[conntrack-tools] doc: document the netlink buffer size clauses

Pablo Neira netfilter-cvslog-bounces at lists.netfilter.org
Wed Dec 17 18:54:43 CET 2008


Gitweb:		http://git.netfilter.org/cgi-bin/gitweb.cgi?p=conntrack-tools.git;a=commit;h=789cfad661f4fbaa97384efa5843a60027b1ec91
commit 789cfad661f4fbaa97384efa5843a60027b1ec91
Author:     Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Wed Dec 17 18:54:27 2008 +0100
Commit:     Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Wed Dec 17 18:54:27 2008 +0100

    doc: document the netlink buffer size clauses
    
    This patch documents the SocketBufferSize and SocketBufferSizeGrowth
    clause. It also rises the default values which are fairly small for
    busy firewalls.
    
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
       via  789cfad661f4fbaa97384efa5843a60027b1ec91 (commit)
      from  02486b7c22beee4ac8af694a1073d33775d0d388 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 789cfad661f4fbaa97384efa5843a60027b1ec91
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date:   Wed Dec 17 18:54:27 2008 +0100

    doc: document the netlink buffer size clauses
    
    This patch documents the SocketBufferSize and SocketBufferSizeGrowth
    clause. It also rises the default values which are fairly small for
    busy firewalls.
    
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

-----------------------------------------------------------------------

 doc/sync/alarm/conntrackd.conf   |   16 ++++++++++++----
 doc/sync/ftfw/conntrackd.conf    |   16 ++++++++++++----
 doc/sync/notrack/conntrackd.conf |   16 ++++++++++++----
 3 files changed, 36 insertions(+), 12 deletions(-)
This patch documents the SocketBufferSize and SocketBufferSizeGrowth
clause. It also rises the default values which are fairly small for
busy firewalls.

Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

diff --git a/doc/sync/alarm/conntrackd.conf b/doc/sync/alarm/conntrackd.conf
index 0ace99e..0d4847b 100644
--- a/doc/sync/alarm/conntrackd.conf
+++ b/doc/sync/alarm/conntrackd.conf
@@ -145,14 +145,22 @@ General {
 	}
 
 	#
-	# Netlink socket buffer size
+	# Netlink event socket buffer size. If you do not specify this clause,
+	# the default buffer size value in /proc/net/core/rmem_default is
+	# used. This default value is usually around 100 Kbytes which is
+	# fairly small for busy firewalls. This leads to event message dropping
+	# and high CPU consumption. This example configuration file sets the
+	# size to 2 MBytes to avoid this sort of problems.
 	#
-	SocketBufferSize 262142
+	SocketBufferSize 2097152
 
 	#
-	# Increase the socket buffer up to maximum if required
+	# The daemon doubles the size of the netlink event socket buffer size
+	# if it detects netlink event message dropping. This clause sets the
+	# maximum buffer size growth that can be reached. This example file
+	# sets the size to 8 MBytes.
 	#
-	SocketBufferSizeMaxGrowth 655355
+	SocketBufferSizeMaxGrowth 8388608
 
 	#
 	# Event filtering: This clause allows you to filter certain traffic,
diff --git a/doc/sync/ftfw/conntrackd.conf b/doc/sync/ftfw/conntrackd.conf
index 868ee5a..d415fcd 100644
--- a/doc/sync/ftfw/conntrackd.conf
+++ b/doc/sync/ftfw/conntrackd.conf
@@ -149,14 +149,22 @@ General {
 	}
 
 	#
-	# Netlink socket buffer size
+	# Netlink event socket buffer size. If you do not specify this clause,
+	# the default buffer size value in /proc/net/core/rmem_default is
+	# used. This default value is usually around 100 Kbytes which is
+	# fairly small for busy firewalls. This leads to event message dropping
+	# and high CPU consumption. This example configuration file sets the
+	# size to 2 MBytes to avoid this sort of problems.
 	#
-	SocketBufferSize 262142
+	SocketBufferSize 2097152
 
 	#
-	# Increase the socket buffer up to maximum if required
+	# The daemon doubles the size of the netlink event socket buffer size
+	# if it detects netlink event message dropping. This clause sets the
+	# maximum buffer size growth that can be reached. This example file
+	# sets the size to 8 MBytes.
 	#
-	SocketBufferSizeMaxGrowth 655355
+	SocketBufferSizeMaxGrowth 8388608
 
 	#
 	# Event filtering: This clause allows you to filter certain traffic,
diff --git a/doc/sync/notrack/conntrackd.conf b/doc/sync/notrack/conntrackd.conf
index 514b5ba..bc1a3a6 100644
--- a/doc/sync/notrack/conntrackd.conf
+++ b/doc/sync/notrack/conntrackd.conf
@@ -133,14 +133,22 @@ General {
 	}
 
 	#
-	# Netlink socket buffer size
+	# Netlink event socket buffer size. If you do not specify this clause,
+	# the default buffer size value in /proc/net/core/rmem_default is
+	# used. This default value is usually around 100 Kbytes which is
+	# fairly small for busy firewalls. This leads to event message dropping
+	# and high CPU consumption. This example configuration file sets the
+	# size to 2 MBytes to avoid this sort of problems.
 	#
-	SocketBufferSize 262142
+	SocketBufferSize 2097152
 
 	#
-	# Increase the socket buffer up to maximum if required
+	# The daemon doubles the size of the netlink event socket buffer size
+	# if it detects netlink event message dropping. This clause sets the
+	# maximum buffer size growth that can be reached. This example file
+	# sets the size to 8 MBytes.
 	#
-	SocketBufferSizeMaxGrowth 655355
+	SocketBufferSizeMaxGrowth 8388608
 
 	#
 	# Event filtering: This clause allows you to filter certain traffic,



More information about the netfilter-cvslog mailing list