* iplimit issues
@ 2004-11-20 13:28 Ury N. Stankevich
2004-11-20 19:17 ` Pablo Neira
0 siblings, 1 reply; 2+ messages in thread
From: Ury N. Stankevich @ 2004-11-20 13:28 UTC (permalink / raw)
To: netfilter-devel
hi list
i have question about iplimit module. as i understand it storing all sessions.. but conntrack also do that.
i think we can use conntrack capabilities to store sessions and extent ipt_state.c to take in account number of sessions.
but i see one problem:
current hash_conntrack implementation use src.u.all field..
so to count all connection from ip addressess range we need walk over all ip_conntrack_hash .. this can be quite long i think..
have anyone experiments with this approach ?
maybe we can simply change hash_conntrack to use only src_ip:dst_ip:protocol as hash key ?
--
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: iplimit issues
2004-11-20 13:28 iplimit issues Ury N. Stankevich
@ 2004-11-20 19:17 ` Pablo Neira
0 siblings, 0 replies; 2+ messages in thread
From: Pablo Neira @ 2004-11-20 19:17 UTC (permalink / raw)
To: Ury N. Stankevich; +Cc: netfilter-devel
Ury N. Stankevich wrote:
>i think we can use conntrack capabilities to store sessions and extent ipt_state.c to take in account number of sessions.
>
>
right
>have anyone experiments with this approach ?
>
>
We are still discussing this. Have a look at these threads:
http://lists.netfilter.org/pipermail/netfilter-devel/2004-October/017276.html
http://lists.netfilter.org/pipermail/netfilter-devel/2004-November/017314.html
--
Pablo
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2004-11-20 19:17 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-11-20 13:28 iplimit issues Ury N. Stankevich
2004-11-20 19:17 ` Pablo Neira
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.