OpenVZ Forum: Devel » [PATCH 2.6.21-rc6] [netfilter] early

Home » Mailing lists » Devel » [PATCH 2.6.21-rc6] [netfilter] early_drop imrovement

Show: Today's Messages :: Show Polls :: Message Navigator
E-mail to friend

Re: [NETFILTER] early_drop() imrovement (v3) [message #14370 is a reply to message #14353]

Tue, 26 June 2007 13:20

vaverin
Messages: 708
Registered: September 2005

Senior Member

Patrick McHardy wrote:

Patrick, thank you for your tips, I'll remake the patch.

> I don't like the NF_CT_PER_BUCKET constant. First of all, each
> conntrack is hashed twice, so its really only 1/2 of the average
> conntracks per bucket. Secondly, its only a default and many
> people use nf_conntrack_max = nf_conntrack_htable_size / 2, so
> using this constant for early_drop seems wrong.

> Perhaps make it 2 * nf_conntrack_max / nf_conntrack_htable_size
> or even add a nf_conntrack_eviction_range sysctl.

IMHO The number of conntracks checked in early_drop() have following restrictions:
- it should be not too low -- to decrease chances of transmission failures,
- it should be limited by some reasonable value -- to prevent long check delays.

Also I believe it makes sense to have it constant (how about NF_CT_EVICTION
name?) -- to have the same behaviour on various nodes. However I doubt strongly
that anybody will want to change this value. Do you think it is really required?

thank you,
Vasily Averin

Report message to a moderator

[Message index]

		[PATCH 2.6.21-rc6] [netfilter] early_drop imrovement By: vaverin on Fri, 06 April 2007 08:00
		Re: [PATCH 2.6.21-rc6] [netfilter] early_drop imrovement By: Eric Dumazet on Fri, 06 April 2007 08:24
		Re: [PATCH 2.6.21-rc6] [netfilter] early_drop imrovement By: vaverin on Fri, 06 April 2007 10:26
		Re: [PATCH 2.6.21-rc6] [netfilter] early_drop imrovement By: Patrick McHardy on Fri, 06 April 2007 15:08
		[PATCH nf-2.6.22] [netfilter] early_drop imrovement By: vaverin on Sat, 07 April 2007 11:45
		Re: [PATCH nf-2.6.22] [netfilter] early_drop imrovement By: Eric Dumazet on Sat, 07 April 2007 12:08
		Re: [PATCH nf-2.6.22] [netfilter] early_drop imrovement By: vaverin on Sun, 08 April 2007 05:02
		[NETFILTER] early_drop() imrovement (v3) By: vaverin on Wed, 09 May 2007 06:59
		Re: [NETFILTER] early_drop() imrovement (v3) By: Patrick McHardy on Mon, 25 June 2007 13:53
		Re: [NETFILTER] early_drop() imrovement (v3) By: vaverin on Tue, 26 June 2007 13:20
		Re: [NETFILTER] early_drop() imrovement (v3) By: Patrick McHardy on Tue, 26 June 2007 13:27
		[NETFILTER] early_drop() imrovement (v4) By: vaverin on Wed, 27 June 2007 08:46
		Re: [NETFILTER] early_drop() imrovement (v4) By: Patrick McHardy on Wed, 27 June 2007 08:52
		Re: [NETFILTER] early_drop() imrovement (v4) By: Patrick McHardy on Wed, 27 June 2007 12:04
		Re: [NETFILTER] early_drop() imrovement (v4) By: vaverin on Wed, 27 June 2007 12:29
		Re: [NETFILTER] early_drop() imrovement (v4) By: Patrick McHardy on Wed, 27 June 2007 12:51
		Re: [NETFILTER] early_drop() imrovement (v4) By: vaverin on Wed, 27 June 2007 13:02
		Re: [NETFILTER] early_drop() imrovement (v4) By: Patrick McHardy on Wed, 27 June 2007 13:18
		Re: [NETFILTER] early_drop() imrovement (v4) By: Patrick McHardy on Wed, 27 June 2007 13:23
		Re: [NETFILTER] early_drop() imrovement (v4) By: vaverin on Wed, 27 June 2007 13:25
		Re: [NETFILTER] early_drop() imrovement (v4) By: Patrick McHardy on Wed, 27 June 2007 13:28
		Re: [NETFILTER] early_drop() imrovement (v4) By: Patrick McHardy on Wed, 27 June 2007 13:35
		Re: [NETFILTER] early_drop() imrovement (v4) By: Patrick McHardy on Wed, 27 June 2007 13:54
		Re: [NETFILTER] early_drop() imrovement (v4) By: Rusty Russell on Mon, 02 July 2007 19:56
		Re: [NETFILTER] early_drop() imrovement (v4) By: Patrick McHardy on Tue, 03 July 2007 11:42
		Re: [NETFILTER] early_drop() imrovement (v4) By: Martin Josefsson on Tue, 03 July 2007 06:39
		Re: [NETFILTER] early_drop() imrovement (v3) By: Jan Engelhardt on Mon, 25 June 2007 14:36

Previous Topic:	[PATCH 1/2] signal checkpoint: define /proc/pid/sig/
Next Topic:	[PATCH] .gitignore update

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

] [

]

Current Time: Fri Nov 28 21:34:05 GMT 2025

Total time taken to generate the page: 0.37327 seconds