Hi, On Tue, May 17, 2022 at 09:56:57AM +0800, wenxu wrote: > The patch “netfilter: nft_flow_offload: fix offload with pppoe + vlan” > > Currently the nf flow table can't offload pppoe encap. So this patch > fix the pppoe + vlan problem for no encap offload logic in the nf tree, the > outdev should be the pppoe device but not vlan device. You mean Felix's patch is not correct ? > My patch provide a feature with pppoe encap offload. I think that the difference > and maybe I can repost the three patch rebase to this series? Or maybe you mean you would like to repost for review on top once the fixes show on nf.git ? Thanks. > Any ideas? > > On 2022/5/16 19:13, Pablo Neira Ayuso wrote: > > Hi, > > > > This is likely clashing with Felix's fixes: > > > > https://patchwork.ozlabs.org/project/netfilter-devel/patch/20220509122616.65449-1-nbd@xxxxxxxx/ > > https://patchwork.ozlabs.org/project/netfilter-devel/patch/20220509122616.65449-2-nbd@xxxxxxxx/ > > https://patchwork.ozlabs.org/project/netfilter-devel/patch/20220509122616.65449-3-nbd@xxxxxxxx/ > > https://patchwork.ozlabs.org/project/netfilter-devel/patch/20220509122616.65449-4-nbd@xxxxxxxx/ > > > > On Tue, May 10, 2022 at 09:26:16AM -0400, wenxu@xxxxxxxxxxxxxxx wrote: > >> From: wenxu <wenxu@xxxxxxxxxxxxxxx> > >> > >> This patch put the pppoe process in the FLOW_OFFLOAD_XMIT_DIRECT > >> mode. Xmit the packet with PPPoE can offload to the underlay device > >> directly. > >> > >> It can support all kinds of VLAN dev path: > >> pppoe-->eth > >> pppoe-->br0.100-->br0(vlan filter enable)-->eth > >> pppoe-->eth.100-->eth > >> > >> The packet xmit and recv offload to the 'eth' in both original and > >> reply direction. > >> > >> Signed-off-by: wenxu <wenxu@xxxxxxxxxxxxxxx> > >> --- > >> This patch based on the following one: nf_flow_table_offload: offload the vlan encap in the flowtable > >> http://patchwork.ozlabs.org/project/netfilter-devel/patch/1649169515-4337-1-git-send-email-wenx05124561@xxxxxxx/ > >> > >> include/net/netfilter/nf_flow_table.h | 34 ++++++++++++++++++++++++++++++++++ > >> net/netfilter/nf_flow_table_ip.c | 3 +++ > >> net/netfilter/nft_flow_offload.c | 10 +++------- > >> 3 files changed, 40 insertions(+), 7 deletions(-) > >> > >> diff --git a/include/net/netfilter/nf_flow_table.h b/include/net/netfilter/nf_flow_table.h > >> index 64daafd..8be369c 100644 > >> --- a/include/net/netfilter/nf_flow_table.h > >> +++ b/include/net/netfilter/nf_flow_table.h > >> @@ -319,6 +319,40 @@ int nf_flow_rule_route_ipv6(struct net *net, const struct flow_offload *flow, > >> int nf_flow_table_offload_init(void); > >> void nf_flow_table_offload_exit(void); > >> > >> +static inline int nf_flow_ppoe_push(struct sk_buff *skb, u16 id) > >> +{ > >> + struct ppp_hdr { > >> + struct pppoe_hdr hdr; > >> + __be16 proto; > >> + } *ph; > >> + int data_len = skb->len + 2; > >> + __be16 proto; > >> + > >> + if (skb_cow_head(skb, PPPOE_SES_HLEN)) > >> + return -1; > >> + > >> + if (skb->protocol == htons(ETH_P_IP)) > >> + proto = htons(PPP_IP); > >> + else if (skb->protocol == htons(ETH_P_IPV6)) > >> + proto = htons(PPP_IPV6); > >> + else > >> + return -1; > >> + > >> + __skb_push(skb, PPPOE_SES_HLEN); > >> + skb_reset_network_header(skb); > >> + > >> + ph = (struct ppp_hdr *)(skb->data); > >> + ph->hdr.ver = 1; > >> + ph->hdr.type = 1; > >> + ph->hdr.code = 0; > >> + ph->hdr.sid = htons(id); > >> + ph->hdr.length = htons(data_len); > >> + ph->proto = proto; > >> + skb->protocol = htons(ETH_P_PPP_SES); > >> + > >> + return 0; > >> +} > >> + > >> static inline __be16 nf_flow_pppoe_proto(const struct sk_buff *skb) > >> { > >> __be16 proto; > >> diff --git a/net/netfilter/nf_flow_table_ip.c b/net/netfilter/nf_flow_table_ip.c > >> index 99ae2550..d1c0d95 100644 > >> --- a/net/netfilter/nf_flow_table_ip.c > >> +++ b/net/netfilter/nf_flow_table_ip.c > >> @@ -295,6 +295,9 @@ static void nf_flow_encap_push(struct sk_buff *skb, > >> tuplehash->tuple.encap[i].proto, > >> tuplehash->tuple.encap[i].id); > >> break; > >> + case htons(ETH_P_PPP_SES): > >> + nf_flow_ppoe_push(skb, tuplehash->tuple.encap[i].id); > >> + break; > >> } > >> } > >> } > >> diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c > >> index f9837c9..eea8637 100644 > >> --- a/net/netfilter/nft_flow_offload.c > >> +++ b/net/netfilter/nft_flow_offload.c > >> @@ -122,12 +122,9 @@ static void nft_dev_path_info(const struct net_device_path_stack *stack, > >> info->encap[info->num_encaps].id = path->encap.id; > >> info->encap[info->num_encaps].proto = path->encap.proto; > >> info->num_encaps++; > >> - if (path->type == DEV_PATH_PPPOE) { > >> - info->outdev = path->dev; > >> + if (path->type == DEV_PATH_PPPOE) > >> memcpy(info->h_dest, path->encap.h_dest, ETH_ALEN); > >> - } > >> - if (path->type == DEV_PATH_VLAN) > >> - info->xmit_type = FLOW_OFFLOAD_XMIT_DIRECT; > >> + info->xmit_type = FLOW_OFFLOAD_XMIT_DIRECT; > >> break; > >> case DEV_PATH_BRIDGE: > >> if (is_zero_ether_addr(info->h_source)) > >> @@ -155,8 +152,7 @@ static void nft_dev_path_info(const struct net_device_path_stack *stack, > >> break; > >> } > >> } > >> - if (!info->outdev) > >> - info->outdev = info->indev; > >> + info->outdev = info->indev; > >> > >> info->hw_outdev = info->indev; > >> > >> -- > >> 1.8.3.1 > >>
