From 8e6cc9f373854ed580156ec6f01bcd97786fa9f7 Mon Sep 17 00:00:00 2001
From: Frank Wunderlich <frank-w@public-files.de>
Date: Sun, 21 Mar 2021 17:49:16 +0100
Subject: nftables: add flags offload to flowtable

allow flags (currently only offload) in flowtables like it is stated
here: https://lwn.net/Articles/804384/

tested on mt7622/Bananapi-R64

table ip filter {
	flowtable f {
		hook ingress priority filter + 1
		devices = { lan3, lan0, wan }
		flags offload;
	}

	chain forward {
		type filter hook forward priority filter; policy accept;
		ip protocol { tcp, udp } flow add @f
	}
}

table ip nat {
	chain post {
		type nat hook postrouting priority filter; policy accept;
		oifname "wan" masquerade
	}
}

Signed-off-by: Frank Wunderlich <frank-w@public-files.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/mnl.c | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'src/mnl.c')

diff --git a/src/mnl.c b/src/mnl.c
index deea586f..ffbfe481 100644
--- a/src/mnl.c
+++ b/src/mnl.c
@@ -1779,6 +1779,11 @@ int mnl_nft_flowtable_add(struct netlink_ctx *ctx, struct cmd *cmd,
 		nftnl_flowtable_set_u32(flo, NFTNL_FLOWTABLE_PRIO, 0);
 	}
 
+	if (cmd->flowtable->flags & FLOWTABLE_F_HW_OFFLOAD) {
+		nftnl_flowtable_set_u32(flo, NFTNL_FLOWTABLE_FLAGS,
+				    NFT_FLOWTABLE_HW_OFFLOAD);
+	}
+
 	if (cmd->flowtable->dev_expr) {
 		dev_array = nft_flowtable_dev_array(cmd);
 		nftnl_flowtable_set_data(flo, NFTNL_FLOWTABLE_DEVICES,
-- 
cgit v1.2.3