On Tue, Mar 09, 2021 at 10:51:20AM +0100, Arturo Borrero Gonzalez wrote: > On 3/8/21 4:32 PM, Pablo Neira Ayuso wrote: > > Fall back to 65536 buckets and 262144 entries. > > > > It would be probably good to add code to autoadjust by reading > > /proc/sys/net/netfilter/nf_conntrack_buckets and > > /proc/sys/net/nf_conntrack_max. > > > > Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1491 > > Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> > > --- > > src/read_config_yy.y | 6 ++++++ > > 1 file changed, 6 insertions(+) > > > > Thanks for the patch! > > Would it make sense to have all this logic in evaluate() in src/run.c? I think so. A patch to move it there would be fine. I suspect there might more missing sanity checks in the configuration file parser (options that are not set to default value, like hashsize and hashlimit).
