doc: document the netlink buffer size clauses

This patch documents the SocketBufferSize and SocketBufferSizeGrowth
clause. It also rises the default values which are fairly small for
busy firewalls.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

3 files changed, 36 insertions, 12 deletions

diff --git a/doc/sync/alarm/conntrackd.conf b/doc/sync/alarm/conntrackd.conf
index 0ace99e..0d4847b 100644
--- a/doc/sync/alarm/conntrackd.conf
+++ b/doc/sync/alarm/conntrackd.conf
@@ -145,14 +145,22 @@ General {
 	}
 
 	#
-	# Netlink socket buffer size
+	# Netlink event socket buffer size. If you do not specify this clause,
+	# the default buffer size value in /proc/net/core/rmem_default is
+	# used. This default value is usually around 100 Kbytes which is
+	# fairly small for busy firewalls. This leads to event message dropping
+	# and high CPU consumption. This example configuration file sets the
+	# size to 2 MBytes to avoid this sort of problems.
 	#
-	SocketBufferSize 262142
+	SocketBufferSize 2097152
 
 	#
-	# Increase the socket buffer up to maximum if required
+	# The daemon doubles the size of the netlink event socket buffer size
+	# if it detects netlink event message dropping. This clause sets the
+	# maximum buffer size growth that can be reached. This example file
+	# sets the size to 8 MBytes.
 	#
-	SocketBufferSizeMaxGrowth 655355
+	SocketBufferSizeMaxGrowth 8388608
 
 	#
 	# Event filtering: This clause allows you to filter certain traffic,
diff --git a/doc/sync/ftfw/conntrackd.conf b/doc/sync/ftfw/conntrackd.conf
index 868ee5a..d415fcd 100644
--- a/doc/sync/ftfw/conntrackd.conf
+++ b/doc/sync/ftfw/conntrackd.conf
@@ -149,14 +149,22 @@ General {
 	}
 
 	#
-	# Netlink socket buffer size
+	# Netlink event socket buffer size. If you do not specify this clause,
+	# the default buffer size value in /proc/net/core/rmem_default is
+	# used. This default value is usually around 100 Kbytes which is
+	# fairly small for busy firewalls. This leads to event message dropping
+	# and high CPU consumption. This example configuration file sets the
+	# size to 2 MBytes to avoid this sort of problems.
 	#
-	SocketBufferSize 262142
+	SocketBufferSize 2097152
 
 	#
-	# Increase the socket buffer up to maximum if required
+	# The daemon doubles the size of the netlink event socket buffer size
+	# if it detects netlink event message dropping. This clause sets the
+	# maximum buffer size growth that can be reached. This example file
+	# sets the size to 8 MBytes.
 	#
-	SocketBufferSizeMaxGrowth 655355
+	SocketBufferSizeMaxGrowth 8388608
 
 	#
 	# Event filtering: This clause allows you to filter certain traffic,
diff --git a/doc/sync/notrack/conntrackd.conf b/doc/sync/notrack/conntrackd.conf
index 514b5ba..bc1a3a6 100644
--- a/doc/sync/notrack/conntrackd.conf
+++ b/doc/sync/notrack/conntrackd.conf
@@ -133,14 +133,22 @@ General {
 	}
 
 	#
-	# Netlink socket buffer size
+	# Netlink event socket buffer size. If you do not specify this clause,
+	# the default buffer size value in /proc/net/core/rmem_default is
+	# used. This default value is usually around 100 Kbytes which is
+	# fairly small for busy firewalls. This leads to event message dropping
+	# and high CPU consumption. This example configuration file sets the
+	# size to 2 MBytes to avoid this sort of problems.
 	#
-	SocketBufferSize 262142
+	SocketBufferSize 2097152
 
 	#
-	# Increase the socket buffer up to maximum if required
+	# The daemon doubles the size of the netlink event socket buffer size
+	# if it detects netlink event message dropping. This clause sets the
+	# maximum buffer size growth that can be reached. This example file
+	# sets the size to 8 MBytes.
 	#
-	SocketBufferSizeMaxGrowth 655355
+	SocketBufferSizeMaxGrowth 8388608
 
 	#
 	# Event filtering: This clause allows you to filter certain traffic,