| Message ID | 20210418210415.4719-2-pablo@netfilter.org |
|---|---|
| State | New |
| Headers | show |
| Series | [net-next,01/14] netfilter: flowtable: add vlan match offload support | expand |
Hello: This series was applied to netdev/net-next.git (refs/heads/master): On Sun, 18 Apr 2021 23:04:02 +0200 you wrote: > From: wenxu <wenxu@ucloud.cn> > > This patch adds support for vlan_id, vlan_priority and vlan_proto match > for flowtable offload. > > Signed-off-by: wenxu <wenxu@ucloud.cn> > Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> > > [...] Here is the summary with links: - [net-next,01/14] netfilter: flowtable: add vlan match offload support https://git.kernel.org/netdev/net-next/c/3e1b0c168f6c - [net-next,02/14] netfilter: flowtable: add vlan pop action offload support https://git.kernel.org/netdev/net-next/c/efce49dfe6a8 - [net-next,03/14] netfilter: conntrack: move autoassign warning member to net_generic data https://git.kernel.org/netdev/net-next/c/098b5d3565e2 - [net-next,04/14] netfilter: conntrack: move autoassign_helper sysctl to net_generic data https://git.kernel.org/netdev/net-next/c/67f28216ca04 - [net-next,05/14] netfilter: conntrack: move expect counter to net_generic data https://git.kernel.org/netdev/net-next/c/f6f2e580d5f7 - [net-next,06/14] netfilter: conntrack: move ct counter to net_generic data https://git.kernel.org/netdev/net-next/c/c53bd0e96662 - [net-next,07/14] netfilter: conntrack: convert sysctls to u8 https://git.kernel.org/netdev/net-next/c/9b1a4d0f914b - [net-next,08/14] netfilter: flowtable: Add FLOW_OFFLOAD_XMIT_UNSPEC xmit type https://git.kernel.org/netdev/net-next/c/78ed0a9bc6db - [net-next,09/14] netfilter: nft_payload: fix C-VLAN offload support https://git.kernel.org/netdev/net-next/c/14c20643ef94 - [net-next,10/14] netfilter: nftables_offload: VLAN id needs host byteorder in flow dissector https://git.kernel.org/netdev/net-next/c/ff4d90a89d3d - [net-next,11/14] netfilter: nftables_offload: special ethertype handling for VLAN https://git.kernel.org/netdev/net-next/c/783003f3bb8a - [net-next,12/14] netfilter: Dissect flow after packet mangling https://git.kernel.org/netdev/net-next/c/812fa71f0d96 - [net-next,13/14] selftests: fib_tests: Add test cases for interaction with mangling https://git.kernel.org/netdev/net-next/c/8826218215de - [net-next,14/14] netfilter: nftables: counter hardware offload support https://git.kernel.org/netdev/net-next/c/b72920f6e4a9 You are awesome, thank you! -- Deet-doot-dot, I am a bot. https://korg.docs.kernel.org/patchwork/pwbot.html
diff --git a/include/net/netfilter/nf_flow_table.h b/include/net/netfilter/nf_flow_table.h index 583b327d8fc0..d46e422c9d10 100644 --- a/include/net/netfilter/nf_flow_table.h +++ b/include/net/netfilter/nf_flow_table.h @@ -21,6 +21,8 @@ struct nf_flow_key { struct flow_dissector_key_control control; struct flow_dissector_key_control enc_control; struct flow_dissector_key_basic basic; + struct flow_dissector_key_vlan vlan; + struct flow_dissector_key_vlan cvlan; union { struct flow_dissector_key_ipv4_addrs ipv4; struct flow_dissector_key_ipv6_addrs ipv6; diff --git a/net/netfilter/nf_flow_table_offload.c b/net/netfilter/nf_flow_table_offload.c index 7d0d128407be..dc1d6b4e35f8 100644 --- a/net/netfilter/nf_flow_table_offload.c +++ b/net/netfilter/nf_flow_table_offload.c @@ -78,6 +78,16 @@ static void nf_flow_rule_lwt_match(struct nf_flow_match *match, match->dissector.used_keys |= enc_keys; } +static void nf_flow_rule_vlan_match(struct flow_dissector_key_vlan *key, + struct flow_dissector_key_vlan *mask, + u16 vlan_id, __be16 proto) +{ + key->vlan_id = vlan_id; + mask->vlan_id = VLAN_VID_MASK; + key->vlan_tpid = proto; + mask->vlan_tpid = 0xffff; +} + static int nf_flow_rule_match(struct nf_flow_match *match, const struct flow_offload_tuple *tuple, struct dst_entry *other_dst) @@ -85,6 +95,7 @@ static int nf_flow_rule_match(struct nf_flow_match *match, struct nf_flow_key *mask = &match->mask; struct nf_flow_key *key = &match->key; struct ip_tunnel_info *tun_info; + bool vlan_encap = false; NF_FLOW_DISSECTOR(match, FLOW_DISSECTOR_KEY_META, meta); NF_FLOW_DISSECTOR(match, FLOW_DISSECTOR_KEY_CONTROL, control); @@ -102,6 +113,32 @@ static int nf_flow_rule_match(struct nf_flow_match *match, key->meta.ingress_ifindex = tuple->iifidx; mask->meta.ingress_ifindex = 0xffffffff; + if (tuple->encap_num > 0 && !(tuple->in_vlan_ingress & BIT(0)) && + tuple->encap[0].proto == htons(ETH_P_8021Q)) { + NF_FLOW_DISSECTOR(match, FLOW_DISSECTOR_KEY_VLAN, vlan); + nf_flow_rule_vlan_match(&key->vlan, &mask->vlan, + tuple->encap[0].id, + tuple->encap[0].proto); + vlan_encap = true; + } + + if (tuple->encap_num > 1 && !(tuple->in_vlan_ingress & BIT(1)) && + tuple->encap[1].proto == htons(ETH_P_8021Q)) { + if (vlan_encap) { + NF_FLOW_DISSECTOR(match, FLOW_DISSECTOR_KEY_CVLAN, + cvlan); + nf_flow_rule_vlan_match(&key->cvlan, &mask->cvlan, + tuple->encap[1].id, + tuple->encap[1].proto); + } else { + NF_FLOW_DISSECTOR(match, FLOW_DISSECTOR_KEY_VLAN, + vlan); + nf_flow_rule_vlan_match(&key->vlan, &mask->vlan, + tuple->encap[1].id, + tuple->encap[1].proto); + } + } + switch (tuple->l3proto) { case AF_INET: key->control.addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;