On Tue, Apr 08, 2025 at 04:28:47PM +0200, Eric Woudstra wrote:
> In case of a bridge in the forward-fastpath or bridge-fastpath the fdb is
> used to create the tuple. In case of roaming at layer 2 level, for example
> 802.11r, the destination device is changed in the fdb. The destination
> device of a direct transmitting tuple is no longer valid and traffic is
> send to the wrong destination. Also the hardware offloaded fastpath is not
> valid anymore.
>
> In case of roaming, a switchdev notification is send to delete the old fdb
> entry. Upon receiving this notification, mark all direct transmitting flows
> with the same ifindex, vid and hardware address as the fdb entry to be
> teared down. The hardware offloaded fastpath is still in effect, so
> minimize the delay of the work queue by setting the delay to zero.
>
> Signed-off-by: Eric Woudstra <ericwouds@xxxxxxxxx>
> ---
> net/netfilter/nf_flow_table_core.c | 65 ++++++++++++++++++++++++++++++
> 1 file changed, 65 insertions(+)
>
> diff --git a/net/netfilter/nf_flow_table_core.c b/net/netfilter/nf_flow_table_core.c
...
> +struct notifier_block nf_flow_table_switchdev_nb __read_mostly = {
> + .notifier_call = nf_flow_table_switchdev_event,
> +};
Hi Eric,
A minor nit from my side:
nf_flow_table_switchdev_nb seems only be used in this file and if so it
should be static.
Flagged by Sparse.
> +
> void nf_flow_table_free(struct nf_flowtable *flow_table)
> {
> mutex_lock(&flowtable_lock);
> @@ -816,6 +874,10 @@ static int __init nf_flow_table_module_init(void)
> if (ret)
> goto out_offload;
>
> + ret = register_switchdev_notifier(&nf_flow_table_switchdev_nb);
> + if (ret < 0)
> + goto out_sw_noti;
> +
> ret = nf_flow_register_bpf();
> if (ret)
> goto out_bpf;
> @@ -823,6 +885,8 @@ static int __init nf_flow_table_module_init(void)
> return 0;
>
> out_bpf:
> + unregister_switchdev_notifier(&nf_flow_table_switchdev_nb);
> +out_sw_noti:
> nf_flow_table_offload_exit();
> out_offload:
> unregister_pernet_subsys(&nf_flow_table_net_ops);
> @@ -831,6 +895,7 @@ static int __init nf_flow_table_module_init(void)
>
> static void __exit nf_flow_table_module_exit(void)
> {
> + unregister_switchdev_notifier(&nf_flow_table_switchdev_nb);
> nf_flow_table_offload_exit();
> unregister_pernet_subsys(&nf_flow_table_net_ops);
> }
> --
> 2.47.1
>
