Fabian Hugelshofer wrote:
Patrick McHardy wrote:
patch1: export ct->status on all conntrack events
patch2: set SEEN_REPLY before destroying a conntrack on TCP RST
patch3: new status flag SEEN_RELATED
I can't imagine other uses for this than the one you described,
especially for 2 and 3. Patch 3 also adds code in a hot path,
so unless someone can present good arguments in favour of these
patches, I don't really want to apply them.
This is what I had expected. Especially for patch 3 I know that it's
very unlikely to be integrated because of its limited use and the
changes it makes.
For not exporting the connection status on a destroy event I see no
reason. The information is there and should be exported. Might also be
interesting to have the EXPECTED or ASSURED flags.
Yes, that one I'm fine with.
Then there is this thing with the TCP RST. I think, that the event data
should be accurate. If the status is returned (with patch 1), then it
should have the SEEN_REPLY flag set. Another issue is that the
accounting counters are not updated. IMHO this should be done as well
(is not in my patches).
Fully agreed about the counters. About the SEEN_REPLY bit - that
depends on how you define its meaning. So far its only set if
a valid reply for the connection is seen - which a RST isn't.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html