| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 6 Oct 2021 16:06:54 +0300
From: Volodymyr Mytnyk <volodymyr.mytnyk@...ision.eu>
To: netdev@...r.kernel.org
Cc: Volodymyr Mytnyk <vmytnyk@...vell.com>,
"David S. Miller" <davem@...emloft.net>,
Jakub Kicinski <kuba@...nel.org>, Chris Mi <cmi@...dia.com>,
Roi Dayan <roid@...dia.com>, linux-kernel@...r.kernel.org
Subject: [PATCH net-next] flow_offload: add l4 port range match
From: Volodymyr Mytnyk <vmytnyk@...vell.com>
Current flow offload API doen't allow to offload l4 port range
match dissector (FLOW_DISSECTOR_KEY_PORTS_RANGE) in the driver,
as is no relevant data struct that will hold this information
and pass it to the driver.
Thus, to make offload of l4 port range possible by other drivers
add dedicated dissector port range struct to get min and max
value provided by user.
- add flow_dissector_key_ports_range to store
l4 port range match.
- add flow_match_ports_range key/mask
tc cmd example:
tc qd add dev PORT clsact
tc filter add dev PORT protocol ip ingress \
flower skip_sw ip_proto udp src_port 2-37 action drop
Signed-off-by: Volodymyr Mytnyk <vmytnyk@...vell.com>
---
include/net/flow_dissector.h | 10 ++++++++++
include/net/flow_offload.h | 6 ++++++
net/core/flow_offload.c | 7 +++++++
3 files changed, 23 insertions(+)
diff --git a/include/net/flow_dissector.h b/include/net/flow_dissector.h
index ffd386ea0dbb..8eada83a816e 100644
--- a/include/net/flow_dissector.h
+++ b/include/net/flow_dissector.h
@@ -177,6 +177,16 @@ struct flow_dissector_key_ports {
};
/**
+ * struct flow_dissector_key_ports_range:
+ * @tp_min: min port number in range
+ * @tp_max: max port number in range
+ */
+struct flow_dissector_key_ports_range {
+ struct flow_dissector_key_ports tp_min;
+ struct flow_dissector_key_ports tp_max;
+};
+
+/**
* flow_dissector_key_icmp:
* type: ICMP type
* code: ICMP code
diff --git a/include/net/flow_offload.h b/include/net/flow_offload.h
index dc5c1e69cd9f..cb480afa674d 100644
--- a/include/net/flow_offload.h
+++ b/include/net/flow_offload.h
@@ -48,6 +48,10 @@ struct flow_match_ports {
struct flow_dissector_key_ports *key, *mask;
};
+struct flow_match_ports_range {
+ struct flow_dissector_key_ports_range *key, *mask;
+};
+
struct flow_match_icmp {
struct flow_dissector_key_icmp *key, *mask;
};
@@ -94,6 +98,8 @@ void flow_rule_match_ip(const struct flow_rule *rule,
struct flow_match_ip *out);
void flow_rule_match_ports(const struct flow_rule *rule,
struct flow_match_ports *out);
+void flow_rule_match_ports_range(const struct flow_rule *rule,
+ struct flow_match_ports_range *out);
void flow_rule_match_tcp(const struct flow_rule *rule,
struct flow_match_tcp *out);
void flow_rule_match_icmp(const struct flow_rule *rule,
diff --git a/net/core/flow_offload.c b/net/core/flow_offload.c
index 715b67f6c62f..d218c1deb40b 100644
--- a/net/core/flow_offload.c
+++ b/net/core/flow_offload.c
@@ -104,6 +104,13 @@ void flow_rule_match_ports(const struct flow_rule *rule,
}
EXPORT_SYMBOL(flow_rule_match_ports);
+void flow_rule_match_ports_range(const struct flow_rule *rule,
+ struct flow_match_ports_range *out)
+{
+ FLOW_DISSECTOR_MATCH(rule, FLOW_DISSECTOR_KEY_PORTS_RANGE, out);
+}
+EXPORT_SYMBOL(flow_rule_match_ports_range);
+
void flow_rule_match_tcp(const struct flow_rule *rule,
struct flow_match_tcp *out)
{
--
2.7.4
Powered by blists - more mailing lists