diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2017-12-03 21:27:03 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-03-05 16:30:15 +0100 |
commit | fa42f2118746f35ae6883ef5b0d4758863282fc9 (patch) | |
tree | bac51951392313ae1a4b2bff0af5bfc2bd0c60a8 /src/netlink_linearize.c | |
parent | f1f6c326d78594fd0dc279d4870502addcd6fcc2 (diff) |
src: flow offload support
This patch allows us to refer to existing flowtables:
# nft add rule x x flow offload @m
Packets matching this rule create an entry in the flow table 'm', hence,
follow up packets that get to the flowtable at ingress bypass the
classic forwarding path.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/netlink_linearize.c')
-rw-r--r-- | src/netlink_linearize.c | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/src/netlink_linearize.c b/src/netlink_linearize.c index 77abdcb8..5edb2d3d 100644 --- a/src/netlink_linearize.c +++ b/src/netlink_linearize.c @@ -1201,6 +1201,17 @@ static void netlink_gen_notrack_stmt(struct netlink_linearize_ctx *ctx, nftnl_rule_add_expr(ctx->nlr, nle); } +static void netlink_gen_flow_offload_stmt(struct netlink_linearize_ctx *ctx, + const struct stmt *stmt) +{ + struct nftnl_expr *nle; + + nle = alloc_nft_expr("flow_offload"); + nftnl_expr_set_str(nle, NFTNL_EXPR_FLOW_TABLE_NAME, + stmt->flow.table_name); + nftnl_rule_add_expr(ctx->nlr, nle); +} + static void netlink_gen_set_stmt(struct netlink_linearize_ctx *ctx, const struct stmt *stmt) { @@ -1300,6 +1311,8 @@ static void netlink_gen_stmt(struct netlink_linearize_ctx *ctx, break; case STMT_NOTRACK: return netlink_gen_notrack_stmt(ctx, stmt); + case STMT_FLOW_OFFLOAD: + return netlink_gen_flow_offload_stmt(ctx, stmt); case STMT_OBJREF: return netlink_gen_objref_stmt(ctx, stmt); default: |