Use flowtables to accelerate forwarding

This accelerates IP forwarding and NAT using flowtables.
QubesOS · Apr 9, 2023 · 71d2fb8 · 71d2fb8
1 parent 562bc80
commit 71d2fb8
Showing 1 changed file with 25 additions and 0 deletions.
diff --git a/network/vif-route-qubes b/network/vif-route-qubes
@@ -116,6 +116,31 @@ case "$command" in
         nftables_cmd=add
         cmdprefix=''
         ipv6_disabled=$(cat "/proc/sys/net/ipv6/conf/$vif/disable_ipv6" || echo 1)
+        interfaces=''
+        separator=''
+
+        for i in /proc/sys/net/ipv4/conf/*; do
+            i=${i:24}
+            case $i in (all|default|*[!A-Za-z0-9._]*) continue;; esac
+            interfaces+="$separator$i"
+            separator=', '
+        done
+        if [[ -n "$separator" ]]; then
+            nft "
+add table inet qubes-nat-accel
+delete table inet qubes-nat-accel
+table inet qubes-nat-accel {
+   flowtable qubes-accel {
+      hook ingress priority filter
+      devices = { $interfaces }
+   }
+   chain qubes-accel {
+      type filter hook forward priority filter; policy accept;
+      flow add @qubes-accel
+      counter
+   }
+}"
+        fi
         ;;
     offline)
         do_without_error ifdown "${vif}"