Ok, thanks a lot. On Sun, May 26, 2013 at 4:42 PM, Florian Westphal <fw@xxxxxxxxx> wrote: > Alex Maltinsky <maltalex@xxxxxxxxx> wrote: >> The system I'm dealing often has traffic spikes that cause NFQ packet >> drops. So I can't put a counter in userspace because it would miss >> dropped packets. Counting dropped packets (as a percentage of the >> total number of packets) is the main reason why I'm trying to get the >> correct number of packets sent to the NFQ in the first place... > > As i said, there is no kernel counter that increments per-packet > delivery, except the queue packet id, which is only 32bit (and this > cannot be changed). > > You could use the iptables rule count of your 'NFQUEUE' rules, > though since these will increment for every packet (and they're 64bit). -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
