www.infradead.org Git - users/jedix/linux-maple.git/commit

author	Pablo Neira Ayuso <pablo@netfilter.org>
	Sun, 31 May 2015 16:04:11 +0000 (18:04 +0200)
committer	Chuck Anderson <chuck.anderson@oracle.com>
	Sun, 28 May 2017 02:44:19 +0000 (19:44 -0700)
commit	bf7d69c932c8171fd920c092cc44c561636394e2
tree	1b341a0c17513cbc002b052e8b95699e04e39465	tree
parent	d348df791c4f1d0d392805bb73c348d1dbc6a01a	commit \| diff

netfilter: nf_tables: add nft_dup expression

This new expression uses the nf_dup engine to clone packets to a given gateway.
Unlike xt_TEE, we use an index to indicate output interface which should be
fine at this stage.

Moreover, change to the preemtion-safe this_cpu_read(nf_skb_duplicated) from
nf_dup_ipv{4,6} to silence a lockdep splat.

Based on the original tee expression from Arturo Borrero Gonzalez, although
this patch has diverted quite a bit from this initial effort due to the
change to support maps.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
(cherry picked from commit d877f07112f1e5a247c6b585c971a93895c9f738)

Orabug: 24694570

Signed-off-by: Ethan Zhao <ethan.zhao@oracle.com>
Reviewed-by: Dhaval Giani <dhaval.giani@oracle.com>

include/net/netfilter/nft_dup.h	[new file with mode: 0644]	blob
include/uapi/linux/netfilter/nf_tables.h		diff \| blob \| history
net/ipv4/netfilter/Kconfig		diff \| blob \| history
net/ipv4/netfilter/Makefile		diff \| blob \| history
net/ipv4/netfilter/nf_dup_ipv4.c		diff \| blob \| history
net/ipv4/netfilter/nft_dup_ipv4.c	[new file with mode: 0644]	blob
net/ipv6/netfilter/Kconfig		diff \| blob \| history
net/ipv6/netfilter/Makefile		diff \| blob \| history
net/ipv6/netfilter/nf_dup_ipv6.c		diff \| blob \| history
net/ipv6/netfilter/nft_dup_ipv6.c	[new file with mode: 0644]	blob