[pve-devel] pvefw: using ctmark to associacte connections to VMs
Alexandre DERUMIER
aderumier at odiso.com
Sun Mar 2 18:09:51 CET 2014
>>Bu t i just noticed that we need 2 different marks, because we can traffic
>>from VM1 to VM2. So we need 2 marks/zones?
Yes, in 1line conntrack line, you have in/out. not sure how to implemented that, as they are only 1 mark or 1 zone field.
----- Mail original -----
De: "Dietmar Maurer" <dietmar at proxmox.com>
À: "Alexandre DERUMIER" <aderumier at odiso.com>
Cc: pve-devel at pve.proxmox.com
Envoyé: Dimanche 2 Mars 2014 09:07:19
Objet: RE: [pve-devel] pvefw: using ctmark to associacte connections to VMs
Thanks for that link.
Bu t i just noticed that we need 2 different marks, because we can traffic
from VM1 to VM2. So we need 2 marks/zones?
> http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5
> d0aa2ccd4699a01cfdf14886191c249d7b45a01
>
> netfilter: nf_conntrack: add support for "conntrack zones"
> Normally, each connection needs a unique identity. Conntrack zones allow
> to specify a numerical zone using the CT target, connections in different
> zones can use the same identity.
More information about the pve-devel
mailing list