTcGXU8SezQ5OHh6YJk4 bDyniG34D0+gZZtwwl8oAceOY5vN7t+X2QyNkiezPvmxAtsFvSZ6Y/fNAcekXq84awrzDVP0y+A LBDuBCGQGEy9YxByM5lNP9r4h71U1HqpzimZ6tfGWEes4FjbhUaFiayCvpz2L3Xi6ON5N9fNPEs unc6SJsAU5opI7xifqqWjOzXiwRKd8qlr+Q5lgfPHEj8= X-Google-Smtp-Source: AGHT+IEkQhpenLsv9Nobf0wiiAys0Z5V5MCyZxZmQpmyL4y9KNHC8I8jD08d28fmF8UGgHnRX7Un0w== X-Received: by 2002:a17:907:9408:b0:abf:19ac:76d with SMTP id a640c23a62f3a-abf269b9a91mr542028566b.51.1740773794665; Fri, 28 Feb 2025 12:16:34 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-abf0c755c66sm340812666b.136.2025.02.28.12.16.33 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 28 Feb 2025 12:16:34 -0800 (PST) From: Eric Woudstra To: Michal Ostrowski , Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Ahmed Zaki , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, linux-hardening@vger.kernel.org, Kees Cook , "Gustavo A. R. Silva" , Eric Woudstra Subject: [PATCH v8 net-next 13/15] bridge: No DEV_PATH_BR_VLAN_UNTAG_HW for dsa foreign Date: Fri, 28 Feb 2025 21:15:31 +0100 Message-ID: <20250228201533.23836-14-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250228201533.23836-1-ericwouds@gmail.com> References: <20250228201533.23836-1-ericwouds@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250228_121636_558496_BBFA3C98 X-CRM114-Status: GOOD ( 21.49 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org In network setup as below: fastpath bypass .----------------------------------------. / \ | IP - forwarding | | / \ v | / wan ... | / | | | | | brlan.1 | | | +-------------------------------+ | | vlan 1 | | | | | | brlan (vlan-filtering) | | | +---------------+ | | | DSA-SWITCH | | | vlan 1 | | | | to | | | | untagged 1 vlan 1 | | +---------------+---------------+ . / \ ----->wlan1 lan0 . . . ^ ^ vlan 1 tagged packets untagged packets br_vlan_fill_forward_path_mode() sets DEV_PATH_BR_VLAN_UNTAG_HW when filling in from brlan.1 towards wlan1. But it should be set to DEV_PATH_BR_VLAN_UNTAG in this case. Using BR_VLFLAG_ADDED_BY_SWITCHDEV is not correct. The dsa switchdev adds it as a foreign port. The same problem for all foreignly added dsa vlans on the bridge. First add the vlan, trying only native devices. If this fails, we know this may be a vlan from a foreign device. Use BR_VLFLAG_TAGGING_BY_SWITCHDEV to make sure DEV_PATH_BR_VLAN_UNTAG_HW is set only when there if no foreign device involved. Acked-by: Nikolay Aleksandrov Signed-off-by: Eric Woudstra --- include/net/switchdev.h | 1 + net/bridge/br_private.h | 10 ++++++++++ net/bridge/br_switchdev.c | 15 +++++++++++++++ net/bridge/br_vlan.c | 7 ++++++- net/switchdev/switchdev.c | 2 +- 5 files changed, 33 insertions(+), 2 deletions(-) diff --git a/include/net/switchdev.h b/include/net/switchdev.h index 8346b0d29542..ee500706496b 100644 --- a/include/net/switchdev.h +++ b/include/net/switchdev.h @@ -15,6 +15,7 @@ #define SWITCHDEV_F_NO_RECURSE BIT(0) #define SWITCHDEV_F_SKIP_EOPNOTSUPP BIT(1) #define SWITCHDEV_F_DEFER BIT(2) +#define SWITCHDEV_F_NO_FOREIGN BIT(3) enum switchdev_attr_id { SWITCHDEV_ATTR_ID_UNDEFINED, diff --git a/net/bridge/br_private.h b/net/bridge/br_private.h index a0b950390a16..b950db453d8d 100644 --- a/net/bridge/br_private.h +++ b/net/bridge/br_private.h @@ -180,6 +180,7 @@ enum { BR_VLFLAG_MCAST_ENABLED = BIT(2), BR_VLFLAG_GLOBAL_MCAST_ENABLED = BIT(3), BR_VLFLAG_NEIGH_SUPPRESS_ENABLED = BIT(4), + BR_VLFLAG_TAGGING_BY_SWITCHDEV = BIT(5), }; /** @@ -2184,6 +2185,8 @@ void br_switchdev_mdb_notify(struct net_device *dev, int type); int br_switchdev_port_vlan_add(struct net_device *dev, u16 vid, u16 flags, bool changed, struct netlink_ext_ack *extack); +int br_switchdev_port_vlan_no_foreign_add(struct net_device *dev, u16 vid, u16 flags, + bool changed, struct netlink_ext_ack *extack); int br_switchdev_port_vlan_del(struct net_device *dev, u16 vid); void br_switchdev_init(struct net_bridge *br); @@ -2267,6 +2270,13 @@ static inline int br_switchdev_port_vlan_add(struct net_device *dev, u16 vid, return -EOPNOTSUPP; } +static inline int br_switchdev_port_vlan_no_foreign_add(struct net_device *dev, u16 vid, + u16 flags, bool changed, + struct netlink_ext_ack *extack) +{ + return -EOPNOTSUPP; +} + static inline int br_switchdev_port_vlan_del(struct net_device *dev, u16 vid) { return -EOPNOTSUPP; diff --git a/net/bridge/br_switchdev.c b/net/bridge/br_switchdev.c index 7b41ee8740cb..efa7a055b8f9 100644 --- a/net/bridge/br_switchdev.c +++ b/net/bridge/br_switchdev.c @@ -187,6 +187,21 @@ int br_switchdev_port_vlan_add(struct net_device *dev, u16 vid, u16 flags, return switchdev_port_obj_add(dev, &v.obj, extack); } +int br_switchdev_port_vlan_no_foreign_add(struct net_device *dev, u16 vid, u16 flags, + bool changed, struct netlink_ext_ack *extack) +{ + struct switchdev_obj_port_vlan v = { + .obj.orig_dev = dev, + .obj.id = SWITCHDEV_OBJ_ID_PORT_VLAN, + .obj.flags = SWITCHDEV_F_NO_FOREIGN, + .flags = flags, + .vid = vid, + .changed = changed, + }; + + return switchdev_port_obj_add(dev, &v.obj, extack); +} + int br_switchdev_port_vlan_del(struct net_device *dev, u16 vid) { struct switchdev_obj_port_vlan v = { diff --git a/net/bridge/br_vlan.c b/net/bridge/br_vlan.c index a18c7da12ebd..aea94d401a30 100644 --- a/net/bridge/br_vlan.c +++ b/net/bridge/br_vlan.c @@ -109,6 +109,11 @@ static int __vlan_vid_add(struct net_device *dev, struct net_bridge *br, /* Try switchdev op first. In case it is not supported, fallback to * 8021q add. */ + err = br_switchdev_port_vlan_no_foreign_add(dev, v->vid, flags, false, extack); + if (err != -EOPNOTSUPP) { + v->priv_flags |= BR_VLFLAG_ADDED_BY_SWITCHDEV | BR_VLFLAG_TAGGING_BY_SWITCHDEV; + return err; + } err = br_switchdev_port_vlan_add(dev, v->vid, flags, false, extack); if (err == -EOPNOTSUPP) return vlan_vid_add(dev, br->vlan_proto, v->vid); @@ -1491,7 +1496,7 @@ int br_vlan_fill_forward_path_mode(struct net_bridge *br, if (path->bridge.vlan_mode == DEV_PATH_BR_VLAN_TAG) path->bridge.vlan_mode = DEV_PATH_BR_VLAN_KEEP; - else if (v->priv_flags & BR_VLFLAG_ADDED_BY_SWITCHDEV) + else if (v->priv_flags & BR_VLFLAG_TAGGING_BY_SWITCHDEV) path->bridge.vlan_mode = DEV_PATH_BR_VLAN_UNTAG_HW; else path->bridge.vlan_mode = DEV_PATH_BR_VLAN_UNTAG; diff --git a/net/switchdev/switchdev.c b/net/switchdev/switchdev.c index 6488ead9e464..c48f66643e99 100644 --- a/net/switchdev/switchdev.c +++ b/net/switchdev/switchdev.c @@ -749,7 +749,7 @@ static int __switchdev_handle_port_obj_add(struct net_device *dev, /* Event is neither on a bridge nor a LAG. Check whether it is on an * interface that is in a bridge with us. */ - if (!foreign_dev_check_cb) + if (!foreign_dev_check_cb || port_obj_info->obj->flags & SWITCHDEV_F_NO_FOREIGN) return err; br = netdev_master_upper_dev_get(dev); From patchwork Fri Feb 28 20:15:32 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13997125 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 31DF7C282C6 for ; Fri, 28 Feb 2025 20:41:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=h2oeCJos5+VWLjM6O6Ww7CfUdtvRNnO3dpetsG6O99c=; b=htZGa1OLX04BBX2fSRCVqOAnZt p+8hl4Q1FAAdxrItS61sEXETLjTmUF9FEw/eN+kVK5nH1tadWZIG6UomF2plFXUVJgEIepSp17UKz +GBAH/bZwC/WdrV7EYliLOB4Fmuz+DYtOY5WGnpNX8Fw5gNgrWyXnvlOWbb6fIz/EtWtCB4sm0yAq 4J+jVBYt9BndUcONFfQNfgqJRvio3kDR+FBBDqMcWsZXe+T6fMilP58xKaxVYG7Jsn9kP+1kDEijk RWxqWgxULmswxESPljcET/fkQ9f2vO26j9VcKmQ1dd8wqImpeAl9GSOy2cqZPBYsyiBI0FKsXwGyj yRiVRV+w==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1to7Ax-0000000Cdhj-2Dzh; Fri, 28 Feb 2025 20:41:39 +0000 Received: from mail-ed1-x532.google.com ([2a00:1450:4864:20::532]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1to6mj-0000000CYQ9-23TX; Fri, 28 Feb 2025 20:16:38 +0000 Received: by mail-ed1-x532.google.com with SMTP id 4fb4d7f45d1cf-5dc89df7eccso3976158a12.3; Fri, 28 Feb 2025 12:16:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1740773796; x=1741378596; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=h2oeCJos5+VWLjM6O6Ww7CfUdtvRNnO3dpetsG6O99c=; b=FVt3B7lm3V9J93Tas0COhFcluqYEns3vYx1QVMJqTh+Dxx8UoeL+FOklxgNUViy6sz aaccdT2V7wmHhyQZJRmgr0itJyaMkbkv0ahQwhhmqdTTZpEkrNv39QRZq4W8iKweqi8Y MwdhpttJHy4i88tMOBjq9N0nJ0AJSeBfCnMyojb6LdNAxxm+5aFUTuOLk/t8i0vmeV3S dy/72pxEF+N0prr2eMT0qSvv11JGPLt57+5qZ699UBpicnilq3zytaDtWCSPNqjyi291 1YgjGyPFHrnvA7WP2DBFpR97lVEATSkaCMRohTGYaa287mSg9l8ZZ0m+WRJ841hSjDoh f0lg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740773796; x=1741378596; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=h2oeCJos5+VWLjM6O6Ww7CfUdtvRNnO3dpetsG6O99c=; b=mskGfATQD+/z0BMuGkbX4Vx2p//ALC/Lo+GvgdMVLUELBySZht4A1TjGCa74XtU6Qp L29AkYV/mFoL8iunDqKyjDBLMbME7IUmr8sxGgDKAeevi1jrtqYdatIhiUu8mXwldPYW Ou/CHcj4kE9Dp0tNcDj5tVsk4jyWjw+WHbTKcACecJx2W8Nm/jlnCS8GANwq953gI7PE bxHYb2vyd3bXV3Ne5T10Ev/F4VUczN+BzYEjYqynhv/ThPX804ZhGsZxx+cBvsCJnftr m2WURsPBdGEXnvcO5nnxiZbSgyOmGyJq+fsA7yEYx1hBWhcthbSCwA5t2gGKay8wijVf Tnfw== X-Forwarded-Encrypted: i=1; AJvYcCVG/jb7owmGQ/HxZkYi/WRiR9x01NeK1xEJJFevGrV3qNnzfKgUfrc2N7zlQ+K9/UOWV/pksPBLleq38zD89yk=@lists.infradead.org, AJvYcCWruoJML8Gx54a4Tr7hbG1bPLFGmPOGdTHHPWoG/RzTeLRI7nKrLfPt7kw30nbdvssqCneuBiD+kvofnr/YJ6Gb@lists.infradead.org X-Gm-Message-State: AOJu0YyN40ymqApBn2VDhHGfl9416XD/soxAze/lFhlZ4m/h8ibhBTHN MpDf6qcbXwKMPiq59gV4Xrsrn395Qs/B0OjpfCniwqwzEWtj9SyU X-Gm-Gg: ASbGncsy4vUsDnaIwLrjBSJBh9myumn5oR6rHG+luEKkQP/MBe1YeipPZT2JGdZ0grE Uf6aWfaDvKAhGZXLD+rlZ0R2JHOGMKMtV55gSV31L3H6S55WVC/L33kKIyOldserGHh7K5mEuOg JUZ6CDRu+eVq3zAkVAKBDiXxYEdS4rdCCxTxBkOJkM0RMpBiIisPynaGeX3uNhHHV4cfxDMuovu spMz0PPGvs5J+wSm/cSm7SDFXhVaeFIqbcHnBFv25JKTWECmjhBHYkX/3szHoWD8Da25H85KTv+ 4X3V+ami39D3m0Gi2RiRz/IhaDcvVu2Y/aJCBGQ1A1EgkPF/q9+DQrj3VPBafBa6x/oi+gjiGzN CiT4f/4Q2xcZu9ScwLnBMpqbhvobGY5dnzZ9jCtbBdZ0= X-Google-Smtp-Source: AGHT+IGRd37BcugXvRzWetE0RiFp1sspn48cYfwa0XVMvCj+hDeBReablJgdaX0T/5erZICf63Pa2A== X-Received: by 2002:a17:907:7f91:b0:ab7:c358:2fec with SMTP id a640c23a62f3a-abf25da05d8mr559746666b.5.1740773795955; Fri, 28 Feb 2025 12:16:35 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-abf0c755c66sm340812666b.136.2025.02.28.12.16.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 28 Feb 2025 12:16:35 -0800 (PST) From: Eric Woudstra To: Michal Ostrowski , Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Ahmed Zaki , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, linux-hardening@vger.kernel.org, Kees Cook , "Gustavo A. R. Silva" , Eric Woudstra Subject: [PATCH v8 net-next 14/15] bridge: Introduce DEV_PATH_BR_VLAN_KEEP_HW for bridge-fastpath Date: Fri, 28 Feb 2025 21:15:32 +0100 Message-ID: <20250228201533.23836-15-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250228201533.23836-1-ericwouds@gmail.com> References: <20250228201533.23836-1-ericwouds@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250228_121637_529273_8E38D452 X-CRM114-Status: GOOD ( 15.37 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org This patch introduces DEV_PATH_BR_VLAN_KEEP_HW. It is needed in the bridge fastpath for switchdevs supporting SWITCHDEV_OBJ_ID_PORT_VLAN. It is similar to DEV_PATH_BR_VLAN_TAG, with the correcponding bit in ingress_vlans set. In the forward fastpath it is not needed. Acked-by: Nikolay Aleksandrov Signed-off-by: Eric Woudstra --- include/linux/netdevice.h | 1 + net/bridge/br_device.c | 4 ++++ net/bridge/br_vlan.c | 18 +++++++++++------- net/netfilter/nft_flow_offload.c | 3 +++ 4 files changed, 19 insertions(+), 7 deletions(-) diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h index 2ee53478d9f0..17d82e4632dd 100644 --- a/include/linux/netdevice.h +++ b/include/linux/netdevice.h @@ -887,6 +887,7 @@ struct net_device_path { DEV_PATH_BR_VLAN_TAG, DEV_PATH_BR_VLAN_UNTAG, DEV_PATH_BR_VLAN_UNTAG_HW, + DEV_PATH_BR_VLAN_KEEP_HW, } vlan_mode; u16 vlan_id; __be16 vlan_proto; diff --git a/net/bridge/br_device.c b/net/bridge/br_device.c index c7646afc8b96..112fd8556217 100644 --- a/net/bridge/br_device.c +++ b/net/bridge/br_device.c @@ -430,6 +430,10 @@ static int br_fill_forward_path(struct net_device_path_ctx *ctx, case DEV_PATH_BR_VLAN_UNTAG: ctx->num_vlans--; break; + case DEV_PATH_BR_VLAN_KEEP_HW: + if (!src) + path->bridge.vlan_mode = DEV_PATH_BR_VLAN_KEEP; + break; case DEV_PATH_BR_VLAN_KEEP: break; } diff --git a/net/bridge/br_vlan.c b/net/bridge/br_vlan.c index aea94d401a30..114d47d5f90f 100644 --- a/net/bridge/br_vlan.c +++ b/net/bridge/br_vlan.c @@ -1494,13 +1494,17 @@ int br_vlan_fill_forward_path_mode(struct net_bridge *br, if (!(v->flags & BRIDGE_VLAN_INFO_UNTAGGED)) return 0; - if (path->bridge.vlan_mode == DEV_PATH_BR_VLAN_TAG) - path->bridge.vlan_mode = DEV_PATH_BR_VLAN_KEEP; - else if (v->priv_flags & BR_VLFLAG_TAGGING_BY_SWITCHDEV) - path->bridge.vlan_mode = DEV_PATH_BR_VLAN_UNTAG_HW; - else - path->bridge.vlan_mode = DEV_PATH_BR_VLAN_UNTAG; - + if (path->bridge.vlan_mode == DEV_PATH_BR_VLAN_TAG) { + if (v->priv_flags & BR_VLFLAG_TAGGING_BY_SWITCHDEV) + path->bridge.vlan_mode = DEV_PATH_BR_VLAN_KEEP_HW; + else + path->bridge.vlan_mode = DEV_PATH_BR_VLAN_KEEP; + } else { + if (v->priv_flags & BR_VLFLAG_TAGGING_BY_SWITCHDEV) + path->bridge.vlan_mode = DEV_PATH_BR_VLAN_UNTAG_HW; + else + path->bridge.vlan_mode = DEV_PATH_BR_VLAN_UNTAG; + } return 0; } diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index c95fad495460..c0c310c569cd 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -148,6 +148,9 @@ static void nft_dev_path_info(const struct net_device_path_stack *stack, case DEV_PATH_BR_VLAN_UNTAG_HW: info->ingress_vlans |= BIT(info->num_encaps - 1); break; + case DEV_PATH_BR_VLAN_KEEP_HW: + info->ingress_vlans |= BIT(info->num_encaps); + fallthrough; case DEV_PATH_BR_VLAN_TAG: info->encap[info->num_encaps].id = path->bridge.vlan_id; info->encap[info->num_encaps].proto = path->bridge.vlan_proto; From patchwork Fri Feb 28 20:15:33 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 13997126 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 43FBDC282C6 for ; Fri, 28 Feb 2025 20:43:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=E8P5h61gnv0DfF0R+vjh2CpjgGHUfjM4UjNVV+Pbc34=; b=Hwrl3BXoxs6RdtQWTMWkRFNmyv Y4j8Vxjnc+o5KbRIQBnk8xGEHWMT4j3dq4lBMIR5w17IoGxGiFBCfPAdRnviaYXqCxYxUO73sAJAl E7uPj0F15Vdp021C5k3ABgsUbBukpuatvBq/jiW6ijOiQW2kXVje17I0jTUoM+4vaK3+qpClQDxce aFiaR6Z9NrxnYAukcQSqsdedUgETeF6FwTZslaUzeSNoqBjsfajPJeHjU6apguwd46n1hg3DX1jHw qddoE3CmcePr/Fcg5KBsWQFL7v+6e1BqB2dgo2RVjy6QI7B4lI2BNAr1DtTu29AFXhYJ2vc/qgibL AL6txylg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1to7CS-0000000CdqS-2WkE; Fri, 28 Feb 2025 20:43:12 +0000 Received: from mail-ed1-x533.google.com ([2a00:1450:4864:20::533]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1to6ml-0000000CYSJ-1pXc; Fri, 28 Feb 2025 20:16:40 +0000 Received: by mail-ed1-x533.google.com with SMTP id 4fb4d7f45d1cf-5e0b70fb1daso4155425a12.1; Fri, 28 Feb 2025 12:16:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1740773798; x=1741378598; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=E8P5h61gnv0DfF0R+vjh2CpjgGHUfjM4UjNVV+Pbc34=; b=axdwo+WhpDoN6yd74PrWseAoEt2kn6LJxrbe4FMzLBFJGQRVImD+NONCjf6Ry/s/m/ odzV0iJm3j7ceuV0uBu/JJ3o3txxjiNHB1JCLNxRvFPEcMM7fdBUwpxypjkEf1GMdkBB JmL5E2Y4Q8zNht3szDFiq71RGUdqjnhog4Nt4cn1oK6edAkKYlxwzodhx1ATVXDg0lBd PKo4G+ijQH/7piGkIxHm1TeUsp0vVQgl/T/SAZETrHpem4yBf4whndn+ElMz+vg/QP/G 38Tgceb035q051toMyI/puQz1Oz0QNjWuCIXi/UybwMYisfR8QOFEKWt/MBPZGXQ6zX1 Y3NA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740773798; x=1741378598; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=E8P5h61gnv0DfF0R+vjh2CpjgGHUfjM4UjNVV+Pbc34=; b=PIWvA7Oq3b/OfpGUHSwa5mCQYmMzt1wED2JhXe1qT1Tl0NEe99OBfDphdSfBHy5Bem RzYeyLSniFWaOtUuMOPLWFKaJLpA1Y2jPA7nLZsyEcl1SkZDmQwXkXWKhqB6Z8Ei2xd2 QyBm5/5tT8unMV4mJgT0KKXQ9p0nNV7YJzSyhl1XLsRZGU4lv7a2XJLlxm3bvPvo1xtI tHu3AmDeBYjcvGvqcWOEzFNTmvwIwDJ28wxBEuUSWD+HR09htruTqnfcbXQx7FBJRM/6 ZH3gHale/0CAD+/YtOhYdDM1GuSEb7CGoveiqwBbd2lry6nfzGxJaQ1gXGJ0NKp4Qx6h IT2A== X-Forwarded-Encrypted: i=1; AJvYcCXKjstPt4CvUhSVMC67G4a9xKgmJiSwDsGfnE9bEWxvCrMvAl1M8ox4WrkrOXq3hqnW50NZLQB0kw0IWlMHC4c=@lists.infradead.org, AJvYcCXxXjvAOLEeW0onzWWV19Evmfa7Mw5LuLkJ9nwIxmrDkGKc2cprqiNc23cJK1agCiBVI3MnF26xXlrktEGAwQ/X@lists.infradead.org X-Gm-Message-State: AOJu0Yzstx3dCjFSjBtyykKmX/4SJ8lY5woAvKxGRf43oVF2Y59fVKnw yZpIE1/2PAkzTEq0Xzee/iEt2MIpNN9s3BsUJrK0h/uG25HgGDEO X-Gm-Gg: ASbGncugaE+JNMzizjhxQVjE6ndwkJBLncvX2lnhf8UaH+TRaL0iiLiZxtWaw2wcqxN kfqGNeEGLGQCSVB8xyxOlLPDWGgmRedig53SuMEZh1ZLEOE0QE+ADcScvRTw6pgUxtfsdAx6eFb M7+AWD96SkdZWk0SHHp/KmQvnBJvPTC4eUw10WSxSMN2DuSpWXwYSDrw4OqvDm5F4rdrSWxdHhI cfJQHVQ31ky2bbudjNMbQDY/sreqaKaVLTD6tG8aBON4EKrJJ5TZOCap5t83huncoZFazTpRWpx RUtIktKlNzJjlKSI1JRE36pLIWwv/mxtb9YTL17NjN39jzhBGzDfIjkD27CdOu5rDVm6vqLJ7/u QQOSBYM9VeKAB9L3BYNssGI6idjPTa3wc+xyv5QttBfA= X-Google-Smtp-Source: AGHT+IFlmpbX1AaUedxm3P9O6u/RxXNPrF5Q2YDXimBGRC0W9OM/QT4gLwBWJH0mD9PJXhq7sPrRTA== X-Received: by 2002:a17:907:a642:b0:ab7:eff8:f92e with SMTP id a640c23a62f3a-abf25fa93afmr512343166b.21.1740773797389; Fri, 28 Feb 2025 12:16:37 -0800 (PST) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-abf0c755c66sm340812666b.136.2025.02.28.12.16.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 28 Feb 2025 12:16:36 -0800 (PST) From: Eric Woudstra To: Michal Ostrowski , Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Pablo Neira Ayuso , Jozsef Kadlecsik , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Ahmed Zaki , Alexander Lobakin , Vladimir Oltean , "Frank Wunderlich" , Daniel Golle Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, linux-hardening@vger.kernel.org, Kees Cook , "Gustavo A. R. Silva" , Eric Woudstra Subject: [PATCH v8 net-next 15/15] netfilter: nft_flow_offload: Add bridgeflow to nft_flow_offload_eval() Date: Fri, 28 Feb 2025 21:15:33 +0100 Message-ID: <20250228201533.23836-16-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250228201533.23836-1-ericwouds@gmail.com> References: <20250228201533.23836-1-ericwouds@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250228_121639_477143_2963CF72 X-CRM114-Status: GOOD ( 19.14 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Edit nft_flow_offload_eval() to make it possible to handle a flowtable of the nft bridge family. Use nft_flow_offload_bridge_init() to fill the flow tuples. It uses nft_dev_fill_bridge_path() in each direction. Signed-off-by: Eric Woudstra --- net/netfilter/nft_flow_offload.c | 142 +++++++++++++++++++++++++++++-- 1 file changed, 137 insertions(+), 5 deletions(-) diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index c0c310c569cd..03a0b5f7e8d2 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -193,6 +193,128 @@ static bool nft_flowtable_find_dev(const struct net_device *dev, return found; } +static int nft_dev_fill_bridge_path(struct flow_offload *flow, + struct nft_flowtable *ft, + enum ip_conntrack_dir dir, + const struct net_device *src_dev, + const struct net_device *dst_dev, + unsigned char *src_ha, + unsigned char *dst_ha) +{ + struct flow_offload_tuple_rhash *th = flow->tuplehash; + struct net_device_path_ctx ctx = {}; + struct net_device_path_stack stack; + struct nft_forward_info info = {}; + int i, j = 0; + + for (i = th[dir].tuple.encap_num - 1; i >= 0 ; i--) { + if (info.num_encaps >= NF_FLOW_TABLE_ENCAP_MAX) + return -1; + + if (th[dir].tuple.in_vlan_ingress & BIT(i)) + continue; + + info.encap[info.num_encaps].id = th[dir].tuple.encap[i].id; + info.encap[info.num_encaps].proto = th[dir].tuple.encap[i].proto; + info.num_encaps++; + + if (th[dir].tuple.encap[i].proto == htons(ETH_P_PPP_SES)) + continue; + + if (ctx.num_vlans >= NET_DEVICE_PATH_VLAN_MAX) + return -1; + ctx.vlan[ctx.num_vlans].id = th[dir].tuple.encap[i].id; + ctx.vlan[ctx.num_vlans].proto = th[dir].tuple.encap[i].proto; + ctx.num_vlans++; + } + ctx.dev = src_dev; + ether_addr_copy(ctx.daddr, dst_ha); + + if (dev_fill_bridge_path(&ctx, &stack) < 0) + return -1; + + nft_dev_path_info(&stack, &info, dst_ha, &ft->data); + + if (!info.indev || info.indev != dst_dev) + return -1; + + th[!dir].tuple.iifidx = info.indev->ifindex; + for (i = info.num_encaps - 1; i >= 0; i--) { + th[!dir].tuple.encap[j].id = info.encap[i].id; + th[!dir].tuple.encap[j].proto = info.encap[i].proto; + if (info.ingress_vlans & BIT(i)) + th[!dir].tuple.in_vlan_ingress |= BIT(j); + j++; + } + th[!dir].tuple.encap_num = info.num_encaps; + + th[dir].tuple.mtu = dst_dev->mtu; + ether_addr_copy(th[dir].tuple.out.h_source, src_ha); + ether_addr_copy(th[dir].tuple.out.h_dest, dst_ha); + th[dir].tuple.out.ifidx = info.outdev->ifindex; + th[dir].tuple.xmit_type = FLOW_OFFLOAD_XMIT_DIRECT; + + return 0; +} + +static int nft_flow_offload_bridge_init(struct flow_offload *flow, + const struct nft_pktinfo *pkt, + enum ip_conntrack_dir dir, + struct nft_flowtable *ft) +{ + const struct net_device *in_dev, *out_dev; + struct ethhdr *eth = eth_hdr(pkt->skb); + struct flow_offload_tuple *tuple; + struct pppoe_hdr *phdr; + struct vlan_hdr *vhdr; + int err, i = 0; + + in_dev = nft_in(pkt); + if (!in_dev || !nft_flowtable_find_dev(in_dev, ft)) + return -1; + + out_dev = nft_out(pkt); + if (!out_dev || !nft_flowtable_find_dev(out_dev, ft)) + return -1; + + tuple = &flow->tuplehash[!dir].tuple; + + if (skb_vlan_tag_present(pkt->skb)) { + tuple->encap[i].id = skb_vlan_tag_get(pkt->skb); + tuple->encap[i].proto = pkt->skb->vlan_proto; + i++; + } + switch (pkt->skb->protocol) { + case htons(ETH_P_8021Q): + vhdr = (struct vlan_hdr *)skb_network_header(pkt->skb); + tuple->encap[i].id = ntohs(vhdr->h_vlan_TCI); + tuple->encap[i].proto = pkt->skb->protocol; + i++; + break; + case htons(ETH_P_PPP_SES): + phdr = (struct pppoe_hdr *)skb_network_header(pkt->skb); + tuple->encap[i].id = ntohs(phdr->sid); + tuple->encap[i].proto = pkt->skb->protocol; + i++; + break; + } + tuple->encap_num = i; + + err = nft_dev_fill_bridge_path(flow, ft, !dir, out_dev, in_dev, + eth->h_dest, eth->h_source); + if (err < 0) + return err; + + memset(tuple->encap, 0, sizeof(tuple->encap)); + + err = nft_dev_fill_bridge_path(flow, ft, dir, in_dev, out_dev, + eth->h_source, eth->h_dest); + if (err < 0) + return err; + + return 0; +} + static void nft_dev_forward_path(struct nf_flow_route *route, const struct nf_conn *ct, enum ip_conntrack_dir dir, @@ -311,6 +433,7 @@ static void nft_flow_offload_eval(const struct nft_expr *expr, { struct nft_flow_offload *priv = nft_expr_priv(expr); struct nf_flowtable *flowtable = &priv->flowtable->data; + bool routing = flowtable->type->family != NFPROTO_BRIDGE; struct tcphdr _tcph, *tcph = NULL; struct nf_flow_route route = {}; enum ip_conntrack_info ctinfo; @@ -364,14 +487,21 @@ static void nft_flow_offload_eval(const struct nft_expr *expr, goto out; dir = CTINFO2DIR(ctinfo); - if (nft_flow_route(pkt, ct, &route, dir, priv->flowtable) < 0) - goto err_flow_route; + if (routing) { + if (nft_flow_route(pkt, ct, &route, dir, priv->flowtable) < 0) + goto err_flow_route; + } flow = flow_offload_alloc(ct); if (!flow) goto err_flow_alloc; - flow_offload_route_init(flow, &route); + if (routing) + flow_offload_route_init(flow, &route); + else + if (nft_flow_offload_bridge_init(flow, pkt, dir, priv->flowtable) < 0) + goto err_flow_add; + if (tcph) flow_offload_ct_tcp(ct); @@ -419,8 +549,10 @@ static void nft_flow_offload_eval(const struct nft_expr *expr, err_flow_add: flow_offload_free(flow); err_flow_alloc: - dst_release(route.tuple[dir].dst); - dst_release(route.tuple[!dir].dst); + if (routing) { + dst_release(route.tuple[dir].dst); + dst_release(route.tuple[!dir].dst); + } err_flow_route: clear_bit(IPS_OFFLOAD_BIT, &ct->status); out: