Michael Tokarev wrote: > Patrick McHardy wrote: >> How are you going to log the data of a connection thats removed >> from the conntrack tables without using netlink? If you're using >> netlink, you can generate a time stamp when you receive a NEW >> event. > > In case either "new" or "remove" event is missing now, that connection > can't be logged properly, because we don't see some part of the > info in either of the two cases. > > For nowadays tools, in case we've seen "new" but not "remove" event, > that connection will be in our hash table sorta forever (ok, till > restart). Which is, I think, worse than not logging it at all (it > will not be logged anyway). > > Basically, I don't see such a case (lost "remove" event) as valid. I have a couple of patches here that I'm still working on it here to avoid "remove" event loss. It should be ready for review once the nf-next-2.6 tree is open. To know when a flow starts and avoid the problem of "new" event loss. I think that we can still add a conntrack extension to store the start time. I think that's enough, right? -- "Los honestos son inadaptados sociales" -- Les Luthiers -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
