conntrack-acct patch

conntrack-acct patch

[Patrick McHardy]

Hi Harald,

I have a question about the conntrack-acct patch. Why is accounting
done with timer refreshing ? Is it just because the function already
takes ip_conntrack_lock ? I think accounting should be done in the
core after the conntrack protocol accepted the packet, instead of
adding side-effects to ip_ct_refresh, which might even need some
no-account flag one day for things like ctnetlink.

Regards
Patrick

Re: conntrack-acct patch

[Harald Welte]

[-- Attachment #1: Type: text/plain, Size: 1220 bytes --]

On Fri, Jul 23, 2004 at 02:32:54AM +0200, Patrick McHardy wrote:
> Hi Harald,

Hi Patrick!
 
> I have a question about the conntrack-acct patch. Why is accounting
> done with timer refreshing ? Is it just because the function already
> takes ip_conntrack_lock ? 

Yes, exactly... this is the reason.  ip_ct_refresh() was the only place
where we always grabbed a writelock.

> I think accounting should be done in the core after the conntrack
> protocol accepted the packet, instead of adding side-effects to
> ip_ct_refresh, which might even need some no-account flag one day for
> things like ctnetlink.

It already has a no-account parameter (as used by the amanda helper).

I know the API sucks, but I didn't want to introduce yet another
lock/unlock cycle into this very performance-relevant path.

> Regards
> Patrick

-- 
- Harald Welte <laforge@netfilter.org>             http://www.netfilter.org/
============================================================================
  "Fragmentation is like classful addressing -- an interesting early
   architectural error that shows how much experimentation was going
   on while IP was being designed."                    -- Paul Vixie

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 189 bytes --]