Skip to content

Network packet filter fixes #88544

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 9 commits into from
Apr 16, 2025
Merged

Network packet filter fixes #88544

merged 9 commits into from
Apr 16, 2025

Conversation

jukkar
Copy link
Member

@jukkar jukkar commented Apr 12, 2025

Updating following things in network packet filter support:

  • VLAN support added
  • Network sample that shows how to use the filters
  • Statistics support for packets dropped by filters. This is useful as otherwise it is difficult to know whether the packet was dropped by the filter or not
  • Shell support. Added net filter net-shell command which shows information about the used filters
  • Misc fixes and debugging helpers

jukkar added 3 commits April 11, 2025 15:03
@jukkar
net: pkt_filter: Avoid unused function warning
48b9d7a 
The get_ip_rules() function is only used if IPv4 or IPv6
filtering is enabled so add checks to avoid unused function
warning.

Signed-off-by: Jukka Rissanen <[email protected]>
@jukkar
net: pkt_filter: Add statistics support to packet filter
0b5717c 
As the network packet filter drops packets without any indication
that the packet is dropped, it can be difficult to monitor what
is going on in the system when receiving data. The user can
now monitor the statistics and see if packets are being dropped
because of packet filter activity.

Signed-off-by: Jukka Rissanen <[email protected]>
@jukkar
net: virtual: Hook into packet filter processing
55713d1 
Make sure that we check possible network packet filtering status
before accepting the packet.

Signed-off-by: Jukka Rissanen <[email protected]>
@jukkar jukkar assigned rlubos and unassigned kartben Apr 12, 2025
@jukkar jukkar force-pushed the devel/net-pkt-filter-overhaul branch from 9e914b9 to 7b6baa2 Compare April 13, 2025 13:48
pdgendt
pdgendt previously approved these changes Apr 14, 2025
View reviewed changes
Copy link
Collaborator

@pdgendt pdgendt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Only non-blocking nits

jukkar added 6 commits April 14, 2025 15:20
@jukkar
net: pkt_filter: Add enablers for shell support
b916e0c 
Add helpers and enablers that allow "net filter" shell command to
work.

Signed-off-by: Jukka Rissanen <[email protected]>
@jukkar
net: shell: Add packet filter support
d423feb 
Add a "net filter" command that will allow user to see the
current network packet filter configuration.

Signed-off-by: Jukka Rissanen <[email protected]>
@jukkar
net: pkt_filter: Add more debug prints when matching packets
efb9b3b 
Add some more useful debug prints when checking packets.

Signed-off-by: Jukka Rissanen <[email protected]>
@jukkar
net: pkt_filter: Add VLAN support to filtering
34061ea 
The Ethernet matching needs tweaking so that it will also
work with VLAN packets.

Signed-off-by: Jukka Rissanen <[email protected]>
@jukkar
tests: net: npf: Add VLAN tests
3c5e655 
Add tests for VLAN matching.

Signed-off-by: Jukka Rissanen <[email protected]>
@jukkar
samples: net: pkt_filter: Add a sample to demo packet filtering
e6cee80 
Add a network packet filtering sample to show how the packet
filtering can be used.

Signed-off-by: Jukka Rissanen <[email protected]>
@jukkar jukkar force-pushed the devel/net-pkt-filter-overhaul branch from 7b6baa2 to e6cee80 Compare April 14, 2025 12:21
@jukkar
Copy link
Member Author

jukkar commented Apr 14, 2025

Updated according to comments.

rlubos
rlubos approved these changes Apr 14, 2025
View reviewed changes
Copy link
Collaborator

@rlubos rlubos left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@kartben kartben merged commit 3064c7b into zephyrproject-rtos:main Apr 16, 2025
25 checks passed
@jukkar jukkar deleted the devel/net-pkt-filter-overhaul branch April 16, 2025 10:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pdgendt pdgendt pdgendt approved these changes

@rlubos rlubos rlubos approved these changes

@kartben kartben Awaiting requested review from kartben

@nashif nashif Awaiting requested review from nashif

@ssharks ssharks Awaiting requested review from ssharks

@tbursztyka tbursztyka Awaiting requested review from tbursztyka

Assignees

@rlubos rlubos

Labels
area: Networking area: Samples Samples
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@jukkar @pdgendt @rlubos @kartben