Re: [RFC] Die to NOTRACK/TRACE, long live MARK!

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Philip Craig <philipc@snapgear.com>
To: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Cc: netfilter-devel@lists.netfilter.org
Subject: Re: [RFC] Die to NOTRACK/TRACE, long live MARK!
Date: Fri, 21 May 2004 10:20:06 +1000	[thread overview]
Message-ID: <40AD4B36.50202@snapgear.com> (raw)
In-Reply-To: <Pine.LNX.4.33.0405192236590.3749-100000@blackhole.kfki.hu>

Jozsef Kadlecsik wrote:
> We could introduce a new silly target for that purpose like NOTRACK or
> TRACE. However it's pure marking and we do have a interface to mark
> packets: the MARK target. So if we could tell the system which mark value
> has got the given special meaning, we wouldn't need a new target and we
> could even eliminate the NOTRACK/TRACE targets.

I assume this will mean allowing the MARK target to be used in the raw
table, otherwise you can't mark the packets before conntrack.

Will this mean that only one of these features can be used at a time,
since a packet cannot have multiple marks?  And use of any of these
features would preclude current uses of MARK, such as policy routing?
You could add support for masking bits of the mark, but you would have
to add this to the policy routing also.

What happens when you modify the /proc setting?  This will change the
state of packets currently being processed, which could cause problems.

-- 
Philip Craig - SnapGear, A CyberGuard Company - http://www.SnapGear.com

next prev parent reply	other threads:[~2004-05-21  0:20 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-05-19 21:30 [RFC] Die to NOTRACK/TRACE, long live MARK! Jozsef Kadlecsik
2004-05-20 10:48 ` Pablo Neira
2004-05-21  0:20 ` Philip Craig [this message]
2004-05-21  2:12   ` Patrick McHardy
2004-05-22 12:38     ` Jozsef Kadlecsik
2004-05-22 14:57       ` Patrick McHardy
2004-05-23  8:55         ` Martin Josefsson
2004-05-23 17:00           ` Patrick McHardy
2004-05-25 12:38         ` Pablo Neira
2004-05-25 17:45           ` Patrick McHardy
2004-05-27 10:33           ` Henrik Nordstrom
2004-05-28 11:41             ` Pablo Neira
2004-05-21 12:35   ` Jozsef Kadlecsik

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=40AD4B36.50202@snapgear.com \
    --to=philipc@snapgear.com \
    --cc=kadlec@blackhole.kfki.hu \
    --cc=netfilter-devel@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.