Lines Matching +full:key +full:- +full:up
1 .. SPDX-License-Identifier: GPL-2.0
8 flow-level packet processing on selected network devices. It can be
10 VLAN processing, network access control, flow-based network control,
22 extracting its flow key and looking it up in the flow table. If there
25 its processing, userspace will likely set up a flow to handle further
26 packets of the same type entirely in-kernel).
29 Flow key compatibility
30 ----------------------
35 versions to parse additional protocols as part of the flow key. It
39 applications to work with any version of the flow key, past or future.
43 flow key that it parsed from the packet. Userspace then extracts its
44 own notion of a flow key from the packet and compares it against the
45 kernel-provided version:
47 - If userspace's notion of the flow key for the packet matches the
50 - If the kernel's flow key includes more fields than the userspace
51 version of the flow key, for example if the kernel decoded IPv6
54 necessary. Userspace can still set up a flow in the usual way,
55 as long as it uses the kernel-provided flow key to do it.
57 - If the userspace flow key includes more fields than the
60 forward the packet manually, without setting up a flow in the
65 forwarding behavior, then it could set up a flow anyway.)
71 Flow key format
72 ---------------
74 A flow key is passed over a Netlink socket as a sequence of Netlink
83 flow key attributes. For informal explanatory purposes here, we write
84 them as comma-separated strings, with parentheses indicating arguments
85 and nesting. For example, the following could represent a flow key
97 Wildcarded flow key format
98 --------------------------
101 passed over the Netlink socket. A flow key, exactly as described above, and an
105 in the mask specifies a exact match with the corresponding bit in the flow key.
107 of a incoming packet. Using wildcarded flow can improve the flow set up rate
125 of the key exactly as originally installed. This will provides a handle to
133 performs best-effort detection of overlapping wildcarded flows and may reject
138 -----------------------
140 An alternative to using the original match portion of a key as the handle for
147 flow key if a UFID is specified.
151 ---------------------------------
155 "Flow key compatibility" above.
161 key attributes. It must not change the meaning of already defined
162 flow key attributes.
165 This rule does have less-obvious consequences so it is worth working
169 packet. The flow key for any packet with an 802.1Q header would look
175 key attribute to contain the VLAN tag, then continue to decode the
178 flow key much like this::
183 has not been updated to understand the new "vlan" flow key attribute.
198 Notice how the "eth_type", "ip", and "tcp" flow key attributes are
200 not understand the "vlan" key will not see either of those attributes
205 --------------------------
219 header, so that the TCP header is missing. The flow key for this
220 packet would include a tcp attribute with all-zero src and dst, like
227 after the Ethernet type. The flow key for this packet would include
228 an all-zero-bits vlan and an empty encap attribute, like this::
233 all-zero-bits VLAN TCI is not that rare, so the CFI bit (aka
236 Thus, the flow key in this second example unambiguously indicates a
240 -----------
244 - Duplicate attributes are not allowed at a given nesting level.
246 - Ordering of attributes is not significant.
248 - When the kernel sends a given flow key to userspace, it always