I'd like to write a long-running program that regularly reports
statistics on conntrack usage (total number of connections, number of
NATs, etc...). To do this, the program needs to start up, grab the
current state of the table, and be informed of updates.
This presents a problem. You can't pass conntrack -L -E together.
So either:
a: I run "conntrack -L", then watch "conntrack -E", with the inherent
race condition inbetween where state might change while I'm not
looking
or
b: I start watching "conntrack -E", then run "conntrack -L", with more
subtle race conditions involved in the fact that I might get events
from the -E command which set the state I've already seen by the -L
list; so having to filter those out somehow.
Is there any alternative to this; can I atomically get the current
table, and watch for updates to it? If not I guess I'll have to go for
a careful implementation of case b- start watching, scrape the current
table, and be prepared for "DELETE" or "UPDATE" events to touch items
in the table I don't yet know about, or "NEW" or "UPDATE" events to set
state that I've now already seen... tricky indeed...
--
Paul Evans <paul@xxxxxxxxxxxxx>
Tel: +44 (0) 845 666 7778
Fax: +44 (0) 870 163 4694
http://www.mxtelecom.com
Attachment:
signature.asc
Description: PGP signature
