Re: [PATCH] Accounting rework: ct_extend + 64bit counters

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Krzysztof Oledzki wrote:
Mhh good point :) I was thinking of calling it from the raw table,
but of course we don't have a conntrack at that point. So the
information would have to be propagated from the raw table somehow.
Maybe something like the untracked conntrack? IIRC someone posted
a patch for something similar (propagation of parameters to helpers)
some time ago.

OK, I'll look at this. Can we push the current version (plus discussed changes) now and tag if for 2.6.27 and try to solve above problem later (2.6.28)?

I would prefer to see a final solution before pushing
it upstream. Having it only implemented half-way forces
an additional allocation on everyone (even those not
even compiling the feature in now) for now gain.

Do you mean an iptables target (-j ...)? IMHO a kernel/module option plus a sysctl/sysfs interface should be enough.

Having it controlled through an iptables target would be preferrable
because you can then do selective accounting.

OK, but this will make everything slower and may be often unnecessary, so I still think that setting a default mode should be possible. It is something like "iptables -P", BTW.

I'm guessing the allocation is where the real cost is,
but I'm not opposed to a default (that will get changed
to off after some period).
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux