Connection Tracking information, suggestions for approaches
Thu, 18 Apr 2002 04:41:08 -0700
On Thu, Apr 18, 2002 at 11:00:37AM +0100, alex wrote:
> 1. Can the byte counting code be hacked ontop of the core conntrack code
> or should it done by an additonal module?
The problem with this is sooner or later this field would wrap and your
match would work right.
But the only reasonable data type to use on this would be unsigned long
long because unsigned long would wrap at 4 GB which really isn't all
that unreasonable for a single connection to transfer. But if you use a
unsigned long long you're using 8 bytes of data for each connection.
Currently each conntrack entry takes 350 bytes of RAM. So the question
is a 2% increase in the RAM requirements for conntrack worth it?
So this would also probably lead to a decrease in the ip_conntrack_max
value, meaning by default fewer connections could be tracked.
As a result my vote is a separate module...
Ben Reser <firstname.lastname@example.org>
What difference does it make to the dead, the orphans, and the homeless,
whether the mad destruction is wrought under the name of totalitarianism
or the holy name of liberty and democracy? - Ghandi