[Bug 1700] Flowtable - Bug on devices deinition
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Tue Aug 22 20:32:01 CEST 2023
https://bugzilla.netfilter.org/show_bug.cgi?id=1700
--- Comment #6 from Pablo Neira Ayuso <pablo at netfilter.org> ---
(In reply to nicolasfort1988 from comment #5)
> Yes, I do agree that config should be as you remarked: consistence
> information between 'devices' in flowtable declaration, and 'iifname' in
> rule-set
>
> What I'm trying to say is that in the end, for offloading, it seems it
> doesn't matter what interfaces I used in the flowtable definition. I could
> declare no 'devices' at al while defining the flowtable, and then in ruleset
> just use iffnames for flows I want to offload.
No devices in the flowtable declaration mean that no flowtable lookups occur
from the ingress path, hence, fast path is exercised.
If you specify no devices in the flowtable declaration, you add entries to the
flowtable, but they are never used because no flowtable lookup ever happens.
> If that's the case, then info in
> https://wiki.nftables.org/wiki-nftables/index.php/Flowtables is not clear.
> Since only relevant interface configuration seems to be needed in the
> ruleset, and not in the flowtable definition.
Both interface configurations are relevant.
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20230822/425f50f5/attachment.html>
More information about the netfilter-buglog
mailing list