Hi, The following patchset adds hardware offload support for the flowtable infrastructure [1]. This infrastructure provides a fast datapath for the classic Linux forwarding path that users can enable through policy, eg. table inet x { flowtable f { hook ingress priority 10 devices = { eth0, eth1 } flags offload } chain y { type filter hook forward priority 0; policy accept; ip protocol tcp flow offload @f } } This example above enables the fastpath for TCP traffic between devices eth0 and eth1. Users can turn on the hardware offload through the 'offload' flag from the flowtable definition. If this new flag is not specified, the software flowtable datapath is used. This patchset is composed of 4 preparation patches: #1 Move pointer to conntrack object to the flow_offload structure. #2 Remove useless union from the flow_offload structure. #3 Remove superfluous flow_offload_entry structure. #4 Detach routing information from the flow_offload object to leave room to extend this infrastructure, eg. accelerate bridge forwarding. And 2 patches to add the hardware offload control and data planes: #5 Add the netlink control plane and the interface to set up the flowtable hardware offload. This includes a new NFTA_FLOWTABLE_FLAGS netlink attribute to convey the optional NF_FLOWTABLE_HW_OFFLOAD flag. #6 Add the hardware offload datapath: This code uses the flow_offload API available at net/core/flow_offload.h to represent the flow through two flow_rule objects to configure an exact 5-tuple matching on each direction plus the corresponding forwarding actions, that is, the MAC address, NAT and checksum updates; and port redirection in order to configure the hardware datapath. This patch only supports for IPv4 support and statistics collection for flow aging as an initial step. This patchset introduces a new flow_block callback type that needs to be set up to configure the flowtable hardware offload. The first client of this infrastructure follows up after this batch. I would like to thank Mellanox for developing the first upstream driver to use this infrastructure. Please, apply. [1] Documentation/networking/nf_flowtable.txt Pablo Neira Ayuso (6): netfilter: nf_flow_table: move conntrack object to struct flow_offload netfilter: nf_flow_table: remove union from flow_offload structure netfilter: nf_flowtable: remove flow_offload_entry structure netfilter: nf_flow_table: detach routing information from flow description netfilter: nf_tables: add flowtable offload control plane netfilter: nf_flow_table: hardware offload support include/linux/netdevice.h | 1 + include/net/netfilter/nf_flow_table.h | 60 ++- include/uapi/linux/netfilter/nf_tables.h | 2 + net/ipv4/netfilter/nf_flow_table_ipv4.c | 2 + net/ipv6/netfilter/nf_flow_table_ipv6.c | 2 + net/netfilter/Makefile | 3 +- net/netfilter/nf_flow_table_core.c | 173 ++++--- net/netfilter/nf_flow_table_inet.c | 2 + net/netfilter/nf_flow_table_offload.c | 758 +++++++++++++++++++++++++++++++ net/netfilter/nf_tables_api.c | 21 +- net/netfilter/nft_flow_offload.c | 5 +- 11 files changed, 955 insertions(+), 74 deletions(-) create mode 100644 net/netfilter/nf_flow_table_offload.c -- 2.11.0