[Top] [All Lists]

Re: [PATCH 2.6] iptables CONNMARK match+target

To: Henrik Nordstrom <hno@xxxxxxxxxxxxxxx>
Subject: Re: [PATCH 2.6] iptables CONNMARK match+target
From: Harald Welte <laforge@xxxxxxxxxxxxx>
Date: Thu, 21 Oct 2004 11:16:32 +0200
Cc: Linux Netdev List <netdev@xxxxxxxxxxx>, Netfilter Development Mailinglist <netfilter-devel@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <Pine.LNX.4.61.0410210912280.18310@xxxxxxxxxxxxxxxxxxxxx>
Mail-followup-to: Harald Welte <laforge@xxxxxxxxxxxxx>, Henrik Nordstrom <hno@xxxxxxxxxxxxxxx>, Linux Netdev List <netdev@xxxxxxxxxxx>, Netfilter Development Mailinglist <netfilter-devel@xxxxxxxxxxxxxxxxxxx>
References: <20041020222102.GO19899@xxxxxxxxxxxxxxxxxxxxxxx> <Pine.LNX.4.61.0410210912280.18310@xxxxxxxxxxxxxxxxxxxxx>
Sender: netdev-bounce@xxxxxxxxxxx
User-agent: Mutt/1.5.6+20040907i
On Thu, Oct 21, 2004 at 09:12:48AM +0200, Henrik Nordstrom wrote:
> On Thu, 21 Oct 2004, Harald Welte wrote:
> >This is the first patch, adding something similar like nfmark, but on a
> >per-conntrack (as opposed to per-skb) level.  Very useful especially for
> >asymmatric routing in combination with MASQUERADE, as often found on
> >home DSL setups with dymamic IP address that also have e.g. a tunnel
> >device with static IP.
> Is this with or without the mark operations?

What is 'this' you are referring to? 

'patch'? Well you should know your patch ;)

'very useful'? Yes, indeed.  I think it is already very useful, even
without MARK bit-wise operations (which AFAIK are not implemented with
the required compatibility issues we discussed at the netfilter
workshop, but which will be submitted once this is done).

- Harald Welte <laforge@xxxxxxxxxxxxx>   
  "Fragmentation is like classful addressing -- an interesting early
   architectural error that shows how much experimentation was going
   on while IP was being designed."                    -- Paul Vixie

Attachment: signature.asc
Description: Digital signature

<Prev in Thread] Current Thread [Next in Thread>