From: Florian Westphal <fw@strlen.de>
To: <netdev@vger.kernel.org>
Cc: <netfilter-devel@vger.kernel.org>, Florian Westphal <fw@strlen.de>
Subject: [PATCH net-next] net: dummy: add phony ndo_setup_tc stub
Date: Tue, 9 Jun 2026 16:28:09 +0200 [thread overview]
Message-ID: <20260609142813.9197-1-fw@strlen.de> (raw)
Allow to use dummy driver to test offload control plane code.
Unlike netdevsim, dummy is a data sink so no capabilities (e.g.
u32-style matcher, vport device redirects, PPPoE header push/pop etc).
have to be implemented.
Tag the offload callback to permit error injection to test rollback/abort
code in nf_tables.
At this time, nf_tables has an upfront check for offload capabilities to
avoid exposure of offload code paths on machines that lack capable
hardware. With this patch, dummy can always "offload" which exposes this
functionality. Given real hardware will normally live in the initial
namespace, restrict the offload to initial user ns instead.
Signed-off-by: Florian Westphal <fw@strlen.de>
---
drivers/net/dummy.c | 10 ++++++++++
net/netfilter/nf_tables_offload.c | 3 +++
2 files changed, 13 insertions(+)
diff --git a/drivers/net/dummy.c b/drivers/net/dummy.c
index f6732eab5923..b31ad10eb958 100644
--- a/drivers/net/dummy.c
+++ b/drivers/net/dummy.c
@@ -85,6 +85,15 @@ static int dummy_change_carrier(struct net_device *dev, bool new_carrier)
return 0;
}
+static int dummy_setup_tc(struct net_device *dev, enum tc_setup_type type, void *type_data)
+{
+ if (dev_net(dev)->user_ns != &init_user_ns)
+ return -EOPNOTSUPP;
+
+ return 0;
+}
+ALLOW_ERROR_INJECTION(dummy_setup_tc, ERRNO);
+
static const struct net_device_ops dummy_netdev_ops = {
.ndo_init = dummy_dev_init,
.ndo_start_xmit = dummy_xmit,
@@ -93,6 +102,7 @@ static const struct net_device_ops dummy_netdev_ops = {
.ndo_set_mac_address = eth_mac_addr,
.ndo_get_stats64 = dummy_get_stats64,
.ndo_change_carrier = dummy_change_carrier,
+ .ndo_setup_tc = dummy_setup_tc,
};
static const struct ethtool_ops dummy_ethtool_ops = {
diff --git a/net/netfilter/nf_tables_offload.c b/net/netfilter/nf_tables_offload.c
index 9101b1703b52..26e7ed5a8575 100644
--- a/net/netfilter/nf_tables_offload.c
+++ b/net/netfilter/nf_tables_offload.c
@@ -234,6 +234,9 @@ bool nft_chain_offload_support(const struct nft_base_chain *basechain)
return false;
dev = ops->dev;
+ if (dev_net(dev)->user_ns != &init_user_ns)
+ return false;
+
if (!dev->netdev_ops->ndo_setup_tc &&
!flow_indr_dev_exists())
return false;
--
2.53.0
reply other threads:[~2026-06-09 14:28 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260609142813.9197-1-fw@strlen.de \
--to=fw@strlen.de \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox