diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2020-03-03 13:14:59 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2020-03-03 14:16:51 +0100 |
| commit | d42bd56cff1a22301703d2b9d6d6fc937ea7cfbd (patch) | |
| tree | 4bba0412324834f49303f0cf237991232daa033c | |
| parent | 8ab720e343af35366f02dc0b9bac102eeedcdbad (diff) | |
src: support for offload chain flag
This patch extends the basechain definition to allow users to specify
the offload flag. This flag enables hardware offload if your drivers
supports it.
# cat file.nft
table netdev x {
chain y {
type filter hook ingress device eth0 priority 10; flags offload;
}
}
# nft -f file.nft
Note: You have to enable offload via ethtool:
# ethtool -K eth0 hw-tc-offload on
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| -rw-r--r-- | include/rule.h | 1 | ||||
| -rw-r--r-- | src/mnl.c | 4 | ||||
| -rw-r--r-- | src/netlink.c | 2 | ||||
| -rw-r--r-- | src/parser_bison.y | 7 | ||||
| -rw-r--r-- | src/rule.c | 3 |
5 files changed, 17 insertions, 0 deletions
diff --git a/include/rule.h b/include/rule.h index ced63f3e..224e6871 100644 --- a/include/rule.h +++ b/include/rule.h @@ -175,6 +175,7 @@ extern struct table *table_lookup_fuzzy(const struct handle *h, */ enum chain_flags { CHAIN_F_BASECHAIN = 0x1, + CHAIN_F_HW_OFFLOAD = 0x2, }; /** @@ -624,6 +624,10 @@ int mnl_nft_chain_add(struct netlink_ctx *ctx, struct cmd *cmd, nftnl_chain_set_u32(nlc, NFTNL_CHAIN_FAMILY, cmd->handle.family); if (cmd->chain) { + if (cmd->chain->flags & CHAIN_F_HW_OFFLOAD) { + nftnl_chain_set_u32(nlc, NFTNL_CHAIN_FLAGS, + CHAIN_F_HW_OFFLOAD); + } if (cmd->chain->flags & CHAIN_F_BASECHAIN) { nftnl_chain_set_u32(nlc, NFTNL_CHAIN_HOOKNUM, cmd->chain->hooknum); diff --git a/src/netlink.c b/src/netlink.c index 0c6b8c58..671923f3 100644 --- a/src/netlink.c +++ b/src/netlink.c @@ -435,6 +435,8 @@ struct chain *netlink_delinearize_chain(struct netlink_ctx *ctx, xstrdup(nftnl_chain_get_str(nlc, NFTNL_CHAIN_TABLE)); chain->handle.handle.id = nftnl_chain_get_u64(nlc, NFTNL_CHAIN_HANDLE); + if (nftnl_chain_is_set(nlc, NFTNL_CHAIN_FLAGS)) + chain->flags = nftnl_chain_get_u32(nlc, NFTNL_CHAIN_FLAGS); if (nftnl_chain_is_set(nlc, NFTNL_CHAIN_HOOKNUM) && nftnl_chain_is_set(nlc, NFTNL_CHAIN_PRIO) && diff --git a/src/parser_bison.y b/src/parser_bison.y index 4c27fcc6..b37e9e56 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -1667,6 +1667,7 @@ chain_block : /* empty */ { $$ = $<chain>-1; } | chain_block stmt_separator | chain_block hook_spec stmt_separator | chain_block policy_spec stmt_separator + | chain_block flags_spec stmt_separator | chain_block rule stmt_separator { list_add_tail(&$2->list, &$1->rules); @@ -2154,6 +2155,12 @@ dev_spec : DEVICE string | /* empty */ { $$ = NULL; } ; +flags_spec : FLAGS OFFLOAD + { + $<chain>0->flags |= CHAIN_F_HW_OFFLOAD; + } + ; + policy_spec : POLICY policy_expr { if ($<chain>0->policy) { @@ -1177,6 +1177,9 @@ static void chain_print_declaration(const struct chain *chain, nft_print(octx, " policy %s;", chain_policy2str(policy)); } + if (chain->flags & CHAIN_F_HW_OFFLOAD) + nft_print(octx, " flags offload;"); + nft_print(octx, "\n"); } } |