From: Mikhail Sennikovsky <mikhail.sennikovskii@cloud.ionos.com>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: [PATCH v3 3/8] conntrack: per-command entries counters
Date: Wed, 17 Mar 2021 19:20:55 +0100 [thread overview]
Message-ID: <CALHVEJb6dH_RdxvbtLaptN=8-g4QUUtd=+R-p2PrfNBep0XkWA@mail.gmail.com> (raw)
In-Reply-To: <20210315171209.GA24883@salvia>
Hi Pablo,
On Mon, 15 Mar 2021 at 18:12, Pablo Neira Ayuso <pablo@netfilter.org> wrote:
>
> Hi Mikhail,
>
> On Fri, Jan 29, 2021 at 10:24:47PM +0100, Mikhail Sennikovsky wrote:
> > As a multicommand support preparation entry counters need
> > to be made per-command as well, e.g. for the case -D and -I
> > can be executed in a single batch, and we want to have separate
> > counters for them.
>
> How do you plan to use the counters? -F provides no stats though.
Those counters are used to print the number of affected entries for
each command "type" executed.
I.e. prior to the "--load-file" support it was only possible to have a
single command for each conntrack tool invocation,
so a global counter used to print the stats message like
"conntrack v1.4.6 (conntrack-tools): 1 flow entries have been created."
was sufficient.
With the --load-file/-R command support it is possible to have
multiple command types
in a single conntrack tool invocation, e.g. both -I and -D commands as
in example below.
echo "-D -w 123
-I -w 123 -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --state
LISTEN -u SEEN_REPLY -t 50 " | conntrack -R -
The per-command counters functionality added here makes it possible to print
those stats info for each command "type" separately.
So as a result of the above command something the following would be printed:
conntrack v1.4.6 (conntrack-tools): 1 flow entries have been created.
conntrack v1.4.6 (conntrack-tools): 3 flow entries have been deleted.
Following your request to make the changes more granular, I moved this
functionality
to this separate "preparation" commit.
>
> It should be possible to do some pretty print for stats.
>
> There is also the -I and -D cases, which might fail. In that case,
> this should probably stop processing on failure?
Are you talking about error handling processing ct_cmd entries?
The way it is done currently is that each failure would result in
exit_error to happen.
This logic actually stays unchanged.
>
> I sent another round of patches based on your that gets things closer
> to the batch support.
Thanks, I'll have a look into them.
Regards,
Mikhail
next prev parent reply other threads:[~2021-03-17 18:21 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-29 21:24 [PATCH v3 0/8] conntrack: save output format Mikhail Sennikovsky
2021-01-29 21:24 ` [PATCH v3 1/8] conntrack: reset optind in do_parse Mikhail Sennikovsky
2021-03-15 17:18 ` Pablo Neira Ayuso
2021-03-17 18:31 ` Mikhail Sennikovsky
2021-03-24 11:22 ` Pablo Neira Ayuso
2021-01-29 21:24 ` [PATCH v3 2/8] conntrack: move global options to struct ct_cmd Mikhail Sennikovsky
2021-01-29 21:24 ` [PATCH v3 3/8] conntrack: per-command entries counters Mikhail Sennikovsky
2021-03-15 17:12 ` Pablo Neira Ayuso
2021-03-17 18:20 ` Mikhail Sennikovsky [this message]
2021-03-24 11:24 ` Pablo Neira Ayuso
2021-03-24 14:28 ` Mikhail Sennikovsky
2021-01-29 21:24 ` [PATCH v3 4/8] conntrack: introduce ct_cmd_list Mikhail Sennikovsky
2021-03-15 17:17 ` Pablo Neira Ayuso
2021-03-17 18:28 ` Mikhail Sennikovsky
2021-03-24 11:25 ` Pablo Neira Ayuso
2021-01-29 21:24 ` [PATCH v3 5/8] conntrack: accept commands from file Mikhail Sennikovsky
2021-01-29 21:24 ` [PATCH v3 6/8] conntrack.8: man update for --load-file support Mikhail Sennikovsky
2021-01-29 21:24 ` [PATCH v3 7/8] tests: saving and loading ct entries, save format Mikhail Sennikovsky
2021-01-29 21:24 ` [PATCH v3 8/8] tests: conntrack -L/-D ip family filtering Mikhail Sennikovsky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CALHVEJb6dH_RdxvbtLaptN=8-g4QUUtd=+R-p2PrfNBep0XkWA@mail.gmail.com' \
--to=mikhail.sennikovskii@cloud.ionos.com \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).