commit 0efc7d680626e8fe174c009c2437dd6d68922d62
author developer <developer@mediatek.com> Wed Nov 15 16:26:42 2023 +0800
committer developer <developer@mediatek.com> Thu Nov 16 17:14:05 2023 +0800
tree 3c55cad875627ab003ca9288bdf4c2c232ea1c89
parent 95b55c03b9e76ddeb6c822ab52968c133883c8ca

[][kernel][mt7988][hnat][Add support for preventing hardware acceleration via skb mark checking]

[Description]
Add support for preventing hardware acceleration with skb mark checking

Without this patch, the users are unable to prevent specific
packets from being accelerated by hardware.

Example: Use iptables to mark packets with SIP=$SIP and DIP=$DIP
	to prevent them from being accelerated by hardware
	(to BIND state).

iptables -t mangle -A PREROUTING -s $SIP -d $DIP -j MARK --set-mark 0x99

[Release-log]
N/A


Change-Id: Ib41c6f922188fd9492fc45d95e152cc362d61d6e
Reviewed-on: https://gerrit.mediatek.inc/c/openwrt/feeds/mtk_openwrt_feeds/+/8254622

target/linux/mediatek/files-5.4/drivers/net/ethernet/mediatek/mtk_hnat/hnat.h

diff --git a/target/linux/mediatek/files-5.4/drivers/net/ethernet/mediatek/mtk_hnat/hnat.h b/target/linux/mediatek/files-5.4/drivers/net/ethernet/mediatek/mtk_hnat/hnat.h
index 8f11a83..e672b41 100644
--- a/target/linux/mediatek/files-5.4/drivers/net/ethernet/mediatek/mtk_hnat/hnat.h
+++ b/target/linux/mediatek/files-5.4/drivers/net/ethernet/mediatek/mtk_hnat/hnat.h
@@ -867,6 +867,11 @@
 #endif
 #define CFG_PPE_NUM		(hnat_priv->ppe_num)
 
+/* If the user wants to set skb->mark to prevent hardware acceleration
+ * for the packet flow.
+ */
+#define HNAT_EXCEPTION_TAG	0x99
+
 struct mib_entry {
 	u32 byt_cnt_l;
 	u16 byt_cnt_h;

target/linux/mediatek/files-5.4/drivers/net/ethernet/mediatek/mtk_hnat/hnat_nf_hook.c

diff --git a/target/linux/mediatek/files-5.4/drivers/net/ethernet/mediatek/mtk_hnat/hnat_nf_hook.c b/target/linux/mediatek/files-5.4/drivers/net/ethernet/mediatek/mtk_hnat/hnat_nf_hook.c
index 7af79ee..235d5ad 100644
--- a/target/linux/mediatek/files-5.4/drivers/net/ethernet/mediatek/mtk_hnat/hnat_nf_hook.c
+++ b/target/linux/mediatek/files-5.4/drivers/net/ethernet/mediatek/mtk_hnat/hnat_nf_hook.c
@@ -2673,6 +2673,9 @@
 	if (unlikely(!skb_hnat_is_hashed(skb)))
 		return 0;
 
+	if (unlikely(skb->mark == HNAT_EXCEPTION_TAG))
+		return 0;
+
 	if (out->netdev_ops->ndo_flow_offload_check) {
 		out->netdev_ops->ndo_flow_offload_check(&hw_path);
 		out = (IS_GMAC1_MODE) ? hw_path.virt_dev : hw_path.dev;