linux/include/net/netfilter, branch v5.5Mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/
https://git.shady.money/linux/atom?h=v5.52020-01-06T09:30:46Znetfilter: flowtable: add nf_flowtable_time_stamp2020-01-06T09:30:46ZPablo Neira Ayusopablo@netfilter.org2020-01-03T17:10:04Zurn:sha1:fb46f1b7806977e9135a83eb347e5d82e68233a2
This patch adds nf_flowtable_time_stamp and updates the existing code to
use it.
This patch is also implicitly fixing up hardware statistic fetching via
nf_flow_offload_stats() where casting to u32 is missing. Use
nf_flow_timeout_delta() to fix this.
Fixes: c29f74e0df7a ("netfilter: nf_flow_table: hardware offload support")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Acked-by: wenxu <wenxu@ucloud.cn>
treewide: Use sizeof_field() macro2019-12-09T18:36:44ZPankaj Bharadiyapankaj.laxminarayan.bharadiya@intel.com2019-12-09T18:31:43Zurn:sha1:c593642c8be046915ca3a4a300243a68077cd207
Replace all the occurrences of FIELD_SIZEOF() with sizeof_field() except
at places where these are defined. Later patches will remove the unused
definition of FIELD_SIZEOF().
This patch is generated using following script:
EXCLUDE_FILES="include/linux/stddef.h|include/linux/kernel.h"
git grep -l -e "\bFIELD_SIZEOF\b" | while read file;
do
if [[ "$file" =~ $EXCLUDE_FILES ]]; then
continue
fi
sed -i -e 's/\bFIELD_SIZEOF\b/sizeof_field/g' $file;
done
Signed-off-by: Pankaj Bharadiya <pankaj.laxminarayan.bharadiya@intel.com>
Link: https://lore.kernel.org/r/20190924105839.110713-3-pankaj.laxminarayan.bharadiya@intel.com
Co-developed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
Acked-by: David Miller <davem@davemloft.net> # for net
netfilter: nf_tables: constify nft_reg_load{8, 16, 64}()2019-11-20T19:21:34ZPablo Neira Ayusopablo@netfilter.org2019-11-19T22:05:52Zurn:sha1:7cd9a58d6860ae09acd7f0c219b5fa333703f72f
This patch constifies the pointer to source register data that is passed
as an input parameter.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
netfilter: nf_flow_table_offload: add IPv6 support2019-11-15T22:44:47ZPablo Neira Ayusopablo@netfilter.org2019-11-13T13:08:01Zurn:sha1:5c27d8d76ce810c6254cf5917a6019d824f34bd2
Add nf_flow_rule_route_ipv6() and use it from the IPv6 and the inet
flowtable type definitions. Rename the nf_flow_rule_route() function to
nf_flow_rule_route_ipv4().
Adjust maximum number of actions, which now becomes 16 to leave
sufficient room for the IPv6 address mangling for NAT.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
netfilter: nft_meta: offload support for interface index2019-11-13T09:41:34ZPablo Neira Ayusopablo@netfilter.org2019-10-28T15:02:50Zurn:sha1:25da5eb32cd51383f6dca7aad252376f1979c075
This patch adds support for offloading the NFT_META_IIF selector.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
netfilter: nf_flow_table: hardware offload support2019-11-13T03:42:26ZPablo Neira Ayusopablo@netfilter.org2019-11-11T23:29:56Zurn:sha1:c29f74e0df7a02b8303bcdce93a7c0132d62577a
This patch adds the dataplane hardware offload to the flowtable
infrastructure. Three new flags represent the hardware state of this
flow:
* FLOW_OFFLOAD_HW: This flow entry resides in the hardware.
* FLOW_OFFLOAD_HW_DYING: This flow entry has been scheduled to be remove
from hardware. This might be triggered by either packet path (via TCP
RST/FIN packet) or via aging.
* FLOW_OFFLOAD_HW_DEAD: This flow entry has been already removed from
the hardware, the software garbage collector can remove it from the
software flowtable.
This patch supports for:
* IPv4 only.
* Aging via FLOW_CLS_STATS, no packet and byte counter synchronization
at this stage.
This patch also adds the action callback that specifies how to convert
the flow entry into the flow_rule object that is passed to the driver.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
netfilter: nf_tables: add flowtable offload control plane2019-11-13T03:42:26ZPablo Neira Ayusopablo@netfilter.org2019-11-11T23:29:55Zurn:sha1:8bb69f3b2918788435cbd5834c66682642c09fba
This patch adds the NFTA_FLOWTABLE_FLAGS attribute that allows users to
specify the NF_FLOWTABLE_HW_OFFLOAD flag. This patch also adds a new
setup interface for the flowtable type to perform the flowtable offload
block callback configuration.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
netfilter: nf_flow_table: detach routing information from flow description2019-11-13T03:42:26ZPablo Neira Ayusopablo@netfilter.org2019-11-11T23:29:54Zurn:sha1:f1363e058b84e61d39f9796fa806090ad7a28ebd
This patch adds the infrastructure to support for flow entry types.
The initial type is NF_FLOW_OFFLOAD_ROUTE that stores the routing
information into the flow entry to define a fastpath for the classic
forwarding path.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
netfilter: nf_flowtable: remove flow_offload_entry structure2019-11-13T03:42:26ZPablo Neira Ayusopablo@netfilter.org2019-11-11T23:29:53Zurn:sha1:62248df88a406a443b838a3633a7f60a716f999e
Move rcu_head to struct flow_offload, then remove the flow_offload_entry
structure definition.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
netfilter: nf_flow_table: remove union from flow_offload structure2019-11-13T03:42:26ZPablo Neira Ayusopablo@netfilter.org2019-11-11T23:29:52Zurn:sha1:9f48e9bf253aa292dbf10f173f6f4c02d0349f45
Drivers do not have access to the flow_offload structure, hence remove
this union from this flow_offload object as well as the original comment
on top of it.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>