From mboxrd@z Thu Jan 1 00:00:00 1970 From: Patrick McHardy Subject: Re: xt_connlimit kernel 20070620 Date: Thu, 21 Jun 2007 17:51:38 +0200 Message-ID: <467A9E8A.4080202@trash.net> References: <4678F7A2.6090203@netfilter.org> <46790A58.9050106@netfilter.org> <46791704.4090609@netfilter.org> <467921FD.8000909@trash.net> <467A9BA7.1090707@netfilter.org> <467A9CC9.3020605@trash.net> <467A9E3A.3060905@netfilter.org> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: 7bit Cc: Jan Engelhardt , Netfilter Developer Mailing List To: Pablo Neira Ayuso Return-path: In-Reply-To: <467A9E3A.3060905@netfilter.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: netfilter-devel-bounces@lists.netfilter.org Errors-To: netfilter-devel-bounces@lists.netfilter.org List-Id: netfilter-devel.vger.kernel.org Pablo Neira Ayuso wrote: > Patrick McHardy wrote: > >>Pablo Neira Ayuso wrote: >> >>>Patrick McHardy wrote: >>> >>> >>>>Pablo Neira Ayuso wrote: >>>> >>>> >>>>>But the event API has the DESTROY transition. There are three kind of >>>>>events: NEW, UPDATE and DESTROY. Just wait for DESTROY events to release >>>>>the entry from the hashtable. >>>> >>>>Thats not a bad idea, but I always considered the notifier chains >>>>overkill just for ctnetlink and thought about replacing them by >>>>simple hooks. Adding another user for them would need some good >>>>justification, also since it quite heavily adds to the overhead >>>>for packet processing. >>> >>>The call_chain would be called only to catch DESTROY events (at timer >>>expiration). No need to register notifications for the the event NEW >>>since it can be get from the packet itself from ctinfo. >> >>We only have a single notifier chain. > > > Worth to split them into three chains? For connlimit? No.