From: Murat Sezgin <msezgin@codeaurora.org>
To: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Cc: "netfilter-devel@vger.kernel.org" <netfilter-devel@vger.kernel.org>
Subject: Re: "notification events for routing changes" patch
Date: Tue, 17 Nov 2015 09:55:21 -0800 [thread overview]
Message-ID: <D270A927.28DEF%msezgin@codeaurora.org> (raw)
In-Reply-To: <alpine.DEB.2.10.1511170925540.19459@blackhole.kfki.hu>
Yes I know about the merged code. It works well for the regular linux
network traffic, but as I said in my email, if the traffic is offloaded
from the linux networking stack, the subsequent flows, after the route
change, will never seen by the iptables_nat modules, so the conntarck
entry cannot be killed.
Thanks,
Murat
On 11/17/15, 12:28 AM, "Jozsef Kadlecsik" <kadlec@blackhole.kfki.hu> wrote:
>On Mon, 16 Nov 2015, Murat Sezgin wrote:
>
>> While I was looking for a solution in the kernel for general routing
>> change notification implementation, I came across your following patch.
>>
>> http://www.spinics.net/lists/netfilter-devel/msg24239.html
>>
>> In this email chain, you said that you found another simple solution and
>> implemented it in the masquerade module. I saw that commit in the
>>upstream
>> kernel.
>>
>> But I think the patch you proposed before also very useful for the fast
>> path implementations. Because when a connection starts to flow through
>>the
>> fast path, linux networking stack no longer sees those packets. Then, if
>> the route table is changed in some way, let?s say user add/delete a
>>route
>> with the ?route? or ?ip route? command, the fast path traffic will not
>> aware of this change. So, if we have a notification mechanism like you
>> have implemented, the fast path manager module can register itself to
>> these events and manage its connections accordingly.
>>
>> Do you have any plan to push and merge this path to the upstream kernel?
>
>No, the patch was inefficient from conntrack point of view and finally
>the
>patch "Handle routing changes in MASQUERADE target, v4" went into the
>kernel:
>
>http://www.spinics.net/lists/netfilter-devel/msg24276.html
>
>Best regards,
>Jozsef
>-
>E-mail : kadlec@blackhole.kfki.hu, kadlecsik.jozsef@wigner.mta.hu
>PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
>Address : Wigner Research Centre for Physics, Hungarian Academy of
>Sciences
> H-1525 Budapest 114, POB. 49, Hungary
next prev parent reply other threads:[~2015-11-17 17:55 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-17 4:26 "notification events for routing changes" patch Murat Sezgin
2015-11-17 8:28 ` Jozsef Kadlecsik
2015-11-17 17:55 ` Murat Sezgin [this message]
2015-11-17 20:25 ` Jozsef Kadlecsik
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=D270A927.28DEF%msezgin@codeaurora.org \
--to=msezgin@codeaurora.org \
--cc=kadlec@blackhole.kfki.hu \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.