24 Nov, 2016
1 commit
-
Since kernel 4.7 this defaults to off.
Signed-off-by: Florian Westphal
Signed-off-by: Pablo Neira Ayuso
17 Oct, 2016
1 commit
-
This entry has been removed in commit 9500507c6138.
Fixes: 9500507c6138 ("netfilter: conntrack: remove timer from ecache extension")
Signed-off-by: Nicolas Dichtel
Acked-by: Florian Westphal
Signed-off-by: Pablo Neira Ayuso
24 Jun, 2016
1 commit
-
No need to restrict this to module parameter.
We export a copy of the real hash size -- when user alters the value we
allocate the new table, copy entries etc before we update the real size
to the requested one.This is also needed because the real size is used by concurrent readers
and cannot be changed without synchronizing the conntrack generation
seqcnt.We only allow changing this value from the initial net namespace.
Tested using http-client-benchmark vs. httpterm with concurrent
while true;do
echo $RANDOM > /proc/sys/net/netfilter/nf_conntrack_buckets
doneSigned-off-by: Florian Westphal
Signed-off-by: Pablo Neira Ayuso
23 Dec, 2014
1 commit
-
Manually bumping either nf_conntrack_buckets or nf_conntrack_max has
become a common task as our Linux servers tend to serve more and more
clients/applications, so let's adjust nf_conntrack_buckets this to a
more updated value.Now for systems with more than 4GB of memory, nf_conntrack_buckets
becomes 65536 instead of 16384, resulting in nf_conntrack_max=256k
entries.Signed-off-by: Marcelo Ricardo Leitner
Acked-by: Jesper Dangaard Brouer
Signed-off-by: Pablo Neira Ayuso
21 Jan, 2013
1 commit
-
I grepped through the code and picked bits about nf_conntrack sysctl api
and put that into one documentation file.[ I have mangled this patch including comments from several grammar
improvements proposed by Neal Murphy ,
any new grammar error is my mistake --pablo ]Signed-off-by: Jiri Pirko
Signed-off-by: Pablo Neira Ayuso
