Netfilter-Devel Archive on lore.kernel.org
 help / color / Atom feed
* [PATCH 1/1] Restore the CT mark in Flow Offload
@ 2020-05-23 10:46 Sven Auhagen
  2020-06-01 10:48 ` kbuild test robot
  0 siblings, 1 reply; 2+ messages in thread
From: Sven Auhagen @ 2020-05-23 10:46 UTC (permalink / raw)
  To: netfilter-devel; +Cc: pablo

The skb mark is often used in TC action at egress.
In order to have the skb mark set we can add it to the
skb when we do a flow offload lookup from the CT mark.

Signed-off-by: Sven Auhagen <sven.auhagen@voleatech.de>
---
 include/net/netfilter/nf_flow_table.h | 3 ++-
 net/netfilter/nf_flow_table_core.c    | 7 ++++++-
 net/netfilter/nf_flow_table_ip.c      | 4 ++--
 net/sched/act_ct.c                    | 2 +-
 4 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/include/net/netfilter/nf_flow_table.h b/include/net/netfilter/nf_flow_table.h
index c54a7f707e50..61ad0c1d86f4 100644
--- a/include/net/netfilter/nf_flow_table.h
+++ b/include/net/netfilter/nf_flow_table.h
@@ -174,7 +174,8 @@ void flow_offload_refresh(struct nf_flowtable *flow_table,
 			  struct flow_offload *flow);
 
 struct flow_offload_tuple_rhash *flow_offload_lookup(struct nf_flowtable *flow_table,
-						     struct flow_offload_tuple *tuple);
+						     struct flow_offload_tuple *tuple,
+						     struct sk_buff *skb);
 void nf_flow_table_cleanup(struct net_device *dev);
 
 int nf_flow_table_init(struct nf_flowtable *flow_table);
diff --git a/net/netfilter/nf_flow_table_core.c b/net/netfilter/nf_flow_table_core.c
index 42da6e337276..50a0b2fd7527 100644
--- a/net/netfilter/nf_flow_table_core.c
+++ b/net/netfilter/nf_flow_table_core.c
@@ -300,7 +300,8 @@ EXPORT_SYMBOL_GPL(flow_offload_teardown);
 
 struct flow_offload_tuple_rhash *
 flow_offload_lookup(struct nf_flowtable *flow_table,
-		    struct flow_offload_tuple *tuple)
+		    struct flow_offload_tuple *tuple,
+		    struct sk_buff *skb)
 {
 	struct flow_offload_tuple_rhash *tuplehash;
 	struct flow_offload *flow;
@@ -319,6 +320,10 @@ flow_offload_lookup(struct nf_flowtable *flow_table,
 	if (unlikely(nf_ct_is_dying(flow->ct)))
 		return NULL;
 
+	/* Restore Mark for TC */
+	if (skb)
+		skb->mark = flow->ct->mark;
+
 	return tuplehash;
 }
 EXPORT_SYMBOL_GPL(flow_offload_lookup);
diff --git a/net/netfilter/nf_flow_table_ip.c b/net/netfilter/nf_flow_table_ip.c
index a3bca758b849..4b38923234e3 100644
--- a/net/netfilter/nf_flow_table_ip.c
+++ b/net/netfilter/nf_flow_table_ip.c
@@ -257,7 +257,7 @@ nf_flow_offload_ip_hook(void *priv, struct sk_buff *skb,
 	if (nf_flow_tuple_ip(skb, state->in, &tuple) < 0)
 		return NF_ACCEPT;
 
-	tuplehash = flow_offload_lookup(flow_table, &tuple);
+	tuplehash = flow_offload_lookup(flow_table, &tuple, skb);
 	if (tuplehash == NULL)
 		return NF_ACCEPT;
 
@@ -493,7 +493,7 @@ nf_flow_offload_ipv6_hook(void *priv, struct sk_buff *skb,
 	if (nf_flow_tuple_ipv6(skb, state->in, &tuple) < 0)
 		return NF_ACCEPT;
 
-	tuplehash = flow_offload_lookup(flow_table, &tuple);
+	tuplehash = flow_offload_lookup(flow_table, &tuple, skb);
 	if (tuplehash == NULL)
 		return NF_ACCEPT;
 
diff --git a/net/sched/act_ct.c b/net/sched/act_ct.c
index 1a766393be62..e2195ef67024 100644
--- a/net/sched/act_ct.c
+++ b/net/sched/act_ct.c
@@ -517,7 +517,7 @@ static bool tcf_ct_flow_table_lookup(struct tcf_ct_params *p,
 		return false;
 	}
 
-	tuplehash = flow_offload_lookup(nf_ft, &tuple);
+	tuplehash = flow_offload_lookup(nf_ft, &tuple, skb);
 	if (!tuplehash)
 		return false;
 
-- 
2.20.1


^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [PATCH 1/1] Restore the CT mark in Flow Offload
  2020-05-23 10:46 [PATCH 1/1] Restore the CT mark in Flow Offload Sven Auhagen
@ 2020-06-01 10:48 ` kbuild test robot
  0 siblings, 0 replies; 2+ messages in thread
From: kbuild test robot @ 2020-06-01 10:48 UTC (permalink / raw)
  To: Sven Auhagen, netfilter-devel; +Cc: kbuild-all, clang-built-linux, pablo


[-- Attachment #1: Type: text/plain, Size: 2624 bytes --]

Hi Sven,

Thank you for the patch! Yet something to improve:

[auto build test ERROR on nf/master]
[also build test ERROR on nf-next/master linus/master v5.7 next-20200529]
[if your patch is applied to the wrong git tree, please drop us a note to help
improve the system. BTW, we also suggest to use '--base' option to specify the
base tree in git format-patch, please see https://stackoverflow.com/a/37406982]

url:    https://github.com/0day-ci/linux/commits/Sven-Auhagen/Restore-the-CT-mark-in-Flow-Offload/20200523-184803
base:   https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git master
config: i386-randconfig-a011-20200601 (attached as .config)
compiler: clang version 11.0.0 (https://github.com/llvm/llvm-project 2388a096e7865c043e83ece4e26654bd3d1a20d5)
reproduce (this is a W=1 build):
        wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
        chmod +x ~/bin/make.cross
        # install i386 cross compiling tool for clang build
        # apt-get install binutils-i386-linux-gnu
        # save the attached .config to linux build tree
        COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=i386 

If you fix the issue, kindly add following tag as appropriate
Reported-by: kbuild test robot <lkp@intel.com>

All errors (new ones prefixed by >>, old ones prefixed by <<):

>> net/netfilter/nf_flow_table_core.c:325:25: error: no member named 'mark' in 'struct nf_conn'
skb->mark = flow->ct->mark;
~~~~~~~~  ^
1 error generated.

vim +325 net/netfilter/nf_flow_table_core.c

   300	
   301	struct flow_offload_tuple_rhash *
   302	flow_offload_lookup(struct nf_flowtable *flow_table,
   303			    struct flow_offload_tuple *tuple,
   304			    struct sk_buff *skb)
   305	{
   306		struct flow_offload_tuple_rhash *tuplehash;
   307		struct flow_offload *flow;
   308		int dir;
   309	
   310		tuplehash = rhashtable_lookup(&flow_table->rhashtable, tuple,
   311					      nf_flow_offload_rhash_params);
   312		if (!tuplehash)
   313			return NULL;
   314	
   315		dir = tuplehash->tuple.dir;
   316		flow = container_of(tuplehash, struct flow_offload, tuplehash[dir]);
   317		if (test_bit(NF_FLOW_TEARDOWN, &flow->flags))
   318			return NULL;
   319	
   320		if (unlikely(nf_ct_is_dying(flow->ct)))
   321			return NULL;
   322	
   323		/* Restore Mark for TC */
   324		if (skb)
 > 325			skb->mark = flow->ct->mark;
   326	
   327		return tuplehash;
   328	}
   329	EXPORT_SYMBOL_GPL(flow_offload_lookup);
   330	

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org

[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 48165 bytes --]

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, back to index

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-05-23 10:46 [PATCH 1/1] Restore the CT mark in Flow Offload Sven Auhagen
2020-06-01 10:48 ` kbuild test robot

Netfilter-Devel Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/netfilter-devel/0 netfilter-devel/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 netfilter-devel netfilter-devel/ https://lore.kernel.org/netfilter-devel \
		netfilter-devel@vger.kernel.org
	public-inbox-index netfilter-devel

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.netfilter-devel


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git