With recent addition of clash resolution the 'insert_failed' counter has
become confusing. Depending on wheter clash resolution is successful,
insert_failed increments or both insert_failed and drop increment.
Example (conntrack -S):
[..] insert_failed=15 drop=0 [..] search_restart=268
This means clash resolution worked and the insert_failed increase is harmeless.
In case drop is non-zero, things become murky.
It would be better to have a dedicated counter that only increments when
clash resolution is successful.
This series revisits conntrack statistics. Counters that do not
indicate an error or reside in fast-paths are removed.
With patched kernel and conntrack tool, output looks similar to this
during a 'clash resolve' stress test:
[..] insert_failed=9 drop=9 [..] search_restart=123 clash_resolve=3675
Florian Westphal (4):
netfilter: conntrack: do not increment two error counters at same time
netfilter: conntrack: remove ignore stats
netfilter: conntrack: add clash resolution stat counter
netfilter: conntrack: remove unneeded nf_ct_put
include/linux/netfilter/nf_conntrack_common.h | 2 -
include/uapi/linux/netfilter/nfnetlink_conntrack.h | 3 +-
net/netfilter/nf_conntrack_core.c | 25 ++++++++-------------
net/netfilter/nf_conntrack_netlink.c | 5 ++--
net/netfilter/nf_conntrack_standalone.c | 4 +--
5 files changed, 18 insertions(+), 21 deletions(-)
