[prev in list] [next in list] [prev in thread] [next in thread] 

List:       netfilter-devel
Subject:    Re: extending conntrack event data
From:       Amin Azez <azez () ufomechanic ! net>
Date:       2005-04-21 11:04:20
Message-ID: 426788B4.2060400 () ufomechanic ! net
[Download RAW message or body]

Wang Jian wrote:

>Hi Amin Azez,
>
>On Thu, 21 Apr 2005 10:49:38 +0100, Amin Azez <azez@ufomechanic.net> wrote:
>  
>
>>It is thus not practical to do as I suggested and make skb information 
>>available at conntrack events.
>>
>If we use skb everywhere (because it can contains conntrack information),
>then you can do what you want.
>  
>
That would be fine, but it looks like the skb is lost a few layers up 
the function calls except for the  *event_cache() calls, so this may 
involve a lot of changes? I guess the question is "which do we prefer?".

Adding to the conntrack is cleanest, it touches only conntrack_core and 
conntrack_standalone and is protected by a kernel CONFIG_ define.
Passing the skb instead of the conntrack is more flexible but will touch 
a lot more code. I would think Pablo or Harald are better placed to make 
that call.

I'm working on adding the option of link-layer to the conntrack struct 
as it is cleanest, perhaps genuinely more useful, and will have the most 
compact patch if I have to maintain it outside the core kernel.

Sam
[prev in list] [next in list] [prev in thread] [next in thread]