Re: [PATCH] reduce netfilte sk_buff enlargement

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Patrick McHardy <kaber@trash.net>
To: Wensong Zhang <wensong@linux-vs.org>
Cc: Harald Welte <laforge@netfilter.org>,
	netdev@vger.kernel.org, Marcel Holtmann <marcel@holtmann.org>,
	netfilter-devel@lists.netfilter.org
Subject: Re: [PATCH] reduce netfilte sk_buff enlargement
Date: Wed, 20 Jul 2005 23:35:09 +0200	[thread overview]
Message-ID: <42DEC38D.8070102@trash.net> (raw)
In-Reply-To: <Pine.LNX.4.63.0507202335530.1564@penguin.linux-vs.org>

Wensong Zhang wrote:
>> Well, I hope IPVS people will take care of this.  I don't really know
>> that code too well...
>>
> This bit is only to indicate that the sk_buff is already mangled by 
> IPVS/NAT, so that when both iptables/NAT and IPVS/NAT are enabled, 
> iptables/NAT will not mangle sk_buff again. I am not sure if there is 
> more elegant way to work around this issue, will investigate it.

For new connections you could set the IPS_SRC_NAT_DONE and
IPS_DST_NAT_DONE bits in conntrack->status to avoid NAT setting up
new mappings. But this doesn't work if IPVS is loaded when NAT
has already set up the mappings. In this case you could refuse
to NAT in IPVS.

Regards
Patrick

next prev parent reply	other threads:[~2005-07-20 21:35 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-07-16 21:40 [PATCH] reduce netfilte sk_buff enlargement Harald Welte
2005-07-19  3:31 ` David S. Miller
2005-07-19  7:18   ` Jan Engelhardt
2005-07-19  7:23     ` David S. Miller
2005-07-20 13:23   ` Harald Welte
2005-07-20 15:43     ` Wensong Zhang
2005-07-20 21:35       ` Patrick McHardy [this message]
2005-07-20 18:43     ` David S. Miller
2005-07-21 18:20     ` Marcel Holtmann
2005-07-21 20:12       ` David S. Miller
2005-07-21 21:42         ` Marcel Holtmann
2005-07-21 22:10           ` David S. Miller
2005-07-21 22:29           ` David S. Miller
2005-07-21 23:49             ` Marcel Holtmann
2005-07-21 23:52               ` David S. Miller
2005-07-22  0:26                 ` Marcel Holtmann
2005-07-22 22:54                   ` David S. Miller
2005-07-23  1:36                     ` Marcel Holtmann
2005-07-25  2:18                       ` David S. Miller
2005-07-22  8:34             ` Amin Azez

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=42DEC38D.8070102@trash.net \
    --to=kaber@trash.net \
    --cc=laforge@netfilter.org \
    --cc=marcel@holtmann.org \
    --cc=netdev@vger.kernel.org \
    --cc=netfilter-devel@lists.netfilter.org \
    --cc=wensong@linux-vs.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).