On Thu, Apr 18, 2002 at 11:00:37AM +0100, alex wrote: > 1. Can the byte counting code be hacked ontop of the core conntrack code > or should it done by an additonal module?
The problem with this is sooner or later this field would wrap and your match would work right. But the only reasonable data type to use on this would be unsigned long long because unsigned long would wrap at 4 GB which really isn't all that unreasonable for a single connection to transfer. But if you use a unsigned long long you're using 8 bytes of data for each connection. Currently each conntrack entry takes 350 bytes of RAM. So the question is a 2% increase in the RAM requirements for conntrack worth it? So this would also probably lead to a decrease in the ip_conntrack_max value, meaning by default fewer connections could be tracked. As a result my vote is a separate module... -- Ben Reser <[EMAIL PROTECTED]> http://ben.reser.org What difference does it make to the dead, the orphans, and the homeless, whether the mad destruction is wrought under the name of totalitarianism or the holy name of liberty and democracy? - Ghandi
