From mboxrd@z Thu Jan 1 00:00:00 1970 From: Patrick McHardy Subject: Re: xt_connlimit kernel 20070620 Date: Thu, 21 Jun 2007 17:44:09 +0200 Message-ID: <467A9CC9.3020605@trash.net> References: <4678F7A2.6090203@netfilter.org> <46790A58.9050106@netfilter.org> <46791704.4090609@netfilter.org> <467921FD.8000909@trash.net> <467A9BA7.1090707@netfilter.org> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: 7bit Cc: Jan Engelhardt , Netfilter Developer Mailing List To: Pablo Neira Ayuso Return-path: In-Reply-To: <467A9BA7.1090707@netfilter.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: netfilter-devel-bounces@lists.netfilter.org Errors-To: netfilter-devel-bounces@lists.netfilter.org List-Id: netfilter-devel.vger.kernel.org Pablo Neira Ayuso wrote: > Patrick McHardy wrote: > >>Pablo Neira Ayuso wrote: >> >>>But the event API has the DESTROY transition. There are three kind of >>>events: NEW, UPDATE and DESTROY. Just wait for DESTROY events to release >>>the entry from the hashtable. >> >>Thats not a bad idea, but I always considered the notifier chains >>overkill just for ctnetlink and thought about replacing them by >>simple hooks. Adding another user for them would need some good >>justification, also since it quite heavily adds to the overhead >>for packet processing. > > > The call_chain would be called only to catch DESTROY events (at timer > expiration). No need to register notifications for the the event NEW > since it can be get from the packet itself from ctinfo. We only have a single notifier chain.