Re: how to get consistent value of "nf_conntrack_htable_size" and "nf_conntrack_hash" in a kernel module ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 07 Jul 2017 23:55:25 +0800, Shiyao Ma said:

> I want to foreach all the `struct nf_conn's in my out-of-tree kernel module.

What are you trying to do?  Hint: the very concept of "all" the nf_conn's is a
very racy one, especially on high-powered servers that have multiple 40 gigabit
ethernet cards on them, talking to other high-powered servers on the same
subnet. It's possible to get several million TCP connections in TIME_WAIT in a
matter of seconds.  The end result is that the kernel code is very much
optimized for the problem of "find *THIS* one nf_conn related to the packet
we're looking at before the next one shows up in a few microseconds", and
things like 'netstat -a' can basically go pound sand if they want to be 100%
accurate.

Summary:  It's quite possible for hundreds or even thousands of nf_conn's
to come and go in the time it takes you to walk the list.

> How to get a consistent value of `nf_conntrack_htable_size' and `nf_conntrack_hash' ?

What makes you think that "consistent value" is a concept that applies
to these numbers?  As mentioned above, they can be bouncing all over
the place on timespans smaller than the time needed to walk the list...

Attachment: pgpdDJRz8fidJ.pgp
Description: PGP signature

_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@xxxxxxxxxxxxxxxxx
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

[Index of Archives]     [Newbies FAQ]     [Linux Kernel Mentors]     [Linux Kernel Development]     [IETF Annouce]     [Git]     [Networking]     [Security]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux SCSI]     [Linux ACPI]
  Powered by Linux