From: Holger Eitzenberger <holger@eitzenberger.org>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: netfilter-devel@vger.kernel.org, Krzysztof Piotr Oledzki <ole@ans.pl>
Subject: Re: [PATCH RFC 3/3] acct: add input and output interface index
Date: Thu, 17 Oct 2013 13:33:45 +0200 [thread overview]
Message-ID: <20131017113345.GQ13405@imap.eitzenberger.org> (raw)
In-Reply-To: <20131017110630.GA11148@localhost>
Hi Pablo,
> I like patches 1/3 and 2/3, they are nice cleanups.
thanks for looking into this.
> If you only set indev/outdev once we can skip the conntrack extension
> by passing the skb to nf_ct_deliver_cached_events and include this
> information in the conntrack events. That would not allow to dump the
> device from conntrack dumps though. I still have concerns with this
> approach as this doesn't seem to cover the scenario in which the
> in/outdev changes.
I know that doing it this simiple way is only "best effort", as e. g.
with IP multipathing or 802.3ad this information is not % correct
in all cases.
And the question we have to answer is whether this interface
information *has* to be correct in every case, even the less commonly
used cases.
For IPFIX I would answer this question with a 'no'.
And we can later extend this to update the interface information
correctly in every case. It's only a few patches away.
/Holger
next prev parent reply other threads:[~2013-10-17 11:34 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-09-26 15:31 [PATCH RFC 0/3] conntrack: add interface information to accounting extend Holger Eitzenberger
2013-09-26 15:31 ` [PATCH RFC 1/3] acct: introduce nf_conn_acct Holger Eitzenberger
2013-09-26 15:31 ` [PATCH RFC 2/3] ctnetlink: account both directions in one step Holger Eitzenberger
2013-09-26 15:31 ` [PATCH RFC 3/3] acct: add input and output interface index Holger Eitzenberger
2013-10-17 11:06 ` Pablo Neira Ayuso
2013-10-17 11:33 ` Holger Eitzenberger [this message]
2013-11-03 20:59 ` Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20131017113345.GQ13405@imap.eitzenberger.org \
--to=holger@eitzenberger.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=ole@ans.pl \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).