| /linux/Documentation/networking/ |
| H A D | nf_flowtable.rst | 4 Netfilter's flowtable infrastructure
7 This documentation describes the Netfilter flowtable infrastructure which allows
8 you to define a fastpath through the flowtable datapath. This infrastructure
9 also provides hardware offload support. The flowtable supports for the layer 3
17 flowtable through your ruleset. The flowtable infrastructure provides a rule
18 action that allows you to specify when to add a flow to the flowtable.
20 A packet that finds a matching entry in the flowtable (ie. flowtable hit) is
24 there is no matching entry in the flowtable (ie. flowtable miss), the packet
27 The flowtable uses a resizable hashtable. Lookups are based on the following
32 The 'flow add' action allows you to populate the flowtable, the user selectively
[all …]
|
| /linux/net/netfilter/ |
| H A D | nf_flow_table_offload.c | 27 struct nf_flowtable *flowtable; member
802 const struct nf_flowtable *flowtable = offload->flowtable; in nf_flow_offload_rule_alloc() local
831 if (flowtable->type->action(net, flow, dir, flow_rule) < 0) in nf_flow_offload_rule_alloc()
871 struct net *net = read_pnet(&offload->flowtable->net); in nf_flow_offload_alloc()
901 static int nf_flow_offload_tuple(struct nf_flowtable *flowtable, in nf_flow_offload_tuple() argument
920 down_read(&flowtable->flow_block_lock); in nf_flow_offload_tuple()
929 up_read(&flowtable->flow_block_lock); in nf_flow_offload_tuple()
941 return nf_flow_offload_tuple(offload->flowtable, offload->flow, in flow_offload_tuple_add()
943 offload->flowtable->priority, in flow_offload_tuple_add()
945 &offload->flowtable->flow_block.cb_list); in flow_offload_tuple_add()
[all …]
|
| H A D | nf_flow_table_core.c | 423 void (*iter)(struct nf_flowtable *flowtable, in nf_flow_table_iterate() argument
693 int nf_flow_table_init(struct nf_flowtable *flowtable) in nf_flow_table_init() argument
697 INIT_DELAYED_WORK(&flowtable->gc_work, nf_flow_offload_work_gc); in nf_flow_table_init()
698 flow_block_init(&flowtable->flow_block); in nf_flow_table_init()
699 init_rwsem(&flowtable->flow_block_lock); in nf_flow_table_init()
701 err = rhashtable_init(&flowtable->rhashtable, in nf_flow_table_init()
707 &flowtable->gc_work, HZ); in nf_flow_table_init()
710 list_add(&flowtable->list, &flowtables); in nf_flow_table_init()
733 void nf_flow_table_gc_cleanup(struct nf_flowtable *flowtable, in nf_flow_table_gc_cleanup() argument
736 nf_flow_table_iterate(flowtable, nf_flow_table_do_cleanup, dev); in nf_flow_table_gc_cleanup()
[all …]
|
| H A D | nf_tables_api.c | 943 struct nft_flowtable *flowtable) in nft_trans_flowtable_add() argument
953 nft_activate_next(ctx->net, flowtable); in nft_trans_flowtable_add()
956 nft_trans_flowtable(trans) = flowtable; in nft_trans_flowtable_add()
963 struct nft_flowtable *flowtable) in nft_delflowtable() argument
967 trans = nft_trans_flowtable_add(ctx, NFT_MSG_DELFLOWTABLE, flowtable); in nft_delflowtable()
971 nft_deactivate_next(ctx->net, flowtable); in nft_delflowtable()
1669 struct nft_flowtable *flowtable, *nft; in nft_flush_table() local
1701 list_for_each_entry_safe(flowtable, nft, &ctx->table->flowtables, list) { in nft_flush_table()
1702 if (!nft_is_active_next(ctx->net, flowtable)) in nft_flush_table()
1705 err = nft_delflowtable(ctx, flowtable); in nft_flush_table()
[all …]
|
| H A D | nf_flow_table_xdp.c | 133 int nf_flow_offload_xdp_setup(struct nf_flowtable *flowtable, in nf_flow_offload_xdp_setup() argument
139 return nf_flowtable_by_dev_insert(flowtable, dev); in nf_flow_offload_xdp_setup()
141 nf_flowtable_by_dev_remove(flowtable, dev); in nf_flow_offload_xdp_setup()
|
| H A D | nf_flow_table_path.c | 95 unsigned char *ha, struct nf_flowtable *flowtable) in nft_dev_path_info() argument
183 if (nf_flowtable_hw_offload(flowtable) && in nft_dev_path_info()
|
| /linux/include/net/netfilter/ |
| H A D | nf_flow_table.h | 89 static inline bool nf_flowtable_hw_offload(struct nf_flowtable *flowtable) in nf_flowtable_hw_offload() argument
91 return flowtable->flags & NF_FLOWTABLE_HW_OFFLOAD; in nf_flowtable_hw_offload()
315 void nf_flow_table_gc_cleanup(struct nf_flowtable *flowtable,
336 int nf_flow_offload_xdp_setup(struct nf_flowtable *flowtable,
358 void nf_flow_offload_add(struct nf_flowtable *flowtable,
360 void nf_flow_offload_del(struct nf_flowtable *flowtable,
362 void nf_flow_offload_stats(struct nf_flowtable *flowtable,
365 void nf_flow_table_offload_flush(struct nf_flowtable *flowtable);
366 void nf_flow_table_offload_flush_cleanup(struct nf_flowtable *flowtable);
368 int nf_flow_table_offload_setup(struct nf_flowtable *flowtable,
|
| H A D | nf_tables.h | 1496 struct nft_flowtable *flowtable,
1836 struct nft_flowtable *flowtable; member
1845 nft_trans_container_flowtable(trans)->flowtable
|
| /linux/tools/testing/selftests/net/netfilter/ |
| H A D | nft_interface_stress.sh | 59 flowtable ft_${i} {
105 flowtable ft_wild {
|
| H A D | nft_flowtable.sh | 4 # This tests basic flowtable functionality.
164 flowtable f1 {
256 # flowtable fastpath should bypass normal routing one, i.e. the counters in forward hook
454 # partial. If flowtable really works, then both dscp-is-0 and dscp-is-cs3
564 # are lower than file size and packets were forwarded via flowtable layer.
565 # For earlier tests (large mtus), packets cannot be handled via flowtable
583 # Add IPIP tunnel interfaces and check flowtable acceleration.
|