From patchwork Fri Sep 13 15:03:03 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: wenxu X-Patchwork-Id: 1162111 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=ucloud.cn Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 46VJmX6SH2z9sNf for ; Sat, 14 Sep 2019 01:03:24 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2390517AbfIMPDW (ORCPT ); Fri, 13 Sep 2019 11:03:22 -0400 Received: from m9784.mail.qiye.163.com ([220.181.97.84]:47441 "EHLO m9784.mail.qiye.163.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2390433AbfIMPDW (ORCPT ); Fri, 13 Sep 2019 11:03:22 -0400 Received: from localhost.localdomain (unknown [123.59.132.129]) by m9784.mail.qiye.163.com (Hmail) with ESMTPA id 96D1741604; Fri, 13 Sep 2019 23:03:11 +0800 (CST) From: wenxu@ucloud.cn To: pablo@netfilter.org Cc: netfilter-devel@vger.kernel.org Subject: [PATCH nf-next v6 1/8] netfilter: nft_tunnel: add nft_tunnel_mode_validate function Date: Fri, 13 Sep 2019 23:03:03 +0800 Message-Id: <1568386990-29660-2-git-send-email-wenxu@ucloud.cn> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1568386990-29660-1-git-send-email-wenxu@ucloud.cn> References: <1568386990-29660-1-git-send-email-wenxu@ucloud.cn> X-HM-Spam-Status: e1kfGhgUHx5ZQUtXWQgYFAkeWUFZVklVSk5KS0tLSU1KSEtNTE1ZV1koWU FJQjdXWS1ZQUlXWQkOFx4IWUFZNTQpNjo3JCkuNz5ZBg++ X-HM-Sender-Digest: e1kMHhlZQR0aFwgeV1kSHx4VD1lBWUc6PDY6Ejo*HTg2TCs9PzI*Dx8T CRhPCi9VSlVKTk1DSENNQkJKTU5NVTMWGhIXVQweFQMOOw4YFxQOH1UYFUVZV1kSC1lBWUpJSFVO QlVKSElVSklCWVdZCAFZQUlDTEo3Bg++ X-HM-Tid: 0a6d2b26460a2086kuqy96d1741604 Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org From: wenxu Move mode validate common code to nft_tunnel_mode_validate function. Signed-off-by: wenxu --- net/netfilter/nft_tunnel.c | 25 +++++++++++++++---------- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/net/netfilter/nft_tunnel.c b/net/netfilter/nft_tunnel.c index 3d4c2ae..78b6e8f 100644 --- a/net/netfilter/nft_tunnel.c +++ b/net/netfilter/nft_tunnel.c @@ -18,6 +18,19 @@ struct nft_tunnel { enum nft_tunnel_mode mode:8; }; +static bool nft_tunnel_mode_validate(enum nft_tunnel_mode priv_mode, + u8 tun_mode) +{ + if (priv_mode == NFT_TUNNEL_MODE_NONE || + (priv_mode == NFT_TUNNEL_MODE_RX && + !(tun_mode & IP_TUNNEL_INFO_TX)) || + (priv_mode == NFT_TUNNEL_MODE_TX && + (tun_mode & IP_TUNNEL_INFO_TX))) + return true; + + return false; +} + static void nft_tunnel_get_eval(const struct nft_expr *expr, struct nft_regs *regs, const struct nft_pktinfo *pkt) @@ -34,11 +47,7 @@ static void nft_tunnel_get_eval(const struct nft_expr *expr, nft_reg_store8(dest, false); return; } - if (priv->mode == NFT_TUNNEL_MODE_NONE || - (priv->mode == NFT_TUNNEL_MODE_RX && - !(tun_info->mode & IP_TUNNEL_INFO_TX)) || - (priv->mode == NFT_TUNNEL_MODE_TX && - (tun_info->mode & IP_TUNNEL_INFO_TX))) + if (nft_tunnel_mode_validate(priv->mode, tun_info->mode)) nft_reg_store8(dest, true); else nft_reg_store8(dest, false); @@ -48,11 +57,7 @@ static void nft_tunnel_get_eval(const struct nft_expr *expr, regs->verdict.code = NFT_BREAK; return; } - if (priv->mode == NFT_TUNNEL_MODE_NONE || - (priv->mode == NFT_TUNNEL_MODE_RX && - !(tun_info->mode & IP_TUNNEL_INFO_TX)) || - (priv->mode == NFT_TUNNEL_MODE_TX && - (tun_info->mode & IP_TUNNEL_INFO_TX))) + if (nft_tunnel_mode_validate(priv->mode, tun_info->mode)) *dest = ntohl(tunnel_id_to_key32(tun_info->key.tun_id)); else regs->verdict.code = NFT_BREAK; From patchwork Fri Sep 13 15:03:04 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: wenxu X-Patchwork-Id: 1162113 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=ucloud.cn Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 46VJmY6y9Bz9sNx for ; Sat, 14 Sep 2019 01:03:25 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2390549AbfIMPDZ (ORCPT ); Fri, 13 Sep 2019 11:03:25 -0400 Received: from m9784.mail.qiye.163.com ([220.181.97.84]:47443 "EHLO m9784.mail.qiye.163.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2390490AbfIMPDZ (ORCPT ); Fri, 13 Sep 2019 11:03:25 -0400 Received: from localhost.localdomain (unknown [123.59.132.129]) by m9784.mail.qiye.163.com (Hmail) with ESMTPA id A57EB41621; Fri, 13 Sep 2019 23:03:11 +0800 (CST) From: wenxu@ucloud.cn To: pablo@netfilter.org Cc: netfilter-devel@vger.kernel.org Subject: [PATCH nf-next v6 2/8] netfilter: nft_tunnel: support NFT_TUNNEL_IP_SRC/DST match Date: Fri, 13 Sep 2019 23:03:04 +0800 Message-Id: <1568386990-29660-3-git-send-email-wenxu@ucloud.cn> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1568386990-29660-1-git-send-email-wenxu@ucloud.cn> References: <1568386990-29660-1-git-send-email-wenxu@ucloud.cn> X-HM-Spam-Status: e1kfGhgUHx5ZQUtXWQgYFAkeWUFZVklVSk5KS0tLSU1KSEtNTE1ZV1koWU FJQjdXWS1ZQUlXWQkOFx4IWUFZNTQpNjo3JCkuNz5ZBg++ X-HM-Sender-Digest: e1kMHhlZQR0aFwgeV1kSHx4VD1lBWUc6NBg6LTo*HDg9HysvLzEVDy4f CAswFE9VSlVKTk1DSENNQkJKTEpPVTMWGhIXVQweFQMOOw4YFxQOH1UYFUVZV1kSC1lBWUpJSFVO QlVKSElVSklCWVdZCAFZQUlMS0o3Bg++ X-HM-Tid: 0a6d2b2646462086kuqya57eb41621 Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org From: wenxu Add new two NFT_TUNNEL_IP_SRC/DST match in nft_tunnel Signed-off-by: wenxu --- include/uapi/linux/netfilter/nf_tables.h | 2 ++ net/netfilter/nft_tunnel.c | 22 ++++++++++++++++++++++ 2 files changed, 24 insertions(+) diff --git a/include/uapi/linux/netfilter/nf_tables.h b/include/uapi/linux/netfilter/nf_tables.h index ed8881a..d459f49 100644 --- a/include/uapi/linux/netfilter/nf_tables.h +++ b/include/uapi/linux/netfilter/nf_tables.h @@ -1773,6 +1773,8 @@ enum nft_tunnel_key_attributes { enum nft_tunnel_keys { NFT_TUNNEL_PATH, NFT_TUNNEL_ID, + NFT_TUNNEL_IP_SRC, + NFT_TUNNEL_IP_DST, __NFT_TUNNEL_MAX }; #define NFT_TUNNEL_MAX (__NFT_TUNNEL_MAX - 1) diff --git a/net/netfilter/nft_tunnel.c b/net/netfilter/nft_tunnel.c index 78b6e8f..9a55546 100644 --- a/net/netfilter/nft_tunnel.c +++ b/net/netfilter/nft_tunnel.c @@ -62,6 +62,26 @@ static void nft_tunnel_get_eval(const struct nft_expr *expr, else regs->verdict.code = NFT_BREAK; break; + case NFT_TUNNEL_IP_SRC: + if (!tun_info) { + regs->verdict.code = NFT_BREAK; + return; + } + if (nft_tunnel_mode_validate(priv->mode, tun_info->mode)) + *dest = tun_info->key.u.ipv4.src; + else + regs->verdict.code = NFT_BREAK; + break; + case NFT_TUNNEL_IP_DST: + if (!tun_info) { + regs->verdict.code = NFT_BREAK; + return; + } + if (nft_tunnel_mode_validate(priv->mode, tun_info->mode)) + *dest = tun_info->key.u.ipv4.dst; + else + regs->verdict.code = NFT_BREAK; + break; default: WARN_ON(1); regs->verdict.code = NFT_BREAK; @@ -91,6 +111,8 @@ static int nft_tunnel_get_init(const struct nft_ctx *ctx, len = sizeof(u8); break; case NFT_TUNNEL_ID: + case NFT_TUNNEL_IP_SRC: + case NFT_TUNNEL_IP_DST: len = sizeof(u32); break; default: From patchwork Fri Sep 13 15:03:06 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: wenxu X-Patchwork-Id: 1162109 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=ucloud.cn Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 46VJmT6QVGz9s4Y for ; Sat, 14 Sep 2019 01:03:21 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2390495AbfIMPDV (ORCPT ); Fri, 13 Sep 2019 11:03:21 -0400 Received: from m9784.mail.qiye.163.com ([220.181.97.84]:47471 "EHLO m9784.mail.qiye.163.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2390487AbfIMPDU (ORCPT ); Fri, 13 Sep 2019 11:03:20 -0400 Received: from localhost.localdomain (unknown [123.59.132.129]) by m9784.mail.qiye.163.com (Hmail) with ESMTPA id CC27441630; Fri, 13 Sep 2019 23:03:11 +0800 (CST) From: wenxu@ucloud.cn To: pablo@netfilter.org Cc: netfilter-devel@vger.kernel.org Subject: [PATCH nf-next v6 4/8] netfilter: nft_tunnel: support NFT_TUNNEL_IP6_SRC/DST match Date: Fri, 13 Sep 2019 23:03:06 +0800 Message-Id: <1568386990-29660-5-git-send-email-wenxu@ucloud.cn> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1568386990-29660-1-git-send-email-wenxu@ucloud.cn> References: <1568386990-29660-1-git-send-email-wenxu@ucloud.cn> X-HM-Spam-Status: e1kfGhgUHx5ZQUtXWQgYFAkeWUFZVklVSk5KS0tLSU1KSEtNTE1ZV1koWU FJQjdXWS1ZQUlXWQkOFx4IWUFZNTQpNjo3JCkuNz5ZBg++ X-HM-Sender-Digest: e1kMHhlZQR0aFwgeV1kSHx4VD1lBWUc6OSI6OSo5Ezg6Ays3PzFRDx8T Dh5PCTVVSlVKTk1DSENNQkJKQ0xNVTMWGhIXVQweFQMOOw4YFxQOH1UYFUVZV1kSC1lBWUpJSFVO QlVKSElVSklCWVdZCAFZQUlCS0g3Bg++ X-HM-Tid: 0a6d2b2646e52086kuqycc27441630 Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org From: wenxu Add new two NFT_TUNNEL_IP6_SRC/DST match in nft_tunnel Signed-off-by: wenxu --- include/uapi/linux/netfilter/nf_tables.h | 2 ++ net/netfilter/nft_tunnel.c | 28 ++++++++++++++++++++++++++++ 2 files changed, 30 insertions(+) diff --git a/include/uapi/linux/netfilter/nf_tables.h b/include/uapi/linux/netfilter/nf_tables.h index d459f49..da9b1d1 100644 --- a/include/uapi/linux/netfilter/nf_tables.h +++ b/include/uapi/linux/netfilter/nf_tables.h @@ -1775,6 +1775,8 @@ enum nft_tunnel_keys { NFT_TUNNEL_ID, NFT_TUNNEL_IP_SRC, NFT_TUNNEL_IP_DST, + NFT_TUNNEL_IP6_SRC, + NFT_TUNNEL_IP6_DST, __NFT_TUNNEL_MAX }; #define NFT_TUNNEL_MAX (__NFT_TUNNEL_MAX - 1) diff --git a/net/netfilter/nft_tunnel.c b/net/netfilter/nft_tunnel.c index 3ca7d80..f128b28 100644 --- a/net/netfilter/nft_tunnel.c +++ b/net/netfilter/nft_tunnel.c @@ -96,6 +96,30 @@ static void nft_tunnel_get_eval(const struct nft_expr *expr, else regs->verdict.code = NFT_BREAK; break; + case NFT_TUNNEL_IP6_SRC: + if (!tun_info) { + regs->verdict.code = NFT_BREAK; + return; + } + if (nft_tunnel_mode_validate(priv->mode, tun_info->mode, + NFT_INET_IP6_TYPE)) + memcpy(dest, &tun_info->key.u.ipv6.src, + sizeof(struct in6_addr)); + else + regs->verdict.code = NFT_BREAK; + break; + case NFT_TUNNEL_IP6_DST: + if (!tun_info) { + regs->verdict.code = NFT_BREAK; + return; + } + if (nft_tunnel_mode_validate(priv->mode, tun_info->mode, + NFT_INET_IP6_TYPE)) + memcpy(dest, &tun_info->key.u.ipv6.dst, + sizeof(struct in6_addr)); + else + regs->verdict.code = NFT_BREAK; + break; default: WARN_ON(1); regs->verdict.code = NFT_BREAK; @@ -129,6 +153,10 @@ static int nft_tunnel_get_init(const struct nft_ctx *ctx, case NFT_TUNNEL_IP_DST: len = sizeof(u32); break; + case NFT_TUNNEL_IP6_SRC: + case NFT_TUNNEL_IP6_DST: + len = sizeof(struct in6_addr); + break; default: return -EOPNOTSUPP; } From patchwork Fri Sep 13 15:03:07 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: wenxu X-Patchwork-Id: 1162117 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=ucloud.cn Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 46VJmh6rVnz9s4Y for ; Sat, 14 Sep 2019 01:03:32 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2390557AbfIMPDc (ORCPT ); Fri, 13 Sep 2019 11:03:32 -0400 Received: from m9784.mail.qiye.163.com ([220.181.97.84]:47521 "EHLO m9784.mail.qiye.163.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2390433AbfIMPDc (ORCPT ); Fri, 13 Sep 2019 11:03:32 -0400 Received: from localhost.localdomain (unknown [123.59.132.129]) by m9784.mail.qiye.163.com (Hmail) with ESMTPA id DB30A41634; Fri, 13 Sep 2019 23:03:11 +0800 (CST) From: wenxu@ucloud.cn To: pablo@netfilter.org Cc: netfilter-devel@vger.kernel.org Subject: [PATCH nf-next v6 5/8] netfilter: nft_tunnel: support tunnel meta match offload Date: Fri, 13 Sep 2019 23:03:07 +0800 Message-Id: <1568386990-29660-6-git-send-email-wenxu@ucloud.cn> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1568386990-29660-1-git-send-email-wenxu@ucloud.cn> References: <1568386990-29660-1-git-send-email-wenxu@ucloud.cn> X-HM-Spam-Status: e1kfGhgUHx5ZQUtXWQgYFAkeWUFZVkpVS05DQkJCQ0JNS09CTllXWShZQU lCN1dZLVlBSVdZCQ4XHghZQVk1NCk2OjckKS43PlkG X-HM-Sender-Digest: e1kMHhlZQR0aFwgeV1kSHx4VD1lBWUc6MjY6GRw6Azg6TCswPzEcDxgD DSpPCw9VSlVKTk1DSENNQkJKQkhCVTMWGhIXVQweFQMOOw4YFxQOH1UYFUVZV1kSC1lBWUpJSFVO QlVKSElVSklCWVdZCAFZQUhDQkM3Bg++ X-HM-Tid: 0a6d2b2647222086kuqydb30a41634 Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org From: wenxu Add tunnel meta match offload. Currently support for NFT_TUNNEL_ID NFT_TUNNEL_SRC_IP and NFT_TUNNEL_DST_IP Signed-off-by: wenxu --- include/net/netfilter/nf_tables_offload.h | 5 ++++ net/netfilter/nft_tunnel.c | 41 +++++++++++++++++++++++++++++++ 2 files changed, 46 insertions(+) diff --git a/include/net/netfilter/nf_tables_offload.h b/include/net/netfilter/nf_tables_offload.h index ddd048b..a07e18b 100644 --- a/include/net/netfilter/nf_tables_offload.h +++ b/include/net/netfilter/nf_tables_offload.h @@ -45,6 +45,11 @@ struct nft_flow_key { struct flow_dissector_key_ip ip; struct flow_dissector_key_vlan vlan; struct flow_dissector_key_eth_addrs eth_addrs; + struct flow_dissector_key_keyid enc_key_id; + union { + struct flow_dissector_key_ipv4_addrs enc_ipv4; + struct flow_dissector_key_ipv6_addrs enc_ipv6; + }; } __aligned(BITS_PER_LONG / 8); /* Ensure that we can do comparisons as longs. */ struct nft_flow_match { diff --git a/net/netfilter/nft_tunnel.c b/net/netfilter/nft_tunnel.c index f128b28..68ca894 100644 --- a/net/netfilter/nft_tunnel.c +++ b/net/netfilter/nft_tunnel.c @@ -11,6 +11,7 @@ #include #include #include +#include struct nft_tunnel { enum nft_tunnel_keys key:8; @@ -192,6 +193,45 @@ static int nft_tunnel_get_dump(struct sk_buff *skb, return -1; } +static int nft_tunnel_get_offload(struct nft_offload_ctx *ctx, + struct nft_flow_rule *flow, + const struct nft_expr *expr) +{ + const struct nft_tunnel *priv = nft_expr_priv(expr); + struct nft_offload_reg *reg = &ctx->regs[priv->dreg]; + + if (priv->mode == NFT_TUNNEL_MODE_TX) + return -EOPNOTSUPP; + + switch (priv->key) { + case NFT_TUNNEL_ID: + NFT_OFFLOAD_MATCH(FLOW_DISSECTOR_KEY_ENC_KEYID, enc_key_id, + keyid, sizeof(__u32), reg); + break; + case NFT_TUNNEL_IP_SRC: + NFT_OFFLOAD_MATCH(FLOW_DISSECTOR_KEY_ENC_IPV4_ADDRS, enc_ipv4, + src, sizeof(__u32), reg); + break; + case NFT_TUNNEL_IP_DST: + NFT_OFFLOAD_MATCH(FLOW_DISSECTOR_KEY_ENC_IPV4_ADDRS, enc_ipv4, + dst, sizeof(__u32), reg); + break; + case NFT_TUNNEL_IP6_SRC: + NFT_OFFLOAD_MATCH(FLOW_DISSECTOR_KEY_ENC_IPV6_ADDRS, enc_ipv6, + src, sizeof(struct in6_addr), reg); + break; + case NFT_TUNNEL_IP6_DST: + NFT_OFFLOAD_MATCH(FLOW_DISSECTOR_KEY_ENC_IPV6_ADDRS, enc_ipv6, + dst, sizeof(struct in6_addr), reg); + break; + case NFT_TUNNEL_PATH: + default: + return -EOPNOTSUPP; + } + + return 0; +} + static struct nft_expr_type nft_tunnel_type; static const struct nft_expr_ops nft_tunnel_get_ops = { .type = &nft_tunnel_type, @@ -199,6 +239,7 @@ static int nft_tunnel_get_dump(struct sk_buff *skb, .eval = nft_tunnel_get_eval, .init = nft_tunnel_get_init, .dump = nft_tunnel_get_dump, + .offload = nft_tunnel_get_offload, }; static struct nft_expr_type nft_tunnel_type __read_mostly = { From patchwork Fri Sep 13 15:03:08 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: wenxu X-Patchwork-Id: 1162116 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=ucloud.cn Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 46VJmg2BcDz9sNT for ; Sat, 14 Sep 2019 01:03:31 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2390553AbfIMPDa (ORCPT ); Fri, 13 Sep 2019 11:03:30 -0400 Received: from m9784.mail.qiye.163.com ([220.181.97.84]:47519 "EHLO m9784.mail.qiye.163.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2390486AbfIMPDa (ORCPT ); Fri, 13 Sep 2019 11:03:30 -0400 Received: from localhost.localdomain (unknown [123.59.132.129]) by m9784.mail.qiye.163.com (Hmail) with ESMTPA id EAD5F4163E; Fri, 13 Sep 2019 23:03:11 +0800 (CST) From: wenxu@ucloud.cn To: pablo@netfilter.org Cc: netfilter-devel@vger.kernel.org Subject: [PATCH nf-next v6 6/8] netfilter: nft_tunnel: add NFTA_TUNNEL_KEY_RELEASE action Date: Fri, 13 Sep 2019 23:03:08 +0800 Message-Id: <1568386990-29660-7-git-send-email-wenxu@ucloud.cn> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1568386990-29660-1-git-send-email-wenxu@ucloud.cn> References: <1568386990-29660-1-git-send-email-wenxu@ucloud.cn> X-HM-Spam-Status: e1kfGhgUHx5ZQUtXWQgYFAkeWUFZVkpVS05DQkJCQ0JNS09CTllXWShZQU lCN1dZLVlBSVdZCQ4XHghZQVk1NCk2OjckKS43PlkG X-HM-Sender-Digest: e1kMHhlZQR0aFwgeV1kSHx4VD1lBWUc6Pxw6NQw*Mjg1MSspLzcBDy0t DAsaFBVVSlVKTk1DSENNQkJJS0tDVTMWGhIXVQweFQMOOw4YFxQOH1UYFUVZV1kSC1lBWUpJSFVO QlVKSElVSklCWVdZCAFZQUhCT0g3Bg++ X-HM-Tid: 0a6d2b2647632086kuqyead5f4163e Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org From: wenxu Add new NFTA_TUNNEL_KEY_RELEASE action for future offload feature Signed-off-by: wenxu --- include/uapi/linux/netfilter/nf_tables.h | 1 + net/netfilter/nft_tunnel.c | 24 +++++++++++++++++++++--- 2 files changed, 22 insertions(+), 3 deletions(-) diff --git a/include/uapi/linux/netfilter/nf_tables.h b/include/uapi/linux/netfilter/nf_tables.h index da9b1d1..0e24c27 100644 --- a/include/uapi/linux/netfilter/nf_tables.h +++ b/include/uapi/linux/netfilter/nf_tables.h @@ -1766,6 +1766,7 @@ enum nft_tunnel_key_attributes { NFTA_TUNNEL_KEY_SPORT, NFTA_TUNNEL_KEY_DPORT, NFTA_TUNNEL_KEY_OPTS, + NFTA_TUNNEL_KEY_RELEASE, __NFTA_TUNNEL_KEY_MAX }; #define NFTA_TUNNEL_KEY_MAX (__NFTA_TUNNEL_KEY_MAX - 1) diff --git a/net/netfilter/nft_tunnel.c b/net/netfilter/nft_tunnel.c index 68ca894..15d5dc9 100644 --- a/net/netfilter/nft_tunnel.c +++ b/net/netfilter/nft_tunnel.c @@ -262,6 +262,7 @@ struct nft_tunnel_opts { struct nft_tunnel_obj { struct metadata_dst *md; struct nft_tunnel_opts opts; + bool tunnel_key_release; }; static const struct nla_policy nft_tunnel_ip_policy[NFTA_TUNNEL_KEY_IP_MAX + 1] = { @@ -446,6 +447,7 @@ static int nft_tunnel_obj_opts_init(const struct nft_ctx *ctx, [NFTA_TUNNEL_KEY_TOS] = { .type = NLA_U8, }, [NFTA_TUNNEL_KEY_TTL] = { .type = NLA_U8, }, [NFTA_TUNNEL_KEY_OPTS] = { .type = NLA_NESTED, }, + [NFTA_TUNNEL_KEY_RELEASE] = { .type = NLA_U8, }, }; static int nft_tunnel_obj_init(const struct nft_ctx *ctx, @@ -457,6 +459,12 @@ static int nft_tunnel_obj_init(const struct nft_ctx *ctx, struct metadata_dst *md; int err; + if (tb[NFTA_TUNNEL_KEY_RELEASE] && + nla_get_u8(tb[NFTA_TUNNEL_KEY_RELEASE])) { + priv->tunnel_key_release = true; + return 0; + } + if (!tb[NFTA_TUNNEL_KEY_ID]) return -EINVAL; @@ -539,8 +547,11 @@ static inline void nft_tunnel_obj_eval(struct nft_object *obj, struct sk_buff *skb = pkt->skb; skb_dst_drop(skb); - dst_hold((struct dst_entry *) priv->md); - skb_dst_set(skb, (struct dst_entry *) priv->md); + + if (!priv->tunnel_key_release) { + dst_hold((struct dst_entry *)priv->md); + skb_dst_set(skb, (struct dst_entry *)priv->md); + } } static int nft_tunnel_ip_dump(struct sk_buff *skb, struct ip_tunnel_info *info) @@ -642,6 +653,12 @@ static int nft_tunnel_obj_dump(struct sk_buff *skb, struct nft_tunnel_obj *priv = nft_obj_data(obj); struct ip_tunnel_info *info = &priv->md->u.tun_info; + if (priv->tunnel_key_release) { + if (nla_put_u8(skb, NFTA_TUNNEL_KEY_RELEASE, 1)) + goto nla_put_failure; + return 0; + } + if (nla_put_be32(skb, NFTA_TUNNEL_KEY_ID, tunnel_id_to_key32(info->key.tun_id)) || nft_tunnel_ip_dump(skb, info) < 0 || @@ -663,7 +680,8 @@ static void nft_tunnel_obj_destroy(const struct nft_ctx *ctx, { struct nft_tunnel_obj *priv = nft_obj_data(obj); - metadata_dst_free(priv->md); + if (!priv->tunnel_key_release) + metadata_dst_free(priv->md); } static struct nft_object_type nft_tunnel_obj_type; From patchwork Fri Sep 13 15:03:09 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: wenxu X-Patchwork-Id: 1162115 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=ucloud.cn Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 46VJmc5ws4z9s4Y for ; Sat, 14 Sep 2019 01:03:28 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2390552AbfIMPD2 (ORCPT ); Fri, 13 Sep 2019 11:03:28 -0400 Received: from m9784.mail.qiye.163.com ([220.181.97.84]:47533 "EHLO m9784.mail.qiye.163.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2390535AbfIMPD2 (ORCPT ); Fri, 13 Sep 2019 11:03:28 -0400 Received: from localhost.localdomain (unknown [123.59.132.129]) by m9784.mail.qiye.163.com (Hmail) with ESMTPA id 0729E41640; Fri, 13 Sep 2019 23:03:12 +0800 (CST) From: wenxu@ucloud.cn To: pablo@netfilter.org Cc: netfilter-devel@vger.kernel.org Subject: [PATCH nf-next v6 7/8] netfilter: nft_objref: add nft_objref_type offload Date: Fri, 13 Sep 2019 23:03:09 +0800 Message-Id: <1568386990-29660-8-git-send-email-wenxu@ucloud.cn> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1568386990-29660-1-git-send-email-wenxu@ucloud.cn> References: <1568386990-29660-1-git-send-email-wenxu@ucloud.cn> X-HM-Spam-Status: e1kfGhgUHx5ZQUtXWQgYFAkeWUFZVkpVS05DQkJCQ0JNS09CTllXWShZQU lCN1dZLVlBSVdZCQ4XHghZQVk1NCk2OjckKS43PlkG X-HM-Sender-Digest: e1kMHhlZQR0aFwgeV1kSHx4VD1lBWUc6M1E6GBw6FDgzCytWATAIDyxM AykaCk9VSlVKTk1DSENNQkJJS0xLVTMWGhIXVQweFQMOOw4YFxQOH1UYFUVZV1kSC1lBWUpJSFVO QlVKSElVSklCWVdZCAFZQUhLQ003Bg++ X-HM-Tid: 0a6d2b2647a62086kuqy0729e41640 Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org From: wenxu support offload for nft_objref_type Signed-off-by: wenxu --- include/net/netfilter/nf_tables.h | 4 ++++ net/netfilter/nft_objref.c | 14 ++++++++++++++ 2 files changed, 18 insertions(+) diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h index 3d9e66a..498f662 100644 --- a/include/net/netfilter/nf_tables.h +++ b/include/net/netfilter/nf_tables.h @@ -1128,6 +1128,7 @@ struct nft_object_type { * @destroy: release existing stateful object * @dump: netlink dump stateful object * @update: update stateful object + * @update: offload stateful object */ struct nft_object_ops { void (*eval)(struct nft_object *obj, @@ -1144,6 +1145,9 @@ struct nft_object_ops { bool reset); void (*update)(struct nft_object *obj, struct nft_object *newobj); + int (*offload)(struct nft_offload_ctx *ctx, + struct nft_flow_rule *flow, + struct nft_object *obj); const struct nft_object_type *type; }; diff --git a/net/netfilter/nft_objref.c b/net/netfilter/nft_objref.c index bfd18d2..4a70972 100644 --- a/net/netfilter/nft_objref.c +++ b/net/netfilter/nft_objref.c @@ -10,6 +10,7 @@ #include #include #include +#include #define nft_objref_priv(expr) *((struct nft_object **)nft_expr_priv(expr)) @@ -82,6 +83,18 @@ static void nft_objref_activate(const struct nft_ctx *ctx, obj->use++; } +static int nft_objref_offload(struct nft_offload_ctx *ctx, + struct nft_flow_rule *flow, + const struct nft_expr *expr) +{ + struct nft_object *obj = nft_objref_priv(expr); + + if (obj->ops->offload) + return obj->ops->offload(ctx, flow, obj); + else + return -EOPNOTSUPP; +} + static struct nft_expr_type nft_objref_type; static const struct nft_expr_ops nft_objref_ops = { .type = &nft_objref_type, @@ -91,6 +104,7 @@ static void nft_objref_activate(const struct nft_ctx *ctx, .activate = nft_objref_activate, .deactivate = nft_objref_deactivate, .dump = nft_objref_dump, + .offload = nft_objref_offload, }; struct nft_objref_map { From patchwork Fri Sep 13 15:03:10 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: wenxu X-Patchwork-Id: 1162114 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=ucloud.cn Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 46VJmZ4SNqz9sPF for ; Sat, 14 Sep 2019 01:03:26 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2390550AbfIMPDZ (ORCPT ); Fri, 13 Sep 2019 11:03:25 -0400 Received: from m9784.mail.qiye.163.com ([220.181.97.84]:47535 "EHLO m9784.mail.qiye.163.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2390528AbfIMPDZ (ORCPT ); Fri, 13 Sep 2019 11:03:25 -0400 Received: from localhost.localdomain (unknown [123.59.132.129]) by m9784.mail.qiye.163.com (Hmail) with ESMTPA id 169F941641; Fri, 13 Sep 2019 23:03:12 +0800 (CST) From: wenxu@ucloud.cn To: pablo@netfilter.org Cc: netfilter-devel@vger.kernel.org Subject: [PATCH nf-next v6 8/8] netfilter: nft_tunnel: support nft_tunnel_obj offload Date: Fri, 13 Sep 2019 23:03:10 +0800 Message-Id: <1568386990-29660-9-git-send-email-wenxu@ucloud.cn> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1568386990-29660-1-git-send-email-wenxu@ucloud.cn> References: <1568386990-29660-1-git-send-email-wenxu@ucloud.cn> X-HM-Spam-Status: e1kfGhgUHx5ZQUtXWQgYFAkeWUFZVkpVS05DQkJCQ0JNS09CTllXWShZQU lCN1dZLVlBSVdZCQ4XHghZQVk1NCk2OjckKS43PlkG X-HM-Sender-Digest: e1kMHhlZQR0aFwgeV1kSHx4VD1lBWUc6Oi46Mzo4TDg5KStKPzcNDyo5 AjpPFDVVSlVKTk1DSENNQkJJSklCVTMWGhIXVQweFQMOOw4YFxQOH1UYFUVZV1kSC1lBWUpJSFVO QlVKSElVSklCWVdZCAFZQUlJTE03Bg++ X-HM-Tid: 0a6d2b2647e52086kuqy169f941641 Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org From: wenxu Add nft_tunnel_obj offload for both encap and decap actions Signed-off-by: wenxu --- net/netfilter/nft_tunnel.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/net/netfilter/nft_tunnel.c b/net/netfilter/nft_tunnel.c index 15d5dc9..cee8831 100644 --- a/net/netfilter/nft_tunnel.c +++ b/net/netfilter/nft_tunnel.c @@ -684,6 +684,25 @@ static void nft_tunnel_obj_destroy(const struct nft_ctx *ctx, metadata_dst_free(priv->md); } +static int nft_tunnel_obj_offload(struct nft_offload_ctx *ctx, + struct nft_flow_rule *flow, + struct nft_object *obj) +{ + struct nft_tunnel_obj *priv = nft_obj_data(obj); + struct flow_action_entry *entry; + + entry = &flow->rule->action.entries[ctx->num_actions++]; + + if (!priv->tunnel_key_release) { + entry->id = FLOW_ACTION_TUNNEL_ENCAP; + entry->tunnel = &priv->md->u.tun_info; + } else { + entry->id = FLOW_ACTION_TUNNEL_DECAP; + } + + return 0; +} + static struct nft_object_type nft_tunnel_obj_type; static const struct nft_object_ops nft_tunnel_obj_ops = { .type = &nft_tunnel_obj_type, @@ -692,6 +711,7 @@ static void nft_tunnel_obj_destroy(const struct nft_ctx *ctx, .init = nft_tunnel_obj_init, .destroy = nft_tunnel_obj_destroy, .dump = nft_tunnel_obj_dump, + .offload = nft_tunnel_obj_offload, }; static struct nft_object_type nft_tunnel_obj_type __read_mostly = {