On 2018-01-08 06:32, Pablo Neira Ayuso wrote:
Hi Subash,
One more concern before this gets upstream.
Do you think we can turn this into an on/off knob instead?
I mean, I think it's good if you add a new
NF_IP_PRI_RAW_BEFORE_DEFRAG and we place it into uapi.
I'm just worried about follow up
Hi Subash,
One more concern before this gets upstream.
On Wed, Jan 03, 2018 at 09:24:47PM -0700, Subash Abhinov Kasiviswanathan wrote:
> conntrack defrag is needed only if some module like CONNTRACK or NAT
> explicitly requests it. For plain forwarding scenarios, defrag is
> not needed and can
conntrack defrag is needed only if some module like CONNTRACK or NAT
explicitly requests it. For plain forwarding scenarios, defrag is
not needed and can be skipped if NOTRACK is set in a rule.
Since conntrack defrag is currently higher priority than raw table,
setting NOTRACK is not sufficient.
