Pablo Neira Ayuso wrote:
Pablo Neira Ayuso wrote:
Patrick McHardy wrote:
Pablo Neira Ayuso wrote:
Patrick McHardy wrote:
Eric Leblond wrote:
The following feature was submitted some months ago. It forces the dump
of mark during the connection destruction event. The induced load is
quiet small and the patch is usefull to provide an easy way to filter
event on user side without having to keep an hash in userspace.
This new version is against 2.6.24 git tree.
It clashed with some changes I had queued locally, but I fixed it
up and applied it. Thanks Eric.
Please, hold it on. I don't see the point of consuming 8 extra byte in
every extra destroy message. You have tons of resources in userspace to
implement whatever performance structure to store the conntrackd but we
do have limited bandwidth in netlink. Instead we may dump the id but I
don't support this option either.
I agree with Eric, its a useful option for avoiding overhead in
userspace, and what counts in the end is the accumulated overhead
of both kernel and userspace. If userspace can avoid dealing with
tuples and complicated bookkeeping it can read messages faster,
thus avoiding recv-queue overflows.
Then, dump the id but not the mark if he wants to identify a conntrack.
BTW, why just dump the id/mark in the destroy message? One may want to
identify the conntrack in new and update messages as well. IMO, this
patch also introduces an inconsistency.
Its sent in all messages now if its non-zero.
-
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
