| From 2408cf01c71a95462c6e6fa321cba99c0dd00570 Mon Sep 17 00:00:00 2001 |
| From: Sasha Levin <sashal@kernel.org> |
| Date: Mon, 12 Apr 2021 14:11:39 +0200 |
| Subject: netfilter: nft_payload: fix C-VLAN offload support |
| |
| From: Pablo Neira Ayuso <pablo@netfilter.org> |
| |
| [ Upstream commit 14c20643ef9457679cc6934d77adc24296505214 ] |
| |
| - add another struct flow_dissector_key_vlan for C-VLAN |
| - update layer 3 dependency to allow to match on IPv4/IPv6 |
| |
| Fixes: 89d8fd44abfb ("netfilter: nft_payload: add C-VLAN offload support") |
| Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> |
| Signed-off-by: Sasha Levin <sashal@kernel.org> |
| --- |
| include/net/netfilter/nf_tables_offload.h | 1 + |
| net/netfilter/nft_payload.c | 5 +++-- |
| 2 files changed, 4 insertions(+), 2 deletions(-) |
| |
| diff --git a/include/net/netfilter/nf_tables_offload.h b/include/net/netfilter/nf_tables_offload.h |
| index 1d34fe154fe0..b4d080061399 100644 |
| --- a/include/net/netfilter/nf_tables_offload.h |
| +++ b/include/net/netfilter/nf_tables_offload.h |
| @@ -45,6 +45,7 @@ struct nft_flow_key { |
| struct flow_dissector_key_ports tp; |
| struct flow_dissector_key_ip ip; |
| struct flow_dissector_key_vlan vlan; |
| + struct flow_dissector_key_vlan cvlan; |
| struct flow_dissector_key_eth_addrs eth_addrs; |
| struct flow_dissector_key_meta meta; |
| } __aligned(BITS_PER_LONG / 8); /* Ensure that we can do comparisons as longs. */ |
| diff --git a/net/netfilter/nft_payload.c b/net/netfilter/nft_payload.c |
| index 47d4e0e21651..e43863a1761f 100644 |
| --- a/net/netfilter/nft_payload.c |
| +++ b/net/netfilter/nft_payload.c |
| @@ -241,7 +241,7 @@ static int nft_payload_offload_ll(struct nft_offload_ctx *ctx, |
| if (!nft_payload_offload_mask(reg, priv->len, sizeof(__be16))) |
| return -EOPNOTSUPP; |
| |
| - NFT_OFFLOAD_MATCH(FLOW_DISSECTOR_KEY_CVLAN, vlan, |
| + NFT_OFFLOAD_MATCH(FLOW_DISSECTOR_KEY_CVLAN, cvlan, |
| vlan_tci, sizeof(__be16), reg); |
| break; |
| case offsetof(struct vlan_ethhdr, h_vlan_encapsulated_proto) + |
| @@ -249,8 +249,9 @@ static int nft_payload_offload_ll(struct nft_offload_ctx *ctx, |
| if (!nft_payload_offload_mask(reg, priv->len, sizeof(__be16))) |
| return -EOPNOTSUPP; |
| |
| - NFT_OFFLOAD_MATCH(FLOW_DISSECTOR_KEY_CVLAN, vlan, |
| + NFT_OFFLOAD_MATCH(FLOW_DISSECTOR_KEY_CVLAN, cvlan, |
| vlan_tpid, sizeof(__be16), reg); |
| + nft_offload_set_dependency(ctx, NFT_OFFLOAD_DEP_NETWORK); |
| break; |
| default: |
| return -EOPNOTSUPP; |
| -- |
| 2.30.2 |
| |