diff options
Diffstat (limited to 'package/network/utils/nftables/patches/203-src-flow-offload-support.patch')
| -rw-r--r-- | package/network/utils/nftables/patches/203-src-flow-offload-support.patch | 191 |
1 files changed, 0 insertions, 191 deletions
diff --git a/package/network/utils/nftables/patches/203-src-flow-offload-support.patch b/package/network/utils/nftables/patches/203-src-flow-offload-support.patch deleted file mode 100644 index 86dfb1d94a..0000000000 --- a/package/network/utils/nftables/patches/203-src-flow-offload-support.patch +++ /dev/null @@ -1,191 +0,0 @@ -From: Pablo Neira Ayuso <pablo@netfilter.org> -Date: Sun, 3 Dec 2017 21:27:03 +0100 -Subject: [PATCH] src: flow offload support - -This patch allows us to refer to existing flowtables: - - # nft add rule x x flow offload @m - -Packets matching this rule create an entry in the flow table 'm', hence, -follow up packets that get to the flowtable at ingress bypass the -classic forwarding path. - -Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ---- - ---- a/include/ct.h -+++ b/include/ct.h -@@ -29,6 +29,8 @@ extern struct expr *ct_expr_alloc(const - extern void ct_expr_update_type(struct proto_ctx *ctx, struct expr *expr); - - extern struct stmt *notrack_stmt_alloc(const struct location *loc); -+extern struct stmt *flow_offload_stmt_alloc(const struct location *loc, -+ const char *table_name); - - extern const struct datatype ct_dir_type; - extern const struct datatype ct_state_type; ---- a/include/statement.h -+++ b/include/statement.h -@@ -10,6 +10,12 @@ extern struct stmt *expr_stmt_alloc(cons - extern struct stmt *verdict_stmt_alloc(const struct location *loc, - struct expr *expr); - -+struct flow_stmt { -+ const char *table_name; -+}; -+ -+struct stmt *flow_stmt_alloc(const struct location *loc, const char *name); -+ - struct objref_stmt { - uint32_t type; - struct expr *expr; -@@ -231,6 +237,7 @@ extern struct stmt *xt_stmt_alloc(const - * @STMT_NOTRACK: notrack statement - * @STMT_OBJREF: stateful object reference statement - * @STMT_EXTHDR: extension header statement -+ * @STMT_FLOW_OFFLOAD: flow offload statement - */ - enum stmt_types { - STMT_INVALID, -@@ -256,6 +263,7 @@ enum stmt_types { - STMT_NOTRACK, - STMT_OBJREF, - STMT_EXTHDR, -+ STMT_FLOW_OFFLOAD, - }; - - /** -@@ -316,6 +324,7 @@ struct stmt { - struct fwd_stmt fwd; - struct xt_stmt xt; - struct objref_stmt objref; -+ struct flow_stmt flow; - }; - }; - ---- a/src/ct.c -+++ b/src/ct.c -@@ -456,3 +456,26 @@ struct stmt *notrack_stmt_alloc(const st - { - return stmt_alloc(loc, ¬rack_stmt_ops); - } -+ -+static void flow_offload_stmt_print(const struct stmt *stmt, -+ struct output_ctx *octx) -+{ -+ printf("flow offload @%s", stmt->flow.table_name); -+} -+ -+static const struct stmt_ops flow_offload_stmt_ops = { -+ .type = STMT_FLOW_OFFLOAD, -+ .name = "flow_offload", -+ .print = flow_offload_stmt_print, -+}; -+ -+struct stmt *flow_offload_stmt_alloc(const struct location *loc, -+ const char *table_name) -+{ -+ struct stmt *stmt; -+ -+ stmt = stmt_alloc(loc, &flow_offload_stmt_ops); -+ stmt->flow.table_name = table_name; -+ -+ return stmt; -+} ---- a/src/evaluate.c -+++ b/src/evaluate.c -@@ -2773,6 +2773,7 @@ int stmt_evaluate(struct eval_ctx *ctx, - case STMT_LIMIT: - case STMT_QUOTA: - case STMT_NOTRACK: -+ case STMT_FLOW_OFFLOAD: - return 0; - case STMT_EXPRESSION: - return stmt_evaluate_expr(ctx, stmt); ---- a/src/netlink_delinearize.c -+++ b/src/netlink_delinearize.c -@@ -680,6 +680,16 @@ static void netlink_parse_notrack(struct - ctx->stmt = notrack_stmt_alloc(loc); - } - -+static void netlink_parse_flow_offload(struct netlink_parse_ctx *ctx, -+ const struct location *loc, -+ const struct nftnl_expr *nle) -+{ -+ const char *table_name; -+ -+ table_name = xstrdup(nftnl_expr_get_str(nle, NFTNL_EXPR_FLOW_TABLE_NAME)); -+ ctx->stmt = flow_offload_stmt_alloc(loc, table_name); -+} -+ - static void netlink_parse_ct_stmt(struct netlink_parse_ctx *ctx, - const struct location *loc, - const struct nftnl_expr *nle) -@@ -1255,6 +1265,7 @@ static const struct { - { .name = "hash", .parse = netlink_parse_hash }, - { .name = "fib", .parse = netlink_parse_fib }, - { .name = "tcpopt", .parse = netlink_parse_exthdr }, -+ { .name = "flow_offload", .parse = netlink_parse_flow_offload }, - }; - - static int netlink_parse_expr(const struct nftnl_expr *nle, ---- a/src/netlink_linearize.c -+++ b/src/netlink_linearize.c -@@ -1201,6 +1201,17 @@ static void netlink_gen_notrack_stmt(str - nftnl_rule_add_expr(ctx->nlr, nle); - } - -+static void netlink_gen_flow_offload_stmt(struct netlink_linearize_ctx *ctx, -+ const struct stmt *stmt) -+{ -+ struct nftnl_expr *nle; -+ -+ nle = alloc_nft_expr("flow_offload"); -+ nftnl_expr_set_str(nle, NFTNL_EXPR_FLOW_TABLE_NAME, -+ stmt->flow.table_name); -+ nftnl_rule_add_expr(ctx->nlr, nle); -+} -+ - static void netlink_gen_set_stmt(struct netlink_linearize_ctx *ctx, - const struct stmt *stmt) - { -@@ -1300,6 +1311,8 @@ static void netlink_gen_stmt(struct netl - break; - case STMT_NOTRACK: - return netlink_gen_notrack_stmt(ctx, stmt); -+ case STMT_FLOW_OFFLOAD: -+ return netlink_gen_flow_offload_stmt(ctx, stmt); - case STMT_OBJREF: - return netlink_gen_objref_stmt(ctx, stmt); - default: ---- a/src/parser_bison.y -+++ b/src/parser_bison.y -@@ -248,6 +248,7 @@ int nft_lex(void *, void *, void *); - %token SIZE "size" - - %token FLOW "flow" -+%token OFFLOAD "offload" - %token METER "meter" - %token METERS "meters" - -@@ -3384,6 +3385,10 @@ meta_stmt : META meta_key SET stmt_expr - { - $$ = notrack_stmt_alloc(&@$); - } -+ | FLOW OFFLOAD AT string -+ { -+ $$ = flow_offload_stmt_alloc(&@$, $4); -+ } - ; - - offset_opt : /* empty */ { $$ = 0; } ---- a/src/scanner.l -+++ b/src/scanner.l -@@ -296,6 +296,7 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr - "memory" { return MEMORY; } - - "flow" { return FLOW; } -+"offload" { return OFFLOAD; } - "meter" { return METER; } - "meters" { return METERS; } - |