| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 24 May 2014 16:44:03 +0200 From: Richard Weinberger <richard.weinberger@...il.com> To: Jamal Hadi Salim <jhs@...atatu.com> Cc: Niels Möller <nisse@...thpole.se>, "netdev@...r.kernel.org" <netdev@...r.kernel.org>, Jonas Bonn <jonas@...thpole.se> Subject: Re: What's the right way to use a *large* number of source addresses? On Sat, May 24, 2014 at 1:58 PM, Jamal Hadi Salim <jhs@...atatu.com> wrote: > On 05/23/14 05:38, Niels Möller wrote: >> >> Hi, >> > > >> Main drawback of using NAT is the overhead for connection tracking; >> it would be preferable if the only per-connection state needed is the >> socket itself. >> > > If stateless nat is sufficient take a look at tc nat. How to use this? My tc's manpage does not know anything about nat. Maybe I'm mistaken but IIRC all non-netfilter nat code has been removed. -- Thanks, //richard -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists