netfilter: nft_payload: fix C-VLAN offload support

BugLink: https://bugs.launchpad.net/bugs/1929455
[ Upstream commit 14c20643ef9457679cc6934d77adc24296505214 ]

- add another struct flow_dissector_key_vlan for C-VLAN
- update layer 3 dependency to allow to match on IPv4/IPv6

Fixes: 89d8fd44abfb ("netfilter: nft_payload: add C-VLAN offload support")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Signed-off-by: Kelsey Skunberg <kelsey.skunberg@canonical.com>

diff --git a/include/net/netfilter/nf_tables_offload.h b/include/net/netfilter/nf_tables_offload.h
index 1d34fe154fe0bd39898d1b81a571ca8e5490dbd3..b4d08006139999f2d521270605f5d3f7360e4864 100644 (file)
--- a/include/net/netfilter/nf_tables_offload.h
+++ b/include/net/netfilter/nf_tables_offload.h
@@ -45,6 +45,7 @@ struct nft_flow_key {
        struct flow_dissector_key_ports                 tp;
        struct flow_dissector_key_ip                    ip;
        struct flow_dissector_key_vlan                  vlan;
+       struct flow_dissector_key_vlan                  cvlan;
        struct flow_dissector_key_eth_addrs             eth_addrs;
        struct flow_dissector_key_meta                  meta;
 } __aligned(BITS_PER_LONG / 8); /* Ensure that we can do comparisons as longs. */

diff --git a/net/netfilter/nft_payload.c b/net/netfilter/nft_payload.c
index 47d4e0e21651442e5368e84ac156a2e2dd942406..e43863a1761fae5e49b9095e8c80c77e25a7e195 100644 (file)
--- a/net/netfilter/nft_payload.c
+++ b/net/netfilter/nft_payload.c
@@ -241,7 +241,7 @@ static int nft_payload_offload_ll(struct nft_offload_ctx *ctx,
                if (!nft_payload_offload_mask(reg, priv->len, sizeof(__be16)))
                        return -EOPNOTSUPP;
 
-               NFT_OFFLOAD_MATCH(FLOW_DISSECTOR_KEY_CVLAN, vlan,
+               NFT_OFFLOAD_MATCH(FLOW_DISSECTOR_KEY_CVLAN, cvlan,
                                  vlan_tci, sizeof(__be16), reg);
                break;
        case offsetof(struct vlan_ethhdr, h_vlan_encapsulated_proto) +
@@ -249,8 +249,9 @@ static int nft_payload_offload_ll(struct nft_offload_ctx *ctx,
                if (!nft_payload_offload_mask(reg, priv->len, sizeof(__be16)))
                        return -EOPNOTSUPP;
 
-               NFT_OFFLOAD_MATCH(FLOW_DISSECTOR_KEY_CVLAN, vlan,
+               NFT_OFFLOAD_MATCH(FLOW_DISSECTOR_KEY_CVLAN, cvlan,
                                  vlan_tpid, sizeof(__be16), reg);
+               nft_offload_set_dependency(ctx, NFT_OFFLOAD_DEP_NETWORK);
                break;
        default:
                return -EOPNOTSUPP;