From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Arturo Borrero Gonzalez <arturo@debian.org>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: [conntrack-tools PATCH 4/4] conntrackd: deprecate unix backlog configuration
Date: Tue, 6 Jun 2017 13:21:09 +0200 [thread overview]
Message-ID: <20170606112109.GA1974@salvia> (raw)
In-Reply-To: <20170606111153.GB1839@salvia>
On Tue, Jun 06, 2017 at 01:11:53PM +0200, Pablo Neira Ayuso wrote:
> On Tue, Jun 06, 2017 at 12:58:44PM +0200, Arturo Borrero Gonzalez wrote:
> > This configuration option doesn't add any value to users.
> > Use the magic value of 100 (i.e, the socket will keep 100 pending connections),
> > which I think is fair enough for what conntrackd can do in the unix socket.
>
> I don't think conntrackd will ever get more than 100 connection that
> are pending to be accepted.
And this only refers to unix socket indeed, really we can deprecate
this.
Back to what I said for Nice/Scheduler, I'm not so sure about removing
them. Actually I remember this was useful when I was testing long
time ago.
Basically what I observed is that RT scheduler + process pinning to
spare CPU makes Netlink reliable (no event message loss). And that is
good to have in place under high load, otherwise nodes get out of
sync.
next prev parent reply other threads:[~2017-06-06 11:21 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-06-06 10:58 [conntrack-tools PATCH 1/4] conntrackd: evaluate configuration earlier Arturo Borrero Gonzalez
2017-06-06 10:58 ` [conntrack-tools PATCH 2/4] conntrackd: make the daemon run in RT mode by default Arturo Borrero Gonzalez
2017-06-06 11:10 ` Pablo Neira Ayuso
2017-06-07 20:53 ` Arturo Borrero Gonzalez
2017-06-12 8:15 ` Pablo Neira Ayuso
2017-06-06 10:58 ` [conntrack-tools PATCH 3/4] conntrackd: cleanup if failed forking Arturo Borrero Gonzalez
2017-06-06 16:11 ` Pablo Neira Ayuso
2017-06-06 10:58 ` [conntrack-tools PATCH 4/4] conntrackd: deprecate unix backlog configuration Arturo Borrero Gonzalez
2017-06-06 11:11 ` Pablo Neira Ayuso
2017-06-06 11:21 ` Pablo Neira Ayuso [this message]
2017-06-06 16:13 ` Pablo Neira Ayuso
2017-06-06 16:11 ` [conntrack-tools PATCH 1/4] conntrackd: evaluate configuration earlier Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170606112109.GA1974@salvia \
--to=pablo@netfilter.org \
--cc=arturo@debian.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).