On Thu, 8 Aug 2013 08:22:55 +0200 Patrick McHardy <kaber@xxxxxxxxx> wrote: > On Wed, Aug 07, 2013 at 10:56:03PM +0200, Patrick McHardy wrote: > > On Wed, Aug 07, 2013 at 10:26:00PM +0200, Jesper Dangaard Brouer wrote: > > > On Wed, 7 Aug 2013 19:42:49 +0200 > > > Patrick McHardy <kaber@xxxxxxxxx> wrote: > > > > > > Besides when using net->proc_net_stat, then the first entry is usually > > > "entries" which is not percpu, this will likely confusing the tool: > > > lnstat -f synproxy -c 42 > > > > I'll look into that. > > Ok right, the first field must contains something that is not per-CPU. > Unfortunately I don't have anything to put there and I really don't want > to keep any global state. The two possibilities I see are: > > - a dummy field > - the number of proxied connections, but not using a global counter but > gathered by iterating over the entire conntrack hash. > > Any opinions? Well, I would of cause be nice to have some "entries" counter, e.g. listing the number of active conntrack entries created by the SYNPROXY target, but I don't think it's possible to identify those conntrack entries, right. So, I think it would be okay with just a dummy "entries" field which is always zero. -- Best regards, Jesper Dangaard Brouer MSc.CS, Sr. Network Kernel Developer at Red Hat Author of http://www.iptv-analyzer.org LinkedIn: http://www.linkedin.com/in/brouer -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html