From patchwork Thu Nov 24 11:24:08 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: LiXiong Liu X-Patchwork-Id: 1708653 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.openwrt.org (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=WcaXzH2P; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4NHwjd2lfwz23nR for ; Thu, 24 Nov 2022 22:28:37 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:List-Subscribe:List-Help: List-Post:List-Archive:List-Unsubscribe:List-Id:References:In-Reply-To: Message-Id:Date:Subject:To:From:Reply-To:Cc:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=uNdQHmT1MKVXGkM4TX03VLNbMKADrRB8ogYyu0dxESE=; b=WcaXzH2Pgm/H05 9ifevpEoHp9XNg+2Kc4PoEFTS10zHWYaFuAtFFnFwgnBemPjHDYPChK5KVjMVwplfSTZLwHaVMun0 JU/MNtDeg+v6aCbkGc1RioOWslfMmdFBROy5x5a8sqcr9SUt9prAT06JgKNBwCMC4O1XISut3dx5A RxfV5ze7Jv9sV/bSQKELB8iqtCp3o1I7pKkSQYcYW0VhuZQKbg5kHVEoJ3U6GtItbyx50R5sGIFzN en7Jr9JzWsTPkMLWQJxBfQ+28EFYjl+yChjh4Bj/0sY+90U9TAGVwLBnNJZ6Nb8K+MwIy6P2VRJGG 3F2upW2h1nnS332/2SGQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1oyAMU-00834W-Sl; Thu, 24 Nov 2022 11:25:47 +0000 Received: from smtpbguseast2.qq.com ([54.204.34.130]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1oyALX-0082VG-VM for openwrt-devel@lists.openwrt.org; Thu, 24 Nov 2022 11:24:51 +0000 X-QQ-mid: bizesmtp62t1669289065t5a4rpim Received: from ikuai8.com ( [114.241.221.187]) by bizesmtp.qq.com (ESMTP) with SMTP id 0 for ; Thu, 24 Nov 2022 19:24:24 +0800 (CST) X-QQ-SSF: 01400000002000W0Z000B00A0000000 X-QQ-FEAT: l33WW9uhHd3LjnSwPzKuF5+b6A/SPGW000Fn6vPD3Oo92Hl4wT75sTSpW003U 2NyvqJe6AkeRv8Kq8JcfYtpgVtx70rHlE6GBpJt9UdJsGVJg8mKcmpLJNCE6AqPx03kLp42 9FCn0mKh6LUjKhgrepdDxVKY+MXOTuhmfSux7gJ3h8oqIRt3nE8gdM3bD5S9bUMMaVwsMAZ ANgIwjd50vzPjML1qRc/fuGI2fEsXtZGIc02q+2zNFjdEF/J58kJzFo+LF4FvSnjxmvM8s3 3jCTVZemlpH1FtNFRQrxJw7JW/bwsa4JQtHtoss57nAvBJ9qnUQwny4gtFt/+2blvHOW1Ki I+d7D7c+Z2AcXSt2UUhokEKwGeP2hcS946lqdaGEANRVBVbEDxfp8cnxsgClVdefJ+TocV+ JBHlNIBEIr6EssugwSNU9A== X-QQ-GoodBg: 2 From: LiXiong Liu To: openwrt-devel@lists.openwrt.org Subject: [PATCH-22.03 4/4] kernel: xt_FLOWOFFLOAD: support more complete flowtable Date: Thu, 24 Nov 2022 19:24:08 +0800 Message-Id: <1669289048-51420-4-git-send-email-lxliu@ikuai8.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1669289048-51420-1-git-send-email-lxliu@ikuai8.com> References: <1669289048-51420-1-git-send-email-lxliu@ikuai8.com> X-QQ-SENDSIZE: 520 Feedback-ID: bizesmtp:ikuai8.com:qybglogicsvr:qybglogicsvr7 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20221124_032448_546287_54E2BC0D X-CRM114-Status: GOOD ( 14.68 ) X-Spam-Score: -0.0 (/) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: 1. fix an crash bug at 'devs[dir] = xt_out(par)'. dir = CTINFO2DIR(ctinfo), it must before 'devs[dir] = xt_out(par)'. 2. not recommended use hardware offload if encaps >= 2 hardware cannot dispose (80 [...] Content analysis details: (-0.0 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [54.204.34.130 listed in list.dnswl.org] 0.0 SPF_NONE SPF: sender does not publish an SPF Record -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [54.204.34.130 listed in wl.mailspike.net] X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: OpenWrt Development List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org 1. fix an crash bug at 'devs[dir] = xt_out(par)'. dir = CTINFO2DIR(ctinfo), it must before 'devs[dir] = xt_out(par)'. 2. not recommended use hardware offload if encaps >= 2 hardware cannot dispose (8021q+8021q+pppoe) L2 head. 3. already solved PPPoE header offset issue, so need remove 704-03-netfilter-nft_flow_offload-fix-offload-with-pppoe-vl.patch Signed-off-by: LiXiong Liu --- ...ft_flow_offload-fix-offload-with-pppoe-vl.patch | 24 ----- ...tfilter-xt_FLOWOFFLOAD-support-qinq-pppoe.patch | 107 +++++++++++++++++++++ 2 files changed, 107 insertions(+), 24 deletions(-) delete mode 100644 target/linux/generic/pending-5.10/704-03-netfilter-nft_flow_offload-fix-offload-with-pppoe-vl.patch create mode 100644 target/linux/generic/pending-5.10/706-04-netfilter-xt_FLOWOFFLOAD-support-qinq-pppoe.patch diff --git a/target/linux/generic/pending-5.10/704-03-netfilter-nft_flow_offload-fix-offload-with-pppoe-vl.patch b/target/linux/generic/pending-5.10/704-03-netfilter-nft_flow_offload-fix-offload-with-pppoe-vl.patch deleted file mode 100644 index 1e0dc99..0000000 --- a/target/linux/generic/pending-5.10/704-03-netfilter-nft_flow_offload-fix-offload-with-pppoe-vl.patch +++ /dev/null @@ -1,24 +0,0 @@ -From: Felix Fietkau -Date: Fri, 6 May 2022 15:15:06 +0200 -Subject: [PATCH] netfilter: nft_flow_offload: fix offload with pppoe + - vlan - -When running a combination of PPPoE on top of a VLAN, we need to set -info->outdev to the PPPoE device, otherwise PPPoE encap is skipped -during software offload. - -Signed-off-by: Felix Fietkau ---- - ---- a/net/netfilter/nft_flow_offload.c -+++ b/net/netfilter/nft_flow_offload.c -@@ -123,7 +123,8 @@ static void nft_dev_path_info(const stru - info->indev = NULL; - break; - } -- info->outdev = path->dev; -+ if (!info->outdev) -+ info->outdev = path->dev; - info->encap[info->num_encaps].id = path->encap.id; - info->encap[info->num_encaps].proto = path->encap.proto; - info->num_encaps++; diff --git a/target/linux/generic/pending-5.10/706-04-netfilter-xt_FLOWOFFLOAD-support-qinq-pppoe.patch b/target/linux/generic/pending-5.10/706-04-netfilter-xt_FLOWOFFLOAD-support-qinq-pppoe.patch new file mode 100644 index 0000000..e9289b5 --- /dev/null +++ b/target/linux/generic/pending-5.10/706-04-netfilter-xt_FLOWOFFLOAD-support-qinq-pppoe.patch @@ -0,0 +1,107 @@ +--- a/net/netfilter/xt_FLOWOFFLOAD.c ++++ b/net/netfilter/xt_FLOWOFFLOAD.c +@@ -51,11 +51,11 @@ static DEFINE_SPINLOCK(hooks_lock); + + struct xt_flowoffload_table flowtable[2]; + +-static inline __be16 nf_flow_pppoe_proto(const struct sk_buff *skb) ++static inline __be16 nf_flow_pppoe_proto(const struct sk_buff *skb, u16 offset) + { + __be16 proto; + +- proto = *((__be16 *)(skb_mac_header(skb) + ETH_HLEN + ++ proto = *((__be16 *)(skb_mac_header(skb) + ETH_HLEN + offset + + sizeof(struct pppoe_hdr))); + switch (proto) { + case htons(PPP_IP): +@@ -72,26 +72,33 @@ xt_flowoffload_net_hook(void *priv, stru + const struct nf_hook_state *state) + { + struct vlan_ethhdr *veth; +- __be16 proto; ++ __be16 proto, offset = 0; + + switch (skb->protocol) { + case htons(ETH_P_8021Q): + veth = (struct vlan_ethhdr *)skb_mac_header(skb); + proto = veth->h_vlan_encapsulated_proto; ++ offset += VLAN_HLEN; + break; + case htons(ETH_P_PPP_SES): +- proto = nf_flow_pppoe_proto(skb); ++ proto = nf_flow_pppoe_proto(skb, offset); + break; + default: + proto = skb->protocol; + break; + } + ++check_ip: + switch (proto) { + case htons(ETH_P_IP): + return nf_flow_offload_ip_hook(priv, skb, state); + case htons(ETH_P_IPV6): + return nf_flow_offload_ipv6_hook(priv, skb, state); ++ case htons(ETH_P_PPP_SES): ++ proto = nf_flow_pppoe_proto(skb, offset); ++ offset += PPPOE_SES_HLEN; ++ goto check_ip; ++ break; + } + + return NF_ACCEPT; +@@ -311,7 +318,8 @@ static void nf_dev_path_info(const struc + case DEV_PATH_DSA: + case DEV_PATH_VLAN: + case DEV_PATH_PPPOE: +- info->indev = path->dev; ++ info->indev = path->dev; ++ info->outdev = path->dev; + if (is_zero_ether_addr(info->h_source)) + memcpy(info->h_source, path->dev->dev_addr, ETH_ALEN); + +@@ -324,11 +332,11 @@ static void nf_dev_path_info(const struc + + /* DEV_PATH_VLAN and DEV_PATH_PPPOE */ + if (info->num_encaps >= NF_FLOW_TABLE_ENCAP_MAX) { +- info->indev = NULL; ++ info->indev = NULL; ++ info->outdev = NULL; + break; + } +- if (!info->outdev) +- info->outdev = path->dev; ++ + info->encap[info->num_encaps].id = path->encap.id; + info->encap[info->num_encaps].proto = path->encap.proto; + info->num_encaps++; +@@ -518,6 +526,7 @@ flowoffload_tg(struct sk_buff *skb, cons + if (!nf_ct_is_confirmed(ct)) + return XT_CONTINUE; + ++ dir = CTINFO2DIR(ctinfo); + devs[dir] = xt_out(par); + devs[!dir] = xt_in(par); + +@@ -527,8 +536,6 @@ flowoffload_tg(struct sk_buff *skb, cons + if (test_and_set_bit(IPS_OFFLOAD_BIT, &ct->status)) + return XT_CONTINUE; + +- dir = CTINFO2DIR(ctinfo); +- + if (xt_flowoffload_route(skb, ct, par, &route, dir, devs) < 0) + goto err_flow_route; + +@@ -544,7 +551,11 @@ flowoffload_tg(struct sk_buff *skb, cons + ct->proto.tcp.seen[1].flags |= IP_CT_TCP_FLAG_BE_LIBERAL; + } + +- table = &flowtable[!!(info->flags & XT_FLOWOFFLOAD_HW)]; ++ /* not recommended use hardware offload if encaps >= 2 */ ++ if(route.tuple[0].in.num_encaps >= 2 || route.tuple[1].in.num_encaps >= 2) ++ table = &flowtable[0]; ++ else ++ table = &flowtable[!!(info->flags & XT_FLOWOFFLOAD_HW)]; + + net = read_pnet(&table->ft.net); + if (!net)