Re: New H.323 conntrack & NAT helper module

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Patrick McHardy <kaber@trash.net>
To: Jing Min Zhao <zhaojingmin@hotmail.com>
Cc: netfilter-devel@lists.netfilter.org
Subject: Re: New H.323 conntrack & NAT helper module
Date: Sat, 04 Mar 2006 10:41:56 +0100	[thread overview]
Message-ID: <440960E4.80601@trash.net> (raw)
In-Reply-To: <BAY109-DAV96ADAFAB4170550F4A52FB3F40@phx.gbl>

Jing Min Zhao wrote:
> For the patch of adding support for non-linear SKBs, I admit
> it is even a bug if there is no support for non-linear SKBs,  but I have
> some different idea for the checksum method.
> 
>> Add support for non-linear SKBs. I know switching to
>> ip_nat_mangle_{tcp,udp}_packet is less efficient because it checksums
>> the packet on each call, but that can be fixed seperately by switching
>> it to incremental checksumming.
> 
> 
> Imagine a Setup signal with 30 fast-start entries (this is not unusual
> for Gnomemeeting
> and OpenPhone), if you use ip_nat_mangle_tcp_packet, you will have to
> call it 45
> times. For a RRQ message, you will possible call
> ip_nat_mangle_udp_packet more
> than 10 times if it contains many signal addresses. You can use incremental
> checksumming, but I'm still worrying about the efficiency. This is why I
> prefer to use
> a counter (please see the last paragraph) to track modifications and do the
> checksum only once.

I would expect incremental checksumming to be less expensive than
redoing the entire checksum. I'll try to get a patch ready for
testing this weekend, than we can compare the two approaches.


> 
>> Change the H.323 helper to support non-linear skbs similar to the other
>> helpers. This has two additional positive side-effects:
> 
> 
>> - skb_writable was broken as it always tried to reload the data
>> pointer with
>>   an assumed TPKT payload, even for H.225 RAS packets.
> 
> 
> This can be fixed by seeing the protocol.

Yes, but it complicates parsing multiple TPKTs.

>> there seems to be some debugging-leftover, the functions registering
>> expectations add up the number of registered expectations and return
>> that value, but nobody uses it. If there are no plans for using it,
>> I would prefer to have it removed.
>>
> 
> The return is actually a modification track counter. If a function
> successfully changed a
> packet, the counter will be increased. Finally, if the counter is
> positive, the packet will be
> checksumed; if it's 0, no changes; if negative, error happened.

Ahh of course. I only looked for users after removing the csum hook.

next prev parent reply	other threads:[~2006-03-04  9:41 UTC|newest]

Thread overview: 23+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-02-25  4:00 New H.323 conntrack & NAT helper module Greg Scott
2006-02-25  6:00 ` Jing Min Zhao
2006-02-25  9:01   ` Patrick McHardy
2006-02-25 17:07     ` Jing Min Zhao
2006-02-25 18:43       ` Patrick McHardy
2006-03-01  2:57         ` Jing Min Zhao
2006-03-04  9:41           ` Patrick McHardy [this message]
2006-03-13  2:22             ` Jing Min Zhao
2006-03-13 15:00               ` Patrick McHardy
2006-03-16  2:24                 ` Jing Min Zhao
2006-03-16  8:55                   ` Patrick McHardy
2006-03-17 14:56                     ` Jing Min Zhao
2006-03-18 16:38                     ` Jing Min Zhao
2006-03-18 16:47                       ` Patrick McHardy
2006-03-18 17:13                         ` Jing Min Zhao
2006-03-20 14:22                       ` Patrick McHardy
2006-03-20 15:51                         ` Jing Min Zhao
2006-03-20 19:13                           ` Patrick McHardy
2006-03-22 14:26                             ` Jing Min Zhao
2006-03-22 16:04                               ` Patrick McHardy
2006-03-22 16:18                                 ` Jing Min Zhao
  -- strict thread matches above, loose matches on Subject: below --
2006-02-22  5:56 Jing Min Zhao
2006-02-22  6:17 ` Patrick McHardy

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=440960E4.80601@trash.net \
    --to=kaber@trash.net \
    --cc=netfilter-devel@lists.netfilter.org \
    --cc=zhaojingmin@hotmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.