|
|
Log in / Subscribe / Register

Add IP6IP6 flowtable SW acceleration

From:  Lorenzo Bianconi <lorenzo-AT-kernel.org>
To:  Pablo Neira Ayuso <pablo-AT-netfilter.org>, Jozsef Kadlecsik <kadlec-AT-netfilter.org>, Florian Westphal <fw-AT-strlen.de>, Phil Sutter <phil-AT-nwl.cc>, "David S. Miller" <davem-AT-davemloft.net>, Eric Dumazet <edumazet-AT-google.com>, Jakub Kicinski <kuba-AT-kernel.org>, Paolo Abeni <pabeni-AT-redhat.com>, Simon Horman <horms-AT-kernel.org>, David Ahern <dsahern-AT-kernel.org>, Shuah Khan <shuah-AT-kernel.org>
Subject:  [PATCH nf-next v4 0/5] Add IP6IP6 flowtable SW acceleration
Date:  Thu, 22 Jan 2026 18:46:12 +0100
Message-ID:  <20260122-b4-flowtable-offload-ip6ip6-v4-0-ea3dd826c23b@kernel.org>
Cc:  netfilter-devel-AT-vger.kernel.org, coreteam-AT-netfilter.org, netdev-AT-vger.kernel.org, linux-kselftest-AT-vger.kernel.org, Lorenzo Bianconi <lorenzo-AT-kernel.org>
Archive-link:  Article

Introduce SW acceleration for IP6IP6 tunnels in the netfilter flowtable
infrastructure.

---
Changes in v4:
- Take into account encap limit option during tunnel MTU calculation
- Take into account ctx->offset to get next-header type in
  nf_flow_ip6_tunnel_proto()
- Link to v3: https://lore.kernel.org/r/20260116-b4-flowtable-offload-i...

Changes in v3:
- Split patch 1/4 in two separated patches 1/4 and 2/4 and improve
  commit logs
- Add more comments in the code
- Rely on skb_header_pointer in patch 2/4
- Link to v2: https://lore.kernel.org/r/20251209-b4-flowtable-offload-i...

Changes in v2:
- Fix compilation when CONFIG_IPV6 is disabled
- Rely on ipv6_skip_exthdr() in nf_flow_ip6_tunnel_proto() to avoid
  use-after-free issues
- Drop patch 2/5 from v1
- Link to v1: https://lore.kernel.org/r/20251207-b4-flowtable-offload-i...

---
Lorenzo Bianconi (5):
      netfilter: Add ctx pointer in nf_flow_skb_encap_protocol/nf_flow_ip4_tunnel_proto signature
      netfilter: Introduce tunnel metadata info in nf_flowtable_ctx struct
      netfilter: flowtable: Add IP6IP6 rx sw acceleration
      netfilter: flowtable: Add IP6IP6 tx sw acceleration
      selftests: netfilter: nft_flowtable.sh: Add IP6IP6 flowtable selftest

 net/ipv6/ip6_tunnel.c                              |  27 +++
 net/netfilter/nf_flow_table_ip.c                   | 243 ++++++++++++++++++---
 .../selftests/net/netfilter/nft_flowtable.sh       |  62 +++++-
 3 files changed, 287 insertions(+), 45 deletions(-)
---
base-commit: f8156ef0fd8232055396ebf1e044fa06fb8bc388
change-id: 20251207-b4-flowtable-offload-ip6ip6-8e9a2c6f3a77

Best regards,
-- 
Lorenzo Bianconi <lorenzo@kernel.org>

Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds