Denys Fedoryshchenko wrote:
The story with excessive timers usage continue.
Here is my results from /proc/timer_stats for 30 seconds (150Mbps traffic)
...
And here is netfilter usage, looks like ....
I did also sysctl -w net.netfilter.nf_conntrack_acct=0
1, 0 swapper __nf_ct_refresh_acct (death_by_timeout)
1, 0 swapper __nf_ct_refresh_acct (death_by_timeout)
1, 0 swapper __nf_ct_refresh_acct (death_by_timeout)
1, 0 swapper __nf_ct_refresh_acct (death_by_timeout)
1, 0 swapper __nf_ct_refresh_acct (death_by_timeout)
1, 0 swapper __nf_conntrack_confirm (death_by_timeout)
1, 0 swapper __nf_conntrack_confirm (death_by_timeout)
1, 0 swapper __nf_conntrack_confirm (death_by_timeout)
1, 0 swapper __nf_conntrack_confirm (death_by_timeout)
1, 0 swapper __nf_conntrack_confirm (death_by_timeout)
1, 0 swapper __nf_conntrack_confirm (death_by_timeout)
1, 0 swapper __nf_conntrack_confirm (death_by_timeout)
1, 0 swapper __nf_conntrack_confirm (death_by_timeout)
....
Router-Dora ~ # cat /proc/timer_stats |grep '__nf'|wc -l
1005
Is it important to do so much calls to timers in conntrack?
Precision on it is not more than 1 second.
There's one timer per conntrack. As you noticed, we only update
timers for delta >= 1s, but with many conntracks, that still adds
up to a lot.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
