On Thu, Dec 10, 2020 at 12:20:22PM +0100, Florian Westphal wrote: > DESTROY events do not include the remaining timeout. > > Unconditionally including the timeout allows to see if the entry timed > timed out or was removed explicitly. > > The latter case can happen when a conntrack gets deleted prematurely, > e.g. due to a tcp reset, module removal, netdev notifier (nat/masquerade > device went down), ctnetlink and so on. > > Signed-off-by: Florian Westphal <fw@xxxxxxxxx> > --- > Might make sense to further extend nf_ct_delete and also pass a > reason code in the future. IIRC, TCP state is not included in the event, right? This has been requested many times in the past, to debug connectivity issues too. Probably extending .to_nlattr to take a bool parameter to specify if this is the destroy event path, then _only_ include the TCP state information there (other TCP information is not relevant and netlink bandwidth is limited from the event path). Thanks.
