From mboxrd@z Thu Jan 1 00:00:00 1970 From: Patrick McHardy Subject: Re: [PATCH] Unconditionaly push mark to conntrack structure Date: Wed, 31 May 2006 01:55:47 +0200 Message-ID: <447CDB83.1090606@trash.net> References: <447CD8AA.2040502@trash.net> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: 7bit Cc: netfilter-devel@lists.netfilter.org, Eric Leblond Return-path: To: Pablo Neira Ayuso In-Reply-To: <447CD8AA.2040502@trash.net> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: netfilter-devel-bounces@lists.netfilter.org Errors-To: netfilter-devel-bounces@lists.netfilter.org List-Id: netfilter-devel.vger.kernel.org Patrick McHardy wrote: > Eric Leblond wrote: > >>This is needed in userspace as the mark can be used to select >>efficiently a subset of the conntrack events to work on. > > > I'm a bit reluctant to special case mark, but mostly because I wonder > whether we shouldn't just behave like all other networking subsystems > and send update messages containing the entire new state. If you look > at the optional information: > > - status bits are only 4 byte. > - timeout is currently transmitted for every packet anyway - its better > to just reduce the event rate (we even had a patch for this for ages) Actually this isn't true, I just noticed we never send timeout update notifications except for the first packet (which means we have tons of unnecessary notifier chain calls). I think this isn't really intended and was done to work around the high timeout event generation rate. Pablo, do you more about this?