On Wed, Jan 18, 2017 at 03:54:32PM +0100, Florian Westphal wrote: > destroy events currently don't contain the tcp state info and no > secmark and conntrack labels. > > Quoting Victor: > "I was hoping to get the last TCP state in a conntrack destroy event, > however it seems to be unavailable." > > Quoting Jarno: > "I have a use case where we want to log terminating connections, but > only if a specific label bit is set." > > While at it, also include SECMARK in destroy events if one is available. I'm fine with this. But to remember the original problem is that netlink bandwidth is limited, so the more we load the netlink message, the more chances we have to hit ENOBUFS. connlabel is optional, so you only get it if needed. But the protoinfo thing, I would prefer we just dump the state given this the usecase we have now. Probably extend ->to_nlattr() to have a bool that indicates if this is a dump? -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
