[nf-failover] Re: [RFC] ct_sync 0.15 (corrected)
jamal
hadi at cyberus.ca
Thu Sep 30 14:24:08 CEST 2004
On Wed, 2004-09-29 at 11:02, Henrik Nordstrom wrote:
> On Wed, 29 Sep 2004, jamal wrote:
[..]
> If it was the case that when you received the reply packet you could know
> the state of this has not yet been syncronized then no problem, but before
> the state has been syncronized you don't know it is reply traffic.
Yes.
> > I think what you describe above needs to be done in the case of response
> > latency being lower than update latency. i.e its not a bad option. It
> > will slow down the setup time but thats only for the firts new packet.
>
> Only if you accept sloppy connection tracking without TCP windows etc.
> With netfilter conntrack moving to full tracking it is no longer the case
> and you will need relatively frequent syncronizations during the session,
> not only the first packet.
Hehehe. What is this? a conspiracy to make it harder to sync? ;->
Need some more thinking
cheers,
jamal
More information about the netfilter-devel
mailing list