On Mon, May 21, 2018 at 7:01 PM, Sean Darcy <seandarcy2@xxxxxxxxx> wrote:
>
> The man page says
>
> "Flowtables reside in the ingress hook"
>
> but the lwn article referenced in the 0.8.4 announcement,
>
> table inet x {
> chain y {
> type filter hook forward priority 0; policy accept;
> ip protocol tcp flow offload counter
>
> uses filter table and the forward hook.
>
> So is a SIP a good use case for flowtables ? And if so, how ?
>
It's quite well explained how flow tables work in the official documentation at:
https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git/tree/Documentation/networking/nf_flowtable.txt
I believe that for the SIP case should work for both TCP and UDP flows
as the document states:
"(...) once the flow enters the
established state according to the conntrack semantics (ie. we have seen traffic
in both directions), then you can decide to offload the flow to the flowtable
from the forward chain (...)"
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
