From: Emmanuel Guiton <emmanuel@netlab.hut.fi>
To: Henrik Nordstrom <hno@marasystems.com>
Cc: netfilter-devel@lists.netfilter.org
Subject: Re: Counter problem in a new nat target.
Date: Tue, 09 Dec 2003 12:01:24 +0200 [thread overview]
Message-ID: <3FD59D74.6050005@netlab.hut.fi> (raw)
In-Reply-To: Pine.LNX.4.44.0312081319100.10693-100000@filer.marasystems.com
Henrik Nordstrom wrote:
>On Mon, 8 Dec 2003, Emmanuel Guiton wrote:
>
>
>
>>Does someone has a good advice on where I can store my variable? Can I
>>use the void *userdata ? (I do not really know to what it points).
>>
>>
>
>You should be able to use the userdata I think. It is a pointer to the
>original targetinfo sent/seen by userspace iptables command. The kernel
>operates on another copy of the table per CPU. But I would not recommend
>doint this. I think it is better if you keep the needed counters
>elsewhere. You can use reference counting from the check/destroy functions
>to determine which counters you need to maintain.
>
>Regards
>Henrik
>
>
Well, things are still unclear for me... I have to admit that I am not
familiar with reference counting, so I do not really know about this
possibility.
My problem is that I do not see which data can be accessed by any of the
function involved. To be precise, I need to increment a counter each
time I get one new conntrack. Then I decrement it each time a conntrack
is destroyed or set as assured (tcp connection). The thing is
complicated by the fact that I have several counters, one for each
different IP destination address. the selection of the right counter is
done in the target function.
Thus, I can easily do the increment and decrement when assured in the
target function. But what about the decrement when a conntrack is destroyed?
Is the destroy function called when a conntrack is destroyed?
Previously, I was adviced to use a notifier to catch the "conntrack
destroyed" event. So is this equivalent (without regarding the data
which can be accessed)?
The hacking howto also states that the checkentry can be used to
dynalically allocate resources and they can be freed in the destroy
function. But here the same issue occurs: I do not see which common data
I can access from bothe the checkentry and destroy function.
Well, I feel I'm just blind and missing an important basic thing, but I
can't point it out. I hope I won't seem too stupid when the light comes :)
Emmanuel
next prev parent reply other threads:[~2003-12-09 10:01 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-12-08 11:53 Counter problem in a new nat target Emmanuel Guiton
2003-12-08 12:28 ` Henrik Nordstrom
2003-12-09 10:01 ` Emmanuel Guiton [this message]
2003-12-09 10:15 ` Henrik Nordstrom
2003-12-09 13:48 ` Emmanuel Guiton
2003-12-09 16:16 ` Henrik Nordstrom
2003-12-10 8:35 ` Jesse Peng
2003-12-10 11:00 ` Emmanuel Guiton
2003-12-10 11:15 ` Henrik Nordstrom
2003-12-10 12:52 ` Emmanuel Guiton
2003-12-10 14:19 ` Henrik Nordstrom
2003-12-11 3:20 ` Jesse Peng
2003-12-11 8:20 ` Henrik Nordstrom
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3FD59D74.6050005@netlab.hut.fi \
--to=emmanuel@netlab.hut.fi \
--cc=hno@marasystems.com \
--cc=netfilter-devel@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.