mirror of
				git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
				synced 2025-09-04 20:19:47 +08:00 
			
		
		
		
	netfilter: conntrack: adjust nf_conntrack_buckets default value
Manually bumping either nf_conntrack_buckets or nf_conntrack_max has become a common task as our Linux servers tend to serve more and more clients/applications, so let's adjust nf_conntrack_buckets this to a more updated value. Now for systems with more than 4GB of memory, nf_conntrack_buckets becomes 65536 instead of 16384, resulting in nf_conntrack_max=256k entries. Signed-off-by: Marcelo Ricardo Leitner <mleitner@redhat.com> Acked-by: Jesper Dangaard Brouer <brouer@redhat.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
		
							parent
							
								
									f96fe22567
								
							
						
					
					
						commit
						88eab472ec
					
				| @ -11,7 +11,8 @@ nf_conntrack_buckets - INTEGER (read-only) | |||||||
| 	Size of hash table. If not specified as parameter during module | 	Size of hash table. If not specified as parameter during module | ||||||
| 	loading, the default size is calculated by dividing total memory | 	loading, the default size is calculated by dividing total memory | ||||||
| 	by 16384 to determine the number of buckets but the hash table will | 	by 16384 to determine the number of buckets but the hash table will | ||||||
| 	never have fewer than 32 or more than 16384 buckets. | 	never have fewer than 32 and limited to 16384 buckets. For systems | ||||||
|  | 	with more than 4GB of memory it will be 65536 buckets. | ||||||
| 
 | 
 | ||||||
| nf_conntrack_checksum - BOOLEAN | nf_conntrack_checksum - BOOLEAN | ||||||
| 	0 - disabled | 	0 - disabled | ||||||
|  | |||||||
| @ -1624,13 +1624,18 @@ int nf_conntrack_init_start(void) | |||||||
| 	for (i = 0; i < CONNTRACK_LOCKS; i++) | 	for (i = 0; i < CONNTRACK_LOCKS; i++) | ||||||
| 		spin_lock_init(&nf_conntrack_locks[i]); | 		spin_lock_init(&nf_conntrack_locks[i]); | ||||||
| 
 | 
 | ||||||
| 	/* Idea from tcp.c: use 1/16384 of memory.  On i386: 32MB
 |  | ||||||
| 	 * machine has 512 buckets. >= 1GB machines have 16384 buckets. */ |  | ||||||
| 	if (!nf_conntrack_htable_size) { | 	if (!nf_conntrack_htable_size) { | ||||||
|  | 		/* Idea from tcp.c: use 1/16384 of memory.
 | ||||||
|  | 		 * On i386: 32MB machine has 512 buckets. | ||||||
|  | 		 * >= 1GB machines have 16384 buckets. | ||||||
|  | 		 * >= 4GB machines have 65536 buckets. | ||||||
|  | 		 */ | ||||||
| 		nf_conntrack_htable_size | 		nf_conntrack_htable_size | ||||||
| 			= (((totalram_pages << PAGE_SHIFT) / 16384) | 			= (((totalram_pages << PAGE_SHIFT) / 16384) | ||||||
| 			   / sizeof(struct hlist_head)); | 			   / sizeof(struct hlist_head)); | ||||||
| 		if (totalram_pages > (1024 * 1024 * 1024 / PAGE_SIZE)) | 		if (totalram_pages > (4 * (1024 * 1024 * 1024 / PAGE_SIZE))) | ||||||
|  | 			nf_conntrack_htable_size = 65536; | ||||||
|  | 		else if (totalram_pages > (1024 * 1024 * 1024 / PAGE_SIZE)) | ||||||
| 			nf_conntrack_htable_size = 16384; | 			nf_conntrack_htable_size = 16384; | ||||||
| 		if (nf_conntrack_htable_size < 32) | 		if (nf_conntrack_htable_size < 32) | ||||||
| 			nf_conntrack_htable_size = 32; | 			nf_conntrack_htable_size = 32; | ||||||
|  | |||||||
		Loading…
	
		Reference in New Issue
	
	Block a user
	 Marcelo Leitner
						Marcelo Leitner