From: Patrick McHardy <kaber@trash.net>
To: Yasuyuki KOZAKAI <yasuyuki.kozakai@toshiba.co.jp>
Cc: laforge@netfilter.org, netfilter-devel@lists.netfilter.org,
usagi-core@linux-ipv6.org
Subject: Re: [PATCH NF_CONNTRACK] compatible ipt_conntrack
Date: Mon, 29 Aug 2005 23:01:38 +0200 [thread overview]
Message-ID: <431377B2.9080102@trash.net> (raw)
In-Reply-To: <200508291539.j7TFdujr019558@toshiba.co.jp>
Yasuyuki KOZAKAI wrote:
> Hi, Patrick, Harald,
>
> From: Patrick McHardy <kaber@trash.net>
> Date: Mon, 29 Aug 2005 13:14:49 +0200
>
>
>>I feel reluctant to add complexity just so users can switch between
>>them at runtime. It may be useful for debugging, but it doesn't look
>>like a realistic usage scenario. So I would also prefer having a
>>compile-time choice.
>
> I re-read old mails, and I seemed to mis-understand your intention.
> I was trying to make possible to compile both of ip_conntrack and
> nf_conntrack as module, and let user choose "Which is linked with match/target
> modules ?". But your opinion was that user choose ip_conntrack or
> nf_conntrack to compile, right ?
Yes, sorry for not beeing clearer on this before. I was always
more in favour of a compile-time solution, but would also be
fine with a simple and cleanly working run-time solution. But
I believe any extra-complexity for a run-time solution comes
with little gain for the user.
> Then, let user choose ip_conntrack/nf_conntrack to compile.
>
> From: Harald Welte <laforge@netfilter.org>
> Date: Sun, 28 Aug 2005 14:21:30 +0200
>
>
>>1) ip_conntrack and nf_conntrack can never be used both together in one
>> system. However, you can compile both of them as modules, and then
>> decide to load one or the other.
>
> The drawback of compile-time choice is that user cannot use ip_conntrack
> for IPv4 NAT and use nf_conntrack for only IPv6 stateful tracking. This is the
> reason why I tried above thing, but I changed my mind. This will not be
> problem because IPv4 NAT with nf_conntrack would be implemented in future,
> I think.
I agree, even if it is a problem, it will only be short-term.
next prev parent reply other threads:[~2005-08-29 21:01 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-06-20 9:19 [PATCH NF_CONNTRACK] compatible ipt_conntrack Yasuyuki KOZAKAI
2005-08-28 12:21 ` Harald Welte
2005-08-29 11:14 ` Patrick McHardy
[not found] ` <200508291539.j7TFduLF019555@toshiba.co.jp>
2005-08-29 15:49 ` Harald Welte
2005-08-30 6:40 ` Yasuyuki KOZAKAI
[not found] ` <200508291539.j7TFdujr019558@toshiba.co.jp>
2005-08-29 21:01 ` Patrick McHardy [this message]
2005-08-29 21:57 ` David S. Miller
2005-08-29 22:09 ` Patrick McHardy
2005-08-29 15:39 ` Yasuyuki KOZAKAI
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=431377B2.9080102@trash.net \
--to=kaber@trash.net \
--cc=laforge@netfilter.org \
--cc=netfilter-devel@lists.netfilter.org \
--cc=usagi-core@linux-ipv6.org \
--cc=yasuyuki.kozakai@toshiba.co.jp \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.