From: Patrick McHardy <kaber@trash.net>
To: Krzysztof Oledzki <ole@ans.pl>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: [PATCH] Accounting rework: ct_extend + 64bit counters
Date: Tue, 03 Jun 2008 19:14:08 +0200 [thread overview]
Message-ID: <48457BE0.6000604@trash.net> (raw)
In-Reply-To: <Pine.LNX.4.64.0806031841410.3438@bizon.gios.gov.pl>
Krzysztof Oledzki wrote:
>> Mhh good point :) I was thinking of calling it from the raw table,
>> but of course we don't have a conntrack at that point. So the
>> information would have to be propagated from the raw table somehow.
>> Maybe something like the untracked conntrack? IIRC someone posted
>> a patch for something similar (propagation of parameters to helpers)
>> some time ago.
>
> OK, I'll look at this. Can we push the current version (plus discussed
> changes) now and tag if for 2.6.27 and try to solve above problem later
> (2.6.28)?
I would prefer to see a final solution before pushing
it upstream. Having it only implemented half-way forces
an additional allocation on everyone (even those not
even compiling the feature in now) for now gain.
>>> Do you mean an iptables target (-j ...)? IMHO a kernel/module option
>>> plus a sysctl/sysfs interface should be enough.
>>
>> Having it controlled through an iptables target would be preferrable
>> because you can then do selective accounting.
>
> OK, but this will make everything slower and may be often unnecessary,
> so I still think that setting a default mode should be possible. It is
> something like "iptables -P", BTW.
I'm guessing the allocation is where the real cost is,
but I'm not opposed to a default (that will get changed
to off after some period).
next prev parent reply other threads:[~2008-06-03 17:14 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-06-02 17:24 [PATCH] Accounting rework: ct_extend + 64bit counters Krzysztof Oledzki
2008-06-02 17:41 ` Fabian Hugelshofer
2008-06-02 18:05 ` Krzysztof Oledzki
2008-06-03 13:30 ` Patrick McHardy
2008-06-03 16:23 ` Krzysztof Oledzki
2008-06-03 16:28 ` Patrick McHardy
2008-06-03 16:35 ` Krzysztof Oledzki
2008-06-03 16:40 ` Patrick McHardy
2008-06-03 16:49 ` Krzysztof Oledzki
2008-06-03 17:14 ` Patrick McHardy [this message]
2008-06-03 17:19 ` Krzysztof Oledzki
2008-06-03 17:21 ` Patrick McHardy
2008-06-03 17:35 ` Krzysztof Oledzki
2008-06-03 17:57 ` Patrick McHardy
2008-06-03 18:10 ` Krzysztof Oledzki
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=48457BE0.6000604@trash.net \
--to=kaber@trash.net \
--cc=netfilter-devel@vger.kernel.org \
--cc=ole@ans.pl \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.