OpenVZ Forum: Devel » [PATCH 2.6.21-rc6] [netfilter] early

Home » Mailing lists » Devel » [PATCH 2.6.21-rc6] [netfilter] early_drop imrovement

Show: Today's Messages :: Show Polls :: Message Navigator
E-mail to friend

Re: [NETFILTER] early_drop() imrovement (v4) [message #14397 is a reply to message #14388]

Wed, 27 June 2007 12:04

Patrick McHardy
Messages: 107
Registered: March 2006

Senior Member

Patrick McHardy wrote:
> Vasily Averin wrote:
>
>>When the number of conntracks is reached nf_conntrack_max limit, early_drop()
>>tries to free one of already used conntracks. If it does not find any conntracks
>>that may be freed, it leads to transmission errors.
>>In current implementation the conntracks are searched in one hash bucket only.
>>It have some drawbacks: if used hash bucket is empty we have not any chances to
>>find something. On the other hand the hash bucket can contain a huge number of
>>conntracks and its check can last a long time.
>>The proposed patch limits the number of checked conntracks and allows to search
>>conntracks in other hash buckets. As result in any case the search will have the
>>same chances to free one of the conntracks and the check will not lead to long
>>delays.
>
>
>
> Thanks Vasily. I have some patches queued to convert all conntrack
> hashes to hlists, which conflict with your patches. They need a bit
> more work, I'll integrate your changes on top of them once I'm done.

I've added this patch to my tree at

http://people.netfilter.org/kaber/nf-2.6.23.git/

I've joined the two loops from your patch since that avoids an
otherwise useless function and doesn't take the lock up to 8
times in a row.

Report message to a moderator

[Message index]

		[PATCH 2.6.21-rc6] [netfilter] early_drop imrovement By: vaverin on Fri, 06 April 2007 08:00
		Re: [PATCH 2.6.21-rc6] [netfilter] early_drop imrovement By: Eric Dumazet on Fri, 06 April 2007 08:24
		Re: [PATCH 2.6.21-rc6] [netfilter] early_drop imrovement By: vaverin on Fri, 06 April 2007 10:26
		Re: [PATCH 2.6.21-rc6] [netfilter] early_drop imrovement By: Patrick McHardy on Fri, 06 April 2007 15:08
		[PATCH nf-2.6.22] [netfilter] early_drop imrovement By: vaverin on Sat, 07 April 2007 11:45
		Re: [PATCH nf-2.6.22] [netfilter] early_drop imrovement By: Eric Dumazet on Sat, 07 April 2007 12:08
		Re: [PATCH nf-2.6.22] [netfilter] early_drop imrovement By: vaverin on Sun, 08 April 2007 05:02
		[NETFILTER] early_drop() imrovement (v3) By: vaverin on Wed, 09 May 2007 06:59
		Re: [NETFILTER] early_drop() imrovement (v3) By: Patrick McHardy on Mon, 25 June 2007 13:53
		Re: [NETFILTER] early_drop() imrovement (v3) By: vaverin on Tue, 26 June 2007 13:20
		Re: [NETFILTER] early_drop() imrovement (v3) By: Patrick McHardy on Tue, 26 June 2007 13:27
		[NETFILTER] early_drop() imrovement (v4) By: vaverin on Wed, 27 June 2007 08:46
		Re: [NETFILTER] early_drop() imrovement (v4) By: Patrick McHardy on Wed, 27 June 2007 08:52
		Re: [NETFILTER] early_drop() imrovement (v4) By: Patrick McHardy on Wed, 27 June 2007 12:04
		Re: [NETFILTER] early_drop() imrovement (v4) By: vaverin on Wed, 27 June 2007 12:29
		Re: [NETFILTER] early_drop() imrovement (v4) By: Patrick McHardy on Wed, 27 June 2007 12:51
		Re: [NETFILTER] early_drop() imrovement (v4) By: vaverin on Wed, 27 June 2007 13:02
		Re: [NETFILTER] early_drop() imrovement (v4) By: Patrick McHardy on Wed, 27 June 2007 13:18
		Re: [NETFILTER] early_drop() imrovement (v4) By: Patrick McHardy on Wed, 27 June 2007 13:23
		Re: [NETFILTER] early_drop() imrovement (v4) By: vaverin on Wed, 27 June 2007 13:25
		Re: [NETFILTER] early_drop() imrovement (v4) By: Patrick McHardy on Wed, 27 June 2007 13:28
		Re: [NETFILTER] early_drop() imrovement (v4) By: Patrick McHardy on Wed, 27 June 2007 13:35
		Re: [NETFILTER] early_drop() imrovement (v4) By: Patrick McHardy on Wed, 27 June 2007 13:54
		Re: [NETFILTER] early_drop() imrovement (v4) By: Rusty Russell on Mon, 02 July 2007 19:56
		Re: [NETFILTER] early_drop() imrovement (v4) By: Patrick McHardy on Tue, 03 July 2007 11:42
		Re: [NETFILTER] early_drop() imrovement (v4) By: Martin Josefsson on Tue, 03 July 2007 06:39
		Re: [NETFILTER] early_drop() imrovement (v3) By: Jan Engelhardt on Mon, 25 June 2007 14:36

Previous Topic:	[PATCH 1/2] signal checkpoint: define /proc/pid/sig/
Next Topic:	[PATCH] .gitignore update

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

] [

]

Current Time: Sun Feb 15 15:16:14 GMT 2026

Total time taken to generate the page: 0.33307 seconds