| commit | 1da165d66ad88c4e2e5610e45a6b40e2cb88ecce | [log] [tgz] |
|---|---|---|
| author | developer <developer@mediatek.com> | Wed Nov 15 16:26:42 2023 +0800 |
| committer | developer <developer@mediatek.com> | Thu Nov 16 17:14:05 2023 +0800 |
| tree | e90413e075bff81bcf5b7dc82e583fe91297215e | |
| parent | 101ced48d0fca55949edc2181106f83d5f6971ba [diff] |
[][kernel][mt7988][hnat][Add support for preventing hardware acceleration via skb mark checking] [Description] Add support for preventing hardware acceleration with skb mark checking Without this patch, the users are unable to prevent specific packets from being accelerated by hardware. Example: Use iptables to mark packets with SIP=$SIP and DIP=$DIP to prevent them from being accelerated by hardware (to BIND state). iptables -t mangle -A PREROUTING -s $SIP -d $DIP -j MARK --set-mark 0x99 [Release-log] N/A Change-Id: Ib41c6f922188fd9492fc45d95e152cc362d61d6e Reviewed-on: https://gerrit.mediatek.inc/c/openwrt/feeds/mtk_openwrt_feeds/+/8254622
diff --git a/target/linux/mediatek/files-5.4/drivers/net/ethernet/mediatek/mtk_hnat/hnat.h b/target/linux/mediatek/files-5.4/drivers/net/ethernet/mediatek/mtk_hnat/hnat.h index 8f11a83..e672b41 100644 --- a/target/linux/mediatek/files-5.4/drivers/net/ethernet/mediatek/mtk_hnat/hnat.h +++ b/target/linux/mediatek/files-5.4/drivers/net/ethernet/mediatek/mtk_hnat/hnat.h
@@ -867,6 +867,11 @@ #endif #define CFG_PPE_NUM (hnat_priv->ppe_num) +/* If the user wants to set skb->mark to prevent hardware acceleration + * for the packet flow. + */ +#define HNAT_EXCEPTION_TAG 0x99 + struct mib_entry { u32 byt_cnt_l; u16 byt_cnt_h;
diff --git a/target/linux/mediatek/files-5.4/drivers/net/ethernet/mediatek/mtk_hnat/hnat_nf_hook.c b/target/linux/mediatek/files-5.4/drivers/net/ethernet/mediatek/mtk_hnat/hnat_nf_hook.c index 7af79ee..235d5ad 100644 --- a/target/linux/mediatek/files-5.4/drivers/net/ethernet/mediatek/mtk_hnat/hnat_nf_hook.c +++ b/target/linux/mediatek/files-5.4/drivers/net/ethernet/mediatek/mtk_hnat/hnat_nf_hook.c
@@ -2673,6 +2673,9 @@ if (unlikely(!skb_hnat_is_hashed(skb))) return 0; + if (unlikely(skb->mark == HNAT_EXCEPTION_TAG)) + return 0; + if (out->netdev_ops->ndo_flow_offload_check) { out->netdev_ops->ndo_flow_offload_check(&hw_path); out = (IS_GMAC1_MODE) ? hw_path.virt_dev : hw_path.dev;