Re: [PATCH nf-next v2] netfilter: conntrack: collect start time as early as possible

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote:
> I'd suggest to add timestamping support to the trace infrastructure
> for this purpose so you can collect more accurate numbers of chain
> traversal, this can be hidden under static_key.

Another problem with that idea is that I am building an observability tool,
so I can't modify/insert any rules, because someone else manages them.
When using conntrack events, the only change I need is enabling
nf_conntrack_timestamp.

On Mon, 4 Nov 2024 at 10:39, Florian Westphal <fw@xxxxxxxxx> wrote:
>
> Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote:
> > I'd suggest to add timestamping support to the trace infrastructure
> > for this purpose so you can collect more accurate numbers of chain
> > traversal, this can be hidden under static_key.
>
> This might work for nft and iptables-nft, but not for iptables-legacy
> (not sure its a requirement) or OVS.




[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux