Add NFT_PAYLOAD_CAN_OFFLOAD to nft_payload_csum_flags enum.
The meaning of the flag is to allow payload application in the offload
fast path context.
This flag is being set by the userspace on the specific packet modification
statements. For example, look at the offload in the dscp statement below:
table inet filter {
flowtable f1 {
hook ingress priority filter
devices = { veth0, veth1 }
}
chain forward {
type filter hook forward priority filter; policy accept;
ip dscp set cs3 offload
ip protocol { tcp, udp, gre } flow add @f1
ct state established,related accept
}
}
Signed-off-by: Boris Sukholitko <boris.sukholitko@xxxxxxxxxxxx>
---
include/uapi/linux/netfilter/nf_tables.h | 1 +
1 file changed, 1 insertion(+)
diff --git a/include/uapi/linux/netfilter/nf_tables.h b/include/uapi/linux/netfilter/nf_tables.h
index c4d4d8e42dc8..02c30da5de8c 100644
--- a/include/uapi/linux/netfilter/nf_tables.h
+++ b/include/uapi/linux/netfilter/nf_tables.h
@@ -794,6 +794,7 @@ enum nft_payload_csum_types {
enum nft_payload_csum_flags {
NFT_PAYLOAD_L4CSUM_PSEUDOHDR = (1 << 0),
+ NFT_PAYLOAD_CAN_OFFLOAD = (1 << 1),
};
enum nft_inner_type {
--
2.32.0
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
