review.tizen.org Git - platform/kernel/linux-rpi.git/commit

author	Pablo Neira Ayuso <pablo@netfilter.org>
	Tue, 9 Jul 2019 21:00:43 +0000 (23:00 +0200)
committer	David S. Miller <davem@davemloft.net>
	Tue, 9 Jul 2019 21:38:51 +0000 (14:38 -0700)
commit	c9626a2cbdb20e26587b3fad99960520a023432b
tree	1bebc0df6ae6c70cd2b4cb04c435a881cd3d8441	tree \| snapshot
parent	f9e30088d20016a224d8110d45356da253eaa26a	commit \| diff

netfilter: nf_tables: add hardware offload support

This patch adds hardware offload support for nftables through the
existing netdev_ops->ndo_setup_tc() interface, the TC_SETUP_CLSFLOWER
classifier and the flow rule API. This hardware offload support is
available for the NFPROTO_NETDEV family and the ingress hook.

Each nftables expression has a new ->offload interface, that is used to
populate the flow rule object that is attached to the transaction
object.

There is a new per-table NFT_TABLE_F_HW flag, that is set on to offload
an entire table, including all of its chains.

This patch supports for basic metadata (layer 3 and 4 protocol numbers),
5-tuple payload matching and the accept/drop actions; this also includes
basechain hardware offload only.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

include/net/netfilter/nf_tables.h		diff \| blob \| history
include/net/netfilter/nf_tables_offload.h	[new file with mode: 0644]	blob
include/uapi/linux/netfilter/nf_tables.h		diff \| blob \| history
net/netfilter/Makefile		diff \| blob \| history
net/netfilter/nf_tables_api.c		diff \| blob \| history
net/netfilter/nf_tables_offload.c	[new file with mode: 0644]	blob
net/netfilter/nft_cmp.c		diff \| blob \| history
net/netfilter/nft_immediate.c		diff \| blob \| history
net/netfilter/nft_meta.c		diff \| blob \| history
net/netfilter/nft_payload.c		diff \| blob \| history