diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2022-06-06 17:31:29 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2022-06-06 19:19:15 +0200 |
| commit | 3a41c64d9c1185a2f3a184015e2a9b78bfc99c71 (patch) | |
| tree | d7359ab63c6ffb3ae05ea7552f688bf642fbd5d2 /net/core | |
| parent | netfilter: nf_tables: memleak flow rule from commit path (diff) | |
| download | linux-3a41c64d9c1185a2f3a184015e2a9b78bfc99c71.tar.xz linux-3a41c64d9c1185a2f3a184015e2a9b78bfc99c71.zip | |
netfilter: nf_tables: bail out early if hardware offload is not supported
If user requests for NFT_CHAIN_HW_OFFLOAD, then check if either device
provides the .ndo_setup_tc interface or there is an indirect flow block
that has been registered. Otherwise, bail out early from the preparation
phase. Moreover, validate that family == NFPROTO_NETDEV and hook is
NF_NETDEV_INGRESS.
Fixes: c9626a2cbdb2 ("netfilter: nf_tables: add hardware offload support")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/core')
| -rw-r--r-- | net/core/flow_offload.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/net/core/flow_offload.c b/net/core/flow_offload.c index 73f68d4625f3..929f6379a279 100644 --- a/net/core/flow_offload.c +++ b/net/core/flow_offload.c @@ -595,3 +595,9 @@ int flow_indr_dev_setup_offload(struct net_device *dev, struct Qdisc *sch, return (bo && list_empty(&bo->cb_list)) ? -EOPNOTSUPP : count; } EXPORT_SYMBOL(flow_indr_dev_setup_offload); + +bool flow_indr_dev_exists(void) +{ + return !list_empty(&flow_block_indr_dev_list); +} +EXPORT_SYMBOL(flow_indr_dev_exists); |