From mboxrd@z Thu Jan 1 00:00:00 1970 From: Patrick McHardy Subject: Re: [PATCH] Unconditionaly push mark to conntrack structure Date: Wed, 31 May 2006 02:26:24 +0200 Message-ID: <447CE2B0.8000504@trash.net> References: <447CD8AA.2040502@trash.net> <447CDB83.1090606@trash.net> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: 7bit Cc: netfilter-devel@lists.netfilter.org, Eric Leblond Return-path: To: Pablo Neira Ayuso In-Reply-To: <447CDB83.1090606@trash.net> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: netfilter-devel-bounces@lists.netfilter.org Errors-To: netfilter-devel-bounces@lists.netfilter.org List-Id: netfilter-devel.vger.kernel.org Patrick McHardy wrote: > Patrick McHardy wrote: > >>Eric Leblond wrote: >> >> >>>This is needed in userspace as the mark can be used to select >>>efficiently a subset of the conntrack events to work on. >> >> >>I'm a bit reluctant to special case mark, but mostly because I wonder >>whether we shouldn't just behave like all other networking subsystems >>and send update messages containing the entire new state. If you look >>at the optional information: >> >>- status bits are only 4 byte. >>- timeout is currently transmitted for every packet anyway - its better >> to just reduce the event rate (we even had a patch for this for ages) > > > Actually this isn't true, I just noticed we never send timeout update > notifications except for the first packet (which means we have tons > of unnecessary notifier chain calls). I think this isn't really > intended and was done to work around the high timeout event generation > rate. Pablo, do you more about this? More bad news .. the timeout is sent in HZ instead of USER_HZ. This unfortunately seems to call for an ABI break, I'd really hate to add a CTA_TIMEOUT2 attribute. I guess we can live with it since its usually not even included in the messages.