Am 16.03.2015 um 14:11 schrieb Pablo Neira Ayuso: > On Fri, Mar 13, 2015 at 03:22:07PM +0100, Richard Weinberger wrote: >> Am 13.03.2015 um 14:53 schrieb Pablo Neira Ayuso: >>>> You mean statistics via netlink attributes? I can add that! >>> >>> Add a new NFQNL_CFG_CMD_STATS command to request the statistics. If >>> NLM_F_DUMP is set, then we'll basically provide the full list of >>> instances. Otherwise, in case you want to retrieve stats for a >>> specific netlink socket, you can use the netlink portID as index. >>> And you'll have to add attributes for this new command, yes. >> >> This was my plan. Thanks for the pointer! > > It would be great if you can contribute this new interface. FYI, it is still on my TODO. I fear I won't find the time to do a patch for the upcoming merge window and it has to wait for v4.2. >>>> But I think we should also fix the format string of the proc file >>>> as the fix is easy and non-intrusive. >>> >>> Unfortunately we don't know how many people are relying on that >>> output, I prefer to remain conservative and provide a proper netlink >>> interface for this. >> >> I understand your concerns but an application which is able to parse positive >> and negative numbers can also parse pure positives. >> Just made a small test application, glibc's %d in sscanf() can also deal with UINT_MAX. >> And I don't expect that applications to check whether the returned values from >> /proc/net/netfilter/nfnetlink_queue are between INT_MIN and INT_MAX. >> >> That said, I'd have assumed that an user would report negative values as plain kernel bug. > > Makes sense, please fix net/netfilter/nfnetlink_log.c too. Patches sent! :) Thanks, //richard -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html