summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2008-12-17 18:54:27 +0100
committerPablo Neira Ayuso <pablo@netfilter.org>2008-12-17 18:54:27 +0100
commit789cfad661f4fbaa97384efa5843a60027b1ec91 (patch)
tree7098d43f0b083ce2ee9ad4631de553ecb1d1d1ba /doc
parent02486b7c22beee4ac8af694a1073d33775d0d388 (diff)
downloadconntrack-tools-789cfad661f4fbaa97384efa5843a60027b1ec91.tar.gz
conntrack-tools-789cfad661f4fbaa97384efa5843a60027b1ec91.zip
doc: document the netlink buffer size clauses
This patch documents the SocketBufferSize and SocketBufferSizeGrowth clause. It also rises the default values which are fairly small for busy firewalls. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'doc')
-rw-r--r--doc/sync/alarm/conntrackd.conf16
-rw-r--r--doc/sync/ftfw/conntrackd.conf16
-rw-r--r--doc/sync/notrack/conntrackd.conf16
3 files changed, 36 insertions, 12 deletions
diff --git a/doc/sync/alarm/conntrackd.conf b/doc/sync/alarm/conntrackd.conf
index 0ace99e..0d4847b 100644
--- a/doc/sync/alarm/conntrackd.conf
+++ b/doc/sync/alarm/conntrackd.conf
@@ -145,14 +145,22 @@ General {
}
#
- # Netlink socket buffer size
+ # Netlink event socket buffer size. If you do not specify this clause,
+ # the default buffer size value in /proc/net/core/rmem_default is
+ # used. This default value is usually around 100 Kbytes which is
+ # fairly small for busy firewalls. This leads to event message dropping
+ # and high CPU consumption. This example configuration file sets the
+ # size to 2 MBytes to avoid this sort of problems.
#
- SocketBufferSize 262142
+ SocketBufferSize 2097152
#
- # Increase the socket buffer up to maximum if required
+ # The daemon doubles the size of the netlink event socket buffer size
+ # if it detects netlink event message dropping. This clause sets the
+ # maximum buffer size growth that can be reached. This example file
+ # sets the size to 8 MBytes.
#
- SocketBufferSizeMaxGrowth 655355
+ SocketBufferSizeMaxGrowth 8388608
#
# Event filtering: This clause allows you to filter certain traffic,
diff --git a/doc/sync/ftfw/conntrackd.conf b/doc/sync/ftfw/conntrackd.conf
index 868ee5a..d415fcd 100644
--- a/doc/sync/ftfw/conntrackd.conf
+++ b/doc/sync/ftfw/conntrackd.conf
@@ -149,14 +149,22 @@ General {
}
#
- # Netlink socket buffer size
+ # Netlink event socket buffer size. If you do not specify this clause,
+ # the default buffer size value in /proc/net/core/rmem_default is
+ # used. This default value is usually around 100 Kbytes which is
+ # fairly small for busy firewalls. This leads to event message dropping
+ # and high CPU consumption. This example configuration file sets the
+ # size to 2 MBytes to avoid this sort of problems.
#
- SocketBufferSize 262142
+ SocketBufferSize 2097152
#
- # Increase the socket buffer up to maximum if required
+ # The daemon doubles the size of the netlink event socket buffer size
+ # if it detects netlink event message dropping. This clause sets the
+ # maximum buffer size growth that can be reached. This example file
+ # sets the size to 8 MBytes.
#
- SocketBufferSizeMaxGrowth 655355
+ SocketBufferSizeMaxGrowth 8388608
#
# Event filtering: This clause allows you to filter certain traffic,
diff --git a/doc/sync/notrack/conntrackd.conf b/doc/sync/notrack/conntrackd.conf
index 514b5ba..bc1a3a6 100644
--- a/doc/sync/notrack/conntrackd.conf
+++ b/doc/sync/notrack/conntrackd.conf
@@ -133,14 +133,22 @@ General {
}
#
- # Netlink socket buffer size
+ # Netlink event socket buffer size. If you do not specify this clause,
+ # the default buffer size value in /proc/net/core/rmem_default is
+ # used. This default value is usually around 100 Kbytes which is
+ # fairly small for busy firewalls. This leads to event message dropping
+ # and high CPU consumption. This example configuration file sets the
+ # size to 2 MBytes to avoid this sort of problems.
#
- SocketBufferSize 262142
+ SocketBufferSize 2097152
#
- # Increase the socket buffer up to maximum if required
+ # The daemon doubles the size of the netlink event socket buffer size
+ # if it detects netlink event message dropping. This clause sets the
+ # maximum buffer size growth that can be reached. This example file
+ # sets the size to 8 MBytes.
#
- SocketBufferSizeMaxGrowth 655355
+ SocketBufferSizeMaxGrowth 8388608
#
# Event filtering: This clause allows you to filter certain traffic,