netfilter: flowtable: add vlan support

[mirror_ubuntu-jammy-kernel.git] / net / netfilter / nf_flow_table_core.c

diff --git a/net/netfilter/nf_flow_table_core.c b/net/netfilter/nf_flow_table_core.c
index 8ffd3f3c288c6892b92f392278c4d2223b0aa01f..595f4434b84da251c8b78385b94ac1db7e7cd79b 100644 (file)
--- a/net/netfilter/nf_flow_table_core.c
+++ b/net/netfilter/nf_flow_table_core.c
@@ -79,11 +79,8 @@ static int flow_offload_fill_route(struct flow_offload *flow,
                                   enum flow_offload_tuple_dir dir)
 {
        struct flow_offload_tuple *flow_tuple = &flow->tuplehash[dir].tuple;
-       struct dst_entry *other_dst = route->tuple[!dir].dst;
        struct dst_entry *dst = route->tuple[dir].dst;
-
-       if (!dst_hold_safe(route->tuple[dir].dst))
-               return -1;
+       int i, j = 0;
 
        switch (flow_tuple->l3proto) {
        case NFPROTO_IPV4:
@@ -94,12 +91,43 @@ static int flow_offload_fill_route(struct flow_offload *flow,
                break;
        }
 
-       flow_tuple->iifidx = other_dst->dev->ifindex;
-       flow_tuple->dst_cache = dst;
+       flow_tuple->iifidx = route->tuple[dir].in.ifindex;
+       for (i = route->tuple[dir].in.num_encaps - 1; i >= 0; i--) {
+               flow_tuple->encap[j].id = route->tuple[dir].in.encap[i].id;
+               flow_tuple->encap[j].proto = route->tuple[dir].in.encap[i].proto;
+               j++;
+       }
+       flow_tuple->encap_num = route->tuple[dir].in.num_encaps;
+
+       switch (route->tuple[dir].xmit_type) {
+       case FLOW_OFFLOAD_XMIT_DIRECT:
+               memcpy(flow_tuple->out.h_dest, route->tuple[dir].out.h_dest,
+                      ETH_ALEN);
+               memcpy(flow_tuple->out.h_source, route->tuple[dir].out.h_source,
+                      ETH_ALEN);
+               flow_tuple->out.ifidx = route->tuple[dir].out.ifindex;
+               break;
+       case FLOW_OFFLOAD_XMIT_XFRM:
+       case FLOW_OFFLOAD_XMIT_NEIGH:
+               if (!dst_hold_safe(route->tuple[dir].dst))
+                       return -1;
+
+               flow_tuple->dst_cache = dst;
+               break;
+       }
+       flow_tuple->xmit_type = route->tuple[dir].xmit_type;
 
        return 0;
 }
 
+static void nft_flow_dst_release(struct flow_offload *flow,
+                                enum flow_offload_tuple_dir dir)
+{
+       if (flow->tuplehash[dir].tuple.xmit_type == FLOW_OFFLOAD_XMIT_NEIGH ||
+           flow->tuplehash[dir].tuple.xmit_type == FLOW_OFFLOAD_XMIT_XFRM)
+               dst_release(flow->tuplehash[dir].tuple.dst_cache);
+}
+
 int flow_offload_route_init(struct flow_offload *flow,
                            const struct nf_flow_route *route)
 {
@@ -118,7 +146,7 @@ int flow_offload_route_init(struct flow_offload *flow,
        return 0;
 
 err_route_reply:
-       dst_release(route->tuple[FLOW_OFFLOAD_DIR_ORIGINAL].dst);
+       nft_flow_dst_release(flow, FLOW_OFFLOAD_DIR_ORIGINAL);
 
        return err;
 }
@@ -169,8 +197,8 @@ static void flow_offload_fixup_ct(struct nf_conn *ct)
 
 static void flow_offload_route_release(struct flow_offload *flow)
 {
-       dst_release(flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].tuple.dst_cache);
-       dst_release(flow->tuplehash[FLOW_OFFLOAD_DIR_REPLY].tuple.dst_cache);
+       nft_flow_dst_release(flow, FLOW_OFFLOAD_DIR_ORIGINAL);
+       nft_flow_dst_release(flow, FLOW_OFFLOAD_DIR_REPLY);
 }
 
 void flow_offload_free(struct flow_offload *flow)