@@ -6,6 +6,9 @@
#include <net/flow_dissector.h>
#include <linux/rhashtable.h>
+struct flow_rule;
+void flow_rule_print(const struct flow_rule *flow_rule);
+
struct flow_match {
struct flow_dissector *dissector;
void *mask;
@@ -5,6 +5,91 @@
#include <linux/rtnetlink.h>
#include <linux/mutex.h>
+void flow_rule_print(const struct flow_rule *flow_rule)
+{
+ const struct flow_action_entry *act;
+ int i;
+
+ pr_info("match : ");
+ if (flow_rule_match_key(flow_rule, FLOW_DISSECTOR_KEY_BASIC)) {
+ struct flow_match_basic match;
+
+ flow_rule_match_basic(flow_rule, &match);
+ pr_info("l3num %hu/%x protocol %u/%x ",
+ match.key->n_proto, match.mask->n_proto,
+ match.key->ip_proto, match.mask->ip_proto);
+ }
+
+ if (flow_rule_match_key(flow_rule, FLOW_DISSECTOR_KEY_IPV4_ADDRS)) {
+ struct flow_match_ipv4_addrs match;
+
+ flow_rule_match_ipv4_addrs(flow_rule, &match);
+ pr_info("src=%pI4/%pI4 dst=%pI4/%pI4 ",
+ &match.key->src, &match.mask->src,
+ &match.key->dst, &match.mask->dst);
+ }
+
+ if (flow_rule_match_key(flow_rule, FLOW_DISSECTOR_KEY_PORTS)) {
+ struct flow_match_ports match;
+
+ flow_rule_match_ports(flow_rule, &match);
+ pr_info("sport %hu/%x dport %hu/%x ",
+ match.key->src, match.mask->src,
+ match.key->dst, match.mask->dst);
+ }
+
+ pr_info("actions(%d): ", flow_rule->action.num_entries);
+ flow_action_for_each(i, act, &flow_rule->action) {
+ switch (act->id) {
+ case FLOW_ACTION_DROP:
+ pr_info("drop");
+ break;
+ case FLOW_ACTION_ACCEPT:
+ pr_info("accept");
+ break;
+ case FLOW_ACTION_MANGLE:
+ pr_info("mangle htype=%u offset=%u len=%u ",
+ act->mangle.htype, act->mangle.offset,
+ act->mangle.len);
+ {
+ int k;
+
+ pr_info("val=");
+ for (k = 0; k < act->mangle.len; k++)
+ pr_info("%.2x ", act->mangle.val[k]);
+
+ pr_info(" mask=");
+ for (k = 0; k < act->mangle.len; k++)
+ pr_info("%.2x ", act->mangle.mask[k]);
+
+ pr_info("\n");
+ }
+ break;
+ case FLOW_ACTION_REDIRECT:
+ pr_info("redirect\n");
+ break;
+ case FLOW_ACTION_MIRRED:
+ pr_info("mirred\n");
+ break;
+ case FLOW_ACTION_CSUM:
+ pr_info("checksum\n");
+ break;
+ case FLOW_ACTION_TUNNEL_ENCAP:
+ pr_info("tunnel encap\n");
+ break;
+ case FLOW_ACTION_TUNNEL_DECAP:
+ pr_info("tunnel decap\n");
+ break;
+ default:
+ pr_info("unknown!!!!");
+ break;
+ }
+ }
+
+ pr_info("\n");
+}
+EXPORT_SYMBOL_GPL(flow_rule_print);
+
struct flow_rule *flow_rule_alloc(unsigned int num_actions)
{
struct flow_rule *rule;
@@ -177,8 +177,12 @@ static int nft_flow_offload_rule(struct nft_chain *chain,
basechain->ops.priority, &extack);
cls_flow.command = command;
cls_flow.cookie = (unsigned long) rule;
- if (flow)
+ if (flow) {
cls_flow.rule = flow->rule;
+ pr_info("---- nft hw offload ----\n");
+ flow_rule_print(cls_flow.rule);
+ pr_info("--------\n");
+ }
return nft_setup_cb_call(basechain, TC_SETUP_CLSFLOWER, &cls_flow);
}
@@ -453,6 +453,10 @@ static int fl_hw_replace_filter(struct tcf_proto *tp,
return 0;
}
+ pr_info("---- hw offload ----\n");
+ flow_rule_print(cls_flower.rule);
+ pr_info("--------\n");
+
err = tc_setup_cb_add(block, tp, TC_SETUP_CLSFLOWER, &cls_flower,
skip_sw, &f->flags, &f->in_hw_count, rtnl_held);
tc_cleanup_flow_action(&cls_flower.rule->action);
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> --- include/net/flow_offload.h | 3 ++ net/core/flow_offload.c | 85 +++++++++++++++++++++++++++++++++++++++ net/netfilter/nf_tables_offload.c | 6 ++- net/sched/cls_flower.c | 4 ++ 4 files changed, 97 insertions(+), 1 deletion(-)