Adayadil Thomas wrote: > If the vlan id is used for hash, it still may not avoid the problem completely, > i.e. in case of both connections hashing to the same bucket. > > I was wondering about your opinion about adding an optional member to the tuple > structure, vid (for vlan id). > > I have attached the patch for this change. I would be grateful for any comments > such as dependencies on the rest of the system. Absolutely not, conntrack is not meant to deal with anything below the network layer and I don't want to add any hacks for the bridge netfilter "integration", which has already caused an endless amount of problems. Additionally this is just one of many possible identifiers people might want to use to distinguish similar entries and has a number of practical issues, like breaking asymetric setups using different VLANs for each direction. I might be willing to consider a generically usable numerical identifier to distinguish similar entries, something like "conntrack zones". This could also help with the defragmentation issue discussed earlier, the identifier would also be added to the defragmentation identifier, for asymetric setups the interfaces would be put in the same "zone". But it would be preferrable if we could do this using network namespaces somehow. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
