lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 11 Jul 2022 18:09:08 +0300 From: Maksym Glubokiy <maksym.glubokiy@...ision.eu> To: Taras Chornyi <tchornyi@...vell.com>, "David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com> Cc: Maksym Glubokiy <maksym.glubokiy@...ision.eu>, netdev@...r.kernel.org, linux-kernel@...r.kernel.org, Volodymyr Mytnyk <volodymyr.mytnyk@...ision.eu> Subject: [PATCH net-next v2 2/2] net: prestera: add support for port range filters This adds support for port-range rules: $ tc qdisc add ... clsact $ tc filter add ... flower ... src_port <PMIN>-<PMAX> ... Co-developed-by: Volodymyr Mytnyk <volodymyr.mytnyk@...ision.eu> Signed-off-by: Volodymyr Mytnyk <volodymyr.mytnyk@...ision.eu> Signed-off-by: Maksym Glubokiy <maksym.glubokiy@...ision.eu> --- .../marvell/prestera/prestera_flower.c | 24 +++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/drivers/net/ethernet/marvell/prestera/prestera_flower.c b/drivers/net/ethernet/marvell/prestera/prestera_flower.c index a54748ac6541..652aa95e65ac 100644 --- a/drivers/net/ethernet/marvell/prestera/prestera_flower.c +++ b/drivers/net/ethernet/marvell/prestera/prestera_flower.c @@ -202,6 +202,7 @@ static int prestera_flower_parse(struct prestera_flow_block *block, BIT(FLOW_DISSECTOR_KEY_IPV6_ADDRS) | BIT(FLOW_DISSECTOR_KEY_ICMP) | BIT(FLOW_DISSECTOR_KEY_PORTS) | + BIT(FLOW_DISSECTOR_KEY_PORTS_RANGE) | BIT(FLOW_DISSECTOR_KEY_VLAN))) { NL_SET_ERR_MSG_MOD(f->common.extack, "Unsupported key"); return -EOPNOTSUPP; @@ -301,6 +302,29 @@ static int prestera_flower_parse(struct prestera_flow_block *block, rule_match_set(r_match->mask, L4_PORT_DST, match.mask->dst); } + if (flow_rule_match_key(f_rule, FLOW_DISSECTOR_KEY_PORTS_RANGE)) { + struct flow_match_ports_range match; + __be32 tp_key, tp_mask; + + flow_rule_match_ports_range(f_rule, &match); + + /* src port range (min, max) */ + tp_key = htonl(ntohs(match.key->tp_min.src) | + (ntohs(match.key->tp_max.src) << 16)); + tp_mask = htonl(ntohs(match.mask->tp_min.src) | + (ntohs(match.mask->tp_max.src) << 16)); + rule_match_set(r_match->key, L4_PORT_RANGE_SRC, tp_key); + rule_match_set(r_match->mask, L4_PORT_RANGE_SRC, tp_mask); + + /* dst port range (min, max) */ + tp_key = htonl(ntohs(match.key->tp_min.dst) | + (ntohs(match.key->tp_max.dst) << 16)); + tp_mask = htonl(ntohs(match.mask->tp_min.dst) | + (ntohs(match.mask->tp_max.dst) << 16)); + rule_match_set(r_match->key, L4_PORT_RANGE_DST, tp_key); + rule_match_set(r_match->mask, L4_PORT_RANGE_DST, tp_mask); + } + if (flow_rule_match_key(f_rule, FLOW_DISSECTOR_KEY_VLAN)) { struct flow_match_vlan match; -- 2.25.1
Powered by blists - more mailing lists