Not being a core Netfilter developer, but this is my opinions: alex wrote:
> 1. Can the byte counting code be hacked ontop of the core conntrack code > or should it done by an additonal module? If you think these byte counters is something that may interest other users then having it in the core conntrack code makes sense. Also much easier to implement than a separate module. The times I have needed to add per-conntrack-entry information I have done it in conntrack. If you add it to the conntrack table, consider having a compile time option for enabling the extension as it bloats the memory usage somewhat. > 2. Should the match code by created in a seperate module or can it > safely be added to the core conntrack matches without breaking API's? I would go for a separate match. Much cleaner to implement. See my CONNMARK patch in patch-o-matic/extra for a patch doing both things (adds yet another field to the conntrack table, and new matches/targets for accessing this field). Regards Henrik
