diff options
| author | Pablo Neira Ayuso | 2019-08-16 03:24:10 +0200 |
|---|---|---|
| committer | David S. Miller | 2019-08-18 23:13:23 +0200 |
| commit | 3bc158f8d0330f0ac58597c023acca2234c14616 (patch) | |
| tree | 717dbcde06dcd1d5e1f672e3235a190037315c70 /net/netfilter/nf_tables_api.c | |
| parent | net: sched: use major priority number as hardware priority (diff) | |
| download | kernel-qcow2-linux-3bc158f8d0330f0ac58597c023acca2234c14616.tar.gz kernel-qcow2-linux-3bc158f8d0330f0ac58597c023acca2234c14616.tar.xz kernel-qcow2-linux-3bc158f8d0330f0ac58597c023acca2234c14616.zip | |
netfilter: nf_tables: map basechain priority to hardware priority
This patch adds initial support for offloading basechains using the
priority range from 1 to 65535. This is restricting the netfilter
priority range to 16-bit integer since this is what most drivers assume
so far from tc. It should be possible to extend this range of supported
priorities later on once drivers are updated to support for 32-bit
integer priorities.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/netfilter/nf_tables_api.c')
| -rw-r--r-- | net/netfilter/nf_tables_api.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index 88abbddf8967..d47469f824a1 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -1667,6 +1667,10 @@ static int nf_tables_addchain(struct nft_ctx *ctx, u8 family, u8 genmask, chain->flags |= NFT_BASE_CHAIN | flags; basechain->policy = NF_ACCEPT; + if (chain->flags & NFT_CHAIN_HW_OFFLOAD && + nft_chain_offload_priority(basechain) < 0) + return -EOPNOTSUPP; + flow_block_init(&basechain->flow_block); } else { chain = kzalloc(sizeof(*chain), GFP_KERNEL); |