Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > On Wed, Jan 18, 2017 at 03:54:32PM +0100, Florian Westphal wrote: > > destroy events currently don't contain the tcp state info and no > > secmark and conntrack labels. > > > > Quoting Victor: > > "I was hoping to get the last TCP state in a conntrack destroy event, > > however it seems to be unavailable." > > > > Quoting Jarno: > > "I have a use case where we want to log terminating connections, but > > only if a specific label bit is set." > > > > While at it, also include SECMARK in destroy events if one is available. > > I'm fine with this. > > But to remember the original problem is that netlink bandwidth is > limited, so the more we load the netlink message, the more chances we > have to hit ENOBUFS. > > connlabel is optional, so you only get it if needed. Yes, and only if there was a label change or at least one label bit is set. > But the protoinfo thing, I would prefer we just dump the state given > this the usecase we have now. > > Probably extend ->to_nlattr() to have a bool that indicates if this is > a dump? Could do that by it only avoids 4 attributes (so we only save 32bytes per message). If you still think its worth it I'll resend a v2 without the dump change and will send do a followup change that flags the requested event dump to the protocol backend. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
