|Subject:||Re: iptables breakage WAS(Re: dummy as IMQ replacement|
|From:||Andy Furniss <andy.furniss@xxxxxxxxxxxxx>|
|Date:||Fri, 25 Mar 2005 21:18:36 +0000|
|Cc:||Harald Welte <laforge@xxxxxxxxxxxx>, Patrick McHardy <kaber@xxxxxxxxx>, Remus <rmocius@xxxxxxxxxxxxxx>, netdev <netdev@xxxxxxxxxxx>, Nguyen Dinh Nam <nguyendinhnam@xxxxxxxxx>, Andre Tomt <andre@xxxxxxxx>, syrius.ml@xxxxxxxxxx, Damion de Soto <damion@xxxxxxxxxxxx>|
|References:||<1107123123.8021.80.camel@xxxxxxxxxxxxxxxx> <1110453757.1108.87.camel@xxxxxxxxxxxxxxxx> <423B7BCB.10400@xxxxxxxxxxxxx> <1111410890.1092.195.camel@xxxxxxxxxxxxxxxx> <423F41AD.3010902@xxxxxxxxxxxxx> <1111444869.1072.51.camel@xxxxxxxxxxxxxxxx> <423F71C2.8040802@xxxxxxxxxxxxx> <1111462263.1109.6.camel@xxxxxxxxxxxxxxxx> <42408998.5000202@xxxxxxxxxxxxx> <1111550254.1089.21.camel@xxxxxxxxxxxxxxxx> <4241C478.5030309@xxxxxxxxxxxxx> <1111607112.1072.48.camel@xxxxxxxxxxxxxxxx> <4241D764.2030306@xxxxxxxxxxxxx> <1111612042.1072.53.camel@xxxxxxxxxxxxxxxx> <4241F1D2.9050202@xxxxxxxxxxxxx> <4241F7F0.2010403@xxxxxxxxxxxxx> <1111625608.1037.16.camel@xxxxxxxxxxxxxxxx> <424212F7.10106@xxxxxxxxxxxxx> <1111663947.1037.24.camel@xxxxxxxxxxxxxxxx> <1111665450.1037.27.camel@xxxxxxxxxxxxxxxx> <4242DFB5.9040802@xxxxxxxxxxxxx> <1111749220.1092.457.camel@xxxxxxxxxxxxxxxx> <42446DB2.9070809@xxxxxxxxxxxxx> <1111781443.1092.631.camel@xxxxxxxxxxxxxxxx>|
|User-agent:||Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8b) Gecko/20050217|
Things will work once the "action track" is in place; i.e you would then say: "match xxx .. \ action track \ action connmark"
OK I would need that to recreate what I do now with IMQ hooked after deNAT so I can see local addresses and use connbytes in prerouting mangle (though that's on my 2.4 I can't get connbytes to work with latest netfilter yet anyway)
If i was to prioritize my time for new actions - how important is this?
Things are OK for me with IMQ - low bandwidth and not many filters seem fine. At high bandwidth/lots of filters it seems problematic - but then most people can use dummy now :-)
I'll have to re-run a test I did recently which was lots of tc filter matches at 8000pps - on egress IMQ was almost as good as directly on eth0. On ingress it was more than 10X worse.
I also wish someone else would start writting some of these actions ;-> Wanna right the tracking one? I could help - wink.
LOL - you'd probably end up writing it all anyway.I really should try and get into coding more though, apart from a few small hacks I have had no practice with C/kernel stuff.
|<Prev in Thread]||Current Thread||[Next in Thread>|
|Previous by Date:||Re: iptables breakage WAS(Re: dummy as IMQ replacement, Patrick McHardy|
|Next by Date:||Re: iptables breakage WAS(Re: dummy as IMQ replacement, Patrick McHardy|
|Previous by Thread:||Re: iptables breakage WAS(Re: dummy as IMQ replacement, jamal|
|Next by Thread:||IMQ again WAS(Re: iptables breakage WAS(Re: dummy as IMQ replacement, jamal|
|Indexes:||[Date] [Thread] [Top] [All Lists]|