conntrack for multiple interfaces

All of lore.kernel.org
 help / color / mirror / Atom feed

* conntrack for multiple interfaces
@ 2006-01-16 12:55 Kovesdi Gyorgy
  2006-01-17  8:27 ` KOVACS Krisztian
  2006-01-17  8:55 ` Balazs Scheidler
  0 siblings, 2 replies; 6+ messages in thread
From: Kovesdi Gyorgy @ 2006-01-16 12:55 UTC (permalink / raw)
  To: netfilter-devel

Hi,

Is there any special mailing list for libnetfiler_conntrack?

My machine has assigned the same IP range for multiple interfaces. Is the 
conntrack able to handle this?

Regards
Gyorgy Kovesdi

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: conntrack for multiple interfaces
  2006-01-16 12:55 conntrack for multiple interfaces Kovesdi Gyorgy
@ 2006-01-17  8:27 ` KOVACS Krisztian
  2006-01-17  8:55 ` Balazs Scheidler
  1 sibling, 0 replies; 6+ messages in thread
From: KOVACS Krisztian @ 2006-01-17  8:27 UTC (permalink / raw)
  To: netfilter-devel; +Cc: Kovesdi Gyorgy


  Hi,

On Monday 16 January 2006 13.55, Kovesdi Gyorgy wrote:
> Is there any special mailing list for libnetfiler_conntrack?

  I don't think so, you should use netfilter-devel for that purpose.

> My machine has assigned the same IP range for multiple interfaces. Is the
> conntrack able to handle this?

  Conntrack does not care about interfaces at all, so from conntrack's point 
of view having multiple interfaces with the same IP range assigned makes no 
difference.

-- 
 Regards,
  Krisztian Kovacs

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: conntrack for multiple interfaces
  2006-01-16 12:55 conntrack for multiple interfaces Kovesdi Gyorgy
  2006-01-17  8:27 ` KOVACS Krisztian
@ 2006-01-17  8:55 ` Balazs Scheidler
  2006-01-17 11:48   ` Carl-Daniel Hailfinger
  1 sibling, 1 reply; 6+ messages in thread
From: Balazs Scheidler @ 2006-01-17  8:55 UTC (permalink / raw)
  To: Kovesdi Gyorgy; +Cc: netfilter-devel

On Mon, 2006-01-16 at 13:55 +0100, Kovesdi Gyorgy wrote:
> Hi,
> 
> Is there any special mailing list for libnetfiler_conntrack?

I don't know of any, I think you can post here.

> 
> My machine has assigned the same IP range for multiple interfaces. Is the 
> conntrack able to handle this?

Conntrack is interface independent, however it does not handle when
tuples collide, it assumes they are part of the same connection. (ie. it
does not work, unless your IP space is actually divided between
interfaces and connections never collide)

-- 
Bazsi

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: conntrack for multiple interfaces
  2006-01-17  8:55 ` Balazs Scheidler
@ 2006-01-17 11:48   ` Carl-Daniel Hailfinger
  2006-01-17 12:19     ` KOVACS Krisztian
  0 siblings, 1 reply; 6+ messages in thread
From: Carl-Daniel Hailfinger @ 2006-01-17 11:48 UTC (permalink / raw)
  To: Balazs Scheidler; +Cc: Kovesdi Gyorgy, netfilter-devel

Balazs Scheidler schrieb:
> On Mon, 2006-01-16 at 13:55 +0100, Kovesdi Gyorgy wrote:
> 
>>My machine has assigned the same IP range for multiple interfaces. Is the 
>>conntrack able to handle this?
> 
> Conntrack is interface independent, however it does not handle when
> tuples collide, it assumes they are part of the same connection. (ie. it
> does not work, unless your IP space is actually divided between
> interfaces and connections never collide)

That's unfortunate. IIRC someone posted a patch to netfilter-devel half
a year ago (sorry, no exact date) to address that issue. Was there some
reason not to include it back then?
The only problem with that patch I can think of right now would be load
balancing over multiple links.


Regards,
Carl-Daniel

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: conntrack for multiple interfaces
  2006-01-17 11:48   ` Carl-Daniel Hailfinger
@ 2006-01-17 12:19     ` KOVACS Krisztian
  2006-01-17 12:48       ` Carl-Daniel Hailfinger
  0 siblings, 1 reply; 6+ messages in thread
From: KOVACS Krisztian @ 2006-01-17 12:19 UTC (permalink / raw)
  To: netfilter-devel; +Cc: Kovesdi Gyorgy, Balazs Scheidler, Carl-Daniel Hailfinger


  Hi,

On Tuesday 17 January 2006 12.48, Carl-Daniel Hailfinger wrote:
> > Conntrack is interface independent, however it does not handle when
> > tuples collide, it assumes they are part of the same connection. (ie.
> > it does not work, unless your IP space is actually divided between
> > interfaces and connections never collide)

  Yes, but current mode of operation does work in most cases.

> That's unfortunate. IIRC someone posted a patch to netfilter-devel half
> a year ago (sorry, no exact date) to address that issue. Was there some
> reason not to include it back then?
> The only problem with that patch I can think of right now would be load
> balancing over multiple links.

  Apart from breaking a couple of scenarios, what would be the advantage of 
differentiating connections per interface?

-- 
 Regards,
  Krisztian Kovacs

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: conntrack for multiple interfaces
  2006-01-17 12:19     ` KOVACS Krisztian
@ 2006-01-17 12:48       ` Carl-Daniel Hailfinger
  0 siblings, 0 replies; 6+ messages in thread
From: Carl-Daniel Hailfinger @ 2006-01-17 12:48 UTC (permalink / raw)
  To: KOVACS Krisztian; +Cc: Kovesdi Gyorgy, netfilter-devel, Balazs Scheidler

KOVACS Krisztian schrieb:
>   Hi,
> 
> On Tuesday 17 January 2006 12.48, Carl-Daniel Hailfinger wrote:
> 
>>>Conntrack is interface independent, however it does not handle when
>>>tuples collide, it assumes they are part of the same connection. (ie.
>>>it does not work, unless your IP space is actually divided between
>>>interfaces and connections never collide)
> 
> 
>   Yes, but current mode of operation does work in most cases.
> 
> 
>>That's unfortunate. IIRC someone posted a patch to netfilter-devel half
>>a year ago (sorry, no exact date) to address that issue. Was there some
>>reason not to include it back then?
>>The only problem with that patch I can think of right now would be load
>>balancing over multiple links.
> 
> 
>   Apart from breaking a couple of scenarios, what would be the advantage of 
> differentiating connections per interface?

The scenario of the OP (multiple interfaces with the same IP range) would
work without tuple collisions. And double NAT would be possible as well
with only one machine.


Regards,
Carl-Daniel

^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2006-01-17 12:48 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-01-16 12:55 conntrack for multiple interfaces Kovesdi Gyorgy
2006-01-17  8:27 ` KOVACS Krisztian
2006-01-17  8:55 ` Balazs Scheidler
2006-01-17 11:48   ` Carl-Daniel Hailfinger
2006-01-17 12:19     ` KOVACS Krisztian
2006-01-17 12:48       ` Carl-Daniel Hailfinger

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.