diff options
author | Ryoga Saito <contact@proelbtn.com> | 2021-08-17 08:39:37 +0000 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-08-30 01:51:36 +0200 |
commit | 7a3f5b0de3647c854e34269c3332d7a1e902901a (patch) | |
tree | 39039a7ed9680a98fa2bb36135f83d30ce708526 /Documentation/networking | |
parent | 7bc416f1471686faa8030cd5338f6a5370e01b25 (diff) |
netfilter: add netfilter hooks to SRv6 data plane
This patch introduces netfilter hooks for solving the problem that
conntrack couldn't record both inner flows and outer flows.
This patch also introduces a new sysctl toggle for enabling lightweight
tunnel netfilter hooks.
Signed-off-by: Ryoga Saito <contact@proelbtn.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'Documentation/networking')
-rw-r--r-- | Documentation/networking/nf_conntrack-sysctl.rst | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/Documentation/networking/nf_conntrack-sysctl.rst b/Documentation/networking/nf_conntrack-sysctl.rst index 024d784157c8..34ca762ea56f 100644 --- a/Documentation/networking/nf_conntrack-sysctl.rst +++ b/Documentation/networking/nf_conntrack-sysctl.rst @@ -184,6 +184,13 @@ nf_conntrack_gre_timeout_stream - INTEGER (seconds) This extended timeout will be used in case there is an GRE stream detected. +nf_hooks_lwtunnel - BOOLEAN + - 0 - disabled (default) + - not 0 - enabled + + If this option is enabled, the lightweight tunnel netfilter hooks are + enabled. This option cannot be disabled once it is enabled. + nf_flowtable_tcp_timeout - INTEGER (seconds) default 30 |