From patchwork Thu Jun 27 08:10:44 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nikolay Aleksandrov X-Patchwork-Id: 1123180 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=cumulusnetworks.com Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=cumulusnetworks.com header.i=@cumulusnetworks.com header.b="ATg2o/Hw"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 45ZCMB4SZwz9sCJ for ; Thu, 27 Jun 2019 18:13:10 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726631AbfF0INJ (ORCPT ); Thu, 27 Jun 2019 04:13:09 -0400 Received: from mail-wr1-f65.google.com ([209.85.221.65]:44251 "EHLO mail-wr1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726059AbfF0INH (ORCPT ); Thu, 27 Jun 2019 04:13:07 -0400 Received: by mail-wr1-f65.google.com with SMTP id r16so1389737wrl.11 for ; Thu, 27 Jun 2019 01:13:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cumulusnetworks.com; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=B8vQDF13AHMcgupbh/IW1h1GHRnHKLoGdC/kU7rZ9zo=; b=ATg2o/HwspuZohKY8rpe9s3iYYVbgwQpaXIZ0VLiHX8piDOoBeRrZYs+fHsRa0YUN5 tmSFS9Xo1/WGqYfVTC3ja1A4noUBeFA5I8loie1fbwm51/OCKU9J+jNV7LNLkmyr8r1R 4SZt0hV/BMgu5yHbPotsIuT0EcSaL46UTE+oI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=B8vQDF13AHMcgupbh/IW1h1GHRnHKLoGdC/kU7rZ9zo=; b=K/6ecNMKf5NsaL+0rd8qzfbIoVpCPtH2Z0Sudhfm2baxnFIs9j0VDLJPXANVmhZk0E 5BhLmBiXGcN3b6+p8ANdDpL4GHEYD3xYsoo1+wc0yYuu8S3w3pfXGsb6QV8TcAUH9qLl M4UpnLo9z2Ae0verHFbJcgpsHWZk6U2aI0KsDFrL70c3nW3LyT4nLDLIoC4lggjKwAuH 1F5Vp74DW2xp45hnHQDLsfKWWqlZZCzS6rI8XbjryNpfcuN9GtlrgCOhvBNmlLQ8DKHA QTVBhkcm1Cobo6m/MWdFgJ7TbOvDBTg6ELBLHaMtpFI+GVMUTb5xRspPAvTR8X0jfcMr 9BtQ== X-Gm-Message-State: APjAAAX35ub7aAVQP/tF6+grqs/e2n63LUu3Seg7EzV8hS+S0YS/3YNb 55j07ezl8nt+UX1KO2GBgUEdRloIx60= X-Google-Smtp-Source: APXvYqytd1owlVPAfrL5K2jgZlsWXVrJO/K4tvexMdPYvBPkfNXyoKWlXQ88c990obm8mSIM6NazRA== X-Received: by 2002:adf:fe4e:: with SMTP id m14mr2184511wrs.21.1561623185469; Thu, 27 Jun 2019 01:13:05 -0700 (PDT) Received: from localhost.localdomain (84-238-136-197.ip.btc-net.bg. [84.238.136.197]) by smtp.gmail.com with ESMTPSA id o6sm6969949wmc.15.2019.06.27.01.13.04 (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256); Thu, 27 Jun 2019 01:13:04 -0700 (PDT) From: Nikolay Aleksandrov To: netdev@vger.kernel.org Cc: roopa@cumulusnetworks.com, davem@davemloft.net, pablo@netfilter.org, xiyou.wangcong@gmail.com, jiri@resnulli.us, jhs@mojatatu.com, eyal.birger@gmail.com, Nikolay Aleksandrov Subject: [PATCH net-next v3 1/4] net: sched: em_ipt: match only on ip/ipv6 traffic Date: Thu, 27 Jun 2019 11:10:44 +0300 Message-Id: <20190627081047.24537-2-nikolay@cumulusnetworks.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190627081047.24537-1-nikolay@cumulusnetworks.com> References: <20190627081047.24537-1-nikolay@cumulusnetworks.com> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Restrict matching only to ip/ipv6 traffic and make sure we can use the headers, otherwise matches will be attempted on any protocol which can be unexpected by the xt matches. Currently policy supports only ipv4/6. Signed-off-by: Nikolay Aleksandrov --- v3: no change v2: no change net/sched/em_ipt.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/net/sched/em_ipt.c b/net/sched/em_ipt.c index 243fd22f2248..64dbafe4e94c 100644 --- a/net/sched/em_ipt.c +++ b/net/sched/em_ipt.c @@ -185,6 +185,19 @@ static int em_ipt_match(struct sk_buff *skb, struct tcf_ematch *em, struct nf_hook_state state; int ret; + switch (tc_skb_protocol(skb)) { + case htons(ETH_P_IP): + if (!pskb_network_may_pull(skb, sizeof(struct iphdr))) + return 0; + break; + case htons(ETH_P_IPV6): + if (!pskb_network_may_pull(skb, sizeof(struct ipv6hdr))) + return 0; + break; + default: + return 0; + } + rcu_read_lock(); if (skb->skb_iif) From patchwork Thu Jun 27 08:10:45 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nikolay Aleksandrov X-Patchwork-Id: 1123181 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=cumulusnetworks.com Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=cumulusnetworks.com header.i=@cumulusnetworks.com header.b="cWTgxmhl"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 45ZCMC3vqrz9s8m for ; Thu, 27 Jun 2019 18:13:11 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726641AbfF0INK (ORCPT ); Thu, 27 Jun 2019 04:13:10 -0400 Received: from mail-wr1-f68.google.com ([209.85.221.68]:37312 "EHLO mail-wr1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726375AbfF0INI (ORCPT ); Thu, 27 Jun 2019 04:13:08 -0400 Received: by mail-wr1-f68.google.com with SMTP id v14so1422643wrr.4 for ; Thu, 27 Jun 2019 01:13:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cumulusnetworks.com; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=HrZKo6Aol0PYOCPda411SrRBU1eZ+Kl41QmWjghT0dk=; b=cWTgxmhlpJBs4RuTOVnxXIWzSx7slZAgDDtonIxXzQLTVUY0dZPFSbPOrEIsq1+NJx 7AJqM3fYzR/vO+mo/L0QNwT4vdFzFyJRaGy2Gd3NLj/gdBe5qc42x/UVhNEBDsefxxkX g5xJRVWN5bzspHzb4pc7AYYgnGQxRsnA/i6ig= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=HrZKo6Aol0PYOCPda411SrRBU1eZ+Kl41QmWjghT0dk=; b=EjobhaY+EoEWFCS5ORcLqgRaKTPzZJSLChgWCVCLT9rmdyu557H5Hcj0E91SpX7M81 UanY17CVZQfvA991onETgowPixW3woyljbqv2wjMANfjYoBrJY5beZOkGrdfsgIWSdtZ w4Zf+byAgHe8A+s+MWvQ2+5e93fWsTmboWUYVub65vGJ1KjvzToKBT72P9+5d2qLiG7h XhuySv2t4pFhgXPXM9eDTFKKBrnGV4wetcWaUbzf8mssxvxDzPN5dOsvrOIdfzwxmBMZ d1PAklEWqW3TW7XH2kgz14Ky88xdgyrGjdslMafqaqiIwUaMvL3mtORlrAZZnkQoTKVG W/iQ== X-Gm-Message-State: APjAAAUGUO4r2CRFegBB4ZNwOvcGYZF3iUIQxQokqQBiVyCv0EF0327G P9c8qJ3EuOSDZAu/EnGg3P5Fq3OWzXo= X-Google-Smtp-Source: APXvYqwa/hwpy+lu82hZc8N6aOXtd6Ro7DWayAJtueyaqVEtF8/ZjgAswjY7iEmI1WRnvd8nk/b9fg== X-Received: by 2002:adf:dfc5:: with SMTP id q5mr2164949wrn.142.1561623186896; Thu, 27 Jun 2019 01:13:06 -0700 (PDT) Received: from localhost.localdomain (84-238-136-197.ip.btc-net.bg. [84.238.136.197]) by smtp.gmail.com with ESMTPSA id o6sm6969949wmc.15.2019.06.27.01.13.05 (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256); Thu, 27 Jun 2019 01:13:06 -0700 (PDT) From: Nikolay Aleksandrov To: netdev@vger.kernel.org Cc: roopa@cumulusnetworks.com, davem@davemloft.net, pablo@netfilter.org, xiyou.wangcong@gmail.com, jiri@resnulli.us, jhs@mojatatu.com, eyal.birger@gmail.com, Nikolay Aleksandrov Subject: [PATCH net-next v3 2/4] net: sched: em_ipt: set the family based on the packet if it's unspecified Date: Thu, 27 Jun 2019 11:10:45 +0300 Message-Id: <20190627081047.24537-3-nikolay@cumulusnetworks.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190627081047.24537-1-nikolay@cumulusnetworks.com> References: <20190627081047.24537-1-nikolay@cumulusnetworks.com> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Set the family based on the packet if it's unspecified otherwise protocol-neutral matches will have wrong information (e.g. NFPROTO_UNSPEC). In preparation for using NFPROTO_UNSPEC xt matches. v2: set the nfproto only when unspecified Suggested-by: Eyal Birger Signed-off-by: Nikolay Aleksandrov --- v3: no change net/sched/em_ipt.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/net/sched/em_ipt.c b/net/sched/em_ipt.c index 64dbafe4e94c..fd7f5b288c31 100644 --- a/net/sched/em_ipt.c +++ b/net/sched/em_ipt.c @@ -182,6 +182,7 @@ static int em_ipt_match(struct sk_buff *skb, struct tcf_ematch *em, const struct em_ipt_match *im = (const void *)em->data; struct xt_action_param acpar = {}; struct net_device *indev = NULL; + u8 nfproto = im->match->family; struct nf_hook_state state; int ret; @@ -189,10 +190,14 @@ static int em_ipt_match(struct sk_buff *skb, struct tcf_ematch *em, case htons(ETH_P_IP): if (!pskb_network_may_pull(skb, sizeof(struct iphdr))) return 0; + if (nfproto == NFPROTO_UNSPEC) + nfproto = NFPROTO_IPV4; break; case htons(ETH_P_IPV6): if (!pskb_network_may_pull(skb, sizeof(struct ipv6hdr))) return 0; + if (nfproto == NFPROTO_UNSPEC) + nfproto = NFPROTO_IPV6; break; default: return 0; @@ -203,7 +208,7 @@ static int em_ipt_match(struct sk_buff *skb, struct tcf_ematch *em, if (skb->skb_iif) indev = dev_get_by_index_rcu(em->net, skb->skb_iif); - nf_hook_state_init(&state, im->hook, im->match->family, + nf_hook_state_init(&state, im->hook, nfproto, indev ?: skb->dev, skb->dev, NULL, em->net, NULL); acpar.match = im->match; From patchwork Thu Jun 27 08:10:46 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nikolay Aleksandrov X-Patchwork-Id: 1123182 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=cumulusnetworks.com Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=cumulusnetworks.com header.i=@cumulusnetworks.com header.b="Vmx3sL0Q"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 45ZCMH17HNz9sCJ for ; Thu, 27 Jun 2019 18:13:15 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726484AbfF0INN (ORCPT ); Thu, 27 Jun 2019 04:13:13 -0400 Received: from mail-wr1-f68.google.com ([209.85.221.68]:41276 "EHLO mail-wr1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726464AbfF0INK (ORCPT ); Thu, 27 Jun 2019 04:13:10 -0400 Received: by mail-wr1-f68.google.com with SMTP id c2so1398493wrm.8 for ; Thu, 27 Jun 2019 01:13:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cumulusnetworks.com; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=DJsPt3g8bhkgO2JHeRTiGtyDrVJGoI40dWwB8prxKY4=; b=Vmx3sL0QALyEtnFiAjEJMJ6WuMlczY/BSV2qJi58fdrrYSohgqLUYn1CcDkoWfhG+s szz2Qj90V3DpWRW3JkKjmaueoGBeluwnZAfsR3d1fc5/F1jsXx0D66si3sRfLqkLyYRT AvKYSRr42Y8WHSqKvk9VuYt/f72pE4W0A/GWk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=DJsPt3g8bhkgO2JHeRTiGtyDrVJGoI40dWwB8prxKY4=; b=V2hXSWpzMkKRNeR49QWr7XuiiWaIVTs3rsz59O6KW4ecA3srpabjfwP0RY6r+0Negr kWAgoejD4NcpaCTS4NPklNcUheiyZjf905Yt76lgQc2nKeyhga5sN+1YMFGCVW8EZjeP RbcCPY0k6A6toOBaiQ/zg7h5XmsEid206XXhaMORYHrlg9vm3J+m1geXSKSHQhSxpW95 KDzsqn+05i9SifuPKVVZnA0H+cpdXYNKGihw5L2MlhKBEowVe5kzUGJEaG4AAC54Qogy aYIrMuG94nDR/EX5Xi7aKjPGdo8NMosiaRx1BvcH0oRdWletseddi63bRUU+eLBC5QXC TG3w== X-Gm-Message-State: APjAAAV9Bn8v2yVjGIFcpJC6j90WjvCLRiB48WBgoFC0Hsgi5IcGImcn PvDq0pPiGmPtHL7st0l4TMmQ4vdRKx0= X-Google-Smtp-Source: APXvYqx6jYyQrRkUpVHH0D8AUAiG5/j8x3b8m4h68gtGCjuSFScP49vInr0aNHAKQwk2bgzxCOjrgg== X-Received: by 2002:a5d:6743:: with SMTP id l3mr2197950wrw.284.1561623188035; Thu, 27 Jun 2019 01:13:08 -0700 (PDT) Received: from localhost.localdomain (84-238-136-197.ip.btc-net.bg. [84.238.136.197]) by smtp.gmail.com with ESMTPSA id o6sm6969949wmc.15.2019.06.27.01.13.06 (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256); Thu, 27 Jun 2019 01:13:07 -0700 (PDT) From: Nikolay Aleksandrov To: netdev@vger.kernel.org Cc: roopa@cumulusnetworks.com, davem@davemloft.net, pablo@netfilter.org, xiyou.wangcong@gmail.com, jiri@resnulli.us, jhs@mojatatu.com, eyal.birger@gmail.com, Nikolay Aleksandrov Subject: [PATCH net-next v3 3/4] net: sched: em_ipt: keep the user-specified nfproto and dump it Date: Thu, 27 Jun 2019 11:10:46 +0300 Message-Id: <20190627081047.24537-4-nikolay@cumulusnetworks.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190627081047.24537-1-nikolay@cumulusnetworks.com> References: <20190627081047.24537-1-nikolay@cumulusnetworks.com> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org If we dump NFPROTO_UNSPEC as nfproto user-space libxtables can't handle it and would exit with an error like: "libxtables: unhandled NFPROTO in xtables_set_nfproto" In order to avoid the error return the user-specified nfproto. If we don't record it then the match family is used which can be NFPROTO_UNSPEC. Even if we add support to mask NFPROTO_UNSPEC in iproute2 we have to be compatible with older versions which would be also be allowed to add NFPROTO_UNSPEC matches (e.g. addrtype after the last patch). v3: don't use the user nfproto for matching, only for dumping the rule, also don't allow the nfproto to be unspecified (explained above) v2: adjust changes to missing patch, was patch 04 in v1 Signed-off-by: Nikolay Aleksandrov --- Unfortunately we still have to save the user-nfproto for dumping otherwise we'll break user-space because it can add a rule which it won't be able to dump later and in fact will terminate the whole dump. I also thought about masking it but that seems more hacky, I'd prefer to return an expected value which was passed when the rule was created. net/sched/em_ipt.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/net/sched/em_ipt.c b/net/sched/em_ipt.c index fd7f5b288c31..3c356d6f719a 100644 --- a/net/sched/em_ipt.c +++ b/net/sched/em_ipt.c @@ -21,6 +21,7 @@ struct em_ipt_match { const struct xt_match *match; u32 hook; + u8 nfproto; u8 match_data[0] __aligned(8); }; @@ -115,6 +116,7 @@ static int em_ipt_change(struct net *net, void *data, int data_len, struct em_ipt_match *im = NULL; struct xt_match *match; int mdata_len, ret; + u8 nfproto; ret = nla_parse_deprecated(tb, TCA_EM_IPT_MAX, data, data_len, em_ipt_policy, NULL); @@ -125,6 +127,15 @@ static int em_ipt_change(struct net *net, void *data, int data_len, !tb[TCA_EM_IPT_MATCH_DATA] || !tb[TCA_EM_IPT_NFPROTO]) return -EINVAL; + nfproto = nla_get_u8(tb[TCA_EM_IPT_NFPROTO]); + switch (nfproto) { + case NFPROTO_IPV4: + case NFPROTO_IPV6: + break; + default: + return -EINVAL; + } + match = get_xt_match(tb); if (IS_ERR(match)) { pr_err("unable to load match\n"); @@ -140,6 +151,7 @@ static int em_ipt_change(struct net *net, void *data, int data_len, im->match = match; im->hook = nla_get_u32(tb[TCA_EM_IPT_HOOK]); + im->nfproto = nfproto; nla_memcpy(im->match_data, tb[TCA_EM_IPT_MATCH_DATA], mdata_len); ret = check_match(net, im, mdata_len); @@ -231,7 +243,7 @@ static int em_ipt_dump(struct sk_buff *skb, struct tcf_ematch *em) return -EMSGSIZE; if (nla_put_u8(skb, TCA_EM_IPT_MATCH_REVISION, im->match->revision) < 0) return -EMSGSIZE; - if (nla_put_u8(skb, TCA_EM_IPT_NFPROTO, im->match->family) < 0) + if (nla_put_u8(skb, TCA_EM_IPT_NFPROTO, im->nfproto) < 0) return -EMSGSIZE; if (nla_put(skb, TCA_EM_IPT_MATCH_DATA, im->match->usersize ?: im->match->matchsize, From patchwork Thu Jun 27 08:10:47 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nikolay Aleksandrov X-Patchwork-Id: 1123183 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=cumulusnetworks.com Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=cumulusnetworks.com header.i=@cumulusnetworks.com header.b="AWtJQbQA"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 45ZCMH6DS6z9sLt for ; Thu, 27 Jun 2019 18:13:15 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726646AbfF0INM (ORCPT ); Thu, 27 Jun 2019 04:13:12 -0400 Received: from mail-wr1-f65.google.com ([209.85.221.65]:33231 "EHLO mail-wr1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726632AbfF0INL (ORCPT ); Thu, 27 Jun 2019 04:13:11 -0400 Received: by mail-wr1-f65.google.com with SMTP id n9so1445395wru.0 for ; Thu, 27 Jun 2019 01:13:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cumulusnetworks.com; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=5sOD6naeLXiSsldLWJyNqacaRGnRa8BAZeXQKuUF/mM=; b=AWtJQbQAfQI7Lq78jAzUe5+OZCvC3/Q5BtMumugtPZdkyXnsS+W95OKxxSZikgZCg9 C8bOcaQnG68vXeMVb+y31bKyiPnIkueY5dA8BflqX32obbIMsEu8EUKcHfU3Xue6v2dm 3iwQ2tBFplwTV4sHxuUFar9H9UX4zqE1bb1ww= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=5sOD6naeLXiSsldLWJyNqacaRGnRa8BAZeXQKuUF/mM=; b=PA4GdlIMALSgR1fQoP/fXjUzwSAJ79E3IzkKN+X70IBJe/tryLAL6Ywg22EH/Pq8rq DZaToPK/KMIxxUZQxaccMQY/RxTJgKZjkf+Buw5D5shvKfeOV0D1zVm22vcoDMeQnk1d rBz94SfFCDnxmMwG75RZB0ALTKP4mZXPXfkAQ52VNl6m2BmTH5g4+SYKjZsTW8jRFWtU /dNf7HnxC6NVpOxvL/JT3ijfgnvg5imdDz5cT16rT+xslbvmVazLMn35sJ+LPiTG4yfM zRVPn5PYSEFMPTdY0AHK1I176fy1nJBfV21S3EMJx/21hFF08c8gKg7GTC+O42ixEgqY mDLg== X-Gm-Message-State: APjAAAUGAmpQYk4jFo40jK0MgPaYpzyLPWRUOcE1shWdHsf60n+WKeHJ TqiZ8zpLhaxLmghbYwvLmewqS+c1HXY= X-Google-Smtp-Source: APXvYqzp1+Ll0H0dEYF1OExtmtwUomSoAybvIk8Vr1eENwslOzpBJ6aTD7r7zAoFItbNM1gTAXtNgQ== X-Received: by 2002:a5d:4001:: with SMTP id n1mr2030355wrp.293.1561623189221; Thu, 27 Jun 2019 01:13:09 -0700 (PDT) Received: from localhost.localdomain (84-238-136-197.ip.btc-net.bg. [84.238.136.197]) by smtp.gmail.com with ESMTPSA id o6sm6969949wmc.15.2019.06.27.01.13.08 (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256); Thu, 27 Jun 2019 01:13:08 -0700 (PDT) From: Nikolay Aleksandrov To: netdev@vger.kernel.org Cc: roopa@cumulusnetworks.com, davem@davemloft.net, pablo@netfilter.org, xiyou.wangcong@gmail.com, jiri@resnulli.us, jhs@mojatatu.com, eyal.birger@gmail.com, Nikolay Aleksandrov Subject: [PATCH net-next v3 4/4] net: sched: em_ipt: add support for addrtype matching Date: Thu, 27 Jun 2019 11:10:47 +0300 Message-Id: <20190627081047.24537-5-nikolay@cumulusnetworks.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190627081047.24537-1-nikolay@cumulusnetworks.com> References: <20190627081047.24537-1-nikolay@cumulusnetworks.com> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Allow em_ipt to use addrtype for matching. Restrict the use only to revision 1 which has IPv6 support. Since it's a NFPROTO_UNSPEC xt match we use the user-specified nfproto for matching, in case it's unspecified both v4/v6 will be matched by the rule. v2: no changes, was patch 5 in v1 Signed-off-by: Nikolay Aleksandrov --- v3: no changes net/sched/em_ipt.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/net/sched/em_ipt.c b/net/sched/em_ipt.c index 3c356d6f719a..9fff6480acc6 100644 --- a/net/sched/em_ipt.c +++ b/net/sched/em_ipt.c @@ -72,11 +72,25 @@ static int policy_validate_match_data(struct nlattr **tb, u8 mrev) return 0; } +static int addrtype_validate_match_data(struct nlattr **tb, u8 mrev) +{ + if (mrev != 1) { + pr_err("only addrtype match revision 1 supported"); + return -EINVAL; + } + + return 0; +} + static const struct em_ipt_xt_match em_ipt_xt_matches[] = { { .match_name = "policy", .validate_match_data = policy_validate_match_data }, + { + .match_name = "addrtype", + .validate_match_data = addrtype_validate_match_data + }, {} };