On Fri, 07 Jul 2017 23:55:25 +0800, Shiyao Ma said: > I want to foreach all the `struct nf_conn's in my out-of-tree kernel module. What are you trying to do? Hint: the very concept of "all" the nf_conn's is a very racy one, especially on high-powered servers that have multiple 40 gigabit ethernet cards on them, talking to other high-powered servers on the same subnet. It's possible to get several million TCP connections in TIME_WAIT in a matter of seconds. The end result is that the kernel code is very much optimized for the problem of "find *THIS* one nf_conn related to the packet we're looking at before the next one shows up in a few microseconds", and things like 'netstat -a' can basically go pound sand if they want to be 100% accurate. Summary: It's quite possible for hundreds or even thousands of nf_conn's to come and go in the time it takes you to walk the list. > How to get a consistent value of `nf_conntrack_htable_size' and `nf_conntrack_hash' ? What makes you think that "consistent value" is a concept that applies to these numbers? As mentioned above, they can be bouncing all over the place on timespans smaller than the time needed to walk the list...
Attachment:
pgpP6PZ_aNMGx.pgp
Description: PGP signature
