* New libnetfilter_conntrack API: why two values of layer 3/4?
@ 2006-12-29 16:59 Victor Stinner
0 siblings, 0 replies; 3+ messages in thread
From: Victor Stinner @ 2006-12-29 16:59 UTC (permalink / raw)
To: Netfilter Developer Mailing List
Hi,
In new libnetfilter_conntrack API, I see:
ATTR_ORIG_L3PROTO = 15
ATTR_REPL_L3PROTO = 16
ATTR_ORIG_L4PROTO = 17
ATTR_REPL_L4PROTO = 18
Is it possible to change layer 3 protocol with NAT? or layer4? If not, one
constant will be enough ;-)
And for counters, are they 32 or 64 bits?
ATTR_ORIG_COUNTER_PACKETS = 26
ATTR_REPL_COUNTER_PACKETS = 27
ATTR_ORIG_COUNTER_BYTES = 28
ATTR_REPL_COUNTER_BYTES = 29
32 bits (2 GB) sounds small with a gigabyte interface or long uptime (old
connection).
Haypo
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: New libnetfilter_conntrack API: why two values of layer 3/4?
2006-12-29 17:06 Victor Stinner
@ 2006-12-29 21:15 ` Pablo Neira Ayuso
0 siblings, 0 replies; 3+ messages in thread
From: Pablo Neira Ayuso @ 2006-12-29 21:15 UTC (permalink / raw)
To: Victor Stinner; +Cc: Netfilter Developer Mailing List
Victor Stinner wrote:
> In new libnetfilter_conntrack API, I see:
>
> ATTR_ORIG_L3PROTO = 15
> ATTR_REPL_L3PROTO = 16
> ATTR_ORIG_L4PROTO = 17
> ATTR_REPL_L4PROTO = 18
>
> Is it possible to change layer 3 protocol with NAT? or layer4? If not, one
> constant will be enough ;-)
Indeed, there is no real usefulness currently, but if the connection
tracking ever supports tunneling ipv4-to-ipv6, I'll have to take them
back, so I prefer leaving this issue open.
> And for counters, are they 32 or 64 bits?
>
> ATTR_ORIG_COUNTER_PACKETS = 26
> ATTR_REPL_COUNTER_PACKETS = 27
> ATTR_ORIG_COUNTER_BYTES = 28
> ATTR_REPL_COUNTER_BYTES = 29
>
> 32 bits (2 GB) sounds small with a gigabyte interface or long uptime (old
> connection).
We've been discussing about this issue lately and there is a patch on
the table for the connection tracking to go back 64 bits counters. In
any case, the library will be able to support both counter sizes.
--
The dawn of the fourth age of Linux firewalling is coming; a time of
great struggle and heroic deeds -- J.Kadlecsik got inspired by J.Morris
^ permalink raw reply [flat|nested] 3+ messages in thread
* New libnetfilter_conntrack API: why two values of layer 3/4?
@ 2006-12-29 17:06 Victor Stinner
2006-12-29 21:15 ` Pablo Neira Ayuso
0 siblings, 1 reply; 3+ messages in thread
From: Victor Stinner @ 2006-12-29 17:06 UTC (permalink / raw)
To: Netfilter Developer Mailing List
Hi,
In new libnetfilter_conntrack API, I see:
ATTR_ORIG_L3PROTO = 15
ATTR_REPL_L3PROTO = 16
ATTR_ORIG_L4PROTO = 17
ATTR_REPL_L4PROTO = 18
Is it possible to change layer 3 protocol with NAT? or layer4? If not, one
constant will be enough ;-)
And for counters, are they 32 or 64 bits?
ATTR_ORIG_COUNTER_PACKETS = 26
ATTR_REPL_COUNTER_PACKETS = 27
ATTR_ORIG_COUNTER_BYTES = 28
ATTR_REPL_COUNTER_BYTES = 29
32 bits (2 GB) sounds small with a gigabyte interface or long uptime (old
connection).
Haypo
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2006-12-29 21:15 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2006-12-29 16:59 New libnetfilter_conntrack API: why two values of layer 3/4? Victor Stinner
2006-12-29 17:06 Victor Stinner
2006-12-29 21:15 ` Pablo Neira Ayuso
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.