OpenWrt – Blame information for rev 4
?pathlinks?
| Rev | Author | Line No. | Line |
|---|---|---|---|
| 4 | office | 1 | From: Pablo Neira Ayuso <pablo@netfilter.org> |
| 2 | Date: Tue, 23 Jan 2018 12:58:30 +0100 |
||
| 3 | Subject: [PATCH] doc: nft: document flowtable |
||
| 4 | |||
| 5 | Document the new flowtable objects available since Linux kernel 4.16-rc. |
||
| 6 | |||
| 7 | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> |
||
| 8 | --- |
||
| 9 | |||
| 10 | --- a/doc/nft.xml |
||
| 11 | +++ b/doc/nft.xml |
||
| 12 | @@ -1166,6 +1166,91 @@ filter input iif $int_ifs accept |
||
| 13 | </refsect1> |
||
| 14 | |||
| 15 | <refsect1> |
||
| 16 | + <title>Flowtables</title> |
||
| 17 | + <para> |
||
| 18 | + <cmdsynopsis> |
||
| 19 | + <group choice="req"> |
||
| 20 | + <arg>add</arg> |
||
| 21 | + <arg>create</arg> |
||
| 22 | + </group> |
||
| 23 | + <command>flowtable</command> |
||
| 24 | + <arg choice="opt"><replaceable>family</replaceable></arg> |
||
| 25 | + <arg choice="plain"><replaceable>table</replaceable></arg> |
||
| 26 | + <arg choice="plain"><replaceable>flowtable</replaceable></arg> |
||
| 27 | + <arg choice="req"> |
||
| 28 | + hook <replaceable>hook</replaceable> |
||
| 29 | + priority <replaceable>priority</replaceable> ; |
||
| 30 | + devices = { <replaceable>device</replaceable>[,...] } ; |
||
| 31 | + </arg> |
||
| 32 | + </cmdsynopsis> |
||
| 33 | + <cmdsynopsis> |
||
| 34 | + <group choice="req"> |
||
| 35 | + <arg>delete</arg> |
||
| 36 | + <arg>list</arg> |
||
| 37 | + </group> |
||
| 38 | + <command>flowtable</command> |
||
| 39 | + <arg choice="opt"><replaceable>family</replaceable></arg> |
||
| 40 | + <replaceable>table</replaceable> |
||
| 41 | + <replaceable>flowtable</replaceable> |
||
| 42 | + </cmdsynopsis> |
||
| 43 | + </para> |
||
| 44 | + |
||
| 45 | + <para> |
||
| 46 | + Flowtables allow you to accelerate packet forwarding in software. |
||
| 47 | + Flowtables entries are represented through a tuple that is composed of the |
||
| 48 | + input interface, source and destination address, source and destination |
||
| 49 | + port; and layer 3/4 protocols. Each entry also caches the destination |
||
| 50 | + interface and the gateway address - to update the destination link-layer |
||
| 51 | + address - to forward packets. The ttl and hoplimit fields are also |
||
| 52 | + decremented. Hence, flowtables provides an alternative path that allow |
||
| 53 | + packets to bypass the classic forwarding path. Flowtables reside in the |
||
| 54 | + ingress hook, that is located before the prerouting hook. You can select |
||
| 55 | + what flows you want to offload through the <literal>flow offload</literal> |
||
| 56 | + expression from the <literal>forward</literal> chain. Flowtables are |
||
| 57 | + identified by their address family and their name. The address family |
||
| 58 | + must be one of |
||
| 59 | + |
||
| 60 | + <simplelist type="inline"> |
||
| 61 | + <member><literal>ip</literal></member> |
||
| 62 | + <member><literal>ip6</literal></member> |
||
| 63 | + <member><literal>inet</literal></member> |
||
| 64 | + </simplelist>. |
||
| 65 | + |
||
| 66 | + The <literal>inet</literal> address family is a dummy family which is used to create |
||
| 67 | + hybrid IPv4/IPv6 tables. |
||
| 68 | + |
||
| 69 | + When no address family is specified, <literal>ip</literal> is used by default. |
||
| 70 | + </para> |
||
| 71 | + |
||
| 72 | + <variablelist> |
||
| 73 | + <varlistentry> |
||
| 74 | + <term><option>add</option></term> |
||
| 75 | + <listitem> |
||
| 76 | + <para> |
||
| 77 | + Add a new flowtable for the given family with the given name. |
||
| 78 | + </para> |
||
| 79 | + </listitem> |
||
| 80 | + </varlistentry> |
||
| 81 | + <varlistentry> |
||
| 82 | + <term><option>delete</option></term> |
||
| 83 | + <listitem> |
||
| 84 | + <para> |
||
| 85 | + Delete the specified flowtable. |
||
| 86 | + </para> |
||
| 87 | + </listitem> |
||
| 88 | + </varlistentry> |
||
| 89 | + <varlistentry> |
||
| 90 | + <term><option>list</option></term> |
||
| 91 | + <listitem> |
||
| 92 | + <para> |
||
| 93 | + List all flowtables. |
||
| 94 | + </para> |
||
| 95 | + </listitem> |
||
| 96 | + </varlistentry> |
||
| 97 | + </variablelist> |
||
| 98 | + </refsect1> |
||
| 99 | + |
||
| 100 | + <refsect1> |
||
| 101 | <title>Stateful objects</title> |
||
| 102 | <para> |
||
| 103 | <cmdsynopsis> |
||
| 104 | @@ -4923,6 +5008,24 @@ add rule nat prerouting tcp dport 22 red |
||
| 105 | </example> |
||
| 106 | </para> |
||
| 107 | </refsect2> |
||
| 108 | + |
||
| 109 | + <refsect2> |
||
| 110 | + <title>Flow offload statement</title> |
||
| 111 | + <para> |
||
| 112 | + A flow offload statement allows us to select what flows |
||
| 113 | + you want to accelerate forwarding through layer 3 network |
||
| 114 | + stack bypass. You have to specify the flowtable name where |
||
| 115 | + you want to offload this flow. |
||
| 116 | + </para> |
||
| 117 | + <para> |
||
| 118 | + <cmdsynopsis> |
||
| 119 | + <command>flow offload</command> |
||
| 120 | + <literal>@flowtable</literal> |
||
| 121 | + </cmdsynopsis> |
||
| 122 | + </para> |
||
| 123 | + |
||
| 124 | + </refsect2> |
||
| 125 | + |
||
| 126 | <refsect2> |
||
| 127 | <title>Queue statement</title> |
||
| 128 | <para> |