在 2019/11/16 5:48, Pablo Neira Ayuso 写道:
> On Fri, Nov 15, 2019 at 08:03:26PM +0800, wenxu@xxxxxxxxx wrote:
>> From: wenxu <wenxu@xxxxxxxxx>
>>
>> This patch provide tunnel offload based on route lwtunnel.
>> The first two patches support indr callback setup
>> Then add tunnel match and action offload
> Could you provide a configuration script for this tunnel setup?
>
> Thanks.
The following is a simple configure for tunnel offload forward
ip link add dev gre_sys type gretap key 1000
ip link add user1 type vrf table 1
ip l set dev gre1000 master user1
ip l set dev vf master user1
ip r a 10.0.0.7 dev vf table 1
ip r a default via 10.0.0.100 encap ip id 1000 dst 172.168.0.7 key dev gre1000 table 1 onlink
nft add flowtable firewall fb1 { hook ingress priority 0 \; flags offload \; devices = { gre1000, vf } \; }
>
>> This patch is based on
>> http://patchwork.ozlabs.org/patch/1194247/
>> http://patchwork.ozlabs.org/patch/1195539/
>>
>> wenxu (4):
>> netfilter: nf_flow_table_offload: refactor nf_flow_table_offload_setup
>> to support indir setup
>> netfilter: nf_flow_table_offload: add indr block setup support
>> netfilter: nf_flow_table_offload: add tunnel match offload support
>> netfilter: nf_flow_table_offload: add tunnel encap/decap action
>> offload support
>>
>> net/netfilter/nf_flow_table_offload.c | 240 +++++++++++++++++++++++++++++++---
>> 1 file changed, 223 insertions(+), 17 deletions(-)
>>
>> --
>> 1.8.3.1
>>
