git.baikalelectronics.ru Git - kernel.git/commit

author	Pablo Neira Ayuso <pablo@netfilter.org>
	Sun, 7 Jan 2018 00:04:26 +0000 (01:04 +0100)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Mon, 8 Jan 2018 17:11:10 +0000 (18:11 +0100)
commit	4aeef263a54b3ff6369ae6d1df6e1c28b1e93636
tree	f1627d07f5edde779b90b40249c4cc6d04b17906	tree \| snapshot
parent	13f8b61773552fca681464b99f6b473f419c326b	commit \| diff

netfilter: nf_tables: flow offload expression

Add new instruction for the nf_tables VM that allows us to specify what
flows are offloaded into a given flow table via name. This new
instruction creates the flow entry and adds it to the flow table.

Only established flows, ie. we have seen traffic in both directions, are
added to the flow table. You can still decide to offload entries at a
later stage via packet counting or checking the ct status in case you
want to offload assured conntracks.

This new extension depends on the conntrack subsystem.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

include/uapi/linux/netfilter/nf_tables.h		diff \| blob \| history
net/netfilter/Kconfig		diff \| blob \| history
net/netfilter/Makefile		diff \| blob \| history
net/netfilter/nft_flow_offload.c	[new file with mode: 0644]	blob