From 39e87e0ffc4eabf27d25459a369be425e9ef0474 Mon Sep 17 00:00:00 2001 From: Rosy Song Date: Tue, 15 May 2018 11:42:29 +0800 Subject: nftables: bump to 0.8.5 version Signed-off-by: Rosy Song --- .../patches/205-doc-nft-document-flowtable.patch | 128 --------------------- 1 file changed, 128 deletions(-) delete mode 100644 package/network/utils/nftables/patches/205-doc-nft-document-flowtable.patch (limited to 'package/network/utils/nftables/patches/205-doc-nft-document-flowtable.patch') diff --git a/package/network/utils/nftables/patches/205-doc-nft-document-flowtable.patch b/package/network/utils/nftables/patches/205-doc-nft-document-flowtable.patch deleted file mode 100644 index dd6faa5..0000000 --- a/package/network/utils/nftables/patches/205-doc-nft-document-flowtable.patch +++ /dev/null @@ -1,128 +0,0 @@ -From: Pablo Neira Ayuso -Date: Tue, 23 Jan 2018 12:58:30 +0100 -Subject: [PATCH] doc: nft: document flowtable - -Document the new flowtable objects available since Linux kernel 4.16-rc. - -Signed-off-by: Pablo Neira Ayuso ---- - ---- a/doc/nft.xml -+++ b/doc/nft.xml -@@ -1166,6 +1166,91 @@ filter input iif $int_ifs accept - - - -+ Flowtables -+ -+ -+ -+ add -+ create -+ -+ flowtable -+ family -+ table -+ flowtable -+ -+ hook hook -+ priority priority ; -+ devices = { device[,...] } ; -+ -+ -+ -+ -+ delete -+ list -+ -+ flowtable -+ family -+ table -+ flowtable -+ -+ -+ -+ -+ Flowtables allow you to accelerate packet forwarding in software. -+ Flowtables entries are represented through a tuple that is composed of the -+ input interface, source and destination address, source and destination -+ port; and layer 3/4 protocols. Each entry also caches the destination -+ interface and the gateway address - to update the destination link-layer -+ address - to forward packets. The ttl and hoplimit fields are also -+ decremented. Hence, flowtables provides an alternative path that allow -+ packets to bypass the classic forwarding path. Flowtables reside in the -+ ingress hook, that is located before the prerouting hook. You can select -+ what flows you want to offload through the flow offload -+ expression from the forward chain. Flowtables are -+ identified by their address family and their name. The address family -+ must be one of -+ -+ -+ ip -+ ip6 -+ inet -+ . -+ -+ The inet address family is a dummy family which is used to create -+ hybrid IPv4/IPv6 tables. -+ -+ When no address family is specified, ip is used by default. -+ -+ -+ -+ -+ -+ -+ -+ Add a new flowtable for the given family with the given name. -+ -+ -+ -+ -+ -+ -+ -+ Delete the specified flowtable. -+ -+ -+ -+ -+ -+ -+ -+ List all flowtables. -+ -+ -+ -+ -+ -+ -+ - Stateful objects - - -@@ -4923,6 +5008,24 @@ add rule nat prerouting tcp dport 22 red - - - -+ -+ -+ Flow offload statement -+ -+ A flow offload statement allows us to select what flows -+ you want to accelerate forwarding through layer 3 network -+ stack bypass. You have to specify the flowtable name where -+ you want to offload this flow. -+ -+ -+ -+ flow offload -+ @flowtable -+ -+ -+ -+ -+ - - Queue statement - -- cgit v1.1