On 19/03/2020 11:38, Pablo Neira Ayuso wrote:
On Wed, Mar 18, 2020 at 04:46:08PM +0000, ѽ҉ᶬḳ℠ wrote:Trying to get flowtables to work but hitting a bit of a snag. Whilst nft -cf /path/to/conf (strangely) does not produce any error on deployment nft -f /path/to/conf it throws this error however: Error: Could not process rule: Not supported ip protocol tcp flow offload @ft ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ table inet filter { flowtable f { hook ingress priority filter devices = { pppoe-wan, lan0, lan1, lan2, lan3, lan4, br-lan } } chain input { type filter hook input priority filter; policy drop;You can only use the flowtable to accelerate the forwarding path. Please, define use the forward hook, ie. chain forward { type filter hook forward priority filter; policy drop;
Thanks for the pointer, got it working now. Had the forward hook defined but misread the wiki article and placed the > flow offload @ft < rule erroneously in the ingress path. Now in the forwarding path it is working.
