Hello, On Fri, 26 Apr 2013, Pablo Neira Ayuso wrote: > Hi Julian, > > On Thu, Apr 25, 2013 at 11:15:25AM +0300, Julian Anastasov wrote: > > > > Hello, > > > > On Thu, 25 Apr 2013, Simon Horman wrote: > > > > > It is unclear to me that there is any utility in the following: > > > > > > rcu_read_unlock(); > > > rcu_read_lock(); > > > > I thought it is a good idea for fixed hash table > > of IP_VS_TAB_BITS=20. May be if guarded by > > > > if (!((++idx) & 4095)) > > > > to reduce its rate to 256 (with idx++ removed from the for loop) ? > > > > Netfilter has no such logic for nf_conntrack because > > it has limit of 16384 rows. > > We seem to be supporting over that limit via module_param and sysfs: > > /sys/module/nf_conntrack/parameters/hashsize Thanks for the note, I overlooked this parameter. Regards -- Julian Anastasov <ja@xxxxxx> -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html