[Top] [All Lists]

Re: [PATCH 2.6] iptables CONNMARK match+target

To: Harald Welte <laforge@xxxxxxxxxxxxx>
Subject: Re: [PATCH 2.6] iptables CONNMARK match+target
From: Henrik Nordstrom <hno@xxxxxxxxxxxxxxx>
Date: Thu, 21 Oct 2004 12:25:35 +0200 (CEST)
Cc: Linux Netdev List <netdev@xxxxxxxxxxx>, Netfilter Development Mailinglist <netfilter-devel@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <20041021091632.GB3551@xxxxxxxxxxxxxxxxxxxxxxx>
References: <20041020222102.GO19899@xxxxxxxxxxxxxxxxxxxxxxx> <Pine.LNX.4.61.0410210912280.18310@xxxxxxxxxxxxxxxxxxxxx> <20041021091632.GB3551@xxxxxxxxxxxxxxxxxxxxxxx>
Sender: netdev-bounce@xxxxxxxxxxx
On Thu, 21 Oct 2004, Harald Welte wrote:

Is this with or without the mark operations?

What is 'this' you are referring to?

The CONNMARK patch.

'very useful'? Yes, indeed.  I think it is already very useful, even
without MARK bit-wise operations (which AFAIK are not implemented with
the required compatibility issues we discussed at the netfilter
workshop, but which will be submitted once this is done).

This is what I am talking about, and answers my question.

The MARK bit-wise operations is also available for CONNMARK and could in theory be included in CONNMARK when submitted to the kernel as this won't break compatibility with existing kernels (only patched kernels), but probably not worth it unless the same functionality is also available in MARK which we currently can't do due to the compatibility issue..

Once the compatibility issue is solved for MARK there should not be a problem to use the same to extend CONNMARK with mark bitwise operations if not included in the initial submission.

I am fine either way.


<Prev in Thread] Current Thread [Next in Thread>