git.proxmox.com Git - mirror_ubuntu-hirsute-kernel.git/commit

author	Pablo Neira Ayuso <pablo@netfilter.org>
	Mon, 11 Nov 2019 23:29:56 +0000 (00:29 +0100)
committer	David S. Miller <davem@davemloft.net>
	Wed, 13 Nov 2019 03:42:26 +0000 (19:42 -0800)
commit	c29f74e0df7a02b8303bcdce93a7c0132d62577a
tree	7aa07ff32a7c48caaadc7814b95d93d72677bc25	tree
parent	8bb69f3b2918788435cbd5834c66682642c09fba	commit \| diff

netfilter: nf_flow_table: hardware offload support

This patch adds the dataplane hardware offload to the flowtable
infrastructure. Three new flags represent the hardware state of this
flow:

* FLOW_OFFLOAD_HW: This flow entry resides in the hardware.
* FLOW_OFFLOAD_HW_DYING: This flow entry has been scheduled to be remove
  from hardware. This might be triggered by either packet path (via TCP
  RST/FIN packet) or via aging.
* FLOW_OFFLOAD_HW_DEAD: This flow entry has been already removed from
  the hardware, the software garbage collector can remove it from the
  software flowtable.

This patch supports for:

* IPv4 only.
* Aging via FLOW_CLS_STATS, no packet and byte counter synchronization
  at this stage.

This patch also adds the action callback that specifies how to convert
the flow entry into the flow_rule object that is passed to the driver.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

include/linux/netdevice.h		diff \| blob \| blame \| history
include/net/netfilter/nf_flow_table.h		diff \| blob \| blame \| history
net/ipv4/netfilter/nf_flow_table_ipv4.c		diff \| blob \| blame \| history
net/ipv6/netfilter/nf_flow_table_ipv6.c		diff \| blob \| blame \| history
net/netfilter/Makefile		diff \| blob \| blame \| history
net/netfilter/nf_flow_table_core.c		diff \| blob \| blame \| history
net/netfilter/nf_flow_table_inet.c		diff \| blob \| blame \| history
net/netfilter/nf_flow_table_offload.c	[new file with mode: 0644]	blob