git.baikalelectronics.ru Git - kernel.git/commit

author	Florian Westphal <fw@strlen.de>
	Wed, 22 Jun 2016 11:26:10 +0000 (13:26 +0200)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Fri, 24 Jun 2016 09:03:28 +0000 (11:03 +0200)
commit	c9c00724b99e56819459a81f82e209f591925480
tree	05fc36b7e2fa3b896cc412cdd8f0f1ac796965a3	tree \| snapshot
parent	da2101da28f850de59f6f3ed800df0863a3497ee	commit \| diff

netfilter: conntrack: allow increasing bucket size via sysctl too

No need to restrict this to module parameter.

We export a copy of the real hash size -- when user alters the value we
allocate the new table, copy entries etc before we update the real size
to the requested one.

This is also needed because the real size is used by concurrent readers
and cannot be changed without synchronizing the conntrack generation
seqcnt.

We only allow changing this value from the initial net namespace.

Tested using http-client-benchmark vs. httpterm with concurrent

while true;do
echo $RANDOM > /proc/sys/net/netfilter/nf_conntrack_buckets
done

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

Documentation/networking/nf_conntrack-sysctl.txt		diff \| blob \| history
include/net/netfilter/nf_conntrack.h		diff \| blob \| history
net/netfilter/nf_conntrack_core.c		diff \| blob \| history
net/netfilter/nf_conntrack_standalone.c		diff \| blob \| history