net/sched: act_ct: Fill offloading tuple iifidx
Driver offloading ct tuples can use the information of which devices received the packets that created the offloaded connections, to more efficiently offload them only to the relevant device. Add new act_ct nf conntrack extension, which is used to store the skb devices before offloading the connection, and then fill in the tuple iifindex so drivers can get the device via metadata dissector match. Signed-off-by: Oz Shlomo <ozsh@nvidia.com> Signed-off-by: Paul Blakey <paulb@nvidia.com> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Paul Blakey
committed by
David S. Miller
David S. Miller
parent
9d2c27aad0
commit
9795ded7f9
50
include/net/netfilter/nf_conntrack_act_ct.h
Normal file
50
include/net/netfilter/nf_conntrack_act_ct.h
Normal file
@ -0,0 +1,50 @@
|
||||
/* SPDX-License-Identifier: GPL-2.0 */
|
||||
|
||||
#ifndef _NF_CONNTRACK_ACT_CT_H
|
||||
#define _NF_CONNTRACK_ACT_CT_H
|
||||
|
||||
#include <net/netfilter/nf_conntrack.h>
|
||||
#include <linux/netfilter/nf_conntrack_common.h>
|
||||
#include <net/netfilter/nf_conntrack_extend.h>
|
||||
|
||||
struct nf_conn_act_ct_ext {
|
||||
int ifindex[IP_CT_DIR_MAX];
|
||||
};
|
||||
|
||||
static inline struct nf_conn_act_ct_ext *nf_conn_act_ct_ext_find(const struct nf_conn *ct)
|
||||
{
|
||||
#if IS_ENABLED(CONFIG_NET_ACT_CT)
|
||||
return nf_ct_ext_find(ct, NF_CT_EXT_ACT_CT);
|
||||
#else
|
||||
return NULL;
|
||||
#endif
|
||||
}
|
||||
|
||||
static inline struct nf_conn_act_ct_ext *nf_conn_act_ct_ext_add(struct nf_conn *ct)
|
||||
{
|
||||
#if IS_ENABLED(CONFIG_NET_ACT_CT)
|
||||
struct nf_conn_act_ct_ext *act_ct = nf_ct_ext_find(ct, NF_CT_EXT_ACT_CT);
|
||||
|
||||
if (act_ct)
|
||||
return act_ct;
|
||||
|
||||
act_ct = nf_ct_ext_add(ct, NF_CT_EXT_ACT_CT, GFP_ATOMIC);
|
||||
return act_ct;
|
||||
#else
|
||||
return NULL;
|
||||
#endif
|
||||
}
|
||||
|
||||
static inline void nf_conn_act_ct_ext_fill(struct sk_buff *skb, struct nf_conn *ct,
|
||||
enum ip_conntrack_info ctinfo)
|
||||
{
|
||||
#if IS_ENABLED(CONFIG_NET_ACT_CT)
|
||||
struct nf_conn_act_ct_ext *act_ct_ext;
|
||||
|
||||
act_ct_ext = nf_conn_act_ct_ext_find(ct);
|
||||
if (dev_net(skb->dev) == &init_net && act_ct_ext)
|
||||
act_ct_ext->ifindex[CTINFO2DIR(ctinfo)] = skb->dev->ifindex;
|
||||
#endif
|
||||
}
|
||||
|
||||
#endif /* _NF_CONNTRACK_ACT_CT_H */
|
||||
@ -27,6 +27,9 @@ enum nf_ct_ext_id {
|
||||
#endif
|
||||
#if IS_ENABLED(CONFIG_NETFILTER_SYNPROXY)
|
||||
NF_CT_EXT_SYNPROXY,
|
||||
#endif
|
||||
#if IS_ENABLED(CONFIG_NET_ACT_CT)
|
||||
NF_CT_EXT_ACT_CT,
|
||||
#endif
|
||||
NF_CT_EXT_NUM,
|
||||
};
|
||||
@ -40,6 +43,7 @@ enum nf_ct_ext_id {
|
||||
#define NF_CT_EXT_TIMEOUT_TYPE struct nf_conn_timeout
|
||||
#define NF_CT_EXT_LABELS_TYPE struct nf_conn_labels
|
||||
#define NF_CT_EXT_SYNPROXY_TYPE struct nf_conn_synproxy
|
||||
#define NF_CT_EXT_ACT_CT_TYPE struct nf_conn_act_ct_ext
|
||||
|
||||
/* Extensions: optional stuff which isn't permanently in struct. */
|
||||
struct nf_ct_ext {
|
||||
|
||||
Reference in New Issue
Block a user