From patchwork Thu Nov 24 11:24:07 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: LiXiong Liu <lxliu@ikuai8.com>
X-Patchwork-Id: 1708654
Return-Path: 
 <openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
 spf=none (no SPF record) smtp.mailfrom=lists.openwrt.org
 (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org;
 envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org;
 receiver=<UNKNOWN>)
Authentication-Results: legolas.ozlabs.org;
	dkim=pass (2048-bit key;
 secure) header.d=lists.infradead.org header.i=@lists.infradead.org
 header.a=rsa-sha256 header.s=bombadil.20210309 header.b=cd4Q2WUm;
	dkim-atps=neutral
Received: from bombadil.infradead.org (bombadil.infradead.org
 [IPv6:2607:7c80:54:3::133])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384)
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4NHwjf487kz23nR
	for <incoming@patchwork.ozlabs.org>; Thu, 24 Nov 2022 22:28:38 +1100 (AEDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20210309; h=Sender:
	Content-Transfer-Encoding:Content-Type:MIME-Version:List-Subscribe:List-Help:
	List-Post:List-Archive:List-Unsubscribe:List-Id:References:In-Reply-To:
	Message-Id:Date:Subject:To:From:Reply-To:Cc:Content-ID:Content-Description:
	Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:
	List-Owner; bh=WZ/LsYQRyt2juGrwtMEi0vl6zPvKcpNsjKr8e6r4FCE=; b=cd4Q2WUmZfahCy
	Vd0ChDfim6qgmC5fFE0MUtE2UutfbKu3EdGO6ghaSbHkpkrZmY0ozU4Kw7PKwz9LUIlq7fSw+Aq1c
	RKp+XOeFKwjzW5E/mjcjYpECwLe3ik00d9AnCX2grGvxRVLqZCJoRaTvyLls0uzK0nigu8q/0D0Hi
	ARIVGL1LRouvgamd2ZymPatfx3FCmrGwU9BYIiCMPHQLU1RSFGZ7w8qnccffU8I7MxRESs4/pvXLG
	Ty/GqSqH41mhlwVRHFL6Peb6/VvnkW6gY3ywKHeO4N0LvfLaesUJqJFtYutzVR6DRWDuuVZQfCR6q
	xJ2Ah638xL60O64xvKEQ==;
Received: from localhost ([::1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux))
	id 1oyAMm-0083A3-3y; Thu, 24 Nov 2022 11:26:04 +0000
Received: from smtpbgau2.qq.com ([54.206.34.216])
	by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux))
	id 1oyALc-0082TI-E2
	for openwrt-devel@lists.openwrt.org; Thu, 24 Nov 2022 11:24:56 +0000
X-QQ-mid: bizesmtp62t1669289062tozr2sgs
Received: from ikuai8.com ( [114.241.221.187])
	by bizesmtp.qq.com (ESMTP) with SMTP id 0
	for <openwrt-devel@lists.openwrt.org>; Thu, 24 Nov 2022 19:24:22 +0800 (CST)
X-QQ-SSF: 01400000002000W0Z000B00A0000000
X-QQ-FEAT: CR3LFp2JE4kOhbLTvHvBu+NukQaBOtNPX/UmtpUJpZDbuXISMv1HnVAFB7r8L
	jJAVVnZ+v4PzK9gRJtopEuJaLck0Emu/lpXc5BjJeUHXjpT0ytvK0SpMncZ2FgxHMy00Mw5
	VRAyz1PvISV4VXvpX9Wbc/Fmg+LLSd5iL59uZsVUMoHz3iZxyRZOm80AAvnDNPfdpeWpblb
	Pz489lxjEKZogsESbUz9YSv1/7JG8eEgMyPFq9wMpe6qxoh7dayRmFtKx5s7j2KO53AQPKP
	k4zrjTGUttXL0+Z8QAxj9YeeYh4dGankn4DicMCCT2NgUqVPogE6hTcsQ46nowJVmG6d+Nh
	TjrLaVwX3esBzmqWg2B9E9BQN9Z74kqBAk8RwCgtSTM16+KJEfw1I1ytp/1Ti4oMGiNXrxu
	jHK98E3g3a+CU1BZwAooXQ==
X-QQ-GoodBg: 2
From: LiXiong Liu <lxliu@ikuai8.com>
To: openwrt-devel@lists.openwrt.org
Subject: [PATCH-22.03 3/4] kernel: support nf_flow_encap_put and more encap
Date: Thu, 24 Nov 2022 19:24:07 +0800
Message-Id: <1669289048-51420-3-git-send-email-lxliu@ikuai8.com>
X-Mailer: git-send-email 2.7.4
In-Reply-To: <1669289048-51420-1-git-send-email-lxliu@ikuai8.com>
References: <1669289048-51420-1-git-send-email-lxliu@ikuai8.com>
X-QQ-SENDSIZE: 520
Feedback-ID: bizesmtp:ikuai8.com:qybglogicsvr:qybglogicsvr7
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20221124_032453_147627_130F2F29 
X-CRM114-Status: GOOD (  12.53  )
X-Spam-Score: -0.0 (/)
X-Spam-Report: Spam detection software,
 running on the system "bombadil.infradead.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview:  Support (8021q + 8021q + pppoe) encap tuple. We need encap
    put to skb Before dev_hard_header(). Signed-off-by: LiXiong Liu
 <lxliu@ikuai8.com>
    --- ...ilter-flowtable-support-nf_flow_encap_put.patch | 157
 +++++++++++++++++++++
    1 file changed,
 157 insertions(+) create mode 100644 target/linux/gener [...]    
 Content analysis details:   (-0.0 points, 5.0 required)
  pts rule name              description
 ---- ----------------------
 --------------------------------------------------
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at https://www.dnswl.org/,
                              no trust
                             [54.206.34.216 listed in list.dnswl.org]
  0.0 SPF_NONE               SPF: sender does not publish an SPF Record
 -0.0 SPF_HELO_PASS          SPF: HELO matches SPF record
 -0.0 RCVD_IN_MSPIKE_H2      RBL: Average reputation (+2)
                             [54.206.34.216 listed in wl.mailspike.net]
X-BeenThere: openwrt-devel@lists.openwrt.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: OpenWrt Development List <openwrt-devel.lists.openwrt.org>
List-Unsubscribe: <https://lists.openwrt.org/mailman/options/openwrt-devel>,
 <mailto:openwrt-devel-request@lists.openwrt.org?subject=unsubscribe>
List-Archive: <http://lists.openwrt.org/pipermail/openwrt-devel/>
List-Post: <mailto:openwrt-devel@lists.openwrt.org>
List-Help: <mailto:openwrt-devel-request@lists.openwrt.org?subject=help>
List-Subscribe: <https://lists.openwrt.org/mailman/listinfo/openwrt-devel>,
 <mailto:openwrt-devel-request@lists.openwrt.org?subject=subscribe>
MIME-Version: 1.0
Sender: "openwrt-devel" <openwrt-devel-bounces@lists.openwrt.org>
Errors-To: 
 openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org

Support (8021q + 8021q + pppoe) encap tuple.
We need encap put to skb Before dev_hard_header().

Signed-off-by: LiXiong Liu <lxliu@ikuai8.com>
---
 ...ilter-flowtable-support-nf_flow_encap_put.patch | 157 +++++++++++++++++++++
 1 file changed, 157 insertions(+)
 create mode 100644 target/linux/generic/pending-5.10/706-03-netfilter-flowtable-support-nf_flow_encap_put.patch

diff --git a/target/linux/generic/pending-5.10/706-03-netfilter-flowtable-support-nf_flow_encap_put.patch b/target/linux/generic/pending-5.10/706-03-netfilter-flowtable-support-nf_flow_encap_put.patch
new file mode 100644
index 0000000..545a956
--- /dev/null
+++ b/target/linux/generic/pending-5.10/706-03-netfilter-flowtable-support-nf_flow_encap_put.patch
@@ -0,0 +1,157 @@
+--- a/net/netfilter/nf_flow_table_ip.c
++++ b/net/netfilter/nf_flow_table_ip.c
+@@ -145,6 +145,7 @@ static void nf_flow_tuple_encap(struct s
+ 	struct vlan_ethhdr *veth;
+ 	struct pppoe_hdr *phdr;
+ 	int i = 0;
++	__be16 *proto_ptr;
+ 
+ 	if (skb_vlan_tag_present(skb)) {
+ 		tuple->encap[i].id = skb_vlan_tag_get(skb);
+@@ -156,6 +157,17 @@ static void nf_flow_tuple_encap(struct s
+ 		veth = (struct vlan_ethhdr *)skb_mac_header(skb);
+ 		tuple->encap[i].id = ntohs(veth->h_vlan_TCI);
+ 		tuple->encap[i].proto = skb->protocol;
++		i++;
++
++		proto_ptr = &veth->h_vlan_encapsulated_proto;
++		if (*proto_ptr == htons(ETH_P_8021Q)) {
++			tuple->encap[i].id = ntohs(*(proto_ptr + 1));
++			tuple->encap[i].proto = htons(ETH_P_8021Q);
++		} else if (*proto_ptr == htons(ETH_P_PPP_SES)) {
++			phdr = (struct pppoe_hdr *)(skb_mac_header(skb) + ETH_HLEN + VLAN_HLEN);
++			tuple->encap[i].id = ntohs(phdr->sid);
++			tuple->encap[i].proto = htons(ETH_P_PPP_SES);
++		}
+ 		break;
+ 	case htons(ETH_P_PPP_SES):
+ 		phdr = (struct pppoe_hdr *)(skb_mac_header(skb) + ETH_HLEN);
+@@ -248,11 +260,11 @@ static unsigned int nf_flow_xmit_xfrm(st
+ 	return NF_STOLEN;
+ }
+ 
+-static inline __be16 nf_flow_pppoe_proto(const struct sk_buff *skb)
++static inline __be16 nf_flow_pppoe_proto(const struct sk_buff *skb, u32 offset)
+ {
+ 	__be16 proto;
+ 
+-	proto = *((__be16 *)(skb_mac_header(skb) + ETH_HLEN +
++	proto = *((__be16 *)(skb_mac_header(skb) + ETH_HLEN + offset +
+ 			     sizeof(struct pppoe_hdr)));
+ 	switch (proto) {
+ 	case htons(PPP_IP):
+@@ -268,17 +280,29 @@ static bool nf_flow_skb_encap_protocol(c
+ 				       u32 *offset)
+ {
+ 	struct vlan_ethhdr *veth;
++	__be16 *proto_ptr;
+ 
+ 	switch (skb->protocol) {
+ 	case htons(ETH_P_8021Q):
+ 		veth = (struct vlan_ethhdr *)skb_mac_header(skb);
+-		if (veth->h_vlan_encapsulated_proto == proto) {
++		proto_ptr = &veth->h_vlan_encapsulated_proto;
++		*offset += VLAN_HLEN;
++
++		if (*proto_ptr == htons(ETH_P_PPP_SES))
++			goto pppoe;
++
++		if (*proto_ptr == htons(ETH_P_8021Q)) {
+ 			*offset += VLAN_HLEN;
+-			return true;
++			proto_ptr += 2;
+ 		}
++
++		if (*proto_ptr == proto)
++			return true;
++
+ 		break;
+ 	case htons(ETH_P_PPP_SES):
+-		if (nf_flow_pppoe_proto(skb) == proto) {
++pppoe:
++		if (nf_flow_pppoe_proto(skb, *offset) == proto) {
+ 			*offset += PPPOE_SES_HLEN;
+ 			return true;
+ 		}
+@@ -307,7 +331,7 @@ static void nf_flow_encap_pop(struct sk_
+ 			skb_reset_network_header(skb);
+ 			break;
+ 		case htons(ETH_P_PPP_SES):
+-			skb->protocol = nf_flow_pppoe_proto(skb);
++			skb->protocol = nf_flow_pppoe_proto(skb, 0);
+ 			skb_pull(skb, PPPOE_SES_HLEN);
+ 			skb_reset_network_header(skb);
+ 			break;
+@@ -315,6 +339,62 @@ static void nf_flow_encap_pop(struct sk_
+ 	}
+ }
+ 
++static int nf_flow_encap_put(struct sk_buff *skb, unsigned short *type,
++			      struct flow_offload_tuple_rhash *tuplehash)
++{
++	struct vlan_hdr *vlan_hdr = NULL;
++	struct pppoe_hdr *ph;
++	struct pppoe_tag *pt;
++	u16 data_len = skb->len;
++	int i;
++
++	if ((skb->data - PPPOE_SES_HLEN - VLAN_HLEN * 2) < skb->head)
++		if (skb_cow_head(skb, LL_RESERVED_SPACE(skb->dev) +
++					PPPOE_SES_HLEN + VLAN_HLEN * 2))
++			return -1;
++
++	/* Offset the pointer in the reverse direction */
++	tuplehash = (tuplehash->tuple.dir) ? (tuplehash - 1) : (tuplehash + 1);
++	for (i = tuplehash->tuple.encap_num - 1; i >= 0; i--) {
++		switch (tuplehash->tuple.encap[i].proto) {
++		case htons(ETH_P_8021Q):
++			vlan_hdr = __skb_push(skb, VLAN_HLEN);
++			vlan_hdr->h_vlan_TCI = htons(tuplehash->tuple.encap[i].id);
++			vlan_hdr->h_vlan_encapsulated_proto = htons(*type);
++
++			skb->protocol = htons(ETH_P_8021Q);
++			*type = ETH_P_8021Q;
++			break;
++		case htons(ETH_P_PPP_SES):
++			__skb_push(skb, PPPOE_SES_HLEN);
++			skb_reset_network_header(skb);
++
++			ph = pppoe_hdr(skb);
++			pt = ph->tag;
++			ph->ver  = 1;
++			ph->type = 1;
++			ph->code = 0;
++			ph->sid = htons(tuplehash->tuple.encap[i].id);
++			ph->length = htons(data_len+2);
++
++			switch (*type) {
++			case ETH_P_IP:
++				pt->tag_type = htons(PPP_IP);
++				break;
++			case ETH_P_IPV6:
++				pt->tag_type = htons(PPP_IPV6);
++				break;
++			}
++
++			skb->protocol = htons(ETH_P_PPP_SES);
++			*type = ETH_P_PPP_SES;
++			break;
++		}
++	}
++
++	return 0;
++}
++
+ static unsigned int nf_flow_queue_xmit(struct net *net, struct sk_buff *skb,
+ 				       const struct flow_offload_tuple_rhash *tuplehash,
+ 				       unsigned short type)
+@@ -326,6 +406,9 @@ static unsigned int nf_flow_queue_xmit(s
+ 		return NF_DROP;
+ 
+ 	skb->dev = outdev;
++	if (nf_flow_encap_put(skb, &type, (void *)tuplehash))
++		return NF_DROP;
++
+ 	dev_hard_header(skb, skb->dev, type, tuplehash->tuple.out.h_dest,
+ 			tuplehash->tuple.out.h_source, skb->len);
+ 	dev_queue_xmit(skb);