[ANNOUNCE] Proceedings of Netfilter Developer Workshop 2004

Harald Welte laforge at netfilter.org
Mon Sep 27 17:16:31 CEST 2004


On Mon, Sep 27, 2004 at 04:31:16PM +0200, Piotr Gasid?o wrote:
> Target is useful when using MASQUERADE or SNAT. Using tc we are *unable*
> to put outgoing trafic from single IP (behind masquerade) into queue
> created on outgoing interface. With this target we can mark packets from
> each internal IP and then, using tc filter fw put it into queues. This
> target replaces many MARK rules, which can be really CPU hog.

if TC is all you care, why don't you write a new TC filter that
references the ip_conntrack and matches on adresses in there?

-- 
- Harald Welte <laforge at netfilter.org>             http://www.netfilter.org/
============================================================================
  "Fragmentation is like classful addressing -- an interesting early
   architectural error that shows how much experimentation was going
   on while IP was being designed."                    -- Paul Vixie
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : /pipermail/netfilter-devel/attachments/20040927/4fb6faac/attachment-0001.bin


More information about the netfilter-devel mailing list