netfilter: nft_{fwd,dup}_netdev: add offload support

This patch adds support for packet mirroring and redirection. The nft_fwd_dup_netdev_offload() function configures the flow_action object for the fwd and the dup actions. Extend nft_flow_rule_destroy() to release the net_device object when the flow_rule object is released, since nft_fwd_dup_netdev_offload() bumps the net_device reference counter. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Acked-by: wenxu <wenxu@ucloud.cn>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2019-09-08 19:32:05 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2019-09-10 22:44:29 +0200
commit: be2861dc36d77ff3778979b9c3c79ada4affa131 (patch)
tree: abc52830f01ce72c2a9c848e5b047a4cbe5849d2 /net/netfilter/nf_tables_api.c
parent: netfilter: nft_synproxy: add synproxy stateful object support (diff)
download: linux-dev-be2861dc36d77ff3778979b9c3c79ada4affa131.tar.xz
linux-dev-be2861dc36d77ff3778979b9c3c79ada4affa131.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index efd0c97cc2a3..c6f59ef96017 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -2853,7 +2853,7 @@ static int nf_tables_newrule(struct net *net, struct sock *nlsk,
 		return nft_table_validate(net, table);
 
 	if (chain->flags & NFT_CHAIN_HW_OFFLOAD) {
-		flow = nft_flow_rule_create(rule);
+		flow = nft_flow_rule_create(net, rule);
 		if (IS_ERR(flow))
 			return PTR_ERR(flow);
author	Pablo Neira Ayuso <pablo@netfilter.org>	2019-09-08 19:32:05 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2019-09-10 22:44:29 +0200
commit	be2861dc36d77ff3778979b9c3c79ada4affa131 (patch)
tree	abc52830f01ce72c2a9c848e5b047a4cbe5849d2 /net/netfilter/nf_tables_api.c
parent	netfilter: nft_synproxy: add synproxy stateful object support (diff)
download	linux-dev-be2861dc36d77ff3778979b9c3c79ada4affa131.tar.xz linux-dev-be2861dc36d77ff3778979b9c3c79ada4affa131.zip