uboot-envtools: oxnas: drop redundant space after case keywords

[openwrt/staging/wigyori.git] / target / linux / generic / pending-5.10 / 640-18-netfilter-nf_flow_table-fix-untagging-with-hardware-.patch

From: Felix Fietkau <nbd@nbd.name>
Date: Mon, 8 Mar 2021 12:06:44 +0100
Subject: [PATCH] netfilter: nf_flow_table: fix untagging with
 hardware-offloaded bridge vlan_filtering

When switchdev offloading is enabled, treat an untagged VLAN as tagged for
ingress only

Signed-off-by: Felix Fietkau <nbd@nbd.name>
---

--- a/include/linux/netdevice.h
+++ b/include/linux/netdevice.h
@@ -849,6 +849,7 @@ struct net_device_path {
                                DEV_PATH_BR_VLAN_KEEP,
                                DEV_PATH_BR_VLAN_TAG,
                                DEV_PATH_BR_VLAN_UNTAG,
+                               DEV_PATH_BR_VLAN_UNTAG_HW,
                        }               vlan_mode;
                        u16             vlan_id;
                        __be16          vlan_proto;
--- a/include/net/netfilter/nf_flow_table.h
+++ b/include/net/netfilter/nf_flow_table.h
@@ -123,9 +123,10 @@ struct flow_offload_tuple {
        /* All members above are keys for lookups, see flow_offload_hash(). */
        struct { }                      __hash;
 
-       u8                              dir:4,
+       u8                              dir:2,
                                        xmit_type:2,
-                                       encap_num:2;
+                                       encap_num:2,
+                                       in_vlan_ingress:2;
        u16                             mtu;
        union {
                struct dst_entry        *dst_cache;
@@ -185,7 +186,8 @@ struct nf_flow_route {
                                u16             id;
                                __be16          proto;
                        } encap[NF_FLOW_TABLE_ENCAP_MAX];
-                       u8                      num_encaps;
+                       u8                      num_encaps:2,
+                                               ingress_vlans:2;
                } in;
                struct {
                        u32                     ifindex;
--- a/net/bridge/br_device.c
+++ b/net/bridge/br_device.c
@@ -435,6 +435,7 @@ static int br_fill_forward_path(struct n
                ctx->vlan[ctx->num_vlans].proto = path->bridge.vlan_proto;
                ctx->num_vlans++;
                break;
+       case DEV_PATH_BR_VLAN_UNTAG_HW:
        case DEV_PATH_BR_VLAN_UNTAG:
                ctx->num_vlans--;
                break;
--- a/net/bridge/br_vlan.c
+++ b/net/bridge/br_vlan.c
@@ -1374,6 +1374,8 @@ int br_vlan_fill_forward_path_mode(struc
 
        if (path->bridge.vlan_mode == DEV_PATH_BR_VLAN_TAG)
                path->bridge.vlan_mode = DEV_PATH_BR_VLAN_KEEP;
+       else if (v->priv_flags & BR_VLFLAG_ADDED_BY_SWITCHDEV)
+               path->bridge.vlan_mode = DEV_PATH_BR_VLAN_UNTAG_HW;
        else
                path->bridge.vlan_mode = DEV_PATH_BR_VLAN_UNTAG;
 
--- a/net/netfilter/nf_flow_table_core.c
+++ b/net/netfilter/nf_flow_table_core.c
@@ -95,6 +95,8 @@ static int flow_offload_fill_route(struc
        for (i = route->tuple[dir].in.num_encaps - 1; i >= 0; i--) {
                flow_tuple->encap[j].id = route->tuple[dir].in.encap[i].id;
                flow_tuple->encap[j].proto = route->tuple[dir].in.encap[i].proto;
+               if (route->tuple[dir].in.ingress_vlans & BIT(i))
+                       flow_tuple->in_vlan_ingress |= BIT(j);
                j++;
        }
        flow_tuple->encap_num = route->tuple[dir].in.num_encaps;
--- a/net/netfilter/nf_flow_table_offload.c
+++ b/net/netfilter/nf_flow_table_offload.c
@@ -592,8 +592,12 @@ nf_flow_rule_route_common(struct net *ne
        other_tuple = &flow->tuplehash[!dir].tuple;
 
        for (i = 0; i < other_tuple->encap_num; i++) {
-               struct flow_action_entry *entry = flow_action_entry_next(flow_rule);
+               struct flow_action_entry *entry;
 
+               if (other_tuple->in_vlan_ingress & BIT(i))
+                       continue;
+
+               entry = flow_action_entry_next(flow_rule);
                entry->id = FLOW_ACTION_VLAN_PUSH;
                entry->vlan.vid = other_tuple->encap[i].id;
                entry->vlan.proto = other_tuple->encap[i].proto;
--- a/net/netfilter/nft_flow_offload.c
+++ b/net/netfilter/nft_flow_offload.c
@@ -72,6 +72,7 @@ struct nft_forward_info {
                __be16  proto;
        } encap[NF_FLOW_TABLE_ENCAP_MAX];
        u8 num_encaps;
+       u8 ingress_vlans;
        u8 h_source[ETH_ALEN];
        u8 h_dest[ETH_ALEN];
        enum flow_offload_xmit_type xmit_type;
@@ -130,6 +131,9 @@ static void nft_dev_path_info(const stru
                                memcpy(info->h_source, path->dev->dev_addr, ETH_ALEN);
 
                        switch (path->bridge.vlan_mode) {
+                       case DEV_PATH_BR_VLAN_UNTAG_HW:
+                               info->ingress_vlans |= BIT(info->num_encaps - 1);
+                               break;
                        case DEV_PATH_BR_VLAN_TAG:
                                info->encap[info->num_encaps].id = path->bridge.vlan_id;
                                info->encap[info->num_encaps].proto = path->bridge.vlan_proto;
@@ -198,6 +202,7 @@ static void nft_dev_forward_path(struct
                route->tuple[!dir].in.encap[i].proto = info.encap[i].proto;
        }
        route->tuple[!dir].in.num_encaps = info.num_encaps;
+       route->tuple[!dir].in.ingress_vlans = info.ingress_vlans;
 
        if (info.xmit_type == FLOW_OFFLOAD_XMIT_DIRECT) {
                memcpy(route->tuple[dir].out.h_source, info.h_source, ETH_ALEN);