git.proxmox.com Git - mirror_ubuntu-hirsute-kernel.git/commit

author	Pablo Neira Ayuso <pablo@netfilter.org>
	Mon, 12 Apr 2021 12:20:55 +0000 (14:20 +0200)
committer	Kelsey Skunberg <kelsey.skunberg@canonical.com>
	Mon, 24 May 2021 23:46:40 +0000 (17:46 -0600)
commit	9a18c3fd492105c0f8ed98117dad82512220ca72
tree	f54979a20bccd7b9aeeb89525cbf1be91b11a3c1	tree
parent	b1ee62ccbb894827364b390618c3e6445cca3dc6	commit \| diff

netfilter: nftables_offload: special ethertype handling for VLAN

BugLink: https://bugs.launchpad.net/bugs/1929455
[ Upstream commit 783003f3bb8a565326e89d18bbd948ad8ffc816a ]

The nftables offload parser sets FLOW_DISSECTOR_KEY_BASIC .n_proto to the
ethertype field in the ethertype frame. However:

- FLOW_DISSECTOR_KEY_BASIC .n_proto field always stores either IPv4 or IPv6
  ethertypes.
- FLOW_DISSECTOR_KEY_VLAN .vlan_tpid stores either the 802.1q and 802.1ad
  ethertypes. Same as for FLOW_DISSECTOR_KEY_CVLAN.

This function adjusts the flow dissector to handle two scenarios:

1) FLOW_DISSECTOR_KEY_VLAN .vlan_tpid is set to 802.1q or 802.1ad.
   Then, transfer:
   - the .n_proto field to FLOW_DISSECTOR_KEY_VLAN .tpid.
   - the original FLOW_DISSECTOR_KEY_VLAN .tpid to the
     FLOW_DISSECTOR_KEY_CVLAN .tpid
   - the original FLOW_DISSECTOR_KEY_CVLAN .tpid to the .n_proto field.

2) .n_proto is set to 802.1q or 802.1ad. Then, transfer:
   - the .n_proto field to FLOW_DISSECTOR_KEY_VLAN .tpid.
   - the original FLOW_DISSECTOR_KEY_VLAN .tpid to the .n_proto field.

Fixes: a82055af5959 ("netfilter: nft_payload: add VLAN offload support")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Signed-off-by: Kelsey Skunberg <kelsey.skunberg@canonical.com>