[ANNOUNCE] Proceedings of Netfilter Developer Workshop 2004
Harald Welte
laforge at netfilter.org
Mon Sep 27 17:16:31 CEST 2004
On Mon, Sep 27, 2004 at 04:31:16PM +0200, Piotr Gasid?o wrote:
> Target is useful when using MASQUERADE or SNAT. Using tc we are *unable*
> to put outgoing trafic from single IP (behind masquerade) into queue
> created on outgoing interface. With this target we can mark packets from
> each internal IP and then, using tc filter fw put it into queues. This
> target replaces many MARK rules, which can be really CPU hog.
if TC is all you care, why don't you write a new TC filter that
references the ip_conntrack and matches on adresses in there?
--
- Harald Welte <laforge at netfilter.org> http://www.netfilter.org/
============================================================================
"Fragmentation is like classful addressing -- an interesting early
architectural error that shows how much experimentation was going
on while IP was being designed." -- Paul Vixie
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : /pipermail/netfilter-devel/attachments/20040927/4fb6faac/attachment-0001.bin
More information about the netfilter-devel
mailing list