From: Patrick Schaaf <bof@bof.de>
To: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Cc: netfilter-devel@lists.netfilter.org,
Grzegorz Piotr Jaskiewicz <gj@pointblue.com.pl>
Subject: Re: [PATCH] aggressive early_drop and reserved conntrack entries
Date: Thu, 9 Dec 2004 09:52:50 +0100 [thread overview]
Message-ID: <20041209085249.GA22714@oknodo.bof.de> (raw)
In-Reply-To: <Pine.LNX.4.58.0412090845060.11649@blackhole.kfki.hu>
Hi,
> The included patch addresses the following issues:
>
> - When the conntrack table is full, we search only in a single hash
> bucket. We are in trouble anyway, so let's search harder for
> droppable entries: the patch extends the search to at most the third of
> all the buckets.
Hmm. It's correct that we are in trouble anyway, but will it help burning
much more CPU to get out of trouble?
Looking for alternatives, I note that early_drop will only consider
unreplied connections for reaping. In a normal setup, only a small
number of connections will be unreplied, AND each connection will
make at most one transition from unreplied to assured.
This suggest, to me, that we keep unreplied connections on a new,
additional list. They are put there at the HEAD upon creation,
they are removed form the list when they make their transition
to assured. And early_drop becomes a simple, O(1) operation:
reap the connection which is at the TAIL of this new list.
Of course, it's a tradeoff between burning (lots of) CPU when under
pressure, vs. two list operations per connection for each and every
connection.
best regards
Patrick
next prev parent reply other threads:[~2004-12-09 8:52 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-12-09 8:34 [PATCH] aggressive early_drop and reserved conntrack entries Jozsef Kadlecsik
2004-12-09 8:52 ` Patrick Schaaf [this message]
2004-12-09 10:34 ` Jozsef Kadlecsik
2004-12-09 11:29 ` Patrick Schaaf
2004-12-10 22:27 ` Jozsef Kadlecsik
2004-12-11 13:34 ` Martin Josefsson
2004-12-11 13:39 ` Martin Josefsson
2004-12-11 16:56 ` Jozsef Kadlecsik
2004-12-12 11:40 ` Henrik Nordstrom
2004-12-13 21:52 ` Jozsef Kadlecsik
2004-12-13 12:14 ` Jozsef Kadlecsik
2004-12-13 13:25 ` Martin Josefsson
2004-12-09 12:25 ` Grzegorz Piotr Jaskiewicz
2004-12-09 13:21 ` Jozsef Kadlecsik
2004-12-16 12:31 ` Harald Welte
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20041209085249.GA22714@oknodo.bof.de \
--to=bof@bof.de \
--cc=gj@pointblue.com.pl \
--cc=kadlec@blackhole.kfki.hu \
--cc=netfilter-devel@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.