Re: conntrack - UDP = good

Re: conntrack - UDP = good

[Antony Stone]

On Wednesday 23 June 2004 5:01 pm, Tobias DiPasquale wrote:

> Hi all,
>
> Is there a way to get conntrack to _not_ track UDP connections (or
> also ICMP)? It seems rather pointless to me and its certainly taking
> up way too much memory on my box just for some DNS queries. Any ideas?

This may help:

http://lists.netfilter.org/pipermail/netfilter/2003-October/047892.html

Regards,

Antony.

-- 
Perfection in design is achieved not when there is nothing left to add, but 
rather when there is nothing left to take away.

 - Antoine de Saint-Exupery

                                                     Please reply to the list;
                                                           please don't CC me.

conntrack - UDP = good

[Tobias DiPasquale]

Hi all,

Is there a way to get conntrack to _not_ track UDP connections (or
also ICMP)? It seems rather pointless to me and its certainly taking
up way too much memory on my box just for some DNS queries. Any ideas?

-- 
[ Tobias DiPasquale ]
0x636f6465736c696e67657240676d61696c2e636f6d

Re: conntrack - UDP = good

[Feizhou]

Antony Stone wrote:
> On Wednesday 23 June 2004 5:01 pm, Tobias DiPasquale wrote:
> 
> 
>>Hi all,
>>
>>Is there a way to get conntrack to _not_ track UDP connections (or
>>also ICMP)? It seems rather pointless to me and its certainly taking
>>up way too much memory on my box just for some DNS queries. Any ideas?
> 
> 
> This may help:
> 
> http://lists.netfilter.org/pipermail/netfilter/2003-October/047892.html

The raw table support is now an option in 2.6.6 and above.

Not sure about the iptables support that comes with your distro though.

Fecora kernel + conntrack + QUEUE mangle good?

[Scott MacKay]

Hello,
   I have a userspace app which does some mangling on
packets in the userspace QUEUE target under 2.4.x.  It
relies on conntrack being loaded to defragment packets
(it is in the POSTROUTING,mangle table).  Works dandy
under 2.4.x.
   I loaded up a Fedora RC2 machine (2.6.5 maybe?) to
see how well it would work and for most packets it was
fine.  I was losing large packets, however (ie: 24K
UDP packets).  After some investigation and putting
some checksum code in place, it looks like the
packet's contents were getting corrupted by comparing
checksums on the sender QUEUE and the receiver's QUEUE
userspace apps.  I am still checking on when this
occurs, but when using 24K, the last bits of the
defragmented packet were all '0's instead of the
original value.  I believe that if I do not alter the
packet, that there are no issues (need to confirm
today).  I will be continuing tests today, but are
there any known issues when altering large packets in
userspace under the 2.6 kernel?  Thanks in advance!!

-Scott


		
__________________________________
Do you Yahoo!?
Yahoo! Mail is new and improved - Check it out!
http://promotions.yahoo.com/new_mail