leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity

docs: networking: convert nf_flowtable.txt to ReST

Browse Source 
- add SPDX header;
- adjust title markup;
- mark code blocks and literals as such;
- add notes markups;
- adjust identation, whitespaces and blank lines;
- add to networking/index.rst.

Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Mauro Carvalho Chehab 2020-04-30 18:04:08 +02:00 committed by David S. Miller
parent 13df433f8c
commit aa3764276a
2 changed files with 31 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Documentation/networking/index.rst
View File

@ -86,6 +86,7 @@ Contents:
netfilter-sysctl netfilter-sysctl
netif-msg netif-msg
nf_conntrack-sysctl nf_conntrack-sysctl
nf_flowtable
.. only:: subproject and html .. only:: subproject and html

55
Documentation/networking/nf_flowtable.txt → Documentation/networking/nf_flowtable.rst
View File

@ -1,3 +1,6 @@
.. SPDX-License-Identifier: GPL-2.0
====================================
Netfilter's flowtable infrastructure Netfilter's flowtable infrastructure
==================================== ====================================
@ -31,15 +34,17 @@ to use this new alternative forwarding path via nftables policy.
This is represented in Fig.1, which describes the classic forwarding path This is represented in Fig.1, which describes the classic forwarding path
including the Netfilter hooks and the flowtable fastpath bypass. including the Netfilter hooks and the flowtable fastpath bypass.
userspace process ::
^ |
| | userspace process
_____|____ ____\/___ ^ |
/ \ / \ | |
| input | | output | _____|____ ____\/___
\__________/ \_________/ / \ / \
^ | | input | | output |
| | \__________/ \_________/
^ |
| |
_________ __________ --------- _____\/_____ _________ __________ --------- _____\/_____
/ \ / \ |Routing | / \ / \ / \ |Routing | / \
--> ingress ---> prerouting ---> |decision| | postrouting |--> neigh_xmit --> ingress ---> prerouting ---> |decision| | postrouting |--> neigh_xmit
@ -59,7 +64,7 @@ including the Netfilter hooks and the flowtable fastpath bypass.
\ / | \ / |
|__yes_________________fastpath bypass ____________________________| |__yes_________________fastpath bypass ____________________________|
Fig.1 Netfilter hooks and flowtable interactions Fig.1 Netfilter hooks and flowtable interactions
The flowtable entry also stores the NAT configuration, so all packets are The flowtable entry also stores the NAT configuration, so all packets are
mangled according to the NAT policy that matches the initial packets that went mangled according to the NAT policy that matches the initial packets that went
@ -72,18 +77,18 @@ Example configuration
--------------------- ---------------------
Enabling the flowtable bypass is relatively easy, you only need to create a Enabling the flowtable bypass is relatively easy, you only need to create a
flowtable and add one rule to your forward chain. flowtable and add one rule to your forward chain::
table inet x { table inet x {
flowtable f { flowtable f {
hook ingress priority 0; devices = { eth0, eth1 }; hook ingress priority 0; devices = { eth0, eth1 };
} }
chain y { chain y {
type filter hook forward priority 0; policy accept; type filter hook forward priority 0; policy accept;
ip protocol tcp flow offload @f ip protocol tcp flow offload @f
counter packets 0 bytes 0 counter packets 0 bytes 0
} }
} }
This example adds the flowtable 'f' to the ingress hook of the eth0 and eth1 This example adds the flowtable 'f' to the ingress hook of the eth0 and eth1
netdevices. You can create as many flowtables as you want in case you need to netdevices. You can create as many flowtables as you want in case you need to
@ -101,12 +106,12 @@ forwarding bypass.
More reading More reading
------------ ------------
This documentation is based on the LWN.net articles [1][2]. Rafal Milecki also This documentation is based on the LWN.net articles [1]_\ [2]_. Rafal Milecki
made a very complete and comprehensive summary called "A state of network also made a very complete and comprehensive summary called "A state of network
acceleration" that describes how things were before this infrastructure was acceleration" that describes how things were before this infrastructure was
mailined [3] and it also makes a rough summary of this work [4]. mailined [3]_ and it also makes a rough summary of this work [4]_.
[1] https://lwn.net/Articles/738214/ .. [1] https://lwn.net/Articles/738214/
[2] https://lwn.net/Articles/742164/ .. [2] https://lwn.net/Articles/742164/
[3] http://lists.infradead.org/pipermail/lede-dev/2018-January/010830.html .. [3] http://lists.infradead.org/pipermail/lede-dev/2018-January/010830.html
[4] http://lists.infradead.org/pipermail/lede-dev/2018-January/010829.html .. [4] http://lists.infradead.org/pipermail/lede-dev/2018-January/010829.html