On Tue, 26 Jan 2010, Patrick McHardy wrote: > Pablo Neira Ayuso wrote: > >> - Patch 3 adds selective conntrack event delivery by adding two masks > >> for conntrack and expectation events to struct nf_conntrack_ecache, > >> which are used to filter out events. > > > > This feature is something that I wanted since time ago. We can reduce > > the CPU consumption by reducing the amount of events. This is > > particularly good for ulogd2 and conntrackd. > > > > My experiments showed that the BSF-based filtering does not provide any > > significant gain from filtering Netlink message in user-space. The > > problem is that we have to spend cycles building the message which seems > > to be costly. > > > > AFAICS, this approach has one minor threat since it applies to all > > processes (I'm sure you're aware of it). I'm fine with this anyway, but > > maybe we should think of some way to make it per-process at some point? > > Some netlink unicast-based reporting similar to what NFLOG and NFQUEUE > > would solve this issue although they are implementing multicast over > > netlink unicast. > > The question is whether that would really reduce overhead > since we'd like would have to construct messages multiple > times ourselves in that case. But yes, it might help. I think the current way is one of the best: the interesting events are selected by CT, sent to userspace and the userspace processes pick the ones they are interested in. Or do I miss something? Best regards, Jozsef - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlec@xxxxxxxxxxxx PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : KFKI Research Institute for Particle and Nuclear Physics H-1525 Budapest 114, POB. 49, Hungary -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
