To apply payload changes during fast path nftables processing we need a place to keep the information regarding the changes. Add new nf_tables conntrack extension NFT_CONNTRACK_EXT to do this. Signed-off-by: Boris Sukholitko <boris.sukholitko@xxxxxxxxxxxx> --- net/netfilter/Kconfig | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig index 441d1f134110..30ee231df947 100644 --- a/net/netfilter/Kconfig +++ b/net/netfilter/Kconfig @@ -716,6 +716,16 @@ config NFT_REJECT_NETDEV endif # NF_TABLES_NETDEV +config NFT_CONNTRACK_EXT + bool "Netfilter nf_tables conntrack extension support" + default n + help + This option enables nf_tables conntrack extension. The extension is + being used to help with some of nf_tables offload cases. For example, + modifying dscp field of IP packet may be skipped during the offload. + + If unsure, choose N here. + endif # NF_TABLES config NF_FLOW_TABLE_INET -- 2.32.0
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
