Re: [PATCH] Runtime interception method switch

To: LVS Devel <lvs-devel@xxxxxxxxxxxxxxx>
Subject: Re: [PATCH] Runtime interception method switch
From: Raphael Vallazza <raphael@xxxxxxxxxx>
Date: Wed, 16 Jan 2008 12:28:21 +0100
I've added the documentation for the input_hook switch, and attached both patches for net-2.6.25 (i hope the mailer doesn't mess up things this time :).


Attachment: 0001-IPVS-Add-choice-for-connection-interception-method.patch
Description: Binary data

Attachment: 0002-IPVS-Runtime-interception-method-switch.patch
Description: Binary data

Am 16.01.2008 um 12:16 schrieb Janusz Krzysztofik:

Simon Horman wrote:
On Tue, Jan 15, 2008 at 05:13:14AM -0800, Joseph Mack NA3T wrote:
What side effects might there be? Are they worse than not being able to NAT packets emerging from a director?
I'm not sure, and thats what concerns me.
For starters could we clarify that the patch in question is the
following one by Janusz Krzysztofik?
Also can I clarify that the aim is to be able to SNAT LVS-DR
connections ...


I can confirm what I have already said before: this patch works for me (now for over two years) without any unexpected side effects. The only side effect I can see is that all LVS-DR incoming packets go through conntrack, even if you do not intend to SNAT them. That could present excessive load on ancient hardware, but one can just unload conntrack modules, or turn connection tracking off for specific traffic with PREROUTING raw hook rules. However, I think this patch should be considered, if at all, as a temporary solution.


PS. I am still busy with a different project, but subscribed to lvs- devel.
To unsubscribe from this list: send the line "unsubscribe lvs-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at


:: e n d i a n
:: open source - open minds

:: raphael vallazza
:: phone +39 0471 631763  :: fax +39 0471 631764
::  :: raphael (AT)

<Prev in Thread] Current Thread [Next in Thread>