[PATCH nft] src: support for offload chain flags

Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> · Tue, 3 Mar 2020 13:34:43 +0100

This patch extends the basechain definition to allow users to specify
the offload flag. This flag enables hardware offload if your drivers
supports it.

 # cat file.nft
 table netdev x {
    chain y {
       type filter hook ingress device eth0 priority 10; flags offload;
    }
 }
 # nft -f file.nft

Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---
 include/rule.h     | 1 +
 src/mnl.c          | 4 ++++
 src/netlink.c      | 2 ++
 src/parser_bison.y | 7 +++++++
 src/rule.c         | 3 +++
 5 files changed, 17 insertions(+)

diff --git a/include/rule.h b/include/rule.h
index ced63f3ea1b8..224e68717bc7 100644
--- a/include/rule.h
+++ b/include/rule.h
@@ -175,6 +175,7 @@ extern struct table *table_lookup_fuzzy(const struct handle *h,
  */
 enum chain_flags {
 	CHAIN_F_BASECHAIN	= 0x1,
+	CHAIN_F_HW_OFFLOAD	= 0x2,
 };
 
 /**
diff --git a/src/mnl.c b/src/mnl.c
index bca5add0f8eb..a517712c14eb 100644
--- a/src/mnl.c
+++ b/src/mnl.c
@@ -624,6 +624,10 @@ int mnl_nft_chain_add(struct netlink_ctx *ctx, struct cmd *cmd,
 	nftnl_chain_set_u32(nlc, NFTNL_CHAIN_FAMILY, cmd->handle.family);
 
 	if (cmd->chain) {
+		if (cmd->chain->flags & CHAIN_F_HW_OFFLOAD) {
+			nftnl_chain_set_u32(nlc, NFTNL_CHAIN_FLAGS,
+					    CHAIN_F_HW_OFFLOAD);
+		}
 		if (cmd->chain->flags & CHAIN_F_BASECHAIN) {
 			nftnl_chain_set_u32(nlc, NFTNL_CHAIN_HOOKNUM,
 					    cmd->chain->hooknum);
diff --git a/src/netlink.c b/src/netlink.c
index 0c6b8c58238b..671923f3eeba 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -435,6 +435,8 @@ struct chain *netlink_delinearize_chain(struct netlink_ctx *ctx,
 		xstrdup(nftnl_chain_get_str(nlc, NFTNL_CHAIN_TABLE));
 	chain->handle.handle.id =
 		nftnl_chain_get_u64(nlc, NFTNL_CHAIN_HANDLE);
+	if (nftnl_chain_is_set(nlc, NFTNL_CHAIN_FLAGS))
+		chain->flags = nftnl_chain_get_u32(nlc, NFTNL_CHAIN_FLAGS);
 
 	if (nftnl_chain_is_set(nlc, NFTNL_CHAIN_HOOKNUM) &&
 	    nftnl_chain_is_set(nlc, NFTNL_CHAIN_PRIO) &&
diff --git a/src/parser_bison.y b/src/parser_bison.y
index 4c27fcc635dc..b37e9e565cc1 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -1667,6 +1667,7 @@ chain_block		:	/* empty */	{ $$ = $<chain>-1; }
 			|	chain_block	stmt_separator
 			|	chain_block	hook_spec	stmt_separator
 			|	chain_block	policy_spec	stmt_separator
+			|	chain_block	flags_spec	stmt_separator
 			|	chain_block	rule		stmt_separator
 			{
 				list_add_tail(&$2->list, &$1->rules);
@@ -2154,6 +2155,12 @@ dev_spec		:	DEVICE	string
 			|	/* empty */		{ $$ = NULL; }
 			;
 
+flags_spec		:	FLAGS		OFFLOAD
+			{
+				$<chain>0->flags |= CHAIN_F_HW_OFFLOAD;
+			}
+			;
+
 policy_spec		:	POLICY		policy_expr
 			{
 				if ($<chain>0->policy) {
diff --git a/src/rule.c b/src/rule.c
index 9e58ee66f984..8e5852689091 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -1177,6 +1177,9 @@ static void chain_print_declaration(const struct chain *chain,
 			nft_print(octx, " policy %s;",
 				  chain_policy2str(policy));
 		}
+		if (chain->flags & CHAIN_F_HW_OFFLOAD)
+			nft_print(octx, " flags offload;");
+
 		nft_print(octx, "\n");
 	}
 }
-- 
2.11.0







