Re: [PATCH] MASQUERADE not flushing conntracks on ip change

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Patrick McHardy <kaber@trash.net>
To: Phil Oester <kernel@linuxace.com>
Cc: netfilter-devel@lists.netfilter.org
Subject: Re: [PATCH] MASQUERADE not flushing conntracks on ip change
Date: Thu, 04 Nov 2004 18:55:53 +0100	[thread overview]
Message-ID: <418A6D29.60004@trash.net> (raw)
In-Reply-To: <20041104154355.GA8553@linuxace.com>

Phil Oester wrote:

>On Thu, Nov 04, 2004 at 03:53:38AM +0100, Patrick McHardy wrote:
>  
>
>>I think we should revert to the old behaviour for all interfaces.
>>When MASQUERADE was using a route-lookup for selecting the source
>>there were good reasons for using MASQUERADE on devices with statically
>>configured adresses, and some people (like me) still do it today.
>>Simple adding a second IP address to an interface flushes all
>>MASQUERADEDED conntracks on the device, which is not very nice.
>>The optimization was meant for ppp devices anyway, if we can't use
>>it there I don't see much reason to keep it.
>>
>>Opinions anyone ?
>>    
>>
>
>It is nice that a powercycle of your router/switch/dslmodem/cablemodem/etc
>doesn't cause lost conntracks.  The optimization is of value here.
>
>Given these events are infrequent, and not in any fast path, any reason
>why the behaviour shouldn't be maintained for ethernet since it works
>there?
>  
>
Ok, I agree it is still useful, but using the inetaddr_notifier gives
false positives when more than one IP address is added to the interface.

Regards
Patrick

next prev parent reply	other threads:[~2004-11-04 17:55 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-11-02 21:04 [PATCH] MASQUERADE not flushing conntracks on ip change Phil Oester
2004-11-04  2:53 ` Patrick McHardy
2004-11-04 15:43   ` Phil Oester
2004-11-04 17:55     ` Patrick McHardy [this message]
2004-11-04 21:55       ` Henrik Nordstrom
2004-11-04 22:36         ` Patrick McHardy
2004-11-04 22:47           ` Phil Oester
2004-11-04 23:40           ` Henrik Nordstrom
2004-11-05 10:48             ` Harald Welte
2004-11-05 19:15               ` Patrick McHardy
2004-11-05 19:24                 ` Phil Oester
2004-11-08  1:17   ` Henrik Nordstrom
2004-11-08 16:07     ` Patrick McHardy

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=418A6D29.60004@trash.net \
    --to=kaber@trash.net \
    --cc=kernel@linuxace.com \
    --cc=netfilter-devel@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.