User`s guide
Networking
43
interface to the vlan interface if this interface exists. This change allows the iptables REDIRECT
target work with vlan-on-top-of-bridge configurations and the use of iptables -i" to match the vlan
device name. (3.5)
• Allow byte-based limit mode can be used with netfilter, for example, to support ingress-traffic
policing or to detect when a host or port consumes more bandwidth than expected. (3.5)
• Add support for sync threads to netfilter. (3.5)
• Remove ip_queue support from netfilter. (3.5)
• Add support for Layer 2 Tunneling Protocol (L2TP) over UDP in IPv6. (3.5)
• Add L2TPv3 IP encapsulation support for IPv6. (3.5)
• Add netlink API for L2TPv3 unmanaged tunnels over IPv6. (3.5)
• Remove IPv4 routing cache that was vulnerable to denial of service attacks. (3.6)
• Implement RFC 5691 3.2 and RFC 5961 4.2 (Mitigation against Blind Reset attack using RST bit and
SYN bit). (3.6)
• Add VTI support. (3.6)
• Add an interface option route_localnet that enables the routing of the 127/8 address block and
processing of ARP requests on a specific interface (for example, to address a pool of virtual guests
behind a load balancer). (3.6)
• Add multiqueue and netpoll support to team. (3.6)
• Add experimental zero-copy Tx support to tun. (3.6)
• Add support for 40GbE. (3.6)
• Add fail-open support to netfilter, where the queue-full condition does not drop packets. (3.6)
• Add user-space connection tracking helper infrastructure to netfilter. (3.6)
• Extends the ethtool interface to add support for the EEE commands: get_eee'and set_eee. (3.6)
• Add Generic Routing Encapsulation (GRE) over IPv6, generic segmentation offload (GSO), and GRO
capability. (3.7)
• Set default MTU for loopback devices to 64 KB. Allows TCP stacks to build large frames and
significantly reduces stack overhead. (3.7)
• Add an extended attribute to store data for the mapping between inode numbers in sockfs and protocol
types for use by lsof. 3.7
• Implement a per-task fragmentation allocator, which can improve TCP stream performance by 20% on
loopback devices. (3.7)
• Various netfilter changes:
• Add a protocol-independent NAT core.
• Add IPv6 MASQUERADE target.
• Add IPv6 NETMAP target.