From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Patrick McHardy <kaber@trash.net>
Cc: Eric Leblond <eric@inl.fr>, netfilter-devel@vger.kernel.org
Subject: Re: Transmit mark during connection destruction event
Date: Tue, 29 Jan 2008 15:27:22 +0100 [thread overview]
Message-ID: <479F37CA.2020408@netfilter.org> (raw)
In-Reply-To: <479F362C.6020401@netfilter.org>
Pablo Neira Ayuso wrote:
> Pablo Neira Ayuso wrote:
>> Patrick McHardy wrote:
>>> Pablo Neira Ayuso wrote:
>>>> Patrick McHardy wrote:
>>>>> Eric Leblond wrote:
>>>>>> The following feature was submitted some months ago. It forces the dump
>>>>>> of mark during the connection destruction event. The induced load is
>>>>>> quiet small and the patch is usefull to provide an easy way to filter
>>>>>> event on user side without having to keep an hash in userspace.
>>>>>>
>>>>>> This new version is against 2.6.24 git tree.
>>>>> It clashed with some changes I had queued locally, but I fixed it
>>>>> up and applied it. Thanks Eric.
>>>> Please, hold it on. I don't see the point of consuming 8 extra byte in
>>>> every extra destroy message. You have tons of resources in userspace to
>>>> implement whatever performance structure to store the conntrackd but we
>>>> do have limited bandwidth in netlink. Instead we may dump the id but I
>>>> don't support this option either.
>>> I agree with Eric, its a useful option for avoiding overhead in
>>> userspace, and what counts in the end is the accumulated overhead
>>> of both kernel and userspace. If userspace can avoid dealing with
>>> tuples and complicated bookkeeping it can read messages faster,
>>> thus avoiding recv-queue overflows.
>> Then, dump the id but not the mark if he wants to identify a conntrack.
>
> BTW, why just dump the id/mark in the destroy message? One may want to
> identify the conntrack in new and update messages as well. IMO, this
> patch also introduces an inconsistency.
Never mind. I was confused because of the patch description. It is
supposed to dump mark always.
--
"Los honestos son inadaptados sociales" -- Les Luthiers
next prev parent reply other threads:[~2008-01-29 14:27 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-01-28 23:13 Transmit mark during connection destruction event Eric Leblond
2008-01-29 13:38 ` Patrick McHardy
2008-01-29 14:00 ` Pablo Neira Ayuso
2008-01-29 13:49 ` Patrick McHardy
2008-01-29 14:16 ` Pablo Neira Ayuso
2008-01-29 14:20 ` Pablo Neira Ayuso
2008-01-29 14:24 ` Patrick McHardy
2008-01-29 14:27 ` Pablo Neira Ayuso [this message]
2008-01-29 14:23 ` Patrick McHardy
2008-01-29 14:33 ` Pablo Neira Ayuso
2008-01-29 14:36 ` Patrick McHardy
2008-01-29 13:47 ` Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=479F37CA.2020408@netfilter.org \
--to=pablo@netfilter.org \
--cc=eric@inl.fr \
--cc=kaber@trash.net \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.