netfilter: nft_meta: offload support for interface index

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

This patch adds support for offloading the NFT_META_IIF selector.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

Pablo Neira Ayuso 6 years ago 25da5eb3 90bc72b1

2 changed files

expand all

include

net

netfilter

nf_tables_offload.h

net

netfilter

nft_meta.c

include/net/netfilter/nf_tables_offload.h

··· 45 45 struct flow_dissector_key_ip ip; 46 46 struct flow_dissector_key_vlan vlan; 47 47 struct flow_dissector_key_eth_addrs eth_addrs; 48 + struct flow_dissector_key_meta meta; 48 49 } __aligned(BITS_PER_LONG / 8); /* Ensure that we can do comparisons as longs. */ 49 50 50 51 struct nft_flow_match {

net/netfilter/nft_meta.c

··· 547 547 sizeof(__u8), reg); 548 548 nft_offload_set_dependency(ctx, NFT_OFFLOAD_DEP_TRANSPORT); 549 549 break; 550 + case NFT_META_IIF: 551 + NFT_OFFLOAD_MATCH(FLOW_DISSECTOR_KEY_META, meta, 552 + ingress_ifindex, sizeof(__u32), reg); 553 + break; 550 554 default: 551 555 return -EOPNOTSUPP; 552 556 }