From: wenxu <wenxu@xxxxxxxxx> In the offload_ctx, the net can be used for other actions such as fwd netdev Signed-off-by: wenxu <wenxu@xxxxxxxxx> --- v5: no change include/net/netfilter/nf_tables_offload.h | 3 ++- net/netfilter/nf_tables_api.c | 2 +- net/netfilter/nf_tables_offload.c | 3 ++- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/include/net/netfilter/nf_tables_offload.h b/include/net/netfilter/nf_tables_offload.h index 8a5969d9..71453fd 100644 --- a/include/net/netfilter/nf_tables_offload.h +++ b/include/net/netfilter/nf_tables_offload.h @@ -25,6 +25,7 @@ struct nft_offload_ctx { __be16 l3num; u8 protonum; } dep; + struct net *net; unsigned int num_actions; struct nft_offload_reg regs[NFT_REG32_15 + 1]; }; @@ -61,7 +62,7 @@ struct nft_flow_rule { #define NFT_OFFLOAD_F_ACTION (1 << 0) struct nft_rule; -struct nft_flow_rule *nft_flow_rule_create(const struct nft_rule *rule); +struct nft_flow_rule *nft_flow_rule_create(struct net *net, const struct nft_rule *rule); void nft_flow_rule_destroy(struct nft_flow_rule *flow); int nft_flow_rule_offload_commit(struct net *net); void nft_indr_block_get_and_ing_cmd(struct net_device *dev, diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index fe3b7b0..d4f611a 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -2844,7 +2844,7 @@ static int nf_tables_newrule(struct net *net, struct sock *nlsk, return nft_table_validate(net, table); if (chain->flags & NFT_CHAIN_HW_OFFLOAD) { - flow = nft_flow_rule_create(rule); + flow = nft_flow_rule_create(net, rule); if (IS_ERR(flow)) return PTR_ERR(flow); diff --git a/net/netfilter/nf_tables_offload.c b/net/netfilter/nf_tables_offload.c index d3c4c9c..9d9a864 100644 --- a/net/netfilter/nf_tables_offload.c +++ b/net/netfilter/nf_tables_offload.c @@ -28,12 +28,13 @@ static struct nft_flow_rule *nft_flow_rule_alloc(int num_actions) return flow; } -struct nft_flow_rule *nft_flow_rule_create(const struct nft_rule *rule) +struct nft_flow_rule *nft_flow_rule_create(struct net *net, const struct nft_rule *rule) { struct nft_offload_ctx ctx = { .dep = { .type = NFT_OFFLOAD_DEP_UNSPEC, }, + .net = net, }; struct nft_flow_rule *flow; int num_actions = 0, err; -- 1.8.3.1