@@ -1128,6 +1128,7 @@ struct nft_object_type {
* @destroy: release existing stateful object
* @dump: netlink dump stateful object
* @update: update stateful object
+ * @update: offload stateful object
*/
struct nft_object_ops {
void (*eval)(struct nft_object *obj,
@@ -1144,6 +1145,9 @@ struct nft_object_ops {
bool reset);
void (*update)(struct nft_object *obj,
struct nft_object *newobj);
+ int (*offload)(struct nft_offload_ctx *ctx,
+ struct nft_flow_rule *flow,
+ struct nft_object *obj);
const struct nft_object_type *type;
};
@@ -10,6 +10,7 @@
#include <linux/netfilter.h>
#include <linux/netfilter/nf_tables.h>
#include <net/netfilter/nf_tables.h>
+#include <net/netfilter/nf_tables_offload.h>
#define nft_objref_priv(expr) *((struct nft_object **)nft_expr_priv(expr))
@@ -82,6 +83,18 @@ static void nft_objref_activate(const struct nft_ctx *ctx,
obj->use++;
}
+static int nft_objref_offload(struct nft_offload_ctx *ctx,
+ struct nft_flow_rule *flow,
+ const struct nft_expr *expr)
+{
+ struct nft_object *obj = nft_objref_priv(expr);
+
+ if (obj->ops->offload)
+ return obj->ops->offload(ctx, flow, obj);
+ else
+ return -EOPNOTSUPP;
+}
+
static struct nft_expr_type nft_objref_type;
static const struct nft_expr_ops nft_objref_ops = {
.type = &nft_objref_type,
@@ -91,6 +104,7 @@ static void nft_objref_activate(const struct nft_ctx *ctx,
.activate = nft_objref_activate,
.deactivate = nft_objref_deactivate,
.dump = nft_objref_dump,
+ .offload = nft_objref_offload,
};
struct nft_objref_map {