On Tue, Feb 14, 2006 at 08:51:04PM +0100, KOVACS Krisztian wrote: > > Hi, > > On Tuesday 14 February 2006 18:39, Pasi Kärkkäinen wrote: > > "<Gandalf> cap_: the most extreme experience I have is reading > > /proc/net/ip_conntrack on a fairly busy router... that really slows > > wthings down and packets get dropped because of the slowdown" > > > > "<Gandalf> and I had an identd daemon wich forwarding support that read > > /p/n/ip_conntrack for each incoming ident request... 200ms forwarding > > delays and lots of drops each time an ident request came in :)" > > > > Is that information still valid for the current 2.6 kernels? How about > > for 2.4 ? > > Yes, it's still valid (on both versions). However, on recent 2.6 kernels > you can do all kinds of funny things through netlink. An example of what > can be done through that interface is the 'conntrack' tool: > > http://netfilter.org/projects/conntrack/index.html > > For the API: > > http://netfilter.org/projects/libnetfilter_conntrack/index.html > > Please note that both of these is still work in progress, but they're > definitely worth a try. > OK, Thanks for the info! I suppose 'conntrack' tool does not block the whole netfilter like reading /proc/net/ip_conntrack .. -- Pasi
