hardware offloading: resolve bridge interfaces

2025-01-03 23:10:35 +05:00 · 2022-02-16 21:48:02 +03:00 · 2022-02-16 21:48:02 +03:00 · 0b242d6068
commit 0b242d6068
parent 12c778b56a
3 changed files with 46 additions and 11 deletions
--- a/common/base.sh
+++ b/common/base.sh
@ -49,23 +49,31 @@ end_with_newline()
 	local c=$(tail -c 1)
 	[ "$c" = "" ]
 }
-make_separator_list()
+
+append_separator_list()
 {
 	# $1 - var name to receive result
 	# $2 - separator
-	# $3,$4,... - elements
-	local var="$1" sep="$2" i
+	# $3 - quoter
+	# $4,$5,... - elements
+	local _var="$1" sep="$2" quo="$3" i

-	shift; shift
+	eval i="\$$_var"
+	shift; shift; shift
 	while [ -n "$1" ]; do
 		if [ -n "$i" ] ; then
-			i=$i$sep$1
+			i="$i$sep$quo$1$quo"
 		else
-			i=$1
+			i="$quo$1$quo"
 		fi
 		shift
 	done
-	eval $var=$i
+	eval $_var="\$i"
+}
+make_separator_list()
+{
+	eval $1=''
+	append_separator_list "$@"
 }
 make_comma_list()
 {
@ -73,7 +81,7 @@ make_comma_list()
 	# $2,$3,... - elements
 	local var="$1"
 	shift
-	make_separator_list $var , "$@"
+	make_separator_list $var , '' "$@"
 }
 unique()
 {
--- a/common/linux_iphelper.sh
+++ b/common/linux_iphelper.sh
@ -109,3 +109,20 @@ unprepare_route_localnet()
 {
 	set_route_localnet 0 "$@"
 }
+
+resolve_lower_devices()
+{
+	# $1 - bridge interface name
+	[ -d "/sys/class/net/$1" ] && {
+		find "/sys/class/net/$1" -follow -maxdepth 1 -name "lower_*" |
+		{
+			local l lower lowers
+			while read lower; do
+				lower=$(basename "$lower")
+				l="${lower#lower_*}"
+				[  "$l" != "$lower" ] && append_separator_list lowers ' ' '' "$l"
+			done
+			printf "$lowers"
+		}
+	}
+}
--- a/common/nft.sh
+++ b/common/nft.sh
@ -235,7 +235,7 @@ nft_script_add_ifset_element()
 	# $2 - space separated elements
 	local elements
 	[ -n "$2" ] && {
-		make_comma_list elements $2
+		make_separator_list elements ' ' '"' $2
 		script="${script}
 add element inet $ZAPRET_NFT_TABLE $1 { $elements }"
 	}
@ -246,7 +246,7 @@ nft_fill_ifsets()
 	# $2 - space separated wan interface names
 	# $3 - space separated wan6 interface names

-	local script i ALLDEVS
+	local script i j ALLDEVS devs

 	# if large sets exist nft works very ineffectively
 	# looks like it analyzes the whole table blob to find required data pieces
@ -274,7 +274,17 @@ flush set inet $ZAPRET_NFT_TABLE lanif"
 			nft_create_or_update_flowtable 'offload' 2>/dev/null
 			# then add elements. some of them can cause error because unsupported
 			for i in $ALLDEVS; do
-				nft_hw_offload_supported $i && nft_create_or_update_flowtable 'offload' $i
+				if nft_hw_offload_supported $i; then
+					nft_create_or_update_flowtable 'offload' $i
+				else
+					# bridge members must be added instead of the bridge itself
+					devs=$(resolve_lower_devices $i)
+					[ -n "$devs" ] && nft_hw_offload_supported $devs && {
+						for j in $devs; do
+							nft_create_or_update_flowtable 'offload' $j
+						done
+					}
+				fi
 			done
 			;;
 	esac