[Cake] flow dissector idea/enhancement - help
Jonathan Morton
chromatix99 at gmail.com
Thu Jun 30 06:27:40 EDT 2016
> On 30 Jun, 2016, at 12:33, Kevin Darbyshire-Bryant <kevin at darbyshire-bryant.me.uk> wrote:
>
> +#ifdef CONFIG_NET_SCH_ESFQ_NFCT
> + enum ip_conntrack_info ctinfo;
> + struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
> +#endif
Good find. If this actually works the way we want it to, it’ll make all the host-dependent modes (including triple-isolation) much more useful on the outer side of a NAT.
My main concern is that the conntrack state might not be sorted out until it hits the firewall or routing logic. I’ll be very pleased if it happens sooner, or is actually triggered by the query rather than passing to some specific stage of processing.
I have other work to do on the host and flow processing, but I think that’ll be independent of the hash function, which is where you want to be looking.
- Jonathan Morton
More information about the Cake
mailing list