Hi, On Tuesday 14 February 2006 18:39, Pasi Kärkkäinen wrote: > "<Gandalf> cap_: the most extreme experience I have is reading > /proc/net/ip_conntrack on a fairly busy router... that really slows > wthings down and packets get dropped because of the slowdown" > > "<Gandalf> and I had an identd daemon wich forwarding support that read > /p/n/ip_conntrack for each incoming ident request... 200ms forwarding > delays and lots of drops each time an ident request came in :)" > > Is that information still valid for the current 2.6 kernels? How about > for 2.4 ? Yes, it's still valid (on both versions). However, on recent 2.6 kernels you can do all kinds of funny things through netlink. An example of what can be done through that interface is the 'conntrack' tool: http://netfilter.org/projects/conntrack/index.html For the API: http://netfilter.org/projects/libnetfilter_conntrack/index.html Please note that both of these is still work in progress, but they're definitely worth a try. -- KOVACS Krisztian