From: Bernhard Schmidt <berni@birkenwald.de>
To: netfilter-devel@vger.kernel.org
Subject: Re: [NETFILTER 04/05]: nf_nat: always select same SNAT source for same host
Date: Tue, 13 Jan 2009 14:24:11 +0000 (UTC) [thread overview]
Message-ID: <gki86b$a4e$1@ger.gmane.org> (raw)
In-Reply-To: 47C5907F.3060904@trash.net
Patrick McHardy <kaber@trash.net> wrote:
Hello Patrick,
> Patrick McHardy wrote:
>> [NETFILTER]: nf_nat: always select same SNAT source for same host
>>
>> We've removed the SAME target in 2.6.25-rc since it had 32/64 bit compat
>> problems and the NAT core provides the same behaviour regarding IP
>> selection. This turned out to be not entirely correct though, the
>> NAT core only selects the same IP from a range for the same src,dst
>> combination. Some people need the same IP for all destinations however.
>>
>> The easiest way to do this is to ignore the destination IP when
>> doing SNAT. Since we're using jhash, we still get good distribution
>> for multiple source IPs.
>>
>> Tested-by: David Lau <mintypickle@gmail.com>
>>
>> Signed-off-by: Patrick McHardy <kaber@trash.net>
>
>
> Please drop this patch for now, David reported some bad distribution
> during further tests that I want to look into.
Any news on that? We're getting hit by that issue (ICQ fails to login,
amongst others). In 2.6.25, but I did not see any patch in recent
kernels that changes this.
Bernhard
next prev parent reply other threads:[~2009-01-13 14:30 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-02-27 13:14 [NETFILTER 00/05]: Netfilter fixes Patrick McHardy
2008-02-27 13:14 ` [NETFILTER 01/05]: nf_conntrack: fix smp_processor_id() in preemptible code warning Patrick McHardy
2008-02-27 20:09 ` David Miller
2008-02-27 13:14 ` [NETFILTER 02/05]: xt_conntrack: fix missing boolean clamping Patrick McHardy
2008-02-27 20:10 ` David Miller
2008-02-27 13:14 ` [NETFILTER 03/05]: xt_conntrack: fix IPv4 address comparison Patrick McHardy
2008-02-27 20:20 ` David Miller
2008-02-27 13:14 ` [NETFILTER 04/05]: nf_nat: always select same SNAT source for same host Patrick McHardy
2008-02-27 16:31 ` Patrick McHardy
2008-02-27 20:07 ` David Miller
2009-01-13 14:24 ` Bernhard Schmidt [this message]
2008-02-27 13:14 ` [NETFILTER 05/05]: Fix NF_QUEUE_NR() parenthesis Patrick McHardy
2008-02-27 20:21 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='gki86b$a4e$1@ger.gmane.org' \
--to=berni@birkenwald.de \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.