Searched refs:flowtable (Results 1 – 8 of 8) sorted by relevance
| /kernel/linux/linux-5.10/Documentation/networking/ |
| D | nf_flowtable.rst | 4 Netfilter's flowtable infrastructure
7 This documentation describes the software flowtable infrastructure available in
15 in both directions), then you can decide to offload the flow to the flowtable
18 Packets that find an entry in the flowtable (ie. flowtable hit) are sent to the
21 netfilter hooks coming after the ingress). In case of flowtable miss, the packet
24 The flowtable uses a resizable hashtable, lookups are based on the following
35 including the Netfilter hooks and the flowtable fastpath bypass.
53 flowtable | ____\/___ | |
59 |_____| | flowtable |
67 Fig.1 Netfilter hooks and flowtable interactions
[all …]
|
| /kernel/linux/linux-5.10/net/netfilter/ |
| D | nf_flow_table_offload.c | 22 struct nf_flowtable *flowtable; member
580 const struct nf_flowtable *flowtable = offload->flowtable; in nf_flow_offload_rule_alloc() local
606 if (flowtable->type->action(net, flow, dir, flow_rule) < 0) in nf_flow_offload_rule_alloc()
646 struct net *net = read_pnet(&offload->flowtable->net); in nf_flow_offload_alloc()
676 static int nf_flow_offload_tuple(struct nf_flowtable *flowtable, in nf_flow_offload_tuple() argument
695 down_read(&flowtable->flow_block_lock); in nf_flow_offload_tuple()
704 up_read(&flowtable->flow_block_lock); in nf_flow_offload_tuple()
716 return nf_flow_offload_tuple(offload->flowtable, offload->flow, in flow_offload_tuple_add()
719 &offload->flowtable->flow_block.cb_list); in flow_offload_tuple_add()
725 nf_flow_offload_tuple(offload->flowtable, offload->flow, NULL, dir, in flow_offload_tuple_del()
[all …]
|
| D | nft_flow_offload.c | 19 struct nft_flowtable *flowtable; member
75 struct nf_flowtable *flowtable = &priv->flowtable->data; in nft_flow_offload_eval() local
130 ret = flow_offload_add(flowtable, flow); in nft_flow_offload_eval()
167 struct nft_flowtable *flowtable; in nft_flow_offload_init() local
172 flowtable = nft_flowtable_lookup(ctx->table, tb[NFTA_FLOW_TABLE_NAME], in nft_flow_offload_init()
174 if (IS_ERR(flowtable)) in nft_flow_offload_init()
175 return PTR_ERR(flowtable); in nft_flow_offload_init()
177 priv->flowtable = flowtable; in nft_flow_offload_init()
178 flowtable->use++; in nft_flow_offload_init()
189 nf_tables_deactivate_flowtable(ctx, priv->flowtable, phase); in nft_flow_offload_deactivate()
[all …]
|
| D | nf_flow_table_core.c | 504 int nf_flow_table_init(struct nf_flowtable *flowtable) in nf_flow_table_init() argument
508 INIT_DELAYED_WORK(&flowtable->gc_work, nf_flow_offload_work_gc); in nf_flow_table_init()
509 flow_block_init(&flowtable->flow_block); in nf_flow_table_init()
510 init_rwsem(&flowtable->flow_block_lock); in nf_flow_table_init()
512 err = rhashtable_init(&flowtable->rhashtable, in nf_flow_table_init()
518 &flowtable->gc_work, HZ); in nf_flow_table_init()
521 list_add(&flowtable->list, &flowtables); in nf_flow_table_init()
543 void nf_flow_table_gc_cleanup(struct nf_flowtable *flowtable, in nf_flow_table_gc_cleanup() argument
546 nf_flow_table_iterate(flowtable, nf_flow_table_do_cleanup, dev); in nf_flow_table_gc_cleanup()
547 flush_delayed_work(&flowtable->gc_work); in nf_flow_table_gc_cleanup()
[all …]
|
| D | nf_tables_api.c | 508 struct nft_flowtable *flowtable) in nft_trans_flowtable_add() argument
518 nft_activate_next(ctx->net, flowtable); in nft_trans_flowtable_add()
521 nft_trans_flowtable(trans) = flowtable; in nft_trans_flowtable_add()
528 struct nft_flowtable *flowtable) in nft_delflowtable() argument
532 err = nft_trans_flowtable_add(ctx, NFT_MSG_DELFLOWTABLE, flowtable); in nft_delflowtable()
536 nft_deactivate_next(ctx->net, flowtable); in nft_delflowtable()
1130 struct nft_flowtable *flowtable, *nft; in nft_flush_table() local
1163 list_for_each_entry_safe(flowtable, nft, &ctx->table->flowtables, list) { in nft_flush_table()
1164 if (!nft_is_active_next(ctx->net, flowtable)) in nft_flush_table()
1167 err = nft_delflowtable(ctx, flowtable); in nft_flush_table()
[all …]
|
| /kernel/linux/linux-5.10/include/net/netfilter/ |
| D | nf_flow_table.h | 81 static inline bool nf_flowtable_hw_offload(struct nf_flowtable *flowtable) in nf_flowtable_hw_offload() argument
83 return flowtable->flags & NF_FLOWTABLE_HW_OFFLOAD; in nf_flowtable_hw_offload()
218 void nf_flow_table_gc_cleanup(struct nf_flowtable *flowtable,
246 void nf_flow_offload_add(struct nf_flowtable *flowtable,
248 void nf_flow_offload_del(struct nf_flowtable *flowtable,
250 void nf_flow_offload_stats(struct nf_flowtable *flowtable,
253 void nf_flow_table_offload_flush(struct nf_flowtable *flowtable);
254 int nf_flow_table_offload_setup(struct nf_flowtable *flowtable,
|
| D | nf_tables.h | 1255 struct nft_flowtable *flowtable,
1513 struct nft_flowtable *flowtable; member
1520 (((struct nft_trans_flowtable *)trans->data)->flowtable)
|
| /kernel/linux/linux-5.10/tools/testing/selftests/netfilter/ |
| D | nft_flowtable.sh | 153 flowtable f1 {
|