[conntrack-tools] doc: increase hashtable bucket size and limits in example files
Pablo Neira
netfilter-cvslog-bounces at lists.netfilter.org
Sun Jan 25 19:15:16 CET 2009
Gitweb: http://git.netfilter.org/cgi-bin/gitweb.cgi?p=conntrack-tools.git;a=commit;h=8b7937e8a3864d84992e931ace69172ba171d875
commit 8b7937e8a3864d84992e931ace69172ba171d875
Author: Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Sun Jan 25 19:15:01 2009 +0100
Commit: Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Sun Jan 25 19:15:01 2009 +0100
doc: increase hashtable bucket size and limits in example files
This patch details a bit more the hashtable parameters. Moreover,
it increases the default size of the hashtable.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
via 8b7937e8a3864d84992e931ace69172ba171d875 (commit)
from afb9b7f9ee21df97754648d832fcee2b778b277a (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 8b7937e8a3864d84992e931ace69172ba171d875
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date: Sun Jan 25 19:15:01 2009 +0100
doc: increase hashtable bucket size and limits in example files
This patch details a bit more the hashtable parameters. Moreover,
it increases the default size of the hashtable.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
-----------------------------------------------------------------------
doc/sync/alarm/conntrackd.conf | 14 +++++++++-----
doc/sync/ftfw/conntrackd.conf | 14 +++++++++-----
doc/sync/notrack/conntrackd.conf | 14 +++++++++-----
3 files changed, 27 insertions(+), 15 deletions(-)
This patch details a bit more the hashtable parameters. Moreover,
it increases the default size of the hashtable.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
diff --git a/doc/sync/alarm/conntrackd.conf b/doc/sync/alarm/conntrackd.conf
index da11887..ad9bcd9 100644
--- a/doc/sync/alarm/conntrackd.conf
+++ b/doc/sync/alarm/conntrackd.conf
@@ -135,15 +135,19 @@ Sync {
#
General {
#
- # Number of buckets in the caches: hash table.
+ # Number of buckets in the cache hashtable. The bigger it is,
+ # the closer it gets to O(1) at the cost of consuming more memory.
+ # Read some documents about tuning hashtables for further reference.
#
- HashSize 16384
+ HashSize 32768
#
- # Maximum number of conntracks:
- # it must be >= $ cat /proc/sys/net/ipv4/netfilter/ip_conntrack_max
+ # Maximum number of conntracks, it should be double of:
+ # $ cat /proc/sys/net/netfilter/nf_conntrack_max
+ # since the daemon may keep some dead entries cached for possible
+ # retransmission during state synchronization.
#
- HashLimit 65536
+ HashLimit 131072
#
# Logfile: on (/var/log/conntrackd.log), off, or a filename
diff --git a/doc/sync/ftfw/conntrackd.conf b/doc/sync/ftfw/conntrackd.conf
index 3c39291..0021ea8 100644
--- a/doc/sync/ftfw/conntrackd.conf
+++ b/doc/sync/ftfw/conntrackd.conf
@@ -144,15 +144,19 @@ Sync {
#
General {
#
- # Number of buckets in the caches: hash table.
+ # Number of buckets in the cache hashtable. The bigger it is,
+ # the closer it gets to O(1) at the cost of consuming more memory.
+ # Read some documents about tuning hashtables for further reference.
#
- HashSize 16384
+ HashSize 32768
#
- # Maximum number of conntracks:
- # it must be >= $ cat /proc/sys/net/ipv4/netfilter/ip_conntrack_max
+ # Maximum number of conntracks, it should be double of:
+ # $ cat /proc/sys/net/netfilter/nf_conntrack_max
+ # since the daemon may keep some dead entries cached for possible
+ # retransmission during state synchronization.
#
- HashLimit 65536
+ HashLimit 131072
#
# Logfile: on (/var/log/conntrackd.log), off, or a filename
diff --git a/doc/sync/notrack/conntrackd.conf b/doc/sync/notrack/conntrackd.conf
index f86d17b..b77d589 100644
--- a/doc/sync/notrack/conntrackd.conf
+++ b/doc/sync/notrack/conntrackd.conf
@@ -125,15 +125,19 @@ Sync {
#
General {
#
- # Number of buckets in the caches: hash table.
+ # Number of buckets in the cache hashtable. The bigger it is,
+ # the closer it gets to O(1) at the cost of consuming more memory.
+ # Read some documents about tuning hashtables for further reference.
#
- HashSize 16384
+ HashSize 32768
#
- # Maximum number of conntracks:
- # it must be >= $ cat /proc/sys/net/ipv4/netfilter/ip_conntrack_max
+ # Maximum number of conntracks, it should be double of:
+ # $ cat /proc/sys/net/netfilter/nf_conntrack_max
+ # since the daemon may keep some dead entries cached for possible
+ # retransmission during state synchronization.
#
- HashLimit 65536
+ HashLimit 131072
#
# Logfile: on (/var/log/conntrackd.log), off, or a filename
More information about the netfilter-cvslog
mailing list