• Pablo Neira Ayuso's avatar
    netfilter: nf_tables: flow offload expression · a3c90f7a
    Pablo Neira Ayuso authored
    Add new instruction for the nf_tables VM that allows us to specify what
    flows are offloaded into a given flow table via name. This new
    instruction creates the flow entry and adds it to the flow table.
    
    Only established flows, ie. we have seen traffic in both directions, are
    added to the flow table. You can still decide to offload entries at a
    later stage via packet counting or checking the ct status in case you
    want to offload assured conntracks.
    
    This new extension depends on the conntrack subsystem.
    Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
    a3c90f7a
Makefile 8.55 KB