From: Pablo Neira Ayuso <pa...@netfilter.org> Date: Mon, 19 Nov 2018 01:15:07 +0100
> This patchset introduces a kernel intermediate representation (IR) to > express ACL hardware offloads, as already described in previous RFC and > v1 patchset [1] [2]. The idea is to normalize the frontend U/APIs to use > the flow dissectors and the flow actions so drivers can reuse the > existing TC offload driver codebase - that has been converted to use the > flow_rule infrastructure. I'm go to bring up the elephant in the room. I think the real motivation here is to offload netfilter rules to HW, and you should be completely honest about that.