Le vendredi 04 juin 2010 à 14:29 +0200, Patrick McHardy a écrit : > Changli Gao wrote: > > On Fri, Jun 4, 2010 at 7:40 PM, Patrick McHardy <kaber@xxxxxxxxx> wrote: > >> Eric Dumazet wrote: > >>> Obviously, an IPS_UNTRACKED bit would be much easier to implement. > >>> Would it be acceptable ? > >> That also would be fine. However the main idea behind using a nfctinfo > >> bit was that we wouldn't need the untracked conntrack anymore at all. > >> But I guess a per-cpu untrack conntrack would already be an improvement > >> over the current situation. > > > > I think Eric didn't mean ip_conntrack_info but ip_conntrack_status > > bit. Since we have had a IPS_TEMPLATE bit, I think another > > IPS_UNTRACKED bit is also acceptable. > > Yes, of course. But using one of these bits implies that we'd still > have the untracked conntrack. Yes, it was my idea, with a per_cpu untracked conntrack. I'll submit a patch, thanks. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
