From fa42f2118746f35ae6883ef5b0d4758863282fc9 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Sun, 3 Dec 2017 21:27:03 +0100
Subject: src: flow offload support

This patch allows us to refer to existing flowtables:

 # nft add rule x x flow offload @m

Packets matching this rule create an entry in the flow table 'm', hence,
follow up packets that get to the flowtable at ingress bypass the
classic forwarding path.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/ct.c | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

(limited to 'src/ct.c')

diff --git a/src/ct.c b/src/ct.c
index bdf50d7a..edfe5586 100644
--- a/src/ct.c
+++ b/src/ct.c
@@ -456,3 +456,26 @@ struct stmt *notrack_stmt_alloc(const struct location *loc)
 {
 	return stmt_alloc(loc, &notrack_stmt_ops);
 }
+
+static void flow_offload_stmt_print(const struct stmt *stmt,
+				    struct output_ctx *octx)
+{
+	printf("flow offload @%s", stmt->flow.table_name);
+}
+
+static const struct stmt_ops flow_offload_stmt_ops = {
+	.type		= STMT_FLOW_OFFLOAD,
+	.name		= "flow_offload",
+	.print		= flow_offload_stmt_print,
+};
+
+struct stmt *flow_offload_stmt_alloc(const struct location *loc,
+				     const char *table_name)
+{
+	struct stmt *stmt;
+
+	stmt = stmt_alloc(loc, &flow_offload_stmt_ops);
+	stmt->flow.table_name	= table_name;
+
+	return stmt;
+}
-- 
cgit v1.2.3