diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2017-12-03 21:27:03 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-03-05 16:30:15 +0100 |
commit | fa42f2118746f35ae6883ef5b0d4758863282fc9 (patch) | |
tree | bac51951392313ae1a4b2bff0af5bfc2bd0c60a8 /src | |
parent | f1f6c326d78594fd0dc279d4870502addcd6fcc2 (diff) |
src: flow offload support
This patch allows us to refer to existing flowtables:
# nft add rule x x flow offload @m
Packets matching this rule create an entry in the flow table 'm', hence,
follow up packets that get to the flowtable at ingress bypass the
classic forwarding path.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src')
-rw-r--r-- | src/ct.c | 23 | ||||
-rw-r--r-- | src/evaluate.c | 1 | ||||
-rw-r--r-- | src/netlink_delinearize.c | 11 | ||||
-rw-r--r-- | src/netlink_linearize.c | 13 | ||||
-rw-r--r-- | src/parser_bison.y | 5 | ||||
-rw-r--r-- | src/scanner.l | 1 |
6 files changed, 54 insertions, 0 deletions
@@ -456,3 +456,26 @@ struct stmt *notrack_stmt_alloc(const struct location *loc) { return stmt_alloc(loc, ¬rack_stmt_ops); } + +static void flow_offload_stmt_print(const struct stmt *stmt, + struct output_ctx *octx) +{ + printf("flow offload @%s", stmt->flow.table_name); +} + +static const struct stmt_ops flow_offload_stmt_ops = { + .type = STMT_FLOW_OFFLOAD, + .name = "flow_offload", + .print = flow_offload_stmt_print, +}; + +struct stmt *flow_offload_stmt_alloc(const struct location *loc, + const char *table_name) +{ + struct stmt *stmt; + + stmt = stmt_alloc(loc, &flow_offload_stmt_ops); + stmt->flow.table_name = table_name; + + return stmt; +} diff --git a/src/evaluate.c b/src/evaluate.c index 51841136..41ba1617 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -2786,6 +2786,7 @@ int stmt_evaluate(struct eval_ctx *ctx, struct stmt *stmt) case STMT_LIMIT: case STMT_QUOTA: case STMT_NOTRACK: + case STMT_FLOW_OFFLOAD: return 0; case STMT_EXPRESSION: return stmt_evaluate_expr(ctx, stmt); diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c index c7df2b43..d65aacf8 100644 --- a/src/netlink_delinearize.c +++ b/src/netlink_delinearize.c @@ -686,6 +686,16 @@ static void netlink_parse_notrack(struct netlink_parse_ctx *ctx, ctx->stmt = notrack_stmt_alloc(loc); } +static void netlink_parse_flow_offload(struct netlink_parse_ctx *ctx, + const struct location *loc, + const struct nftnl_expr *nle) +{ + const char *table_name; + + table_name = xstrdup(nftnl_expr_get_str(nle, NFTNL_EXPR_FLOW_TABLE_NAME)); + ctx->stmt = flow_offload_stmt_alloc(loc, table_name); +} + static void netlink_parse_ct_stmt(struct netlink_parse_ctx *ctx, const struct location *loc, const struct nftnl_expr *nle) @@ -1294,6 +1304,7 @@ static const struct { { .name = "hash", .parse = netlink_parse_hash }, { .name = "fib", .parse = netlink_parse_fib }, { .name = "tcpopt", .parse = netlink_parse_exthdr }, + { .name = "flow_offload", .parse = netlink_parse_flow_offload }, }; static int netlink_parse_expr(const struct nftnl_expr *nle, diff --git a/src/netlink_linearize.c b/src/netlink_linearize.c index 77abdcb8..5edb2d3d 100644 --- a/src/netlink_linearize.c +++ b/src/netlink_linearize.c @@ -1201,6 +1201,17 @@ static void netlink_gen_notrack_stmt(struct netlink_linearize_ctx *ctx, nftnl_rule_add_expr(ctx->nlr, nle); } +static void netlink_gen_flow_offload_stmt(struct netlink_linearize_ctx *ctx, + const struct stmt *stmt) +{ + struct nftnl_expr *nle; + + nle = alloc_nft_expr("flow_offload"); + nftnl_expr_set_str(nle, NFTNL_EXPR_FLOW_TABLE_NAME, + stmt->flow.table_name); + nftnl_rule_add_expr(ctx->nlr, nle); +} + static void netlink_gen_set_stmt(struct netlink_linearize_ctx *ctx, const struct stmt *stmt) { @@ -1300,6 +1311,8 @@ static void netlink_gen_stmt(struct netlink_linearize_ctx *ctx, break; case STMT_NOTRACK: return netlink_gen_notrack_stmt(ctx, stmt); + case STMT_FLOW_OFFLOAD: + return netlink_gen_flow_offload_stmt(ctx, stmt); case STMT_OBJREF: return netlink_gen_objref_stmt(ctx, stmt); default: diff --git a/src/parser_bison.y b/src/parser_bison.y index 15d2432a..b637ab07 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -251,6 +251,7 @@ int nft_lex(void *, void *, void *); %token SIZE "size" %token FLOW "flow" +%token OFFLOAD "offload" %token METER "meter" %token METERS "meters" @@ -3411,6 +3412,10 @@ meta_stmt : META meta_key SET stmt_expr { $$ = notrack_stmt_alloc(&@$); } + | FLOW OFFLOAD AT string + { + $$ = flow_offload_stmt_alloc(&@$, $4); + } ; offset_opt : /* empty */ { $$ = 0; } diff --git a/src/scanner.l b/src/scanner.l index 79dccda2..38e92db0 100644 --- a/src/scanner.l +++ b/src/scanner.l @@ -298,6 +298,7 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr}) "memory" { return MEMORY; } "flow" { return FLOW; } +"offload" { return OFFLOAD; } "meter" { return METER; } "meters" { return METERS; } |