在 2019/7/27 8:56, Jakub Kicinski 写道:
> On Fri, 26 Jul 2019 21:34:05 +0800, wenxu@xxxxxxxxx wrote:
>> From: wenxu <wenxu@xxxxxxxxx>
>>
>> move tc indirect block to flow_offload and rename
>> it to flow indirect block.The nf_tables can use the
>> indr block architecture.
>>
>> Signed-off-by: wenxu <wenxu@xxxxxxxxx>
>> diff --git a/include/net/flow_offload.h b/include/net/flow_offload.h
>> index 00b9aab..66f89bc 100644
>> --- a/include/net/flow_offload.h
>> +++ b/include/net/flow_offload.h
>> @@ -4,6 +4,7 @@
>> #include <linux/kernel.h>
>> #include <linux/list.h>
>> #include <net/flow_dissector.h>
>> +#include <linux/rhashtable.h>
>>
>> struct flow_match {
>> struct flow_dissector *dissector;
>> @@ -366,4 +367,42 @@ static inline void flow_block_init(struct flow_block *flow_block)
>> INIT_LIST_HEAD(&flow_block->cb_list);
>> }
>>
>> +typedef int flow_indr_block_bind_cb_t(struct net_device *dev, void *cb_priv,
>> + enum tc_setup_type type, void *type_data);
>> +
>> +struct flow_indr_block_cb {
>> + struct list_head list;
>> + void *cb_priv;
>> + flow_indr_block_bind_cb_t *cb;
>> + void *cb_ident;
>> +};
>> +
>> +typedef void flow_indr_block_ing_cmd_t(struct net_device *dev,
>> + struct flow_block *flow_block,
>> + struct flow_indr_block_cb *indr_block_cb,
>> + enum flow_block_command command);
>> +
>> +struct flow_indr_block_dev {
>> + struct rhash_head ht_node;
>> + struct net_device *dev;
>> + unsigned int refcnt;
>> + struct list_head cb_list;
>> + flow_indr_block_ing_cmd_t *ing_cmd_cb;
>> + struct flow_block *flow_block;
> TC can only have one block per device. Now with nftables offload we can
> have multiple blocks. Could you elaborate how this is solved?
>
>> +};
the nftable offload only work on netdev base chain. Each device can limit to one netdev base chain.
