www.infradead.org Git - users/dwmw2/linux.git/commit

author	Florian Westphal <fw@strlen.de>
	Sat, 29 Jun 2024 22:26:48 +0000 (00:26 +0200)
committer	Daniel Borkmann <daniel@iogearbox.net>
	Mon, 1 Jul 2024 15:01:53 +0000 (17:01 +0200)
commit	89cc8f1c5f22568142b7ad118c738204708e4207
tree	8fe95643954df3fe3f519fe20ab6c46c41c4ac52	tree
parent	a12978712d9001b060bcc10eaae42ad5102abe2b	commit \| diff

netfilter: nf_tables: Add flowtable map for xdp offload

This adds a small internal mapping table so that a new bpf (xdp) kfunc
can perform lookups in a flowtable.

As-is, xdp program has access to the device pointer, but no way to do a
lookup in a flowtable -- there is no way to obtain the needed struct
without questionable stunts.

This allows to obtain an nf_flowtable pointer given a net_device
structure.

In order to keep backward compatibility, the infrastructure allows the
user to add a given device to multiple flowtables, but it will always
return the first added mapping performing the lookup since it assumes
the right configuration is 1:1 mapping between flowtables and net_devices.

Co-developed-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
Link: https://lore.kernel.org/bpf/9f20e2c36f494b3bf177328718367f636bb0b2ab.1719698275.git.lorenzo@kernel.org

include/net/netfilter/nf_flow_table.h		diff \| blob \| history
net/netfilter/Makefile		diff \| blob \| history
net/netfilter/nf_flow_table_offload.c		diff \| blob \| history
net/netfilter/nf_flow_table_xdp.c	[new file with mode: 0644]	blob