jamal wrote:
Things will work once the "action track" is in place; i.e you would
then say:
"match xxx .. \
action track \
action connmark"
OK I would need that to recreate what I do now with IMQ hooked after
deNAT so I can see local addresses and use connbytes in prerouting
mangle (though that's on my 2.4 I can't get connbytes to work with
latest netfilter yet anyway)
If i was to prioritize my time for new actions - how important is this?
Things are OK for me with IMQ - low bandwidth and not many filters seem
fine. At high bandwidth/lots of filters it seems problematic - but then
most people can use dummy now :-)
I'll have to re-run a test I did recently which was lots of tc filter
matches at 8000pps - on egress IMQ was almost as good as directly on
eth0. On ingress it was more than 10X worse.
I also wish someone else would start writting some of these actions ;->
Wanna right the tracking one? I could help - wink.
LOL - you'd probably end up writing it all anyway.
I really should try and get into coding more though, apart from a few
small hacks I have had no practice with C/kernel stuff.
Andy.
|