From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Eric Leblond <eric@inl.fr>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: [ULOGD PATCH 5/6] Port of NFCT plugin to new libnetfilter_conntrack API.
Date: Sat, 05 Apr 2008 17:45:37 +0200 [thread overview]
Message-ID: <47F79EA1.7090401@netfilter.org> (raw)
In-Reply-To: <1206571752607-git-send-email-eric@inl.fr>
Eric Leblond wrote:
> This patch is a port to the new libnetfilter_conntrack API of the NFCT
> plugin. To be able to send IP addresses to the IP2STR and IP2BIN module
> oob.family and oob.protocol keys have been added.
Applied, thanks. A patch on top of it to break lines at 80 columns would
be great.
> There is only a single function which is marked as deprecated. This is
> nfct_dump_conntrack_table_reset_counters. This function is used to dump
> periodically counters. By default, this feature is not used. IMHO we could
> suppress this code and use conntrackd for similar tasks.
As the counters are 32 bits, we can store 64 bits counters in userspace
and periodically dump-and-reset the counters. Thus, we ensure that the
probability of an overflow is low while using little memory in kernel
space. We think that we should fix this in ulogd.
The problem that I see, not directly related with this, is that if ulogd
does this counter-and-reset, it may break other existing application
polling to obtain the counters. Probably we need a netlink event to
notify to all processes that the counters have been reset.
--
"Los honestos son inadaptados sociales" -- Les Luthiers
next prev parent reply other threads:[~2008-04-05 15:45 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-03-26 22:49 [ULOGD PATCH 0/6] Making NFCT plugin IPv6 compliant Eric Leblond
2008-03-26 22:49 ` [ULOGD PATCH 1/6] Make arp related key optionnal Eric Leblond
2008-04-05 15:31 ` Pablo Neira Ayuso
2008-03-26 22:49 ` [ULOGD PATCH 2/6] Fix display of IPv6 address Eric Leblond
2008-04-05 15:31 ` Pablo Neira Ayuso
2008-03-26 22:49 ` [ULOGD PATCH 3/6] Fix typo in error message Eric Leblond
2008-04-05 15:32 ` Pablo Neira Ayuso
2008-03-26 22:49 ` [ULOGD PATCH 4/6] Use IP2STR keys in PRINTFLOW module Eric Leblond
2008-04-05 15:35 ` Pablo Neira Ayuso
2008-03-26 22:49 ` [ULOGD PATCH 5/6] Port of NFCT plugin to new libnetfilter_conntrack API Eric Leblond
2008-04-05 15:45 ` Pablo Neira Ayuso [this message]
2008-03-26 22:49 ` [ULOGD PATCH 6/6] Fix display of DESTROY event Eric Leblond
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=47F79EA1.7090401@netfilter.org \
--to=pablo@netfilter.org \
--cc=eric@inl.fr \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.