Pablo Neira Ayuso wrote:
* CT_EVENTS is a duplicated flags, already exists NFCT_ALL_CT_GROUPS
I've already queued a patch for that, I'll send that later.
* This patch arbitrarily disables loopback logging, this must be an option
I totally agree on that. My plan is to provide a filtering capability as generic as possible later on.
* Default hashtable size reduced to 512, why?
You are still talking about the ulogd-NFCT-plugin.diff, right? Please comment on the version as it is at the end of the patchset.
* This patch checks if every conntrack exists in the kernel every N seconds to handle overruns. Instead, why doesn't it wait for ENOBUFS in the recv buffer and, then try to resync to kernel?
This is one of the future improvements I've only queued locally. As this isn't critical I suggest to wait for that.
* Where is the NLMSG_OVERRUN flag used in the netlink code?
When the point above is implemented.
* ct_hash_find_seq is O(n). Overruns sometimes happen because the CPU reaches 100% consumption, so if it can't backoff, this function won't help that much in those cases.
[ULOGD RFC 15/30] NFCT: add sequence cache That patch was provided exactly to solve that issue.
An observation, the asynchronous nature of the ulogd timers keep this hard since the timer callback can be called while accessing whatever section of code. I think that the way to go is to use select and implement time-slicing.
Either I didn't understand your point or you totally missed what the 'synchronous signal handlers' are all about.
/holger - To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
