diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-03-24 02:30:41 +0100 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2021-03-24 12:48:39 -0700 |
commit | 4cd91f7c290f64fe430867ddbae10bff34657b6a (patch) | |
tree | dbb745f8344be02727179413bad095b782608991 /include/net/netfilter | |
parent | 7a27f6ab41356ecba47ec2bec6d635704c169779 (diff) |
netfilter: flowtable: add vlan support
Add the vlan id and protocol to the flow tuple to uniquely identify
flows from the receive path. For the transmit path, dev_hard_header() on
the vlan device push the headers. This patch includes support for two
vlan headers (QinQ) from the ingress path.
Add a generic encap field to the flowtable entry which stores the
protocol and the tag id. This allows to reuse these fields in the PPPoE
support coming in a later patch.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/net/netfilter')
-rw-r--r-- | include/net/netfilter/nf_flow_table.h | 17 |
1 files changed, 14 insertions, 3 deletions
diff --git a/include/net/netfilter/nf_flow_table.h b/include/net/netfilter/nf_flow_table.h index 41c8436bc77e..e34fd3eb4bb5 100644 --- a/include/net/netfilter/nf_flow_table.h +++ b/include/net/netfilter/nf_flow_table.h @@ -95,6 +95,8 @@ enum flow_offload_xmit_type { FLOW_OFFLOAD_XMIT_DIRECT, }; +#define NF_FLOW_TABLE_ENCAP_MAX 2 + struct flow_offload_tuple { union { struct in_addr src_v4; @@ -113,13 +115,17 @@ struct flow_offload_tuple { u8 l3proto; u8 l4proto; + struct { + u16 id; + __be16 proto; + } encap[NF_FLOW_TABLE_ENCAP_MAX]; /* All members above are keys for lookups, see flow_offload_hash(). */ struct { } __hash; - u8 dir:6, - xmit_type:2; - + u8 dir:4, + xmit_type:2, + encap_num:2; u16 mtu; union { struct dst_entry *dst_cache; @@ -174,6 +180,11 @@ struct nf_flow_route { struct dst_entry *dst; struct { u32 ifindex; + struct { + u16 id; + __be16 proto; + } encap[NF_FLOW_TABLE_ENCAP_MAX]; + u8 num_encaps; } in; struct { u32 ifindex; |