[PATCH net-next] net: dummy: add phony ndo_setup

Netdev List
 help / color / mirror / Atom feed

* [PATCH net-next] net: dummy: add phony ndo_setup_tc stub
@ 2026-06-09 14:28 Florian Westphal
  0 siblings, 0 replies; only message in thread
From: Florian Westphal @ 2026-06-09 14:28 UTC (permalink / raw)
  To: netdev; +Cc: netfilter-devel, Florian Westphal

Allow to use dummy driver to test offload control plane code.

Unlike netdevsim, dummy is a data sink so no capabilities (e.g.
u32-style matcher, vport device redirects, PPPoE header push/pop etc).
have to be implemented.

Tag the offload callback to permit error injection to test rollback/abort
code in nf_tables.

At this time, nf_tables has an upfront check for offload capabilities to
avoid exposure of offload code paths on machines that lack capable
hardware.  With this patch, dummy can always "offload" which exposes this
functionality.  Given real hardware will normally live in the initial
namespace, restrict the offload to initial user ns instead.

Signed-off-by: Florian Westphal <fw@strlen.de>
---
 drivers/net/dummy.c               | 10 ++++++++++
 net/netfilter/nf_tables_offload.c |  3 +++
 2 files changed, 13 insertions(+)

diff --git a/drivers/net/dummy.c b/drivers/net/dummy.c
index f6732eab5923..b31ad10eb958 100644
--- a/drivers/net/dummy.c
+++ b/drivers/net/dummy.c
@@ -85,6 +85,15 @@ static int dummy_change_carrier(struct net_device *dev, bool new_carrier)
 	return 0;
 }
 
+static int dummy_setup_tc(struct net_device *dev, enum tc_setup_type type, void *type_data)
+{
+	if (dev_net(dev)->user_ns != &init_user_ns)
+		return -EOPNOTSUPP;
+
+	return 0;
+}
+ALLOW_ERROR_INJECTION(dummy_setup_tc, ERRNO);
+
 static const struct net_device_ops dummy_netdev_ops = {
 	.ndo_init		= dummy_dev_init,
 	.ndo_start_xmit		= dummy_xmit,
@@ -93,6 +102,7 @@ static const struct net_device_ops dummy_netdev_ops = {
 	.ndo_set_mac_address	= eth_mac_addr,
 	.ndo_get_stats64	= dummy_get_stats64,
 	.ndo_change_carrier	= dummy_change_carrier,
+	.ndo_setup_tc		= dummy_setup_tc,
 };
 
 static const struct ethtool_ops dummy_ethtool_ops = {
diff --git a/net/netfilter/nf_tables_offload.c b/net/netfilter/nf_tables_offload.c
index 9101b1703b52..26e7ed5a8575 100644
--- a/net/netfilter/nf_tables_offload.c
+++ b/net/netfilter/nf_tables_offload.c
@@ -234,6 +234,9 @@ bool nft_chain_offload_support(const struct nft_base_chain *basechain)
 				return false;
 
 			dev = ops->dev;
+			if (dev_net(dev)->user_ns != &init_user_ns)
+				return false;
+
 			if (!dev->netdev_ops->ndo_setup_tc &&
 			    !flow_indr_dev_exists())
 				return false;
-- 
2.53.0


^ permalink raw reply related	[flat|nested] only message in thread

only message in thread, other threads:[~2026-06-09 14:28 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-06-09 14:28 [PATCH net-next] net: dummy: add phony ndo_setup_tc stub Florian Westphal

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox