OpenWrt – Blame information for rev 2
?pathlinks?
Rev | Author | Line No. | Line |
---|---|---|---|
1 | office | 1 | From: Felix Fietkau <nbd@nbd.name> |
2 | Date: Sun, 25 Feb 2018 15:38:31 +0100 |
||
3 | Subject: [PATCH] netfilter: nf_flow_table: add a new flow state for |
||
4 | tearing down offloading |
||
5 | |||
6 | Will be used to tear down the offload entry while keeping the conntrack |
||
7 | entry alive. |
||
8 | |||
9 | Signed-off-by: Felix Fietkau <nbd@nbd.name> |
||
10 | --- |
||
11 | |||
12 | --- a/include/net/netfilter/nf_flow_table.h |
||
13 | +++ b/include/net/netfilter/nf_flow_table.h |
||
14 | @@ -68,6 +68,7 @@ struct flow_offload_tuple_rhash { |
||
15 | #define FLOW_OFFLOAD_SNAT 0x1 |
||
16 | #define FLOW_OFFLOAD_DNAT 0x2 |
||
17 | #define FLOW_OFFLOAD_DYING 0x4 |
||
18 | +#define FLOW_OFFLOAD_TEARDOWN 0x8 |
||
19 | |||
20 | struct flow_offload { |
||
21 | struct flow_offload_tuple_rhash tuplehash[FLOW_OFFLOAD_DIR_MAX]; |
||
22 | @@ -103,6 +104,7 @@ void nf_flow_table_cleanup(struct net *n |
||
23 | int nf_flow_table_init(struct nf_flowtable *flow_table); |
||
24 | void nf_flow_table_free(struct nf_flowtable *flow_table); |
||
25 | |||
26 | +void flow_offload_teardown(struct flow_offload *flow); |
||
27 | static inline void flow_offload_dead(struct flow_offload *flow) |
||
28 | { |
||
29 | flow->flags |= FLOW_OFFLOAD_DYING; |
||
30 | --- a/net/netfilter/nf_flow_table_core.c |
||
31 | +++ b/net/netfilter/nf_flow_table_core.c |
||
32 | @@ -174,6 +174,12 @@ static void flow_offload_del(struct nf_f |
||
33 | flow_offload_free(flow); |
||
34 | } |
||
35 | |||
36 | +void flow_offload_teardown(struct flow_offload *flow) |
||
37 | +{ |
||
38 | + flow->flags |= FLOW_OFFLOAD_TEARDOWN; |
||
39 | +} |
||
40 | +EXPORT_SYMBOL_GPL(flow_offload_teardown); |
||
41 | + |
||
42 | struct flow_offload_tuple_rhash * |
||
43 | flow_offload_lookup(struct nf_flowtable *flow_table, |
||
44 | struct flow_offload_tuple *tuple) |
||
45 | @@ -226,11 +232,6 @@ static inline bool nf_flow_has_expired(c |
||
46 | return (__s32)(flow->timeout - (u32)jiffies) <= 0; |
||
47 | } |
||
48 | |||
49 | -static inline bool nf_flow_is_dying(const struct flow_offload *flow) |
||
50 | -{ |
||
51 | - return flow->flags & FLOW_OFFLOAD_DYING; |
||
52 | -} |
||
53 | - |
||
54 | static int nf_flow_offload_gc_step(struct nf_flowtable *flow_table) |
||
55 | { |
||
56 | struct flow_offload_tuple_rhash *tuplehash; |
||
57 | @@ -258,7 +259,8 @@ static int nf_flow_offload_gc_step(struc |
||
58 | flow = container_of(tuplehash, struct flow_offload, tuplehash[0]); |
||
59 | |||
60 | if (nf_flow_has_expired(flow) || |
||
61 | - nf_flow_is_dying(flow)) |
||
62 | + (flow->flags & (FLOW_OFFLOAD_DYING | |
||
63 | + FLOW_OFFLOAD_TEARDOWN))) |
||
64 | flow_offload_del(flow_table, flow); |
||
65 | } |
||
66 | out: |
||
67 | @@ -419,10 +421,14 @@ static void nf_flow_table_do_cleanup(str |
||
68 | { |
||
69 | struct net_device *dev = data; |
||
70 | |||
71 | - if (dev && flow->tuplehash[0].tuple.iifidx != dev->ifindex) |
||
72 | + if (!dev) { |
||
73 | + flow_offload_teardown(flow); |
||
74 | return; |
||
75 | + } |
||
76 | |||
77 | - flow_offload_dead(flow); |
||
78 | + if (flow->tuplehash[0].tuple.iifidx == dev->ifindex || |
||
79 | + flow->tuplehash[1].tuple.iifidx == dev->ifindex) |
||
80 | + flow_offload_dead(flow); |
||
81 | } |
||
82 | |||
83 | static void nf_flow_table_iterate_cleanup(struct nf_flowtable *flowtable, |