From: "wenxu@chinatelecom.cn" <wenxu@chinatelecom.cn>
To: "Pablo Neira Ayuso" <pablo@netfilter.org>
Cc: netfilter-devel <netfilter-devel@vger.kernel.org>
Subject: Re: Re: [PATCH nf-next v2 1/3] nf_flow_table_offload: offload the vlan encap in the flowtable
Date: Tue, 2 Aug 2022 11:41:42 +0800 [thread overview]
Message-ID: <2022080211414160970821@chinatelecom.cn> (raw)
In-Reply-To: Yuerh8IrTVa35dIs@salvia
>On Thu, May 26, 2022 at 02:57:30AM -0400, wenxu@chinatelecom.cn wrote:
>[...]
>> diff --git a/net/netfilter/nf_flow_table_ip.c b/net/netfilter/nf_flow_table_ip.c
>> index b350fe9..5da651d 100644
>> --- a/net/netfilter/nf_flow_table_ip.c
>> +++ b/net/netfilter/nf_flow_table_ip.c
>> @@ -291,6 +291,23 @@ static bool nf_flow_skb_encap_protocol(const struct sk_buff *skb, __be16 proto,
>> return false;
>> }
>>
>> +static void nf_flow_encap_push(struct sk_buff *skb,
>> + struct flow_offload_tuple_rhash *tuplehash)
>> +{
>> + int i;
>> +
>> + for (i = 0; i < tuplehash->tuple.encap_num; i++) {
>> + switch (tuplehash->tuple.encap[i].proto) {
>> + case htons(ETH_P_8021Q):
>> + case htons(ETH_P_8021AD):
>> + skb_vlan_push(skb,
>
>Nit: skb_vlan_push() might fail.
>
>> + tuplehash->tuple.encap[i].proto,
>> + tuplehash->tuple.encap[i].id);
>> + break;
>> + }
>> + }
>> +}
>
>If I understand correctly, the goal of this patchset is to move the
>existing vlan and ppp support to use the XMIT_DIRECT path?
>
>So this already works but you would prefer to not use XMIT_NEIGH?
>
>The scenarios you describe already work fine with the existing
>codebase? I am assuming 'eth' provides Internet access? You refer to
>this in the patch description:
The eth is the lower device of the bridge.
router
|------------|
eth0-->br0 eth-internet
Without this patch the packet come from eth-internet will
always send through the router interface br0 with XMIT_NEIGH.
With this patch the packet come from eth-internet will send through
eth0 directly with XMIT_DIRECT(with vlan tag if need).
So it can totally bypass the bridge process for ingress packet.
>
> br0.100-->br0(vlan filter enable)-->eth
> br0(vlan filter enable)-->eth
> br0(vlan filter disable)-->eth.100-->eth
>
next prev parent reply other threads:[~2022-08-02 3:41 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-05-26 6:57 [PATCH nf-next v2 1/3] nf_flow_table_offload: offload the vlan encap in the flowtable wenxu
2022-05-26 6:57 ` [PATCH nf-next v2 2/3] nf_flow_table_offload: offload the PPPoE " wenxu
2022-08-01 10:37 ` Pablo Neira Ayuso
2022-08-02 4:43 ` wenxu
2022-05-26 6:57 ` [PATCH nf-next v2 3/3] selftests: netfilter: flowtable vlan filtering bridge support wenxu
2022-08-01 10:31 ` [PATCH nf-next v2 1/3] nf_flow_table_offload: offload the vlan encap in the flowtable Pablo Neira Ayuso
2022-08-02 3:41 ` wenxu [this message]
2022-08-02 4:40 ` wenxu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2022080211414160970821@chinatelecom.cn \
--to=wenxu@chinatelecom.cn \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.