Changli Gao wrote:

On Fri, Jun 4, 2010 at 7:40 PM, Patrick McHardy [off-list ref] wrote:

quoted

Eric Dumazet wrote:

quoted

Obviously, an IPS_UNTRACKED bit would be much easier to implement.
Would it be acceptable ?

That also would be fine. However the main idea behind using a nfctinfo
bit was that we wouldn't need the untracked conntrack anymore at all.
But I guess a per-cpu untrack conntrack would already be an improvement
over the current situation.

I think Eric didn't mean ip_conntrack_info but ip_conntrack_status
bit. Since we have had a IPS_TEMPLATE bit, I think another
IPS_UNTRACKED bit is also acceptable.

Yes, of course. But using one of these bits implies that we'd still
have the untracked conntrack.