Re: [LARTC] Scalability

[George Alexandru Dragoi <waruiinu@gmail.com>]

I meant i want to block most of p2p, and allow only few of them and
shape them. So i will use connmark only for dc++ and edonkey. I want
that the bulk non p2p traffic, which is not really few, wont get
parsed by the p2p matches. Such traffic will be matched agains src ip
or dest ip, or port number (I even may may use IPMARK) which is not
CPU destroyer and wont generate bad latency. I know i should post that
to netfilter mailing list, I am still waiting for opinions.



On Wed, 29 Sep 2004 16:42:06 +0200, Andreas Klauer
<andreas.klauer@metamorpher.de> wrote:
> George Alexandru Dragoi wrote:
> > Perhaps a tweak would be to send 0x0 marked traffic to a chain and
> > apply such matches there, so really few traffic will  go to p2p
> > matching.
> 
> That's the way I'm doing it. But it's useful only if you're not blocking
> the p2p traffic. If you're blocking it, the connection should be closed
> anyway, so there's no need to check wether a connection was already
> marked or not. At least, ipp2p proposes it this way... you don't need
> connmark at all if you're just blocking all p2p traffic.
> 
> However, the result won't be that "really few traffic" will go to p2p
> matching... it's just that the already identified p2p connections won't
> go to p2p matching again.
> 
> All other traffic will still go to this chain. ipp2p has no "this is
> definitely NOT p2p" return value which would allow for further
> optimizations. You could try your luck with some other conditions, like
> if a connection was checked 10 times, don't check it again or something
> like that.
> 
> HTH
> Andreas
> 
> 



-- 
Bla bla
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/