Re: quick question

2002-03-14 Thread Joakim Axelsson
are requesting. Stay tuned :-) -- /Gozem A.K.A. Joakim Axelsson

Re: NAT and TTL

2002-03-20 Thread Joakim Axelsson
. There is nothing wrong with the way NAT handles TTL today. -- /Gozem A.K.A. Joakim Axelsson

Re: 802.1q interfaces and iptables

2002-04-05 Thread Joakim Axelsson
. -- /Gozem A.K.A. Joakim Axelsson

[Q] Adding a rule to a table, match-check_entry() behavior

2002-04-08 Thread Joakim Axelsson
() { struct ipt_rateinfo *r = ((struct ipt_rateinfo *)matchinfo)-master; ... } ---8 Meaning that every of the number copies we might get of this entry (?) the last one setting r-master is the one we are working with. Is this correct? Thanks! Keep the work up! -- /Gozem A.K.A. Joakim Axelsson

[PATCH] superlimit (and hashslot)

2002-04-10 Thread Joakim Axelsson
as a module in the kernel or as a library in any userspace program. Both is supported. ---8--- -- /Gozem A.K.A. Joakim Axelsson

Re: Limit module, counters reset on ANY changes

2002-04-14 Thread Joakim Axelsson
. Second i have had help with some spelling misstakes. One more feature may be added, namly that we stop ALL traffic when we go over our limit, for anti DoS. Stay put :-) Also a bug in the Makefile, not appling clean on 2.4.19-pre -- /Joakim Axelsson A.K.A Gozem@EFnet OPN

Re: Suggestions regarding multiport match and chain traversing

2002-04-17 Thread Joakim Axelsson
of 15? Yes the memory area can (much) be larger. -- /Joakim Axelsson A.K.A Gozem@EFnet OPN

Re: debug and notrack tables - proposal and questions

2002-04-17 Thread Joakim Axelsson
2002-04-17 21:16:40+0200, Harald Welte [EMAIL PROTECTED] - On Wed, Apr 17, 2002 at 05:20:36PM +0200, Martin Josefsson wrote: I'm just going to mention one of these other purposes. Joakim Axelsson has built a new limit match called superlimit that is a lot more powerful than the old limit

Re: odd state and conntrack match behavior

2002-04-17 Thread Joakim Axelsson
. :( but didn't fing anything :) Are you doing any NAT? Some of the state in -m conntrack are now some other state. -- /Joakim Axelsson A.K.A Gozem@EFnet OPN

Re: debug and notrack tables - proposal and questions

2002-04-20 Thread Joakim Axelsson
2002-04-19 15:39:38+0200, Jozsef Kadlecsik [EMAIL PROTECTED] - On Wed, 17 Apr 2002, Joakim Axelsson wrote: We would like to call this border. Just the same as filter INPUT, but the absoluty first thing that happens after the packet comes from the netcard-driver. Behaps a border OUTPUT

Re: bug in 2.4.18 + newnat?

2002-04-28 Thread Joakim Axelsson
developkernel since this is a develop project. -- /Joakim Axelsson A.K.A Gozem@EFnet OPN

Re: how to test and improve the performance of linux firewall?

2002-04-28 Thread Joakim Axelsson
in linux. Much faster. Is included in lastest kernel 2.5.* and will be included in 2.4.* soon. Also check for kernel-messages. If you are using conntrack you might want to increase that table size: modprobe ip_conntrack hashsize=131072 echo 262144 /proc/sys/net/ipv4/ip_conntrack_max -- /Joakim

Re: VLAN matching module

2002-05-15 Thread Joakim Axelsson
on libipt_helper But some doubts are cast upon it. Where I can get VLAN ID from tagged frame? I must make something else? Use the interface name directly. Example to let eth2 VLAN 3 pass: iptables -A INPUT -i eth2.3 -j ACCEPT -- /Joakim Axelsson A.K.A Gozem@EFnet OPN

Re: Re[2]: VLAN matching module

2002-05-15 Thread Joakim Axelsson
2002-05-15 17:44:16+0300, Nick Fedchik [EMAIL PROTECTED] - Hello Joakim Axelsson, Wednesday, May 15, 2002, 17:25:35, you wrote: Where I can get VLAN ID from tagged frame? I must make something else? JA Use the interface name directly. JA Example to let eth2 VLAN 3 pass: JA iptables

Re: Access to Rule number in libiptc

2002-05-19 Thread Joakim Axelsson
to parse the output of iptables or iptables-save. Use another script to insert new rules with iptables or iptables-restore. For next generation of netfilter we might consider making this lib a real library to be used by any program. -- /Joakim Axelsson A.K.A Gozem@EFnet OPN

Re: problem when using linux2.4 as firewall

2002-05-20 Thread Joakim Axelsson
://sweepstakes.yahoo.com/2002cnuser This is not a developer matter. Post this (with your setup of the firewall) to [EMAIL PROTECTED] -- /Joakim Axelsson A.K.A Gozem@EFnet OPN

Re: Bug#150467: user-defined chains vs. iptables module names

2002-06-20 Thread Joakim Axelsson
-a Mark --mark-option \ -j JUMP --jump-chain my_own_chain '-a' is unused today as well. Note that i did start all Actions with a capital and the rest lowercase. I guess however this is all due to iptables (pkttables?) for kernel 2.5. -- /Joakim Axelsson A.K.A Gozem@EFnet OPN

Re: cttest-0.1

2002-07-02 Thread Joakim Axelsson
5am during absolut low time. I'll try again later at primetime :-) One comment: In your script ctplot you have an absolute path to gnuplot which I guess not everyone has the same as you :-) -- /Joakim Axelsson A.K.A Gozem@EFnet OPN

Re: cttest-0.1

2002-07-05 Thread Joakim Axelsson
2002-07-03 06:15:02+0200, Joakim Axelsson [EMAIL PROTECTED] - I collected this data 5am during absolut low time. I'll try again later at primetime :-) Here is a new stat with about 85K entries: http://aaricia.hemmet.chalmers.se/~gozem/cttest-2002-07-05_1739/ Look at the 131072 original

Re: cttest-0.1

2002-07-05 Thread Joakim Axelsson
? I'll do the code part, but I won't do the docs. Well, I think we even can force people to use an odd count. if (hashsize%2 == 0) hashsize--; -- /Joakim Axelsson A.K.A Gozem@EFnet OPN

Re: cttest-0.1

2002-07-06 Thread Joakim Axelsson
) Athlon MP 1800+ (1533Mhz), with ECC/REG DDR266 memory. Ofcouse only using one CPU. For the test of your prime.c I can't say more than its not even measureable on my computer. But I got a very fast CPU. time ./prime 3457675589 3457675579 0.000u 0.000s 0:00.00 0.0% 0+0k 0+0io 87pf+0w -- /Joakim

Re: cttest-0.1

2002-07-06 Thread Joakim Axelsson
2002-07-06 23:14:51+0200, Joakim Axelsson [EMAIL PROTECTED] - Also with this idea of using power of (^), we tested the abcd hash using power of instead of just adding the values up: static u32 hash_abcd_power(struct ct_key *key) { u32 res; PER_HASH_TIMER_1

Re: cttest-0.3 (conntrack hashing)

2002-07-08 Thread Joakim Axelsson
that might do this. -- /Joakim Axelsson A.K.A Gozem@EFnet OPN