From patchwork Sun Jan 13 13:59:37 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Zahari Doychev X-Patchwork-Id: 1024078 Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=googlemail.com header.i=@googlemail.com header.b="dDZcao0j"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 43cym76dQPz9s55 for ; Mon, 14 Jan 2019 00:55:19 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726543AbfAMNy5 (ORCPT ); Sun, 13 Jan 2019 08:54:57 -0500 Received: from mail-wm1-f67.google.com ([209.85.128.67]:35162 "EHLO mail-wm1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726434AbfAMNy5 (ORCPT ); Sun, 13 Jan 2019 08:54:57 -0500 Received: by mail-wm1-f67.google.com with SMTP id t200so6435080wmt.0 for ; Sun, 13 Jan 2019 05:54:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20161025; h=sender:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=z0vJbgOulC6FzUOmFtiRWTecaPlHR64UPs574wmAzjY=; b=dDZcao0jVkLzfIQh8TahnBbJ+CoNNtczISoWPfegMpwwVU3kVjFQGFnpwdbzArdkP/ 55xWBmPLnfGN2cNozGVUHxr7/QEKUEiW3q4INiEUrEBNwT2gGwEc5aRkeRXOThqgtdEk SVSssT7QVbqeLAOjx2bgedXkajkST9sQxhRYakluAk/ybb+lqKpErj47ZCo19M8VwYGw OFWzizwkurpytBiQeT7Aus++d32VotL0U/lDfrlf0TcFOHEel1nf7aDPz9XWQVKN8pWO QiTATxt9TvO3LipwSXLMMKPncLLlafBSGMHfLjV1UGq6gku+v00Tk8Krb+8JWKJgPPYt 23yQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :mime-version:content-transfer-encoding; bh=z0vJbgOulC6FzUOmFtiRWTecaPlHR64UPs574wmAzjY=; b=Uo90vWoa/B0IEO4YBvltHukewfeq2L3Va2oQ8DzeVJB6hU48EvIYg4LNxWwLsuMEJ5 2knEg/d206wMjw1gQqKWA0GXXxND3HVXmET5vXCcpSoY+67eVt4IYw0T7DzM0eJefPCY u6yLxe6n5LyfTUyv+iBThRI8h15fyIQGEF23uYvZNaEV0VDoKNYbK6PyShyqaLohP8lu rooP4d1rCcwWpFu9WlpnkMRZdWzCeVLue/a5hYm+oNPaEWUFG2IKsnJ+DrOmVR3x378J orz/HkU46qOjXdWOR90hDFf/hIFGYueZP2jpxQKjpH8jhTA8ACVb+ykGijvdhnzbXJAS fnJQ== X-Gm-Message-State: AJcUukf2c9BTxkEWzPNcA7SJorESUA5xYpMfKWOojxeBX0AS3okfop7j wVaMBEUl2r/J0JoWxf+fnyEogPbh6NE= X-Google-Smtp-Source: ALg8bN7opTdEv8jCdxpQqYDC8u9fVXNd8Vh7mKBlLcb7A1CYZoT3Woj9QHKrJt9pT7icU9FjWH9LpQ== X-Received: by 2002:a1c:b1d5:: with SMTP id a204mr9059195wmf.32.1547387694172; Sun, 13 Jan 2019 05:54:54 -0800 (PST) Received: from localhost.localdomain (ipbcc05724.dynamic.kabel-deutschland.de. [188.192.87.36]) by smtp.gmail.com with ESMTPSA id m4sm21407879wmi.3.2019.01.13.05.54.53 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 13 Jan 2019 05:54:53 -0800 (PST) From: Zahari Doychev To: netdev@vger.kernel.org, bridge@lists.linux-foundation.org, nikolay@cumulusnetworks.com, roopa@cumulusnetworks.com Cc: jhs@mojatatu.com, johannes@sipsolutions.net, zahari.doychev@linux.com Subject: [PATCH 0/2] net: bridge: fix tc added QinQ forwarding Date: Sun, 13 Jan 2019 14:59:37 +0100 Message-Id: <20190113135939.8970-1-zahari.doychev@linux.com> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org The Linux bridge seems to not correctly forward double vlan tagged packets added using the tc vlan action. I am using a bridge with two netdevs and on one of them a have the clsact qdisc with tc flower rule adding two vlan tags. ip link add name br0 type bridge vlan_filtering 1 ip link set dev br0 up ip link set dev net0 up ip link set dev net0 master br0 ip link set dev net1 up ip link set dev net1 master br0 bridge vlan add dev net0 vid 100 master bridge vlan add dev br0 vid 100 self bridge vlan add dev net1 vid 100 master tc qdisc add dev net0 handle ffff: clsact tc qdisc add dev net1 handle ffff: clsact tc filter add dev net0 ingress pref 1 protocol all flower \ action vlan push id 10 pipe action vlan push id 100 tc filter add dev net0 egress pref 1 protocol 802.1q flower \ vlan_id 100 vlan_ethtype 802.1q cvlan_id 10 \ action vlan pop pipe action vlan pop When using the setup above the packets coming on net0 get double tagged but the MAC headers gets corrupted when the packets go out of net1. It seems that the second vlan header is not considered in br_dev_queue_push_xmit. The skb data pointer is decremented only by the ethernet header length. This later causes the function validate_xmit_vlan to insert the outer vlan tag behind the inner vlan tag. The inner vlan becomes also part of the source mac address. The first patch fixes the problem described above. The second one fixes similar problem when the tpids of the bridge and the inserted vlan don't match. It fixes again incorrect insertion of the skb vlan into the payload. The two patches seem to fix the problem but I am not sure if this the right way to fix this and if there is any other impact. Zahari Doychev (2): net: bridge: fix tc added QinQ forwarding net: bridge: fix tc added vlan insert as payload net/bridge/br_forward.c | 2 +- net/bridge/br_vlan.c | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-)