[PATCH v4 net-next 03/13] netfilter: nft_chain_filter: Add bridge double vlan and pppoe

public inbox for netdev@vger.kernel.org 
 help / color / mirror / Atom feed

From: Eric Woudstra <ericwouds@gmail•com>
To: "David S. Miller" <davem@davemloft•net>,
	Eric Dumazet <edumazet@google•com>,
	Jakub Kicinski <kuba@kernel•org>, Paolo Abeni <pabeni@redhat•com>,
	Simon Horman <horms@kernel•org>,
	Andrew Lunn <andrew+netdev@lunn•ch>,
	Pablo Neira Ayuso <pablo@netfilter•org>,
	Jozsef Kadlecsik <kadlec@netfilter•org>,
	Jiri Pirko <jiri@resnulli•us>, Ivan Vecera <ivecera@redhat•com>,
	Roopa Prabhu <roopa@nvidia•com>,
	Nikolay Aleksandrov <razor@blackwall•org>,
	Matthias Brugger <matthias.bgg@gmail•com>,
	AngeloGioacchino Del Regno
	<angelogioacchino.delregno@collabora•com>,
	David Ahern <dsahern@kernel•org>,
	Sebastian Andrzej Siewior <bigeasy@linutronix•de>,
	Lorenzo Bianconi <lorenzo@kernel•org>,
	Joe Damato <jdamato@fastly•com>,
	Alexander Lobakin <aleksander.lobakin@intel•com>,
	Vladimir Oltean <olteanv@gmail•com>,
	"Frank Wunderlich" <frank-w@public-files•de>,
	Daniel Golle <daniel@makrotopia•org>
Cc: netdev@vger•kernel.org, linux-kernel@vger•kernel.org,
	netfilter-devel@vger•kernel.org, coreteam@netfilter•org,
	bridge@lists•linux.dev, linux-arm-kernel@lists•infradead.org,
	linux-mediatek@lists•infradead.org,
	Eric Woudstra <ericwouds@gmail•com>
Subject: [PATCH v4 net-next 03/13] netfilter: nft_chain_filter: Add bridge double vlan and pppoe
Date: Tue,  7 Jan 2025 10:05:20 +0100	[thread overview]
Message-ID: <20250107090530.5035-4-ericwouds@gmail.com> (raw)
In-Reply-To: <20250107090530.5035-1-ericwouds@gmail.com>

This adds the capability to evaluate 802.1ad, QinQ, PPPoE and PPPoE-in-Q
packets in the bridge filter chain.

Signed-off-by: Eric Woudstra <ericwouds@gmail•com>
---
 net/netfilter/nft_chain_filter.c | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/net/netfilter/nft_chain_filter.c b/net/netfilter/nft_chain_filter.c
index 7010541fcca6..91aa3fa43d31 100644
--- a/net/netfilter/nft_chain_filter.c
+++ b/net/netfilter/nft_chain_filter.c
@@ -232,11 +232,27 @@ nft_do_chain_bridge(void *priv,
 		    struct sk_buff *skb,
 		    const struct nf_hook_state *state)
 {
+	struct ethhdr *ethh = eth_hdr(skb);
 	struct nft_pktinfo pkt;
+	int thoff;
 
 	nft_set_pktinfo(&pkt, skb, state);
 
-	switch (eth_hdr(skb)->h_proto) {
+	switch (ethh->h_proto) {
+	case htons(ETH_P_PPP_SES):
+		thoff = PPPOE_SES_HLEN;
+		ethh += thoff;
+		break;
+	case htons(ETH_P_8021Q):
+		thoff = VLAN_HLEN;
+		ethh += thoff;
+		break;
+	default:
+		thoff = 0;
+		break;
+	}
+
+	switch (ethh->h_proto) {
 	case htons(ETH_P_IP):
 		nft_set_pktinfo_ipv4_validate(&pkt);
 		break;
@@ -248,6 +264,8 @@ nft_do_chain_bridge(void *priv,
 		break;
 	}
 
+	pkt.thoff += thoff;
+
 	return nft_do_chain(&pkt, priv);
 }
 
-- 
2.47.1

next prev parent reply	other threads:[~2025-01-07  9:06 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-01-07  9:05 [PATCH v4 net-next 00/13] bridge-fastpath and related improvements Eric Woudstra
2025-01-07  9:05 ` [PATCH v4 net-next 01/13] netfilter: nf_flow_table_offload: Add nf_flow_encap_push() for xmit direct Eric Woudstra
2025-01-07  9:05 ` [PATCH v4 net-next 02/13] netfilter: bridge: Add conntrack double vlan and pppoe Eric Woudstra
2025-01-07  9:33   ` Nikolay Aleksandrov
2025-01-07  9:05 ` Eric Woudstra [this message]
2025-01-07  9:05 ` [PATCH v4 net-next 04/13] bridge: Add filling forward path from port to port Eric Woudstra
2025-01-07  9:05 ` [PATCH v4 net-next 05/13] net: core: dev: Add dev_fill_bridge_path() Eric Woudstra
2025-01-07  9:05 ` [PATCH v4 net-next 06/13] netfilter :nf_flow_table_offload: Add nf_flow_rule_bridge() Eric Woudstra
2025-01-07  9:05 ` [PATCH v4 net-next 07/13] netfilter: nf_flow_table_inet: Add nf_flowtable_type flowtable_bridge Eric Woudstra
2025-01-07  9:05 ` [PATCH v4 net-next 08/13] netfilter: nft_flow_offload: Add NFPROTO_BRIDGE to validate Eric Woudstra
2025-01-07  9:05 ` [PATCH v4 net-next 09/13] netfilter: nft_flow_offload: Add DEV_PATH_MTK_WDMA to nft_dev_path_info() Eric Woudstra
2025-01-07  9:05 ` [PATCH v4 net-next 10/13] netfilter: nft_flow_offload: No ingress_vlan forward info for dsa user port Eric Woudstra
2025-01-07  9:05 ` [PATCH v4 net-next 11/13] bridge: No DEV_PATH_BR_VLAN_UNTAG_HW for dsa foreign Eric Woudstra
2025-01-07  9:05 ` [PATCH v4 net-next 12/13] bridge: Introduce DEV_PATH_BR_VLAN_KEEP_HW for bridge-fastpath Eric Woudstra
2025-01-07  9:05 ` [PATCH v4 net-next 13/13] netfilter: nft_flow_offload: Add bridgeflow to nft_flow_offload_eval() Eric Woudstra

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:7010541fcca dfblob:91aa3fa43d3 )
 OR (
bs:"[PATCH v4 net-next 03/13] netfilter: nft_chain_filter: Add bridge double vlan and pppoe" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20250107090530.5035-4-ericwouds@gmail.com \
    --to=ericwouds@gmail$(echo .)com \
    --cc=aleksander.lobakin@intel$(echo .)com \
    --cc=andrew+netdev@lunn$(echo .)ch \
    --cc=angelogioacchino.delregno@collabora$(echo .)com \
    --cc=bigeasy@linutronix$(echo .)de \
    --cc=bridge@lists$(echo .)linux.dev \
    --cc=coreteam@netfilter$(echo .)org \
    --cc=daniel@makrotopia$(echo .)org \
    --cc=davem@davemloft$(echo .)net \
    --cc=dsahern@kernel$(echo .)org \
    --cc=edumazet@google$(echo .)com \
    --cc=frank-w@public-files$(echo .)de \
    --cc=horms@kernel$(echo .)org \
    --cc=ivecera@redhat$(echo .)com \
    --cc=jdamato@fastly$(echo .)com \
    --cc=jiri@resnulli$(echo .)us \
    --cc=kadlec@netfilter$(echo .)org \
    --cc=kuba@kernel$(echo .)org \
    --cc=linux-arm-kernel@lists$(echo .)infradead.org \
    --cc=linux-kernel@vger$(echo .)kernel.org \
    --cc=linux-mediatek@lists$(echo .)infradead.org \
    --cc=lorenzo@kernel$(echo .)org \
    --cc=matthias.bgg@gmail$(echo .)com \
    --cc=netdev@vger$(echo .)kernel.org \
    --cc=netfilter-devel@vger$(echo .)kernel.org \
    --cc=olteanv@gmail$(echo .)com \
    --cc=pabeni@redhat$(echo .)com \
    --cc=pablo@netfilter$(echo .)org \
    --cc=razor@blackwall$(echo .)org \
    --cc=roopa@nvidia$(echo .)com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox