From patchwork Sat Mar 15 19:59:08 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 14018185 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-ed1-f53.google.com (mail-ed1-f53.google.com [209.85.208.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E4723190664; Sat, 15 Mar 2025 20:00:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.53 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1742068823; cv=none; b=EQRLjdqOEuUwm/utdR9kfKxbEHJMJqwYMOY7i3LwthchDJv2LOY+Aeef5z/OE/WRsVhlpqbCANbTQeTiTjHEFIaV2v1ime0dsF4bF9pmaGOQJ+jp3oR+r1SeGOIV5DfTUPy2bm83EyVCcxsu7bwah4CL4AoJBm2JMu9LhjozWRc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1742068823; c=relaxed/simple; bh=3Z4njUTIUlYavMf+0Y+ElzJTSDR75D1216ryx3PQ8E8=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Be3eObHPMBmcHCcRj7R5wmu2K8IA6oVMxfvoMTjYYW90L11EDfJQWef/QSmnA6IplksElyzuZVJRWNbxiIfllV+0g/eNh5QF4wlWn9CrIzuj3VEbdgP542VHN3Pe9Q8k/HMNsBObDfT6I7ZOFeYOBEMPxeVaxHJIpmZWi0ZXVRk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=B36OXZcm; arc=none smtp.client-ip=209.85.208.53 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="B36OXZcm" Received: by mail-ed1-f53.google.com with SMTP id 4fb4d7f45d1cf-5e5e63162a0so4685241a12.3; Sat, 15 Mar 2025 13:00:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1742068820; x=1742673620; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Sg9tWiv/Uu1QtqV/HdubXaG2hKDCUR8SadULn3NLk+U=; b=B36OXZcmco99jLmTHmr+rhmBzdf6RiJVyFbzBSV+qKuCRYjn1My9xXw1ITG454jvHQ ghO0PONyz56TURCKh/s1vRktNTv27sK1Uc0vef+tKxjFQbjWk71bOzIGEQQVBSJ7DxwF 2S13k0zHgg9AfslnAH+z6eZuZ4hqs3tVfVQCwquL3JOPrVKf5t/gcW/lQdvQMyGYzH6s PFfw7lxt3CQ06gmL8Cr/D5HPLtqoN+WGaZbW7BiYjU3CFAhtIeHBYRD70+T4Am1lb7F8 CFNnBR1gH1Gi+DKzzPDQSDPQ4G+9Rp5k3m4OUkZWWqDlqnsnrgRYUBNuX2e//8/DJo4h mPTA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1742068820; x=1742673620; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Sg9tWiv/Uu1QtqV/HdubXaG2hKDCUR8SadULn3NLk+U=; b=Sf08FlfXKUauQ7YTTWrk6l6MRR1RFUZ73hlSdwvzYmre+hBLIZ0Z5YnttyTkd/ovSa FL+38OqjtdSqDg18PiQ9FLxqWxd5baWdu3wJlmcnavLTDQQaFUaEMNWBpKnn8EmgLJqF RXESBEiRUzYzqZYBv0sohagNesu7oAFYnKspXw7BcdM01VY8BRWNGZvBoFNl68ZesFMQ BO6/gsXAqF+awcqhw/7Ffx6+FcX1yLukvCn9s29k91Y+Jz203obEQln34diXZqqWMJa8 prcY7FAc86tj3HTl8SETQ9f0o+LH9faKaoi5FSprW1/IEaQVUeX3HfmB/ri7ml0LZNKx yw9w== X-Forwarded-Encrypted: i=1; AJvYcCUHfv50TX/O6HXSobVKJx5BJRpMu1HQiJFGDd2UtqjGwFde1i1+aNKQVUHXQ3/PgIKIlA+wpf7dKhjmPGbYtGYO@vger.kernel.org, AJvYcCXmRhzBlT4lUrfpglD8xc1CfBvWiCw514RMrbEtbkdpuMili6mgBjoLcILp9pyFahapaoBV+YsXSUWZSYNmFnE=@vger.kernel.org X-Gm-Message-State: AOJu0YzyMbOXOx9MoL8j6qoSTLKAp8k4OSWHlMp2VK3irWynsW44SzUP EypJFHGst3AATr54ZSiZxK9D9VixP5zfcf0x0++hyfbODFG6UvoE X-Gm-Gg: ASbGncuCDz6K3ATUhT5PliNOscFCWMtjgdtXkfTkDwfc07/w9GHAzv2J5MrERCYS3gc fqrhmF5Avypj/+dMVeUs5yCd4XHwLKQnYBO06fcID1ht6ue4Yzp/kJqA+zawEevOU4YPgARCcRg bkEHtyj9pNioryHdIK7XGqXegK/oaXH+10564U799iBHPh9GspHjmBayUbj4xWl0xfYuClwRFtH HCYREXhPyadGXZI4x+0hfbIWcX2upKMPBiP0iLE0VyLZ7MwkuN/kL2qspUrjugXUcDJt3kcaQbN Xqqy5bzSwT1pFkCyTRiA1/owk9YSM77rbb7SivKaXJyF3xRmU0NH9Fv6Lm1I2kXj1ogyQEm89n3 pRYVxE43i6yzObvVgA/nO5SPkN+DTYaVaHPDC/tuGces8B+ddktaTcwGh82iLF/s= X-Google-Smtp-Source: AGHT+IE7w8dvIGOKdRY4QHJODvPRQb8+3NYkPP+jZDmV5KukTNaP0CK1hlDzOrp9qKK/qHIoelVMYg== X-Received: by 2002:a05:6402:1d53:b0:5e7:f728:5812 with SMTP id 4fb4d7f45d1cf-5e89f646e18mr7741671a12.19.1742068819796; Sat, 15 Mar 2025 13:00:19 -0700 (PDT) Received: from localhost.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5e816ad9ca5sm3519503a12.50.2025.03.15.13.00.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 15 Mar 2025 13:00:19 -0700 (PDT) From: Eric Woudstra To: Michal Ostrowski , Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Pablo Neira Ayuso , Jozsef Kadlecsik , Simon Horman Cc: netdev@vger.kernel.org, netfilter-devel@vger.kernel.org, linux-hardening@vger.kernel.org, Eric Woudstra , Nikolay Aleksandrov Subject: [PATCH v10 nf-next 1/3] net: pppoe: avoid zero-length arrays in struct pppoe_hdr Date: Sat, 15 Mar 2025 20:59:08 +0100 Message-ID: <20250315195910.17659-2-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250315195910.17659-1-ericwouds@gmail.com> References: <20250315195910.17659-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org Jakub Kicinski suggested following patch: W=1 C=1 GCC build gives us: net/bridge/netfilter/nf_conntrack_bridge.c: note: in included file (through ../include/linux/if_pppox.h, ../include/uapi/linux/netfilter_bridge.h, ../include/linux/netfilter_bridge.h): include/uapi/linux/if_pppox.h: 153:29: warning: array of flexible structures It doesn't like that hdr has a zero-length array which overlaps proto. The kernel code doesn't currently need those arrays. PPPoE connection is functional after applying this patch. Reviewed-by: Nikolay Aleksandrov --- Split from patch-set: bridge-fastpath and related improvements v9 Signed-off-by: Eric Woudstra --- drivers/net/ppp/pppoe.c | 2 +- include/uapi/linux/if_pppox.h | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/net/ppp/pppoe.c b/drivers/net/ppp/pppoe.c index 68e631718ab0..17946af6a8cf 100644 --- a/drivers/net/ppp/pppoe.c +++ b/drivers/net/ppp/pppoe.c @@ -882,7 +882,7 @@ static int pppoe_sendmsg(struct socket *sock, struct msghdr *m, skb->protocol = cpu_to_be16(ETH_P_PPP_SES); ph = skb_put(skb, total_len + sizeof(struct pppoe_hdr)); - start = (char *)&ph->tag[0]; + start = (char *)ph + sizeof(*ph); error = memcpy_from_msg(start, m, total_len); if (error < 0) { diff --git a/include/uapi/linux/if_pppox.h b/include/uapi/linux/if_pppox.h index 9abd80dcc46f..29b804aa7474 100644 --- a/include/uapi/linux/if_pppox.h +++ b/include/uapi/linux/if_pppox.h @@ -122,7 +122,9 @@ struct sockaddr_pppol2tpv3in6 { struct pppoe_tag { __be16 tag_type; __be16 tag_len; +#ifndef __KERNEL__ char tag_data[]; +#endif } __attribute__ ((packed)); /* Tag identifiers */ @@ -150,7 +152,9 @@ struct pppoe_hdr { __u8 code; __be16 sid; __be16 length; +#ifndef __KERNEL__ struct pppoe_tag tag[]; +#endif } __packed; /* Length of entire PPPoE + PPP header */ From patchwork Sat Mar 15 19:59:09 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 14018186 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-ed1-f42.google.com (mail-ed1-f42.google.com [209.85.208.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B0F59198851; Sat, 15 Mar 2025 20:00:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.42 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1742068825; cv=none; b=AdhJEGfcwgM84aygvUmOvsnlwSjIxyHQImiaFrDQ8B+WrUFmQJ9/8M36cSKkhR1t/AWJK/Dt3XtUg9Z2B38rUfEPe4GGS2LIRiS2bYyWitgslQt7f6Yixs9v+LMatb3cK7PeQB5muv2ijYOKODSlh4fX0TD1RZwz4/wGdVlalpw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1742068825; c=relaxed/simple; bh=kLHX+C7qoec0VsUDsMnahZyr/odnCvcbNv0AKm/Bw0k=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=gx+gwkOIQqgqACsQBZMml4aNkKodMJlBBsKJK+6YfJewVc5fjqQr0byVskdPv/v+xCtWCuAwnCsOzIf2lgBD3e8G4YftR8Q9X/N56gjxDACPtlop29pfB3zcEGvfYpddfCA5zRKmzh+8VPQFh7WI4vJA9GGrehs3A7MJxniZUw4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=lUmbqeuy; arc=none smtp.client-ip=209.85.208.42 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="lUmbqeuy" Received: by mail-ed1-f42.google.com with SMTP id 4fb4d7f45d1cf-5dccaaca646so5568857a12.0; Sat, 15 Mar 2025 13:00:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1742068822; x=1742673622; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=XXYQeszgzBNN6KX+og9YlBWfn80m9YROTWlB1NVgYFc=; b=lUmbqeuy2i8EI+UplzlE3ZOz6fz/zxe1rbV7PbzIOsLV1ON+GVeARKpydDwULTxEmQ 3hUIhvdbOj/Hj0a6K2b7nKkG80vDf2SRokmfFZnFC8EdkXYHrY8mG2TyJZ62ZdHtPrB2 hIOUswT9RKMvvzBt/D5axLF9XLra3PQoTpzbgWDigRT89M98JOgMvnuQdWGE1cLOmOZT 8GH8Ulsm1vqOxxF7PW28jB+FVZHSGnHwV3/TW/kp+sESXtSfkTILIfvCbtdsZzAndzO+ Z7oy71uIoLboFPxJyn2VbJBg5vl0AORgWImlg/ln871l8nyBsIe5CAU64dpH2sLVtBXd uPCg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1742068822; x=1742673622; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=XXYQeszgzBNN6KX+og9YlBWfn80m9YROTWlB1NVgYFc=; b=fj5fJS7+Mk2OxgSOhKwdhoOesuyWjAscDhYiajowXuj9OgUW0c6ceCiHw7MtaoOvxF 2/Fz+bgrTjBVLhyLwGHO21A2XoPcC+UAHvQI1cFIGCdL5yLpjh990byMfWyhrU8T2Cd2 4DCajyX/Akz8AHChmY77NQHCl45z06+9v+5htCERqhlMNXKWeDqeKINGFQ4KOwLynCwb iaPxd+tO+Xi6BwggpG+WIi5Q7ZXbT0dydEWQw1zzbbVVODPKLWdZL4Y8TIANOARmLEIt VGqsNki8wFHNjDEuESowoHWjbs0mzY3f9BoWbvVw0YBRdyms1d5KStipdoxUOERVfRRU P8+w== X-Forwarded-Encrypted: i=1; AJvYcCV+bQLG/LPpCt/wVactSo51VtjRr15nJ6t6zAJMlaR2YomEoQhgCghX2VSACa5mrfwwE7/6mIt+39mzAceETws=@vger.kernel.org, AJvYcCWAnh/oRXWSKOhAku5OR9yhyjhO1CpZKVStE3O3LqzoeP/o4608Y5SW8ftKQu+AkORRTT/3kdKyn51L6j5pfIED@vger.kernel.org X-Gm-Message-State: AOJu0YwhIeiVCnyyDFg8wReOGGPA7cr0WejD/0m0i2VDSHLEasJSgg8J Giw8hIt2GirJosjDdZdVxCGz0leiUnj+QxrwFrLxpXc1P4kJGHJo X-Gm-Gg: ASbGncuhBjOdaUEcW0rvaQozO7/Ad9Ah8YHIsdG/Yfo0dNFDmIOYxarmuBq9RFaYCtM y6FMEdSJxwRNC9S536M+Y5CcbwhO5z3A4D/MJahbdk+ODvSOf1PNfwnh/a1bdnAOqJqiRNa0RXp 4EAd5OP/cZyRO3tu303H1SDlwl0NAjhiQevMXIF6oahtlmetQHa/d+b54dB3kdPJVVkUpGVeaNX mkNo8UeNsnyq5sVeBPLhArXQ7VQNoW53OGBvq9EzyZnBKyDL3kB8Tvik1285YUvlunxO3dwRh4w fjdABkTBH3vbpcPGhE0W1vNaTT8OXfpQcX5O1kt3cXgquhdLotWpwPnS8dCXw7/lmTR+f1JsvQR /4QgObHI0OAeVoyKDp+BxcIe4jzfmjclEzzG/J7nqmLuzH+Zps2FI1iGjGfzJesE= X-Google-Smtp-Source: AGHT+IGvhw34V1mpZ3PAOYWV+wkSI6/8fNQ0Z94V9k80Z20IKiXWtl99U4En5q9wxAbkapNygG7t3A== X-Received: by 2002:a05:6402:50c7:b0:5e0:4c25:1491 with SMTP id 4fb4d7f45d1cf-5e814deb759mr11114011a12.7.1742068822112; Sat, 15 Mar 2025 13:00:22 -0700 (PDT) Received: from localhost.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5e816ad9ca5sm3519503a12.50.2025.03.15.13.00.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 15 Mar 2025 13:00:20 -0700 (PDT) From: Eric Woudstra To: Michal Ostrowski , Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Pablo Neira Ayuso , Jozsef Kadlecsik , Simon Horman Cc: netdev@vger.kernel.org, netfilter-devel@vger.kernel.org, linux-hardening@vger.kernel.org, Eric Woudstra , Nikolay Aleksandrov Subject: [PATCH v10 nf-next 2/3] netfilter: nf_flow_table_offload: Add nf_flow_encap_push() for xmit direct Date: Sat, 15 Mar 2025 20:59:09 +0100 Message-ID: <20250315195910.17659-3-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250315195910.17659-1-ericwouds@gmail.com> References: <20250315195910.17659-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org Loosely based on wenxu's patches: "nf_flow_table_offload: offload the vlan/PPPoE encap in the flowtable". Fixed double vlan and pppoe packets, almost entirely rewriting the patch. After this patch, it is possible to transmit packets in the fastpath with outgoing encaps, without using vlan- and/or pppoe-devices. This makes it possible to use more different kinds of network setups. For example, when bridge tagging is used to egress vlan tagged packets using the forward fastpath. Another example is passing 802.1q tagged packets through a bridge using the bridge fastpath. This also makes the software fastpath process more similar to the hardware offloaded fastpath process, where encaps are also pushed. After applying this patch, always info->outdev = info->hw_outdev, so the netfilter code can be further cleaned up by removing: * hw_outdev from struct nft_forward_info * out.hw_ifindex from struct nf_flow_route * out.hw_ifidx from struct flow_offload_tuple Reviewed-by: Nikolay Aleksandrov Signed-off-by: Eric Woudstra --- net/netfilter/nf_flow_table_ip.c | 96 +++++++++++++++++++++++++++++++- net/netfilter/nft_flow_offload.c | 6 +- 2 files changed, 96 insertions(+), 6 deletions(-) diff --git a/net/netfilter/nf_flow_table_ip.c b/net/netfilter/nf_flow_table_ip.c index 8cd4cf7ae211..d0c3c459c4d2 100644 --- a/net/netfilter/nf_flow_table_ip.c +++ b/net/netfilter/nf_flow_table_ip.c @@ -306,6 +306,92 @@ static bool nf_flow_skb_encap_protocol(struct sk_buff *skb, __be16 proto, return false; } +static int nf_flow_vlan_inner_push(struct sk_buff *skb, __be16 proto, u16 id) +{ + struct vlan_hdr *vhdr; + + if (skb_cow_head(skb, VLAN_HLEN)) + return -1; + + __skb_push(skb, VLAN_HLEN); + skb_reset_network_header(skb); + + vhdr = (struct vlan_hdr *)(skb->data); + vhdr->h_vlan_TCI = htons(id); + vhdr->h_vlan_encapsulated_proto = skb->protocol; + skb->protocol = proto; + + return 0; +} + +static int nf_flow_ppoe_push(struct sk_buff *skb, u16 id) +{ + struct ppp_hdr { + struct pppoe_hdr hdr; + __be16 proto; + } *ph; + int data_len = skb->len + 2; + __be16 proto; + + if (skb_cow_head(skb, PPPOE_SES_HLEN)) + return -1; + + if (skb->protocol == htons(ETH_P_IP)) + proto = htons(PPP_IP); + else if (skb->protocol == htons(ETH_P_IPV6)) + proto = htons(PPP_IPV6); + else + return -1; + + __skb_push(skb, PPPOE_SES_HLEN); + skb_reset_network_header(skb); + + ph = (struct ppp_hdr *)(skb->data); + ph->hdr.ver = 1; + ph->hdr.type = 1; + ph->hdr.code = 0; + ph->hdr.sid = htons(id); + ph->hdr.length = htons(data_len); + ph->proto = proto; + skb->protocol = htons(ETH_P_PPP_SES); + + return 0; +} + +static int nf_flow_encap_push(struct sk_buff *skb, + struct flow_offload_tuple_rhash *tuplehash, + unsigned short *type) +{ + int i = 0, ret = 0; + + if (!tuplehash->tuple.encap_num) + return 0; + + if (tuplehash->tuple.encap[i].proto == htons(ETH_P_8021Q) || + tuplehash->tuple.encap[i].proto == htons(ETH_P_8021AD)) { + __vlan_hwaccel_put_tag(skb, tuplehash->tuple.encap[i].proto, + tuplehash->tuple.encap[i].id); + i++; + if (i >= tuplehash->tuple.encap_num) + return 0; + } + + switch (tuplehash->tuple.encap[i].proto) { + case htons(ETH_P_8021Q): + *type = ETH_P_8021Q; + ret = nf_flow_vlan_inner_push(skb, + tuplehash->tuple.encap[i].proto, + tuplehash->tuple.encap[i].id); + break; + case htons(ETH_P_PPP_SES): + *type = ETH_P_PPP_SES; + ret = nf_flow_ppoe_push(skb, + tuplehash->tuple.encap[i].id); + break; + } + return ret; +} + static void nf_flow_encap_pop(struct sk_buff *skb, struct flow_offload_tuple_rhash *tuplehash) { @@ -335,6 +421,7 @@ static void nf_flow_encap_pop(struct sk_buff *skb, static unsigned int nf_flow_queue_xmit(struct net *net, struct sk_buff *skb, const struct flow_offload_tuple_rhash *tuplehash, + struct flow_offload_tuple_rhash *other_tuplehash, unsigned short type) { struct net_device *outdev; @@ -343,6 +430,9 @@ static unsigned int nf_flow_queue_xmit(struct net *net, struct sk_buff *skb, if (!outdev) return NF_DROP; + if (nf_flow_encap_push(skb, other_tuplehash, &type) < 0) + return NF_DROP; + skb->dev = outdev; dev_hard_header(skb, skb->dev, type, tuplehash->tuple.out.h_dest, tuplehash->tuple.out.h_source, skb->len); @@ -462,7 +552,8 @@ nf_flow_offload_ip_hook(void *priv, struct sk_buff *skb, ret = NF_STOLEN; break; case FLOW_OFFLOAD_XMIT_DIRECT: - ret = nf_flow_queue_xmit(state->net, skb, tuplehash, ETH_P_IP); + ret = nf_flow_queue_xmit(state->net, skb, tuplehash, + &flow->tuplehash[!dir], ETH_P_IP); if (ret == NF_DROP) flow_offload_teardown(flow); break; @@ -757,7 +848,8 @@ nf_flow_offload_ipv6_hook(void *priv, struct sk_buff *skb, ret = NF_STOLEN; break; case FLOW_OFFLOAD_XMIT_DIRECT: - ret = nf_flow_queue_xmit(state->net, skb, tuplehash, ETH_P_IPV6); + ret = nf_flow_queue_xmit(state->net, skb, tuplehash, + &flow->tuplehash[!dir], ETH_P_IPV6); if (ret == NF_DROP) flow_offload_teardown(flow); break; diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index 221d50223018..d320b7f5282e 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -124,13 +124,12 @@ static void nft_dev_path_info(const struct net_device_path_stack *stack, info->indev = NULL; break; } - if (!info->outdev) - info->outdev = path->dev; info->encap[info->num_encaps].id = path->encap.id; info->encap[info->num_encaps].proto = path->encap.proto; info->num_encaps++; if (path->type == DEV_PATH_PPPOE) memcpy(info->h_dest, path->encap.h_dest, ETH_ALEN); + info->xmit_type = FLOW_OFFLOAD_XMIT_DIRECT; break; case DEV_PATH_BRIDGE: if (is_zero_ether_addr(info->h_source)) @@ -158,8 +157,7 @@ static void nft_dev_path_info(const struct net_device_path_stack *stack, break; } } - if (!info->outdev) - info->outdev = info->indev; + info->outdev = info->indev; info->hw_outdev = info->indev; From patchwork Sat Mar 15 19:59:10 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Woudstra X-Patchwork-Id: 14018187 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-ed1-f48.google.com (mail-ed1-f48.google.com [209.85.208.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EBC3A1A0711; Sat, 15 Mar 2025 20:00:25 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.48 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1742068827; cv=none; b=u4swNWEZ2nY2CZqFbT+B0pVLZDYFCgftcGo3/iVIiR24xoFHVNaR6ZPeoBtm9f41UhBC/uXPLPmM+D/2bv91jNdJ1P34bqdt1uTzDEG28u6AGzrs2jTuYj+Gri6ym3BsqsFm4VntsfimiU9yOK502KNtG+ffUjouFZBoZaYd3Bo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1742068827; c=relaxed/simple; bh=kIG0P8HyGImNUXKzZWgVKHuCZbqUctcTMTa56zCcvPo=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ZBzwGWaHFIlrjfA4jlbPf2qmgXvaH1ar6fcxr0lxrpMZNHCOf4iTCXv4iz+isXaJ/rh3wx1+cWMa7ANxqyqHbf8eAOhMJv1JaIgsCvPfBl3eYfrfQIwrZU0BYu0r5x56GGqk+wZ5mP+v6LFRT05IER9OfRAUdDZnEyaTvVX27vc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=aD3cYn2d; arc=none smtp.client-ip=209.85.208.48 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="aD3cYn2d" Received: by mail-ed1-f48.google.com with SMTP id 4fb4d7f45d1cf-5e614da8615so6281954a12.1; Sat, 15 Mar 2025 13:00:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1742068824; x=1742673624; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=JRB9j9uS/mBUM2j7YBryWXdrmvN7j84epQ9bGumQI0o=; b=aD3cYn2dfg+bn9VaZahEPqc39Q/Z7P/n7/UnCI4uSRtVeVvcXuRK7wm6Cm5aL1h150 eLuDEqyTvk7xca8lYczze6YeOddJeb6WcEqz2Jl7EMz3zfsE5gS8lhXIgVUZtu+75sf8 O/cixguXw6j0AhPLL8/SZ8IpfVpN2xyy3F2SkX02x4cfHwcumvT3552PRrfsJNg0I0ud LHEjbfUbJ+2MGjBS34/DO2qoIJGyMTUgSYrNQKkb5g1MzJUWRjH+bhzGI3+pGF3EwR9i p/AH4BE3nBn2op4KU3uC9Glh1Uh5ZfdmhEADyA9qizZVr5OF82cnY6Z4HzLZVLA1TsZq BBOg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1742068824; x=1742673624; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=JRB9j9uS/mBUM2j7YBryWXdrmvN7j84epQ9bGumQI0o=; b=QJkgXlFxZUyDESvZ1id0UmgM2cc+hBTrGyqRUV5JRi5CIGeFjzID9Nv4U7UNDf/hEh znpesBZBxUiVCBdvV3aOu+rmdxe7zhBafBjew8C/EzLb4WfgkonEbUAktYOSwVNAPtQC knUFMm7P8HC663fbp9IrmiaOK7pp+We/s8c5+FY4H9UyuLGfP6VYSlLfY1i0CjaKpms1 66r193X4W79gnZBGzt0tpdYZmocUCYBjGnvLbkxAraA9nk2T1qTQe7BwTTj2laFcIPPX OGp35+NIXTXbtoPxnZAjvnK8KpUR1h1hYqCctvLP83f8VEobdmSi/Cnz1ZrOWWFH+v6W 2jpw== X-Forwarded-Encrypted: i=1; AJvYcCUR1iLvXPGlpIMImfT9AS8M2W1IYbEJcynClIEPoIFV1A0be0KQox1QS5RUL8VINTjhQygWhLEM5pZHcExK+aQP@vger.kernel.org, AJvYcCXRg9afZXrGRvdKx7Cj2WUShePTw1ByLCkV0pdkhEu/L7/Cb+tCYUisB9Mm6h62vtHWhaf2Nif1seI7IUf5ZRc=@vger.kernel.org X-Gm-Message-State: AOJu0YyV0BQqnNEv/KyWB5qh3ZcLs6b/4W+GfmH302AWEMpIlawghYlm k8gvwXw9upZ/W3xvMtwDjEAMjT17047ECU1hhN1Nt1UKWnjpdixS X-Gm-Gg: ASbGnctIAgRLOg7vIpoOR9QPzmLgAZiaZba/mph+zen1BBuREdlVPHFHNm9gwH7Al81 VAF6KDwXyzQrFk7YGfNSItqM7H16bYL2nEl1PrnOJNAAwnBIwz9ve9VRBd05+v/j4iKQlluJ0uI s3AGNfQmyt7RxEVrChosCmSVUDPaPYBn5HyuWPtBjzbM4LJefcDltmRyjuM72A/VNEk2jFc3ow/ YF58RZ2TjSGej6jyvPrPqVraoJ3Rkr7ljrUtLd8hoMntrEe0zrqv0JMRP+eOF9G64Jyep5xJJv0 U1gIjPmMZW1pYnebv1iBWO1uSogNpjY7mtdJFNOsB2fpYTTMI8F2aDOkvX2Lo/thjIEsoZUV5SD SithfUQznoZC3DNWU4D65PePGwaALj71QE3sbLZGq2akx16bMWVYdlNauAbz388A= X-Google-Smtp-Source: AGHT+IHt5qduQuB+UYuxjKyKCPVYkxwY7La0gdIP+6UDs5500pGpm7Qf14tE54AschhN3VrMeyf5Bw== X-Received: by 2002:a05:6402:34d1:b0:5e4:d27a:d868 with SMTP id 4fb4d7f45d1cf-5e814839ec8mr11968564a12.0.1742068824035; Sat, 15 Mar 2025 13:00:24 -0700 (PDT) Received: from localhost.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5e816ad9ca5sm3519503a12.50.2025.03.15.13.00.22 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 15 Mar 2025 13:00:22 -0700 (PDT) From: Eric Woudstra To: Michal Ostrowski , Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Pablo Neira Ayuso , Jozsef Kadlecsik , Simon Horman Cc: netdev@vger.kernel.org, netfilter-devel@vger.kernel.org, linux-hardening@vger.kernel.org, Eric Woudstra , Nikolay Aleksandrov Subject: [PATCH v10 nf-next 3/3] netfilter: flow: remove hw_outdev, out.hw_ifindex and out.hw_ifidx Date: Sat, 15 Mar 2025 20:59:10 +0100 Message-ID: <20250315195910.17659-4-ericwouds@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250315195910.17659-1-ericwouds@gmail.com> References: <20250315195910.17659-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org Now always info->outdev == info->hw_outdev, so the netfilter code can be further cleaned up by removing: * hw_outdev from struct nft_forward_info * out.hw_ifindex from struct nf_flow_route * out.hw_ifidx from struct flow_offload_tuple Reviewed-by: Nikolay Aleksandrov Signed-off-by: Eric Woudstra --- include/net/netfilter/nf_flow_table.h | 2 -- net/netfilter/nf_flow_table_core.c | 1 - net/netfilter/nf_flow_table_offload.c | 2 +- net/netfilter/nft_flow_offload.c | 4 ---- 4 files changed, 1 insertion(+), 8 deletions(-) diff --git a/include/net/netfilter/nf_flow_table.h b/include/net/netfilter/nf_flow_table.h index d711642e78b5..4ab32fb61865 100644 --- a/include/net/netfilter/nf_flow_table.h +++ b/include/net/netfilter/nf_flow_table.h @@ -145,7 +145,6 @@ struct flow_offload_tuple { }; struct { u32 ifidx; - u32 hw_ifidx; u8 h_source[ETH_ALEN]; u8 h_dest[ETH_ALEN]; } out; @@ -211,7 +210,6 @@ struct nf_flow_route { } in; struct { u32 ifindex; - u32 hw_ifindex; u8 h_source[ETH_ALEN]; u8 h_dest[ETH_ALEN]; } out; diff --git a/net/netfilter/nf_flow_table_core.c b/net/netfilter/nf_flow_table_core.c index 9d8361526f82..1e5d3735c028 100644 --- a/net/netfilter/nf_flow_table_core.c +++ b/net/netfilter/nf_flow_table_core.c @@ -127,7 +127,6 @@ static int flow_offload_fill_route(struct flow_offload *flow, memcpy(flow_tuple->out.h_source, route->tuple[dir].out.h_source, ETH_ALEN); flow_tuple->out.ifidx = route->tuple[dir].out.ifindex; - flow_tuple->out.hw_ifidx = route->tuple[dir].out.hw_ifindex; dst_release(dst); break; case FLOW_OFFLOAD_XMIT_XFRM: diff --git a/net/netfilter/nf_flow_table_offload.c b/net/netfilter/nf_flow_table_offload.c index 0ec4abded10d..f642d0426f1c 100644 --- a/net/netfilter/nf_flow_table_offload.c +++ b/net/netfilter/nf_flow_table_offload.c @@ -555,7 +555,7 @@ static void flow_offload_redirect(struct net *net, switch (this_tuple->xmit_type) { case FLOW_OFFLOAD_XMIT_DIRECT: this_tuple = &flow->tuplehash[dir].tuple; - ifindex = this_tuple->out.hw_ifidx; + ifindex = this_tuple->out.ifidx; break; case FLOW_OFFLOAD_XMIT_NEIGH: other_tuple = &flow->tuplehash[!dir].tuple; diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index d320b7f5282e..acfdf523bd3b 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -80,7 +80,6 @@ static int nft_dev_fill_forward_path(const struct nf_flow_route *route, struct nft_forward_info { const struct net_device *indev; const struct net_device *outdev; - const struct net_device *hw_outdev; struct id { __u16 id; __be16 proto; @@ -159,8 +158,6 @@ static void nft_dev_path_info(const struct net_device_path_stack *stack, } info->outdev = info->indev; - info->hw_outdev = info->indev; - if (nf_flowtable_hw_offload(flowtable) && nft_is_valid_ether_device(info->indev)) info->xmit_type = FLOW_OFFLOAD_XMIT_DIRECT; @@ -212,7 +209,6 @@ static void nft_dev_forward_path(struct nf_flow_route *route, memcpy(route->tuple[dir].out.h_source, info.h_source, ETH_ALEN); memcpy(route->tuple[dir].out.h_dest, info.h_dest, ETH_ALEN); route->tuple[dir].out.ifindex = info.outdev->ifindex; - route->tuple[dir].out.hw_ifindex = info.hw_outdev->ifindex; route->tuple[dir].xmit_type = info.xmit_type; } }