linux/include/net/netfilter
Pablo Neira Ayuso c9626a2cbd netfilter: nf_tables: add hardware offload support
This patch adds hardware offload support for nftables through the
existing netdev_ops->ndo_setup_tc() interface, the TC_SETUP_CLSFLOWER
classifier and the flow rule API. This hardware offload support is
available for the NFPROTO_NETDEV family and the ingress hook.

Each nftables expression has a new ->offload interface, that is used to
populate the flow rule object that is attached to the transaction
object.

There is a new per-table NFT_TABLE_F_HW flag, that is set on to offload
an entire table, including all of its chains.

This patch supports for basic metadata (layer 3 and 4 protocol numbers),
5-tuple payload matching and the accept/drop actions; this also includes
basechain hardware offload only.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-07-09 14:38:51 -07:00
..
ipv4 netfilter: nf_nat: merge ip/ip6 masquerade headers 2019-04-11 20:59:21 +02:00
ipv6 netfilter: nf_nat: merge ip/ip6 masquerade headers 2019-04-11 20:59:21 +02:00
br_netfilter.h netfilter: bridge: port sysctls to use brnf_net 2019-06-17 16:36:30 +02:00
nf_conntrack.h netfilter: conntrack: small conntrack lookup optimization 2019-06-17 16:35:30 +02:00
nf_conntrack_acct.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
nf_conntrack_bridge.h netfilter: bridge: add connection tracking system 2019-05-30 14:18:18 -07:00
nf_conntrack_core.h netfilter: bridge: add connection tracking system 2019-05-30 14:18:18 -07:00
nf_conntrack_count.h netfilter: nf_conncount: speculative garbage collection on empty lists 2018-12-29 02:45:22 +01:00
nf_conntrack_ecache.h netfilter: conntrack: remove empty pernet fini stubs 2018-12-21 00:51:54 +01:00
nf_conntrack_expect.h netfilter: replace NF_NAT_NEEDED with IS_ENABLED(CONFIG_NF_NAT) 2019-04-08 23:02:52 +02:00
nf_conntrack_extend.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
nf_conntrack_helper.h netfilter: add API to manage NAT helpers. 2019-04-30 14:19:55 +02:00
nf_conntrack_l4proto.h netfilter: conntrack: don't set related state for different outer address 2019-04-13 14:52:57 +02:00
nf_conntrack_labels.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
nf_conntrack_seqadj.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
nf_conntrack_synproxy.h netfilter: nf_tables: Add synproxy support 2019-07-05 21:34:23 +02:00
nf_conntrack_timeout.h netfilter: Export nf_ct_{set,destroy}_timeout() 2019-03-28 16:53:29 -07:00
nf_conntrack_timestamp.h netfilter: conntrack: remove empty pernet fini stubs 2018-12-21 00:51:54 +01:00
nf_conntrack_tuple.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
nf_conntrack_zones.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
nf_dup_netdev.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
nf_flow_table.h netfilter: nf_flow_table: remove unnecessary variable in flow_offload_tuple 2019-05-31 18:02:42 +02:00
nf_log.h netfilter: check if the socket netns is correct. 2018-06-28 22:21:32 +09:00
nf_nat.h netfilter: nat: add inet family nat support 2019-04-08 23:01:39 +02:00
nf_nat_helper.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
nf_nat_masquerade.h netfilter: nf_nat_masquerade: unify ipv4/6 notifier registration 2019-04-11 20:59:34 +02:00
nf_nat_redirect.h netfilter: add NAT support for shifted portmap ranges 2018-04-24 10:29:12 +02:00
nf_queue.h netfilter: nf_queue: remove unused hook entries pointer 2019-07-04 02:29:49 +02:00
nf_reject.h netfilter: reject: skip csum verification for protocols that don't support it 2019-02-13 10:03:53 +01:00
nf_socket.h netfilter: Decrease code duplication regarding transparent socket option 2018-06-03 00:02:01 +02:00
nf_synproxy.h netfilter: nf_tables: Add synproxy support 2019-07-05 21:34:23 +02:00
nf_tables.h netfilter: nf_tables: add hardware offload support 2019-07-09 14:38:51 -07:00
nf_tables_core.h netfilter: nf_tables: add direct calls for all builtin expressions 2019-01-18 15:02:33 +01:00
nf_tables_ipv4.h netfilter: nf_tables_inet: don't use multihook infrastructure anymore 2018-01-08 18:01:20 +01:00
nf_tables_ipv6.h netfilter: nf_tables_inet: don't use multihook infrastructure anymore 2018-01-08 18:01:20 +01:00
nf_tables_offload.h netfilter: nf_tables: add hardware offload support 2019-07-09 14:38:51 -07:00
nf_tproxy.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2018-07-20 22:28:28 -07:00
nft_fib.h netfilter: nft_fib: Fix existence check support 2019-05-21 16:10:38 +02:00
nft_meta.h netfilter: nft_meta: move bridge meta keys into nft_meta_bridge 2019-07-05 21:34:47 +02:00
nft_reject.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
xt_rateest.h netfilter: make xt_rateest hash table per net 2018-03-05 23:15:44 +01:00