From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Subject: [PATCH nf-next 0/2] nf_tables: vlan matching & mangling
Date: Fri, 10 May 2024 02:07:17 +0200 [thread overview]
Message-ID: <20240510000719.3205-1-pablo@netfilter.org> (raw)
Hi,
This patchset revisits vlan matching & mangling support for nf_tables:
Patch #1 restores q-in-q matching by reverting
f6ae9f120dad ("netfilter: nft_payload: add C-VLAN support").
Support for matching on inner vlan headers when vlan offload
was already available before such commit.
Patch #2 adds a parser to deal with setting the skbuff vlan offload
fields based on the payload offset and length. Userspace is
agnostic of the kernel vlan offload capabilities, hence,
kernel checks if offset and length refers to the skbuff
vlan_proto and vlan_tci fields. This also supports mangling
q-in-q too.
Note #2 only supports for vlan tag mangling: For pop/push tags a new
actions is required, I already made code for pushing tags which never
got integrated that I can polish and prepare for submission.
I am currently extending tests/shell/testcases/packetpath/vlan_8021ad_tag
to improve coverage for these two cases. I have already have a few
scripts to test this patches with containers but I need to integrate
them into the aforementioned tests/shell script, I will keep you posted.
Pablo Neira Ayuso (2):
netfilter: nft_payload: restore vlan q-in-q match support
netfilter: nft_payload: skbuff vlan metadata mangle support
net/netfilter/nft_payload.c | 95 ++++++++++++++++++++++++++++---------
1 file changed, 72 insertions(+), 23 deletions(-)
--
2.30.2
next reply other threads:[~2024-05-10 0:07 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-10 0:07 Pablo Neira Ayuso [this message]
2024-05-10 0:07 ` [PATCH nf-next 1/2] netfilter: nft_payload: restore vlan q-in-q match support Pablo Neira Ayuso
2024-05-10 0:07 ` [PATCH nf-next 2/2] netfilter: nft_payload: skbuff vlan metadata mangle support Pablo Neira Ayuso
2024-05-10 13:11 ` kernel test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240510000719.3205-1-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).