>On Thu, May 26, 2022 at 02:57:30AM -0400, wenxu@xxxxxxxxxxxxxxx wrote:
>[...]
>> diff --git a/net/netfilter/nf_flow_table_ip.c b/net/netfilter/nf_flow_table_ip.c
>> index b350fe9..5da651d 100644
>> --- a/net/netfilter/nf_flow_table_ip.c
>> +++ b/net/netfilter/nf_flow_table_ip.c
>> @@ -291,6 +291,23 @@ static bool nf_flow_skb_encap_protocol(const struct sk_buff *skb, __be16 proto,
>> return false;
>> }
>>
>> +static void nf_flow_encap_push(struct sk_buff *skb,
>> + struct flow_offload_tuple_rhash *tuplehash)
>> +{
>> + int i;
>> +
>> + for (i = 0; i < tuplehash->tuple.encap_num; i++) {
>> + switch (tuplehash->tuple.encap[i].proto) {
>> + case htons(ETH_P_8021Q):
>> + case htons(ETH_P_8021AD):
>> + skb_vlan_push(skb,
>
>Nit: skb_vlan_push() might fail.
>
>> + tuplehash->tuple.encap[i].proto,
>> + tuplehash->tuple.encap[i].id);
>> + break;
>> + }
>> + }
>> +}
>
>If I understand correctly, the goal of this patchset is to move the
>existing vlan and ppp support to use the XMIT_DIRECT path?
>
>So this already works but you would prefer to not use XMIT_NEIGH?
>
>The scenarios you describe already work fine with the existing
>codebase? I am assuming 'eth' provides Internet access? You refer to
>this in the patch description:
The eth is the lower device of the bridge.
router
|------------|
eth0-->br0 eth-internet
Without this patch the packet come from eth-internet will
always send through the router interface br0 with XMIT_NEIGH.
With this patch the packet come from eth-internet will send through
eth0 directly with XMIT_DIRECT(with vlan tag if need).
So it can totally bypass the bridge process for ingress packet.
>
> br0.100-->br0(vlan filter enable)-->eth
> br0(vlan filter enable)-->eth
> br0(vlan filter disable)-->eth.100-->eth
>
