As discussed during NFWS 2018. Old syntax is stilled allowed.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
The ttl and hoplimit fields are also decremented. Hence, flowtables provides an
alternative path that allow packets to bypass the classic forwarding path.
Flowtables reside in the ingress hook that is located before the prerouting
-hook. You can select which flows you want to offload through the flow offload
+hook. You can select which flows you want to offload through the flow
expression from the forward chain. Flowtables are identified by their address
family and their name. The address family must be one of ip, ip6, or inet. The inet
address family is a dummy family which is used to create hybrid IPv4/IPv6
}
-------------------------------------
-FLOW OFFLOAD STATEMENT
-~~~~~~~~~~~~~~~~~~~~~~
-A flow offload statement allows us to select what flows you want to accelerate
+FLOW STATEMENT
+~~~~~~~~~~~~~~
+A flow statement allows us to select what flows you want to accelerate
forwarding through layer 3 network stack bypass. You have to specify the
flowtable name where you want to offload this flow.
-*flow offload* @flowtable
+*flow add* @flowtable
QUEUE STATEMENT
~~~~~~~~~~~~~~~
static void flow_offload_stmt_print(const struct stmt *stmt,
struct output_ctx *octx)
{
- printf("flow offload @%s", stmt->flow.table_name);
+ printf("flow add @%s", stmt->flow.table_name);
}
static const struct stmt_ops flow_offload_stmt_ops = {
{
$$ = flow_offload_stmt_alloc(&@$, $4);
}
+ | FLOW ADD AT string
+ {
+ $$ = flow_offload_stmt_alloc(&@$, $4);
+ }
;
socket_expr : SOCKET socket_key
}
chain c {
- flow offload @f
+ flow add @f
}
}'
$NFT add table x
$NFT add chain x x
$NFT add flowtable x y { hook ingress priority 0\; devices = { lo }\;}
-$NFT add rule x x flow offload @y
+$NFT add rule x x flow add @y
$NFT delete flowtable x y || exit 0
echo "E: delete flowtable in use"
}
chain c {
- flow offload @f
+ flow add @f
}
}
projects / thirdparty / nftables.git / commitdiff
