Re: Reading /proc/net/ip_conntrack still slow / causing packet loss?

Linux Netfilter discussions
 help / color / mirror / Atom feed

From: KOVACS Krisztian <hidden@sch.bme.hu>
To: netfilter@lists.netfilter.org
Cc: "Pasi Kärkkäinen" <pasik@iki.fi>
Subject: Re: Reading /proc/net/ip_conntrack still slow / causing packet loss?
Date: Tue, 14 Feb 2006 20:51:04 +0100	[thread overview]
Message-ID: <200602142051.05801@krak> (raw)
In-Reply-To: <20060214173923.GN16512@edu.joroinen.fi>

  Hi,

On Tuesday 14 February 2006 18:39, Pasi Kärkkäinen wrote:
> "<Gandalf> cap_: the most extreme experience I have is reading
> /proc/net/ip_conntrack on a fairly busy router... that really slows
> wthings down and packets get dropped because of the slowdown"
>
> "<Gandalf> and I had an identd daemon wich forwarding support that read
> /p/n/ip_conntrack for each incoming ident request... 200ms forwarding
> delays and lots of drops each time an ident request came in :)"
>
> Is that information still valid for the current 2.6 kernels? How about
> for 2.4 ?

  Yes, it's still valid (on both versions). However, on recent 2.6 kernels 
you can do all kinds of funny things through netlink. An example of what 
can be done through that interface is the 'conntrack' tool:

  http://netfilter.org/projects/conntrack/index.html

  For the API:

  http://netfilter.org/projects/libnetfilter_conntrack/index.html

  Please note that both of these is still work in progress, but they're 
definitely worth a try.

-- 
 KOVACS Krisztian

next prev parent reply	other threads:[~2006-02-14 19:51 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-02-14 17:39 Reading /proc/net/ip_conntrack still slow / causing packet loss? Pasi Kärkkäinen
2006-02-14 19:51 ` KOVACS Krisztian [this message]
2006-02-14 20:05   ` Pasi Kärkkäinen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=200602142051.05801@krak \
    --to=hidden@sch.bme.hu \
    --cc=netfilter@lists.netfilter.org \
    --cc=pasik@iki.fi \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox