diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2009-01-15 23:19:58 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2009-01-15 23:19:58 +0100 |
commit | 2cacd3a802510bde43e23cf4c7d39f51a2eaf460 (patch) | |
tree | 0f14343829df1fee20549a22544060b21587a841 /src/sync-notrack.c | |
parent | 8dce3504fde7da933dc6e7ecfeb99b4b45125f32 (diff) | |
download | conntrack-tools-2cacd3a802510bde43e23cf4c7d39f51a2eaf460.tar.gz conntrack-tools-2cacd3a802510bde43e23cf4c7d39f51a2eaf460.zip |
run: relax resynchronization algorithm when netlink overruns
This patch relaxes the current approach when netlink reports
overruns. There are two situations that can trigger a
resynchronization with the kernel conntrack table:
a) Netlink overruns because the receiver buffer is too small:
increasing the netlink buffer size and schedule a resync with the
kernel table conntrack to resolve the inconsistency. The sysadmin
would notice in the logs and will try to set a bigger buffer in
the configuration file.
b) The system is under heavy workload (CPU is too busy): we should
avoid resync with the kernel table since this is an expensive
operation. We do our best here and keep replicating as much states
as possible. If CPU consumption lowers at some point, the we will
try to resync ourselves.
This patch reduces the chances to resynchronize with the kernel
conntrack table unless that two overruns do not happen in an
internal of 30 seconds.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/sync-notrack.c')
0 files changed, 0 insertions, 0 deletions