Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > I'd suggest to add timestamping support to the trace infrastructure > for this purpose so you can collect more accurate numbers of chain > traversal, this can be hidden under static_key. Another problem with that idea is that I am building an observability tool, so I can't modify/insert any rules, because someone else manages them. When using conntrack events, the only change I need is enabling nf_conntrack_timestamp. On Mon, 4 Nov 2024 at 10:39, Florian Westphal <fw@xxxxxxxxx> wrote: > > Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > > I'd suggest to add timestamping support to the trace infrastructure > > for this purpose so you can collect more accurate numbers of chain > > traversal, this can be hidden under static_key. > > This might work for nft and iptables-nft, but not for iptables-legacy > (not sure its a requirement) or OVS.