netfilter: flowtable: consolidate xmit path

Use dev_queue_xmit() for the XMIT_NEIGH case. Store the interface index of the real device behind the vlan/pppoe device, this introduces an extra lookup for the real device in the xmit path because rt->dst.dev provides the vlan/pppoe device. XMIT_NEIGH now looks more similar to XMIT_DIRECT but the check for stale dst and the neighbour lookup still remain in place which is convenient to deal with network topology changes. Note that nft_flow_route() needs to relax the check for _XMIT_NEIGH so the existing basic xfrm offload (which only works in one direction) does not break. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2025-10-10 12:32:35 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2025-11-27 23:59:56 +0000
commit: b5964aac51e0c286a50e68225e0dfcf11fb554cb (patch)
tree: 3df4ec836bd6fe4260c880ebf26b8e3c8e51aa3b /include/net/netfilter
parent: 93d7a7ed07342f5e3da2d250cfd67f899d0b5318 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/include/net/netfilter/nf_flow_table.h b/include/net/netfilter/nf_flow_table.h
index e9f72d2558e9..7c330caae52b 100644
--- a/include/net/netfilter/nf_flow_table.h
+++ b/include/net/netfilter/nf_flow_table.h
@@ -141,6 +141,7 @@ struct flow_offload_tuple {
 	union {
 		struct {
 			struct dst_entry *dst_cache;
+			u32		ifidx;
 			u32		dst_cookie;
 		};
 		struct {
author	Pablo Neira Ayuso <pablo@netfilter.org>	2025-10-10 12:32:35 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2025-11-27 23:59:56 +0000
commit	b5964aac51e0c286a50e68225e0dfcf11fb554cb (patch)
tree	3df4ec836bd6fe4260c880ebf26b8e3c8e51aa3b /include/net/netfilter
parent	93d7a7ed07342f5e3da2d250cfd67f899d0b5318 (diff)