On Fri, Apr 09, 2021 at 10:27:17AM +0200, Pablo Neira Ayuso wrote:
> On Fri, Apr 09, 2021 at 01:03:49PM +0800, wenxu@xxxxxxxxx wrote:
> > From: wenxu <wenxu@xxxxxxxxx>
> >
> > For the vlan packet the h_vlan_encapsulated_proto should be set
> > on the flow_dissector_key_basic->n_porto flow_dissector.
> >
> > Fixes: a82055af5959 ("netfilter: nft_payload: add VLAN offload support")
> > Fixes: 89d8fd44abfb ("netfilter: nft_payload: add C-VLAN offload support")
> > Signed-off-by: wenxu <wenxu@xxxxxxxxx>
> > ---
> > net/netfilter/nft_payload.c | 8 ++++----
> > 1 file changed, 4 insertions(+), 4 deletions(-)
> >
> > diff --git a/net/netfilter/nft_payload.c b/net/netfilter/nft_payload.c
> > index cb1c8c2..84c5ecc 100644
> > --- a/net/netfilter/nft_payload.c
> > +++ b/net/netfilter/nft_payload.c
> > @@ -233,8 +233,8 @@ static int nft_payload_offload_ll(struct nft_offload_ctx *ctx,
> > if (!nft_payload_offload_mask(reg, priv->len, sizeof(__be16)))
> > return -EOPNOTSUPP;
> >
> > - NFT_OFFLOAD_MATCH(FLOW_DISSECTOR_KEY_VLAN, vlan,
> > - vlan_tpid, sizeof(__be16), reg);
> > + NFT_OFFLOAD_MATCH(FLOW_DISSECTOR_KEY_BASIC, basic,
> > + n_proto, sizeof(__be16), reg);
>
> nftables already sets KEY_BASIC accordingly to 0x8100.
>
> # nft --debug=netlink add rule netdev x y vlan id 100
> netdev
> [ meta load iiftype => reg 1 ]
> [ cmp eq reg 1 0x00000001 ]
> [ payload load 2b @ link header + 12 => reg 1 ]
> [ cmp eq reg 1 0x00000081 ] <----------------------------- HERE
> [ payload load 2b @ link header + 14 => reg 1 ]
> [ bitwise reg 1 = ( reg 1 & 0x0000ff0f ) ^ 0x00000000 ]
> [ cmp eq reg 1 0x00006400 ]
>
> What are you trying to fix?
Could you provide a rule that works for tc offload with vlan? I'd like
to check what internal representation is triggering in the kernel.
