tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

netfilter: flowtable: inline vlan encapsulation in xmit path

Push the vlan header from the flowtable xmit path, instead of passing
the packet to the vlan device.

This is based on a patch originally written by wenxu.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

Pablo Neira Ayuso c653d5a7 b5964aac

+29 -3
+25
net/netfilter/nf_flow_table_ip.c
··· 413 413 return 1; 414 414 } 415 415 416 + static int nf_flow_encap_push(struct sk_buff *skb, 417 + struct flow_offload_tuple *tuple) 418 + { 419 + int i; 420 + 421 + for (i = 0; i < tuple->encap_num; i++) { 422 + switch (tuple->encap[i].proto) { 423 + case htons(ETH_P_8021Q): 424 + case htons(ETH_P_8021AD): 425 + if (skb_vlan_push(skb, tuple->encap[i].proto, 426 + tuple->encap[i].id) < 0) 427 + return -1; 428 + break; 429 + } 430 + } 431 + 432 + return 0; 433 + } 434 + 416 435 unsigned int 417 436 nf_flow_offload_ip_hook(void *priv, struct sk_buff *skb, 418 437 const struct nf_hook_state *state) ··· 468 449 469 450 dir = tuplehash->tuple.dir; 470 451 flow = container_of(tuplehash, struct flow_offload, tuplehash[dir]); 452 + 453 + if (nf_flow_encap_push(skb, &flow->tuplehash[!dir].tuple) < 0) 454 + return NF_DROP; 471 455 472 456 switch (tuplehash->tuple.xmit_type) { 473 457 case FLOW_OFFLOAD_XMIT_NEIGH: ··· 775 753 776 754 dir = tuplehash->tuple.dir; 777 755 flow = container_of(tuplehash, struct flow_offload, tuplehash[dir]); 756 + 757 + if (nf_flow_encap_push(skb, &flow->tuplehash[!dir].tuple) < 0) 758 + return NF_DROP; 778 759 779 760 switch (tuplehash->tuple.xmit_type) { 780 761 case FLOW_OFFLOAD_XMIT_NEIGH:
+4 -3
net/netfilter/nf_flow_table_path.c
··· 119 119 info->indev = NULL; 120 120 break; 121 121 } 122 - if (!info->outdev) 123 - info->outdev = path->dev; 124 122 info->encap[info->num_encaps].id = path->encap.id; 125 123 info->encap[info->num_encaps].proto = path->encap.proto; 126 124 info->num_encaps++; 127 - if (path->type == DEV_PATH_PPPOE) 125 + if (path->type == DEV_PATH_PPPOE) { 126 + if (!info->outdev) 127 + info->outdev = path->dev; 128 128 memcpy(info->h_dest, path->encap.h_dest, ETH_ALEN); 129 + } 129 130 break; 130 131 case DEV_PATH_BRIDGE: 131 132 if (is_zero_ether_addr(info->h_source))