On Fri, Nov 22, 2019 at 03:39:16PM -0500, Aaron Conole wrote:
> Marcelo Ricardo Leitner writes:
>
> > On Mon, Nov 18, 2019 at 04:21:39PM -0500, Aaron Conole wrote:
> >> Marcelo Ricardo Leitner writes:
> >>
> >> > On Fri, Nov 08, 2019 at 04:07:14PM -0500, Aaron Conole wrote:
> >> >> The act_ct T
Marcelo Ricardo Leitner writes:
> On Mon, Nov 18, 2019 at 04:21:39PM -0500, Aaron Conole wrote:
>> Marcelo Ricardo Leitner writes:
>>
>> > On Fri, Nov 08, 2019 at 04:07:14PM -0500, Aaron Conole wrote:
>> >> The act_ct TC module shares a common conntrack and NAT infrastructure
>> >> exposed via
On Mon, Nov 18, 2019 at 04:21:39PM -0500, Aaron Conole wrote:
> Marcelo Ricardo Leitner writes:
>
> > On Fri, Nov 08, 2019 at 04:07:14PM -0500, Aaron Conole wrote:
> >> The act_ct TC module shares a common conntrack and NAT infrastructure
> >> exposed via netfilter. It's possible that a packet n
Paul Blakey writes:
> On 11/14/2019 4:22 PM, Roi Dayan wrote:
>>
>> On 2019-11-08 11:07 PM, Aaron Conole wrote:
>>> The act_ct TC module shares a common conntrack and NAT infrastructure
>>> exposed via netfilter. It's possible that a packet needs both SNAT and
>>> DNAT manipulation, due to e.g.
Marcelo Ricardo Leitner writes:
> On Fri, Nov 08, 2019 at 04:07:14PM -0500, Aaron Conole wrote:
>> The act_ct TC module shares a common conntrack and NAT infrastructure
>> exposed via netfilter. It's possible that a packet needs both SNAT and
>> DNAT manipulation, due to e.g. tuple collision. N
On Fri, Nov 08, 2019 at 04:07:14PM -0500, Aaron Conole wrote:
> The act_ct TC module shares a common conntrack and NAT infrastructure
> exposed via netfilter. It's possible that a packet needs both SNAT and
> DNAT manipulation, due to e.g. tuple collision. Netfilter can support
> this because it
On 11/14/2019 4:22 PM, Roi Dayan wrote:
>
> On 2019-11-08 11:07 PM, Aaron Conole wrote:
>> The act_ct TC module shares a common conntrack and NAT infrastructure
>> exposed via netfilter. It's possible that a packet needs both SNAT and
>> DNAT manipulation, due to e.g. tuple collision. Netfilter c
On 2019-11-08 11:07 PM, Aaron Conole wrote:
> The act_ct TC module shares a common conntrack and NAT infrastructure
> exposed via netfilter. It's possible that a packet needs both SNAT and
> DNAT manipulation, due to e.g. tuple collision. Netfilter can support
> this because it runs through th
The act_ct TC module shares a common conntrack and NAT infrastructure
exposed via netfilter. It's possible that a packet needs both SNAT and
DNAT manipulation, due to e.g. tuple collision. Netfilter can support
this because it runs through the NAT table twice - once on ingress and
again after egr