* [PATCH nf-next v5 0/2] netfilter: nf_tables_offload: support fwd_netdev offload @ 2019-08-21 4:56 wenxu 2019-08-21 4:56 ` [PATCH nf-next v5 1/2] netfilter: nf_flow_offload: add net in offload_ctx wenxu 2019-08-21 4:56 ` [PATCH nf-next v5 2/2] netfilter: nft_fwd_netdev: add fw_netdev action support wenxu 0 siblings, 2 replies; 4+ messages in thread From: wenxu @ 2019-08-21 4:56 UTC (permalink / raw) To: pablo, fw; +Cc: netfilter-devel From: wenxu <wenxu@ucloud.cn> This series patch support fwd_netdev offload: 1). add net in offload ctx to make get the netdevice in the related net. 2). add fw_netdev action offload This version just split from the orignal big seriese without dependency with each other wenxu (2): netfilter: nf_flow_offload: add net in offload_ctx netfilter: nft_fwd_netdev: add fw_netdev action support include/net/netfilter/nf_tables_offload.h | 3 ++- net/netfilter/nf_tables_api.c | 2 +- net/netfilter/nf_tables_offload.c | 3 ++- net/netfilter/nft_fwd_netdev.c | 26 ++++++++++++++++++++++++++ 4 files changed, 31 insertions(+), 3 deletions(-) -- 1.8.3.1 ^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH nf-next v5 1/2] netfilter: nf_flow_offload: add net in offload_ctx 2019-08-21 4:56 [PATCH nf-next v5 0/2] netfilter: nf_tables_offload: support fwd_netdev offload wenxu @ 2019-08-21 4:56 ` wenxu 2019-09-02 6:12 ` wenxu 2019-08-21 4:56 ` [PATCH nf-next v5 2/2] netfilter: nft_fwd_netdev: add fw_netdev action support wenxu 1 sibling, 1 reply; 4+ messages in thread From: wenxu @ 2019-08-21 4:56 UTC (permalink / raw) To: pablo, fw; +Cc: netfilter-devel From: wenxu <wenxu@ucloud.cn> In the offload_ctx, the net can be used for other actions such as fwd netdev Signed-off-by: wenxu <wenxu@ucloud.cn> --- v5: no change include/net/netfilter/nf_tables_offload.h | 3 ++- net/netfilter/nf_tables_api.c | 2 +- net/netfilter/nf_tables_offload.c | 3 ++- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/include/net/netfilter/nf_tables_offload.h b/include/net/netfilter/nf_tables_offload.h index 8a5969d9..71453fd 100644 --- a/include/net/netfilter/nf_tables_offload.h +++ b/include/net/netfilter/nf_tables_offload.h @@ -25,6 +25,7 @@ struct nft_offload_ctx { __be16 l3num; u8 protonum; } dep; + struct net *net; unsigned int num_actions; struct nft_offload_reg regs[NFT_REG32_15 + 1]; }; @@ -61,7 +62,7 @@ struct nft_flow_rule { #define NFT_OFFLOAD_F_ACTION (1 << 0) struct nft_rule; -struct nft_flow_rule *nft_flow_rule_create(const struct nft_rule *rule); +struct nft_flow_rule *nft_flow_rule_create(struct net *net, const struct nft_rule *rule); void nft_flow_rule_destroy(struct nft_flow_rule *flow); int nft_flow_rule_offload_commit(struct net *net); void nft_indr_block_get_and_ing_cmd(struct net_device *dev, diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index fe3b7b0..d4f611a 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -2844,7 +2844,7 @@ static int nf_tables_newrule(struct net *net, struct sock *nlsk, return nft_table_validate(net, table); if (chain->flags & NFT_CHAIN_HW_OFFLOAD) { - flow = nft_flow_rule_create(rule); + flow = nft_flow_rule_create(net, rule); if (IS_ERR(flow)) return PTR_ERR(flow); diff --git a/net/netfilter/nf_tables_offload.c b/net/netfilter/nf_tables_offload.c index d3c4c9c..9d9a864 100644 --- a/net/netfilter/nf_tables_offload.c +++ b/net/netfilter/nf_tables_offload.c @@ -28,12 +28,13 @@ static struct nft_flow_rule *nft_flow_rule_alloc(int num_actions) return flow; } -struct nft_flow_rule *nft_flow_rule_create(const struct nft_rule *rule) +struct nft_flow_rule *nft_flow_rule_create(struct net *net, const struct nft_rule *rule) { struct nft_offload_ctx ctx = { .dep = { .type = NFT_OFFLOAD_DEP_UNSPEC, }, + .net = net, }; struct nft_flow_rule *flow; int num_actions = 0, err; -- 1.8.3.1 ^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH nf-next v5 1/2] netfilter: nf_flow_offload: add net in offload_ctx 2019-08-21 4:56 ` [PATCH nf-next v5 1/2] netfilter: nf_flow_offload: add net in offload_ctx wenxu @ 2019-09-02 6:12 ` wenxu 0 siblings, 0 replies; 4+ messages in thread From: wenxu @ 2019-09-02 6:12 UTC (permalink / raw) To: pablo, fw; +Cc: netfilter-devel Hi pablo, How about this series? BR wenxu On 8/21/2019 12:56 PM, wenxu@ucloud.cn wrote: > From: wenxu <wenxu@ucloud.cn> > > In the offload_ctx, the net can be used for other actions > such as fwd netdev > > Signed-off-by: wenxu <wenxu@ucloud.cn> > --- > v5: no change > > include/net/netfilter/nf_tables_offload.h | 3 ++- > net/netfilter/nf_tables_api.c | 2 +- > net/netfilter/nf_tables_offload.c | 3 ++- > 3 files changed, 5 insertions(+), 3 deletions(-) > > diff --git a/include/net/netfilter/nf_tables_offload.h b/include/net/netfilter/nf_tables_offload.h > index 8a5969d9..71453fd 100644 > --- a/include/net/netfilter/nf_tables_offload.h > +++ b/include/net/netfilter/nf_tables_offload.h > @@ -25,6 +25,7 @@ struct nft_offload_ctx { > __be16 l3num; > u8 protonum; > } dep; > + struct net *net; > unsigned int num_actions; > struct nft_offload_reg regs[NFT_REG32_15 + 1]; > }; > @@ -61,7 +62,7 @@ struct nft_flow_rule { > #define NFT_OFFLOAD_F_ACTION (1 << 0) > > struct nft_rule; > -struct nft_flow_rule *nft_flow_rule_create(const struct nft_rule *rule); > +struct nft_flow_rule *nft_flow_rule_create(struct net *net, const struct nft_rule *rule); > void nft_flow_rule_destroy(struct nft_flow_rule *flow); > int nft_flow_rule_offload_commit(struct net *net); > void nft_indr_block_get_and_ing_cmd(struct net_device *dev, > diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c > index fe3b7b0..d4f611a 100644 > --- a/net/netfilter/nf_tables_api.c > +++ b/net/netfilter/nf_tables_api.c > @@ -2844,7 +2844,7 @@ static int nf_tables_newrule(struct net *net, struct sock *nlsk, > return nft_table_validate(net, table); > > if (chain->flags & NFT_CHAIN_HW_OFFLOAD) { > - flow = nft_flow_rule_create(rule); > + flow = nft_flow_rule_create(net, rule); > if (IS_ERR(flow)) > return PTR_ERR(flow); > > diff --git a/net/netfilter/nf_tables_offload.c b/net/netfilter/nf_tables_offload.c > index d3c4c9c..9d9a864 100644 > --- a/net/netfilter/nf_tables_offload.c > +++ b/net/netfilter/nf_tables_offload.c > @@ -28,12 +28,13 @@ static struct nft_flow_rule *nft_flow_rule_alloc(int num_actions) > return flow; > } > > -struct nft_flow_rule *nft_flow_rule_create(const struct nft_rule *rule) > +struct nft_flow_rule *nft_flow_rule_create(struct net *net, const struct nft_rule *rule) > { > struct nft_offload_ctx ctx = { > .dep = { > .type = NFT_OFFLOAD_DEP_UNSPEC, > }, > + .net = net, > }; > struct nft_flow_rule *flow; > int num_actions = 0, err; ^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH nf-next v5 2/2] netfilter: nft_fwd_netdev: add fw_netdev action support 2019-08-21 4:56 [PATCH nf-next v5 0/2] netfilter: nf_tables_offload: support fwd_netdev offload wenxu 2019-08-21 4:56 ` [PATCH nf-next v5 1/2] netfilter: nf_flow_offload: add net in offload_ctx wenxu @ 2019-08-21 4:56 ` wenxu 1 sibling, 0 replies; 4+ messages in thread From: wenxu @ 2019-08-21 4:56 UTC (permalink / raw) To: pablo, fw; +Cc: netfilter-devel From: wenxu <wenxu@ucloud.cn> fwd_netdev action offload: nft --debug=netlink add rule netdev firewall aclout ip daddr 10.0.1.7 fwd to eth0 Signed-off-by: wenxu <wenxu@ucloud.cn> --- v5: no offload_actions callback net/netfilter/nft_fwd_netdev.c | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/net/netfilter/nft_fwd_netdev.c b/net/netfilter/nft_fwd_netdev.c index 61b7f93..8c52765 100644 --- a/net/netfilter/nft_fwd_netdev.c +++ b/net/netfilter/nft_fwd_netdev.c @@ -15,6 +15,7 @@ #include <net/netfilter/nf_dup_netdev.h> #include <net/neighbour.h> #include <net/ip.h> +#include <net/netfilter/nf_tables_offload.h> struct nft_fwd_netdev { enum nft_registers sreg_dev:8; @@ -63,6 +64,30 @@ static int nft_fwd_netdev_dump(struct sk_buff *skb, const struct nft_expr *expr) return -1; } +static int nft_fwd_netdev_offload(struct nft_offload_ctx *ctx, + struct nft_flow_rule *flow, + const struct nft_expr *expr) +{ + const struct nft_fwd_netdev *priv = nft_expr_priv(expr); + struct nft_offload_reg *reg = &ctx->regs[priv->sreg_dev]; + const struct nft_data *data = ®->data; + struct flow_action_entry *entry; + struct net_device *dev; + int oif = -1; + + entry = &flow->rule->action.entries[ctx->num_actions++]; + + memcpy(&oif, data->data, sizeof(oif)); + dev = __dev_get_by_index(ctx->net, oif); + if (!dev) + return -EOPNOTSUPP; + + entry->id = FLOW_ACTION_REDIRECT; + entry->dev = dev; + + return 0; +} + struct nft_fwd_neigh { enum nft_registers sreg_dev:8; enum nft_registers sreg_addr:8; @@ -194,6 +219,7 @@ static int nft_fwd_neigh_dump(struct sk_buff *skb, const struct nft_expr *expr) .eval = nft_fwd_netdev_eval, .init = nft_fwd_netdev_init, .dump = nft_fwd_netdev_dump, + .offload = nft_fwd_netdev_offload, }; static const struct nft_expr_ops * -- 1.8.3.1 ^ permalink raw reply related [flat|nested] 4+ messages in thread
end of thread, other threads:[~2019-09-02 6:12 UTC | newest] Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2019-08-21 4:56 [PATCH nf-next v5 0/2] netfilter: nf_tables_offload: support fwd_netdev offload wenxu 2019-08-21 4:56 ` [PATCH nf-next v5 1/2] netfilter: nf_flow_offload: add net in offload_ctx wenxu 2019-09-02 6:12 ` wenxu 2019-08-21 4:56 ` [PATCH nf-next v5 2/2] netfilter: nft_fwd_netdev: add fw_netdev action support wenxu
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).