On Sun, Sep 11, 2016 at 10:55:53PM +0200, Florian Westphal wrote: > These counters sit in hot path and do show up in perf, this is especially > true for 'found' and 'searched' which get incremented for every packet > processed. > > Information like > > searched=212030105 > new=623431 > found=333613 > delete=623327 > > does not seem too helpful nowadays: > > - on busy systems found and searched will overflow every few hours > (these are 32bit integers), other more busy ones every few days. > > - for debugging there are better methods, such as iptables' trace target, > the conntrack log sysctls. Nowadays we also have perf tool. > > This removes packet path stat counters except those that > are expected to be 0 (or close to 0) on a normal system, e.g. > 'insert_failed' (race happened) or 'invalid' (proto tracker rejects). > > The insert stat is retained for the ctnetlink case. > The found stat is retained for the tuple-is-taken check when NAT has to > determine if it needs to pick a different source address. Applied, thanks. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
