All of lore.kernel.org
 help / color / mirror / Atom feed
From: Thomas Mader <thezema@gmail.com>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: Netfilter Development Mailinglist <netfilter-devel@vger.kernel.org>
Subject: Re: libnetfilter_queue and libnetfilter_conntrack API questions
Date: Wed, 09 Apr 2008 18:00:19 +0200	[thread overview]
Message-ID: <47FCE813.3040907@gmail.com> (raw)
In-Reply-To: <47FCD6AA.8030205@netfilter.org>

Pablo Neira Ayuso wrote:
> I'd prefer polling from both sockets instead of using threads, you can
> access the socket descriptors via nfct_fd() and nfq_fd().
> 
> Anyway, the main problem that I see is that you'll have to delay the
> packet verdict until you receive the conntrack event, otherwise you risk
> to have a race condition. However, I think that the solution would not
> be that performant.

Would it be better if I just spawn another thread with a timer which 
looks at intervals if a connection in my list has to be deleted? This 
way I would not need conntrack at all and it might be the fastest solution.

Btw. I did a throughput test on the kernelspace module and the userspace 
daemon without conntrack (so no deletion of connections in my list). I 
figured out that the kernelspace module had less throughput than my 
daemon and I didn't had a good explanation for this.
Is it possible that my conntrack solution in kernelspace is lowering the 
performance below the performance in userspace without conntrack?

      parent reply	other threads:[~2008-04-09 16:00 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-04-09 14:06 libnetfilter_queue and libnetfilter_conntrack API questions Thomas Mader
2008-04-09 14:46 ` Pablo Neira Ayuso
2008-04-09 14:52   ` Patrick McHardy
2008-04-09 15:02     ` Pablo Neira Ayuso
2008-04-09 15:07       ` Patrick McHardy
2008-04-09 16:00   ` Thomas Mader [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=47FCE813.3040907@gmail.com \
    --to=thezema@gmail.com \
    --cc=netfilter-devel@vger.kernel.org \
    --cc=pablo@netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.