From: Henrik Nordstrom <hno@marasystems.com>
To: Harald Welte <laforge@netfilter.org>
Cc: "David S. Miller" <davem@redhat.com>,
Stephen Lee <mukansai@emailplus.org>, <scott.feldman@intel.com>,
<netfilter-devel@lists.netfilter.org>,
<linux-kernel@vger.kernel.org>
Subject: Re: Extremely slow network with e1000 & ip_conntrack
Date: Thu, 11 Dec 2003 09:25:17 +0100 (CET) [thread overview]
Message-ID: <Pine.LNX.4.44.0312110921540.23401-100000@filer.marasystems.com> (raw)
In-Reply-To: <20031211072608.GF22826@sunbeam.de.gnumonks.org>
On Thu, 11 Dec 2003, Harald Welte wrote:
> yes, this is certainly a problem - but not with conntrack, only with
> nat. So maybe we should add a safeguard, preventing
> iptables_nat/ipchains/ipfwadm from being loaded when TSO on any
> interface is enabled? Or at least print a warining in syslog?
TSO can be enabled while NAT is running so you better do this in the
packet flow or if there is a suitable notifier hook that can be used.
Most firewalls etc load the ruleset before activating the
interfaces, i..e before even loading the nic drivers, so there is no
interfaces to look at when iptables_nat is loaded.
Regards
Henrik
next prev parent reply other threads:[~2003-12-11 8:26 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-12-04 6:51 Extremely slow network with e1000 & ip_conntrack Feldman, Scott
2003-12-04 12:36 ` Stephen Lee
2003-12-04 18:24 ` David S. Miller
2003-12-05 20:45 ` Stephen Lee
2003-12-05 20:28 ` David S. Miller
2003-12-05 22:20 ` Stephen Lee
2003-12-05 22:56 ` David S. Miller
2003-12-11 7:26 ` Harald Welte
2003-12-11 8:25 ` Henrik Nordstrom [this message]
2003-12-11 11:03 ` TSO and netfilter (Re: Extremely slow network with e1000 & ip_conntrack) Harald Welte
2003-12-12 1:41 ` David S. Miller
2003-12-12 7:01 ` Harald Welte
2003-12-12 8:00 ` David S. Miller
-- strict thread matches above, loose matches on Subject: below --
2003-12-04 17:37 Extremely slow network with e1000 & ip_conntrack Feldman, Scott
2003-12-04 18:30 ` David S. Miller
2003-12-04 19:53 ` Stephen Lee
2003-12-04 20:09 ` Jeff Garzik
2003-12-05 13:25 ` Stephen Lee
2003-12-04 20:20 ` David S. Miller
2003-12-04 7:24 Feldman, Scott
[not found] <20031126174943.0AA5.MUKANSAI@emailplus.org>
[not found] ` <20031129042551.A460.MUKANSAI@emailplus.org>
[not found] ` <20031130074532.0105.MUKANSAI@emailplus.org>
2003-11-30 15:52 ` Harald Welte
2003-12-02 11:44 ` Stephen Lee
2003-12-03 5:03 ` David S. Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Pine.LNX.4.44.0312110921540.23401-100000@filer.marasystems.com \
--to=hno@marasystems.com \
--cc=davem@redhat.com \
--cc=laforge@netfilter.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mukansai@emailplus.org \
--cc=netfilter-devel@lists.netfilter.org \
--cc=scott.feldman@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).