Eric Woudstra <[email protected]> wrote: > In nft_do_chain_bridge() pktinfo is only fully populated for plain packets > and packets encapsulated in single 802.1q or 802.1ad. > > When implementing the software bridge-fastpath and testing all possible > encapulations, there can be more encapsulations: > > The packet could (also) be encapsulated in PPPoE, or the packet could be > encapsulated in an inner 802.1q, combined with an outer 802.1ad or 802.1q > encapsulation. > > nft_flow_offload_eval() also examines the L4 header, with the L4 protocol > known from the conntrack-tuplehash. To access the header it uses > nft_thoff(), but for these packets it returns zero. > > Introduce nft_set_bridge_pktinfo() to help populate pktinfo with the > offsets. > Signed-off-by: Eric Woudstra <[email protected]> > --- > net/netfilter/nft_chain_filter.c | 55 +++++++++++++++++++++++++++++--- > 1 file changed, 51 insertions(+), 4 deletions(-) > > diff --git a/net/netfilter/nft_chain_filter.c > b/net/netfilter/nft_chain_filter.c > index d4d5eadaba9c..66ef30c60e56 100644 > --- a/net/netfilter/nft_chain_filter.c > +++ b/net/netfilter/nft_chain_filter.c > @@ -227,21 +227,68 @@ static inline void nft_chain_filter_inet_fini(void) {} > #endif /* CONFIG_NF_TABLES_IPV6 */ > > #if IS_ENABLED(CONFIG_NF_TABLES_BRIDGE) > +static int nft_set_bridge_pktinfo(struct nft_pktinfo *pkt, struct sk_buff > *skb, > + const struct nf_hook_state *state, > + __be16 *proto) > +{ > + nft_set_pktinfo(pkt, skb, state); > + > + switch (*proto) { > + case htons(ETH_P_PPP_SES): { > + struct ppp_hdr { > + struct pppoe_hdr hdr;
Hmm, this seems to trigger warning on NIPAs build_allmodconfig_warn test: ../include/uapi/linux/if_pppox.h:153:29: warning: array of flexible structures Would you mind a new version? Its the last patch, so I leave it up to you if you want to resend the whole series or just 4/4. Sorry, I did not have time to run the entire test pipeline with the pending patches until today.
