>>That is why I want to set ctmark with iptables (that is listed in >>/proc/net/nf_conntrack).
They are also the "zone" field in /proc/net/nf_conntrack according to https://lwn.net/Articles/370152/ " A zone is simply a numerical identifier associated with a network device that is incorporated into the various hashes and used to distinguish entries in addition to the connection tuples. Additionally it is used to seperate conntrack defragmentation queues. An iptables target for the raw table could be used alternatively to the network device for assigning conntrack entries to zones. " ----- Mail original ----- De: "Dietmar Maurer" <[email protected]> À: "Alexandre DERUMIER" <[email protected]> Cc: [email protected] Envoyé: Samedi 1 Mars 2014 14:17:45 Objet: RE: pvefw: using ctmark to associacte connections to VMs > >>So that we can parse /proc/net/nf_conntrack to list open connections for > a VM. > > I'm not sure, but I think you don't have interfaces listed in nf_conntrack, > only ip src,ip dst. That is why I want to set ctmark with iptables (that is listed in /proc/net/nf_conntrack). _______________________________________________ pve-devel mailing list [email protected] http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
