Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > On Thu, Dec 10, 2020 at 12:20:22PM +0100, Florian Westphal wrote: > > DESTROY events do not include the remaining timeout. > > > > Unconditionally including the timeout allows to see if the entry timed > > timed out or was removed explicitly. > > > > The latter case can happen when a conntrack gets deleted prematurely, > > e.g. due to a tcp reset, module removal, netdev notifier (nat/masquerade > > device went down), ctnetlink and so on. > > > > Signed-off-by: Florian Westphal <fw@xxxxxxxxx> > > --- > > Might make sense to further extend nf_ct_delete and also pass a > > reason code in the future. > > IIRC, TCP state is not included in the event, right? No, protoinfo is only dumped for non-destroy case. > This has been requested many times in the past, to debug connectivity > issues too. > > Probably extending .to_nlattr to take a bool parameter to specify if > this is the destroy event path, then _only_ include the TCP state > information there (other TCP information is not relevant and netlink > bandwidth is limited from the event path). Sounds reasonable, will send a v2.
