Yes, it should work, at least for tcp. (I'm not sure it's working for udp ?)
about nf_conntrack, I think we should also tune /sbin/sysctl -w net.netfilter.nf_conntrack_max (maybe around 200000 ? or dynamic value with number of vms ?) to avoid this kind of messages for high number of guest and high number of connections vms " nf_conntrack: table full, dropping packet." ----- Mail original ----- De: "Dietmar Maurer" <[email protected]> À: [email protected], "Alexandre DERUMIER ([email protected])" <[email protected]> Envoyé: Vendredi 28 Février 2014 18:46:54 Objet: pvefw: using ctmark to associacte connections to VMs I wonder if we can use ctmark to associate connections with VMs? So that we can parse /proc/net/nf_conntrack to list open connections for a VM. Is that reasonable, or are there some hidden disadvantages? Or are there other ways to do that? _______________________________________________ pve-devel mailing list [email protected] http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
