On Sat, Jul 11, 2015 at 03:14:07AM +0200, Daniel Borkmann wrote: > This work adds the possibility of deriving the zone id from the skb->mark > field in a scalable manner. This allows for having only a single template > serving 100s .. 1000s of different zones, for example, instead of needing > to have one match for each zone as an extra CT jump target. Note that we'd > need to have this information attached to the template as at the time when > we're trying to lookup a possible ct object, we already need to know zone > information for a possible match when going into __nf_conntrack_find_get(). > This work provides a minimal implementation for a possible mapping. I think connmark is a better place for this feature, given that the zone is a ct extension. Moreover, I guess it will not take long until someone sends us a patch to perform some bitwise operation to only fetch some of the skb->mark bits into the zone. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
