From mboxrd@z Thu Jan 1 00:00:00 1970 From: Patrick McHardy Date: Fri, 09 Feb 2007 17:03:51 +0000 Subject: Re: [LARTC] Opinions about pom/patches [was: iptables 1.3.7, kernel Message-Id: <45CCA977.9080704@trash.net> List-Id: References: <54905.84.123.236.132.1165866276.squirrel@www.arcoscom.com> <57631.195.55.244.106.1165911878.squirrel@www.arcoscom.com> <457E6997.1050001@trash.net> <36479.195.55.244.106.1165998665.squirrel@www.arcoscom.com> <457FBBFD.6060009@trash.net> <45A48087.8090200@trash.net> <54696.195.55.244.106.1168435275.squirrel@www.arcoscom.com> <1169746884.4253.51.camel@andybev.localdomain> <45C005EB.1040704@netfilter.org> <1171028254.4244.26.camel@andybev.localdomain> In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: Krzysztof Oledzki Cc: lartc@mailman.ds9a.nl, netfilter-devel@lists.netfilter.org, Pablo Neira Ayuso Krzysztof Oledzki wrote: > Getting back to the question: generally I have no objection for > forwarding connlinit to the mainline but I believe we should first > investigate a possibilty to add support for other protocols than TCP. > AFAIK at least UDP support could be very usefull - p2p software > generates not only a lot of tcp cnnections but also udp flows and main > job for this extension is to prevent conntrack database overflows. Feel free to post a version you consider suitable for merging (without all the version ifdefs, only nf_conntrack support, etc). I had a quick look at the current version and it seems to maintain some internal hash of connections, IIRC that has not always been the case. In case that change is from you please add a short description. And it should probably support all protocols. _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc From mboxrd@z Thu Jan 1 00:00:00 1970 From: Patrick McHardy Subject: Re: Opinions about pom/patches [was: iptables 1.3.7, kernel 2.6.19, ROUTE and Layer7 issues] Date: Fri, 09 Feb 2007 18:03:51 +0100 Message-ID: <45CCA977.9080704@trash.net> References: <54905.84.123.236.132.1165866276.squirrel@www.arcoscom.com> <57631.195.55.244.106.1165911878.squirrel@www.arcoscom.com> <457E6997.1050001@trash.net> <36479.195.55.244.106.1165998665.squirrel@www.arcoscom.com> <457FBBFD.6060009@trash.net> <45A48087.8090200@trash.net> <54696.195.55.244.106.1168435275.squirrel@www.arcoscom.com> <1169746884.4253.51.camel@andybev.localdomain> <45C005EB.1040704@netfilter.org> <1171028254.4244.26.camel@andybev.localdomain> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: 7bit Cc: lartc@mailman.ds9a.nl, netfilter-devel@lists.netfilter.org, Pablo Neira Ayuso To: Krzysztof Oledzki Return-path: In-Reply-To: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: lartc-bounces@mailman.ds9a.nl Errors-To: lartc-bounces@mailman.ds9a.nl List-Id: netfilter-devel.vger.kernel.org Krzysztof Oledzki wrote: > Getting back to the question: generally I have no objection for > forwarding connlinit to the mainline but I believe we should first > investigate a possibilty to add support for other protocols than TCP. > AFAIK at least UDP support could be very usefull - p2p software > generates not only a lot of tcp cnnections but also udp flows and main > job for this extension is to prevent conntrack database overflows. Feel free to post a version you consider suitable for merging (without all the version ifdefs, only nf_conntrack support, etc). I had a quick look at the current version and it seems to maintain some internal hash of connections, IIRC that has not always been the case. In case that change is from you please add a short description. And it should probably support all protocols.