Fabian Hugelshofer wrote:
Hi, I plan to use netfilter conntrack events to count the number of connections which timed out without having received a reply. To make this as efficient as possible I only want to monitor destroy events. I have noticed three issues with that and wrote patches to solve them. They follow in separate mails. Please let me know what you think about them and if they could be useful for other people as well. patch1: export ct->status on all conntrack events patch2: set SEEN_REPLY before destroying a conntrack on TCP RST patch3: new status flag SEEN_RELATED
I can't imagine other uses for this than the one you described, especially for 2 and 3. Patch 3 also adds code in a hot path, so unless someone can present good arguments in favour of these patches, I don't really want to apply them. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
