From mboxrd@z Thu Jan  1 00:00:00 1970
From: Andreas Klauer <Andreas.Klauer@metamorpher.de>
Date: Wed, 29 Sep 2004 14:42:06 +0000
Subject: Re: [LARTC] Scalability
Message-Id: <415AC9BE.4070709@metamorpher.de>
List-Id: <lartc.vger.kernel.org>
References: <3063e50409290313b61b303@mail.gmail.com>
In-Reply-To: <3063e50409290313b61b303@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: lartc@vger.kernel.org

George Alexandru Dragoi wrote:
> Perhaps a tweak would be to send 0x0 marked traffic to a chain and
> apply such matches there, so really few traffic will  go to p2p
> matching.

That's the way I'm doing it. But it's useful only if you're not blocking
the p2p traffic. If you're blocking it, the connection should be closed
anyway, so there's no need to check wether a connection was already
marked or not. At least, ipp2p proposes it this way... you don't need
connmark at all if you're just blocking all p2p traffic.

However, the result won't be that "really few traffic" will go to p2p
matching... it's just that the already identified p2p connections won't
go to p2p matching again.

All other traffic will still go to this chain. ipp2p has no "this is
definitely NOT p2p" return value which would allow for further
optimizations. You could try your luck with some other conditions, like
if a connection was checked 10 times, don't check it again or something
like that.

HTH
Andreas

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/