Hi,
This patchset adds initial hardware offload support for nftables through
the existing netdev_ops->ndo_setup_tc() interface, the TC_SETUP_CLSFLOWER
classifier and the flow rule API.
Patch 1 move the flow block callback infrastructure to
net/core/flow_offload.c. More structure and enumeration definitions
currently in include/net/pkt_cls.h can be also there to reuse this from
the netfilter codebase.
Patch 2 adds hardware offload support for nftables.
This patchset depends on a previous patchset:
[PATCH net-next,RFC 0/9] net: sched: prepare to reuse per-block
callbacks from netfilter
More information at: https://marc.info/?l=netfilter-devel&m=155623884016026&w=2
Comments welcome, thanks.
Pablo Neira Ayuso (2):
net: flow_offload: add flow_block_cb API
netfilter: nf_tables: add hardware offload support
drivers/net/ethernet/mellanox/mlx5/core/en_rep.c | 22 +--
drivers/net/ethernet/mellanox/mlxsw/spectrum.c | 54 +++---
drivers/net/ethernet/netronome/nfp/abm/cls.c | 2 +-
drivers/net/ethernet/netronome/nfp/abm/main.h | 2 +-
.../net/ethernet/netronome/nfp/flower/offload.c | 18 +-
include/net/flow_offload.h | 48 +++++
include/net/netfilter/nf_tables.h | 13 ++
include/net/netfilter/nf_tables_offload.h | 76 ++++++++
include/net/pkt_cls.h | 40 +---
include/uapi/linux/netfilter/nf_tables.h | 2 +
net/core/flow_offload.c | 77 ++++++++
net/dsa/slave.c | 2 +-
net/netfilter/Makefile | 2 +-
net/netfilter/nf_tables_api.c | 16 +-
net/netfilter/nf_tables_offload.c | 216 +++++++++++++++++++++
net/netfilter/nft_cmp.c | 53 +++++
net/netfilter/nft_immediate.c | 31 +++
net/netfilter/nft_meta.c | 27 +++
net/netfilter/nft_payload.c | 187 ++++++++++++++++++
net/sched/cls_api.c | 140 +++----------
20 files changed, 827 insertions(+), 201 deletions(-)
create mode 100644 include/net/netfilter/nf_tables_offload.h
create mode 100644 net/netfilter/nf_tables_offload.c
--
2.11.0
