From: Eric Dumazet <dada1@cosmosbay.com>
To: mbizon@freebox.fr, "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>
Cc: Joakim Tjernlund <Joakim.Tjernlund@transmode.se>,
avorontsov@ru.mvista.com, Patrick McHardy <kaber@trash.net>,
netdev@vger.kernel.org
Subject: Re: [PATCH] conntrack: Reduce conntrack count in nf_conntrack_free()
Date: Tue, 24 Mar 2009 16:27:06 +0100 [thread overview]
Message-ID: <49C8FBCA.40402@cosmosbay.com> (raw)
In-Reply-To: <1237907850.12351.80.camel@sakura.staff.proxad.net>
Maxime Bizon a écrit :
> On Tue, 2009-03-24 at 13:07 +0100, Eric Dumazet wrote:
>
> Hi Eric,
>
>> We use RCU to defer freeing of conntrack structures. In DOS situation,
>> RCU might accumulate about 10.000 elements per CPU in its internal
>> queues. To get accurate conntrack counts (at the expense of slightly
>> more RAM used), we might consider conntrack counter not taking into
>> account "about to be freed elements, waiting in RCU queues". We thus
>> decrement it in nf_conntrack_free(), not in the RCU callback.
>
> Your patch fixes the problem on my board too (embedded mips router
> 250Mhz), thanks.
>
> Yet I'm concerned about what you said concerning RAM usage. I have a
> very small amount on memory left on my board (less than 4M), and I tuned
> ip route cache size and nf_conntrack_max to make sure I won't go OOM.
>
> With your patch, does it mean 10000 conntrack entries can be allocated
> while nf_conntrack_max is say only 2048 ?
Well... yes, RCU can have this 'interesting' OOM property.
For small machines, you really want to lower RCU parameters, because
as you said, we also push route cache entries in RCU queue, my patch
being applied or not (But using call_rcu_bh(), so we have lower latencies
I think)
We are working on a SLAB_DESTROY_BY_RCU implementation so that
conntrack wont use call_rcu() anymore, give us a couple of days :)
Paul, could we have /sys knobs to be able to tune qhimark, blimit & qlowmark ?
Thanks
next prev parent reply other threads:[~2009-03-24 15:27 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-03-23 10:42 ucc_geth: nf_conntrack: table full, dropping packet Joakim Tjernlund
2009-03-23 12:15 ` Patrick McHardy
2009-03-23 12:25 ` Joakim Tjernlund
2009-03-23 12:29 ` Patrick McHardy
2009-03-23 12:59 ` Joakim Tjernlund
[not found] ` <OF387EC803.F810F72A-ONC1257582.00468C6E-C1257582.00475783@LocalDomain>
2009-03-23 13:09 ` Joakim Tjernlund
2009-03-23 17:42 ` Joakim Tjernlund
2009-03-23 17:49 ` Patrick McHardy
2009-03-24 8:22 ` Joakim Tjernlund
2009-03-24 9:12 ` Eric Dumazet
2009-03-24 10:55 ` Joakim Tjernlund
2009-03-24 12:07 ` [PATCH] conntrack: Reduce conntrack count in nf_conntrack_free() Eric Dumazet
2009-03-24 12:25 ` Eric Dumazet
2009-03-24 12:43 ` Patrick McHardy
2009-03-24 13:32 ` Eric Dumazet
2009-03-24 13:38 ` Patrick McHardy
2009-03-24 13:47 ` Eric Dumazet
[not found] ` <49C8F871.9070600@cosmosbay.com>
[not found] ` <49C8F8E0.9050502@trash.net>
2009-03-25 3:53 ` Eric Dumazet
2009-03-25 13:39 ` Patrick McHardy
2009-03-25 13:44 ` Eric Dumazet
2009-03-24 13:20 ` Joakim Tjernlund
2009-03-24 13:28 ` Patrick McHardy
2009-03-24 13:29 ` Eric Dumazet
2009-03-24 13:41 ` Joakim Tjernlund
2009-03-24 15:17 ` Maxime Bizon
2009-03-24 15:21 ` Patrick McHardy
2009-03-24 15:27 ` Eric Dumazet [this message]
2009-03-24 19:54 ` [PATCH] netfilter: Use hlist_add_head_rcu() in nf_conntrack_set_hashsize() Eric Dumazet
2009-03-25 16:26 ` Patrick McHardy
2009-03-25 17:53 ` [PATCH] conntrack: use SLAB_DESTROY_BY_RCU for nf_conn structs Eric Dumazet
2009-03-25 18:05 ` Patrick McHardy
2009-03-25 18:06 ` Patrick McHardy
2009-03-25 18:15 ` Eric Dumazet
2009-03-25 18:24 ` Patrick McHardy
2009-03-25 18:53 ` Eric Dumazet
2009-03-25 19:00 ` Patrick McHardy
2009-03-25 19:17 ` Eric Dumazet
2009-03-25 19:41 ` Patrick McHardy
2009-03-25 19:58 ` Eric Dumazet
2009-03-25 20:10 ` Patrick McHardy
2009-03-24 18:29 ` [PATCH] conntrack: Reduce conntrack count in nf_conntrack_free() Joakim Tjernlund
2009-03-23 17:49 ` ucc_geth: nf_conntrack: table full, dropping packet Eric Dumazet
2009-03-23 18:04 ` Joakim Tjernlund
2009-03-23 18:08 ` Eric Dumazet
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=49C8FBCA.40402@cosmosbay.com \
--to=dada1@cosmosbay.com \
--cc=Joakim.Tjernlund@transmode.se \
--cc=avorontsov@ru.mvista.com \
--cc=kaber@trash.net \
--cc=mbizon@freebox.fr \
--cc=netdev@vger.kernel.org \
--cc=paulmck@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).