Pablo Neira Ayuso wrote:
heitzenberger@xxxxxxxxxx wrote:
Thus possibly preventing e.g. ctnetlink from overruns on busy sites.
Also interesting, do you really observe a real improvement? I'll try
this with conntrackd tomorrow in my testbed.
I noticed huge differences in nfnetlink_queue performance by renicing,
which is a clear indication of insufficient buffer space in the
socker receive queue (in case of nfnetlink_queue actually receive
queue size *or* kernel queue size). The buffers have to be dimensioned
large enough to catch userspace latency fluctuations, so the proper
fix is most likely to simply increase the receive queue size.
Which reminds me, for nfnetlink_queue we should think about providing
a mechanism to automatically size both kernel queue and socket receive
buffers properly or at least measure latencies.
-
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
