> On 30 Jun, 2016, at 12:33, Kevin Darbyshire-Bryant > <[email protected]> wrote: > > +#ifdef CONFIG_NET_SCH_ESFQ_NFCT > + enum ip_conntrack_info ctinfo; > + struct nf_conn *ct = nf_ct_get(skb, &ctinfo); > +#endif
Good find. If this actually works the way we want it to, it’ll make all the host-dependent modes (including triple-isolation) much more useful on the outer side of a NAT. My main concern is that the conntrack state might not be sorted out until it hits the firewall or routing logic. I’ll be very pleased if it happens sooner, or is actually triggered by the query rather than passing to some specific stage of processing. I have other work to do on the host and flow processing, but I think that’ll be independent of the hash function, which is where you want to be looking. - Jonathan Morton _______________________________________________ Cake mailing list [email protected] https://lists.bufferbloat.net/listinfo/cake
