From: Patrick McHardy <kaber@trash.net>
To: Adayadil Thomas <adayadil.thomas@gmail.com>
Cc: Ben Greear <greearb@candelatech.com>,
"Eric W. Biederman" <ebiederm@xmission.com>,
Eric Dumazet <eric.dumazet@gmail.com>,
Herbert Xu <herbert@gondor.apana.org.au>,
Linux Netdev List <netdev@vger.kernel.org>,
Netfilter Development Mailinglist
<netfilter-devel@vger.kernel.org>
Subject: Re: Connection tracking and vlan
Date: Mon, 02 Nov 2009 17:33:43 +0100 [thread overview]
Message-ID: <4AEF09E7.2010004@trash.net> (raw)
In-Reply-To: <fb7befa20911020814q2c4bcd1bj7e2b5a4c17ba0f89@mail.gmail.com>
Adayadil Thomas wrote:
> If the vlan id is used for hash, it still may not avoid the problem completely,
> i.e. in case of both connections hashing to the same bucket.
>
> I was wondering about your opinion about adding an optional member to the tuple
> structure, vid (for vlan id).
>
> I have attached the patch for this change. I would be grateful for any comments
> such as dependencies on the rest of the system.
Absolutely not, conntrack is not meant to deal with anything below
the network layer and I don't want to add any hacks for the bridge
netfilter "integration", which has already caused an endless amount
of problems. Additionally this is just one of many possible identifiers
people might want to use to distinguish similar entries and has a
number of practical issues, like breaking asymetric setups using
different VLANs for each direction.
I might be willing to consider a generically usable numerical
identifier to distinguish similar entries, something like
"conntrack zones". This could also help with the defragmentation
issue discussed earlier, the identifier would also be added to
the defragmentation identifier, for asymetric setups the interfaces
would be put in the same "zone".
But it would be preferrable if we could do this using network
namespaces somehow.
next prev parent reply other threads:[~2009-11-02 16:33 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-10-29 15:43 Connection tracking and vlan Adayadil Thomas
2009-10-30 15:20 ` Herbert Xu
2009-10-30 15:31 ` Eric Dumazet
2009-10-30 15:46 ` Herbert Xu
2009-10-30 16:19 ` Eric Dumazet
2009-10-30 16:27 ` Patrick McHardy
2009-10-30 16:55 ` Herbert Xu
2009-10-30 16:26 ` Patrick McHardy
2009-10-30 19:20 ` Adayadil Thomas
2009-10-30 19:51 ` Caitlin Bestler
2009-10-30 20:40 ` Adayadil Thomas
2009-10-30 23:15 ` Eric W. Biederman
2009-10-30 23:25 ` Ben Greear
2009-11-02 16:14 ` Adayadil Thomas
2009-11-02 16:30 ` Adayadil Thomas
2009-11-02 16:33 ` Patrick McHardy [this message]
2009-11-02 16:41 ` Eric Dumazet
2009-11-02 16:48 ` Patrick McHardy
2009-11-02 17:02 ` Eric W. Biederman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4AEF09E7.2010004@trash.net \
--to=kaber@trash.net \
--cc=adayadil.thomas@gmail.com \
--cc=ebiederm@xmission.com \
--cc=eric.dumazet@gmail.com \
--cc=greearb@candelatech.com \
--cc=herbert@gondor.apana.org.au \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).