On Tue, Feb 22, 2022 at 05:09:57PM +0200, Vlad Buslov wrote:
> To improve hardware offload debuggability and allow capping total amount of
> offloaded entries in following patch extend struct netns_nftables with
> 'count_hw' counter and expose it to userspace as 'nf_flowtable_count_hw'
> sysctl entry. Increment the counter together with setting NF_FLOW_HW flag
> when scheduling offload add task on workqueue and decrement it after
> successfully scheduling offload del task.
>
> Signed-off-by: Vlad Buslov <vladbu@xxxxxxxxxx>
> Signed-off-by: Oz Shlomo <ozsh@xxxxxxxxxx>
> Reviewed-by: Paul Blakey <paulb@xxxxxxxxxx>
> ---
> include/net/netns/nftables.h | 1 +
> net/netfilter/nf_conntrack_standalone.c | 12 ++++++++++++
> net/netfilter/nf_flow_table_core.c | 12 ++++++++++--
> 3 files changed, 23 insertions(+), 2 deletions(-)
>
> diff --git a/include/net/netns/nftables.h b/include/net/netns/nftables.h
> index 8c77832d0240..262b8b3213cb 100644
> --- a/include/net/netns/nftables.h
> +++ b/include/net/netns/nftables.h
> @@ -6,6 +6,7 @@
>
> struct netns_nftables {
> u8 gencursor;
> + atomic_t count_hw;
In addition to the previous comments: I'd suggest to use
register_pernet_subsys() and register the sysctl from the
nf_flow_table_offload.c through nf_flow_table_offload_init()
file instead of using the conntrack nf_ct_sysctl_table[].
That would require a bit more work though.
