Eric Leblond wrote: > This patch is a port to the new libnetfilter_conntrack API of the NFCT > plugin. To be able to send IP addresses to the IP2STR and IP2BIN module > oob.family and oob.protocol keys have been added. Applied, thanks. A patch on top of it to break lines at 80 columns would be great. > There is only a single function which is marked as deprecated. This is > nfct_dump_conntrack_table_reset_counters. This function is used to dump > periodically counters. By default, this feature is not used. IMHO we could > suppress this code and use conntrackd for similar tasks. As the counters are 32 bits, we can store 64 bits counters in userspace and periodically dump-and-reset the counters. Thus, we ensure that the probability of an overflow is low while using little memory in kernel space. We think that we should fix this in ulogd. The problem that I see, not directly related with this, is that if ulogd does this counter-and-reset, it may break other existing application polling to obtain the counters. Probably we need a netlink event to notify to all processes that the counters have been reset. -- "Los honestos son inadaptados sociales" -- Les Luthiers -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
