On Wed, Mar 12, 2014 at 11:49:48PM +0100, Florian Westphal wrote: > Resending the last three patches of the set; I have addressed > the comments I've received. See individual patches on whats > changed vs v1. > > I've done a brief re-rest with 2-hrs of synflooding and > nf_conntrack_max=2000000 plus conntrack -F every 10 seconds and did not > encounter any issues. > > I am copying the original v1 cover letter below. > > The connlimit match suffers from two problems: > > - lock contention when multiple cpus invoke the match function > - algorithmic complexity: on average the connlimit match will need to > examine NUMBER_OF_CONNTRACKS % HASH_BUCKET (always 256) connections > as the match will test for every connection assigned to the same bucked > as the new one wheter the conntrack is still active. > > This patch set tries to solve both issues. Series applied, thanks Florian. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
