Re: [PATCH nf-next v5 1/2] netfilter: nf_flow_offload: add net in offload_ctx

wenxu <wenxu@xxxxxxxxx> · Mon, 2 Sep 2019 14:12:14 +0800

Hi  pablo,

How about this series?

BR

wenxu

On 8/21/2019 12:56 PM, wenxu@xxxxxxxxx wrote:
> From: wenxu <wenxu@xxxxxxxxx>
>
> In the offload_ctx, the net can be used for other actions
> such as fwd netdev
>
> Signed-off-by: wenxu <wenxu@xxxxxxxxx>
> ---
> v5: no change
>
>  include/net/netfilter/nf_tables_offload.h | 3 ++-
>  net/netfilter/nf_tables_api.c             | 2 +-
>  net/netfilter/nf_tables_offload.c         | 3 ++-
>  3 files changed, 5 insertions(+), 3 deletions(-)
>
> diff --git a/include/net/netfilter/nf_tables_offload.h b/include/net/netfilter/nf_tables_offload.h
> index 8a5969d9..71453fd 100644
> --- a/include/net/netfilter/nf_tables_offload.h
> +++ b/include/net/netfilter/nf_tables_offload.h
> @@ -25,6 +25,7 @@ struct nft_offload_ctx {
>  		__be16				l3num;
>  		u8				protonum;
>  	} dep;
> +	struct net *net;
>  	unsigned int				num_actions;
>  	struct nft_offload_reg			regs[NFT_REG32_15 + 1];
>  };
> @@ -61,7 +62,7 @@ struct nft_flow_rule {
>  #define NFT_OFFLOAD_F_ACTION	(1 << 0)
>  
>  struct nft_rule;
> -struct nft_flow_rule *nft_flow_rule_create(const struct nft_rule *rule);
> +struct nft_flow_rule *nft_flow_rule_create(struct net *net, const struct nft_rule *rule);
>  void nft_flow_rule_destroy(struct nft_flow_rule *flow);
>  int nft_flow_rule_offload_commit(struct net *net);
>  void nft_indr_block_get_and_ing_cmd(struct net_device *dev,
> diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
> index fe3b7b0..d4f611a 100644
> --- a/net/netfilter/nf_tables_api.c
> +++ b/net/netfilter/nf_tables_api.c
> @@ -2844,7 +2844,7 @@ static int nf_tables_newrule(struct net *net, struct sock *nlsk,
>  		return nft_table_validate(net, table);
>  
>  	if (chain->flags & NFT_CHAIN_HW_OFFLOAD) {
> -		flow = nft_flow_rule_create(rule);
> +		flow = nft_flow_rule_create(net, rule);
>  		if (IS_ERR(flow))
>  			return PTR_ERR(flow);
>  
> diff --git a/net/netfilter/nf_tables_offload.c b/net/netfilter/nf_tables_offload.c
> index d3c4c9c..9d9a864 100644
> --- a/net/netfilter/nf_tables_offload.c
> +++ b/net/netfilter/nf_tables_offload.c
> @@ -28,12 +28,13 @@ static struct nft_flow_rule *nft_flow_rule_alloc(int num_actions)
>  	return flow;
>  }
>  
> -struct nft_flow_rule *nft_flow_rule_create(const struct nft_rule *rule)
> +struct nft_flow_rule *nft_flow_rule_create(struct net *net, const struct nft_rule *rule)
>  {
>  	struct nft_offload_ctx ctx = {
>  		.dep	= {
>  			.type	= NFT_OFFLOAD_DEP_UNSPEC,
>  		},
> +		.net = net,
>  	};
>  	struct nft_flow_rule *flow;
>  	int num_actions = 0, err;