Hello all, During some time I was trying to do NAT at user-space. Now I have done it, and works 'fine'(thanks to Eric, which answered me at this list about libnetfilter_conntrack). The code does what it need to do, but it seems to have a few performance loss. I'm capturing by libnetfilter_queue the first packet of each new connection(--state NEW -j NFQUEUE). I get the payload, create the conntrack entry, and set the verdict to NF_ACCEPT. It happens too fast, and a little time after the proccess it's blocked and ready to receive the next packet. But the packet seems to pass by just after a few seconds(about 3,4..) later. When I simply accept the packet, and don't create any conntrack entry, the packet seems to be sent/received in the same time I accept it. So, I think there's anything to do with connection tracking. What may I try to do about it?? Any idea?? Thank you all. []'s -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
