diff options
| author | Felix Fietkau <nbd@nbd.name> | 2018-02-20 15:58:42 +0100 |
|---|---|---|
| committer | Felix Fietkau <nbd@nbd.name> | 2018-02-21 20:12:42 +0100 |
| commit | 820f03099894bd48638fb5be326b5c551f0f2b98 (patch) | |
| tree | 22522d219f3d5b9ae2574b10e8dad8a2bb381e1c /package | |
| parent | 103335644265d96c656a7de3d5994fbd11246300 (diff) | |
| download | upstream-820f03099894bd48638fb5be326b5c551f0f2b98.tar.gz upstream-820f03099894bd48638fb5be326b5c551f0f2b98.tar.bz2 upstream-820f03099894bd48638fb5be326b5c551f0f2b98.zip | |
netfilter: add a xt_FLOWOFFLOAD target for NAT/routing offload support
This makes it possible to add an iptables rule that offloads routing/NAT
packet processing to a software fast path. This fast path is much
quicker than running packets through the regular tables/chains.
Requires Linux 4.14
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Diffstat (limited to 'package')
| -rw-r--r-- | package/kernel/linux/modules/netfilter.mk | 13 | ||||
| -rw-r--r-- | package/network/utils/iptables/patches/800-flowoffload_target.patch | 18 |
2 files changed, 30 insertions, 1 deletions
diff --git a/package/kernel/linux/modules/netfilter.mk b/package/kernel/linux/modules/netfilter.mk index 57d68d4a55..f296a9096e 100644 --- a/package/kernel/linux/modules/netfilter.mk +++ b/package/kernel/linux/modules/netfilter.mk @@ -147,7 +147,7 @@ define KernelPackage/nf-flow CONFIG_NETFILTER_INGRESS=y \ CONFIG_NF_FLOW_TABLE \ CONFIG_NF_FLOW_TABLE_HW - DEPENDS:=+kmod-nf-conntrack +kmod-nft-core @!LINUX_3_18 @!LINUX_4_4 @!LINUX_4_9 + DEPENDS:=+kmod-nf-conntrack @!LINUX_3_18 @!LINUX_4_4 @!LINUX_4_9 FILES:= \ $(LINUX_DIR)/net/netfilter/nf_flow_table.ko \ $(LINUX_DIR)/net/netfilter/nf_flow_table_hw.ko @@ -237,6 +237,17 @@ endef $(eval $(call KernelPackage,ipt-filter)) +define KernelPackage/ipt-offload + TITLE:=Netfilter routing/NAT offload support + KCONFIG:=CONFIG_NETFILTER_XT_TARGET_FLOWOFFLOAD + FILES:=$(foreach mod,$(IPT_FLOW-m),$(LINUX_DIR)/net/$(mod).ko) + AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_FLOW-m))) + $(call AddDepends/ipt,+kmod-nf-flow) +endef + +$(eval $(call KernelPackage,ipt-offload)) + + define KernelPackage/ipt-ipopt TITLE:=Modules for matching/changing IP packet options KCONFIG:=$(KCONFIG_IPT_IPOPT) diff --git a/package/network/utils/iptables/patches/800-flowoffload_target.patch b/package/network/utils/iptables/patches/800-flowoffload_target.patch new file mode 100644 index 0000000000..c6fe65cd3e --- /dev/null +++ b/package/network/utils/iptables/patches/800-flowoffload_target.patch @@ -0,0 +1,18 @@ +--- /dev/null ++++ b/extensions/libxt_FLOWOFFLOAD.c +@@ -0,0 +1,15 @@ ++#include <xtables.h> ++ ++static struct xtables_target offload_tg_reg[] = { ++ { ++ .family = NFPROTO_UNSPEC, ++ .name = "FLOWOFFLOAD", ++ .revision = 0, ++ .version = XTABLES_VERSION, ++ }, ++}; ++ ++void _init(void) ++{ ++ xtables_register_targets(offload_tg_reg, ARRAY_SIZE(offload_tg_reg)); ++} |