From nobody Wed Nov 27 04:37:23 2024 Received: from mail-ej1-f47.google.com (mail-ej1-f47.google.com [209.85.218.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BEF11149005; Sun, 13 Oct 2024 18:55:34 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.47 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728845736; cv=none; b=bsoNWZ9sTCpJE0U+oqsNR9gVz8JrtnzIBI097PEBlVdmID27wAd5tMaG+s/cL4WaKdFLSoHejs3e0z1wdd8G+5pwx8vAYsDPmw/jLBH+dSp4uuBK8wXQNck0UXMHevGbwzGca7rBTUbXFzcha6ewslY2Ag4U9zf/tbRPMAOFmPE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728845736; c=relaxed/simple; bh=FDhJVXPqgLK53TdlXXJJx7Wh39mTo+45pxTrQp6Wi4c=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ci1SiVZeN8gVkZm+w/frnE09Pnbe9dDatQhCOwLRBbSrzMM90xHFsTNwCPkDz2ihD3SkB6D46xdT4ryjrOH0uyMQzeRM+OWSMPK/15DgliFAafOSLorm9aPcDF7cwUV6ReF4cRIeo6gZoP+u8Ea+exLex3t65ndGhbL+fzgIt4o= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=Ye1PWli8; arc=none smtp.client-ip=209.85.218.47 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="Ye1PWli8" Received: by mail-ej1-f47.google.com with SMTP id a640c23a62f3a-a9963e47b69so570259866b.1; Sun, 13 Oct 2024 11:55:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1728845733; x=1729450533; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=GbZ+4AfljpB6Mob7lVDrAx0dHSaVOpAjB7zGVS+eC1Y=; b=Ye1PWli8NUc9V5WjpDmrpWRZY/SXn+VwM2TlxIrKhysHRAGGmMmTVOXu1b6IvMIYTS 1Wpb04YDNxXvBNX2iLn5rp65Gvf+rSc8EH9nXjS4ULU8GT4OqvUMNCdUyFnWqjCkO5t5 N/XIIcjzYfRb8GZk9rU8L2v+lsGKDi/JnIv3i+wYN1CTAKEL/a5NeJm/RCjgQGXuTNW2 0F+ep7CBdTax0eTcPtR8x7uVn7cqz4STNxKMI8jJH/wJvTIu3A0FNPcof3OMxkaPY101 MN46lu2zX3jCkKXMibckfhwS0RtWNMGbh3kDNTeHATId/zaDXkyg7U47X9tr96acUqSH USAw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728845733; x=1729450533; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=GbZ+4AfljpB6Mob7lVDrAx0dHSaVOpAjB7zGVS+eC1Y=; b=h3N1rpXyV7rV/0YG+0Y4a+mj+lFJVt+GDM9SmXMWlJG6Ao7wRyMZgu/6tEr98ZxlAL q1I8Xp168B1hE92ibrVSvpnqZNxhpwKdCs6LtSQaaEVBUdAJLrpQVs82QFS76k9Ouf9i sK4/XUziY5IkXKhu1dDK5QNosUF7SCfzF7JXb9/BHuhv4+DQc3DXrCarbG15DPzG8zIY LJSWslQMbIdEgxTvrOBcCPgZLiVxDwu6NVvZpa5kFa6Yamg5dF8RqtaBVtwFL7MrjA6h bpkEXGHaH9eyxhyBVBhbXWFGMNcUp0GDBSqYTW5HxkgoXTjZYgLs5xqa4ee/xH3UhCAb mc+A== X-Forwarded-Encrypted: i=1; AJvYcCUPGlM0dhEmXT+GpSbUMibZAjxVmX+oLo/cznslCeBY0k814ueFJeYJB5ourwQABuSlUbOLcwRukpdb0MfSvdxR@vger.kernel.org, AJvYcCVtUcMgEs0e5rUUcESYkl1s2nYzfyD0pErjeMioWZmoX2lfQUZ1OtU2ShVViBXnHfDOesP9N3ZI98nl59M=@vger.kernel.org X-Gm-Message-State: AOJu0Yx8JDYxt20nlK3JW6bpWG9wwCk8LwXfyHmtp4Bm7EC/Ww7xPTwF aHT3Y2FSvFa8VQkmzLPT5FLkug3Uy6b/rHg8Hext0EEoTLd6OiGP X-Google-Smtp-Source: AGHT+IHBwmUQlNXjLHzouwP3A/HnrJ9ShbIZ6PYI3ty3qPemvkmnTevcw0/QiFnh3+dIcw+vQiViIw== X-Received: by 2002:a17:907:d1a:b0:a9a:72c:f36f with SMTP id a640c23a62f3a-a9a072cf878mr239291766b.50.1728845732725; Sun, 13 Oct 2024 11:55:32 -0700 (PDT) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-a9a12d384b9sm13500866b.172.2024.10.13.11.55.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 13 Oct 2024 11:55:32 -0700 (PDT) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Pablo Neira Ayuso , Jozsef Kadlecsik , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Jiri Pirko , Sebastian Andrzej Siewior , Lorenzo Bianconi , "Frank Wunderlich" , Daniel Golle , Eric Woudstra Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org Subject: [PATCH RFC v1 net-next 01/12] netfilter: nf_flow_table_offload: Add nf_flow_encap_push() for xmit direct Date: Sun, 13 Oct 2024 20:54:57 +0200 Message-ID: <20241013185509.4430-2-ericwouds@gmail.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20241013185509.4430-1-ericwouds@gmail.com> References: <20241013185509.4430-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Loosely based on wenxu's patches: "nf_flow_table_offload: offload the vlan/PPPoE encap in the flowtable". Fixed double vlan and pppoe packets, almost entirely rewriting the patch. After this patch, it is possible to transmit packets in the fastpath with outgoing encaps, without using vlan- and/or pppoe-devices. This makes it possible to use more different kinds of network setups. For example, when bridge tagging is used to egress vlan tagged packets using the forward fastpath. Another example is passing 802.1q tagged packets through a bridge using the bridge fastpath. This also makes the software fastpath process more similar to the hardware offloaded fastpath process, where encaps are also pushed. After applying this patch, always info->outdev =3D info->hw_outdev, so the netfilter code can be further cleaned up by removing: * hw_outdev from struct nft_forward_info * out.hw_ifindex from struct nf_flow_route * out.hw_ifidx from struct flow_offload_tuple Signed-off-by: Eric Woudstra --- net/netfilter/nf_flow_table_ip.c | 96 +++++++++++++++++++++++++++++++- net/netfilter/nft_flow_offload.c | 6 +- 2 files changed, 96 insertions(+), 6 deletions(-) diff --git a/net/netfilter/nf_flow_table_ip.c b/net/netfilter/nf_flow_table= _ip.c index 98edcaa37b38..9221ddb6f07a 100644 --- a/net/netfilter/nf_flow_table_ip.c +++ b/net/netfilter/nf_flow_table_ip.c @@ -302,6 +302,92 @@ static bool nf_flow_skb_encap_protocol(struct sk_buff = *skb, __be16 proto, return false; } =20 +static inline int nf_flow_vlan_inner_push(struct sk_buff *skb, __be16 prot= o, u16 id) +{ + struct vlan_hdr *vhdr; + + if (skb_cow_head(skb, VLAN_HLEN)) + return -1; + + __skb_push(skb, VLAN_HLEN); + skb_reset_network_header(skb); + + vhdr =3D (struct vlan_hdr *)(skb->data); + vhdr->h_vlan_TCI =3D htons(id); + vhdr->h_vlan_encapsulated_proto =3D skb->protocol; + skb->protocol =3D proto; + + return 0; +} + +static inline int nf_flow_ppoe_push(struct sk_buff *skb, u16 id) +{ + struct ppp_hdr { + struct pppoe_hdr hdr; + __be16 proto; + } *ph; + int data_len =3D skb->len + 2; + __be16 proto; + + if (skb_cow_head(skb, PPPOE_SES_HLEN)) + return -1; + + if (skb->protocol =3D=3D htons(ETH_P_IP)) + proto =3D htons(PPP_IP); + else if (skb->protocol =3D=3D htons(ETH_P_IPV6)) + proto =3D htons(PPP_IPV6); + else + return -1; + + __skb_push(skb, PPPOE_SES_HLEN); + skb_reset_network_header(skb); + + ph =3D (struct ppp_hdr *)(skb->data); + ph->hdr.ver =3D 1; + ph->hdr.type =3D 1; + ph->hdr.code =3D 0; + ph->hdr.sid =3D htons(id); + ph->hdr.length =3D htons(data_len); + ph->proto =3D proto; + skb->protocol =3D htons(ETH_P_PPP_SES); + + return 0; +} + +static int nf_flow_encap_push(struct sk_buff *skb, + struct flow_offload_tuple_rhash *tuplehash, + unsigned short *type) +{ + int i =3D 0, ret =3D 0; + + if (!tuplehash->tuple.encap_num) + return 0; + + if (tuplehash->tuple.encap[i].proto =3D=3D htons(ETH_P_8021Q) || + tuplehash->tuple.encap[i].proto =3D=3D htons(ETH_P_8021AD)) { + __vlan_hwaccel_put_tag(skb, tuplehash->tuple.encap[i].proto, + tuplehash->tuple.encap[i].id); + i++; + if (i >=3D tuplehash->tuple.encap_num) + return 0; + } + + switch (tuplehash->tuple.encap[i].proto) { + case htons(ETH_P_8021Q): + *type =3D ETH_P_8021Q; + ret =3D nf_flow_vlan_inner_push(skb, + tuplehash->tuple.encap[i].proto, + tuplehash->tuple.encap[i].id); + break; + case htons(ETH_P_PPP_SES): + *type =3D ETH_P_PPP_SES; + ret =3D nf_flow_ppoe_push(skb, + tuplehash->tuple.encap[i].id); + break; + } + return ret; +} + static void nf_flow_encap_pop(struct sk_buff *skb, struct flow_offload_tuple_rhash *tuplehash) { @@ -331,6 +417,7 @@ static void nf_flow_encap_pop(struct sk_buff *skb, =20 static unsigned int nf_flow_queue_xmit(struct net *net, struct sk_buff *sk= b, const struct flow_offload_tuple_rhash *tuplehash, + struct flow_offload_tuple_rhash *other_tuplehash, unsigned short type) { struct net_device *outdev; @@ -339,6 +426,9 @@ static unsigned int nf_flow_queue_xmit(struct net *net,= struct sk_buff *skb, if (!outdev) return NF_DROP; =20 + if (nf_flow_encap_push(skb, other_tuplehash, &type) < 0) + return NF_DROP; + skb->dev =3D outdev; dev_hard_header(skb, skb->dev, type, tuplehash->tuple.out.h_dest, tuplehash->tuple.out.h_source, skb->len); @@ -458,7 +548,8 @@ nf_flow_offload_ip_hook(void *priv, struct sk_buff *skb, ret =3D NF_STOLEN; break; case FLOW_OFFLOAD_XMIT_DIRECT: - ret =3D nf_flow_queue_xmit(state->net, skb, tuplehash, ETH_P_IP); + ret =3D nf_flow_queue_xmit(state->net, skb, tuplehash, + &flow->tuplehash[!dir], ETH_P_IP); if (ret =3D=3D NF_DROP) flow_offload_teardown(flow); break; @@ -753,7 +844,8 @@ nf_flow_offload_ipv6_hook(void *priv, struct sk_buff *s= kb, ret =3D NF_STOLEN; break; case FLOW_OFFLOAD_XMIT_DIRECT: - ret =3D nf_flow_queue_xmit(state->net, skb, tuplehash, ETH_P_IPV6); + ret =3D nf_flow_queue_xmit(state->net, skb, tuplehash, + &flow->tuplehash[!dir], ETH_P_IPV6); if (ret =3D=3D NF_DROP) flow_offload_teardown(flow); break; diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offl= oad.c index e8f800788c4a..bb15aa55e6fb 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -124,13 +124,12 @@ static void nft_dev_path_info(const struct net_device= _path_stack *stack, info->indev =3D NULL; break; } - if (!info->outdev) - info->outdev =3D path->dev; info->encap[info->num_encaps].id =3D path->encap.id; info->encap[info->num_encaps].proto =3D path->encap.proto; info->num_encaps++; if (path->type =3D=3D DEV_PATH_PPPOE) memcpy(info->h_dest, path->encap.h_dest, ETH_ALEN); + info->xmit_type =3D FLOW_OFFLOAD_XMIT_DIRECT; break; case DEV_PATH_BRIDGE: if (is_zero_ether_addr(info->h_source)) @@ -158,8 +157,7 @@ static void nft_dev_path_info(const struct net_device_p= ath_stack *stack, break; } } - if (!info->outdev) - info->outdev =3D info->indev; + info->outdev =3D info->indev; =20 info->hw_outdev =3D info->indev; =20 --=20 2.45.2 From nobody Wed Nov 27 04:37:23 2024 Received: from mail-ej1-f51.google.com (mail-ej1-f51.google.com [209.85.218.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 032B514A0B3; Sun, 13 Oct 2024 18:55:35 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.51 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728845737; cv=none; b=eH4m8bbGfj0B2u2IfN7DSLOEL2puRLKrU2wAYU8JnWGDTOMS+0kB1lSSYr7B5u9bfVKf4FYBHM7ChHzHFdO1T5LzW/dleTa8yZJmWQiuAbTEJUR9YicWT9aBcpi0Ia5/iF0ZKVCIox7mqYl+ATHvlB9dCskvCk+2/Wb5rkrwaxw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728845737; c=relaxed/simple; bh=tuoPy7aZ5VeD2cNXsXFZ+jCXqmclfS0mmV8rllHpiAY=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ScTO7ohkSTxh83KyxuwA9oIEj6DsKtuLSPEgR+KyHysG+TnbQKRV7lzj64pjwT+bfnnZqotm4v/DlRFLuKNUmMDtp9XVJZbz2zFRKUiY0Imc14A1+OVEFmWLQBVYX8wVp1CZb/5WN9EnmgK3qRMobT98BRlrkqODI0Cgbb6p9uQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=m8PDLA0a; arc=none smtp.client-ip=209.85.218.51 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="m8PDLA0a" Received: by mail-ej1-f51.google.com with SMTP id a640c23a62f3a-a86e9db75b9so540006466b.1; Sun, 13 Oct 2024 11:55:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1728845734; x=1729450534; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=pfUb9HJ+s1GLLmxcujXBQ1+8qs5ZhQwuVS6uJsoTo/c=; b=m8PDLA0ajWErvAvQCtZmTfI3PyuvTMuWWfCyhzxYMJotcq4VAxj3K3+MdiwS4K3L29 xDSqIkDY6yfwOW/jt+tyivUrgTiTXzskqPe+xoq8yho0NhQeTtUv8XetX4Dz+GC0VOk7 XCNM+fnRwseuC4phHlyOnJLW8XmRzpHKvPP2vQADiZ5v3bccVPhM0ZhynQqu2nLxz5EP OeelKkcZSyblvNpoM0NwMDzr9k0AZwP2xT+eBIy4WiBVP1LszareIzCtyFxJ8uQqe2FM JcuHGSaojkFi4Y/T9ayA+t8USOyIpbXGpaqZMuwwFLcnhw7S6MGbGhZ4u8wlTHu/mrLU vqiA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728845734; x=1729450534; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=pfUb9HJ+s1GLLmxcujXBQ1+8qs5ZhQwuVS6uJsoTo/c=; b=xPSXGGpAnawdIah/E2YsTNkG2zmkaX4vTytINPI0/18S5iPyraocl+ifYWxCA/6MN4 dYM9m3nQITcB9mXJOZdtY5fpDR4l+kVAIdhOx3CNtJ5tr4V+Cy1QIMGLX4d1HLopaM+o TVbYUaTanrxwefusBNly7R+feOjROkA7pllBFY0YmD4YpUb68SizSgmbhgUWrNl60kt8 ksZfitszd3l5+XEP9nSkos314QmHDRfvY7S3h9Enfraku8ikFSRrnw6xWb0JptupA3GX 4ChSIqmmn5MH0F6/s2tAGCWEuWIa2owQAbdhKFiTqBR6rPhw2DX0Bq+vd35lekKierDl PNkA== X-Forwarded-Encrypted: i=1; AJvYcCU3lVGh0Sys7POmNgU0ybzLujoLQ2WH35ucdhj+MnRssGNdMx8WkLLFyEbazfIuzbpuWv70rR6wJU34IYo=@vger.kernel.org, AJvYcCXYs78dT5EcqPcJRnlfdTcY+ng1j9oPG0oSAwHUlhNdHk7aT0/evGgVDwu5vw97KrXysE9KpqrtSC6vLdJ/yGCv@vger.kernel.org X-Gm-Message-State: AOJu0YyJASiiccZzzJbxLgImuz+w00GuJz+nle3/jkno/kb9xU9jn/N/ EumhMIiHCrDDIf9fk2xrPrggTypt4uyusFXKuyRnAB5gBFT9Ldac X-Google-Smtp-Source: AGHT+IH+8DzpaIYRj4WDn5wY606h6B8yn6VPFaENvcSZa4TDlxRT2Jmn8BI4I5TivbHspBA60sKu/Q== X-Received: by 2002:a17:907:6d14:b0:a8d:5472:b591 with SMTP id a640c23a62f3a-a99b93a86b0mr765431566b.5.1728845734027; Sun, 13 Oct 2024 11:55:34 -0700 (PDT) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-a9a12d384b9sm13500866b.172.2024.10.13.11.55.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 13 Oct 2024 11:55:33 -0700 (PDT) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Pablo Neira Ayuso , Jozsef Kadlecsik , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Jiri Pirko , Sebastian Andrzej Siewior , Lorenzo Bianconi , "Frank Wunderlich" , Daniel Golle , Eric Woudstra Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org Subject: [PATCH RFC v1 net-next 02/12] netfilter: bridge: Add conntrack double vlan and pppoe Date: Sun, 13 Oct 2024 20:54:58 +0200 Message-ID: <20241013185509.4430-3-ericwouds@gmail.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20241013185509.4430-1-ericwouds@gmail.com> References: <20241013185509.4430-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" This adds the capability to conntrack 802.1ad, QinQ, PPPoE and PPPoE-in-Q packets that are passing a bridge. Signed-off-by: Eric Woudstra --- net/bridge/netfilter/nf_conntrack_bridge.c | 86 ++++++++++++++++++---- 1 file changed, 73 insertions(+), 13 deletions(-) diff --git a/net/bridge/netfilter/nf_conntrack_bridge.c b/net/bridge/netfil= ter/nf_conntrack_bridge.c index 816bb0fde718..fb2f79396aa0 100644 --- a/net/bridge/netfilter/nf_conntrack_bridge.c +++ b/net/bridge/netfilter/nf_conntrack_bridge.c @@ -241,56 +241,116 @@ static unsigned int nf_ct_bridge_pre(void *priv, str= uct sk_buff *skb, const struct nf_hook_state *state) { struct nf_hook_state bridge_state =3D *state; + __be16 outer_proto, inner_proto; enum ip_conntrack_info ctinfo; + int ret, offset =3D 0; struct nf_conn *ct; - u32 len; - int ret; + u32 len, data_len; =20 ct =3D nf_ct_get(skb, &ctinfo); if ((ct && !nf_ct_is_template(ct)) || ctinfo =3D=3D IP_CT_UNTRACKED) return NF_ACCEPT; =20 + switch (skb->protocol) { + case htons(ETH_P_PPP_SES): + struct ppp_hdr { + struct pppoe_hdr hdr; + __be16 proto; + } *ph =3D (struct ppp_hdr *)(skb->data); + + data_len =3D ntohs(ph->hdr.length) - 2; + offset =3D PPPOE_SES_HLEN; + outer_proto =3D skb->protocol; + switch (ph->proto) { + case htons(PPP_IP): + inner_proto =3D htons(ETH_P_IP); + break; + case htons(PPP_IPV6): + inner_proto =3D htons(ETH_P_IPV6); + break; + default: + return NF_ACCEPT; + } + break; + case htons(ETH_P_8021Q): + struct vlan_hdr *vhdr =3D (struct vlan_hdr *)(skb->data); + + data_len =3D 0xffffffff; + offset =3D VLAN_HLEN; + outer_proto =3D skb->protocol; + inner_proto =3D vhdr->h_vlan_encapsulated_proto; + break; + default: + data_len =3D 0xffffffff; + break; + } + + if (offset) { + switch (inner_proto) { + case htons(ETH_P_IP): + case htons(ETH_P_IPV6): + if (!pskb_may_pull(skb, offset)) + return NF_ACCEPT; + skb_pull_rcsum(skb, offset); + skb_reset_network_header(skb); + skb->protocol =3D inner_proto; + break; + default: + return NF_ACCEPT; + } + } + + ret =3D NF_ACCEPT; switch (skb->protocol) { case htons(ETH_P_IP): if (!pskb_may_pull(skb, sizeof(struct iphdr))) - return NF_ACCEPT; + goto do_not_track; =20 len =3D skb_ip_totlen(skb); + if (data_len < len) + len =3D data_len; if (pskb_trim_rcsum(skb, len)) - return NF_ACCEPT; + goto do_not_track; =20 if (nf_ct_br_ip_check(skb)) - return NF_ACCEPT; + goto do_not_track; =20 bridge_state.pf =3D NFPROTO_IPV4; ret =3D nf_ct_br_defrag4(skb, &bridge_state); break; case htons(ETH_P_IPV6): if (!pskb_may_pull(skb, sizeof(struct ipv6hdr))) - return NF_ACCEPT; + goto do_not_track; =20 len =3D sizeof(struct ipv6hdr) + ntohs(ipv6_hdr(skb)->payload_len); + if (data_len < len) + len =3D data_len; if (pskb_trim_rcsum(skb, len)) - return NF_ACCEPT; + goto do_not_track; =20 if (nf_ct_br_ipv6_check(skb)) - return NF_ACCEPT; + goto do_not_track; =20 bridge_state.pf =3D NFPROTO_IPV6; ret =3D nf_ct_br_defrag6(skb, &bridge_state); break; default: nf_ct_set(skb, NULL, IP_CT_UNTRACKED); - return NF_ACCEPT; + goto do_not_track; } =20 - if (ret !=3D NF_ACCEPT) - return ret; + if (ret =3D=3D NF_ACCEPT) + ret =3D nf_conntrack_in(skb, &bridge_state); =20 - return nf_conntrack_in(skb, &bridge_state); +do_not_track: + if (offset) { + skb_push_rcsum(skb, offset); + skb_reset_network_header(skb); + skb->protocol =3D outer_proto; + } + return ret; } - static unsigned int nf_ct_bridge_in(void *priv, struct sk_buff *skb, const struct nf_hook_state *state) { --=20 2.45.2 From nobody Wed Nov 27 04:37:23 2024 Received: from mail-ej1-f45.google.com (mail-ej1-f45.google.com [209.85.218.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6C3FE14AD3F; Sun, 13 Oct 2024 18:55:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.45 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728845739; cv=none; b=ne6jFRoKKJWhusdDAcHHvuxoMGVTKcbjnfErq0C+yoTyG/djIJt8+0x0gqQCzGcPuotGZAfqFllkfJyUB1bdt95g2OEy2geXb1Gsh3Elb6XTIMzzvarOEH/OE56xK+QNP9bVr8FzyfbdlVGXel26iOlbPwCi4y1/UZV8HkUFJFM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728845739; c=relaxed/simple; bh=poTP47yQdf4khdC+9ijtITarQAaptxBJXapnWT/Y6lA=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=sXyeqWVDHFV9FLeldpfFGj69BOcFgqqfAq0obENCYLZqULue7ZtS7iMUJ42yTmXKvDRgWN1qD/87vEflSW08xKoifssbMJOSnr3LSFw7j0Y11U7p7gaB2W6CLqVYCJmiofA1OIAMkGBwmnEQmsngHylmuiGgjuLmG8anqsZsw/8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=ZNImXk6Y; arc=none smtp.client-ip=209.85.218.45 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="ZNImXk6Y" Received: by mail-ej1-f45.google.com with SMTP id a640c23a62f3a-a9932aa108cso542354866b.2; Sun, 13 Oct 2024 11:55:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1728845736; x=1729450536; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Qi0AlNa47OjnLX+zdNkH8pnYspHiUC9rPn7VlkLtCao=; b=ZNImXk6YLOUjbeTnlT1br32nTOF1c+igCXMlAems6OON3h83g+zYXbgXGG468KasOL hjJD+eidBm2Zuyg5MRo0z+EwWvgSWRRlBUik+Pr3MlTtGzRBSe8ZTmsghazHxEzRqxng 466FCeW71ADeTdv/USiKh6NON+wXdIVAhk5DeFMmMNH2CVHGGy/+eLESaKf5gu+zn+kB GwBFj9tNzdUJeAqga6485yJImYgCASge86iKEIlgJiVAef+CuLNr4H53pr5ppnnncW+Z vNb7p35YvaR5s8lFw5FDwbTszPauDXugpqcn2dH7yA4gy8Ayt1bAaNTkGUJibcbqgILP eAtQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728845736; x=1729450536; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Qi0AlNa47OjnLX+zdNkH8pnYspHiUC9rPn7VlkLtCao=; b=wMijnk0oIOTnj50YWPuxI27IWlzTtgrGjIw3/9vv1QDMZGe0lijK+k8YjwRtXeERgA VJvZ7oScSwoO8XfDYFZG9wyk5NG0Sq2gqBm1PwK5J9dIR4oxkvNo8YtQuwqRcsEjXjHQ sPMcU2HIYj9y/6kY2bQIO/y33UXfC6SVmp6zmkBvdwz+79SKZ6g5AK/eZuuW4MHxMYB4 9MoOal015P/RNns/nLIAUu29uw4IOsRRWqxqba1tZgGsv2IEJ8qTCd+vrZOPkEa+xH6l a5EyzoQWfsct2dX156YmsJKJL29d/Fz3qd8Ma1+r7hHv/pDvCM+q0GsRaJvCi6Ly5Qxa 6l3A== X-Forwarded-Encrypted: i=1; AJvYcCWGiKFaNkdL4O8sSxNPeUmE6AndOhUWVtlrGfdUYFiLnbe3V6fzsTR3WmmX8iR9sGmdFWADsAMuoRMqshU=@vger.kernel.org, AJvYcCWrtSVm8+ocs8VSFZM/1sJQViNkRgcIEXlBhI5jv2u1k0eKHT40We1tpVqPh3tJoL9aEysb7uQNwv95r8vWdpNx@vger.kernel.org X-Gm-Message-State: AOJu0YywHVJBOFivmPp3WIwtaIOdXggS7R2mHocfX40lEtJd8/KptrqT W6pgbVsy6Hdg9muapSmw03lelfk9/rVoadCPUzTqaxTkrzDE6oV5 X-Google-Smtp-Source: AGHT+IHVDWLkh2asCKPkqAFL6v1zfW7f+2znEwYnsBE2sJ/tzUwV2TxOCxBYdSzOWLcdLwlQKhvF3w== X-Received: by 2002:a17:907:2da4:b0:a99:ffb5:1db6 with SMTP id a640c23a62f3a-a99ffb55507mr289530366b.24.1728845735564; Sun, 13 Oct 2024 11:55:35 -0700 (PDT) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-a9a12d384b9sm13500866b.172.2024.10.13.11.55.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 13 Oct 2024 11:55:35 -0700 (PDT) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Pablo Neira Ayuso , Jozsef Kadlecsik , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Jiri Pirko , Sebastian Andrzej Siewior , Lorenzo Bianconi , "Frank Wunderlich" , Daniel Golle , Eric Woudstra Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org Subject: [PATCH RFC v1 net-next 03/12] netfilter: nft_chain_filter: Add bridge double vlan and pppoe Date: Sun, 13 Oct 2024 20:54:59 +0200 Message-ID: <20241013185509.4430-4-ericwouds@gmail.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20241013185509.4430-1-ericwouds@gmail.com> References: <20241013185509.4430-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" This adds the capability to evaluate 802.1ad, QinQ, PPPoE and PPPoE-in-Q packets in the bridge filter chain. Signed-off-by: Eric Woudstra --- net/netfilter/nft_chain_filter.c | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/net/netfilter/nft_chain_filter.c b/net/netfilter/nft_chain_fil= ter.c index 7010541fcca6..91aa3fa43d31 100644 --- a/net/netfilter/nft_chain_filter.c +++ b/net/netfilter/nft_chain_filter.c @@ -232,11 +232,27 @@ nft_do_chain_bridge(void *priv, struct sk_buff *skb, const struct nf_hook_state *state) { + struct ethhdr *ethh =3D eth_hdr(skb); struct nft_pktinfo pkt; + int thoff; =20 nft_set_pktinfo(&pkt, skb, state); =20 - switch (eth_hdr(skb)->h_proto) { + switch (ethh->h_proto) { + case htons(ETH_P_PPP_SES): + thoff =3D PPPOE_SES_HLEN; + ethh +=3D thoff; + break; + case htons(ETH_P_8021Q): + thoff =3D VLAN_HLEN; + ethh +=3D thoff; + break; + default: + thoff =3D 0; + break; + } + + switch (ethh->h_proto) { case htons(ETH_P_IP): nft_set_pktinfo_ipv4_validate(&pkt); break; @@ -248,6 +264,8 @@ nft_do_chain_bridge(void *priv, break; } =20 + pkt.thoff +=3D thoff; + return nft_do_chain(&pkt, priv); } =20 --=20 2.45.2 From nobody Wed Nov 27 04:37:23 2024 Received: from mail-ej1-f54.google.com (mail-ej1-f54.google.com [209.85.218.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CB28B14D456; Sun, 13 Oct 2024 18:55:38 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.54 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728845740; cv=none; b=bvlO3upWg/NUdHA1HzbUzaG9CB+Jx8j9ALdOvpgy9+l0hxu5o+akJ6CFRJXmJdXKhK518UHgcX6cIgFYTfDEPYio+YX+j2W2USBgk7IqBn/HTOVrWzOlHcPHCE6TKX38JYcjH+LbXg0QhuBJeDWHXMUzLP8WZaOmpv9bZsqESn0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728845740; c=relaxed/simple; bh=xVq2A7KQoTaSOf9hImnz3124p3TutQuvn+/YffCKtts=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=tuNDLRlMVcE6gHPW9gS+Dn5gPOfNnMYauYJg/2gCsJX/u2Y7l5o+Hn80nnuKqatNEm3QpRemKKA3PxQxLwOpx72UUCtaHGc67BJ2Qy1yfLFh3iprxCh7/zpjURozKgNWPpDQvgATVvxaWA7AfA1pohYutTP8PQ3lYpQmpgXDzcY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=diN/wvu0; arc=none smtp.client-ip=209.85.218.54 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="diN/wvu0" Received: by mail-ej1-f54.google.com with SMTP id a640c23a62f3a-a99cc265e0aso296473966b.3; Sun, 13 Oct 2024 11:55:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1728845737; x=1729450537; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=RADunMSsDBQJOkeIT+sKpwp5kwpbWqG3OFvDFge3gsI=; b=diN/wvu0qQ+4aW5e2H1R8hotlIURtef5D3ag41dMxyiA6j7wvBEmL5TYhlyJDfWjWF kGR2dVrggKTzKOoCHkHWsGd4Tnb0cehWWA12zbTbUIvtfu22V0W5UOzm201PN4FUSvoK XsfjuNqY9O2EDpTOcr5pOeAQDYFP3kdxxBYGYuB96DnD6YZ2k+8utW03ocXWiTJMEcxH WV2Pse8dPmO+nBDbJOyddSkrheU6s/mA2W2EX3Zm7ta0Ikbi9g8z685rkygCglX5mGcl LOj117JVnhNAjYmpjMEY76xiX63eX00JLoOAFLC3mU+eWc+xg8Urx+iwioIsh7luZsf8 6B4g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728845737; x=1729450537; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=RADunMSsDBQJOkeIT+sKpwp5kwpbWqG3OFvDFge3gsI=; b=TlchG8MJudd3DG2cM9IYbwJ32sbCtBXw3jzB41ucGcsaJUNfN/V2bsLwZ+5SKQkGvJ zWP+oE+Kji80yH74xYmcGXCEmSfVmHVrvgl/yyPXp68Omv3Vi0SrsOfeTgvsTif7DYub L33kGzVU/CyyRclA6VEmKbAkIQVJqaHx4Er+P9hbCNs3P3xcBnkLun1q4O+8KSN4GJK3 eH3Qald0X2jUQhhBrGTcVNnAEjBL7xZukz4u3/ei3qTr+fFN/7HoK0gIYM5A7bSiWiPA Vybl4OFAccF7I78wUshhwpeVttG328G3ZlktKQ1moVrPEZxg9I8A39MwkEv3VPaWSA35 dwbQ== X-Forwarded-Encrypted: i=1; AJvYcCWodGe1XPNOGCGEErBD2JHG8qJk+jXSxt4TogQCMkjkqueXQJfgCcpqlEcxOFxtjEdu56DEC4nHonFdgLs=@vger.kernel.org, AJvYcCXK12NqV37cCvEjdaBjXuHLeCIbmlLBWwSXqCRP+uvp37+uUIZbdTkcDbXVDMxWw2rqBslEwsGwb/YS1iMfnVHA@vger.kernel.org X-Gm-Message-State: AOJu0Yxfuc6MEJh/8+2wyDB+HetmjmOhUcMQD3Uaa7e/f8oAnElBFXc6 P1U4SPtLEeDZ4OdYTd5QJfm3vmUry31WDIxep5Q1e1xHI77wqwL4 X-Google-Smtp-Source: AGHT+IEWUZNp7HCnVh3j+0U2jm4O/rsy5kDbUxyRD+CLZEqkudsSqyQJlj+0O92gLyoS4IpxQ9txiQ== X-Received: by 2002:a17:906:c14c:b0:a99:4ba9:c965 with SMTP id a640c23a62f3a-a99b9585b7amr898083266b.44.1728845736991; Sun, 13 Oct 2024 11:55:36 -0700 (PDT) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-a9a12d384b9sm13500866b.172.2024.10.13.11.55.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 13 Oct 2024 11:55:36 -0700 (PDT) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Pablo Neira Ayuso , Jozsef Kadlecsik , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Jiri Pirko , Sebastian Andrzej Siewior , Lorenzo Bianconi , "Frank Wunderlich" , Daniel Golle , Eric Woudstra Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org Subject: [PATCH RFC v1 net-next 04/12] bridge: br_vlan_fill_forward_path_pvid: Add port to port Date: Sun, 13 Oct 2024 20:55:00 +0200 Message-ID: <20241013185509.4430-5-ericwouds@gmail.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20241013185509.4430-1-ericwouds@gmail.com> References: <20241013185509.4430-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Lookup vlan group from bridge port, if it is passed as argument. Signed-off-by: Eric Woudstra --- net/bridge/br_private.h | 1 + net/bridge/br_vlan.c | 6 +++++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/net/bridge/br_private.h b/net/bridge/br_private.h index d4bedc87b1d8..8da7798f9368 100644 --- a/net/bridge/br_private.h +++ b/net/bridge/br_private.h @@ -1581,6 +1581,7 @@ bool br_vlan_can_enter_range(const struct net_bridge_= vlan *v_curr, const struct net_bridge_vlan *range_end); =20 void br_vlan_fill_forward_path_pvid(struct net_bridge *br, + struct net_bridge_port *p, struct net_device_path_ctx *ctx, struct net_device_path *path); int br_vlan_fill_forward_path_mode(struct net_bridge *br, diff --git a/net/bridge/br_vlan.c b/net/bridge/br_vlan.c index 9c2fffb827ab..1830d7d617cd 100644 --- a/net/bridge/br_vlan.c +++ b/net/bridge/br_vlan.c @@ -1441,6 +1441,7 @@ int br_vlan_get_pvid_rcu(const struct net_device *dev= , u16 *p_pvid) EXPORT_SYMBOL_GPL(br_vlan_get_pvid_rcu); =20 void br_vlan_fill_forward_path_pvid(struct net_bridge *br, + struct net_bridge_port *p, struct net_device_path_ctx *ctx, struct net_device_path *path) { @@ -1453,7 +1454,10 @@ void br_vlan_fill_forward_path_pvid(struct net_bridg= e *br, if (!br_opt_get(br, BROPT_VLAN_ENABLED)) return; =20 - vg =3D br_vlan_group(br); + if (p) + vg =3D nbp_vlan_group(p); + else + vg =3D br_vlan_group(br); =20 if (idx >=3D 0 && ctx->vlan[idx].proto =3D=3D br->vlan_proto) { --=20 2.45.2 From nobody Wed Nov 27 04:37:23 2024 Received: from mail-ed1-f46.google.com (mail-ed1-f46.google.com [209.85.208.46]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3108515534B; Sun, 13 Oct 2024 18:55:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.46 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728845743; cv=none; b=uz39iOCUQgavkWYkluZQCzHqosYKnUAjmtidBAX5KQPwn5dpsQlKdaCOt67VOtDZpMaOMr3YscvY+I22sFo4ztVi8cS6gLJC4Z2XJ7I4iTUOGjqUAwN6tQOUkp9X+XLuz6S+no08fBbfh8D0Iv3UzS2ROCkPDCyPjApQJI0Ewls= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728845743; c=relaxed/simple; bh=jvjjfXzmQDVAH55jYPPc3+4Cp/SDJi0V57uD2qNQC8o=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=HHqUVZ87jh6Yd1uSFOUYmCG/sO33wVvQEPdgeP3nYLBwd2DrxA7kXnE7y0NZ7gHLqHsn3GJPp5eFQFvssREQfZwNr2wbXNpbZnX1jXEZUUD6bkBNAej+X1pC5eZC6sh+yIEZjl0pQTtt1HLliXB7PYCUEijJ1JFXBCl5PPgpKt8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=eSPBd2UR; arc=none smtp.client-ip=209.85.208.46 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="eSPBd2UR" Received: by mail-ed1-f46.google.com with SMTP id 4fb4d7f45d1cf-5c94861ee25so2019243a12.0; Sun, 13 Oct 2024 11:55:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1728845739; x=1729450539; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=OLdtf9AkfZZtftPmO+QTmZhKFxRRSQewBGWvAuWXxX0=; b=eSPBd2URm+xXMs664o3wvEt7a9nq04Y0AeVkGOtVz0hvgr7hI/1iSg7D7zvSOH23x/ BUfR93vcd1A9tmzJrisB3auZCUbptBSsdLRs8ZdCKyXCwU5fhOBmQ2w540hf1KnprHcI JzMwk+IS3lDuZPEqmHnqI+K51kcCbzPeXBh5JGFpiqAPNMUOp6qxtgraMRWjbbqQSgSe 8qqg0sDouz3zpmuwtPf8mhp9evBX4UcWWJmrxKP/8IGMHJq+uEh1bsykDxt2ZvJnJ+hG jzDyTCMLhmRBC3QTgMAcoiTpMasUQXk+B+qCMyyqphgvDnDvmKRLVfQVbtXJBm04vK7F 82Vw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728845739; x=1729450539; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=OLdtf9AkfZZtftPmO+QTmZhKFxRRSQewBGWvAuWXxX0=; b=xJy90TURXMYlgJWorwKHEkp/uOw7bMFkOGv5UMV8iQMCZJhq6NXWH0fJMHWCeHLOW7 Pmeh8hYeWYOnhxYri/2a1zMxbHzj4uHLQyWBANsitfFBBfWaAmk5wiKvEQu7tPdqrGvM T2Yxmv/Jy975ItgSWXEr/dcapc2gr6NJocyQFgfJubsEWhSIDCrDo03cEAQ+qWa30Vgz 2/zXY6n1GnAxTe2nvfR48G1sgZvZVb0Uw6j38X3XtxC4OsvL36j0fLTR+mDro6SuxWGR 9G799XYoglvnWPv3y5317hqCiHF0oD/0M/niR3jpLw0Th9Y9bF2Ir5NYewO5El34JZxm fyjQ== X-Forwarded-Encrypted: i=1; AJvYcCU0eQLSiK3uBZeAbpH9QXNtY8OaVCrDKP/NV59X0YF9pZIWULHpFH9GKva/xGSfIWh8GFKIq5W4/HjozuPiAjjw@vger.kernel.org, AJvYcCUFHAWwvYFEQlhFLyDZ2F1zouWDerRlAEurhTwA9MvPWunwa5LzhM8KNgXQ4q4Y266QOtyIKTKLLJmX9FU=@vger.kernel.org X-Gm-Message-State: AOJu0YyiaAbVDucOdSb8HFI7Rr3vLKeXHopjgVE1r6iWhbm3VV4HAqFt kAX4J7UfBbW2TzWOdsu/Qq7lRNO8FDMmI/Q9vu6IFFJeDWXTn6hB X-Google-Smtp-Source: AGHT+IFGmTnwONoCtYAAkw85QCQZ49i2r3KEyVZKqIg/rOT96DkANV9Cgr1YZGISZ8fGwYKHbFWZBA== X-Received: by 2002:a05:6402:51cd:b0:5c9:492c:f7fa with SMTP id 4fb4d7f45d1cf-5c95ac09939mr9913132a12.1.1728845739130; Sun, 13 Oct 2024 11:55:39 -0700 (PDT) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-a9a12d384b9sm13500866b.172.2024.10.13.11.55.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 13 Oct 2024 11:55:37 -0700 (PDT) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Pablo Neira Ayuso , Jozsef Kadlecsik , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Jiri Pirko , Sebastian Andrzej Siewior , Lorenzo Bianconi , "Frank Wunderlich" , Daniel Golle , Eric Woudstra Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org Subject: [PATCH RFC v1 net-next 05/12] bridge: br_fill_forward_path add port to port Date: Sun, 13 Oct 2024 20:55:01 +0200 Message-ID: <20241013185509.4430-6-ericwouds@gmail.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20241013185509.4430-1-ericwouds@gmail.com> References: <20241013185509.4430-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" If handed a bridge port, use the bridge master to fill the forward path. Signed-off-by: Eric Woudstra --- net/bridge/br_device.c | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/net/bridge/br_device.c b/net/bridge/br_device.c index 26b79feb385d..e242e091b4a6 100644 --- a/net/bridge/br_device.c +++ b/net/bridge/br_device.c @@ -384,15 +384,25 @@ static int br_fill_forward_path(struct net_device_pat= h_ctx *ctx, struct net_device_path *path) { struct net_bridge_fdb_entry *f; - struct net_bridge_port *dst; + struct net_bridge_port *src, *dst; + struct net_device *br_dev; struct net_bridge *br; =20 - if (netif_is_bridge_port(ctx->dev)) - return -1; + if (netif_is_bridge_port(ctx->dev)) { + br_dev =3D netdev_master_upper_dev_get_rcu((struct net_device *)ctx->dev= ); + if (!br_dev) + return -1; + + br =3D netdev_priv(br_dev); =20 - br =3D netdev_priv(ctx->dev); + src =3D br_port_get_rcu(ctx->dev); =20 - br_vlan_fill_forward_path_pvid(br, ctx, path); + br_vlan_fill_forward_path_pvid(br, src, ctx, path); + } else { + br =3D netdev_priv(ctx->dev); + + br_vlan_fill_forward_path_pvid(br, NULL, ctx, path); + } =20 f =3D br_fdb_find_rcu(br, ctx->daddr, path->bridge.vlan_id); if (!f) --=20 2.45.2 From nobody Wed Nov 27 04:37:23 2024 Received: from mail-ej1-f47.google.com (mail-ej1-f47.google.com [209.85.218.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3B24C15534E; Sun, 13 Oct 2024 18:55:42 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.47 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728845744; cv=none; b=JjaDn117bib/UMQlrbcZ81kUZu1h5KRtQWewUnWogzP4ZqNWUPEtbHJ/VEAqr6G1ur57X3INyXhAh3ayVET+xpB9IWu7DLZVoiitpwNzhXb3ZPwXApDpJO8JkvpMmKUJvt17AUES5KFWfXLYzfekHjQzUQa/RtN4Uxjpmxr+ugo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728845744; c=relaxed/simple; bh=WuTg7EbZQgLU7QfOLGbl/dJybrJXkDyf3BW1ppxV3/Q=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=rvA0a1ulBNHNAIRmfN0HiTHtjJ7CvIypzIeJsKIfItxDykxshxFpqs2QCP2+MFxTnmRMArc8dX7NBNBGS314hZpuEVgMGsxZtUV1vqF6LFL8mTYLvG2BUaKpyW/v++zj6/XJ8BgKt0DGsLrdj63JVqnnZh1C7Zr7hGdVPhbF9pU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=NJVAPmFD; arc=none smtp.client-ip=209.85.218.47 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="NJVAPmFD" Received: by mail-ej1-f47.google.com with SMTP id a640c23a62f3a-a9a0ec0a94fso37351966b.1; Sun, 13 Oct 2024 11:55:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1728845740; x=1729450540; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=4/jTDX+7O0s0C1nzOWVEkFl+nOrYzHK0gi2J/aQ3w10=; b=NJVAPmFD0WhtuMenBkbRaCt/0Mv2RvxRkpyAmiiepMMvUv6taTC5gMwaOAoIeibvE9 dLgyeqqR2goxUhySJ2bNoeGMkM3P5Hz8fTWdCb0jNsxH8MoRVN1myKDhaYQMVK5W/PVt kYfVqcDGvNEbRe2LWwmPNABna6fz4JNZvp+9Z3cASKARVUZu6I/TKlfjw+M47nY5zCok 2UCD23FBQvBQ7iond5DXpD/cXRhgPjkpmfAFic7aqu4jMZeyw7nMi/NcZ06Pyp42jZas swxncGUBzxR49ao9rRVpVO2d5BkmP/fkwocY3zbCR77GLOt6h3cJ60lVBtMrDvzphgod NGcA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728845740; x=1729450540; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=4/jTDX+7O0s0C1nzOWVEkFl+nOrYzHK0gi2J/aQ3w10=; b=nH/Qo7EzdQQva8Z0FKVY34pbSShmsKKWcGcHJentckZAcHTJ0fiK3MZ3TZcCD623an 0JQaXn9dGMgH1v5YzO09O+TitkNHMb3YE4zdxRmUJJ8YrwIsO4BqphNTLJr3c+XHUIRe Fze/OKBAHMDMAKd77+M1D20qFAyNQJdjtAoFE/zfUeD02iYtzCR4rolH1zp0lNLG85ao 6VfLPtexnZU/ABS9k8VsXyaUBZcCbTFUkOQsrLT+4V4757ZpU6VWEyZ1v9762AfVWKiU DQuNfCEr8eisYwkfg5g2EDwvKeWfsJ13LDRxVSWJJW/+vOtOBQP2FrQPy+z3HuanE1jT COxA== X-Forwarded-Encrypted: i=1; AJvYcCUYir2GF5AWopmxUKdZHcK1JIgsYC6CCuwLL1y97xHpi1bVAwPpVx6GFCPxkOVfWKa60wl/tn6+cz2rslo=@vger.kernel.org, AJvYcCUptnw5A22vsCrb2zclMkjPs35G0dv0g9gyxOkvGl4FVwsIIJLuX/jSXibwi7avyYD+aC5T9P7nZNq31k0WyoEQ@vger.kernel.org X-Gm-Message-State: AOJu0YyTZPpGpbCLpKItJ8TY92ml31h252KPyBK+zJhpkOvW+IPiOQg7 LaZiei8+zCAlbwtvQJvPndqvb3YKLYaOdtUYon/UZl9mFONFBr3m X-Google-Smtp-Source: AGHT+IF5ckEcH2Maqlc37cAezXjDdy5PfJSuqGGD7BCfFPOKEOulLZNTMAaU6eD/aTsuVoJCroKnXA== X-Received: by 2002:a17:907:7b9e:b0:a9a:11cf:2a73 with SMTP id a640c23a62f3a-a9a11cf3a9fmr36014066b.64.1728845740471; Sun, 13 Oct 2024 11:55:40 -0700 (PDT) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-a9a12d384b9sm13500866b.172.2024.10.13.11.55.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 13 Oct 2024 11:55:39 -0700 (PDT) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Pablo Neira Ayuso , Jozsef Kadlecsik , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Jiri Pirko , Sebastian Andrzej Siewior , Lorenzo Bianconi , "Frank Wunderlich" , Daniel Golle , Eric Woudstra Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org Subject: [PATCH RFC v1 net-next 06/12] net: core: dev: Add dev_fill_bridge_path() Date: Sun, 13 Oct 2024 20:55:02 +0200 Message-ID: <20241013185509.4430-7-ericwouds@gmail.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20241013185509.4430-1-ericwouds@gmail.com> References: <20241013185509.4430-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" New function dev_fill_bridge_path(), similar to dev_fill_forward_path(). It handles starting from a bridge port instead of the bridge master. The structures ctx and nft_forward_info need to be already filled in with the (vlan) encaps. Signed-off-by: Eric Woudstra --- include/linux/netdevice.h | 2 + net/core/dev.c | 77 ++++++++++++++++++++++++++++++++------- 2 files changed, 66 insertions(+), 13 deletions(-) diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h index e87b5e488325..9d80f650345e 100644 --- a/include/linux/netdevice.h +++ b/include/linux/netdevice.h @@ -3069,6 +3069,8 @@ void dev_remove_offload(struct packet_offload *po); =20 int dev_get_iflink(const struct net_device *dev); int dev_fill_metadata_dst(struct net_device *dev, struct sk_buff *skb); +int dev_fill_bridge_path(struct net_device_path_ctx *ctx, + struct net_device_path_stack *stack); int dev_fill_forward_path(const struct net_device *dev, const u8 *daddr, struct net_device_path_stack *stack); struct net_device *__dev_get_by_flags(struct net *net, unsigned short flag= s, diff --git a/net/core/dev.c b/net/core/dev.c index cd479f5f22f6..49959c4904fc 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -713,44 +713,95 @@ static struct net_device_path *dev_fwd_path(struct ne= t_device_path_stack *stack) return &stack->path[k]; } =20 -int dev_fill_forward_path(const struct net_device *dev, const u8 *daddr, - struct net_device_path_stack *stack) +static int dev_fill_forward_path_common(struct net_device_path_ctx *ctx, + struct net_device_path_stack *stack) { const struct net_device *last_dev; - struct net_device_path_ctx ctx =3D { - .dev =3D dev, - }; struct net_device_path *path; int ret =3D 0; =20 - memcpy(ctx.daddr, daddr, sizeof(ctx.daddr)); - stack->num_paths =3D 0; - while (ctx.dev && ctx.dev->netdev_ops->ndo_fill_forward_path) { - last_dev =3D ctx.dev; + while (ctx->dev && ctx->dev->netdev_ops->ndo_fill_forward_path) { + last_dev =3D ctx->dev; path =3D dev_fwd_path(stack); if (!path) return -1; =20 memset(path, 0, sizeof(struct net_device_path)); - ret =3D ctx.dev->netdev_ops->ndo_fill_forward_path(&ctx, path); + ret =3D ctx->dev->netdev_ops->ndo_fill_forward_path(ctx, path); if (ret < 0) return -1; =20 - if (WARN_ON_ONCE(last_dev =3D=3D ctx.dev)) + if (WARN_ON_ONCE(last_dev =3D=3D ctx->dev)) return -1; } =20 - if (!ctx.dev) + if (!ctx->dev) return ret; =20 path =3D dev_fwd_path(stack); if (!path) return -1; path->type =3D DEV_PATH_ETHERNET; - path->dev =3D ctx.dev; + path->dev =3D ctx->dev; + + return ret; +} + +int dev_fill_bridge_path(struct net_device_path_ctx *ctx, + struct net_device_path_stack *stack) +{ + const struct net_device *last_dev, *br_dev; + struct net_device_path *path; + int ret =3D 0; + + stack->num_paths =3D 0; + + if (!ctx->dev || !netif_is_bridge_port(ctx->dev)) + return -1; + + br_dev =3D netdev_master_upper_dev_get_rcu((struct net_device *)ctx->dev); + if (!br_dev || !br_dev->netdev_ops->ndo_fill_forward_path) + return -1; + + last_dev =3D ctx->dev; + path =3D dev_fwd_path(stack); + if (!path) + return -1; + + memset(path, 0, sizeof(struct net_device_path)); + ret =3D br_dev->netdev_ops->ndo_fill_forward_path(ctx, path); + if (ret < 0) + return -1; + + if (!ctx->dev || WARN_ON_ONCE(last_dev =3D=3D ctx->dev)) + return -1; + + if (!netif_is_bridge_master(ctx->dev)) + return dev_fill_forward_path_common(ctx, stack); + + path =3D dev_fwd_path(stack); + if (!path) + return -1; + path->type =3D DEV_PATH_ETHERNET; + path->dev =3D ctx->dev; =20 return ret; } +EXPORT_SYMBOL_GPL(dev_fill_bridge_path); + +int dev_fill_forward_path(const struct net_device *dev, const u8 *daddr, + struct net_device_path_stack *stack) +{ + struct net_device_path_ctx ctx =3D { + .dev =3D dev, + }; + + memcpy(ctx.daddr, daddr, sizeof(ctx.daddr)); + + stack->num_paths =3D 0; + + return dev_fill_forward_path_common(&ctx, stack); +} EXPORT_SYMBOL_GPL(dev_fill_forward_path); =20 /** --=20 2.45.2 From nobody Wed Nov 27 04:37:23 2024 Received: from mail-ej1-f53.google.com (mail-ej1-f53.google.com [209.85.218.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8DC031553A7; Sun, 13 Oct 2024 18:55:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.53 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728845745; cv=none; b=RtjUAuhHs56qkhDpaREqUDLzU9UcrpgnS+cTholdsA5MF0NjeigOesYqUYtJ1GGXjq+09gd0L/Kdxhjbg9q7+VHQblVElMT1JatOWLSeCKNjCLsNNineMavQ/cQdJoY/7uuERN8za3kScin7jDUIM9Eco9/NCcPnaf/C53ih00I= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728845745; c=relaxed/simple; bh=hGsEEgBwVWVwF5UUBIOEi5WjCie3Q/gi9JKsnhC1X8o=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=JMZfOqDFdeak2C1yZJga4DCIrCetLqlXc5LPe88Kqtmnh7KiS9xvEDwrFriwNtjKIpLZCeu1lV/yj9jir2Uo0cSQzS9X2LcZE7+ml+lJCJYbRln/dLJgSNYC3n7OL4Zl7DyMladJiEtEWj8vhw1cZ9knu+cWLqMILd4BjVP6lUk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=KShNYCxi; arc=none smtp.client-ip=209.85.218.53 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="KShNYCxi" Received: by mail-ej1-f53.google.com with SMTP id a640c23a62f3a-a99b1f43aceso472058266b.0; Sun, 13 Oct 2024 11:55:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1728845742; x=1729450542; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=pdMZzUqlItAKYCipC8R7CKRW4bj0To7qOhyuRvVgeD0=; b=KShNYCxi188E/nMoggdYbvxF609f9BqVUxYUmHrLbs8lZKRDE5HZUS4Z0g7JMD9bu4 WTgLzOmm740sZ9yMYPkmwnqJaoJ4f9K+NcAtKWPoAdqTiqiQF6R98IEdXI9gaD1jqeNA DntNlNKLd/CW5rhr7WhV+Wz3zC9uE5Xq1OhsE1mbNlgX+FHncZ1DSs3D0gmsx9oEFPyV D05TmgIIOZIj39wBzk69SycdbCbIVS7QCGIDvwzAFrS4Von3K2uXIT+NYC1bioysElcO 7d21Z2/luxcoKX71m4l17+3JFia8Cnswqya8k5+Hz8feu6BDWlicFXNrtHXK/yrb+8Nl ik0Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728845742; x=1729450542; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=pdMZzUqlItAKYCipC8R7CKRW4bj0To7qOhyuRvVgeD0=; b=luqSAOAnYAp4rhBq4EVudmj+KUZEYe5g6T8ZKtio2/pdyrj+UVxdTIR4n2x5Bq874l B+uTX7DQDEgVuh16Xm5t9MjoLVby06nS088Rr1VBwmmOCGKRWixmfbUAv5HIrqT5SXbH MOgOn8kRvnl1QnjM+06aJovuDyDzs5vyQUDJMjH/AP+N68CIn7N8QX4bK/C14kW69aKH ZAVfxMceptUXH47ZE/IhL28qndqa4CbsEGHoBj7FG7MxWZ7id9p6+bgBDRhL8vNGcPjq /hJR8x4LURXbmWIXG2QUPRz6e6gEm1ueBxTWpsfRQt7ovqmtvE5vySkr4CA7UkxgGodv +hFA== X-Forwarded-Encrypted: i=1; AJvYcCWLGk/aCy5xGYKLLL2pMttyVwRHm5hYdOTOzsUO1IZ5519KQEtol6J44yTpGALmIXzCC3qOEy1kXOYTNsGzOfjS@vger.kernel.org, AJvYcCXFZb0b+zxp3+CBTJpDh7D489tNX9/8e4SGbQlUnRAigY+/23Wm4rxbSBYvTxVfNoqRd8AGCxwTfcqvyto=@vger.kernel.org X-Gm-Message-State: AOJu0Ywjt/TOKty4Zr2Pik6gCvoXlohYhGDEFP/OmJL17s64EpHJq4gH mbfVTaDZXw1hgBS0URYZUfrQOdXDNCKl1gSsL86iom6HegD/uatm X-Google-Smtp-Source: AGHT+IFAKa7QLMgLrXfCGsTWPmLzzuX6LnZofD0LKyRsV4PvoJ/AEQnOQ8iMsxyM5aGIRLuo2u2udQ== X-Received: by 2002:a17:906:c10d:b0:a8d:43c5:9a16 with SMTP id a640c23a62f3a-a99b8775be2mr661651566b.6.1728845741903; Sun, 13 Oct 2024 11:55:41 -0700 (PDT) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-a9a12d384b9sm13500866b.172.2024.10.13.11.55.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 13 Oct 2024 11:55:41 -0700 (PDT) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Pablo Neira Ayuso , Jozsef Kadlecsik , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Jiri Pirko , Sebastian Andrzej Siewior , Lorenzo Bianconi , "Frank Wunderlich" , Daniel Golle , Eric Woudstra Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org Subject: [PATCH RFC v1 net-next 07/12] netfilter :nf_flow_table_offload: Add nf_flow_rule_bridge() Date: Sun, 13 Oct 2024 20:55:03 +0200 Message-ID: <20241013185509.4430-8-ericwouds@gmail.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20241013185509.4430-1-ericwouds@gmail.com> References: <20241013185509.4430-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Add nf_flow_rule_bridge(). It only calls the common rule and adds the redirect. Signed-off-by: Eric Woudstra --- include/net/netfilter/nf_flow_table.h | 3 +++ net/netfilter/nf_flow_table_offload.c | 13 +++++++++++++ 2 files changed, 16 insertions(+) diff --git a/include/net/netfilter/nf_flow_table.h b/include/net/netfilter/= nf_flow_table.h index b63d53bb9dd6..568019a3898a 100644 --- a/include/net/netfilter/nf_flow_table.h +++ b/include/net/netfilter/nf_flow_table.h @@ -341,6 +341,9 @@ void nf_flow_table_offload_flush_cleanup(struct nf_flow= table *flowtable); int nf_flow_table_offload_setup(struct nf_flowtable *flowtable, struct net_device *dev, enum flow_block_command cmd); +int nf_flow_rule_bridge(struct net *net, struct flow_offload *flow, + enum flow_offload_tuple_dir dir, + struct nf_flow_rule *flow_rule); int nf_flow_rule_route_ipv4(struct net *net, struct flow_offload *flow, enum flow_offload_tuple_dir dir, struct nf_flow_rule *flow_rule); diff --git a/net/netfilter/nf_flow_table_offload.c b/net/netfilter/nf_flow_= table_offload.c index e06bc36f49fe..5543ce03a196 100644 --- a/net/netfilter/nf_flow_table_offload.c +++ b/net/netfilter/nf_flow_table_offload.c @@ -679,6 +679,19 @@ nf_flow_rule_route_common(struct net *net, const struc= t flow_offload *flow, return 0; } =20 +int nf_flow_rule_bridge(struct net *net, struct flow_offload *flow, + enum flow_offload_tuple_dir dir, + struct nf_flow_rule *flow_rule) +{ + if (nf_flow_rule_route_common(net, flow, dir, flow_rule) < 0) + return -1; + + flow_offload_redirect(net, flow, dir, flow_rule); + + return 0; +} +EXPORT_SYMBOL_GPL(nf_flow_rule_bridge); + int nf_flow_rule_route_ipv4(struct net *net, struct flow_offload *flow, enum flow_offload_tuple_dir dir, struct nf_flow_rule *flow_rule) --=20 2.45.2 From nobody Wed Nov 27 04:37:23 2024 Received: from mail-ed1-f54.google.com (mail-ed1-f54.google.com [209.85.208.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D8553156673; Sun, 13 Oct 2024 18:55:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.54 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728845746; cv=none; b=s5dNTduaohNZx1Gr+zxhMujMrULU5Y8WU0A2SsNKtMz9L78YirX+QnVoIjAOICBrNAflpTIlPfzMLFBG6aQxykQ+k9ArDlqAZZeI0GGzYjRX7sMAKvk5ELrGNPGJs/AZGldSGWu7MCb86u/UW8qxSX9yQ+TYYbScFF1UyZ3xIm0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728845746; c=relaxed/simple; bh=lJyh0xDXdmHktWavY1MmbrQ/vBL7nLzt7QdbMKOj4K8=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=J7dWe3vA6Jtwg6kMuAimOXcrys60h9v9AtjLN9foWmMsYQ9y6Jf3Zaes9WordPo+cNFanJK3KYySZavcZLKQR2SpPqrYkBImxtJrl7LA/FLfaJyNZDMVLr+KB8N/O0EWcPGzTsjP6LjNvO7trv2wKYEh1ldaRo//1bowGA16bpg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=ZpSJoyak; arc=none smtp.client-ip=209.85.208.54 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="ZpSJoyak" Received: by mail-ed1-f54.google.com with SMTP id 4fb4d7f45d1cf-5c9634c9160so1137955a12.2; Sun, 13 Oct 2024 11:55:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1728845743; x=1729450543; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=D6bOSx9F0JYNp5qomZcy7h/raSRvVGKNY4mEoIJa6U4=; b=ZpSJoyak0EjfLePOBMNSsEHPOj2pdw3k3wYfU37Z9ahxF1i5wF5ovX8c7Wb3VrWhQ1 8pAV41C5TBS0eAqFrhLbCGXyArDQcd0MTr9Tc52O3dv0kqdrpGrmuuFS8ojrP3RQ/Jhu NN9+UpGqcmZ+Lh04WfsLWP4+C6ysDOVNEXcoOgH3eYpbim/QQ5bfJILjjIsY3+mLCQw/ wCjtNGoQFe0VX6oVMIbQcflkamoAQ8jU01L8qZqDI+/JnXgXfSeBibFdOWhdddGGIXsn pNZvQn9Pnz4SRTzBZhA+I9oa+Raa9BRwK/yDlVkALwZ2RHBiRgjKXhOr4m4FwIoeK+Rg GsIQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728845743; x=1729450543; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=D6bOSx9F0JYNp5qomZcy7h/raSRvVGKNY4mEoIJa6U4=; b=aPBc1DuUfTPVGlxz9HgWopbUos/vTMqLLq8hqGC3krskwGaexw173m1Q3oof510uga YvqNGIi6c4wFivIZe4tI14MQMKTtRivbHS1aN7h34HpkFQHVoHVjx+LifM8lNEys090M jn549nPBSPXkA3i3B+oXbR+Fh7UnqOfOHCLsbUCqOF/9RJRsSMz0dz+qkeoKPR/dm51J K0pEkggdFkU6OyTdgQHY94rO6qhYcofncHCE5q9ZY97Z3OJ8nQqBVZ7a3vUEGqIdI34g EVH0e8OT0wiGUd42aPi5W/INyi/OgPFwYeMNy050WoC7I3OMIUkNWXnxfCuKOB6VZU9B Uzkw== X-Forwarded-Encrypted: i=1; AJvYcCVJrNBPUZbtaZiR0hOUDVtQzAwcAKmo8tncr8RBzihRiBISPsp/RKIbtuAPXyYyn/m+I2afTpOSL9nFQbEyEkX2@vger.kernel.org, AJvYcCWmJ1dIUDkI6UcSdB1PSuDk9ht5A5Zf6WiFIM7h8cq0+Uuyw9puuuFEgu64uuddgcCMDCAfi9Zrgv973Qk=@vger.kernel.org X-Gm-Message-State: AOJu0YyGaQN9pAtCCEKABfLTZepS7OJoV93gmg95Bdjr78+G2REai9Wx AJpNEaWdd8FF558gnGnhv6YxV/UUVOfg3ongG9sy+6P+6+06P0aZ X-Google-Smtp-Source: AGHT+IHvTGJJwOKJ7kLklzvX+Gh+CAxx5/4phzgEMN5pvFmXb1du5QSwwE/bUW/IN4TfeZh8VQTOOg== X-Received: by 2002:a17:907:d01:b0:a8d:6648:813f with SMTP id a640c23a62f3a-a99b93239cemr785241466b.3.1728845743054; Sun, 13 Oct 2024 11:55:43 -0700 (PDT) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-a9a12d384b9sm13500866b.172.2024.10.13.11.55.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 13 Oct 2024 11:55:42 -0700 (PDT) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Pablo Neira Ayuso , Jozsef Kadlecsik , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Jiri Pirko , Sebastian Andrzej Siewior , Lorenzo Bianconi , "Frank Wunderlich" , Daniel Golle , Eric Woudstra Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org Subject: [PATCH RFC v1 net-next 08/12] netfilter: nf_flow_table_inet: Add nf_flowtable_type flowtable_bridge Date: Sun, 13 Oct 2024 20:55:04 +0200 Message-ID: <20241013185509.4430-9-ericwouds@gmail.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20241013185509.4430-1-ericwouds@gmail.com> References: <20241013185509.4430-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" This will allow a flowtable to be added to the nft bridge family. Signed-off-by: Eric Woudstra --- net/netfilter/nf_flow_table_inet.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/net/netfilter/nf_flow_table_inet.c b/net/netfilter/nf_flow_tab= le_inet.c index b0f199171932..80b238196f29 100644 --- a/net/netfilter/nf_flow_table_inet.c +++ b/net/netfilter/nf_flow_table_inet.c @@ -65,6 +65,16 @@ static int nf_flow_rule_route_inet(struct net *net, return err; } =20 +static struct nf_flowtable_type flowtable_bridge =3D { + .family =3D NFPROTO_BRIDGE, + .init =3D nf_flow_table_init, + .setup =3D nf_flow_table_offload_setup, + .action =3D nf_flow_rule_bridge, + .free =3D nf_flow_table_free, + .hook =3D nf_flow_offload_inet_hook, + .owner =3D THIS_MODULE, +}; + static struct nf_flowtable_type flowtable_inet =3D { .family =3D NFPROTO_INET, .init =3D nf_flow_table_init, @@ -97,6 +107,7 @@ static struct nf_flowtable_type flowtable_ipv6 =3D { =20 static int __init nf_flow_inet_module_init(void) { + nft_register_flowtable_type(&flowtable_bridge); nft_register_flowtable_type(&flowtable_ipv4); nft_register_flowtable_type(&flowtable_ipv6); nft_register_flowtable_type(&flowtable_inet); @@ -109,6 +120,7 @@ static void __exit nf_flow_inet_module_exit(void) nft_unregister_flowtable_type(&flowtable_inet); nft_unregister_flowtable_type(&flowtable_ipv6); nft_unregister_flowtable_type(&flowtable_ipv4); + nft_unregister_flowtable_type(&flowtable_bridge); } =20 module_init(nf_flow_inet_module_init); @@ -118,5 +130,6 @@ MODULE_LICENSE("GPL"); MODULE_AUTHOR("Pablo Neira Ayuso "); MODULE_ALIAS_NF_FLOWTABLE(AF_INET); MODULE_ALIAS_NF_FLOWTABLE(AF_INET6); +MODULE_ALIAS_NF_FLOWTABLE(AF_BRIDGE); MODULE_ALIAS_NF_FLOWTABLE(1); /* NFPROTO_INET */ MODULE_DESCRIPTION("Netfilter flow table mixed IPv4/IPv6 module"); --=20 2.45.2 From nobody Wed Nov 27 04:37:23 2024 Received: from mail-ej1-f51.google.com (mail-ej1-f51.google.com [209.85.218.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 017FB15AD8B; Sun, 13 Oct 2024 18:55:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.51 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728845748; cv=none; b=KvntYkDj/Hfyy+8KrwegEcW1M5YyGKiwLDFATeebQYVQGUWpZWih+c5SvoM53uesmEwhMerm/i5alVbScSmXCeUG6aRURbCTU97ddHJ6kseHU2KD6tZ2fgKpU+Rk3NAa7a6Jw1PXaysqDBgqsa+SaxbAzTScf3eHfUmYg5cpJKU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728845748; c=relaxed/simple; bh=qiG8ZutskEM+cPKvaIWJXoyJOE3LBvwNvOeYgLppLjY=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=kfSwmEIKuR5PG4eJ3EUZsYQXyZYsvWoD/Ub1HKdeVTXPE+cl6xrMH25TEZ4rt2wyVnez94NEiYNefAP+xKumXe6MIlx0jEVsDV/+sE3bLbk9KF0Som2yxAkWrzpNVRrPnwmEX+QX3+fHk2Img/PdhCCdTsQrzTaLr2zT2qbPXhA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=KcIvCWS6; arc=none smtp.client-ip=209.85.218.51 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="KcIvCWS6" Received: by mail-ej1-f51.google.com with SMTP id a640c23a62f3a-a993a6348e0so289235766b.1; Sun, 13 Oct 2024 11:55:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1728845744; x=1729450544; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=3I/LHRTPLqJJONKYwwXQsldQo/OPnYwvoagC0qSu+YY=; b=KcIvCWS6TbcUIXjc4VGJYclYU+DK4WBey9cmqhcT2WwA0XYPqs292K9J6mz4kvAdP6 YDhoLsi06ImPcsPKPFPYFKVAzpCXFIH6+Im3AAiuYkTXoekRbUYzrY0f2J/7dLUJpC9r /ScwIDeW7xB9Bx9WcgzycdyhqRWY989gZ97whmFT3rNtdqG7VSALp7YEolY550usUsPT YSDcdfsr/onR7LE4tlU37KyVXguOZVKFTRZH8HVmTGp9QlKxe5gdeBpGcloQu1+7REvW QIIYl5X8X6hAFQhZNxN/mJGDpS7RWpCgVQSr+6rUvUJS1/pcZppprH0UZK5Ty/7D/Um3 Dq2Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728845744; x=1729450544; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=3I/LHRTPLqJJONKYwwXQsldQo/OPnYwvoagC0qSu+YY=; b=lDmCCp02vkfSn1rrGgd3ATUaFkdtbZdvq9nLGEZbTLtjj0eA2/Pka9H6bSh6M/v031 1tJ41P7aQJR8aaP0jcDDce6xUlcviMEQY6OP5xMI8ieFWUfCoYEIb4lCBcgRZJFelhEx ysQZJYga02mjGtAAkZm7jPbHSaivvmDGNwPiAtuQWjIj/ynXYbh6R+CyCYI7E6c2Tz/+ THsZTh+A1pN3HB0GmGtdSlmYvX8y91y6wi6LUc9IqLvDSYJLJwR2s6s1gy2gvAxYMv/z nx/AWsxromPsx2+bSDQizfvUKS04belG69cyQigsUzTQQTjv5eR0HhqTj+w89znVzdrj jo9Q== X-Forwarded-Encrypted: i=1; AJvYcCX1eTJSwomfmL8mzarDHtbALHAHWFC9LZ0+7OsXfGvIfcQmYDA/XZTBxl5K/ju1RH1eDT+J5J9NzLh/BMpkdcfL@vger.kernel.org, AJvYcCXIGSvda660x9wq5KeKWjUfVYaBvpzH9fsNYIZIPn+wS5ml0+3GnsX9Owd1W0ZP+ZbgzQSSlVEmSRKHAbU=@vger.kernel.org X-Gm-Message-State: AOJu0YxoPUAQ1jBmIyzCcQtBXPkN4W+iu9ck+zphMflAEZDpxuhHrrN7 egY8N3E5dkKGWSLvl9QWq48NEpuv57+EiSVQbMa4hLZbETjxfjLi X-Google-Smtp-Source: AGHT+IEK/qY7kO3EuTXV/jRfrEbLu6Bs8uGBQ+icVQCx2B6S9pRxxPh+utvTvacXCNe8KWGJaLv35w== X-Received: by 2002:a05:6402:26d1:b0:5c5:da5e:68e with SMTP id 4fb4d7f45d1cf-5c95ac09876mr10710253a12.3.1728845744129; Sun, 13 Oct 2024 11:55:44 -0700 (PDT) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-a9a12d384b9sm13500866b.172.2024.10.13.11.55.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 13 Oct 2024 11:55:43 -0700 (PDT) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Pablo Neira Ayuso , Jozsef Kadlecsik , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Jiri Pirko , Sebastian Andrzej Siewior , Lorenzo Bianconi , "Frank Wunderlich" , Daniel Golle , Eric Woudstra Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org Subject: [PATCH RFC v1 net-next 09/12] netfilter: nft_flow_offload: Add NFPROTO_BRIDGE to validate Date: Sun, 13 Oct 2024 20:55:05 +0200 Message-ID: <20241013185509.4430-10-ericwouds@gmail.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20241013185509.4430-1-ericwouds@gmail.com> References: <20241013185509.4430-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Need to add NFPROTO_BRIDGE to nft_flow_offload_validate() to support the bridge-fastpath. Signed-off-by: Eric Woudstra --- net/netfilter/nft_flow_offload.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offl= oad.c index bb15aa55e6fb..6719a810e9b5 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -421,7 +421,8 @@ static int nft_flow_offload_validate(const struct nft_c= tx *ctx, =20 if (ctx->family !=3D NFPROTO_IPV4 && ctx->family !=3D NFPROTO_IPV6 && - ctx->family !=3D NFPROTO_INET) + ctx->family !=3D NFPROTO_INET && + ctx->family !=3D NFPROTO_BRIDGE) return -EOPNOTSUPP; =20 return nft_chain_validate_hooks(ctx->chain, hook_mask); --=20 2.45.2 From nobody Wed Nov 27 04:37:23 2024 Received: from mail-ej1-f53.google.com (mail-ej1-f53.google.com [209.85.218.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 43DFB15B13D; Sun, 13 Oct 2024 18:55:47 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.53 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728845748; cv=none; b=prQq1YxguN19qxqMsE9ePD19ig6SVoSx3bDOipxhSHpglGts/m19ASRw01zgI5yra3kldvq+HhmS9lXQg4M8/ZeAFlJZTSKlrnJDJjAeNkSX4DpC/VfM5XHJ8qwIXb2RZkNgMPVjgYREZDYpPvYD+9lKa2kY9G5MltK7Y6D8gL8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728845748; c=relaxed/simple; bh=LbQq3WarvL86qr5fxHFaZ7pGgCWpQpMufczHVKCXtSc=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Mjx09XzkDopk0/a5IBJbka1JDBymwisy755JQkh4SB/ymO0M7FTGnCuC+gThZi0DYccVU/dF7OIVWZRWpevTzc4j0nfV7MJJSXg1D0+GVUAjImCdBmdte+Q5vpJNusy0mGMRr1hi/tCjQFQGVnhbOn4/Zt1WsgF3DNqMRpwyGUw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=ZddH/vFZ; arc=none smtp.client-ip=209.85.218.53 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="ZddH/vFZ" Received: by mail-ej1-f53.google.com with SMTP id a640c23a62f3a-a9a0474e70eso97733066b.0; Sun, 13 Oct 2024 11:55:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1728845746; x=1729450546; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=9DH9O06Lp64TibMF8pahG9IPkhLX3XCOl3DriGpuFd0=; b=ZddH/vFZElhyHdCkMdYs+yW7NIdfsHPxhZiqBbPPbz9fakSggT0e8OY+ziqaTogsaa aUKP6iuJPZmlgHoYpLmc4YVZomMZZIEuR9D+f79aUNaiXOhX/JvubnIpdv6WHD7ydTue McbjJ717fI1kpi4ELgJdlDjwASQeUuBds1/SfzjPTq3xV8UqbYb+ACSAt2axxWuLV/+O 1834huoSIeJ0LjRNLOPAemAIA7ICf0Qbq6yC0TcwEcnBRx24ccPa7WmWFDtPI4UxAPxO EXpDhU9hqdOACTmiUPCSrxcPKkq/FLh+d1vCjsj3BqFGBmn2klsor2E9VcZF1HFvnJ/U 3iYQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728845746; x=1729450546; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=9DH9O06Lp64TibMF8pahG9IPkhLX3XCOl3DriGpuFd0=; b=W674XgttgJ6K6zK8wSMNHZtIcD77htch4JZdAf46Ym/jTQDS6Z98u6Sz2JDRQYKofb I4zDfaxNQ/0S3mJMh7cv7GOoSIXX3q9PFKItc7UlcMgcpE9J1g5FPDxVu2C73rSTKor5 6J1rpmk5xPJrjdayT8LZ1DR/htJoCtvgtIlUdvnIE17cEXCgXqTFZ8ZPN2KEUy9V1eGY +K3nXKg2aD2osJvWXUAqvPHSXjD2aZ0EvIvj9ZD3ao3XPhgrm5jZV6dkGFTyOtyHljLx Ysyma/b+eUzWbYQpcucawdrflAN0MhMNiCPvqe+rlYP6klnVg5OgPmo0GCgkQBRTCwwY hU7w== X-Forwarded-Encrypted: i=1; AJvYcCUg3zGxmYVgx5AHtdjwVA8srcyxGvCVbjutHNdpMqXSFplUOdV6beRLWgBODA3sdEpVxuZTT7SjD43v0x7u0/fU@vger.kernel.org, AJvYcCV6vaUtI986Io/qz7BUnId7BmoykCPeZAW4K5sOyY6hLFcWFggH4LXpvkYrFIPaVQcJJARsCaTTE5/Orb0=@vger.kernel.org X-Gm-Message-State: AOJu0Yx9iPREsqJHXmtXfdwXGBf2j2VRcXI8DPVTSN7Kh1qru1xfnr9V 7zx8uoLy2y6uGCE5JX+4RgHHamOoWEIVAT1ibBUmFUG3nqKxTW3n X-Google-Smtp-Source: AGHT+IF3e958cm6WfptQrjYwvw+8nY6U3EWzISV9aoZ2s8HNdWFDat+7mlGlek7WSgxj3fgwgQWR5g== X-Received: by 2002:a17:907:7f12:b0:a99:f945:8776 with SMTP id a640c23a62f3a-a99f94588c4mr336725266b.24.1728845745513; Sun, 13 Oct 2024 11:55:45 -0700 (PDT) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-a9a12d384b9sm13500866b.172.2024.10.13.11.55.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 13 Oct 2024 11:55:45 -0700 (PDT) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Pablo Neira Ayuso , Jozsef Kadlecsik , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Jiri Pirko , Sebastian Andrzej Siewior , Lorenzo Bianconi , "Frank Wunderlich" , Daniel Golle , Eric Woudstra Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org Subject: [PATCH RFC v1 net-next 10/12] netfilter: nft_flow_offload: Add DEV_PATH_MTK_WDMA to nft_dev_path_info() Date: Sun, 13 Oct 2024 20:55:06 +0200 Message-ID: <20241013185509.4430-11-ericwouds@gmail.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20241013185509.4430-1-ericwouds@gmail.com> References: <20241013185509.4430-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" In case of using mediatek wireless, in nft_dev_fill_forward_path(), the forward path is filled, ending with mediatek wlan1. Because DEV_PATH_MTK_WDMA is unknown inside nft_dev_path_info() it returns with info.indev =3D NULL. Then nft_dev_forward_path() returns without setting the direct transmit parameters. This results in a neighbor transmit, and direct transmit not possible. But we want to use it for flow between bridged interfaces. So this patch adds DEV_PATH_MTK_WDMA to nft_dev_path_info() and makes direct transmission possible. Signed-off-by: Eric Woudstra --- net/netfilter/nft_flow_offload.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offl= oad.c index 6719a810e9b5..2923286d475e 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -106,6 +106,7 @@ static void nft_dev_path_info(const struct net_device_p= ath_stack *stack, switch (path->type) { case DEV_PATH_ETHERNET: case DEV_PATH_DSA: + case DEV_PATH_MTK_WDMA: case DEV_PATH_VLAN: case DEV_PATH_PPPOE: info->indev =3D path->dev; @@ -114,7 +115,7 @@ static void nft_dev_path_info(const struct net_device_p= ath_stack *stack, =20 if (path->type =3D=3D DEV_PATH_ETHERNET) break; - if (path->type =3D=3D DEV_PATH_DSA) { + if (path->type =3D=3D DEV_PATH_DSA || path->type =3D=3D DEV_PATH_MTK_WD= MA) { i =3D stack->num_paths; break; } --=20 2.45.2 From nobody Wed Nov 27 04:37:23 2024 Received: from mail-ej1-f50.google.com (mail-ej1-f50.google.com [209.85.218.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A05D416C69F; Sun, 13 Oct 2024 18:55:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.50 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728845750; cv=none; b=Qs+eEBqjhly5gPjg18ch1rxZdpQWEDfyWWpUGwS8QW8w3UzNCa2PNwdsdVQ75BVfRsvOtRGC64DC2MjrmOXqNRkgkb8mzNeSRhJTROYY0gscVhGWp3wG0IL3nqm0qF/ElgPsjl8ZmY5EbzO0SfX8R17v0InihwOlw4Fo4YeAum4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728845750; c=relaxed/simple; bh=2MrR29L0apTeymIhO5SD5LS844z7+xt7fA+cUFkaNlQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Gz//gw2WQMHsKqbdsdiXsc9IZEnaYjwYNFTG9DX509HzKvL3vtc0iIJic0pM4RBWRue85pRZ8NKMrwhNLpVDMPbw/yTpIUXZ5pjZWzHImGatTtNs6UVF4TR2bm/4QIEL8bFSTAFaCEsmHnnHCVg3UAw4isDFVURRL02/QZ2dD+E= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=ggxGFXvP; arc=none smtp.client-ip=209.85.218.50 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="ggxGFXvP" Received: by mail-ej1-f50.google.com with SMTP id a640c23a62f3a-a994cd82a3bso529018566b.2; Sun, 13 Oct 2024 11:55:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1728845747; x=1729450547; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=/wvQCHOWWIW7US3Y24oFxpAEUoI5Ll0qD/qvu+rx8QE=; b=ggxGFXvPopeiAWp+nnKcOv2dj4AsiQLbcaIT/dryhNw+zgHBkE95C50QVx6MR7ygQz cDHPpI3uifGj/RWNaYTLJK2o2vNGJQjT1TS5qYybczFVaBFXMg4YH1uBj0qYdZn+oSux cSBoo+EjIHC6JyY7Jm6B3ysX6Ch3R0EYjkGihHr9i2+rxYeNK4J+HQ92HgP+2e6PAgC8 SSm8YWxbGNNQ1kycxvL8m7Ly5arTMfS66odVcjEBys7jQ7ms4qbRP0Yl0CpPGT0ogz70 DffHGPMjTq5eil7tTJ96yajVoIOmqdlxmDk+xVw6s12XuQDjxkj5tEcX+/RJ3r1/LkSE W18Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728845747; x=1729450547; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=/wvQCHOWWIW7US3Y24oFxpAEUoI5Ll0qD/qvu+rx8QE=; b=SgokHDQLPGnCblbeYTlZxlrdG/NzE8BtAiaUgyKvOOPwxqldYTOu88oox3WipQOLkT QBTdsgAtBu9zP4vdZtvbTP1GUghY3ApYM1Kw6ypYsXGMZmwENjsbTNxnZKbyMdLaALiC STGE2sXpa4mzKuS+MrwwAGTMVqMk1/dCRzvsKIcqW8PRHtb1xj6yxVQeMjt/PZ31Eed+ v21r2wVYY2uEh/UBR4M0UJm33id9qcMddpP4sFT6Tkto+J/SWmFfZnSXCsjLAs5ZCG+8 GgM8cDzVhBKmuoBTn7btabsH0+z/NMKJsXeHRrJ/87Mdj7lqbtdf/X+efuG8+1ru4uLt Qh4w== X-Forwarded-Encrypted: i=1; AJvYcCVQ6UbASEVY2nYk7ErYTLwLEh8u7b3nsUOGBcotVW4w0BPaMIb0kg3COTUHD3J4jZb6uREl3ffESzWjdsk=@vger.kernel.org, AJvYcCWGKUtASGnUJRAC/8jQRoVQ6qbPy9Innd5tFrmJ7jm1kz+eXfTVGfOCXZuEgp0lXsZiP/olbA7PvFONmvYp8bV/@vger.kernel.org X-Gm-Message-State: AOJu0YzUn0ctWLKPFqDcuz40eM6RkkzL9XMs4RU7q+4p1E2bnwuDN1az c9LOchZvJD2uhFkU4VklnyKy3SNnFKUYIe17oUinNoAviQUENiK6 X-Google-Smtp-Source: AGHT+IFcMh7X7AR/VKEwvdjIeYhwzK2WvA/EYBgn+NK/HakHY1UTKH1K6wSO2SOJbW3fWApGJV4UEA== X-Received: by 2002:a17:907:6d27:b0:a99:b592:edba with SMTP id a640c23a62f3a-a99b93a7d8amr743812866b.1.1728845746819; Sun, 13 Oct 2024 11:55:46 -0700 (PDT) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-a9a12d384b9sm13500866b.172.2024.10.13.11.55.45 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 13 Oct 2024 11:55:46 -0700 (PDT) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Pablo Neira Ayuso , Jozsef Kadlecsik , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Jiri Pirko , Sebastian Andrzej Siewior , Lorenzo Bianconi , "Frank Wunderlich" , Daniel Golle , Eric Woudstra Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org Subject: [PATCH RFC v1 net-next 11/12] bridge: br_vlan_fill_forward_path_mode no _UNTAG_HW for dsa Date: Sun, 13 Oct 2024 20:55:07 +0200 Message-ID: <20241013185509.4430-12-ericwouds@gmail.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20241013185509.4430-1-ericwouds@gmail.com> References: <20241013185509.4430-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" In network setup as below: fastpath bypass .----------------------------------------. / \ | IP - forwarding | | / \ v | / wan ... | / | | | | | brlan.1 | | | +-------------------------------+ | | vlan 1 | | | | | | brlan (vlan-filtering) | | | +---------------+ | | | DSA-SWITCH | | | vlan 1 | | | | to | | | | untagged 1 vlan 1 | | +---------------+---------------+ . / \ ----->wlan1 lan0 . . . ^ ^ vlan 1 tagged packets untagged packets Now that DEV_PATH_MTK_WDMA is added to nft_dev_path_info() the forward path is filled also when ending with the mediatek wlan1, info.indev not NULL now in nft_dev_forward_path(). This results in a direct transmit instead of a neighbor transmit. This is how it should be, But this fails. br_vlan_fill_forward_path_mode() sets DEV_PATH_BR_VLAN_UNTAG_HW when filling in from brlan.1 towards wlan1. But it should be set to DEV_PATH_BR_VLAN_UNTAG in this case. Using BR_VLFLAG_ADDED_BY_SWITCHDEV is not correct. The dsa switchdev adds it as a foreign port. Use BR_VLFLAG_TAGGING_BY_SWITCHDEV to make sure DEV_PATH_BR_VLAN_UNTAG is set when there is a dsa-switch inside the bridge. Signed-off-by: Eric Woudstra --- net/bridge/br_private.h | 1 + net/bridge/br_vlan.c | 18 +++++++++++++++++- 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/net/bridge/br_private.h b/net/bridge/br_private.h index 8da7798f9368..7d427214cc7c 100644 --- a/net/bridge/br_private.h +++ b/net/bridge/br_private.h @@ -180,6 +180,7 @@ enum { BR_VLFLAG_MCAST_ENABLED =3D BIT(2), BR_VLFLAG_GLOBAL_MCAST_ENABLED =3D BIT(3), BR_VLFLAG_NEIGH_SUPPRESS_ENABLED =3D BIT(4), + BR_VLFLAG_TAGGING_BY_SWITCHDEV =3D BIT(5), }; =20 /** diff --git a/net/bridge/br_vlan.c b/net/bridge/br_vlan.c index 1830d7d617cd..b7877724b969 100644 --- a/net/bridge/br_vlan.c +++ b/net/bridge/br_vlan.c @@ -3,6 +3,7 @@ #include #include #include +#include #include =20 #include "br_private.h" @@ -100,6 +101,19 @@ static void __vlan_flags_commit(struct net_bridge_vlan= *v, u16 flags) __vlan_flags_update(v, flags, true); } =20 +static inline bool br_vlan_tagging_by_switchdev(struct net_bridge *br) +{ +#if IS_ENABLED(CONFIG_NET_DSA) + struct net_bridge_port *p; + + list_for_each_entry(p, &br->port_list, list) { + if (dsa_user_dev_check(p->dev)) + return false; + } +#endif + return true; +} + static int __vlan_vid_add(struct net_device *dev, struct net_bridge *br, struct net_bridge_vlan *v, u16 flags, struct netlink_ext_ack *extack) @@ -113,6 +127,8 @@ static int __vlan_vid_add(struct net_device *dev, struc= t net_bridge *br, if (err =3D=3D -EOPNOTSUPP) return vlan_vid_add(dev, br->vlan_proto, v->vid); v->priv_flags |=3D BR_VLFLAG_ADDED_BY_SWITCHDEV; + if (br_vlan_tagging_by_switchdev(br)) + v->priv_flags |=3D BR_VLFLAG_TAGGING_BY_SWITCHDEV; return err; } =20 @@ -1491,7 +1507,7 @@ int br_vlan_fill_forward_path_mode(struct net_bridge = *br, =20 if (path->bridge.vlan_mode =3D=3D DEV_PATH_BR_VLAN_TAG) path->bridge.vlan_mode =3D DEV_PATH_BR_VLAN_KEEP; - else if (v->priv_flags & BR_VLFLAG_ADDED_BY_SWITCHDEV) + else if (v->priv_flags & BR_VLFLAG_TAGGING_BY_SWITCHDEV) path->bridge.vlan_mode =3D DEV_PATH_BR_VLAN_UNTAG_HW; else path->bridge.vlan_mode =3D DEV_PATH_BR_VLAN_UNTAG; --=20 2.45.2 From nobody Wed Nov 27 04:37:23 2024 Received: from mail-ej1-f49.google.com (mail-ej1-f49.google.com [209.85.218.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 03CED197A68; Sun, 13 Oct 2024 18:55:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.49 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728845751; cv=none; b=RZIhdPn20u46pKvwLytL6P11Mmlt8IiHvJfWx7C+jYYQCPG3SAr9+zqmimh8UimQigNWg7TvNAn6Zezs9w37blmamTomifMvzgT1DK92Beydtj/ZuXTqmsOwOVrPZmiGTzUOn7zpXLproTsvsKOARZ/rLhYWvO3LshkqqDqgsUA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728845751; c=relaxed/simple; bh=n5GlTdCtKOmtjAaFIunijEhjxn6K4vforcxuYnG9cJ0=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=GqqO7uSrgFHIHUtD0MKTgQHwKyLt7UQWJ4nqbjUvE4U3HUGpSRHSeqE2+4Dxgb6GgBNh49ztatXo49zV+/VLfQwfkqiyDUTGbDZVC9Ea22rEiETAgk1tnXaxlskPVyoJIxkFTaQV5yMS+rRH808hw1GWgxcyZJeRYplKd1RrHv4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=k6beZ14d; arc=none smtp.client-ip=209.85.218.49 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="k6beZ14d" Received: by mail-ej1-f49.google.com with SMTP id a640c23a62f3a-a99f1fd20c4so189157866b.0; Sun, 13 Oct 2024 11:55:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1728845748; x=1729450548; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=nXqA2N6PSdeku8lbnGk/r0H6SHXM5r8C6mfKewggPXk=; b=k6beZ14dj1lQG6jpSqamSyfeOqeyPm1p6byFsZuGX9D3L10O2p/l6jhWg8s8qNoqRH +cP7uWvViwFtHoiSMzSfVZfQVrlqFJajIB1+A6xoHwUozvoJRvC5gnmsNM42dbE5wtew eWzUzUAY5EGk87ob8Ip2gA9TfB3DOBRFrbZM/GRnl49W9xneQklcPlne1KjQnBpzTsGd Wi9t6MVrclDmulR/E56JCNR9SwpHwbPWPSlvHK+mLwt3me5WoN0PMW7gJqMtfC5IrFeb U3UMHw0C8SuZHNvgK+d4wv1is531ZTSLO+Gh3QikmKWj/bOplxWbB7fyzdN1NVSt4djG WdkA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728845748; x=1729450548; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=nXqA2N6PSdeku8lbnGk/r0H6SHXM5r8C6mfKewggPXk=; b=JwFoHRSptyF6Mb6usIPGeOOLF/Vo8fh54B2UFylaTU6blzhe23vNq9PY3ctOTzIFkq H/5Bc1V9H+I8ONdMk5IVGNDC0YnACTylSL4XRaxM6uFcs5ce2WuAs7xD8rW0Puch1gUZ j7PeqcjKoncH2PPUotAjoWfc7XWsk+XEG/52LS4xQfw7KVdHpW7qWLNdJBPIze5csJ7n uJeFoNOhLWsTIwbS0Ezi6KAC+BSKAGVDSmGDH+ONT+sk/BzOp45b2gGY3T/rCSTK8cgZ 1wwKbmTDQAjEl7+bDp0QcY+wcMrW5ZY/79xmL/axYCuMEwiSblNZr5q1JGsvqimxK97D b5Wg== X-Forwarded-Encrypted: i=1; AJvYcCWSqn9zPVGWm6P6v9H3eHxCE8Or+tlch8OxZ3NeqrcYcHUW+05H7S/fmhl7qEt6IDKUVVZI8Hz7NMX3osg=@vger.kernel.org, AJvYcCXAzItjBDrWwIDl5zvI4LV16kAPAebh27FlhiDd85LcNFpa3sjj++zfAPpt44FOfRQPwbc8GHCULE0S6pJh0Hoj@vger.kernel.org X-Gm-Message-State: AOJu0Yz487lkdcB+goUEkni7SdAsz48w2fh1p2JxOwVZy5WVkfkjApL3 sFsNKGlXQnj2du+AIVi1D0L3lrq0xgVdbL8o2DqZkijqczy7ewWZ X-Google-Smtp-Source: AGHT+IGDRNNl2WNHKk/RQYIt3X3ZUbDBl2cG/u3cyrPOyqik2hRlsXTDnJIYfMk+W8sAqccVFejf5w== X-Received: by 2002:a17:906:6a0f:b0:a9a:196:fc29 with SMTP id a640c23a62f3a-a9a0196fee5mr289924666b.61.1728845748194; Sun, 13 Oct 2024 11:55:48 -0700 (PDT) Received: from corebook.localdomain (2001-1c00-020d-1300-1b1c-4449-176a-89ea.cable.dynamic.v6.ziggo.nl. [2001:1c00:20d:1300:1b1c:4449:176a:89ea]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-a9a12d384b9sm13500866b.172.2024.10.13.11.55.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 13 Oct 2024 11:55:47 -0700 (PDT) From: Eric Woudstra To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Pablo Neira Ayuso , Jozsef Kadlecsik , Roopa Prabhu , Nikolay Aleksandrov , Matthias Brugger , AngeloGioacchino Del Regno , Jiri Pirko , Sebastian Andrzej Siewior , Lorenzo Bianconi , "Frank Wunderlich" , Daniel Golle , Eric Woudstra Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org Subject: [PATCH RFC v1 net-next 12/12] netfilter: nft_flow_offload: Add bridgeflow to nft_flow_offload_eval() Date: Sun, 13 Oct 2024 20:55:08 +0200 Message-ID: <20241013185509.4430-13-ericwouds@gmail.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20241013185509.4430-1-ericwouds@gmail.com> References: <20241013185509.4430-1-ericwouds@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Edit nft_flow_offload_eval() to make it possible to handle a flowtable of the nft bridge family. Use nft_flow_offload_bridge_init() to fill the flow tuples. It uses nft_dev_fill_bridge_path() in each direction. Signed-off-by: Eric Woudstra --- net/netfilter/nft_flow_offload.c | 142 +++++++++++++++++++++++++++++-- 1 file changed, 137 insertions(+), 5 deletions(-) diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offl= oad.c index 2923286d475e..bd4850691baa 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -184,6 +184,129 @@ static bool nft_flowtable_find_dev(const struct net_d= evice *dev, return found; } =20 +static int nft_dev_fill_bridge_path(struct flow_offload *flow, + struct nft_flowtable *ft, + const struct nft_pktinfo *pkt, + enum ip_conntrack_dir dir, + const struct net_device *src_dev, + const struct net_device *dst_dev, + unsigned char *src_ha, + unsigned char *dst_ha) +{ + struct flow_offload_tuple_rhash *th =3D flow->tuplehash; + struct net_device_path_stack stack; + struct net_device_path_ctx ctx =3D {}; + struct nft_forward_info info =3D {}; + int i, j =3D 0; + + for (i =3D th[dir].tuple.encap_num - 1; i >=3D 0 ; i--) { + if (info.num_encaps >=3D NF_FLOW_TABLE_ENCAP_MAX) + return -1; + info.encap[info.num_encaps].id =3D th[dir].tuple.encap[i].id; + info.encap[info.num_encaps].proto =3D th[dir].tuple.encap[i].proto; + info.num_encaps++; + + if (th[dir].tuple.encap[i].proto =3D=3D htons(ETH_P_PPP_SES)) + continue; + + if (ctx.num_vlans >=3D NET_DEVICE_PATH_VLAN_MAX) + return -1; + ctx.vlan[ctx.num_vlans].id =3D th[dir].tuple.encap[i].id; + ctx.vlan[ctx.num_vlans].proto =3D th[dir].tuple.encap[i].proto; + ctx.num_vlans++; + } + ctx.dev =3D src_dev; + ether_addr_copy(ctx.daddr, dst_ha); + + if (dev_fill_bridge_path(&ctx, &stack) < 0) + return -1; + + nft_dev_path_info(&stack, &info, dst_ha, &ft->data); + + if (!info.indev || info.indev !=3D dst_dev) + return -1; + + th[!dir].tuple.iifidx =3D info.indev->ifindex; + for (i =3D info.num_encaps - 1; i >=3D 0; i--) { + th[!dir].tuple.encap[j].id =3D info.encap[i].id; + th[!dir].tuple.encap[j].proto =3D info.encap[i].proto; + if (info.ingress_vlans & BIT(i)) + th[!dir].tuple.in_vlan_ingress |=3D BIT(j); + j++; + } + th[!dir].tuple.encap_num =3D info.num_encaps; + + th[dir].tuple.mtu =3D dst_dev->mtu; + ether_addr_copy(th[dir].tuple.out.h_source, src_ha); + ether_addr_copy(th[dir].tuple.out.h_dest, dst_ha); + th[dir].tuple.out.ifidx =3D info.outdev->ifindex; + th[dir].tuple.out.hw_ifidx =3D info.hw_outdev->ifindex; + th[dir].tuple.xmit_type =3D FLOW_OFFLOAD_XMIT_DIRECT; + + return 0; +} + +static int nft_flow_offload_bridge_init(struct flow_offload *flow, + const struct nft_pktinfo *pkt, + enum ip_conntrack_dir dir, + struct nft_flowtable *ft) +{ + struct ethhdr *eth =3D eth_hdr(pkt->skb); + struct flow_offload_tuple *tuple; + const struct net_device *out_dev; + const struct net_device *in_dev; + int err, i =3D 0; + + in_dev =3D nft_in(pkt); + if (!in_dev || !nft_flowtable_find_dev(in_dev, ft)) + return -1; + + out_dev =3D nft_out(pkt); + if (!out_dev || !nft_flowtable_find_dev(out_dev, ft)) + return -1; + + tuple =3D &flow->tuplehash[!dir].tuple; + + if (skb_vlan_tag_present(pkt->skb)) { + tuple->encap[i].id =3D skb_vlan_tag_get(pkt->skb); + tuple->encap[i].proto =3D pkt->skb->vlan_proto; + i++; + } + switch (pkt->skb->protocol) { + case htons(ETH_P_8021Q): + struct vlan_hdr *vhdr; + + vhdr =3D (struct vlan_hdr *)skb_network_header(pkt->skb); + tuple->encap[i].id =3D ntohs(vhdr->h_vlan_TCI); + tuple->encap[i].proto =3D pkt->skb->protocol; + i++; + break; + case htons(ETH_P_PPP_SES): + struct pppoe_hdr *phdr; + + phdr =3D (struct pppoe_hdr *)skb_network_header(pkt->skb); + tuple->encap[i].id =3D ntohs(phdr->sid); + tuple->encap[i].proto =3D pkt->skb->protocol; + i++; + break; + } + tuple->encap_num =3D i; + + err =3D nft_dev_fill_bridge_path(flow, ft, pkt, !dir, out_dev, in_dev, + eth->h_dest, eth->h_source); + if (err < 0) + return err; + + memset(tuple->encap, 0, sizeof(tuple->encap)); + + err =3D nft_dev_fill_bridge_path(flow, ft, pkt, dir, in_dev, out_dev, + eth->h_source, eth->h_dest); + if (err < 0) + return err; + + return 0; +} + static void nft_dev_forward_path(struct nf_flow_route *route, const struct nf_conn *ct, enum ip_conntrack_dir dir, @@ -294,6 +417,7 @@ static void nft_flow_offload_eval(const struct nft_expr= *expr, { struct nft_flow_offload *priv =3D nft_expr_priv(expr); struct nf_flowtable *flowtable =3D &priv->flowtable->data; + bool routing =3D (flowtable->type->family !=3D NFPROTO_BRIDGE); struct tcphdr _tcph, *tcph =3D NULL; struct nf_flow_route route =3D {}; enum ip_conntrack_info ctinfo; @@ -347,14 +471,20 @@ static void nft_flow_offload_eval(const struct nft_ex= pr *expr, goto out; =20 dir =3D CTINFO2DIR(ctinfo); - if (nft_flow_route(pkt, ct, &route, dir, priv->flowtable) < 0) - goto err_flow_route; + if (routing) { + if (nft_flow_route(pkt, ct, &route, dir, priv->flowtable) < 0) + goto err_flow_route; + } =20 flow =3D flow_offload_alloc(ct); if (!flow) goto err_flow_alloc; =20 - flow_offload_route_init(flow, &route); + if (routing) + flow_offload_route_init(flow, &route); + else + if (nft_flow_offload_bridge_init(flow, pkt, dir, priv->flowtable) < 0) + goto err_flow_route; =20 if (tcph) { ct->proto.tcp.seen[0].flags |=3D IP_CT_TCP_FLAG_BE_LIBERAL; @@ -407,8 +537,10 @@ static void nft_flow_offload_eval(const struct nft_exp= r *expr, err_flow_add: flow_offload_free(flow); err_flow_alloc: - dst_release(route.tuple[dir].dst); - dst_release(route.tuple[!dir].dst); + if (routing) { + dst_release(route.tuple[dir].dst); + dst_release(route.tuple[!dir].dst); + } err_flow_route: clear_bit(IPS_OFFLOAD_BIT, &ct->status); out: --=20 2.45.2