From: Frank Wunderlich <frank-w@xxxxxxxxxxxxxxx> allow flags (currently only offload) in flowtables like it is stated here: https://lwn.net/Articles/804384/ tested on mt7622/Bananapi-R64 table ip filter { flowtable f { hook ingress priority filter + 1 devices = { lan3, lan0, wan } flags offload; } chain forward { type filter hook forward priority filter; policy accept; ip protocol { tcp, udp } flow add @f } } table ip nat { chain post { type nat hook postrouting priority filter; policy accept; oifname "wan" masquerade } } Signed-off-by: Frank Wunderlich <frank-w@xxxxxxxxxxxxxxx> --- include/rule.h | 8 ++++++++ src/mnl.c | 5 +++++ src/netlink.c | 2 ++ src/parser_bison.y | 7 +++++++ src/rule.c | 4 ++++ 5 files changed, 26 insertions(+) diff --git a/include/rule.h b/include/rule.h index 523435f6f5d5..4ef24eb4ec63 100644 --- a/include/rule.h +++ b/include/rule.h @@ -187,6 +187,14 @@ enum chain_flags { CHAIN_F_BINDING = 0x4, }; +/** + * enum flowtable_flags - flowtable flags + * + */ +enum flowtable_flags { + FLOWTABLE_F_HW_OFFLOAD = 0x1, /* NF_FLOWTABLE_HW_OFFLOAD in linux nf_flow_table.h */ +}; + /** * struct prio_spec - extendend priority specification for mixed * textual/numerical parsing. diff --git a/src/mnl.c b/src/mnl.c index deea586f9b00..ffbfe48158de 100644 --- a/src/mnl.c +++ b/src/mnl.c @@ -1779,6 +1779,11 @@ int mnl_nft_flowtable_add(struct netlink_ctx *ctx, struct cmd *cmd, nftnl_flowtable_set_u32(flo, NFTNL_FLOWTABLE_PRIO, 0); } + if (cmd->flowtable->flags & FLOWTABLE_F_HW_OFFLOAD) { + nftnl_flowtable_set_u32(flo, NFTNL_FLOWTABLE_FLAGS, + NFT_FLOWTABLE_HW_OFFLOAD); + } + if (cmd->flowtable->dev_expr) { dev_array = nft_flowtable_dev_array(cmd); nftnl_flowtable_set_data(flo, NFTNL_FLOWTABLE_DEVICES, diff --git a/src/netlink.c b/src/netlink.c index 8c86789b8369..103fdbd10690 100644 --- a/src/netlink.c +++ b/src/netlink.c @@ -1598,6 +1598,8 @@ netlink_delinearize_flowtable(struct netlink_ctx *ctx, xstrdup(nftnl_flowtable_get_str(nlo, NFTNL_FLOWTABLE_NAME)); flowtable->handle.handle.id = nftnl_flowtable_get_u64(nlo, NFTNL_FLOWTABLE_HANDLE); + if (nftnl_flowtable_is_set(nlo, NFTNL_FLOWTABLE_FLAGS)) + flowtable->flags = nftnl_flowtable_get_u32(nlo, NFTNL_FLOWTABLE_FLAGS); dev_array = nftnl_flowtable_get(nlo, NFTNL_FLOWTABLE_DEVICES); while (dev_array[len]) len++; diff --git a/src/parser_bison.y b/src/parser_bison.y index 08a2599e5374..6d69071b1c2d 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -1993,6 +1993,7 @@ flowtable_block_alloc : /* empty */ flowtable_block : /* empty */ { $$ = $<flowtable>-1; } | flowtable_block common_block | flowtable_block stmt_separator + | flowtable_block ft_flags_spec stmt_separator | flowtable_block HOOK STRING prio_spec stmt_separator { $$->hook.loc = @3; @@ -2375,6 +2376,12 @@ flags_spec : FLAGS OFFLOAD } ; +ft_flags_spec : FLAGS OFFLOAD + { + $<flowtable>0->flags |= FLOWTABLE_F_HW_OFFLOAD; + } + ; + policy_spec : POLICY policy_expr { if ($<chain>0->policy) { diff --git a/src/rule.c b/src/rule.c index 1c6010c001c5..f7f905095cbe 100644 --- a/src/rule.c +++ b/src/rule.c @@ -2223,6 +2223,10 @@ static void flowtable_print_declaration(const struct flowtable *flowtable, nft_print(octx, " }%s", opts->stmt_separator); } + if (flowtable->flags & NFT_FLOWTABLE_HW_OFFLOAD) + nft_print(octx, "%s%sflags offload;%s", opts->tab, opts->tab, + opts->stmt_separator); + if (flowtable->flags & NFT_FLOWTABLE_COUNTER) nft_print(octx, "%s%scounter%s", opts->tab, opts->tab, opts->stmt_separator); -- 2.25.1
