[PATCH 2.4] Introducing Bidirectional conntrack mark
Henrik Nordstrom
hno at marasystems.com
Thu Sep 8 18:10:10 CEST 2005
On Wed, 7 Sep 2005, Jesse Peng wrote:
> Greetings all,
> This patch fully derive from Henrik Nordstrom's long known connmark patch but is extended to bidirectional solution.
> The solution once discussed as the following link:
> https://lists.netfilter.org/pipermail/netfilter-devel/2005-March/018784.html
>
>
> Dear Henrik:
> Feel free to give any advice for the work extending your existing famous connmark patch.
>
> Dear Jian:
> I got approved for quite a period,but sorry for this late posting this patch after a busy season.Hope this help!
Patch seems incomplete. Can not find definition of conntrack->dir_mark
Also as before I still wonder if this relatively big amount of info in
each conntrack is really needed. CONNMARK already declares 32 bits per
conntrack entry free for any use. Perhaps better to extend CONNMARK with
shifting of the value allowing simple save/restore operations based on
direction (where directions is selected by the already existing conntrack
match).
But I do fully agree with the principle of being able to intelligenly keep
conntrack state information/mark direction dependent and that having just
a simple masking of the value is perhaps not sufficient in all situations.
Regards
Henrik
More information about the netfilter-devel
mailing list