[conntrack-tools] doc: document the netlink buffer size clauses
Pablo Neira
netfilter-cvslog-bounces at lists.netfilter.org
Wed Dec 17 18:54:43 CET 2008
Gitweb: http://git.netfilter.org/cgi-bin/gitweb.cgi?p=conntrack-tools.git;a=commit;h=789cfad661f4fbaa97384efa5843a60027b1ec91
commit 789cfad661f4fbaa97384efa5843a60027b1ec91
Author: Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Wed Dec 17 18:54:27 2008 +0100
Commit: Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Wed Dec 17 18:54:27 2008 +0100
doc: document the netlink buffer size clauses
This patch documents the SocketBufferSize and SocketBufferSizeGrowth
clause. It also rises the default values which are fairly small for
busy firewalls.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
via 789cfad661f4fbaa97384efa5843a60027b1ec91 (commit)
from 02486b7c22beee4ac8af694a1073d33775d0d388 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 789cfad661f4fbaa97384efa5843a60027b1ec91
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date: Wed Dec 17 18:54:27 2008 +0100
doc: document the netlink buffer size clauses
This patch documents the SocketBufferSize and SocketBufferSizeGrowth
clause. It also rises the default values which are fairly small for
busy firewalls.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
-----------------------------------------------------------------------
doc/sync/alarm/conntrackd.conf | 16 ++++++++++++----
doc/sync/ftfw/conntrackd.conf | 16 ++++++++++++----
doc/sync/notrack/conntrackd.conf | 16 ++++++++++++----
3 files changed, 36 insertions(+), 12 deletions(-)
This patch documents the SocketBufferSize and SocketBufferSizeGrowth
clause. It also rises the default values which are fairly small for
busy firewalls.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
diff --git a/doc/sync/alarm/conntrackd.conf b/doc/sync/alarm/conntrackd.conf
index 0ace99e..0d4847b 100644
--- a/doc/sync/alarm/conntrackd.conf
+++ b/doc/sync/alarm/conntrackd.conf
@@ -145,14 +145,22 @@ General {
}
#
- # Netlink socket buffer size
+ # Netlink event socket buffer size. If you do not specify this clause,
+ # the default buffer size value in /proc/net/core/rmem_default is
+ # used. This default value is usually around 100 Kbytes which is
+ # fairly small for busy firewalls. This leads to event message dropping
+ # and high CPU consumption. This example configuration file sets the
+ # size to 2 MBytes to avoid this sort of problems.
#
- SocketBufferSize 262142
+ SocketBufferSize 2097152
#
- # Increase the socket buffer up to maximum if required
+ # The daemon doubles the size of the netlink event socket buffer size
+ # if it detects netlink event message dropping. This clause sets the
+ # maximum buffer size growth that can be reached. This example file
+ # sets the size to 8 MBytes.
#
- SocketBufferSizeMaxGrowth 655355
+ SocketBufferSizeMaxGrowth 8388608
#
# Event filtering: This clause allows you to filter certain traffic,
diff --git a/doc/sync/ftfw/conntrackd.conf b/doc/sync/ftfw/conntrackd.conf
index 868ee5a..d415fcd 100644
--- a/doc/sync/ftfw/conntrackd.conf
+++ b/doc/sync/ftfw/conntrackd.conf
@@ -149,14 +149,22 @@ General {
}
#
- # Netlink socket buffer size
+ # Netlink event socket buffer size. If you do not specify this clause,
+ # the default buffer size value in /proc/net/core/rmem_default is
+ # used. This default value is usually around 100 Kbytes which is
+ # fairly small for busy firewalls. This leads to event message dropping
+ # and high CPU consumption. This example configuration file sets the
+ # size to 2 MBytes to avoid this sort of problems.
#
- SocketBufferSize 262142
+ SocketBufferSize 2097152
#
- # Increase the socket buffer up to maximum if required
+ # The daemon doubles the size of the netlink event socket buffer size
+ # if it detects netlink event message dropping. This clause sets the
+ # maximum buffer size growth that can be reached. This example file
+ # sets the size to 8 MBytes.
#
- SocketBufferSizeMaxGrowth 655355
+ SocketBufferSizeMaxGrowth 8388608
#
# Event filtering: This clause allows you to filter certain traffic,
diff --git a/doc/sync/notrack/conntrackd.conf b/doc/sync/notrack/conntrackd.conf
index 514b5ba..bc1a3a6 100644
--- a/doc/sync/notrack/conntrackd.conf
+++ b/doc/sync/notrack/conntrackd.conf
@@ -133,14 +133,22 @@ General {
}
#
- # Netlink socket buffer size
+ # Netlink event socket buffer size. If you do not specify this clause,
+ # the default buffer size value in /proc/net/core/rmem_default is
+ # used. This default value is usually around 100 Kbytes which is
+ # fairly small for busy firewalls. This leads to event message dropping
+ # and high CPU consumption. This example configuration file sets the
+ # size to 2 MBytes to avoid this sort of problems.
#
- SocketBufferSize 262142
+ SocketBufferSize 2097152
#
- # Increase the socket buffer up to maximum if required
+ # The daemon doubles the size of the netlink event socket buffer size
+ # if it detects netlink event message dropping. This clause sets the
+ # maximum buffer size growth that can be reached. This example file
+ # sets the size to 8 MBytes.
#
- SocketBufferSizeMaxGrowth 655355
+ SocketBufferSizeMaxGrowth 8388608
#
# Event filtering: This clause allows you to filter certain traffic,
More information about the netfilter-cvslog
mailing list