Hi Patrick!
This is the second part of the updates for the conntrack event
subsystem. These patches are built on top of the previous patchset.
They basically consists of a re-work of the conntrack event cache to
switch from per-cpu to the conntrack extension infrastructure that is
required by the optional reliable event delivery.
Basically, the idea consists of accumulating undelivered events in
the per-conntrack cache to allow another try once the next packet
hits the conntrack entry. We may keep losing events but, at worst
case, we make sure that destroy events are delivered.
Feedback welcome.
---
Pablo Neira Ayuso (2):
netfilter: conntrack: optional reliable conntrack event delivery
netfilter: conntrack: move event cache to conntrack extension infrastructure
include/net/netfilter/nf_conntrack.h | 2
include/net/netfilter/nf_conntrack_core.h | 6 +
include/net/netfilter/nf_conntrack_ecache.h | 156 ++++++++++++--------
include/net/netfilter/nf_conntrack_extend.h | 2
include/net/netfilter/nf_conntrack_helper.h | 2
include/net/netns/conntrack.h | 7 +
net/netfilter/nf_conntrack_core.c | 106 ++++++++++---
net/netfilter/nf_conntrack_ecache.c | 215 ++++++++++++++++++---------
net/netfilter/nf_conntrack_helper.c | 15 ++
net/netfilter/nf_conntrack_netlink.c | 90 +++++++----
10 files changed, 403 insertions(+), 198 deletions(-)
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
