Re: When is CONNMARK patch going to be included in POM?

2002-02-25 Thread Harald Welte 

On Mon, Feb 25, 2002 at 10:43:40AM +0100, Henrik Nordstrom wrote:
 On Monday 25 February 2002 09:51, Harald Welte wrote:
 
  Well, as you know, it is now resolved - the mangle5hooks patch has
  made it into 2.4.18-preX and is definitely working since
  2.4.18-rc1.
 
 I am not referring to what hooks mangle shold hook into, but it's 
 priorities.

yes, I understood your question correctly.  But since there was now
committed a patch (with 5 hooks and their respective priority), you
can guess that there was some 'making up the mind'.  This actually happened
at the netfilter developer workshop and we agreed upon the same priority
as used up to now.

Result: If anybody needs a table attached before connection tracking, he
will have to introduce a new table.  There's no problem with that, and
it won't hurt anybody else.

 When I last proposed this patch your were thinking of moving mangle 
 infront of conntrack, to be able to exclude packets from conntrack I 
 think. Moving mangle infront of conntrack breaks parts of this patch 
 as the most common use of this patch is to mark packets on their 
 conntrack entry for use in routing.

As stated above, those plans are buried now.

 The .??*-test and libipt_* files goes into extensions (4 in total, 
 one match and one target), the CONNMARK.* files into patch-o-matic (8 
 in total).

thanks. I will apply them now.

 Regards
 Henrik

-- 
Live long and prosper
- Harald Welte / [EMAIL PROTECTED]   http://www.gnumonks.org/

GCS/E/IT d- s-: a-- C+++ UL$ P+++ L$ E--- W- N++ o? K- w--- O- M+ 
V-- PS++ PE-- Y++ PGP++ t+ 5-- !X !R tv-- b+++ !DI !D G+ e* h--- r++ y+(*)

Re: When is CONNMARK patch going to be included in POM?

2002-02-21 Thread Henrik Nordstrom 

Last time I posted it there was some disagreement regarding when/how 
mangle was to be called. Maybe Harald has made up his mind now?

I have not had any reason to make any changes to CONNMARK since last 
posted I think (the last filemodification date is May 20). As you say 
it works very well for solving a family of complex routing problems, 
but I have not tested it heavily on later kernels.

I would certainly not mind having it in patch-o-matic/extra if 
possible.

Thanks
Henrik


On Thursday 21 February 2002 19:31, Rupert Perry wrote:
 I have been using Henrik Nordstrom's CONNMARK patch on a production
 system since May last year very successfully.  It works very well
 and allows you to mark individual connections with a mark that can
 later be restored on other packets related to the same connection
 and then used for routing.  I use it on our external router which
 is attached to two different ISPs to route reply packets back to
 the ISP from whence the connection originated - very useful.

 So, why is CONNMARK still not included in Patch-o-matic?  Is there
 a more up-to-date version of the patch than the one which was
 originally posted to the netfilter development list?  There was one
 simple bug in this original version which I fixed by hand and I
 would be interested to see any new versions of the same patch.

 Many thanks,

 Rupert.