buckets-byte per conntrack
Herve Eychenne
rv at wallfire.org
Mon Jun 27 17:10:27 CEST 2005
On Mon, Jun 27, 2005 at 04:27:55PM +0200, thomasmkling at arcor.de wrote:
> ip_conntrack version 2.1 (214 buckets, 1712 max) - 208 bytes per conntrack
> I searched the archive and didn't find a detailed explanation for these values, can someone please help me?
> 208 bytes per conntrack:
> i guess that means that 208 bytes are used for managing ip, ports,state, connection-lifetime, tcp-option,seq-numbers,... (can I see how many bytes for which values used?)
> when are the 208 bytes consumed? I started 100 tcp-server-sockets and lost 100*330 bytes free_memory (vmstat). Then I build a new kernel without connection tracking and i got exactly the same memory-usage. why, I expected lower memory-usage without ip_conntrack?
> 1712 max:
> means that I can only track 1712 connections? what happens if i have more, are they denied, invalid, not logged?
> if i match on ESTABLISHED and have more than 1712 connections, what then?
> how can i have more max?
> 214 buckets:
> nothing found, what's that?
I wrote a little document that might partially answer your questions:
http://www.wallfire.org/misc/netfilter_conntrack_perf.txt
Herve
--
_
(°= Hervé Eychenne
//)
v_/_ WallFire project: http://www.wallfire.org/
More information about the netfilter-devel
mailing list