Re: [PATCH 10/10][CONNTRACK] introduce the pickup flag to take over connections

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Cc: Netfilter Development Mailinglist
	<netfilter-devel@lists.netfilter.org>,
	Patrick McHardy <kaber@trash.net>
Subject: Re: [PATCH 10/10][CONNTRACK] introduce the pickup flag to take over connections
Date: Thu, 13 Jul 2006 22:22:01 +0200	[thread overview]
Message-ID: <44B6AB69.7030700@netfilter.org> (raw)
In-Reply-To: <Pine.LNX.4.58.0607091718580.11722@blackhole.kfki.hu>

Jozsef Kadlecsik wrote:
> Hi Pablo,
> 
> On Fri, 7 Jul 2006, Pablo Neira Ayuso wrote:
> 
> 
>>This patch introduces a new flag called IPS_PICKUP that forces the
>>protocol handler to pick up the required information in order to ensure
>>that the connection will reach a successful state. Currently, the only
>>client is the TCP protocol helper.
>>
>>More arguments conntrackd or whatever failover solution need this.
>>
>>@Jozsef: You know better TCP sequence tracking in-deep details, can you
>>see any problem with this?
> 
> Nothing against it as I see. But I'd regard it as a preliminary step
> toward creating conntrack entries by conntrackd/failover: the missing bits
> are the flags (SACK and WSCALE) and the window scale factor. We assume
> SACK is on (which thus don't hurt), but disabled window scaling can really
> bite if it's actually on.

Interesting, since the scale factor is only advertised in the SYN+ACK 
packet, we need a patch to introduce a new ctnetlink attribute that 
contains the scale factor. I think that should be enough.

Thanks for the clue.

-- 
The dawn of the fourth age of Linux firewalling is coming; a time of 
great struggle and heroic deeds -- J.Kadlecsik got inspired by J.Morris

next prev parent reply	other threads:[~2006-07-13 20:22 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-07-07  2:16 [PATCH 10/10][CONNTRACK] introduce the pickup flag to take over connections Pablo Neira Ayuso
2006-07-10 13:26 ` Jozsef Kadlecsik
2006-07-13 20:22   ` Pablo Neira Ayuso [this message]
2006-07-17  8:17     ` Jozsef Kadlecsik

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=44B6AB69.7030700@netfilter.org \
    --to=pablo@netfilter.org \
    --cc=kaber@trash.net \
    --cc=kadlec@blackhole.kfki.hu \
    --cc=netfilter-devel@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.