netfilter: nf_tables: flow offload expression - linux-dev - Linux kernel development work

diff options

author	Pablo Neira Ayuso <pablo@netfilter.org>	2018-01-07 01:04:26 +0100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2018-01-08 18:11:10 +0100
commit	a3c90f7a2323b331ae816d5b0633e68148e25d04 (patch)
tree	f1627d07f5edde779b90b40249c4cc6d04b17906 /net/netfilter/nf_conncount.c
parent	netfilter: flow table support for the mixed IPv4/IPv6 family (diff)
download	linux-dev-a3c90f7a2323b331ae816d5b0633e68148e25d04.tar.xz linux-dev-a3c90f7a2323b331ae816d5b0633e68148e25d04.zip

netfilter: nf_tables: flow offload expression

Add new instruction for the nf_tables VM that allows us to specify what flows are offloaded into a given flow table via name. This new instruction creates the flow entry and adds it to the flow table. Only established flows, ie. we have seen traffic in both directions, are added to the flow table. You can still decide to offload entries at a later stage via packet counting or checking the ct status in case you want to offload assured conntracks. This new extension depends on the conntrack subsystem. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

Diffstat (limited to 'net/netfilter/nf_conncount.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: