Le vendredi 04 juin 2010 à 14:29 +0200, Patrick McHardy a écrit :

Changli Gao wrote:

quoted

On Fri, Jun 4, 2010 at 7:40 PM, Patrick McHardy [off-list ref] wrote:

quoted

Eric Dumazet wrote:

quoted

Obviously, an IPS_UNTRACKED bit would be much easier to implement.
Would it be acceptable ?

That also would be fine. However the main idea behind using a nfctinfo
bit was that we wouldn't need the untracked conntrack anymore at all.
But I guess a per-cpu untrack conntrack would already be an improvement
over the current situation.

I think Eric didn't mean ip_conntrack_info but ip_conntrack_status
bit. Since we have had a IPS_TEMPLATE bit, I think another
IPS_UNTRACKED bit is also acceptable.

Yes, of course. But using one of these bits implies that we'd still
have the untracked conntrack.

Yes, it was my idea, with a per_cpu untracked conntrack.

I'll submit a patch, thanks.



--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html