diff options
| author | Felix Fietkau <nbd@nbd.name> | 2018-02-20 15:58:42 +0100 |
|---|---|---|
| committer | Felix Fietkau <nbd@nbd.name> | 2018-02-21 20:12:42 +0100 |
| commit | 820f03099894bd48638fb5be326b5c551f0f2b98 (patch) | |
| tree | 22522d219f3d5b9ae2574b10e8dad8a2bb381e1c /include/netfilter.mk | |
| parent | 103335644265d96c656a7de3d5994fbd11246300 (diff) | |
| download | openwrt-820f03099894bd48638fb5be326b5c551f0f2b98.tar.gz openwrt-820f03099894bd48638fb5be326b5c551f0f2b98.tar.bz2 openwrt-820f03099894bd48638fb5be326b5c551f0f2b98.zip | |
netfilter: add a xt_FLOWOFFLOAD target for NAT/routing offload support
This makes it possible to add an iptables rule that offloads routing/NAT
packet processing to a software fast path. This fast path is much
quicker than running packets through the regular tables/chains.
Requires Linux 4.14
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Diffstat (limited to 'include/netfilter.mk')
| -rw-r--r-- | include/netfilter.mk | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/include/netfilter.mk b/include/netfilter.mk index bad599b378..c4e43a84a1 100644 --- a/include/netfilter.mk +++ b/include/netfilter.mk @@ -143,6 +143,8 @@ $(eval $(call nf_add,IPT_IPSEC,CONFIG_IP_NF_MATCH_AH, $(P_V4)ipt_ah)) $(eval $(call nf_add,IPT_IPSEC,CONFIG_NETFILTER_XT_MATCH_ESP, $(P_XT)xt_esp)) $(eval $(call nf_add,IPT_IPSEC,CONFIG_NETFILTER_XT_MATCH_POLICY, $(P_XT)xt_policy)) +# flow offload support +$(eval $(call nf_add,IPT_FLOW,CONFIG_NETFILTER_XT_TARGET_FLOWOFFLOAD, $(P_XT)xt_FLOWOFFLOAD)) # IPv6 @@ -370,6 +372,7 @@ IPT_BUILTIN += $(IPT_CONNTRACK-y) IPT_BUILTIN += $(IPT_CONNTRACK_EXTRA-y) IPT_BUILTIN += $(IPT_EXTRA-y) IPT_BUILTIN += $(IPT_FILTER-y) +IPT_BUILTIN += $(IPT_FLOW-y) $(IPT_FLOW-m) IPT_BUILTIN += $(IPT_IPOPT-y) IPT_BUILTIN += $(IPT_IPRANGE-y) IPT_BUILTIN += $(IPT_CLUSTER-y) |