From patchwork Wed Jun 26 15:56:12 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nikolay Aleksandrov X-Patchwork-Id: 1122899 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=cumulusnetworks.com Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=cumulusnetworks.com header.i=@cumulusnetworks.com header.b="YmES0KER"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 45YnhK3jlCz9sCJ for ; Thu, 27 Jun 2019 01:56:33 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726465AbfFZP4c (ORCPT ); Wed, 26 Jun 2019 11:56:32 -0400 Received: from mail-wr1-f66.google.com ([209.85.221.66]:36936 "EHLO mail-wr1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726431AbfFZP4b (ORCPT ); Wed, 26 Jun 2019 11:56:31 -0400 Received: by mail-wr1-f66.google.com with SMTP id v14so3347805wrr.4 for ; Wed, 26 Jun 2019 08:56:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cumulusnetworks.com; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=gUAsyBC+YyCn6Chz7Qnk989iaecFlEUtVr7lsQ7ziVw=; b=YmES0KER0R2TOKiGGHD2K8qfMbDIiz+ro3gFIrm2UMBKpugezOq9mtOFdTf3+7yrpL 80qNtqimm6oambAmMvURmycx3FX1IU9aBdVzcb2CbopcE2eT7+K0rZqPHLC0sPa70HJb UUxBcvYK0+tOpe0XpaH93+eq9Bm44yud2Gpns= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=gUAsyBC+YyCn6Chz7Qnk989iaecFlEUtVr7lsQ7ziVw=; b=PjthsaCqmMI3OPlWxq9Iz5aU7QI9hzhM8ORCmabaYT17qtT4bqRN1I5ehnxtP72Zio eDSmUdSWk5ud0q9D5VLaC7if1w/dedwRIfO8rzLGHWW0ctPGvBp95ugT3RL4kfUIxb31 ZBZAf0CzatGTH1MR9BrFGz9jfQsQdBt75XRmSUHP1tAl9snhFxVH8jzBhf9z/x3Z8Hks 3k+B6oAt18G/97vuok+xv9cWFolsREWu+3zRr+UfQfXPWJ0ij9ZLI0SSePEfIbb4oaHQ b8pEQ1bE6MNmiCiDODXogTm6LNA34Xst36Q9KyfUku7CZr9paL9M9lw9KZ40QAFnRak6 6ERQ== X-Gm-Message-State: APjAAAXDdLff1TF7M7345XE0YNTrMNVj3KBri3etMBnA3oq4CV+4VHUz 1FDnoK7/ii/2gBZpPYY016IvNCcOtdY= X-Google-Smtp-Source: APXvYqy9z4YNizovKB16aNtR6Iapn8pmzUwPRsmQsvkY2jBvpESH0Fu3fR9m1rXnVepXncuqOfD4Mw== X-Received: by 2002:a5d:4642:: with SMTP id j2mr3955297wrs.211.1561564589161; Wed, 26 Jun 2019 08:56:29 -0700 (PDT) Received: from localhost.localdomain ([78.128.78.220]) by smtp.gmail.com with ESMTPSA id h8sm1832556wmf.12.2019.06.26.08.56.28 (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256); Wed, 26 Jun 2019 08:56:28 -0700 (PDT) From: Nikolay Aleksandrov To: netdev@vger.kernel.org Cc: roopa@cumulusnetworks.com, pablo@netfilter.org, xiyou.wangcong@gmail.com, davem@davemloft.net, jiri@resnulli.us, jhs@mojatatu.com, eyal.birger@gmail.com, Nikolay Aleksandrov Subject: [PATCH net-next v2 1/4] net: sched: em_ipt: match only on ip/ipv6 traffic Date: Wed, 26 Jun 2019 18:56:12 +0300 Message-Id: <20190626155615.16639-2-nikolay@cumulusnetworks.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190626155615.16639-1-nikolay@cumulusnetworks.com> References: <20190626155615.16639-1-nikolay@cumulusnetworks.com> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Restrict matching only to ip/ipv6 traffic and make sure we can use the headers, otherwise matches will be attempted on any protocol which can be unexpected by the xt matches. Currently policy supports only ipv4/6. Signed-off-by: Nikolay Aleksandrov --- net/sched/em_ipt.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/net/sched/em_ipt.c b/net/sched/em_ipt.c index 243fd22f2248..64dbafe4e94c 100644 --- a/net/sched/em_ipt.c +++ b/net/sched/em_ipt.c @@ -185,6 +185,19 @@ static int em_ipt_match(struct sk_buff *skb, struct tcf_ematch *em, struct nf_hook_state state; int ret; + switch (tc_skb_protocol(skb)) { + case htons(ETH_P_IP): + if (!pskb_network_may_pull(skb, sizeof(struct iphdr))) + return 0; + break; + case htons(ETH_P_IPV6): + if (!pskb_network_may_pull(skb, sizeof(struct ipv6hdr))) + return 0; + break; + default: + return 0; + } + rcu_read_lock(); if (skb->skb_iif) From patchwork Wed Jun 26 15:56:13 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nikolay Aleksandrov X-Patchwork-Id: 1122900 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=cumulusnetworks.com Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=cumulusnetworks.com header.i=@cumulusnetworks.com header.b="DTrX6hOX"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 45YnhM5JQVz9sCJ for ; Thu, 27 Jun 2019 01:56:35 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726472AbfFZP4d (ORCPT ); Wed, 26 Jun 2019 11:56:33 -0400 Received: from mail-wr1-f65.google.com ([209.85.221.65]:38094 "EHLO mail-wr1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725958AbfFZP4c (ORCPT ); Wed, 26 Jun 2019 11:56:32 -0400 Received: by mail-wr1-f65.google.com with SMTP id d18so3340614wrs.5 for ; Wed, 26 Jun 2019 08:56:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cumulusnetworks.com; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=BUqnnI07YLWQJFnMFajRfWqiDqFK6SzTTAM6Yhz6Kqo=; b=DTrX6hOX3cH6snLyrDkER0RAutBTY23zkwXAzIMl0cXisi7NnYcDe+8nFtxQIt57LP oZJXE//fEpjJdogL4pcHZy72BZroaJ6LEZaa665IHcDPmfl5B9/i6WcWCU6P53yAyf29 Vw8q8et2zsLSypQjQl6t/ubHwGntOts5CfYwI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=BUqnnI07YLWQJFnMFajRfWqiDqFK6SzTTAM6Yhz6Kqo=; b=kBmaQHr7ImE2j9KEWpblNcCSYbX+GuvtA9cR6bECC4RrxpoceHvxCwVWd+wrfMqIDO KB9e0FAhPPjQ4F9euhop63EebXM3uf32dJsV811CA8dEbSMLbI6G1y2PusYGpeTdl1bD iGOOIBo/UxCP6bnM8riS/hOv8x/LR2Lm/kHYu5o6o7nbXca6GMdq6Qtp7MiUld1QwP6j kfqxX9ZpR+rwt1sTZZreodelYPx2PpjywjiQ362hU1t/wVhXou2UrzH6T+uBpHJSRvJx cHyyz+mBDyuMUDkgUPXu+QGGDGDOrl78xjwT3Y1buyA5PGHXiqi133w9sd1Kn5WmmImy LMYQ== X-Gm-Message-State: APjAAAW4dGieRvSx5abRviN2cQpUbajdpNuj+1RXRtBFhaVCCxuL87G+ R/PrboIEJs4b2zFAVCHAYVxmQEqlYvU= X-Google-Smtp-Source: APXvYqzUECjNMozG5ItGIfwBC60KSvQalpvts35QuzJ/hnp0TjY9boWQ8XZALXFKvVQ+1GbN3qcErQ== X-Received: by 2002:a5d:5186:: with SMTP id k6mr4551001wrv.30.1561564590240; Wed, 26 Jun 2019 08:56:30 -0700 (PDT) Received: from localhost.localdomain ([78.128.78.220]) by smtp.gmail.com with ESMTPSA id h8sm1832556wmf.12.2019.06.26.08.56.29 (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256); Wed, 26 Jun 2019 08:56:29 -0700 (PDT) From: Nikolay Aleksandrov To: netdev@vger.kernel.org Cc: roopa@cumulusnetworks.com, pablo@netfilter.org, xiyou.wangcong@gmail.com, davem@davemloft.net, jiri@resnulli.us, jhs@mojatatu.com, eyal.birger@gmail.com, Nikolay Aleksandrov Subject: [PATCH net-next v2 2/4] net: sched: em_ipt: set the family based on the packet if it's unspecified Date: Wed, 26 Jun 2019 18:56:13 +0300 Message-Id: <20190626155615.16639-3-nikolay@cumulusnetworks.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190626155615.16639-1-nikolay@cumulusnetworks.com> References: <20190626155615.16639-1-nikolay@cumulusnetworks.com> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Set the family based on the packet if it's unspecified otherwise protocol-neutral matches will have wrong information (e.g. NFPROTO_UNSPEC). In preparation for using NFPROTO_UNSPEC xt matches. v2: set the nfproto only when unspecified Suggested-by: Eyal Birger Signed-off-by: Nikolay Aleksandrov --- net/sched/em_ipt.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/net/sched/em_ipt.c b/net/sched/em_ipt.c index 64dbafe4e94c..fd7f5b288c31 100644 --- a/net/sched/em_ipt.c +++ b/net/sched/em_ipt.c @@ -182,6 +182,7 @@ static int em_ipt_match(struct sk_buff *skb, struct tcf_ematch *em, const struct em_ipt_match *im = (const void *)em->data; struct xt_action_param acpar = {}; struct net_device *indev = NULL; + u8 nfproto = im->match->family; struct nf_hook_state state; int ret; @@ -189,10 +190,14 @@ static int em_ipt_match(struct sk_buff *skb, struct tcf_ematch *em, case htons(ETH_P_IP): if (!pskb_network_may_pull(skb, sizeof(struct iphdr))) return 0; + if (nfproto == NFPROTO_UNSPEC) + nfproto = NFPROTO_IPV4; break; case htons(ETH_P_IPV6): if (!pskb_network_may_pull(skb, sizeof(struct ipv6hdr))) return 0; + if (nfproto == NFPROTO_UNSPEC) + nfproto = NFPROTO_IPV6; break; default: return 0; @@ -203,7 +208,7 @@ static int em_ipt_match(struct sk_buff *skb, struct tcf_ematch *em, if (skb->skb_iif) indev = dev_get_by_index_rcu(em->net, skb->skb_iif); - nf_hook_state_init(&state, im->hook, im->match->family, + nf_hook_state_init(&state, im->hook, nfproto, indev ?: skb->dev, skb->dev, NULL, em->net, NULL); acpar.match = im->match; From patchwork Wed Jun 26 15:56:14 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nikolay Aleksandrov X-Patchwork-Id: 1122902 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=cumulusnetworks.com Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=cumulusnetworks.com header.i=@cumulusnetworks.com header.b="D5cQ5MAp"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 45YnhQ2WkZz9sDn for ; Thu, 27 Jun 2019 01:56:38 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726500AbfFZP4h (ORCPT ); Wed, 26 Jun 2019 11:56:37 -0400 Received: from mail-wr1-f67.google.com ([209.85.221.67]:43225 "EHLO mail-wr1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726447AbfFZP4d (ORCPT ); Wed, 26 Jun 2019 11:56:33 -0400 Received: by mail-wr1-f67.google.com with SMTP id p13so3316038wru.10 for ; Wed, 26 Jun 2019 08:56:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cumulusnetworks.com; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=3c4S6lo7RWwT0H7lp2yCDwGWt2YlM+1HaTguCzugqN4=; b=D5cQ5MApvjILwqiUFpXHcgI3StUnFjd6fNi1BHur5CAxtTCNDlBO05G+lgkgEaENVU KQj5oRq+Y3yHi7u+yDIjn4xPfaNwLQWRxQCL9Lp3NbiB7pyLNpq7OsXybYyh4oZqzVBF dckpBdkHYjOSf0sD6fkufhqNbo1GnNoGE1SD4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=3c4S6lo7RWwT0H7lp2yCDwGWt2YlM+1HaTguCzugqN4=; b=Pvgx3r2WBqkOsn6HGxXOJSvHLMs6iVpuhbAWOnjMLXw0z+SwRiAeB6r1r2W7wZhvgl tMBTMR038lMo67LggteMrvRhYaGEoUCz3sJkXgtS+nZzSq2QhdpjNq+JVLc2Zr/SAHE6 xsomOTawRf2D7BFMyFFeffVU1OVOyMyfWz3fOYnU2664Cetjude5Vcs1l//fqJdLdBTz VRoXy6Srs7u0q5g7jEYOJSU7GHZ2+jSopH++eZRHQDN1+Uof3onsiQ95hwpg0jbRq3Pu eQcFv24yVZliauhgnUADq6r1YqJWOwk+tdDirQd2fYjLZhBnKFoZU0JZZGDuP2Ca7HT0 6hsQ== X-Gm-Message-State: APjAAAUVw1H3sZP1B025t8+A3IWiBiV1y+wlxoDpTZXfJUrG+9yQ8Leu AvXAoHHIiF0a1pzJ/aiH/erSgFhnx1E= X-Google-Smtp-Source: APXvYqx86L5C7EAnWn/hDGJUtLZ3z0828Q+KHm+7Szh3Ae6/f+smY2Ra7ZjcYilOVjWMSC2WLXV4XQ== X-Received: by 2002:adf:fb81:: with SMTP id a1mr3956791wrr.329.1561564591421; Wed, 26 Jun 2019 08:56:31 -0700 (PDT) Received: from localhost.localdomain ([78.128.78.220]) by smtp.gmail.com with ESMTPSA id h8sm1832556wmf.12.2019.06.26.08.56.30 (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256); Wed, 26 Jun 2019 08:56:30 -0700 (PDT) From: Nikolay Aleksandrov To: netdev@vger.kernel.org Cc: roopa@cumulusnetworks.com, pablo@netfilter.org, xiyou.wangcong@gmail.com, davem@davemloft.net, jiri@resnulli.us, jhs@mojatatu.com, eyal.birger@gmail.com, Nikolay Aleksandrov Subject: [PATCH net-next v2 3/4] net: sched: em_ipt: keep the user-specified nfproto and use it Date: Wed, 26 Jun 2019 18:56:14 +0300 Message-Id: <20190626155615.16639-4-nikolay@cumulusnetworks.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190626155615.16639-1-nikolay@cumulusnetworks.com> References: <20190626155615.16639-1-nikolay@cumulusnetworks.com> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org For NFPROTO_UNSPEC xt_matches there's no way to restrict the matching to a specific family, in order to do so we record the user-specified family and later enforce it while doing the match. v2: adjust changes to missing patch, was patch 04 in v1 Signed-off-by: Nikolay Aleksandrov --- net/sched/em_ipt.c | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/net/sched/em_ipt.c b/net/sched/em_ipt.c index fd7f5b288c31..ce91f3cea0bd 100644 --- a/net/sched/em_ipt.c +++ b/net/sched/em_ipt.c @@ -21,6 +21,7 @@ struct em_ipt_match { const struct xt_match *match; u32 hook; + u8 nfproto; u8 match_data[0] __aligned(8); }; @@ -115,6 +116,7 @@ static int em_ipt_change(struct net *net, void *data, int data_len, struct em_ipt_match *im = NULL; struct xt_match *match; int mdata_len, ret; + u8 nfproto; ret = nla_parse_deprecated(tb, TCA_EM_IPT_MAX, data, data_len, em_ipt_policy, NULL); @@ -125,6 +127,16 @@ static int em_ipt_change(struct net *net, void *data, int data_len, !tb[TCA_EM_IPT_MATCH_DATA] || !tb[TCA_EM_IPT_NFPROTO]) return -EINVAL; + nfproto = nla_get_u8(tb[TCA_EM_IPT_NFPROTO]); + switch (nfproto) { + case NFPROTO_IPV4: + case NFPROTO_IPV6: + case NFPROTO_UNSPEC: + break; + default: + return -EINVAL; + } + match = get_xt_match(tb); if (IS_ERR(match)) { pr_err("unable to load match\n"); @@ -140,6 +152,7 @@ static int em_ipt_change(struct net *net, void *data, int data_len, im->match = match; im->hook = nla_get_u32(tb[TCA_EM_IPT_HOOK]); + im->nfproto = nfproto; nla_memcpy(im->match_data, tb[TCA_EM_IPT_MATCH_DATA], mdata_len); ret = check_match(net, im, mdata_len); @@ -182,8 +195,8 @@ static int em_ipt_match(struct sk_buff *skb, struct tcf_ematch *em, const struct em_ipt_match *im = (const void *)em->data; struct xt_action_param acpar = {}; struct net_device *indev = NULL; - u8 nfproto = im->match->family; struct nf_hook_state state; + u8 nfproto = im->nfproto; int ret; switch (tc_skb_protocol(skb)) { @@ -231,7 +244,7 @@ static int em_ipt_dump(struct sk_buff *skb, struct tcf_ematch *em) return -EMSGSIZE; if (nla_put_u8(skb, TCA_EM_IPT_MATCH_REVISION, im->match->revision) < 0) return -EMSGSIZE; - if (nla_put_u8(skb, TCA_EM_IPT_NFPROTO, im->match->family) < 0) + if (nla_put_u8(skb, TCA_EM_IPT_NFPROTO, im->nfproto) < 0) return -EMSGSIZE; if (nla_put(skb, TCA_EM_IPT_MATCH_DATA, im->match->usersize ?: im->match->matchsize, From patchwork Wed Jun 26 15:56:15 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nikolay Aleksandrov X-Patchwork-Id: 1122901 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=cumulusnetworks.com Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=cumulusnetworks.com header.i=@cumulusnetworks.com header.b="MaOOsm/k"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 45YnhP5chJz9sCJ for ; Thu, 27 Jun 2019 01:56:37 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726489AbfFZP4h (ORCPT ); Wed, 26 Jun 2019 11:56:37 -0400 Received: from mail-wm1-f65.google.com ([209.85.128.65]:38720 "EHLO mail-wm1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726476AbfFZP4e (ORCPT ); Wed, 26 Jun 2019 11:56:34 -0400 Received: by mail-wm1-f65.google.com with SMTP id s15so2633862wmj.3 for ; Wed, 26 Jun 2019 08:56:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cumulusnetworks.com; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=y2Mtcdbgx0lmywlzyLoj3yNMZu8xHe+hD0/o+4yg7kY=; b=MaOOsm/kbsZMrQggOWKSCuSqHxXISF5l6Twnp318XCrwB2RGl2v4mwl6hsv6btJXA0 00ekHH7GgHnfSOSkDcvCAGZQhi8GXxzj0dcOSUCxkfIjvdApIWLeQYSvPIo7Xry8Bu4F wTT2S7EzwRgzqXW0895qFPvoHc/UsKz88NR2k= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=y2Mtcdbgx0lmywlzyLoj3yNMZu8xHe+hD0/o+4yg7kY=; b=exrXW/gnp+FZQMStwqrn7F6a/53XsLzvTOI+57UHehVTqGvyTtc3MnZwmf+6IjB2CY we708zRdslr2a95ILVkNByJ0n91MlHLPuyujMQx0xmJFYBHCMqqOcU6GplDdhKTCrM4u 2aJGh7IuQ7FdA0s3zQXYayW1kJa9X+P2moYxBzpdBfciykZ7GDnkEuGCv22DPXh7qnVV 4IVe0d1GAeg3HkXNrpo4twslYrjw/iRGhiUZyZI9eebq803ZmgfPO9yPUH2xMfB7Uegc wUZCFFzXIfDshiipUa50cc8K0ao68UJdbUlXBQO88Y0XzohrSQF15NbxtIylzL4Gzj59 JkUA== X-Gm-Message-State: APjAAAWZ1vdCTwpcqYIW9vDtskEihUpIJCUQN4qzC94cd1yAnnESKXTd pMEGyP8NKHo9Qm/D+cM7P7JaIRgH18g= X-Google-Smtp-Source: APXvYqzz4J0dyjFd2FnDZCq/rDd6lk+XGuksNhpPd5GENeReVMr5f/fw6NR7+E/yGZtpe7awC7yS1g== X-Received: by 2002:a1c:411:: with SMTP id 17mr2919937wme.74.1561564592743; Wed, 26 Jun 2019 08:56:32 -0700 (PDT) Received: from localhost.localdomain ([78.128.78.220]) by smtp.gmail.com with ESMTPSA id h8sm1832556wmf.12.2019.06.26.08.56.31 (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256); Wed, 26 Jun 2019 08:56:32 -0700 (PDT) From: Nikolay Aleksandrov To: netdev@vger.kernel.org Cc: roopa@cumulusnetworks.com, pablo@netfilter.org, xiyou.wangcong@gmail.com, davem@davemloft.net, jiri@resnulli.us, jhs@mojatatu.com, eyal.birger@gmail.com, Nikolay Aleksandrov Subject: [PATCH net-next v2 4/4] net: sched: em_ipt: add support for addrtype matching Date: Wed, 26 Jun 2019 18:56:15 +0300 Message-Id: <20190626155615.16639-5-nikolay@cumulusnetworks.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190626155615.16639-1-nikolay@cumulusnetworks.com> References: <20190626155615.16639-1-nikolay@cumulusnetworks.com> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Allow em_ipt to use addrtype for matching. Restrict the use only to revision 1 which has IPv6 support. Since it's a NFPROTO_UNSPEC xt match we use the user-specified nfproto for matching, in case it's unspecified both v4/v6 will be matched by the rule. v2: no changes, was patch 5 in v1 Signed-off-by: Nikolay Aleksandrov --- net/sched/em_ipt.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/net/sched/em_ipt.c b/net/sched/em_ipt.c index ce91f3cea0bd..b08d87bd120b 100644 --- a/net/sched/em_ipt.c +++ b/net/sched/em_ipt.c @@ -72,11 +72,25 @@ static int policy_validate_match_data(struct nlattr **tb, u8 mrev) return 0; } +static int addrtype_validate_match_data(struct nlattr **tb, u8 mrev) +{ + if (mrev != 1) { + pr_err("only addrtype match revision 1 supported"); + return -EINVAL; + } + + return 0; +} + static const struct em_ipt_xt_match em_ipt_xt_matches[] = { { .match_name = "policy", .validate_match_data = policy_validate_match_data }, + { + .match_name = "addrtype", + .validate_match_data = addrtype_validate_match_data + }, {} };