projects / openwrt / staging / rmilecki.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
kernel: update 5.10 flow offload patches
[openwrt/staging/rmilecki.git] / target / linux / generic / pending-5.10 / 640-17-netfilter-nft_flow_offload-use-direct-xmit-if-hardwa.patch
1 From: Pablo Neira Ayuso <pablo@netfilter.org>
2 Date: Thu, 4 Mar 2021 19:24:11 +0100
3 Subject: [PATCH] netfilter: nft_flow_offload: use direct xmit if
4 hardware offload is enabled
5
6 If there is a forward path to reach an ethernet device and hardware
7 offload is enabled, then use the direct xmit path.
8 ---
9
10 --- a/include/net/netfilter/nf_flow_table.h
11 +++ b/include/net/netfilter/nf_flow_table.h
12 @@ -131,6 +131,7 @@ struct flow_offload_tuple {
13 struct dst_entry *dst_cache;
14 struct {
15 u32 ifidx;
16 + u32 hw_ifidx;
17 u8 h_source[ETH_ALEN];
18 u8 h_dest[ETH_ALEN];
19 } out;
20 @@ -188,6 +189,7 @@ struct nf_flow_route {
21 } in;
22 struct {
23 u32 ifindex;
24 + u32 hw_ifindex;
25 u8 h_source[ETH_ALEN];
26 u8 h_dest[ETH_ALEN];
27 } out;
28 --- a/net/netfilter/nf_flow_table_core.c
29 +++ b/net/netfilter/nf_flow_table_core.c
30 @@ -106,6 +106,7 @@ static int flow_offload_fill_route(struc
31 memcpy(flow_tuple->out.h_source, route->tuple[dir].out.h_source,
32 ETH_ALEN);
33 flow_tuple->out.ifidx = route->tuple[dir].out.ifindex;
34 + flow_tuple->out.hw_ifidx = route->tuple[dir].out.hw_ifindex;
35 break;
36 case FLOW_OFFLOAD_XMIT_XFRM:
37 case FLOW_OFFLOAD_XMIT_NEIGH:
38 --- a/net/netfilter/nf_flow_table_offload.c
39 +++ b/net/netfilter/nf_flow_table_offload.c
40 @@ -506,7 +506,7 @@ static void flow_offload_redirect(struct
41 switch (this_tuple->xmit_type) {
42 case FLOW_OFFLOAD_XMIT_DIRECT:
43 this_tuple = &flow->tuplehash[dir].tuple;
44 - ifindex = this_tuple->out.ifidx;
45 + ifindex = this_tuple->out.hw_ifidx;
46 break;
47 case FLOW_OFFLOAD_XMIT_NEIGH:
48 other_tuple = &flow->tuplehash[!dir].tuple;
49 --- a/net/netfilter/nft_flow_offload.c
50 +++ b/net/netfilter/nft_flow_offload.c
51 @@ -66,6 +66,7 @@ static int nft_dev_fill_forward_path(con
52 struct nft_forward_info {
53 const struct net_device *indev;
54 const struct net_device *outdev;
55 + const struct net_device *hw_outdev;
56 struct id {
57 __u16 id;
58 __be16 proto;
59 @@ -76,9 +77,18 @@ struct nft_forward_info {
60 enum flow_offload_xmit_type xmit_type;
61 };
62
63 +static bool nft_is_valid_ether_device(const struct net_device *dev)
64 +{
65 + if (!dev || (dev->flags & IFF_LOOPBACK) || dev->type != ARPHRD_ETHER ||
66 + dev->addr_len != ETH_ALEN || !is_valid_ether_addr(dev->dev_addr))
67 + return false;
68 +
69 + return true;
70 +}
71 +
72 static void nft_dev_path_info(const struct net_device_path_stack *stack,
73 struct nft_forward_info *info,
74 - unsigned char *ha)
75 + unsigned char *ha, struct nf_flowtable *flowtable)
76 {
77 const struct net_device_path *path;
78 int i;
79 @@ -140,6 +150,12 @@ static void nft_dev_path_info(const stru
80 }
81 if (!info->outdev)
82 info->outdev = info->indev;
83 +
84 + info->hw_outdev = info->indev;
85 +
86 + if (nf_flowtable_hw_offload(flowtable) &&
87 + nft_is_valid_ether_device(info->indev))
88 + info->xmit_type = FLOW_OFFLOAD_XMIT_DIRECT;
89 }
90
91 static bool nft_flowtable_find_dev(const struct net_device *dev,
92 @@ -171,7 +187,7 @@ static void nft_dev_forward_path(struct
93 int i;
94
95 if (nft_dev_fill_forward_path(route, dst, ct, dir, ha, &stack) >= 0)
96 - nft_dev_path_info(&stack, &info, ha);
97 + nft_dev_path_info(&stack, &info, ha, &ft->data);
98
99 if (!info.indev || !nft_flowtable_find_dev(info.indev, ft))
100 return;
101 @@ -187,6 +203,7 @@ static void nft_dev_forward_path(struct
102 memcpy(route->tuple[dir].out.h_source, info.h_source, ETH_ALEN);
103 memcpy(route->tuple[dir].out.h_dest, info.h_dest, ETH_ALEN);
104 route->tuple[dir].out.ifindex = info.outdev->ifindex;
105 + route->tuple[dir].out.hw_ifindex = info.hw_outdev->ifindex;
106 route->tuple[dir].xmit_type = info.xmit_type;
107 }
108 }
Rafal Mileckis staging tree