[Stripped Cc' list since it is not the original subject] On Sun, Jan 11, 2004 at 10:11:43PM +0100, Henrik Nordstrom wrote: > On Sun, 11 Jan 2004, Julian Anastasov wrote: > > > - use CONNMARK or similar functionality to keep the connection > > bound to its path. As long as CONNMARK is not a standard feature > > there is no safe way to use multipath routes with MASQUERADE and > > SNAT in the latest kernels. Even before this change it was risky > > to rely on the routing cache to keep NAT connections bound to > > its path in the multipath route - the cache entries expire. > > As the aurhor of CONNMARK I certainly do not mind having this progress > beyond path-o-matic extras.. I think we could push CONNMARK to the mainstream kernel in the next couple of weeks. I'd like to discuss one change with you first... that is using the mark field as a bitmask. We had that idea for a very long time, and didn't ever change it for the skb->nfmark field for the sake of compatibility. But now, when introducing a new mark field (the conntrack->mark field), I'd rather prefer implement matching/setting individual bitmasks from the beginning. What do you think? Would you be willing to add that feature, or alternatively don't mind if I'd add the respective changes myself? Also, please add a Copyright notice including your name and a reference to the GPL on top of the .c files. Another minor cosmetic issue: Could you please update it to use C99-style structure initializers in the code? Last, but not least: We'd need an etry for the iptables(8) manpage. Thanks. > Regards > Henrik -- - Harald Welte <laforge@netfilter.org> http://www.netfilter.org/ ============================================================================ "Fragmentation is like classful addressing -- an interesting early architectural error that shows how much experimentation was going on while IP was being designed." -- Paul Vixie
Attachment:
signature.asc
Description: Digital signature
