* [PATCH nf] netfilter: nf_tables_offload: skip VLAN handling if FLOW_DISSECTOR_KEY_CONTROL is unset
@ 2021-06-19 0:09 Pablo Neira Ayuso
0 siblings, 0 replies; 2+ messages in thread
From: Pablo Neira Ayuso @ 2021-06-19 0:09 UTC (permalink / raw)
To: netfilter-devel; +Cc: chutzpah
Restore hardware offload support for rules that provide no matching
ethertype through FLOW_DISSECTOR_KEY_CONTROL.
Fixes: 783003f3bb8a ("netfilter: nftables_offload: special ethertype handling for VLAN")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
net/netfilter/nf_tables_offload.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/net/netfilter/nf_tables_offload.c b/net/netfilter/nf_tables_offload.c
index a48c5fd53a80..6fc29f9cc11e 100644
--- a/net/netfilter/nf_tables_offload.c
+++ b/net/netfilter/nf_tables_offload.c
@@ -56,8 +56,10 @@ static void nft_flow_rule_transfer_vlan(struct nft_offload_ctx *ctx,
struct nft_flow_match *match = &flow->match;
struct nft_offload_ethertype ethertype;
- if (match->dissector.used_keys & BIT(FLOW_DISSECTOR_KEY_CONTROL) &&
- match->key.basic.n_proto != htons(ETH_P_8021Q) &&
+ if (!(match->dissector.used_keys & BIT(FLOW_DISSECTOR_KEY_CONTROL)))
+ return;
+
+ if (match->key.basic.n_proto != htons(ETH_P_8021Q) &&
match->key.basic.n_proto != htons(ETH_P_8021AD))
return;
--
2.30.2
^ permalink raw reply related [flat|nested] 2+ messages in thread
* [PATCH nf] netfilter: nf_tables_offload: skip VLAN handling if FLOW_DISSECTOR_KEY_CONTROL is unset
@ 2021-06-19 0:10 Pablo Neira Ayuso
0 siblings, 0 replies; 2+ messages in thread
From: Pablo Neira Ayuso @ 2021-06-19 0:10 UTC (permalink / raw)
To: netfilter-devel
Restore hardware offload support for rules that provide no matching
ethertype through FLOW_DISSECTOR_KEY_CONTROL.
Fixes: 783003f3bb8a ("netfilter: nftables_offload: special ethertype handling for VLAN")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
net/netfilter/nf_tables_offload.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/net/netfilter/nf_tables_offload.c b/net/netfilter/nf_tables_offload.c
index a48c5fd53a80..6fc29f9cc11e 100644
--- a/net/netfilter/nf_tables_offload.c
+++ b/net/netfilter/nf_tables_offload.c
@@ -56,8 +56,10 @@ static void nft_flow_rule_transfer_vlan(struct nft_offload_ctx *ctx,
struct nft_flow_match *match = &flow->match;
struct nft_offload_ethertype ethertype;
- if (match->dissector.used_keys & BIT(FLOW_DISSECTOR_KEY_CONTROL) &&
- match->key.basic.n_proto != htons(ETH_P_8021Q) &&
+ if (!(match->dissector.used_keys & BIT(FLOW_DISSECTOR_KEY_CONTROL)))
+ return;
+
+ if (match->key.basic.n_proto != htons(ETH_P_8021Q) &&
match->key.basic.n_proto != htons(ETH_P_8021AD))
return;
--
2.30.2
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-06-19 0:10 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-06-19 0:09 [PATCH nf] netfilter: nf_tables_offload: skip VLAN handling if FLOW_DISSECTOR_KEY_CONTROL is unset Pablo Neira Ayuso
2021-06-19 0:10 Pablo Neira Ayuso
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.