From: Wang Jian <lark@linux.net.cn>
To: Amin Azez <azez@ufomechanic.net>
Cc: netfilter-devel@lists.netfilter.org, Pablo Neira <pablo@eurodev.net>
Subject: Re: conntrack session information
Date: Wed, 20 Apr 2005 21:35:43 +0800 [thread overview]
Message-ID: <20050420213357.03AF.LARK@linux.net.cn> (raw)
In-Reply-To: <426646E2.5040504@ufomechanic.net>
Hi Amin Azez,
It is most easy to use an unique id which will not wrap for quite
sometime, but I think the overhead (size) is too much.
The alternative way to do it is just adding protocol information to
every event message, so the tuple of conntrack is complete. The tuple
will not duplicate during its lifetime, am I wrong? This is enough to
build up the whole session. I assume that two conntracks using the same
tuple are always perfect serialized, in the NEW, DESTROY, NEW, DESTROY
order, not in NEW, NEW, DESTROY, DESTORY order.
If you are using a sql database to store the session, it is easy. If you
are not using sql database, you have to do a little more work but not
big deal.
The tricky issue when building session is that DESTORY message gets lost.
This troubles unique id way as well as tuple way.
On Wed, 20 Apr 2005 13:11:14 +0100, Amin Azez <azez@ufomechanic.net> wrote:
>
> Wang Jian wrote:
> > There is problem to create whole sessions record from events. event
> > messages should carry necessary information for correlation
>
> I'm proposing that we base this session id on a 64 bit counter.
> I will also want to adjust conntrack to record the system time at which
> the conntrack was created anyway.
>
> If we also associate with this a serial number, the chances "in normal
> use" that the counter will wrap around with the same system time are
> miniscule.
>
> For most purposes the connection serial number is unique, but the
> associated timestamp makes it historically unique.
>
> Final question, I suppose that ip_conntrack.master references will cause
> the master conntrack (of related conntracks) to hang around until the
> related conntracks have been deleted? Thus, the netlink stuff can report
> the id of the master conntrack when it reports other conntrack info.
>
> Does this sound reasonable to folk? Is this too much overheard per
> conntrack? What bottlenecks are there?
>
> Maybe it would require a cross-cpu counter with serialized access. Is
> there a standard kernel form for this, or do we use spinlocked structs
> or something? Or is a per-cpu counter preferred, combined with a CPU-id?
>
> Amin
>
--
lark
next prev parent reply other threads:[~2005-04-20 13:35 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-04-18 9:38 conntrack-tool core dumps Wang Jian
2005-04-18 15:35 ` Amin Azez
2005-04-18 17:03 ` Wang Jian
2005-04-20 12:11 ` conntrack session information Amin Azez
2005-04-20 13:35 ` Wang Jian [this message]
2005-04-20 13:50 ` Amin Azez
2005-04-20 14:18 ` Wang Jian
2005-04-20 13:52 ` Amin Azez
2005-04-19 10:44 ` conntrack-tool core dumps Pablo Neira
2005-04-19 12:29 ` Wang Jian
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20050420213357.03AF.LARK@linux.net.cn \
--to=lark@linux.net.cn \
--cc=azez@ufomechanic.net \
--cc=netfilter-devel@lists.netfilter.org \
--cc=pablo@eurodev.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.