1 From: Pablo Neira Ayuso <pablo@netfilter.org>
2 Date: Tue, 2 Feb 2021 17:10:07 +0100
3 Subject: [PATCH] netfilter: nft_flow_offload: use direct xmit if
4 hardware offload is enabled
6 If there is a forward path to reach an ethernet device and hardware
7 offload is enabled, then use the direct xmit path.
10 --- a/net/netfilter/nft_flow_offload.c
11 +++ b/net/netfilter/nft_flow_offload.c
12 @@ -73,9 +73,18 @@ struct nft_forward_info {
13 enum flow_offload_xmit_type xmit_type;
16 +static bool nft_is_valid_ether_device(const struct net_device *dev)
18 + if (!dev || (dev->flags & IFF_LOOPBACK) || dev->type != ARPHRD_ETHER ||
19 + dev->addr_len != ETH_ALEN || !is_valid_ether_addr(dev->dev_addr))
25 static void nft_dev_path_info(const struct net_device_path_stack *stack,
26 struct nft_forward_info *info,
28 + unsigned char *ha, struct nf_flowtable *flowtable)
30 const struct net_device_path *path;
32 @@ -131,6 +140,10 @@ static void nft_dev_path_info(const stru
37 + if (nf_flowtable_hw_offload(flowtable) &&
38 + nft_is_valid_ether_device(info->dev))
39 + info->xmit_type = FLOW_OFFLOAD_XMIT_DIRECT;
42 static bool nft_flowtable_find_dev(const struct net_device *dev,
43 @@ -162,7 +175,7 @@ static void nft_dev_forward_path(struct
46 if (nft_dev_fill_forward_path(route, dst, ct, dir, ha, &stack) >= 0)
47 - nft_dev_path_info(&stack, &info, ha);
48 + nft_dev_path_info(&stack, &info, ha, &ft->data);
50 if (!info.dev || !nft_flowtable_find_dev(info.dev, ft))