Hi Pablo, > I like patches 1/3 and 2/3, they are nice cleanups. thanks for looking into this. > If you only set indev/outdev once we can skip the conntrack extension > by passing the skb to nf_ct_deliver_cached_events and include this > information in the conntrack events. That would not allow to dump the > device from conntrack dumps though. I still have concerns with this > approach as this doesn't seem to cover the scenario in which the > in/outdev changes. I know that doing it this simiple way is only "best effort", as e. g. with IP multipathing or 802.3ad this information is not % correct in all cases. And the question we have to answer is whether this interface information *has* to be correct in every case, even the less commonly used cases. For IPFIX I would answer this question with a 'no'. And we can later extend this to update the interface information correctly in every case. It's only a few patches away. /Holger -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
