Holger Eitzenberger wrote: > Pablo Neira Ayuso wrote: >> * Default hashtable size reduced to 512, why? > > You are still talking about the ulogd-NFCT-plugin.diff, right? Please > comment on the version as it is at the end of the patchset. Sorry, I don't understand your patchset logic since I have to apply them all to understand what you want to do, this is confusing. >> * This patch checks if every conntrack exists in the kernel every N >> seconds to handle overruns. Instead, why doesn't it wait for ENOBUFS in >> the recv buffer and, then try to resync to kernel? > > This is one of the future improvements I've only queued locally. As > this isn't critical I suggest to wait for that. The point is that I don't understand why we have to apply these NFCT patches which IMO do a sloppy netlink handling and then wait until this is completely rewritten again properly... (continue below) >> * ct_hash_find_seq is O(n). Overruns sometimes happen because the CPU >> reaches 100% consumption, so if it can't backoff, this function won't >> help that much in those cases. > > [ULOGD RFC 15/30] NFCT: add sequence cache > > That patch was provided exactly to solve that issue. ... because AFAICS if we check for ENOBUFS and then resync against the kernel table using GET_CONNTRACK we won't need the sequence cache later, will we? -- "Los honestos son inadaptados sociales" -- Les Luthiers - To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
