On 2022/5/17 19:18, Pablo Neira Ayuso wrote: > Hi, > > On Tue, May 17, 2022 at 09:56:57AM +0800, wenxu wrote: >> The patch “netfilter: nft_flow_offload: fix offload with pppoe + vlan” >> >> Currently the nf flow table can't offload pppoe encap. So this patch >> fix the pppoe + vlan problem for no encap offload logic in the nf tree, the >> outdev should be the pppoe device but not vlan device. > You mean Felix's patch is not correct ? Felix's patch is correct. Because There is no pppoe encap software offload feature in the nf tree. > >> My patch provide a feature with pppoe encap offload. I think that the difference >> and maybe I can repost the three patch rebase to this series? > Or maybe you mean you would like to repost for review on top once the > fixes show on nf.git ? Yes. > > Thanks. > >> Any ideas? >> >> On 2022/5/16 19:13, Pablo Neira Ayuso wrote: >>> Hi, >>> >>> This is likely clashing with Felix's fixes: >>> >>> https://patchwork.ozlabs.org/project/netfilter-devel/patch/20220509122616.65449-1-nbd@xxxxxxxx/ >>> https://patchwork.ozlabs.org/project/netfilter-devel/patch/20220509122616.65449-2-nbd@xxxxxxxx/ >>> https://patchwork.ozlabs.org/project/netfilter-devel/patch/20220509122616.65449-3-nbd@xxxxxxxx/ >>> https://patchwork.ozlabs.org/project/netfilter-devel/patch/20220509122616.65449-4-nbd@xxxxxxxx/ >>> >>> On Tue, May 10, 2022 at 09:26:16AM -0400, wenxu@xxxxxxxxxxxxxxx wrote: >>>> From: wenxu <wenxu@xxxxxxxxxxxxxxx> >>>> >>>> This patch put the pppoe process in the FLOW_OFFLOAD_XMIT_DIRECT >>>> mode. Xmit the packet with PPPoE can offload to the underlay device >>>> directly. >>>> >>>> It can support all kinds of VLAN dev path: >>>> pppoe-->eth >>>> pppoe-->br0.100-->br0(vlan filter enable)-->eth >>>> pppoe-->eth.100-->eth >>>> >>>> The packet xmit and recv offload to the 'eth' in both original and >>>> reply direction. >>>> >>>> Signed-off-by: wenxu <wenxu@xxxxxxxxxxxxxxx> >>>> --- >>>> This patch based on the following one: nf_flow_table_offload: offload the vlan encap in the flowtable >>>> http://patchwork.ozlabs.org/project/netfilter-devel/patch/1649169515-4337-1-git-send-email-wenx05124561@xxxxxxx/ >>>> >>>> include/net/netfilter/nf_flow_table.h | 34 ++++++++++++++++++++++++++++++++++ >>>> net/netfilter/nf_flow_table_ip.c | 3 +++ >>>> net/netfilter/nft_flow_offload.c | 10 +++------- >>>> 3 files changed, 40 insertions(+), 7 deletions(-) >>>> >>>> diff --git a/include/net/netfilter/nf_flow_table.h b/include/net/netfilter/nf_flow_table.h >>>> index 64daafd..8be369c 100644 >>>> --- a/include/net/netfilter/nf_flow_table.h >>>> +++ b/include/net/netfilter/nf_flow_table.h >>>> @@ -319,6 +319,40 @@ int nf_flow_rule_route_ipv6(struct net *net, const struct flow_offload *flow, >>>> int nf_flow_table_offload_init(void); >>>> void nf_flow_table_offload_exit(void); >>>> >>>> +static inline int nf_flow_ppoe_push(struct sk_buff *skb, u16 id) >>>> +{ >>>> + struct ppp_hdr { >>>> + struct pppoe_hdr hdr; >>>> + __be16 proto; >>>> + } *ph; >>>> + int data_len = skb->len + 2; >>>> + __be16 proto; >>>> + >>>> + if (skb_cow_head(skb, PPPOE_SES_HLEN)) >>>> + return -1; >>>> + >>>> + if (skb->protocol == htons(ETH_P_IP)) >>>> + proto = htons(PPP_IP); >>>> + else if (skb->protocol == htons(ETH_P_IPV6)) >>>> + proto = htons(PPP_IPV6); >>>> + else >>>> + return -1; >>>> + >>>> + __skb_push(skb, PPPOE_SES_HLEN); >>>> + skb_reset_network_header(skb); >>>> + >>>> + ph = (struct ppp_hdr *)(skb->data); >>>> + ph->hdr.ver = 1; >>>> + ph->hdr.type = 1; >>>> + ph->hdr.code = 0; >>>> + ph->hdr.sid = htons(id); >>>> + ph->hdr.length = htons(data_len); >>>> + ph->proto = proto; >>>> + skb->protocol = htons(ETH_P_PPP_SES); >>>> + >>>> + return 0; >>>> +} >>>> + >>>> static inline __be16 nf_flow_pppoe_proto(const struct sk_buff *skb) >>>> { >>>> __be16 proto; >>>> diff --git a/net/netfilter/nf_flow_table_ip.c b/net/netfilter/nf_flow_table_ip.c >>>> index 99ae2550..d1c0d95 100644 >>>> --- a/net/netfilter/nf_flow_table_ip.c >>>> +++ b/net/netfilter/nf_flow_table_ip.c >>>> @@ -295,6 +295,9 @@ static void nf_flow_encap_push(struct sk_buff *skb, >>>> tuplehash->tuple.encap[i].proto, >>>> tuplehash->tuple.encap[i].id); >>>> break; >>>> + case htons(ETH_P_PPP_SES): >>>> + nf_flow_ppoe_push(skb, tuplehash->tuple.encap[i].id); >>>> + break; >>>> } >>>> } >>>> } >>>> diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c >>>> index f9837c9..eea8637 100644 >>>> --- a/net/netfilter/nft_flow_offload.c >>>> +++ b/net/netfilter/nft_flow_offload.c >>>> @@ -122,12 +122,9 @@ static void nft_dev_path_info(const struct net_device_path_stack *stack, >>>> info->encap[info->num_encaps].id = path->encap.id; >>>> info->encap[info->num_encaps].proto = path->encap.proto; >>>> info->num_encaps++; >>>> - if (path->type == DEV_PATH_PPPOE) { >>>> - info->outdev = path->dev; >>>> + if (path->type == DEV_PATH_PPPOE) >>>> memcpy(info->h_dest, path->encap.h_dest, ETH_ALEN); >>>> - } >>>> - if (path->type == DEV_PATH_VLAN) >>>> - info->xmit_type = FLOW_OFFLOAD_XMIT_DIRECT; >>>> + info->xmit_type = FLOW_OFFLOAD_XMIT_DIRECT; >>>> break; >>>> case DEV_PATH_BRIDGE: >>>> if (is_zero_ether_addr(info->h_source)) >>>> @@ -155,8 +152,7 @@ static void nft_dev_path_info(const struct net_device_path_stack *stack, >>>> break; >>>> } >>>> } >>>> - if (!info->outdev) >>>> - info->outdev = info->indev; >>>> + info->outdev = info->indev; >>>> >>>> info->hw_outdev = info->indev; >>>> >>>> -- >>>> 1.8.3.1 >>>>
