From: Patrick McHardy <kaber@trash.net>
To: davem@davemloft.net
Cc: netfilter-devel@lists.netfilter.org, Patrick McHardy <kaber@trash.net>
Subject: [NETFILTER 04/14]: ULOG/nfnetlink_log: Use better default value for 'nlbufsiz'
Date: Fri, 3 Feb 2006 14:44:04 +0100 (MET) [thread overview]
Message-ID: <20060203134404.2141.13996.sendpatchset@localhost.localdomain> (raw)
In-Reply-To: <20060203134358.2141.63426.sendpatchset@localhost.localdomain>
[NETFILTER]: ULOG/nfnetlink_log: Use better default value for 'nlbufsiz'
Performance tests showed that ULOG may fail on heavy loaded systems
because of failed order-N allocations (N >= 1).
The default value of 4096 is not optimal in the sense that it actually
allocates _two_ contigous physical pages. Reasoning: ULOG uses
alloc_skb(), which adds another ~300 bytes for skb_shared_info.
This patch sets the default value to NLMSG_GOODSIZE and adds some
documentation at the top.
Signed-off-by: Holger Eitzenberger <heitzenberger@astaro.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
---
commit 5974aa1e67cc9139557471d57aa6b54c7fb6aed5
tree 4f3f1e9d8d38ab0f88549bdfd44cd51f72eb8104
parent edf3735e79f637f92f34d0848bfb6c0ea45a9349
author Holger Eitzenberger <heitzenberger@astaro.com> Fri, 03 Feb 2006 12:36:48 +0100
committer Patrick McHardy <kaber@trash.net> Fri, 03 Feb 2006 12:36:48 +0100
net/bridge/netfilter/ebt_ulog.c | 2 +-
net/ipv4/netfilter/ipt_ULOG.c | 6 +++++-
net/netfilter/nfnetlink_log.c | 2 +-
3 files changed, 7 insertions(+), 3 deletions(-)
diff --git a/net/bridge/netfilter/ebt_ulog.c b/net/bridge/netfilter/ebt_ulog.c
index ce617b3..dbbf9f6 100644
--- a/net/bridge/netfilter/ebt_ulog.c
+++ b/net/bridge/netfilter/ebt_ulog.c
@@ -46,7 +46,7 @@
#define PRINTR(format, args...) do { if (net_ratelimit()) \
printk(format , ## args); } while (0)
-static unsigned int nlbufsiz = 4096;
+static unsigned int nlbufsiz = NLMSG_GOODSIZE;
module_param(nlbufsiz, uint, 0600);
MODULE_PARM_DESC(nlbufsiz, "netlink buffer size (number of bytes) "
"(defaults to 4096)");
diff --git a/net/ipv4/netfilter/ipt_ULOG.c b/net/ipv4/netfilter/ipt_ULOG.c
index 641dbc4..2fe6413 100644
--- a/net/ipv4/netfilter/ipt_ULOG.c
+++ b/net/ipv4/netfilter/ipt_ULOG.c
@@ -35,6 +35,10 @@
* each nlgroup you are using, so the total kernel memory usage increases
* by that factor.
*
+ * Actually you should use nlbufsiz a bit smaller than PAGE_SIZE, since
+ * nlbufsiz is used with alloc_skb, which adds another
+ * sizeof(struct skb_shared_info). Use NLMSG_GOODSIZE instead.
+ *
* flushtimeout:
* Specify, after how many hundredths of a second the queue should be
* flushed even if it is not full yet.
@@ -76,7 +80,7 @@ MODULE_ALIAS_NET_PF_PROTO(PF_NETLINK, NE
#define PRINTR(format, args...) do { if (net_ratelimit()) printk(format , ## args); } while (0)
-static unsigned int nlbufsiz = 4096;
+static unsigned int nlbufsiz = NLMSG_GOODSIZE;
module_param(nlbufsiz, uint, 0400);
MODULE_PARM_DESC(nlbufsiz, "netlink buffer size");
diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c
index e10512e..50787af 100644
--- a/net/netfilter/nfnetlink_log.c
+++ b/net/netfilter/nfnetlink_log.c
@@ -37,7 +37,7 @@
#include "../bridge/br_private.h"
#endif
-#define NFULNL_NLBUFSIZ_DEFAULT 4096
+#define NFULNL_NLBUFSIZ_DEFAULT NLMSG_GOODSIZE
#define NFULNL_TIMEOUT_DEFAULT 100 /* every second */
#define NFULNL_QTHRESH_DEFAULT 100 /* 100 packets */
next prev parent reply other threads:[~2006-02-03 13:44 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-02-03 13:43 [00/14]: Netfilter fixes for 2.6.16 Patrick McHardy
2006-02-03 13:43 ` [NETFILTER 01/14]: ctnetlink: Fix subsystem used for expectation events Patrick McHardy
2006-02-03 13:44 ` [NETFILTER 02/14]: ctnetlink: add MODULE_ALIAS for expectation subsystem Patrick McHardy
2006-02-03 13:44 ` [NETFILTER 03/14]: nf_conntrack: check address family when finding protocol module Patrick McHardy
2006-02-03 13:44 ` Patrick McHardy [this message]
2006-02-03 13:44 ` [NETFILTER 05/14]: Fix undersized skb allocation in ipt_ULOG/ebt_ulog/nfnetlink_log Patrick McHardy
2006-02-03 13:44 ` [NETFILTER 06/14]: nfnetlink_queue: fix packet marking over netlink Patrick McHardy
2006-02-03 13:44 ` [NETFILTER 07/14]: Fix missing src port initialization in tftp expectation mask Patrick McHardy
2006-02-03 13:44 ` [NETFILTER 08/14]: iptables: fix typos in ipt_connbytes.h Patrick McHardy
2006-02-03 13:44 ` [NETFILTER 09/14]: nf_conntrack: fix incorrect memset() size in FTP helper Patrick McHardy
2006-02-03 13:44 ` [NETFILTER 10/14]: Fix possible overflow in netfilters do_replace() Patrick McHardy
2006-02-03 13:44 ` [NETFILTER 11/14]: Check policy length in policy match strict mode Patrick McHardy
2006-02-03 13:44 ` [NETFILTER 12/14]: Fix ip6t_policy address matching Patrick McHardy
2006-02-03 13:44 ` [NETFILTER 13/14]: Prepare {ipt, ip6t}_policy match for x_tables unification Patrick McHardy
2006-02-03 13:44 ` [NETFILTER 14/14]: Fix check whether dst_entry needs to be released after NAT Patrick McHardy
2006-02-04 10:21 ` [00/14]: Netfilter fixes for 2.6.16 David S. Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20060203134404.2141.13996.sendpatchset@localhost.localdomain \
--to=kaber@trash.net \
--cc=davem@davemloft.net \
--cc=netfilter-devel@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.