2nd Attempt: Query on Conntract module and Linux Namespaces

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


From:  pdakhane dakhane <pdakhane@xxxxxxxxx>
Date:  Friday, August 17, 2018 at 9:30 AM
To:  "netfilter@xxxxxxxxxxxxxxx" <netfilter@xxxxxxxxxxxxxxx>
Subject:  Query on Conntract module and Linux Namespaces


Hello Experts,

I am working on a system configured with Linux namespaces and one
conntrakd is running per namespace. My question is
Are the limits set in /proc/sys/net/netfilter/nf_conn* shared across all
namespaces? For e.g. /proc/sys/net/netfilter/nf-conntrack-max setting is
set to 65536, does it mean across all namespaces conntrackd can track
maximum of 65536 connections? Or does
 it mean that this limit is applicable to default namespace only?

Check some data points below.
cat /proc/sys/net/netfilter/nf_conntrack_max  ‹‹  default namespace
262144
at /proc/sys/net/netfilter/nf_conntrack_max ‹ namespace ns1
262144

ip netns exec ns1 cat /proc/sys/net/netfilter/nf_conntrack_count ‹ default
namespace
13
cat /proc/sys/net/netfilter/nf_conntrack_count ‹ namespace ns1
1465

Thanks
Pankaja
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux