aboutsummaryrefslogtreecommitdiffstats
path: root/package/kernel
diff options
context:
space:
mode:
authorVincent Pelletier <plr.vincent@gmail.com>2022-02-19 02:06:23 +0000
committerRui Salvaterra <rsalvaterra@gmail.com>2022-08-11 21:54:09 +0100
commit0855549b4bdfb7ff0aacfcfe888919c4060ed102 (patch)
treeddd7a97ad1b79970a826d7f573b15476c7c0f07b /package/kernel
parent0179ba7851631416c6f095a9bdd22377d68a0455 (diff)
downloadupstream-0855549b4bdfb7ff0aacfcfe888919c4060ed102.tar.gz
upstream-0855549b4bdfb7ff0aacfcfe888919c4060ed102.tar.bz2
upstream-0855549b4bdfb7ff0aacfcfe888919c4060ed102.zip
kernel: scale nf_conntrack_max more reasonably
Use the kernel's built-in formula for computing this value. The value applied by OpenWRT's sysctl configuration file does not scale with the available memory, under-using hardware capabilities. Also, that formula also influences net.netfilter.nf_conntrack_buckets, which should improve conntrack performance in average (fewer connections per hashtable bucket). Backport upstream commit for its effect on the number of connections per hashtable bucket. Apply a hack patch to set the RAM size divisor to a more reasonable value (2048, down from 16384) for our use case, a typical router handling several thousands of connections. Signed-off-by: Vincent Pelletier <plr.vincent@gmail.com> Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com> (cherry picked from commit 15fbb916669dcdfcc706e9e75263ab63f9f27c00)
Diffstat (limited to 'package/kernel')
-rw-r--r--package/kernel/linux/files/sysctl-nf-conntrack.conf1
1 files changed, 0 insertions, 1 deletions
diff --git a/package/kernel/linux/files/sysctl-nf-conntrack.conf b/package/kernel/linux/files/sysctl-nf-conntrack.conf
index 37baf5fd6f..c6a0ef362b 100644
--- a/package/kernel/linux/files/sysctl-nf-conntrack.conf
+++ b/package/kernel/linux/files/sysctl-nf-conntrack.conf
@@ -3,7 +3,6 @@
net.netfilter.nf_conntrack_acct=1
net.netfilter.nf_conntrack_checksum=0
-net.netfilter.nf_conntrack_max=16384
net.netfilter.nf_conntrack_tcp_timeout_established=7440
net.netfilter.nf_conntrack_udp_timeout=60
net.netfilter.nf_conntrack_udp_timeout_stream=180