From: Jesper Dangaard Brouer <hawk@diku.dk>
To: Rusty Russell <rusty@rustcorp.com.au>
Cc: Harald Welte <laforge@netfilter.org>,
netdev@oss.sgi.com, netfilter-devel@lists.netfilter.org,
Jesper Dangaard Brouer <hawk@diku.dk>
Subject: Re: ip_conntrack: Make "hashsize" conntrack parameter writable
Date: Wed, 23 Nov 2005 15:08:28 +0100 (CET) [thread overview]
Message-ID: <Pine.LNX.4.61.0511231456360.32233@ask.diku.dk> (raw)
In-Reply-To: <1132707085.7720.2.camel@localhost.localdomain>
On Wed, 23 Nov 2005, Rusty Russell wrote:
> On Tue, 2005-11-22 at 15:49 +0100, Jesper Dangaard Brouer wrote:
>> Hi Rusty (and Harald)
>>
>> We met at the Netfilter Workshop 2005, where I complained that the
>> conntrack hashsize were statically set at module load time.
>>
>> Thank you making a kernel patch, which changes this...
>> BUT I cannot make it work! :-(
>>
>> http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=eed75f191d8318a2b144da8aae9774e1cfcae492
>>
>> Am I missing some part of the patch?
>>
>> I cannot find the link to the /proc file system. Should there not be
>> any changes to ip_conntrack_standalone.c ??
>
> /sys/module/ip_conntrack/parameters/hashsize
>
> Cheers!
> Rusty.
Aha I see, the sysfs filesystem.
I was confused, because the hashsize is already exported as
/proc/sys/net/ipv4/netfilter/ip_conntrack_buckets.
It is a bit confusing, that the Netfilter team are changing away from the
/proc filesystem, but I don't care, it seems that the sysfs filesystem is
a more powerful choice.
The permissions on "/sys/module/ip_conntrack/parameters/hashsize" is set
to 600, where the /proc/../ip_conntrack_buckets is readable to all (444).
I think we should change the /sys/../hashsize parameter to 644, as it does
not make sense as it is readable through /proc.
Hilsen
Jesper Dangaard Brouer
ps. Cc'ing -> lets keep google updated ;-)
--
-------------------------------------------------------------------
Cand. scient datalog
Dept. of Computer Science, University of Copenhagen
-------------------------------------------------------------------
parent reply other threads:[~2005-11-23 14:08 UTC|newest]
Thread overview: expand[flat|nested] mbox.gz Atom feed
[parent not found: <1132707085.7720.2.camel@localhost.localdomain>]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Pine.LNX.4.61.0511231456360.32233@ask.diku.dk \
--to=hawk@diku.dk \
--cc=laforge@netfilter.org \
--cc=netdev@oss.sgi.com \
--cc=netfilter-devel@lists.netfilter.org \
--cc=rusty@rustcorp.com.au \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox