netfilter: flowtable: bridge vlan hardware offload and switchdev

The switch might have already added the VLAN tag through PVID hardware offload. Keep this extra VLAN in the flowtable but skip it on egress. Signed-off-by: Felix Fietkau <nbd@nbd.name> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Felix Fietkau <nbd@nbd.name> 2021-03-24 02:30:48 +0100
committer: David S. Miller <davem@davemloft.net> 2021-03-24 12:48:39 -0700
commit: 26267bf9bb57d504c785d8659adc8e02b6629c95 (patch)
tree: 1aff391d24412388d48b3c93dbccfb4dd4b3aacd /net/netfilter/nf_flow_table_offload.c
parent: 73f97025a972cd1506e8b1986264b2fb8833df7c (diff)
download: linux-26267bf9bb57d504c785d8659adc8e02b6629c95.tar.gz
1 files changed, 5 insertions, 1 deletions
diff --git a/net/netfilter/nf_flow_table_offload.c b/net/netfilter/nf_flow_table_offload.c
index e0d079601fcb47..9326ba74745ec5 100644
--- a/net/netfilter/nf_flow_table_offload.c
+++ b/net/netfilter/nf_flow_table_offload.c
@@ -594,8 +594,12 @@ nf_flow_rule_route_common(struct net *net, const struct flow_offload *flow,
 	other_tuple = &flow->tuplehash[!dir].tuple;
 
 	for (i = 0; i < other_tuple->encap_num; i++) {
-		struct flow_action_entry *entry = flow_action_entry_next(flow_rule);
+		struct flow_action_entry *entry;
 
+		if (other_tuple->in_vlan_ingress & BIT(i))
+			continue;
+
+		entry = flow_action_entry_next(flow_rule);
 		entry->id = FLOW_ACTION_VLAN_PUSH;
 		entry->vlan.vid = other_tuple->encap[i].id;
 		entry->vlan.proto = other_tuple->encap[i].proto;
author	Felix Fietkau <nbd@nbd.name>	2021-03-24 02:30:48 +0100
committer	David S. Miller <davem@davemloft.net>	2021-03-24 12:48:39 -0700
commit	26267bf9bb57d504c785d8659adc8e02b6629c95 (patch)
tree	1aff391d24412388d48b3c93dbccfb4dd4b3aacd /net/netfilter/nf_flow_table_offload.c
parent	73f97025a972cd1506e8b1986264b2fb8833df7c (diff)
download	linux-26267bf9bb57d504c785d8659adc8e02b6629c95.tar.gz