conntrack and kernel log

conntrack and kernel log

[Eicke Friedrich]

Hi,

comparing the kernel messages of two linux boxes I found something 
that I don't understand. Maybe someone can explain it to me?

First box, Pentium 133, 64MB RAM CONNMARK installed:
kernel: ip_conntrack version 2.1 (512 buckets, 4096 max) - 156 bytes 
per conntrack

Second box: Dual PentiumII 266, 192MB RAM, no CONNMARK installed:
kernel: ip_conntrack version 2.1 (1536 buckets, 12288 max) - 292 bytes 
per conntrack

How comes that the size per conntrack is at the first box smaller even 
though CONNMARK is installed? I mean it uses some bytes more per entry 
for the mark= field? Is it due to two CPU's? Sorry for this newbie 
question but googlin' did not gave me an answer.

Thanks for any comments,
Eicke.

Re: conntrack and kernel log

[Harald Welte]

[-- Attachment #1: Type: text/plain, Size: 937 bytes --]

On Wed, May 07, 2003 at 04:03:45PM +0200, Eicke Friedrich wrote:

> How comes that the size per conntrack is at the first box smaller even 
> though CONNMARK is installed? I mean it uses some bytes more per entry 
> for the mark= field? Is it due to two CPU's? Sorry for this newbie 
> question but googlin' did not gave me an answer.

It's because of the connection tracking helpers or nat helpers you have
or have not patched into your kernel.  (it also makes a difference
whether or not NAT is disabled or not.

> Thanks for any comments,
> Eicke.

-- 
- Harald Welte <laforge@netfilter.org>             http://www.netfilter.org/
============================================================================
  "Fragmentation is like classful addressing -- an interesting early
   architectural error that shows how much experimentation was going
   on while IP was being designed."                    -- Paul Vixie

[-- Attachment #2: Type: application/pgp-signature, Size: 232 bytes --]