summaryrefslogtreecommitdiffstats
path: root/net/netfilter/nf_flow_table.c
Commit message (Collapse)AuthorAgeFilesLines
* netfilter: nf_flow_table: rename nf_flow_table.c to nf_flow_table_core.cFelix Fietkau2018-04-211-432/+0
| | | | | | | Preparation for adding more code to the same module Signed-off-by: Felix Fietkau <nbd@nbd.name> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* netfilter: nf_flow_table: cache mtu in struct flow_offload_tupleFelix Fietkau2018-04-211-2/+6
| | | | | | | | | Reduces the number of cache lines touched in the offload forwarding path. This is safe because PMTU limits are bypassed for the forwarding path (see commit f87c10a8aa1e for more details). Signed-off-by: Felix Fietkau <nbd@nbd.name> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* netfilter: nf_flow_table: clean up flow_offload_allocFelix Fietkau2018-04-191-59/+34
| | | | | | | Reduce code duplication and make it much easier to read Signed-off-by: Felix Fietkau <nbd@nbd.name> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* netfilter: nf_flow_offload: fix use-after-free and a resource leakFelix Fietkau2018-02-071-20/+7
| | | | | | | | | | | | | | | flow_offload_del frees the flow, so all associated resource must be freed before. Since the ct entry in struct flow_offload_entry was allocated by flow_offload_alloc, it should be freed by flow_offload_free to take care of the error handling path when flow_offload_add fails. While at it, make flow_offload_del static, since it should never be called directly, only from the gc step Signed-off-by: Felix Fietkau <nbd@nbd.name> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* netfilter: nf_tables: fix flowtable freePablo Neira Ayuso2018-02-071-6/+19
| | | | | | | | | | | | | | Every flow_offload entry is added into the table twice. Because of this, rhashtable_free_and_destroy can't be used, since it would call kfree for each flow_offload object twice. This patch cleans up the flowtable via nf_flow_table_iterate() to schedule removal of entries by setting on the dying bit, then there is an explicitly invocation of the garbage collector to release resources. Based on patch from Felix Fietkau. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* netfilter: nft_flow_offload: move flowtable cleanup routines to nf_flow_tablePablo Neira Ayuso2018-02-071-0/+24
| | | | | | | Move the flowtable cleanup routines to nf_flow_table and expose the nf_flow_table_cleanup() helper function. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* netfilter: add generic flow table infrastructurePablo Neira Ayuso2018-01-081-0/+429
This patch defines the API to interact with flow tables, this allows to add, delete and lookup for entries in the flow table. This also adds the generic garbage code that removes entries that have expired, ie. no traffic has been seen for a while. Users of the flow table infrastructure can delete entries via flow_offload_dead(), which sets the dying bit, this signals the garbage collector to release an entry from user context. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-14 15:55:50 +0000