Hi Kevin,
On Thu, Sep 08, 2016 at 03:02:13PM -0700, Kevin Cernekee wrote:
> On Thu, Sep 1, 2016 at 4:47 PM, Kevin Cernekee <cernekee@xxxxxxxxxxxx> wrote:
> > The patch that I sent out last night is able to handle scenarios in
> > which the event occurs shortly after the subscription is established.
> > But in my testing I am noticing two other problems:
> >
> > 1) Approximately two minutes after the subscription is set up, the
> > expectation abruptly disappears. This even happens if I set the
> > timeout to 3600; it shows up in `conntrack -L expect` until the time
> > column drops to ~3480, then it is gone. This may be caused by the
> > master conntrack expiring. Is there a way to set up the expectation
> > so that it persists for the entire timeout period?
Yes, the expectation goes away if the master is gone. You can set a
larger timeout for the master using -j CT --timeout timeout-policy and
the cttimeout infrastructure.
You have to set the helper and the timeout in one go, ie.
-j CT --helper ssdp --timeout xyz
> > 2) The timeout is not extended when there is activity on the
> > expectation. It would be good if it was extended any time there is
> > new activity, in order to support long-lived subscriptions.
Actually, I thought permanent expectation has no timeout, but looking
at the code it seems they do. I think it makes sense to refresh it or
to keep it fixed, given that this depends on the master, it will just
go away once the master is not there anymore.
> Friendly ping...
>
> Do you think I'm on the right track with this approach, and if so,
> what is the best way to establish long-lived expectations for UPnP?
Yes, although I didn't look your code in deep, but I think you're on
the right track.
BTW, you may also want to explore enabling zero-copy in conntrackd
userspace helper (Eric Dumazet made a patch for nfqueue in 2013).
And you may need to cherry-pick b18bcb0019c to resolve an embarrasing
leak. Fell free to submit this to -stable and keep me on Cc.
Thanks!
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
