[PATCH nf-next 5/7] netfilter: nft_immediate: add offload support for actions

wenxu@xxxxxxxxx · Tue, 23 Jul 2019 20:52:42 +0800

From: wenxu <wenxu@xxxxxxxxx>

Immediate offload support for other action to handle the offload_reg

Signed-off-by: wenxu <wenxu@xxxxxxxxx>
---
 net/netfilter/nft_immediate.c | 47 +++++++++++++++++++++++++++----------------
 1 file changed, 30 insertions(+), 17 deletions(-)

diff --git a/net/netfilter/nft_immediate.c b/net/netfilter/nft_immediate.c
index 391f699..34facc3 100644
--- a/net/netfilter/nft_immediate.c
+++ b/net/netfilter/nft_immediate.c
@@ -130,29 +130,42 @@ static int nft_immediate_offload(struct nft_offload_ctx *ctx,
 				 const struct nft_expr *expr)
 {
 	const struct nft_immediate_expr *priv = nft_expr_priv(expr);
+	const struct nft_data *data = &priv->data;
 	struct flow_action_entry *entry;
-	const struct nft_data *data;
-
-	if (priv->dreg != NFT_REG_VERDICT)
-		return -EOPNOTSUPP;
-
-	entry = &flow->rule->action.entries[ctx->num_actions++];
 
-	data = &priv->data;
-	switch (data->verdict.code) {
-	case NF_ACCEPT:
-		entry->id = FLOW_ACTION_ACCEPT;
-		break;
-	case NF_DROP:
-		entry->id = FLOW_ACTION_DROP;
-		break;
-	default:
-		return -EOPNOTSUPP;
+	if (priv->dreg == NFT_REG_VERDICT) {
+		entry = &flow->rule->action.entries[ctx->num_actions++];
+
+		switch (data->verdict.code) {
+		case NF_ACCEPT:
+			entry->id = FLOW_ACTION_ACCEPT;
+			break;
+		case NF_DROP:
+			entry->id = FLOW_ACTION_DROP;
+			break;
+		default:
+			return -EOPNOTSUPP;
+		}
+	} else {
+		struct nft_offload_reg *reg = &ctx->regs[priv->dreg];
+
+		reg->type = NFT_OFFLOAD_REG_ACTION;
+		memcpy(&reg->action.data, data, sizeof(*data));
 	}
 
 	return 0;
 }
 
+static int nft_immediate_offload_actions(const struct nft_expr *expr)
+{
+	const struct nft_immediate_expr *priv = nft_expr_priv(expr);
+
+	if (priv->dreg == NFT_REG_VERDICT)
+		return 1;
+	else
+		return 0;
+}
+
 static const struct nft_expr_ops nft_imm_ops = {
 	.type		= &nft_imm_type,
 	.size		= NFT_EXPR_SIZE(sizeof(struct nft_immediate_expr)),
@@ -163,7 +176,7 @@ static int nft_immediate_offload(struct nft_offload_ctx *ctx,
 	.dump		= nft_immediate_dump,
 	.validate	= nft_immediate_validate,
 	.offload	= nft_immediate_offload,
-	.offload_actions = nft_offload_action,
+	.offload_actions = nft_immediate_offload_actions,
 };
 
 struct nft_expr_type nft_imm_type __read_mostly = {
-- 
1.8.3.1







