diff options
Diffstat (limited to 'package/network/utils/nftables/patches/205-doc-nft-document-flowtable.patch')
| -rw-r--r-- | package/network/utils/nftables/patches/205-doc-nft-document-flowtable.patch | 128 |
1 files changed, 0 insertions, 128 deletions
diff --git a/package/network/utils/nftables/patches/205-doc-nft-document-flowtable.patch b/package/network/utils/nftables/patches/205-doc-nft-document-flowtable.patch deleted file mode 100644 index dd6faa5740..0000000000 --- a/package/network/utils/nftables/patches/205-doc-nft-document-flowtable.patch +++ /dev/null @@ -1,128 +0,0 @@ -From: Pablo Neira Ayuso <pablo@netfilter.org> -Date: Tue, 23 Jan 2018 12:58:30 +0100 -Subject: [PATCH] doc: nft: document flowtable - -Document the new flowtable objects available since Linux kernel 4.16-rc. - -Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ---- - ---- a/doc/nft.xml -+++ b/doc/nft.xml -@@ -1166,6 +1166,91 @@ filter input iif $int_ifs accept - </refsect1> - - <refsect1> -+ <title>Flowtables</title> -+ <para> -+ <cmdsynopsis> -+ <group choice="req"> -+ <arg>add</arg> -+ <arg>create</arg> -+ </group> -+ <command>flowtable</command> -+ <arg choice="opt"><replaceable>family</replaceable></arg> -+ <arg choice="plain"><replaceable>table</replaceable></arg> -+ <arg choice="plain"><replaceable>flowtable</replaceable></arg> -+ <arg choice="req"> -+ hook <replaceable>hook</replaceable> -+ priority <replaceable>priority</replaceable> ; -+ devices = { <replaceable>device</replaceable>[,...] } ; -+ </arg> -+ </cmdsynopsis> -+ <cmdsynopsis> -+ <group choice="req"> -+ <arg>delete</arg> -+ <arg>list</arg> -+ </group> -+ <command>flowtable</command> -+ <arg choice="opt"><replaceable>family</replaceable></arg> -+ <replaceable>table</replaceable> -+ <replaceable>flowtable</replaceable> -+ </cmdsynopsis> -+ </para> -+ -+ <para> -+ Flowtables allow you to accelerate packet forwarding in software. -+ Flowtables entries are represented through a tuple that is composed of the -+ input interface, source and destination address, source and destination -+ port; and layer 3/4 protocols. Each entry also caches the destination -+ interface and the gateway address - to update the destination link-layer -+ address - to forward packets. The ttl and hoplimit fields are also -+ decremented. Hence, flowtables provides an alternative path that allow -+ packets to bypass the classic forwarding path. Flowtables reside in the -+ ingress hook, that is located before the prerouting hook. You can select -+ what flows you want to offload through the <literal>flow offload</literal> -+ expression from the <literal>forward</literal> chain. Flowtables are -+ identified by their address family and their name. The address family -+ must be one of -+ -+ <simplelist type="inline"> -+ <member><literal>ip</literal></member> -+ <member><literal>ip6</literal></member> -+ <member><literal>inet</literal></member> -+ </simplelist>. -+ -+ The <literal>inet</literal> address family is a dummy family which is used to create -+ hybrid IPv4/IPv6 tables. -+ -+ When no address family is specified, <literal>ip</literal> is used by default. -+ </para> -+ -+ <variablelist> -+ <varlistentry> -+ <term><option>add</option></term> -+ <listitem> -+ <para> -+ Add a new flowtable for the given family with the given name. -+ </para> -+ </listitem> -+ </varlistentry> -+ <varlistentry> -+ <term><option>delete</option></term> -+ <listitem> -+ <para> -+ Delete the specified flowtable. -+ </para> -+ </listitem> -+ </varlistentry> -+ <varlistentry> -+ <term><option>list</option></term> -+ <listitem> -+ <para> -+ List all flowtables. -+ </para> -+ </listitem> -+ </varlistentry> -+ </variablelist> -+ </refsect1> -+ -+ <refsect1> - <title>Stateful objects</title> - <para> - <cmdsynopsis> -@@ -4923,6 +5008,24 @@ add rule nat prerouting tcp dport 22 red - </example> - </para> - </refsect2> -+ -+ <refsect2> -+ <title>Flow offload statement</title> -+ <para> -+ A flow offload statement allows us to select what flows -+ you want to accelerate forwarding through layer 3 network -+ stack bypass. You have to specify the flowtable name where -+ you want to offload this flow. -+ </para> -+ <para> -+ <cmdsynopsis> -+ <command>flow offload</command> -+ <literal>@flowtable</literal> -+ </cmdsynopsis> -+ </para> -+ -+ </refsect2> -+ - <refsect2> - <title>Queue statement</title> - <para> |