diff options
author | Frank Wunderlich <frank-w@public-files.de> | 2021-03-21 17:49:16 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-03-25 12:10:30 +0100 |
commit | 8e6cc9f373854ed580156ec6f01bcd97786fa9f7 (patch) | |
tree | 03ed5f94524a9dd610b45fbabc6bd2356e07682f /src/rule.c | |
parent | f699e4c06a26b4977f4a5d220a0c5260b71d6433 (diff) |
nftables: add flags offload to flowtable
allow flags (currently only offload) in flowtables like it is stated
here: https://lwn.net/Articles/804384/
tested on mt7622/Bananapi-R64
table ip filter {
flowtable f {
hook ingress priority filter + 1
devices = { lan3, lan0, wan }
flags offload;
}
chain forward {
type filter hook forward priority filter; policy accept;
ip protocol { tcp, udp } flow add @f
}
}
table ip nat {
chain post {
type nat hook postrouting priority filter; policy accept;
oifname "wan" masquerade
}
}
Signed-off-by: Frank Wunderlich <frank-w@public-files.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/rule.c')
-rw-r--r-- | src/rule.c | 4 |
1 files changed, 4 insertions, 0 deletions
@@ -2223,6 +2223,10 @@ static void flowtable_print_declaration(const struct flowtable *flowtable, nft_print(octx, " }%s", opts->stmt_separator); } + if (flowtable->flags & NFT_FLOWTABLE_HW_OFFLOAD) + nft_print(octx, "%s%sflags offload;%s", opts->tab, opts->tab, + opts->stmt_separator); + if (flowtable->flags & NFT_FLOWTABLE_COUNTER) nft_print(octx, "%s%scounter%s", opts->tab, opts->tab, opts->stmt_separator); |