Try   HackMD

計算機網路 - flowtable

The motivation of it [flow table] was actually the realization that packets that go through connections that are in ESTABLISHED state always do the same thing, so what can be done is that if we put a flow table in the beginning, before we start the ingress processing, to check if the packets that were just received is part of an ESTABLISHED connection, then basically we can just do the packet manipulation that is required, such as NAT address rewrite, and TTL decrement, and then just forward the packet to the egress device. If we have this set up, we could basically bypass all the chains … bypass everything and go from ingress processing directly to the egress processing.
- TC Connection tracking hardware offload, netdev 0x14

參考影片

LPC2019 - Netfilter Hardware Offloads

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

Netdev 0x14 - TC Connection tracking hardware offload

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

Conntrack offload: why and how - DevConf.CZ 2021

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →