[Top] [All Lists]

Re: [ANNOUNCE] nf-hipac v0.8 released

To: Pekka Savola <pekkas@xxxxxxxxxx>
Subject: Re: [ANNOUNCE] nf-hipac v0.8 released
From: Michael Bellion and Thomas Heinz <nf@xxxxxxxxx>
Date: Sun, 29 Jun 2003 18:26:49 +0200
Cc: linux-kernel@xxxxxxxxxxxxxxx, netdev@xxxxxxxxxxx
References: <Pine.LNX.4.44.0306290924310.28882-100000@xxxxxxxxxx>
Sender: netdev-bounce@xxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux i686; de-AT; rv:1.0.0) Gecko/20020623 Debian/1.0.0-0.woody.1
Hi Pekka

You wrote:
We are going to test the stuff tomorrow on an i386 and tell you
the results afterwards.

Well, nf-hipac works fine together with the ebtables patch for 2.4.21
on an i386 machine. We expect it to work with other patches too.

In principle, nf-hipac should work properly whith the bridge patch.
We expect it to work just like iptables apart from the fact that
you cannot match on bridge ports.

Well, this statement holds for the native nf-hipac in/out interface
match but of course you can match on bridge ports with nf-hipac
using the iptables physdev match. So everything should be fine :)

One obvious thing that's missing in your performance and Roberto's figures is what *exactly* are the non-matching rules. Ie. do they only match IP address, a TCP port, or what? (TCP port matching is about a degree of complexity more expensive with iptables, I recall.)

[answered in private e-mail]


|   Michael Bellion     |     Thomas Heinz     |
| <mbellion@xxxxxxxxx>  |  <creatix@xxxxxxxxx> |

<Prev in Thread] Current Thread [Next in Thread>