On Tue, Jan 21, 2003 at 07:16:15AM +0100, Ard van Breemen wrote: > On Tue, Jan 14, 2003 at 10:37:11AM +0100, Christian Hammers wrote: > > I have a border router that does dynamic and asymetric routing. > > Now, after upgrading from 2.4.19 to 2.4.20 yesterday I got the following > > message in my syslog twice this night: > > kernel: ip_conntrack: table full, dropping packet. > > The /proc/net/ip_conntrack table has 36911 entries, mostly all [UNREPLIED]. > Heh, > Next to the other replies: > If you do massive routing, or better: massive firewalling (a lot > of connections going through), always load the ip_conntrack > module with hashsize= . > If you don't, most of the connections have to be sequentially > searched in a linked list. > Default max setting of hashsize is 8192, with a maximum of 58000 > connections being tracked. The maximum connections to be tracked > can be increased on the fly, but upping your hashsize to begin > with gives you certainly an extra performance boost. > (Heh, it can make your cpu system time go from 100% down to 5 or > so... At least it will make your ethernet driver be the bottle > neck) > > -- > mail up 65+19:29, 4 users, load 0.00, 0.02, 0.27 > mistar1 up 18+15:59, 9 users, load 0.00, 0.00, 0.01 > Let your government know you value your freedom: sign the petition: > http://petition.eurolinux.org > > > I have the same problem, and have found /proc/sys/net/ip_conntrack_max. Is it contains the default max hashsize? May I only write: cat 16384 > /proc/sys/net/ip_conntract_max to solve the problem of "full table"? Will it be the same as loading ip_conntrack module with hashsize= ? Best regards Jakub
