Eric Lee / smarc-fsl-linux-kernel

06 Feb, 2020

1 commit

  • e853e3f9f   netfilter: nf_tables_offload: fix check the chain offload flag ... Browse Code »

    [ Upstream commit c83de17dd6308fb74696923e5245de0e3c427206 ]

    In the nft_indr_block_cb the chain should check the flag with
    NFT_CHAIN_HW_OFFLOAD.

    Fixes: 9a32669fecfb ("netfilter: nf_tables_offload: support indr block call")
    Signed-off-by: wenxu
    Signed-off-by: Pablo Neira Ayuso
    Signed-off-by: Sasha Levin

    wenxu
     

18 Jan, 2020

1 commit

12 Jan, 2020

2 commits

18 Dec, 2019

1 commit

  • 1b511a9d2   net: core: rename indirect block ingress cb function ... Browse Code »

    [ Upstream commit dbad3408896c3c5722ec9cda065468b3df16c5bf ]

    With indirect blocks, a driver can register for callbacks from a device
    that is does not 'own', for example, a tunnel device. When registering to
    or unregistering from a new device, a callback is triggered to generate
    a bind/unbind event. This, in turn, allows the driver to receive any
    existing rules or to properly clean up installed rules.

    When first added, it was assumed that all indirect block registrations
    would be for ingress offloads. However, the NFP driver can, in some
    instances, support clsact qdisc binds for egress offload.

    Change the name of the indirect block callback command in flow_offload to
    remove the 'ingress' identifier from it. While this does not change
    functionality, a follow up patch will implement a more more generic
    callback than just those currently just supporting ingress offload.

    Fixes: 4d12ba42787b ("nfp: flower: allow offloading of matches on 'internal' ports")
    Signed-off-by: John Hurley
    Acked-by: Jakub Kicinski
    Signed-off-by: David S. Miller
    Signed-off-by: Greg Kroah-Hartman

    John Hurley
     

05 Nov, 2019

1 commit

23 Oct, 2019

1 commit

20 Sep, 2019

1 commit

13 Sep, 2019

4 commits

11 Sep, 2019

1 commit

  • be2861dc3   netfilter: nft_{fwd,dup}_netdev: add offload support ... Browse Code »

    This patch adds support for packet mirroring and redirection. The
    nft_fwd_dup_netdev_offload() function configures the flow_action object
    for the fwd and the dup actions.

    Extend nft_flow_rule_destroy() to release the net_device object when the
    flow_rule object is released, since nft_fwd_dup_netdev_offload() bumps
    the net_device reference counter.

    Signed-off-by: Pablo Neira Ayuso
    Acked-by: wenxu

    Pablo Neira Ayuso
     

09 Sep, 2019

2 commits

20 Aug, 2019

1 commit

19 Aug, 2019

1 commit

  • 3bc158f8d   netfilter: nf_tables: map basechain priority to hardware priority ... Browse Code »

    This patch adds initial support for offloading basechains using the
    priority range from 1 to 65535. This is restricting the netfilter
    priority range to 16-bit integer since this is what most drivers assume
    so far from tc. It should be possible to extend this range of supported
    priorities later on once drivers are updated to support for 32-bit
    integer priorities.

    Signed-off-by: Pablo Neira Ayuso
    Signed-off-by: David S. Miller

    Pablo Neira Ayuso
     

09 Aug, 2019

1 commit

  • 9a32669fe   netfilter: nf_tables_offload: support indr block call ... Browse Code »

    nftable support indr-block call. It makes nftable an offload vlan
    and tunnel device.

    nft add table netdev firewall
    nft add chain netdev firewall aclout { type filter hook ingress offload device mlx_pf0vf0 priority - 300 \; }
    nft add rule netdev firewall aclout ip daddr 10.0.0.1 fwd to vlan0
    nft add chain netdev firewall aclin { type filter hook ingress device vlan0 priority - 300 \; }
    nft add rule netdev firewall aclin ip daddr 10.0.0.7 fwd to mlx_pf0vf0

    Signed-off-by: wenxu
    Acked-by: Jakub Kicinski
    Signed-off-by: David S. Miller

    wenxu
     

20 Jul, 2019

1 commit

  • 14bfb13f0   net: flow_offload: add flow_block structure and use it ... Browse Code »

    This object stores the flow block callbacks that are attached to this
    block. Update flow_block_cb_lookup() to take this new object.

    This patch restores the block sharing feature.

    Fixes: da3eeb904ff4 ("net: flow_offload: add list handling functions")
    Signed-off-by: Pablo Neira Ayuso
    Acked-by: Jiri Pirko
    Signed-off-by: David S. Miller

    Pablo Neira Ayuso
     

10 Jul, 2019

1 commit

  • c9626a2cb   netfilter: nf_tables: add hardware offload support ... Browse Code »

    This patch adds hardware offload support for nftables through the
    existing netdev_ops->ndo_setup_tc() interface, the TC_SETUP_CLSFLOWER
    classifier and the flow rule API. This hardware offload support is
    available for the NFPROTO_NETDEV family and the ingress hook.

    Each nftables expression has a new ->offload interface, that is used to
    populate the flow rule object that is attached to the transaction
    object.

    There is a new per-table NFT_TABLE_F_HW flag, that is set on to offload
    an entire table, including all of its chains.

    This patch supports for basic metadata (layer 3 and 4 protocol numbers),
    5-tuple payload matching and the accept/drop actions; this also includes
    basechain hardware offload only.

    Signed-off-by: Pablo Neira Ayuso
    Signed-off-by: David S. Miller

    Pablo Neira Ayuso