Whilst testing NFTables's flow offload on a node with a PPPoE subscriber
line it turned out that the flow offload happens with the NIC netdev and
not (as I expected) the virtual PPPoE netdev.
Just for reference this being the NFT config (eth2 being the NIC)
flowtable fte {
hook ingress priority -100
devices = { eth2 }
counter
}
ip protocol { 6, 17 } flow add @fte;
ip6 nexthdr { 6, 17 } flow add @fte;
Why would the packet filtering have to take place on the PPPoE netdev
but the flowatable happens with the NIC instead?
