From mboxrd@z Thu Jan 1 00:00:00 1970 From: Phil Oester Subject: Re: [PATCH] MASQUERADE not flushing conntracks on ip change Date: Thu, 4 Nov 2004 07:43:55 -0800 Message-ID: <20041104154355.GA8553@linuxace.com> References: <20041102210440.GA1851@linuxace.com> <418999B2.3070600@trash.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: netfilter-devel@lists.netfilter.org Return-path: To: Patrick McHardy Content-Disposition: inline In-Reply-To: <418999B2.3070600@trash.net> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: netfilter-devel-bounces@lists.netfilter.org Errors-To: netfilter-devel-bounces@lists.netfilter.org List-Id: netfilter-devel.vger.kernel.org On Thu, Nov 04, 2004 at 03:53:38AM +0100, Patrick McHardy wrote: > I think we should revert to the old behaviour for all interfaces. > When MASQUERADE was using a route-lookup for selecting the source > there were good reasons for using MASQUERADE on devices with statically > configured adresses, and some people (like me) still do it today. > Simple adding a second IP address to an interface flushes all > MASQUERADEDED conntracks on the device, which is not very nice. > The optimization was meant for ppp devices anyway, if we can't use > it there I don't see much reason to keep it. > > Opinions anyone ? It is nice that a powercycle of your router/switch/dslmodem/cablemodem/etc doesn't cause lost conntracks. The optimization is of value here. Given these events are infrequent, and not in any fast path, any reason why the behaviour shouldn't be maintained for ethernet since it works there? Phil