netfilter: nf_flow_table_offload: add IPv6 match description

author Pablo Neira Ayuso <pablo@netfilter.org>

Fri, 29 Nov 2019 09:07:01 +0000 (10:07 +0100)

committer Pablo Neira Ayuso <pablo@netfilter.org>

Sat, 30 Nov 2019 18:45:42 +0000 (19:45 +0100)
author Pablo Neira Ayuso <pablo@netfilter.org>
Fri, 29 Nov 2019 09:07:01 +0000 (10:07 +0100)
committer Pablo Neira Ayuso <pablo@netfilter.org>
Sat, 30 Nov 2019 18:45:42 +0000 (19:45 +0100)
diff --git a/net/netfilter/nf_flow_table_offload.c b/net/netfilter/nf_flow_table_offload.c

index dd78ae5441e976ef364b576d3c4f33e3aed059d0..c94ebad78c5c4358384539fe136d6b940557c963 100644 (file)
--- a/net/netfilter/nf_flow_table_offload.c
+++ b/net/netfilter/nf_flow_table_offload.c
@@ -28,6 +28,7 @@ struct nf_flow_key {
         struct flow_dissector_key_basic                 basic;
         union {
                 struct flow_dissector_key_ipv4_addrs    ipv4;
+               struct flow_dissector_key_ipv6_addrs    ipv6;
         };
         struct flow_dissector_key_tcp                   tcp;
         struct flow_dissector_key_ports                 tp;
@@ -57,6 +58,7 @@ static int nf_flow_rule_match(struct nf_flow_match *match,
         NF_FLOW_DISSECTOR(match, FLOW_DISSECTOR_KEY_CONTROL, control);
         NF_FLOW_DISSECTOR(match, FLOW_DISSECTOR_KEY_BASIC, basic);
         NF_FLOW_DISSECTOR(match, FLOW_DISSECTOR_KEY_IPV4_ADDRS, ipv4);
+       NF_FLOW_DISSECTOR(match, FLOW_DISSECTOR_KEY_IPV6_ADDRS, ipv6);
         NF_FLOW_DISSECTOR(match, FLOW_DISSECTOR_KEY_TCP, tcp);
         NF_FLOW_DISSECTOR(match, FLOW_DISSECTOR_KEY_PORTS, tp);
  
@@ -69,9 +71,18 @@ static int nf_flow_rule_match(struct nf_flow_match *match,
                 key->ipv4.dst = tuple->dst_v4.s_addr;
                 mask->ipv4.dst = 0xffffffff;
                 break;
+       case AF_INET6:
+               key->control.addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS;
+               key->basic.n_proto = htons(ETH_P_IPV6);
+               key->ipv6.src = tuple->src_v6;
+               memset(&mask->ipv6.src, 0xff, sizeof(mask->ipv6.src));
+               key->ipv6.dst = tuple->dst_v6;
+               memset(&mask->ipv6.dst, 0xff, sizeof(mask->ipv6.dst));
+               break;
         default:
                 return -EOPNOTSUPP;
         }
+       match->dissector.used_keys |= BIT(key->control.addr_type);
         mask->basic.n_proto = 0xffff;
  
         switch (tuple->l4proto) {
@@ -96,7 +107,6 @@ static int nf_flow_rule_match(struct nf_flow_match *match,
  
         match->dissector.used_keys |= BIT(FLOW_DISSECTOR_KEY_CONTROL) |
                                       BIT(FLOW_DISSECTOR_KEY_BASIC) |
-                                     BIT(FLOW_DISSECTOR_KEY_IPV4_ADDRS) |
                                       BIT(FLOW_DISSECTOR_KEY_PORTS);
         return 0;
  }
author	Pablo Neira Ayuso <pablo@netfilter.org>
	Fri, 29 Nov 2019 09:07:01 +0000 (10:07 +0100)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Sat, 30 Nov 2019 18:45:42 +0000 (19:45 +0100)