| /linux/Documentation/networking/ |
| H A D | nf_flowtable.rst | 4 Netfilter's flowtable infrastructure
7 This documentation describes the Netfilter flowtable infrastructure which allows
8 you to define a fastpath through the flowtable datapath. This infrastructure
9 also provides hardware offload support. The flowtable supports for the layer 3
17 flowtable through your ruleset. The flowtable infrastructure provides a rule
18 action that allows you to specify when to add a flow to the flowtable.
20 A packet that finds a matching entry in the flowtable (ie. flowtable hit) is
24 there is no matching entry in the flowtable (ie. flowtable miss), the packet
27 The flowtable uses a resizable hashtable. Lookups are based on the following
32 The 'flow add' action allows you to populate the flowtable, the user selectively
[all …]
|
| /linux/net/netfilter/ |
| H A D | nf_flow_table_offload.c | 23 struct nf_flowtable *flowtable; member
736 const struct nf_flowtable *flowtable = offload->flowtable; in nf_flow_offload_rule_alloc() local
765 if (flowtable->type->action(net, flow, dir, flow_rule) < 0) in nf_flow_offload_rule_alloc()
805 struct net *net = read_pnet(&offload->flowtable->net); in nf_flow_offload_alloc()
835 static int nf_flow_offload_tuple(struct nf_flowtable *flowtable, in nf_flow_offload_tuple() argument
854 down_read(&flowtable->flow_block_lock); in nf_flow_offload_tuple()
863 up_read(&flowtable->flow_block_lock); in nf_flow_offload_tuple()
875 return nf_flow_offload_tuple(offload->flowtable, offload->flow, in flow_offload_tuple_add()
877 offload->flowtable->priority, in flow_offload_tuple_add()
879 &offload->flowtable->flow_block.cb_list); in flow_offload_tuple_add()
[all …]
|
| H A D | nft_flow_offload.c | 20 struct nft_flowtable *flowtable; member
97 unsigned char *ha, struct nf_flowtable *flowtable) in nft_dev_path_info() argument
166 if (nf_flowtable_hw_offload(flowtable) && in nft_dev_path_info()
297 struct nf_flowtable *flowtable = &priv->flowtable->data; in nft_flow_offload_eval() local
351 if (nft_flow_route(pkt, ct, &route, dir, priv->flowtable) < 0) in nft_flow_offload_eval()
366 ret = flow_offload_add(flowtable, flow); in nft_flow_offload_eval()
407 struct nft_flowtable *flowtable; in nft_flow_offload_init() local
412 flowtable = nft_flowtable_lookup(ctx->table, tb[NFTA_FLOW_TABLE_NAME], in nft_flow_offload_init()
414 if (IS_ERR(flowtable)) in nft_flow_offload_init()
415 return PTR_ERR(flowtable); in nft_flow_offload_init()
[all …]
|
| H A D | nf_flow_table_core.c | 378 void (*iter)(struct nf_flowtable *flowtable, in nf_flow_table_iterate() argument
541 int nf_flow_table_init(struct nf_flowtable *flowtable) in nf_flow_table_init() argument
545 INIT_DELAYED_WORK(&flowtable->gc_work, nf_flow_offload_work_gc); in nf_flow_table_init()
546 flow_block_init(&flowtable->flow_block); in nf_flow_table_init()
547 init_rwsem(&flowtable->flow_block_lock); in nf_flow_table_init()
549 err = rhashtable_init(&flowtable->rhashtable, in nf_flow_table_init()
555 &flowtable->gc_work, HZ); in nf_flow_table_init()
558 list_add(&flowtable->list, &flowtables); in nf_flow_table_init()
581 void nf_flow_table_gc_cleanup(struct nf_flowtable *flowtable, in nf_flow_table_gc_cleanup() argument
584 nf_flow_table_iterate(flowtable, nf_flow_table_do_cleanup, dev); in nf_flow_table_gc_cleanup()
[all …]
|
| H A D | nf_flow_table_xdp.c | 133 int nf_flow_offload_xdp_setup(struct nf_flowtable *flowtable, in nf_flow_offload_xdp_setup() argument
139 return nf_flowtable_by_dev_insert(flowtable, dev); in nf_flow_offload_xdp_setup()
141 nf_flowtable_by_dev_remove(flowtable, dev); in nf_flow_offload_xdp_setup()
|
| H A D | nf_tables_api.c | 751 struct nft_flowtable *flowtable) in nft_trans_flowtable_add() argument
761 nft_activate_next(ctx->net, flowtable); in nft_trans_flowtable_add()
764 nft_trans_flowtable(trans) = flowtable; in nft_trans_flowtable_add()
771 struct nft_flowtable *flowtable) in nft_delflowtable() argument
775 trans = nft_trans_flowtable_add(ctx, NFT_MSG_DELFLOWTABLE, flowtable); in nft_delflowtable()
779 nft_deactivate_next(ctx->net, flowtable); in nft_delflowtable()
1526 struct nft_flowtable *flowtable, *nft; in nft_flush_table() local
1558 list_for_each_entry_safe(flowtable, nft, &ctx->table->flowtables, list) { in nft_flush_table()
1559 if (!nft_is_active_next(ctx->net, flowtable)) in nft_flush_table()
1562 err = nft_delflowtable(ctx, flowtable); in nft_flush_table()
[all …]
|
| /linux/include/net/netfilter/ |
| H A D | nf_flow_table.h | 89 static inline bool nf_flowtable_hw_offload(struct nf_flowtable *flowtable) in nf_flowtable_hw_offload() argument
91 return flowtable->flags & NF_FLOWTABLE_HW_OFFLOAD; in nf_flowtable_hw_offload()
288 void nf_flow_table_gc_cleanup(struct nf_flowtable *flowtable,
309 int nf_flow_offload_xdp_setup(struct nf_flowtable *flowtable,
331 void nf_flow_offload_add(struct nf_flowtable *flowtable,
333 void nf_flow_offload_del(struct nf_flowtable *flowtable,
335 void nf_flow_offload_stats(struct nf_flowtable *flowtable,
338 void nf_flow_table_offload_flush(struct nf_flowtable *flowtable);
339 void nf_flow_table_offload_flush_cleanup(struct nf_flowtable *flowtable);
341 int nf_flow_table_offload_setup(struct nf_flowtable *flowtable,
|
| H A D | nf_tables.h | 1475 struct nft_flowtable *flowtable,
1804 struct nft_flowtable *flowtable; member
1813 nft_trans_container_flowtable(trans)->flowtable
|
| /linux/tools/testing/selftests/net/netfilter/ |
| H A D | nft_flowtable.sh | 155 flowtable f1 {
|