Linx.Netfilter.Flowtable (Linx v0.1.0)

Copy Markdown View Source

An nftables flowtable — a connection-offload fast path that shortcuts the netfilter hooks for established flows.

A flowtable is attached to a base chain (forward hook, family-dependent) and lists devices on which to offload. Once a flow is in the table, subsequent packets bypass the rest of netfilter — software offload by default; hardware offload with :hw_offload flag if the NIC supports it.

Fields

  • :name — flowtable name (unique within the table).
  • :table — owning table's name.
  • :hook — kernel-side, flowtables can only attach to the forward / ingress hooks; Linx stores whatever you set.
  • :priority — integer or named atom; same shape as Chain's priority.
  • :devices — list of interface name strings.
  • :flags — list. :hw_offload is the common one.
  • :handle — kernel-assigned handle; nil until pushed.

Construction

iex> Flowtable.new("ft1", hook: :ingress, priority: 0,
...>                devices: ["eth0", "eth1"])
{:ok, %Linx.Netfilter.Flowtable{name: "ft1", ...}}

Errors: {:error, {:bad_flowtable, reason}}.

References

Summary

Types

t()

Functions

new(name, opts \\ [])

Builds a flowtable.

new!(name, opts \\ [])

Bang variant.

Types

t()

@type t() :: %Linx.Netfilter.Flowtable{
  devices: [String.t()],
  flags: [atom()],
  handle: pos_integer() | nil,
  hook: atom() | nil,
  name: String.t(),
  priority: integer() | atom() | {atom(), integer()} | nil,
  table: String.t() | nil
}

Functions

new(name, opts \\ [])

@spec new(
  String.t(),
  keyword()
) :: {:ok, t()} | {:error, {:bad_flowtable, term()}}

Builds a flowtable.

new!(name, opts \\ [])

@spec new!(
  String.t(),
  keyword()
) :: t()

Bang variant.