From: Jesper Dangaard Brouer <jbrouer@redhat.com>
To: Patrick McHardy <kaber@trash.net>
Cc: pablo@netfilter.org, netfilter-devel@vger.kernel.org,
netdev@vger.kernel.org, mph@one.com, as@one.com
Subject: Re: [PATCH 3/5] netfilter: add SYNPROXY core/target
Date: Thu, 8 Aug 2013 17:07:10 +0200 [thread overview]
Message-ID: <20130808170710.28394af9@redhat.com> (raw)
In-Reply-To: <20130808062255.GB24450@macbook.localnet>
On Thu, 8 Aug 2013 08:22:55 +0200
Patrick McHardy <kaber@trash.net> wrote:
> On Wed, Aug 07, 2013 at 10:56:03PM +0200, Patrick McHardy wrote:
> > On Wed, Aug 07, 2013 at 10:26:00PM +0200, Jesper Dangaard Brouer wrote:
> > > On Wed, 7 Aug 2013 19:42:49 +0200
> > > Patrick McHardy <kaber@trash.net> wrote:
> > >
> > > Besides when using net->proc_net_stat, then the first entry is usually
> > > "entries" which is not percpu, this will likely confusing the tool:
> > > lnstat -f synproxy -c 42
> >
> > I'll look into that.
>
> Ok right, the first field must contains something that is not per-CPU.
> Unfortunately I don't have anything to put there and I really don't want
> to keep any global state. The two possibilities I see are:
>
> - a dummy field
> - the number of proxied connections, but not using a global counter but
> gathered by iterating over the entire conntrack hash.
>
> Any opinions?
Well, I would of cause be nice to have some "entries" counter, e.g.
listing the number of active conntrack entries created by the SYNPROXY
target, but I don't think it's possible to identify those conntrack
entries, right.
So, I think it would be okay with just a dummy "entries" field which is
always zero.
--
Best regards,
Jesper Dangaard Brouer
MSc.CS, Sr. Network Kernel Developer at Red Hat
Author of http://www.iptv-analyzer.org
LinkedIn: http://www.linkedin.com/in/brouer
next prev parent reply other threads:[~2013-08-08 15:07 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-08-07 17:42 [PATCH RFC 0/5] netfilter: implement netfilter SYN proxy Patrick McHardy
2013-08-07 17:42 ` [PATCH 1/5] netfilter: nf_conntrack: make sequence number adjustments usuable without NAT Patrick McHardy
2013-08-07 20:02 ` Jesper Dangaard Brouer
2013-08-07 17:42 ` [PATCH 2/5] net: syncookies: export cookie_v4_init_sequence/cookie_v4_check Patrick McHardy
2013-08-07 20:03 ` Jesper Dangaard Brouer
2013-08-07 17:42 ` [PATCH 3/5] netfilter: add SYNPROXY core/target Patrick McHardy
2013-08-07 20:26 ` Jesper Dangaard Brouer
2013-08-07 20:56 ` Patrick McHardy
2013-08-08 6:22 ` Patrick McHardy
2013-08-08 15:07 ` Jesper Dangaard Brouer [this message]
2013-08-08 8:04 ` Jesper Dangaard Brouer
2013-08-08 8:24 ` Patrick McHardy
2013-08-07 22:11 ` Eric Dumazet
2013-08-07 23:37 ` Patrick McHardy
2013-08-08 6:34 ` Patrick McHardy
2013-08-07 17:42 ` [PATCH 4/5] net: syncookies: export cookie_v6_init_sequence/cookie_v6_check Patrick McHardy
2013-08-07 20:27 ` Jesper Dangaard Brouer
2013-08-07 17:42 ` [PATCH 5/5] netfilter: add IPv6 SYNPROXY target Patrick McHardy
2013-08-07 20:34 ` Jesper Dangaard Brouer
2013-08-07 20:57 ` Patrick McHardy
2013-08-07 18:06 ` [PATCH RFC 0/5] netfilter: implement netfilter SYN proxy Eric Dumazet
2013-08-07 20:59 ` Patrick McHardy
2013-08-07 21:05 ` Hannes Frederic Sowa
2013-08-07 21:24 ` Patrick McHardy
2013-08-07 21:39 ` Eric Dumazet
2013-08-07 23:40 ` David Miller
2013-08-08 0:04 ` Hannes Frederic Sowa
2013-08-08 0:13 ` Patrick McHardy
2013-08-09 13:55 ` Neal Cardwell
-- strict thread matches above, loose matches on Subject: below --
2013-08-27 6:50 [PATCH 0/5] netfilter: SYNPROXY target v3 Patrick McHardy
2013-08-27 6:50 ` [PATCH 3/5] netfilter: add SYNPROXY core/target Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130808170710.28394af9@redhat.com \
--to=jbrouer@redhat.com \
--cc=as@one.com \
--cc=kaber@trash.net \
--cc=mph@one.com \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.