| /linux/Documentation/networking/ |
| H A D | nf_flowtable.rst | 4 Netfilter's flowtable infrastructure
7 This documentation describes the Netfilter flowtable infrastructure which allows
8 you to define a fastpath through the flowtable datapath. This infrastructure
9 also provides hardware offload support. The flowtable supports for the layer 3
17 flowtable through your ruleset. The flowtable infrastructure provides a rule
18 action that allows you to specify when to add a flow to the flowtable.
20 A packet that finds a matching entry in the flowtable (ie. flowtable hit) is
24 there is no matching entry in the flowtable (ie. flowtable miss), the packet
27 The flowtable uses a resizable hashtable. Lookups are based on the following
32 The 'flow add' action allows you to populate the flowtable, the user selectively
[all …]
|
| /linux/net/netfilter/ |
| H A D | nf_flow_table_offload.c | 24 struct nf_flowtable *flowtable; member
737 const struct nf_flowtable *flowtable = offload->flowtable; in nf_flow_offload_rule_alloc() local
766 if (flowtable->type->action(net, flow, dir, flow_rule) < 0) in nf_flow_offload_rule_alloc()
806 struct net *net = read_pnet(&offload->flowtable->net); in nf_flow_offload_alloc()
836 static int nf_flow_offload_tuple(struct nf_flowtable *flowtable, in nf_flow_offload_tuple() argument
855 down_read(&flowtable->flow_block_lock); in nf_flow_offload_tuple()
864 up_read(&flowtable->flow_block_lock); in nf_flow_offload_tuple()
876 return nf_flow_offload_tuple(offload->flowtable, offload->flow, in flow_offload_tuple_add()
878 offload->flowtable->priority, in flow_offload_tuple_add()
880 &offload->flowtable->flow_block.cb_list); in flow_offload_tuple_add()
[all …]
|
| H A D | nf_flow_table_core.c | 422 void (*iter)(struct nf_flowtable *flowtable, in nf_flow_table_iterate()
515 * flowtable and ct entries could have been removed on another CPU. in nf_flow_table_extend_ct_timeout()
692 int nf_flow_table_init(struct nf_flowtable *flowtable) in nf_flow_table_init()
696 INIT_DELAYED_WORK(&flowtable->gc_work, nf_flow_offload_work_gc); in nf_flow_table_init()
697 flow_block_init(&flowtable->flow_block); in nf_flow_table_init()
698 init_rwsem(&flowtable->flow_block_lock); in nf_flow_table_init()
700 err = rhashtable_init(&flowtable->rhashtable, in nf_flow_table_init()
706 &flowtable->gc_work, HZ); in nf_flow_table_init()
709 list_add(&flowtable->list, &flowtables); in nf_flow_table_init()
732 void nf_flow_table_gc_cleanup(struct nf_flowtable *flowtable, in nf_flow_table_gc_cleanup()
418 nf_flow_table_iterate(struct nf_flowtable * flow_table,void (* iter)(struct nf_flowtable * flowtable,struct flow_offload * flow,void * data),void * data) nf_flow_table_iterate() argument
688 nf_flow_table_init(struct nf_flowtable * flowtable) nf_flow_table_init() argument
728 nf_flow_table_gc_cleanup(struct nf_flowtable * flowtable,struct net_device * dev) nf_flow_table_gc_cleanup() argument
738 struct nf_flowtable *flowtable; nf_flow_table_cleanup() local
[all...] |
| H A D | nf_tables_api.c | 905 struct nft_flowtable *flowtable) in nft_trans_flowtable_add() argument
915 nft_activate_next(ctx->net, flowtable); in nft_trans_flowtable_add()
918 nft_trans_flowtable(trans) = flowtable; in nft_trans_flowtable_add()
925 struct nft_flowtable *flowtable) in nft_delflowtable() argument
929 trans = nft_trans_flowtable_add(ctx, NFT_MSG_DELFLOWTABLE, flowtable); in nft_delflowtable()
933 nft_deactivate_next(ctx->net, flowtable); in nft_delflowtable()
1683 struct nft_flowtable *flowtable, *nft; in nft_flush_table() local
1715 list_for_each_entry_safe(flowtable, nft, &ctx->table->flowtables, list) { in nft_flush_table()
1716 if (!nft_is_active_next(ctx->net, flowtable)) in nft_flush_table()
1719 err = nft_delflowtable(ctx, flowtable); in nft_flush_table()
[all …]
|
| H A D | nf_flow_table_xdp.c | 133 int nf_flow_offload_xdp_setup(struct nf_flowtable *flowtable, in nf_flow_offload_xdp_setup() argument
139 return nf_flowtable_by_dev_insert(flowtable, dev); in nf_flow_offload_xdp_setup()
141 nf_flowtable_by_dev_remove(flowtable, dev); in nf_flow_offload_xdp_setup()
|
| H A D | nf_flow_table_path.c | 94 unsigned char *ha, struct nf_flowtable *flowtable) in nft_dev_path_info() argument
179 if (nf_flowtable_hw_offload(flowtable) && in nft_dev_path_info()
|
| /linux/include/net/netfilter/ |
| H A D | nf_flow_table.h | 89 static inline bool nf_flowtable_hw_offload(struct nf_flowtable *flowtable) in nf_flowtable_hw_offload() argument
91 return flowtable->flags & NF_FLOWTABLE_HW_OFFLOAD; in nf_flowtable_hw_offload()
313 void nf_flow_table_gc_cleanup(struct nf_flowtable *flowtable,
334 int nf_flow_offload_xdp_setup(struct nf_flowtable *flowtable,
354 MODULE_ALIAS("nf-flowtable-" __stringify(family))
356 void nf_flow_offload_add(struct nf_flowtable *flowtable, in __nf_flow_pppoe_proto()
358 void nf_flow_offload_del(struct nf_flowtable *flowtable, in __nf_flow_pppoe_proto()
360 void nf_flow_offload_stats(struct nf_flowtable *flowtable, in __nf_flow_pppoe_proto()
363 void nf_flow_table_offload_flush(struct nf_flowtable *flowtable); in __nf_flow_pppoe_proto()
364 void nf_flow_table_offload_flush_cleanup(struct nf_flowtable *flowtable); in __nf_flow_pppoe_proto()
[all...] |
| H A D | nf_tables.h | 1505 struct nft_flowtable *flowtable,
1835 struct nft_flowtable *flowtable; member
1844 nft_trans_container_flowtable(trans)->flowtable
|
| /linux/tools/testing/selftests/net/netfilter/ |
| H A D | nft_interface_stress.sh | 59 flowtable ft_${i} {
105 flowtable ft_wild {
|
| H A D | nft_flowtable.sh | 4 # This tests basic flowtable functionality.
164 flowtable f1 {
256 # flowtable fastpath should bypass normal routing one, i.e. the counters in forward hook
454 # partial. If flowtable really works, then both dscp-is-0 and dscp-is-cs3
564 # are lower than file size and packets were forwarded via flowtable layer.
565 # For earlier tests (large mtus), packets cannot be handled via flowtable
583 # Add IPIP tunnel interfaces and check flowtable acceleration.
|