From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Mikhail Sennikovsky <mikhail.sennikovskii@cloud.ionos.com>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: [PATCH v3 3/8] conntrack: per-command entries counters
Date: Wed, 24 Mar 2021 12:24:26 +0100 [thread overview]
Message-ID: <20210324112426.GA30128@salvia> (raw)
In-Reply-To: <CALHVEJb6dH_RdxvbtLaptN=8-g4QUUtd=+R-p2PrfNBep0XkWA@mail.gmail.com>
Hi Mikhail,
On Wed, Mar 17, 2021 at 07:20:55PM +0100, Mikhail Sennikovsky wrote:
> Hi Pablo,
>
> On Mon, 15 Mar 2021 at 18:12, Pablo Neira Ayuso <pablo@netfilter.org> wrote:
> >
> > Hi Mikhail,
> >
> > On Fri, Jan 29, 2021 at 10:24:47PM +0100, Mikhail Sennikovsky wrote:
> > > As a multicommand support preparation entry counters need
> > > to be made per-command as well, e.g. for the case -D and -I
> > > can be executed in a single batch, and we want to have separate
> > > counters for them.
> >
> > How do you plan to use the counters? -F provides no stats though.
> Those counters are used to print the number of affected entries for
> each command "type" executed.
> I.e. prior to the "--load-file" support it was only possible to have a
> single command for each conntrack tool invocation,
> so a global counter used to print the stats message like
> "conntrack v1.4.6 (conntrack-tools): 1 flow entries have been created."
> was sufficient.
>
> With the --load-file/-R command support it is possible to have
> multiple command types
> in a single conntrack tool invocation, e.g. both -I and -D commands as
> in example below.
>
> echo "-D -w 123
> -I -w 123 -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --state
> LISTEN -u SEEN_REPLY -t 50 " | conntrack -R -
>
> The per-command counters functionality added here makes it possible to print
> those stats info for each command "type" separately.
> So as a result of the above command something the following would be printed:
>
> conntrack v1.4.6 (conntrack-tools): 1 flow entries have been created.
> conntrack v1.4.6 (conntrack-tools): 3 flow entries have been deleted.
>
> Following your request to make the changes more granular, I moved this
> functionality to this separate "preparation" commit.
>
> > It should be possible to do some pretty print for stats.
I think it should be possible to do some pretty print, something like:
conntrack v1.4.6 (conntrack-tools)
Line 1-3: 3 flow entries have been created.
Line 4: 1 flow entries have been deleted.
...
One possibility is that we skip the pretty print by now, ie. you
rebase your patch on top of conntrack-tools, get it merged upstream.
Then incrementally we look at adding the pretty print for stats.
> > There is also the -I and -D cases, which might fail. In that case,
> > this should probably stop processing on failure?
>
> Are you talking about error handling processing ct_cmd entries?
> The way it is done currently is that each failure would result in
> exit_error to happen.
> This logic actually stays unchanged.
So the batch processing stops on the first error, right?
> > I sent another round of patches based on your that gets things closer
> > to the batch support.
>
> Thanks, I'll have a look into them.
I have pushed them out, any mistake please let me know I'll fix it.
Thanks.
next prev parent reply other threads:[~2021-03-24 11:25 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-29 21:24 [PATCH v3 0/8] conntrack: save output format Mikhail Sennikovsky
2021-01-29 21:24 ` [PATCH v3 1/8] conntrack: reset optind in do_parse Mikhail Sennikovsky
2021-03-15 17:18 ` Pablo Neira Ayuso
2021-03-17 18:31 ` Mikhail Sennikovsky
2021-03-24 11:22 ` Pablo Neira Ayuso
2021-01-29 21:24 ` [PATCH v3 2/8] conntrack: move global options to struct ct_cmd Mikhail Sennikovsky
2021-01-29 21:24 ` [PATCH v3 3/8] conntrack: per-command entries counters Mikhail Sennikovsky
2021-03-15 17:12 ` Pablo Neira Ayuso
2021-03-17 18:20 ` Mikhail Sennikovsky
2021-03-24 11:24 ` Pablo Neira Ayuso [this message]
2021-03-24 14:28 ` Mikhail Sennikovsky
2021-01-29 21:24 ` [PATCH v3 4/8] conntrack: introduce ct_cmd_list Mikhail Sennikovsky
2021-03-15 17:17 ` Pablo Neira Ayuso
2021-03-17 18:28 ` Mikhail Sennikovsky
2021-03-24 11:25 ` Pablo Neira Ayuso
2021-01-29 21:24 ` [PATCH v3 5/8] conntrack: accept commands from file Mikhail Sennikovsky
2021-01-29 21:24 ` [PATCH v3 6/8] conntrack.8: man update for --load-file support Mikhail Sennikovsky
2021-01-29 21:24 ` [PATCH v3 7/8] tests: saving and loading ct entries, save format Mikhail Sennikovsky
2021-01-29 21:24 ` [PATCH v3 8/8] tests: conntrack -L/-D ip family filtering Mikhail Sennikovsky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210324112426.GA30128@salvia \
--to=pablo@netfilter.org \
--cc=mikhail.sennikovskii@cloud.ionos.com \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).